Anonymous transactions and controlled nymity transactions.
-- In a strictly anonymous transactions one cannot prove that there was any agreement to pay, or any payment, to anyone in particular. For many purposes, what one wants is transactions with controlled nymity, where Alice can prove she paid Bob such and such an amount, in accordance with such and such an agreement, but does not need to reveal every payment to the bank in order to prove this for the on payment that goes wrong. Strictly anonymous transactions work well for small payments that are frequently repeated. Because the payments are small, tracking identity is a burdensome overhead, and if the payer does not get what he wants, he merely wanders off elsewhere. Pornography, on the model of those machines where one keeps inserting quarters to keep the video rolling, or interactive pornography, where one makes ad hoc payments to the performers, are good applications for strictly anonymous payments. However there are many applications, some of them more respectable and perhaps larger volume, where controlled nymity is appropriate. One important such application is the gray market. Usually the payer wishes to conceal his real identity from the recipient, and also does not wish anyone to know that there has been a transaction between payer and supplier. Goods on the gray market are gray for a variety of reasons. Sometimes, like straying wives or husbands, businesses are making deals they do not wish major customers or suppliers to find out about. The gray market softly shades into the black market. There are deals that are not exactly illegal, but which the parties would prefer the government not to find out about. For example the government often restrains businesses from cutting prices, or forcefully encourages them to maintain prices at an artificially high level. Undue price cuts might be penalized as dumping, as unfair competition, and so on and so forth. For example exporters are generally required to participate in export cartels, which they tend to ignore. A german company selling goods in the US too cheaply is likely to be punished by German authorities for unfairly competing with other german firms, and by US authorities as "dumping". A US firm selling goods too cheaply in the US might be harassed by the justice department for "predation". To perform a transaction with controlled nymity, as is required to support gray market transactions, I propose the following mechanism. Buyer and seller make a deal, perhaps on a website like EBay where they are identified by handles. They agree to a delivery contact. The payee registers the transaction with the money issuer, the registration consisting of a hash code of the contract the amount to be paid, and a transient public key. The payer deposits Chaumian coins to the required amount to the transaction record, creating a public record that the contract has been paid, though by whom and to whom does not become known unless the contract corresponding to the hash code is made public, and not necessarily even then, since the parties to the contract are identified by handles, with reputations associated with the handles, as at Ebay. The payee then withdraws the coins, encrypted using the public key associated with the contract, a process that creates no traceable connection between the handle and supplier and beneficiary. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG iuj6pa04sjBj2fp2icqR6W+6S28KntHqmFQRF5C3 47uanT19FGKI5xy+444UTEU6MHx2MA1RyK62LpuyT
[OT] why was private gold ownership made illegal in the US?
-- On 3 Jul 2002 at 2:36, Anonymous wrote: > At the time, the U.S. faced a significant chance of a > Communist/Socialist revolution such as had been seen in several > other countries. Class warfare was widespread, The high point of support for socialism among the masses in the US was the 1870s, give or take a couple of decades. By 1900 socialists around the world had given up all hope of genuinely revolutionary seizure of power, and were pursuing conspiratorial paths. The 1930s was the high point of support for socialism among the intellectuals, the privileged, and the elite. Their efforts to foist their preferences on the American masses met with resounding hostility and reluctance. Not only was there no danger of a socialist revolution, in the US or anywhere else, but in the US the leadership's attempts to force socialism down peoples throats met stubborn resistance. There was more mass support for socialism in other countries, but no socialist revolutions in those countries, nor any danger of such revolt. There were socialist coups, and conspiratorial seizures of power by socialists in other countries. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 3x+jv+MnH33X3HSDdYMeLIgT55+H4ekUhpOMDJDS 2vKGDwf7SNzlVqX8Hi5qcbp51h1c6SSx0sz6gRDeI
Re: Hollywood Hackers
-- On 29 Jul 2002 at 14:25, Duncan Frissell wrote: > Congressman Wants to Let Entertainment Industry Get Into Your > Computer > > Rep. Howard L. Berman, D-Calif., formally proposed > legislation that would give the industry unprecedented new > authority to secretly hack into consumers' computers or > knock them off-line entirely if they are caught > downloading copyrighted material. > > I've been reading things like this for a while but I wonder how > practical such an attack would be. They won't be able to hack > into computers with reasonable firewalls and while they might > try DOS attacks, upstream connectivity suppliers might object. > Under current P2P software they may be able to do a little > hacking but the opposition will rewrite the software to block. > DOS attacks and phony file uploads can be defeated with digital > signatures and reputation systems (including third party > certification). Another problem -- Napster had 55 million > customers. That's a lot of people to attack. I don't think > Hollywood has the troops. The plan, already implemented, is to flood file sharing systems with bogus files or broken files. The solution, not yet implemented, is to attach digital signatures to files, and have the file sharing software recognize certain signatures as good or bad. This involves scaling problems that have not yet been thought through or implemented. As files get copied around, they would accrete ever more digitally signed blessings. The signatures should be arbitrary nyms, as in Kong, not true names. The files could also accrete digitally signed discommendations, though such files would probably propagate considerably less. When we approve a file, all the people who approved it already get added to our trust list, thus helping us select files, and we are told that so and so got added to our list of people who recommend good files. This gives people an incentive to rate files, since rating files gives them the ability to take advantage of other people's ratings. If onr discommendd a file, those who discommend it are added to our trust list, and those who commended it to our distrust list. If, as will frequently happen, there is a conflict, we are told that so and so commended so many files we like, and so many files we dislike, so how should future commendations and discommendations from him be handled. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG /q4tip27WhKCNEPO0JVoN0d2y8NqKSNyWSZ2yo8T 2mpKzWKpHGt5yFiUzlZZD//qHoWgv8n1ZFJzoJ2l9
Re: Challenge to David Wagner on TCPA
-- On 29 Jul 2002 at 15:35, AARG! Anonymous wrote: > both Palladium and TCPA deny that they are designed to restrict > what applications you run. The TPM FAQ at > http://www.trustedcomputing.org/docs/TPM_QA_071802.pdf reads > They deny that intent, but physically they have that capability. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG ElmZA5NX6jAmhPu1EDT8Zl7D+IeQTSI/z1oo4lSn 2qoSIC6KSr2LFLWyxZEETG/27dEy3yOWEnRtXzHy9
Re: Hollywood Hackers
-- On 31 Jul 2002 at 11:01, Eugen Leitl wrote: > The issue of node reputation is completely orthogonal to the > document hashes not colliding. Reputation based systems are > useful, because document URI > http://localhost:4711/f70539bb32961f3d7dba42a9c51442c1218a9100 > doesn't say what's in there. A claim needs to be backed by > someone (preferably anonymous) with a good reputation trail. Indeed, but the only working nym based reputation system is that hosted by Ebay. Web of trust is not really used much, and Verisign sucks. My proposal was to implement a nym based reputation system for approving content, rather than to assume such a system already exists. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG n2qkcxSdV2kJT9y6SyQ2iP7hz+Loj0n1HsBec+jV 2F6qbHlOzuO9Od/r5ZvGa0vDhRSmH/+EjFcQI8Wtc
Re: Challenge to David Wagner on TCPA
-- 29 Jul 2002 at 15:35, AARG! Anonymous wrote: > > > both Palladium and TCPA deny that they are designed to > > > restrict what applications you run. James A. Donald: > > They deny that intent, but physically they have that > > capability. On 31 Jul 2002 at 16:10, Nicko van Someren wrote: > And all kitchen knives are murder weapons. No problem if I also have a kitchen knife. TCPA and Palladium give someone else super root privileges on my machine, and TAKE THOSE PRIVILEGES AWAY FROM ME. All claims that they will not do this are not claims that they will not do this, but are merely claims that the possessor of super root privilege on my machine is going to be a very very nice guy, unlike my wickedly piratical and incompetently trojan horse running self. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG XQHdtzqDInBFsDcorfDvqJYRHTRhEBsM9eMJIH+w 2+o4WjsTSV8RDUO7k3c71T9v9JQKwZGZC54BqW6DQ
Re: Hollywood Hackers
-- James A. Donald: > > The plan, already implemented, is to flood file sharing > > systems with bogus files or broken files. The solution, not > > yet implemented, is to attach digital signatures to files, and > > have the file sharing software recognize certain signatures as > > good or bad. Eugen Leitl > This is completely unnecessary if you address the document with > a cryptohash. An URI like > http://localhost:4711/f70539bb32961f3d7dba42a9c51442c1218a9100 > can only adress a particular document. And then the hollywood hackers flood the system with bogus descriptions of the content identified by the crypto hashes. We still need to implement a reputation system against a hollywood hacker attack, even if we address content by cryptohash, as indeed we should. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG MZ8I0lLVaSkDBqA1K8OWTh4DR9ESyzcVVpf1x4pT 259CijIJardotArHx0YBUaCUfOceX+5jOYxtQ+fXi
Re: Challenge to David Wagner on TCPA
-- On 31 Jul 2002 at 23:45, AARG! Anonymous wrote: > So TCPA and Palladium "could" restrict which software you could > run. They aren't designed to do so, but the design could be > changed and restrictions added. Their design, and the institutions and software to be designed around them, is disturbingly similar to what would be needed to restrict what software we could run. TCPA institutions and infrastructure are much the same as SSSCA institutions and infrastructure. According to Microsoft, the end user can turn the palladium hardware off, and the computer will still boot. As long as that is true, it is an end user option and no one can object. But this is not what the content providers want. They want that if you disable the Fritz chip, the computer does not boot. What they want is that it shall be illegal to sell a computer capable of booting if the Fritz chip is disabled. If I have to give superroot powers to Joe in order to run Joe's software or play Joe's content, fair enough. But the hardware and institutions to implement this are disturbingly similar to the hardware and institutions needed to implement the rule that I have to give superroot powers to Joe in order to play Peter's software or content.. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG FQhKMpDHys7gyFWenHCK9p7+Xfh1DwpaqGKcztxk 20jFdJDiigV/b1fmHBudici59omqc/Ze0zXBVvQLk
Re: Challenge to David Wagner on TCPA
-- On 2 Aug 2002 at 0:36, David Wagner wrote: > For instance, suppose that, thanks to TCPA/Palladium, Microsoft > could design Office 2005 so that it is impossible for StarOffice > and other clones to read files created in Office 2005. Would > some users object? In an anarchic society, or under a government that did not define and defend IP, TCPA/Palladium would probably give roughly the right amount of protection to intellectual property by technical means in place of legal means. Chances are that the thinking behind Palladium is not "Let us sell out to the Hollywood lobby" but rather "Let us make those !@#$$%^& commie chinese pay for their *&^%$##@ software". Of course, in a society with both legal and technical protection of IP, the likely outcome is oppressive artificial monopolies sustained both by technology and state power. I would certainly much prefer TCPA/Palladium in place of existing IP law. What I fear is that instead legislation and technology will each reinforce the other. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG R66NXPp5xZNDYn98jcVqH5q22ikRRFR3evv5xfwF 2PNka92tYm9+/iBKaR+IcOoDA8BwXZlwcPD18Ogw8
RE: Challenge to David Wagner on TCPA
-- On 2 Aug 2002 at 3:31, Sampo Syreeni wrote: > More generally, as long as we have computers which allow data to > be addressed as code and vice versa, the ability to control use > of data will necessarily entail ability to control use of code. > So, either we will get systems where circumventing copyright > controls is trivial or ones where you cannot compile your own > code. All the rest is just meaningless syntax. The announced purpose of TCPA/Palladium is to introduce some intermediate cases. For example you could compile your own code, and then encrypt it so that it can only run on a specific target computer. As somone who sells code, I would think this would be a great idea, were it not for the excesses we have been seeing from the IP lobbyists. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG iB5WVaGfx+zq5Dani1KQGdZIU5Kl21LDrc7w4e1m 2PoKhj2EuUKqjKlZ/RN3VXdP0TFKxmpO/rR69KupZ
TCPA
-- In an anarchist society, or in a world where government had given up on copyright and intellectual property, TCPA/Palladium would be a great thing, a really good substitute for law, much more effectual, much cheaper, and much less dangerous than law. In a world where we have anticircumvention laws and ever growing patent and copyright silliness, it seems a dangerously powerful addition to law. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 6FaJusAR8fMsVvaFm9l3vbuyiQwio/YrBFLpyT6c 2Db/Fk0MeNi3mjdoDTo2IGzHeelYts0/xqiEjUFmA
RE: Challenge to David Wagner on TCPA
-- On 2 Aug 2002 at 10:43, Trei, Peter wrote: > Since the position argued involves nothing which would invoke > the malign interest of government powers or corporate legal > departments, it's not that. I can only think of two reasons why > our corrospondent may have decided to go undercover... I can think of two innocuous reasons, though the real reason is probably something else altogether: 1. Defending copyright enforcement is extremely unpopular because it seemingly puts you on the side of the hollywood cabal, but in fact TCPA/Paladium, if it works as described, and if it is not integrated with legal enforcement, does not over reach in the fashion that most recent intellectual property legislation, and most recent policy decisions by the patent office over reach. 2.. Legal departments are full of people who are, among their many other grievious faults, technologically illiterate. Therefore when an insider is talking about something, they cannot tell when he is leaking inside information or not, and tend to have kittens, because they have to trust him (being unable to tell if he is leaking information covered by NDA), and are constitutionally incapable of trusting anyone. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Alf9R2ZVGqWkLhwWX2H6TBqHOunrj2Fbxy+U0ORV 2uPGI4gMDt1fTQkV1820PO3xWmAWPiaS0DqrbmobN
RE: Challenge to David Wagner on TCPA
-- On 2 Aug 2002 at 14:36, Trei, Peter wrote: > OK, It's 2004, I'm an IT Admin, > and I've converted my corporation over to TCPA/Palladium machines. My > Head of Marketing has his TCPA/Palladium desktop's hard drive > jam-packed with corporate confidential documents he's been actively > working on - sales projections, product plans, pricing schemes. > They're all sealed files. > > His machine crashes - the MB burns out. > He wants to recover the data. > > HoM: I want to recover my data. > Me: OK: We'll pull the HD, and get the data off it. > HoM: Good - mount it as a secondary HD in my new system. > Me: That isn't going to work now we have TCPA and Palladium. > HoM: Well, what do you have to do? > Me: Oh, it's simple. We encrypt the data under Intel's TPME key, > and send it off to Intel. Since Intel has all the keys, they can > unseal all your data to plaintext, copy it, and then re-seal it for > your new system. It only costs $1/Mb. > HoM: Let me get this straight - the only way to recover this data is > to let > Intel have a copy, AND pay them for it? > Me: Um... Yes. I think MS might be involved as well, if your were > using > Word. > HoM: You are *so* dead. Obviously it is insane to use keys that you do not yourself control to keep secrets. That, however, is not the purpose of TCPA/Palladium as envisaged by Microsoft. The intent is that Peter can sell Paul software or content that will only run on ONE computer for ONE time period.. When the motherboard emits blue smoke, or the time runs out, whichever happens first, Paul has to buy new software. If prices are lowered accordingly, this might be acceptable. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 4Mqj1ia6DD0EYpdLMEd7al35eTYefnvhcFesBlMz 25n9obdfhvRVxEkY4YtWw7BuFxrOKgTtfI1Dp8uAA
Re: Other uses of TCPA
-- On Sat, 3 Aug 2002, Nomen Nescio wrote: > As an exercise, try thinking of ways you could use TCPA to > promote "good guy" applications. What could you do in a P2P > network if you could trust that all participants were running > approved software? And if you I can only see one application for voluntary TCPA, and that is the application it was designed to perform: Make it possible run software or content which is encrypted so that it will only run on one computer for one time period. All the other proposed uses, both good and evil, seem improbably cumbersome, or easier to do in some other fashion. There are quite a few extremely evil uses it would be good for, but they would only be feasible if enforced by legislation -- otherwise people would turn the chip off, or tear it out. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Hzs0OpVc+bwQiFEZnMNE2zMLAXiYjMNrOWpH9WIb 2vvlvOjPeQH/ua0E9NnfeVaLvRGnxGuIvKZGcMZdN
Re: Other uses of TCPA
-- James Donald writes: > > I can only see one application for voluntary TCPA, and that is > > the application it was designed to perform: Make it possible > > run software or content which is encrypted so that it will > > only run on one computer for one time period. On 3 Aug 2002 at 20:10, Nomen Nescio wrote: > You've said this a few times, and while it is a plausible goal > of the designers, I don't actually see this specific capability > in the TCPA spec, nor is it mentioned in the Palladium white > paper. Think about it. > For TCPA, you'd have to have the software as a blob which is > encrypted to some key that is locked in the TPM. But the > problem is that the endorsement key is never leaked except to > the Privacy CA (Lots of similarly untintellible stuff deleted) You have lost me, I have no idea why you think what you are talking about might be relevant to my assertion. The TPM has its own secret key, it makes the corresponding public key widely available to everyone, and its own internal good known time. So when your customer's payment goes through, you then send him a copy of your stuff encrypted to his TPM, a copy which only his TPM can make use of. Your code, which the TPM decrypts and executes, looks at the known good time, and if the user is out of time, refuses to play. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 8QGEo4ptd7TD5d7duyz9XkOw+th0YEG9sllM8ix 2P2uZVncMpARxQd6P5V9cXLh97ZLpgi0tHH7LyVfB
Re: On alliances and enemies.
-- On 8 Aug 2002 at 13:09, cubic-dog wrote: > For the purpose of this argument, lets accept as fact this > Hollywood/gubbmint alliance. So, why wouldn't Bill & Co want to > play? A big bureaucracy has a lot of inertia. It wants to do what it always has been doing, it gets set in its ways. If the internet and consumer computers are mandated to be like TV, the TV people will wind up in charge, and Microsoft will not wind up in charge. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG OrPfArPJfauYoxApR4gFvBiF/ejwrZGskzoVEQJt 2QHCPliH2SKXP0eaVWlIy65Nye07RsyZOo8xbrIAA
Re: Challenge to TCPA/Palladium detractors
-- On Wed, 7 Aug 2002, Matt Crawford wrote: > > Unless the application author can predict the exact output of > > the compilers, he can't issue a signature on the object code. > > The On 9 Aug 2002 at 10:48, Eugen Leitl wrote: > Same version of compiler on same source using same build > produces identical binaries. This has not been my experience. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG vP+cB8hTnaqPfAtiGlYdo9QuJCpq884ER6Mo+F9m 2SkruXvZexqOoTAk6QuWuruF5x4fT0Rq4v/YSxLAt
Re: TCPA/Palladium -- likely future implications
-- On 9 Aug 2002 at 17:15, AARG! Anonymous wrote: > to understand it you need a true picture of TCPA rather than the > false one which so many cypherpunks have been promoting. As TCPA is currently vaporware, projections of what it will be, and how it will be used are judgments, and are not capable of being true or false, though they can be plausible or implausible. Even with the best will in the world, and I do not think the people behind this have the best will in the world, there is an inherent conflict between tamper resistance and general purpose programmability. To prevent me from getting at the bits as they are sent to my sound card or my video card, the entire computer, not just the dongle, has to be somewhat tamper resistant, which is going to make the entire computer somewhat less general purpose and programmable, thus less useful. The people behind TCPA might want to do something more evil than you say they want to do, if they want to do what you say they want to do they might be prevented by law enforcement which wants something considerably more far reaching and evil, and if they want to do it, and law enforcement refrains from reaching out and taking hold of their work, they still may be unable to do it for technical reasons. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG D7ZUyyAS+7CybaH0GT3tHg1AkzcF/LVYQwXbtqgP 2HBjGwLqIOW1MEoFDnzCH6heRfW1MNGv1jXMIvtwb
Re: Thanks, Lucky, for helping to kill gnutella (fwd)
-- On 10 Aug 2002 at 16:25, R. A. Hettinga wrote: > [Ob Cypherpunks: Seriously, folks. How clueful can someone be > who clearly doesn't know how to use more than one remailer hop, > as proven by the fact that he's always coming out of the *same* > remailer all the time? The fact that he uses a constant exit remailer does not show that he is using a single hop. I always come out of the same remailer at the end, even though I always use about three randomly selected remailers between myself and the constant exit remailer. I always select the same end remailer to avoid confusing the audience, and I selected a less used exit remailer for the same reason. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG c3w9s36+CG9NnfBCbV9lBPm1GKPtff16r/hBMRj2 2ZIqRKb9UCTCvlWhGVeGUb1eknPEG0ynX12OrTTXM
Re: [CI] Re: Turing thesis(Incompleteness theorom)
-- On 11 Aug 2002 at 10:36, Jim Choate wrote: > All Godel really says is that math, physics, etc. must be taken > on -faith- with regard to 'consistency'. In other words, > 'science' is just another 'religion'. Choate's universe is a very strange place. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG g1mLlIzuFgLbXoOJFMHUW25JFxvX68MxJVBaw2T9 2CyHwAWleXXEw7dAtv/o5PkeHz4+rp/NEMJFQPNfd
Re: TCPA and Open Source
-- On 13 Aug 2002 at 0:05, AARG! Anonymous wrote: > The point is that while this is a form of signed code, it's not > something which gives the TPM control over what OS can boot. > Instead, the VCs are used to report to third party challengers > (on remote systems) what the system configuration of this system > is "supposed" to be, along with what it actually is. It does however, enable the state to control what OS one can boot if one wishes to access the internet. It does not seem to me that the TPM is likely to give hollywood what it wants, unless it is backed by such state enforcement. Furthermore, since the TPM gets first whack at boot up, a simple code download to the TPM could change the meaning of the signature, so that the machine will not boot unless running a state authorized operating system. It could well happen that TPM machines become required to go on the internet, and then later only certain operating systems are permitted on the internet, and then later the required operating system upgrades the TPM software so that only authorized operating systems boot at all. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG H/t91jm8hq5pLR2AdFYi2lRoV9AKYBZ7WqqJmKFe 2/IFQaW0fl6ec+TL3iMKMxD6Y0ulGDK7RwqTVJlBQ
Re: Seth on TCPA at Defcon/Usenix
-- On 12 Aug 2002 at 20:38, Mike Rosing wrote: > I'm actually really confused about the whole DRM business > anyway. It seems to me that any data available to human > perceptions can be duplicated. Period. The idea of DRM (as I > understand it) is that you can hand out data to people you don't > trust, and they can't copy it. To me, DRM seems fundamentally > impossible. To me DRM seems possible to the extent that computers themselves are rendered tamper resistant -- that is to say rendered set top boxes not computers, to the extent that unauthorized personnel are prohibited from accessing general purpose computers. To me, TCPA only makes sense as a step towards some of the more monstrous outcomes that have been suggested by myself and others on this list. It does not make sense as a final destination, but only as a first step on a path. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG xnGldvXqRQB8PKwYfVNs7FqNlzHkJtffm/JPsWY9 2NZkA77opkyGpXY+3+uMUIXDusHs6+ZgOeCu7YXgJ
Re: trade-offs of secure programming with Palladium (Re: Palladium: technical limits and implications)
-- On 12 Aug 2002 at 16:32, Tim Dierks wrote: > I'm sure that the whole system is secure in theory, but I > believe that it cannot be securely implemented in practice and > that the implied constraints on use & usability will be > unpalatable to consumers and vendors. Or to say the same thing more pithily, if it really is going to be voluntary, it really is not going to give hollywood what they want. If really gives hollywood what they want, it is really going to have to be forced down people's throats. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG q/bTmZrGsVk2BT9JgumhMqvjDmyIbiElvtidl9aP 2/0CXfo6fzHCxpa+SX8o8Jzvyb71S0KzgBs0gDRhN
Re: Spam blocklists?
-- On 14 Aug 2002 at 4:36, Peter Fairbrother wrote: > For instance, limiting the number of recipients of an email > (the cryptogeek system I'm working on [m-o-o-t] just allows > one), or limiting the number of emails one IP can send per > day (adjusted for number of users). > > There was an EU proposal to force spammers (who are not > always unwanted) to put [ADV] in the Subject: line, with > appropriate penalties if they failed to, but it didn't happen > (and we got long-term traffic data retention instead). > > I don't know offhand how to do it, but having unelected and > unaccountable people (making the conditions for) stopping my > email is unacceptable. Solution is obvious and has been known for a long time Integrate payment with email. If anyone not on your approved list wants to send you mail, they have to pay you x, where x is a trivial sum, say a cent or two. Spammers wind up sending huge amounts of mail to unmonitored mailboxes, which will make spamming unprofitable. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG DIY+MmmrLQhijrJvvUennc4PKuW3ydzF1s8Phfvc 2thHL52WvLYLBuy1gMvfbs8U1toNuUIIWvvhnySCw
Re: TCPA not virtualizable during ownership change
-- On 15 Aug 2002 at 15:26, AARG! Anonymous wrote: > Basically I agree with Adam's analysis. At this point I > think he understands the spec equally as well as I do. He > has a good point about the Privacy CA key being another > security weakness that could break the whole system. It > would be good to consider how exactly that problem could be > eliminated using more sophisticated crypto. Lucky claims to have pointed this out two years ago, proposed more sophisticated crypto, and received a hostile reception. Which leads me to suspect that the capability of the powerful to break the system is a designed in feature. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG JjoH8U8qZ1eOdT/yGjfV7Xz9andBZPeYWaOLC+NP 2/OJG2MZSnAqcyuvUsNZTsQAcffGGST6LJ7e9vFbK
Re: onsite service on Sealand
-- On 27 Aug 2002 at 13:36, Ryan Lackey wrote: > If a customer hypothetically calls and wants a complete > security analysis done on a server, and doesn't follow the > "replace the drives in the working system with new ones, do a > restore from snapshot or reinstall, and do anaysis later" > option, we're not responsible for any delays. A little while ago, it seemed that cypherpunks was dead. There was nothing on it except for spam from Nigeria, commies, and lunatics. Now I am reading email from various people who appear to be making their living using cryptography in ways that undermine the state, and who deal with the various practical real world problems involved in such a living. I find these troubles very encouraging. The fact that people encounter such predictable troubles shows they are really doing what they talk about, and when they encounter these problems, they seem to proceed with competent and effectual solutions. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG HcJC+F+nHfocXB5cx8e5xihyUc8zIRgYkHIA9rSH 2z7Vmfw8yreIdTJ88bYCphFaZUo4LPvcMHFy7EKYb
Re: S/MIME in Outlook -- fucked.
-- On 3 Sep 2002 at 11:16, Meyer Wolfsheim wrote: > I encourage everyone to send Bill Gates an email from > himself. =) > > = > = Vendor Notification Status > > Microsoft knows about this, of course, but "isn't even sure > whether to call this a 'vulnerability'." Right. While the immediate bug is in Microsoft IE and Outlook, this exploit is also a reflection of the contorted mess that is the certificate structure and the public key infrastructure, and of the fact that Verisign is not doing its job. (This exploit only works if one starts with a legitimate verisign certificate for a web site, it does not work if one starts with a legitimate Thawte certificate.) Microsoft unambiguously screwed up, but the infrastructure made it easy to screw up, and difficult and expensive to get things right. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 2S6sg825yJSZ69s23KyOvpaHYYQYbgoRuPl2j1JZ 24hZwF+YmQMFl2hK8LOkiesmNrg+xJ0ZdA1qPUzQU
Re: Prosecutors' Contention That Hotmail E-mail Is "Extremely Difficult To Trace"
-- On 5 Sep 2002 at 16:48, Steve Schear wrote: > 3. After September 11, 2001, the FBI learned that Moussaoui > had used a computer at Kinko s, in Eagan, Minnesota, to > connect to the internet. When the FBI learned that Moussaoui > had used a computer at Kinko s, the FBI investigated that > Kinko s store and was informed that the Kinko s had since > erased the data from its computers, as is Kinko s regular > practice. Accordingly, the FBI did not seize the computers > from Kinko s, Eagan, Minnesota. Moral: Always make erasing unneeded data a regular practice, if you want to keep your computers. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG u8fODkiRQptIbG0Gx/8TsyWhAaSyUi6bqxXcPoch 2gQB3HYsyrY6lY1CcTlNf5xm+nfdUNkDNFH91bpFH
Re: Saturday meeting/BBQ/party--last minute comments
-- On 11 Sep 2002 at 9:07, Tim May wrote: > Last Minute Comments: > > * Meeting/BBQ/Party at Tim May's house, Saturday, September > 14th, 1 p.m. onwards. Formal agenda to start promptly at 2 > p.m. > > * I've had a lot of confirmations (not required, except for > lurkers and strangers) from a lot of people, so PARKING is > OFFICIALLY BECOMING A PROBLEM. I live at the top of a hill > serviced by a one-lane road going from the valley floor up > several hundred feet to my driveway above. I have had parties > where about 15 cars were in one of several places: > > -- my own parking lot, handling about 4-5 cars besides my own > 2. > > -- my driveway, handling about 4-6 more cars, depending on > whether they block others! > > -- the side of the road at the very top of the hill, handling > 3-5 other cars > > -- the rest, I'm not sure where they parked! I observed Tim's place. His estimate of the parking situation seems optimistic to me, though doubtless he knows the situation better than I do. Be prepared for a considerable walk and/or frequent car rearrangements, and unscheduled delay in leaving. Tim's house is on a long, one lane track, somewhat east of the back of beyond. You recall the house in the cartoon "Courage, the cowardly dog"? Now imagine that same house, and rotate the landscape seventy degrees so that the house is stapled to the side of a mountain and the road dug into the side of a mountain. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 6wLay9FqSokQWYJ9KA94MevETkNtbnDry7fxHbD8 2+d7YG2eU5+wxXOCENNyvul+Im5tPQ3C6FI8UQzNF
RE: Cryptogram: Palladium Only for DRM
-- On 19 Sep 2002 at 11:13, AARG! Anonymous wrote: > Of course, those like Lucky who believe that trusted > computing technology is evil incarnate are presumably > rejoicing at this news. Microsoft's patent will limit the > application of this technology. And the really crazy people > are the ones who say that Palladium is evil, but Microsoft is > being unfair in not licensing their patent widely! The evil of DRM, like the evils of guns, depends on who has the gun and who has not. If only certain privileged people have guns, and the rest of us are disarmed, then guns are evil indeed. If trusted computing means that certain special people have ring -1 access to my computer, and I do not, and those certain special people are people I do not trust ... --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 9qfOgx4DuD39ZV1os+Mk6SzsJp3A6f8e/S94djUj 41XdHA+e/zdxPCIroQznM5ILiFBEOUSYYagF5KQkb
What good are smartcard readers for PCs
-- The biggest application of smart cards that I know of are anonymous phone minutes. In Australia, I walked into a hardware store in the middle of the back of beyond, and asked the sales kid about a cellular phone for someone who would not be in Australia very long. He promptly urged me to buy a phone that uses one of these cards, pointing out as one of the advantages that I buy the minutes for cash, and that no one would know who was associated with the number, other than those that I wished to know. This guy was a random saleskid in the backblocks of Australia, not a noted cypherpunk poster. Increasingly however, we see smartcard interfaces sold for PCs. What for, I wonder? In general, a smartcard and a PC smartcard interface can be used anywhere where one would use a password, providing greater security and ease of use than mere passwords. By and large, people only care about greater security when the password is protecting money, considerable lumps of money. A huge number of web pages are selling smart card readers for PCs, for example: http://www.drivecrypt.com/dcplus.html Obviously end users are buying this stuff. What are they buying smartcard readers for? So I did a google search for web pages selling "chipdrive extern" (the most popular smartcard interface for PCs) Seems like this is big business -- that huge numbers of these widgets are made and sold. yet most of the web pages seemed curiously vague as to what anyone was buying them for. I clicked on a link that said "current smart card industry news" -- the page was empty. I found another page that advertised : : "The Key to Secure eCommerce" : : : : The eCode solution provides secure remote : : identification and digital signatures for : : e-banking, telephone and mobile banking and other : : application where secure identification is needed. : : : : The eCode system offers user authentication, user : : authorisation, data integrity, data : : confidentiality and non-repudiation. A related web page says : : Argos Mini is a cost-efficient smart card reader for : : the mass market and applications like Internet : : Banking, Telecommuting, Access Control, loading : : Electronic Purse, etc. So we are seeing lots of publicity from people selling smart cards readers but curiously little from those applying them to particular purposes. Mondex, as far as I know, sank with very little trace. They seem to have given up attempting to issue electronic money based on smartcards, and instead have become just another company selling smart card readers and software, their biggest contribution being a smartcard operating system that should allow multiple applications to use the same smartcard, so that a smartcard can act both as a purse and keyring, carrying keys to many different things. This seems to imply that so many diverse people are finding uses to for smartcard enabled PCs that one is likely to use a smartcard to interact with security from many independent vendors, just as one is likely to have a lot of unrelated keys on one's keyring. If this is so big, and it does seem to be big, how come I do not know of any applications? The multiplicity of smartcard interface vendors, and the struggle over the problem of using a single smartcard for multiple unrelated purposes, suggests a multitude of widely used purposes, yet I have no purposes. Huge numbers of people must be buying these things, often for multiple independent reasons, yet what are those reasons? What would that kid in Australia buy one of these things for? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG ynBJMlsLDPzg07sL/LvEpB/tIW037sE6ghIofneK 4PVvvjR5R/LHANHsZwHICLtrUdTredEP7JMGYF3vh
Re: What good are smartcard readers for PCs
-- James A. Donald> > > Increasingly however, we see smartcard interfaces sold for > > PCs. What for, I wonder? On 24 Sep 2002 at 1:41, Bill Stewart wrote: > I'm not convinced that the number of people selling them is > closely related to the number of people buying; this could be > another field like PKIs where the marketeers and cool > business plans never succeeded at getting customers to use > them. On 24 Sep 2002 at 19:12, Peter Gutmann wrote: > Companies buy a few readers for their developers who write > software to work with the cards. [...] Eventually the > clients discover how much of a bitch they are to work with > [] users decide to live with software-only crypto until > the smart card scene is a bit more mature. > > Given that n_users >> n_card_vendors, this situation can keep > going for quite some time. I have found that the administrative costs of PKI are intolerable. End users do not really understand crypto, and so will fuck up. Only engineers can really control a PKI certificate, and for the most part they just do not. In principle the thingness of a smartcard should reduce administrative costs to a low level -- they should supposedly act like a purse, a key, a credit card, hence near zero user training required. The simulated thingness created by cryptographic cleverness should be manifested to the user as physical thingness of the card. Suppose, for example, we had working Chaumian digicash. Now imagine how much trouble the average end user is going to get into with backups, and with moving digicash from one computer to another. If all unused Chaumian tokens live in a smartcard, one might expect the problem to vanish. The purselike character of the card sustains the coin like character of Chaumian tokens. Of course if one has to supply the correct driver for the smart card, then the administration problem reappears. USB smartcard interfaces could solve this problem. Just plug them in, and bingo, it should just go. Ummh, wait a moment, go where, do what? What happens when one plugs in a USB smartcard interface? Still, making crypto embodied in smart cards intelligible to the masses would seem to be a soluble problem, even if not yet solved, whereas software only crypto is always going to boggle the masses. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG UpBeNFF1UW7r7Fw8pVMxQG+xJ3mwsngHIp62BxL6 4D+u3ZM5e1JbeYAKaQ4dhOQrlZ42vq05cfz83rnCZ
Re: What good are smartcard readers for PCs
-- On 25 Sep 2002 at 18:36, Neil Johnson wrote: > Hey don't forget you can still buy a smart card reader from > that most cypherpunkish of babes BRITNEY SPEARS ! Only $30 ! > > https://www.visiblevisitors.com/mltest/order_form.asp A previous poster suggested that the smart card industry had usuability problems. If these guys are selling to that market, they must have solved those problems -- or believe that they have. On 24 Sep 2002 at 19:12, Peter Gutmann wrote: > Eventually the clients discover how much of a bitch they are > to work with [] users decide to live with software-only > crypto until the smart card scene is a bit more mature. Smartflash is supposed to be plug and play, no installation, no configuration. You just plug it into a usb port, poke your card into the reader and a browser window pops up, and takes you to the web page for that smartcard. If any software is needed, then it is in the form of activeX component, which means that the only installation interface is "Do you trust this software from so-and-so?" When Chaumian money comes into wide use, I think that for most end users we will have to stash all unused tokens inside smartcards. However, because of the critical mass problem, initial deployment for small payments cannot rely on such means, though initial deployment for large payments could. Unfortunately, deployment of uncrippled chaumian cash for large payments is likely to be illegal in most jurisdictions. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG zA52k2I/yOV3JjdMnqwOFMq4Io7yMmdhp7IVzbUE 48lR0zT5ZoHjtDYfcW0+xmlo00w3DS04U9nsJblFq
Re: What good are smartcard readers for PCs
-- Neil Johnson wrote: > > > Hey don't forget you can still buy a smart card reader > > > from that most cypherpunkish of babes BRITNEY SPEARS ! > > > Only $30 ! > > > > > > https://www.visiblevisitors.com/mltest/order_form.asp James A. Donald: > > A previous poster suggested that the smart card industry > > had usuability problems. If these guys are selling to that > > market, they must have solved those problems -- or believe > > that they have. Peter Gutmann wrote: > All they're doing is reading a URL off a USB dongle > (technically a 256-byte I2C memory card plugged into a > reader, but in effect the combination is a USB dongle). > That's a no-brainer, I can do that with two wires taped to > the card contacts and poked into the PC's parallel port, and > around 50 bytes of code on the PC. If all they were doing is reading the URL, presumably you can already get to the site without owning the smartcard. I believe the card cryptographically proves its presence to the site to show that the user is authorized to hit the site. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG pTZSolt9/2ZzWLDufFApvlnFJTl7qJ+k/1P6N4E5 4+/ztYC9AfVoSBhBwjbH0ljx00WVl9cpQ4D/Kw7Ze
What good are smartcard readers for PCs
-- On 27 Sep 2002 at 19:53, Harmon Seaver wrote: > Forget the pencils and pens, just ban paper. The Chinese empire did in fact take that measure, making paper a government monopoly, prohibiting private production and use of paper, private knowledge of how to produce paper, and castrating all paper makers to reduce the risk of the technology of paper making being passed from father to son, or through pillow talk. Some barbarian pirates eventually stole one of the government's paper making eunuchs, and the technology got loose again in lands beyond the empire's control, particularly the west. A later chinese emperor issued "the encyclopedia of all knowledge", which was intended to stimulate the growth of knowledge, but an elephant cannot help but trample the grass. The actual effect of the encyclopedia was to prohibit all knowledge that was not in the encyclopedia. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG UZr0jvF3hsrDzZ/URGjiGNl8cw1jEQbsuJt2Vxm6 4P3p+Y/yI2jWvQGZ0O5aHI//rcxIXncZJqgHA4VdK
Re: smartcards
-- James A. Donald: > > When Chaumian money comes into wide use, I think that for > > most end users we will have to stash all unused tokens > > inside smartcards. However, because of the critical mass > > problem, initial deployment for small payments cannot rely > > on such means, though initial deployment for large payments > > could. Someone: > Here in Hong Kong, contactless "Octopus" smartcards (based on > the Sony FeliCa device) are well established for paying fares > on buses, ferries and subways, and also for small > transactions with vending machines, convenience stores and > supermarkets. The implementation is definitely non-Chaumian > (it's based on symmetric encryption using shared secrets for > both mutual authentication and secure transfer of value) but > the cards can be purchased and reloaded with cash. Alas, the > system does not allow uploads of value to banks or > peer-to-peer transfers, as Mondex did. Critical mass is no problem if a payment mechanism is backed by the big boys, but the big boys want a mechanism for transferring value where only a few giant corporations who are in bed with the state receive transaction payments, a system that divides the economy into a tiny number of actors, the big corporations, who alone take action, plan and produce, and huge number of passive consumer zombies. We would like a system which treats those making and receiving payments as peers, which makes critical mass a considerably more difficult problem. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG +QZmFHKyDPKB9S60+rLQsOzIgeGk4o2tjKPzSX+8 4ROdV+LJ4M5hm4HiXOxPfEhStMMRfi09HNAiWbEKa
Re: smartcards
-- On 30 Jan 2050 at 32:210, Steve Thompson wrote: > I'm surprised that nobody has mentioned cell-phones as a > digital cash platform.[] > > The problem is that phone software is (to my knowledge) all > closed-source and running on proprietary hardware. What's > the liklihood of manufacturers opening up their phones for > third-party code? An open platform would be a combined cell phone and palm top computer. Lots of people are trying to move this -- so far without wide acceptance. Paypal's original vision was that people would use palm pilots with IR. If phones developed palm pilot capabilities, this vision would become more useful. I think combining the palm pilot with the cell phone is more feasible once we develop a good voice controlled computer, after the fashion of startrek, which may be some time off. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG z0mctqiLain3vlXnFZTOy5PEVJIwCeg0x7zxl4RQ 4DWhd8THkIxyeHtI7sSA5O1d9IKi7WwGZVh6roOOb
What email encryption is actually in use?
-- What email encryption is actually in use? When I get a PGP encrypted message, I usually cannot read it -- it is sent to my dud key or something somehow goes wrong. When I send a PGP encrypted message in reply, stating the problem, I seldom receive an answer, suggesting that the recipient cannot decrypt my message either. Kong encrypted messages usually work, because there is only one version of the program, and key management is damn near non existent by design, since my experience as key manager for various companies shows that in practice keys just do not get managed. After I release the next upgrade, doubtless fewer messages will work. The most widely deployed encryption is of course that which is in outlook -- which we now know to be broken, since impersonation is trivial, making it fortunate that seemingly no one uses it. Repeating the question, so that it does not get lost in the rant. To the extent that real people are using digitally signed and or encrypted messages for real purposes, what is the dominant technology, or is use so sporadic that no network effect is functioning, so nothing can be said to be dominant? The chief barrier to use of outlook's email encryption, aside from the fact that is broken, is the intolerable cost and inconvenience of certificate management. We have tools to construct any certificates we damn well please, though the root signatures will not be recognized unless the user chooses to put them in. Is it practical for a particular group, for example a corporation or a conspiracy, to whip up its own damned root certificate, without buggering around with verisign? (Of course fixing Microsoft's design errors is never useful, since they will rebreak their products in new ways that are more ingenious and harder to fix.) I intended to sign this using Network Associates command line pgp, only to discover that pgp -sa file produced unintellible gibberish, that could only be made sense of by pgp, so that no one would be able to read it without first checking my signature. I suggest that network associates should have hired me as UI design manager, or failing, that, hired the dog from down the street as UI design manager. Presumably the theory underlying this brilliant design decision was that in the bad old days, a file produced under unix woudl not verify under windows because of trivial differences such as the fact the whitespace is expressed slightly differently. Here is a better fix, one that I implemented in Kong: Define several signature types with the default signature type ignoring those aspects of the message that are difficult for the user to notice, so that if a message looks pretty much the same to the user, it has the same signature, by, for example, canonicalizing whitespace and single line breaks, and treating the hard space (0xA0) the same as the soft space. (0x20), and so on and so forth. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG OmUO5eB/pLnuFIgCU2splCvKO4x0U1Ik31pVFPaU 49B5UrVKc5ETzoxGcfl+q9ltoh61l4ncSyE+R5h6P
What email encryption is actually in use?
-- James A. Donald: > > We have tools to construct any certificates we damn well > > please, Joseph Ashwood: > The same applies everywhere, in fact in your beloved Kong, > the situation is worse because the identities can't be > managed. You are unfamiliar with Kong. The situation is better, because it is designed to be used in the fashion that all other existing alternatives actually are used in practice. James A. Donald: > > I intended to sign this using Network Associates command > > line pgp, only to discover that pgp -sa file produced > > unintellible gibberish, that could only be made sense of by > > pgp, so that no one would be able to read it without first > > checking my signature. Joseph Ashwood: > Which would of course demonstrate once more that you have no > clue how to use PGP. It also demonstrates what is probably > your primary source of "I can't decrypt it" you are using a > rather old version of PGP. In fact my version is network associates version 6.5.8, which can supposedly decrypt any valid pgp message, and your rant would be considerably more impressive if you signed your message with a PGP signature. Doubtless you could sign it -- eventually, after a bit of trying, after you had spent about as much time farting around as I did. The proclamation that PGP is usable would have been much more impressive in a message that actually used it. James A. Donald: > > Here is a better fix, one that I implemented in Kong: > > Define several signature types with the default signature > > type ignoring those aspects of the message that are > > difficult for the user to notice, so that if a message > > looks pretty much the same to the user, it has the same > > signature, by, for example, canonicalizing whitespace and > > single line breaks, and treating the hard space (0xA0) the > > same as the soft space. (0x20), and so on and so forth. Joseph Ashwood: > So it's going to be broken by design. These are critical > errors that will eliminate any semblance of security in your > program. You are full of shit. I challenge you to fool my canonicalization algorithm by modifying a message to as to change the apparent meaning while preserving the signature, or by producing a message that verifies as signed by me, while in fact a meaningfully different message to any that was genuinely signed by me. Let see you doing some work to back up your empty words. The source code for my canonicalization code is on the the net. If you say it is broken, break it! --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG nfNdl11zVV+oWKMTt0l79zrcrelHalABSBwKeib2 4Ts9fALHrytq8hR6Dhue492m/1vO+fYHy4Kqa6dkQ
Clarification of challenge to Joseph Ashwood:
-- James A. Donald: (ranting on the user hostility of PGP) > > > Presumably the theory underlying this brilliant design > > > decision was that in the bad old days, a [signed clear > > > text file signed] under unix would not verify under > > > windows because of trivial differences such as the fact > > > the whitespace is expressed slightly differently. > > > > > > Here is a better fix, one that I implemented in Kong: > > > Define several signature types with the default signature > > > type ignoring those aspects of the message that are > > > difficult for the user to notice, so that if a message > > > looks pretty much the same to the user, it has the same > > > signature, by, for example, canonicalizing whitespace and > > > single line breaks, and treating the hard space (0xA0) > > > the same as the soft space. (0x20), and so on and so > > > forth. Joseph Ashwood: > > So it's going to be broken by design. These are critical > > errors that will eliminate any semblance of security in > > your program. James A. Donald: > I challenge you to fool my canonicalization algorithm by > modifying a message to as to change the apparent meaning > while preserving the signature, or by producing a message > that verifies as signed by me, while in fact a meaningfully > different message to any that was genuinely signed by me. > > Let see you doing some work to back up your empty words. > The source code for my canonicalization code is on the net. > If you say it is broken, break it! To clarify, Kong works by checking a signature against the message, and against other messages in its database. Its job is not to identify the "true" James Donald, but to keep the different people claiming to be James Donald clearly separated. Thus Kong would be broken if such separation could be obfuscated or confused. Any program attempting to determine whether "Bob" is someone's true name is attempting to do something that computers cannot do, hence the intolerable certificate management problems of software that attempts to do that. Three quarters of the user hostility of other programs comes from their attempt to support "true" names, and the rest comes from the cleartext signature problem. Kong fixes both problems. Joseph Ashwood must produce a message that is meaningfully different from any of the numerous messages that I have sent to cypherpunks, but which verifies as sent by the same person who sent past messages. Thus for Kong to be "broken" one must store a past message from that proflic poster supposed called James Donald, in the Kong database, and bring up a new message hacked up by Joseph Ashwood, and have Kong display in the signature verification screen The signature in this document matches the signature on another document signed by James A. Donald. Do you wish to view this document. While Kong display a document meaningfully different from any that was posted by James A. Donald. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG gQcEhL/Zl68mNm0WaeG7zRK5M+/3qbaE0t84hURH 4st/8mhjCyBBCy1Ganf3ud6SNdzLZtUChQQbTA6SO
Re: What email encryption is actually in use?
-- James A. Donald: > > I intended to sign this using Network Associates command > > line pgp, [6.5.8]only to discover that pgp -sa file > > produced unintellible gibberish, that could only be made > > sense of by pgp, so that no one would be able to read it > > without first checking my signature. David Howe > you made a minor config error - you need to make sure > clearsign is enabled. James A. Donald: > > I suggest that network associates should have hired me as > > UI design manager, or failing, that, hired the dog from > > down the street as UI design manager. David Howe > It's command line. Most cyphergeeks like command line tools > powerful and cryptic :) We also like the most common uses to be *on* the command line. If the option is not on the command line, it is *not* powerful and it is a little too cryptic. The pgp.cfg file is empty by default on my machine, the cfg file options are nowhere documented, clearsigning is nowhere documented, and "Clearsign=on" did not work. In the last generally useful version of pgp (pgp 2.6.2) pgp -sa gave clear signing, but it was unusable, because trivial differences, such as the unix/windows difference on carriage returns would cause the signature check to fail. Because there were so many false negatives, no one would check clearsigned signatures. I conjecture that in pgp 6.5.8 they have addressed this problem by making clear signatures as inaccessible as possible, rather than by fixing it. I could get clearsigning by telling my pgp 6.5.8 to be compatible with 2.6.2, but I have already discovered that 2.6.2 clear signing was hopelessly broken. Had clear signing worked, then everyone with a valuable domain name would have used the pgp interface to control their domain names, to ensure that one's domain name could not be hijacked, as so many domain names have been. This would have created a massive base of pgp users. However, due to architectural defects in pgp, design bugs rather than coding bugs, this use of pgp was broken, and so was seldom used, and eventually ceased to work entirely. Presumably there was no maintenance on the pgp inteface to domain name control, because no one was using it. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG MUiyRJ8PRbLCXnVMWCpeKvsn5GdOlAB9t6O7K0Hb 4GBcVbBHZFN0vg8apVt35e9Y2khaPdgrM+Y6uOys6
Re: What email encryption is actually in use?
-- James A. Donald: > > I intended to sign this using Network Associates command > > line pgp, [6.5.8]only to discover that pgp -sa file > > produced unintellible gibberish, that could only be made > > sense of by pgp, so that no one would be able to read it > > without first checking my signature. David Howe > you made a minor config error - you need to make sure > clearsign is enabled. Not so. It turns out the command line is now different in PGP 6.5.8. It is now pgp -sta to clearsign, instead of pgp -sa. (Needless to say the t option does not appear in pgp -h The clearsigning now seems to work a lot better than I recall the clearsigning working in pgp 2.6.2. They now do some canonicalization, or perhaps they guess lots of variants until one checks out. Perhaps they hid the clear signing because it used not to work, but having fixed it they failed to unhide it? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 1lGJioukjvNCaM/LetfJVNPifdGblhZNTs+GarH2 4RFyr8DSgY3BrltZeP3treEOdb186ZDQzE/S3NYLI
Re: What email encryption is actually in use?
-- > > Once you start using it, it becomes part of hte pattern > > by wich other people identify you. On 2 Oct 2002 at 9:52, David Howe wrote: > Exactly the intention, yes :) Just for the sake of it (anyone > who cares will have seen my signature enough times by now) I > will sign this one :) And PGP tells me "signature not checked, key does not meet validity threshold" So I said to myself, OK, I will sign David Howe's key on my keyring to tell myself that this is the "David Howe" who posts on cypherpunks, though of course, pgp gives us merely a single variable "trust", which can have no easy connection to the question "what do you actually know about this particular David Howe?". (What we really would like is a database of communications indexed by key, so that we could see this communication in the context of past communications with the David Howe that used the same key.) I attempt to sign "David Howe"s key, whereupon PGP gives the highly uninformative error message: "Key signature error". It seems that I get similarly uninformative errors whenever I tried to use PGP. And that folks, is at least one of the reasons why end user crypto is not widespread. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 3XIIjDu4swm4B8omsJgkQJcu1Op4/sNb2XkGf18B 4F9ZT3OQag+pZrW134bJdhLT3EeX1wOFqJzi1WJQ5
Re: What email encryption is actually in use?
-- James A. Donald wrote: > > And PGP tells me "signature not checked, key does not meet > > validity threshold" On 2 Oct 2002 at 20:40, Dave Howe wrote: > what version are you on? pgp 6.5.8 command line version. The actual problem was that there was no such key in my key ring, but error messages gave me no hint of that. So having determined the problem, I dutifully went to the key server, and encountered yet another stream of problems related to the keyserver and windows, that made it impossible to download the key, but that is another story. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG C+pOgajD+X0+ZJN6MxG/jTvWMW4WWcSPAO/u5ONp 41dEFaucvzVF+ulAPaijTMkhlW/C+virFHh06hHrM
Re: What email encryption is actually in use?
-- On 2 Oct 2002 at 16:19, Adam Shostack wrote: > Whats wrong with PGP sigs is that going on 9 full years after > I generated my first pgp key, my mom still can't use the > stuff. The fact that your mum cannot use the stuff is only half the problem. I am a computer expert, a key administrator, someone who has been paid to write cryptographic code, and half the time I cannot use pgp. Of course, I have had real occasion to use this stuff so rarely that I suspect your mother would never use it no matter how user friendly. The lack of demand may have something to do with Hettinga's rant, that all cryptography is financial cryptography. As I am fond of pointing out, envelopes were first invented to contain records of goods and payments. People use encryption when money is at stake. If people start routinely making binding deals on the internet, they will soon routinely use encryption. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Yek7NX953gkX+mwOcaRKW13pMWVzckXtQLHH7Oqt 45E6Pq+EKfccaEUOQLWtfPKtgE9yfk5u/o8MMv4HG
Re: What email encryption is actually in use?
-- Adam Shostack wrote: > > Whats wrong with PGP sigs is that going on 9 full years > > after I generated my first pgp key, my mom still can't use > > the stuff. On 3 Oct 2002 at 17:33, Ben Laurie wrote: > Mozilla+enigmail+gpg. It just works. If we had client side encryption that "just works" we would be seeing a few more signed messages on this list, and those that appear, would actually be checked. Send an unnecessarily encrypted message to Tim and he wil probably threaten to shoot you. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 2Xas831JtcVC2arD+2zXouy3o82ZsDYT6VWbi0g 4LoqK+b3poXgDltScDKS3wl1UILcpvnNaumqELJhn
Re: What email encryption is actually in use?
-- James A. Donald wrote: > > If we had client side encryption that "just works" we would > > be seeing a few more signed messages on this list, and > > those that appear, would actually be checked. Send an > > unnecessarily encrypted message to Tim and he will probably > > threaten to shoot you. Ben Laurie wrote: > Why would I want to sign a message to this list? Then all the people who read this list, were they to receive a communication from you, they would know it was the same Ben Laurie who posts to this list. Of course, if you were in the habit of posting suggestions to this list that you break the law, this might be a bad idea, but to the best of my recollection, you do not. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG camCoW1VxLtKI1Q8U87Pid9dPFLuYKXqZMqDPd6y 4BIPT6xmk2CLc9m90mQsQOrs/2issShK6u9NJ42zf
Re: why bother signing? (was Re: What email encryption is actually in use?)
James A. Donald: > >> > If we had client side encryption that "just works" we > >> > would be seeing a few more signed messages on this list, Major Variola (ret): > But Ben is not spoofed here! So there is little motivation. > > [...] > > In the absence of any need, its not rational to bother. There have been episodes of spoofing on this list. If client side encryption "just worked", and if what is considerably more difficult, checking the signatures "just worked", there would be no bother, hence it would be rational to sign --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG j35pZ93cRp46pIhaD4AQ0X3neQjPEV2l9JrKJ2L2 4Eto77muLU+n+EF8nNrcbcSAMw1Vtdttyl1600R9x
Independent News
-- > >"The whole idea is to try and stop something like the Bali > >bomb > happening." On 23 Oct 2002 at 11:10, Major Variola (ret) wrote: > The correct patch should be applied to US foreign policy Don't think we can blame US foreign policy for the Bali bombing. Probably relates more to Australian foreign policy and Singaporean internal policy. Indonesian muslims were sponsoring terror against Timorese. Australia let that pass as long as Fretilin was communist, but when Fretilin swore off communism, Australia intervened, thereby gaining a vital strategic advantage, in that Timor is an unsinkable aircraft carrier covering the approaches to Australia. This had the effect of rolling back Muslim rule, something that Bin Laden has told us is a no-no. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG YyO99qL0+xsoa0JPIh9Tbof+WkATG5PpWoiy6s5v 4BRkFiGmL+8i6uxcMBHxQEfXZE6OccbPl+ouoG1Jy
Re: Intel Security processor + a question
-- On 21 Oct 2002 at 10:21, Major Variola (ret) wrote: > But no such "does it look random" test can tell good > PRNG from TRNG. You must peek under the hood. More generally, one can never know something is random merely by looking at it, but only by knowing why it is random. One must have both theory and experiment. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG govZnfsYPhr1BzrbpYoLQVdfLp/FkKmHG9KFTFkI 4NCRqBJWFhDElvlvzDTaZGuTWNTAoXMMadfUryifo
Re: internet radio - broadcast without incurring royalty fees
-- On 24 Oct 2002 at 20:32, Morlock Elloi wrote: > Napster clones, kazaa, gnutella et al. rely on end-users to > upload stuff. These end users simply have no bandwidth > available for that. Cheapo DSL lines have hundred or few > hundreds of kbit/sec unguaranteed upload capacity. No one is > going to pay T1 to serve free stuff in breach of copyright > laws. > > The net result is - and anyone can try it for themselves - > that average success rate is less than 40%, the speed is > miserable - most of the time it takes hour or more for 5-6 > minute mp3, and then you need to be lucky so that content > matches the title. I am a really big fan of "Buffy". A cute chick, lots of violence and killing, and a bit of sex, what more can one ask for in a TV show? Recently due to family crisis, I missed a couple of shows. So, using usenet, I downloaded the two one hour shows that I missed. I had no problem getting them, the download ran in the background. It did not seem to take an unreasonably long time, though I did not bother to time it. I started the download, proceeded to do other things, and when I remembered to check, the download was done. So I then watched the shows. The image and sound quality was excellent, the ads had been deleted. The stories were rattling good. Loved the bit where buffy says "I am the law", and picks up a great big naked sword and stalks off to apply the instant death penalty, while Xander flutters about ineffectually being deeply caring and emotional and having deep moral debates about the use of violence. I have never downloaded a tv show off the internet before. Everything just worked, no fuss, unlike some encryption programs I could mention. > While there always will be pathological cases that will spend > tens of hours online to get few mp3s for free (that is, until > local telco decides that flat rate is no more viable), for > most napsters are unusable. My experience is that the mass media are doomed. This stuff works just great for me. I have stopped downloading music until I organize the music I already have. Napster was just great, worked with no fuss. Maybe the Napster clones are not as good, but my experience with downloading TV shows suggests that piracy is working better than ever. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG w5c01d6+NpDvLdLI2X6Jg5z8F2yx1pwhncy3yMYK 4b/esfa1UycmFgStXtluIkq+6g1XHHb8MMWOMZOkk
Re: internet radio - broadcast without incurring royalty fees
-- James A. Donald: > > my experience with downloading TV shows suggests that > > piracy is working better than ever. Major Variola > This wasn't piracy, it was time-shifting. When the ads were deleted, it ceased to be time shifting. In any case, the point I intended to make was that "Buffy" was one hundred times bigger than a typical MP3, yet the software and hardware had no problems. If the internet can handle one hour tv shows without working up a sweat, digital convergence is getting real close. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG XYP6QY+S9r3ndihIQTukA67fRiwrn6l5ZpkvrArT 4M1UwSPjw71Nqox9g8XKDugMA/eyyeDoNJSWRDhBZ
What is the truth of the anti war rallys?
-- Supposedly tens of thousands turned up, forty two thousand in San Francisco Yet oddly, the photos of marches that I see look more like forty in San Francisco, and four hundred in Washington. Perhaps there were a lot more out of frame, but that is an odd way to photograph a demonstration. Does anyone know the truth from his own eyes, or a more complete set of images? At least some newspapers are reporting "hundreds" or four hundred in Washington, while others are reporting eighty thousand, an number curiously different from four hundred. However it seems that all papers are reporting forty two thousand in San Francisco. The inconsistency in the reports from Washington incline me to doubt the reports from San Francisco, but of course there is a plentiful supply of liars on both sides of the fence. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG XvyryuYS+vBllOZxJ4VX58iglXFp7Ttjj2gWpoWN 4Nfd+VGZPH10x9+jh7fcgqq91ms4mTmBSS+vzsczS
Re: Clarification of challenge to Joseph Ashwood:
-- Joseph Ashwood: > > > > So it's going to be broken by design. These are > > > > critical errors that will eliminate any semblance of > > > > security in your program. James A. Donald: > > > I challenge you to fool my canonicalization algorithm by > > > modifying a message to as to change the apparent meaning > > > while preserving the signature, or by producing a > > > message that verifies as signed by me, while in fact a > > > meaningfully different message to any that was genuinely > > > signed by me. Joseph Ashwood: > That's easy, remember that you didn't limit the challenge to > text files. It should be a fairly simple matter to create a > JPEG file with a number of 0xA0 and 0x20 bytes, by simply > swapping the value of those byte one can create a file that > will pass your verification, but will obviously be corrupt. > Your canonicalization is clearly and fatally flawed. If so easy, do it. > > Joseph Ashwood must produce a message that is meaningfully > > different from any of the numerous messages that I have > > sent to cypherpunks, but which verifies as sent by the > > same person who sent past messages. > > > > Thus for Kong to be "broken" one must store a past message > > from that proflic poster supposed called James Donald, in > > the Kong database, and bring up a new message hacked up by > > Joseph Ashwood, and have Kong display in the signature > > verification screen Joseph Ashwood: > To verify that I would of course have to download and install > Kong, In other words, you are blowing smoke, and know full well you are blowing smoke. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG H1Nbd40fMEd0QoHFng2hEcuA2a/BP07ab+GOBowZ 4HIcNbSdMF02EWVm52VJqtj0Jas+Wmq/SZ/UyT0uq
Re: New Protection for 802.11
-- Reading the Wifi report, http://www.weca.net/OpenSection/pdf/Wi- Fi_Protected_Access_Overview.pdf it seems their customers stampeded them and demanded that the security hole be fixed, fixed a damned lot sooner than they intended to fix it. I am struck the contrast between the seemingly strong demand for wifi security, compared to the almost complete absence of demand for email security. Why is it so? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG IWe4JFeDeor04Pxb96ZsQ7xX+JAwxSs8HQfoAeG5 4rQX6tgLhAvAwLjF+SXlRswSmphBhw4cOXLe9Y4r5
RE: Did you *really* zeroize that key?
-- On 7 Nov 2002 at 16:36, Trei, Peter wrote: > The 'volatile' keyword seems to have poorly defined > behaviour. "Volatile" memory typically both receives input from outside the abstract machine, and generates output outside the abstract machine. Indeed the expected reason to write to volatile memory is because it generates effects outside the abstract machine. If the optimizer ever optimizes away a write to volatile memory, device drivers will fail. Most device drivers are written in C. If anyone ever produces a C compiler in which "volatile" does not do what we want, not only are they out of spec, but smoke will start coming out of hardware when the device drivers are recompiled. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG kEh2eDIEzpFnafz1M2n+bEgPvpgJoMG5yeNBElma 4DJ2e1VU89ubCetOzWnz76JuUZBdhHHlg/JLf9Xju
Re: Yodels, new anonymous e-currency
-- On 12 Nov 2002 at 8:50, Nomen Nescio wrote: > According to this link, > http://www.infoanarchy.org/?op=displaystory;sid=2002/11/11/4183/2039, > a new form of digital cash called "yodels" is being offered anonymously: > > [...] > > Supposedly, then, this is cash which can be transferred > anonymously via IIP or Freenet. Leaving aside the question > of trusting an anonymous bank (trust takes time), the > sticking point for ecash is how to transfer between yodels > and other currencies. Without transferability, what gives > yodels their value? Alleged attempts to introduce internet currencies have a ninety percent humbug and fraud rate. If his currency works well enough that one can buy addresses with it, this indicates a somewhat surprising level of success. I will check out his currency, and see what there is to see. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 46Ibm86cvcVoir/f4dSSPwM2gYCtHcpTds+N+jJq 4psLxBq0RMZOakFcGiILu6K8f4B1x/f6awQoD8K5c
Re: Yodels, new anonymous e-currency
-- On Tue, 12 Nov 2002, Nomen Nescio wrote: > > > According to this link, > > > http://www.infoanarchy.org/?op=displaystory;sid=2002/11/11/4183/2039 > > > a new form of digital cash called "yodels" is being > > > offered anonymously: On 12 Nov 2002 at 7:31, Steve Schear wrote: > Correct they are a bearer share issuer, like the Digicash > licensees before them. They claim to hold value denominated > in some units of account (in their case DMT) as their asset > backing. The challenge for Yodel will come in convincing > potential users that: DMTs have sustainable value, that Yodel > is really fully backed by DMTs, that Yodel's operators can be > trusted not to abscond with the value exchanged for Yodels or > refuse to exchange them for DMTs at some future time. All > while reamining anonymous. A pretty tall order I should > think. Pseudonymous, not anonymous. What is a corporation but a nym? Any swindling you can do with a pseudonym, you can do with a corporation. > At least initially, many Yodel users may want only to use > them mainly as a mixmaster between DMT accounts. With e-gold, one can perform one's mixing in a furnace. With DMT, cryptographic mixes are the only practical solution. Problem is that most users will not understand cryptographic mixing, whereas they do understand a furnace. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 50wZVsHzWVCcQBwTOHonjfe6YktnJgFEe7CRcnOu 4qPIe4UB2pjTm4BTLInH60M2fku9pH217a/zFX8Jc
Re: Yodels, new anonymous e-currency
-- On 13 Nov 2002 at 2:26, Anonymous via the Cypherpunks wrote: > It's not clear what value - if any - Yodel provides over and above the > DMT Rand system. The DMT Rand system knows if client X43967 transfers money to client X98987 It also know that client X43967 transferred money to or from a bank of America account, rendering client X43967 no longer pseudonymous. Similarly for client X98987 Thus it can discover that Truename Bob transferred money to truename alice. With Yodels, this cannot be discovered. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 4dTv3KcoxE5viaZ34CP+Kgiv7xBHQnxAIgOf8q77 4wRmxI7SHxYSApkRtBdKILKjZaXzp6Qu2F4jW9vcT
Re: Yodels, new anonymous e-currency
The Yodel does not have a web site where yodels can be converted into some other form of money, and other forms of money converted into Yodels. Instead it has an IIRC bot. Use of this bot is described at http://yodel.deep-ice.com/bankbot.html This means a command line interface, to do banking transactions. This of course greatly reduced the work required to implement the Yodel, but will greatly limit the acceptability of the Yodel.
Poker
-- Internet Poker is a big money activity. A major problem with this activity is that the site can choose to allow certain privileged players to cheat. In principle it should be possible to create poker playing software where the server cannot cheat, but it is not obvious to me how this can be done. Does anyone know of a cheat proof algorithm? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG d4omBF08eFWhHQd6CDKVp4lJjfAS5GR56iMNcbAA 4XIes5IiykHpRT31kmyvZJTH0pPeUGMmBmORhd56d
Re: Fwd: [fc] list of papers accepted to FC'03
-- On 15 Nov 2002 at 10:55, IanG wrote: > > > List of papers accepted to FC'03 > > > > I see pretty much a standard list of crypto papers here, > albeit crypto with a waving of finance salt. Theory of what could be implemented has run well ahead of what has in fact been implemented. This has doubtless reduced enthusiasm for the theory. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG XmqKAbnJ3zxWonUYjLQTEauIWVuczMy3fiZXjszK 4BOXbFJHRJ+piLFRffQdmB84zd8OiOgRKr7wytw+r
RE: Where's Osama? (Re: OPPOSE THE WAR! We are going to ruin Iraq to get the oil. Who's next)
-- On 14 Nov 2002 at 14:47, Andrew John Lopata wrote: > I'm no expert, but a friend of mine in the military suggested > that invading Iraq now would be a lot different than the Gulf > War. He said that urban combat, which will be necessary to > depose Hussein, is the most difficult and dangerous type of > combat there is. The last time the US engaged in urban combat, Somalia, US troops took significant casualties, and innocent bystanders suffered enormous casualties. In Afghanistan, urban combat was avoided by three a dimensional envelopment. The enemy inside the city was threatened by ground troops outside the city, from the sky, and by subversion from within the city. It was this final threat, subversion from within, combined with containment from above and around, that provoked capitulation. This third element, subversion from within, may well be unachievable in Iraq, or if it is achievable, the regular army not very deft at getting it done. For the Iraq war to be completed without enormous civilian casualties, massive destruction of infrastructure, and intolerable US casualties, successful political warfare is likely to be essential. > There is no readily available alternate government to install > in Hussein's place. The resulting destabilization in the > region will likely result in a U.S. military presense in the > country for a much longer time than in the Gulf War. When the US defeated Nazi germany, the nazi government was largely obliterated, and the remaining apparatus of government mostly signed up with the German communist party, which had been the second largest party before the nazis, and which was subservient to the Soviet Union. Thus the US eventually had to suppress every vestige of German government and foster a new government from nothing. It took about five years for a plausibly German government to get its hands on the reins of power, and few more years for it to get rid of the institutions and apparatus of nazism. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG AoQslZIvueBx4Zn3xjfrmZVppIjzS70PWbcba9wQ 4QY9/UCaEXMTq2ePACwR96pH+xkCwMdSGqYXRuXaA
Re: OPPOSE THE WAR! We are going to ruin Iraq to get the oil. Who's ne
-- On 19 Nov 2002 at 12:02, Kevin Elliott wrote: > If you read between the lines of US history, you'll discover > that America did not begin to succeed in the war until late > in the war when the troops had become better trained and > disciplined. This is not my interpretation. Rather, the American *never* succeeded in conventional warfare. The British were able to march hither and yon, destroying whatever they chose, and killing whoever got in their way. However this cost them, and it did not bring them political control. After marching up and down and back and forth, and losing lots of men in the process, they eventually gave up. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 8rJK0TzKk1D62GWmAZ6vUvsi4CeZZEc5RL+nY/pG 4uNqMiU5DCnLXIoq1IVsaQobFOgZedKfb3qFuXYdl
RE: OPPOSE THE WAR! We are going to ruin Iraq to get the oil. Who 's ne
-- On 19 Nov 2002 at 15:45, Tyler Durden wrote: > Mikey: I would suggest tangling with Chomsky for a bit. Start > with... > > http://zmag.org/content/showarticle.cfm?SectionID=11&ItemID=2 > 312 Chomsky is a liar. His citations are mostly fraudulent, and he has at one time or another defended every bloodthirsty tyranny, every reign of terror, with the possible exception of North Korea. His words sound bombastic, yet they equivocate, pointing in two directions at once. This is the text equivalent of someone who talks loud and very fast while unable to meet your eye. I recommend you check out my Chomsky web page: "Chomsky lies" http://www.jim.com/Chomsdis.htm --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 5U6Z7xMp4zTN7LYnZeRTOkIV+P8krIJAvwxGPmE3 4EkYXklGNdtijKPek7gdRsTyzwt1PLpWiSTSKliuv
Re: Microsoft on Darknet
-- According to Microsoft, http://crypto.stanford.edu/DRM2002/darknet5.doc Darknet is being undermined by free riders. : : Peer-to-peer file sharing assumes that a : : significant fraction of users adhere to the : : somewhat post-capitalist idea of sacrificing their : : own resources for the "common good" of the network. : : Most free-riders do not seem to adopt this idea. : : For example, with 56 kbps modems still being the : : network connection for most users, allowing uploads : : constitutes a tangible bandwidth sacrifice. One : : approach is to make collaboration mandatory. For : : example, Freenet [6] clients are required to : : contribute some disk space. However, enforcing such : : requirements without a central infrastructure is : : difficult. The obvious solution is to monetize the darknet services, with very small payments, payments that would typically ad up to five dollars a month for heavy users or heavy servers -- that is to say, a half a gram of gold a month. Mojo was intended to do this but it failed, I think it failed because they failed to monetize mojo before it was introduced as service management mechanism. We should get an anonymous micropayment system working, interconvertible to real money, or real e-gold, then apply it to such applications as mixmasters and darknet. Allegedly yodel is such a system, but yodel is connected to e-rand, which is connected to some people who fail to inspire me with confidence. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG beO567eji82JoZMjbN1JCWL6vQBr301pkVztKIR+ 4HzLNwHtW3q5fJqUcxtmJZ0gjqfcEJvGFfMRkWY0c
Re: Torture done correctly is a terminal process
-- > On Thu, Nov 21, 2002 at 09:33:39AM -0800, Greg Broiles wrote: > > To flesh this out a little more - the judge was Stephen > > Trott, speaking on September 18 2002 at the Commonwealth > > Club. Trott credits the torture warrant idea to Alan > > Dershowitz, whom he describes as a good friend and a "great > > civil libertarian". On 21 Nov 2002 at 22:24, Declan McCullagh wrote: > Yes. Clearly it's okay for torture warrants to exist -- as > long as you're a member of the political class that gets to > approve them... At present, if the US wants someone terminally interrogated, they ship him to Egypt and ask the Egyptians to do the interrogation. I am mildly suprised they do not ask the Afghans to do the interrogations, since poems have been written concerning the remarkable effectiveness of Afghan interrogations. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Jyf5nXEcZGYbFVFMsrtVZ973GZhAHY04PCKLDC4a 4OpiaSbnH8yY1vYQHQAPfTAfNqbAvyyBgFMDUG6Ir
Re: Photographer Arrested For Taking Pictures Of Vice President'S Hotel
-- On 9 Dec 2002 at 9:17, Tim May wrote: > Anyone in the U.S. can be declared an "enemy combatant" and > vanished away from lawyers, habeas corpus, the 6th Amendment, > and any semblance of the system of liberty we sort of had at > one time. So far this has only been applied to people who are obviously hostile muslim terrorist wannabees, but the program will be steadily expanded. Indeed, part of the homeland security act already aims at people who make cartridges (reloaders), who will in due course be dealt with by the extrajudicial means provided for in the homeland security act. In general wars lead to a major temporary reduction in liberty, but a smaller permanent reduction in liberty. Unfortunately the war on terror will probably never end, so there will be no recovery. The government is on perfectly good constitutional ground when it claims that the army can do as it pleases on or near the battlefield. Trouble is, with terrorism or guerrilla war, the battlefield is arguably everywhere. We need a declaration of victory that will push the battlefield to somewhere far away. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG FLOmVFJWOQBqPSg63zjCLyzrGNzmKNAwje/jqRal 4BI7xjE+ItnxvhioCvggkQ6IREbp21mrBxAIeCBcg
Re: Anonymous blogging
-- On 11 Dec 2002 at 2:40, Nomen Nescio wrote: > But cypherpunks isn't that great a forum for publishing > ideas. Take a look at > http://www.inet-one.com/cypherpunks/current/maillist.html to > see the unfiltered list feed. Sure, no subscriber with half > a clue actually sees it like this, but that's how it looks to > the outside world. In a way, Mathew's and Choate's attack upon the list has done us a favour. The list is now effectively restricted to those with the will and ability to use filters, which raises the required intelligence level. For a while Mathew kept changing his email address, which led me to consider hunting him down and remonstrating him in person on my next visit to Australia, but now he holds it constant, so he and Choate are only a problem for idiots. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 3zalEmgDfRHRR2dLaPYt11ySXtkp1DlrxQ7JjK3t 4lTIAXG7p/FelDNPyrw1C62lPQej1gALsHiPdxIbJ
Re: Extradition, Snatching,and the Danger of Traveling to Other Countries
-- On Sun, 15 Dec 2002, Sarad AV wrote: > Firstly,they cannot be exterminated.There is no proof of > identity as we may have in our countries and no body will ask > for it either,since most don't have one. The Taliban would > have cut their beard and hair and mixed up with civilian > population,while troops can go searching for orthodox > civilians with a taliban look,making it hard to hunt them > down.Once/if the international troops leave afghan,there are > over hundred factions,who will keep fighting among themselves > for 'land' and the taliban will be back. There have always been a hundred factions quarreling over land in Afganistan. The level of violence was tolerable to Afghans and outsiders. What went wrong with the Taliban is that one faction, with outside aid from international islamicists, managed to actually get most of the land. US policy was to restore the status quo ante in Afghanistan, put things back the way they were before the Soviet invasion. It seems to have succeeded well enough, and there is no reason to suppose it will be any less stable than it was. The future of Afghanistan will probably be no less violent than it was before the Soviet invasion, but no more violent that it was before the Soviet invasion. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG k2IMyoZuE05D4VVX0FkW1hRQSzvJRDmLhlhwppHX 4+V+mECM7CjCVvLuL1WVl7q6w8saodTqAtyPLDY7v
Re: Extradition, Snatching,and the Danger of Traveling to Other Countries
-- James A. Donald > > US policy was to restore the status quo ante in > > Afghanistan, put things back the way they were before the > > Soviet invasion. Sarad AV > How does that make things better for 'afghan' people,after > all the bombing done on their home land? Obviously it makes things vastly better, and to those who think the Soviets were progress personified, look at the way the refugees were and are moving.When status quo ante was restored, the refugees came home Much the same story in Nicaragua. The refugees were always going away from the Sandinistas, towards the contras. > > The future of Afghanistan will probably be no less violent > > than it was before the Soviet invasion, but no more violent > > that it was before the Soviet invasion. > Thats the only thing US seems to be doing for afghani people > after all their promises.The US foreign policy is disliked > world wide. The US foreign policy is highly popular in those countries most threatened by the Taliban -- Afghanistan and Uzbekhistan. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG m3BCbcTez7gMAJBd7yGjgbujWjkP967kgrflSJJM 4BtvgmCP/KjctqbJ5y1eHzxxGBFRTBeLGe+iXBMcb
Re: Verdict's in: Elcomsoft NOT GUILTY of criminal DMCA violations
On 17 Dec 2002 at 16:43, Steve Schear wrote: > [I'm more convinced than ever that nullification figured into the > verdict. If so, bravo for the jury. steve] Both the defense and the prosecution sought to make the facts clear and understandable to the jury. So the defense was betting on nullification.
Re: To Marcel Popescu On the Interventionist pseudo-Libs
-- On 18 Dec 2002 at 9:50, Major Variola (ret) wrote: > Yeah, the Objectivists (TM) seem to have been taken over by > militant zionist interventionists too. Of all the advanced states, Israel is arguably the one that accords least with Objectivist ideals. It is nominally socialist in land and quite a lot of other stuff. Of course if you are Jewish, that socialism can be set aside -- and is set aside to a greater or lesser extent for most Jews, though some Jews find it a lot easier to have a nominally socialist state treat stuff they care about as private property than other Jews. Objectivists having orgasms over Israel because it is supposedly a liberal democracy is rather like communists having orgasms over Cuba because it was supposedly egalitarian. It is also entertaining that the socialism of Israel is, like the socialism of the Sandinistas, a lot more socialist for ethnic groups that are hated than ethnic groups that are favored, which reminds me of the argument I sometimes hear from socialists about West Germany -- that all Germans were evil hateful nazi murderers, and therefore should have had a socialist economy imposed on them. But I ramble and digress. To get back on point, if those who purport to be objectivists are also militant zionist interventionists, we should not take their supposed objectivist ideals too seriously. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG z6cMJ26RNdOfjBLQ98HcwFLdNTnpcyr6pXXAMyQK 4tzr0wMoswCmhku2MWXFlT4ncUNcScZtE4v7JMJS4
RE: CRYPTO-GRAM, December 15, 2002
-- > > Disney doesn't have the power to tell me what I may eat or > > smoke, except in their parks and on their property. On 20 Dec 2002 at 10:24, Vincent Penquerc'h wrote: > Now, imagine a Disney owning the whole of the land of the > USA, and having armed forces the size of the USA. If a single corporation owned everything, then it would be a socialist government. If the US government was socialist, if it owned all or nearly all of the means of production. it would behave the same way all other socialist governments have acted -- it would engage in terror and mass murder. The fact that Disney, and lots of other groups own various small things makes me free. Voting does not make me free. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG qikI/Zvu3HswGlLSZkKaevQ3pU6OY28ELljC0Jbd 4cAxIRdESGs/ZREaCsKc0sn3T8IF21aiD8Wwoy3Os
Re: CRYPTO-GRAM, December 15, 2002
-- On 20 Dec 2002 at 19:26, William Warren wrote: > voting keeps you free..voting is our way of controlling and > shaping the government. No matter who you vote for, a politician always gets elected. > Those who do not exercise this duty do not deserve to > complain about what goes on. By voting, you give the appearance of consent to what the government does to you. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG xmBBW56MrvFmh7U6fPSMDbyYqa+PTDPhTlRLmwmD 4cHSTvSFFo32sjmnBGPqe0vLtp3CfQhXyVLccQaXm
Re: CRYPTO-GRAM, December 15, 2002
-- William Warren > voting keeps you free..voting is our way of controlling and > shaping the government. In http://www.daviddfriedman.com/Academic/Price_Theory/PThy_Chapter_19/PT hy_Chap_19.html David Friedman explains why democracy does not work. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG EE2kJk6NPO8w6BAmEjpZ3C4Ebd+deCFguLnVxSim 4l1W1bAjtNXV2/66RWaY7NrrWziR17QbWSWW4V9Ib
Re: Quantum Probability and Decision Theory
-- On 23 Dec 2002 at 21:23, Tim May wrote: > Inasmuch as we cannot even build a machine which even > remotely resembles a bat, or even an ant, the inability to > simulate/understand/"be" a bat is not surprising. There is > no mapping currently feasable between my internal states and > a bat's. Even if we are made of relays or transistors. On the other hand, our inability to emulate a nematode, or the a portion of the retina, is grounds for concern. This does not indicate that the mystery is QM, but does suggest that there is some mystery -- some special quality either of individual neurons or very small networks of neurons that we have not yet grasped. It is unsurprising that with current computing power we should be unable to emulate an ant, but inability to emulate a nematode is troubling. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG s086giCwtcqu7XeskLWGWB1/rNYzhJZkH8XFagKR 48Gxb+aU0UhySFtRSBas+3fCnJhul0WOmmsY1eX0F
Re: Make antibiotic resistant pathogens at home! (Re: Policing Bioterro Research)
-- Tim wrote: > > Expect to hear not of a hausfrau being busted, but of the > > roundup (so to speak) of Mohammed Sayeed, Hariq Azaz, and > > other thought criminals for buying two many gallons of > > Roundup at the local Walmart. On 24 Dec 2002 at 19:42, Anonymous wrote: > Not all that far-fetched, really. It would be fairly simple > to create a dioxin bomb by heating a 55gal drum of > polychlorinated phenols (2,4D or 2,45T) or polychlorinated > biphenols (PCBs from a powerline transformer say) until it > exploded. Put it upwind of the Whitehouse. The toxicity of dioxins is much overhyped. Any large power transformer that overheats is the equivalent of your dioxin bomb, and so far no one has noticed the supposedly devastating destruction created by such events. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG I/MUjNP0TjcfM8jSG/q6ilYM/BSusXQSnVFC62Oz 4qQn7Q8L8a5LQbDE/hF1+vLgvdmumy9NjYQuHGxYe
Re: Quantum Probability and Decision Theory
-- James A. Donald: > > It is unsurprising that with current computing power we > > should be unable to emulate an ant, but inability to > > emulate a nematode is troubling. Eugen Leitl > The crunch power is there. We're lacking a good enough model, > and empirical data to feed that nonexisting model. Every neuron's connection to every other cell is known, and yet the model does not run a worm. Every cell is mapped, but what these cells are doing is frequently unclear. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Vi3n3btgbJznuLwaZFHG2QzHC4WzqYUTP2PXc1eL 4iyLwSpYDYCB4gyr/ya7n2q23kHsZQmGXE2z7SUkD
Re: Security cameras are getting smart -- and scary
-- On 8 Jan 2003 at 16:54, Thomas Shaddack wrote: > In Japan, people are already wearing face masks frequently, > ie. during the flu season. If such cultural shift happens > here as well, we have partial protection against the > face-recognition cams. In today's Vietnam women commonly dress like Ninjas, completely covering every square inch of skin. Even the eyes are covered with dark glasses. The costume however is tight, covering the face but revealing the figure. Men's fashions, however, change at the speed of glaciers, so there is little chance of that becoming acceptable for men. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG eeK7Lx/2xa/jMsqP3nKuxuq4g/yRmQtaTm/6pzMG 4WNfeWcezvgs7vrhiCTz68qRAGREiuHgqil78zrNJ
Re: Question on Mixmaster
-- On 12 Jan 2003 at 20:12, Kevin S. Van Horn wrote: > I've known about Mixmaster for years, but only just now > finally downloaded and installed it (Mixmaster 2.9.0). Does > anyone know where I can find documentation on how to actually > use it? It is intolerably painful to use Mixmaster by hand. Download quicksilver, which is a wrapper around Mixmaster. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG SOzCf2IlFaRP9bX1C0CNSyBqZtT2LHJw6xVNbuQg 42jEIkLSj0DRPCGqFJuNhf6tC8RHusnbDZzvJzdg5
Re: Security cameras are getting smart -- and scary
-- On 13 Jan 2003 at 12:30, Todd Boyle wrote: > What *was* your point in redistributing the "nigger killing" > post from Cypherpunks, in the digital bearer settlement list? > Does that have something to do with digital cash, or enhance > your IBUC business somehow? Maybe, increasing traffic by > being cool and shocking? Tim May pulled people's legs -- some sucker took it seriously, so someone decided to pull a little harder to see how much a sucker would swallow. The hunting post was obviously a joke, as the final line made clear. The real joke was that some readers would fail to see that the first line was a joke, would believe that cypherpunks really do go hunting black people. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG VZWpdVuMGJXwD+8kUsrx9HO13zFp6hwvFIsezAEw 414DzHlNJd+xhIFwTZwjjprhbh3YCmMrWCkNV4SM5
Re: Security cameras are getting smart -- and scary
-- On 14 Jan 2003 at 21:48, Tyler Durden wrote: > My thought was that James is some kind of Fed. I suspect > Chomsky is one guy they most don't want around these days. > His accusations on the Chomsky dis website were > technicalities and hair-splitting, even somantic. Liar: Chomsky claimed that : : such journals as the Far Eastern Economic Review, : : the London Economist, the Melbourne Journal of : : Politics, and others elsewhere, have provided : : analyses by highly qualified specialists who have : : studied the full range of evidence available, and : : who concluded that executions have numbered at most : : in the thousands But in fact the "at most" is Chomsky's lie, not present in the articles he cited. Someone who read the economist and the Far Eastern Economic Review at the time would rather have concluded that the death rate from brutality and mistreatment was many hundreds of thousands, likely over a million, and that the executions proabbly numbered at least a hundred thousand or so. According to Chomsky these highly qualified specialists also made :: repeated discoveries that massacre reports were :: false. Of course no such discoveries are to be found in the material he cites, and his article appeared shortly after the massacres reported by the refugees were devastatingly confirmed by when such a massacre occurred on the border. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Hbp33+OpO++a/lQY1xLV9c3yccNAe3n+c3apD50B 4tlZyjrzU1UNgJfno/6lepfIRPdedtsG1UAQ8tRVn
Re: Petro's catch-22 incorrect (Re: citizens can be named as enemy combatants)
-- On 18 Jan 2003 at 10:01, Kevin S. Van Horn wrote: > The terrorists have made it pretty clear what their gripe > with the U.S. Government is, and it has nothing to do with > trade, the American lifestyle, or the elusive freedoms that > Americans supposedly enjoy. It has everything to do with US > troops stationed in nearly every country in the world > (specifically, Saudi Arabia), That was one indictment of many. Another indictment was the crusades. Bin Laden seemed most strongly upset about the reconquest of of what we call Spain, but which muslims call by another name. In the most recent communique (which may not be Osama Bin Laden but his successor pretending to be him) he gave a Leninist rant that the arabs are poor because the rich countries are rich, espousing the Marxist argument that simply being a citizen of a wealthy country is a crime deserving of death. This makes me suspect that the original Bin Laden is now a grease smear on some Afghan rocks, since the original Bin Laden was a Heideggerean, and would spit on any Marxist unless that Marxist was dying of thirst in the desert. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG sV5AglG+l7RX7GtAdr2sqFU4waW0+YXAMUKk12Nm 4LvMyqqmmLejQafyYLGOpTioRrPohNzS4GFkFqk6Y
Re: Atlas Shrugs in Venezuela
-- On 20 Jan 2003 at 7:20, Harmon Seaver wrote: > It's hard to tell from the US media reports what's really > going on. Is the "nation-wide strike" a strike of the workers > or just a lockout of the workers by the companies opposed to > Chaves? Given his popularity with the lower class, it's > difficult to understand why they would be striking against > him. It is a strike. You can tell by the fact that Chavez has been trolling poorer latin American countries, in particular Brazil, to recruit guest workers to do scab labor. However he recently discovered that many of these guest workers, though they theoretically have the skills of those they are supposed to replace, do not actually have the skills. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG kwfJU4cOdKICpZB82NV/SqXAxmw3TVvx9Mj+s73N 4qKieDYF+J3ghbatlXw9fpFG6hLJOwipHAEQ+/QjK
Re: Atlas Shrugs in Venezuela
-- Harmon Seaver: > > > Well, but only a strike of the executives and some > > > technicians. Not of the general workers. James A. Donald: > > When they bring out the army against the strikers as well > > as foreign scab labor, it is the workers. Harmon Seaver: >Nope, not a chance. Most of the people out on strike were >executives Then why the army? > It's pretty clear by now that last Spring's attempted coup > and the current strike was all engineered by the CIA and the > current whitehouse scum. Then why the army and the guest worker scab laborers? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG HF32U1ydzozTdZ6i7yRo/SgdkaZuGDrT5P2V9z6i 4YTrwmYIFejPLVEGKL7Y3nFQ6Mg+g07DVuTLLqTN2
Re: Atlas Shrugs in Venezuela
-- Harmon Seaver: > > > > > Well, but only a strike of the executives and some > > > > > technicians. Not of the general workers. James A. Donald: > > > > When they bring out the army against the strikers as > > > > well as foreign scab labor, it is the workers. Harmon Seaver: > > >Nope, not a chance. Most of the people out on strike > > >were executives James A. Donald: > > Then why the army? Harmon Seaver: >Why not the army? If it was only the executives and a handful of highly qualified specialists, you would not need the army. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG fQ/byy7jedqE9oGHEXqKrfXHoCvauj3bVa72KMSa 4PWFvnoRJp9TevLqmWauGP6Xq+IgM3/kHhET6aqGD
Re: Atlas Shrugs in Venezuela
-- On 23 Jan 2003 at 9:48, Harmon Seaver wrote: > On Wed, Jan 22, 2003 at 09:38:47AM -0800, James A. Donald > wrote: > > > > If it was only the executives and a handful of highly > > qualified specialists, you would not need the army. >Of course you would. Look, once again, this isn't a normal >"strike", this is > a conspiracy of traitors working with an evil foreign power > to overthrow a legitimate government. Perhaps they are exercising their will over the facilities of production and distribution by CIA microwaves beamed into people's brains :-) > Don't we all know that that CNN, et al, are going to do > everything possible to minimize an anti-corporate leader? No, we do not know that. Recall "live from Baghdad". Recall Ted Turner's declaration that he is a socialist. Radosh lists him as one of his fellow radicals. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 9oeXHSnCgD5NmMmb8PrREjcnC1LEpeQCYyDS5ef2 4cnSq5ZshJsZCa5hpwa9OJurd0GHVS0jozg8GR8Na
Re: Palm Pilot Handshake
-- On 28 Jan 2003 at 20:54, Tyler Durden wrote: > Yo! Anyone out there in codeville know if the following is > possible? > > I'd like to be able digitally "shake hands" using a Palm > Pilot. Is this possible? > > What I mean is, Let's say some disgruntled and generic > crypto-kook (let's call him, say,...'Tyler Durden') has been > signing his (tiring) cyber-missives with a public key. > > And now let's say there's some guy at a party claiming to be > that very same Tyler Durden, but you're not so sure (this > real-life Tyler Durden is WAY too much of an obvious > chick-magnet to be the same guy that posts on the Internet). > BUT, you happen to have your Palm Pilot(TM), and so does he. > So you both both engage the little hand-shaking app on your > PP (using Tyler Durden's public key) and there's > verification. Yep. Same dude. (You then procede to prostrate > yourself before this obvious godlet, stating "I'm not worthy, > Sire".) This can be done without a palm pilot. Normally the flesh and blood Tyler Durden would reveal knowledge of information sent encrypted to the net Tyler Durden, or vice versa. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG +OfNblhcCuKIKF5MFg7gpgfNLhp99TtnhvtpjA6D 4yJKSl2sqFg6P1vGn5ClsKRon31LJE1uCGdVuiQEE
Re: CDR: US health care,a winner for Hillary in 04?
On 28 Jan 2003 at 19:46, Marc de Piolenc wrote: > PS - the infant mortality statistics are bogus; they are a > record-keeping artefact. Other countries (notably Sweden, to which the > USA is always being compared) don't "count" a child as born until it > has reached a certain age (three weeks in Sweden). Guess when most > infant deaths occur? Interesting datum. Could you give a source for this. If true, needs wide publicity, since we web search for "infant mortality" and Sweden gives a zillion hits, all saying what you would expect.
Re: the news from bush's speech...H-power
-- On 30 Jan 2003 at 11:31, Eugen Leitl wrote: > I'm not arguing pro strong state. I'm merely saying that the > tax funded ivory tower R&D is complementary in scope to > privately funded research. If 95% of it is wasted (and > lacking libertarian drive in Euland it's bound to stay that > way for quite a while), it's still nice to see a percent or > two to go into bluesky research. You will notice a disproportionate amount of blue sky research comes from countries that are highly capitalist. Thus Switzerland is roughly comparable to Sweden in size and wealth, but we see quite a bit of blue sky research coming out of Swizterland, not much from Sweden. Since blue sky research is a public good, only governments can efficiently produce blue sky research. Does not follow, however, that governments *will* efficiently produce blue sky research, and on the available evidence, they do not. There are several mechanisms that lead companies to produce and publish interesting data -- one is to make a name for themselves, as in the human genome project, another his that they like to employ scientists that have published interesting research findings, which means that their scientists want to publish interesting research findings. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG vj9XFJICkQyBZHtzNbSmc+aK6sW4+dfeCW2jBsxp 4SNzRPDCqDY1oqcXuKPS207CG2oaSOsRAObNR7CKl
Re: the news from bush's speech...H-power
-- On 30 Jan 2003 at 12:16, Harmon Seaver wrote: > I'll have to find the studies, but it was the same oil > geologists (not enviros) who used the same model to > accurately predict the peak of US oil production who did the > one on world oil production. Not true. Rather, what happened is that there have been thousands of overly pessimistic estimates, and one overly optimistic estimate for US oil production (an over reaction to past low side errors) , and everyone who makes implausibly pessimistic estimates for world oil production likes to associate themselves with those who disagreed with the one overly optimistic estimate -- but the association is thin. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 8af9YKuTzIfi6eW+kuKC5iSQr1ItRdPJmiiqa7oK 40um9WOOe1GxHnczql5Bykr/viCnjY0+DHauSAK8v
Re: the news from bush's speech...H-power
-- On 29 Jan 2003 at 21:08, Tyler Durden wrote: > That's not to say it can't happen in other environments, but > it seems to unfold very differently in, say, China or the > USSR (which actually has contributed lots of technological > and scientific ideas to the world). What little they have contributed has been entirely weapons related. >But none of them have benefited $$$-wise (nor has the pace > been nearly as fast) as in the US. > > Meanwhile, regulations and governments can give some > industries a head start, particularly if a "jungle" already > holds a nice warm niche for the output of those industries. > Thus Sematec helped US semiconductors to roar back from the > brink of extinction, Sematec was a boondoggle and complete failure and the buying up (and > subsequent dismantling) of lite rail systems in the LA basin > in the 30s and 40s apparently had a major impact on the > rollout of vehicles Might we have seen much better public > transportation in that area if this capitalist coup-d'etat > hadn't occurred? Public transport received, and continues to receive enormous subsidies. > The moon shots did apparently accelerate the development of > semiconductors. No they did not. > > (A side note should be made here about the fact that some > technologies have a very high activation energy > barrier...without a very intensive amount of capital, they > can't happen. Indeed, aren't we nearly at that point with > sub-0.13um technology? It is possible that further advances > just won't be possible without direct or indirect government > funding.) We are switching to direct contact methods, which will be cheaper. Gutenburg instead of photocopying. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG VKCnpakdLzFyrcBpgv0iSDG+sVotQDZ4KYseulLm 4ONCsZY4ADmP8p1dtPtY0srxJ4ZtKXxsplnujQ1HU
Re: the news from bush's speech...H-power
-- > These geologists very accurately predicted the peaking of oil > production in the US, Completely false. "These geologists" are not Hubbert, nor did they very accurately predict the peaking of oil in the US, nor do they use Hubbert's methodology, though they claim to. Rather, they are people who would like to associate themselves with Hubbert "these geologists" are not the successors to Hubbert, but the successors to "LImits to Growth", and "the club of Rome", who predicted total exhaustion of oil supplies and ensuing economic collapse in the 1980s. Hubbert estimated the amount of oil remaining from the logistic curves. Those who claim to be his successors assert that there is X amount of oil remaining, and then fit the logistic curve to match X. That is the club of rome technique, which is the opposite of the Hubbert technique. Hubbert predicts oil reserves from observed success in finding oil. Doomsayers predict failure to find oil from alleged oil reserves. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG C9e+ZUPyVGI4wbdMUNNKXWkQWaRXRTL/Nu+zv66g 4tjmevo5q83abI8gkC1baI1odUsQH0a8O86Tquf+1
Why there is no anonymous e-cash
As I predicted, transactions are increasingly going on line. And as Hettinga predicted, the more anonymous and irreversible the transaction service, the cheaper and more convenient its services. All happening as predicted. So why don't we have anonymous chaumian cash by now? Because, the more anonymous and irreversible its services, the more fraudsters use it to convert other people's bank accounts, obtained by phishing, into usable money. Why don't we have anonymous e-cash? - because IE and outlook express are full of massive security holes, and because people are idiots. Observe Tim May, who mistook e-gold phishing spam mail for the real thing. Well, not so much that people are idiots, but that we still have not got a satisfactory security model that adequately accommodates human factors.
Re: Email tapping by ISPs, forwarder addresses, and crypto proxies
-- On 23 Jul 2004 at 12:40, Thomas Shaddack wrote: > Depends on whom. Often the money are the main motivation. Of > course, your own country won't pay you as well as the other > one, and will try to appeal to your "patriotism" like a bunch > of cheapskates - it's better to be a contractor. The Soviet Union was notorious for absurdly low pay, yet had no difficulty getting lots of servants. It cultivated a sense of identification. The CIA would give you a crate of money, a crate of guns, and some say a crate of cocaine. but the KGB would ask about your dental problems and arrange for a free dental appointment. If you were a key scientist or something, rather than just some regular guy, they would discover your sexual tastes or your tastes in art and send around a girl or boy to suite, or some art that probably could not be obtained by mere money, or perhaps a boy carrying some art. To the best of my knowledge no one EVER got any decent sized cash payment from the Soviet Union for any act of treason, no matter how crucial. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG TKc9QQNccF421kjpfih8YdB96RpYw17p3sjofelQ 4yBG3NNFrBGZu5Zy/GwjHsjbhkfnJhmOU2OYDAyFn
Re: "...Hold still for the camera, Mehdi..."
-- On 10 Aug 2004 at 17:49, R. A. Hettinga wrote: > <http://www.aljazeera.net/news/arabic/2004/8/8-6-13.htm> > > Al Sadr got himself a laminator. His goons, er, freedom > fighters, have ID's now. > > Skip the arabic, notice the guy on the left in the first pic. Presumably the IDs do not display true names, but Sadr presumably has a database linking true names to ID tags. Of course, should that database fall into US hands, his entire organization is screwed. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG coAqlKplZQKw8k99OLGi4iC3tOe5nfoJXWb5ZXw1 4QGY4ri/TnUJjaPX8H30E7LUk0rLUXRrhVVIcT1D+
Re: Wired: Attacking the 4th Estate
-- On 25 Aug 2004 at 10:16, Sunder wrote: > Sure, you say, no such act exists. But Ashcroft himself once > testified that bellyaching over what he called "phantoms of > lost liberty" only serves to "aid terrorists" and "give > ammunition to America's enemies." And recently FBI agents > attempted to intimidate political activists by visiting them > at their homes to warn about causing trouble at the upcoming > Republican convention. Ashcroft is pretty good compared to recent Attorney generals. Under Reno, political extremists were not asked threatening questions. They were apt to get their dog shot, their son shot, their baby shot in its mother's arms, etc. If unpleasant people with intimidating questions was the worst menace to our liberty, we would be in mighty good shape. Ashcroft has completely failed to enforce all the "Child protection" legislation that congress passed against the internet - which makes him the nearest thing to a friend of liberty as you are likely to find in Washington. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Mluq4gPKwTGMErQREoTDh8saWV7wEzjSVjNf6113 4ydEMtkhYfG6Q30GRB2AWjgyE/a40DE7VIEdxVgD2
Re: Remailers an unsolveable paradox?
-- On 4 Sep 2004 at 21:50, Nomen Nescio wrote: > The ratio of remailer use to abuse is painfully low because > there's no way to actually communicate. You can broadcast but > not recieve, because no system exists to receive mail > psuedononymously. This is not communication. > > Remailer use is restricted to when senders don't care about > listener, which means rants, death threats, and the abuse > of spam. The only systems for receiving mail are at best some > college student's unimplemented thesis. alt.anonymous.messages provides a channel for people who wish to receive messages without themselves being identified. If I want to receive a message without providing and email address that can be traced, I ask the recipient to post in in the newsgroups such as alt.anonymous.messages. For obvious reasons people who read alt.anonymous.messages, or think they might need to read it in the future, download the newsgroup in its entireity. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG fzparMQ1YGMHFGGQ4eabvrdbfX3oQPnGSeUNNkuX 4UV3sPQUJdBwqav34D5pBXRBNtLg+GX5dxE+YM5P8
Re: "Forest Fire" responsible for a 2.5mi *mushroom cloud*?
-- On 13 Sep 2004 at 12:50, Major Variola (ret) wrote: > When I was a teen I would save the instant-cold packs after > soccer games, and recrystalize the AN within. It melts and > gives off bubbles but I never collected enough N20 nor did it > detonate. You need a lot of heat to detonate AN, but I have never failed to detonate it. Perhaps your stuff was contaminated with water or stabilizer, or perhaps you need a better flame. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG fi2djYWevOtkRUevhH2YeK5Q2byRVZ/KV1oTz6Kw 4wBDsSosJ6pBM+R7BpJsx2B+Bj//NSN+TD64XPR4S