Re: Mask Laws: About 5yr. log retention
>"Trei, Peter" wrote:
>> Unless there is a specific loophole for Muslim women's veils, I suppose
>> they are technically in violation, but as I said, these laws are hardly
>> ever invoked. If say, there were a rash of terrorist attacks involving
>> veiled persons occured, there'd be crackdown.
One of the reasons for mask laws is *specifically* veiled terrorists -
wearing white spook outfits. The KKK is fortunately past its heyday,
and the more common police problems when they hold marches are
keeping the crowds from beating them up and unmasking them.
Another reason for such laws may be bank robbers and highwaymen,
but it's mostly the Klan.
I did hear there was a case in Detroit or somewhere about mask laws
being applied to veiled women, but the loophole to go for is the
First Amendment protections on religious freedom.
France, on the other hand, has had public schools ban girls from
wearing head coverings, primarily because they emphasize the
cultural differences.
I read an article a while back about how the black dress outfit
was becoming very common among Egyptian businesswomen.
Not because they were traditionalists, but because the alternative,
at least in Cairo, was that they were expected to dress
fashionably and expensively, even though Egyption salaries
for women haven't caught up with salaries for men,
and the black dress is cheap, often more comfortable,
and has enough traditional support that nobody can argue.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Questions of size...
At 08:46 AM 12/8/00 -0800, Ray Dillinger wrote:
>
>
>On Thu, 7 Dec 2000, petro wrote:
>
>>Mr. Brown (in the library with a candlestick) said:
>>
>>>(RAH might have called it a geodesic political culture if he hadn't got
>>>this strange Marxist idea that politics is just an emergent property of
>>>economics :-)
>
>Just by the way, how widespread is this use of the word 'geodesic'?
It depends on how many hops away from Bob Hettinga you are :-)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
RE: hi
At 05:14 PM 12/6/00 -0800, Alan Olsen wrote: >For some reason I am reminded of a line from the movie _A Shoggoth On The >Roof_ (yes, there is such a beastie.): > > "Every one of us has a shoggoth on the roof. Not a metaphorical > shoggoth, but a REAL Shoggoth! And how does he stay there you might > ask? TENTACLES!" YOW! Where can I find it? (Or how do I keep the Shoggoth from finding me?)(Oh. Not mentioning its name.)(Oh..) ]-9028iu3r =EQ-WSD9A0fc8zuedxtg v-=]3wr14508eux[;colf8itjmkqsvA] zx=]F\QSF*$q(*iztfg v\3-=Wqa(zidxcz0po[ikf]3-wpe[o04pirdfx=[] 0-p3iwsdARECfo0jygvh5]-9r3ud -g]94yut793]1q vt57575758yrtg043=qierg[vkrc kc=re[dsqaacdrsxz~~~
RE: "Hello, You're Dead"
At 11:50 AM 12/6/00 -0500, Trei, Peter wrote:
>[ukcrypto and Perry's list deleted]
>> Dave Del Torto[SMTP:[EMAIL PROTECTED]] wrote
>>
>> <http://www.abcnews.go.com/sections/world/DailyNews/phone001205.html>
>>
>> "...Hitting the 5, 6, 7 and 8 buttons on the phone gun fires
>> four .22-caliber rounds in quick succession. ..."
>>
>The article goes on to say that the Men With Guns may now take reaching
>for a cell phone as adequate excuse to kill you.
Guess you don't get your One Phone Call To Your Lawyer any more...
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
User Trolling for Passwords
Dear Bush / Telinco - your user, <[EMAIL PROTECTED]>, sent the following email to the Cypherpunks mailing list. We often get script kiddies trolling for passwords, contraband, bomb-making materials, and the like. It's a difficult decision whether to harass them in return, or ask their internet providers to send them some Netiquette material. Unfortunately, I couldn't find any in the help files on your site - it was mostly about how to get interactive TV schedules. Phil - If you want passwords, ask your mother for one. If you want Richard Stallman's ITS password, it's carriage return, and by the time you get ITS up and running again, you'll have learned something. Grammar's a good thing to learn also. >Return-Path: [EMAIL PROTECTED] >Received: from sirius.infonex.com (sirius.infonex.com [216.34.245.2]) > by wormwood.pobox.com (Postfix) with ESMTP > id 88EFE725B5; Tue, 5 Dec 2000 16:03:43 -0500 (EST) >Received: (from majordom@localhost) by sirius.infonex.com (8.8.8/8.8.8) id MAA20246 for cypherpunks-outgoing; Tue, 5 Dec 2000 12:57:30 -0800 (PST) >Received: (from cpunks@localhost) by sirius.infonex.com (8.8.8/8.8.8) id MAA20213 for [EMAIL PROTECTED]; Tue, 5 Dec 2000 12:57:12 -0800 (PST) >Received: from cyberpass.net (cyberpass.net [216.34.245.3]) by sirius.infonex.com (8.8.8/8.8.8) with ESMTP id MAA20202 for <[EMAIL PROTECTED]>; Tue, 5 Dec 2000 12:57:05 -0800 (PST) >Received: from bushtv-1.mail.telinco.net (bushtv-1.mail.telinco.net [212.1.128.182]) by cyberpass.net (8.8.8/8.7.3) with ESMTP id MAA03486 for <[EMAIL PROTECTED]>; Tue, 5 Dec 2000 12:59:31 -0800 (PST) >Received: from [192.168.8.186] (helo=bushtv-java-1-internal.server.telinco.net) > by bushtv-1.mail.telinco.net with esmtp (Exim 3.14 #7) > id 143P91-0007Kn-00 > for [EMAIL PROTECTED]; Tue, 05 Dec 2000 20:56:59 + >Message-ID: <[EMAIL PROTECTED] et> >Date: Tue, 5 Dec 2000 20:56:58 + (GMT) >From: PHILlIP CHRISTIAN <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Mime-Version: 1.0 >Content-Type: text/plain; charset=us-ascii >Content-Transfer-Encoding: 7bit >Sender: [EMAIL PROTECTED] >Precedence: first-class >Reply-To: PHILlIP CHRISTIAN <[EMAIL PROTECTED]> >X-List: [EMAIL PROTECTED] >X-Loop: [EMAIL PROTECTED] >X-UIDL: ac925881ae786caacca3116fc22f5066 > >please send me password > > > >
Re: Re: Sunders point on copyright infringement & HTML
At 01:41 AM 12/5/00 -0800, petro wrote:
>Mr. May:
>>(And then there's Riad Wahby, whose signed messages are unopenable
>>by Eudora Pro. He is doing _something_ which makes my very-common
>>mailer choke on his messages. Not my problem, as his messages then
>>get deleted by me unread. Again, standard ASCII is the lingua franca
>>which avoids this problem.)
>
> He's apparently using GPG, and he has been told about this.
> He doesn't seem to care.
You're incorrect. The problem isn't GPG, it's the Mutt mailer.
Riad's using 1.2.5i, which almost did the right thing,
and he went to the trouble of hacking the program to fix it.
So now his messages are plaintext GPG or PGP in the message body,
which is what they should be.
I'm not sure if hacking was necessary - it looks like
RGB on the linux-ipsec mailing list is getting the same effect,
(though perhaps he also hacked the source.)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Buying Mein Kampf via the Net
At 08:02 PM 12/3/00 -0800, Lizard wrote: >At 07:49 PM 12/3/2000, Danny Yee wrote: >>Lizard wrote: >> > Really? Doesn't the Berne convention override national laws? >> >>Probably, yes. Does that mean national copyright laws only apply to >>their own citizens/residents? What happens in the case of dual >>citizenship? And does place of publication come into it? > >In most cases, national laws are altered to bring them 'in line' with >treaties. (All treaties.) This has been an issue in the US, where the SC >has ruled that a treaty cannot violate the constitution...or, rather, that >it doesn't matter WHAT Congress agreed to, the Constitution will trump any >laws passed to institute it. I don't know if Australia's joined Berne (I assume yes) or how they've implemented it. Copyright laws, like most laws, only apply in whatever jurisdiction the government that writes them can get away with enforcing them. (For most countries, that's their national boundaries, plus occasionally expatriate citizens; for some, it's quite a bit less :-) Traditional Chinese copyright law only applied to civilization, i.e. Chinese-language books written by Chinese; stuff written by barbarians wasn't provided, so lots of my Taiwanese fellow students in college had much lower-cost versions of US-written textbooks, and that tradition was adapted to software on CD-ROMs at least until recently. In the US, that doesn't really affect copyright - the US Constitution doesn't go into any depth on the details of copyright law, so the US Congress was perfectly free to replace the previous details with Berne convention details. The one arguable exception is that the Const. authorizes grants of patents and copyrights for limited periods of time, and the current definitions of "limited" for copyright keep getting stretched; I think it's now "75 years after you're dead, or pretty much forever if you're a corporation". The general comment I've heard from lawyers is that copyright lengths will keep getting extended indefinitely to prevent Mickey Mouse's image from going off copyright. >That this might somehow change is a favorite paranoia of a loony right. >(And, were it likely to occur, it would be a justifiable paranoia...it >would allow the legislature to do an end-run around the Bill of Rights. For >example, the US as it stands CANNOT ban 'hate speech' from US-hosted >servers, even if Europe pressured them into signing a treaty to do so.) No, but Congress does a pretty good job of passing Unconstitutional laws already :-( The treaty trick that's been going on, at least in the ReaganBushClinton years, is for the administration to haggle other countries into a treaty or lower-status-than-treaty agreement about something obnoxious, like drugs laws or crypto export restrictions, then bully Congress into implementing legislation for it "because we've already negotiated it with our major partners". Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
RE: Net News as Cover Traffic
At 08:56 AM 12/1/00 -0800, Ray Dillinger wrote:
>Yes, different. alt.anonymous.messages is simply a message mix.
>I'm talking about a system that would provide lots of encrypted
>traffic *ON THE SAME PORTS* as whatever other encrypted traffic
>you were sending. IOW, no one should be able to look at logs and
>say, "well, we can ignore that packet, it's NNTP. This other
>packet over here is mail, and probably the thing we're after..."
That sounds like a job for IPSEC. All the packets are encrypted
at the IP level, though you can still tell the source and
destination of the outer packet, and you can tell the packet size,
so it's not a strict Pipenet substitute - if you see traffic from
A to B and same-sized traffic from B to C, you can guess that
B might have routed some packets from A to C.
But it still answers your basic request.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: CNN.com - U.S. Supreme Court strikes down drug roadblocks - November 28, 2000
At 12:13 PM 11/29/00 -0500, sunder wrote:
>Jim Choate wrote:
>>
>> http://www.cnn.com/2000/LAW/11/28/court.roadblocks.sc.reut/index.html
...
>Jim, rather than sending this 63K email with a copyright violation,
>why don't you just send us the above URL with NO attachments?
...
>Read our lips: THE URL IS ALL WE NEED. NO MORE THAN THAT!
Of course, when somebody sends _just_ the URL,
with no accompanying explanation of what it's about or why
it's worth the time looking it up and reading it,
we also rant them out for not including at least the first
paragraph or a sentence or two of commentary :-)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
re: Imagine
At 11:04 AM 11/29/00 -0800, Steve Schear wrote a message that was in some HTML format that Eudora badly choked over when trying to reply. It was possible to save it with all the random font change garbage and funny characters, but not to just send a text reply. >> 1. Imagine that we read of an election occurringanywhere in the >> third world in which the self-declared winner was the son ofthe former >> prime minister and that former prime minister was himself theformer >> head of that nation's secret police (CIA). Steve, or whoever The Blue Writer is, says "Correction. He was declared the winner by the fact that he has received 271 of the needed 270 electoral votes." Bush hasn't received them. Not only have the Electors not voted yet, but Florida hasn't selected their electors yet. They're still haggling about whether the votes should all be counted, and the Republicans have done a good job of preventing any recounts from being finished (or used), to the extent of organizing riots outside the Miami/Dade election office. They're also trying to decide what to do about the 19000 double-punch ballots (probably unfixable), and the 15000 absentee ballot applications that were allegedly criminally altered by the Republicans (1 were voted for Bush, 5000 for Gore). Then there were the 12000 mainly black voters whose registrations were disqualified incorrectly because they were allegedly felons, based on a database provided by a company whose parent company gave a six-figure contribution to the Republican Party - about 8000 of those people got back on the voter rolls, and probably not all of the other 4000 would have voted, but they were much more likely to have voted Democrat. I'm not saying the double-punched ballots were Republican fraud; it looks a lot more like Democrat incompetence in the ballot design, though it's been suggested that they could also have been from Democrat attempts at fraud (punch a spike through the Gore hole, and it won't invalidate any ballots already marked for Gore, but will invalidate any ballots voting for other candidates.) The "bunch of elementary school kids had no trouble" press release is fun, but bogus. If the teacher had told the kids "Vote for Gore and Lieberman" instead of "Vote for Gore", they'd have been much more likely to make a mistake. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Wanted TLD operators for the ORSC
At 05:44 AM 11/28/00 -0500, Joe Baptista wrote:
>I'm looking for people who want to operate tlds in the orsc zone.
>You need to know BIND, and have a familiarity with database programming
>like mysql.
>If anyone is interested - send me a private email and i'll followup on it
>this weekend and we can start getting you online.
>
>The orsc needs new blood. It's stagnated at 380 member tlds.
Well, if you're not averse to stirring up trouble (:-),
see if you can find the contact for China's proposed
.[Chinese-Unicode-Character-for-Commercial] TLD,
which they announced would be competing with ICANN's .com
for Chinese-language domain names.
I don't know what the phonetic equivalent of the name is,
but maybe they'd also want somebody to run ".chicom" mirroring it...
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: On 60" tonight
>On Sun, 26 Nov 2000, Tim May wrote:
>> At 6:32 PM -0500 11/26/00, [EMAIL PROTECTED] wrote:
>> > My on-screen guide said "FISA", tvguide.com says,
>> > "Mike Wallace looks at one couple's claim that
>> > they were set up by the FBI and wrongly convicted of espionage."
>>
>> I notice you're babbling about what's on "60 Minutes" but not saying
>> a peep about the certification of the election in Bush's favor.
Tim, the guy was taking a break from election results to
actually say something about a cypherpunks topic.
We know the election rigging is in progress, and it looks like
Bush is better at it than Gore.
At 07:59 PM 11/26/00 -0600, Mac Norton wrote:
> So Bush pardons Clinton, which has the added plus of forcing Clinton
> to the choice of taking it or not. That's *real* revenge. Not that
> W. is that smart/mean, but his daddy is.
Ooh, that's nasty. Hope he does it :-)
In practice, the Statute of Limitations probably applies to
most of the things the Clintons did. Besides, the Republicans have
used far more slack than they had available in trying to prosecute
Clinton for something/anything/whatever.
Meanwhile, the speaker on CSpan Book Passage is talking about
how he and his friends attempted to not be swayed by the
Steve Jobs Reality Distortion Field ("We even had *hand signals*
to warn each other when they were getting sucked in..." :-)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Jim Bell arrested, documents online
At 10:14 AM 11/24/00 -0800, Ray Dillinger wrote:
>
>
>On Fri, 24 Nov 2000, Tom Vogt wrote:
>
>
>>would most likely cast a couple new protection laws. say, make it
>>illegal to publish a politician's name. "our president has today..."
>
>
>Well, I guess that's *one* way to get political types to support
>the right to anonymity...
Nah - too hard to give them credit when they want it,
so they'd do pseudonyms.
"Big Brother announced today that..."
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Re: ssz.com network trouble
At 10:07 AM 11/20/00 -0600, Jim Choate wrote: > >Hi Bill, >On Sat, 18 Nov 2000, Bill Stewart wrote: >> I did a traceroute (well, mswindoze tracert, anyway), and got a >> "destination unreachable" from a machine at realtime.net in Austin. >> SSZ has often been unreliable; > >Unreliable? The context of my message was "don't panic if you haven't been able to connect to SSZ for the last few hours, it happens sometimes"; I wasn't saying "don't trust those unreliable bums" :-) >We average six and eight month uptimes. And when the outages >occur it has been either hardware failure or a service failure. >We average 2 hardware failures per year and it usualy(!) takes less than 4 >hours to have it replaced (not bad for off the shelf consumer equipment). >...We usualy get about 4 service interruptions of >some sort or another a month. They usualy last about 4 hours. I agree that's not bad for off the shelf equipment not located at a heavy-duty colocation facility, though I thought you've also had the occasional power hit take you down. ISDN isn't the kind of thing to use if you're paranoid about not having your connection flake once in a while, but it's pretty good (if the price is right) for a mostly-reliable service and is pretty good at self-recovery if you've got a service provider with multiple dialin locations. >> I think it's connected by ISDN, and it's raining down in Texas. > >Yes, we had a ISDN/Ethernet issue. Replacing the hardware with a suitable >model was harder than expected, coudn't find anyone open with stock on >Saturday. > >As to rain, 4in/hr is a tad more than a sprinkle junior. Yup. Telecom networks often get grouchy about that sort of thing, especially when they're going out to your house or small business, and I'd been guessing you were probably having that or a power problem. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: I need your help for my project!!!
At 01:20 PM 11/19/00 -0500, Cecilia Freitas wrote:
> send me what you know about the earthquake that happened on saturday in
>Papau new guinea.
It's not our *fault*. Trust us. Really!
-- Californians Against Unwanted Seismic Activity.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: ICANN should approve more domains, from Wall Street Journal
I was disappointed that the IETF Ad Hoc Committee wasn't able to generate their political clout to get their earlier 7-new-TLD plan implemented a couple years ago. However, one strong similarity between their plan and ICANN's is that both first rounds of new TLDs were pretty lame, and if this wasn't done deliberately, it should have been, because it's a Good Thing. It's how you get a practice round before getting to the far more controversial valuable namespaces, like .inc, .ltd/gmbh/sa, .mp3, .sex and .microsoft. The limitations on the number of TLDs aren't particularly technical; if you allow an infinite number of them, you replicate all the problems with .com under . , and don't have a level of indirection available to fix them with. It's worth going slowly. The more important questions are the openness of the namespaces; I'm glad that ICANN rejected the WHO's .health and Nader's .union, because they allow political groups to decide who can join based on their political correctness positions (would WHO allow .accupuncture.health? .joes-herbal-remedies.health? .snakeoil.health? .homeopathy.health? Nader's group wouldn't allow a company-dominated union, and might even have trouble with the Wobblies.) The $50K application fee was pure exploitation of their position; I don't think they're making any excuses for that. The big problem is that it limits the kinds of TLDs that can be applied for to commercial players - experimental namespace use like .geo is valuable, and hard to get funding for. And like taxi monopoly medallions in New York City, once you've charged somebody big money for their chance, it's politically difficult to charge somebody else less or nothing later. Bill Stewart At 08:58 AM 11/20/00 -0800, Declan McCullagh wrote: >[My op-ed, below, appeared in today's paper. An HTML-formatted copy is at: >http://www.cluebot.com/article.pl?sid=00/11/20/1714249 --Declan] > >The Wall Street Journal >Monday, November 20, 2000 > >ICANN Use More Web Suffixes >By Declan McCullagh >Op-Ed > . >One reason is that the new suffixes approved by the Internet >Corporation for Assigned Names and Numbers are woefully inadequate. >Instead of picking GTLDs that would meet market demand, ICANN decided >to approve the lackluster set of .aero, .biz, .coop, .info, .museum, >.name, and .pro instead. (If these were proposed brand names, you can >bet most would fail the first focus group test.) Any more additions, >ICANN's board members indicated, would not be approved until late >2001. > >This is absurd. Technology experts occasionally wrangle over how many >GTLDs the current setup can include, with the better estimates in the >millions, but few doubt that the domain name system can handle tens of >thousands of new suffixes without catastrophe. >Another problem is a predictable one: Politics. In the past, some of >ICANN's duties had been handled by various federal agencies. Unlike >what some regulatory enthusiasts have suggested, however, the solution >is not encouraging the government to again become directly involved in >this process. A wiser alternative is a complete or near-complete >privatization of these functions. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Florida reject stats, chad vs. optical
At 05:45 AM 11/17/00 -0500, [EMAIL PROTECTED] wrote:
>
>Dubya has announced he will nominate Harris
>as ambassador to Chad.
That'd be pretty Mali-cious.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
BRITAIN DEPLOYS 'CYBERCOPS' TO FIGHT INTERNET CRIME (Fwd)
Unnamed Administration Sources forwarded this message about a new Internet-based terrorist group in Offshore Northwestern Europe: -- Britain deploys 'cybercops' to fight Internet crime By NICK HOPKINS The Guardian November 15, 2000 LONDON - The rising tide of Internet crime - hacking, porn rackets, extortion and fraud - is to be tackled in Britain by a squad of "cybercops." British Home Secretary Jack Straw said the unit will be headed by 80 officers recruited from the police, customs service, national crime squad and National Criminal Intelligence Service (NCIS). Money is also being provided to help fund a 24-hour international hotline for detectives from different countries to "trade information on potential attacks on the national infrastructure." The initiative follows intelligence that shows terrorists are increasingly using the Internet for recruitment and planning. Internet crime has soared in the last three years as criminals have begun to realize the opportunities it offers. The dissemination of computer viruses, such as the "I Love You bug," which wreaked havoc last summer, is also on the rise. Medium-sized businesses are particularly vulnerable to these kinds of attacks because they cannot afford protective filtering systems. Recent research showed that 60 percent of Britain's online businesses have suffered hacking while worrying new trends include evidence of an international Internet trade in body parts. -- (Distributed by Scripps Howard News Service. For more Guardian news go to http://www.guardian.co.uk/) _
Re: A secure voting protocol
At 05:53 PM 11/13/00 -0500, Declan McCullagh wrote:
>On Mon, Nov 13, 2000 at 11:08:01AM -0800, Tim May wrote:
>> A "vote at home" protocol is vulnerable to all sorts of mischief that
>> has nothing to do with hackers intercepting the vote, blah blah.
>
>Righto. Absentee ballots require a witness, usually an officer (if
>you're in the military) or a notary-type, to reduct in par tthe
>intimidation problem.
The state of Oregon uses vote-by-mail for their elections,
though I think there's an option for physical delivery if you want.
I'd be surprised if they require witnesses - if anything,
that encourages your spouse to look at how you voted.
I've never been required to have witnesses for voting with
absentee ballots in New Jersey or California.
Besides, in places like Chicago or Tammany-era New York City,
it'd be easy for the Party to obtain notaries to witness ballots.
"OK, Mr. Jones, the stamp on your ballot, and here's the stamp
on your bottle of whiskey. Next, please!"
and optionally to put the correct party ballots in the correct box
and the incorrect party ballots in the round container.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: jabbascript ads on algebra.com
They worked fine when I looked at it, though Jabbascript is
unreliable enough on Netscape that I may have gotten lucky
(e.g. looked at it when the memory leaks hadn't leaked much,
caches weren't too full, rest of the memory on my pc wasn't
swapping itself to death, etc.)
It's unsafe for the users to enable it, because they might
encounter web pages with malicious or broken scripts,
but when it's well-written it really does work ok,
at least most of the time.
At 12:20 AM 11/13/00 +0100, Anonymous Remailer wrote:
>Actually there's a much more mundane reason for people not viewing the
>ads on algebra.com. The javascipt code is broken and doesn't display
>anything in netscape. So if you view the page with netscape, the ads
>don't show...
>
>Oh well, using javascript is a stupid idea anyway. I think you got
>what you deserved on that one...
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: 2:15 am, Eastern Time--The Election Train Wreck
At 02:29 AM 11/12/00 -0800, petro wrote:
> Bush winning is bad, AlGore winning is worse. This insane
>infighting over the spoils is too much to stomach.
I disagree. The House and the Senate will be Republican,
or at least nearly so.
Al Gore with a 100-vote Florida plurality would have an extremely
difficult time getting things accomplished in that environment.
(Considering what Al wants to accomplish, that's probably good,
especially since first priority is It's Still The Economy, Stupid.)
George W. with a 100-vote Florida plurality and a minority
popular vote position (with Gore and also Nader to the left of him)
would get no respect at all, but would have a Republican Congress
to make it much easier to accomplish things. I don't *want*
the military-industrial complex rebuilt (though Nader says that
AlGore likes them as much as Bush does.) Other than small tax cuts,
nothing I've heard Bush suggest doing sounds worthwhile,
and he does plan to spend more of your money even though he
acknowledges that it's yours. Also, Bush would be under immense
pressure to prove he's not a wimp, so he'd go do something
decisive and Presidential as soon as possible, which is not a good
thing to have lightweights doing.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Greetins from ZOG-occupied Palestine
At 08:34 PM 11/10/00 -0600, Phaedrus wrote:
>
>On Fri, 10 Nov 2000 [EMAIL PROTECTED] wrote:
>
>> Tim May, the heavily armed hate monger who refers to ZOG, and , his
extreme
>> right wing malitia friends have missed there chance.
So is "malitia" a bunch of bad soldiers?
>> Certainly the 400 of us needed killing before we influence the American
>> Presidential election.
>
>actually, since ballots were supposed to be postmarked two days ago,
>killing you now wouldn't help (even if I were for it, which I'm not,
>personally) unless something very bad were going on
Yup. It's now in the hands of disgruntled Postal Workers.
(And apparently there _has_ been a certain amount of malfeasance
in handling the mail ballots, though it's not clear the P.O. were
directly involved.And the Postmaster General's on the
succession list, at least in the 1947 version.)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: A secure voting protocol
At 05:47 AM 11/10/00 -0600, Jim Burnes wrote:
>I envision a day (background music swelling and eyes tearing slightly --
>an obvious Oscar moment) when it matters little who the President-elect is,
>because DC is bound and emasculated by its original constitutional chains.
>The day when the Pres has little more power than the Queen Mother.
Somebody buy that man a beer!
>That should be an easier problem to solve than getting people to accept
>the validity of exotic crypto voting protocols.
Yup.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Re: A successful lawsuit means Gore wins!
At 03:24 PM 11/10/00 -0600, Jim Choate wrote:
>
>On Fri, 10 Nov 2000, Trei, Peter wrote:
>> This is covered by the Presidential Succession Act of 1947. See
>> http://www.greatsource.com/amgov/almanac/documents/key/1947_psa_1.html
>
>Actualy it isn't. It's covered by the 20th amendment, section 3.
The 20th Amendment was ratified in 1933. Therefore the 1947 law
implements the " Congress may by law provide for the case" part of the 20th.
(Unfortunately, the Postmaster General is fairly high up the list :-)
The 20th does say that Congress can do whatever they want about it,
so they could easily supersede the 1947 act. Anyway, Al Haig's in charge.
>Looks to me like Congress could leave Bill in office until this mess is
>over. Like I said, is this a new way to win a 3rd term?
By the 23rd Amendment ("FDR Reoccurrance Prevention Amendment"),
he can't be _elected_ to win a 3rd term - but that doesn't mean he
can't be appointed, though What a bad idea that would be
In general, the 23rd trumps previous amendments, as any newer law
supersedes the older one, but it's not clear there's a conflict.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Late-postmarked ballots from ZOG-occupied Palestine
So do military personnel who are officially Florida residents
get Extra Slack on their absentee ballots if they're overseas?
They're as likely to vote for the Ruling Party than Israelis are.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: A successful lawsuit means Gore wins!
So far, Wavy Gravy's Nobody for President campaign is still out ahead Nobody's winning in Florida! Nobody's in charge! Nobody's going to fix the economy! Nobody's going to shrink the military-industrial complex! Vote for Nobody! At 04:22 PM 11/9/00 -0800, Tim May wrote: >At 7:05 PM -0500 11/9/00, [EMAIL PROTECTED] wrote: >> >>James "too damn bad about the 19,000" Baker >>ain't no piece of cake either, FYI. > >He's right about the "19,000 spoiled ballots." Four years ago there >were 16,000 spoiled ballots in the same district, and that was with >lower overall turnout. > >Fact is, voting is serious business. Those who show up dazed and >confused and punch too many holes in their ballot are an example of >social Darwinism. To some extent that's true - but it's also a lot like blaming airplane accidents on pilot error when the instrument panel is atrociously designed. It's not just the pilot's fault. Of course, here, the problem happened because the ballot designers were trying to make it Easier for the old folks. There are two or three states where Gore won by a narrow margin over Bush (typically about 48-49% of the total.) Bush has hinted that if the recount overturns this one, he'll push hard for recounts there, which could get him the electoral votes he needs. And so it begins On the other hand, if Bush squeaks by and wins this by 10 votes, there'll be a LOT of pressure on the Bush electors to do the honest thing, admit that Gore really won (because of the 19000 trashed Gore/Buchanan ballots), and vote for Gore. It only takes 2. And they don't even HAVE to be from Florida, though those would be the most appropriate ones to fix it. > Unless he was bugging the voting booths and had ways of knowing the > true thoughts of those voting, he had no way of knowing this. Knowing for sure? No. But Buchanan's not dumb enough to overestimate his popularity among a bunch of older Jewish Democrat voters, though perhaps his protectionism appeals to some Fla. Liberals as much as Nader's does Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Godel & Turing - a final point
At 05:16 PM 11/9/00 -0600, Jim Choate wrote: >On Thu, 9 Nov 2000, Jim Choate wrote: >> On Wed, 8 Nov 2000, Sampo A Syreeni wrote: >> >> > You are talking about two very different problems, here. Gödel/Turing sorta >> > things are about problems where quantifiers over an infinite set are >> > permitted. >> In the particular case we are speaking of we are talking about the >> situation where the language consists of "all >> consistent/valid/evaluatable/assignable boolean sentences". >> >> Hence, somebody did a naughty... > >If you have a 'language' that is provably consistent then you know that >that language is not complete or 'universal'. There MUST!!! be sentences >which are not included in the listing. That's fine. The Satisfiability problem, and in particular 3-SAT, doesn't claim to be complete or universal. It's just a very large and versatile class of Booleans, but it doesn't pretend to contain Booleans that describe encodings of their own truth values (unlike this discussion :-) Just things of the form (A1 or A2 or A3...) AND (B1 or B2 or B3...) AND Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: A successful lawsuit means Gore wins!
On Thu, Nov 09, 2000 at 05:58:11PM -0500, [EMAIL PROTECTED] wrote:
>> I vote you are hereby ex-communicated from the Cypherpunks club,
>> joining Dimitry Vulis.
At 07:05 PM 11/9/00 -0500, Declan McCullagh wrote:
>Huh? Tim has been posting such articles for years. You weren't around
>for the Y2K discussions.
George, you've got to remember not to mess with Winston Smith.
Unlike some people who need killing, yer just gonna get unpersoned
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Re: Close Elections and Causality
At 03:54 PM 11/9/00 -0600, Jim Choate wrote:
>
>On Thu, 9 Nov 2000, Tim May wrote:
>
>> * In a close, nearly-tied election, should a re-vote be allowed?
>>
>> * In a close sports game, should all potential "fork" decisions
>> (referee calls) be reviewed and the game rolled-back...even hours
>> later? Should critical plays be re-played the next day?
>
>I believe the concept is called 'sudden death'.
Hey, leave Jim Bell alone! :-)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Close Elections and Causality
At 09:02 AM 11/9/00 -0800, Tim May wrote: [lots of good comments on causality] >-- Someone will say that a highway being closed prevented them from >getting to the polling place in time, and that there additional vote >"would have made the difference." They want a re-vote. A few years ago, Christie Whitman was busy campaigning for governor of New Jersey, and didn't get back home to vote in a school bond election. It lost by one vote. (On the other hand, the local district or state or somebody ignored their loss in the election and sold the bonds anyway) >Second, at the time of the "approximately simultaneous" vote on >Tuesday, no particular state, no particular county, and no particular >precinct had any way of "knowing" that it would be a hinge site. >Thus, some people didn't bother to vote, some were careless in >reading the ballot instructions, some just made random marks, some >were drunk, all of the usual stuff happening in polling places across >the country. This despite the estimated $3 billion spent on wooing >voters. The electoral college system means that in almost all states, except the one or two with the middlest results, a difference of a small number of votes doesn't change the outcome. Usually even changing the outcome for a whole state doesn't change the outcome of the election either, except a few big states. In Florida, where the vote totals are close to equal, a small number of changed votes could change the election. Arguably, the votes on the 19000 spoiled ballots _have_ changed the outcome of the election, because the vote went into the voting booth saying "I'm voting for Gore", and the ballot counters tossed those votes after they were made. >Rules are rules. The time to object is beforehand. Unless extremely >serious voter fraud is found, results should not be thrown out when >those results are in accordance with the rules. In no cases should a >re-vote of a "hinge county" be allowed for less-than-massive-fraud >reasons. I agree that that's a strong point - if any of those 19000 voters was confused, the time for them to raise the issue was at the poll. If they _did_ ask "hey, this is confusing, how do I vote for Gore?" at the polling place, and the poll workers told them what to do and voided their ballots anyway, then they've got a cause of action. If they didn't complain, it's much harder to argue. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: A successful lawsuit means Gore wins!
At 10:42 AM 11/9/00 -0500, Declan McCullagh wrote:
>It would be simpler, and probably fairer (in a general sense) to discard
>those ballots that are suspect. Elections such as this should not be
>re-run.
>
>Take it down to its most general form. Gore and Bush are tied.
> My ballot was mangled during processing and is unreadable; I successfully
>sue for a rerun of the election, just for my ballot alone. Is this a
>good thing?
There are at least two problems with that
0) That's what happened now, and nobody likes it :-)
1) The ballots that appear to have been misvoted, about 19000 of them,
disproportionately appear to have been for Gore, and not for Bush,
so it seriously biases the results in that district.
You could avoid this by voiding _all_ Presidential votes from the district.
2) The district itself is heavily Democrat, so voiding all their votes
doesn't fix the imbalance either.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Codebreaking with a multi-Teraflops network: one technique
At 04:01 PM 11/7/00 -0800, Ray Dillinger wrote:
>
>Let's say you're a high-level spook, and you've got a bunch of
>encrypted intercepts of uncertain origin. Gigabytes and gigabytes
...
>It should be childs play to set up a "front", as a scientific or
>charitable organization. Dream up a CPU-intensive task that engages
...
>Hire a bunch of people at the front organization who sincerely
>believe that all these cycles are expended on the fake project,
>and let them effusively thank all the people who download and run
>the software. Explain that you can't release the source, because
>then people would modify it and your scientific data might be
>corrupted.
Scamming
Extra
Teraflops for
Intelligence
??
:-)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Minesweeper and defeating modern encryption technology
At 06:04 PM 11/5/00 -0600, Jim Choate wrote: > >On Sun, 5 Nov 2000, dmolnar wrote: > >> > There is no guarantee that a NDTM will guess the correct answer at any >> > stage. The question the NDTM answers over a DTM is "Is there a statistical >> > algorithm that is more efficient than a deterministic one?". >> >> Um, the definition of "nondeterministic Turing machine" implies such a >> guarantee. You seem to be thinking of a probabilistic Turing machine - a >> machine which can flip coins and use the results in an algorithm. >> They are **not** the same thing. >??? > >A NDTM has a stage which if given correct input will cause the result to >have one of several states (e.g. A Turing machine that holds both roots of >a quadratic at the same time). However, we're right back to 'provably >correct' which can't occur, even in principle because there are some >legitimate input states that can't be resolved as 'correct'. I wasn't the >one who injected 'guessing' in there (which a NDTM doesn't do, ever. It >takes the next state only after a 'proof of correctness' step.). When >the 'guess' factor is injected then you get a probabilistic NDTM. Which is >what I was addressing. Dave's right, Jim. The NDTM obtains The Right Answer by using a process you could call "guessing" or you could call "an oracle". That's not "Oracle" like "Larry Ellison telling you what you WILL buy next", it's "Oracle" like "Stoned priestess telling you that if you attack today, a great kingdom will fall", and the polynomial-time part is where you crank that through and find out that yes, it's correct. (Unfortunately it's *your* kingdom, but it's correct.) The reason the NDTM is hypothetical is because always guessing the right answer isn't a technology that's really available, unless quantum computers can do that with a sufficently useful precision. (Looks like QCs will at best guess the right answer some of the time, not all the time, and you'll still have to check it.) >In addition a NDTM has little worth in a world where we postulate all >possible Boolean sentences are resolvable. It, after all, allows a state >to be both 1 and 0, clearly contrary to our assertion. What one would want >is to show that a DTM was all that is required to resolve any of those >Boolean equations. Which can't be done if we accept the NDTM <-> DTM proof. The NDTM doesn't allow the state to be both 0 and 1, it tells you which. The DTM part verifies that the answer from the oracle is correct, even though obtained by non-deterministic magic. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Minesweeper and defeating modern encryption technology
At 08:42 PM 11/4/00 -0600, Jim Choate wrote: > >Hi Bill, > >On Sat, 4 Nov 2000, Bill Stewart wrote: > >> Jim, you're misunderstanding the class NP, though you're >> correct in not holding your breath. >> >> It's not "all problems that can't be solved in polynomial time." >> It's "all problems that can be solved in polynomial time by a >> non-deterministic Turing machine." >> A non-deterministic Turing machine is allowed to guess answers >> (or at least, to guess a polynomial number of answers). >> Answers to NP problems can be verified in polynomial time - >> the hypothetical machine guesses the answer, and verifies it >> in a polynomially bounded time. > >Which is mathematicaly equivalent to having an algorithm that solves the >problem directly in polynomial time. No - it gives you a direct solution that takes exponential time, because there are exponentially many answers the thing could guess, each of which takes a polynomial time to validate. The "then a miracle occurs" step is that the NTM guesses the _correct_ answer - that's why it's hypothetical, rather than real. The reason that it's interesting mathematics is partly that many NP-complete problems, or NP problems in general, are useful or interesting to mathematicians, and sometimes to real people as well (:-), and that it tells us about the complexity of the problem, and about the difficulty of finding answers, and whether to go for optimal solutions to the problems or to look for heuristics that give pretty good answers most of the time. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Minesweeper and defeating modern encryption technology
At 11:02 AM 11/4/00 -0600, Jim Choate wrote: >On Sat, 4 Nov 2000, Declan McCullagh wrote: >> "NP" problems, on the other hand, are those that can be solved in >> nondeterministic polynomial time (think only by guessing). NP includes P. > >Actualy any time that can't be described using a polynomial (i.e. a0 + >a1x + a2x^2 + ...) is NP. For example something that executes in factorial >or exponential time is NP. > >If it is found that all NP can be reduced to P then I'd expect to see >somebody be able to express a factorial (for example) as a polynomial. >I ain't holding my breath. > >The 'nondeterministic' part simply means it's unknown if the problem can >be reduced to a polynomial representation. > >As to 'guessing', some processes are polynomial and some aren't. Jim, you're misunderstanding the class NP, though you're correct in not holding your breath. It's not "all problems that can't be solved in polynomial time." It's "all problems that can be solved in polynomial time by a non-deterministic Turing machine." A non-deterministic Turing machine is allowed to guess answers (or at least, to guess a polynomial number of answers). Answers to NP problems can be verified in polynomial time - the hypothetical machine guesses the answer, and verifies it in a polynomially bounded time. There are lots of problems that are outside of NP - they're known to take exponential amounts of time to solve, regardless of whether you've got a NTM which can pull correct bits out of /dev/oracle. There are also lots of problems for which the complexity is unknown, such as factoring. Until ~20 years ago, linear programming was believed to be part of NP, but Karmarkar's algorithm (which I think was based on Shor's work?) demonstrated a way to solve it in polynomial time, though with an annoyingly large polynomial. NP-complete problems are a certain set of problems for which it can be proven that if you can solve one problem in that set in polynomial time, you can use only polynomially more work to solve any other problem in that set. Usually people reduce things to the Satisfiability problem, though sometimes others are more convenient. When I was studying complexity theory from Karp back in grad school, one thing I didn't understand was the issue of whether there might be other sets of problems that are similarly hard but not reducable to each other, e.g. a set NP1 of hard problems including satistiability, Hamiltonian paths, etc., a set NP2 of hard problems including Foo and Bar that are reducable to each other but haven't been proven to solve or be solved by NP1 (or at least not both.) Perhaps it's a definitional thing, or perhaps there are proofs that were beyond the scope of a first-year grad course, or perhaps the problems that appear to be that hard just keep turning out to be members of the well-known NP-complete set, or perhaps there was something obvious I was just missing... Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: FW: BLOCK: AT&T signs bulk hosting contract with spammers
At 07:40 AM 11/1/00 -0800, James Wilson wrote: >If any of you get services from AT&T you might want to start looking for a >more ethical carrier (if one exists) - AT&T has been caught red handed >hosting spammers and promising not to terminate their services. >-Original Message- >From: Spam Prevention Discussion List >[mailto:[EMAIL PROTECTED]]On Behalf Of Steve Linford >A copy of this fax is now at http://spamhaus.org/rokso/nevadahosting.jpg Fortunately, somebody got this to the right people at AT&T; otherwise I was going to have to contact the Sales VP (Hovancak) whose name was on the contract and ask him to find the sales rep who got fast-talked into signing that contract. AT&T's privacy policies mean that we can't reveal information on our customers' networks, so it's the PR folks' problem to tell you that we've learned the error of our ways, as revealed in the CNET article below. http://news.cnet.com/news/0-1005-200-3369773.html AT&T admits spam offense after contract exposed By Paul Festa Staff Writer, CNET News.com November 3, 2000, 9:30 a.m. PT update - AT&T acknowledged Thursday that it had violated its own spam policy by providing Web-hosting services to a purported sender of unsolicited commercial email. The admission came after an English anti-spam organization publicly posted what it termed a "pink contract" between AT&T and the alleged spammer, Nevada Hosting. AT&T had been hosting the group's Web site. "This proves that AT&T knowingly does business with spammers and shows that AT&T makes 'pink' contracts with known spammers to not terminate the spammers' services," Steve Linford of The Spamhaus Project wrote in an email interview. AT&T confirmed Thursday the authenticity of the contract and said it had been discontinued. "That document represents an unauthorized revision to AT&T's standard contract and is in direct conflict with AT&T's anti-spamming policies," wrote AT&T representative Bill Hoffman. "The agreement has been terminated, and the customer has been disconnected." AT&T's spam policy specifically rules out contracts like the one it signed with Nevada Hosting. Nevada Hosting could not be reached for comment. Anti-spam groups have long suspected the existence of pink contracts that allow spammers to promote their Web sites provided they send their unsolicited emails through other Internet service providers, according to Linford. The AT&T contact confirmed those suspicions. The Spamhaus Project's success comes as anti-spam groups increasingly bypass spammers themselves and instead target those who facilitate the dissemination of unsolicited commercial email. Those groups--mostly ISPs and server administrators--are relatively few and are easier to hold accountable than spammers. Another such pressure group is the Mail Abuse Prevention System (MAPS), which maintains the Realtime Blackhole List (RBL). The MAPS RBL blacklists servers left open to abuse by spammers. While the group's stated goal is to pressure server administrators to close avenues for spammers, the MAPS RBL has weathered criticism that it has limited effectiveness in actually blocking spam. The Spamhaus Project, based in London, positions itself as kind of spam Purgatory on the way to the MAPS RBL. Spamhaus targets entities that send spam with forged addresses and the ISPs that do business with them. "When it finds a 'stealth' spamming service, or an outfit selling stealth spamware, The Spamhaus Project sends a notice to the ISP and requests the service or site be terminated," Linford wrote. "Ninety-five percent of spam sites are terminated this way, and those that aren't are then escalated to the MAPS RBL team. "MAPS are very much our heroes." AT&T representatives have taken to Internet discussion forums in an attempt to placate spam foes and reassure them that the company's stated anti-spam policy will be enforced in future contracts. "Our sales agents have been instructed as to the correct procedure to follow and have been reminded of our existing anti-spamming policies," AT&T customer care manager Ed Kelley wrote in a posting to the "news.admin.net-abuse.email" newsgroup. "AT&T is making every effort to ensure that this does not occur again in the future." Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Soft Money for Green Medea Benjamin
The SF Bay Guardian, 11/1/00, pg.23, has a big ad for
Green senatorial candidate Medea Benjamin, paid for by
"Philip H. Wilkie and the Green Party of California"
"Not authorized by any candidate or candidate committee".
Friends, this is _soft_money_, right here in San Francisco,
and it's a good example of the kind of thing many
campaign finance "reform" proposals would ban -
and why the First Amendment is a better campaign finance law
that the ones we're using today.
I highly respect Medea - she's strong, principled, and has guts.
She's done a lot of election monitoring around the world.
She needs to learn some reality about economics,
and why economic rights are critical parts of human rights,
but that's the usual Green problem. :-)
I happened to catch the news the other night,
where the bipartisan debate between Dianne Feinstein (boo, hiss!)
and Republican Tom Campbell (who opposes the Drug War)
got upstaged by Medea's protests outside KRON
(or whichever TV-monopoly station it was).
It was a class act, particularly when she and Campbell
hugged each other after both talking to the crowd.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: ZKS, government regulation, and new "privacy" laws
At 10:29 AM 11/2/00 -0500, John Young wrote:
>Banks and telecomms been doing the snitch not nearly
>as long as the church, rather the state snitching to the
>church, depending on who's in charge of the day's
>inquisition. (Interesting stuff in recent books on Vatican
>and global intel services regular kiss-kissing.)
Does anybody know if anything ever came of PGP Inc.'s
attempts to get the Vatican to use PGP?
(I couldn't find a PGP key on www.vatican.va,
though they could be using them just internally.
They do have the Secret Archives on CD-ROM now,
at least for Popes from a long time ago.
I guess the secrets you can find on CD-ROM
aren't the real secrets)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
RE: California bars free speech of those cutting deals on votes
At 11:06 AM 11/1/00 -0800, Tim May wrote: >California passed the Medical Marijuana Initiative (more than once, >as I recall, as the Fedgov found "technicalities" to strike it down >the first time it passed). Actually, the state legislature passed it, twice, and State Reptile\\\Governor Pete Wilson vetoed it, twice. So we had to do an initiative, which Wilson politicked against, but it passed, so State Atty. General Dan Lundgen and the Feds tried to gut it. The new Democrat Atty. Gen. Bill Lockyer's not helping any. >No "interstate commerce" is involved (*), for most home-grown pot, >and yet the Fedgov has asserted the claim that federal dietary laws >take precedence over local dietary laws. If you read the Federal drug laws, they start out by bald-facedly asserting that since it's hard to tell where a particular bunch of drugs comes from, Congress presumes that they may have originated in or be destined for interstate commerce, so they have jurisdiction. (Even if it's a marijuana plant still attached to the ground) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
RE: California bars free speech of those cutting deals on votes
At 09:48 AM 11/1/00 -0500, Trei, Peter wrote:
>All indications are that Carla Howell, the Libertarian challenger for
>Kennedy's Senate seat, will handily out-poll the Republicans this year.
I really like Carla - hope she does well. You'll probably also have
a lot of Greens and liberal Democrats voting for Nader, which would be
good except they're partly doing it for the campaign finance porkbarrel.
Massachusetts looks like the kind of state that has
more pot smokers than registered Republicans.
Somebody ought to be able to use that
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: California bars free speech of those cutting deals ...
And it isn't even shut down through law - just FUD, letting them create a chilling effect without the need for a full-scale argument in court. At 07:31 PM 10/31/00 -0800, Tim May wrote: >At 2:55 AM +0100 11/1/00, Anonymous Remailer wrote: >> >California has "shut down"--through a threatening letter--a site >>>which matches up folks who are willing to say theyll vote for Nader >>>in states where Gore is sure to win if other folks who had hoped to >> >>So now it is illegal to provide a public forum with specific >>capabilities. >> >>Is it also illegal for me to privately arrange this with a particular >>sheevoter from the other state ? Gangs can legally call for >>voters to vote for them and not for the other gang, but voters >>themselves cannot talk to each other and make arrangements that they >>see fit. > >Just another nail in the coffin of free speech in America. > >Perhaps it is best if Nader wins, or, failing that, one of the >Gush-Bore tag team. The worse things get, the faster the collapse. As with Perot, Nader's certainly no worse than the major parties. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: public keyrings
Some Slightly Slack-on-Slack Version of Bob Dobbs wrote: At 02:54 PM 10/31/00 PST, bob bob2 wrote: >if you have the url for an active public keyring site please forward it. ldap://certserver.pgp.com http://pgpkeys.mit.edu:11371/ Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: thanx my friend
[EMAIL PROTECTED] kindly agreed to teach this particular
bomb some phenomenology.
So either he's a clueless kid who'll have to get a new Hotmail
or Yahoo account after being whacked,
or he's a clueless Law Entrapment Officer who'll have to do so,
or he's a troll who's had an afternoon's entertainment :-)
At 01:17 AM 10/30/00 +, David E. Smith wrote:
>On Sun, 29 Oct 2000, sam ram wrote:
>
>> : Hi, can you please show me a easy way to make a home made bomb by using
>> things from the house. so please write back!!
>
>This depends largely on whether your home is equipped with a
>camcorder. Assuming it is, here's the instructions:
>
>1. Get a piece of Scotch tape, and your copy of last month's WWF
>Pay-Per-View that you foolishly bought. Put the tape over the little notch
>on the end of the tape, so you can record over the TLC ("Tables, Ladders,
>and Chairs") (oh my!) match.
>
>2. Call up five of your friends (assuming one of your friends is Paul
>Anderson and another one is Kurt Russell).
>
>3. Get some guns. These should be easy to acquire. If you already have one
>gun, you can use it to acquire more; this, however, is beyond the scope of
>these Step By Step (TM) instructions.
>
>4. Go to your local junkyard at night.
>
>5. Have random people start shooting the guns at Kurt, while he mutters
>and grunts but doesn't say anything. Have Paul point the camera at random
>stuff.
>
>There you go. You've just re-created the bomb "Soldier."
>
>HTH. HAND.
>
>...dave
>
>
>
>
>
> David E. Smith, POB 515045, St. Louis MO 63151
>http://www.technopagan.org/[EMAIL PROTECTED]
>
>"I must remember to destroy those children after my
> breakfast has been eaten." -- Mojo Jojo
>
>
>
>
>
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Parties
That was the nice thing about Ross Perot. If he'd gotten elected, he'd have caused serious chaos in Washington (even though he was basically just another Republicrat), and the worst case is the Second Amendment said we could shoot him if he got too crazy. Unfortunately, he wouldn't let go of the Reform Party, preferring to give the party to the Transcendental Meditation cult if it wasn't going to be run by the Ross Perot personality cult, and now Buchanan has a certain risk of coming out behind the Libertarians :-) (Probably won't happen, since the LP hasn't done enough successful publicity to get mentioned in the media's "oh, yeah, there's also Nader and Buchanan" afterthoughts, but it'd be nice.) At 07:36 PM 10/27/00 -0500, Mac Norton wrote: >So, everybody's third choice gets elected, or they take turns >holding the office, or what? Weighted voting can work for >corporate directors or other committees, but for a chief >executive? Even the electoral college sounds better. >MacN > >On Sat, 28 Oct 2000, BENHAM TIMOTHY JAMES wrote: >> >> That's simply a result of the dim-bulb "first past the post" voting system >> that the US (and apparently you) endure. In countries with electorates that >> are expected to be able to count past 1 (eg Australia) they have >> preferential voting and you can express your preferences from 1 to N >> (the number of candidates). >> >> This allows you to express your preference for libertarian drug-taking >> pornographers and still have an equal impact on the outcome. >> >> Tim >> >> > > > > Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Re: Illicit words
At 09:37 AM 10/25/00 -0400, Riad S. Wahby wrote:
>There is also the 'spook.lines' file that has come in every Emacs
>distribution at since 19.34 or earlier. On my machine it's
>/usr/share/emacs/20.7/etc/spook.lines
>You can use M-x spook to pull several random ones from a file and put
>them in the current buffer, like the following:
>CIA Legion of Doom Peking Noriega cracking Waco, Texas domestic
>disruption bomb security Kennedy KGB $400 million in gold bullion
>counter-intelligence colonel Semtex
Makes a fine substrate for steganography as well :-)
Pick 64 spookwords or spookphrases, which gets you
six bits per word, or four bits with some duplications
to level out distributions a lot.
Heroin Intel Detonator DomIntel Echelon Noriega
Semtex Terrorism Umber Feinstein Phreaking
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Risk and insurance
Archives are on www.inet-one.com
At 02:50 PM 10/23/00 +0300, Sampo A Syreeni wrote:
>On Sun, 22 Oct 2000, Tim May wrote:
>
>>The book I recommended a week or two ago, Judea Pearl's "Causality,"
>>is much more advanced in its mathematics. (But the math is important
>>if one is actually trying to construct the causality diagrams Pearl
>>is talking about.)
>
>Would it be too much to ask you to recant the main point made? It sounds
>pretty interesting...
>
>Sampo Syreeni <[EMAIL PROTECTED]>, aka decoy, student/math/Helsinki university
>
>
>
>
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: why should it be trusted?
At 08:12 PM 10/22/00 -0700, James A.. Donald wrote:
> --
>At 07:09 PM 10/22/2000 -0700, Nathan Saper wrote:
> > I think the government has a right to do whatever it needs to do to
> > maintain the health and well-being of its population. That is the
> > purpose of the government.
>
>Then the government should be raiding your home to check on your
>consumption of chocolate, and spying on your messages to detect if you are
>secretly arranging for the purchase or sale of forbidden substances.
Congratulations! You've finally discovered the Secret Ulterior Motive
behind the Cypherpunks Grocery-Store-Frequent-Shopper Card Exchange Ritual,
which is to discourage them from knowing who's *really* buying
all that chocolate and beer.
(We used to do it relatively often; now it's more of an occasional thing,
especially since the Albertsons/AmericanStores merger means that
Lucky no longer uses cards, but Safeway still does.
Safeway started doing "Thank you for shopping at Safeway, Mr. Cypherpunki"
a while back, and they're currently usually mispronouncing the
person whose dietary habits I'm also disparaging. :-)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: defaulting on US Dept Ed. school loans
At 08:29 PM 10/20/00 GMT, Tito Singh wrote:
>Any suggested parameters or "recipes" for ducking under the govt's radar
>regarding school loan collectionminimal property holdings, shift
>belongings to spouses name, cousins name, liquidize and hideetc...
Yup. Quit your job at the police force and go join the
French Foreign Legion. See the world, meet exciting and
interesting people, and kill them. C'mon, Joe, you can always
change your name.
Declaring bankruptcy is another popular approach.
Of course, the way my generation dealt with the problem
was to have low-interest student loans which the Carter and
Reagan governments inflated into pocket change.
Kids these days have to go back to the old-fashioned way
of financing them, like working hard for a long time
to pay them back.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: why should it be trusted? (insurance)
At 06:25 AM 10/20/00 -0700, Marshall Clow wrote: >At 2:11 PM +0300 10/20/00, Sampo A Syreeni wrote: >>On Wed, 18 Oct 2000, Marshall Clow wrote: >>>So these people are entitled to something for nothing? >>>(or in this case, $1500 of treatment for $1000 of premiums)? >>>Why? >> >>Because keeping people operable longer makes for net savings for the >>society? >That's a nice belief. Can you show it to be true? >>This perhaps isn't a reason for *private* companies to issue >>insurance fairly, but is a clear incentive to the society to nevertheless >>maintain a public health insurance infrastructure. So it's a clear call for charity. Charity is a Good Thing. Insurance works by letting people pool risks - most people in an insurance plan pay more in premiums than they collect, and a small number collect more, sometimes far more, than they paid, and the participants consider it a good deal because the potential costs they're risking are higher than they can afford, compared to the guaranteed small loss of the premium. Most health care "insurance" plans in the US aren't primarily insurance - they're employer-paid benefit plans that cover routine costs as well as covering premiums for shared risk. Mixing the two systems leads to lots of policy confusion. The tax advantages primarily come out of social policy during the World War 2 government interference in the economy and the industry and public attitudes gradually adapting to it. The other cost advantage of employer-paid routine health costs are that the employer may be able to negotiate a better price by buying in large volume, whether directly or through an insurance company that also negotiates better prices by buying in large volume. In return, there's the extra cost of bureaucracy, though in much of the US, the extra hostility of bureaucracy reduces use of the system :-) Employers do also benefit from higher productivity of healthy workers with healthy families, and they need to do something to manage the costs of care for work-related injuries. Without massive employer-funded health care, most people would be more likely to pay for their routine costs directly and buy insurance for excessive costs. Before the institutionalization of the insurance and banking businesses a century ago, large numbers of Americans belonged to mutual benevolence groups - unions, Masons, Moose Lodges, farmers' granges, the Chinese Mutual Benevolence Association, and churches. They provided a number of services to their members in addition to social interaction, typically including money-lending (new immigrant comes to the country, needs loan to start business) and also help for sick and injured members and support for people who couldn't find work. Medical costs themselves don't really correspond, because medicine was different; nursing was something your family or friends generally did, and modern medicine hadn't quite emerged except for fixing some injuries. The main exception was tuberculosis, and TB sanatoriums were often run by fraternal organizations, though some were government-funded. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: why should it be trusted? (NP-Completeness, cracking speed)
r to *find* a key like that in polynomial time except by using special subproblems that turn out not to need exponential time to solve them. So in practice, we'd have to go back to symmetric-key KDCs (Key Distribution Centers, for systems like Kerberos), and One-Time Pads for the really paranoid stuff (like shipping around master keys for the KDCs) for high security, plus medium security that's basically Highly Refined Snake Oil, where the cracker only needs to do polynomially more work than the users, so in practice it's good enough for your credit card number, but not good enough to keep anti-government secrets away from the NSA or secret-government-conspiracy secrets safe from Distributed.Net, so the convenient stuff risks spy-vs-spy and angry-mobs-with-pitchforks attacks. Also in practice, that kind of breakthrough isn't likely to mature for at least a decade (between how long it takes for the hypothetical breakthrough to occur and how long before the system really takes to adapt to it), and even if we haven't had the Great Mythical Nanotech Singularity by then, we'll have enough computer power and miniaturization technology that it'll be much easier to steal keystrokes right off your keyboard and screen, rather than cracking the crypto, close enough for government work, so black bag jobs will be common and we'll be back to a spy-vs-spy game. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: FBI: We Need Cyber Ethics Education
At 10:56 AM 10/10/00 -0400, Trei, Peter wrote:
>Funny, reading the Subject line of this, I immediately
>assumed that the FBI was belatedly admitting that it:
>the *FBI* needed some 'cyber ethics education'. This
>is
>[Yes, I know the article is a spoof]
Tim's spoof got to me before the original did,
and I'd read about halfway through before noticing that
it was probably a spoof and then noticing it was from Tim :-)
That's the problem with stuff that's too realistically written...
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re:
Yes, folks, U B Subscribed now.
Should you want not to be subscribed, try [EMAIL PROTECTED]
where there's a bot, rather then sending misspelled mail to
the entire list where you'll receive replies of random usefulness.
At 10:03 PM 10/8/00 -0700, Tim May wrote:
>At 11:06 AM -0400 10/8/00, steve lan wrote:
>>ubsubscribe [EMAIL PROTECTED]
>>
>
>You, too, are now "ubsubscribed."
>
>Hope you enjoy it.
>
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Algorithm queston.
At 03:04 PM 9/29/00 +, Steve Thompson wrote:
>To correct my ignorance on current cryptography issues, I have been browsing
>the archives. Some time ago, there was quite a bit of talk about the MISTY
>algorithm, although I did not chance upon any pointers to an actual
>implementation. Since the character of the messages which I did read seemed
>to be (loosely speaking) light-hearted, I cannot decide whether the algorithm
>is some sort of `in' joke, or whether it was a cryptographic algorithm which
>didn't `cut it' under peer review.
>
>Are there any old-timers who recall the algorithm in question?
There was one guy from Japan who kept trying to create discussion,
in relatively-clueless mode, but he wasn't a cryptographer,
so he couldn't give us good reasons to use it other than it being
from Japan, and there are patent problems with the algorithm
(I think he may have been connected to the company that owns it),
and some of its relatives were broken (or maybe it; I don't remember).
Tim flamed him a lot.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: And you thought Nazi agitprop was controversial?
By the way, if Jody only wants to fax the document, and Petro only wants to receive it by email, Petro can set up a JFAX.COM account which will accept faxes and email them to him (as TIFF files.) At 12:06 AM 9/15/00 -0700, petro wrote: >>petro wrote: >>> >>> Prove it. >>> >>> Produce the documentation that makes that claim. >>> >>> Come on. I double dog dare you--and not some stupid joke, or >>> have wit assertion (which is most of what comes out of your mouth). > > There is this thing called "The internet". It's a wonderful >method for spreading (dis-) information. > > Scan them, compress them, and mail them to me. >-- >A quote from Petro's Archives: ** >Sometimes it is said that man can not be trusted with the government >of himself. Can he, then, be trusted with the government of others? >Or have we found angels in the forms of kings to govern him? Let >history answer this question. -- Thomas Jefferson, 1st Inaugural Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
test: ignore: Re: Algebra.com Dysfunction?
You sent your message to toad.com; I'm trying this through algebra.com.
At 06:55 PM 9/9/00 -0500, "Wilfred Guerin" <[EMAIL PROTECTED]> wrote:
>?
>
>cyph relay CDR on Algebra.com has been sending null messages from
owner-etc since Friday the 8th, 13:42 cst last coherent message.
>
>Has there been failure/problems with the algebra.com server, or is there
known reasons for these strange messages rather than the relay?
>
>(I do not know the scope of this problem, nor if CDR admins are aware of
the problem, hopefully so, if not, I have a nice log of 50 or so messages
from the algebra.com server with null content and otherwise useless purpose
:) )
>
>(Since Algebra.com is sending out null messages, please respond directly)
>
>-WLG
>
>
>
>
>
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: test: ignore: Re: Algebra.com Dysfunction? - Seems to work!
I don't know if algebra's sending out bad messages, but this one worked fine. I'm using [EMAIL PROTECTED] as my cpunks feed, so that says it's getting between those two just fine. At 04:23 AM 9/10/00 -0700, Bill Stewart wrote: >You sent your message to toad.com; I'm trying this through algebra.com. > >At 06:55 PM 9/9/00 -0500, "Wilfred Guerin" <[EMAIL PROTECTED]> wrote: >>? >> >>cyph relay CDR on Algebra.com has been sending null messages from >owner-etc since Friday the 8th, 13:42 cst last coherent message. ... >>(Since Algebra.com is sending out null messages, please respond directly) Headers if you want them: = Return-Path: [EMAIL PROTECTED] Received: from wormwood.pobox.com (localhost.pobox.com [127.0.0.1]) by wormwood.pobox.com (Postfix) with ESMTP id E6DC47297B for <[EMAIL PROTECTED]>; Sun, 10 Sep 2000 07:25:35 -0400 (EDT) Received: from sirius.infonex.com (sirius.infonex.com [216.34.245.2]) by wormwood.pobox.com (Postfix) with ESMTP id 3B0A972986; Sun, 10 Sep 2000 07:25:22 -0400 (EDT) Received: (from majordom@localhost) by sirius.infonex.com (8.8.8/8.8.8) id EAA29103 for cypherpunks-outgoing; Sun, 10 Sep 2000 04:23:51 -0700 (PDT) Received: (from cpunks@localhost) by sirius.infonex.com (8.8.8/8.8.8) id EAA29079 for [EMAIL PROTECTED]; Sun, 10 Sep 2000 04:23:36 -0700 (PDT) Received: from cyberpass.net (cyberpass.net [216.34.245.3]) by sirius.infonex.com (8.8.8/8.8.8) with ESMTP id EAA29064 for <[EMAIL PROTECTED]>; Sun, 10 Sep 2000 04:23:25 -0700 (PDT) Received: from mail.virtual-estates.net ([EMAIL PROTECTED] [160.79.196.177]) by cyberpass.net (8.8.8/8.7.3) with ESMTP id EAA08789 for <[EMAIL PROTECTED]>; Sun, 10 Sep 2000 04:25:23 -0700 (PDT) Received: (from cpunks@localhost) by mail.virtual-estates.net (8.9.3+3.2W/8.9.1) id HAA04885; Sun, 10 Sep 2000 07:21:22 -0400 (EDT) X-Authentication-Warning: video-collage.com: Processed from queue /var/spool/mqueue-majordomo X-Authentication-Warning: video-collage.com: Processed by cpunks with -C /usr/local/majordomo/sendmail.cf Received: from smile.idiom.com ([209.209.13.26]) by mail.virtual-estates.net (8.9.3+3.2W/8.9.3) with ESMTP id HAA04875 for <[EMAIL PROTECTED]>; Sun, 10 Sep 2000 07:21:20 -0400 (EDT) X-Relay-IP: 209.209.13.26 Received: from billstewart (sji-ca5-13.ix.netcom.com [209.109.234.13]) by smile.idiom.com (8.9.1/8.8.5) with SMTP id EAA88959 for <[EMAIL PROTECTED]>; Sun, 10 Sep 2000 04:23:14 -0700 (PDT) Message-Id: <[EMAIL PROTECTED]> X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Sun, 10 Sep 2000 04:23:10 -0700 To: [EMAIL PROTECTED] From: Bill Stewart <[EMAIL PROTECTED]> Old-Subject: test: ignore: Re: Algebra.com Dysfunction? In-Reply-To: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: test: ignore: Re: Algebra.com Dysfunction? Sender: [EMAIL PROTECTED] Precedence: first-class Reply-To: Bill Stewart <[EMAIL PROTECTED]> X-List: [EMAIL PROTECTED] X-Loop: [EMAIL PROTECTED] X-UIDL: 078ec938d46bf0807ff8995691e7af79 == Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: StoN, Diffie-Hellman, other junk..
>>Any symmetric algorithm will have maxed out by 256 bits, and most by 128, >>though you may want different keys for your two directions. >>So generating the DH key with 1024 bits is probably enough, >>though it doesn't hurt much to do 2048 or 4096 - >>no need for separately generating a key and shipping it. >>In particular, DH takes advantage of both machines' sources of randomness, >>which is a major win over something generated by one end >>unless you've got a good reason for it. > >Well, the information I have is that Blowfish takes up to 448 bits, RC2 up >to 1024 bits, Mars up to 1248bits, RC5 and RC6 both up to 2048 bits of key >material.. is that incorrect? Not incorrect, but 2**256 possible keys gets you into age-of-the-universe territory for cracking. >This brings up another question. My document states that Cast256, IDEA(*), >Mars, Misty1(*), RC5, and RC6 are all patented.. * = "Free for >noncommercial use." Is there a good repository somewhere with information >on all the licensing issues/rules of these algorithms? I'm not aware of one. IDEA's "non-commercial" definitions have gotten fuzzier over the years, and it's patented in lots of places. Avoid Misty. Several of the AES candidates had policies of "it's patented now but if we're the AES winner you can all use it for free", which means you won't really know licensing issues until NIST picks a winner. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: StoN, Diffie-Hellman, other junk..
that than trading PRNGs. Signing DH keyparts is a job for public-key signatures. >>Also read the Photuris internet drafts - there's a lot of experience >>on denial-of-service attacks that they've incorporated, >>and it doesn't take much work to prevent most of them. > >Ah, sorry.. how did we get on the topic of denial of service? By saying "I'm going to put this chat server on the Internet" Crypto has its own special denial-of-service flavors in addition to the regular ones, and Photuris addresses a lot of it with minimal work. >Delphi can call C routines no problem, I have two problems with GMP that >however have nothing to do with Delphi.. > >First, It's GPL'd, or under a modified version of the GPL. I find the GPL >to be distasteful and it forms a barrier more than a bridge to continued >software development. The reason for this I think is pretty simple; the >GPL (I refer to the classic GPL.. I am not sure of modifications to it that >may have been made for it's application to GMP) has made it excruciatingly >clear that any program or library using any GPL'd source code must itself >be open source, and cannot be sold for profit, but only "at-cost". The "Library GPL" was written to address just that problem. Stallman calls it the "Lesser GPL", because he doesn't like it (:-), but LGPL says you have to distribute source code for the LGPL'd libraries you use or modify (or indicate where to download them) but doesn't GPLize the code you wrote that isn't part of the libraries. So you can use it in your proprietary product without publishing your code, charge money for it, etc. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: StoN, Diffie-Hellman, other junk..
en. Check out GALE at gale.org, and look through the Cypherpunks archives for encrypted IRC and DCC variants. Don't let that stop you from coding, but do steal code rather that writing from scratch when you can. > First, I gotta say.. only been back on the list a day or two and the Signal > to Noise seems to have gotten nearly out of hand.. I don't know what > cypherpunks has to do with trying to listen in on cordless phone calls, or > how to give someone drugs.. but anyway.. something on topic.. :) It's been high for years - thanks for adding Signal :-) Listening in on cordless phones can be a legitimate cpunks kind of topic, though it's been discussed in the past and this was probably just a troll or a clueless newbie. As far as giving people drugs, the standard Cypherpunks approach is to say "That's a hardware problem" and then discuss whose Palm-pilot digicash system you can use for payment, though there has also been crypto protocol work like "The Cocaine Auction Protocol" on how suppliers and consumers can find each other without interference by non-participants, or building conferencing systems for ravers where the server operator provably doesn't have anything subpoenable that would indicate which chatters were discussing where to get drug X at event Y. (There are also noisier Cypherpunks approaches to drugs, like saying "Jim, yer off yer medication again" or "smells good, got any more?" or "He's obviously smoking something *very* good and not sharing" or "No, in a geodesic gift economy you really *might not* charge for drugs." :-) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
GPG Slashdot discussion; Phil Z Interview
Slashdot discussion at http://slashdot.org/article.pl?sid=00/09/06/1653255&mode=thread OctaneZ asks: "What are the relative merits and drawbacks of using Gnu Privacy Guard vs. Network Associates' PGP. I am not referring to the fact that GPG doesn't use any restricted implemtations or algorithems; or that GPG was not affected by the recent PGP hole; but other more everyday issues. How is interoperability between the two. As well as integration into common applications such as Eudora in windows and others, possibly PINE, in LINUX. Could this be deployed such that the learning curve of transitioning users from PGP to GPG is not too steep? I am a strong beleiver in encryption, and have used PGP for a very long time, however I would prefer to use an OpenSource/Non-restricted program; however the usefullness of said program, as well as the security takes precidence, at least in my book." http://slashdot.org/article.pl?sid=00/09/06/1916226&mode=thread A reader writes "PGP's creator is participating in an online interview this week. http://forums.itworld.com/webx?14@@.ee6caf5 Phil is mainly interested in clearing the air about the recently discovered ADK bug, but the larger topics of encryption and worldwide organized snoop rings (Echelon) have already come up. The interview is open to questions from anyone; runs through Friday 9/8."
Re: Good work by FBI and SEC on Emulex fraud case
>At 1:12 PM -0700 8/31/00, Eric Murray wrote:
>>A small note: IW digitally-signing the releases would not
>>have made a difference in this case-- the guy used his knowledge
>>of IW's procedures to social-engineer IW into accepting the
>>fake release without doing their usual checking procedures.
At 01:22 PM 8/31/00 -0700, Tim May wrote:
>The system I envision would mean each chunk of text ("press release")
>would carry a digital sig, which could be checked multiple times.
>Hard for social engineering to get past the fact that Emulex, say,
>had not digitally signed their own alleged press release.
How often do people check signatures?
If they check them, and they pass, how often do they check keys?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Subject: Microsoft Press Release On Digital Signatures
Date:September 6, 2001
Microsoft announced today that all future press releases will
be signed with PGP digital signatures so that readers can verify
that they're reading genuine Microsoft press releases,
not forgeries from hackers trying to manipulate the stock price.
Microsoft's corporate PGP key 0xB9C8B513 is on the Network Associates
keyservers, and you can verify the signatures there.
Microsoft's public relations department also announced that
plans for World Domination 2.0 are ahead of schedule,
and declined to comment on Bill Gates's muttered reference to the
antitrust prosecutors as a major-league %^%*&@.
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.8 for non-commercial use
iQA/AwUBObaOltwjGL65yLUTEQIfNACgrmbcIwqX+u3wWmDRAShF+ydjpiYAoLwS
WZoHfvvlHEd2/0rCVSrXL60G
=g+G7
-END PGP SIGNATURE-
Re: PRNG server
At 11:09 PM 8/29/00 -0700, petro wrote:
> The trust issue can be dealt with by a combination of 2
>methods, first the traditional trust model--provide a consistent
>source of randomness over a long enough time, and people will trust
>it.
>
> Secondly, encrypt the random bits for delivery--that way the
>receiver can trust that the bits they get, they alone get.
You can't provide cryptographically trustable random numbers that way.
Run DES in counter mode, with a key and starting value known only to
the perpetrator, and you'll get high quality random numbers
which pass all the statistical tests gamers need,
but are still entirely owned, so not very useful cryptographically.
The main thing it does is lets gamers trust each other,
because it's a common stream of bits that none of them controls,
unless somebody hacks the transmission paths or the server itself.
The receiver has no way to trust that the bits they get aren't sent
to anybody else, because that requires knowing the server is Not Cheating,
and there's no way to know that. (Actually, you can do a bit better,
in that the receiver can decrypt the bits without the sender needing to
encrypt them first.)
It's not useless - you can use it to help seed PRNGs along with other
sources of entropy you've got locally, for times you need something
better than just the system clock and there's nobody at the console
to throw dice or wave a mouse.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: SF Internet self-defense course
At 01:11 PM 8/29/00 +0200, Tom Vogt wrote: >Tim May wrote: >> >are you required to provide your private keys to an enemy (e.g. someone >> >who is sueing you) ? .. >> I expect 95% or more of all encryption is done at the transport >> layer, i.e., for transmission. Most peoplee, I surmise, keep their >> original compositions in unencrypted form and their decrypted >> transmissions in that form, too. The perceived threat model is for >> interception by ISPs, snoops, and government agencies. > >that's where good software comes in. mutt, for example, stores the >received encrypted mail - well, encrypted. decryption is done when you >view the mail. also, encrypted mails you send are encrypted twice - once >with the receipient's key and sent to him, once with your key for your >"outbox" archive. The Eudora PGP Plug-In deliberately decrypts received mail and stores it unencrypted, specifically to discourage the "You must escrow your private keys so we can decode your plaintext" attacks that the FBI/NSA/WhiteHouse anti-crypto mafia were pushing a couple of years ago. That's a different issue from storing your mailbox in a PGPdisk volume or some other encrypted filesystem or having the mail decryptor re-encrypt for storage with a different key (which wouldn't be that hard, since you could use a different public key to encrypt the session key and leave the symmetric-encrypted part of the message alone.) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Peacefire - disabling censorware using Akamai caching system.
Heh heh. Akamai is a large web caching service company.
>Date: Tue, 22 Aug 2000 17:34:21 -0500
>Sender: Law & Policy of Computer Communications <[EMAIL PROTECTED]>
>From: "James S. Huggins (Cyberia)" <[EMAIL PROTECTED]>
>Subject: new method for disabling censorware
>
>Peacefire has figured out a way to use the akamaitech.net servers as proxies
>to access any page.
>
>http://news.cnet.com/news/0-1005-200-2586200.html
>
>and
>
>http://www.peacefire.org/bypass/Proxy/akamai.html
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Intertesting article on Mogadishu, business, & no gov't
>http://www10.nytimes.com/library/world/africa/081000somalia-govern.html
> >
> > So it may come as a surprise that business people in Mogadishu,
> > the wrecked and lawless capital, are begging for a government.
> > They would love to be taxed and would gladly let politicians
> > meddle at least a bit in their affairs.
There were two basically different types of requests for governments.
Some people said they wanted a government to stop bandits from
robbing and extorting from them, believing that a government police force
would be much more efficient than everybody having to hire their own guards
(and often the guards they hire would otherwise be the bandits robbing them.)
Other people said they wanted a government because they needed roads,
electricity, a seaport, and other economic infrastructure to be provided,
presumably paid for by other people's tax money. Greedy bastards -
they ought to get together with others in their community and build some.
(Somewhere in between there were people who'd like some infrastructure,
and who might believe a free market could provide them,
but don't believe the current bandit-ruled market can do so.
Free riders are one thing, but constant robbery is a higher barrier.)
Part of the problem is the failure of traditional Somali critiarchy to
adapt to cities, and to rebuild itself in areas that have previously been
run by corrupt dictatorial post-colonial governments.
Traditional Somali society doesn't have permanent police, but when
families and tribal judges can't get cooperation with confict resolution,
everybody who's armed becomes the police. This means occasional violent
conflicts, but there's very seldom anything resembling war,
especially prolonged war. But the concentration of power in and around
Mogadishu appears to have corrupted the process, and enough people
are living as robbers outside the normal tribal structures.
(I'm not saying that there weren't cattle-rustlers inside the
normal tribal structure, but this urban thuggery has a much different
character.)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Dealing with spam. (with mechanical assistance)
Besides, the technical skills and fanatic-too-much-time-on-their-hands
aspects of the attacks are really more like a cypherpunks type
or 3L33T script kiddie type than a LEO :-)
At 10:38 AM 8/7/00 -0700, Ray Dillinger wrote:
>
>On Mon, 7 Aug 2000, Harmon Seaver wrote:
>
>> Frankly, I think that all the egroup subscriptions and trolls are
>>from LEO's who are carrying out a deliberate campaign to destroy the
>>cypherpunks list, or at least make it so painful to be on that no one
>>will stay.
>
>An interesting theory, and not terribly implausible if you think
>cypherpunks is important enough to them to try to break. However,
>given that the list is instantly infiltratable with zero effort,
>the only escape from that that would be taking the cypherpunks list
>completely underground - which would fundamentally alter its
>character.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: USPO still trying to SPAM everyone
At 07:26 PM 8/1/00 -0500, Jim Choate wrote: >On Tue, 1 Aug 2000, sunder wrote: >> Jim Choate wrote: >> > On Mon, 31 Jul 2000, Eric Murray wrote: >> > > Well, they could make all other email services illegal. >> > > Yea, not bloody likely. But governments have done >> > > stupider things. >> > See the 1st. >> That would be nice, except for two things. .gov has deemed that the post >> office should be a monopoly*, and thus it and only it is allowed to carry >> mails. > >No, the Constitution REQUIRES the post office to be a monopoly. Maybe the Republic of Texas consitution requires that, but the US Constitution on says, in Section 8, that the Congress shall have the power "To establish Post Offices and post Roads". No mention of monopoly there. > General post, as a general principle of democratic society, since it represents a >'press' and is critical in the 'speech' of the people and they are >required by oath to protect both is justification to have it managed by >the central or federal government versus a bunch of individual businesses. One can argue, though IMHO not successfully, that it's useful for the Government to fund a post office that sends mail to everybody, but that's still no justification for monopoly. Far from it! A government postal monopoly, by deciding what content of speech it would carry and forbidding competition, could censor that speech in ways that the First Amendment clearly opposes and supersedes. (What? The Post Office ban mailing obscene content? Never happen...) >> Second while the 1st does protect speech, it doesn't prevent .gov from >> fucking with the method of transporation. See the FCC for another example. > >Um, as a matter of fact the Constitution REQUIRES the federal government >to regulate inter-state commerce. Again, no, it only gives Congress power to do so, and does it particularly to take that power away from the states. Somehow they've bullied the courts into letting them extend that power to things like growing your own grain on your own farm to feed your own animals, and growing your own dope on your own farm to feed your own head, but then the Supremes in the early 1900s were no particular friends of the First Amendment, viz Schenck. >> [* An interesting exception is that things like FedEx, UPS, DHL, etc. do >> exist and do compete with the USPS's parcel post, but that's for packages.] > >In COMMERCIAL environments. If we were to reduce it to the majority of >traffic that is carried by the USPS then they'd go broke in about a week. The reason there's a postal monopoly is in large part because of an anarchist lawyer, Lysander Spooner, who believed that private business could do a much better job of anything that a government business, and demonstrated it by running a better postal service in Rochester New York than the US Snail could, in about the 1840s. They couldn't beat him at their own game, so they banned him from competing. P.S. Jim Choate's broken mail software put another of those CDR things in, but I fixed that. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: reverse Zero Knowledge?
The existence and usefulness of blinding functions will depend on f(). For many interesting functions, computing f' is a very large effort, so computing f'(b(y)) is as much work as computing f'(y), so Bob will charge Alice just as much. In the case of RSA, computing f' is very hard, but maybe Bob has lots more resources than Alice, and the numbers are small enough to be worth trying, e.g. 512 bit keys. There's unlikely to be a useful blinding function - you're trying to find prime factors of a large two-factor composite number pq, and finding factors of a different large number isn't useful - the blinding function is multiply by b, so either Bob will give you "b" and "pq" as factors (useless and expensive :-), or else Bob will give you "bp" and "q" or "p" and "bq", and it's much easier for Bob to factor the potential bp and bq, so not very blind. Also, if b is large enough not to cause the easy solution "b" and "pq", it increases the work factor by about 2**b/b, which makes it too hard for Bob. Similarly for Diffie-Hellman, cracking g**pq mod m is hard, but cracking g**pqb mod m isn't much harder, though you're likely to get "b" and "pq" as the factors at least half the time. But if you do pay for it, and get lucky and get "bp" and "q", and Bob doesn't have the connections to recognize g**q mod m as Terry the Target's keypart, you win. How often is this useful? Most applications either use 192-bit keys (has Sun fixed "Secure NFS"?) or 512-bit (hard but marginally crackable, but probably not common), 1024-bit keys (believed to be way too hard), or 1536-bit (definitely too hard). At 12:07 PM 8/1/00 +1000, Julian Assange wrote: > >Let y = f(x) and f'(y) = x > >Imagine Bob runs a f' cracking service. Imagine Alice has y and wants x. Alice may >or may not know f' however she wishes to take advantage of Bob's f' cracking service >to obtain x. But she doesn't want Bob to know x. Yet she wants Bob to compute it >for her. > >Imagine there is a blinding function b, and an unblinding function >b'. Alice sends Bob b(y). Bob produces z=f'(b(y)). Alice extracts x = >b'(b). > >Has this been done for RSA etc? > >Is it possible to find blinding functions of this nature for any >function in number theory? > >Cheers, >Julian. > > > Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Uraniumonline.com auction site
Yep - e-commerce with a bang!
http://www.uraniumonline.com/nynco/Press_Releases/press_releases.html
PRESS RELEASE
Nuclear Fuel Market Goes On Line
With UraniumOnLine.com
July 10, 2000
New York --U.S. utilities that generate electricity
from nuclear power
plants are entering the world of e-commerce to buy
fuel for their
reactors. New York Nuclear Corporation (NYNCO), a
nuclear fuel
brokerage company founded in 1982, is now operating
UraniumOnLine.com (UOL), the only nuclear fuel
electronic marketplace
in the world. Nuclear fuel auctions within UOL are
private and open only
to qualified buyers and sellers.
Until now, nuclear materials were procured using
cumbersome and time
consuming methods. Information about material
availability and prices
was limited. But with its second on-line auction, UOL
has moved the
nuclear fuel market into a new age. The July 6
auction of 125,000
pounds of uranium began at 9:01 a.m. and closed
twenty-two minutes
later. Uranium prices during the past year have
fluctuated from between
$10.40 to the current UOL auction result of $8.18 per
pound. The
auction reflected a typical spot nuclear fuel market
transaction in terms of
quantity and delivery requirements.
"Nuclear fuel prices have always been difficult to
determine because
important details of transactions are often unknown,"
explained NYNCO
President Joseph McCourt. "The published prices that
are currently used
by the industry involve a fair amount of guess work.
With UOL, the
market can actually see what the deal is and what
exactly buyers and
sellers are bidding. We believe with UOL the
multi-billion dollar
international nuclear fuel industry will finally have
a specialized trading
platform capable of handling procurement with low
transaction costs and
complete price transparency. Moreover, UOL will, with
the help of its
worldwide clients and its in-house nuclear fuel
expertise, provide the
nuclear fuel industry contractual and other standards
that will define and
greatly facilitate nuclear fuel trade around the world."
Nuclear fuel is used by the world's 430 nuclear power
plants to supply
approximately 20% of the world electricity needs.
About New York Nuclear Corporation: NYNCO, with
offices in New
York, Washington, Atlanta and Preston, England, has
offered brokerage
services to the commercial nuclear power industry
since 1982 and has
concluded transactions involving millions of kilograms
of uranium, uranium
hexafluoride conversion services, and uranium
enrichment services. Its
worldwide client list includes most nuclear utilities
and uranium producers
and processors.
For more information, contact:
In North America: Becky Battle (404) 876-9454
([EMAIL PROTECTED])
In Europe: Andrew Crockett 441772200320 ([EMAIL PROTECTED])
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: IPv6 encryption strength
At 11:01 AM 7/30/00 -0400, Timothy Brown wrote:
>Can anyone provide a pointer or helpful information to speak to the
>strength of the encryption capabilities in IPv6? Is it considered
>weak or strong by the crypto community - or somewhere in between?
IPv6 and IPSEC allow you to negotiate which encryption algorithms to use.
Implementations can offer a variety of algorithms,
and the two ends of a connection negotiate which to use,
so you can choose to be as secure or insecure as you want.
Originally, support for single-DES was mandatory,
so there'd be something "secure" to fall back on.
I think that's now been replaced with Triple-DES.
Support for NULL encryption is also available.
In addition to the ESP-mode operations, which do encryption,
there's AH Authenticated-Header mode, which doesn't encrypt,
but does use cryptographic checksumming to validate the packets.
You'd use this for things like firewalls, only allowing authorized
packets and rejecting anything else, where you don't care about
eavesdroppers, only crackers. There have been arguments about
whether this mode is adequate protection.
Then there's the whole IKE key exchange mechanism.
Unlike the simplicity of Photuris, IKE is a mess of twisty little protocols,
and it's not clear whether the NSA's help in developing it needs to be
attributed to malice or just stupidity, with creeping featurism run wild.
The big problem is that all this is difficult to implement;
IPSEC with Photuris could have been done a couple years earlier
with everybody's implementation being compatible.
William Simpson, one of the Photuris authors, had a rant out about it,
which may have been an Internet Draft. Also look for stuff on
ISAKMP and Oakley, the two things that merged to become IKE.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: JYA, Cryptome Help Request
At 08:49 AM 7/27/00 -0700, Mark Allyn wrote:
>I have heard that an outfit called Akamai Technologies in Cambridge,
>Mass is real sharp with mirroring and traveling content technologies.
>It was formed by techies from MIT. Perhaps they might be able to
>offer something.
Akamai and other companies (my employer AT&T offers a similar service)
provide services using a variety of caching equipment (Inktomi is
one of the prominent vendors) to do caching.
The negative aspect of them for JYA is that we charge money,
with prices depending on usage (typically 95th percentile peak rate),
which are appropriate for commercial businesses broadcasting things
or managing the capacity of their web site, but a bit steep for
non-commercial sites run by individuals who've been slashdotted.
Slashdot.org is one of the common sources of trouble -
they have a policy of not caching, because back when they were a
volunteer effort instead of a business, they didn't want to pay lawyers
or get sued occasionally for caching people's stuff.
I do think they ought to reconsider, now that they're commercial
and owned by a company big enough to have real lawyers,
and most people probably would prefer to be cached rather than slashdotted.
Getting your website mentioned in the more conventional press,
like Drudge, is more of a problem, and you're only helped somewhat
by big ISPs using transparent caching at their gateways.
If your site has been unchanged long enough for Google to find it,
you _can_ cheat and publish the address for the Google cache :-)
But that's not much help for fast-breaking news;
it would have been nice if Drudge had provided a cached version
of at least the basic pages.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Better than pgp
At 12:20 AM 7/30/00 -0700, Matt McDole wrote:
>I was wondering if there was encrytion software that didnt limit your to
>4096 bit key size, I am looking to go higher. - Any suggestions?
Let's see - either you're trolling (:-) or you're expecting a
semi-major mathematical breakthrough, enough to kill 4096 bits but
not major enough to make RSA totally unusable,
or you're expecting your application to last substantially longer
than the fraction of the age of the universe most of us are expecting to
experience? Or you're expecting Moore's Law to keep doubling speeds
every 1-2 years for the rest of your life?
Key length calculations aren't strictly exponential, but they're close
enough that if 1024 bits really isn't enough, 1536 certainly is.
The tradeoffs with longer keys are that it reduces the number of people
you can communicate with, which is substantially more of a security
threat than the length of the keys, and that it pushes you toward
homebrew software that's less tested than widely-used software,
which means there's a higher risk of bugginess.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: FBI Makes Case For Net Wiretaps
Tim May's quicker on the draw than I am :-) You know you've tweaked the FBI when they drag out child pornographers, terrorist bombers, hackers, and other usual suspects on a hearing that they didn't initiate and didn't want to be dragged into. To some extent, they always start speeches on wiretapping this way, just like many politicians start off their speeches with a joke to get the audience warmed up. But this time it's different, because the Carnivore system, as described by the FBI officials, can't tap anonymous encrypted mail - there's no From: or To: information. So are they just grandstanding to make up for a weak position? (Probably - they'd have had lots less controversy if they hadn't picked a memorable name like "Carnivore".) Or were they saying that the box is just the latest round of the new wiretap capabilities they're looking for, just as they've been trying for the entire time Louis Freeh's been FBI director? Most of their speeches were spinning "No, this is just a new implementation of the same policies we've had for several years", but Kerr's speech, like most of Freeh's speeches, really says that the FBI wants to have constantly increasing wiretap powers to make up for the improving technology in the commercial world. This also suggests that just because Carnivore does very few things now, that doesn't mean it won't do more later, with or without explicit notification to the ISP. Some of the FBI testimony was very interesting - they conceded reluctantly that there hadn't been any court tests of their power to require ISPs to comply with Carnivore or other wiretaps - most ISPs simply obeyed, except Earthlink had technical problems using the box and that court case hasn't been finished yet. Some technical information also leaked out, though it's not clear whether it's accurate or not - that depends on the technical expertise of the FBI speechwriters and speakers, which was quite varied. The technical clues I noticed were that - The ISP's systems have to forward them email messages that might be relevant, which implies that the ISP has some ability to pre-filter, though it's not clear that any of them are. - The Carnivore searches the From: and To: header lines, which says that it's opening up the message itself, rather than just using the SMTP or POP3 protocol messages (such as RCPT) which are used in sending, receiving, and picking up the message. That's not as much like a pen register as the FBI claims - it's more like listening to the beginning of a phone call to see who the speakers are. It also steps into the territory of whether the message is being tapped in transit (which is directly addressed by the ECPA) or tapped in a mailbox (which is somewhat more open, given the Steve Jackson Games lawsuit.) - They didn't say whether the ISP has an opportunity to review the data kept by the Carnivore box, to validate that it's all that was collected. The speaker from the CDT made a nice point about trunk-side taps, which have been treated differently by courts and legislatures than line-side taps - Carnivore looks much more like trunk-side. Bill Stewart >At 5:01 AM + 7/26/00, Anonymous wrote: >>By John Schwartz >>Washington Post Staff Writer >>Tuesday , July 25, 2000 ; E01 >> >>Federal law enforcement officials defended "Carnivore"--the FBI's >>controversial Internet wiretap system--through more than two >>acrimonious hours of grilling by Democratic and Republican lawmakers >>yesterday, painting a chilling picture of an Internet that would >>become a safe haven for crooks and terrorists without proper >>surveillance. >> >>"Criminals use computers to send child pornography to each other >>using anonymous, encrypted communications," FBI Assistant Director >>Donald M. Kerr told the House Judiciary subcommittee on the >>Constitution. At 11:11 PM 7/25/00 -0700, Tim May wrote: >The FBI has said that Carnivore will only be directed at specific >targets of a wiretap order. > >How, then, does it do a damned thing with "anonymous, encrypted >communications"? > >This is just one of many failures in logic. (The longer version of Kerr's quote:) "Criminals use computers to send child pornography to each other using anonymous, encrypted communications," FBI Assistant Director Donald M. Kerr told the House Judiciary subcommittee on the Constitution. "Hackers break into financial service companies' systems and steal customers' home addresses and credit-card numbers, criminals use the Internet's inexpensive and easy communications to commit large-scale fraud on victims all over the world, and terrorist bombers plan their strikes using the Internet." Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
CARNIVORE HEARINGS ON C-SPAN NOW, 10:30PM PDT
The Carnivore Congressional hearings are currently on C-Span, at least here in the Bay Area. Steinhardt speaking now; other Good Guys including Matt Blaze this half hour. Barr was grilling Feds earlier; I just turned it on at the end of that section.
CARNIVORE HEARINGS NOW ON C-SPAN 10:30PM PDT
I just turned on the TV, and the Carnivore hearings are going on now in C-Span. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
RE: Jim Und Dave?
At 03:37 PM 7/21/00 -0700, Ernest Hua wrote: > Well, I did not see that one, so I did not complain, >but I must say that I cannot agree with that one >either! I think Mr. Anonymous is much more irritating when >he hides behind anonymity, but has no trouble >violating others' privacy, even the privacy of those >who are only incidentally related to the scenario. This issue >has nothing to do with majority vote; I just think >it's wrong, even if everyone else feels otherwise. Ern Publishing the home addresses of spooks who might be killed is one thing. Publishing the addresses of the FBI thug who was merely saying "We're telling you to unpublish the list of spooks, and you'd better not publish our names either" is another - they're not acting in some undercover capacity like drug informants who'll get killed by the other side in the evil war they're fighting, they're acting as bureaucrats abusing their public office who deserve to be publicly exposed and humiliated for it, and they're in no physical danger from JYA or the rest of us. The Feebs have no business complaining that somebody does so anonymously, because they demanded to be anonymous with their vague threats to JYA. In one of John's postings, he indicated that it was only the Feeb supervisor Special Agent Dave Marzigliano who insisted on anonymity - the lower-level Special Agent James Castano was just passing on the request that came from the Japanese government's request to squelch publication. It's still highly inappropriate for a request like this to come from a police agency - this is a foreign policy request from another government, so that's the job of the State Department. It might have been an FBI issue if there was some accusation that a US law had been broken. If the Spooky Agencies felt that US national security interests outside the US were being violated, e.g. ratting out Japanese secret police might reveal US spook connections, and they therefore want to ask a US journalist to squelch distribution of a publication that's already been published, that's a job for a polite request from them, not from a US police agency. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: John Young, the PSIA, and Aum
At 09:55 AM 7/23/00 -1000, Reese wrote: >Japanese nationals are not Americans, American law does not >apply in Japan. If the Japanese government is oppressing its citizenry, >it is a uniquely Japanese problem, there is no reason for the USofA to >get all up in arms about it, just as there was no reason for the USofA >to get all up in arms & involved in, say, Pol Pot's Cambodia. No, it's a human problem. Doesn't mean that the US Government should be taking up arms to prevent it, but that's different from Amnesty International doing something about it. US law currently forbids US citizens from engaging militarily in their own foreign policy, the way many Americans did during the Spanish Civil War (joining either the Commie or Fascist armies) or early WW2 (joining the Canadian or British armies.) But that doesn't mean it's inappropriate to be involved. In this case, the US government chose to intervene on the side of the Japanese secret police, though their most recent moves were unsuccessful and counterproductive. > >>As you said, the story is incomplete. Look before leaping, eh? > >>Take your paragraph above. How could jya know that the japanese > >>would want the list taken down, before posting it? Logic fault, > >>there,,, > > > >Because he was communicating with his Japanese source, who knew quite > >well that the PSIA did not want this story aired. > > > >Duh. > >This implies jya should have checked with the Japanese Ministry and asked >their permission before posting the list. Feh - JYA's got no legal obligation to some other government. He's got the usual moral obligations all of us have - he decided that they weighed more strongly on the side of publishing than on the side of cooperating with a government that's got no authority over him. That's the nice thing about censorship and the Internet - it only takes one brave person to blow censorship away, and anonymity makes bravery much easier. Later, Reese replied to > At 08:23 PM 23/07/00 -0400, Meyer Wolfsheim wrote: > >Aleph is a religious organization. So were the Branch Davidians, though Aum's social teachings were clearly evil. > Strong ties to one religion or another can be found within the Hezbollah, > the IRA, et al. Was Aum Shinrikyo NOT a religious .org? The IRA's ties to Catholicism are minimal at best - they've tended to be Marxists, rejecting Christianity as the opiate of the people, as well as ignoring it personally. Just because they don't practice their religion doesn't mean that the religion they don't practice isn't Catholic. But if the Pope told them to disarm, they probably wouldn't. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: John Young, the PSIA, and Aum
At 08:17 PM 7/23/00 -0700, Kevin Elliott wrote:
>>This past year, The PSIA was given new powers to track Aum Shinrikyo. A
>>newly passed law:
>>
>>1) allows the PSIA to conduct on-site investigations
>>2) compels Aum to report names of executives, followers, addresses of
>>facilities, and assets to the PSIA.
>>3) requires Aum to report who maintains and updates their website.
>
>You know sometimes I'm glad we usa'ers have got that flimsy
>constitution to cover our ass with...
Do you mean the one that lets the President declare organizations and
individuals
to be known terrorists and forbid American citizens to trade with them or
aid them?
(Various pointers to those blacklists have been published to cypherpunks
before,
and they're probably on cryptome as well.)
Or do you mean the Constitution that's got a First Amendment
that lets FBI agents tell citizens their own personal opinions like
"You'd better not publish my name or you'll be in Big Trouble!"?
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Choate proposing Dropping toad.com
Jim - have you sent mail to Hugh and John directly? Or just to the mailing list bot-owners, plus postmaster and root, which they don't likely check very often, even when Hugh's not on yet another summer of international travel? You probably don't want to drop JYA or Hugh or Pablos, though they could easily enough be redirected. Some of the subscribers are clearly gateways to local Usenet groups that let people read the list with newsreaders. I'm not sure how many of these are single-reader systems and how many are universities or other sites with multiple readers, but it's difficult to tell what name the user actually posts with. There's also a problem with +enhanced SMTP addresses, which allow the user to add "+something" to the end of their user name, so they can sort message streams, but their outgoing mail probably won't have the plus-info. For instance [EMAIL PROTECTED] probably would send mail to the list as [EMAIL PROTECTED] and any "only accept mail from subscribers" option needs to address them. I think it does make sense to move the toad users to a different server and set an autoresponder pointing to the current list-server locations. That won't prevent the problem of harassers subscribing the list to other lists, but it's a start. The big negative about it is that originating users at one-way remailers won't get the bouncegrams, but most people who know how to use remailers can find us anyway. Bill At 10:07 AM 7/19/00 -0500, Jim Choate wrote: > >Hi, > >I've sent a couple of emails to the toad.com operators and have received >nothing back. I see this is indicating a distinct lack of interest on >their part. > >As of today the current toad.com member list is below. It looks like >we could drop it completely if cyberpass and algebra would drop. > >Note that this does not prevent the toad.com operators from participating >in the current CDR. Only that the current CDR doesn't wish to participate >in the original list any longer. > >Date: Wed, 19 Jul 2000 08:34:19 -0700 (PDT) >From: [EMAIL PROTECTED] > >Your request of Majordomo was: >>>>> who cypherpunks-unedited >Members of list 'cypherpunks-unedited': > >[EMAIL PROTECTED] >[EMAIL PROTECTED] >[EMAIL PROTECTED] >[EMAIL PROTECTED] Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Carnivore - Matt Blaze testimony
Matt's testimony is http://www.crypto.com/papers/opentap.html , including a paper by Steve Bellovin and Matt Blaze on "Open Source Wiretapping". FBI PRESSURED TO DISCLOSE SYSTEM CODE - [Wall Street Journal, A6.] The Federal Bureau of Investigation is under increasing pressure to disclose the secret blueprints for its Carnivore surveillance system so independent technical experts can verify that the software monitors only the Internet communications of criminal suspects. Despite mounting calls to permit such reviews, FBI officials maintain that disclosing the software's source code would allow hackers to find ways to defeat the system. The officials also argue that such a disclosure could violate copyright protections because Carnivore includes portions of software code from a product licensed to the government by an unidentified vendor. Congress is expected to press senior FBI officials on the subject at a hearing Monday before a House Judiciary Committee panel led by Florida Republican Rep. Charles T. Canady. One scheduled witness for the hearing, Matthew Blaze, an AT&T [Labs] researcher, says the FBI's failure to fully disclose how Carnivore works has contributed to an "atmosphere of mistrust and confusion." In an essay published on the Internet last week, Blaze wrote that releasing the system's source code "is a critical first step in assuring the public that Carnivore can at least be configured to do what it is supposed to do."
Re: Tamper-resistant PC hardware
>>I am in the unfortunate situation of having to run a server in a
>>machineroom which I don't completely trust.
At 05:20 PM 7/18/00 -0900, Paul Holman wrote
>Some folks at the Cypherpunks meetings have been working on projects
>using the Dallas Semi iButton, which is a cheap FIPS140-1 Level 1
>certified hardware security device. You can get them, load your keys
>in them, and rig your OS/Apps to use this thing. An alternative
>would be to use an nCipher device. These protections would keep
>people from copying the keys, but it is certainly conceivable they
>could make off with the device entirely. That's why you'd want to
>incorporate some kind of remote authentication as well.
Matt Blaze did a paper a while back on using smartcards (or equivalent
slow-but-relatively-secure processors) in conjunction with a main CPU
to support encrypted filesystems without having to shove all the data
through the smartcard. You may want to do something similar here.
(And obviously you want to use encrypted filesystems, because even if
the attackers don't stick logic probes on your backplane,
they might take your disk drive out and plug it in their own machine.)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: mentality
At 09:02 AM 7/17/00 -0700, Anonymous wrote:
>Following this crypto list and spam attacks has interesting side-effects.
>
>To us living outside US it is almost unbelieveable what kind of pathetic
>retards US general public became. Just look at the spam subjects. Petwarmers.
>Heartwarmers. And don't tell me that spam is not matched to the public.
>
>It is rather scary. 200+ million remote controlled retards.
But that's the great thing about the Net. You don't need 200 million
remote controlled retards to sell advertisting; you can easily find a few
thousand retards
and spam them with something customized to their bad taste,
and give the next thousand retards something _they_ want, and so on.
Almost everybody has something stupid you can hook them with,
and it's much easier to find them now :-)
Alternatively, it's a Commie plot by the Saccharine manufacturers to
dispose of their cancerous excess product and get us to
corrupt our own precious bodily fluids for them
And Hettinga reports that the Hahvahd Club has gone business casual.
It's the decline of civilazation as we know it.
And we haven't even talked about Hello Kitty yet... it's a worldwide problem.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: ZFG: Q: How to subscribe to the mailing list anonymously: WRE
At 09:53 AM 7/17/00 -0500, Jim Choate wrote:
>Assume there is a person who wishes to participate in the mailing list.
>Assume that person wants to participate via a single email address. They
>have for all intents and purposes zero technical skill. They are
>participating via a PPP dial-up through a local ISP, non-anonmymously.
>They can't run any programs when they're not logged in.
>
>How does one go about this anonymously (this includes EFT/check payment
>for commercial recources)?
How anonymous do they need to be? How non-technical are they?
If you don't need to be highly anonymous, use Juno or other free dialin email.
Or get an overpriced secured credit card or debit card in a fake name
and get a cheap dial ISP; you can find them for <$9/month in many places.
All of them risk having the free/cheap ISP rat out your phone number.
You could get Freedom and install it. Not hard, real secure;
you'll have to see if there's a relatively anonymous way to pay them.
A relatively easy approach is to check out www.anonymizer.com and
set up a paid account there; it's about $5/month, and you can
presumably still pay by snailmailing cash or money orders.
Then use a browser with SSL and read the list on a free email system that's
not too Javascript-encrusted to use through Anonymizer. (Hotmail probably
doesn't work any more; I think Altavista and Excite still work,
and you can see if Hushmail does.)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Treasury Secretary Summers warns of crypto-anarchy, encryption
At 11:50 AM 7/15/00 -0400, Declan McCullagh wrote: >http://www.wired.com/news/politics/0,1283,37573,00.html >Is Encryption Tax-Protective? >by Declan McCullagh ([EMAIL PROTECTED]) >3:00 a.m. Jul. 15, 2000 PDT >WASHINGTON -- It used to be FBI Director Louis Freeh who would rail >against online anonymity and argue that Americans should not be >allowed to use encryption software without backdoors. > >Now it's the U.S. Treasury Department -- home to the Secret Service, >the IRS, and the Customs Service -- that's complaining. > >"Problems could arise from the increasing sophistication of Internet >encryption codes that are established for valid reasons of commercial >secrecy but can also be used to conceal relevant tax details from tax >administrations," Treasury Secretary Lawrence Summers said this week. > >"In such a world, it will be easier for companies to avoid tax >collectors by operating worldwide through websites based in >jurisdictions that are unwilling to share taxpayer information," >Summers told a gathering of international tax administrators in >Washington. Hey, they're catching on! Should we send these guys a "Tim May's Signature File" t-shirt and the collected rants of Bob Hettinga? :-) The big difference here is that many people think National Security trumps the First and Fourth Amendments, so it's ok to restrict encryption to stop Scary Terrorists, but far fewer people think wiretapping and similar offenses are ok just for tax collection, and the IRS's reputation of ripping off widows' houses doesn't sit well with the public. The right way to enforce tax collection is to send Nasty Letters, followed by visits from dull humorless accountants to see your books, followed by brighter but more humorless accountants to see your other set of books. Corporations and other licensed businesses are required to produce business records; there have been some interesting cases on whether those records need to be readable by tax authorities. There was a case in the US-Occupied Philippines on something that I think was called the Chinese Business Records Act which got tossed by a US Federal court - it had banned keeping business records in Chinese because US colonial bureaucrats couldn't read them. (And one of the right-wing Constitutionist types tells of presenting his business records to a magistrate or tax bureaucrat in Idaho, which his accountant had written in Hebrew. The accountant was back in New York City, and the local government were all goyim, and it was pretty obvious that if they got around this problem he'd pull something else on them, so they dropped the issue. But that's just local/state stuff, not useful precedent.) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: ZKS economic analysis
At 11:19 PM 11/16/00 -0800, [EMAIL PROTECTED] wrote: > That ZKS defends against the government intrusion is boring.. > There exist free, open-source projects (PGP, remailers, FreeNet) > that already address this issue -- >in cyberspace, opposition to government censorship and >abuse has largely been grass-roots in nature, exactly >like it is in the real world... Also, its uncertain >that there's much of a business model in protecting >people from government tyranny.. The cool thing about ZKS's business model is that it claims to make running remailers sufficiently worthwhile for ISPs to do themselves that there should be a large number of them Real Soon Now, and they'll be unlikely to close them down on the first complaint because they're making money. The main governmental attack isn't tyranny, it's subpoenas from lawsuits by people who don't like things you wrote. Tyranny attacks have higher technical quality, but volume can be a real killer. Addressing the "protection of personal information" issues is a long discussion for later. >From a theoretical standpoint, encrypting messages has been Done Now, but stopping traffic analysis is much harder, and it's much much harder in practice. Similarly, untraceable outbound email is much harder than untraceable inbound. And deploying a Pipenet that performs efficiently for thousands of users is still tough. The good thing about cryptography and universal communication connectivity is that a grassroots effort _can_ provide effective security. The catch is that widespread protection that's scalable enough for everyone to use requires more infrastructure than a grassroots effort typically produces unless you've got other hooks encouraging widespread deployment. Over the last half decade, there have typically been about a dozen remailers, and shutting down anon.penet.fi didn't need a government tyranny attack - Scientologists could do it. (Yes, they used government to help, but a serious government attack could easily take down the whole thing.) And one individual got a dozen or so remailers shut down by complaing to ISPs after forging Usenet attacks on himself through the remailer network. And that doesn't even count the potential uses for spammers if they were smarter; dealing with that sort of heavy abuse is one thing that makes remailer ops quit. I don't know if their business model will succeed or fail - it depends a lot on implementation quality and on marketing efforts, and on deploying enough stuff (and getting enough customers) to bootstrap other activities that use it. Some of that's protecting people from government tyranny, some is letting you surf without getting spammed (anonymizer does this too), some of this is letting your kids chat on line without risking Bad Things and letting your kids say Stupid Teenager Things now without it haunting them the rest of their lives (e.g. not getting into college because of that misdemeanor copyright violation from trading MP3s, or saying Harvard's Hockey Team sucks...) There are other business models that might work - building remailers into Napster? Anonymizer.com works well, though it could be shut down - what if Apache shipped with an anonymizer module that was enabled by default? (And what would the spammers or other abusers figure out to do with it? :-) Usenet supports a wide ecology of ways to build anonymous connections, though they're slow and not highly efficient, and Usenet's in a "Nobody goes there because it's too crowded" kind of decline. Anonymizers plus not-overly-Javascripted Free email systems are enough to keep out most attackers, though they probably won't stop a government attack if you're using it over a long period of time. Will ZKS succeed? I hope so, and more power to them - but they'll need to get their product more distributed, and probably more polished, and get their marketing engine in gear before their previous PR splashes fade away. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: how EXACTLY does this protect privacy?
At 03:51 PM 7/13/00 +0200, Tom Vogt wrote: >um, partly yes. >the rights of businesses are completely artificial. a biz is an >artifical entity that doesn't have any existence aside from paperwork >(the property it owns is "real", but that doesn't make the business any >more real than the existence of churches proves the existence of god). >as such they have no "natural" and "inaliable" rights, but only those >artificial rights granted to them by the local government. it just >happens that they've managed to lobby most govs into giving them a whole >bunch of rights. You're incorrect. Business are things that people do. Nothing artificial needed. Corporations are artificial entities that exist on paper and only have those rights arbitrarily granted by governments, so the government could decide to grant them lesser sets of rights in return for their corporate privileges. But if you run a store, without hiding it behind a corporation, there may be a sign out front saying "Tom's Widget Shop", but that business is something you're running, with your rights. If you've got partners, and it's "Tom and Alice and Bob's Widget Shop", the business is still something you're doing together, with the rights all three of you have. Still real, nothing artificial. In many places, governments require you to have a license to do business, but that's just because they can get money that way, and can help their friends by restricting their friends' competition. It's not compatible with natural rights, but most governments are well-armed enough that they win anyway. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: ZKS: how EXACTLY does this protect privacy?
> >an economy based on "nyms" is a pipe dream. No human has ever purchased
> >a car, or purchased a home, or taken out a loan, or started a business,
> >or gotten a job by using an anonymous "nym".
> I have started a business, received payment for contract work, purchased
a car,
> and registered a domain, all anonymously. Registering the car
anonymously is
> the tricky part. :)
Black Unicorn tells the story of going to buy a car with cash,
I think in Washingtoon, DC. The sales guy freaked, went in back to do the
"let me talk to the manager about that one", and called the police.
I think he was probably even buying the car using some name that he has
papers documenting that he uses, rather than registering it as "Black
Unicorn" :-)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: filters CPUNK RTFM
At 10:01 PM 6/18/00 +, [EMAIL PROTECTED] wrote:
>Brad Guillory writes:
> > There was talk about sending an automated email out to posters that do
> > not include CPUNK in their subject line. This message would be best
> > handled by the listserv. But if I understand correctly you can join
> > a moderated list instead of this one if you want to increase the signal
> > to noise ratio.
> >
>I am wondering if there was an alternate list that many more people
>were on besides the one on toad.com I say this because I noticed a
>while ago that mostly all that was being sent was just spam and the
>like. Is there another one or has content fallen off that much?
There are two different problems - signal and noise.
Filtering systems, or filtered lists like Ray Arachelian's, reduce noise,
but don't increase signal.
The cypherpunks list uses multiple servers, but they won't have more signal.
Some of the other lists include [EMAIL PROTECTED] and
[EMAIL PROTECTED], and [EMAIL PROTECTED]
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Encryption chip ?
At 03:17 PM 6/26/00 BST, Mo Rainey wrote: >Does anyone know where I can get an encryption chip that I can build into a >radio system for secure voice communications? > >I need something simple ( i.e. data + key > in, encrypted data > out). I >plan to put the audio input through an ADC (Analogue to Diigital Converter), >so it will be a digital data stream going into the chip .I need it to use >secret key technology so that both radio sets have the same key for >encrypting and decrypting. It doesn't have to be the most secure thing in >the world anything that would take more than a week to crack would do, >sacrifice the security for the speed keeping the cost down Finding a chip to do the encryption is the least of your problems - you need to figure out the system design first, and that means you need to be clear about what you're trying to accomplish with your system. Have you figured out what you're doing to modulate the digital signal onto the radio? What bit rate do you expect to use? Are you using a dedicated chip for the voice compression (or are you just using lots of bandwidth instead of compressing?) Encryption is usually much less work than good voice compression; a general purpose CPU or a DSP both have more than enough horsepower, so if you're doing voice compression in one of them, you can do the encryption in software rather than adding a dedicated power-consuming chip. If you're saying it needs to be secret key, with the same key in both directions, but doesn't need to be very secure, then you still need to think about your requirements. Encryption that's strong doesn't take any more work than wimpy encryption, particularly for algorithms like RC4 - as long as you use it correctly, a 128-bit key takes no more work than a 40-bit key - but you can't use the same key in both directions. On the other hand, user-selected passwords don't take a week to decrypt - they're usually either wimpy enough to take only a few seconds/minutes to guess, or strong enough to take a very long time. You're much better off using Diffie-Hellman key exchange, so nobody can decrypt your conversation, and optionally using a secret-key passphrase for authentication. (In a radio environment, it's very hard to do man-in-the-middle attacks, so the main threat is somebody impersonating the other speakers; you might or might not need authentication depending on whether you expect to recognize their voice or not.) Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Trusting HavenCo [was: Sealand Rant] CPUNK Snowcrash
At 01:17 AM 6/12/00 -0500, Sean Roach wrote: >At 11:23 PM 6/10/00 -0400, Peter Trei wrote: >>Ryan wrote: >> >>In Snow Crash, there was one Sovereign Individual, who governments >>accorded >>standing as such. He could do this because he was a nuclear power - he >>traveled everywhere with an armed warhead built into a motorcycle sidecar, >>and a deadman switch linked to his heartbeat. If he died, bang! (I can't >>recall if Stephenson dealt with the problem of an adversary who just threw him >>in jail, or other non-lethal nastinesses) > >He didn't. At least not in Snow Crash. The book ends with Hiro >Protagonist, (The Hero, The Protagonist. I like the book fine, but that's >not exactly the most original name. Still better than Joe Smith though,) >"killing" the Aleut's avatar, then launching an antivirus program with an >ad attached. That was in the Metaverse. Out in Meatspace, Raven and Uncle Enzo get in a fight that sounds like one or both of them are going to die, but the Bomb doesn't get mentioned, and hasn't been mentioned in a while. I got the impression that Neal just didn't bother cleaning up that loose end. But even with out it, Hiro wasn't close to being the Baddest Motherfucker In The World >By the way. You want the computer hard disk completely destroyed for the >same reason that you would want to take the pad of paper you wrote your >secret info on, with you. With the paper, you could do a rubbing to reveal >what the page above said... Destruction is nice, but it's more important to require that all the disks only have encrypted data written to them, so that you can zap the contents temporarily by cutting power if you're invaded, rather than having to thermite the whole thing and hope you've destroyed the whole thing well but also that you can build up repeat business somehow. Secret-shared offsite backup may be useful as well, for customers who want it. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639 Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
RE: pseudonymous remailers CPUNK
At 09:45 AM 6/15/00 -0400, Trei, Peter wrote:
>If a remailer restricted itself to sending out messages which were
>still encrypted after decrypting with the remailers' key, I would think
>you'd remove nearly all spam (since no spammer is going to encrypt
>thousands of messages with the public keys of each of his recipients),
>and give the operator a layer of protection from liability ('No, you
>Imamness, I did not and could not know that an infidel was using
>my remailer to send quotes from "The Satanic Verses'")
The standard software doesn't support this, but it'd be nice to add.
Even requiring PGP for the input side gets rid of almost all spammers,
especially if you limit the number of recipients per message.
In the future, when encryption is widely available and everybody uses it,
there may be more spammers using encryption, but it's pretty rare today.
But it's still usable for harassment.
Requiring the outgoing message to be encrypted is even more thorough -
it limits you to spamming or harassing people with published encryption keys,
though I suppose some people feel harassed by receiving lots of encrypted mail
that they can't decrypt...
It's not easy to decide whether a message is really encrypted,
if you're not the recipient, so you're basically limited to deciding
whether a message has correct encryption syntax - you can either be crude and
just look for the BEGIN PGP ENCRYPTED STUFF--- or maybe S/MIME headers,
or you can get fancy and see if there's more structure than that.
It's possible for a determined harasser to work around this -
e.g. put the headers followed by unencrypted mail or whatever,
and you can't tell without the recipient's key. But it's pretty good.
>This would make it more difficult to send plaintext messages to
>usenet, though messages which decrypted in the remailer to
>plaintext targeted for known gateways and mailing lists could be
>let through.
Yeah - basically, you either need to build recognition in the remailer,
or else put up a second remailer that doesn't require encrypted-output and
use it as a gateway, or something like that.
The basic problem is that remailing private messages to a specific recipient
is a much different activity than remailing messages to a broadcaster
with many unknown recipients, and the current remailers try to do both.
Building gateway servers with names like [EMAIL PROTECTED] opr
"[EMAIL PROTECTED]"
can take care of the second job.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: filters CPUNK RTFM
At 04:42 AM 6/16/00 -0700, Kurth Bemis wrote:
>can we place a filter to reject all incoming messages that dont have CPUNK
>or CPUNKS or something in the subject?
>Kurth Bemis - Senior Linux Network/Systems Administrator, USAExpress.net
You don't have to make the listbots reject those messages -
you can make your mail reader reject them and they won't bother you.
According to your email headers, you're using Eudora as your mail sender;
probably you're also using it as a mail reader. It's got filters -
RTFM on how to use them.
Of course, _your_ message didn't have CPUNK in the header,
so people who follow this practice won't be bothered by it :-)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Eliminating toad.com from the C. Distributed List
At 12:24 AM 06/06/2000 -0700, Tim May wrote:
>>toad should, however, bounce back some kind of pointer if you try to
>>subscribe and/or mail over it, since it's still listed as "the
>>cypherpunk node" at various places.
>This is the fault of those "various places." Frankly, worrying about
>what a 1993 blurb in "The Village Voice" says is the Korrect
>Cypherpunks Address seems quaint.
Many of those "various places" are archives of mailing lists,
Dejanews caches of Usenet groups, old web sites nobody's got incentive to
update,
things that are found by search engines, etc.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: pseudonymous remailers
As other people have pointed out, most email software lets you forge mail easily; you don't get strong untraceability, but you often don't need it, especially with free network access and disposable free email addresses being widely available. Untraceable mail is important for publicizing human rights violations by your government, or contacting your favorite marijuana supplier, but minor offenses like harassing your fellow high school students or subscribing your ex-boyfriend to spammer lists don't need it, and it doesn't take a lot of creativity to do. I ran a remailer about 5 years ago; I've commented on the issue in the distant past, but no longer have copies of it. Remailers generally have two uses: - sending private mail to individuals, which needs to be encrypted in and out to prevent eavesdropping (so forgery isn't really an issue), and - sending broadcast messages such as Usenet groups and mailing lists, where the output needs to be unencrypted, and forgery is possible. The early software didn't prevent you from pasting in a From: line, so it was possible to use for forgery, mailbombing, etc. Occasionally it's convenient for legitimate uses, such as forging your home email address on a posting to a subscribers-only mailing list (when you're at work / cybercafe / etc.) but for the most part there's very little you can't do just as well by putting your name/address in the body of the message. The classic abuses to do with it are posting flamebait to Usenet or posting test messages to alt.test which get autoreplied to by thousands of machines. I closed the remailer I ran when somebody posted forged hate mail to the net - the headers weren't forged, but the target's name and email address were in the message body. My ISP asked me to close it unless I could find a way to prevent similar abuses, and there weren't a lot of good options at the time. Most remailer operators who are concerned about preventing abuse are also concerned about preventing complaints that get them shut down, so they're motivated to deal with the problem. A relatively common approach is to add mail headers clearly indicating (to anybody who reads mail headers) that the message came from a remailer, may be forged, and where to find more policy information. >>At 3:28 PM -0400 6/5/00, [EMAIL PROTECTED] wrote: >>>I'm a columnist for the chicago tribune and someone has called my attention >>>to the remailers on the net that allow you to construct the FROM: field as >>>well as the TO: (manicmail; zoubidoo are two I've found). What do you know >>>about these? Are they new? More common than I know? Do they pose any >>>additional interesting problems legally, morally, ethically, whatever? Any >>>sites on the web I ought to visit re. this? >>> >>>Eric Zorn >>>Chicago Tribune >>>http://www.chicagotribune.com/go/zorn/ Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
RE: Verifying this data crypt?
At 05:59 PM 06/08/2000 -0400, Bill Frezza ([EMAIL PROTECTED]) wrote: >The best thing that could come from the government's forced breakup of >Microsoft would be to turn the richest man in the world into a free market, >anti-government, radical capitalist. Gates is only 45 years old. Think of >what he could accomplish if he devoted the rest of his life and even a >fraction of his wealth to the cause of freedom. How many Havenco's could he >build? What's this "Gates" business? The DoJ invasion has cost Bill a few billion, and Larry Ellison is now Rich Guy #1. I don't know how he feels about governments and free markets in general, though he's got a few opinions about airport closing times and local governments that are well-known :-) But yeah, if Gates wanted to become the next Ross Perot, .. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
RE: Drivers License
At 04:43 PM 06/08/2000 -0500, Black Unicorn wrote:
>Most "international driver's licenses" are not valid without the
>presence of a driver's license issued by your jurisdiction of permanent
residence,
>which must be carried with you at the same time.
There are a few Caribbean islands, I think Trinidad,
which are quite flexible about issuing DLs (and mailboxes)
and you can use them with an international DL.
An acquaintance of mine used one in Nevada, and it checked out valid.
(He usually lives in California, and might have had more trouble
using it there.)
The consulting company that I saw at a convention that was
facilitating getting the things charged a service fee for obtaining them.
I think it was about $50, and it would have been rude to ask about
the strictness with which the procedures for getting them processed
were followed, but the end product was genuine.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: Cpunk Havenco
At 10:23 AM 06/06/2000 -0700, Michael Motyka wrote: >Wasn't there some sort of ship being fitted out a year or two ago that >was being advertised as an internet connected tax haven? Did that ever >happen? I think all of the Liberty Ship variants were talking futures, not present. Sealand exists, and Havenco appears to be in business, at least Real Soon. >> >Unacceptable publications include, but are not limited to: >> > 1.Material that is ruled unlawful in the jurisdiction of the originating server >> >(Such as child pornography or other obscene material. >> My question is what in the hell does "or other obscene material" mean? >This "acceptable use" stuff sounds like conciliatory nonsense. Sounds like they've got an official policy telling you not to serve stuff you're not allowed to serve at home, so if you're a Bad Citizen-Unit, they can be quite up-front about how they're shocked, *shocked* to discover gambling (or whatever) taking place on their servers. But it's all being done by their customers, not by them. And as far as "other obscene material" goes, that differs depending on where you live, but there's realistically not much reason to use Havenco for it when there are so many US servers that will allow their customers to show women with their veils off. >Fine for stuff served up in the clear but who would be stupid enough >to place proscribed plaintext in a rented space no matter how cute the >coat of arms. At which point any use restrictions become moot. All sorts of stuff gets proscribed in all sorts of jurisdictions, and gets permitted with payments of government license fees in others. Casinos are an example of something that works just fine in that kind of environment - public, just not permitted at home. Credit rating services, personal information databases, etc., work much better with heavy encryption of their contents, so that the Blacknet folks or insurance companies can make their money, but the front doors to the service can be quite public. >Does havenco have a doomsday plan in their user agreement? One >helicopter gunship and a few men is adequate to secure the property. >What if you don't want your data captured? I'm sure they've got physical protection plans, and they've discussed potential options for /dev/thermite. But the important protection is that all disk access is encrypted, so if they cut the uninterruptible power, it's toast until the keys can be restored from offsite. >All traffic in and out can be logged. Except hand-carried data. Expect >people embarking to Sealand to get serached if the thing takes off. They've published their physical access policies. And hand-carried data isn't a risk; hand-carried explosives are. Hand-carried pharmaceuticals will presumably be evaluated for quality :-) >It may always boil down to the local rules on rubber hose treatment for >key extraction regardless of where the data are stored. That's why keys are stored out of the country, presumably in multiple locations - pirates, whether using black flags or bright-colored ones, may not have the proper respect for human rights that Sealand's European neighbors claim to promote. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Re: need some help
>"the foxman" <[EMAIL PROTECTED]> writes:
>> Ineed some help and advise on making a bomb. can u help me please...
Hey, postmaster - our list doesn't need this kind of abuse.
Please dump the account.
We get it a lot - it's either ELEET KiddieZ, or else it's cops trolling.
Since the poster is pretending to be British, he should learn from history -
you make bombs by putting barrels of gunpowder in Parliament's basement,
but try to avoid getting caught...
David Marshall <[EMAIL PROTECTED]> replied.
>Go talk to John Travolta. "Battlefield Earth" is making craters in
>movie theatres everywhere.
It's nice to see the unanimity of movie reviews on this -
B.E. isn't just getting slammed for being made by Scientologists,
but for being one of the essential characteristics of Scientology, which is
Overpriced Bad Science Fiction. :-)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Moonies buy United Press International
There's an AP Wire story about White House correspondent Helen Thomas
leaving UPI after 57 years. UPI was bought by News World Communications,
the Moonie subsidiary that also owns the Washington Times.
"I have no plans to join the new UPI."
Her agent says she's not retiring (at 79), she's just leaving UPI.
If I remember correctly, UPI used to have lots of Quayle family money in it.
No fn0rds were seen anywhere near the black helicopters
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
alladvantage.com spammers get $100M in Venture Capital :-)
Today's Mercury News has an article on where VC money is going
in the San Francisco Bay Area. The third entry on their list is
none other than Alladvantage.com, in Hayward, "Internet Advertising" -
the spammer group we've been complaining to/about lately as their
users have been spamming us :-) They may be harder to get rid of than I
thought...
or they may be more reasonable because they've got $100M of OPM
whose owners don't want to lose it.
Second on the list is DoveBid.com, who we've also gotten spammed by,
though that was probably somebody signing up with cypherpunks@somewhere
as their email address. They do B2B auctions, and got $109M.
They've actually been in the industrial auction biz since 1937
There are also a variety of companies doing reasonable-sounding things,
and companies things like named Zippy!Zap!Y!owza! who appear to be
in the buzzword generation and tree-shaking business.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
