Anonymous transactions and controlled nymity transactions.
--
In a strictly anonymous transactions one cannot prove that there
was any agreement to pay, or any payment, to anyone in particular.
For many purposes, what one wants is transactions with controlled
nymity, where Alice can prove she paid Bob such and such an
amount, in accordance with such and such an agreement, but does
not need to reveal every payment to the bank in order to prove
this for the on payment that goes wrong.
Strictly anonymous transactions work well for small payments that
are frequently repeated. Because the payments are small, tracking
identity is a burdensome overhead, and if the payer does not get
what he wants, he merely wanders off elsewhere.
Pornography, on the model of those machines where one keeps
inserting quarters to keep the video rolling, or interactive
pornography, where one makes ad hoc payments to the performers,
are good applications for strictly anonymous payments.
However there are many applications, some of them more respectable
and perhaps larger volume, where controlled nymity is appropriate.
One important such application is the gray market. Usually the
payer wishes to conceal his real identity from the recipient, and
also does not wish anyone to know that there has been a
transaction between payer and supplier.
Goods on the gray market are gray for a variety of reasons.
Sometimes, like straying wives or husbands, businesses are making
deals they do not wish major customers or suppliers to find out
about.
The gray market softly shades into the black market. There are
deals that are not exactly illegal, but which the parties would
prefer the government not to find out about. For example the
government often restrains businesses from cutting prices, or
forcefully encourages them to maintain prices at an artificially
high level. Undue price cuts might be penalized as dumping, as
unfair competition, and so on and so forth. For example exporters
are generally required to participate in export cartels, which
they tend to ignore. A german company selling goods in the US too
cheaply is likely to be punished by German authorities for
unfairly competing with other german firms, and by US authorities
as "dumping". A US firm selling goods too cheaply in the US might
be harassed by the justice department for "predation".
To perform a transaction with controlled nymity, as is required to
support gray market transactions, I propose the following
mechanism.
Buyer and seller make a deal, perhaps on a website like EBay where
they are identified by handles. They agree to a delivery contact.
The payee registers the transaction with the money issuer, the
registration consisting of a hash code of the contract the amount
to be paid, and a transient public key. The payer deposits
Chaumian coins to the required amount to the transaction record,
creating a public record that the contract has been paid, though
by whom and to whom does not become known unless the contract
corresponding to the hash code is made public, and not necessarily
even then, since the parties to the contract are identified by
handles, with reputations associated with the handles, as at Ebay.
The payee then withdraws the coins, encrypted using the public key
associated with the contract, a process that creates no traceable
connection between the handle and supplier and beneficiary.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
iuj6pa04sjBj2fp2icqR6W+6S28KntHqmFQRF5C3
47uanT19FGKI5xy+444UTEU6MHx2MA1RyK62LpuyT
[OT] why was private gold ownership made illegal in the US?
--
On 3 Jul 2002 at 2:36, Anonymous wrote:
> At the time, the U.S. faced a significant chance of a
> Communist/Socialist revolution such as had been seen in several
> other countries. Class warfare was widespread,
The high point of support for socialism among the masses in the US
was the 1870s, give or take a couple of decades.
By 1900 socialists around the world had given up all hope of
genuinely revolutionary seizure of power, and were pursuing
conspiratorial paths.
The 1930s was the high point of support for socialism among the
intellectuals, the privileged, and the elite. Their efforts to
foist their preferences on the American masses met with resounding
hostility and reluctance. Not only was there no danger of a
socialist revolution, in the US or anywhere else, but in the US
the leadership's attempts to force socialism down peoples throats
met stubborn resistance.
There was more mass support for socialism in other countries, but
no socialist revolutions in those countries, nor any danger of
such revolt. There were socialist coups, and conspiratorial
seizures of power by socialists in other countries.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
3x+jv+MnH33X3HSDdYMeLIgT55+H4ekUhpOMDJDS
2vKGDwf7SNzlVqX8Hi5qcbp51h1c6SSx0sz6gRDeI
Re: Hollywood Hackers
-- On 29 Jul 2002 at 14:25, Duncan Frissell wrote: > Congressman Wants to Let Entertainment Industry Get Into Your > Computer > > Rep. Howard L. Berman, D-Calif., formally proposed > legislation that would give the industry unprecedented new > authority to secretly hack into consumers' computers or > knock them off-line entirely if they are caught > downloading copyrighted material. > > I've been reading things like this for a while but I wonder how > practical such an attack would be. They won't be able to hack > into computers with reasonable firewalls and while they might > try DOS attacks, upstream connectivity suppliers might object. > Under current P2P software they may be able to do a little > hacking but the opposition will rewrite the software to block. > DOS attacks and phony file uploads can be defeated with digital > signatures and reputation systems (including third party > certification). Another problem -- Napster had 55 million > customers. That's a lot of people to attack. I don't think > Hollywood has the troops. The plan, already implemented, is to flood file sharing systems with bogus files or broken files. The solution, not yet implemented, is to attach digital signatures to files, and have the file sharing software recognize certain signatures as good or bad. This involves scaling problems that have not yet been thought through or implemented. As files get copied around, they would accrete ever more digitally signed blessings. The signatures should be arbitrary nyms, as in Kong, not true names. The files could also accrete digitally signed discommendations, though such files would probably propagate considerably less. When we approve a file, all the people who approved it already get added to our trust list, thus helping us select files, and we are told that so and so got added to our list of people who recommend good files. This gives people an incentive to rate files, since rating files gives them the ability to take advantage of other people's ratings. If onr discommendd a file, those who discommend it are added to our trust list, and those who commended it to our distrust list. If, as will frequently happen, there is a conflict, we are told that so and so commended so many files we like, and so many files we dislike, so how should future commendations and discommendations from him be handled. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG /q4tip27WhKCNEPO0JVoN0d2y8NqKSNyWSZ2yo8T 2mpKzWKpHGt5yFiUzlZZD//qHoWgv8n1ZFJzoJ2l9
Re: Challenge to David Wagner on TCPA
--
On 29 Jul 2002 at 15:35, AARG! Anonymous wrote:
> both Palladium and TCPA deny that they are designed to restrict
> what applications you run. The TPM FAQ at
> http://www.trustedcomputing.org/docs/TPM_QA_071802.pdf reads
>
They deny that intent, but physically they have that capability.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
ElmZA5NX6jAmhPu1EDT8Zl7D+IeQTSI/z1oo4lSn
2qoSIC6KSr2LFLWyxZEETG/27dEy3yOWEnRtXzHy9
Re: Hollywood Hackers
--
On 31 Jul 2002 at 11:01, Eugen Leitl wrote:
> The issue of node reputation is completely orthogonal to the
> document hashes not colliding. Reputation based systems are
> useful, because document URI
> http://localhost:4711/f70539bb32961f3d7dba42a9c51442c1218a9100
> doesn't say what's in there. A claim needs to be backed by
> someone (preferably anonymous) with a good reputation trail.
Indeed, but the only working nym based reputation system is that
hosted by Ebay. Web of trust is not really used much, and
Verisign sucks.
My proposal was to implement a nym based reputation system for
approving content, rather than to assume such a system already
exists.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
n2qkcxSdV2kJT9y6SyQ2iP7hz+Loj0n1HsBec+jV
2F6qbHlOzuO9Od/r5ZvGa0vDhRSmH/+EjFcQI8Wtc
Re: Challenge to David Wagner on TCPA
-- 29 Jul 2002 at 15:35, AARG! Anonymous wrote: > > > both Palladium and TCPA deny that they are designed to > > > restrict what applications you run. James A. Donald: > > They deny that intent, but physically they have that > > capability. On 31 Jul 2002 at 16:10, Nicko van Someren wrote: > And all kitchen knives are murder weapons. No problem if I also have a kitchen knife. TCPA and Palladium give someone else super root privileges on my machine, and TAKE THOSE PRIVILEGES AWAY FROM ME. All claims that they will not do this are not claims that they will not do this, but are merely claims that the possessor of super root privilege on my machine is going to be a very very nice guy, unlike my wickedly piratical and incompetently trojan horse running self. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG XQHdtzqDInBFsDcorfDvqJYRHTRhEBsM9eMJIH+w 2+o4WjsTSV8RDUO7k3c71T9v9JQKwZGZC54BqW6DQ
Re: Hollywood Hackers
-- James A. Donald: > > The plan, already implemented, is to flood file sharing > > systems with bogus files or broken files. The solution, not > > yet implemented, is to attach digital signatures to files, and > > have the file sharing software recognize certain signatures as > > good or bad. Eugen Leitl > This is completely unnecessary if you address the document with > a cryptohash. An URI like > http://localhost:4711/f70539bb32961f3d7dba42a9c51442c1218a9100 > can only adress a particular document. And then the hollywood hackers flood the system with bogus descriptions of the content identified by the crypto hashes. We still need to implement a reputation system against a hollywood hacker attack, even if we address content by cryptohash, as indeed we should. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG MZ8I0lLVaSkDBqA1K8OWTh4DR9ESyzcVVpf1x4pT 259CijIJardotArHx0YBUaCUfOceX+5jOYxtQ+fXi
Re: Challenge to David Wagner on TCPA
-- On 31 Jul 2002 at 23:45, AARG! Anonymous wrote: > So TCPA and Palladium "could" restrict which software you could > run. They aren't designed to do so, but the design could be > changed and restrictions added. Their design, and the institutions and software to be designed around them, is disturbingly similar to what would be needed to restrict what software we could run. TCPA institutions and infrastructure are much the same as SSSCA institutions and infrastructure. According to Microsoft, the end user can turn the palladium hardware off, and the computer will still boot. As long as that is true, it is an end user option and no one can object. But this is not what the content providers want. They want that if you disable the Fritz chip, the computer does not boot. What they want is that it shall be illegal to sell a computer capable of booting if the Fritz chip is disabled. If I have to give superroot powers to Joe in order to run Joe's software or play Joe's content, fair enough. But the hardware and institutions to implement this are disturbingly similar to the hardware and institutions needed to implement the rule that I have to give superroot powers to Joe in order to play Peter's software or content.. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG FQhKMpDHys7gyFWenHCK9p7+Xfh1DwpaqGKcztxk 20jFdJDiigV/b1fmHBudici59omqc/Ze0zXBVvQLk
Re: Challenge to David Wagner on TCPA
-- On 2 Aug 2002 at 0:36, David Wagner wrote: > For instance, suppose that, thanks to TCPA/Palladium, Microsoft > could design Office 2005 so that it is impossible for StarOffice > and other clones to read files created in Office 2005. Would > some users object? In an anarchic society, or under a government that did not define and defend IP, TCPA/Palladium would probably give roughly the right amount of protection to intellectual property by technical means in place of legal means. Chances are that the thinking behind Palladium is not "Let us sell out to the Hollywood lobby" but rather "Let us make those !@#$$%^& commie chinese pay for their *&^%$##@ software". Of course, in a society with both legal and technical protection of IP, the likely outcome is oppressive artificial monopolies sustained both by technology and state power. I would certainly much prefer TCPA/Palladium in place of existing IP law. What I fear is that instead legislation and technology will each reinforce the other. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG R66NXPp5xZNDYn98jcVqH5q22ikRRFR3evv5xfwF 2PNka92tYm9+/iBKaR+IcOoDA8BwXZlwcPD18Ogw8
RE: Challenge to David Wagner on TCPA
--
On 2 Aug 2002 at 3:31, Sampo Syreeni wrote:
> More generally, as long as we have computers which allow data to
> be addressed as code and vice versa, the ability to control use
> of data will necessarily entail ability to control use of code.
> So, either we will get systems where circumventing copyright
> controls is trivial or ones where you cannot compile your own
> code. All the rest is just meaningless syntax.
The announced purpose of TCPA/Palladium is to introduce some
intermediate cases. For example you could compile your own code,
and then encrypt it so that it can only run on a specific target
computer.
As somone who sells code, I would think this would be a great
idea, were it not for the excesses we have been seeing from the IP
lobbyists.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
iB5WVaGfx+zq5Dani1KQGdZIU5Kl21LDrc7w4e1m
2PoKhj2EuUKqjKlZ/RN3VXdP0TFKxmpO/rR69KupZ
TCPA
-- In an anarchist society, or in a world where government had given up on copyright and intellectual property, TCPA/Palladium would be a great thing, a really good substitute for law, much more effectual, much cheaper, and much less dangerous than law. In a world where we have anticircumvention laws and ever growing patent and copyright silliness, it seems a dangerously powerful addition to law. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 6FaJusAR8fMsVvaFm9l3vbuyiQwio/YrBFLpyT6c 2Db/Fk0MeNi3mjdoDTo2IGzHeelYts0/xqiEjUFmA
RE: Challenge to David Wagner on TCPA
--
On 2 Aug 2002 at 10:43, Trei, Peter wrote:
> Since the position argued involves nothing which would invoke
> the malign interest of government powers or corporate legal
> departments, it's not that. I can only think of two reasons why
> our corrospondent may have decided to go undercover...
I can think of two innocuous reasons, though the real reason is
probably something else altogether:
1. Defending copyright enforcement is extremely unpopular because
it seemingly puts you on the side of the hollywood cabal, but in
fact TCPA/Paladium, if it works as described, and if it is not
integrated with legal enforcement, does not over reach in the
fashion that most recent intellectual property legislation, and
most recent policy decisions by the patent office over reach.
2.. Legal departments are full of people who are, among their
many other grievious faults, technologically illiterate.
Therefore when an insider is talking about something, they cannot
tell when he is leaking inside information or not, and tend to
have kittens, because they have to trust him (being unable to tell
if he is leaking information covered by NDA), and are
constitutionally incapable of trusting anyone.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
Alf9R2ZVGqWkLhwWX2H6TBqHOunrj2Fbxy+U0ORV
2uPGI4gMDt1fTQkV1820PO3xWmAWPiaS0DqrbmobN
RE: Challenge to David Wagner on TCPA
-- On 2 Aug 2002 at 14:36, Trei, Peter wrote: > OK, It's 2004, I'm an IT Admin, > and I've converted my corporation over to TCPA/Palladium machines. My > Head of Marketing has his TCPA/Palladium desktop's hard drive > jam-packed with corporate confidential documents he's been actively > working on - sales projections, product plans, pricing schemes. > They're all sealed files. > > His machine crashes - the MB burns out. > He wants to recover the data. > > HoM: I want to recover my data. > Me: OK: We'll pull the HD, and get the data off it. > HoM: Good - mount it as a secondary HD in my new system. > Me: That isn't going to work now we have TCPA and Palladium. > HoM: Well, what do you have to do? > Me: Oh, it's simple. We encrypt the data under Intel's TPME key, > and send it off to Intel. Since Intel has all the keys, they can > unseal all your data to plaintext, copy it, and then re-seal it for > your new system. It only costs $1/Mb. > HoM: Let me get this straight - the only way to recover this data is > to let > Intel have a copy, AND pay them for it? > Me: Um... Yes. I think MS might be involved as well, if your were > using > Word. > HoM: You are *so* dead. Obviously it is insane to use keys that you do not yourself control to keep secrets. That, however, is not the purpose of TCPA/Palladium as envisaged by Microsoft. The intent is that Peter can sell Paul software or content that will only run on ONE computer for ONE time period.. When the motherboard emits blue smoke, or the time runs out, whichever happens first, Paul has to buy new software. If prices are lowered accordingly, this might be acceptable. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 4Mqj1ia6DD0EYpdLMEd7al35eTYefnvhcFesBlMz 25n9obdfhvRVxEkY4YtWw7BuFxrOKgTtfI1Dp8uAA
Re: Other uses of TCPA
--
On Sat, 3 Aug 2002, Nomen Nescio wrote:
> As an exercise, try thinking of ways you could use TCPA to
> promote "good guy" applications. What could you do in a P2P
> network if you could trust that all participants were running
> approved software? And if you
I can only see one application for voluntary TCPA, and that is the
application it was designed to perform: Make it possible run
software or content which is encrypted so that it will only run on
one computer for one time period.
All the other proposed uses, both good and evil, seem improbably
cumbersome, or easier to do in some other fashion. There are
quite a few extremely evil uses it would be good for, but they
would only be feasible if enforced by legislation -- otherwise
people would turn the chip off, or tear it out.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
Hzs0OpVc+bwQiFEZnMNE2zMLAXiYjMNrOWpH9WIb
2vvlvOjPeQH/ua0E9NnfeVaLvRGnxGuIvKZGcMZdN
Re: Other uses of TCPA
-- James Donald writes: > > I can only see one application for voluntary TCPA, and that is > > the application it was designed to perform: Make it possible > > run software or content which is encrypted so that it will > > only run on one computer for one time period. On 3 Aug 2002 at 20:10, Nomen Nescio wrote: > You've said this a few times, and while it is a plausible goal > of the designers, I don't actually see this specific capability > in the TCPA spec, nor is it mentioned in the Palladium white > paper. Think about it. > For TCPA, you'd have to have the software as a blob which is > encrypted to some key that is locked in the TPM. But the > problem is that the endorsement key is never leaked except to > the Privacy CA (Lots of similarly untintellible stuff deleted) You have lost me, I have no idea why you think what you are talking about might be relevant to my assertion. The TPM has its own secret key, it makes the corresponding public key widely available to everyone, and its own internal good known time. So when your customer's payment goes through, you then send him a copy of your stuff encrypted to his TPM, a copy which only his TPM can make use of. Your code, which the TPM decrypts and executes, looks at the known good time, and if the user is out of time, refuses to play. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 8QGEo4ptd7TD5d7duyz9XkOw+th0YEG9sllM8ix 2P2uZVncMpARxQd6P5V9cXLh97ZLpgi0tHH7LyVfB
Re: On alliances and enemies.
--
On 8 Aug 2002 at 13:09, cubic-dog wrote:
> For the purpose of this argument, lets accept as fact this
> Hollywood/gubbmint alliance. So, why wouldn't Bill & Co want to
> play?
A big bureaucracy has a lot of inertia. It wants to do what it
always has been doing, it gets set in its ways. If the internet
and consumer computers are mandated to be like TV, the TV people
will wind up in charge, and Microsoft will not wind up in charge.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
OrPfArPJfauYoxApR4gFvBiF/ejwrZGskzoVEQJt
2QHCPliH2SKXP0eaVWlIy65Nye07RsyZOo8xbrIAA
Re: Challenge to TCPA/Palladium detractors
--
On Wed, 7 Aug 2002, Matt Crawford wrote:
> > Unless the application author can predict the exact output of
> > the compilers, he can't issue a signature on the object code.
> > The
On 9 Aug 2002 at 10:48, Eugen Leitl wrote:
> Same version of compiler on same source using same build
> produces identical binaries.
This has not been my experience.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
vP+cB8hTnaqPfAtiGlYdo9QuJCpq884ER6Mo+F9m
2SkruXvZexqOoTAk6QuWuruF5x4fT0Rq4v/YSxLAt
Re: TCPA/Palladium -- likely future implications
--
On 9 Aug 2002 at 17:15, AARG! Anonymous wrote:
> to understand it you need a true picture of TCPA rather than the
> false one which so many cypherpunks have been promoting.
As TCPA is currently vaporware, projections of what it will be,
and how it will be used are judgments, and are not capable of
being true or false, though they can be plausible or implausible.
Even with the best will in the world, and I do not think the
people behind this have the best will in the world, there is an
inherent conflict between tamper resistance and general purpose
programmability. To prevent me from getting at the bits as they
are sent to my sound card or my video card, the entire computer,
not just the dongle, has to be somewhat tamper resistant, which is
going to make the entire computer somewhat less general purpose
and programmable, thus less useful.
The people behind TCPA might want to do something more evil than
you say they want to do, if they want to do what you say they want
to do they might be prevented by law enforcement which wants
something considerably more far reaching and evil, and if they
want to do it, and law enforcement refrains from reaching out and
taking hold of their work, they still may be unable to do it for
technical reasons.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
D7ZUyyAS+7CybaH0GT3tHg1AkzcF/LVYQwXbtqgP
2HBjGwLqIOW1MEoFDnzCH6heRfW1MNGv1jXMIvtwb
Re: Thanks, Lucky, for helping to kill gnutella (fwd)
--
On 10 Aug 2002 at 16:25, R. A. Hettinga wrote:
> [Ob Cypherpunks: Seriously, folks. How clueful can someone be
> who clearly doesn't know how to use more than one remailer hop,
> as proven by the fact that he's always coming out of the *same*
> remailer all the time?
The fact that he uses a constant exit remailer does not show that
he is using a single hop.
I always come out of the same remailer at the end, even though I
always use about three randomly selected remailers between myself
and the constant exit remailer. I always select the same end
remailer to avoid confusing the audience, and I selected a less
used exit remailer for the same reason.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
c3w9s36+CG9NnfBCbV9lBPm1GKPtff16r/hBMRj2
2ZIqRKb9UCTCvlWhGVeGUb1eknPEG0ynX12OrTTXM
Re: [CI] Re: Turing thesis(Incompleteness theorom)
-- On 11 Aug 2002 at 10:36, Jim Choate wrote: > All Godel really says is that math, physics, etc. must be taken > on -faith- with regard to 'consistency'. In other words, > 'science' is just another 'religion'. Choate's universe is a very strange place. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG g1mLlIzuFgLbXoOJFMHUW25JFxvX68MxJVBaw2T9 2CyHwAWleXXEw7dAtv/o5PkeHz4+rp/NEMJFQPNfd
Re: TCPA and Open Source
--
On 13 Aug 2002 at 0:05, AARG! Anonymous wrote:
> The point is that while this is a form of signed code, it's not
> something which gives the TPM control over what OS can boot.
> Instead, the VCs are used to report to third party challengers
> (on remote systems) what the system configuration of this system
> is "supposed" to be, along with what it actually is.
It does however, enable the state to control what OS one can boot
if one wishes to access the internet.
It does not seem to me that the TPM is likely to give hollywood
what it wants, unless it is backed by such state enforcement.
Furthermore, since the TPM gets first whack at boot up, a simple
code download to the TPM could change the meaning of the
signature, so that the machine will not boot unless running a
state authorized operating system.
It could well happen that TPM machines become required to go on
the internet, and then later only certain operating systems are
permitted on the internet, and then later the required operating
system upgrades the TPM software so that only authorized operating
systems boot at all.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
H/t91jm8hq5pLR2AdFYi2lRoV9AKYBZ7WqqJmKFe
2/IFQaW0fl6ec+TL3iMKMxD6Y0ulGDK7RwqTVJlBQ
Re: Seth on TCPA at Defcon/Usenix
-- On 12 Aug 2002 at 20:38, Mike Rosing wrote: > I'm actually really confused about the whole DRM business > anyway. It seems to me that any data available to human > perceptions can be duplicated. Period. The idea of DRM (as I > understand it) is that you can hand out data to people you don't > trust, and they can't copy it. To me, DRM seems fundamentally > impossible. To me DRM seems possible to the extent that computers themselves are rendered tamper resistant -- that is to say rendered set top boxes not computers, to the extent that unauthorized personnel are prohibited from accessing general purpose computers. To me, TCPA only makes sense as a step towards some of the more monstrous outcomes that have been suggested by myself and others on this list. It does not make sense as a final destination, but only as a first step on a path. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG xnGldvXqRQB8PKwYfVNs7FqNlzHkJtffm/JPsWY9 2NZkA77opkyGpXY+3+uMUIXDusHs6+ZgOeCu7YXgJ
Re: trade-offs of secure programming with Palladium (Re: Palladium: technical limits and implications)
--
On 12 Aug 2002 at 16:32, Tim Dierks wrote:
> I'm sure that the whole system is secure in theory, but I
> believe that it cannot be securely implemented in practice and
> that the implied constraints on use & usability will be
> unpalatable to consumers and vendors.
Or to say the same thing more pithily, if it really is going to be
voluntary, it really is not going to give hollywood what they
want. If really gives hollywood what they want, it is really
going to have to be forced down people's throats.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
q/bTmZrGsVk2BT9JgumhMqvjDmyIbiElvtidl9aP
2/0CXfo6fzHCxpa+SX8o8Jzvyb71S0KzgBs0gDRhN
Re: Spam blocklists?
-- On 14 Aug 2002 at 4:36, Peter Fairbrother wrote: > For instance, limiting the number of recipients of an email > (the cryptogeek system I'm working on [m-o-o-t] just allows > one), or limiting the number of emails one IP can send per > day (adjusted for number of users). > > There was an EU proposal to force spammers (who are not > always unwanted) to put [ADV] in the Subject: line, with > appropriate penalties if they failed to, but it didn't happen > (and we got long-term traffic data retention instead). > > I don't know offhand how to do it, but having unelected and > unaccountable people (making the conditions for) stopping my > email is unacceptable. Solution is obvious and has been known for a long time Integrate payment with email. If anyone not on your approved list wants to send you mail, they have to pay you x, where x is a trivial sum, say a cent or two. Spammers wind up sending huge amounts of mail to unmonitored mailboxes, which will make spamming unprofitable. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG DIY+MmmrLQhijrJvvUennc4PKuW3ydzF1s8Phfvc 2thHL52WvLYLBuy1gMvfbs8U1toNuUIIWvvhnySCw
Re: TCPA not virtualizable during ownership change
-- On 15 Aug 2002 at 15:26, AARG! Anonymous wrote: > Basically I agree with Adam's analysis. At this point I > think he understands the spec equally as well as I do. He > has a good point about the Privacy CA key being another > security weakness that could break the whole system. It > would be good to consider how exactly that problem could be > eliminated using more sophisticated crypto. Lucky claims to have pointed this out two years ago, proposed more sophisticated crypto, and received a hostile reception. Which leads me to suspect that the capability of the powerful to break the system is a designed in feature. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG JjoH8U8qZ1eOdT/yGjfV7Xz9andBZPeYWaOLC+NP 2/OJG2MZSnAqcyuvUsNZTsQAcffGGST6LJ7e9vFbK
Re: onsite service on Sealand
--
On 27 Aug 2002 at 13:36, Ryan Lackey wrote:
> If a customer hypothetically calls and wants a complete
> security analysis done on a server, and doesn't follow the
> "replace the drives in the working system with new ones, do a
> restore from snapshot or reinstall, and do anaysis later"
> option, we're not responsible for any delays.
A little while ago, it seemed that cypherpunks was dead. There
was nothing on it except for spam from Nigeria, commies, and
lunatics.
Now I am reading email from various people who appear to be
making their living using cryptography in ways that undermine
the state, and who deal with the various practical real world
problems involved in such a living.
I find these troubles very encouraging. The fact that people
encounter such predictable troubles shows they are really doing
what they talk about, and when they encounter these problems,
they seem to proceed with competent and effectual solutions.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
HcJC+F+nHfocXB5cx8e5xihyUc8zIRgYkHIA9rSH
2z7Vmfw8yreIdTJ88bYCphFaZUo4LPvcMHFy7EKYb
Re: S/MIME in Outlook -- fucked.
-- On 3 Sep 2002 at 11:16, Meyer Wolfsheim wrote: > I encourage everyone to send Bill Gates an email from > himself. =) > > = > = Vendor Notification Status > > Microsoft knows about this, of course, but "isn't even sure > whether to call this a 'vulnerability'." Right. While the immediate bug is in Microsoft IE and Outlook, this exploit is also a reflection of the contorted mess that is the certificate structure and the public key infrastructure, and of the fact that Verisign is not doing its job. (This exploit only works if one starts with a legitimate verisign certificate for a web site, it does not work if one starts with a legitimate Thawte certificate.) Microsoft unambiguously screwed up, but the infrastructure made it easy to screw up, and difficult and expensive to get things right. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 2S6sg825yJSZ69s23KyOvpaHYYQYbgoRuPl2j1JZ 24hZwF+YmQMFl2hK8LOkiesmNrg+xJ0ZdA1qPUzQU
Re: Prosecutors' Contention That Hotmail E-mail Is "Extremely Difficult To Trace"
--
On 5 Sep 2002 at 16:48, Steve Schear wrote:
> 3. After September 11, 2001, the FBI learned that Moussaoui
> had used a computer at Kinko s, in Eagan, Minnesota, to
> connect to the internet. When the FBI learned that Moussaoui
> had used a computer at Kinko s, the FBI investigated that
> Kinko s store and was informed that the Kinko s had since
> erased the data from its computers, as is Kinko s regular
> practice. Accordingly, the FBI did not seize the computers
> from Kinko s, Eagan, Minnesota.
Moral: Always make erasing unneeded data a regular practice,
if you want to keep your computers.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
u8fODkiRQptIbG0Gx/8TsyWhAaSyUi6bqxXcPoch
2gQB3HYsyrY6lY1CcTlNf5xm+nfdUNkDNFH91bpFH
Re: Saturday meeting/BBQ/party--last minute comments
-- On 11 Sep 2002 at 9:07, Tim May wrote: > Last Minute Comments: > > * Meeting/BBQ/Party at Tim May's house, Saturday, September > 14th, 1 p.m. onwards. Formal agenda to start promptly at 2 > p.m. > > * I've had a lot of confirmations (not required, except for > lurkers and strangers) from a lot of people, so PARKING is > OFFICIALLY BECOMING A PROBLEM. I live at the top of a hill > serviced by a one-lane road going from the valley floor up > several hundred feet to my driveway above. I have had parties > where about 15 cars were in one of several places: > > -- my own parking lot, handling about 4-5 cars besides my own > 2. > > -- my driveway, handling about 4-6 more cars, depending on > whether they block others! > > -- the side of the road at the very top of the hill, handling > 3-5 other cars > > -- the rest, I'm not sure where they parked! I observed Tim's place. His estimate of the parking situation seems optimistic to me, though doubtless he knows the situation better than I do. Be prepared for a considerable walk and/or frequent car rearrangements, and unscheduled delay in leaving. Tim's house is on a long, one lane track, somewhat east of the back of beyond. You recall the house in the cartoon "Courage, the cowardly dog"? Now imagine that same house, and rotate the landscape seventy degrees so that the house is stapled to the side of a mountain and the road dug into the side of a mountain. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 6wLay9FqSokQWYJ9KA94MevETkNtbnDry7fxHbD8 2+d7YG2eU5+wxXOCENNyvul+Im5tPQ3C6FI8UQzNF
RE: Cryptogram: Palladium Only for DRM
-- On 19 Sep 2002 at 11:13, AARG! Anonymous wrote: > Of course, those like Lucky who believe that trusted > computing technology is evil incarnate are presumably > rejoicing at this news. Microsoft's patent will limit the > application of this technology. And the really crazy people > are the ones who say that Palladium is evil, but Microsoft is > being unfair in not licensing their patent widely! The evil of DRM, like the evils of guns, depends on who has the gun and who has not. If only certain privileged people have guns, and the rest of us are disarmed, then guns are evil indeed. If trusted computing means that certain special people have ring -1 access to my computer, and I do not, and those certain special people are people I do not trust ... --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 9qfOgx4DuD39ZV1os+Mk6SzsJp3A6f8e/S94djUj 41XdHA+e/zdxPCIroQznM5ILiFBEOUSYYagF5KQkb
What good are smartcard readers for PCs
--
The biggest application of smart cards that I know of are
anonymous phone minutes. In Australia, I walked into a
hardware store in the middle of the back of beyond, and asked
the sales kid about a cellular phone for someone who would not
be in Australia very long. He promptly urged me to buy a phone
that uses one of these cards, pointing out as one of the
advantages that I buy the minutes for cash, and that no one
would know who was associated with the number, other than those
that I wished to know. This guy was a random saleskid in the
backblocks of Australia, not a noted cypherpunk poster.
Increasingly however, we see smartcard interfaces sold for PCs.
What for, I wonder?
In general, a smartcard and a PC smartcard interface can be
used anywhere where one would use a password, providing greater
security and ease of use than mere passwords. By and large,
people only care about greater security when the password is
protecting money, considerable lumps of money.
A huge number of web pages are selling smart card readers for
PCs, for example: http://www.drivecrypt.com/dcplus.html
Obviously end users are buying this stuff. What are they
buying smartcard readers for?
So I did a google search for web pages selling "chipdrive
extern" (the most popular smartcard interface for PCs) Seems
like this is big business -- that huge numbers of these widgets
are made and sold. yet most of the web pages seemed curiously
vague as to what anyone was buying them for.
I clicked on a link that said "current smart card industry
news" -- the page was empty.
I found another page that advertised
: : "The Key to Secure eCommerce"
: :
: : The eCode solution provides secure remote
: : identification and digital signatures for
: : e-banking, telephone and mobile banking and other
: : application where secure identification is needed.
: :
: : The eCode system offers user authentication, user
: : authorisation, data integrity, data
: : confidentiality and non-repudiation.
A related web page says
: : Argos Mini is a cost-efficient smart card reader for
: : the mass market and applications like Internet
: : Banking, Telecommuting, Access Control, loading
: : Electronic Purse, etc.
So we are seeing lots of publicity from people selling smart
cards readers but curiously little from those applying them to
particular purposes.
Mondex, as far as I know, sank with very little trace. They
seem to have given up attempting to issue electronic money
based on smartcards, and instead have become just another
company selling smart card readers and software, their biggest
contribution being a smartcard operating system that should
allow multiple applications to use the same smartcard, so that
a smartcard can act both as a purse and keyring, carrying keys
to many different things. This seems to imply that so many
diverse people are finding uses to for smartcard enabled PCs
that one is likely to use a smartcard to interact with security
from many independent vendors, just as one is likely to have a
lot of unrelated keys on one's keyring.
If this is so big, and it does seem to be big, how come I do
not know of any applications? The multiplicity of smartcard
interface vendors, and the struggle over the problem of using a
single smartcard for multiple unrelated purposes, suggests a
multitude of widely used purposes, yet I have no purposes.
Huge numbers of people must be buying these things, often for
multiple independent reasons, yet what are those reasons?
What would that kid in Australia buy one of these things for?
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
ynBJMlsLDPzg07sL/LvEpB/tIW037sE6ghIofneK
4PVvvjR5R/LHANHsZwHICLtrUdTredEP7JMGYF3vh
Re: What good are smartcard readers for PCs
-- James A. Donald> > > Increasingly however, we see smartcard interfaces sold for > > PCs. What for, I wonder? On 24 Sep 2002 at 1:41, Bill Stewart wrote: > I'm not convinced that the number of people selling them is > closely related to the number of people buying; this could be > another field like PKIs where the marketeers and cool > business plans never succeeded at getting customers to use > them. On 24 Sep 2002 at 19:12, Peter Gutmann wrote: > Companies buy a few readers for their developers who write > software to work with the cards. [...] Eventually the > clients discover how much of a bitch they are to work with > [] users decide to live with software-only crypto until > the smart card scene is a bit more mature. > > Given that n_users >> n_card_vendors, this situation can keep > going for quite some time. I have found that the administrative costs of PKI are intolerable. End users do not really understand crypto, and so will fuck up. Only engineers can really control a PKI certificate, and for the most part they just do not. In principle the thingness of a smartcard should reduce administrative costs to a low level -- they should supposedly act like a purse, a key, a credit card, hence near zero user training required. The simulated thingness created by cryptographic cleverness should be manifested to the user as physical thingness of the card. Suppose, for example, we had working Chaumian digicash. Now imagine how much trouble the average end user is going to get into with backups, and with moving digicash from one computer to another. If all unused Chaumian tokens live in a smartcard, one might expect the problem to vanish. The purselike character of the card sustains the coin like character of Chaumian tokens. Of course if one has to supply the correct driver for the smart card, then the administration problem reappears. USB smartcard interfaces could solve this problem. Just plug them in, and bingo, it should just go. Ummh, wait a moment, go where, do what? What happens when one plugs in a USB smartcard interface? Still, making crypto embodied in smart cards intelligible to the masses would seem to be a soluble problem, even if not yet solved, whereas software only crypto is always going to boggle the masses. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG UpBeNFF1UW7r7Fw8pVMxQG+xJ3mwsngHIp62BxL6 4D+u3ZM5e1JbeYAKaQ4dhOQrlZ42vq05cfz83rnCZ
Re: What good are smartcard readers for PCs
--
On 25 Sep 2002 at 18:36, Neil Johnson wrote:
> Hey don't forget you can still buy a smart card reader from
> that most cypherpunkish of babes BRITNEY SPEARS ! Only $30 !
>
> https://www.visiblevisitors.com/mltest/order_form.asp
A previous poster suggested that the smart card industry had
usuability problems. If these guys are selling to that market,
they must have solved those problems -- or believe that they
have.
On 24 Sep 2002 at 19:12, Peter Gutmann wrote:
> Eventually the clients discover how much of a bitch they are
> to work with [] users decide to live with software-only
> crypto until the smart card scene is a bit more mature.
Smartflash is supposed to be plug and play, no installation, no
configuration. You just plug it into a usb port, poke your
card into the reader and a browser window pops up, and takes
you to the web page for that smartcard. If any software is
needed, then it is in the form of activeX component, which
means that the only installation interface is "Do you trust
this software from so-and-so?"
When Chaumian money comes into wide use, I think that for most
end users we will have to stash all unused tokens inside
smartcards. However, because of the critical mass problem,
initial deployment for small payments cannot rely on such
means, though initial deployment for large payments could.
Unfortunately, deployment of uncrippled chaumian cash for large
payments is likely to be illegal in most jurisdictions.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
zA52k2I/yOV3JjdMnqwOFMq4Io7yMmdhp7IVzbUE
48lR0zT5ZoHjtDYfcW0+xmlo00w3DS04U9nsJblFq
Re: What good are smartcard readers for PCs
-- Neil Johnson wrote: > > > Hey don't forget you can still buy a smart card reader > > > from that most cypherpunkish of babes BRITNEY SPEARS ! > > > Only $30 ! > > > > > > https://www.visiblevisitors.com/mltest/order_form.asp James A. Donald: > > A previous poster suggested that the smart card industry > > had usuability problems. If these guys are selling to that > > market, they must have solved those problems -- or believe > > that they have. Peter Gutmann wrote: > All they're doing is reading a URL off a USB dongle > (technically a 256-byte I2C memory card plugged into a > reader, but in effect the combination is a USB dongle). > That's a no-brainer, I can do that with two wires taped to > the card contacts and poked into the PC's parallel port, and > around 50 bytes of code on the PC. If all they were doing is reading the URL, presumably you can already get to the site without owning the smartcard. I believe the card cryptographically proves its presence to the site to show that the user is authorized to hit the site. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG pTZSolt9/2ZzWLDufFApvlnFJTl7qJ+k/1P6N4E5 4+/ztYC9AfVoSBhBwjbH0ljx00WVl9cpQ4D/Kw7Ze
What good are smartcard readers for PCs
-- On 27 Sep 2002 at 19:53, Harmon Seaver wrote: > Forget the pencils and pens, just ban paper. The Chinese empire did in fact take that measure, making paper a government monopoly, prohibiting private production and use of paper, private knowledge of how to produce paper, and castrating all paper makers to reduce the risk of the technology of paper making being passed from father to son, or through pillow talk. Some barbarian pirates eventually stole one of the government's paper making eunuchs, and the technology got loose again in lands beyond the empire's control, particularly the west. A later chinese emperor issued "the encyclopedia of all knowledge", which was intended to stimulate the growth of knowledge, but an elephant cannot help but trample the grass. The actual effect of the encyclopedia was to prohibit all knowledge that was not in the encyclopedia. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG UZr0jvF3hsrDzZ/URGjiGNl8cw1jEQbsuJt2Vxm6 4P3p+Y/yI2jWvQGZ0O5aHI//rcxIXncZJqgHA4VdK
Re: smartcards
-- James A. Donald: > > When Chaumian money comes into wide use, I think that for > > most end users we will have to stash all unused tokens > > inside smartcards. However, because of the critical mass > > problem, initial deployment for small payments cannot rely > > on such means, though initial deployment for large payments > > could. Someone: > Here in Hong Kong, contactless "Octopus" smartcards (based on > the Sony FeliCa device) are well established for paying fares > on buses, ferries and subways, and also for small > transactions with vending machines, convenience stores and > supermarkets. The implementation is definitely non-Chaumian > (it's based on symmetric encryption using shared secrets for > both mutual authentication and secure transfer of value) but > the cards can be purchased and reloaded with cash. Alas, the > system does not allow uploads of value to banks or > peer-to-peer transfers, as Mondex did. Critical mass is no problem if a payment mechanism is backed by the big boys, but the big boys want a mechanism for transferring value where only a few giant corporations who are in bed with the state receive transaction payments, a system that divides the economy into a tiny number of actors, the big corporations, who alone take action, plan and produce, and huge number of passive consumer zombies. We would like a system which treats those making and receiving payments as peers, which makes critical mass a considerably more difficult problem. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG +QZmFHKyDPKB9S60+rLQsOzIgeGk4o2tjKPzSX+8 4ROdV+LJ4M5hm4HiXOxPfEhStMMRfi09HNAiWbEKa
Re: smartcards
--
On 30 Jan 2050 at 32:210, Steve Thompson wrote:
> I'm surprised that nobody has mentioned cell-phones as a
> digital cash platform.[]
>
> The problem is that phone software is (to my knowledge) all
> closed-source and running on proprietary hardware. What's
> the liklihood of manufacturers opening up their phones for
> third-party code?
An open platform would be a combined cell phone and palm top
computer. Lots of people are trying to move this -- so far
without wide acceptance.
Paypal's original vision was that people would use palm pilots
with IR. If phones developed palm pilot capabilities, this
vision would become more useful. I think combining the palm
pilot with the cell phone is more feasible once we develop a
good voice controlled computer, after the fashion of startrek,
which may be some time off.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
z0mctqiLain3vlXnFZTOy5PEVJIwCeg0x7zxl4RQ
4DWhd8THkIxyeHtI7sSA5O1d9IKi7WwGZVh6roOOb
What email encryption is actually in use?
--
What email encryption is actually in use?
When I get a PGP encrypted message, I usually cannot read it --
it is sent to my dud key or something somehow goes wrong. When
I send a PGP encrypted message in reply, stating the problem, I
seldom receive an answer, suggesting that the recipient cannot
decrypt my message either. Kong encrypted messages usually
work, because there is only one version of the program, and key
management is damn near non existent by design, since my
experience as key manager for various companies shows that in
practice keys just do not get managed. After I release the next
upgrade, doubtless fewer messages will work.
The most widely deployed encryption is of course that which is
in outlook -- which we now know to be broken, since
impersonation is trivial, making it fortunate that seemingly no
one uses it.
Repeating the question, so that it does not get lost in the
rant. To the extent that real people are using digitally
signed and or encrypted messages for real purposes, what is the
dominant technology, or is use so sporadic that no network
effect is functioning, so nothing can be said to be dominant?
The chief barrier to use of outlook's email encryption, aside
from the fact that is broken, is the intolerable cost and
inconvenience of certificate management. We have tools to
construct any certificates we damn well please, though the root
signatures will not be recognized unless the user chooses to
put them in. Is it practical for a particular group, for
example a corporation or a conspiracy, to whip up its own
damned root certificate, without buggering around with
verisign? (Of course fixing Microsoft's design errors is
never useful, since they will rebreak their products in new
ways that are more ingenious and harder to fix.)
I intended to sign this using Network Associates command line
pgp, only to discover that pgp -sa file produced unintellible
gibberish, that could only be made sense of by pgp, so that no
one would be able to read it without first checking my
signature.
I suggest that network associates should have hired me as UI
design manager, or failing, that, hired the dog from down the
street as UI design manager.
Presumably the theory underlying this brilliant design decision
was that in the bad old days, a file produced under unix woudl
not verify under windows because of trivial differences such as
the fact the whitespace is expressed slightly differently.
Here is a better fix, one that I implemented in Kong: Define
several signature types with the default signature type
ignoring those aspects of the message that are difficult for
the user to notice, so that if a message looks pretty much the
same to the user, it has the same signature, by, for example,
canonicalizing whitespace and single line breaks, and treating
the hard space (0xA0) the same as the soft space. (0x20), and
so on and so forth.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
OmUO5eB/pLnuFIgCU2splCvKO4x0U1Ik31pVFPaU
49B5UrVKc5ETzoxGcfl+q9ltoh61l4ncSyE+R5h6P
What email encryption is actually in use?
-- James A. Donald: > > We have tools to construct any certificates we damn well > > please, Joseph Ashwood: > The same applies everywhere, in fact in your beloved Kong, > the situation is worse because the identities can't be > managed. You are unfamiliar with Kong. The situation is better, because it is designed to be used in the fashion that all other existing alternatives actually are used in practice. James A. Donald: > > I intended to sign this using Network Associates command > > line pgp, only to discover that pgp -sa file produced > > unintellible gibberish, that could only be made sense of by > > pgp, so that no one would be able to read it without first > > checking my signature. Joseph Ashwood: > Which would of course demonstrate once more that you have no > clue how to use PGP. It also demonstrates what is probably > your primary source of "I can't decrypt it" you are using a > rather old version of PGP. In fact my version is network associates version 6.5.8, which can supposedly decrypt any valid pgp message, and your rant would be considerably more impressive if you signed your message with a PGP signature. Doubtless you could sign it -- eventually, after a bit of trying, after you had spent about as much time farting around as I did. The proclamation that PGP is usable would have been much more impressive in a message that actually used it. James A. Donald: > > Here is a better fix, one that I implemented in Kong: > > Define several signature types with the default signature > > type ignoring those aspects of the message that are > > difficult for the user to notice, so that if a message > > looks pretty much the same to the user, it has the same > > signature, by, for example, canonicalizing whitespace and > > single line breaks, and treating the hard space (0xA0) the > > same as the soft space. (0x20), and so on and so forth. Joseph Ashwood: > So it's going to be broken by design. These are critical > errors that will eliminate any semblance of security in your > program. You are full of shit. I challenge you to fool my canonicalization algorithm by modifying a message to as to change the apparent meaning while preserving the signature, or by producing a message that verifies as signed by me, while in fact a meaningfully different message to any that was genuinely signed by me. Let see you doing some work to back up your empty words. The source code for my canonicalization code is on the the net. If you say it is broken, break it! --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG nfNdl11zVV+oWKMTt0l79zrcrelHalABSBwKeib2 4Ts9fALHrytq8hR6Dhue492m/1vO+fYHy4Kqa6dkQ
Clarification of challenge to Joseph Ashwood:
--
James A. Donald: (ranting on the user hostility of PGP)
> > > Presumably the theory underlying this brilliant design
> > > decision was that in the bad old days, a [signed clear
> > > text file signed] under unix would not verify under
> > > windows because of trivial differences such as the fact
> > > the whitespace is expressed slightly differently.
> > >
> > > Here is a better fix, one that I implemented in Kong:
> > > Define several signature types with the default signature
> > > type ignoring those aspects of the message that are
> > > difficult for the user to notice, so that if a message
> > > looks pretty much the same to the user, it has the same
> > > signature, by, for example, canonicalizing whitespace and
> > > single line breaks, and treating the hard space (0xA0)
> > > the same as the soft space. (0x20), and so on and so
> > > forth.
Joseph Ashwood:
> > So it's going to be broken by design. These are critical
> > errors that will eliminate any semblance of security in
> > your program.
James A. Donald:
> I challenge you to fool my canonicalization algorithm by
> modifying a message to as to change the apparent meaning
> while preserving the signature, or by producing a message
> that verifies as signed by me, while in fact a meaningfully
> different message to any that was genuinely signed by me.
>
> Let see you doing some work to back up your empty words.
> The source code for my canonicalization code is on the net.
> If you say it is broken, break it!
To clarify, Kong works by checking a signature against the
message, and against other messages in its database.
Its job is not to identify the "true" James Donald, but to keep
the different people claiming to be James Donald clearly
separated. Thus Kong would be broken if such separation could
be obfuscated or confused.
Any program attempting to determine whether "Bob" is someone's
true name is attempting to do something that computers cannot
do, hence the intolerable certificate management problems of
software that attempts to do that.
Three quarters of the user hostility of other programs comes
from their attempt to support "true" names, and the rest comes
from the cleartext signature problem. Kong fixes both
problems.
Joseph Ashwood must produce a message that is meaningfully
different from any of the numerous messages that I have sent
to cypherpunks, but which verifies as sent by the same person
who sent past messages.
Thus for Kong to be "broken" one must store a past message from
that proflic poster supposed called James Donald, in the Kong
database, and bring up a new message hacked up by Joseph
Ashwood, and have Kong display in the signature verification
screen
The signature in this document matches the signature on
another document signed by James A. Donald. Do you
wish to view this document.
While Kong display a document meaningfully different from any
that was posted by James A. Donald.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
gQcEhL/Zl68mNm0WaeG7zRK5M+/3qbaE0t84hURH
4st/8mhjCyBBCy1Ganf3ud6SNdzLZtUChQQbTA6SO
Re: What email encryption is actually in use?
-- James A. Donald: > > I intended to sign this using Network Associates command > > line pgp, [6.5.8]only to discover that pgp -sa file > > produced unintellible gibberish, that could only be made > > sense of by pgp, so that no one would be able to read it > > without first checking my signature. David Howe > you made a minor config error - you need to make sure > clearsign is enabled. James A. Donald: > > I suggest that network associates should have hired me as > > UI design manager, or failing, that, hired the dog from > > down the street as UI design manager. David Howe > It's command line. Most cyphergeeks like command line tools > powerful and cryptic :) We also like the most common uses to be *on* the command line. If the option is not on the command line, it is *not* powerful and it is a little too cryptic. The pgp.cfg file is empty by default on my machine, the cfg file options are nowhere documented, clearsigning is nowhere documented, and "Clearsign=on" did not work. In the last generally useful version of pgp (pgp 2.6.2) pgp -sa gave clear signing, but it was unusable, because trivial differences, such as the unix/windows difference on carriage returns would cause the signature check to fail. Because there were so many false negatives, no one would check clearsigned signatures. I conjecture that in pgp 6.5.8 they have addressed this problem by making clear signatures as inaccessible as possible, rather than by fixing it. I could get clearsigning by telling my pgp 6.5.8 to be compatible with 2.6.2, but I have already discovered that 2.6.2 clear signing was hopelessly broken. Had clear signing worked, then everyone with a valuable domain name would have used the pgp interface to control their domain names, to ensure that one's domain name could not be hijacked, as so many domain names have been. This would have created a massive base of pgp users. However, due to architectural defects in pgp, design bugs rather than coding bugs, this use of pgp was broken, and so was seldom used, and eventually ceased to work entirely. Presumably there was no maintenance on the pgp inteface to domain name control, because no one was using it. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG MUiyRJ8PRbLCXnVMWCpeKvsn5GdOlAB9t6O7K0Hb 4GBcVbBHZFN0vg8apVt35e9Y2khaPdgrM+Y6uOys6
Re: What email encryption is actually in use?
--
James A. Donald:
> > I intended to sign this using Network Associates command
> > line pgp, [6.5.8]only to discover that pgp -sa file
> > produced unintellible gibberish, that could only be made
> > sense of by pgp, so that no one would be able to read it
> > without first checking my signature.
David Howe
> you made a minor config error - you need to make sure
> clearsign is enabled.
Not so. It turns out the command line is now different in PGP
6.5.8. It is now pgp -sta to clearsign, instead of pgp -sa.
(Needless to say the t option does not appear in pgp -h
The clearsigning now seems to work a lot better than I recall
the clearsigning working in pgp 2.6.2. They now do some
canonicalization, or perhaps they guess lots of variants until
one checks out.
Perhaps they hid the clear signing because it used not to work,
but having fixed it they failed to unhide it?
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
1lGJioukjvNCaM/LetfJVNPifdGblhZNTs+GarH2
4RFyr8DSgY3BrltZeP3treEOdb186ZDQzE/S3NYLI
Re: What email encryption is actually in use?
-- > > Once you start using it, it becomes part of hte pattern > > by wich other people identify you. On 2 Oct 2002 at 9:52, David Howe wrote: > Exactly the intention, yes :) Just for the sake of it (anyone > who cares will have seen my signature enough times by now) I > will sign this one :) And PGP tells me "signature not checked, key does not meet validity threshold" So I said to myself, OK, I will sign David Howe's key on my keyring to tell myself that this is the "David Howe" who posts on cypherpunks, though of course, pgp gives us merely a single variable "trust", which can have no easy connection to the question "what do you actually know about this particular David Howe?". (What we really would like is a database of communications indexed by key, so that we could see this communication in the context of past communications with the David Howe that used the same key.) I attempt to sign "David Howe"s key, whereupon PGP gives the highly uninformative error message: "Key signature error". It seems that I get similarly uninformative errors whenever I tried to use PGP. And that folks, is at least one of the reasons why end user crypto is not widespread. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 3XIIjDu4swm4B8omsJgkQJcu1Op4/sNb2XkGf18B 4F9ZT3OQag+pZrW134bJdhLT3EeX1wOFqJzi1WJQ5
Re: What email encryption is actually in use?
--
James A. Donald wrote:
> > And PGP tells me "signature not checked, key does not meet
> > validity threshold"
On 2 Oct 2002 at 20:40, Dave Howe wrote:
> what version are you on?
pgp 6.5.8 command line version.
The actual problem was that there was no such key in my key
ring, but error messages gave me no hint of that.
So having determined the problem, I dutifully went to the key
server, and encountered yet another stream of problems related
to the keyserver and windows, that made it impossible to
download the key, but that is another story.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
C+pOgajD+X0+ZJN6MxG/jTvWMW4WWcSPAO/u5ONp
41dEFaucvzVF+ulAPaijTMkhlW/C+virFHh06hHrM
Re: What email encryption is actually in use?
--
On 2 Oct 2002 at 16:19, Adam Shostack wrote:
> Whats wrong with PGP sigs is that going on 9 full years after
> I generated my first pgp key, my mom still can't use the
> stuff.
The fact that your mum cannot use the stuff is only half the
problem. I am a computer expert, a key administrator, someone
who has been paid to write cryptographic code, and half the
time I cannot use pgp.
Of course, I have had real occasion to use this stuff so rarely
that I suspect your mother would never use it no matter how
user friendly.
The lack of demand may have something to do with Hettinga's
rant, that all cryptography is financial cryptography. As I am
fond of pointing out, envelopes were first invented to contain
records of goods and payments. People use encryption when
money is at stake. If people start routinely making binding
deals on the internet, they will soon routinely use encryption.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
Yek7NX953gkX+mwOcaRKW13pMWVzckXtQLHH7Oqt
45E6Pq+EKfccaEUOQLWtfPKtgE9yfk5u/o8MMv4HG
Re: What email encryption is actually in use?
--
Adam Shostack wrote:
> > Whats wrong with PGP sigs is that going on 9 full years
> > after I generated my first pgp key, my mom still can't use
> > the stuff.
On 3 Oct 2002 at 17:33, Ben Laurie wrote:
> Mozilla+enigmail+gpg. It just works.
If we had client side encryption that "just works" we would be
seeing a few more signed messages on this list, and those that
appear, would actually be checked. Send an unnecessarily
encrypted message to Tim and he wil probably threaten to shoot
you.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
2Xas831JtcVC2arD+2zXouy3o82ZsDYT6VWbi0g
4LoqK+b3poXgDltScDKS3wl1UILcpvnNaumqELJhn
Re: What email encryption is actually in use?
-- James A. Donald wrote: > > If we had client side encryption that "just works" we would > > be seeing a few more signed messages on this list, and > > those that appear, would actually be checked. Send an > > unnecessarily encrypted message to Tim and he will probably > > threaten to shoot you. Ben Laurie wrote: > Why would I want to sign a message to this list? Then all the people who read this list, were they to receive a communication from you, they would know it was the same Ben Laurie who posts to this list. Of course, if you were in the habit of posting suggestions to this list that you break the law, this might be a bad idea, but to the best of my recollection, you do not. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG camCoW1VxLtKI1Q8U87Pid9dPFLuYKXqZMqDPd6y 4BIPT6xmk2CLc9m90mQsQOrs/2issShK6u9NJ42zf
Re: why bother signing? (was Re: What email encryption is actually in use?)
James A. Donald: > >> > If we had client side encryption that "just works" we > >> > would be seeing a few more signed messages on this list, Major Variola (ret): > But Ben is not spoofed here! So there is little motivation. > > [...] > > In the absence of any need, its not rational to bother. There have been episodes of spoofing on this list. If client side encryption "just worked", and if what is considerably more difficult, checking the signatures "just worked", there would be no bother, hence it would be rational to sign --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG j35pZ93cRp46pIhaD4AQ0X3neQjPEV2l9JrKJ2L2 4Eto77muLU+n+EF8nNrcbcSAMw1Vtdttyl1600R9x
Independent News
-- > >"The whole idea is to try and stop something like the Bali > >bomb > happening." On 23 Oct 2002 at 11:10, Major Variola (ret) wrote: > The correct patch should be applied to US foreign policy Don't think we can blame US foreign policy for the Bali bombing. Probably relates more to Australian foreign policy and Singaporean internal policy. Indonesian muslims were sponsoring terror against Timorese. Australia let that pass as long as Fretilin was communist, but when Fretilin swore off communism, Australia intervened, thereby gaining a vital strategic advantage, in that Timor is an unsinkable aircraft carrier covering the approaches to Australia. This had the effect of rolling back Muslim rule, something that Bin Laden has told us is a no-no. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG YyO99qL0+xsoa0JPIh9Tbof+WkATG5PpWoiy6s5v 4BRkFiGmL+8i6uxcMBHxQEfXZE6OccbPl+ouoG1Jy
Re: Intel Security processor + a question
--
On 21 Oct 2002 at 10:21, Major Variola (ret) wrote:
> But no such "does it look random" test can tell good
> PRNG from TRNG. You must peek under the hood.
More generally, one can never know something is random merely
by looking at it, but only by knowing why it is random. One
must have both theory and experiment.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
govZnfsYPhr1BzrbpYoLQVdfLp/FkKmHG9KFTFkI
4NCRqBJWFhDElvlvzDTaZGuTWNTAoXMMadfUryifo
Re: internet radio - broadcast without incurring royalty fees
-- On 24 Oct 2002 at 20:32, Morlock Elloi wrote: > Napster clones, kazaa, gnutella et al. rely on end-users to > upload stuff. These end users simply have no bandwidth > available for that. Cheapo DSL lines have hundred or few > hundreds of kbit/sec unguaranteed upload capacity. No one is > going to pay T1 to serve free stuff in breach of copyright > laws. > > The net result is - and anyone can try it for themselves - > that average success rate is less than 40%, the speed is > miserable - most of the time it takes hour or more for 5-6 > minute mp3, and then you need to be lucky so that content > matches the title. I am a really big fan of "Buffy". A cute chick, lots of violence and killing, and a bit of sex, what more can one ask for in a TV show? Recently due to family crisis, I missed a couple of shows. So, using usenet, I downloaded the two one hour shows that I missed. I had no problem getting them, the download ran in the background. It did not seem to take an unreasonably long time, though I did not bother to time it. I started the download, proceeded to do other things, and when I remembered to check, the download was done. So I then watched the shows. The image and sound quality was excellent, the ads had been deleted. The stories were rattling good. Loved the bit where buffy says "I am the law", and picks up a great big naked sword and stalks off to apply the instant death penalty, while Xander flutters about ineffectually being deeply caring and emotional and having deep moral debates about the use of violence. I have never downloaded a tv show off the internet before. Everything just worked, no fuss, unlike some encryption programs I could mention. > While there always will be pathological cases that will spend > tens of hours online to get few mp3s for free (that is, until > local telco decides that flat rate is no more viable), for > most napsters are unusable. My experience is that the mass media are doomed. This stuff works just great for me. I have stopped downloading music until I organize the music I already have. Napster was just great, worked with no fuss. Maybe the Napster clones are not as good, but my experience with downloading TV shows suggests that piracy is working better than ever. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG w5c01d6+NpDvLdLI2X6Jg5z8F2yx1pwhncy3yMYK 4b/esfa1UycmFgStXtluIkq+6g1XHHb8MMWOMZOkk
Re: internet radio - broadcast without incurring royalty fees
--
James A. Donald:
> > my experience with downloading TV shows suggests that
> > piracy is working better than ever.
Major Variola
> This wasn't piracy, it was time-shifting.
When the ads were deleted, it ceased to be time shifting.
In any case, the point I intended to make was that "Buffy" was
one hundred times bigger than a typical MP3, yet the software
and hardware had no problems.
If the internet can handle one hour tv shows without working up
a sweat, digital convergence is getting real close.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
XYP6QY+S9r3ndihIQTukA67fRiwrn6l5ZpkvrArT
4M1UwSPjw71Nqox9g8XKDugMA/eyyeDoNJSWRDhBZ
What is the truth of the anti war rallys?
--
Supposedly tens of thousands turned up, forty two thousand in
San Francisco
Yet oddly, the photos of marches that I see look more like
forty in San Francisco, and four hundred in Washington.
Perhaps there were a lot more out of frame, but that is an odd
way to photograph a demonstration.
Does anyone know the truth from his own eyes, or a more
complete set of images? At least some newspapers are reporting
"hundreds" or four hundred in Washington, while others are
reporting eighty thousand, an number curiously different from
four hundred. However it seems that all papers are reporting
forty two thousand in San Francisco.
The inconsistency in the reports from Washington incline me to
doubt the reports from San Francisco, but of course there is a
plentiful supply of liars on both sides of the fence.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
XvyryuYS+vBllOZxJ4VX58iglXFp7Ttjj2gWpoWN
4Nfd+VGZPH10x9+jh7fcgqq91ms4mTmBSS+vzsczS
Re: Clarification of challenge to Joseph Ashwood:
-- Joseph Ashwood: > > > > So it's going to be broken by design. These are > > > > critical errors that will eliminate any semblance of > > > > security in your program. James A. Donald: > > > I challenge you to fool my canonicalization algorithm by > > > modifying a message to as to change the apparent meaning > > > while preserving the signature, or by producing a > > > message that verifies as signed by me, while in fact a > > > meaningfully different message to any that was genuinely > > > signed by me. Joseph Ashwood: > That's easy, remember that you didn't limit the challenge to > text files. It should be a fairly simple matter to create a > JPEG file with a number of 0xA0 and 0x20 bytes, by simply > swapping the value of those byte one can create a file that > will pass your verification, but will obviously be corrupt. > Your canonicalization is clearly and fatally flawed. If so easy, do it. > > Joseph Ashwood must produce a message that is meaningfully > > different from any of the numerous messages that I have > > sent to cypherpunks, but which verifies as sent by the > > same person who sent past messages. > > > > Thus for Kong to be "broken" one must store a past message > > from that proflic poster supposed called James Donald, in > > the Kong database, and bring up a new message hacked up by > > Joseph Ashwood, and have Kong display in the signature > > verification screen Joseph Ashwood: > To verify that I would of course have to download and install > Kong, In other words, you are blowing smoke, and know full well you are blowing smoke. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG H1Nbd40fMEd0QoHFng2hEcuA2a/BP07ab+GOBowZ 4HIcNbSdMF02EWVm52VJqtj0Jas+Wmq/SZ/UyT0uq
Re: New Protection for 802.11
-- Reading the Wifi report, http://www.weca.net/OpenSection/pdf/Wi- Fi_Protected_Access_Overview.pdf it seems their customers stampeded them and demanded that the security hole be fixed, fixed a damned lot sooner than they intended to fix it. I am struck the contrast between the seemingly strong demand for wifi security, compared to the almost complete absence of demand for email security. Why is it so? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG IWe4JFeDeor04Pxb96ZsQ7xX+JAwxSs8HQfoAeG5 4rQX6tgLhAvAwLjF+SXlRswSmphBhw4cOXLe9Y4r5
RE: Did you *really* zeroize that key?
--
On 7 Nov 2002 at 16:36, Trei, Peter wrote:
> The 'volatile' keyword seems to have poorly defined
> behaviour.
"Volatile" memory typically both receives input from outside
the abstract machine, and generates output outside the abstract
machine. Indeed the expected reason to write to volatile
memory is because it generates effects outside the abstract
machine.
If the optimizer ever optimizes away a write to volatile
memory, device drivers will fail. Most device drivers are
written in C. If anyone ever produces a C compiler in which
"volatile" does not do what we want, not only are they out of
spec, but smoke will start coming out of hardware when the
device drivers are recompiled.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
kEh2eDIEzpFnafz1M2n+bEgPvpgJoMG5yeNBElma
4DJ2e1VU89ubCetOzWnz76JuUZBdhHHlg/JLf9Xju
Re: Yodels, new anonymous e-currency
-- On 12 Nov 2002 at 8:50, Nomen Nescio wrote: > According to this link, > http://www.infoanarchy.org/?op=displaystory;sid=2002/11/11/4183/2039, > a new form of digital cash called "yodels" is being offered anonymously: > > [...] > > Supposedly, then, this is cash which can be transferred > anonymously via IIP or Freenet. Leaving aside the question > of trusting an anonymous bank (trust takes time), the > sticking point for ecash is how to transfer between yodels > and other currencies. Without transferability, what gives > yodels their value? Alleged attempts to introduce internet currencies have a ninety percent humbug and fraud rate. If his currency works well enough that one can buy addresses with it, this indicates a somewhat surprising level of success. I will check out his currency, and see what there is to see. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 46Ibm86cvcVoir/f4dSSPwM2gYCtHcpTds+N+jJq 4psLxBq0RMZOakFcGiILu6K8f4B1x/f6awQoD8K5c
Re: Yodels, new anonymous e-currency
-- On Tue, 12 Nov 2002, Nomen Nescio wrote: > > > According to this link, > > > http://www.infoanarchy.org/?op=displaystory;sid=2002/11/11/4183/2039 > > > a new form of digital cash called "yodels" is being > > > offered anonymously: On 12 Nov 2002 at 7:31, Steve Schear wrote: > Correct they are a bearer share issuer, like the Digicash > licensees before them. They claim to hold value denominated > in some units of account (in their case DMT) as their asset > backing. The challenge for Yodel will come in convincing > potential users that: DMTs have sustainable value, that Yodel > is really fully backed by DMTs, that Yodel's operators can be > trusted not to abscond with the value exchanged for Yodels or > refuse to exchange them for DMTs at some future time. All > while reamining anonymous. A pretty tall order I should > think. Pseudonymous, not anonymous. What is a corporation but a nym? Any swindling you can do with a pseudonym, you can do with a corporation. > At least initially, many Yodel users may want only to use > them mainly as a mixmaster between DMT accounts. With e-gold, one can perform one's mixing in a furnace. With DMT, cryptographic mixes are the only practical solution. Problem is that most users will not understand cryptographic mixing, whereas they do understand a furnace. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 50wZVsHzWVCcQBwTOHonjfe6YktnJgFEe7CRcnOu 4qPIe4UB2pjTm4BTLInH60M2fku9pH217a/zFX8Jc
Re: Yodels, new anonymous e-currency
--
On 13 Nov 2002 at 2:26, Anonymous via the Cypherpunks wrote:
> It's not clear what value - if any - Yodel provides over and above the
> DMT Rand system.
The DMT Rand system knows if client X43967 transfers money to client
X98987
It also know that client X43967 transferred money to or from a bank
of America account, rendering client X43967 no longer pseudonymous.
Similarly for client X98987
Thus it can discover that Truename Bob transferred money to truename
alice.
With Yodels, this cannot be discovered.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
4dTv3KcoxE5viaZ34CP+Kgiv7xBHQnxAIgOf8q77
4wRmxI7SHxYSApkRtBdKILKjZaXzp6Qu2F4jW9vcT
Re: Yodels, new anonymous e-currency
The Yodel does not have a web site where yodels can be converted into some other form of money, and other forms of money converted into Yodels. Instead it has an IIRC bot. Use of this bot is described at http://yodel.deep-ice.com/bankbot.html This means a command line interface, to do banking transactions. This of course greatly reduced the work required to implement the Yodel, but will greatly limit the acceptability of the Yodel.
Poker
-- Internet Poker is a big money activity. A major problem with this activity is that the site can choose to allow certain privileged players to cheat. In principle it should be possible to create poker playing software where the server cannot cheat, but it is not obvious to me how this can be done. Does anyone know of a cheat proof algorithm? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG d4omBF08eFWhHQd6CDKVp4lJjfAS5GR56iMNcbAA 4XIes5IiykHpRT31kmyvZJTH0pPeUGMmBmORhd56d
Re: Fwd: [fc] list of papers accepted to FC'03
--
On 15 Nov 2002 at 10:55, IanG wrote:
>
> > List of papers accepted to FC'03
> >
>
> I see pretty much a standard list of crypto papers here,
> albeit crypto with a waving of finance salt.
Theory of what could be implemented has run well ahead of what
has in fact been implemented.
This has doubtless reduced enthusiasm for the theory.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
XmqKAbnJ3zxWonUYjLQTEauIWVuczMy3fiZXjszK
4BOXbFJHRJ+piLFRffQdmB84zd8OiOgRKr7wytw+r
RE: Where's Osama? (Re: OPPOSE THE WAR! We are going to ruin Iraq to get the oil. Who's next)
-- On 14 Nov 2002 at 14:47, Andrew John Lopata wrote: > I'm no expert, but a friend of mine in the military suggested > that invading Iraq now would be a lot different than the Gulf > War. He said that urban combat, which will be necessary to > depose Hussein, is the most difficult and dangerous type of > combat there is. The last time the US engaged in urban combat, Somalia, US troops took significant casualties, and innocent bystanders suffered enormous casualties. In Afghanistan, urban combat was avoided by three a dimensional envelopment. The enemy inside the city was threatened by ground troops outside the city, from the sky, and by subversion from within the city. It was this final threat, subversion from within, combined with containment from above and around, that provoked capitulation. This third element, subversion from within, may well be unachievable in Iraq, or if it is achievable, the regular army not very deft at getting it done. For the Iraq war to be completed without enormous civilian casualties, massive destruction of infrastructure, and intolerable US casualties, successful political warfare is likely to be essential. > There is no readily available alternate government to install > in Hussein's place. The resulting destabilization in the > region will likely result in a U.S. military presense in the > country for a much longer time than in the Gulf War. When the US defeated Nazi germany, the nazi government was largely obliterated, and the remaining apparatus of government mostly signed up with the German communist party, which had been the second largest party before the nazis, and which was subservient to the Soviet Union. Thus the US eventually had to suppress every vestige of German government and foster a new government from nothing. It took about five years for a plausibly German government to get its hands on the reins of power, and few more years for it to get rid of the institutions and apparatus of nazism. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG AoQslZIvueBx4Zn3xjfrmZVppIjzS70PWbcba9wQ 4QY9/UCaEXMTq2ePACwR96pH+xkCwMdSGqYXRuXaA
Re: OPPOSE THE WAR! We are going to ruin Iraq to get the oil. Who's ne
--
On 19 Nov 2002 at 12:02, Kevin Elliott wrote:
> If you read between the lines of US history, you'll discover
> that America did not begin to succeed in the war until late
> in the war when the troops had become better trained and
> disciplined.
This is not my interpretation. Rather, the American *never*
succeeded in conventional warfare. The British were able to
march hither and yon, destroying whatever they chose, and
killing whoever got in their way. However this cost them, and
it did not bring them political control. After marching up and
down and back and forth, and losing lots of men in the process,
they eventually gave up.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
8rJK0TzKk1D62GWmAZ6vUvsi4CeZZEc5RL+nY/pG
4uNqMiU5DCnLXIoq1IVsaQobFOgZedKfb3qFuXYdl
RE: OPPOSE THE WAR! We are going to ruin Iraq to get the oil. Who 's ne
--
On 19 Nov 2002 at 15:45, Tyler Durden wrote:
> Mikey: I would suggest tangling with Chomsky for a bit. Start
> with...
>
> http://zmag.org/content/showarticle.cfm?SectionID=11&ItemID=2
> 312
Chomsky is a liar. His citations are mostly fraudulent, and he
has at one time or another defended every bloodthirsty tyranny,
every reign of terror, with the possible exception of North
Korea.
His words sound bombastic, yet they equivocate, pointing in two
directions at once. This is the text equivalent of someone who
talks loud and very fast while unable to meet your eye.
I recommend you check out my Chomsky web page:
"Chomsky lies" http://www.jim.com/Chomsdis.htm
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
5U6Z7xMp4zTN7LYnZeRTOkIV+P8krIJAvwxGPmE3
4EkYXklGNdtijKPek7gdRsTyzwt1PLpWiSTSKliuv
Re: Microsoft on Darknet
--
According to Microsoft,
http://crypto.stanford.edu/DRM2002/darknet5.doc
Darknet is being undermined by free riders.
: : Peer-to-peer file sharing assumes that a
: : significant fraction of users adhere to the
: : somewhat post-capitalist idea of sacrificing their
: : own resources for the "common good" of the network.
: : Most free-riders do not seem to adopt this idea.
: : For example, with 56 kbps modems still being the
: : network connection for most users, allowing uploads
: : constitutes a tangible bandwidth sacrifice. One
: : approach is to make collaboration mandatory. For
: : example, Freenet [6] clients are required to
: : contribute some disk space. However, enforcing such
: : requirements without a central infrastructure is
: : difficult.
The obvious solution is to monetize the darknet services, with
very small payments, payments that would typically ad up to
five dollars a month for heavy users or heavy servers -- that
is to say, a half a gram of gold a month.
Mojo was intended to do this but it failed, I think it failed
because they failed to monetize mojo before it was introduced
as service management mechanism.
We should get an anonymous micropayment system working,
interconvertible to real money, or real e-gold, then apply it
to such applications as mixmasters and darknet.
Allegedly yodel is such a system, but yodel is connected to
e-rand, which is connected to some people who fail to inspire
me with confidence.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
beO567eji82JoZMjbN1JCWL6vQBr301pkVztKIR+
4HzLNwHtW3q5fJqUcxtmJZ0gjqfcEJvGFfMRkWY0c
Re: Torture done correctly is a terminal process
-- > On Thu, Nov 21, 2002 at 09:33:39AM -0800, Greg Broiles wrote: > > To flesh this out a little more - the judge was Stephen > > Trott, speaking on September 18 2002 at the Commonwealth > > Club. Trott credits the torture warrant idea to Alan > > Dershowitz, whom he describes as a good friend and a "great > > civil libertarian". On 21 Nov 2002 at 22:24, Declan McCullagh wrote: > Yes. Clearly it's okay for torture warrants to exist -- as > long as you're a member of the political class that gets to > approve them... At present, if the US wants someone terminally interrogated, they ship him to Egypt and ask the Egyptians to do the interrogation. I am mildly suprised they do not ask the Afghans to do the interrogations, since poems have been written concerning the remarkable effectiveness of Afghan interrogations. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Jyf5nXEcZGYbFVFMsrtVZ973GZhAHY04PCKLDC4a 4OpiaSbnH8yY1vYQHQAPfTAfNqbAvyyBgFMDUG6Ir
Re: Photographer Arrested For Taking Pictures Of Vice President'S Hotel
--
On 9 Dec 2002 at 9:17, Tim May wrote:
> Anyone in the U.S. can be declared an "enemy combatant" and
> vanished away from lawyers, habeas corpus, the 6th Amendment,
> and any semblance of the system of liberty we sort of had at
> one time.
So far this has only been applied to people who are obviously
hostile muslim terrorist wannabees, but the program will be
steadily expanded. Indeed, part of the homeland security act
already aims at people who make cartridges (reloaders), who
will in due course be dealt with by the extrajudicial means
provided for in the homeland security act.
In general wars lead to a major temporary reduction in liberty,
but a smaller permanent reduction in liberty. Unfortunately
the war on terror will probably never end, so there will be no
recovery.
The government is on perfectly good constitutional ground when
it claims that the army can do as it pleases on or near the
battlefield. Trouble is, with terrorism or guerrilla war, the
battlefield is arguably everywhere. We need a declaration of
victory that will push the battlefield to somewhere far away.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
FLOmVFJWOQBqPSg63zjCLyzrGNzmKNAwje/jqRal
4BI7xjE+ItnxvhioCvggkQ6IREbp21mrBxAIeCBcg
Re: Anonymous blogging
-- On 11 Dec 2002 at 2:40, Nomen Nescio wrote: > But cypherpunks isn't that great a forum for publishing > ideas. Take a look at > http://www.inet-one.com/cypherpunks/current/maillist.html to > see the unfiltered list feed. Sure, no subscriber with half > a clue actually sees it like this, but that's how it looks to > the outside world. In a way, Mathew's and Choate's attack upon the list has done us a favour. The list is now effectively restricted to those with the will and ability to use filters, which raises the required intelligence level. For a while Mathew kept changing his email address, which led me to consider hunting him down and remonstrating him in person on my next visit to Australia, but now he holds it constant, so he and Choate are only a problem for idiots. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 3zalEmgDfRHRR2dLaPYt11ySXtkp1DlrxQ7JjK3t 4lTIAXG7p/FelDNPyrw1C62lPQej1gALsHiPdxIbJ
Re: Extradition, Snatching,and the Danger of Traveling to Other Countries
-- On Sun, 15 Dec 2002, Sarad AV wrote: > Firstly,they cannot be exterminated.There is no proof of > identity as we may have in our countries and no body will ask > for it either,since most don't have one. The Taliban would > have cut their beard and hair and mixed up with civilian > population,while troops can go searching for orthodox > civilians with a taliban look,making it hard to hunt them > down.Once/if the international troops leave afghan,there are > over hundred factions,who will keep fighting among themselves > for 'land' and the taliban will be back. There have always been a hundred factions quarreling over land in Afganistan. The level of violence was tolerable to Afghans and outsiders. What went wrong with the Taliban is that one faction, with outside aid from international islamicists, managed to actually get most of the land. US policy was to restore the status quo ante in Afghanistan, put things back the way they were before the Soviet invasion. It seems to have succeeded well enough, and there is no reason to suppose it will be any less stable than it was. The future of Afghanistan will probably be no less violent than it was before the Soviet invasion, but no more violent that it was before the Soviet invasion. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG k2IMyoZuE05D4VVX0FkW1hRQSzvJRDmLhlhwppHX 4+V+mECM7CjCVvLuL1WVl7q6w8saodTqAtyPLDY7v
Re: Extradition, Snatching,and the Danger of Traveling to Other Countries
-- James A. Donald > > US policy was to restore the status quo ante in > > Afghanistan, put things back the way they were before the > > Soviet invasion. Sarad AV > How does that make things better for 'afghan' people,after > all the bombing done on their home land? Obviously it makes things vastly better, and to those who think the Soviets were progress personified, look at the way the refugees were and are moving.When status quo ante was restored, the refugees came home Much the same story in Nicaragua. The refugees were always going away from the Sandinistas, towards the contras. > > The future of Afghanistan will probably be no less violent > > than it was before the Soviet invasion, but no more violent > > that it was before the Soviet invasion. > Thats the only thing US seems to be doing for afghani people > after all their promises.The US foreign policy is disliked > world wide. The US foreign policy is highly popular in those countries most threatened by the Taliban -- Afghanistan and Uzbekhistan. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG m3BCbcTez7gMAJBd7yGjgbujWjkP967kgrflSJJM 4BtvgmCP/KjctqbJ5y1eHzxxGBFRTBeLGe+iXBMcb
Re: Verdict's in: Elcomsoft NOT GUILTY of criminal DMCA violations
On 17 Dec 2002 at 16:43, Steve Schear wrote: > [I'm more convinced than ever that nullification figured into the > verdict. If so, bravo for the jury. steve] Both the defense and the prosecution sought to make the facts clear and understandable to the jury. So the defense was betting on nullification.
Re: To Marcel Popescu On the Interventionist pseudo-Libs
--
On 18 Dec 2002 at 9:50, Major Variola (ret) wrote:
> Yeah, the Objectivists (TM) seem to have been taken over by
> militant zionist interventionists too.
Of all the advanced states, Israel is arguably the one that
accords least with Objectivist ideals. It is nominally
socialist in land and quite a lot of other stuff. Of course if
you are Jewish, that socialism can be set aside -- and is set
aside to a greater or lesser extent for most Jews, though some
Jews find it a lot easier to have a nominally socialist state
treat stuff they care about as private property than other
Jews. Objectivists having orgasms over Israel because it is
supposedly a liberal democracy is rather like communists having
orgasms over Cuba because it was supposedly egalitarian.
It is also entertaining that the socialism of Israel is, like
the socialism of the Sandinistas, a lot more socialist for
ethnic groups that are hated than ethnic groups that are
favored, which reminds me of the argument I sometimes hear from
socialists about West Germany -- that all Germans were evil
hateful nazi murderers, and therefore should have had a
socialist economy imposed on them.
But I ramble and digress. To get back on point, if those who
purport to be objectivists are also militant zionist
interventionists, we should not take their supposed objectivist
ideals too seriously.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
z6cMJ26RNdOfjBLQ98HcwFLdNTnpcyr6pXXAMyQK
4tzr0wMoswCmhku2MWXFlT4ncUNcScZtE4v7JMJS4
RE: CRYPTO-GRAM, December 15, 2002
--
> > Disney doesn't have the power to tell me what I may eat or
> > smoke, except in their parks and on their property.
On 20 Dec 2002 at 10:24, Vincent Penquerc'h wrote:
> Now, imagine a Disney owning the whole of the land of the
> USA, and having armed forces the size of the USA.
If a single corporation owned everything, then it would be a
socialist government. If the US government was socialist, if
it owned all or nearly all of the means of production. it
would behave the same way all other socialist governments have
acted -- it would engage in terror and mass murder.
The fact that Disney, and lots of other groups own various
small things makes me free. Voting does not make me free.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
qikI/Zvu3HswGlLSZkKaevQ3pU6OY28ELljC0Jbd
4cAxIRdESGs/ZREaCsKc0sn3T8IF21aiD8Wwoy3Os
Re: CRYPTO-GRAM, December 15, 2002
--
On 20 Dec 2002 at 19:26, William Warren wrote:
> voting keeps you free..voting is our way of controlling and
> shaping the government.
No matter who you vote for, a politician always gets elected.
> Those who do not exercise this duty do not deserve to
> complain about what goes on.
By voting, you give the appearance of consent to what the
government does to you.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
xmBBW56MrvFmh7U6fPSMDbyYqa+PTDPhTlRLmwmD
4cHSTvSFFo32sjmnBGPqe0vLtp3CfQhXyVLccQaXm
Re: CRYPTO-GRAM, December 15, 2002
--
William Warren
> voting keeps you free..voting is our way of controlling and
> shaping the government.
In
http://www.daviddfriedman.com/Academic/Price_Theory/PThy_Chapter_19/PT
hy_Chap_19.html
David Friedman explains why democracy does not work.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
EE2kJk6NPO8w6BAmEjpZ3C4Ebd+deCFguLnVxSim
4l1W1bAjtNXV2/66RWaY7NrrWziR17QbWSWW4V9Ib
Re: Quantum Probability and Decision Theory
--
On 23 Dec 2002 at 21:23, Tim May wrote:
> Inasmuch as we cannot even build a machine which even
> remotely resembles a bat, or even an ant, the inability to
> simulate/understand/"be" a bat is not surprising. There is
> no mapping currently feasable between my internal states and
> a bat's. Even if we are made of relays or transistors.
On the other hand, our inability to emulate a nematode, or the
a portion of the retina, is grounds for concern. This does not
indicate that the mystery is QM, but does suggest that there is
some mystery -- some special quality either of individual
neurons or very small networks of neurons that we have not yet
grasped.
It is unsurprising that with current computing power we should
be unable to emulate an ant, but inability to emulate a
nematode is troubling.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
s086giCwtcqu7XeskLWGWB1/rNYzhJZkH8XFagKR
48Gxb+aU0UhySFtRSBas+3fCnJhul0WOmmsY1eX0F
Re: Make antibiotic resistant pathogens at home! (Re: Policing Bioterro Research)
-- Tim wrote: > > Expect to hear not of a hausfrau being busted, but of the > > roundup (so to speak) of Mohammed Sayeed, Hariq Azaz, and > > other thought criminals for buying two many gallons of > > Roundup at the local Walmart. On 24 Dec 2002 at 19:42, Anonymous wrote: > Not all that far-fetched, really. It would be fairly simple > to create a dioxin bomb by heating a 55gal drum of > polychlorinated phenols (2,4D or 2,45T) or polychlorinated > biphenols (PCBs from a powerline transformer say) until it > exploded. Put it upwind of the Whitehouse. The toxicity of dioxins is much overhyped. Any large power transformer that overheats is the equivalent of your dioxin bomb, and so far no one has noticed the supposedly devastating destruction created by such events. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG I/MUjNP0TjcfM8jSG/q6ilYM/BSusXQSnVFC62Oz 4qQn7Q8L8a5LQbDE/hF1+vLgvdmumy9NjYQuHGxYe
Re: Quantum Probability and Decision Theory
--
James A. Donald:
> > It is unsurprising that with current computing power we
> > should be unable to emulate an ant, but inability to
> > emulate a nematode is troubling.
Eugen Leitl
> The crunch power is there. We're lacking a good enough model,
> and empirical data to feed that nonexisting model.
Every neuron's connection to every other cell is known, and yet
the model does not run a worm.
Every cell is mapped, but what these cells are doing is
frequently unclear.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
Vi3n3btgbJznuLwaZFHG2QzHC4WzqYUTP2PXc1eL
4iyLwSpYDYCB4gyr/ya7n2q23kHsZQmGXE2z7SUkD
Re: Security cameras are getting smart -- and scary
--
On 8 Jan 2003 at 16:54, Thomas Shaddack wrote:
> In Japan, people are already wearing face masks frequently,
> ie. during the flu season. If such cultural shift happens
> here as well, we have partial protection against the
> face-recognition cams.
In today's Vietnam women commonly dress like Ninjas, completely
covering every square inch of skin. Even the eyes are covered
with dark glasses. The costume however is tight, covering the
face but revealing the figure.
Men's fashions, however, change at the speed of glaciers, so
there is little chance of that becoming acceptable for men.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
eeK7Lx/2xa/jMsqP3nKuxuq4g/yRmQtaTm/6pzMG
4WNfeWcezvgs7vrhiCTz68qRAGREiuHgqil78zrNJ
Re: Question on Mixmaster
--
On 12 Jan 2003 at 20:12, Kevin S. Van Horn wrote:
> I've known about Mixmaster for years, but only just now
> finally downloaded and installed it (Mixmaster 2.9.0). Does
> anyone know where I can find documentation on how to actually
> use it?
It is intolerably painful to use Mixmaster by hand.
Download quicksilver, which is a wrapper around Mixmaster.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
SOzCf2IlFaRP9bX1C0CNSyBqZtT2LHJw6xVNbuQg
42jEIkLSj0DRPCGqFJuNhf6tC8RHusnbDZzvJzdg5
Re: Security cameras are getting smart -- and scary
--
On 13 Jan 2003 at 12:30, Todd Boyle wrote:
> What *was* your point in redistributing the "nigger killing"
> post from Cypherpunks, in the digital bearer settlement list?
> Does that have something to do with digital cash, or enhance
> your IBUC business somehow? Maybe, increasing traffic by
> being cool and shocking?
Tim May pulled people's legs -- some sucker took it seriously,
so someone decided to pull a little harder to see how much a
sucker would swallow.
The hunting post was obviously a joke, as the final line made
clear. The real joke was that some readers would fail to see
that the first line was a joke, would believe that cypherpunks
really do go hunting black people.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
VZWpdVuMGJXwD+8kUsrx9HO13zFp6hwvFIsezAEw
414DzHlNJd+xhIFwTZwjjprhbh3YCmMrWCkNV4SM5
Re: Security cameras are getting smart -- and scary
-- On 14 Jan 2003 at 21:48, Tyler Durden wrote: > My thought was that James is some kind of Fed. I suspect > Chomsky is one guy they most don't want around these days. > His accusations on the Chomsky dis website were > technicalities and hair-splitting, even somantic. Liar: Chomsky claimed that : : such journals as the Far Eastern Economic Review, : : the London Economist, the Melbourne Journal of : : Politics, and others elsewhere, have provided : : analyses by highly qualified specialists who have : : studied the full range of evidence available, and : : who concluded that executions have numbered at most : : in the thousands But in fact the "at most" is Chomsky's lie, not present in the articles he cited. Someone who read the economist and the Far Eastern Economic Review at the time would rather have concluded that the death rate from brutality and mistreatment was many hundreds of thousands, likely over a million, and that the executions proabbly numbered at least a hundred thousand or so. According to Chomsky these highly qualified specialists also made :: repeated discoveries that massacre reports were :: false. Of course no such discoveries are to be found in the material he cites, and his article appeared shortly after the massacres reported by the refugees were devastatingly confirmed by when such a massacre occurred on the border. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Hbp33+OpO++a/lQY1xLV9c3yccNAe3n+c3apD50B 4tlZyjrzU1UNgJfno/6lepfIRPdedtsG1UAQ8tRVn
Re: Petro's catch-22 incorrect (Re: citizens can be named as enemy combatants)
--
On 18 Jan 2003 at 10:01, Kevin S. Van Horn wrote:
> The terrorists have made it pretty clear what their gripe
> with the U.S. Government is, and it has nothing to do with
> trade, the American lifestyle, or the elusive freedoms that
> Americans supposedly enjoy. It has everything to do with US
> troops stationed in nearly every country in the world
> (specifically, Saudi Arabia),
That was one indictment of many. Another indictment was the
crusades. Bin Laden seemed most strongly upset about the
reconquest of of what we call Spain, but which muslims call by
another name.
In the most recent communique (which may not be Osama Bin Laden
but his successor pretending to be him) he gave a Leninist rant
that the arabs are poor because the rich countries are rich,
espousing the Marxist argument that simply being a citizen of a
wealthy country is a crime deserving of death. This makes me
suspect that the original Bin Laden is now a grease smear on
some Afghan rocks, since the original Bin Laden was a
Heideggerean, and would spit on any Marxist unless that Marxist
was dying of thirst in the desert.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
sV5AglG+l7RX7GtAdr2sqFU4waW0+YXAMUKk12Nm
4LvMyqqmmLejQafyYLGOpTioRrPohNzS4GFkFqk6Y
Re: Atlas Shrugs in Venezuela
-- On 20 Jan 2003 at 7:20, Harmon Seaver wrote: > It's hard to tell from the US media reports what's really > going on. Is the "nation-wide strike" a strike of the workers > or just a lockout of the workers by the companies opposed to > Chaves? Given his popularity with the lower class, it's > difficult to understand why they would be striking against > him. It is a strike. You can tell by the fact that Chavez has been trolling poorer latin American countries, in particular Brazil, to recruit guest workers to do scab labor. However he recently discovered that many of these guest workers, though they theoretically have the skills of those they are supposed to replace, do not actually have the skills. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG kwfJU4cOdKICpZB82NV/SqXAxmw3TVvx9Mj+s73N 4qKieDYF+J3ghbatlXw9fpFG6hLJOwipHAEQ+/QjK
Re: Atlas Shrugs in Venezuela
-- Harmon Seaver: > > > Well, but only a strike of the executives and some > > > technicians. Not of the general workers. James A. Donald: > > When they bring out the army against the strikers as well > > as foreign scab labor, it is the workers. Harmon Seaver: >Nope, not a chance. Most of the people out on strike were >executives Then why the army? > It's pretty clear by now that last Spring's attempted coup > and the current strike was all engineered by the CIA and the > current whitehouse scum. Then why the army and the guest worker scab laborers? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG HF32U1ydzozTdZ6i7yRo/SgdkaZuGDrT5P2V9z6i 4YTrwmYIFejPLVEGKL7Y3nFQ6Mg+g07DVuTLLqTN2
Re: Atlas Shrugs in Venezuela
-- Harmon Seaver: > > > > > Well, but only a strike of the executives and some > > > > > technicians. Not of the general workers. James A. Donald: > > > > When they bring out the army against the strikers as > > > > well as foreign scab labor, it is the workers. Harmon Seaver: > > >Nope, not a chance. Most of the people out on strike > > >were executives James A. Donald: > > Then why the army? Harmon Seaver: >Why not the army? If it was only the executives and a handful of highly qualified specialists, you would not need the army. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG fQ/byy7jedqE9oGHEXqKrfXHoCvauj3bVa72KMSa 4PWFvnoRJp9TevLqmWauGP6Xq+IgM3/kHhET6aqGD
Re: Atlas Shrugs in Venezuela
-- On 23 Jan 2003 at 9:48, Harmon Seaver wrote: > On Wed, Jan 22, 2003 at 09:38:47AM -0800, James A. Donald > wrote: > > > > If it was only the executives and a handful of highly > > qualified specialists, you would not need the army. >Of course you would. Look, once again, this isn't a normal >"strike", this is > a conspiracy of traitors working with an evil foreign power > to overthrow a legitimate government. Perhaps they are exercising their will over the facilities of production and distribution by CIA microwaves beamed into people's brains :-) > Don't we all know that that CNN, et al, are going to do > everything possible to minimize an anti-corporate leader? No, we do not know that. Recall "live from Baghdad". Recall Ted Turner's declaration that he is a socialist. Radosh lists him as one of his fellow radicals. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 9oeXHSnCgD5NmMmb8PrREjcnC1LEpeQCYyDS5ef2 4cnSq5ZshJsZCa5hpwa9OJurd0GHVS0jozg8GR8Na
Re: Palm Pilot Handshake
-- On 28 Jan 2003 at 20:54, Tyler Durden wrote: > Yo! Anyone out there in codeville know if the following is > possible? > > I'd like to be able digitally "shake hands" using a Palm > Pilot. Is this possible? > > What I mean is, Let's say some disgruntled and generic > crypto-kook (let's call him, say,...'Tyler Durden') has been > signing his (tiring) cyber-missives with a public key. > > And now let's say there's some guy at a party claiming to be > that very same Tyler Durden, but you're not so sure (this > real-life Tyler Durden is WAY too much of an obvious > chick-magnet to be the same guy that posts on the Internet). > BUT, you happen to have your Palm Pilot(TM), and so does he. > So you both both engage the little hand-shaking app on your > PP (using Tyler Durden's public key) and there's > verification. Yep. Same dude. (You then procede to prostrate > yourself before this obvious godlet, stating "I'm not worthy, > Sire".) This can be done without a palm pilot. Normally the flesh and blood Tyler Durden would reveal knowledge of information sent encrypted to the net Tyler Durden, or vice versa. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG +OfNblhcCuKIKF5MFg7gpgfNLhp99TtnhvtpjA6D 4yJKSl2sqFg6P1vGn5ClsKRon31LJE1uCGdVuiQEE
Re: CDR: US health care,a winner for Hillary in 04?
On 28 Jan 2003 at 19:46, Marc de Piolenc wrote: > PS - the infant mortality statistics are bogus; they are a > record-keeping artefact. Other countries (notably Sweden, to which the > USA is always being compared) don't "count" a child as born until it > has reached a certain age (three weeks in Sweden). Guess when most > infant deaths occur? Interesting datum. Could you give a source for this. If true, needs wide publicity, since we web search for "infant mortality" and Sweden gives a zillion hits, all saying what you would expect.
Re: the news from bush's speech...H-power
-- On 30 Jan 2003 at 11:31, Eugen Leitl wrote: > I'm not arguing pro strong state. I'm merely saying that the > tax funded ivory tower R&D is complementary in scope to > privately funded research. If 95% of it is wasted (and > lacking libertarian drive in Euland it's bound to stay that > way for quite a while), it's still nice to see a percent or > two to go into bluesky research. You will notice a disproportionate amount of blue sky research comes from countries that are highly capitalist. Thus Switzerland is roughly comparable to Sweden in size and wealth, but we see quite a bit of blue sky research coming out of Swizterland, not much from Sweden. Since blue sky research is a public good, only governments can efficiently produce blue sky research. Does not follow, however, that governments *will* efficiently produce blue sky research, and on the available evidence, they do not. There are several mechanisms that lead companies to produce and publish interesting data -- one is to make a name for themselves, as in the human genome project, another his that they like to employ scientists that have published interesting research findings, which means that their scientists want to publish interesting research findings. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG vj9XFJICkQyBZHtzNbSmc+aK6sW4+dfeCW2jBsxp 4SNzRPDCqDY1oqcXuKPS207CG2oaSOsRAObNR7CKl
Re: the news from bush's speech...H-power
--
On 30 Jan 2003 at 12:16, Harmon Seaver wrote:
> I'll have to find the studies, but it was the same oil
> geologists (not enviros) who used the same model to
> accurately predict the peak of US oil production who did the
> one on world oil production.
Not true.
Rather, what happened is that there have been thousands of
overly pessimistic estimates, and one overly optimistic
estimate for US oil production (an over reaction to past low
side errors) , and everyone who makes implausibly pessimistic
estimates for world oil production likes to associate
themselves with those who disagreed with the one overly
optimistic estimate -- but the association is thin.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
8af9YKuTzIfi6eW+kuKC5iSQr1ItRdPJmiiqa7oK
40um9WOOe1GxHnczql5Bykr/viCnjY0+DHauSAK8v
Re: the news from bush's speech...H-power
-- On 29 Jan 2003 at 21:08, Tyler Durden wrote: > That's not to say it can't happen in other environments, but > it seems to unfold very differently in, say, China or the > USSR (which actually has contributed lots of technological > and scientific ideas to the world). What little they have contributed has been entirely weapons related. >But none of them have benefited $$$-wise (nor has the pace > been nearly as fast) as in the US. > > Meanwhile, regulations and governments can give some > industries a head start, particularly if a "jungle" already > holds a nice warm niche for the output of those industries. > Thus Sematec helped US semiconductors to roar back from the > brink of extinction, Sematec was a boondoggle and complete failure and the buying up (and > subsequent dismantling) of lite rail systems in the LA basin > in the 30s and 40s apparently had a major impact on the > rollout of vehicles Might we have seen much better public > transportation in that area if this capitalist coup-d'etat > hadn't occurred? Public transport received, and continues to receive enormous subsidies. > The moon shots did apparently accelerate the development of > semiconductors. No they did not. > > (A side note should be made here about the fact that some > technologies have a very high activation energy > barrier...without a very intensive amount of capital, they > can't happen. Indeed, aren't we nearly at that point with > sub-0.13um technology? It is possible that further advances > just won't be possible without direct or indirect government > funding.) We are switching to direct contact methods, which will be cheaper. Gutenburg instead of photocopying. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG VKCnpakdLzFyrcBpgv0iSDG+sVotQDZ4KYseulLm 4ONCsZY4ADmP8p1dtPtY0srxJ4ZtKXxsplnujQ1HU
Re: the news from bush's speech...H-power
-- > These geologists very accurately predicted the peaking of oil > production in the US, Completely false. "These geologists" are not Hubbert, nor did they very accurately predict the peaking of oil in the US, nor do they use Hubbert's methodology, though they claim to. Rather, they are people who would like to associate themselves with Hubbert "these geologists" are not the successors to Hubbert, but the successors to "LImits to Growth", and "the club of Rome", who predicted total exhaustion of oil supplies and ensuing economic collapse in the 1980s. Hubbert estimated the amount of oil remaining from the logistic curves. Those who claim to be his successors assert that there is X amount of oil remaining, and then fit the logistic curve to match X. That is the club of rome technique, which is the opposite of the Hubbert technique. Hubbert predicts oil reserves from observed success in finding oil. Doomsayers predict failure to find oil from alleged oil reserves. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG C9e+ZUPyVGI4wbdMUNNKXWkQWaRXRTL/Nu+zv66g 4tjmevo5q83abI8gkC1baI1odUsQH0a8O86Tquf+1
Why there is no anonymous e-cash
As I predicted, transactions are increasingly going on line. And as Hettinga predicted, the more anonymous and irreversible the transaction service, the cheaper and more convenient its services. All happening as predicted. So why don't we have anonymous chaumian cash by now? Because, the more anonymous and irreversible its services, the more fraudsters use it to convert other people's bank accounts, obtained by phishing, into usable money. Why don't we have anonymous e-cash? - because IE and outlook express are full of massive security holes, and because people are idiots. Observe Tim May, who mistook e-gold phishing spam mail for the real thing. Well, not so much that people are idiots, but that we still have not got a satisfactory security model that adequately accommodates human factors.
Re: Email tapping by ISPs, forwarder addresses, and crypto proxies
-- On 23 Jul 2004 at 12:40, Thomas Shaddack wrote: > Depends on whom. Often the money are the main motivation. Of > course, your own country won't pay you as well as the other > one, and will try to appeal to your "patriotism" like a bunch > of cheapskates - it's better to be a contractor. The Soviet Union was notorious for absurdly low pay, yet had no difficulty getting lots of servants. It cultivated a sense of identification. The CIA would give you a crate of money, a crate of guns, and some say a crate of cocaine. but the KGB would ask about your dental problems and arrange for a free dental appointment. If you were a key scientist or something, rather than just some regular guy, they would discover your sexual tastes or your tastes in art and send around a girl or boy to suite, or some art that probably could not be obtained by mere money, or perhaps a boy carrying some art. To the best of my knowledge no one EVER got any decent sized cash payment from the Soviet Union for any act of treason, no matter how crucial. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG TKc9QQNccF421kjpfih8YdB96RpYw17p3sjofelQ 4yBG3NNFrBGZu5Zy/GwjHsjbhkfnJhmOU2OYDAyFn
Re: "...Hold still for the camera, Mehdi..."
--
On 10 Aug 2004 at 17:49, R. A. Hettinga wrote:
> <http://www.aljazeera.net/news/arabic/2004/8/8-6-13.htm>
>
> Al Sadr got himself a laminator. His goons, er, freedom
> fighters, have ID's now.
>
> Skip the arabic, notice the guy on the left in the first pic.
Presumably the IDs do not display true names, but Sadr
presumably has a database linking true names to ID tags.
Of course, should that database fall into US hands, his entire
organization is screwed.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
coAqlKplZQKw8k99OLGi4iC3tOe5nfoJXWb5ZXw1
4QGY4ri/TnUJjaPX8H30E7LUk0rLUXRrhVVIcT1D+
Re: Wired: Attacking the 4th Estate
-- On 25 Aug 2004 at 10:16, Sunder wrote: > Sure, you say, no such act exists. But Ashcroft himself once > testified that bellyaching over what he called "phantoms of > lost liberty" only serves to "aid terrorists" and "give > ammunition to America's enemies." And recently FBI agents > attempted to intimidate political activists by visiting them > at their homes to warn about causing trouble at the upcoming > Republican convention. Ashcroft is pretty good compared to recent Attorney generals. Under Reno, political extremists were not asked threatening questions. They were apt to get their dog shot, their son shot, their baby shot in its mother's arms, etc. If unpleasant people with intimidating questions was the worst menace to our liberty, we would be in mighty good shape. Ashcroft has completely failed to enforce all the "Child protection" legislation that congress passed against the internet - which makes him the nearest thing to a friend of liberty as you are likely to find in Washington. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Mluq4gPKwTGMErQREoTDh8saWV7wEzjSVjNf6113 4ydEMtkhYfG6Q30GRB2AWjgyE/a40DE7VIEdxVgD2
Re: Remailers an unsolveable paradox?
-- On 4 Sep 2004 at 21:50, Nomen Nescio wrote: > The ratio of remailer use to abuse is painfully low because > there's no way to actually communicate. You can broadcast but > not recieve, because no system exists to receive mail > psuedononymously. This is not communication. > > Remailer use is restricted to when senders don't care about > listener, which means rants, death threats, and the abuse > of spam. The only systems for receiving mail are at best some > college student's unimplemented thesis. alt.anonymous.messages provides a channel for people who wish to receive messages without themselves being identified. If I want to receive a message without providing and email address that can be traced, I ask the recipient to post in in the newsgroups such as alt.anonymous.messages. For obvious reasons people who read alt.anonymous.messages, or think they might need to read it in the future, download the newsgroup in its entireity. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG fzparMQ1YGMHFGGQ4eabvrdbfX3oQPnGSeUNNkuX 4UV3sPQUJdBwqav34D5pBXRBNtLg+GX5dxE+YM5P8
Re: "Forest Fire" responsible for a 2.5mi *mushroom cloud*?
--
On 13 Sep 2004 at 12:50, Major Variola (ret) wrote:
> When I was a teen I would save the instant-cold packs after
> soccer games, and recrystalize the AN within. It melts and
> gives off bubbles but I never collected enough N20 nor did it
> detonate.
You need a lot of heat to detonate AN, but I have never failed
to detonate it. Perhaps your stuff was contaminated with water
or stabilizer, or perhaps you need a better flame.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
fi2djYWevOtkRUevhH2YeK5Q2byRVZ/KV1oTz6Kw
4wBDsSosJ6pBM+R7BpJsx2B+Bj//NSN+TD64XPR4S
