[BAWUG] RFC1149 implemented
From: Lars Aronsson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [BAWUG] RFC1149 implemented List-Help: mailto:[EMAIL PROTECTED]?subject=help BAWUG, Some people in Bergen, Norway are betting on a different wireless future and have made the first known implementation of the CPIP protocol from RFC1149. This Internet Request For Comments is titled A Standard for the Transmission of IP Datagrams on Avian Carriers and was published on April 1, 1990. Yes, this means sending IP packets with homing pigeons. The experiment was conducted by the Bergen Linux Users' Group in cooperation with Vesta Brevduveforening on April 28, 2001. Ping times varied between 3200 and 6300 seconds (1 - 2 hours). Here are the images: http://www.blug.linux.no/rfc1149/ Lars Aronsson. -- Aronsson Datateknik Teknikringen 1e tel +46-70-7891609 [EMAIL PROTECTED] SE-583 30 Linköping, Sweden fax +46-13-211820http://aronsson.se -- general wireless list, a bawug thing http://www.bawug.org/ [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
WSJ: NSA Computer Upgrade
NSA COMPUTER UPGRADE - [The Wall Street Journal, B1.] What does it take to send an e-mail to all 38,000 employees at the government's premier computing center, the supersecret National Security Agency? "An act of God," says the agency's director since 1999, Lt. Gen. Michael Hayden. The NSA, he discovered to his chagrin last year, has 68 e-mail systems. He has three computers on his desk - none of which can communicate with the others. To deal with those frustrations, Hayden is now plunging into one of the U.S. government's biggest information-technology outsourcing deals ever. More than 15 companies, including ATT, Computer Sciences, IBM, General Dynamics and OAO, have formed three teams to compete for a contract set to be valued at as much as $5 billion over 10 years. Requests for proposals went out last week; the winner will be chosen by July. Project Groundbreaker, as the job is called, will be a curious venture by any measure. The winning consortium will take over running the NSA's office-technology infrastructure, including thousands of desktop computers and a Medusa-like tangle of software and internal communications systems. Hayden describes the current setup as "anarchic, convoluted and complex." It is a holdover from the days when the NSA, for security reasons, was broken into dozens of sealed-off compartments. Each bought its own computers, developed its own software and built its own networks, intentionally cut off from the rest of the organization. Hayden now wants to open the place up, at least internally. Whoever wins the Groundbreaker contract will have to meld the current mess into one seamless network, so that for the first time the agency can move around top-secret files as any company would, but without fear of an external security breach. If Groundbreaker succeeds, industry experts predict it could set off a wave of other big outsourcing deals within the federal government. Likely next candidates include the departments of Energy and Defense, and even the Central Intelligence Agency. "This will set the standard for how all similar deals proceed," says Thomas Robinson, president of CSC's Defense Group, which is leading one team that also includes General Dynamics and Verizon. The leaders of the other two competing consortia are ATT and OAO.
ANNOUNCE: Bay Area Cypherpunks Meeting, STANFORD 02/10/01
SF Bay Area Cypherpunks February 10, 2001 Events: Sat 10 February 1:00 - 5:00 PM Stanford University Campus - Tressider Union - Inside Upstairs Agenda - Open Discussion Cryptorights in Guatemala Cryptorights Journal - Bring submissions for 2/14 First Edition Location Info: The meeting location will be familiar to those who've been to our outdoor meetings before, but for those who haven't been, it's on the Stanford University campus, INSIDE Tressider Union, at the end of Santa Theresa, just west of Dinkelspiel Auditorium. Ask anyone on campus where Tresidder is and they'll help you find it. Because the weather will be bad, we will be meeting INSIDE. There's a spiral staircase that goes UPSTAIRS to the second floor, and we'll be in the seating area near the upstairs end. Food and beverages are available at the cafe inside Tresidder. Location Maps: Stanford Campus (overview, Tresidder highlighted). http://www.stanford.edu/home/map/search_map.html?keyword=ACADEMIC=Tresidder +Union Tressider Union (zoomed detail view). http://www.stanford.edu/home/map/stanford_zoom_map.html?234,312 Printable Stanford Map (407k). http://www.stanford.edu/home/visitors/campus_map.pdf For directions, finding people, or general information, call Bill Stewart at +1-415-307-7119 [ This announcement sent to the following mailing lists: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Mailing list complaints or address corrections to [EMAIL PROTECTED] ] Online version: http://www.cryptorights.org/cypherpunks/meetingpunks.html [The web site / listbot is currently down, but should be back up in a few days.] Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Blank Frank and Lori Banks
At 07:51 AM 1/23/01 -0600, Lori Banks wrote:
I just read an interesting email that you sent concerning cracking .pwl
files.
I have a need to crack a .pwl file, but I don't know how to make that
program work.
I'm really not computer literate (if you can't tell).
I am a concerned parent that has stumbled upon information that is
not good regarding my teen and the Internet.
Could you help me find out what these passwords are or how to work that
program?
I downloaded some sort of password pwl program and it showed 17 passwords,
but they are encrypted. Any help would be greatly appreciated. Thanks,
Mrs. Banks
Mrs. Banks - Cypherpunks is a large, noisy mailing list.
In addition to talking about cryptography, privacy, and the effects
on economics and politics of being able to talk and conduct business
without government interference, and random other topics,
we end up receiving lots of mail from people pretending to be
teenagers asking us about bombs, hacking, credit cards, etc.
Some of them are clueless kiddies who think we'll tell them
how to steal stuff to make bombs so they can be rilly kewl d00ds,
some of them are annoying kiddies who've found they can stir up
lots of annoyed discussion by posting provocative or clueless questions,
and some are probably cops who think they can stir up business
by finding people doing stuff with Bombs and Computer Crime
that make good headline material.*
So don't be surprised if readers like Blank Frank take you for
one of these three categories (start at the middle and work your way out),
and either gives you the flames you're looking for or
the abuse you deserve if you're one of the clueless types.
Your message could be perfectly legitimate, but it's just
dripping with troll bait We haven't had anybody
saying their somebody's Mom who wants to break into her kid's
machine before, but hey, there's a first time for everything.
On the other hand, many of us were once teenagers who had
parents who didn't understand us (what a surprise, eh?)
and a request saying "I don't trust my kid and I want to crack
his passwords to spy on him" isn't guaranteed to get more
sympathy for you than for your kid.
Anyway, that being said, there are only a few reasons for having
lots of Microsoft password files around. One is that your son has created
lots of logins on your home computer, either for his friends to use
or because he's creating lots of different identities for himself.
The former is something you may want to talk to him about,
depending on how much control you want to have over that computer
(is it his bedroom game machine or are you running the family business on it?)
Another is that he has logins of his own on multiple machines using
Microsoft-style logins. That's kind of odd - is he running a bunch
of web pages on FrontPage-based servers, or is he cracking into
corporate machines?
The "17 passwords" is pretty close to a magic number, which is the number
of "access devices" it takes for possessing stolen/cracked passwords
to become a US Federal crime. I forget if the number is 15,
in which case by asking us to crack them you're asking us to
commit a Federal crime (remember the discussion about cops trying
to win friends and influence headlines through entrapment?),
depending on whether you have authorization to access the machines
that those passwords apply to (if you give us permission to crack the
passwords for your own machine, it's not a crime, but if they're
the passwords for your kid's publishing accounts on commercial porn sites,
that might be criminal, and if they're for accounts your kid's
trying to break into, or if you're really the kid or a cop,
it could be criminal.)
So if you're thinking about breaking into your kid's machine,
because you don't trust him, yes, you've got some relationship
problems you'll have to deal with. Not much different from asking
your kid where he went and having him say "Out" - either you go
ask all the neighbors where he went because he won't tell you,
or you work on the relationship, or you hire a private detective
to track him, just as you could probably hire Access Data or somebody
to break his password files, if you were willing to risk criminality.
I'd recommend going for the relationship
===
* (Perhaps some are even good cops trying to do what they think is
their job by stopping clueless kiddies from posting dangerous inaccurate
information where more clueless kiddies will find it.
We do have some cops and Feds on the list that are open about it,
and they're good folks we go shooting with :-)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Some other math/crypto sci-fi
You could do a collectable card game based on the patent mess, but the idea of a collectable card game has already been patented. (Now owned by Hasbro now that they bought Wizards of the Cost.) On a slightly more cypherpunkish theme, before Cryptonomicon had the base-52 Solitaire encryption, there had been some people who'd done 256-card implementations of RC4. That's a lot of cards - a 64-card version would still be reasonably secure. The Illuminati collectable-card-game cards from Steve Jackson Games would do well (maybe there are 256?), but it's easier to do something with suits and numbers on lots of the cards; a Tarot deck has something like 79 cards, and an appropriate amount of deliberate obfuscation. There's also the Silicon Valley Tarot (which first appeared on the web, www.svtarot.com, but SJG sells the cards) which has more localized archetypes, like The Hacker, The Garage, The Ace of Cubicles, Bugs, Encryption. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: CDR: Re: Some other math/crypto sci-fi
At 01:26 PM 1/24/01 +0100, Tom wrote: Alan Olsen wrote: You could do a collectable card game based on the patent mess, but the idea of a collectable card game has already been patented. (Now owned by Hasbro now that they bought Wizards of the Cost.) wouldn't that be perfect? a "collectable patent card game", as a way to criticise patents (by using the most ridiculous ones on the cards), which in itself violates a patent... hm, I like the idea... "combine the 'patent for display of blablah' with the 'method or device for remote information acquisition' and you can cross-license that against your enemie's 'global computer network patent' for 10 points." I'll take "Famous Patent Lawyers" for $200 ...
Microsoft DNS back up.
Declan - Microsoft's DNS is back up; the article in
The Register http://www.theregister.co.uk/content/6/16340.html
says their problems were due to DNS issues, not security
or denial of service attacks.
Previous story about it being down
http://www.theregister.co.uk/content/6/16321.html
There's much discussion on Slashdot,
http://slashdot.org/article.pl?sid=01/01/24/1455247mode=thread
but not much of it's useful :-)
With Microsoft trying last year to push the term
"Digital Nervous System" to usurp the acronym DNS,
in spite of it being the third or fourth most important
aspect of the Internet (and one of the most controversial),
having a Digital Nervous Breakdown seems like poetic justice.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: CDR: Some other math/crypto sci-fi
At 09:53 PM 1/22/01 -0600, Jim Choate wrote: And probably the best crypto/code/conspiricy fiction ever written, Foucault's Pendulum by Umberto Eco. It's worth reading the Illuminatus! trilogy first. I tried finding that in used book stores a decade or so ago, and for a while there was a Conspiracy to prevent me from collecting the whole set But yes, Foucault's Pendulum was a howler as well as having some deep material in it. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: CDR: Re: Recommendations for Cypherpunks Books
At 01:27 AM 1/23/01 -0500, dmolnar wrote:
This suggests a tangent - If we look at works of fiction which were
politically or socially influential in their day, how many were
entertaining? how many were "good stories"? A lot of polemics end up
seeming transparent and thin today (I'm thinking in particular of
Bellamy's _Looking Backward_, but there are probably other examples).
They had to capture their audience somehow, which seems to say something
about the audience of the time (or maybe just about the tendency people
have to overlook faults in a book which agrees with them).
There's always Ayn Rand - "The Fountainhead" has at least some
depth of characters, as opposed to her later and more polemic
fnord"Telemachus Sneezed", with the 600-page speech
by John Guilt/fnord
"Atlas Shrugged", with its much thinner characters and
increased preachiness.
On the other hand, a lot of Frank Lloyd Wright's buildings haven't
passed the physical tests of time, and I gather geodesic domes
tend to leak even if they're not built as badly as
those that Some Local Cypherpunks are living in - we'll see how
geodesic economies do...
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Reno rocks out
At 01:38 AM 1/21/01 -0500, [EMAIL PROTECTED] wrote:
From: Declan McCullagh [EMAIL PROTECTED]
#
#When I was standing on a sidewalk in front of the federal courthouse on
#Pennsylvania Ave (of Monicagate and Microsoft trial fame), a deputy U.S.
#Marshal told me I could not take a photo of the courthouse.
For the first time,
the inauguration was designated a "National Security Event."
Unfortunately, national security was not protected,
and the vote-stealer did get inaugurated :-)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Recommendations for Cypherpunks Books
At 07:09 PM 1/22/01 -0500, dmolnar wrote:
Etizoni is a very technical boy. Unfortunately, his value system
led him to invent "Fair Cryptography" (that's "fair" as in "Fair Trade",
not "fair" as in "actually fair to anybody" :-), which covers a
couple of variants on key escrow.
Hmm. So this explains all those papers on "fair cryptosystems." Well, at
least one paper (and patent!) by Micali...
Gak. How did I spaz so badly on that one? Of course it was Micali.
Ignore my whole paragraph!
I think Etizoni did something technical though, but maybe it was
some other privacy-degrading thing, or maybe I'm remembering him
commenting on fair cryptosystems.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Recommendations for Cypherpunks Books
One of the major values to fiction is that it lets you think about the social implications of technology, in most cases without going deeply into the technology itself. That's important for cypherpunks, though the street finds its own uses for tech, and it's easier to describe crypto non-bogusly than it is to describe star-drive engines or brain-machine interfaces. Neil Stephenson's Cryptonomicon is of course recommended, and classics like Vinge's "True Names" and "A Fire Upon The Deep". and Stephenson's "Snow Crash". Orson Scott Card's "Ender's Game" has some nice treatment of reputation systems and pseudonymity - unfortunately it's *much* harder to get the tech correct than it is to write about what if feels like to use well-designed systems :-) Brunner's "Shockwave Rider" and Sterling's "Islands in the Net" hit some of the appropriate space. "Trouble and Her Friends" has some good treatment of cryptographically protected subcultures, though that's more as redeeming-social-value for a book that's written for genre. "Idoru" by Gibson does some of the same. Then there's "ruthless.com" by "whatever hack writer Tom Clancy's franchised his name out to these days" - Bad Tech, 1-dimensional characters, but it's interesting to see whose political agenda he's selling out to. Bring your barf bags, but read it One effort in this direction which comes to mind is the "communitarian" approach applied to privacy by Amitai Etizoni. What I've heard of it I don't like, but I don't know much more than a few basic things - "community" above all, corporate invasions of privacy pure evil, state intrusions less evil because subject to scrutiny. Etizoni is a very technical boy. Unfortunately, his value system led him to invent "Fair Cryptography" (that's "fair" as in "Fair Trade", not "fair" as in "actually fair to anybody" :-), which covers a couple of variants on key escrow. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Yet another spam generator
At 11:47 AM 1/19/01 +, Ken Brown wrote:
http://www.spammimic.com/encode.cgi supposedly encodes your short
messages as imitation spam, postings designed to fail content filtering
so (the author claims) bypass Echelon. Hmmm. Whoever put the site up
doesn't seem to have a clear distinction between cryptography,
stenography obfuscation. Does everyone have to reinvent the wheel
every time? Are we going to go through it all *again* with mobile phone
text messages?
You're missing the point - it's intended as a steganography system,
and like most such, it won't stop somebody who has the same system
from destegoing it, but it will stop or substantially reduce the
likelihood of Echelon or similar keyword systems from snarfing it.
(You could also do a terrorist-mimic version* if you want to
_increase_ the chances of Echelon picking it up.)
Of course if you need security, you need to stego cyphertext only.
The web site probably should emphasize this, but you can always
paste in PGP output. (Obviously you'd really want to run the code on
your own machine and those of your unindicted co-conspirators,
and use custom grammars.)
I have a friend who could have really used a program like this
a few years ago - he was working in Ethiopia, and he had enough trouble
keeping the local kleptocrats from stealing his computers
"they don't run without the passwords, so you can't resell them"
and the phone company yelled at him for making phone calls in Dutch,
which their eavesdroppers couldn't understand; French or Italian
or English would have been ok if he wasn't using a local language.
We got him a copy of PGP, but he didn't feel safe using it.
It seems to be a version of Peter Wayner's bumf generator from way back
when: http://catless.ncl.ac.uk/Risks/11.71.html#subj2
I think it _was_ Peter Wayner who posted it - this is an implementation
of his "mimic functions" paper from some years ago.
(Which has a very funny bit in the style of a Neil Kinnock speech -
maybe you have to be in the Labour Party to get it...)
My former Senator, Joe Biden, got caught for plagiarizing Kinnock once -
it doesn't take a computer to generate bad speeches :-)
Does anybody have a copy of the Dilbert cartoon where
Dilbert's written a "Pointy-Haired-Boss-Speak" version of this?
~~~
Semtex Escobar Cocaine Radio Echelon TEMPEST
Pablo Assassinate Semtex Semtex W Osama's Radio Directionfinding
~~
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: REAL assassination politics
At 12:19 PM 1/18/01 -0500, Declan McCullagh wrote:
According to Rep. Barr, however, "These Executive orders
limit the swift, sure, and precise action needed by the
United States to protect our national security."
Rep. Barr did not indicate exactly who he wants the Government to
assassinate. His bill does say, encouragingly, that assassination
"is a remedy which should be used sparingly."
It's obviously to prevent another Clinton administration,
just as it was used to prevent various Kennedy administrations :-)
Also takes care of any lingering Gore recount problems.
Constitutionally, before you assassinate someone,
you have to propery indict the target and hold a trial in which
he or she is present, has a lawyer available,
and is allowed to question the witnesses and appeal whether any
sentence of death is cruel or unusual punishment.
_Then_ you can sneak up on them and kill them,
or poison their cigars, or give them an Israeli cellphone
or a Ford Pinto.
"You can't arrest him, he's a Sovereign"
"So declare war on him"
"That's a dumb move against someone with nuclear weapons"
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: SpamCop authorization code
At 05:28 PM 1/19/01 +0200, Sampo A Syreeni wrote:
On Fri, 19 Jan 2001 [EMAIL PROTECTED] wrote:
Oh, the irony. Spam on this list thanking you for helping rid the Net of
spam, a split second after telling you to share the included URL with no
one. That one could be used to demonstrate anything from the effect of the
human factor on access control schemes, to the futility of security through
obscurity, through to the apparent omnipresence of Those Who Definitely Need
Killing. Made my day...
It's not really spam - it's response mail from a site where
somebody registered with cypherpunks@wherever as their email.
The "Don't Share this with anyone" aspect is fun, though.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: crypto implementation for small footprint devices
At 03:42 PM 1/9/01 -0800, Xiao, Peter wrote:
I am currently looking for crypto implementation that can fit into small
footprint (in the order of 50K or less) devices. Ideally, an SSL type of
protocol meets my requirements but it is almost impossible to implement it
within 50K even with selected cipher suites. So, I am looking for
alternatives (either symmetric key or public key based). I was thinking
about WTLS but looks like its implementation can not be significantly
smaller than that of TLS since it is also based on Public Key cryptography
(I am wondering how it fits into a cellphone). Can any one tell me what is
the approximate size of the client implementation of WTLS. Also, would
anyone send some pointers to me regarding what I am looking for.
There's been a lot of work in the Smart Card community on
fitting crypto into small memory space - I don't know if the
"Independent Smart Card Developers' Organization" is still active
- probable address - https://scard.org
plus there are products from a number of smart card vendors.
Dallas Semiconductor's i-button includes a crypto version.
Certicom has the patents to many of the Elliptic Curve cryptosystem
versions, and they've done a lot of work on products for small environments.
ECC has an advantage over RSA and Diffie-Hellman public key methods
because the key lengths are much shorter, typically 160-256 bits
instead of 1024 or 512. On the other hand, the math is much more complex
than the bignum modular multiply and exponentiation that RSA and DH use,
so the code space would be larger. And 128 bytes may be large on a smartcard,
but it's not that big on anything else.
Is your space constraint RAM, or ROM/Flash code space?
It's easy to fit the data space for most crypto algorithms
into a few KB; the complexity is in the code space.
Some of the data transfer formats wrap a lot of header
and encoding around it, but some are simpler.
Unfortunately, ASN.1 and PGP both put lots of complexity
into data formats to squeeze out a few bits of space,
so the code tends to be bloatware.
If you're willing to do your own data formats, or use XDR,
you can eliminate most of this. (Simple bignums, etc.)
On the other hand, if you want full browser capability,
you'll need to do real SSL, so you can't avoid them.
Most of the crypto algorithms themselves are relatively small -
RSA and Diffie-Hellman are each a few lines (plus a bignum handler).
The RC4 symmetric-key algorithm is extremely small,
and operates on 8-bit bytes rather than bignums or bit-twiddling,
and the 128-bit versions are very secure as long as you
follow a few simple rules about usage.
DES is ugly, and the hash functions are ugly,
but they're still not very large.
The 2-lines-of-perl versions are horrendously ugly,
http://www.cypherspace.org/~adam/rsa/
and drag in perl's hugeness, but most of the ugliness
is because Perl doesn't have native bignums and
because they were converting from decimal input instead of hex.
The Lisp and Python equivalents are pretty clean and still small :-)
Digital signatures themselves are generally more complex
because you need to handle the name of the thing that's being signed,
and any semantics that thing drags with it. For instance,
are signatures fully general with N layers deep of key certification,
or are you just going to handle signatures from a built-in key
signing hashes of messages and code updates? (Or signatures from
keys signed by a built-in key.)
What you need for space depends a lot on your objectives and on
how general you need to be. Sometimes you can get by with
a few primitives to secure your communication to a central server
and do the more complex stuff on the server.
You're also going to have issues if you want to use the crypto
for protecting television content :-),
since that's typically a fast-moving target that changes
almost as fast as the pirates figure out how to crack it.
But even that crypto normally fits on smartcards.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
FWD: Dell, Unisys and Microsoft -- DUMvoting 1.0!
Forwarded from the RISKS Digest.
-
Date: Fri, 12 Jan 2001 17:56:28 -0500 (EST)
From: Gene N Haldeman [EMAIL PROTECTED]
Subject: Dell, Unisys and Microsoft -- DUMvoting 1.0!
"This Message Can Not Be Considered Spam, Even Though It Is.
Some Law That Never Was Enacted Says So."
Dell, Unisys and Microsoft have joined together to produce:
DUMvoting 1.0!
DUMvoting 1.0 is a simple 375k zipped download which you can install on
your machine tonight, and vote for President tomorrow! Worried about
hanging chad? Not with DUMvoting 1.0! No, your vote will travel over
HEALTHY SAFE Internet connections to our new DUMvoteCenter, located in my
next-door neighbor's basement where a 16-year-old computer genius known as
SWORDGANDALF will convert it into paper ballots in between Dungeons and
Dragons games.
(Note: During installation, a pop-up box may notify you that Back Orifice
is being installed. This is normal. For best results, please disable all
anti-virus software before installing DUMvoting 1.0)
NEVER AGAIN will you walk to a voting booth in the rain. NEVER AGAIN will
you have to associate with the kind of people (and you know what I'm talking
about, I don't have to spell it out for you, do I?) who hang around the
voting area. NO MORE messy contact with neighbors. We have got it ALL
WORKED OUT for you.
And with our new SPEEDYEXITPOLL (c), you won't have to wait till midnight
for the outcome! We will be sending our projections the day before the
elections, and our exit polls by 11:30 am on election day, saving you both
time and anxiety.
You must act fast, but DUMvoting 1.0 can be rushed to you for the low, low
price of $299.00 from our website at DUMvoting.com. In addition, we will
send you OILMAN 3.2, the exciting new game from Microsoft: Alaska's Up For
Grabs, And You Have Just Been Appointed To The EPA! Plunder as you will,
but watch out for the charging caribou; we're told they have a "thing" for
the pipeline!
Order without delay. Please include your Social Security number and any
recent medical bills.
*Sent by the Dell/Unisys/Microsoft Consortium: "DUMideas Last Forever."
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: CDR: IP, forwarded posts, and copyright infringement
At 11:36 AM 1/10/01 -0600, Jim Choate replied to Declan's post: (Hint: U.S. copyright law does not make mere possession or archiving an offense. Try distribution, performance, etc.) Hint: WRONG. Simply possessing a paperback book that has had its cover removed as a sign of 'destroyed' status is in fact a crime. Used book stores that have them in stock can be charged accordingly. At 12:54 PM 1/10/01 -0500, Declan McCullagh wrote: Anyway, Jim is conflating physical control over an instantiation of IP with the rights conferred by IP law. If someone copies Microsoft Word (or a Tom Clancy novel) onto a CDROM and gives it to me, I am not liable. The paperback book example has nothing to do with intellectual property - it's about real property, the dead-tree portion of the book that's left when the bookstore mails the front cover back to the distributor for credit and claims the rest of the book has been destroyed. Somebody, I think Jim, incorrectly said this was an issue about royalties, which would be IP-related, but it's not - royalties are what the publisher pays the author when the book gets sold, while this is about what the bookstore does or doesn't pay the wholesaler when the book does or doesn't get sold. (I'm not sure which legal rules cover it - fraud, tort, conversion, maybe theft by the store, so possibly possession of stolen property by the purchaser or other recipient.) However, that doesn't mean Declan's correct :-) Before the Digital Millenium Copyright Act, he probably would have been, but the DMCA is a vague ill-defined mess of evil intentions that are increasingly being expanded (or at least people are attempting to expand them; how much holds up in court remains to be seen.) The DeCSS cases are a relatively direct use. The Scientology claims against E-Bay for using electronic tools (their auction system) to violate their intellectual property constraints (by helping ex-Scientologists sell used E-Meters to people who haven't paid the Church of Scientology for their trade secret religious materials) is a way blatant stretch, but seem to have been enough to intimidate E-Bay. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
[MEETINGPUNKS] Jan 2001 Cypherpunks SF -- CRYPTO author Steven Levy, DVD/DeCSS, Martin Minow Remembered
From: Dave Del Torto [EMAIL PROTECTED]
-
Greetings,
Cypherpunks/Meetingpunks Announcements for January 2001!
Every month they seem to doubt us and expect our early demise, but
EVERY SECOND SATURDAY, rain or shine, we have ... wait for it ...
that's right: a Cypherpunks Physical Meeting (that means you show
up!) somewhere in the San Francisco Bay Area, and this coming Second
Saturday is no different... no budget, no frills, no BS (just the way
Martin would've liked it) we're not going away until the NSA does.
Check out the complete scoop at:
This Month in SF: http://cryptorights.org/cypherpunks/2001/0113-SF.html
All Jan Meetings: http://cryptorights.org/cypherpunks/2001/01.html
Admin/List Page: http://cryptorights.org/cypherpunks/meetingpunks.html
The Handy Shortcut: http://cryptorights.org/meetingpunks
January 2001/San Francisco Meeting Synopsis:
SF Bay Area Cypherpunks (80th Chairborne Regiment)
January 2001 Physical Meeting Announcement
General Info:
DATE: Saturday 13 January 2001
TIME: 1:00 - 6:00 PM (Pacific Time)
PLACE: San Francisco Law Enforcement Regional Training Center
(San Francisco Police Academy)
Room 102 (or follow the cribs)
This is the First Cypherpunks Meeting of the Millennium!
The January 2001 Physical Meeting of the San Francisco Bay Area
Cypherpunks will feature Steven Levy, author of the new
cypherpunk book "CRYPTO". If you haven't got your copy yet, buy one
and bring it to the meeting! We'll also spend some time catching up
with Cindy Cohn on the EFF's DVD/DeCSS case. At the end of
the meeting, we'll remember our departed friend Martin Minow
(who would have really enjoyed Steven's book).
As always, this is an Open Meeting on US Soil and members of the
Public are encouraged to attend, especially Martin's Friends and Family.
Meeting Agenda: (all timings are approximate)
"Our agenda is a widely-held secret."
12:00 - 1:00 - Informal milling about, food beverages.
1:00 - 3:00 - General Meeting:
HAL2001 Planning
A Report from Burma!
CryptoRights Foundation News
MojoNation Update
(Possible Mystery Ph.D.: Vna Tbyqoret)
3:00 - 4:30 - Special Guest: Steven Levy, author of "CRYPTO"
4:30 - 5:15 - Cindy Cohn, EFF: Update on the DVD/DeCSS Case
5:15 - 6:00 - "Remembering Martin Minow"
6:00 - ?- Dinner at a nearby restaurant usually follows the
meeting.
FULL INFO: http://cryptorights.org/cypherpunks/2001/0113-SF.html
. end here .
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Bell Case Subpoena
On Monday 08 January 2001 16:09, John Young wrote: You are also commanded to bring with you the following document(s) or object(s): Please provide any and all documents, papers, letters, computer disks, photographs, notes, objects, information, or other items in your possession or under your control, including electronically stored or computer records, which: 1. Name, mention, describe, discuss, involve or relate to James Dalton Bell, a/k/a Jim Bell, or 2. Were previously possessed, owned, created, sent by, transported, or oftherwise affiliated with James Dalton Bell, a/k/a Jim Bell, or How would you know if it was sent by him unless it had a digital signature that you are willing to testify in court was know to belong to him and had not been comprimised? I'd think there'd be serious problems with most of the evidence in this case being hearsay, except stuff specifically posted by Jim Bell. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
remailer test failed
Simone - your remailer test failed. It looks like two things went wrong.
1) You mailed it to the cypherpunks mailing list itself,
not to a remailer using the cypherpunks design.
There's a list of remailers at
http://anon.efga.org/Remailers/TypeIList
2) Your message needs to be plain text. You sent it using a
Microsoft X-HTML mail format. I've attached a copy of what
I received (in two pieces, since Eudora doesn't like to
forward X-HTML without converting to plaintext.)
So instead of seeing a line starting with :: ,
the remailer sees a line starting with
DIVFONT face=Arial size=2::/FONT/DIV
and doesn't know it's a remailer command.
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id NAA04405
for cypherpunks-unedited-outgoing; Sat, 6 Jan 2001 13:39:59 -0800 (PST)
Received: from mail.tiscalinet.it (mail-4.tiscalinet.it [195.130.225.150])
by toad.com (8.7.5/8.7.3) with ESMTP id NAA04399 for
[EMAIL PROTECTED]; Sat, 6 Jan 2001 13:39:56 -0800 (PST)
Received: from host (62.11.130.3) by mail.tiscalinet.it (5.5.015.5)
id 3A51DED4000E79E3 for [EMAIL PROTECTED]; Sat, 6 Jan 2001
22:39:38 +0100
Message-ID: 007901c07829$441fc960$03820b3e@host
From: "Simone" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Sat, 6 Jan 2001 22:40:18 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_NextPart_000_0076_01C07831.A52B8FC0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Sender: [EMAIL PROTECTED]
Precedence: first-class
Reply-To: "Simone" [EMAIL PROTECTED]
X-List: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
X-UIDL: b7fc41f2ba40a8ad2e91a25ec82a7e0e
x-html!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
HTMLHEAD
META content="text/html; charset=iso-8859-1" http-equiv=Content-Type
META content="MSHTML 5.00.2614.3500" name=GENERATOR
STYLE/STYLE
/HEAD
BODY bgColor=#ff
DIVnbsp;/DIV
DIVFONT face=Arial size=2::/FONT/DIV
DIVFONT face=Arial size=2request-remailing-to: A
href="mailto:[EMAIL PROTECTED]"[EMAIL PROTECTED]/A/FON
T/DIV
DIVnbsp;/DIV
DIVFONT face=Arial size=2questa una prova/FONT/DIV/BODY/HTML
/x-html
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Announcing Cypherpunks-India
--- begin forwarded text - Forwarded Date: Fri, 05 Jan 2001 18:57:08 +0530 To: A Whole Bunch Of People and Mailing Lists [EMAIL PROTECTED] From: Udhay Shankar N [EMAIL PROTECTED] Subject: [IRR] Announcing Cypherpunks-India -BEGIN PGP SIGNED MESSAGE- ***Please circulate to all interested parties*** This is to announce the Cypherpunks-India mailing list. The list is for cypherpunks in India, and for those who want to track the convergence of cryptography, politics and society here. As you know, I volunteered to organise cypherpunks fleshmeets in Bangalore a few months ago. We had an initial meet with some hoopla, along with the Linux-India monthly meet in Bangalore. Public meetings, however, have not happened since then (as opposed to the private meetings and interactions - you know who you are.). It's been difficult co-ordinating with people, who are mostly madly busy and geographically distributed throughout India. This list, therefore, is a first step towards giving some structure to the various behind-the-scenes interactions we've been having, and to spread awareness of crypto and how it impacts commerce and politics today. The list is kindly hosted by Vipul Ved Prakash, who needs no introduction to crypto observers here. Vipul also hosts http://munitions.vipul.net - which is an archive of crypto software that is mirrored across multiple locations. Vipul also was one of the finalists in the 3rd Annual Obfuscated Perl Contest with his dimunitive implementation of the Russian GOST algorithm. To subscribe, use any ONE of the following URLs: http://lists.vipul.net/mailman/listinfo/cpunks-india mailto:[EMAIL PROTECTED]?subject=subscribe In the next few days, as things evolve, we will put up some more information at the URLs above. Thanks for all your support, and see you on the list! Udhay - -- ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com)) God is silent. Now if we can only get Man to shut up. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQEVAwUBOlV+M6iP/rXKpnQVAQFmMwf+NYjR8zHda7dK+UIEuO22SC2vVPxa2OTc q1wUc9x9BTuco0aQi5cS2CE/sgFzr/RC2BZ20CZh9D1wbgOa5Vv7hVPZa1EmOYS/ hBNHYPDdnEPGoJV9KSW1KBxe1roz8ydDVqJAdxLlQmr6+aQpKba1ORgqZGuAF1jB 1SpKZhZkeoRG2r1+kOek2p7XG1NthOVvkV7iu0iA76Uw3/alButlqjASCVRkUK4D hPM9VO1/9Ao7KpnfOVmO4FJiHeO7/U/fMMn5q0bC5/qQzTZj0kLEst3FJbsTtgzy GjC8lmoU5mjt7XqlHRVgpF2NZpb2Au+8JOi3uIcy03zfEOB4ceQRFA== =ivkC -END PGP SIGNATURE- - Backwarded -- \|/ \|/ @~/ oO \~@http://www.tbtf.com/roving_reporter/ /_( \__/ )_\ \_U__/ # distributed via nettime: no commercial use without permission # nettime is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: [EMAIL PROTECTED] and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: [EMAIL PROTECTED] --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: Anglo-American communications studies
Actual boiler-type furnaces are quite rare in the US, and No they aren't. Out of 5 apartments I lived in in Chicago, 4 of them had steam heat. So did the apartments of most of my friends. My grandmother's house in Saint Louis has/had a boiler and steam heat. It's strongly related to the age of the building, as well as climate, fuel costs and convenience, etc. Most modern construction uses forced-air heating, it's cheap, responds rapidly, doesn't take up room space, and the ductwork can be used for central air-conditioning. My condo in Silicon Valley uses electric baseboard heat, which was a fad in the 60s and 70s when electricity was cheap, and has high ceilings so it doesn't need A/C in this climate. My apartment in Berkeley 20+ years ago had a gas-fired wall heater, relatively small and efficient for a 3-room place. My house in New Jersey, built in 1931, had steam radiators, with an oil-fired boiler that was originally coal-fired; my sister's house in Delaware is a bit older and has hot-water radiators. I paid less for winter heat in the Berkeley apartment than I did for summer electricity in New Jersey; I pay more now for winter heat in this mild California climate than I did in New Jersey where the winter gets reasonably cold, because electricity's more expensive than oil (even with lower night-time prices) and high ceilings are much better for keeping cool in the summer than warm in the winter, plus nobody bothered to insulate buildings out here in the 70s. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Escaping the Internet Archives - Re: Please remove...
reatestevils.php
(it's there because all the censorware products block web anonymizers.
www.ZeroKnowledge.com 's Freedom project provides a variety of services,
including multiple email and web identities and cookie management for a
small fee,
with cryptographic protection.
David Brin's "The Transparent Society" provides some discussion on how
traditional views of privacy have been made obsolete by technology -
get used to it, and make sure there are webcams pointed at
government officials so they behave themselves, since they'll be
pointing webcams at you. Paperback ISBN 0738201448
http://www.amazon.com/exec/obidos/ASIN/0738201448/o/qid=978637792/sr=8-1/ref
=aps_sr_b_1_1/103-5076663-8890269
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Reminder... Mac Crypto Jan 29th - Feb 1st
RAH isn't forwarding to Cypherpunks at the moment
--- begin forwarded text
Date: Fri, 29 Dec 2000 09:55:58 -0800
To: [EMAIL PROTECTED]
From: Vinnie Moscaritolo [EMAIL PROTECTED]
Subject: Reminder... Mac Crypto Jan 29th - Feb 1st
Cc: [EMAIL PROTECTED]
Hi all;
Below is a preliminary list of talks scheduled for the Millennium
Edition of the Mac Crypto/ Internet commerce workshop.
The conference will be held at Apple's Deanza 3 Auditorium
from Jan 29th - Feb 1st . I have had a lot of people propose talks
but only a few have actually sent me their abstracts.
If you are on the list below and would like to correct the abstracts,
please send me the updated text. If you are not on the list but plan to
talk,
then send me the abstract now.
thanks.
--
Jonathan D. Callas
Counterpane Internet Security
"The Effect of Anti-Circumvention Provisions on Security"
One of the properties of digital Intellectual Property (IP) is that it can
be easily reproduced, modified, and transferred. In response, IP owners
have created creating new security technologies for controlling the digital
works. Inevitably, this creates an opportunity for those who can circumvent
those technologies.
---
Will Price, Director of Engineering
PGP Security, Inc.
"PGP Future Directions"
Will Price will discuss new technologies in PGP such as Key
Reconstruction, Instant Messaging encryption, PGP for Wireless, and future
directions of PGP on the MacOS platform.
--
Jean-Luc GIRAUD [EMAIL PROTECTED]
"Security Architect". Gemplus (www.gemplus.com),
"Introduction to Smartcards"
This tutorial gives a general overview of the smartcard technology and
its added value for cryptography and security. Classical smartcard
concepts (card life cycle, smartcard structure, required
infrastructure,...) are covered along with recent ones like open cards
(Javacard,...). New applications and potentail security enhancements to
MacOS X are given. Finally, the current state of the art in smartcard
security is described. A lot of ressources are listed to give attendees
the opportunity to access more detailed information.
--
Charles Evans [EMAIL PROTECTED],
Partner, BEK Ventures,
"Secure, Real-Time Financial Transactions Using WebFunds on the Mac."
The talk will center on real-world transfer of value in the form of
either a) exchange among commodity-back electronic currencies or b)
trading of shares in micro-enterprises.
--
Vinnie Moscaritolo KF6WPJ ITCB-IMSH
http://www.vmeng.com/vinnie/
PGP: 3F903472C3AF622D5D918D9BD8B100090B3EF042
---
WARNING: POLITICALLY INCORRECT AREA
All P.C. Personnel entering these premises will
encounter gravely offensive behavior and opinions.
(SEC4623. Ministry of political incorrection security act of 1995)
RAMPANT INSENSITIVITY AUTHORIZED
--- end forwarded text
--
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Anarchy Eroded: Project Efnext
At 02:52 AM 12/31/00 -0500, dmolnar wrote:
Something I don't see much of on the efxnet page - "why?"
This is in the FAQ:
"EFNext is the name of a project geared towards making IRC a more stable,
uniform, chat environment."
and they say "introductory document coming soon." I still don't know why
this is happening (I don't hang out on EFnet). What do the efxnet people
give as their reasons for a new IRC network?
Simplification of protocols so they can sell out to Microsoft/AOL? :-)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: That 70's Crypto Show (Remailers, science and engineering)
Tim May wrote:
In other words, it's time to get crypto out of the math and computer
science departments and put it in the engineering departments where
it belongs.
Tim's complained for a while that the cypherpunks meetings and
discussions have declined in quality, partly because we've
tended to rehash old material rather than doing new and
interesting work, and partly because we've tended to have
fewer talks on new stuff people are doing and more on
some commercial business (maybe or maybe not run by cypherpunks)
doing their product or non-technical talks by EFF lawyer types.
While I'm not disagreeing with him here,
I think a lot of this is _precisely_ related to the movement
of crypto out of math and CS areas and into engineering.
Mojo Nation, for example, is partly interesting because it's not just
Yet Another Encrypted Music Sharing Product - it's mixing the
crypto with economic models in ways that are intellectually complex,
even if they're somewhat at the hand-waving level
rather than highly precise.
At 02:42 AM 12/26/00 -0500, dmolnar wrote:
There's some hope. There was a workshop on "Design Issues in Anonymity and
Unobservability" this past summer which brought people together to talk
about these issues. The Info Hiding Workshops are still going strong.
With luck, this year's IHW may have a paper on reputations in it...
Cool. Are the proceedings on line anywhere? (Or is it only
for people who know the secret keys...)
On the other hand, we can oppose this to the fact that we
have a bunch of remailers, and they seem to work.
They may be unreliable, but no one seems
to have used padding flaws to break a remailer, as far as we know.
Arrgh! Dave, just because nobody's known to have broken them
doesn't mean that nobody's succeeded in breaking them
(without us knowing they've succeeded),
or that anybody's put serious effort into an attack.
The basic remailer network is known to be breakable by
anybody doing a thorough eavesdropping attack,
because you can learn a lot from message sizes.
Mixmasters are much safer, because message sizes are
constant (though message counts aren't), but it's not clear
whether they're good enough, given a good attack.
Pipenets are probably secure enough against most attacks,
but they're annoying economically - not surprising that
Zero Knowledge's initial service didn't fully implement them.
The reason remailers have been Good Enough so far
is that as far as we know, nobody's had the motivation
to do a proactive eavesdropping attack on them,
or a proactive deployment of untrustworthy remailers
the attacks have either been after-the-fact attempts to
get information that wasn't logged (they're strong enough
for that, if run by trustable people on uncracked machines),
or proactive attempts to close the remailers
(many of those attacks have been successful.)
Small numbers of remailers (there are typically about 20)
aren't good enough to resist shutdown-forcing attacks.
The cool thing about Zero Knowledge was that they had a
business model they thought could get large numbers of
service providers to support, which increases the security
against loss of individual remailers as well as reducing
the likelihood of an individual remailer shutting down.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: That 70's Crypto Show (Scalability and Napster)
At 02:42 AM 12/26/00 -0500, dmolnar wrote:
More than that, if the "tragedy of the commons" really happens for
Gnutella and Napster and friends, then people will look for ways to avert
it. Maybe it won't happen ("The Cornucopia of the Commons"), but if
it does, reputation systems might see some sudden interest.
Napster itself suffers from tragedy of the inadequate business model,
since it relies on centralized servers with no visible means of
support (other than the "with 20 million users we should be
able to get revenue _somewhere_") and a potential for
exponential growth in their legal costs if they get any revenue.
They do have a problem related to tragedy of the commons,
which is a need for servers that are bigger than the
biggest individual servers they currently support,
and a technology that doesn't scale as well as they'd like,
though some parts of it scale extremely well and the
next level of bottlenecks are still good enough for
pirating music, with users sharing music in communities of
a few hundred thousand, if not good enough for six billion users.
I suspect the next layer of scalability could be handled
adequately by some good engineering, though perhaps it needs
Real Computer Science, but without a good funding model
it's not likely to get done. The current model does seem
to port well to the Open-Servers-Not-Run-By-Napster model -
volunteers can run medium-sized servers because the
first level of scalability design was well done,
and as with Napster-run servers, it's close enough for
pirate music, though it doesn't let you find
everything on the distributed net.
Less Napster-like systems with decentralized servers
have to address scaling problems as well.
Some of them tie their metadata and their transmission methods
together closely; some split them apart better.
Gnutella sounds like it's in trouble - too much needs to
be online, and the original designs can't handle a large number
of requests if there are people with slow connections on the net.
It's kind of like tragedy of the commons where the commons is
small and everybody has to walk their sheep in single file,
so the slowest or dumbest sheep become a bottleneck for everyone else.
Freenet paid more attention to scaling in its design -
it's easy to retrieve stuff if you know where it is,
or to find stuff if it's relatively near you,
and it can cope with not being able to find everything -
On the other hand, it may be harder to find the stuff you want.
On Mon, 25 Dec 2000, Tim May wrote:
In other words, it's time to get crypto out of the math and computer
science departments and put it in the engineering departments where
it belongs.
Some of this may be computer science, some is engineering,
some is just counting stuff :-) Some problems, like scalability
or understanding don't-use-the-same-key-twice attacks on RC4,
are Science the first time you learn them, but they're just
engineering after a while, the way understanding the relationship
of the tensile strength of material to its molecular structure
is science, but designing a bridge so that it doesn't overstress
any of its beams is engineering, and taking occasional samples of bolts
and destructively testing them to make sure they've got the
tensile strength they're supposed to is engineering or maybe
just business practice (depending on whether you're doing it
to make sure your bridge will perform the way you want or
to make sure your suppliers aren't ripping you off.)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Fwd: Martin Minow died
--- begin forwarded text Date: Mon, 25 Dec 2000 18:33:47 -0800 To: [EMAIL PROTECTED] From: Jon Callas [EMAIL PROTECTED] Subject: Fwd: Martin Minow Sender: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Date: Mon, 25 Dec 2000 03:46:03 EST Subject: Martin Minow To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] This is a generic email to a list of relatives, friends and people whose names I found at Martin's house or on his computer. I am Martin's brother, Bob. Martin died suddenly Thursday from arteriosclerotic heart disease. The family has decided to have Martin buried close to other family members in LA. Funeral services will be Thursday at 12:00 PM at Hillside Memorial Park and Mortuary, 6001 Centinela Ave. Los Angeles, CA 90045, (310) 641-0707 (near the 405 Freeway and Sepulveda Blvd., 10 minutes from LA Airport). Immediately following services, there will be a a gathering in my home, in Martin's memory. My home is approximately an hour from the cemetery. Directions will be provided. Please feel free to contact me for any reason at (714) 281-0403 or by email at [EMAIL PROTECTED] Also, many of Martin's San Francisco area friends have expressed a desire to have a memorial service in the Bay area. This is expected to be planned sometime in the future. In lieu of flowers, donations may be sent to the American Heart Association, the American Cancer Society, any Hospice Foundation of your choice (I am involved with the Cancer Support Foundation of Los Alamitos, California), Toys for Tots or any other group of your choice. I look forward to meeting many of you. I'm sending this out email as this is how my brother would have liked it. Thanks to all who have communicated their thoughts via the phone or email. With kind thoughts, Bob Minow 1071 S. Taylor Court Anaheim, CA 9808 --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Evil Copy Protection vs. Good Crypto-Capable Objects
st realize this
Intel and IBM know that Windows isn't going to protect their data -
if they want it protected, they'll have to work around it,
using techniques like CPUs, speakers, and disk drives that
share public keys and only pass encrypted data through the OS.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Crypto on cable...chuck the vce?
The Register's front page only shows the most recent N stories, constantly changing. You'll need to point to the article itself, which looks like http://www.theregister.co.uk/content/5/15679.html an article Kevin Poulsen did for securityfocus.com. It looks quite similar to the stuff John Gilmore wrote about recently, except sleazier due to FCC involvement. At 02:56 PM 12/22/00 -0600, Jim Choate wrote: http://theregister.co.uk = Sneaky cable crypto scheme in the works = By: Kevin Poulsen = Posted: 22/12/2000 at 19:36 GMT = The cable television industry is moving = ahead with a controversial plan to = implement a copy protection scheme that will allow movie studios = and cable providers to control what viewers are able to record off = future digital cable TV networks. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Tapping cellphones for National Security
Total Telecom is a free (registration-probably-required) news-clipping
service covering telecom issues. This lovely article is about the
FBI's current hypocritical pretenses of protecting "national security"
and "privacy" by increasing their wiretapping abilities,
using laws that were written to prevent hostile foreign domination of
(ok, and competition with US firms for) critical national infrastructure.
(Mind you, I think the laws are bogus, but the FBI is increasing
the bogon density around them considerably.)
http://www.totaltele.com/view.asp?ArticleID=35057pub=ttcategoryid=0
U.S. works out security issues with VoiceStream DT
By Jeremy Pelofsky, Reuters
20 December 2000
U.S. law enforcement authorities are working to address national security
concerns
about acquisitions of VoiceStream Wireless Corp. and Powertel Inc. by Deutsche
Telekom AG , which is partially owned by the German government.
The Federal Bureau of Investigation and the companies filed a joint petition
made available on Tuesday asking the Federal Communications Commission,
which has to determine whether the combinations are in the public interest,
to hold off ruling until the parties reach an agreement.
VoiceStream , based in Bellevue, Wash., agreed to be acquired by the German
telecommunications giant earlier this year in a $34 billion deal.
VoiceStream also agreed to acquire Powertel for about $6 billion in August.
Law enforcement agencies "have concerns that the merger could, absent an
appropriate agreement, impair the ability of authorized governmental agencies
in the U.S. to satisfy their obligations to preserve the national security,
enforce the laws and protect the public," according to the petition.
Germany's 44 percent stake in DT, which the government has pledged to divest,
has raised concerns among some in the U.S. Congress about the impact the
German
government backing could have on competition and U.S. national security.
The agencies are seeking assurances of the ability to conduct
lawfully-authorized electronic surveillance of domestic calls and
those that begin or end in the United States, the petition said,
a copy of which was filed with the FCC.
The FBI and U.S. Justice Department also said they are seeking to prevent
as well as detect foreign-based or other illegal surveillance that could
risk U.S. security and the privacy of the nation's telecommunications system.
"The parties are currently and in good faith working diligently working
toward such an agreement," the filing said.
A VoiceStream spokeswoman declined to comment on the petition.
The company in the past said it expected to have to address concerns raised by
U.S. law enforcement authorities but did not anticipate any problems
reaching an
agreement.
The merged company would represent a "substantial U.S. wireless service
provider"
offering near nationwide personal communications service (PCS) coverage as
well
as in Europe using the global system for mobile communications standard (GSM),
according to the petition.
Sen. Ernest Hollings, a South Carolina Democrat, has urged the FCC to block
the
VoiceStream-DT deal because he says U.S. law prohibits a telecommunications
company that is more than 25 percent owned by a foreign government from
acquiring U.S. firms.
~`
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: crypto questions - encrypted mail standards
A separate discussion over on coderpunks maybe helpful here.
To: Bill Stewart [EMAIL PROTECTED]
Cc: Bram Cohen [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: encrypted mail standards
Date: Tue, 19 Dec 2000 23:34:55 -0800
From: John Gilmore [EMAIL PROTECTED]
Bram - you can do encryption at the Mail Transfer Agent layer,
like encrypting versions of SMTP, or in the mail header/body layer,
I'm not sure where to find the standards for encrypting SMTP,
but there are some; look around on sendmail.com.
See RFC 2487, "SMTP Service Extension for Secure SMTP over TLS", which
adds the "STARTTLS" command and HELO extension option to the SMTP
specification. This permits two SMTP servers to negotiate to use TLS
(also known as SSL) encryption before sending email.
There are ways to run POP or IMAP using TLS/SSL as well, but I don't
have the standards at my fingertips for this.
Also, John Gilmore may have funded some
non-American developer to do an implementation.
Nope; sendmail.com did an implementation and released it once the
export rules changed. It's in the current free sendmail release.
John
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: How do I become a member of Cyberpunks??
At 02:28 AM 12/19/00 EST, [EMAIL PROTECTED] wrote: How do I become a member of Cyberpunks?? Read too much William Gibson, get the jack installed in yer head, or maybe a set of those nice Ono-Sendai eye implants, and cowboy your way onto the net. If, however, you're looking for the cypherpunks mailing list, find the Cyphernomicon on the net, and read it. There are archives at inet-one in Singapore. If you send mail to [EMAIL PROTECTED] and ask nicely, the friendly robot will send you mail. Save the email where you'll remember to look it up later, and then if you want 50-100 messages delivered to your doorstep daily, take the blue pill, or was it the red one. (Second edition of Bruce Schneier's Applied Cryptography is the red one.) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: keyboard loggers.
If you have to worry about people installing keyboard logging
programs on your machine without your permission, either
- you're using a public shared machine at a coffeeshop or school
or Kinko's to do things you think need security, or
- you're using your employer's machine, and shouldn't do things
that are inappropriate to do at work,
- you're using your employer's machine, and need a new employer
who trusts his employees instead of feeling compelled
to spy on them,
- you're using your employer's machine, and your employer has
a serious security problem with people trying to crack in at night,
- you're sharing your home machine with a teenager who runs
all sorts of game programs downloaded off the net
or borrowed from friends, viruses and all,
- you've got serious security problems of your own -
if they can sneak in and install programs like that,
they can install anything else they want,
copy your hard disk, probably even steal your hard disk, or
- the paranoids really are out to get you.
For the shared-machine problem, don't use insecure machines
to do secure stuff. Use disposable email accounts,
American Express one-shot credit card numbers,
and if you must log in to something, use one-time passwords
(either S/Key or SecureID tokens or some similar mechanism.)
There's been some work done on encryption programs that run
in hand-held computers, whether Palm Pilot things with displays
or JavaRings or smartcards without them. Matt Blaze, Ian Goldberg,
and Martin Minow have done presentations on those topics.
I'll leave you to figure out employer problems,
and there are professionals who can help with paranoia,
as long as you get to them before the Feds get to you.
One approach for the teenager problem (or the related problem of
machines for lab use, especially firewall research)
is removable disk drives. You can get disk drive drawers for
IDE/Ultra/DMA/etc for about $20, and spare disks are only $100 or so.
Keep a clean copy for installing software you trust,
password-protected-screensavered to reduce accidents,
and give the kid his own disk to play with,
plus teach him how to reinstall software from CD-ROM
when it gets trashed. It's the computer equivalent of
buying a full-sized beater car for your kid to learn to drive in -
extra weight, airbags, and an exterior you don't care about dents in.
If the kid has his own machine, and you're sharing a network,
that's more trouble. You'll have to firewall your machine
off from the kid's, or at least mainly run the clean copy
disconnected from the net, and make sure the kid keeps
current virus protection installed and running.
At 12:05 PM 12/18/00 -0900, PFSanta Claus wrote:
Hi,
I came across your addies in a search off ask Jeeves and thought perhaps
due to the way your interests run you might be up on this topic. I'm a Sr.
Support Analyst for a large vendor and recently was asked by one of my
casual internet contacts if there was a way to prevent a "keyboard logging"
surveillance program from prevailing on their system and reporting the
goings on from their keyboard. In an effort to be helpful, I set about my
normal pattern of research and found that there seems to be a ton of info
promoting various products, yet there is virtually nothing I could find
which offers any realistic or reliable countermeasures that can be taken to
prevent someone from logging the output from your keyboard. Even the hackers
seem to think it isn't a threat to anyone's privacy. Weird...
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: The Cost of California Liberalism
At 08:35 AM 12/17/00 -0600, Jim Choate wrote:
The reality is the NW people got what they deserved. They voted to use the
Cali. power grid instead of their own.
No injustice or wrong has occured here because everyone got a say. You
reap what you sow.
It's a market thing, or as liberals would say, it's about sharing.
Power generation capacity on the West Coast normally balances
between California air conditioning in the summer and
Northwest heating in the winter, and if each area had enough
capacity for all its needs, the system would be way overbuilt.
I don't know if Northwesters are as aggressive Not In My Back Yarders
as Californians about building power plants, but it's much more
efficient to use a power grid. Except, of course, when you
overload it and stress the capacity limits and have stuff catch
fire in the summer...
Besides, Jim, as a Texan your tradition role in discussions of
natural gas policies is supposed to be to say
"let the bastards freeze in the dark" :-)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: CDR: Re: This is why a free society is evil.
At 06:13 PM 12/15/00 -0600, Jim Choate wrote:
On Fri, 15 Dec 2000, Tim May wrote:
-- If an employee doesn't like the calendar that another employee has
on his desk, she can talk to others in the company. Maybe they'll
have it removed. But she CANNOT use the courts to intervene in a
matter of how the company's owners deal with their property.
Her civil liberties aren't the employers property. Further, the PRIVILIGE
of running a business does not have greater importance than freedom of
speech and such.
Simply having a desire to run a company does not justify using other
people as property nor dictating behaviours that don't DIRECTLY effect the
process of making profit. Democratic theory demands that unless the
calendar can be demonstrably infringing a civil liberty it shouldn't be an
issue. Freedom until you infringe anothers.
Tim said that in a free society she wouldn't be able to sue.
Jim said that Tim is entirely wrong, that in a free society
she wouldn't be able to sue. It's true that they give different
reasons, but I can't see that there's a fundamental conflict here.
Also, Jim says that "Democratic theory demands that..."
Theories don't demand things, people do, but most people who
like democracy demand that whatever the majority wants, it gets.
(And some say, it ought to get it good and hard.)
Some theories about democracy say that this will always be good,
because most people are mostly good; some say that this will be
inherently right because it's what Da People want; some say that
it may not be all that good but you can do a lot worse with most
of the available alternatives, and that if you don't settle for that
the worse alternatives will take over.
Tim, on the other hand, believes that in a free society
that if you want to run a business you can (or at least you can try).
Jim repeatedly asserts that running a business is a privilege
that somebody, I guess Da Majority, graciously grants you,
and can take away if they want, and that it's somehow not
part of freedom.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: ATT signs bulk hosting contract with spammers
On Fri, 15 Dec 2000, Declan McCullagh wrote: BTW the first things the Feds are now saying when they speak in public (http://www.mccullagh.org/image/950-17/aba-netspionage-broadcast.html) is that they do not come in and cart off everything you own. At least that's the latest spin. :) Of course they don't. Carting stuff is a job for union workers, so that's done by the General Services Administration, unless there's some other local union contract that requires your city's workers to do it. And deciding whether you own things or not is a long legal process, as is identifying what things you might own that are somewhere else. So instead they just have the aforementioned union or city workers cart away everything you _have_, and cart back anything later determined to belong to someone else, unless it looks suspictious, of course. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: CDR: This is why a free society is evil. [Re: This is why HTML email is evil.]
Tim May wrote:
In a free society, free economy, then employers and employees are
much more flexible. A solid contributor would not be fired for
something so trivial as having a porn picture embedded in some minor
way. Hell, a solid contributor probably wouldn't be fired even for
sending MPEG porn movies to his buddies!
... and Tim goes on to attribute this to lawsuits of types
that he asserts wouldn't happen in a free society.
It's not that cut and dried - in a free society,
solid contributors are often fired for non-economic reasons,
and one reason such people are _not_ fired is also fear of lawsuits.
Stupidity may be stupid, but it's not rare, and there are
lots more opportunities for random decisions to get made.
One friend of mine was having lunch with her boss and a male
coworker that she got along well with, (back in the 70s) and the boss
asked if they were going out. "No, Bob, Charlie and I are both gay";
she and her coworker were both fired that week.
It wouldn't happen today, at least here in San Francisco,
partly because of changing attitudes in society (or at least
because people got used to it), and partly because the boss
would worry about losing other productive workers or customers,
but also because the boss would get sued or harassed by _some_
city or state agency whose job is harassing businesses.
But there's much of the country where it could happen.
An employer might also be concerned about the effects of a
hostile atmosphere on the productivity of other employees,
not just the lawsuitishness of those employees -
in a free society you have more flexibility to make decisions
about how to handle situations. Sometimes companies don't deal
with personnel-relationships problems until hit on the head
with a two-by-four made of compressed lawyers.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Info..help
At 04:11 AM 12/12/00 MST, sunil pandith wrote:
Dear Sir,
I am an engineering student. I am interested in real time encryption of =
voice using a DSP kit and a stream cipher., Kindly send me the link =
where the algorithm is available...
I am in need of the white paper or similar thing, which is going to =
explain me the algoritm clearly,
You're an engineering student, and since you're on USA.NET,
I'd assume you're in the US. So go to your school's library,
and get a copy of books on cryptography - I'd recommend
Bruce Schneier's "Applied Cryptography". It's got a bibliography
with over 1000 references, so you should be able to use your
library to look up more detail about anything that Schneier talks about.
You're talking about "The Algorithm" like there's only one.
There are lots. Read Schneier, pick an algorithm,
and explain your selection to your professor.
Think about the security of the algorithm,
things you need to be careful of for using it securely,
the performance needs of the algorithm,
the capabilities of your DSP and programming environment
and the things you'll need to do to implement it.
How do you plan to exchange keys? Are there algorithms
that are designed for that? What weaknesses do they have?
How do you plan to test your system, to be sure the data
is really encrypted?
Also think about how you'll handle the voice itself.
What are your input formats? What's your networking environment?
Do you need to do compression? How much bandwidth will your network have?
How much computational ability does your DSP have?
Are there standard algorithm libraries available for your DSP,
or will you need to roll your own?
What constraints on voice quality do you have?
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: CDR: Re: Fractal geodesic networks
At 02:47 PM 12/8/00 -0600, Jim Choate wrote: 'fractal geodesic network' is spin doctor bullshit. Well, buzzword bingo output anyway. And the Internet is most certainly NOT(!) geodesic with respect to packet paths. more like a geodesic dome filled with boiled spaghetti... Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: ecash, cut choose and private credentials (Re: Jim Bell)
At 11:24 PM 12/3/00 -0800, Ray Dillinger wrote:
On Mon, 4 Dec 2000, Adam Back wrote:
The protocols you list are online. Not that this is a bad thing -- I
kind of prefer the online idea -- rather than the "and then you go to
jail" implications of fraud tracing in the offline protocols. Plus
you have a risk of accidentally double spending if your computer
crashes or something.
I think that would depend on the banker. "Bob spent this hundred
dollars three times," muses Alice. "Check and see if he's got
overdraft protection for the extra two hundred... if he doesn't,
then put it on his credit card with a fifteen dollar loan orignation
fee and charge him two percent a month" Jail time, in most
cases, probably just isn't profitable for the bankers. After all,
The issue isn't whether jail or just extra charges are the
appropriate remedy for double-spending - it's that the
offline methods generally rely on encoding a user's name
in the coins so you can tell who did the double spending,
which not only adds a lot of administrative overhead but
requires that you have a system of identification of your users.
Some online methods also do the "identify and punish" approach;
others do the far simpler "first one to grab the money wins" approach
to double-spending, which is better for anonymity,
though it imposes different risks on the users.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Lost password
At 10:07 AM 11/28/00 -0800, Console Cowboy wrote: Has anyone though about setting this list to only accept mail from it's members? That would seem to solve quite a few of these issues (issues meaning lots of spam, like 2-5 messages a day of spam from this address.) Newbie, eh? We probably haven't discussed this for a month or so. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Imagine
At 11:45 AM 11/28/00 +, Ken Brown wrote: Which is exactly what the current US situation looks like to most people outside the US. It presumably seems different to the Americans themselves (or at least the Republican voters amongst them), but to the rest of us the whole thing cuts heavily at Bush's credibility Oh, my - you're saying that Bush has *credibility* in the rest of the world? :-) This reminds me more of the tail-wagging-the-dog situations that parliamentary systems get into when some minor religious party or right-wing-wackos or the Monster Raving Loonie party gets to tell the bigger party what to do because they need three more seats for their coalition. Too bad Florida has a winner-takes-all system - under proportional representation they'd have been done weeks ago, with one electoral vote for Nader, 12 for Gore, and 12 for Bush, and that would fairly accurately reflect the opinions of Florida's voters, unlike the current situation where the margin of error in the counts is much wider than the difference between the totals. And it's not even available as a compromise, because Gore's in the lead without the Florida votes, so that would give him the election. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: powerline
At 02:16 AM 11/23/00 -, Ahmad Saufi wrote: hi, can u inform me about accessing internet via power line technology, if u have any news or info about it,please send/inform it to me. Any Cypherpunks discussion on the topic would be in the archives, at http://www.inet-one.com/ in Singapore. You're probably better off looking on a general-purpose web search engine, or looking at specialized sites such as nwfusion.com or eetimes.com. I think Nortel developed some of that technology, but I don't know if they're the latest and hottest stuff. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Carnivore All-Consuming
On Sun, 19 Nov 2000, Steve Schear wrote:
A PC, using off-the-shelf HW, is capable of filtering a full 100 Mbps link
(144K packets/sec) as demonstrated by the BlackICE products
http://www.networkice.com/html/blackice_sentry.html
At 03:20 AM 11/20/00 +, Jim Dixon wrote:
Third, even if you believe that they can really analyse data at
100 Mbps, this still doesn't give them the ability to handle more
than one PoP with two DS3 connections. This is still orders of
magnitude away from being able to handle a major site with
multiple 2.5G connections, let alone all of the traffic handled by
a major ISP.
The original claim was that Carnivore could monitor all of an ISP's
traffic. This isn't true for most ISPs.
Actually, "most" ISPs probably don't have more than two T3s or OC3s,
because most ISPs are the 5000+ little ones; many only have a few T1s.
But big ISPs are a different issue; any of the Tier 1 providers could
melt a Pentium box if they directed a moderate fraction
of their traffic at it.
The question is how the carnivores tell the ISP's network what
they're looking for, and how much cooperation they need from the ISP.
Most ISP traffic is probably web, not email, and the email that's
actually handled by ISPs (as opposed to just passing through)
is handled by big mail servers that could perhaps be told to
forward all mail for targeted accounts, since they need to do
that level of indentification to handle the mail in the first place.
For email, the big player is of course AOL, followed by
specialized mail providers like iname.com, and the portal sites like
Excite, Yahoo, and Hotmail, and a few ISPs like Earthlink/Mindspring.
(The business has gotten sufficiently specialized that I'm not sure
how many of those sites really provide their own service rather than
outsourcing to specialists.) As with big ISPs, if they cooperate,
the job's possible, and if they don't it's pretty intractable.
If you know your target's IP address, it's a lot simpler -
get the routing protocols to shove their traffic your way
by advertising routes using OSPF, BGP, or whatever.
Qwest deployed 14,000 miles of fibre some years ago. This was
packaged as conduits carrying 48 fiber pairs, each pair using
wave division multiplexing to carry 8 to 16 optical channels, with
each channel running at 10 Gbps. That's 160 Gbps per fiber,
7,680 Gbps per conduit. Qwest is one of many carriers. 160 Gbps
over a fiber pair isn't state of the art. Qwest has many conduits.
They do have a nice _little_ network :-) Actually, most of that fiber
isn't even lit yet, much less full, and much of their bandwidth
isn't ISP traffic, it's private line sold to businesses or other ISPs.
The last ATT marketing hype I saw placed us as #2, well behind UUNET.
The real bandwidth constraints are mainly the routers - most big ISPs
use Cisco 12000 GSRs or products from Juniper or other emerging competitors,
most of which like to call their products "terabit" routers
because they have reasonably large backplane capacity.
A totally different bandwidth segment is inside the big hosting centers -
Exodus, Globalcenter, etc. Most of that's Gigabit Ether,
with various brands of switches and routers, and an amazing fraction
of their traffic stays in the building, between different colo customers.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: ssz.com network trouble
I did a traceroute (well, mswindoze tracert, anyway), and got a
"destination unreachable" from a machine at realtime.net in Austin.
SSZ has often been unreliable; I think it's connected by ISDN,
and it's raining down in Texas.
At 06:30 PM 11/18/00 -0600, Neil Johnson wrote:
Is there something wrong with ssz.com. I haven't gotten any list mail and I
can get to the site.
Thanks.
Neil M. Johnson
[EMAIL PROTECTED]
http://www.interl.net/~njohnson
PGP Key Finger Print: 93C0 793F B66E A0C7 CEEA 3E92 6B99 2DCC
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Bob's Bank. Hi, I'm Bob. Just slip it in this pocket here.
At 11:52 AM 11/17/00 -0500, [EMAIL PROTECTED] wrote:
#The illegal bank, operated out a warehouse just east of Portland,
#offered customers anonymous banking transactions to conceal income
#and assets, according to IRS Special Agent Kathleen Sulmonetti.
#Nine hundred customers deposited $186 million in the warehouse
#bank with the money then being shuffled into legitimate commercial
#bank accounts, she said.
That sounds a lot like the DEA estimates of how much the street value
of marijuana plants are ("Let's see, under ideal conditions this plant
could produce 2 kilos of product, and the highest price we've ever seen
for dope was $X/ounce, so this flat of 2" high seedlings is worth
FIVE MILLION DOLLARS!") I bet the counted or double-counted the money
any time anything moved.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: A very brief politcal rant
At 11:56 PM 11/9/00 -0800, petro wrote:
a Democrat -- and that might well be so. But I doubt the
Federal Election Commision will think much of a ballot
where 'you vote Democratic -- we'll fill in the blank'
is a legitimate vote.
I would say the same for any 'candidate', but they Republican,
Democrat, Libertarian or Dead.
It's called "Straight Party", and IIRC it is a box on the
Missouri ballots. I *know* it was on the Illinois ballots. Saves dead
people time you understand, they only have a limited amount of time.
Here in San Francisco, having the Straight Party on the ballot
would be pretty controversial.
"Despite almost every experience I've ever had with federal
authority, I keep imagining its competence."
John Perry Barlow
Voting for the Dead, on the other one's hand, is just fine.
Currently, however, it's still Nobody for President.
(If New Jersey election laws didn't require the candidate to sign
ballot petitions, I was seriously tempted a few years back to put
Frank Zappa on the ballot for President. He'd declined somebody's offer
because he had cancer, but it only requires 1000 signatures,
which would be an afternoon or two at Rutgers :-)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Courts interfering with election
At 07:46 PM 11/7/00 -0800, Tim May wrote:
Late news: Just saw Sen. Kit Bond of Missouri calling for an
investigation into "criminal voting fraud" by the Democrat political
machine in St. Louis and the lower court judge (if he was appointed
by Democrats, the jig's up). Ashcroft faces a very, very, very close
election, and that extra blast of welfare roll voters may have been
enough to defeat him.
Mighty niggardly of the Democrats, I'd say. Spooky, in fact.
On the other hand, doing a baitswitch on closing times
is also going to affect the voting response, especially
for people who work late or weird shifts and were planning to
vote at 9pm.
Also, maybe Tim hasn't voted somewhere new in a while,
but this is a polling system run by government bureaucrats,
who have a level of enthusiasm and competence for providing
high-quality service for inner-city residents that's
_much_ different from the quality of service that they provide
for rich folks. Sometimes the poll-workers can read and write,
and sometimes there are enough poll-workers,
and if there's a political machine around, they also know how to
count, and what they're counting, and for whom, and what things
are important to count accurately, like money, and what things are
not important to count accurately, like poor people's votes.
When things screw up in an overworked clerical environment,
they screw up badly.
Somebody I was talking to last night was at the polling place,
and the guy in front of her was trying to straighten out the
two registrations from the same address, one for John Doe, Democrat,
and one for John J. Doe, Republican (no, they weren't father and son,
they were the same guy) That's an easier case for him,
at least if he only wants to vote once (:-).
And it's much messier when the people are tenants who move a lot.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: [Spam wars, continued...]
At 11:25 AM 11/7/00 -0800, Greg Broiles wrote:
On Tue, Nov 07, 2000 at 10:50:25AM -0800, Eric Murray wrote:
On Mon, Nov 06, 2000 at 08:37:31PM -0800, Bill Stewart wrote:
I agree with Jim that anti-spam laws are bad in principle;
in practice they're usually worse :-)
Some kinds of cypherpunks technology don't involve the law; some do.
For instance, user-supplied filters can trigger libel laws
("Hey, your filter called me a SPAMMER! I'll SUE!").
Maybe I'm too limited in my thinking, but I don't see this actually
happening with usr-level filtering. Mostly for the simple reason that
it doesn't make sense to send anything back to the spammer.
Even if they did, there's no argument for defamation liability -
all of the popular flavors of defamation (slander, libel, invasion
of privacy) require that the defamatory content be made available
to third parties (e.g., not the plaintiff nor the defendant).
I was thinking about filters that are installed by the user,
but might get their lists of spammer / spams from a rating service,
just as censorware products get lists from services.
For instance, there are some patterns that are obvious spam
and once you've seen them twice, you block them,
but there's a lot of randomly worded spam out there
which a spam-rating service could help you block.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Courts interfering with election
At 04:18 PM 11/7/00 -0800, Tim May wrote: I thought I was jaded, but this is too much even for me to believe. A judge in St. Louis has ordered the polls kept open later, until 10 pm local time. The effect will be to let more inner city, Democrat-leaning voters vote. The rural and suburban polling places will close at the normal times. Vote late and often!It's especially useful if there are enough Nader votes that the Democrats need some last-minute metabolically challenged voters to help out. After the 1990 census, New Jersey was redoing the gerrymander to help solidify Republican and Democrat districts. They wanted to make a majority-Hispanic district, so they expanded the boundaries of one district to include Rahway Prison, which has a lot of blacks and Hispanics in it. Who are mostly convicted felons, and can't vote. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Here's an interesting twist on gun control ...
At 10:44 PM 11/5/00 -0600, Mac Norton wrote:
Again we have one of those few occasions in which Tim and I
are in perfect agreement. To require gun ownership just
because "arms" or "militia" is in the Constitution makes
as much sense as requiring us all to have a press just
because "press" is in the Constitution.
While I agree with this, most states and cities not only require you
to have guns, they require you to hire guys in blue suits to
carry them around. Back when we had state militias,
people were often required to be part of them,
and the Feds still require you to sign up for the draft
so they can tell you to carry them and shoot their enemies
in places like Vietnam if they can't get enough volunteers.
The only difference here is they're giving you a bit more choice
on who you shoot and when
But then, if the War Between The States was really about slavery,
why did Lincoln use conscript troops to fight it?
(The Secession was to prevent slavery from being banned,
but the War was to enforce nationalism.)
But yeah, it was tacky for Kennesaw Georgia to make their law,
and it's tacky for this part of Utah to do so.
"You have the right to own a gun.
If you do not own a gun, one will be provided for you."
Or, as Woody Guthrie said about the draft,
"Well, they can make me carry a gun, but they can't
tell me which way to point it."
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: CDR: Re: Minesweeper and defeating modern encryption technology
At 07:34 AM 11/6/00 -0600, Jim Choate wrote:
Dave's right, you're not. While it is true a NDTM has a guessing module
before that 'guessed' state causes the NDTM to change to the resultant
state there is a level of PROOF involved. It is required to prove the
answer is right.
There is NO magic in an NDTM, it doesn't pull the correct answer out of
the air.
The distinction at this level between a NDTM and a probabilistic TM is
that a PTM doesn't check the result at time of selection but after.
It's the algorithm that the Turing machine is running that does the checking.
In a NDTM it is the 'guessing module'.
The real question related to a NDTM is 'if you have a algorithm that
allows you to guess answers and verify them before submission for
execution' why are you executing the algorithm? You already know the
answer is correct.
See:
http://www.hissa.nist.gov/dads/HTML/nondetrmtur.html
It's actually http://hissa.nist.gov/dads/HTML/nondetrmtur.html
with no www.
"Definition: A turning machine which has more than one next state for some
combination of contents of the current cell and current state. An input is
accepted if any move sequence leads to acceptance."
In other words you have to have a 'input verifier' that verifies the data
is good before the next state(s) are entered. Note this means your
verification function can't be NP.
You're still not getting what the non-deterministic Turing machine does.
The problem is structured as a decision-making problem, where an input is
"accepted" if the Turing machine halts in an accept state, meaning the
set of input is a valid solution to the problem (sometimes leading to
ugly convoluted problem definitions if you're really trying to find an optimum
rather than a yes-no problem like a Hamiltonian or 3-SAT), or rejected
if it halts in a rejection state (where the proposed answer is not a valid
solution),
or doesn't halt (if it's an annoying problem+input.)
"An input is accepted if any move sequence leads to acceptance" means that
there's some collection of next states (bits of answer) that leads to the
an accept state. How do you know _which_ input value leads to acceptance?
That's the magic part. If there are N bits of input, there are 2**N possible
move sequences, of which the existence of one correct sequence leads to
acceptance.
It most assuradely has NOTHING to do with the question of how one builds a
'universal sentence parser' that can return a verifiable yes/no as to
validity when Godel's says all sentences don't necessarily have a valid
result (ie they aren't provably consistent).
I don't think anybody's claimed that it has - the Satisfiability problem
and the subset 3-SAT problem don't deal with all Boolean problems,
just ones with a particular form.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Internet IP scan completed ( 4E9 IP's served)
It's on /. http://slashdot.org It's kind of a cool hack, though apparently there are at least two companies that have done it. 2**32 is just NOT a very big number any more, so it's not surprising that somebody has tracerouted all of it (except 10.* and other private spaces.) Depending on how efficient they want to be, there are ways to make the traceroutes take advantage of the fact that they're sequentially scanning, so most locations take the same path as the previous one. I'm probably going to port-scan 10.*, which in this case is my organization's lab network which has 4 locations and could use better documentation. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: why should it be trusted?
At 08:12 PM 10/22/00 -0700, James A.. Donald wrote: -- At 07:09 PM 10/22/2000 -0700, Nathan Saper wrote: I think the government has a right to do whatever it needs to do to maintain the health and well-being of its population. That is the purpose of the government. Then the government should be raiding your home to check on your consumption of chocolate, and spying on your messages to detect if you are secretly arranging for the purchase or sale of forbidden substances. Congratulations! You've finally discovered the Secret Ulterior Motive behind the Cypherpunks Grocery-Store-Frequent-Shopper Card Exchange Ritual, which is to discourage them from knowing who's *really* buying all that chocolate and beer. (We used to do it relatively often; now it's more of an occasional thing, especially since the Albertsons/AmericanStores merger means that Lucky no longer uses cards, but Safeway still does. Safeway started doing "Thank you for shopping at Safeway, Mr. Cypherpunki" a while back, and they're currently usually mispronouncing the person whose dietary habits I'm also disparaging. :-)
Re: Gort in granny-shades (was Re: Al Gore goes cypherpunk?)
At 10:37 AM 10/24/00 -0400, R. A. Hettinga wrote:
At 10:14 AM -0400 on 10/24/00, R. A. Hettinga wrote:
all depicted with
deliberately cheezier CGIs to make it more "real" than the Matrix itself.
*less*
Sheesh.
Edit twice, send once. Welcome to the net...
:-).
But Bob, I thought you usually did "Edit once, send three or four times" :-)
This one only went to cypherpunks and dcsb (plus Declan),
without also hitting two or three other lists, unlike most of your
announcements. (I don't mind - Eudora's pretty good at sorting stuff,
and it's easy to skip the excess copies since they've got the same
date and Subject, though I do occasionally get bouncegrams for replying
when some of the lists allow non-subscriber content and some don't.)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: CDR: Re: Insurance (was: why should it be trusted?)
Both of those arguments are incorrect.
Anonymous has no business telling us how anarchic we can be :-)
If people want to voluntarily engage in hierarchical relationships,
that's still anarchy. And you can still have leaders in anarchies -
it's just that if they screw up and find there's nobody following them
any more, they can't force their ex-followers to come back.
There are versions of anarchist theory that accept private property
and versions that don't, but both deal with types of "property"
that can be taken or protected by physical force.
"Intellectual Property" deals with the rather sillier concept
that some ideas belong to some people and it's ok for them to
hire guys in blue suits to beat up other people to protect it.
Crypto anarchy creates different kinds of protection mechanisms
for ideas, in ways that beating people up is neither necessary,
useful, or possible, so you can limit most of your transactions
to genuinely voluntary ones. This isn't perfect either -
if somebody defrauds you, you can't sue them or beat them up,
because your only contacts are a bunch of bits on the net.
So reputations become important, and you've got to build more
incremental transaction mechanisms, and you've got different
tradeoffs of risk versus cost (for instance, credit's hard to do.)
Crypto-anarchy isn't Sternerism or Kropotkinism.
It doesn't say anything about whether you maintain traditional
hierarchical relationships with your wives, though it does give
you more options for sharing resources with people you like
(whether you consider those resources to be property or not.)
It doesn't mean that the government or mafia can't collect
property taxes on your house - though it may mean they
collect them from the resident rather than the "owner",
and threaten to kick out the resident if they don't pay.
It also doesn't mean your mother or work krewe or syndicate
or commune or wives can't tell you to clean the bathroom -
but it gives you more options for who "owns" the house,
and more options for paying somebody to clean it
without the government taking a piece of the action.
James is right that getting rid of private property gives you
other problems, but he's wrong that this means one huge
centralized plan that rules everybody - such things are
typically very hard to enforce and maintain, even with
modern technology to make it easier. You can, and do,
have lots of distributed economic decisionmaking even in most
totalitarian states, between black markets, Russian jokes about
"they pretend to pay us and we pretend we're working",
favors, bribes, etc. And there are socialist alternatives
like syndicates and small communes, and there are farming villages
or hunter-gatherer villages out in remote areas,
and lots of other alternative structures for societies
besides just propertarianism and totalitarianism.
Many of them don't work very well, or work fine but fall to
outside invaders, but that's a separate problem.
At 09:20 PM 10/18/2000 -0600, Anonymous wrote:
Crypto-anarchy is in fact not really anarchy, since it only
addresses some kinds of authority, ie government, and only in
certain situations. True anarchy involves the dissolution of other
hierarchical relationships, including those that spring from private
property. Get rid of private property and many of these problems
disappear.
At 07:53 AM 10/19/00 -0700, James A.. Donald wrote:
Been tried.
Without property rights to separate one man's plan from another man's plan,
only one plan can be permitted, and any pursuit of alternate goals, or
pursuit of the same goals through alternate methods is "wrecking", and must
be crushed.
Without property rights in the means of production there there can only be
one plan, and one set of planners, to which all must submit.
The alternative to private property rights in the means of production is a
single plan, one plan for all, one plan that must be imposed on all, which
necessitates unending terror, as we have invariably and uniformly seen in
practice.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
RE: I created the Al Gore created the Internet story
Most computers in 1986 weren't up to it. Many of us were using Apple II computers with something like 278x192 resolution (in single hi res mode). Imagine such a beast doing networking. Ick. I was using dumb terminals (initially HP; later ATT VT100 clones). Much better resolution than PCs, and it wasn't till the late 80s that I could afford a machine for home use that was as good as a dumb terminal connected to a Vax 780. (Macs were arguably *better*, but that's a separate issue. They were friendlier, but Unix was much more powerful and usable.) I was a newcomer to Usenet - didn't get on until late 81 or maybe 82 :-) It was mostly universities (initially Duke and UNC) and gradually spreading into other places that had Unix machines, and eventually ported to support network environments other than uucp. It's arguable the extent to which that was public or private at first, because much of the critical mass of discussions was either at government-funded schools or The Phone Company. Ward Christiansen used to claim he had invented the BBS, but it wasn't till 1978 (I think it was XModem?), and I'd been using Plato Notesfiles several years before, while the Arpanet mailing lists had also been growing for a while. Eventually I got a PC at home. I mainly used Netcom's early ix.netcom.com IP service (with Trumpet Winsock on Win3.1), though I also tried out Twinsock on a shell account at work. At NCR our initial PC-based email was an appallingly ugly hacked-together Kermit thing - one reason I got the Netcom account was that the Kermit thing would choke and die if you got more than 200KB in one session, and the cypherpunks list was too much for it :-) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: cypherpunks archives: re: Stop spam!
At 01:33 PM 10/17/00 -0700, Ray Dillinger wrote: We can't stop anybody who gets cypherpunks from archiving it. We can't stop anybody from getting cypherpunks. QED, there *are* archives. Some of them might as well be public. Occasionally they are useful, or contain worthwhile URL's. Not strictly true - Murphy says that the stuff you *really* wanted to find in the archives was in the bit that fell through the cracks when somebody's disk crashed or power went out for a day :-) One of the main cypherpunks archives is in Singapore, on inet-one.com . Also, cypherpunks is occasionally gatewayed to Usenet groups, which have been archived since the Dawn Of Time. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Stop spam!
Cypherpunks works like any anarchy. *You're* running cypherpunks.
If you want something done the way you want it done, *do it*
and get other people to help you.
Also, given that the list has been around for almost a decade,
and has archives, you might consider seeing if it's been discussed.
You shouldn't have to search back more than a month
At 10:31 PM 10/16/00 -0400, Jordan Dimov wrote:
That's shame indeed. Couldn't whoever's running cypherpunks setup a
goddamn sendmail filter or something?
On Mon, 16 Oct 2000, [iso-8859-1] Ing. Fausto C.G. wrote:
I dont now where did you get my e-mail, but I am
receiving spam from you. Stop it right now, please, I
didnt ask you for your spam. This time I am asking it
kindly, next time I wont ask it this way.
Thank you.
=
Ing. Fausto C. G.
Empresa: INSYS (http://www.insys-corp.com.mx)
"Ipsa scientia potestas est" .-Francis Bacon.
_
Do You Yahoo!?
Obtenga su dirección de correo-e gratis @yahoo.com
en http://correo.espanol.yahoo.com
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: New penalties to silence whistle blowers
At 04:43 PM 10/13/00 -0400, [EMAIL PROTECTED] wrote:
http://foxnews.com/national/101300/leaks.sml
Congress Increases Penalty for Classified Leaks
Friday, October 13, 2000
An intelligence bill passed by Congress could stifle the ability of
whistle-blowers and the media to get information to the public by
expanding criminal penalties for government employees leaking secrets.
[snip]
David Lesher forwarded the following to Cyberia-L
SECRECY NEWS
from the FAS Project on Government Secrecy
October 13, 2000
** CONGRESS ADOPTS OFFICIAL SECRETS ACT
CONGRESS ADOPTS OFFICIAL SECRETS ACT
Congress yesterday approved the Intelligence Authorization Act for
FY 2001, including a provision that criminalizes the disclosure
of any information that the executive branch says is properly
classified.
It is a breathtaking removal of checks and balances on the
executive branch, and an undeserved endorsement of the highly
arbitrary national security classification system. It is part
of the worst intelligence bill ever legislated, adopted by one
of the worst congresses in the country's history.
"This provision marks the first time that Congress has placed
the full force of criminal law behind the executive branch's
classification system," said Rep. Nancy Pelosi on the House
floor yesterday.
"This ... will create, make no mistake about it, with not one
day of hearings, without one moment of public debate, without
one witness, an official secrets act," said Rep. Bob Barr. "For
those who do not know what an official secrets act is, it is
something that we have never had in this country. It has been
broached many times, particularly in the Cold War era. But our
regard for constitutional civil liberties, our regard for the
first amendment ... has in every case in which an effort has been
made to enact an official secrets act beaten back those efforts."
Until now. Yesterday's House floor debate on the Intelligence
Authorization Act is posted here:
http://www.fas.org/irp/congress/2000_cr/h101200.html
_
Steven Aftergood
Project on Government Secrecy
Federation of American Scientists
http://www.fas.org/sgp/index.html
Email: [EMAIL PROTECTED]
-- End of forwarded message ---
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Wireless Location Technology for 3G - Nortel / CambridgePositioning
ligation to update or revise any forward-looking
statements, whether as a result of new information, future events or
otherwise.
*Nortel Networks, the Nortel Networks logo, the Globemark and e-mobility
are trademarks of Nortel Networks.
Contact for Press and Analysts:
Beatrice Germain
Nortel Networks
33 6 85 74 35 65
[EMAIL PROTECTED]
Susan Kwon
Nortel Networks
972-684-5701
[EMAIL PROTECTED]
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Multi-part security solutions (Was: Re: Rijndael Hitachi)
At 06:11 PM 10/11/00 -0700, Tim May wrote: A Medeco lock on a glass door may seem crazy, but a pickable lock on a glass door means those who know how to pick locks--like cops who have access to lock guns--can enter at will without any persistent evidence of their intrusion. Intrusion detection is important. Also, if it doesn't cost significantly more, you might as well use the Medeco lock on the glass door, or use 128-bit RC4 instead of 40-bit. Besides, the Medeco lock is probably more durable than the El Cheapo, and less likely to jam in an unlocked position. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Warrantless Searches, S.2516
At 07:48 PM 10/10/00 +0100, R. A. Hettinga wrote:
At 11:24 AM -0700 on 10/10/00, Michael Motyka wrote:
Get with the program Bob, they're not "warrantless searches", they're
searches (AKA fishing expeditions) conducted pursuant to an
"Administrative Subpoena."
Sorry.
My mistake. :-).
Cops at Door: Open Up! Bang! Thud! Thud! Th...
Person inside opens door
Cops in Room: thud! Trip! *)(!*$#E)!
Person inside: Let's see your warrant:
Cops in Room: We don't need no stinkin' Warrants, we got ourselves
an "Administrative Subpoena". In good faith, even!
Person inside: OK, then. Let's see your fishing license.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Ralph Nader sends privacy survey to Bush and Gore campaigns
On Tue, 10 Oct 2000, Declan McCullagh wrote: At 23:38 10/9/2000 -0700, Bill Stewart wrote: I seem to remember Etzioni being tied into the Communitarian movement as well. Right. In fact, that's an understatement. He's essentially the anti-cypherpunk: Regulate corporations' data collection practices strictly, but don't regulate the governments' practices. -Declan Could someone cogently explain the difference between communitarians and communists? ... I get the impression that communitarians were sort of a communist/fascist hybrid, but I'm sure someone has a more elegant explanation. The Commies could always recognize the FBI plants in their groups because they were the ones who paid their organization dues Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Rijndael NTRU
At 11:36 PM 10/2/00 -0400, Vin McLellan wrote: Paulo Barreto [EMAIL PROTECTED] quipped: Or it might not have occurred to everyone to prepare just-in-case releases for each of the finalists and wait for NIST's verdict ;-) Yeah, I thought of that too;-) The NTRU folk, however, didn't wait for today's announcement to place their bet. While I'm not aware of many companies doing anything about it, it's not really that tough - all of the algorithms had relatively similar parameters and sizes and calling requirements, and they were required to provide reference editions. So you should be able to write a couple of routines like aes_keyschedule(parm1, parm2...) aes_encrypt(*key, data) aes_decrypt(*key, data) and plug in the reference editions with some format-munger glue. Tuning the algorithms for your hardware and software environment is more work, and maybe you want to wait till there's a winner, but you get to claim you were way ahead of the curve by announcing support the day of the announcement... Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: More Columbine fall-out
At 05:09 PM 9/29/00 -0500, Jim Choate wrote: On Fri, 29 Sep 2000, Steven Furlong wrote: Schools must give police blueprints ALBANY - Schools will be required to submit copies of their building plans to local police and fire departments under legislation recently signed into law by Gov. George Pataki. Wow, in Texas you can't even build a building or house until the blueprints are registered. Normaly you can't get the permits nor will the contractors take on the job either. There's something deeper here. The police and fire departments want them so that if there's an emergency, they can get at them quickly. The blueprints registered at the town/township/county building department were probably looked at once and stuck in a box, maybe kept in a warehouse, and not looked at again once the check cleared (or in the case of New Jersey, once the required bribe was paid.) Not something you can get to in a hurry, if it was even kept. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: CDR: Why Free Speech Matters
At 07:20 PM 9/27/00 -0500, Jim Choate wrote:
There is a deeper point that needs to be made you're glossing right over.
It has to do with that term 'free' or 'freedom' you keep throwing around.
Your application does not do justice to the meaning of the term.
The reality is that 'freedom' means (even in crypto-anarchy circles) the
right (note that word Timmy) to engage in whatever behaviour one chooses
so long as it is consensual and doesn't abridge anothers right to
expression.
Trying to 'shun' somebody for their non-invasive behaviour
(e.g. two dykes kissing in a ball park) is the peak of anti-freedom.
If a person really respects freedom it is more
than 'freedom for me but not for thee'.
Jim, you've always come out strongly in favor of regulating
businesses that do things in ways you don't like,
and using government to do it rather than market forces.
That's 'freedom for me but not for thee', whether the
behavior in question is kissing people or selling them stuff.
The basic choices you have for regulating people's behavior
in society are talking to them, not talking to them,
or beating them up. In most "civilized" societies,
beating people up is frowned on except when the government does it,
and governments provide lots of mechanisms for chicken out
before they have to resort to violence (doing what the business
regulators tell you to do, or paying the fine, or going to jail
peacefully instead of shooting your way out, but all of these are
things you do because the government will otherwise shoot you,
and periodically they hold a Waco to remind you that they will.)
In a more civilized society, whether it's an anarchy or just a
society where people ignore the police whenever possible,
that leaves you with ignoring people who do things you dislike,
or refusing to do business with them, or organizing boycotts,
or picketing or other forms of expressing your dislike for
how a person runs his business activities or non-business activities.
The kissing of the girls was nobodies business, in or out
of the park in a FREE society.
I think most of us agree that the ballpark acted like
major-league assholes, but that's a separate discussion.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Reno shocked!
At 05:09 PM 9/26/00 -0400, [EMAIL PROTECTED] wrote: Janet Reno said she only just learned that Wen Ho Lee was kept in a cell for nine months IN CHAINS. Of course, she didn't think that had anything to do with him pleading guilty to one item of downloading data. Or that there was anything wrong with doing it. She recovers from shock quickly. Louis Freeh recently had to explain to some Congressional committee about why they busted Lee and treated him like that. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: CDR: Qualcomm bouncing MIME messages
At 08:16 PM 9/20/00 -0400, William H. Geiger III wrote: It seems that Qualcomm is bouncing all multipart mime messages. I have bounces of PGP/MIME messages, multipart/alternative messages (text html), a poorly formatted multipart/mixed that only had one part which was the text of the message. Eudora has trouble with some of the MIME variants used by Mutt. I don't know if that's because Mutt's outputting wrong formats, or because Eudora's failing to interpret them correctly, but if they reuse the same code in their mail servers it wouldn't be surprising if their policy chokes on some of it. And there's *lots* of other badly formatted mail out there, though lots of that is spam. This seems to be a rather anal approach to filtering out potential virus. Considering that Qualcomm is a member of the IMC (Internet Mail Consortium) it would be funny if not so sad. If you do good bouncegrams when you reject incorrectly formatted mail, the sender will probably retry, so occasional false positives on mail from humans aren't a big problem, and of course bouncing mail from spambots isn't a problem. The worst case is when you reject mail that was generated by a bot you actually *wanted* to receive mail from, but hopefully most of those have administrators checking their rejects. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: -C-P- Re: CDR: Re: would it be so much to ask..
If you put the tag at the end of the line, not the beginning, it doesn't break sorting - all the articles of a given thread stay together. One difference between what you do and what some other mailing lists do is that cypherpunks uses multiple list servers, and yours munges the Subject: lines while the others don't. Most mailing lists that label their traffic use just one server; if they're using multiple servers, they're administered identically, so you don't have a mixture of munged and undamaged topics. At 05:51 PM 9/19/00 -0500, you wrote: On Tue, 19 Sep 2000, Tim May wrote: I suppose you know why we don´t have that (the remailing issue). But I kinda have another idea. Just start every subject line with eg -C-P- like I did now, then it would be really easy to filter all the mail. Nitwit, this idea has been proposed many times. Choate even does this, unfortunately, to all traffic flowing through his node. No, I don't do this. I do put a tag in the title for traffic analysis and easy visual identification. Despite your bitching about it, about 70% of the mailing lists I'm aware of do the same thing. The only distinction is they put []'s around it. I could put []'s if that'll make you happy. The 'CDR' itself stays. Very handy for quick visual scanning. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
BayFF Celebrates RSA Patent Expiration 9/11 7:30pm SFO Hyatt
===
Media Advisory
BayFF Celebrates RSA Patent Expiration
Whit Diffie and Dave Del Torto Speak of RSA's Past and Future
WHO: Electronic Frontier Foundation, Whit Diffie, Dave Del Torto
and music by UKUSA from VirtualRecordings.com
WHAT: `BayFF' Meeting on RSA Patent Expiration
WHEN: Monday September 11th, 2000 at 7:30PM
WHERE: Hyatt Regency San Francisco Airport
(650) 347-1234
Directions are forthcoming on the EFF website: www.eff.org
In honor of its 10th Anniversary of defending civil liberties online, EFF
presents a series of monthly meetings to address important issues where
technology and policy collide. These meetings, entitled "BayFF,"
kicked off on July 10th and will continue throughout the year. The upcoming
BayFF features famed cryptographer Whitfield Diffie and MEconomy's Master of
Secrets, Dave Del Torto. They will help us celebrate the RSA patent's
expiration on September 20th, 2000. How will these changes effect the public
at large? What are the benefits? Are there any drawbacks?
Whitfield Diffie, who holds the position of Distinguished Engineer at Sun
Microsystems, is best known for his 1975 discovery of the concept of public
key cryptography, for which he was awarded a Doctorate in Technical Sciences
(Honoris Causa) by the Swiss Federal Institute of Technology in 1992. Diffie
received a Bachelor of Science degree in mathematics from the Massachusetts
Institute of Technology in 1965.
For a dozen years prior to assuming his present position in 1991, Diffie was
Manager of Secure Systems Research for Northern Telecom, functioning as the
center of expertise in advanced security technologies throughout the
corporation. Since 1993, Diffie has worked largely in public policy, in the
area of cryptography.
Dave Del Torto's career in Internet privacy and security started in
the late 1980s at the University of California at Berkeley, where he
was one of the original "Cypherpunks." He joined Pretty Good Privacy
Inc. (PGP) as a founding employee in 1996, and in 1997 was part of
the four-man team that published the entire PGP source code in 13
paper volumes, which resulted in the first legal international PGP
freeware (exports of 128-bit crypto have since been greatly deregulated).
He currently serves as the Executive Director of the CryptoRights Foundation
(a human rights security organization) and is the Chief Security Officer of
MEconomy, Inc., a privacy infomediary company based in San Francisco.
You can subscribe to EFF's mailing list to receive the
regular BayFF annoucements. To subscribe, email [EMAIL PROTECTED]
and put this in the text (not the subject line): subscribe BayFF.
The Electronic Frontier Foundation (http://www.eff.org) is the leading
civil liberties organization working to protect rights in the digital world.
Founded in 1990, EFF actively encourages and challenges industry and
government to support free expression, privacy, and openness in the
information society. EFF is a member-supported organization and
maintains one of the most-linked-to Web sites in the world.
Contact:
John Marttila
Administrative Assistant
Electronic Frontier Foundation
415-436-9333 ex 107
==
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
SF Bay Cypherpunks, 9/9/00, E-Dome, Santa Cruz Mountains
SF Bay Area Cypherpunks September 2000 Physical Meeting Announcement General Info: DATE: Saturday Sept 11 2000 TIME: 12:00 - 6:00 PM (Pacific Time) PLACE: Eric Messick's Dome, Santa Cruz Mountains Agenda This is a low-key meeting at Eric's home in the mountains, beginning about 1pm. ~12 -Bring lunch, undo geographical delocalization, admire mountain roads and wildlife. Carpooling would be a good idea, given limited parking. ~1 - Admire the E-Dome, Hugh's Lab and the Copper-Insulated Wall, socialize, discuss Burning Man, Plan RSA Patent-expiration party ** - Eric Blossom's Starium Bump-in-the-wire Cryptophone demo - They're finally here, 3DES and everything. ** - Bill Scannell's trip to Ascension Island - An alternate landing site for the space shuttle, Ascension island is forbidden turf, occupied by NASA, NSA, and several other American spook agencies. ** - Hugh Daniel - IPSEC and FreeS/WAN update and demo. As usual, this is an open public meeting on US soil. Please leave the US soil outside :-) RSA has released the RSA patent to the public domain two weeks early, so bring code! There will still be a party around 9/20-9/23. Whit Diffie and Dave Del Torto will speak at an EFF meeting Mon 9/11 7:30pm at the Hyatt Regency San Francisco Airport in Burlingame. Details http://www.eff.org/EFF/BayFF/ will be posted soon. Location Most of the online maps provide unreliable directions, so use the attached. I find the drive takes about 30 minutes from Mountain View or 15-20 from the 280/17 intersection except during heavy traffic; parking is country roads and dirt driveways. Postscript Map to Eric's House - for printing a href="http://cryptorights.org/cypherpunks/2000/0909-SF-map.ps"Map/a % Human readable text directions to the E-Dome: % % Eric Messick or ||ugh Daniel % 15139 Old Ranch Road % Los Gatos, California, 95030-8506 % Latitude 37 08' 02", Longitude 121 59' 40" % [EMAIL PROTECTED] % eric__messages(+1 408 353 4751) % % From San Jose, take Highway 17 south from Interstate 280 or Highway 85. % From Santa Cruz, take Highway 17 North from Highway 1. % Exit Highway 17 at Summit Road and head west, in both directions that's % a right off the highway and left onto Summit Road. % Follow Summit Road past two streets on the left until Summit makes a hard % right turn at the third street, you want to turn left from Summit Road onto % Hutchinson Road which is more like going straight (in the day time be VERY % carful making this 'blind to oncoming traffic' turn!). % Follow Hutchinson until just after Riva Ridge Road veers up on the left % and you see a long group of black mailboxes on the right, make an acute % right turn here from Hutchinson Road onto Old Ranch Road. % At the first curve/split of Old Ranch road you want to stay right when the % road splits, (there is a "SLOW 10 SPEED LIMIT" sign at the fork; keep % to the right of this sign). % Follow the drive down the hill until it flattens out and the trees thin % out above you, you should see the top of the E-Dome on your left, our % driveway is the next left. % % Distance table: % South on 17 from Interstate 280 to Summit Road 15.0mi / 21.0km % South on 17 from Highway 85 to Summit Road 10.0mi / 14.0km? % North on 17 from Highway 1 to Summit Road 12.5mi / 17.5km % Then: % West on Summit from Highway 17 to Hutchinson Road 00.5mi / 00.7km % West on Hutchinson Road from Summit Road to Old Ranch Road 00.2mi / 00.3km % Hutchinson Road down Old Ranch Road to our driveway00.4mi / 00.6km % % % Schematic ASCII map to the E-Dome: % % this way to San Jose % | . % | |\ % |S |H | % Old|u |W | N % Ranch |m |Y | o % Road |m | | r % | */ |i |1 | t % |__/ |t |7 | h % /. | | % --++--+--+-+--+-=-- %Hutchinson Road/ | Summit Road % / | % Riva Ridge Road | % |1 % |7 % | % this way to Santa Cruz % -/_| Road % + Road Intersection % = Overpass % . Line of mail boxes % * E-Dome % If you have questions, comment or agenda requests, please contact the meeting org
Re: Re: Is kerberos broken?
Typical estimates for the entropy of English text are 1 bit/character; I'd expect most alphabet-based human languages are similar. Once you start getting into long passages that are commonly memorized, you not only need to worry about typing/spelling/whitespace corrections, but you often restrict the space of documents substantially, especially within social subgroups of users, and the main entropy becomes where to start and stop in the text, a much smaller space.] 'Twas brillig, and the slithy toves did gyre and gimble in the wabe Millions of people have memorized the Koran, and millions of people have memorized chunks of the Bible. Song lyrics give you some variety, especially when they're variable and unclear (Louie, Louie) It's nowhere near 12000 bits, not likely even 3200. At 03:55 PM 9/1/00 +0300, Sampo A Syreeni wrote: On Thu, 31 Aug 2000, Tom Vogt wrote: would put it at about 26^3200, which is on the order of 2^12000. Go ahead, I await your method of brute forcing that. yes, but would you TYPE 3200 characters every morning to log in? Besides, it is quite likely that such long passwords would actually be taken from known texts. It is relatively easy to track what texts a given adversary is likely to have read, obtain them in electronic form and run a brute force based on that. That's would usually bring us far below O(2^12000). Sampo Syreeni [EMAIL PROTECTED], aka decoy, student/math/Helsinki university Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: bombs
At 09:56 AM 8/18/00 -0700, Mark Allyn wrote: 1. Put water in the pipe. 2. Put pipe in the freezer. 3. The pipe will burst. 4. Put burst pipe into acrylic block 5. Title it pipe bomb 6. Donate to local art museum C'est nes pas une pipe-bombe :-) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: The good book
At 12:56 AM 8/15/00 -0400, Dale Petrie wrote: Can you send me the cook book to the me A.S.A.P What, you Law Enforcement trolls wanting to serve man again, and you've forgotten how? Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Major University to Review Carnivore
At 11:04 AM 8/11/00 -0700, jeradonah wrote: http://www.nytimes.com/library/tech/00/08/biztech/articles/11cnd-carnivore. html August 10, 2000 Major University to Be Asked to Review F.B.I.'s 'Carnivore' Is there a *John* Major University? :-) ... Today's announcement was not a surprise, since the F.B.I. said several weeks ago that it wanted an outside study of Carnivore. The desire for just such an independent analysis has been fueled by mounting concerns about invasions of privacy. Basically they're trying to look like Good Guys to prevent more FOIA and deflect more flak from the public. It's not very convincing. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: micro DNS
At 07:01 PM 8/12/00 -0500, Jim Choate wrote: I believe one of the consequences of increased commercial and governmental regulation of the 'Internet' will be the rise of private neighborhoods or communities of users sharing name and resource space that isn't available globaly. There's no point in using a neighborhood name space that's not available globally for a resource that _is_ connected globally - you just hang your space as a 3LD or 4LD or 5LD under the existing DNS, like julie.jimsfriends.ssz.com or julie.myfriends.billstewart.my-ip.net, where my-ip.net is one of the free DNS services. The purpose for having TLD space that's not part of the main DNS system is so you can have cool-looking domain names (4LDs aren't as cool), which isn't necessary for neighborhood name spaces. The question of what name space to use for a non-global IP is more complex - you may have a firewall or virtual private network running 10.x addresses. You can still use a FakeTLD or 3LD or 4LD for your names, but the machines will only be accessible from the outside world if you're using proxies (I'm counting MX servers at your firewall as proxies - but why use emails like [EMAIL PROTECTED] instead of [EMAIL PROTECTED]?) The place it gets messy is when you want URLs that look the same from inside and outside the firewall, like www.research.att.com. One approach is to have the firewall differentiate between externals like www.research.att.com and internals like printer.sanfran.att.com and fetch the material from outside when an insider wants it. Another is to use a master copy inside and copy updates to the outside version, so insiders are seeing a server in 10.x space and outsiders see public IP. We also need a public store and forward network for sending e-mail and low-bandwidth traffic up and down the interstates using CB radio's and 1200 baud packet modems. Why wait around for the gov to come up with some commercial only solution? The problem is that the government regulates the spectrum to protect the interests of big business the public, so there are limits on what technology is available for data. Amateur Packet Radio had done the technology development, but of course you need licenses, and enough amateurs _Believe_ in that sort of thing that unlicensed users or encrypted traffic will get hunted down. CB radio probably bans data, not that anybody's cared about the rules on CB radio for decades, but the radio problems are tougher because of interference from some yahoo in Florida with a 100-horsepower linear amplifier on his truck (that's 74600 watts) and long-distance propagation at those low frequencies. There is unlicensed spectrum in 900MHz and 2.4GHz bands, and companies like Metricom / Ricochet do make equipment and services that use them. You tend to need a high concentration of users to make that practical; there's commercial service in the Bay Area and a few other cities and airports, and people have done private MosquitoNets, primarily around Stanford. Of course there _is_ still UUCP and FidoNet technology - the first email link into Tonga was UUCP. Fidonet tends to have restrictions on sending encrypted data, partly because they wanted to deal with the billing problems since it ran on unsubsidized telephone calls, so your email message might cost the net hundreds if not thousands of dollars if it went internationally instead of within US local calling areas. Anything using dialup modems is of course traceable, but the remaining parts of uucpnet and fidonet may still have Obscurity value. Fidonet names didn't have ego-conflict problems - nobody much cares about the commercial/uniqueness value of being Node123 in Zone 4, and the addresses mapped into DNS as something like n123.z4.fido.net. UUCP names inherently had conflicts, but it was a mostly local namespace, so you could and did have 20 machines named mozart and 17 named bilbo, and the conflicts that mattered were who got to use the name at the popular hub machines like ihnp4, allegra, and uunet, though ihnp4!mozart! might point to a different machine than uunet!mozart! and it was OK. The .uucp DNS namespace was a real hack; I think it was resolved by connectivity to uunet, but I'm not sure that was consistent. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Used military equipment Was: Keg waiting periods? Gag.
(ITAR) printed in 22 Code Federal Regulations (CFR)
Part 120, et al, by DoS, July 1993. Further details can be found
in the CFR.]
121.1 General. The United States munitions list.
(a) The following articles services and related technical data are
designated as defense articles and defense services pursuant to
sections 38 and 47(7) of the Arms Control Act (22 U.S.C. 2778 and
2794(7)). Changes in designations will be published in the Federal
Register. Information and clarifications on whether specific items
are defense articles and services under this subchapter may appear
periodically in the Defense Trade News published by the Center for
Defense Trade.
(b) Significant military equipment: An asterisk precedes certain
defense articles in the following list. The asterisk means that
the article is deemed to be "significant military equipment" to
the extent specified in 120.19. The asterisk is placed as a
convenience to help identify such articles.
[Note: "Significant military equipment" means
articles for which special export controls are warranted because
of their capacity for substantial military utility.]
(c) Certain items in the following list are placed in brackets.
The brackets mean that the item is (1) scheduled to be moved to
the licensing jurisdiction of the Department of Commerce upon
establishment of a foreign policy control or (2) in the case of
spacecraft and related equipment, the item is under review by an
interagency space technical working group. The interagency review
will result in a recommendation as to whether an item should be
moved to the jurisdiction of the Department of Commerce or to USML
category XV which was established for that purpose.
(d) Missile Technology Control Regime Annex (MTCR). Certain defense
articles and services are identified in 121.16 as being on the
list of MTCR Annex items on the United States Munitions List. These
are articles as specified in 120.29 of this subchapter and appear
on the list at 121.16
Category I --Firearms
*(a) Nonautomatic, semi-automatic and fully automatic firearms to
caliber .50 inclusive, and all components and parts for
such firearms. (See 121.9 and 123.16--123.19 of this subchapter.)
... [various other categories]..
(d) Military pyrotechnics, except pyrotechnic material having dual
military and commercial use.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Ministers told to plan for e-nightmare
At 03:03 PM 8/6/00 -0400, Matthew Gaylor wrote: Tim May [EMAIL PROTECTED] wrote: Crypto anarchy also means the undermining of central states, both through apathy and through enabling of active measures to sabotage political and military operations. And thus Tim brings a pox down upon us all. BTW is that all political activity or just activity that you happen to disagree with? Tim isn't threatening to sabotage your political activity. Tim is pointing out that Crypto Anarchy means that just about anybody can sabotage just about anybody's political operations, because crypto anarchy implies that truly anonymous speech is possible. I think it's a mixed case - it's easy to post that BigOilCo bribed GeorgeW, but widespread crypto also means that they can bribe him more secretly. On the other hand, you can post that BigOilCo bribed him without knowing whether it's true, and a certain fraction of readers will believe it. But that's just yet another motivation for reputation systems, so you can get some good rating on whether a particular slander is worth believing or is just somebody in the Algore campaign going negative. A different kind of political operations that's sabotaged is government witchhunts against political enemies, because it's easier for the enemies to operate in secret, or to at least hide who the physical bodies are behind the pseudonyms. That doesn't stop a future McCarthy from announcing that he has a list of 200 names of traitors, because it's easy to generate a list of 200 bogus names, or make a speech announcing that you've got the list without having it. But it means that the witches only get ranted against, not burned. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: CDR: Request for link
So the obvious experiments are
- use up a geocities page and hotmail account and see what spam you get
- register some spamhaus's page and wonder what spam she gets
- register her page on some list of known spammers
- look at the other links on her website - what suckers live there?
- register your real site and see if your Self Esteem improves
because there are now more pointers to your web site :-)
My guess is that the scam is that if some fraction of the spammees
point to her on their pages, she gets free advertising and
higher rating in different web search engines.
At 11:18 AM 8/1/00 +0100, Ken Brown wrote:
I wonder what the scam behind this spam is? They wouldn't be doing this
if they weren't trying to make people part with money. But I can't see
the obvious rip-off. No phone numbers to call, no "adult checks" (I
still can't believe anyone ever fell for that one) not even an obvious
request for an email reply so they can put you on their spammer's list
of validated addresses.
[EMAIL PROTECTED] wrote:
Hello
I came across your site today and was interested in the like minded
nature of its content with my own.
In fact the Self Esteem Advisory Service set up around 3 years ago now
attracts visitors from all over the world. I have found that they are
interested in not only my site but also the content of other sites that
expand or complement our own material.
I was wondering if you would like a link from our website to yours. It
is all automated and you can just add yourself. I would appreciate a link
in return.
I look forward to hearing from you - many thanks
Elizabeth
Elizabeth Morris BA(psych). MAHPP
Buckholdt Associates
www.buckholdtassociates.com/seas.htm
The website even looks genuine, if mildly offensive - it is about using
emotional and social pressure to control your children, which is I
suppose some sort of improvement over the usual advice from US
authoritarians to use drugs - a child in the US right now who behaved
as I did when I was a child, or as my daughter does now, would be
doped up to the gills on Ritalin or worse - and they have the gall to
complain about the old Soviet Union perverting the practice of
psychology for controlling "dissidents" - these days you don't even
have to be a "dissident" you just have to be bored at school. Whoops,
near rant here. I just get really cross about the idea of people
forcing g drugs on people like me to turn us into people like them.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: USPO still trying to SPAM everyone
On Tue, 1 Aug 2000, Steven Furlong wrote: Subpoenas, SFAIK, don't count if they're sent by regular mail. They don't count at all unless physicaly put in the recipients hand by the server. There must be a witnessed transfer. One of the simplest, and consequence free, ways to handle subpoenas is to avoid the server. At least in California, if you rent a mailbox from a private mailbox provider, you have to appoint them as your agent for service of process. (I don't remember if the Federal PO picked this up as well, but it was definitely in the earlier California law.) Of course, the law didn't say _what_ you had to appoint your agent to do for you about serving processes, because it wasn't well-written, so I appointed my agent to deliver any subpoenas I pay her to deliver (:-) But the intent of the law is that delivering a subpoena to your mailbox company counts as serving it on you. I don't know if that applies with US Snail Post Office boxes or not - they don't accept package delivery from competing mail carriers, which is one of the big things I want a mailbox for, so they weren't in the running. But I'd expect that they've got some similar provisions in their service contracts. P.S. Jim Choate left a CDR: in the Subject: line by mistake again, but I fixed it. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: JYA, Cryptome Help Request
At 10:22 AM 7/26/00 -0400, John Young wrote: Declan's article ran on Friday July 21 day and the hits from it did not seem to affect the sites. Saturday, an AP story appeared but it did not include links to the site, however, Drudge Report picked up the AP story and provided a munged link to jya.com: http://jya.com/crypto.htmhttp://jya.com/crypto.htm Thousands of hits on this non-existent file began to appear in the error log, and there have now been tens of thousands of them (maybe in the hundreds of thousands, no count has been made, and each is multiplied by Digital Nation's error page with its graphics). You should be able to fix this quickly - GO CREATE THE FILE! Make it a pointer to the real thing or some mirror, and make sure it's got no graphics content. (I checked to see whether you've done so already, but you're overloaded so I can't tell.) We would appreciate advice on whether these log entries and messages are consistent with simple overloading or could indicate an attack, even a presumbably accidental attack by Drudge (who has still not answered my Saturday e-mail to correct the URL). The classic way people deal with situations like this (i.e. the last 6-12 months) is to either rent space at a bigger ISP, or deal with a caching-service vendor like Akamai, Sandpiper, or ATT who will cache your pages on their big-pipe cache engines and play whatever DNS or HTML games you need to point to them. (One popular approach is to use the annoying HTML redirect stuff; another is to serve the text page yourself with the IMG references pointing to that cache servers. You can also have your DNS point to them first if you prefer.) But you'll be charged by the megabyte shipped, or the hit, or the 95th percentile of the bit rate, or some similar pricing. There are some cheap-ass ways to mirror your pages as well. One is to use a big free web-page server like Geocities, and spread your web pages' images around there, and point your HTML to them, so again you're only serving part of the material yourself. Another is to make sure the pages are searched for by Google, a search engine which keeps a cached copy of the pages it finds as well as pointing you to the (often changed original), and then point users to the Google cache instead of your own page. If you're getting hit because of Slashdot, contact the /. administrators and bug them to either cache your stuff or at least point to some URL at a high-capacity site. /. doesn't currently cache, because back when they were an amateur-run business, they didn't want to pay lawyers to decide for them when caching was a copyright agreement people would sue you for and when it was a public service, and they've never updated that policy now that they're a real business with real lawyers. It also takes some work, but not really very much for them. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: John Young, the PSIA, and Aum
At 10:00 PM 7/24/00 -0700, Kevin Elliott wrote: US law currently forbids US citizens from engaging militarily in their own foreign policy, the way many Americans did during the Spanish Civil War (joining either the Commie or Fascist armies) or early WW2 (joining the Canadian or British armies.) But that doesn't mean it's inappropriate to be involved. Really? That's interesting- just out of curiousity when did was this legislated? Do you know if their have been any constitutional challenges to it? (their goes my Guns for Africa idea...) The Neutrality Act has a few different pieces - 1935, 1937, etc. There's an encyclopedia-style summary in http://www.bartelby.org/65/ne/NeutralA.html The 1937 amendment to it, reacting to the Spanish Civil War, is at http://oll.temple.edu/hist249/course/Documents/1937_the_neutrality_act.htm Looks like FDR wanted them repealed in 39 (they were keeping the US out of war) http://crh.choate.edu/history/tfoster/amdiplomacy/documents/FDRneutrality.html and your favorite search engine can tell you more. http://harwich.edu/depts/history/pp/ww2/sld001.htm Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Choate proposing Dropping toad.com
Jim - have you sent mail to Hugh and John directly? Or just to
the mailing list bot-owners, plus postmaster and root,
which they don't likely check very often, even when Hugh's not on
yet another summer of international travel?
You probably don't want to drop JYA or Hugh or Pablos,
though they could easily enough be redirected.
Some of the subscribers are clearly gateways to local Usenet groups
that let people read the list with newsreaders.
I'm not sure how many of these are single-reader systems and how many
are universities or other sites with multiple readers,
but it's difficult to tell what name the user actually posts with.
There's also a problem with +enhanced SMTP addresses, which allow the user to
add "+something" to the end of their user name, so they can sort message
streams,
but their outgoing mail probably won't have the plus-info. For instance
[EMAIL PROTECTED]
probably would send mail to the list as
[EMAIL PROTECTED]
and any "only accept mail from subscribers" option needs to address them.
I think it does make sense to move the toad users to a different server
and set an autoresponder pointing to the current list-server locations.
That won't prevent the problem of harassers subscribing the list to other
lists,
but it's a start. The big negative about it is that
originating users at one-way remailers won't get the bouncegrams,
but most people who know how to use remailers can find us anyway.
Bill
At 10:07 AM 7/19/00 -0500, Jim Choate wrote:
Hi,
I've sent a couple of emails to the toad.com operators and have received
nothing back. I see this is indicating a distinct lack of interest on
their part.
As of today the current toad.com member list is below. It looks like
we could drop it completely if cyberpass and algebra would drop.
Note that this does not prevent the toad.com operators from participating
in the current CDR. Only that the current CDR doesn't wish to participate
in the original list any longer.
Date: Wed, 19 Jul 2000 08:34:19 -0700 (PDT)
From: [EMAIL PROTECTED]
Your request of Majordomo was:
who cypherpunks-unedited
Members of list 'cypherpunks-unedited':
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Foreigners with guns
At 01:11 PM 7/12/00 -0400, Duncan Frissell wrote: At 11:56 AM 7/12/00 -0400, Marcel Popescu wrote: (2) EXCEPTIONS.:Subsections (d)(5)(B), (g)(5)(B), and(s)(3)(B)(v)(II) do not apply to any alien who has been lawfully admitted to the United States under a nonimmigrant visa, if that alien is: (A) admitted to the United States for lawful hunting or sporting purposes or is in possession of a hunting license or permit lawfully issued in the United States; I suspect much of the country makes it easy to get a hunting license, at least if you've got a driver's license. Here in California it's sometimes been hard to get a driver's license without citizenship papers because some of the Republicans think it's unsafe to drive while speaking Spanish, but Georgia is probably easier about that. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Kevin Mitnick now unmuzzled, from Online Journalism Review
I normally don't forward Declan's lists to Cypherpunks, but this looked topical. Date: Mon, 10 Jul 2000 15:41:39 -0700 (PDT) From: "Joshua S. Fouts" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Mitnick Free to Speak Hi Declan. Thought you might be interested in Doug Thomas' minutes-old report that Kevin Mitnick's probation officer has reversed their initial ruling and will now allow him to write, speak and report on tech issues for the media. http://ojr.usc.edu/content/story.cfm?request=398 Mitnick Free to Speak By Douglas Thomas Kevin Mitnick was informed today by the United States Probation Office that he will be permitted to pursue several offers of employment including speaking engagements, security consulting work and writing for Steven Brill's online magazine Contentville. The approval represents a reversal of the probation office's earlier position that Mitnick was not to speak publically or write about any technology related issue. (See "Free Kevin (to speak!)".) In April, the probation office had sent Mitnick a letter denying all requests for employment, recommending instead that he "seek employment in another field." As a result of that letter, Mitnick returned to court hoping to get US Federal Judge Marianne Pfaelzer to provide guidelines regarding what employment opportunities would be considered "reasonable." Although Judge Pfaelzer set no such guidelines, her insistence that each of Mitnick's employment opportunities be reviewed seems to have had an effect. Moving from what Mitnick's defense attorneys deemed a "blanket denial" of Mitnick's right to speak or write, the probation office appears to be loosening up their restrictions to allow Mitnick to make a living. Mitnick expressed relief regarding today's decision, "I was in limbo," he said, "it was really hard not knowing what was going to happen." Writing for Contentville, Mitnick will be critiquing Internet and computer-related articles, providing his perspective and analysis. Other opportunities include speaking engagements, security consulting and possibly a position as a talk show host for Los Angeles radio station KFI. Mitnick's probation office, Larry Hawley had positive comments about Mitnick following the May hearing, calling him a "nice guy" who was "doing very well" under the terms of his supervised release. Since his release from prison in January, Mitnick has already made full restitution to the victim companies and is now concerned with getting on with his life and making a positive contribution. According to attorney Sherman Ellison, "a lot of maturation has happened in prison," and since that time, Mitnick has become a "valuable asset to the government and the private sector" because of his expertise. Joshua S. Fouts Managing Editor, OJR.org Online Journalism Review Tel: +1-213-740-1786 Fax: +1-213-740-3772 -- POLITECH -- the moderated mailing list of politics and technology To subscribe, visit http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ --
Re: ZKS: how EXACTLY does this protect privacy?
o's never seen you that
you're authorized to withdraw the money. A lot of the identity theft
problem has been
the increasing prevalence of universal identifiers - if "you" are a large
bundle
of transactions linked by your SSN and credit record, it's worth stealing
your identity.
But if your driver's license just lets you tell cops you're allowed to drive,
and isn't used for citizenship, check cashing, and air travel permission,
it's much less valuable to a thief who steals it, and it does much less damage
to you if it's stolen. Letting you keep more of your transactions separate
from each other
helps protect you from these problems.
privacy IS NOT synonymous w/ anonymity (again, the anarchists will
cringe, but it's another sobering fact of reality), but rather with
controlling the personal information that the world DOES come to know
about you..
That's a nice pipedream - you can't control what somebody else does
with information you've given them, though contracts often help.
The only real control is not giving people information.
Can ZKS/Privada disclose to me the personally identifying information
Web sites (and other corporations, organizations, etc) have collected
about me? Can I find out for what purposes this information is being
used? Can I make sure it is only being used for the reason I disclosed,
and not for other reasons I didn't approve? Can I make sure this
information is accurate and consistent? Can I delete my personal
info from a corporate database if I find they have been misuing it??
If ZKS tells every web site you visit as "nym1" that you're "nym1"
and every web site you visit as "nym2" that you're "nym2",
they won't remember all that marketing data nym1 gave the gamer site,
but you know that they're not correlating that data with the
information nym2 gave the college application site or
the fact that nym3 visited the US Government's drug information web sites,
unless you gave all those sites enough information to correlate.
It's not a 100% job, but it's much better than nothing.
Can ZKS/Privada stop the phone calls at 7am from my credit card
company, who just "wants to make sure the personal info they have
about me is correct, oh, and my the way, can we interest you in
a balance transfer from your Discover card while we have you on the line?"?
Well, depending on what they do with Stefan Brands's patents,
maybe they can give you an alternative payment mechanism.
And you may have less of a problem with them noticing that your
spending patterns are unusual and wanting to be sure it's really you.
Or you may have more of a problem, because you're using digicash
for most of the web purchases and saving the American Excess Card for
flying to Mexico on the spur of the moment.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
FBI Carnivore Wolfing Down Internet Privacy
obert Corn-Revere, of the Hogan Hartson law firm here, represented an unidentified Internet service provider in one of the few legal fights against Carnivore. He said his client worried that the FBI would have access to all the e-mail traffic on its system, raising dire privacy and security concerns. A federal magistrate ruled against the company early this year, leaving it no option but to allow the FBI access to its system. "This is an area in desperate need of clarification from Congress," said Corn-Revere. "Once the software is applied to the ISP, there's no check on the system," said Rep. Bob Barr (R., Ga.), who sits on a House judiciary subcommittee for constitutional affairs. "If there's one word I would use to describe this, it would be 'frightening."' Marcus Thomas, chief of the FBI's Cyber Technology Section at Quantico, said Carnivore represents the bureau's effort to keep abreast of rapid changes in Internet communications while still meeting the rigid demands of federal wiretapping statutes. "This is just a very specialized sniffer," he said. He also noted that criminal and civil penalties prohibit the bureau from placing unauthorized wiretaps, and any information gleaned in those types of criminal cases would be thrown out of court. Typical Internet wiretaps last around 45 days, after which the FBI removes the equipment. Thomas said the bureau usually has as many as 20 Carnivore systems on hand, "just in case." FBI experts acknowledge that Carnivore's monitoring can be stymied with computer data such as e-mail that is scrambled using powerful encryption technology. Those messages still can be captured, but law officers trying to read the contents are "at the mercy of how well it was encrypted," Thomas said. Most of the criminal cases where the FBI used Carnivore in the past 18 months focused on what the bureau calls "infrastructure protection," or the hunt for hackers, though it also was used in counterterrorism and some drug-trafficking cases. ======= Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
ANNOUNCE: July2K SF Bay Area Cypherpunks, 1pm 7/8/00 19925 Stevens Creek Blvd, Cupertino
SF Bay Area Cypherpunks July 2000 Physical Meeting Announcement
Meeting Announcements On The Web:
http://www.cryptorights.org/cypherpunks/meetingpunks.html
General Info:
DATE: Saturday 8 July 2000
TIME: 12:00 - 6:00 PM (Pacific Time)
PLACE: Fort NOCS, 19925 Stevens Creek Blvd, Cupertino, CA 95014
Agenda
The organized program begins about 1:00. After the meeting, there is
usually dinner somewhere nearby.
* Mojo Nation: A distributed data service
Jim McCoy, of Autonomous Zone Industries, will present the
architecture and design of Mojo Nation, a decentralized, distributed
data service with strong crypto/privacy features. Mojo Nation uses a
novel resource allocation mechanism to create a secure information
publishing, caching, and retrieval system with the ability to scale up
for higher bandwidth content. AZI will also be signing up beta testers
for Mojo Nation after the presentation.
You may know of this as Bram's "Evil Geniuses For A Better Tomorrow"
* Napster - Social and Technical Hacking - Bill Stewart
Lawsuits are such a boring and inappropriate way to change the
behavior of the Internet. Doing new cool things is better, but working
around the assumptions of new cool software can be fun too. Some of
these approaches also work for Gnutella and Freenet.
* HavenCo Update - Ryan Lackey - We'll make another attempt to connect
with Sealand.
As usual, this is an open public meeting, and everyone's invited. It's not
being held in a police station (:-) and you don't need to bring two forms
of government ID to get your key certified, unless you're into that sort of
thing, though creative false documentation is always appreciated...
Location
Thanks to Paul Holman for providing the facilities. Fort NOCS is located at
19925 Stevens Creek Blvd, near Stevens Creek and Blaney in Cupertino, about
3km from the 280 85 intersection.
Map of 19925 Stevens Creek Blvd, Cupertino
http://maps.yahoo.com/py/maps.py?Pyt=TmapYY=17435addr=19925%20Stevens%20Cr
eek%20Blvdcity=Cupertinostate=CAslt=37.3232sln=-122.0218zip=95014-2305
mag=9cs=9newmag=7
GPS About 37.3232 N 122.0218 W
Directions:
From 280, Take the Wolfe road exit and go South on Wolfe.
Right on Stevens Creek Blvd.
Turn Right into the Panasonic Parking lot.
Park in the back of the building, enter the rear entrance.
Enter the rear entrance.
It's the Large Conference Room.
From 101, Take 85 South to Stevens Creek,
Left on Stevens Creek, then as above.
If you have questions, comment or agenda requests, please contact the
meeting organizers:
Bill Stewart, [EMAIL PROTECTED] Cell +1-415-307-7119
Dave Del Torto, [EMAIL PROTECTED]
or if you're lost, Paul's cell phone 408.593.7581
---
This announcement has been sent to the meetingpunks and cypherpunks lists.
You can find the announcement online at
http://www.cryptorights.org/cypherpunks/meetingpunks.html
To UNSUBSCRIBE an address from the meetingpunks list send email to:
[EMAIL PROTECTED]
with "unsubscribe meetingpunks [optional-address]" in the BODY.
To SUBSCRIBE an address to this list send email to:
[EMAIL PROTECTED]
with "subscribe meetingpunks [optional-address]" in the BODY.
To contact the list-owner, send email to [EMAIL PROTECTED]
---
To unsubscribe from the cypherpunks list, look at the mail headers, find
which of the servers sent you the message, and send mail to
cypherpunks-request at that server saying "help".
---
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: CDR: Re: losing laptops, opsec = barium.
At 05:19 PM 6/22/00 -0400, Sunder [EMAIL PROTECTED] wrote:
Bill Stewart wrote:
Probably because the standard PC software doesn't come with
military-quality encryption.
In large part this is because the Feds have tried to prevent civilians from
using it,
and set export policies to discourage it.
What makes you guys think it's not barium. There apparently have been far
too many incidents of "Ooops, I left my notebook in the pub" or "Gee, how
did that drive full of nuke secrets just vanish off my desk?"
Because it sounds like the kind of thing that can quite reasonably be
attributed to stupidity rather than malice, and (less objectively) because
it's fun to watch evil government officials fail because of bad effects
of their own activities.
Also because, having worked with classified information in the past,
I know that the stuff occasionally _does_ get misplaced, and the accounting
does occasionally get screwed up, and laptop drives sometimes get taken home
for people to work with at night or left in their desks instead of locked
up in the
Safe Which Requires Bureaucracy To Access, and security officers _do_ get
very
bent out of shape when it happens - and it's reasonable procedure for them
to do a security audit when there's an event like a fire, and not surprising
that somebody got caught taking a shortcut, and tried to cover it up by
dumping the drives behind the copier instead of having them found in their
desk.
On the other hand, the government press releases have been constantly
talking about
"making sure the stuff hasn't been tampered with" as opposed to "of course,
there's no way to tell if anybody copied the data before returning the
drives",
which would be a much more realistic espionage scenario that they don't have
much they can do about.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
NSA Buying Canadian Hard Drive Encryption Software
From the "Export Jobs, Not Crypto" front and the "Crypto Laws Weaken National Security" branch of People Exporting Tasty Algorithms .org http://technews.netscape.com/news/0-1003-200-2122967.html?tag=st.ne.ron.lthd.ni Canadian encryption experts to guard secret U.S. data By Reuters Special to CNET News.com June 21, 2000, 2:15 p.m. PT TORONTO--Canada's Kasten Chase has been given the exclusive go-ahead by the U.S. National Security Agency to safeguard top-secret government data, which could make the recent theft of computer hard drives laden with nuclear secrets from Los Alamos National Laboratory a nonissue in the future. Toronto-based Kasten Chase became the first company to be endorsed by the security agency to encrypt the hard drives, not just the data, the company said today. "If those (Los Alamos) devices had our media encrypter, when they were switched on by anybody that had stolen them, they would have been absolutely useless," Kasten's chief executive Paul Hyde told Reuters in a telephone interview. The only thing preventing the breach of a hard drive today is the operating system's initial passwords, said Hyde. "With our system, you could rip that thing to shreds and you couldn't get to it. There is no way that data would be accessible," he added. Kasten Chase's RASP Secure Media system is "necessary and sufficient" to encrypt military, police and intelligence agencies' mission-critical information to the "classified secret" level, said Michael Flemming, chief of the National Security Agency's Information Assurance Solutions Group. "We are pleased to certify the RASP Secure Media product as meeting our requirements for encrypting information on computer storage media," Flemming sai in a statement. Kasten already has a product in use by about 90 government agencies, since certification in June 1999, that allows remote users to access classified data, said Hyde. Also, Kasten said today that it would integrate its products with Alcatel's Virtual Private Network, a secure corporate or government intranet that works through the Internet. Story Copyright © 2000 Reuters Limited. All rights reserved.
ANNOUNCE 6/20 Xerox PARC -- Life in an Era of Cryptographic Abundance
A number of Usual Suspects will be speaking at Xerox PARC -Original Message- From: Tom Berson [SMTP:[EMAIL PROTECTED]] Sent: Thursday, May 25, 2000 12:15 PM To: [EMAIL PROTECTED] Subject:Life in an Era of Cryptographic Abundance -- 6/20/2000 Dear Colleague, You are warmly invited to participate in a symposium to be held at Xerox PARC on 20 June 2000. Details are below. 1. Please forgive us if you receive more than one copy of this invitation. 2. Feel free forward this invitation to people who you feel would be interested. 3. For the latest information see http://www.parc.xerox.com/crypto-symposium. I hope you can participate. Best, --Tom Berson == LIFE IN AN ERA OF CRYPTOGRAPHIC ABUNDANCE -- A symposium organized by the Xerox PARC Computer Science Laboratory FREE and open to the public June 20, 2000, 9 AM - 5 PM PARC Auditorium Coyote Hill Road Palo Alto, CA 94304 Information security technologies are in rapid flux. Cryptosystems are becoming stronger, faster and more widespread. At the same time, operating systems are becoming weaker and more poorly administered. All this is happening against a Moore's-law-driven background of improvements in storage capacity, bandwidth, connectivity, and computational power. Potentially disruptive technologies such as quantum computing and nanotechnology are in the wings. It seems clear to some that by 2010 cryptographic operations of all sorts will be as cheap and as plentiful as dirt, and that they will be as unremarkable then as IP stacks have become today. How will things be different in the coming era of abundant cryptography? How will our children keep a secret? What new businesses will arise? Others believe the promise of cryptographic abundance will be stopped in its tracks by growth in overall complexity or by government intervention. Come join us to explore the scientific, engineering, economic and social issues raised by an era of cryptographic abundance. - Speakers: Paul Kocher (creator of Deep Crack, inventor of power analysis, president of Cryptography Research, Inc.) Kevin McCurley (of IBM Research; president of the International Association for Cryptologic Research) Ralph Merkle (co-inventor of public-key cryptography and one of the top figures in nanotechnology) Andrew Odlyzko (head of the mathematics and cryptography research at ATT Labs; historian and philosopher of science) Nicko van Someren (co-founder and chief scientist at nCipher, makers of cryptographic acceleration appliances) Roy Want (principal scientist at PARC; expert at wireless devices and embedded computing) Symposium organizer and panel moderator: Tom Berson (principal scientist at PARC) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Patent Office bad decision on cell-phone location services.
This was on Dave Farber's list.
If the press release is to be believed, it's a patent on
using a wireless handset to deliver information that's
dependent on where you are, such as telling you the nearest MacDonald's.
- handset-based services granted now, network-based pending.
I'm not sure how broad their patent claims are,
as opposed to their marketing PR (:-), but it sounds like it's
way over-broad, steps on lots of things that should be obvious enough
to anyone skilled in the trade, and sounds like Yet Another
Stupid Patent Office Trick.
..."U.S. patent office has conditionally allowed Cell-Loc to claim the
delivery of handset-based wireless location content and services over
the Internet as its property, regardless of technological method
employed."
http://www.cell-loc.com/mdnews/NR000516.html
Unfortunately, after downloading the half megabyte of animated Web Designer
Candy
that serves as their main web page, it wasn't possible to get to any
real information...
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
FBI, FCC want warrantless wiretaps on packet networks
http://www.zdnet.com/zdnn/stories/news/0,4586,2570897,00.html
In a case with broad implications for communications technology,
lawyers for the Justice Department and a coalition of telecommunications
and privacy groups square off in federal court Wednesday to argue
whether the FBI should be allowed to intercept Internet communications and
pinpoint the locations of cellular phone users without first obtaining a
search warrant.
At issue in the proceedings before the U.S. Court of Appeals in
Washington are rules issued last year by the Federal Communication
Commission spelling out how telecommunications providers will be
required to comply with the Communications Assistance for Law Enforcement Act
(CALEA), passed by Congress in 1994.
Among other things, the act requires telecommunications equipment
manufacturers and service providers to build into their systems the
capability for surveillance of telephone line and cellular communications,
as well as of services such as advanced paging, specialized mobile radio
and satellite-based systems.
After telecommunications providers were unable to reach agreement with
FBI officials on how to implement the monitoring capabilities,
the FCC adopted rules that in several areas went beyond the CALEA language -
including a requirement that cellular phones be traceable and that
information
on any digits dialed after a call is connected, which could include such
things as account or credit-card numbers or call-forwarding instructions,
must be provided.
Warrant not required
As interpreted by the FCC, the act also would require telecommunications
providers
to turn over "packet-mode communications" - such as those that carry
Internet traffic -
without the warrant required for a phone wiretap.
Taken in total, the FCC rules amount to a "significant expansion" of law
enforcement's ability to monitor private communication, said Jim Dempsey,
senior staff counsel for the Center for Democracy and Technology.
"We're arguing that given the constitutional right to privacy, and given
Congress'
concern about protecting that privacy that it was wrong for the FCC to
broadly
interpret this statute to give more surveillance powers to law
enforcement," he said.
But a Justice Department official, who spoke with MSNBC.com on the condition
that he not be named nor quoted directly, said neither CALEA nor the FCC's
interpretation of it had given authorities new eavesdropping powers.
The law simply says if agents are legally authorized to get information,
then the telephone carriers have an obligation to provide it, he said.
Rule called overly broad
Dempsey, however, noted that the rule requiring telecommunications companies
to hand over packet-mode communications is overly broad and will result in
the content being given to authorities who have not gotten a warrant.
"It would deliver to the government the content of communications that the
government has no authority to intercept," he said.
"Now, on a normal phone call, carriers distinguish between the content and
the dialing of a number. (Agents) don't get content of the communication
unless law enforcement has a court order issued under strict legal standards."
The Justice Department official acknowledged that under some circumstances,
agents would be given material they were not legally entitled to.
But he said the problem occurs not because law enforcement wants to avoid the
legal requirements for such "electronic intercepts" but because
telecommunications companies have said they are unable to separate the
content
of such packets from the destination information. In such a case, the
official said,
the information could not be used in any civil or criminal proceeding.
Other groups that will argue against the FCC rules are the
Cellular Telecommunications Industry Association, the U.S. Telecom
Association,
the Electronic Privacy Information Center, the Electronic Frontier Foundation
and the American Civil Liberties Union.
Privacy advocates have expressed concern over the increasing use of
eavesdropping by federal authorities, which has jumped 33 percent
since President Bill Clinton took office in 1993.
A report earlier this month by the Administrative Office of the U.S. Courts
showed that 53 percent of the 1,277 wiretaps authorized last year were
electronic intercepts, which are used to tap wireless phones, pagers and
e-mail.
That was a 17 percent increase from 1998.
=
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
RE: NSA on AES2
At 01:54 PM 05/16/2000 -0600, Anonymous wrote:
look no further than DES. Whit Diffie (see his forward to 'Cracking
DES') was speculating about bruting DES from *before* the day it
was published in 1975. Read Weiner's 1993 paper on building
Last year I heard Diffie say (at PECSENC meeting) that
"Exportable means breakable"
AES is exportable, I assume.
Do you agree with Diffie ?
The rules have changed since Diffie made that statement;
at the time it was definitely true, except to the extent
that special people could get special permission for limited-use exports
(e.g. banks could export 3DES gear, because the Feds understand that
they don't want large amounts of money to leak away, and because
banks have to tell the Feds whatever they want anyway.)
The current rules, as Peter points out, are confusing and byzantine,
but almost anybody can export real crypto almost anywhere now,
at least if they get permission, which the Feds are supposed to grant.
The AES candidates were designed in a reasonably open process,
with the expectation that the export rules would either fall entirely,
or else be relaxed at least to the point that banks and big companies
could export crypto. The openness was partly for the usual crypto reasons
(can't trust something that hasn't been well-analyzed), and partly to
avoid the decades of FUD about secret NSA backdoors that plagued DES.
Some of the design teams even have (gasp!) non-Americans in them.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
India drops proposed cybercafe regulation
From Totaltele.com (It's one of those free-registration online trade rags; the amount I quoted below looks like fair-use quantities, and you can read more at the web site...) India's doing a big telecom/ecommerce bill, and various people have been throwing stuff into it. This part fortunately failed. 000 http://www.totaltele.com/secure/view.asp?ArticleID=27536pub=ttcategoryid=626 The Indian government has dropped a proposed amendment to a planned information technology bill that would have required compulsory monitoring of cybercafe users by proprietors, an official said on Monday. "It has been deleted. It is not here, the amendments proposed," said an official, who did not wish to be identified. The bill, which aims to provide a legal framework for electronic commerce, was listed for debate and passage in the lower house of parliament on Monday. It aims at faciliating digital signatures, electronic transactions and use of electronic documents as legal records. The government's decision to drop the proposed amendments came after industry opposition to certain provisions of the bill and criticism from opposition parties in parliament. Criticism mainly concerned amendments of the bill which stipulated compulsory registration of details on Web sites hosted from India and also a thorough recording of visitors to Internet cafes and the sites they visit by the cafe owners. The clause was considered draconian because it prescribed fines and imprisonment in cases where the rules are breached, and also set a six-month deadline on providing Web site details. Opposition deputies said the government was seeking to rush the bill through without giving them enough time to analyse the proposed landmark legislation. ...more...
Re: Harmonized Packet Data Intercept Standards
At 09:15 AM 04/29/2000 -0800, you wrote: Somebody beat us to it. Check out www.tveyes.com -- they do real-time speech-to-text of broadcast television and then send you e-mail if your key words are spoken. Is it really doing machine-based speech-to-text? I remember hearing about some service that used the closed-caption channels as its source, which are normally human-transcribed. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: DIY Tempest-Proofing
On Mon, 24 Apr 2000, concept wrote: Does anyone have any recommendations for more technical TEMPEST-proofing documents? I am unable to find anything of serious substance on the web. Could someone recommend an offline source? Check out cryptome.org, John Young's site; I think there are some TEMPEST-related documents there. There are several popular approaches, most of which aren't really useful to the amateur. 0) Make sure there aren't obvious TEMPEST listeners nearby, suspicious vans with moby antennas, new chips added to your keyboards, etc. Yes, unfortunately, that's the useful one :-) Radio emissions do the usual square-cube-law power thing, so the more distance between you and a listener, and the more other keyboards and monitors, the better. Just because you're paranoid doesn't mean they're not out to get you, but if your web server is at a big hosting center, there are enough other sources of signal that it's easier for them to crack into your system or blackbag your hardware. 1) Build a Faraday cage room; these days you need at least 100dB shielding, which will probably cost you $50-100K for a good room. That's really much tougher to build than 50-60dB shielding you can get with wire mesh or some of the nice conductive-fiber cloth, and you have to pay really close attention to all your seams, air ducts, fiber ducts, etc. Back when I ran a TEMPEST computer room, 100-120dB was enough, and VAXes put out a lot more power than modern PCs, but all of it was much lower frequencies and less penetrating than current 500MHz computers. If you've got a friend in the ElectroMagnetic Compatibility Testing biz, you may be able to borrow a room on occasion, if all you want is a quiet place to use your laptop. 2) Use really quiet computers. You can buy some on the government-contractor market; if you're asking the question on a list like cypherpunks, and haven't read the public source material yourself, you probably don't have the EE skills to build your own, which involves much deep wizardry, but you can probably figure out how to use shielded cables and such to prevent leaks. Simply using a laptop isn't quiet enough (I've received laptop screen images on my television, though that presumably came from the external VGA port.) A decade ago, these tended to cost about $5K more than the same PC, non-TEMPEST, though a large fraction of that cost was the amortized cost of testing and certifying the things, rather than the actual cost of building them. 3) Use a small Faraday cage that can hold your computer, but isn't big enough to hold you. I think the cost of the shielded-rack-mounted ATT 3B2 computers was about $10-20K more than the non-TEMPEST version, and it did a good job on filtering power supplies and penetrations for fiber. (And again, lots of the cost is certification, not technology.) The problem is how to get your data in and out securely. This is a fine mechanism for running a remailer or digibank, where all the data comes in on the communication fibers, but it's not as useful if you need a keyboard or monitor. And again, shielding that was good enough for a 25MHz machine isn't necessarily enough for a 500MHz machine. 4) Use non-electronic equipment. Get the Cryptonomicon and learn Solitaire (or one of the other RC4-on-playing-cards variants.) Relearn to use an abacus and slide rule and pencils and manual typewriters. Find out if you can still buy flash paper anywhere. Learn to speak Navajo, or Tongan Polynesian dialects, or Tibetan, or Cockney rhyming slang, or Teenage-slang-of-the-month. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
