[liberationtech] GCSC critical infrastructure survey
One of PCH’s long-term efforts has been to encourage governments to restrict their use of offensive cyber capabilities against the private sector. As you might imagine, this is a reasonably popular idea everywhere except the US, Russia, and China. As the GGE effort in the UN has stalled, we’ve successfully prevailed upon a number of governments, lead by the Dutch and Singaporeans (but with French participation as well) to stand up a purpose-specific commission on this issue, to try to establish a diplomatic norm. https://cyberstability.org/about/ We’re currently working in two working-groups, one focusing on what the norm would say (i.e. what specific behaviors would be discouraged, and under what circumstances), and the other focusing on the infrastructures about which it would be said (for instance, should hospitals, schools, or the electric grid be excluded from targeting-lists?). I’m coordinating that second working-group, and we have a public survey, in which we’re assessing what people think should be protected: https://www.surveymonkey.com/r/criticalinfrastructure We’re getting very good input from the Internet technical community, but somewhat less from the Internet Governance / Civil Society / Diplomatic communities. Please consider taking the survey (should just take a couple of minutes) to help us establish a broad-based consensus on what infrastructures are worthy of special protection, and encourage others to take the survey as well. Much appreciated, -Bill Woodcock Executive Director Packet Clearing House -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing the moderator at zakwh...@stanford.edu.
Re: [liberationtech] Twitter robots now block Internet Archive?
FWIW, I just asked Brewster, and he said that it's "always been blocked." -Bill > On Apr 9, 2017, at 02:26, Yosem Companyswrote: > > From: Christopher Philippo > > It used to be that one could access archives of Twitter posts, and if there > were no archive of a particular Tweet or Twitter feed one could create it. > > That doesn’t seem to be the case now? > > https://web-beta.archive.org/web/*/https://twitter.com/realDonaldTrump > > When and why did the change occur, if this is not merely a momentary glitch? > > Chris Philippo > > -- > Liberationtech is public & archives are searchable on Google. Violations of > list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, > change to digest, or change password by emailing moderator at > compa...@stanford.edu. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] PGP keysigning at ICANN 52 / Singapore
On Feb 7, 2015, at 2:12 PM, Dr Eberhard W Lisse e...@lisse.na wrote: where will this be? There have been enough respondents to the Doodle poll that I think it’s safe to fix the two times at 10am on Sunday, and noon on Tuesday. There is no respondent who isn’t able to make one or the other of those two times, and most people can make both. David, can you or your staff suggest a location in the venue? I haven’t heard anything from David, so let’s just use a back corner of the rotunda where the registration badge pickup is, at the top of the escalators, in the conference center. There are plenty of tables and chairs. I’ll stake one out early, and keep an eye out for everyone I recognize. I’ll bring paper printouts of the keyring, also. See (many of) you in twelve hours. -Bill -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] PGP keysigning at ICANN 52 / Singapore
On Feb 8, 2015, at 2:26 PM, stefi st...@gn.apc.org wrote: missed you guys today. is tuesday at noon still on? Yes. Please add your key to the keyring before then. Thanks. -Bill -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] PGP keysigning at ICANN 52 / Singapore
On Feb 2, 2015, at 9:17 PM, Bill Woodcock wo...@pch.net wrote: I imagine a number of you will be at the ICANN meeting in Singapore next week. There will be a PGP keysigning during the ICANN meeting. The keyring is on BigLumber: http://biglumber.com/x/web?keyring=7522 There have been enough respondents to the Doodle poll that I think it’s safe to fix the two times at 10am on Sunday, and noon on Tuesday. There is no respondent who isn’t able to make one or the other of those two times, and most people can make both. David, can you or your staff suggest a location in the venue? -Bill -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Cuba: 5% Internet penetration
On Jan 8, 2015, at 12:49 PM, Collin Anderson col...@averysmallbird.com wrote: On Thu, Jan 8, 2015 at 2:27 PM, Bill Woodcock wo...@pch.net wrote: It’s called fiber. Fiber is cheap? Relatively. It’s sand, somewhat processed. And it carries a lot of bits. Nothing else carries a lot of bits. So, since it’s the only option that actually carries lots of bits, it’s sorta academic how much it costs relative to other things, that don’t carry lots of bits. So, yes, less than a penny a strand-foot is cheap. -Bill -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Cuba: 5% Internet penetration
On Jan 8, 2015, at 11:21 AM, S.Aliakbar Mousavi mousavi.s...@gmail.com wrote: Hi, You just mentioned that There are technologies out there that make this cheap, feasible, and reliable. What technologies you mean? Can you give me some examples? It’s called fiber. As always, the problem is not a technological one, so the technological solution doesn’t answer the actual problem. -Bill -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Time validation for 2-step verification codes
On Aug 27, 2014, at 8:29 AM, Amin Sabeti aminsab...@gmail.com wrote: Recently, a bunch of Iranian journalists/ activists have been targeted by Iranian hackers. Some of them said their 2-step verification was active during the attack but hacker could reuse the code that sent by Google via SMS and passed 2-step verification! I was wonder to know if some folks here know the validation time for the 2-step verification code that users receive through SMS not the app. I just checked with Google security, and this was the response: I think the code lasts as long as the one displayed on a phone... I suspect that even in the case where the code is 'short lived' getting it over SMS is considered 'insecure' and really, really not the best plan :( android/i-device/blackberry all have OTP apps that work with google's 2-step, suggest that they use that instead of sms? …for the same reasons Richard Brooks outlined in his reply. -Bill -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Internet Infrastructure Software Database
Without making any claims as to the value of maintaining such a list, I'll point out that I included gcc. -Bill On Aug 3, 2014, at 3:06, danimoth danim...@cryptolab.net wrote: On 02/08/14 at 07:36am, Rich Kulawiec wrote: I think this list is a pretty good starting point. Of course, having said that, now I want to edit it. ;) IMHO the idea is pretty stupid. The implementation also, because nobody mentioned a compiler.. lol, how to waste time -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Internet Infrastructure Software Database
On Aug 2, 2014, at 6:11 PM, Travis Biehn tbi...@gmail.com wrote: Starting it on Wikipedia? Not sure it’s appropriate for Wikipedia, since it’s just a list of people’s opinions, rather than anything remotely objective, but: https://wiki.pch.net/doku.php?id=pch:public:critical-internet-software BGP. Added bgpd. BGP per se is a protocol, rather than a package, library, or OS. -Bill -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Internet Infrastructure Software Database
On Aug 1, 2014, at 9:46 AM, Jonathan Wilkes jancs...@yahoo.com wrote: Is there anything like a database for software that is critical to a functioning internet? That’s a really interesting question. We maintain databases of critical Internet _infrastructure_, but not software. I suspect that a software list would be even more controversial and subjective than infrastructure. But that doesn’t make it less worthwhile to track. A few starting points: Applications and Libraries: BIND NSD Sendmail GnuPG and/or OpenPGP OpenDNSSEC Apache/httpd sshd OpenSSL MySQL PostgreSQL PHP Perl Safari Firefox Chrome CyrusSASL FreeRADIUS Nginx haproxy memcached Operating systems: Cisco IOS Juniper JunOS Some Linux variants, like CentOS VMware hypervisor KVM hypervisor What makes something critical? It seems like it needs to occupy a critical niche (a function that is, itself, important), be widely used, and have few easily-substituted alternatives. -Bill -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] *My* new book: DotCombat
On Jan 29, 2014, at 7:05 AM, Griffin Boyce grif...@cryptolab.net wrote: Granted, it's not written yet, but I'm starting to feel like I'm the only one in this space who *hasn't* written a book, haha. Calling dibs on the title. ;-) See if you can get it to #1 on Amazon pre-orders! :-) -Bill -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] dark mail alliance
On Nov 3, 2013, at 3:30, phree...@yandex.ru phree...@yandex.ru wrote: I don't see how pasting over a QR code in a way that's not easily detectable is somehow harder than pasting over a domain/email, or printing a real-looking fake ad and pasting it over the real one. A QR code is already isolated in an opaque white square. It's single color, and moreover, that color is black. And it's smaller than a billboard. By contrast, a textual URL or email address will be in a specific typeface, probably matched to the rest of the billboard. It's also likely size-matched to other text. Most importantly, it's likely printed right over a patterned and colored background. While you're correct that you can address, to some degree, all of those issues by wheatpasting over the entire billboard, provided you're at least as competent a visual designer as the person who executed the original ad, which is easier to print and transport? A full-color billboard, or a black-on-white sheet of tabloid-sized paper? To put this all in more practical terms, since these issues were not apparent to you, you're a less-skilled visual designer than anyone who would be paid to produce an advertisement. Therefore, you would not be capable of covertly coopting their advertisement. Yet you'd still be perfectly capable of successfully pasting over their QR code without anyone being the wiser. -Bill -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Question re Cisco auth and remote login.best-practices
Doesn't scale until airlines go multicast. :-) -Bill On Sep 22, 2013, at 22:39, Paul Ferguson fergdawgs...@mykolab.com wrote: On 9/22/2013 10:32 PM, Bill Woodcock wrote: So, if we assume the worst, and figure we're just doing damage-control and minimizing a large problem, what are the best-practices to follow in configuring Cisco routers in remote locations? Generate max-length (4096-bit?) RSA keys on them, for the SSH sessions… Use remote auth to do command-by-command authorization, no level-15 logins? Run TACACs over IPsec? Over something else? Locally trusted human. :-) - ferg -- Paul Ferguson Vice President, Threat Intelligence Internet Identity, Tacoma, Washington USA IID -- Connect and Collaborate -- www.internetidentity.com -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Brazil Looks to Break from U.S.-Centric Internet
On Sep 18, 2013, at 9:40 AM, Bill Woodcock wo...@pch.net wrote: Well, there are a bunch of different concepts being discussed. The primary one is localization of routing, which isn't just possible, it's best-practice, and something Brazil has been doing an excellent job of already for quite a few years… David asked me to write this up in a bit more detail, with links to references, et cetera: http://america.aljazeera.com/articles/2013/9/20/brazil-internet-dilmarousseffnsa.html Despite the clear benefits of these developments for Brazilians, their government's statements have been shrilly and incorrectly branded as extreme and decried as Soviet socialism by some US media. This is largely due to a misimpression that what Brazil is doing is cutting itself off from the Internet or balkanizing the Internet -- when in reality, it's building more Internet faster. et cetera. -Bill -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Brazil Looks to Break from U.S.-Centric Internet
On Sep 18, 2013, at 8:28 AM, David Johnson david.john...@aljazeera.net wrote: Interesting ... but is this even possible? http://world.time.com/2013/09/18/brazil-looks-to-break-from-u-s-centric-internet/ Well, there are a bunch of different concepts being discussed. The primary one is localization of routing, which isn't just possible, it's best-practice, and something Brazil has been doing an excellent job of already for quite a few years. If you look at https://pch.net/applications/ixpdir/summary/ you'll see that they've got 23 active exchanges, which puts them second in the world after the U.S., with 77% annualized growth, compared to 10% in the U.S. If you look at the Brazil section of https://pch.net/ixpdir you'll see that almost all of that growth has been occurring since they made it an explicit policy goal in 2008, and began aggressively implementing IXP best-practices. At a governance level, Brazil is divided. The CGI, which decides and implements domestic Internet policy, is the agency responsible for all this growth and best-practices-following. As such, they've been largely aligned with OECD-country and Internet interests. The Brazilian federal government, on the other hand, sets foreign policy, interacts with the ITU, et cetera. And so although it has no appreciable influence over what happens _within_ the country, it's what's seen by other national governments in diplomatic circles. In Internet governance, Brazil tends toward this Brazil-India-South Africa axis, which doesn't particularly align with the Internet or OECD countries, unless by accident. This is the area that Internet folks are most worried about, since those three countries are second-tier thought-leaders in the ITU, and can swing a lot of developing-country votes in their respective regions. So Brazil is, in many ways, the U.S.' opposite: they do the right thing domestically, but say the wrong thing internationally. -Bill -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Brazil Looks to Break from U.S.-Centric Internet
On Sep 18, 2013, at 9:25 AM, Bill Woodcock wo...@pch.net wrote: On Sep 18, 2013, at 8:28 AM, David Johnson david.john...@aljazeera.net wrote: Interesting ... but is this even possible? http://world.time.com/2013/09/18/brazil-looks-to-break-from-u-s-centric-internet/ Well, there are a bunch of different concepts being discussed. The primary one is localization of routing, which isn't just possible, it's best-practice, and something Brazil has been doing an excellent job of already for quite a few years. If you look at https://pch.net/applications/ixpdir/summary/ you'll see that they've got 23 active exchanges, which puts them second in the world after the U.S., with 77% annualized growth, compared to 10% in the U.S. If you look at the Brazil section of https://pch.net/ixpdir you'll see that almost all of that growth has been occurring since they made it an explicit policy goal in 2008, and began aggressively implementing IXP best-practices. At a governance level, Brazil is divided. The CGI, which decides and implements domestic Internet policy, is the agency responsible for all this growth and best-practices-following. As such, they've been largely aligned with OECD-country and Internet interests. The Brazilian federal government, on the other hand, sets foreign policy, interacts with the ITU, et cetera. And so although it has no appreciable influence over what happens _within_ the country, it's what's seen by other national governments in diplomatic circles. In Internet governance, Brazil tends toward this Brazil-India-South Africa axis, which doesn't particularly align with the Internet or OECD countries, unless by accident. This is the area that Internet folks are most worried about, since those three countries are second-tier thought-leaders in the ITU, and can swing a lot of developing-country votes in their respective regions. So Brazil is, in many ways, the U.S.' opposite: they do the right thing domestically, but say the wrong thing internationally. Sorry, hit send too soon. The third area is content and the application layer. Localizing routing doesn't make any difference if users explicitly choose a service that's only hosted elsewhere, so promoting local content and online services is also important, and an inherently good thing (in that it's more efficient from routing, performance, and economic standpoints). Getting all their users off Orkut, for instance. :-) So, my guess is that what happened here is that the Brazilian federal government went to the CGI, asked what the scoop was, got clued in, and crafted the most opportunistic possible spin on what they've already been doing (well) for the past six years. Because they've already been doing a good job of it, the announcement looks particularly momentous to people who haven't been paying attention. -Bill -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Brazil Looks to Break from U.S.-Centric Internet
On Sep 18, 2013, at 5:52 PM, Andrés Leopoldo Pacheco Sanfuentes alps6...@gmail.com wrote: What do you mean exactly by second-tier thought-leaders? I mean that, in ITU politics, there are basically three camps: the OECD country camp, the China-Saudi Arabia camp, and the undecided, our-votes-are-for-sale camp. I can explain the positions of each of these camps in more detail if you're not familiar with the ITU or what it's about. Brazil, South Africa, India (and Russia, to round out the BRICS) are firmly in the undecided camp, voting in support of the Internet in some cases, against it in others. In each case, these countries have regional influence over a set of other undecided countries, that tend to follow their vote relatively indiscriminately. This is far less true of the members of the two decided camps; there aren't, for instance, a set of countries that are otherwise-undecided about the benefits of the Internet, that vote with, say, Canada, indiscriminately. With regard to Brazil, the important thing to understand is that it's the foreign ministry of the Brazilian federal government that decides Brazil's ITU voting strategy, not CGI, and they're often diametrically opposed. It REALLY, AWFULLY, sounds patronizing and imperialistic etc. The ITU is exactly that, yes. -Bill -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Massive passive wiretapper: How to technically troll them?
On Sep 14, 2013, at 8:35 AM, Fabio Pietrosanti (naif) li...@infosecurity.ch wrote: two peer could cost $500/month Remember that it's my $500/month that you're talking about, not yours. In the larger picture, that's $500/month removed from the productive side of the global economy. Causing me to pay more money for someone to inspect things I'm not saying doesn't scale too well. -Bill -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Modulo the usual problems with HTTPS/SSL, anyone have any critiques of this?
http://www.kickstarter.com/projects/1904431672/trsst-a-distributed-secure-blog-platform-for-the-o -Bill -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] iPhone 5S Fingerprint and Records (Was: iPhone5S and 5th amendment)
On Sep 10, 2013, at 2:54 PM, Scott Elcomb pse...@gmail.com wrote: Starting a new thread - it's related but a slightly different topic. Despite having several devices with fingerprint scanners, I've never used one. With the release of iPhone 5S and all the discussion around it, I'm curious if fingerprints on file with various Law Enforcement agencies could be printed out or otherwise used to unlock devices detained at border crossings or during other investigations? Coming soon to a checkpoint near you: 3D printing in gummi-bear material. -Bill -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Announcing Scramble.io
On Aug 23, 2013, at 7:12 PM, Ali-Reza Anghaie a...@packetknife.com wrote: - (To everyone) Why is there almost never a discussion on RFCs and talking something down the pathway of what would it take to make a standard out of this? Because, at this point, very few useful standards make it through the IETF. There are things for which the IETF is completely appropriate. VoIP and jabber and so forth work pretty well in the IETF, for a variety of reasons. But something like this, which is much more about the application layer, needs to be implemented first, get a base of users and testers and contributors, and then if there's something innovative about it down at the protocol layer, that can be run through the IETF after-the-fact. -Bill -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Anonymity Smackdown: NSA vs. Tor
On Aug 7, 2013, at 12:05 AM, Roger Dingledine a...@mit.edu wrote: Consider two scenarios. In scenario one, NSA doesn't run any Tor relays, but they have done deals with ATT and other networks to be able to passively monitor those networks -- including the (honest, well-intentioned) Tor relays that run on those networks. They're able to monitor some fraction of the Tor network capacity -- whether that's 1% or 10% or 30% is a fine question, and depends on both Internet topology and also what deals they've done. In scenario two, they do that plus also run some relays. They have to deal with all the red tape of deploying and operating real-world things on the Internet, and the risk that they'll do it wrong, somebody will notice, etc. And the benefit is maybe a few percent increase in what they can watch. Why would they choose scenario two? Geographic reach. In order to observe exit and entry nodes that are not within the coverage footprints of the telcos with whom they have special relationships. -Bill -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Critically Examining What Would Happen if the U.N. (or another international body) Administered the Internet?
On Jul 16, 2013, at 3:08 PM, Zack Brisson z...@thereboot.org wrote: Have there been nuanced and balanced explorations of how the U.N. (or another international organ) could serve as reasonably equitable hub for a multi-stakeholder Internet from actors others than those with a clear position biasing their analysis? Having worked closely with the U.N., I am under no illusions as its infallibility or consistent effectiveness. But is this End of the Internet/Internet Freedom truly an inevitable outcome for either technical or political reasons? It's not a question of the end of the Internet, it's a question of whether the U.N. has any way to facilitate the continuance of bottom-up multistakeholder governance (since that's not how they operate, and none of their structures natively support non-governmental decision-making), and at a greater degree of remove, whether any nationalistic form of governance would, in the long run, preserve the end-to-end model. Most people believe that if governments were to gain control over Internet governance, that they'd do what they do with everything else, and start making national-scale divergences from the current global standards. They're strongly incentivized to do so, at the expense of global markets, and the global public, the vast majority of whom are not their constituents. It's a potential tragedy of the commons, which is held in check by the fact that it's currently communally governed, rather than individually governed, so it's governed in the common good, rather than to the maximization of individual goods at the expense of the whole. It's very difficult to talk for very long about the abstract theory of all this, before someone drags in the actual, more complicated, situation, wherein the U.N. isn't just the U.N., but also the ITU, and the ITU isn't just the ITU, but the ITU staff, and three camps of ITU member states that are at odds with each other, and that whole mess is just a pawn in the larger WTO chess-match, etc., etc., etc. -Bill -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] One time pad Management system?
On Jul 12, 2013, at 7:15 AM, Eugen Leitl eu...@leitl.org wrote: I would be very interested in hardware recommendations for an affordable, high-quality hardware RNG (ideally something like VIA Padlock RNG). We use these: http://www.entropykey.co.uk Cheap in bulk. -Bill -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] How many of us are at CFP?
...today? Apropos question, given that it's nearly lunchtime in D.C. -Bill -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [cryptography] [ipv6hackers] opportunistic encryption in IPv6
On Jun 12, 2013, at 4:25 PM, Nico Williams n...@cryptonector.com wrote: There have been many proposed ways of doing roughly the same thing. To my knowledge not one has succeeded wildly. RFC5660 has not been implemented. Lacking IPsec channels one needs something like CGA to ensure peer key/ID continuity, as otherwise IPsec only authenticates individual packets (and their senders), not *packet flows*, which wouldn't be a problem if IP addresses weren't assigned dynamically. Any reasonable way to bootstrap this off DNSSEC and dynamic DNS in the in-addr? More complicated than DANE, but if the key distribution is the hard part, and DNSSEC solved that, I'd rather do the hard part once and get the benefit of it for multiple other protocols, rather than reinvent the wheel each time. -Bill -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Designing the best network infrastructure for a.Human Rights NGO
Ah, yes, those expensive man-hours. Security is so much easier when you don't give it time and attention. It also doesn't work. -Bill On Feb 28, 2013, at 8:09, anonymous2...@nym.hush.com anonymous2...@nym.hush.com wrote: I knew this was coming at some point. Yes I am starting with Windows, it's more functional (awaits incoming) and costs less in terms of expensive man hours (the hidden cost vs software) for an Linux guru to run and monitor the network. On Thu, 28 Feb 2013 13:03:00 + Bill Woodcock wo...@pch.net wrote: You want to do this securely, and you're _starting_ with Windows? -Bill On Feb 28, 2013, at 7:40, anonymous2...@nym.hush.com anonymous2...@nym.hush.com wrote: Hi, We are a human rights NGO that is looking to invest in the best possible level of network security (protection from high-level cyber-security threats, changing circumvention/proxy to protect IP address etc, encryption on endpoints and server, IDS/Physical and Software Firewall/File Integrity Monitoring, Mobile Device Management, Honeypots) we can get for a our internal network. I was wondering if people would critique the following network, add comments, suggestions and alternative methods/pieces of software. (Perhaps if it goes well we could make a short paper out of it, for others to use.) -Windows 2012 Server -VMWare virtual machines running Win 8 for remote access -Industry standard hardening and lock down of all OS systems. -Constantly changing proxies -PGP email with BES -Cryptocard tokens -Sophos Enterprise Protection, Encryption and Patch management -Sophos mobile management -Encrypted voice calls for mobile and a more secure alternative to Skype via Silent Circle. -TrueCrypt on all drives - set to close without use after a specific time -Easily controlled kill commands -False and poison pill files -Snort IDS -Honeypots -Tripwire -Cisco Network Appliance -No wifi -Strong physical protection in a liberal country as regards human rights I know there are many other factors, good training, constant monitoring, avoiding spearfishing, penetration testing, etc but if possible I would please like to keep the conversation on the network design and software. Thanks guys. -Anon -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Designing the best network infrastructure for a.Human Rights NGO
Sorry, thought you'd asked for advice about the best possible way to do it. Didn't realize you meant best possible with no time or attention. But, wait, that's not quite it either, is it? You meant that you don't want to invest _your_ time and attention, but you think people on the list can solve that for you by contributing _our_ time and attention? I'm not sure it works that way, but perhaps someone who's feeling more charitable than I am right now can suggest the best possible solution that requires none of your time and attention and runs on Windows. Since I'm now 34 hours into an Ottawa-bound itinerary for the CIF, a tip of the hat to Canada: As secure as possible, under the circumstances. -Bill On Feb 28, 2013, at 8:22, anonymous2...@nym.hush.com anonymous2...@nym.hush.com wrote: Can we please get back to the issue at hand On Thu, 28 Feb 2013 13:16:03 + Bill Woodcock wo...@pch.net wrote: Ah, yes, those expensive man-hours. Security is so much easier when you don't give it time and attention. It also doesn't work. -Bill On Feb 28, 2013, at 8:09, anonymous2...@nym.hush.com anonymous2...@nym.hush.com wrote: I knew this was coming at some point. Yes I am starting with Windows, it's more functional (awaits incoming) and costs less in terms of expensive man hours (the hidden cost vs software) for an Linux guru to run and monitor the network. On Thu, 28 Feb 2013 13:03:00 + Bill Woodcock wo...@pch.net wrote: You want to do this securely, and you're _starting_ with Windows? -Bill On Feb 28, 2013, at 7:40, anonymous2...@nym.hush.com anonymous2...@nym.hush.com wrote: Hi, We are a human rights NGO that is looking to invest in the best possible level of network security (protection from high-level cyber-security threats, changing circumvention/proxy to protect IP address etc, encryption on endpoints and server, IDS/Physical and Software Firewall/File Integrity Monitoring, Mobile Device Management, Honeypots) we can get for a our internal network. I was wondering if people would critique the following network, add comments, suggestions and alternative methods/pieces of software. (Perhaps if it goes well we could make a short paper out of it, for others to use.) -Windows 2012 Server -VMWare virtual machines running Win 8 for remote access -Industry standard hardening and lock down of all OS systems. -Constantly changing proxies -PGP email with BES -Cryptocard tokens -Sophos Enterprise Protection, Encryption and Patch management -Sophos mobile management -Encrypted voice calls for mobile and a more secure alternative to Skype via Silent Circle. -TrueCrypt on all drives - set to close without use after a specific time -Easily controlled kill commands -False and poison pill files -Snort IDS -Honeypots -Tripwire -Cisco Network Appliance -No wifi -Strong physical protection in a liberal country as regards human rights I know there are many other factors, good training, constant monitoring, avoiding spearfishing, penetration testing, etc but if possible I would please like to keep the conversation on the network design and software. Thanks guys. -Anon -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Comprehensive overview of IG related processes
On Jan 14, 2013, at 1:02 PM, Marcin de Kaminski marcin.de_kamin...@soclaw.lu.se wrote: Hi! I'm looking for a tool (or list) that visualizes the multitude of Internet Governance related processes going on atm. Is anyone aware of such a service? Processes is more complicated than meetings, but this may give you a start: http://internetmeetings.org -Bill -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Bitcoin and The Public Function of Money
On Oct 30, 2012, at 2:10 PM, Dmytri Kleiner d...@telekommunisten.net wrote: The critical feature required of public money is that we can socially determine how much of it there is, and how much of we want to apply to public purpose. We need ways to create and destroy public money so that we can can have a counter-balance to private activity, to manage cycles, to counter-balance economic sectors, and to socially pursue public objectives. -- Dmytri Kleiner Venture Communist Something I've noted about both Bitcoin and bullion-backed currencies, that might hold true of some other currencies as well, is that they're the product of the consumption of labor. With bitcoin, you can waste CPU cycles on a task with no intrinsic value, and the result is bitcoin. With bullion-backed currencies, you can send miners into one hole in the ground to consume calories, and construction workers into another hole in the ground to consume calories and construction materials, and move metal from one hole to the other, and the result is money. Potlatch economies have always resonated a little more sympathetically for me. -Bill Vladimir Ilyich Perkins Woodcok -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] anyone attending WCIT-12?
On Oct 24, 2012, at 8:30 AM, Muzammil M. Hussain muzam...@uw.edu wrote: I'll be attending WCIT-12 http://www.itu.int/en/wcit-12/Pages/default.aspx -- anyone on this list headed to Dubai in December? Are you going as part of a delegation? -Bill -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] First World Internet freedom problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 http://www.guardian.co.uk/uk/2012/jun/15/girl-photos-school-meals-blog?CMP=twt_gu -Bill -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJP21W9AAoJEG+kcEsoi3+HAzgP/1GcgCSITPybES8m0QNgZubk epIep9mOl29km90FPrVB9FME6uoHJHxr8NDhQfGkyciEzVOQ65ESCyc2qtQlXrlU BcTFtCHBSVdjEpU4meMqTWzfXEZJ50C2RdhBKFc82PSI+RZJD5A5XWil0W3Zdn6N WElKJNcD6su72Oke+w8QUcYmstMAJcstgNNYvaPpU6hnk60E8NkUmdGpDiI/1VD2 1WSEJ9ijMA0qNzNgYP76pY+AberhzbKE82c6+cCMwytTJSG90cY197pdGwaILvji OMu5h5tlHISZaRWMIAy+wzI0OqtzlSWe6TE/2L6RE210vU7H4H7OwjftVPlBs7sE WPM5s9gS0k4VLjjk58RiI928pwlvxNqgU7/JphSeU2HKVpPJEYFxrrc/EDAliRyo KYz6mCkJww1yRasfSE0AuQm6ZgTBqDiKWY3WpQZ+82+3XIv2uDDKCgnHz/gyyByt z32iO3V8SgmyUTxdCgiQGdc5mDObvXWUrpdJVIhoKh0EqI/PW7PdM76NT3eU//Em PmivhQV/mgui4+ioLUWFYj2Ao9dm3AZJz3Rp+w0psOy0yi1S2DcfrzchyrZeBgnJ IguYva32hwBizVLcb1iOBBlswgDDue5IyzOEmW1X8pTufOtCWsVLEauTVwF23zP2 KtPG/0Xrda7Ct2WsYAbX =t/tb -END PGP SIGNATURE- ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech