Re: Give cheese to france?

> But let's cut to the chase. Assume that all private grocery > store owners want to exclude people from their stores. Now > assume that 100% of them agree that effective Tuesday, only > those people who have a receipt for a $100 or more donation to > George W Bush (or Hillary Clinton, whatever) ma

Re: [IP] Open Source TCPA driver and white papers (fwd)

Mike Rosing wrote: > Thanks Eugen, It looks like the IBM TPM chip is only a key > store read/write device. It has no code space for the kind of > security discussed in the TCPA. The user still controls the machine > and can still monitor who reads/writes the chip (using a pci bus > logger for ex

Re: Supremes and thieves.

On Mon, 20 Jan 2003 15:34:09 +0800, you wrote: > > None of this is relevant to individuals copying works for scholarship or > research. "Fair Use" still applies. > > Matthew X wrote: > > > We learned as much on Wednesday when the U.S. Supreme Court ruled that > > Congress can repeatedly extend copy

Re: Television

Re- which software does big letters, I can just say that I am appalled by the ignorance. It's the standard unix "banner" program, some 20 years old. ## # ## # ##

Re: Television

On Wed, 08 Jan 2003 10:01:22 -0500, you wrote: > > WOW! > > While I may agree that Tim May seems to like anarchy as long as he's in charge of >it, he does come up with some truly destabilising and dangerous ideas every now and >then. > > Like his alter ego Jim Choate, there's some real signal bur

Re: 60 years to rights restoration

Major Variola (ret) feared: > None have yet commented that in 60 years, there will be no one left that > remembers > what things were like. Will people really just wimp out to this? Do you really think all those militia people will just doze on? Maybe people need to start asking themselves, "

the wrong poem

The saddest thing here is that this gets reported without any comment. Snuffing journalists seems far more cost effective than offing pigs. http://www.startribune.com/stories/1576/3443476.html .. Baker discounted claims by federal authorities that Maali had financially supported terrorist group

buying gold

I decided to look into these DMT Rands that everyone has been yammering about. I'm not terribly surprised to see that they are a product of the Laissez Faire City grifters. No thanks. This little investigation did spark my interest in aquiring gold, however. Do readers of this list have suggest

Re: Random Privacy

Greg Broiles wrote about randomizing survey answers: > That doesn't sound like a solution to me - they haven't provided anything > to motivate people to answer honestly, nor do they address the basic > problem, which is relying on the good will and good behavior of the > marketers - if a website

RE: Cryptogram: Palladium Only for DRM

Lucky Green wrote: > AARG! Wrote: > > In addition, I have argued that trusted computing in general > > will work very well with open source software. It may even > > be possible to allow the user to build the executable himself > > using a standard compilation environment. > > What AARG! is fa

Palladium block diagram

Here is a functional block diagram of the Palladium software, based on a recent presentation by Microsoft. My notes were a bit sketchy as I rushed to copy down this slide, so there may be some slight errors. But this is basically what was shown. (Use a monospace font to see it properly.)

Re: Cryptographic privacy protection in TCPA

Dr. Mike wrote, patiently, persistently and truthfully: > > On Fri, 16 Aug 2002, AARG! Anonymous wrote: > > > Here are some more thoughts on how cryptography could be used to > > enhance user privacy in a system like TCPA. Even if the TCPA group > > is not receptive t

Cryptographic privacy protection in TCPA

Here are some more thoughts on how cryptography could be used to enhance user privacy in a system like TCPA. Even if the TCPA group is not receptive to these proposals, it would be useful to have an understanding of the security issues. And the same issues arise in many other kinds of systems wh

TCPA hack delay appeal

It seems that there is (a rather brilliant) way to bypass TCPA (as spec-ed.) I learned about it from two separate sources, looks like two independent slightly different hacks based on the same protocol flaw. Undoubtedly, more people will figure this out. It seems wise to suppress the urge and

Re: Overcoming the potential downside of TCPA

Joe Ashwood writes: > Actually that does nothing to stop it. Because of the construction of TCPA, > the private keys are registered _after_ the owner receives the computer, > this is the window of opportunity against that as well. Actually, this is not true for the endoresement key, PUBEK/PRIVEK

Re: Challenge to David Wagner on TCPA

Brian LaMacchia writes: > So the complexity isn't in how the keys get initialized on the SCP (hey, it > could be some crazy little hobbit named Mel who runs around to every machine > and puts them in with a magic wand). The complexity is in the keying > infrastructure and the set of signed state

Another application for trusted computing

I thought of another interesting application for trusted computing systems: mobile agents. These are pieces of software which get transferred from computer to computer, running on each system, communicating with the local system and other visiting agents, before migrating elsewhere. This was a h

TCPA and Open Source

One of the many charges which has been tossed at TCPA is that it will harm free software. Here is what Ross Anderson writes in the TCPA FAQ at http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html (question 18): > TCPA will undermine the General Public License (GPL), under which > many free and open sour

Re: dangers of TCPA/palladium

Mike Rosing wrote: > The difference is fundamental: I can change every bit of flash in my BIOS. > I can not change *anything* in the TPM. *I* control my BIOS. IF, and > only IF, I can control the TPM will I trust it to extend my trust to > others. The purpose of TCPA as spec'ed is to remove my

Re: responding to claims about TCPA

David Wagner wrote: > To respond to your remark about bias: No, bringing up Document Revocation > Lists has nothing to do with bias. It is only right to seek to understand > the risks in advance. I don't understand why you seem to insinuate > that bringing up the topic of Document Revocation Lis

Re: Palladium: technical limits and implications

Adam Back writes: > +---++ > | trusted-agent | user mode | > |space | app space | > |(code ++ > | compartment) | supervisor | > | | mode / OS | > +---++ > | ring -1 / TOR | > +-

Seth on TCPA at Defcon/Usenix

Seth Schoen of the EFF has a good blog entry about Palladium and TCPA at http://vitanuova.loyalty.org/2002-08-09.html. He attended Lucky's presentation at DEF CON and also sat on the TCPA/Palladium panel at the USENIX Security Symposium. Seth has a very balanced perspective on these issues compa

Re: responding to claims about TCPA

AARG! wrote: > I asked Eric Murray, who knows something about TCPA, what he thought > of some of the more ridiculous claims in Ross Anderson's FAQ (like the > SNRL), and he didn't respond. I believe it is because he is unwilling > to publicly take a position in opposition to such a famous and res

Re: Thanks, Lucky, for helping to kill gnutella

Several people have objected to my point about the anti-TCPA efforts of Lucky and others causing harm to P2P applications like Gnutella. Eric Murray wrote: > Depending on the clients to "do the right thing" is fundamentally > stupid. Bran Cohen agrees: > Before claiming that the TCPA, which is f

Re: Challenge to TCPA/Palladium detractors

Re the debate over whether compilers reliably produce identical object (executable) files: The measurement and hashing in TCPA/Palladium will probably not be done on the file itself, but on the executable content that is loaded into memory. For Palladium it is just the part of the program called

Re: TCPA/Palladium -- likely future implications

I want to follow up on Adam's message because, to be honest, I missed his point before. I thought he was bringing up the old claim that these systems would "give the TCPA root" on your computer. Instead, Adam is making a new point, which is a good one, but to understand it you need a true pictur

[no subject]

Adam Back writes a very thorough analysis of possible consequences of the amazing power of the TCPA/Palladium model. He is clearly beginning to "get it" as far as what this is capable of. There is far more to this technology than simple DRM applications. In fact Adam has a great idea for how th

Thanks, Lucky, for helping to kill gnutella

An article on Salon this morning (also being discussed on slashdot), http://www.salon.com/tech/feature/2002/08/08/gnutella_developers/print.html, discusses how the file-trading network Gnutella is being threatened by misbehaving clients. In response, the developers are looking at limiting the net

Re: Challenge to TCPA/Palladium detractors

Anon wrote: > You could even have each participant compile the program himself, > but still each app can recognize the others on the network and > cooperate with them. Matt Crawford replied: > Unless the application author can predict the exact output of the > compilers, he can't issue a signatur

Re: Other uses of TCPA

Mike Rosing wrote: > Who owns PRIVEK? Who controls PRIVEK? That's who own's TCPA. PRIVEK, the TPM's private key, is generated on-chip. It never leaves the chip. No one ever learns its value. Given this fact, who would you say owns and controls it? > And then there was this comment in yet an

RE: Challenge to David Wagner on TCPA

Sampo Syreeni writes: > On 2002-08-01, AARG!Anonymous uttered to [EMAIL PROTECTED],...: > > >It does this by taking hashes of the software before transferring > >control to it, and storing those hashes in its internal secure > >registers. > > So, is there some sort

Re: Challenge to David Wagner on TCPA

James Donald wrote: > On 29 Jul 2002 at 15:35, AARG! Anonymous wrote: > > both Palladium and TCPA deny that they are designed to restrict > > what applications you run. The TPM FAQ at > > http://www.trustedcomputing.org/docs/TPM_QA_071802.pdf reads > > They deny

Re: DRM will not be legislated

Read a great article on Slashdot about the recent DRM workshop, http://slashdot.org/article.pl?sid=02/07/18/1219257, by "al3x": As the talks began, I was brimming with the enthusiasm and anger of an "activist," overjoyed at shaking hands with the legendary Richard Stallman, thrilled with

Re: DRM will not be legislated

David Wagner wrote: > You argue that it would be irrational for content companies to push to > have DRM mandated. This is something we could debate at length, but we > don't need to: rational or not, we already have evidence that content > companies have pushed, and *are* pushing, for some kind o

Re: DRM will not be legislated

David Wagner wrote: > Anonymous wrote: > > Legislation of DRM is not in the cards, [...] > > Care to support this claim? (the Hollings bill and the DMCA requirement > for Macrovision in every VCR come to mind as evidence to the contrary) The line you quoted was the summary from a message which

Re: Ross's TCPA paper

Seth Schoen writes: > The Palladium security model and features are different from Unix, but > you can imagine by rough analogy a Unix implementation on a system > with protected memory. Every process can have its own virtual memory > space, read and write files, interact with the user, etc. But

freedom

Freedom's just another word, For nothin' left to lose.

Re: 2 Challenge Gun Cases, Citing Bush Policy

>and being able to kill each and every one from behind. >Don't expose yourselves -- always shoot from behind. But know this one thing Aim for the head, and use fragmenting/hydrashock ammo. Exploded heads seem to disturb others the most.

Re: A CRY FOR HELP

CDR Anonymizer <[EMAIL PROTECTED]> done wrote: > FROM:MRS. M SESE-SEKO > > DEAR FRIEND, > > I AM MRS. SESE-SEKO WIDOW OF LATE PRESIDENT MOBUTU > SESE-SEKO OF ZAIRE? NOW KNOWN AS DEMOCRATIC REPUBLIC > OF CONGO (DRC). I AM MOVED TO WRITE YOU THIS LETTER, > THIS WAS IN CONFIDENCE CONSIDERING

Visualise Powell in his underwear

http://electronicIntifada.net/features/articles/020312beithanina.shtml

Re: How not to defend yourself against hacking charges

Another happy customer of the Jim Bell Pro Bono Self-Representation HappyFunPack(TM)? Order now and get 6 foot of rope free! What you do with it is of course your business... -Original Message- http://theregus.com/content/55/24357.html Accused eBay hacker Jerome Heckenkamp is back b

[Reformatted] movie rating explosion as every cause-celebre gets its s

[EMAIL PROTECTED] (Major Variola ret) writes: > Caveat: its not State Censorship unless the govt requires these new > movie ratings. If (and only if) a theatre is free to show rated, or > unrated movies as it sees fit, then it is merely another PC fringe > making their mark, pissing on the movie

The Register: PGP deep-freezed - NAI shrugs

Network Associates has put its PGP Desktop software into the deep freeze, leaving both users and its own staff in the dark. [...] Network Associates, which had bought PGP Inc for $35 million in December 1997, put the division up for sale last year, but decided to keep certain parts of the te

Re: Jail Cell Cipher (modified RC4)

Paul Crowley has shown that Schneier's Solitaire cipher is insecure. See http://www.ciphergoth.org/crypto/solitaire/. Repetitions occur with frequence 1/22.5 rather than 1/26 as they should. Also, the state machine is not reversible, contrary to the design intent.

[Reformatted] CALEA OPERATIONS -commercial products

[EMAIL PROTECTED] (Anonymous) writes: > http://www.bartec.com/content/whatshotCOPS.html > > "CALEA OPERATIONS" > > BARTEC's simple, affordable, intelligent solution for CALEA > intercepts! > > What Is COPS? CALEA Operations (COPS) is BARTEC's solution for the > Communications Assistance for Law E

Re: Anyone against US govt a terrorist? RAISETHEFIST.COM RAIDED BY

Was the raisethefist.com server at a web hosting facility? Some ISPs/web hosts back up all of their customers data automatically and charge such fees for a restore. (One company I worked for restored backups for free if it was our error, but charged something like $150 if you flushed your site dow

P2P Stego Treasure Hunt

We've put into Morpheus a song, "Grayson_Shoot_The_Piano_Player.mp3" which has a stego'd message in it. The tool is mp3stego v 1.1.15 (source available; see ) and the (3DES) passphrase is "writecode" Another file "DrDidg_RaveOn.mp3" has

Illusional delusions

The solution for money laundering is to remove the "money", as defined by the state, from the equation. Crypto removes the content from everyones's eyes except the two parties that communicate. That is what crypto can do. The moment one wants to convert some bits to state-money she is doomed. If

A poll for remailer operators

This is simple. There is a HUGE unknown about the actual number of remailer users. Many otherwise intelligent discussions hinge on this number being small or big. Unreliable as it will be, could you please provide an estimate of monthly number of human-generated messages that enter your system

Re: [linux-elitists] Phil Zimmermann on key exchange

>non-robot CA master key handling). Use this key to sign a number of This has been repeated ad nauseam, but obviously not frequently enough. No one has been using CAs for anything serious and no one ever will. Outside of circles of fashionable crypto, commercial scams like verisign and greedy

Leahy is now an Enemy of the State

"The chairman of the Senate Judiciary Committee Wednesday sharply criticized the Bush administration for a series of practices it has adopted in the wake of the September 11 terrorist attacks, calling them a "marked departure" from long-held jurisprudence customs." [...] From: http://www.cnn

"Anti-Terrorist" Exception to Atty-Client Privilege?

U.S. Defends Monitoring of Lawyer-Suspect Communication By James Vicini Reuters WASHINGTON (Nov. 9) - The U.S. Justice Department defended Friday its rule to listen in on conversations between some inmates and their lawyers to prevent violent and terrorist acts, but a civil liberties group de

Re: FBI wants to have "Internet Off-switch"

They'll probably lean on the big boys, the backbone providers like MCI, Sprint, Cable & Wireless, etc. CALEA put taps in those providers, so it's just a matter of expanding the data streams they're "allowed" to scan. Anyone know of a tunneling package that'll handle an OC3?... Cheers - > --

Re: FBI considers torture as suspects stay silent

>Besides, the Taliban don't dance. When the B-52's are performing even the Taliban develop rhythm.

FBI considers torture as suspects stay silent

[A whipping-boys-for-legible-content repost.] http://www.thetimes.co.uk/article/0,,2001350021-2001364909,00.html MONDAY OCTOBER 22 2001 FBI considers torture as suspects stay silent FROM DAMIAN WHITWORTH IN WASHINGTON AMERICAN investigators are considering resorting to harsher

FBI considers torture as suspects stay silent

http://www.thetimes.co.uk/article/0,,2001350021-2001364909,00.html FBI considers torture as suspects stay silent FROM DAMIAN WHITWORTH IN WASHINGTON AMERICAN investigators are considering resorting to harsher interrogation techniques, including torture, after facing a wall of silence from