CodeCon 2006 Call For Papers
CodeCon 2006 February 10-12, 2006 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presentations must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code. We hereby solicit papers and demonstrations. * Papers and proposals due: December 15, 2005 * Authors notified: January 1, 2006 Possible topics include, but are by no means restricted to: * community-based web sites - forums, weblogs, personals * development tools - languages, debuggers, version control * file sharing systems - swarming distribution, distributed search * security products - mail encryption, intrusion detection, firewalls Presentations will be 45 minutes long, with 15 minutes allocated for QA. Overruns will be truncated. Submission details: Submissions are being accepted immediately. Acceptance dates are November 15, and December 15. After the first acceptance date, submissions will be either accepted, rejected, or deferred to the second acceptance date. The conference language is English. Ideally, demonstrations should be usable by attendees with 802.11b connected devices either via a web interface, or locally on Windows, UNIX-like, or MacOS platforms. Cross-platform applications are most desirable. Our venue will be 21+. To submit, send mail to [EMAIL PROTECTED] including the following information: * Project name * url of project home page * tagline - one sentence or less summing up what the project does * names of presenter(s) and urls of their home pages, if they have any * one-paragraph bios of presenters, optional, under 100 words each * project history, under 150 words * what will be done in the project demo, under 200 words * slides to be shown during the presentation, if applicable * future plans General Chair: Jonathan Moore Program Chair: Len Sassaman Program Committee: * Bram Cohen, BitTorrent, USA * Jered Floyd, Permabit, USA * Ian Goldberg, Zero-Knowledge Systems, CA * Dan Kaminsky, Avaya, USA * Ben Laurie, The Bunker Secure Hosting, UK * Nick Mathewson, The Free Haven Project, USA * David Molnar, University of California, Berkeley, USA * Jonathan Moore, Mosuki, USA * Meredith L. Patterson, University of Iowa, USA * Len Sassaman, Katholieke Universiteit Leuven, BE Sponsorship: If your organization is interested in sponsoring CodeCon, we would love to hear from you. In particular, we are looking for sponsors for social meals and parties on any of the three days of the conference, as well as sponsors of the conference as a whole and donors of door prizes. If you might be interested in sponsoring any of these aspects, please contact the conference organizers at [EMAIL PROTECTED] Press policy: CodeCon provides a limited number of passes to qualifying press. Complimentary press passes will be evaluated on request. Everyone is welcome to pay the low registration fee to attend without an official press credential. Questions: If you have questions about CodeCon, or would like to contact the organizers, please mail [EMAIL PROTECTED] Please note this address is only for questions and administrative requests, and not for workshop presentation submissions.
CodeCon 2006 Call For Papers
CodeCon 2006 February 10-12, 2006 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presentations must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code. We hereby solicit papers and demonstrations. * Papers and proposals due: December 15, 2005 * Authors notified: January 1, 2006 Possible topics include, but are by no means restricted to: * community-based web sites - forums, weblogs, personals * development tools - languages, debuggers, version control * file sharing systems - swarming distribution, distributed search * security products - mail encryption, intrusion detection, firewalls Presentations will be 45 minutes long, with 15 minutes allocated for QA. Overruns will be truncated. Submission details: Submissions are being accepted immediately. Acceptance dates are November 15, and December 15. After the first acceptance date, submissions will be either accepted, rejected, or deferred to the second acceptance date. The conference language is English. Ideally, demonstrations should be usable by attendees with 802.11b connected devices either via a web interface, or locally on Windows, UNIX-like, or MacOS platforms. Cross-platform applications are most desirable. Our venue will be 21+. To submit, send mail to [EMAIL PROTECTED] including the following information: * Project name * url of project home page * tagline - one sentence or less summing up what the project does * names of presenter(s) and urls of their home pages, if they have any * one-paragraph bios of presenters, optional, under 100 words each * project history, under 150 words * what will be done in the project demo, under 200 words * slides to be shown during the presentation, if applicable * future plans General Chair: Jonathan Moore Program Chair: Len Sassaman Program Committee: * Bram Cohen, BitTorrent, USA * Jered Floyd, Permabit, USA * Ian Goldberg, Zero-Knowledge Systems, CA * Dan Kaminsky, Avaya, USA * Ben Laurie, The Bunker Secure Hosting, UK * Nick Mathewson, The Free Haven Project, USA * David Molnar, University of California, Berkeley, USA * Jonathan Moore, Mosuki, USA * Meredith L. Patterson, University of Iowa, USA * Len Sassaman, Katholieke Universiteit Leuven, BE Sponsorship: If your organization is interested in sponsoring CodeCon, we would love to hear from you. In particular, we are looking for sponsors for social meals and parties on any of the three days of the conference, as well as sponsors of the conference as a whole and donors of door prizes. If you might be interested in sponsoring any of these aspects, please contact the conference organizers at [EMAIL PROTECTED] Press policy: CodeCon provides a limited number of passes to qualifying press. Complimentary press passes will be evaluated on request. Everyone is welcome to pay the low registration fee to attend without an official press credential. Questions: If you have questions about CodeCon, or would like to contact the organizers, please mail [EMAIL PROTECTED] Please note this address is only for questions and administrative requests, and not for workshop presentation submissions.
CodeCon Reminder
e'd like to remind those of you planning to attend this year's event that CodeCon is fast approaching. CodeCon is the premier event in 2005 for application developer community. It is a workshop for developers of real-world applications with working code and active development projects. Past presentations at CodeCon have included the file distribution software BitTorrent; the Peek-A-Booty anti-censorship application; the email encryption system PGP Universal; and Audacity, a powerful audio editing tool. Some of this year's highlights include Off-The-Record Messaging, a privacy-enhancing encryption protocol for instant-message systems; SciTools, a web-based toolkit for genetic design and analysis; and Incoherence, a novel stereo sound visualization tool. CodeCon registration is discounted this year: $80 for cash at the door registrations. Registration will be available every day of the conference, though ticket are limited, and attendees are encouraged to register on the first day to secure admission. CodeCon will be held February 11-13, noon-6pm, at Club NV (525 Howard Street) in San Francisco. For more information, please visit http://www.codecon.org.
CodeCon Reminder
e'd like to remind those of you planning to attend this year's event that CodeCon is fast approaching. CodeCon is the premier event in 2005 for application developer community. It is a workshop for developers of real-world applications with working code and active development projects. Past presentations at CodeCon have included the file distribution software BitTorrent; the Peek-A-Booty anti-censorship application; the email encryption system PGP Universal; and Audacity, a powerful audio editing tool. Some of this year's highlights include Off-The-Record Messaging, a privacy-enhancing encryption protocol for instant-message systems; SciTools, a web-based toolkit for genetic design and analysis; and Incoherence, a novel stereo sound visualization tool. CodeCon registration is discounted this year: $80 for cash at the door registrations. Registration will be available every day of the conference, though ticket are limited, and attendees are encouraged to register on the first day to secure admission. CodeCon will be held February 11-13, noon-6pm, at Club NV (525 Howard Street) in San Francisco. For more information, please visit http://www.codecon.org.
CodeCon CFP deadline nearing
CodeCon 4.0 February 11-13, 2005 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presenters must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code. We hereby solicit papers and demonstrations. * Papers and proposals due: December 15, 2004 * Authors notified: January 1, 2005 Possible topics include, but are by no means restricted to: * community-based web sites - forums, weblogs, personals * development tools - languages, debuggers, version control * file sharing systems - swarming distribution, distributed search * security products - mail encryption, intrusion detection, firewalls Presentations will be a 45 minutes long, with 15 minutes allocated for QA. Overruns will be truncated. Submission details: Submissions are being accepted immediately. Acceptance dates are November 15, and December 15. After the first acceptance date, submissions will be either accepted, rejected, or deferred to the second acceptance date. The conference language is English. Ideally, demonstrations should be usable by attendees with 802.11b connected devices either via a web interface, or locally on Windows, UNIX-like, or MacOS platforms. Cross-platform applications are most desirable. Our venue will be 21+. To submit, send mail to [EMAIL PROTECTED] including the following information: * Project name * url of project home page * tagline - one sentence or less summing up what the project does * names of presenter(s) and urls of their home pages, if they have any * one-paragraph bios of presenters, optional, under 100 words each * project history, under 150 words * what will be done in the project demo, under 200 words * slides to be shown during the presentation, if applicable * future plans General Chairs: Jonathan Moore, Len Sassaman Program Chair: Bram Cohen Program Committee: * Jeremy Bornstein, AtomShockwave Corp., USA * Bram Cohen, BitTorrent, USA * Jered Floyd, Permabit, USA * Ian Goldberg, Zero-Knowledge Systems, CA * Dan Kaminsky, Avaya, USA * Klaus Kursawe, Katholieke Universiteit Leuven, BE * Ben Laurie, A.L. Digital Ltd., UK * David Molnar, University of California, Berkeley, USA * Jonathan Moore, Mosuki, USA * Len Sassaman, Nomen Abditum Services, USA Sponsorship: If your organization is interested in sponsoring CodeCon, we would love to hear from you. In particular, we are looking for sponsors for social meals and parties on any of the three days of the conference, as well as sponsors of the conference as a whole and donors of door prizes. If you might be interested in sponsoring any of these aspects, please contact the conference organizers at [EMAIL PROTECTED] Press policy: CodeCon provides a limited number of passes to bona fide press. Complimentary press passes will be evaluated on request. Everyone is welcome to pay the low registration fee to attend without an official press credential. Questions: If you have questions about CodeCon, or would like to contact the organizers, please mail [EMAIL PROTECTED] Please note this address is only for questions and administrative requests, and not for workshop presentation submissions.
CodeCon CFP deadline nearing
CodeCon 4.0 February 11-13, 2005 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presenters must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code. We hereby solicit papers and demonstrations. * Papers and proposals due: December 15, 2004 * Authors notified: January 1, 2005 Possible topics include, but are by no means restricted to: * community-based web sites - forums, weblogs, personals * development tools - languages, debuggers, version control * file sharing systems - swarming distribution, distributed search * security products - mail encryption, intrusion detection, firewalls Presentations will be a 45 minutes long, with 15 minutes allocated for QA. Overruns will be truncated. Submission details: Submissions are being accepted immediately. Acceptance dates are November 15, and December 15. After the first acceptance date, submissions will be either accepted, rejected, or deferred to the second acceptance date. The conference language is English. Ideally, demonstrations should be usable by attendees with 802.11b connected devices either via a web interface, or locally on Windows, UNIX-like, or MacOS platforms. Cross-platform applications are most desirable. Our venue will be 21+. To submit, send mail to [EMAIL PROTECTED] including the following information: * Project name * url of project home page * tagline - one sentence or less summing up what the project does * names of presenter(s) and urls of their home pages, if they have any * one-paragraph bios of presenters, optional, under 100 words each * project history, under 150 words * what will be done in the project demo, under 200 words * slides to be shown during the presentation, if applicable * future plans General Chairs: Jonathan Moore, Len Sassaman Program Chair: Bram Cohen Program Committee: * Jeremy Bornstein, AtomShockwave Corp., USA * Bram Cohen, BitTorrent, USA * Jered Floyd, Permabit, USA * Ian Goldberg, Zero-Knowledge Systems, CA * Dan Kaminsky, Avaya, USA * Klaus Kursawe, Katholieke Universiteit Leuven, BE * Ben Laurie, A.L. Digital Ltd., UK * David Molnar, University of California, Berkeley, USA * Jonathan Moore, Mosuki, USA * Len Sassaman, Nomen Abditum Services, USA Sponsorship: If your organization is interested in sponsoring CodeCon, we would love to hear from you. In particular, we are looking for sponsors for social meals and parties on any of the three days of the conference, as well as sponsors of the conference as a whole and donors of door prizes. If you might be interested in sponsoring any of these aspects, please contact the conference organizers at [EMAIL PROTECTED] Press policy: CodeCon provides a limited number of passes to bona fide press. Complimentary press passes will be evaluated on request. Everyone is welcome to pay the low registration fee to attend without an official press credential. Questions: If you have questions about CodeCon, or would like to contact the organizers, please mail [EMAIL PROTECTED] Please note this address is only for questions and administrative requests, and not for workshop presentation submissions.
CodeCon 2005 Call for Papers
CodeCon 4.0 February 11-13, 2005 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presenters must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code. We hereby solicit papers and demonstrations. * Papers and proposals due: December 15, 2005 * Authors notified: January 1, 2005 Possible topics include, but are by no means restricted to: * community-based web sites - forums, weblogs, personals * development tools - languages, debuggers, version control * file sharing systems - swarming distribution, distributed search * security products - mail encryption, intrusion detection, firewalls Presentations will be a 45 minutes long, with 15 minutes allocated for QA. Overruns will be truncated. Submission details: Submissions are being accepted immediately. Acceptance dates are November 15, and December 15. After the first acceptance date, submissions will be either accepted, rejected, or deferred to the second acceptance date. The conference language is English. Ideally, demonstrations should be usable by attendees with 802.11b connected devices either via a web interface, or locally on Windows, UNIX-like, or MacOS platforms. Cross-platform applications are most desirable. Our venue will be 21+. To submit, send mail to [EMAIL PROTECTED] including the following information: * Project name * url of project home page * tagline - one sentence or less summing up what the project does * names of presenter(s) and urls of their home pages, if they have any * one-paragraph bios of presenters, optional, under 100 words each * project history, under 150 words * what will be done in the project demo, under 200 words * slides to be shown during the presentation, if applicable * future plans General Chairs: Jonathan Moore, Len Sassaman Program Chair: Bram Cohen Program Committee: * Jeremy Bornstein, AtomShockwave Corp., USA * Bram Cohen, BitTorrent, USA * Jered Floyd, Permabit, USA * Ian Goldberg, Zero-Knowledge Systems, CA * Dan Kaminsky, Avaya, USA * Klaus Kursawe, Katholieke Universiteit Leuven, BE * Ben Laurie, A.L. Digital Ltd., UK * David Molnar, University of California, Berkeley, USA * Jonathan Moore, Mosuki, USA * Len Sassaman, Nomen Abditum Services, USA Sponsorship: If your organization is interested in sponsoring CodeCon, we would love to hear from you. In particular, we are looking for sponsors for social meals and parties on any of the three days of the conference, as well as sponsors of the conference as a whole and donors of door prizes. If you might be interested in sponsoring any of these aspects, please contact the conference organizers at [EMAIL PROTECTED] Press policy: CodeCon provides a limited number of passes to bona fide press. Complimentary press passes will be evaluated on request. Everyone is welcome to pay the low registration fee to attend without an official press credential. Questions: If you have questions about CodeCon, or would like to contact the organizers, please mail [EMAIL PROTECTED] Please note this address is only for questions and administrative requests, and not for workshop presentation submissions.
CodeCon 2005 Call for Papers
CodeCon 4.0 February 11-13, 2005 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presenters must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code. We hereby solicit papers and demonstrations. * Papers and proposals due: December 15, 2005 * Authors notified: January 1, 2005 Possible topics include, but are by no means restricted to: * community-based web sites - forums, weblogs, personals * development tools - languages, debuggers, version control * file sharing systems - swarming distribution, distributed search * security products - mail encryption, intrusion detection, firewalls Presentations will be a 45 minutes long, with 15 minutes allocated for QA. Overruns will be truncated. Submission details: Submissions are being accepted immediately. Acceptance dates are November 15, and December 15. After the first acceptance date, submissions will be either accepted, rejected, or deferred to the second acceptance date. The conference language is English. Ideally, demonstrations should be usable by attendees with 802.11b connected devices either via a web interface, or locally on Windows, UNIX-like, or MacOS platforms. Cross-platform applications are most desirable. Our venue will be 21+. To submit, send mail to [EMAIL PROTECTED] including the following information: * Project name * url of project home page * tagline - one sentence or less summing up what the project does * names of presenter(s) and urls of their home pages, if they have any * one-paragraph bios of presenters, optional, under 100 words each * project history, under 150 words * what will be done in the project demo, under 200 words * slides to be shown during the presentation, if applicable * future plans General Chairs: Jonathan Moore, Len Sassaman Program Chair: Bram Cohen Program Committee: * Jeremy Bornstein, AtomShockwave Corp., USA * Bram Cohen, BitTorrent, USA * Jered Floyd, Permabit, USA * Ian Goldberg, Zero-Knowledge Systems, CA * Dan Kaminsky, Avaya, USA * Klaus Kursawe, Katholieke Universiteit Leuven, BE * Ben Laurie, A.L. Digital Ltd., UK * David Molnar, University of California, Berkeley, USA * Jonathan Moore, Mosuki, USA * Len Sassaman, Nomen Abditum Services, USA Sponsorship: If your organization is interested in sponsoring CodeCon, we would love to hear from you. In particular, we are looking for sponsors for social meals and parties on any of the three days of the conference, as well as sponsors of the conference as a whole and donors of door prizes. If you might be interested in sponsoring any of these aspects, please contact the conference organizers at [EMAIL PROTECTED] Press policy: CodeCon provides a limited number of passes to bona fide press. Complimentary press passes will be evaluated on request. Everyone is welcome to pay the low registration fee to attend without an official press credential. Questions: If you have questions about CodeCon, or would like to contact the organizers, please mail [EMAIL PROTECTED] Please note this address is only for questions and administrative requests, and not for workshop presentation submissions.
Mixmaster Protocol Draft (revision)
An updated version of the Mixmaster Protocol Specification has been published: http://www.ietf.org/internet-drafts/draft-sassaman-mixmaster-01.txt I'd like this to be the last revision, so if you have any comments on it (or if you've raised issues in the past that you don't see addressed), please let me know. Comment should be emailed to: [EMAIL PROTECTED] Thanks, Len
Mixmaster RFC
Hello, I'm preparing to submit draft -02 of the revised Mixmaster Protocol Specification. If you have any comments, or have previously contributed and have not been acknowledged, please let me know as soon as possible by sending mail to [EMAIL PROTECTED] The last published version is here: http://www.ietf.org/internet-drafts/draft-sassaman-mixmaster-00.txt The current working version of the I-D is here: https://source.mixmaster.anonymizer.com/svn/mixmaster/trunk/Docs/draft- sassaman-mixmaster-XX.txt (Please comment on the latter). Thanks, Len
Mixmaster 3.0b1 released
Mixmaster 3.0b1 has just been released. This release includes two year's worth of development on the Mixmaster software, numerous stability improvements, anonymity benefits, bug fixes, and feature enhancements. We would like to agressively move this out of beta into final release as quickly as possible, so we're highly encouraging users and remailer operators to send us their feedback. Mixmaster can be obtained from: https://sourceforge.net/projects/mixmaster/ The change history for this release can be viewed here: https://source.mixmaster.anonymizer.com/svn/mixmaster/branches/mixmaster_3_0b1/Mix/HISTORY Thanks, Len
Mixmaster 3.0b1 released
Mixmaster 3.0b1 has just been released. This release includes two year's worth of development on the Mixmaster software, numerous stability improvements, anonymity benefits, bug fixes, and feature enhancements. We would like to agressively move this out of beta into final release as quickly as possible, so we're highly encouraging users and remailer operators to send us their feedback. Mixmaster can be obtained from: https://sourceforge.net/projects/mixmaster/ The change history for this release can be viewed here: https://source.mixmaster.anonymizer.com/svn/mixmaster/branches/mixmaster_3_0b1/Mix/HISTORY Thanks, Len
Re: Call to the Usual Suspects
On Fri, 13 Feb 2004, Trei, Peter wrote: I'll be in the SF/SJ area the week of the RSA conference. Anyone interested in getting together for dinner one night? If you're in town the weekend before the RSA Conference, I'll be there too (CodeCon is the Friday - Sunday before RSA.) We used to try to schedule a BA Cypherpunks Physical Meeting to match up with the event, but the PMs seem to have died out.
CodeCon program announced, early registration deadline nearing
The program for CodeCon 2004 has been announced. http://www.codecon.org/2004/program.html CodeCon is the premier showcase of active hacker projects. It is a workshop for developers of real-world applications with working code and active development projects. All presentations will given by one of the active developers, and accompanied by a functional demo. Highlights of CodeCon 2004 include: PGP Universal - Automatic, transparent email encryption with zero clicks Osiris -A free Host Integrity Monitor designed for large scale server deployments that require auditable security Tor - Second-generation Onion Routing: a TCP-based anonymizing overlay network Vesta - An advanced software configuration management system that handles both versioning source files and building PETmail - Permission-based anti-spam replacement for SMTP FunFS - Fast User Network File System - An advanced network file system designed as a successor for NFS Codeville - Distributed version control system Audacity - A cross-platform multi-track audio editor The third annual CodeCon takes place February 20 - 22, noon - 6pm, at Club NV (525 Howard Street) in San Francisco. CodeCon registration is $95; a $20 discount is available for attendees who register online prior to February 1, 2004. http://www.codecon.org/2004/registration.html
CodeCon program announced, early registration deadline nearing
The program for CodeCon 2004 has been announced. http://www.codecon.org/2004/program.html CodeCon is the premier showcase of active hacker projects. It is a workshop for developers of real-world applications with working code and active development projects. All presentations will given by one of the active developers, and accompanied by a functional demo. Highlights of CodeCon 2004 include: PGP Universal - Automatic, transparent email encryption with zero clicks Osiris -A free Host Integrity Monitor designed for large scale server deployments that require auditable security Tor - Second-generation Onion Routing: a TCP-based anonymizing overlay network Vesta - An advanced software configuration management system that handles both versioning source files and building PETmail - Permission-based anti-spam replacement for SMTP FunFS - Fast User Network File System - An advanced network file system designed as a successor for NFS Codeville - Distributed version control system Audacity - A cross-platform multi-track audio editor The third annual CodeCon takes place February 20 - 22, noon - 6pm, at Club NV (525 Howard Street) in San Francisco. CodeCon registration is $95; a $20 discount is available for attendees who register online prior to February 1, 2004. http://www.codecon.org/2004/registration.html
Re: An Analysis of Compromised Remailers
On Mon, 15 Dec 2003, John Young wrote: This came in response to Cryptome's posting of Len Sassman's comments on remailers. (BTW, John -- while the threat originally started out as being about compromised remailers, my comments had little to do with that title. Perhaps remailer security would be a better index term for cryptome?) Over the past year, many remailer users have noticed that the reliability of the Mixmaster type II network has steadily degraded. Although it may well be the result of TLA interference, the remailer community's statistical methods of selecting a reliable remailer chain contribute significantly to the network's degradation. There are conflicting opinions on that statement. For instance, have a look at this threat on alt.privacy.anon-server: http://groups.google.com/groups?selm=8eb77bbdadfd2a6d1b21efabc1e1e090%40firenze.linux.itoe=UTF-8output=gplain So, on one hand we have the claim that remailer reliability is degrading because of how we select reliable remailer chains, and on the other hand there is the claim that the reliability is increasing, because TLAs are the only entities competent to run reliable remailers. (Apparently, if you believe this theory, you also believe I work for the FBI.) The facts are that the remailer network's reliability has increased over the past few years, largely due to the renewed development attention that Mixmaster has received. I ran tests in September, October November, and provided the Mixmaster developers remail operators with the same results I've included below. My testing was extremely simple: send a bunch of messages, and note which The tests below unfortunately do not provide any really useful data. What is really being tested isn't the remailer reliability, but the mail to news gateway reliability. It would be much more useful for the tester to isolate which remailer/mail2news combinations are resulting in lost news, and post that data instead. --Len.
Re: An Analysis of Compromised Remailers
On Mon, 15 Dec 2003, John Young wrote: This came in response to Cryptome's posting of Len Sassman's comments on remailers. (BTW, John -- while the threat originally started out as being about compromised remailers, my comments had little to do with that title. Perhaps remailer security would be a better index term for cryptome?) Over the past year, many remailer users have noticed that the reliability of the Mixmaster type II network has steadily degraded. Although it may well be the result of TLA interference, the remailer community's statistical methods of selecting a reliable remailer chain contribute significantly to the network's degradation. There are conflicting opinions on that statement. For instance, have a look at this threat on alt.privacy.anon-server: http://groups.google.com/groups?selm=8eb77bbdadfd2a6d1b21efabc1e1e090%40firenze.linux.itoe=UTF-8output=gplain So, on one hand we have the claim that remailer reliability is degrading because of how we select reliable remailer chains, and on the other hand there is the claim that the reliability is increasing, because TLAs are the only entities competent to run reliable remailers. (Apparently, if you believe this theory, you also believe I work for the FBI.) The facts are that the remailer network's reliability has increased over the past few years, largely due to the renewed development attention that Mixmaster has received. I ran tests in September, October November, and provided the Mixmaster developers remail operators with the same results I've included below. My testing was extremely simple: send a bunch of messages, and note which The tests below unfortunately do not provide any really useful data. What is really being tested isn't the remailer reliability, but the mail to news gateway reliability. It would be much more useful for the tester to isolate which remailer/mail2news combinations are resulting in lost news, and post that data instead. --Len.
Re: Compromised Remailers
On Sun, 14 Dec 2003, Tim May wrote: I haven't carefully looked at the current source code (if it's available) for things like Type II Mixmaster remailers, things which offer reply-blocks. Yes, it is available. You can download it via ftp from mixmaster.anonymizer.com, or view the SVN tree at https://source.mixmaster.anonymizer.com/ (We believe that keeping the source tree and commit list open is important, as it should help prevent a situation like that which happened to JAP not too long ago. Changes to the code should all be made in public.) Also it's important to note that Type II does not support reply blocks, while Type I remailers do. (Perhaps the first cut of Cypherpunk remailers, i.e. those running Hal's scripts did not, but the Cypherpunk nym servers that use reply blocks are built on top of Type I.) Certainly for the canonical Cypherpunks remailer, the store-and-forward-after-mixing remailer, the fact that the nested encryption is GENERATED BY THE ORIGINATOR means that interception is useless to a TLA. The most a TLA can do is to a) not forward as planned, resulting in a dropped message, or b) see where a particular collection of random-looking (because of encryption) bits came from and where they are intended to next go. For most TLS adversaries that may be correct. However, there are a number of subtle attacks on Chaum systems that Type I is susceptible to -- tagging and timing attacks in particular, as well as replay attacks, and various other attacks which all strive to narrow the anonymity set. In particular, a TLA or interceptor or corrupted or threatened remailer operator CANNOT insert new text or new delivery instructions into packets received by his node BECAUSE HE CANNOT OPEN ANY PAYLOAD ENCRYPTED TO THE NEXT NODE. Anything he adds to the payload bits (which he can see of course, though not decrypt or make sense of) will of course make the next node see only garbage when he tries to decrypt the payload. Ideally. There are ways to flip bits in PGP encrypted messages which will not result in a failed decryption, however. (The property you describe is essential for protecting against tagging attacks. Type II does better than PGP-based systems, but is still not as good at this as Type III. The Mixminion design paper covers these concerns in detail: http://mixminion.net/minion-design.pdf This process continues, in a recursive fashion. Now of course there are some boundary conditions. If every remailer is compromised, then complete visibility is ensured. The sender and receiver are in a fishbowl, a panopticon, with everything visible to the TLA or attackers. And if even a fraction of the remailers are compromised, then with collusion they can map inputs to outputs, in many cases. (How many they can and how many they can't are issues of statistics and suchlike.) Right. The claim that there only needs to be one trustworthy remailer in a chain fails to recognize the power of statistical analysis of a network's traffic. Certainly, having k number of remailers in a network under your control makes such analysis easier. Another boundary condition is when a remailer network is lightly used, or when correlations between sent messages, received messages, and actions take place. A signal recovery problem, perhaps akin to some military sorts of problems. Yes. And as you look at this problem more closely (as I have been doing ever since our conversation about this problem at the Cypherpunks meeting in Santa Cruz a while back), the solutions become more elusive. The big problems arise when the adversary has the ability to observe messages in the network over time. Partitioning attacks and long-term intersection attacks likely mean that the original Cypherpunk remailer system is transparent to any entity which is able to view the traffic on the entire network. (The attacks are passive, though they can be optimized with some active interference.) Big weak spots: client version information, statistics distribution, and key rotation. In a system like Type I which relies on an external program for the layered crypto, information about the user's software distinguishes him from other users. Likewise, a user's choice of remailer nodes in a selected chain may vary based on which pinger service he is using, and whether he has updated his remailer keys after the remailer has gone through a key rotation also gives away valuable information. These and other distinguishing factors allow an attacker to partition the main anonymity set into smaller sets. Over time, the attacker may be able to plot the intersection of these sets such that he is able to identify a given user based on his usage patterns and the information he is leaking. Type III goes a long way to address many of these, but still falls short of perfect. The particularly troubling issue at the moment is how to distribute information about the reliability (as well as key information) of remailers in the network
Major German Anonymity Service compromised
A number of cypherpunks have asked me about the current JAP situation. Here's the scoop, as I know it. (I've sent mail to some of the Dresden folks, but haven't heard back yet.) This thread on Usenet contains the pertinent information: http://groups.google.com/groups?selm=f938f87a44e64d6776c635b979aa1c48%40remailer.frell.eu.orgoe=UTF-8output=gplain The Java Anonymous Proxy is a real-time web mix system, (originally) designed to provide web browsing anonymity that couldn't be undermined by any one proxy operator. Well, no more. The JAP authors silently introduced a back-channel intended to compromise anonymity of users accessing certain sites, under the guise of an obligatory update. They claim 30,000 total users. That's a large amount of people who are being lied to about their anonymity. (The JAP website, as of this morning, was still stating: Since many users use these intermediaries at the same time, the internet connection of any one single user is hidden among the connections of all the other users. No one, not anyone from outside, not any of the other users, not even the provider of the intermediary service can determine which connection belongs to which user. Which would be true if not for the backchannel.) JAP's webpage: http://anon.inf.tu-dresden.de/index_en.html The JAP operators justify their actions (which were taken to comply with German law) by stating that their alternative was to shut the system down. There are a number of problems with this, the first being that anonymity systems which are contingent upon selective government approval for anonymity are ill-suited to a global Internet environment: What makes a court order from Germany, or England, or the US any more valid than a court order from another net-connected UN member, like China, or France? If we believe privacy and anonymity to be human rights, then we cannot build these sort of backdoors into the system and expect them not to be abused. Compare the JAP operator's actions with those of Julf Helsingius, operator of anon.penet.fi (the famous anonymous remailer/pseudonym server): http://www.penet.fi/press-english.html Julf closed down his system, which was inherently vulnerable to subpoena attacks since it stored nym to user mapping information, when he realized he could be forced to reveal any user's identity by almost any entity willing to abuse the global legal systems. Time has shown that was the right choice. Cypherpunk and Mixmaster remailers, already developed and deployed by this time, rose up in penet's place, and at this point it would be impossible for anyone to effectively compromise a user's identity via court order. (There are Mixmaster nodes operating in almost a dozen countries, and the system is truly designed to defeat rogue operators.) With the next-generation of remailers on the horizon (Mixminion and Mixmaster 4.0), ease of use should near that of Penet. Unfortunately, these are email solutions, and don't address the web browsing issue that JAP attempted to solve. Bad anonymity systems are worse than no anonymity systems. JAP has become a bad anonymity system -- mainly because it represents itself as being far stronger and more secure than it is. I am unclear on the JAP source code license. Perhaps it is possible to restore the code to the uncompromised version, and erect a parallel, trusted JAP network -- though the damage to its reputation is certainly severe. This goes to demonstrate again that crypto isn't the only consideration in an anonymity system: Anonymizer, for instance, is still a better choice for web anonymity than JAP, even though JAP offered mixing and independent operators. An anonymity provider should never represent itself as offering a greater level of protection than is actually offered -- which is the worst thing that the JAP team did (and is still doing.) --Len.
Re: IDEA
On Sat, 22 Mar 2003, Eric Murray wrote: Looking for libcrypto.a... Found at /usr/local/ssl/lib/libcrypto.a. ./Install: [: 90701f: integer expression expected I think that line means that mixmaster's install script isn't properly identifying the version of Openssl. If it were me, I'd fix the Mixmaster install script. It's been a while since I really worked on the Install script -- Mixmaster 3.0 doesn't use it -- but this looks to be to be a bug that existed and was fixed sometime around a year ago. What version of Mixmaster are you using? Please use the release version -- 2.9.0. BTW, if you will be posting Mixmaster messages to the cpunks list, could you fix it so it uses an informative Subject: line instead of Mixmaster Type III Message? Those messages are from people testing the Mixminion software. Mixminion isn't ready for actual use yet. It is my understanding that the user has no control over the subject line in the current Mixminion system though -- the servers remove it. I think this will be changed before the final release. Mixmaster 4.0 (which will interoperate with Mixminion) will place no restrictions on user's Subject lines. --Len.
Re: IDEA
On Sat, 22 Mar 2003, Eric Murray wrote: Looking for libcrypto.a... Found at /usr/local/ssl/lib/libcrypto.a. ./Install: [: 90701f: integer expression expected I think that line means that mixmaster's install script isn't properly identifying the version of Openssl. If it were me, I'd fix the Mixmaster install script. It's been a while since I really worked on the Install script -- Mixmaster 3.0 doesn't use it -- but this looks to be to be a bug that existed and was fixed sometime around a year ago. What version of Mixmaster are you using? Please use the release version -- 2.9.0. BTW, if you will be posting Mixmaster messages to the cpunks list, could you fix it so it uses an informative Subject: line instead of Mixmaster Type III Message? Those messages are from people testing the Mixminion software. Mixminion isn't ready for actual use yet. It is my understanding that the user has no control over the subject line in the current Mixminion system though -- the servers remove it. I think this will be changed before the final release. Mixmaster 4.0 (which will interoperate with Mixminion) will place no restrictions on user's Subject lines. --Len.
Obituary for Janis Jagars (Disastry)
Janis Jagars, known to many people on the Internet by his handle Disastry, was a prolific programmer who made numerous valuable contributions to the Internet. I am afraid I cannot do his memory justice, having known him only a short number of years and only through his work on privacy enhancing programs, but he earned my respect and appreciation for his achievements in that area. I first met Janis Jagars while I was employed by PGP Security. In preparation for the release of PGP 7, I located and contacted the people responsible for other implementations of OpenPGP, in order to set up interop testing. Janis was working on updating the DOS-aware PGP 2.6.3i program to work with modern implementations of PGP. His work on that program, and his presence in the IETF OpenPGP working group, helped to smooth over a number of PGP compatibility problems. On the PGP newsgroups and mailing lists, Janis helped many new PGP users get started using email encryption, and tirelessly answered support questions for privacy-related programs. To my knowledge, Janis operated the only anonymous remailer to exist in Latvia. Janis was, by the original definition, a true Cypherpunk. He believed that privacy was a right that must not be denied to Internet users, and he wrote code to help ensure that it could not be. When he needed a way to easily send encrypted email through Netscape, he wrote a plugin. When he wanted a way to mount PGPdisk volumes under Linux, he wrote a conversion tool. When Windows users wanted a pre-compiled version GnuPG, Janis gave them one. Janis understood that the fight for Internet privacy must take place at the hands of programmers, and he rose to the challenge of bring useful privacy-enhancing programs into existence, and into the hands of the public. Immediately after the terrorist attacks in September, 2001, I took over maintenance of the Mixmaster anonymous remailer project. Mixmaster had been unmaintained for over a year, and needed serious work. I was delighted when I received email from Janis, offering his help. Over the next year, entirely of his own initiative, Janis ported Mixmaster's server functionality to Windows, brought Mixmaster's OpenPGP support from an unstable alpha state to a solid, usable feature set, and established himself as an invaluable member of the Mixmaster development team. The upcoming Mixmaster 3.0 release features a number of crucial improvements which would not have happened had it not been for Janis's involvement. My last communication with Janis was on October 11th of last year. He had planned a vacation in Nepal, and expected to return a month later. When he did not return, we feared the worst. Sadly, it turns out that our fears were true: On October 31, while descending from Lobuche summit, Janis fell 250m, and did not survive. I am dedicating this year's CodeCon conference to Janis's memory. Janis will be missed, but his contributions will still be appreciated and utilized. It is my hope that Janis's work will serve as an example for other like-minded programmers, who chose to give their time and code in the name of free speech and privacy. Len Sassaman 13 February 2003 San Francisco, CA -- Janis's home page may be viewed here: http://web.archive.org/web/20010927055328/disastry.dhs.org/ News of his accident can be found here: http://www.vertikalex.lv/minisurvey/Discussion/ShowMessage.asp?ID=4703
Obituary for Janis Jagars (Disastry)
Janis Jagars, known to many people on the Internet by his handle Disastry, was a prolific programmer who made numerous valuable contributions to the Internet. I am afraid I cannot do his memory justice, having known him only a short number of years and only through his work on privacy enhancing programs, but he earned my respect and appreciation for his achievements in that area. I first met Janis Jagars while I was employed by PGP Security. In preparation for the release of PGP 7, I located and contacted the people responsible for other implementations of OpenPGP, in order to set up interop testing. Janis was working on updating the DOS-aware PGP 2.6.3i program to work with modern implementations of PGP. His work on that program, and his presence in the IETF OpenPGP working group, helped to smooth over a number of PGP compatibility problems. On the PGP newsgroups and mailing lists, Janis helped many new PGP users get started using email encryption, and tirelessly answered support questions for privacy-related programs. To my knowledge, Janis operated the only anonymous remailer to exist in Latvia. Janis was, by the original definition, a true Cypherpunk. He believed that privacy was a right that must not be denied to Internet users, and he wrote code to help ensure that it could not be. When he needed a way to easily send encrypted email through Netscape, he wrote a plugin. When he wanted a way to mount PGPdisk volumes under Linux, he wrote a conversion tool. When Windows users wanted a pre-compiled version GnuPG, Janis gave them one. Janis understood that the fight for Internet privacy must take place at the hands of programmers, and he rose to the challenge of bring useful privacy-enhancing programs into existence, and into the hands of the public. Immediately after the terrorist attacks in September, 2001, I took over maintenance of the Mixmaster anonymous remailer project. Mixmaster had been unmaintained for over a year, and needed serious work. I was delighted when I received email from Janis, offering his help. Over the next year, entirely of his own initiative, Janis ported Mixmaster's server functionality to Windows, brought Mixmaster's OpenPGP support from an unstable alpha state to a solid, usable feature set, and established himself as an invaluable member of the Mixmaster development team. The upcoming Mixmaster 3.0 release features a number of crucial improvements which would not have happened had it not been for Janis's involvement. My last communication with Janis was on October 11th of last year. He had planned a vacation in Nepal, and expected to return a month later. When he did not return, we feared the worst. Sadly, it turns out that our fears were true: On October 31, while descending from Lobuche summit, Janis fell 250m, and did not survive. I am dedicating this year's CodeCon conference to Janis's memory. Janis will be missed, but his contributions will still be appreciated and utilized. It is my hope that Janis's work will serve as an example for other like-minded programmers, who chose to give their time and code in the name of free speech and privacy. Len Sassaman 13 February 2003 San Francisco, CA -- Janis's home page may be viewed here: http://web.archive.org/web/20010927055328/disastry.dhs.org/ News of his accident can be found here: http://www.vertikalex.lv/minisurvey/Discussion/ShowMessage.asp?ID=4703
CodeCon Registration Deadline Approaching
CodeCon is fast approaching, and there are only three days left to register online for CodeCon at the reduced rate. CodeCon 2.0 is the premier event in 2003 for the P2P, Cypherpunk, and network/security application developer community. It is a workshop for developers of real-world applications with working code and active development projects. Last year, presentations at CodeCon included the Peek-A-Booty anti-censorship application, the Invisible IRC Project, the CryptoMail web-based email encryption project, and the file-distribution application BitTorrent. Some of this year's highlights include Mixminion, a next-generation anonymous remailer; Alluvium, Internet Radio software exempt from current RIAA webcasting royalties; and GNU Radio, an open source software defined radio application. CodeCon registration is $95; a $15 discount is available for attendees who register online prior to February 15th. CodeCon 2.0 will be held February 22-24, noon-6pm, at Club NV (525 Howard Street) in San Francisco. For more information, please visit http://www.codecon.info.
CodeCon Registration Deadline Approaching
CodeCon is fast approaching, and there are only three days left to register online for CodeCon at the reduced rate. CodeCon 2.0 is the premier event in 2003 for the P2P, Cypherpunk, and network/security application developer community. It is a workshop for developers of real-world applications with working code and active development projects. Last year, presentations at CodeCon included the Peek-A-Booty anti-censorship application, the Invisible IRC Project, the CryptoMail web-based email encryption project, and the file-distribution application BitTorrent. Some of this year's highlights include Mixminion, a next-generation anonymous remailer; Alluvium, Internet Radio software exempt from current RIAA webcasting royalties; and GNU Radio, an open source software defined radio application. CodeCon registration is $95; a $15 discount is available for attendees who register online prior to February 15th. CodeCon 2.0 will be held February 22-24, noon-6pm, at Club NV (525 Howard Street) in San Francisco. For more information, please visit http://www.codecon.info.
CodeCon presentations announced and registration open
CodeCon 2.0 is the premier event in 2003 for the P2P, Cypherpunk, and network/security application developer community. It is a workshop for developers of real-world applications with working code and active development projects. CodeCon registration is $95; a $15 discount is available for attendees who register online prior to February 15th. CodeCon 2.0 will be held February 22-24, noon-6pm, at Club NV (525 Howard Street) in San Francisco. http://www.codecon.info Presentations will include: * Advogato - Good metadata, even when under attack, based on a trust metric * Alluvium - p2p media streaming for low-bandwidth broadcasters * Bayonne - Telephony application services for freely licensed operating systems * Cryptopy - pure Python crypto * DeepGreen - Agent Oriented investment analysis designed to be self-funding * GNU radio - Hacking the RF Spectrum with Free Software and Hardware * HOTorNOT - A working example of well-designed website user interface * Hydan - Steganographically conceal a message into an executable application * Khashmir - A distributed hash table library upon which applications can be built * Mixminion - A next-generation anonymous remailer * Neurogrid - Decentralized Fuzzy Meta-Data Search * OpenRatings - An open source professor ratings engine * Paketto Keiretsu - Interesting and Useful Techniques for TCP/IP Networking * YouServ - A communal web-hosting system for the masses * A panel on future directions in version control
CodeCon presentations announced and registration open
CodeCon 2.0 is the premier event in 2003 for the P2P, Cypherpunk, and network/security application developer community. It is a workshop for developers of real-world applications with working code and active development projects. CodeCon registration is $95; a $15 discount is available for attendees who register online prior to February 15th. CodeCon 2.0 will be held February 22-24, noon-6pm, at Club NV (525 Howard Street) in San Francisco. http://www.codecon.info Presentations will include: * Advogato - Good metadata, even when under attack, based on a trust metric * Alluvium - p2p media streaming for low-bandwidth broadcasters * Bayonne - Telephony application services for freely licensed operating systems * Cryptopy - pure Python crypto * DeepGreen - Agent Oriented investment analysis designed to be self-funding * GNU radio - Hacking the RF Spectrum with Free Software and Hardware * HOTorNOT - A working example of well-designed website user interface * Hydan - Steganographically conceal a message into an executable application * Khashmir - A distributed hash table library upon which applications can be built * Mixminion - A next-generation anonymous remailer * Neurogrid - Decentralized Fuzzy Meta-Data Search * OpenRatings - An open source professor ratings engine * Paketto Keiretsu - Interesting and Useful Techniques for TCP/IP Networking * YouServ - A communal web-hosting system for the masses * A panel on future directions in version control
Re: Question on Mixmaster
On Mon, 13 Jan 2003, James A. Donald wrote: -- On 12 Jan 2003 at 20:12, Kevin S. Van Horn wrote: I've known about Mixmaster for years, but only just now finally downloaded and installed it (Mixmaster 2.9.0). Does anyone know where I can find documentation on how to actually use it? It is intolerably painful to use Mixmaster by hand. The ncurses interface is pretty simple and self-explainatory. I'll agree that it isn't nearly as full-featured as an email client, and using QuickSilver or Mutt as a wrapper to it may be more desirable, but I don't find it intolerably painful. I may be biased, however, and would certainly appreciate feedback. Download quicksilver, which is a wrapper around Mixmaster. http://quicksilver.skuz.net/
Re: Question on Mixmaster
On Sun, 12 Jan 2003, Kevin S. Van Horn wrote: I've known about Mixmaster for years, but only just now finally downloaded and installed it (Mixmaster 2.9.0). Does anyone know where I can find documentation on how to actually use it? The distribution (from Sourceforge) contains no documentation whatsoever beyond a *very* terse man page that has no information at all on the interactive interface, and only has one-line summaries of each command-line option. We know the documentation is lacking. Alex is working on a user-guide for Mixmaster, which should accompany Mixmaster 3.0. In the mean time, there is the README file, which should be enough to get you started; the Remailer FAQ[1], which is also a work-in-progress, but helpful to new remops; and the [EMAIL PROTECTED] and [EMAIL PROTECTED] lists, where users and remops (respectively) can ask for help. Mixmaster 2.9.0's ncurses interface is pretty simplistic. It lets you create mail, address it, select a chain of remailers to send mail through, etc. Is there something in particular that you are having trouble with? If so, please ask on [EMAIL PROTECTED], and someone will certainly help you. --Len. [1] http://mixmaster.sourceforge.net/faq.shtml
Mixmaster 2.9.0 released.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings, On behalf of the Mixmaster development team, I am pleased to announce the availability of Mixmaster 2.9.0. Information on Mixmaster is available at http://mixmaster.sf.net. Mixmaster can be downloaded from ftp://mixmaster.anonymizer.com or from SourceForge. Merry Christmas! - --Len. -BEGIN PGP SIGNATURE- Comment: OpenPGP Encrypted Email Preferred. iQIVAwUBPgl28koKgUld5ID8AQJU/w//U5OjlaMcZphfK0lYi7M/Q95Lysy9iNaL rTD44fGj6i0QvkSyMsjyi536refEn5dokwWqAwBdeX/9q2sJwSMq1G7U1zVMosn4 aGq1Gg9j70m6B4MuLIxMl+jHBpbSoZZWLbpv3Bll1EVn6J09++C2br0psyDPxxLh ntZoWpgpgYbtYPQRKJP/noKrQj4NGfW2o/wdItYKre5nESL/hWEF4N4u9MyKZCi8 CnDJ4Z6GfDOIAFgzRlVGytogUbHkNC78c/zDyHKnX6aVuzY/hatqvAJiKuDg8dJo Hprajty2TiE3dKnOiXY8T2bG1BNDHAtbOF9BYMBucWc03EUtM/lXUndzkY8ulKis 5hYnjk7jA/HtrgWuth70cucjYdze3PJ5dsmjrZRAwH9+1QCs3cuKihQXGGBCNzbL YzFUuzBIxjh9Qt9D2o6jO43pPTpWOb3SpRUx1GgjXQ6f0ndrfIlDErmCFHDuMUo6 i+D8GdJ8gqXXom3dCAGSGeWXMaadixM+m1DAeA6FmQ2tFPQ9ntpeDjzJPU8kquLf I1unsJtQQpiCxr9Cm5Sd/FpF0JlXmTKfzS5R/m1sQauMzzld/rARKfbB01lvLp0T ST73Et2K06kXgpTwryzWobopits3hffBzkr9jD3tBwYTUToSTXxjA3ZXiGTy2FcB wM0iZQ8bqc8= =EDLz -END PGP SIGNATURE-
Re: What email encryption is actually in use?
On Sat, 2 Nov 2002, Tim May wrote: PK crypto has made a lot of things a lot easier, but expecting it all to work with a click of a button is naive. Of course, most of us don't actually have secrets which make protocols and efforts justifiable. There's the rub. I expect it to work with the click of a button. If our goal is that crypto not be simply something for the members of the cypherpunk crypto hackers club, and instead be a tool for the masses, used for the protection of information that they deem to be private (regardless of how important a secret it may be), then crypto applications *must* be as easy to use as AOL. Sacrificing the level of security provided is a reasonable option. If crypto apps are too hard to use, they provide no security, since they are not used. If there is no way to provide military-strength crypto in a one-click solution, then so be it. Does the average user need military-grade solutions to hide whatever secrets he may have? If ease of use isn't your concern, if foreign governments are your threats, if your budget allows for specially trained crypto operators, by all means -- deploy the ultra-secure and difficult to use cryptosystems. What's naive is trying to ram such products down the public's collective throat. Cryptographic solutions are not of all or nothing strength. I don't know why UI hasn't been the foremost priority of crypto vendors all along... --Len.
Re: What email encryption is actually in use?
On Sat, 2 Nov 2002, Tim May wrote: PK crypto has made a lot of things a lot easier, but expecting it all to work with a click of a button is naive. Of course, most of us don't actually have secrets which make protocols and efforts justifiable. There's the rub. I expect it to work with the click of a button. If our goal is that crypto not be simply something for the members of the cypherpunk crypto hackers club, and instead be a tool for the masses, used for the protection of information that they deem to be private (regardless of how important a secret it may be), then crypto applications *must* be as easy to use as AOL. Sacrificing the level of security provided is a reasonable option. If crypto apps are too hard to use, they provide no security, since they are not used. If there is no way to provide military-strength crypto in a one-click solution, then so be it. Does the average user need military-grade solutions to hide whatever secrets he may have? If ease of use isn't your concern, if foreign governments are your threats, if your budget allows for specially trained crypto operators, by all means -- deploy the ultra-secure and difficult to use cryptosystems. What's naive is trying to ram such products down the public's collective throat. Cryptographic solutions are not of all or nothing strength. I don't know why UI hasn't been the foremost priority of crypto vendors all along... --Len.
Mixmaster 2.9b40 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, The Mixmaster development team is pleased to announce the release of Mixmaster 2.9b40. This release is expected to become Mixmaster 2.9rc1. We believe this to be the most stable release of Mixmaster 2.9-beta to date. Further development on Mixmaster 2.9.0 is frozen. Unless there are major client security issues or server security or reliability issues discovered in this release, we will proceed with the release process for Mixmaster 2.9. If you discover any issues that need to be addressed before the rc releases, please report them either via the SourceForge bug tracker, or on the mixmaster-devel mailing list. Source files are available at http://www.sf.net/projects/mixmaster and ftp://mixmaster.anonymizer.com. Development on Mixmaster 3.0 is ongoing. Thanks to everyone who has contributed to this project! - --Len. -BEGIN PGP SIGNATURE- Comment: OpenPGP Encrypted Email Preferred. iQIVAwUBPa3BCkoKgUld5ID8AQKOww/9HhEKPyShTuXraiBev5awCFIJJI8BPlwP m3HM9lS7YM4dqJND905MycTEg73ljJrVJ9NsszbBVosa5p0YRWnA+edR50PqRDhU ENWj59R+Cj+/yBHXZ0JRY2twrIXCxti2/7CsjMyQAuo7MPrZ4LuRG6MLFXZvPrCz QQVhYO0QARY9HI2xFWNI9UBfsJvS4Zv0gEucV49DMDjkFSDoSETxBY8cZ+VzmVRx vorwZKdQix4T+JVD8ynkUnhYLq/nw/ny0QhuIrhzgl9rDBUAhq2TsxdHehJuyKrL Aj7AP0UhbxikqnCW7XK6VwaZLOCBEkQkjcjVr4GcoM233KLgAKRdXELewMBFq+ir 4c6KdQleuoIBtFhGQQohC4iHGfbc3S9rIgF6MuiqSr6vWcAaKm4dhzv0vAytL+Yl +Rp3L50mFks2CDN7z0h/6UJmLfkgocXM2O6xHa7hd3EvbT0Lmh5L/0d+1GMmSdwL mTOjIbq1jBIwWjYlGmplyfkUCLGp9Dlv+7WRO0ginL3uYVxdTBKvjzQyZOOV8ZoQ VdENZCAw3ZwFu7Vy6ZufKnUPwDs2Iq5xyXEDHVkwHuxUEz9T4PuPDMewTv0h8/qQ Axjr6bIq5smxK2pXMkplKgWrkzHAkHZ7Qpw5Im8VCDfz6gsgaRhFnqGvhzHNcxBt MpOjZZiPOvQ= =kY0/ -END PGP SIGNATURE-
Mixmaster 2.9b40 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, The Mixmaster development team is pleased to announce the release of Mixmaster 2.9b40. This release is expected to become Mixmaster 2.9rc1. We believe this to be the most stable release of Mixmaster 2.9-beta to date. Further development on Mixmaster 2.9.0 is frozen. Unless there are major client security issues or server security or reliability issues discovered in this release, we will proceed with the release process for Mixmaster 2.9. If you discover any issues that need to be addressed before the rc releases, please report them either via the SourceForge bug tracker, or on the mixmaster-devel mailing list. Source files are available at http://www.sf.net/projects/mixmaster and ftp://mixmaster.anonymizer.com. Development on Mixmaster 3.0 is ongoing. Thanks to everyone who has contributed to this project! - --Len. -BEGIN PGP SIGNATURE- Comment: OpenPGP Encrypted Email Preferred. iQIVAwUBPa3BCkoKgUld5ID8AQKOww/9HhEKPyShTuXraiBev5awCFIJJI8BPlwP m3HM9lS7YM4dqJND905MycTEg73ljJrVJ9NsszbBVosa5p0YRWnA+edR50PqRDhU ENWj59R+Cj+/yBHXZ0JRY2twrIXCxti2/7CsjMyQAuo7MPrZ4LuRG6MLFXZvPrCz QQVhYO0QARY9HI2xFWNI9UBfsJvS4Zv0gEucV49DMDjkFSDoSETxBY8cZ+VzmVRx vorwZKdQix4T+JVD8ynkUnhYLq/nw/ny0QhuIrhzgl9rDBUAhq2TsxdHehJuyKrL Aj7AP0UhbxikqnCW7XK6VwaZLOCBEkQkjcjVr4GcoM233KLgAKRdXELewMBFq+ir 4c6KdQleuoIBtFhGQQohC4iHGfbc3S9rIgF6MuiqSr6vWcAaKm4dhzv0vAytL+Yl +Rp3L50mFks2CDN7z0h/6UJmLfkgocXM2O6xHa7hd3EvbT0Lmh5L/0d+1GMmSdwL mTOjIbq1jBIwWjYlGmplyfkUCLGp9Dlv+7WRO0ginL3uYVxdTBKvjzQyZOOV8ZoQ VdENZCAw3ZwFu7Vy6ZufKnUPwDs2Iq5xyXEDHVkwHuxUEz9T4PuPDMewTv0h8/qQ Axjr6bIq5smxK2pXMkplKgWrkzHAkHZ7Qpw5Im8VCDfz6gsgaRhFnqGvhzHNcxBt MpOjZZiPOvQ= =kY0/ -END PGP SIGNATURE-
Re: What email encryption is actually in use?
On Wed, 2 Oct 2002, Ben Laurie wrote: Adam Shostack wrote: On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote: | Lucky Green wrote: | I also agree that current MTAs' implementations of STARTTLS are only a | first step. At least in postfix, the only MTA with which I am | sufficiently familiar to form an opinion, it appears impossible to | require that certs presented by trusted parties match a particular hash | while certs presented by untrusted MTAs can present any certificate they | desire to achieve EDH-level security. | | This is probably a stupid question, but... why would you want to do this? So that your regular correspondants are authenticated, while anyone else is opportunisticly encrypted. ??? How does checking their MTA's cert authenticate them? What's wrong with PGP sigs? PGP sigs authenticate the senders of the email. MTA certs authenticate the mail servers. This would be a useful feature with regard to the current anonymous remailer network, which relies on SMTP for message transfer, for instance.
Re: Signing as one member of a set of keys
On Thu, 22 Aug 2002, Anonymous wrote: Len Sassaman has put the ringsig program up at http://www.abditum.com/~rabbi/ringsig/ [...] Second, unfortunately all of the tabs have been converted to spaces. This will prevent the sig from verifying. [...] I've put a corrected version in its place. If this still has problems, could you send me the md5sum of the correctly formatted file so that I can be sure I get it right? --Len.
Re: Signing as one member of a set of keys
On Sat, 17 Aug 2002, Anonymous wrote: *** COULD SOMEONE PLEASE FOLLOW THE STEPS ABOVE AND PUT THE ringsig.c, ringsign, ringver, AND sigring.pgp FILES ON A WEB PAGE SO THAT PEOPLE CAN DOWNLOAD THEM WITHOUT HAVING TO GO THROUGH ALL THESE STEPS? *** The files are available at: http://www.abditum.com/~rabbi/ringsig/ Also, if you'd like to send me a more detailed blurb for the webpage, I'd be happy to put it up. Otherwise, this will have to do. 9. Please report whether you were able to succeed, and if not, which step failed for you. I just ran into a bunch of errors when trying to compile with OpenSSL 0.9.7beta3. I'm debugging now... --Len.
Re: alternate dos pgp client?
On Tue, 20 Aug 2002, Anonymous wrote: This got me thinking - has anyone tried hacking mixmaster to be a pgp client? I have compiled it under DOS before, so I know that is possible. Does anyone know if mixmaster can use 'non-legacy' RSA keys? Is there any pgp functionality that it lacks? I am looking for a pgp implementation that will run on DOS, but will also be compatible with modern key types. It is possible to build a simple PGP client with the source you have -- the file pgptest.c offers that, but it's really only for debugging purposes. Run make mpgp in the Src directory to try it. A better interface to the standalone PGP functions shouldn't be hard to write. We can look into that if there is demand for it. Note that Mixmaster has no concept of the web of trust, and doesn't do keychain management. It assumes that if you are placing a key on your keyring, you've determined it is valid. That said, Mixmaster does offer all the basic OpenPGP messaging capabilities, except for verification of clear-signed messages. (This wasn't needed for any of the features Mixmaster provides, so it wasn't added.) We'll be adding this capability soon, however. (The author of the QuickSilver Windows remailer client app has requested it. QuickSilver provides PGP capabilities through the Mixmaster .dll, sans clearsig verification.) Mixmaster does support RSA v4 keys, though it doesn't have Twofish support since it links against OpenSSL for its crypto, and OpenSSL doesn't have Twofish support. If you have OpenSSL 0.9.7, Mixmaster will support AES. (Also, Mixmaster now supports use of the Modification Code Detection packet in OpenPGP messages, which is used to prevent the attack Schneier, et al. recently wrote about.) As far as DOS goes -- I honestly haven't tried compiling for DOS. It should work. Please let me know if you run into any problems. (And, as always, we're in need of developers and testers. If you're interested in working on this project, please join the development mailing list. See mixmaster.sf.net for more info.) --Len.
Re: Signing as one member of a set of keys
On Sat, 17 Aug 2002, Anonymous wrote: *** COULD SOMEONE PLEASE FOLLOW THE STEPS ABOVE AND PUT THE ringsig.c, ringsign, ringver, AND sigring.pgp FILES ON A WEB PAGE SO THAT PEOPLE CAN DOWNLOAD THEM WITHOUT HAVING TO GO THROUGH ALL THESE STEPS? *** The files are available at: http://www.abditum.com/~rabbi/ringsig/ Also, if you'd like to send me a more detailed blurb for the webpage, I'd be happy to put it up. Otherwise, this will have to do. 9. Please report whether you were able to succeed, and if not, which step failed for you. I just ran into a bunch of errors when trying to compile with OpenSSL 0.9.7beta3. I'm debugging now... --Len.
Re: Signing as one member of a set of keys
Interesting. Unless some clever at jobs were involved, this was likely not written by Ian or Ben. I can vouch that Ian was not near a computer at the time the second message (with the complete signature) was posted, and Ben was somewhere over the Atlantic in an airplane, unlikely to be reading his mail. Lance has probably been too busy with Anonymizer 2.0 to be a good choice, and I also suspect that Pr0duct Cypher is the same as one of the people in that list. I'll put my money on the author being one of the last three people in that list. Adam Back adam@cypherspaceTo: Anonymous User [EMAIL PROTECTED] .orgcc: [EMAIL PROTECTED], [EMAIL PROTECTED], Adam Back [EMAIL PROTECTED] Sent by: Subject: Re: Signing as one member of a set of keys owner-cypherpunks @lne.com 08/09/2002 12:11 PM Very nice. Nice plausible set of candidate authors also: pub 1022/5AC7B865 1992/12/01 [EMAIL PROTECTED] pub 1024/2B48F6F5 1996/04/10 Ian Goldberg [EMAIL PROTECTED] pub 1024/97558A1D 1994/01/10 Pr0duct Cypher alt.security.pgp pub 1024/2719AF35 1995/05/13 Ben Laurie [EMAIL PROTECTED] pub 1024/58214C37 1992/09/08 Hal Finney [EMAIL PROTECTED] pub 1024/C8002BD1 1997/03/04 Eric Young [EMAIL PROTECTED] pub 1024/FBBB8AB1 1994/05/07 Colin Plumb [EMAIL PROTECTED] Wonder if we can figure out who is most likely author based on coding style from such a small set. It has (8 char) TABs but other wise BSD indentation style (BSD normally 4 spaces). Also someone who likes triply indirected pointers ***blah in there. Has local variables inside even *if code blocks* eg, inside main() (most people avoid that, preferring to declare variables at the top of a function, and historically I think some older gcc / gdb couldn't debug those variables if I recall). Very funky use of goto in getpgppkt, hmmm. Somewhat concise coding and variable names. Off the cuff guess based on coding without looking at samples of code to remind, probably Colin or Ian. Of course (Lance Cottrell/Ian Goldberg/Pr0duct Cypher/Ben Laurie/Hal Finney/Eric Young/Colin Plumb) possibly deviated or mimicked one of their coding styles. Kind of interesting to see a true nym in there also. Also the Cc -- Coderpunks lives? I think the Cc coderpunks might be a clue also, I think some of these people would know it died. I think that points more at Colin. Other potential avenue might be implementation mistake leading to failure of the scheme to robustly make undecidable which of the set is the true author, given alpha code. Adam On Fri, Aug 09, 2002 at 03:52:56AM +, Anonymous User wrote: This program can be used by anonymous contributors to release partial information about their identity - they can show that they are someone from a list of PGP key holders, without revealing which member of the list they are. Maybe it can help in the recent controvery over the identity of anonymous posters. It's a fairly low-level program that should be wrapped in a nicer UI. I'll send a couple of perl scripts later that make it easier to use.
Re: Signing as one member of a set of keys
Interesting. Unless some clever at jobs were involved, this was likely not written by Ian or Ben. I can vouch that Ian was not near a computer at the time the second message (with the complete signature) was posted, and Ben was somewhere over the Atlantic in an airplane, unlikely to be reading his mail. Lance has probably been too busy with Anonymizer 2.0 to be a good choice, and I also suspect that Pr0duct Cypher is the same as one of the people in that list. I'll put my money on the author being one of the last three people in that list. Adam Back adam@cypherspaceTo: Anonymous User [EMAIL PROTECTED] .orgcc: [EMAIL PROTECTED], [EMAIL PROTECTED], Adam Back [EMAIL PROTECTED] Sent by: Subject: Re: Signing as one member of a set of keys owner-cypherpunks @lne.com 08/09/2002 12:11 PM Very nice. Nice plausible set of candidate authors also: pub 1022/5AC7B865 1992/12/01 [EMAIL PROTECTED] pub 1024/2B48F6F5 1996/04/10 Ian Goldberg [EMAIL PROTECTED] pub 1024/97558A1D 1994/01/10 Pr0duct Cypher alt.security.pgp pub 1024/2719AF35 1995/05/13 Ben Laurie [EMAIL PROTECTED] pub 1024/58214C37 1992/09/08 Hal Finney [EMAIL PROTECTED] pub 1024/C8002BD1 1997/03/04 Eric Young [EMAIL PROTECTED] pub 1024/FBBB8AB1 1994/05/07 Colin Plumb [EMAIL PROTECTED] Wonder if we can figure out who is most likely author based on coding style from such a small set. It has (8 char) TABs but other wise BSD indentation style (BSD normally 4 spaces). Also someone who likes triply indirected pointers ***blah in there. Has local variables inside even *if code blocks* eg, inside main() (most people avoid that, preferring to declare variables at the top of a function, and historically I think some older gcc / gdb couldn't debug those variables if I recall). Very funky use of goto in getpgppkt, hmmm. Somewhat concise coding and variable names. Off the cuff guess based on coding without looking at samples of code to remind, probably Colin or Ian. Of course (Lance Cottrell/Ian Goldberg/Pr0duct Cypher/Ben Laurie/Hal Finney/Eric Young/Colin Plumb) possibly deviated or mimicked one of their coding styles. Kind of interesting to see a true nym in there also. Also the Cc -- Coderpunks lives? I think the Cc coderpunks might be a clue also, I think some of these people would know it died. I think that points more at Colin. Other potential avenue might be implementation mistake leading to failure of the scheme to robustly make undecidable which of the set is the true author, given alpha code. Adam On Fri, Aug 09, 2002 at 03:52:56AM +, Anonymous User wrote: This program can be used by anonymous contributors to release partial information about their identity - they can show that they are someone from a list of PGP key holders, without revealing which member of the list they are. Maybe it can help in the recent controvery over the identity of anonymous posters. It's a fairly low-level program that should be wrapped in a nicer UI. I'll send a couple of perl scripts later that make it easier to use.
Re: Let's knock off the Reformatted repostings of junky newsarticles
On Sat, 16 Mar 2002, Nomen Nescio wrote: Rumor has it that the unemployed wizard of wordwrapping is now the lead programmer on a project to re-implement PGP using standard crypto libraries. If the earnest cluelessness he manifested on this list is any sign, we can safely predict that this project is going exactly nowhere. Uh, no. That would be the project I'm working on with Karsten *Braaten* and a number of cypherpunks. I don't think Karsten Self is a programmer. --Len.
Re: CNN.com on Remailers
On Tue, 11 Dec 2001, Tim May wrote: [The prompted a bunch of programmers to rethink comment has it all backwards. Chained remailers were deployed in 1992. The theory was known from Chaum's 1981 paper, and the flaws in the Kremvax/Kleinpaste/Julf/Penet type of approach were widely known: this was why chained remailers, in multiple jurisdictions, were deployed. Hal Finney wrote the first code for this, building on the Perl/Sendmail scripts Eric Hughes had already released.] The quoted portion is basically accurate (true to what I said), but I was talking about theoretical attacks at that point. I think I said something along the lines of: The cypherpunks developed a system based on the ideas in Chaum's 1981 paper. Penet-style remailers were potentially vulnerable to hackers and court orders, which in fact ended up being the downfall of anon.penet.fi. These problems prompted them to build better remailers. I had this post up my screen when I was talking to him: http://www.inet-one.com/cypherpunks/dir.1997.05.29-1997.06.04/msg00310.html Penet was *in operation* prior to Eric and Hal's chained remailers, right? If not, then that's my error. --Len.
Mixmaster 2.9beta31 is now available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm pleased to announce that the newest release of Mixmaster is now available for download. Notable changes since 2.9beta23 -- server functionality: o Support for multiple dest.blk files and the Remailer Abuse Blocklist. o Support for whitelisted addresses for Middleman remailers. o Support for abuse blocking by IP address o Support for Administrator key requests o Numerous bug fixes Notable changes since beta 23 -- client functionality: o Re-introduced support for the Mutt email client - -- md5sum: 22e938cad2eddcda1d4004167dc56155 mix-2.9b31.tar.gz Files can be found here: ftp://ftp.zedz.net/pub/crypto/remailer/mixmaster/mix-2.9b31.tar.gz http://www.melontraffickers.com/mixmaster/mix-2.9b31.tar.gz http://cypherpunks.havenco.com/mixmaster/mix-2.9b31.tar.gz Please report any problems to [EMAIL PROTECTED] Thanks, Len Sassaman -BEGIN PGP SIGNATURE- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE7qQWWPYrxsgmsCmoRAj5eAKCs9Oyxrarp+QiKtBTEp5jztJQcwwCeNw68 6qt3nxzVX7SALwMQmcg3m4M= =H/8I -END PGP SIGNATURE-
Cypherpunks and terrorism
On Tue, 11 Sep 2001, Nomen Nescio wrote: Today, remailer operators are shutting down their services. Why? Do they feel shame and guilt at providing a service which could foster destruction? Maybe they should have thought of that before deciding to run a remailer. Or are they merely fearful of being blamed for the attacks or their aftermath? That would be a rather cowardly action, to run a service which can cause harm but to run and hide as soon as the heat is on. (Thankfully, a number of remailer operators continue to courageously offer their services.) I don't want to get roped into a pissing contest about this, so this will probably be my only comment to this list on the matter. First, a few facts. Only two remailers have shut down: orange and cracker. And cracker's reasons didn't have to do with current events. Another two remailers, hell and randseed, have altered their mode of operation. At present, I count 32 remailers in operation. This is up from 13 when I opened my randseed last year. I expect to see at least two more remailers going online in the next few days. As for the morality of running a remailer: I highly doubt that mixmaster remailers were used, are being used, or will be used in the planning and execution of these physical terrorist attacks. Remailer operators should feel no more shame and guilt at providing a service which could foster destruction than those who build airplanes. (Particularly since airplanes, unlike remailers, were clearly used in this attack.) What I do fear is that a large load of bogus tips and impotent threats will be made. Past experience has shown me that, while the Secret Service understands how remailers function and what information their operators can and cannot provide, the FBI (at least in the Silicon Valley) lacks an understanding of this technology, and treats remailer operators themselves as suspects. I'm not in a position at present to risk imprisonment because I cannot provide the identities of people using my system. I do not think that Happy Fun Fed would be amused if I said I don't keep logs, therefore I can't tell you who A. Melon is. Yes, I understand that he confessed to the attack -- I simply can't help you. I rely on the equipment that runs the randseed remailer for multiple uses. It hosts several other websites, provides my personal mail, and hosts my website and resume -- particularly important to me, as I have been unemployed since July. I can't afford to have this server seized. I'll inevitably be accused of being cowardly or selfish for switching my system over to middleman mode. To the cypherpunks making those accusations, I ask: Do you run a remailer? The remailer network has been around a lot longer than randseed. Even if 15 remailers ceased operation because of yesterday's events, there would still be more remailers in operation than there were when I started. There really is nothing news-worthy here.
Rallies on Monday
http://www.boycottadobe.com/pages/rallies.html is now the home for the rally announcements. If you're planning on attending one, please visit this page for info. If you're holding one, please let us know so we can add it to the page. Thanks! -- Len Sassaman Security Architect| Technology Consultant | Let be be finale of seem. | http://sion.quickie.net | --Wallace Stevens
Rallies on Monday
http://www.boycottadobe.com/pages/rallies.html is now the home for the rally announcements. If you're planning on attending one, please visit this page for info. If you're holding one, please let us know so we can add it to the page. Thanks! -- Len Sassaman Security Architect| Technology Consultant | Let be be finale of seem. | http://sion.quickie.net | --Wallace Stevens
Demonstation at Adobe Monday
For those of you who aren't familiar with what's happening here, please see http://www.planetebook.com/mainpage.asp?webpageid=170 for details. -- Forwarded message -- Date: Thu, 19 Jul 2001 10:39:03 -0700 From: Don Marti [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [free-sklyarov] San Jose Monday: schedule and directions This is a summary of the plans for the demonstration at Adobe that we discussed at the meeting last night. We agreed to meet at the park and walk to Adobe together, and the snake is an obvious meeting place that is close to, but out of line of sight from, Adobe HQ. Free Dmitry March on Adobe Monday, July 23, 2001, 11AM-1PM Downtown San Jose, California, USA MEET AT THE SNAKE: We will be meeting in downtown San Jose at the snake sculpture, Quetzalcoatl, which is at the south end of Cesar de Chavez Park, at the corner of South Market St. and West San Carlos St. Cesar de Chavez Park is across San Carlos from the Hyatt St. Claire Hotel, near the San Jose Convention Center. From the snake we will walk to Adobe together. DIRECTIONS From VTA light rail: Take the Santa Teresa/Baypointe line to the Convention Center stop. Trains run approximately every 10 minutes. The convention center is on the south side of the street; walk 1/2 block east on W. San Carlos St. to the snake. From Caltrain: Transfer from Caltrain to the Santa Teresa/Baypointe light rail line at the Tamien station. VTA light rail schedules: http://www.vta.org/schedules/SC_901.html Driving: Downtown San Jose is easily accessible from US 101, Interstate 280, and California 87. See the URL below for maps and recommended routes: http://maps.yahoo.com/py/maps.py?addr=S+Market+St+and+W+San+Carlos+Stcsz=San+Jose%2C+CA Parking: An inexpensive pay parking lot is available at the San Jose Convention Center, across San Carlos from the snake sculpture. The entrance is from Almaden Blvd., one block west. Please do not park at Adobe! WHAT TO BRING Please bring a sign or a U.S. or Russian flag, and a cell phone if you have one. Keep signs simple (4 words is ideal) so that they are easy to read for people passing by. Adobe: drop the charges and Free Dmitry are examples. Free event T-shirts to the first 50 attendees. ___ free-sklyarov mailing list [EMAIL PROTECTED] http://zork.net/mailman/listinfo/free-sklyarov