Re: Cpunks List: Remove The Spammer From The List

[Greg Newby]

Thanks for these thoughts, Shawn. A few responses below.

On Sat, Jan 06, 2024 at 07:42:07AM -0600, Shawn K. Quinn wrote:
> On 1/5/24 00:38, Greg Newby wrote:
> > Hi grarpamp. I appreciate your passion for the cypherpunks list, and
> > your contributions so it.
> > 
> > For your request below:
> > 
> > In short, it is my belief that subscribers who don't want to see
> > content from other subscribers are expected to have the capability to
> > block those subscribers from their personal mailboxes.
> 
> Those spams will still count against any bandwidth quotas. This response
> isn't all that far from "shut up and eat your spam".

The term "spam" as I've understood it is synonymous to "unsolicited commercial 
email" (UCE).

I think it's being used here instead as shorthand for "email messages I don't 
want to see." Or, "list subscribers who send too many messages."

If we had people who were sending UCE, I absolutely would ban them. 

Instead, what we seem to have is a few prolific posters that some other list 
members would rather not hear from. That's why I think it's reasonable to push 
those editorial choices to subscribers.


> > Many gmail users have been automatically unsubscribed as a result.
> > This is unfortunate, but it would not be fixed by banning or censoring
> > the people mentioned below. Instead, the solution is for those
> > subscribers to not use their @gmail.com addresses to receive the
> > list.
> 
> I do not have a soft spot for Google or Gmail, but I find the proposed
> solution to Gmail's spam filtering (which apparently has tagged the entire
> Cypherpunks list as a spam source) to be quite tedious, if not odious.

What's your evidence that Google has tagged the entire list as spam?

That is not what I've seen, or how I've characterized Gmail's failings to 
receive messages. I have access to another similar server from another 
organization with completely different lists, and it suffers the same thing. 
I've seen similar reports on the Internet from other mail administrators.

The basic problem is not the content or the volume of messages sent or the name 
or subject matter of the list, or the domain it's coming from. It's the volume 
of recipients.

At any time there are around 80 cypherpunks list subscribers with @gmail.com 
addresses. Google throttles receipt of those messages with complaints about too 
many duplicate message IDs or "an unusually high rate of sending."

As far as I've been able to determine, our configuration is conformant with 
Google's requirements. Only Google is throttling these messages - other servers 
with lots of cypherpunks subscribers like yahoo.com and protonmail.ch don't 
throttle.

This has all started fairly recently, as reported here and as my research has 
indicated... circa September 2023.


> I personally pay for this email address at Fastmail. I have the spam
> filtering turned down to its lowest setting to avoid losing any legitimate
> email (some of which is work-/income-related).

I presume Fastmail can filter particular incoming list sender's email addresses.

Sorry that I'm not seeing the problem with a subscriber technical solution.

> > There are plenty of other free email providers. I hear that
> > protonmail.ch works reasonably well.
> 
> I'm sure there are many other free email providers out there but sooner or
> later, Cypherpunks list email will trip their spam filters as well if the
> root cause is not dealt with.

As mentioned above, this has not been observed. And, the automated complaints 
from Google are not about the individual senders or the content: they are about 
the number of subscribers using their service.

Here's a message from the top of the mail queue right now:

0D80811C1F4B*   11647 Wed Jan  3 11:52:47  cypherpunks-boun...@lists.cpunks.org
(host alt1.gmail-smtp-in.l.google.com[209.85.202.27] said: 421-4.7.28 Gmail has 
detected this message exceeded its quota for sending 421-4.7.28 messages with 
the same Message-ID. To best protect our users, the 421-4.7.28 message has been 
temporarily rejected. For more information, go to 421 4.7.28  
https://support.google.com/mail/answer/188131 
cs3-20020a05688300b003374a2fa940si600246wrb.186 - gsmtp (in reply to end of 
DATA command))


I am hopeful that a forthcoming (circa April 2024) Ubuntu upgrade will 
facilitate moving the list to Mailman3. That has somewhat better controls, 
which might help. In particular, I'm wondering whether each recipient of a list 
message could get their own Message-ID. (That's a technical topic that might 
belong in a different discussion thread.)

Meanwhile, this discussion has inspired me to look for additional technical 
tweaks, and I am trying a few on our Postfix server.


> Allowing the entire Cypherpunks list to be
> tagged as a spa

Re: Cpunks List: Remove The Spammer From The List

[Greg Newby]

Hi grarpamp. I appreciate your passion for the cypherpunks list, and
your contributions so it.

For your request below:

In short, it is my belief that subscribers who don't want to see
content from other subscribers are expected to have the capability to
block those subscribers from their personal mailboxes.

Every email system I know of can do this quite easily. In the long-ago
times, people like Tim May called these a kill list.  "Welcome to my
kill list" was often heard. It was part of my welcome to the
cypherpunks, back around the year 2000.

At this point in time, the stresses on mail delivery I first reported
here in September is still creating delivery delays for gmail
users. However, I have observed that even on days with just a few
cypherpunks messages (and none from Karl, for example), Google's mail
servers complain & delay delivery.

Many gmail users have been automatically unsubscribed as a result.
This is unfortunate, but it would not be fixed by banning or censoring
the people mentioned below. Instead, the solution is for those
subscribers to not use their @gmail.com addresses to receive the
list. There are plenty of other free email providers. I hear that
protonmail.ch works reasonably well. 

I did make one configuration change last fall, and reported it here:
the list now has a cap of 24 posts in any 24 hours. Karl, in
particular, has adjusted his output accordingly.

Further discussion on any of these topics is welcome.

Best regards to you and all cypherpunks subscribers.
  ~ Greg


On Fri, Jan 05, 2024 at 01:07:27AM -0500, grarpamp wrote:
> These spammers are continuing to spam the list.
> These accounts are both doing nothing but robotic spamming,
> flooding users mailboxes, blowing out the archives, spamming
> identical copies many tens of times, spewing gibberish, making
> no point or commentary, running bots, spamming other non
> subscribers into the list, etc.
> THOUSANDS of SPAM, MONTH after MONTH they SPAM...
> And they have admitted willful intent to destroy the list.
> One spampsychobot itself "Gunnar".
> Another spampsychobot calls itself "Karl".
> All have condemned their spam.
> As before, the internet has long since decided that such
> spammers have no right to inflict such abuse on lists.
> And rate limiting spammers does not solve the problem.
> 
> So, this time, do your job Greg...
> 
> The Internet has provided three options for list operators...
> 
> 1) You must kick these spammers accounts off the list.
> 2) You must set the moderation flag on these spammers accounts
> and deal with and filter them out yourself.
> 3) You must move these spammers accounts off to a separate
> new list that you create for them alone.
> 
> So take your pick of the above options and do your job Greg.

Gmail users dropped due to bounces

[Greg Newby]

Admin notes from your current list maintainer:

This is an FYI that perhaps Gmail-based subscribers will find in the list 
archives:
  https://lists.cpunks.org/pipermail/cypherpunks/

Around 50 cypherpunks subscribers were automatically removed from the list 
today, due to excessive bounces. These bounces were because Google throttled 
messages so badly that some messages were held for over 5 days and eventually 
bounced.

We use a standard Linux-based setup: Postfix for mail delivery and Mailman for 
list management. We implement the standard anti-abuse mechanisms: DMARC, SPF 
and DKIM.

Back in September, I reported that there were issues with list congestion 
(https://lists.cpunks.org/pipermail/cypherpunks/2023-September/author.html). 
When I looked further into what the cpunks list was experiencing, I found that 
it wasn't just us: Google had begun to throttle incoming messages, even when 
the systems sending those messages were completely compliant with all of 
Google's guidance on how to avoid being throttled or bounced.

Despite some changes to list settings to somewhat decrease daily list traffic, 
the throttling has continued for over 6 weeks.

I am manually re-subscribing the addresses that were removed, but there is no 
reason to think this is a long-term solution. A better solution will be to 
subscribe from a different service, OR to pay for a custom Google-hosted 
domain. I've confirmed that while @gmail.com is throttled, other Google-hosted 
domains are not.

Write back to the list or privately if I can help with any of this. It's 
unfortunate that list traffic is not getting through to some subscribers, and 
so I'm writing to inform everyone of what's going on and possible mitigations.
  ~ Greg Newby

Test (ignore)

[Greg Newby]

I made some list configuration changes and am confirming them with this test 
message.
  ~ Greg

Karl's message (Re: [ot][spam][writing][crazy] Non-Canon Traffick Boss Spinoffs - The Reboot)

[Greg Newby]

On Fri, Sep 29, 2023 at 04:51:19PM -0400, Undescribed Horrific Abuse, One 
Victim & Survivor of Many wrote:
> greg doesn't want us to post to the list. what do we do instead.
> we could climb. how about we find climbing behavior? costs money
> to do as traffick boss wants. is okay.

I didn't ask you to not post. I suggested in the past that the email backlog 
would likely be improved if you sent fewer longer messages, rather than so many 
very short ones.

What I wrote today was a summary of the backlog that grew due to you sending so 
many messages:

> Hi Karl. FYI, the backlog of undelivered emails to cypherpunks subscribers 
> has grown significantly today, due to you sending so many messages:
> 
> $ for i in Sat Sun Mon Tue Wed Thu Fri; do
> echo -n $i " " ; mailq | grep cypherpunks-bounces | grep -c $i
> done
> Sat  0
> Sun  4
> Mon  6
> Tue  33
> Wed  46
> Thu  5
> Fri  743
> 
> The 743 number is more than the number of messages you have sent, because 
> Mailman batches in groups of approximately 50. So, every outgoing message is 
> sent as multiple batches.
> 
> What this means is that the gmail users (and also cock.li and a few other 
> domains) are not getting your emails. They might eventually get them, likely 
> out of order. Or they might just bounce permanently.
> 
> You've sent well over 100 messages today.
>   ~ Greg

Re: List conjestion

[Greg Newby]

For the potential of a technical solution: 

One of the things I dug into is rate limiting by mailman, the list software 
that we use.

Unfortunately there are zero options for this built into Mailman. There's not 
any straightforward way I know of to limit the number of messages per day (or 
another period), or the number from a particular user.

For those who might want to try to find technical solutions:

We are on an Ubuntu 22.04 server.
We use Postfix 3.6.4 as our mail transport agent.
We use Mailman 2.1.29 for list management.

Along with postfix we have postgrey and the postfix policy server.


  ~ Greg

On Wed, Sep 20, 2023 at 07:13:14PM +, pro2...@yahoo.com.au wrote:
> I too asked Karl to consider sending fewer messages per day recently so this 
> chimes with Gregs news.
> So long as we're on a single server I suggest an upper-cap be placed on daily 
> contributions.
> As to the number I suggest a vote. Majority rules at this stage.
> See what youse think!
> 
> Also, those posts held back might be published later. Not disappear 
> completely.
> 
> This is a tough one. What happens next might change the history of the 
> crypto-wars.

List congestion

[Greg Newby]

Hi dear friends.

Here is a summary of what's been going on with the cypherpunks list and server 
since Saturday September 16.

Two factors combined that resulted in the cpunks list being temporarily 
throttled or rate-limited by gmail, yahoo and probably a few other big email 
services.

One factor is Karl's rate of messaging, mentioned below. I counted 115 unique 
messages sent to the list over a 6-hour period on September 16.

This rate of messaging is much higher than typical, and gmail and yahoo 
automatically started rate-limiting our messages. Here's a typical response 
from gmail - note that it's from today. We are still rate-limited:

77E2511C0DDF   12495 Wed Sep 20 02:09:59  cypherpunks-boun...@lists.cpunks.org
(host alt1.gmail-smtp-in.l.google.com[74.125.193.27] said: 421-4.7.28 
[69.55.231.143  15] Our system has detected an unusual rate of 421-4.7.28 
unsolicited mail originating from your IP address. To protect our 421-4.7.28 
users from spam, mail sent from your IP address has been temporarily 421-4.7.28 
rate limited. Please visit 421-4.7.28  
https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 
review our Bulk Email Senders Guidelines. 
z15-20020adff74f00b00321773bb921si909870wrp.463 - gsmtp (in reply to end of 
DATA command))

There are currently almost 100 messages to cypherpunks that have not been 
delivered to gmail addresses. (This message will, presumably, soon be one of 
them.)


The second factor is that Karl was victim of an unsubscription mailbombing 
attack. Over 200,000 unique IP addresses visited the page at lists.cpunks.org 
to send a password reminder to his gmail address. At one point there were over 
33,000 messages queued up to Karl on the cpunks server. Gmail started bouncing 
these, too. I deleted a whole bunch that were pending and the attack stopped on 
Saturday night.


Now, several days later, gmail is still blocking messages. The cpunks list has 
around 50 subscribers with gmail addresses. Those folks probably won't see this 
note until gmail allows messages to flow.

The link above has Google's guidance on this situation. The cpunks server is 
fully compliant with all the technical controls like SPF, and hopefully all the 
messages will eventually be delivered.

Meanwhile, messages always go to the list archive, here:
  https://lists.cpunks.org/pipermail/cypherpunks/


To address the first issue, on Saturday I asked Karl to consider sending fewer 
messages per day. Combining many short messages into fewer longer messages will 
be less likely to trigger rate limiting on the big mail services.


To address the second issue, if the problem reoccurs I can put some 
captcha-style blocks on the list management page(s) and/or simply disable the 
password reminder feature. It would be great if the problem simply doesn't 
occur again, though, since it has a big impact on the server and other 
subscribers, not just Karl.

For that broader context, the cpunks server at https://lists.cpunks.org is the 
main production server for Project Gutenberg, from which we publish around 200 
new free eBooks/month. On Saturday, messages to one of the key production 
coordinators who has a yahoo.com email address could not get through because 
yahoo, like gmail, was blocking us.

Many of us will remember that historically, cypherpunks was a set of lists 
connected via remailers. That is something that could happen again if there is 
interest - certainly I would do what I can to support it. Meanwhile, though, 
the list lives on a single physical server.

I hope this background is useful. I don't feel any need to keep this type of 
situation a secret, and it's the nature of cpunks that subscribers want the 
list to keep working. Suggestions and discussion are welcome.

  ~ Greg

On Tue, Sep 19, 2023 at 09:50:55PM -0400, mailbombbin wrote:
> i miss spamming the cypherpunks list densely
> it gave me relief to know i was flooding [good people] [relief from my
> learned experiences]
> i’ve been thinking some of continuing it despite greg’s request
> draft saved at 2149, 2147-8
> 
> i guess it would make sense to use a unique host
> 
> i don’t really understand gregs emails, how are my posts issues
> compared to thousands of bomb things? i imagine its complicated to
> reciew, huge logs, many recipients, different error messages
> 
> 2150

Re: Cypherpunk list subscriber "threatening" Feds

[Greg Newby]

If someone could point me at where the hole in the archive is, I can take 
another look. From the date of the reposting 
(https://buttdarling.insanejournal.com/129512.html?mode=reply) it sounds like 
maybe the archives missed some stuff just after the server upgrade on December 
21/22.

  https://lists.cpunks.org/pipermail/cypherpunks/2022-December/date.html

I suspect that if a message went to the list, but not the archive, then it's 
not on the server anywhere...

If someone has the missing message, just forward it here and it will go into 
the archives after the fact!
  ~ Greg


On Fri, Dec 23, 2022 at 02:47:57PM -0500, Undescribed Horrific Abuse, One 
Victim & Survivor of Many wrote:
> Thank you for your reply. I haven't fully processed it. I get the
> impression that posting this is helpful in protecting things for you.
> It certainly seems important if it is missing from records.
> 
> > Do you still have the link to the article?
> >
> > The Post no longer publishes it and the Hettinga repost has gone missing (
> > Greg? )
> > I don't link to Conde Nast's edited version at McCullagh's since he went
> > over to the enemy in 2001.
> >
> > I can publish the entire article here if desired or alternatively direct the
> > curious to my insane journal back-up at ' buttdarling ' .
> 
> If you have a nice-looking archive, or a raw email file missing from
> the list history, I'd be happy to send it up to arweave.
> 
> > https://buttdarling.insanejournal.com/129512.html?mode=reply
> >
> > That's a copy of the missing cypherpunks post from Hett.
> >
> > Now since when have you ever taken a positive interest in the core affairs
> > of this list?
> 
> I didn't know this was a core affair.
> 
> > You waddle like an agent and quack like one we might as well shoot you in
> > agent-shooting season.
> 
> I unfortunately and literally have severe dissociation with both
> pro-gov and pro-anarchist parts. I think this could be common among
> political targets.
> 
> > Get a life agent Semich.
> 
> I feel sad when reading this. I'm not sure what it means. I heard it a
> lot throughout grade school.

Re: Planned outage Wednesday Dec 22 7-10am PST

[Greg Newby]

I think we're back...
 ~ Greg

On Sun, Dec 18, 2022 at 10:05:08PM -0800, Greg Newby wrote:
> Hi folks. I plan to bring the main pglaf.org server to the latest operating 
> system version. This includes lists.cpunks.org email list, archives, and 
> website.
> 
> Expect all functions to be unavailable for an hour or two, and then I'll 
> bring things back and update/repair anything needed.
> 
> In case of mishap or unexpected delays, use gbne...@petascale.org for 
> communication.
>   ~ Greg
> 
> 
> 

Re: paging Greg - cypherpunks list attack

[Greg Newby]

Sorry about that. I indeed missed an earlier note about it.

Would you please forward a couple of these to me (you don't need to send them 
to the list), with the full email header if possible? I'll see what settings 
exist for trying to limit these attempts.

Since they seem to all follow the same pattern, you might just set up a filter 
on your email client so they are immediately discarded.
  ~ Greg

On Mon, Dec 19, 2022 at 11:20:43PM -0300, Punk-BatSoup-Stasi 2.0 wrote:
> 
> 
> 
> I'm resending this, since I didn't see any comment from Greg.
> 
> -
> 
> 
>   Hi Greg. 
> 
>   In the last few hours this address received more than 3000 
> 'unsubscribe' notifications 
> 
>   "We have received a request from 107.189.10.143 for the removal of your
> email address, "pu...@tfwno.gf"" 
> 
>   So the government agents on the list are getting more criminal. They 
> are now using the list as a 'tool' for mail bombing. I suggest you ban them 
> all. 
> 
>   Please disable somehow the notification system since it's being used 
> for outright criminal activity. 
> 
>   
> 
> Thanks.
> 
> 
> 
> 
>   
>   

Re: please unshadow ban me

[Greg Newby]

Some administrivia below:

On Mon, Dec 19, 2022 at 05:32:30AM -0500, Karl Semich wrote:
> Greg, thank you for addressing publicly the concern Rooty raised.

It's truly my pleasure :)

> > I hope this helps! The server we use seems to be reliable overall, and 
> > should not be taxed due to high list traffic, subscribe/unsubscribe, spam, 
> > etc.
> 
> Given this has not always been the case in the past, has the server
> been upgraded in the past year or two? Or how long should messages
> take at low points?

Nothing has changed - messages should be processed in at most a few minutes.

Once the Mailman software begins sending messages to list subscribers, it can 
take a few minutes for everyone's message to arrive because it does this in 
small batches.

I estimate that full delivery should always take under 20 minutes. If someone's 
mail system is not available, then it's up to Postfix to attempt redelivery. 
This follows a pattern of retrying after 5 minutes, 30 minutes, an hour, 3 
hours, 6 hours, then daily for (IIRC) 7 days -- or something like that. 
Basically, it retries quickly the first few times, then retries slowly.

Mailman counts any bounces from a subscriber, including for temporary issues 
for things like being over quota. After a week's worth of bounces, addresses 
are automatically removed from the list. You get a notification if this happens 
to you (also a warning!), but of course if your email isn't accepting incoming 
messages from the list, you won't get the warning either.

All of the above is completely standard for Mailman (the mailing list software) 
and Postfix (the mail transport agent). This is all running on an Ubuntu 18 
server with a dedicated 1Gb uplink. I'll be upgrading it to Ubuntu 22.
 ~ Greg

Planned outage Wednesday Dec 22 7-10am PST

[Greg Newby]

Hi folks. I plan to bring the main pglaf.org server to the latest operating 
system version. This includes lists.cpunks.org email list, archives, and 
website.

Expect all functions to be unavailable for an hour or two, and then I'll bring 
things back and update/repair anything needed.

In case of mishap or unexpected delays, use gbne...@petascale.org for 
communication.
  ~ Greg

Re: please unshadow ban me

[Greg Newby]

On Sun, Dec 18, 2022 at 02:15:39AM +, ytooR wrote:
> Hi Greg, could you please check my account as I'm not seeing all the posts?

Hi.

You're not banned. Nobody is banned. There are no filters. 

If you find a message in the archives 
(https://lists.cpunks.org/pipermail/cypherpunks/) but didn't get it:

1. first double-check your spam filters or similar...

2. then if it's still a mystery, let me know and I'll try to find signs of a 
bounced/rejected message in the server mail logs

It helps to have a specific message to look for, since the logs are very large.

Note that some list members cc or bcc their messages to cypherpunks, and some 
also respond to individuals with or without copying the list. So, there may be 
messages you don't see because they were not addressed to the list.

I hope this helps! The server we use seems to be reliable overall, and should 
not be taxed due to high list traffic, subscribe/unsubscribe, spam, etc.
  ~ Greg

> 
> Thanks!
> 
> Rooty

Re: Why starlink has still not yet allowed anonymous crypto prepaid accounts

[Greg Newby]

I've been on the Starlink waiting list since it opened for my area. I live too 
far north to receive service from the current constellation, and await 
deployment of the satellites that are more polar orbiting.

Wikipedia has a useful and fairly up-to-date article about Starlink. You can 
see live satellite location information here: https://satellitemap.space/#

The reason I'm writing is that Starlink requires you input your actual physical 
location, before you can get service. The antennas won't get service if they're 
not at that location.

This is the same approach that Hughsnet etc. use for geosynchroneous satellite 
Internet service: Your antenna will only receive in the location you subscribed 
for. (Yes, they have more expensive options for portability, also.)

Starlink has a new (rather expensive) RV service that is portable.

But for stationary service, which is all that was offered until recently, 
Starlink knows where you are (or at least, where your antenna is).

I'd say that this makes attempts to use Starlink anonymously rather 
ineffective, since Starlink, at least, knows your location.

I agree there should be opportunities for anonymous purchases and payments, but 
that would not be a great way of hiding from Starlink or anyone they choose to 
share their data with.

This doesn't seem much different than any other Internet subscriber system, 
regardless of whether you can pay or purchase anonymously: they know where you 
are, even if your subscription isn't in your name.
  ~ Greg


On Thu, May 26, 2022 at 04:33:10AM +, professor rat wrote:
> Hazarding a guess I would say Mollusk is set on Brinworld solutions and we 
> all just saw that confirmed in his Twitter machinations. He's now making 
> Zuckface look respectable!
> 
> I don't have to point out the earth-bound dangers of such a foolish policy 
> since this list has been analyzing them for decades now.
> States like fascist Russia, China and Iran must regard the Mollusk as a 
> Godsend.
> 
> What's new and adds an ever growing danger is the threat from potentially 
> hostile aliens.
> 
> The further out into space we go the more crypto-anarchist infrastructure 
> we'll need.
> 
> Hypothetically its not difficult to imagine an advanced civilization, or 
> federation, condemning us all on the basis of one human individual raping a 
> wilderness planet for no good reason.
> 
> The longer Mollusk ( and the NASA too btw ) carry on planning to violate the 
> Prime Directive the more danger we are all exposed to.
> 
> Fuck that for a joke - all wannabe Mars colonists have earned killing. 

Re: Aggressive List Unsubscription

[Greg Newby]

On Fri, May 13, 2022 at 06:11:37PM -0400, Karl Semich wrote:
> ...
> Is it difficult to verify that the unsubscription and resubscription
> processes of 0xl...@gmail.com today were normal?
> 
> With 0xloem, I posted no codes and did not find a farewell notice in my
> email, but my messages began bouncing until I resubscribed.

I didn't spot anything suspicious in today's logs. I will keep an eye out.

  ~ Greg

Re: Aggressive List Unsubscription

[Greg Newby]

Hi Karl.

When you get a confirmation code, it means that someone was able to forge your 
email (this is not hard to do).

If you post the confirmation code to the public cypherpunks list, then the same 
culprit just needs to send that confirmation code in another forged email.

So, you should not be posting those confirmation codes!

In order to get the confirmation code otherwise, someone would need to 
intercept your incoming email messages (or, perhaps, the outgoing messages from 
the list server). That is rather harder than forging an email.

  ~ Greg

On Fri, May 13, 2022 at 05:37:00PM -0400, Karl Semich wrote:
> >
> >
> >> When an address is unsubscribed, they get a goodbye email from the list
> >> software. Did that happen?
> >>
> >
> > I'm not seeing this.
> >
> 
> I ended up finding this for gmk...@gmail.com but not 0xl...@gmail.com .
> gmk...@gmail.com was unsubscribed by someone else at 1058-0500 today, after
> posting a partial unsub code publicly that I was surprised to receive,
> which would presumably have required brute forcing the server to use as it
> was missing trailing digits. 0xl...@gmail.com has bounce notices but no
> unsubscription notices, and did not receive nor share an unsub code that I
> saw.
> 
> It was a little surprising that the bounce notices come from
> cypherpunks-owner whereas the farewell messages come from
> cypherpunks-bounces.
> 
> >

Re: Aggressive List Unsubscription

[Greg Newby]

On Fri, May 13, 2022 at 02:39:58PM -0400, Undiscussed Horrific Abuse, One 
Victim of Many wrote:
> Hi,
> 
> Both my email addresses were unsubscribed from the mailing list.

Karl,

It wasn't me, and I didn't get a notification about it.

We've seen on the list that anyone can send a forged email to unsubscribe, but 
then a confirmation is required to actually unsubscribe.

Your email, gmk...@gmail.com, is still subscribed to the cypherpunks list. I 
just checked.

The unsub shenanigans are childish and annoying. I taught my students how to 
forge an email message in 1998, and of course forged emails are a big part of 
how spam gets around these days. I'm not impressed by people who are forging 
unsub emails to the list management software.

> I don't know whether it was on my end, or Greg's. Nor do I know
> whether it has happened to other people.

When an address is unsubscribed, they get a goodbye email from the list 
software. Did that happen?

  ~ Greg

Re: Fw: Mail delivery failed: returning message to sender

[Greg Newby]

On Thu, Apr 28, 2022 at 10:40:29PM +0200, revevil...@gmx.com wrote:
> > This message was created automatically by mail delivery software.
> >
> > A message that you sent could not be delivered to one or more of
> > its recipients. This is a permanent
> > The following address failed:
> >
> > ow...@lists.cpunks.org:
> > SMTP error from remote server for RCPT TO command, host: 
> > mail.pglaf.org (65.50.255.19) reason: 550 5.1.1 : 
> > Recipient address rejected:
> 
> 
> Why? No owner ?

cypherpunks-ow...@lists.cpunks.org is me.

There's no "owner@" address. That's not the standard that Mailman uses, since 
any given site might have many lists.

>From what you forwarded, it seems someone attempted shenanigans, but didn't 
>succeed. There's not much that can be done about this, since it seems the 
>Mailman software is performing as intended.

  ~ Greg

Hackers On Planet Earth (HOPE) call for participation

[Greg Newby]

Hackers On Planet Earth (HOPE) for 2022 is "A New HOPE." It will take
place in person from July 22-24 on the campus of St. John's University
in Queens, New York.

Proposals for talks, workshops, performances, and vendors are now
being accepted. Details are at https://www.hope.net

  ~ Greg
  

Re: cypherpunks list archive / cpunks.org archive at archive.org

[Greg Newby]

Note, there are already public archives here:
  https://lists.cpunks.org/mailman/listinfo

This includes .mbox files.

TIA is also making periodic wayback copies:
  https://web.archive.org/web/2021010100*/https://lists.cpunks.org/

It's super to make an additional copy!
  Greg


On Mon, Jul 26, 2021 at 09:57:42PM +, coderman wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> 
> i promised Karl i'd archive the cypherpunks list so he's
> always got a written record to refer to, if desired.
> 
> in that vein, i have started an Internet Archive for cpunks:
>   https://archive.org/details/cpunks-archive
> 
> i'll update month by month, as long as i'm able.
> 
> 
> best regards,
> 
> -BEGIN PGP SIGNATURE-
> 
> iNUEAREKAH0WIQRBwSuMMH1+IZiqV4FlqEfnwrk4DAUCYP8vQl8UgAAuAChp
> c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0NDFD
> MTJCOEMzMDdEN0UyMTk4QUE1NzgxNjVBODQ3RTdDMkI5MzgwQwAKCRBlqEfnwrk4
> DHQOAP4uiLAXpjB5ai1u4aJJXTrkSZTR04xGt4upNVIRsMGGWAEAiqAT1OUZlm9g
> bDtItkLc140M2kEhJ3eWEVAm4lLZRYU=
> =z0fI
> -END PGP SIGNATURE-

Re: Remailers

[Greg Newby]

On Fri, Jun 11, 2021 at 02:18:00PM -0400, Karl Semich wrote:
> >
> > That's referring to having multiple mailing lists linked together for
> > the cypherpunks list. Basically, you would mail one address and it would
> > mail the other mailing lists, sort of like an old school FidoNet
> > echomail board if you remember that.
> >
> 
> I probably used fidonet and didn't realise what it was.  I was pretty young
> when I dialed in to bbs's.
> 
> Regarding CDR, I found https://web.jfet.org/cpunk/howto.html .  It vaguely
> sounds to me like a CDR system could be revived by adding X-Loop header
> support to mailman.  Not sure.
> 
> >

Mechanisms for linking together multiple lists, whether or not they are all 
using Mailman, are fairly well understood.

In the case of Cypherpunks, the CDR description you found worked pretty well, 
as I recall (as a subscriber, not a list administrator at that time).

If you are keen to restart remailers for Cypherpunks, probably you'll need to 
give thought to who, what, where, why? ("How" is important, but not that hard.)

I think it would be valuable to have one or two remailers, with slightly 
different policies and technologies, simply to enhance the list resilience in 
the event of a failure on our (current) single node. It's only valuable if 
someone else actually runs the thing, and it's even more valuable if it is 
substantially different (different physical location, different software, etc.).
  ~ Greg

Re: Fwd: Issue 18655016: Server involved in fraud at 65.50.255.19

[Greg Newby]

Netcraft says, "Never mind."
  ~ Greg

> Date: Wed, 2 Jun 2021 10:23:15 +0100
> From: Netcraft Takedown Service 
> To: ab...@pglaf.org
> Subject: Issue 18655016: Server involved in fraud at 65.50.255.19
> 
> Hello,
> 
> We have discovered an email server on your network that is sending e-mail 
> messages that are attempting to extort users.
> 
> The server has the IP address 65.50.255.19.
> ...
--- Begin Message ---
Dear Sir or Madam,

We recently sent you an email informing you of an attack at:

65.50.255.19

This email was sent in error, please ignore the request to take down the page.

Regards,

Netcraft

Phone: +44(0)1225 447500
Fax: +44(0)1225 448600
Netcraft Issue Number: 18655016

To contact us about updates regarding this attack, please respond to this 
email. Please note: replies to this address will be logged, but aren't always 
read. If you believe you have received this email in error, or you require 
further support, please contact: taked...@netcraft.com.
--- End Message ---

The Gentleperson's Guide To Forum Spies (spooks, feds, etc.)

[Greg Newby]

John,

On Tue, May 25, 2021 at 07:30:06PM -0400, John Young wrote:
> Greg, these complaints seem to fit the disruptive practices of attackers 
> described here:
> 
> https://cryptome.org/2012/07/gent-forum-spies.htm
> 
> Maybe coincidental but not the first to aim at messing with the list. Other 
> lists have been wiped out with endless bitches, accusations, demand for 
> attention.

Of possible interest, here is an extract from a WWII-era field manual on 
sabotage. It highlights a variety of mechanisms to monkey-wrench organizations:


Techniques for General Interference with Organizations and Production.

Extracted from Project Gutenberg's eBook #26184 
(https://www.gutenberg.org/ebooks/26184).

SIMPLE SABOTAGE FIELD MANUAL STRATEGIC SERVICES FIELD MANUAL No. 3

(11) General Interference with Organizations and Production

(a) Organizations and Conferences (1) Insist on doing everything through 
"channels." Never permit short-cuts to be taken in order to expedite decisions.

(2) Make "speeches." Talk as frequently as possible and at great length. 
Illustrate your "points" by long anecdotes and accounts of personal 
experiences. Never hesitate to make a few appropriate "patriotic" comments.

(3) When possible, refer all matters to committees, for "further study and 
consideration." Attempt to make the committees as large as possible -- never 
less than five.

(4) Bring up irrelevant issues as frequently as possible.

(5) Haggle over precise wordings of communications, minutes, resolutions.

(6) Refer back to matters decided upon at the last meeting and attempt to 
re-open the question of the advisability of that decision.

(7) Advocate "caution." Be "reasonable" and urge your fellow-conferees to be 
"reasonable" and avoid haste which might result in embarrassments or 
difficulties later on.

(8) Be worried about the propriety of any decision -- raise the question of 
whether such action as is contemplated lies within the jurisdiction of the 
group or whether it might conflict with the policy of some higher echelon.

(b) Managers and Supervisors

(1) Demand written orders.

(2) "Misunderstand" orders. Ask endless questions or engage in long 
correspondence about such orders. Quibble over them when you can.

(3) Do everything possible to delay the delivery of orders. Even though parts 
of an order may be ready beforehand, don't deliver it until it is completely 
ready.

(4) Don't order new working materials until your current stocks have been 
virtually exhausted, so that the slightest delay in filling your order will 
mean a shutdown.

(5) Order high-quality materials which are hard to get. If you don't get them 
argue about it. Warn that inferior materials will mean inferior work.

(6) In making work assignments, always sign out the unimportant jobs first. See 
that the important jobs are assigned to inefficient workers of poor machines.

(7) Insist on perfect work in relatively unimportant products; send back for 
refinishing those which have the least flaw. Approve other defective parts 
whose flaws are not visible to the naked eye.

(8) Make mistakes in routing so that parts and materials will be sent to the 
wrong place in the plant.

(9) When training new workers, give incomplete or misleading instructions.

(10) To lower morale and with it, production, be pleasant to inefficient 
workers; give them undeserved promotions. Discriminate against efficient 
workers; complain unjustly about their work.

(11) Hold conferences when there is more critical work to be done.

(12) Multiply paper work in plausible ways.  Start duplicate files.

(13) Multiply the procedures and clearances involved in issuing instructions, 
pay checks, and so on. See that three people have to approve everything where 
one would do.

(14) Apply all regulations to the last letter.

(c) Office Workers

(1) Make mistakes in quantities of material when you are copying orders. 
Confuse similar names. Use wrong addresses.

(2) Prolong correspondence with government bureaus.

(3) Misfile essential documents.

(4) In making carbon copies, make one too few, so that an extra copying job 
will have to be done.

(5) Tell important callers the boss is busy or talking on another telephone.

(6) Hold up mail until the next collection.

(7) Spread disturbing rumors that sound like inside dope.

(d) Employees

(1) Work slowly. Think out ways to increase the number of movements necessary 
on your job: use a light hammer instead of a heavy one, try to make a small 
wrench do when a big one is necessary, use little force where considerable 
force is needed, and so on.

(2) Contrive as many interruptions to your work as you can: when changing the 
material on which you are working, as you would on a lathe or punch, take 
needless time to do it. If you are cutting, shaping or doing other measured 
work, measure dimensions twice as often as you need to. When you go to the 
lavatory, spend a longer time there than is necessary.

Forget tools so that you 

Population estimates from samples

[Greg Newby]

Karl had been asking about how to estimate population statistics from a sample.

I came across a fascinating approach to this, called bootstrapping or the 
bootstrap method. I learned about this an EdX data science course offered by 
Berkeley.

The method is described in the course's free online textbook:
  https://inferentialthinking.com/chapters/13/2/Bootstrap.html

This method makes some assumptions, including that your sample is reasonably 
large, and that the population distribution is approximately normal.

The basic approach is to take your sample, and then randomly re-sample from the 
sample. This lets you build up a probability distribution of samples which, in 
turn, is representative of the population.

The text includes some worked examples. The course uses Python (Jupyter 
notebooks) and a computational framework based on Pandas.

The course sequence: 
https://www.edx.org/professional-certificate/berkeleyx-foundations-of-data-science

It's the second course, "Inferential thinking through simulations," which 
introduces and builds on the bootstrap concept. Lots of the materials are free 
- including the computational framework and examples. I'm not sure whether you 
can audit the (self-paced) course for free.

I found the bootstrap method to be very interesting. It is not something that 
came up in my many grad and undergrad statistics courses or other research 
methods (maybe it emerged since I was a university student).

I hope this helps.
  Greg

List brief outage; returned

[Greg Newby]

Apologies to everyone who got a bounce notification or message that your 
subscription to cypherpunks was disabled.

In pursuit of the problems reported in the past few days, I had made a change 
to the email settings that broke a few things. I've now fixed this, I think.

I've also reset the Mailman "bounce" score and temporarily turned off bounce 
processing.

So, you do NOT need to worry about "confirming" your subscription if you got a 
message from Mailman about this, or about otherwise dealing with bounces. 
Confirming won't hurt anything, though, if you already did.

Sorry for disrupting things. In case you are uncertain whether a message you 
sent was posted, you can check the archives here:
  https://lists.cpunks.org/pipermail/cypherpunks/2021-May/date.html

Best,
  Greg
  

Re: List Status

[Greg Newby]

(I'm cc'ing Karl & grarpamp directly, also)

I just made a small tweak to the outbound mail settings, and also subscribed my 
own gmail account to see whether I can replicate the situation.

I confirmed that messages are in fact being delivered to the @gmail addresses 
(no bounces). So, it's a mystery why they are not showing up in your inbox.

If this is impacting other cypherpunks users in gmail domains, they might 
simply think the list has suddenly gone quiet.

Let's keep pursuing this. It shouldn't be happening.

Sorry that list administrivia needs to be discussed on the list :(
  Greg


On Thu, May 27, 2021 at 05:16:59AM -0400, grarpamp wrote:
> I'm not receiving messages from the
> listserv to gmail. People post them since
> they appear in archives, but after that
> the listserv to gmail function appears broken.
> I don't think any of the 'List Status' thread,
> made it to my gmail box. Same for a bunch
> more posts that I now discovered in the archives.
> 
> However, unsubscribe and subscribe works,
> so that part of the queue/delivery is still ok,
> even those those management messages
> all got spamfoldered by gmail. There are no
> user defined filters here.
> 
> I don't know if anyone is seeing my messages
> to the list.
> 
> I would generally check the listservs outbound
> mail queues for excess spooling to gmail, and
> specifically verify that some of the message-ids
> got 'accepted' by gmail service from cpunks,
> such as...
> 
> 1105930251.4796.1621985406...@wamui-dingo.atl.sa.earthlink.net
> 732012978.354083.1622093972...@mail.yahoo.com

Fwd: cypherpunks post acknowledgement

[Greg Newby]

Karl, others: You can change your list settings to get a message like the 
following, any time you post to the list.

If you are concerned your messages are not going through, this is an easy way 
to get confirmation per-message. You just need to turn on "Receive 
acknowledgement mail when you send mail to the list" via your settings screen 
at https://lists.cpunks.org/

If you don't know your list password, you can reset it there.
  ~ Greg
  
--- Begin Message ---
Your message entitled

Re: List Status

was successfully received by the cypherpunks mailing list.

List info page: https://lists.cpunks.org/mailman/listinfo/cypherpunks
Your preferences: 
https://lists.cpunks.org/mailman/options/cypherpunks/gbnewby%40pglaf.org
--- End Message ---

Re: List Status

[Greg Newby]

On Tue, May 25, 2021 at 02:04:58PM -0300, juan wrote:
> On Tue, 25 May 2021 09:48:20 -0700
> Greg Newby  wrote:
> 
> > 
> > None of this is nefarious or specific to cpunks. Other than the change 
> > mentioned to remove the blacklists from Spamassassin, all of this stuff is 
> > out-of-the-box with Ubuntu.
> 
> 
>   Well, out-of-the-box ubuntu censors cock.li, which I would describe as 
> nefarious. And it means that bona fide users of ubuntu end up unwillingly 
> censoring cock.li. Which looks nefarious to me as well =P

I don't think that's accurate, otherwise the censorship would have been 
happening earlier.

The mechanism that blocked the cock.li domain is the blacklist.

Spamassassin is a separate project than Ubuntu, which loads the blacklists by 
default.

The blacklists are, in turn, separate projects.

Personally, as mentioned earlier, I am not a fan of blacklists. They are too 
easy to get on, and too difficult to get off of. They seem to have close to no 
ability to respond to reports of false positives (i.e., when a domain ends up 
on a blacklist, but should not be).

Good riddance to the blacklists for the cpunks list!
  ~ Greg

Re: List Status

[Greg Newby]

On Tue, May 25, 2021 at 01:10:50PM -0400, Karl wrote:
> On 5/25/21, Greg Newby  wrote:
> > Hi, Karl. The list was a bit quiet yesterday. Perhaps cpunks were outside in
> > the Big Blue, or otherwise engaged. I sent a note that you should have
> > received.
> 
> I found it (but never received it):
> https://lists.cpunks.org/pipermail/cypherpunks/2021-May/087696.html
> 
> Guess it's an issue with me receiving things via gmail.

The Gmail filter that Tom suggested might help.

As mentioned, I can try to diagnose messages that don't go through, but it's 
tough to do unless I know the specific message in question, and when it's sent. 
This is because we get around 1M lines/day in the mail log, invariably 
including multiple similar messages to the cypherpunks subscriber list.

Yes, I realize it's hard to know when a message does NOT arrive, unless you are 
watching the archive at the same time as you are watching your inbox.

More:

> > On Tue, May 25, 2021 at 12:11:26PM -0400, Karl wrote:
> >> Hey Greg,
> >>
> >> Can you confirm that people _subscribed_ to the list experience a spam
> >> filter now?  I thought my emails were getting spammed due to not being
> >> subscribed, but it turns out this address is, actually, subscribed; I
> >> was told this when I attempted subscribing.
> >
> > Yes, there are a few standard spam filters and related mechanisms on the
> > server. This includes Spamassassin, DKIM, SPF, and DMARC. These have been in
> > place since the list moved to pglaf.org a few years ago.
> 
> When you said "Any subscriber email address can post anything" at
> https://lists.cpunks.org/pipermail/cypherpunks/2021-May/087482.html I
> thought you meant that there as no spam filtering of subscribed posts.
> I infer I misunderstood.

I over-generalized. It's true if the spam filtering doesn't reject it, or 
another failure condition, like temporary network outages. Or exceeding the max 
message size (I think it's 20M).

What I really meant not "can post" but "is permitted to post." Or, "is not 
restricted from posting based on topic etc." More simply stated, there's no 
moderation of list traffic, other than the types of automation that Mailman 
(the list manager software), Postfix (the message transfer agent) or related 
elements of the email stack apply.

> My perception of cypherpunks has been of a list where no posts are
> censored, it being up to the users to filter their mails.  Do you have
> a memory of this?

Sure (I've been on the list since the year 2000 or so). One way this used to be 
handled was with remailers. Some remailers were completely unfiltered - for 
example, they would accept random SMTP connections to port 25 and not do any 
checks that the email headers were valid or accurate.

John Gilmore's toad.com was canonical for this, but not the only member of the 
remailer circle. Subscribers would choose a remailer to subscribe to. In 
addition to choosing a level of comfort for spam and some noisier subscribers, 
the remailer system made cypherpunks more resistant to state-level shutdowns. 
(It didn't make it less susceptible to surveillance, particullarly, and it also 
made the whole system more prone to various problems like delivery failure and 
message loops.)

There were other remailers that had different procedures (i.e., stricter), 
which translated into less spam (in the "unsolicited commercial email" sense). 
For awhile, there was at least one moderated remailer where a human tried to 
only let the "good" stuff through. 

Today, the cypherpunks list doesn't have anyone doing censorship. However, it 
does use a set of standard mechanisms for limiting abuse. I already mentioned 
Spamassassin (one of many, many spam filters), and the trio of standards: 
DMARC, DKIM and SPF.

In addition, the server enables TLS and a few other things to make it more 
difficult to spoof someone else's email address (i.e., to send email as 
bill.ga...@microsoft.com or somesuch; or email the cypherpunks list claiming to 
be a subscriber -- a common way, in olden times, of sending spam or of 
impersonating someone else).

A less restricted remailer is definitely still possible, and could interoperate 
alongside the current system, just like remailers used to interoperate. Someone 
(not me) would need to set that up.

> > I have not observed any messages from you that were flagged as spam or
> > rejected.
> 
> Do you receive this link to a message of mine that was rejected?
> https://lists.cpunks.org/pipermail/cypherpunks/2021-May/087594.html

Dunno - I don't keep copies of most individual messages to the list.

> > If you are seeing other people's messages in the list archive, but not
> > getting them in your inbox, the first thing to check is your Gmail Spam
> 

Re: List Status

[Greg Newby]

Hi, Karl. The list was a bit quiet yesterday. Perhaps cpunks were outside in 
the Big Blue, or otherwise engaged. I sent a note that you should have received.

On Tue, May 25, 2021 at 12:11:26PM -0400, Karl wrote:
> Hey Greg,
> 
> Can you confirm that people _subscribed_ to the list experience a spam
> filter now?  I thought my emails were getting spammed due to not being
> subscribed, but it turns out this address is, actually, subscribed; I
> was told this when I attempted subscribing.

Yes, there are a few standard spam filters and related mechanisms on the 
server. This includes Spamassassin, DKIM, SPF, and DMARC. These have been in 
place since the list moved to pglaf.org a few years ago.

Just in the past days, in Spamassassin, I turned off use of the blacklists, 
since they have occasionally been problematic.

I have not observed any messages from you that were flagged as spam or rejected.

However, sometimes messages are rejected before they get to the list or to me - 
if this happens to you, then (a) you will get a bounce from the pglaf.org 
(a.k.a., cpunks.org) server, and (b) the message won't go into the archive.

None of this is nefarious or specific to cpunks. Other than the change 
mentioned to remove the blacklists from Spamassassin, all of this stuff is 
out-of-the-box with Ubuntu.

> 
> In other news, I haven't been receiving mails from the list recently
> (recent mails in the archive aren't in my inbox yet), not sure if it
> matters.

Yes, you are subscribed. Only subscribers can submit, and your messages are 
going through and in the archive. If you are not certain whether your message 
went to the list, first check the archive via https://lists.cpunks.org (no 
login required). 

If you are not getting copies of your own messages, there is a setting for this 
that everyone can select for their own subscription. Use the web interface at 
https://lists.cpunks.org to login to the list and see your settings.

You can opt to get a copy of your own messages, and you can also get an "ack" 
email message when your message was posted. The default is to *not* get a copy 
of your own messages, and to *not* get an acknowledgment. 

HOWEVER, gmail absolutely positively will not show you a copy of your own 
message!! Even if you set the list (via Mailman) to send you a copy. It will 
silently discard it or otherwise mask it. This is a gmail thing that is 
well-known and does not have a workaround that I've heard about.

If you are seeing other people's messages in the list archive, but not getting 
them in your inbox, the first thing to check is your Gmail Spam folder. If 
messages still don't arrive within a few minutes, send me details and I can 
check the server logs to see whether delivery was attempted and what happened.

   Greg

Re: more email blocking/censorship.

[Greg Newby]

I adjusted spamassassin to no longer utilize the blacklists.

It seems to have worked, since spam in my regular inbox is up by around 300% 
this morning. It will be good to see whether email from the blacklisted domains 
can now get through to cypherpunks@lists.cpunks.org

  ~ Greg


On Sun, May 23, 2021 at 03:40:28PM -0300, juan wrote:
> 
> 
> joogle blocking cock.li 
>  
> > >   First time for me. I don't think it ever happened since I started using 
> > > it
> > > ~2.5 years ago.
> > 
> > About 8 months ago, didn't yet test the problem further.
> 
>   I must have missed it. 
> 
> 
> > >kinda looks like there is one 'shared' blocking list and it's 
> > > being used by pg's spam filter, it's being used by google, and...the rest 
> > > of the arpanet prolly.
> > 
> > The insane rabid censors who concocted such anti-spam
> > measures as blocklists always said "If we can just get
> > every operator using this...".
> 
> 
>   yeah. Well I assume that google wasn't invited to the list, but is the 
> entity that created the list, that spamhaus garbage being a proxy of theirs 
> or a close accomplice, whatever. 
> 
> 
> > 
> > Whether shared or not, freespeech, and freedom, is still
> > fucked by their tech. Of course now the tech for fucking
> > human freedom over is far more advanced, widespread,
> > and levied against all you humans with impunity by
> > such grand high powers.
> 
> 
>   Well in the case of the cpunks list, I hope Greg will tune the server 
> so that it stops wrongly flagging traffic from one the last, few, independent 
> email providers as 'spam'. 
> 
> 
> 
> 
> 

Karl's [spam] (Re: *SPAM* Filter borked,)

[Greg Newby]

I updated the Subject line and broke the thread for the below:

On Thu, May 20, 2021 at 07:28:12PM -0400, Karl wrote:
> Hey Greg,
> 
> > Personally, I don't think this is necessary. The nature of the cypherpunks
> > list is that people offer their thoughts, knowledge, links, criticism, etc.
> > Your contributions are generally on-topic for the list, so I don't think
> > there's a reason to downplay yourself.
> 
> Are you receiving what I'm writing?

Yes.

> What do you think of this?
> > [spam][spam] i tied myself to a table leg again and i want to talk about 
> > how boss's striatum
> > wire just feels _so_ _great!_  be scared and aggressive around people 
> > different from you!
> > if i sell you some spam, will you let me buy some of yours? [spam][spam]

I think it was off the general list topics. As in, not very related to the 
cryptoanarchist topics we're allegedly here for.

However, I didn't think it was spam. Maybe that's just me: SPAM is more or less 
equivalent, in my mind, to unsolicited commercial email (UCE). We barely get 
any of that on the cypherpunks list.

BTW, the old archives at https://lists.cpunks.org are filled with UCE. 

> Compared to this?
> > Hey does anybody have any tips on learning rust on an airgapped machine?  
> > Cargo just
> > keep frustrating me so much.  Is there a crate mirror anywhere?  If I made 
> > one, would
> > anybody else use it?

I found the discussion about whether rusted iron filings are magnetic to be 
completely within bounds for the cypherpunks list. Again, that's just my 
opinion.

> >>If you are truly posting something that is off-topic, then an "[offtopic]"
> >Iindicator or similar might be a good way to indicate that.
> 
> I can maybe switch to thatt change what I was expressing but my input dialog box is moving my
> cursor all around and it is very hard to navigate, so sending as is.
> sorry about this.[spam]> honestly I was "trained" to disrupt
> communities like this and I want to give people a clear way to protect
> themselves from that disruption a little., when I can figure it out.
> at all.

Without trying to speak for anyone but myself: Do as you please with the 
subject headings. I was merely suggesting that the [spam] tag probably isn't 
needed, in my view.

Trying to disrupt cypherpunks is sort of a cottage industry around here. When 
disruption is the norm, it makes disruption tougher to do!
  Greg
  

Re: List Messages Being Disrupted

[Greg Newby]

Hi, Karl. We do have a system-wide spam filter, but no specific filtering for 
the cpunks list. For example, no blacklists of who can subscribe. Any 
subscriber email address can post anything. Modulo that standard anti-spoofing 
mechanisms (mainly SPF) may cause rejection of a post if it seems to come from 
a spoofed email address. 

I also noticed that the filter generated a false positive, as you see below.

This seems to be a very infrequent occurrence. I could probably figure out how 
to tune down the spam filter, if such "false positives" were a major 
distraction. It didn't bother me very much, since indeed the flagged message 
was rather spammy.

Best regards to all,
  Greg (your current cpunks list maintainer)


On Thu, May 06, 2021 at 06:09:58AM -0400, Karl wrote:
> To me the email at
> https://lists.cpunks.org/pipermail/cypherpunks/2021-April/087371.html
> indicates that messages are likely being disrupted somehow.
> 
> To me, it does not really show whether that is happening at pglaf, an isp
> or government, or the behavior of the poster of the message.
> 
> I have heard others (James) complain of spam bouncing on this list.  I have
> never received a spam bounce myself.  I thought Greg stated some months ago
> that there was no spam filter on the host.
> 
> The message would be _far_ more credible if it contained an actual raw copy
> of the bounce email attached.  But it still looks incredibly credible.
> 
> The correct solution here is cryptographic message delivery.  It is clear
> the people running this list are being harmed, that there is no easy way,
> already, to prove what actually happened around that spam bounce.

Re: [broadcast] Please collect proof and logs that our communications are altered in transit, so that hackers will resolve the situation

[Greg Newby]

On Fri, Jan 08, 2021 at 10:25:53PM +, coderman wrote:
> ‐‐‐ Original Message ‐‐‐
> On Friday, January 8, 2021 8:01 PM, Karl  wrote:
> ...
> 
> (but running your own mail servers sucks for many other reasons...)

Yes. Yes, it does.
 - Greg
 

Re: List Issues

[Greg Newby]

It turned out the server needed a reboot.

If you didn't get a bounce from a message you sent, probably it will eventually 
get delivered. The mail transport agents try to deliver, and upon failure will 
leave a message queued - usually for a few days.

If you sent a message and it's not delivered within around 4 hours (i.e., 2pm 
US EST), you could resend. We'll need to try not to get confused if some 
messages are then sent multiple times.

Apologies for the outage... it started around 5pm US EST Thursday.
 - Greg

On Sat, Jan 09, 2021 at 10:24:33AM -0500, Karl wrote:
> Hi Greg,
> 
> A number of us had messages blackholed when sent to the list
> yesterday.  Zenaan's today is the first to get through.
> 
> Here's one of the messages that disappeared, attached.
> 
> Do you know what happened?

> MIME-Version: 1.0
> Received: by 2002:a2e:9b13:0:0:0:0:0 with HTTP; Fri, 8 Jan 2021 19:06:53 
> -0800 (PST)
> Date: Fri, 8 Jan 2021 22:06:53 -0500
> Delivered-To: gmk...@gmail.com
> Message-ID: 
> 
> Subject: Fwd: WKD for github.io
> From: Karl 
> To: cypherpunks 
> Cc: spam.trap.mailing.li...@gmail.com
> Content-Type: multipart/mixed; boundary="fd704c05b86ef6b2"
> 
> --fd704c05b86ef6b2
> Content-Type: text/plain; charset="UTF-8"
> 
> On Sat, Jan 9, 2021 at 3:12 AM Stefan Claas
>  wrote:
> > Hi all,
> >
> > for those who use the latest gpg4win or GnuPG I tried to set-up
> > for my GitHub account a github-page, which allows me in the
> > future to host static web-content via GitHub.
> >
> > I noodled a bit around to set-up WKD for GnuPG usage, but
> > unfortunately GnuPG (tested gpg4win and GnuPG under Debian)
> > does not allow yet to fetch pub keys from github.io sites,
> > due to cert erros, but I tested it with an older version
> > of sequoia-pgp and with sq fetching via WKD works! :-)
> >
> > Here is the thread you might like to read (and follow later ...):
> >
> > 
> >
> > Regards
> > Stefan
> 
> --fd704c05b86ef6b2
> Content-Type: text/plain; charset="US-ASCII"; name="Can you do me a favor, 
> please_.eml"
> Content-Disposition: attachment; 
>   filename="Can you do me a favor, please_.eml"
> Content-Transfer-Encoding: base64
> X-Attachment-Id: file1
> 
> RGVsaXZlcmVkLVRvOiBnbWthcmxAZ21haWwuY29tDQpSZWNlaXZlZDogYnkgMjAwMjphMmU6Yjgx
> NjowOjA6MDowOjAgd2l0aCBTTVRQIGlkIHUyMmNzcDk0MzUwMGxqbzsNCiAgICAgICAgRnJpLCA4
> IEphbiAyMDIxIDE4OjE0OjUwIC0wODAwIChQU1QpDQpYLVJlY2VpdmVkOiBieSAyMDAyOmExYzoy
> N2MzOjogd2l0aCBTTVRQIGlkIG4xODZtcjU0MzExNzB3bW4uOTYuMTYxMDE1ODQ4OTk3MzsNCiAg
> ICAgICAgRnJpLCAwOCBKYW4gMjAyMSAxODoxNDo0OSAtMDgwMCAoUFNUKQ0KQVJDLVNlYWw6IGk9
> MTsgYT1yc2Etc2hhMjU2OyB0PTE2MTAxNTg0ODk7IGN2PW5vbmU7DQogICAgICAgIGQ9Z29vZ2xl
> LmNvbTsgcz1hcmMtMjAxNjA4MTY7DQogICAgICAgIGI9WmRrS2ZFYnczZWl1N0ZzVFJrOEtCT2d6
> S2I0eTkwNnRFS2xZRDZiL3BDalBZQXFqVXpRUHI2QkhqZk1JUXJUeGxPDQogICAgICAgICAyZXFa
> cGE0NVNSZisrOGJ3QTh0dDV0RXV2SVA5eFBjeVdMdW1semZVLzBZOEhndmxOSjZ1V1I5MnpBN1FR
> b0RUWTcyYQ0KICAgICAgICAgelY5U3RqMUVLTTVqKzRKa2FnVFB3eFNPZGFrODkybVVYOHlibVE2
> RzZzT20ydXQyUDViQnhON2VzWVlCZzJQbDU3V3ANCiAgICAgICAgIDdsMmVyd2RGSVVPZjNNb3BQ
> SHdHcEMrVE1pNnA4VW80V2hyTmp3Y1J5c2ZodUpjMDhOb2RRVTZSZlNWSWw4eE9meWRzDQogICAg
> ICAgICBzaGxBVEVEWlZUOFR6clczN25iNW5iR2xHSUJucWJNRTZHQW1xUzRJbi83VUMzQmNOYVBx
> dzRGd2RlcXhZMkNqQlRObw0KICAgICAgICAgTUxRdz09DQpBUkMtTWVzc2FnZS1TaWduYXR1cmU6
> IGk9MTsgYT1yc2Etc2hhMjU2OyBjPXJlbGF4ZWQvcmVsYXhlZDsgZD1nb29nbGUuY29tOyBzPWFy
> Yy0yMDE2MDgxNjsNCiAgICAgICAgaD10bzpzdWJqZWN0Om1lc3NhZ2UtaWQ6ZGF0ZTpmcm9tOm1p
> bWUtdmVyc2lvbjpka2ltLXNpZ25hdHVyZTsNCiAgICAgICAgYmg9U1l5N1FFU2dJR003cVIxeDY0
> UWY0eXhaczY5anR3NXp3VW5FRy91ZmZCcz07DQogICAgICAgIGI9SHQ4Q1huL2pMMXVXalJuUXd1
> WHF0QVdackt0UXcxaUt5WVZNOUFBRncxYVNpbTFDNmllYThkQVZHTlBSM2RUT21oDQogICAgICAg
> ICBjY0lvVVN5UERBbVlWTmFKanlwQkJhbWxEaXY4Mko5S3pDQmxmUXhpdk9TWk11clhxc1V0SlFW
> cEZYeVNzcStyR2hBVw0KICAgICAgICAgK0IvajFFcVZvMWQ0WVZyOUNESElIRU5MSHFuWlhZQVZm
> bEJLNkFQQ1ppTnhtNFVhcUM1RGpFUDJpRFUyQ0ZWS2dMcFoNCiAgICAgICAgIGtqakc2SmxlU0xw
> NVJ4Vkt3NDlDbk80RXZiZDFWazVubHZ6NlBNYVBtMWgxTjJCdmVWRGVpRFE5MC9wVlpwZ09tdWNt
> DQogICAgICAgICBDWXVnUE1uTVdFOXVLMDRhbmJrczdhY0xFbU5hNjJZd1k2NGlCTWRsTUNuaDZP
> WGI5Y3REWVhTTXhiNytpR2RBNWJ2MQ0KICAgICAgICAga3R3QT09DQpBUkMtQXV0aGVudGljYXRp
> b24tUmVzdWx0czogaT0xOyBteC5nb29nbGUuY29tOw0KICAgICAgIGRraW09cGFzcyBoZWFkZXIu
> aT1AZ21haWwuY29tIGhlYWRlci5zPTIwMTYxMDI1IGhlYWRlci5iPVZleWR0Y3dMOw0KICAgICAg
> IHNwZj1wYXNzIChnb29nbGUuY29tOiBkb21haW4gb2Ygc3BhbS50cmFwLm1haWxpbmcubGlzdHNA
> Z21haWwuY29tIGRlc2lnbmF0ZXMgMjA5Ljg1LjIyMC40MSBhcyBwZXJtaXR0ZWQgc2VuZGVyKSBz
> bXRwLm1haWxmcm9tPXNwYW0udHJhcC5tYWlsaW5nLmxpc3RzQGdtYWlsLmNvbTsNCiAgICAgICBk
> bWFyYz1wYXNzIChwPU5PTkUgc3A9UVVBUkFOVElORSBkaXM9Tk9ORSkgaGVhZGVyLmZyb209Z21h
> aWwuY29tDQpSZXR1cm4tUGF0aDogPHNwYW0udHJhcC5tYWlsaW5nLmxpc3RzQGdtYWlsLmNvbT4N
> ClJlY2VpdmVkOiBmcm9tIG1haWwtc29yLWY0MS5nb29nbGUuY29tIChtYWlsLXNvci1mNDEuZ29v
> Z2xlLmNvbS4gWzIwOS44NS4yMjAuNDFdKQ0KICAgICAgICBieSBteC5nb29nbGUuY29tIHdpdGgg
> 

List administrivia: some emails are not getting through to subscribers

[Greg Newby]

Hi, folks. Here is FYI concerning email delivery failures for cypherpunks:

Since the afternoon (PST) of December 23, an issue with the upstream network 
provider's DNS has evidently caused some list recipients to not get messages.

The issue is that the recipient's email provider rejects messages from 
lists.cpunks.org (a.k.a., pglaf.org) due to there being no PTR record in the 
DNS. PTR is also known as reverse DNS, and is one of the ways that network 
providers try to mitigate spam.

In fact there is a valid PTR. A command like "dig -x 65.50.255.19" shows this.

But some providers are getting NXDOMAIN when they look up the PTR, which means 
the query is rejected from the network provider that holds the IPv4 address 
space.

This issue is now escalated with our hosting provider, and they need to bring 
it to their network provider. I hope it will be addressed soon.

Meanwhile, some subscribers will not be getting messages. Or, perhaps, only 
getting some messages. The list archives, at https://lists.cpunks.org, are 
where you can find all the messages to the list.

This does not seem to impact incoming messages: any subscriber may post, as 
usual. But list messages going *to* subscribers might not be received 
(including this one).

Some messages might eventually be delivered if the issue is fixed soon, but 
many will bounce and will not be delivered. So far, mailman has not 
automatically unsubscribed anyone due to these delivery failures, and I've 
twiddled the server setting to try to prevent any auto-unsubscriptions.

Apologies for this problem. If you receive this message, and seem to be 
receiving all messages, then the issue is probably not impacting your email 
service provider.

If you didn't get this message but see it in the archive, I hope this 
explanation is helpful. I would be interested to hear from anyone who is 
getting some, but not all messages - that might help to narrow in on what part 
of the upstream network provider's systems are failing.

Best regards to all,
  Greg (your current cypherpunks list maintainer)

Re: Contact

[Greg Newby]

On Thu, Jun 25, 2020 at 09:45:28PM -0400, Karl wrote:
> On Wed, Jun 24, 2020, 9:03 PM Greg Newby  wrote:
> 
> > On Wed, Jun 24, 2020 at 08:35:31PM -0400, Karl wrote:
> > > Cpunks,
> > >
> > > Many accounts were recently disabled from this list.  I just discovered
> > the
> > > situation myself and re-enabled my account.  Is the list administrator
> > able
> > > to bulk re-enable the accounts of everybody else affected, to undo this
> > > accidental censorship?
> >
> > Accidental indeed! You are right, Karl, that many had mail messages
> > disabled.
> >
> > No doubt due to my misconfiguration a week ago...
> >
> > I've now reset ALL the mailman "bounce scores," so hopefully people are
> > getting this message even if they were temporarily held. Sorry I didn't see
> > this problem earlier - I don't have mailman set to send notifications when
> > a bouncing address' email is temporarily disabled.
> >
> 
> Greg, thank you.
> 
> I'm afraid I've never administered mailman myself before: could you confirm
> that resetting the bounce scores also re-enables the accounts?

Yes, that's what it does. Or is supposed to do.

> The list sent me a notification that I was required to manually re-enable
> my account for me to receive email from it again, and I don't know whether
> you've experienced or dealt with this before yourself.

Do you mean, AFTER I sent my note above? Or before? The fix I applied was 
supposed to reset everyone, so nobody needs to manually reset.

Perhaps I didn't do what I thought, but it looked like all subscribers were set 
to again receive mail, and any previous bounces were forgotten.
 - Greg
 

Re: Contact

[Greg Newby]

On Wed, Jun 24, 2020 at 08:35:31PM -0400, Karl wrote:
> Cpunks,
> 
> Many accounts were recently disabled from this list.  I just discovered the
> situation myself and re-enabled my account.  Is the list administrator able
> to bulk re-enable the accounts of everybody else affected, to undo this
> accidental censorship?

Accidental indeed! You are right, Karl, that many had mail messages disabled.

No doubt due to my misconfiguration a week ago...

I've now reset ALL the mailman "bounce scores," so hopefully people are getting 
this message even if they were temporarily held. Sorry I didn't see this 
problem earlier - I don't have mailman set to send notifications when a 
bouncing address' email is temporarily disabled.
 - Greg
 

> Additionally, ddosecrets.com recently publicized 269GB of leaked police
> data.  At this time of police brutality, this is important data, but the
> server hosting it became inaccessible the following day.  Does anybody know
> where else to find this data?
> 
> K

Re: ping

[Greg Newby]

Possibly useful advice for @gmail users below, also some list diagnostics:

On Thu, Jun 18, 2020 at 03:20:50PM -0700, Mirimir wrote:
> On 06/18/2020 02:29 PM, Se7en wrote:
> > On 20-06-18 14:23:02, Mirimir wrote:
> >> Thanks. I wasn't paying attention, but I did notice the warning about my
> >> list membership being disabled:
> >>
> >>> Your membership in the mailing list cypherpunks has been disabled due
> >>> to excessive bounces
> >>
> >> I'm not sure whether that was a cypherpunks server issue, or a Riseup
> >> issue, which was perhaps triggered by a cypherpunks server issue.
> > 
> > The list admin published a few days ago that the list was experiencing
> > trouble and has been rectified. You must not have recieved that
> > message. Check the public archive. 
> 
> Looking in the public archive, the first hint of a problem was Georgi
> Guninski's "pong" and Greg Newby's reply at Jun 15 05:25:59 PDT 2020:
> 
> https://lists.cpunks.org/pipermail/cypherpunks/2020-June/081025.html
> https://lists.cpunks.org/pipermail/cypherpunks/2020-June/081026.html
> 
> Then there's the message from Greg at Jun 16 19:39:50 PDT 2020, saying
> that the "the list was bouncing all day today (after around 9am US
> Eastern Daylight Time)" and that "[t]hings now seem to be fixed":
> 
> https://lists.cpunks.org/pipermail/cypherpunks/2020-June/081030.html

That was a temporary 13-hour problem caused by a specific misconfiguration I 
applied. There is no indication that mail delivery problems before that are 
related.

> But GTI.H and Georgi Guninski both reported on Jun 17 that they still
> weren't getting list messages to Gmail accounts:
> 
> https://lists.cpunks.org/pipermail/cypherpunks/2020-June/081042.html
> https://lists.cpunks.org/pipermail/cypherpunks/2020-June/081043.html
> 
> I got the last message before today at Jun 14 14:38:29 PDT 2020:
> 
> https://lists.cpunks.org/pipermail/cypherpunks/2020-June/081016.html
> 
> I got the membership disabled message at 18 Jun 2020 00:15:00 -0700, and
> it said:
> 
> > Your membership in the mailing list cypherpunks has been disabled due
> to excessive bounces The last bounce received from you was dated
> 18-Jun-2020.  You will not get any more messages from this list until
> you re-enable your membership.  You will receive 2 more reminders like
> this before your membership in the list is deleted.
> 
> That is, messages to me were bouncing from late Jun 14 through Jun 17.

There were a ton of bounces from @riseup.net (there are several subscribers, 
not only you).

I suspect that this WAS due to the misconfiguration I did, but I didn't save 
the 450+ bounce notifications.

You should be able to reenable your subscription as directed... let me know if 
you run into trouble.

> Anyway, it's not a big deal. I'm just curious whether bouncing started
> earlier, perhaps on Jun 14, and why Google and Riseup kept bouncing
> messages after Greg fixed the cypherpunks server.

Here's the important part (saved for the end):

For @gmail.com users, I experimented by subscribing a gmail address to the list.

I found that MOST (not quite all) messages were flagged as spam and therefore 
did not arrive in my inbox.

I flagged as "not spam" to extract them from the spam folder, which might train 
gmail.

But the approach I suggest is to create a filter in gmail. This is easy in the 
Web interface, but I don't know about other clients. Simply make a filter so 
that messages with "list:(cypherpunks.lists.cpunks.org)" or to/cc 
cypherpunks@lists.cpunks.org are never flagged as spam.

 - Greg

List broken; now fixed

[Greg Newby]

Apologies that the list was bouncing all day today (after around 9am US Eastern 
Daylight Time).

I botched a setting in Postfix, and didn't realize it until 13 hours later!

It looks like anyone who submitted to the list would have received a bounce 
message (complaining about spamc), and the message was not received or 
processed. You'll need to resend if you want the message to go to the 
cypherpunks list.

The good news is I had a pleasant day outdoors, out and about (alone!) on the 
trails where I live. Rather than sitting in front of my computer all day. The 
bad news is it was evident in about 2 seconds that something was wrong, when I 
checked my mail, because I had not received any messages since this morning. 
Not even spam!

Mea culpa. Things now seem to be fixed. Let the conversation continue!
 - Greg
 

Re: [OT] pong

[Greg Newby]

George,

Both your addresses are subscribed, and neither is blocked or disabled from 
lists.cpunks.org

I'm not seeing bounces or problems in the mail server logs.

I hope this helps.
  Greg Newby (list admin for cpunks)

On Mon, Jun 15, 2020 at 02:51:01PM +0300, Georgi Guninski wrote:
> Am I subscribed, don't receive email even in SPAM?

Fwd: HOPE 2020 *Revised* Call for Speakers

[Greg Newby]

Perhaps of interest to some cypherpunks. The whole event will be streamed live 
online. Info at www.hope.net

- Forwarded message from Hackers On Planet Earth  -

Greetings,

HOPE 2020 will take place online from July 25 through August 2, 2020. 

Hackers from all corners of the world will convene virtually for 
nine days of online presentations from a wide variety of sources. 
You can be one of them!

We want as many elements of the hacker community as possible to be a part 
of this historic event. You too can give a talk or be part of a panel. 
While we all would prefer to be there in person, this provides an 
opportunity for anyone to share their ideas from wherever they happen 
to be. Simply email your talk proposal to speak...@hope.net.

You should include a proposed title, an abstract, and a short bio for each 
speaker. Provide enough information so it is clear why HOPE attendees would 
find your topic interesting, new, and relevant. Make it clear why YOU are 
the right person or people to give this presentation. Most speaker/panel 
sessions will be allotted 40 minutes for the session, and then 10 minutes 
for live Q If your talk is accepted, we will provide full assistance in 
getting it ready for your timeslot, whether you choose to pre-record or 
present your talk live.

All types of presentations are encouraged, from solo talks to panels, 
debates, demonstrations, and interactive discussions. Presenters must 
consider the viability of their session for an entirely online presentation 
method.

Your presentation can be made in ANY language or dialect. Please submit 
the abstract and biography in English, though, since that is the language 
that HOPE uses to communicate with presenters and attendees. If you intend 
to give your presentation in a language other than English, please mention 
this in your talk proposal.

Submissions should highlight their relevance to hacking. They should be 
original, and not previously presented. We encourage presenters from all 
age groups and backgrounds.

HOPE is an inclusive event, seeking civil discourse and education on all 
topics related to the hacker world. HOPE encourages all approaches and 
interpretations to hacking, presented by hackers, makers, developers, 
teachers, learners, and experimenters. If you have a passion for discovering
how things work and sharing that knowledge, you have the hacker spirit.

Some topics from past HOPE events, and new topics of interest, include:

- Hacker approaches to fighting 2020's massive health and social challenges
- Information, disinformation, and information literacy
- Technologies, along with their benefits and risks
- Social engineering
- Education
- Hacker culture and lifestyles
- Effecting social change
- Industry, government, commerce, and multinationals
- Science, engineering, and math
- Body modification, hacking, and enhancement
- Phones, networks, and telecommunication
- Hardware and software
- Secrets and disclosures
- Data, privacy, encryption, and policy
- Outer space and beyond
- How-to's / DIY (for beginners or any level)
...and much, much more

All submissions will receive an automated response. (You won't get multiple 
responses if you email us more than once in a short period of time, but we 
will still get your email.) Notices of acceptance will be mailed out in the 
weeks ahead. Send all submissions to speak...@hope.net.

All speakers will be given full access to the conference, which includes 
Q sessions with each presenter, a commemorative conference t-shirt that 
will only be given to conference attendees, and a special HOPE 2020 badge.
If you want to help with coordinating this historic event, send an email 
to volunte...@hope.net.

*** HOPE 2020 - July 25 to August 2, 2020 - Everywhere ***

- End forwarded message -

Re: Video chat software / options

[Greg Newby]

Hi, Doug. Just last week, the ACM came out with a thorough and interesting 
guide on how to run a virtual conference:
  https://www.acm.org/virtual-conferences

They link to an open Google Doc that lists lots of different resources and 
their characteristics:
  
https://docs.google.com/document/d/1LLLniPkf48CCZyG_BNy1ylF2wXNlztqNEOnzNuMQmJc/edit

There are also a number of other useful links and appendices. There is no easy 
answer to the choice, since all the tools have limitations. They don't dig much 
into security and privacy aspects, but do have focus on how to restrict access 
only to registered persons.

Another resource is something I posted to cpunks about earlier. I'm attaching 
the email I sent. It was a CCC talk that described the different software they 
used. Mastadon & Jitsi were highlighted, among others.

Jitsi has a key limitation in how the video streams are sent, which makes 
larger meetings a problem due to bandwidth management - I experienced this 
myself, where a meeting with 10-12 people fell apart because attendees were 
getting dropped, or couldn't receive all the participant streams.

Another personal experience I have is with Slack. Slack is actually pretty good 
for live audio/video meetings of 10 or so people. The nice thing is that if 
you're already having an ongoing Slack chat, you can launch a "call" any time 
in the same channel.

It's nice to hear from you. Enjoy!
 Greg

On Sat, Apr 18, 2020 at 06:24:23PM +, Douglas Lucas wrote:
> Hey cypherpunks,
> 
> So what video chat options are there that are less privacy violating and
> social graphing than Zoom, Skype, etc, while still being at least
> somewhat available to the everyday user? Imagine two use cases:
> 
> 1. Audiovideo chat between Alice and Bob: they want to watch an online
> movie together whether by sharing a screen or some other method, and
> then have sexy times later by same audiovideo chat. Imagine further that
> Bob uses Linux laptop and knows more or less what he's doing, while
> Alice uses Windows or Apple or her standard-issue smartphone or w/e and
> doesn't want to spend her little weekend time off paidwork trying to
> configure stuff to meet some faraway incel's expectation of flawless
> fantasy security.
> 
> 2. A video panel or Q being hosted by your local friendly anarchist
> bookstore. Maybe it needs 3-5 people on a panel talking, their famous
> faces visible on the screen along with their audio while they debate
> each on internecine leftist conflicts that distract from far more
> rational propaganda of the deed, while the 20 people in the audience,
> including people of all sorts of demographics who have a hard enough
> time paying their bills online, have their audio and video forcibly off
> so there's not random beeps and bloops and toddler singing during the
> panel, but the audience could still type in Q questions or whatever.
> It would also be cool if there was a film screening option -- imagine an
> anarchist bookstore that prior to covid19 had been doing weekly film
> screenings offline in their brick and mortar location, but now wants to
> do something similar online, while making it hopefully accessible for
> people without intense computer skills.
> 
> How are Signal and Wire for the above?
> 
> My big picture understanding has for a long time been that, 1. perfect
> security is snake oil, the top spy agencies can crack anything if they
> want given enough time and targetting interest, but that's not typically
> relevant to the above use cases unless you're a Supreme Court justice or
> an incel fantasizing about being James Bond, 2. encryption makes data
> packet size much bigger, and large data size is already a problem with
> video in cleartext, so there never has been a really good solution to
> this problem. However #2 was my understanding as of like 5 years ago, so
> I'm curious if some new solution has come out.
> 
> It looks like EFF is fairly useless and using Zoom themselves. I suppose
> if they're not gonna go after something meaningful, like how the
> corporate voting gear in the US is closed source, they have to spend
> that sweet Papa Omidyar cash and prestige somehow and produce little
> guides about how to toggle your Zoom settings. Afte
> https://www.eff.org/deeplinks/2020/03/what-you-should-know-about-online-tools-during-covid-19-crisis
> https://www.eff.org/deeplinks/2020/03/cc-backgrounds-video-calls-eff
> https://ssd.eff.org/
> 
> Guides by Riseup Networks don't have much on video understandably
> https://riseup.net/en/security/resources
> https://riseup.net/en/security
> 
> Prism Break mentions something called Jami I've never heard of
> https://prism-break.org/en/all/
> 
> And yeah, Signal and Wire...? I know everything is fucked but using
> something less bad for the use cases outlined above seems better than
> diving headfirst into whatever the worst popular solutions are.
> 
> Thanks!
> 
> Doug
--- Begin Message ---
I just watched an informative talk from 

Cypherpunks list planned downtime

[Greg Newby]

I will be upgrading the main pglaf.org server starting the morning of Saturday, 
April 11 (by around 10am Eastern Daylight Time).

During this time, the Cypherpunks list and archives will be unavailable:
  https://lists.cpunks.org

No email will be sent out. Incoming email will be queued or deferred. 

Let me know if you have any questions about what will be unavailable. This 
upgrade should not impact any of the behaviors of the services, once they are 
restored.

  - Greg

Re: Cryptome Ponders Releasing Archive In Preparation For Corona Meltdown

[Greg Newby]

John,

If a mirror site is truly of interest, I would be happy to host one in the US 
(San Diego) and/or Canada (Toronto). Send a note if that might be something you 
wish to pursue. 

I also have sufficient space on an rsync-based backup service, if you just want 
an offsite copy for safe keeping.

Best regards to you & yours. Stay safe out there. You are at the physical 
epicenter of the virus in the US.
  Greg

On Sat, Mar 28, 2020 at 05:28:12PM -0400, grarpamp wrote:
> Corona's global meltdown and human removal potential
> leads some risk and preservation analysts to call for the
> immediate internet / list distribution of the complete
> and brought to current date 150+GiB Cryptome Archive.
> Including... Inscom, Kill-maim, Eyeball, NYC buildings, Venezuela,
> FISC, other series, files, updates, supplements, historicals,
> intros, outros, presentations, indexes, collaborative works, etc.
> 
> Cpunks list available for implementation consultation.
> 
> https://transmissionbt.com/
> https://rsync.samba.org/
> https://gnupg.org/

Re: test message

[Greg Newby]

On Wed, Mar 11, 2020 at 11:22:00PM -0300, Cecilia Tanaka wrote:
> PS 2:  -  I do definitely love Greg!  Thanks for the patience with all the
> list problems and also with my laziness!  Sorry, I swear I used bcc only
> because I was f_cking busy!  :P

  :)

It's truly a pleasure to play a small role in supporting our civil, informed, 
and passionate discourse.
 - Greg

Server infrastructure talk for Extinction Rebellion

[Greg Newby]

I just watched an informative talk from 36C3 by Julian Oliver:
 https://media.ccc.de/v/36c3-11008-server_infrastructure_for_global_rebellion

At around minute 28 he begins talking about the specific server software, 
datacenter hosting, and other aspects of their operational security 
implementation. This description goes to around minute 44, and then there is 
some Q that is also quite informative.

Nobody asked him why they didn't use TOR -- presumably it wasn't even a 
contender. For sysadmin activity they use VPNs to countries with strict data 
protection laws (Switzerland and Iceland are mentioned). Data partitions are 
encrypted, and they have various contingency plans in the event a server is 
seized. 

At around minute 34, there is a list of the different software choices they 
made to support Extinction Rebellion. They chose alternatives to Slack, Google, 
Mailchimp, Zoom, etc. Some were found to be better than the better-known 
alternatives, and some were worse, for performance, scalability and usability. 
He mentioned that modern users are looking for something like a Google-based 
single sign-on, which is anathema to the anti-surveillance infrastructure they 
are focusing on.

The software and configuration choices are today's best-of-breed for making 
surveillance and seizure more difficult. This naturally includes not utilizing 
commercial solutions, and also naturally includes self-hosting the 
infrastructure.


ER is a global movement that is highly decentralized and, according to the 
first 28 minutes of the talk, is having an impact. This is primarily through 
non-violent actions. They mainly seek progress on combating climate change. 
https://rebellion.global or https://organize.earth for more info.

HOPE 2020 Call For Speakers Now Open!

[Greg Newby]

Perhaps this is of interest to some cypherpunks subscribers:

- Forwarded message from Hackers On Planet Earth  -

 Date: Thu, 16 Jan 2020 14:12:44 -0500
 From: Hackers On Planet Earth 
 Subject: [hope-announce] HOPE 2020 Call For Speakers Now Open!

The HOPE 2020 Call for Speakers is now open!

You can now submit your ideas for talk/panel submissions for our 13th HOPE
conference, to be held at St. John's University, Queens, New York City from
July 31st to August 2nd, 2020.

You can email your talk proposal to speak...@hope.net. Include a proposed 
title and abstract. Provide enough information so it is clear why HOPE 
attendees would find your topic interesting, new, and relevant. Also include
a brief biography. Most speaker/panel sessions are allotted 50 minutes, 
including time for Q All types of presentations are encouraged, from solo 
talks to panels, debates, demonstrations, and interactive discussions. 
Submissions should highlight their relevance to hacking. They should be 
original, and not previously presented. We encourage speakers from all age 
groups and backgrounds.

The conference venue promises more space than ever before, including a
theater, a huge indoor pavilion, seminar rooms, and acres of outdoor
space. Other features include affordable on-site housing and food, easy
accessibility from New York airports and public transportation, free
onsite parking, and 30Gb of network bandwidth.

HOPE is an inclusive event, seeking civil discourse and education on all 
topics related to the hacker world. HOPE encourages all approaches and 
interpretations to hacking, presented by hackers, makers, developers, 
teachers, learners, and experimenters. If you have a passion for discovering 
how things work and sharing that knowledge, you have the hacker spirit.

Some topics from past HOPE events have included:

* Technologies, along with their benefits and risks
* Social engineering
* Education
* Hacker culture and lifestyles
* Effecting social change
* Industry, government, commerce, and multinationals
* Science, engineering and math
* Body modification, hacking and enhancement
* Phones, networks, and telecommunication
* Hardware and software
* Secrets and disclosures
* Data, privacy, encryption, and policy
* Outer space and beyond
* and much, much more

All submissions will receive an automated response. (You won't get multiple 
responses if you email us more than once in a short period of time, but we 
will still get your email.) Notices of acceptance will begin to be mailed 
out in the weeks ahead.

You can also find some handy tips for your talk/panel submission on our
website at www.hope.net/speakers_tips.html .

HOPE 2020, July 31-August 2, 2020, St. John's University, Queens, New York City

https://www.hope.net
https://twitter.com/hopeconf

- End forwarded message -

Re: This is the Opportunity-cost of NOT implementing my AP idea

[Greg Newby]

On Fri, Jan 10, 2020 at 04:50:51PM -0300, Punk-Stasi 2.0 wrote:
> 
> 
>   it seems that once in a while the confirmation messages are not set, or 
> get lost. Big deal. You can check the archive to see if the server received 
> your message, and if it did, you can assume the server sent it to all of us. 
> 
>   ARCHIVE https://lists.cpunks.org/pipermail/cypherpunks/

Yes, exactly. Check your spam filters etc. in case messages to you are eaten by 
your own mail system. Mail deliver to & from the PGLAF server that hosts 
lists.cpunks.org seems to be robust (i.e., I get notifications about various 
bounces etc., and there are surprisingly few problems).

Note especially that GMail and probably a few other web-based interfaces 
*refuse* to show you a copy of your own posting, even if it arrives in your 
inbox.

At https://lists.cpunks.org you can use your personal subscriber password (or 
ask for it to be set/sent), to turn on an automated acknowledgment for every 
message you send. There are a few other settings you can tweak there, too.

But the bottom line is: check the archive, above (no login/password required), 
to confirm whether your message was posted to the list.

There used to be a few situations where messages were silently rejected (such 
as when having too many cc: or to: recipients). I think we have now set things 
so that anything that is received, but not posted, will generate some sort of 
message back to the posting address. In other words, rejection or moderation or 
other failures to post SHOULD result in an email back to you explaining what 
happened.
  - Greg

Re: This is the Opportunity-cost of NOT implementing my AP idea

[Greg Newby]

On Mon, Jan 13, 2020 at 08:41:06AM -0800, Razer wrote:
> 
> On 1/13/20 1:12 AM, Shawn K. Quinn wrote:
> > On 1/12/20 20:15, Greg Newby wrote:
> >> You're not unsubscribed, otherwise you would not have been able to post 
> >> this message.
> > When was the change made to only allow subscribers to post?
> >
> 
> WTF kind of listserv allows posts from non-subscribers? Never heard of
> any such thing, and the only reason I can see for that arrangment is to
> destroy the usability of a list and clog it's servers with spam instead
> of posts on the topic(s) relevant to the list.
> 
> Rr

The cypherpunks list has only allowed subscribers to post since it moved to 
Mailman (i.e., years ago). When non-subscribers try to post, they get an 
automated response.

At least some of the Cypherpunks Distributed Remailers (CDRs) and predecessor 
lists allowed anyone to post, as evidenced by the massive quantities of spam in 
the cypherpunks-legacy archive (now at https://lists.cpunks.org).

My recollection (from later years of CDRs, when I joined) was that some CDRs 
restricted to subscribers. But some did not. And all CDRs would allow all 
traffic from all other CDRs (more or less...). 
  - Greg

Re: This is the Opportunity-cost of NOT implementing my AP idea

[Greg Newby]

On Sun, Jan 12, 2020 at 09:42:48PM -0300, Punk-Stasi 2.0 wrote:
> 
> 
>   Now is my turn, haha. I haven't received any messages for a day or so, 
> but I see that new messages have been posted. Wondering if I've been 
> unsubscribed somehow - or cock.li is playing up. 

You're not unsubscribed, otherwise you would not have been able to post this 
message.
 - Greg

Re: This is the Opportunity-cost of NOT implementing my AP idea

[Greg Newby]

Yes - I saw this, and will try to look into it.
- Greg

On Fri, Jan 10, 2020 at 03:43:26PM -0300, Cecilia Tanaka wrote:
> D'Oh!  Pardon!  :B
> 
> Sorry for disturbing you WITH the list's problems, but may you help here,
> please?
> 
> >

Re: Missing video from Jeffrey Epstein's first suicide.

[Greg Newby]

On Mon, Jan 06, 2020 at 06:56:42PM +0100, Tom Busby wrote:
> can i confirm that this is the Venona archive merged with the 2000-2016
> archive from this post:
> 
> https://lists.cpunks.org/pipermail/cypherpunks/2018-July/042515.html

Yes, exactly. There are some notes about sources, linked in via the listinfo 
page.

> i.e. that we don't have a new, overlapping archive of the 90s period? I'm
> assuming venona is still the only game in town for the 90s period.

Correct. The venona .zip contents I used are dated 2003. Cryptome has a copy 
dated 2010 that is only different by a few bytes.

We have not heard of other archives covering 1992-1998. All the other online 
archives seem to trace back to the same source.

Something that is unfortunate about this is that, at the time, there were a 
bunch of different remailers (the number varied over time, but seems to have 
typically been around a half-dozen). Each CDR's archive would have been 
different: different spam, different headers and slight variations in time 
stamps. 

It seems that none of the other CDR archives are available, at least publicly. 
Only the venona one. This is part of why Jim has been reaching out to some of 
those CDR operators, and also long-time list subscribers. Any other archive 
would be expected to have material differences, at least with headers & spam.

BTW, I joined the list in 2001, at the tail of the period above (and was on a 
couple of different CDRs over time). In the quest for archives from the 1990s I 
am an interested party, but not a source of any original materials.

 - Greg


> On Mon, 6 Jan 2020 at 18:54, Tom Busby  wrote:
> 
> > oh fantastic, thank you very much. looks great.
> >
> > On Sun, 5 Jan 2020 at 04:00, Greg Newby  wrote:
> >
> >> Dear Tom,
> >>
> >> You might be interested to see that I recently merged the archives. (I am
> >> the current list operator.) You can find it browsable and a few other
> >> formats. This spans September 1992-July 2013 in the cypherpunks-legacy
> >> collection.
> >>
> >> The current (ongoing) list is in the main cypherpunks collection, from
> >> 2013-present. They are both here:
> >>
> >>   https://lists.cpunks.org/mailman/listinfo
> >>
> >> Announcement/description:
> >>
> >> https://lists.cpunks.org/pipermail/cypherpunks/2019-December/078230.html
> >>
> >> Best,
> >>   Greg
> >>
> >> On Sat, Jan 04, 2020 at 09:41:57PM +0100, Tom Busby wrote:
> >> > I'm just a guy with a website. Believe me, it saddens me that so much is
> >> > lost, that's why I originally started trying to piece it all together,
> >> but
> >> > my leads ran cold, and if you go look at the commit logs for crypto
> >> > anarchy.wiki you'll see how little time I've had to work on it lately.
> >> >
> >> > In terms of whether this is deliberate forgery or just lost data, I
> >> have no
> >> > way of finding out because I don't have other copies of the archive to
> >> > compare with. That's the only way to do it. And even then I can only
> >> detect
> >> > tampering, not innocent loss of data. I was under ten years old during
> >> this
> >> > period so I'm flying blind in terms of what it should look like.
> >> >
> >> > I'm not a player in this drama, I'm just a guy who is mirroring what's
> >> > available so that isn't lost too.
> >> >
> >> > I simply don't have the time to help you at the moment. I have too many
> >> > other commitments. I haven't even found time to merge the 1999-onwards
> >> > archive.
> >> >
> >> > If you find a lead on any of it, let me know. As far as I can tell, Ryan
> >> > Lackey is the only one who can help you. This archive originates on
> >> Venona.
> >> > That I'm pretty sure about. If he won't respond to you, I don't know
> >> what
> >> > can be done. I really hope someone else finds an archive of this era,
> >> > because it's the most important era for sure.
> >> >
> >> > But other than that, please bear in mind that I'm on your side. We both
> >> > have the same goal: a complete, accurate archive. I've done what I can
> >> so
> >> > far. I won't have time to work on this actively in the near future.
> >> >
> >> > On Fri, 3 Jan 2020, 20:27 jim bell,  wrote:
> >> >
> >> > > On Friday, January 3, 2020, 02:16:28 AM PST, Tom Busby
> >> 
> >> > > wrote:
> >> > >
> >> > >
> >&

Re: Missing video from Jeffrey Epstein's first suicide.

[Greg Newby]

Dear Tom,

You might be interested to see that I recently merged the archives. (I am the 
current list operator.) You can find it browsable and a few other formats. This 
spans September 1992-July 2013 in the cypherpunks-legacy collection. 

The current (ongoing) list is in the main cypherpunks collection, from 
2013-present. They are both here:

  https://lists.cpunks.org/mailman/listinfo

Announcement/description: 
  https://lists.cpunks.org/pipermail/cypherpunks/2019-December/078230.html

Best,
  Greg

On Sat, Jan 04, 2020 at 09:41:57PM +0100, Tom Busby wrote:
> I'm just a guy with a website. Believe me, it saddens me that so much is
> lost, that's why I originally started trying to piece it all together, but
> my leads ran cold, and if you go look at the commit logs for crypto
> anarchy.wiki you'll see how little time I've had to work on it lately.
> 
> In terms of whether this is deliberate forgery or just lost data, I have no
> way of finding out because I don't have other copies of the archive to
> compare with. That's the only way to do it. And even then I can only detect
> tampering, not innocent loss of data. I was under ten years old during this
> period so I'm flying blind in terms of what it should look like.
> 
> I'm not a player in this drama, I'm just a guy who is mirroring what's
> available so that isn't lost too.
> 
> I simply don't have the time to help you at the moment. I have too many
> other commitments. I haven't even found time to merge the 1999-onwards
> archive.
> 
> If you find a lead on any of it, let me know. As far as I can tell, Ryan
> Lackey is the only one who can help you. This archive originates on Venona.
> That I'm pretty sure about. If he won't respond to you, I don't know what
> can be done. I really hope someone else finds an archive of this era,
> because it's the most important era for sure.
> 
> But other than that, please bear in mind that I'm on your side. We both
> have the same goal: a complete, accurate archive. I've done what I can so
> far. I won't have time to work on this actively in the near future.
> 
> On Fri, 3 Jan 2020, 20:27 jim bell,  wrote:
> 
> > On Friday, January 3, 2020, 02:16:28 AM PST, Tom Busby 
> > wrote:
> >
> >
> > >>And John Gilmore, Ryan Lackey, Tom Busby, and Declan McCullagh don't
> > seem to care
> >
> >
> > >It's not that I don't care, I just don't know what I can do about it.
> > This appears to be the only copy of the archive available.
> >
> > >If anyone else has a more complete archive, send it to me and I'll merge
> > it.
> >
> >
> > You are thinking solely in terms of correcting the archive.   That's a
> > limited view.  I'm thinking of finding out who is responsible for the
> > well-planned omissions in the archive.  From where was the data obtained?
> > When was the faking of the data done?   Who did it?  Why?
> > Who had control of the Cypherpunks list during the 1995-2003 time frame?
> > Was the data stored elsewhere, such as the Wayback Machine?
> >
> >
> >
> >
> >   Jim Bell
> >
> >
> >
> >
> > On Fri, 20 Dec 2019 at 08:25, jim bell  wrote:
> >
> > Jeffrey Epstein: Surveillance Video From First Suicide Attempt 
> > Missinghttps://www.yahoo.com/entertainment/jeffrey-epstein-surveillance-video-first-184510141.html
> >
> >
> > Jim Bell's comment:
> >
> > Missing, just like a few thousand postings to me, from me, about me, and
> > any mentioning Assassination Politics in the 1995 Cypherpunks archive.
> >
> > And John Gilmore, Ryan Lackey, Tom Busby, and Declan McCullagh don't seem
> > to care.  Neither does Brian Merchant nor Will Stephenson.
> >
> > Concealing the past by erasing the evidence is an old story.
> >
> >

Re: cypherpunks-legacy archives 1992-2013

[Greg Newby]

On Wed, Dec 11, 2019 at 09:17:45AM +1100, Zenaan Harkness wrote:
> On Tue, Dec 10, 2019 at 01:46:37PM -0800, Greg Newby wrote:
> > Back in July there was discussion about preserving the available archives. 
> > I have now made the available archives from 1992-2013 available via 
> > Mailman, and placed copies of the available mbox files within.
> > 
> > Visit them here:
> >  https://lists.cpunks.org/pipermail/cypherpunks-legacy/
> ...
> 
> 
> That's some dedicated work. Thank you.

My pleasure. Those gnarly mbox files were more of a challenge than I had 
anticipated at first.

> Are you able to provide the mbox in 7z or 'tar -caf mb.xz' ?

Yes, that was easy enough: Done. Note also that the Apache server should be 
offering capable clients to compress on-the-fly as part of the HTTP negotiation 
(gzip).

The 1992-1998 archives were already part of a bzip2: 
cypherpunks-199209-199812.tar.bz2 (John has shared essentially the same files 
as a .zip), so I didn't make a .xz of it.

I made an .xz of the cypherpunks-legacy.mbox (i.e., the exact input to the 
'arch' command). Also cypherpunks-1999-2015.mbox (the archive from before 
Mailman, and the first ~2 years of Mailman), and also the processed/ directory 
(i.e., post-processed stuff that was input to the first file in this paragraph).

I also made sha512sum output in sha512sum.txt (I could also make md5sum, but 
that is no longer considered cryptographically secure, according to its man 
page).

Direct links:
https://lists.cpunks.org/pipermail/cypherpunks-legacy.mbox/sources/cypherpunks-legacy.mbox.xz
  (this is what you asked for, I think).
https://lists.cpunks.org/pipermail/cypherpunks-legacy.mbox/sources/processed.xz
https://lists.cpunks.org/pipermail/cypherpunks-legacy.mbox/sources/cypherpunks-1999-2015.mbox.xz

Let me know if other variations would be useful.

It's no problem to point wget or whatever at the server, if you want to copy 
some or all of these files (including the browse-by-thread etc.).

For completeness and so everyone gets a copy, here are the sha512sums:

81c1cc1b096a6216485fa2445be098485f292a973af3f0bc9376f15ec199e783118952d08d7a3370f3ae47e7192aa67a1a4affb75fa0a5a70f97adee948ed034
 *cypherpunks-199209-199812.tar.bz2
a1e67f1898a7e09913983f76bb95bd5a3e284e13438331fd0234d29d979583b967dfe478e42444526df17786c9de5600400c45e3045406bb6272e29bc6c7a501
 *cypherpunks-1999-2015.mbox
e00109d1761a5546205f1ef39c2c05f7ff7cc2f91c7d2a4bd5a2c342a0690cdb6c8514a5037f19775374b9e0511e663217798abe02dfde7bfeb01f543a45dd35
 *cypherpunks-1999-2015.mbox.xz
b2f202ee931d06541e4127f6008771659ed86b9f32606875261c254836d0ad630c160276c11d019dfbafb189c3269b5ae78dfb5b395c89b901ef75fc8af50a48
 *cypherpunks-legacy.mbox
65952cc183e724be2481e9f95d7443872f0523e281d5da3cc4aa3be8ba22d56fd04b35f4dff642ea2e6aecaf2683ea69d15e06f29ffb1b0cbd329bb9e7e9875e
 *cypherpunks-legacy.mbox.xz
e04a6aa95a7e060e72d2d4be5b8e52c5ceb5fc6831e8951fe68ca417bcd5d1f794433add775b742917243e5e98228f2b6698255147b7dcfd53e8f5f6f1b543eb
 *processed.xz
3d4ea45095f4ea373a0a7d609fb70160437f3b23a7456f4ebd95d4a5e35ef4290bde1e312e47f3aa532142aa1ae98194e01e003f32bd0d5249aeb6aa9b910463
 *README-sources
4db8840e46ba9c8476b2f95c9425d92a68c54a935d38225603113891e9d5a41e6947e33dcaf2b5a51c24833c0ee85c64401739067c0ca0c15c6f2def01d75365
 *cypherpunks-199209-199812/cyp-1992
3598b07c74f224b7bf7adbd68bd24ba3a6c232ec755089f4a14f54c643d19d9f6c0aec40f4acde99e89dfe02070c435c3b8285513edc9d14fade32408435c8c8
 *cypherpunks-199209-199812/cyp-1993
43d39dc2ca13de28288ef562e030679555063695a8c6da955a06736f2d1dc6bffd04c8b32eff92bba3c09916fd9cfb21df1c5e70fb387d47b2366a8f89bb96f6
 *cypherpunks-199209-199812/cyp-1994
4ba34837f8c13907188ccd97b3f7b754d9eaf70b21b0183e81c2f822b555fc5fa63aaa50d96ee94f7d8dc6f9cddc6d2e5133c20c0bcd162f56901dc5edfc6da5
 *cypherpunks-199209-199812/cyp-1995
d5c4ea8845f064c426e8f48d8f8cc84ab039a297e335facfa9f52b4fb669a6d95c069680323327be454d67af7c4d08cc28bf247afabf03f18a85c42deba8483e
 *cypherpunks-199209-199812/cyp-1996
b4732735ac88dded905ce7daf9e19303e9a129af1f099d9dd30ecd24a9d6f7c8d7dc7c56b34c0a736f599970644f9d6dbd49fc9bc25115850c0c4f0bcbd1d4f0
 *cypherpunks-199209-199812/cyp-1997
992e46fcad5bd2954737b514e712042fe98caba93bfe212c0a57814648b1e2156fd0dec32b8c55267217e69670c770f6c2036a58259ce69b891c03f8851a7215
 *cypherpunks-199209-199812/cyp-1998
a82ecfcff9f787a89413a401873bd1ae9fe28d4bba12c133ed3f01df9767849cc49e0e8ce3e34c2da43eba8c61d847ff8f8412850356f9310bc9c5b0635182ee
 *processed/cyp-1992-new
83c1e11af1197528878990a977937bbcea4ea69029902702e1586a09196b3b3b798e736fcf7ad05adde26730a55b27a83b1912d8cbcb76a11f3357ab4e8567a1
 *processed/cyp-1993-new
6b0c46ad47644832615a9457dcfb419c39f916bc2a8a98f57b8d7df9266212304ef81ae6817b37493b69e06dded28f1acadaf437a7cf8d023e7b9e6e420e4e7e
 *processed/cyp-1994-new
0427c28eb9a12ce0b9cab34a364da16abfdfe0842fbb8999087592dd577bfb3546e33571cd79312be58b02523e356d7856a

cypherpunks-legacy archives 1992-2013

[Greg Newby]

 program, and viewed as separate messages. They
may be sorted and searched, just like any other email folder.

The same sorts of issues as those described above will likely be
evident in any email client, and clients will even show a different
total number of messages. The types of sorting, editing, and displaying
described above would have somewhat different results, if a different
toolset is used.

These archives are freely available, and the effort to make them
available via Mailman is freely given. 

 - gbn



Earlier thread on this concluded below:
 Subject: Re: newsflash! cypherpunks mailing list is behind cloudflare-NSA

On Fri, Jul 12, 2019 at 06:34:07PM -0400, grarpamp wrote:
> On 7/12/19, Greg Newby  wrote:
> > Newsflash! This happened in April, and was announced here:
> >   https://lists.cpunks.org/pipermail/cypherpunks/2019-April/045250.html
> > We have been on Cloudflare's DNS since then for the email lists.
> 
> Use of CF or any other CDN was not mentioned in the announcement,
> whether for DNS, or HTTPS. The entire internet is NSA anyway.
> 
> If CDN for HTTPS, consider multihoming on I2P or Tor
> so users can still access when CDN javascript captcha
> or otherwise arbitrarily blocks them or goes down.
> 
> As to caching bandwidth and archives...
> 
> You really should fork that 335MiB mbox file off now
> or no later than year end, and compress it, and
> then once yearly thereafter, and sign them all.
> People will eventually seed them into IPFS, etc.
> 
> Try using a modern unix compression tool like zstd,
> they are faster, smaller, available for all systems...
> 
> https://github.com/facebook/zstd
> https://facebook.github.io/zstd/
> https://code.fb.com/core-data/zstandard/
> https://en.wikipedia.org/wiki/Zstandard

Re: Facebook is deleting the name of the potential whistleblower

[Greg Newby]

Empirical confirmation confirming the deletion in Facebook: I'm part of a 
public group where the group admin posted an image of the transcript where the 
name appears, "without comment." So, the name was in the image, but not 
written. That was Saturday night, US eastern time.

Sunday morning, the posting is gone. I had commented on the posting, and now 
the links in my FB notification feed that go to the comments are also gone 
(i.e., Facebook "comment_id" and "notif_id" strings in the posting URLs simply 
redirect to the group's main page).

Sunday morning, the same person started a new thread that talks about the 
deletion. Depending on the interest in the group of experimenting, perhaps we 
will also talk about the topic of the post that was deleted, or other details. 
That could help to determine whether the deletion was automated, based on 
obvious trigger terms (via automated optical character recognition), or manual 
by the FB watchdog corps. It seems possible that automated deletion would then 
lead to ongoing manual oversight. 


MEANWHILE, this also got me thinking about archives deletion. You can find this 
thread in the monthly archives at 
https://lists.cpunks.org/pipermail/cypherpunks/2019-November/thread.html, and 
more specifically starting with Jim's posting, here: 
https://lists.cpunks.org/pipermail/cypherpunks/2019-November/077522.html

Jim has identified gaps in the available copies of the Cypherpunks list 
archives from 2003, and so far we haven't found earlier archives that contain 
the redacted materials. Deletions would have occurred sometime after postings 
in 1995 or so.

How easy would it be for a state actor to remove archives from the current 
server? Very easy: they simply need to show up at the data center with a 
national security letter, login via console, and take care to erase their 
tracks. It's possible the intrusion would be detected by the server admin or 
someone else, but also possible it would not be noticed until any evidence 
trail has long gone cold.

My understanding (I wasn't there) was that this type of scenario was part of 
the inspiration for cypherpunks distributed remailers. We no longer have a 
distributed architecture. More importantly, the CP community isn't maintaining 
resilient no-delete archives. 

I'll give some thought to how I might contribute to such an architecture, 
perhaps starting simply by an additional offsite backup. The current list 
server could add a few controls, like checksums and even encrypted copies of 
the archive. But without distributing copies elsewhere, and publicizing 
information about the controls for data integrity and availability, the risk 
would persist.

Best,
 Greg


On Sun, Nov 10, 2019 at 04:25:19AM +, jim bell wrote:
>  Just found 
> this:https://www.dailywire.com/news/alleged-whistleblowers-name-appears-in-transcript-released-by-schiff
> 
> Alleged Whistleblower’s Name Appears In Transcript Released By Democrats
> 
> 
> 
> Controversy over whether or not to reveal the name of the man widely believed 
> to be the whistleblower whose complaint prompted the Democrats’ impeachment 
> inquiry ratcheted up even further on Wednesday after Donald Trump Jr. tweeted 
> out an article and quote including the whistleblower’s alleged name. While 
> Democrats and the left-leaning media expressed outrage about Trump’s social 
> media post, an impeachment inquiry transcript released by the office of 
> Democratic Rep. Adam Schiff includes the very name Trump tweeted out.
> 
> As reported by RedState, Schiff, the chair of the House Intelligence 
> Committee who is heading up the Democrats’ impeachment efforts, appears to 
> have accidentally allowed the name widely identified as the whistleblower to 
> appear in the transcript of the committee’s interview with top U.S. 
> ambassador to Ukraine Bill Taylor.    [end of quote]
> 
> 
> 
> 
> 
> On Saturday, November 9, 2019, 08:21:02 PM PST, jim bell 
>  wrote:  
>  
>   On Saturday, November 9, 2019, 08:06:38 PM PST, Razer  
> wrote:
>  
>  On November 9, 2019 12:53:03 PM PST, jim bell  wrote:
> 
> >I don't think that re-publishing a name, which has probably already
> >been re-re-re-re-re-re-re-published thousands of times, could
> >constitute "interfering with a criminal investigation".  But your
> >imagination may differ.
> >             Jim Bell
> >
> 
> 
> You can do whatever you like until they tell you to stop.
> 
> Sounds like you are abandoning your foolish idea that after thousands of 
> other people have named Eric Ciaramella, it is somehow wrong to do so,
> > Then you can't,
> So far,  nobody has told me, or thousands of other people, to stop mentioning 
> Eric Ciaramella's name.  Nor are they likely to do thatThe law which 
> "protects" "whistleblowers" likely doesn't even cover this guy, who didn't 
> actually see anything; he was simply TOLD it, and the accuracy of that 
> telling is highly suspect.  And, to boot, he isn't a lawyer, and is highly 
> 

Re: Cypherpunks archive description.

[Greg Newby]

Those are the same as what I have at https://www.petascale.org/cypherpunks 
(other than line endings: they are not identical files, but the contents seems 
to be the same).

The Cryptome files are dated 2009, and the ones I have were dated 2003.

The other archive referenced below is: https://cypherpunks.venona.com/ .. I did 
a quick perusal of 1995/11 and the contents seem to match the two sources above.

You probably already looked here: 
http://mailing-list-archive.cryptoanarchy.wiki/ (the first hit in Google for 
"archive of cypherpunks email list"). Seems the same. Notably, 1995 has no 
archives for April or June 1995 in any of these three copies of the archive. 
So, they seem to match at a coarse grain, at least.
 - Greg

On Mon, Nov 04, 2019 at 04:57:43AM +, jim bell wrote:
> 
> Cypherpunks Archive 1992-1998
> John Young j...@pipeline.com
> Fri Sep 6 16:17:54 EDT 2013
> 
>
>- Previous message: Old list archives
>- Next message: [pfSense] [liberationtech] NSA Laughs at PCs, Prefers 
> Hacking Routers and Switches
>- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Cypherpunks Archive 1992-1998 in raw text:
> 
> http://cryptome.org/cpunks/cpunks-92-98.zip (83MB)
> 
> By year:
> 
> http://cryptome.org/cpunks/cpunks-1992.zip (790KB)
> http://cryptome.org/cpunks/cpunks-1993.zip (7.4MB)
> http://cryptome.org/cpunks/cpunks-1994.zip (11.8MB)
> http://cryptome.org/cpunks/cpunks-1995.zip (10.1MB)
> http://cryptome.org/cpunks/cpunks-1996.zip (21.6MB)
> http://cryptome.org/cpunks/cpunks-1997.zip (20.7MB)
> http://cryptome.org/cpunks/cpunks-1998.zip (10.8MB)
> 
> Who October 26, 1996:
> 
> http://cryptome.org/cpunks/cpnkwho-102296.txt (34KB)
> 
> 
> 
> At 03:06 PM 9/6/2013, you wrote:
> >On Fri, Sep 06, 2013 at 12:13:50PM -0400, grarpamp wrote:
> > > On 9/6/13, CypherPunk  wrote:
> > > > On 09/06/2013 06:17 AM, John Preston wrote:
> > > >> I'm having trouble finding the list archives going back into the 90's;
> > > >> they're not on cpunks.org. Anyone got them?
> > > >
> > > > http://cypherpunks.venona.com/
> > >
> > > cryptome has a partial zip archive you can search for.
> > >
> > > For those that use real MUA's/search with local copies
> > > instead of crippled web indexes further subject to disappearance,
> > > and to cover time gaps and provide a canonical answer
> > > to this recurring question
> > >
> > > I suggest people here collaborate and contribute to
> > > create a complete historical archive in mbox and/or maildir
> >
> >An excellent idea. Unfortunately, I lost my 1980s/90s
> >emails due to a shredded RAID.
> >
> > > format. Once compiled and deduplicated it could be
> > > broken out and presented by year in said formats and
> > > also loaded into mailman/pipermail.
> > >
> > > What datasets do you all have and in what formats?
> > > Can you upload and/or post links to them?
> > >
> > > I believe cpunks.org is willing to host such an archive.
> >
> >I will put up a mirror as well. mbox format is perfect.
> 
> 
> 
> 
> 
>
>- Previous message: Old list archives
>- Next message: [pfSense] [liberationtech] NSA Laughs at PCs, Prefers 
> Hacking Routers and Switches
>- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> More information about the cypherpunks mailing list

List administrivia (Re: Whom, specifically, is our greatest ally? - (spoiler: Australia)) - [PEACE]

[Greg Newby]

1. MISSING MESSAGES THIS WEEK

Jim: I set your list options to select "ACK" and unselected "nodupes." The 
impact is that you should get an email acknowledgment whenever a message is 
accepted and (presumably) distributed and archived. The "nodupes" might have no 
impact, but it is supposed to quash multiple copies of messages when selected.

Because you sent multiple emails to the list today, I don't have an easy way to 
check whether there was some sort of problem (like a spam-type rejection) from 
one of them. If you are ever suspicious that something got blocked or didn't 
make it, AND can tell me the specific time, I can check the logs. As I have 
mentioned here before, the PGLAF.org server that runs lists.cpunks.org has 
graylisting and a few other anti-spam measures. But clearly most of your 
messages are being handled correctly.

Anyone else who wants to twiddle their list settings can visit 
https://lists.cpunks.org/mailman/listinfo/cypherpunks (and Jim can email me to 
revert what's above, if desired).

2. MISSING MESSAGES FROM 1995

As has already been written, the PGLAF server has only hosted the list since 
around August of 2016. Previously, Riad Wahby hosted the list. I first 
subscribed in the early 2000s. The archive copies I have at 
  https://www.petascale.org/cypherpunks/ came from a couple of other people.

For anyone looking at those copies, note that the mbox files have some problems 
(spam, and some messages with bad headers that can confuse or even crash email 
clients).

It is clear in these archives that the messages that Jim says do not exist, do 
not exist. There is no obvious evidence of redaction. For example, I wondered 
whether there would be responses to messages that Jim posted, but not the 
original messages. I didn't find any. Ditto for the messages from Bill Frezza.

  ** IF YOU FIND OTHER (different) COPIES of the archive, please get them to me 
and I'll add them to what's above.

In the early 2000s, the list existed via a series of "cypherpunks distributed 
remailers" (CDRs). It is absolutely true that the content from each CDR was 
different: different headers, different time stamps, and different spam. 

I do not know the provenance of the copies above. I can tell you that I didn't 
edit/redact them (a README tells what I did to eventually ingest alongside 
lists.cpunks.org archives). 

I agree with Jim's suggestion that we seek other copies of archives, or 
individuals who might have a complete personal archive from them. Some of the 
long-departed CDR admins like Jim Chote and John Gilmore might have such 
records. If anyone knows who was running CDRs in the 1992-1997 period, I will 
be happy to reach out to them.

Best,
 Greg


On Mon, Nov 04, 2019 at 12:49:22AM +, jim bell wrote:
>  On Sunday, November 3, 2019, 01:34:48 PM PST, Zenaan Harkness 
>  wrote:
>  
>  
>  >What I do when I'm unsure and want to check, is check the cp archives here:
> 
> >    https://lists.cpunks.org/pipermail/cypherpunks/
> 
> >view by date, and look at the most recent emails.
> 
> 
> Unfortunately, your response is (un-?)intentionally hilarious.  It wouldn't 
> have been so a week ago, before I started exposing the most huge scandal of 
> corruption tampering that Cypherpunks archives has ever seen, a massive 
> fabrication of some of the CP archives,  Back then, there was at least the 
> illusion that the CP archives had a minimal level of credibility.  
> And here, above, you ask me to "check the CP archives".
> Worse, you don't even bother to explain if you actually received the first 
> attempt of my morning email, a claim which at least in principle would have 
> provided a bit of further indication whether my first attempt had actually 
> succeeded, or had failed.   That is obviously the first, most immediate piece 
> of information that you could have done.   
> And you didn't.  Remember what 'they' say, "if you're not part of the 
> solution, you're part of the problem".
>             Jim Bell
> 
>   

Archives are not lost (Re: [z...@freedbms.net: Re: [WAR] ...])

[Greg Newby]

Jim, others:

Archives were discussed in the list awhile ago, a few times. Riad had some, and 
so did another source.

I have a copy here:
  https://www.petascale.org/cypherpunks/
(a few different versions)

The "to do" item is to slurp the archives so they are all findable among the 
other archives at https://lists.cpunks.org .. I will eventually do this. 

I looked at the Yahoo! Groups archives mentioned in this list a couple of weeks 
ago, and they seemed to be the same thing: just a long-time "subscriber" to the 
list. If anyone thinks they have unique content not listed above, we can try to 
hustle up a method to get a copy.

Best,
 Greg

On Fri, Nov 01, 2019 at 03:50:25AM +, jim bell wrote:
>  On Thursday, October 31, 2019, 06:21:01 PM PDT, Zenaan Harkness 
>  wrote:
>  
>  
>  On Fri, Nov 01, 2019 at 12:30:02AM +, jim bell wrote:
> >  My comments follow:
> >    On Thursday, October 31, 2019, 03:45:00 PM PDT, Zenaan Harkness 
> > wrote:  
> >  
> >  - Forwarded message from Zenaan Harkness  -
> > 
> > From: Zenaan Harkness 
> > To: cypherpunks@lists.cpunks.org
> > Date: Thu, 1 Sep 2016 22:35:47 +1000
> > Subject: Re: [WAR] ...
> > List-Id: The Cypherpunks Mailing List 
> > 
> > On Thu, Sep 01, 2016 at 02:47:08AM -0600, Mirimir wrote:
> > > How about we implement a working AP system?
> > 
> > As I said in a previous thread, I now believe that to be fundamentally
> > flawed - that it will not achieve anything resembling justice, even in
> > the long term.
> 
> How did you come to that conclusion?  I have long believed (probably as early 
> as 1995, though somebody seems to have LOST the archives!!!) that except for 
> a relatively short transition period (maybe a couple of years?) there will 
> eventually be formed a set of courts, at least vaguely similar to today's 
> courts, but VOLUNTARY to both the "plaintiff" and "defendant".   
> Why?   The alleged 'perp' might arguably be innocent,.  Or, he knows he's 
> guilty, but he believes that death should not be his punishment.  (and maybe 
> he's right?)   Or, the public who is willing to donate to see evil people 
> dead knows that the facts are often not clear,  Or, maybe one person is 
> clearly guilty, but others who are not known are likely to exist.
> The jury system may not be perfect, but it is probably the best system 
> devised by man to learn the truth..,.IF it is actually allowed to function 
> properly,  
> If you don't understand this concept, you must not actually have thought 
> about the implications of an AP-type system. _I_ did!!!  Long before I 
> published Part 1, I worked through the implications, probably far better than 
> most people on the CP list ever attempted.  I feel certain that discussion of 
> my AP essay on the CP list eventually included these possibilities.  But now, 
> SOMEBODY has LOST the archive!   Or, maybe it has been deliberately tampered 
> with by somebody or somebodies.
> 
> > Fundamentally, the oligarchs and humans generally need a much higher
> > level of education and discourse.
> > 
> > "When all you have is a hammer ..."
> > 
> > 
> > In the current climate of a majority of extremely dummed down
> > "citizens", who are and feel disempowered, who cling to any iota of
> > power that presents such as any public lynching, where intelligent
> > "discourse" is simply not possible, restraint never exercised and
> > certainly not possible to exercise collectively, AP would be at best
> > a hammer to completely destroy society.
> > 
> > 
> > I support anarchism, not chaos.
> > 
> > - End forwarded message -
> > 
> > 
> > >While it may seem to be over 23 years 'too late', I will indeed answer 
> > >this last line of comment, assuming that I did not do so in September 
> > >1996:.  
> > >>From above, "I support anarchism, not chaos."
> >
> > >To equate "anarchy" with "chaos" is the classic error.   In my AP
> 
> I agree with that.
> 
> >That was not my question though.  Yes the colloquial use of the term
> "anarchy" is generally chaos, thus my use of the term "anarchism"
> etc.
> 
> Well, people can and do misuse terminology.  Yes, I believe that a large 
> fraction of people who call themselves 'anarchists', or who are called by 
> others 'anarchists', are merely died-in-the-wool Communists, Socialists, or 
> leftists whose favorite ideology miserably failed over the period of 1917 
> through 2019.  
> 
> 
> >What I am equating is as follows: AP, with a very great potential for
> chaos, and if not chaos per se, for a significant increase in fear in
> the average dissident.
> YIKES!
> I suppose it doesn't occur to you.   Why do we NEED "dissidents"?   And by 
> "dissidents", I mean a person to openly and publicly opposes some existing 
> system.  TODAY'S society needs "dissidents", because policies adopted by 
> GOVERNMENTS need (with the existing system) to be publicly opposed, in order 
> to force change.    And that means public protests, including on the streets, 
>  What other tools 

Re: Assange "fails in bid to delay extradition battle with US"

[Greg Newby]

On Mon, Oct 21, 2019 at 06:51:31PM +, jim bell wrote:
>  On Monday, October 21, 2019, 09:15:26 AM PDT, Greg Newby  
> wrote:
>  
>  
>  >Spotted in Fox news online, but it looks like this is also on the AP wire
> https://www.foxnews.com/world/wikileaks-julian-assange-appears-in-court
> 
> >Meanwhile, it appears Chelsea Manning is still in jail in Alexandria, for 
> >refusing to cooperate with the grand jury investigation against Assange: 
> >https://en.wikipedia.org/wiki/Chelsea_Manning
> 
> 
> >The Fox article:
>  
> >WikiLeaks’ Julian Assange fails in bid to delay extradition battle with US
> >Greg Norman
> >By Greg Norman | Fox News
> 
> Jim Bell's comment:
> (But first, note that the term "extraterritoriality" was commonly used in TWO 
> senses in regards to Assange:  First, perhaps the most common usage was the 
> fact that Assange could stay in the Embassy as if it were a different 
> country, not UK.  That is NOT the sense I am most interested in, at least in 
> part because nobody seemed to be substantially challenging that issue.  The 
> second usage, is the concept that a country can have criminal jurisdiction 
> over acts committed in another nation.  Put simply, can the US declare 
> actions by a person outside the US, when there is no clear connection to the 
> US?   I very much doubt that, in this case.  Below, you can see that I looked 
> at some statutes, and did not find any specific reference to 
> 'extraterritoriality' as part of the statutes which were then cited.  This 
> material includes points which included references to US court decisions 
> which declared that unless a statute clearly claims 'extraterritoriality' 
> over acts in other nations, it should be presumed to not apply.
> Did the US add any charges which DID have extraterritoriality references 
> built into the statutes?)
> 
> It's frustrating that these news-item references aren't written to include 
> issues such as extraterritoriality included.  I will now do a time limited 
> Google-search for 'Assange extraterritoriality' over the last months to find 
> useful references.  Nothing.  Perhaps a law journal will have addressed this 
> important matter.  
> Let's not forget what I said on April 29, 2019:


Thanks for resending the analysis below. I spent a little time following up on 
your searches, including looking at whether 'comity' is a pathway to valid 
extratorritality. Like you, I came up with no basis in the USC, including, as 
you cited, in the sections dealing with espionage.

Commentary:

It is not in the interests of most commercial media outlets to highlight the 
legal shortcomings of the US efforts to extradite Assange, any more than it is 
to highlight the attacks on journalistic freedom, war on whistleblowers, etc.

But even non-mainstream coverage seems to ignore the key issue of 
extraterritoriality. It's not a difficult concept to grasp. I don't think this 
is a concept that occurs to most journalists.

Generations of Americans have grown up with the notion that the US is the 
World's police force. The ubiquity of US enforcement - i.e., military might, 
and many other mechanisms - is not questioned. It is celebrated.

My theory concerning the relentless pursuit of Assange is that the ultimate 
court outcomes are not the main object. The main object is ongoing and very 
public punishment, certainly including unending incarceration and intimidation, 
for daring to air the US' dirty laundry.
 - Greg



> ---jim bell 
> To:CypherPunks
> Apr 29 at 5:31 PM
> From:     https://www.justice.gov/opa/press-release/file/1153486/download
> 15(B) to intentionally access a computer, without authorization and exceeding 
> authorized access, to obtain information from a department and agency of the 
> United States in furtherance of a criminal act in violation of the laws of 
> the United States, that is, a violation of Title 18, United States Code, 
> Sections 641, 793(c), and 793(e). (In violation of Title 18, United States 
> Code, Sections 371, 1030(a)(l), 1030(a)(2), 1030(c)(2)(B)(ii).) 
> 
> [end of partial quote]
> There is a principle of American law, upheld by the Supreme Court, that a 
> Federal law is only supposed to be considered of "extraterritorial" 
> application (applies outside the boundaries of United States territory) if 
> the Congress specifically intended that application, and was signified by 
> including such language within the law 
> itself.https://en.wikipedia.org/wiki/Extraterritorial_jurisdiction
> 
> "In Morrison v. National Australia Bank, 2010, the Supreme Court held that in 
> interpreting a statute, the "presumption against extraterritoriality" is 
> absolute unless the te

Re: tor replacement - Re: OnionShare Tor

[Greg Newby]

On Fri, Oct 18, 2019 at 06:44:58PM -0300, Punk - Stasi 2.0 wrote:
> On Fri, 18 Oct 2019 21:06:09 +0100
> Steven Schear  wrote:
> 
> > Isn't that why networks like i2p exist?
>   
>   yes, I was about to mention that i2p does have some of the 
> characteristics that a tor replacement should have. Like
> 
>   1) all users are also routers.
>   2) it's not funded by the pentagon.
>   3) there are no central 'directory authorities' - it's a  p2p network.
> 
>   https://geti2p.net/en/comparison/tor
> 
>   looks like i2p COULD do traffic padding, but it's not doing it. 
> 
>   "Other potential benefits of I2P but not yet implemented" 
>   "create a tunnel that will handle 500 messages / minute, where the 
> endpoint will inject dummy messages if there are insufficient messages" 
> 
>   for what it's worth, I tried i2p in the past a few times and abandoned 
> it after a few days because I didn't find any interesting content in the 
> network. My assumption was that if there was no 'illegal' content, then the 
> system must have some (serious) flaw. On second thought I realize that's not 
> necessarily the case at all. 

It seems you can configure tor browser to route over i2p:
 
https://www.reddit.com/r/i2p/comments/di6efs/configure_tor_browser_90a7_to_work_with_i2pd/

Freenet is another like-minded project. In addition to routing, it can host 
content: https://freenetproject.org/pages/documentation.html

Re: Richard Stallman Gets SJW'd

[Greg Newby]

On Fri, Oct 11, 2019 at 11:52:07AM +1100, Zenaan Harkness wrote:
> ...
> Those who presently rule, do so with unethical foundations.

Indeed.

> 
> Can there be such a thing as an "ethical billionaire"?

Sure, if you allow making massive donations to charities, building out a 
national park system in Chile, and funding health research to qualify as 
"ethical."

Rowling: 
https://www.snopes.com/fact-check/j-k-rowling-drops-off-forbes-billionaires-list/

Chouinard: 
https://www.washingtonpost.com/news/business/wp/2017/12/05/im-not-going-to-let-evil-win-patagonias-billionaire-owner-says-he-plans-to-sue-trump/

Feeney: https://www.bbc.com/news/uk-northern-ireland-29238545

Chittilappilly: 
https://www.forbes.com/sites/naazneenkarmali/2019/01/24/why-a-former-billionaire-is-giving-away-his-wealthand-made-the-ultimate-gift/#ef1b0381d5db
 

I didn't immediately find any American billionaires who gave it all away. Even 
the billionaires above seem to argue that money corrupts. Yet they manage to 
keep a moral compass, of some sort.

Actually, the Bill & Melinda Gates Foundation does quite a lot of good work, 
too. Wikipedia says they gave $28B, as of 2013: 
https://en.wikipedia.org/wiki/Bill_%26_Melinda_Gates_Foundation

 - Greg

Re: NPR: What Killed Adrian Lamo, The Hacker Who Turned In Whistleblower Chelsea Manning?

[Greg Newby]

Correction: I didn't mean Adrian's extradition hearing, of course. I meant 
Julian's. 

On Thu, Sep 19, 2019 at 05:22:11PM -0700, Greg Newby wrote:
> On Thu, Sep 19, 2019 at 08:51:45PM +, jim bell wrote:
> > NPR: What Killed Adrian Lamo, The Hacker Who Turned In Whistleblower 
> > Chelsea Manning?.
> > https://www.npr.org/2019/09/19/760317486/the-mysterious-death-of-the-hacker-who-turned-in-chelsea-manning?ft=nprml=1001
> > 
> 
> It seemed like a well-researched article. I was expecting it to be an audio 
> story, but it's written.
> 
> It includes a 3-page FBI report on the HOPE conference, which was fun to 
> read. (Disclaimer: I was the one who shepherded Adrian for the panel the 
> article mentions; Also, I introduced him for another session, where he 
> screened the "Hackers Wanted" film.)
> 
> The HOPE security people gave him very good support, making sure he was not 
> physically threatened. But people were very, very vocal about their negative 
> views on him as a snitch. As described in the article.
> 
> I always thought he was a sad character: lonely, and marching to the beat of 
> a different drummer. The "Hackers Wanted" film supports this view.
> 
> The article has a hand-written note from Chelsea saying she holds no ill will 
> towards Adrian - this was from just the past few days. Given the deception by 
> Adrian from their chat session, way back pre-arrest, I'm surprised by this. 
> Adrian clearly believed, in that instance and others, that the ends justified 
> the means.
> 
> The timing of this NPR article is due to Adrian's extradition hearing, 
> scheduled for February 2020. With Chelsea refusing to witness for the feds 
> (and spending time in jail as a penalty for this contempt of court), Adrian 
> might have been a key witness for events around the disclosure of secure 
> documents, and their eventual ingestion to Wikileaks.
> 
> But that's another story. Is there a US judge who will believe that trying to 
> brute force a Windows password is espionage? Stay tuned...
>  - Greg

Re: NPR: What Killed Adrian Lamo, The Hacker Who Turned In Whistleblower Chelsea Manning?

[Greg Newby]

On Thu, Sep 19, 2019 at 08:51:45PM +, jim bell wrote:
> NPR: What Killed Adrian Lamo, The Hacker Who Turned In Whistleblower Chelsea 
> Manning?.
> https://www.npr.org/2019/09/19/760317486/the-mysterious-death-of-the-hacker-who-turned-in-chelsea-manning?ft=nprml=1001
> 

It seemed like a well-researched article. I was expecting it to be an audio 
story, but it's written.

It includes a 3-page FBI report on the HOPE conference, which was fun to read. 
(Disclaimer: I was the one who shepherded Adrian for the panel the article 
mentions; Also, I introduced him for another session, where he screened the 
"Hackers Wanted" film.)

The HOPE security people gave him very good support, making sure he was not 
physically threatened. But people were very, very vocal about their negative 
views on him as a snitch. As described in the article.

I always thought he was a sad character: lonely, and marching to the beat of a 
different drummer. The "Hackers Wanted" film supports this view.

The article has a hand-written note from Chelsea saying she holds no ill will 
towards Adrian - this was from just the past few days. Given the deception by 
Adrian from their chat session, way back pre-arrest, I'm surprised by this. 
Adrian clearly believed, in that instance and others, that the ends justified 
the means.

The timing of this NPR article is due to Adrian's extradition hearing, 
scheduled for February 2020. With Chelsea refusing to witness for the feds (and 
spending time in jail as a penalty for this contempt of court), Adrian might 
have been a key witness for events around the disclosure of secure documents, 
and their eventual ingestion to Wikileaks.

But that's another story. Is there a US judge who will believe that trying to 
brute force a Windows password is espionage? Stay tuned...
 - Greg

List URL (Re: Fwd: Official blah blah)

[Greg Newby]

I'm still intending to get the archives from 1992-2015 up on the site, and will 
need to set up a new list to test integration.

It's possible we will need a second list just for those archives. This is 
because there are thousands of messages with bad headers, and I'm concerned 
that Mailman might (a) get direly confused, (b) intersperse old messages with 
new messages, or otherwise break the more recent archives. If this is 
happening, it might be better to have a separate list, just for the older 
archives.

What I'm talking about is a nice browsable archive (by date, thread...), in 
addition to by-month mbox files as well as the multi-year mbox files.

But if it can all be integrated, I will do as you suggest below and have the 
main site to go the (only) list, rather than to a listing of one list.

Stay tuned... I've been plugging away at processing the archives, and hope to 
get something ready for review in the next couple of weeks. It's around 92,000 
messages in a little over 500MB. (My personal first posting to the list in the 
archive was from September 2000: 19 years ago!)
 - Greg

On Fri, Sep 06, 2019 at 02:35:23AM -0400, grarpamp wrote:
> Given there are no other lists to choose from
> 
> Browser requests for
> 
> https://cpunks.org/
> 
> should end up here
> 
> https://lists.cpunks.org/mailman/listinfo/cypherpunks
> 
> not here
> 
> https://lists.cpunks.org/mailman/listinfo

Re: Fwd: Official blah blah

[Greg Newby]

On Wed, Sep 04, 2019 at 01:59:59PM -0700, Razer wrote:
> The listserv software should have picked this up and shitcanned it. 

Yes. It held it for moderation based on too many cc's. It was from a subscribed 
address, so as moderator I let it pass.

It didn't seem wackier than our usual list traffic.

One of the options is Mailman is to require moderator approval for a 
subscriber's first posting. I could enable that if desired, but it would mean 
that the people who keep changing their subscribed email addresses (you know 
who you are!) will need to wait for moderation. If there is clamor for tighter 
moderation, this is one of the semi-automated tools available.
 - Greg

> lo...@bayareanewsgroup.com, mediainqu...@ondcp.eop.gov, amanp...@cnn.com, 
> d...@ondcp.eop.gov, onparent...@washpost.com, me...@ptt.gov, 
> jcre...@trumporg.com, politicoem...@politicopro.com, bars...@nytimes.com, 
> l...@newsday.com, jholl...@ap.org, walt...@nytimes.com, edi...@smdp.com, 
> sheri.f...@nytimes.com, pr...@trumporg.com, f...@ondcp.eop.gov, 
> tny_sho...@newyorker.com, cont...@couragefound.org, 
> submissi...@theintercept.com, klsoe...@yahoo.com, amy.choz...@nytimes.com, 
> woodwa...@washpost.com, ssla...@ondcp.eop.gov, e...@spacex.com, 
> ogc.electronic.freedom.of.informat...@usdoj.gov, 
> cypherpunks@lists.cpunks.org, tr...@trumporg.com, 
> executive_secretar...@ondcp.eop.gov, postmas...@whitehouse.gov, 
> commiss...@ondcp.eop.gov, esulli...@ap.org, 1morethingpodc...@gmail.com, 
> jhack...@ondcp.eop.gov, currentyas...@gmail.com, pme...@email.unc.edu, 
> sari.horw...@washpost.com, meredith_l._defrai...@ondcp.eop.gov, 
> jsivi...@ondcp.eop.gov, members...@reddingcc.org, 
> daily...@corsicanadailysun.com, breakingn...@mail.cnn.com

Re: Censors steer cryptogra...@metzdowd.com mailing list, kill free and open discussion

[Greg Newby]

On Thu, Aug 01, 2019 at 11:29:14AM +, John Newman wrote:
> 
> 
> On July 31, 2019 5:50:06 PM UTC, Greg Newby  wrote:
> >On Fri, Jul 26, 2019 at 12:02:26PM +, John Newman wrote:
> >> List archives are down - the website is going to the gutenberg vhost.
> >
> >(This report is from last Friday)
> >
> >Did anyone else encounter problems? Or, more importantly, are there any
> >ongoing problems? I wasn't able to recreate what John reported, and (as
> >promised) have not been trying to "fix" anything lately.
> > - Greg
> 
> Hi Greg -
> 
> I noticed the problem when I tried to click on the link
> grarpamp sent, it 404'd and going to lists.cpunks.org
> loaded the Gutenberg site. But, it all started working 
> properly later on that same day, or sometime soon after
> (I can't remember precisely , but it came back quickly)

I think this was just bad luck at visiting the site while the service was being 
restarted. It takes a few seconds for all the Apache virtual hosts to 
reinitiate.

  - Greg


> >
> >> On July 26, 2019 5:47:48 AM UTC, grarpamp  wrote:
> >> >Rethread from
> >> >https://lists.cpunks.org/pipermail/cypherpunks/2019-July/075615.html
> >> >
> >> >Priv said:
> >> >>> Subject: You have been unsubscribed from the cryptography mailing
> >> >list
> >> >> that looks a lot like an auto-remove due to bounces
> >> >
> >> >No. That's the admin unsubscribe button talking.
> >> >
> >> >cryptogra...@metzdowd.com is run by silly censors.
> >> >
> >> >> Perhaps this would be a good time to
> >> >
> >> >Call them out and quit that list for elsewhere.
> >> >
> >> >
> >> >
> >> >> You have been unsubscribed from the cryptography mailing list
> >> >
> >> >> 554 5.7.1 : Recipient address rejected:
> >> >> you must be a subscriber to cryptogra...@metzdowd.com to post to
> >the
> >> >list.
> >> >
> >> >> The email address you supplied is banned from this mailing list.
> >If
> >> >> you think this restriction is erroneous, please contact the list
> >> >> owners at cryptography-ow...@metzdowd.com.
> >> >
> >> >To expand... there were *never* at any time any messages
> >> >posted through to the list that in any way justify
> >> >this laughable action by Perry the Censor, because
> >> >the list is under total moderation... as such, said
> >> >"moderaters" have personally approved every single
> >> >poster, thread, and message to the list. Therefore
> >> >every message posted to the list, including mine,
> >> >has been *by exclusive logical definition* fully
> >> >compliant with charter and fully endorsed by
> >> >"moderator" and, regarding what did post, had every
> >> >oppurtunity to be discussed, counter opined, even
> >> >objected to by the list recipients publicly on list, to
> >> >which there were effectively no substantive objections
> >> >therein, either due to lack of cause, and or due to
> >> >themselves being censored on objections, thus
> >> >any of those objections were logically deemed invalid
> >> >by moderator that action serving as a double approval
> >> >by moderator.
> >> >
> >> >There is no reason to believe subjects of censorship
> >> >will be permitted to open original thread discussion
> >> >on list regarding such censorship, nor be successful
> >> >in raising argument direct to censorious moderators...
> >> >history shows both those as generally futile efforts...
> >> >thus there can be no real expectation that the censored
> >> >should even bother trying such avenues of recourse.
> >> >To wit, who has succeeded with Facebook, YouTube,
> >> >Twitter, Instagram, etc... people have to quit them
> >> >and move to better solutions.
> >> >
> >> >Instead of following on from the rare mentions of
> >> >censorship that did made it on list by opening up a full
> >> >original thread discussion with and for subscribers
> >> >on list in public as to why Perry the Censor approved
> >> >tens of one sided threads and posts through to the
> >> >list, and then blocked counter opinion, reference
> >> >links, conversation and data from being posted in
> >> >reply t

Re: Censors steer cryptogra...@metzdowd.com mailing list, kill free and open discussion

[Greg Newby]

On Fri, Jul 26, 2019 at 12:02:26PM +, John Newman wrote:
> List archives are down - the website is going to the gutenberg vhost.

(This report is from last Friday)

Did anyone else encounter problems? Or, more importantly, are there any ongoing 
problems? I wasn't able to recreate what John reported, and (as promised) have 
not been trying to "fix" anything lately.
 - Greg

> On July 26, 2019 5:47:48 AM UTC, grarpamp  wrote:
> >Rethread from
> >https://lists.cpunks.org/pipermail/cypherpunks/2019-July/075615.html
> >
> >Priv said:
> >>> Subject: You have been unsubscribed from the cryptography mailing
> >list
> >> that looks a lot like an auto-remove due to bounces
> >
> >No. That's the admin unsubscribe button talking.
> >
> >cryptogra...@metzdowd.com is run by silly censors.
> >
> >> Perhaps this would be a good time to
> >
> >Call them out and quit that list for elsewhere.
> >
> >
> >
> >> You have been unsubscribed from the cryptography mailing list
> >
> >> 554 5.7.1 : Recipient address rejected:
> >> you must be a subscriber to cryptogra...@metzdowd.com to post to the
> >list.
> >
> >> The email address you supplied is banned from this mailing list. If
> >> you think this restriction is erroneous, please contact the list
> >> owners at cryptography-ow...@metzdowd.com.
> >
> >To expand... there were *never* at any time any messages
> >posted through to the list that in any way justify
> >this laughable action by Perry the Censor, because
> >the list is under total moderation... as such, said
> >"moderaters" have personally approved every single
> >poster, thread, and message to the list. Therefore
> >every message posted to the list, including mine,
> >has been *by exclusive logical definition* fully
> >compliant with charter and fully endorsed by
> >"moderator" and, regarding what did post, had every
> >oppurtunity to be discussed, counter opined, even
> >objected to by the list recipients publicly on list, to
> >which there were effectively no substantive objections
> >therein, either due to lack of cause, and or due to
> >themselves being censored on objections, thus
> >any of those objections were logically deemed invalid
> >by moderator that action serving as a double approval
> >by moderator.
> >
> >There is no reason to believe subjects of censorship
> >will be permitted to open original thread discussion
> >on list regarding such censorship, nor be successful
> >in raising argument direct to censorious moderators...
> >history shows both those as generally futile efforts...
> >thus there can be no real expectation that the censored
> >should even bother trying such avenues of recourse.
> >To wit, who has succeeded with Facebook, YouTube,
> >Twitter, Instagram, etc... people have to quit them
> >and move to better solutions.
> >
> >Instead of following on from the rare mentions of
> >censorship that did made it on list by opening up a full
> >original thread discussion with and for subscribers
> >on list in public as to why Perry the Censor approved
> >tens of one sided threads and posts through to the
> >list, and then blocked counter opinion, reference
> >links, conversation and data from being posted in
> >reply to those very same threads and posts moderators
> >approved in the first place, or by direct notice...
> >Perry the Censor hit the ban button when proven and
> >logged out as Biased Censor to the other topically
> >related yet unmoderated and public cypherpunks list.
> >
> >Note the ban button clearly being laughably pointless,
> >and supports above status, as again, the list is under
> >total moderation whereby all posts must be approved,
> >and the ban button has zero effect on other fora.
> >
> >At least now more people know the list is unreasonably
> >biased and censored.
> >
> >""Cryptography" is ... devoted to cryptographic
> >technology and its political impact ... security and
> >privacy technology and its impact ... technical
> >aspects of cryptosystems, social repercussions of
> >cryptosystems, and the politics of cryptography ...
> >export ... laws ..."
> >
> >Surely Satoshi is a bit dissapointed at artificial curtailment
> >of discussion in above areas regarding their cryptosystem
> >Genesis. One would hope that no original leaks of
> >Top Secret breaks to cryptosystems are being censored
> >there, and that no other games are being played with
> >crypto topics... who knows.
> >
> >I might reconsider claimed status in re censorship, bias,
> >hypocrisy, etc upon such time as there is free and open
> >discussion on the cryptogra...@metzdowd.com list such
> >that the list membership may become apprised
> >and participate as the ongoing source of moderation
> >guidance, and upon such time as any reasonably mindful
> >to charter original threads approved are able to
> >enjoy reasonably full illumination thereafter by all
> >subscribers interested in doing so respectably within
> >thread topic as developed.
> >
> >
> >Here's the censored post that caused the Censor's minds 

Re: test to cypherpu...@cpunks.org

[Greg Newby]

On Sat, Jul 20, 2019 at 09:26:14PM -0400, grarpamp wrote:
> test to cypherpu...@cpunks.org

I think I need to stop screwing around with the server email configuration now. 
I've reverted to the config from before the DNS change, and emails are flowing 
again.
 - Greg

Re: Postgrey (Re: impersonating Juan, a quick test)

[Greg Newby]

On Sat, Jul 20, 2019 at 03:35:13PM -0400, grarpamp wrote:
> Gmail threw these status 4.4.1 delays for one message
> to cypherpu...@cpunks.org over the last few
> days before ultimately failing...
> 
> Diagnostic-Code: smtp; The recipient server did not accept our
> requests to connect. Learn more at
> https://support.google.com/mail/answer/7720
>  [mail.pglaf.org. 2604:3200:0:3:21e:67ff:fe86:ff9c: timed out]

Sorry about that! I screwed up the DNS for the PGLAF server, and basically had 
IPv6 partially configured.

I think it's now fixed. The good news is dual stack (IPv6 and IPv4) is now 
enabled. 

Why was I making changes? Because the afore-mentioned lifetime free service 
from Oracle emailed me on July 16, saying that I was using too many DNS 
queries. It wasn't clear whether they would bill me, or just refuse to handle 
requests beyond the number allowed. 

So, I moved pglaf.org to Cloudflare, but neglected to move all of the entries. 
Plus I created a nice new IPv6 entry for Mail Exchange (MX record) but didn't 
configure Postfix to actually utilize IPv6.

So, my fault. Let me know of any other anomalies... I hope that there were 
proper bounce messages, for anything that didn't get through.

Anyone who sent a message, but isn't sure whether it arrived, can check the 
list archives here: 
https://lists.cpunks.org/pipermail/cypherpunks/2019-July/date.html
 - Greg

Re: newsflash! cypherpunks mailing list is behind cloudflare-NSA

[Greg Newby]

Thanks for the discussion and input on the DNS hosting. I appreciate the 
knowledge and speculation of the group.

Another newsflash! I turned off CDN in Cloudflare. All traffic (web, email, and 
any other IP traffic) will go straight to the (only) server at 65.50.255.19, 
2604:3200:0:3:21e:67ff:fe86:ff9c/64.

For the curious, this is a server that is owned by the Project Gutenberg 
Literary Archive Foundation (a 501(c)3 charity that operates Project 
Gutenberg). I'm the long-time director & CEO. The server is a real physical 
server, not a VM or cloud-hosted. It hosts a few other domains, including 
companies of my wife & mother-in-law. Also our hobby site for dog mushing, 
https://www.stinkypup.net .. 

The server lives in a Castle Access facility in San Diego, but my hosting 
provider is johncompanies.com (it's their rack, and they provide excellent 
front-line support. Recommended).

The upstream connection is provided by Cogentco. All of the above could be 
discovered with a little sleuthing, and I thought the list subscribers might be 
interested.

Concerning Cloudflare: If there are recommendations for other free or cheap DNS 
providers, I'd like to hear them. I had used editdns and Zonedit for years, 
then the first was bought by DynDNS then by Oracle, and the second ceased 
operations. I prefer to have my domain WHOIS on one provider, my DNS with 
another provider, and then to run the server myself.

I still have other domains with Oracle's DNS service, which used to be DynDNS. 
They grandfathered "Lifetime" free service, and that lifetime is now ending: 
Oracle announced end-of-life for their free service as of May 2020. So, I need 
to move those other domains somewhere. Cloudflare offers a lot of capability at 
their free level, so that's what I tried with lists.cpunks.org 

Also, one other administrativia: The www.cpunks.org is on a different server, 
different IP, and different nameserver. It just redirects to lists.cpunks.org 
right now, but Riad and I like having some division of services.

More on archives etc.:

On Fri, Jul 12, 2019 at 06:34:07PM -0400, grarpamp wrote:
> On 7/12/19, Greg Newby  wrote:
> > Newsflash! This happened in April, and was announced here:
> >   https://lists.cpunks.org/pipermail/cypherpunks/2019-April/045250.html
> > We have been on Cloudflare's DNS since then for the email lists.
> 
> Use of CF or any other CDN was not mentioned in the announcement,
> whether for DNS, or HTTPS. The entire internet is NSA anyway.

My bad for not mentioning it. There are tons of features in Cloudflare, even at 
the free service level, and this one was on by default. I spent a little time 
twiddling it, and then left it on. This should have been disclosed to the list.

Anyway, it's now off, and I intend to leave it off. Other related features, 
like Javascript-based captchas, are options on top of the CDN, so none of that 
stuff will happen to our list.

The only reason I might consider turning it on temporarily in the future is if 
there is a DDoS against the server. Cloudflare has some great capabilities for 
intercepting attack traffic.

And:

> If CDN for HTTPS, consider multihoming on I2P or Tor
> so users can still access when CDN javascript captcha
> or otherwise arbitrarily blocks them or goes down.

Yeah, I will try to look into this. I haven't set it up before, but 
instructions are out there. I agree this is a perfectly reasonable thing to do 
for the list.

> As to caching bandwidth and archives...
> 
> You really should fork that 335MiB mbox file off now
> or no later than year end, and compress it, and
> then once yearly thereafter, and sign them all.
> People will eventually seed them into IPFS, etc.

Yes. I am overdue for doing this, and don't mind being periodically reminded.

If someone else wants to work on this type of thing, I can provide easy access 
to everything. Basically, we have a complete archive from 2013-present, and 
nearly complete from before that back to the earliest days. Though the older 
stuff is in mbox files that don't parse quite correctly, and have tons of spam.
  - Greg

> Try using a modern unix compression tool like zstd,
> they are faster, smaller, available for all systems...
> 
> https://github.com/facebook/zstd
> https://facebook.github.io/zstd/
> https://code.fb.com/core-data/zstandard/
> https://en.wikipedia.org/wiki/Zstandard

Re: newsflash! cypherpunks mailing list is behind cloudflare-NSA

[Greg Newby]

Newsflash! This happened in April, and was announced here:
  https://lists.cpunks.org/pipermail/cypherpunks/2019-April/045250.html

We have been on Cloudflare's DNS since then for the email lists. 

I have shut their CDN on and off, and it's currently on. This means that their 
content distribution network does some caching of visits to 
https://lists.cpunks.org (i.e., the Mailman interface to list archives etc.).

But the CDN doesn't handle emails. Those go through the (only) server for the 
list, which is also known as PGLAF.org.

In olden days of cypherpunks, there was a distributed list delivery via 
multiple servers. These days, it's on the single server, managed by the Mailman 
software. The server has the usual array of anti-spam measures like 
graylisting, SPF, DKIM and DMARC. But it's not that hard to spoof another 
user... if there are problems, I can dig into them a bit via the server logs.

And, if people think we should turn off the Cloudflare CDN, I can do that 
easily enough. It is not very relevant for us, other than perhaps making it a 
bit faster for people who are harvesting the list archives from somewhere that 
the CDN is faster than the (GigE) network that PGLAF.org sits on.
 - Greg

On Fri, Jul 12, 2019 at 01:02:20AM -0300, Punk wrote:
> 
> 
> subject says it all. 
> 
> oh and I didn't send the previous message "Cryptocurrency: Trump Pumps 
> Cryptos, Andreas Blasts jewcoins" 

Re: temporary fix for disabled Firefox extensions

[Greg Newby]

The steps mentioned below didn't help me, and the alleged automated fixes from 
Mozilla had not arrived, so I checked again and see they updated their 
documentation: 
  
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/

Turns out you need to enable Firefox "studies," which I had disabled in 
Preferences.

And now, the documentation says I need to wait up to 6 hours for the study to 
get loaded. These failed automated updates feel like, "give me convenience, or 
give me death." Convenience failed, and now I'm assaulted by ads since uBlock 
Origin is disabled. I had forgotten how unpleasant the Web is.
  - Greg

On Sat, May 04, 2019 at 12:51:19PM -0700, Razer wrote:
> Steve Kinney posted this fix elsewhere. Be sure to see my addenda below.
> 
> "MOZILLA just ripped out /all/ the privacy and security tools I had installed 
> in Firefox, without warning.  When I tried to reinstall them, FIREFOX LIED, 
> presenting a notice indicating a broken web connection to the download site.  
> 
> How to fix this:  
> 
> 1)  Open a new tab, and type the address about:config
> 
> 2)  Ignore and click through the warning.
> 
> 3)  Search for xpinstall.signatures.required, and toggle the value from true 
> to false
> 
> 4)  Search for extensions.langpacks.signatures.required and toggle the 
> setting from true to false
> 
> Then reinstall your extensions if necessary.
> 
> Maybe one in 50 to 100 Firefox users would even know where to begin looking 
> for a way to fix this.  Right now I am not at all happy with Mozilla.  To put 
> it very mildly."
> 
> Addenda: 
> "Did that, restarted browser, NoScript and and uBlock origin still inactive 
> with signature warning. Went to Add-ons page. Instead of install buttons 
> there were enable buttons. clicked and restarted the browser. Works now. Not 
> wasting my time to see if resetting the about:configs to true makes the 
> enable button at the add-on page disappear or not
> 
> Went looking for a fix last night but none were android specific and I didn't 
> know the exact config terms because I'd always used an add-on that disabled 
> the sig requirements in my computer's version of Firefox."
> 
> Rr
> Sent from my Androgyne dee-vice with K-9 Mail
> 
> 
> On May 3, 2019 9:06:04 PM PDT, Mirimir  wrote:
> >| All extensions disabled due to expiration of intermediate signing
> >cert
> >
> >https://bugzilla.mozilla.org/show_bug.cgi?id=1548973
> >
> >See https://news.ycombinator.com/item?id=19823928 for workarounds in
> >MacOS and Linux.
> >
> >I posted to tor-talk, but my account may be blocked. So maybe someone
> >could post if it doesn't show up soon.

Re: Cypherpunks nameserver changes will happen Wednesday

[Greg Newby]

It looks like the DNS changeover worked ok. Please let me know of any 
anomalies...

The idea below of blocking the big ISPs is an interesting one. 

Back in the olden days, the Cypherpunks list was actually a meta list, with 
several different email servers that each had their own subscribers and handled 
message delivery for those subscribers. There could again be such a 
constellation of list servers, and some of those could opt to reject 
communications from some providers.

 - Greg

On Wed, May 01, 2019 at 02:52:18AM -0400, grarpamp wrote:
> > quarantined or rejected by many large email providers.
> >
> > Those anti-spam measures are a good topic for discussion. They have some
> > merit in identifying the validity of the servers that messages come from.
> 
> > But they don't help with validating the sender, or non-repudiation, or other
> > features that have existed at least as long as PGP.
> 
> Begging the State to validate you destroys all valuable
> anonprivacy that humanity needs, do not do that, instead
> retain validation of yourself soley as you deem useful to you.
> 
> > It's not easy to run your own mail transport agent these days. Here is a
> > little article from some other victims of the behemoth ISPs:
> 
> The better solution is to simply fight back... blacklist google,
> yahoo, microsoft,
> with a message back to the sender to go convince their
> recipient to move to a legitimate and open email provider
> because their current one is stupidly blocking and spying their mail.
> Give them a nice timeout after which the big three get sunk.
> 
> No one who runs their own dspam style spamassassin av
> whitelist responder has any real problem at all... because they
> are in control of the receiving parameters, not some stupid
> megacorp third party whim in their spool.
> 
> More mail providers need to be offering these options as end
> user spool configurables, aggregating for selection at per
> provider or per account levels.
> 
> Distributed overlay messaging's end to end
> and encrypted delivery will take over for anyone
> serious about communicating, including corporations.
> 
> Unfortunately faceboogle sheeple will continue as they are.

Cypherpunks nameserver changes will happen Wednesday

[Greg Newby]

Dearest colleagues,

Riad and I are planning on coordinating some changes to the DNS entries for the 
cpunks.org domain, sometime during US business hours on May 1. Basically, we 
will be splitting out lists.cpunks.org (the PGLAF.org server, which I run and 
is where this list lives) as a subdomain in the DNS, separately from the rest 
of cpunks.org (which Riad runs, and mostly redirects to lists.cpunks.org 
anyway).

If the change goes well, nothing noticeable will happen and emails to the list 
will continue to flow.

If the change goes poorly, there might be some email messages that bounce or 
are delayed. I will send an email update to the list when the change is done, 
to test that things are working.

Once things have been working for a few days, I will then make some updates to 
the DNS records to improve adherence to modern email anti-spam "standards" 
(DKIM, SPF and DMARC). This should cut down on messages that are quarantined or 
rejected by many large email providers. 

Those anti-spam measures are a good topic for discussion. They have some merit 
in identifying the validity of the servers that messages come from. But they 
don't help with validating the sender, or non-repudiation, or other features 
that have existed at least as long as PGP. 

It's not easy to run your own mail transport agent these days. Here is a little 
article from some other victims of the behemoth ISPs: 
https://www.tablix.org/~avian/blog/archives/2019/04/google_is_eating_our_mail/

Best wishes for a Happy May Day, to all.  
  - Greg 

Tim May (fwd)

[Greg Newby]

Forwarding without attribution from another list I'm on:

> Date: 14 Dec 2018 22:27:00
> Subject: Tim May
> 
> I am sorry to report that Tim May has passed away, apparently of
> natural causes.  I know that Tim was a controversial figure on this
> list.  Actually, I can't think of any list or community where Tim was
> not a controversial figure!  But, to those of us who were his fans,
> Tim was a giant.  My condolences to all of you.

I have not seen independent confirmation or an obituary, and his Wikipedia page 
isn't updated: https://en.wikipedia.org/wiki/Timothy_C._May

Among other things, that page mentions: "Writings on cryptography and privacy: 
May was a founding member of, and has been one of the most voluminous 
contributors to, Cypherpunks electronic mailing list. He wrote extensively on 
cryptography and privacy from the 1990s through 2003."

  - gbn

Cloudflare announces ESNI to decrease ISP's ability to know which sites you visit

[Greg Newby]

https://blog.cloudflare.com/esni/

A follow-on to their launch of Cloudflare's 1.1.1.1 resolver network, and 
coming to Firefox nightly builds.  ESNI makes sure the site component of HTTPS 
requests are encrypted, not just the payload.

The blog post says they were motivated by the April 2017 repeal of restrictions 
of ISPs gathering customer browsing.  When you visit an https site, the server 
needs to know the name of the site before SSL/TLS negotiation can start (at 
least, on a server that has multiple hostnames on the same IP address), because 
that is how the server knows which certificate to utilize.  

ESNI goes beyond SNI (Server Name Indication), a 2003 IETF RFC.  The blog post 
talks about browser support.  It's not so clear what is required for Web 
servers and SSL certificates to make this work end-to-end for sites that are 
not hosted on Cloudflare.

Re: cpunks forwarding ?? - [wayward4...@gmail.com: Re: New Mexico? Solar observatory evacuated by FBI, under lockdown/control until further? notice, Blackhawk chopper, antenna work crew + no observabl

[Greg Newby]

On Sat, Sep 15, 2018 at 02:19:33AM +1000, Zenaan Harkness wrote:
> On Fri, Sep 14, 2018 at 09:07:07AM -0700, Razer wrote:
> > I accidentally send from other accounts occasionally. I believe I
> > did so just last week, and I don't get bounce messages either. Just
> > sayin'. Settings check.
> 
> Well it was more "fun" when we didn't have to subscribe first to
> fun-spam the list with some  "fun" email...

Yeah, it looks like the list was unmoderated (i.e., open to any posting from 
any address) way back when.  I don't know when it became limited to subscribers 
only, but this is not a recent change.  

If there is clamor for letting anyone from anywhere post without subscribing 
(perhaps with a few anti-spam provisions, like greylisting), we could consider 
it.  But hopefully the "fix" to getting a proper bounce message when a message 
doesn't go through will be sufficient.

We do have lots of people who change their email address frequently.  Also 
people who subscribe multiple addresses (setting some to "no mail") so they can 
post from different addresses.  This is completely unrestricted and automated, 
so it's quite easy for anyone who wants to to subscribe and then start posting 
immediately. 

The big archive of pre-2016 postings that was shared last month from was 
dominated by spam, it seems.
  - Greg

Re: cpunks forwarding ?? - [wayward4...@gmail.com: Re: New Mexico Solar observatory evacuated by FBI, under lockdown/control until further notice, Blackhawk chopper, antenna work crew + no observable

[Greg Newby]

I figured this out easily: The problem is that Ric's address, 
wayward4...@gmail.com, is not subscribed to the list.  
  Ric, subscribe here: https://lists.cpunks.org/mailman/listinfo

The mystery, though, was why Ric didn't get a bounce.  It turns out the list 
was set to silently discard messages from non-subscribers, rather than reject 
(i.e., bounce) them.  So, from non-subscribers, this would look like the 
message was accepted, but it wasn't, and never got posted.

I have now found and changed the setting in Mailman ("generic_nonmember_action" 
under "Privacy options ... Sender filters").  Such messages will now instead be 
rejected.  So, people who post from an address that is not subscribed will get 
a message that the list is for subscribers only.  Certainly this is the 
expected behavior, rather than messages being accepted and then silently 
dropped.

It's not immediately clear to me whether I twiddled this setting myself, when 
we moved the lists, or this was already the setting from the old site when Riad 
managed the list.  Mea culpa, if I'm the guilty party.  I hope this config 
change addresses the anomalies that people have spotted recently, with some 
messages that appeared to be accepted for posting, but never got posted or 
archived.

Thanks for sending the full headers and other details shortly after the mishap. 
 That made it very easy to verify that Postfix/postgrey/etc. received the 
message properly and provided it to Mailman, but then Mailman didn't post it.  

Best regards to all,
  Greg

On Fri, Sep 14, 2018 at 01:05:24PM +1000, Zenaan Harkness wrote:
> Hi Greg, again, here's another email from Ric - received two this
> morning (AU time) and they don't appear in the list archives.
> 
> Is there a forwarding/rejection problem?
> 
> TIA,
> Zenaan
> 
> 
> 
> - Forwarded message from Ric Moore  -
> 
> Received: from pop.gmail.com (tm-in-f108.1e100.net [108.177.97.108])
>   by eye.freedbms.net (mpop-1.2.6) with POP3
>   for ; Fri, 14 Sep 2018 13:01:58 +1000
> Delivered-To: zen...@gmail.com
> Received: by 2002:adf:dc02:0:0:0:0:0 with SMTP id t2-v6csp114413wri;
>   Thu, 13 Sep 2018 19:26:59 -0700 (PDT)
> X-Google-Smtp-Source: 
> ANB0VdauMXEe5I4Z1zczodeUiQHqMXNABVbAcQO9fxXcM1YtzVJYpXtN2Wb4lmi+LMuCXE+oXRmo
> X-Received: by 2002:a0c:ba0f:: with SMTP id 
> w15-v6mr7642440qvf.9.1536892019049;
>   Thu, 13 Sep 2018 19:26:59 -0700 (PDT)
> ARC-Seal: i=1; a=rsa-sha256; t=1536892019; cv=none;
>   d=google.com; s=arc-20160816;
>   b=yV0+dcheBK7HmFLI7rx2aoNA/VDcwAhUkCzIZdCOOC98bGGVfly2JWB2YIi+cM1jia
>   8REpPDusHA810ELXz3Saodi12oDZnS0qanWaVhFJkRON7gc15QANnv66KtHPaqBkc94B
>   qZ02XYmoU6Q93VgdKlLTa9N1q/GfGBC9+QMBhrO7yznw538/CkhEesABPGkkmAhJ3wJu
>   6Dd6XHUDPMUvAq6LOnNYBUW+IMuAJsXEHLu8n/MQ/U3VuMpdSOo5mS30bQw//ON1Z7Qb
>   l143FFV6eehl4DI5jyheGz0Yy8iLHFSKynKYrFAsZYyq6Bt5nZXT2mW0WnT+RsvfxN+y
>   g4QQ==
> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
>   s=arc-20160816;
>   h=content-transfer-encoding:content-language:in-reply-to:mime-version
>   :date:message-id:from:references:to:subject:dkim-signature
>   :delivered-to;
>   bh=hKMFub+enKJrzL5VfWiwpWGZaTBDyQJms14YF0OOres=;
>   b=jkCRDxruhNLBuPDGmd1L4g0JEncXaeylFxKn3v5Y3LKCDUPaqAK33u1D208MQ2pyKz
>   8HBVtfocexLyF0iS3M3BZuY6lcpJ0uI4wKhwHVVFiY17e5/5d6LVtmJ+OgY3GFmPMcpT
>   2c1tuiQrkm2HhQvTFoE47P1Z9LYkbJXWotBSq5+edLUKzrs+rO+8FvCIA2wh9JRg3Op6
>   UdM3sAz1+8QdgpSV49/TX9RlAbnlc/a7xGJGeLF2S2du8ISrgdAtEY//HCUziQQyk+bA
>   CwfwYb80ey3IAFLXDUMflBKtlBuC0a6B27I0JNpiS0NR+brPy6+yMivRCWg91UsJeyzt
>   v22Q==
> ARC-Authentication-Results: i=1; mx.google.com;
>   dkim=pass header.i=@gmail.com header.s=20161025
>   header.b="k9o/gGmZ";
>   spf=pass (google.com: domain of
>   srs0=kngj=l4=gmail.com=wayward4...@bounce.secureserver.net designates
>   72.167.218.35 as permitted sender)
>   
> smtp.mailfrom="SRS0=knGj=L4=gmail.com=wayward4...@bounce.secureserver.net";
>   dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
> Return-Path: 
> Received: from p3plsmtp02-05-25.prod.phx3.secureserver.net
>   (p3plsmtp02-05.prod.phx3.secureserver.net. [72.167.218.35])
>   by mx.google.com with ESMTP id
>   z126-v6si4322472qkd.212.2018.09.13.19.26.58
>   for ;
>   Thu, 13 Sep 2018 19:26:59 -0700 (PDT)
> Received-SPF: pass (google.com: domain of
>   srs0=kngj=l4=gmail.com=wayward4...@bounce.secureserver.net designates
>   72.167.218.35 as permitted sender) client-ip=72.167.218.35;
> Authentication-Results: mx.google.com;
>   dkim=pass header.i=@gmail.com header.s=20161025
>   header.b="k9o/gGmZ";
>   spf=pass (google.com: domain of
>   srs0=kngj=l4=gmail.com=wayward4...@bounce.secureserver.net designates
>   72.167.218.35 as permitted sender)
>   
> smtp.mailfrom="SRS0=knGj=L4=gmail.com=wayward4...@bounce.secureserver.net";
>   dmarc=pass (p=NONE sp=QUARANTINE 

Re: cpunks archives gone as at September?

[Greg Newby]

On Thu, Sep 06, 2018 at 12:28:23PM +1000, Zenaan Harkness wrote:
> On Wed, Sep 05, 2018 at 07:15:07PM -0700, Mirimir wrote:
> > On 09/05/2018 06:46 PM, Zenaan Harkness wrote:
> > > On Wed, Sep 05, 2018 at 06:24:29PM -0700, Mirimir wrote:
> > >> On 09/05/2018 05:19 PM, Zenaan Harkness wrote:
> > >>> Are the cpunks archives (or the list I guess) gone for good?
> > >>
> > >> https://lists.cpunks.org/pipermail/cypherpunks/
> > >>
> > >> | September 2018 Archives by date
> > >> |
> > >> | Messages sorted by: [ thread ] [ subject ] [ author ]
> > >> | More info on this list...
> > >> |
> > >> | Starting: Wed Sep 5 17:19:36 PDT 2018
> > >> | Ending: Wed Sep 5 18:03:28 PDT 2018
> > >> | Messages: 2
> > >> |
> > >> | cpunks archives gone as at September?   Zenaan Harkness
> > >> | cpunks archives gone as at September?   jim bell
> > >> |
> > >> | Last message date: Wed Sep 5 18:03:28 PDT 2018
> > >> | Archived on: Wed Sep 5 18:03:35 PDT 2018
> > >> |
> > >> | Messages sorted by: [ thread ] [ subject ] [ author ]
> > >> | More info on this list...
> > >>
> > >> There's something ironic about that ;)
> > > 
> > > Looks like those folk who "group" reply, but are not subscribed, are
> > > not getting bounces to inform them they need to be subscribed? (or
> > > may be they are - idk)
> > > 
> > > I've had at least two such replies in September and there were no
> > > archives until today, so their emails must get to me, but be dropped
> > > due to not being subscribed, and therefore not archived.
> > > 
> > > Makes sense.
> > 
> > You've confused me.
> > 
> > Are you saying that https://lists.cpunks.org/pipermail/cypherpunks/ was
> > gone for a while recently?
> > 
> > Or are you saying that you've received messages from the list that don't
> > show up in the archives?
> 
> I received messages which I thought were from the list and did not
> show up in the archives.
> 
> There were no -actual- messages for September until today, and so the
> archive for Sept did not exist.

This seems correct.

> My sieve filter checks for To and Cc, and for the list-id, and files
> all such emails into my cp folder, and there were at least 2 such
> emails in September prior to today, which are not in the cpunks
> archives.

Evidently these messages went to you and was handled correctly, but were never 
posted to the cypherpunks@lists.cpunks.org list.

If anyone thinks messages *were* posted but *were not* archived at the link 
above, please let me know and I can dig into some log files.

> It seems that some folks group-reply, and ignore any bounce or not
> subscribed messages (since I receive such emails semi regularly, I
> assumed that such persons would subscribe or stop group-replying and
> just privately reply...)

Yes.  Mailman rejects a few things silently, but mostly people should get a 
bounce if a message is not accepted for the list.  If anyone spots anomalies, 
let me know and I can take a closer look at the list config.

I believe it's safe to "Cc: cypherpunks@lists.cpunks.org" but not "Bcc: 
cypherpunks@lists.cpunks.org"

Also Mailman has a threshold for how many addresses may be included in To: and 
Cc: before flagging for the moderator (me).  This hasn't happened recently.

I noticed this whole series of messages seems to be archived correctly, which 
indicates that at least some things are currently working correctly.

  - Greg (cpunks list maintainer)

Censorship on cypherpunks ? Re: [Cryptography] Krugman blockchain currency skepticism

[Greg Newby]

Is what's below complaining about the cypherpunks list?  I'm the "moderator" 
but never moderate anything.  When mailman's auto-defenses is triggered, I need 
to go in and twiddle it to allow the message.

For message below, mailman held the message because cypherpu...@cpunks.org was 
bcc'd among a number of other To and Cc addresses.  If you just send it to the 
list, it is unlikely to be held up by mailman.

Or maybe you are complaining about the cryptography list, or something else.  

If there are issues with the cypherpunks list, let me know (email 
gbne...@pglaf.org or cypherpunks-ow...@cpunks.org or just write to the list 
with a subject that's not about something else).
  - Greg

On Mon, Aug 13, 2018 at 03:41:34PM -0400, grarpamp wrote:
> [Resending four replies in one to participants bcc uncensored cypherpunks,
> as censorship on an already moderator approved, thus explicitly
> moderator solicited,
> variety thread where moderator already censored the queue twice
> resent, and moderator
> approved questions by posters in thread were left unanswered and
> silently ignored
> via moderators censorship... is hypocritical, especially so for topics
> within charter...
> "technical, social, political, security, privacy, legal, and
> multinational aspects of
> cryptosystems". Cheers all and enjoy the sunlight, tis all.]
> 
> 
> 
> On Mon, Aug 6, 2018 at 4:11 PM, Benjamin Kreuter  wrote:
> > On Mon, 2018-08-06 at 14:11 +0800, jam...@echeque.com wrote:
> 
> > As others have asked, what is the problem we want to solve?  The
> > beginning of this thread was a proposal that the problem is that the
> > government might target an activist group's finances.  Now it sounds
> > like you are talking about the government trying to attack the entire
> > payment system.
> 
> That is indeed a valid problem.
> Among many others in many sectors and applications.
> 
> >> A crypto currency needs to be centerless - it needs to able to
> >> survive the seizure of key servers by a hostile powerful party.
> 
> True, a properly decentralized cryptocurrency has no such
> seizable / sueable servers.
> 
> Decentralization is under attack in more ways than most people
> realize, not just by the purposeful noise deluge of junk / centralized
> coins, tokens, ico's... but also by very insidious methods.
> As an example...
> 
> https://www.youtube.com/watch?v=UYHFrf5ci_g
> https://www.youtube.com/watch?v=0BZoKH-hX_o
> https://www.youtube.com/watch?v=tKYEQVPklLI
> https://www.youtube.com/results?search_query=bitcoin+censorship
> https://www.reddit.com/r/BitcoinMarkets/comments/6rxw7k/informative_btc_vs_bch_articles/dl8v4lp/
> 
> Whether you're a user, code / crypto developer, business,
> whatever... you need to understand these things and be able
> to spot them, call them out, and exchange and adopt away
> from them once they happen. In the cryptocurrency space,
> there is no birthright, let alone against treason, or any other
> lesser offense.
> 
> A bit more from the series...
> https://www.youtube.com/watch?v=pOZaLbUUZUs
> https://www.youtube.com/watch?v=rgts1qb0hLY
> https://www.youtube.com/watch?v=yGrUOLsC9cw
> 
> > Get back to me when the Internet itself cannot be shut down by the
> > government.
> 
> For so long as free speech, encryption, and overlay networks exist,
> cryptocurrency and the internet cannot be shutdown. If you accept,
> either personally or as a populace, the shutting of your connection
> and or the disablement of your crypto, for mere agnostic tool use,
> and for no provable reason otherwise, then you're fucked.
> If the Four Hoursemen of the Infocalypse didn't do it already, then the
> only thing left is a bonafide threat to the existance of government itself...
> to its taxes collected by force. Once people worldwide start to figure out
> they can bypass the redundancy, inefficiency, non choice, war, etc of
> governments by moving their transactions onto the encrypted blockchain
> networks... that's the last game... you either sheeple out forever into a
> questionable existance, or make your stand. Don't be a sheeple..
> 
> https://www.youtube.com/results?search_query=banks+fear+bitcoin
> https://www.youtube.com/results?search_query=governments+fear+bitcoin
> 
> 
> 
> 
> On Mon, Aug 6, 2018 at 6:05 PM, John Levine  wrote:
> > In article 
> > ,
> > grarpamp  wrote:
> >> Cryptocurrency value moved every month is 30x paypal's and growing.
> >> Ten more years and those 200 million users will be on cryptocurrency.
> >
> > Paypal's current transaction volume is about $40 billion/month,
> > growing at a modest rate.  Can you tell us where you get your number
> > of $1.2 trillion/month for cryptocurrencies?
> 
> > https://www.statista.com/statistics/277841/paypals-total-payment-volume/
> 
> That should have been ~3x (2.7x) coming from just the BTC value volume
> moved, and ~385B$/mo for the entire cryptocurrency space, both using
> today's coinmarketcap rates.
> 
> Paypal is also doing ~295 tx/s, which might just be 

Re: Is this phishing?

[Greg Newby]

This appears to be automated mailman behavior.  There are some subscribers to 
the list that change their email addresses frequently, so I do not keep a very 
close eye on churn due to bounces, resubscriptions, unsubscriptions, etc.

I can always take a closer look at mail logs, if you are wondering about 
specific message legitimacy, or why something bounced, or whatever...

  - Greg (who runs the server hosting cypherpunks)

On Wed, Aug 01, 2018 at 02:22:06PM -0700, Mirimir wrote:
> On 08/01/2018 01:20 PM, jim bell wrote:
> > Your membership in the mailing list cypherpunks has been disabled due
> > to excessive bounces The last bounce received from you was dated
> > 01-Aug-2018.  You will not get any more messages from this list until
> > you re-enable your membership.  You will receive 2 more reminders like
> > this before your membership in the list is deleted.
> > 
> > To re-enable your membership, you can simply respond to this message
> > (leaving the Subject: line intact), or visit the confirmation page at
> > 
> >     https://lists.cpunks.org/mailman/confirm/c   [rest deleted]
> > 
> > 
> > You can also visit your membership page at
> > 
> >     https://lists.cpunks.org/mailman/options/cyph [rest deleted]
> > 
> > 
> > On your membership page, you can change various delivery options such
> > as your email address and whether you get digests or not.  As a
> > reminder, your membership password is
> > 
> > [deleted]
> > If you have any questions or problems, you can contact the list owner
> > at
> > 
> >     cypherpunks-ow...@lists.cpunks.org
> 
> I've gotten them before, and ignored them.
> 
> But I don't think that they're phishing. Just trigger-happy list
> software, I think.

Re: We must preserve the Cypherpunks Mailing List archives! IMPORTANT!

[Greg Newby]

On Sun, Jul 08, 2018 at 06:30:37AM +1000, Zenaan Harkness wrote:
> On Sat, Jul 07, 2018 at 07:26:21PM +0300, Georgi Guninski wrote:
> > On Sat, Jul 07, 2018 at 05:32:21AM -0700, Greg Newby wrote:
> > > The .tar.bz2 file has 92,195 individual files.  I appended them all to a 
> > > single file, which email clients can open as an mbox file.  But mailx 
> > > reported 84519 messages, and mutt reported 84531.
> > >
> > 
> > How long does it take opening them with Mutt?
> > 
> > My mutt takes more than 10 seconds to open mbox with about 11K messages
> > the first time.
> > 
> > Any workarounds for mutt?
> 
> notmutch-mutt
> 
> Or otherwise use notmuch to index all your email.
> 
> Instantaneosity FTW :)

Just a few seconds (under 5) on the systems I tried.

On a recent Macbook, this is NeoMutt 20180512 via Mac Ports.

On the PGLAF server, Mutt 1.5.21 (2010-09-15) under Ubuntu 14.04.5 LTS

Both systems have recent CPUs and > 4GB of memory, which probably helps.

Theoretically I can parse the mbox file into the list archives at 
https://lists.cpunks.org so they are navigable like the rest of the post-2013 
archive that's already there.  I'll take a look at this...

The cypherpunks archive is public, so it will then become indexable by Google 
and the other search engines.
  https://lists.cpunks.org/pipermail/cypherpunks/

  - Greg

Re: We must preserve the Cypherpunks Mailing List archives! IMPORTANT!

[Greg Newby]

I will try to find a way to add these older items to the archives at 
https://lists.cpunks.org so it's findable there.  (I'm the guy who currently 
runs Mailman and the server there.) 

The .tar.bz2 file has 92,195 individual files.  I appended them all to a single 
file, which email clients can open as an mbox file.  But mailx reported 84519 
messages, and mutt reported 84531.

I have temporarily put this combined file here, until I can add them to 
lists.cpunks.org somewhere under /var/lib/mailman:

All files concatenated as-is:
http://www.petascale.org/cypherpunks-1999-2015.mbox
md5sum:  2a4ed20b98411cfd18c69765b21c30d2  cypherpunks-1999-2015.mbox


Presumably the other ~7664 files have something that gives the email clients I 
tried indigestion.  So I appended a blank line to each file, and then ran 
"formail -ds" on each file.  Now mailx reports and mutt(neomutt) reports 96969 
messages.

All files concatenated after being "fixed" as described:
http://www.petascale.org/cypherpunks-1999-2015-fixed.mbox
a08b619f3bcc92253dbd9140956c79ef  cypherpunks-1999-2015-fixed.mbox


There are four messages from pre-1999.  Then, lots from 1999 starting with:

  Date: Tue, 16 Mar 1999 02:32:36 -0800
  From: Matthew X 
  To: cypherpu...@einstein.ssz.com
  Cc: dec...@well.com
  Subject: War on terra

There are messages going through 2016, and lots of messages with broken headers 
from formail.  It would take more work to "fix" whatever might be broken for 
all the files in the .bz2 work.  The 'nmh' email client might be helpful for 
this, since it uses individual files, rather than mbox files.

If anyone has ideas about how to create an improved mbox file (or simply 
provides one) I can add that to the lists.cpunks.org archive instead.  I will 
also add the .bz2 which provides individual files.  I'm glad that Riad had this 
older set!

Enjoy!
  - Greg

On Fri, Jul 06, 2018 at 11:09:47AM +0200, Tom Busby wrote:
> I managed the extract that file successfully.
> 
> I uploaded the extract to GitHub if you wanna just git clone it instead:
> 
> https://github.com/cryptoanarchywiki/2000-to-2016-raw-cypherpunks-archive
> 
> On Fri, 6 Jul 2018, 5:40 am Steve Kinney,  wrote:
> 
> >
> >
> > On 07/05/2018 07:20 PM, juan wrote:
> > >
> > >
> > > quote:
> > > From: "Riad S. Wahby" 
> > > Subject: Re: moving on
> > > Date: Sat, 20 Aug 2016 20:44:31 -0700
> > >
> > > Done! This tarball goes back as far as 1999, though I'm not certain
> > > it's a complete archive. Note that prior to the LNE node, the list
> > > was 100% unfiltered, so what's below includes a decent amount of spam.
> > > All told, it's about 95k messages in Maildir format.
> > >
> > > https://cpunks.org/cpunk/cypherpunks.tar.bz2
> >
> > wget sez:  HTTP request sent, awaiting response... 404 Not Found
> >
> > > https://cpunks.org/cpunk/cypherpunks.tar.bz2.asc
> >
> > wget sez:  HTTP request sent, awaiting response... 404 Not Found
> >
> > >
> > > -
> > >
> > >
> > >   I uploaded a copy of those archives here
> > >
> > >   https://www6.zippyshare.com/v/H0msMEKw/file.html
> >
> > Seems legit except 'extract' has been chewing on the file for 45 minutes
> > now without spitting out any useful bits that I can see, while 'top'
> > indicates 99% of CPU cycles dedicated to the task.  It's kind of
> > reassuring that 'extract' reports files in "GNU tar format" were found.
> > But @126 MB I would expect /most/ archive files of this size to unpack
> > in way less than a minute here.
> >
> > amidoinitrite?
> >
> > Has anybody got a verifiably useful copy?
> >
> > :o)
> >
> >
> >

Re: Adding [Cypherpunks] at the beginning of a subject by default

[Greg Newby]

Dear colleagues,

A quick FYI, since I am the current list maintainer:

1. This field is present in postings, and could be used to filter, or to munge 
or otherwise direct or update the messages you receive:
  List-Id: The Cypherpunks Mailing List 

2. We did not use the Mailman setting to prepend the list name because that was 
not part of the prior setting.  The changeover of the list hosting happened 
last year.  So, there was not much of a decision process, but simply an effort 
to keep the status quo.

  - Greg

On Fri, Apr 28, 2017 at 01:27:04PM -0400, Steve Kinney wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> 
> On 04/28/2017 05:07 AM, Avinash Sonawane wrote:
> > On Fri, Apr 28, 2017 at 1:53 PM, Vasily Kolobkov 
> >  wrote:
> > 
> >> Hey Avinash! No offence, but
> > 
> > Hello Vasily! Thanks for the reply. BTW I don't see a single
> > reason why would someone get offended. :)
> > 
> >> why don't you tweak your/choose another mail client that can sort
> >> messages for you?
> > 
> > As I said may lists follow the practice of prefixing the list name
> > to subject. It helps in quickly identifying the message without
> > even clicking on it.
> > 
> > Now about tweaking the client, which one do you use which gives
> > the ability to quickly spot the messages just by having a single
> > look at your mailbox?
> 
> Thunderbird works for me.  Every message from the CPunks list that
> hits the inbox in question lands in a CPunks folder.  New arrivals
> cause the folder name in the folders list to change color, and
> increment the message count next to the folder name.  "Easy to spot"
> becomes a non-issue; new messages are nearly impossible to miss, and
> all the messages from the list are viewed in context with the rest of
> the messages from the list when the folder is opened.
> 
> It is also very easy to create new filter rules to sort a given "from"
> address into a CPunks Spam folder, which in my case is about 20% of
> the messages from the list.  "One click" enables me to check these for
> anything interesting or useful, although such is rarely found.
> 
> Adding the list name to every subject line means pushing every subject
> line n. spaces to the right, with what I would call redundant visual
> clutter.  Looking at the list messages display in Thunderbird I count
> six presently visible subject lines that end in ... because they are
> longer than the column they appear in, /without/ a redundant list name
> in front of them.
> 
> > Even if we filter messages we still need to click on the folder
> > which contains those messages. I don't see a valid reason for not
> > saving a user click and user's time.
> > 
> > That being said, if there are not enough people who get affected
> > by this issue and we decide to continue the current practice I am 
> > thinking about using Gmail "Labels". :)
> 
> That is GMail's semi-equivalent of filtering messages into folders,
> but there's a way better method IMO:  Use Thunderbird.  GMail supports
> the IMAP protocol, so a GMail account looks and works "the same as" a
> real e-mail account when accessed via Thunderbird.  That also cuts the
> attack surface for Google's friendly, harmless Javascript / AJAX right
> out of the picture.
> 
> Also, Thunderbird + Enigmail = complete and user friendly GPG support
> for webmail accounts, with no time consuming failure prone
> work-arounds required.
> 
> Bit of fun:  GMail's AJAX code repeatedly harvests draft message text
> in progress while-u-type, a feature that makes recovery from a browser
> crash without lost work possible.  And all your plaintext are belong
> to Google.
> 
> :o)
> 
> 
> 
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.22 (GNU/Linux)
> 
> iQEcBAEBAgAGBQJZA3toAAoJEECU6c5Xzmuq9igH/j+ztMHwdPnxyk7NZGZLb+FL
> Mqw9bfgtSrBSdbvP/3VL1zuqHaapl4AB1tWMU/pMQGw1YSTfFjK16pP00xE54WS9
> dpOksUR1I9lly7duhfm3s6gD9d0x/apf3E+jDEBqaK1hKoAS/xDEYdyf55bCTyar
> sEDcFF5Zg6uo0STDPW8SHjqWrCLQVzydp5fLAxA8iogoyYSiUTq+8Od9SjG1N+sl
> 4zWO5oRRADZCN3XEI+7CIxEJ3ueIaEMIm1cu4AyXa01pgFMVlSYKh6bGIGGJ0QxO
> XoDJz1+ghqbEnDl+bvUvPLU1H0bFXrvelC0qxXn42feS1qF43XNo0jVUZsVfA8U=
> =NVrZ
> -END PGP SIGNATURE-

Yahoo covertly built a program to search all of its customers' incoming emails for specific information

[Greg Newby]

Spotted in Ars: 
http://arstechnica.com/tech-policy/2016/10/report-fbi-andor-nsa-ordered-yahoo-to-build-secret-e-mail-search-tool/

Yahoo’s CISO resigned in 2015 over secret e-mail search tool ordered by feds
Reuters: Yahoo "complied with a classified US government directive."

Cyrus Farivar - 10/4/2016, 1:59 PM


According to a new report by Reuters citing anonymous intelligence officials, 
in 2015, Yahoo covertly built a secret “custom software program to search all 
of its customers' incoming emails for specific information.”

Reuters noted that Yahoo “complied with a classified US government directive, 
scanning hundreds of millions of Yahoo Mail accounts at the behest of the 
National Security Agency or FBI, said two former employees and a third person 
apprised of the events.” It is not clear what data, if any, was handed over.

Further Reading
Yahoo exec goes mano a mano with NSA director over crypto backdoors
Presuming that the report is correct, it would represent essentially the 
digital equivalent of a general warrant—which is forbidden by the Fourth 
Amendment, as Electronic Frontier Foundation lawyer Andrew Crocker noted on 
Twitter.

The Fourth Amendment implications are staggering. Yahoo as agent of 
government scans all email, devoid of probable cause, particularity, etc 
pic.twitter.com/kx510PHH9n

— Andrew Crocker (@agcrocker) October 4, 2016

This seems to be the first known case of an American Internet company acting on 
behalf of the government to search messages in near real time—previous 
operations captured stored data or intercepted only a handful of target 
accounts.

As Reuters also reported, Yahoo's then-Chief Information Security Officer, Alex 
Stamos, resigned in protest once he found out about the secret program. Stamos 
now works at Facebook.

Yahoo did not immediately respond to Ars' request for comment.

List moved to new home (Re: New list confirmation (Re: cpunks list relocation imminent)

[Greg Newby]

Dear colleagues,

The cypherpunks email list is now moved to a new server.  You will notice 
messages are from @lists.cpunks.org

Mail to cypherpu...@cpunks.org gets forwarded to cypherpunks@lists.cpunks.org, 
so there is nothing you need to do: both addresses work, and are anticipated to 
keep working.

DKIM and SPF and TLS all seem to be running correctly.  I have not yet 
configured DMARC.  Please let me know of any recommendations or anomalies or 
missing configurations.

Riad and I will synchronize the archives in a few days.  Basically, archives 
from August 25-31 are not yet available at https://lists.cpunks.org, and 
archives from the afternoon of August 31 are split between that site and the 
legacy site, https://cpunks.org.  New messages will be archived only at 
lists.cpunks.org

There might be a few small configuration differences in the lists.  If anything 
seems wrong or disturbing, please mention it.

There are definitely differences in the underlying servers, including the mail 
agent (Postfix, for the new list).  And different servers, of course... so, 
email headers will look different.

Thanks for the advice below.  Best regards to all,
  Greg

On Mon, Aug 29, 2016 at 09:48:31PM -0700, Stephen D. Williams wrote:
> I just finally refreshed this for my server.  These instructions and test 
> reflector were extremely helpful.
> 
> https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8
> 
> sdw
> 
> On 8/29/16 9:11 PM, Bardi Harborow wrote:
> > The mail server doesn't appear to use TLS when forwarding mail to
> > subscribers. Additionally you may wish to look at configuring SPF,
> > DKIM and DMARC records.
> >
> >
> > On Tue, Aug 30, 2016 at 2:36 AM, Greg Newby <gbne...@pglaf.org> wrote:
> >> As I just wrote, this message should be going out via the *new* server and 
> >> settings.  It's addressed to cypherpunks@lists.cpunks.org, as opposed to 
> >> the regular address, cypherpu...@cpunks.org
> >>
> >> Viva la Resistance!
> >>   - Greg
> >>
> >> On Mon, Aug 29, 2016 at 09:35:04AM -0700, Greg Newby wrote:
> >>> Dear cpunks subscribers,
> >>>
> >>> As discussed on the list last week, Riad S. Wahby is exiting gracefully 
> >>> from hosting the Cypherpunks list at https://cpunks.org
> >>>
> >>> We have coordinated a transfer of the list to a server I manage, and the 
> >>> configuration appears to be fairly functional.  We have put this at 
> >>> cpu...@lists.cpunks.org (versus cpu...@cpunks.org).
> >>>
> >>> I will send a test message to the NEW list momentarily, so subscribers 
> >>> will knoow they are getting both.
> >>>
> >>> Please write back to this list, or directly to me, if you notice any 
> >>> problems or anomalies.  The mailman list settings, subscribership, etc. 
> >>> should be the same, except that subscribers since around August 25 are 
> >>> not yet on the new list.
> >>>
> >>> You can check your list settings and view the archives at the new 
> >>> location: https://lists.cpunks.org/
> >>>
> >>> Once everything is confirmed to be functional, we will change from the 
> >>> old list to the new list, and update DNS and server records so the old 
> >>> email address and list URL work on the new location.  We've set DNS TTL 
> >>> to expire quickly, once the changeover happens.
> >>>
> >>> Best,
> >>>   Greg
> >>>
> >>>
> 
>