Professor-rat's Blurty
[Most Recent Entries] [Calendar View] [Friends]

Below are the 20 most recent journal entries recorded in Professor-rat's Blurty:

    [ << Previous 20 ]
    Monday, April 21st, 2014
    2:19 pm
    An exercise in doublethink
    Marx demands a law against the workers
    I demand them from the state, as a compulsory law, not only against the manufacturers, but against the workers themselves (on page 542, Capital, p 556, note 4, English edition )
    I refer to the resistance offered by working women to a limitation of the working day). If Herr M develops the same energy as Owen, he can break that resistance.
    That the individual manufacturer (apart from the extent to which he tries to affect legislation) can do little in the matter, I also say on page 243: ‘But looking at things as a whole, all this does not, indeed, depend on the good or ill will of the individual capitalist [etc].’ See also note 114 (p 260)
    That, nevertheless, the individual can do something has been clearly demonstrated by such manufacturers as Fielden, Owen, etc. FROM

    Karl Marx to Ludwig Kugelmann, 17 March 1868

    Okay - I gather now some women were against shorter working hours - and they certainly had some good reasons for that as lumpen-elements (like Marx ) spent so much time at home smoking.

    So is that a good reason to pass a law?

    Sure - if you're an authoritarian-socialist.

    Now lets look a little closer at this letter. Marx refers to his recent book " Capital" a number of times in a very interesting way.

    Doublethink is the act of ordinary people simultaneously accepting two mutually contradictory beliefs as correct

    When Orwell invented the word he was consulting quite a bit with Sonia Brownell ( later Orwell) She told him about her Catholic education and what she described to him as something like brainwashing.
    The novel "1984" explicitly shows people learning Doublethink and newspeak due to peer pressure and a desire to "fit in", or gain status within the Party — to be seen as a loyal Party Member.

    For someone to even recognize–let alone mention–any contradiction within the context of the Party line was akin to blasphemy.

    Something else that's interesting about religions is that the deepest beliefs may be inspired by the most unrealistic notions. The notion of a self-conscious class making a social-revolution - like nothing that had ever happened before in ' Scientific-socialism' and the notion of aliens dwelling in volcano's in Scientology.

    Much Dianectical material here for anyone interested in the harms religions cause.
    Sunday, April 20th, 2014
    4:28 pm
    Marx demands a law against the workers
    I demand them from the state, as a compulsory law, not only against the manufacturers, but against the workers themselves (on page 542, Capital, p 556, note 4, English edition )
    I refer to the resistance offered by working women to a limitation of the working day). If Herr M develops the same energy as Owen, he can break that resistance.
    That the individual manufacturer (apart from the extent to which he tries to affect legislation) can do little in the matter, I also say on page 243: ‘But looking at things as a whole, all this does not, indeed, depend on the good or ill will of the individual capitalist [etc].’ See also note 114 (p 260)
    That, nevertheless, the individual can do something has been clearly demonstrated by such manufacturers as Fielden, Owen, etc. FROM

    Karl Marx to Ludwig Kugelmann, 17 March 1868

    So what's this about, if you can follow the dialectical contraditions? I can't, myself but it seems to be a precursor for the 1875 " Critique of the Gotha Programme part at the end.

    "Prohibition of child labor." Here it was absolutely essential to state the age limit.

    A general prohibition of child labor is incompatible with the existence of large-scale industry and hence an empty, pious wish. Its realization -- if it were possible -- would be reactionary, since, with a strict regulation of the working time according to the different age groups and other safety measures for the protection of children, an early combination of productive labor with education is one of the most potent means for the transformation of present-day society.
    Saturday, April 19th, 2014
    7:16 pm
    The utilitarian turn
    Marta G. Franco’s talk set up and framed Paolo Gerbaudo’s presentation in which he developed these themes as what he has characterised elsewhere the ‘majoritarian turn’. Although ultimately somewhat reductive, there is undoubtedly some truth and value line in marking some kind of transition between the two most recent phases of mass global civil disobedience. He contrasts the mass activism of the Occupations and insurrections of 2011 with its predecessor, the anti-globalisation or anti G7 protests of the late 90s and early Noughties and their principal media and communications arm, Indymedia.

    He describes how it was not only the voice of the movement but also fundamental to the organisational infrastructure of the movement. This form of words is interesting in that it makes an important connection between modes of communication and evolving forms of governance. The approach of Indymedia exemplified what Gerbaudo refers to as ‘Cyber-Separatism”, with its commitment to the create autonomous infrastructure or ‘islands on the net’ Indymedia exemplified what Gerbaudo refers to as ‘Cyber-Separatism”, with its commitment to the create autonomous infrastructure or ‘islands on the net’ as THE condition of avoiding capture and complicity
    Friday, April 18th, 2014
    11:16 pm
    Ghost protocols
    Subject: Re: Making the Agora Vanish into Cyberspace
    From: Tim May
    Date: 2001-04-12 19:12:19
    [Download message RAW]

    I want to apply what I just wrote to the projects of some friends of
    ours: MojoNation and Zero Knowledge Systems. I say "friends" because
    long-term list members are either working for them, or founded them,
    or whatever. You all know what I mean.

    Caveat: I have not talked to principals at either company for a long
    time. I don't know what they're doing, or even if their companies
    still exist in the same form (same basic mission) as when I last
    talked to their principals. Consider these comments to be applicable
    to companies _like_ these companies.

    At 11:14 AM -0700 4/12/01, Tim May wrote:
    >This makes Yahoo, Amazon, EBay the easy targets for lawsuits by
    >foreign governments, lawsuits by PC groups in America, boycotts
    >(which are OK, of course), and even direct actions against corporate
    >officers. How long will it be before corporate offices at EBay are
    >bombed because birth control stuff is sold on EBay? How long before
    >the President of Amazon is assassinated one night for "allowing"
    >books like "The Satanic Verses" be sold on his system?
    >These three companies are representative of the trend toward a
    >corporation, readily traceable to a physical location, acting as the
    >"marketplace" location. Even more abstractly, Napster only
    >distributed an _indexing_ application and then provided a forum for
    >indices to be published. And yet what has happened with Napster is
    >and was predictable.
    >(If you set up a music pirating system, as seen by others, and paint
    >your name and address on your back, you _will_ be sued. A bunch of
    >us pointed this out at a CP physical meeting in early 2000, when
    >Napster was just starting to become known.)
    >There's a better solution to this "big targets problem":
    >peer-to-peer, a la Gnutella, Mojo, etc. No identifiable nexus of
    >corporate control. Online clearing. Reputation intermediaries.
    >Digital cash (not strictly needed, if N (number of sellers and
    >buyers) is large enough and there is no central clearinghouse which
    >can be sued.)
    >Making the agora disappear into cyberspace, whether by sheer numbers
    >of sellers and buyers (peer-to-peer) or by robust encryption (a la
    >BlackNet) is an important goal.
    >"The Theory of the Corporation" needs revisiting.

    This is what is missing from the plans of so many of these
    "Cypherpunks-interesting" companies: they start developing some ideas
    of how to implement true untraceability, and doing commerce in
    uncoercible (transactions cannot be physically coerced) ways, then
    they BLOW IT:

    The blow it by incorporating in above-board ways, readily-traceable
    by any constable or narc or Fed who wants to find their corporate
    offices in Quebec or Mountain View or whatever village constitutes
    the capital of Anguilla.

    Which means none of these entities can exploit the truly rich markets
    out there. Markets for online porn of various kinds, markets for
    "specialty" interests, a free and open and unfettered market in Nazi
    memorabilia and other such newly-verboten items, and, the gold mine,
    markets in medical information, credit information, and other such
    data bases which governments seek to hold monopolies on. (Governments
    ain't stupid. Being the official Mafia, they know the value of
    regulating and controlling data bases.)

    For those of you who don't fully appreciate what I am getting at,
    being newcomers, let me move away from such banalities as "kiddie
    porn" market--though this is a real market which any truly
    untraceable tools will facillitate, obviously--and focus instead on
    the "credit rating market."

    Alice defaulted on a loan to Bob some years ago. Do-gooders in the
    United States decided that Alice's "credit records" should be forced
    to "forget" this item after some period set by legislative decree.
    Charles, who was told by Bob by that Alice defaulted on a loan, is
    ordered by the government that he may not reveal this information to
    Darva, who is considering making a loan to Alice and is willing to
    pay Charles a fee for supplying her with what he knows of Alice's
    past habits regarding loans.

    This is, in a nutshell, the essence of the "Fair Credit Reporting
    Act." This is what laymen, who usually think it a good idea, mean
    when they say "Your credit records only go back 5 years."

    Cypherpunks know that the technologies exist to support bypasses of
    such contra-freedom laws. Usually called "data havens," though Bruce
    Sterling got it wrong (no insult meant to him) when he predicted in
    "Islands in the Net" that such data havens would be on Caribbean
    islands or in the jungles of Southeast Asia. Physical security is
    only the equivalent of a few dozen bits' worth of cryptographic
    security. (At the time "Islands in the Net" appeared, in 1988, I had
    already presented the "BlackNet" crypto scheme to my Silicon Valley
    friends Phil Salin, Marc Stiegler, Randy Farmer, Chip Morningstar,
    and a bunch of the Xanadu/AMiX folks. It did in cyberspace, a la
    Vinge's "True Names," what Sterling was simultaneously setting out in

    (As to the morality of such bypasses, why is the business of
    government or anyone else to tell Bob or Charles that it is illegal
    and punishable by fines and imprisonment to tell Darva that Alice
    cheated Bob at some time in the past? It isn't.

    OK, so the crypto tools really do exist to enable "free markets in
    cyberspace." So it this what Mojo and ZKS will do? Is this what Vince
    Cate in Anguilla is able to do?

    Why is Mojo not becoming the pirate music capital of cyberspace? Why
    is ZKS not advertising its software to those interested in nude
    photos of youngsters? Why is Anguilla not the credit rating capital
    of the world/

    Because each is readily locatable and targettable. These are at least
    part of the reasons. (I admit that other reasons may be "Because Jim
    is not interested in being the pirate music capital, because the
    shareholders of ZKS choose not be child pornographers, because Vince
    doesn't want to be the credit rating center of the world.")

    The important point is that even if any of these ventures _wanted_ to
    use their technologies as described above, THEY ARE TOO VISIBLE.

    Jim McCoy understands this quite well...and yet he located his
    operation in a visible way, which surprises me. Austin and Hammie
    were told by both Lucky Green and myself, and maybe others , that ZKS
    was painting a giant "Sue Me!" and/or "Raid Me!" target on their
    backs by incorporating and locating in a major Canadian city.

    (Lest anyone think Canada is "more tolerant" than the U.S., as some
    folks periodically claim, look at the Homulka/Teale censorship, look
    at the success of Andrea Dworkin and her feminazi cohorts in getting
    a bookstore shut down, look at the lack of anything comparable to the
    Bill of Rights in strength of precedent, and look at the recent
    crypto laws being proposed or which have been actually passed. The
    notion that ZKS will be able to say "Fuck off" to Mounties who arrive
    to investigate an extortion threat agains the Canadian PM or who have
    learned that FreedomNet is being used to trade child porn, is

    As for Vince and Anguilla, I wish him well. But a country which bans
    the importation of something so innocuous as copies of "Playboy"
    magazine, and which is said to be de facto ruled the "the seven
    families," is hardly a data haven by any definition.

    (We don't hear much out of Anguilla anyway, so maybe it's days as a
    "Cypherpunks capital" are gone, not that it was ever really that.)

    So, what's the solution?

    The solution is that the technology clearly exists to allow entities
    to reside in cyberspace. What is lacking, as always, is the means to
    collect untraceable digital cash. (Chaum has sometimes argued that
    only _buyer-untraceable_ DC is needed...clearly a bidirectionally
    untraceable system, "true" digital cash, is needed. Both Doug Barnes
    and Ian Goldberg explained several years ago how such a TDC system
    could be built. Ian demonstrated a version of such a TDC system at a
    CP physical meeting, circa 1997.)

    Anyone contemplating building such a system, or entity, or
    cybercorporation, should think long and hard about the wisdom of ever
    having an identifiable nexus of attack. Money must be collected in
    untraceable ways. This is what I meant about it being time to rethink
    the theory of the corporation.

    Where once a corporation existed to both protect the rights of
    shareholders (against lawsuits and partners having to pay for losses)
    and to enable the group participation of many workers, corporations
    for the things Cypherpunks think are interesting is just a bad idea.
    And given the growing trend toward trying to prosecute the V.P of
    Yahoo-Europe because some bit of Nazi history was sold to some German
    citizen, etc., corporations are becoming a liability in cyberspace.

    The answer is to vanish into cyberspace. Not an easy task, maybe,
    given the state of today's tools, but the long term trend.

    --Tim May
    Timothy C. May Corralitos, California
    Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon
    Technical: physics/soft errors/Smalltalk/Squeak/agents/games/Go
    Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns
    11:04 pm
    Babel on
    Subject: Crypto Protocols are Hard to Analyze
    From: tcmay () netcom ! com (Timothy C ! May)
    Date: 1993-08-18 20:38:43
    [Download message RAW]

    Fellow Cypherdroids,

    Crypto protocols are _hard_ to analyze! Speaking for myself, keeping the
    many combinations and permutations of crypto terms, channels, spoofing
    scenarios, and whatnot, straight is very confusing.

    This should be no great revelation to any of you who've tried to closely
    follow the protocols for digital cash (coins, coupons, certificates of
    deposit, blinded notes, and even "S&H Green Stamps"). Analyzing and finding
    flaws (often subtle) in cryptographic and digital money protocols is

    I'm currently trying to analyze a digital cash "coupon" system proposed by
    Nick Szabo, and Hal Finney last night posted his initial analysis of the
    "NetCash" scheme proposed recently. And the physical Cypherpunks meetings
    have recently been dominated by fairly gory details ("gory" means highly
    detailed and potentially confusing) of such new proposed systems as "Twain
    (tm)," an anonymous remailer (and its associated pieces, like "Clemens
    (tm)"...don't ask me to explain, as I got lost in the process!), and
    "Digital Silk Road (tm)" (and its own associated pieces, "Joule (tm),"
    "INDRA (tm)," etc.).

    (Sidenote: I get worried when so many new protocols are already being given
    names and being, to various degrees, "productized." Could this be a case of
    "premature productization"?)

    And anyone who looks at the "Advances in Cryptology-CRYPTO 'xx" books, the
    books where the main crypto results are published (along with "EuroCrypt,"
    "AusCrypt," and "AsiaCrypt"...mostly all published by Springer-Verlag in
    their silver-grey paperback series), will quickly see the explosion of
    complex protocols.

    What's the connection with Cypherpunks?

    After all, we all know this stuff is complex, so what's the big deal?

    I argue that a group such as ours, devoted to actually exploring and
    perhaps deploying modern crypto ideas, should try to *do something* about
    the combinatorial explosion of concepts, terms, and confusing protocols.

    It has been said about AI that 90% of the work is currently just
    reinvention of terms of yore, with new ideas mainly being rehashes of
    things invented 10 or 20 years earlier. My fear is that "digital money," to
    name just one example, is showing the same sort of thing, with lots of new
    terms for basic ideas, lots of complicated protocols which are (admittedly)
    hard to analyze (to try to break, to try to spoof, to "game against"). Many
    of these complex protocols simply _won't_ get analyzed in enough detail, if
    only because there aren't enough of us to do the analyses.

    (The obvious danger of _not_ analyzing a digital money scheme in enough
    detail, with enough paranoid motivation, is that it gets deployed and then
    broken by someone who knows how to break it--someone who has studied a
    similar problem and knows the points of weakness, someone who is just
    lucky, whatever. This could wipe out the developers, sow mistrust amongst
    the Cypherpunks/crypto community, etc.)

    Evidence that "protocols are hard to analyze" lies in the fact that only
    recently has basic public-key crypto begun to spread...and there are still
    lots of folks looking for weaknesses in PGP, for example. Almost nothing
    using more recent protocols has shown "Pretty Good Digital Cash,"
    not "Pretty Good Digital Timestamping," etc. (Though our own remailers,
    while very far from even Chaum's 1981 system, are interesting. Let's just
    not think of them as "cryptographic" in any sense...they rely almost
    totally on simple trust, a major cryptographic no-no.)

    More complicated protocols, like the "Dining Cryptographers Problem"
    (Chaum's paper on this should still be in the "soda" archives), are just a
    _piece_ of what's needed for our longterm Cypherpunks future (which I
    choose to call "crypto anarchy"), and yet analysis of it consumes
    _hundreds_ of pages (see, for example, the Jurgen Bos Ph.D. thesis I
    distributed a year ago at the first Cypherpunks meeting.)

    Am I proposing anything constructive here?

    First, I am not proposing limiting the universe of discourse on this List
    in any way. Folks will always be free to say whatever they like, to use
    whatever terms they wish. Second, I'm not pushing a particular
    least I hope I am not.

    Here are some suggestions, some things to mull over.

    1. Our archive site of papers and books is not available to many of the
    folks attempting to develop new protocols. To pick one example: digital
    money in all its various forms. The several proposals for digital cash
    (digital postage, NetCash, S&H green stamps, Cayman Islands deposits, etc.)
    are sometimes repeats of work done years ago--and shown to be flawed in
    major ways.

    Workers in this field should of course plan to acquire _all_ of the
    relevant papers, and probably should be at this year's "Crypto" conference
    (too late now). There just is no excuse for trying to "reinvent the wheel"
    when folks who are working full-time on something have already tilled the
    field (to mix some metaphors). It may be true that gifted amateurs can
    sometimes discover something the experts have not (after all, our fellow
    Cypherpunk Whit Diffie was in some sense a "gifted amateur" in the mid-70s,
    when nearly all "serious" cryptologists worked for the NSA), but it happens
    fairly rarely.

    We need to encourage serious workers to obtain and read all of the
    previously published material (the "Information Liberation Front," from
    which little has been heard lately, can only scan and OCR a tiny fraction
    of the papers that are relevant, and even then can't reasonably handle
    equations and mathematical arguments).

    2. We should agree on some terms, somehow, so that we're using a *common
    language* and not wasting huge amounts of time trying to deduce what Alice
    means by "return receipt" versus what Bob means when he uses the same term.
    (For example, Eric Messick calls his things "onions," suggesting multiple
    layers of "return postage guaranteed" envelopes. This may be a great idea,
    and even a great name (which we may all be using in 5 years), but it is
    potentially confusing, I think you'll agree.)

    (Formal crypto papers often use their own terminology, and those of us who
    read the papers have to convert from, say, "blobs" (a Chaum/Brassard term),
    to the terms favored by others. A few "Schelling points" for terms have
    appeared, usually with some groundbreaking or widely read paper, but
    cryptologists continue to reinvent their own terms, sometimes because they
    haven't understood the work of others, sometimes because of "NIH.")

    3. The lack of a FAQ is not really the issue, as the issues I'm talking
    about here go somewhat deeper than nearly any FAQ will ever go. Possibly a
    much-expanded "Glossary" (also in the "soda" archives) could be used to
    ensure more of us are using the standard terms.

    4. I recommend we _not_ spend a lot of time at Cypherpunks meetings on
    detailed protocols, as these are notoriously hard for people to follow,
    except in broad outlines. People "space out" on the details and teh devil's
    in the details.

    Rather, more detailed written papers are the best way, I think, to convey
    complicated ideas. Written papers force the writers to more carefully state
    their assumptions, their reliance on previous works, and to then more
    carefully work through their line of reasoning. Readers who are interested
    can then work through the papers in as much detail as they wish. Sometimes
    it takes many hours to work through a protocol. For example, I must've
    spent 10 hours going through Chaum's DC-Net paper, drawing pictures, going
    back to his 1981 paper on "mixes," and generally reading and rereading.
    (Then I spent even more time explaining it in a series of essays to the
    Extropians mailing list, before this list existed.)

    5. Eric Hughes and I toyed with the idea of creating a "protocol analysis
    language," or at least a toolkit for describing and diagramming protocols
    (inspired by the Chaum-school "triangle" diagrams, which place the
    "Customer," the "Shop," and the "Bank" in a triangle and then analyze who
    knows what, where the bits flow, who can prove what, etc.).

    Here's just the most basic and initial look at such a diagram:

    / \
    / \ (I won't add all the other stuff)
    / \

    (The "nouns" then have channels, actions ("verbs"), etc. associated with
    them. The digital money protocols are themselves complicated, involving
    "bit commitment," "blinding," and the like. And then there are the
    complications of any of these entities attempting to "break" the system, to
    steal money, to spend a digital token more than is authorized, to trace the
    flow of money, etc. Collusion, spoofing, etc. It gets confusing very fast.)

    Nothing has so far come of this idea, but it seems to me to be a shame that
    we're just drawing chicken marks on paper or on whiteboards (and losing
    most of the audience along the way, at least in terms of the all-important
    details). Complicated protocols--and the digital money constellation of
    ideas is just one--demand more powerful tools.

    (Speculatively, what I would someday hope to see is a kind of "Protocol
    Compiler," with functional specs (possibly written in a very higl-level
    language) transformed/rewritten to the best set of protocols available. The
    building blocks would be various forms of encryption, of reputations, of
    blinding, and so on. Each of the building blocks could be analyzed
    separately and improved upon....and probably bought from specialized
    developers. I know of no work along these lines, though. But I would not be
    at all surprised to find that some groups are doing something like
    this--the combinatorial explosion of possibilities makes hand-analysis

    Well, enough for now. Let me know what you think.

    With lots of new ideas for digital cash, remailers, mixes, digital betting
    schemes, coupons, postage, data havens, digital voting, and all the rest,
    we'll soon be drowning in protocols none of us have the time--or specific
    expertise--to analyze.

    Right now the crypto enthusiasts and amateurs are still stuck at the
    "Here's my idea for a new cipher...can you break it?" level, not even
    having reached the level of proposing new public key systems. We are
    beginning to see proposals on the Net for new digital money systems
    (NetCash being the most recent example). Over the next several years, there
    may be an explosion of these new proposals. Analyzing and quickly debunking
    them (when they need debunking, as most do...I am not saying this in a
    disdainful way, just noting reality....nothing is gained by the adoption of
    weak schemes) will be a challenge.

    Perhaps one Cypherpunks goal could be to maintain a publicly accessible
    database (in hypertext, even, using the World Wide Web or similar) of
    published techniques, of how to break or spoof them, of tips and tricks,
    and so on. (Yes, I am interested in working on something like this.)

    Best wishes,

    -Tim May

    Timothy C. May | Crypto Anarchy: encryption, digital money, | anonymous networks, digital pseudonyms, zero
    408-688-5409 | knowledge, reputations, information markets,
    W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
    Higher Power: 2^756839 | Public Key: by arrangement
    Note: I put time and money into writing this posting. I hope you enjoy it.
    10:43 pm
    Niche soft-drilling
    List: cypherpunks
    Subject: Re: still no microcurrency
    From: Lucky Green
    Date: 1999-05-17 4:38:58
    [Download message RAW]

    On Sun, 16 May 1999, James A. Donald wrote:

    [on achieving market penetration for electronic cash]

    > I think the solution is to go for some niche market where it
    > is easy to achieve critical mass within the niche, for
    > example pornography catering to a particular sexual
    > deviation, preferably one that is unusual and nasty, or mp3s
    > catering to a particular music specialty, preferably one that
    > is obscure but has fanatical fans [...]

    This strategy is of course sound and is the very strategy proposed by
    numerous authors on this very mailing list so many years ago.

    Focusing on market penetration in a niche market in which the participants
    have similar needs not presently met and which has the additional property
    that the participants communicate with each other is the proven way of
    making a product a widespread commercial success. See the must-read book
    on high-tech marketing "Crossing the Chasm".

    For low-value denominated Ecash, the market to be targeted initially was
    obviously pornography. Concerns for privacy and high chargeback rates
    abound, the industry is of sufficient size to make market domination
    worthwhile, and last but not least, vice sells. Pornography drove the
    deployment of the VCR and of CD-ROM drives. Just a few years ago, 65% of
    all CD-ROM's sold were pornographic. I don't know the more recent figures,
    but now that the technology has successfully crossed the chasm, the
    numbers are most likely lower.

    It was not that DigiCash or other electronic cash vendors were unaware of
    this fact. Back then, DigiCash employees participated actively in this
    list. Before the first dollar denominated Ecash [as it was spelled back
    then] coin was ever issued, DigiCash ran a beta test denominated in
    CyberBucks. Akin to Monopoly money. The sole CyberBucks merchant selling
    pornography took in an order of magnitude more CyberBucks than all other
    merchants combined.

    There are numerous reasons why the other electronic payment systems
    vendors failed, in the interest of brevity I will address only a small
    percentage of the reasons why DigiCash failed. In addition, I will limit
    myself to the low-value payment sector. I won't even address DigiCash
    refusals to recognize the even more important medium and high-value
    electronic payment sector. Nor will I address issues related to
    management, design implementation, ease of integration, and a host of
    other issues. Suffice to say DigiCash failed abysmally in every single

    DigiCash never felt comfortable with the potential of the technology they
    owned. While aware of Ecash's benefits to society which I outlined in my
    recent posts, DigiCash failed to acknowledge, even internally, that the
    inevitable flip-side would be various other consequences to society.
    Consequences that are not ubiquitously considered desirable and certainly
    were not considered desirably by DigiCash's management. In a futile and
    fundamentally impossible attempt to bring the benefits of a basic
    financial infrastructure to parts of humanity subject to potential
    governmental repression while simultaneously denying the same benefits to
    other parts of humanity, with the distinction to be drawn based on the
    claimed rationale for the repression, DigiCash designed a payment protocol
    that, its countless implementation shortcomings aside, is not even
    architecturally capable of meeting market demand.

    Ecash can not meet market demand without change making in the protocol.
    However, the moment change making becomes an integral part of the
    protocol, anyone can trivially obtain payee anonymity as well as other
    interesting properties. In a naive attempt at controlling certain natural
    consequences of blind signature technology, DigiCash deliberately crippled
    their product to the point of being useless. The saddest thing is, in
    doing so DigiCash only succeeded to make Ecash less useful to the general
    public without actually blocking the types of applications for the product
    DigiCash tried to prevent. (Which would be mathematically impossible,
    though the absence of change making does cause a mild inconvenience for
    those interested in payee anonymity).

    DigiCash second flawed architectural decision to not support accountless
    operation was motivated by virtually identical thoughts with identical
    consequences to the usability of Ecash. An additional reason why DigiCash
    chose to not support accountless operation was to cater to the /perceived/
    desires of the issuing banks. The banks at that time lobbied DigiCash to
    allow for accountless operation, but of course DigiCash knew better than
    their customers what their customers really wanted and refused to
    implement the customer's requirements.

    I could continue listing similar examples for another 10 or 20 pages, but
    I assume the reader by now understands where I am going with this.

    Fact is, any electronic cash payment infrastructure that allows Joe
    Customer to purchase HIV medication online without his purchase being
    traceable via the payment system also affords Mario "The Snake" Mafioso to
    be paid for his latest wetwork with the same privacy. You can't have the
    one without the other. This truth does not just apply to electronic cash;
    it is inherent to cash.

    DigiCash was incapable and unwilling to accept this truth. Consequently,
    they chose to not provide a cash-like system. Which is one of the many
    reasons so few saw a reason to use DigiCash's "cash".

    For further reading on why privacy in payment systems necessarily cuts
    both ways, I recommend Tim May's CFP'97 paper "Untraceable Digital Cash,
    Information Markets, and BlackNet"

    -- Lucky Green PGP v5 encrypted email preferred.
    7:00 pm
    NAZBOL Wastelands
    Those trying to learn more about the extraordinarily complex history of Ukraine, could do much, much worse than read this fine piece in Eurozine by historian Tim Snyder, author of the definitive Bloodlands. There is so much here worth excerpting that it is hard to know what to choose, but here are a few passages (my emphasis added):

    Later, Soviet propaganda maintained that anyone who mentioned the [Ukrainian] famine must be an agent of Nazi Germany. Thus began the politics of fascism and anti-fascism, where Moscow was the defender of all that was good, and its critics were fascists. This very effective rhetorical pose did not preclude an actual Soviet alliance with the actual Nazis in 1939. Given today’s return of Russian propaganda to anti-fascism, this is an important point to remember: the whole grand moral Manichaeism was meant to serve the state, and as such did not limit it in any way. The embrace of anti-fascism as a strategy is quite different from opposing actual fascists.

    ….A revolutionary situation always favours extremists, and watchfulness is certainly in order. It is quite striking, however, that Kyiv and Ukraine returned to order immediately after the revolution and that the new government has taken an almost unbelievably calm stance in the face of Russian invasion. The only scenario in which Ukrainian extremists actually come to the fore is one in which Russia actually tries to invade the rest of the country. If presidential elections proceed as planned in May, then the unpopularity and weakness of the Ukrainian far Right will be revealed. This is why Moscow opposes those elections….

    …The current government is unselfconsciously multiethnic and multilingual. Ukraine is a cosmopolitan place where considerations of language and ethnicity count for less then we think. In fact, Ukraine is now the site of the largest and most important free media in the Russian language, since all important media in Ukraine appear in Russian, and since freedom of speech prevails….the authoritarian far Right in Russia is infinitely more dangerous than the authoritarian far Right in Ukraine. It is in power, for one thing. It has no meaningful rivals, for another. It does not have to accommodate itself to international expectations, for a third. And it is now pursuing a foreign policy that is based openly upon the ethnicization of the world [of the world, perhaps not, but of Russia’s ‘near abroad’ certainly]. It does not matter who an individual is according to law or his own preferences: the fact that he speaks Russian makes him a Volksgenosse requiring Russian protection, which is to say invasion.
    6:57 pm
    Donetsk - don't tell
    The details sound eerily familiar:

    The leaflet begins, “Dear Ukraine citizens of Jewish nationality,” and states that all people of Jewish descent over 16 years old must report to the Commissioner for Nationalities in the Donetsk Regional Administration building and “register.”

    It says the reason is because the leaders of the Jewish community of Ukraine supported Bendery Junta, a reference to Stepan Bandera, the leader of the Ukrainian nationalist movement that fought for Ukrainian independence at the end of World War II, “and oppose the pro-Slavic People’s Republic of Donetsk,” a name adopted by the militant leadership.

    The leaflet then described which documents Jews should provide: “ID and passport are required to register your Jewish religion, religious documents of family members, as well as documents establishing the rights to all real estate property that belongs to you, including vehicles.”

    Consequences for non-compliance will result in citizenship being revoked “and you will be forced outside the country with a confiscation of property.” A registration fee of $50 would be required, it said.
    3:10 pm
    Bottoms up!
    The authorities probably wont hassle you as they would be fearful of publicizing such a potent threat to their very existence.

    professor rat @pro2rat · 29m
    Looks like Jim, Carl & I are the missing links between the Cyphernomicion and the Ethereum. 1992 - 2014 ..what a long strange trip its been.

    professor rat @pro2rat · 31m
    Collapse of govts is assured by the rapid exponential growth of hawala style service.
    professor rat @pro2rat · 31m
    Economic realities may be safely handled by issuing more transparent e-cash until break even.

    professor rat @pro2rat · 32m
    2001 Everyone a remailer,everyone a mint,everyone an APster. -- mattd

    professor rat @pro2rat · 34m
    calling CJ Parker a "genius" is the strangest thing I've read in a long while. He fits the pattern we're now seeing with mattd

    professor rat @pro2rat · 37m
    2001/11/27 Havenco,cypherpunks and indymedia all go offline together again

    professor rat @pro2rat · 38m
    Fashion is a form of ugliness so intolerable that we have to alter it every six months.

    professor rat @pro2rat · 38m
    I bet the NSA is doing active research on sniffer viruses and other automated tools for large scale active attacks. Wei Dai jan 96 Suggest

    professor rat @pro2rat · 39m
    a conceptual corollary to Metcalfe's Law (Bob Metcalfe invented Ethernet)

    professor rat @pro2rat · 41m
    Micropayments and accurate polling

    professor rat @pro2rat · 50m
    I suppose I could be a psuedo-anarchist. But I keep calling for real anarchists & they never show #12yearsAslaveToanarchy

    professor rat @pro2rat · 53m
    KISS me - I'm Irish

    professor rat @pro2rat · 56m
    Some outlaws dont unite & fight(using AP)with some indians,we'll all be forced down the trail of tears to the freenet reservation. Fuck that

    professor rat @pro2rat · 57m
    another explanation that even revives 'ether'

    professor rat @pro2rat · 58m
    2001 6 months ago I typed some words online that led to a grand jury being set up & a subpoena being issued on the other side of the world.

    professor rat @pro2rat · 1h
    Your fancypants,the lotta youse. (cept peter trei) -- mattd

    professor rat @pro2rat · 1h
    AFTER Symantic got dudded by Bidzos they bought Mandient. Mandient quickly launched an attack on Chinese spying/hacking.

    professor rat @pro2rat · 1h
    RSA in China.A rotten stink.

    professor rat @pro2rat · 1h
    NSA You spooks a bunch of gray, snivelling, alcoholic, Aldrich Ames lookalikes driving around in your rusty Toyotas

    professor rat @pro2rat · 1h
    Barter Units of Money on cypherpunks list 2002

    professor rat @pro2rat · 1h
    being somewhat critical of the all-too-common tendency I see of _renaming_ something without adding any new content.

    professor rat @pro2rat · 1h
    TIM I have no quibbles with such coinages as "anarchist community." MAY https://www.mail-

    professor rat @pro2rat · 2h
    2002- When E-dinars ( electronic cash) first met Peer-to-Peer power face-to-face

    professor rat @pro2rat · 2h
    Installing APster client also Freenet - when Killer net-markets met P2P back in 2002

    professor rat @pro2rat · 2h
    Cypherpunk is dead, RSA is dead and I don't feel very well myself

    professor rat @pro2rat · 2h
    that DES was now "really most sincerely dead."

    professor rat @pro2rat · 2h
    Trei could call a cell a 'mobile' ...and he quit RSA in 2008...just sayin'

    professor rat @pro2rat · 2h
    Ron Rivest suggested he contact Jim Bidzos

    professor rat @pro2rat · 2h
    12 years a slave to my AP-phone

    professor rat @pro2rat · 2h
    TIME now for the ultimate 'Killer App'

    professor rat @pro2rat · 2h
    It sounds like potential anarchy
    11:03 am
    See the man
    James Bidzos is president and chief executive officer of Verisign. He also serves as chairman of the board of directors and has been executive chairman since August 2009.

    As the founder of Verisign, Bidzos is an Internet and security industry pioneer whose accomplishments include building RSA Security into the early standard-bearer for authentication and encryption, and launching Verisign as a company in 1995 to develop the digital certificate infrastructure for Internet commerce.

    Before returning to the president and chief executive role in August 2011, Bidzos served as Verisign's first president and CEO and also served as Verisign's chairman of the board of directors from April 1995 until December 2001, as vice chairman from December 2001 to July 2007, and as interim CEO from July 2008 to August 2009. Bidzos served as president and CEO of RSA Security from 1986 to February 1999, and then served as RSA's vice chairman from 1999 to May 2002.

    Bidzos was named one of Time Magazine's "Digital 50," and is in CRN's Computer Industry Hall of Fame.
    10:39 am
    A growing cancer
    A hidden world, growing beyond control
    July 19, 2010

    "Top Secret America" is a project nearly two years in the making that describes the huge national security buildup in the United States after the Sept. 11, 2001, attacks.

    Company in Reston ( with Bidzos's Verisign )

    Whitney, Bradley & Brown, Inc. (WBB), headquartered in Reston, Virginia, is a technical and management consulting company providing unique, creative and innovative products and services to both the government and commercial sectors. Continuously over these 28+ years, the company hallmark has been the capability to bring warfighters, requirements and acquisition staff, and industry closer together -- all with the goal of improving the development/fielding of systems and the optimization of resources, including human capital.

    Air and satellite operations
    Border control
    Counter-IED explosives operations
    Cyber operations
    Ground force operations
    Intelligence analysis
    Naval operations
    Nuclear operations

    STUXNET had a trusted digital certificate component - two in fact. Two certs were stolen from an Industrial Park in Taiwan. The Govt of Taiwan had previously helped the covert shadow state during Iran-Contra btw.

    As news of Stuxnet broke in summer 2010 the deal to sell SSL certificate issuing authority ( along with other items) was proceeding. It was formally completed a month or two after Stuxnet news got out.

    Verisign got incredibly wealthy and Symantic got upheaval at head office. Surely in light of Heartbleed there needs to be a formal investigation into possible corrupt dealings between the NSA and Jim Bidzos of Verisign. What did he know and when did he know it?
    10:35 am
    Save before burning
    Nothing personal - its Bidzos, thats all

    Last-minute solutions to impossible problems created by desperate people, or the story of the fall of the End of History since 2001.

    The feeling something was wrong with cypherpunks ( who wouldn't back Jim Bell or Ryan Lackey) soon spread to the RSA. As the Iraq invasion mounted I was distracted however I would come back to them from time to time. ( Sear Sarah Flannery ) Clearly this was a wealthy and powerful group who would have been well aware of what happened to Jim Bell.
    Associated with this fear and loathing for that ' circle-of-eunuchs' ( Carl Johnson term) was my disgust with the dog that didn't bark in the night, WIRED magazine. After a few years studiously avoiding cypherpunks, WIRED was sold to Conde Naste. I've blogged recently about its CEO. So while I'm keeping up with current events - largely to do with the Plame Yellowgate scandal 2003-5 - I'm picking up more about crypto in dribs and drabs. Guys like Whit Diffie and David Brin are not the enemy!
    Okay some recent news events seem to call for a timeline to do with RSA. We learn from Steve Levy that Jim Bidzos was once threatened by an unnamed NSA agent. Then the munitions thing is dropped and RSA takes off.
    RSA conventions become a big deal - with a big overlap with Conde Naste advertisers btw.
    The RSA HQ is on the East Coast and there's a strong MIT connection. Suspiciously a MIT program called "open Government' listing all public servants is quietly throttled and buried. That was in the early noughties and roughly coincided with the infamous and unholy PAM slam by the Wyden-Dorgon conspiracy.
    Unfortunately I got a little complacent after 2005 and drank more than was healthy. I goofed off as the first hard-data regarding RSA started coming in. At least I got to know about a Greek called Gus who worked at the CIA back in the seventies and eighties. He may have somethings in common with Bidzos.

    "...By 2007 the algorithm was found to effectively have a backdoor..."

    We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.
    This algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been free to choose whichever one best suits their needs.
    We continued using the algorithm as an option within BSAFE toolkits as it gained acceptance as a NIST standard and because of its value in FIPS compliance. When concern surfaced around the algorithm in 2007, we continued to rely upon NIST as the arbiter of that discussion.
    When NIST issued new guidance recommending no further use of this algorithm in September 2013, we adhered to that guidance, communicated that recommendation to customers and discussed the change openly in the media.
    The post, which avoids discussing whether or not the company actually took the NSA's $10m, concluded with the following statement:

    RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.

    Meanwhile, Joseph Menn, the Reuters writer who broke the original news on Friday, stands by his story


    Now the 'trusted' NSA work to help the RSA? Sometime between the end of Levy's Crypto ( in 2000) and 2004 apparently. 9-11 changes everything. And the NSA goes from threats to bribes. Eric Schmidt recently said the smart dictator doesn't directly attack the net now. They ' infiltrate and influence ' it.

    Okay, this incident vaguely registered back in my wild years. Here its noted the NSA spies on computers...
    3:31 am
    Last week in March
    professor rat @pro2rat · 15h ago
    What did that fuckpig Jim Bidzos know about this fucking shit and when did the fucking pig know it?

    ReplyReplied to 0 times RetweetRetweeted 0 times FavoriteFavorited 0 times Delete
    professor rat @pro2rat · 15h ago
    What most people recognize as the small padlock icon in their Web browser

    ReplyReplied to 0 times RetweetRetweeted 0 times FavoriteFavorited 0 times Delete
    professor rat @pro2rat · 15h ago
    RSA Bsafe debacle raises questions over digital-certificates

    Most learned ( including me) about Heartbleed on April 7 - 2014
    Thursday, April 17th, 2014
    11:55 pm
    Long shanks out in the South
    As the Civil War raged, the president very controversially suspended the writ of habeas corpus and imposed martial law in states where Confederate operatives and sympathizers were taking seditious action. Addressing Congress on July 4, 1861, Lincoln defended his suspension of the writ:

    Of course some consideration was given to the questions of power and propriety before this matter was acted upon. The whole of the laws which were required to be faithfully executed were being resisted and failing of execution in nearly one-third of the States. Must they be allowed to finally fail of execution, even had it been perfectly clear that by the use of the means necessary to their execution some single law, made in such extreme tenderness of the citizen’s liberty that practically it relieves more of the guilty than of the innocent, should to a very limited extent be violated? To state the question more directly, are all the laws but one to go unexecuted and the Government itself go to pieces lest that one be violated?

    Now, it was only advisedly that I described this speech as “seemingly” inconsistent with the one Rich excerpted. For one thing, Lincoln did not believe his suspension of the writ violated the law, and he had a very colorable argument. The Constitution provides for the writ’s suspension in cases of rebellion or invasion; it does not say who may suspend it. The Supreme Court’s eventual conclusion (in the 1866 case of Ex Parte Milligan) that Congress must enact a suspension because the relevant clause is in Article I was sensible, but it was not indisputable. Lincoln was not without reason to believe that he had the necessary authority as long as a rebellion or invasion had occurred. Moreover, Lincoln’s passion for the rule of law was evident even in the act of arguably breaking it: He not only vigorously contended that his suspension was lawful; he also urged Congress to affirm the suspension by passing legislation (which Congress did in 1863).

    But all that said, Lincoln’s speech does justify law-breaking in extraordinary circumstances. I’d construe his argument as follows: Even if what I have done is unlawful, it was necessary because it was done for the higher purpose of preserving the system that protects our liberties—under dire circumstances where violating the law was more faithful to the Constitution than obeying it would have been.

    Many of us think Lincoln was right—I certainly do, and I even suspect the Supreme Court did (note that the suspension was invalidated only after the war was over). This informs our assessment of the situation in Nevada, and explains why Bundy gets our sympathetic consideration
    11:21 pm
    RATSO Rizzo
    Alan D. Fiers, Chief of the CIA's Central American Task Force, convicted of withholding evidence and sentenced to one year probation. Later pardoned by President George H. W. Bush.

    Clair George, Chief of Covert Ops-CIA, convicted on two charges of perjury, but pardoned by President George H. W. Bush before sentencing.

    Rizzo, who worked at the CIA as a lawyer for 34 years before his retirement, said the Senate Intelligence Committee’s approach differed substantially from earlier congressional probes into controversial CIA programs such as the Iran-Contra affair in the 1980s.

    He also noted that those previous probes had produced bipartisan reports in which Republican and Democratic lawmakers stood behind the findings.

    In the Senate Intelligence Committee’s review of the enhanced-interrogation program, by contrast, the panel’s Republican members bowed out four months into the investigation.

    “When the CIA was criticized in those other investigations, it was on a bipartisan basis,” Rizzo said. “That’s not the case here. This is strictly a political exercise by the Democratic side of the Intelligence Committee to castigate a Bush-era program.”

    Read more here:
    9:15 am
    The enemy penetrates everywhere
    It doesn’t matter if you reside at a home in the suburbs, a farm in the country, or an apartment in the city. If you’re a geospatial intelligence analyst, a warfighter, or a policymaker, there’s really only one place you should live, according to National Geospatial-Intelligence Agency (NGA) Director Letitia Long: in the data.

    “Whether we face an adversary, a political crisis, or a natural disaster, we must continue to drive the leading edge of GEOINT … and deliver the next phase of intelligence: immersion,” Long said Tuesday morning during her keynote address at GEOINT 2013*.

    Merriam-Webster defines immersion as “complete involvement in some activity or interest.”

    Long, however, defines it as something much more powerful. It’s not merely involvement, she said. It’s influence.

    “By immersion I mean living, interacting, and experimenting with the data in a multimedia, multi-sensory experience with GEOINT at its core,” she continued. “Immersion will break down the barriers between collectors, analysts, customers, and decision makers. Living together in this experience they will share rich content and robust expertise. Their more meaningful, more predictive insights will occur on a scale we could not have imagined just a few years ago.”

    Long invited the audience to imagine themselves as young analysts. Their mission: Anticipate the impact of civil unrest on an unstable country.

    “As you begin your day, your automated data-mining app warns you of anomalies in troop movements, puts video of overnight protests on screen, and notifies the rest of your team,” Long said.

    This sets in motion a powerful series of events. You:

    Quickly scan your queue of open-source reports and classified data;
    Join collaborators from across the IC and DoD in a virtual meeting space;
    Share and discuss with your team new content from multiple sources;
    Use advanced natural user interfaces to share content, with gestures and speech to quickly organize visuals; and
    Apply advanced analytic tools that reveal a network of extremists trying to infiltrate the protesters’ camp.
    “Your team anticipates that within days the extremists will try to provoke violence in what had been peaceful protests,” Long explained. “Two days later your team watches a live video feed as a multinational force raids the extremists’ camp and captures them.”

    It’s a compelling vision, and Long said NGA is working diligently to make it a reality by focusing on six “pillars” of immersive intelligence:

    An integrated intelligence picture leveraging NGA’s integrated GEOINT access point, Map of the World;
    Advanced analytic capabilities focused on object-based production;
    Next-generation data collection that integrates advanced tipping and cueing;
    Improved data access through the Globe, NGA’s web portal providing online, on-demand access to geospatial information;
    An open IT enterprise that eliminates technology stovepipes; and
    Investment in research and technology, focused on three building blocks—persistence, anticipatory analysis, and immersive intelligence.
    Achieving immersion won’t be as easy as envisioning it, Long acknowledged. By collaborating, however, she asserted that government and industry can overcome technological, structural, and financial challenges in order to realize GEOINT’s full potential.

    “Only together can we maximize our strengths,” she concluded. “Only together can we turn our great ideas into great results. And only together can we see what our adversaries cannot, know what we should know, and act first.”

    - See more at:
    Wednesday, April 16th, 2014
    12:19 pm
    Across the channel
    Large security vendors with massive portfolios are struggling to keep pace with the rapid changes taking place at the endpoint and in the data center, according to former Symantec CEO Enrique Salem, who is maintaining strong ties in the security community and betting heavily on networking security and cloud analytics.
    Salem, who sits on the boards of networking security vendors FireEye and Forescout and cloud analytics and security firm Netskope, said a variety of agile startups are in position to address the issues faced by enterprises dealing with mobility issues at the endpoint, a rapid adoption of cloud-based services and a transition of the data center to cloud hosting resources.

    "There's an opportunity for almost a changing of the guard of the next-generation security companies, and that is where I'm trying to spend my time," Salem told CRN. "We are in the biggest transition away from the large-cap tech companies, which are the last-generation tech companies. … In that shift from the client to consumerization and disruption of the data center, IT will need new tools to have the visibility and control that they had in the previous architecture."

    [Related: Symantec: New Named Accounts For Top Partners, Incentives For Smaller VARs

    Salem admits that hindsight is 20/20. While he was at the helm of Symantec, he said, the company wasn't in position to quickly develop and go to market with technologies that address mobility and cloud security. Under Salem, Symantec unveiled O3, a cloud identity and access control platform for the cloud and Web applications and services. Symantec added data loss prevention and encryption capabilities to the platform but has yet to see significant adoption, a task made even more difficult since startups have come to market with similar capabilities in a cloud gateway.

    At the time, Symantec couldn't justify adding new cloud analytics that would only generate $10 million a year, Salem said. The goal was to figure out how to generate between $350 million and $700 million of incremental business, Salem said. That is the big, ongoing issue for Symantec and other large-cap tech companies that aren’t nimble enough to tackle disruptive technologies.

    "I can emphasize with their problem. It's not that they are bad companies, they just have a scale problem and that creates opportunity," Salem said. "The companies ultimately know that there are things that they have to acquire."
    Salem served as Symantec’s COO from January 2008 to April 2009, when he was appointed to replace Symantec CEO John Thompson , who retired after 10 years at the helm of the company. Salem was responsible for the company’s day-to-day operations, global product development, sales and marketing while working under Thompson. His other roles at Symantec included senior vice president of the security products and solutions group, group president of the consumer business unit and group president of worldwide sales and marketing.

    Steve Bennett replaced Salem as president and CEO in July 2012, and Bennett is now overseeing a massive internal overhaul, which includes a streamlining of the product portfolio, layoffs of redundant positions and a revamped channel strategy. The company is continuing to integrate its portfolio to address cloud and mobility issues.

    For Salem, whose roots are at the endpoint, the shift to networking security and the cloud is a big change. There always will be a place for endpoint security, he said, but it will be limited as tablet and smartphone use combined with adoption of cloud-based services has shifted the focus. Networking security companies, however, understand the endpoint is still an important space, as evidenced by. FireEye acquiring Mandiant for $1 billion to add remediation and forensics across the network and on devices, Salem said.

    "There will be fine companies built around the endpoint because you still need to manage, protect and remediate the endpoint and the devices there, but look at the dollars spent and the growth there will be limited," Salem said.

    Salem was appointed to the board of directors of Netskope in October and said the cloud analytics company is in a growing market, as new technologies are giving enterprises increased visibility into cloud-based services. Netskope began with analytics to drill down into application usage, has built out data loss prevention and policy enforcement and will add other threat detection technologies. Netskope joins a crowded market for cloud security brokers, one that includes SkyHigh Networks, CipherCloud, and startups Adallom and Skyfence.

    Many of these vendors, including Netskope, are relying on the channel as a growth engine. Netskope recently added a channel manager, has partnered with FishNet Security and other regional solution providers, and is building out support for partners, Salem said.

    "Clearly, the channel is important and I would tell you that cloud-based companies that really embrace and understand the channel will have staying power," Salem said. FROM
    11:26 am
    STUX on you Bambino
    The hackers were able to sign their files using a legitimate digital certificate from an innocent third party. This digital certificate expired in June but a new driver appeared in July; it was also digitally signed using a digital certificate from another company. Both of these companies have offices in Taiwan. The hackers either stole private keys or were able to get their files signed. The attackers may have more compromised digital signatures.
    12:43 am
    No place like home
    Due to the rapid increase in breaches of natsec, comsec, infosec, compusec and privacy -- digital and analog -- along with the corresponding increase in governmental, commercial and professional services to warn, discover, log, report, counter, exploit and profit from security breaches, there should be greater attention to home-made protection which now gets short shrift from the security-alarm-ringing industry.

    Public ignorance about and trust in the security industry in all its permuations from natsec to privacy is exploited by the industry as much as by security attackers.

    Self-protection by individuals has a long history of resisting organized protection by authorities, officials, professionals, industry and "public interest" organizations who most often work together to delude the public and exploit its trust.

    A common practice of the security industry is to instigate attacks which require its response, like firefighters setting fires to assure fighters are needed, like spies fostering threats to justify the need for spies. Crises are used to concentrate power and control and to boost expenditures. Cyber crises are now top of the alarm list, argued comparable to terrorism.

    Cryptography leads the movement of excessive alarmism about comsec and privacy. Once an arcane gang of secrecy protection it is now a public organized scourge of accusations, threats, sirens and preenings -- a campaign of attacks and counterattacks coupled to governmental, commercial and institutional exploitation of public ignorance of the technology.

    A saluatory feature of cryptography, as well as the security industry, is ingrained paranoia about undiscovered and deliberate weaknesses in protection. The magic formula is to offer protection sufficient to allure but not so much that indifference prevails over seduction. "You get the protection you pay for" is the marketing motto. Then, when failure occurs, "there is no absolute protection, you misunderstood, your error caused it." Hire us, buy our improved and upgraded product. A distinguished example among many others is Bruce Schneier's Cryptogram monthly newletter:

    An odd fellows dispute has developed between national security and civil liberties, with both pretending opposition but acting in rewarding concert. Civil liberties officers have been appointed to spy agencies, such as the NSA, and security experts appointed to civil liberties organizations, such as the ACLU. The two types appear together on panels, in the news and on social media, usually congenially, cracking jokes about one another, or performing separately before adherents to vilify and rant against each other's industry, enjoying the security alarm limelight and in many cases, handsome fees and salaries. Ex-CIA and NSA director Michael Hayden and speakers-bureau gaggle of ex-officials often star, along with speakers-bureau of stars from the security-privacy loyal opposition of whistleblowers, ex-spies, comsec wizards and fee-for-info-freedom lawyers.

    Skepticism of security threats promulgated by the security-alarm complex is prudent, in the face of burgeoning cyber alarms ostensibly requiring application of vast resources by government, industry and organizations for public protection.

    Cryptome welcomes proposals for home-made security or pointers to them. Anonymous or attributed. cryptome[at]
    Tuesday, April 15th, 2014
    6:57 pm
    Day of the Winkers
    Bitcoin is making its way from shadowy digital exchanges to the mainstream US retail fund market and even retirement accounts – much to the dismay of financial advisers.
    SecondMarket, a New York-based trading platform that launched a Bitcoin fund for institutional and wealthy investors last year, intends to roll it out to less sophisticated investors in the fourth quarter.

    Its Bitcoin Investment trust, or BIT, will become tradable on OTC Markets’ OTCQX, an electronic exchange, pending approval from OTC Markets and the Financial Industry Regulatory Authority, the securities industry’s self-regulatory agency, says Barry Silbert, chief executive of SecondMarket.
    “Any investor in the US with a retail brokerage account will be able to buy shares,” he says.
    Structured similarly to the SPDR Gold Shares exchange traded fund, BIT tracks Bitcoin price movements, providing dollar-denominated exposure to the volatile digital currency without the need to buy it directly or store it.
    It is audited by Ernst & Young, and the Bitcoins in the portfolio are protected by a “state of the art” security system, Mr Silbert says. Assets were $45.9m as of April 1.
    The prospect of a widely available Bitcoin fund leaves some industry gatekeepers concerned.
    “I don’t even know what to say,” says Kim Forrest, vice-president and senior equity analyst at Fort Pitt Capital Group, a Pittsburgh-based registered investment adviser.
    “I get that people want to have some non-government affiliated store of value, but this really is not it,” Ms Forrest says. “This is something that is totally fabricated.”
    Though OTCQX-traded entities are subject to less rigorous listing requirements than those on the major exchanges, they must be sponsored by a third-party investment bank or attorney adviser. OTCQX-listed companies include Allianz, BNP Paribas and Volkswagen.
    SecondMarket developed BIT in large part to create a Bitcoin investment option for institutional investors whose charters barred investment in the other available Bitcoin venues. It is broadening access to the retail market, Mr Silbert says, because Bitcoin is now already widely available through venues such as the Coinbase exchange.
    “Anybody, regardless of financial net worth or sophistication, can go to a company like Coinbase and connect their bank account and buy Bitcoin, so this does not in any way open up this asset class to a broader group of investors who did not already have access to it just by buying Bitcoin directly,” he says. “Also the regulatory landscape has really been clarified and crystallised over the past 12 months.”
    A retail Bitcoin fund is simply inevitable, whether or not it belongs in mainstream investors’ portfolios, says John Rekenthaler, vice-president of research at Morningstar, the fund research firm.
    “There is an ETF [exchange traded fund] for everything under the sun,” Mr Rekenthaler says. “I don’t think there is a legitimate [investment] case, but I don’t think there is a legitimate case for many exotic ETFs.”
    Indeed, others are racing to bring Bitcoin funds to public markets.
    Cameron and Tyler Winklevoss, the brothers whose claims to founding Facebook were dramatised in the 2010 movie The Social Network, filed plans in July with the Securities and Exchange Commission, the US regulator, to launch an ETF tracking Bitcoin.
    Given the SEC’s record in reviewing ETF proposals, which can languish for years before being approved, BIT seems better positioned to launch publicly first, Mr Silbert says.
    The earliest launch would be late September, as that is when a 12-month lock-up period for existing BIT investors expires.
    Surprisingly, retirement savers have emerged as a large constituent in BIT, accounting for 16 per cent of its investors. Several custodians handling “self-directed” individual retirement accounts, including Pensco Trust, Entrust Group and Millennium Trust, allow accredited investors to allocate retirement savings to the fund.
    A far better means for shielding portfolios from central bank interventions would be commodities, Ms Forrest says.
    “If you are really serious about wanting to divorce yourself from fiat currency, then real goods is what you should be buying as a store of value,” she says.
    Morningstar’s Mr Rekenthaler agrees that he could imagine Bitcoin appealing to what he calls “the guns and gold crowd”.
    “This is a doomsday asset,” he says. “There is clearly a segment out there in the market that listens to talk radio and thinks the dollar is going down the toilet and the US is going down and so forth, and they would argue that Bitcoin is like owning guns and gold: it is prudent because you should not have all your assets in mainstream dollar-denominated investments or standard currencies, which may fall apart.”
    The argument for holding gold in retirement portfolios is no less dubious to Mr Rekenthaler.
    “Your standard investment economics would say it is not necessary, it does not belong in a long-term portfolio like a retirement portfolio,” he says.
    Bitcoin: a brief history
    Bitcoin traces its origins to a 2008 paper by the mysterious Satoshi Nakamoto. It proposed a form of electronic cash relying on peer-to-peer networks and cryptography, in place of central banks, to overcome the threat of “double spending” and fraudulence.
    The following year, the first open-source “Bitcoin client” processing software was released, along with the first batch of 50 Bitcoins. Payments escalated from awkward novelty transactions – a pizza delivery order executed with the help of a transatlantic credit card remittance – to contraband dealings and then more legitimate purchases, including WikiLeaks contributions and WordPress blogging services. Online exchanges trading Bitcoin for conventional currencies, including Mt Gox and Coinbase, accelerated acceptance.
    A year ago, market capitalisation surpassed $1bn, just as the US began grappling with the regulatory puzzle Bitcoin presented. The Treasury ruled that entities engaged in the exchange and issuance of virtual currencies constitute regulated money service businesses. In December, China’s central bank effectively banned Bitcoin by barring banks from using it in transactions, and the European Banking Authority began warning consumers of the currency’s risks.
    This year, Mt Gox filed for bankruptcy after revealing more than $450m in Bitcoins had disappeared from the exchange. But demand remains high. Market capitalisation is nearly $6bn, according to, a Bitcoin specialist.

    High-frequency trade is ‘growing cancer’
    Tremors warn of tech quake in banking
    Global banks in talks to set up joint checks on customers
[ << Previous 20 ]
My Website   About