CodeCon 2006 Call For Papers
CodeCon 2006 February 10-12, 2006 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presentations must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code. We hereby solicit papers and demonstrations. * Papers and proposals due: December 15, 2005 * Authors notified: January 1, 2006 Possible topics include, but are by no means restricted to: * community-based web sites - forums, weblogs, personals * development tools - languages, debuggers, version control * file sharing systems - swarming distribution, distributed search * security products - mail encryption, intrusion detection, firewalls Presentations will be 45 minutes long, with 15 minutes allocated for Q&A. Overruns will be truncated. Submission details: Submissions are being accepted immediately. Acceptance dates are November 15, and December 15. After the first acceptance date, submissions will be either accepted, rejected, or deferred to the second acceptance date. The conference language is English. Ideally, demonstrations should be usable by attendees with 802.11b connected devices either via a web interface, or locally on Windows, UNIX-like, or MacOS platforms. Cross-platform applications are most desirable. Our venue will be 21+. To submit, send mail to [EMAIL PROTECTED] including the following information: * Project name * url of project home page * tagline - one sentence or less summing up what the project does * names of presenter(s) and urls of their home pages, if they have any * one-paragraph bios of presenters, optional, under 100 words each * project history, under 150 words * what will be done in the project demo, under 200 words * slides to be shown during the presentation, if applicable * future plans General Chair: Jonathan Moore Program Chair: Len Sassaman Program Committee: * Bram Cohen, BitTorrent, USA * Jered Floyd, Permabit, USA * Ian Goldberg, Zero-Knowledge Systems, CA * Dan Kaminsky, Avaya, USA * Ben Laurie, The Bunker Secure Hosting, UK * Nick Mathewson, The Free Haven Project, USA * David Molnar, University of California, Berkeley, USA * Jonathan Moore, Mosuki, USA * Meredith L. Patterson, University of Iowa, USA * Len Sassaman, Katholieke Universiteit Leuven, BE Sponsorship: If your organization is interested in sponsoring CodeCon, we would love to hear from you. In particular, we are looking for sponsors for social meals and parties on any of the three days of the conference, as well as sponsors of the conference as a whole and donors of door prizes. If you might be interested in sponsoring any of these aspects, please contact the conference organizers at [EMAIL PROTECTED] Press policy: CodeCon provides a limited number of passes to qualifying press. Complimentary press passes will be evaluated on request. Everyone is welcome to pay the low registration fee to attend without an official press credential. Questions: If you have questions about CodeCon, or would like to contact the organizers, please mail [EMAIL PROTECTED] Please note this address is only for questions and administrative requests, and not for workshop presentation submissions.
CodeCon Reminder
e'd like to remind those of you planning to attend this year's event that CodeCon is fast approaching. CodeCon is the premier event in 2005 for application developer community. It is a workshop for developers of real-world applications with working code and active development projects. Past presentations at CodeCon have included the file distribution software BitTorrent; the Peek-A-Booty anti-censorship application; the email encryption system PGP Universal; and Audacity, a powerful audio editing tool. Some of this year's highlights include Off-The-Record Messaging, a privacy-enhancing encryption protocol for instant-message systems; SciTools, a web-based toolkit for genetic design and analysis; and Incoherence, a novel stereo sound visualization tool. CodeCon registration is discounted this year: $80 for cash at the door registrations. Registration will be available every day of the conference, though ticket are limited, and attendees are encouraged to register on the first day to secure admission. CodeCon will be held February 11-13, noon-6pm, at Club NV (525 Howard Street) in San Francisco. For more information, please visit http://www.codecon.org.
CodeCon CFP deadline nearing
CodeCon 4.0 February 11-13, 2005 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presenters must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code. We hereby solicit papers and demonstrations. * Papers and proposals due: December 15, 2004 * Authors notified: January 1, 2005 Possible topics include, but are by no means restricted to: * community-based web sites - forums, weblogs, personals * development tools - languages, debuggers, version control * file sharing systems - swarming distribution, distributed search * security products - mail encryption, intrusion detection, firewalls Presentations will be a 45 minutes long, with 15 minutes allocated for Q&A. Overruns will be truncated. Submission details: Submissions are being accepted immediately. Acceptance dates are November 15, and December 15. After the first acceptance date, submissions will be either accepted, rejected, or deferred to the second acceptance date. The conference language is English. Ideally, demonstrations should be usable by attendees with 802.11b connected devices either via a web interface, or locally on Windows, UNIX-like, or MacOS platforms. Cross-platform applications are most desirable. Our venue will be 21+. To submit, send mail to [EMAIL PROTECTED] including the following information: * Project name * url of project home page * tagline - one sentence or less summing up what the project does * names of presenter(s) and urls of their home pages, if they have any * one-paragraph bios of presenters, optional, under 100 words each * project history, under 150 words * what will be done in the project demo, under 200 words * slides to be shown during the presentation, if applicable * future plans General Chairs: Jonathan Moore, Len Sassaman Program Chair: Bram Cohen Program Committee: * Jeremy Bornstein, AtomShockwave Corp., USA * Bram Cohen, BitTorrent, USA * Jered Floyd, Permabit, USA * Ian Goldberg, Zero-Knowledge Systems, CA * Dan Kaminsky, Avaya, USA * Klaus Kursawe, Katholieke Universiteit Leuven, BE * Ben Laurie, A.L. Digital Ltd., UK * David Molnar, University of California, Berkeley, USA * Jonathan Moore, Mosuki, USA * Len Sassaman, Nomen Abditum Services, USA Sponsorship: If your organization is interested in sponsoring CodeCon, we would love to hear from you. In particular, we are looking for sponsors for social meals and parties on any of the three days of the conference, as well as sponsors of the conference as a whole and donors of door prizes. If you might be interested in sponsoring any of these aspects, please contact the conference organizers at [EMAIL PROTECTED] Press policy: CodeCon provides a limited number of passes to bona fide press. Complimentary press passes will be evaluated on request. Everyone is welcome to pay the low registration fee to attend without an official press credential. Questions: If you have questions about CodeCon, or would like to contact the organizers, please mail [EMAIL PROTECTED] Please note this address is only for questions and administrative requests, and not for workshop presentation submissions.
CodeCon 2005 Call for Papers
CodeCon 4.0 February 11-13, 2005 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presenters must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code. We hereby solicit papers and demonstrations. * Papers and proposals due: December 15, 2005 * Authors notified: January 1, 2005 Possible topics include, but are by no means restricted to: * community-based web sites - forums, weblogs, personals * development tools - languages, debuggers, version control * file sharing systems - swarming distribution, distributed search * security products - mail encryption, intrusion detection, firewalls Presentations will be a 45 minutes long, with 15 minutes allocated for Q&A. Overruns will be truncated. Submission details: Submissions are being accepted immediately. Acceptance dates are November 15, and December 15. After the first acceptance date, submissions will be either accepted, rejected, or deferred to the second acceptance date. The conference language is English. Ideally, demonstrations should be usable by attendees with 802.11b connected devices either via a web interface, or locally on Windows, UNIX-like, or MacOS platforms. Cross-platform applications are most desirable. Our venue will be 21+. To submit, send mail to [EMAIL PROTECTED] including the following information: * Project name * url of project home page * tagline - one sentence or less summing up what the project does * names of presenter(s) and urls of their home pages, if they have any * one-paragraph bios of presenters, optional, under 100 words each * project history, under 150 words * what will be done in the project demo, under 200 words * slides to be shown during the presentation, if applicable * future plans General Chairs: Jonathan Moore, Len Sassaman Program Chair: Bram Cohen Program Committee: * Jeremy Bornstein, AtomShockwave Corp., USA * Bram Cohen, BitTorrent, USA * Jered Floyd, Permabit, USA * Ian Goldberg, Zero-Knowledge Systems, CA * Dan Kaminsky, Avaya, USA * Klaus Kursawe, Katholieke Universiteit Leuven, BE * Ben Laurie, A.L. Digital Ltd., UK * David Molnar, University of California, Berkeley, USA * Jonathan Moore, Mosuki, USA * Len Sassaman, Nomen Abditum Services, USA Sponsorship: If your organization is interested in sponsoring CodeCon, we would love to hear from you. In particular, we are looking for sponsors for social meals and parties on any of the three days of the conference, as well as sponsors of the conference as a whole and donors of door prizes. If you might be interested in sponsoring any of these aspects, please contact the conference organizers at [EMAIL PROTECTED] Press policy: CodeCon provides a limited number of passes to bona fide press. Complimentary press passes will be evaluated on request. Everyone is welcome to pay the low registration fee to attend without an official press credential. Questions: If you have questions about CodeCon, or would like to contact the organizers, please mail [EMAIL PROTECTED] Please note this address is only for questions and administrative requests, and not for workshop presentation submissions.
Mixmaster 3.0b1 released
Mixmaster 3.0b1 has just been released. This release includes two year's worth of development on the Mixmaster software, numerous stability improvements, anonymity benefits, bug fixes, and feature enhancements. We would like to agressively move this out of beta into final release as quickly as possible, so we're highly encouraging users and remailer operators to send us their feedback. Mixmaster can be obtained from: https://sourceforge.net/projects/mixmaster/ The change history for this release can be viewed here: https://source.mixmaster.anonymizer.com/svn/mixmaster/branches/mixmaster_3_0b1/Mix/HISTORY Thanks, Len
Re: Call to the Usual Suspects
On Fri, 13 Feb 2004, Trei, Peter wrote: > I'll be in the SF/SJ area the week of the RSA conference. > Anyone interested in getting together for dinner one night? If you're in town the weekend before the RSA Conference, I'll be there too (CodeCon is the Friday - Sunday before RSA.) > We used to try to schedule a BA Cypherpunks Physical > Meeting to match up with the event, but the PMs seem to > have died out.
CodeCon program announced, early registration deadline nearing
The program for CodeCon 2004 has been announced. http://www.codecon.org/2004/program.html CodeCon is the premier showcase of active hacker projects. It is a workshop for developers of real-world applications with working code and active development projects. All presentations will given by one of the active developers, and accompanied by a functional demo. Highlights of CodeCon 2004 include: PGP Universal - Automatic, transparent email encryption with zero clicks Osiris -A free Host Integrity Monitor designed for large scale server deployments that require auditable security Tor - Second-generation Onion Routing: a TCP-based anonymizing overlay network Vesta - An advanced software configuration management system that handles both versioning source files and building PETmail - Permission-based anti-spam replacement for SMTP FunFS - Fast User Network File System - An advanced network file system designed as a successor for NFS Codeville - Distributed version control system Audacity - A cross-platform multi-track audio editor The third annual CodeCon takes place February 20 - 22, noon - 6pm, at Club NV (525 Howard Street) in San Francisco. CodeCon registration is $95; a $20 discount is available for attendees who register online prior to February 1, 2004. http://www.codecon.org/2004/registration.html
Re: An Analysis of Compromised Remailers
On Mon, 15 Dec 2003, John Young wrote: > This came in response to Cryptome's posting of Len Sassman's > comments on remailers. (BTW, John -- while the threat originally started out as being about compromised remailers, my comments had little to do with that title. Perhaps "remailer security" would be a better index term for cryptome?) > Over the past year, many remailer users have noticed that the reliability of > the Mixmaster type II network has steadily degraded. Although it may well be > the result of TLA interference, the remailer community's statistical methods > of selecting a "reliable" remailer chain contribute significantly to the > network's degradation. There are conflicting opinions on that statement. For instance, have a look at this threat on alt.privacy.anon-server: http://groups.google.com/groups?selm=8eb77bbdadfd2a6d1b21efabc1e1e090%40firenze.linux.it&oe=UTF-8&output=gplain So, on one hand we have the claim that remailer reliability is degrading because of how we select reliable remailer chains, and on the other hand there is the claim that the reliability is increasing, because TLAs are the only entities competent to run reliable remailers. (Apparently, if you believe this theory, you also believe I work for the FBI.) The facts are that the remailer network's reliability has increased over the past few years, largely due to the renewed development attention that Mixmaster has received. > I ran tests in September, October & November, and provided the Mixmaster > developers & remail operators with the same results I've included below. My > testing was extremely simple: send a bunch of messages, and note which The tests below unfortunately do not provide any really useful data. What is really being tested isn't the remailer reliability, but the "mail to news gateway" reliability. It would be much more useful for the tester to isolate which remailer/mail2news combinations are resulting in lost news, and post that data instead. --Len.
Re: IDEA
On Sat, 22 Mar 2003, Eric Murray wrote: > >Looking for libcrypto.a... > >Found at /usr/local/ssl/lib/libcrypto.a. > >./Install: [: 90701f: integer expression expected > > I think that line means that mixmaster's install script isn't > properly identifying the version of Openssl. If it were > me, I'd fix the Mixmaster install script. It's been a while since I really worked on the Install script -- Mixmaster 3.0 doesn't use it -- but this looks to be to be a bug that existed and was fixed sometime around a year ago. What version of Mixmaster are you using? Please use the release version -- 2.9.0. > BTW, if you will be posting Mixmaster messages to the cpunks > list, could you fix it so it uses an informative Subject: line > instead of "Mixmaster Type III Message"? Those messages are from people testing the Mixminion software. Mixminion isn't ready for actual use yet. It is my understanding that the user has no control over the subject line in the current Mixminion system though -- the servers remove it. I think this will be changed before the final release. Mixmaster 4.0 (which will interoperate with Mixminion) will place no restrictions on user's Subject lines. --Len.
Obituary for Janis Jagars (Disastry)
Janis Jagars, known to many people on the Internet by his handle Disastry, was a prolific programmer who made numerous valuable contributions to the Internet. I am afraid I cannot do his memory justice, having known him only a short number of years and only through his work on privacy enhancing programs, but he earned my respect and appreciation for his achievements in that area. I first "met" Janis Jagars while I was employed by PGP Security. In preparation for the release of PGP 7, I located and contacted the people responsible for other implementations of OpenPGP, in order to set up interop testing. Janis was working on updating the DOS-aware PGP 2.6.3i program to work with modern implementations of PGP. His work on that program, and his presence in the IETF OpenPGP working group, helped to smooth over a number of PGP compatibility problems. On the PGP newsgroups and mailing lists, Janis helped many new PGP users get started using email encryption, and tirelessly answered support questions for privacy-related programs. To my knowledge, Janis operated the only anonymous remailer to exist in Latvia. Janis was, by the original definition, a true Cypherpunk. He believed that privacy was a right that must not be denied to Internet users, and he wrote code to help ensure that it could not be. When he needed a way to easily send encrypted email through Netscape, he wrote a plugin. When he wanted a way to mount PGPdisk volumes under Linux, he wrote a conversion tool. When Windows users wanted a pre-compiled version GnuPG, Janis gave them one. Janis understood that the fight for Internet privacy must take place at the hands of programmers, and he rose to the challenge of bring useful privacy-enhancing programs into existence, and into the hands of the public. Immediately after the terrorist attacks in September, 2001, I took over maintenance of the Mixmaster anonymous remailer project. Mixmaster had been unmaintained for over a year, and needed serious work. I was delighted when I received email from Janis, offering his help. Over the next year, entirely of his own initiative, Janis ported Mixmaster's server functionality to Windows, brought Mixmaster's OpenPGP support from an unstable "alpha" state to a solid, usable feature set, and established himself as an invaluable member of the Mixmaster development team. The upcoming Mixmaster 3.0 release features a number of crucial improvements which would not have happened had it not been for Janis's involvement. My last communication with Janis was on October 11th of last year. He had planned a vacation in Nepal, and expected to return a month later. When he did not return, we feared the worst. Sadly, it turns out that our fears were true: On October 31, while descending from Lobuche summit, Janis fell 250m, and did not survive. I am dedicating this year's CodeCon conference to Janis's memory. Janis will be missed, but his contributions will still be appreciated and utilized. It is my hope that Janis's work will serve as an example for other like-minded programmers, who chose to give their time and code in the name of free speech and privacy. Len Sassaman 13 February 2003 San Francisco, CA -- Janis's home page may be viewed here: http://web.archive.org/web/20010927055328/disastry.dhs.org/ News of his accident can be found here: http://www.vertikalex.lv/minisurvey/Discussion/ShowMessage.asp?ID=4703
CodeCon Registration Deadline Approaching
CodeCon is fast approaching, and there are only three days left to register online for CodeCon at the reduced rate. CodeCon 2.0 is the premier event in 2003 for the P2P, Cypherpunk, and network/security application developer community. It is a workshop for developers of real-world applications with working code and active development projects. Last year, presentations at CodeCon included the Peek-A-Booty anti-censorship application, the Invisible IRC Project, the CryptoMail web-based email encryption project, and the file-distribution application BitTorrent. Some of this year's highlights include Mixminion, a next-generation anonymous remailer; Alluvium, Internet Radio software exempt from current RIAA webcasting royalties; and GNU Radio, an open source software defined radio application. CodeCon registration is $95; a $15 discount is available for attendees who register online prior to February 15th. CodeCon 2.0 will be held February 22-24, noon-6pm, at Club NV (525 Howard Street) in San Francisco. For more information, please visit http://www.codecon.info.
CodeCon presentations announced and registration open
CodeCon 2.0 is the premier event in 2003 for the P2P, Cypherpunk, and network/security application developer community. It is a workshop for developers of real-world applications with working code and active development projects. CodeCon registration is $95; a $15 discount is available for attendees who register online prior to February 15th. CodeCon 2.0 will be held February 22-24, noon-6pm, at Club NV (525 Howard Street) in San Francisco. http://www.codecon.info Presentations will include: * Advogato - Good metadata, even when under attack, based on a trust metric * Alluvium - p2p media streaming for low-bandwidth broadcasters * Bayonne - Telephony application services for freely licensed operating systems * Cryptopy - pure Python crypto * DeepGreen - Agent Oriented investment analysis designed to be self-funding * GNU radio - Hacking the RF Spectrum with Free Software and Hardware * HOTorNOT - A working example of well-designed website user interface * Hydan - Steganographically conceal a message into an executable application * Khashmir - A distributed hash table library upon which applications can be built * Mixminion - A next-generation anonymous remailer * Neurogrid - Decentralized Fuzzy Meta-Data Search * OpenRatings - An open source professor ratings engine * Paketto Keiretsu - Interesting and Useful Techniques for TCP/IP Networking * YouServ - A communal web-hosting system for the masses * A panel on future directions in version control
Mixmaster 2.9.0 released.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings, On behalf of the Mixmaster development team, I am pleased to announce the availability of Mixmaster 2.9.0. Information on Mixmaster is available at http://mixmaster.sf.net. Mixmaster can be downloaded from ftp://mixmaster.anonymizer.com or from SourceForge. Merry Christmas! - --Len. -BEGIN PGP SIGNATURE- Comment: OpenPGP Encrypted Email Preferred. iQIVAwUBPgl28koKgUld5ID8AQJU/w//U5OjlaMcZphfK0lYi7M/Q95Lysy9iNaL rTD44fGj6i0QvkSyMsjyi536refEn5dokwWqAwBdeX/9q2sJwSMq1G7U1zVMosn4 aGq1Gg9j70m6B4MuLIxMl+jHBpbSoZZWLbpv3Bll1EVn6J09++C2br0psyDPxxLh ntZoWpgpgYbtYPQRKJP/noKrQj4NGfW2o/wdItYKre5nESL/hWEF4N4u9MyKZCi8 CnDJ4Z6GfDOIAFgzRlVGytogUbHkNC78c/zDyHKnX6aVuzY/hatqvAJiKuDg8dJo Hprajty2TiE3dKnOiXY8T2bG1BNDHAtbOF9BYMBucWc03EUtM/lXUndzkY8ulKis 5hYnjk7jA/HtrgWuth70cucjYdze3PJ5dsmjrZRAwH9+1QCs3cuKihQXGGBCNzbL YzFUuzBIxjh9Qt9D2o6jO43pPTpWOb3SpRUx1GgjXQ6f0ndrfIlDErmCFHDuMUo6 i+D8GdJ8gqXXom3dCAGSGeWXMaadixM+m1DAeA6FmQ2tFPQ9ntpeDjzJPU8kquLf I1unsJtQQpiCxr9Cm5Sd/FpF0JlXmTKfzS5R/m1sQauMzzld/rARKfbB01lvLp0T ST73Et2K06kXgpTwryzWobopits3hffBzkr9jD3tBwYTUToSTXxjA3ZXiGTy2FcB wM0iZQ8bqc8= =EDLz -END PGP SIGNATURE-
Re: What email encryption is actually in use?
On Sat, 2 Nov 2002, Tim May wrote: > PK crypto has made a lot of things a lot easier, but expecting it all > to work with a click of a button is naive. Of course, most of us don't > actually have secrets which make protocols and efforts justifiable. > There's the rub. I expect it to work with the click of a button. If our goal is that crypto not be simply something for the "members of the cypherpunk crypto hackers club", and instead be a tool for the masses, used for the protection of information that they deem to be private (regardless of how "important" a secret it may be), then crypto applications *must* be as easy to use as AOL. Sacrificing the level of security provided is a reasonable option. If crypto apps are too hard to use, they provide no security, since they are not used. If there is no way to provide "military-strength" crypto in a "one-click" solution, then so be it. Does the average user need "military-grade" solutions to hide whatever secrets he may have? If ease of use isn't your concern, if foreign governments are your threats, if your budget allows for specially trained crypto operators, by all means -- deploy the ultra-secure and difficult to use cryptosystems. What's naive is trying to ram such products down the public's collective throat. Cryptographic solutions are not of "all or nothing" strength. I don't know why UI hasn't been the foremost priority of crypto vendors all along... --Len.
Mixmaster 2.9b40 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, The Mixmaster development team is pleased to announce the release of Mixmaster 2.9b40. This release is expected to become Mixmaster 2.9rc1. We believe this to be the most stable release of Mixmaster 2.9-beta to date. Further development on Mixmaster 2.9.0 is frozen. Unless there are major client security issues or server security or reliability issues discovered in this release, we will proceed with the release process for Mixmaster 2.9. If you discover any issues that need to be addressed before the rc releases, please report them either via the SourceForge bug tracker, or on the mixmaster-devel mailing list. Source files are available at http://www.sf.net/projects/mixmaster and ftp://mixmaster.anonymizer.com. Development on Mixmaster 3.0 is ongoing. Thanks to everyone who has contributed to this project! - --Len. -BEGIN PGP SIGNATURE- Comment: OpenPGP Encrypted Email Preferred. iQIVAwUBPa3BCkoKgUld5ID8AQKOww/9HhEKPyShTuXraiBev5awCFIJJI8BPlwP m3HM9lS7YM4dqJND905MycTEg73ljJrVJ9NsszbBVosa5p0YRWnA+edR50PqRDhU ENWj59R+Cj+/yBHXZ0JRY2twrIXCxti2/7CsjMyQAuo7MPrZ4LuRG6MLFXZvPrCz QQVhYO0QARY9HI2xFWNI9UBfsJvS4Zv0gEucV49DMDjkFSDoSETxBY8cZ+VzmVRx vorwZKdQix4T+JVD8ynkUnhYLq/nw/ny0QhuIrhzgl9rDBUAhq2TsxdHehJuyKrL Aj7AP0UhbxikqnCW7XK6VwaZLOCBEkQkjcjVr4GcoM233KLgAKRdXELewMBFq+ir 4c6KdQleuoIBtFhGQQohC4iHGfbc3S9rIgF6MuiqSr6vWcAaKm4dhzv0vAytL+Yl +Rp3L50mFks2CDN7z0h/6UJmLfkgocXM2O6xHa7hd3EvbT0Lmh5L/0d+1GMmSdwL mTOjIbq1jBIwWjYlGmplyfkUCLGp9Dlv+7WRO0ginL3uYVxdTBKvjzQyZOOV8ZoQ VdENZCAw3ZwFu7Vy6ZufKnUPwDs2Iq5xyXEDHVkwHuxUEz9T4PuPDMewTv0h8/qQ Axjr6bIq5smxK2pXMkplKgWrkzHAkHZ7Qpw5Im8VCDfz6gsgaRhFnqGvhzHNcxBt MpOjZZiPOvQ= =kY0/ -END PGP SIGNATURE-
Re: Signing as one member of a set of keys
On Thu, 22 Aug 2002, Anonymous wrote: > Len Sassaman has put the ringsig program up at > > http://www.abditum.com/~rabbi/ringsig/ [...] > Second, unfortunately all of the tabs have been converted to spaces. > This will prevent the sig from verifying. [...] I've put a corrected version in its place. If this still has problems, could you send me the md5sum of the correctly formatted file so that I can be sure I get it right? --Len.
Re: alternate dos pgp client?
On Tue, 20 Aug 2002, Anonymous wrote: > This got me thinking - has anyone tried hacking mixmaster to be a pgp > client? I have compiled it under DOS before, so I know that is possible. > Does anyone know if mixmaster can use 'non-legacy' RSA keys? Is there any > pgp functionality that it lacks? I am looking for a pgp implementation that > will run on DOS, but will also be compatible with modern key types. It is possible to build a simple PGP client with the source you have -- the file pgptest.c offers that, but it's really only for debugging purposes. Run "make mpgp" in the Src directory to try it. A better interface to the standalone PGP functions shouldn't be hard to write. We can look into that if there is demand for it. Note that Mixmaster has no concept of the web of trust, and doesn't do keychain management. It assumes that if you are placing a key on your keyring, you've determined it is valid. That said, Mixmaster does offer all the basic OpenPGP messaging capabilities, except for verification of clear-signed messages. (This wasn't needed for any of the features Mixmaster provides, so it wasn't added.) We'll be adding this capability soon, however. (The author of the QuickSilver Windows remailer client app has requested it. QuickSilver provides PGP capabilities through the Mixmaster .dll, sans clearsig verification.) Mixmaster does support RSA v4 keys, though it doesn't have Twofish support since it links against OpenSSL for its crypto, and OpenSSL doesn't have Twofish support. If you have OpenSSL 0.9.7, Mixmaster will support AES. (Also, Mixmaster now supports use of the Modification Code Detection packet in OpenPGP messages, which is used to prevent the attack Schneier, et al. recently wrote about.) As far as DOS goes -- I honestly haven't tried compiling for DOS. It "should" work. Please let me know if you run into any problems. (And, as always, we're in need of developers and testers. If you're interested in working on this project, please join the development mailing list. See mixmaster.sf.net for more info.) --Len.
Re: Signing as one member of a set of keys
On Sat, 17 Aug 2002, Anonymous wrote: > *** COULD SOMEONE PLEASE FOLLOW THE STEPS ABOVE AND PUT THE ringsig.c, > ringsign, ringver, AND sigring.pgp FILES ON A WEB PAGE SO THAT PEOPLE > CAN DOWNLOAD THEM WITHOUT HAVING TO GO THROUGH ALL THESE STEPS? *** The files are available at: http://www.abditum.com/~rabbi/ringsig/ Also, if you'd like to send me a more detailed blurb for the webpage, I'd be happy to put it up. Otherwise, this will have to do. > 9. Please report whether you were able to succeed, and if not, which step > failed for you. I just ran into a bunch of errors when trying to compile with OpenSSL 0.9.7beta3. I'm debugging now... --Len.
Re: Signing as one member of a set of keys
Interesting. Unless some clever at jobs were involved, this was likely not written by Ian or Ben. I can vouch that Ian was not near a computer at the time the second message (with the complete signature) was posted, and Ben was somewhere over the Atlantic in an airplane, unlikely to be reading his mail. Lance has probably been too busy with Anonymizer 2.0 to be a good choice, and I also suspect that Pr0duct Cypher is the same as one of the people in that list. I'll put my money on the author being one of the last three people in that list. Adam Back .org>cc: [EMAIL PROTECTED], [EMAIL PROTECTED], Adam Back <[EMAIL PROTECTED]> Sent by: Subject: Re: Signing as one member of a set of keys owner-cypherpunks @lne.com 08/09/2002 12:11 PM Very nice. Nice plausible set of candidate authors also: pub 1022/5AC7B865 1992/12/01 [EMAIL PROTECTED] pub 1024/2B48F6F5 1996/04/10 Ian Goldberg <[EMAIL PROTECTED]> pub 1024/97558A1D 1994/01/10 Pr0duct Cypher pub 1024/2719AF35 1995/05/13 Ben Laurie <[EMAIL PROTECTED]> pub 1024/58214C37 1992/09/08 Hal Finney <[EMAIL PROTECTED]> pub 1024/C8002BD1 1997/03/04 Eric Young <[EMAIL PROTECTED]> pub 1024/FBBB8AB1 1994/05/07 Colin Plumb <[EMAIL PROTECTED]> Wonder if we can figure out who is most likely author based on coding style from such a small set. It has (8 char) TABs but other wise BSD indentation style (BSD normally 4 spaces). Also someone who likes triply indirected pointers ***blah in there. Has local variables inside even *if code blocks* eg, inside main() (most people avoid that, preferring to declare variables at the top of a function, and historically I think some older gcc / gdb couldn't debug those variables if I recall). Very funky use of goto in getpgppkt, hmmm. Somewhat concise coding and variable names. Off the cuff guess based on coding without looking at samples of code to remind, probably Colin or Ian. Of course (Lance Cottrell/Ian Goldberg/Pr0duct Cypher/Ben Laurie/Hal Finney/Eric Young/Colin Plumb) possibly deviated or mimicked one of their coding styles. Kind of interesting to see a true nym in there also. Also the Cc -- Coderpunks lives? I think the Cc coderpunks might be a clue also, I think some of these people would know it died. I think that points more at Colin. Other potential avenue might be implementation mistake leading to failure of the scheme to robustly make undecidable which of the set is the true author, given alpha code. Adam On Fri, Aug 09, 2002 at 03:52:56AM +, Anonymous User wrote: > This program can be used by anonymous contributors to release partial > information about their identity - they can show that they are someone > from a list of PGP key holders, without revealing which member of the > list they are. Maybe it can help in the recent controvery over the > identity of anonymous posters. It's a fairly low-level program that > should be wrapped in a nicer UI. I'll send a couple of perl scripts > later that make it easier to use.
Re: Let's knock off the "Reformatted" repostings of junky newsarticles
On Sat, 16 Mar 2002, Nomen Nescio wrote: > Rumor has it that the unemployed wizard of wordwrapping is now the > lead programmer on a project to re-implement PGP using standard crypto > libraries. If the earnest cluelessness he manifested on this list is any > sign, we can safely predict that this project is going exactly nowhere. Uh, no. That would be the project I'm working on with Karsten *Braaten* and a number of cypherpunks. I don't think Karsten Self is a programmer. --Len.
Re: CNN.com on Remailers
On Tue, 11 Dec 2001, Tim May wrote: > [The "prompted a bunch of programmers to rethink" comment has it all > backwards. Chained remailers were deployed in 1992. The theory was > known from Chaum's 1981 paper, and the flaws in the > Kremvax/Kleinpaste/Julf/Penet type of approach were widely known: this > was why chained remailers, in multiple jurisdictions, were deployed. > Hal Finney wrote the first code for this, building on the > Perl/Sendmail scripts Eric Hughes had already released.] The quoted portion is basically accurate (true to what I said), but I was talking about theoretical attacks at that point. I think I said something along the lines of: "The cypherpunks developed a system based on the ideas in Chaum's 1981 paper. Penet-style remailers were potentially vulnerable to hackers and court orders, which in fact ended up being the downfall of anon.penet.fi. These problems prompted them to build better remailers." I had this post up my screen when I was talking to him: http://www.inet-one.com/cypherpunks/dir.1997.05.29-1997.06.04/msg00310.html Penet was *in operation* prior to Eric and Hal's chained remailers, right? If not, then that's my error. --Len.
Mixmaster 2.9beta31 is now available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm pleased to announce that the newest release of Mixmaster is now available for download. Notable changes since 2.9beta23 -- server functionality: o Support for multiple dest.blk files and the Remailer Abuse Blocklist. o Support for whitelisted addresses for Middleman remailers. o Support for abuse blocking by IP address o Support for "Administrator key" requests o Numerous bug fixes Notable changes since beta 23 -- client functionality: o Re-introduced support for the Mutt email client - -- md5sum: 22e938cad2eddcda1d4004167dc56155 mix-2.9b31.tar.gz Files can be found here: ftp://ftp.zedz.net/pub/crypto/remailer/mixmaster/mix-2.9b31.tar.gz http://www.melontraffickers.com/mixmaster/mix-2.9b31.tar.gz http://cypherpunks.havenco.com/mixmaster/mix-2.9b31.tar.gz Please report any problems to [EMAIL PROTECTED] Thanks, Len Sassaman -BEGIN PGP SIGNATURE- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE7qQWWPYrxsgmsCmoRAj5eAKCs9Oyxrarp+QiKtBTEp5jztJQcwwCeNw68 6qt3nxzVX7SALwMQmcg3m4M= =H/8I -END PGP SIGNATURE-
Cypherpunks and terrorism
On Tue, 11 Sep 2001, Nomen Nescio wrote: > Today, remailer operators are shutting down their services. Why? > Do they feel shame and guilt at providing a service which could foster > destruction? Maybe they should have thought of that before deciding > to run a remailer. Or are they merely fearful of being blamed for the > attacks or their aftermath? That would be a rather cowardly action, > to run a service which can cause harm but to run and hide as soon as > the heat is on. (Thankfully, a number of remailer operators continue > to courageously offer their services.) I don't want to get roped into a pissing contest about this, so this will probably be my only comment to this list on the matter. First, a few facts. Only two remailers have shut down: orange and cracker. And cracker's reasons didn't have to do with current events. Another two remailers, hell and randseed, have altered their mode of operation. At present, I count 32 remailers in operation. This is up from 13 when I opened my randseed last year. I expect to see at least two more remailers going online in the next few days. As for the morality of running a remailer: I highly doubt that mixmaster remailers were used, are being used, or will be used in the planning and execution of these physical terrorist attacks. Remailer operators should feel no more "shame and guilt at providing a service which could foster destruction" than those who build airplanes. (Particularly since airplanes, unlike remailers, were clearly used in this attack.) What I do fear is that a large load of bogus tips and impotent threats will be made. Past experience has shown me that, while the Secret Service understands how remailers function and what information their operators can and cannot provide, the FBI (at least in the Silicon Valley) lacks an understanding of this technology, and treats remailer operators themselves as suspects. I'm not in a position at present to risk imprisonment because I cannot provide the identities of people using my system. I do not think that Happy Fun Fed would be amused if I said "I don't keep logs, therefore I can't tell you who A. Melon is. Yes, I understand that he confessed to the attack -- I simply can't help you." I rely on the equipment that runs the randseed remailer for multiple uses. It hosts several other websites, provides my personal mail, and hosts my website and resume -- particularly important to me, as I have been unemployed since July. I can't afford to have this server seized. I'll inevitably be accused of being cowardly or selfish for switching my system over to middleman mode. To the cypherpunks making those accusations, I ask: Do you run a remailer? The remailer network has been around a lot longer than randseed. Even if 15 remailers ceased operation because of yesterday's events, there would still be more remailers in operation than there were when I started. There really is nothing news-worthy here.
Rallies on Monday
http://www.boycottadobe.com/pages/rallies.html is now the home for the rally announcements. If you're planning on attending one, please visit this page for info. If you're holding one, please let us know so we can add it to the page. Thanks! -- Len Sassaman Security Architect| Technology Consultant | "Let be be finale of seem." | http://sion.quickie.net | --Wallace Stevens
Rallies on Monday
http://www.boycottadobe.com/pages/rallies.html is now the home for the rally announcements. If you're planning on attending one, please visit this page for info. If you're holding one, please let us know so we can add it to the page. Thanks! -- Len Sassaman Security Architect| Technology Consultant | "Let be be finale of seem." | http://sion.quickie.net | --Wallace Stevens
Demonstation at Adobe Monday
For those of you who aren't familiar with what's happening here, please see http://www.planetebook.com/mainpage.asp?webpageid=170 for details. -- Forwarded message -- Date: Thu, 19 Jul 2001 10:39:03 -0700 From: Don Marti <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [free-sklyarov] San Jose Monday: schedule and directions This is a summary of the plans for the demonstration at Adobe that we discussed at the meeting last night. We agreed to meet at the park and walk to Adobe together, and the snake is an obvious meeting place that is close to, but out of line of sight from, Adobe HQ. Free Dmitry March on Adobe Monday, July 23, 2001, 11AM-1PM Downtown San Jose, California, USA MEET AT THE SNAKE: We will be meeting in downtown San Jose at the snake sculpture, Quetzalcoatl, which is at the south end of Cesar de Chavez Park, at the corner of South Market St. and West San Carlos St. Cesar de Chavez Park is across San Carlos from the Hyatt St. Claire Hotel, near the San Jose Convention Center. >From the snake we will walk to Adobe together. DIRECTIONS >From VTA light rail: Take the Santa Teresa/Baypointe line to the Convention Center stop. Trains run approximately every 10 minutes. The convention center is on the south side of the street; walk 1/2 block east on W. San Carlos St. to the snake. >From Caltrain: Transfer from Caltrain to the Santa Teresa/Baypointe light rail line at the Tamien station. VTA light rail schedules: http://www.vta.org/schedules/SC_901.html Driving: Downtown San Jose is easily accessible from US 101, Interstate 280, and California 87. See the URL below for maps and recommended routes: http://maps.yahoo.com/py/maps.py?addr=S+Market+St+and+W+San+Carlos+St&csz=San+Jose%2C+CA Parking: An inexpensive pay parking lot is available at the San Jose Convention Center, across San Carlos from the snake sculpture. The entrance is from Almaden Blvd., one block west. Please do not park at Adobe! WHAT TO BRING Please bring a sign or a U.S. or Russian flag, and a cell phone if you have one. Keep signs simple (4 words is ideal) so that they are easy to read for people passing by. "Adobe: drop the charges" and "Free Dmitry" are examples. Free event T-shirts to the first 50 attendees. ___ free-sklyarov mailing list [EMAIL PROTECTED] http://zork.net/mailman/listinfo/free-sklyarov
Demonstation at Adobe Monday
For those of you who aren't familiar with what's happening here, please see http://www.planetebook.com/mainpage.asp?webpageid=170 for details. -- Forwarded message -- Date: Thu, 19 Jul 2001 10:39:03 -0700 From: Don Marti <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [free-sklyarov] San Jose Monday: schedule and directions This is a summary of the plans for the demonstration at Adobe that we discussed at the meeting last night. We agreed to meet at the park and walk to Adobe together, and the snake is an obvious meeting place that is close to, but out of line of sight from, Adobe HQ. Free Dmitry March on Adobe Monday, July 23, 2001, 11AM-1PM Downtown San Jose, California, USA MEET AT THE SNAKE: We will be meeting in downtown San Jose at the snake sculpture, Quetzalcoatl, which is at the south end of Cesar de Chavez Park, at the corner of South Market St. and West San Carlos St. Cesar de Chavez Park is across San Carlos from the Hyatt St. Claire Hotel, near the San Jose Convention Center. >From the snake we will walk to Adobe together. DIRECTIONS >From VTA light rail: Take the Santa Teresa/Baypointe line to the Convention Center stop. Trains run approximately every 10 minutes. The convention center is on the south side of the street; walk 1/2 block east on W. San Carlos St. to the snake. >From Caltrain: Transfer from Caltrain to the Santa Teresa/Baypointe light rail line at the Tamien station. VTA light rail schedules: http://www.vta.org/schedules/SC_901.html Driving: Downtown San Jose is easily accessible from US 101, Interstate 280, and California 87. See the URL below for maps and recommended routes: http://maps.yahoo.com/py/maps.py?addr=S+Market+St+and+W+San+Carlos+St&csz=San+Jose%2C+CA Parking: An inexpensive pay parking lot is available at the San Jose Convention Center, across San Carlos from the snake sculpture. The entrance is from Almaden Blvd., one block west. Please do not park at Adobe! WHAT TO BRING Please bring a sign or a U.S. or Russian flag, and a cell phone if you have one. Keep signs simple (4 words is ideal) so that they are easy to read for people passing by. "Adobe: drop the charges" and "Free Dmitry" are examples. Free event T-shirts to the first 50 attendees. ___ free-sklyarov mailing list [EMAIL PROTECTED] http://zork.net/mailman/listinfo/free-sklyarov