Re: My favorite line from the DOJ's latest draft bill

2003-02-10 Thread Mike Rosing
On Mon, 10 Feb 2003, Harmon Seaver wrote:

> On Mon, Feb 10, 2003 at 06:31:56PM -0500, Tyler Durden wrote:
> > "I'm not so sure this emperor could handle psycedelics.  Might
> > break the robotic connections"
> >
> > Arguably, 9/11 was a bad trip, and now we're completely freaking out.
> >
>
> Except that there are so few of those no one has ever been able to
> quantify/qualify them, so we don't know what that really consists of.

Quantify "bad trips" or "freaking out"?  I've only heard stories (and read
some too) but the first seems to refer to self reference and the latter to
non participants reference.  I would definitly say W is freaking out :-)

But it may just be that I'm the one having a bad trip.

Patience, persistence, truth,
Dr. mike




Re: My favorite line from the DOJ's latest draft bill

2003-02-10 Thread Harmon Seaver
On Mon, Feb 10, 2003 at 06:31:56PM -0500, Tyler Durden wrote:
> "I'm not so sure this emperor could handle psycedelics.  Might
> break the robotic connections"
> 
> Arguably, 9/11 was a bad trip, and now we're completely freaking out.
> 

Except that there are so few of those no one has ever been able to
quantify/qualify them, so we don't know what that really consists of. 

-- 
Harmon Seaver   
CyberShamanix
http://www.cybershamanix.com




Re: Trap guns, black baggers, and "Arlington Road"

2003-02-10 Thread Tim May
On Monday, February 10, 2003, at 12:00  PM, Eric Cordian wrote:


Tim writes:


With USAPATRIOT and HOMESEC REICHSPROTEKTION acts authorizing black 
bag
jobs, break-ins, planting of evidence, keystroke-logging,
administrative rubber-stamp warrants (no judge, just a GS-8 or higher
saying "Go for it!'), it's time to revisit the issue of trap guns and
booby traps.

Coincidentally, the news this morning reports on a home invasion in 
which
a homeowner shot dead two of three members of an assault team that 
smashed
into his condo and began firing.



I hadn't seen this when I sent my piece off.

By the way, this again points to some recurring themes (discussed a few 
times before):

-- how does a property owner "authenticate" a person or group claiming 
to be cops? Flashing a badge is not enough, as badges for hundreds of 
jurisdictions are for sale by mail order, gun shows, and probably lots 
of other shops. (For the uninitiated, these are _actual_ badges and/or 
nearly perfect replicas...they are absolutely undistinguishable from 
real badges, so say concerned cops.)

-- how is a search warrant authenticated? In an age of laser printers, 
color printers, scanners, etc., and in an age when nobody can recognize 
the signature of the Sheriff (unlike, maybe, the situation in a small 
villlage a century ago), how does one know a search warrant is duly 
signed by a proper judge?

Hundreds of viewings of police raids in movies and television (not 
always reliable, but the common pattern is suggestive of what reality 
is) tell me that residents have no time to check credentials of cops 
carefully and have scarcely more time to look at search warrants.

There seem to be three time regimes: (actually, I've added two more...)

* Regime 3 (timescale: days) -- Lawyerly: "Tim, this is Fred Jones. I 
just talked to the DA and he wants you to either arrange a time to turn 
yourself in at the station or he'll send a squad car out. I can be 
there if you want." Or the search warrant version: "Tim, I've looked 
over the search warrant they'll be serving on you and everything looks 
to be in order. Don't say anything, and don't interfere. Just sit down 
and they should be out in a couple of hours."

* Regime 2 (timescale: several minutes)  -- Local cops at the door. A 
knock on the door. A cop or sheriff's deputy, often known to the target 
in various ways, arrives with an arrest warrant, search warrant, etc. 
The target has a reasonable chance to verify that the cops or deputies 
are legit.

* Regime 1 (timescale: tens of seconds to minutes) -- Bangs on the 
door. "This is the police! Open up!" If the target opens the door and 
the supposed cops are actually home invaders, or rival gang members, 
he's dead. Or the supposed cops may be Feds or narcs without proper 
justification. No time to carefully verify credentials.

* Regime 0 (timescale: seconds, or less) -- Flashbangs and Ninja 
Raiders. They burst through the windows, throw flashbang grenades, 
scream, stomp dogs and cats, and shoot anything that moves. The killing 
of Dr. Scott in his Malibu home is a good example (check Google for 
details). The BATF raids on many "drug labs" are like this.

* Regime -1 (timescale: negative time) -- Break-ins: They raid your 
house without your knowledge. They plant items, bugs, keystroke 
loggers. Obviously no chance to check credentials, a warrant, etc.

Call me old-fashioned, but I think only Regimes 2 and 3 are valid for 
most arrests and search warrants. In cases of high risk, the 
old-fashioned "This is the police. Your house is surrounded. Come out 
with your hands up." is an example of Regime 1. A target inside has 
plenty of time (minutes usually) to decide that the cops are real cops 
(e.g., by seeing several police cruisers outside), and the cops have 
plenty of time to be ready for violence and not to just start shooting.

The argument in the past 30 years for S.W.A.T. Ninja-type flashbang 
through-the-skylights raids has been that some "perps" (or "goblins," 
in Jeff Cooper-speak) will use the seconds of warning to grab their 
rifles and shotguns. Or will flush their drugs down the toilet. Or will 
kill a hostage. Or will trigger a bomb. Etc.

There are very few situations where these last arguments apply. And 
these are usually well-defined hostage or kidnappee-rescue situations.

We would mostly avoid the Regime 0 and -1 clusterfuck scenarios if law 
enforcement was primarily local. A local cop who knows his neighborhood 
is not so likely to call in S.W.A.T. raiders when dealing with people 
he knows, or at least knows of.

A big part of our problems with police raids today has been the entry 
of other jurisdictions--state troopers, DEA narcs, FBI, and, soon, 
HomeSec/Gestapo polizei.

Anyway, this is my analysis. Fairly obvious to most of us, I expect.

--Tim May



Re: Dell Dude Arrested for Pot

2003-02-10 Thread Tim May
On Monday, February 10, 2003, at 01:53  PM, Eric Cordian wrote:


Oh, the Humanity...

http://www.cnn.com/2003/LAW/02/10/dell.dude.arrest/index.html

-

NEW YORK (CNN) -- Benjamin Curtis, better known as the "Dell Dude" from
the computer company's television commercials, was arrested Sunday 
while
he allegedly attempted to buy marijuana on Manhattan's lower east side.


The pundits are already using the tag line: "Dude, you're getting a 
cell!"

Of course, he won't do jail time. He'll get "diversion" and will do 
public service announcements. "Dude, this is your brain on pot!"

In this age of the War on (Some) Dictators and the War on (Some) Drugs, 
the persecutors have to pick their targets for maximum effect. Hence 
the impending life sentence for the Berkeley guy who committed 
thoughtcrime by writing books and articles about growing marijuana.


--Tim May



Columbia

2003-02-10 Thread Harmon Seaver
Why are they so focused upon and clearly attemting to persecute the Left
Wing?


-- 
Harmon Seaver   
CyberShamanix
http://www.cybershamanix.com




Re: My favorite line from the DOJ's latest draft bill

2003-02-10 Thread Tyler Durden
"I'm not so sure this emperor could handle psycedelics.  Might
break the robotic connections"

Arguably, 9/11 was a bad trip, and now we're completely freaking out.

-TD





_
The new MSN 8: advanced junk mail protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail



RE:Trap guns, black baggers, and "Arlington Road"

2003-02-10 Thread Thomas Shaddack
> Black baggers generally have to get in and out quickly with incomplete
> knowledge of your situation. Doing a thorough reverse-engineer of you
> location is usually not an option for them.

Physical security. Litter the area with cameras, possibly in several
mutually independent networks. It is impossible to get physical access to
the computer without being seen. Don't forget battery backups.

A hardware keyboard logger is sometimes a friend, especially if built
right onto the motherboard.

The computer's case can be welded-shut, preventing easy access to the
disks and slowing down the adversaries.

Another measure could be a computer sniffing and logging all communication
to/from the computer over the LAN, into a circular buffer, allowing
forensic analysis of any communication that was potentially improper. This
serves as security camera guarding the network access.

Similarly, the kernel on the protected machine itself can log accesses to
certain parts of filesystems or physical block devices, and prevent
loading of modules that aren't cryptographically signed.


...of course, a shotgun as an active defensive device has its certain
appeal. However, there are usually more blackbaggers than one, and
computer aiming could be unreliable against fast-moving panicking targets,
so a nerve gas should be considered an option. (If you aren't in a killing
mood, a tear gas could do its job too. A device that would pierce a spray
can with a self-defense paralyzer, quickly dispersing it in the room,
could theoretically work nicely too.) A good area denial device could
MAYBE be a device made from teflon and magnesium strips; teflon pyrolysis
products are reportedly pretty toxic; but I am just wildly speculating
here and inviting discussion about the weak sides of my ideas.

The shotgun could also serve as a quick data destruction device; imagine
what a swarm of fast-flying steel balls can do with disk plates spinning
on 10,000 rpm. If the impact primer will be replaced with electrically
controlled one, even better - the system then has no moving parts and gets
inherently more reliable and maintenance-free. The barrel could be
improvised from a piece of a steel pipe, with a suitable length to allow
the payload from the shells to reach suitable velocity to shred the
plates, attached on the disk over its top side which is usually fairly
thin aluminum. If anyone would be willing to test the idea on some
discarded drives (*wink, Tim*) I would be happy to know the results. Would
"Lead Wipe" be a suitable name for this technology?




Dell Dude Arrested for Pot

2003-02-10 Thread Eric Cordian
Oh, the Humanity...

http://www.cnn.com/2003/LAW/02/10/dell.dude.arrest/index.html

-

NEW YORK (CNN) -- Benjamin Curtis, better known as the "Dell Dude" from
the computer company's television commercials, was arrested Sunday while
he allegedly attempted to buy marijuana on Manhattan's lower east side.

-- 
Eric Michael Cordian 0+
O:.T:.O:. Mathematical Munitions Division
"Do What Thou Wilt Shall Be The Whole Of The Law"




RE:Trap guns, black baggers, and "Arlington Road"

2003-02-10 Thread jayh
The best approach is stealth. 

On the machine, for example, a device driver that quietly sets a flag if an unprompted 
passphrase is not entered in a specific time. This would help tell if any black bag 
software has been hurriedly placed on the machine. In the physical world, comparable 
bugs that leave quiet telltale signs (perhaps relayed offsite) that show the area has 
been compromised.

Black baggers generally have to get in and out quickly with incomplete knowledge of 
your situation. Doing a thorough reverse-engineer of you location is usually not an 
option for them.

While the watermelon patch gun has a visceral appeal, in the end it's 
counterproductive. The state is much less dangerous when they don't know you're onto 
their games.

j




Re: Trap guns, black baggers, and "Arlington Road"

2003-02-10 Thread Eric Cordian
Tim writes:

> With USAPATRIOT and HOMESEC REICHSPROTEKTION acts authorizing black bag 
> jobs, break-ins, planting of evidence, keystroke-logging, 
> administrative rubber-stamp warrants (no judge, just a GS-8 or higher 
> saying "Go for it!'), it's time to revisit the issue of trap guns and 
> booby traps.

Coincidentally, the news this morning reports on a home invasion in which
a homeowner shot dead two of three members of an assault team that smashed
into his condo and began firing.

Details on the identities of the perps are being withheld from the news
media pending further "investigation."

http://www.dfw.com/mld/startelegram/news/local/states/texas/5021327.htm

-

Resident kills 2 condo intruders
By Bill Miller
Star-Telegram Dallas Bureau

DALLAS - Gunfire erupted early Thursday morning when three men armed with
pistols burst into a north Dallas condominium. Two of the intruders died
when a resident returned fire, police said.

Details were sketchy Thursday as Dallas homicide detectives investigated
the shooting at the Kensington Square Apartments in the 15800 block of
Knoll Trail Drive, just east of the North Dallas Tollway.

Detectives said they were not yet ready to release the names of the people
involved, only that the incident began around 9 a.m. in a condo that was
occupied by the 29-year-old man, his wife and their three children.

...

-- 
Eric Michael Cordian 0+
O:.T:.O:. Mathematical Munitions Division
"Do What Thou Wilt Shall Be The Whole Of The Law"




Re: The Space Shuttle's Secret Military Mission

2003-02-10 Thread Eric Cordian
Mike Rosing writes:

> I love conspiricy theory!  Take totally unrelated stuff, mix it together
> and voila - instant evil!

The article is total nonsense.  For instance, Americium-242 has a half
life of 150 years, and decays through isomeric transition.  

It looks like disinformation trawled under the nose of
www.whatreallyhappened.com, so that if they ever publish anything which
pisses off "They Who Can Not Be Criticized," the article can be pointed to
as an example of idiocy which has appeared on the site.

-- 
Eric Michael Cordian 0+
O:.T:.O:. Mathematical Munitions Division
"Do What Thou Wilt Shall Be The Whole Of The Law"




Re: Patriot II would outlaw encryption

2003-02-10 Thread professor rat
"knowingly and willfully uses > encryption technology to conceal any 
incriminating > communication" relating to a federal crime that they're > 
committing, or attempting to commit".

So like I've been saying,it's better to just say KILL the PRESIDENT out 
loud in public,sure they have made an example of a few unfortunates but 
they can't jail everyone and a simple phone tree aLa Solidnardosc can bring 
them down.This PATRIOT bs is all bluff,' Pay no attention to that man 
behind the curtain".
Truth be known the US govt is fucked coming and going.If they get more 
repressive they incite more resistance and they will end up like the 
Hitlerian or Leninist Tyrannies sooner or later.If they back off on the 
prosecution ( as they already have with me) then they are seen as pissweak 
and ripe for overthrowing.If they muddle along doing the odd black bag job 
on a made guy then they're naturally selecting the workarounds for those 
specific DIRTy tricks.In any darwinian race the govt will lose by creating 
the 'superbugs' that will destroy it.
This is not to be a complete fatalist or determinist,it's still a lot of 
fun smashing the state and I encourage new anarchists to join in 
anytime,(and drop out anytime,I did for 15 years once,part time and 
disabled are also most welcome.) After all what are you going to say when 
your kid(s) ask you."What did you and mommy/daddy do in the worldwide 
revolution?"

"I've never seen a situation so dismal
that a policeman couldn't make it
worse."
Brendan Behan.



Re: Putting the "NSA Data Overwrite Standard" Legend to Death...(fwd)

2003-02-10 Thread Sunder

On Sun, 9 Feb 2003, Jim Choate wrote:

> On Sun, 9 Feb 2003, Sunder wrote:
> 
> > No shit Sherlock, that's the whole point!
> 
> Actually it's not, the point is to stop the attacker in their tracks.

Sigh, I don't know why I'm bothering to write anything your clueless
way...  he we go.  We're guaranteed you'll miss every point here, but what
the fuck - I'm feeling masochistic today and so I'll visit Choate'.

Yes, that is the meta-goal here. Encrypting a disk prevents the attacker
from just stealing the disk and using another OS to access the data.

You still need to solve the issue of the OS itself accessing the
data.  But you want to encrypt things such as the swap, temp files, etc
because they can leak data and possibly your key.

Other vectors of attack come into play after the OS has booted fully and
include such things as vulnerabilities in the OS itself, applications,
software key grabbers, etc.  We won't address those here.
 
> > The OS doesn't boot until you type in your passphrase, plug in your USB fob,
> > etc. and allow it to read the key. Like, Duh!  You know, you really ought to
> > stop smoking crack.
> 
> Spin doctor bullshit, you're not addressing the issue which is the
> mounting of an encrypted partition -before- the OS loads (eg lilo, which
> by the way doesn't really 'mount' a partition, encrypted or otherwise -
> it just follows a vector to a boot image that gets dumped into ram and
> the cpu gets a vector to execute it - one would hope it was the -intended-
> OS or fs de-encryption algorithm). What does that do? Nothing (unless
> you're the attacker).

A Spin Doc is a marketting guy who puts a spin on a story, I'm unsure what
you mean here.  Perhaps Ad Homeneim would be better suited - save that
there is a long history between you and reality. :)


LILO lives in either the MBR or the 1st sector of the Linux boot
partition.  (The same applies to GRUB and other boot loaders for other
OS's) All it needs to do is load the kernel plus the initrd image (ram
disk containing kernel modules for various drivers such as the disk.)

At this point you can do one of several things:

You can compile in a small blowfish/SHA implementation into LILO and have
LILO ask you for your passphrase if you want the kernel to live in the
encrypted disk.  In this case you'll need some mechanism to pass the key
to the kernel so when it kicks in the encrypted disk driver, it'll be able
to mount /, etc.  Otherwise /boot can be naked so long as you diff it
against a CD or another known pristine source.  

Any changes there and you've got a dead canary. :)

If /boot is naked, and that's fine too so long as you take care when
your system mysteriously reboots.  At this point, the kernel boots up, the
initrd image is available to it so it can load its modules, one of which
can be the encrypting block driver can load.  

When it does, it can ask for the passphrase for each volume to mount when
mount is called, etc.

You may have some fun with having to tell the kernel what device / lives
on, and so long as the encrypted block device driver is used, it'll mount
it from there. Same with swap and other partitions.

If you wanna do a USB fob or other device, you'll need to have the driver
for that fob (and anything else it'll need) loaded before the encrypting
block driver, and of course the underlying IDE/SCSI drivers need to be
loaded in the kernel before it too.

> There are two and only two general applications for such an approach. A
> standard workstation which isn't used unless there is a warm body handy.
> The other being a server which one doesn't want to -reboot- without human
> intervention. Both imply that the physical site is -secure-, that is the
> weakness to all the current software solutions along this line.

No shit, if you're hackable at the physical layer, all bets are already
off - you can consider yourself owned - it's just a matter of time.  And
physical restraints do nothing other than delay an attacker.

If you're hackable - say in a way that will give your attacker remote root
access, it's actually worse than the attacker having physical access
because your OS is running, it's encrypted partitions are accessible and
mounted - and if your attacker can install a kernel module, you're douily
fucked as you won't be able to detect their presence.

For physical access, the best you can do is attempt to detect the event,
send out warnings, and log the event, wipe RAM and halt the machine; then
it doesn't matter, the attacker has nothing more than a pile of hardware
with some random numbers on its spindles.  Useless without the key worth
whatever ebay will pay for it.

This is why a keyboard is not a good way to enter a passphrase - it can be
removed from the PC and modified, or taken apart without disconnecting it
and a capture device added - just turn it upside down, unscrew, solder,
screw and done.  


The best you can do with a workstation is to have it on all the time and
have something watching it f

Trap guns, black baggers, and "Arlington Road"

2003-02-10 Thread Tim May
On Monday, February 10, 2003, at 03:25  AM, David Howe wrote:

The solution is only applicable to cold or moderately tamper-proofed
systems, to prevent analysis of such systems if confiscated. It can 
only
become a serious component in an overall scheme, but this is 
universally
true - there is no magic shield you can fit to *anything* to solve all
ills; this will add protection against the specified attacks and in 
fact
already exists for windows (drivecrypt pluspack) - it is just
non-windoze platforms that lack a product in this area.

With USAPATRIOT and HOMESEC REICHSPROTEKTION acts authorizing black bag 
jobs, break-ins, planting of evidence, keystroke-logging, 
administrative rubber-stamp warrants (no judge, just a GS-8 or higher 
saying "Go for it!'), it's time to revisit the issue of trap guns and 
booby traps.

How about an audio warning to computer tamperers? "You have 10 seconds 
to clear the area before this computer detonates."

Then, at the nearest door or sliding glass window, a rigged shotgun to 
decapitate those furiously trying to escape.

(For safety reasons, interlock the shotgun or detcord with the alarms 
on the computer.)

I expect the increase in black bag entries and break-ins is going to 
produce a few major court cases soon. What happens when a homeowner 
surprises a covert entry team in his house and a gunfight ensue? (With 
no warrant being shown to the homeowner, he cannot be said to have 
knowledge (scienter) that the apparent burglars or home invaders were 
actually "authorized.")

A similar theme was in the Cypherpunks-required film "Arlington Road" a 
few years back. (Check your video store, though I don't see it often on 
cable or in the DVD bins, so it may have been deemed by the studio to 
be too close to the truth for public consumption.) A so-called "white 
power" compound is being trespassed-upon by BATFags and narcs, sneaking 
up on the compound without display of a search or arrest warrant. The 
residents think they are being attacked and start shooting. Many agents 
die.

(Of course, at the end of "Arlington Road" even more evil doers are 
eradicated. Recommended before a trip to the desert to shoot.)


--Tim May
"That the said Constitution shall never be construed to authorize 
Congress to infringe the just liberty of the press or the rights of 
conscience; or to prevent the people of the United States who are 
peaceable citizens from keeping their own arms." --Samuel Adams



[p2p-hackers] PET2003 (Mar 26-28) accepted papers (fwd)

2003-02-10 Thread Eugen Leitl
-- Forwarded message --
Date: Mon, 10 Feb 2003 13:45:23 -0500
From: Roger Dingledine <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED],
 [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: [p2p-hackers] PET2003 (Mar 26-28) accepted papers

The following papers have been accepted for presentation and publication
at the 3rd Privacy Enhancing Technologies workshop, in Dresden Mar 26-28
this year. In addition, there will be several invited talks and/or panels.

Please forward this mail to other relevant lists.

See http://petworkshop.org/ for more details, including the rapidly
approaching deadlines for stipends (February 16 -- available to
non-authors too!) and registration (February 20).

  "Mix-networks with Restricted Routes"
  George Danezis

  "Generalising Mixes"
  Claudia Diaz, Andrei Serjantov

  "Modelling Unlinkability"
  Sandra Steinbrecher and Stefan K\"opsell

  "Metrics for Traffic Analysis Prevention"
  Richard E. Newman, Ira S. Moskowitz, Paul Syverson, Andrei Serjantov

  "Breaking and Mending Resilient Mix-nets"
  Lan Nguyen, Rei Safavi-Naini

  "Improving Onion Notation"
  Richard Clayton

  "Engineering Privacy in Public: Confounding Face Recognition"
  James Alexander and Jonathan Smith

  "From Privacy Legislation to Interface Design: Implementing
  Information Privacy in Human-Computer Interactions"
  Andrew S. Patrick, Stephen Kenny

  "Defeating Web Censorship with Untrusted Messenger Discovery"
  Nick Feamster, Magdalena Balazinska, Winston Wang, Hari Balakrishnan,
  David Karger

  "GAP -- Practical anonymous networking"
  Krista Bennett, Christian Grothoff

  "An Analysis of GNUnet and the Implications for Anonymous,
  Censorship-Resistant Networks"
  Dennis K\"ugler

  "A Component Architecture for Dynamically Managing Privacy Constraints
  in Personalized Web-based Systems"
  Alfred Kobsa

  "Privacy in Enterprise Identity Federation: Policies for Liberty Single
  Signon"
  Birgit Pfitzmann

  "From P3P to Data Licenses"
  Yuh-Jzer Joung

___
p2p-hackers mailing list
[EMAIL PROTECTED]
http://zgp.org/mailman/listinfo/p2p-hackers




RE: Forced Oaths to Pieces of Cloth

2003-02-10 Thread Trei, Peter
> Bill Frantz[SMTP:[EMAIL PROTECTED]]
[...]
> Unfortunately having started to question the relation between the pledge
> and the ideals of the country, I started to wonder why I was pledging to
> the flag, instead of the country.  So over the years, I have a somewhat
> edited version (removed parts in brackets):
[...]

One interesting variation  {and a suggestion of an alternative) comes from
naval diplomacy.

When there's an official US/UK naval dinner, toasts are drunk (at least on 
shore or on British ships - I think US ships are dry). The Americans
always toast the British Monarch. The Brits in return propose a toast
to the US Constitution.

While I have a lot of problem with the Pledge in any form, I think it
would be greatly improved if it were made to the Constitution, rather
than the flag.

Peter Trei




Re: The Space Shuttle's Secret Military Mission

2003-02-10 Thread Mike Rosing
On Mon, 10 Feb 2003 [EMAIL PROTECTED] wrote:

>
> http://www.aci.net/kalliste/columbia_spectral.htm

I love conspiricy theory!  Take totally unrelated stuff, mix it together
and voila - instant evil!  The problem with this article is that it uses
a reference (to a really cool idea BTW) for a nuclear *rocket engine*
and then claims that this is an *actual* power supply!  It's totally
bogus dude.

But thanks for the reference to the rocket engine, I need to read that
paper!

Patience, persistence, truth,
Dr. mike





Re: My favorite line from the DOJ's latest draft bill

2003-02-10 Thread Harmon Seaver
On Sun, Feb 09, 2003 at 02:43:22PM -0800, Mike Rosing wrote:
> On Sun, 9 Feb 2003, Declan McCullagh wrote:
> 
> > http://www.dailyrotten.com/source-docs/patriot2draft.html
> > terrorism is at least as dangerous to the United States' national security
> > as drug offenses
> 
> That's a good find!  People sitting around laughing their butts off is
> really a dangerous phenomena!  Just like the killing of 3000 people!
> 
> I want the drugs those guys have, there's no view of reality warped quite
> that bad I've ever seen on of my "trips!"
> 
   Probably what they're most scared of are drugs that open the sheeple's
minds. Psychedelics expose the nakedness of the emperor and break open the most
rigid lockstep mentality. 



-- 
Harmon Seaver   
CyberShamanix
http://www.cybershamanix.com




Bingo! Why Bearer-Settled Recursive Auction Markets will work (was re:[NEC] 2.3: Power Laws, Weblogs, and Inequality)

2003-02-10 Thread R. A. Hettinga
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Remember Eric Hughes' "institutionalized" digital piracy market, and,
before him, the Agoric guys, and their Digital Silk Road stuff?

Remember what I said about how, in such a market, the people who made
the *new* stuff first would make the most money, about the first copy
being the most valuable?

Read this, and then go look at the charts on the web. It's important.

Now, think about a bearer-settled cash auction of the first copies of
new content into a napster-like network.

Remember that each cryptographically-authenticated (I dislike the
word "signed", I agree with Perry Metzger and Carl Ellison;
"signature" doesn't mean what it says) copy is fungible. It's the
same as any other. Thus,  the market, like all commodity markets, is
operating, in an economic terms of art, under perfect competition.


I'd always thought that the price curve in hops from the original
source and, in time from a given product's introduction to the net,
would look like power curves, or maybe a gamma distribution, but, in
Clay's article below, here's proof, or at least as much proof as
we're going to get until we actually do it.

I expect that the propagation rates of these markets are going to be
*very* fast, which follows from the speed with which information
flows through the net. Seen in three dimensions, with the charts laid
on top of each other we get something that looks like what happens
after a water drop hits a smooth pond.


This idea of recursive auction markets across a geodesic network is,
for the most part, a fundamental indictment of the very economic
efficacy of copyright on a geodesic network. In getting what people
want for what they're most willing to pay for it, for the lowest cost
of production and distribution, this kind of market will make more
money, faster, for the *producers* of content, and will adequately
compensate the *distributors* of content (people who continually
resell their copies to the highest bidders, of course :-)), while, at
the same time, not requiring monitoring the entire system by a single
entity.

Like Gilmore said about censorship, if there's cash and an auction
mechanism, the network will finally see copyright as damage and route
around it.

Cheers,
RAH

- --- begin forwarded text


User-Agent: Microsoft-Entourage/10.1.0.2006
To: <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED]
Subject: [NEC] 2.3: Power Laws, Weblogs, and Inequality
Sender: [EMAIL PROTECTED]
Date: Sat, 08 Feb 2003 12:54:00 -0500
Status: R

NEC @ Shirky.com, a mailing list about Networks, Economics, and
Culture

   Published periodically / # 2.3 / February 8, 2003
Licensed under the Creative Commons Attribution License
   Subscribe at http://shirky.com/nec.html

In this issue:

 - Introduction
 - Essay: Power Laws, Weblogs, and Inequality
(Also at http://www.shirky.com/writings/powerlaw_weblog.html)
 - Reader feedback on The Big Flip: I was wrong
 - The O'Reilly Emerging Technology Conference

* Introduction
===

This issue's essay is on the inevitability of power laws in social
systems, and in particular in the weblog world. I have lived through
a decade of seeing social systems on the internet start small and
egalitarian and grow large and unequal, and every time it has
happened, some of the users of the system have taken it upon
themselves to complain that the the Old Guard had gotten cliquish, or
that the newbies were not living up to what was expected of them, or
[insert psychological explanation here.]

These explanations, focussed as they were on individual behaviors,
never seemed to me to be adequate to describe what was obviously
structural change that happened to all kinds of systems. Recently,
work by Barabasi, Huberman, and Watts have all pointed to ways in
which power law distributions, where the rank of the Nth item is
1/Nth that of the first item, arise in social systems. The structural
inevitability of power laws explain these kinds of inequalities in
social systems far better than any explanation focussed on the
actions of individual members of the system.

One note: the essay includes three figures, accompanying this mail as
attachments, but it may be easier to read on the web, at
http://www.shirky.com/writings/powerlaw_weblog.html.

Also, because inbound spam to the list is now so extreme, I have a
choice between working from home enlarging my genitals with HGH while
waiting for my check from Nigeria to clear, or auto-flushing inbound
mail. Much to the disappointment of Madame Abacha, I am taking the
latter course of action, so if you have a response to something you
read here, please respond to me directly, at clay at shirky dot com.

- -clay

* Essay
==

Weblogs, Power Laws, and Inequality
(http://www.shirky.com/writings/powerlaw_weblog.html)

A persistent theme among people writing about the social aspects of

Re: Patriot II would outlaw encryption

2003-02-10 Thread lcs Mixmaster Remailer
> actually..noit isn't my bust.  it is yours.
>
> it says:
>
> "knowingly and willfully uses
> encryption technology to conceal any incriminating
> communication" relating to a federal crime that they're
> committing, or attempting to commit".
>
> Thus, after the fact.I can send you an ecrypted email detailing my
> crime and I won't be "upping the ante" another five years.

Sure you will. The "ongoing conspiracy" (an agreement to commit 
a felony) continues after various events. For example, if Ted 
and Alice have an ongoing implicit understanding that they will 
meet in the shed behind her house occasionally to tend the five 
marijuana plants growing there, that is an ongoing conspiracy to 
commit a federal felony. So if, a week after Ted's last visit, 
Alice sends him an encrypted email saying "Come over and watch a 
video, or whatever", the prosecutor can clearly use that (if he 
can decrypt it) as 5 more years in prison, since it used 
encryption technology and concealed an incriminating 
communication (the crime being conspiracy) that they are 
commiting (ongoing). The prosecutors can get Ted's passphrase by 
granting him immunity (probably ONLY immunity from the 
encryption enhancement penalty, or best case, from that and 
conspiracy, still nailing him for the pot felony, or getting 
Alice to roll over on him for the whole deal) and forcing 
him to disclose it having eliminated his 5th amendment defenses. 
Then they have Alice for the pot felony, conspiracy, and the 5 
year encryption booster. Of course, they will simply hang all of 
this draconian punishment over her head, her attorney will say 
they can fight for $75,000 and 2 years, during which she is in 
jail, or they can plead it out and become a felon with few 
further rights of citizenship.

And if you "detail a crime" after the event in an encrypted 
communication, you've essentially included another person in the 
knowledge of a past crime in the expectation that such 
disclosure will remain secret from law enforcement. That is 
conspiracy to avoid prosecution and probably obstruction of 
justice. Conspiracy and obstruction are crimes, you've just used 
encryption in a federal felony, 5 year enhancement. Bye.

For arguments re: protections from forced disclosure of keys, see
http://www.rubberhose.org/current/src/doc/sergienko.html




Re: My favorite line from the DOJ's latest draft bill

2003-02-10 Thread Mike Rosing
On Mon, 10 Feb 2003, Harmon Seaver wrote:

>Probably what they're most scared of are drugs that open the sheeple's
> minds. Psychedelics expose the nakedness of the emperor and break open the most
> rigid lockstep mentality.

Yup, leading robots is so much more fun than actually doing
something useful.  At least for 9 year olds anyway :-)

I'm not so sure this emperor could handle psycedelics.  Might
break the robotic connections :-)

Patience, persistence, truth,
Dr. mike




Re: My favorite line from the DOJ's latest draft bill

2003-02-10 Thread Sunder
My new favorite is how Rumsfeld just said that the Europe Delay to give
the inspectors more time will INCREASE the chance of war  Uh huh...

http://www.foxnews.com/story/0,2933,78003,00.html

My, my, how the reptiles have evolved the ability to speak out both sides
of their mouth... or more aptly put out of another orifice better fitted
to the application of toilet paper.


--Kaos-Keraunos-Kybernetos---
 + ^ + :NSA got $20Bil/year |Passwords are like underwear. You don't /|\
  \|/  :and didn't stop 9-11|share them, you don't hang them on your/\|/\
<--*-->:Instead of rewarding|monitor, or under your keyboard, you   \/|\/
  /|\  :their failures, we  |don't email them, or put them on a web  \|/
 + v + :should get refunds! |site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

On Sun, 9 Feb 2003, Declan McCullagh wrote:

> http://www.dailyrotten.com/source-docs/patriot2draft.html
> terrorism is at least as dangerous to the United States' national security 
> as drug offenses




Re: DOJ quietly drafts USA Patriot II w/crypto-in-a-crime penalty

2003-02-10 Thread Bill Stewart
At 02:13 PM 02/09/2003 -0500, Declan McCullagh wrote:

On Sat, Feb 08, 2003 at 10:36:35PM -0500, Greg Newby wrote:
> "Under the new law, running shoes will be classified
> as burgler's tools if their use is not authorized or
> exceeds reasonable levels for leisure activity."

I always thought that breathing during the commission of a crime should
result in an extra five to ten years in prison.


And breathing _heavily_ gets you even more




Re: Putting the "NSA Data Overwrite Standard" Legend to Death...(fwd)

2003-02-10 Thread Jim Choate

On Sun, 9 Feb 2003, Sunder wrote:

> No shit Sherlock, that's the whole point!

Actually it's not, the point is to stop the attacker in their tracks.

> The OS doesn't boot until you type in your passphrase, plug in your USB fob,
> etc. and allow it to read the key. Like, Duh!  You know, you really ought to
> stop smoking crack.

Spin doctor bullshit, you're not addressing the issue which is the
mounting of an encrypted partition -before- the OS loads (eg lilo, which
by the way doesn't really 'mount' a partition, encrypted or otherwise -
it just follows a vector to a boot image that gets dumped into ram and
the cpu gets a vector to execute it - one would hope it was the -intended-
OS or fs de-encryption algorithm). What does that do? Nothing (unless
you're the attacker).

There are two and only two general applications for such an approach. A
standard workstation which isn't used unless there is a warm body handy.
The other being a server which one doesn't want to -reboot- without human
intervention. Both imply that the physical site is -secure-, that is the
weakness to all the current software solutions along this line.


 --


  We are all interested in the future for that is where you and I
  are going to spend the rest of our lives.

  Criswell, "Plan 9 from Outer Space"

  [EMAIL PROTECTED][EMAIL PROTECTED]
  www.ssz.com   www.open-forge.org





Re: Putting the "NSA Data Overwrite Standard" Legend to Death... (fwd)

2003-02-10 Thread Jim Choate

On Mon, 10 Feb 2003, Dave Howe wrote:

> no, lilo is. if you you can mount a pgpdisk (say) without software, then you
> are obviously much more talented than I am :)

Bullshit. lilo isn't doing -anything- at that point without somebody or
something (eg dongle) being present that has the -plaintext- key. Without
the key the disk isn't doing anything. So no, lilo isn't mounting the
partition. It -is- a tool to do the mount.

Subtle but important distinction.

As to mounting the disk without software, not a problem it could be done all
in hardware. Though you'd still need the passphrase/dongle.

> for virtual drives, the real question is at what point in the boot process
> you can mount a drive - if it is not until the os is fully functional, then
> you are unable to protect the os itself. if the bootstrap process can mount
> the drive before the os is functional, then you *can* protect the os.

No you can't. If the drive is mounted before the OS is loaded you can put
the system into a DMA state and read the disk (screw the OS) since it's
contents are now in plaintext. You can also prevent the default OS from
being loaded as well.

Clue: If you own the hardware, you own the software.


 --


  We are all interested in the future for that is where you and I
  are going to spend the rest of our lives.

  Criswell, "Plan 9 from Outer Space"

  [EMAIL PROTECTED][EMAIL PROTECTED]
  www.ssz.com   www.open-forge.org





Re: Putting the "NSA Data Overwrite Standard" Legend to Death... (fwd)

2003-02-10 Thread David Howe
at Monday, February 10, 2003 3:09 AM, Jim Choate
<[EMAIL PROTECTED]> was seen to say:
> On Mon, 10 Feb 2003, Dave Howe wrote:
>> no, lilo is. if you you can mount a pgpdisk (say) without software,
>> then you are obviously much more talented than I am :)
> Bullshit. lilo isn't doing -anything- at that point without somebody
> or something (eg dongle) being present that has the -plaintext- key.
> Without the key the disk isn't doing anything. So no, lilo isn't
> mounting the partition. It -is- a tool to do the mount.
I don't understand why this concept is so difficult for you - software
*must* perform the mount; there is absolutely no way you could
personally inspect every byte from the disk and pass decrypted data to
the os at line speed yourself.  lilo is the actor here.  If you gave a
program spec to a programmer and said "write this" you wouldn't be able
to claim you wrote the code yourself, no matter how good or essential
the program spec was.

> As to mounting the disk without software, not a problem it could be
> done all in hardware. Though you'd still need the passphrase/dongle.
you couldn't *mount* a disk in hardware; you *could* decrypt on-the-fly
and make the physical disk look like a unencrypted one, but you would
still need non-crypto software to mount it.

>> for virtual drives, the real question is at what point in the boot
>> process you can mount a drive - if it is not until the os is fully
>> functional, then you are unable to protect the os itself. if the
>> bootstrap process can mount the drive before the os is functional,
>> then you *can* protect the os.
> No you can't. If the drive is mounted before the OS is loaded you can
> put the system into a DMA state and read the disk (screw the OS)
> since it's contents are now in plaintext.
no, you can't. data from the hardware is *still* encrypted; only the
output of the driver is decrypted, and a machine no longer running
bootstrap or os is also incapable of decryption. you *could*, if good
enough, place the processor in a halt state and use DMA to modify the
code to reveal the plaintext, but it would be a major pain to do so and
would require both physical access to the machine *while powered up and
without triggering any anti-tamper switches* after the password has been
supplied. This is actually a weakness in firmware cryptodrives (as I
have seen advertised recently) - once the drive is "unlocked" it can
usually be swapped over to another machine and the plaintext read.

> You can also prevent the
> default OS from being loaded as well.
Indeed so, yes. however, usually that decision has to be made before the
password would be entered - so making more awkward. you *could* finangle
the bootstrap though; there must *always* be part of the code outside
the crypto envelope (but of course this can be removable media such as
the usb drive mentioned, and stored securely when not in use)

> Clue: If you own the hardware, you own the software.
indeed so. however, if that applied to machines not already running, the
police wouldn't be so upset when they find encrypted files on seized
hardware.




Re: Putting the "NSA Data Overwrite Standard" Legend to Death...(fwd)

2003-02-10 Thread Sunder
No shit Sherlock, that's the whole point!  The OS doesn't boot until you
type in your passphrase, plug in your USB fob, etc. and allow it to read
the key.  Like, Duh!  You know, you really ought to stop smoking crack.

--Kaos-Keraunos-Kybernetos---
 + ^ + :NSA got $20Bil/year |Passwords are like underwear. You don't /|\
  \|/  :and didn't stop 9-11|share them, you don't hang them on your/\|/\
<--*-->:Instead of rewarding|monitor, or under your keyboard, you   \/|\/
  /|\  :their failures, we  |don't email them, or put them on a web  \|/
 + v + :should get refunds! |site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

On Sun, 9 Feb 2003, Jim Choate wrote:

> On Sat, 8 Feb 2003, Sunder wrote:
> 
> > At least with a unixish OS you can mount your crypto file systems up at
> > boot time before the OS really starts up (before the system goes to
> > multi-user mode for example (at the end of /etc/rc1.d and before the
> > rc2.d init starts.)
> 
> Which is a blind path since those files -must- be unencrypted and if they
> do mount the disk they have to have access to the key to unencrypt the fs
> hence you're in the same boat as with Winblows.