Re: The Streisand imagecriminal lives 2-3 parcels away from me

[Sunder]

That's all nice and good, but why should it be on cypherpunks?  Where's
the relevance to this list?  Why is Ken, or his addres or helipad an
interest to the cypherpunks?  Why is PG&E's monopolistic's actions against
him relevant to the topics of this list?

What's next?  The Cypherpunk Equirer?

IMHO, neither he, nor the Streisand creature have any relevance here -
there perhaps was some relevance in terms of that lawsuit the bitch
started, but, who gives a shit who your neighbors are?

Should I start spamming this list with details about my neighbors?


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Sun, 1 Jun 2003, Tim May wrote:

> Ken Adelman, the retired gazillionaire who has gained new fame as a  
> photographer of the California coastline, lives a couple of parcels  
> from me, perhaps half a kilometer.

sic transit blix

[Sunder]

http://www.newsday.com/news/nationworld/world/ny-woblix123329266jun12,0,3668966.story?coll=ny-worldnews-headlines

June 12, 2003

London - Chief United Nations weapons inspector Hans
Blix, in an interview published yesterday, accused U.S. officials of
mounting a smear campaign against him.

 "But toward the end, the [Bush] administration leaned on us."




and more of the same here:


http://www.newsday.com/news/nationworld/world/ny-woblix12q3329323jun12,0,2015635.story?coll=ny-worldnews-headlines



Not that any of this is in any way unexpected.


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

Re: An attack on paypal --> secure UI for browsers

[Sunder]

It's simple.  It solves the problem that Microsoft Salesmen have.  In
order to sell shit, you have to make it look like gold.  Cee Eee Ohs have
heard it said that Microsoft software is insecure crap.  Now the Microsoft
Salesmen can do fancy demos with pretty colors and slick Operators Are
standing By, Act Now, *New*, Don't Delay, Improved, Secure, Bells Whistles
and Coolness demos and sign the suckers up.

Just like the wonderful ads that peppered NYC when Ex-Pee came out saying
"Reliable, and Secure."


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Tue, 10 Jun 2003, Nomen Nescio wrote:

> I don't see how this is going to work.  The concept seems to assume
> that there is a distinction between "trusted" and "untrusted" programs.
> But in the NGSCB architecture, Nexus Computing Agents (NCAs) can be
> written by anyone.  If you've loaded a Trojan application onto your
> machine, it can create an NCA, which would presumably be eligible to
> put up a "trusted" window.
> 
> So either you have to configure a different list of doggie names for
> every NCA (one for your banking program, one for Media Player, one for
> each online game you play, etc.), or else each NCA gets access to your
> Secret Master List of Doggie Names.  The first possibility is unmanageable
> and the second means that the trustedness of the window is meaningless.
> 
> So what good is this?  What problem does it solve?

Microsoft, TCPA, your wallet and the real ending of the story.

[Sunder]

Indeed.  

If it's coming from Redmond, and as usual if it smells of evil, there is
an utterly simple solution in dealing with it:  don't buy it.  Don't buy
Microsoft software, don't buy motherboards that include TCPA capabilities.  
When you're up for getting yourself a new PC, get a generic one without
such options, or if you insist, call the vendor and tell them you want a
box without evil-inside and without a Redmond OS pre-installed.

Buy a generic intel/amd machine without the "Secure" processor, or give
Steve Jobs some of your cash for a nice G4/G5 machine, or you can go to a
generic PowerPC motherboard and run Linux, or you can go to McNeally's
shop and buy an UltraSPARC, etc.  There are plenty to choose from.

If you find uses for TCPA, by all means, have fun.  

If you think Microsoft's secured from you OS platforms are the way to go
for you, by all means, Ballmer and Gates surely could make better use of
more of your cash than you can.

Vote with your wallet.  The market will ultimately dictate what M$ will
and will not sell in regards to operating systems, digital rights
management, application suites, and so forth.  

End of story.


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Sat, 14 Jun 2003, Luthor Blisset wrote:

> At 11:20 AM 6/14/2003 +, someone wrote:
> 
> >Trusted Computing lets people convincingly tell the truth about what
> >software they are running.  This is seen as a horrific threat in certain
> >circles.  It's easy to see why liars wouldn't like it.  What does an
> >honest man have to lose?
> 
>  The axiom "honest men have nothing to fear from the police" is 
> currently under review at the Axiom Review Board. Thank you Terry 
> Pratchett! If trolls like you weren't so easy to respond to, I'd just move 
> on, but...
>  Information about the software I'm running isn't anyone else's 
> business. If someone wants to know about it, they can ask me, and under no 
> circumstances am I obligated to tell them anything, much less what they 
> want to hear.
>  End of story.
> 
> -- Luthor //Remembering is copying and copying is THEFT

Re: An attack on paypal --> secure UI for browsers

[Sunder]

Um, how's that agin?  How does Ballmer and Gates force you, Adam Shostack
to run Microsoft Office?  Did they put a gun to your head?  Did they
manage to twist Congress's arms to put a gun to your head?

Compatibility you say?  Well, that's your choice.  You can decide if it's
important enough to you and act accordingly.  I personally think MSFT is
evil, and provides nothing but mediocre software.  So I vote with my
wallet by not paying them for their junk and I won't buy upgrades of their
software if the previous versions do what I needed, and install Linux and
OpenBSD on new machines.

Yes, some of the older shittier machines I have run Windows, but that's
because I'm either too lazy to track down drivers for Linux or want them
to continue running what they run.  Doesn't mean I have to go to XP or
2003.

Yes, my work machine runs win2k, but I didn't pay for it, and I didn't
have much choice in it - actually I could either quit and find a new job
(really lots of fun in this economy) or reinstall Linux over it and live
with Open Office and other open tools or have paid for Crossover office
out of my pocket, etc.  Wasn't worth the trouble and we already have a
site license for win2k + office 2k, so that's the path I went.   Not my
money, the company's money.  They chose to pay the Redmond Beast, so what
do I care?

But for home use, I have no real use for much more than OpenOffice and
Linux.  There's no need for me to pirate garbage from Microsoft.  I can
live without it.  

These are some old pentium1- 100Mhz notebook machines I have that came
with Windows 95 and 98 - turd OS's really, but they serve a purpose - mp3
players and light web surfing in my living room and other places for
example.  And before you ask, no, I didn't pirate the mp3's.  They're all
ripped from CD's that I owned, and I still have the CD's as proof of
ownership.  Yes, I could go to linux on them, but why bother wasting half
a day tracking down drivers and tuning kernels for them when they're
already built and working the way I want them to?


So why do you feel it's required of you to either pay Microsoft for, or
pirate Office XP and Server 2003 and TCPA enabled junkware?  What's so
important that you can't live without them.


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Sat, 14 Jun 2003, Adam Shostack wrote:

> Well, sure.  And no one forces me to run Microsoft office, either,
> except Microsoft's monoploy.  And when the document format can phone
> home to prevent piracy or openoffice from running, no one will be
> 'obligating' me to pay monopoly rents to Microsoft.


 
> In the same way, no one forces me to have a drivers license.  But its
> damned hard living life without one.
> 

Re: Microsoft, TCPA, your wallet and the real ending of the story.

[Sunder]

Right now, Intel, AMD, Transmeta, IBM+Motorola (PowerPC), Sun+Fuji+Tatung
(UltraSPARC + clones), whomever is left making MIPS Rx000 chip based
machines after SGI (Is sgi still making Irix boxes?) and so on.

If you want TCPA, by all means, go have fun buying a motherboard with it
and run whatever OS meets your needs, and if none do, feel free to write
your own extensions for Linux, *BSD, etc.

--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Sat, 14 Jun 2003, Adam Shostack wrote:

> Which CPU vendor will sell me a CPU without TCPA?
> 
> And besides, I WANT a TCPA machine.  I just don't want remote
> attestation, or keys that I can't back-up and relocate.

Re: An attack on paypal --> secure UI for browsers

[Sunder]

Oh get over it.  There are other formats.  You ever heard of
XML?  HTML? RTF?

If the day comes where MS Office DRM only works with MS Office DRM, how
many people will switch to it?  If your company is willing to switch to
it, then they'll give you a PC with it on it.  If they don't, then they
can't expect you to interact with them via such formats and can't require
you to do so.

You sound like someone's holding a gun to your head and requiring you to
have MS Office.

Either way, you can ask them to export to other document formats which you
can read.  Even now Office will export to HTML for example which is
readable by Mozilla and other browsers.

Microsoft is not the DMV.  You don't need to use their software.

And no, I will never be part of your problem because the documents I will
create for non work use will be made with Open Office or will be plain
text, html, or xml files.

If I'm required to use a DRM'ed Office for work, then fine, my company
owns those documents anyway and they can do whatever the fuck they like
with them either way.   It doesn't matter to me at all -- it's their call,
it's their company, it's their documents.

But, for personal use, I won't buy any upgrades or new Microsoft
software.  End of story.

Either way, how much a revolt do you think there will be if Microsoft
decides to lock down their tools (such as word) to the point where they
can no longer export to HTML, plain text, RTF should the author wish 
it to do so and provides whatever passphrases or ID's needed to unlock
the document and export it out?

Who would buy such a dog of a product?  Do you think businesses are so
stupid that they'd put up with a product that jails them in?  Get real
son, you're howling at the moon!

On one hand you're bitching that you have to use Microsoft software on the
other you're complaining that I'm using it while I'm telling you I don't
want to and don't care to and won't upgrade to it.

You want to make a difference?  Go ahead, wipe every bit of Microsoft
wares off all your machines and burn the CD's you've installed them
from.  Go all open source and show others the right way.  At least I'd
have some respect for you for voting with your wallet and practicing what
you preach.

Right now all you're doing is bitching that you're forced to buy and use
Microsoft Office.  I say that's bullshit, and you know it.


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Sat, 14 Jun 2003, Adam Shostack wrote:

> Sure.  And I'm glad you work with a small group of people who
> understand that you don't read their documents.  After many years of
> refusal, I finally gave up.  I work with lots of customers who expect
> documents in MS formats, and look at you askance for giving them
> anything else.  You only get so many explanations before customers go
> elsewhere, and I chose not to spend them on this.  Similarly, I could
> choose to speak to everyone I meet in, say, Russian.  And some folks
> would understand.  Others would walk away.  So, you can argue that
> you're effectively required to speak English to do business in North
> America.  I would argue that you're similarly required to use MS
> Office.
> 
> 
> You'll be part of the problem when Nogsuccob is apon us, because the
> documents you create won't be readable in OpenOffice, and Crossover
> won't run.
>
> 
> Office Nogsuccob will only interoperate with itself.  Companies will end
> up deploying it to interact with other versions, not for any real
> feature.
> 
> You don't like the word force, I suggest quitting all use of .DOC,
> .PPT, and .XLS formats.  Please educate the world on how much better
> the alternatives are.  Me, I'll pay my $200 to not bother today, and
> regret it tomorrow.
> 
> And by the way, do you have a driver's license, or other state-issued
> ID card?

Re: An attack on paypal --> secure UI for browsers

[Sunder]

Yes, >NOW< if you can load yourself into kernel space, you can do anything
and everything - Thou Art God to quote Heinlein.  This is true of every
OS.  Except if you add that nice little TCPA bugger which can verify the
kernel image you're running is the right and approved one. Q.E.D.

Look at the XBox hacks for ideas as to why it's not a trival issue, but
even so, one James Bond like buffer overflow in something everyone will
have marked as trusted (say IE 8.0, or a specially crafted Word 2005
macro), and the 3v1l h4x0r party is back on and you iz ownz0red once more.

It's not enough to fear Microsoft, you must learn to love it.  Give us 2
minutes of hate for Linux now brother!


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Tue, 10 Jun 2003, Rich Salz wrote:

> But if the system is rooted, then the attacker merely has to find the
> "today's secret word" entry in the registry and do the same thing.
> Unless Windows is planning on getting real kernel-level kinds of protection.
> 
> > It was none other than Microsoft's NGSCB, nee Palladium.  See
> > http://news.com.com/2100-1012_3-1000584.html?tag=fd_top:
> 
> See previous sentence. :)

Re: An attack on paypal

[Sunder]

The worst trouble I've had with https is that you have no way to use host
header names to differentiate between sites that require different SSL
certificates.

i.e. www.foo.com www.bar.com www.baz.com can't all live on the same IP and
have individual ssl certs for https. :(  This is because the cert is
exchanged before the http 1.1 layer can say "I want www.bar.com" 

So you need to waste IP's for this.  Since the browser standards are
already in place, it's unlikely to be to find a workaround.  i.e. be able
to switch to a different virtual host after you've established the ssl
session.  :(

Personally I find thawte certs to be much cheaper than verisign and they
work just as well.

In any case, anyone is free to do the same thing AlterNIC did - become
your own free CA.  You'll just have to convince everyone else to add your
CA's cert into their browser.  You might be able to get the Mozilla guys
to do this, good luck with the beast of Redmond though.

Either way, having a pop-up isn't that big deal so long as you're sure of
the site you're connecting to.

In either case, we wouldn't need to worry about paying Verisign or anyone
else if we had properly secured DNS.  Then you could trust those pop-up
self-signed SSL cert warnings.


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Tue, 10 Jun 2003, James A. Donald wrote:

> The most expensive and inconvenient part of https, getting
> certificates from verisign, is fairly useless.
> 
> The useful part of https is that it has stopped password
> sniffing from networks, but the PKI part, where the server, but
> not the client, is supposedly authenticated, does not do much
> good. 

Re: An attack on paypal

[Sunder]

The problem with these stop crackers and hackers by law is that it allows
software developers to get away with leaving huge gaping security holes
unfixed.  Anecodatal evidence: The classic well known Robin Hood and Friar
Tuck "hack".

These days, the bug wouldn't get fixed and the guys reporting it would
wind up in jail because they "convinced" the OS authors to fix the
bug.  IMHO, not the right way to go at all.

from http://ftp.arl.mil/ftp/unix-wizards/V16%23017
scroll down a bit more than half way down the page (also available from 
most other GNU sources)

 Back in the mid-1970s, several of the system support staff at
 Motorola discovered a relatively simple way to crack system
 security on the Xerox CP-V timesharing system.  Through a simple
 programming strategy, it was possible for a user program to trick
 the system into running a portion of the program in `master mode'
 (supervisor state), in which memory protection does not apply.  The
 program could then poke a large value into its `privilege level'
 byte (normally write-protected) and could then proceed to bypass
 all levels of security within the file-management system, patch the
 system monitor, and do numerous other interesting things.  In
 short, the barn door was wide open.

 Motorola quite properly reported this problem to Xerox via an
 official `level 1 SIDR' (a bug report with an intended urgency of
 `needs to be fixed yesterday').  Because the text of each SIDR was
 entered into a database that could be viewed by quite a number of
 people, Motorola followed the approved procedure: they simply
 reported the problem as `Security SIDR', and attached all of the
 necessary documentation, ways-to-reproduce, etc.

 The CP-V people at Xerox sat on their thumbs; they either didn't
 realize the severity of the problem, or didn't assign the necessary
 operating-system-staff resources to develop and distribute an
 official patch.

 Months passed.  The Motorola guys pestered their Xerox
 field-support rep, to no avail.  Finally they decided to take
 direct action, to demonstrate to Xerox management just how easily
 the system could be cracked and just how thoroughly the security
 safeguards could be subverted.

 They dug around in the operating-system listings and devised a
 thoroughly devilish set of patches.  These patches were then
 incorporated into a pair of programs called `Robin Hood' and `Friar
 Tuck'.  Robin Hood and Friar Tuck were designed to run as `ghost
 jobs' (daemons, in UNIX terminology); they would use the existing
 loophole to subvert system security, install the necessary patches,
 and then keep an eye on one another's statuses in order to keep the
 system operator (in effect, the superuser) from aborting them.

 One fine day, the system operator on the main CP-V software
 development system in El Segundo was surprised by a number of
 unusual phenomena.  These included the following:

* Tape drives would rewind and dismount their tapes in the
  middle of a job.
* Disk drives would seek back and forth so rapidly that they
  would attempt to walk across the floor (see {walking drives}).
* The card-punch output device would occasionally start up of
  itself and punch a {lace card}.  These would usually jam in
  the punch.
* The console would print snide and insulting messages from
  Robin Hood to Friar Tuck, or vice versa.
* The Xerox card reader had two output stackers; it could be
  instructed to stack into A, stack into B, or stack into A
  (unless a card was unreadable, in which case the bad card was
  placed into stacker B).  One of the patches installed by the
  ghosts added some code to the card-reader driver... after
  reading a card, it would flip over to the opposite stacker.
  As a result, card decks would divide themselves in half when
  they were read, leaving the operator to recollate them
  manually.

 Naturally, the operator called in the operating-system developers.
 They found the bandit ghost jobs running, and X'ed them... and were
 once again surprised.  When Robin Hood was X'ed, the following
 sequence of events took place:

  !X id1

  id1: Friar Tuck... I am under attack!  Pray save me!
  id1: Off (aborted)

  id2: Fear not, friend Robin!  I shall rout the Sheriff
   of Nottingham's men!

  id1: Thank you, my good fellow!

 Each ghost-job would detect the fact that the other had been
 killed, and would start a new copy of the recently slain program
 within a few milliseconds.  The only way to kill both ghosts was to
 kill them simultaneously (very difficult) or to deliberately crash
 the system.

 Finally, the system programmers

Re: phreq?

[Sunder]

666Ghz?

--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Sun, 15 Jun 2003, Tarapia Tapioco wrote:

>What frequencies do the lea snoop devices run on? Is there a good
> site for info on such devices?

Re: 1st amend, thoughtcrime, schools as pipelines to jail

[Sunder]

Anyone got a "cypherpunks/cypherpunks" like login for the turd of a login?

--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Wed, 18 Jun 2003, Major Variola (ret.) wrote:

> http://www.latimes.com/news/local/la-me-threat18jun18001434,1,6789200.story?coll=la-headlines-california

Re: Destroying government computers

[Sunder]

I think Herr Hatch has a wonderful idea no really, think about it, all
of a sudden people will start THINKING about the security implications of
the garbage scumware they run on their machines and they'll have to
install things like firewalls and harderned operating systems.  

They'll also move out of Microsoft's paper-bag security of windblows in
droves.  Just to be able to run P2P clients and still remain secure, Linux
and *BSD's will become even more popular.

Even better think how wonderful the headline will be when some dork in the
army is running a P2P client on his work machine and the RIAA destroys
it.  Why that would be destroying and hacking into .mil property!  A
treasonous terrorist act against the government!

So RIAA will be in deep shit.  If some hospital drone does the same and
RIAA kills the machine, that's hacking and damaging a computer vital to
life support...  

The effects of such a law aren't all that bad. RIAA gets to die a nice
horrible death, as does Microsoft.

--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Thu, 19 Jun 2003, Tyler Durden wrote:

> Well, even if they COULD develope such a technology, wouldn't it only work 
> for about a day or two before a patch was made to block it? Sounds awfully 
> Dilbert-like. Methinks Mr Hatch is not a very bright man.

Re: [NTLK] OT: Dictatorial Powers (fwd)

[Sunder]

Nice (offtopic to that list) discussion over on the NewtonTalk mailing
list :)

--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

-- Forwarded message --
Date: Thu, 19 Jun 2003 14:56:52 -0500
From: Chip Matteson <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [NTLK] OT: Dictatorial Powers

We nearly got that in Texas last month when the Republicans tried to
Jerrymander out the Democrats. The Democrats actually had to go to Oklahoma
to squash the quorum on redistricting. The Republican Governor, Rick Perry,
sent the Texas Rangers to bring them back. Texas Rangers do not have
jursdiciton in OK.

It was also reported that Tom Delay, US house Republican, used the special
powers granted to fight terrorism to get the Democrats out of Oklahoma.

Land of the free!

On 6/19/03 1:33 PM, "Johannes Spielhagen" <[EMAIL PROTECTED]> wrote:

> 
> Am Donnerstag, 19.06.03 um 11:33 Uhr schrieb eric engle:
> 
>> What would you say to a constitutional amendment to give the president
>> dictatorial powers?
>> http://www.miami.com/mld/miamiherald/news/nation/6007732.htm
>> 
>> 
> This is a real cool thing. We had such a thing in Germany only a few
> years ago (around 1933-1945) as well ("Notstandsverordnungen") and
> after that the whole country was not in the state (pun not intended)
> you would desire to find it. And funny, nobody liked us anymore.
> 
> Johannes

-- 
Chip Matteson
Moonlight Photographics
811-R West Kings Hwy
San Antonio, TX 78212

On the web: www.moonlightphoto.net/
E-mail: [EMAIL PROTECTED]

210-733-7358 Work
210-733-9982 Fax
210-602-9192 Mobile

-- 
This is the NewtonTalk list - http://www.newtontalk.net/ for all inquiries
List FAQ/Etiquette/Terms: http://www.newtontalk.net/faq.html
Official Newton FAQ: http://www.chuma.org/newton/faq/

Re: A firewall problem?

[Sunder]

I'm not 100% sure what you're talking about, but from what I got, it
depends on the firewall type, and the location of the man in the middle.  

Various firewall types:

Simple packet filters.

Slightly smarter packet filters that also do NAT and keep track of
connections - (this is needed for the NAT to work because it needs to
change the src/dest ports to differentiate between hosts behind the
NAT's.  i.e. ipf, iptables, etc...)

Application layer proxies (i.e. socks, etc.) but those that validate the
traffic is what's its supposed to be. (stateful inspection.)



Generally your attacker needs to own a router upstream from you to be
sucessful in replay attacks.  But if you use a secure encrypted transport,
it gets much, much harder.  (i.e. encrypt the payload, not just the
headers.)

If the attacker is just somewhere else on the wild internet, he can send
you packets with forged src addresses, but he won't be able see the
replies, so at most it's a denial of service on your machine.

So your attacker needs to either use his real ip address (or one of a
machine he already cracked) or he needs to own the router directly
upstream from you (i.e. your ISP) so your packets don't have any path to
go through but through him.

If he's on your network, or directly upstream, he can do something called
tcp-hijacking.  There is some interesting related stuff here for you to
research to get you answers regarding this:

http://cs.baylor.edu/~donahoo/NIUNet/hijack.html


There are possible ways around this issue, but would likely require an
encrypted sessions (ipsec, ssl/tls, or ssh for example.)

If you just have a simple packet filter, it's possible to use such things.  
If you have a hardened application layer proxy server that inspects
packets, you can be a bit more secure.

An important thing to implement is secure tcp sequence numbers.  They make
the sequence # predictions harder, so it's not so easy hijack the
connections.

But this depends on your OS and tcp/ip implementation:

The best paper on this I've seen so far:
http://razor.bindview.com/publish/papers/tcpseq.html

And here's some security alerts regarding weak sequence #'s for example:

http://www.linuxsecurity.com/articles/security_sources_article-2968.html
http://www.cert.org/advisories/CA-2001-09.html

Again, if your attacker owns the router directly upstream from you, that
won't help very much because you can assume that they'd be able to
intercept and alter packets in real time.  This of course isn't trivial,
but it is doable with fast enough hardware if located directly upstream
from you.  

But it won't allow the attacker to hijack encrypted connections to known
hosts, or hosts using properly signed (by a well known CA) SSL
certificates.  It will allow the attacker to do plenty of monkeying with
your email (both inbound and outbound), DNS, and unencrypted web traffic,
and possibly ssh sessions to machines you haven't logged into before
(where you have to say "Yes, this is the machine I want to login to.")


(He won't be able to do much against encrypted emails, but he can always
frustrate you by deleting them or slightly altering them so they fail to
decrypt, so if you're clueless, you'll go to plaintext believing that
this encryption stuff is too much of a headache and it's unreliable, and
he'll be able to monkey with the plaintext ones.)


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Fri, 4 Jul 2003, Sarad AV wrote:

> hi,
> 
> 
> Wont the following cause a firewall breach-
> 
> 
> First we capture   inbound packets to a firewall
> assuming we have a man in the middle(M).
> 
> If (M) use block replay on packets he can inject bits
> and pieces of his own information to an inbound
> firewall and can go undetected?
> 
> M doesn't alter the source and destination ip's and is
> perfectly acceptable to the firewall.Even a timestamp
> won't work since a packet is expected at any time.
> 
> We can still re-calculate the CRC of Checksum field by
> the same attack and replace the old crc/checksum after
> changing various required bit positions.
> 
> Do firewall programs use initialisation vectors and a
> chaning mode to prevent this attack?

Re: Sealing wax, funny looking dogtags

[Sunder]

On Tue, 15 Jul 2003, Major Variola (ret) wrote:

> I just meant that if Scarfo had epoxied his keyboard to his chassis
> properly, (and epoxied the keyboard, etc.) he might still be free
> (to pick shitty passphrases, it turned out).

Um, then they would have gone with the hidden pinhole camera somewhere
that has a view of the keyboard.

> the PC, too.  A nice lead lining will keep the black bag x-ray team
> (they'll borrow a unit from the bomb squad) from seeing much.

Or you make nice layered cutouts so when they do xray the locker they can
see interesting things... :)  like "fuck off!" :)

Re: Sealing wax & eKeyboard

[Sunder]

And TEMPEST monitoring equipment (or again, a hidden pinhole camera behind
you, or a transmitter hidden in your monitor) won't see what's on your
screen because

--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Wed, 16 Jul 2003, Tyler Durden wrote:

> To get around keystroke loggers, it would be nice to have some fom of 
> onscreen keyboard, perhaps available over the web. The keyboard would likely 
> work only with the mouse (making it slow to use, of course), and each time 
> the keyboard appears (and at periodic intervals) the keyboard scrambles its 
> keys.

RE: Sealing wax & eKeyboard

[Sunder]

On Thu, 17 Jul 2003, Trei, Peter wrote:

> Lets not forget optical TEMPEST - remember a few months ago,
> when it was demonstrated that the image on a CRT could
> be reconstructed just from the light it reflected on walls? The
> point where the electron beam is hitting the phosphors is 
> much brighter than the rest of the screen, and by syncing a
> fast photodetector to monitor scan rates, you can reconstruct
> the image on a screen in a distant room just by viewing the
> backwash light through a telescope.

Absolutely.  Which is why people worried about security in this manner,
should move to LCD's. Not just for weakening TEMPEST signals, but also for
defeating optical TEMPEST... (and saving power.)  However I have to say
that from a purely user point of view, I like the way CRT's look much
better than LCD's.  CRT's tend to be richer and brighter than LCD's, and
their refresh rates are much better...

LCD's are still suceptible to TEMPEST monitoring, though there are far
less emissions since there isn't this great big nuclear particle
accelerator sitting infront of you :) (what? electrons are nuclear
particles. :)  But the signals from poorly shielded VGA cables can still
be picked up (as can those of keyboards, and other hardware.)

Other tricks include using more than one monitor (make sure they're all
the same brand/model, attached to video cards that are identical and
operating at the same resolution, depth, and refresh rate, and displaying
random junk, etc. + using tempest fonts on the non-decoy system.)

Better yet, use a notebook computer on battery power (so that power saving
mode comes intoplay) with several decoys as they'd (generally) dump much
less RF.  You could also add some shielding, but it's unlikely to help
very much...


I actually played with a fox & hound kit one day.  For those who never had
to run ethernet (CAT 3,5,5e,etc.) or phone cable, this consists of a pair
of tools: a tone injector that makes lots of noise, and a detector.  The
detector can pick up not just the signal from the tone injector, but also
lovely things such as 60Hz hum, phone conversations (in analog phones
anyhow), etc...  You can also learn to "hear" the different sounds various
things like 100BTx make and distinguish from - say, 10BT, or cable TV,
etc... with a cheap proble that doesn't filter...


I did find that when used on a keyboard, with some cheaper keyboards
anyway, you can "hear" the keystrokes and the key scanning pattern, and
that the individual keys are certainly distinctive enough - you could
probably hook this thing up to a sound card and figure out which keys send
what RF pattern...

So with the right recorder/relay/decoder hidden under someone's desk, you
could capture their keystrokes without disturbing epoxy or taking the
keyboard apart.  (As with all bugs, you'd need a power suply, some way to
intercept the data, and either some way to record the data, or relay it.  
Relaying it, and hooking into existing power is better than just recording
it or using a battery as a source, because you don't need a 2nd blag bag
job to remove your bug and dump the data.)  Of course if the bug
transmits, it can be picked up in a sweep, but if the PC is on, the guy
doing the sweep might not realize that there's a bug since the PC is a
noise source... YMMV, etc.


So all this talk of expoying keyboards down is somewhat naive in light of
this.  Not to say that if you, hypothetically speaking, were in a position
to have a well funded, and determined set of enemies who were out to get
your data, that using expoxy to glue down your keyboard wouldn't frustrate
them, but rather to point out that there are other means and methods that
would more than ruin your day.  :)

The path of least resistance, again, is not to attract the attention of
such enemies in the first place.

But hey, if your threat model is your kid sister or RIAA, then much less
thought is perfectly fine.


[As with all my posts, "you" is always a fictional character, and in this
one, "you" switches from the guy trying to steal data to the guy trying to
protect data, YMMV, #include  ]

NYT: Report on USA Patriot Act Alleges Civil Rights Violations

[Sunder]

http://www.nytimes.com/2003/07/21/politics/21JUST.html?hp


WASHINGTON, July 20 . A report by internal investigators at the Justice
Department has identified dozens of recent cases in which department
employees have been accused of serious civil rights and civil liberties
violations involving enforcement of the sweeping federal antiterrorism law
known as the USA Patriot Act.

The inspector general's report, which was presented to Congress last week
and is awaiting public release, is likely to raise new concern among
lawmakers about whether the Justice Department can police itself when its
employees are accused of violating the rights of Muslim and Arab
immigrants and others swept up in terrorism investigations under the 2001
law.

The report said that in the six-month period that ended on June 15, the
inspector general's office had received 34 complaints of civil rights and
civil liberties violations by department employees that it considered
credible, including accusations that Muslim and Arab immigrants in federal
detention centers had been beaten.




--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

Re: Fisk articles

[Sunder]

No, but googling around I found this gem:

http://www.amnestyusa.org/news/2003/iraq06302003.html


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Tue, 22 Jul 2003, Harmon Seaver wrote:

>Does anyone have access to the fulltext articles by Robert Fisk like this one
> on alleged torture in US internment camps in Iraq:
> http://news.independent.co.uk/world/fisk/story.jsp?story=426520 that the
> Independant offers on a subscription basis?
> 
>  -- 
> Harmon Seaver 
> CyberShamanix
> http://www.cybershamanix.com

Re: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online

[Sunder]

I wonder if some sort of infrared LED laden bandana be made for the
benefit of the cameras. :)  Maybe something like those scrolling
blackboard things that say stuff...

It could say things like "I'm ANONYMOUS, Neener neener, nya, nya, nya"

I wonder what the guards would do then?

--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Tue, 22 Jul 2003, Major Variola (ret) wrote:

> Yes to all points.  Of course, this is why a bandana/burkha/ski mask
> is a good thing to carry when approaching an ATM.
> Better if they're IR opaque.  Best not to
> do this if the ATM is attached to a bank though, for the sake
> of the guards' underwear :-)

Re: Dead Body Theatre

[Sunder]

Nah, if you want sheer fuck you value photoshop them smoking crack pipes
while in an all out lezbo scene (make sure the other girls are of color -
preferably looking like they're from the middle east, some with
strap-ons)... include a gratiutous male donkey in there too.  Throw Jeb in
there for good measure - blowing the donkey.

If that doesn't shock his Xian-Fundie heart, I don't know what will.  :)


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Thu, 24 Jul 2003, Tyler Durden wrote:

> Oooh! A very amusing notion.
> 
> I'm wondering, however, if in terms of analogies showing two of the -Sr- 
> Bush's sons in the photos might be more appropo (ie, Jeb & Dubya)...though I 
> admit showing the daughters has more sheer shock and "fuck-you" value.

Re: Dna samples of world leaders

[Sunder]

Yes, brain fart. :)  s/b Emmanuel Goldstein.  Doh!  Need more coffee...


Yup, but you don't have to splice a tape, you can do it all digitally
these days, then create a signle low quality audiotape recorded so poorly
that your analyst won't be able to acurately say yes or not.

The real question is whether or not you can have a speech synth that can
put out convincing inflections, pauses, um's ah's, coughs, etc. to the
point that it sounds like a human with emotions, not a machine.  You can
get the samples from existing speeches/addresses and extract just the
phonemes.  Your speech synth's output shouldn't sound like a bunch of
clips of words of course. :)

I don't know how many phonemes would be required for a convinging Iraqi
leader...  For English there's like 30 something...  If you get them all
at the same tone from the same speech, you're set.

If you've ever played with MacOS's speech synth, they have some that are
somewhat realistic human voices, but they still speak with out human
sounding rythms - rather they sound like a human trying to imitate a
computer a la old Star Trek episodes. Add the inflections to get emotion
like sounds, and increase the quality of the synth so you don't hear
machine artifacts, and you're set.  It's not an easy problem, but neither
is it impossible.


As to DNA: Uh, I was talking about Sadam's palaces - lots of skin flakes,
clothes, hairs in combs, etc to be had there.  Ok, well that presumes that
sufficient samples were collected before the nice palace parties. :)


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net ----

On Wed, 23 Jul 2003, Bill Stewart wrote:

> At 12:42 PM 07/23/2003 -0400, Sunder wrote:
> >Bah! Saddam has become the new Eric Goldstien since Osama Bin Ladin is 
> >quieter.
> 
> I'm guessing you're mixing up Emmanuel Goldstein, from 1984
> and Eric Corley aka Emmanuel Goldstein, from 2600 ?

> It might be hard to splice together a tape that would
> fool a forensic expert into thinking the tape was really
> an authentic recording by the same person who was speaking on
> several other known-to-be-authentic recordings.
> It's not at all hard to put together a press release from
> an ostensible forensic expert claiming that a tape
> is or isn't authentic, or even to find an expert who'll say it.
> It's probably not too hard to put together a tape with
> the speech you want and a set of claimed-to-be-known-authentic samples
> that the expert can compare with the voice on the tape,
> if the expert doesn't have good independent samples of his own.
> 
> After all, your objective isn't to fool the experts -
> it's to fool the public, or rather to make sure that the public
> that you've already fooled continues to stay fooled.
> As Bush said, "fool me once, shame on... shame on.. "
> 
> 
> Besides, to get the DNA samples, they just checked with
> Illuminati Headquarters - you thought that when world leaders
> sign their employment contracts in blood, it's only for decoration?

Re: GPS bugs (was: Jim Bell Trial: Third Day (fwd))

[Sunder]

[EMAIL PROTECTED] wrote:
> 
> Third Day:  Jim Bell trial
> 


> The defense requested information about the tracking device that was attached 
> to Jim Bell's car: the type, make, and where installed in the car.  London 
> cited "law enforcement privilege" and argued that giving out that information 
> would enable future surveillance subjects to find and dismantle such devices. 
>  (Earlier in the trial, it was mentioned that this was the first use of 
> a GPS tracking device in the area.)

>From what little I know of GPS, the receiver must be able to "see sky."
So there can't be any metal objects between it and the sky.  That means
it's unlikely for it to be on the underside of the car.  Possible installation
places would be under the "skin" above the dashboard, any place that has
line of sight to the windshield or back window.  If the car is a vinyl top,
under the roof would be good hiding place.

Of course the main body of the "bug" can be hidden anywhere inside the car, but
the antena needs to see sky.

These things are usually cellphone enabled, so that way they don't constantly
transmit, and won't be easily caught by sweeps.

Defenses would include GPS and cell phone jammers, but these would have to
be on 24/7, thus draining the car's battery.  GPS jammer would be more
desireable, since the cell phone side is just used to download the logs
of where the car has been, and the logs can be recovered by physically
recovering the bug.

One thing I don't know about in relation to GPS: are the military bits
sent on different frequencies than the civilian bits?  Or are they just
encrypted?  If they're different frequencies, then, you'd have to know
these to build an effective jammer.

I of course have no information on what was actually installed in Jim
Bell's car, where, how, or by whom, except as emails have described
here, and I take this with a grain of salt.

ObDisclaimer to Jeff Gordon and crew: this email posting does not constitute
any sort of intent to do anything.  It is mereley an excercise of my
constitutionally protected rights to freedom of speech.  Recall that 
by the oath you have taken to protect and uphold the laws of the United 
States of America when you first decided to work for the government, you
are required to protect defend my right to freedom of speech.


-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: NRC asks for reviewers for forthcoming Internet pornreport

[Sunder]

On Wed, 15 Aug 2001, Jim Choate wrote:

> 
> On Thu, 16 Aug 2001, Sampo Syreeni wrote:
> 
> > Maybe, maybe not. I'm the first to agree that porn *should* be treated as
> > equal to other speech,
> 
> But 'porn' is no more speech than 'murder' is. What makes porn so
> offensive isn't the pictures, but the ACTS that had to be commited to
> create the speech. No where in the 1st does it say that you can say and do
> anything you want as long as it contains 'speech'. While the 'speech' part
> is really irrelevant (and a wrong-headed way to resolve the issues
> relating to the acts) there is still the component of the acts against
> minors that needs to be dealt with. Those acts are in no way 'speech'.


So in Choate Prime, in order that one make a movie of a person getting
shot in the head, one would have to commit murder?

So in Choate Prime, in order that one make a Godzilla stomps on Tokyo
movie, one must first see the destruction of the city of Tokyo?

So in Choate Prime, in order that one make a movie of an exploding nuclear
bomb, decimating Hiroshima, one must build such a weapon and drop it on
city?

So in Choate Prime, are there no cartoons because it would be impossible
to create them in real life?

Porn is speech, the same as any other type of magazine, movie, sound, etc.
The acts can and have been faked, as are the sound effects.

The speech part isn't irrelevant, it's the whole, and only point of this
disucssion.


Yes, I know you'd bring up kiddy porn, but recall that not only movies of
such acts are banned, but so are cartoons, comic books, etc. depicting
such acts.  In other words, here in the real world (i.e. not in Choate
Prime), kiddy porn is thought crime, and thus it is restricted speech.

So is going on Yahoo stock message boards and getting people to buy stocks
so as to raise their price.

So are sexual offers/requests in the office.

I'm sure in your next elequent reply you will continue to tell us about
your lovely world in its parallel dimension, which has no relation to
ours, and we'll read it with fascination.


--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: NRC asks for reviewers for forthcoming Internet porn report

[Sunder]

On Wed, 15 Aug 2001, Jim Choate wrote:

> 
> On Thu, 16 Aug 2001, Sampo Syreeni wrote:
> 
> > Maybe, maybe not. I'm the first to agree that porn *should* be treated as
> > equal to other speech,
> 
> But 'porn' is no more speech than 'murder' is. What makes porn so
> offensive isn't the pictures, but the ACTS that had to be commited to
> create the speech. No where in the 1st does it say that you can say and do
> anything you want as long as it contains 'speech'. While the 'speech' part
> is really irrelevant (and a wrong-headed way to resolve the issues
> relating to the acts) there is still the component of the acts against
> minors that needs to be dealt with. Those acts are in no way 'speech'.


So in Choate Prime, in order that one make a movie of a person getting
shot in the head, one would have to commit murder?

So in Choate Prime, in order that one make a Godzilla stomps on Tokyo
movie, one must first see the destruction of the city of Tokyo?

So in Choate Prime, in order that one make a movie of an exploding nuclear
bomb, decimating Hiroshima, one must build such a weapon and drop it on
city?

So in Choate Prime, are there no cartoons because it would be impossible
to create them in real life?

Porn is speech, the same as any other type of magazine, movie, sound, etc.
The acts can and have been faked, as are the sound effects.

The speech part isn't irrelevant, it's the whole, and only point of this
disucssion.


Yes, I know you'd bring up kiddy porn, but recall that not only movies of
such acts are banned, but so are cartoons, comic books, etc. depicting
such acts.  In other words, here in the real world (i.e. not in Choate
Prime), kiddy porn is thought crime, and thus it is restricted speech.

So is going on Yahoo stock message boards and getting people to buy stocks
so as to raise their price.

So are sexual offers/requests in the office.

I'm sure in your next elequent reply you will continue to tell us about
your lovely world in its parallel dimension, which has no relation to
ours, and we'll read it with fascination.


--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: CDR: Re: Manhattan Mid-Afternoon

[Sunder]

It was indeed very sureal.  Everyone was calm and quiet, no crazy panicked
mobs, just orderly, slow, methodical evacuation...  Of course the first
thing to go was cell phones, just from the sheer volume.  I did manage one
or two calls to loved ones.

There was a smaller queue of people in Radio Shack snapping up every
single radio they could find...  others were going to grocery stores to
get water and food, still others went to bars.  It was so fucking surreal,
I guess the shock of what happened hasn't sunk in my head yet, but I just
can't stop watching CNN.  I was listening to the radio all day, hoping for
more bits of truth

I was in the subway at the time it happened, going downtown.  The train
stopped and got turned around.  I had no idea of what had happened.  When
the conductor announced that we were going back to 14th street, of course
we asked questions, we were told "Go home, be happy you're alive!"

Being in a shitty economy like this, I was seriously worried about being
late due to another subway fuckup...  I just barely got a job after three
months of being weaned off the .com nipple...  I didn't realize the
severity of it, until I got above ground and saw the huge plume of smoke
and the missing WTC towers...

When I got out, people were just walking around aimlessly, then eventually
they started heading north.  I ran across a Radio Shack and managed to
pick up a small shortwave so I could find out what had happened.

I walked, and walked and walked, people saw I had a radio and asked what I
heared, and I stopped at places turning it up letting them hear the news.  
Of course some of the glory sucking weasels on 770AM(?) WOR would try to
twist things to make themselves look good.  

Some asshole reporter/dj/etc named "Ed" was dropping that he'd been in
Vietnam, and how this is a tragedy, how he knew all along that Bush was
going to go to the SAC base in Alabama(???) though he earlier said he
thought Bush would go to a mil location in Fl, just being an annoying
prick and not getting the news out but rather basking in the tragedy of it
all


What pisses me off is that these fuckers managed to hiijack four planes by
using nothing but knives.  How the fuck could a bunch of guys do
that?  Nobody fought back?  Nobody charged at them?

And the silliest of all things, now, they will heighten security
further.  Great.  Didn't work before, certainly didn't work today.  How do
they expect metal detectors, silly questions such as "has your luggage
been in your sight all day long", and id checks to prevent attacks like
this propagated by suicidal religeous fanatical assholes?

If they had any sense, they'd have everyone on the plane carry guns.  The
second anyone tried anything, everyone would be able to stop them in
seconds.

This attack was possibly the biggest "hack" of the century.  The bastards
lost very little.  Used our own resources against us.  Very effective.  

I'm very outraged at this - a bunch of guys with knives did this!


I hope Bush has the balls to nuke'em back to the stone age!


This is amazing.  The NSA spends, what, $4.5 billion of our tax dollars a
year?  The CIA $2B?  With all that surveilance, with all that heigtened
security at airports, with all that sigintel and humintel, a bunch of rag
heads with knives managed this!

Why do these fuckers have a salary?

Go ahead, turn the USA into fucking Cold War era Russia.  Put face
scanners everywhere.  Give everyone travel visas to just pass from one
town to another.  Put metal detectors up our asses.  Go ahead.   

But don't tell me you could have prevented something like this by doing
so.  Don't tell me your future lockdowns, curfrews, heigtened security
checks, road blocks, id checks, or any of that would have, could have, or
ever will prevent this sort of attack.

Admit the truth oh dear government.  You're useless.  Sure, bring in the
reserves, bring in the troops.  All you can do with them is clean up the
debris.  Go ahead put destroyers in the east and hudson river.  Fly F14's
around Manhattan.  It's still already too late for those that perished in
WTC 1,2, and 7.  It's not like the ragheads are likely to come flying migs
to NYC and shoot missles or come by boat - if they had such resources at
their disposal, they wouldn't have done it this way.

Had you allowed us citizens concealed carry guns through airports, had
even a small percentage of those on the downed airplanes carried guns,
this would have never happened.  But no, instead of arming us, you make us
weaker, disarm us further and further, so that we can be even more
vulnerable.  You stupid fucking morons!  What a waste!


Hope someone got a clue from this, but I doubt it.  Hope the Echelon
engines pick this up, and someone, somewhere, with a bit of sense will
wake up and get a clue.  Don't disarm America!  Let us arm ourselves.  Do
it for the children we will be able to protect from these nuts!  

Yes, you, Jeff Gordon, trolling for bits of info to find someone 

RE: Manhattan Mid-Afternoon

[Sunder]

On Tue, 11 Sep 2001, Normen Nomesco wrote:

> Oh and Im sure having guns on board planes would work out great
> especially considering the increase of people having huge fucking fits
> and having to be held down on planes, yeah, lets arm people on planes.
> Have you ever fucking even been on a plan?  I wouldn't trust most of my fellow
> monkeys with a sharp edge on the free peanuts.

Fuck you and get a clue.  You're assuming that 90% of the population is
irresponsible for itself.  Today, I know for a fact that we are good,
honest, law abiding folk.  No doubt, no ifs, no buts.  I didn't see
looting, I didn't see insanity, I didn't see a single soul that did not
try and help his fellow exodee (if you would allow me the lattitude in
inventing the word.)

In fact, most people are not going to go around killing each other.  Even
if they could.  Most people are going to help each other.

Have you ever thought it out for a second past the media bullshit you'v
been spoon fed about how guns are evil?  They're not evil, they're
tools.  They're equalizers.  They make the smallest pipsqueak equal to the
tallest muscular bad ass out there.   And that in itself is why we need
them.  Two factors: a) 90+% of the population isn't interested in hurting
others.  B) when those that would pop out from under their rocks, they
would be surrounded by those who would put them out of everyone's misery
without the slightest hesitation.
 
> I am sickened that you would make this correlation in an attempt
> to further the banner of gun proliferation.
> 
> Did you ever stop to think that
> UM...
> If you could bring a gun on board a plane, the terrorist would have GUNS
> instead of knifes and cardboard cutters.

Yes, and didn't you stop to think for a second that if a single terrorist
had a gun, but he was surrounded by fifty others against him with guns
that he would not survive?  Even if he were suicidal?

Think for a second.  Yes, he could put his gun to the head of a child next
to him, and quite likely suceede in murdering that child.  But he would
not be able to achieve any goals whatsoever.  HE would be shot down
instantly without mercy.

A terrorist's goal is a simple one.  TO force others to his will.  If he
knows he will die and is willing to die, he will do this gladly as we saw
today.  But if he knows that he will die and not achive his goals, if the
price is one terrorist's life for that of an innocent versus eight
terrorists for the price of 20,000, he wouldn't even attempt such a thing.

> Yeah, im sure mr fat and lazy American middle class business man
> with his .38 and his 20 hours on the range will be able to easily take on
> someone who has spent 30 years fighting as a terrorist and being trained
> sine he was 10 years old.  

I'm 100% positive that a single armed terrorist with the best training in
the world would perish within seconds at the hands of 50+ such businessmen
before taking out more than several victims.  To understand this, you must
think as they did.

They suceeded in sacrificing eight of their lives on two planes - or so
the reports say 3-4 ragheads per plan with sharp implements managed to
raze at least three buildings.  I don't know how many died, but they said
that over 10,000 people worked at EACH of those buildings.  I hope most of
them managed to get out.

Back to the point: the bastards did the math just as well.  Eight of their
lives for 20,000 of ours.  If everyone had guns, even if the terrorists
also had guns, 4 guys in a plan of 120 would not have been able to force
the plane to become a bomb.  Simple, cold, math.  You can add, can't you?

> Fighting against some of the best and well equipped
>  formal militaries in the world,  the equivalent of a hyper religious
> navy seal.

Bullshit, they had knives and sharp instruments.  No matter how well
trained a killer is, he is no match for odds like 120 to 4 against.

Yes, I grant you, of those 120, many would have died.  But not thousands.

> I can see it now, 2 blue haired republican nuns with .22 took them on and 
> won and the world was safe.

And why the fuck not.  Guns again are equalizers,  They make the weakest
of us into an equal of the strongest of them.
 
> Yeah, I am sure that having guns on the plane would have saved everyone.

No, not everyone.  But that would have saved 20,000 lives at a cost of
perhaps three or four innocents.
 
> Even on this list, I rarely say it
> your a fucking moron

Look in the mirror.  Learn the math.  Learn the crime statistics of those
cities and states that outright ban guns versus those that don't. Then
perhaps you can remove your socialist gun-paranoid foot from that hole you
utter words with.

NSA monitors domestic cellular

[Sunder]

This is, I hate to say it, the one time I am glad that they can do
this.  I hope they can find out who is responsible for this.  I hope some
other brave souls were able to use their cell phones to provide clues to
find these bastards.

No, I'm still opposed to the NSA's invasion of our privacy.  But in a
twisted way, I hope they can track these fuckers down.

--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

On Tue, 11 Sep 2001, Jonathan Wienke wrote:

> ABC news anchor Peter Jennings just said that the NSA is going through their 
>recordings of cellular phone calls to see if they can find other cellular calls 
>similar to the one from Ted Olson's wife who was on the plane that crashed into the 
>Pentagon.
> 
> 

Re: NSA monitors domestic cellular

[Sunder]

This is, I hate to say it, the one time I am glad that they can do
this.  I hope they can find out who is responsible for this.  I hope some
other brave souls were able to use their cell phones to provide clues to
find these bastards.

No, I'm still opposed to the NSA's invasion of our privacy.  But in a
twisted way, I hope they can track these fuckers down.

--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

On Tue, 11 Sep 2001, Jonathan Wienke wrote:

> ABC news anchor Peter Jennings just said that the NSA is going through their 
>recordings of cellular phone calls to see if they can find other cellular calls 
>similar to the one from Ted Olson's wife who was on the plane that crashed into the 
>Pentagon.

Re: CDR: RE: Manhattan Mid-Afternoon

[Sunder]

On Tue, 11 Sep 2001, Normen Nomesco wrote:

> 
> >At gun ranges across the country, where just about everybody is armed,
> >physical violence is virtually nonexistent. Ever wonder why this is the
> >case? After thinking about it for a while, even the slower ones amongst us
> >might be able to figure out the cause.
> 
> Gun ranges are places were reasonable people go in a normal state of mind
> a gun range is not the real world
> 
> the real world does not have a weapons master on site
> and you are not given ear plugs and the chance to reload
> 

No shit Sherlock, when did that dawn upon you?  But hey, guess
what?  When you go to driving school, you have nice stickers on the car
that say "Student Driver" and you have an instructor (car master?) who has
a second brake incase you fuck up so you can learn.

But once you leave the driving school and have your license, you're in the
real world.  You don't have the student driver stickers, nor the "car
master" next to you.

In an airplane with 3-4 terrorists, you'd presumably be one passenger of
120.  If even 5% of the passengers had guns, none would have to reload.  I
highly doubt that they would need a weapons master to tell them how to
hold a gun.  I certainly think that most people would be glad they were
alive and unhurt thanks to said gun carriers, and would mind the ringing
in their ears far less than being dead.

And certainly assuming most guns have at least 6 shots, multiplied by 6
people (that's 5% of 120 people) would give you 36 shots to put 4 assholes
out of everyone's misery, I don't think you have to worry about reloading.

You have very little to add to this conversation Mr. Anti Gun.

Re: CDR: RE: Manhattan Mid-Afternoon

[Sunder]

On Tue, 11 Sep 2001, Normen Nomesco wrote:

> Oh and Im sure having guns on board planes would work out great
> especially considering the increase of people having huge fucking fits
> and having to be held down on planes, yeah, lets arm people on planes.
> Have you ever fucking even been on a plan?  I wouldn't trust most of my fellow
> monkeys with a sharp edge on the free peanuts.

Fuck you and get a clue.  You're assuming that 90% of the population is
irresponsible for itself.  Today, I know for a fact that we are good,
honest, law abiding folk.  No doubt, no ifs, no buts.  I didn't see
looting, I didn't see insanity, I didn't see a single soul that did not
try and help his fellow exodee (if you would allow me the lattitude in
inventing the word.)

In fact, most people are not going to go around killing each other.  Even
if they could.  Most people are going to help each other.

Have you ever thought it out for a second past the media bullshit you'v
been spoon fed about how guns are evil?  They're not evil, they're
tools.  They're equalizers.  They make the smallest pipsqueak equal to the
tallest muscular bad ass out there.   And that in itself is why we need
them.  Two factors: a) 90+% of the population isn't interested in hurting
others.  B) when those that would pop out from under their rocks, they
would be surrounded by those who would put them out of everyone's misery
without the slightest hesitation.
 
> I am sickened that you would make this correlation in an attempt
> to further the banner of gun proliferation.
> 
> Did you ever stop to think that
> UM...
> If you could bring a gun on board a plane, the terrorist would have GUNS
> instead of knifes and cardboard cutters.

Yes, and didn't you stop to think for a second that if a single terrorist
had a gun, but he was surrounded by fifty others against him with guns
that he would not survive?  Even if he were suicidal?

Think for a second.  Yes, he could put his gun to the head of a child next
to him, and quite likely suceede in murdering that child.  But he would
not be able to achieve any goals whatsoever.  HE would be shot down
instantly without mercy.

A terrorist's goal is a simple one.  TO force others to his will.  If he
knows he will die and is willing to die, he will do this gladly as we saw
today.  But if he knows that he will die and not achive his goals, if the
price is one terrorist's life for that of an innocent versus eight
terrorists for the price of 20,000, he wouldn't even attempt such a thing.

> Yeah, im sure mr fat and lazy American middle class business man
> with his .38 and his 20 hours on the range will be able to easily take on
> someone who has spent 30 years fighting as a terrorist and being trained
> sine he was 10 years old.  

I'm 100% positive that a single armed terrorist with the best training in
the world would perish within seconds at the hands of 50+ such businessmen
before taking out more than several victims.  To understand this, you must
think as they did.

They suceeded in sacrificing eight of their lives on two planes - or so
the reports say 3-4 ragheads per plan with sharp implements managed to
raze at least three buildings.  I don't know how many died, but they said
that over 10,000 people worked at EACH of those buildings.  I hope most of
them managed to get out.

Back to the point: the bastards did the math just as well.  Eight of their
lives for 20,000 of ours.  If everyone had guns, even if the terrorists
also had guns, 4 guys in a plan of 120 would not have been able to force
the plane to become a bomb.  Simple, cold, math.  You can add, can't you?

> Fighting against some of the best and well equipped
>  formal militaries in the world,  the equivalent of a hyper religious
> navy seal.

Bullshit, they had knives and sharp instruments.  No matter how well
trained a killer is, he is no match for odds like 120 to 4 against.

Yes, I grant you, of those 120, many would have died.  But not thousands.

> I can see it now, 2 blue haired republican nuns with .22 took them on and 
> won and the world was safe.

And why the fuck not.  Guns again are equalizers,  They make the weakest
of us into an equal of the strongest of them.
 
> Yeah, I am sure that having guns on the plane would have saved everyone.

No, not everyone.  But that would have saved 20,000 lives at a cost of
perhaps three or four innocents.
 
> Even on this list, I rarely say it
> your a fucking moron

Look in the mirror.  Learn the math.  Learn the crime statistics of those
cities and states that outright ban guns versus those that don't. Then
perhaps you can remove your socialist gun-paranoid foot from that hole you
utter words with.
 

RE: Manhattan Mid-Afternoon

[Sunder]

On Tue, 11 Sep 2001, Normen Nomesco wrote:

> 
> >At gun ranges across the country, where just about everybody is armed,
> >physical violence is virtually nonexistent. Ever wonder why this is the
> >case? After thinking about it for a while, even the slower ones amongst us
> >might be able to figure out the cause.
> 
> Gun ranges are places were reasonable people go in a normal state of mind
> a gun range is not the real world
> 
> the real world does not have a weapons master on site
> and you are not given ear plugs and the chance to reload
> 

No shit Sherlock, when did that dawn upon you?  But hey, guess
what?  When you go to driving school, you have nice stickers on the car
that say "Student Driver" and you have an instructor (car master?) who has
a second brake incase you fuck up so you can learn.

But once you leave the driving school and have your license, you're in the
real world.  You don't have the student driver stickers, nor the "car
master" next to you.

In an airplane with 3-4 terrorists, you'd presumably be one passenger of
120.  If even 5% of the passengers had guns, none would have to reload.  I
highly doubt that they would need a weapons master to tell them how to
hold a gun.  I certainly think that most people would be glad they were
alive and unhurt thanks to said gun carriers, and would mind the ringing
in their ears far less than being dead.

And certainly assuming most guns have at least 6 shots, multiplied by 6
people (that's 5% of 120 people) would give you 36 shots to put 4 assholes
out of everyone's misery, I don't think you have to worry about reloading.

You have very little to add to this conversation Mr. Anti Gun.

Re: The 4th Airliner Shot Down?

[Sunder]

On Tue, 11 Sep 2001, Jim Choate wrote:

> There was also several eye witnesses that said the first tower was hit by
> a missile...

They were right.  The plane was effectively a missle, and come to think of
it not a bomb.  Bomb is something that isn't launched, it's carried or
dropped.  A missle is launched, it flies.  Like the planes.

Yes, of course plane!=missle, but in this case, it effectively was.

Granted, there will almost always be a witness that will say it was aliens
from the 8th dimention too...
 
> Clearly these people don't have a clue of the size differential.
> 
> I would be so bold to say that since the New York crash a few years ago
> that there will almost always be a witness that saw a 'missile'.
> 

Re: The 4th Airliner Shot Down?

[Sunder]

On Tue, 11 Sep 2001, Jim Choate wrote:

> There was also several eye witnesses that said the first tower was hit by
> a missile...

They were right.  The plane was effectively a missle, and come to think of
it not a bomb.  Bomb is something that isn't launched, it's carried or
dropped.  A missle is launched, it flies.  Like the planes.

Yes, of course plane!=missle, but in this case, it effectively was.

Granted, there will almost always be a witness that will say it was aliens
from the 8th dimention too...
 
> Clearly these people don't have a clue of the size differential.
> 
> I would be so bold to say that since the New York crash a few years ago
> that there will almost always be a witness that saw a 'missile'.

Re: NSA monitors domestic cellular

[Sunder]

"National security"is the passphrase to the constitution.  Or haven't you
noticed.

In this case, I don't think anyone will complain very loudly.  In this
case, for once, the NSA would be right, and it wouldn't just be FUD.

--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

On Tue, 11 Sep 2001, Derek Balling wrote:

> Doesn't domestic surveillance of civilian cel-phone calls, without a 
> warrant, fall into a really "Gray"[1] area? I thought NSA wasn't 
> permitted to do that...
> 
> D
> 
> [1] For suitably dark and illegal values of gray
> 
> At 12:36 AM -0400 9/12/01, [EMAIL PROTECTED] wrote:
> >A great deal more the cellulars are monitored
> >Specifically all outbound domectic traffic with an international IP 
> >address and all inbound
> >traffic from abroard is parsed for key words and phases.
> >
> >Jonathan Wienke wrote:
> >
> >>  ABC news anchor Peter Jennings just said that the NSA is going 
> >>through their recordings of cellular phone calls to see if they can 
> >>find other cellular calls similar to the one from Ted Olson's wife 
> >>who was on the plane that crashed into the Pentagon.
> 
> 
> -- 
> +-+-+
> | [EMAIL PROTECTED]  | "Conan! What is best in life?"  |
> |  Derek J. Balling   | "To crush your enemies, see them|
> | |driven before you, and to hear the   |
> | |lamentation of their women!" |
> +-+-+
> 

Re: NSA monitors domestic cellular

[Sunder]

"National security"is the passphrase to the constitution.  Or haven't you
noticed.

In this case, I don't think anyone will complain very loudly.  In this
case, for once, the NSA would be right, and it wouldn't just be FUD.

--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

On Tue, 11 Sep 2001, Derek Balling wrote:

> Doesn't domestic surveillance of civilian cel-phone calls, without a 
> warrant, fall into a really "Gray"[1] area? I thought NSA wasn't 
> permitted to do that...
> 
> D
> 
> [1] For suitably dark and illegal values of gray
> 
> At 12:36 AM -0400 9/12/01, [EMAIL PROTECTED] wrote:
> >A great deal more the cellulars are monitored
> >Specifically all outbound domectic traffic with an international IP 
> >address and all inbound
> >traffic from abroard is parsed for key words and phases.
> >
> >Jonathan Wienke wrote:
> >
> >>  ABC news anchor Peter Jennings just said that the NSA is going 
> >>through their recordings of cellular phone calls to see if they can 
> >>find other cellular calls similar to the one from Ted Olson's wife 
> >>who was on the plane that crashed into the Pentagon.
> 
> 
> -- 
> +-+-+
> | [EMAIL PROTECTED]  | "Conan! What is best in life?"  |
> |  Derek J. Balling   | "To crush your enemies, see them|
> | |driven before you, and to hear the   |
> | |lamentation of their women!" |
> +-+-+

Re: Manhattan Mid-Afternoon

[Sunder]

It was indeed very sureal.  Everyone was calm and quiet, no crazy panicked
mobs, just orderly, slow, methodical evacuation...  Of course the first
thing to go was cell phones, just from the sheer volume.  I did manage one
or two calls to loved ones.

There was a smaller queue of people in Radio Shack snapping up every
single radio they could find...  others were going to grocery stores to
get water and food, still others went to bars.  It was so fucking surreal,
I guess the shock of what happened hasn't sunk in my head yet, but I just
can't stop watching CNN.  I was listening to the radio all day, hoping for
more bits of truth

I was in the subway at the time it happened, going downtown.  The train
stopped and got turned around.  I had no idea of what had happened.  When
the conductor announced that we were going back to 14th street, of course
we asked questions, we were told "Go home, be happy you're alive!"

Being in a shitty economy like this, I was seriously worried about being
late due to another subway fuckup...  I just barely got a job after three
months of being weaned off the .com nipple...  I didn't realize the
severity of it, until I got above ground and saw the huge plume of smoke
and the missing WTC towers...

When I got out, people were just walking around aimlessly, then eventually
they started heading north.  I ran across a Radio Shack and managed to
pick up a small shortwave so I could find out what had happened.

I walked, and walked and walked, people saw I had a radio and asked what I
heared, and I stopped at places turning it up letting them hear the news.  
Of course some of the glory sucking weasels on 770AM(?) WOR would try to
twist things to make themselves look good.  

Some asshole reporter/dj/etc named "Ed" was dropping that he'd been in
Vietnam, and how this is a tragedy, how he knew all along that Bush was
going to go to the SAC base in Alabama(???) though he earlier said he
thought Bush would go to a mil location in Fl, just being an annoying
prick and not getting the news out but rather basking in the tragedy of it
all


What pisses me off is that these fuckers managed to hiijack four planes by
using nothing but knives.  How the fuck could a bunch of guys do
that?  Nobody fought back?  Nobody charged at them?

And the silliest of all things, now, they will heighten security
further.  Great.  Didn't work before, certainly didn't work today.  How do
they expect metal detectors, silly questions such as "has your luggage
been in your sight all day long", and id checks to prevent attacks like
this propagated by suicidal religeous fanatical assholes?

If they had any sense, they'd have everyone on the plane carry guns.  The
second anyone tried anything, everyone would be able to stop them in
seconds.

This attack was possibly the biggest "hack" of the century.  The bastards
lost very little.  Used our own resources against us.  Very effective.  

I'm very outraged at this - a bunch of guys with knives did this!


I hope Bush has the balls to nuke'em back to the stone age!


This is amazing.  The NSA spends, what, $4.5 billion of our tax dollars a
year?  The CIA $2B?  With all that surveilance, with all that heigtened
security at airports, with all that sigintel and humintel, a bunch of rag
heads with knives managed this!

Why do these fuckers have a salary?

Go ahead, turn the USA into fucking Cold War era Russia.  Put face
scanners everywhere.  Give everyone travel visas to just pass from one
town to another.  Put metal detectors up our asses.  Go ahead.   

But don't tell me you could have prevented something like this by doing
so.  Don't tell me your future lockdowns, curfrews, heigtened security
checks, road blocks, id checks, or any of that would have, could have, or
ever will prevent this sort of attack.

Admit the truth oh dear government.  You're useless.  Sure, bring in the
reserves, bring in the troops.  All you can do with them is clean up the
debris.  Go ahead put destroyers in the east and hudson river.  Fly F14's
around Manhattan.  It's still already too late for those that perished in
WTC 1,2, and 7.  It's not like the ragheads are likely to come flying migs
to NYC and shoot missles or come by boat - if they had such resources at
their disposal, they wouldn't have done it this way.

Had you allowed us citizens concealed carry guns through airports, had
even a small percentage of those on the downed airplanes carried guns,
this would have never happened.  But no, instead of arming us, you make us
weaker, disarm us further and further, so that we can be even more
vulnerable.  You stupid fucking morons!  What a waste!


Hope someone got a clue from this, but I doubt it.  Hope the Echelon
engines pick this up, and someone, somewhere, with a bit of sense will
wake up and get a clue.  Don't disarm America!  Let us arm ourselves.  Do
it for the children we will be able to protect from these nuts!  

Yes, you, Jeff Gordon, trolling for bits of info to find someone 

Re: CDR: RE: Manhattan Mid-Afternoon

[Sunder]

I'd still fucking rush them if I had been there.  If anything it would
wake everyone else up to do the same.

--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

On Tue, 11 Sep 2001, Normen Nomesco wrote:

> 
> >I'm 100% positive that a single armed terrorist with the best training in
> >the world would perish within seconds at the hands of 50+ such businessmen
> >before taking out more than several victims.  To understand this, you must
> >think as they did.
> 
> Then how come 84 unarmed people could not take aproximatly 4 people armed 
> with razor blades.
> Agh, I see it, they didn't have guns.  Shit 10 kids could probably rush and 
> take an adult
> armed with a knife, if they rushed him.  At least one terrorist was flying, 
> so what thats
> 84 people against 3 armed with exacto razor blades?
> 
> 
> Bullshit, they had knives and sharp instruments.  No matter how well
> >trained a killer is, he is no match for odds like 120 to 4 against.
> 
> How about odds of 20 to 1 with the one having a knife
> 
> 
> ---
> 
> 
> 

RE: Manhattan Mid-Afternoon

[Sunder]

I'd still fucking rush them if I had been there.  If anything it would
wake everyone else up to do the same.

--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

On Tue, 11 Sep 2001, Normen Nomesco wrote:

> 
> >I'm 100% positive that a single armed terrorist with the best training in
> >the world would perish within seconds at the hands of 50+ such businessmen
> >before taking out more than several victims.  To understand this, you must
> >think as they did.
> 
> Then how come 84 unarmed people could not take aproximatly 4 people armed 
> with razor blades.
> Agh, I see it, they didn't have guns.  Shit 10 kids could probably rush and 
> take an adult
> armed with a knife, if they rushed him.  At least one terrorist was flying, 
> so what thats
> 84 people against 3 armed with exacto razor blades?
> 
> 
> Bullshit, they had knives and sharp instruments.  No matter how well
> >trained a killer is, he is no match for odds like 120 to 4 against.
> 
> How about odds of 20 to 1 with the one having a knife
> 
> 
> ---

Re: Cypherpunks and terrorism

[Sunder]

On Wed, 12 Sep 2001, Nomen Nescio wrote:

> Sure, but whose chicken?  Maybe our own policies and beliefs have turned
> against us, to our detriment.  There have been a number of reports that
> bin Laden uses cryptography and even steganography tools.  This could
> still have a significant crypto connection.

So fucking what?  I'm sure he also uses toilet paper and soap, cellphones,
pens and paper. Hey, let's ban those too.  If a terrorist uses such items,
heaven forbid should anyone else be allowed to lest they be likened to a
terrorist!
 
> But if not this time, then next time.  Sooner or later a catastrophe
> will happen due to our technology.

Oh, you mean like Hiroshima or Nagasaki?  Oh well, let's just shit on
Uncle Sam for inventing the nuclear weapons before Germany could.  Nah, we
should have idly stood by while Germany built their own nukes, that way
you couldn't blame "our technology"

> Most people's worries seem narrow.  "Will I get in trouble?  Will the
> software be banned?"

I think at this time, and I don't speak for most people - I'm simply using
my own views and extrapolating, that most people are glad they are alive
and breathing.  Most people are pissed and want retaliation.  Most people
aren't thinking "Hmmm, maybe I shouldn't use crypto, the telephone, mp3's
or the radio because they can also be used by terrorists."
 
> What about, "Should I be a contributor to the murder of thousands?  Should
> I be promoting technology which could lead to a backlash against freedom?"

Hey two way radios, cell phones, pen and paper, ink, cutlery can be used
against freedom.  Do you see Gerber, the knife makers volutarily going out
of business?  Or whatever company made the plastic knives used in this
attack because they were used by terroists?

Did Ryder, the company whose moving van McVeigh used to bomb OKC shut down
because their "technology" could be used by terrorists?

Get a fucking clue you troll!
 
> Some terrorists have exactly this as their goal.  They are hoping
> to trigger a counter-reaction, an over-reaction, by the authorities.
> They want to see a crackdown on liberties, a police state.  This will
> weaken the enemy and demoralize him.  It will increase hostility and
> make the population less willing to support the government.

Perhaps, but I think terror is the ultimate goal, not a supression of
freedom.  Fear, uncertainty and doubt, not a loss of freedom are the aims
of terrorists.  After all if they were worried about freedom being such an
important thing, their countries would have freedom, rather than the
extreme religeous bans.
 
> Perhaps some readers share this view.  Tim May, spiritual leader of the
> cypherpunks, has expressed support for the actions of Timothy McVeigh
> in murdering schoolchildren in Oklahoma City.  He has frequently called
> for the killing of every resident of Washington, D.C.  Will he now speak
> out in favor of the death of tens of thousands in New York City?
> 
> Perhaps, for him, this is the true cypherpunk goal: promote murder and
> catastrophe in order to trigger a spasm of Western totalitarianism,
> hoping that the state will then self-destruct.
> 
> If so, then laws like the DMCA and SSSCA should be welcomed with open
> arms.  Likewise with prosecutions for pornography and, even better,
> bans on software technologies.  These measures work hand in hand with
> the responses to terrorism in strengthening the control of the state
> over the individual.

DMCA and SSSCA have to do with mp3's and videos. Not crypto.  Now I'm
100% certain that you are a troll sent to demoralize this list against
cryptology.  Go fuck yourself.

 
> Those few remaining cypherpunks who cling to the original goal of freedom,
> privacy and liberty, should face the moral issues squarely.  A case
> can be made that the technologies we favor are a positive force in the
> world, even though they can be used for destructive means.  But there are
> arguments on both sides, especially in a world where a few people can use
> the shield of anonymity to coordinate actions that lead to massive deaths.
> 
> The point is, cypherpunks must face and accept the responsibility for
> the harm their technologies can cause, as they should also feel pride
> in the positive effects.  And they must be able to show, at least to
> themselves, that the positives outweigh the negatives.

Ok Mr. Troll, go and dig out the proof that said terrorists were
cypherpunks.  Go and dig out the proof that Diffie, Hellman, Rivest,
Shamir, Adelman, Schneier, and Zimmerman were on those planes holding
plastic knives.  

Fucking troll!  If anything, you have a lot more in common with those
responsible for this atrocy than you do with any freedom loving citizen of
the USA.  Or for that matter any cypherpunk.

This was an attack against our liberty.  Against our freedom.  Perpetrated
by those who hate liberty and would love to enslave their countries under
severe religious laws.  They hate us most of all because they 

RE: Cypherpunks and terrorism

[Sunder]

On Wed, 12 Sep 2001, Nomen Nescio wrote:

> Sure, but whose chicken?  Maybe our own policies and beliefs have turned
> against us, to our detriment.  There have been a number of reports that
> bin Laden uses cryptography and even steganography tools.  This could
> still have a significant crypto connection.

So fucking what?  I'm sure he also uses toilet paper and soap, cellphones,
pens and paper. Hey, let's ban those too.  If a terrorist uses such items,
heaven forbid should anyone else be allowed to lest they be likened to a
terrorist!
 
> But if not this time, then next time.  Sooner or later a catastrophe
> will happen due to our technology.

Oh, you mean like Hiroshima or Nagasaki?  Oh well, let's just shit on
Uncle Sam for inventing the nuclear weapons before Germany could.  Nah, we
should have idly stood by while Germany built their own nukes, that way
you couldn't blame "our technology"

> Most people's worries seem narrow.  "Will I get in trouble?  Will the
> software be banned?"

I think at this time, and I don't speak for most people - I'm simply using
my own views and extrapolating, that most people are glad they are alive
and breathing.  Most people are pissed and want retaliation.  Most people
aren't thinking "Hmmm, maybe I shouldn't use crypto, the telephone, mp3's
or the radio because they can also be used by terrorists."
 
> What about, "Should I be a contributor to the murder of thousands?  Should
> I be promoting technology which could lead to a backlash against freedom?"

Hey two way radios, cell phones, pen and paper, ink, cutlery can be used
against freedom.  Do you see Gerber, the knife makers volutarily going out
of business?  Or whatever company made the plastic knives used in this
attack because they were used by terroists?

Did Ryder, the company whose moving van McVeigh used to bomb OKC shut down
because their "technology" could be used by terrorists?

Get a fucking clue you troll!
 
> Some terrorists have exactly this as their goal.  They are hoping
> to trigger a counter-reaction, an over-reaction, by the authorities.
> They want to see a crackdown on liberties, a police state.  This will
> weaken the enemy and demoralize him.  It will increase hostility and
> make the population less willing to support the government.

Perhaps, but I think terror is the ultimate goal, not a supression of
freedom.  Fear, uncertainty and doubt, not a loss of freedom are the aims
of terrorists.  After all if they were worried about freedom being such an
important thing, their countries would have freedom, rather than the
extreme religeous bans.
 
> Perhaps some readers share this view.  Tim May, spiritual leader of the
> cypherpunks, has expressed support for the actions of Timothy McVeigh
> in murdering schoolchildren in Oklahoma City.  He has frequently called
> for the killing of every resident of Washington, D.C.  Will he now speak
> out in favor of the death of tens of thousands in New York City?
> 
> Perhaps, for him, this is the true cypherpunk goal: promote murder and
> catastrophe in order to trigger a spasm of Western totalitarianism,
> hoping that the state will then self-destruct.
> 
> If so, then laws like the DMCA and SSSCA should be welcomed with open
> arms.  Likewise with prosecutions for pornography and, even better,
> bans on software technologies.  These measures work hand in hand with
> the responses to terrorism in strengthening the control of the state
> over the individual.

DMCA and SSSCA have to do with mp3's and videos. Not crypto.  Now I'm
100% certain that you are a troll sent to demoralize this list against
cryptology.  Go fuck yourself.

 
> Those few remaining cypherpunks who cling to the original goal of freedom,
> privacy and liberty, should face the moral issues squarely.  A case
> can be made that the technologies we favor are a positive force in the
> world, even though they can be used for destructive means.  But there are
> arguments on both sides, especially in a world where a few people can use
> the shield of anonymity to coordinate actions that lead to massive deaths.
> 
> The point is, cypherpunks must face and accept the responsibility for
> the harm their technologies can cause, as they should also feel pride
> in the positive effects.  And they must be able to show, at least to
> themselves, that the positives outweigh the negatives.

Ok Mr. Troll, go and dig out the proof that said terrorists were
cypherpunks.  Go and dig out the proof that Diffie, Hellman, Rivest,
Shamir, Adelman, Schneier, and Zimmerman were on those planes holding
plastic knives.  

Fucking troll!  If anything, you have a lot more in common with those
responsible for this atrocy than you do with any freedom loving citizen of
the USA.  Or for that matter any cypherpunk.

This was an attack against our liberty.  Against our freedom.  Perpetrated
by those who hate liberty and would love to enslave their countries under
severe religious laws.  They hate us most of all because they

Re: Cypherpunks and terrorism

[Sunder]

On Thu, 13 Sep 2001, Nomen Nescio wrote:

> Declan McCullagh writes:
> > On Wed, Sep 12, 2001 at 06:00:46PM +0200, Nomen Nescio wrote:
> > > Some terrorists have exactly this as their goal.  They are hoping
> > > to trigger a counter-reaction, an over-reaction, by the authorities.
> > > They want to see a crackdown on liberties, a police state.  This will
> > > weaken the enemy and demoralize him.  It will increase hostility and
> > > make the population less willing to support the government.
> >
> > This is nonsense. I suspect the bin Laden want the U.S. to stop
> > handing Israel billions of dollars a year in aid and weapons. Not
> > bombing pharmecutical plants and lifting an embargo that kills
> > hundreds of thousands (allegedly) of Iraqi women and children might be
> > a nice move too.
> 
> It's always amazing to see how stupid the responses are to various
> messages.  There seems to be no limit to the ignorance of the cypherpunks.

There is certainly no limit to the stupidity of those who would try to
twist our views to those of trolls, schills, and fools.  Any two bit moron
can tell us what we should think.  I believe it is our responsability to
point this out publically, and let others take notice that we are subtly
manipulated by those with an agenda.

If you are indeed the same anonymous troll (note: not that I believe
anonymous remailers are bad!) who yesterday posted that cryptography was
bad, that cypherpunks are responsible in any way shape or form with this
terrorist act, that the DMCA and the like are good, my answer to you is
still: Go fuck yourself.

The terrorists have several agendas certainly.  One of which is causing
fear uncertainty and doubt.  Sadly, there are reports that this is
somewhat sucessful.  I personally, do not and will not feel fear,
uncertainty or doubt.  I will not allow this event to cloud or otherwise
alter the way in which I live.  The only change in me, and again, I do not
claim to speak for others, is that I feel rage towards them.

I do not believe that any heightened security measures at airports or
anywhere else will prevent this sort of thing from happening
again.  Previously, they had used guns, now they used knives, to
hijack airplanes.  Previously they have used car bombs.  I do not believe
they will continue to do the same because of the clampdowns.

But it is silly to think that anything short of hunting these bastards
down would stop them.  Curtailing any of our freedoms is inherently a bad
side effect, and mark my words, will not prevent further attacks.

One good thing that comes out of this is the deployment of sky marshals as
they are being called.  Finally someone somewhere has sense enough to
realize that "Gun" is not a four letter word and is necessary.

But what happens when they manage to switch places with a sky marshal and
thus have a vector of infiltration?  Shouldn't the pilots, crew and yes,
even passengers have guns?  Again, I operate with the full and confident
knowlege that 90+% of the population is good and law abiding.  That
allowing the public to be its own defender is by far more effective than
disarming them.

The one proven effective way to deal with them was displayed by the heros
who rushed the cabin and forced the fourth plane down in Pittsburgh.  We
as a society have become too complacent, too much the sheeple.  We must
re-learn what the founders of this country knew.  That liberty must be
defended and fought for.  With our lives.  We must not restrict our
freedoms, we must rather fight back with everything we've got.

The terroristas' agenda may be one of revenge, FUD, economic collapse, and
wishes to cause the public to force the government to change our policies
towards Israel and interfearing in their countries.

They do not wish us to tighten security, for that would work against them,
but in a very real sense, if we do, we allow their acts to curtail our
freedoms, and that is the only thing that separates our country's form of
government from the Taliban run Afghanistan.  

Yes, we have more land, more resources, a better economy than they do.  
But our freedoms are key to this success as Soviet run Russia has shown.  
Freedom is what has made us prosperous, and if we curtail it, we march
towards the evil that is totalitarianism regardless of which face it wears
(monarchist, religeous, fascist, socialist, or communist.)

Sure, it was a stupid idea for the USA to help create the state of Israel
by taking land from Arabs that already hate Israelites and by placing it
square in the center of said Arabs, of placing the lamb so it is
surrounded by wolves.  Sure it was stupid of the USA to train and arm
these bastards* when they were called "Freedom fighters."

But the stupidest thing we have done is to allow them to live and grow.  
Never let an enemy stand is the golden rule, and perhaps now we have
learned it.  When someone declares war on the USA, even if they're just a
bunch of guys that live in tents and fuck camels fo

Re: Cypherpunks and terrorism

[Sunder]

On Thu, 13 Sep 2001, Nomen Nescio wrote:

> Declan McCullagh writes:
> > On Wed, Sep 12, 2001 at 06:00:46PM +0200, Nomen Nescio wrote:
> > > Some terrorists have exactly this as their goal.  They are hoping
> > > to trigger a counter-reaction, an over-reaction, by the authorities.
> > > They want to see a crackdown on liberties, a police state.  This will
> > > weaken the enemy and demoralize him.  It will increase hostility and
> > > make the population less willing to support the government.
> >
> > This is nonsense. I suspect the bin Laden want the U.S. to stop
> > handing Israel billions of dollars a year in aid and weapons. Not
> > bombing pharmecutical plants and lifting an embargo that kills
> > hundreds of thousands (allegedly) of Iraqi women and children might be
> > a nice move too.
> 
> It's always amazing to see how stupid the responses are to various
> messages.  There seems to be no limit to the ignorance of the cypherpunks.

There is certainly no limit to the stupidity of those who would try to
twist our views to those of trolls, schills, and fools.  Any two bit moron
can tell us what we should think.  I believe it is our responsability to
point this out publically, and let others take notice that we are subtly
manipulated by those with an agenda.

If you are indeed the same anonymous troll (note: not that I believe
anonymous remailers are bad!) who yesterday posted that cryptography was
bad, that cypherpunks are responsible in any way shape or form with this
terrorist act, that the DMCA and the like are good, my answer to you is
still: Go fuck yourself.

The terrorists have several agendas certainly.  One of which is causing
fear uncertainty and doubt.  Sadly, there are reports that this is
somewhat sucessful.  I personally, do not and will not feel fear,
uncertainty or doubt.  I will not allow this event to cloud or otherwise
alter the way in which I live.  The only change in me, and again, I do not
claim to speak for others, is that I feel rage towards them.

I do not believe that any heightened security measures at airports or
anywhere else will prevent this sort of thing from happening
again.  Previously, they had used guns, now they used knives, to
hijack airplanes.  Previously they have used car bombs.  I do not believe
they will continue to do the same because of the clampdowns.

But it is silly to think that anything short of hunting these bastards
down would stop them.  Curtailing any of our freedoms is inherently a bad
side effect, and mark my words, will not prevent further attacks.

One good thing that comes out of this is the deployment of sky marshals as
they are being called.  Finally someone somewhere has sense enough to
realize that "Gun" is not a four letter word and is necessary.

But what happens when they manage to switch places with a sky marshal and
thus have a vector of infiltration?  Shouldn't the pilots, crew and yes,
even passengers have guns?  Again, I operate with the full and confident
knowlege that 90+% of the population is good and law abiding.  That
allowing the public to be its own defender is by far more effective than
disarming them.

The one proven effective way to deal with them was displayed by the heros
who rushed the cabin and forced the fourth plane down in Pittsburgh.  We
as a society have become too complacent, too much the sheeple.  We must
re-learn what the founders of this country knew.  That liberty must be
defended and fought for.  With our lives.  We must not restrict our
freedoms, we must rather fight back with everything we've got.

The terroristas' agenda may be one of revenge, FUD, economic collapse, and
wishes to cause the public to force the government to change our policies
towards Israel and interfearing in their countries.

They do not wish us to tighten security, for that would work against them,
but in a very real sense, if we do, we allow their acts to curtail our
freedoms, and that is the only thing that separates our country's form of
government from the Taliban run Afghanistan.  

Yes, we have more land, more resources, a better economy than they do.  
But our freedoms are key to this success as Soviet run Russia has shown.  
Freedom is what has made us prosperous, and if we curtail it, we march
towards the evil that is totalitarianism regardless of which face it wears
(monarchist, religeous, fascist, socialist, or communist.)

Sure, it was a stupid idea for the USA to help create the state of Israel
by taking land from Arabs that already hate Israelites and by placing it
square in the center of said Arabs, of placing the lamb so it is
surrounded by wolves.  Sure it was stupid of the USA to train and arm
these bastards* when they were called "Freedom fighters."

But the stupidest thing we have done is to allow them to live and grow.  
Never let an enemy stand is the golden rule, and perhaps now we have
learned it.  When someone declares war on the USA, even if they're just a
bunch of guys that live in tents and fuck camels fo

Feds are talking out both sides of their asses

[Sunder]

As usual. See:

http://www.theregister.co.uk/content/57/21790.html

Feds complain Bin Laden not using hi-tech equipment
By Kieren McCarthy
Posted: 20/09/2001 at 16:57 GMT
Osama Bin Laden is evading detection by not using modern telecoms
equipment, the US intelligence services have told the press. "He switched
off a lot of communications technologies," a US intelligence spokesman
said. "Now it is other people talking for him. In an innocuous
conversation, you can't pick that out." 
Osama is so cunning, we are told, that he is now using human messengers
and family members to deliver instructions. "This isn't low-tech," a
former NSA consultant has been quoted as saying. "You'd have to really
call it no-tech."


... snip ...

Only last week, we were being told that increased surveillance - taps on
all ISPs and a backdoor in encryption systems - was the only way to stop
people like this. Now, seven days later, when hundreds of special forces
personnel are crawling around Afghanistan looking for the man, we're told
that all this technology and the billions spent on it are obsolete because
he's turned his phone off. That we are blind as a mole.

... snip ...



--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Feds are talking out both sides of their asses

[Sunder]

As usual. See:

http://www.theregister.co.uk/content/57/21790.html

Feds complain Bin Laden not using hi-tech equipment
By Kieren McCarthy
Posted: 20/09/2001 at 16:57 GMT
Osama Bin Laden is evading detection by not using modern telecoms
equipment, the US intelligence services have told the press. "He switched
off a lot of communications technologies," a US intelligence spokesman
said. "Now it is other people talking for him. In an innocuous
conversation, you can't pick that out." 
Osama is so cunning, we are told, that he is now using human messengers
and family members to deliver instructions. "This isn't low-tech," a
former NSA consultant has been quoted as saying. "You'd have to really
call it no-tech."


... snip ...

Only last week, we were being told that increased surveillance - taps on
all ISPs and a backdoor in encryption systems - was the only way to stop
people like this. Now, seven days later, when hundreds of special forces
personnel are crawling around Afghanistan looking for the man, we're told
that all this technology and the billions spent on it are obsolete because
he's turned his phone off. That we are blind as a mole.

... snip ...



--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: CDR: Re: CyberPatrol sues cryptanalysts who revealed flaws in itssoftware

[Sunder]

Ed Gerck wrote:
 
> 
> > in general, the general public profits if some secret algorithm gets
> > known. to be honest, I can't think of a single counter-example.

> As to the counter-example you ask, the general public profits by
> lack of disclosure of the algorithm that allows nuclear bombs
> to be made with 1 pound of enriched uranium.   We have less
> nuclear powers.

You say that like it's a bad thing.  It allows smaller nations to be brought up
to nuclear power status, and thus protect themselves from larger enemies.  For
instance if say Taiwan had a nuclear arsenal, then Red China would think twice
about bulling them, etc.

I'd say the general public of Taiwan would feel much safer in such a situation.


-- 
 Kaos Keraunos Kybernetos  
 + ^ +  Sunder  "Only someone completely distrustful of   /|\ 
  \|/   [EMAIL PROTECTED]all government would be opposed to what /\|/\ 
<--*-->  we are doing with surveillance cameras" \/|\/ 
  /|\   You're on the air.   -- NYC Police Commish H. Safir.  \|/ 
 + v +  Say 'Hi' to Echelon  "Privacy is an 'antisocial act'" - The FedZ.
 http://www.sunder.net ---
I love the smell of Malathion in the morning, it smells like brain cancer.

Re: CDR: Spam Prevention on digest version...?

[Sunder]

Robert Guerra wrote:
> 
> - Original Message - > cypherpunks-digestFriday, June 2 2000
> Volume 01 : Number 2201
> 
> I'd like to know if there is a DIGEST version of the list which has been
> spam filtered in some way. I don't mind other people's point of view, but
> adverts (some of them in foreign languages)  really irk me. Furthermore,
> HTML messages may be perfectly viewable by those on the non-digested
> version, on the digest version they are un-renderable..agh..!
> 
> regards
> 
> robert

Yes there is.  I run it.   To subscribe to it, send me an email to [EMAIL PROTECTED] 
with
"subscribe cpunx" in the subject.  But bewarned, I send it in batches weekly or every 
two
weeks, whether you wish for a big digest message or lots of single messages.

If you do want the digest (one big message) say "digest cpunx" in the subject.

-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: CDR: RE: MS-Nationalization By Thomas J. DiLorenzo

[Sunder]

Phillip Hallam-Baker wrote:
> 
> And that is why UNIX deserves to be thrown in the trash can. It is NOT a
> good operating system. It is poorly designed, buggy and baddly documented.
> Read the UNIX hater's manual for chapter and verse. Its success had
> everything to the fact it was once given away for free and thereby
> established a significantly larger user base than other mini operating
> systems.

As usual, you've opted to forget reality.

> Apple did a nice job of copying the Xerox Parc GUI and then hoped a bunch of
> ridiculous patents would give it an everlasting monoploy. If the company had
> not been immersed in a fog of smug self satisfaction they might have got
> Copeland finished in less than ten years.

As usual: bullshit.  Apple PAID for the Xerox PARC tour by allowing Xerox to
get lots of Apple stock.  Further, the Alto did not have all the elements of
the GUI that you see today.  Pull down menus, overlapping windows, drag and 
drop did not exist.  Apple invented them.  Learn some history before you 
attempt to climb on that there soapbox.

However, Microsoft didn't pay Xerox.  Which one is a "copy" again?
 
> The UNIX vendors appeared to think that the O/S was born in a state of
> perfection. The Linux community has done more in two years to develop the
> O/S than AT&T, Sun and all the other Unix vendors put together did in
> twenty.

With this I'll have to agree.  But the rest is as usual pure shit.


-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: CDR: RE: MS-Nationalization By Thomas J. DiLorenzo

[Sunder]

Phillip Hallam-Baker wrote:
> 
> > You confuse market share, e.g., the decision by most consumers to
> > choose Windows over OS/2 or Plan 9 or DrDOS, etc.
> 
> How are the consumers who can't cope with the Web and have to use the AOL
> version meant to be able to learn UNIX or Plan-9?

I take it you've never seen Irix or GNOME or KDE.  Irix is a System 5 distro 
that mimics the Macintosh desktop quite well for SGI machines.

KDE and GNOME are available for RedHat and other linux or BSD distributions
and implement a full desktop just like Loser "98".  There's even KDE for things
like Solaris.

As a matter of fact, the latest Redhat install runs in a GUI mode and is quite
easy to install and use.

Hell, the grandfather of a friend of mine got so sick of Windows 95 about three
years ago, that he blew it all away and installed Linux from a free CD he got
off a magazine.  And this guy's not by any stretch of the imagination a unix
or computer guy.  It's not THAT hard.

Please don't project your lack of ability and skill onto the population at
large.  It only serves to show your shortcommings.
 
> I didn't so much mind the crashing as the ad hoc unilateral extensions that
> were thrown into the spec. Cookies were a very bad solution to the problem
> they were meant to solve. There were far better solutions available.
> Netscape unilatertaly defined a proprietary extension that has become a
> major threat to privacy.

Oh, and this is bad when Netscape does it, but when Microsoft implements
just about everything in a proprietary manner, it's golden and you defend it?

> Netscape did not invent the Web but they tried very hard to give the
> impression that they did.

Oh, I'd say they did.  Mark Andersen, lest you forgot your history again,
wrote Mosaic.  The first web browser.  Then he went on to create Netscape.

Sure, there was previous work like ftp and gopher, but none took off like
the web.


-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: CDR: Re: MS-Nationalization By Thomas J. DiLorenzo

[Sunder]

Lizard wrote:
> 
> At 12:55 PM -0700 6/11/00, Tim May wrote:
> >Apple would no doubt fail if IBM and Motorola stopped making PPC
> >chips. This doesn't mean the government has any constitutional or
> >moral authority to force IBM and Motorola to stay in this business.
> 
> Which leads me to this question -- so why doesn't Bill just close up
> shop? He's got fifty+ billion dollars -- he couldn't spend it all in
> his lifetime if he tried. So why doesn't he just pull a John Galt and
> say, "Fine. I hereby close down Microsoft. We're out of business. No
> more monopoly. Have fun. I'm going to Disneyworld."

I wish he'd do that.  That would fuck the government over so badly.  If
you recall, some bigwig at the NSA gave testimony to the effect that
"Microsoft understands the needs of national security."  To me this hints
at intentional back doors.

Further, if MS were to attempt to go tits up, the government would step in
and force them to remain in business.  The judge ordered them to remain
productive.

-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

RE: CDR: RE: MS-Nationalization By Thomas J. DiLorenzo

[Sunder]

That's ok, I still got you on the Apple "stealing" from Xerox bit. :)

--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: CDR: RE: MS-Nationalization By Thomas J. DiLorenzo

[Sunder]

On Mon, 12 Jun 2000, Tim May wrote:

> --Xerox PARC had overlapping windows. Apple used the 1979 
> demonstration to redirect it's nonoverlapping windows to be 
> overlapping. This is detailed in some of the histories of PARC, 
> including "Dealers in Lightning."

Hmm, yes, now that I read back, they did have overlapping windows.
 
> (This is very imporatant because it was Dan Ingalls of the Smalltalk 
> group at PARC, called the Learning Research (or Resources) Group, who 
> invented the BITBLT algorithm which made overlapping windows 
> possible. Apple had been not been planning to use overlapping 
> windows. "Dealers in Lightning" has a good description of Bill 
> Atkinson raptly watching the demo in '79, and Jobs going back to 
> Cupertino and declaring that the new machines would support 
> overlapping windows. Microsoft apparently was late in getting the 
> message, as early versions of Word and Windows both had ridiculous 
> "tiled" windows.)

Cool, good to know.  Jef Raskin's "The Humane Interface" (ACM Press /
Addison Wesley) states that Alan Kay had proposed overlapping windows, to
get rid of modes.

> --as for pulldown menus, the PARC/Smalltalk approach is that of 
> pop-up and waterfall menus. Apple innovated in many areas; whether 
> one likes toolbar menus or pop-up menus is a matter of taste. I used 
> both in the past (Symbolics Lisp Machine and Mac) and I use both now 
> (Squeak Smalltalk and Mac).

 
> -- drag and drop didn't appear early on with the Mac...IIRC, it was 
> OS 7, circa 1990-91 that introduced it.

No, it did exist in as early as the Lisa Office System.  You could drag
icons around from one window to another, from one folder to another, from
one disk to another, etc.  Although, it wasn't quite dragging in the Lisa.

In MacOS 1.0, you had to drag the floppy to the trash can to eject it,
drag files to copy them, etc.  Sure, it was smoke and mirrors as back then
the MFS didn't really support subdirectories, but it was drag and
drop.  No document wide drag and drop, but certainly for the Finder.
 
> It's not at all clear that Apple ever paid Xerox. The tour was part 
> of a bundle in which Xerox put a small amount of seed capital into 
> Apple. This does not rise to the level of a contractual arrangement 
> of a transfer of technology!

Sure they did: 

Jobs approached the Xerox Development Corporation,
the venture capital branch of the copier giant, and
boldly told them "I will let you invest a million
dollars in Apple if you will sort of open the kimono
at Xerox PARC."

... Xerox was anxious to get a piece of the action and
was more than willing to allow an Apple contingent to
take a peek at PARC.  Afer all, an investment in Apple
was likely to turn a handsome profit when the company
eventually went public, whereas the stuff at PARC labs
was an intangible asset that might very well never make
it to market.  Xerox signed an agreement never to purchase
more than five percent of Apple's shares and invested $1
million by buying 100,000 shares at $10 each (within a
year, these split into 800,000 shares worth $17.6 million
when Apple went public.)

-- Owen W. Linzmayer, The Mac Bathroom Reader, Sybex books
ISBN 0-7821-1531-4

I'd say that allowing Xerox to buy pre-IPO shares of Apple was payment in
the form of an investment.  Cost Apple nothing at the time, but payment
none the less. :)

> (I gave tours of my lab at Intel when I was still there. This doesn't 
> constitute a contract to transfer technology.)

You're right, it wasn't a transfer of technology contract.  It was a demo,
but the demo is what got Apple started on the Lisa, and then the Mac. It
was from the Lisa that Microsoft stole, etc.

> As to whether Xerox could have sued, or should have sued, this is an 
> issue for lawyers. But surely the visit of Apple folks did not mean 
> that Xerox's technology was transferred legally to Apple.

They did try to sue in 1989, but in March 1990, the court dimissed most of
the lawsuit.



--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Carnivore can be used for more than just snooping (was Re: FBI Requests File Removal)

[sunder]

"T. Bankson Roach" wrote:
> 
> Let's think about this for a moment. Assume Carnivore is the deadliest
> threat to American freedom since the Clintons arrived in Washington.
> 
> First, we know about Carnivore, or think we do. 

Indeed.  I'll not get into the moral questions of outing that pair of Feebs,
nor will I get into the implied threats that JY got.  Instead
I'll point something out that I've been thinking that these boxes COULD do:

Beyond the mass scale of sniffage of emails and what not, they could also
be used to INSERT traffic into the networks by forging MAC addresses they
have learned.  This can be used to PLANT evidence, or be used for attacking
enemies.  They can also be used to run denyal of service attacks, or even
sever connections by forging FIN, RST, and other TCP packets.

How's that for extreme censorship?

-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: CDR: Re: Re: cryptome.org?

[sunder]

John Young wrote: 
> 
> We've been trying to get into the site to do just that, but haven't
> been able to. The munged URL is weird. back-to-back URLs,
> but we were told how to set that up as a page which would bring
> up the correct info or direct to it.

Yeah, it only takes on fuckup to mess things up badly. :)  Once you get
slashdotted et al, unless you have the bandwith, your box will got tits
up -- but at least if they had the URL right, all those zillions of hits
would time out, or get the right content.

Meanwhile if the pipes are clogged, yup, you won't be able to change the
404 error message to redirect.. :(


-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: CDR: The carnivore carnivore - open source ISN'T the issue.

[sunder]

Carol Braddock wrote:
> 
> The only way this is even is remotely palateable is open source.
> They aren't gonna do it, for they wanna snoop. There are enough
> ways to snoop as it is.

What is this fetish about open source?  The box is evil, regardless
of how open source it is?  Do you think for one second that opening up
the source code to this thing will do what you think it will?

Do you think you'll get the real sources or just some sanitized version
which after review will never change???

Hello??? There's a clue out there you're not getting: You don't get
access to the carnivore boxes to audit them. The Feebs can install
whatever they want on them whenever they want, regardless of any audits,
previousl reviewed open source or not.

The only reason anyone could possibly want open source is so as to build
their own carnivore.  I'm sorry, I don't buy the analysis part at all.
If all you want to do is analyze it to make sure that your privacy won't
be violated, you're out in the cold.  Regardless of the source code which
you might (aren't anyway) be allowed to see, they can change the filter
rules in a second to violate YOUR personal privacy.

In terms of building your own carnivore, break out OpenBSD and run tcpdump
with the appropriate parameters and send the output to disk. Big whoop.

This of course ISN'T the issue.  The issue is that these boxes should not
exist, and have no purpose.  Again, let me repeat: all crimes the feds
are looking for leave physical evidence.  That means you get a warrant
and search the perp's local hard drive.  As a Feeb, you wouldn't need
this except in the rarest of cases.  Because of carnivores being useful
only in the rarest of cases, it makes no sense to subject a huge amount
of perfectly lawful traffic to the privacy violations it will cause.


And shit, in this I would agree with them: were I building these boxes,
I would never release source code for a simple reason: possible flaws.
Hell, if you could find some nifty packets to throw across the net that
would make it past the routers and switches but were malformed enough 
to cause the carnivore to barf all over itself, you'd win.

There was a similar recent FreeBSD flaw for the older kernels.


-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: CDR: JYA, Cryptome Help Request

[sunder]

John Young wrote:
> 
> Declan's article ran on Friday July 21 day and the hits from it did not
> seem to affect the sites. Saturday, an AP story appeared but it did not
> include links to the site, however, Drudge Report picked up the AP story
> and provided a munged link to jya.com:
> 
>   http://jya.com/crypto.htmhttp://jya.com/crypto.htm

Is the machine a unix machine? if so, just do this:

 grep "http://jya.com/crypto.htmhttp://jya.com/crypto.htm" access_log | wc -l
 
Where access log is the logfile.  This will give you the number of "hits"
on this bad url.

> The error log has jumped from 13MB  to only 15MB since July 21. (By far the
> largest cause of previous errors is the pernicious "favicon.ico.")

That's just Microsoft stupidity.  It looks for a favorite icon to add to the
list of favorites.  For fun, get an pic of Janet Reno, replace the nose with
a penis, and store it as this file. :)
 
> Soon after the Drudge attack began, this entry in the error log started to
> appear and repeated every few minutes, sometimes every minute (entries
> numbered by us for reference):
> 
> (1)  (32)Broken pipe: accept: (client socket)
> 
> This entry had appeared only infrequently previously.

This means a time out between the server and the client - or unlikely,
a Denial of Service.  Usually, it means someone couldn't get the entire
.htm file from you.
 
> Several hours later entry (2) appeared dozens of times at the
> same clock time:
> 
> (2)  [warn] child process 736 still did not exit, sending a SIGTERM
> 
> Followed by several iterations of entry (3) at the same clock time:
> 
> (3)  [error] child process 628 still did not exit, sending a SIGKILL

No clue what this is.  From the looks of it, it's trying to spawn off more
servers, but it can't because the process table may be full.  What happens
when a request comes in, is that the web server "forks" or makes a copy of
itself in memory to handle the request, if it can't build any more of these
it can't handle the requests.  (It doesn't actually duplicate itself per say,
just the stack and variables, etc.)
 
> And then:
> 
> (4)  Site site1 has invalid certificate: 4999 Certificate files do not exist.
> (5)  Site site2 has invalid certificate: 4999 Certificate files do not exist.

Uh, this looks like you were getting SSL requests, but what the fuck?
 
> (6)  [crit] (98)Address already in use: make_sock: could not bind to port 80

Now it looks like someone - either a monitoring script, or a sysadmin tried
to rerun the server after the crash, but since a copy of it - or something
was running off port 80, it couldn't start up.
 
> (7)  [notice] caught SIGTERM, shutting down

This just means someone or something told that process to die. Sig Term means
commit suicide. :)
 
> (8)  Site site1 has invalid certificate: 4999 Certificate files do not exist.
> (9)  Site site2 has invalid certificate: 4999 Certificate files do not exist.

Ditto.
 
> (10) [notice] Apache/1.3.6 (Unix) mod_perl/1.21 mod_ssl/2.2.8 OpenSSL/0.9.2b
>  configured -- resuming normal operations

Ah, ok, so you were running SSL.  BTW: the above is a little bit dated.   Apache
is at least 1.3.12, with 1.4 still being worked on... You'll likely want them
to upgrade.
 
> The pattern of these series of entries continues, with shutdowns and restarts
> repeating since Saturday, July 22.
> 
> During the outage period we have been sent frequent automatic messages like
> the following:
> 
> (11) Over the past fifteen minutes, the CPU has been heavily loaded.
> 
>  This will result in noticible performace loss.  Consider moving some
> of the
>  services to other Cobalt servers, or reduce the complexity of the CGI
>  scripts running on the Cobalt server itself.

I hope you're not using Cobalt Qube servers - I've played with those about two
years ago, and they were insecure as all hell.

Anyhow, this message is simply telling you that the CPU is heavily used.  Likely
whomever configured Apache didn't set (reasonable) limits on the number of children
(max connections) and so when the load too off, the box started thrashing (swapping
ram to disk, with disk being at least 1000 times slower than RAM.)

Bottom line: whomever your sysadmin is didn't tune the box and apache properly,
and is running an old version.
 
>  1 minute load average: 27.79
>  5 minute load average: 68.67
>  15 minute load average:84.27
> 
> (12) Memory on the Cobalt server is heavily used.
>  The Cobalt server needs more memory than it currently has.
> 
>  Consider adding more DRAM to the server.
> 
>  Total memory is:   162376 KB
>  Used memory is:161012 KB
>  Free memory is:1364 KB
>  Percent used is:   99
> 
> (13) Your server (cob487) is not responding on the port (80) we are
> monitoring -
>  please let us know if this is going to be a permanent condition.
> 
>  If you have a support contract with us, and this is within normal
> business
>  hours, feel f

Re: CDR: Re: JYA, Cryptome Help Request

[sunder]

Alan Olsen wrote:
> 
> I am sure you can find a number of willing mirror sites.  (I would also
> suggest publishing signed and/or md5 hashes of the contents, lest there be
> tampering by the Forces of Evil(tm).)

Actually what's needed is some performance tuning.  Login to the box, and
run top when it's not under high load.  Note how much RAM each Apache process
is eating up.  Open a few connections, count again, et. repeat until you see
the OS moving some of the apache's to swap.  Set the MaxClients setting in
httpd.conf to that number minus one or two.

Increase the MaxRequestsPerChild to something like 50 or 100, that way
they'll get reused longer.  Turn the KeepAlive parameter on.

Should JYA be slashdotted/druged/wired/usenetted, etc, the load would
prevent mostly everyone and their mother from seeing the content, however,
it wouldn't cause the server to thrash and ultimately die.  Which means
once the traffic requests slow down, the browsers will be able to get
at the content.

I think what might help JYA is to one more thing:

Rather than setup mirrors everywhere, setup a single private mirror that
feeds a wide bunch of SQUID servers.  If we could get a few willing folks
to run Squids that feed off of this private mirror, the popular files
would be distributed amongst them and the site would stay up.

Further, this wouldn't require JYA to actively push content to more than
one server at a time, so that eases web management up a bit.

He'd also need to setup some sort of round robin DNS, or a CGI script that
randomly munges the urls to point at such squids rather than the main site.

Sort of a poor man's Akamai net. :)

IMHO, I think this is a good solution, and won't require lots of hard drive
space, although personally, I would welcome having live copies of cryptome
on my spindles. :)


-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: CDR: Carnivore diversionary tactics ...

[sunder]

> Ernest Hua wrote:

> 1.  Every time the FBI walks into an ISP with a box
> labelled "CARNIVORE - FBI USE ONLY", no one really
> knows what kind of software is being used.  After
> all, it is suppose to just sniff packets passively.
> No one gets to review each USE of this box.  This
> comes down to the, "You can sue us if you find us
> in violation, but there is a law that says you may
> not know what we are doing ..."  Official Secrets
> Act, take two.


Congratulations: I see you've finally removed your 
head from your ass.  Thank you!

-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: CDR: Re: trial panic?

[sunder]

"James A. Donald" wrote:

> CSS is not to prevent copying.  Anyone can copy the one disk to another disk.
> 
> It is to control access, to prevent small companies and ordinary people
> from making video disks, from making video disk players, and to prevent
> users from being able to edit movies, perhaps by extracting scenes (the
> dirty bits).
> 
> In short, to keep the movies in the hands of the big boys.
> 
> DeCSS was primarily created and used to produce unauthorized DVD players,
> in particular to allow DVD disks to be played on linux computers.  This was
> its original use, and remains its primary use.
> 
> Some of these unauthorized DVD players now do things like lossy
> compression, to allow a DVD movie to fit on a CD, facilitating piracy.

Not that I'm a lawyer or anything, but to my law-unsavvy mind, it would 
seem that the above things would prevent granting the CSS code from
having ANY extra protection from that law since it isn't a mechanism
used to prevent copyright violations.

It's my understanding (and again, from what little knowledge I have 
of these laws, this could be wrong) that defeating a copy protection
mechanism is illegal, but this therefore not being a copy protection
mechanism, cannot be protected by copyright - so DeCSS would/should
IMHO be perfectly legal.

After all, I vaguely recall that Sony was bitch slapped by a judge
who said that copyright isn't a mechanism that can be used to create
monopolies - this was about the Sony Playstation and emulators thereof.

There are also examples of other video games - ROM based ones that
wouldn't play a cartridge unless the begining bytes contained a 
copyright to the name of the maker - (was it NES?) *BUT* that also in
this older case, it was ruled that third parties could make games for
without paying them money.

(Again, all this is off the top of my head, and could be totally wrong.)


So (unless I'm remebering these cases wrong) how come these examples
weren't brought up in court as prior decisions of similar cases?


-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: CDR: source code does nothing for crypto

[sunder]

Anonymous wrote:
> 
> Now that the PGP key management "bug" is public, I'd like to comment
> on some source code issues and follies.
> 
> The source for versions in question (starting from 5.*) has been available
> for more than two years.
> 
> While many crypto experts intensely bullshit about the importance
> of the source code to counter "security through obscurity", it appears
> than none really looked at the sources closely.

A-Yup.  But those who hid, overlooked it.

One thing that I have found weird about PGP 6.x is that it insists on
installing itself as both a network driver and as one of those windows
cute toys that lives in the system tray.

The big problem with this is that I store my ring on an encrypted disk
which isn't mounted when NT starts up anyway, so it fails to start up.
I suppose if I wanted to bother, I could buy a Windblows compiler and
"fix" this.

While the VPN functionality of PGPNet might be useful, I find it a bit
cumbersome.  This might be why it was thrown in.  Perhaps so as to 
force you to install it on a normal drive, so your keyring might be
accessible.  So for me, the net result is that I don't use the VPN
features.

The usual warnings about trusiting binaries apply of course.  How does
anyone know that the binary called PGP 6.5 Freeware or 6.5i doesn't
contain backdoors or key generation flaws?  But we've discussed that
to death already.

-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: Robert Cailliau - let the fucking commence!

[sunder]

http://consult.cern.ch/xwho/people/603

ccid: 603 
Tel:75005 72406 (from outside: +41 22 76 75005 ) 
Office: 50 1-016 Mailbox: J00900 

E-mail: [EMAIL PROTECTED] (more info about valid mail addresses) 

Send him a piece of your mind!



-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: CDR: USA.net proxy: *** NOT! ****

[sunder]

[EMAIL PROTECTED] wrote:
> 
> Previously I whined that USA.net was changing the URLs
> in received email to proxy through their server, meaning
> they had logs of all URLs you visited when clicking on
> hyperlinks while reading your personal email.


 
> Here is the resulting URL in the new window USA.net opens
> when you click on an URL in your email:
> 
> http://www.netaddress.com/tpl/Info/Popup?hidden___url=http%3A%2F%2Fwww.amazon.com%2F
> 



> Continue clicking, and it's still via USA.net.

It's *NOT* anonymizing anything. DO NOT USE THIS IN PLACE OF AN ANONIMIZER!!!
All it does is log where you're going.  It doesn't actually proxy anything. It simply 
opens up two frames, one that says "You are
visiting a site outside of Net@ddress. Please close this browser to return to 
Net@ddress." and instructs your browser to go to
whatever embedded url you have. In this case Amazon.com.

Should you hover your mouse over the links in Amazon you won't see the netaddress.com 
url pop up. You'll see Amazon urls.

So while, yes, it does spy on what urls you visit, it does *NOT* proxy them, so it 
offers no protection!!!


-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: CDR: Re: -C-P- Re: would it be so much to ask..

[sunder]

Tim May wrote:
> 
> Nitwit, this idea has been proposed many times. Choate even does
> this, unfortunately, to all traffic flowing through his node.
> 
> I used to think that nitwits were their own punishment. I now have
> come to the conclusion that it's long past due that we stoke the
> furnaces

And this is why socialism in any form is a bad idea.  It prevents
evolution in action from culling the morons.  In the olden days these
guys would have been sabertoothed tiger fodder.

Let's face it, shit like hotmail, AOL, MSN, and their cousins are really
socialism in disguise.  They allow the morons access to what they 
shouldn't have.  They don't need to be on the net, they should be 
watching TV getting brainwashed while they enjoy their favorite pisswater
beer.

-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

IR "TEMPESTING" (was Re: police IR searches to Supremes)

[sunder]

Richard Fiero wrote:
> 
> One could argue that all electromagnetic radiation is in the public
> domain and receivable. However it is illegal to have equipment capable
> of receiving cell phone conversations because the rights of the
> telephone company and the rights of the conversants could be violated.
> IR equipment is capable of seeing far more from outside a house than
> just the wall temperature. This kind of surveillance is clearly
> invasive, in my opinion.

Certainly gives a new twist to TEMPEST. I suppose now if you wanted to
tempest your home, you'd additionally have to install randomly "blinking"
heat generators.

Hmmm, something like a big grid of resistors where they get turned on and
off at random.

You might want the resistors to spell out "Mind your own business, pigs!"
when viewed with a thermal device, but of course this kind of thing will 
only attract their attention.

You could also use peltier coolers, but they generate heat on the other 
side.

Another option would be to get big huge water circulators and call it
art - there are a few restaurants here in NYC where they have water 
running over glass panes.  It's a nice calming waterfall effect. :)

-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Sony loses anti-reverse engineering suit against Connectix!!!

[sunder]

http://news.cnet.com/news/0-1006-200-2915049.html?tag=st.ne.1002.thed.ni


Sony loses appeal in PlayStation copyright fight 
By Bloomberg News October 2, 2000, 9:15 a.m. PT 

WASHINGTON--Sony today lost a U.S. Supreme Court bid to limit rivals from using 
reverse engineering to create competing products. 

The justices, without comment, refused to consider Sony's appeal of a decision 
rejecting its copyright claims against Connectix,
whose Virtual Game Station competes with Sony's top-selling PlayStation game console. 



Heh - apparently the judge decided that it's okay to allow reverse 
engineering in this case.  Wonder how this will affect DeCSS...

-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: CDR: About Gilmore's letter on IBM&Intel push copyprotection into ordinary disk drives

[sunder]

Peter Wayner wrote:
 
> But I was quite worried until I began to see the dangers for IBM and
> Intel in the scheme. This is not an easy play for them because it
> threatens much of the entire industry in these ways:

You've answered it yourself in the last two paragraphs.  Screw IBM, 
screw Intel.  In order for this nonsense to work, the operating system 
has to support it.  You can bet Linux, and *BSD won't support it, or if 
they do, they'll provide the  "extra" access needed.

More and more I find, I need less Microsoft software*.  Even at work where
it's a mostly Microsoft shop and the standard desktop is W2K.

GUID's, CPU Serial numbers, and now hard drives.  That's ok, this will
wind up killing Intel, and hard drive manufacturers that insist on this.
Many like us, won't buy the shit.  We'll buy hardware without serial
numbers, or at least those whose serial numbers can be overwritten.

i.e. SPARC's, Mac's, etc. and we'll be running *BSD/Linux.


* Anecdotal: I've recently purchased a home entertainment
PC as a replacement for my DVD player and CD changers, etc from 
qbex.com.  It's basically a small PC in a very small form factor.

If I ever get my hands on a good Linux based DVD player, I'll use
that.  (I guess I haven't yet been trolling the DivX stuff as I've
had no need for it yet.)

It pisses me off that the DVD player tells me that after five more
plays, it will lock itself to "Region 1" and that while I have both
VGA and RCA+SVIDEO out, that it would refuse to play on any RCA/SVIDEO
hardware that doesn't have Macrovision.   This is insane.

Anyone can build such a Home Entertainment PC as the QBEX simply by
purchasing an infrared keyboard+mouse and a VGA to RCA scan converter
and likely get much better output...  I bought this piece of shit
simply because it already had all the drivers and pieces in one box.

All I have to say is this: you bastards!  

Copyright protection is getting out of hand when it gets in my way.  
I've paid for the DVD's.  
I've paid for the player software.  
I've paid for the hardware.  
How dare they tell me how I may use it so long as I don't make copies other than 
backups?
So what if I buy a perfectly legitimate DVD from a different country?  I should be 
able to watch it without going through acrobatics!  
So what if I back up my legally purchased DVD's to VHS tape so I can watch it 
where I don't have a DVD player, or on my camcorder?  
So what if I can copy the raw bits off the DVD platter for backup incase I scratch
it?  When was the last time you saw a movie house offer to replace
damaged media for nominal cost?  (i.e. you've damaged accidentally, 
or your kid decided to use as a frisbie, or your dog as a chew toy?)
So what if I hook up the VIDEO out signal of the DVD player or PC to a 2GHz
transmitter so I can watch it in my bedroom instead of my living room?
So what if I can have ten friends come over with beer and popcorn to watch
a movie I purchased?
So what if I chose to let a friend borrow my DVD's or if I borrow theirs?


> This is another opportunity for Red Hat or some other Linux box
> company to walk into companies and say, "Use Red Hat, Mozilla, and
> Star Office and you'll never have license problems again. The
> hardware guys claim that they can take care of rights management
> issues for you. So can we and we cost alot less."
> 
> I think this may be the greatest thing that's come along for open
> source OSs yet. As Princess Leia said in the Hollywood content "Star
> Wars", "The harder you squeeze your fingers Vader, the more planets
> slip through the fingers." Do those content wrangling lawyers down
> there ever look at the content they protect?


-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: Micropayments: Effective Replacement For Ads?

[Sunder]

"James A. Donald" wrote:
> 
>  --
> At 02:57 PM 2/26/2001 -0800, Ray Dillinger wrote:
>  > Finally, sites supported by micropayments are going to have to
>  > figure out something about web spiders.  If "scooter" can't spend
>  > several million dollars a month on these places, they're not going
>  > to get into the altavista database, for example.  So if you want the
>  > site to be in a search engine at all, you're going to have to let
>  > the search engine's robot cruise the site for free.  Wanna bet it
>  > would be about twenty seconds before somebody released a "Pretend to
>  > be a web spider and browse pay sites for FREE!" utility?
> 
>   Not a problem.  Typically a micropayment site will have index and summary
> pages that are free, and these free pages will contain lots of pay
> links.  You will not want the spider to traverse the pay links.

Or you make the pay for pages be error pages in the body with keywords
of the contents.  That way, say your bot hits an article about squirrel
mating habbits, in the body, you hide the keywords of that article (in
comments, or in a 0 point font, or in black on black text, or in the
header, etc.), so that bot can add them to it's corpus and get you the
results on a search, but the HTML displays a sign up page.

It won't get you results on specific phrases, but the keywords will
get you the results you need.

Pretty easy to do with CGI's.  So when someone goes to google.com and gets
results on that pay-for-access page, even if they hit the "cached page"
page, they'll see the pay-for-access to this article, if they want to get
it, they pay their $0.005 or whatever micropayment, and it's done.

This assumes that the micropayment per content view model will work.
Having worked at a big 800lbs gorrilla pay-for web site in the past, I
can tell you it's not likely to work.  99% of the audience will not pay
for the article - they'll just go elsewhere for similar info.  That 1%
that is conducting commercial research will pay even as much as $500 per
page if the data is complete.

As an example, once a year, the said co put out a list of info about
other companies.  The same list was published on paper for under $5
about a month later.  We had quite a few purchases for this list, some
were two people from the same company purchasing the list.

Of course anyone with a scanner and good OCR software would have it for
$5, but it goes to show you micropayments aren't the way to go.  Macro
payments are.


-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: Gestapo harasses John Young, appeals to patriotism, told to fuck off

[Sunder]

Not scared, hungry.  They're looking for more "collars" they can throw in
jail so they meet their quotas.

--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Sat, 8 Nov 2003, Anonymous wrote:

> >Cryptome received a visit today from FBI Special Agents Todd Renner and Christopher
> >Kelly from the FBI Counterterrorism Office in New York, 26 Federal Plaza, telephone
> >212) 384-1000. Both agents presented official ID and business cards.
> 
> Good stuff. Pigs getting concerned about cryptome means they are scared.
> 

Re: Partition Encryptor

[Sunder]

Which only works on win9x, and no freeware updates exist for Win2k/XP/NT.
i.e. worthless...

There is this, but it too isn't free: http://www.pcdynamics.com/SafeHouse/


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Sun, 16 Nov 2003, Major Variola (ret) wrote:

> At 11:45 AM 11/16/03 -0500, Stirling Westrup wrote:
> >Does anyone know of a good partition encryptor for Windows? I know of
> an
> >accountant who would like to encrypt her client's financial data. She's
> stuck
> >with Windows until such time as a major company starts shipping yearly
> tax
> >software for linux.
> 
> Look into Scramdisk.  It works fine.  Free, open source AFAIK.
> You can store & run your tools (eg email client) from the
> encrypted virtual partition easily, as well as store data.
> 

Re: U.S. in violation of Geneva convention?

[Sunder]

That all depends on your definition of sovereign.  After all, "we" put, or
at least helped, that monster into power.  No different an action than we
the many times before putting tyrants into control of small, but important
nations under the guise of "protecting democracy."  

So, while he was our puppet, he was the good guy, and no matter how many
he murdered, he was a benevolent leader.

Once he turned on our interests, he was no longer useful and had to be
removed.  It just took Jr. to do it.

Now, we'll put a different "democratic" government in place.  Of course,
it won't be as free as the USA, nor have the same kind of constitution -
that would be a problem since we couldn't control it's oil.

Nothing new, nothing to be surprised about.  We couldn't give a fuck
less if Sadam was given an anal probe on TV, or if he was put in the
colliseum for donkeys to use as a sex toy, as in Roman times.  As
entertaining as it would be for some, it's utterly unimportant.

Pax Americana will march on.  We have their oil - we can throw some crumbs
to some other "friendly" countries of the COW, and lesser crumbs to those
who complained, but the rest is just meaningless green colored icing on
the cake.

The war on terror itself will go on for as long as the voters will
tolerate it, or until it's true goals succeede and it becomes impossible
for the voters to do anything but accept it - or be disappeared in the
middle of the night...  Not much different than in Stalin or Hitler's
days.

Perhaps a democrat will make it back in power again, but that too is
meaningless, as the infrastructure for the super surveillance, terror
police state is already in place and won't likely go away.  It no longer
makes a difference, even if a few of the teeth of the DHS are
removed... people will still be disappeared in the middle of the night,
warantless searches, secret shadow trails, et al.


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Thu, 18 Dec 2003, J.A. Terranson wrote:

> On Thu, 18 Dec 2003, Jim Dixon wrote:
> 
> 
> 
> > The evidence points to deep ties between Russia, France, and Iraq that
> > goes back decades, plus somewhat weaker ties to China and Germany.
> > Relations between the US and Baath-controlled Iraq were bad from the
> > beginning; American bodies dangling from ropes in Baghdad were not
> > the beginning of a great romance.
> 
> And all of this is meaningless: we simply had no right to invade a foreign,
> *sovereign* nation.

Re: Sunny Guantanamo (Re: Speaking of the Geneva convention)

[Sunder]

Right, the Declaration of Independance starts off with "We hold these
truths to be self evident..." and lists that some rights are inalienable,
and granted to us just because we are human, so therefore they apply to
all humans everywhere...

Well, in practice between what was done to Native Americans, and African
Americans didn't exactly reflect that... but they got away with it by
changing the definition of what's a human being...

Just like now they're getting away with removing all of one's rights by
defining them as a "terrorist" or "illegal combattant" instead of as a
human being, etc.

--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Thu, 18 Dec 2003, J.A. Terranson wrote:

> On Wed, 17 Dec 2003, Jim Dixon wrote:
> 
> 
> > Why does the US military have
> > to treat them as though they had US constitutional rights?  They are not
> > citizens or physically present in the United States.
> 
> In a nutshell, our Constitution *recognizes* universal human rights.  It does
> not *establish* these rights.  If we are going to be faithful to this
> premise, physical location is a non-sequitor. 

Re: Software protection scheme may boost new game sales (fwd)

[Sunder]

Yawn...  This is no different than any of the copy protection schemes
employed in the 1980's on then popular home computers such as the
commodore 64.  

Hindsight is 20/20 and recalls, all of these were broken within weeks if
not months.  "Nibbler" copiers and other programs were quickly built that
allowed the breaking of all of these systems.  All sorts of "error"
sectors, duplicate tracks, half tracks, extra tracks, extra sectors,
non-standard sized sectors, tracks written at different speeds, erroneous
checksums, hidden data, and other sorts of weird bits were employed.  All
were broken.  None survived the ages.

In the end, the companies that employed copy protection only managed to
piss off customers who lost their only copy of the software, and created a
market for the copiers and crackers.  The crackers won, the software
companies lost.  

Few of the companies of that era are still in business today.  CEO's,
Vulture Capitalists, and others who have an interest in such schemes would
do well to invest some time in learning about that time, and the results,
for their investments, and dollars will go the same way... the way of the
brontosaurus, the trilobite, and the dodo.

Let them try, if they wish to burn their money.  As far as I'm concerned,
I'll vote with my wallet as usual and only run open source, free software.  
If the moronic kids at whom these titles are aimed have the $50-$70 per
title to waste on self destructing, flavor of the month games, they are
certainly free to spend that money to their heart's desire.


Not a dime from my wallet will wind up in their pockets - except perhaps
indirectly:  the next time I buy my next burger, "no, I don't want fries
with that, no, I don't want to supersize it," my $5 eventually makes a
small contribution to the salary of the burger flipper, which in turn is
applied to the purchase of said game.  :)



I've not read the said article just yet, but from that direct quote "as
the copy degrades..." I can already see the trouble with this scheme:
their copy protection already fails them.  They allow copies to be made
and rely on the fact that the CDR or whatever media, will eventually
degrade, because their "code looks like scratches..."  Rggghtt.

If you can make one copy, you can make many, and you can certainly store
the ISO in compressed form on a normal CD to make more copies
later.   CDR's are what? $0.20@ these days?

Hell, you can even get one of those virtual CDROM programs to mount the
CD's as if they were CD's, and store the ISO on a hard drive, or DVD-R
instead. Hard drives are already in the 250-500GB range these days.  So
their scheme is already flawed and doomed from the start.

It seems to me that people that engage in treating their customers like
theives to begin with lack a vital ingredient for making money: common
sense.


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Sat, 11 Oct 2003, Steve Schear wrote:

> Companies are using a new software protection system, called Fade, to
> protect their intellectual property from software thieves. Fade is being
> introduced by Macrovision, which specializes in digital rights management,
> and the British games developer Codemasters. What the program does is make
> unauthorized copies of games slowly degrade, by exploiting the systems for
> error correction that computers use to cope with CD-ROMs or DVDs that have
> become scratched. Software protected by Fade contains fragments of
> "subversive" code designed to seem like scratches, which are then arranged
> on the disc in a pattern that will be used to prevent copying. Bruce
> Everiss of Codemasters says, "The beauty of this is that the degrading copy
> becomes a sales promotion tool. People go out and buy an original version."
> (New Scientist 10 Oct 2003)
> 
> 

Support the Bush-Orwell '04 campaign!

[Sunder]

http://www.cafeshops.com/grandoldparty/76732


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

Re: "If you didn't pay for it, you've stolen it!"

[Sunder]

To add to this:

There is no law stating that I cannot take my books and read them
backwards, skip every other word, read the odd chapters in reverse and the
even chapters forward, or try to "decode" the book by translating it to
another language, ask someone with better eyes than mine to read it to me,
or chose to wear green tinted lenses while reading it, read it to kids or
the elderly, lend it - or rent it to friends, use it as a paperweight,
drop it on the floor, et cetera.  I can take it with me to other countries
and read it there, as well etc.  Once I bought it, it's mine.


DVD's "protected" by CSS on the other hand cannot be read except by
approved DVD players, and you can't (legally) "read them with another pair
of eyes" by playing them with a DVD player that doesn't have the right
key.

You're also not allowed - by policy - to fastforward past the annoying FBI
warning, or in some cases the evil commercials.  If you drop it on the
floor and scratch it, you're out $20 or whatever you paid for it.  You're
not allowed to use it in countries with regions different than what the
publisher approves, you're not allowed to decypher the contents of the DVD
by using DeCSS, you're not allowed to rent it to others, or charge
admission to others to see it.


If you bought an audio DVD and your car doesn't have a DVD player, or your
only portable stereo system can only play tapes, you're not allowed to
legally copy the music off the DVD onto other media to play in other
devices.

If you bought a copy protected audio CD, and you bypass it's protection
and somehow copy it to tape, so you can play it in your car, or to another
CD, so you have a backup incase it gets damaged in your car from extreme
temperatures, or gets scratched, or your car gets broken into or stolen,
you're now a criminal deserving the same kinds of jail times and fines as
would the theif who stole your car - if not more.


Some media are more equal than others.  This should not be the case - and
shouldn't even be possible -- except in a society where the media whores
and monguls are able to bribe those who are corrupt and write laws at the
same time.

--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Sat, 25 Oct 2003, Major Variola (ret) wrote:

> If you want to publish a book on paper that
> prevents its xeroxing, that's fine.  Might be annoying, but its
> within your rights.  But when the State says that say
> scanners or image processing or figuring out how the book
> is bound is illegal (DMCA), well...



> Its looking particularly grim because the Congressvermin are 0wn3d.
> That doesn't change the principles.  Just makes us yearn for regime
> change.
> 
> 
> We are all  reporters, we are all book sellers. We are all first class
> objects.
> --Tim May
> 

Re: "If you DON'T use encryption, you help the terrorists win"

[Sunder]

The push to do that should be aimed at the MTA authors and package
organizers.  If you can get it turned on by default, you're half way
there.  Last time I tried to fuck with this on qmail, I had to patch qmail
to support it.  Not something I'd like to do again - hopefully it's
changed a bit.  

>From 1st hand experience - it is indeed a pain in the ass.

But if you can get the big projects to turn it on by default for all/most
of the MTA's, then you can push the bigger fish to do so as well.  I'd
start with OpenBSD - they're likely to be friendlier to the idea.  Then
you can push FreeBSD, NetBSD, RedHat Linux, Mandrake, and so on...  Then
the MTA authors, then Solaris (which seems to be bent on copying whatever
Linux does) and so on

Strangely enough, I recall that of all the entitites, out there MSFT had
implemented some sort of secure SMTP in somne version of IIS.. like
4.0...  Not sure about Exchange and its ilk...


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Wed, 29 Oct 2003, Eugen Leitl wrote:

> On Wed, Oct 29, 2003 at 11:28:08AM -0500, Sunder wrote:
> > The biggest hurdle and the thing that will have the most effect is to have
> > every MTA out there turn on Start TLS.  It won't provide a big enhancement
> 
> For the record: it's unreasonably difficult (for a pedestrian
> sysadmin such as me) to set up StartTLS. Debian unstable ships
> with postfix-tls (albeit not installed as default), but apt-get install
> postfix-tls
> doesn't take care of the self-signed cert generation, and setting up
> /etc/postfix/main.cf for StartTLS support.
> 
> It would be a most cypherpunkly undertaking to get that package to do that.
> (I have no idea how Debian packages work, unfortunately).

Re: BBC on all-electronic Indian elections

[sunder]

Jack Lloyd wrote:
Still, I liked this quote: '"I came to vote because wasting one's ballot in a
democracy is a sin," he told the BBC.' Not too common a view in the US these
days, it seems like.
What do you expect when the previous choice we've had was between Al "I 
Invented the Innnernet" Gore, and George "Nucular" Dubbya?

Re: BBC on all-electronic Indian elections

[sunder]

Damian Gerow wrote:
Actually, Mr. Gore didn't once claim to invent the Internet.  Through
various mis-wordings and lax fact-checkings, the Mass Media came to
represent what he said through that phrase.
What he /actually/ claimed (and what he /actually/ did) was recognize its
importance, and then push for funding, in the 1980's.  So he didn't 'invent'
the Internet, he helped provide the funding for its inventors.
Yeah so what? I still wouldn't want to vote for him (except as a vote 
against Shrubbya)  Al's prise pig of a wife, Tipper, helped found the PMRC 
against lyrics in songs.  See Megadeth's Hook in Mouth for details on this 
censorious organization: 
http://www.songlyrics4u.com/megadeth/hook-in-mouth.html
and http://www.geocities.com/fireace_00/pmrc.html for details about the PMRC.

Re: Fact checking

[sunder]

Damian Gerow wrote:
Hey, I'm no fan of Tipper either.  And I'm not saying that Al Gore was a
/good/ choice.  But in retrospect, he probably would have been a lesser evil
than the current president.
THAT, ultimately is the meta-point.  You shouldn't have to vote for the 
lesser evil, but when your choice is so vastly limited, why even bother voting?

After the events involving Vince Foster, Lon "It was self defense, she 
threatened me with her baby" Hioruchi(sp?), Janet Reno, and Monicagate, 
Dubbya Jr. seemed the lesser of two evils.  Until 9.11.2001.  At that 
point, Gore clearly became the lesser of two evils, but by that time, it 
was far too late to see it.

How much of the public knew about the connections to Haliburton before 
election day?  How much of the public knew about the Project for a New 
American Century?  How much of the public knew about USA PATRIOT ACT and 
it's sequel?

What's missing is some sort of vote out of office mechanism, a big great 
"Undo" vote as it were.  There are no guarantees that if you vote for 
Scumbag #1 that s/he'll be less of a scumbag that Scumbag #2.

When more than half the country doesn't want to do something, it shouldn't 
be done just because congress and POTUS decides it's in their pocketbook's 
interest, but where's the mechanism to stop it?

Where's the recall vote?  Where's the oversight committee that says "When 
you ran for office you promised X,Y,Z and you're half in your term and 
haven't delivered."

Where's the "I want X% of my dollars to go to this issue, and 0% to go to 
that one" option?

Elections where you only chose between evil #1 and evil #2, are an ironic 
joke, and the ones laughing their way to the bank aren't those with your 
interests in mind.

Re: What Should Freedom Lovers Do?

[sunder]

An Metet wrote:
In my devotion to freedom, I apparently go beyond the point where most
cypherpunks are comfortable, in that I support private initiatives and
technologies of all sorts and oppose government regulation of them.
I am a supporter and admirer of Microsoft, which has achieved tremendous
market success without relying on government support, indeed in the
face of steadfast government opposition.  I oppose government antitrust
efforts in general, and specifically those directed against Microsoft.
I agree with everything you've said in your post, including >PRIVATE< DRM 
measures, but, I disagree that Microsoft should be admired.

I've seen far too much evil emminated from Redmond:
* from outright theft of smaller companies' IP (i.e. Stacker),
* dumping ("We'll help you migrate from Netware to NT 3.51 for free"),
* FUD (GNU is communism and Anti-American),
* evil contracts (if you sell blank machines without Windows, you have to 
pay $X more for our software)
* stealth funding of SCO's lawsuit against IBM and linux end users,
* to lots of needless security holes - some even by design, (i.e. security 
is a checkbox as a marketing feature, or an afterthought: i.e. this chant: 
"Active X! Active X! Format Hard drive? Just say 'YES!'")

For the final one, I used to work at Earthweb, which ran Gamelan 
(pronounced gah-meh-lohn, not game LAN), a Java repository.  At one point, 
EW decided to start an Active X repository.  Some guy wrote an Active X 
browser component that shut off your machine if you clicked yes.  The 
component did exactly what it said it did, but it was a good example that 
it could have done something else.  Hence the "Active X! Active X! Format 
Hard Drive? Just say YES!" chant.

Let me tell you, Microsoft tried very, very hard to get us to remove that 
bit of code from the repository.  We didn't, because it did exactly what it 
claimed to do.

More financial damage has been done to the planet by Microsoft than good. 
Far too many sysadmin/developer hours were lost because of Microsoft.  You 
can certainly count the hours in lost human lives...  Hell, just add up the 
cost of each virus/trojan/worm outbreak which targets Outlook, Office, and 
Internet Exploiter.

Now don't get me wrong.  I'm not some knee-jerk Linux Good, Windows bad 
clueless geek wannabee.  I started out as a Novell Netware sysadmin. 
(Well, I started out as a coder, but fell into sysadming over time.)

When NT starting taking over, I picked it up and thought it was cool.  It's 
design was certainly revolutionary, and the NTFS was one of the best 
designed file systems I've seen, even to this day.  NT's borrow a driver 
from the server printing was beautiful.  User management via domains? 
Sweet!  Ok, not too much better than NIS, but hey, very nice. Active 
Directory?  Much, much mo'e better.  DHCP?  Great wonderful idea.  Gateway 
for Netware Services and Migration from Netware?  A bit scummy, but hey 
it's free with the server, might as well use it*.  File and Printer sharing 
for Macintosh?  Cool! - well, except for that one bug with the dancing 
icons back a few years ago...

(* Gateway Service for Netware allowed a scummy sysadmin to bypass the 
license limitation of Netware servers.  A single "user" from the NT server 
would login to the Netware server and proxy hundreds if not thousands of 
user requests.  You suffered in performance, but one of it's uses was to 
bypass licensing.  If you read NT's license it says something along the 
lines that you can't use another proxy this way against an NT server.)

Registry?  Hey, wonderful idea.  No, really.  Storing all your machine's 
settings in a single place and having a single editor (ok two of them) to 
control them was beautiful.  Just make sure you (can and do) back it up.

No, I'm not being sarcastic, if you know how the registry works, how to 
back it up, how to restore it, and how to repair it, it's a great thing - 
much better than lots of .ini, .rc or .conf files 
everyfuckingwherethankyouverymuch.  Ok, in unixen everything lives in /etc. 
 But which /etc?  /etc? /usr/local/etc? /usr/local/samba/etc? and the dot 
files in home directories?  ouch!  (A regular thing that I do is to backup 
all of /etc /usr/local/etc just to make sure I can restore them.  With 
Windows, you just run rdisk /s- and copy %SYSTEMROOT%\system32\repair.)

At the last job, we had a dead Exchange 5.5 on NT 4.0 server.  Its hardware 
died.  I worked for a shitty little dot com.  The guy admining it couldn't 
restore it.  We didn't have another motherboard that mached the drivers on 
that box, so we couldn't just move the hard drive over.  Know what I did? 
I merged the hardware related registry files from the sacrificial machine 
on the OS of the dead one to get it to boot, then hand reinstalled the 
network driver and a few other minor things like the video driver.  It's 
not so hard if you know what you're doing, and a registry isn't a bad thing.

All of the above features more o

Re: Fact checking

[sunder]

Damian Gerow wrote:
I don't give a flying fuck who you vote for, who the options are, what you
think of them, or even if they're convicted drunk drivers hell-bent on
converting the world to their belief system (...).

You, sir, are in great need of an enema.
*PLONK*

Re: Id Cards 'Will Protect Youngsters from Paedophiles'

[sunder]

Rgggh!  And posting your full name, address, phone number, date of 
birth, social security number, the account and expiration dates of all your 
credit cards + the 3 digit extra code on their backs, ATM card account # 
and the PIN, plus, several samples of your signature (optional) in JPEG 
format, and the code to your alarm system on your web page will prevent 
identity theft.

So, whaddayasay?  It's a fine bridge, lightly used, as you can see, it's 
got a lotta traffic between Manhattan and Brooklyn, I could sell it to you 
real cheap, 'cause you look like a nice guy and all, you know, you could 
make a fortune, setup a toll booth and all that.

R. A. Hettinga wrote:
Horseman #1, Terrorists: Check.
Horseman #2, Pedophiles: Check.
Next?
Cheers,
RAH
-

print  
close
Tue 27 Apr 2004

2:47am (UK)
Id Cards 'Will Protect Youngsters from Paedophiles'
By James Lyons, Political Correspondent, PA News
 Identity cards will help keep youngsters safe from perverts, Education
Secretary Charles Clarke claimed today.

Re: Airport security failures justify CAPPS-II snoop system

[sunder]

Meh, same old song:
NSA/CIA/FBI failed to prevent the WTC missile attacks, despite the billions 
of dollars they receive per annum, so guess what, they get rewarded with 
guess what kiddies, even more tax payer dollars!

Condoleeza Rice lies about a specific PDB, calling it "historical" and 
doesn't charged with perjury after said PDB is declassified.

Sibel Edmonds, a Turkish American with top security clearance, who worked 
as a translator at FBI HQ says that she saw information that proved top US 
officials knew months before 9.11.2001 that Al Qaeda planned to use 
airplanes as missiles, but isn't allowed to testify on grounds that "it 
would compromise national security."  Damn right it would -  there should 
be riots in the streets over this, and those "top US officials" should be 
jailed for gross negligence causing the loss of 3000 lives.

NSA, CIA, FBI weren't allowed to share databases because of wisely thought 
out checks and balances to prevent privacy and other types of abuses, so 
they were thrown out, not that they really existed in the first place. 
(i.e. NSA isn't allowed to spy on US citizens, so it uses one of it's 
buddies, perhaps UK, or Australia to do the dirty work.)

Airport security fails, so Uncle Sam gets to spend even more tax payer 
dollars on TSA.  TSA fails, and instead of it being punished, its 
ineptitude gets rewarded by getting justification for more draconian laws, 
and even more tax payer cash... woo hoo!

R. A. Hettinga wrote:

Airport security failures justify CAPPS-II snoop system
By Thomas C Greene ([EMAIL PROTECTED])
Published Monday 26th April 2004 20:21 GMT
Recent government reports on the failure of American airport screeners to
detect threat objects at security checkpoints may provide ammunition for
proponents of the controversial Computer Assisted Passenger Prescreening
System (CAPPS II) database solution, which is currently stalled by myriad
snafus too numerous to mention.

Re: [osint] Assassination Plans Found On Internet

[Sunder]

Or it could just be agitprop meant to raise the theat level back up a 
notch, or provide more funding to the surveillance kitty.

On Mon, 14 Jun 2004, R. A. Hettinga wrote:

> At 10:45 PM +0200 6/14/04, Thomas Shaddack wrote:
> >It may be also a very cheap method of "attack".
> 
> True enough.

Re: Antipiracy bill targets technology

[Sunder]

On Fri, 18 Jun 2004, R. A. Hettinga wrote:

> 
> 
> CNET News
> 
>  Antipiracy bill targets technology

> A forthcoming bill in the U.S. Senate would, if passed, dramatically
> reshape copyright law by prohibiting file-trading networks and some
> consumer electronics devices on the grounds that they could be used for
> unlawful purposes.

What was that old saw that went "Well, you're equipped to be a whore, but
you're not?" again?  how about banning chainsaws, they can kill or main
people too and yes, cars, and trains, and airplanes, plastic shopping bags
without holes, belts, rope, wire, electricity, etc. they can all be used
to kill.  all of which is unlawful.
 
>  The Induce Act stands for "Inducement Devolves into Unlawful Child
> Exploitation Act," a reference to Capitol Hill's frequently stated concern

Um, remind me again, when exactly is it lawful to exploit children?  Oh, 
wait, that's right!  When they're in other countries, then, you can make 
them work in sweatshops producing Nike's, Levi's, GAP, etc. products... 
oh, sorry, I forgot.

>  Foes of the Induce Act said that it would effectively overturn the Supreme
> Court's 1984 decision in the Sony Corp. v. Universal City Studios case,
> often referred to as the "Betamax" lawsuit. In that 5-4 opinion, the
> majority said VCRs were legal to sell because they were "capable of
> substantial noninfringing uses." But the majority stressed that Congress
> had the power to enact a law that would lead to a different outcome.

so how soon before we ban paper and pencil? or keyboards, hands - 
because they can hold pencils or type, and eyeballs and ears, because they 
can see video and hear music?

Re: [IP] more on more on E-mail intercept ruling - good grief!! (fwd from dave@farber.net)

[Sunder]

On Fri, 2 Jul 2004, Roy M. Silvernail wrote:

> Call me cynical (no... go ahead), but if VOIP is found to have no 4th 
> Amendment protection, Congress would first have to agree that this *is* 
> a problem before thay could "fix" it.  Given the recent track record of 
> legislators vs. privacy, I'm not at all confident Congress would 
> recognize the flaw, much less legislate to extend 4th Amendment 
> protection.  After all, arent more and more POTS long-distance calls 
> being routed over IP?  The only difference, really, is the point at 
> which audio is fed to the codec.  If the codec is in the central office, 
> it's a "voice" call.  If it's in the handset or local computer, it's 
> VOIP.  I think we can count on the Ashcroftians to eventually notice 
> this and pounce upon the opportunity.  And as for the SCOTUS, all they 
> have to do is sit back on a strict interpretation and such intercepts 
> aren't "wiretaps" at all.

If VOIP gets no protection, then you'll see a lot of "digital" bugs in
various spy shops again - and they'll all of a sudden be legal.  I thought
the Feds busted lots of people for selling bugging equipment, etc. because
they're an invasion of privacy, etc.

Ditto for devices that intercept digital cellular phone conversations, 
spyware software that turns on the microphone in your computer and sends 
the bits out over the internet, ditto for tempest'ing equipment ("But 
your honor, it's stored for 1/60th of a second in the phosphor! It's a 
storage medium!"), etc.


Hey, they can't have their cake and eat it too.  It's either protected or
it isn't.

Re: [IP] more on more on E-mail intercept ruling - good grief!! (fwd from dave@farber.net)

[Sunder]

> The Tempest argument is a stretch, only because you're not actually 
> recovering the information from the phosphor itself.  But the Pandora 
> argument is well taken.

Actually there is optical tempest now that works by watching the flicker 
of a CRT.  Point is actually even more moot since most monitors are now 
LCD based, etc. so there's no raster line scanning the display, etc...

Re: Privacy laws and social engineering

[Sunder]

On Wed, 7 Jul 2004, Thomas Shaddack wrote:

> Sometimes you get access by telnet. Sometimes by a voice call. Hack the 
> mainframe. Hack the secretary. What's better? (Okay, I agree, you can't 
> sleep with the mainframe.)

> I feel zen today.

Me too:

http://www.openbsd.org/lyrics.html#31
ftp://ftp.openbsd.org/pub/OpenBSD/songs/song31.ogg
ftp://ftp.openbsd.org/pub/OpenBSD/songs/song31.mp3


BSD fight buffer reign
Flowing blood in circuit vein
Quagmire, Hellfire, RAMhead Count
Puffy rip attacker out

Crackin' ze bathroom, Crackin' ze vault
Tale of the script, HEY! Secure by default

Can't fight the Systemagic
Uber tragic
Can't fight the Systemagic

Sexty second, black cat struck
Breeding worm of crypto-suck
Hot rod box unt hunting wake
Vampire omellete, kitten cake

Crackin' ze boardroom, Crackin' ze vault
Rippin' ze bat, HEY! Secure by default

Chorus

Cybersluts vit undead guts
Transyl-viral coffin muck
Penguin lurking under bed
Puffy hoompa on your head

Crackin' ze bedroom, Crackin' ze vault
Crackin' ze whip, HEY! Secure by default
Crackin' ze bedroom, Crackin' ze vault
Crackin' ze whip, HEY! Secure by default

Chorus

Re: Final stage

[Sunder]

On Thu, 8 Jul 2004, Howie Goodell wrote:

> On Wed, 7 Jul 2004 15:26:59 -0400 (edt), Sunder <[EMAIL PROTECTED]> wrote:
> > 
> > On Wed, 7 Jul 2004, J.A. Terranson wrote:
> > 
> > > On Wed, 7 Jul 2004, Anonymous via the Cypherpunks Tonga Remailer wrote:
> > >
> > > > Praise Allah!  The spires of the West will soon come crashing down!
> > 
> > 
> > 
> > > Laying it on just a little thick, no?
> > 
> > Here we go again.  Get ready for more FUD from the LEO's, I can see Fox
> > news now.  "Cypherpunks a hotbed of crypto-anarchist scum is now being
> > used by Al Qaeda to setup new terrorist attacks..."  Expect to see a
> > sidebar about "rogue" or "evil" anonymous remailers and how they're
> > un-patriotic, etc.
> > 
> > Bah, some feeb had too one too many Crappachino's with lunch today and
> > pulled a Cornholio :(
> > 
> > A few years ago it was requests on how to make bombs, now it's this shit.
> 
> The "UBL is GW" message sounded provocateurish, too.

Yup... but that's kind of standard around here.  Pull up a reasonable 
quote from some super hated person and make people think.  Nothing new.  I 
think there was something about gun control and making people safe 
attributed to Hitler, etc. a while back.

But as I said, here we go: http://www.theinquirer.net/?article=17087
Right on que too, though it doesn't mention Cypherpunks...

The Internet is the home of Terror

Servers of Mass destruction

By Nick Farrell: Thursday 08 July 2004, 07:50
THE INTERNET has become the place for terrorist training, recruitment, and 
fundraising, according to a leading Israeli academic.

Speaking to the Medill News Service, Gabriel Weimann, chair of the 
University of Haifa communications department claims that Terrorist groups 
are exploiting the accessibility, vast audience, and anonymity of the 
Internet to raise money and recruit new members.

Re: [IP] Hi-tech rays to aid terror fight (fwd from dave@farber.net)

[Sunder]

I recently visited the Canadian side of Niagra falls.  On the return entry 
to the US customs, etc. meant driving through penns that look like toll 
booths.  But I noticed little sensors in pairs and large square sensors as 
well.

The entry gate was fairly large - I'd say about 2' deep by 2' wide by I'd
guess 10/12' high. Black on the outside car facing side, white on the
inner side.  On the side there were pairs of large rectangular boxes at an
angle pointing down toward the car.  Deeper into the stall there were
several pairs of sensors on vertical poles.  The first pair on the left
side - small rectangular ones which pointed at similar poles across the
way.  Something like this:

   |   |
   |  ]| mid - about 3-4' off the ground
   |   |
   |[  | low about 1ft off the ground




>From the top:


  Booth|---arm---|
   | |
   |[|
   |[|
   |]|
   |]|
   | |
   ### ###
   | |
   %%%
   %%%
   | |
  ^ direction of driving

[ = small sensor
##= large sensor
%%= entry gate 3'x3' thick


And there were two sets of these as I drove through.  Were these the 
(in)famous TZ sensors?

There were two guys in the booth, one obviously examining in LCD monitor, 
the other guy going "papers please" and "state the nature of your visit" 
etc.  He seemed only concerned with where we were born, lived, and whether 
we had purchased any alcohol or tabacco products in Canada.


On Thu, 8 Jul 2004, Eugen Leitl wrote:

> - Forwarded message from David Farber <[EMAIL PROTECTED]> -
> 
> From: David Farber <[EMAIL PROTECTED]>
> Date: Thu, 8 Jul 2004 10:09:31 -0400
> 
> Begin forwarded message:
> 
> From: Dewayne Hendricks <[EMAIL PROTECTED]>
> Date: July 8, 2004 4:53:34 AM EDT
> To: Dewayne-Net Technology List <[EMAIL PROTECTED]>
> Subject: [Dewayne-Net] Hi-tech rays to aid terror fight
> 
> Hi-tech rays to aid terror fight
> 
> A new way of identifying metal and explosives could provide a valuable
> tool in the fight against terrorism.
> Airport security has become big business following the terrorist
> attacks in the US.
> 
> A system that detects both metal and non-metallic weapons using
> terahertz light has been developed by technology firm TeraView.

Re: Faster than Moore's law

[Sunder]

On Thu, 8 Jul 2004, Steve Schear wrote:

> >Just want to remind y'all that drive capacity has increased *faster*
> >than semiconductor throughput, which has an 18 month doubling time.
> 
> But access time has not nearly kept pace.  Which is why all manner of 
> database architectures have been created to make up for this shortcoming.

Which is still perfectly fine for data that you collect but search/access 
very rarely which I'd guess is the type of data we're talking about here.  
You collect the data, index it (or extract metadata from it in other ways) 
and you _almost_ never access it again.

Re: [IP] Hi-tech rays to aid terror fight

[Sunder]

On Thu, 8 Jul 2004, Major Variola (ret) wrote:

> 1. I've seen adverts for linear sensors which image the bottoms
> of cars as they drive over.  Sort of a scanner where the paper
> does the moving.  Installed in the road.

Come to think of it, yes, the "road" within the tollbooth gate was a bit
raised, so there could well have been sensors underneath it.  Might as
well add all the sensors you can afford, after all any cars going through
the gate are a captive audience.

> 2. There are companies developing sensors that bombard
> your car with neutrons (don't have to open the trunk),
> and detect the N from the temporary neutron-activated gamma emissions.
> 
> 3. Obviously license plate OCR is trivial.

Natch.  I also did see the big red IR lamps behind, but that's old school 
in almost any toll booth.
 
> 4. I've read papers on recognizing vehicles by their inductive
> signature as they drive over regular road sensors.   This was
> to passively measure road speed for traffic control.  The idea
> is that a VW Beetle has a different inductance vs. time than
> a Ford-250 or an 18 wheeler.  You correlate between
> roadloops at known distances apart and infer road speed.

Or you OCR license plates which is mostly trivial these days, or a 
combination of both.  

Then again, for upstate NY, you actually get a card for NYS Throughway and
pay when you exit at another tollbooth.  Card has a magnetic stripe, and 
shows the entry point on the throughway.  So there are obviously other 
less expensive ways to do just that.  Add cameras with timestamps at each 
tollboth and a way to keep track of which card was where and you've got a 
verifiable robust tracking system.

 
> 5. One could call terahertz "hard RF"  in same way that hard x-rays
> bleed into soft gammas.  But calling anything "hard" implies danger,
> and we mustn't scare the proles.  Perhaps soft IR is better.

:) Sort of like spammers calling their trade "targetted mails" or "opt-in"

Heh, would be funny if the 4am NINJA SWAT raid teams painted happy faces
on their helmets and say "Have a nice day" as they shoot.

 
> Whatever, its still pornography if the resolution is high enough.

What was that quote?... "tits or nukes, it's all just bits on the wire"

I also recall reading recently about those colored plastic/glass embedded
in the road bumps that reflect light (so you can see your lane better?)
are being retrofitted with cameras in them and set at an angle to read the
license plate and measure speed as you drive over them by some company.

Bah, wetware memory sucks. :(

New trend: dropping trou at the TSA

[Sunder]

BoingBoing calls this "The Freedom Flash" 
http://www.boingboing.net/2004/07/14/man_flashes_authorit.html



http://news.yahoo.com/news?tmpl=story&u=/ap/20040714/ap_on_fe_st/airport_flasher_1

Man Exposes Self During Airport Screening

Wed Jul 14, 9:07 AM ET

Add Strange News - AP to My Yahoo!

By The Associated Press

MINNEAPOLIS - Daryl Miller didn't make it through airport security because 
he couldn't keep his pants on.

 

Airport police said a security screener was waving a metal-detecting wand 
over Miller's pants area on Friday when Miller pulled his shorts down to 
his ankles. He wasn't wearing any underwear.

Miller then said, "There, how do you like your job," thus ending the 
screening, according to the police report. He was charged with indecent 
exposure and released on $300 bail. 

...

 "This person exposed themself in a public area, a clear violation of the 
law, and we needed to take some action on that, otherwise everybody would 
be dropping their pants," Christenson said.


--Kaos-Keraunos-Kybernetos---
 + ^ + :"I find it ironic that, on an amendment designed to protect  /|\
  \|/  :American democracy and our constitutional rights, the   /\|/\
<--*-->:Republican leadership in the House had to rig the vote and  \/|\/
  /|\  :subvert the democratic process in order to prevail"  \|/
 + v + :  -- Rep. Sanders re vote to ammend the US PATRIOT ACT. 
-- http://www.sunder.net 

Reputation Capital Article - 1st Monday: Manifesto for the Reputation Society

[Sunder]

Here's a paper/article/screed on reputation capital.  A subject we 
discussed here a long while ago back when dinosaurs ruled the earth, 
etc... well, not quite that long ago.  

This doesn't seem to mention anything about anonymous users, however.



http://www.firstmonday.org/issues/issue9_7/masum/index.html


Abstract
Manifesto for the Reputation Society by Hassan Masum and Yi.Cheng Zhang

Information overload, challenges of evaluating quality, and the 
opportunity to benefit from experiences of others have spurred the 
development of reputation systems. Most Internet sites which mediate 
between large numbers of people use some form of reputation mechanism: 
Slashdot, eBay, ePinions, Amazon, and Google all make use of collaborative 
filtering, recommender systems, or shared judgements of quality.

But we suggest the potential utility of reputation services is far 
greater, touching nearly every aspect of society. By leveraging our 
limited and local human judgement power with collective networked 
filtering, it is possible to promote an interconnected ecology of socially 
beneficial reputation systems . to restrain the baser side of human 
nature, while unleashing positive social changes and enabling the 
realization of ever higher goals.






--Kaos-Keraunos-Kybernetos---
 + ^ + :"I find it ironic that, on an amendment designed to protect  /|\
  \|/  :American democracy and our constitutional rights, the   /\|/\
<--*-->:Republican leadership in the House had to rig the vote and  \/|\/
  /|\  :subvert the democratic process in order to prevail"  \|/
 + v + :  -- Rep. Sanders re vote to ammend the US PATRIOT ACT. 
-- http://www.sunder.net 

Osama says "Vote for Bush!"

[Sunder]

http://www.aaronsw.com/weblog/001393

Not that (m)any of us really expected Al-Qaeda to want Kerry.

--Kaos-Keraunos-Kybernetos---
 + ^ + :"I find it ironic that, on an amendment designed to protect  /|\
  \|/  :American democracy and our constitutional rights, the   /\|/\
<--*-->:Republican leadership in the House had to rig the vote and  \/|\/
  /|\  :subvert the democratic process in order to prevail"  \|/
 + v + :  -- Rep. Sanders re vote to ammend the US PATRIOT ACT. 
-- http://www.sunder.net 

[OT] Apple calls Real "a hacker"

[Sunder]

http://money.cnn.com/2004/07/29/technology/apple_real/

Interesting non-cypherpunkish stuff.  

So Real goes off and does some reverse engineering so it can use Apple's
DRM to publish its own stuff for iPod's.  Interestingly, Apple wants to
sue using the DMCA, *BUT* where it gets interesting is that IMHO, Real
didn't provide a crack to Apple's DRM, rather it used it for its own
benefit.  So will the DMCA even apply?

Even more interesting, Real used "publically available documents" so they 
didn't do the reverse engineering themselves, so they're not likely to be 
sued on that aspect - though quite likely this is based on the fair play 
stuff which was based on reverse engineering...

This might also have ramifications concerning things like X-Box and
modchips.  i.e. if Apple loses, then it will be legal for someone to build
a modchip to allow X-Box's to run Linux (but not play copied games.)

It will be an interesting fight, and if we, the consumers, are lucky, 
then perhaps some of the evil provisions in the DMCA will go away so we 
can get some more interoperability instead of vendor lock-in.

--Kaos-Keraunos-Kybernetos---
 + ^ + :"I find it ironic that, on an amendment designed to protect  /|\
  \|/  :American democracy and our constitutional rights, the   /\|/\
<--*-->:Republican leadership in the House had to rig the vote and  \/|\/
  /|\  :subvert the democratic process in order to prevail"  \|/
 + v + :  -- Rep. Sanders re vote to ammend the US PATRIOT ACT. 
-- http://www.sunder.net 

Re: Calendar from Egypt: Image of WTC attack for month of Sept.

[Sunder]

Why bother.  Just go to www.newsmax.com and you will see the type of
stories they have is one or two steps away from also having "Elvis
Lives" and "I fucked a girl from Jupiter" stories.   It's so yellow, it
makes the National Enquirer look bright white.

--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

On Sat, 20 Oct 2001, Jon Beets wrote:

> Its odd that I cannot find any reference to this story anywhere in google...
> It seems that a story like this would be everywhere.. Might have to wait a
> few days in hopes to see more info.. Also the picture they have in the
> article is too small to make any details out...
> 
> Jon Beets
> 
> - Original Message - 
> From: "citizenQ" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, October 20, 2001 11:44 AM
> Subject: Calendar from Egypt: Image of WTC attack for month of Sept.
> 
> 
> > http://www.newsmax.com/archives/articles/2001/9/27/124953.shtml
> > 
> > "A calendar which was printed in Egypt and
> > for the month of September shows a
> > crashing passenger plane with Manhattan
> > and the Statue of Liberty as a backdrop --
> > and which was printed in May, a full three
> > months before the Sept. 11 terrorist
> > attacks on America -- has caused an
> > uproar in the Dutch town of Almere,
> > Netherlands, the newspaper De Telegraaf
> > reported yesterday."
> 
> 

Why Plan-9?

[Sunder]

Why Plan-9?  I'd say go with OpenBSD. :)  Built in crypto, built in
firewall, secure on installation without you needing to tweak stuff.  Hell
you can even tell it to encrypt swap pages.


--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

On Sun, 21 Oct 2001, Jim Choate wrote:

> 
> On Sun, 21 Oct 2001, Harmon Seaver wrote:
> 
> >All the more reason to use Linux routers and firewalls.
> > Especially if Cisco pulls a Larry Ellison.
> 
> Nope, Plan 9.
> 
> http://plan9.bell-labs.com

Re: Denning's Geo-crypto

[Sunder]

Um, rethorical question, but from my very limited understanding of GPS,
all the satelites do is send a series of time codes.  So if you wanted to
you could build several transmitters that sent out stuff on the same
frequenies.  Since you need to be outside to be able to use GPS, or at
least "see sky", that would imply that these signals are weak.  So
building something to spoof GPS should be relatively easy.

Seems to me that one could also easily build a system to "brute
force" through all possible positions on GPS.

Again, I emphasize "very limited understanding of GPS" :)

--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

On Thu, 22 Nov 2001, Roy M. Silvernail wrote:

> On 22 Nov 2001, at 11:06, John Young wrote:
> 
> > Time Magazine, November 26, 2001:
> > 
> > Denning's pioneering a new field she calls geo-encryption.
> > Working with industry, Denning has developed a way to keep
> > information undecipherable until it reaches its location, as
> > determined by GPS satellites. 
> 
> Using a GPS coordinate set as keying material?  Hope it's just 
> additional keying material.  Knowing the intended destination of 
> something like a movie in transit to a theater seems pretty easy, 
> and the set of GPS coordinates encompassing your average 
> multiplex would seem to be pretty small compared to the usual 
> keyspaces discussed here.
> --
>Roy M. Silvernail [ ] [EMAIL PROTECTED]
> DNRC Minister Plenipotentiary of All Things Confusing, Software Division
> PGP Key 0x1AF39331 :  71D5 2EA2 4C27 D569  D96B BD40 D926 C05E
>  Key available from [EMAIL PROTECTED]
> I charge to process unsolicited commercial email

Re: CDR: Antivirus software will ignore FBI spyware: solutions

[Sunder]

Great and wonderful except:

1. If such spyware has already been installed on your system you can't
trust your os therefore:

a. It may use your OS to hide the key capture log, so you
   won't be able to just watch files.  Think of a kernel patch
   that removes all references to a specific file, not just
   sets it to be hidden.

b. It may use your OS to hide that the OS was altered if you
   decide to use a debugger by patching the debugger also, and
   when say "Finder" looks at the System file, it's really
   looking at the inactive original one, rather than the one
   that was patched. (or it could be an extension that hides
   itself and the capture file from the OS, etc.)

2. Any hard drive you can access so can they.  "They" can patch your
disk:

a. I'm not sure about newer MacOS's, but I remember that older
   MacOS's, those on 68k boxes stored driver code for the disk
   on one of the blocks on the drive, so even if your OS wasn't
   booted with the spyware, simply mounting that drive would
   load the driver, and anything that goes with it. 

   I had the experience of having such a driver getting corrupted
   back when I used a Mac. I recall I had to use special software
   to mount the disk without the old driver - actualy to just zap
   the old driver off the disk and replace it.

b. If the malware is on your hard drive, it can propagate like
   a virus to your iPod.  Sanitize your OS, only to have it
   come back when you hook up said iPod.

3. Newer G3+ Mac's use open boot prom or some such which lives in
eeprom.  Such things can be patched at that layer and can propagate on
bootup.  Booting off a read only disk (CDROM, etc) wouldn't help in this
case.

4. If you live in a crowded area, your iPod can be lifted off you
in a false mugging, or break in, pick pocketting while you're at a
restaurant, movie, etc.

5. Watching for files that change daily is a fool's task for the reasons
mentioned above, and the Sysiphean task it presents.  Better get the
equivalent of Cops or Tripwire to do the work for you, but they too can be
tampered with.  

6. If McAffee bent over to the Feds, you can be sure that so will the
makers of Zone Alarm and other firewalls.

7. Remember, they don't need to capture all your keystrokes.  Just the
ones you use as passphrases.  And they don't need to copy your whole hard
drive, though they easily could when you're out of the house.  Just your
secret key file and your passphrase.

8. If you shut off your computer when you leave your house, it makes their
job that much easier.  If you leave it on, they could note what's open and
put it back to the same spot.

9. If you use a login screen, etc, Or they could simply run something that
would take a snapshot of your desktop, shutdown your Mac, install the
malware/copy your files, then and boot off of a floppy that displays the
screen you left up, plus a Type 1 Bomb (MacOS equivalent of blue screen of
death), and eject the floppy thus - making it look like your Mac crashed,
or, simply go down to the basement and trip your circuit breakers making
it look like you've had a power failure (even UPS's run out at some
point.)

10. Ordered any new copies of a bit of software?  Maybe they have a deal
with FedEx, UPS, the Mailman.  Maybe what you're getting is the upgrade
and then some.  How can you tell that copy of SmallTalk doesn't carry an
extra bit of code just for you?  How can you tell that the latest patch to
MacOS you've just downloaded really came from Apple?  Sure DNS said it was
from ftp.apple.com but how do you know that the router upstream from your
internet provider didn't route your packets via ftp.fbi.gov?

Once they have physical access, you're fucked.  Remote access is almost as
dangerous as them having physical access, however it can work in your
favor as they won't be as familiar with your environment, and thus are far
more likely to expose the malware to you.

Sure, all of these things are more or less preventable, except for
physical access, and a lot of these come down to trust and reputation.  
But reputation and trust are also rubber hose-able (if there is such a
word.)  :)

You can trust your best friend until you find out otherwise.  You can
trust your bank until you find out otherwise.  You can trust your software
provider until you find out otherwise.  But by the time you've found out,
if you've found out at all, you've already been fucked.




--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privac