<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
Yo Steve et. al.-<br>
<br>
I just got an unexpected large chunk of work on my hands that's due
tomorrow, so I'm not going to be at the meeting tonight. More
later...<br>
<br>
-G.<br>
<br>
<br>
=======<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 13-06-11-Tue 9:20 PM, Steve Berl
wrote:<br>
</div>
<blockquote
cite="mid:CAB4gGnc4NHv3Sdgho12sC7rgdDT2LB2p60wT1p42oswC6rKg1Q@mail.gmail.com"
type="cite">
<div dir="ltr">I'm curious to hear more about your PSTN based
addressing scheme, and how one could build a large distributed
network with it.
<div><br>
</div>
<div style="">-steve</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Jun 11, 2013 at 8:30 AM, GtwoG
PublicOhOne <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:g2g-public01@att.net" target="_blank">g2g-public01@att.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <br>
Re. Alcides: Nope, haven't heard of CJ-DNS yet. <br>
<br>
A lot of us are thinking along similar lines. The
internet as it now stands is thoroughly broken, an
ecosystem dominated by predators and parasites of all
kinds, from the obvious scum who engage in phishing
attacks, botnets, and spam, to the less obvious types who
do things like offer "free" candy in exchange for stalking
us everywhere we go, whether we know it or not, and
whether we like it or not (see also my item (8) below).
It's buggy, bloated, and broken, and it's overdue for a
change. <br>
<br>
I'm looking for someone who can write an IPV4/6 to decimal
PSTN address conversion application, suitable for mesh.
Mesh by its nature requires using the address of the
device as its routable destination. This does not work
for telephony beyond the level of small PBX at present,
and will completely break in IPV6. Using a centralized
address server to manage transactions breaks the mesh
paradigm. Therefore the need for a new addressing system
based on the PSTN (public switched telephone network).
The version I'm proposing will also give each address
10,000 extension addresses for any combination of voice
and data devices.<br>
<br>
More about which later, as I've gotta scoot off to work
right now; be back this evening.<br>
<br>
-G.<br>
<br>
<br>
<br>
=====
<div>
<div class="h5"><br>
<br>
<br>
<br>
<br>
<div>On 13-06-11-Tue 7:54 AM, Alcides Gutierrez wrote:<br>
</div>
<blockquote type="cite">
<p dir="ltr">G,</p>
<p dir="ltr">Have you heard of cjdns? Do you have
any thoughts on it? The ideal goal is to replace
the Internet (current) with a new one.
ProjectMeshnet.org</p>
<p dir="ltr">Alcides Gutierrez<br>
<a moz-do-not-send="true" href="http://e64.us"
target="_blank">http://e64.us</a></p>
<div class="gmail_quote">On Jun 11, 2013 7:41 AM,
"Andrew" <<a moz-do-not-send="true"
href="mailto:andrew@roshambomedia.com"
target="_blank">andrew@roshambomedia.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0
0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">maybe sudoroom should run an
email server that encrypts messages on the
disk as well offers end to end encryption over
the air.<br>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Jun 11, 2013
at 4:07 AM, GtwoG PublicOhOne <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:g2g-public01@att.net"
target="_blank">g2g-public01@att.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex"><br>
Hi Max, YOs-<br>
<br>
Speaking from more than casual knowledge
of the subject matter, as a few<br>
of us here know:<br>
<br>
<br>
1) If you read the denials issued by
Google and Facebook, you'll<br>
discover that they used almost identical
language. And while it's true<br>
that corporate PR-speak and legal-speak
are usually as bland as baked<br>
beans, this stuff reminds one of the story
where Mrs. Jones and Mrs.<br>
Smith each had a baby that bears more than
a slight resemblance to the<br>
guy who delivers both of their newspapers:<br>
<br>
Google: "First, we have not joined any
program that would give the U.S.<br>
government—or any other government—direct
access to our servers."<br>
<br>
Facebook: "Facebook is not and has never
been part of any program to<br>
give the US or any other government direct
access to our servers."<br>
<br>
Google: "We had not heard of a program
called PRISM until yesterday."<br>
<br>
Facebook: "We hadn't even heard of PRISM
before yesterday."<br>
<br>
Google: "Our legal team reviews each and
every request..."<br>
<br>
Facebook: "When governments ask Facebook
for data, we review each<br>
request carefully..."<br>
<br>
<br>
2) Of course they didn't "join" a program
or become "part of" a program.<br>
NSA isn't a "club" that you can just
"join." What Facebook and Google<br>
did was become ASSETS of a program.<br>
<br>
That is a very subtle but important
distinction. If you were to ask<br>
their lawyers if they "had become assets
or had acted in any capacity as<br>
assets of any entity within the United
States Intelligence Community<br>
(USIC)," they would clam up right quick.
One needs to know how to ask<br>
the question in order to get at the
answer.<br>
<br>
Also, it is the case that the assets of a
program or operation rarely if<br>
ever know the name of the program or
operation involved. Knowing the<br>
name of the program or op would give the
assets the ability to compare<br>
notes and possibly compromise the program
or op. Very often, even the<br>
names of programs or ops are themselves
classified.<br>
<br>
By the way, some of y'all may have heard
my comments about Steve Jobs'<br>
application for a security clearance,
shortly after Jobs died and his<br>
bio was published. The media were
preoccupied with the usual celebrity<br>
gossip about how he could have gotten a
clearance when he'd admitted to<br>
taking LSD and building blue boxes
(naughty phone-phreak devices). But<br>
the real story, as I said at the time, was
that the purpose of the<br>
clearance was to facilitate relationships
with certain agencies<br>
regarding surveillance opportunities in
the Macintosh operating systems<br>
and other products. It is almost 100%
certain that Microsoft and certain<br>
of the commercial companies involved in
Open Source operating systems,<br>
had similar relationships. ("Intel
Inside", anyone?;-)<br>
<br>
One more item. Watch for the names Cisco,
Comcast, and Symantec, in the<br>
news.<br>
<br>
Aww hell, one more after that. Twitter
claims to have refused to<br>
participate in PRISM. That's very
convenient for them to say, because<br>
Twitter itself is a complete intel
collection platform with fully open<br>
access, and a variety of software tools
for analysis. Twitter is the<br>
easiest of the bunch to intercept and
fully exploit. You too can play at<br>
that game (just a little but enough to get
the flavor of it), if you<br>
want to pay for the software.<br>
<br>
<br>
3) Yes, NSA can monitor traffic without a
carrier or service provider<br>
knowing it. This is done by intercepting
the traffic at the carrier<br>
level. By analogy, if I want to tap your
broadband service, I don't have<br>
to break into your house to do it: I can
do it from any point between<br>
your house and the service provider's
central office.<br>
<br>
<br>
4) Telcos and broadband providers are
required to have CALEA intercept<br>
equipment (such as the infamous Naris box
of EFF fame) installed in<br>
their racks. This equipment enables
authorized entities to siphon the<br>
data streams in realtime, either in whole
or in part depending on<br>
various assigned levels of privilege.<br>
<br>
If everything that's on a server has
gotten there via a connection that<br>
is being intercepted constantly in
real-time, there's no need to get<br>
inside the server itself.<br>
<br>
<br>
5) NSA and real-time decryption: There is
reason to believe, based on<br>
published accounts, that certain types of
decryption are routine and<br>
automated. I also know from unpublished
but not classified sources, that<br>
there are automated tests that examine
ciphertext to determine<br>
specifically which encryption method and
key length were used to encrypt<br>
the data. I would conclude that automated
decryption exceeds the<br>
capabilities that have been reported in
the press.<br>
<br>
Further, I would strongly suggest that we
compile versions of PGP and<br>
GPG from source code, and modify them to
eliminate the upper limit on<br>
key sizes. I can explain further how to
perform that modification of the<br>
source code, once we have it downloaded.
It's remarkably easy.<br>
<br>
<br>
6) Compromise of private keys: Given the
number of methods available,<br>
and given the track records of the various
entities involved, I would<br>
not be surprised.<br>
<br>
"Mary had a private key, with which to
open PGP.<br>
The key fell into hostile hands. Now
Mary's hiding, with her lambs."<br>
<br>
<br>
7) Did Google and Facebook lie?<br>
<br>
Do bears shit in the woods?<br>
<br>
<br>
8) A modest prediction, and y'all can file
this under "he wasn't crazy<br>
after all."<br>
<br>
I've been saying this stuff for a while
now, but recent news makes it<br>
more, uhh, "topical":<br>
<br>
The entire advertising-based model of
internet services, with its<br>
reliance on "free" services "supported" by
advertising that "requires"<br>
pervasive tracking of every user's every
activities and whereabouts,<br>
will be demonstrated to have been an
enormous cover story of<br>
convenience, for a degree of mass
surveillance that far exceeds anything<br>
has been reported thus far.<br>
<br>
The goal is to have 100% collection of all
communications and location<br>
data, online and face-to-face, every
conversation as well as metadata,<br>
to be permanently archived for retrieval
and analysis at any later point<br>
in time. (This has not yet been achieved,
but they're working on it.)<br>
The goal of that, in turn, is to enable
making accurate predictions<br>
about the activities and location of any
person, at any point in the<br>
future. What gets done with those accurate
predictions is a matter of<br>
discretionary policy by those who control
the data.<br>
<br>
Orwell: "He who controls the past controls
the future. He who controls<br>
the future controls the present." Me:
"Knowledge is power. When they<br>
know all about you, and you know nothing
about them, who has the power?"<br>
<br>
<br>
9) Lastly, Max, you might especially
appreciate this bit of history:<br>
<br>
In the 1970s, GCHQ was engaged in targeted
surveillance of various<br>
dissident groups in the UK. But since GPO
Telephones' switching systems<br>
were entirely electro-mechanical (Strowger
switches), GCHQ had to depend<br>
on the GPO engineers to execute every
request by making physical<br>
connections to the lines at the Central
Offices.<br>
<br>
The GPO engineers' sympathies were often
with the dissidents. So,<br>
shortly after the GCHQ officers left, the
GPO engineers would quietly go<br>
about undoing the unwanted connections or
otherwise rendering them<br>
useless. Such are the advantages of
electro-mechanical analog switching<br>
systems, maintained by skilled workers,
with a strong union, and strong<br>
class consciousness.<br>
<br>
<br>
Cheers-<br>
<br>
-G.<br>
<br>
"You search Google, and Google searches
you. Deal?"<br>
<br>
<br>
======<br>
<div>
<div><br>
<br>
<br>
On 13-06-10-Mon 11:46 PM, Max B wrote:<br>
> I have a quick question to throw
out for anyone with opinions:<br>
><br>
> When the NSA PRISM program was
exposed, it was leaked that the NSA
has<br>
> the capabilities to monitor the
content of communications taking place<br>
> through any of the list of
companies they mentioned. Then Google,<br>
> Apple, and crew came out and
denied it.<br>
><br>
> Would it be possible for the NSA
to be monitoring traffic without them<br>
> knowing it/allowing a backdoor?
Would that require NSA servers doing<br>
> 128-bit SSL decryption at
real-time speeds? Or perhaps only when<br>
> specific emails needed to be
read? Could they have covertly<br>
> compromised the private keys of
all of these establishments? ("US<br>
> Government hacked google" seems
like a great Guardian headline)<br>
><br>
> Or do folks think that those
companies are just lying through their<br>
> teeth?<br>
><br>
> On Mon 10 Jun 2013 10:43:42 PM
PDT, Rabbit wrote:<br>
>> Yes, let's have a end-user
focused crypto workshop!<br>
>><br>
>> I'm not an expert but I can
help OS X users get set up with<br>
>><br>
>> Tor<br>
>> Adium + OTR<br>
>> Making encrypted disk images<br>
>> Truecrypt<br>
>><br>
>> And I wanna learn about web
of trust, keysigning, gpg for email<br>
>><br>
>> Also I'm really wishing for a
better social network for people to<br>
>> switch to. Any thoughts on
that?<br>
>><br>
>><br>
>><br>
>><br>
>><br>
>> On Mon, Jun 10, 2013 at 7:55
PM, GtwoG PublicOhOne<br>
>> <<a moz-do-not-send="true"
href="mailto:g2g-public01@att.net"
target="_blank">g2g-public01@att.net</a>
<mailto:<a moz-do-not-send="true"
href="mailto:g2g-public01@att.net"
target="_blank">g2g-public01@att.net</a>>>
wrote:<br>
>><br>
>><br>
>> YES! a crypto party.<br>
>><br>
>> PGP and GPG won't protect
your metadata from traffic analysis
("TA"),<br>
>> which is what's been revealed
that Anagram Inn has been up to. But<br>
>> protecting your content is a
good start, and building email<br>
>> servers that<br>
>> are end-to-end encrypted is
the next step.<br>
>><br>
>> -G.<br>
>><br>
>><br>
>> =====<br>
>><br>
>><br>
>><br>
>> On 13-06-10-Mon 7:13 PM,
William Budington wrote:<br>
>> > There was some
discussion about this at the last
meeting, mostly<br>
>> around<br>
>> > securing personal data
on physical devices, but it would be
good<br>
>> to have<br>
>> > another end-user based
cryptoparty, even have it be a
full-day event<br>
>> > stemming from Today I
Learned. I'll bring this up at the
meeting on<br>
>> > Wednesday.<br>
>> ><br>
>> > Bill<br>
>> ><br>
>> > On 06/10/2013 07:02 PM,
William Gillis wrote:<br>
>> >> Hey Sudoroomers,<br>
>> >><br>
>> >> I've been deluged by
friends this weekend suddenly
interested<br>
>> in things<br>
>> >> like finally
figuring out how to install that there
tor, or god<br>
>> forbid<br>
>> >> venturing into the
realm of pgp. I offered my nonstop 1:1<br>
>> handholding<br>
>> >> services over
facebook to any and all friends and
have been a<br>
>> little<br>
>> >> overwhelmed by the
number.<br>
>> >><br>
>> >> Someone local
suggested a teach day at Sudoroom and
I thought<br>
>> I'd check to<br>
>> >> see if anyone else
is interested and, you know, what
actual<br>
>> members have to<br>
>> >> say.<br>
>> >><br>
>> >> There has never been
a more opportune moment for
cryptoparty<br>
>> outreach, and<br>
>> >> yet I haven't seen
anyone declare anything yet. Am I just
out<br>
>> of the loop?<br>
>> >><br>
>> >><br>
>> >><br>
>> >>
_______________________________________________<br>
>> >> sudo-discuss mailing
list<br>
>> >> <a
moz-do-not-send="true"
href="mailto:sudo-discuss@lists.sudoroom.org"
target="_blank">sudo-discuss@lists.sudoroom.org</a><br>
>> <mailto:<a
moz-do-not-send="true"
href="mailto:sudo-discuss@lists.sudoroom.org"
target="_blank">sudo-discuss@lists.sudoroom.org</a>><br>
>> >> <a
moz-do-not-send="true"
href="http://lists.sudoroom.org/listinfo/sudo-discuss"
target="_blank">http://lists.sudoroom.org/listinfo/sudo-discuss</a><br>
>> >><br>
>> >
_______________________________________________<br>
>> > sudo-discuss mailing
list<br>
>> > <a
moz-do-not-send="true"
href="mailto:sudo-discuss@lists.sudoroom.org"
target="_blank">sudo-discuss@lists.sudoroom.org</a><br>
>> <mailto:<a
moz-do-not-send="true"
href="mailto:sudo-discuss@lists.sudoroom.org"
target="_blank">sudo-discuss@lists.sudoroom.org</a>><br>
>> > <a
moz-do-not-send="true"
href="http://lists.sudoroom.org/listinfo/sudo-discuss"
target="_blank">http://lists.sudoroom.org/listinfo/sudo-discuss</a><br>
>> ><br>
>><br>
>>
_______________________________________________<br>
>> sudo-discuss mailing list<br>
>> <a moz-do-not-send="true"
href="mailto:sudo-discuss@lists.sudoroom.org"
target="_blank">sudo-discuss@lists.sudoroom.org</a><br>
>> <mailto:<a
moz-do-not-send="true"
href="mailto:sudo-discuss@lists.sudoroom.org"
target="_blank">sudo-discuss@lists.sudoroom.org</a>><br>
>> <a moz-do-not-send="true"
href="http://lists.sudoroom.org/listinfo/sudo-discuss"
target="_blank">http://lists.sudoroom.org/listinfo/sudo-discuss</a><br>
>><br>
>><br>
>><br>
>><br>
>>
_______________________________________________<br>
>> sudo-discuss mailing list<br>
>> <a moz-do-not-send="true"
href="mailto:sudo-discuss@lists.sudoroom.org"
target="_blank">sudo-discuss@lists.sudoroom.org</a><br>
>> <a moz-do-not-send="true"
href="http://lists.sudoroom.org/listinfo/sudo-discuss"
target="_blank">http://lists.sudoroom.org/listinfo/sudo-discuss</a><br>
>
_______________________________________________<br>
> sudo-discuss mailing list<br>
> <a moz-do-not-send="true"
href="mailto:sudo-discuss@lists.sudoroom.org"
target="_blank">sudo-discuss@lists.sudoroom.org</a><br>
> <a moz-do-not-send="true"
href="http://lists.sudoroom.org/listinfo/sudo-discuss"
target="_blank">http://lists.sudoroom.org/listinfo/sudo-discuss</a><br>
><br>
<br>
_______________________________________________<br>
sudo-discuss mailing list<br>
<a moz-do-not-send="true"
href="mailto:sudo-discuss@lists.sudoroom.org"
target="_blank">sudo-discuss@lists.sudoroom.org</a><br>
<a moz-do-not-send="true"
href="http://lists.sudoroom.org/listinfo/sudo-discuss"
target="_blank">http://lists.sudoroom.org/listinfo/sudo-discuss</a><br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
-------
<div>Andrew Lowe</div>
<div>Cell: <a moz-do-not-send="true"
href="tel:831-332-2507"
value="+18313322507" target="_blank">831-332-2507</a></div>
<div><a moz-do-not-send="true"
href="http://roshambomedia.com"
target="_blank">http://roshambomedia.com</a></div>
<div><br>
</div>
</div>
<br>
_______________________________________________<br>
sudo-discuss mailing list<br>
<a moz-do-not-send="true"
href="mailto:sudo-discuss@lists.sudoroom.org"
target="_blank">sudo-discuss@lists.sudoroom.org</a><br>
<a moz-do-not-send="true"
href="http://lists.sudoroom.org/listinfo/sudo-discuss"
target="_blank">http://lists.sudoroom.org/listinfo/sudo-discuss</a><br>
<br>
</blockquote>
</div>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
sudo-discuss mailing list<br>
<a moz-do-not-send="true"
href="mailto:sudo-discuss@lists.sudoroom.org">sudo-discuss@lists.sudoroom.org</a><br>
<a moz-do-not-send="true"
href="http://lists.sudoroom.org/listinfo/sudo-discuss"
target="_blank">http://lists.sudoroom.org/listinfo/sudo-discuss</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
-steve
</div>
</blockquote>
<br>
</body>
</html>