Re: What kind of security matters
On Sun, Feb 19, 2017 at 12:56:50AM -0500, Marina Brown wrote: > Hillary's IT people and Podesta really were the example of the worst > security possible. Which, in this particular case, worked out rather well for the rest of the world ...
Re: Building a new Tor that can resist next-generation state surveillance
> On Fri, Feb 17, 2017 at 12:42 AM, Eugen Leitl wrote: > > > On Fri, Feb 17, 2017 at 12:45:50AM -0500, grarpamp wrote: > > > https://arstechnica.com/security/2016/08/building-a- > > new-tor-that-withstands-next-generation-state-surveillance/ > > > > > > Forgot to put the link above. > > > > Anyone here able to evaluate the merits of the proposed new architectures? > > Or do we have to wait for the proof after pudding is served? On Sat, Feb 18, 2017 at 09:46:44PM -0800, Steven Schear wrote: > If you must use tor its best to combine it with a good, multi-hop, VPN. I > prefer i2p (there's now a fully C++ version for those who don't trust Java) > and cjdns. Now there's an open door for discussing "trust" :) C++ might be more performant ("might"), and similarly "might" be more secure. Neither is a certainty and C++ can certainly be worse on the 'security' front. DJB has an approach to software dev which seems to be "extremely defensive" from my minimal viewing some years back, and that's just C. Certain fundamentals will always be required, no matter the impl. language, e.g. design by composition vs design by inheritance, minimal binding between "modules" or "libraries" / API, deterministic input validation, etc etc. Algorithmic and protocol "security" are another matter again. Sorry for the ranting, but just as "character" is hopelessly overloaded in Java, "security" is also an overloaded term, not useful without much qualification. Of course. Good luck,
Re: Building a new Tor that can resist next-generation state surveillance
On Fri, Feb 17, 2017 at 3:42 AM, Eugen Leitl wrote: > Anyone here able to evaluate the merits of the proposed new architectures? There are some websites out there listing / ranking overlay networks in tickmark feature and buzzword bingo tables. I don't know of any project actually sitting down to brainalyze their overall design and operation at any level of depth. ie: "We kinda know what tor's doing with it's routing, and how to break it or not, now what about network x's routing." The sites just tick off 'uses onion / packet / garlic / mix routing', 'uses crypto x', etc, as found on the parent project website and that's it. > Or do we have to wait for the proof after pudding is served? Tor has been serving pudding for years, and has a small but relavant number of whitepapers outstanding against it, at least a few of which range hard to unfixable outside of architecture. Every tool will have some weakness somewhere, some you can live with or fix, some you can't. Guessing that today's biggest ignored threats to overlays are: 1) GPA's and GAA's, operating at the wire level. 2) Who exactly is running the network nodes. n) What else ??? If that's reasonable, then any project trying to address these should get a closer look. There also needs to be some project doing serious digging into disappearances, shutdowns, and court cases, working the darknet forums and lawyers and dockets, looking for any unexplainably dead canaries arising from each active overlay network. Reviewing designs... designing against threats... tracking proof... three areas. Do it, get funding, make yourself a star.
Re: What kind of security matters
On 02/18/2017 04:54 PM, James A. Donald wrote: > On 02/16/2017 07:47 PM, James A. Donald wrote: >>> I remarked earlier that several security proposals would not in practice >>> be useful because Hillary's main security concern was not the Russians >>> stealing her emails, not Wikileaks stealing her emails, not the Chans >>> stealing her emails, but Obama stealing her emails. > > On 2/18/2017 1:46 PM, Marina Brown wrote: >> Are you daft ? Obama had more important things than to go through >> Hillary's emails. He already knew all about her and her failure as >> Secretary of state. > > Illegally employing her own email server was an anti Obama security > measure, not an anti Wikileaks or anti Chan measure. She would have > been more secure against Wikileaks, the Chans, and the Russians, had she > done the legal thing and used the official government (aka Obama) > controlled mail server. > > Similarly, Google ratting out Petraeus to Obama has caused a sudden and > striking disinclination to use Gmail among persons of interest. > > On 02/16/2017 07:47 PM, James A. Donald wrote: >>> Similarly, it is clear that if Trump had a chat with Assad of Syria >>> clearing a bombing run Isis in Syria, his target list would appear in >>> the New York Times, as he bitterly complained in his latest press >>> conference. > > On 2/18/2017 1:46 PM, Marina Brown wrote: >> Again - are you Daft ? Assad is in a bitter fight with Isis - he would >> not leak that info. > > Of course Assad would not - but the State Department is supporting Isis, > and would. And someone in the government, probably the CIA or the State > Department did leak the equivalent info about the raid in Yemen to Al > Qaeda, resulting in many injuries and a death. > >> ...Not that i support that horrid dictator. I did >> work on the Streisand effect for Assad's regime. > > I totally support Assad. He stands between the US State Department, and > the genocide of all Alawites, Christians, and all Shiites of Palestinian > descent in Syria. The State Department aims to do to Alawites in Syria > what it did to Tutsis in the Congo, and a side effect that they do not > much care about or rather like is that Christians in Syria would get > genocided also. > The only party i really support in Syria is the YPG. It's the non-murderous force of modernism in Syria. Assad might protect some of the Alawites and Christians but he has far far too much blood on his hands. I really find it hard to forget the pictures of regular everyday people who got horrifically tortured for simply getting caught up by Assads police force. >> Nonsense. Trump did not get the right info - he did not know how well >> defended the site was. > > Al Qaeda tells us that they knew what was coming. So chances are that > the site *became* well defended shortly after the decision to attack it > was made. > > There is a tendency to analyze security as if your home computer was > secure, which it is not. But the error of analyzing security as if your > organization was secure and cohesive is a greater error. Trump is at > far greater risk of being spied on by the CIA and the State Department > than the Russians, and the consequences of that spying are more severe. > Similarly, Hillary was primarily concerned about Obama spying on her, > and was right to be concerned. Petraeus should have been similarly > concerned. > > So security really has to be in the hands of the end user, rather than > the organization. Trump, Hillary, Podesta, Petraeus, and the Chairman > of the Board are never going to use PGP, or even correctly use browser > Certification Authorities. Podesta and Hillary's information technology > guy did not seem to know what a website certificate is, or how it works. > > Hillary's IT people and Podesta really were the example of the worst security possible. signature.asc Description: OpenPGP digital signature
Re: Building a new Tor that can resist next-generation state surveillance
If you must use tor its best to combine it with a good, multi-hop, VPN. I prefer i2p (there's now a fully C++ version for those who don't trust Java) and cjdns. On Fri, Feb 17, 2017 at 12:42 AM, Eugen Leitl wrote: > On Fri, Feb 17, 2017 at 12:45:50AM -0500, grarpamp wrote: > > https://arstechnica.com/security/2016/08/building-a- > new-tor-that-withstands-next-generation-state-surveillance/ > > > > Forgot to put the link above. > > Anyone here able to evaluate the merits of the proposed new architectures? > Or do we have to wait for the proof after pudding is served? >
Re: Broken Mailers [was: Google's Artificial Intelligence]
On Sat, Feb 18, 2017 at 6:50 PM, grarpamp wrote: > On Sat, Feb 18, 2017 at 3:11 PM, Razer wrote: > > Need some Whine with that gripe? > > Got any good Chardonnay, or a real shitty c-store Merlot? > ;) > W(h)ine is great with nuts and cheeses. It explains the great amount of 'nuts' here and maybe some 'cheese' lovers too. :P Obs.: - 'Nuts' and 'cheese' are pretty versatile words in English, wow! 'Nuts' can be 'dried seeds', 'testicles', 'crazy' (offensive), and 'to be very enthusiastic about something/someone/some activity' ('crazy' too, but in a good sense this time). 'Cheese' can be 'a food made with milk, or grains, or nuts (nuts again, wheee!!), 'money', or a 'bizarre drug made with paracetamol and opiates'. :P Forgive grarpamp's complaints, please. He's annoyed because I leaked his cat ears here. Now I need to find another perfect disguise for him. He didn't appreciate my favorite one < https://www.elo7.com.br/tiara-unicornio/dp/7E092B>, meh! :(
Re: Broken Mailers [was: Google's Artificial Intelligence]
On 02/18/2017 01:45 PM, John Newman wrote: On February 18, 2017 3:50:36 PM EST, grarpamp wrote: On Sat, Feb 18, 2017 at 3:11 PM, Razer wrote: Need some Whine with that gripe? Got any good Chardonnay, or a real shitty c-store Merlot? ;) How about a little Mad Dog 20/20? ;) *shudders remembering a 48hr hangover from mad dog as a teenager..* Gypsy Rose, Swiss Up (Lemon-lime), or Twister (Peppermint). Hold the formaldehyde... Actually, Mogen David (The MD in MD 20-20) makes some of the best kosher grape wine around. My grandparents favored one Jewish-owned winery down on the lower east side when I was a kid whose name I can't recall, but MD was their next choice, followed by Manischewitz. Rr Ps... The complaint about html in the subject line should be addressed to the T-Bird (not the wine, the mail program!) people. There's absolutely no legitimate reason I can think of to use HTML in a subject line and millions of people a day cut/paste into them...
Re: What kind of security matters
On 02/16/2017 07:47 PM, James A. Donald wrote: I remarked earlier that several security proposals would not in practice be useful because Hillary's main security concern was not the Russians stealing her emails, not Wikileaks stealing her emails, not the Chans stealing her emails, but Obama stealing her emails. On 2/18/2017 1:46 PM, Marina Brown wrote: Are you daft ? Obama had more important things than to go through Hillary's emails. He already knew all about her and her failure as Secretary of state. Illegally employing her own email server was an anti Obama security measure, not an anti Wikileaks or anti Chan measure. She would have been more secure against Wikileaks, the Chans, and the Russians, had she done the legal thing and used the official government (aka Obama) controlled mail server. Similarly, Google ratting out Petraeus to Obama has caused a sudden and striking disinclination to use Gmail among persons of interest. On 02/16/2017 07:47 PM, James A. Donald wrote: Similarly, it is clear that if Trump had a chat with Assad of Syria clearing a bombing run Isis in Syria, his target list would appear in the New York Times, as he bitterly complained in his latest press conference. On 2/18/2017 1:46 PM, Marina Brown wrote: Again - are you Daft ? Assad is in a bitter fight with Isis - he would not leak that info. Of course Assad would not - but the State Department is supporting Isis, and would. And someone in the government, probably the CIA or the State Department did leak the equivalent info about the raid in Yemen to Al Qaeda, resulting in many injuries and a death. ...Not that i support that horrid dictator. I did work on the Streisand effect for Assad's regime. I totally support Assad. He stands between the US State Department, and the genocide of all Alawites, Christians, and all Shiites of Palestinian descent in Syria. The State Department aims to do to Alawites in Syria what it did to Tutsis in the Congo, and a side effect that they do not much care about or rather like is that Christians in Syria would get genocided also. Nonsense. Trump did not get the right info - he did not know how well defended the site was. Al Qaeda tells us that they knew what was coming. So chances are that the site *became* well defended shortly after the decision to attack it was made. There is a tendency to analyze security as if your home computer was secure, which it is not. But the error of analyzing security as if your organization was secure and cohesive is a greater error. Trump is at far greater risk of being spied on by the CIA and the State Department than the Russians, and the consequences of that spying are more severe. Similarly, Hillary was primarily concerned about Obama spying on her, and was right to be concerned. Petraeus should have been similarly concerned. So security really has to be in the hands of the end user, rather than the organization. Trump, Hillary, Podesta, Petraeus, and the Chairman of the Board are never going to use PGP, or even correctly use browser Certification Authorities. Podesta and Hillary's information technology guy did not seem to know what a website certificate is, or how it works.
Re: Broken Mailers [was: Google's Artificial Intelligence]
On February 18, 2017 3:50:36 PM EST, grarpamp wrote: >On Sat, Feb 18, 2017 at 3:11 PM, Razer wrote: >> Need some Whine with that gripe? > >Got any good Chardonnay, or a real shitty c-store Merlot? >;) How about a little Mad Dog 20/20? ;) *shudders remembering a 48hr hangover from mad dog as a teenager..* -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Fwd: [tor-relays] Proselytizing Tor at the General Strike
https://lists.torproject.org/pipermail/tor-relays/2017-February/011959.html -- Forwarded message -- From: Kenneth Freeman Date: Sat, Feb 18, 2017 at 3:44 PM Subject: Re: [tor-relays] Proselytizing Tor at the General Strike To: tor-rel...@lists.torproject.org On 02/15/2017 06:00 PM, Kenneth Freeman wrote: > On February 17, the day before Presidents Day, a general strike shall be > held against any and all things Trump. If Boise is having an activists > workshop, then there are plenty of tranches of fertile ground nationwide > to plant Tor browsers, relays, and exit nodes. (I meant the day before Presidents Day weekend, of course.) Nearly 200 people turned out for An Evening of Resistance Building, several of whom I introduced to Tor. I was even asked about the t-shirt. Speaking as a privacy advocate, it was an evening well spent. ___ tor-relays mailing list tor-rel...@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays 0xDD79757F.asc Description: application/pgp-keys signature.asc Description: PGP signature
Re: Broken Mailers [was: Google's Artificial Intelligence]
On Sat, Feb 18, 2017 at 3:11 PM, Razer wrote: > Need some Whine with that gripe? Got any good Chardonnay, or a real shitty c-store Merlot? ;)
Re: Broken Mailers [was: Google's Artificial Intelligence]
grarpamp: > On Sat, Feb 18, 2017 at 7:44 AM, Eugen Leitl wrote: >> I have received Anti-Tech Revolution (2016) as a scan. I've just checked, >> and it's also on LibGen. > > libgen +1 > > > A lot of user's mailers were mangling the subject line of the former thread > above that Razer copied from whatever idiot edited the original article. > Eugen's mailer was the first to permanently corrupt the non-ascii quote > marks into literal '?' question marks. > To prevent that, people should check and set utf-8 / 2047 in your settings. > Or update software as needed to support standards like rfc2047 > that have been in effect for more than 20 years. > > > MIME (Multipurpose Internet Mail Extensions) Part Three: > Message Header Extensions for Non-ASCII Text > https://tools.ietf.org/html/rfc2047 > > MIME Parameter Value and Encoded Word Extensions: > Character Sets, Languages, and Continuations > https://tools.ietf.org/html/rfc2231 > > Internet Message Format > https://tools.ietf.org/html/rfc5322 > > https://www.google.com/search?q=subject+line+utf-8+rfc2047+bugs > Need some Whine with that gripe? -- RR "You might want to ask an expert about that - I just fiddlefucked around with mine until it worked..."
Re: Building Global Community - Mark Zuckerberg
> Facebook founder Mark Zuckerberg has just published a 5,700 > word "letter" on his profile, where he asserts that Facebook > represents one of history's "great leaps." Point being he's a "malignant narcissist like Donald Trump, with a touch of megalomania. But perhaps I'm wrong about DT AND Zucchini.. Another psychiatrist recently pointed out Donald Trump doesn't exhibit the 'distressed behavior' of a narcissist, and although that pill-pusher didn't make a diagnosis (just debunked the "malignant narcissist" label), he amply supports my hypothesis that Trump is a full-on Psychopath. So is Zucchini boy. He LIKES to break things. It's as easy as ABC to diagnose. No Anxiety No Bonds No Conscience They infest the computer industry. -- RR "You might want to ask an expert about that - I just fiddlefucked around with mine until it worked..." > Lauren posted two interesting links about this subject on PFIR list. > Thanks, dear! :* > > == > > The Mark Zuckerberg Manifesto Is a Blueprint for Destroying Journalism > > https://www.theatlantic.com/technology/archive/2017/02/the-m > ark-zuckerberg-manifesto-is-a-blueprint-for-destroying-journalism/517113/ > > > A sprawling new manifesto by Zuckerberg, published to Facebook > on Thursday, should set off new alarm bells for journalists, > and heighten news organizations' sense of urgency about how > they--and their industry--can survive in a Facebook-dominated > world. > > == > > Op-ed: Mark Zuckerberg's manifesto is a political trainwreck > > https://arstechnica.com/staff/2017/02/op-ed-mark-zuckerbergs > -manifesto-is-a-political-trainwreck/ > > > F > acebook founder Mark Zuckerberg has just published a 5,700 > word "letter" on his profile, where he asserts that Facebook > represents one of history's "great leaps." Though he covers a > number of topics, what's most interesting is how he positions > Facebook as a force for political change in the coming years. > His goals are lofty, sometimes even grandiose. That's not the > problem. The problem is a fundamental contradiction built > into the way he hopes to create what he calls a "global > community" by essentially gerrymandering the Internet. > > --- > "Don't let anyone rob you of your imagination, your creativity, or your > curiosity. It's your place in the world; it's your life. Go on and do all > you can with it, and make it the life you want to live." - Mae Jemison >
Re: What kind of security matters
Marina Brown: > Nonsense. Trump did not get the right info - he did not know how well > defended the site was. Actually the reason so many women were killed was because the defenders weren't al-Qaeda, it was a village protection group which includes lots of females because most of the military age males are 'out of town' having picked sides and deployed, or more likely dead. I think the age of the average male in Africa is down around 16 years old because of that continent's ongoing battle, in so many ways, to keep the West at bay, but I haven't checked recently. Pretty sure the situation's the same in the middle east too.. Old men, and kids... The rest are dead or fighting in the field. -- RR "You might want to ask an expert about that - I just fiddlefucked around with mine until it worked..." > On 02/16/2017 07:47 PM, James A. Donald wrote: >> I remarked earlier that several security proposals would not in practice >> be useful because Hillary's main security concern was not the Russians >> stealing her emails, not Wikileaks stealing her emails, not the Chans >> stealing her emails, but Obama stealing her emails. >> > > Are you daft ? Obama had more important things than to go through > Hillary's emails. He already knew all about her and her failure as > Secretary of state. > >> Similarly, it is clear that if Trump had a chat with Assad of Syria >> clearing a bombing run Isis in Syria, his target list would appear in >> the New York Times, as he bitterly complained in his latest press >> conference. >> > > Again - are you Daft ? Assad is in a bitter fight with Isis - he would > not leak that info. ...Not that i support that horrid dictator. I did > work on the Streisand effect for Assad's regime. > >> Indeed this appears to be what has already happened with the Trump's >> raid on Al Qaeda in Yemen - the information wound up in the hands of Al >> Qaeda, probably by the State Department electronically intercepting >> Trump and Pentagon communications and then leaking the information to >> their pet "Moderate Islamic Opposition" aka Al Qaeda and Islamic State, >> and as a result several American commandos were killed or wounded. They >> got killed as a result of conflict between the red empire of the bases >> and the blue empire of the consulates. >> >> It very much looks as if Chief Petty Officer William "Ryan" Owens was >> killed as a result of people in the US government leaking information to >> the enemies of Americans. Trump in his recent news conference reports >> his phone calls are being listened into by his enemies and then made >> public, so the leak mechanism in the Yemen case was likely similar. >> > > Nonsense. Trump did not get the right info - he did not know how well > defended the site was. It was not a leak that made the attack fail it > was overly hasty action. Even Obama (the bomber) did not want to do that > action - he knew it as ill advised but the Chump was all go to do it not > knowing what was there on the ground - and it got a lot of people > including and American soldier killed. > > >> This is far from being the first deadly conflict between the red and >> blue empires, though the internal conflict within the US government >> looks to be escalating massively under Trump. >> >> In general, your biggest spying threat is from people mighty close to you. >> >> I am not worried about the CIA spying on me. I am worried about them >> spying on Trump. >> >> To solve this problem, we need end to end encryption with the keys on >> your own device. And we need everyone using by default and standard, so >> that Hillary's not very bright people and Trumps menials use it when >> communicating with Hillary and Trump. Which means all proposals that >> require managing their own keys are not going to work. >> > > Hillary's people manage to use Signal. I bet even Trumps crowd could > manage that. As always it is laziness that is the enemy of good crypto use. > >> For Hillary's people to use it, it needs to be so standard that even >> people arranging assignations on Facebook use it without being aware of >> it. That is why proprietary usb dongles will not work. >> >> It is unlikely that Trump would manage his own public keys - and he >> cannot trust the white house staff and government security people to >> manage them for him. It is even more unlikely that Podesta would manage >> his own public keys. So we need a security mechanism for the masses, a >> security mechanism that even the Chairman of the Board can use, a >> security mechanism suitable for everyone in the world, a security >> mechanism that requires zero clicks. >> > > Well i think the Hillary team managed it. AFTER all their stuff > was hacked. Little too late. I just wonder if the stuff that made it to > Wikileaks was unedited. The stuff i looked at was so insipid. > > > >> > > >
Broken Mailers [was: Google's Artificial Intelligence]
On Sat, Feb 18, 2017 at 7:44 AM, Eugen Leitl wrote: > I have received Anti-Tech Revolution (2016) as a scan. I've just checked, and > it's also on LibGen. libgen +1 A lot of user's mailers were mangling the subject line of the former thread above that Razer copied from whatever idiot edited the original article. Eugen's mailer was the first to permanently corrupt the non-ascii quote marks into literal '?' question marks. To prevent that, people should check and set utf-8 / 2047 in your settings. Or update software as needed to support standards like rfc2047 that have been in effect for more than 20 years. MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text https://tools.ietf.org/html/rfc2047 MIME Parameter Value and Encoded Word Extensions: Character Sets, Languages, and Continuations https://tools.ietf.org/html/rfc2231 Internet Message Format https://tools.ietf.org/html/rfc5322 https://www.google.com/search?q=subject+line+utf-8+rfc2047+bugs
Re: Building Global Community - Mark Zuckerberg
Lauren posted two interesting links about this subject on PFIR list. Thanks, dear! :* == The Mark Zuckerberg Manifesto Is a Blueprint for Destroying Journalism https://www.theatlantic.com/technology/archive/2017/02/the-m ark-zuckerberg-manifesto-is-a-blueprint-for-destroying-journalism/517113/ A sprawling new manifesto by Zuckerberg, published to Facebook on Thursday, should set off new alarm bells for journalists, and heighten news organizations' sense of urgency about how they--and their industry--can survive in a Facebook-dominated world. == Op-ed: Mark Zuckerberg's manifesto is a political trainwreck https://arstechnica.com/staff/2017/02/op-ed-mark-zuckerbergs -manifesto-is-a-political-trainwreck/ F acebook founder Mark Zuckerberg has just published a 5,700 word "letter" on his profile, where he asserts that Facebook represents one of history's "great leaps." Though he covers a number of topics, what's most interesting is how he positions Facebook as a force for political change in the coming years. His goals are lofty, sometimes even grandiose. That's not the problem. The problem is a fundamental contradiction built into the way he hopes to create what he calls a "global community" by essentially gerrymandering the Internet. --- "Don't let anyone rob you of your imagination, your creativity, or your curiosity. It's your place in the world; it's your life. Go on and do all you can with it, and make it the life you want to live." - Mae Jemison
Re: Google???s Artificial Intelligence Getting ???Greedy,??? ???Aggressive???
On Fri, Feb 17, 2017 at 07:31:42PM -0300, juan wrote: > On Fri, 17 Feb 2017 08:50:18 + > Eugen Leitl wrote: > > > On Thu, Feb 16, 2017 at 08:50:26PM -0300, juan wrote: > > > > > > > > > > > > "INDUSTRIAL SOCIETY AND ITS FUTURE" - Ted Kaczynski > > > > > > says lots of stupid things but makes some good points too > > > > > > > > > http://www.washingtonpost.com/wp-srv/national/longterm/unabomber/manifesto.text.htm > > > > > > > He has been publishing quite a few books lately. There is a method to > > his madness. > > > Any links? (apart from amazon haha) I have received Anti-Tech Revolution (2016) as a scan. I've just checked, and it's also on LibGen. > "Brother who turned in the Unabomber: 'I want him to know that > the door???s open' " > > That's a good one. If the door is open and we are lucky ted k. > may be able to shoot his piece-of-shit brother. On the other > hamd it's funny how kaczynski who defended 'family values' was > betrayed by his own family. > > > > https://www.theguardian.com/books/2016/feb/07/unabomber-ted-kaczynski-brother-david-kaczynski-every-last-tie-book > > > > > > > >