Collateral damage?

[Major Variola (ret)]

>How does this change if I'm a child whose trust fund contains the
stock?  Or if I hold a >mutual fund I inherited with a little Exxon
stock

What part of "collateral damage" don't you understand?

RE: Musings on "getting out the vote"

[Major Variola (ret)]

At 12:11 PM 11/2/04 -0500, Tyler Durden wrote:
>And they seem to believe there's going to be a huge difference between
Kang
>and Kodos.

If you vote for Kang, the terrorists have won!

Besides, without paper (ie physical) evidence, how're you gonna prove
that Kang won?

At least I live in a blue state.  The reds, you've earned what you've
earned.

Those FONY baseball caps were getting passe, anyway.

The "plagues" are Mosaic asymmetric attacks, not biological

[Major Variola (ret)]

At 05:21 PM 10/31/04 -0800, John Young wrote:
>To state the obvious to Major Variola, CDC will have first
>indication of a devastating US attack, reported fragmentarily
>under its links to hospitals, clinics and physicians, against
>which the might military and law enforcement have no defenses.

You thought I meant bio plagues?!  Jeezus John, is your metaphorizer
broken?  Any
bio hazard is accidental, or Detrick, not Osama.  A *succession of
attacks against the Empire* is what I mean, alluding to the Jews
attacking
the Pharaoh, until he let them alone.Pharoah=US, Moses=UBL,
Jews=Moslems.
Get your head around that one.

News:
The infectious biological "attack" will be an accident of the modularity

and recombination of influenza on some chinese duck/pig/human
farm.  It will not be intentional but it will kill a lot before the
vaccine
can be produced, which takes ca. 6 mos..  See 1918 pandemic,
and add jet airplanes.  A recent _Science_ article described
a model of this.  You are one or two days away from that duck/pig/human
incubator nowadays, no matter where you live.  That will happen,
but it won't be intentional.  The geopoli implications will be fun, but
UBL is not involved there.

Observation:
A non-infectious biological attack (eg anthrax which isn't
infectious) is cheap, but not Al Q's preferred MO.  They go
for the special effects type attacks, simultaneous so you
know its them.  (Otherwise it could be a suicical egyptian,
a rudder jerked too hard, a screw-jack improperly lubricated,
the NTSC is very creative.)

Of course the Ft Detrick folks enjoy sending
the occasional sporulated letter to senators, but hey, their funding was

running out, you do what you gotta do.

Implementation:
A chem attack is pretty nifty, and in many ways easier than
fission or RDDs.  Since there are so many chems moving
around, and rad sources are so easy to detect, by virtue of the
energy of the emissions, and controlled/surveilled materials.

A tanker into a school is double the fun,
its been years since Columbine, and the underbelly is itching
for a scratch.  (Again, you need to pull off 2 the same day.)
I wonder if there is a school that enrolls only
first born sons, that would be interesting to read about in your mosaic
er netscape er IE browser, eh?   Since your allusion-detector is broken,

"mosaic", get it?

History:
"Let my people go" and taking a beating only works if you have
wannabe-moral brits who want to divest anyway and your name is
Ghandi.  Otherwise the biblical plagues, aka asymmetric attack, approach
is
guaranteed to work in the limit.  All you need is enough popular
support.
Its there.

It only took 200 dead marines and one bomb
to evict us from Lebanon, maybe 50K corpses for S. Nam, don't know about

N Korea, but do the math.   .mil are disposable, but they have families
that
whine and vote.  And the press is not *entirely* 0wn3d by the .gov, yet.

Conclusion:
Again, the Mosaic approach of repeated asymmetric attacks on the Pharoah
is what Al Q
is up to.  Eventually the Pharoah/US gets fed up and says fuck it.
Maybe not this election, but eventually, and Al has time.  GW has only
4 more years, at best, and Rummy & Cheney are scheduled for a box in the
ground pretty
soon.  Wolfy has more time, but after a few more kilocorpses will lose
power with
Joe Sixpack and Joe's post-Bush "leader".

Operation Just Cause
Just because I'm an atheist doesn't mean I have to ignore
Egyptian/Hebrew history.
Just because I live here doesn't mean I don't think the US deserves the
treatment
that any Empire deserves.  Just because I'm an American doesn't mean I
can't use
sophisticated allusions.  Just because I say Mosaic Plagues doesn't mean
I'm
talking about frogs & locusts.  Dig?

Re: Osama's makeover

[Major Variola (ret)]

At 12:03 PM 10/31/04 -0800, Bill Stewart wrote:
>At 08:23 PM 10/30/2004, Major Variola (ret) wrote:
>>And did you see the wire up his back and the earpiece?
>>
>>Or maybe its hard to get good tailors in Pakistan.
>
>Nah - he's allowed to use a Teleprompter,
>unlike Bush and Kerry at the debate-o-mercials.
>
>And unlike Bush, he can actually read.

C'mon Bill, that's not fair.  Even Osama commented on how
Bush was making good progress on that book about the goats
in the school on 9/11.  How W didn't even want to put it down,
he enjoyed it so much.

His fine reading skills even got shown in Fahrenheight 911,
along with some amusing footage of his handlers,
and that's a documentary, so it must be true.

Re: Winning still matters, etc...

[Major Variola (ret)]

12:22 AM 10/31/04 -0700, James A. Donald wrote:
>Major Variola
>> The large pit of smoldering radioactive glass is probably not
>> an option..
>
>Why not?

They're called downwinders.  Which way do the winds blow in the middle
east?

>You keep assuming that Muslims unite, escalate, etc, but if
>they do, US will escalate also.

No, I assume you can nuke whereever you want, just because we can.
This is my take on your thesis that we are discussing.  Kicking hegemony

up a notch, finishing the job, let's roll...  It will get easier when a
US city
gets nuked.

The folks on the West coast might not like a few trillion curies in
their soup even
if we did get rid of the Indonesian Problem in the process.
Maybe they just need to suck it up,
ask not what their country can do for them, but how they can bend over
for it.
Childhood leukemia is getting easier to cure anyway.

Re: bin Laden gets a Promotion, UBL=Moses

[Major Variola (ret)]

At 10:16 PM 10/30/04 +0200, Eugen Leitl wrote:
>On Sat, Oct 30, 2004 at 02:42:25PM -0400, Sunder wrote:
>
>> As usual, South Park is a great source of wisdom.  So, are you voting
for
>> the Giant Douche or the Turd Sandwich?
>
>My candidate is Mr Hanky, Poo party.
>

I'm voting for Kodos.  [Simpsons ref]

UBL was pleasantly rational in this one.  Even explained the origin
of the tower-dropping plans, which was a nice bit for the historians.
I'm surprised
the "Ask yourselves why we didn't attack Sweden" comment
isn't discussed more; then again I find even intelligent people
refractory to that obvious question.
UBL still thinks lay Americans elect their leaders, or have
a clue what they're doing, but he is a man of strong faith.  He even
gave
a succint reminder of the way out, "Leave my people alone", Moses
like.  Time for more locusts, frogs, red tides, or modern equivalents,
I'm afraid.  Extra points for the commentary on Bush Sr learning about
dynasty from
the Saudis, etc, and installing his sons as governors.

--
M. Atta -an Army of One

Osama's makeover

[Major Variola (ret)]

At 05:23 PM 10/30/04 -0700, John Young wrote:

>Which returns to the Osama make-over. His nose looks
>much bigger, longer and wider, eyes closer together. The
>sage-of-the-desert color combination of his face and hands,
>beard, robe, hat and backdrop look as if it was shot in
>New Mexico, or maybe Israel pretending Lawrence of
>Arabia remake.

And did you see the wire up his back and the earpiece?

Or maybe its hard to get good tailors in Pakistan.

Re: Winning still matters, etc...

[Major Variola (ret)]

At 05:09 PM 10/30/04 -0400, R.A. Hettinga wrote:
>The terrorists cannot win either a conventional or an asymmetrical war
>against the United States, should it bring its full array of assets to
the
>struggle.

The large pit of smoldering radioactive glass is probably not an
option..

>The improvised explosive device is a metaphor for our time. The killers

>cannot even make the artillery shells or the timers that detonate the
>bombs, but like parasites they use Western or Western-designed weaponry
to
>harvest Westerners.

The "cannot even make" is patently offensive; why do nitration when what
you
need is around?  And how many Americans could wire a Casio or Nokia
to a det cap on their own?

They cannot blow up enough Abrams tanks or even Humvees
>to alter the battlefield landscape.

Obviously the US mil industrial machine is not the weak link.

But what they can accomplish is to maim
>or kill a few hundred Westerners in hopes that our own media will
magnify
>the trauma and savagery of their attack - and do so often enough to
make
>300 million of us become exhausted with the entire "mess."

Say 10 years from now, the dead marine count is in the high 5 figures,
(perhaps they are drafted), there's more snuff-videos than porn on the
web, the US *will* give up and leave, and the Jihad LLC will have won.

10 years, 20 years, whatever.   Persistance works.  And the martyrs
enjoy
the virgins, at best the infidels play harps and fly around the clouds,
yawn.

I'll see your IED and raise you Brittney's belly-button.

Re: 2000 curies of Ci

[Major Variola (ret)]

At 10:54 AM 10/29/04 -0700, Bill Stewart wrote:
>At 09:19 PM 10/28/2004, Major Variola (ret) wrote:
>>Perhaps you meant Cs-137.  Halliburton loses mCi of Am-241 etc
monthly.
>
>MilliCuries?  That's a bit surprising,
>though losing microCuries of it would be more likely.
>An average home smoke detector has 1-5 microcuries,
>and industrial detectors go up to 15, according to
>one or two articles on the web which may be outdated.
>So you're saying they lose hundreds to thousands of
>smoke detectors a month?

They lose the neutron sources used for well logging.
They contain mCi amounts of Am241 and other hot
'topes.  They use a reaction with Be to produce neutrons
from alphas, like the early nukebomb initiators.

More often, soil-density gauges are lost/stolen from
road crews.  They also have fractional Ci amounts of
RDD-able topes.  But they're very useful; fairly sturdy;
acceptable risk.

See
http://www.nrc.gov/reading-rm/doc-collections/event-status/event/2004/
and read a few days' reports.

Ruling the planet

[Major Variola (ret)]

At 09:24 PM 10/29/04 -0500, J.A. Terranson wrote:
>Agreed.  Our interest in not in Afghanistan/Iraq per se.  Our interest
is
>in ruling the *planet*, rather than any individual pissant player.

Silly JA, we want to rule the frickin' solar system.  Give GWB a line
of Peruvian and he'll go off on Mars.   The more cluefull know about
certain
more proximate artificial and aggressive satellites, but we can't
discuss them.

Got Shutter Authority?The Zionists do...

I'll see your Iranian UF6 and raise you a Dimona...

2000 curies of Ci

[Major Variola (ret)]

t 10:21 PM 10/24/04 -0500, J.A. Terranson wrote:

>This is idiotic.  You're claiming that the definition of "terrorist" is

>dependent not on the act, but on why the act was committed.  So if I
was
>to go out tomorrow and spread 2000 curies of Ci into the local subway
>system "As payback for Ruby Ridge", this would not be an act of
terrorism?

Just for correctness' sake, there is no element named "Ci", its an
abbrev
for Curies, ie the activity of a gram of Ra.

Perhaps you meant Cs-137.  Halliburton loses mCi of Am-241 etc
monthly.

Geodesic neoconservative empire

[Major Variola (ret)]

At 10:07 PM 10/24/04 -0400, R.A. Hettinga wrote:
 If the only way
>to kill barbarians is to kill barbarians in their bed before they
>kill you in yours, to pave over nation-states that support them,
>starting with the easiest first, it can't happen fast enough, as far
>as I'm concerned, and I'll gladly "vote" my expropriated tax-dollars
>for the purpose of draining the swamp that is the Middle East.

Is this geodesic neo-conservativism?   Where can I start
bearer-document goose-stepping?

Whatever happened to leaving the barbarians to kill themselves,
and getting the fuck out of family spats?

Re: Airport insanity

[Major Variola (ret)]

At 01:03 PM 10/23/04 -0400, John Kelsey wrote:
>Blowing up a building full of random people because a few of them are
associated with >some action you really disagree with is just outside
the realm of the sort of moral decision I >can figure out.  Just like
flying planes into buildings full of people with almost nothing to do
>with what you're really getting at.
>--John Kelsey

Osama et al suffer from the belief that Americans chose their leaders
and thus are responsible for their actions.  They also observe that
the only language americans understand is dead civilians inside the
CONUS.
Ergo WTC feedback.

Tim McV may have somewhat analogously assumed that all Feds would
take notice of his feedback.

(In addition, the WTC demolishion got a disproportionate number
of jews, just as Okla did get a few BATF goons.  But the message was
more generally intended.)

Consider: If a crip whacks your homey, you needn't pop *that* crip to
make your
point.  Any crip will do.  Snipe a few tax collectors and all Caesar's
centurions
take note.

Capiche?

Re: US enacts tough new security measures on visitors, foreign student pilots

[Major Variola (ret)]

At 10:42 PM 10/22/04 -0400, R.A. Hettinga wrote:
> :
> US enacts tough new security measures on visitors, foreign student
pilots

Also unmentioned: all foreign flight schools are now heavily
bugged/surveilled
and swarthy and/or moslem students have that fact added to their
Permenant Record.

RF stories

[Major Variola (ret)]

Read a story about some college student whose plasma TV
was emitting quite a lot of 121.5 MHz.  He got a nice visit
from S&R & Sheriffs types telling him to shut his TV off.
Or else.  121.5 is a satellite-received distress freq.  Toshiba will
send him a new TV for free.

Chatting with an Aussie from work.  He was surprised that
I knew what Pine Hills, where his dad worked, was.
He told me a story about working there as a kid, painting a fence.
The wind took his and his friend's hats flying towards some
antennae, he went chasing.  The Italian supervisor was very
distressed when he returned to the fence.  Gesticulated towards
the antennae, then the ground,  went "boom".   Nice field there,
apparently,
when it was on.
I wonder if it was a 'roo or a staffer who first found this out.

I explained that the NSA was the Adversary, so We monitored Them;
he was surprised, thought it was the Russkies.  But he's a bit
of a republican-yokel.  I explained Little Sister vs. Big
Brother; who had the $ and acres of computers (etc), and that
Technical Means is Technical Means, regardless of your politics.
Also mentioned that terraserver.microsoft.com recently added
"urban area" pix, so you can see in full color the cars in your
'hood early morning last spring.  Why UBL doesn't use his sat
phone, fibre optics hurt but WiFi is great, or not, and in any case
if the CounterIntel folks at the FBI and CIA go for under $2mill
it really doesn't matter much anyway.

Got Keyloggers?

immune system diseases, TSA, false positives

[Major Variola (ret)]

An immune system is a great thing until it attacks the self.

In part this can be due to the limited size of recognized motifs.
For instance, the string "David Nelson" triggers the TSA goons.
If you add the phonetic-similarity recognition (required
when you transcode arabic names), the matching string-set
grows even larger.  Any reports from Dave Nelsohns out there?

At work the IT-dept-installed AV software on my PC found a virus.
Only it was an object file I had just cross-compiled, for an obscure
Freescale (nee Motorola) CPU.  It promptly notified me and
moved my binary.  Breaking my build.  Costing the company
my time, and another engineer's to resolve it.  By suppressing
the immune system, at least in one region; the cornea is readily
transplanted because the immune system can't touch it.

I suppose anyone who's pregnancy has been endangered by
Rh incompatability knows the dangers of friend or foe vigilance.
Interesting
security parable, I thought, anyway.

...

Another case: Bush campaigning in FLA.  His security parade prevents my
folks, living there, from voting, that day.   (One of many states with
early
voting, now.)  The irony overwhelms.

"Terrorists are the only true avant-garde artists because they're the
only ones who are still capable of really surprising people."
---Laurie Anderson (official artist of NASA..)

stealth

[Major Variola (ret)]

Various ways to stego pharmaceuticals:

http://www.usdoj.gov/dea/programs/forensicsci/microgram/bulletins_index.html

RE: Airport insanity

[Major Variola (ret)]

At 07:42 PM 10/16/04 -0400, Adam wrote:
>First of all, there were 19 children killed in the OKC bombing. Were
>these children guilty of some crime worthy of being killed by a truck
>bomb?

They were being used as human shields by the fedcriminals in the
building.  They were collateral damage, in the modern parlance.
Ask the Iraqis to explain it to you.

>Second of all, you make it sound like McVeigh was just your average-Joe

>American. How could a non-fundamentalist knowingly kill 168 people?

He was a retired US soldier, carrying out his mission to protect the
Constitution.

RE: Airport insanity

[Major Variola (ret)]

At 04:01 PM 10/16/04 -0700, James A. Donald wrote:
>Tim McVeigh did not target innocents, nor was he a suicide
>bomber.

Neither did M. Atta et al. target innocents, he targeted those who
elected the Caesars.  And they were not pursuing suicide (a
Moslem sin), since they are enjoying a comfy afterlife for
their martyrdom.

>Nor, incidentally, was he a fundamentalist or a racist.

Neither is Osama et al.; only infidels call him a fundie, and
the Jihadists have no problem with lighter or asian folks who subscribe.

In fact, they can be quite useful, as they don't fit the rascist
profiling
that the TSA goons practice...

RE: Airport insanity

[Major Variola (ret)]

At 12:14 PM 10/15/04 -0700, James A. Donald wrote:
>--
>> >My profile is radically different from all those who killed
>> >nearly 3,000 of my countrymen on September 11, 2001. My
>> >"holy book" of choice is the Bible. My race is Caucasian. I
>> >am a loyal, taxpaying, patriotic, evil-hating,
>> >English-as-first-language, natural-born American.

As was Timmy McV, Zeus rest his soul.

Got ANFO?

Re: RFID Driver's licenses for VA

[Major Variola (ret)]

At 10:57 PM 10/8/04 -0700, Bill Stewart wrote:
>>At 04:35 PM 10/7/2004, Thomas Shaddack wrote:
>>A defense is a metal board in a wallet, close to the RFID chip's
antenna.
>>It is readable when the licence is taken out of the wallet. When
inside,
>>the antenna is quite effectively shielded.
>
>Tinfoil Wallets, anybody?  :-)

When you get your driver's license, you should run a magnet over
it to keep iron oxides from staining your wallet.  And apparently
you should now microwave it to clean those DMV-employee pathogens
from it.  Then it will be safe to carry, and you can see for yourself
what it tells
everyone else ---part of the definition of safety.

Re: City Challenged on Fingerprinting Protesters

[Major Variola (ret)]

At 05:06 PM 10/6/04 +0100, Dave Howe wrote:
>Major Variola (ret) wrote:
>> There is a bill in this year's Ca election to require DNA sampling of

>> anyone arrested.  Not convicted of a felony, but arrested.

[as in arrested for protesting]

>Doesn't surprise me - the UK police collected a huge bunch of
>fingerprints and dna samples "for elimination purposes" during one of
>the child-murder witchhunts, with written promises given that the
>samples were just for that one task, and would be destroyed once the
>hunt was over.
>They still kept them anyway of course, and made them the basis for
their
>new "national dna database".

The UK is a fantastic example of the US in a few years.  In a way,
the UK population are beta testers for the statism of the future here.
If it passes in the UK, they'll try it in the US in a 'wee bit'.

Its when Ross Anderson ends up detained as an enemy combatant
that the sleeper cells (tm) will be triggered.

Not only DNA, of course; surveillance cameras, papers on demand,
domestic CIA (MI-blah) powers, etc.  And y'all are our obediant and
faithful military poodles.  Only the Aussies and Iberians have gotten
the feedback though.  Your turn will come.  Batman in a turban, mofo.

We sympathize, of course, protestant angliospeaking folks are regarded
as human, but bemoan your lack of constitutional
protections (here my more cynical friends accuse me of bill-o'-rights
religion)
and you must pay penance for Benny Hill, anyway.



--
No one expects the BSA (in a silly voice)
--
\begin{TMay}
Funny how those needing killing are nearly universally elected or
appointed...
what was that old-school Frog's comment about democracy?
\end{TMay}

-
Got ANFO?

Re: City Challenged on Fingerprinting Protesters

[Major Variola (ret)]

At 10:49 AM 10/5/04 -0400, R. A. Hettinga wrote:
>Now it looks as if much of the fingerprinting may not have been legal
in
>the first place. According to lawyers at the New York Civil Liberties
>Union, the city may have violated state law by routinely fingerprinting

>arrested protesters.

There is a bill in this year's Ca election to require DNA sampling of
anyone arrested.  Not convicted of a felony, but arrested.

Re: Foreign Travelers Face Fingerprints and Jet Lag

[Major Variola (ret)]

At 08:30 PM 10/3/04 +, Justin wrote:
>On 2004-10-03T13:32:36-0500, J.A. Terranson wrote:
>>
>> The US *is* the Fourth Reich.
>
>Personally, I will take what comes.

You will make fine soap.

comfortably numb

[Major Variola (ret)]

t 11:22 PM 10/1/04 -0700, Bill Stewart wrote:
>Questions were going through my mind. Would it hurt? What are the
risks?
>What if I want to get it out?
>
>I ordered another drink.

In the US its generally illegal to tattoo someone who is drunk.

>Comfortably numb

In many ways this fellow is.



I recently read that DoCoMo is moving towards using cellphones as
wallets for all kinds of value.

Though they could have the phone be an anonymous bearer
token like cash or a prepaid token
(which, like cash, limits the loss to the stored value if the phone is
lost
or stolen), they "thought customers would prefer transaction records".
Japs don't care for privacy, it seems.   If they lose the phone, its
just one call to DoCoMo instead of several to credit companies,
which is touted as a plus.  Makes analyzing behavior easier if
its centralized.  Insects.

Re: Spotting the Airline Terror Threat

[Major Variola (ret)]

At 11:37 AM 10/3/04 -0400, R. A. Hettinga wrote:
> Unlike the TSA's recently announced program to use computer databases
to
>scan for suspicious individuals whose names occur on passenger lists,
SPOT
>is instead based squarely on the human element: the ability of TSA
>employees to identify suspicious individuals by using the principles of

>surveillance and detection. Passengers who flag concerns by exhibiting
>unusual or anxious behavior will be pointed out to local police, who
will
>then conduct face-to-face interviews to determine whether any threat
>exists.

Nice to see another euphemism for cultural prejudgice:
"the human element", mein fuhrer (insert Dr Strangelove image)

Reminds me of how you can't use race in eg loan application processing,
but you *can* use neural nets whose behaviors are hidden in the nodes.

(As a lib, I know its wrong to tell folks they can't use predicate-X;
but for the state to use eg race disguised as "the human element"
is criminal.)

PS: do cargo planes have kevlar doors yet?

Re: "ID Rules Exist, But Can't Be Seen"

[Major Variola (ret)]

At 05:06 PM 9/30/04 -0400, Tyler Durden wrote:
>I post this not as a refernce per se, but to ask the question:
>
>Exactly Why Does the Government Not Want to Reveal Their ID Rules?
>
>For instance, is it indeed possible that revealing this rule would pose
an
>additional security risk? If such a rule exists (and it does) then
hijackers
>obviously already know about it.

Not only that, but as Bruce S pointed out, they can reverse-engineer
the rules by sending probes.

Re: How to fuck with airports - a 1 step guide for (Redmond)

[Major Variola (ret)]

Personal aside.  I've started working for a medical device company.
This is not so far from security programming, as checking your
inputs, robustness, and being able to justify time spent inspecting
and testing are all common to both domains.

But today I learned that a device that keeps you heart going, should
it forget how, has a field that rolls over in about 40+ days.  But hey,
euthanisia
is underappreciated.  Reboot that pacer!

--

People who are willing to rely on the government to keep them safe are
pretty much standing on Darwin's mat, pounding on the door, screaming,
"Take me, take me!"--Cael in A.S.R.


Sunder wrote:

>Q: How do you cause an 800-plane pile-up at a major airport?
>A: Replace working Unix systems with Microsoft Windows 2000!

"The servers are timed to shut down after 49.7 days of use in order to
prevent a data overload, a union official told the LA Times."
That would be 49.71026961805556 days, or (curiously
enough) 4294967295 (0x) milliseconds.  Known problem with Win95
('cept they call Win95 a "server").

Re: Spy imagery agency watching inside U.S.

[Major Variola (ret)]

You don't even need the Hubble-scopes pointed down that the
NRO/NIMA/whatever the fuck they're called today
has.  Check out globexplorer.com; my patio is more than
several pixels and a friend of mine saw his Bronco.
You could probably make out the glint in JY's eyes.

OTOH its really easy to signal our colleages overseas should
they have similar resolution, and we have patio umbrellas.



At 12:28 PM 9/28/04 -0400, R. A. Hettinga wrote:
>Spy imagery agency watching inside U.S.
>By Katherine Pfleger Shrader, Associated Press
>BETHESDA, Md. - In the name of homeland security, America's spy imagery

>agency is keeping a close eye, close to home. It's watching America.
Since
>the Sept. 11 attacks, about 100 employees of a little-known branch of
the
>Defense Department called the National Geospatial-Intelligence Agency -
and
>some of the country's most sophisticated aerial imaging equipment -
have
>focused on observing what's going on in the United States.

Re: Mystification of Identity: You Say Yusuf, I Say Youssouf...

[Major Variola (ret)]

At 05:53 PM 9/27/04 -0700, Bill Stewart wrote:
>and preventing you from flying means you can't carry out your
>Clever New Hijacking Plan, such as converting that small guitar
>into a set of six piano-wire garrotes or mixing that

Organophosphates will still make it onto a plane, have been used
in Japan, and might be better used in stationary, more populated and
still dense places in the US.

Also, no one has really tested whether pilots will suffer 300 passengers

to die.  But there are groovier places to deploy the human pesticides,
jets
are so old-school.

And then there's the ultimate soft targets, grammar schools.

Those who lay with israelis die like israelis.  Karma ain't just for
breakfast anymore.  Birds, roost, home.

BTW, I don't think TATP would excite the nitrate-sniffing autodogs..
just light your shoe in the restroom next time for Allah's sake..

Who knew the fall of Rome II would be televised?

Individual Geopolitical Darwin Awards

[Major Variola (ret)]

At 10:00 AM 9/27/04 -0400, Tyler Durden wrote:
>Don't forget, the World Trade Center management was on the Intercom
trying
>to tell everyone to "Remain inside the Building...It's safest Inside
the
>Building".
>
>Fuck. Here on Wall Street I'm a dead man.

If you stay in NYC or DC, you are an individual winner of a geopolitical

Darwin Award.  You can collect along with your half-dozen virgins.

John Abizaid needs termination

[Major Variola (ret)]

Saw "general" Abizaid on the news.  He was so obviously
either experiencing pharmaceutically-induced nystagmus or
reading from a teleprompter it wasn't funny.  Methinks
he's a robot, or taking too many go-pills.   Lets hear
2K dead by the elections.  We'll settle for less if they're
in DC.

But they were using 3DES!

[Major Variola (ret)]

September 20, 2004

ATM Stolen in Third Such Theft in a Month
An automated teller machine was stolen from a gas station early Sunday,
the
third such theft in Orange County since mid-August, police said.

The machine was stolen from an Arco just before 4 a.m., using the same
method as in the earlier incidents, sheriff's Lt. Ted Boyne said.

"They come, and in 30
seconds, they have the
ATM in back of an
SUV."

http://www.latimes.com/news/local/orange/la-me-ocbriefs20.2sep20,1,6358360.story?coll=la-editions-orange

Moral of the story: do the math.

Re: Geopolitical Darwin Awards

[Major Variola (ret)]

At 08:46 PM 9/19/04 -0700, John Young wrote:
>Today, even the US uses children in war, 17 being the minimum
>age to enlist. Others sneak in by lying about their age, some as
>young as 14. Recruiters look the other way when the kids
>and their parents lie. Been there, done that. Enlisted in the
>army at 15, served months before being kicked out when a
>relative ratted on me. Went in again at 17.

Not that it matters, but you have tipped your motivations far
more than your bailey-bridge erections...

Still, good things come from twisted sources... look at the GNU projekts
:-)

Re: Geopolitical Darwin Awards

[Major Variola (ret)]

At 11:42 AM 9/20/04 -0500, J.A. Terranson wrote:
>On Sun, 19 Sep 2004, Major Variola (ret) wrote:
>
>> (Remember the
>> Hiroshima bomb was *not* tested, so sure were the scientists.
Trinity
>
>My understanding (and I am *positive* someone will correct me if I'm
>wrong) was that there was a shortage of both fissionable materials and
>appropriate [altimeter] fuse mechanisms, making testing a outside of
enemy
>territory a losing proposition.

Fissiles were expensive, still are, but the design of U-gun is better
(if you can afford the enrichment) because of U's lower spontaneous
fission rate, ie fewer spare neutrons to spoil the fun.  Even pure
Pu-239,
the result of short irradiation, has a problem with premature
ejaculation.

Re: Geopolitical Darwin Awards

[Major Variola (ret)]

At 05:07 PM 9/19/04 -0700, James A. Donald wrote:
>
>I don't recall the American revolutionaries herding children
>before them to clear minefields, nor surrounding themselves
>with children as human shields.

The yank minutemen were not above taking children as soldiers,
any more than Dan'l Boone was above taking a 14 year old as
a wife.

Re: Geopolitical Darwin Awards

[Major Variola (ret)]

At 04:57 PM 9/19/04 -0700, James A. Donald wrote:

>But the Saudi Arabian elite, of among which Bin Laden was born with a
>silver spoon in his mouth, are not getting screwed over.

1. you don't get religion
2. UBL's mom was a low-caste yemeni, dig?

Re: Geopolitical Darwin Awards

[Major Variola (ret)]

t 11:38 PM 9/20/04 -0400, R. A. Hettinga wrote:
>At 8:11 PM -0700 9/20/04, Major Variola (ret) wrote:
>>2. UBL's mom was a low-caste yemeni, dig?
>
>Actually, UBL's *dad* was a low-caste Yemeni, too.
>
>And your point is?

That you can be wealthy and still find something of the underdog
in you, which you can resublimate...

>-- Islam is a dead
>religion. It just doesn't know it yet.

Lets hope that's true for all of them...

voting: economics of paper trails

[Major Variola (ret)]

Isn't it *cheaper* (as well as more accurate) to have
preprinted ballots, optically scanned, then to have
an embedded computer print out a paper trail?

Ie, don't the benefits of volume printing beat the cheapest
printing tech?

Besides the other advantages of being self-verifiable,
more accurate, intuitive, unhackable, not having to be destroyed or
randomized (as
with serial polling-place-kept paper trails), etc?

Methinks the printing press / optical scanner industry is not
resisting the Diebold/tech-fetishist whores adequately...

I think Ben Franklin would agree.

Disowned spooks get to be Mohommad's boyfriend for 10 yrs

[Major Variola (ret)]

http://rdu.news14.com/content/headlines/?ArID=55256&SecID=2


Soviets:Chechnya::US:?

Re: Geopolitical Darwin Awards

[Major Variola (ret)]

At 12:15 PM 9/19/04 -0400, Tyler Durden wrote:
>My running, personal theory is that Muslim fundamentalism (and in
general,
>most fundamentalisms) get going when the locals gain a persistent sense
that
>they're gettin' screwed over,

See "Crusades", which aint over til the tall buildings fall.

and that their current government ain't
>helping a whole lot.

The Saudi royalty is the best the US can buy!

It's kind of a devil's bargain to obtain a source of
>strength. By necessity it needs to reject a lot of the local culture,
>otherwise there isn't sufficient motivation to fight. In general, it's
>probably on many levels predictable and even reasonable.

Religion (of any form that posits an afterlife) is a terrorist weapon.

Faith in the man with the silly hat is a WMD.

>Of course, this can boil over into bizarre, "fanatical" behavior, but
then
>again as Mr Young so aptly put it, "fanatical" is what the screw-ers
>normally call mass behavior they don't like.

Winners write the history books.

>In the case of Nukes, I'd point
>out that the nuclear nations have a distinct advantage at the UN or any

>other bargaining table, so if I were Iranian I'd be working pretty hard
to
>get something quasi-viable together that could be called a "nuke". Of
>course, the few truly "fanatical" members of the local nuke-wannabees
might
>get a hold of the block box and, well, that sucks.

1. The UN doesn't let Rogues (tm) into the Security Council and thus
a nuke is only *de facto*, not diplomatically useful in deterring
colonial
regime-changing.

2. Far more likely is that a decade's worth of work, a lot of money, and

a few scientists will be vaporized by an Israeli Hellfire, made in the
USofA
by those proud flag-flying folks at Raytheon Death, Inc.

The counter to 2 is to have two or more, one mounted on a missile on a
mobil platform,
how do you say MX in Farsi, and keep everything really really secret.
The first nuke is for demonstration purposes, which
might be a waste if its a U-gun type
(except in making abundantly clear how far along your R&D is :-).
(Remember the
Hiroshima bomb was *not* tested, so sure were the scientists.  Trinity
was
a Pu-implosion finesse job.)

The interesting thing is that Iran isn't buying a few from Pakistan.  Oh
that's right,
the U$ bought the Paki 'leadership'.  Also means that Al Q isn't willing
to share
their stash with Iran.  They probably think they have higher-priority
uses for them.

Re: potential new IETF WG on anonymous IPSec

[Major Variola (ret)]

At 06:20 AM 9/17/04 +, Justin wrote:
>On 2004-09-16T20:11:56-0700, Major Variola (ret) wrote:
>>
>> At 02:17 PM 9/16/04 -0700, Joe Touch wrote:
>> >Except that certs need to be signed by authorities that are trusted.

>>
>> Name one.
>
>Oh, come on.  Nothing can be absolutely trusted.  How much security is
>enough?
>
>Aren't the DOD CAs trusted enough for your tastes?  Of course, 'tis
>problematic for civilians to get certs from there.

DoD certs are good enough for DoD slaves.  Hospital certs are good
enough for their employees.  Joe's Bait Und Tackle certs are good enough

for Joe's employees.  Do you think that Verislime is good enough for
you?

Re: potential new IETF WG on anonymous IPSec

[Major Variola (ret)]

At 09:09 AM 9/17/04 +0200, Thomas Shaddack wrote:
>On Thu, 16 Sep 2004, Major Variola (ret) wrote:
>
>> At 02:17 PM 9/16/04 -0700, Joe Touch wrote:
>> >Except that certs need to be signed by authorities that are trusted.

>>
>> Name one.
>
>You don't have to sign the certs. Use self-signed ones, then publish a
GPG
>signature of your certificate in a known place; make bloody sure your
GPG
>key is firmly embedded in the web-of-trust.

Right.  And the known "trusted" place is 0wn3d by the Man.

The web of trust is a scam.

Know your pharmacist.

Re: potential new IETF WG on anonymous IPSec

[Major Variola (ret)]

At 02:17 PM 9/16/04 -0700, Joe Touch wrote:
>Except that certs need to be signed by authorities that are trusted.

Name one.

Re: public-key: the wrong model for email?

[Major Variola (ret)]

At 10:28 PM 9/16/04 +0200, Hadmut Danisch wrote:
>Because PKC works for this Alice&Bob communication scheme. If you
>connect to a web server, then what you want to know, or what
>authentication means is: "Are you really www.somedomain.com?"
>That's the Alice&Bob model. SSL is good for that.

What makes you think verislime or other CAs are authenticating?
You can't sue them, they are 0wn3d by a State (and so can
issue false certs, just like States issue false meatspace IDs), etc.

>If I send you an encrypted e-mail, I do want that _you_ Ed Gerck,
>can read it only. That's still the Alice&Bob model. PGP and S/MIME
>are good for that.

What makes you think that EG is a physical entity, if you haven't met
him and learned to trust him through out of band channels?

>The sender of an e-mail does not need to pretend beeing a particular
>person or sender. Any identity of the 8 (10?) billion humans on earth
>will do it.

What makes you think that, given 1e10 humans, there are 1e10 identities?

Ie, why do you think there is a one-to-one mapping?

>PKC is good as long as the communication model is a closed and
>relatively small user group. A valid signature of an unknown sender
>has at least the meaning that the sender belongs to that user group.

PKC is only as good as the means by which you obtain the public key.
A server, a CA, are all worthless.

The emperor has no clothes, get used to it.

jpegs are vectors

[Major Variola (ret)]

http://news.bbc.co.uk/2/hi/technology/3661678.stm

Image flaw exposes Windows PCs
Computer users could be open to attack
from malicious hackers because of the
way that Windows displays some
images.

A buffer overrun of course.  But this is even better than the PNG
vulnerability reported earlier this year.

All your service packs are belong to us.

RE: Symantec labels China censor-busting software as Trojan

[Major Variola (ret)]

At 09:45 AM 9/15/04 -0400, Tyler Durden wrote:
>Hum. Seems the Chinese government is pretty effective at
self-preservation.
>Does this contradict the widely-held Cypherpunk belief in the
inevitability
>of deterioration of the state?

"We" have always held that a sufficiently policed state can defeat
crypto.
If the RIAA could put a vidcam in your computer room, things are easy.
If crypto is illegal, things are easy.  (We have remarked on how,
modulo stego, crypto traffic is trivial to detect with any entropy
measure.  Got PGP headers?)

China is a police state.  A state with freedom of expression ---which
does
not include much or all of Europe--- is less so.   China is also a
nukepower,
so it is likely to persist.

Award#0442154 - Surveillance, Analysis and Modeling of Chatroom

[Major Variola (ret)]

At 05:41 AM 9/15/04 -0400, R. A. Hettinga wrote:
>NSF Award Abstract - #0442154

Yeah, this is Science (snicker)...

>Surveillance, Analysis and Modeling of Chatroom Communities

> Abstract
> The aim of this proposal is to develop new techniques for information
>gathering, analysis and modeling of chatroom communications. First, the

>investigator and his colleague consider graph-less models to capture
the
>structure of chatroom communications. In particular, the investigators
>study how to develop a multidimensional singular value decomposition

buzzword alert

>approach for component analysis of chatroom communication data. Second,
the
>investigators develop new visualisation techniques to display the

buzzword alert

>structural information found in the first step.

> Internet chatrooms provide an interactive and public forum of
>communication for participants with diverse objectives. Two properties
of
>chatrooms make them particularly vulnerable for exploitation by
malicious
>parties. First, the real identities of the participants are decoupled
from
>their chatroom nicknames.

As if email doesn't share that property?   You really think I work for
cdc.gov?

Second, multiple threads of communication can
>co-exist concurrently.

What a fucking concept...

Although human-monitoring of each chatroom to
>determine "who-is-chatting-with-whom" is possible, it is very time
>consuming, hence not scalable. Thus, it is very easy to conceal
malicious
>behavior in Internet chatrooms and use them for covert communications
>(e.g., adversary using a teenager chatroom to plan a terrorist act).

How about teenagers planning terrorist attacks?  Or terrorists' senior
proms?

This
>project aims at a fully automated surveillance system for data
collection
>and analysis in Internet chatrooms to discover hidden groups.

Use textual stego, mofo.

Thus, the proposed system could
>aid the intelligence community to discover hidden communities and
>communication patterns in chatrooms without human intervention.

A pretty good argument for broadcast stego.

> This award is supported jointly by the NSF and the Intelligence
Community.

I bet.

They already 0wn the fucking IX points, and can grab the DHCP records;
don't you think the spooks already do this, and more?

Look at Orion Sci, which graphs gangs.  Extrapolate to IP.

If these bozos were better they wouldn't be in Troy.

Geopolitical Darwin Awards

[Major Variola (ret)]

At 09:27 AM 9/14/04 -0400, John Kelsey wrote:
>>From: "Major Variola (ret)" <[EMAIL PROTECTED]>
>>Removing chunks with dynamite is trying rather hard for a Darwin
award.
>
>As far as I can tell from what's reported in the new, a great deal of
North Korea's daily operation fits that category.

How about Iran stating that they're messing with UF6, when Israel[1] is
a known
pre-emptive bomber of Facilities to the East?   That's pretty much
tickling
the dragon.

[1] A wholly 0wn3d subsidiary of the US.  Or perhaps vice-versa.

Re: Nanometer Bamboo Carbon TEMPEST Protection

[Major Variola (ret)]

t 10:10 AM 9/14/04 -0700, John Young wrote:
>From: "dumbshit" <[EMAIL PROTECTED]>
>Subject: effectively prevent computer radiation
>
>especially computer radiation, which does much
>harm to human body.

Yeah, it really taxes my feng-shei

>The main material of FANGFUWANG is active nanometer
>bamboo carton. Through Chinese and Japanese experts' many
>years research and repeatedly proof, the nanometer bamboo
>carbon has the characteristics of being close and porous, and
>having strongly absorbable capacity.

Hey, my charcoal briquettes have nanometer structure too!
Maybe I'll sell them as a stealth coating for chinese bombers!
And if taken internally they can remove toxins!

How do you say scam for the clueless in Mandarin?

Re: "Forest Fire" responsible for a 2.5mi *mushroom cloud*?

[Major Variola (ret)]

At 08:59 PM 9/13/04 -0500, J.A. Terranson wrote:
>If a nuke goes off a few dozen meters under a mountain, is there anyone

>there to see it?  What is the sound of one mountain moving?

You can get dust rising off the mountain ---find the video of the Paki
tests.  But not a big rising cloud.

An underground test is a few *hundred* meters below surface.
And sometimes you get a chimney of crumbled rock leading to
either a crater or a dome on the surface, depending on the
rock type; Nevada is pockmarked with them.But no big
cloud.

Re: "Forest Fire" responsible for a 2.5mi *mushroom cloud*?

[Major Variola (ret)]

At 06:59 AM 9/14/04 +1200, Peter Gutmann wrote:
>(The nitrate was desensitised with ammonium sulfate and stored outside,

>whenever anyone needed any they'd drill holes and blast off chunks with

>dynamite.

AN is extremely deliquescent; perhaps the sulphate was for that?
Removing chunks with dynamite is trying rather hard for a Darwin award.

When I was a teen I would save the instant-cold packs after soccer
games, and recrystalize the AN within.  It melts and gives off bubbles
but I never collected enough N20 nor did it detonate.

Re: "Forest Fire" responsible for a 2.5mi *mushroom cloud*?

[Major Variola (ret)]

At 06:23 PM 9/12/04 -0400, Tyler Durden wrote:
>I had thought that one of the main tests was seismic...from what I
>understood, Seismic monitors in the US can detect nu-cu-lar tests
(above or
>below ground) and even guess where and the size of the blast.

Yes.  Seismic sensors see some foreshock activity before an earthquake
including the big ones.
A nuke starts instantly.  Standard S & P wave triangulation gives you
the location.   You can try to hide a blast (in sand; or in an excavated

void) but its tough.

At 06:50 AM 9/13/04 +0200, Eugen Leitl wrote:
>About 4.5 kT of 50:50 ammonium nitrate/ammonium sulfate mix. One of the

>largest, if not *the* largest nonnuclear explosions ever.

Ammonium sulphate would not have exploded.  Its the nitrate that is the
fun group.  It has an oxygen surplus, so anythign (like the rest of the
ship)
vaporized by the detonation would probaby burn.  Fuel oil is cheap;
aluminum dust is more energetic.

At 10:40 PM 9/12/04 -0700, Bill Stewart wrote:
>No FO, just AN all by itself.  NH4NO3 turns into N2 + 2H2O + O,

Slow decomposition yields nitrous oxide, ie the fun oxide.
19th century chemistry.  (And anesthesiology!)

>The first earthquake-like event I experienced was when a
>chemical plant across the river from where I lived blew up;
>I think it was a fertilizer plant of some sort.
>(I was in Delaware; the plant was in New Jersey, and it was ~1968.)

The DuPont black powder & nitro plants in Delaware have three strong
walls, the weak side faces the river.  When they blow up, its much
safer.  Unless you're on
the river, of course.

The N Korean blast could have been their missiles blowing up due to
screw ups.  There's a lot of energy in the fuels.  Or it could have been

a test of their nuke-testing systems.

The media uses the phrase "October surprise", if NK detonates just
before the elections.  Of course, others are working on their own
October gift to W.

When the WTC towers fell, it was something like a 3 on the Richter
scale.
Lots of gravitational energy.

Re: potential new IETF WG on anonymous IPSec

[Major Variola (ret)]

Currently BGP is "secured" by
1. accepting BGP info only from known router IPs
2. ISPs not propogating BGP from the edge inwards

Its a serious vulnerability (as in, take down the net),
equivalent to the ability to confuse the post office
machinery that sorts postcards.  All you need to
do is subvert some trusted routers.


At 10:54 PM 9/10/04 -0700, Bill Stewart wrote:
>Also, the author's document discusses protecting BGP to prevent
>some of the recent denial-of-service attacks,
>and asks for confirmation about the assertion in a message
>on the IPSEC mailing list suggesting
>"E.g., it is not feasible for BGP routers to be configured with the

>appropriate certificate authorities of hundreds of thousands of
peers".
>Routers typically use BGP to peer with a small number of partners,
>though some big ISP gateway routers might peer with a few hundred.
>(A typical enterprise router would have 2-3 peers if it does BGP.)
>If a router wants to learn full internet routes from its peers,
>it might learn 1-200,000, but that's not the number of direct
connections
>that it has - it's information it learns using those connections.
>And the peers don't have to be configured "rapidly without external
>assistance" -
>you typically set up the peering link when you're setting up the
>connection between an ISP and a customer or a pair of ISPs,
>and if you want to use a CA mechanism to certify X.509 certs,
>you can set up that information at the same time.

Re: "Forest Fire" responsible for a 2.5mi *mushroom cloud*?

[Major Variola (ret)]

At 09:53 AM 9/12/04 +0200, Eugen Leitl wrote:
>On Sun, Sep 12, 2004 at 07:50:35AM +0200, Thomas Shaddack wrote:
>> On Sun, 12 Sep 2004, J.A. Terranson wrote:
>>
>> > "No big deal"?  Who are they kidding?
>>
>> A 2-mile wide cloud is WAY too big to be caused by a single
explosion,
>> unless REALLY big. The forest fire claim sounds more plausible in
this
>
>To make a crater visible from LEO it better had to be big. Does Oppau
ring
>a bell?

How about that .3 kiloton AN explosion in France a little after 11.9.01?

But you don't get much crater with an airburst --think about Trinity,
where the tower was left standing.  To get a crater, you have to
bury the nuke (see SEDAN, PLOWSHARE), which BTW
couples the shock very nicely into the ground.  (You *can*
destroy an underground bunker with a nuke, you just bury
a 10 MT device.  The fallout prevents its deployment though.
Easier just to bomb the ingress/egress.
http://www.fas.org/rlg/20.htm has some good ideas on this.

In any case, you won't see the surface until the smoke clears.
But the gamma, seismic (quakes don't start instantly), and
opticals (double-pulse) will tip a nuke quite clearly.

Re: "Forest Fire" responsible for a 2.5mi *mushroom cloud*?

[Major Variola (ret)]

At 12:01 AM 9/12/04 -0500, J.A. Terranson wrote:
>"No big deal"?  Who are they kidding?

JAT, any large explosion will create a mushroom cloud.  Its the
blast wave reflecting off the ground that lifts the thing, plus the
buoyancy of the hot gasses.

If it *were* a nuke, it would be easy to detect --from Vera
gamma-ray satellites staring at the earth to optical sensors
(there's a characteristic nonlinear time-course of optical emissions)
to fallout monitors, ground and plane based.

Time will tell, and it certainly could have been a nuke (they have
the SNMs), but if you do it, you talk about it, much like
the Indi/Pakis did.  And you can't hide a surface burst, or
even a large belowground test --and an underground test
that vents to the atmosphere doesn't make such a big cloud.

Nukepunk

Re: BrinCity 2.0: Mayor outlines elaborate camera network for city

[Major Variola (ret)]

At 12:50 PM 9/11/04 +0200, Nomen Nescio wrote:
>So, since this is titled BrinCity, it surely means that the image
>streams will be available from a web site and that we the people get
>cameras in the emergency response center and the mayor's office?

Is adultery a crime in Chicago?  Given the predilication for peripheral
pussy by
those in power, the cameras could be used to track them.  Conspiracy
to commit a crime is also a crime.  Who knows, Gary Condit's concubine
might still be aerobic had there been enough cameras on the ingress
points
to various buildings.  Hey, its in public view.  All those homebodies
with computers could help keep the public safe.

They're not using crypto to keep the publicly funded, public images from
public
scrutiny, are they?  What do they have to hide?

.Wear light colored burkhas to survive the thermal flash.. aluminized
fabrics preferred

Re: Call for 'hackers' to try to access voting machines draws stern warning

[Major Variola (ret)]

t 06:59 PM 9/10/04 -0400, R. A. Hettinga wrote:
>
>Call for 'hackers' to try to access voting machines draws stern warning

> The warning came after Elections officials received a faxed document
last
>week stating that a $10,000 cash award would be offered to anyone who
can
>successfully "hack" into electronic voting machines to prove whether
vote
>tallies can be changed.

Sounds like a good idea for social hacking in the States, too.
The "No paper trail, no trust" coalition needs only a bit of typesetting

and some glue to make the point.  Art is not a crime.  Political sarcasm

is art.  I'm surprised that flyers haven't appeared in SF yet; art is
not
just for the playa.  Even better, give Diebold's URL on the flyer...

Re: Flying with Libertarian Hawks

[Major Variola (ret)]

At 07:53 AM 9/10/04 -0400, R. A. Hettinga wrote:
>
>
>Is it possible for one to be libertarian about policies at home and
>neo-conservative about policies abroad? After all, isn't the principle
of
>non-coercion incompatible with the interventionist policies of the
current
>Administration? Simply put: is there such an animal as a libertarian
hawk
>and if he exists, why do we so seldom hear from him?

On the contrary, the Ayn Rand institute has been taken over by
vocal Zionists.  They would never bomb Dimona but if a non-israeli
semite even thinks about uranium, its missiles away.

Or if the South Koreans do a bit of clandestine enrichment, no big deal,

they're "our" *friends*.


-
"Stop shedding our blood to save your own and the solution to this
simple
 but complex equation is in your hands. You know matters will escalate
the more you
delay and then do not blame us but blame yourselves. Rational people do
not risk their
security, money and sons to appease the White House liar." UBL

The only language the American people understand is
dead Americans. -EC

Re: Perplexing proof

[Major Variola (ret)]

At 08:23 AM 9/10/04 -0400, R. A. Hettinga wrote:
>
> Perplexing proof
>
>E-commerce is only one mathematical breakthrough away from disaster
>Robert Valpuesta, IT Week 09 Sep 2004
>
>The fact that even experts often do not fully understand how IT systems

>work was underlined by recent reports that the Riemann hypothesis,
>established in 1859, may finally have been proved.

This doesn't follow.

>It seems the hypothesis would explain the apparently random pattern of
>prime numbers that form the basis for much internet cryptography, used
for
>e-commerce and online banking to guard accounts and credit card
details.

Can someone explain how finding regularity in the distribution of primes

would affect any modexp() system?   Suppose that you have a function
F(i) which gives you the i-th prime.  Since the PK systems (eg RSA, DH)
use *randomness* to pick primes, how does being able to generate
the i-th prime help?

>Louis de Branges, a renowned mathematician at Purdue University in the
US,
>has claimed he can prove the hypothesis. But the maths is so
complicated
>that no one has yet been able to say whether his solution is right.
>
>"[The suggested proof] is rather incomprehensible," professor Marcus du

>Sautoy of Oxford University told The Guardian, adding that if correct
it
>could lead to the creation of a "prime spectrometer" that would bring
"the
>whole of e-commerce to its knees overnight".

Methinks the "expert" du Sautoy is an expert in number theory, not
crypto...

>Unfortunately, most managers have no way of telling whether the proof
is
>right or its implications are indeed as stated.

Most managers don't understand crypto.


This could be an
>embarrassment if they are asked to assess risks for corporate
governance
>reports, since they clearly now have a duty to own up and admit that
>business could be threatened by a theoretical prime spectrometer.
>
>Alternatively they might accept that security is a matter of faith,
declare
>that nothing can truly be "known", and add that the way of Zen shows
that
>security is probably an illusion anyway.

I think this latter indicates the cluelessness of the author.

The Garwin Archive

[Major Variola (ret)]

A nuke physicist talks about taking out a US city,
nonlethal weapons, and more

http://www.fas.org/rlg/index.html

 http://www.fas.org/rlg/04-nonlethal.pdf

 http://www.fas.org/rlg/040309-drell.htm

Re: Seth Schoen's Hard to Verify Signatures

[Major Variola (ret)]

At 11:48 AM 9/8/04 -0700, Hal Finney wrote:
>Seth Schoen of the EFF proposed an interesting cryptographic primitive
>called a "hard to verify signature" in his blog at
>http://vitanuova.loyalty.org/weblog/nb.cgi/view/vitanuova/2004/09/02 .
>The idea is to have a signature which is fast to make but slow to
verify,
>with the verification speed under the signer's control.  He proposes
>that this could be useful with trusted computing to discourage certain
>objectionable applications.
>
>The method Seth describes is to include a random value in the signature

>but not to include it in the message.  He shows a sample signature
>with 3 decimal digits hidden.  The only way to verify it is to try all
>possibilities for the random values.  By controlling how much data is
>hidden in this way, the signer can control how long it will take to
>verify the signature.

This could be called a "salt-free" algorithm :-)   Basically its like
the
problem that a salted-password cracker has to solve when the salt has
to be guessed.

As far as a modexp() solution, I suggest this, which is as far as I can
tell
different from what you reference:

In an RSA cryptosystem the public exponent is typically low, often
3 or 65537 (for efficiency reasons only a few bits are set; the other
constraint is that your message, raised to that power, wraps in your
modulus, which makes 65537 a little better).  The private exponent
is big.

Therefore, traditional encryption is "fast", and decryption is slow;
the reverse is that signing is slow, verifying a signature is fast.
This can be used to achieve Seth's required "fast to make, slow
to verify".  To achieve the required "user-controllable", the user
gets to set the number of bits in the modulus.  One might have
to use extraordinarily long moduli (making 4Kbits look puny), depending
on the time-scale of "slow" and "fast", but so what, primes are free :-)

and might even be re-used.

If this passes group-muster pass it on..

Re: Gilmore case...Who can make laws?

[Major Variola (ret)]

At 11:19 AM 9/8/04 -0400, Tyler Durden wrote:
>Hum. I wonder. Do you think these secret regulations are communicated
via
>secure channels? What would happen if someone decided to send their own

>regulations out to all of the local airline security offices rescinding
any
>private regs, particularly if one used official-looking letterhead?

It would be better to inject *more heinous* secret rules than to attempt
to remove
them.  "Why" is left as an exercise to the reader.  Fax would probably
suffice.

At 01:52 PM 9/7/04 -0500, J.A. Terranson wrote:
>I am however intrigued that they may be preparing to posit that secret
>rules (which act under color of law) can be enforced without being
>described publicly.  This, if accepted, would effectively end all
>constitutional protections.

The phrase "constitutional protections" doesn't pass the giggle test
these days.
However the courts --when trials get that far-- will still toss out
cases in which
the state's evidence is not revealed.  I expect that behavior will
stop when domestic-US secret trials become common.  To protect
means, methods, and the chldren, of course.

At least the Europeans don't take the US seriously, esp after the use of
torture
was made clear, see eg the German trials.  But the US is trying to
control
them via the oil connection.

Rome did not fall in a day.

RE: stegedetect & Variola's Suitcase

[Major Variola (ret)]

At 11:57 AM 9/7/04 -0400, Sunder wrote:
>The answer to that question depends on some leg work which involves
>converting the source code to stegetect into hardware and seeing how
fast
>that hardware runs, then multiplying by X where X is how many of the
chips
>you can afford to build.

A quick perusal of stegdetect.c, attending to how it analyzes jphide
images,
indicates that it computes histograms of DCT coefficients and then
performs
chi^2 tests on the distributions.  Since this is
fairly easy on a generic RISC CPU, one might be better off with a rack
o' blades
or even a cluster.  Particularly because most JPGs will fit inside your
typical
21st century-sized processor cache.

Note that a streaming implementation is not easy because JPG data will
have to be reassembled from transport-level packet quantization; e.g., a
200KB JPG is a lot
of 1500 byte packets.  Better to snarf & reassemble the JPG then analyze
the whole captured image.

Contrast this with e.g., block cipher accelerators that benefit
from hardware implementation because they use bit-diddling not well
supported by
a typical instruction set.  Or modexp() accelerators that benefit from
parallelism.

Joseph Holsten <[EMAIL PROTECTED]> is right that its a complete waste
(and not really stego) to look for data appended to the image data.  Any
data appended there, especially noise :-), will be suspicious.


>I'd image that it's a lot faster to have some hw that gives you a
yea/nay
>on each JPG, than to say, attempt to crack DES.

Stegdetect is performing a signal-detection task.  As such, it measures
a continuous
variable, then thresholds it to make a decision.  Therefore there is a
tradeoff between sensitivity and false positives.

For instance, I produced a test, jphide stego'd JPG which is *not*
detected by stegdetect
with default sensitivity, but using the "-s 3" argument it scores one
asterisk.

The steganographer can make the steganalysts' jobs much harder by
keeping
the S/N down, ie by only using short messages in large images.  This is
alluded
to in the jphide pages: "Given a typical visual image, a low insertion
rate (under 5%) and the absence of the original file, it is not possible
to conclude with any worthwhile certainty that the host file contains
inserted data." and follows from signal detection theory.
It is also empirically true from some casual experimentation.

Further commentary:

* Stegdetect, though clever and well written (if poorly commented),
barfs on a number of valid JPGs, including monochrome ones.

* One could write a jphide variant which doesn't skew the coefficients
e.g., if you
use the upper half of an image for cargo, and the lower half to hide the
changes.
If instead of simplistic "halves" you used the passphrase to seed a PRNG
you could
disperse the cargo & re-balancing changes much more subtly.

* MPx format files have great potential, for both image, image-N-tuple,
and audio stego; is that http://irenarchy.org hip-hop recruiting video
really just a video?   (And is morphing someone into a sesame-street
character "fair use"?)

* Note that stego dictionary-attack breaking *would* benefit from
compression-
and crypto- accelerators for obvious reasons.  But the topic here is
stego detection.

---
Steganography is in the eye of the beholder.  -Viktor.

Private GPS tracking

[Major Variola (ret)]

GLENDALE, Calif. - Police arrested a man they said tracked his
ex-girlfriend's whereabouts by attaching a global positioning system to
her car.

 Ara Gabrielyan, 32, was arrested
Aug. 29 on one count of stalking and
 three counts of making criminal
threats. He was being held on $500,000
bail and was to be arraigned
Wednesday.

"This is what I would consider
stalking of the 21st century," police Lt.
Jon Perkins said.

Police said Gabrielyan tracked the
35-year-old woman, who was not
identified, after she ended their
relationship, showing up unexpectedly at
a book store, an airport and dozens
of other places where she was.

Police said Gabrielyan attached a
cellular phone to the woman's car on
Aug. 16 with a motion switch that
turned on when the car moved,
transmitting a signal each minute to
a satellite. Information was then
sent to a Web site that allowed
Gabrielyan to monitor the woman's
location.

The woman learned how Gabrielyan was
following her when she
discovered him under her car
attempting to change the cell phone's
battery, police said.

http://story.news.yahoo.com/news?tmpl=story&cid=519&ncid=718&e=10&u=/ap/20040905/ap_on_re_us/gps_stalking

-
Beslan, coming to a school near you

whatever is necessary

[Major Variola (ret)]

At 08:57 AM 9/3/04 -0400, Tyler Durden wrote:
>Well, W did say he'd do "whatever is necessary".

I caught the last bit of Bush's rant.  The scary
part was him talking about the "resurrection" of
NYC.  Given how his little bubble-brain is addicted
to xianity, and his coterie has geo-political messianic
delusions, this is not good.

Just heard Clinton's going in the hospital to get a heart.
Maybe W can get a brain?  And Rummy some courage?

Maybe Frances is Nature reminding FLA to shape up this time..

Re: The cages on the Hudson, AKA Little Guantanamo (fwd)

[Major Variola (ret)]

At 10:55 PM 9/1/04 -0700, Bill Stewart wrote:
>Puerto Ricans in the ethnic neighborhoods along the shore
>might get uppity and take over the naval base, which everybody knew
>had Nuke-u-lur Weapons even though they'd never admit it,
>and the naval base might not be able to defend itself against a mob,
>so he convinced the town council that they needed to buy a tank.

Its quite clear (from the Empire Wars in the middle east)
that the 2nd amendment requires citizens to bear RPGs
to defeat tyranny.
Alas, even neutered rifles are illegal in many places; thus
among the first order of business will be to raid the Armories
for the right tools.


And I'm tired of all these soldiers here
And everything's broken,
And no one speaks english..
-Tom Waits

Re: Remailers an unsolveable paradox?

[Major Variola (ret)]

At 01:30 PM 9/1/04 +0200, Nomen Nescio wrote:
> Yet we need
>to make sure we're not abused too much since sooner or later laws
>will catch up with the remailers should abuse sky-rocket.

You need a Bill of Rights that specifies freedom of expression,
and judges that understand it.  Since you appear to be European,
where eg singers can be busted for singing political songs,
these ideas may be foreign to you.

> Using techniques like Hashcash should be
>more or less mandatory even today to make it harder to mailbomb or
>send large amounts spam? Why is it not?

Because when someone tells us that something is *mandatory*, we
tell them to fuck off, and we put them on our watch list.
OTOH nothing prevents you from 1. implementing
a hashcash-based node 2. automatically filtering what you receive.

>Regardless of what any hardcore cypherpunk or old-timers in the
>remailer community may think about any ideas imposing restrains on
>the useability of remailers something just have to be made about the
>abuse of the system.

Will no one think of the chiiildren?

>Making sure we have robust remailing services in one shape or
>another and at the same time have some kind of at least indirect
>acceptance from legislators and also a low degree of spam flowing
>through are essential goals.

Any legislator seeking to control how people use a communications
medium needs killing.

>The average naive and ignorant redneck will never ever understand
>the principal arguments for free speech that makes remailers useful.

That's why mob rule^H^H^H^H democracy loses to the constitution.
If you don't have the latter, you suffer the former.

>The average american do not think and analyze what is told to him.

Well duh.

>Since providing a true non-censoring remailing service and at the
>same time safeguard against spam and abuse are therotically
>incompatible I guess remailers are indeed a paradox waiting to be
>shut down sooner or later by politicians if we're not open to at
>least discuss some aspects of how these services are operated.

Why not use one of those "are you human" visually-distorted checks
that various websites use?  That is robust to automated spam.
Adding *voluntary* hashcash to remailer injection nodes is another
layer of defense in depth against spammers.

BTW, while spam is abuse, is a threatening message really abuse, or just

uncomfortable feedback?

making your own stamps

[Major Variola (ret)]

http://www.thesmokinggun.com/archive/0831041_photostamps_1.html?link=eaf

Re: Backdoor found in Diebold Voting Tabulators

[Major Variola (ret)]

http://www.blackboxvoting.org/?q=node/view/77 is up

Seems its due to an intentional, insider job, and not just as
an "engineering backdoor" (c) Cisco

Consumer Report: Part 2 - Problems with GEMS Central Tabulator

Submitted by Bev Harris on Thu,
08/26/2004 - 11:38. Investigations
This problem appears to demonstrate
intent to manipulate elections, and
was installed in the program under the
watch of a programmer who is a
convicted embezzler.

According to election industry
officials, the central tabulator is
secure, because it is protected by
passwords and audit logs. But it turns
out that the GEMS passwords can easily
be bypassed, and the audit logs can be
altered and erased. Worse, the votes
can be changed without anyone knowing,
including the officials who run the
election.

Multiple sets of books

(Click "read more" for the rest of
this section)

The GEMS program runs on a Microsoft
Access database. It typically recieves
incoming votes by modem, though some
counties follow better security by
disconnecting modems and bringing
votes in physically.

GEMS stores the votes in a vote
ledger, built in Microsoft Access. Any
properly designed accounting program
will allow only one set of books. You
can't enter your expense report in
three different places. All data must
be drawn from the same place, and
multiple versions are never
acceptable. But in the files we
examined, we found that the GEMS
system contained three sets of
"books."

The elections official never sees the
different sets of books. All she sees
is the reports she can run: Election
summary (totals, county wide) or a
"Statement of Votes Cast" (totals for
each precinct). She has no way of
knowing that her GEMS system uses a
different set of data for the detail
report (used to spot check) than it
does for the election totals. The
Access database, which contains the
hidden set of votes, can't be seen
unless you know how to get in the back
door -- which takes only seconds.

Ask an accountant: It is never
appropriate to have two sets of books
inside accounting software. It is
possible to do computer programming to
create two sets of books, but dual
sets of books are prohibited in
accounting, for this simple reason:
Two sets of books can easily allow
fraud to go undetected. Especially if
the two sets are hidden from the user.

A hidden trigger The data tables in
accounting software automatically link
up to each other to prevent illicit
back door entries. In GEMS, however,
by typing a two-digit code into a
hidden location, you can decouple the
books, so that the voting system will
draw information from a combination of
the real votes and a set of fake
votes, which you can alter any way you
  

John gets hassled, but those with $ are not

[Major Variola (ret)]

JY reports on the Fed nervousness about his publications;
but anyone with a few hundred $ can buy a CDROM or
nicely printed map of the same info.

[listsig: surveillance, 1st amendment, everyone is a reporter]



MAP DETAILS
This 2003/2004 edition of the N. American Natural Gas
System map is the most comprehensive (and
eye-catching) gas system map on the market.

http://public.resdata.com/rdimaps/html/DetailTemp.asp?d=1062&i=1715

The Electric Power System Atlas of North America on
CD-ROM offers the most-detailed,
most-comprehensive overview of the United States,
Canadian and Mexican electric infrastructure available
today, giving you the tools you need to make crucial
analytical or market decisions.

This atlas provides complete information for
competitive analysis, plant siting, transportation to
and from power plants, regional fuel mix, and territory
coverage. It's convenient, portable, and easy to use. It
displays 292 separate maps, plus 26 insets of
important regions including major metropolitan areas
such as Dallas, Los Angeles and New York.

http://public.resdata.com/rdimaps/html/DetailTemp.asp?d=1&i=1520

drooling at tracking immigrant$, with contact$

[Major Variola (ret)]

http://www.dhs.gov/interweb/assetlibrary/Vendor_Day_List_FIN818.pdf

The following list of companies have expressed an interest in the
US-VISIT System requirement by participating in the Industry Conference
and/or responding to the
sources sought RFI. This list is being provided in an attempt to promote
open dialogue for potential teaming and/or subcontracting
discussions/arrangements. This listing
does not imply that any of these companies have committed to submitting
any proposal, nor is there any obligation on the part of the Government
to acquire any products
or services from those listed. To add your name to the list, or to
modify information that is contained within, please contact the US-VISIT
Program Office at (202) 305-
0845.

Sample:

Oki America, Inc.
2000 Bishops Gate Blvd
Mount Laurel, NJ 08054 Guy Dela Rosa
Manager, Business
Development 856-222-7016 [EMAIL PROTECTED]
Optimos Incorporated
4455 Brookfield Corporate Dr.
Chantilly, VA 20151 Marc Blackman
*703-488-6957
703-488-6958 [EMAIL PROTECTED]
Oracle Corporation
1910 Oracle Way
Reston, VA 20190 Jennifer Bognet Account Manager
*703-364-2212
703-217-9441 [EMAIL PROTECTED]
Orkland Corp., The
7799 Leesburg Pike
Falls Church, VA 22043 Peter Rath 703-610-4550 [EMAIL PROTECTED]

Pigradio survey of anonymizing systems

[Major Variola (ret)]

The pigs want to be able to send anonymous messages over
IP or POTS using their emergency 700 Mhz comm system:

http://www.ncs.gov/informationportal/Web_Proxy_Report.doc

RIAA can't stomache cassette recorders

[Major Variola (ret)]

"We remain concerned about any devices or software that permit listeners
to transform a broadcast into a music library," RIAA spokesman Jonathan
Lamy said.
http://wired.com/news/digiwood/0,1412,64761,00.html?tw=wn_tophead_6

sex & propoganda [psyops]

[Major Variola (ret)]

http://www.psywarrior.com/sexandprop.html

"H.M.G.'s secret pornographer"
http://www.seftondelmer.co.uk/hmg.htm

Welcome to the Church of Strong Cryptography.

[Major Variola (ret)]

At 01:26 PM 8/24/04 -0400, Tyler Durden wrote:
>>PS: I thought Tyler had nominated himself as leader?  :-)
>No, almost the opposite. I propose that any 'Cypherpunk' can declare
himself
>to be leader and make 'official statements' at any time.

Oh, then you'd be reformed cypherpunk.  The orthodoxy is that the
group has no head (an arch).  I think of it as a grad student lounge
with open doors, and a few conversations going on at once.   Anyone
can pop in (wearing a mask or not) and make a fool of himself,
or enlighten others, or ask questions (as long as they're not homework),

or even forward nominally relevent articles, or flame others for doing
so.

Of course, others
>can (and most probably will) choose to ignore the official statement,
or
>even declare himself to be leader and 'officially' rescind that
statement
>and/or issue a completely contradictory statement. This will be
particularly
>useful when getting (for instance) public interest to move elsewhere.

Or it will seem a petty schism like the Sierras or Athiests or Amerikan
Xians etc..

The only coherence is an interest in crypto and society.  This
reasonably
extends to privacy, opsec, surveillance and reverse-surveillance,
OS bugs, hardware, censorship, finance, etc.
Read the fatwa --er, the cyphernomicon :-)   Read the Bill of Rights,
(now a quaint obsolete historical document) and think about technology.

>For instance, it might be usefulto have an official statement ready
if/when
>the Cryptome press starts poking around Cypherpunks:

The useful statement is May's Cyphernomicon (ie an outline) and the bulk

of the discussions of the last 12 years (better get a few reams of paper
for
the printout, Mr. Fed).   PKZ's rant is also good introductory material
IMHO.

>FOR IMMEDIATE RELEASE
>Cypherpunks is a collection of diverse individuals dedicated to
preserving
>the freedoms that all Americans value. As part of this effort,
Cypherpunks
>periodically analyzes the systems used by terrorists and other enemies
of

^

and governments

>freedom in an attempt to strengthen such systems and prevent their
abuse.

Even with my addenda your statement is too restrictive.  E.g., some
here, I have
gathered, worry about corporations (but not LLCs) too.

.and now, some quotes for Tom Ridge to ponder.

Forget turbans, real terrorists wear neckties.

"Stop shedding our blood to save your own and the solution to this
simple
 but complex equation is in your hands. You know matters will escalate
the more you
delay and then do not blame us but blame yourselves. Rational people do
not risk their
security, money and sons to appease the White House liar."

"Can you hear me now?" -UBL


"Naturally the common people don't want war...But, after all, it is the
leaders of a country who determine policy, and it is always a simple
matter
to drag the people along, whether it is a democracy or a fascist
dictatorship, or parliament or a communist dictatorship. All you have to
do
is tell them they are being attacked, and denounce the pacifists for
lack of
patriotism and exposing the country to danger. It works the same in
every
country."
--Hermann Goering, (1893-1946) Nazi Reichsmarschall, at the Nuremberg
Trials, 4/18/46. From _Nuremberg Diary_ by Gustave Gilbert.

The risks posed by ignorant politicians may
yet be far more dangerous that the odd virus and software mistake.
Prof. Dr. Debora Weber-Wulff

Additional case studies are needed, however, to determine which traits
of chemical and biological terrorists might help identify them
because charisma, paranoia, and grandiosity are alo found to varying
degreees among, for example, leaders of political parties, large
corporations, and academic depts. --John T Finn, _Science_ v 289 1
sept 2000

We have always been at war with Oceania bin Laden -Orwell

In no part of the constitution is more wisdom to be found, than in the
clause which confides the question of war or peace to the legislature,
and not to the executive department.”
-James Madison

"The tragedy of Galois is that he could have contributed so much more to

mathematics if he'd only spent more time on his marksmanship."

"Your children are not safe anywhere at any time."  -IAMGodsniper
commenting perhaps on the USG's propensity for using them as cannon
fodder.

"Quis custodiet ipsos custodes?"

"When a man assumes a public trust,
he should consider himself public property."

Bluffs will be published if comical but otherwise ignored. -JY

SAFETY RULES FOR US STRATEGIC BOMBERS
 5.1. Don't use nuclear weapons to troubleshoot faults.
http://cryptome.org/afi91-111.htm

Re: Digital camera fingerprinting...

[Major Variola (ret)]

At 11:52 PM 8/24/04 -0400, Dave Emery wrote:
> Just a random distraction from the normal topics (but not
>completely irrelevant either)...

Highly relevant sir.

> He told me that especially in the low end camera market NO
>sensors used were completely free of anomalous pixels (black, white,
>dim, bright etc) and much of the actual processing in digital camera
>firmware was related to masking or hiding the inevitable defects which
>apparently can include (at least in CMOS sensors) entire rows or
columns
>that are bad.

Kinda like disk drives and DRAM arrays.  Its all about yield.
Covering up mistakes transparently.

> This got me thinking - clearly these concealment patches are not
>completely undetectable in families of (multiple to many) images taken
>with the same exact camera... and for the most part the defects are
born
>with the sensor and change little over time if at all.   And with few
>exceptions they are random, and different for each sensor.

Perhaps, but the jpeg-ization might lose these, or at least the
image "unicity distance" might require many more pictures than
a careful steganographer will publish.

> Cypherpunk relevance (marginal perhaps), but the ability to say
>that a particular image or set of images came from a particular camera
>COULD have legal consequences for those bent on activities someone
>thinks of as unfriendly to their interests...

Very relevant, traffic analysis and fingerprinting (intentional or not)
are
always tasty subjects.  One question for the court would be, how many
*other* cameras have column 67 disabled?   One of every thousand?
And how many thousand cameras were sold?

Pope Major Variola (ret)

Re: Another John Young Sighting

[Major Variola (ret)]

At 09:09 PM 8/23/04 -0400, An Metet wrote:
>You may laugh but 74% (or whatever is the % who believes Saddam
personally
>piloted all 9/11 planes) of americans will believe it.
>
>So Mr. Young is anarchist for all practical purposes and consequences.
>And you are all his associates.

"While acknowledging himself an Anarchist, he does not state to what
branch of the organization he belongs" ---Discussing Leon Czolgosz'
shooting of President William McKinley

PS: I thought Tyler had nominated himself as leader?  :-)

Personally, I'm a sleeper cell for the Bill of Rights...

worm uses webcams to spy

[Major Variola (ret)]

ok, from /., but highly amusing

Meet the Peeping Tom worm

A worm that has the capability to using webcams to spy on users is
circulating across the
Net.

http://www.theregister.co.uk/2004/08/23/peeping_tom_worm/

Plonk this

[Major Variola (ret)]

At 09:20 AM 8/18/04 -0400, R. A. Hettinga wrote:
>>Hey, I have an idea! Why don't I write a script crossposting
>>everything from sci.crypt to cypherpunks! How about a few dozen
>>other "on-topic" newsgroups and mailing lists too?
>
>Go ahead. Are you going to reformat them for legibility first, if
>necessary? Are you going to personally decide, in *your* opinion,
>what's worth forwarding and what isn't?

>In the meantime, remember that Declan's main purpose here is to sniff
>around for stories. Which is fine, until he starts pretending he's
>Tim May (I knew Tim May -- he wished I didn't -- and, Mr. McCullagh

1. Having a mainstream meme injector like DMcC is occasionally useful,
RAH
(Consider that DHS lameass document security made it to the big time
and was reported here first.)
2. How the hell can we be reading about crossposting *and* Tim May
and *not anywhere* in your flame see the word "plonk" ???  With all
the implied discussion about consumer-end technological filtering vs.
central censorship?
3. In all honesty I think Declan's partial-quote followed by a 
and
a URL saves bandwidth and also does positively reinforce the folks
feeding the authors of the partially quoted content.  Of course,
subscription-only
(or even registration-only) services don't get such caring treatment,
they
get fair-used 'with prejudice'.  And you are free to abuse
street-performer-protocols
of course, such is the nature of things; and they are free to post their
words
as .GIFs.

Israelis voting for Bush defeated Gore

[Major Variola (ret)]

Contrary to widespread belief, it was more
likely American voters in Israel, not Florida,
who put George W. Bush in the White
House four years ago — a phenomenon that has Kerry's supporters in
Israel vowing to do whatever it takes to make certain that doesn't
happen
again in November.

Those who doubt that Americans living abroad could tip the balance in
2004 might consider this: Various chads aside, Al Gore (news - web
sites) received 202 more votes than George W. Bush on Election Day
2000 in Florida. Only after all the overseas votes were counted,
including
more than 12,000 from Israel alone, was Bush's election victory
certified.
The margin was 537 votes.
..
But in the 2000 presidential election, Zober points out, it
made no difference how Israeli immigrants from New York voted. All that
mattered was how expatriates from Florida cast their ballots.

Israel is home to roughly 6,000 former Floridians — expatriates who tend

to be more conservative than Jewish voters in New York and many of
whom voted for Bush in the last election, Zober said.

http://news.yahoo.com/news?tmpl=story&u=/ap/20040815/ap_on_el_ge/election_the_overseas_factor

Trust no one: backdoored CPUs

[Major Variola (ret)]

We worried about compromized OSes, BIOSes, read last week about
a PNG library bug that lets images run buffer exploits, now CPUs
can be backdoored:


>From Scheier's Crypto-gram:

Here's an interesting hardware security vulnerability.  Turns out that
it's possible to update the AMD K8 processor (Athlon64 or Opteron)
microcode.  And, get this, there's no authentication check.  So it's
possible that an attacker who has access to a machine can backdoor the
CPU.
 or 

Re: yes, they look for stego, as a "Hacker Tool"

[Major Variola (ret)]

At 05:30 AM 8/14/04 +0200, Thomas Shaddack wrote:
>On Fri, 13 Aug 2004, Major Variola (ret) wrote:
>
>> Even if you map a particular hash into one of a million known-benign
>> values, which takes work, there are multiple orthagonal hash
algorithms
>> included on the NIST CD.  (Eg good luck finding values that collide
in
>> MD5 & SHA-1 & SHA-256 simultaneously!)
>
>Argh. You misunderstood me. I don't want to find hash collisions, to
>create a false known hash - that is just too difficult. I want to make
>every file in the machine recognized as "unidentifiable".

No, I understood this.  In a later post it was brought up that this is
essentially watermarking your content with a unique ID, which can be
bad for P2P tracing purposes.  So I was suggesting that by using a
finite
set of 'watermarks' one could avoid essentially embedding a
unique label to one's copy of some content, at some cost in Cycles.

>The signature busting of MP3s has a disadvantage, though: makes their
>sharing back to the P2P pool more difficult, and a lot of programs
relying
>on their hash (emule, Kazaa(?),...) instead of their file name will
>consider them a different file, which causes problems with multisource
>download (though the problem won't be on your side).

True.  But I've found some manual intervention to be required anyway,
sometimes you find a few copies of the same content stored as
independent
files due to slight differences in naming or truncation.

>> Sorta like the National Forests... resource of many uses... may as
well
>> include a mixmaster payload in that worm :-) which also provides some

>> other overt free benefit like antivirus or anti-helmetic or defrag or

>> game or bayesian spamfilter or chat or screensaver or anon remailing
>> client or free ringtone :-)
>
>Free ringtones. Good attractant these days. I tend to forget about them
as
>I tend to shun fancy tones - telephones should have a distinctive ring
but
>"distinctive" does not have to mean "orchestral". But apparently there
are
>large sets of people who like it. Weird...

It was disturbing that, as the bottom fell out of telecom, and handsets
became
commoditized, faceplates and ringtones were highly profitable.
Faceplates
are at least made of atoms.  There are  several lessons there, from
economic to sociobiological (if there's a difference), none of which are
terribly pleasing in my
aesthetic.

Fortunately the whole PDA vs. cell vs. camera vs GPS vs. smartcard vs
MP3 player vs. email-pager etc bat-belt [1] frenzy will resolve in a few
years, and perhaps some of the Linux based solutions will not be
involuntary citizen-tracking devices and will support privacy of data
stored, and in transit, including voice data.  And free ring tones :-)
All that's needed is one of the hardware-selling companies to start the
process,
making money off the atoms, and possibly Sharp's Zaurus (?) already has?

Perhaps there's a biz model in buying a 3-D color prototyping machine
for $40K
and setting up a custom faceplate biz for the integrated gizmo of the
near future.
Hmm, with freedom-enabling software being distributed on the side, it
sounds like
a Heinlein novel...

[1] Batman (tm) wore a belt with too many gizmos.  Some widget-fetishist
friends/early adopters are similarly afflicted.

Re: yes, they look for stego, as a "Hacker Tool"

[Major Variola (ret)]

At 02:43 AM 8/15/04 +0200, Thomas Shaddack wrote:
>On Sat, 14 Aug 2004, Major Variola (ret) wrote:
>> It was disturbing that, as the bottom fell out of telecom, and
handsets
>> became commoditized, faceplates and ringtones were highly profitable.

>> Faceplates are at least made of atoms.  There are several lessons
there,
>> from economic to sociobiological (if there's a difference), none of
>> which are terribly pleasing in my aesthetic.
>
>Care to elaborate further, please?

I found it troubling that the tech was becoming commoditized, since this

disturbs the innovation that I find attractive.   OTOH cheap products
are nice.  And commoditization is the end-game for tech anyway.

Selling ringtones (static bits, not even a service) struck me as
oldschool as selling music, enforced in this case by proprietary
cellphone
"standards".

That "personalization" features were lucrative I found to be a comment
on human nature.  Or human-teens' nature.
Since I tend to have an engineer's aesthetic, which
I take to be fairly spartan/functional, as well as believing that
personalization should
be done by the person desiring it, I found mass-market faceplates
kind of silly.  But then I don't own any Nike baseball caps or Coke
t-shirts to express myself.  I am un-Amerikan, clearly.  There is
something
I clearly don't "get".  Herd mentality, perhaps.

Besides, the phones should be covered in conformal photocells to trickle
charge them.

>> Fortunately the whole PDA vs. cell vs. camera vs GPS vs. smartcard vs

>> MP3 player vs. email-pager etc bat-belt [1] frenzy will resolve in a
few
>> years, and perhaps some of the Linux based solutions will not be
>> involuntary citizen-tracking devices and will support privacy of data

>> stored, and in transit, including voice data.  And free ring tones
:-)
>> All that's needed is one of the hardware-selling companies to start
the
>> process, making money off the atoms, and possibly Sharp's Zaurus (?)
>> already has?
>
>Or buy an Enfora Enabler GSM/GPRS module, add a Gumstix module with
>built-in bluetooth, slap in a suitable display and keyboard, eventually

>add a GPS receiver, and we're set. All features and security modes we
can
>imagine, and then some.

I liked the Handspring's modularity, but don't know how they did in the
marketplace.  I do think that the cell makers have a decent enough
market
share to take over the PDA/camera/email etc. market, and they know
that and are working on it.  I read recently that in 5 years only pros
will
own digital cameras that do nothing else.  Similarly with GPS, PDAs, MP3

renderers & recorders, calculators, authentication tokens, smart cards,
etc.
How much extra does a hifi
audio ADC or DAC cost than an 8 Khz telecom one?   Why not let users see

their location, even if its only triangulated and not satellite based?
Non-volitile memory is only getting cheaper, smaller, with less power
requirements or awkward properties like page-based access.

>Preventing spatial tracking is difficult though, as we're dependent on
the
>cellular network for staying online. Though if the given area has wifi
>mesh coverage, it could be easier. (And if the device becomes widely
>popular, the handsets can serve as mesh nodes themselves - but that's a

>song of rather far future.)

Yes, but a nice Heinleinian corollary.

>> Perhaps there's a biz model in buying a 3-D color prototyping machine

>> for $40K and setting up a custom faceplate biz for the integrated
gizmo
>> of the near future. Hmm, with freedom-enabling software being
>> distributed on the side, it sounds like a Heinlein novel...
>
>Why not? :) Isn't the main purpose of science-fiction (at least its
>certain kinds) to be the inspiration for the future?
>
>On the other hand, perhaps it's cheaper to just get a bulk supply of
>"blank" faceplates and hire an artist with an airbrush and a talent.
>
>It's also possibly easier (and cheaper) to make the parts in more
>classical way, eg. by casting them from resin. The rapid prototyping
>machines so far usually don't provide parts that are both nice-looking,

>accurate, and with suitable mechanical properties at once.

I was thinking there are too many models to keep the things in stock
on a little beachside storefront; and you could add custom textures
with a prototyping machine.  Its also possible I'm enamoured of 3D
printers
which have no place right now in making consumer products.

>> [1] Batman (tm) wore a belt with too many gizmos.  Some
widget-fetishist
>> friends/early adopters are similarly afflicted.
>
>There is nothing like "too many" gizmos! (Well, you could call such
>situation "almost enough", but n

Re: yes, they look for stego, as a "Hacker Tool"

[Major Variola (ret)]

At 01:48 AM 8/14/04 +0200, Thomas Shaddack wrote:
>Then you have
>the forest where every tree is marked and the leprechaun is laughing.

Love that story.  But the self-watermarking you later mention is a
problem.
Even if you map a particular hash into one of a million known-benign
values, which takes work, there are multiple orthagonal hash algorithms
included on the NIST CD.  (Eg good luck finding values that collide in
MD5 & SHA-1 & SHA-256 simultaneously!)


>> These hash-CDROMs are also useful for finding unlicensed software and

>> music
>
>Another reason for making your data unique.

In that case, yes, although ultimately the RIAA could hire offshore
Indians to listen
to your stego'd/uniquified Madonna song and identify it.  (Of course,
they don't
know if you own the vinyl for it... and software can be sold by the
original purchaser, too, right?)

>> And keep your tools encrypted, or on memory sticks you can flush or
>> snap with your fingers.
>
>Beware of destruction of memory sticks

Yes something like a Tomlinson (_Big Breach_) sleight of hand with a
Psion
card is a good idea, as is the microwave oven trash can next to your
machine :-)

>A neat trick to lower the suspicion-factor for stego in JPEG or video
>could be releasing a closed-source program for Windows as either
freeware
>... and there still is a segment of consumers who think that
>when it is free, it's worthless)

And a larger segment which will stick any CD they get in the mail into
their
bootable drive.. LOL

>The sheeple don't have to be only a threat. They can be useful, if
their
>gullibility is properly exploited.

Sorta like the National Forests... resource of many uses... may as well
include a mixmaster payload in that worm :-) which also provides some
other
overt free benefit like antivirus or anti-helmetic or defrag or game or
bayesian spamfilter
or chat or screensaver or anon remailing client or free ringtone :-)

yes, they look for stego, as a "Hacker Tool"

[Major Variola (ret)]

>> A cool thing for this purpose could be a patch for gcc to produce
unique
>> code every time, perhaps using some of the polymorphic methods used
by
>> viruses.
>
>The purpose would be that they do not figure out that you are using
some
>security program, so they don't suspect that noise in the file or look
for
>stego, right?

Yes, they do.  Check the link.  The CDROM of file hashes contains a
category
"Hacker Tools" that includes the Stego tools they could
download from the 'net.

Any jpg which looks like noise will be of interest.And any stego
program
will make them look at your images (etc) more closely :-)

Most of the programs they've hashed is so the forensic pigs can discount
them.
But they would find known-stego tools very interesting.
And they would find them, even if renamed, from their sigs; but not if
polymorphic or encrypted, but then they would be in the "unknown"
category, along with user-created files.  And programs :-)   To be
manually
inspected by a forensic dude.

These hash-CDROMs are also useful for finding unlicensed software and
music



Osama sez: Always use original images and sounds as stego carriers.  And

keep your tools encrypted, or on memory sticks you can flush or
snap with your fingers.

Re: Forensics on PDAs, notes from the field

[Major Variola (ret)]

At 02:11 PM 8/13/04 -0400, Sunder wrote:
>If you're suspected of something really big, or you're middle eastern,
>then you need to worry about PDA forensics.  Otherwise, you're just
>another geek with a case of megalomania thinking you're important
enough
>for the FedZ to give a shit about you.

Perhaps you're a geek working for people who think they're important
enough?

In any case, its not just the FedZ, the locals send the tricky shit to
the FedZ
if they don't have the LabZ.   Same as with arson, poisonings, etc.
So we all fall under the same logic-analyzer-panopticon.

Re: Forensics on PDAs, notes from the field

[Major Variola (ret)]

>On Fri, 13 Aug 2004, Thomas Shaddack wrote:
>> In the world of industrial espionage and divorce lawyers, the FedZ
aren't
>> the only threat model.

At 03:06 PM 8/13/04 -0400, Sunder wrote:
>Right, in which case GPG (or any other decent crypto system) is just
fine,
>or you wouldn't be looking for stego'ing it inside of binaries in the
>first place.

I don't think Sunder grasps how much fun divorce lawyers can be.

So, Mr. Smith, what *do* you hide with your crypto tools?   And why
won't you let the court examine the plaintext in camera, if your
content is so benign?   (Or are your ex-wife's accusations true?)

Also, public schools prohibit the use of encryption.  No kidding.

And finding a crypto tool on a .mil slave's personal machine may be
indicting evidence, given their lack of civilian legal processes, when
accused by their own.

Since mere possession of lockpick tools is criminal, do you really
think you can possess crypto tools freely?

Re: Forensics on PDAs, notes from the field

[Major Variola (ret)]

At 01:46 PM 8/13/04 -0400, John Kelsey wrote:
>>From: "Major Variola (ret)" <[EMAIL PROTECTED]>
>>Obvious lesson: Steganography tool authors, your programs
>>should use the worm/HIV trick of changing their signatures
>>with every invocation.  Much harder for the forensic
>>fedz to recognize your tools.  (As suspicious, of course).
>
>I would have thought the obvious lesson was to keep all your important
work on an >encrypted disk partition, with a good password and a high
iteration count.  This is true not >just for criminals and terrorists,
but for anyone who doesn't want the information on their >hard drive
read by anyone who happens to steal their computer.

If you include "PDA & Cellphone" as computer;
or include "flash eeprom" as a "hard drive", then we agree.

Most Persons of Interest will have secrets on their mobile gizmos (which
use flash memory) as well as their PC's spinning disks. Sync'ing the
PDA + PC means the security
boundary includes them both.

The important lesson is that all your gizmos will be seized and
analyzed.  And that
the world needs good Linux-based-PDA & flash-mem-compatible security
tools.
And don't forget the epoxy...

Re: Forensics on PDAs, notes from the field (your teenage son's homemade porn)

[Major Variola (ret)]

At 10:07 PM 8/13/04 +0200, Thomas Shaddack wrote:
>On Fri, 13 Aug 2004, Tyler Durden wrote:
>
>> And it seems to me to be a difficult task getting ahold of enough
photos
>> that would be believably worth encrypting.
>
>Homemade porn?

Your 16 year old son's homemade porn.

[google on Heidl & rape; a deputy sheriff's teen son makes a porn movie
with
a passed out teen and gets busted]

Re: Forensics on PDAs, notes from the field

[Major Variola (ret)]

Quoth Thomas Shaddack <[EMAIL PROTECTED]>

> Obvious lesson: Steganography tool authors, your programs
> should use the worm/HIV trick of changing their signatures
> with every invocation.  Much harder for the forensic
> fedz to recognize your tools.  (As suspicious, of course).

It should be enough to do that at the installation time. The adversary
in
this model gets to analyze the file only once, and we want to make sure
that nobody tampered with the file as a protection against other, more
"active" threat models. What we want is to have a file and its hash, so
we
can make sure the file content is unchanged, but the hash has to be as
globally-unique as possible.

> The NIST CDROM also doesn't seem to include source code amongst its
> sigs, so if you compile yourself, you may avoid their easy glance.

A cool thing for this purpose could be a patch for gcc to produce unique

code every time, perhaps using some of the polymorphic methods used by
viruses.

Just adding a chunk of data to make the hash unique will work against
the
current generation of the described tools. But we should plan to the
future, what moves the adversary can do to counter this step.


Dear TS: you have very good ideas.

Forensics on PDAs, notes from the field

[Major Variola (ret)]

Saint John of Cryptome has a particularly tasty link to
http://csrc.nist.gov/publications/drafts.html#sp800-72
which describes the state of the art in PDA forensics.

There is also a link to a CDROM of secure hashes of
various "benign" and less benign programs that the
NIST knows about.  Including a list of "hacker" programs.
Including stego.   Pigs use this to discount commonly-distributed
software when analyzing a disk (or, presumably, your PDA's
flash).  See http://www.nsrl.nist.gov/
also http://www.nsrl.nist.gov/Untraceable_Downloads.htm

Obvious lesson: Steganography tool authors, your programs
should use the worm/HIV trick of changing their signatures
with every invocation.  Much harder for the forensic
fedz to recognize your tools.  (As suspicious, of course).

The NIST CDROM also doesn't seem to include source
code amongst its sigs, so if you compile yourself, you may avoid their
easy glance.

Notes from the Field:
My paper & image handling kiretsu job has a fellow working
on secure Linux disk-drive delete --even if you pull the plug, on power
up it finishes the job.   Nice.  Thank you, HIPAA, banks, etc.

Re: [osint] Al Qaeda's Travel Network

[Major Variola (ret)]

>>Al Qaeda operatives rarely travel directly from Point A to Point B.
Instead, they jump from country to country, with each destination
having its own end use and with multiple stops between beginning and
end.<<

Hey, don't they know that onion-routing was patented by the Navy?
Or that the mix network has prior art?

If Alfred Queue has grokked traffic analysis, well its about time.

All your Paki Inet Cafes are belong to us.

Re: A Billion for Bin Laden

[Major Variola (ret)]

>>With the possibility of earning a $1 billion bounty, however,
professional Bin Laden hunting firms would form, allowing the U.S. to
enlist the efficiency and creativity of the free market in our fight
against Osama.<<

This is brilliant, worthy of being called channelling Tim M.  As it
relies entirely on free association and the rational marketplace.
Nevermind
that the reward is stolen from the sheeple.

What the DC future-corpses don't grok is that the Sheik's network
is not financially or career motivated, unlike themselves.
And xianity (or even amerikan patriotism which sometimes
substitutes) is too neutered to counter it.

Get your filthy hands off my desert, indeed, or else.

See you in Athens.

Bluesniper question

[Major Variola (ret)]

Why do the long range RF folks always use Yagis?  Aren't
Yagis supposed to be fairly broadband?  Aren't there
other highly-directional (ie high gain in one direction)
antennae which (simply by virtue of being narrow bandwidth)
would be better?

Or is it that Yagi's broadband-ness allows for more slop
in manufacturing, as when you're using pringles & hardware-store
washers?

BTW seems to me that a (wire-mesh, thank you Morlock)
parabolic would be better.The optical scope can
look right through the mesh.  (Use a night vision scope
and IR beacon on your target if the target agrees, or
is in a parked car with hot brake pads.  In Calif
NV scopes can't be put on rifles that launch projectiles
but you're not launching anything but photons (in the case
of sending Bluetooth commands.)

PS: From the photo the Yagi rifles look like they are polarization
sensitive, having linear (vs + shaped) directors.

Re: Is Source Code Is Like a Machine Gun?

[Major Variola (ret)]

Re "Is Source Code Is Like a Machine Gun?"

A better thought experiment would be a numerically controlled machine
and a control tape, which, when the machine is turned on, produces
sculpture that is also a machine gun (or merely the sear for a machine
gun which can be dropped into a semi-automatic commodity rifle).
The NCM is as neutral as the CPU.

Also Junger is incorrect when he says "the function of a machine gun
is to kill".  The function of a machine gun is to propel bullets at a
given
rate, given a supply of cartridges, when asked to do so by a human.

The human who points the machine gun decides whether to kill
or merely punch holes in paper.  If you don't understand the distinction

you should probably avoid handling sharp objects.

And you probably don't understand that a P2P program is not for
ripping off hollywood but for free communication; its the user who
decides what content to use the tool with.

>> Eugene Volokh has posted a message on the Cyberprof email list
seeking
comments on a thought experiment as to whether the same scope of first
amendment protection should be accorded to a sculpture which happens
also
to be a working automatic weapon as to the ``source code'' of a computer

program that can be used for illegal activities.<<

Re: Wired on Navy's new version of Onion Routing

[Major Variola (ret)]

At 04:58 AM 8/6/04 -0700, Sarad AV wrote:
>Since they are using symmetric keys, for a network of
>'n' nodes, each node  need to know the secret key that
>they share with the remaining (n-1) nodes.Total number
>of symmetric keys that need to be distributed is
>[n*(n-1)]/2. Key management is harder when they
>network gets larger.

That's not the problem ---if your node freely gives out its
public key, no problem collecting them.

The real problem is: how do you know its truly a given
node's key?  The web of trust is full of holes :-), trust
isn't transitive, and Verislime is 1. not liable 2. 0wn3d by
the Fedz.

Simpson scores

[Major Variola (ret)]

http://www.technologyreview.com/articles/04/08/wo_garfinkel080404.asp

Good article re secure hashing

Re: On what the NSA does with its tech

[Major Variola (ret)]

At 02:23 AM 8/5/04 +0200, Thomas Shaddack wrote:
>
>The impracticability of breaking symmetric ciphers is only a
comparatively
>small part of the overall problem.

Indeed.  Following Schneier's axiom, go for the humans, it would not
be too hard to involutarily addict someone to something which the
withdrawl from which readily compromises any human.

Since torture is now legitimized in the US, or its proxies, have a beer
(or stronger, etc) Mohammed.

Of course, the green card offered to the housecleaning illegal is
simpler.
Ask Nikky Scarfo.

And there's nothing like raping one's children to convince the
reticent...
particularly if one's halal meal has been doped with various
psychopharms..

--

The problem with quantum computing will be coercing the qubits to
do you bidding (not just toy problems) without losing their waviness.

Not relevent to the nano-args, but your energy consumption calcs
do make it clear that Ft Meade will need some awfully big radiators :-)
Then again, its not that far from the ocean, a rather extreme
heatsink...

Still I concede that Ft Meade has no finer features than IBM.  But when
economics *don't* dictate, as they do everywhere else, one has to
ponder.  Still, the 'tographers beat the 'analysts, as you say, for
sufficiently
large keys, and sufficiently different chained ciphers.  Don't put all
your
squeamish ossifrage eggs in one basket, eh?

And stay away from Athens, ok?

Re: Al Qaeda crypto reportedly fails the test

[Major Variola (ret)]

At 10:18 PM 8/3/04 +0100, Ian Grigg wrote:

> http://www.thesmokinggun.com/archive/jihad13chap3.html

>[Moderator's Note: One wonders if the document on the "Smoking Gun"
>website is even remotely real. It is amazingly amateurish -- the sort
>of code practices that were obsolete before the Second World War.
--Perry]
> Perry M.
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to
[EMAIL PROTECTED]

I work(ed) for a major kiretsu soon bringing crypto to public
scanner/printer/copier
to your airport or hotel.  When I suggested that the paper that folks
write
strong passphrases on be backed by glass or metal instead of a pad of
paper,
they laughed.

One form of "crypto" I was forced to manufacture was obviously
succeptible to replay attacks if you merely leased the same model
scanner/printer/copier for a week and had a pringles' can during
transmission.  Or rev-eng the driver.
Convenience trumps security once again.

Not surprising the dinosaurs largely died out, the more I see of them.

Today I pointed out that their 802.11 blah gizmo was inside a Faraday
cage ie a locked sheet metal cabinet.  No wonder their wifi didn't work,

eh?

Not making this up...