Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Thu, 2005-10-27 at 20:18 -0700, cyphrpunk wrote: > This is off-topic. Let's not degenerate into random Microsoft bashing. > Keep the focus on anonymity. That's what the cypherpunks list is > about. Sorry, but I have to disagree. I highly doubt that Microsoft is interested in helping users of their software preserve anonymity, in fact, evidence has surfaced to indicate quite the opposite. (GUID in Office? The obnoxious "product activation" requirement? I'm sure there are others.) I would say that helping others get rid of dependencies on Microsoft products is thus advancing the cause of anonymity in cyberspace. -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Thu, 2005-10-27 at 23:28 -0400, R.A. Hettinga wrote: > RAH > Who thinks anything Microsoft makes these days is, by definition, a > security risk. Indeed, the amount of trust I'm willing to place in a piece of software is quite related to how much of its source code is available for review. Surprisingly, I'm not the only one that feels this way. -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Tue, 2005-10-25 at 23:40 -0500, Travis H. wrote: > Many of the anonymity protocols require multiple participants, and > thus are subject to what economists call "network externalities". The > best example I can think of is Microsoft Office file formats. I don't > buy MS Office because it's the best software at creating documents, > but I have to buy it because the person in HR insists on making our > timecards in Excel format. 1) You have told your HR person what a bad idea it is to introduce a dependency on a proprietary file format, right? 2) OpenOffice can read Excel spreadsheets, and I would assume it can save the changes back to them as well. -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: Tor VoIP, & etc...
On Sun, 2005-09-04 at 21:03 -0400, Tyler Durden wrote: > SQ wrote... > > > A Houston (TX, USA) public library? Could be next to impossible, as > > well as excellent cause for revocation of your library card and > > criminal prosecution if caught. > > Well, the idea would be not to get caught. I'm thinking basically of just > adding one of those $40 Tor nubbins at the end of a USB cable and then > tucking the nubbin under the carpet with a sign saying, "DO NOT TOUCH". If > it lasts a month then it might be money well spent, particularly if Al Qaeda > successfully nukes DC. > Damn. They blocked Telnet? They might as well just block TCP/IP. Do > they do this by blocking the likely ports or by merely de-balling the > protocol stack somehow? I assume Tor is smart enough to try various > open ports All you get access to as a library card holder is a Web browser (or pathetic excuse for same, as I think it's a hacked-up IE). The computers at the Houston libraries don't allow access to the USB ports from what I have seen, and in order to get access to anything besides a Web browser you would probably need to reboot the machine and you then have maybe 15-20 minutes before a librarian notices you. Now, the Harris County libraries might be different; I have not gone to one. -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: Tor VoIP, & etc...
On Mon, 2005-09-05 at 21:32 -0400, Damian Gerow wrote: > Thus spake Tyler Durden ([EMAIL PROTECTED]) [04/09/05 21:14]: > : I assume Tor is smart enough to try various open ports > > TOR can only contact other entry/mid/exit nodes on the ports they're > listening on. The documentation actually requests that people set up nodes > on TCP ports 80 and 443, for the exact case that this Houston, TX library > seems to be in. The bigger problem is convincing the library's computer to run your software without getting caught. Even then, there's no guarantee that the computers have direct Internet access; it's likely everything is funneled through proxies. -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: Tor VoIP, & etc...
On Sat, 2005-09-03 at 13:56 -0400, Tyler Durden wrote: > In other words, am I contributing to the greater Tor network if I > allow my USB Tor node to function while I'm sucking down a cappucino > or two? For the people that only route stuff like HTTP traffic through your Tor node, it will be a benefit. If I'm IRCing and get routed through your node, that's a different story (but it's no different than the bad old days of IIP where people dropped off by the dozens when someone shut down their computer). A Mixmaster remailer where the mail was transacted at public Internet access points would be much more useful. It would actually be funny if someone did this and named the node "starbuck". Anyway, as others have said, your node will only be able to function as middleman in such a setup, because by the time you register your IP will change unless you camp out in the Starbucks parking lot. Not that middleman is not useful, mind you (this applies to both Tor and Mixmaster). -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: Tor VoIP, & etc...
On Sun, 2005-09-04 at 11:49 -0400, Tyler Durden wrote: > Shawn Quinn wrote... > >For the people that only route stuff like HTTP traffic through your Tor > >node, it will be a benefit. If I'm IRCing and get routed through your > >node, that's a different story (but it's no different than the bad old > >days of IIP where people dropped off by the dozens when someone shut > >down their computer). A Mixmaster remailer where the mail was transacted > >at public Internet access points would be much more useful. It would > >actually be funny if someone did this and named the node "starbuck". > > So: How hard would it be to surreptitiously install a Tor node into a > computer at a public library? A Houston (TX, USA) public library? Could be next to impossible, as well as excellent cause for revocation of your library card and possible criminal prosecution if caught. Needless to say, I haven't tried. The best you could do from Houston libraries would be a proxy accessed via HTTPS. At one time you could telnet, but that has long since passed. Other public libraries? Who knows. -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: Re:The Nazification Of America ("Show Me Your Papers" - Day 1)
On Tue, 2005-07-05 at 15:51 -0400, Duncan Frissell wrote: > http://www.staples.com/Catalog/Browse/Sku.asp?PageType=1&Sku=AVE02900 Since I can't get anything but an error page saying my browser is not accepting cookies, even after actually accepting cookies, what is this in plain English? -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: your mail
On Mon, 2005-05-16 at 15:07 +0200, martin f krafft wrote: > > This is the sixth release candidate for the 0.1.0.x series. This is an > > Did I miss some development or why exactly does cypherpunks care > about a release candidate of libevent (or Wolfram's New Kind of > Science for that matter)? Was I frozen for that long? This is actually a release announcement for Tor 0.1.0.0-rc6 that was not labeled as such, posted through the randseed Mixmaster remailer. To the schmuck that posted the original: make it clearer next time, with a clear subject line. -- Shawn K. Quinn <[EMAIL PROTECTED]>
RE: zombied ypherpunks (Re: Email Certification?)
On Fri, 2005-04-29 at 11:43 -0400, Tyler Durden wrote: > Look...a little tiny yap yap dog can often scare off a bigger dog or > animal > by making it clear that any interaction's going to suck. For some reason I'm reminded of the old tagline: "YIP! YIP! YAP! YIP! YAP! *BANG* [EMAIL PROTECTED] NO TERRIER" -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: WebMoney
On Fri, 2005-04-22 at 13:44 -0400, Tyler Durden wrote: > Are you continuing those dots correctly? I assumed they were leading > to the > words "Russian mob", which has become quite the powerful force in > Brooklyn > these days. Even if they are the Russian mob, they're a lot more trustworthy than some US-based corporations. -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: WebMoney
On Wed, 2005-04-20 at 19:40 -0700, James A. Donald wrote: > The fact that webmoney takes security so seriously suggests to me > that they are honest - but, of course, the fact that they are russian > suggests . This isn't the middle of the Cold War anymore. I don't think they are that dishonest, especially after some of the crap the US government has pulled in the last few years. -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: What is a cypherpunk?
On Wed, 2005-02-09 at 09:09 -0800, James A. Donald wrote: > -- > On 6 Feb 2005 at 19:18, D. Popkin wrote: > > Yes, but Big Brother governments are not the only way such > > "wisdom" gets imposed. Bill Gates came close to imposing it > > upon all of us, and if it hadn't been for Richard Stallman > > and Linus Torvalds, we might all be suffering under that yoke > > today. > > There is nothing stopping you from writing your own operating > system, so Linus did. Linus Torvalds didn't write the GNU OS. He wrote the Linux kernel, which when added to the rest of the existing GNU OS, written by Richard Stallman among others, allowed a completely free operating system. Please don't continue to spread the misconception that Linus Torvalds wrote the entire (GNU) operating system. -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: What is a cypherpunk?
On Sun, 2005-02-06 at 19:18 -0800, D. Popkin wrote: > The true danger of TCPA is not that "free" MP3s and movies will become > unavailable, but the de facto loss of privacy as non-TCPA gear becomes > unavailable or prohibitively expensive. Agreed, in part. I don't think it'll fly too well if any hardware manufacturer builds in TCPA such that only a Microsoft-certified OS will run on it, for one, it's a bad idea to piss off the geeks (and certainly there's a higher geek to ordinary user ratio in the free software world), and also this would be a great way for Microsoft to piss off even the current (far-right Republican) administration. I would expect the setting to disable the TCPA chip to be present in new hardware for as long as TCPA lasts, and indeed, there may be cases where even an ordinary user would want to disable the TCPA chip. I personally don't trust Microsoft at all. They had their chance to keep my trust, and they blew it, big time. -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: Dell to Add Security Chip to PCs
On Fri, 2005-02-04 at 19:07 -0800, James A. Donald wrote: > The ability to convincingly tell the truth is a very handy one > between people who are roughly equal. It is a potentially > disastrous one if one party can do violence with impunity to > the one with the ability to convincingly tell the truth. In other words, NGSCB/Palladium/etc doesn't give you an advantage in the least when you step onto a playing field tilting heavily in Microsoft's direction. -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: Dell to Add Security Chip to PCs
On Thu, 2005-02-03 at 22:25 +0100, Anonymous wrote: > The manufacturer issues a certificate on the public part of the EK, > called the PUBEK. This key is then used (in a somewhat roundabout > manner) to issue signed statements which attest to the software state > of the machine. These attestations are what allow a remote server to > know if you are running a client software configuration which the > server finds acceptable, allowing the server to refuse service to you > if it doesn't like what you're running. And this is the foundation for > DRM. Isn't it possible to emulate the TCPA chip in software, using one's own RSA key, and thus signing whatever you damn well please with it instead of whatever the chip wants to sign? So in reality, as far as remote attestation goes, it's only as secure as the software driver used to talk to the TCPA chip, right? -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: Tasers for Cops Not You
On Sat, 2005-01-08 at 13:20 -0800, John Young wrote: > Here are photos of the Taser in manufacture, sale, training, > promo, and accidental misfire: > > > http://cryptome.org/taser-eyeball.htm This came up 404 as of a few minutes ago. -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: Coffee, Tea, or Should We Feel Your Pregnant Wife's Breasts Before Throwing You in a Cell at the Airport and Then Lying About Why We Put You There?
[Note, I'm on the list, and I don't need two copies of every message in this thread] On Tue, 2004-12-21 at 06:34 -0600, J.A. Terranson wrote: > On Mon, 20 Dec 2004, Shawn K. Quinn wrote: > > > Agreed, if you want > > > And this, ladies and gentlemen, is what it boils down to. You *want* > things your own way, but you are too fucking spoiled to fight fo it - so > instead you whine and moan. Did you even read the rest of the post? Let me requote what I actually wrote, in its entirety. > Agreed, if you want or need to get between cities faster than land-based > travel will allow, flying is in fact a requirement. That was, in fact, my > point. If you *need* to be somewhere 1000 miles or more away within a few hours, driving, riding Greyhound, or riding Amtrak are NOT OPTIONS. If you *need* to get to Hawaii, Puerto Rico, etc., driving, riding Greyhound, or riding Amtrak are NOT OPTIONS. -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: Coffee, Tea, or Should We Feel Your Pregnant Wife's Breasts Before Throwing You in a Cell at the Airport and Then Lying About Why We Put You There?
On Mon, 2004-12-20 at 11:56 -0500, Tyler Durden wrote: > Well, there's a TINY little hole in your logic here... [J.A. Terranson wrote:] > >Scale of distance is the only difference. Either you support the system > >or you don't. I don't: I either drive to jobs (charging for mileage) or I > >pass on them, rather than take part in the police state that is todays air > >system. You have the very same choices. The argument eveyone is making > >here is that it is too much of an inconvenience (financial or otherwise), > >*not* to fly. Sorry, but that's just pure self-serving BS. > > For one, Flying can easily be a requirement, not an option. But that's > besides the point here. > > The real point is that some Super-JAT could (5 years from now when there are > ubiquitous highway checkpoints) argue that "walking from NYC to Boston may > be difficult but it IS possible". Or of course (after Tenent's vision for > the internet is realized) "You could simply Fedex those files, you don't > need to use the internet" Agreed, if you want or need to get between cities faster than land-based travel will allow, flying is in fact a requirement. That was, in fact, my point. (Would anyone actually resort to walking between NYC and Boston?) As an aside, I often jokingly used the phrase "the only broadband connections we would have would be UPS and FedEx" back in the days when DSL and cable modem connections were not as ubitiquous (yes I know satellite is also an option but it's $DEITY-awful slow and only usable for the most basic of needs). However, regulation of the Internet such that couriers would be the only feasible way to move large amounts of data around (burned to CD or DVD as the case may be) is not a joking matter in the least. -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: Coffee, Tea, or Should We Feel Your Pregnant Wife's Breasts Before Throwing You in a Cell at the Airport and Then Lying About Why We Put You There?
On Sun, 2004-12-19 at 12:01 -0600, J.A. Terranson wrote: > On Sun, 19 Dec 2004, Shawn K. Quinn wrote: > > > He may not have a choice. > > Bullshit. 100% bullshit. Unless you are trying to cover a lot of > lake, flying is an option, not a requirement. Driving sucks - I do it > a lot, and hate every mile of it - but it *is* an option. If you need to get from, say, Houston to Seattle, in less than a full day, how is driving an option? > Remember the buses. Remember what happened when "them negroes got > uppity and stopped taking the bus"? Those were local transit buses, not intercity buses. Huge difference. -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: Coffee, Tea, or Should We Feel Your Pregnant Wife's Breasts Before Throwing You in a Cell at the Airport and Then Lying About Why We Put You There?
On Sun, 2004-12-19 at 10:53 -0600, J.A. Terranson wrote: > (1) Mr. Monahan seems to think that lies on police reports are an > artifact of 9/11. Welcome to the real world Mr. Monahan. I can concur with this, though it wouldn't surprise me if lying on police reports has increased since then. > (2) Monahan, and those like him who continue to fly, have nobody to > blame but themselves: if you continue to feed these assholes by buying > those tickets, then you have it coming: simple economics. If people > refuse to fly, this will stop. He may not have a choice. There are three choices for intracity travel in the US: air, automobile (I'm lumping intracity buses in with personal cars here for a reason that will be obvious later), and train. First, let's look at automobile travel, which includes buses. There is one major intracity bus company left and that's Greyhound. They tend to be cheap, and thus attract people who can't afford to fly. The only advantage over driving your own car, is you don't have to worry about doing the driving yourself ("Go Greyhound and leave the driving to us" if you remember the old commercials). Generally, automobile travel is nearly unworkable if you're going farther than, say, a 10-hour drive or about 500 miles. As for Amtrak (the last passenger rail line left), well, that may be just as bad in most cases. I have heard that the government subsidies of Amtrak are being dropped to lower and lower levels, and as such they are not making enough money to operate at acceptable standards to most of us. Read misc.transport.rail sometime and you will see what I mean. Also, you don't get there that much faster than with automobile travel, and I think it may actually cost more. > (3) As to the ACLU, again, welcome to the real world. Many of us have > been down that road before you Mr. Monahan - while the ACLU is not a > bad thing per se, they are a lot like the cops and courts: they are > not there for any one individual, there are there for "the big > picture". And the Big Picture requires money, which means you must be > a minority (since how can anyone of the majority ever be > "oppressed"?). In a nutshell, Fuck The ACLU. I wouldn't speak so ill of the ACLU. Groups like the ACLU are just about the last thing standing between what's left of our democracy and an outright dictatorship. White people aren't even necessarily the "majority" anymore. > (4) Lastly, as to your cesarian, fuck you and your wife, and her > cesearean. We don't give a shit about your personal problems, just > like you don't care about ours. Sure, it makes for a pulpy little > story, but when you get right down to it, do we really care? No. > Because, again, you helped to create this beast you are now bitching > about, and after it bit you, you *continued to fly*, and thereby feed > it some more. This is downright insensitive. (Mr. Monahan, if you actually get to read this, Terranson does *not* represent the views of all of us in the least.) I really have a good mind to archive this and send it back to you when your wife gets pregnant and something similar happens to you. And again, he likely didn't continue to fly because he wanted to. See #2 above. -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: Fact checking
On Wednesday 2004 April 28 23:30, Bob Jonkman wrote: > In Canada we have the option to "decline to vote". Go to the polling > station, register your name, take the ballot, then tell the clerk > that you "decline to vote". This indicates that you believe that > no-one on the ballot is a suitable candidate for office. The ballot > is counted, but none of the candidates gets a vote. I noticed something similar when I voted in the primary this year. I voted in the Republican primary, and there were *two* choices for president: Bush and "Undecided" (or maybe it was "Uncommitted"). Anyway, my question: can you decline to vote on an office-by-office basis, or is it all or nothing? -- Shawn K. Quinn
Multiple copies of messages
Just today, I started getting multiple copies of each message. Am I the only person this is happening to? -- Shawn K. Quinn
Re: Fornicalia Lawmaker Moves to Block Gmail
On Tuesday 2004 April 13 17:26, sunder wrote: > Pete Capelli wrote: > > Since when is there a guarantee of privacy in email?? > > Since PhilZ wrote PGP? But then, only if you use PGP (or GnuPG or what have you). -- Shawn K. Quinn
Re: VPN VoIP
On Saturday 2004 April 10 12:12, Eugen Leitl wrote: > Should I stick with Linux (there's /dev/random and VPN support in > current kernels for the C3 Padlock engine, right?) with SELinux or > try OpenBSD for a firewall type machine with hardware crypto support? For a firewall, I'd recommend OpenBSD over just about anything else. Unless of course, there is hardware you need to use that isn't supported under OpenBSD. -- Shawn K. Quinn
Re: Where did everyone go?
On Thursday 2004 February 12 17:08, Gabriel Rocha wrote: > On Thu, Feb 12, at 05:51PM, Adam wrote: > | The old Cypherpunks node (LNE) was much more active. Since that one > | went down and I joined up on this one, traffic has decreased by 80% > | (at least). Where did all those guys go (Tim May, Major Variola, > | James Donald, etc)? Is there a different node that most people > | migrated to? > > It seems alot of people just didn't migrate at all... A shame really. I was off the list for a while, and only rarely posted when I was on it. I just didn't have the time for the better part of a year. But, now I'm back into studying security/privacy/cryptography stuff so I'll probably be on the list again for a long while. -- Shawn K. Quinn
Re: Press Coverage, Snarky Media Personalities, and War
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Saturday March 1 2003 15:43, Eric Cordian wrote: > I'm pretty sure, based on my spam volume, that spammers grep > Cypherpunks for email addresses. > > So you're probably already hosed. The spam volume I get remains rather low on this account, and I think this is primarily because I report every single spam I receive via SpamCop. In contrast, my Yahoo! Mail account gets so much spam it's unusable, and it's barely possible to report spam via the Web interface anymore. (Some incredible genius over there decided that nobody needed to forward messages with full headers, so you now have to cut and paste the whole message. Except for the fact that I rarely use that address and that doing this could cost $25/year, it would be tempting to sign up for their paid POP3 service and fire off a barrage of spam complaints from that acccount.) At least two of my prior e-mail addresses made "never ever spam these addresses" lists (unlike "remove" lists, these are actually heeded by a lot of spamming vermin), so I know that this can work. - -- Shawn K. Quinn -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+YTDnQVXDBVmaIp0RAtzXAJ99y1wdZ88mPDS3omb0pOhmewlO7wCfcLKt 0E6wneH73dezFUhKdw6bRMU= =9AeY -END PGP SIGNATURE-
Re: Did you *really* zeroize that key?
On Wednesday November 6 2002 10:22, Trei, Peter wrote: > What it really needs is the addition of a #pragma > dont_remove_this_code_you_bastard in the compiler. > Until then, a lot of security code will be affected by this problem. Somehow I don't think they'll quite call it this. But you've got to admit it is cute. :-) How about either: #pragma no_optimize or #pragma security -- Shawn K. Quinn
Re: What email encryption is actually in use?
On Saturday November 2 2002 11:09, Adam Shostack wrote: > I'd be interested to hear how often email content is protected by any > form of crypto, including IPsec, Starttls, ssh delivery, or PGP or > SMIME. There's probably an interesting paper in going out and > looking at this. I use GnuPG to the people I know that have it. Admittedly that number is rather low but I am working on raising it. My e-mail client will do SSL and TLS so most if not all of my messages are protected at least to and from the ISP's servers. I would like to use GnuPG (my OpenPGP application of choice) more often. Unfortunately the number of people that have it is too low to make this practical and providers like AOL making it very difficult to use encryption with their proprietary e-mail clients pushes the number even lower than it should be. Part of the problem is too many people not realizing that one sending e-mail in the clear means that one trusts their ISP's admins, the receiving ISP's admins, and anyone with root (or possibly even just physical access) on a network between them. All it takes is one untrustworthy person snooping on the wire and there goes your privacy. Granted, yes, it's a violation of laws like the ECPA (in the US) to do so, but when there are potentially dozens of people who could have divulged a message, how does one know who to prosecute? -- Shawn K. Quinn
anonymous remailers
If one has set up a new anonymous remailer, where is the best place to get the word out? Here or somewhere else? -- Shawn K. Quinn