RE: Critique of CyberInsecurity report
Wow, the problem is solved, right? Wrong. With the number of systems on the net growing rapidly, any realistic extrapolation leaves the number of Windows systems as being even larger than today. Hence we face at least as much exposure as at present, which the evidence has shown is more than enough to cause tremendous economic damage. You miss out on the fact that, if Windows has, say, 90% of the machines (disregarding differences between desktop/server/whatever), the damage would, with your metric, be three times as large as the cost you point at, which would affect a third of the machines (with numbers higher than today, but still less that what they would be with 90% of machines running MS). And in fact, it is worse, because any flaws in the Mac or Linux OSs will now be just as dangerous as for Windows! What we will face is a situation where the *weakest* of the widely used OS's will determine the risk factor for the system as a whole. Yes, you are right: when you don't put all your eggs in the same basket, you have *more* risk to get crushed eggs. But, in return, you have less risk of losing *all* your eggs. The point is to contain worst case cost, at the expense of having more likely minimum cost. chosen Windows because it is popular, has good development tools, and in the early days was easier to write for (remember that up until a few years ago, the Mac lacked preemptive multitasking, and Linux wasn't even a blip on the radar). Windows 2000 was only a few years ago too. Windows NT 3 and 4 were not desktopo OSes, used only on servers. And I worked in a company that had the misfortune of running an NT 3 server. Preemptive multitasking does not imply stability, as this experience showed, though I won't claim our experience was typical. There was BeOS too, which could have been widely available save for MS having the computer makers' ear (firmly grasped in an iron fist). But you still have a fair point on this point, and I agree at varying degrees with the rest of your points, except where you come back to: The result is that we will have a system where, as pointed out above, not one but several architectures are each widespread enough to bring the net to its knees when an exploit is discovered. This network will only be as strong as its weakest link. Diversity, in this context, is a risk factor, not a risk mediator. For serial systems, not parallel ones. Encryption is a serial one. Redundancy using different systems is not: you need to destroy all branches to bring the system down (though I do not deny that you can bring the quality of service down by bringing a node down, depending on the degree of redundancy). Of course, the above holds for a more or less homogeneous distribution of the different (here) OSes. Otherwise, you have a connected graph of monocultures, and the first argument applies. -- Vincent Penquerc'h
RE: JAP back doored
CAMsg::printMsg(LOG_INFO,Loading Crime Detection Data\n); CAMsg::printMsg(LOG_CRIT,Crime detected - ID: %u - Content: \n%s\n,id,crimeBuff,payLen); Well, people say the JAP team hid it, but with that (assuming the strings appeared verbatim in the binary), they made sure someone would spot it. They essentially made sure the users would be warned about it while keeping plausible deniability. -- Vincent Penquerc'h
RE: National Emergency?
So how much of the Constitution gets shredded by Bush's declaration of a national emergency right after 9/11, and how long can he maintain that. I mean, I realize the the Constitution/bill of rights is pretty much gone anyway, but ... http://www4.law.cornell.edu/uscode/50/1622.html -- Vincent Penquerc'h
RE: National Emergency?
Funny, I've never heard or read anything about them doing this. An interesting bit in http://www4.law.cornell.edu/uscode/50/1541.html is that the US president can perform an introduction of United States Armed Forces into hostilities without Congress declaring war, if a national emergency is in effect. So the war in Iraq would seem to be essentially legal from a POV of US law. I previously thought that only Congress could do this. National emergency is a very interesting bit of the code to have if you have either a friendly majority in both houses, or if opposing you would be seen as political suicide, as was the case in late 2001... I wonder if the powers conferred include anything like law enacting with Congress bypass (for speed, you know, we don't want Congress delaying this very important new bit of anti terrorist press quashing law...) -- Vincent Penquerc'h
RE: [eff-austin] Antispam Bills: Worse Than Spam?
Nice! I've been thinking I should move there for a while. I also heard that by 2006 London and all the major cities will have seemless wifi coverage. The reason Europe is on the ball with this is the EU We're on the way. We already have seemless camera surveillance coverage. -- Vincent Penquerc'h
RE: The name of Jesus, and a novel about the Knights Templars
By the way, a fun novel with crypto scattered throughout it is the new novel The Da Vinci Code, by Dan Brown. It just came out and [...] murdered grandfather. Uncovering the clues related to the Priory of Sion, the Knights Templars, the Holy Grail, and the blood line of Jesus take the reader through France, Italy, and England. Sounds a lot like Umberto Eco's Foucault's Pendulum. I found that a really fun read. The main plot is based on a centuries old conspiracy by templars and the like, and the YHWH based reordering of the name of God is central to part of the book. Looks like someone's trying to get money easily :) Unless it's the same book and the publisher decided it would sell better with an anglo saxon name on it ? :) -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
The suicide bombers will come here entirely on their own for the most part, or perhaps with the help of Al-queda type groups. There will be no country to retaliate against. That alone could easily send us into a But that wouldn't be a good escape for a govt: mind your pawns (er, citizens) or we'll whack you. The US (and a lot of countries I'm sure) would see this as a good opportunity to target countries where bombers come from, whether or not they are govt approved or govt created. If they are, the reaction would be military. If they are not, the reaction would be more covert, with a part of political pressure for laws which follow what the US do at home, and more, due to the absence of the constitution and US negative public opinion. Or do you mean that the CIA will seek to undermine the governments of countries that boycott the US? It might not even be a gov't Undermine, and more. The CIA has a lot of practice with that, changing govts for one more palatable to the US foreign policy. Even without getting there, appropriate pressure on an existing govt can go a long way to make a country's policy more helpful. And, if done well, without the backlash provoked by military intervention. -- Vincent Penquerc'h
RE: Quote of the Day, Re: Usenet as solution to Al-Jazeera jammin g problem
Kazaa Inc should encourage this, since it is a Valenti-free Can you say substantial non-infringing use ? :) Some P2P companies would (should) love that... -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
This is from the US, fyi. It also works (and even resolves to the same thing :) from other hosts outside the US) Yup, I get it from the UK, though I didn't get it two and three days ago. URLs are all in English, though this may be normal. BTW, does anyone know about www.aljezeerah.info ? I've been getting my news from there since the start of the war, but I don't know what links it has with, say, www.aljazeera.net, since I never got there before. It's all in English, but I'm not sure about the actual affiliation and editorial line, if anyone can shed some light. -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
Connecting to www.aljazeera.net[216.34.94.186]:80... failed: Attempt to connect timed out without establishing a connection. Retrying. I get it again now, but... Strangely, Opera does reach it fast and all (though I suspect it's hitting a mirror though I explicitely refresh) but wget reached it though it waits indefinitely after the 200 OK. Maybe just overload due to heavy success (or script kiddie activity). I eventually got /index.html, and it's the Dotster page someone spoke of earlier ??? I'm starting to wonder whether Opera is using an IP it had cached earlier, whereas wget resolves anew and hits the new DNS records, which have changed since then... $ wget http://www.aljazeera.net/ --18:47:59-- http://www.aljazeera.net/ = `index.html' Resolving www.aljazeera.net... done. Connecting to www.aljazeera.net[216.34.94.186]:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] [ = ] 15,01512.45K/s 18:49:57 (12.45 KB/s) - Read error at byte 15015 (Connection reset by peer).Retr ying. --18:49:57-- http://www.aljazeera.net/ (try: 2) = `index.html' Connecting to www.aljazeera.net[216.34.94.186]:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] [ = ] 29,15330.58K/s 18:49:59 (30.58 KB/s) - `index.html' saved [29153] -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
If anyone sees a different traceroute - one that doesn't go through cw, then you may still be able to get to the site. Otherwise, it's got a single connection, and that's down. Goes through, but beyond, it seems, from the UK. $ tracert www.aljazeera.net Tracing route to www.aljazeera.net [216.34.94.186] over a maximum of 30 hops: 1 10 ms * 10 ms 217.150.100.137 2 10 ms 10 ms 10 ms 217.150.97.4 3 10 ms 10 ms 10 ms 217.150.96.1 4 10 ms15 ms 10 ms har1-serial6-1-0.London.cw.net [166.63.166.33] 5 10 ms 10 ms 10 ms bcr2.London.cw.net [166.63.162.62] 616 ms16 ms31 ms bcr2-so-7-0-0.Thamesside.cw.net [166.63.209.205] 7 391 ms 390 ms 391 ms acr2-loopback.Seattle.cw.net [208.172.82.62] 8 * 391 ms 375 ms bhr2-pos-0-0.Tukwilase2.cw.net [208.172.81.222] 9 375 ms 407 ms * csr11-ve241.Tukwilase2.cw.net [216.34.64.42] 10 391 ms 406 ms 391 ms jerry.exodus.net [216.34.83.66] 11 407 ms * 391 ms redirect.dnsix.com [216.34.94.186] Trace complete. -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
It's definitly jammed in the US. I get 503 - out of resources error. Maybe you guys can set up a mirror that isn't jammed and the US can see it that way (at least until the feds catch wind of it). Well, too late anyway, it seems... --17:37:47-- http://www.aljazeera.net/ = `www.aljazeera.net/index.html' Resolving www.aljazeera.net... done. Connecting to www.aljazeera.net[216.34.94.186]:80... failed: Attempt to connect timed out without establishing a connection. Retrying. --17:38:10-- http://www.aljazeera.net/ (try: 2) = `www.aljazeera.net/index.html' Connecting to www.aljazeera.net[216.34.94.186]:80... failed: Attempt to connect timed out without establishing a connection. Retrying. --17:38:33-- http://www.aljazeera.net/ (try: 3) = `www.aljazeera.net/index.html' Connecting to www.aljazeera.net[216.34.94.186]:80... failed: Attempt to connect timed out without establishing a connection. Retrying. -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
This is the placeholder for domain aljazeera.info. If you see Yes, try with a h at the end. -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
Is it jammed world wide? You're in COW too. Any one from .nl or .de or .fr who can pick it up still? Still, www.aljazeerah.info is still accessible if you're feeling so inclined. Odd though that the Arabic side is down but this one stays up, if they're aiming for propaganda in their own countries, mostly English speaking but not much Arabic speaking. Unless they fear some kind of Arab community backlash from the images ? Pretty good proof the scum in DC are afraid of propaganda that's not theirs. If there's something they won't like, it's this: http://www.statewatch.org/news/2003/mar/16belg.htm I believe Kissinger is already avoiding France (and probably Spain), it'd be good if he was being chased up in more countries. -- Vincent Penquerc'h
RE: U.S. Drops 'E-Bomb' On Iraqi TV
Got an ip for .info? I can't resolve that from here. 207.150.192.12 -- Vincent Penquerc'h
RE: What shall we do with a bad government...
Tim - I don't think the cowboy (aka Shrubya) knows enough economics to realize that, in the long term, income and expenditure must be in some kind of rough balance. He's always been able to lean on daddy's money. I'm wondering whether the successive US administrations are not increasingly planning to live off the world, by way of their economic debt. Buy with monkey money, never reimburse. Effectively taxing the other economies for their expenses. Though economies might be already too linked together for this to work fine, as damage to one part of the world's economy will reflect on others, including the US. Hmm, I think I'll do some googling now... -- Vincent Penquerc'h
RE: FBI discovers missing original copy of the Bill of Rights
A collector recently tried to sell it to a museum, and the FBI ran a sting to seize it using a civil seizure warrant, Now the question is, will they hunt down all originals and burn them, then claim they never existed, and all other copies have been crafted by terrorist friendly freedom hating unamerican civil liberty activists ? :) -- Vincent Penquerc'h
RE: I for one am glad that...
Force against Iraq is not pre-emptive since it is authorized by the UN Security Council resolutions 678 and 1441. North Korea does not have Interesting. So, if the UN gives Bush the right to attack Iraq, such an attack is no more preemptive ? Why would it be different from Bush giving the US army the right to attack ? Would that still be preemptive ? The fact is, Bush and his followers are lying like mad, and it shows so much I'm surprised they still manage to not laugh hard while saying those. They can claim it's not preemptive for their propaganda, but does it make it so ? No one, including me, has stated that popular support equals moral justification. I was merely pointing out that Bush was not dragging us into war since there was popular support for war. He's certainly dragging the world into war. Repercussions of this war will not be only visible in the US (and of course, Iraq, pity on them). Bush's actions are only going to give some legitimacy to terrorists. We are alone with [...] a list of countries which, for the most part, see either the leash of the master (in some cases with a large US military presence on their soil) or have been guided by the smell of money, or immaterial favors that might or might not be awarded. Good grief. -- Vincent Penquerc'h
RE: Trivial OPT generation method?
1) Get 8 bytes from /dev/urandom. (Just for sure.) Put them into the You probably know this if you use it, but /dev/random is the most random one, as it always uses system entropy, rather than falling back on an algorithm to generate more bits than are available in the pool. Since you only need 8 bytes of random seed (and if you don't need to generate many OTPs at a time...) it might be worth using it instead. Can't help you on the entropy quality though. -- Vincent Penquerc'h
RE: The burn-off of twenty million useless eaters and minoritie s
Title: RE: The burn-off of twenty million useless eaters and minoritie s Too much capitalism is as bad as too much communism. That's semantically equivalent to saying that too much economics is as bad as too much totalitarianism... Too much liberty is as bad as too much repression? Right. If you think capitalism is liberty, you have a problem. Capitalism would work as freedom catalyst only if it would not lead to the aggregation of power in some places. Once you have power, you use it. Pretending, like some did, that people with power would not use force once they reach the stage where they *can*, is disingenuous. And saying that this has then ceased to be capitalism misses the point: you end up in a society with centralized power, and which only differs from a state by the name. Which is why some capitalism is good, but too much is bad. I do concede that I'd prefer capitalism much better than communism though. My association of both on the same grounds was way overboard and triggered by this evil commie pinko nonsense. Now, I may have left my clue home, so feel free to explain *why* 100% capitalism (eg no state left, no other power) could never end up with power aggregation. -- Vincent Penquerc'h
RE: The burn-off of twenty million useless
Yeah, and too much freedom is as bad as too much slavery. Right, bub. Capitalism would only work if people weren't ready to fuck others like communism would work too for the same reasons. Like anarchy. Like anything. Depending on the time, I tend to lean either towards anarchy or towards democracy. These days, I'm leaning towards for democracy. Yes, a state, though probably an unattainable chimaera. Flame on. Lack of state would just lead to morons with guns banding together, and that would be what ? A state, without the title of one, but one nonetheless. Point is, too much capitalism seems to lead to another form of power, with the people on top being the same people that are now on top of the state. We'd need to defend against both. BTW, mails used to be deMIMEd. I send in plain text but there's a server which reconverts to HTML along the way... -- Vincent Penquerc'h
RE: The burn-off of twenty million useless
You're assuming a static agent model. Iterative interactions of smart mutually identifyable agents would trend towards increasingly benign cooperation. That in turn assumes that the population is homogeneous. There is overwhelming probability that a group will form around some people, who have charisma, or who can give others something, whether it is power, money (or ability to get stuff), or just about anything people would want. Some of these groups will want power. I'm not sure what you mean by mutually identifyable agents. If you mean that people seeking power by reducing other's freedoms, would be known, and others could react to that, then I'm not so sure it would work. Trouble is, even a very small amount of power grabbing people will fuck it all up. It's very nice to say that those who are ready to relinquish freedom for safety deserve neither, but a life of never ending combat against those who want to grab power is not something I strive for. If you mean, OTOH, that people would recognize honest people, as in a kind of reputation system, then it might have some merit to it, but would require these people to build a structure to be able to react. This structure would be, as I see it, kind of a distributed democracy. Is that what you had in mind ? Or am I completely off :) -- Vincent Penquerc'h
RE: The burn-off of twenty million useless
But other people might be encline to tag along anyway. A reputation No, because unless someone signs your stuff of their free [...] I'm not looking at this on a crypto POV, but from a human nature POV. my trust level is around zero. If I've been glowingly endorsed by other nyms in good standing (check graph for circlejerk caveat) my reputation is positive. People with really bad mana would tend to This doesn't address the point that what people do with that is not something that crypto can solve. Crypto only solves the authentication bit. My claim about whether a political sytem can work was based on human reactions, not on the relations they have with each other, with or without crypto. But I see your point, it's just that I'm not convinced that it is workable. Cooperation takes work, and time, and can be destroyed by small things. -- Vincent Penquerc'h
RE: Forced Oaths to Pieces of Cloth
While I have a lot of problem with the Pledge in any form, I think it would be greatly improved if it were made to the Constitution, rather than the flag. But wouldn't that hint to these children that they may actually have to think ? You don't have to think of a flag, you just react with (preprepared) emotions, but with a constitution... I once went to the US, in a family, for a couple of weeks, and went to high school there. I didn't know about it then, and it really took me by surprise. The whole classroom standing up to the sound the loudspeaker, like some show of warmongering made for TV in some dictatorial country. Eerie. Best of all was, we were a group of french people one day, in the library, and this happened again. We looked at each other, and tacitly decided to continue our stuff, silently, without at all disrupting their ceremony. No more than two minutes after the end of it, we got the head of the library come to us, knowing we were french, and telling us we *had* to do it... That was *years* ago. You bet that after that, some people forget to think altogether and refer back to this thorough brainwashing they had when they were kids. -- Vincent Penquerc'h
RE: CRYPTO-GRAM, December 15, 2002
Disney doesn't have the power to tell me what I may eat or smoke, except in their parks and on their property. [snip] Now, imagine a Disney owning the whole of the land of the USA, and having armed forces the size of the USA. At least, the govt has a structure that makes it more likely to be less effective at oppression. There is still a judiciary, who, when it's not bought out, can act as a kind of counter power. Yes, it's not much at all, and mostly crooked, but I still prefer that than Disney with the aforementionned assets. Damn, and I find myself arguing for the state *washes mouth* -- Vincent Penquerc'h
RE: Money is about expected future value....nothing more, nothi ng less
Yep. If I owe you 100 quid, and I give you that value of English bank notes, and you sue me in an English court saying I haven't paid, you will lose. Which is fair enough - it is the state's court so why should they help you if you don't like the state's money? If I offer you 100 pounds worth of cowrie shells, then they might take a different view. It all boils down to the ease that you can then trade afterwards with what you've been given as money, and to a lesser extent the ease of keeping it. Ease of trading includes both the amount of people likely to accept it in turn as payment, and the value that they will agree to put on the money you give. Legal money is good on both: people accept it, and they don't bicker over its value to gain a cent on a dollar. -- Vincent Penquerc'h
RE: CDR: Re: ...(one of them about Completeness)
Title: RE: CDR: Re: ...(one of them about Completeness) Mathametics is incomplete,other wise we would have known every thing about every thing. From our Popping in without the relevant background, I'm afraid, but I'll give my view on this long lasting thread anyway: Mathematics do not have to be incomplete for this reason (note that I only say for this reason). Mathematics are only rules applying on a set of facts (and, arguably, the facts themselves). I would argue that your point would rather imply that other things (eg physics, chemistry) are incomplete. -- Vincent Penquerc'h
RE: OPPOSE THE WAR! We are going to ruin Iraq to get the oil. Who 's ne
Israeli tanks aren't the ONLY things that kill someone's kids. The whole region has been at war for 100's of years. If Israel backed You do realize that the whole world has been at war for hundreds of years, do you ? Israel is now the bully in the region, and is conforted in keeping this role by the US support. This does not mean at all that this was always the case. Of course there were other bullies in the past, and possibly now too. This should not mean that this should excuse this particular bully. It is my opinion that, after the fall of the USSR, which I saw as a good thing, the US are now becoming much too dangerous and need to fall, too. Having two nuke crazed countries in the world was dangerous, but at least they were keeping tabs on each other. I am frankly scared of what the US are becoming today. Of their government's covert/overt manipulations, dishonesty, and violence. Of course, I do realize that they are not alone in this game, and that all others are doing the same kind of things. However, the US are now in a position to do this more easily, with more power, and still get away with it, which makes them so much more dangerous. They don't need actual weapons to maim any more. I just hope that Americans see this, and see that what they're going to get from this behavior isn't world domination, but either a genocide of half the planet, or a life in a bared wire world, with no freedom left, in a vain attempt to protect themselves against the rage they've patiently cultivated. -- Vincent Penquerc'h
RE: OPPOSE THE WAR! We are going to ruin Iraq to get the oil. Who 's ne
How can anyone claim that the U.S. or Israel or corporations or rich Americans are morally worse than the likes of Hussein? ...I have to bow to the urge to answer Note that everything that was proposed is bombing. Killing innocents, in an attempt to make them revolt and overthrow their leaders so you don't have to do it. Nothing was attempted (or was said on this) for killing the only person. George W Bush is a criminal. He should be jailed. This doesn't mean I will bomb the hell out of the US until the Americans jail him. The US have a long history of killing other people (note, not just bad/immoral/evil/whatever people, just the ones that happen to stand between the current government of a country and a US client government (which is *not* a democratic government most of the time a you can see from history). Thus, why should I think the US is right attacking Iraq ? I see it as yet another shameless power grab accompanied by lots of PR to make it seem like the US are punishing the nasty villain. Somebody tell Dubya this ain't Hollowood. -- Vincent Penquerc'h
Re: Did you *really* zeroize that key?
On Thu, Nov 07, 2002 at 07:36:41PM -0500, Patrick Chkoreff wrote: Everybody probably also knows about the gnupg trick, where they define a recursive routine called burn_stack: [...] Then there's the vararg technique discussed in Michael Welschenbach's book Cryptography in C and C++: How about a simple alloca/memset ? Though it would possibly be more subject to `optimizations'. -- Vincent Penquerc'h
