Re: [liberationtech] Looking for discussants on emerging technology and urban resilence

[Wendy Dent]

Dear Lina

I´d be happy to be involved. Wearable technology and data visualization are
part of my current work/ projects.

Feel free to forward this on to Linda.

Best,
Wendy

Wendy Dent
Writer - Filmmaker - Consultant- Speaker - Entrepreneur
World Economic Forum Young Global Leader 2013-2018
www.wendydent.com




On Wed, Jul 23, 2014 at 10:57 AM, Lina Srivastava 
wrote:

> Hi all,
>
> Writing on behalf of a colleague, Linda Raftree, who is looking for
> potential local discussants to invite to meetings in Buenos Aires, Seoul,
> Dublin, and Nairobi to talk about emerging/futuristic technologies (3D
> printers, wearables, drones, data vizualizations, etc.) and their potential
> uses (and drawbacks) for supporting urban resiliency.
>
> Here's the link to the events: http://tech4resilience.blogspot.com/
>
> Probably the best way to contact her is through her Twitter account --
> @meowtree 
>
> ​Thanks,
> Lina​
> ​
>
> --
> Lina Srivastava
> --
> linasrivastava.com  |  twitter   |  linkedin
> 
>
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Looking for discussants on emerging technology and urban resilence

[Lina Srivastava]

Hi all,

Writing on behalf of a colleague, Linda Raftree, who is looking for
potential local discussants to invite to meetings in Buenos Aires, Seoul,
Dublin, and Nairobi to talk about emerging/futuristic technologies (3D
printers, wearables, drones, data vizualizations, etc.) and their potential
uses (and drawbacks) for supporting urban resiliency.

Here's the link to the events: http://tech4resilience.blogspot.com/

Probably the best way to contact her is through her Twitter account --
@meowtree 

​Thanks,
Lina​
​

-- 
Lina Srivastava
--
linasrivastava.com  |  twitter   |  linkedin

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] DNSSEC to the rescue. Was: Snakeoil and suspicious encryption services

[Aymeric Vitte]

Le 23/07/2014 01:52, Jérôme Pinguet a écrit :
But why stick to JavaScript and the browser after all? These are 
endangered species.


??? You must be kidding...

In the US, mobile apps made up 47% of Internet traffic at the 
beginning of this year, overtaking the PC (45%). Mobile browsers 
accounted for only 8% of the traffic. The rest of the world is 
following at an even greater pace. Willy-nilly, crypto for the masses 
will be on mobile app, or never will be.


Do you mean we should trust mobile apps outside of the browser? I 
would'nt, the advantage of the browser is that it is present on any 
device and so widely used that you can trust it if it is proven that the 
app is using it correctly, and you can use the same app on any device, 
if the browsers are messing around people would detect it, the 
disadvantage is that it depends on a very few vendors which decide and 
specify whatever they like, but that's probably still better than having 
to check I don't know how many mobile apps and their providers, the 
browser app does not depend on what said vendors might have decided to 
track,spy, insecure you


Probably, if there are not many mobile apps inside browsers today it is 
only because the mobile browsers still can not do the job correctly and 
fail to behave the same, I did some mobile apps some time ago, the 
conclusion was a little bit in contradiction with what I am saying here: 
the code was full of "if ios, if android, if bb, if bada, if ie, if 
safari, if ff, if chrome..." and the result less convincing than a 
native app, but at last this was working on any platform without 
installation, this is evolving fast I believe.




Among the happy few GPG people, how many delay answering because 
they're away from their laptop and couldn't be bothered to replicate 
the complicated process of setting up GPG with APG/K9 mail, plus 
generating a subkey for signing on a less secure device?


How many Android apps are written in JavaScript?

A signed native app on FreeDroid repo that runs on Replicant, 
CyanogenMod (or Android if you like to live on the edge) could become 
the encryption killer app. The (heavily centralized) Blackphone has 
sold out, even though it's compatible with nothing.


IMHO, real liberation technologies can only be based on decentralized 
trust systems.


Not saying that there are no other alternatives but that's exactly the 
goal of Peersm: everything is distributed inside browsers which are 
relaying the traffic for each others.


--
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

--
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change 
to digest, or change password by emailing moderator at compa...@stanford.edu.

Re: [liberationtech] DNSSEC to the rescue. Was: Snakeoil and suspicious encryption services

[Aymeric Vitte]

So let's reexplain: those that do not trust the current mechanism of 
Peersm to load the code (which includes already some protections) and 
fear a mitm attack can get it through other channels and run it inside 
their browser.


Other channels means: other sources that provide the code with its hash 
(hopefully the same one!!), Peersm code can not fit in tweets but easily 
fits in websites, links, torrents, anonymous networks, potentially you 
could just use Peersm itself to check it (upload the code with Peersm 
app from your disk to your browser, check the hash, decrypt/encrypt it)


Asking every user to check the whole code would be ridiculous, among the 
sources someone skilled enough might have done the job and can certify 
that the related code is OK for other users.


"Skilled enough" --> a serious js dev, unlike what you seem to state, 
it's really easy to see what a js code is doing whatever obfuscation 
means or strange thing the issuer have used/put in it


Now you seem to mean that 400 kB is big for Peersm, you probably don't 
realize all what it is doing (Peersm protocol, Tor protocol, SSL/TLS, 
certificates, crypto, RSA, DH, etc) for a so small code compared to 
other technos doing the same with dozens of MB at minimum.


Regards,


Le 23/07/2014 02:20, Tony Arcieri a écrit :
On Tue, Jul 22, 2014 at 4:38 PM, Aymeric Vitte > wrote:


And checking what is doing a 400 kB js code is trivial for any
serious js dev


This assertion is completely ludicrous, especially when you're talking 
about trying to find a potentially stealthy malicious payload in 400kB 
of code. JavaScript benefits confusers and enables all sorts of 
obfuscation techniques which can't be easily undone through simple 
static analysis.


Asking every user to verify the integrity of 400kB of JavaScript code 
by manual review and searching for backdoors is a complete nonstarter 
when it comes to practical solutions to detecting compromise.


TweetNaCl, by comparison, fits in 100 tweets.

--
Tony Arcieri




--
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Snakeoil and suspicious encryption services

[Dan Blah]

Maybe useful, a growing list of "next generation secure email or email-like
communication" clients here: https://github.com/OpenTechFund/secure-email



On Fri, Jul 18, 2014 at 3:59 PM, Lorenzo Franceschi-Bicchierai <
lorenzo...@gmail.com> wrote:

>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hey guys,
>
> After The New York Times video suggesting a few questionable services to
> encrypt email (see here:
>
> http://www.nytimes.com/video/technology/personaltech/10003002385/easily-encrypt-your-email.html?smid=tw-nytimes
> )
> I was wondering if it's time to make a list of not-so-good snakeoil
> encryption services that have popped up after the Snowden revelations.
>
> As a reporter, I have received pitches for around a dozen different
> products, but wanted to ask you if you've seen any, and why you think
> they might not be good. Here's a short list to get you started (I'm not
> saying all these are terrible, we should look into them and figure out
> why they might or might not be good):
> - -Virtru (https://www.virtru.com/)
> - -Shazzlemail (http://shazzlemail.com/)
> - -Protonmail (https://www.indiegogo.com/projects/protonmail)
> - -InfoEncrypt (https://www.infoencrypt.com/)
>
> Feel free to also highlight good sevices,
>
> Cheers,
>
> lfb
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJTyTYjAAoJEPHPGY+/UITwULUQAIg4PzGrM2lQW8bp/89NpxQa
> xUlkCijBu2fJ3hFg/qejN+xGxcNHFwny4zzROfpDGLEPU36JxLjoSugXF5mLTUJg
> k9LrFyS9//jTfp3h1E09up6L+qaFlk5ThIRbFKuQH/MCk+Vxhxqrf0C5lmAGuY3Z
> lbYVBXdEw+u3DMeFTAqC9drcuigYbN7ycYTPo+FjSLrtavWY9ddcQAjp94X9zT7W
> 6c+JsGpskezfqvXwkRNMV8mF/AbvqtGmQ8EfA+8AcOFnsLP/o+Lf3n0ZYPzqxIXs
> XEVGfcsOxg+NEdpq4KM9j1t5pPRwcJWERDtXVb29VKX4rkKguoasgLpaOEZOdZje
> dYY7WrOu+i7k8U1A0zE0Ob16gQJrYpOBV+WXEnP60rctlKzkerT5mY6JHUk0sdqR
> ox24ZEDLJiGMf/c1cXxBmwpnlb52yalo6xMoOFGlLogSbrW0eV9ZWPpcl+sxu/0h
> UIVj/HxHYbm5KJ9OMPPGFatBufPklaL92Nx71JPOQDlHTte0cH0VF52z6BQAqG/W
> tQLQwKFNXuRuBPQMcJuWekcnGEaqIHzzLN5Nbm6djvh0o+2fIWKCpPS2s4LkVG6N
> IutlEkuZa7z5WJChYZk/8Ch2yJ/Uh78mTPGykO9GI0r7dJ9qlpSujDVOsRBQSz5x
> MoKFdM+zVWpu5NXctAWC
> =rbQK
> -END PGP SIGNATURE-
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.