Re: brilliancy
At 07:59 AM 04/08/2002 -0600, Anonymous wrote: Any attacker who can control 100,000 machines is a major force on the internet, while someone with a million or more is currently unstoppable: able to launch massively diffuse DDOS attacks, perform needle in a hayfield searches, and commit all sorts of other mayhem. We already understand how worms could be used to gain control of so many machines. Yet the recent revelation that Brilliant Digital Media has bundled a small trojan with KaZaA has underscored another means by which an attacker could gain control of so many machines: poorly secured automatic updaters. If an attacker can distribute his own code as an update, he can take control of millions of machines. http://www.cs.berkeley.edu/~nweaver/0wn2.html So, now, how hard would it be to use this mechanism to upload PGPNet with opportunistic encryption enabled to millions of hosts ? Do you mean How hard would it be to crack into Brilliant Digital's servers before some other SKR1P7 K1DD13Z take it over? Or do you mean Is that easier than cracking into Microsoft or Adobe or M0Zilla or some other quasi-reputable company's distribution system?? Actually using it to upload PGPNet would probably be pretty hard - it's no longer just Phil's ~200KB of badly-written MSDOS code, it's now 5-10MB of bloatware (:-), and you can't distribute a few million copies of a few megabytes to unsuspecting users without somebody noticing. Also, leaving aside the opportunistic encryption issues, which depend on having working secure inverse DNS for the FreeS/WAN flavor, you can't depend on tunnels working through firewalls or NAT or other arbitrary connections out there, so a lot of recipients wouldn't really get to have it working for them, but it might break quite visibly - especially for people who already have VPNs, and therefore usually have corporate IT support or corporate security departments who'll notice it. Better to just build a nice small ipsec client into a flashy MP3 player :-)
Re: brilliancy
On Mon, 8 Apr 2002, Bill Stewart wrote: Do you mean How hard would it be to crack into Brilliant Digital's servers before some other SKR1P7 K1DD13Z take it over? Or do you mean Is that easier than cracking into Microsoft or Adobe or M0Zilla or some other quasi-reputable company's distribution system?? Last time I looked NIMDA and Code Red was still making the rounds. A single-vulnerability worm can get you 100 kNodes overnight, an updateable library of exploits and stealthy crossplatform code should keep you in business indefinitely. Actually using it to upload PGPNet would probably be pretty hard - it's no longer just Phil's ~200KB of badly-written MSDOS code, it's now 5-10MB of bloatware (:-), and you can't distribute a few million copies of a few megabytes to unsuspecting users without somebody noticing. Just checking the clock and only uploading big stuff when it's night according to the clock and the user hasn't been typing anything in the last 10 minutes should do the trick. Especially, if the infected nodes mimick Akamai. Also, leaving aside the opportunistic encryption issues, which depend on having working secure inverse DNS for the FreeS/WAN flavor, you can't depend on tunnels working through firewalls or NAT or other arbitrary connections out there, so a lot of recipients wouldn't It would be enough to just get the freely accessible nodes infected. NATted and firewalled nodes could be then your second concern. really get to have it working for them, but it might break quite visibly - especially for people who already have VPNs, and therefore usually have corporate IT support or corporate security departments who'll notice it. Port 80 is still open typically, and you can use naked nodes as relays. Better to just build a nice small ipsec client into a flashy MP3 player :-)
Re: all about transferable off-line ecash (Re: Brands off-line tech)
On Mon, Apr 08, 2002 at 07:52:32PM -0700, Mike Rosing wrote: While I agree with goal, it's not clear to me that it's physically possible. What makes money useful is it's physical existance, people have been counterfiting coins since they were invented but it's been getting harder to do. With off-line coins you could easily counterfit or You can't outright counterfeit technically as the recipient of each coin checks that it's correctly formed, and authenticated by the bank, and that the chain of spends are all bound together. By doing this the user is assured that either the coin will not be double-spent, or the bank will identify the double spender when the coin is deposited. You might reasonably expect the bank to deal with double-spending itself and give the depositor fresh money regardless of double spent status. double spend and live off the float, especially if you do it all anonymously. If you use the normal approach of putting the identity in the coin, you can't double-spend anonymously. And if you just do it once with some huge sum, you'd get away with it (like Enron guys did :-) Money boils down to psycology - people trust that it trades their effort for somebody elses effort. who's going to trust ephemeral bits? Crossing that barrier is going to be a lot harder than any technology. Building up technology trust is harder yes. But that I guess is largely marketing and reputation. Most people probably don't understand the security mechanisms in place with credt-cards either (PIN offset on card etc.), or even more the more secure smart-card based credit cards used in some parts of the world. Adam
Re: all about transferable off-line ecash (Re: Brands off-line tech)
[Copied to Adam so he doesn't have to wait for some moderator to get off his fat ass and approve it. And BTW permission is NOT granted to forward this or any part of it to the DBS list because Hettinga is an asshole who kicks people off his list for spite. He can piss in his own sandbox if he wants but we don't have to play in it.] Adam Back wrote: On Mon, Apr 08, 2002 at 04:15:09AM +0200, Anonymous wrote: First, off-line coins suck, as described above. [...] Off-line coins just offer an extra optional feature for the user, any user who chooses can instead use them as online coins. So I would argue off-line coins are better than online coins. It's not just an extra feature; an off-line system inherently requires users to identify themselves to the bank at withdrawal time. It cannot allow users to anonymously exchange coins at the bank. So it has an inherent lack of anonymity which is not present in an online system. Furthermore, off-line coins require a complex infrastructure to work. Unlike online systems, where cheating is impossible, off-line systems attempt to locate and punish cheaters after the fact. How can that possibly work in an Internet system where people may be engaging in transactions all over the world? If someone cheats you from Timbuktu do you really expect the cops over there to track him down for you? Or maybe the bank will make good by forcing each person to keep a certain amount in their account to pay off creditors they have cheated? The problem there is that there is no limit to how fast people can cheat in an off-line system, so there is no way the bank can force people to keep enough in their account to cover cheating. In short, off-line cash simply can't work in an Internet economy. It violates the fundamental nature of the net, which is distributed and anonymous. An old cypherpunk aphorism says that any internet protocol which ends with then the cops track down the bad guy is fundamentally flawed. Off-line cash is a non-starter by this criterion. Transferred coins are recognizable and linkable. Hence they suck even worse than off-line coins. Tranferable off-line coins allow all kinds of cool anonymity features as described above, I also argued above that the linkability deficiency can somewhat defended against. Most of the anonymity features are just as applicable in an online system where people can exchange coins without identifying themselves. This allows for fully anonymous transactions with the bank and accountless operation. You talked about moneychangers, but the discussion was confusing. What exactly is a moneychanger? You seem to have an unstated assumption that moneychangers wouldn't be allowed by the bank and this was a way around that. But if transferrable off-line cash allows moneychangers, which the bank won't allow, then such a bank probably wouldn't provide for transferrable off-line cash either. Anyway, what the hell is a moneychanger, and why wouldn't a bank allow one? As for hidden banks, there is no evidence yet that people are clamoring to trust their hard earned savings to a bank which won't even show its face and which could abscond with the entire money supply at any time without penalty. Turning to the fact that the off-line coin chains are linkable, that's such an ugly blot on the whole idea that it deserves to kill it on those grounds alone. In one stroke you've gone from mathematical anonymity to somewhat anonymity. It's reminiscent of Dan Simon's fully linkable cash, where he offered the same sort of lame ideas like spending to yourself a few times. If all you want is pretend anonymity then don't bother with the fancy mathematics. Real anonymity means unlinkable coins. End of story. And transferable off-line coins add yet more flexibility, while again not preventing online clearing for those that prefer it. While some of the features have the linkability artifact, those features are optional and the user has free choice to select methods to avoid entirely or defend against linkability by any of the available methods respectively fetching fresh online coins, using money-changers to do the same more off-line, and self re-spending to add confusion. Hence transferable off-line coins are already superior to both non-transferable off-line coins and online coins due to the selection of choice of new features and trade-offs offered to the users. All we need now is a way to more robustly defeat linkability. Linkability can't be defeated. The ChaumPedersen paper implies that anyone can collude with the bank to determine if a coin is a later instance of one they held earlier. They simulate a second spend of their earlier coin, and let the bank determine if that produces a double-spending match with the later one, which it would have to do if they were both on the same chain. Hence there is no way even in principle to avoid chain linkability. Let's face it, transferrable off-line coins have so many
ID Citizenship Believe it or Nots
Identification Citizenship Believe it or Nots by Duncan Frissell http://technoptimist.blogspot.com/?/2002_04_07_technoptimist_archive.html Last September's attack on the United States vastly increased debate on identification, citizenship, and immigration. For your education and amusement, here are some truly strange facts about these topics. ... 2) World War II was won by US Army Generals and Navy Admirals who commanded armies, air forces, and fleets and possessed and used all manner of weapons up to and including nuclear bombs -- all without ever having proved their identities to the US government. ... 8) One is not required to apply for a Social Security Number. ... 18) The machine-readable lines on your passport (at the bottom of the page that has your picture on it) include space for a National ID number. ... 21) It is not a crime to be an illegal alien in the US. It is a civil matter. It is a crime to use fraudulent documents to gain entry. It is a minor offense to evade inspection when crossing the border. But if you overstay your visa, it is not a crime. You can, of course, be arrested and deported but the mere status of being illegally present in the US does not constitute a crime. DCF If you worry that Multinational Corporations or National Governments control your life, simply employ a random number generator to determine what actions you take. By this simple technological fix, you will guarantee that no one (including yourself) is Master of Your Fate and Captain of Your Soul.
Re: all about transferable off-line ecash (Re: Brands off-linetech)
Anonymous wrote: [Copied to Adam so he doesn't have to wait for some moderator to get off his fat ass and approve it. And BTW permission is NOT granted to forward this or any part of it to the DBS list because Hettinga is an asshole who kicks people off his list for spite. He can piss in his own sandbox if he wants but we don't have to play in it.] Adam Back wrote: On Mon, Apr 08, 2002 at 04:15:09AM +0200, Anonymous wrote: First, off-line coins suck, as described above. [...] Off-line coins just offer an extra optional feature for the user, any user who chooses can instead use them as online coins. So I would argue off-line coins are better than online coins. It's not just an extra feature; an off-line system inherently requires users to identify themselves to the bank at withdrawal time. It cannot allow users to anonymously exchange coins at the bank. So it has an inherent lack of anonymity which is not present in an online system. If they withdraw blinded coins, then although they were identified they are not linked with the coins. Did I miss something? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: all about transferable off-line ecash (Re: Brands off-line tech)
Adam Back wrote: [...snip...] Another example would be having to give a deposit to get mobile phone for people with poor credit ratings. Also in Europe pay as you go, cash only mobile phone usage is popular due to credit elegibility reasons also I think. You can plunk down a 10 pound note and walk out with a mobile phone with air time on it, you can buy more air time similarly.) Slightly off-topic, but credit eligibility isn't the main reason for prepay. A lot of well-off people like it because it is easier to administer. I know people with jobs and credit ratings who chose to move to prepay, but I can't think of anyone who went the other way. You walk into the shop and buy airtime, which many people find easier than having yet another relationship with yet another boring company. Incidentally what they actually sell you is a card with a number printed on it, which you then send to phone company - there would be a lot of money for anyone who found a way to predict the numbers - this is cypherpunk technology - millions of people all over the world are paying cash money for large random numbers. They are also popular with parents who give them to their kids don't want to have to bankroll a serious teenage phone habit. And some people even like anonymity. The airtime numbers are available more or less anywhere, supermarket checkouts, every little corner shop, sometimes even bars. There is also a new breed of phonecard shops, sometimes doubling up as small Internet cafes and/or the more traditional copier shops. For some reason many of them are run by Africans (high-tech retail in UK is usually dominated by Indians). Their main business is in long-distance discount phonecalls. You get a certain amount of long-distance or international phone time through a local number. If you'd asked me 15 years ago I might have guessed that reselling bandwidth would be a big business in the first decade of the 21st century, but I wouldn't have guessed that it would mostly be over-the-counter in corner shops. Actually selling bits of plastic with numbers printed on them (most of them don't even bother with mag stripes) seems very low-tech and physical! Ken Brown
Burroughs' Revenge (was Re: all about transferable off-line ecash (Re: Brands off-line tech))
At 8:37 AM +0200 on 4/9/02, Some Anonymous Flatualist emitted the following bit of flammable gas out of an Austrian remailer somewhere: And BTW permission is NOT granted to forward this or any part of it to the DBS list because Hettinga is an asshole who kicks people off his list for spite. He can piss in his own sandbox if he wants but we don't have to play in it. Yup, that's me, Anonymous. Evil Bob. Violating copy protection protocols like the above at the drop of the hat. The tragedy of the commons is that no one owns the commons? It takes a village to forward an idiot's dreck? :-). Nonetheless, Anonymous, I'm also guy who forwarded your comment to my lists anyway, methagenous ejaculata and all, because, like I'm doing with this rejoinder to same, I can. :-). Also because it seems that, at the moment, and exclusive of your noxious spew above, you apparently have a clue about the present impossibility of, or at least economic impracticability of, off-line bearer transactions. Proving once again, like assholes, everyone has a clue at least once in a while, no matter who they are -- or how badly they misuse their own in public. [I could also note that beggars who can't muster their own resources, or at least an audience, can't be choosers, and thus have to post on others' lists, anonymously, but, hey, that would be, um, Evil, right? ;-).] Granted, Anonymous, I do tend to kick various assholes off of lists where I am in charge of subscriptions. Apparently, this includes yourself, now reduced to what looks like single-hop anonymous posting, most likely because you've now Graduated From College, or even Grad School, or at least a way-kewl down-the-toilet dot-com, and now you have an entry-level cubicle-job somewhere that apparently doesn't appreciate free speech. And, certainly, I kick people off of lists I run for any reason I feel like it, including for spite, if not by absolute whim, because, like you seem to have been, some people who end up on my lists, *are*, in fact, assholes, in my opinion, and, like I said, I either own, or at least, control the subscription list. Call it Bourgeoisie Oblige, if you want :-). No tragedy of the commons here, out in the land of actual property and responsibility for same. [As a further side note, anyone can subscribe to any list I run, and I certainly don't subscribe anyone against their will, and, most important, I don't actually moderate any lists, just play list.bouncer. So, as such, if someone pisses me off when they get there, for any reason whatsoever, even if I'm just having a bad day, they're out of there. Off with their heads, out the airlock, game over, whatever. Also, lots of people's mail addresses fail for various reasons, and, since I get to see all the bounced mail on some lists I do, I have short patience with such things.] As always, Anonymous, your definition of asshole, like mine, may vary, but only on *your* lists, please, if you can ever make that happen with your otherwise clueful reputation, though one you keep pissing on with comments like I've quoted above. Unfortunately, just like that William Burroughs story in _Naked_Lunch, about the guy who taught his asshole to talk, you keep trying to prove that, once again, that one man's asshole is indeed another man's larynx. Cheers, RAH Napalm in the morning, by any other name, smells just as sweet as a metaphor beaten like a dead horse... -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: all about transferable off-line ecash (Re: Brands off-linete ch)
On 9 Apr 2002 at 14:40, Steve Furlong wrote: Trei, Peter wrote: US don't want dollar coins Just about a year ago, they tried again, with the 'Sacagawea' or 'Golden Dollar'. This is a very handsome coin, gold in color, but it was the same size as a SBA dollar (to fit the machines). You can still confuse it with a quarter in your pocket or in the dark. It's been months since I've seen one. I've seen exactly two Sac coins, both right after they were introduced. I gave one to my son to save and one to an amateur collector. http://www.projo.com/business/content/projo_20020408_saca8.393c59d9.html says the US Mint has cut back on production because people just aren't interested. Speaking for myself and a few friends and relations, we'd be perfectly happy to use them, if they were available. I think you're in the minority. And stores don't want to have to as paper or brass every time they make change, they'll want to give customers one or the other. C-punks relevance: People aren't as uninterested in new currencies as our appointed masters think. e-money might catch on if it were convenient and not blatantly illegal. That may be true, but it certainly illustrated here. Our appointed masters at the mint are the ones who WANT us to use the new currency because it saves them money. It's the stores and the people that don't use or want them. Next time you get singles in change, you might want to ask if you can have dollar coins instead, just to see what reaction you get. You might want to ask if anyone else has ever asked that also. George -- Steve FurlongComputer Condottiere Have GNU, Will Travel The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
Re: all about transferable off-line ecash (Re: Brands off-line tech)
Ben Laurie wrote: Anonymous wrote: It's not just an extra feature; an off-line system inherently requires users to identify themselves to the bank at withdrawal time. It cannot allow users to anonymously exchange coins at the bank. So it has an inherent lack of anonymity which is not present in an online system. If they withdraw blinded coins, then although they were identified they are not linked with the coins. Did I miss something? Yes. You missed the point that the lack of anonymity is not in the coins, but in the protocol. An off-line system requires people to identify themselves to the bank at withdrawal time, so that their identities can be embedded in the coin. That means no anonymous exchanges at the bank. This is unlike an online system, which could allow someone to exchange coins for fresh ones who never identifies himself to the bank, who has no account at the bank, who in fact has never communicated with the bank in any way, shape or form ever before. There are no records of this guy, his identity, how often he uses the bank, the amounts which he deposits and withdraws. That's real anonymity. Off-line systems can't do this because they need to track down double-spenders after the fact. They accumulate all kinds of information about their customers. Eric Murray wrote: [Copied to Adam so he doesn't have to wait for some moderator to get off his fat ass and approve it. The LNE CDR isn't moderated in the usual sense. However, postings from new users[1] don't go through until I look at them (since about 99.5% are spam). I do this as often as possible, but I do have a life. So if you (the generic you) feel the urge to forge a new cute name on every post, be warned that your posts may take a while to go through. I suggest forging one cute name and sticking with it... besides, you will want all of us to have a pseudo to attach the appropriate reputation capital to. Reputation is overrated. Here's a clue: if you want to know what people really think of your ideas, post anonymously. Eric, your fat ass moderator It's not you, it's Brian Minder. Adam is on the cypherpunks-moderated list. Note the almost 24 hour delay between the initial response to his message by Anonymous and Adam's reply. This is almost certainly due to moderation-imposed delay (plus time zone issues). We might as well try to converse by carrier pigeon. Moderated lists do not support lively discussion.
Re: all about transferable off-line ecash (Re: Brands off-line tech)
On 9 Apr 2002 at 16:54, Ken Brown wrote: But paper money is such a 20th-century thing! These days we're slowly drifting back to higher value metal coins (2 pounds out for a few years now, 5 pounds coming soon I think). Much more fun. Feels like real treasure! Less of the floppy stuff, we want our ecash to look like real cash. Ken Yeah, but is that because people want it, or because the treasury wants it? They've been trying to foist dollar coins on US for years because they're cheaper (last forever and cost about a dime to make vs. last about a year and cost maybe 3 cents to make) but people hate them and don't use them. George
RE: all about transferable off-line ecash (Re: Brands off-line tech)
On Tue, 9 Apr 2002, Trei, Peter wrote: I was living in Britain (and of an allowance-recieving age) when decimalization occured. While we lost the big penny, we gained the 50p piece. In those days, it was a large, heavy, seven-sided coin, bigger than a US half-dollar, and worth $1.20. It felt good in your pocket. Since then, the Brits have shrunk it to a much smaller size. Do they still call the 1 pound coins 'maggies'? I have been living in the UK for 17 years and have never heard this term. Younger people aren't sure who Maggie is anyway ;-) (15-year old daughter sitting next to me: Who's Maggie? and then Why would a pound be called Margaret Thatcher? ) -- Jim Dixon [EMAIL PROTECTED] tel +44 117 982 0786 mobile +44 797 373 7881 -- THAT'S A CHANGE OF ADDRESS: I'm no longer [EMAIL PROTECTED]
RE: all about transferable off-line ecash (Re: Brands off-line te ch)
Jim Dixon[SMTP:[EMAIL PROTECTED]] On Tue, 9 Apr 2002, Trei, Peter wrote: I was living in Britain (and of an allowance-recieving age) when decimalization occured. While we lost the big penny, we gained the 50p piece. In those days, it was a large, heavy, seven-sided coin, bigger than a US half-dollar, and worth $1.20. It felt good in your pocket. Since then, the Brits have shrunk it to a much smaller size. Do they still call the 1 pound coins 'maggies'? I have been living in the UK for 17 years and have never heard this term. Younger people aren't sure who Maggie is anyway ;-) (15-year old daughter sitting next to me: Who's Maggie? and then Why would a pound be called Margaret Thatcher? This dates back to the time when they were first introduced, and is clearly out of date: It was called a Maggie because it was thick, brassy, and thought it to be sovereign. [For the non-brits: A 'sovereign' is a rarely seen gold coin, about the same size as the pound coin (but worth a lot more - it's got nearly a 1/4 ounce of gold). It also plays off of Margaret Thatcher's autocratic tendencies. 'Brassy' is slang for, roughly, outspoken/irreverent, and 'thick' means stupid.] Peter Trei
Re: all about transferable off-line ecash (Re: Brands off-line te ch)
On Tue, Apr 09, 2002 at 01:54:40PM -0400, Trei, Peter wrote: Putting RF Tags in cash is one of those ideas with Unintended Consequences. Muggers would love having a way of determining which victims are carrying a wad, as would many salesmen (and JBTs looking to perform a 'civil confiscation' on 'a sum of currency'.) Also see the cashtax idea, which I wrote about a few years ago: http://www.well.com/~declan/cashtax/ -Declan
Re: all about transferable off-line ecash (Re: Brands off-line tech)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mike Rosing[SMTP:[EMAIL PROTECTED]] On Tue, 9 Apr 2002, Ken Brown wrote: I'd rather have stiff cards than floppy paper ones. At least you can put them into the slot of a machine easily. But with an RF tag you'd not even have to pull it out of your pocket :-) Putting RF Tags in cash is one of those ideas with Unintended Consequences. Muggers would love having a way of determining which victims are carrying a wad, as would many salesmen (and JBTs looking to perform a 'civil confiscation' on 'a sum of currency'.) Not to mention the possibility of a surreptitious centralized database tracking purchases of people on a watch list. Sign up if you want to, but you might do well to remember a point Lt. Gen. Hayden (who really ought to know) once made: all SIGINT can be defeated and destroyed simply by putting the handset in the receiver. Something to keep in mind while you're thinking this through,anyway. As for the counterfeiting problem, nobody's said much about the kind of sophisticated countermeasures used in casino chips, for example. Seems workable. One of many interesting topics covered in a truly frightening pub you might not have come across: Global ID Magazine http://web.tiscali.it/homeglobal/issues.htm Global ID Magazine is a publication describing the activity and the products of the leading Identification (ID) Technology Suppliers in the world. Its scope encompasses state-of-the-art technologies, innovative concepts and trends within the automatic identification systems industry that will have the most significant impact on design and use of ID systems. The editorial focus of Global ID Magazine is on the use of identification systems based on radio frequency, biometrics, global positioning, multifunctional systems, data communication and similar. Global ID Magazine speaks to decision makers, both at a management and at a technical level, within companies that use or could leverage from using ID systems. It suggests innovative solutions, the improvement of existing applications, describing trends and future possibilities. ~~Faustine. *** He that would make his own liberty secure must guard even his enemy from oppression; for if he violates this duty he establishes a precedent that will reach to himself. - --Thomas Paine -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. (Diffie-Helman/DSS-only version) iQA/AwUBPLNWGvg5Tuca7bfvEQLRzQCg2iSdcpbXf/K+FQRzVNGYa9voHToAn3Jd 35JycT/4X0aUnT7bzWycwYEe =sSz8 -END PGP SIGNATURE-
Re: all about transferable off-line ecash (Re: Brands off-line tech)
Peter Trei writes: Speaking for myself and a few friends and relations, we'd be perfectly happy to use them, if they were available. A good place to get Sacagawea dollars is from the stamp machine at your local post office. Put in a $20 bill and buy as small an amount of stamps as you can, and many of the machines will give you golden dollars in change. Make sure you check the machine first; it should be labeled about what kind of change it gives. Otherwise you'll be hauling around dozens of quarters.
Re: New breed spam filter slashes junk email
On 9 Apr 2002 at 10:07, Steve Schear wrote: New breed spam filter slashes junk email 10:31 09 April 02 NewScientist.com news service A new breed of spam-filtering technology that combines peer-to-peer communications with machine learning could intercept nearly all unwanted email, according to its creators. http://www.newscientist.com/news/news.jsp?id=ns2141 Sounds like it should work quite well at eliminating spam targeted directly at the user. Probably not much risk of an actual personal message looking enough like s spam message to get flagged. But for distribution lists I think there's substantial risk. Potentially would-be censors could block posts as alleged spam. Also, there's a major security concern. The article didn't say whether users would have to keep a complete copy of the spam database on their local machines or whether they'd have to upload each mail message to the servers with the database, but I think they'd have to do one or the other, and each has obvious drawbacks. (It should be safe to just upload a hash of each message received and compare that to the database, but even that has some risks, and besdies, I got the impression they wanted to do a more thorough comparison. Checking hashes could easily be defeated by appending a separate random string to each copy of the message anyway). All in all, I vastly prefer hashcash. George
Re: Experiences Deploying a Large Scale Emergent Network (fwd)
-- Forwarded message -- Date: Tue, 09 Apr 2002 06:16:05 -0700 From: Zooko [EMAIL PROTECTED] To: A. Melon [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Experiences Deploying a Large Scale Emergent Network [This is in reply to a message that was sent to me and to [EMAIL PROTECTED] on 2002-03-22. I do not see it on mail-archive.com [1], so if you are interested you might want to view the archive at sf.net/projects/mnet [2].] I'd like to thank A. Melon for criticism of my paper Experiences Deploying a Large-Scale Emergent Network. I've updated the paper in preparation for its inclusion in a printed dead-tree proceedings and attempted to address some of A. Melon's criticisms. In particular, I've tried to be more clear about the magnitude of Mojo Nation's failures by adding the typical and maximum number of simultaneously connected nodes. I've also added some observations about two big mistakes that would be easy to correct, something I understood only after chatting with the researchers at the Peer-to-Peer Workshop. I've also attempted to address A. Melon's other criticism: that it isn't clear which specific issues are most to blame for the overall poor behavior. I've added statements about my belief that the high node churn rate was largely due to the poor data availability and that conversely the poor data availability was partially due to the high node churn rate. I've also added a statement that there are a lot of important aspects of the system as a whole which are omitted from the scope of the paper. (Including agnostically-blindable digital tokens and many other things.) I'd like to thank A. Melon and the participants of the Peer-to-Peer workshop for feedback. Most of all I'd like to thank the architects of Mojo Nation: Jim McCoy and Doug Barnes. Mojo Nation was a brave experiment, and I hope that we will all benefit from the resulting knowledge. Here is the URL for the current version of the paper: http://zooko.com/IPTPS02.ps or http://zooko.com/IPTPS02.pdf Regards, Zooko [1] http://www.mail-archive.com/cryptography@wasabisystems.com/ [2] http://sourceforge.net/mailarchive/forum.php?thread_id=579361forum_id=7702 --- zooko.com Security and Distributed Systems Engineering --- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: pre-paid/pay-as-you go cell phone service (Re: all about transferable off-line ecash)
At 12:47 AM 4/10/02 +0100, Adam Back wrote: But from what I saw it was around 4x more expensive. A SIM with a years contract (all paid up front) is pretty easy to obtain for 10 - 50 pounds depending on number of free minutes included. And some people even like anonymity. Yes other things being equal I would find the anonymity aspects of buying SIM without contract etc quite cool if there was not such a price disparity. Adam I bought my Nokia a year ago for £29.99 on BT Cellnet from Carphone Warehouse. I had it delivered to my hotel. Last Christmas I was in Ireland and bought a SIM (subscriber identity module) for about 15 Punts just before the Euro arrived. The services were in a Pay As You Go price war during 2000 and 2001 so some phone got under 20 quid. They stopped doing this towards the end of last year and concentrated on subscription services. The phones are still fairly reasonable. Cards to feed the phones can be bought for cash at any news agent. You just punch the appropriate menu item on the phone and key in the number to add money. £10 to £50 denominations with low denominations predominating. Here's the current Carphone Warehouse catalog for Pay As You Go sorted by price: http://www1.carphonewarehouse.com/NASApp/commerce/gben-express-GBENExpressPurchase?xpprevutilname=ExpressUtilModelxputilname=ExpressUtilModelprodgroupid=nonepricelistid=WWWprodcatid=PPAYmodel=network=tar_id=tarvar_id=NEXT_LOCATION=gben-express-GBENExpressPurchaseNEXT_KEY=modelITEMID0=PRODDISPLAYPAGE=0CATEGORY=HANDSETITEMSELECTED=falseISSELECTED=falsepag=0sw=Lowest+Price You can get a SIM for £9.99 and a phone (with SIM) for £39.99 and up (mostly up). Verizon offers a Pay As You Go phone (FREEUP) in the US for $99. http://www.verizonwireless.com/ics/plsql/prepay.intro Unfortunately, US prepay plans don't use SIMs (save for a few geographically limited prepay services). SIMs are advantageous because they allow you to easily change numbers without changing phones. Note that some GSM phones are now tracking handsets as well as SIMs so this privacy aspect may be disappearing in Europe. DCF It doesn't matter what your race, creed, or color is; you can still be a son of a bitch. -- Duncan Philip Frissell 1899-1965
Re: Detectable cash notes a fantasy
On Tue, 9 Apr 2002, Tim May wrote: Physics-wise, it's a jiveass fantasy. No way are there micro-strips readable from a distance in today's currency, and very likely not in the next 20 years. (I don't dispute that a careful lab setup could maybe read a note at a few meters, in a properly-shielded environment, without any shieding between note and detectors, and with enough time and tuning. But a wad of bills, folded, stuffed, and with little time to make the detection...an altogether different kettle of fish.) Further, placing the notes in a simple aluminum foil pouch, or a wallet with equivalent lining, would cut any detectable signals by maybe 30-50 dB. That solves the theives problem :-) And you wouldn't need a wad, that's the whole point. You'd just need 1. It could transfer money just like a smart card. But I'll grant it's science fiction at this point. Maybe a smart card that has the weight of a gold coin with some thickness to it would work better. For the filthy rich, make the outside real gold! The rest of us can use brass. I still think the basic problem is simple - how do you trust the bits? If the actual computations are done inside a secure box, most people will trust it. There will always be people who try to beat the system, but it'll take a lot of technology, and they'll do it often enough to get caught (most theives simply don't want to pass up a good deal when they invent one :-) The actual structure of the box doesn't matter - a floppy cloth bill or thick coin is still a computer. Who makes and distributes it is what matters. Patience, persistence, truth, Dr. mike
