Re: Return of the death of cypherpunks.
From: James A. Donald [EMAIL PROTECTED] Sent: Oct 28, 2005 12:09 PM To: [EMAIL PROTECTED] Subject: Return of the death of cypherpunks. From: Eugen Leitl [EMAIL PROTECTED] .. The list needs not to stay dead, with some finite effort on our part (all of us) we can well resurrect it. If there's a real content there's even no need from all those forwards, to just fake a heartbeat. Since cryptography these days is routine and uncontroversial, there is no longer any strong reason for the cypherpunks list to continue to exist. Well, political controversy seems like the least interesting thing about the list--to the extent we're all babbling about who needs killing and who's not a sufficiently pure libertarian/anarchocapitalist and which companies are selling out to the Man, the list is nothing special. The cool thing is the understanding of crypto and computer security techology as applied to these concerns that are political. And the coolest thing is getting smart people who do real crypto/security work, and write working code, to solve problems. The ratio of political wanking to technical posts and of talkers to thinkers to coders needs to be right for the list to be interesting. .. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG AnKV4N6f9DgtOy+KkQ9QsiXcpQm+moX4U09FjLXP 4zfMeSzzCXNSr737bvqJ6ccbvDSu8fr66LbLEHedb --John Kelsey
Re: On Digital Cash-like Payment Systems
From: cyphrpunk [EMAIL PROTECTED]
Sent: Oct 27, 2005 9:15 PM
To: James A. Donald [EMAIL PROTECTED]
Cc: cryptography@metzdowd.com, [EMAIL PROTECTED]
Subject: Re: On Digital Cash-like Payment Systems
On 10/26/05, James A. Donald [EMAIL PROTECTED] wrote:
How does one inflate a key?
Just make it bigger by adding redundancy and padding, before you
encrypt it and store it on your disk. That way the attacker who wants
to steal your keyring sees a 4 GB encrypted file which actually holds
about a kilobyte of meaningful data. Current trojans can steal files
and log passwords, but they're not smart enough to decrypt and
decompress before uploading. They'll take hours to snatch the keyfile
through the net, and maybe they'll get caught in the act.
Note that there are crypto schemes that use huge keys, and it's
possible to produce simple variants of existing schemes that use
multiple keys. That would mean that the whole 8GB string was
necessary to do whatever crypto thing you wanted to do. A simple
example is to redefine CBC-mode encryption as
C[i] = E_K(C[i-1] xor P[i] xor S[C[i-1] mod 2^{29}])
where S is the huge shared string, and we're using AES. Without
access to the shared string, you could neither encrypt nor decrypt.
CP
--John
Re: [PracticalSecurity] Anonymity - great technology but hardly used
From: Eugen Leitl [EMAIL PROTECTED] Sent: Oct 27, 2005 3:22 AM To: Shawn K. Quinn [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [PracticalSecurity] Anonymity - great technology but hardly used .. It's never about merit, and not even money, but about predeployed base and interoperability. In today's world, you minimize the surprise on the opposite party's end if you stick with Redmondware. (Businessfolk hate surprises, especially complicated, technical, boring surprises). Not only that, but this is often sensible. Have you noticed the bizarre misfit between our allegedly phonetic alphabet and how things are spelled? Why don't we get everyone to change that? Or the silly insistence of sticking with a base 60 time standard? Or the whole atrocity of English measurements that the US still is stuck with? Oh yeah, because there's an enormous installed base, and people are able to do their jobs with them, bad though these tools are. .. OpenOffice Co usually supports a subset of Word and Excel formats. If you want to randomly annoy your coworkers, use OpenOffice to process the documents in MS Office formats before passing them on, without telling what you're doing. Much hilarity will ensue. I'll note that you can do the same thing by simply using slightly different versions of Word. MS takes a bad rap for a lot of their software (Excel and Powerpoint are pretty nice, for example), but Word is a disaster. Eugen* Leitl a href=http://leitl.org;leitl/a --John Kelsey
Re: On the orthogonality of anonymity to current market demand
From: R.A. Hettinga [EMAIL PROTECTED] Sent: Oct 25, 2005 8:34 AM To: cryptography@metzdowd.com, [EMAIL PROTECTED] Subject: On the orthogonality of anonymity to current market demand .. That is to say, your analysis conflicts with the whole trend towards T-0 trading, execution, clearing and settlement in the capital markets, and, frankly, with all payment in general as it gets increasingly granular and automated in nature. The faster you can trade or transact business with the surety that the asset in question is now irrevocably yours, the more trades and transactions you can do, which benefits not only the individual trader but markets as a whole. The prerequisite for all this is that when the asset changes hands, it's very nearly certain that this was the intention of the asset's previous owner. My point isn't to express my love for book-entry payment systems. There's plenty to hate about them. But if the alternative is an anonymous, irreversible payment system whose control lies in software running alongside three pieces of spyware on my Windows box, they probably still win for most people. Even bad payment systems are better than ones that let you have everything in your wallet stolen by a single attack. .. However anonymous irrevocability might offend one's senses and cause one to imagine the imminent heat-death of the financial universe (see Gibbon, below... :-)), I think that technology will instead step up to the challenge and become more secure as a result. What's with the heat-death nonsense? Physical bearer instruments imply stout locks and vaults and alarm systems and armed guards and all the rest, all the way down to infrastructure like police forces and armies (private or public) to avoid having the biggest gang end up owning all the gold. Electronic bearer instruments imply the same kinds of things, and the infrastructure for that isn't in place. It's like telling people to store their net worth in their homes, in gold. That can work, but you probably can't leave the cheapest lock sold at Home Depot on your front door and stick the gold coins in the same drawer where you used to keep your checkbook. And, since internet bearer transactions are, by their very design, more secure on public networks than book-entry transactions are in encrypted tunnels on private networks, they could even be said to be secure *in spite* of the fact that they're anonymous; that -- as it ever was in cryptography -- business can be transacted between two parties even though they don't know, or trust, each other. Why do you say internet bearer transactions are more secure? I can see more efficient, but why more secure? It looks to me like both kinds of payment system are susceptible to the same broad classes of attacks (bank misbehavior (for a short time), someone finding a software bug, someone breaking a crypto algorithm or protocol). What makes one more secure than the other? .. Cheers, RAH --John Kelsey
Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems
From: cyphrpunk [EMAIL PROTECTED] Sent: Oct 24, 2005 5:58 PM To: John Kelsey [EMAIL PROTECTED] Subject: Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems .. Digital wallets will require real security in user PCs. Still I don't see why we don't already have this problem with online banking and similar financial services. Couldn't a virus today steal people's passwords and command their banks to transfer funds, just as easily as the fraud described above? To the extent that this is not happening, the threat against ecash may not happen either. Well, one difference is that those transactions can often be undone, if imperfectly at times. The whole set of transactions is logged in many different places, and if there's an attack, there's some reasonable hope of getting the money back. And that said, there have been reports of spyware stealing passwords for online banking systems, and of course, there are tons of phishing and pharming schemes to get the account passwords in a more straightforward way. The point is, if you're ripped off in this way, there's a reasonable chance you can get your money back, because the bank has a complete record of the transactions that were done. There's no chance of this happening when there's no record of the transaction anywhere. The payment system operators will surely be sued for this, because they're the only ones who will be reachable. They will go broke, and the users will be out their money, and nobody will be silly enough to make their mistake again. They might be sued but they won't necessarily go broke. It depends on how deep the pockets are suing them compared to their own, and most especially it depends on whether they win or lose the lawsuit. I don't think so. Suppose there's a widespread attack that steals money from tens of thousands of users of this payment technology. There seem to be two choices: a. The payment system somehow makes good on their losses. b. Everyone who isn't dead or insane pulls every dime left in that system out, knowing that they could be next. It's not even clear that these are mutually exclusive, but if (a) doesn't happen, (b) surely will. Nobody wants their money stolen, and I don't think many people are so confident of their computer security that they're willing to bet huge amounts of money on it. If you have to be that confident in your computer security to use the payment system, it's not going to have many clients. CP --John
Re: Judy Miller needing killing
The question is, can she defy a subpoena based on membership in the privileged Reporter class that an ordinary person could not defy? It seems like the real question is how membership in the class is determined. If anyone who's acting like a reporter in a certain context (say, Adam Shostack interviewing me for his blog) qualifies, then I don't see the constitutional problem, though it may still be good or bad policy. If you've got to get a special card from the government that says you're a journalist, it seems like that's more of a problem. I guess other places where there's some right not to answer these questions exist, but they're mostly based on licensed professions. I gather your lawyer or priest has much more ability to refuse to talk than your doctor or accountant, and that your psychologist has a shockingly small ability to refuse to talk. Other than priest, though, all these fields are at least somewhat licensed by the state for other reasons, so that makes it easy to use possession of a license as a way to tell when someone really is a doctor, lawyer, psychologist, etc. For constitutional reasons, that's not really true for journalists. GH --John
Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems
From: cyphrpunk [EMAIL PROTECTED] Sent: Oct 24, 2005 2:14 PM Subject: Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems On 10/22/05, Ian G [EMAIL PROTECTED] wrote: Note that e-gold, which originally sold non-reversibility as a key benefit of the system, found that this feature attracted Ponzi schemes and fraudsters of all stripes, and eventually it was forced to reverse transactions and freeze accounts. It's not clear that any payment system which keeps information around to allow for potential reversibility can avoid eventually succumbing to pressure to reverse transactions. Only a Chaumian type system, whose technology makes reversibility fundamentally impossible, is guaranteed to allow for final clearing. And even then, it might just be that the operators themselves will be targeted for liability since they have engineered a system that makes it impossible to go after the fruits of criminal actions. More to the point, an irreversible payment system raises big practical problems in a world full of very hard-to-secure PCs running the relevant software. One exploitable software bug, properly used, can steal an enormous amount of money in an irreversible way. And if your goal is to sow chaos, you don't even need to put most of the stolen money in your own account--just randomly move it around in irreversible, untraceable ways, making sure that your accounts are among the ones that benefit from the random generosity of the attack. The payment system operators will surely be sued for this, because they're the only ones who will be reachable. They will go broke, and the users will be out their money, and nobody will be silly enough to make their mistake again. CP --John
Re: [EMAIL PROTECTED]: Wikipedia Tor]
Damn good point. Now that I think of it, all the classic examples of anonymous publication were really pseudonymous. (Publius, et al) They have different requirements. Votes and cash transactions and similar things require no history, no reputation. They're one-shot actions that should not be linkable to other actions. Pseudonyms are used everywhere in practice, because even my name is effectively a pseudonym unless you have some reason to try to link it to a meatspace human. This is why it's worth reading a book by Mark Twain, even though that wasn't his real name. And it would be worth reading those books even if we had no idea who had really written them. The reuptation and history of the author lets you decide whether you want to read the next of his books. The same is true of academic papers--you don't need to have met me or even to be able to find me, in order to read my papers and develop an opinion (hopefully a good one) about the quality of my work. And that determines whether you think the next paper is worth reading. --John
Re: Well, they got what they want...
From: Tyler Durden [EMAIL PROTECTED] Sent: Jul 23, 2005 9:17 PM To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Well, they got what they want... .. Saw a local security expert on the news, and he stated the obvious: Random earches and whatnot are going to do zero for someone determined, but might deter someone who was thinking about blowing up the A train. In other words, everyone here in NYC knows that we've given up a lot for the sake of the appearence of security, but no one seems to give a damn. I think the reality is a bit different. The random searches won't keep someone who's planning an attack from trying to carry it out, but it may delay their attack, if they made plans based on the old security setup, not the new one. It may also convince them to shift the attack to a new target. --John
Re: Posion Pill for ED?
Hey, I think I saw a bald eagle roosting up in that tree. You know, the one next to those buried Indian artifacts, right next to those rusting metal drums I got from Russel Bliss. --John
Re: [IP] Real ID = National ID (fwd from dave@farber.net)
From: Justin [EMAIL PROTECTED] Sent: May 9, 2005 3:55 PM To: [EMAIL PROTECTED] Subject: Re: [IP] Real ID = National ID (fwd from [EMAIL PROTECTED]) .. What do we need security for? We need security because a lot of people hate the U.S., and because we won't close our borders, and because society has become too diverse. Drivers license security is being pursued because a bunch of people want to be able to reliably use drivers licenses as ID cards for their own purposes. That can be for TSA screening of passneger names (though I think it's fantasy to imagine that this will really prevent terrorists from flying, and it has endless creepy totalitarian uses), or for making it harder to get a bank account without submitting your true name so you get taxed and monitored, or making it easier for the folks running various preferred shopper card programs to make you give them the right information, or keeping you from reselling your airline tickets. (Note that the whole market segmentation/price discrimination scheme that this threatened has basically died by now, but we're still stuck with binding names to airline tickets.) There is a significant correlation between cultural diversity/proximity and social unrest. That does not require people of different races; put white klansmen next to white members of the Black Panthers and you have the same thing. This is *very* dependent on the cultures in question. For the most part, Japanese and Korean immigrants (to take a couple easy examples) make wonderful neighbors, though they're members of a different race and culture and often a different religion. On the other hand, turn of the century Irish immigrants were English-speaking Christians, but they made nightmarish neighbors. And neither of those have much to do with terrorism (as opposed to low-level crime, public drunkenness, imported criminal gangs, etc.). The Irish in the US have never been much of a terrorist threat, though things are very different in the UK! None of those three core problems will be solved by RealID. Therefore, while RealID may make some difference at the margins, it cannot be very effective. Well, it depends on what your goal is. If your goal is harder-to-forge drivers licenses for all kinds of good and bad purposes, then it may help. If your goal is seriously stopping terrorism or shutting down illegal immigration, it probably won't have much of an impact. --John
Re: Pi: Less Random Than We Thought
From: Sarad AV [EMAIL PROTECTED] Sent: May 5, 2005 8:43 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Pi: Less Random Than We Thought Well, if it were generated by a random process, we'd expect to see every n-bit substring in there somewhere, sooner or later, since the sequence never ends or repeats. Thus, the wonderful joke/idea about selling advertising space in the binary expansion of pi. Not only will your message last forever, but it will be seen by any advanced civilization that develops math and computers, even ones in other galaxies. --John
Re: Secure erasing Info (fwd from richard@SCL.UTAH.EDU)
Just as a data point, PGPDisk works fine on CF devices. I use this for a CF card on which I keep a bunch of my work for movement between laptop and desktop machines. --John
Re: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
From: Justin [EMAIL PROTECTED] Sent: Jan 10, 2005 7:35 PM To: [EMAIL PROTECTED] Subject: Re: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire .. Some gun accidents are suicides reported as such to avoid embarrassment to the family. I've heard this from other people, too--some in reasonably good positions to know how such things were reported. And there's surely some ambiguity between fatal accidents caused by doing something really stupid and intentional suicides. .. --John
Re: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
From: R.A. Hettinga [EMAIL PROTECTED] Sent: Jan 6, 2005 11:47 AM To: cryptography@metzdowd.com, [EMAIL PROTECTED] Subject: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire .. Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire By ANNE EISENBERG I just wonder what the false negative rates are. Seem like a gun that has a 1% chance of refusing to fire when you *really need it* might not be worth all that much. Similarly, one that you can't get to work if you've got a band-aid on your finger, or a cut on your hand, or whatever, loses a lot of its value. On the other hand, a gun that can't be made to go off by your toddler is a pretty huge win, assuming you're willing to trust the technology, but a 90% accuracy level sounds to me like 10% of the time, your three year old can, in fact, cause the thing to go off. That's not worth much, but maybe they'll get it better. And the suspect struggles with cop, gets gun, and shoots cop problem would definitely be helped by a guy that wouldn't go off for 90% of attackers. --John
Re: California Bans a Large-Caliber Gun, and the Battle Is On
Interesting questions: How hard is it for someone to actually hit an airplane with a rifle bullet? How often do airplane maintenance people notice bulletholes? My understanding is that a single bullethole in a plane is not likely to do anything serious to its operation--the hole isn't big enough to depressurize the cabin of a big plane, and unless it hits some critical bits of the plane, it's not going to cause mechanical problems. I don't think the bigger .50 round would fundamentally change that. So this could be one of those things that just happens from time to time, without getting much press. (Most people have never heard of phantom controllers either, but they're a real phenomenon, and they seem at least as dangerous as some nut with a rifle taking potshots at landing planes.) --John
Re: How to Build a Global Internet Tsunami Warning System in a Month
From: Major Variola (ret) [EMAIL PROTECTED] Sent: Jan 3, 2005 4:45 PM To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: How to Build a Global Internet Tsunami Warning System in a Month .. 3. Homebrew warning systems will face the same problems as eg pro volcano warning systems: too many false alarms and no one cares. The best defense would seem to be a population with a lot of TVs and radios. At least after the first tsunami hit, the news would quickly spread, and there were several hours between when the waves arrived at different shores. (And a 9.0 earthquake on the seafloor, or even a 7.0 earthquake on the seafloor, is a rare enough event that it's not crazy to at least issue a stay off the beach kind of warning.) My first take on this is that it's an example of the many ways that it's better to be in a rich country than a poor one. Major natural disasters are a lot bloodier in poor countries, for lots of infrastructure reasons (good communications to get out the warning, good roads to evacuate on, resources available for disaster planning long before the disaster hits, building codes or best practices that require some resistance to known disasters, etc.). --John
Re: Israeli Airport Security Questioning Re: CRYPTO-GRAM, December 15, 2004
From: Major Variola (ret) [EMAIL PROTECTED] Sent: Dec 21, 2004 10:20 PM To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: Israeli Airport Security Questioning Re: CRYPTO-GRAM, December 15, 2004 At 02:16 PM 12/20/04 -0500, John Kelsey wrote: No doubt a real intelligence agent would be good at getting through this kind of screening, but that doesn't mean most of the people who want to blow up planes would be any good at it! You really continue to understimate the freedom fighters, don't you? (The first) King George did the same. Maybe so. It's clearly added cost to the attackers--they have to select not just the subset of volunteers willing to blow themselves up on the plane, but the subset of *those* who can also keep cool under rapid-fire questioning of their cover story. The attackers probably have to either spend a lot of time rehearsing their cover stories, or have to keep their cover stories very close to their actual lives and interests, which makes profiling easier. Both of these cut way down on the total pool of attackers available. My assumption is that national intelligence agencies can probably afford to do this--they can probably filter through a lot more possible candidates to get field agents who can handle a cover story well, for example, since they can hire openly, rather than quietly recruiting from madrassa students or something. Their training facilities can be centralized and stay in one place, rather than being a camp in the desert somewhere that has to be abandoned frequently, and they can develop a lot of expertise in training people to survive intensive questioning without fumbling their cover story. --John
Re: Israeli Airport Security Questioning Re: CRYPTO-GRAM, December 15, 2004
The difference here is that Bad_Guy is visiting the country for the first time. Now, there are fewer questions to ask. But that's a common enough situation that the questioners are going to be ready for it. And I bet a lot of the point of their questioning is just to see if they detect signs of stress where they expect to. If you are a smart person who does something like this 20 times a day, you'll soon get a really good feel for when something odd is going on. Also, any kind of in-depth questioning is likely to uncover a lot of fraudulent claims. If I say I'm a chemical engineer, it's not going to take much depth of knowledge for the questioner to find out I don't know things any chemical engineer would know, for example. (It wouldn't be hard to come up with some computerized system for pulling up lists of questions like this. Like, someone says he's Catholic, and you ask him who was born without sin as a direct result of the immaculate conception, or ask him to say a Hail Mary.) So this might force you to tell more of the truth, which makes it easier to profile you. And this is all physical / procedural security. You're not building an unclimbable wall, you're building lots of challenging speedbumps. No doubt a real intelligence agent would be good at getting through this kind of screening, but that doesn't mean most of the people who want to blow up planes would be any good at it! Sarad. --John
Re: Flaw with lava lamp entropy source
From: James A. Donald [EMAIL PROTECTED] Sent: Dec 18, 2004 2:51 PM To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: Flaw with lava lamp entropy source .. These days the video entropy source is not a lava lamp, but a lens cap - in the dark, the ccds generate significant thermal noise, which (unlike chaotic noise) cannot fail, unless someone immerses the camera in liquid helium. Do you (does anyone) know of any papers that have formally analyzed this entropy source? --digsig James A. Donald --John
RE: Blinky Rides Again: RCMP suspect al-Qaida messages
From: Tyler Durden [EMAIL PROTECTED] Sent: Dec 9, 2004 2:47 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: Blinky Rides Again: RCMP suspect al-Qaida messages .. NSA folks, on the other hand, I would assume have a soft version of a Variola Stego suitcase...able to quickly detect the presence of pretty much any kind of stego and then perform some tests to determine what kind was used. I bet they've been aware of Al Qaeda stego for a long time...that's probably the kind of thing they are very very good at. Maybe, but I think it would be very hard to write a general-purpose stego detector, without knowing the techniques used for encoding the message. And if you know the distribution of your cover channel as well as your attacker, or can generate lots of values from that distribution even if you can'd describe it, you can encode messages in a way that provably can't be detected, down to the quality of your random number generator and the difficulty of guessing your key. I imagine this as something much like a virus scanner. Look for known stego programs, and also for signatures of known stegp programs. Really good programs might be impossible to find without doing, say, a password search. But it's worth noting that AQ has to do key management just like the rest of us, and that's hard when you are communicating with a lot of different people. If your stego is password-protected, some terrorist's laptop is going to have a post-it note on the screen with the password. .. -TD --John Kelsey
RE: Blinky Rides Again: RCMP suspect al-Qaida messages
From: J.A. Terranson [EMAIL PROTECTED] Sent: Dec 9, 2004 1:19 PM To: Tyler Durden [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: Blinky Rides Again: RCMP suspect al-Qaida messages . As recently as two years ago, I had a classroom full of cops (mostly fedz from various well-known alphabets) who knew *nothing* about stego. And I mean *NOTHING*. They got a pretty shallow intro: here's a picture, and here's the secret message inside it, followed by an hour of theory and how-to's using the simplest of tools - every single one of them was just blown away. Actually, that's not true - the Postal Inspectors were bored, but everyone _else_ was floored. But the real thing they needed to know was there can be hidden information in files that look innocent and what they need to do to find that hidden information. I expect the answer to that will involve either shipping it off to some expert at the FBI (who will have to do some serious flow control, or he'll be receiving copies of all the video games on every small-time drug dealer's computer), or running some tools to look for the hidden data. It's not like you're going to expect a random detective to learn how to cryptanalyze stego schemes, anymore than you're going to expect him to learn how to check for DNA matches in a lab. He'll need to have some notion of how the technology works, and some rules of thumb for how to handle the evidence to keep from tainting it, and that's about it. J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF --John From jeff Sat Dec 11 15:47:34 2004 Return-Path: [EMAIL PROTECTED] Delivery-Date: Sat Dec 11 07:47:34 2004 Return-path: [EMAIL PROTECTED] Envelope-to: archive@jab.org Delivery-date: Sat, 11 Dec 2004 07:47:34 -0800 Received: from exprod5mx95.postini.com ([64.18.0.83] helo=psmtp.com) by toko.jab.org with smtp (Exim 3.36 #1 (Debian)) id 1Cd9T4-0007Tv-00 for archive@jab.org; Sat, 11 Dec 2004 07:47:34 -0800 Received: from source ([205.217.113.11]) by exprod5mx95.postini.com ([64.18.4.10]) with SMTP; Sat, 11 Dec 2004 07:50:06 PST Received: from m18.lax.untd.com [64.136.30.81] by mail.bestware.biz (SMTPD32-8.01) id A78E6410100; Sat, 11 Dec 2004 09:51:42 -0600 Received: from m18.lax.untd.com (localhost [127.0.0.1]) by m18.lax.untd.com with SMTP id AABA5YFY8AKW4ZCJ for [EMAIL PROTECTED] (sender [EMAIL PROTECTED]); Sat, 11 Dec 2004 07:48:46 -0800 (PST) X-UNTD-OriginStamp: az9YdFY2ee3SNysnJfolq2KJwZepwCZSitJgWH7+UviVe4JGcGTL7Q== Received: (from [EMAIL PROTECTED]) by m18.lax.untd.com (jqueuemail) id KEK35MH9; Sat, 11 Dec 2004 07:48:33 PST To: [EMAIL PROTECTED] Date: Sat, 11 Dec 2004 08:43:34 -0700 Subject: Re: [TruthTalk] Jesus the Messiah Message-ID: [EMAIL PROTECTED] X-Mailer: Juno 5.0.33 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--__JNP_000_3805.778b.2e05 X-Juno-Line-Breaks: 7-6,7,9-61,63-71,73-78,79-32767 From: [EMAIL PROTECTED] X-ContentStamp: 15:7:4214601920 Precedence: bulk Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-pstn-levels: (S:99.9/99.9 R:95.9108 P:95.9108 M:92.8780 C:99.7951 ) X-pstn-settings: 1 (0.1500:0.1500) gt3 gt2 gt1 r p m c X-pstn-addresses: from [EMAIL PROTECTED] [294/10] X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on toko.jab.org X-Spam-Level: X-Spam-Status: No, hits=-4.5 required=4.0 tests=BAYES_00,HTML_FONTCOLOR_BLUE, HTML_MESSAGE,NO_REAL_NAME autolearn=no version=2.64 This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. __JNP_000_3805.778b.2e05 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit On Sat, 11 Dec 2004 10:19:37 EST [EMAIL PROTECTED] writes: In a message dated 12/10/2004 11:31:40 PM Pacific Standard Time, [EMAIL PROTECTED] writes: John, Sorry about that. I'm very frustrated right now. It's not you... || ..Not a good time of the year for heartache. John -- Well, today has been a sad ol' lonesome day Yeah, today has been a sad ol' lonesome day I'm just sittin' here thinking With my mind a million miles away Well, they're doing the double shuffle, throwin' sand on the floor They're doing the double shuffle, they're throwin' sand on the floor When I left my long-time darlin' She was standing in the door Well, my pa he died and left me, my brother got killed in the war Well, my pa he died and left me, my brother got killed in the war My sister, she ran off and got married Never was heard of any more Samantha Brown lived in my house for about four or five months Samantha Brown lived in my house for about four or five months Don't know how it looked to other people I never slept with her even once Well, the road's washed out - weather not fit for man or beast Yeah the road's washed out - weather not fit for man or beast Funny, how the things you have the hardest time parting
Re: Word Of the Subgenius...
From: Steve Thompson [EMAIL PROTECTED] Sent: Dec 7, 2004 1:26 PM To: [EMAIL PROTECTED] Subject: Re: Word Of the Subgenius... .. Tim May has probably gotten all strange in the last few years, living in his remote hilltop home, waiting to see the end that will not come since the y2k crisis turned out to be nothing more than a financial boondoggle for the companies that believed all the hype. Maybe, maybe not. The thing I always find interesting and annoying about Tim May's posts is that he's sometimes making really clearly thought out, intelligent points, and other times spewing out nonsense so crazy you can't believe it's coming from the same person. It's also clear he's often yanking peoples' chains, often by saying the most offensive thing he can think of. But once in awhile, even amidst the crazy rantings about useless eaters and ovens, he'll toss out something that shows some deep, coherent thought about some issue in a new and fascinating direction. .. Steve --John
Re: Word Of the Subgenius...
From: Tyler Durden [EMAIL PROTECTED] Sent: Dec 4, 2004 8:33 PM To: [EMAIL PROTECTED] Subject: Word Of the Subgenius... I thought JR Bob Dobbs got beamed up to that comet with those LA Koolaid kooks... No, but I do believe the comet kooks engaged in bobbitization (or perhaps, merely bobbing). -TD --John
Re: Fallujah: Marine Eye-Witness Report
From: James A. Donald [EMAIL PROTECTED] Sent: Nov 24, 2004 1:02 AM To: [EMAIL PROTECTED] Subject: Re: Fallujah: Marine Eye-Witness Report .. And the problem with a civil war in Iraq is? At least three: a. The pottery barn theory of foreign affairs--we'd be blamed for making things worse. (I don't know how much this matters long term, but it would certainly have made life pretty hard on Tony Blair and the rest of the world leaders who actually supported us.) b. We would one day like their oil back on the market. c. We would like to make sure that the next regime to come to power there isn't someone we also feel obligated to get rid of, as even invasions done on the cheap cost a lot of money. --digsig James A. Donald --John
Re: Fallujah: Marine Eye-Witness Report
From: R.A. Hettinga [EMAIL PROTECTED] Sent: Nov 21, 2004 9:23 PM To: John Young [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Fallujah: Marine Eye-Witness Report .. By the way, John, did you know that Bush Is Going To Revive The Draft??? I know this is currently known to be false by all informed opinion, but I don't think it's crazy to worry about it. If we want to fight high-tech wars like the invasion of Iraq, lots of conscript troops aren't that useful. If we want to occupy places like Iraq, we need people to do the occupying, and it's clear that there's some strain on our forces now. Conscript troops might very well be useful for that kind of work. Suppose we invade and occupy Iran next. Where will the soldiers needed to hold down occupied territory come from? Suppose we follow up with Syria, which is surely about as repressive and nasty a place as Saddam's Iraq. Three things are very clear about the current situation: a. A lot of people are finding out that their military obligations are going to be longer and much less pleasant than they expected. This is going to have a big impact on recruiting in the future. b. If we just want to hold down what we've got, we have enough troops to do it, but if we want to really go on a democratizing bender in the Middle East, we'll need more troops. c. It's not at all clear we won't be taking some action against Iran in the next year. Hopefully, that won't involve invading them, but it could. Cheers, RAH --John
RE: The Values-Vote Myth
From: J.A. Terranson [EMAIL PROTECTED] Sent: Nov 6, 2004 5:07 PM To: Tyler Durden [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: The Values-Vote Myth On Sat, 6 Nov 2004, Tyler Durden wrote: .. So: A 'moral values' question for Cypherpunks. Does this election indict the American people as being complicit in the crime known as Operation Freedom? (I notice everyone forgot about that name.) Complicit? Thats *technically* correct, but not nearly strong enough. Similarly, if I hold some stock in Exxon, am I complicit in every crime done by the management of Exxon? How does this change if I'm a child whose trust fund contains the stock? Or if I hold a mutual fund I inherited with a little Exxon stock, which can be sold off only if I'm willing to move thousands of miles from my home, learn a new language, uproot my family, etc.? Is there any outcome of the election that would have made it immoral to attack Americans? (Certainly not electing Kerry, who planned to continue holding down Iraq for the forseeable future, though he correctly stated that invading it was a mistake in the first place.) And if we accept this kind of collective guilt logic, why is, say, flattening Fallujah to make an example for the rest of Iraq, wrong? -TD J.A. Terranson --John
Re: This Memorable Day
From: Peter Gutmann [EMAIL PROTECTED] Sent: Nov 6, 2004 2:10 AM To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: This Memorable Day The figure that's usually quoted is that 80% of German's military force was directed against Russia. Of the remaining 20%, a lot had already been engaged by France, the UK (via the BEF, the RAF, North Africa), Greece, etc etc before the US got involved in Europe. So the Russians should get most of the credit. Yep. I think to a first approximation, the US defeated Japan and the USSR defeated Germany. My impression is that a lot of the push to do the D-Day invasion was to make sure the USSR didn't end up in possession of all of Europe at the end of the war. (Given how things developed, this was a pretty sensible concern.) Peter. --John
Re: The Values-Vote Myth
From: Eric Cordian [EMAIL PROTECTED] Sent: Nov 6, 2004 5:57 PM To: [EMAIL PROTECTED] Subject: Re: The Values-Vote Myth .. Also, voting is in some sense political manipulation to blame the population for the actions of their government. Everyone who votes is a co-conspirator, and the argument is made that those who don't vote have no right to dissent. Yep, I always get a kick out of this line. Alice says if you don't vote, you have no right to complain about the outcome. Bob says if you don't volunteer for a campaign, man the phone banks, go door to door, and give till it hurts, you have no right to complain about the outcome. Carol says If you don't stockpile weapons, organize into cells, and run a campaign of terror bombing and assassination, you have no right to complain about the outcome. Why is one of these people more obviously right than the others? [I know you weren't agreeing with the quoted statement either.] In practice, Alice's strategy has almost no impact on the result--nothing I did as a Maryland voter could have given Bush fewer electoral votes than he already got, and that's true almost everywhere for an individual voter. This is especially true if you're an individual voter whose major issues are just not very important to most other voters. Kerry spent essentially no time talking about the creepy implications of the Jose Padilla case (isn't he still being held incommunicado, pending filing in the right district?), or the US government's use of torture in the war on terror despite treaties and the basic obligations of civilized people not to do that crap. I see little indication that Kerry would have disclaimed the power to do those things, had the vote swung a couple percentage points the other way. Bob's strategy has more going for it, but it comes down to a tradeoff between alternate uses of your time. You could devote your time to the Bush or Kerry or Badnarik campaigns, or you could improve your ability to survive whatever ugliness may come in other ways--maybe by making more money and banking it against future problems, or improving your standing in your field, so you're likely to be employable even in a massive post-terror-attack recession. Maybe just spending quality time with your wife and kids, on the theory that the bad guys may manage to vaporize you tomorrow whichever clown gets elected Bozo-in-Chief. Carol's strategy seems doomed to fail to me--look how much damage has been done to the pro-life movement by the very small number of wackos willing to shoot abortion doctors and bomb clinics. I'm always amazed at the revolutionary talk from people on this list, as though libertarian/anarchocapitalist ideas weren't an almost invisibly small minority in the US, as though some kind of unrest leading to a civil war would lead anywhere any of us would like. (Is it the secular police state that comes out on top, or the religious police state?) Eric Michael Cordian 0+ --John
Re: This Memorable Day
From: R.A. Hettinga [EMAIL PROTECTED] Sent: Nov 2, 2004 10:55 AM To: [EMAIL PROTECTED] Subject: Re: This Memorable Day .. Expect more carnage than culture when Bush is elected. I gather we waited to start the offensive in Fallujah(sp?) until the polls were all closed. I'm not sure how much of this was trying to time things not to interfere with the election (the buildup has been going on for awhile, and Kerry could have squawked about this but didn't, so presumably he didn't think it was unfair for the attack to be delayed a bit), and how much was trying to bury the coverage of a pretty bloody battle with a lot of civilians dying and a lot of peoples homes destroyed, behind the whole election coverage. Cheers, RAH --John
Re: This Memorable Day
From: Nomen Nescio [EMAIL PROTECTED] Sent: Nov 3, 2004 6:50 AM To: [EMAIL PROTECTED] Subject: Re: This Memorable Day .. The only way to move towards a more friendly world is to make people feel they are able to share the wealth and prosperity of the world. As long as there is one single person anywhere in the world hungering to death there is still a basis for fundamentalism and all the problem that leads to. Ahh. So all we have to do to end terrorism is to end poverty, injustice, and inequality all over the world. *Phew*. I thought it was going to take something hard. --John
Re: Geodesic neoconservative empire
From: R.A. Hettinga [EMAIL PROTECTED] Sent: Oct 29, 2004 7:06 AM To: [EMAIL PROTECTED] Subject: Re: Geodesic neoconservative empire .. It has always amused me that libertarians and anarcho-capitalists insist on using the language of the left to describe the things they don't like. One of the reasons that the right in this country has been so successful has been their development of a useful analytic apparatus, and corresponding language, over the past 50 years, certainly more so than the left, which is nothing but marxism, dilluted or otherwise. Is there a better term than empire for what gets built when your country goes out, invades lots of other countries, takes them over, and runs them? I don't know about other peoples' objections to this, but mine mainly involve my belief that this is an expensive and not very effective way to deal with terrorism. .. At the moment force-monopoly is, by definition of monopoly, a hierarchical market. Hence the dance with the girl that brung ya bit. They have already *stolen* my money, they might as well be doing something with it Well, the question is, what ought they to be doing with it. Invading Iraq to build a democracy there, in hopes of somehow fixing the root causes of terrorism (as similarly goofy idealists on the left once thought they could do for crime in the US), looks like a waste of time and money. I suspect we're causing ourselves more problems, as Iraq is not only a place where terrorists can go to attack the US and be attacked by us in turn, it's also a place where there are lots of people learning the basic skills of being a terrorist, gaining some experience in doing so, etc. Do you think we're going to kill all of those people? Do you think they'll all abandon terrorist tactics when things quiet down in Iraq? I know the Republican line these days is that we're safer because the bad guys are all shooting at Marines in Iraq, rather than at civilians in Des Moines. But that only makes sense if we don't end up with a much bigger problem later, as a result. Perhaps we should all have rested more secure in our beds when the jihadis were streaming into Afghanistan, where they would be killed in large numbers by the Red Army. But it's not clear that was a long-term win Anyway, you sound like there's some willingness on the part of this administration (or the one Kerry may set up in January) to actually cut government spending to other things, in order to do the nation building thing. What evidence have you seen for that, so far? .. Cheers, RAH
Re: US Retardation of Free Markets (was Airport insanity)
From: R.A. Hettinga [EMAIL PROTECTED] Sent: Oct 27, 2004 9:37 AM To: [EMAIL PROTECTED] Subject: Re: US Retardation of Free Markets (was Airport insanity) .. This is actually the running fantasy in Marxism since the 1950's, when it turned out that that, instead of the workers eating the bourgeoisie by the firelight or some Glorious Revolution or another, would instead be come bourgeoisie themselves. I think this bit gets at the heart of why the Islamic fundamentalists are hard to deal with. For most people I know, some notion of peace and prosperity is the thing we want from our governments. Different people differ on how to do that (like, whether the government should employ most of the doctors or the teachers), but that's the kind of goal that makes sense. And that's largely what the West has to offer. Not membership in a master race, or a date with destiny, or as vision of yourself as part of a great, centuries-old Jihad, but safe streets, working sewers, functioning markets, and a rising tide that promises to life all boats eventually, so that one day, your poor people, like ours, will be overweight from spending too much time sitting in front of the TV in an air conditioned room. The Islamic fundamentalists can't offer that. A country run by these guys is just not going to be in the forefront of technology, its economy will grow slowly, and it's likely to always be close to going to war with some infidels around it. No peace, not much prosperity, but a lot of capital-P Purpose. A place in history, a part of the Jihad. In this sense, it's a lot like Marxism was, back when it had serious adherents; it's a mass movement, like Eric Hoffer talks about. What Hayek called the liberal order (e.g., working minimal government, liberal democracy, rule of law) can't offer any of that. It offers safe streets and working sewers and peace and prosperity, but you have to come up with your own purpose. The irony is that the neocons seemed to be trying to build up a kind of mass movement mentality in the US, which clearly has caught George Bush and his top advisors--this wonderful notion that we're going to go out and civilize these heathens, bring them democracy and free markets, and then they'll stop wanting to be part of crazy mass movements that tell them to strap dynamite to themselves and blow up bus stops full of people. This seems doomed to fail. A lot of people in the Middle East clearly want what we're selling, but it doesn't take many suicide bombers to make that sort of thing break down. --John
Re: Donald's Job Description
From: Tyler Durden [EMAIL PROTECTED] Sent: Oct 25, 2004 9:40 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Donald's Job Description Well, the Bush supporters I've met aren't normally so sure. They'll kind of hem and haw, or saw Well, he's got advisors..., or Well, Kerry ain't any better. Once in a while they'll point to Buh's believability or decisiveness, but I've never seen anyone (besides Mr Donald) attempt the role of super-apolegist for anything the current regime has done. This is my experience, too. Bush supporters I know prefer him to Kerry, not because he's a great and infallable leader, but because they think he's doing a reasonable job relative to what Kerry would do. It's not like this is an entirely nutty position to take, since Kerry really does seem to blow a lot of smoke when talking about Iraq, albeit less than Bush does. .. --John
Re: Airport insanity
From: Tyler Durden [EMAIL PROTECTED] Sent: Oct 23, 2004 7:41 PM To: [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Airport insanity Let us not forget the more tangible 'value' in bombing the WTC and messing up things downtown. First of all, the companies in the WTC were, to say the least, impacted (actually, the company I work for lost 11 people and relocated to NJ for about a year)hitting them (and their workers) was probably not considered collateral damage by Al Qaeda, any more than bombing German or japanese urban production centers was considered that for the allies in WWII. Right. I don't visualize OBL Co sitting up nights trying to decide whether their next attack needlessly terrorizes civilians, I think that's a decision they already made. I'm pointing out that once you've started justifying acts of terror by people you agree with, it seems to be quite hard to draw any meaningful line between them and Al Qaida. Now, this causes no problem for me--OBL, Tim McVeigh, the Unabomber, they all look like remorseless murderers to me, and I see the differences between them mainly in terms of how effective and dangerous they are. .. And while I suspect that Al-Qaeda were probably unaware in advance of the impact on Telecom, the rest was certainly a conscious decision. I don't know if this was a goal, exactly, but the other thing the 9/11 attacks achieved was to scare the hell out of the power elite in the country, especially the people at the top of government, media, and finance. That made all kinds of dumb responses (some parts of the Patriot act, Bush's breathtaking claim of the power to lock up citizens without trial, his administration's equally breathtaking claim that he could ignore laws and treaties against torture on his authority, the invasion of Iraq) possible. -TD --John
Re: Airport insanity
From: James A. Donald [EMAIL PROTECTED] Sent: Oct 22, 2004 12:21 PM To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: Airport insanity All of the terrorists came from countries that were beneficiaries of an immense amount of US help. Saudi Arabia was certainly not under attack. If they were Palestinians, and they hit the Pentagon but not the two towers, then they would be defending themselves. I'm still trying to understand the moral theory on which you differentiate hitting the two towers from the Oklaholma City bombing. McVeigh (not a branch davidian) wanted to strike back at the BATF for the Waco massacre, so he killed a whole bunch of people, a few of whom were BATF employees, but not, as far as I know, anyone directly involved in the decisions that led to all the deaths in Waco. The 9/11 hijackers wanted to strike at the US for a variety of reasons, probably mostly that we're a big, visible target, but presumably also that we're propping up states like Saudi Arabia. So they killed a whole bunch of people, most of whom had nothing to do with what they opposed, but surely including people who were doing business with Saudi Arabia and Israel. If McVeigh had used a sniper rifle to kill the specific BATF agent who called for the raid/media event on the Branch Davidians' compound, I'd still think he deserved to either die or spend his life in prison, but at least I could somehow fathom the moral decision to do what he'd done--like the pro-life terrorists (ah, the irony) who assassinate abortionists. They need to be locked up, but you can at least see what they were thinking. Blowing up a building full of random people because a few of them are associated with some action you really disagree with is just outside the realm of the sort of moral decision I can figure out. Just like flying planes into buildings full of people with almost nothing to do with what you're really getting at. James A. Donald --John Kelsey
Re: US Retardation of Free Markets (was Airport insanity)
From: Tyler Durden [EMAIL PROTECTED] Sent: Oct 19, 2004 10:23 AM To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: US Retardation of Free Markets (was Airport insanity) .. In developing markets the US track record is terrible. The more we interfere and set up puppet governments and petty dictators, the result has always been the near elimination of any kind of real modern economy. More than that, some of the countries we've been kicked out or prevented from influencing have been modernizing rapidly, the most obvious example is China and Vietnam. Bolivia is interesting to watch. So, Taiwan and South Korea seem like rather obvious counterexamples. -TD --John (Not a fan of interventionist foreign policy, FWIW)
Re: Airport insanity
From: James A. Donald [EMAIL PROTECTED] Sent: Oct 20, 2004 3:10 PM To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: Airport insanity Lots of murderous terrorists have been released from Guatanamo, and in the nearly all cases the most serious of their complaints make it sound like a beach resort, except for the fact that they could not leave. Maybe I missed that. All but one of the comments I read about involved a lot of complaints about mistreatment, albeit often with the admission that Gitmo was still better than being in an Afghan prison. As a nitpick, though, it's not at all clear that most of the people at Gitmo were really terrorists, or even murderers. None of them has had a trial, few have even had hearings, and many were released as not a threat to us. (They may still be a threat to everyone else around them.) A few have more serious complaints. Either they are lying or, those who say they were well treated apart from being held captive are lying. Surely the other alternative is that only some prisoners are subjected to torture, e.g., the ones that look to have some serious intelligence value. James A. Donald --John
RE: Airport insanity
From: James A. Donald [EMAIL PROTECTED] Sent: Oct 16, 2004 7:01 PM To: [EMAIL PROTECTED] Subject: RE: Airport insanity .. On 15 Oct 2004 at 16:32, Tyler Durden wrote: .. He might have looked odd from the photo you saw circulated in the press, but I'd bet a lot of money no one would have picked him as looking like a terrorist. But the people sitting beside him did pick him as looking like a terrorist. What's the false positive rate? It's one thing if you see some guy lighting a fuse sticking out of his shoe, and quite another if you say You look kinda terroristy; I'm sending you off the plane. This works as a reasonable strategy only if: a. The probability ratios don't work out so that the overwhelming majority of people you throw off planes are innocent. (They almost certainly will, just because terrorists are so rare.) b. The terrorists can't figure out how to make themselves look less threatening. --digsig James A. Donald --John
Re: Airport insanity
From: James A. Donald [EMAIL PROTECTED] Sent: Oct 16, 2004 7:22 PM To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: Airport insanity .. Oh, and every white American (recall numerous references to Mr. McVeigh) Mc Veigh did not target innocents, and if he did target a plane full of innocents, perhaps in order to kill one guilty man on board, there is no way in hell he himself would be on that plane. Well, he targeted a building full of innocents, so he could get some BATF people in one part of the building, right? I guess I'm missing the part where he took especial care not to blow up people who had no connection with the Waco disaster. How would you differentiate his target selection from that of the 9/11 attackers who hit the Pentagon? Though you're right, he didn't do the suicide bomber thing. Does that constitute a guarantee that no white terrorist ever will do so? (After all, an awful lot of Arab terrorists also plan on living to fight another day.) --digsig James A. Donald --John
Re: Airport insanity
From: James A. Donald [EMAIL PROTECTED] Sent: Oct 16, 2004 2:27 PM To: [EMAIL PROTECTED] Subject: Re: Airport insanity For whatever reason, pictures of me always come out looking like some crazed religious fanatic. But that doesn't mean that I'm going to bomb anything. And I sure hope that I'm not going to be detained or denied entry because of how I *look*, alone. If you really look like the shoe bomber, then you should have to drive, or use public transport. --digsig James A. Donald Surely this is a matter best left to the private companies offering transportation, subject only to restrictions to prevent future 9/11 attacks. --John
RE: Airport insanity
From: Tyler Durden [EMAIL PROTECTED] Sent: Oct 15, 2004 10:02 AM To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: Airport insanity First of all, the guy is a major dumbass... My profile is radically different from all those who killed nearly 3,000 of my countrymen on September 11, 2001. My holy book of choice is the Bible. My race is Caucasian. I am a loyal, taxpaying, patriotic, evil-hating, English-as-first-language, natural-born American. If profiling were allowed, I wouldn't be the one filling out government forms to prove I'm not a terrorist. The other guys would. I'm thinking that the state-of-the-art on Cypherpunks is such that no real comment here is necessary. Ahh, thanks for flying, Mr McVeigh. You're in seat 1A, just behind the cockpit. We like to put patriotic Americans there to make sure there's no risk of in-flight terrorism. This is precisely why Al-Qaeda sent 19 (or probably more) true-believers. Even if TSA lowers the odds, all you have to do is roll the dice many more times, and a few of the faithful will definitely get through the checkpoint. Security measures might stop a lone crazy, but the odds don't stand up if they send dozens of people into airports all around the country. And Iraq II is promising us a bumper crop of new 'terrorists'. Yep. It gives you a warm feeling all over to know that we're spending billions of dollars on running a nation-sized terrorist training camp. Ah, but not to worry. *These* terrorists won't get WMDs. We know, because apparently there's not a gram of WMD anywhere in Iraq. And besides, A.G. Khan has been brought to justice, and is now requiring proof of identity and a major credit card before shipping you the Nuclear Weapons Program in a Box set, and North Korea is too busy stockpiling nukes and missiles for an upcoming negotiated settlement to certain border questions to sell any of them to any (other) crazies. Why the only other place where there's a risk of nuclear proliferation is in the old Soviet Union--and we all know *they* don't have any Islamic fundamentalist terrorists running about. So we can clearly rest easy. It's a good thing we've got an administration in the White House who cares about security and the war on terror. Otherwise, I'd be a mite worried about now .. -TD --John Kelsey
Re: Implant replaces ID cards for access to restricted areas.
From: Steve Furlong [EMAIL PROTECTED] Sent: Oct 9, 2004 7:44 AM To: [EMAIL PROTECTED] Subject: Re: Implant replaces ID cards for access to restricted areas. On Thu, 2004-10-07 at 02:20, Nomen Nescio wrote: Mexican Attorney General, Staff Get Chip Implants Implant replaces ID cards for access to restricted areas. I think I'd get the implant under my scalp somewhere. If the implant gave access to a really critical place, I wouldn't want to risk losing an arm or whatever. Also, I'd be able to block the implant's signals with my nifty tinfoil hat. I've been waiting for a use for that thing. Actually, I think the protocol requires that it be placed on your forehead, right under the tattooed sixes. Or maybe I'm getting my protocols mixed up --John
Re: Cash, Credit -- or Prints?
From: Tyler Durden [EMAIL PROTECTED] Sent: Oct 12, 2004 1:43 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Cash, Credit -- or Prints? .. Very interesting question. I'd bet almost any amount of money that it's fairly trivial to simply alligator-clip-out the fingerprint's file from almost any of the cheaper devices. Hell, I'd bet that's true even of more expensive secure devices as well. I don't think the readers store an image of the fingerprint, just some information to make it easy to verify a match. I don't think you could reconstruct a fingerprint from that information, though you could presumably reconstruct a fingerprint image that would fool the detector. From what I've seen, the whole field of biometrics needs a lot of work on characterizing the attacks and defenses against them, and coming up with reasonable ways to verify that a reader resists some attack. I think individual vendors often have some ideas about this (though I gather their defenses are often disabled to keep the false reject rate acceptably low), but there doesn't seem to be a clean process for determining how skilled an attacker needs to be to, say, scan my finger once, and produce either a fake finger or a machine for projecting a fake fingerprint into the reader. Anyone know whether some kind of standard for this exists? -TD --John
Re: ID Rules Exist, But Can't Be Seen
From: Tyler Durden [EMAIL PROTECTED] Sent: Sep 30, 2004 5:06 PM To: [EMAIL PROTECTED] Subject: ID Rules Exist, But Can't Be Seen .. For instance, is it indeed possible that revealing this rule would pose an additional security risk? If such a rule exists (and it does) then hijackers obviously already know about it. Could this rule also reveal some deeper secrets about how hijackers can be detected? I seriously doubt it. One possibility raised by Dan Simon (I think) on Eric Rescorla's excellent blog is that the rule is part of some monthly briefing that is sent out, which might include some kind of information they'd rather not have published, e.g., be especially careful about anyone carrying a guitar case; we've heard rumors about using one to bring a Tommy gun onboard. Then of course, the argument may be that the government wanted to hide the rule for the very reason of making it more unassailable. In other words, if the rule were known, then it might be more easily contested in court. Hiding the rule protects the law which in turn protects national security. Maybe. I guess the thing that's confusing about any of these answers is that the rules as they're applied must be propogated to thousands of people. It's not like they could easily hide guidance like no more than 10 Arabs per flight or double-screen anyone with brown skin and a Koran--someone would leak it. Perhaps the written rules include things like this that they don't want to subject to court scrutiny, but then how do they get that down to the people doing the screening at the gate? The whole idea of laws that the citizens aren't allowed to see just sounds like something you'd expect in some godawful third-world dictatorship, not in the US. -TD --John Kelsey
RE: Mystification of Identity: You Say Yusuf, I Say Youssouf...
From: Tyler Durden [EMAIL PROTECTED] Sent: Sep 27, 2004 10:00 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Mystification of Identity: You Say Yusuf, I Say Youssouf... Many Cypherpunks view the need to take up crypto arms to stem off an Orwellian, hyper-evil and hyper-competent dictatorship. I'm thinking a more likely (and no less threatening) scenario is one like Brazil (ie, the movie). Yep. It turns out that broad and scary police powers don't make you any smarter or wiser or more careful, they just make it easier for you to insist on obedience and stifle complaints. Post 9/11, flight attendants and airline employees have more authority to order passengers around and deny people boarding, but they're still the same people they were on 9/10, they're presumably only marginally better at spotting terrorists (at least not obviously Arab-looking terrorists). They just have more power, and fewer consequences when they screw up. .. -TD --John Kelsey
Re: potential new IETF WG on anonymous IPSec
From: Major Variola (ret) [EMAIL PROTECTED] Sent: Sep 17, 2004 10:27 PM To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: potential new IETF WG on anonymous IPSec At 06:20 AM 9/17/04 +, Justin wrote: On 2004-09-16T20:11:56-0700, Major Variola (ret) wrote: .. Oh, come on. Nothing can be absolutely trusted. How much security is enough? Aren't the DOD CAs trusted enough for your tastes? Of course, 'tis problematic for civilians to get certs from there. DoD certs are good enough for DoD slaves. Hospital certs are good enough for their employees. Joe's Bait Und Tackle certs are good enough for Joe's employees. Do you think that Verislime is good enough for you? You seem to have rediscovered the fact that crypto can move trust around, but can't create any. You have to decide to trust someone for it to be useful. The great problem with practically using this stuff is getting someone that you're comfortable trusting, who can then use crypto to move the trust around in a sensible way. The condition necessary for Verisign certificates to have a lot of trust, to me, is for the appearance of a fraudulent Verisign certificate to be a major scandal, leading to the CEO getting canned, the stock price dropping by some large fraction, and a huge fall-off of business for their CA. When that isn't the case (for the high security certs; it's clearly silly to expect it for low-security ones), the CA doesn't have as much incentive as I'd like to be careful about forgeries. You'd like the exposure of a fraudulent certificate signed by a CA to have the same kind of effect as the exposure of a bank being unable to produce the money a depositor demands. Fraudulent certificates issued for any purpose--whether furnishing fake IDs to FBI agents, or to Al Qaida terrorists, or to random Nigerian-scam operators--leave a permanent trail; the recipient of the certificate can show it around when he discovers it's fraudulent. If the last step of this protocol for the CA is and then you go out of business, the incentives not to issue fraudulent certificates looks right. --John
Re: Academics locked out by tight visa controls
From: R. A. Hettinga [EMAIL PROTECTED] Sent: Sep 20, 2004 8:33 AM Subject: Academics locked out by tight visa controls http://www.mercurynews.com/mld/mercurynews/9710963.htm?template=contentModules/printstory.jsp Posted on Mon, Sep. 20, 2004 Academics locked out by tight visa controls U.S. SECURITY BLOCKS FREE EXCHANGE OF IDEAS By Bruce Schneier .. I guess I've been surprised this issue hasn't seen a lot more discussion. It takes nothing more than to look at the names of the people doing PhDs and postdocs in any technical field to figure out that a lot of them are at least of Chinese, Indian, Arab, Iranian, Russian, etc., ancestry. And only a little more time to find out that a lot of them are not citizens, and have a lot of hassles with respect to living and working here. What do you suppose happens to the US lead in high-tech, when we *stop* drawing in some large fraction of the smartest, hardest-working thousandth of a percent of mankind? --John
Re: BrinCity 2.0: Mayor outlines elaborate camera network for city
From: R. A. Hettinga [EMAIL PROTECTED] Sent: Sep 9, 2004 9:50 PM To: [EMAIL PROTECTED] Subject: BrinCity 2.0: Mayor outlines elaborate camera network for city .. Some people are concerned about Big Brother invading their privacy but Mayor Daley says the cameras will be located in public areas. Fortunately, all this is happening in a town noted for its trustworthy and honest government, and under a mayor with no tendency to use any excuse he can find to grab power, tear up airports he doesn't like in the middle of the night, etc. .. R. A. Hettinga mailto: [EMAIL PROTECTED] --John Kelsey
Re: Seth Schoen's Hard to Verify Signatures
From: \Hal Finney\ [EMAIL PROTECTED] Sent: Sep 8, 2004 2:48 PM To: [EMAIL PROTECTED] Subject: Seth Schoen's Hard to Verify Signatures The method Seth describes is to include a random value in the signature but not to include it in the message. He shows a sample signature with 3 decimal digits hidden. The only way to verify it is to try all possibilities for the random values. By controlling how much data is hidden in this way, the signer can control how long it will take to verify the signature. I've seen this described in a paper by Abadi, Lomas Needham as an alternative to a high iteration count for password hashing. Hal Finney --John Kelsey
RE: Another John Young Sighting
From: Trei, Peter [EMAIL PROTECTED] Sent: Aug 24, 2004 9:39 AM To: Tyler Durden [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: Another John Young Sighting .. 5) CYA. Since 9/11, the lower echelons of the security apparatus know that if Something Bad happens, and they are shown to have discounted any hint or suspicion concerning any person even very peripherally involved, their ass is grass and their career goes in the toilet. Yep, I think you hit it on the head. I'll bet the list of suspected terrorists never get a name removed other than by death, if then. Who wants to be the guy who correctly assessent the evidence to remove someone's name, only to have the same guy blow up a plane a year later? IMO, this seems like a fundamental problem with watchlists. Peter --John Kelsey
Re: On what the NSA does with its tech
From: Major Variola (ret) [EMAIL PROTECTED] Sent: Aug 2, 2004 11:56 PM To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: On what the NSA does with its tech .. What they can do is implement an advanced dictionary search that includes the kind of mnemonic tricks and regexps that folks typically use when coming up with tough passphrases. Cracking Italian anarchist PGP-equipt PDAs in their possession, things like that. Yep. This seems like the practical weak link in a lot of uses of cryptography. It can be made harder in a lot of ways (e.g., upping the iteration count, or doing Abadi's trick of generating a big salt value but not disclosing all of it), but all this ends up with the attacker's extra work linear in the user's extra work. Of course, if the user chooses good passwords, it's a pretty big linear factor, but it's still linear--I double my iteration count, and the attacker doubles his work, though he's always doing a million times as much work as I am. The only really good solution is to use some external device to mediate in password-key generation. But then you've got to make sure that device is always available, or you're unable to get at your data. And if that device is an online server somewhere, then password encryptions become partly traceable. --John Kelsey
Re: Email tapping by ISPs, forwarder addresses, and crypto proxies
-Original Message-
From: Major Variola (ret) [EMAIL PROTECTED]
Sent: Jul 30, 2004 10:25 PM
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
Subject: Re: Email tapping by ISPs, forwarder addresses, and crypto proxies
The profitably part is a non-issue when you have black budgets,
ie $400 toilet seats.
This is silly. They have black budgets, but not infinite ones. Given their budget
(whatever it is), they want to buy the most processing bang for their buck. I doubt
they can do that substantially better than anyone else. I'd expect them to be really
clever at finding tricks to optimize keysearch of various kinds, but not to have
better microprocessor technology than the rest of the world.
Bottom line: they're not ahead in tech, but they can make things that
private-co engineeers only dream of. DesCrack is a suitcase, get it?
So, then they can break 3-key 3DES with moderate numbers of texts as soon as they can
build 2^{56} such suitcases, right? And power them, and get rid of their waste
heat
I'll let you speculate on AESCrack :-)
Do the math, and you'll see how implausible 128-bit keysearch is. Maybe there are
better attacks on AES (the algebraic stuff doesn't seem to have gone anywhere, but it
still might), but if keysearch is all we have to worry about, and nontrivial quantum
computers remain impractical to build, then 128-bit keys are as secure as we're ever
likely to need, and 256-bit keys more or less eliminate keysearch of any kind from the
list of things we need ever worry about again.
--John
Re: Tyler's Education
From: J.A. Terranson [EMAIL PROTECTED] Sent: Jul 4, 2004 12:57 AM To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: Tyler's Education Interestingly, I have had more than one report of aural acquistion of typists keystrokes being used to attempt to calculate the content of a short keysequence (I assume a password is what was meant by short keysequence). These reports indicated poor, but occasionally lucky results. I wonder if this follows the technique used by Song, Wagner, Tian to attack SSH-encrypted passwords by watching keystroke timings. J.A. Terranson [EMAIL PROTECTED] --John Kelsey
Re: Palm Hack?
I think the notion of someone using your IR beaming capacity against your will is at least a possible threat (imagine what happens if I get a trojan onto your Palm that's supposed to leak data--it could just listen on the IR port, and hand over your data when I get it the right message.) Some people tape a piece of aluminum foil over the IR port of their Palm to make this class of attacks harder. --John
Re: SASSER Worm Dude
At 12:47 PM 5/11/04 +0100, Dave Howe wrote: .. I think you are thinking in terms of the American age scale - In england (and over most of europe although obviously it varies), 18 is old enough to marry without parental permission, be served in a bar, drive, and be a practicing homosexual. At 16 you can have hetrosexual relationships, marry with parental permission, work (and pay taxes) and rent property in your own name (you can *own* property from 12) Everywhere in the US, you can go to jail for criminal acts when you're 18. It's not clear why writing a computer worm is any different in that regard than fraud or theft. I think that's generally true. In some states, much younger people have been sentenced to death. --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
Re: CDR: Re: Can Skype be wiretapped by the authorities? (fwd from em@em.no-ip.com)
At 01:40 PM 5/10/04 -0500, Brian Dunbar wrote: On May 10, 2004, at 1:30 PM, Jack Lloyd wrote: Like it matters. Do you really think that the government would really allow Intel and AMD to sell CPUs that didn't have tiny transmitters in them? Your CPU is actually transmitting every instruction it executes to the satellites. That's a subtle bit of humor, right? Actually, pretty much all unshielded computer hardware effectively has a transmitter in it. Google for side-channel attacks DPA and TEMPEST for more info. That's not a matter of transmitting to the satellites, but it may be a matter of transmitting to the van parked outside your house ~~brian --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
From: Tyler Durden [EMAIL PROTECTED] Sent: Apr 23, 2004 10:09 AM To: [EMAIL PROTECTED] Subject: Re: [IP] One Internet provider's view of FBI's CALEA wiretap push .. Well, what if there were 3 passwords: 1) One for Fake data, for amatuers (very few of the MwG will actually be smart enough to look beyond this...that's why they have guns) 2)One for real data...this is what you're hiding 3) One for plausible real data, BUT when this one's used, it also destroys the real data as it opens the plausible real data. The obvious problem with multiple levels of passwords and data is: When does the guy with the rubber hose stop beating passwords out of you? After he gets one? Yeah, that's plausible, if he's convinced there's only one. But once he's seen a second hidden level, why will he ever believe there's not a third, fourth, etc.? The same calculation applies to a judge or district attorney. He *knows* (even if he's wrong) that there's evidence of kiddie-porn, drug dealing, etc., in there somewhere. He knows you've given up two passwords. Why is he ever going to let you out of jail, or ever going to reduce the charges down to something a normal human might live long enough to serve out the time for? -TD --John
Re: legally required forgetting
At 07:20 PM 4/10/04 -0400, An Metet wrote: .. BlackNet thwarts such limitations on the reporting of consumer credit. Clearly, providing access to this data harms individual privacy. Yet Cypherpunks traditionally have supported this concept. A privacy advocacy group promotes technology which would aid the compilation of individual dossiers and allow access to personally identifying data about past financial transactions. All that's needed is for a creditor to publish the names and addresses of his 180-day overdue accounts in some public forum, or to file lawsuits that become public record. Web-accessible archives will do the rest. It's not like the credit reporting rules would necessarily keep a private investigator now from finding out that you declared bankruptcy twenty years ago. .. Today, the Cypherpunks list is but a shadow of its former glory, with anarcho-capitalism all but forgotten in favor of fashionable nihilism, libertarians replaced by liberals. Perhaps it is not too late to resurrect the ideals of the past, but it will require hard work and open mindedness on the part of all. Well, some of the ideals, or at least assumptions, haven't survived encounters with the facts too well. Moore's law has continued apace, strong crypto is widely available, but would anyone claim we have more privacy now than in 1990? Nor is this only because of 9/11 (asymmetric warfare apparently *does* work pretty well, though it's hard to see how that's done anything for the cause of freedom in the US); surveilance cameras, OCR, biometric readers and data mining techniques are all getting cheaper. The split seems to be that most people lose privacy, while those who really care a lot gain a little privacy, albeit by standing out as obvious people-with-something-to-hide, activists, or cryptographers. The math behind anonymous payment schemes is well-understood, and processors are fast enough to do signatures and blinding and all the rest pretty painlessly, now. But e-commerce is still all about credit cards over SSL (on a browser that is manifestly *not* a piece of security software!), if that. It's ironic. All the things that seemed like barriers to serious privacy for the masses--Clipper, export controls, the RSA patent, processors barely powerful enough to do serious public key operation before the user lost patience--are either gone or much-diminished. But we still don't have serious privacy for the masses, or even widespread use of crypto in a way that protects communications privacy. It's not like I expected my mom to be making her money trading gold-denominated Burmese opium futures[1] by now. But I at least expected my phone calls and e-mails to her not to be trivially tapable! [1] Classical reference --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
RE: voting
twenty other sets of tradeoffs. I'm not at all convinced that the way we optimize for best security is to minimize technology. I agree that it's easy to get carried away by the elegance of your mathematics, or by the really spiffy blinking lights on the computer, and forget the essentials. But technology and math aren't somehow inherently bad things to introduce to voting systems. It just has to be done in a way that makes sense, right? .. I do think electronic voting machines are coming, and a good thing. But they should be promoted on the basis that they are easier to use, and fairer in presentation, then are manual methods. Promoting them on the basis that they are more secure, and less subject to vote tampering is simply false. Less subject to vote tampering than the old machines with mechanical counters and levers? That's not too hard. Less subject to vote tampering than paper ballots marked by hand, that may be a little more of a challenge. I think it's more fair to say that the attacks and threats will be different, and that the risk of a class break (work out the details of the attack once, then change votes all over the country) is seriously scary. But it's sure not clear to me that adding computers to the mix must decrease security, or even must leave it unchanged. Peter Trei --John Kelsey, [EMAIL PROTECTED], who is definitely speaking only for himself. PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
Re: Liquid Natural Flatulence
Anyway, about a decade ago, Distrigas, the company that owns the facility in question, ran several *military* -- not law-enforcement - -- anti-terrorism scenarios to see exactly what would be needed to take the place out. What I've heard, albeit second-hand, is that in order to get a useful amount of that halfway-to-absolute-zero natural gas actually *flammable*, much less explosive, someone would have to ring the whole tank with a *huge* amount of explosives themselves, I'm no big fan of science by press release, but when's the last time you heard of anyone saying Well, we looked at our security situation, and two teenagers with bottle rockets could set this thing off. That's why the CEO has decided to move out of town. The usual response after you've pointed out a devastating attack on someone's system is yeah, but who'd think of that or but you're being unrealistic--real attackers will do this other thing (that we just happen to have defended against) instead. Cheers, RAH --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
Re: 1st amend, compelled speech in US
At 09:47 AM 1/22/04 -0800, Major Variola (ret.) wrote: ..public health officials are considering legal action to force AOL and certain websites to warn members about... http://wired.com/news/medtech/0,1286,62005,00.html?tw=wn_tophead_2 Yep. Because if watching a whole generation of terrifying death rates among gay men doesn't convince you to take some precautions to avoid getting AIDS, a banner ad on AOL is probably going to do the trick. Compelled speech is prohibited, suggesting it is treason, no matter the reason. Not treason. Not even unconstitutional if they're planning to sue to try to force AOL to put up some condom ads, though I can't see how they'd win in court. Just really stupid policy. --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
Re: DoS-ing fatherland goons
At 11:01 AM 1/3/04 +0100, privacy.at Anonymous Remailer wrote: If we put aside the probable and obvious cause for disrupting the air traffic - namely, introduction of the permanent emergency state (in the future 2-3% of all flights may be affected - small price for maintaining the power), I wonder what are the logistics of injecting false information into the snooping systems. It sure looks Al Qaida et al have already figured this out. There just so happens to be chatter indicative of a major attack before every major holiday. This seems to lead to three possibilities: a. AQ has worked out that it's cheaper and safer to disrupt life in the US by chatter than by actually trying any attacks here, and disrupting holidays is more fun. b. There really have been attacks planned, but they've either been foiled actively (e.g., the terrorists got arrested or shot or something before the attack took place) or passively (e.g., the higher alert status, changes to security procedures, etc., have made the terrorists postpone their attacks. c. There really isn't much useful information about AQ plans in the available intelligence, and what we're seeing is the intelligence community's priors (in the Bayesian sense; their prior assumptions are swamping the effects of their meager data). .. --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
Re: Singers jailed for lyrics
At 05:56 PM 12/30/03 -0800, Major Variola (ret) wrote: At 07:48 PM 12/26/03 -0500, Michael Kalus wrote: Then I guess you better start liberating the world. If I were a neocon asshole, I would. Instead, I regard liberation as a local task, and interfering with sovereignty as the initiation of force, ie an act of war. Well, clearly bombing and invading them was an initiation of force, in the most literal sense--we shot first. But while I can see that individuals have a right that you violate by initiating force against them, I don't see how that can apply to governments, especially governments whose main method of keeping power involves terrorizing their citizens. Did the Iraqi government have a right to stay in power, or at least not to be invaded? Where did that right come from? From the rights of its people, most of whom apparently didn't have a hell of a lot good to say about it? (That doesn't mean they like *us*, of course.) In the most morally neutral case, this is like one criminal gang attacking another. If the Sopprano family invades the Bozini family's turf, takes over their protection rackets, and hunts down their godfather, it could be messy, and it really will be an initiation of force in the most literal sense. But is this the same kind of initiation of force that we normally talk about when, say, a mugger knocks me over the head and takes my laptop and wallet? (And of course, it's not that morally neutral. It's more like a bunch of vigilantes from the neighborhood next door getting rid of the gang running your neighborhood, for reasons of their own, but probably to your benefit.) None of this means it made any sense for us to invade Iraq, or that we did it mainly to liberate oppressed Iraqi citizens. But I think using the same kind of language for interactions between individuals and between governments is a mistake. --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
Re: Vengeance Libertarianism
At 10:18 AM 12/31/03 -0600, Harmon Seaver wrote: It's not that just some humans are useless eaters, it's that all are, and the Goddess Gaia is clearly hard at work trying to rectify this situation with a variety of new bioweapons, i.e., AIDS, ebola, etc. which will soon, I'm sure, reduce the human population as is most necessary, by half, if not three-quarters, or perhaps just eliminate it all together -- to the wild applause of the rest of the Earth. You do know she's been trying the same scheme for several hundred thousand years, right? As an artist, I think she's in a creative decline. Ebola is picturesque and flashy, but not all that scary unless your funeral rites involve lots of contact with the blood of your dearly departed. AIDS is more subtle, rather like syphlus before good antibiotics, but it's not her best work. Even SARS is Yet Another Coughed Contagion. If I recall correctly, smallpox got 90% of the American Indians who were exposed, and measles killed something like 1/3 of Roman citizens. Bubonic and pneumonic plague swept through European cities and wiped out huge numbers of people, and they're still with us, though mainly places with lousy public health and sanitation. And lets not forget her original innovation for discouraging cities, death-by-crapping-out-all-your-electrolytes. If diseases get us, they won't be Gaia's work, but rather some of her more modern imitators in the bioweapons labs of various countries. Like every great artist, she's spawned a host of followers, mostly not too imaginative, but some of whom may take her ideas and techniques to undreamt-of levels. .. Harmon Seaver --John (*cough, cough*) Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
Re: Zombie Patriots and other musings
At 12:34 PM 12/14/03 -0800, Major Variola (ret) wrote: At 11:52 AM 12/13/03 -0500, John Kelsey wrote: .. One interesting property of the lone warriors is that they can't actually make peace. Good points, but not entirely true. For instance, we could stop the Jihad (tm) (including future Jihads by other parties) by stopping all foreign aid, following the good general's advice, Trade with all, make treaties with none, and beware of foreign entanglements. So, I think that's pretty sound advice, but I don't think any of the top ten reasons for supporting it involve whether Al Qaida will stop attacking us. Maybe they will, maybe they won't, but our foreign policy ought to be made based on what is in our long-term best interest (our meaning American citizens); realistically, terrorist attacks are a fairly small part of that calculation. For example, we could presumably beat China in a war, but such a war would be enormously more expensive and dangerous than fighting Al Qaida. If continuing to play world's policeman improves our chances of avoiding war with China, at the cost of bringing about some attacks from Al Qaida, that's a win for us. Now, I suspect that playing world's policeman does *not* make us less likely to get into really dangerous and expensive war, and often gets us caught up in little wars that could expand into bigger ones. (The Korean war apparently came relatively close to getting us into a war with China, for example.) But there's at least some argument to be made about that--for example, by ensuring the security of Japan and Germany, we have avoided having two potentially very well-armed and dangerous opponents wandering around, possibly going on an empire-building spree that would have forced us into a nuclear war with them sooner or later. .. Of course, there's a more fundamental problem with surrendering to the lone warriors. Imagine that there's such a wave of pro-life terrorism that we finally agree to ban abortion. You're a fanatically committed pro-choice activist. What's your next move? Rudolph bombed clinics, not random people because the govt allowed the clinics. Contrast with a distributed jihad which attacks citizens to sway a govt. Isn't he alleged to have also done the Olympic Park bombing? (Who knows whether he really did, or whether the FBI just assumed he had so they'd only have one domestic terrorist at large.) Anyway, my point is that it's never going to be acceptable for the US government to pull out of making decisions about policy within the US. A campaign of terrorism against abortion clinics, or against liquor stores, or against bookstores, can't be responded to by changes in policy to appease the terrorists without giving up on any kind of a free society. --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
Re: Don't worry...it's just one of Saddam's doubles
At 02:08 PM 12/15/03 -0500, Tyler Durden wrote: .. Well, of course Saddam is going to test positive...he's apparently an actual CLONE. Actually, from what I understand this is the 'original' Saddam (note how much older he seems than the Saddams we've been seeing in the press over the last few years), but he hasn't actually controlled things for a couple of decades. The Saddam we're really looking for is approximately Saddam #3, and he's still at large, and directing the insurgency. _The Boys from Baghdad_, coming soon to a theater near you. -TD --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
Re:Textual analysis
At 09:44 AM 12/13/03 -0600, Harmon Seaver wrote: .. And what is my supposed three-space paragraph lead-ins? The concept of textual analysis to prove ID has always amused me. A competent writer can easily change writing styles from moment to moment. I well recall a university english lit prof almost accusing me of plagarism when I wrote a piece mimicking Faulkner and doing so well enough that the prof actually started looking thru his works trying to find it. Textual analysis correctly identified the author of _Primary Colors_, though that was from a pretty small field of people with the right level of inside knowledge. Does anyone know whether there have been real randomized trials of any of the textual analysis software or techniques? E.g., is this an identification technique like DNA, or is it an identification technique like retrieving repressed memories under hypnosis (or, equivalently, consulting a ouiji board)? It's not obvious to me how you'd change your writing style to defeat these textual analysis schemes--would it really be as simple as changing the average length of sentences and getting rid of the big words, or would there still be ways to determine your identity from that text? I'm thinking especially of long discussions of technical topics--if I wrote a five page essay on what to look at when trying to cryptanalyze a new block cipher, I think it would be hard to keep readers who knew me from having a pretty good guess about the author, even if I tried changing terms, being more mathematical and less conversational, etc. (Though this is more of a problem with humans familiar with my writing style, rather than with automated analysis.) Harmon Seaver CyberShamanix http://www.cybershamanix.com --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
Re: Zombie Patriots and other musings
At 09:19 AM 12/12/03 -0800, Major Variola (ret) wrote: .. You need to think about the lone warrior scenario that the Gang worries about. McVeighs and Rudolphs. They were influenced by memes which were not immediately suppressed. One interesting property of the lone warriors is that they can't actually make peace. With large sets of them, there's not only no way to force them to surrender, there's no way to even surrender to them! The demands of different lone warriors are different. Because they're not under anyone's authority, you can't negotiate a truce that's worth anything with them. You've executed the FBI and BATF agents involved in the Waco disaster, and so Tim McVeigh has made peace with you. But Randolph still blows things up, because he wants abortion clinics and gay bars shut down. And the Unabomber wanted (as far as I can tell) technology shut down. Of course, there's a more fundamental problem with surrendering to the lone warriors. Imagine that there's such a wave of pro-life terrorism that we finally agree to ban abortion. You're a fanatically committed pro-choice activist. What's your next move? --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
RE: Zombie Patriots and other musings [was: Re: (No Subject)]
At 02:07 PM 12/11/03 -0500, Trei, Peter wrote: It's worth noting that despite over a decade of this rhetoric, not a single terminally ill American has done this, so far as I am aware. Well, I think for most terminal illnesses, by the time it's obvious you're really not going to live much longer, you're pretty damned sick. And until then, you'd probably like to make some personal use of what days or weeks you have left doing something like talking to your kids, praying, composing that last piece of music, etc., rather than blowing random strangers up to make some political point. (Wouldn't it be a hell of a depressing statement about yourself, if you really believed that the most valuable use of the last hours of your life of which you were capable would involve strapping some dynamite to yourself and taking out a busload of random strangers?) Along with that, most people care about either the afterlife form of immortality, or at least the reputation/legacy form of immortality. Even if you don't worry about lakes of fire and red guys with pitchforks, you might prefer not to have your family and friends humiliated and ashamed at the mention of your name. (Oh my God! That was *your* son? How do you live with that?) The *only* even vaguely simlar cases I'm aware of are in India and Sri Lanka, where young Hindu widows (who, in traditional Hindu society have very dim prospects for a happy life) are recruited as suicide bombers by the Tamil Tigers. I think Rajiv Ghandi's assassin was such a woman. So there, the women are still healthy enough to do something, and doing the suicide bombing thing won't leave behind a legacy of relatives who change their names to avoid being associated with you. Peter Trei --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
RE: Stego worm
At 08:09 PM 12/11/03 -0500, Tyler Durden wrote: .. As for Variola's comment, you might be right. I just assumed there's some kind of relationship between LSB and those spatial freuencies wherein image information might be stored. Actually, I would still think there's a relationship, in which case an Echelon-like approach based on ffts and noise templates might be going on (hence the usefulness of jamming). Well, you're going to have a model for your covertext. Maybe that's the statistical distribution of low-order bits in the image file, maybe that's the distribution of packet arrival times. You encode messages in your covertext by making up new covertexts (maybe from existing or old ones) that fit the same model. If an attacker has no better a model than you do, he can't tell stegoed covertext from unstegoed covertext. If an attacker has a better model, he may be able to tell the difference. Let's make this concrete. Suppose I decide to encode my real message to you in the time I send this e-mail. If I have 24 hours in which I'm willing to send this message, I can encode one of about 80,000 messages to you, since the timestamp goes down to the second. Now imagine an attacker who doesn't know anything about me. He has no reason to be surprised at any time I might be sending messages to you, so to him, this isn't a terrible scheme. Now imagine an attacker who knows I work a 9-5 job. He ought to be quite surprised at seeing e-mail from me at 10:30 AM on Friday, because I'm supposed to be in the office then. He ought to be pretty surprised at seeing e-mail from me at 4 AM, because that will make it hard for me to make it to work in the morning. He has a better model of what the covertext (the time I send the e-mail) should look like, so he can see a couple of innocent-looking e-mails from me to you with weird timestamps, and have some reason to suspect something interesting is going on. .. -TD --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
Re: Deniable data storage
At 06:58 PM 11/5/03 -0800, James A. Donald wrote: I want to store information deniably. .. This would contain various items of information that one could extract by supplyin a secret, symmetric, key. A random key would extract a block of gibberish of random length There would be no indication as to how many bits of meaningful data were stored in the block, though obviously they would have to add up to less than the size of the block. I believe one of Ross Anderson's students did something like this a few years ago, basically using error-correcting codes with a lot of redundancy. The basic idea is that you use some kind of massive error correction and use a different sequence of bits with each key, so that you're very unlikely to have enough of your message bits clobbered by another message to make it impossible to decode correctly. (It seems like there'd be a problem with information leakage about number of channels here, if you had a message encoded in that block of bits, because you would know when you decoded it how often you'd had bits flipped, but maybe they resolved that somehow.) --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
Re: paradoxes of randomness
At 08:45 AM 8/19/03 -0700, Tim May wrote: .. (I strongly urge you to actually do this experiment. Really. These are the experiments which teach probability theory. No amount of book learning substitutes.) Yep. I've often thought that one benefit to playing RPGs when I was younger was directly observing lots and lots of rolls of various kinds of dice. That gives you an intuition for how unlikely things can happen sometimes, for the difference between very unlikely and impossible, etc. So the coin has been tossed twice in this particular experiment. There is now the possibility for equal numbers of heads and tailsbut for the second coin toss to give the opposite result of the first toss, every time, to balance the outcomes, the coin or the wind currents would have to conspire to make the outcome the opposite of what the first toss gave. (This is so absurd as to be not worth discussing, except that I know of no other way to convince you that your theory that equal numbers of heads and tails must be seen cannot be true in any particular experiment. The more mathematical way of saying this is that the outcomes are independent. The result of one coin toss does not affect the next one, which may take place far away, in another room, and so on.) In fact, I believe this is the trick that makes it very easy to distinguish between sequences of coin flips that really happen, and ones that are made up by a human. The human tends to try to make things even out over time. --Tim May --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
RE: JAP back doored
At 05:54 AM 8/22/03 +0200, Thomas Shaddack wrote: On Thu, 21 Aug 2003, Vincent Penquerc'h wrote: Still useful to protect against third party eavesdroppers, I guess. Could it be at least somehow useful as a part of some bigger scheme, a layer of a cake? Can a distributed multilayered proxy be built with some less-than-trusted components? For this kind of system, I think it's really hard to get much security from the people at the endpoints of the chain of anonymizers. Specifically, if the attacker has control of both the entry and exit anonymizer, or if he has control of, say, a target site and the entry anonymizer, he can pretty reliably unmask the user's identity with just a few minutes of browsing. Wei Dai discussed this idea several years ago, and I later reinvented the same idea. --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
Re: What if all things computable are computable in polynomial time?
At 03:50 PM 8/6/03 -0700, Major Variola (ret) wrote:
At 02:16 PM 8/6/03 -0700, Bill Stewart wrote:
..
While the public-key algorithms are based on math problems like
factoring or discrete log, most of the symmetric-key algorithms
are based on intractable ugliness, and on doing enough analysis
to find out which kinds of ugliness and bit-twiddling are really
intractable and which can be cracked.
Yes, but the cryptanalysis of symmetric ciphers involves
exponentially-expanding back trees.
That is the whole point of avalanche. If, somehow, for any NP
algorithm there were an equivalent P algorithm, then the block-cipher
backtracking
would be solvable in poly time. You could find the plaintext ASCII needle in
the haystack of possibilities in poly time, no?
There's no reason to think those backtrees wouldn't get too hard to follow
even without superpolynomial problems to solve. After all, finding a
collision in SHA-512 is O(1), as is brute-forcing a 256-bit AES
key. There's just a really big constant term.
Honestly, I think for real-world cryptography, we need about an N^3
advantage or so between defenders and attackers--the defenders do 2^{25}
work, and the attackers have to do 2^{75}, say, to break it. Merkle's
puzzles and all the related schemes give you N^2, and that's not *quite*
enough to be useful.
..
--John Kelsey, [EMAIL PROTECTED]
PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
Re: U.S. Drops 'E-Bomb' On Iraqi TV
At 10:58 PM 4/3/03 +1200, Peter Gutmann wrote: .. The Wall of Stalin: Detonate a string of dirty nukes along the Iraqi border with Kuwait/Saudi Arabia. Suddenly Dubya decides there are much better places to play soldiers, he'll look at the Iraqi thing again in 6,000 years or so. This only works if your attackers have to use the land route. Bombing and airlifting troops lets you leap right over the barrier. For that matter, I'll bet troops in modern tanks and APCs wouldn't be exposed to too much radiation in a dash across even a really dangerously radioactive zone. (Though I suppose if you're smart, you set up mines and barriers in the radioactive zone, and artillery and fortifications on its inside edge, with the goal of forcing your invaders to spend as much time as possible out there. But maintaining your fortifications inside the zone will be a serious pain!) I've heard that people driving through the area contaminated by Chernobyl are just told to roll up the windows and drive fast, but I don't know if that's true, or how much good it does you. (And there's a big difference between an acceptable level of risk to soldiers in a war, and an acceptable risk to random civilians in peacetime.) Peter. --John Kelsey, [EMAIL PROTECTED]
Re: U.S. Drops 'E-Bomb' On Iraqi TV
At 01:20 PM 4/3/03 +0200, Thomas Shaddack wrote: .. [Discussing uses for the bomb that don't involve killing millions of civilians.] Or pumping of one-shot gamma lasers. (What you want to use them for is on you, though.) Weren't there some proposals for using very low-fallout bombs to break up dangerous hurricanes that were forming? (I just don't have the background in meteorology to have any intuition about whether or not this is plausible; I know hurricanes have a whole lot of energy tied up in temperature and humidity differences in different masses of air, so maybe it could work.) A lot of these struck me as desparate attempts by the bomb designers to find *something* useful to do with the damned things besides pray that they sit in their silos, rusting, and are never, never used. I guess the other side of this is maximally evil uses of bombs. Imagine someone setting up a set of fallout-enhanced bombs in their own country, with the warning that if anyone invades them, millions of people downwind will be dying of cancer in the next decade or two. Or someone trying to use current climate models to allow them to threaten a global catastrophe if they're crossed--like trying to screw up ocean currents, or setting off a bomb in the calthrate beds under the ocean to try to trigger runaway global warming. (The big problem there is that if the best available models change enough over time, as they are subject to do, your deterrent might lose all its value very quickly. And yes, I stole this idea from John Barnes.) MANY more uses. Yep. Though honestly, I think fissionables are a lot more valuable when you're using them to generate power in a mass-efficient way (e.g., bring plenty to Mars with you, so you can distill out CO2 from the atmosphere and crack out the oxygen with power from your reactor). Most of the time when you're not trying to blow something to bits, you really get more value out of continuous power output for a long time. At least, you do if you don't have to compete with cheaply available natural gas or oil, and if you don't have to comply with insanely expensive and complex regulations. --John Kelsey, [EMAIL PROTECTED]
Re: S-Tools Stego makes an appearance in Law and Order-SVU
At 07:15 AM 3/31/03 +0200, Thomas Shaddack wrote: For very-low-bandwidth data transfers hidden in wideband streams, we could maybe use timing of packets. Wouldn't work with more congested networks, and would need some kind of REALLY heavy-duty error correction, but could be rather difficult to spot. Do some reasonable error-correction on it, and then implement IP over it. Hey, we *said* it was an unreliable transport protocol :) The signal could be transported in the intervals between the IP packets sent, or by dropping selected packets and requesting retransmissions, or by swapping the order of some packets. The constraint here is that an outsider mustn't be able to distinguish the performance of a stego-enabled system from a non-stego system. So I think you'd have to be really careful about dropping very many packets, swapping packets, etc. As a first cut, suppose I have a sort of encoding mask for two different bits, e.g. 0 == 01010101 1 == 10101010 Then I decide whether to delay packets by some very small amount based on which mask I'm using, adding a really small delay whenever there's a 1. The receiver tries both masks, and chooses the more probable one. (For the nine packets he receives, he does some statistics on the delays between packets, and assigns probabilities of 1 symbols in each location, throws out obvious outliers, etc., and then chooses the most probable decoding.) The goal here would be to get down to delays that were small enough that an attacker who didn't know the two candidate masks would have a very low probability of being able to distinguish the behavior of a stego-enabled system from a non-stego system. Sort of like having a timing attack which is impractical because the attacker must guess too much internal information before he can test his guess Has anyone done this kind of scheme in the open literature before? This seems like the sort of thing someone would have investigated as a covert channel for leaking information from a compromised system. The world is crammed full with unused communication channels. Yep. Mostly unused because they're not all that reliable, or because they offer too little bandwidth to be worthwhile, alas. ... --John Kelsey, [EMAIL PROTECTED]
Re: Things are looking better all the time [TERROR ALERT: Cerenkov Blue]
At 09:36 AM 3/27/03 -0800, Tim May wrote: On Thursday, March 27, 2003, at 08:41 AM, John Kelsey wrote: ... However, it seems to me it would be very hard for this news not to leak out. If, say, a nuke or serious bioterror weapon had been found in a major city, a lot of agencies would have had knowledge of it. It seems to me that at least one person would have said something, leaked it to the press, etc., for any of the usual reasons. True. I think it would depend on how it was dealt with. My wife used to work for a state environmental regulatory agency, and when their lab truck showed up someplace to collect samples, it always drew a lot of attention. Obviously, if the NEST people show up at some apartment building in Manhattan wearing moon suits, or if dozens of firemen and policemen are involved, it's going to be hard to keep it from slipping out that something interesting has happened. But if it were handled quietly, a single incident like this might not make the news. And if the incident was a terrorist nuke that turned out not to go off, the only evidence might be a soon-discounted warning call to a couple of major newspapers. --John Kelsey, [EMAIL PROTECTED]
RE: U.S. Drops 'E-Bomb' On Iraqi TV
At 01:57 AM 3/28/03 -0800, Sarad AV wrote: ... They are finding it hard to hit armoured vehicles since they are well spread out in distinct patterns.US has told iraq to treat US soldiers as pow's and follow the geneva convention.they showed images of 3 US pow's,one women and 2 men-one of them were bandaged on their head.These had appeared a few hours after US made a press conference saying that they had taken 3000 iraqi's pow's and there were no US pow's. Yep. This led to complaints about showing POWs on TV violating the Geneva convention. For some reason, when CNN showed Iraqi POWs, we didn't notice a problem. (At some level, I think the projections of the people at the top were so optimistic, that a lot of people were just shocked that the Iraqis didn't just collapse and welcome the soldiers into Baghdad with flowers and cheering. This has a really depressing parallel with the way we jumped intp Vietnam, though I don't think the Iraqi soldiers are anywhere near as tough and committed as the NVA.) Iraq replied by asking them to follow the geneva convention and not to do cluster bombing in civilan areas. Be fair about this. We own the skies above Baghdad, at least above the range of small-arms fire. If we wanted the streets of Baghdad choked with corpses, they would be. Basically, civilian casualties have been the result of a small number of bombs missing targets, or screwed up targeting, or bystanders getting hit when they're too close to what looks like a miliatary target. I think we've probably played up our bombing accuracy a bit too much, but it's not like we're targeting civilian areas. If we were, the images from Baghdad would be very different; not just one market with a bomb crater, and one hospital flooded with injured and dead people, but every building reduced to smoldering ruins, and dead people so thick on the ground you couldn't walk across it. In any case US military pow's are going to have a hard time and since U.S didnot give pow status to *suspected* Al-Queda/taliban militants captured in afghan war-no body is going to put pressure on iraq either. Well, there's not a whole lot more pressure we can put on the top leadership of Iraq, since our public pronouncements have made clear that Saddam, his kids, and presumably most of the rest of the top echelon of Iraqi leadership is going to be jailed or executed when this is all done. I guess specific generals may have an incentive to treat US POWs better, since the issue will likely come up when the US takes over Iraq in another month or two. I think the usual inducement to treating POWs you hold properly is that you want your soldiers who've been taken prisoner to be treated properly. (There's also world opinion, which we care about a lot more than Iraq does.) I'm not sure how important the Iraqi government considers our treatment of their captured soldiers, though, and we're not going to shoot them all even if the Iraqis do that to our captured soldiers. Regards Sarath. --John Kelsey, [EMAIL PROTECTED]
Re: Things are looking better all the time
At 02:06 AM 3/28/03 -0800, Sarad AV wrote: hi, That cannot possibly even happen-by mistake.Al-jazeera is qatar based.They might hit a chinese embassy but not AL-Jazeera. I believe we hit the Al Jazeera office in Afghanistan pretty early in our bombing campaign there. (I read an archived BBC story about it when I was looking for the al-jazeera in english website.) This is a bit of a pattern; we hit television stations in Kosovo and Serbia during our campaign there, as well. So we're unlikely to bomb their main office, but hostile media offices (and the embassies of countries that p*ss us off) do seem to come to a bad end when they're in bombing zones. 1500 turkish troops moved into north iraq-US cannot immediately do any thing about it since flying over Turkish air space is important for them. The tragedy for the Kurds is that they're just not important enough to get the kind of backing they'd need to establish their own state, given the large set of countries that this would offend. So, once again, I expect that we'll leave them hanging when they're done being useful. This is lousy, though not any different than most countries' management of foreign affairs. What was that famous quote from Austria-Hungary? Something like We will astonish the world with our ingratitude. ... Sarath. --John Kelsey, [EMAIL PROTECTED]
RE: Things are looking better all the time
At 04:37 AM 3/25/03 +0100, Lucky Green wrote: ... If any terrorists had nukes, why have they not used them so far? Suppose you only have one, it was really hard to get, and you're not sure how much of your US network has been turned, or at least placed under heavy surveilance? Maybe you wait until you are really sure you can succeed before you use it. Alternatively, we have no way of knowing how often terrorists have tried to use nukes, but been stopped one way or another. Maybe the Russians sold them very convincing duds. Maybe the FBI caught them and disarmed the bombs before they went off. And for a third alternative, it's quite possible (I don't know how likely) that one or more groups have smuggled nukes into the US, planted them in US cities, and offered proof to the US government, as a way of establishing a nuclear deterrent. (C.f. Ross Anderson's Guy Fawkes Protocol.) There are pretty obvious reasons why the US government might not announce either of the last two cases, and why the terrorist group of your choice wouldn't announce we have a bomb until they had the thing planted where they wanted it. --Lucky --John Kelsey, [EMAIL PROTECTED]
Re: Journalists, Diplomats, Others Urged to Evacuate City
At 02:03 PM 3/20/03 +, Ken Brown wrote: Of all the places in the world you ought not to go if you want to not be shot at, a war with 8 sides (Residual Lebanese govt. vs Palestinians vs. Israel vs Islamist Shia militias vs. non-Islamist Shia militias vs. Sunni militias vs Maronite militias vs Druze - with interference from Iran Syria) at least 3 of whom hate /all/ the others, and /all/ of whom have a history of shooting at each other, is hardly at the top of the list. If you go to where the vultures and the jackals are disputing over a corpse that isn't actually dead, you have yourself to blame if you get bitten. So, I don't suppose you've heard about our more recent forays into the Balkans, Somalia, and Afghanistan --John Kelsey, [EMAIL PROTECTED]
Re: What shall we do with a bad government...
At 03:49 AM 3/20/03 +0100, Thomas Shaddack wrote: ... While over 70% of local citizens are against it (caveat: I am not closely familiar with the polling method, but no one of my local friends is supporting Shrubya's pet war). Your sample is probably seriously biased, though. My friends and family run about 98% antiwar, but several different polls seem to indicate over half the American people support it. There's no paradox there; my family and friends aren't a representative sample of the American people. This is like that famous quote about Nixon can't have won--nobody I know voted for him by some New York Times columnist. (That's from memory, so I'm probably missing some essential facts...but then, the NYT does that occasionally, too.) --John Kelsey, [EMAIL PROTECTED]
Re: Journalists, Diplomats, Others Urged to Evacuate City
At 07:42 AM 3/20/03 -0800, James A. Donald wrote: ... The story you are telling is part of a big commie lie -- that the US aided the bigoted Taliban against the elightened communists who created a constitutional democracy where every man and every women have a vote, and universal education and health care were guaranteed, etc. I guess the particular Commie lie I'd always heard along these lines was more like the US aided a lot of crazed, bloodthirsty bandit chieftains who were nominally anti-communist, and deeply anti-invading-Russians, some of whom later wound up being Taliban bandit chieftains. I haven't dug into this story to see if it's true, but I certainly don't recall ever being exposed to the idea that the invading Russians and their allies were anything but brutal and nasty. We have a long history of holding our noses and handing weapons to objectionable folks who seem likely to help us fight our fights or accomplish our objectives. Surely it's not too hard to think of current examples --digsig James A. Donald --John Kelsey, [EMAIL PROTECTED]
Re: Identification of users of payphones
At 08:03 PM 3/14/03 -0800, Tim May wrote: ... They could be round, for easy handling. And milled for evidence of having been shaved. They could even be made of precious metals for high-value coins, and of base and inexpensive metals for low-value coins. Have you filed for the patent, yet? --Tim May That government is best which governs not at all. --Henry David Thoreau --John Kelsey, [EMAIL PROTECTED]
RE: The burn-off of twenty million useless eaters and minoritie s
At 10:31 AM 2/24/03 +, Vincent Penquerc'h wrote: ... Now, I may have left my clue home, so feel free to explain *why* 100% capitalism (eg no state left, no other power) could never end up with power aggregation. I don't think you can *ever* prove a claim like that, since you're dealing with humans, who can be only very imperfectly modeled. There's no system that couldn't possibly fall into some horrible state, whether that's tyranny or chaos or lemming-like rush to an unwinnable war or ostrich-like refusal to prepare for clearly oncoming war. Systems of human decision makers are driven by the decisions made by those humans, and sometimes, they're a bunch of idiots. More centralized decision-making has the ugly property that a smaller set of decision-makers have to be idiots to run the whole society into a ditch. On the other hand, more centralized decision-making makes larger projects possible sometimes, especially ones involving big, long wars. -- Vincent Penquerc'h --John Kelsey, [EMAIL PROTECTED]
Re: The burn-off of Tom Veil
At 11:13 AM 2/21/03 -0500, Tyler Durden wrote: ... However, one way to see the situation is more of a buy-off. Arguably, the government plunders in order to pay off welfare society, because if they didn't the masses would rise up and kill off the system that does not really do much to equip them for the opportunities that immigrant kids come in and sweep up. (The term Brain drain comes to mind.) The reality is even more weird, I think. Suppose there's some struggling-to-make-it new family down the street, and I start helping out by bringing them dinner every night. If I do it for a few days, e.g., while the mom is in the hospital or something, it's a genuine act of kindness. If I do it every day for five years, then they are more-or-less going to become dependent on me. The day I decide I have better uses for my time than bringing them dinner, they're almost certainly going to be mad and bitter at me. (If you don't believe this, observe the interaction between a parent and newly-independent kid asking for money, or between a rich uncle and his hoping-to-inherit nephews.) Social programs in general work this way. It was a goodie being handed out once, but now, it looks to the people involved like a necessity, and they'll fight hard to keep it. This is just as true of social security and farm subsidies as of welfare. Listen to a Republican-voting farmer justify farm subsidies some time. You ought to have to *pay* for that kind of entertainment. (Oh, wait, I *am* paying for it.) In fact, smarter and better educated people will tend to be a lot more effective at fighting for their benefits than less intelligent, poorly educated people. So welfare reform, for all its weirdness, seems to be working much better than the attempts to reform farm subsidies, say. And even with Republicans in control of everything, I'll bet we don't see any major cuts to NEA, say. -TD --John Kelsey, [EMAIL PROTECTED]
Re: Blood for Oil (was The Pig Boy was really squealing today
At 10:50 AM 2/20/03 +, David Howe wrote: ... They don't need to build a pipeline though Afganistan any more then? I know they were pretty annoyed when the taleban refused to let them, prior to 9/11 I'm trying to think of something I'd personally be less interested in investing my own money in than an oil pipeline through Afghanistan. Lots of money invested up front, literally hundreds of small groups who could threaten to damage it as a way of demanding a share of the loot, very hard to defend, etc. What an opportunity! --John Kelsey, [EMAIL PROTECTED]
Re: Science Journal 'Self-Censorship'
At 06:58 PM 2/16/03 -0500, Pete Capelli wrote: http://abc.net.au/news/scitech/2003/02/item20030216103135_1.htm Self-governance, the editors say, is an alternative to government review of forthcoming journal articles. I don't edit any science journals, but I would expect there is no law requiring 'government review'. So what are the editors talking about? There's been a bit of discussion of this stuff in the US media, especially NPR. I think the idea is that the US government (and presumably others) want scientific publications to self-censor things that might be useful to terrorists, rogue states, and various other bad guys. Intuitively, this seems like a breathtakingly bad idea. (How does the information get out to working scientists, then? Do you create a situation where only people going to the best schools in the US and Europe get to learn the current state of the art in a bunch of fields of science? What do you do about preprints and such on the web?) But post-9/11, if three bureaucrats tell congress it's necessary to sacrifice a virgin a week in order to prevent the next terrorist attack, they'll vote unanimously to start drafting virgins and sharpening knives. *Nobody* wants to be blamed for ignoring the warnings of the next big terrorist attack. The creepier subtext here is the whole idea that there are some technologies that only the Elect (in the currently powerful nations) ought to be permitted, and that any attempt to investigate Banned Technologies just might get you arrested or invaded or bombed. This general idea seems to pop up a lot, e.g., in Bill Joy's essay Why the Future Doesn't Need Us, in Vinge's wonderful novel _The Peace War_, in Larry Niven's Known Space stories. It's hard to imagine a better recipe for massively slowing the advance of technology, protecting incumbents in every field and industry, and generally making mankind worse off in order to protect him. And yet, it's an apparently natural reaction to being frightened by the threats of new technologies. (Ironically, the nasty terror weapons we're all worried about are mostly 1940s or earlier technology. Stuff that even a third-rate starving dictatorship can cook up.) -pete --John Kelsey, [EMAIL PROTECTED]
Re: Crypto anarchy now more than ever
At 02:20 PM 2/15/03 -0800, James A. Donald wrote: ... They will be testing another missile soon. We shall see how far it goes. They would not waste a nuke on an untested missile --- which is why they test them. If their goal is to blackmail us into not invading them, I don't think they need to threaten to nuke LA or DC. We have a lot of troops in South Korea, within a few miles of the border. They can threaten them, or maybe threaten Tokyo or Seoul. No need to develop multi-billion dollar technology, when 1940s era fission bombs are all that's needed. If their goal is to extort money from us (this looks like the most likely goal), they have a somewhat different set of requirements. Then, their threat is really going to be about proliferation. They announce they have nukes, and make it clear that either we buy them, or someone else will be given the chance. The saber-rattling serves both to communicate the threat and to advertise for buyers. James A. Donald --John Kelsey, [EMAIL PROTECTED]
Re: Stand back or I'll jump....
At 03:21 PM 2/19/03 -0500, Tyler Durden wrote: If their goal is to blackmail us into not invading them, I don't think they need to threaten to nuke LA or DC. As I said before, the obvious thing would be for North Korea to threaten to nuke itself! This should clearly be called the Blazing Saddles strategy. -TD --John Kelsey, [EMAIL PROTECTED]
Re: \Touching shuttle debris may cause bad spirits
At 12:38 PM 2/4/03 -0800, [EMAIL PROTECTED] wrote: Not necessarily. It is a well documented phenomenon that people show up at hospitals with even some seemingly real conditions whenever there is a particular panic in the media, even in cases where it is simply not possible that they were made sick by the incident. Well, in a large population, there's also a certain fraction of people who are sick for other reasons--food poisoning, say, or coming down with the flu. If you tell all those people you've just been exposed to dangerous chemicals that may make you ill, it's not a surprise if some of those people assume they're sick because of the dangerous space chemicals, rather than because of that potato salad they had at the picnic last Sunday. ... Jay --John Kelsey, [EMAIL PROTECTED]
Re: Touching shuttle debris may cause bad spirits to invade your body!
At 10:19 AM 2/2/03 -0800, Tim May wrote: ... Speaking of journalists, why does Wolf Blitzer repeat this obvious lie about the metal bits and pieces being tainted by evil spirits? Because these so-called journalists are stooges for the state. Well, the bit about 18 times the speed of light, and other mistakes I've seen through the years, make me suspect that Wolf and company simply don't have the technical background and built-in BS detectors necessary to catch things like this. (For some reason I've never been able to fathom, many journalists seem to be remarkably gullable, when they're told something from the right kind of source, especially a government agency or other official source.) A real journalist would just roll his eyes and say Look, folks, NASA wants these pieces to be aid in reconstructing the accident. There are no traces of liquid propellants and deadly chemicals on these pieces. And they certainly didn't stay hot for long. NASA is trying to get us to feed you jive so you'll be properly frightened and won't touch them.? I recall a guy on NPR saying something like this, a bit more politely. Something like The pieces surely aren't going to be dangerous, but moving them is going to mess up the investigation of the crash. Which presumably is what everyone with any technical background and common sense was thinking when they heard the original warning, right? --Tim May, Occupied America John Kelsey, [EMAIL PROTECTED]
Re: DNA evidence countermeasures?
At 07:50 PM 1/28/03 +, Ken Brown wrote: ... Think - you are a suspect. They find 2 human DNA signals at the scene of the crime, one from you, one from someone quite different from you. Well, they can look for the other guy in their own time, but they've got you. If they are using a stringent enough test (often they don't) the odds against it not being you are huge. Yep. Imagine leaving twenty random peoples' fingerprints at the scene along with your own. You might confuse the police for awhile, but eventually, they'd find the set of prints that matched with the suspect they were holding The creepier thing here is the possibility of planting DNA evidence, which seems very easy to me. It wouldn't be a big surprise if this had been done by now. A really careful investigation might detect the fraud, but if the planted evidence points in a really plausible direction anyway (e.g., the apparent murderer is the husband/ex-husband/disgruntled business partner/drug dealer of the victim), it may be hard to get anyone to take a second look at the data. The scary number of death-row inmates who've been more-or-less proven innocent by DNA evidence implies that the police, prosecutors, judges, and juries just aren't all that careful about checking the plausibility of evidence anyway. ... --John Kelsey, [EMAIL PROTECTED]
Re: Deniable Thumbdrive?
At 06:05 PM 1/24/03 +, Ben Laurie wrote: ... Nice! Get them to cut _all_ your fingers off instead of just one. Just say no to amputationware. This whole idea was talked to death many years ago on sci.crypt, and probably before that other places. The good news is that it's not too hard to come up with a design that lets you encrypt a large hard drive in such a way that there's no way to determine how many tracks of secret data are there. I believe one of Ross Anderson's students did a design for this; it doesn't seem like a really hard problem to solve if you don't mind losing most of your effective disk capacity. The bad news is that you *really* need to think about your threat model before using it, since there's necessarily no way for you to prove that there no more tracks of secret data. It takes no imagination at all to think of ways you might end up wishing you *could* convince someone you'd given them the key to all the tracks. IMO, the only way to do this kind of thing is to have the data, or at least part of the key, stored remotely. The remote machine or machines can implement duress codes, limits to the number ot password guesses allowed per day, number of invalid password guesses before the thing just zeros out the key and tells the person making the attempt it has done so, etc. Trust me, you *want* the server to loudly announce that it will zero the key irretrievably after the tenth bad password Cheers, Ben. --John Kelsey, [EMAIL PROTECTED]
Re: Deniable Thumbdrive?
At 10:06 PM 1/24/03 +0100, Eugen Leitl wrote: ... Frankly, the fingerprint is a lousy secret: you leak it all over the place. You can't help it, unless you're wearing gloves all the time. Ditto DNA. That's generally true of biometrics. Unless taking the measurement is so intrusive it's obvious when it's taken (e.g., maybe the geometry of your sinus cavities or some such thing that requires a CAT scan to measure properly), there's no secret. People constantly seem to get themselves in trouble trying to use biometrics in a system as though they were secret. The best you can usually do is to make it moderately expensive and difficult to actually copy the biometric in a way that will fool the reader. But this is really hard. In fact, making special-purpose devices that are hard to copy or imitate is pretty difficult. It seems enormously harder to find a hard-to-copy, easy-to-use token that just happens to come free with a normal human body. I think the best way to think about any biometric is as a very cheap, moderately hard to copy identification token. Think of it like a good ID card that just happens to be very hard to misplace or lend to your friends. --John Kelsey, [EMAIL PROTECTED]
Re: Desert Spam
At 06:56 AM 1/16/03 -0800, Mike Rosing wrote: On Thu, 16 Jan 2003, Anonymous wrote: Does anyone know a source for a spam list for US military? It would be great to start spamming them with messages about how much they are hated by the entire world, how little real support they have at home - We hope you don't come home, sucker, unless its in a bodybag. - and other nice, morale destroying sentiments. A search on *.mil might get you a few addresses :-) Anyone with a harvestable e-mail address is immune to this. Yes, it's depressing that one set of spammers hates you and is going to sleep with your wife while you're getting your ass shot off in Iraq, but on the other hand, you've just found out how to make your penis four inches longer, and this Nigerian dude is wanting to give you a bunch of money for helping him out with a small banking matter. It all kind-of balances out. :) Patience, persistence, truth, Dr. mike --John Kelsey, [EMAIL PROTECTED]
Re: Petro's catch-22 incorrect (Re: citizens can be named as enemy combatants)
At 09:38 AM 1/16/03 -0800, Major Variola (ret) wrote: At 03:20 PM 1/15/03 -0800, Petro wrote: ... [Question of whether we could have avoided 9/11 and such things by not having an activist foreign policy] Secondly, other groups would have been just as pissed off at us for *not* helping them. Not if the USG had no policy towards anyone. One more time, George, for No policy toward anyone isn't possible once there's any kind of contact. There are terrorists who'd want to do nasty things to us for simply allowing global trade, or for allowing trade with repressive regimes like Saudi Arabia or Nigeria, or for selling weapons to countries with bad human rights records. Osama Bin Laden might not hate us, but *someone* would. And once we start allowing our foreign policy to be changed in response to terrorism, we're truly f*cked, since a lot of people would like to exert control over how the world's most powerful military is used, whom we trade with, etc. Even if we were just an economic giant with little foreign policy, we'd still have an impact by which countries we chose to trade with, and if someone could improve their fortunes by several billion dollars a year by finding a few gullable guys to strap dynamite to themselves and blow up shopping malls and such, I'm sure they'd do just that. I agree we'd be better off with a much less interventionist foreign policy, few well-chosen allies (e.g., we're not going to be cool with people invading Canada), and free trade with almost everyone (I'd like to see us not trade with countries with really bad human rights records, though that's not exactly the direction we're heading in now). ... --John Kelsey, [EMAIL PROTECTED]
Re: citizens can be named as enemy combatants
At 10:40 PM 1/13/03 -0800, Tim May wrote: On Monday, January 13, 2003, at 09:23 PM, John Kelsey wrote: ... Personally, I was shocked, *shocked*, to see the supreme court make a decision on the basis of politics instead of a careful reading of the constitution. Everything the Supreme Court did in the 2000 election was fully justified. The Dems lost, then tried to change the rules. That's not the way it looked to me. My impression was that both sides were willing to do anything that wouldn't actually get them thrown in jail to sway the outcome of the election, but that Bush had been dealt a better hand. The Florida court decision (with a big Democratic majority) went for the Democrats, the SC decision (with a Republican majority) went for the Republicans. Essentially everyone involved made decisions that were in the interests of their party winning the presidency. But seeing the SC make a highly-political decision that upset so many Democrats was entertaining, given the usual pattern of Conservatives complaining about activist, politicized courts, while Liberals explain that the Constitution needs to be interpreted in light of current events. (Note that with a more Conservative court, we can expect this pattern to reverse, just as Conservatives were complaining about too much Presidential power during the Clinton administration, but in favor of greater Presidential power in the Reagan and Bush years.) ... I'm not happy with Bush, to repeat this mantra that Gore/Lieberman actually won is knavish at best. That's not what I said at all. (And for what it's worth, I don't think Gore would be doing very much differently right now. It's not like Bush is sitting around, coming up with proposals for added surveilance and security on his own--these are recommendations from various parts of the bureaucracy, and those recommendations carry a lot of weight because nobody wants to be seen to have ignored the next set of warnings.) --Tim May --John Kelsey, [EMAIL PROTECTED]
