Re: Mask Laws: About 5yr. log retention
"Trei, Peter" wrote: Unless there is a specific loophole for Muslim women's veils, I suppose they are technically in violation, but as I said, these laws are hardly ever invoked. If say, there were a rash of terrorist attacks involving veiled persons occured, there'd be crackdown. One of the reasons for mask laws is *specifically* veiled terrorists - wearing white spook outfits. The KKK is fortunately past its heyday, and the more common police problems when they hold marches are keeping the crowds from beating them up and unmasking them. Another reason for such laws may be bank robbers and highwaymen, but it's mostly the Klan. I did hear there was a case in Detroit or somewhere about mask laws being applied to veiled women, but the loophole to go for is the First Amendment protections on religious freedom. France, on the other hand, has had public schools ban girls from wearing head coverings, primarily because they emphasize the cultural differences. I read an article a while back about how the black dress outfit was becoming very common among Egyptian businesswomen. Not because they were traditionalists, but because the alternative, at least in Cairo, was that they were expected to dress fashionably and expensively, even though Egyption salaries for women haven't caught up with salaries for men, and the black dress is cheap, often more comfortable, and has enough traditional support that nobody can argue. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Questions of size...
At 08:46 AM 12/8/00 -0800, Ray Dillinger wrote: On Thu, 7 Dec 2000, petro wrote: Mr. Brown (in the library with a candlestick) said: (RAH might have called it a geodesic political culture if he hadn't got this strange Marxist idea that politics is just an emergent property of economics :-) Just by the way, how widespread is this use of the word 'geodesic'? It depends on how many hops away from Bob Hettinga you are :-) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
RE: Hello, You're Dead
At 11:50 AM 12/6/00 -0500, Trei, Peter wrote: [ukcrypto and Perry's list deleted] Dave Del Torto[SMTP:[EMAIL PROTECTED]] wrote http://www.abcnews.go.com/sections/world/DailyNews/phone001205.html "...Hitting the 5, 6, 7 and 8 buttons on the phone gun fires four .22-caliber rounds in quick succession. ..." The article goes on to say that the Men With Guns may now take reaching for a cell phone as adequate excuse to kill you. Guess you don't get your One Phone Call To Your Lawyer any more... Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
RE: hi
At 05:14 PM 12/6/00 -0800, Alan Olsen wrote: For some reason I am reminded of a line from the movie _A Shoggoth On The Roof_ (yes, there is such a beastie.): "Every one of us has a shoggoth on the roof. Not a metaphorical shoggoth, but a REAL Shoggoth! And how does he stay there you might ask? TENTACLES!" YOW! Where can I find it? (Or how do I keep the Shoggoth from finding me?)(Oh. Not mentioning its name.)(Oh..) ]-9028iu3r =EQ-WSD9A0fc8zuedxtg v-=]3wr14508eux[;colf8itjmkqsvA] zx=]F\QSF*$q(*iztfg v\3-=Wqa(zidxcz0po[ikf]3-wpe[o04pirdfx=[] 0-p3iwsdARECfo0jygvh5]-9r3ud -g]94yut793]1q vt57575758yrtg043=qierg[vkrc kc=re[dsqaacdrsxz~~~
Re: Re: Sunders point on copyright infringement HTML
At 01:41 AM 12/5/00 -0800, petro wrote: Mr. May: (And then there's Riad Wahby, whose signed messages are unopenable by Eudora Pro. He is doing _something_ which makes my very-common mailer choke on his messages. Not my problem, as his messages then get deleted by me unread. Again, standard ASCII is the lingua franca which avoids this problem.) He's apparently using GPG, and he has been told about this. He doesn't seem to care. You're incorrect. The problem isn't GPG, it's the Mutt mailer. Riad's using 1.2.5i, which almost did the right thing, and he went to the trouble of hacking the program to fix it. So now his messages are plaintext GPG or PGP in the message body, which is what they should be. I'm not sure if hacking was necessary - it looks like RGB on the linux-ipsec mailing list is getting the same effect, (though perhaps he also hacked the source.) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
User philchristian@bushinternet.com Trolling for Passwords
Dear Bush / Telinco - your user, [EMAIL PROTECTED], sent the following email to the Cypherpunks mailing list. We often get script kiddies trolling for passwords, contraband, bomb-making materials, and the like. It's a difficult decision whether to harass them in return, or ask their internet providers to send them some Netiquette material. Unfortunately, I couldn't find any in the help files on your site - it was mostly about how to get interactive TV schedules. Phil - If you want passwords, ask your mother for one. If you want Richard Stallman's ITS password, it's carriage return, and by the time you get ITS up and running again, you'll have learned something. Grammar's a good thing to learn also. Return-Path: [EMAIL PROTECTED] Received: from sirius.infonex.com (sirius.infonex.com [216.34.245.2]) by wormwood.pobox.com (Postfix) with ESMTP id 88EFE725B5; Tue, 5 Dec 2000 16:03:43 -0500 (EST) Received: (from majordom@localhost) by sirius.infonex.com (8.8.8/8.8.8) id MAA20246 for cypherpunks-outgoing; Tue, 5 Dec 2000 12:57:30 -0800 (PST) Received: (from cpunks@localhost) by sirius.infonex.com (8.8.8/8.8.8) id MAA20213 for [EMAIL PROTECTED]; Tue, 5 Dec 2000 12:57:12 -0800 (PST) Received: from cyberpass.net (cyberpass.net [216.34.245.3]) by sirius.infonex.com (8.8.8/8.8.8) with ESMTP id MAA20202 for [EMAIL PROTECTED]; Tue, 5 Dec 2000 12:57:05 -0800 (PST) Received: from bushtv-1.mail.telinco.net (bushtv-1.mail.telinco.net [212.1.128.182]) by cyberpass.net (8.8.8/8.7.3) with ESMTP id MAA03486 for [EMAIL PROTECTED]; Tue, 5 Dec 2000 12:59:31 -0800 (PST) Received: from [192.168.8.186] (helo=bushtv-java-1-internal.server.telinco.net) by bushtv-1.mail.telinco.net with esmtp (Exim 3.14 #7) id 143P91-0007Kn-00 for [EMAIL PROTECTED]; Tue, 05 Dec 2000 20:56:59 + Message-ID: [EMAIL PROTECTED] et Date: Tue, 5 Dec 2000 20:56:58 + (GMT) From: PHILlIP CHRISTIAN [EMAIL PROTECTED] To: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: [EMAIL PROTECTED] Precedence: first-class Reply-To: PHILlIP CHRISTIAN [EMAIL PROTECTED] X-List: [EMAIL PROTECTED] X-Loop: [EMAIL PROTECTED] X-UIDL: ac925881ae786caacca3116fc22f5066 please send me password
Re: Buying Mein Kampf via the Net
At 08:02 PM 12/3/00 -0800, Lizard wrote: At 07:49 PM 12/3/2000, Danny Yee wrote: Lizard wrote: Really? Doesn't the Berne convention override national laws? Probably, yes. Does that mean national copyright laws only apply to their own citizens/residents? What happens in the case of dual citizenship? And does place of publication come into it? In most cases, national laws are altered to bring them 'in line' with treaties. (All treaties.) This has been an issue in the US, where the SC has ruled that a treaty cannot violate the constitution...or, rather, that it doesn't matter WHAT Congress agreed to, the Constitution will trump any laws passed to institute it. I don't know if Australia's joined Berne (I assume yes) or how they've implemented it. Copyright laws, like most laws, only apply in whatever jurisdiction the government that writes them can get away with enforcing them. (For most countries, that's their national boundaries, plus occasionally expatriate citizens; for some, it's quite a bit less :-) Traditional Chinese copyright law only applied to civilization, i.e. Chinese-language books written by Chinese; stuff written by barbarians wasn't provided, so lots of my Taiwanese fellow students in college had much lower-cost versions of US-written textbooks, and that tradition was adapted to software on CD-ROMs at least until recently. In the US, that doesn't really affect copyright - the US Constitution doesn't go into any depth on the details of copyright law, so the US Congress was perfectly free to replace the previous details with Berne convention details. The one arguable exception is that the Const. authorizes grants of patents and copyrights for limited periods of time, and the current definitions of "limited" for copyright keep getting stretched; I think it's now "75 years after you're dead, or pretty much forever if you're a corporation". The general comment I've heard from lawyers is that copyright lengths will keep getting extended indefinitely to prevent Mickey Mouse's image from going off copyright. That this might somehow change is a favorite paranoia of a loony right. (And, were it likely to occur, it would be a justifiable paranoia...it would allow the legislature to do an end-run around the Bill of Rights. For example, the US as it stands CANNOT ban 'hate speech' from US-hosted servers, even if Europe pressured them into signing a treaty to do so.) No, but Congress does a pretty good job of passing Unconstitutional laws already :-( The treaty trick that's been going on, at least in the ReaganBushClinton years, is for the administration to haggle other countries into a treaty or lower-status-than-treaty agreement about something obnoxious, like drugs laws or crypto export restrictions, then bully Congress into implementing legislation for it "because we've already negotiated it with our major partners". Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
RE: Net News as Cover Traffic
At 08:56 AM 12/1/00 -0800, Ray Dillinger wrote: Yes, different. alt.anonymous.messages is simply a message mix. I'm talking about a system that would provide lots of encrypted traffic *ON THE SAME PORTS* as whatever other encrypted traffic you were sending. IOW, no one should be able to look at logs and say, "well, we can ignore that packet, it's NNTP. This other packet over here is mail, and probably the thing we're after..." That sounds like a job for IPSEC. All the packets are encrypted at the IP level, though you can still tell the source and destination of the outer packet, and you can tell the packet size, so it's not a strict Pipenet substitute - if you see traffic from A to B and same-sized traffic from B to C, you can guess that B might have routed some packets from A to C. But it still answers your basic request. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
re: Imagine
At 11:04 AM 11/29/00 -0800, Steve Schear wrote a message that was in some HTML format that Eudora badly choked over when trying to reply. It was possible to save it with all the random font change garbage and funny characters, but not to just send a text reply. 1. Imagine that we read of an election occurringanywhere in the third world in which the self-declared winner was the son ofthe former prime minister and that former prime minister was himself theformer head of that nation's secret police (CIA). Steve, or whoever The Blue Writer is, says "Correction. He was declared the winner by the fact that he has received 271 of the needed 270 electoral votes." Bush hasn't received them. Not only have the Electors not voted yet, but Florida hasn't selected their electors yet. They're still haggling about whether the votes should all be counted, and the Republicans have done a good job of preventing any recounts from being finished (or used), to the extent of organizing riots outside the Miami/Dade election office. They're also trying to decide what to do about the 19000 double-punch ballots (probably unfixable), and the 15000 absentee ballot applications that were allegedly criminally altered by the Republicans (1 were voted for Bush, 5000 for Gore). Then there were the 12000 mainly black voters whose registrations were disqualified incorrectly because they were allegedly felons, based on a database provided by a company whose parent company gave a six-figure contribution to the Republican Party - about 8000 of those people got back on the voter rolls, and probably not all of the other 4000 would have voted, but they were much more likely to have voted Democrat. I'm not saying the double-punched ballots were Republican fraud; it looks a lot more like Democrat incompetence in the ballot design, though it's been suggested that they could also have been from Democrat attempts at fraud (punch a spike through the Gore hole, and it won't invalidate any ballots already marked for Gore, but will invalidate any ballots voting for other candidates.) The "bunch of elementary school kids had no trouble" press release is fun, but bogus. If the teacher had told the kids "Vote for Gore and Lieberman" instead of "Vote for Gore", they'd have been much more likely to make a mistake. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: CNN.com - U.S. Supreme Court strikes down drug roadblocks - November 28, 2000
At 12:13 PM 11/29/00 -0500, sunder wrote: Jim Choate wrote: http://www.cnn.com/2000/LAW/11/28/court.roadblocks.sc.reut/index.html ... Jim, rather than sending this 63K email with a copyright violation, why don't you just send us the above URL with NO attachments? ... Read our lips: THE URL IS ALL WE NEED. NO MORE THAN THAT! Of course, when somebody sends _just_ the URL, with no accompanying explanation of what it's about or why it's worth the time looking it up and reading it, we also rant them out for not including at least the first paragraph or a sentence or two of commentary :-) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: On 60 tonight
On Sun, 26 Nov 2000, Tim May wrote: At 6:32 PM -0500 11/26/00, [EMAIL PROTECTED] wrote: My on-screen guide said "FISA", tvguide.com says, "Mike Wallace looks at one couple's claim that they were set up by the FBI and wrongly convicted of espionage." I notice you're babbling about what's on "60 Minutes" but not saying a peep about the certification of the election in Bush's favor. Tim, the guy was taking a break from election results to actually say something about a cypherpunks topic. We know the election rigging is in progress, and it looks like Bush is better at it than Gore. At 07:59 PM 11/26/00 -0600, Mac Norton wrote: So Bush pardons Clinton, which has the added plus of forcing Clinton to the choice of taking it or not. That's *real* revenge. Not that W. is that smart/mean, but his daddy is. Ooh, that's nasty. Hope he does it :-) In practice, the Statute of Limitations probably applies to most of the things the Clintons did. Besides, the Republicans have used far more slack than they had available in trying to prosecute Clinton for something/anything/whatever. Meanwhile, the speaker on CSpan Book Passage is talking about how he and his friends attempted to not be swayed by the Steve Jobs Reality Distortion Field ("We even had *hand signals* to warn each other when they were getting sucked in..." :-) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Re: ssz.com network trouble
At 10:07 AM 11/20/00 -0600, Jim Choate wrote: Hi Bill, On Sat, 18 Nov 2000, Bill Stewart wrote: I did a traceroute (well, mswindoze tracert, anyway), and got a "destination unreachable" from a machine at realtime.net in Austin. SSZ has often been unreliable; Unreliable? The context of my message was "don't panic if you haven't been able to connect to SSZ for the last few hours, it happens sometimes"; I wasn't saying "don't trust those unreliable bums" :-) We average six and eight month uptimes. And when the outages occur it has been either hardware failure or a service failure. We average 2 hardware failures per year and it usualy(!) takes less than 4 hours to have it replaced (not bad for off the shelf consumer equipment). ...We usualy get about 4 service interruptions of some sort or another a month. They usualy last about 4 hours. I agree that's not bad for off the shelf equipment not located at a heavy-duty colocation facility, though I thought you've also had the occasional power hit take you down. ISDN isn't the kind of thing to use if you're paranoid about not having your connection flake once in a while, but it's pretty good (if the price is right) for a mostly-reliable service and is pretty good at self-recovery if you've got a service provider with multiple dialin locations. I think it's connected by ISDN, and it's raining down in Texas. Yes, we had a ISDN/Ethernet issue. Replacing the hardware with a suitable model was harder than expected, coudn't find anyone open with stock on Saturday. As to rain, 4in/hr is a tad more than a sprinkle junior. Yup. Telecom networks often get grouchy about that sort of thing, especially when they're going out to your house or small business, and I'd been guessing you were probably having that or a power problem. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: ICANN should approve more domains, from Wall Street Journal
I was disappointed that the IETF Ad Hoc Committee wasn't able to generate their political clout to get their earlier 7-new-TLD plan implemented a couple years ago. However, one strong similarity between their plan and ICANN's is that both first rounds of new TLDs were pretty lame, and if this wasn't done deliberately, it should have been, because it's a Good Thing. It's how you get a practice round before getting to the far more controversial valuable namespaces, like .inc, .ltd/gmbh/sa, .mp3, .sex and .microsoft. The limitations on the number of TLDs aren't particularly technical; if you allow an infinite number of them, you replicate all the problems with .com under . , and don't have a level of indirection available to fix them with. It's worth going slowly. The more important questions are the openness of the namespaces; I'm glad that ICANN rejected the WHO's .health and Nader's .union, because they allow political groups to decide who can join based on their political correctness positions (would WHO allow .accupuncture.health? .joes-herbal-remedies.health? .snakeoil.health? .homeopathy.health? Nader's group wouldn't allow a company-dominated union, and might even have trouble with the Wobblies.) The $50K application fee was pure exploitation of their position; I don't think they're making any excuses for that. The big problem is that it limits the kinds of TLDs that can be applied for to commercial players - experimental namespace use like .geo is valuable, and hard to get funding for. And like taxi monopoly medallions in New York City, once you've charged somebody big money for their chance, it's politically difficult to charge somebody else less or nothing later. Bill Stewart At 08:58 AM 11/20/00 -0800, Declan McCullagh wrote: [My op-ed, below, appeared in today's paper. An HTML-formatted copy is at: http://www.cluebot.com/article.pl?sid=00/11/20/1714249 --Declan] The Wall Street Journal Monday, November 20, 2000 ICANN Use More Web Suffixes By Declan McCullagh Op-Ed . One reason is that the new suffixes approved by the Internet Corporation for Assigned Names and Numbers are woefully inadequate. Instead of picking GTLDs that would meet market demand, ICANN decided to approve the lackluster set of .aero, .biz, .coop, .info, .museum, .name, and .pro instead. (If these were proposed brand names, you can bet most would fail the first focus group test.) Any more additions, ICANN's board members indicated, would not be approved until late 2001. This is absurd. Technology experts occasionally wrangle over how many GTLDs the current setup can include, with the better estimates in the millions, but few doubt that the domain name system can handle tens of thousands of new suffixes without catastrophe. Another problem is a predictable one: Politics. In the past, some of ICANN's duties had been handled by various federal agencies. Unlike what some regulatory enthusiasts have suggested, however, the solution is not encouraging the government to again become directly involved in this process. A wiser alternative is a complete or near-complete privatization of these functions. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
BRITAIN DEPLOYS 'CYBERCOPS' TO FIGHT INTERNET CRIME (Fwd)
Unnamed Administration Sources forwarded this message about a new Internet-based terrorist group in Offshore Northwestern Europe: -- Britain deploys 'cybercops' to fight Internet crime By NICK HOPKINS The Guardian November 15, 2000 LONDON - The rising tide of Internet crime - hacking, porn rackets, extortion and fraud - is to be tackled in Britain by a squad of "cybercops." British Home Secretary Jack Straw said the unit will be headed by 80 officers recruited from the police, customs service, national crime squad and National Criminal Intelligence Service (NCIS). Money is also being provided to help fund a 24-hour international hotline for detectives from different countries to "trade information on potential attacks on the national infrastructure." The initiative follows intelligence that shows terrorists are increasingly using the Internet for recruitment and planning. Internet crime has soared in the last three years as criminals have begun to realize the opportunities it offers. The dissemination of computer viruses, such as the "I Love You bug," which wreaked havoc last summer, is also on the rise. Medium-sized businesses are particularly vulnerable to these kinds of attacks because they cannot afford protective filtering systems. Recent research showed that 60 percent of Britain's online businesses have suffered hacking while worrying new trends include evidence of an international Internet trade in body parts. -- (Distributed by Scripps Howard News Service. For more Guardian news go to http://www.guardian.co.uk/) _
Re: A secure voting protocol
At 05:53 PM 11/13/00 -0500, Declan McCullagh wrote: On Mon, Nov 13, 2000 at 11:08:01AM -0800, Tim May wrote: A "vote at home" protocol is vulnerable to all sorts of mischief that has nothing to do with hackers intercepting the vote, blah blah. Righto. Absentee ballots require a witness, usually an officer (if you're in the military) or a notary-type, to reduct in par tthe intimidation problem. The state of Oregon uses vote-by-mail for their elections, though I think there's an option for physical delivery if you want. I'd be surprised if they require witnesses - if anything, that encourages your spouse to look at how you voted. I've never been required to have witnesses for voting with absentee ballots in New Jersey or California. Besides, in places like Chicago or Tammany-era New York City, it'd be easy for the Party to obtain notaries to witness ballots. "OK, Mr. Jones, the stamp on your ballot, and here's the stamp on your bottle of whiskey. Next, please!" and optionally to put the correct party ballots in the correct box and the incorrect party ballots in the round container. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: 2:15 am, Eastern Time--The Election Train Wreck
At 02:29 AM 11/12/00 -0800, petro wrote: Bush winning is bad, AlGore winning is worse. This insane infighting over the spoils is too much to stomach. I disagree. The House and the Senate will be Republican, or at least nearly so. Al Gore with a 100-vote Florida plurality would have an extremely difficult time getting things accomplished in that environment. (Considering what Al wants to accomplish, that's probably good, especially since first priority is It's Still The Economy, Stupid.) George W. with a 100-vote Florida plurality and a minority popular vote position (with Gore and also Nader to the left of him) would get no respect at all, but would have a Republican Congress to make it much easier to accomplish things. I don't *want* the military-industrial complex rebuilt (though Nader says that AlGore likes them as much as Bush does.) Other than small tax cuts, nothing I've heard Bush suggest doing sounds worthwhile, and he does plan to spend more of your money even though he acknowledges that it's yours. Also, Bush would be under immense pressure to prove he's not a wimp, so he'd go do something decisive and Presidential as soon as possible, which is not a good thing to have lightweights doing. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: jabbascript ads on algebra.com
They worked fine when I looked at it, though Jabbascript is unreliable enough on Netscape that I may have gotten lucky (e.g. looked at it when the memory leaks hadn't leaked much, caches weren't too full, rest of the memory on my pc wasn't swapping itself to death, etc.) It's unsafe for the users to enable it, because they might encounter web pages with malicious or broken scripts, but when it's well-written it really does work ok, at least most of the time. At 12:20 AM 11/13/00 +0100, Anonymous Remailer wrote: Actually there's a much more mundane reason for people not viewing the ads on algebra.com. The javascipt code is broken and doesn't display anything in netscape. So if you view the page with netscape, the ads don't show... Oh well, using javascript is a stupid idea anyway. I think you got what you deserved on that one... Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Greetins from ZOG-occupied Palestine
At 08:34 PM 11/10/00 -0600, Phaedrus wrote: On Fri, 10 Nov 2000 [EMAIL PROTECTED] wrote: Tim May, the heavily armed hate monger who refers to ZOG, and , his extreme right wing malitia friends have missed there chance. So is "malitia" a bunch of bad soldiers? Certainly the 400 of us needed killing before we influence the American Presidential election. actually, since ballots were supposed to be postmarked two days ago, killing you now wouldn't help (even if I were for it, which I'm not, personally) unless something very bad were going on Yup. It's now in the hands of disgruntled Postal Workers. (And apparently there _has_ been a certain amount of malfeasance in handling the mail ballots, though it's not clear the P.O. were directly involved.And the Postmaster General's on the succession list, at least in the 1947 version.) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Re: A successful lawsuit means Gore wins!
At 03:24 PM 11/10/00 -0600, Jim Choate wrote: On Fri, 10 Nov 2000, Trei, Peter wrote: This is covered by the Presidential Succession Act of 1947. See http://www.greatsource.com/amgov/almanac/documents/key/1947_psa_1.html Actualy it isn't. It's covered by the 20th amendment, section 3. The 20th Amendment was ratified in 1933. Therefore the 1947 law implements the " Congress may by law provide for the case" part of the 20th. (Unfortunately, the Postmaster General is fairly high up the list :-) The 20th does say that Congress can do whatever they want about it, so they could easily supersede the 1947 act. Anyway, Al Haig's in charge. Looks to me like Congress could leave Bill in office until this mess is over. Like I said, is this a new way to win a 3rd term? By the 23rd Amendment ("FDR Reoccurrance Prevention Amendment"), he can't be _elected_ to win a 3rd term - but that doesn't mean he can't be appointed, though What a bad idea that would be In general, the 23rd trumps previous amendments, as any newer law supersedes the older one, but it's not clear there's a conflict. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: A secure voting protocol
At 05:47 AM 11/10/00 -0600, Jim Burnes wrote: I envision a day (background music swelling and eyes tearing slightly -- an obvious Oscar moment) when it matters little who the President-elect is, because DC is bound and emasculated by its original constitutional chains. The day when the Pres has little more power than the Queen Mother. Somebody buy that man a beer! That should be an easier problem to solve than getting people to accept the validity of exotic crypto voting protocols. Yup. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Godel Turing - a final point
At 05:16 PM 11/9/00 -0600, Jim Choate wrote: On Thu, 9 Nov 2000, Jim Choate wrote: On Wed, 8 Nov 2000, Sampo A Syreeni wrote: You are talking about two very different problems, here. Gödel/Turing sorta things are about problems where quantifiers over an infinite set are permitted. In the particular case we are speaking of we are talking about the situation where the language consists of "all consistent/valid/evaluatable/assignable boolean sentences". Hence, somebody did a naughty... If you have a 'language' that is provably consistent then you know that that language is not complete or 'universal'. There MUST!!! be sentences which are not included in the listing. That's fine. The Satisfiability problem, and in particular 3-SAT, doesn't claim to be complete or universal. It's just a very large and versatile class of Booleans, but it doesn't pretend to contain Booleans that describe encodings of their own truth values (unlike this discussion :-) Just things of the form (A1 or A2 or A3...) AND (B1 or B2 or B3...) AND Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: A successful lawsuit means Gore wins!
So far, Wavy Gravy's Nobody for President campaign is still out ahead Nobody's winning in Florida! Nobody's in charge! Nobody's going to fix the economy! Nobody's going to shrink the military-industrial complex! Vote for Nobody! At 04:22 PM 11/9/00 -0800, Tim May wrote: At 7:05 PM -0500 11/9/00, [EMAIL PROTECTED] wrote: James "too damn bad about the 19,000" Baker ain't no piece of cake either, FYI. He's right about the "19,000 spoiled ballots." Four years ago there were 16,000 spoiled ballots in the same district, and that was with lower overall turnout. Fact is, voting is serious business. Those who show up dazed and confused and punch too many holes in their ballot are an example of social Darwinism. To some extent that's true - but it's also a lot like blaming airplane accidents on pilot error when the instrument panel is atrociously designed. It's not just the pilot's fault. Of course, here, the problem happened because the ballot designers were trying to make it Easier for the old folks. There are two or three states where Gore won by a narrow margin over Bush (typically about 48-49% of the total.) Bush has hinted that if the recount overturns this one, he'll push hard for recounts there, which could get him the electoral votes he needs. And so it begins On the other hand, if Bush squeaks by and wins this by 10 votes, there'll be a LOT of pressure on the Bush electors to do the honest thing, admit that Gore really won (because of the 19000 trashed Gore/Buchanan ballots), and vote for Gore. It only takes 2. And they don't even HAVE to be from Florida, though those would be the most appropriate ones to fix it. Unless he was bugging the voting booths and had ways of knowing the true thoughts of those voting, he had no way of knowing this. Knowing for sure? No. But Buchanan's not dumb enough to overestimate his popularity among a bunch of older Jewish Democrat voters, though perhaps his protectionism appeals to some Fla. Liberals as much as Nader's does Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Re: Close Elections and Causality
At 03:54 PM 11/9/00 -0600, Jim Choate wrote: On Thu, 9 Nov 2000, Tim May wrote: * In a close, nearly-tied election, should a re-vote be allowed? * In a close sports game, should all potential "fork" decisions (referee calls) be reviewed and the game rolled-back...even hours later? Should critical plays be re-played the next day? I believe the concept is called 'sudden death'. Hey, leave Jim Bell alone! :-) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: A successful lawsuit means Gore wins!
On Thu, Nov 09, 2000 at 05:58:11PM -0500, [EMAIL PROTECTED] wrote: I vote you are hereby ex-communicated from the Cypherpunks club, joining Dimitry Vulis. At 07:05 PM 11/9/00 -0500, Declan McCullagh wrote: Huh? Tim has been posting such articles for years. You weren't around for the Y2K discussions. George, you've got to remember not to mess with Winston Smith. Unlike some people who need killing, yer just gonna get unpersoned Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Late-postmarked ballots from ZOG-occupied Palestine
So do military personnel who are officially Florida residents get Extra Slack on their absentee ballots if they're overseas? They're as likely to vote for the Ruling Party than Israelis are. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: A successful lawsuit means Gore wins!
At 10:42 AM 11/9/00 -0500, Declan McCullagh wrote: It would be simpler, and probably fairer (in a general sense) to discard those ballots that are suspect. Elections such as this should not be re-run. Take it down to its most general form. Gore and Bush are tied. My ballot was mangled during processing and is unreadable; I successfully sue for a rerun of the election, just for my ballot alone. Is this a good thing? There are at least two problems with that 0) That's what happened now, and nobody likes it :-) 1) The ballots that appear to have been misvoted, about 19000 of them, disproportionately appear to have been for Gore, and not for Bush, so it seriously biases the results in that district. You could avoid this by voiding _all_ Presidential votes from the district. 2) The district itself is heavily Democrat, so voiding all their votes doesn't fix the imbalance either. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Close Elections and Causality
At 09:02 AM 11/9/00 -0800, Tim May wrote: [lots of good comments on causality] -- Someone will say that a highway being closed prevented them from getting to the polling place in time, and that there additional vote "would have made the difference." They want a re-vote. A few years ago, Christie Whitman was busy campaigning for governor of New Jersey, and didn't get back home to vote in a school bond election. It lost by one vote. (On the other hand, the local district or state or somebody ignored their loss in the election and sold the bonds anyway) Second, at the time of the "approximately simultaneous" vote on Tuesday, no particular state, no particular county, and no particular precinct had any way of "knowing" that it would be a hinge site. Thus, some people didn't bother to vote, some were careless in reading the ballot instructions, some just made random marks, some were drunk, all of the usual stuff happening in polling places across the country. This despite the estimated $3 billion spent on wooing voters. The electoral college system means that in almost all states, except the one or two with the middlest results, a difference of a small number of votes doesn't change the outcome. Usually even changing the outcome for a whole state doesn't change the outcome of the election either, except a few big states. In Florida, where the vote totals are close to equal, a small number of changed votes could change the election. Arguably, the votes on the 19000 spoiled ballots _have_ changed the outcome of the election, because the vote went into the voting booth saying "I'm voting for Gore", and the ballot counters tossed those votes after they were made. Rules are rules. The time to object is beforehand. Unless extremely serious voter fraud is found, results should not be thrown out when those results are in accordance with the rules. In no cases should a re-vote of a "hinge county" be allowed for less-than-massive-fraud reasons. I agree that that's a strong point - if any of those 19000 voters was confused, the time for them to raise the issue was at the poll. If they _did_ ask "hey, this is confusing, how do I vote for Gore?" at the polling place, and the poll workers told them what to do and voided their ballots anyway, then they've got a cause of action. If they didn't complain, it's much harder to argue. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Codebreaking with a multi-Teraflops network: one technique
At 04:01 PM 11/7/00 -0800, Ray Dillinger wrote: Let's say you're a high-level spook, and you've got a bunch of encrypted intercepts of uncertain origin. Gigabytes and gigabytes ... It should be childs play to set up a "front", as a scientific or charitable organization. Dream up a CPU-intensive task that engages ... Hire a bunch of people at the front organization who sincerely believe that all these cycles are expended on the fake project, and let them effusively thank all the people who download and run the software. Explain that you can't release the source, because then people would modify it and your scientific data might be corrupted. Scamming Extra Teraflops for Intelligence ?? :-) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: ZKS, government regulation, and new privacy laws
At 10:29 AM 11/2/00 -0500, John Young wrote: Banks and telecomms been doing the snitch not nearly as long as the church, rather the state snitching to the church, depending on who's in charge of the day's inquisition. (Interesting stuff in recent books on Vatican and global intel services regular kiss-kissing.) Does anybody know if anything ever came of PGP Inc.'s attempts to get the Vatican to use PGP? (I couldn't find a PGP key on www.vatican.va, though they could be using them just internally. They do have the Secret Archives on CD-ROM now, at least for Popes from a long time ago. I guess the secrets you can find on CD-ROM aren't the real secrets) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Soft Money for Green Medea Benjamin
The SF Bay Guardian, 11/1/00, pg.23, has a big ad for Green senatorial candidate Medea Benjamin, paid for by "Philip H. Wilkie and the Green Party of California" "Not authorized by any candidate or candidate committee". Friends, this is _soft_money_, right here in San Francisco, and it's a good example of the kind of thing many campaign finance "reform" proposals would ban - and why the First Amendment is a better campaign finance law that the ones we're using today. I highly respect Medea - she's strong, principled, and has guts. She's done a lot of election monitoring around the world. She needs to learn some reality about economics, and why economic rights are critical parts of human rights, but that's the usual Green problem. :-) I happened to catch the news the other night, where the bipartisan debate between Dianne Feinstein (boo, hiss!) and Republican Tom Campbell (who opposes the Drug War) got upstaged by Medea's protests outside KRON (or whichever TV-monopoly station it was). It was a class act, particularly when she and Campbell hugged each other after both talking to the crowd. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: FW: BLOCK: ATT signs bulk hosting contract with spammers
At 07:40 AM 11/1/00 -0800, James Wilson wrote: If any of you get services from ATT you might want to start looking for a more ethical carrier (if one exists) - ATT has been caught red handed hosting spammers and promising not to terminate their services. -Original Message- From: Spam Prevention Discussion List [mailto:[EMAIL PROTECTED]]On Behalf Of Steve Linford A copy of this fax is now at http://spamhaus.org/rokso/nevadahosting.jpg Fortunately, somebody got this to the right people at ATT; otherwise I was going to have to contact the Sales VP (Hovancak) whose name was on the contract and ask him to find the sales rep who got fast-talked into signing that contract. ATT's privacy policies mean that we can't reveal information on our customers' networks, so it's the PR folks' problem to tell you that we've learned the error of our ways, as revealed in the CNET article below. http://news.cnet.com/news/0-1005-200-3369773.html ATT admits spam offense after contract exposed By Paul Festa Staff Writer, CNET News.com November 3, 2000, 9:30 a.m. PT update - ATT acknowledged Thursday that it had violated its own spam policy by providing Web-hosting services to a purported sender of unsolicited commercial email. The admission came after an English anti-spam organization publicly posted what it termed a "pink contract" between ATT and the alleged spammer, Nevada Hosting. ATT had been hosting the group's Web site. "This proves that ATT knowingly does business with spammers and shows that ATT makes 'pink' contracts with known spammers to not terminate the spammers' services," Steve Linford of The Spamhaus Project wrote in an email interview. ATT confirmed Thursday the authenticity of the contract and said it had been discontinued. "That document represents an unauthorized revision to ATT's standard contract and is in direct conflict with ATT's anti-spamming policies," wrote ATT representative Bill Hoffman. "The agreement has been terminated, and the customer has been disconnected." ATT's spam policy specifically rules out contracts like the one it signed with Nevada Hosting. Nevada Hosting could not be reached for comment. Anti-spam groups have long suspected the existence of pink contracts that allow spammers to promote their Web sites provided they send their unsolicited emails through other Internet service providers, according to Linford. The ATT contact confirmed those suspicions. The Spamhaus Project's success comes as anti-spam groups increasingly bypass spammers themselves and instead target those who facilitate the dissemination of unsolicited commercial email. Those groups--mostly ISPs and server administrators--are relatively few and are easier to hold accountable than spammers. Another such pressure group is the Mail Abuse Prevention System (MAPS), which maintains the Realtime Blackhole List (RBL). The MAPS RBL blacklists servers left open to abuse by spammers. While the group's stated goal is to pressure server administrators to close avenues for spammers, the MAPS RBL has weathered criticism that it has limited effectiveness in actually blocking spam. The Spamhaus Project, based in London, positions itself as kind of spam Purgatory on the way to the MAPS RBL. Spamhaus targets entities that send spam with forged addresses and the ISPs that do business with them. "When it finds a 'stealth' spamming service, or an outfit selling stealth spamware, The Spamhaus Project sends a notice to the ISP and requests the service or site be terminated," Linford wrote. "Ninety-five percent of spam sites are terminated this way, and those that aren't are then escalated to the MAPS RBL team. "MAPS are very much our heroes." ATT representatives have taken to Internet discussion forums in an attempt to placate spam foes and reassure them that the company's stated anti-spam policy will be enforced in future contracts. "Our sales agents have been instructed as to the correct procedure to follow and have been reminded of our existing anti-spamming policies," ATT customer care manager Ed Kelley wrote in a posting to the "news.admin.net-abuse.email" newsgroup. "ATT is making every effort to ensure that this does not occur again in the future." Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: California bars free speech of those cutting deals ...
And it isn't even shut down through law - just FUD, letting them create a chilling effect without the need for a full-scale argument in court. At 07:31 PM 10/31/00 -0800, Tim May wrote: At 2:55 AM +0100 11/1/00, Anonymous Remailer wrote: California has "shut down"--through a threatening letter--a site which matches up folks who are willing to say theyll vote for Nader in states where Gore is sure to win if other folks who had hoped to So now it is illegal to provide a public forum with specific capabilities. Is it also illegal for me to privately arrange this with a particular sheevoter from the other state ? Gangs can legally call for voters to vote for them and not for the other gang, but voters themselves cannot talk to each other and make arrangements that they see fit. Just another nail in the coffin of free speech in America. Perhaps it is best if Nader wins, or, failing that, one of the Gush-Bore tag team. The worse things get, the faster the collapse. As with Perot, Nader's certainly no worse than the major parties. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
RE: California bars free speech of those cutting deals on votes
At 09:48 AM 11/1/00 -0500, Trei, Peter wrote: All indications are that Carla Howell, the Libertarian challenger for Kennedy's Senate seat, will handily out-poll the Republicans this year. I really like Carla - hope she does well. You'll probably also have a lot of Greens and liberal Democrats voting for Nader, which would be good except they're partly doing it for the campaign finance porkbarrel. Massachusetts looks like the kind of state that has more pot smokers than registered Republicans. Somebody ought to be able to use that Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: public keyrings
Some Slightly Slack-on-Slack Version of Bob Dobbs wrote: At 02:54 PM 10/31/00 PST, bob bob2 wrote: if you have the url for an active public keyring site please forward it. ldap://certserver.pgp.com http://pgpkeys.mit.edu:11371/ Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: thanx my friend
[EMAIL PROTECTED] kindly agreed to teach this particular bomb some phenomenology. So either he's a clueless kid who'll have to get a new Hotmail or Yahoo account after being whacked, or he's a clueless Law Entrapment Officer who'll have to do so, or he's a troll who's had an afternoon's entertainment :-) At 01:17 AM 10/30/00 +, David E. Smith wrote: On Sun, 29 Oct 2000, sam ram wrote: : Hi, can you please show me a easy way to make a home made bomb by using things from the house. so please write back!! This depends largely on whether your home is equipped with a camcorder. Assuming it is, here's the instructions: 1. Get a piece of Scotch tape, and your copy of last month's WWF Pay-Per-View that you foolishly bought. Put the tape over the little notch on the end of the tape, so you can record over the TLC ("Tables, Ladders, and Chairs") (oh my!) match. 2. Call up five of your friends (assuming one of your friends is Paul Anderson and another one is Kurt Russell). 3. Get some guns. These should be easy to acquire. If you already have one gun, you can use it to acquire more; this, however, is beyond the scope of these Step By Step (TM) instructions. 4. Go to your local junkyard at night. 5. Have random people start shooting the guns at Kurt, while he mutters and grunts but doesn't say anything. Have Paul point the camera at random stuff. There you go. You've just re-created the bomb "Soldier." HTH. HAND. ...dave David E. Smith, POB 515045, St. Louis MO 63151 http://www.technopagan.org/[EMAIL PROTECTED] "I must remember to destroy those children after my breakfast has been eaten." -- Mojo Jojo Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Parties
That was the nice thing about Ross Perot. If he'd gotten elected, he'd have caused serious chaos in Washington (even though he was basically just another Republicrat), and the worst case is the Second Amendment said we could shoot him if he got too crazy. Unfortunately, he wouldn't let go of the Reform Party, preferring to give the party to the Transcendental Meditation cult if it wasn't going to be run by the Ross Perot personality cult, and now Buchanan has a certain risk of coming out behind the Libertarians :-) (Probably won't happen, since the LP hasn't done enough successful publicity to get mentioned in the media's "oh, yeah, there's also Nader and Buchanan" afterthoughts, but it'd be nice.) At 07:36 PM 10/27/00 -0500, Mac Norton wrote: So, everybody's third choice gets elected, or they take turns holding the office, or what? Weighted voting can work for corporate directors or other committees, but for a chief executive? Even the electoral college sounds better. MacN On Sat, 28 Oct 2000, BENHAM TIMOTHY JAMES wrote: That's simply a result of the dim-bulb "first past the post" voting system that the US (and apparently you) endure. In countries with electorates that are expected to be able to count past 1 (eg Australia) they have preferential voting and you can express your preferences from 1 to N (the number of candidates). This allows you to express your preference for libertarian drug-taking pornographers and still have an equal impact on the outcome. Tim Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Re: Illicit words
At 09:37 AM 10/25/00 -0400, Riad S. Wahby wrote: There is also the 'spook.lines' file that has come in every Emacs distribution at since 19.34 or earlier. On my machine it's /usr/share/emacs/20.7/etc/spook.lines You can use M-x spook to pull several random ones from a file and put them in the current buffer, like the following: CIA Legion of Doom Peking Noriega cracking Waco, Texas domestic disruption bomb security Kennedy KGB $400 million in gold bullion counter-intelligence colonel Semtex Makes a fine substrate for steganography as well :-) Pick 64 spookwords or spookphrases, which gets you six bits per word, or four bits with some duplications to level out distributions a lot. Heroin Intel Detonator DomIntel Echelon Noriega Semtex Terrorism Umber Feinstein Phreaking Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Risk and insurance
Archives are on www.inet-one.com At 02:50 PM 10/23/00 +0300, Sampo A Syreeni wrote: On Sun, 22 Oct 2000, Tim May wrote: The book I recommended a week or two ago, Judea Pearl's "Causality," is much more advanced in its mathematics. (But the math is important if one is actually trying to construct the causality diagrams Pearl is talking about.) Would it be too much to ask you to recant the main point made? It sounds pretty interesting... Sampo Syreeni [EMAIL PROTECTED], aka decoy, student/math/Helsinki university Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: why should it be trusted?
At 08:12 PM 10/22/00 -0700, James A.. Donald wrote: -- At 07:09 PM 10/22/2000 -0700, Nathan Saper wrote: I think the government has a right to do whatever it needs to do to maintain the health and well-being of its population. That is the purpose of the government. Then the government should be raiding your home to check on your consumption of chocolate, and spying on your messages to detect if you are secretly arranging for the purchase or sale of forbidden substances. Congratulations! You've finally discovered the Secret Ulterior Motive behind the Cypherpunks Grocery-Store-Frequent-Shopper Card Exchange Ritual, which is to discourage them from knowing who's *really* buying all that chocolate and beer. (We used to do it relatively often; now it's more of an occasional thing, especially since the Albertsons/AmericanStores merger means that Lucky no longer uses cards, but Safeway still does. Safeway started doing "Thank you for shopping at Safeway, Mr. Cypherpunki" a while back, and they're currently usually mispronouncing the person whose dietary habits I'm also disparaging. :-) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: defaulting on US Dept Ed. school loans
At 08:29 PM 10/20/00 GMT, Tito Singh wrote: Any suggested parameters or "recipes" for ducking under the govt's radar regarding school loan collectionminimal property holdings, shift belongings to spouses name, cousins name, liquidize and hideetc... Yup. Quit your job at the police force and go join the French Foreign Legion. See the world, meet exciting and interesting people, and kill them. C'mon, Joe, you can always change your name. Declaring bankruptcy is another popular approach. Of course, the way my generation dealt with the problem was to have low-interest student loans which the Carter and Reagan governments inflated into pocket change. Kids these days have to go back to the old-fashioned way of financing them, like working hard for a long time to pay them back. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: FBI: We Need Cyber Ethics Education
At 10:56 AM 10/10/00 -0400, Trei, Peter wrote: Funny, reading the Subject line of this, I immediately assumed that the FBI was belatedly admitting that it: the *FBI* needed some 'cyber ethics education'. This is [Yes, I know the article is a spoof] Tim's spoof got to me before the original did, and I'd read about halfway through before noticing that it was probably a spoof and then noticing it was from Tim :-) That's the problem with stuff that's too realistically written... Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re:
Yes, folks, U B Subscribed now. Should you want not to be subscribed, try [EMAIL PROTECTED] where there's a bot, rather then sending misspelled mail to the entire list where you'll receive replies of random usefulness. At 10:03 PM 10/8/00 -0700, Tim May wrote: At 11:06 AM -0400 10/8/00, steve lan wrote: ubsubscribe [EMAIL PROTECTED] You, too, are now "ubsubscribed." Hope you enjoy it. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Algorithm queston.
At 03:04 PM 9/29/00 +, Steve Thompson wrote: To correct my ignorance on current cryptography issues, I have been browsing the archives. Some time ago, there was quite a bit of talk about the MISTY algorithm, although I did not chance upon any pointers to an actual implementation. Since the character of the messages which I did read seemed to be (loosely speaking) light-hearted, I cannot decide whether the algorithm is some sort of `in' joke, or whether it was a cryptographic algorithm which didn't `cut it' under peer review. Are there any old-timers who recall the algorithm in question? There was one guy from Japan who kept trying to create discussion, in relatively-clueless mode, but he wasn't a cryptographer, so he couldn't give us good reasons to use it other than it being from Japan, and there are patent problems with the algorithm (I think he may have been connected to the company that owns it), and some of its relatives were broken (or maybe it; I don't remember). Tim flamed him a lot. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: And you thought Nazi agitprop was controversial?
By the way, if Jody only wants to fax the document, and Petro only wants to receive it by email, Petro can set up a JFAX.COM account which will accept faxes and email them to him (as TIFF files.) At 12:06 AM 9/15/00 -0700, petro wrote: petro wrote: Prove it. Produce the documentation that makes that claim. Come on. I double dog dare you--and not some stupid joke, or have wit assertion (which is most of what comes out of your mouth). There is this thing called "The internet". It's a wonderful method for spreading (dis-) information. Scan them, compress them, and mail them to me. -- A quote from Petro's Archives: ** Sometimes it is said that man can not be trusted with the government of himself. Can he, then, be trusted with the government of others? Or have we found angels in the forms of kings to govern him? Let history answer this question. -- Thomas Jefferson, 1st Inaugural Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: test: ignore: Re: Algebra.com Dysfunction? - Seems to work!
I don't know if algebra's sending out bad messages, but this one worked fine. I'm using [EMAIL PROTECTED] as my cpunks feed, so that says it's getting between those two just fine. At 04:23 AM 9/10/00 -0700, Bill Stewart wrote: You sent your message to toad.com; I'm trying this through algebra.com. At 06:55 PM 9/9/00 -0500, "Wilfred Guerin" [EMAIL PROTECTED] wrote: ? cyph relay CDR on Algebra.com has been sending null messages from owner-etc since Friday the 8th, 13:42 cst last coherent message. ... (Since Algebra.com is sending out null messages, please respond directly) Headers if you want them: = Return-Path: [EMAIL PROTECTED] Received: from wormwood.pobox.com (localhost.pobox.com [127.0.0.1]) by wormwood.pobox.com (Postfix) with ESMTP id E6DC47297B for [EMAIL PROTECTED]; Sun, 10 Sep 2000 07:25:35 -0400 (EDT) Received: from sirius.infonex.com (sirius.infonex.com [216.34.245.2]) by wormwood.pobox.com (Postfix) with ESMTP id 3B0A972986; Sun, 10 Sep 2000 07:25:22 -0400 (EDT) Received: (from majordom@localhost) by sirius.infonex.com (8.8.8/8.8.8) id EAA29103 for cypherpunks-outgoing; Sun, 10 Sep 2000 04:23:51 -0700 (PDT) Received: (from cpunks@localhost) by sirius.infonex.com (8.8.8/8.8.8) id EAA29079 for [EMAIL PROTECTED]; Sun, 10 Sep 2000 04:23:36 -0700 (PDT) Received: from cyberpass.net (cyberpass.net [216.34.245.3]) by sirius.infonex.com (8.8.8/8.8.8) with ESMTP id EAA29064 for [EMAIL PROTECTED]; Sun, 10 Sep 2000 04:23:25 -0700 (PDT) Received: from mail.virtual-estates.net ([EMAIL PROTECTED] [160.79.196.177]) by cyberpass.net (8.8.8/8.7.3) with ESMTP id EAA08789 for [EMAIL PROTECTED]; Sun, 10 Sep 2000 04:25:23 -0700 (PDT) Received: (from cpunks@localhost) by mail.virtual-estates.net (8.9.3+3.2W/8.9.1) id HAA04885; Sun, 10 Sep 2000 07:21:22 -0400 (EDT) X-Authentication-Warning: video-collage.com: Processed from queue /var/spool/mqueue-majordomo X-Authentication-Warning: video-collage.com: Processed by cpunks with -C /usr/local/majordomo/sendmail.cf Received: from smile.idiom.com ([209.209.13.26]) by mail.virtual-estates.net (8.9.3+3.2W/8.9.3) with ESMTP id HAA04875 for [EMAIL PROTECTED]; Sun, 10 Sep 2000 07:21:20 -0400 (EDT) X-Relay-IP: 209.209.13.26 Received: from billstewart (sji-ca5-13.ix.netcom.com [209.109.234.13]) by smile.idiom.com (8.9.1/8.8.5) with SMTP id EAA88959 for [EMAIL PROTECTED]; Sun, 10 Sep 2000 04:23:14 -0700 (PDT) Message-Id: [EMAIL PROTECTED] X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Sun, 10 Sep 2000 04:23:10 -0700 To: [EMAIL PROTECTED] From: Bill Stewart [EMAIL PROTECTED] Old-Subject: test: ignore: Re: Algebra.com Dysfunction? In-Reply-To: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: test: ignore: Re: Algebra.com Dysfunction? Sender: [EMAIL PROTECTED] Precedence: first-class Reply-To: Bill Stewart [EMAIL PROTECTED] X-List: [EMAIL PROTECTED] X-Loop: [EMAIL PROTECTED] X-UIDL: 078ec938d46bf0807ff8995691e7af79 == Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
test: ignore: Re: Algebra.com Dysfunction?
You sent your message to toad.com; I'm trying this through algebra.com. At 06:55 PM 9/9/00 -0500, "Wilfred Guerin" [EMAIL PROTECTED] wrote: ? cyph relay CDR on Algebra.com has been sending null messages from owner-etc since Friday the 8th, 13:42 cst last coherent message. Has there been failure/problems with the algebra.com server, or is there known reasons for these strange messages rather than the relay? (I do not know the scope of this problem, nor if CDR admins are aware of the problem, hopefully so, if not, I have a nice log of 50 or so messages from the algebra.com server with null content and otherwise useless purpose :) ) (Since Algebra.com is sending out null messages, please respond directly) -WLG Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: StoN, Diffie-Hellman, other junk..
t" Crypto has its own special denial-of-service flavors in addition to the regular ones, and Photuris addresses a lot of it with minimal work. Delphi can call C routines no problem, I have two problems with GMP that however have nothing to do with Delphi.. First, It's GPL'd, or under a modified version of the GPL. I find the GPL to be distasteful and it forms a barrier more than a bridge to continued software development. The reason for this I think is pretty simple; the GPL (I refer to the classic GPL.. I am not sure of modifications to it that may have been made for it's application to GMP) has made it excruciatingly clear that any program or library using any GPL'd source code must itself be open source, and cannot be sold for profit, but only "at-cost". The "Library GPL" was written to address just that problem. Stallman calls it the "Lesser GPL", because he doesn't like it (:-), but LGPL says you have to distribute source code for the LGPL'd libraries you use or modify (or indicate where to download them) but doesn't GPLize the code you wrote that isn't part of the libraries. So you can use it in your proprietary product without publishing your code, charge money for it, etc. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: StoN, Diffie-Hellman, other junk..
en you can. First, I gotta say.. only been back on the list a day or two and the Signal to Noise seems to have gotten nearly out of hand.. I don't know what cypherpunks has to do with trying to listen in on cordless phone calls, or how to give someone drugs.. but anyway.. something on topic.. :) It's been high for years - thanks for adding Signal :-) Listening in on cordless phones can be a legitimate cpunks kind of topic, though it's been discussed in the past and this was probably just a troll or a clueless newbie. As far as giving people drugs, the standard Cypherpunks approach is to say "That's a hardware problem" and then discuss whose Palm-pilot digicash system you can use for payment, though there has also been crypto protocol work like "The Cocaine Auction Protocol" on how suppliers and consumers can find each other without interference by non-participants, or building conferencing systems for ravers where the server operator provably doesn't have anything subpoenable that would indicate which chatters were discussing where to get drug X at event Y. (There are also noisier Cypherpunks approaches to drugs, like saying "Jim, yer off yer medication again" or "smells good, got any more?" or "He's obviously smoking something *very* good and not sharing" or "No, in a geodesic gift economy you really *might not* charge for drugs." :-) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Good work by FBI and SEC on Emulex fraud case
At 1:12 PM -0700 8/31/00, Eric Murray wrote: A small note: IW digitally-signing the releases would not have made a difference in this case-- the guy used his knowledge of IW's procedures to social-engineer IW into accepting the fake release without doing their usual checking procedures. At 01:22 PM 8/31/00 -0700, Tim May wrote: The system I envision would mean each chunk of text ("press release") would carry a digital sig, which could be checked multiple times. Hard for social engineering to get past the fact that Emulex, say, had not digitally signed their own alleged press release. How often do people check signatures? If they check them, and they pass, how often do they check keys? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Subject: Microsoft Press Release On Digital Signatures Date:September 6, 2001 Microsoft announced today that all future press releases will be signed with PGP digital signatures so that readers can verify that they're reading genuine Microsoft press releases, not forgeries from hackers trying to manipulate the stock price. Microsoft's corporate PGP key 0xB9C8B513 is on the Network Associates keyservers, and you can verify the signatures there. Microsoft's public relations department also announced that plans for World Domination 2.0 are ahead of schedule, and declined to comment on Bill Gates's muttered reference to the antitrust prosecutors as a major-league %^%*@. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBObaOltwjGL65yLUTEQIfNACgrmbcIwqX+u3wWmDRAShF+ydjpiYAoLwS WZoHfvvlHEd2/0rCVSrXL60G =g+G7 -END PGP SIGNATURE-
GPG Slashdot discussion; Phil Z Interview
Slashdot discussion at http://slashdot.org/article.pl?sid=00/09/06/1653255mode=thread OctaneZ asks: "What are the relative merits and drawbacks of using Gnu Privacy Guard vs. Network Associates' PGP. I am not referring to the fact that GPG doesn't use any restricted implemtations or algorithems; or that GPG was not affected by the recent PGP hole; but other more everyday issues. How is interoperability between the two. As well as integration into common applications such as Eudora in windows and others, possibly PINE, in LINUX. Could this be deployed such that the learning curve of transitioning users from PGP to GPG is not too steep? I am a strong beleiver in encryption, and have used PGP for a very long time, however I would prefer to use an OpenSource/Non-restricted program; however the usefullness of said program, as well as the security takes precidence, at least in my book." http://slashdot.org/article.pl?sid=00/09/06/1916226mode=thread A reader writes "PGP's creator is participating in an online interview this week. http://forums.itworld.com/webx?14@@.ee6caf5 Phil is mainly interested in clearing the air about the recently discovered ADK bug, but the larger topics of encryption and worldwide organized snoop rings (Echelon) have already come up. The interview is open to questions from anyone; runs through Friday 9/8."
Re: PRNG server
At 11:09 PM 8/29/00 -0700, petro wrote: The trust issue can be dealt with by a combination of 2 methods, first the traditional trust model--provide a consistent source of randomness over a long enough time, and people will trust it. Secondly, encrypt the random bits for delivery--that way the receiver can trust that the bits they get, they alone get. You can't provide cryptographically trustable random numbers that way. Run DES in counter mode, with a key and starting value known only to the perpetrator, and you'll get high quality random numbers which pass all the statistical tests gamers need, but are still entirely owned, so not very useful cryptographically. The main thing it does is lets gamers trust each other, because it's a common stream of bits that none of them controls, unless somebody hacks the transmission paths or the server itself. The receiver has no way to trust that the bits they get aren't sent to anybody else, because that requires knowing the server is Not Cheating, and there's no way to know that. (Actually, you can do a bit better, in that the receiver can decrypt the bits without the sender needing to encrypt them first.) It's not useless - you can use it to help seed PRNGs along with other sources of entropy you've got locally, for times you need something better than just the system clock and there's nobody at the console to throw dice or wave a mouse. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: SF Internet self-defense course
At 01:11 PM 8/29/00 +0200, Tom Vogt wrote: Tim May wrote: are you required to provide your private keys to an enemy (e.g. someone who is sueing you) ? .. I expect 95% or more of all encryption is done at the transport layer, i.e., for transmission. Most peoplee, I surmise, keep their original compositions in unencrypted form and their decrypted transmissions in that form, too. The perceived threat model is for interception by ISPs, snoops, and government agencies. that's where good software comes in. mutt, for example, stores the received encrypted mail - well, encrypted. decryption is done when you view the mail. also, encrypted mails you send are encrypted twice - once with the receipient's key and sent to him, once with your key for your "outbox" archive. The Eudora PGP Plug-In deliberately decrypts received mail and stores it unencrypted, specifically to discourage the "You must escrow your private keys so we can decode your plaintext" attacks that the FBI/NSA/WhiteHouse anti-crypto mafia were pushing a couple of years ago. That's a different issue from storing your mailbox in a PGPdisk volume or some other encrypted filesystem or having the mail decryptor re-encrypt for storage with a different key (which wouldn't be that hard, since you could use a different public key to encrypt the session key and leave the symmetric-encrypted part of the message alone.) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Peacefire - disabling censorware using Akamai caching system.
Heh heh. Akamai is a large web caching service company. Date: Tue, 22 Aug 2000 17:34:21 -0500 Sender: Law Policy of Computer Communications [EMAIL PROTECTED] From: "James S. Huggins (Cyberia)" [EMAIL PROTECTED] Subject: new method for disabling censorware Peacefire has figured out a way to use the akamaitech.net servers as proxies to access any page. http://news.cnet.com/news/0-1005-200-2586200.html and http://www.peacefire.org/bypass/Proxy/akamai.html Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: reverse Zero Knowledge?
The existence and usefulness of blinding functions will depend on f(). For many interesting functions, computing f' is a very large effort, so computing f'(b(y)) is as much work as computing f'(y), so Bob will charge Alice just as much. In the case of RSA, computing f' is very hard, but maybe Bob has lots more resources than Alice, and the numbers are small enough to be worth trying, e.g. 512 bit keys. There's unlikely to be a useful blinding function - you're trying to find prime factors of a large two-factor composite number pq, and finding factors of a different large number isn't useful - the blinding function is multiply by b, so either Bob will give you "b" and "pq" as factors (useless and expensive :-), or else Bob will give you "bp" and "q" or "p" and "bq", and it's much easier for Bob to factor the potential bp and bq, so not very blind. Also, if b is large enough not to cause the easy solution "b" and "pq", it increases the work factor by about 2**b/b, which makes it too hard for Bob. Similarly for Diffie-Hellman, cracking g**pq mod m is hard, but cracking g**pqb mod m isn't much harder, though you're likely to get "b" and "pq" as the factors at least half the time. But if you do pay for it, and get lucky and get "bp" and "q", and Bob doesn't have the connections to recognize g**q mod m as Terry the Target's keypart, you win. How often is this useful? Most applications either use 192-bit keys (has Sun fixed "Secure NFS"?) or 512-bit (hard but marginally crackable, but probably not common), 1024-bit keys (believed to be way too hard), or 1536-bit (definitely too hard). At 12:07 PM 8/1/00 +1000, Julian Assange wrote: Let y = f(x) and f'(y) = x Imagine Bob runs a f' cracking service. Imagine Alice has y and wants x. Alice may or may not know f' however she wishes to take advantage of Bob's f' cracking service to obtain x. But she doesn't want Bob to know x. Yet she wants Bob to compute it for her. Imagine there is a blinding function b, and an unblinding function b'. Alice sends Bob b(y). Bob produces z=f'(b(y)). Alice extracts x = b'(b). Has this been done for RSA etc? Is it possible to find blinding functions of this nature for any function in number theory? Cheers, Julian. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: USPO still trying to SPAM everyone
At 07:26 PM 8/1/00 -0500, Jim Choate wrote: On Tue, 1 Aug 2000, sunder wrote: Jim Choate wrote: On Mon, 31 Jul 2000, Eric Murray wrote: Well, they could make all other email services illegal. Yea, not bloody likely. But governments have done stupider things. See the 1st. That would be nice, except for two things. .gov has deemed that the post office should be a monopoly*, and thus it and only it is allowed to carry mails. No, the Constitution REQUIRES the post office to be a monopoly. Maybe the Republic of Texas consitution requires that, but the US Constitution on says, in Section 8, that the Congress shall have the power "To establish Post Offices and post Roads". No mention of monopoly there. General post, as a general principle of democratic society, since it represents a 'press' and is critical in the 'speech' of the people and they are required by oath to protect both is justification to have it managed by the central or federal government versus a bunch of individual businesses. One can argue, though IMHO not successfully, that it's useful for the Government to fund a post office that sends mail to everybody, but that's still no justification for monopoly. Far from it! A government postal monopoly, by deciding what content of speech it would carry and forbidding competition, could censor that speech in ways that the First Amendment clearly opposes and supersedes. (What? The Post Office ban mailing obscene content? Never happen...) Second while the 1st does protect speech, it doesn't prevent .gov from fucking with the method of transporation. See the FCC for another example. Um, as a matter of fact the Constitution REQUIRES the federal government to regulate inter-state commerce. Again, no, it only gives Congress power to do so, and does it particularly to take that power away from the states. Somehow they've bullied the courts into letting them extend that power to things like growing your own grain on your own farm to feed your own animals, and growing your own dope on your own farm to feed your own head, but then the Supremes in the early 1900s were no particular friends of the First Amendment, viz Schenck. [* An interesting exception is that things like FedEx, UPS, DHL, etc. do exist and do compete with the USPS's parcel post, but that's for packages.] In COMMERCIAL environments. If we were to reduce it to the majority of traffic that is carried by the USPS then they'd go broke in about a week. The reason there's a postal monopoly is in large part because of an anarchist lawyer, Lysander Spooner, who believed that private business could do a much better job of anything that a government business, and demonstrated it by running a better postal service in Rochester New York than the US Snail could, in about the 1840s. They couldn't beat him at their own game, so they banned him from competing. P.S. Jim Choate's broken mail software put another of those CDR things in, but I fixed that. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: JYA, Cryptome Help Request
At 08:49 AM 7/27/00 -0700, Mark Allyn wrote: I have heard that an outfit called Akamai Technologies in Cambridge, Mass is real sharp with mirroring and traveling content technologies. It was formed by techies from MIT. Perhaps they might be able to offer something. Akamai and other companies (my employer ATT offers a similar service) provide services using a variety of caching equipment (Inktomi is one of the prominent vendors) to do caching. The negative aspect of them for JYA is that we charge money, with prices depending on usage (typically 95th percentile peak rate), which are appropriate for commercial businesses broadcasting things or managing the capacity of their web site, but a bit steep for non-commercial sites run by individuals who've been slashdotted. Slashdot.org is one of the common sources of trouble - they have a policy of not caching, because back when they were a volunteer effort instead of a business, they didn't want to pay lawyers or get sued occasionally for caching people's stuff. I do think they ought to reconsider, now that they're commercial and owned by a company big enough to have real lawyers, and most people probably would prefer to be cached rather than slashdotted. Getting your website mentioned in the more conventional press, like Drudge, is more of a problem, and you're only helped somewhat by big ISPs using transparent caching at their gateways. If your site has been unchanged long enough for Google to find it, you _can_ cheat and publish the address for the Google cache :-) But that's not much help for fast-breaking news; it would have been nice if Drudge had provided a cached version of at least the basic pages. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Better than pgp
At 12:20 AM 7/30/00 -0700, Matt McDole wrote: I was wondering if there was encrytion software that didnt limit your to 4096 bit key size, I am looking to go higher. - Any suggestions? Let's see - either you're trolling (:-) or you're expecting a semi-major mathematical breakthrough, enough to kill 4096 bits but not major enough to make RSA totally unusable, or you're expecting your application to last substantially longer than the fraction of the age of the universe most of us are expecting to experience? Or you're expecting Moore's Law to keep doubling speeds every 1-2 years for the rest of your life? Key length calculations aren't strictly exponential, but they're close enough that if 1024 bits really isn't enough, 1536 certainly is. The tradeoffs with longer keys are that it reduces the number of people you can communicate with, which is substantially more of a security threat than the length of the keys, and that it pushes you toward homebrew software that's less tested than widely-used software, which means there's a higher risk of bugginess. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: IPv6 encryption strength
At 11:01 AM 7/30/00 -0400, Timothy Brown wrote: Can anyone provide a pointer or helpful information to speak to the strength of the encryption capabilities in IPv6? Is it considered weak or strong by the crypto community - or somewhere in between? IPv6 and IPSEC allow you to negotiate which encryption algorithms to use. Implementations can offer a variety of algorithms, and the two ends of a connection negotiate which to use, so you can choose to be as secure or insecure as you want. Originally, support for single-DES was mandatory, so there'd be something "secure" to fall back on. I think that's now been replaced with Triple-DES. Support for NULL encryption is also available. In addition to the ESP-mode operations, which do encryption, there's AH Authenticated-Header mode, which doesn't encrypt, but does use cryptographic checksumming to validate the packets. You'd use this for things like firewalls, only allowing authorized packets and rejecting anything else, where you don't care about eavesdroppers, only crackers. There have been arguments about whether this mode is adequate protection. Then there's the whole IKE key exchange mechanism. Unlike the simplicity of Photuris, IKE is a mess of twisty little protocols, and it's not clear whether the NSA's help in developing it needs to be attributed to malice or just stupidity, with creeping featurism run wild. The big problem is that all this is difficult to implement; IPSEC with Photuris could have been done a couple years earlier with everybody's implementation being compatible. William Simpson, one of the Photuris authors, had a rant out about it, which may have been an Internet Draft. Also look for stuff on ISAKMP and Oakley, the two things that merged to become IKE. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Uraniumonline.com auction site
Yep - e-commerce with a bang! http://www.uraniumonline.com/nynco/Press_Releases/press_releases.html PRESS RELEASE Nuclear Fuel Market Goes On Line With UraniumOnLine.com July 10, 2000 New York --U.S. utilities that generate electricity from nuclear power plants are entering the world of e-commerce to buy fuel for their reactors. New York Nuclear Corporation (NYNCO), a nuclear fuel brokerage company founded in 1982, is now operating UraniumOnLine.com (UOL), the only nuclear fuel electronic marketplace in the world. Nuclear fuel auctions within UOL are private and open only to qualified buyers and sellers. Until now, nuclear materials were procured using cumbersome and time consuming methods. Information about material availability and prices was limited. But with its second on-line auction, UOL has moved the nuclear fuel market into a new age. The July 6 auction of 125,000 pounds of uranium began at 9:01 a.m. and closed twenty-two minutes later. Uranium prices during the past year have fluctuated from between $10.40 to the current UOL auction result of $8.18 per pound. The auction reflected a typical spot nuclear fuel market transaction in terms of quantity and delivery requirements. "Nuclear fuel prices have always been difficult to determine because important details of transactions are often unknown," explained NYNCO President Joseph McCourt. "The published prices that are currently used by the industry involve a fair amount of guess work. With UOL, the market can actually see what the deal is and what exactly buyers and sellers are bidding. We believe with UOL the multi-billion dollar international nuclear fuel industry will finally have a specialized trading platform capable of handling procurement with low transaction costs and complete price transparency. Moreover, UOL will, with the help of its worldwide clients and its in-house nuclear fuel expertise, provide the nuclear fuel industry contractual and other standards that will define and greatly facilitate nuclear fuel trade around the world." Nuclear fuel is used by the world's 430 nuclear power plants to supply approximately 20% of the world electricity needs. About New York Nuclear Corporation: NYNCO, with offices in New York, Washington, Atlanta and Preston, England, has offered brokerage services to the commercial nuclear power industry since 1982 and has concluded transactions involving millions of kilograms of uranium, uranium hexafluoride conversion services, and uranium enrichment services. Its worldwide client list includes most nuclear utilities and uranium producers and processors. For more information, contact: In North America: Becky Battle (404) 876-9454 ([EMAIL PROTECTED]) In Europe: Andrew Crockett 441772200320 ([EMAIL PROTECTED]) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: FBI Makes Case For Net Wiretaps
Tim May's quicker on the draw than I am :-) You know you've tweaked the FBI when they drag out child pornographers, terrorist bombers, hackers, and other usual suspects on a hearing that they didn't initiate and didn't want to be dragged into. To some extent, they always start speeches on wiretapping this way, just like many politicians start off their speeches with a joke to get the audience warmed up. But this time it's different, because the Carnivore system, as described by the FBI officials, can't tap anonymous encrypted mail - there's no From: or To: information. So are they just grandstanding to make up for a weak position? (Probably - they'd have had lots less controversy if they hadn't picked a memorable name like "Carnivore".) Or were they saying that the box is just the latest round of the new wiretap capabilities they're looking for, just as they've been trying for the entire time Louis Freeh's been FBI director? Most of their speeches were spinning "No, this is just a new implementation of the same policies we've had for several years", but Kerr's speech, like most of Freeh's speeches, really says that the FBI wants to have constantly increasing wiretap powers to make up for the improving technology in the commercial world. This also suggests that just because Carnivore does very few things now, that doesn't mean it won't do more later, with or without explicit notification to the ISP. Some of the FBI testimony was very interesting - they conceded reluctantly that there hadn't been any court tests of their power to require ISPs to comply with Carnivore or other wiretaps - most ISPs simply obeyed, except Earthlink had technical problems using the box and that court case hasn't been finished yet. Some technical information also leaked out, though it's not clear whether it's accurate or not - that depends on the technical expertise of the FBI speechwriters and speakers, which was quite varied. The technical clues I noticed were that - The ISP's systems have to forward them email messages that might be relevant, which implies that the ISP has some ability to pre-filter, though it's not clear that any of them are. - The Carnivore searches the From: and To: header lines, which says that it's opening up the message itself, rather than just using the SMTP or POP3 protocol messages (such as RCPT) which are used in sending, receiving, and picking up the message. That's not as much like a pen register as the FBI claims - it's more like listening to the beginning of a phone call to see who the speakers are. It also steps into the territory of whether the message is being tapped in transit (which is directly addressed by the ECPA) or tapped in a mailbox (which is somewhat more open, given the Steve Jackson Games lawsuit.) - They didn't say whether the ISP has an opportunity to review the data kept by the Carnivore box, to validate that it's all that was collected. The speaker from the CDT made a nice point about trunk-side taps, which have been treated differently by courts and legislatures than line-side taps - Carnivore looks much more like trunk-side. Bill Stewart At 5:01 AM + 7/26/00, Anonymous wrote: By John Schwartz Washington Post Staff Writer Tuesday , July 25, 2000 ; E01 Federal law enforcement officials defended "Carnivore"--the FBI's controversial Internet wiretap system--through more than two acrimonious hours of grilling by Democratic and Republican lawmakers yesterday, painting a chilling picture of an Internet that would become a safe haven for crooks and terrorists without proper surveillance. "Criminals use computers to send child pornography to each other using anonymous, encrypted communications," FBI Assistant Director Donald M. Kerr told the House Judiciary subcommittee on the Constitution. At 11:11 PM 7/25/00 -0700, Tim May wrote: The FBI has said that Carnivore will only be directed at specific targets of a wiretap order. How, then, does it do a damned thing with "anonymous, encrypted communications"? This is just one of many failures in logic. (The longer version of Kerr's quote:) "Criminals use computers to send child pornography to each other using anonymous, encrypted communications," FBI Assistant Director Donald M. Kerr told the House Judiciary subcommittee on the Constitution. "Hackers break into financial service companies' systems and steal customers' home addresses and credit-card numbers, criminals use the Internet's inexpensive and easy communications to commit large-scale fraud on victims all over the world, and terrorist bombers plan their strikes using the Internet." Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Carnivore - Matt Blaze testimony
Matt's testimony is http://www.crypto.com/papers/opentap.html , including a paper by Steve Bellovin and Matt Blaze on "Open Source Wiretapping". FBI PRESSURED TO DISCLOSE SYSTEM CODE - [Wall Street Journal, A6.] The Federal Bureau of Investigation is under increasing pressure to disclose the secret blueprints for its Carnivore surveillance system so independent technical experts can verify that the software monitors only the Internet communications of criminal suspects. Despite mounting calls to permit such reviews, FBI officials maintain that disclosing the software's source code would allow hackers to find ways to defeat the system. The officials also argue that such a disclosure could violate copyright protections because Carnivore includes portions of software code from a product licensed to the government by an unidentified vendor. Congress is expected to press senior FBI officials on the subject at a hearing Monday before a House Judiciary Committee panel led by Florida Republican Rep. Charles T. Canady. One scheduled witness for the hearing, Matthew Blaze, an ATT [Labs] researcher, says the FBI's failure to fully disclose how Carnivore works has contributed to an "atmosphere of mistrust and confusion." In an essay published on the Internet last week, Blaze wrote that releasing the system's source code "is a critical first step in assuring the public that Carnivore can at least be configured to do what it is supposed to do."
Re: Choate proposing Dropping toad.com
Jim - have you sent mail to Hugh and John directly? Or just to the mailing list bot-owners, plus postmaster and root, which they don't likely check very often, even when Hugh's not on yet another summer of international travel? You probably don't want to drop JYA or Hugh or Pablos, though they could easily enough be redirected. Some of the subscribers are clearly gateways to local Usenet groups that let people read the list with newsreaders. I'm not sure how many of these are single-reader systems and how many are universities or other sites with multiple readers, but it's difficult to tell what name the user actually posts with. There's also a problem with +enhanced SMTP addresses, which allow the user to add "+something" to the end of their user name, so they can sort message streams, but their outgoing mail probably won't have the plus-info. For instance [EMAIL PROTECTED] probably would send mail to the list as [EMAIL PROTECTED] and any "only accept mail from subscribers" option needs to address them. I think it does make sense to move the toad users to a different server and set an autoresponder pointing to the current list-server locations. That won't prevent the problem of harassers subscribing the list to other lists, but it's a start. The big negative about it is that originating users at one-way remailers won't get the bouncegrams, but most people who know how to use remailers can find us anyway. Bill At 10:07 AM 7/19/00 -0500, Jim Choate wrote: Hi, I've sent a couple of emails to the toad.com operators and have received nothing back. I see this is indicating a distinct lack of interest on their part. As of today the current toad.com member list is below. It looks like we could drop it completely if cyberpass and algebra would drop. Note that this does not prevent the toad.com operators from participating in the current CDR. Only that the current CDR doesn't wish to participate in the original list any longer. Date: Wed, 19 Jul 2000 08:34:19 -0700 (PDT) From: [EMAIL PROTECTED] Your request of Majordomo was: who cypherpunks-unedited Members of list 'cypherpunks-unedited': [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: John Young, the PSIA, and Aum
At 09:55 AM 7/23/00 -1000, Reese wrote: Japanese nationals are not Americans, American law does not apply in Japan. If the Japanese government is oppressing its citizenry, it is a uniquely Japanese problem, there is no reason for the USofA to get all up in arms about it, just as there was no reason for the USofA to get all up in arms involved in, say, Pol Pot's Cambodia. No, it's a human problem. Doesn't mean that the US Government should be taking up arms to prevent it, but that's different from Amnesty International doing something about it. US law currently forbids US citizens from engaging militarily in their own foreign policy, the way many Americans did during the Spanish Civil War (joining either the Commie or Fascist armies) or early WW2 (joining the Canadian or British armies.) But that doesn't mean it's inappropriate to be involved. In this case, the US government chose to intervene on the side of the Japanese secret police, though their most recent moves were unsuccessful and counterproductive. As you said, the story is incomplete. Look before leaping, eh? Take your paragraph above. How could jya know that the japanese would want the list taken down, before posting it? Logic fault, there,,, Because he was communicating with his Japanese source, who knew quite well that the PSIA did not want this story aired. Duh. This implies jya should have checked with the Japanese Ministry and asked their permission before posting the list. Feh - JYA's got no legal obligation to some other government. He's got the usual moral obligations all of us have - he decided that they weighed more strongly on the side of publishing than on the side of cooperating with a government that's got no authority over him. That's the nice thing about censorship and the Internet - it only takes one brave person to blow censorship away, and anonymity makes bravery much easier. Later, Reese replied to At 08:23 PM 23/07/00 -0400, Meyer Wolfsheim wrote: Aleph is a religious organization. So were the Branch Davidians, though Aum's social teachings were clearly evil. Strong ties to one religion or another can be found within the Hezbollah, the IRA, et al. Was Aum Shinrikyo NOT a religious .org? The IRA's ties to Catholicism are minimal at best - they've tended to be Marxists, rejecting Christianity as the opiate of the people, as well as ignoring it personally. Just because they don't practice their religion doesn't mean that the religion they don't practice isn't Catholic. But if the Pope told them to disarm, they probably wouldn't. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
CARNIVORE HEARINGS NOW ON C-SPAN 10:30PM PDT
I just turned on the TV, and the Carnivore hearings are going on now in C-Span. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Tamper-resistant PC hardware
I am in the unfortunate situation of having to run a server in a machineroom which I don't completely trust. At 05:20 PM 7/18/00 -0900, Paul Holman wrote Some folks at the Cypherpunks meetings have been working on projects using the Dallas Semi iButton, which is a cheap FIPS140-1 Level 1 certified hardware security device. You can get them, load your keys in them, and rig your OS/Apps to use this thing. An alternative would be to use an nCipher device. These protections would keep people from copying the keys, but it is certainly conceivable they could make off with the device entirely. That's why you'd want to incorporate some kind of remote authentication as well. Matt Blaze did a paper a while back on using smartcards (or equivalent slow-but-relatively-secure processors) in conjunction with a main CPU to support encrypted filesystems without having to shove all the data through the smartcard. You may want to do something similar here. (And obviously you want to use encrypted filesystems, because even if the attackers don't stick logic probes on your backplane, they might take your disk drive out and plug it in their own machine.) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Treasury Secretary Summers warns of crypto-anarchy, encryption
At 11:50 AM 7/15/00 -0400, Declan McCullagh wrote: http://www.wired.com/news/politics/0,1283,37573,00.html Is Encryption Tax-Protective? by Declan McCullagh ([EMAIL PROTECTED]) 3:00 a.m. Jul. 15, 2000 PDT WASHINGTON -- It used to be FBI Director Louis Freeh who would rail against online anonymity and argue that Americans should not be allowed to use encryption software without backdoors. Now it's the U.S. Treasury Department -- home to the Secret Service, the IRS, and the Customs Service -- that's complaining. "Problems could arise from the increasing sophistication of Internet encryption codes that are established for valid reasons of commercial secrecy but can also be used to conceal relevant tax details from tax administrations," Treasury Secretary Lawrence Summers said this week. "In such a world, it will be easier for companies to avoid tax collectors by operating worldwide through websites based in jurisdictions that are unwilling to share taxpayer information," Summers told a gathering of international tax administrators in Washington. Hey, they're catching on! Should we send these guys a "Tim May's Signature File" t-shirt and the collected rants of Bob Hettinga? :-) The big difference here is that many people think National Security trumps the First and Fourth Amendments, so it's ok to restrict encryption to stop Scary Terrorists, but far fewer people think wiretapping and similar offenses are ok just for tax collection, and the IRS's reputation of ripping off widows' houses doesn't sit well with the public. The right way to enforce tax collection is to send Nasty Letters, followed by visits from dull humorless accountants to see your books, followed by brighter but more humorless accountants to see your other set of books. Corporations and other licensed businesses are required to produce business records; there have been some interesting cases on whether those records need to be readable by tax authorities. There was a case in the US-Occupied Philippines on something that I think was called the Chinese Business Records Act which got tossed by a US Federal court - it had banned keeping business records in Chinese because US colonial bureaucrats couldn't read them. (And one of the right-wing Constitutionist types tells of presenting his business records to a magistrate or tax bureaucrat in Idaho, which his accountant had written in Hebrew. The accountant was back in New York City, and the local government were all goyim, and it was pretty obvious that if they got around this problem he'd pull something else on them, so they dropped the issue. But that's just local/state stuff, not useful precedent.) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: mentality
At 09:02 AM 7/17/00 -0700, Anonymous wrote: Following this crypto list and spam attacks has interesting side-effects. To us living outside US it is almost unbelieveable what kind of pathetic retards US general public became. Just look at the spam subjects. Petwarmers. Heartwarmers. And don't tell me that spam is not matched to the public. It is rather scary. 200+ million remote controlled retards. But that's the great thing about the Net. You don't need 200 million remote controlled retards to sell advertisting; you can easily find a few thousand retards and spam them with something customized to their bad taste, and give the next thousand retards something _they_ want, and so on. Almost everybody has something stupid you can hook them with, and it's much easier to find them now :-) Alternatively, it's a Commie plot by the Saccharine manufacturers to dispose of their cancerous excess product and get us to corrupt our own precious bodily fluids for them And Hettinga reports that the Hahvahd Club has gone business casual. It's the decline of civilazation as we know it. And we haven't even talked about Hello Kitty yet... it's a worldwide problem. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: ZFG: Q: How to subscribe to the mailing list anonymously: WRE
At 09:53 AM 7/17/00 -0500, Jim Choate wrote: Assume there is a person who wishes to participate in the mailing list. Assume that person wants to participate via a single email address. They have for all intents and purposes zero technical skill. They are participating via a PPP dial-up through a local ISP, non-anonmymously. They can't run any programs when they're not logged in. How does one go about this anonymously (this includes EFT/check payment for commercial recources)? How anonymous do they need to be? How non-technical are they? If you don't need to be highly anonymous, use Juno or other free dialin email. Or get an overpriced secured credit card or debit card in a fake name and get a cheap dial ISP; you can find them for $9/month in many places. All of them risk having the free/cheap ISP rat out your phone number. You could get Freedom and install it. Not hard, real secure; you'll have to see if there's a relatively anonymous way to pay them. A relatively easy approach is to check out www.anonymizer.com and set up a paid account there; it's about $5/month, and you can presumably still pay by snailmailing cash or money orders. Then use a browser with SSL and read the list on a free email system that's not too Javascript-encrusted to use through Anonymizer. (Hotmail probably doesn't work any more; I think Altavista and Excite still work, and you can see if Hushmail does.) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: ZKS economic analysis
At 11:19 PM 11/16/00 -0800, [EMAIL PROTECTED] wrote: That ZKS defends against the government intrusion is boring.. There exist free, open-source projects (PGP, remailers, FreeNet) that already address this issue -- in cyberspace, opposition to government censorship and abuse has largely been grass-roots in nature, exactly like it is in the real world... Also, its uncertain that there's much of a business model in protecting people from government tyranny.. The cool thing about ZKS's business model is that it claims to make running remailers sufficiently worthwhile for ISPs to do themselves that there should be a large number of them Real Soon Now, and they'll be unlikely to close them down on the first complaint because they're making money. The main governmental attack isn't tyranny, it's subpoenas from lawsuits by people who don't like things you wrote. Tyranny attacks have higher technical quality, but volume can be a real killer. Addressing the "protection of personal information" issues is a long discussion for later. From a theoretical standpoint, encrypting messages has been Done Now, but stopping traffic analysis is much harder, and it's much much harder in practice. Similarly, untraceable outbound email is much harder than untraceable inbound. And deploying a Pipenet that performs efficiently for thousands of users is still tough. The good thing about cryptography and universal communication connectivity is that a grassroots effort _can_ provide effective security. The catch is that widespread protection that's scalable enough for everyone to use requires more infrastructure than a grassroots effort typically produces unless you've got other hooks encouraging widespread deployment. Over the last half decade, there have typically been about a dozen remailers, and shutting down anon.penet.fi didn't need a government tyranny attack - Scientologists could do it. (Yes, they used government to help, but a serious government attack could easily take down the whole thing.) And one individual got a dozen or so remailers shut down by complaing to ISPs after forging Usenet attacks on himself through the remailer network. And that doesn't even count the potential uses for spammers if they were smarter; dealing with that sort of heavy abuse is one thing that makes remailer ops quit. I don't know if their business model will succeed or fail - it depends a lot on implementation quality and on marketing efforts, and on deploying enough stuff (and getting enough customers) to bootstrap other activities that use it. Some of that's protecting people from government tyranny, some is letting you surf without getting spammed (anonymizer does this too), some of this is letting your kids chat on line without risking Bad Things and letting your kids say Stupid Teenager Things now without it haunting them the rest of their lives (e.g. not getting into college because of that misdemeanor copyright violation from trading MP3s, or saying Harvard's Hockey Team sucks...) There are other business models that might work - building remailers into Napster? Anonymizer.com works well, though it could be shut down - what if Apache shipped with an anonymizer module that was enabled by default? (And what would the spammers or other abusers figure out to do with it? :-) Usenet supports a wide ecology of ways to build anonymous connections, though they're slow and not highly efficient, and Usenet's in a "Nobody goes there because it's too crowded" kind of decline. Anonymizers plus not-overly-Javascripted Free email systems are enough to keep out most attackers, though they probably won't stop a government attack if you're using it over a long period of time. Will ZKS succeed? I hope so, and more power to them - but they'll need to get their product more distributed, and probably more polished, and get their marketing engine in gear before their previous PR splashes fade away. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: how EXACTLY does this protect privacy?
At 03:51 PM 7/13/00 +0200, Tom Vogt wrote: um, partly yes. the rights of businesses are completely artificial. a biz is an artifical entity that doesn't have any existence aside from paperwork (the property it owns is "real", but that doesn't make the business any more real than the existence of churches proves the existence of god). as such they have no "natural" and "inaliable" rights, but only those artificial rights granted to them by the local government. it just happens that they've managed to lobby most govs into giving them a whole bunch of rights. You're incorrect. Business are things that people do. Nothing artificial needed. Corporations are artificial entities that exist on paper and only have those rights arbitrarily granted by governments, so the government could decide to grant them lesser sets of rights in return for their corporate privileges. But if you run a store, without hiding it behind a corporation, there may be a sign out front saying "Tom's Widget Shop", but that business is something you're running, with your rights. If you've got partners, and it's "Tom and Alice and Bob's Widget Shop", the business is still something you're doing together, with the rights all three of you have. Still real, nothing artificial. In many places, governments require you to have a license to do business, but that's just because they can get money that way, and can help their friends by restricting their friends' competition. It's not compatible with natural rights, but most governments are well-armed enough that they win anyway. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: ZKS: how EXACTLY does this protect privacy?
an economy based on "nyms" is a pipe dream. No human has ever purchased a car, or purchased a home, or taken out a loan, or started a business, or gotten a job by using an anonymous "nym". I have started a business, received payment for contract work, purchased a car, and registered a domain, all anonymously. Registering the car anonymously is the tricky part. :) Black Unicorn tells the story of going to buy a car with cash, I think in Washingtoon, DC. The sales guy freaked, went in back to do the "let me talk to the manager about that one", and called the police. I think he was probably even buying the car using some name that he has papers documenting that he uses, rather than registering it as "Black Unicorn" :-) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: filters CPUNK RTFM
At 10:01 PM 6/18/00 +, [EMAIL PROTECTED] wrote: Brad Guillory writes: There was talk about sending an automated email out to posters that do not include CPUNK in their subject line. This message would be best handled by the listserv. But if I understand correctly you can join a moderated list instead of this one if you want to increase the signal to noise ratio. I am wondering if there was an alternate list that many more people were on besides the one on toad.com I say this because I noticed a while ago that mostly all that was being sent was just spam and the like. Is there another one or has content fallen off that much? There are two different problems - signal and noise. Filtering systems, or filtered lists like Ray Arachelian's, reduce noise, but don't increase signal. The cypherpunks list uses multiple servers, but they won't have more signal. Some of the other lists include [EMAIL PROTECTED] and [EMAIL PROTECTED], and [EMAIL PROTECTED] Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
RE: pseudonymous remailers CPUNK
At 09:45 AM 6/15/00 -0400, Trei, Peter wrote: If a remailer restricted itself to sending out messages which were still encrypted after decrypting with the remailers' key, I would think you'd remove nearly all spam (since no spammer is going to encrypt thousands of messages with the public keys of each of his recipients), and give the operator a layer of protection from liability ('No, you Imamness, I did not and could not know that an infidel was using my remailer to send quotes from "The Satanic Verses'") The standard software doesn't support this, but it'd be nice to add. Even requiring PGP for the input side gets rid of almost all spammers, especially if you limit the number of recipients per message. In the future, when encryption is widely available and everybody uses it, there may be more spammers using encryption, but it's pretty rare today. But it's still usable for harassment. Requiring the outgoing message to be encrypted is even more thorough - it limits you to spamming or harassing people with published encryption keys, though I suppose some people feel harassed by receiving lots of encrypted mail that they can't decrypt... It's not easy to decide whether a message is really encrypted, if you're not the recipient, so you're basically limited to deciding whether a message has correct encryption syntax - you can either be crude and just look for the BEGIN PGP ENCRYPTED STUFF--- or maybe S/MIME headers, or you can get fancy and see if there's more structure than that. It's possible for a determined harasser to work around this - e.g. put the headers followed by unencrypted mail or whatever, and you can't tell without the recipient's key. But it's pretty good. This would make it more difficult to send plaintext messages to usenet, though messages which decrypted in the remailer to plaintext targeted for known gateways and mailing lists could be let through. Yeah - basically, you either need to build recognition in the remailer, or else put up a second remailer that doesn't require encrypted-output and use it as a gateway, or something like that. The basic problem is that remailing private messages to a specific recipient is a much different activity than remailing messages to a broadcaster with many unknown recipients, and the current remailers try to do both. Building gateway servers with names like [EMAIL PROTECTED] opr "[EMAIL PROTECTED]" can take care of the second job. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Trusting HavenCo [was: Sealand Rant] CPUNK Snowcrash
At 01:17 AM 6/12/00 -0500, Sean Roach wrote: At 11:23 PM 6/10/00 -0400, Peter Trei wrote: Ryan wrote: In Snow Crash, there was one Sovereign Individual, who governments accorded standing as such. He could do this because he was a nuclear power - he traveled everywhere with an armed warhead built into a motorcycle sidecar, and a deadman switch linked to his heartbeat. If he died, bang! (I can't recall if Stephenson dealt with the problem of an adversary who just threw him in jail, or other non-lethal nastinesses) He didn't. At least not in Snow Crash. The book ends with Hiro Protagonist, (The Hero, The Protagonist. I like the book fine, but that's not exactly the most original name. Still better than Joe Smith though,) "killing" the Aleut's avatar, then launching an antivirus program with an ad attached. That was in the Metaverse. Out in Meatspace, Raven and Uncle Enzo get in a fight that sounds like one or both of them are going to die, but the Bomb doesn't get mentioned, and hasn't been mentioned in a while. I got the impression that Neal just didn't bother cleaning up that loose end. But even with out it, Hiro wasn't close to being the Baddest Motherfucker In The World By the way. You want the computer hard disk completely destroyed for the same reason that you would want to take the pad of paper you wrote your secret info on, with you. With the paper, you could do a rubbing to reveal what the page above said... Destruction is nice, but it's more important to require that all the disks only have encrypted data written to them, so that you can zap the contents temporarily by cutting power if you're invaded, rather than having to thermite the whole thing and hope you've destroyed the whole thing well but also that you can build up repeat business somehow. Secret-shared offsite backup may be useful as well, for customers who want it. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639 Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: filters CPUNK RTFM
At 04:42 AM 6/16/00 -0700, Kurth Bemis wrote: can we place a filter to reject all incoming messages that dont have CPUNK or CPUNKS or something in the subject? Kurth Bemis - Senior Linux Network/Systems Administrator, USAExpress.net You don't have to make the listbots reject those messages - you can make your mail reader reject them and they won't bother you. According to your email headers, you're using Eudora as your mail sender; probably you're also using it as a mail reader. It's got filters - RTFM on how to use them. Of course, _your_ message didn't have CPUNK in the header, so people who follow this practice won't be bothered by it :-) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Eliminating toad.com from the C. Distributed List
At 12:24 AM 06/06/2000 -0700, Tim May wrote: toad should, however, bounce back some kind of pointer if you try to subscribe and/or mail over it, since it's still listed as "the cypherpunk node" at various places. This is the fault of those "various places." Frankly, worrying about what a 1993 blurb in "The Village Voice" says is the Korrect Cypherpunks Address seems quaint. Many of those "various places" are archives of mailing lists, Dejanews caches of Usenet groups, old web sites nobody's got incentive to update, things that are found by search engines, etc. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: pseudonymous remailers
As other people have pointed out, most email software lets you forge mail easily; you don't get strong untraceability, but you often don't need it, especially with free network access and disposable free email addresses being widely available. Untraceable mail is important for publicizing human rights violations by your government, or contacting your favorite marijuana supplier, but minor offenses like harassing your fellow high school students or subscribing your ex-boyfriend to spammer lists don't need it, and it doesn't take a lot of creativity to do. I ran a remailer about 5 years ago; I've commented on the issue in the distant past, but no longer have copies of it. Remailers generally have two uses: - sending private mail to individuals, which needs to be encrypted in and out to prevent eavesdropping (so forgery isn't really an issue), and - sending broadcast messages such as Usenet groups and mailing lists, where the output needs to be unencrypted, and forgery is possible. The early software didn't prevent you from pasting in a From: line, so it was possible to use for forgery, mailbombing, etc. Occasionally it's convenient for legitimate uses, such as forging your home email address on a posting to a subscribers-only mailing list (when you're at work / cybercafe / etc.) but for the most part there's very little you can't do just as well by putting your name/address in the body of the message. The classic abuses to do with it are posting flamebait to Usenet or posting test messages to alt.test which get autoreplied to by thousands of machines. I closed the remailer I ran when somebody posted forged hate mail to the net - the headers weren't forged, but the target's name and email address were in the message body. My ISP asked me to close it unless I could find a way to prevent similar abuses, and there weren't a lot of good options at the time. Most remailer operators who are concerned about preventing abuse are also concerned about preventing complaints that get them shut down, so they're motivated to deal with the problem. A relatively common approach is to add mail headers clearly indicating (to anybody who reads mail headers) that the message came from a remailer, may be forged, and where to find more policy information. At 3:28 PM -0400 6/5/00, [EMAIL PROTECTED] wrote: I'm a columnist for the chicago tribune and someone has called my attention to the remailers on the net that allow you to construct the FROM: field as well as the TO: (manicmail; zoubidoo are two I've found). What do you know about these? Are they new? More common than I know? Do they pose any additional interesting problems legally, morally, ethically, whatever? Any sites on the web I ought to visit re. this? Eric Zorn Chicago Tribune http://www.chicagotribune.com/go/zorn/ Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
RE: Drivers License
At 04:43 PM 06/08/2000 -0500, Black Unicorn wrote: Most "international driver's licenses" are not valid without the presence of a driver's license issued by your jurisdiction of permanent residence, which must be carried with you at the same time. There are a few Caribbean islands, I think Trinidad, which are quite flexible about issuing DLs (and mailboxes) and you can use them with an international DL. An acquaintance of mine used one in Nevada, and it checked out valid. (He usually lives in California, and might have had more trouble using it there.) The consulting company that I saw at a convention that was facilitating getting the things charged a service fee for obtaining them. I think it was about $50, and it would have been rude to ask about the strictness with which the procedures for getting them processed were followed, but the end product was genuine. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
RE: Verifying this data crypt?
At 05:59 PM 06/08/2000 -0400, Bill Frezza ([EMAIL PROTECTED]) wrote: The best thing that could come from the government's forced breakup of Microsoft would be to turn the richest man in the world into a free market, anti-government, radical capitalist. Gates is only 45 years old. Think of what he could accomplish if he devoted the rest of his life and even a fraction of his wealth to the cause of freedom. How many Havenco's could he build? What's this "Gates" business? The DoJ invasion has cost Bill a few billion, and Larry Ellison is now Rich Guy #1. I don't know how he feels about governments and free markets in general, though he's got a few opinions about airport closing times and local governments that are well-known :-) But yeah, if Gates wanted to become the next Ross Perot, .. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: need some help
"the foxman" [EMAIL PROTECTED] writes: Ineed some help and advise on making a bomb. can u help me please... Hey, postmaster - our list doesn't need this kind of abuse. Please dump the account. We get it a lot - it's either ELEET KiddieZ, or else it's cops trolling. Since the poster is pretending to be British, he should learn from history - you make bombs by putting barrels of gunpowder in Parliament's basement, but try to avoid getting caught... David Marshall [EMAIL PROTECTED] replied. Go talk to John Travolta. "Battlefield Earth" is making craters in movie theatres everywhere. It's nice to see the unanimity of movie reviews on this - B.E. isn't just getting slammed for being made by Scientologists, but for being one of the essential characteristics of Scientology, which is Overpriced Bad Science Fiction. :-) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Moonies buy United Press International
There's an AP Wire story about White House correspondent Helen Thomas leaving UPI after 57 years. UPI was bought by News World Communications, the Moonie subsidiary that also owns the Washington Times. "I have no plans to join the new UPI." Her agent says she's not retiring (at 79), she's just leaving UPI. If I remember correctly, UPI used to have lots of Quayle family money in it. No fn0rds were seen anywhere near the black helicopters Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
alladvantage.com spammers get $100M in Venture Capital :-)
Today's Mercury News has an article on where VC money is going in the San Francisco Bay Area. The third entry on their list is none other than Alladvantage.com, in Hayward, "Internet Advertising" - the spammer group we've been complaining to/about lately as their users have been spamming us :-) They may be harder to get rid of than I thought... or they may be more reasonable because they've got $100M of OPM whose owners don't want to lose it. Second on the list is DoveBid.com, who we've also gotten spammed by, though that was probably somebody signing up with cypherpunks@somewhere as their email address. They do B2B auctions, and got $109M. They've actually been in the industrial auction biz since 1937 There are also a variety of companies doing reasonable-sounding things, and companies things like named Zippy!Zap!Y!owza! who appear to be in the buzzword generation and tree-shaking business. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: DSE implementation
At 12:59 PM 05/06/2000 +0200, Feri wrote: Hi, i need DES (C'BC) in C or Basic. Can you help me? Feri Look at ftp.ox.ac.uk and ftp.funet.fi under the /pub crypto directories. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Sander Franklin presentation @ CFP
The basic objective, for campaign financing, is highly bogus - there's this First Amendment thing that, while sometimes honored more in the breach than the observance, protects freedom of speech and the press. When you're talking about commerce or obscenity on the net, pro-censorship types say "oh, no, the First Amendment isn't about them - it's about Political Speech!". So when we ARE talking about political speech, they shouldn't be allowed to get away with saying "But electoral politics is too important to let *everybody* print what they want about it." Philosophy aside, cypherpunks technology makes it easy for Alice to bribe Bob The Politician to send him the money by one channel, and send a message by another channel claiming to have paid the bribe. (Bribe, independent campaign finance expenditure, whatever. :-) The issue is whether you can do it in a way that Bob knows that Alice isn't lying about having sent the money (either because nobody sent the money, or because somebody else sent the money and she's taking credit for it.) Bearer payments help a lot with this. Of course, it's nice if Alice can know Bob received the money, and that once he's been bribed he'll stay bribed. Sending the bearer payment encrypted, and following it with the key in response to a receipt can be helpful. If you use the proposed "mandatory anonymous donation" protocol, you can still send a message saying you paid the bribe - it's just easier to claim that you've done it when you haven't. Bill At 12:06 PM 04/14/2000 -0400, dmolnar wrote: Hi, The recent article reminds me -- did anyone see Tomas Sander and Matt Franklin's presentation at CFP on "Deniable Payments and Electronic Campaign Finance"? What did you think? http://www.cfp2000.org/papers/franklin.pdf Their idea is to take the "mandated donor anonymity" proposed by Ian Ayres Jeremy Bulow http://www.yale.edu/lawweb/faculty/bulow.pdf and build a protocol which allows everyone to ensure that donations are going to the correct candidate, without revealing anything about who donated to whom. Thanks, -David Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
FUD: 5/9/00: FBI Briefing on Hunting The Wiley Hacker - Bay Area
Several people have forwarded this to me. -Original Message- From: The SANS Institute [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 03, 2000 5:45 Subject: FBI Briefing on Hunting The Wiley Hacker plus Certification Training Andrew Next Tuesday (May 9), the San Francisco FBI Office and the National Infrastructure Protection Center will be briefing the computer and network security community on the processes used to find the attackers. They'll share some stories that are fascinating. There are about 70 places left. I hope you'll consider coming. There's no cost. Details are below. You must let us know by Thursday evening if you want to have a seat reserved for you. This is a great chance to develop partnerships between system and network administrators and the people in law enforcement who can help find and prosecute attackers. Also next week is SANS Northern California Computer Security Certification Training program in Intrusion Detection, Firewalls, NT Security, Hacker Exploits plus a program for beginners. You'll find details at http://www.sans.org/sj00.htm Alan Alan Paller Director of Research The SANS Institute = = = FBI Briefing on "Hunting The Wiley Hacker" Reservation Deadline: May 4, 2000 Date: May 9, 2000 Location: San Jose (near the airport) Because of space limitations the location will be sent out with confirmations. Time: 1:00 - 2:30 PM Cost: Free - sponsored by the SANS Institute Eligibility: Seats will be allocated to several groups Please check the highest one in which you fit: ___ SANS Alumni (city and year_) ___ Law enforcement ___ Full time system or network administrator, computer auditor, or security professional ___ Other To reserve a seat provide: Name: Title: Organization: Email: ___ __ Check here is you do not get the weekly newsbites email summary of major security stories and want to be added to the list. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Spammage: I Surf, YOU GET PAID!!!!!! www.alladvantage.com
GBLX.NET - Looks like you've killed the alladvantage.com spammers! Thanks! If you haven't, I can send you the original to the spam this user is complaining about. ~~ At 10:01 PM 05/02/2000 -0700, Dragos Ruiu wrote: I would recommend that everyone who received this forward it back to Mr. Pio at [EMAIL PROTECTED] to make the point that this is unacceptable behaviour. Just once each should suffice, and not contravene any usage policies :-). I did... Call it distributed spam negative reinforcement. :-) :-) :-} Let's hope this will be sufficient to reinforce the lesson about what not to do on public technical mailing lists. Usually that sort of thing just feeds the animals. In particular, it tells the spammer you've got a valid address, so you can be spammed with more spam. It makes more sense to drop email to [EMAIL PROTECTED], who will kill the account if they get enough complaints. The more interesting problem is what to do about http://www.alladvantage.com/ which is the spamhaus that this spammer and many others use. You can send them a complaint, and they'll tell you they'll drop that bad bad bad user's account, but I haven't seen any evidence they'll stop doing promoting spammers, because that's their business. On the other hand "tracert alladvantage.com" gets as far as gblx.net, and then dies with "Destination Net Unreachable", so their hosting center has probably done the right thing, or else they're being deservedly mailbombed. You could call the person listed in the whois record on the phone... Tsai, Alex (ATX201) [EMAIL PROTECTED] ALLADVANTAGE.COM P.O. Box 50187 Palo Alto , CA 94303 510-783-7249 Note that +1-510 is the area code across the bay from Palo Alto. ~ Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
GPS Selective Availability turned off
Americans are now allowed to know where they are :-) http://www.igeb.gov/ http://www.igeb.gov/sa/whfactsheet.txt The commonly reported URL is a moving-target pointer to the White House Press Releases, so today's 0th press release is something about www.americasteens.gov, a Federal program to prevent the corruption of our kids' precious bodily fluids or something. If you dredge the pointers to previous days, you get to http://www.igeb.gov/ , the Interagency GPS Executive Board, a new policy board that's split between the War Department and the Department of Transportation, so it's no longer purely under military bureaucratic control. According to the web site, the 95th percentile CEP radius has gone from ~44m to ~4m for horizontal positioning; I'm not sure what the vertical accuracy is, but I assume it's also much improved. By the way, I've moved - I'm about 0.05 miles from where I used to live, and my elevation's changed yet again, so I'm not sure if it's 33 feet or not :-) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Proposed treaty demonstrates weakness of Euro Privacy Laws.
At 09:09 AM 05/03/2000 -0400, Declan McCullagh wrote several articles about European treaty activity, including one that about the cybercrime treaty, http://conventions.coe.int/treaty/en/projets/cybercrime.htm which requires service providers to keep logs, reveal them to cops, and not reveal to the public when they reveal logs to cops, and of course compel people to reveal passwords. Some of this is Europe-only; some includes the US. This is yet another demonstration of the "European Privacy Law" approach to protecting privacy. Some parts of the laws are durable (Privacy Commissioners and other bureaucrats tend to stick around), but some parts can be changed on a whim, at least to the extent that law enforcement advocates can get laws or treaties adopted to give them more things to enforce. Maybe today the laws permit the government to inspect big companies' big scary computer databases to see if anything bad is being done, and require them to notify you whenever they do anything with your data, and let the Privacy Ombudsman to access government databases, but next week some bureaucrat will realize that the phone list in your mobile phone is a computer database of personal data, subject to inspection, and the week after that they'll make a treaty letting the police not notify you when _they're_ checking out your personal data, or requiring them not to tell the Privacy Ombudman or whatever. And it's nice to know that US Census records containing personal data are protected for the next 75 years, or for the next 15 minutes if they change the law that provides the protection because the Drug Police Assistance Treaty requires access to data on Colombians. The US Constitution isn't perfect, but it's better than what our government does today. Similarly, there are some EU human rights protections that may be slightly more durable than regular laws which are easily replaced by modified laws. But anything less than that just isn't durable protection. At least the treaty just requires participants to make the laws implementing it rather than applying directly - but that also means any moderating terms that got compromised on to make the treaty more acceptable have the opportunity to get dropped from each country's implementing laws. Gakkk... I keep agreeing more and more with David Brin's "privacy is over, get used to it, video the government also" approaches :-) The document: http://www.politechbot.com/docs/treaty.html http://www.wired.com/news/politics/0,1283,36047,00.html Cyber-treaty Goes Too Far? by Declan McCullagh ([EMAIL PROTECTED]) 3:00 a.m. May. 3, 2000 PDT WASHINGTON -- U.S. and European police agencies will receive new powers to investigate and prosecute computer crimes, according to a preliminary draft of a treaty being circulated among over 40 nations. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Pgpdisk, Scramdisk, Safehouse, KOH, SecureDrive, SecureDevice. etc
At 07:51 AM 05/02/2000 -0700, Eric Murray wrote: Another weak point is, once the unit has done the biometric match and unlocked the key, where does the key go? To the PC to be used to decrypt the filesystem? Or does the filesystem get decrypted on the device? The latter would be less insecure, at the cost of performance. Of course the maker could add a $5 3DES chip to do the crypto, but that $5 cost (in quantity) winds up adding $25 or 30 on the retail price. Matt Blaze did some work a while back on sharing decryption workload between smartcards and faster computers. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Breaking up Microsoft and bad side effects
The Justice Department, as usual, doesn't understand the issues beyond their immediate objectives and the political pressures and costs and benefits of the political games they're aware of playing. Five years ago, the dominant startup business model in Silicon Valley was to announce your product and go public.* It was a nice model, but not only have the high-tech buzzwords changed a bit, the "Go Public" phase for many businesses has been replaced with "If you're in hardware, sell out to Cisco." "If you're in software or services, sell out to Microsoft." Breaking up Microsoft into two or three of pieces may not bother this in the long run; doing more damage almost certainly will. But in the short to medium run, it's not only affecting current sellouts that aren't fairly far along, it's really impeding the expectation that you can sell out to Microsoft, which makes it more risky to start the startup, and difficult to get venture funding, and that slows down the engines that drive the whole Valley. One friend of mine has already lost her job because of it (she'd been there two weeks, and they didn't get second-round VC financing, so they dumped most of their people. On the other hand, she had a new job by afternoon, at one of the other startups she'd interviewed.) ~~ [* "Go to Menlo Park. Shake a tree. A venture capitalist will fall out. Wave your hands and say complex high-tech words. The VC will give you $4M dollars. Hire 20 people, publish lots of hype, stir for six months, and go public. Your IPO stock will inflate rapidly, and you'll become Mozillionaires. Your share is $30M dollars. Go to Menlo Park. Climb a tree."] Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Pgpdisk, Scramdisk, Safehouse, KOH, SecureDrive, SecureDevice. etc
Patrick Henry The Nym wrote: This would be a good issue to bring up with them directly. By the way, I asked them once how I could be sure there is no back door into the system. They merely said "there is no back door." That's because you asked them the wrong question. You needed to ask them "Ohhh, Nooo! I did something wrong setting up the system and I can't get any of my data off my disk! Help me! Help me!" phrased in some way that makes sense in the context of their user interface. That's usually the best way to find the back door. "My cat licked the U.are.U while I was initializing my secure disk!" At 06:05 PM 04/18/2000 -0700, ericm wrote: [U.R.U. has an encrypted-disk feature.] The problem that I have with the U.are.U system, and anything else like it, is that I can't see how to make it secure. ... In the U.are.U system, the templates can't be stored strongly encrypted with a passphrase, because then you'd need to type in a passphrase to unlock your biometric in order to authenticate with your finger, which would clearly be silly. So, the template has to be stored in the clear, or encrypted with a key that's embedded in the U.are.U software and hidden using the usual software tamper-resistance techniques which of course can be cracked, allowing the attacker to replace the template with his own. If I were building a thing like that, I'd use public-key. Have the U.are.U generate a public/private keypair, store the private key in NVRAM/flash/etc., and only hand the encrypted fingerprint material to the PC. (You might be able to use secret-key, but I'm not sure.) This does mean making the U.are.U module tamper-resistant, but it _is_ a consumer device, not a KGB-proof device. The more serious issue is making sure that the secret or public/private keys are generated by the user, not by the factory, which would be Yet Another Obvious Backdoor. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: MI5 builds new centre to read e-mails on the net
Oh, Boy! MI5 gets to imitate the KGB's SORM system, and play like the big boys do! "GTAC - government technical assistance centre" sounds a lot like the British phrase "assisting the police in their investigations", which seems to mean something between "being beaten into confessing" and "ratting on his friends". Once the UK gets widespread use of IP telephony, this should be even more convenient :-) The hand-over-your-keys powers are a strong argument for development and deployment of Perfect Forward Secrecy whenever possible. How much of the current web server software uses this? At 07:31 AM 04/30/2000 +0200, Anonymous User wrote: MI5 builds new centre to read e-mails on the net Nicholas Rufford MI5 is building a new £25m e-mail surveillance centre that will have the power to monitor all e-mails and internet messages sent and received in Britain. The government is to require internet service providers, such as Freeserve and AOL, to have "hardwire" links to the new computer facility so that messages can be traced across the internet. The security service and the police will still need Home Office permission to search for e-mails and internet traffic, but they can apply for general warrants that would enable them to intercept communications for a company or an organisation. The new computer centre, codenamed GTAC - government technical assistance centre - which will be up and running by the end of the year inside MI5's London headquarters, has provoked concern among civil liberties groups. "With this facility, the government can track every website that a person visits, without a warrant, giving rise to a culture of suspicion by association," said Caspar Bowden, director of the Foundation for Information Policy Research. The government already has powers to tap phone lines linking computers, but the growth of the internet has made it impossible to read all material. By requiring service providers to install cables that will download material to MI5, the government will have the technical capability to read everything that passes over the internet. . The new spy centre will decode messages that have been encrypted. Under new powers due to come into force this summer, police will be able to require individuals and companies to hand over computer "keys", special codes that unlock scrambled messages. There is controversy over how the costs of intercepting internet traffic should be shared between government and industry. Experts estimate that the cost to Britain's 400 service providers will be £30m in the first year. Internet companies say that this is too expensive, especially as many are making losses. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Fwd: book by Sarah Flannery
Forwarded from the cryptography list: From: Steve Bellovin Sarah Flannery -- the Irish teenager who had invented a new public key cryptosystem -- and her father have written a book, "In Code: A Mathematical Journey". It doesn't seem to be available yet in the U.S.; however, amazon.co.uk is perfectly willing to ship it. My copy is on order...
Re: crypto question
At 09:54 AM 04/11/2000 EDT, [EMAIL PROTECTED] wrote: hey, i've been thinking about this for a while, and i was wondering if it is possible to use some form of crypto to allow someone to read and append to a file, but force them to have a hard-to-crack private key if they ever want to delete from it? Append-only is difficult in an abstract environment; it's much easire in the context of an operating system's users, or a communication environment. Suppose you have a file F with bits b1... bN, and a signature sN, or if you prefer you can put the signature first. Anybody can add bits to the end, but the signature only covers the original bits. You can't tell if they've added bits and then removed them again, leaving the original file, or the original file with some but not all appended bits, or the original file with different appended bits. If the appender hands the signer the original file plus appended bits and gets back a new signed file b1...bZ, sZ, he can still substitute the original b1...bN, sN. You could add a timestamp, so b1...bN,tN,sN signs the bits and timestamp, and have some independent path to check the latest timestamp (or have the signer sign the current file periodically, so you can tell how long it is since the last checkpoint.) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: HIP 97 history
I think Lucky Green [EMAIL PROTECTED], Ian Goldberg [EMAIL PROTECTED], and Dave DelTorto [EMAIL PROTECTED] were all there. John Gilmore and Hugh Daniel may have been there, or that may have been the next one. If you're near San Francisco, the Cypherpunks meetings are the second Saturday of the month. The web site with the location announcements is http://www.cryptorights.org/cypherpunks/meetingpunks.html At 10:50 PM 04/05/2000 +0200, d.a. solomon wrote: Dear Cypherpunks, I am a Dutch artist working with digital media in the Internet cultural space. In the summer of '97, I initiated the project the_living that embodies a character appearing only on the Internet-a digi-persona. One of the primary goals of the project is to create what I call 'a working chronicle of digital culture', a constantly expanding archive of 'live events'. It is in this regard that I have contacted you to ask if you could please help me find someone who was a part of the Bay Area Cypherpunks group at the HIP 97. Could you help me find a certain SF Bay Area cypherpunk that attended the HIP 97 Hacking in Progress convention in Almere, NL. I know it is ancient history now, but this is precisely why I am trying to contact anyone associated with this project. At the convention there was a very interesting project involving the pgp challenge plus a ring of trust ceremony. Anyone who has attended either of these events would be very helpful to me. Between April and June I will be visiting in the US for an arts project of mine, the-living. Project the_living is an arts project and is non-journalistic and non-commercial in nature. The material garnered from these locations/individuals will only be used by the project and with permission of the individual. Thank you in advance. Warm regards, Debra Solomon http://www.the-living.org Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
ANNOUNCE TORONTO MEETING MOVED
DDT says that the Toronto location got changed from City Hall to a University location. Most of you who are going know already, but if you can't find it, call Dave at 415.730.3583 Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Census Terrorism
I looked at the census forms on the Feds' web site. They don't have the exact versions, and it's hard to navigate through the file-your-census-online pages if you don't have a real paper form with the magic numbers on it, but it's close enough to get the general idea. The Long Form does ask white people what kind of white they are, as well as lots of tax-related information like income and occupation and housing details. Also, knowing what kind of white people we have is useful for planning the next war in Albania. There's a blatantly dishonest brochure on census privacy - http://www.2000.census.gov/iqa/doc/privacy.pdf Publication D-3238 (7/98) It proudly proclaims the Census Department's "unbroken record" of protecting privacy of census records for 150+ years, and gives a bunch of examples, from the 1950s, 1960s, and newer. NOT from the 1940s, when the Census helped the Army find Japanese. Given that they're clearly acting in bad faith, and lying about their use of the data they collect, there's no way I'm giving them more than the number of people in my household plus a 5th Amendment rant. (Unfortunately, there's no box for "decline to state".) The current propaganda on minority identification is about pride, and about getting more money from Washington, and the burons who get influence by having minorities to give money to will certainly do so, just as every other fiefdom and constitutency in the Civil Service and Military will take advantage of ways they can get more money. After the Census is done, though, anybody in government can get the data for any purpose they want; at best it's protected only to the census-tract level, so the people who get their influence by attacking immigrants will get their turn. The INS wins both ways - if there are more non-white foreigner-origin people, they get more funding and also get to find out where they live. At 12:18 AM 03/31/2000 -0800, Tim May wrote: At 10:28 PM -0800 3/30/00, Bill Stewart wrote: I don't know if the Long Even More Intrusive Version asks about Internet access or cable TV as well as how many bathrooms and telephones you've got, but the 2010 version will unless it gets stomped (or unless they can collect that information more easily from Doubleclick.) And which ethnic communities they send lots of human investigators/workers into. The minority (a misnomer, as whites are now the minority in many places) communities are up in arms that so many census workers are fanning out in their neighborhoods, fearing that they're going to be rounded up and shipped back to Guatemala and Honduras, but they've got it all wrong: the census workers are being deployed to minority neighborhoods to get the minority count up. More minorities means more gravy from the Massah in the Big White Plantation House. Counting white people isuninteresting. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Enigma Stolen from Bletchley Park - BBC
Slashdot article http://slashdot.org/article.pl?sid=00/04/02/1433243mode=thread Beeb Story, with pictures, at http://news.bbc.co.uk/hi/english/uk/newsid_698000/698804.stm An Enigma machine used by the Nazis to send coded messages during World War Two, has been stolen from the code-cracking Station X at Bletchley Park, Buckinghamshire. The machine, worth about £100,000, is one of only three in the world. It was brought to the UK after the war. It looks like an old-fashioned typewriter, but the codes it produced were so sophisticated the Germans believed they were unbreakable. Bletchley Park Trust director Christine Large said: "This is a selfish act, calculated to deprive the visitors and students at Bletchley Park of the chance to enjoy and appreciate a unique piece of history." She added: "This is a devastating theft and has cast a dark cloud over Bletchley Park. We would liken it to the theft of the Cezanne at Oxford's Ashmolean Museum." Thames Valley police say the machine was stolen on Saturday afternoon, when the centre's museum was open to the public. Officers believe it was lifted from a glass display cabinet, where it formed the centrepiece of the main public display. It is feared the thieves may try to sell the machine on the internet. The author of the book Station X, Michael Smith, called it a "devastating blow", but said he did not believe the machine had been stolen to order. 'Beggars belief' "The trouble someone would have in selling this would be immense," he said. "I believe it's just a very stupid act by somebody and really beggars belief. I just hope it's returned safely." The site was already protected by 24 hour security guards, said Ms Large, but work to install state-of-the security at the site has now been speeded up. "The Trust will be deeply grateful for any information that may lead to the return of the machine," she added. The codebreakers of Station X are credited with shortening the war by several years. The top secret site employed teams of mathematicians, linguists and chess champions. By the end of the war 10,000 people were working there. Its work was so secret that even after the war its existence was not revealed. It was not until 1967 that details were made public, and some of its former workers later appeared on a television documentary about the station's historic achievements. Winston Churchill had dubbed the staff as "the geese that laid the golden eggs, and never cackled". The codebreakers included mathematician Alan Turing, seen as a genuis whose pioneering work paved the way for modern computers. The site was eventually scheduled for demolition, but a farewell party brought together 400 codebreakers whose stories were so fascinating it was decided to try to save the building instead. Hollywood blockbuster Not only was that goal achieved, but the story of Station X is being turned into a £90m Hollywood blockbuster starring Harvey Keitel and Jon Bon Jovi. Rock star Mick Jagger is a Bletchley Park enthusiast, and even owns an Enigma machine, but of a different type from the one stolen. Police have appealed to any members of the public with any information on the machine's whereabouts to contact them.
ZDNET FUD Taking Back The Net From Cyberthugs
Oh, N! There are cyber thugs attacking the net! Somebody has to DO SOMETHING! So ZDNet's proposing things that Somebody ought to Do. And they're holding a National Town Hall in SF April 20 10am-1pm to talk about it. 650 Townsend is about 4 blocks from Caltrain, and it's the home of Linuxcare and Thinklink. Feds, Cisco, Mudge, and Brad Templeton will be speaking. And there are a couple of online polls - vote early and often. The government National Plan document is at http://www.zdnet.com/graphics/specialreports/national_plan.pdf === (From Jesse Berst's column:) TAKE BACK THE NET: HOW TO FIGHT CYBER THUGS -- BEFORE IT'S TOO LATE http://cgi.zdnet.com/slink?/adeska/ad1tlt0403ba/4626:476099 A year ago it was Melissa. Two months ago denial-of-service attacks. What's next? Let's not wait to find out. It's time to declare war on cyber thugs. Come to the site where I've outlined a plan to take back the Net. You may not like it -- but we may not have any other choice. NATIONAL TOWN HALL, April 20, 9:30-1 650 Townsend, San Francisco http://www.zdnet.com/special/stories/defense/0,10459,2487555-2,00.html Speakers - Jeffrey A. Hunker (keynote)National Security Council and senior White House advisor on threats to critical infrastructure. John S. Tritak director of the federal government's Critical Infrastructure Assurance Office (CIAO) Kenneth C. Watson manager of Critical Infrastructure Protection, Cisco Systems Inc. Mudge "gray-hat" hacker, VP of research and development of @Stake Brad Templeton board member of the of the Electronic Frontier Foundation Government's National Plan Document http://www.zdnet.com/graphics/specialreports/national_plan.pdf Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: GERMAN SPIES: ECHELON EXISTS -- Sigint/Surveillance/Denmark
Very interesting. One member of the EU has been warning its country's businesses for 18 months, but nobody outside has read the press releases and the Euro Parliament is shocked to hear it from Duncan :-) Are any of their warnings on the net, or their advice on how companies can protect themselves from monitoring? At 12:44 PM 04/03/2000 +0200, Bo Elkjaer wrote: GERMAN SPIES: ECHELON EXISTS For 18 months now, Germany's intelligence service has issued warnings against Echelon's industrial espionage Dig that. Today, Ekstra Bladet can help the upcoming parliamentary commission that shall investigate Echelon. We can now document that the German intelligence service has been warning against Echelon's espionage for at least 18 months. In Denmark, the Military Intelligence Service (FE) states that they know nothing more than what they read in the newspapers. They tackle the situation a little differently in Germany. Germany's national intelligence agency, Verfassungsschutz, openly warns its business and industry community against Echelon. Germany's intelligence agencies do more than just warn against the spying, however. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639