Re: Celsius 451 -the melting point of Cat-5 Re: network topology

[Eugene Leitl]

On Fri, 29 Mar 2002, Major Variola (ret) wrote:

> 3. Slow connections, slow machines

Thanks to gamers, ping latencies are getting better. ADSL is a pain, but
even 128 kBit upstream can be useful, if aggregated from multiple sites.
Queries for distributed P2P search engines should use ACKless protocols,
obviously.

> To resist 1. you can use port 80, which ISPs can't block without losing
> most 'legitimate' utility for the masses :-)  Or you use randomly

Um, you can, just block incoming connections. It's a problem with REST.

> varying ports and have to do more door-knocking.

If you run a P2P-agnostic firewall, you'll have a problem with random
incoming ports. I suggest camouflaging as bona fide traffic, including
gaming and streaming multimedia.

> To resist 2. you have to be able to randomly probe IP addresses to find
> a node.

Yes, probabilistic headless node discovery vs. a centralist approach.

> Now that I write it up, I realize a tree has the flaw that child nodes'
> queries must go through slow upstream links. So I will think about
> algorithms to grow meshes dynamically, robustly, to overcome that
> problem.

Don't use trees, trees are stupid. Use high-dimensional meshes.

> We welcome comments & pointers, and apologize for the rambling.

Re: Celsius 451 -the melting point of Cat-5 Re: network topology

[Eugene Leitl]

On Fri, 29 Mar 2002, Greg Broiles wrote:

> This sounds like a bad assumption to me - both because it seems
> unworkable given the size of the IPv4 address space (without even
> thinking about IPv6), and because randomly probing other machines isn't
> likely to be allowed (or successful) in a more security-aware
> environment, which is what the DMCA and its ilk are creating.

If we're talking about the physical layer, not the virtual layer, the size
of the address space is quite irrelevant, it's the density of occupation
(fraction of p2p nodes/total address space) that counts. In the beginning,
the density is low, so excessive scanning is necessary. However, you got
your P2P package from a place (unless you use the P2P network to
distribute own clients), and it could come with a number of last known
nodes to connect to. Depending on whether you optimize for performance
(high dimensionality) or high security (low dimensionality, prestige-based
nodes) you would use different strategies.

The physical layer of use-owned infrastructure is routed ad hoc mesh, with
the connectivity being typically restricted to nearest members. Also, you
will have dynamic nodes, which move around, and change their connectivity,
and lots of nodes popping in and out. For this, you wouldn't want to use
anything like TCP/IP but a geodetic routing scheme, which is
local-knowledge-only based. Basically zero admin traffic outside of your
direct neighbourhood, and a position fix for free, too. Latency is
typically bad as long you do only store-and-forward instead of
cut-through. Cut-through does make more sense with high local bandwidth
within cell and high link throughput (vacuum as FIFO, only spilling over
into local memory when your local cell bandwidth is exceeded).

> Also, from an inbound perspective, it's not sensible to respond to incoming
> queries from unknown users with potentially incriminating information -
> e.g., "If he's connected to my port 31337, he's here for my warez, I'll
> give him a full list!" - because what looks like an inbound "random probe"
> may be a sweep performed by hostile actors, e.g.,
>  or .

High security networks need to be cell-based, and use prestige as verified
by crypto authentication. Your transaction track makes you accrue mana. A
narc node would have to serve years before being admitted into local
cell's inner sanctum, which relativates the damage of a local cell gone
bust.

Also, it is only a question of time until we'll see (stealthy) internet
worms with p2p cargo. This could really boost a fledgling network into 100
kNode size virtually overnight.

> Naive "self-organization" is not a reasonable approach for a hostile
> environment. P2P content networks exist (and have always existed) in a
> hostile environment.

Problem with this is that P2P network designers typically operate in a
babe in the woods mode, while hardening the network properly is very hard.

http://freenetproject.org/cgi-bin/twiki/view/Main/WebHome
seems to be less clueless than most, but it's hard to evaluate it on
paper.

> Designs which depend on friendly behavior on the part of unknown
> counterparties are doomed. Eliminate the "friendly" assumption, or
> eliminate the "unknown" aspect of the counterparties before transacting
> with them.

Re: network topology considerations

[Eugene Leitl]

On Fri, 29 Mar 2002 [EMAIL PROTECTED] wrote:

> I'd like to discuss what the considerations are for
> network topology.  The particular topology
> I mentioned (which I've since been convinced
> isn't really a cube or torus after all) was

Torus only comes into equation when you're talking about a global network,
or orbiting assemblies (orbits are circular, try projecting an assembly of
2^n nodes on a surface of a sphere). Try mapping next-neighbour connected
2^n nodes on a 3d lattice into 1d. You can handle projections from higher
dimensions by looking at a normalized connection table.

Here's a snip from an old "paper" of mine:

 This table represents the 3-cube:

 ref. Binary Signs  binary connected
 ID   Count OffsetsIDs
 +---+-+--+---+---+  (alt.:
 | 0 | 000 |  +++ |  +4 +2 +1 | 4 2 1 |   perfect
 | 1 | 001 |  ++- |  +4 +2 -1 | 5 3 0 |   shuffle
 | 2 | 010 |  +-+ |  +4 -2 +1 | 6 0 3 |   stages (1,2,3)
 | 3 | 011 |  +-- |  +4 -2 -1 | 7 1 2 |   of the initial
 | 4 | 100 |  -++ |  -4 +2 +1 | 1 6 5 |   ref. ID)
 | 5 | 101 |  -+- |  -4 +2 -1 | 2 7 4 |
 | 6 | 110 |  --+ |  -4 -2 +1 | 3 4 7 |
 | 7 | 111 |  --- |  -4 -2 -1 | 4 5 6 |
 +---+-+--+---+---+

boolean 5-cube5-grid (open-space version.
  free links not shown)

-##-#---#---#---  -##-#---#---#---
#--#-#---#---#--  #-##-#---#---#--
#--#--#---#---#-  ##-##-#---#---#-
-###---#---#  -##-##-#---#---#
###-#---#---  #-##-##-#---#---#---
-#--#--#-#---#--  -#-##-##-#---#---#--
--#-#--#--#---#-  --#-##-##-#---#---#-
---#-###---#  ---#-##-##-#---#---#
###-#---#---  #---#-##-##-#---#---#---
-#--#--#-#---#--  -#---#-##-##-#---#---#--
--#-#--#--#---#-  --#---#-##-##-#---#---#-
---#-###---#  ---#---#-##-##-#---#---#
#---###-#---  #---#-##-##-#---#---#---
-#---#--#--#-#--  -#---#-##-##-#---#---#--
--#---#-#--#--#-  --#---#-##-##-#---#---#-
---#---#-###  ---#---#-##-##-#---#---#
###-#---#---  #---#---#-##-##-#---#---
-#--#--#-#---#--  -#---#---#-##-##-#---#--
--#-#--#--#---#-  --#---#---#-##-##-#---#-
---#-###---#  ---#---#---#-##-##-#---#
#---###-#---  #---#---#-##-##-#---#---
-#---#--#--#-#--  -#---#---#-##-##-#---#--
--#---#-#--#--#-  --#---#---#-##-##-#---#-
---#---#-###  ---#---#---#-##-##-#---#
#---###-#---  #---#---#-##-##-#---
-#---#--#--#-#--  -#---#---#-##-##-#--
--#---#-#--#--#-  --#---#---#-##-##-#-
---#---#-###  ---#---#---#-##-##-#
#---#---###-  #---#---#-##-##-
-#---#---#--#--#  -#---#---#-##-##
--#---#---#-#--#  --#---#---#-##-#
---#---#---#-##-  ---#---#---#-##-

Notice that the N=5 hypercube has a fractal connectivity in the connection
table.

> designed with the idea that it's important to
> be able to reliably query the entire network
> without sending any nodes duplicate queries.

I didn't have time to follow this discussion, but that requirement strikes
me as unreasonable. It is a really good idea to incorporate defectivity
into your network, whether virtual (mounted on top of existing networks)
or real, assuming they're to scale to a size beyond trivial.

If you consider the constraints of the physical layer (crossbars don't
scale, and latency limits bidirectional acknowledged protocols to short
links), you'll that doesn't leave you with too many choices.

Re: network topology

[Eugene Leitl]

On Wed, 27 Mar 2002 [EMAIL PROTECTED] wrote:

> I don't recall ever having read of this type of structure before,
> but it seems so obvious that I'm sure it's been discussed before.
> So is there a name for it? Does anyone use it? has it been
> shown to be utterly worthless?

You don't mean something like this:
http://www.perfdynamics.com/Papers/Gnews.html do you?

For myself, I used to call virtual high-dimensional lattice topologies
hypergrids, or n-grids.

Re: Define "signal" and "noise."

[Eugene Leitl]

On Sat, 23 Mar 2002, Aimee Farr wrote:

> The real issue seems more properly couched as salience. The blur here causes
> conceptual errors, and I would appreciate enlightenment, by way of an
> alternative taxonomy and any refs to recent papers measuring the "S/N ratio"
> within a channel.

There's no observer-invariant ranking of content. There's clustering,
though. User feedback paraphernalia attached to each message (say, X-Rank:
http://cpunx.org/cgi-bin/rank?agent=farr&rating=doublepluspunkalicious),
similiarly to Googlebar's smiley/frowny and a bit of clustering run
server-side could do wonders here. Trouble is, you'd need MUAs who are
aware of X-Rank, and/or attach ranking urls at the bottom of each message.
Plus, server-side infrastructure.

Re: design considerations for distributed storage networks

[Eugene Leitl]

On Sat, 23 Mar 2002 [EMAIL PROTECTED] wrote:

> If mojo failed in the way, and for the reasons you describe, the
> failure was not that it was money like, but that it was
> insufficiently money like.  Since the value of mojo was
> indefinite, its value could never be well matched to its purpose.

I think claims to Mojo's demise are a bit premature:

http://mnet.sourceforge.net/

The commercial part has folded, however the niche is clearly not
commercial.

Re: Let's knock off the "Reformatted" repostings of junky newsarticles

[Eugene Leitl]

On Fri, 15 Mar 2002, Tim May wrote:

> And even if they are not properly formatted posts, if they are just more
> fucking news articles, PLEASE DON'T WASTE BANDWIDTH by politely
> reformatting them and sending them again!

Right. Please subscribe to [EMAIL PROTECTED] (you could set
preferences to no email delivery), and send relevant stuff there. Keep
this list free of clutter.

decent full duplex voice crypto

[Eugene Leitl]

I've been playing with SpeakFreely yesterday (Win2k, not the Linux version
yet), and found the quality adequate (I'm using a high-quality USB
headphones) yet the CB-style mouse pressing objectionable.

Haven't had time to test PGPfone and Nautilus yet, so is there at all any
system with real full duplex? Linux version preferable (the Labtec Axis
712 USB headset can do full-duplex according to
http://info.fuw.edu.pl/~pliszka/linux-USB/ )

If there's no full-duplex crypto packages, alternative nominations for
other free true full-duplex VoIP is welcome.

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

Re: Interesting new cipher patent

[Eugene Leitl]

On Thu, 28 Feb 2002, Morlock Elloi wrote:

> As for PRNGs, if you can exchange million bits securely, the desired
> unicity distance (based on your paranoia level) will determine how often
> you must re-key.

Given system lifetime of a decade, and the rate of traffic (clearly a TBps
router leaks more than a few email messages), you might not have to rekey
at all.

> I am not sure that there is a *simple* prng with 10^6 bit state. Feeding

Okay, so there seems to be a niche for it. The simplicty refers to the
algorithm. Of course you have to represent the state, and a parallel
implementation would of course add a constant factor to each bit of state.

> million bits to 1-DES 64 bits at a time and using the output as the key for the
> next cycle could be one way for dilluting entropy.

Re: Interesting new cipher patent

[Eugene Leitl]

A question: assuming, you have a class of random number generators with
lots of internal state. (Lots: like >>10^6 bits). Let's say the evolution
through state space of that generator is provably reversible (or nearly
reversible), and that the Hamiltonian of the system is stochastic (system
evolution is a randomwalk in state space). The result is a pseudorandom
number generator with a ridiculously long periode, and good randomness of
output, obviously. A simple cypher based on it would exchange the
pseudorandom generator state (the key) through a secure channel,
similiarly to a one time pad.

Can someone point me towards papers describing construction of above
generators? I'm thinking about reversible cellular automata (is Gutowitz
the only guy who did CA crypto?) or automata networks with changing
connection geometry (i.e. the connection is also encoded in the state and
changes with each iteration) with the number of total iterations estimated
from lightcone considerations.

Point of this:

* algorithmic construction of PRNGs with provable properties
* lots of internal state, hence bit leakage even for a lot of messages
  buys attacker little
* scalable (add more state as hardware improves)
* directly mappable to hardware, very good parallelism

Any pointers?


On Wed, 27 Feb 2002, Khoder bin Hakkin wrote:

> Cipher mixer with random number generator
>
>Abstract
>
> An encryption device has a random number generator whose output is
> combined by exclusive-or with plaintext input which has been encrypted
> by a first block cipher. The combined exclusive-or output is encrypted
> with a second block cipher mechanism which produces a second enciphered
> output. The output of the random number generator is also encrypted by a
> third block cipher mechanism which produces a third enciphered output.
> The first and second block cipher mechanisms differ from each other.
>
> United States Patent
> 6,351,539
> February 26, 2002
>

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

Re: Recording Sunder on the Subway

[Eugene Leitl]

On Wed, 27 Feb 2002, Sunder wrote:

> Still having such stickers around is a good thing.  It lets the sheeple
> know they're being watched.  Maybe some of them will feel unhappy enough
> to complain about it.

I'm told they started installing cameras in the local buses (Munich,
Germany). Haven't seen them myself yet.

contributors to cpunx-news solicited

[Eugene Leitl]

Content so far:

http://groups.yahoo.com/group/cpunx-news/messages

Would welcome more contributors and more diversity of sources and
opinions. Alternative archive locations are also welcome (yahoogroups
won't fold overnight, but the interface sucks considerably).

Re: CDR: Re: [Reformatted] Eugene Leitl want to ban thoughtcrime

[Eugene Leitl]

On Sun, 24 Feb 2002, matt taylor wrote:

> You have to be an upover nutcase? Who banned nutcases? When? Where can I

I have no problem with nutcases, as long as they're not disruptive. You're
being disruptive to this list.

> appeal?EL should know all about the soviet abuse of psychiatry.

I don't want you instituionalized. I just want you to behave borderline
normally on this channel.

>   >>who's using this public resource for private dumping ground, <<
>
> If its public it cant be private.It's not *dumping either.Has EL complained

Yes, it's public, not your private property. So stop dumping your trash
here.

> to one of the hard spam merchants here?

I try to track down and report spammers whenever it is possible. You're
fortunately not hard to track.

> ALL the complainers and whingers were bested by me in debate that's easily
> checked.

?

>  >>while posting *a lot* (including profanity and casual death threats,
> iirc) <<
>
> A lot to you maybe but not in proportion to the noise.The fact I bested you
> in debate rankle? Profanity and casual death threats oh my! From an
> Australian! Gott in Himmel!

I don't give a damn about your death threats and profanity. Your ISP does:

http://www.nex.com.au/support/terms.htm

"The customer must not use their Internet access to annoy, harass or harm
other Internet customers.

The customer must not use their Internet access for any unlawful purpose
or in any unlawful manner."

Clear enough? Shall I pull up a number of your posts which are in
violation of these rules you accepted when you signed up with your ISP?

>  >>and constantly changing his email address, thus avoiding filtering.<<
>
> I have a meat addy and had to change my ISP recently,someone I vaguely
> remember making a fool of take's exception.
> I'll try and stay with my present ISP to humor the lunatic but he now says
> he's complaining to my new ISP!
> I deny altering adress's to avoid filtering and I can prove it.Proof of my
> alleged misdeeds looks thin to nonexistant.

I had to change my filtering rules thrice to block you. This means you're
not interested in being minimally disruptive, but actually trying to get
past people's rules. This won't do.

>   >>I don't propose the list policy to be changed, this particular forum
> should be unmoderated.<<
>
> Gee thanks Adolf.
>
>  >> However, complaining to Matt's ISP (whose terms he's clearly in
> violation with) <<
>
> Que? I didn't start sending large unsolicited e-mails and continue after
> being asked to stop.EL has.JJ and lord high executioner.

Yes, you're absolutely innocent. Matt Taylor, keep up polluting this list,
and I'll personally pull up the choicest of your fewmets, and forward them
to your ISP.

>  >>and some grassroot pressure (if there are 100 people on his list willing
> to send back each of his messages 10x, he's dealing with a 1000x
> amplification factor on each and single of his messages) seems to be in
> order. Does anyone see anything wrong with this plan? <<
>
> Well as recipient I could mention the shoot first and ask questions later
> aspect.Then theres the fact that I only post material here I can
> rationalize as being of some interest to at least some of you.I'm not

Who's thinking Matt Taylor contributes valuable material to this list? A
show of hands? Yohn Young, perhaps?

> sabotaging the list and have promised to keep my posts in proportion to the
> *hard* spam.Eugene is a unilateralist,a cowboy and is risking a repeat of a

At some point you were contributing at least 10 posts in my inbox.

> previous failed policy.Like the president he should be killfiled.All the
> whingers about me on this list have been made fools of by me in legit
> debate so their motives in attacking me are suspect.Pure ad Hominen from
> such imbeciles means I won the debate,why do people hate a winner indeed.I
> appeal to the sweet reason of the list.
> Until I figure out a way to counter this below the belt attack on me I

Returning all your emails to you is a below the belt attack? Huh?

> shall be forced to return all EL's stuff to him and here by hand.I would
> appreciate any tech advice from other list members,TIA.Kill the
> president,matt T.

Re: [Reformatted] EuroNazis want to ban thoughtcrime

[Eugene Leitl]

Let's recapitulate. We have a downunder nutcase who's using this public
resource for private dumping ground, while posting *a lot* (including
profanity and casual death threats, iirc) and constantly changing his
email address, thus avoiding filtering.

I don't propose the list policy to be changed, this particular forum
should be unmoderated. However, complaining to Matt's ISP (whose terms
he's clearly in violation with) and some grassroot pressure (if there are
100 people on his list willing to send back each of his messages 10x, he's
dealing with a 1000x amplification factor on each and single of his
messages) seems to be in order.

Does anyone see anything wrong with this plan?

On Sat, 23 Feb 2002, matt taylor wrote:

>  >>LONDON (Reuters) - Authors of emails and Internet postings that >
> contain racist or xenophobic material may face criminal charges under > a
> proposed European treaty that is dividing the Internet and law >
> enforcement communities. <<
>
> How about ANY material euronazi Eugene leitl doesn't like on this list?
>
>  >>From: Eugene Leitl <[EMAIL PROTECTED]>
> Date: Fri, 22 Feb 2002 12:19:45 +0100 (MET)
> In-Reply-To: <[EMAIL PROTECTED]>
> Sender: [EMAIL PROTECTED]
> 
>
> Because Matt Taylor won't keep a single email address, and thus making
> filtering him impractical, and because the cypherpunks list does not seem
> to encourage limits on communication I suggest returning every single
> message to him, whether manually, or via a procmail recipe.
> He stores information on cypherpunks archives, let us store a few large
> binaries in his inbox.
>

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

Re: Auto Keys RNG

[Eugene Leitl]

On Sat, 23 Feb 2002, Bill Stewart wrote:

> If the ignition key crypto communications happen out at the steering
> wheel, it's defeatable by basic hotwiring, but if they make the
> communications happen from the electronic ignition module, that's
> tougher to crack. The enterprising car thief _could_ carry around a set

Tougher indeed, if you decrypt the ignition table based on the secret in
the car key transponder. Something like a nuke PAL. (They're not doing
that yet, I know).

> of EPROMs for different car models - or could resort to car-jacking, or

They're not EPROMS. Last time I ran into them these are custom embeddeds
(68HC11, MC68k derivates on a custom serial packet bus for BMW, nowadays
they probably will use ARM), with most code in PROM, some EEPROM (nowadays
flash, I guess) and some RAM. You'd need an entire part, and they're not
available on the open market. (Assuming, you'll go to the pains of driving
up a flatbed truck to the parking lot, and a specialist who can exchange
and program controlled parts, which really asks for high end cars for the
effort to pay).

> social-engineering at parking lots. Fancy electronics don't know that

Looks easier that way.

> you stole the keys.
>
> But those attacks are more trouble than stealing an unattended car,
> and work equally well against non-cryptographic cars,
> so it's a real risk reduction.

Re: RSA shaken down for cash?

[Eugene Leitl]

Because Matt Taylor won't keep a single email address, and thus making
filtering him impractical, and because the cypherpunks list does not seem
to encourage limits on communication I suggest returning every single
message to him, whether manually, or via a procmail recipe.

He stores information on cypherpunks archives, let us store a few large
binaries in his inbox.

On Fri, 22 Feb 2002, matt taylor wrote:

> from:http://www.aci.net/kalliste/
> http://www.aci.net/kalliste/";>The Home Page of J. Orlin Grabbe
> - --
> VP Gore Strong-Arms Crypto Company, then Demands Donation
>
>
> Between 1995 and 1996 Al Gore called 44 people from the White house to
> solicit money for his re-election. Those calls netted the DNC over $2
> million dollars. The Vice President placed these calls from the White
> House on his DNC credit card. One person Mr. Gore called was Sandford
> Robertson, part owner of the San Francisco investment banking firm
> Robertson, Stephens and Co. The Vice President's call obtained $142,000
> from "Sandy" Robertson for the DNC. Yet, Sandy was already well known in
> the DNC camp. Between 1993 and 1997, Sandy Robertson or his wife donated
> over $700,000 to various campaigns, including $100,000 for Clinton's
> 1993 inauguration.
>
> Robertson, Stephens and Co. are also major financial backers of Security
> Dynamics, the present owners of RSA Inc. It was Robertson, Stephens and
> Co. that filed the agreement documents with the SEC (Security and
> Exchange Commission) for the merger of RSA and Security Dynamics in
> April of 1996. Of course, Robertson, Stephens and Co. were well paid to
> sponsor the RSA/SDI merger deal. Robertson and Stephens not only wrote
> the merger agreement between RSA and SDI they also underwrote the first
> two public offerings of SDI stock.
>
> "Robertson, Stephens & Company has provided certain investment banking
> services to Security Dynamics from time to time, including acting as an
> underwriter for each of the two public offerings of shares of the common
> stock of Security Dynamics. In addition, Robertson, Stephens & Company
> maintains a market in shares of the common stock of Security Dynamics.
> Furthermore, Robertson, Stephens & Company has acted as financial
> advisor to Security Dynamics in connection with the Merger for which a
> portion of our fees is due and payable upon delivery of this opinion and
> the remaining portion of our fees is due and payable contingent upon the
> closing of the Merger."
>
> SEC Merger Document April, 1996 ROBERTSON, STEPHENS & COMPANY LLC Edwin
> David Hertz
>
>
> Jim Bidzos, RSA chairman, stated that Al Gore personally lobbied him to
> sell the RSA crypto patents to the US Government. It is reported that Al
> failed and Bidzos walked out. Al Gore has never denied nor confirmed Mr.
> Bidzos's remarks about his effort on behalf of the US government. Yet,
> Jim Bidzos also took a trip to Beijing in late 1995. The result of that
> trip was second trip to Beijing in February of 1996 and a deal with the
> Academy of Science to sell encryption technology directly to the PRC
> government. The Clinton administration, quick to prosecute anyone who
> sold encryption outside the US, did nothing to stop the RSA deal with
> China.
> Al Gore tried to buy the rights to encryption technology from RSA for
> the US government. That was an official act performed by the Vice
> President. Al Gore has also played a major role in the Clinton
> Administration's Crypto policy. He was fully briefed early on about
> Clipper and later would lobby hard to push the draconian controls sought
> by the government.
>
> Yet, despite the obvious conflict of interest, Al Gore did not hesitate
> to solicit donations from the very same company he had just tried to
> strong-arm. Al dialed for money from the same company that needed the
> administration's approval for export.
>
> In the end... Money was exchanged and services were rendered. China now
> has the RSA crypto technology, Al Gore got the donation money and
> "Sandy" Robertson stands to become even richer.
>
> 1 if by land, 2 if by sea. Paul Revere - encryption 1775
>

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

RE: Pentagon Readies Efforts to Sway Sentiment Abroad (fwd)

[Eugene Leitl]

On Tue, 19 Feb 2002, Lucky Green wrote:

> So where is the news? Is it that the government is admitting to this
> well-known fact?

Admitting to run PSYOPS against allies has novelty at least to me.
Widespread realization of this results in loss of efficiency in
communication (everything is assumed to be a lie a priori unless proven
otherwise) and voter-driven change in policy (e.g. EU-US axis).

IP: Pentagon Readies Efforts to Sway Sentiment Abroad (fwd)

[Eugene Leitl]

"possibly even false ones"? "and even Western Europe". As official policy?
I wonder which genius comes up with those ideas.

-- Forwarded message --
Date: Tue, 19 Feb 2002 01:08:47 -0500
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: Pentagon Readies Efforts to Sway Sentiment Abroad

http://www.nytimes.com/2002/02/19/international/19PENT.html


By JAMES DAO and ERIC SCHMITT

The Pentagon is planning to provide news items, possibly even false ones,
to foreign media in order to influence public opinion in both friendly and
unfriendly countries.
The plans, which have not received final approval from the Bush
administration, have stirred opposition among some Pentagon officials who
say they might undermine the credibility of information that is openly
distributed by the Defense Department's public affairs officers.

The military has long engaged in information warfare against hostile
nations — for instance, by dropping leaflets and broadcasting messages into
Afghanistan when it was still under Taliban rule.

But it recently created the Office of Strategic Influence, which is
proposing to broaden that mission into allied nations in the Middle East,
Asia and even Western Europe. The office would assume a role traditionally
led by civilian agencies, mainly the State Department.



For archives see:
http://www.interesting-people.org/archives/interesting-people/

RE: Say a goodnight prayer for joshua.

[Eugene Leitl]

On Thu, 14 Feb 2002, Trei, Peter wrote:

> There's a fine balance between assuming a common background
> which provides shorthand referents, and being a showoff.

Um, I resolved the references just fine. It's just I missed the context,
because proffr goes to /dev/null

RE: Say a goodnight prayer for joshua.

[Eugene Leitl]

On Thu, 14 Feb 2002, Aimee Farr wrote:

> See Clausewitz.
> See 49 BC Julius Ceasar.

See "failure to provide context".

Re: DC to get spycams --"no choice but to accept it"

[Eugene Leitl]

On Wed, 13 Feb 2002, Greg Newby wrote:

> In Brin's world, there would also be cameras in the DC police
> departments for us to watch the watchers.  More:

Shouldn't mention Brin, as his symmetry assumption (re quis custodiet) is
never true, yet interpreted superficially is very much like public
biometrics apology.

Near-future high-quality biometrics extraction could be cheaply integrated
into surveillance gear, and given ubiquitous wireless allow realtime
database matching and data warehousing. Such capabilities are much too
powerful to trust people with.

RE: Say a goodnight prayer for joshua.

[Eugene Leitl]

On Wed, 13 Feb 2002, Aimee Farr wrote:

> Jim Bell was arrested for stalking "protected persons." Not even our
> military is exposed to the sort of personalized fear and exposure that
> public servants and their families experience today.

Maybe they shouldn't have become public servants, then.

> "War is an act of force to compel our enemy to do our will." Where a
> man's family is concerned, words count.

WTF is this supposed to mean?

> I'm fairly certain you just crossed the Rubicon.

You make even less sense than proffr.

Shmoo Group - Software security geek site (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Fri, 8 Feb 2002 10:41:54 -0800
From: Mr. FoRK <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Shmoo Group - Software security geek site

I love the word 'shmoo' (but I'd spell it 'schmoo')
--

http://www.shmoo.com/

About The Shmoo Group

Who we are
The Shmoo Group was formed on or about March 1999 utilizing several ice cold
Guinesses and some youthful idealism. We're a group of security, system, and
network professionals who all have a bit too little free time and a few too
many ambitions. To that end, we decided to start up a security resource on
the web that would pretty much be a free-form, hippy-love event. What we
ended up with is what you see here.

What we do
TSG has many ongoing projects. We run 2 news sites, Securitygeeks and
Macsecurity.org. We write software as needed (check out Osiris and FEMA). We
also partake in various acts of crypto and security advocacy such as the
Capture the Capture the Flag and the RSA Party Planner. Last but not least,
TSG maintains a large list of web resources including mail archives
(bugtraq, FW1, IDS, etc), crypto source code, a MAC address search and ccTLD
search, and list of resources on writing secure code.



http://xent.com/mailman/listinfo/fork

RE: list spam, game theory, etal.

[Eugene Leitl]

On Wed, 6 Feb 2002, Trei, Peter wrote:

> This is abuse of the whole notion of a mailing
> list as a place of discourse. It is a sociopathic
> disregard for everyone who uses the list as a
> place for discussion and persuasion. It is more
> contemptable than even spam.

1) he's nuts. he won't listen to you.
2) somebody please post that procmail recipe which would clog up his
   mailbox

Re: Morphing Idiot

[Eugene Leitl]

On Fri, 1 Feb 2002 [EMAIL PROTECTED] wrote:

> On Fri, 1 Feb 2002, proffr11 wrote:
>
> > Date: Fri, 01 Feb 2002 19:43:44 +1100
> > From: proffr11 <[EMAIL PROTECTED]>
>
> This is becoming Usenet: you shitcan one address, and he starts using
> another.

Er, could somebody please kindly repost that evil procmail recipe (the one
with the remailer feature)?

Re: Speak-Freely and a Telephone (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Fri, 1 Feb 2002 14:52:16 -0800 (PST)
From: Jeffrey Streifling <[EMAIL PROTECTED]>
To: Alejandro Néstor Vargas <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Speak-Freely and a Telephone

> > I read your message with great interest because I wanted to connect
> > Speak-Freely with a telephone also.  I do know there were a group of
> > developers creating software drivers for this purpose, but for some
> > reason the development has been stopped.
>
> Well... I hav not much time but I can help if the project is already
> started. If you can help, may be we could continue the project. Where do
> you seen this?
>
> > With this type of setup, Speak-Freely becomes a very very powerful
> > communications tool.

I have done this.  I set up a Speak Freely to POTS gateway that allowed
somebody to connect to the machine over the Internet and make an outbound
call from the machine, which ran unattended.

This turns out to be a fairly difficult thing to do.
(1) Because there is no way to manage line turnaround from the remote
telephone, you must do everything the full-duplex way.

(2) To run unattended in an obvious way, you will probably want to base
your system on a Unix-like platform, BUT a lot of Unix-like platforms
restrict to you half-duplex.

(3) You cannot wire a sound card to the phone line in the obvious way and
expect to do full duplex.  Everything you drive onto the wire from the DAC
will feed back into the ADC real loud, making communication impossible.
To solve this, you will need a specially wound transformer called a
"hybrid coupler".  Internally, they are not all that complex, and they
show up in a variety of telephony equipment, but the kind of thing you
will want for this job is a bit of a rare item.  The best way to do this
is to talk to find your friendly amateur radio operator and ask how to get
a phone patch.  You will still need to know how to wire up small
amplifiers and resistor networks to handle the impedance transformations.

(4) If you are connecting to a POTS line, you need a way to control your
output impedance.  High impedance = on hook; low impedance = off hook.  If
your hybrid is high impedance, you can put a Hayes style modem in parallel
with it to manage dialing and hookswitching.  If your hybrid is
low-impedance (forcing the phone off-hook), you will need to retrofit it
with a relay to hang up the line with, and make the necessary arrangements
for controlling it.  (Remember how pulse dialing works?)

(5) There are several cans of worms on the computer side, including
management, security, CPU management, and others.  I never did get a good
interface worked out for the whole mess.

Rather than pull your hair out, you should consider getting hardware that
is suited to the job (Quicknet makes something called the Linejack, and
there is a company called Voicetronix which would be useful for larger
setups).  Rather than use Speak Freely, which is oriented to interactive
use, try something along the lines of the tools from www.openh323.org.
H.323 does not really address encryption (to my knowledge); use CIPE.

Actually, the encryption in Speak Freely (at least the current Unix
version) has a number of problems.  The two grossest problems are the fact
that the one-time pad is not one time (it's one time per packet) and the
fact that the IDEA encryption uses the cipher feedback mode with an all
zero initialization vector, thereby encrypting the first eight bytes by
XORing them with a constant (the not-so-onetime-pad problem, round two).
This trivially "gives away the farm".  More minor issues include the fact
that text chat is not encrypted (from what I can tell), and DES has too
short a key to be of much use anymore.  The moral of the story is, "Use
Blowfish!".  (Is there a fix in the works?)

Anyway, my project never did work all that well -- it was short on CPU
power, my prototyped (unshielded) circuits picked up a lot of noise, the
interface was clunky, grounding was problematic, and keeping the signal
amplitude at reasonable levels through the whole apparatus turned out to
be a nightmare.  Good luck; you'll need it!

Jeffrey Streifling
<[EMAIL PROTECTED]>


  * * *

To unsubscribe from this mailing list, send E-mail containing
the word "unsubscribe" in the message body (*not* as the
Subject) to [EMAIL PROTECTED]

Re: biometrics (fwd)

[Eugene Leitl]

On Sat, 26 Jan 2002, Jim Choate wrote:

> Yowzer!!!
>
> Step away from the PCB!

Thermite is too slow. What you need is something quick which blows away
your secrets, not your digits. While not as elegant as recent nanoporous
silicon/oxidizer, some 100 mg of electrodetonated (electrolyte capacitor)
lead azide on top of the die would do. Another possibility is to make part
of the die package from HE (but you still need a primer to set it off).

Re: aibo and the dmca (fwd)

[Eugene Leitl]

On Fri, 25 Jan 2002, Michael Motyka wrote:

> The whole fucking thing is absurd. The idea that I can't hack around
> with a piece of HW that I paid for is OBSCENE. Not that I am in the
> least interested in aibo but the priciple is a real problem.

Sony is very nazi about it (which is the reason I never buy anything from
them). I'm surprised you never ran into policies of Sony or several other
Japanese companies.

[linux-elitists] NYLUG.org Invitation to LinuxWorld pub event inNYC, Jan 31st @7:45pm (fwd)

[Eugene Leitl]

-- Forwarded message --
Date: Fri, 25 Jan 2002 10:33:26 -0500 (EST)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED], nylug-talk <[EMAIL PROTECTED]>,
 nylug-announce <[EMAIL PROTECTED]>
Subject: [linux-elitists] NYLUG.org Invitation to LinuxWorld pub event in
NYC, Jan 31st @7:45pm

Elitists and Nyluggers,

If you plan to be in New York City for the LinuxWorld Expo show,
I hope you'll join us to sign pgp keys at an after-show pub event.

At the conclusion of Drew Streib's BOF (Birds of a Feather)
OpenPGP talk around 7:30pm, everybody will walk over to the
Tir Na Nog bar located nearby on 8th Avenue between 33rd and
34th Streets. A section in the cathedral bar area is reserved
for us. Check it out: www.tirnanognyc.com/4.html

When the exhibits close at 6pm, people from the New York Linux
Users Group booth will walk over to Drew's BoF located in room
1E13 downstairs on level 2. Here's more info on the talk:
www.linuxworldexpo.com/confprogram/wc/sub_pages/sub2.shtml#Importance

__
** After-Show Pub Event Details **
Thurs 31 January, 2002
7:45pm
Tir Na Nog bar and restaurant
5 Penn Plaza
8th Avenue between 33rd and 34th Streets
map: http://tirnanognyc.com/2.html


We will mostly be hanging out, signing each other's keys, and
discussing Linux.

In the remote event that you can not meet us ;)
please be sure to look us up the next time you are in town.

- Jim

http://www.nylug.org
http://linuxworldexpo.com
http://www.nylug.org/keys


Jim Gleason VA Software
email: [EMAIL PROTECTED]   http://www.vasoftware.com
phone: 212-858-7684 Pres. New York Linux Users Group
fax: 212-858-7685   http://www.nylug.org



___
linux-elitists
http://zgp.org/mailman/listinfo/linux-elitists

Re: More clueless news forwardings

[Eugene Leitl]

I would suggest to use http://groups.yahoo.com/group/cpunx-news/ as a
newsticker/cpunks news dumping ground while keeping the main list free
from twitter.

On Sun, 20 Jan 2002, Tim May wrote:

> Recently arrived here from Choate Prime, Jei the Finn sends us 12 (that
> I counted) forwarded news items on Saturday. I guess he thinks we need
> Yet Another News Forwarding Service.
>
> He joins mattd, Choate, Hettinga and others in the filter file.
>
>
>
> --Tim May
> "That the said Constitution shall never be construed to authorize
> Congress to infringe the just liberty of the press or the rights of
> conscience; or to prevent the people of the United States who are
> peaceable citizens from keeping their own arms." --Samuel Adams
>

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

Re: Responsibility.

[Eugene Leitl]

On Thu, 17 Jan 2002, Aimee Farr wrote:

> When you paint targets on people, other individuals may cause them
> harm, seeking some measure of your acceptance. Some here might have

Luckily, only individuhhals here. So, keep painting.

> actual "followers," not fans or confederates-in-cause. Some
> individuals here, and you even as a group don't have to "ask" for
> somebody to be hurt, just imply that it is consistent with your
> wishes. When somebody expresses targeted violent sentiments, and you

Can people be responsible for actions of crazy people?

> don't correct them, they perceive that as a ratification. (While
> "mattd" is a self-identifier, others might not be. You might not even
> know about them.) Such "suggestions" are a time-tested method of
> obtaining plausible deniability for violent political action.

I'd rather prefer to think of this as a rowdy bar. A place to have fun, a
place to get a bloody nose, possibly.

> I would think SOMEBODY can at least make the effort to say something
> when violent sentiments are expressed.

Why? Consenting adults here, last time I looked.

> Guess not.

IP: Pres. Bush to Head-Up National ID System (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Fri, 11 Jan 2002 19:55:58 -0500
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: Pres. Bush to Head-Up National ID System


>Date: Fri, 11 Jan 2002 18:14:24
>To: (Recipient list suppressed)
>From: [EMAIL PROTECTED]
>
>
>
>SCAN THIS NEWS
>1.10.2002
>
>Pres. Bush to Head-Up National ID System
>
>As previously reported here, Congress has recently directed the US
>Department of Transportation to establish model guidelines for encoded data
>on driver's licenses issued by states as part of the 2002 transportation
>funding legislation.
>
>The Congressional directive also instructs federal agencies to work together
>towards development and installation of fingerprint or retinal scanners at
>airports which will read and verify data stored on the license documents.
>
>The directive constitutes formal establishment of a national ID system under
>the leadership of President George W. Bush as chief executive of his
>administration.
>
>According to the Congressional report the system will be used for national
>security and to prevent fraud. It will also be used to stop "underage
>drinking".
>
>The newly established Department of Transportation safety agency will manage
>a federal database linking state driver information.
>
>The 1993 Driver's Privacy Protection Act (DPPA), codified at Title 18,
>Section 2721, will serve as the authority for this program. The Act
>~requires~ states to release personal information from  motor vehicle
>records for purposes of national defense (security) and matters involving
>national or regional emergencies; all under direction of the President.
>
>The DPPA also authorizes the Secretary of Transportation to collect and
>collate transportation related information whenever the Secretary decides
>such collection will contribute to the improvement of the transportation
>system of the United States.
>
>The American Association of Motor Vehicle Administrators (AAMVA) has already
>drafted a national ID standard. One of the required features of the AAMVA
>standard is digitally encoded inclusion of Social Security Numbers -- even
>though it is often claimed by proponents that SSNs would not be included.
>
>The AAMVA national ID standard also incorporates fingerprint and digital
>photo criteria.
>
>AAMVA's standards director, Nathan Root, was recently quoted -- in an effort
>to counter opposition to their national ID scheme -- saying, "they're giving
>these systems too much credit in even assuming that somebody would be able
>and interested to track everybody's whereabouts and
>doings."
>
>If you believe Nathan Root, you deserve a national ID.
>
>---
>
>CONFERENCE REPORT ON H.R. 2299, DEPARTMENT OF TRANSPORTATION AND
>RELATED AGENCIES APPROPRIATIONS ACT, 2002 (H.R. 2299)
>ftp://ftp.loc.gov/pub/thomas/cp107/hr308.txt
>Conference Report (H. Rept. 107-308)
>
>Model guidelines for encoded data on driver's licenses.--
>In light of the terrorist attacks of September 11th, it is clear that all
>levels of government need to work in concert to deter and prevent future
>attacks. One means of doing so is to ensure that individuals asked to
>identify themselves are not using false identities. The increasing
>availability through the internet of expertly crafted false identification
>makes the task very difficult. The conferees are aware of technology,
>existing today, that can quickly scan any encoded data on the reverse of a
>driver's license to validate the license as legitimately issued. By
>reviewing personal data encoded on the license, it can also be used to
>assist in making a quick determination that the person displaying the
>license is the person to whom it was issued. The conferees strongly
>encourage the department to consider the development of model guidelines
>specifying the types of encoded data that should be placed on driver's
>licenses for security purposes, and to work in concert with states and
>related licensing bodies toward the early implementation of such measures.
>This could benefit the nation's efforts to improve security as well as
>assist in reducing fraud and underage drinking.
>
>Document and biometric scanning technologies.--
>Document and biometric scanners linked to federal databases by computers and
>containing advanced authentication capabilities would facilitate the
>processing of background checks, provide fingerprint and additional
>biometric identification capabilities, and authenticate documents presented
>for identification. It is the conferees' understanding that such off the
>shelf, commercially available technology is in use or being tested by the
>Immigration and Naturalization Service. The conferees encourage FAA to
>assess such document and bio

Re: Random Data Compressed 100:1 (Guffaw)

[Eugene Leitl]

On Tue, 8 Jan 2002, Steve Schear wrote:

> combinations/permutations and auto correlations to code for the runs.  I
> say attempted, because I was never able to find acceptable algorithms to
> satisfy my requirement.  I still believe these algorithms exist, it was
> just my limitations in identifying the underlying math needed.

http://www.google.com/search?q=IFS+image+compression&sourceid=opera&num=100&ie=utf-8&oe=utf-8

Prisoner on line discussion (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Sat, 5 Jan 2002 15:28:18 -0600
From: Joyce Scrivner <[EMAIL PROTECTED]>
To: silent t <[EMAIL PROTECTED]>
Subject: Prisoner on line discussion


I've got video tapes (from the tv) of all the episodes and some odds and
ends of other things.  Fun show.

- Original Message -

>
> At 3:33 PM -0800 1/4/02, Laissez Faire Books wrote:
> >Julian Sanchez will be hosting a discussion board on The Prisoner Series.
> >Come join in and pick Julian's brain on the series or discuss it's finer
> >points with other fans. This board will begin on January 11th, get your
> >questions ready!
> >
> >
> >==> RECENTLY ARRIVED IN STOCK
> >
> >THE PRISONER
> >Complete Set on DVD
> >By Patrick  McGoohan
> >A&E Television, 2001
> >
> >One of the most challenging and thought-provoking television series of
all
> >time, THE PRISONER is the strange saga of a former government operative
> >(Patrick McGoohan) sent to a twisted prison called "the village." Known
> >only as No. 6, he engages in a battle of wills with the powers that be
> >(represented by the nefarious and constantly changing No. 2 and a
bizarre,
> >chilling presence called "the Rover") that wish to extract his secrets
and
> >break his spirit. Digitally re-mastered and presented in its original
> >order, this set includes all seventeen episodes of the unforgettable
series
> >that introduced a whole new type of hero to the TV world.
> >
> >FN8564, 10 DVD Videos, 884 min
> >List Price: $199.75
> >Our Price: $149.95
> >You Save: $49.80 (25%)
> >http://www.laissezfairebooks.com/product.cfm?op=view&pid=FN8564&aid=10154

*** [EMAIL PROTECTED] *** joyce scrivner *** All My Own Opinions ***
"Transported to a surreal landscape, a young girl kills the first woman she
meets and then teams up with three complete strangers to kill again." --
Marin County newspaper's TV listing for THE WIZARD OF OZ

Re: "Shoe bomb" and "how to defeat spyware"

[Eugene Leitl]

On Tue, 8 Jan 2002, Ken Brown wrote:

> that triacetone triperoxide can be home-made, and has intriguing

HMDT is another "alternative". Really fun to work with:

Newsgroups: rec.pyrotechnics
Subject: Re: HMDT
Date: 10 Mar 92 04:53:20 GMT
Organization: Tampere Univ. of Technology, Finland.
:
:
  Well, I put a small piece of HMTD into a brick, and hitted it with a
hammer, and it didn't detonate. I also tried a 'spark-test' from a
lighter, and didn't managed to detonate HMTD. ( Indeed in ntp, and in
normal condition, HMTD wont detonate If you light it, It'll burn like
cellulose nitrate - with a yellow flame. Well, I was more than
Happy to see, That I'd found A PERFECT Primary-explosive to detonate
high-explosives.
  Well At the July of 1989 It happened, I was damping HMTD into a .22
LR copper cartridge, with a standart match, you see holding that
cartridge in my left hand ,when it suddendly detonated, A HUGE explosion,
and I found that for some reason, my hand was bleeding abt 1/2 liter
of blood per min ( 1/9 gallon per min ) , and I could see my bone
'shining' through scraped human tissue.

   Epiloque. Never NEVER load B-caps in your hand, Always use special
tamping device when loading Blasting caps - any other use for HMTD is
silly - Believe me, I had hitted HMTD with a Hammer, It didn't
detonate, and now, when I try to load that stuff from same batch into
a copper container, It detonates, even I press with maybe 1/2 kg
( = 1 pound ) force it.
   Maybe the batch was impure, but believe me, It really explode
without no reason. I must say that HMTD is a good explosive, but It's
truly unpredictable. I'm sure that there are many others in this
newsgroup who can tell the same thing - months of hard handling, and
then, a explosion by a minumum force.
:
:

> reference to "ping pong balls dissolved in acetone". Interestingly,

They're made (or used to be made until very recently) from celluloid,
nitrocellulose of low degree of nitration plasticized with camphor. It is
soluble in acetone, but diethylether/ethanol is a better solvent. I don't
see this being anything else than binder, stabilizer or desensibilizer for
the organic peroxides/PETN.

> despite scare stories, a simple google search doesn't turn up details
> on how to make the stuff (neither does the Science Citation Index,
> which might have been a better bet, though I imagine anyone with
> access to a University library could get the information)

A simple Google search should pull up dozens of links on how to make it.

Don't. If you don't know how to make it, it means you can't handle it
safely. Quantities of organic peroxides in novice's hands will quickly
make them missing digits, or Worse. Organic peroxides are much too
instable to be safely worked with, period.

> And google has just told me that the husband of a colleague of mine
> has published a paper on PETN - thousands of tons of which are
> apparently manufactured every year and used in industry and medicine
> (it is a vasodilator and cardioactive drug). So it might not be too
> difficult to find that for sale.

http://www.faqs.org/faqs/sci/chem-faq/part3/section-2.html
See: 13.8 What is the chemical structure of common explosives?

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

Shoe bomb (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Sun, 6 Jan 2002 22:32:31 -0500
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Shoe bomb


At 1:02 am -0800 12/26/01, Talley, Brooks wrote:
>This guy, for example, tried to light plastic explosives with a fuse
>(10% success rate at most), using a smelly match rather than a lighter,
>and did so while sitting in his seat rather than in a lavatory.  Was he
>asking to be caught, or just incredibly stupid?

He was seated close to the fuel tank. The explosive is essentially just
a primer for the fuel.

The following article is pretty unsettling, in that it makes the case that
  - the technique is carefully thought out, and
  - there will be more of these attacks, and
  - there aren't good ways to stop them.

-Olin

---
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2002/01/06/MN222117.DTL
Shoe-bomb flight -- a trial run?
U.S., British officials fear similar attacks in the works
Simon Reeve, Special to The Chronicle
Sunday, January 6, 2002

London -- As investigators gather evidence about possible links between
alleged airline shoe-bomber Richard Reid and the al Qaeda terrorist
organization, intelligence officials on both sides of the Atlantic are
floating a disturbing theory: that Reid's bombing attempt may have been a
"trial run" for future, simultaneous attacks against passenger jets to be
carried out by supporters of Osama bin Laden.

U.S. and British intelligence officials believe that the British citizen on
American Airlines Flight 63 from Paris to Miami on Dec. 22 was a "foot
soldier" sent to check the destructive power of shoe bombs against civilian
targets.

One senior British intelligence official said there are indications that "more
than a few, but less than a dozen" individuals may be preparing similar
attacks in the near future.

These officials cite similarities with a weapon developed by Ramzi Yousef,
mastermind of the 1993 World Trade Center bombing, who plotted a series of
simultaneous attacks on U.S. airliners in the mid-1990s.

"There is a definite pattern here with Yousef's past attacks that we would be
foolish to ignore," said one highly placed intelligence official. "They have
tried this before, and they are trying it again."

During the flight, Reid allegedly tried to detonate explosives hidden in his
shoes with a lighted match. Crew and passengers averted a disaster by jumping
on the 28-year-old London-born suspect.

"MOTHER OF SATAN" BOMBS

Preliminary studies by the FBI indicate Reid's black suede basketball shoes
contained between 8 and 10 ounces of the explosive triacetone triperoxide, or
TATP -- called "The Mother of Satan" by Palestinian militants, because its
inherent instability makes it dangerous to both the victims and bomb maker.

The TATP in Reid's shoes was "blended" with an explosive called PETN, or
pentaerythritol tetranitrate, which can be ignited with a normal cigarette
lighter. PETN is a key ingredient of Semtex, the Czech-made military explosive
used to down Pan Am Flight 103 over Lockerbie, Scotland, in 1988.

"These bombs are sophisticated devices," said the British intelligence
official. "They would have been difficult and dangerous to produce. Reid could
not have done this himself -- he would have trouble tying his own shoelaces.
It seems we may have an expert bomb maker on the loose in Europe."

LINKS TO 20TH HIJACKER

Among the links being pursued by investigators are telephone conversations,
known to British intelligence, between Reid and Zacarias Moussaoui, the so-
called "20th hijacker" who was indicted on conspiracy charges in connection
with the Sept. 11 attacks, and reports that the two worshiped at the same
mosque in London. Moussaoui's attorney entered a plea of not guilty for his
client in Virginia last week.

Investigators are also probing the origins of the money used by Reid, who has
no visible means of support, as he traveled to seven different countries last
year.

Among the cities Reid visited was Amsterdam. The Binnenlandse Veiligheids
Dienst (BVD), the Dutch security service, is trying to reconstruct Reid's
movements and to establish whether an al Qaeda cell there may be plotting
attacks on passenger jets.

Reid has told FBI agents that he contacted Dutch arms dealers via the Internet
and paid $1,800 for the explosives. But intelligence sources speculate that
Reid obtained them from an al Qaeda explosives expert in Amsterdam, who
adapted the shoes in preparation for Reid's attack.

FBI agents and British anti-terrorist officials, meanwhile, have concluded
that the shoe-bomb plot originated with the ideas of Yousef, an early al Qaeda
operative who suggested flying passenger jets into buildings.

Re: Hackers Targeting Home Computers (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Mon, 07 Jan 2002 11:15:48 -0800
From: Hack Hawk <[EMAIL PROTECTED]>
To: Kent Borg <[EMAIL PROTECTED]>,
 Eugene Leitl <[EMAIL PROTECTED]>,
 [EMAIL PROTECTED]
Cc: Hadmut Danisch <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Hackers Targeting Home Computers

Although I originally used the word filter to describe a possible ISP
action to address certain problems, the following statement from KB was
more what I meant to suggest.  And also Lynn Wheeler's statement about
Dynamic IP addresses not being allowed to host HTTP services because it's
not in the consumer/client agreement anyway.

At 09:02 AM 1/7/02 -0500, KB wrote:
>Once word gets out that letting your computer be breached can get your
>internet account suspended, people might start applying patches, Linux
>might start making some inroads, and Micro$oft might quit shipping so
>many new bugs every week.

Now, since the suggestion/idea prompted several responses, I'd like to
offer one other opinion to see what some of you think about it.  I know
that it's possibly been discussed here before, but hopefully I won't get
flamed too bad.  :)  Sorry, I'm kind of new to this particular list.

When I performed my experiment a few months back, I had the idea to create
a Code Green worm (like somebody actually did) that would go out and
forcefully patch those vulnerable systems.  I even went as far as
developing a small tftp daemon that could serve up the CG virus to other
infected systems for a short period of time.

In light of all the discussion I've previously read on such matters, I
decided against implementing the CG counter Virus.

However, I'm starting to think that such counter viruses aren't such a bad
idea, and here's the primary reason *why* I believe that.

Currently, our government (people like Ashcroft) are slowly taking away our
freedoms in an effort to gain control over the problem.  Personally, I have
a real hard time with this.  I don't like Ashcroft and others like him
having the ability to come into my home and phone lines and monitor
everything I do.  If they just happen to label me as a potential terrorist,
then I'm basically f*#$ed and loose all my rights.

I fully appreciate the dangers of our world, and why somebody like Ashcroft
may want to sacrifice our liberties to gain control of worldly
problems.  However, there is *another* way.  We can either sit back, and
let people like Ashcroft take control of the cyber situation, or we can
step up to the plate, and take control of the problem ourselves.

My non-technical mailing list was my first non-intrusive step up to the
plate.  Perhaps in the future, stepping up should be a little more
intrusive.  If the freedoms I value so much are at stake, then maybe the
rewards outweigh the risk of damaging someone's ego by patching their
systems for them.  IMHO.

- hawk




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Detweiler, Vulis, Toto, John Young, and mattd

[Eugene Leitl]

On Sun, 6 Jan 2002, Tim May wrote:

> I'm thinking there's some common miswiring in the brains of these folks.

If you think cpunks are bad, try cryonicists. Ugh.

IP: Judge OKs FBI Keyboard Sniffing (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Sun, 06 Jan 2002 13:46:30 -0500
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: Judge OKs FBI Keyboard Sniffing

[ In keeping with protocol, I was an expert witness (pro-bono) for the
defense and submitted several affidavits on the technical issues djf]


> http://www.wired.com/news/privacy/0,1848,49455,00.html
>
>Judge OKs FBI Keyboard Sniffing
>By Declan McCullagh
>2:00 a.m. Jan. 4, 2002 PST  WASHINGTON -- The Justice
>Department can legally use a controversial electronic surveillance
>technique in its prosecution of an alleged mobster.
>
>In the first case of its kind, a federal judge in Newark, New Jersey has
>ruled that evidence surreptitiously gathered by the FBI about Nicodemo S.
>Scarfo's reputed loan shark operation can be presented in a trial later
>this year.
>
>U.S. District Judge Nicholas Politan said last week that it was perfectly
>acceptable for FBI agents armed with a court order to sneak into Scarfo's
>office, plant a keystroke sniffer in his PC and monitor its output.
>
>Scarfo had been using Pretty Good Privacy (PGP) encryption software to
>encode confidential business data -- and frustrate the government's
>attempts to monitor him.
>
> [snip]
>
>The court order from the federal magistrate judge stated that the FBI
>could "install and leave behind software, firmware, and/or hardware
>equipment, which will monitor the inputted data entered on Nicodemo S.
>Scarfo's computer in the target location so that the FBI can capture the
>password necessary to decrypt computer files by recording the key related
>information as they are entered."
>
>Defense attorneys had said that the PGP pass-phrase snatching was akin to
>a telephone wiretap and pointed out that the FBI never obtained a wiretap
>order. Scarfo's lawyers also claimed the FBI was conducting a general
>search of the sort loathed by the colonists at the time of the American
>Revolution and thereafter outlawed by the Fourth Amendment's prohibition
>of "unreasonable" searches.

For archives see:
http://www.interesting-people.org/archives/interesting-people/

Re: Orange crush

[Eugene Leitl]

On Mon, 7 Jan 2002, cubic-dog wrote:

> Dunno, maybe you're right, I couldn't get it to happen in the lab
> with phenols when I was a chem student without actually burning it. I

I wouldn't cook polyhalogenated phenol dry or in high-boiling point
solvents in presence of copper powder, and alcali.

http://www.ping.be/~ping5859/Eng/ChlorineDiChem.html

pine filtering

[Eugene Leitl]

While in pine, hit the keys m s r f a

http://www.umanitoba.ca/campus/acn/docs/pine/pine-filters.html

Use e.g. mattd <[EMAIL PROTECTED]> as From pattern

Set up a folder e.g. called junk in Filter action.

Of course, procmail is better, but you have to be careful when setting it
up, since it is easy to lose mail, if you don't know what you're doing.

http://www.ling.helsinki.fi/users/reriksso/procmail/mini-faq.html

IP: Fw: Drawing A Blank -- ACLU Report on the Failure of FaceRecognition in Tampa (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Thu, 3 Jan 2002 20:04:45 -0400
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: Fw: Drawing A Blank -- ACLU Report on the Failure of Face
Recognition in Tampa


-Original Message-
From: Barry Steinhardt <[EMAIL PROTECTED]>
Date: Thu, 03 Jan 2002 15:27:36
To: Dave Farber <[EMAIL PROTECTED]>
Subject: Drawing A Blank -- ACLU Report on the Failure of Face
  Recognition in Tampa

Dave,

The use of the biometric facial recognition technology, along with video
surveillance on the streets of Tampa, Florida is an overhyped failure that
has been seemingly abandoned by police officials, according to a report
released today by the American Civil Liberties Union.

System logs obtained by the ACLU through Florida's open-records law show
that the system never identified even a single individual contained in the
department's database of photographs. And in response to the ACLU's queries
about the small number of system logs, the department has acknowledged that
the software -- originally deployed last June, 2001 -- has not been
actively used since August.

The report  entitled "Drawing a Blank : The Failure of Face Recognition in
Tampa",  can be found at http://www.aclu.org/issues/privacy/drawing_blank.pdf.

Our announcement can be found at http://www.aclu.org/news/2001/n010302a.html.

Barry Steinhardt






Sent from Dave's Blackberry.

For archives see:
http://www.interesting-people.org/archives/interesting-people/

Re: Future Gnu's

[Eugene Leitl]

On Thu, 3 Jan 2002, Eric Cordian wrote:

> There is a critical mass of drek above which no one will bother
> searching for stuff worth reading in the list.  Without mentioning any
> names, might I suggest that certain prolific posters need to stop
> posting 15 badly formatted seemingly unintelligible messages every
> time they visit.

Spare your breath. The only way to shut up someone with a mental condition
is to kick him off the list, to leave the list, or use filtering. They're
entirely closed to rational argumentation.

People who have something to say are usually not that patient, and just
leave the list. Overpermissiveness results in quality loss.

Magic Lantern - The FBI's viral key-logger (fwd)

[Eugene Leitl]

Date: Wed, 02 Jan 2002 00:08:38 -0600
From: nnburk <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Organization: Planetscape Enterprises
X-Accept-Language: en,ru
To: Matthew Gaylor <[EMAIL PROTECTED]>
Subject: Magic Lantern - The FBI's viral key-logger

Please feel free to distribute this far and wide:
Magic Lantern - The FBI's viral key-logger


- The Latest -

[ISN] FBI confirms
"Magic Lantern" project exists

[ISN] Infamous hacker
group helps the Feds

Re: [ISN] Infamous
hacker group helps the Feds - cDc calls announcement "satire"

Re: [ISN] Infamous
hacker group helps the Feds

[ISN] DIRT-Magic
Lantern Firm Barred from Gov Work

FBI may be getting
full benefit of Magic Lantern... from BadTrans.B
[ISN] FBI surveillance bonanza in BadTrans.B worm

From the "We don't need no
stinkin' oversight" dept.:
Politech: FBI refuses to tell Congress aide about "classified" Magic Lantern

Homeland
Security, Homeland Profits
Technology Already in the Hands of Law Enforcement

FBI Software
Records Each Keystroke

Software Firms
Object to FBI Eavesdropping


Scarfo, Phase 2: a.k.a. "Magic Lantern"
CYBERSECURITY - Threat of Terrorism on U.S. Infrastructure (nytimes.com)




What is Magic Lantern?

FBI software cracks encryption wall
‘Magic Lantern’ part of new ‘Enhanced Carnivore Project’

EPIC
Carnivore (and 'Enhanced Carnivore') FOIA Documents

ZDNet
News: FBI's magic revealed as old tricks

FB
I Is Building a 'Magic Lantern' (washingtonpost.com)

FB
I Develops Eavesdropping Tools (washingtonpost.com)
McAfee sides with FBI against customers on "Magic Lantern"

Declan McCullagh's Politech
FBI reportedly creating "Magic Lantern" anti-crypto virus

Declan McCullagh's Politech
McAfee sides with FBI against customers on "Magic Lantern"

The Spy in Your Computer? (.mp3)
from Fact Squad Radio

Declan McCullagh's Politech
Has McAfee sided with FBI on "Magic Lantern" detection?

Spokesman
for NAI in Germany disputes the Washington Post article
from the German news site "Heise Online"

Declan McCullagh's Politech
McAfee replies -- by denying any FBI contacts of any sort

"Magic Lantern" Discussion
from Dave Farber's Interesting-People elist

Declan
McCullagh's Politech
Background on McAfee/NAI

Wired News Summary
'Lantern' Backdoor Flap Rages, By Declan McCullagh

Declan McCullagh's Politech
AP's Ted Bridis replies to McAfee: "I stand by my reporting"

Declan McCullagh's Politech
McAfee broadens denial: No contact with government of any sort

AV vendors split
over FBI Trojan snoops

Declan McCullagh's Politech
Symantec pledges to acquiese to FBI backdoor demands

Politech
Summary re: "Magic Lantern"

FBI 'Magic
Lantern' reality check (original article picked up by ISN, below)

[ISN] Magic Lantern
reality check

FBI
snoop tool old hat for hackers

Warn
ing - The FBI knows what you're typing

Antivir
us firms: FBI loophole is out of line

Antiv
irus Firms Say They Won't Create FBI Loophole

Politech: Symantec, McAfee
backpedal furio

[silk] airport iris scan (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Wed, 02 Jan 2002 13:06:06 +0100
From: Rishab Aiyer Ghosh <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [silk] airport iris scan

what i mentioned earlier.
http://www.schiphol.nl/schiphol/privium/privium_home.jsp

as usual, the dutch govt is the first to try out new things. interestingly,
though the card+iris scan allows you to bypass immigration, your iris
records are not (they claim) stored anywhere other than on your card. it's
not as expensive as i thought, only 99 euro till oct 2002.

-rishab

Re: Fun with bleach and nail polish remover

[Eugene Leitl]

On Sun, 30 Dec 2001, Sampo Syreeni wrote:

> Yes, it's unstable, but what, exactly, is it that makes $H_{2}O_{2}$
> organic?

Hydrogen peroxide is not an organic peroxide. Concentrated hydrogen
peroxide is unstable, and can violently decompose, especially if catalysts
(finely distributed metals, pyrolysite) are present, but it does not
detonate. The usual use for it is for hypergolic rocket fuel (with
unsymmetrical dimethyl hydrazine).

Organic peroxides is something else entirely. You can make organic
peroxides using hydrogen peroxide, though it is not advisable for laymen.
In fact, due to their instability, it is better not to work with them at
all. Considerable potential for severe or even terminal injury there.

Re: Fun with bleach and nail polish remover

[Eugene Leitl]

On Sun, 30 Dec 2001, KPJ wrote:

> Minor correction: /H2H2/ should be /H2O2/, naturally.

Organic peroxides are useful as improvised blasting caps, but otherwise
much too unstable.

Re: NTBugtraq author says virus authors "terrorists"

[Eugene Leitl]

On Sat, 29 Dec 2001, Anonymous wrote:

> Forget that it may be problematic to extradite the individual, or that
> they may be young, or claim to be doing 'research.' We need to catch
> them, and place them in a position whereby they are seen for what they
> are -- a terrorist," Cooper said. "The cost to our businesses, not to
> mention our way of life, is simply too high to not pursue these
> individuals."

Of course the chiefest terrorists are purveyors of low-quality software
such as Microsoft. MS Outlook and Windows are the greatest threats to your
data, far beyond what the most heinous virus/worm could ever hope to
accomplish.

In a world of diverse, secure, noncommercial systems (free *nices) there
would be basically no worms nor viruses, and the damage they'd be doing
would be highly limited.

Ceterum censeo Microsoftem delendam esse.

FY;) [Pigdog] I've changed my mind, the 2nd amendment rocks (fwd)

[Eugene Leitl]

-- Forwarded message --
Date: Sun, 23 Dec 2001 12:42:51 -0800 (PST)
From: Donkey Hotey <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Pigdog] I've changed my mind, the 2nd amendment rocks

So yesterday for my girlfriend's birthday 10 of us went to the Jackson
Arms Shooting Range ( http://www.jacksonarms.com ) in Millbrae to shoot
some guns.
I was a little scared about going, guns being EVIL and WRONG and very
Un-Berkeley (unless they're melted down into a statue provoting
nonviolence), but it was her 30th birthday, and she could do whatever the
hell she pleases.
We signed up for the novice package, which I must say is a pretty damn
good deal.  A retired cop gives you a 30 minute lecture on gun safety, how
guns work, how to grip them, how to aim them and all that good stuff.  He
used a Ruger MkII .22 pistol for the demonstration.  It was a little
disturbing, because I was sitting in the front of the class, and everytime
he needed to show one side of the gun or the other, he would point it up
and around in this big dramatic motion.  The intent was so that the gun
never faced anybody, but it was still a little scarey.
After the lecture and a little video that showed the semi-automatic pistol
reloading, we got to go to the range.  Everybody got a Ruger .22 and 100
bullets for target practice, but we were also allowed to upgrade our
pistols later.  We had the lane for two hours.
I was a tad bit scared when I picked up the gun, but not much as I would
have been if I hadn't had the course.  All my shots were consistently at 7
o'clock on the target (which was only 7 yards away).  I was sticking my
trigger finger too far into the trigger, so I was pulling it down and to
the left (I'm left handed).  The 3 women who were there were all DROP DEAD
ACCURATE though.  I mean right in the center of the target every single
time.
So we started upgrading our guns.  I tried a 9mm (don't know what kind)
which I thought was as little jumpy and harsh, a Smith & Wesson revolver
(a .38 which is a .357 which is a .356 or some such nonsense) which was
FUCKING AWESOME, and a .44 which made really big wholes.  I have to say I
liked the revolver the most.  Once I shot the other weapons, I went back
to the .22 and was a hell of a lot more accurate.  The thing seemed like a
weak little toy gun.  It might as well be shooting suction darts.

They have a whole bunch of targets that you can choose from my
favorite was the hostage page. It had some unabomber looking guy with a
gun pointed at a woman.  I blasted the woman right between the eyes.

While we were there, a reporter from K101 who was doing a story on women
and guns interviewed us.  I guess she's a regular and when she learned a
woman was celebrating her 30th birthday by learning how to shoot, she had
to be there.  The woman kept asking Mary about safety and protection and
Mary said "oh, no, I just wanted to shoot stuff."  I guess we weren't what
she was looking for.  Mary will get a copy of the story in the mail, so
we'll see her take later.

Wow I really didn't think I'd enjoy shooting guns.  Now I need to join a
militia right away.
The teacher at one point did mention the 2nd amendment.  He said
"although the 2nd amendment guarantees us the right to bear arms, we do
not believe guns are for everybody."  So that was wholesome and
refreshing.   When the revolution comes I won't shoot him.  Actually I
think I'll stay away from him, after I saw what he could do rapidfire.
Also he would like the world to know that Danny Glover doesn't know how to
handle a firearm.

yikes! guns are cool!  What's a hippyuppymus to do?!?!


-- 
"go ahead, make my day. BLAM BLAM BLAM BLAM BLAM BLAM"
-- Ben Franklin

[>Htech] A gift for language (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Sun, 23 Dec 2001 00:11:10 -0500
From: Brian Atkins <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Subject: [>Htech] A gift for language

You can use winzip to determine what language or even what author a
small piece of text is from:

http://pil.phys.uniroma1.it/~loreto/press.html

(I got this from new scientist dead tree, but this .ps file is all I
can find quickly)
-- 
Brian Atkins
Singularity Institute for Artificial Intelligence
http://www.singinst.org/

 Yahoo! Groups Sponsor -~-->
Access Your PC from Anywhere - Full setup in 2 minutes - Free Download
http://us.click.yahoo.com/1GUySC/E6eDAA/ySSFAA/PMYolB/TM
-~->

-BEGIN TRANSHUMANTECH SIGNATURE-
Post message: [EMAIL PROTECTED]
Subscribe:[EMAIL PROTECTED]
Unsubscribe:  [EMAIL PROTECTED]
List owner:   [EMAIL PROTECTED]
List home:http://www.yahoogroups.com/group/transhumantech/
-END TRANSHUMANTECH SIGNATURE-

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

IP: Government questions over Windows XP security flaws (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Fri, 21 Dec 2001 20:24:18 -0500
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: Government questions over Windows XP security flaws


>
>http://www.kfwb.com/news/nat/n122113.html

FBI, Pentagon Quiz Microsoft Over Windows XP Problems WASHINGTON (AP)
12.21.01, 4:05p -- FBI and Defense Department officials and some top
industry experts sought reassurance Friday from Microsoft Corp. that a free
software fix it offered effectively stops hackers from attacking major
flaws discovered in the latest version of Windows.
The government's rare interest in the problems with Windows XP software,
which is expected to be widely adopted by consumers, illustrates U.S.
concerns about risks to the Internet. Friday's discussions came during a
private conference call organized by the FBI's National Infrastructure
Protection Center, its top cyber-security unit.
Microsoft's experts bluntly acknowledged the threats posed by the Windows
XP problems, but they assured federal officials and industry experts that
its fix -- if installed by consumers -- resolves the issues.
The company acknowledged Thursday that Windows XP suffers from serious
problems that allow hackers to steal or destroy a victim's data files
across the Internet or implant rogue computer software. The glitches were
unusually serious because they allow hackers to seize control of all
Windows XP operating system software without requiring a computer user to
do anything except connect to the Internet.
Microsoft declined to tell U.S. officials Friday how many consumers
downloaded and installed its fix during the first 24 hours it was
available. Experts from Internet providers, including AT&T Corp., argued
that information was vital to determine the scope of the threat.
Microsoft also indicated it would not send e-mail reminders to Windows XP
customers to remind them of the importance of installing the patch.
One participant in the call, who spoke on condition of anonymity, otherwise
described Microsoft officials as "extremely forthright." Microsoft
explained that a new feature of Windows XP can automatically download the
free fix, which takes several minutes, and prompt consumers to install it.
"The patch is effective," said Steve Lipner, Microsoft's director of
security assurance, who participated in Friday's call. "There was a
discussion of the importance of the Windows auto-update capability. People
were encouraged by the fact that we'll get the patch to people."
Officials also expressed fears to Microsoft about electronic attacks
launched against Web sites and federal agencies during next week's
Christmas holidays from computers running still-vulnerable versions of
Windows, participants said.
Several experts said they had already managed to duplicate within their
research labs so-called "denial of service" attacks made possible by the
Windows XP flaws. Such attacks can overwhelm Web sites and prevent their
use by legitimate visitors.
"That was the one you'll more likely see over Christmas break," one
participant said.
Another risk, that hackers can implant rogue software on vulnerable
computers, was considered more remote because of the technical
sophistication needed.
The FBI's cyber-security unit has been particularly worried lately about
the threats from denial of service attacks. It warned again Thursday that
it "has reason to believe that the potential for (denial of service)
attacks is high."
The FBI said people have indicated they plan to target the Defense
Department's Web sites, as well as other organizations that support the
nation's most important networks.
Participants in Friday's call included the FBI; Defense Department; the
U.S. Federal Computer Incident Response Center; federally funded CERT
Coordination Center; eEye Digital Security Inc., which discovered the
Windows XP problems; Network Associates Inc.; the System Administration,
Networking and Security Institute; and others.

For archives see:
http://www.interesting-people.org/archives/interesting-people/

RE: CNN.com on Remailers

[Eugene Leitl]

On Mon, 17 Dec 2001, Trei, Peter wrote:

> If I were a remailer operator, I'm not sure I'd like this. Active
> cooperation with another remaler operator means that if
> he/she/it does something illegal, you could be dragged in

How is this different from the current situation? Is usage of a specific
mainstream protocol sufficient protection from conspiracy charges? Joe Bob
Postfixuser is hardly a remailer operator.

> on 'conspiracy' charges, regardless whether you actually
> had any knowledge of the the other operators nefarious
> activities.

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

The MS DRM Patent and Freedom to Speak and Think (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Fri, 14 Dec 2001 23:08:13 -0500
From: Seth Johnson <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: The MS DRM Patent and Freedom to Speak and Think


In his November 6 essay "You're Free to Think,"
(http://davenet.userland.com/2001/11/06/youreFreeToThink),
Dave Winer comments that whatever else happens in the
ongoing, increasing trend towards policing of the public's
right to use information and information technology, we are
still left with the freedom to *think* for ourselves.  He
seemed to me to be offering this comment as a bare source of
solace against the government's increasing intent to control
the prospects of communications technology.

Microsoft's favorable treatment of late caused him to wonder
what kind of deal Bill Gates must have worked out with the
Bush Administration.  He wondered what Microsoft might have
given the government in return for the highly favorable
terms of the settlement that's currently on the table in the
court proceedings against the company, for monopoly
practices in the operating systems arena.

He commented specifically on the current ramifications of
Microsoft's increasing position of power in the operating
systems market:

> Now, they have to get people to upgrade to
> Windows XP -- that's the final step, the one that
> fully turns over the keys to the Internet to them,
> because after XP they can upgrade at will, routing
> through Microsoft-owned servers, altering content,
> and channeling communication through government
> servers. After XP they fully own electronic
> communication media, given the consent decree,
> assuming it's approved by the court.

Now, it has just come to light that Microsoft has been
awarded a software "patent" for a "Digital Rights
Management" operating system.

This development shows us exactly where we stand now.
Microsoft doesn't have to offer anything to the government;
it has only to hold possession of a patent covering the
"DRM" elements of its latest OS, thereby providing an almost
absolutely assured trajectory toward establishing the terms
by which the public's ability to communicate digital
information will be controlled.

Please see the message I am posting below, from the CYBERIA
email list, which quotes from the patent.

The real kicker is right here:

> The digital rights management operating system
> also limits the functions the user can perform on the
> rights-managed data and the trusted application, and
> can provide a trusted clock used in place of the
> standard computer clock.

The ability to use information freely is now going to be
policed at the most intricate level, in the name of
exclusive rights and to the detriment of the most
fundamental Constitutional principles of our society.

Whereas the First Amendment of the U.S. Constitution assures
that every American citizen has the full right to freedom of
speech, we see here the ultimate legislative and technical
trappings by which the public will be demarcated as mere
information consumers.

Facts and ideas are not contraband and may never be
copyrighted or otherwise constrained under the terms of
intellectual "property," whether they are bound up in an
expressive work or not; and the computer is a *logic* device
that now sits on nearly every citizen's desktop -- it is
*not* a consumer appliance.  From both the standpoints of
speech and thought, so-called digital "rights management" is
a utterly desolate *dead end.*

Whether we speak of the constituent pieces of expressive
works, or the nature of the computer itself, so-called
digital "rights management" marks the beginning of a grand
rollback of the means by which the promise of our
participation in and advancement of civil society have
lately been greatly augmented.

Rather than facing the simple, plain truth that the power
given in the U.S. Constitution for Congress to grant (or
deny) to authors and inventors "exclusive right" to their
works, was intended to cover products that do not
intrinsically bind up the very means of communication and of
our participation in civil society, we instead are
experiencing a social condition wherein monopoly interests
exploit the fluidity of logical products to evade the very
terms of antitrust law and to assure that the public's
ordinary rights do not gain purchase against their
interests.  Antitrust law is all about competition in a
particular product, but software is as amorphous in its
possibilities as our own vaunted power to think.  Thus
Microsoft easily maintains it is not in the browser market,
competing with Netscape; it is, rather, in the market for
"innovative operating systems."

We are now seeing just how "innovative" that operating
system can really be.

If we do not confront the ludicrousness of t

Re: CNN.com on Remailers

[Eugene Leitl]

On Sat, 15 Dec 2001, Steve Schear wrote:

> During your "rant" on re-mailers I mentioned the desirability of using
> popular P2P services in conjunction with remailers, possibly as middleman
> nodes.  Len pointed out the problems with re-mailer system stability if P2P
> clients were used as they come and go.  During the break there was a short

P2P nodes are ephemeral, the content is not. A short message hop from node
to node is in the second range. Assuming the message doesn't sit on the
node too long (running danger of it being pulled) and there are multiple
redundant messages in transit (you wanted more idle traffic? here's is
your idle traffic) the probability of delivery should be higher than the
current remailers'.

> discussion of using the P2P clients to generate cover traffic on
> remailers.  This should be simple and involve no risk to those running the
> clients.

Ask Google for XML-RPC and Freenet and/or Mojo Nation.

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

Re: [Remops] And when he returns in February? (fwd)

[Eugene Leitl]

On Wed, 12 Dec 2001, A. Melon wrote:

> Ninny.

Got no taste of online soap?

Re: [linux-elitists] Phil Zimmermann on key exchange (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Mon, 10 Dec 2001 18:24:46 -0800
From: Don Marti <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [linux-elitists] Phil Zimmermann on key exchange

begin Seth David Schoen quotation of Fri, Dec 07, 2001 at 11:42:26PM -0800:

> Reviving a thread from last month:

(More on encrypted email infrastructure from Seth:
http://vitanuova.loyalty.org/2001-12-07.html)

> The Board of Directors of EFF met today in San Francisco, and I made a
> presentation about this, in the presence of Brad Templeton and others.
> One of the conclusions was that EFF's role in implementing something
> like this is still not defined clearly enough, and we don't know what
> we could most usefully do.

In order to seriously deploy encrypted email you need to kick the
email client support problem and the key management problem at the
same time.

One possible role for EFF would be as a founding member of an
encrypted email industry consortium analogous to W3C.  Such an
organization would have to be positioned as a way to fight
cyberterrorism and protect infrastructure.

It would be nice to get Ximian, the KDE project  and Qualcomm to
join, and use the words "Secure Email" or "Email Security" in the
organization's name somewhere.  You probably aren't going to get
any mail client vendor that depends on many Secret Police customers
to join.

-- 
Don Marti  What do we want?  Free Dmitry!  When do we want it?  Now!
http://zgp.org/~dmarti
[EMAIL PROTECTED]  Free the web, burn all GIFs.
KG6INA   http://burnallgifs.org/
___
linux-elitists
http://zgp.org/mailman/listinfo/linux-elitists

IP: Antivirus firms deny Magic Lantern backdoor plans (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Tue, 11 Dec 2001 06:04:54 -0500
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: Antivirus firms deny Magic Lantern backdoor plans


>From: "Bill Sodeman" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Subject: Antivirus firms deny Magic Lantern backdoor plans
>Date: Mon, 10 Dec 2001 23:47:17 -0600
>X-Mailer: Microsoft Outlook, Build 10.0.3311
>Importance: Normal
>
>http://dailynews.yahoo.com/h/nm/20011210/tc/attack_tech_dc.html
>
>Monday December 10 8:30 PM ET
>Antivirus Firms Say They Won't Create FBI Loophole
>By Elinor Mills Abreu
>
>SAN FRANCISCO (Reuters) - Anti-virus software vendors said on Monday
>they don't want to create a loophole in their security products to let
>the FBI or other government agencies use a virus to eavesdrop on the
>computer communications of suspected criminals.
>
>Under a project code named "Magic Lantern," the U.S. Federal Bureau of
>Investigation is creating an e-mail-borne virus or Trojan horse that
>hides itself on the computer and captures all keystrokes made, including
>passwords that could be used to read encrypted mail, according to a
>report on MSNBC.com in November.
>
>Despite subsequent reports to the contrary, officials at Symantec Corp.
>and Network Associates Inc. said they had no intention of voluntarily
>modifying their products to satisfy the FBI. Spokesmen at two other
>computer security companies, Japan-based Trend Micro Inc. and the U.S.
>subsidiary of UK-based Sophos PLc., made similar statements.
>
>All four anti-virus companies said they had not contacted or been
>contacted by the U.S. government on the matter.
>
>"We're in the business of providing a virus-free environment for our
>users and we're not going to do anything to compromise that security,"
>said Tony Thompson of Network Associates.
>
>"Symantec's first priority is to protect our customers from malicious
>and illegal attacks," Symantec Chief Executive John W. Thompson said in
>a statement. "We have no intention of creating or leaving a hole in our
>software that might compromise that security."
>
>If anti-virus vendors were to leave a hole for an FBI-created Trojan
>horse program, malicious hackers would try to exploit the hole too,
>experts said.
>
>"If you leave the weakness for the FBI, you leave it for everybody,"
>said Fred Cohen, an independent security expert and digital forensics
>professor at the University of New Haven.
>
> >From the industry perspective, leaving a hole in anti-virus software
>would erode public confidence and damage the reputation of the vendor,
>sending customers to competing companies, the vendors said.
>
>The government would have to convince all anti-virus vendors to
>cooperate or the plan wouldn't work, since those not cooperating would
>have a market advantage and since they all share information, said a
>Symantec spokeswoman.
>
>"The thought that you would be able to convince the industry as a whole
>to do this is kind of naive," she said.
>
>All four anti-virus companies said they had not contacted or been
>contacted by the U.S. government on the matter.
>
>The FBI declined to confirm or deny the report about "Magic Lantern,"
>when it was first published by MSNBC.com and a spokesman was not
>available for comment on Monday.
>
>PLAN WOULD ALIENATE OTHER COUNTRIES
>
>Symantec and Networks Associates, both of whom have investments in
>China, would not jeopardize their footings in that market, said Rob
>Rosenberger, editor of www.vmyths.com, a Web site that debunks virus
>hoaxes.
>
>"If (the Chinese) thought that the company was a tool of the CIA (news -
>web sites), China would stop using those products in critical
>environments," Rosenberger said. "It is in the best interest of
>anti-virus vendors not to heed the call of the FBI."
>
>"We always try to cooperate with the authorities when it's appropriate.
>Having said that, our No. 1 goal is to protect our customers," said
>Barbara Woolf of Trend Micro. "I've heard reports that the government is
>upset this got out and is going back to the drawing board."
>
>Appeasing the U.S. government would be difficult for vendors who have
>parent companies and customers outside the United States, they said.
>
>"If the laws of the land were to change to permit this kind of activity
>then we would abide by the law," said David Hughes, president of Sophos'
>U.S. subsidiary.
>
>But "how would a vendor provide protection for customers outside of the
>specific jurisdiction?" Hughes asked. "If we were to do this for the
>U.S. government we'd also have to do it for the government of any other
>nation that would want to do something similar."
>
>
>==
>
>Bill Sodeman
>[EMAIL PROTECTED] / h

RE: eCash reported mortally wounded...

[Eugene Leitl]

On Sun, 9 Dec 2001, Lucky Green wrote:

> --Lucky, waiting patiently for 2005.

Patent expiration date? Which one?

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

IP: What if Washington DC was taken out? (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Mon, 10 Dec 2001 04:44:32 -0500
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: What if Washington DC was taken out?


>From: "RV Head" <[EMAIL PROTECTED]>
>
>http://www.washingtonpost.com/wp-dyn/articles/A17786-2001Dec9.html
>
>Worst-Case Scenario: The U.S. Has None Constitutional Crisis, Chaos Foreseen
>if Top Leaders Killed
>
>
>
>By Dana Milbank Washington Post Staff Writer Monday, December 10, 2001; Page
>A01
>
>
>
>Imagine the unimaginable: The president, in the White House, the vice
>president, at the National Observatory, and all Cabinet members, in their
>respective agency headquarters, are killed in a terrorist attack on downtown
>Washington. So are all members of Congress, except the few who happen to be
>out of town.
>
>What happens to the Republic? At the moment, the answer is alarming: chaos.
>The Sept. 11 attacks and subsequent release of anthrax on Capitol Hill have
>left many lawmakers and constitutional experts concerned that the federal
>government does not have adequate succession and continuity plans in place
>to recover from a catastrophic terrorist attack on Washington.
>
>Current contingencies, designed during the Cold War and based on an
>intercontinental nuclear strike for which there would be warning, offer
>limited guidance for the government in the case of a nuclear, biological or
>chemical attack by terrorists that devastates all three branches.
>
>The Sept. 11 attacks brought the problem to light. Although such an event is
>highly unlikely, there is no plan for replacing the president, the House of
>Representatives and the top echelons of the judiciary if virtually the
>entire federal leadership were to be destroyed.
>
>The changes since Sept. 11 have been mostly logistical. Vice President
>Cheney is often taken to a "secure undisclosed location." All members of
>Congress and some top aides have been given BlackBerry devices allowing them
>to receive immediate, confidential information about a security threat or
>evacuation plan. The House has ordered the wiring of an alternative meeting
>place at Fort McNair in the District if the Capitol cannot be used.
>
>But several people who have studied the scenarios said these adjustments
>fall far short of what is necessary. Current law allows only for special
>elections in the case of House members, which would take weeks, although
>senators can be replaced by their state governors.
>
>"We have to realistically think about something more catastrophic," said
>Rep. Brian Baird (D-Wash.), who has proposed a constitutional amendment
>allowing governors to appoint new representatives if a large number of
>lawmakers were killed or incapacitated. "If somebody hits us in a severe and
>coordinated attack, there will be great confusions and possibly a
>constitutional crisis."
>
>Norman Ornstein, a scholar at the American Enterprise Institute, called
>current government preparations "utterly irresponsible." He favors a version
>of Baird's proposal and revisions to the Presidential Succession Act of
>1947 -- possibly adding state governors into the line of succession. "It's
>about having a Congress and having a president at a time when you need it
>most. There are a lot of times when every single person in the line of
>succession is inside the Beltway, and we live in a time where it's
>conceivable to lose everybody inside the Beltway."
>
>Long before Sept. 11, the federal government planned for the unimaginable.
>President Bill Clinton's National Security Council had an aide who handled
>nothing but continuity-of-government issues, his work shrouded in secrecy.
>Aides to President Bush say they had been contemplating changes to assure
>continuity in government even before this fall's attacks. Those involved in
>the discussions were not permitted to be interviewed, and the White House,
>citing security concerns, declined to discuss any proposals.
>
>"We continue to take a look at those plans and see what steps need to be
>taken, need to be changed," a White House spokeswoman said. "A lot of these
>plans that were fashioned and formed based on the Cold War, while needing to
>be fine-tuned, are not irrelevant."
>
>The administration last month proposed to Congress an emergency spending
>procedure that would allow the president, in consultation with congressional
>leaders, to continue government operations for 30 days at existing funding
>levels if spending authority expires during a crisis when Congress cannot
>convene.
>
>The White House dropped the proposal when congressional and administration
>aides could not agree on the structure of such a mechanism. Congress was
>willing to give the president such authority if congression

Re: Congress of the rat.

[Eugene Leitl]

On Sun, 9 Dec 2001 [EMAIL PROTECTED] wrote:

> The difference is that you can change firms, or start your
> own, without being shot.

Try doing business in Russia.

[Remops] A comparison of Frog-Admin, the Script-Kiddie, AnonymousTrolls and other plagues of the privacy community. (fwd)

[Eugene Leitl]

-- Forwarded message --
Date: Sun,  9 Dec 2001 15:44:07 +0100 (CET)
From: Anonymous <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Remops] A comparison of Frog-Admin, the Script-Kiddie,
 Anonymous Trolls and other plagues of the privacy community.

  A comparison of Frog-Admin,
 the "Script-Kiddie", Anonymous Trolls
   and other plagues of the privacy community.

 ... all one and the same schizophrenic person?


Quotes can all be found and confirmed through groups.google.com and
lexx.shinn.net Remailer Operators list archive, links have been provided
whereever possible.




TABLE OF CONTENTS
-

 HISTORY

 GRAMATICAL/WRITING STYLE SIMILARITIES

 PREVIOUS QUESTIONABLE/DUBIOUS ACTS BY FROG
  |-Azerty and Frog Remailers
  |-Monitoring capabilities
  |-RProcess
  |-Thomas Boschloo about the timing of hate spam
  +-Frog's From: Header

 MOTIVE SIMILARITIES
  |-Anonymous Troll about Thomas J. Boschloo and Champerty
  |-Anonymous Troll about Thomas J. Boschloo
  |-"The Painful Truth about Orange" to Orange-Admin
  |-Anonymous Troll about Katherine's Miranda Remailer
  |-Anonymous Troll about Katherine
  |-Anonymous Troll (Freud) to Orange-Admin
  +-Anonymous Troll (Boschloo is a CLOWN) about Thomas J. Boschloo

 TERMINOLOGICAL SIMILARITIES
  +-Further connections between all kinds of old and new trolls
+-"You are a failure"
| |-Anonymous Troll about Katherine
| |-Anonymous Troll about Champerty
| +-"The Truth about Orange" to Orange-Admin
+-Microsoft & Windows Software
  |-Anonymous Troll to "I Sent Your Saddle Home"
  +-"The Painful Truth about Orange" to Orange-Admin

 MESSAGE COMPARISON/ANALYSIS
  |-Source Remailers
  |-Message Headers (To: mail2news gateways)
  +-Writing Style
+-Sporadic use of single-space indentation and missing punctuation

 GRAMMAR/SPELLING
  +-The "succes(s)ful" gotcha
 |-Frog-Admin
 +-Trolls

 LINE BREAKS
  |-Frog-Admin
  +-"The Painful Truth about Orange"

 THE "SCRIPT-KIDDIE"

 DEVICIVNESS/DIVERSION/CONFUSION




HISTORY
---

 Observing alt.privacy.anon-server and the remailer-operators list over
 the last year I have noticed a larger then usual amount of DoS,
 disinformation, slanderous, spam-style, and scripted attacks occurring
 in the privacy community. The fact that makes these issue unusual is
 that there is one constant variable in these matters: Frog-Admin can
 be linked to start of all these matters.

 I have carefully studied and analysed the posting habits, writing
 style, vocabulary, punctuation use/misuse, uncommon/consistent
 misspelling, line breaks and other "signature" items of Frog-Admin,
 "Script-Kiddie", and the remops/APAS troll (who has attacked Katherine,
 Champerty, Orange-Admin, Boschloo and others).

 I propose to the privacy community that Frog-Admin, "Script-Kiddie",
 and the troll who has waged war on many other individuals in the
 community are all the same person. I have gathered enough material
 and identified so many uncanny and consistent similarities that it is
 difficult to deny or chalk up to common paranoia. I ask you to draw
 your own conclusions from the material provided.




GRAMATICAL/WRITING STYLE SIMILARITIES
-

 You will notice the following writing style similarities in all the
 following quotes by different anonymouse people and the Frog-Admin:

 1. missing punctuation
 2. additional tabs/spaces at the beginning of lines
 3. overuse of CAPS
 4. use of asterisks (*) to highlight certain words
 5. excessive manual line breaks




PREVIOUS QUESTIONABLE/DUBIOUS ACTS BY FROG
--

 Frog-Admin was found to be the admin of both Azerty and Frog remailers.
 He kept the fact that he was Azerty admin hidden and it was not
 announced by him for quite some time after both remailers were opened.
 He utilized this fact to trace "abuse" through chains which included
 both Azerty and Frog.


 Link: http://groups.google.com/groups?selm=2213203924.033%40nyarlatheotep.frog.org
 Quote:

 -Apparently, "Frog" and "Azerty" got mail-bombed this WE.
 -It looked like groups of 5* or 10* 400K chunks,
 -chaining azerty-frog-azerty-frog 10 times


 Link: 
http://groups.google.com/groups?selm=1009d5c8f2f2790aeb6efd4b870b6f7a%40remailer.privacy.at
 Quote:

 -I caught an abuser (trivial traffic analysis):
 -
 -Azerty received 100 * messages 160 K initially
 -giving 100 * identical messages 60 K on arrival with 14*gif (batman)
 -each.
 -In-between, transparent-remix generated a few hundreds messages each
 -hop
 -
 [EMAIL PROTECTED] > aze

IP-FLASH Office XP, Windows XP May Send Sensitive Documents toMicrosoft (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Fri, 07 Dec 2001 07:59:49 -0500
From: David Farber <[EMAIL PROTECTED]>
To: ip-flash <[EMAIL PROTECTED]>
Subject: IP-FLASH Office XP,
 Windows XP May Send Sensitive Documents to Microsoft

PROBLEM: Microsoft Office XP and Internet Explorer version 5 and later are
configured to request to send debugging information to Microsoft in the
event of a program crash. The debugging information includes a memory dump
which may contain all or part of the document being viewed or edited. This
debug message potentially could contain sensitive, private information.

PLATFORM:

·   Microsoft Office XP
·   Microsoft Internet Explorer 5.0 and later
·   Windows XP
·   Microsoft has indicated that this will be a feature of all new
Microsoft products

DAMAGE: Sensitive or private information could inadvertently be sent to
Microsoft. Some simple testing of the feature found document information in
one message out of three. SOLUTION: Apply the registry changes listed in
this bulletin to disable the automatic sending of debugging information. If
you are working with sensitive information and a program asks to send
debugging information to Microsoft, you should click Don't Send.

http://www.ciac.org/ciac/bulletins/m-005.shtml

IP: DOJ's Already Monitoring Modems (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Thu, 29 Nov 2001 04:01:35 -0500
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: DOJ's Already Monitoring Modems


>From: Monty Solomon <[EMAIL PROTECTED]>
>
>DOJ's Already Monitoring Modems
>By Declan McCullagh and Ben Polen
>
>4:42 p.m. Nov. 28, 2001 PST
>
>WASHINGTON -- The Department of Justice already is using its new
>anti-terrorism powers to monitor cable modem users without obtaining
>a judge's permission first.
>
>A top Bush administration official lauded the controversial USA
>Patriot Act at a Senate hearing on Wednesday, saying that the new
>abilities have let police obtain information in investigations that
>was previously unavailable.
>
>"We would not have been able to do (this) under prior law without a
>specific court order," said Michael Chertoff, assistant attorney
>general in the Justice Department's criminal division.
>
>...
>
>http://www.wired.com/news/conflict/0,2100,48711,00.html


For archives see:
http://www.interesting-people.org/archives/interesting-people/

IP: Routes of Least Surveillance (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Wed, 28 Nov 2001 11:06:52 -0500
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: Routes of Least Surveillance


>http://www.notbored.org/the-scp.html


>From: Monty Solomon <[EMAIL PROTECTED]>
>
>Routes of Least Surveillance
>By Erik Baard
>
>2:00 a.m. Nov. 28, 2001 PST
>
>It's not the journey or the destination; it's the getting there
>unseen that counts.
>
>Or so goes the thinking behind a new mapping utility created by civil
>libertarians to guide New Yorkers through Manhattan along routes with
>the fewest surveillance cameras.
>
>It's like Mapquest for dissidents and paranoiacs, or for those simply
>creeped out by the feeling of being watched, constantly, by countless
>mechanical eyes.
>
>The service, called iSee, was created by the Institute for Applied
>Autonomy, a group of technologists, and the New York Surveillance
>Camera Project, an offshoot of the New York Civil Liberties Union.
>
>...
>
>http://www.wired.com/news/privacy/0,1848,48664,00.html


For archives see:
http://www.interesting-people.org/archives/interesting-people/

Re: Denning's Geo-crypto

[Eugene Leitl]

On Thu, 22 Nov 2001, Eugene Leitl wrote:

> Given that a GPS receiver gets ephemeris data, almanach data and
> pseudorandom code from each currently visible sat it has probably to do
> with the latter. Consider S/A (which may or may not be switched off now, I
> haven't checked): if you've got a secret part of the key you can refine
> your position despite deliberate degradation (selective availability) than
> the party without the key.

Forgot the URL: http://www.csr.utexas.edu/texas_pwv/midterm/gabor/gps.html

The PRN is a tapped feedback shift register.

Re: Denning's Geo-crypto

[Eugene Leitl]

On Thu, 22 Nov 2001, Roy M. Silvernail wrote:

> Using a GPS coordinate set as keying material?  Hope it's just

Given that a GPS receiver gets ephemeris data, almanach data and
pseudorandom code from each currently visible sat it has probably to do
with the latter. Consider S/A (which may or may not be switched off now, I
haven't checked): if you've got a secret part of the key you can refine
your position despite deliberate degradation (selective availability) than
the party without the key.

> additional keying material.  Knowing the intended destination of
> something like a movie in transit to a theater seems pretty easy, and
> the set of GPS coordinates encompassing your average multiplex would
> seem to be pretty small compared to the usual keyspaces discussed
> here.

IP: Wanna make biological weapons and take out cities? $10. (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Wed, 21 Nov 2001 14:37:50 -0500
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: Wanna make biological weapons and take out cities?  $10.


>Date: Wed, 21 Nov 2001 10:58:28 -0600
>From: [EMAIL PROTECTED]
>Subject: Wanna make biological weapons and take out cities?  $10.
>To: [EMAIL PROTECTED], [EMAIL PROTECTED]
>X-Mailer: SPRY Mail Version: 04.00.06.17
>
>Here's a disturbing story from today's New York Times:
>
> > http://www.nytimes.com/2001/11/21/national/21BOOK.html?todaysheadlines
>
>I sure hope that the government is investigating and following each and every
>person who buys a copy of this book... I wonder if there's a way to force
>Tobiason to foot the bill for that security?
>
>In any case, jerks like this clearly aren't helping to keep our nation
>secure...
>if anything, crap like this will make our government MORE repressive (not
>less).
>
>[quote]
>
>November 21, 2001
>
>THE HOW-TO BOOK
>In Utah, a Government Hater Sells a Germ-Warfare Book
>
>By PAUL ZIELBAUER with WILLIAM J. BROAD
>
>SALT LAKE CITY, Nov. 19 — At the "Crossroads of the West" gun show here last
>weekend, weapons dealers sold semi- automatic rifles and custom-made pistols,
>and ammunition wholesalers unloaded bullets by the case. But perhaps the most
>fearsome weapon for sale in the cavernous, crowded exposition center was a
>book.
>
>Next to the Indian handicraft booth, Timothy W. Tobiason was selling
>printed and
>CD copies of his book, "Scientific Principles of Improvised Warfare and Home
>Defense Volume 6-1: Advanced Biological Weapons Design and Manufacture," a
>germ-warfare cookbook that bioterrorism experts say is accurate enough to be
>dangerous.
>
>Mr. Tobiason, an agricultural-chemicals entrepreneur from Nebraska with a
>bitter
>hatred for the government, said he sold about 2,000 copies of his
>self-published
>book a year as he moved from gun show to gun show across America. The book,
>which includes directions for making "mail delivered" anthrax, suggests
>that the
>knowledge necessary to start an anthrax attack like the one that has
>terrorized
>the East Coast is readily accessible.




For archives see:
http://www.interesting-people.org/archives/interesting-people/

IP: Risks of belief in identities: [risks] Risks Digest 21.74 (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Mon, 12 Nov 2001 08:57:54 -0500
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: Risks of belief in identities: [risks] Risks Digest 21.74


>Date: Sat, 10 Nov 2001 11:54:17 PST
>From: "Peter G. Neumann" <[EMAIL PROTECTED]>
>Subject: Risks of belief in identities
>
>For those of you who might believe that national ID cards might be a good
>idea, check out the December 2001 *Commun.ACM* Inside Risks column by me
>and Lauren Weinstein, previewed on my Web site
>   http://www.csl.sri.com/neumann/insiderisks.html
>in anticipation of a U.S. House hearing next Friday on that subject.
>
>It is not just the cards themselves that would entail risks, but even moreso
>all of the supporting infrastructures, widespread accessibility to
>networking, monitoring, cross-linked databases, data mining, etc., and
>particularly the risks of untrustworthy insiders issuing bogus
>identification cards -- as happened a few years back on a large scale in the
>Virginia state motor vehicle agency (RISKS-11.41).
>
>The latest item on the ease of getting phony or illegal or unchecked
>identification papers is found an article by Michelle Malkin (Creators
>Syndicate Inc.), which I saw in the *San Francisco Chronicle* on 10 Nov
>2001: Abdulla Noman, employed by the U.S. Department of Commerce, issued
>bogus visas in Jeddah, Saudi Arabia, in one case in 1998 charging
>approximately $3,178.  The article also notes a variety of sleazy schemes
>for obtaining visas, in some cases without ever appearing in person and
>without any background checks, and in other cases for ``investments'' of a
>hundred and fifty thousand dollars.  The article concludes with this
>sentence: ``Until our embassy officials stop selling American visas blindly
>to every foreign investor waving cash, homeland security is a pipe dream.''
>I'm not sure that conclusion is representative of the full nature of the
>problem of bogus identification, but the problem is clearly significant.
>A driver's license or a passport or a visa or a National ID card is not
>really proof of identity or genuineness or anything else.


For archives see:
http://www.interesting-people.org/archives/interesting-people/

IP: Encryption: How Prevalent Is It? (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Mon, 12 Nov 2001 09:35:31 -0500
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: Encryption: How Prevalent Is It?


>Date: Mon, 12 Nov 2001 09:27:00 -0500
>From: "Dorothy E. Denning" <[EMAIL PROTECTED]>
>Organization: Georgetown University
>
>Encryption: How Prevalent Is It?
>Oct. 15, 2001 By Lisa Boomer-Smith
>
>
>
>To learn more about encryption practices, InformationWeek Research fielded a
>national survey this summer with the President's Export Council
>Subcommittee on
>Encryption. Of the 500 sites surveyed, two-thirds report using encryption to
>protect company data. Of those sites using encryption technologies, 71% are
>strongly committed to data encryption, while 21% are somewhat committed.
>
>
>
>http://www.informationweek.com/story/IWK20011011S0015
>
>See also: http://www.informationweek.com/857/encryption.htm
>
>--
>Prof. Dorothy E. Denning
>Georgetown University
>http://www.cs.georgetown.edu/~denning


For archives see:
http://www.interesting-people.org/archives/interesting-people/

Re: Carnivore To Get "Magic Lantern"

[Eugene Leitl]

On Wed, 21 Nov 2001 [EMAIL PROTECTED] wrote:

> 2. Add ID token (e.g., Dallas Semi iButton) support to gpg

Doesn't suffice, if you see/encrypt clear on a compromised machine. Air
gap or a dedicated hardened crypto machine (embedded with a private eye
type of display connected to the main machine via a simple, provably
secure protocol).

Airgap (MOD sneakernet) is the easiest solution so far. But we've been
through this before.

[CrackMonkey] overheard on gale (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Wed, 14 Nov 2001 09:16:14 -0800
From: Nick Moffitt <[EMAIL PROTECTED]>
To: Mama's lil' monkeys love shortnin' bread <[EMAIL PROTECTED]>
Subject: [CrackMonkey] overheard on gale

To [EMAIL PROTECTED]  Fugu/1.1.7

Hrm.  So I'm definitely quitting havenco in the next 6 months.
I think I will do an ecash company (I will have cash and dividend
income from havenco to finance it)

I hope "second system effect" doesn't apply to startups.  HavenCo is
semi-successful and fairly reasonable; I'm afraid if I do a new
company I will overengineer a lot of it.

-- Ryan Lackey <[EMAIL PROTECTED]> at 11-14 07:35:07



-- 
INFORMATION GLADLY GIVEN BUT SAFETY REQUIRES AVOIDING UNNECESSARY CONVERSATION

01234567 <- The amazing* indent-o-meter!
^   (*: Indent-o-meter may not actually amaze.)

___
CrackMonkey: Non-sequitur arguments and ad-hominem personal attacks
http://crackmonkey.org/mailman/listinfo/crackmonkey

FYI:Development list (was: Re: [mix-l] Verifying DH/DSS Sigs) (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Wed, 14 Nov 2001 13:20:37 -0800 (PST)
From: Len Sassaman <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Development list (was: Re: [mix-l] Verifying DH/DSS Sigs)

Hi folks,

For those of you interested in contributing to/knowning more about the
development of Mixmaster, there is a list set up on SourceForge for that
purpose.

http://lists.sourceforge.net/lists/listinfo/mixmaster-devel


Thanks,

Len

On Tue, 13 Nov 2001, QuickSilver wrote:

> Hi All!
>
> I'm having a problem verifying these signatures with mix2.9b12(win).
> RSA keys verify fine but with DH/DSS I get PGP_SIGBAD returned from my
> pgp_decrypt call and the sig buffer is completely empty rather than
> containing sig info. PGP, on the other hand, verifies the same
> signatures ok.
>
> Has anyone else run into this. I think I must be missing something.
>
> Thanks,
>
> Richard
> --
> R.Christman
> Benchmark Software
> [EMAIL PROTECTED]
> http://quicksilver.skuz.net
>


 Yahoo! Groups Sponsor -~-->
Universal Inkjet Refill Kit $29.95
Refill any ink cartridge for less!
Includes black and color ink.
http://us.click.yahoo.com/Vv.L9D/MkNDAA/ySSFAA/kgFolB/TM
-~->

To Post a message, send it to:   [EMAIL PROTECTED]
To Unsubscribe, send a blank message to: [EMAIL PROTECTED]

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Re: Cypherpunk failures

[Eugene Leitl]

On Sat, 17 Nov 2001, Declan McCullagh wrote:

> This is actually partly true -- even Freenet, perhaps the most
> promising cypherpunkly project with live code right now, barely gets a
> mention on the list.

Mojonation is ailing, too. Barely a trickle of few posts/week on all mojo
lists taken together.

RE: Monkeywrenching airport security

[Eugene Leitl]

On Sat, 17 Nov 2001, David Honig wrote:

> At 10:57 AM 11/17/01 -0800, Sandy Sandfort wrote:
> >Airport chemical "sniffers" apparently look for the signature of nitrogen
> >compounds, not "explosives," per se.  I've often wondered how many weekend

Unless they look for nitrogen in bulk of the specimen (PGNAA), a very
expensive/low-processivity technique unsuitable for mass luggage screening
they're limited to stuff stuck to surfaces (lasers, swabbing/ion motility
spectrometer)  and volatile sniffers (chemical sensors, canines).

Many classes of explosives contain no nitrogen, many of those which
contain nitrogen and are free of volatile tracers don't emit much
volatiles, if properly packaged even very volatile explosives (say, methyl
or ethylnitrate) can be sealed (glass bottles). Generally, the maker and
the packager, unless they work very cleanly/are suited should not be the
courier, nor the outer containers be present in the contaminated area.

In short, detection probability is only high for sloppy/dumb people.

> >gardeners have gotten hassled and delayed because of trace amounts of
> >ammonia-based fertilizers on their person and effects.  If you plan to fly,

Salts are different from traces of uncombusted nitrocellulose deposited on
any surface of a nearby gun being fired.

> >be sure to wash your hands thoroughly before heading out for the airport if
> >you have been shoot, gardening or house cleaning.
>
> I've wondered about that too; airport sniffers must have encountered
> Miracle Gro and angina nitro during the early days, measuring

Nitroglycerin is not volatile, is present in large dilution (~0.1%) in
small quanitities (pharma bottle). Ditto nitrate salts in a water
solution.

> a false alarm rate.  Shooting is scary; you could contaminate
> your car driving back from the range, then contaminate your
> travel gear.

I think you should be able to get a good positive if you'd fire several
rounds of vanilla smokeless with baggage surface being near the muzzle
of the gun. Try it sometime, if you're unafraid of winding up in a
database. I've found that transporting computer parts (motherboard) in
hand luggage can suffice to trigger swabbing (if you're really bored you
can discuss detection of Semtex traces with airport security).

> The explosives expert in one of the older terror trial docs on cryptome
> says things suggesting that a few washes will remove traces.  (And contaminate
> clothes washed with them.)

Just use an overall when you're at the range, and wash it separate.

> I once checked out the screen on a sniffer, and they list "nitrates"
> as a category.  I suppose having PETN (another category) detected
> on your laptop would be harder to explain :-)

If you want to fool the security, you should become familiar with the type
of detectors used on your luggage. Of course, best solution is using human
factors to not have your stuff being screened at all.

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

[BIOWAR] Chemcial/Biological Satellite Course (fwd)

[Eugene Leitl]

-- Forwarded message --
Date: Sat, 17 Nov 2001 11:07:53 -0500
From: "Patricia Doyle, PhD" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [BIOWAR]  Chemcial/Biological Satellite Course

Those interested in taking the 3 day satellite seminar presented by USAMRIID
and USAMRICD go to biomedtraining.org and register for the FREE 3 day event.
  12:30pm-4:30pm Nov. 27, 28 & 29th.
There is no charge to view the broadcast and it is going to be presented at
downlink sites around the US, Southern Canada, Puerto Rico, Alaska and
Hawaii.
Those who wish to view online webcast, also register at that website. CME
credit available for the course.
A rebroadcast will take place in Dec., I believe around Dec. 9th.

I have taken the courses and find the material to be extremely accurate, and
timely.

Simply log onto biomedtraining.org, register for username and password, then
pick the site you choose to view the broadcast and register. After
registration, call or email site facilitator for confirmation of
registration. Simple as that. Last year we even got free luch, (sandwhichs
and soda) and text book.
Those who cannot attend the broadcast can still download program materials
on the biomedtraining.org site. pdf files available.

At this time in history, we do not want to let these learning opportunities
go by.

Patricia Doyle

Patricia A. Doyle, PhD
Please visit my "Emerging Diseases" message board at:
http://www.clickitnews.com/emergingdiseases/index.shtml
Zhan le Devlesa tai sastimasa
Go with God and in Good Health


_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

Post to: [EMAIL PROTECTED] Unsubscribe to: [EMAIL PROTECTED] List info: 
www.topica.com/lists/biowar

==^
This email was sent to: [EMAIL PROTECTED]

EASY UNSUBSCRIBE click here: http://topica.com/u/?bz8Q0W.a9I0on
Or send an email to: [EMAIL PROTECTED]

T O P I C A -- Register now to manage your mail!
http://www.topica.com/partner/tag02/register
==^

Re: Why Plan-9?

[Eugene Leitl]

On 22 Oct 2001, Dr. Evil wrote:

> "Built-in crypto" is a big overstatement for OpenBSD.  Unfortunately,
> Win 2000 has more built-in crypto than OpenBSD does.  Hint: Try to
> create an encrypted FS on OpenBSD.  Now try on Windows 2000.

You trust Win2k's encryption? Are you CRAZY?

You're trusting a closed source product to do what it advertizes to do,
every time? And does do encrypt the swap, does it? Excuse me -- professes
to do.

Thanks for wetting my keyboard with beer via nasal passage.

Re: used lab equiptment

[Eugene Leitl]

On Thu, 18 Oct 2001 [EMAIL PROTECTED] wrote:

> A specialized ultrasonic device is not required to produce micron fine
> aerosol powders.  All one needs is a used and cleaned print head

In fact not, pressure waves strong enough to aerosol liquid will also
cause cavitation, resulting in heating and destruction of material.

> assembly and its piezo pulse circuitry.  Nozzle apertures are
> typically 25-50 micron and if the material is suspended, in weak

Ever tried pushing a bacterial suspension through a printer head
(processivity set aside)? It will clog it up in no time.

> concentration, in a solution which quickly evaporates but doesn't harm
> the spores it should produce moderate quantities of fine powder
> quickly.

Um, why don't we quit armchair microbiology, and stick to what we can
best: produce lots of uninformed speculations? Oh.

> If smaller sizes are desired a field ring charged to 1000-3000v DC can
> be placed around and in front of the nozzles.  If operated in sync
> with the nozzle pulses it can cause a the emerging droplets to cascade
> to nanometer size via the electrospray effect (now becoming common in
> drug production).  See
> http://www.essex.ac.uk/bs/staff/colbeck/index.htm#appas

I think it should be easy enough to look up relevant patents online,
assuming one is bored enough.

IP: "U.S. On Verge of 'Electronic Martial Law' (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Sun, 21 Oct 2001 12:39:42 -0400
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: "U.S. On Verge of 'Electronic Martial Law'

"U.S. On Verge of 'Electronic Martial Law'--Researcher"
Newsbytes (10/15/01); Featherly, Kevin

The United States is unduly clamping down on the Internet in order to root
out terrorist activities online, argues University of Illinois professor
Heidi Brush, who says the federal government would do better to rethink the
conceptual framework of U.S. communications instead. She spoke at the
recent Internet Research 2.0 gathering for the Association of Internet
Researchers. Although offering no concrete fixes to the problem, Professor
Brush painted a grim picture of "Internet martial law" being imposed in a
vain attempt to capture distributed terrorist groups. Terrorists' style of
"Net war," a term coined earlier by experts at the RAND policy think tank,
would prove elusive to counter by the lumbering centralized government, she
said.

http://www.newsbytes.com/news/01/171130.html


For archives see:
http://www.interesting-people.org/archives/interesting-people/

Re: Explosives found at Greyhound bus terminal

[Eugene Leitl]

On Fri, 19 Oct 2001, Greg Newby wrote:

> For the interested, here's a great recipe for composition 4
> explosives: http://www.pointlesswasteoftime.com/tech/c4.html

Since some of the chemicals cited in above recipe are not so easily
obtainable, so feel free to substitute them by powdered RDX and a
plasticizer in a 91:9 ratio. A good plasticizer can be made from
polyisobutylene, motor oil, and Di(2-ethylhexyl) sebaceate.

IP: Beyond Carnivore: FBI Eyes Packet Taps (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Sun, 21 Oct 2001 06:07:48 -0400
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: Beyond Carnivore: FBI Eyes Packet Taps


>
>From: Monty Solomon <[EMAIL PROTECTED]>
>Subject: Beyond Carnivore: FBI Eyes Packet Taps
>
>
>October 18, 2001
>Beyond Carnivore: FBI Eyes Packet Taps
>By  Max Smetannikov
>
>Expect the FBI to expand its Internet wiretapping program, says a
>source familiar with the plan.
>
>Stewart Baker, a partner with law firm Steptoe & Johnson, is a former
>general counsel to the National Security Agency. He says the FBI has
>spent the last two years developing a new surveillance architecture
>that would concentrate Internet traffic in several key locations
>where all packets, not just e-mail, could be wiretapped. It is now
>planning to begin implementing this architecture using the powers it
>has under existing wiretapping laws.
>
>http://www.interactiveweek.com/article/0,3658,s%253D605%2526a%253D16678,00.asp


For archives see:
http://www.interesting-people.org/archives/interesting-people/

FYI: Speak Freely for Unix 7.5 Pre-Release Available (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Thu, 18 Oct 2001 13:52:24 +0200
From: John Walker <[EMAIL PROTECTED]>
To: Speak Freely Mailing List <[EMAIL PROTECTED]>
Subject: Speak Freely for Unix 7.5 Pre-Release Available

This announcement pertains only to Speak Freely for Unix.
Users of the Windows version need read no further.

A pre-release of Speak Freely for Unix (Linux, FreeBSD,
Solaris, IRIX, etc.) version 7.5 is now available.  This
release is intended for "early adopters" interested in
testing one or more of the new capabilities and/or
verifying whether problems intended to be resolved in this
release actually have been.  If you're engaged in modifying
Speak Freely or adapting code from it for use in other
applications, the code clean up in this version makes it a
better starting point for your work.

Download Information


Speak Freely for Unix 7.5 may be downloaded from:

 http://www.fourmilab.ch/speakfree/unix/download/7.5/speak_freely-7.5.tar.gz

This is a gzipped TAR archive containing complete source code;
the format of the distribution is unchanged from earlier
releases.  The distribution contains a complete development
log in the file "log.doc".  An extract from this document including
all changes in 7.5 and several prior versions may be read
on-line at:

 http://www.fourmilab.ch/speakfree/unix/download/7.5/sfunix_log_7.5.html

New Features


Support has been added for Federal Standard 1016 CELP
(Code-Excited Linear Prediction) audio compression, via
a new "-celp" switch in sfmike.  This algorithm compresses
voice-grade audio to a 4800 bit per second data stream with
quality comparable to that of GSM (13000 bits/second)
compression.  CELP compression (but not decompression)
is fantastically computationally intense.  While a 50 MHz
486 suffices for GSM, the price of admission for CELP
is on the order of a 600 MHz Pentium III or equivalent.
Note that for floating-point intense code like this
performance depends more on processor architecture than
clock rate: a 300 MHz UltraSPARC (v9), which has five
floating point units and can issue two floating point
instructions at once, runs CELP compression about three
times faster than real time notwithstanding its slower
clock.

Sfecho now permits simulation of transmission errors on
poor connections.  A new -z option lets you specify a
percentage of packets to randomly drop and shuffle.  This
allows testing error-tolerant algorithms by running sfecho
on a local machine, set to emulate a channel with
properties like the one the algorithm is intended to
cope with.

Robust transmission mode may now be used with any
compression mode in Speak Freely protocol, not just LPC10.
A separate -robustN option on sfmike sets the number of
sequence numbered copies of each packet to be sent, which
may now be as many as 8.

Processing of robust mode packets in sfmike is greatly
improved over the bonehead algorithm I originally used.
Each packet contains a sequence number which increments
modulo 256.  Previously, packets were discarded only if
they contained precisely the same sequence number as the
immediately preceding one.  The new code computes the
difference between the current packet's sequence number and
that of the last one played (taking account of the modulo
256 wrap-around) and discards the packet if its sequence
number is less than or equal to that of the last packet,
but not more than 16 less.  This should discard most
packets shuffled by multipath routing, while limiting the
maximum loss in the case of intermittent outages which
completely lose sync to at most 16 packets.

A sample speech file containing four sentences spoken by
male and female speakers (originally supplied as a test for
the CELP library) is now included as "speech.au" in the
Speak Freely distribution.  (The original test file was 8
kHz 16 bit PCM--the version supplied in the distribution
has been recoded as 8 kHz mu-law, Speak Freely's native
format.)  This file allows evaluation of different
compression modes and diagnosis of problems due to audio
input hardware settings (clipping, insufficient input gain,
incorrect sampling rate, or conversion to mu-law, etc.) by
comparing live audio against this properly recorded file.

Bug Fixes
-

Transmission of face images now works when the audio stream
is encrypted.  (Fix by Ivan Popov.)

LPC10 audio compression should no longer be vulnerable to
compiler optimisation problems on various platforms, nor
to potential byte order or alignment problems.  The
original LPC10 codec was machine-translated from FORTRAN
into K&R C and contained numerous constructs which invited
code generation problems.  The code is now fully prototyped
ANSI C and should no longer have 

Threat Recognition Testing (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Fri, 5 Oct 2001 04:49:08 -0700
From: J. R. Molloy <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Threat Recognition Testing

Brain fingerprinting: What you thought, what I meant
David Coursey
http://www.zdnet.com/anchordesk/stories/story/0,10738,2816429,00.html
The name: "Brain Fingerprinting" is a particularly unfortunate name that
suggests an ability to somehow gather the contents of someone's brain for
identification. It is also painfully close to "brain washing." For this
discussion, I will propose a more accurate, descriptive term: "Threat
Recognition Testing," or when used in criminal investigations, "Evidence
Recognition Testing."

What the test looks for: Threat Recognition Testing seeks to determine whether
the subject being tested recognizes certain items--which may be images of
physical items, pictures, or terminology. If the subject being tested
recognizes enough specific items, he or she can be assumed to have certain
training or experience. In actual testing, the technique was used to find 100
percent of the FBI agents in a test group without falsely selecting civilians
as FBI agents.

How was this done: The subjects were shown words and images that only an FBI
agent would recognize. The non-FBI agents did not recognize these images and
words.

How the test works: Subjects are hooked up to a device that measures brain
activity (the cerebral equivalent of a heart monitor) and shown a series of
images. An image or word the person recognizes presents a distinct brainwave
pattern when compared with an unrecognized image or word. The person cannot
consciously control this response.

The test does not care who you are, where you are from, your gender, religious
beliefs--anything other than whether you recognize a specific word or image.
All of the words and images can be given to the subject in advance without
affecting the test result.

When good people recognize bad things: It is obvious that a bank robber and an
FBI agent who investigates bank robberies would recognize many of the same
things. For that reason, additional images can be presented to subjects in
order to more precisely understand the context in which an object is
recognized. In an interactive testing system, this could be done
automatically, with the test adapting itself to probe more deeply into areas
of concern.

Does the test "read" someone's mind? The test does not determine what someone
is thinking, or even whether they are lying or not. It does, however,
determine if a person recognizes specific things. The test does not plant any
ideas or images into the subject's mind.

Here's an example of how the test might be used: Take one murder suspect, add
images only the murderer would know--faces of victims, locations, weapons,
etc.--and you should be able to separate the innocent from the potentially
guilty pretty quickly.

In a terrorist-screening scenario, you'd look for recognition of items related
to terrorist training and organizations. Score enough positives and you'd
become very interesting to the authorities.

This is not a technique for discovering things like whether you cheat on your
taxes or spouse (or both). It also won't tell whether you are a Republican,
Democrat, or something else, though it could determine whether you attended
one of the parties' national conventions (by testing you on what you would
have seen there).

The strengths: The test is excellent at clearing the innocent and, properly
given, can determine, if not always guilt, then at least what knowledge a
subject possesses, allowing for further investigation. The testing is
computerized, could require no human intervention, and is not racially,
ethnically, or culturally biased. Testing could take as little as 10 minutes,
but could be expanded to cover more items, thus adding the detail necessary to
separate security risks from non-risks.

The limitations: This technology has been tested and accepted by courts,
though additional testing certainly makes sense. There are also some technical
hurdles which today make the technique more suited for longer testing of
specific individuals (suspects) than quick testing of the general public
(screening).

This specifically relates to the devices used to record brain activity. With
digital signal processing, it should be possible to improve the
signal-to-noise ratio (which shortens the time needed for testing). Actually
creating the tests is a non-trivial matter, especially when screening for
potential problems rather than investigating an actual crime or incident.

---   ---   ---   ---   ---

Useless hypotheses, etc.:
 consciousness, phlogiston, philosophy, vitalism, mind, free will, qualia,
analog 

IP: Newsweek: FBI had one hijacker before Sept 11th and Justice DeptBumbled (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Wed, 03 Oct 2001 12:59:34 -0400
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: Newsweek: FBI had one hijacker before Sept 11th and Justice
Dept Bumbled


>Date: Wed, 03 Oct 2001 09:44:40 -0700
>From: "Robert J. Berger" <[EMAIL PROTECTED]>
>
>{The FBI and the Justice Dept had tools before Sept 11 and didn't use
>them. They don't need more ways to errode our civil liberties, they need
>to be competent}
>
>** Access Denied **
>FBI agents in Minneapolis weren't given approval to search terrorist
>suspect's hard drive by the Justice Department. If 'two and two' were put
>together could hijackings have been stopped, asks one investigator. A Web
>exclusive by Michael Isikoff and Daniel Klaidman
>
>http://www.msnbc.com/modules/exports/ct_email.asp?/news/636610.asp
>
>Oct. 1 —  Top Justice Department and FBI officials turned down a request
>by Minneapolis FBI agents early last month for a special
>counterintelligence surveillance warrant on a suspected Islamic terrorist
>who officials now believe may have been part of the Sept. 11 plot to
>attack the World Trade Center and Pentagon, NEWSWEEK has learned.
>
>--



For archives see: http://www.interesting-people.org/

[ISN] Hijackers' e-mails sifted for clues Computer messages weresentuncoded (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Wed, 3 Oct 2001 02:18:55 -0500 (CDT)
From: InfoSec News <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [ISN] Hijackers' e-mails sifted for clues Computer messages were
sentuncoded

Forwarded from: Patrice Auffret <[EMAIL PROTECTED]>

http://www.usatoday.com/usatonline/20011001/3496196s.htm

Hijackers' e-mails sifted for clues Computer messages were sent uncoded

By Kevin Johnson
USA TODAY

WASHINGTON -- Federal authorities believe that some of the 19
hijackers involved in the Sept. 11 terrorist attacks were using
computers in all-night Kinko's stores and cybercafes in South Florida
to coordinate their activities in the weeks before the assaults.

Investigators have amassed what they described as a ''substantial''
amount of e-mail traffic among the hijackers. Some of the messages
were exchanged in a mix of English and Arabic.

None of the communications, authorities said Sunday, involved the use
of encryption or other code to disguise the contents of the messages.

At least two laptop computers seized in the United States were being
examined closely by investigators. They hope to determine whether the
machines contained information that could help identify associates of
the hijackers in this country or provide leads about future terrorist
attacks, a senior law enforcement official said.

The disclosure appeared to be further evidence that the hijackers felt
free to conduct their business in the open without much fear they
would be discovered.

Late last month, law enforcement officials said they believed that the
hijackers or their associates did extensive scouting missions on
various airline routes before settling on flights originating in
Boston, Newark, N.J., and Washington.

Investigators said they believe that the hijackers selected the four
flights they commandeered Sept. 11 because passenger loads generally
were light and the fuel tanks on the jets, all on transcontinental
routes, were full.

Official interest in the hijackers' methods of communication comes as
the largest criminal investigation in U.S. history continues to widen.
The attacks left nearly 6,000 people dead or missing.



-
ISN is currently hosted by Attrition.org

To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY
of the mail.

Re: [ISN] CRYPTO-GRAM SPECIAL ISSUE, September 30, 2001 (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Wed, 3 Oct 2001 02:20:55 -0500 (CDT)
From: InfoSec News <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [ISN] CRYPTO-GRAM SPECIAL ISSUE, September 30, 2001

Forwarded from: Aj Effin Reznor <[EMAIL PROTECTED]>

Pardon the rant.  Since Bruce went down his yellow brick road to the
Land Where Full Disclosure Is Bad, I have been wondering about the
usefulness of a crypto guy functioning as the head of a security
company.

"InfoSec News was known to say."

> Watching the television on September 11, my primary reaction was
> amazement.

Thanks for reminding us that you're human...

> supports and collapse the World Trade Center.  It seems probable
> that they placed advantageous trades on the world's stock markets
> just before the attack.  No one planned for an attack like this.
> We like to think that human beings don't make plans like this.

>From what I've gathered since the 11th, this *was* planned for, in a
sense. The scenario was deemed unlikely enough that any preparation
for such an occurance was considered pointless.


> It was also a new type of attack.  One of the most difficult
> things about a

(This line is important in a minute).


> Airline Security Regulations
>
> Computer security experts have a lot of expertise that can be
> applied to the real world.  First and foremost, we have
> well-developed senses of what security looks like.  We can tell
> the difference between real security and snake oil.  And the new
> airport security rules, put in place after September 11, look and
> smell a whole lot like snake oil.

"We" computer security experts.

(A) Bruce does crypto, not security.  When he made the cutover, and
rapidly rose to the rank of "expert" is unknown to me.

(B) It's always been said that no one who calls themself an expert in
anything, is.  And chances are the ones who don't, are.

> All the warning signs are there: new and unproven security
> measures, no real threat analysis, unsubstantiated security
> claims.  The ban on cutting

Claims like "full disclosure is bad."  I'd like to see what studies
this ideology is based on.

> Parked cars now must be 300 feet from airport gates.  Why?  What
> security problem does this solve?  Why doesn't the same problem
> imply that passenger drop-off and pick-up should also be that far
> away?  Curbside check-in has been eliminated.  What's the threat
> that this security measure has solved?  Why, if the new threat is
> hijacking, are we suddenly worried about bombs?

Pudding, including proof.  Since this is a new style of hijacking,
then clearly this is all we must concentrate on?  I didn't see people
taking down firewalls just because Code Red & Nimda passed right
through and hit web servers.  No, new threats need to be responded to
without neglecting every previous threat.

Bruce seems to think that just because these guys were so clever, that
they'd never resort back to a simple car bomb parked next to an
airport terminal. No, they'd never go low-tech.  Think: Boxcutters.

> The rule limiting concourse access to ticketed passengers is
> another one that confuses me.  What exactly is the threat here?
> Hijackers have to be on the planes they're trying to hijack to
> carry out their attack, so they have to have tickets.  And anyone
> can call Priceline.com and "name their own price" for concourse
> access.

Unless they were simply planting a bomb in the luggage compartment.
You know, like an airport-employed *baggage*handler* would be able to
do.

Bruce is making far too many assumptions which, instead of bordering
on the fanatical are instead bordering on the blind.

> Increased inspections -- of luggage, airplanes, airports -- seem
> like a good idea, although it's far from perfect.  The biggest
> problem here is

Inspection of what, a hijacker?  Until a hijacking occurs, any
terrorist is merely a potential hijacker.  What are these inspections
for that Bruce supports?  Bombs?  The same ones he thinks are a
non-issue now?

> Positive bag matching -- ensuring that a piece of luggage does not
> get loaded on the plane unless its owner boards the plane -- is
> actually a good security measure, but assumes that bombers have
> self-preservation as a guiding force.  It is completely useless
> against suicide bombers.

Now bombs *are* an issue again!  This waffling is feeling rather
Clinton-esque!

> The real point of photo ID requirements is to prevent people from
> reselling tickets.  Nonrefundable tickets used to be regularly
> advertised in the newspaper classifieds.  Ads would read something
> like "Round trip, Boston

This much I agree with.

>  Biometrics in Airports
>
> You have to admit, it sounds like a good idea.  Put camera

Re: SF development (fwd)

[Eugene Leitl]

-- Forwarded message --
Date: Mon, 01 Oct 2001 16:30:17 -0400
From: Kirk Reiser <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: SF development

I don't know what happened to Brian however as far as I know John
Walker is still lurking.  Development is anything but halted.  Ron
Bessem has a mixing version of the windows speak freely and Jonnas and
I have a unix/linux version in cvs.

Changes have not been happening quickly recently but that is because
we are both busy on other projects.  You are of course welcome to get
involved and help with the development.  There's plenty of room for
everyone.

cvs -d:pserver:[EMAIL PROTECTED]:/usr/src/CVS login
password: please
cvs -d:pserver:[EMAIL PROTECTED]:/usr/src/CVS co
speak_freely (unix/linux) or win_sf for windows)

  Kirk

  * * *

To unsubscribe from this mailing list, send E-mail containing
the word "unsubscribe" in the message body (*not* as the
Subject) to [EMAIL PROTECTED]

STILL OFF TOPIC: Re: America needs therapy

[Eugene Leitl]

On Mon, 1 Oct 2001, Steve Schear wrote:

> At 01:25 PM 10/1/2001 -0400, James B. DiGriz wrote:
> >Declan McCullagh wrote:
> >A far more productive application of corporate welfare would be if that
> >money were spent on engineering research and development of geosynchronous
> >solar power microwave relays, fusion and advanced fission reactors,

GEO is lousy: it's too far away, and it's packed already. Newer concepts
assume LEO with active microwave focus tracking of the rectenna ground
array with phased array antennas integrated into the solar array. You have
to have sufficient amounts of hardware in the sky for continuous line of
sight presence.

> >permanent manned statons on the Moon, Mars, asteroids, etc. The planet and

Luna is closest, and it's near enough for relativistic lag being low
enough to allow teleoperation. Sending monkeys elsewhere would seem a
later stage.

> >its politics would likely be a lot cleaner. Just one beneficial side effect.
>
> Research in geosynchronous power satellites is still being funded.  One
> program, started in Japan but which is now also funded by NASA, uses 5.7
> GHz transmission to a ground based RECifying anTENNAs.  Another project
> intends to use IR lasers.  My understanding is these projects are receiving
> serious funding and prototypes should fly soon.

Problem is high LEO launch costs. It would seem easier to build automated
and teleoperate fabbing and (linear motor) launching facilities on Luna,
and circularize orbit mostly by aerobraking.

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

OFF TOPIC: Re: America needs therapy

[Eugene Leitl]

This is about as off-topic as the mold issue. You've been warned.

On Mon, 1 Oct 2001, Harmon Seaver wrote:

> > Biodiesel and bioethanol are horribly inefficient as far as conversion of
> > solar energy and agricultural area is concerned. Large scale agriculture
> > is not exactly environmentally neutral. They're extreme niche or gimmick
> > fuels at best.
>
> Where do you get that from? Are you saying that farmers aren't growing
> canola oil at a profit? Farmers are also growing corn and that corn is
> turned into ethanol at a profit.

No. I'm saying if you use bioethanol, biodiesel or oil made from
agricultural products you're milking a negligable fraction of the solar
constant (1.4 kW/m^2 flux hereabouts), even solar constant at the bottom
of this gravity well (varies greatly). Plus, you kill soil, reduce
biodiversity, contaminate ground water, reduce ground water level plus
cause salination in susceptible areas, burn energy for machines,
fertilizer & Co and create waste. There are also less tangible but
nevertheless real factors such as high material fluxes, associated
pollution, perpetuation of Carnot cycle machines and agromafia.

What we need is sufficient control of molecular self-replication that we
can use photons directly for photosynthesis or water photolysis. Before
we'll get that, we'll have to settle for conventional thin-film and
polymer photovoltaics, electrolysis and photoelectrolysis/photosynthesis.
I would think that CuInSe thin film would do very nicely today if
facade-integrated, before we get polymer.

> http://journeytoforever.org/ethanol.html
>
> > Ethanol is a highly efficient fuel. A study by

Energy density of ethanol is about half of gasoline. You *can* use it in a
fuel cell or a fuel reformer, but methanol is easier. Methanol <->
synthesis gas conversion is really clean.

> >   the Institute of Local Self-Reliance in the
> >   US found that using the best farming and
> >   production methods, "the amount of energy
> >   contained in a gallon of ethanol is more than
> >   twice the energy used to grow the corn and
> >   convert it to ethanol".

So, assuming these people haven't been pulling data straight from their
ass, you have to burn half of the ethanol you would get from a square
meter of a field in order to do it. Not counting the presence of said
field, the agricultural infrastructure and the agrohol plant.

> >   The US Department of Agriculture says
> >   each BTU (British Thermal Unit, an energy
> >   measure) used to produce a BTU of
> >   gasoline could be used to produce 8 BTUs
> >   of ethanol.

Now this says something else than journeyforever folks said. 8:1 is
something else than 2:1.

> >   The non-profit American Coalition for
> >   Ethanol says ethanol production is
> >   "extremely energy efficient", with a positive

Energy efficient as compared to what exactly? Nuke, fossil, photovoltaics,
wind? And, of course, energy is only a very small part of the picture.

> >   energy balance of 125%, compared to 85%
> >   for gasoline, making ethanol production "by
> >   far the most efficient method of producing
> >   liquid transportation fuels".

Now, it's only 125%. Very strange numbers, these.

> >
>
>   If you are refering to the paper done by Pimental, that study was
> seriously flawed (so much so that one might think it was paid for by big oil)
> and thoroughly debunked.  See:
> http://journeytoforever.org/ethanol_energy.html

I do not refer to the study of Pimenthal, just seat of the pants ecology
and 8th class highschool level physics. I don't have time to google for
this stuff, but I'm sure you'll find enough references as to why
bioethanol and biodiesel are hardly a silver bullet.

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

Re: America needs therapy

[Eugene Leitl]

On Mon, 1 Oct 2001, Harmon Seaver wrote:

> Not true at all. Biodiesel is being marketed in the US today at
> competitive prices, and obviously, like anything else, economies of
> scale would bring down that price. Ethanol is another one. Brazil run

Biodiesel and bioethanol are horribly inefficient as far as conversion of
solar energy and agricultural area is concerned. Large scale agriculture
is not exactly environmentally neutral. They're extreme niche or gimmick
fuels at best.

Synfuel and synthetic methanol as well as hydrogen via fuel reforming from
fossils and biomass/renewables is another thing entirely, and entirely
worthwhile. Both synthetic methanol and fuel reforming allows slow
migration to fuel cells, without pissing off the fossil fuel people.

> a large portion of it's vehicles on ethanol.

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

Re: Selected quotes from Keyser-Soze

[Eugene Leitl]

On Mon, 24 Sep 2001, Aimee Farr wrote:

> Keyser, what sign were you born under?

Rattlesnake, obviously.

IP: Do read -- EFF statement on opposition to MATA/ATA (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Sun, 23 Sep 2001 06:25:50 -0400
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: Do read --  EFF statement on opposition to MATA/ATA


>EFF members have asked why we have objected to some of the proposed
>changes to wiretapping and other laws made in the aftermath of the recent
>terrorist attacks on the U.S. We do not raise these objections lightly,
>not are they light objections.  We fully support legitimate government
>efforts to bring the perpetrators of these attacks to justice. Yet as a
>watchdog for civil liberties, we are skeptical of claims that the only way
>we can increase our security is by giving up our freedoms.  And a close
>look at the specific measures proposed shows several areas that should
>concern all Americans.
>
>First, these bills are not being carefully reviewed, or even reviewed at
>all, by our lawmakers.   SA 1562 was introduced late at night and voted on
>within a half hour, with several senators complaining that they had not
>been given the chance to read it.  Similarly, both MATA and its later
>incarnation, ATA, are long and complex bills, making changes throughout
>our legal structure. Yet the Attorney General has asked for them to be
>voted into law within a week.  This complete dismissal of the normal
>processes for legislation should alarm anyone who believes in democratic
>government.
>
>Second, these changes are permanent.  EFF shares the desire to move
>quickly now in order to better track the perpetrators of this shocking
>attack.  But none of the legislative changes that have been proposed so
>far is temporary -- these are broad ranging, permanent reductions in civil
>liberties and privacy of all Americans.  History has shown that such laws,
>passed in haste during a time of crisis, linger and cause difficulties
>long after the crisis has passed.
>
>Third, these proposed laws include provisions that appear to have nothing
>to do with fighting terrorism, such as allowing wiretaps based upon
>allegations of defacing a web site. If it is the case that low-level
>computer defacement is a problem that relates to terrorism, we encourage
>law enforcement to explain the connection. Instead, it seems that several
>of the most worrisome provisions of the proposed laws are part of a
>general law enforcement "wish list" rather than a specific response to
>terrorism.
>
>Finally, changes in surveillance authority are suggested without any
>showing that the current requirements for FISA, Title III and pen/trap
>surveillance posed a barrier to the investigation of the attacks.  We have
>been told that FISA warrants were issued and served on major ISPs within
>hours of the terrorist attacks last week.  There have been no reports that
>the minimal processes required for these warrants have hampered the
>investigations.
>
>The EFF does not categorically oppose all changes in our laws or
>regulations in response to the attack.  But responses that are unrelated
>to increasing our security or that change parts of the laws that are not a
>barrier to preventing of terrorism are not only bad policy, they run the
>risk of lulling us into believing that we are more safe than we actually
>are.  The EFF does not claim to be experts in anti-terrorism measures. We
>are experts in civil liberties and privacy, however, and believe that any
>lessening of those rights must be carefully debated and adequately justified.
>
>The U.S. legal system has been based upon the basic precept that American
>citizens should not be subject to surveillance unless there has been a
>showing that he or she may have committed a serious offense.  Maybe we now
>wish abandon that precept.  Maybe we now wish to live in a world where who
>we e-mail and where we travel on the Internet is routinely monitored by
>centralized government authorities. We at the EFF do not believe so. But
>at a minimum, such changes must be subjected to informed public debate.
>
>On September 11, President Bush said that freedom itself had been
>attacked.  In our response to that horrible act, the understandable desire
>to prevent future attacks should not lead us to do further, permanent
>damage that same freedom.



For archives see: http://www.interesting-people.org/

MMReencrypt

[Eugene Leitl]

http://sourceforge.net/projects/mmreencrypt/

MMReencrypt is an add-on for Mailman. It allows reencrypting mailing lists
for added security. Users post messages PGP- or GPG-encrypted to the
list's public key. MMReencrypt decrypts them, then re-encrypts the message
to each subscriber.

RE: SYMBOL

[Eugene Leitl]

On Sun, 16 Sep 2001, Sandy Sandfort wrote:

> As were buildings above 5 stories in ancient Rome.  Technology moves
> on. The question is not, "Can 250-story buildings be made safe?"  The
> only question is "How can they be made safe?"

The question is: why should we bother? Tall buildings have intrinsically
bad volume to crossection ratio, by definition. Both the static and the
infrastructure is vulnerable, so the efforts would be far better spent by
decentralizing the society. Monkeys want to see monkeys, fine. We have
video projectors and AR avatars for that, and last time I looked most of
the fiber was idle.

Re: [linux-elitists] Cryptome up for mirroring (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO  : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Sun, 16 Sep 2001 08:54:12 -0400
From: Aaron Sherman <[EMAIL PROTECTED]>
To: Eugene Leitl <[EMAIL PROTECTED]>
Cc: Linux Elitists List <[EMAIL PROTECTED]>
Subject: Re: [linux-elitists] Cryptome up for mirroring

On Sat, Sep 15, 2001 at 11:01:30PM +0200, Eugene Leitl wrote:

> All blocks and limitations on downloads here have been removed. We
> request that bots and spiders be configured and monitored to avoid
> repetiveness, looping, recycling and checking previous downloads.
> Bandwidth trashing programs will be seen as attacks and blocked to
> assure access by others.

I'm also putting up a lot of the software that's currently listed on
freshmeat (gnupg and it's associated library packages, pgp2.6,
some email crypto packages, Perl and python interfaces to crypto,
and a more) up on Gnutella. I will be allowing downloads at a restricted
bandwidth, but hopefully these packages will be picked up and mirrored
across the gnutella network.

For folks interested in getting involved in the effort to assure
crypto access, please check out my comments on pps.sourceforge.net

-- 
Aaron Sherman
[EMAIL PROTECTED] finger [EMAIL PROTECTED] for GPG info. Fingerprint:
www.ajs.com/~ajs6DC1 F67A B9FB 2FBA D04C  619E FC35 5713 2676 CEAF
  "I've committed many sins. Have I displeased you, you feckless thug?"
   -President Bartlet, ``The West Wing''
___
linux-elitists
http://zgp.org/mailman/listinfo/linux-elitists

Re: Crypto Access

[Eugene Leitl]

On Sat, 15 Sep 2001, John Young wrote:

> What methods could be used to assure continued access to
> crypto even if possession and/or usage is outlawed?

Well, if you wouldn't be so coy about mirroring, I would love to push
anything cypherpunkly to Mojo Nation and Freenet. It is going to be very
difficult to block next generation of Freenet.

However, if you block at IP level after pulling more than 100
documents/day it becomes too dificult for me to so. The difference is
picking a spider off the shelf, or heavily customize one to throttle it.

So, consider burning a few CDs (the site is currently what? 200 MBytes,
300?), and mail them to whoever asks you. If you publish diffs in
identifyable directories and opens them in robots.txt it would really
reduce the load on your site, too.

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO  : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

IP: RE: Senate votes to permit warrantless Net-wiretaps, Carn ivoreus e (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO  : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Fri, 14 Sep 2001 20:50:31 -0400
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: RE: Senate votes to permit warrantless Net-wiretaps,
 Carn ivore us e


>From: "Baker, Stewart" <[EMAIL PROTECTED]>
>To: "'Declan McCullagh'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
>[EMAIL PROTECTED]
>cc: "Albertazzie, Sally" <[EMAIL PROTECTED]>,
>"Baker, Stewart" <[EMAIL PROTECTED]>
>
>
>Declan,
>
>I ignored the first two points because I don't think they're that important.
>These "warrantless searches" are emergency orders that have to be followed
>by a court order in 48 hours.  Sometimes courts are closed and the cops need
>data right away.  Tuesday evening would be a good example.  This is not some
>out-of-control police authority.
>
>The people who can ask for emergency orders have to be designated by one of
>several officials at Main Justice.  That's to make sure someone responsible
>ends up with the authority to declare an emergency.  So an assistant US
>attorney could be designated by Main Justice in each district right now.
>What's the big deal with letting the US Attorney for the district do the
>designating instead of Main Justice? Seems to me that the US Attorney
>probably knows more about staff changeovers than Main Justice, so it makes
>sense for the US Attorney to do the designating locally.
>
>Stewart



For archives see: http://www.interesting-people.org/

IP: out of time order read this first RE: Senate votes to permitwarrantless Net-wiretaps, Carnivore us e (fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO  : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Fri, 14 Sep 2001 20:51:50 -0400
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: out of time order read this first RE: Senate votes to permit
warrantless Net-wiretaps, Carnivore us e


>Date: Fri, 14 Sep 2001 19:59:39 -0400
>To: [EMAIL PROTECTED], [EMAIL PROTECTED]
>From: Declan McCullagh <[EMAIL PROTECTED]>
>
>Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
>
>Dave,
>I'm glad to see Stu joining the civil libertarian crowd. He's right, of
>course, that there are reasons to be uneasy about the new "Combating
>Terrorism Act."
>
>Current law permits specific Justice Department officials to authorize
>meatspace telephone pen register and trap and trace devices without a
>court order in two circumstances. Here's an excerpt from the U.S. Code:
>
>http://www4.law.cornell.edu/uscode/18/3125.html
>>an emergency situation exists that involves immediate danger of death or
>>serious bodily injury to any person [or] conspiratorial activities
>>characteristic of organized crime
>
>This bill does three things of note:
>
>1. It adds "U.S. Attorney" to the list of officials who can authorize
>warantless surveillance.
>
>2. It expands the "emergency situation" rule beyond serious bodily
>injury/organized crime. I described this in my article:
>http://www.wired.com/news/politics/0,1283,46852,00.html
>>Circumstances that don't require court orders include an "immediate
>>threat to the national security interests of the United States, (an)
>>immediate threat to public health or safety or an attack on the integrity
>>or availability of a protected computer." That covers most computer
>>hacking offenses.
>
>3. It rewrites pen register/trap and trace law and moves it from the
>telephone world to explicitly cover computer networks as well, which would
>permit Carnivore's use under this section (when operated in
>trap-and-trace/pen-register mode). Here are some excerpts from the bill:
>
>http://www.politechbot.com/docs/cta.091401.html
>>The order shall, upon service of the order, apply to any entity providing
>>wire or electronic communication service in the United States...
>>inserting ``, routing, addressing,'' after ``dialing''... by striking
>>``call processing'' and inserting ``the processing and transmitting of
>>wire and electronic communications''...
>
>Now, whether all this is, as Stu blandly suggests, "a bit alarmist," is up
>to IPers to decide. But I think Senator Patrick Leahy, the chairman of the
>Senate Judiciary committee, put it well during the floor debate last
>night. Here's a quote from the Congressional Record.
>
>http://www.fas.org/sgp/congress/2001/s091301.html
>>LEAHY: Maybe the Senate wants to just go ahead and adopt new abilities to
>>wiretap our citizens. Maybe they want to adopt new abilities to go into
>>people's computers. Maybe that will make us feel safer. Maybe. And maybe
>>what the terrorists have done made us a little bit less safe. Maybe they
>>have increased Big Brother in this country.
>
>-Declan



For archives see: http://www.interesting-people.org/

Please make stable NON-US homes for strong crypto projects

[Eugene Leitl]

I'm usually not forwarding messages from cryptography@ here, but this one
is an exception.

-- Forwarded message --
Date: Sat, 15 Sep 2001 00:32:12 -0700
From: John Gilmore <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Please make stable NON-US homes for strong crypto projects

It's clear that the US administration is putting out feelers to
again ban publication of strong encryption.  See:
  http://www.wired.com/news/politics/0,1283,46816,00.html

The evil gnomes who keep advancing unconstitutional US anti-crypto
policies know that the current hysteria in Congress and the
Administration will not last forever.  So they will probably move very
quickly -- within a week is my guess -- to re-control encryption,
either by a unilateral action of the Administration (by amending
the Export Administration Regulations), or by stuffing a rider onto
some so-called "emergency" bill in Congress.

They maneuvered very carefully in the Bernstein case such that there
is no outstanding injunction against violating the Constitution this
way -- and even no binding 9th-Circuit precedent that tells them it's
unconstitutional to do so.  They know in their hearts that numerous
judges have found it unconstitutional, but they have proven throughout
the seven-year history of the case that they don't give a damn about
the Constitution.  Which means it may take weeks, months or years for
civil liberties workers to get a judge to roll back any such action.
Not just days.  We won the case, but they squirmed out of any
permanent restrictions -- so far.

The US government has a new mania for wiretapping everyone in case
they might be a terrorist.  There's already two bills in Congress to
make it trivial for them to wiretap anybody on flimsy excuses, and to
retroactively justify their precipitous act of rolling Carnivore boxes
into major ISPs this week and demanding, without legal authority, that
they be put at the heart of the networks.  See:
  http://www.politechbot.com/docs/cta.091401.html

Even more than before, we will need good encryption tools, merely to
maintain privacy for law-abiding citizens, political activists, and
human rights workers.  (In the current hysteria, mere messages
advocating peace or Constitutional rights might best be encrypted.)
The European Parliament also recently recommended that European
communications be routinely encrypted to protect them from pervasive
US Echelon wiretaps.

Some US developers, who thought such a reversal would never happen,
have built or maintained a number of good open source encryption tools
in the United States, and may not have lined up solid foreign
maintainers or home sites.

LET'S FIX THAT!  We need volunteers in many countries to mirror
current distributions, CVS trees, etc.  We need volunteers to also
act as maintainers, accepting patches and integrating them into
solid releases.

(Note that too many countries have pledged to stand toe-to-toe with the
US while they march off to make war on somebody they can't figure out
who it is yet.  If you live in one of those countries, you may
suddenly find that your own crypto regs have been sneakily altered.
Take care that each useful package has maintainers and distribution
points in diverse countries.)

I haven't kept close track of which packages are in danger.  I
suggest that people nominate packages on this mailing list, and that
others immediately grab mirror copies of them as they are nominated.
And that some of those who mirror them keep quiet, in case hysterical
governments make a concerted effort to stamp out all copies and/or all
major distribution sites.  If you aren't the quiet type, then *AFTER*
IMMEDIATELY PULLING A COPY OF THE CODE OUTSIDE US JURISDICTION,
announce your mirror on this mailing list.

We freedom-loving US citizens have had to rely on the freedom-loving
citizens of saner countries, to do the work of making strong
encryption, for many years.  We had a brief respite, which we will
eventually resume for good.  In the meantime, please let me apologize
for my countrymen and for my government, for asking you to shoulder
most of the burden again.  Thank you so much.

John Gilmore

PS: Companies with proprietary encryption packages might consider
immediately open-sourcing and exporting their encryption add-ins, so
their customers can still get them from overseas archives.  Or taking
other actions to safeguard the privacy and integrity of their
customers' data and their society's infrastructure.  I also advise
that they lobby like hell to keep privacy and integrity legal in the US.



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: Manhattan Mid-Afternoon

[Eugene Leitl]

On Thu, 13 Sep 2001 [EMAIL PROTECTED] wrote:

> If, however, it turns out that all the terrorists were from some
> countries that are unfree, poor and miserable, and are outraged by the
> fact that we are free, rich and happy, and blame us, rather than
> themselves, for their poverty and misery, then the only way to appease
> them would be to become unfree and poor.  I would rather toast the
> entire third world, than make such a concession.

Get a clue, quick.

IP: [ I take it back djf ] U.S. Intelligence Gathering Reviewed(fwd)

[Eugene Leitl]

-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl
__
ICBMTO  : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

-- Forwarded message --
Date: Thu, 13 Sep 2001 08:25:22 -0400
From: David Farber <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: [ I take it back djf ] U.S. Intelligence Gathering Reviewed


>U.S. Intelligence Gathering Reviewed
>
>By THE ASSOCIATED PRESS
>
>
>
>Filed at 7:11 a.m. ET
>
>NEW YORK (AP) -- A current emphasis on technology over human
>intelligence-gathering, a funding shortage and an information
>overload may help explain U.S. intelligence agencies' failure to
>forestall the worst terror attack on American soil.
>
>``Our raw intelligence has gotten weaker, partly because we're not
>hiring, we're not paying and we're not analyzing what we're
>collecting,'' said Anthony Cordesman, an anti-terrorism expert with
>the Washington-based Center for Strategic and International
>Studies.
>
>His comments echoed those of former Secretary of State James A.
>Baker III, who told CNN that ``it would be well ... to consider
>beefing up some of our intelligence capabilities, particularly in
>the areas of human intelligence.''
>
>That's easier said than done, said Gideon Rose, managing editor of
>Foreign Affairs magazine.
>
>``It's incredibly difficult to find the right people who can
>infiltrate these groups,'' Rose said. ``As far as making other
>changes, it means going up against Washington's bureaucratic
>inertia.''
>
>During the Cold War, the United States began pouring billions into
>satellite imagery, communications interception and reconnaissance
>equipment. The tools were also useful in monitoring the moves of
>organizations such as the PLO and the IRA -- which had traditional,
>low-tech structures that were relatively easy to follow.
>
>But the extraordinary costs meant cutbacks in personnel at the CIA
>and the National Security Agency, the nation's international
>eavesdropping arm.
>
>As the Cold War came to a close, the number of threatening groups
>increased tenfold just as the digital revolution hit, making global
>communications suddenly very cheap and secure. Meanwhile, the
>numbers of people working in U.S. intelligence remained constant.
>
>These days, terrorists can download sophisticated encryption
>software on the Internet for free, making it increasingly difficult
>to tap into their communications.
>
>One recent report said Osama bin Laden, a suspect in Tuesday's
>attacks, has used complex digital masking technology called
>steganography to send photos over the Internet bearing hidden
>messages.
>
>The head of NSA, Gen. Mike Hayden, acknowledged in an interview
>with CBS' ``60 Minutes II'' earlier this year that his agency is
>``behind the curve in keeping up with the global telecommunications
>revolution,'' adding that bin Laden ``has better technology'' than
>the agency.
>
>Former national security adviser Sandy Berger said Wednesday that
>the terrorists responsible for Tuesday's carnage displayed ``a
>level of sophistication that is beyond what any intelligence outfit
>thought was possible.'' Yet, many believe the perpetrators used
>low-tech methods to elude Western intelligence.
>
>Wayne Madsen, a former NSA intelligence officer, said he believes
>the terrorists shunned e-mail and mobile phones, using couriers and
>safe houses instead. He said it was likely the terrorists in each
>of Tuesday's four hijacked planes didn't know the others existed.
>
>Terrorist ``cells are kept small and very independent so
>intelligence agencies can't establish any sort of network,'' Madsen
>said.
>
>Others say the big problem is not the technological shortcomings
>but the inability to get inside tightly-knit organizations such as
>bin Laden's.
>
>``It's not easy to knock on bin Laden's cave and say we'd like to
>join,'' said Frank Cilluffo, a senior analyst at the Center for
>Strategic and International Studies. ``These are hard targets for
>Americans to infiltrate and we need to recruit the kind of people
>who have the language and the cultural understanding to gain access
>to these organizations.''
>
>Eugene Carroll, a Navy admiral and a defense expert, agreed.
>``These people can only be countered by superb intelligence. The
>U.S. doesn't have it,'' he said.
>
>Experts say intelligence-gathering, to be effective, must involve
>close coordination between eavesdropping and spying. In practical
>terms, this means cooperation between the NSA and CIA.
>
>Madsen said there is reason to believe the NSA received some good
>intelligence showing bin Laden's involvement in Tuesday's attacks
>but that it wasn't recognized as such.
>
>``There's an information overload out there and not surprisingly it
>becomes very hard to process, prioritize it and share it,'' said
>Ian Lesser at the Rand Corporation think tank.
>
>Others said