RE: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2 002

[Trei, Peter]

> Morlock Elloi[SMTP:[EMAIL PROTECTED]]
> 
> Cellphone taped in focal point of a 18" directv dish hits cell stations 10
> miles away. With 80% signal strength.
> 
That's cute. I'll have to play with using the dishes with 802.11b sometime.

Peter Trei

Re: Vengeance Hacking the Watch List-- Monkeywrenching the Police State

[Bill Stewart]

At 11:36 PM 11/19/2002 -0800, Tim May wrote:

On Tuesday, November 19, 2002, at 11:20  PM, Tim May wrote:


* Add additional names...perhaps some in-laws, relatives, college 
friends, or colleagues of those who are responsible for this Witch Hunt. 
It may be unfortunate to implicate some "innocents," but broken eggs are 
inevitable. Ideally, guilty parties, but the names can't be too 
well-known, as this undercuts the plausibility of the document.

And I should have added the obvious: add some Arabic names that are 
relatives of actual Arabs complicit in Washington's police state 
activitiesperhaps the name of a college student son or daughter of an 
Ragheadistani assistant embassy official, that sort of thing. These names 
will blend in with the other Arabic-appearing names.

There was that ~15-year-old Kuwaiti girl who testified to Congress about how
the Iraqis were throwing babies out of incubators who later turned out to be
the daughter of the ambassador.  If you've got a little list, he surely 
belongs on it.

ACLU funds Total Awareness of State Abuse

[Major Variola (ret)]

The organization has budgeted $3.5 million for a campaign that asks
Americans
to monitor their government monitors and report abuses. It's a mirror
image to
the government's plan to empower some Americans to check on their
neighbors, under a program known as the Terrorism Information and
Prevention
System.

http://news.mysanantonio.com/story.cfm?xla=saen&xlb=190&xlc=883000

---
Wonder if this ties in with JG's Total Pointdexter Awareness program..
and the Kirkwood, WA police monitoring...

Re: Password security

[Nomen Nescio]

Martin Crandall wrote:

> I've been thinking about and investigating the issue of password
> management.  Passwords are the weak link in any computer security
> system.  The problem is that following the standard recommendations --
> choose long, random passwords, and never recycle them for use with
> multiple accounts -- quickly overloads the memory capacity of all but
> the most dedicated.  Here are some solutions that I've been

I wonder what universe you live in, Martin?  What systems allow you to
enter a pass PHRASE?  I have accounts on dozens of web sites and online
services, and all of them take only a pass WORD.  You can't use diceware
or some other system that's going to generate a 10 word sentence that
you can write down or memorize.  The systems won't accept such a long
password.

I suggest you climb out of the ivory tower and visit the real world for
a few days.  I think you'll find that there are a lot worse problems in
security than choosing and memorizing super-high-entropy pass phrases.
Security is essentially nonexistent today.

Password security

[Martin Crandall]

I've been thinking about and investigating the issue of password
management.  Passwords are the weak link in any computer security
system.  The problem is that following the standard recommendations --
choose long, random passwords, and never recycle them for use with
multiple accounts -- quickly overloads the memory capacity of all but
the most dedicated.  Here are some solutions that I've been
investigating, intended to be practical for unsophisticated computer
users.  I'd like your comments.

1. Use Diceware (www.diceware.com) to generate passphrases.  The way it
works is that you use physical randomness (rolling dice) to generate
groups of five numbers in the range 1-6.  For each group of five numbers
you then look up the corresponding word in a list of 7000+ of the
shortest English words.  Your passphrase is the sequence of words thus
generated, separated by spaces.  I have found that the passphrases
generated using this method are much easier to memorize than random
alphanumeric strings of equal entropy.  You get a shorter sequence of
symbols by choosing from a larger -- and semantically rich -- "alphabet"
(the list of 7000+ words).

2. Use something like Bruce Schneier's Password Safe (now an open source
project at http://passwordsafe.sourceforge.net) to keep track of your
passwords, so that you only absolutely, positively have to remember
one.

3. The problem now is that Password Safe only runs on the notoriously
insecure Windows operating systems.  Even if it were to be ported to
something more secure (Linux, *BSD), there are still plenty of security
bugs found every day even on these systems, and it's not inconceivable
that someone hacking into your system could catch your master password
as you type it into Password Safe.  I'm very uncomfortable with the idea
of leaving my password database on any network-connected machine.  This
leaves two possibilities:

  3a. Keep your "password database" as a handwritten list on physical
paper.  This is secure from network attacks, but physical security is
minimal.

  3b. Use a Palm OS-based PDA with PDA Defense (www.pdadefense.com)
installed to store your password database.  I'm not sure yet if you
can use that to encrypt important databases, or if it's aimed more at
securing the entire device.  If the latter, use a Palm OS port of
Password Safe (doesn't  yet exist :-( ), or use one of the encrypted
PDA password managers at Tucows.com.  Backup the encrypted password
database onto a removable expansion card, NOT on your PC.

What are your thoughts?  Am I off-base here?  Are there better
solutions I've missed?

-- Martin Crandall

CDR administrivia

[Eric Murray]

I've just been made aware of a bug in my CDR code
that causes MIME-encoded mail that uses the (rare)
Content-Type: multipart/mixed to get dropped into the bit bucket.

I'll fix it soon, but in the mean time please post in plain ASCII.
You should post in plain ascii anyhow since any MIME gets demimed
(the demime program being the problem in this case) but I know that
some mailers don't make it easy and some people post from environments
where MIME encoding is the norm and forget to switch.

Eric

Re: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2002

[Jim Choate]

On Mon, 2 Dec 2002, Peter Fairbrother wrote:

> Eugen Leitl wrote:
>
> > On Mon, 2 Dec 2002, Peter Fairbrother wrote:
> >
> >> What I don't understand is how a node knows the location of a person
> >> who moves about in the first place.
> >
> > The node spans a cell. Similiar to your cellular phone, you can link an ID
> > to a cell. Within the cell you can use relativistic ping and/or signal
> > strength (that's how mobile phone localization is done today). Since cells
> > overlap you've got a lot of constraints to get a position fix.
>
> Sure, I understand that. Maybe I wasn't clear. What I want to know is how an
> end-user can know where another end-user, who moves from cell to cell, is? A
> cellphone network uses a constantly-updated central database.
>
> What is a cell here? Is it just the nodes that one node can reach directly,
> or a geographical area? I thought a mesh wasn't structured at that level.

A cell is a AP. There are several protocols that can handle this (a couple
of them require a slight extension to their current implimentation).

Ad Hoc Networking
Perkins
ISBN 0-201-30976-9

Of course if you're using a Plan 9 based box you can create virtual hosts
in the processor cloud and work through them and all your problems are
resolved. You can even do multi-cast. As you move from AP to AP you
re-create that pipe (hopefully using cryptographically secured tools of
course) end-to-end pipe.

It's not a serious problem at all.


 --


We don't see things as they are,  [EMAIL PROTECTED]
we see them as we are.   www.ssz.com
  [EMAIL PROTECTED]
Anais Nin www.open-forge.org

Re: DBCs now issued by DMT

[R. A. Hettinga]

At 1:55 PM -0800 on 12/3/02, Steve Schear wrote:


> Digital Monetary Trust now supports Digital Bearer
> Certificates.  https://196.40.46.24/dmtext/jog/dmt_bearercert.htm Although
> the DBC are not blinded, DMT claims it maintains no client data on its
> accounts so there is a modicum of anonymity in transactions.

I suppose that if it's not blinded, or at least functionally anonymous,
like you'd get with statistically-tested streaming cash, it's not *that*
bearer, but, hey, that's just *my* opinion, right?

:-).

I would assume that anything that has accounts with client names on them is
probably not bearer, either, though Mark Twain did something quite like
that.

Which, not coincidentally, brings us back to the loading problem. Most of
us who think about these things have gotten to the point that Doug Barnes
got to with his "Mondex" talk at the FC97 rump-session: that is, you need a
popular internet payment system to collateralize/load whatever bearer
certificate you issue, and the faster that settles, the better.

We're getting there, maybe even faster than we think.

Cheers,
RAH


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Hangar 18 Weekly Social - Dec. 5

[Jim Choate]

Asymmetric Clustering...

  Distributed Name Space...

Global Sign-on...

  Guerrilla Networking...

Open Source Technology...

Do these words make your heart beat faster and your breath go shallow?
If so then perhaps you should become involved with Hangar 18. We are
a tit-for-tat group of computer hobbyist of a wide range of skills
intent on building the next computing infra-structure using Open Source
technology. We don't focus on any one form of technology but instead
focus on real world applications in grid or large scale distributed
computing.


Time:Dec. 5, 2002
 Every Thursday, excluding national holidays
 7:00 - 9:00 pm (or later)
 http://open-forge.org

Location:Buffet Palace, N. Lamar @ I-35 @ Anderson. In
 the parking lot in front of Hobby Lobby.

 The location varies from week to week so be sure
 to check with an active Hangar 18 member (or
 join the mailing list!) for more information.

Identification:  We'll be the group with the Plan 9 OS box on the
 table...;)


 --


We don't see things as they are,  [EMAIL PROTECTED]
we see them as we are.   www.ssz.com
  [EMAIL PROTECTED]
Anais Nin www.open-forge.org

Re: DBCs now issued by DMT

[R. A. Hettinga]

At 4:06 PM -0800 on 12/3/02, Somebody wrote:


> I forgot to ask:  who the hell is DMT?

Nobody I ever heard of...

> How are they marketing this
> stuff -

on a website with only an IP address... :-).

> or, who have they gotten to use it thus far?

Nobody I ever heard of...

However, that old volcano's giving off some tasty beta-waves, dontcha think?


Cheers,
RAH
[Sounds like a low "C" to me...]

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2002 (fwd)

[Jim Choate]

On Mon, 2 Dec 2002, David Howe wrote:

> I think what I am trying to say is  -  given a "normal" internet user
> using IPv4 software that wants to connect to someone "in the cloud", how
> does he identify *to his software* the machine in the cloud if that
> machine is not given a unique IP address? few if any IPv4 packages can
> address anything more complex than a IPv4 dotted quad (or if given a DNS
> name, will resolve same to a dotted quad)

You don't. What you'll need is an extension to the current software, which
is woefully inadequate for distributed/cloud/grid processing. It was never
designed to do this sort of stuff.

Plan 9 solves all these, plus you get to keep your IPv4 and IPv6 (not that
it's of any real use in that environment).


 --


We don't see things as they are,  [EMAIL PROTECTED]
we see them as we are.   www.ssz.com
  [EMAIL PROTECTED]
Anais Nin www.open-forge.org

Re: Balloon antennas

[Steve Schear]

At 04:14 PM 12/3/2002 -0800, Tim May wrote:

On Tuesday, December 3, 2002, at 11:09  AM, Steve Schear wrote:

In the late 70s, I was at TRW we built inflatable (beach ball) antennas 
for a black project.  About 1/3 of the balloon's inside surface was 
aluminized and the feed was simply snapped into place at the opposite 
side.  The antenna could either be used hand-held or place in a ring 
mount on a flat surface.  This sort of approach could work well for cell 
phones and WiFi cards with external antenna port.
For cell phones the entire instrument could be placed in at the 
reflector's focus and operated via a mic/headset adapter (some older 
Nokia models have an external antenna port behind a small rubber plug on 
the rear.)


Clever, but a section of a sphere is not a section of a paraboloid, so how 
did you deal with the focus issues?

Perhaps the feed part had a secondary antenna (like a secondary mirror in 
a telescope to correct aberrations in the larger primary).

Parabolas are most desired when a broad range of frequencies are 
simultaneously being received and need to be brought into a common crisp 
focus (e.g., handling chromatic aberration in optical 
telescopes).  Secondaries and corrector plates, as are common to handle 
field flattening, were considered too complex for the application.  At 
these frequencies and reflector size the difference of figure between a 
parabola and a sphere is relatively small though not insignificant. I 
believe the engineers were able to introduce balloon distortions 
approaching a parabolic figure.  In the end the engineers found other 
imperfections of the antenna and feed predominated.

steve

Re: [e-gold-list] DBCs now issued by DMT

[Steve Schear]

At 06:45 PM 12/3/2002 -0500, R. A. Hettinga wrote:

I suppose that if it's not blinded, or at least functionally anonymous,
like you'd get with statistically-tested streaming cash, it's not *that*
bearer, but, hey, that's just *my* opinion, right?


Since it has no payee or associated holder information and can "circulate" 
via re-issuance (even if there is a charge) it has bearer "characteristics".


I would assume that anything that has accounts with client names on them is
probably not bearer, either, though Mark Twain did something quite like
that.


DMT accounts have no customer information associated.

steve

Re: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2002 (fwd)

[Jim Choate]

On Mon, 2 Dec 2002, Eugen Leitl wrote:

> Of course it should be given an unique IP address.

Actually there is no reason that a fixed IP is ever used. You actually
don't even need a fixed hostname (at least above the per-connection
level, you do it for convenience).


 --


We don't see things as they are,  [EMAIL PROTECTED]
we see them as we are.   www.ssz.com
  [EMAIL PROTECTED]
Anais Nin www.open-forge.org

Balloon antennas

[Tim May]

On Tuesday, December 3, 2002, at 11:09  AM, Steve Schear wrote:

In the late 70s, I was at TRW we built inflatable (beach ball) 
antennas for a black project.  About 1/3 of the balloon's inside 
surface was aluminized and the feed was simply snapped into place at 
the opposite side.  The antenna could either be used hand-held or 
place in a ring mount on a flat surface.  This sort of approach could 
work well for cell phones and WiFi cards with external antenna port.  
For cell phones the entire instrument could be placed in at the 
reflector's focus and operated via a mic/headset adapter (some older 
Nokia models have an external antenna port behind a small rubber plug 
on the rear.)


Clever, but a section of a sphere is not a section of a paraboloid, so 
how did you deal with the focus issues?

Perhaps the feed part had a secondary antenna (like a secondary mirror 
in a telescope to correct aberrations in the larger primary).

A spherical antenna is better than nothing, but not by much.


--Tim May

Re: DBCs now issued by DMT

[R. A. Hettinga]

At 4:03 PM -0800 on 12/3/02, Somebody wrote:


> Using xmlrpc for message passing, no less!  Man, you gotta love that
> for simplicity.

One mustn't let the best kill the good enough, certainly, though, without
blinding, it'll be interesting if this airplane lifts its wheels,
security-wise.



Cheers,
RAH


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2002

[Morlock Elloi]

> cards with external antenna port.  For cell phones the entire instrument 
> could be placed in at the reflector's focus and operated via a mic/headset 
> adapter (some older Nokia models have an external antenna port behind a 
> small rubber plug on the rear.)

Cellphone taped in focal point of a 18" directv dish hits cell stations 10
miles away. With 80% signal strenth.



=
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

Re: DBCs now issued by DMT

[Tim May]

On Tuesday, December 3, 2002, at 01:55  PM, Steve Schear wrote:


Digital Monetary Trust now supports Digital Bearer Certificates.  
https://196.40.46.24/dmtext/jog/dmt_bearercert.htm Although the DBC 
are not blinded, DMT claims it maintains no client data on its 
accounts so there is a modicum of anonymity in transactions.


Well, on the Modified May Anonymity Scale, where "would take a billion 
years to crack" is "good," and where  "will require subverting 20 
servers and cracking each's mapping" is "OK," this rates a "takes a 
phone call," which makes it "not good."

"Trust us."

Boring. Thinking this is a step in the right direction is like thinking 
building a tall tower is a step toward going to the moon.



--Tim May
"The only purpose for which power can be rightfully exercised over any 
member of a civilized community, against his will, is to prevent harm 
to others. His own good, either physical or moral, is not a sufficient 
warrant." --John Stuart Mill