Re: My favorite line from the DOJ's latest draft bill
On Mon, 10 Feb 2003, Harmon Seaver wrote: > On Mon, Feb 10, 2003 at 06:31:56PM -0500, Tyler Durden wrote: > > "I'm not so sure this emperor could handle psycedelics. Might > > break the robotic connections" > > > > Arguably, 9/11 was a bad trip, and now we're completely freaking out. > > > > Except that there are so few of those no one has ever been able to > quantify/qualify them, so we don't know what that really consists of. Quantify "bad trips" or "freaking out"? I've only heard stories (and read some too) but the first seems to refer to self reference and the latter to non participants reference. I would definitly say W is freaking out :-) But it may just be that I'm the one having a bad trip. Patience, persistence, truth, Dr. mike
Re: My favorite line from the DOJ's latest draft bill
On Mon, Feb 10, 2003 at 06:31:56PM -0500, Tyler Durden wrote: > "I'm not so sure this emperor could handle psycedelics. Might > break the robotic connections" > > Arguably, 9/11 was a bad trip, and now we're completely freaking out. > Except that there are so few of those no one has ever been able to quantify/qualify them, so we don't know what that really consists of. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com
Re: Trap guns, black baggers, and "Arlington Road"
On Monday, February 10, 2003, at 12:00 PM, Eric Cordian wrote: Tim writes: With USAPATRIOT and HOMESEC REICHSPROTEKTION acts authorizing black bag jobs, break-ins, planting of evidence, keystroke-logging, administrative rubber-stamp warrants (no judge, just a GS-8 or higher saying "Go for it!'), it's time to revisit the issue of trap guns and booby traps. Coincidentally, the news this morning reports on a home invasion in which a homeowner shot dead two of three members of an assault team that smashed into his condo and began firing. I hadn't seen this when I sent my piece off. By the way, this again points to some recurring themes (discussed a few times before): -- how does a property owner "authenticate" a person or group claiming to be cops? Flashing a badge is not enough, as badges for hundreds of jurisdictions are for sale by mail order, gun shows, and probably lots of other shops. (For the uninitiated, these are _actual_ badges and/or nearly perfect replicas...they are absolutely undistinguishable from real badges, so say concerned cops.) -- how is a search warrant authenticated? In an age of laser printers, color printers, scanners, etc., and in an age when nobody can recognize the signature of the Sheriff (unlike, maybe, the situation in a small villlage a century ago), how does one know a search warrant is duly signed by a proper judge? Hundreds of viewings of police raids in movies and television (not always reliable, but the common pattern is suggestive of what reality is) tell me that residents have no time to check credentials of cops carefully and have scarcely more time to look at search warrants. There seem to be three time regimes: (actually, I've added two more...) * Regime 3 (timescale: days) -- Lawyerly: "Tim, this is Fred Jones. I just talked to the DA and he wants you to either arrange a time to turn yourself in at the station or he'll send a squad car out. I can be there if you want." Or the search warrant version: "Tim, I've looked over the search warrant they'll be serving on you and everything looks to be in order. Don't say anything, and don't interfere. Just sit down and they should be out in a couple of hours." * Regime 2 (timescale: several minutes) -- Local cops at the door. A knock on the door. A cop or sheriff's deputy, often known to the target in various ways, arrives with an arrest warrant, search warrant, etc. The target has a reasonable chance to verify that the cops or deputies are legit. * Regime 1 (timescale: tens of seconds to minutes) -- Bangs on the door. "This is the police! Open up!" If the target opens the door and the supposed cops are actually home invaders, or rival gang members, he's dead. Or the supposed cops may be Feds or narcs without proper justification. No time to carefully verify credentials. * Regime 0 (timescale: seconds, or less) -- Flashbangs and Ninja Raiders. They burst through the windows, throw flashbang grenades, scream, stomp dogs and cats, and shoot anything that moves. The killing of Dr. Scott in his Malibu home is a good example (check Google for details). The BATF raids on many "drug labs" are like this. * Regime -1 (timescale: negative time) -- Break-ins: They raid your house without your knowledge. They plant items, bugs, keystroke loggers. Obviously no chance to check credentials, a warrant, etc. Call me old-fashioned, but I think only Regimes 2 and 3 are valid for most arrests and search warrants. In cases of high risk, the old-fashioned "This is the police. Your house is surrounded. Come out with your hands up." is an example of Regime 1. A target inside has plenty of time (minutes usually) to decide that the cops are real cops (e.g., by seeing several police cruisers outside), and the cops have plenty of time to be ready for violence and not to just start shooting. The argument in the past 30 years for S.W.A.T. Ninja-type flashbang through-the-skylights raids has been that some "perps" (or "goblins," in Jeff Cooper-speak) will use the seconds of warning to grab their rifles and shotguns. Or will flush their drugs down the toilet. Or will kill a hostage. Or will trigger a bomb. Etc. There are very few situations where these last arguments apply. And these are usually well-defined hostage or kidnappee-rescue situations. We would mostly avoid the Regime 0 and -1 clusterfuck scenarios if law enforcement was primarily local. A local cop who knows his neighborhood is not so likely to call in S.W.A.T. raiders when dealing with people he knows, or at least knows of. A big part of our problems with police raids today has been the entry of other jurisdictions--state troopers, DEA narcs, FBI, and, soon, HomeSec/Gestapo polizei. Anyway, this is my analysis. Fairly obvious to most of us, I expect. --Tim May
Re: Dell Dude Arrested for Pot
On Monday, February 10, 2003, at 01:53 PM, Eric Cordian wrote: Oh, the Humanity... http://www.cnn.com/2003/LAW/02/10/dell.dude.arrest/index.html - NEW YORK (CNN) -- Benjamin Curtis, better known as the "Dell Dude" from the computer company's television commercials, was arrested Sunday while he allegedly attempted to buy marijuana on Manhattan's lower east side. The pundits are already using the tag line: "Dude, you're getting a cell!" Of course, he won't do jail time. He'll get "diversion" and will do public service announcements. "Dude, this is your brain on pot!" In this age of the War on (Some) Dictators and the War on (Some) Drugs, the persecutors have to pick their targets for maximum effect. Hence the impending life sentence for the Berkeley guy who committed thoughtcrime by writing books and articles about growing marijuana. --Tim May
Columbia
Why are they so focused upon and clearly attemting to persecute the Left Wing? -- Harmon Seaver CyberShamanix http://www.cybershamanix.com
Re: My favorite line from the DOJ's latest draft bill
"I'm not so sure this emperor could handle psycedelics. Might break the robotic connections" Arguably, 9/11 was a bad trip, and now we're completely freaking out. -TD _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
RE:Trap guns, black baggers, and "Arlington Road"
> Black baggers generally have to get in and out quickly with incomplete > knowledge of your situation. Doing a thorough reverse-engineer of you > location is usually not an option for them. Physical security. Litter the area with cameras, possibly in several mutually independent networks. It is impossible to get physical access to the computer without being seen. Don't forget battery backups. A hardware keyboard logger is sometimes a friend, especially if built right onto the motherboard. The computer's case can be welded-shut, preventing easy access to the disks and slowing down the adversaries. Another measure could be a computer sniffing and logging all communication to/from the computer over the LAN, into a circular buffer, allowing forensic analysis of any communication that was potentially improper. This serves as security camera guarding the network access. Similarly, the kernel on the protected machine itself can log accesses to certain parts of filesystems or physical block devices, and prevent loading of modules that aren't cryptographically signed. ...of course, a shotgun as an active defensive device has its certain appeal. However, there are usually more blackbaggers than one, and computer aiming could be unreliable against fast-moving panicking targets, so a nerve gas should be considered an option. (If you aren't in a killing mood, a tear gas could do its job too. A device that would pierce a spray can with a self-defense paralyzer, quickly dispersing it in the room, could theoretically work nicely too.) A good area denial device could MAYBE be a device made from teflon and magnesium strips; teflon pyrolysis products are reportedly pretty toxic; but I am just wildly speculating here and inviting discussion about the weak sides of my ideas. The shotgun could also serve as a quick data destruction device; imagine what a swarm of fast-flying steel balls can do with disk plates spinning on 10,000 rpm. If the impact primer will be replaced with electrically controlled one, even better - the system then has no moving parts and gets inherently more reliable and maintenance-free. The barrel could be improvised from a piece of a steel pipe, with a suitable length to allow the payload from the shells to reach suitable velocity to shred the plates, attached on the disk over its top side which is usually fairly thin aluminum. If anyone would be willing to test the idea on some discarded drives (*wink, Tim*) I would be happy to know the results. Would "Lead Wipe" be a suitable name for this technology?
Dell Dude Arrested for Pot
Oh, the Humanity... http://www.cnn.com/2003/LAW/02/10/dell.dude.arrest/index.html - NEW YORK (CNN) -- Benjamin Curtis, better known as the "Dell Dude" from the computer company's television commercials, was arrested Sunday while he allegedly attempted to buy marijuana on Manhattan's lower east side. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law"
RE:Trap guns, black baggers, and "Arlington Road"
The best approach is stealth. On the machine, for example, a device driver that quietly sets a flag if an unprompted passphrase is not entered in a specific time. This would help tell if any black bag software has been hurriedly placed on the machine. In the physical world, comparable bugs that leave quiet telltale signs (perhaps relayed offsite) that show the area has been compromised. Black baggers generally have to get in and out quickly with incomplete knowledge of your situation. Doing a thorough reverse-engineer of you location is usually not an option for them. While the watermelon patch gun has a visceral appeal, in the end it's counterproductive. The state is much less dangerous when they don't know you're onto their games. j
Re: Trap guns, black baggers, and "Arlington Road"
Tim writes: > With USAPATRIOT and HOMESEC REICHSPROTEKTION acts authorizing black bag > jobs, break-ins, planting of evidence, keystroke-logging, > administrative rubber-stamp warrants (no judge, just a GS-8 or higher > saying "Go for it!'), it's time to revisit the issue of trap guns and > booby traps. Coincidentally, the news this morning reports on a home invasion in which a homeowner shot dead two of three members of an assault team that smashed into his condo and began firing. Details on the identities of the perps are being withheld from the news media pending further "investigation." http://www.dfw.com/mld/startelegram/news/local/states/texas/5021327.htm - Resident kills 2 condo intruders By Bill Miller Star-Telegram Dallas Bureau DALLAS - Gunfire erupted early Thursday morning when three men armed with pistols burst into a north Dallas condominium. Two of the intruders died when a resident returned fire, police said. Details were sketchy Thursday as Dallas homicide detectives investigated the shooting at the Kensington Square Apartments in the 15800 block of Knoll Trail Drive, just east of the North Dallas Tollway. Detectives said they were not yet ready to release the names of the people involved, only that the incident began around 9 a.m. in a condo that was occupied by the 29-year-old man, his wife and their three children. ... -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law"
Re: The Space Shuttle's Secret Military Mission
Mike Rosing writes: > I love conspiricy theory! Take totally unrelated stuff, mix it together > and voila - instant evil! The article is total nonsense. For instance, Americium-242 has a half life of 150 years, and decays through isomeric transition. It looks like disinformation trawled under the nose of www.whatreallyhappened.com, so that if they ever publish anything which pisses off "They Who Can Not Be Criticized," the article can be pointed to as an example of idiocy which has appeared on the site. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law"
Re: Patriot II would outlaw encryption
"knowingly and willfully uses > encryption technology to conceal any incriminating > communication" relating to a federal crime that they're > committing, or attempting to commit". So like I've been saying,it's better to just say KILL the PRESIDENT out loud in public,sure they have made an example of a few unfortunates but they can't jail everyone and a simple phone tree aLa Solidnardosc can bring them down.This PATRIOT bs is all bluff,' Pay no attention to that man behind the curtain". Truth be known the US govt is fucked coming and going.If they get more repressive they incite more resistance and they will end up like the Hitlerian or Leninist Tyrannies sooner or later.If they back off on the prosecution ( as they already have with me) then they are seen as pissweak and ripe for overthrowing.If they muddle along doing the odd black bag job on a made guy then they're naturally selecting the workarounds for those specific DIRTy tricks.In any darwinian race the govt will lose by creating the 'superbugs' that will destroy it. This is not to be a complete fatalist or determinist,it's still a lot of fun smashing the state and I encourage new anarchists to join in anytime,(and drop out anytime,I did for 15 years once,part time and disabled are also most welcome.) After all what are you going to say when your kid(s) ask you."What did you and mommy/daddy do in the worldwide revolution?" "I've never seen a situation so dismal that a policeman couldn't make it worse." Brendan Behan.
Re: Putting the "NSA Data Overwrite Standard" Legend to Death...(fwd)
On Sun, 9 Feb 2003, Jim Choate wrote: > On Sun, 9 Feb 2003, Sunder wrote: > > > No shit Sherlock, that's the whole point! > > Actually it's not, the point is to stop the attacker in their tracks. Sigh, I don't know why I'm bothering to write anything your clueless way... he we go. We're guaranteed you'll miss every point here, but what the fuck - I'm feeling masochistic today and so I'll visit Choate'. Yes, that is the meta-goal here. Encrypting a disk prevents the attacker from just stealing the disk and using another OS to access the data. You still need to solve the issue of the OS itself accessing the data. But you want to encrypt things such as the swap, temp files, etc because they can leak data and possibly your key. Other vectors of attack come into play after the OS has booted fully and include such things as vulnerabilities in the OS itself, applications, software key grabbers, etc. We won't address those here. > > The OS doesn't boot until you type in your passphrase, plug in your USB fob, > > etc. and allow it to read the key. Like, Duh! You know, you really ought to > > stop smoking crack. > > Spin doctor bullshit, you're not addressing the issue which is the > mounting of an encrypted partition -before- the OS loads (eg lilo, which > by the way doesn't really 'mount' a partition, encrypted or otherwise - > it just follows a vector to a boot image that gets dumped into ram and > the cpu gets a vector to execute it - one would hope it was the -intended- > OS or fs de-encryption algorithm). What does that do? Nothing (unless > you're the attacker). A Spin Doc is a marketting guy who puts a spin on a story, I'm unsure what you mean here. Perhaps Ad Homeneim would be better suited - save that there is a long history between you and reality. :) LILO lives in either the MBR or the 1st sector of the Linux boot partition. (The same applies to GRUB and other boot loaders for other OS's) All it needs to do is load the kernel plus the initrd image (ram disk containing kernel modules for various drivers such as the disk.) At this point you can do one of several things: You can compile in a small blowfish/SHA implementation into LILO and have LILO ask you for your passphrase if you want the kernel to live in the encrypted disk. In this case you'll need some mechanism to pass the key to the kernel so when it kicks in the encrypted disk driver, it'll be able to mount /, etc. Otherwise /boot can be naked so long as you diff it against a CD or another known pristine source. Any changes there and you've got a dead canary. :) If /boot is naked, and that's fine too so long as you take care when your system mysteriously reboots. At this point, the kernel boots up, the initrd image is available to it so it can load its modules, one of which can be the encrypting block driver can load. When it does, it can ask for the passphrase for each volume to mount when mount is called, etc. You may have some fun with having to tell the kernel what device / lives on, and so long as the encrypted block device driver is used, it'll mount it from there. Same with swap and other partitions. If you wanna do a USB fob or other device, you'll need to have the driver for that fob (and anything else it'll need) loaded before the encrypting block driver, and of course the underlying IDE/SCSI drivers need to be loaded in the kernel before it too. > There are two and only two general applications for such an approach. A > standard workstation which isn't used unless there is a warm body handy. > The other being a server which one doesn't want to -reboot- without human > intervention. Both imply that the physical site is -secure-, that is the > weakness to all the current software solutions along this line. No shit, if you're hackable at the physical layer, all bets are already off - you can consider yourself owned - it's just a matter of time. And physical restraints do nothing other than delay an attacker. If you're hackable - say in a way that will give your attacker remote root access, it's actually worse than the attacker having physical access because your OS is running, it's encrypted partitions are accessible and mounted - and if your attacker can install a kernel module, you're douily fucked as you won't be able to detect their presence. For physical access, the best you can do is attempt to detect the event, send out warnings, and log the event, wipe RAM and halt the machine; then it doesn't matter, the attacker has nothing more than a pile of hardware with some random numbers on its spindles. Useless without the key worth whatever ebay will pay for it. This is why a keyboard is not a good way to enter a passphrase - it can be removed from the PC and modified, or taken apart without disconnecting it and a capture device added - just turn it upside down, unscrew, solder, screw and done. The best you can do with a workstation is to have it on all the time and have something watching it f
Trap guns, black baggers, and "Arlington Road"
On Monday, February 10, 2003, at 03:25 AM, David Howe wrote: The solution is only applicable to cold or moderately tamper-proofed systems, to prevent analysis of such systems if confiscated. It can only become a serious component in an overall scheme, but this is universally true - there is no magic shield you can fit to *anything* to solve all ills; this will add protection against the specified attacks and in fact already exists for windows (drivecrypt pluspack) - it is just non-windoze platforms that lack a product in this area. With USAPATRIOT and HOMESEC REICHSPROTEKTION acts authorizing black bag jobs, break-ins, planting of evidence, keystroke-logging, administrative rubber-stamp warrants (no judge, just a GS-8 or higher saying "Go for it!'), it's time to revisit the issue of trap guns and booby traps. How about an audio warning to computer tamperers? "You have 10 seconds to clear the area before this computer detonates." Then, at the nearest door or sliding glass window, a rigged shotgun to decapitate those furiously trying to escape. (For safety reasons, interlock the shotgun or detcord with the alarms on the computer.) I expect the increase in black bag entries and break-ins is going to produce a few major court cases soon. What happens when a homeowner surprises a covert entry team in his house and a gunfight ensue? (With no warrant being shown to the homeowner, he cannot be said to have knowledge (scienter) that the apparent burglars or home invaders were actually "authorized.") A similar theme was in the Cypherpunks-required film "Arlington Road" a few years back. (Check your video store, though I don't see it often on cable or in the DVD bins, so it may have been deemed by the studio to be too close to the truth for public consumption.) A so-called "white power" compound is being trespassed-upon by BATFags and narcs, sneaking up on the compound without display of a search or arrest warrant. The residents think they are being attacked and start shooting. Many agents die. (Of course, at the end of "Arlington Road" even more evil doers are eradicated. Recommended before a trip to the desert to shoot.) --Tim May "That the said Constitution shall never be construed to authorize Congress to infringe the just liberty of the press or the rights of conscience; or to prevent the people of the United States who are peaceable citizens from keeping their own arms." --Samuel Adams
[p2p-hackers] PET2003 (Mar 26-28) accepted papers (fwd)
-- Forwarded message -- Date: Mon, 10 Feb 2003 13:45:23 -0500 From: Roger Dingledine <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: [p2p-hackers] PET2003 (Mar 26-28) accepted papers The following papers have been accepted for presentation and publication at the 3rd Privacy Enhancing Technologies workshop, in Dresden Mar 26-28 this year. In addition, there will be several invited talks and/or panels. Please forward this mail to other relevant lists. See http://petworkshop.org/ for more details, including the rapidly approaching deadlines for stipends (February 16 -- available to non-authors too!) and registration (February 20). "Mix-networks with Restricted Routes" George Danezis "Generalising Mixes" Claudia Diaz, Andrei Serjantov "Modelling Unlinkability" Sandra Steinbrecher and Stefan K\"opsell "Metrics for Traffic Analysis Prevention" Richard E. Newman, Ira S. Moskowitz, Paul Syverson, Andrei Serjantov "Breaking and Mending Resilient Mix-nets" Lan Nguyen, Rei Safavi-Naini "Improving Onion Notation" Richard Clayton "Engineering Privacy in Public: Confounding Face Recognition" James Alexander and Jonathan Smith "From Privacy Legislation to Interface Design: Implementing Information Privacy in Human-Computer Interactions" Andrew S. Patrick, Stephen Kenny "Defeating Web Censorship with Untrusted Messenger Discovery" Nick Feamster, Magdalena Balazinska, Winston Wang, Hari Balakrishnan, David Karger "GAP -- Practical anonymous networking" Krista Bennett, Christian Grothoff "An Analysis of GNUnet and the Implications for Anonymous, Censorship-Resistant Networks" Dennis K\"ugler "A Component Architecture for Dynamically Managing Privacy Constraints in Personalized Web-based Systems" Alfred Kobsa "Privacy in Enterprise Identity Federation: Policies for Liberty Single Signon" Birgit Pfitzmann "From P3P to Data Licenses" Yuh-Jzer Joung ___ p2p-hackers mailing list [EMAIL PROTECTED] http://zgp.org/mailman/listinfo/p2p-hackers
RE: Forced Oaths to Pieces of Cloth
> Bill Frantz[SMTP:[EMAIL PROTECTED]]
[...]
> Unfortunately having started to question the relation between the pledge
> and the ideals of the country, I started to wonder why I was pledging to
> the flag, instead of the country. So over the years, I have a somewhat
> edited version (removed parts in brackets):
[...]
One interesting variation {and a suggestion of an alternative) comes from
naval diplomacy.
When there's an official US/UK naval dinner, toasts are drunk (at least on
shore or on British ships - I think US ships are dry). The Americans
always toast the British Monarch. The Brits in return propose a toast
to the US Constitution.
While I have a lot of problem with the Pledge in any form, I think it
would be greatly improved if it were made to the Constitution, rather
than the flag.
Peter Trei
Re: The Space Shuttle's Secret Military Mission
On Mon, 10 Feb 2003 [EMAIL PROTECTED] wrote: > > http://www.aci.net/kalliste/columbia_spectral.htm I love conspiricy theory! Take totally unrelated stuff, mix it together and voila - instant evil! The problem with this article is that it uses a reference (to a really cool idea BTW) for a nuclear *rocket engine* and then claims that this is an *actual* power supply! It's totally bogus dude. But thanks for the reference to the rocket engine, I need to read that paper! Patience, persistence, truth, Dr. mike
Re: My favorite line from the DOJ's latest draft bill
On Sun, Feb 09, 2003 at 02:43:22PM -0800, Mike Rosing wrote: > On Sun, 9 Feb 2003, Declan McCullagh wrote: > > > http://www.dailyrotten.com/source-docs/patriot2draft.html > > terrorism is at least as dangerous to the United States' national security > > as drug offenses > > That's a good find! People sitting around laughing their butts off is > really a dangerous phenomena! Just like the killing of 3000 people! > > I want the drugs those guys have, there's no view of reality warped quite > that bad I've ever seen on of my "trips!" > Probably what they're most scared of are drugs that open the sheeple's minds. Psychedelics expose the nakedness of the emperor and break open the most rigid lockstep mentality. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com
Bingo! Why Bearer-Settled Recursive Auction Markets will work (was re:[NEC] 2.3: Power Laws, Weblogs, and Inequality)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Remember Eric Hughes' "institutionalized" digital piracy market, and, before him, the Agoric guys, and their Digital Silk Road stuff? Remember what I said about how, in such a market, the people who made the *new* stuff first would make the most money, about the first copy being the most valuable? Read this, and then go look at the charts on the web. It's important. Now, think about a bearer-settled cash auction of the first copies of new content into a napster-like network. Remember that each cryptographically-authenticated (I dislike the word "signed", I agree with Perry Metzger and Carl Ellison; "signature" doesn't mean what it says) copy is fungible. It's the same as any other. Thus, the market, like all commodity markets, is operating, in an economic terms of art, under perfect competition. I'd always thought that the price curve in hops from the original source and, in time from a given product's introduction to the net, would look like power curves, or maybe a gamma distribution, but, in Clay's article below, here's proof, or at least as much proof as we're going to get until we actually do it. I expect that the propagation rates of these markets are going to be *very* fast, which follows from the speed with which information flows through the net. Seen in three dimensions, with the charts laid on top of each other we get something that looks like what happens after a water drop hits a smooth pond. This idea of recursive auction markets across a geodesic network is, for the most part, a fundamental indictment of the very economic efficacy of copyright on a geodesic network. In getting what people want for what they're most willing to pay for it, for the lowest cost of production and distribution, this kind of market will make more money, faster, for the *producers* of content, and will adequately compensate the *distributors* of content (people who continually resell their copies to the highest bidders, of course :-)), while, at the same time, not requiring monitoring the entire system by a single entity. Like Gilmore said about censorship, if there's cash and an auction mechanism, the network will finally see copyright as damage and route around it. Cheers, RAH - --- begin forwarded text User-Agent: Microsoft-Entourage/10.1.0.2006 To: <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] Subject: [NEC] 2.3: Power Laws, Weblogs, and Inequality Sender: [EMAIL PROTECTED] Date: Sat, 08 Feb 2003 12:54:00 -0500 Status: R NEC @ Shirky.com, a mailing list about Networks, Economics, and Culture Published periodically / # 2.3 / February 8, 2003 Licensed under the Creative Commons Attribution License Subscribe at http://shirky.com/nec.html In this issue: - Introduction - Essay: Power Laws, Weblogs, and Inequality (Also at http://www.shirky.com/writings/powerlaw_weblog.html) - Reader feedback on The Big Flip: I was wrong - The O'Reilly Emerging Technology Conference * Introduction === This issue's essay is on the inevitability of power laws in social systems, and in particular in the weblog world. I have lived through a decade of seeing social systems on the internet start small and egalitarian and grow large and unequal, and every time it has happened, some of the users of the system have taken it upon themselves to complain that the the Old Guard had gotten cliquish, or that the newbies were not living up to what was expected of them, or [insert psychological explanation here.] These explanations, focussed as they were on individual behaviors, never seemed to me to be adequate to describe what was obviously structural change that happened to all kinds of systems. Recently, work by Barabasi, Huberman, and Watts have all pointed to ways in which power law distributions, where the rank of the Nth item is 1/Nth that of the first item, arise in social systems. The structural inevitability of power laws explain these kinds of inequalities in social systems far better than any explanation focussed on the actions of individual members of the system. One note: the essay includes three figures, accompanying this mail as attachments, but it may be easier to read on the web, at http://www.shirky.com/writings/powerlaw_weblog.html. Also, because inbound spam to the list is now so extreme, I have a choice between working from home enlarging my genitals with HGH while waiting for my check from Nigeria to clear, or auto-flushing inbound mail. Much to the disappointment of Madame Abacha, I am taking the latter course of action, so if you have a response to something you read here, please respond to me directly, at clay at shirky dot com. - -clay * Essay == Weblogs, Power Laws, and Inequality (http://www.shirky.com/writings/powerlaw_weblog.html) A persistent theme among people writing about the social aspects of
Re: Patriot II would outlaw encryption
> actually..noit isn't my bust. it is yours. > > it says: > > "knowingly and willfully uses > encryption technology to conceal any incriminating > communication" relating to a federal crime that they're > committing, or attempting to commit". > > Thus, after the fact.I can send you an ecrypted email detailing my > crime and I won't be "upping the ante" another five years. Sure you will. The "ongoing conspiracy" (an agreement to commit a felony) continues after various events. For example, if Ted and Alice have an ongoing implicit understanding that they will meet in the shed behind her house occasionally to tend the five marijuana plants growing there, that is an ongoing conspiracy to commit a federal felony. So if, a week after Ted's last visit, Alice sends him an encrypted email saying "Come over and watch a video, or whatever", the prosecutor can clearly use that (if he can decrypt it) as 5 more years in prison, since it used encryption technology and concealed an incriminating communication (the crime being conspiracy) that they are commiting (ongoing). The prosecutors can get Ted's passphrase by granting him immunity (probably ONLY immunity from the encryption enhancement penalty, or best case, from that and conspiracy, still nailing him for the pot felony, or getting Alice to roll over on him for the whole deal) and forcing him to disclose it having eliminated his 5th amendment defenses. Then they have Alice for the pot felony, conspiracy, and the 5 year encryption booster. Of course, they will simply hang all of this draconian punishment over her head, her attorney will say they can fight for $75,000 and 2 years, during which she is in jail, or they can plead it out and become a felon with few further rights of citizenship. And if you "detail a crime" after the event in an encrypted communication, you've essentially included another person in the knowledge of a past crime in the expectation that such disclosure will remain secret from law enforcement. That is conspiracy to avoid prosecution and probably obstruction of justice. Conspiracy and obstruction are crimes, you've just used encryption in a federal felony, 5 year enhancement. Bye. For arguments re: protections from forced disclosure of keys, see http://www.rubberhose.org/current/src/doc/sergienko.html
Re: My favorite line from the DOJ's latest draft bill
On Mon, 10 Feb 2003, Harmon Seaver wrote: >Probably what they're most scared of are drugs that open the sheeple's > minds. Psychedelics expose the nakedness of the emperor and break open the most > rigid lockstep mentality. Yup, leading robots is so much more fun than actually doing something useful. At least for 9 year olds anyway :-) I'm not so sure this emperor could handle psycedelics. Might break the robotic connections :-) Patience, persistence, truth, Dr. mike
Re: My favorite line from the DOJ's latest draft bill
My new favorite is how Rumsfeld just said that the Europe Delay to give the inspectors more time will INCREASE the chance of war Uh huh... http://www.foxnews.com/story/0,2933,78003,00.html My, my, how the reptiles have evolved the ability to speak out both sides of their mouth... or more aptly put out of another orifice better fitted to the application of toilet paper. --Kaos-Keraunos-Kybernetos--- + ^ + :NSA got $20Bil/year |Passwords are like underwear. You don't /|\ \|/ :and didn't stop 9-11|share them, you don't hang them on your/\|/\ <--*-->:Instead of rewarding|monitor, or under your keyboard, you \/|\/ /|\ :their failures, we |don't email them, or put them on a web \|/ + v + :should get refunds! |site, and you must change them very often. [EMAIL PROTECTED] http://www.sunder.net On Sun, 9 Feb 2003, Declan McCullagh wrote: > http://www.dailyrotten.com/source-docs/patriot2draft.html > terrorism is at least as dangerous to the United States' national security > as drug offenses
Re: DOJ quietly drafts USA Patriot II w/crypto-in-a-crime penalty
At 02:13 PM 02/09/2003 -0500, Declan McCullagh wrote: On Sat, Feb 08, 2003 at 10:36:35PM -0500, Greg Newby wrote: > "Under the new law, running shoes will be classified > as burgler's tools if their use is not authorized or > exceeds reasonable levels for leisure activity." I always thought that breathing during the commission of a crime should result in an extra five to ten years in prison. And breathing _heavily_ gets you even more
Re: Putting the "NSA Data Overwrite Standard" Legend to Death...(fwd)
On Sun, 9 Feb 2003, Sunder wrote: > No shit Sherlock, that's the whole point! Actually it's not, the point is to stop the attacker in their tracks. > The OS doesn't boot until you type in your passphrase, plug in your USB fob, > etc. and allow it to read the key. Like, Duh! You know, you really ought to > stop smoking crack. Spin doctor bullshit, you're not addressing the issue which is the mounting of an encrypted partition -before- the OS loads (eg lilo, which by the way doesn't really 'mount' a partition, encrypted or otherwise - it just follows a vector to a boot image that gets dumped into ram and the cpu gets a vector to execute it - one would hope it was the -intended- OS or fs de-encryption algorithm). What does that do? Nothing (unless you're the attacker). There are two and only two general applications for such an approach. A standard workstation which isn't used unless there is a warm body handy. The other being a server which one doesn't want to -reboot- without human intervention. Both imply that the physical site is -secure-, that is the weakness to all the current software solutions along this line. -- We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" [EMAIL PROTECTED][EMAIL PROTECTED] www.ssz.com www.open-forge.org
Re: Putting the "NSA Data Overwrite Standard" Legend to Death... (fwd)
On Mon, 10 Feb 2003, Dave Howe wrote: > no, lilo is. if you you can mount a pgpdisk (say) without software, then you > are obviously much more talented than I am :) Bullshit. lilo isn't doing -anything- at that point without somebody or something (eg dongle) being present that has the -plaintext- key. Without the key the disk isn't doing anything. So no, lilo isn't mounting the partition. It -is- a tool to do the mount. Subtle but important distinction. As to mounting the disk without software, not a problem it could be done all in hardware. Though you'd still need the passphrase/dongle. > for virtual drives, the real question is at what point in the boot process > you can mount a drive - if it is not until the os is fully functional, then > you are unable to protect the os itself. if the bootstrap process can mount > the drive before the os is functional, then you *can* protect the os. No you can't. If the drive is mounted before the OS is loaded you can put the system into a DMA state and read the disk (screw the OS) since it's contents are now in plaintext. You can also prevent the default OS from being loaded as well. Clue: If you own the hardware, you own the software. -- We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" [EMAIL PROTECTED][EMAIL PROTECTED] www.ssz.com www.open-forge.org
Re: Putting the "NSA Data Overwrite Standard" Legend to Death... (fwd)
at Monday, February 10, 2003 3:09 AM, Jim Choate <[EMAIL PROTECTED]> was seen to say: > On Mon, 10 Feb 2003, Dave Howe wrote: >> no, lilo is. if you you can mount a pgpdisk (say) without software, >> then you are obviously much more talented than I am :) > Bullshit. lilo isn't doing -anything- at that point without somebody > or something (eg dongle) being present that has the -plaintext- key. > Without the key the disk isn't doing anything. So no, lilo isn't > mounting the partition. It -is- a tool to do the mount. I don't understand why this concept is so difficult for you - software *must* perform the mount; there is absolutely no way you could personally inspect every byte from the disk and pass decrypted data to the os at line speed yourself. lilo is the actor here. If you gave a program spec to a programmer and said "write this" you wouldn't be able to claim you wrote the code yourself, no matter how good or essential the program spec was. > As to mounting the disk without software, not a problem it could be > done all in hardware. Though you'd still need the passphrase/dongle. you couldn't *mount* a disk in hardware; you *could* decrypt on-the-fly and make the physical disk look like a unencrypted one, but you would still need non-crypto software to mount it. >> for virtual drives, the real question is at what point in the boot >> process you can mount a drive - if it is not until the os is fully >> functional, then you are unable to protect the os itself. if the >> bootstrap process can mount the drive before the os is functional, >> then you *can* protect the os. > No you can't. If the drive is mounted before the OS is loaded you can > put the system into a DMA state and read the disk (screw the OS) > since it's contents are now in plaintext. no, you can't. data from the hardware is *still* encrypted; only the output of the driver is decrypted, and a machine no longer running bootstrap or os is also incapable of decryption. you *could*, if good enough, place the processor in a halt state and use DMA to modify the code to reveal the plaintext, but it would be a major pain to do so and would require both physical access to the machine *while powered up and without triggering any anti-tamper switches* after the password has been supplied. This is actually a weakness in firmware cryptodrives (as I have seen advertised recently) - once the drive is "unlocked" it can usually be swapped over to another machine and the plaintext read. > You can also prevent the > default OS from being loaded as well. Indeed so, yes. however, usually that decision has to be made before the password would be entered - so making more awkward. you *could* finangle the bootstrap though; there must *always* be part of the code outside the crypto envelope (but of course this can be removable media such as the usb drive mentioned, and stored securely when not in use) > Clue: If you own the hardware, you own the software. indeed so. however, if that applied to machines not already running, the police wouldn't be so upset when they find encrypted files on seized hardware.
Re: Putting the "NSA Data Overwrite Standard" Legend to Death...(fwd)
No shit Sherlock, that's the whole point! The OS doesn't boot until you type in your passphrase, plug in your USB fob, etc. and allow it to read the key. Like, Duh! You know, you really ought to stop smoking crack. --Kaos-Keraunos-Kybernetos--- + ^ + :NSA got $20Bil/year |Passwords are like underwear. You don't /|\ \|/ :and didn't stop 9-11|share them, you don't hang them on your/\|/\ <--*-->:Instead of rewarding|monitor, or under your keyboard, you \/|\/ /|\ :their failures, we |don't email them, or put them on a web \|/ + v + :should get refunds! |site, and you must change them very often. [EMAIL PROTECTED] http://www.sunder.net On Sun, 9 Feb 2003, Jim Choate wrote: > On Sat, 8 Feb 2003, Sunder wrote: > > > At least with a unixish OS you can mount your crypto file systems up at > > boot time before the OS really starts up (before the system goes to > > multi-user mode for example (at the end of /etc/rc1.d and before the > > rc2.d init starts.) > > Which is a blind path since those files -must- be unencrypted and if they > do mount the disk they have to have access to the key to unencrypt the fs > hence you're in the same boat as with Winblows.
