Feds Want to Tap In-Flight Internet Communications
http://tinyurl.com/bgk6t Feds Want to Tap In-Flight Internet Communications By Gene J. Koprowski TechNewsWorld 07/15/05 9:15 AM PT Online WiFi service was first tested in 2003 by Boeing aboard a Lufthansa flight from Germany, and United Airlines was the first American carrier to move forward with in-flight WiFi. On board, the planes are equipped with wireless routers, making them WiFi hotspots, like a coffee house or a copy shop on the ground. The federal government is moving forward with a proposal to tap -- and track -- in-flight Internet communications, experts tell TechNewsWorld. The Federal Bureau of Investigation, teaming with the Department of Homeland Security, is petitioning the Federal Communications Commission Latest News about Federal Communications Commission, an independent agency, to change the rules so that law enforcement can more easily access satellite-based Internet communications on aircraft. Controlling Communications The feds seek the full ability to control all communications on the aircraft, according to James Dempsey, executive director of the Center for Democracy and Technology Latest News about Center for Democracy and Technology, a civil rights group, based in Washington D.C. The petition by the federal government may put a damper on enthusiasm for in-flight Internet service, an emerging niche. Online WiFi service was first tested in 2003 by Boeing (NYSE: BA) aboard a Lufthansa flight from Germany, and United Airlines was the first American carrier to move forward with in-flight WiFi. On board, the planes are equipped with wireless Sprint has the infrastructure in place to meet all your business communications needs. Efficient Travel Time Using Wireless Local Area Network (WLAN) technology, the airlines can deliver to passengers news, weather, stock market reports, and destination city information, via an onboard portal. To pay for the service, customers can use their frequent flier miles, or pay a service fee. The time spent onboard will now become more efficient and valuable for our customers, since they will be able to work online during flights, said Terje Christoffersen, group vice president, marketing, products and service, at TeliaSonera AB, a provider of telecom services in Denmark, Norway and Sweden. As the first airline to use the equipment, Lufthansa engineers in Hamburg, Germany had to secure approval from the European Joint Aviation Authority (JAA) for the project, while American carriers also had to seek regulatory approval in the United States. Intercept, Block, Reroute Federal law enforcement now wants to be able to intercept, block, or reroute e-mail to and from any airplane. There will be due process, however, as the feds are saying that they will only be able to read in-flight e-mail or instant messages after receiving a court order. According to the petition recently filed with the FCC, which regulates communications in the U.S., in-flight Internet Service Providers, like Boeing's Connexion project, would have to give the government access to a passenger's e-mail within 10 minutes of receiving a court order. New rules are being requested, moreover, to be able to identify passengers not just by the Internet Protocol address, but by their seat number, the petition said. The concern is that Islamic fundamentalist terrorists -- like those who attacked the World Trade Center and Pentagon, and, earlier this month, the London tube -- could use the Internet to plot an aircraft takeover, in-flight. Serious Concerns Another concern that seems to be straight out of a sci-fi movie is that terrorists could detonate explosives placed upon aircraft using the in-flight Internet systems. Makers of in-flight technologies, interestingly, have been advertising the fact that their products can be used to monitor passenger behavior too. One firm, Innovative Concepts , said its IDM V304 modem is used to transmit data in harsh environments, and that it understands that the Department of Homeland Security (DHS) is considering placing web cams throughout the passenger cabin area to monitor behavior in-flight. Passengers, however, may be alarmed to learn such potential uses for the technology are on the table at all. Applications like these may make your head snap with surprise, said Dempsey of the Center for Democracy and Technology.
How to Exit the Matrix
Network Forensics Evasion: How to Exit the Matrix https://n4ez7vf37i2yvz5g.onion/howtos/ExitTheMatrix/ Tor (tor.eff.org) required Privacy and anonymity have been eroded to the point of non-existence in recent years. In fact, in many workplaces, employers spy on and control their employees Internet access, and this practice is widely considered to be acceptable. How we got to a legal state where this is allowed, I'm not quite sure. It seems to stem from an underlying assumption that while you are at work, you are a slave - a single unit of economic output under the direct and total control of your superiors. I believe this view is wrong. This document seeks to provide the means to protect your right to privacy and anonymous net access anywhere, even under the most draconian of conditions - including, but not limited to, criminal investigation. So what are you saying? That I can dodge bullets? No.. What I am trying to tell you is that when you're ready, you won't have to.
RE: Terrorist-controlled cessna nearly attacks washington
You wrote: new terrorist target: Union Station You used a remailer for THAT?!! So what if he did? There's no requirement that people say insignificant stuff under their real name or real alias.
Terrorist-controlled cessna nearly attacks washington
http://reuters.myway.com/article/20050511/2005-05-11T173816Z_01_N11199658_RTRIDST_0_NEWS-SECURITY-WASHINGTON-DC.html WASHINGTON (Reuters) - Fighter jets scrambled over Washington and authorities hurriedly evacuated the White House and the U.S. Congress on Wednesday when an unidentified plane roamed into restricted airspace, sparking fears of a Sept. 11-style attack. The light private Cessna ignored calls from air traffic controllers and entered the restricted zone around Washington, coming within 3 miles of the Capitol before turning away, authorities said. The plane's approach sent at least two F-16 fighter jets into the air over the U.S. capital and hundreds of staff and tourists into the streets outside the Capitol building, White House and Supreme Court in an urgent evacuation. [...] Capitol police swiftly moved senators, aides, lobbyists and journalists toward Union Station, about two blocks away. Police used bullhorns to order onlookers near the Capitol to stay away from the building. new terrorist target: Union Station
RE: Terrorist-controlled cessna nearly attacks washington
You wrote: new terrorist target: Union Station You used a remailer for THAT?!! So what if he did? There's no requirement that people say insignificant stuff under their real name or real alias.
Re: Terrorist-controlled cessna nearly attacks washington
new terrorist target: Union Station You used a remailer for THAT?!! You used a pseudonym for THAT?!
Terrorist-controlled cessna nearly attacks washington
http://reuters.myway.com/article/20050511/2005-05-11T173816Z_01_N11199658_RTRIDST_0_NEWS-SECURITY-WASHINGTON-DC.html WASHINGTON (Reuters) - Fighter jets scrambled over Washington and authorities hurriedly evacuated the White House and the U.S. Congress on Wednesday when an unidentified plane roamed into restricted airspace, sparking fears of a Sept. 11-style attack. The light private Cessna ignored calls from air traffic controllers and entered the restricted zone around Washington, coming within 3 miles of the Capitol before turning away, authorities said. The plane's approach sent at least two F-16 fighter jets into the air over the U.S. capital and hundreds of staff and tourists into the streets outside the Capitol building, White House and Supreme Court in an urgent evacuation. [...] Capitol police swiftly moved senators, aides, lobbyists and journalists toward Union Station, about two blocks away. Police used bullhorns to order onlookers near the Capitol to stay away from the building. new terrorist target: Union Station
Re: Terrorist-controlled cessna nearly attacks washington
new terrorist target: Union Station You used a remailer for THAT?!! You used a pseudonym for THAT?!
Re: zombied ypherpunks (Re: Email Certification?)
And then, of course, in the off chance they can't actually break the message under that flag, they can merely send a guy out with binoculars or whatever. Don't forget about rubber-hose cryptanlysis. Rumour has it that method is preferred in many cases since it makes the code-breakers feel good by way of testosterone release. Guns. You may not be able to kill them, but you may be able to force them to kill you.
DTV Content Protection
DTV Content Protection Two content protection systems are in use to protect digital television (DTV) signals on the wires of American home video systems: HDCP and DTCP. HDCP is used for the most common digital cable connection to HD monitors, HDMI, which is a variant of DVI. DTCP is used for digital connections to video equipment, especially digital VCRs. It was originally designed for Firewire (aka iLink, aka IEEE-1394) but has been extended to USB-2 and Bluetooth, with IP in the works. Apparently monitors with both HDMI and Firewire connections would have to implement both. HDCP is described at http://www.digital-cp.com/ and DTCP at http://www.dtcp.com/. The full DTCP spec is still secret unless you are a licensee and the site has only limited information. The two systems are very different cryptographically. HDCP uses a 56-bit keyed stream cipher based on LFSRs. DTCP uses block ciphers, either a 56-bit key proprietary block cipher from Hitachi called M6, or AES with 128-bit keys. M6 is the default that all devices must implement. M6 uses an odd chaining mode called converted CBC which seems to chain the ciphertext into the next block's key material rather than the plaintext, possibly with an abbreviated key schedule. SKDH Here I want to focus on the key agreement protocol. Both systems use a similar approach which has never been formally presented or documented. For convenience I will call it SKDH, for Symmetric Key Diffie Hellman. SKDH has some properties of Diffie Hellman key exchange, but it uses simple addition operations rather than public key functions. It also has some properties of identity-based encryption, in that there is a master key center that issues the private keys to each device. However it is not secure against collusion by users who know their private keys, so would not be suitable for a true IBE system. DTCP has two key agreement protocols. There is a full protocol which is EC-DH (elliptic curve Diffie Hellman) and is mandatory for copy never content, ie. pay per view content. It also specifies a restricted protocol which is acceptable for copy once and copy no more content, that uses the SKDH technique described below. This will be much cheaper to implement for manufacturers and is probably used by typical recording devices. DHCP has just one key agreement protocol and it is of this new type as well. SKDH key agreement has not been published but it is presumed that it works as follows. There is a secret matrix which is known only to the agency that issues keys. Let us call this the Master Matrix, MM. The system is based on matrix algebra as follows: Pub1 * MM * Pub2 = shared key. Pub1 and Pub2 are vectors of 1's and 0's which are the public keys of the two devices, called key selection vectors or KSVs. Each device is issued such a vector, along with its private keys, which are defined as follows: Priv1 = Pub1 * MM Priv2 = MM * Pub2 Priv1 and Priv2 are vectors of numbers whose size depends on the values in MM. Details for the two known implementations are described below. By associativity, we have: Pub1 * MM * Pub2 = Priv1 * Pub2 = Pub1 * Priv1 = shared key. The two parties do a key exchange by giving each other their KSVs, the public Pub1 and Pub2 values. Each one then multiples the vector of 1's and 0's they received from the other side times their vector of Priv values. This amounts to simply adding the Priv values selected by the 1's received from the other side. Because of the relationship between the public and private values, this insures that both sides receive the same shared key. The analogy to Diffie Hellman which motivated the name SKDH should now be clear. Each side receives a public value from the other, combines it with its own private data, and creates a shared secret. In HDCP, the MM matrix is 40 by 40, and entries are 56 bits long. In DTCP, the MM matrix is 12 by 12, and entries are 64 bits long. The weakness of this system is that if the the private key vectors are published, they leak information about the MM matrix. In principle as few as 40 private/public key pairs could fully reveal MM in the case of HDCP, and as few as 12 in the case of DTCP. This makes the cryptographic scheme unsuitable for any widespread identity based encryption scheme; it will only work in a closed system like these, where manufacturers must take great pains to keep their private keys secret. Attacks on HDCP Several attacks have been published and unpublished on HDCP. The most famous is from Niels Ferguson, who has announced an attack but will not publish it for the reasons described at http://www.macfergus.com/niels/dmca/cia.html. According to Ferguson: HDCP is fatally flawed. My results show that an experienced IT person can recover the HDCP master key in about 2 weeks using four computers and 50 HDCP displays. Once you know the master key, you can decrypt any movie, impersonate any HDCP device, and even create new HDCP devices that will
Re: Golden Triangle Drug Traffic Arbitrage?
Tyler Durden writes: An interesting though I had last night was that the Drug trade in the Golden Triangle (Burma, China, Thailand, etc...) might exist for precisely this reason...in other words, as a form of arbitrage of sorts between the actual local cost of goods and services and manpower and exchange rates of the US dollar. Heroin is an ideal medium for arbitrage, as it's price is almost a pure function of supply and demand (as opposed to cost of material). It can fluctuate with the currency markets and as a result forms a sort of 'common denominator' for translating local wealth back into international, 'real' wealth. In other words, the drug trade is a direct result of government intervention in the currency markets. Of course, if May were here (may his soul roast in the hell of lesser lists) he'd say this was 'obvious'... Actually, Tim May has some understanding of economics. The notion that heroin is an ideal medium for arbitrage because its price is a pure function of supply and demand (as opposed to cost of material) betrays a deep and abiding ignorance. All commodities that exist outside of government regulation have prices that are functions of supply and demand. Heroin is no different than any other commodity in that regard. The notion that heroin has no cost of material is especially absurd. Do you think they can just conjure it up out of thin air? Nonsense. Heroin, like any other commodity, has significant costs to create, and those are what controls its supply. One difference with heroin is that it has very high costs to transport and distribute, relative to its creation costs. That actually makes it worse for arbitrage. Arbitrage depends on making a profit due to regional price differences. But in the case of heroin, price differentials are often reasonable and reflect the local costs of distributing and selling it. Heroin may be cheap in one place and expensive in another, but that does not signal a profitable arbitrage opportunity; rather, it merely reflects the differing costs of doing business in those regions. If the yuan is actually cheaper than it should be because of being pegged to the dollar, there's a much easier way to take advantage of the arbitrage opportunity: simply buy goods in China and sell them in America. And guess what, thousands of Chinese export companies do just that, making money off the economic downhill slide that China has erected spanning the Pacific. This effectively forces Chinese workers to be paid less than they are worth, decreasing their savings and acting as an economic stimulus for China as a whole.
Re: Golden Triangle Drug Traffic Arbitrage?
Tyler Durden writes: An interesting though I had last night was that the Drug trade in the Golden Triangle (Burma, China, Thailand, etc...) might exist for precisely this reason...in other words, as a form of arbitrage of sorts between the actual local cost of goods and services and manpower and exchange rates of the US dollar. Heroin is an ideal medium for arbitrage, as it's price is almost a pure function of supply and demand (as opposed to cost of material). It can fluctuate with the currency markets and as a result forms a sort of 'common denominator' for translating local wealth back into international, 'real' wealth. In other words, the drug trade is a direct result of government intervention in the currency markets. Of course, if May were here (may his soul roast in the hell of lesser lists) he'd say this was 'obvious'... Actually, Tim May has some understanding of economics. The notion that heroin is an ideal medium for arbitrage because its price is a pure function of supply and demand (as opposed to cost of material) betrays a deep and abiding ignorance. All commodities that exist outside of government regulation have prices that are functions of supply and demand. Heroin is no different than any other commodity in that regard. The notion that heroin has no cost of material is especially absurd. Do you think they can just conjure it up out of thin air? Nonsense. Heroin, like any other commodity, has significant costs to create, and those are what controls its supply. One difference with heroin is that it has very high costs to transport and distribute, relative to its creation costs. That actually makes it worse for arbitrage. Arbitrage depends on making a profit due to regional price differences. But in the case of heroin, price differentials are often reasonable and reflect the local costs of distributing and selling it. Heroin may be cheap in one place and expensive in another, but that does not signal a profitable arbitrage opportunity; rather, it merely reflects the differing costs of doing business in those regions. If the yuan is actually cheaper than it should be because of being pegged to the dollar, there's a much easier way to take advantage of the arbitrage opportunity: simply buy goods in China and sell them in America. And guess what, thousands of Chinese export companies do just that, making money off the economic downhill slide that China has erected spanning the Pacific. This effectively forces Chinese workers to be paid less than they are worth, decreasing their savings and acting as an economic stimulus for China as a whole.
MD5 collision method published
At last, the secret of how to make MD5 collisions is out! See http://cryptography.hyperlink.cz/MD5_collisions.html. This includes the Wang report, probably the one which will be presented at Eurocrypt: http://www.infosec.sdu.edu.cn/paper/md5-attack.pdf. As a bonus, it includes an independent reconstruction of the attack by Vlastimil Klima, http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf. The attack has two parts: finding a first block which almost collides, then finding a second block which eliminates the differences left after the first block. Klima claims that his method is much faster for the first part, taking only 2 minutes compared to an hour for the Wang method. However he was not able to match the Wang performance for the second part; his method is 80 times slower for that. He predicts: It may be expected that after publishing the Chinese method the overall time for finding a complete collision can fall down to as less as 2 minutes on a PC notebook. Well, now Wang has published her method, linked there on Klima's web site, and so it should be possible in principle to put them both together. No source code is published, but we can create it from the papers. I guess I know what I'll be hacking on this weekend!
MD5 collision method published
At last, the secret of how to make MD5 collisions is out! See http://cryptography.hyperlink.cz/MD5_collisions.html. This includes the Wang report, probably the one which will be presented at Eurocrypt: http://www.infosec.sdu.edu.cn/paper/md5-attack.pdf. As a bonus, it includes an independent reconstruction of the attack by Vlastimil Klima, http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf. The attack has two parts: finding a first block which almost collides, then finding a second block which eliminates the differences left after the first block. Klima claims that his method is much faster for the first part, taking only 2 minutes compared to an hour for the Wang method. However he was not able to match the Wang performance for the second part; his method is 80 times slower for that. He predicts: It may be expected that after publishing the Chinese method the overall time for finding a complete collision can fall down to as less as 2 minutes on a PC notebook. Well, now Wang has published her method, linked there on Klima's web site, and so it should be possible in principle to put them both together. No source code is published, but we can create it from the papers. I guess I know what I'll be hacking on this weekend!
Re: SEC probing ChoicePoint stock sales
R.A. Hettinga wrote: http://www.msnbc.msn.com/id/7087572/print/1/displaymode/1098/ While this is marginally more cypherpunks-related than Hunter Thompson's suicide, I think we're all capable of reading the daily headlines if we care about the SEC investigation du jour.
End of a cypherpunk era?
Ian Grigg writes at http://www.financialcryptography.com/mt/archives/000381.html: : FC exile finds home as Caribbean Brit : : Vince Cate (writes Ray Hirschfeld) created a stir a number of years ago : by relocating to the Caribbean island nation of Anguilla, purchasing a : Mozambique passport-of-convenience, and renouncing his US citizenship : in the name of cryptographic and tax freedom. : : Last Thursday I attended a ceremony (the first of its kind in Anguilla) : at which he received his certificate of British citizenship. : : But Vince's solemn affirmation of allegiance to Queen Elizabeth, her : heirs and successors was done for practical rather than ideological : reasons. Since giving up his citizenship, the US has refused to grant : him a visa to visit his family there, or even to accompany his wife to : St. Thomas for her recent kidney surgery. Now as a British citizen he : expects to qualify for the US visa waiver program. : : Is this the end of an era, a defining cypherpunk moment? Cypherpunk responds in the comments: I never saw this kind of thing as being central to the cypherpunk concept. In fact, to me it seems like the wrong direction to go. The point of being a cypherpunk is to live in cypherspace, the mythical land where online interactions dominate and we can use information theory and mathematics to protect ourselves. Of course, cypherspace is inevitably grounded in the physical world, so we have to use anonymous remailers and proxies to achieve our goals. But escaping overseas is granting too much to the primacy of the physical. It would be better for Vince Cate and other expats to help create anonymizing technology and other infrastructure to allow people to work and play freely in the online world. And tying it back to this blog, the gold at the end of the cipherpunk rainbow is a payment system which can be deployed and exploited anonymously. That's hard, for many reasons, not least because most people are happy and eager to share information goods for free. Modern-day online communism (creative commons, open source, etc) actually undercuts cypherpunk goals by reducing the need and motivation for anonymous payment systems. How can you buy and sell information goods online, when everyone gives everything away freely?
Re: End of a cypherpunk era?
EMC writes: Loudly renouncing ones citizenship is a lot less effective in destroying the infrastructure of oppression, than anonymously telling everyone in the world how they can make a 20 megaton thermonuclear explosion working for a few years in their basement using only non-radioactive materials that can never be made illegal to own. That would certainly be conducive to destruction, but I imagine we'd see a lot more than just the infrastructure of oppression being destroyed in such a world. The problem, vs your dolphins, is that nukes can be delivered anonymously, hence used without fear of retribution. There are two types of societies in the world. Those in which everyone has a deadly weapon that can never be take away, and against which there is no defense. And those in which everyone has an inpenetrable shield that can never be taken away, and against which no weapon is effective. No, I don't think every society in the world falls into one of these two categories. Don't you recognize that we live in a world where there are neither perfect shields nor perfect weapons? Dolphins are an example of the former. Usenet is an example of the latter. Dolphins are polite, friendly, and respectful of eachother, and no group of dolphins can ever form a government to oppress the rest of them. We should try to be more like dolphins in cypherspace, while attracting as little attention to ourselves in other places. Unfortunately, cypherspace even more than cyberspace tends towards the perfect-shield side of the equation. You can't harm a person if your only interactions are anonymous communications. About the worst you can give him is a stern talking-to. If your social analysis is correct, then cypherpunk technologies are going to make online interactions even less polite, friendly and respectful. Still, if we could achieve mutual respect and freedom in the physical world, we would happily pay the price of increased rudeness online.
End of a cypherpunk era?
Ian Grigg writes at http://www.financialcryptography.com/mt/archives/000381.html: : FC exile finds home as Caribbean Brit : : Vince Cate (writes Ray Hirschfeld) created a stir a number of years ago : by relocating to the Caribbean island nation of Anguilla, purchasing a : Mozambique passport-of-convenience, and renouncing his US citizenship : in the name of cryptographic and tax freedom. : : Last Thursday I attended a ceremony (the first of its kind in Anguilla) : at which he received his certificate of British citizenship. : : But Vince's solemn affirmation of allegiance to Queen Elizabeth, her : heirs and successors was done for practical rather than ideological : reasons. Since giving up his citizenship, the US has refused to grant : him a visa to visit his family there, or even to accompany his wife to : St. Thomas for her recent kidney surgery. Now as a British citizen he : expects to qualify for the US visa waiver program. : : Is this the end of an era, a defining cypherpunk moment? Cypherpunk responds in the comments: I never saw this kind of thing as being central to the cypherpunk concept. In fact, to me it seems like the wrong direction to go. The point of being a cypherpunk is to live in cypherspace, the mythical land where online interactions dominate and we can use information theory and mathematics to protect ourselves. Of course, cypherspace is inevitably grounded in the physical world, so we have to use anonymous remailers and proxies to achieve our goals. But escaping overseas is granting too much to the primacy of the physical. It would be better for Vince Cate and other expats to help create anonymizing technology and other infrastructure to allow people to work and play freely in the online world. And tying it back to this blog, the gold at the end of the cipherpunk rainbow is a payment system which can be deployed and exploited anonymously. That's hard, for many reasons, not least because most people are happy and eager to share information goods for free. Modern-day online communism (creative commons, open source, etc) actually undercuts cypherpunk goals by reducing the need and motivation for anonymous payment systems. How can you buy and sell information goods online, when everyone gives everything away freely?
Re: End of a cypherpunk era?
EMC writes: Loudly renouncing ones citizenship is a lot less effective in destroying the infrastructure of oppression, than anonymously telling everyone in the world how they can make a 20 megaton thermonuclear explosion working for a few years in their basement using only non-radioactive materials that can never be made illegal to own. That would certainly be conducive to destruction, but I imagine we'd see a lot more than just the infrastructure of oppression being destroyed in such a world. The problem, vs your dolphins, is that nukes can be delivered anonymously, hence used without fear of retribution. There are two types of societies in the world. Those in which everyone has a deadly weapon that can never be take away, and against which there is no defense. And those in which everyone has an inpenetrable shield that can never be taken away, and against which no weapon is effective. No, I don't think every society in the world falls into one of these two categories. Don't you recognize that we live in a world where there are neither perfect shields nor perfect weapons? Dolphins are an example of the former. Usenet is an example of the latter. Dolphins are polite, friendly, and respectful of eachother, and no group of dolphins can ever form a government to oppress the rest of them. We should try to be more like dolphins in cypherspace, while attracting as little attention to ourselves in other places. Unfortunately, cypherspace even more than cyberspace tends towards the perfect-shield side of the equation. You can't harm a person if your only interactions are anonymous communications. About the worst you can give him is a stern talking-to. If your social analysis is correct, then cypherpunk technologies are going to make online interactions even less polite, friendly and respectful. Still, if we could achieve mutual respect and freedom in the physical world, we would happily pay the price of increased rudeness online.
Re: Jeff Jacoby: An inglorious suicide
R.A. Hettinga spoke thusly... http://www.townhall.com/columnists/jeffjacoby/printjj20050304.shtml Townhall.com An inglorious suicide Jeff Jacoby (back to web version) | Send March 4, 2005 Hunter Thompson's suicide was an act of selfishness and cruelty. But more depraved by far has been the celebration of that suicide by those who supposedly loved or admired him. What does this have to do with cypherpunks? This is not your personal blog. Most of the list traffic is forwarded or cross-posted news articles, but how is HST's suicide remotely on-topic? It's not as if every possible angle on HST's suicide hasn't already been covered by the press.
Re: SEC probing ChoicePoint stock sales
R.A. Hettinga wrote: http://www.msnbc.msn.com/id/7087572/print/1/displaymode/1098/ While this is marginally more cypherpunks-related than Hunter Thompson's suicide, I think we're all capable of reading the daily headlines if we care about the SEC investigation du jour.
Re: Jeff Jacoby: An inglorious suicide
R.A. Hettinga spoke thusly... http://www.townhall.com/columnists/jeffjacoby/printjj20050304.shtml Townhall.com An inglorious suicide Jeff Jacoby (back to web version) | Send March 4, 2005 Hunter Thompson's suicide was an act of selfishness and cruelty. But more depraved by far has been the celebration of that suicide by those who supposedly loved or admired him. What does this have to do with cypherpunks? This is not your personal blog. Most of the list traffic is forwarded or cross-posted news articles, but how is HST's suicide remotely on-topic? It's not as if every possible angle on HST's suicide hasn't already been covered by the press.
What is a cypherpunk?
Justin writes: No, I want the right to fair use of material I buy. If someone sells DRM-only material, I won't buy it at anything approaching non-DRM prices. In some cases, I won't buy it at all. Well, that's fine, nobody's forcing you to buy anything. But try to think about this from a cypherpunk perspective. Fair use is a government oriented concept. Cypherpunks generally distrust the collectivist wisdom of Big Brother governments. What fair use amounts to is an intrustion of government regulation into a private contractual arrangement. It is saying that two people cannot contract away the right to excerpt a work for purposes of commentary or criticism. It says that such contracts are invalid and unenforceable. Now, maybe you think that is good. Maybe you think minimum wage is good, a similar imposition of government regulation to prevent certain forms of contracts. Maybe you think that free speech codes are good. Maybe you support all kinds of government regulations that happen to agree with your ideological preferences. If so, you are not a cypherpunk. May I ask, what the hell are you doing here? Cypherpunks support the right and ability of people to live their own lives independent of government control. This is the concept of crypto anarchy. See that word? Anarchy - it means absence of government. It means freedom to make your own rules. But part of the modern concept of anarchy is that ownership of the self implies the ability to make contracts and agreements to limit your own actions. A true anarchic condition is one in which people are absolutely free to make whatever contracts they choose. They can even make evil, immoral, wicked contracts that people like you do not approve of. They can be racists, like Tim May. They can avoid paying their taxes. They can take less money than minimum wage for their work. They can practice law or medicine without a license. And yes, they can agree to DRM restrictions and contract away their so-called fair use rights. One of the saddest things I've seen on this list, and I've seen it many times, is when people say that the laws of their country give them the right to ignore certain contractual elements that they have agreed to. They think that it's morally right for them to ignore DRM or limitations on fair use, because their government said so. I can't describe how appalling I consider this view. That anyone, in this day and age, could consider _government_ as an arbiter of morality is so utterly bizarre as to be incredible. And yet not only is this view common, it is even expressed here on this list, among people who supposedly have a distrust and suspicion of government. I can only assume that the ideological focus of this mailing list has been lost over the years. Newcomers have no idea what it means to be a cypherpunk, no sense of the history and purpose which originally drove the movement. They blindly accept what they have been force-fed in government-run schools, that government is an agency for good. That's one interpretation. The other is worse. It's that people on this list have sold out their beliefs, their ideals, and their morality. What was the bribe offered to them to make them turn away from the moral principles which brought them to this list originally? What was so valuable that they would discard their belief in self ownership in favor of a collectivist worship of government morality? Simply this: free music and movies. The lure of being able to download first MP3s and now video files has been so great that even cypherpunks, the supposed defenders of individual rights and crypto anarchy, are willing to break their word, violate their contracts, lie and cheat and steal in order to feed their addictive habit. They are willing to do and say anything they have to in order to get access to those files. They don't feel the slightest bit of guilt when they download music and movies in direct contradiction to the expressed desire of the people who put their heart and soul into creating those works. They willingly take part in a vast criminal enterprise, an enormous machine which takes from the most creative members of our society without offering anything in return. And this enterprise is criminal not by the standards of any government or legal code, but by the standards of the morality which is the essence of the cypherpunk worldview: the standard of self ownership, of abiding by one's word, of honoring one's agreements. This poisonous activity has penetrated to all parts of internet based society, and its influence has stolen away what honor the cypherpunks once possessed. Its toxic morality ensures that cypherpunks can no longer present a consistent philosophy, that there is nothing left but meaningless paranoid rantings. I challenge anyone here to answer the question of what it means to be a cypherpunk. What are your goals? What is your philosophy? Do you even recognize the notion of right and
Re: Dell to Add Security Chip to PCs
As far as the question of malware exploiting TC, it's difficult to evaulate without knowing more details about how the technology ends up being used. First there was TCPA, which is now called TCG. Microsoft spun off their own version called Palladium, then NGSCB. But then Microsoft withdrew NGSCB, and at this point I have no idea whether they will ever offer a new approach. Microsoft offered four concepts for its vision, but only two of them are in the current TCG: Sealed Storage and Remote Attestation. Microsoft's additional features are Trusted I/O and Process Isolation. It's possible that TCG may incorporate these eventually, because without them the security offered by TC is much more limited. Microsoft's vision for application development under NGSCB involved splitting programs into two parts, which they called the left hand side (LHS) and right hand side (RHS). The LHS was the legacy program, which had access to the entire Windows API. It would be responsible for user interface, I/O, and any non-secure features. The RHS was the new stuff; it would run in a special partitioned memory that could not be accessed even by the OS. However the RHS would not have access to the full Windows API, and instead would only get very limited OS support from a mini-kernel called the Nexus. The goal was to publish the source of the Nexus for review and to have it be simple and clean enough to be secure. Applications would do their security stuff in the RHS modules, which were called Nexus Computing Agents (NCAs). These could use the other TPM features. They could encrypt data such that only that NCA could decyrpt it; and they could attest to a remote server or peer about exactly what NCA was running. NCAs would also have some kind of secure I/O channel to input and display devices. An NCA would be immune to molestation by virus and malware unless the virus got into the NCA itself, which would be hard because they were supposed to be relatively small and simple. Infections elsewhere in the program, in the OS, or in other NCAs would not propagate to an NCA. Microsoft's design was sophisticated and (IMO) elegant, and goes far beyond anything the clumsy, design-by-committee TCG has come up with yet. Yet NGSCB failed even before it was released. Experience from early beta testers was uniformly negative, according to press reports, and the project was pulled for a redesign. Nothing has been heard of it for a year now. The problem was apparently that this LHS/RHS design was unacceptable to developers, introducing complexity and requiring a substantial rewrite of existing applications. The RHS Nexus API was so primitive that it was hard to do anything useful there, while LHS functionality was completely unprotected and received no benefits from the new technology. So that's where we stand. Given this uncertainty, it is hard to credit those who claim that TC will be a golden opportunity for malware. Nobody really knows what the architecture of TC will be by the time it is released. In this respect, Bruce Schneier's comments were the most accurate and prescient. Over two years ago he advised adopting a wait and see attitude, and predicted exactly the kind of revamping and redesign which is currently underway. But for the purposes of analysis, let's suppose that Microsoft's original vision were intact, and that NGSCB with the four features were actually being deployed. How might Dan Kaminsky's scenario of an infected Microsoft Word work out in detail? First we need to consider how the LHS/RHS split might work for a word processor. Most functions are not security related and will be in the LHS. Let's imagine a security function. Suppose a company wants to have certain documents to always be saved encrypted, and only to be exchanged (in encrypted form) with other employees also running the secure Word program. Nobody would be able to get access to the data except via this special program. This could be useful for company-confidental docs. So we will have an NCA on the RHS which can, under the guidance of some policy, save documents in encrypted form and locked to the NCA. No other software will be able to decrypt them because of the Sealed Storage function of the TPM. NCA's can exchange documents with matching NCAs on other computers, using Remote Attestation to verify that the remote system is running the right software, and to set up a secure comm channel between the NCAs. No other software, not even the LHS of Word, could decrypt the data being exchanged between the NCAs. And the NCAs run in secure memory, so that even in an infected computer there will be no way for the malware to get access to the sensitive data. So how does Kaminsky's attack work? He proposes to give some bogus data to the NCA and infect it. Now, here's the problem. The NCA is a relative small and simple program. It's not going to have the full capabilities of the rest of Word. It has a clean interface and a clean
Re: Dell to Add Security Chip to PCs
Eric Murray writes: The TCPA chip verifies the (signature on the) BIOS and the OS. So the software driver is the one that's trusted by the TCPA chip. I don't believe this is correct. The TPM does not verify any signatures. It is fundamentally a passive chip. Its only job is to store hashes of software components that the BIOS, boot loader and OS report to it. It can then report those hashes in attestations, or perform crypto sealing and unsealing operations in such a way that sealed data is locked to those hashes, and can't be unsealed if the hashes are different. and then asks: I have an application for exactly that behaviour. It's a secure appliance. Users don't run code on it. It needs to be able to verify that it's running the authorized OS and software and that new software is authorized. (it does it already, but a TCPA chip might do it better). So a question for the TCPA proponents (or opponents): how would I do that using TCPA? You might want to look at enforcer.sourceforge.net for some ideas. They created a Tripwire-like system which does a secure boot and compares the software that is loaded with approved versions. I don't remember if they used signatures or hashes for the comparison but presumably either one could be made to work. Marcel Popescu's message was mostly content free (I love the way he thinks its OK to lie as long as it's in English! - remind me never to trust this guy) but he did ask one non-rethorical question: Name other five (out of the most) laptop companies offering this chip in their laptops. (This is NOT rethorical, I'm really curious.) IBM T43 and Thinkpads (over 16 million TPMs shipped as of last year). HP/Compaq nc6000, nc8000, nw8000, nc4010 notebooks. Toshiba Dynabook SS LX, Tecra M3 and Portege M205-S810. Fujitsu Lifebook S7010 and LifeBook E8000 laptops; T4000 and ST5020 tablets. Samsung X-Series. NEC VersaPro/VersaProJ. and now Dell Latitude D410, D610 and D810.
What is a cypherpunk?
Justin writes: No, I want the right to fair use of material I buy. If someone sells DRM-only material, I won't buy it at anything approaching non-DRM prices. In some cases, I won't buy it at all. Well, that's fine, nobody's forcing you to buy anything. But try to think about this from a cypherpunk perspective. Fair use is a government oriented concept. Cypherpunks generally distrust the collectivist wisdom of Big Brother governments. What fair use amounts to is an intrustion of government regulation into a private contractual arrangement. It is saying that two people cannot contract away the right to excerpt a work for purposes of commentary or criticism. It says that such contracts are invalid and unenforceable. Now, maybe you think that is good. Maybe you think minimum wage is good, a similar imposition of government regulation to prevent certain forms of contracts. Maybe you think that free speech codes are good. Maybe you support all kinds of government regulations that happen to agree with your ideological preferences. If so, you are not a cypherpunk. May I ask, what the hell are you doing here? Cypherpunks support the right and ability of people to live their own lives independent of government control. This is the concept of crypto anarchy. See that word? Anarchy - it means absence of government. It means freedom to make your own rules. But part of the modern concept of anarchy is that ownership of the self implies the ability to make contracts and agreements to limit your own actions. A true anarchic condition is one in which people are absolutely free to make whatever contracts they choose. They can even make evil, immoral, wicked contracts that people like you do not approve of. They can be racists, like Tim May. They can avoid paying their taxes. They can take less money than minimum wage for their work. They can practice law or medicine without a license. And yes, they can agree to DRM restrictions and contract away their so-called fair use rights. One of the saddest things I've seen on this list, and I've seen it many times, is when people say that the laws of their country give them the right to ignore certain contractual elements that they have agreed to. They think that it's morally right for them to ignore DRM or limitations on fair use, because their government said so. I can't describe how appalling I consider this view. That anyone, in this day and age, could consider _government_ as an arbiter of morality is so utterly bizarre as to be incredible. And yet not only is this view common, it is even expressed here on this list, among people who supposedly have a distrust and suspicion of government. I can only assume that the ideological focus of this mailing list has been lost over the years. Newcomers have no idea what it means to be a cypherpunk, no sense of the history and purpose which originally drove the movement. They blindly accept what they have been force-fed in government-run schools, that government is an agency for good. That's one interpretation. The other is worse. It's that people on this list have sold out their beliefs, their ideals, and their morality. What was the bribe offered to them to make them turn away from the moral principles which brought them to this list originally? What was so valuable that they would discard their belief in self ownership in favor of a collectivist worship of government morality? Simply this: free music and movies. The lure of being able to download first MP3s and now video files has been so great that even cypherpunks, the supposed defenders of individual rights and crypto anarchy, are willing to break their word, violate their contracts, lie and cheat and steal in order to feed their addictive habit. They are willing to do and say anything they have to in order to get access to those files. They don't feel the slightest bit of guilt when they download music and movies in direct contradiction to the expressed desire of the people who put their heart and soul into creating those works. They willingly take part in a vast criminal enterprise, an enormous machine which takes from the most creative members of our society without offering anything in return. And this enterprise is criminal not by the standards of any government or legal code, but by the standards of the morality which is the essence of the cypherpunk worldview: the standard of self ownership, of abiding by one's word, of honoring one's agreements. This poisonous activity has penetrated to all parts of internet based society, and its influence has stolen away what honor the cypherpunks once possessed. Its toxic morality ensures that cypherpunks can no longer present a consistent philosophy, that there is nothing left but meaningless paranoid rantings. I challenge anyone here to answer the question of what it means to be a cypherpunk. What are your goals? What is your philosophy? Do you even recognize the notion of right and
Re: Dell to Add Security Chip to PCs
As far as the question of malware exploiting TC, it's difficult to evaulate without knowing more details about how the technology ends up being used. First there was TCPA, which is now called TCG. Microsoft spun off their own version called Palladium, then NGSCB. But then Microsoft withdrew NGSCB, and at this point I have no idea whether they will ever offer a new approach. Microsoft offered four concepts for its vision, but only two of them are in the current TCG: Sealed Storage and Remote Attestation. Microsoft's additional features are Trusted I/O and Process Isolation. It's possible that TCG may incorporate these eventually, because without them the security offered by TC is much more limited. Microsoft's vision for application development under NGSCB involved splitting programs into two parts, which they called the left hand side (LHS) and right hand side (RHS). The LHS was the legacy program, which had access to the entire Windows API. It would be responsible for user interface, I/O, and any non-secure features. The RHS was the new stuff; it would run in a special partitioned memory that could not be accessed even by the OS. However the RHS would not have access to the full Windows API, and instead would only get very limited OS support from a mini-kernel called the Nexus. The goal was to publish the source of the Nexus for review and to have it be simple and clean enough to be secure. Applications would do their security stuff in the RHS modules, which were called Nexus Computing Agents (NCAs). These could use the other TPM features. They could encrypt data such that only that NCA could decyrpt it; and they could attest to a remote server or peer about exactly what NCA was running. NCAs would also have some kind of secure I/O channel to input and display devices. An NCA would be immune to molestation by virus and malware unless the virus got into the NCA itself, which would be hard because they were supposed to be relatively small and simple. Infections elsewhere in the program, in the OS, or in other NCAs would not propagate to an NCA. Microsoft's design was sophisticated and (IMO) elegant, and goes far beyond anything the clumsy, design-by-committee TCG has come up with yet. Yet NGSCB failed even before it was released. Experience from early beta testers was uniformly negative, according to press reports, and the project was pulled for a redesign. Nothing has been heard of it for a year now. The problem was apparently that this LHS/RHS design was unacceptable to developers, introducing complexity and requiring a substantial rewrite of existing applications. The RHS Nexus API was so primitive that it was hard to do anything useful there, while LHS functionality was completely unprotected and received no benefits from the new technology. So that's where we stand. Given this uncertainty, it is hard to credit those who claim that TC will be a golden opportunity for malware. Nobody really knows what the architecture of TC will be by the time it is released. In this respect, Bruce Schneier's comments were the most accurate and prescient. Over two years ago he advised adopting a wait and see attitude, and predicted exactly the kind of revamping and redesign which is currently underway. But for the purposes of analysis, let's suppose that Microsoft's original vision were intact, and that NGSCB with the four features were actually being deployed. How might Dan Kaminsky's scenario of an infected Microsoft Word work out in detail? First we need to consider how the LHS/RHS split might work for a word processor. Most functions are not security related and will be in the LHS. Let's imagine a security function. Suppose a company wants to have certain documents to always be saved encrypted, and only to be exchanged (in encrypted form) with other employees also running the secure Word program. Nobody would be able to get access to the data except via this special program. This could be useful for company-confidental docs. So we will have an NCA on the RHS which can, under the guidance of some policy, save documents in encrypted form and locked to the NCA. No other software will be able to decrypt them because of the Sealed Storage function of the TPM. NCA's can exchange documents with matching NCAs on other computers, using Remote Attestation to verify that the remote system is running the right software, and to set up a secure comm channel between the NCAs. No other software, not even the LHS of Word, could decrypt the data being exchanged between the NCAs. And the NCAs run in secure memory, so that even in an infected computer there will be no way for the malware to get access to the sensitive data. So how does Kaminsky's attack work? He proposes to give some bogus data to the NCA and infect it. Now, here's the problem. The NCA is a relative small and simple program. It's not going to have the full capabilities of the rest of Word. It has a clean interface and a clean
Re: Dell to Add Security Chip to PCs
Eric Murray writes: The TCPA chip verifies the (signature on the) BIOS and the OS. So the software driver is the one that's trusted by the TCPA chip. I don't believe this is correct. The TPM does not verify any signatures. It is fundamentally a passive chip. Its only job is to store hashes of software components that the BIOS, boot loader and OS report to it. It can then report those hashes in attestations, or perform crypto sealing and unsealing operations in such a way that sealed data is locked to those hashes, and can't be unsealed if the hashes are different. and then asks: I have an application for exactly that behaviour. It's a secure appliance. Users don't run code on it. It needs to be able to verify that it's running the authorized OS and software and that new software is authorized. (it does it already, but a TCPA chip might do it better). So a question for the TCPA proponents (or opponents): how would I do that using TCPA? You might want to look at enforcer.sourceforge.net for some ideas. They created a Tripwire-like system which does a secure boot and compares the software that is loaded with approved versions. I don't remember if they used signatures or hashes for the comparison but presumably either one could be made to work. Marcel Popescu's message was mostly content free (I love the way he thinks its OK to lie as long as it's in English! - remind me never to trust this guy) but he did ask one non-rethorical question: Name other five (out of the most) laptop companies offering this chip in their laptops. (This is NOT rethorical, I'm really curious.) IBM T43 and Thinkpads (over 16 million TPMs shipped as of last year). HP/Compaq nc6000, nc8000, nw8000, nc4010 notebooks. Toshiba Dynabook SS LX, Tecra M3 and Portege M205-S810. Fujitsu Lifebook S7010 and LifeBook E8000 laptops; T4000 and ST5020 tablets. Samsung X-Series. NEC VersaPro/VersaProJ. and now Dell Latitude D410, D610 and D810.
Re: Dell to Add Security Chip to PCs
I spent considerable time a couple years ago on these lists arguing that people should have the right to use this technology if they want. I also believe that it has potential good uses. But let's be accurate. Please stop relaying FUD. You have full control over your PC, even if this one is equiped with a TCPA chip. See the TCPA chip as a hardware security module integrated into your PC. An API exists to use it, and one if the functions of this API is 'take ownership', which has the effect of erasing it and regenerating new internal keys. It is not true that the TPM_TakeOwnership command erases and regenerates the internal keys. It does generate a new Storage Root Key, which is used for encrypting local data. But the main controversy around TC is the Remote Attestation feature. That uses a key called the Endorsement Key, EK. It is an RSA public key generated on chip at manufacture time, before it comes into the user's hands. The manufacturer issues a certificate on the public part of the EK, called the PUBEK. This key is then used (in a somewhat roundabout manner) to issue signed statements which attest to the software state of the machine. These attestations are what allow a remote server to know if you are running a client software configuration which the server finds acceptable, allowing the server to refuse service to you if it doesn't like what you're running. And this is the foundation for DRM. The point is that the user can't change the PUBEK. Only one is generated per chip, and that is the only one which gets a certificate from the manufacturer. The private part of this key never leaves the chip and no one, not the user and not the manufacturer, ever learns the private key. Now, my personal perspective on this is that this is no real threat. It allows people who choose to use the capability to issue reasonably credible and convincing statements about their software configuration. Basically it allows people to tell the truth about their software in a convincing way. Anyone who is threatened by the ability of other people to tell the truth should take a hard look at his own ethical standards. Honesty is no threat to the world! The only people endangered by this capability are those who want to be able to lie. They want to agree to contracts and user agreements that, for example, require them to observe DRM restrictions and copyright laws, but then they want the power to go back on their word, to dishonor their commitment, and to lie about their promises. An honest man is not affected by Trusted Computing; it would not change his behavior in any way, because he would be as bound by his word as by the TC software restrictions. But I guess Cypherpunks are rogues, theives and liars, if my earlier interactions with them are any guide. It's an ironic and unfortunate turn for an organization originally devoted to empowering end users to use new cryptographic technologies in favor of what was once called crypto anarchy. TC is the ultimate manifestation of anarchic behavior, a technology which is purely voluntary and threatens no one, which allows people to make new kinds of contracts and commitments that no one else should have the right to oppose. And yet Cypherpunks are now arch collectivists, fighting the right of private individuals and companies to make their own choices about what technologies to use. How the worm has turned. Another poster writes: Please stop relaying pro-DRM pabulum. The only reason for Nagscab is restricting the user's rights to his own files. Of course there are other reasons for having crypto compartments in your machine, but the reason Dell/IBM is rolling them out is not that. A sad illustration of the paranoia and blinkered groupthink so prevalant on this mailing list today. Imagine, Dell is providing this chip as part of a vast conspiracy to restrict the user's rights to his own files. Anyone whose grasp on reality is so poor as to believe this deserves what he gets. The truth is, frankly, that Dell is providing this chip on their laptops simply because laptop owners like the idea of having a security chip, most other laptop companies offer them, and the TCG is the main player in this space. Dell is neither seeking to advance my liberatarian goals nor promoting the conspiracy-theorist vision of taking away people's control over their computers. The truth is far more mundane.
Re: happy newyear's eve
Reagan, Ronald Wilson unres 1911-02-06 2004-06-05 U.S. president Reagan's ssn is 480-07-7456.
mail2news gateways?
Are there any in the remailerspace still operating? Google fails me, after following so many dead links from dying pages. Specifically want to route to alt.anonymous.messages.
State of Fear by Michael Crichton
Just finished reading it (It was a Christmas present). The story involves the heroes foiling a plot by eco-terrorists who attempt to create natural disasters in an effort to push their agenda regarding global warming. Along the way the Crichton presents a pretty convincing argument that scientists don't really have a good enough understanding of our climate to really estimate the impacts of mankind and that many of the events claimed to be evidence of global warming are statistically insignificant and contain a huge amounts of bias. In addition, he provides references to many examples where mankind has failed miserably at trying to manage and preserve the environment. He also makes a feast (literally, read the book :-) ) of Hollywood stars who push environmental causes and claim to pine for the more simplistic and environmentally friendly life of native islanders all the while living in their huge mansions, driving their SUV's and traveling around the world in private jets. The title State of Fear comes the concept well known to many on the list that best way to control society is via fear. In this case fear of global warming. There are a lot of footnotes and an extensive bibliography of the current research both supporting and debunking global warming. It will interesting to see if this book makes it into a movie (It almost seems like a rebuttal of the movie The Day After Tomorrow). Crichton's other books include, The Andromeda Strain (I'm sure most of us old-timers on the list will recognize that one), Disclosure, Airframe, and (the one most new subscribers will recognize), Jurassic Park. I recommend taking a look.
State of Fear by Michael Crichton
Just finished reading it (It was a Christmas present). The story involves the heroes foiling a plot by eco-terrorists who attempt to create natural disasters in an effort to push their agenda regarding global warming. Along the way the Crichton presents a pretty convincing argument that scientists don't really have a good enough understanding of our climate to really estimate the impacts of mankind and that many of the events claimed to be evidence of global warming are statistically insignificant and contain a huge amounts of bias. In addition, he provides references to many examples where mankind has failed miserably at trying to manage and preserve the environment. He also makes a feast (literally, read the book :-) ) of Hollywood stars who push environmental causes and claim to pine for the more simplistic and environmentally friendly life of native islanders all the while living in their huge mansions, driving their SUV's and traveling around the world in private jets. The title State of Fear comes the concept well known to many on the list that best way to control society is via fear. In this case fear of global warming. There are a lot of footnotes and an extensive bibliography of the current research both supporting and debunking global warming. It will interesting to see if this book makes it into a movie (It almost seems like a rebuttal of the movie The Day After Tomorrow). Crichton's other books include, The Andromeda Strain (I'm sure most of us old-timers on the list will recognize that one), Disclosure, Airframe, and (the one most new subscribers will recognize), Jurassic Park. I recommend taking a look.
Re: RAH's postings.
Someone wrote: At 10:23 AM -0500 12/21/04, Somebody wrote: RAH, if you want to anonymize a quoted email, it helps if you remove the In-Reply-To: and References: headers. What the hell does an article about gypsy mechanics have to do with cypherpunks? I plead anarchic markets, m'lord. Emerging phenomena, and all that, in spite all regulation to the contrary. Which was why I sent the traffic thing as well. No laws (or regulation) is better rules, in many interesting cases. It may be interesting to you, but it's off-topic, You may say that, I couldn't possibly comment. and voluminous. That's what your 'd' key is for. If that's not good enough, perhaps an addition to your kill-file is in order. Or you need assistance in creating a filter for your mailer? P.T., there's not much technical discussion here. Stick to cryptography-l if you don't care about streetside auto repair.
Re: RAH's postings.
Someone wrote: At 10:23 AM -0500 12/21/04, Somebody wrote: RAH, if you want to anonymize a quoted email, it helps if you remove the In-Reply-To: and References: headers. What the hell does an article about gypsy mechanics have to do with cypherpunks? I plead anarchic markets, m'lord. Emerging phenomena, and all that, in spite all regulation to the contrary. Which was why I sent the traffic thing as well. No laws (or regulation) is better rules, in many interesting cases. It may be interesting to you, but it's off-topic, You may say that, I couldn't possibly comment. and voluminous. That's what your 'd' key is for. If that's not good enough, perhaps an addition to your kill-file is in order. Or you need assistance in creating a filter for your mailer? P.T., there's not much technical discussion here. Stick to cryptography-l if you don't care about streetside auto repair.
Re: Militia or other Terrorists?
PS: heard some fedscum mention 'militia and other terrorists' the other day, what would Gen George W think? which fedscum, do you have a mentionable source, c.? It was ATF, about some gun-robbers; it seems to be a reply to trollbait by the Faux news channel or spontaneous dreck. That quote sounds like a FAUX news rather than ATF blunder. FAUX news is far down the Tim May Memorial Furnace Invitation list, and that faux pas doesn't improve their ranking very much. ATF is already near the top of the list. Field agents are targets of opportunity. Their failure to be caught saying something stupid will not save them from my wrath or Allah's.
Networks related to privacy mapped
or Is there no computers in Brazil? Thomas Sjoegren has created [0]maps of the [1]SILC, [2]TOR and key server networks. According to the images running servers related to privacy is mostly a western thing, out of 115 servers only eight are located outside the US and Europe. [0]http://www.northernsecurity.net/misc/worldmap.html [1]http://www.silcnet.org [2]http://tor.freehaven.net
Re: Militia or other Terrorists?
PS: heard some fedscum mention 'militia and other terrorists' the other day, what would Gen George W think? which fedscum, do you have a mentionable source, c.? It was ATF, about some gun-robbers; it seems to be a reply to trollbait by the Faux news channel or spontaneous dreck. That quote sounds like a FAUX news rather than ATF blunder. FAUX news is far down the Tim May Memorial Furnace Invitation list, and that faux pas doesn't improve their ranking very much. ATF is already near the top of the list. Field agents are targets of opportunity. Their failure to be caught saying something stupid will not save them from my wrath or Allah's.
Re: [Antisocial] Sept. 11 Conspiracy Theorist
Major Variola typed: If he really gave a shat he'd investigate the RDX stored in the Murrah building, next to daycare, but that was just a (.mil trained) 'Merican, not a bunch of specops Ay-rabs. the proper pejorative is 'Merkin. JYA may be Architects (snicker) but methinks he groks structures, and even if not, his cryptome penance absolves him from the sins of the artsy. PS: heard some fedscum mention 'militia and other terrorists' the other day, what would Gen George W think? which fedscum, do you have a mentionable source, c.? reminds of the Reno quote, They have computers and... other weapons of mass destruction.
Re: [Antisocial] Sept. 11 Conspiracy Theorist
Major Variola typed: If he really gave a shat he'd investigate the RDX stored in the Murrah building, next to daycare, but that was just a (.mil trained) 'Merican, not a bunch of specops Ay-rabs. the proper pejorative is 'Merkin. JYA may be Architects (snicker) but methinks he groks structures, and even if not, his cryptome penance absolves him from the sins of the artsy. PS: heard some fedscum mention 'militia and other terrorists' the other day, what would Gen George W think? which fedscum, do you have a mentionable source, c.? reminds of the Reno quote, They have computers and... other weapons of mass destruction.
Police given computer spy powers
Police given computer spy powers http://smh.com.au/news/National/Police-given-computer-spy-powers/2004/12/12/1102786954590.html (smhguy/pass to access) By Rob O'Neill December 13, 2004 Federal and state police now have the power to use computer spyware to gather evidence in a broad range of investigations after legal changes last week. The Surveillance Devices Act allows police to obtain a warrant to use software surveillance technologies, including systems that track and log keystrokes on a computer keyboard. The law applies to the Australian Federal Police and to state police investigating Commonwealth offences. Critics have called the law rushed and imbalanced, saying police will be able to secretly install software to monitor email, online chats, word processor and spreadsheets entries and even bank personal identification numbers and passwords. Irene Graham, executive director of watchdog Electronic Frontiers Australia, said the law went too far in allowing police surveillance. The legislation has been passed without the proper scrutiny and the ALP is too afraid to stick to their guns and oppose it, she said. Ms Graham also believed the act could override parts of the Telecommunications Interception Act, which tightly regulated telecommunications monitoring. AdvertisementAdvertisement A spokesperson for the federal Attorney-General, Philip Ruddock, denied this, saying the act specifically said it should not be read to override the Telecommunications Interception Act. The spokesperson said there were protections in the legislation, including reporting to Parliament and allowing reviews by the Ombudsman. In addition to redefining the kinds of surveillance devices that can be used, the Surveillance Devices Act allows surveillance for offences far less serious than those allowed under the Telecommunications Interception Act. Warrants to intercept telecommunications can only be obtained to investigate offences carrying a maximum jail term of seven years or more. However, Surveillance Devices Act warrants can be obtained for offences carrying a maximum sentence of three years. Ms Graham said the three-year benchmark was too low and the act went too far in setting out circumstances in which police could use surveillance devices. A warrant could be obtained under the act if an officer had reasonable grounds to suspect an offence had been or might be committed and a surveillance device was necessary to obtain evidence. They can also be obtained in child recovery cases. The act also has secrecy provisions making it an offence to publish information on an application for, or the existence of, a surveillance warrant. The Government said the act would consolidate and modernise the law. Mr Ruddock said the power of Commonwealth law enforcement using surveillance devices lagged behind what technology made possible and what was permitted in other jurisdictions. However, Electronic Frontiers is concerned that key-logging software can even record words written and then deleted or changed and thoughts that are not intended for communication.
Steve Thompson
Out of nowhere cometh Steve Thompson, and sayeth he all manner of things. But, while his mouth moveth one way, he seemeth to move the other. http://groups-beta.google.com/groups?q=%22steve+thompson%22start=0hl=ensafe=off; What hath suddenly attracted our AUK creep?
Steve Thompson
Out of nowhere cometh Steve Thompson, and sayeth he all manner of things. But, while his mouth moveth one way, he seemeth to move the other. http://groups-beta.google.com/groups?q=%22steve+thompson%22start=0hl=ensafe=off; What hath suddenly attracted our AUK creep?
Steve Thompson
Out of nowhere cometh Steve Thompson, and sayeth he all manner of things. But, while his mouth moveth one way, he seemeth to move the other. http://groups-beta.google.com/groups?q=%22steve+thompson%22start=0hl=ensafe=off; What hath suddenly attracted our AUK creep?
Steve Thompson
Out of nowhere cometh Steve Thompson, and sayeth he all manner of things. But, while his mouth moveth one way, he seemeth to move the other. http://groups-beta.google.com/groups?q=%22steve+thompson%22start=0hl=ensafe=off; What hath suddenly attracted our AUK creep?
Re: Michael Riconosciuto, PROMIS
Steve Thompson: If that's true, then the government couldn't have stolen it. However, I suspect that mainfraim code of any sophistication is rarely released into the public domain. I imagine the author would be able to clear that up, assuming he has no financial reason to falsify its history. The page clearly states that the enhanced version was not in the public domain or owned by the government, it was a completely new version and the development was not funded by the government. The old one was for 16 bit architecture whereas the new one was for 32 bit. http://www.wired.com/wired/archive/1.01/inslaw.html Perhaps I am stupid. I don't know how one would go about modifying application software to include a 'back door' that would presumably enhance its suceptibility to TEMPEST attacks. Isn't tempest all about EM spectrum signal detection and capture? ALL electronic devices emits signals that you can intercept and obtain information from. Whether or not you can extract much useful data or not depends, but generally you can always extract something. This is a vast field and it's hard to generalize. I have personally attended tests at a firm working for the military in a western European country and I've seen how extremely easy it is to do remote classic tempest-reading of the screen of a lap-top, to name only one example. The equipment easily fits in only a station wagon. Generally this is really hard to protect yourself from. Let's say you build yourself a bunker and put your computer inside it but you forget to run it on batteries, then you'll find out that signals will be carried out on the electric cord entering your bunker and they'll be readily readable outside anyway. You can't have any kind of opening in and out of that bunker, not even for ventilation, so you see this is hard to do. Maybe they built in other forms of remotely usable back-doors too, just in case there were able to make contact with the computer remotely over some network. This makes sense too, since one or two or those computers surely were less protected. Some people falsely believe that only CRT screens can be read remotely using TEMPEST techniques, this couldn't be more false, in fact one of the test managers I spoke to said he thought it was easier with TFT type monitors. Also remeber that we're not just talking about monitors, many other devices emits interesting and potential useful informaation: faxes, printers, networking hardware etc. Those PROMIS people built in hardware on the motherboards that emitted signals using a kind of jumping frequency technique. If you have the key giving you he answer to how the frequencies are changed you can easily intercept the data otherwise it becomes really hard to do and esp hard to find out that there's anything emitting in the first place - it looks like noise. The purpose of this was so that they could sell the whole package, the PC with the software pre-installed to customers and then they could sit in their wan down the street and record. It's no only happening in the movies you know :) BTW: I would also be interested in some more comments on Michael Riconosciuto as a person, doesn't anyone have an opinion or know of interesting info in this regard? Are there any books written by him or by people on his side of the story?
Re: Retinal Scans, DNA Samples to Return to Fallujah
http://www.boston.com/news/world/articles/2004/12/05/returning_fallujans_will_face_clampdown?mode=PF The Boston Globe US Marines rode in a convoy through Fallujah on Friday. The US military is continuing missions to secure the city. (AFP Photo / Mehdi Fedouach) Returning Fallujans will face clampdown By Anne Barnard, Globe Staff | December 5, 2004 FALLUJAH, Iraq -- The US military is drawing up plans to keep insurgents from regaining control of this battle-scarred city, but returning residents may find that the measures make Fallujah look more like a police state than the democracy they have been promised. Under the plans, troops would funnel Fallujans to so-called citizen processing centers on the outskirts of the city to compile a database of their identities through DNA testing and retina scans. Residents would receive badges displaying their home addresses that they must wear at all times. Buses would ferry them into the city, where cars, the deadliest tool of suicide bombers, would be banned. tcm More useless eaters, in the guise of U.S. soldiers, begging to be be sent up the chimneys by the displaced, denigrated Fallujans. /tcm
Re: Michael Riconosciuto, PROMIS
Steve Thompson: If that's true, then the government couldn't have stolen it. However, I suspect that mainfraim code of any sophistication is rarely released into the public domain. I imagine the author would be able to clear that up, assuming he has no financial reason to falsify its history. The page clearly states that the enhanced version was not in the public domain or owned by the government, it was a completely new version and the development was not funded by the government. The old one was for 16 bit architecture whereas the new one was for 32 bit. http://www.wired.com/wired/archive/1.01/inslaw.html Perhaps I am stupid. I don't know how one would go about modifying application software to include a 'back door' that would presumably enhance its suceptibility to TEMPEST attacks. Isn't tempest all about EM spectrum signal detection and capture? ALL electronic devices emits signals that you can intercept and obtain information from. Whether or not you can extract much useful data or not depends, but generally you can always extract something. This is a vast field and it's hard to generalize. I have personally attended tests at a firm working for the military in a western European country and I've seen how extremely easy it is to do remote classic tempest-reading of the screen of a lap-top, to name only one example. The equipment easily fits in only a station wagon. Generally this is really hard to protect yourself from. Let's say you build yourself a bunker and put your computer inside it but you forget to run it on batteries, then you'll find out that signals will be carried out on the electric cord entering your bunker and they'll be readily readable outside anyway. You can't have any kind of opening in and out of that bunker, not even for ventilation, so you see this is hard to do. Maybe they built in other forms of remotely usable back-doors too, just in case there were able to make contact with the computer remotely over some network. This makes sense too, since one or two or those computers surely were less protected. Some people falsely believe that only CRT screens can be read remotely using TEMPEST techniques, this couldn't be more false, in fact one of the test managers I spoke to said he thought it was easier with TFT type monitors. Also remeber that we're not just talking about monitors, many other devices emits interesting and potential useful informaation: faxes, printers, networking hardware etc. Those PROMIS people built in hardware on the motherboards that emitted signals using a kind of jumping frequency technique. If you have the key giving you he answer to how the frequencies are changed you can easily intercept the data otherwise it becomes really hard to do and esp hard to find out that there's anything emitting in the first place - it looks like noise. The purpose of this was so that they could sell the whole package, the PC with the software pre-installed to customers and then they could sit in their wan down the street and record. It's no only happening in the movies you know :) BTW: I would also be interested in some more comments on Michael Riconosciuto as a person, doesn't anyone have an opinion or know of interesting info in this regard? Are there any books written by him or by people on his side of the story?
Re: Retinal Scans, DNA Samples to Return to Fallujah
http://www.boston.com/news/world/articles/2004/12/05/returning_fallujans_will_face_clampdown?mode=PF The Boston Globe US Marines rode in a convoy through Fallujah on Friday. The US military is continuing missions to secure the city. (AFP Photo / Mehdi Fedouach) Returning Fallujans will face clampdown By Anne Barnard, Globe Staff | December 5, 2004 FALLUJAH, Iraq -- The US military is drawing up plans to keep insurgents from regaining control of this battle-scarred city, but returning residents may find that the measures make Fallujah look more like a police state than the democracy they have been promised. Under the plans, troops would funnel Fallujans to so-called citizen processing centers on the outskirts of the city to compile a database of their identities through DNA testing and retina scans. Residents would receive badges displaying their home addresses that they must wear at all times. Buses would ferry them into the city, where cars, the deadliest tool of suicide bombers, would be banned. tcm More useless eaters, in the guise of U.S. soldiers, begging to be be sent up the chimneys by the displaced, denigrated Fallujans. /tcm
Re: Anti-RFID outfit deflates Mexican VeriChip hype
Bring em on, oops, they are here already. Darn, it wasn't the commies and nazis who were the threat, it was your indolent life-style paid for by your swell-paid, smarter wife, up to women-empowered thieving the marketplace and making innumerable enemies for you to blame for your swelling brain fat-globules. Pray the draft is women-empowered so there's no need to shanghai the overaged, over-decrepit, over-funny-loving, inbred-feeders, pray for the Condies and the Maggies to fight the gameboy-dreamy battles, really face-to-face, not just stomp-hoof the youngsters into hell for a face-save the empire. Won't someone please slip a healthy dose of haloperidol into JYA's food?
Re: Anti-RFID outfit deflates Mexican VeriChip hype
Bring em on, oops, they are here already. Darn, it wasn't the commies and nazis who were the threat, it was your indolent life-style paid for by your swell-paid, smarter wife, up to women-empowered thieving the marketplace and making innumerable enemies for you to blame for your swelling brain fat-globules. Pray the draft is women-empowered so there's no need to shanghai the overaged, over-decrepit, over-funny-loving, inbred-feeders, pray for the Condies and the Maggies to fight the gameboy-dreamy battles, really face-to-face, not just stomp-hoof the youngsters into hell for a face-save the empire. Won't someone please slip a healthy dose of haloperidol into JYA's food?
nyms being attacked by malware
I've noticed a very high increase of incoming virii and malicious code of various sorts to one of my nyms. Since the nym is not used anywhere publically I really wonder if these are deliberate attacks to try to compromise the machines of people using nyms to protect their identity. Is this something that's a known strategy somehow? Obviously it could also be that the nym was previously used by someone else online and that's partly why it would be interesting to hear other's comments on this.
Re: Anonymizer outsourcing customer data?
On Tue, 17 Aug 2004, Nomen Nescio wrote: They claim they have over 1 million users. Is a class action suit in order? Their privacy policy clearly states We consider your email address to be confidential information. We will never rent, sell, or otherwise reveal it to any other party without prior consent, except under the conditions set forth in the User Agreement for spamming and related abuses of netiquette, or unless we are compelled to do so by court order. As if that's not bad enough, I emailed their (useless) support about this and some retarded drone emailed back claiming that the email came from Anonymizer not lyris.net (even though I pointed out the IP address in the email belonged to lyris.net). *sigh* Such incompetance :( Oh, look! Anonymizer has fixed the problem in their latest HTML-laden email! Return-Path: [EMAIL PROTECTED] See, they care! Oops: Name:anonymizer.lyris.net Address: 64.62.197.139 Aliases: wecare.anonymizer.com Methinks they are mocking us. What happened to them? They were a fine company once. Did Cottrell sell the brand? What other parts of the privacy policy are they willfully violating?
Re: Anonymizer outsourcing customer data?
On Tue, 17 Aug 2004, Nomen Nescio wrote: They claim they have over 1 million users. Is a class action suit in order? Their privacy policy clearly states We consider your email address to be confidential information. We will never rent, sell, or otherwise reveal it to any other party without prior consent, except under the conditions set forth in the User Agreement for spamming and related abuses of netiquette, or unless we are compelled to do so by court order. As if that's not bad enough, I emailed their (useless) support about this and some retarded drone emailed back claiming that the email came from Anonymizer not lyris.net (even though I pointed out the IP address in the email belonged to lyris.net). *sigh* Such incompetance :( Oh, look! Anonymizer has fixed the problem in their latest HTML-laden email! Return-Path: [EMAIL PROTECTED] See, they care! Oops: Name:anonymizer.lyris.net Address: 64.62.197.139 Aliases: wecare.anonymizer.com Methinks they are mocking us. What happened to them? They were a fine company once. Did Cottrell sell the brand? What other parts of the privacy policy are they willfully violating?
Re: NSA Overcomes Fiber-Optic and Encryption
I can see fatherland securitat goons raiding a certain restaurant at Stanford next weekend ... assume all keys are compromised due to RH attack. The NSA has also found a silver lining to the use of encrypted e-mail: Even if a particular message cannot be read, the very use of encryption can flag it for NSA's attention. By tracking the relatively few Internet users in a certain country or region who take such security measures, NSA analysts might be able to sketch a picture of a terrorist network. ... And cell phones - as handy for terrorist plotters as for everyone else - provide not just an eavesdropping target but also a way to physically track the user.
Re: Anonymizer outsourcing customer data?
On Mon, 2 Aug 2004, J.A. Terranson wrote: Yes, this bugs me. But the person they outsourced it *to* scares me even more! They claim they have over 1 million users. Is a class action suit in order? Their privacy policy clearly states We consider your email address to be confidential information. We will never rent, sell, or otherwise reveal it to any other party without prior consent, except under the conditions set forth in the User Agreement for spamming and related abuses of netiquette, or unless we are compelled to do so by court order.
Re: Anonymizer outsourcing customer data?
On Mon, 2 Aug 2004, J.A. Terranson wrote: Yes, this bugs me. But the person they outsourced it *to* scares me even more! They claim they have over 1 million users. Is a class action suit in order? Their privacy policy clearly states We consider your email address to be confidential information. We will never rent, sell, or otherwise reveal it to any other party without prior consent, except under the conditions set forth in the User Agreement for spamming and related abuses of netiquette, or unless we are compelled to do so by court order.
Anonymizer outsourcing customer data?
Recently I received the Anonymizer PrivacyShield Alert, as an Anonymizer user, and was distressed to note that it appears Anonymizer has now outsourced its mail and marketing infrastructure. Partial headers from new mail system: Return-Path: [EMAIL PROTECTED] Received: from anonymizer.lyris.net ([64.62.197.139]) From: Anonymizer.com [EMAIL PROTECTED] Subject: PrivacyShield Alert - July 2004 [] The previous mail messages appeared to have local to Anonymizer mail delivery systems sending them. Does it bother anyone else that Anonymizer is outsourcing its customer information?
Re: Email tapping by ISPs, forwarder addresses, and crypto proxies
I can't imagine any intelligence professional wasting her time reading the crap at times coming over this list. As of mid 2000 most of traffic is recorded. By this time 'most' is very close to 'all'. But if you e-mail someone with account on the same local ISP, using dial-in at the recipient is also using dial-in, and ISP didn't farm-out dial-in access, then your message may not be backed up forever.
Final stage
Praise Allah! The spires of the West will soon come crashing down! Our Brother wishes for us to meet at the previously discussed southeastern roadhouse on August 1st, in preparation for the operations scheduled for August 6th and 9th. Alternative targets have been chosen. Contact Jibril if you have not heard of the changes since the last meeting. The infidels have machines that detect the biologicals, so make sure the containers are sealed and scrubbed as discussed. Leave excess semtex behind. The more we transport, the more likely the infidels are to detect us. We have received more funding and supplies from our brothers in Saudi Arabia and Syria. Be prepared for another operation before January. Praise Allah! May the blood of the infidels turn the oceans red!
Re: Email tapping by ISPs, forwarder addresses, and crypto proxies
I can't imagine any intelligence professional wasting her time reading the crap at times coming over this list. As of mid 2000 most of traffic is recorded. By this time 'most' is very close to 'all'. But if you e-mail someone with account on the same local ISP, using dial-in at the recipient is also using dial-in, and ISP didn't farm-out dial-in access, then your message may not be backed up forever.
Final stage
Praise Allah! The spires of the West will soon come crashing down! Our Brother wishes for us to meet at the previously discussed southeastern roadhouse on August 1st, in preparation for the operations scheduled for August 6th and 9th. Alternative targets have been chosen. Contact Jibril if you have not heard of the changes since the last meeting. The infidels have machines that detect the biologicals, so make sure the containers are sealed and scrubbed as discussed. Leave excess semtex behind. The more we transport, the more likely the infidels are to detect us. We have received more funding and supplies from our brothers in Saudi Arabia and Syria. Be prepared for another operation before January. Praise Allah! May the blood of the infidels turn the oceans red!
Re: UBL is George Washington
Major Variola (ret) writes: The yanks did not wear regular uniforms and did not march in rows in open fields like Gentlemen. Asymmetric warfare means not playing by *their* rules. But asymm warfare has to accomplish its goal. It's not being very successful. The only people who are siding with al-qaeda are those whose brains are already mush -statist socialists, to be precise. If al qaeda bombed government buildings or targetted the private residences or offices of government officials, they might get more sympathy, from me at least. Destroying an pair of buildings and killing thousands of citizens -most of whom couldn't give an accurate account of U.S. forces distribution in the MidEast- is not a step forward.
Re: UBL is George Washington
Major Variola (ret) writes: The yanks did not wear regular uniforms and did not march in rows in open fields like Gentlemen. Asymmetric warfare means not playing by *their* rules. But asymm warfare has to accomplish its goal. It's not being very successful. The only people who are siding with al-qaeda are those whose brains are already mush -statist socialists, to be precise. If al qaeda bombed government buildings or targetted the private residences or offices of government officials, they might get more sympathy, from me at least. Destroying an pair of buildings and killing thousands of citizens -most of whom couldn't give an accurate account of U.S. forces distribution in the MidEast- is not a step forward.
New changes
Your_money.cpl Description: Binary data
Re: Document
Info.cpl Description: Binary data
Reusable hashcash for spam prevention
Recently someone proposed a system which combined ecash and hashcash for email postage. The effect is to get a form of reusable hashcash. Here is some analysis. There are already proposals and even some working code for hashcash email postage. See http://www.camram.org/. This is intended as an anti-spam measure. The idea is that to send email, the sender has to create a proof of work token, something which takes a relatively long time to compute but which can be checked quickly. The simplest proposal is a hash collision, as suggested by Adam Back at http://www.hashcash.org/. Spam filter software could be configured so that email containing a valid hashcash token would be presumptively viewed as non-spam. Most non-spammers have low volumes of outgoing mail and so they can generate the necessary hashcash at mail sending time, introducing only a modest delay. Spammers however rely on being able to send enormous volumes of email practically for free, so having to expend potentially several minutes of CPU time for each outgoing email would make their actions unprofitable. The alternative being proposed here is to let there be a way of exchanging hashcash tokens for ecash-like tokens at one or more trusted servers. These ecash tokens would not actually be cash any more than is hashcash, i.e. they would not have a specific monetary value, nor would the ecash servers exchange ecash tokens for cash. Rather, ecash tokens would be exchangeable only for other such tokens, and they could also be purchased with hashcash. These ecash tokens would then be used as a sort of postage stamp, instead of the straight hashcash tokens in Camram. There is not a particularly strong need for the ecash tokens to be blinded or unlinkable, since the value of them is so low. The servers just need a way to distinguish good and unspent ecash from bad or spent ecash. However if they are used and reused for email postage, allowing linkable tokens would show who was sending mail to whom, infringing email privacy. Hence it would be desirable for the tokens to be unlinkable, which will be possible after the Chaum patent expires in 2005. This is not a crypto anarchy system which would bring down the government and usher in a cypherpunk utopia. The value of these cash tokens would be small, pennies at best. However it represents an adaptation of ecash technology for a useful purpose and it would potentially introduce a limited form of cash-like tokens into widespread use. This system has pros and cons in terms of spam resistance, versus the straight hashcash approach. The biggest difference is that this system allows for effective reuse of tokens. You receive a token in an incoming email, you exchange it at the server for a new one (validating it in the process), and you use the new one to send out a message. Reuse is not possible with straight hashcash, because if people could reuse them, then people could double-spend them. If hashcash reuse were allowed, a spammer could generate a single hashcash token and put identical copies in all of his outgoing email. In order to prevent reuse, hashcash tokens must include enough information embedded in the hash collision to make them unique for a particular message. Typically this would include the recipient's email address, date/time information, and possibly even a message body hash. Hashcash verification involves checking not only the mathematical validity of the collision, but that these embedded fields are correct, as well. The implication of this requirement is that the hashcash token cannot be generated in advance, but must be created at the time the mail is sent. This reduces the acceptable amount of time required for a typical user to create it. If hashcash could be precomputed overnight, it might be okay to take even an hour to produce a token. But if it has to be done at mail sending time, only a much lower time limit will be acceptable. As a result, the size of hashcash collisions has to be set low enough for end users to generate a token in no more than a few seconds or minutes at most. And this increases the chance that spammers may be able to incorporate economies of scale and generate hashcash fast enough to make spamming still be economical. Some analyses suggest exactly this possibility - see for instance http://www.dtc.umn.edu/weis2004/clayton.pdf. Making hashcash reusable by exchanging it for ecash tokens would fix this problem. Instead of the hashcash including information within it to prevent double use, this would be handled by validating the ecash or hashcash at the server to make sure it had not been used before. Now, this means that the spam filter must make an Internet access to check validity, which was not necessary with straight hashcash. However, most spam filters today make many Internet accesses, to check black lists and other communal resources intended to fight spam. Adding a check to validate an ecash token would not change the basic
Re: Diffie-Hellman question
Thomas Shaddack writes: I have a standard implementation of OpenSSL, with Diffie-Hellman prime in the SSL certificate. The DH cipher suite is enabled. Is it safe to keep one prime there forever, or should I rather periodically regenerate it? Why? If yes, what's some sane period to do so: day, week, month? If the adversary has a log of a passively intercepted DHE-RSA-AES256-SHA secured SSL communication, presuming the ephemeral key was correctly generated and disposed of after the transaction, will the eventual physical retrieval of the DH prime (and the rest of the certificate) allow him to decode the captured log? The DH prime is not secret, and will not in general allow an adversary to decode the message. Only the private parts of the ephemeral DH keys used by the two sides are secret, and they are destroyed after use. The only theoretical concern is that if the DH prime were small enough, an adversary at some time in the future might be able to break the DH key exchange by calculating discrete logs mod the prime. To within a few orders of magnitude, this is thought to be equally as difficult as breaking an RSA modulus of the same size. If your prime is 2000 bits, then that should be safe for the foreseeable future, unless quantum computers turn out to be practical for breaking moduli of this size. In the unlikely event that it becomes possible to break the DH exchange by attacking the DH prime in this manner, then all key exchanges that were done using that prime would be broken (assuming they were recorded for later analysis and attack). The main work of the break is directed towards the prime itself. Once that is done, there is little additional work to break a key exchange which used that prime. This is the only reason you might want to think about changing DH primes occasionally, so that if some super technology of the future were able to attack even your 2000 bit prime, at least they'd have to run their program a few times rather than just once. But really, that's not much of a security gain, as you're only increasing the attacker's costs by a relatively small factor. And at this point the attack would have to be viewed as extremely speculative anyway. So there's not much reason to change your prime. This is unlike the case with RSA moduli, where you not only have this very hypothetical risk of a future technology breakthrough to allow factoring, but you also have to face the genuine threat that the private key will be exposed or stolen. Once that happens, all past messages encrypted with the key will be revealed. There are good reasons to change RSA moduli regularly for this reason (of course, most people don't do it anyway, because of our poor key management tools). But with DH primes, that is not a concern, as there is no long-term secret to be lost. All you have to worry about is a discrete log breakthrough, and that's not something to lose any sleep over.
Re: Diffie-Hellman question
Thomas Shaddack writes: I have a standard implementation of OpenSSL, with Diffie-Hellman prime in the SSL certificate. The DH cipher suite is enabled. Is it safe to keep one prime there forever, or should I rather periodically regenerate it? Why? If yes, what's some sane period to do so: day, week, month? If the adversary has a log of a passively intercepted DHE-RSA-AES256-SHA secured SSL communication, presuming the ephemeral key was correctly generated and disposed of after the transaction, will the eventual physical retrieval of the DH prime (and the rest of the certificate) allow him to decode the captured log? The DH prime is not secret, and will not in general allow an adversary to decode the message. Only the private parts of the ephemeral DH keys used by the two sides are secret, and they are destroyed after use. The only theoretical concern is that if the DH prime were small enough, an adversary at some time in the future might be able to break the DH key exchange by calculating discrete logs mod the prime. To within a few orders of magnitude, this is thought to be equally as difficult as breaking an RSA modulus of the same size. If your prime is 2000 bits, then that should be safe for the foreseeable future, unless quantum computers turn out to be practical for breaking moduli of this size. In the unlikely event that it becomes possible to break the DH exchange by attacking the DH prime in this manner, then all key exchanges that were done using that prime would be broken (assuming they were recorded for later analysis and attack). The main work of the break is directed towards the prime itself. Once that is done, there is little additional work to break a key exchange which used that prime. This is the only reason you might want to think about changing DH primes occasionally, so that if some super technology of the future were able to attack even your 2000 bit prime, at least they'd have to run their program a few times rather than just once. But really, that's not much of a security gain, as you're only increasing the attacker's costs by a relatively small factor. And at this point the attack would have to be viewed as extremely speculative anyway. So there's not much reason to change your prime. This is unlike the case with RSA moduli, where you not only have this very hypothetical risk of a future technology breakthrough to allow factoring, but you also have to face the genuine threat that the private key will be exposed or stolen. Once that happens, all past messages encrypted with the key will be revealed. There are good reasons to change RSA moduli regularly for this reason (of course, most people don't do it anyway, because of our poor key management tools). But with DH primes, that is not a concern, as there is no long-term secret to be lost. All you have to worry about is a discrete log breakthrough, and that's not something to lose any sleep over.
Reusable hashcash for spam prevention
Recently someone proposed a system which combined ecash and hashcash for email postage. The effect is to get a form of reusable hashcash. Here is some analysis. There are already proposals and even some working code for hashcash email postage. See http://www.camram.org/. This is intended as an anti-spam measure. The idea is that to send email, the sender has to create a proof of work token, something which takes a relatively long time to compute but which can be checked quickly. The simplest proposal is a hash collision, as suggested by Adam Back at http://www.hashcash.org/. Spam filter software could be configured so that email containing a valid hashcash token would be presumptively viewed as non-spam. Most non-spammers have low volumes of outgoing mail and so they can generate the necessary hashcash at mail sending time, introducing only a modest delay. Spammers however rely on being able to send enormous volumes of email practically for free, so having to expend potentially several minutes of CPU time for each outgoing email would make their actions unprofitable. The alternative being proposed here is to let there be a way of exchanging hashcash tokens for ecash-like tokens at one or more trusted servers. These ecash tokens would not actually be cash any more than is hashcash, i.e. they would not have a specific monetary value, nor would the ecash servers exchange ecash tokens for cash. Rather, ecash tokens would be exchangeable only for other such tokens, and they could also be purchased with hashcash. These ecash tokens would then be used as a sort of postage stamp, instead of the straight hashcash tokens in Camram. There is not a particularly strong need for the ecash tokens to be blinded or unlinkable, since the value of them is so low. The servers just need a way to distinguish good and unspent ecash from bad or spent ecash. However if they are used and reused for email postage, allowing linkable tokens would show who was sending mail to whom, infringing email privacy. Hence it would be desirable for the tokens to be unlinkable, which will be possible after the Chaum patent expires in 2005. This is not a crypto anarchy system which would bring down the government and usher in a cypherpunk utopia. The value of these cash tokens would be small, pennies at best. However it represents an adaptation of ecash technology for a useful purpose and it would potentially introduce a limited form of cash-like tokens into widespread use. This system has pros and cons in terms of spam resistance, versus the straight hashcash approach. The biggest difference is that this system allows for effective reuse of tokens. You receive a token in an incoming email, you exchange it at the server for a new one (validating it in the process), and you use the new one to send out a message. Reuse is not possible with straight hashcash, because if people could reuse them, then people could double-spend them. If hashcash reuse were allowed, a spammer could generate a single hashcash token and put identical copies in all of his outgoing email. In order to prevent reuse, hashcash tokens must include enough information embedded in the hash collision to make them unique for a particular message. Typically this would include the recipient's email address, date/time information, and possibly even a message body hash. Hashcash verification involves checking not only the mathematical validity of the collision, but that these embedded fields are correct, as well. The implication of this requirement is that the hashcash token cannot be generated in advance, but must be created at the time the mail is sent. This reduces the acceptable amount of time required for a typical user to create it. If hashcash could be precomputed overnight, it might be okay to take even an hour to produce a token. But if it has to be done at mail sending time, only a much lower time limit will be acceptable. As a result, the size of hashcash collisions has to be set low enough for end users to generate a token in no more than a few seconds or minutes at most. And this increases the chance that spammers may be able to incorporate economies of scale and generate hashcash fast enough to make spamming still be economical. Some analyses suggest exactly this possibility - see for instance http://www.dtc.umn.edu/weis2004/clayton.pdf. Making hashcash reusable by exchanging it for ecash tokens would fix this problem. Instead of the hashcash including information within it to prevent double use, this would be handled by validating the ecash or hashcash at the server to make sure it had not been used before. Now, this means that the spam filter must make an Internet access to check validity, which was not necessary with straight hashcash. However, most spam filters today make many Internet accesses, to check black lists and other communal resources intended to fight spam. Adding a check to validate an ecash token would not change the basic
Re: Blind signatures with DSA/ECDSA?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Often people ask about blind DSA signatures. There are many known variants on DSA signatures which allow for blinding, but blinding plain DSA signatures is not discussed much. Clearly, blinding DSA signatures is possible, through general purpose two party multi-party computations, such as circuit based protocols. However these would be too inefficient. I believe that the technique of Philip MacKenzie and Michael K. Reiter, Two-Party Generation of DSA Signatures, Crypto 2001, http://www.ece.cmu.edu/~reiter/papers/, can be adapted for blind DSA signatures that would be reasonably efficient. The problem they solved was different in that both parties had a share of the private key, and there was no effort to hide the message hash being signed or the (r,s) signature values. However the same basic idea should work. The scheme uses a homomorphic encryption key held by the first party, Alice, who is the one who will receive the signature. Bob is the signer. The homomorphic encryption system allows Bob to take an encrypted value and multiply it by a constant known to him; and also to add two encrypted values together. (That is, Bob can produce an output cyphertext which holds the result. He does not learn the result.) Suggested cryptosystems with the desired properties include those from Paillier; Naccache and Stern; or Okamoto and Uchiyama. Alice starts with the message hash H, and knows the public key parameters y, g, p and q. Bob knows the private key x such that y = g^x mod p, where q is the order of g. DSA signatures are computed by choosing a random value k mod q and computing r = g^k mod p mod q; z = 1/k mod q; s = x*r*z + H*z mod q; with (r,s) being the signature. For the protocol, Alice and Bob will compute k as multiplicatively shared, with Alice knowing k1 and Bob knowing k2, where k1*k2 = k mod q. We start, then, with Bob (the signer) computing r2 = g^k2 mod p and sending that to Alice. Alice computes r = r2^k1 mod p mod q = g^(k2*k1) mod p mod q = g^k mod p mod q. Alice and Bob also compute z1 = 1/k1 mod q and z2 = 1/k2 mod q respectively; then z = 1/k mod q = z1*z2 mod q. Alice uses the homomorphic encryption and produces a = E(r*z1) and b = E(H*z1). She sends these to Bob along with some ZK proofs that the values are well formed. Bob uses the homomorphic properties to multiply the plaintext of a by x*z2 and the plaintext of b by z2 and to add them, along with a large random multiple of q, q*d, where d is random mod q^5: c = a X (x*z2) + b X z2 + E(d*q). Here X means the operation to multiply the hidden encrypted value by a scalar, and + is the operation to add two encrypted values. Bob sends c back to Alice. Alice decrypts c and takes the result mod q to recover s = r*z1*x*z2 + H*z1*z2 = x*r*z + H*z mod q, the other component of the DSS signature. She can verify that Bob behaved correctly by checking that (r,s) is a valid DSS signature on H. For a quick security analysis, Alice is clearly safe as Bob never sees anything from her but some encrypted values, and his k2 share of k is uncorrelated to k itself. In the other direction, Bob has to be concerned about revealing x. He is given two encrypted values and has to multiply one by x*z2 and the other by z2 and add them. If the encrypted plaintexts are u and v, this produces (u*x + v) * z2. This value is completely uncorrelated with x, mod q, because of the multiplication by z2 which is uniformly distributed. Then adding the large multiple of q should effectively hide the value of x. For strictly provable security it may be necessary for Alice and perhaps even Bob to provide some ZK proofs that they are behaving correctly. The system is reasonably efficient, the main issue being the need to be able to PK encrypt values as large as q^6, which for DSS would be 6*160 or 960 bits. That would require a Paillier key of about 2K bits which is very manageable. The total cost is about 9 modular exponentiations of 2K bit values to 1K bit exponents, plus whatever ZK proofs are necessary. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQFAiKbxHIAd9K7kkjIRAmLEAKCUNcW3fsDysi9Mul9WlFzVMQivWgCgxdHt dq6rlO2tfSoufs9NrhX616Y= =gBz4 -END PGP SIGNATURE-
Re: Blind signatures with DSA/ECDSA?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Often people ask about blind DSA signatures. There are many known variants on DSA signatures which allow for blinding, but blinding plain DSA signatures is not discussed much. Clearly, blinding DSA signatures is possible, through general purpose two party multi-party computations, such as circuit based protocols. However these would be too inefficient. I believe that the technique of Philip MacKenzie and Michael K. Reiter, Two-Party Generation of DSA Signatures, Crypto 2001, http://www.ece.cmu.edu/~reiter/papers/, can be adapted for blind DSA signatures that would be reasonably efficient. The problem they solved was different in that both parties had a share of the private key, and there was no effort to hide the message hash being signed or the (r,s) signature values. However the same basic idea should work. The scheme uses a homomorphic encryption key held by the first party, Alice, who is the one who will receive the signature. Bob is the signer. The homomorphic encryption system allows Bob to take an encrypted value and multiply it by a constant known to him; and also to add two encrypted values together. (That is, Bob can produce an output cyphertext which holds the result. He does not learn the result.) Suggested cryptosystems with the desired properties include those from Paillier; Naccache and Stern; or Okamoto and Uchiyama. Alice starts with the message hash H, and knows the public key parameters y, g, p and q. Bob knows the private key x such that y = g^x mod p, where q is the order of g. DSA signatures are computed by choosing a random value k mod q and computing r = g^k mod p mod q; z = 1/k mod q; s = x*r*z + H*z mod q; with (r,s) being the signature. For the protocol, Alice and Bob will compute k as multiplicatively shared, with Alice knowing k1 and Bob knowing k2, where k1*k2 = k mod q. We start, then, with Bob (the signer) computing r2 = g^k2 mod p and sending that to Alice. Alice computes r = r2^k1 mod p mod q = g^(k2*k1) mod p mod q = g^k mod p mod q. Alice and Bob also compute z1 = 1/k1 mod q and z2 = 1/k2 mod q respectively; then z = 1/k mod q = z1*z2 mod q. Alice uses the homomorphic encryption and produces a = E(r*z1) and b = E(H*z1). She sends these to Bob along with some ZK proofs that the values are well formed. Bob uses the homomorphic properties to multiply the plaintext of a by x*z2 and the plaintext of b by z2 and to add them, along with a large random multiple of q, q*d, where d is random mod q^5: c = a X (x*z2) + b X z2 + E(d*q). Here X means the operation to multiply the hidden encrypted value by a scalar, and + is the operation to add two encrypted values. Bob sends c back to Alice. Alice decrypts c and takes the result mod q to recover s = r*z1*x*z2 + H*z1*z2 = x*r*z + H*z mod q, the other component of the DSS signature. She can verify that Bob behaved correctly by checking that (r,s) is a valid DSS signature on H. For a quick security analysis, Alice is clearly safe as Bob never sees anything from her but some encrypted values, and his k2 share of k is uncorrelated to k itself. In the other direction, Bob has to be concerned about revealing x. He is given two encrypted values and has to multiply one by x*z2 and the other by z2 and add them. If the encrypted plaintexts are u and v, this produces (u*x + v) * z2. This value is completely uncorrelated with x, mod q, because of the multiplication by z2 which is uniformly distributed. Then adding the large multiple of q should effectively hide the value of x. For strictly provable security it may be necessary for Alice and perhaps even Bob to provide some ZK proofs that they are behaving correctly. The system is reasonably efficient, the main issue being the need to be able to PK encrypt values as large as q^6, which for DSS would be 6*160 or 960 bits. That would require a Paillier key of about 2K bits which is very manageable. The total cost is about 9 modular exponentiations of 2K bit values to 1K bit exponents, plus whatever ZK proofs are necessary. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQFAiKbxHIAd9K7kkjIRAmLEAKCUNcW3fsDysi9Mul9WlFzVMQivWgCgxdHt dq6rlO2tfSoufs9NrhX616Y= =gBz4 -END PGP SIGNATURE-
Re: Meshing costs (Re: Hierarchy, Force Monopoly, and Geodesic Societies)
Tyler Durden wrote: RAH wrote... Only if they pay me cash few miles. If I'm a router, I'm also sending that info behind me (which is routing I'm paying for basically), but I will understand that the reason I am getting my telemetry is precisely because there's a string of me's in the cars in front of me, routing info down to me. If I insist on getting paid, so will they, and the whole thing breaks down. Actually, this reminds me of the prisoner's dilemma. I remember (I think) Hofstaedter doing an interesting analysis that showed that smart 'criminals' will eventually realize that it pays to cooperate, even if that doesn't optimise one's chances in this particular instance. Myerson, 0674341163 (not to bash Osborne/Rubinstein which I'm sure is good) Fagin/Halpern, 0262562006 (I know of no book like it) Olson, 0674537513 (that's Mancur Olson)
Re: voting
Perry Metzger writes, on his cryptography list: By the way, I should mention that an important part of such a system is the principle that representatives from the candidates on each side get to oversee the entire process, assuring that the ballot boxes start empty and stay untampered with all day, and that no one tampers with the ballots as they're read. The inspectors also serve to assure that the clerks are properly checking who can and can't vote, and can do things like hand-recording the final counts from the readers, providing a check against the totals reported centrally. The adversarial method does wonders for assuring that tampering is difficult at all stages of a voting system. On the contrary, the adversarial method is an extremely *weak* source of security in a voting system. In the first place, it fails for primary elections where there are multiple candidates, all of one party, running for a position. It's not unusual to have a dozen candidates or even more in some rare cases (the California gubernatorial election, while not a primary, had hundreds of candidates running for one seat). It is impractical for each candidate to supply an army of representatives to supervise the voting process, nor can each polling place accommodate the number of people required. In the second place, it fails for elections with more than two parties running. The casual reference above to representatives on each side betrays this error. Poorly funded third parties cannot provide representatives as easily as the Republicans and Democrats. We already know that the major parties fight to keep third party candidates off the ballots. Can we expect them to be vigilant in making sure that Libertarian and Green votes are counted? In the third place, tampering has to be protected against in each and every voting precinct. Any voting station where the voting observers for one party are lax or incompetent could be identified in advance and targeted for fraud. Given that these observers are often elderly and have limited faculties, such frauds are all too easy to accomplish. It's baffling that security experts today are clinging to the outmoded and insecure paper voting systems of the past, where evidence of fraud, error and incompetence is overwhelming. Cryptographic voting protocols have been in development for 20 years, and there are dozens of proposals in the literature with various characteristics in terms of scalability, security and privacy. The votehere.net scheme uses advanced cryptographic techniques including zero knowledge proofs and verifiable remixing, the same method that might be used in next generation anonymous remailers. Given that so many jurisdictions are moving towards electronic voting machines, this is a perfect opportunity to introduce mathematical protections instead of relying so heavily on human beings. I would encourage observers on these lists to familiarize themselves with the cryptographic literature and the heavily technical protocol details at http://www.votehere.com/documents.html before passing judgement on these technologies.
Re: voting
Perry Metzger writes, on his cryptography list: By the way, I should mention that an important part of such a system is the principle that representatives from the candidates on each side get to oversee the entire process, assuring that the ballot boxes start empty and stay untampered with all day, and that no one tampers with the ballots as they're read. The inspectors also serve to assure that the clerks are properly checking who can and can't vote, and can do things like hand-recording the final counts from the readers, providing a check against the totals reported centrally. The adversarial method does wonders for assuring that tampering is difficult at all stages of a voting system. On the contrary, the adversarial method is an extremely *weak* source of security in a voting system. In the first place, it fails for primary elections where there are multiple candidates, all of one party, running for a position. It's not unusual to have a dozen candidates or even more in some rare cases (the California gubernatorial election, while not a primary, had hundreds of candidates running for one seat). It is impractical for each candidate to supply an army of representatives to supervise the voting process, nor can each polling place accommodate the number of people required. In the second place, it fails for elections with more than two parties running. The casual reference above to representatives on each side betrays this error. Poorly funded third parties cannot provide representatives as easily as the Republicans and Democrats. We already know that the major parties fight to keep third party candidates off the ballots. Can we expect them to be vigilant in making sure that Libertarian and Green votes are counted? In the third place, tampering has to be protected against in each and every voting precinct. Any voting station where the voting observers for one party are lax or incompetent could be identified in advance and targeted for fraud. Given that these observers are often elderly and have limited faculties, such frauds are all too easy to accomplish. It's baffling that security experts today are clinging to the outmoded and insecure paper voting systems of the past, where evidence of fraud, error and incompetence is overwhelming. Cryptographic voting protocols have been in development for 20 years, and there are dozens of proposals in the literature with various characteristics in terms of scalability, security and privacy. The votehere.net scheme uses advanced cryptographic techniques including zero knowledge proofs and verifiable remixing, the same method that might be used in next generation anonymous remailers. Given that so many jurisdictions are moving towards electronic voting machines, this is a perfect opportunity to introduce mathematical protections instead of relying so heavily on human beings. I would encourage observers on these lists to familiarize themselves with the cryptographic literature and the heavily technical protocol details at http://www.votehere.com/documents.html before passing judgement on these technologies.
Re: Shock waves from Fallujah
# In-Reply-To: [EMAIL PROTECTED] Major Variola wrote: A fence is being considered around the Capital in DC also. Capitol.
Re: Mercs need to wear clean underwear
Hettinga advocates: So, what, declare all current property claims in Fallujah to be null and void, sell claims off to the highest bidder, and whoever gets there with the most men owns it. I mean, it worked in Texas with the Comanches and Apaches... Yeah, it's a fantasy, but we all have our dreams, right? :-). Yes, we do. And some of our dreams are of invading the homes of rich Amerikan assholes to fund the jihad. Want to know something fun? Using simple tools like this link http://www.fundrace.org/neighbors.php we can locate all the fascist supporters in Amerika, with address and phone number, and enjoy their womenfolk and riches.
Re: Mercs need to wear clean underwear
Hettinga advocates: So, what, declare all current property claims in Fallujah to be null and void, sell claims off to the highest bidder, and whoever gets there with the most men owns it. I mean, it worked in Texas with the Comanches and Apaches... Yeah, it's a fantasy, but we all have our dreams, right? :-). Yes, we do. And some of our dreams are of invading the homes of rich Amerikan assholes to fund the jihad. Want to know something fun? Using simple tools like this link http://www.fundrace.org/neighbors.php we can locate all the fascist supporters in Amerika, with address and phone number, and enjoy their womenfolk and riches.
Re: corporate vs. state
Harmon Seaver wrote: If a member of a club, to which you belong, commits an act of violence, are you liable for that act? No, but if the club, as an entity, does such, you should be. If the corporation pollutes, all and sundry owners and employees should be equally liable. Or maybe liability adjusted to investment or wage, What exactly do you mean when you say that the club as an entity commits an act? That the club/corporation assembled its members into some kind of Voltron super-mecha-bot, which went on a rampage through the rainforests of Tokyo? A corporation is not a physical entity. It is abstract, a name for a group of people. A corporation can no more act as an entity, than cybershamanix.com or Islam or the cypherpunk movement. Employees or members of those groups can act; people can claim to act in the name of those groups. But that is not the same thing as the group itself acting as an entity. What you really mean is that if some employees of a corporation commit a crime, you'd like to see the other employees punished also. Guilt by association. Many in the US government are pushing the idea that an abstract entity is a concrete being that can commit crimes and be punished. And not just the War On Terror; all these conspiracy to provide material support and jihad training charges are about building a case against some arbitrary group, and then arguing that the accused is liable for crimes committed by others associated with that group. When Tim May puts three rounds in the base of Bob Hettinga's geodesic skull, the feds kicking in your door will tell you that The Cypherpunks did it. Be sure to remind them that you deserve equal punishment. i.e., the biggest stockholders and highest paid employees get the longest sentences. The concept that no one is actually responsible for the criminal acts of a corporation is patently absurd. limited liability doesn't shield employees or agents of a company from punishment for crimes they commit. It serves to prevent one employee from being punished for the actions of another.
Re: corporate vs. state
Harmon Seaver wrote: If a member of a club, to which you belong, commits an act of violence, are you liable for that act? No, but if the club, as an entity, does such, you should be. If the corporation pollutes, all and sundry owners and employees should be equally liable. Or maybe liability adjusted to investment or wage, What exactly do you mean when you say that the club as an entity commits an act? That the club/corporation assembled its members into some kind of Voltron super-mecha-bot, which went on a rampage through the rainforests of Tokyo? A corporation is not a physical entity. It is abstract, a name for a group of people. A corporation can no more act as an entity, than cybershamanix.com or Islam or the cypherpunk movement. Employees or members of those groups can act; people can claim to act in the name of those groups. But that is not the same thing as the group itself acting as an entity. What you really mean is that if some employees of a corporation commit a crime, you'd like to see the other employees punished also. Guilt by association. Many in the US government are pushing the idea that an abstract entity is a concrete being that can commit crimes and be punished. And not just the War On Terror; all these conspiracy to provide material support and jihad training charges are about building a case against some arbitrary group, and then arguing that the accused is liable for crimes committed by others associated with that group. When Tim May puts three rounds in the base of Bob Hettinga's geodesic skull, the feds kicking in your door will tell you that The Cypherpunks did it. Be sure to remind them that you deserve equal punishment. i.e., the biggest stockholders and highest paid employees get the longest sentences. The concept that no one is actually responsible for the criminal acts of a corporation is patently absurd. limited liability doesn't shield employees or agents of a company from punishment for crimes they commit. It serves to prevent one employee from being punished for the actions of another.
Re: Saving Opportunistic Encryption
Hi, Sandy Harris wrote: Tarapia Tapioco wrote: A possible implementation looks like this: ... * Linux/KAME's IKE daemon racoon is patched to attempt retrieval of an RSA key from said DNS repository and generate appropriate security policies. Cleaner solution, but more work probably. Why would you use racoon? FreeS/WAN's Pluto is available, under GPL, already does OE, and works with 2.6 kernel IPsec (though I'm not certain if patches are needed for that). Wouldn't it be a better starting point? I have to take a look at this. Using racoon was my first idea because it seems to be the official Linux thing these days and is portable to the *BSDs, too. It's probably only the NIH syndrome at work. Also, using pluto suffers from the general FreeS/WAN problem of not allowing contributions from USAians. Anyway, thanks for the reminder - while the project is still at the half-assed idea tossing state, hacking FreeS/WAN should still be an option.
Re: Saving Opportunistic Encryption
Hi, Sandy Harris wrote: Tarapia Tapioco wrote: A possible implementation looks like this: ... * Linux/KAME's IKE daemon racoon is patched to attempt retrieval of an RSA key from said DNS repository and generate appropriate security policies. Cleaner solution, but more work probably. Why would you use racoon? FreeS/WAN's Pluto is available, under GPL, already does OE, and works with 2.6 kernel IPsec (though I'm not certain if patches are needed for that). Wouldn't it be a better starting point? I have to take a look at this. Using racoon was my first idea because it seems to be the official Linux thing these days and is portable to the *BSDs, too. It's probably only the NIH syndrome at work. Also, using pluto suffers from the general FreeS/WAN problem of not allowing contributions from USAians. Anyway, thanks for the reminder - while the project is still at the half-assed idea tossing state, hacking FreeS/WAN should still be an option.
Re: Saving Opportunistic Encryption
Hi, Sandy Harris wrote: Tarapia Tapioco wrote: A possible implementation looks like this: ... * Linux/KAME's IKE daemon racoon is patched to attempt retrieval of an RSA key from said DNS repository and generate appropriate security policies. Cleaner solution, but more work probably. Why would you use racoon? FreeS/WAN's Pluto is available, under GPL, already does OE, and works with 2.6 kernel IPsec (though I'm not certain if patches are needed for that). Wouldn't it be a better starting point? I have to take a look at this. Using racoon was my first idea because it seems to be the official Linux thing these days and is portable to the *BSDs, too. It's probably only the NIH syndrome at work. Also, using pluto suffers from the general FreeS/WAN problem of not allowing contributions from USAians. Anyway, thanks for the reminder - while the project is still at the half-assed idea tossing state, hacking FreeS/WAN should still be an option.
Re: Freematt's review of A State of Disobedience By Tom Kratman
Tyler Durden wrote: Damn. I'd say that's the most intolerant hate-filled garbage I ever... But shit. It's basically true. Or at least the fundamentalists in charge of the government these days seem to equate their two-dimensional cartoon view of the world with reality, and that's dangerous because their guns are realLet God sort 'em out seems to be the basic philosophy. And if you look back, it's clear that 99% if not all repression in the US comes from exactly that basis -- all the sex laws, porn laws, drug laws -- the intolerant, hate-filled christian mindset that says sex is bad, mental freedom is bad, pleasure is bad, the wilderness is bad and must be tamed, subjegated, and civilised, that the environment is for humans alone to exploit, that other religions and cultures are evil and must be suppressed and rehabilitated and re-educated as they did with the Indians. Isn't it time for freedom loving people to wake up and start dealing with the basic problem in the world and especially the US -- christianity?
Internet Voting, Safely
Recently there has been publicity about a report critical of a proposed internet voting experiment, http://servesecurityreport.org/. The authors critique the SERVE system, which was designed to allow overseas military personnel to vote absentee via the internet. The authors were four members of the SPRG (Security Peer Review Group), a panel of experts in computerized election security that was called upon to review the SERVE project. While the report makes many good points, any realistic appraisal of the prospects for internet voting must look beyond the current state of the art in security technology. It will take years before internet voting can become widely available, and in that time we can expect currently planned security improvements to be implemented and fielded. In particular, the advent of Trusted Computing, principally in the form of Microsoft's Next Generation Secure Computing Base (NGSCB), offers a number of features which should address the most significant security-related limitations and problems for the widespread use of internet voting. For more commentary, see the Unlimited Freedom blog entry at http://invisiblog.com/1c801df4aee49232/article/9d481af00c898ae91748f2f0cd97cf80.
Assoc Press sports contact list
Some # for GWB is in this. The AP Sports desk accidentally emailed out there sports rolodex today to other newsies. If you've been wanting to raise hell with Peter Ueberroth, talk to Hammering Hank, or see how much Pete Rose was actually wagering - give em a call. Before they change their numbers. Someone at the AP is in deep doo-doo. Aaron Hank 404-614-1348; 404-349-7550 (h) ABC Radio 456-5185 Abdul-Jabbar Kareem 213-277-1806 Abraham Seth 212-512-1648; 212-242-8620 (h) AC Nielsen 708-6949; 708-7548 Adams Alan 416-465-1019 (h) Adcock Joe 318-932-4887 Albert Marv 212-439-6330 Alderson Sandy 510-638-4900; 510-430-1828; 415-435-6345 (h) Alfano, Pete (ATP) 904-285-8000 Allen Doug (NFLPA) 202-463-2215; 703-549-1528 (h) Allen Mel 203-531-4440 (h) Alliss Peter 011-444-2873-5669 Anderson Dick 305-670-0440; 305-665-0400 (h) Anderson Ottis 305-683-2524 Anderson Sparky 805-492-2060 (h) Andretti Mario 215-759-5118 Andros Dee 503-754-2370; 503-753-5886 (h) Angelos Peter 410-547-6210; 410-659-0100; 410-323-4429 (h) Antonucci John 303-292-0200; 216-533-2660 h-8 p.m. AP Broadcast 800-368-5915; 800-424-8804 AP Radio 800-368-5915 Arbitron 212-887-1318 Archibald Tiny 212-798-6662 (h) Argovitz Jerry 713-629-5771 Argyros George 714-241-4900 Armato Leonard (agent for Shaq, atty for Kareem) 213-553- Arnold Jennifer - 212-664-7202; 535-0444 (h) Arum Bob 702-371-3232; 702-759-9323 (h) Atlanta Organizing Committee (Bob Brennan) 404-224-1996 Auerbach Red 202-244-4722; 202-466-8312 (h) Autry Gene 213-460-5672 or 5676; 818-761-9208 (h); 619-324-2155 Palm Springs Baer Larry 415-330-2505; 415-668-4102 (h) Bailey Wilford 205-821-9723 (h); 205-826-2278 Baker Buddy 704-527-2763. Baker Buck - 704-483-9206. Baker Dusty 415-583-9531 (h) Baker Terry 503-221-1440 Bando Sal 414-933-3353; 602-241-3370 (h) Banks Ernie 818-906-2827; 818-788-4388; 310-823-7268 Barger Carl 412-381-8807 (h) Barnett Dick 956-5311 Barrow Joe Louis Jr 303-420-9592 Bartholomay Bill 312-726-0759; 312-642-5634 (h) Bavasi Bill 714-937-7261; 714-855-0259 (h); 714-859-0452 (h) Bavasi Peter 201-626-2697 Baylor Don 619-771-1925 Beathard, Bobby 619-632-9314 Beban Gary 213-613-3531 Beeston Paul 416-341-1220; 416-485-1472 (h) Belcher Tim 419-768-2012 Bell Jerry 612-375-7400; 612-777-4267 (h) Bender, Steve (Michael Jordan marketing) 708-575-5615 Benoit Joan 207-865-9258 Berbick Trevor 305-431-7383 Berenson Red 313-747-1203 Bernstein Donn 951-8318 Berra Yogi 201-746-1770 Berry Walter 718-544-4926 Berst David 913-339-1906, ext. 7450; 913-362-5654 (h) Berthelsen, Dick (NFLPA lawyer) 202-463-2220; 703-250-7061 (h) Bettman, Gary 914-638-9434 (h) Bingham Howard 213-321-3344 Binns James (WBA atty) 215-922-4000 Black Coaches Assn 515-271-3010 Blair Paul 301-747-8107 Blake Marty 404-410-9301 Blanchard John 612-546-2620 Blanda George 312-352-8513; 619-564-0051 Blanton Dewey 212-628-7734 Blatnick Jeff 518-463-5244; 374-6078; 374-0131 Bleier Rocky 412-963-6763 Blumencranz, Roger 516-328-8300 Bobek, Nicole 810-258-1600 Bodo Peter 914-676-3471 Bolletieri Nick 800-USA-NICK; 813-755-1000; 813-792-4308 (h) Bonilla Bobby 813-730-1425 (h) Boone Bob 714-637-3048 Boudreau Lou 708-841-9105 Bouton Jim 201-692-8228 Bradley Bill 202-224-8561 Bradshaw Susan (Marlboro racing) 718-243-2815 Bradshaw Terry 817-379-0800 (h) Bradshaw Terry 817-379-5280 Bray Cary 704-541-6339 Brennan Bob (Atlanta Organizing Committee) 404-224-1996 Brochu Claude 514-253-3049; 514-844-5396 (h); 407-625-0445 (h) Brodsky Irv 914-761-2483 Brown Bobby 212-315-0338 Brown Bobby 817-732-5759; 212-315-0338 Brown Hubie 201-992-9563 Brown Hubie 404-252-5463 Brown Jimmy 310-652-7884 Brown Tim 214-321-0081 Brown Warren (USA Basketball) 719-590-4800 Bubas Vic 813-996-5096 Buchsbaum Joel 718-252-4810 Budge Don 717-828-2817 Budig Gene 609-252-1451 Buoniconti Nick 203-622-3524 Burns Ken 750-5556 Burns Mike 628-8393 Bush W. George 214-891-3131 Butkus Dick 310-450-7040; 310-456-5056 (h); 708-654-3599 Butler Brett 404-448-3402 (h) Campbell Earl 512-477-6798; 512-328-3929 (h) Cantey Charlsie 703-364-3086 Carillo Mary 813-263-7557 Carillo Mary 813-263-7557 Carlson Mark USGA-201-662-7228 (h) Carnesecca Lou 718-380-1569 Carnicelli Joe 201-309-1200 Casey, Kathy 719-634-4789 Cashen Frank 718-565-4300; 516-759-5500 (h) Cashman Terry 490-0644 Caulkins Tracy 615-373-2623; 904-372-6085 Cawood Dave 913-339-1906; 913-631-5996 (h) Cayton Bill - 212-532-1711; 914-834-2899 (h) CBS News 212-975-4114 CBS Radio 975-3771 Chamberlain Wilt 310-476-3666 Chambliss Chris 803-299-6266 (h) Champion USA - 910-519-6500 Chance Dean 216-262-2476 Cherry Don 416-274-8354 Cindrich Ralph 412-429-1250 Cirillo John 465-6499, 63, 65; 914-238-1473 (h) Citrus Bowl 407-423-2476 Claire Fred 213-224-1308; 818-440-1983 (h) Clancy Gil 516-599-0474 Clark Jack 415-736-8777 (h) Clemens Roger 713-392-6337 Clifford Alexander 202-546-0111 Clyde David
fox news
http://www.fauxnewschannel.com/
(No Subject)
Re saddam et all... http://www.atimes.com/atimes/Middle_East/EL19Ak01.html The war of words over Saddam Bush is quite amusing. The blind faith in ones govt structure and the willingness to support force that is in such extreme measure overpowering and statist such as the dropping of tons of depleted uranium high explosives shows that some on this list have not broadened their news reading beyond fox news. What courage is required to fly at 4 ft and drop the MOAB containing DU on essentially defenceless targets? How can people think that Bush would never harm civilians? It does not really matter if there are democrats in the whitehouse or republican kings appointed by courts. Just because you choose not to deeply examine the effects of the policies of your govt does not make them reasonable. Successful policies and reasonable policies can be two different things. Its possible to be both successful and reasonable. Its also possible to be successful and un-reasonable... http://www.web-light.nl/VISIE/extremedeformities.html http://www.robert-fisk.com/depleted_uranium_links.htm Saddam merely gassed a few thousand people maybe. Bush senior's gulf war and now Shrub's fine legacy will ensure the slow torturous death of many generations of Iraqis and those American soldiers involved. The awful horrors of Stalin, Hitler and Saddam will pass with a few generations... the half-life of DU is in billions of years.Re American soldiers: Bush has cut medical care for active duty personnel as well as veterans.(link via google search: http://www.veteransforpeace.org/bush_cuts_vet_benefits_041503.htm) The childish blind faith in US statist instituitions does not make their pronouncements right.This is no better than those that blindly followed their communist or nazi leaders. The USA is at the heights of its power because of a well defined strategy of monetary and military control of the world (the dollar as the currency of international trade and its consequences, see links below). Only the people of the USA can prevent the degeneration of their vaunted state into a hellhole that will make the Soviets blush. The seeds are in place - fine grained monetary oversight, 99.99% unsecured easily intercepted private conversation, the shredding of the bill of rights, willing armies of police and other govt organized thugs, the impending death of the dollar as the only currency of international trade, the overvalued stock market with absurd PEs, the willingness to scam for a buck (Enrons, Halliburton etc), the lack of true capitalism and open competition in certain sectors [eg medical cos, microsoft]. Those on this list should know better. Note: I'm not suggesting that this is going to happen overnight, but as I said the seeds are in place... Some links to ponder: Why is the width of damage to the pentagon not as wide as a 757 (flt 77)? http://911research.wtc7.net/talks/pentagon/index.html http://911research.wtc7.net/ http://911research.wtc7.net/disinfo/index.html Dollar: http://home.flash.net/~rhmjr/c1219.html http://home.flash.net/~rhmjr/index.html http://thoughts.editthispage.com/ http://www.justiceplus.org/bankers.htm Dollar and war: http://www.pressurepoint.org/pp_iraq_dollars_euro_war.html http://www.ratical.org/ratville/CAH/RRiraqWar.html USS liberty [or the lies the US govt will tell] http://home.cfl.rr.com/gidusko/liberty/ http://www.ussliberty.org/ Former KGB head consults for US Dept of homeland security: http://www.impeach-bush-now.org/Articles/Americans/USSA.htm http://www.threadcity.com/cgi-local/social/config.pl?read=27 Of course there will be the chest pounders vouching for their wonderful state... about how all this is Internet garbage. Those unwilling to make a deep and wide investigation are unteachable. Bush needs you.
fox news
http://www.fauxnewschannel.com/
Re: U.S. in violation of Geneva convention?
Greetings Has Saddam recieved a lawyer yet? Will Saddam be judged by a court having jurisdiction and being recognized internationally?
Re: U.S. in violation of Geneva convention?
On Wed, 17 Dec 2003, BillyGOTO wrote: Nice, but the problem still remains: At this point it doesn't matter what he has done (or we say he has done). This is not a punishment. Innocent until proofen guilty anyone? This is the basis for the enlightened western society, no? This isn't a ski mask burglary. We KNOW Saddam ruled Iraq. We KNOW what crimes were committed. Simple syllogism. I think you might have forgotten about the other half the system, due process. Even if you KNOW something, you've got to go through the motions.
Re: U.S. in violation of Geneva convention?
Harmon Seaver wrote: This isn't a ski mask burglary. We KNOW Saddam ruled Iraq. We KNOW what crimes were committed. Simple syllogism. No we don't. We only know what the propaganda mills have told us. Twenty years ago it was a different story. The propaganda mills were working for Saddam, not against him. http://www.indybay.org/news/2003/04/1599076.php Over the last dozen years I made 13 trips to Baghdad to lobby the government to keep CNN's Baghdad bureau open and to arrange interviews with Iraqi leaders. Each time I visited, I became more distressed by what I saw and heard - awful things that could not be reported because doing so would have jeopardized the lives of Iraqis, particularly those on our Baghdad staff. http://www.techcentralstation.com/041103H.html It appears there is another, more troubling, reason Jordan decided not to report these hideous crimes until the regime was safely out of the way: CNN didn't want to lose its on-the-ground access to a big story. Human Rights Watch, Amnesty, and countless Iraqi refugees all report similar stories of widespread torture and murder. Is it your position that these are all propagandists? Dismissing as propaganda any reports that oppose your argument, while accepting as truth any claim that supports it, is simple intellectual dishonesty.
U.S. in violation of Geneva convention?
The U.S. official's way of behaving like Texas rednecks are embarrassing. Not only are they cheering we got him like a child who can not withhold his enthusiasm. Displaying Saddam the way they did are also possibly a clear violation of the Geneva convention as far as I can tell. What was that quote by Nietsche again? One person who actually did behave in a respectable manner was the President. No lame we got him or cowboy hats there. At least not this time.
Re: U.S. in violation of Geneva convention?
The U.S. official's way of behaving like Texas rednecks are embarrassing. Not Crosspost from nettime: Subject: nettime wrong signals If symbols really do matter we might conclude that American administration's PR machine has got it badly wrong. In the carefully orchestrated news management of Saddam's capture, once again, the public opinion which *really* matters in the middle east: Arab public opinion, has been conclusively misread The image of an Arab leader (however terrible) being objectivised by a white gloved American medic like a bug on a lab bench, will not be read in the Arab world as a moment of liberation. It will be seen as a special kind of humiliation, the kind which typifies the depth of ignorance which has inspired this campaign from its outset. Once again the images (chosen with great care one imagines, given the time lapse between Saddam's capture and the John Wayne style triumphalism of the announcement) treats Arab opinion to a further demonstration of the power of the west to objectivize the world under a coolly scientific gaze. In this context no mediaeval torturer could have conceived of a greater humiliation than the medical torch's pencil thin beam illuminating the inside of the tyrant's mouth. A stupidity of almost incomprehensible proportions seems bent on prosecuting a war against terror in which the twenty-four hour news machine is mobilized to disseminate images that do little more than fan the flames of hate.
Re: Idea: Simplified TEMPEST-shielded unit (speculative proposal)
While I agree with much of what you say I don't think it's likely that any kind of advanced SIGINT operation was what brought him down. The most important thing to have is intelligence from humans. From insiders. This is partly the problem with the intelligence agencies today. They think too much of the technology and it's possible uses. Good old fashion spies will always be the most powerfull way to get information if you can get someone to cooperate. This is also why it is a bit harder in countries with a lot of people willing to kill or be killed for the sake of ideas. Even so it seems that someone sold him for the money in this case. It was bound to happen sooner or later since it's not possible to be on the run without trusting at least one or a few individuals from time to time.
Re: U.S. in violation of Geneva convention?
I am not sure I agree. I am no expert on this however. I saw several people commenting the issue of Geneva convention on CNN during the day. Also I saw an expert on this field from another country commenting on the issue stating that it was a clear violation of the convention. In either of these interviews were there any discussion on whether it didn't apply to this specific case due to what clothings he happened to wear or whattever. I got the impression that it was clear that the U.S. treatment wasn't fully appropriate. Nietsche quote sought: Battle not with monsters, lest ye become a monster. And if you gaze long into the abyss, the abyss gazes into you. I think it's about not becoming evil yourself when you're fighting evil. Pretty applicable, yes. We should not be tempted to act in unlawful and questionable ways. It is sticking by international treaties and handling everyone in accordance to law and human values that separates us from evil men like Saddam. This is a good time to show him and his followers that all men, even those of his sort, are treated equal and given a fair trial as stipulated by the universal declaration of human rights by the UN in 1948. And this by the state they call the great satan. Behaving like a lynch mob will make us loosers too.
U.S. in violation of Geneva convention?
The U.S. official's way of behaving like Texas rednecks are embarrassing. Not only are they cheering we got him like a child who can not withhold his enthusiasm. Displaying Saddam the way they did are also possibly a clear violation of the Geneva convention as far as I can tell. What was that quote by Nietsche again? One person who actually did behave in a respectable manner was the President. No lame we got him or cowboy hats there. At least not this time.
Re: U.S. in violation of Geneva convention?
The U.S. official's way of behaving like Texas rednecks are embarrassing. Not Crosspost from nettime: Subject: nettime wrong signals If symbols really do matter we might conclude that American administration's PR machine has got it badly wrong. In the carefully orchestrated news management of Saddam's capture, once again, the public opinion which *really* matters in the middle east: Arab public opinion, has been conclusively misread The image of an Arab leader (however terrible) being objectivised by a white gloved American medic like a bug on a lab bench, will not be read in the Arab world as a moment of liberation. It will be seen as a special kind of humiliation, the kind which typifies the depth of ignorance which has inspired this campaign from its outset. Once again the images (chosen with great care one imagines, given the time lapse between Saddam's capture and the John Wayne style triumphalism of the announcement) treats Arab opinion to a further demonstration of the power of the west to objectivize the world under a coolly scientific gaze. In this context no mediaeval torturer could have conceived of a greater humiliation than the medical torch's pencil thin beam illuminating the inside of the tyrant's mouth. A stupidity of almost incomprehensible proportions seems bent on prosecuting a war against terror in which the twenty-four hour news machine is mobilized to disseminate images that do little more than fan the flames of hate.
Re: Idea: Simplified TEMPEST-shielded unit (speculative proposal)
While I agree with much of what you say I don't think it's likely that any kind of advanced SIGINT operation was what brought him down. The most important thing to have is intelligence from humans. From insiders. This is partly the problem with the intelligence agencies today. They think too much of the technology and it's possible uses. Good old fashion spies will always be the most powerfull way to get information if you can get someone to cooperate. This is also why it is a bit harder in countries with a lot of people willing to kill or be killed for the sake of ideas. Even so it seems that someone sold him for the money in this case. It was bound to happen sooner or later since it's not possible to be on the run without trusting at least one or a few individuals from time to time.
Re: U.S. in violation of Geneva convention?
I am not sure I agree. I am no expert on this however. I saw several people commenting the issue of Geneva convention on CNN during the day. Also I saw an expert on this field from another country commenting on the issue stating that it was a clear violation of the convention. In either of these interviews were there any discussion on whether it didn't apply to this specific case due to what clothings he happened to wear or whattever. I got the impression that it was clear that the U.S. treatment wasn't fully appropriate. Nietsche quote sought: Battle not with monsters, lest ye become a monster. And if you gaze long into the abyss, the abyss gazes into you. I think it's about not becoming evil yourself when you're fighting evil. Pretty applicable, yes. We should not be tempted to act in unlawful and questionable ways. It is sticking by international treaties and handling everyone in accordance to law and human values that separates us from evil men like Saddam. This is a good time to show him and his followers that all men, even those of his sort, are treated equal and given a fair trial as stipulated by the universal declaration of human rights by the UN in 1948. And this by the state they call the great satan. Behaving like a lynch mob will make us loosers too.