Good Quote!
They keep talking about drafting a Constitution for Iraq. Why don't we just give them ours? It was written by a lot of really smart guys, it's worked for over 200 years, and Hell, we're not using it anymore. -Jay Leno -- Neil Johnson http://www.njohnsn.com PGP key available on request.
Re: Is Matel Stalinist? - semi-offtopic note
Corporations have sales tracking software out the wazoo. If it sells, they buy more and sell them. Sounds like they're doing precisely what their owners want them to do. Sales tracking software relevant quote from Risks Digest 22.05: -- Date: Mon, 29 Apr 2002 14:15:16 -0700 From: Paul Breed [EMAIL PROTECTED] Subject: Smart inventory control overshoot I've been working on an old car, in the process of removing the spot welds I needed a specific sized bullet tipped drill bit. The bit would only last about 5 welds and I had hundreds to do. The only place I could find locally to buy the bits was in a pack of 15 various size bits at the local home center. So, over the period of three months, I purchased all of their drill sets, every weekend (usually 3 sets). Now I have disassembled the old car and don't need more bits. The last time I was in the home center they had so many of these drill bit sets that they were overflowing on to the floor. From my experience the computerized inventory system has a delay of about 3 months. It determined that this item sold out for 12 weeks straight, plugged this into it's inventory tracking prediction S/W and ordered hundreds and hundreds of sets.. --
Re: Stego worm
On Fri, 12 Dec 2003, Peter Fairbrother wrote: Any Chinese want to get immortalized in Internet history? And deleted with a bullet, for which they'd have to pay. That's insane. The creations of the majority of presently active virii/ worms are not attributable to individuals. :) That's true. However, you can be immortalized even if your identity isn't known; you can be known under a nym unknown creator of the StegoWorm. Besides, even Unknown Soldiers sometimes get statues. :) But:! you will stop all the people who are now using stego .. all two of them .. their stego will be corrupted Only the ones who use it to store documents in images on read-write media. The files in transit and on read-only wouldn't be corrupted. Speaking of storing data... the best for stego are big not-too-compressed or uncompressed files. Occassionally playing in a garage band or having a DV camera could be a good cover for having disks full of the only copies of WAV and video files, where no virgin versions are available for comparison for bit-level changes. Decreasing prices of DV camcorders could be helpful here.
Idea: Using GPG signatures for SSL certificates
The problem that makes me feel uneasy about SSL is the vulnerability of the certification authorities; when they get compromised, everything they signed gets compromised too. However, the system could be for some applications potentially get hardened to certain degree, using the web-of-trust approach. The server presents its certificate to the client. The client then can optionally request the GPG signature of the certificate from the server either by always trying if it is there or only if its presence is indicated in the certificate data fields, and verify it by the specified GPG public key (which then can be firmly embedded in the web of trust). The server's key may be stored on the server itself together with the certificate signature file, or the signature file may indicate the keyserver it should be fetched from. Being signed by several trusted keys is crucial for this purpose, as otherwise it would be trivial to compromise the GPG pubkey together with the signature and the SSL certificate, if the adversary gets access to the server and manages to compromise the CA (risk especially with in-house CAs, or when Agencies get involved). The clients should cache the server's authentication information, and report any changes, like SSH does. The location of the signature may vary; it can be stored in a default place on the server (https://secure.server.com/cert-gpgsignature.asc), or the location can be specified in a X509 field. Is it a good idea? Could it fly? If not, why?
PhoneBook: Making your PC 'Police-Ready'
[Wherein the author of Freemail reveals his latest project idea. Comments to the author are appreciated.] PhoneBook is a suite of Linux software that allows you to protect your privacy by creating encrypted filesystems, in such a way as to defend you from both technical and legal attacks. http://www.freenet.org.nz/phonebook/
Re: Zombie Patriots and other musings
From: An Metet [EMAIL PROTECTED] The devil is in details. Given small numbers and absence of any other grouping factor there needs to be an obvious place for ZPs to refer to. Any obvious place that becomes even remotely attractive to ZPs will be immediately raided. If you mean a physical location you're probably right. Because ZPs have potential to be actually dangerous to the gang in power, as opposed to everything else I've seen so far. So we're back to square one - effective anonymous publishing is prerequisite for the regime change and executing post-natal abortions. And it has been for centuries. Not at. All that is required is for a few early adopters to point the way and then make their statments through the popular press. Look at what havoc two Joe Sixpacks caused D.C. operating out of the back of a slightly modified sedan. Imagine if they had the home addersses of lots of federal agents instead of randomly picking other Joes filling up their gas tanks. I've heard a project has been underway for some time to create and publish dossiers for federal officers. When I say effective I don't mean posting a message to Usenet via WiFI-ing into some sucker's open AP. No one gives a fuck for Usenet postings, blacknet etc. - and ZPs are unlikely to educate themselves and search for them. Effective means untouchable web site with untouchable DNS entry. Effective means something doable by average determined person. Like tuning to Radio London from occupied Europe in WW2. Create dossiers on a broad variety the hoster management. If sites are terminated or their DNS is disabled so will managemnt and/or their familes. Like a force of nature, no explanation warning or threat. I2P is coming. With six months it should offer a stable and fairly bullet proof platform for lots of nice apps. It should be easy to install and operate in most consumer net situations. Like I said, we're back to square one - all effective means are firmly shut down. Waaa!!! Waaa!!! What a cry baby. Pick you target, go out and shake things up.
Re: Speaking of Reason
[EMAIL PROTECTED] wrote: [...] Sterling makes a comment betraying what Ludwig Von Mises called the anti-capitalist mentality when he quipped to Godwin: Sure, we hate Exxon because they're huge and they're everywhere. He was pointing it out, not preaching it. I think over in Austin they do self-deprecrating humour, just like us English do. Sterling is a capitalist in the same way that Brin is a libertarian. I think what it is, both are uncomfortable with really labeling what their true ideology is and therefore feel some need to candy coat their statism. I think - but I don't know - that Bruce is a lefty, but not a statist. Anyway the real relevance of the viridian list to the cypherpunks list is that it is about technical fixes to apparently political problems. It's saying something like: so you think cars (or fridges, or office buildings, or polyester pants) are destroying the world? Don't vote to ban them - all that will happen then is that only the rich (or the government, opr the military) get to own them. Instead design and build and sell better cars, kinder gentler fridges, healthier buildings, cleaner pants, whatever. And these days, cooler, stylish, and more fun, is part of what better means. (my paraphrasody of what I see Bruce's point as)
Re: Zombie Patriots and other musings
The devil is in details. Given small numbers and absence of any other grouping factor there needs to be an obvious place for ZPs to refer to. Any obvious place that becomes even remotely attractive to ZPs will be immediately raided. Because ZPs have potential to be actually dangerous to the gang in power, as opposed to everything else I've seen so far. So we're back to square one - effective anonymous publishing is prerequisite for the regime change and executing post-natal abortions. And it has been for centuries. When I say effective I don't mean posting a message to Usenet via WiFI-ing into some sucker's open AP. No one gives a fuck for Usenet postings, blacknet etc. - and ZPs are unlikely to educate themselves and search for them. Effective means untouchable web site with untouchable DNS entry. Effective means something doable by average determined person. Like tuning to Radio London from occupied Europe in WW2. Like I said, we're back to square one - all effective means are firmly shut down. Most cpunk talk about secret/stego messaging is mental masturbation that does not relate to the real thing. We want sex.
Re: Anti-globalization
On Thursday 11 December 2003 22:00, Neil Johnson wrote: What I object to are corporations who utilize their power (money) to influence governments to make laws that benefit them at the expense of others. - The DMCA - Tariffs AND Free Trade Agreements - H1-B visas And now... tarrifs for filming movies in Canada. Just heard that one on NPR today, and I nearly drove off the road. The plan is to raise the cost of filming in Canada so that there's no longer an economic advantage. Made me want to puke. Even Ayn Rand weaves this into Atlas Shrugged where the competitors of Reardon Steel get the government to try and force him to give them his formula for his high-strength steel because it's putting them out business and unfair. I guess Canada is Reardon Pictures.
Re: Idea: Using GPG signatures for SSL certificates
Thomas Shadduck writes: The problem that makes me feel uneasy about SSL is the vulnerability of the certification authorities when they get compromised, everything they signed gets compromised too. Technically this is true, but the only thing that the CA signs is other keys. So it merely means that the CA can create certificates on behalf of anyone the compromisers choose. It doesnt compromise any existing key or previously issued certificate or even any newly created key. In any case, you dont need a CA to use SSL. (Or more accurately, you dont need anyone elses CA to use SSL just create your own CA and issue yourself a certificate. This can be done without a lot of effort using openssl, for example.) However, the system could be for some applications potentially get hardened to certain degree, using the web-of-trust approach. What exactly does this buy you? The SSL certification authority system has as its only (but useful) redeeming value that one can connect to www.somecompany.com and have some level of confidence that the SSL certificate presented by that site was actually issued to www.somecompany.com and was issued by a reputable certification authority -- one that presumably will not hand out a certificate stamped www.somecompany.com to [EMAIL PROTECTED] If the certificate presented is not from one of the recognized reputable CAs built into your web browser, SSL itself will still work but your web browser will pop up a box saying that the CA is not in its list of reputable CAs (and BTW would you like to connect anyway? yesno). I dont understand the mindless worship of the web of trust. PGP (/GPG) is a useful tool, but the web of trust is simply a way of certifying a key in a non-centralized, non-hierarchical way. -- Frondeur
Re: Zombie Patriots and other musings
At 10:12 PM 12/11/03 -0500, An Metet wrote: Given small numbers and absence of any other grouping factor there needs to be an obvious place for ZPs to refer to. Any obvious place that becomes even remotely attractive to ZPs will be immediately raided. Because ZPs have potential to be actually dangerous to the gang in power, as opposed to everything else I've seen so far. So we're back to square one - effective anonymous publishing is prerequisite for the regime change and executing post-natal abortions. And it has been for centuries. You need to think about the lone warrior scenario that the Gang worries about. McVeighs and Rudolphs. They were influenced by memes which were not immediately suppressed. Look at Al Q, Inc: you don't need explicit instructions from the Boss to motivate folks to do things. You see who is the enemy, you see opportunity. You don't need permission. There is also the copycat phenom ---remember how school shootings reccurred after the first big one? So the memes can get out. As Tim has mentioned here, the talkers can't be the doers. And watch out for COINTELPRO. When I say effective I don't mean posting a message to Usenet via WiFI-ing into some sucker's open AP. No one gives a fuck for Usenet postings, blacknet etc Well, some do, but its not relevent for ZPs. . - and ZPs are unlikely to educate themselves and search for them. Effective means untouchable web site with untouchable DNS entry. Fuck the web. The web is 0wn3d by the feds and run by largely spineless fedsucking sheep. The web is for talkers, not doers. Effective means something doable by average determined person. Like tuning to Radio London from occupied Europe in WW2. I don't listen to shortwave, but I understand some of it can be fairly strong. I could easily see some lunatic fringe suggesting that deathbed xians blowing up medical clinics as a holy thing. (And I understand that shortwave is popular among lunatic xians.) As the US descends into statism, perhaps some agitators will pick better targets, like the oppressors. Perhaps some will simply begin to act, the news reports it, and others will clue in and repeat.
Fwd: Speaking of Reason
In a message dated 12/11/2003 5:25:34 PM Eastern Standard Time, [EMAIL PROTECTED] writes: Better be careful when you say that, or Brin'll fire up his screaming monkey routine at you... I've already had my turn at bat with Brin. He was upset several years ago when I made a few comments about his essay The Cheerful libertarian, he asked that I send him the subscriber list to Freematt's Alerts so he could contact them directly- He thought that my commentary would adversely effect his ability to sell books- Anyway I told him to shove his request up his ass, at which point he said he'd get my subscriber list by other means. He's a good writer, but IMHO a total nutcase asshole. Regards, Matt- [demime 0.97c removed an attachment of type message/rfc822]
Re: [linux-elitists] Monday 15 Dec: first all-Open Source System-on-Chip (fwd from schoen@loyalty.org)
On Dec 12, 2003, at 12:16 AM, Eugen Leitl wrote: - Forwarded message from Seth David Schoen [EMAIL PROTECTED] - From: Seth David Schoen [EMAIL PROTECTED] Date: Thu, 11 Dec 2003 23:32:31 -0800 To: Jason Spence [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Please STOP forwarding traffic from other lists to the CP list. --Tim May
RE: Stego worm
At 08:09 PM 12/11/03 -0500, Tyler Durden wrote: As for Variola's comment, you might be right. I just assumed there's some kind of relationship between LSB and those spatial freuencies wherein image information might be stored. Actually, I would still think there's a relationship, in which case an Echelon-like approach based on ffts and noise templates might be going on (hence the usefulness of jamming). I'm not saying that you could never use FT to detect weaker kinds of stego. But if information is encoded as say the parity of 3 LSBits from different regions of the image, good luck. Anyone got a TLA Operative Handbook? ANy mention in there of what kind of photos are best for Stego? How about cloud photos? (particularly where there are clouds of many different shapes and sizes present in the photo simultaneously.) The most important thing is not to put too much cargo in your carrier. Think in terms of signal to noise if you wish. Obviously a picture with truly uniform color fields ---like a digital cartoon-- won't be useful. But scanning a piece of paper does not have this problem, for say 8 bits per grayscale pixel. Because each analog scan of the same piece of paper gives different bits. TD, you surely have the background to look into this stuff (and stego detection) if you want. BTW Stego ~aka watermarking. And stego can be done in music, movies, ascii text, etc. Or you could work from first principles, if you are able to mentally switch between steganographer and stego-detecter. (This same playing-chess-with-yourself is vital to security analysis, crypto, etc.)
Re: Speaking of Reason
At 2:58 PM + 12/12/03, ken wrote: Bruce is a lefty, but not a statist rghhht... That's like saying that he's a sow, but not a boar... :-) Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: Zombie Patriots and other musings
At 9:19 AM -0800 12/12/03, Major Variola (ret) wrote: Look at Al Q, Inc: you don't need explicit instructions from the Boss to motivate folks to do things. You see who is the enemy, you see opportunity. You don't need permission. Yup. That's the way Reagan operated, too. I'm just finishing up Ronald Reagan: The Power of Conviction and the Success of His Presidency. The middle and last of which is a President's Counsel-eye view of his role in the Iran/Contra thing, but the beginning of which makes exactly the point you're making. The troops really did take their cues from public pronouncements at things like the State of the Union speech, and he really did run things with, shall we say, as little attention to detail as possible. Keep your message simple, say it a lot, and people can make up their own stuff without too much supervision. Ollie North as the extreme example, but you can bet that Reagan certainly didn't have to tell people like Schultz and Weinberger how to do their jobs. George Will's comparison of his management style to that of a Turkish Pasha's was not a bad one, hmmm? Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
RE: Has this photo been de-stegoed?
I'm trying to think of a reason why a recipient of a image containing stego'd information would want to keep it around after reading the contained info, with the stego bits overwritten. Why not just (securely) get rid of it? There are tons of sources of unique ephemeral images, such as webcams. Peter Trei
Re: Zombie Patriots and other musings
Another excellent group of potential recruits are prisoners. Especially if you can create a new religious movement teaching them to stop the interracial, intergang fighting and concentrate on their true enemy, the Man. Teach that killing cops, soldiers, any type of government agent, is a holy act. Robbing banks is a holy act. Killing the guards in the prisons, killing the excutives of polluting industries -- all holy acts. Leaflets could be dropped from radio controlled balloons during yard time preaching the Word.
RE: Stego worm
Mr Shaddack... That's some interesting thinking there. The interesting thing is that no one might ever even notice the presence of this benevolent worm. It could go pretty much unchecked for a while. As for Variola's comment, you might be right. I just assumed there's some kind of relationship between LSB and those spatial freuencies wherein image information might be stored. Actually, I would still think there's a relationship, in which case an Echelon-like approach based on ffts and noise templates might be going on (hence the usefulness of jamming). Anyone got a TLA Operative Handbook? ANy mention in there of what kind of photos are best for Stego? How about cloud photos? (particularly where there are clouds of many different shapes and sizes present in the photo simultaneously.) -TD From: Thomas Shaddack [EMAIL PROTECTED] To: cypherpunks [EMAIL PROTECTED] Subject: Stego worm Date: Fri, 12 Dec 2003 01:10:24 +0100 (CET) It's unknown to which extent the Adversary can detect presence of steganography in images being sent over the Net. But whatever capabilities they have, they can be jammed. Imagine a worm that spreads from machine to machine, and on the infected machine it finds all suitable JPEG files, generates some random data as source and encrypts them with random key, and stegoes them into the files. In few days or even hours, a sizeable portion of images on the Net contains potentially detectable stegoed encrypted data. Any Chinese want to get immortalized in Internet history? _ Shop online for kidsÂ’ toys by age group, price range, and toy category at MSN Shopping. No waiting for a clerk to help you! http://shopping.msn.com
Re: Is Matel Stalinist?
Tim May wrote... Not only does it not make sense, but clearly this would cause pileups at _some_ stores (too much Spam) and shortages at _other_ stores (still not enough Spam, even with the latest send more Spam to all stores order. The fact that neither shortages nor pileups (that I can see) are apparent at any of the stores I visit, and that all of them use UPC and POS methods for _all_ sales of ordered products, is consistent with the reorder method described earlier. Oh I have certainly experienced those back in my retail days during college. I was working in a Waldenbooks where the auto-inventory was sent based on sales (as a scaling factor). The store I worked at was basically quite small, but with Class A sales, so during some seasons we were DUMPED with books that we simply couldn't keep up with. They were eventually thrown out or listed as shrinkage. (But all of that was behind the scenes...the customers couldn't SEE the pileup.) But, notice how Waldenbooks has gotten WACKED by these big Borders' and BNs. Maybe these are smarter (or, these giant bookstores don't really need to consider shelf space...). Continuing... I repeat: the despised by anti-capitalists Borders store has a deeper and broader inventory of books than the cherished by Greens and locals locall-owned bookstore. And they also use UPC and POS and reorder books dynamically. Well, don't lump me in there. My point was not that such stores COULDN'T provide the level of service that an indpendent could. My point was that the statist culture that we are so used to prevents many big retail chains from taking advantage of their human capital. If Borders learned, then great. (In fact, I helped quash a local bookstore during aforementioned stint...the guy was just a shitty, arrogant businessman and deserved to be run outta town. My only regret was that I made $3.35/hour to do it.) Food is different from music or books, however. Books are much less of a commodity in that a particular neighborhood may respond very strongly to certain types of books, and ignore other kinds. Inventory systems can't really get the ball rolling on that kind of thing...they don't tell you what the locals want (but you don't have), they only tell you what they've already bought. Thus, a well-run chain would hire smart local college kids and let them order (in additionto the basics that come from the inventory systems). What I've yet to see is where a low-level retail kid is actually given a piece of the action: Here kid...if you increase the sales of this Sci-Fi section by 45% then you'll get 2% of each book sold after that. I'd like to see a chain try that kind of a thing, but that seems WAY too down-up for most corporate cultures. -TD From: Tim May [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Is Matel Stalinist? Date: Thu, 11 Dec 2003 11:36:03 -0800 On Dec 11, 2003, at 1:56 AM, ken wrote: Corporations have sales tracking software out the wazoo. If it sells, they buy more and sell them. Sounds like they're doing precisely what their owners want them to do. Yes, but, it might be that a corporation makes more money for its owners by centralising and systematising and reducing the local autonomy of business units. It's a lot easier to manage a thousand identical stores than a hundred unique ones. So from Tyler Durden's's POV there might be more responsiveness from an independent store than a chain. Though like you said, that doesn't seem to apply to books. Might to food though. I doubt it applies to food, either. If my local grocery store runs low on Spam, say, they will order more. This is why they track items with POS terminals and UPC labels (largely replacing the inventory people who used to be seen in the aisles counting items and entering them into a small computer or, earlier, onto an inventory log sheet). It makes no sense to lump or consolidate all of the stores into one lump calculation and then issue order to send more Spam in this amount to each store. Not only does it not make sense, but clearly this would cause pileups at _some_ stores (too much Spam) and shortages at _other_ stores (still not enough Spam, even with the latest send more Spam to all stores order. The fact that neither shortages nor pileups (that I can see) are apparent at any of the stores I visit, and that all of them use UPC and POS methods for _all_ sales of ordered products, is consistent with the reorder method described earlier. I repeat: the despised by anti-capitalists Borders store has a deeper and broader inventory of books than the cherished by Greens and locals locall-owned bookstore. And they also use UPC and POS and reorder books dynamically. (For another list I've been discussing lazy evaluation languages, like Miranda and Haskell, and like Scheme can be forced to do, and the similarities between demand-driven evaluation of partial results and the obviously demand-driven inventory
Re: ALTA/DMT privacy
-- James A. Donald: Every atom of gold is identical to every other atom of gold. There is only one stable isotope. E-gold does not provide untraceability -- but gold does. Tim May: Where tax authorities get people is in the transfer _in to_ and _out of_ certain kinds of accounts, be they Cayman Island or Swiss bank accounts, whatever. The issue with opening a Swiss bank account and wiring money into it, or depositing Federal Reserve Notes into it has NOTHING to do with FRNs having serial numbers and hence being traceable. The issue is with their own reporting to the IRS (these days) and to stops in place to stop the wiring of said money or the transport of said FRNs. The fact that you need a lot of ID to open a swiss bank account, and very little ID to open a pecunix account ultimately has everything to do with transport of FRNs What *form* the item of value is inside the bank, be it gold bars or Spanish doubloons or stacks of $20 bills or diamonds, is unimportant. Bank accounts have value because this stuff gets moved between the outside and the the inside of the bank. When it gets moved between inside and outside, the form matters. In fact, for all intents and purposes the item of value inside the bank can be marks in a ledger book, which is effectively the situation today. And the ultimate holder of those marks is the federal reserve -- whereupon you are screwed. Reality is that you can do stuff with a gold demoninated account that you cannot do with a federal reserve dollar demoninated account, and you really should ask yourself: Why is it so? Indeed, you can do stuff with an australian dollar demoninated account that you cannot do with a federal reserve dollar demoninated account, which may explain why so many internet gold currency dealers are located in Australia. That some of the gold fetishists here keep perpetuating this deep misunderstanding of the issues is...unsurprising. Reality is that gold denominated accounts are different. Observe this difference, then ask yourself why is it so. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG dgc/6bEVNysFdnfP7WNdUlY88c0N8EW4FpSJGCgs 4UbJQQDrpPXxtyBvHRcTPi2GBXEeVul6XkRQScePv
RE: Zombie Patriots and other musings [was: Re: (No Subject)]
At 02:07 PM 12/11/03 -0500, Trei, Peter wrote: It's worth noting that despite over a decade of this rhetoric, not a single terminally ill American has done this, so far as I am aware. Well, I think for most terminal illnesses, by the time it's obvious you're really not going to live much longer, you're pretty damned sick. And until then, you'd probably like to make some personal use of what days or weeks you have left doing something like talking to your kids, praying, composing that last piece of music, etc., rather than blowing random strangers up to make some political point. (Wouldn't it be a hell of a depressing statement about yourself, if you really believed that the most valuable use of the last hours of your life of which you were capable would involve strapping some dynamite to yourself and taking out a busload of random strangers?) Along with that, most people care about either the afterlife form of immortality, or at least the reputation/legacy form of immortality. Even if you don't worry about lakes of fire and red guys with pitchforks, you might prefer not to have your family and friends humiliated and ashamed at the mention of your name. (Oh my God! That was *your* son? How do you live with that?) The *only* even vaguely simlar cases I'm aware of are in India and Sri Lanka, where young Hindu widows (who, in traditional Hindu society have very dim prospects for a happy life) are recruited as suicide bombers by the Tamil Tigers. I think Rajiv Ghandi's assassin was such a woman. So there, the women are still healthy enough to do something, and doing the suicide bombing thing won't leave behind a legacy of relatives who change their names to avoid being associated with you. Peter Trei --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
Re: Zombie Patriots and other musings
Original Message From: Anonymous [EMAIL PROTECTED] Apparently from: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Zombie Patriots and other musings Date: Fri, 12 Dec 2003 05:32:48 +0100 (CET) The devil is in details. Given small numbers and absence of any other grouping factor there needs to be an obvious place for ZPs to refer to. Any obvious place that becomes even remotely attractive to ZPs will be immediately raided. Because ZPs have potential to be actually dangerous to the gang in power, as opposed to everything else I've seen so far. Like I said, we're back to square one - all effective means are firmly shut down. Most cpunk talk about secret/stego messaging is mental masturbation that does not relate to the real thing. We want sex. I think this is a new use for SPAM. Because its a political message it may even be protected under the new Congressional legislation. :-)
RE: Zombie Patriots and other musings [was: Re: (No Subject)]
From: John Kelsey [EMAIL PROTECTED] At 02:07 PM 12/11/03 -0500, Trei, Peter wrote: It's worth noting that despite over a decade of this rhetoric, not a single terminally ill American has done this, so far as I am aware. Well, I think for most terminal illnesses, by the time it's obvious you're really not going to live much longer, you're pretty damned sick. About half of my friends who died of a terminal illness were apparently quite healthy when told they had joined the nearly departed. And until then, you'd probably like to make some personal use of what days or weeks you have left doing something like talking to your kids, praying, composing that last piece of music, etc., rather than blowing random strangers up to make some political point. Isn't it depressing than some have been living their lives in a way that such an 11th hour changes of heart are necessary or desired? (Wouldn't it be a hell of a depressing statement about yourself, if you really believed that the most valuable use of the last hours of your life of which you were capable would involve strapping some dynamite to yourself and taking out a busload of random strangers?) Who mentioned random? Who mentioned dynamite? What I'm suggesting is no more random than soldiers killing other soldiers in war. The purpose is to get the other poor dumb bastard to die for their ideology. Besides, there is no need for these operations to be a suicide. The lack of fear gives one a decided edge in dangerous situations which may actually increase survival rates. Along with that, most people care about either the afterlife form of immortality, or at least the reputation/legacy form of immortality. Even if you don't worry about lakes of fire and red guys with pitchforks, you might prefer not to have your family and friends humiliated and ashamed at the mention of your name. (Oh my God! That was *your* son? How do you live with that?) That's their problem. From my prespective its like Hollywood: as long as you still being talked about you're 'alive'. It doen't matter what they are saying. Better to be infamous down through history than unknown. ND
Re: Anti-globalization
From: Neil Johnson [EMAIL PROTECTED] What I object to are corporations who utilize their power (money) to influence governments to make laws that benefit them at the expense of others. - The DMCA - Tariffs AND Free Trade Agreements - H1-B visas Even Ayn Rand weaves this into Atlas Shrugged where the competitors of Reardon Steel get the government to try and force him to give them his formula for his high-strength steel because it's putting them out business and unfair. Corporations shall not be considered to be 'persons' protected by the Constitution of the United States or the Constitution of the Commonwealth of Pennsylvania within the Second Class Township of Porter, Clarion County, Pennsylvania. Only a small handful of very large corporations abuse these rights to deceive people, hide crimes, or make politicians violate the will of their own voters. The millions of ethical corporations will thus be freed from the tyranny of the few while democratic government will be returned to its citizens. http://www.commondreams.org/views02/1219-06.htm
Re: Idea: Using GPG signatures for SSL certificates
Thomas Shadduck writes: - cute :) Though I am more often called Shaddup. The problem that makes me feel uneasy about SSL is the vulnerability of the certification authorities when they get compromised, everything they signed gets compromised too. Technically this is true, but the only thing that the CA signs is other keys. So it merely means that the CA can create certificates on behalf of anyone the compromisers choose. It doesnt compromise any existing key or previously issued certificate or even any newly created key. By compromised I meant the signature confirming the authenticity of the certificate can't be trusted anymore. Sorry if it wasn't obvious. In any case, you dont need a CA to use SSL. (Or more accurately, you dont need anyone elses CA to use SSL just create your own CA and issue yourself a certificate. This can be done without a lot of effort using openssl, for example.) I am aware of this. Using the GPG/SSL approach, you can have your own in-house CA for SSL purposes, and at the same time be able to prove to external users that the certificate is really yours. One more factor for establishing trust, one more obstacle for the Adversary to pass. However, the system could be for some applications potentially get hardened to certain degree, using the web-of-trust approach. What exactly does this buy you? The SSL certification authority system has as its only (but useful) redeeming value that one can connect to www.somecompany.com and have some level of confidence that the SSL certificate presented by that site was actually issued to www.somecompany.com and was issued by a reputable certification authority -- one that presumably will not hand out a certificate stamped www.somecompany.com to [EMAIL PROTECTED] It won't buy me anything new. It only strengthens the confidence level by providing a CA-independent, alternative method of verifying the certificate. If the certificate presented is not from one of the recognized reputable CAs built into your web browser, SSL itself will still work but your web browser will pop up a box saying that the CA is not in its list of reputable CAs (and BTW would you like to connect anyway? yesno). What I'd like is one more button, Attempt to verify by GPG. Though that can be easily done by an external application; browser integration is nothing more than mere comfort. I dont understand the mindless worship of the web of trust. PGP (/GPG) is a useful tool, but the web of trust is simply a way of certifying a key in a non-centralized, non-hierarchical way. YES! Which is what I want to achieve.
Re: Anti-globalization
-- On 11 Dec 2003 at 23:39, Roy M. Silvernail wrote: And now... tarrifs for filming movies in Canada. Just heard that one on NPR today, and I nearly drove off the road. The plan is to raise the cost of filming in Canada so that there's no longer an economic advantage. Made me want to puke. You will notice that a lot of big hollywood movies have been filmed in New Zealand, for example Lord of the Rings. Reason is, there is not lot of beautiful unspoilt scenery left near Hollywood. Obvious solution. Require all mandatory uglification of all foreign scenery -- for example video editing to insert some smokestacks. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG oS6RUufi6iM2JkeHnX1nXK1wxsbAhlo4Md1bP7PR 4uwZpe5XF48SCJyKwwT6Zbn14lRM00o01bbj5o2SI
Re: [linux-elitists] Monday 15 Dec: first all-Open Source System-on-Chip (fwd from schoen@loyalty.org)
On Fri, 12 Dec 2003, Tim May wrote: On Dec 12, 2003, at 12:16 AM, Eugen Leitl wrote: - Forwarded message from Seth David Schoen [EMAIL PROTECTED] - From: Seth David Schoen [EMAIL PROTECTED] Date: Thu, 11 Dec 2003 23:32:31 -0800 To: Jason Spence [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Please STOP forwarding traffic from other lists to the CP list. Why don't you just filter it Tim: the rest of are capable of making our own reading decisions. -- Yours, J.A. Terranson [EMAIL PROTECTED] Father, you are a great and mighty God. Help our governments to remember the lessons of our history and to appreciate the purpose of your son Jesus. Teach our representatives not to be so arrogant as to speak in one way, but doing another, for surely this not the way of truth. Help us to understand that your will is not death but life, not the darkness of hatred but the light of friendship in Christ. In the name of Jesus we pray. Amen. Merle Harton, Jr.
Re: Anti-globalization
-- On 11 Dec 2003 at 21:00, Neil Johnson wrote: Even Ayn Rand weaves this into Atlas Shrugged where the competitors of Reardon Steel get the government to try and force him to give them his formula for his high-strength steel because it's putting them out business and unfair. Ah yes, recall big steel corporations talking about 'fair trade in recent weeks. Tim has been implying that I am a pinko, gold nut, and randroid, which sort of hints that Ayn Rand is too pink for him. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG CjIBaSAKl0IJN9I3DeASo7aRlExuLcig+i8nQerX 4lhf+RpXoGyN729O6EP9syh9Wm7PuVRCJQA/oCEnr
The silliness of those who argue that gold is the key to untraceability
On Dec 12, 2003, at 5:59 PM, James A. Donald wrote: -- On 11 Dec 2003 at 21:00, Neil Johnson wrote: Even Ayn Rand weaves this into Atlas Shrugged where the competitors of Reardon Steel get the government to try and force him to give them his formula for his high-strength steel because it's putting them out business and unfair. Ah yes, recall big steel corporations talking about 'fair trade in recent weeks. Tim has been implying that I am a pinko, gold nut, and randroid, which sort of hints that Ayn Rand is too pink for him. Rand supported taxes for the space program and for support of big business. So, yes, she was very pinkoid. And like Rand, you have the same delusions about what's possible and what's not. Your notion that a gold atom cannot be distinguished from another has anything important to do with issues at the crypto and traceability layers is symptomatic of this delusion. Hint: the alleged traceability of Federal Reserve Notes at the serial number level has absolutely nothing whatsoever to do with traceability of payments and the reasons we need digital money. When a person deposits $10,000 and then writes a check to another person, or wires money, or withdraws cash, and so and so forth, do you think some record of the serial numbers was the means by which this transaction was traced? Your foolish faith that E-gold is some significant step because gold atoms look like all other gold atoms, because there is only one stable isotope of gold is embematic of the delusions which the gold bugs and offshore platform silly people have. And people wonder why the wrong issues are being worked on. --Tim May
Re: Anti-globalization
At 5:59 PM -0800 12/12/03, James A. Donald wrote: Tim has been implying that I am a pinko, gold nut, and randroid, which sort of hints that Ayn Rand is too pink for him. Apparently, he likes his meat burned -- and halfway up the flue... ;-) Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: Zombie Patriots and other musings
Nomen pondered: Why robbing banks? Aside from allowing the government to regulate them, what have they done to deserve being robbed Why not? Revolutionaries need money, and the financial sector has always been asshole buddies with the police, politicians, and other pigs.
RE: Zombie Patriots and other musings [was: Re: (No Subject)]
LEO John Kelsey whined: Well, I think for most terminal illnesses, by the time it's obvious you're really not going to live much longer, you're pretty damned sick. And until then, you'd probably like to make some personal use of what days or weeks you have left doing something like talking to your kids, praying, composing that last piece of music, etc., rather than blowing random strangers up to make some political point. You fucking twit -- who said anything about blowing up random strangers? Cops, fedzis, and other gov't creeps are the targets. Or is that it is just a little too close to home?
RE: Stego worm
At 08:09 PM 12/11/03 -0500, Tyler Durden wrote: .. As for Variola's comment, you might be right. I just assumed there's some kind of relationship between LSB and those spatial freuencies wherein image information might be stored. Actually, I would still think there's a relationship, in which case an Echelon-like approach based on ffts and noise templates might be going on (hence the usefulness of jamming). Well, you're going to have a model for your covertext. Maybe that's the statistical distribution of low-order bits in the image file, maybe that's the distribution of packet arrival times. You encode messages in your covertext by making up new covertexts (maybe from existing or old ones) that fit the same model. If an attacker has no better a model than you do, he can't tell stegoed covertext from unstegoed covertext. If an attacker has a better model, he may be able to tell the difference. Let's make this concrete. Suppose I decide to encode my real message to you in the time I send this e-mail. If I have 24 hours in which I'm willing to send this message, I can encode one of about 80,000 messages to you, since the timestamp goes down to the second. Now imagine an attacker who doesn't know anything about me. He has no reason to be surprised at any time I might be sending messages to you, so to him, this isn't a terrible scheme. Now imagine an attacker who knows I work a 9-5 job. He ought to be quite surprised at seeing e-mail from me at 10:30 AM on Friday, because I'm supposed to be in the office then. He ought to be pretty surprised at seeing e-mail from me at 4 AM, because that will make it hard for me to make it to work in the morning. He has a better model of what the covertext (the time I send the e-mail) should look like, so he can see a couple of innocent-looking e-mails from me to you with weird timestamps, and have some reason to suspect something interesting is going on. .. -TD --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
Re: Zombie Patriots and other musings
Anonymous wrote: Nomen pondered: Why robbing banks? Aside from allowing the government to regulate them, what have they done to deserve being robbed Why not? Revolutionaries need money, and the financial sector has always been asshole buddies with the police, politicians, and other pigs. Retarded. Someone trying to frame Mr. Seaver by adopting his three-space paragraph lead-ins.
