How to best handle forgeries?
Guy Macon
Other than reporting them to the abuse address, are there any other
countermeasures appropriate for someone posting fake resumes to
Usenet so as to make me unhirable?
I am NOT looking for a way to attack the anonymous remailers
being used. I am a big supporter of anonymous remailing.
BTW, if any mail2news operator here wishes to filter posts with
"Guy Macon" in the subject line, please dfeel free to do so.
Guy Macon
<http://www.guymacon.com/>
Cyberiade.it Anonymous Remailer
> countermeasures appropriate for someone posting fake resumes to
> Usenet so as to make me unhirable?
I don't think anything posted on the internet is going to make anyone
unhirable. Who reads anything anyway and how do they find it?
If you want people to be able to verify something that was supposedly
written by you then create a PGP key and post your public key on your
webpage. Upload it to a keyserver and get some people you know to sign
your key and upload their sigs. Then start PGP signing everything you
put out and everything on your web site and then anyone who really wants
to know can check for authenticity.
Other than that there's not much anyone can do.
Zax
Hash: SHA512
On Sun, 22 Jul 2007 02:16:12 +0000, Guy Macon wrote in
Message-Id: <GYGdnRLofbR...@giganews.com>:
> Other than reporting them to the abuse address, are there any other
> countermeasures appropriate for someone posting fake resumes to
> Usenet so as to make me unhirable?
Unfortunately, Usenet is like email; wide open to identity fraud.
The best countermeasure is to PGP sign your messages, (like this one).
Whilst it doesn't stop your attacker from forging your identity, it's
impossible for him to forge your signature.
> BTW, if any mail2news operator here wishes to filter posts with
> "Guy Macon" in the subject line, please dfeel free to do so.
I've done this for mail...@m2n.mixmin.net and
mail...@bananasplit.info. The problem is that your attacker is likely
to find a way around such a filter without too much effort.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGpL+SlKZ6CY7Vd0MRCoLxAJ9fqosB8Pw3lBNI1aNGChCevt/crgCeOfYX
jDRmYuVtvlvT0W1Og2aV+jI=
=uSsl
-----END PGP SIGNATURE-----
--
pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
uid Admin <admin.bananasplit.info>
Guy Macon
Zax wrote:
>Guy Macon <http://www.guymacon.com/> wrote:
>
>> Other than reporting them to the abuse address, are there any other
>> countermeasures appropriate for someone posting fake resumes to
>> Usenet so as to make me unhirable?
>
>Unfortunately, Usenet is like email; wide open to identity fraud.
>The best countermeasure is to PGP sign your messages, (like this one).
>Whilst it doesn't stop your attacker from forging your identity, it's
>impossible for him to forge your signature.
Good idea. I will do that. I have been meaning to switch from
WinVN to Thunderbird, and this is good motivation.
>> BTW, if any mail2news operator here wishes to filter posts with
>> "Guy Macon" in the subject line, please dfeel free to do so.
>
>I've done this for mail...@m2n.mixmin.net and
>mail...@bananasplit.info. The problem is that your attacker is likely
>to find a way around such a filter without too much effort.
Thanks! The impersonator is the rm troll in alt.os.linux.slackware
--the one who compains every time anyone posts a PGP signed message
(over 3000 identical complainsts so far!). See:
http://www.google.com/search?q=%22pgp+trash+troll+delete%22
For some reason he announced that he was going to make it so that
anyone who searches on my name will see posts designed to make
them not hire me. Things like "I fired Guy Macon" with a bogus
strory about me setting fires" or "Guy Macon's Resume" with a
faked version containing various insults. Stopping him from
putting the string "Guy Macon" in the subject line will foil this
plot. It will also puzzle him -- he typically tests the remailer
and mail2news combination in alt.test without that string, then
posts the attack.
I know that such an attempt won't change the mind of anyone
worth working for. Still, it's personally annoying and it's
annoying that he uses anonymous remailers, which I have strongly
supported since the days of anon.penet.fi
rea...@justlinux.ca
>Zax wrote:
>>I've done this for mail...@m2n.mixmin.net and
>>mail...@bananasplit.info. The problem is that your attacker is
>>likely to find a way around such a filter without too much effort.
Knock yourself out. BUt I have no idea what you are talking about.
>Thanks! The impersonator is the rm troll in alt.os.linux.slackware
>--the one who compains every time anyone posts a PGP signed message
>(over 3000 identical complainsts so far!). See:
>http://www.google.com/search?q=%22pgp+trash+troll+delete%22
In case you haven't figured it out, I am the so-called "rm troll."
Mr. Macon, as usual, is playing the tired old victim, seeking
sympathy for how roughly the world treats him.
I _sometimes_ ask that those who use pgp, put their pgp in their
headers, as is now done in almost all newsgroups. The so-called
"3000 identical complainsts" (sic) that Mr. Macon cites actually
amount to about 7 pages of 10 "complaints" each, over a period of 4
or 5 years. Check it yourself. And the entire substance of my
"complaint" has been to erase the pgp text in followups and
substitute in its place the words, "pgp trash troll delete." That's
it. That is why Mr. Macon is calling me the "rm troll."
But the real issue is this; Mr. Macon has been going around
distributing a resume describing himself as an "Electrical
Engineer." Mr. Macon holds no degree of any sort, not even a
technical diploma. Mr. Macon holds no license of any sort. He has
never written the exam that the State of California demands that one
passes before one may call himself a professional engineer.
I have 3 degrees, including an undergrad degree in Computer Science,
and I find it absolutely appalling that somebody who has not "paid
his dues" would promote himself as an Engineer. It has been
suggested to me that I could call myself a "Software Engineer" but I
won't do this because there is no official designation as such, and
I refuse to ride piggy-back on _real_ engineers who have done the
necessary work to pass the most difficult of all undergraduate
degrees.
Because of the work that I, and others, have done exposing Mr.
Macon, he has changed the wording of his resume such that he no
longer ostentatiously calls himself an "Electrical Engineer." And
since he has made this change, I have no reason to bother him about
it anymore. And yet he still comes whining in here with his tired
old victim fantasy, after he was unable to garner any sympathy in
aols. This man is Walter Mitty, incarnate.
If any of you really care, check out alt.os.linux.slackware, you
will see many, many postings over the last few weeks in which the
name "Guy Macon" appears in the Subject: line. It is Mr. Macon
_himself_ who is responsible for making his name part of the subject
line, not me. Check the first post of each thread. His asking anon
admins to filter out "Guy Macon" from the subject is laughable
because it is Guy Macon himself who is putting his name out there.
I guess he thinks that he is somehow promoting himself by seeking
sympathy making a big fuss about a small matter.
Now, there is no question that, like others, I have campaigned
against pgp inclusion in message bodies, and for that reason I have
gained some enemies in the alt.os.linux.slackware forum. Some of
them might chime in here, on Mr. Macon's behalf. But those of you who feel
sympathy towards Mr. Macon are invited to check out the threads in
aols for yourself.
Finally, I find the notion that somebody without certification and
without an education, who nonetheless holds himself out as an
"Electrical Engineer", is blaming _me_ for the fact that he is
unemployed.
cordially, as always,
rm
Nomen Nescio
The horse has long since bolted. One of hundreds
http://www.unixadmintalk.com/f70/att-employers-guy-macon-495491/
rea...@justlinux.ca
>Unfortunately, Usenet is like email; wide open to identity fraud.
>The best countermeasure is to PGP sign your messages, (like this one).
>Whilst it doesn't stop your attacker from forging your identity, it's
>impossible for him to forge your signature.
And this does not mean a thing. Using a pgp signature in usenet
does not in any way, shape, or form, protect one from so-called
"identity forgery."
Pgp is simply an affectation, that has some use in the world of
email, but is absolutely worthless on usenet. I find the notion
that somebody who uses pgp to "protect" his the identity of "Zax" to
be totally laughable. It amounts to the same thing as me signing my
name to a contract as "Spiderman", with a huge flourish, and then
claiming that my spiderman signature is "authentic" because nobody
else signs it the same way that I do.
But little boys must have their games. Why don't you move the pgp
garbage out of the message bodies and the signature, and into the
headers where it is far less offensive?
cordially, as always,
rm
Zax
Hash: SHA512
On Tue, 24 Jul 2007 00:27:48 GMT, rea...@justlinux.ca wrote in
Message-Id: <8Ibpi.105625$Jc7....@fe03.news.easynews.com>:
> And this does not mean a thing. Using a pgp signature in usenet
> does not in any way, shape, or form, protect one from so-called
> "identity forgery."
I'd have to disagree. This group has a long history of identity
forgeries and PGP signing makes it a pointless exercise. The signature
doesn't have to be associated with a real name in order to provide
continuity; the signature *is* the identity.
> Pgp is simply an affectation, that has some use in the world of
> email, but is absolutely worthless on usenet. I find the notion
> that somebody who uses pgp to "protect" his the identity of "Zax" to
> be totally laughable. It amounts to the same thing as me signing my
> name to a contract as "Spiderman", with a huge flourish, and then
> claiming that my spiderman signature is "authentic" because nobody
> else signs it the same way that I do.
I'm not trying to protect an identity of Zax, it's just a nickname. The
name on the key is arbitrary, the ability to produce a verifiable
signature is the identity.
> But little boys must have their games. Why don't you move the pgp
> garbage out of the message bodies and the signature, and into the
> headers where it is far less offensive?
You find a few lines of PGP signature offensive and accuse me of being
the little boy playing games?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGpaaJlKZ6CY7Vd0MRCiiQAKDZfcTEvx4LnBSf1Y8OAXEp9RJedgCg2t2x
/4rzCAu7WHVdyZLLgEsf3sU=
=nKt2
Non scrivetemi
> Zax <ad...@bananasplit.info> trolled:
>
>>Unfortunately, Usenet is like email; wide open to identity fraud. The
>>best countermeasure is to PGP sign your messages, (like this one).
>>Whilst it doesn't stop your attacker from forging your identity, it's
>>impossible for him to forge your signature.
>
> And this does not mean a thing. Using a pgp signature in usenet does
> not in any way, shape, or form, protect one from so-called "identity
> forgery."
Wrong. Developing a pattern of signing posts allows you to repudiate
unsigned posts. Ironically enough this *is* one of the things digital
signatures are useful for, in amusing contrast to what many people
believe about them proving authorship, which they don't.
> Pgp is simply an affectation, that has some use in the world of email,
> but is absolutely worthless on usenet. I find the notion that somebody
> who uses pgp to "protect" his the identity of "Zax" to be totally
> laughable.
That's because you have zero understanding of what digital signature are,
and are not. Your comprehension is somewhere around 180 degrees from
reality in fact, judging by what you typed already. Don't worry, you're
not a lone. Your misconceptions are fairly common.
> It amounts to the same thing as me signing my name to a
> contract as "Spiderman", with a huge flourish, and then claiming that my
> spiderman signature is "authentic" because nobody else signs it the same
> way that I do.
Utter nonsense. The two things are nothing alike, and your analogy is
broken as a concept. Amusingly enough though, it does give clues about
why digital signatures are useful for disclaiming forgeries when used
properly. The real "Spiderman", having signed numerous documents in his
life, could easily prove your flourishes to be forgeries by producing a
verifiable history of examples that looked nothing like your cheap
imitations. :-)
> But little boys must have their games. Why don't you move the pgp
> garbage out of the message bodies and the signature, and into the
> headers where it is far less offensive?
You're "offended" by digital signatures??
I hesitate to even try and imagine the sort of life one must have to be
moved to *any* sort of emotional response to some number of lines of
incomprehensible ASCII characters, let alone offense.
Maybe you need a break or something? A long vacation away from your
keyboard?
And, ummmm.... speaking of "trolls" your pointy head is showing. Except
you're rendered so transparent by your glaring lack of knowledge you've
actually managed to out your real agenda here. That would be lobbing
grenades at something that would make your forgery attempts suddenly
useless to you. The very last thing you want is for your victim to have
some easy means to prove he didn't write what you so desperately want
people to believe he did.
Guy Macon
Zax wrote:
>
>rea...@justlinux.ca wrote:
>
>> And this does not mean a thing. Using a pgp signature in usenet
>> does not in any way, shape, or form, protect one from so-called
>> "identity forgery."
I have purposely whitelisted "rea...@justlinux.ca" non-crossposts
in alt.privacy.anon-server and, as an experiment, will treat you
as an adult who is capable of a reasonable discussion. If you
really wish to have a discussion, here is your chance. I am about
to start PGP signing all of my posts. If you have a logical and
rational reason why I shouldn't, I will be glad to discuss the
merits of your argument and I promise that I won't just dismiss
them because of who you are and how you have behaved in the past.
I will also offer you a kind of bribe; stop harassing me and my
reason for PGP signing will go away.
>I'd have to disagree. This group has a long history of identity
>forgeries and PGP signing makes it a pointless exercise. The signature
>doesn't have to be associated with a real name in order to provide
>continuity; the signature *is* the identity.
One can also associate a PGP key with a real name, put it on a
personal website, confirm it by telephone using the number in
the phonebook, attend PGP web-of-trust keysigning parties, and
in geberal make it very unlikely that the key and your name does
not match.
Or, in the case of a pseudonym like "Zax", the PGP key allows
me to know that the "Zax" who's post I am reading is the same
"Zax" that I have been reading on a regular basis and not some
enemy of "Zax" pretending to be him or her.
>> Pgp is simply an affectation, that has some use in the world of
>> email, but is absolutely worthless on usenet. I find the notion
>> that somebody who uses pgp to "protect" his the identity of "Zax" to
>> be totally laughable. It amounts to the same thing as me signing my
>> name to a contract as "Spiderman", with a huge flourish, and then
>> claiming that my spiderman signature is "authentic" because nobody
>> else signs it the same way that I do.
>
>I'm not trying to protect an identity of Zax, it's just a nickname. The
>name on the key is arbitrary, the ability to produce a verifiable
>signature is the identity.
I would be most interested in a logical counterargument to the above.
It makes sense to me.
>> But little boys must have their games. Why don't you move the pgp
>> garbage out of the message bodies and the signature, and into the
>> headers where it is far less offensive?
I must admit that I have not researched the question of whether to
put the PGP signing in the message body or the headers or even if
putting it in the headers is possible. I would welcome any URLs or
advice from alt.privacy.anon-server regulars concerning this. I
do agree that, all other things being equal, PGP signing in the
body isn't as clean looking as a non-signed post, so I am biased
in favor of a header-only solution if one is workable.
--
Guy Macon
<http://www.guymacon.com/>
Noone
> In case you haven't figured it out, I am the so-called "rm
troll."
> Mr. Macon, as usual, is playing the tired old victim, seeking
> sympathy for how roughly the world treats him.
>
I think a blind man could figure it out. Just add the complete
lack of a clue with the immature behavior of a spoiled adolescent
and it's very obvious you are the troll. Childish morons like you
who abuse the remailers so you can forge and attack others are the
lowest scum on usenet. Of course you hate pgp, it's a way to prove
that the forgery was written by you and not the real owner of the
identity. Babies throw temper tantrums at things that stand in
their way.
Personally I don't think Guy has anything to worry about with you,
I don't know either party in this and a quick glance shows me that
it's some lowlife with a vendetta. Anyone with a brain can see
that. No wonder you do it anon, completely and totally gutless to
do it under your real name because you know you are viewed this way
and don't want it to ruin your reputation.
It;s people like you that I would never hire and you know this
which is why you hide.
Thomas J. Boschloo
Guy Macon schreef:
[snip]
> One can also associate a PGP key with a real name, put it on a
> personal website, confirm it by telephone using the number in
> the phonebook, attend PGP web-of-trust keysigning parties, and
> in geberal make it very unlikely that the key and your name does
> not match.
Hmm, put your phone number on a webpage. Now /that/ is a great idea! And
it makes you feel so reassured you are talking to the REAL Guy Macon.. I
mean, who else would put his phone number on a webpage! It provides
grounds for anything you will claim.
Think about it,
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQB5AwUBRqXQZQEP2l8iXKAJAQHkzwMfYfkxvKeOVr8kuNgs8Znw75rlpHPHKG4A
3CG+bDEM14DpAvsRg9me7gLSYNbRvnF9M2Ry+l6/zPkG9y0rJg0NtZO4753wUERs
Y7qcS7lbIzo7WvjVZ/a7bHslEoRc1LOWTXMjJA==
=OcIm
-----END PGP SIGNATURE-----
Thomas J. Boschloo
rea...@justlinux.ca schreef:
[snip]
> Finally, I find the notion that somebody without certification and
> without an education, who nonetheless holds himself out as an
> "Electrical Engineer", is blaming _me_ for the fact that he is
> unemployed.
It is a *good* thing you did something about this fraudulent poising of
Guy Macon. If he weren't for you he would now have a JOB as an EE and
his boss would never find out that his CV was made up on usenet!
It is a good thing there are people on like you. You can ~really~ help
job offerers get properly educated employees instead of something they
might dig up from usenet!
Merits to you! Congratulations! Cheers!
Thomas
- --
I am the M-1
I kill for fun
I kill
for Thrill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQB5AwUBRqXRBAEP2l8iXKAJAQHVJwMdErSAGs9JEgMVBCEd9TfmaNDNwUV4xFB6
Il2VDwZkV0e/gAjoBF2zLPID5fU/Oe45E+IeUJNFxUV+5hobr/Zy2k04EcMb6Wkn
bWavwEl56ONjeYf+bUF8rGXeegqigndAYg31KA==
=tL2h
-----END PGP SIGNATURE-----
George Orwell
> Guy Macon schreef:
> [snip]
>> One can also associate a PGP key with a real name, put it on a personal
>> website, confirm it by telephone using the number in the phonebook,
>> attend PGP web-of-trust keysigning parties, and in geberal make it very
>> unlikely that the key and your name does not match.
>
> Hmm, put your phone number on a webpage. Now /that/ is a great idea! And
It's "web page". Two words.
Oh yeah, and just out of morbid curiosity shitforbrains, when did you
start believing the phone book and a web page were the same thing?
> it makes you feel so reassured you are talking to the REAL Guy Macon.. I
> mean, who else would put his phone number on a webpage! It provides
> grounds for anything you will claim.
>
> Think about it,
So hilariously ironic it defies reality. <guffaw>
Thomas J. Boschloo
Nomen Nescio schreef:
>> Or, in the case of a pseudonym like "Zax", the PGP key allows
>> me to know that the "Zax" who's post I am reading is the same
>> "Zax" that I have been reading on a regular basis and not some
>> enemy of "Zax" pretending to be him or her.
>
> Zax doesn't have any enemies. He's such a
> bundle of niceness that it is simply
> impossible to hate him.
You must be talking about another Zax then ;-)
Thomas
- --
I am the M-1
I kill for fun
I kill
for Thrill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQB5AwUBRqXuTAEP2l8iXKAJAQHIBgMbBHoLS0cSBZgwZqzgH/kqHKNUE/Xqsx5L
RoXjS4PWJoKOdsKx0P79Ds7cA/0NHZbzUD2CxGytBrSED+7xCp83OVufZ0LyG7o9
/wVa2eXIX0m+NcENUlGOQWKuKIBBqENwv52fjQ==
=1Xjm
-----END PGP SIGNATURE-----
Zax
Hash: SHA512
On Tue, 24 Jul 2007 13:20:04 +0200 (CEST), Nomen Nescio wrote in
Message-Id: <335fd505e2490a24...@dizum.com>:
> Zax doesn't have any enemies. He's such a
> bundle of niceness that it is simply
> impossible to hate him.
I get hate mail! :-)
<rant>
Offering free services rarely earns one appreciation, just condemnation.
The modern Usenet user takes everything personally, even a PGP
signature. They want accounts terminated and threaten to call the
police or the FBI just because somebody says something nasty about them
in a posting.
Killfiles are no solution to this kind of user, they want vengeance and
the abuse address is the place they turn to get it. The really obsessed
ones learn how to use whois on an IP Address so they can obtain yet more
abuse addresses to copy in. I received one complaint about my mail2news
this month that was copied to eleven abuse addresses. The thirst for
retribution seems to have no bounds.
A sense of restraint should be a prerequisite to using Usenet. Perhaps
one day biometric authentication will provide a means to ensure it's
fulfilled prior to granting access. :)
</rant>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGpfBxlKZ6CY7Vd0MRCqlJAKCLDCjFydVEyLTNPi6n4h/ytaZ23QCg/cwK
4+dKLXffaOrfczwgyfd3Uc4=
=R1Qf
Guy Macon
Borked Pseudo Mailed wrote:
>Guy Macon <http://www.guymacon.com/> wrote:
>
>> I must admit that I have not researched the question of whether to
>> put the PGP signing in the message body or the headers or even if
>> putting it in the headers is possible. I would welcome any URLs or
>> advice from alt.privacy.anon-server regulars concerning this. I
>> do agree that, all other things being equal, PGP signing in the
>> body isn't as clean looking as a non-signed post, so I am biased
>> in favor of a header-only solution if one is workable.
>
>Header only solution would be useless for what you're attempting to
>accomplish. Other than Google, most usenet archives on the web don't
>even show the full headers so your PGP stuff would vanish. Put it in
>the body and its there with every post you make which is what you want.
Ah. That makes sense. When everyone who is knowledgable does
something the same way, I usually figure that there is a reason
why. Thanks!
George Orwell
> Guy Macon wrote:
>
>> I must admit that I have not researched the question of whether to put
>> the PGP signing in the message body or the headers or even if putting
>> it in the headers is possible. I would welcome any URLs or advice from
>> alt.privacy.anon-server regulars concerning this. I do agree that, all
>> other things being equal, PGP signing in the body isn't as clean
>> looking as a non-signed post, so I am biased in favor of a header-only
>> solution if one is workable.
>
> Header only solution would be useless for what you're attempting to
> accomplish. Other than Google, most usenet archives on the web don't
> even show the full headers so your PGP stuff would vanish. Put it in the
> body and its there with every post you make which is what you want.
Spoken like someone who hasn't noticed the "show original" link. ;)
Not that I think PGP stuff belongs in headers. The choices are inline or
MIME, with inline being preferable for something like Usenet where MIME
attachments might be stripped here and there.
rea...@justlinux.ca
>-----BEGIN PGP SIGNED MESSAGE-----
>rea...@justlinux.ca schreef:
>[snip]
>> Finally, I find the notion
The word "hilarious" should have been inserted right here.
>> that somebody without certification and without an education, who
>> nonetheless holds himself out as an "Electrical Engineer", is
>> blaming _me_ for the fact that he is unemployed.
>It is a *good* thing you did something about this fraudulent
>poising of Guy Macon. If he weren't for you he would now have a JOB
>as an EE and his boss would never find out that his CV was made up
>on usenet!
Hardly. But now that he has been exposed it is even more likely
that his boss is open to a negligence, or even a criminal negligence
situation, should a product that Mr. Macon signed off on, should
suffer catastrophic failure.
The reason we have standards and certifications is to protect the
public. But some people think that being a small, anonymous,
sarcastic flamer on usenet, is more important than protecting the
public.
>It is a good thing there are people on like you. You can ~really~
>help job offerers get properly educated employees instead of
>something they might dig up from usenet!
Thanks. It certainly is in the public's best interest that little
pieces of trash like you should remain unemployed. Your costs to
society in terms of welfare and incarceration pale in comparison to
the damage you would do if somebody was stupid enough to treat you
with a responsible job.
cordially, as always,
rm
rea...@justlinux.ca
>rea...@justlinux.ca wrote:
>> In case you haven't figured it out, I am the so-called "rm
>> troll." Mr. Macon, as usual, is playing the tired old victim,
>> seeking sympathy for how roughly the world treats him.
>I think a blind man could figure it out. Just add the complete
>lack of a clue with the immature behavior of a spoiled adolescent
>and it's very obvious you are the troll.
Yawn.
>Childish morons like you who abuse the remailers so you can forge
>and attack others are the lowest scum on usenet.
?
>Of course you hate pgp, it's a way to prove that the forgery was
>written by you and not the real owner of the identity.
Har. And you speak of "lack of clue?", which gives away your age as
about 30, with a mental element of about 12.
No wonder you don't understand that pgp trash does not prove that a
posting lacking pgp trash is not authentic.
"Lack of clue?" Do you have any more childish cliches?
>Babies throw temper tantrums at things that stand in their way.
It seems that first Mr. Macon threw the temper tantrum. And now
it's you. Anonymously, of course.
You call people "trolls" so that your tiny mind can find some
justification for flaming these people.
You're pathetic.
cordially, as always,
rm
Anonymous Sender
> Zax wrote:
>>I'd have to disagree. This group has a long history of identity
>>forgeries and PGP signing makes it a pointless exercise. The signature
>>doesn't have to be associated with a real name in order to provide
>>continuity; the signature *is* the identity.
>
> One can also associate a PGP key with a real name, put it on a personal
> website, confirm it by telephone using the number in the phonebook,
> attend PGP web-of-trust keysigning parties, and in geberal make it very
> unlikely that the key and your name does not match.
Actually, the key you just verified could have been compromised even
before you went through all that trouble, without the owners knowledge,
and the more trust you place in that key the more valuable it is to an
attacker. It's difficult to the point of being realistically impossible
in most everyday cases to know with any sort of reliability at all that
a key holder's security is hardened enough to justify any real trust in
their signature for that purpose.
OTOH, if someone posts a forged message without a signature and you ask
them to sign it but they can't, then it's an almost certain bet that
the message didn't come from the key's owner. Someone in possession of
a stolen key would surely produce a signature, as would the key's owner.
Only someone without the key couldn't.
Combined with the key owner's established pattern of signing messages
this creates a fairly secure way of proving that some posts are
forgeries. It also gives the key owner a fair way to convince people he
didn't make posts that he actually did, but that sort of abuse is an
inverse. Another matter all together.
> Or, in the case of a pseudonym like "Zax", the PGP key allows me to know
> that the "Zax" who's post I am reading is the same "Zax" that I have
> been reading on a regular basis and not some enemy of "Zax" pretending
> to be him or her.
Not really. Especially not so with a pseudonym, but even with the
identity of the owner known you can't know for sure that he hasn't shared
that key with any number of other people, willingly or otherwise.
>>I'm not trying to protect an identity of Zax, it's just a nickname. The
>>name on the key is arbitrary, the ability to produce a verifiable
>>signature is the identity.
>
> I would be most interested in a logical counterargument to the above. It
> makes sense to me.
The "counterargument" is that PGP signatures were never really meant to
prove authorship in the first place. They're a message integrity tool,
and the whole "trust model" should be considered an afterthought. There
are in deed proof of authorship protocols out there, but none of them
rely on a widely broadcast public key used to directly verify a series of
unchallenged pages of text. In general, proof of authorship is determined
by implementing multiple rounds of challenges and responses, with the
session keys used to encrypt the actual communications being discarded
when the session is over so they can't be reused. PGP almost meets the
latter, but does none of the former.
>>> But little boys must have their games. Why don't you move the pgp
>>> garbage out of the message bodies and the signature, and into the
>>> headers where it is far less offensive?
>
> I must admit that I have not researched the question of whether to put
> the PGP signing in the message body or the headers or even if putting it
You don't put signatures in headers. The two methods are inline, and MIME
attachments. Nothing I'm aware of is made to handle verification of
signatures any other way, nor are any tools I'm aware of designed to
insert a special header containing a signature. It really makes no sense,
given the fact that you need some sort of demarcation to identify the
portion of the message being verified. That means the "PGP cut marks", or
MIME boundaries
> in the headers is possible. I would welcome any URLs or advice from
> alt.privacy.anon-server regulars concerning this. I do agree that, all
> other things being equal, PGP signing in the body isn't as clean looking
> as a non-signed post, so I am biased in favor of a header-only solution
> if one is workable.
It's not. And unfortunately MIME attachments have a nasty habit of going
missing as messages move around non-binary Usenet news groups. The inline
option is the only truly usable alternative for this sort of venue. If
people don't like it, they either have some agenda that you signature is
butting heads with, or they're just plain old whiners. ;)
Guy Macon
Thomas J. Boschloo wrote:
>Guy Macon schreef:
>
>> One can also associate a PGP key with a real name, put it on a
>> personal website, confirm it by telephone using the number in
>> the phonebook, attend PGP web-of-trust keysigning parties, and
>> in geberal make it very unlikely that the key and your name does
>> not match.
>
>Hmm, put your phone number on a webpage. Now /that/ is a great idea! And
>it makes you feel so reassured you are talking to the REAL Guy Macon.. I
>mean, who else would put his phone number on a webpage! It provides
>grounds for anything you will claim.
>
>Think about it,
OK... I am thinking about it... Nope. I don't get it.
I am not trying to be a smart-ass; I really don't
understand your reasoning. Could you explain it, please?
I was quite specific in suggesting the telephone book
(*not* the number on the webpage) as additional evidence
of identity. One could also send snailmail to my address
and see if I reply, or ask any of my former employers
whether the fellow who worked there ever said that he
owns guymacon.com.
Let's say that I start signing my posts with PGP, publish
something on my webpage that is signed with PGP, offer to
send a PGP-signed email to anyone who emails me at my
spamcop email address (quoting the email sent to me, of
course) and am willing to confirm my webpage URL and email
address to anyone who calls me using the number of the
phone book or sends me a letter in the mail, a reasonable
person would believe that the same individual lives at that
address, answers that phone, and owns that domain. Someone
who *really* wants to be sure (someone investigating me for
a government security clearance, for example) can talk to
my neighbors (some of whome have known me for over 20 years)
talk to people who I have worked with, etc.
--------------------------------------------------------------
George Orwell wrote:
>when did you start believing the phone book and a web page
>were the same thing?
Ah. The classic "when did you stop beating your wife?"
question. Where, exactly, do you think that I implied
that a phone book and a web page are the same thing?
rea...@justlinux.ca
>>rea...@justlinux.ca wrote:
>>> And this does not mean a thing. Using a pgp signature in usenet
>>> does not in any way, shape, or form, protect one from so-called
>>> "identity forgery."
>I have purposely whitelisted "rea...@justlinux.ca" non-crossposts
>in alt.privacy.anon-server and, as an experiment, will treat you
>as an adult who is capable of a reasonable discussion. If you
>really wish to have a discussion, here is your chance. I am about
>to start PGP signing all of my posts. If you have a logical and
>rational reason why I shouldn't, I will be glad to discuss the
>merits of your argument and I promise that I won't just dismiss
>them because of who you are and how you have behaved in the past.
Put the pgp in your headers, moron. That's what we tell _all_ pgp
trash trollers. No more and no less.
Pgp proves only one thing, and that is that somebody using pgp who
calls himself "Guy Macon", who may really be named "George W.
Bush", was the same utimately anonymous entity who signed a previous
post, using the same key. It does not prove that you are the real
"Guy Macon." It does not prove that somebody else is not the real
Guy Macon.
pgp in usenet is just a toy, used by people like you who have
nothing important enough to say about anything that needs any sort
of protection. People who have legitimate concerns about their
identities, and have something to say that is of legitimate use to
others, do not use their real names on usenet. Your use of pgp is
simply an extension of your paranoid persecution complex.
>I will also offer you a kind of bribe; stop harassing me and my
>reason for PGP signing will go away.
Nobody is harassing you, you dumb fuck. _You_ came over to this ng
and started calling _us_ names, ignoring the fact that 99% of the
people reading and writing to this newsgroup do so anonymously. Why
do they post anonymously?
>>I'd have to disagree. This group has a long history of identity
>>forgeries and PGP signing makes it a pointless exercise. The
>>signature doesn't have to be associated with a real name in order
>>to provide continuity; the signature *is* the identity.
And what use is such a phoney "identity?" The value of a post is
found in the quality of that post's content, and not because of some
signature, pgp'ed or otherwise.
If "Zax" has something important to say, it is worth reading because
it is important in and of itself, and not because some anonymous
person who calls himself "Zax" wrote it.
>One can also associate a PGP key with a real name, put it on a
>personal website, confirm it by telephone using the number in
>the phonebook, attend PGP web-of-trust keysigning parties, and
>in geberal make it very unlikely that the key and your name does
>not match.
Yep. And you can sit around at your parties, complaining about the
persecution by so-called "trolls", and pretend that you have somehow
legitimized your boring, worthless, little life.
The reason you were exposed is not because you are "Guy Macon." The
reason you were exposed is because you hold yourself out to
potential employers as an Electrical Engineer, when you lack any and
all legitimate training and acccreditation. Wrapping pgp trash
around your postings isn't going to change this in anyway. The only
thing it will accomplish is to prove that some idiot calling himself
"Guy Macon" used the same key in one post that some other idiot,
calling himself "Guy Macon", used in another post.
>Or, in the case of a pseudonym like "Zax", the PGP key allows
>me to know that the "Zax" who's post I am reading is the same
>"Zax" that I have been reading on a regular basis and not some
>enemy of "Zax" pretending to be him or her.
No. It will only prove that some anonymous idiot calling himself
"Zax" is using the same key in one post that some other anonymous
idiot calling himself "Zax" is using in another post. There is no
legitimate reason for a person using an internet pseudonym on usenet
to use pgp trash.
Hold yourself out to employers as a legitimate professional engineer
and we will continue to keep the facts at the fore.
Aside from that, leave your paranoid, persecution fantasies in this
ng, which is obviously full of conspiracy nuts like you.
Bugger off.
cordially, as always,
rm
rea...@justlinux.ca
>realto wrote:
>> And this does not mean a thing. Using a pgp signature in usenet does
>> not in any way, shape, or form, protect one from so-called "identity
>> forgery."
>Wrong. Developing a pattern of signing posts allows you to repudiate
>unsigned posts.
It allows you to _vainly_ repudiate unsigned posts. It allows you
to allege, but not _prove_, that an unsigned post is not yours. And
if you have got time to run around attempting to "repudiate" all the
posts with your name on them that you wish to disown, well then, we
submit that you have nothing worthwhile to do with your life, and
thus, nothing worthwhile to say, anyway. So what's the point?
>Ironically enough this *is* one of the things digital signatures
>are useful for, in amusing contrast to what many people believe
>about them proving authorship, which they don't.
The only thing pgp proves is that a key used in one posting is the
same as a key used in another posting. That's it. Pgp doesn't
"prove" anything else.
>> Pgp is simply an affectation, that has some use in the world of email,
>> but is absolutely worthless on usenet. I find the notion that somebody
>> who uses pgp to "protect" his the identity of "Zax" to be totally
>> laughable.
>That's because you have zero understanding of what digital
>signature are, and are not. Your comprehension is somewhere around
>180 degrees from reality in fact, judging by what you typed
>already. Don't worry, you're not a lone. Your misconceptions are
>fairly common.
Another logic master. Where do you guys come from? Is there some
factory somewhere producing broken, recallable, single register
CPUs?
>> It amounts to the same thing as me signing my name to a contract
>> as "Spiderman", with a huge flourish, and then claiming that my
>> spiderman signature is "authentic" because nobody else signs it
>> the same way that I do.
>Utter nonsense. The two things are nothing alike, and your analogy
>is broken as a concept.
Sure. But you can't demonstrate that, can you? So why not pretend
that such a demonstration is beneath you? That would fit your
pattern of calling people names because they don't agree with you,
instead of actually demonstrating the falsity of their claims.
>Amusingly enough though, it does give clues about why digital
"Amusingly enough?" Are you trying to be literary here?
>signatures are useful for disclaiming forgeries when used properly.
>The real "Spiderman", having signed numerous documents in his life,
>could easily prove your flourishes to be forgeries by producing a
>verifiable history of examples that looked nothing like your cheap
>imitations. :-)
But you seemed to have missed the point. Who is the "real"
Spiderman? Perhaps our name really is "Guy Macon" and the clown
trying to protect the identity of "Guy Macon" is really Spiderman?
Go back to sleep.
cordially, as always,
rm
Zax
Hash: SHA512
On Tue, 24 Jul 2007 14:26:16 GMT, rea...@justlinux.ca wrote in
Message-Id: <b_npi.25484$eD4....@fe10.news.easynews.com>:
> Put the pgp in your headers, moron. That's what we tell _all_ pgp
> trash trollers. No more and no less.
It's a fine idea but it has no standard implementation. PGP signatures
are either in-line or MIME.
> Pgp proves only one thing, and that is that somebody using pgp who
> calls himself "Guy Macon", who may really be named "George W.
> Bush", was the same utimately anonymous entity who signed a previous
> post, using the same key. It does not prove that you are the real
> "Guy Macon." It does not prove that somebody else is not the real
> Guy Macon.
As with any identity, there comes a point where some degree of trust has
to be implied. The passport I hold says I'm Steve Crook and the picture
looks like me. Pretty good evidence, but then so is my PGP key with a
number of signatures against it made by a lot of people who believe I am
who I claim to be. The PGP key has the added security of a passphrase.
> And what use is such a phoney "identity?" The value of a post is
> found in the quality of that post's content, and not because of some
> signature, pgp'ed or otherwise.
A post stating that my anonymous remailer had been compromised would be
of considerable value to this group if it had a verifiable signature.
Without the signature, the same content would have no value at all.
This is an example where the quality of the content is entirely
determined by the authenticity of the author.
>>Or, in the case of a pseudonym like "Zax", the PGP key allows
>>me to know that the "Zax" who's post I am reading is the same
>>"Zax" that I have been reading on a regular basis and not some
>>enemy of "Zax" pretending to be him or her.
>
> No. It will only prove that some anonymous idiot calling himself
> "Zax" is using the same key in one post that some other anonymous
> idiot calling himself "Zax" is using in another post. There is no
> legitimate reason for a person using an internet pseudonym on usenet
> to use pgp trash.
I don't see your point. Regardless of the nickname, the address on my
postings is valid. Send it an email and you'll get a reply from me,
signed with the same key as the posting. I fail to see how this in any
way makes me an anonymous idiot.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGphTUlKZ6CY7Vd0MRCg0qAKDuqWY+2ua0TT1SAPFiOi0knFua5gCgqk5b
m3Fk6otlx0dotgruuR27j4c=
=QFO1
rea...@justlinux.ca
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA512
>On Tue, 24 Jul 2007 14:26:16 GMT, rea...@justlinux.ca wrote in
>Message-Id: <b_npi.25484$eD4....@fe10.news.easynews.com>:
>> Put the pgp in your headers, moron. That's what we tell _all_ pgp
>> trash trollers. No more and no less.
>It's a fine idea but it has no standard implementation. PGP signatures
>are either in-line or MIME.
Lots of people put it in their headers. Check out Keith Keller in
a.o.l.slackware.
>> Pgp proves only one thing, and that is that somebody using pgp who
>> calls himself "Guy Macon", who may really be named "George W.
>> Bush", was the same utimately anonymous entity who signed a previous
>> post, using the same key. It does not prove that you are the real
>> "Guy Macon." It does not prove that somebody else is not the real
>> Guy Macon.
>As with any identity, there comes a point where some degree of trust has
>to be implied. The passport I hold says I'm Steve Crook and the picture
>looks like me. Pretty good evidence, but then so is my PGP key with a
>number of signatures against it made by a lot of people who believe I am
>who I claim to be. The PGP key has the added security of a passphrase.
So a bunch of people believe that you are "Zax?" And how does that
help you through life?
>> And what use is such a phoney "identity?" The value of a post is
>> found in the quality of that post's content, and not because of some
>> signature, pgp'ed or otherwise.
>A post stating that my anonymous remailer had been compromised would be
>of considerable value to this group if it had a verifiable signature.
>Without the signature, the same content would have no value at all.
Nonsense. You have a static ip. Use it in your post headers.
>This is an example where the quality of the content is entirely
>determined by the authenticity of the author.
Not at all. If your site was "compromised", it would be no less
true if the news came from us, than if it came from you.
>>>Or, in the case of a pseudonym like "Zax", the PGP key allows
>>>me to know that the "Zax" who's post I am reading is the same
>>>"Zax" that I have been reading on a regular basis and not some
>>>enemy of "Zax" pretending to be him or her.
>> No. It will only prove that some anonymous idiot calling himself
>> "Zax" is using the same key in one post that some other anonymous
>> idiot calling himself "Zax" is using in another post. There is no
>> legitimate reason for a person using an internet pseudonym on usenet
>> to use pgp trash.
>I don't see your point. Regardless of the nickname, the address on my
>postings is valid. Send it an email and you'll get a reply from me,
>signed with the same key as the posting. I fail to see how this in any
>way makes me an anonymous idiot.
The use of "idiot" was admittedly uncalled for but you give it more
weight than we intended. We slide, from time to time, into our
misanthropic Don Rickles imitation, but this should not detract from
the logic of our statements. In any case, it was "Zax" who we
called the idiot, and not Steve Crook, if that is truly your name.
cordially, as always,
rm
Anonymous
> A sense of restraint should be a prerequisite to using Usenet. Perhaps
> one day biometric authentication will provide a means to ensure it's
> fulfilled prior to granting access. :)
That's how eelbash's remailer works, isn't it?
Anonymous
> Borked Pseudo Mailed wrote:
>
> > Guy Macon wrote:
> >
> >> I must admit that I have not researched the question of whether to put
> >> the PGP signing in the message body or the headers or even if putting
> >> it in the headers is possible. I would welcome any URLs or advice from
> >> alt.privacy.anon-server regulars concerning this. I do agree that, all
> >> other things being equal, PGP signing in the body isn't as clean
> >> looking as a non-signed post, so I am biased in favor of a header-only
> >> solution if one is workable.
> >
> > Header only solution would be useless for what you're attempting to
> > accomplish. Other than Google, most usenet archives on the web don't
> > even show the full headers so your PGP stuff would vanish. Put it in the
> > body and its there with every post you make which is what you want.
>
> Spoken like someone who hasn't noticed the "show original" link. ;)
Note "Other than Google" above!
> Not that I think PGP stuff belongs in headers. The choices are inline or
> MIME, with inline being preferable for something like Usenet where MIME
> attachments might be stripped here and there.
Agreed.
an...@anon.com
>George Orwell <nob...@mixmaster.it> wrote:
>> Not that I think PGP stuff belongs in headers. The choices are inline or
>> MIME, with inline being preferable for something like Usenet where MIME
>> attachments might be stripped here and there.
>Agreed.
There is no good reason not to bury pgp in headers. Putting that
garbage in your .sig violates the 4 line rule, and assaults the
eyesight of everybody who reads your post.
cordially, as always,
rm
--
http://sports.jrank.org/pages/4065/Rose-Pete-Awards-Accomplishments.html
Anonymous Remailer (austria)
realto wrote:
> Non scrivetemi <nonscr...@pboxmix.winstonsmith.info> trolled:
>>realto wrote:
>
>>> And this does not mean a thing. Using a pgp signature in usenet does
>>> not in any way, shape, or form, protect one from so-called "identity
>>> forgery."
>
>>Wrong. Developing a pattern of signing posts allows you to repudiate
>>unsigned posts.
>
> It allows you to _vainly_ repudiate unsigned posts. It allows you to
> allege, but not _prove_, that an unsigned post is not yours. And if you
No fuckwit, it allows you to prove that an unsigned post is *not* ones
own through the failure of forgers like you to be able to produce a valid
digital signature. We see your pathetic breed in action all the time. You
retards are so fucking stupid you'll even cut and paste signatures from
one post to another like you actually believed it would fool someone.
>>Ironically enough this *is* one of the things digital signatures are
>>useful for, in amusing contrast to what many people believe about them
>>proving authorship, which they don't.
>
> The only thing pgp proves is that a key used in one posting is the same
> as a key used in another posting. That's it. Pgp doesn't "prove"
> anything else.
Sure it does. It proves the message wasn't tampered with en route, and
that unsigned messages weren't sent by the key holder upon challenge.
They also prove authorship to a good degree when the proper protocols are
implemented. A well known signature from a trusted sources is about as
good a verification of authorship as anyone can give.
Or were you as oblivious to the fact that most major Linux distributors
use GnuPG to validate their updates as you are about PGP and digital
signatures in general?
>>> Pgp is simply an affectation, that has some use in the world of email,
>>> but is absolutely worthless on usenet. I find the notion that
>>> somebody who uses pgp to "protect" his the identity of "Zax" to be
>>> totally laughable.
>
>>That's because you have zero understanding of what digital signature
>>are, and are not. Your comprehension is somewhere around 180 degrees
>>from reality in fact, judging by what you typed already. Don't worry,
>>you're not a lone. Your misconceptions are fairly common.
>
> Another logic master. Where do you guys come from? Is there some
> factory somewhere producing broken, recallable, single register CPUs?
And yet here you are spewing venom without so much as an *attempt* at
constructing a logical rebuttal of your own.
You're a garden variety troll and certifiable net loon. Nothing more.
>>> It amounts to the same thing as me signing my name to a contract as
>>> "Spiderman", with a huge flourish, and then claiming that my spiderman
>>> signature is "authentic" because nobody else signs it the same way
>>> that I do.
>
>>Utter nonsense. The two things are nothing alike, and your analogy is
>>broken as a concept.
>
> Sure. But you can't demonstrate that, can you?
I absolutely *did* demonstrate it. Your response was to change the
subject, or at least attempt to....
> So why not pretend that
> such a demonstration is beneath you? That would fit your pattern of
> calling people names because they don't agree with you, instead of
> actually demonstrating the falsity of their claims.
You're being called names because you're a total asshat. Not because you
disagree with facts, reality, or common sense. That just makes you a
nutty asshat. :)
>>Amusingly enough though, it does give clues about why digital
>
> "Amusingly enough?" Are you trying to be literary here?
No, I'm pointing out how utterly ridiculous your prattling really is.
>>signatures are useful for disclaiming forgeries when used properly. The
>>real "Spiderman", having signed numerous documents in his life, could
>>easily prove your flourishes to be forgeries by producing a verifiable
>>history of examples that looked nothing like your cheap imitations. :-)
>
> But you seemed to have missed the point. Who is the "real" Spiderman?
> Perhaps our name really is "Guy Macon" and the clown trying to protect
> the identity of "Guy Macon" is really Spiderman?
That's not the point at all. Much to your dismay, the *actual* point is
as stated. That with a pattern of digitally signing messages it's easy to
prove a stupid troll-forger like you made fake posts because you can
never produce any of your lies with a valid signature. That is near
*perfect* protection from assholes like you trying to assume someones
identity.
> Go back to sleep.
Grow a fucking IQ. You haven't fooled anyone here into believing PGP is
useless a an identity theft prevention tool, or you're anything but a
congenital idiot.
By the way, you've outed yourself as the troll "Dan C" from the
Pensacola. Florida area and this IP address - 70.187.51.136. Hopefully
Guy Macon can make use of that bit of knowledge.
HTH! :)
Nomen Nescio
> There is no good reason not to bury pgp in headers. Putting that
> garbage in your .sig violates the 4 line rule, and assaults the
> eyesight of everybody who reads your post.
Sucks to be your newsreader.
|Article pager commands:
|
|[...]
| \ Show signature (on/off).
| ] Show PGP signature (on/off).
> cordially, as always,
>
> rm
[12 empty lines assaulting my eyesight]
Yeah, right...
Guy Macon
Anonymous Sender wrote:
>
>Guy Macon wrote:
>
>>Zax wrote:
>
>>>I'd have to disagree. This group has a long history of identity
>>>forgeries and PGP signing makes it a pointless exercise. The signature
>>>doesn't have to be associated with a real name in order to provide
>>>continuity; the signature *is* the identity.
>>
>> One can also associate a PGP key with a real name, put it on a personal
>> website, confirm it by telephone using the number in the phonebook,
>> attend PGP web-of-trust keysigning parties, and in geberal make it very
>> unlikely that the key and your name does not match.
>
>Actually, the key you just verified could have been compromised even
>before you went through all that trouble, without the owners knowledge,
>and the more trust you place in that key the more valuable it is to an
>attacker. It's difficult to the point of being realistically impossible
>in most everyday cases to know with any sort of reliability at all that
>a key holder's security is hardened enough to justify any real trust in
>their signature for that purpose.
Excellent point. PGP is indeed only as strong as the security of
the place where the private key is stored.
>> Or, in the case of a pseudonym like "Zax", the PGP key allows me to know
>> that the "Zax" who's post I am reading is the same "Zax" that I have
>> been reading on a regular basis and not some enemy of "Zax" pretending
>> to be him or her.
>
>Not really. Especially not so with a pseudonym, but even with the
>identity of the owner known you can't know for sure that he hasn't shared
>that key with any number of other people, willingly or otherwise.
Again you make an excellent point.
I stand corrected, and I really appreciate you taking the time to
educate me on this topic. Thanks!
Anonymous Remailer (austria)
realto wrote:
> Put the pgp in your headers, moron. That's what we tell _all_ pgp trash
> trollers. No more and no less.
There's no such thing as "PGP in your headers", moron.
> Pgp proves only one thing, and that is that somebody using pgp who calls
> himself "Guy Macon", who may really be named "George W. Bush", was the
> same utimately anonymous entity who signed a previous post, using the
> same key. It does not prove that you are the real "Guy Macon." It does
> not prove that somebody else is not the real Guy Macon.
Your lack of clues is utterly breathtaking. A pgp signature doesn't
"prove" any such thing, and it absolutely CAN prove that someone posting
as one key holder is NOT that key holder. If you can't sign a given text
with a certain key you are obviously not the person who has the key.
Period. But a key can be shared or stolen so it's usefulness in proving
that someone specific authored something is considerably less than
proving someone did not. For the former you need considerable efort and a
tenuous "web of trust" implementation.
> pgp in usenet is just a toy, used by people like you who have nothing
That's what anyone who was threatened by the fact that a PGP signature
would render their childish games irrelevant might say.
You stalked Macon into this group, you're spreading FUD and lies
regarding PGP, and you type like an obsessive 9 year old out to get his
parents for grounding him after he exposed himself to his baby sister.
Hmmm.... no rocket science to see here folks. We're blessed with another
net kook. :(
>>I will also offer you a kind of bribe; stop harassing me and my reason
>>for PGP signing will go away.
>
> Nobody is harassing you, you dumb fuck. _You_ came over to this ng and
> started calling _us_ names, ignoring the fact that 99% of the people
And all of a sudden you appear out of nowhere as the "us" you imagine to
exist.
You might delude yourself, but you're the only one.
> reading and writing to this newsgroup do so anonymously. Why do they
> post anonymously?
Why do you think? Are you also deluding yourself into believing most of
up post anonymously to hide our identities, or for any reason more
mission critical than actually using the tools that that guarantee free
speech without fear of reprisal? That we have any first person tangible
to keep safe here?
Poor deluded troll....
>>>I'd have to disagree. This group has a long history of identity
>>>forgeries and PGP signing makes it a pointless exercise. The signature
>>>doesn't have to be associated with a real name in order to provide
>>>continuity; the signature *is* the identity.
>
> And what use is such a phoney "identity?" The value of a post is found
> in the quality of that post's content, and not because of some
> signature, pgp'ed or otherwise.
Zax isn't a phony identity goofball. It's a nickname. His true identity
is no secret what so ever, in fact his whole remailer "theme" is based on
a cartoon series of sorts that he's somewhat fond of and everyone knows
it. The only one without a clue here is yourself, and it just proved that
you're stalking Mr. Macon. If anyone had been reading this group prior
tth present day they'd know who Zax is, and where his nickname came from.
> If "Zax" has something important to say, it is worth reading because it
> is important in and of itself, and not because some anonymous person who
> calls himself "Zax" wrote it.
Wrong. Utterly and totally clueless. Zax provides a public service, and
information about that service is important ONLY if it truly comes from
him. That's the "identity theft" he was talking about. A forger such as
yourself might post false information in some attempt to confuse users
and ultimately compromise the effectiveness of that service just like you
forge Mr. Macon to discredit him. but because we have learned to trust
Zax and his security/integrity over the years the PGP signature and/or
lack thereof make your type of forgeries trivial to spot.
That's really why you dislike PGP so much, and we can see it as clearly
as the fact that you're a pathetic net-stalker.
> The reason you were exposed is not because you are "Guy Macon." The
> reason you were exposed is because you hold yourself out to potential
> employers as an Electrical Engineer, when you lack any and all
LOL!
So now "Zax" is really Guy Macon in your deluded little universe??
<rest of your adolescent drivel snipped, unread>
Cyberiade.it Anonymous Remailer
> Anonymous <nob...@remailer.paranoici.org> says:
>>George Orwell <nob...@mixmaster.it> wrote:
>
>>> Not that I think PGP stuff belongs in headers. The choices are inline
>>> or MIME, with inline being preferable for something like Usenet where
>>> MIME attachments might be stripped here and there.
>
>>Agreed.
>
> There is no good reason not to bury pgp in headers.
There absolutely is, and it has everything to do with the "rules" you're
laughably misquoting below....
> Putting that
> garbage in your .sig violates the 4 line rule, and assaults the eyesight
> of everybody who reads your post.
Header signatures are problematic if not impossible for most people to
verify because virtually all software adheres to RFC standards and
handles inline or MIME signatures alone, the "4 line rule" never was a
rule in the first place even though the RFC in question specifically
EXEMPTS digital signatures from that guideline <snicker>, and if you're
eyes are "assaulted" by PGP signatures you have deep seeded mental issues
that go far beyond anything relating to a few lines of text.
Guy Macon
Anonymous Remailer austria wrote:
>By the way, you've outed yourself as the troll "Dan C" from the
>Pensacola. Florida area and this IP address - 70.187.51.136.
>Hopefully Guy Macon can make use of that bit of knowledge.
I can, if it's true. Of course I need to see the evidence for
myself. How did you arrive at the conclusion above?
Nomen Nescio
> No fuckwit, it allows you to prove that an unsigned post is *not* ones
> own through the failure of forgers like you to be able to produce a valid
> digital signature.
You miss the point: A PGP signature on one article doesn't hinder *you*
from posting another one without signature. You *cannot prove* that you did
*not post* it.
All you *can* prove is that you did post the ones *with* signatures.
Enough emphasis for you?
> We see your pathetic breed in action all the time. You retards are so
> fucking stupid
[blablablabla]
> Sure it does. It proves the message wasn't tampered with en route, and
> that unsigned messages weren't sent by the key holder upon challenge.
It eludes me how you reach this conclusion. It's a classic Boschloo. Yes, a
signature is most certainly tamper-proof. No, you can't prove shit about
unsigned messages.
Nobody will challenge you if *you*, the key holder, deny authorship. It
still doesn't prove that you're not the author. PGP doesn't prevent anyone
from lying. That's what the tiny brain chips are for.
People *may* trust you when you have a history of *always* signing your
articles. They don't have to. Forget to sign your post once and they have
all reason to believe that the next unsigned message is also from you.
Anyone who scoops up one of the unsigned articles in a google search,
doesn't even know that there are other, signed, articles.
> Or were you as oblivious to the fact that most major Linux distributors
> use GnuPG to validate their updates as you are about PGP and digital
> signatures in general?
As said above, you miss the point completely. The point that *signed* data
proves that the signer had access to the signee's private key was never
questioned.
> And yet here you are spewing venom without so much as an *attempt* at
> constructing a logical rebuttal of your own.
Hope I could help here. You sure find a way not to get it. But hey, I
tried.
> Grow a fucking IQ. You haven't fooled anyone here into believing PGP is
> useless a an identity theft prevention tool, or you're anything but a
> congenital idiot.
PGP is useful as an identity theft prevention tool if, and only if PGP is
the *only* signature mechanism in use and *all* data is signed. Otherwise
you cannot tell for certain that unsigned data *must* be bogus.
George Orwell
Hash: RIPEMD160
realto wrote:
>>Wrong. Developing a pattern of signing posts allows you to repudiate
>>unsigned posts.
>
> It allows you to _vainly_ repudiate unsigned posts. It allows you to
> allege, but not _prove_, that an unsigned post is not yours.
Bullshit! I can prove you wrong very easily. I'll sign this post using a
freshly generated key with KeyID 0xb4bf2412. Even with an obviously bogus
user ID of "TEST USER" I can use that signature to positively prove any
posts you made claiming to be TEST USER did not come from me because you
will never be able to generated a valid signature using that key. End of
story. You're out of luck because you don't own the key, which makes your
forgeries less than useless to you. They are in fact, magically
transformed into evidence against someone like you, who tries to impugn
the reputation of another for whatever bizarre, self beguiling reasons
you believe you have.
Feel free to prove me wrong of course, by signing any text with KeyID
0xb4bf2412.
LOL!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGpm+3QTeak7S/JBQRAyUxAKCKIeFH8XfNuJS7El9wxfGwojD/YgCgqN6N
aP5aK/+CnZoNyFgt1cS2sP8=
=QChS
-----END PGP SIGNATURE-----
Anonymous
> There is no good reason not to bury pgp in headers. Putting that
> garbage in your .sig violates the 4 line rule, and assaults the eyesight
> of everybody who reads your post.
You truly are a world class imbecile...
From RFC 1855:
- Forging of news articles is generally censured. You can protect
yourself from forgeries by using software which generates a
manipulation detection "fingerprint", such as PGP (in the US).
That's the exact same RFC you're getting your "4 lines" buffoonery from.
Yes, not only are PGP signatures /not/ considered part of the .sig in
question, the same cite you're using to prop up your failed arguments
specifically recommends PGP signatures for the very purpose you claim
they can't be used for.
That's ironic in a really amusing sort of way, don't you think?
*chuckle*
Anonymous
> There is no good reason not to bury pgp in headers. Putting that
> garbage in your .sig violates the 4 line rule, and assaults the eyesight
> of everybody who reads your post.
What an idiot.
RFC 1855
- Forging of news articles is generally censured. You can protect
yourself from forgeries by using software which generates a
manipulation detection "fingerprint", such as PGP (in the US).
That's the exact same RFC you're getting your "4 lines" horse shit from.
Sort of ironic, don'tcha think? *chuckle*
an...@anon.com
>realto wrote:
>> Non scrivetemi <nonscr...@pboxmix.winstonsmith.info> trolled:
>>>realto wrote:
>>>> And this does not mean a thing. Using a pgp signature in
>>>> usenet does not in any way, shape, or form, protect one from
>>>> so-called "identity forgery."
>>>Wrong. Developing a pattern of signing posts allows you to
>>>repudiate unsigned posts.
>> It allows you to _vainly_ repudiate unsigned posts. It allows
>> you to allege, but not _prove_, that an unsigned post is not
>> yours. And if you
>No fuckwit, it allows you to prove that an unsigned post is *not*
>ones own through the failure of forgers like you to be able to
>produce a valid digital signature.
What you are saying is true, only if it is impossible for a pgp
trash troller to make a posting without adding pgp trash. But since
a pgp trash troller can make a posting from his terminal without
adding pgp, who can say that the posting with a pgp trash troller's
name on it, isn't one that he sent out without the pgp trash?
> We see your pathetic breed in action all the time. You
>retards are so fucking stupid you'll even cut and paste signatures
>from one post to another like you actually believed it would fool
>someone.
It would certainly "fool" someone who doesn't give a damn about pgp
trash. And that would be about 99.9% of the posting public. And
since the .1% left over are all a bunch of geeky, unwashed,
uber-paranoids like you, what difference could it possibly make if
the pgp trash actually verified?
Nobody cares.
>>>Ironically enough this *is* one of the things digital signatures
>>>are useful for, in amusing contrast to what many people believe
>>>about them proving authorship, which they don't.
>> The only thing pgp proves is that a key used in one posting is
>> the same as a key used in another posting. That's it. Pgp
>> doesn't "prove" anything else.
>Sure it does. It proves the message wasn't tampered with en route, and
>that unsigned messages weren't sent by the key holder upon challenge.
So you think that the CIA is intercepting your flamage? Do you
think that National Security forces are out looking for you because
of your paranoid opinions about anon newsposters using pgp trash?
>They also prove authorship to a good degree when the proper
>protocols are implemented. A well known signature from a trusted
>sources is about as good a verification of authorship as anyone can
>give.
No, pgp trash only proves authorship to the tiny, tiny, minority of
the herd that is paranoid enough to worry about such. Pgp trash
proves absolutely nothing to the vast majority of posters. They
don't care.
>Or were you as oblivious to the fact that most major Linux
>distributors use GnuPG to validate their updates as you are about
>PGP and digital signatures in general?
pgp trash does have its place in email. It has no place in usenet.
>>>> Pgp is simply an affectation, that has some use in the world of
>>>> email, but is absolutely worthless on usenet. I find the
>>>> notion that somebody who uses pgp to "protect" his the identity
>>>> of "Zax" to be totally laughable.
>>>That's because you have zero understanding of what digital
>>>signature are, and are not. Your comprehension is somewhere
>>>around 180 degrees from reality in fact, judging by what you
>>>typed already. Don't worry, you're not a lone. Your
>>>misconceptions are fairly common.
>> Another logic master. Where do you guys come from? Is there some
>> factory somewhere producing broken, recallable, single register CPUs?
>And yet here you are spewing venom without so much as an *attempt* at
>constructing a logical rebuttal of your own.
Hey, we used pgp trash in our postings for about a year just to
prove to pgp trash that we understand it and our opinion is
informed. And to prove there is nothing exclusive about using pgp
trash. But it is meaningless. We don't care if the people who use
pgp trash to verify signatures ever read our postings. Their
opinions as to the veracity of our signatures is wholly meaningless.
>You're a garden variety troll and certifiable net loon. Nothing
>more.
You are still simply calling us names. You have nothing of
substance to add to the debate. We read on in vain, hoping to find
just one small instance of intelligent riposte but it's all for
naught.
G'nite Wilma,
cordially, as always,
rm
an...@anon.com
>> There is no good reason not to bury pgp in headers. Putting that
>> garbage in your .sig violates the 4 line rule, and assaults the
>> eyesight of everybody who reads your post.
>Sucks to be your newsreader.
>|Article pager commands:
>|
>|[...]
>| \ Show signature (on/off).
>| ] Show PGP signature (on/off).
>[12 empty lines assaulting my eyesight]
>Yeah, right...
Since when did mixmaster hide pgp trash?
Yeah, right...
cordially, even to the small fry,
rm
an...@anon.com
>realto wrote:
>> Put the pgp in your headers, moron. That's what we tell _all_
>> pgp trash trollers. No more and no less.
>There's no such thing as "PGP in your headers", moron.
No, you're right, there is no such thing as PGP in your headers,
moron. But there is such a thing as pgp in your headers. Perhaps
the prior statement would be true if we could figure out how to get
you in the headers...
But to the issue: You had best tell this guy:
Keith Keller <kkeller...@wombat.san-francisco.ca.us> that his
pgp trash is not in his headers.
You could google up one of his messages, like this one:
<n9ohn4x...@goaway.wombat.san-francisco.ca.us>
However, we sense that you won't because your world might cave in.
>> Pgp proves only one thing, and that is that somebody using pgp
>> who calls himself "Guy Macon", who may really be named "George W.
>> Bush", was the same utimately anonymous entity who signed a
>> previous post, using the same key. It does not prove that you
>> are the real "Guy Macon." It does not prove that somebody else
>> is not the real Guy Macon.
>Your lack of clues is utterly breathtaking.
Your use of hugely over-worked cliches shows us that you are a
person with a very limited imagination. We don't wish to judge you
for this failing, but all the same, we deem you to be unworthy of
our time.
Bye.
cordially, as always,
rm
Guy Macon
Anonymous Remailer austria wrote:
>...the tools that that guarantee free speech...
>...Zax provides a public service...
This touches on something that I strongly believe and don't
mention often enough. Anonymous remailers, PGP, etc. *do*
protect our free speech rights. Zax and others like him
really do provide a public service, and deserve thanks for
that. The United States was founded on the basic principle
that we should fear ever-increasing governmental powers and
should be able to overthrow our government. When the founding
fathers decided to throw off the yoke of King George's rule,
they started by distributing pamphlets. *Anonymous* pamphlets.
an...@anon.com
>Header signatures are problematic if not impossible for most people to
>verify because virtually all software adheres to RFC standards and
>handles inline or MIME signatures alone,
Ah, since the bread is too big for the toaster it is not worth
eating?
You don't _need_ "virtually all software" to verify pgp trash,
unless you don't know what pgp is, or how to use it.
>the "4 line rule" never was a rule in the first place even though
>the RFC in question specifically EXEMPTS digital signatures from
>that guideline <snicker>, and if you're eyes are "assaulted" by PGP
>signatures you have deep seeded mental issues that go far beyond
>anything relating to a few lines of text.
Everything below the "-- " is part of the .sig. There is no
"pgp .sig" separate from the .sig. It is part of the .sig.
You probably think it is ok to use a 100 line .sig because you'll
argue that it is really 25 different .sigs, each only 4 lines long.
You guys are a riot.
The people (more and more all the time) who put their pgp trash in
their headers rarely have .sigs that violate the 4-line standard.
cordially, as always,
rm
Guy Macon
George Orwell wrote:
>
>Borked Pseudo Mailed wrote:
>
>> Guy Macon wrote:
>>
>>> I must admit that I have not researched the question of whether to put
>>> the PGP signing in the message body or the headers or even if putting
>>> it in the headers is possible. I would welcome any URLs or advice from
>>> alt.privacy.anon-server regulars concerning this. I do agree that, all
>>> other things being equal, PGP signing in the body isn't as clean
>>> looking as a non-signed post, so I am biased in favor of a header-only
>>> solution if one is workable.
>>
>> Header only solution would be useless for what you're attempting to
>> accomplish. Other than Google, most usenet archives on the web don't
>> even show the full headers so your PGP stuff would vanish. Put it in the
>> body and its there with every post you make which is what you want.
>
>Spoken like someone who hasn't noticed the "show original" link. ;)
...which, as was pointed out above, does not work with the vast
majority of web-based Usenet archives. For example, please go to
[ http://help.lockergnome.com/linux/Slackware-forum-7.html ], click
on any of the archived Usenet posts you see there, and tell me how
I might reveal any header-based PGP signatures that might be there.
George Orwell
>You're out of luck because you don't own the key, which makes your
>forgeries less than useless to you. They are in fact, magically
>transformed into evidence against someone like you, who tries to impugn
>the reputation of another for whatever bizarre, self beguiling reasons
>you believe you have.
>Feel free to prove me wrong of course, by signing any text with KeyID
>0xb4bf2412.
We just proved you wrong, George. You actually wrote this post that
you are reading right now!
Look at the "From:" line! Now prove that you didn't write it!
>LOL!
Indeed.
cordially, as always,
rm
jellybean stonerfish
> Aside from that, leave your paranoid, persecution fantasies in this
> ng, which is obviously full of conspiracy nuts like you.
>
> Bugger off.
>
> cordially, as always,
>
> rm
God, this rm is a total moron. I will publicly state that I now agree
with Guy. rm is to be ignored.
an...@anon.com
>anon wrote:
>> There is no good reason not to bury pgp in headers. Putting that
>> garbage in your .sig violates the 4 line rule, and assaults the eyesight
>> of everybody who reads your post.
>You truly are a world class imbecile...
>From RFC 1855:
> - Forging of news articles is generally censured. You can protect
> yourself from forgeries by using software which generates a
> manipulation detection "fingerprint", such as PGP (in the US).
>That's the exact same RFC you're getting your "4 lines" buffoonery from.
The 4-line "buffoonery" as you call it is a long time standard of
usenet netiquette and any reference to this netiquette standard in
an RFC is pointless.
And just because the guy who wrote the RFC 1855 doesn't understand
the limitation of pgp trash, doesn't mean that you have to
misunderstand those limitations as well. You have our permission to
actually sit down, hold your knees down so they won't jerk, and
_think_ about what we are saying.
The fact that you put pgp trash in some posts with your name on them
does not prove that other posts with your name on them, that do not
have pgp trash, are not yours.
cordially, as always,
rm
Borked Pseudo Mailed
> "Anonymous Remailer (austria)" <mixm...@remailer.privacy.at> wrote:
>
>> No fuckwit, it allows you to prove that an unsigned post is *not* ones
>> own through the failure of forgers like you to be able to produce a
>> valid digital signature.
>
> You miss the point: A PGP signature on one article doesn't hinder *you*
> from posting another one without signature. You *cannot prove* that you
> did *not post* it.
>
> All you *can* prove is that you did post the ones *with* signatures.
WTF are you babbling about? Of course you can prove that you didn't post
something without a signature, by challenging the actual author to sign
it using a specific key you use to sign other things. They can't do that,
which proves thay don't have possession of that key. IOW, they're not you.
>
> Enough emphasis for you?
You can emphasize stupidity 'till pigs fly, and all you'll have is
stupidity and flying pigs.
>> We see your pathetic breed in action all the time. You retards are so
>> fucking stupid
>
> [blablablabla]
That's a pretty predictable response coming from someone with no actual
argument to pose.
I'll take it to mean that in spite of all your blustering you're fully
aware that it's impossible to forge a PGP signature, and that unsigned
messages in another persons' name are obvious forgeries when the true
owner of the the identity uses message tamper-proofing like PGP to verify
their real messages.
>
>> Sure it does. It proves the message wasn't tampered with en route, and
>> that unsigned messages weren't sent by the key holder upon challenge.
>
> It eludes me how you reach this conclusion. It's a classic Boschloo.
> Yes, a signature is most certainly tamper-proof. No, you can't prove
> shit about unsigned messages.
Sure you can. By challenging the forger to create a digital signature
using your key, which validates the message in question. How can you be
so addle minded you fail to be able to grasp this simple principal, and
still maintain autonomic functions?
> Nobody will challenge you if *you*, the key holder, deny authorship. It
> still doesn't prove that you're not the author. PGP doesn't prevent
> anyone from lying. That's what the tiny brain chips are for.
It doesn't prevent anyone from lying, as is so clearly evidenced by your
presence here. PGP exists, and so do you. PGP does, however, expose your
lies under certain circumstances. One of those circumstances being your
attempt to assume the identity of a PGP key holder and pass off your
forgeries as authentic.
> People *may* trust you when you have a history of *always* signing your
> articles. They don't have to. Forget to sign your post once and they
> have all reason to believe that the next unsigned message is also from
> you.
Irrelevant nonsense. In fact the pattern doesn't actually have to exist
at all for a key holder to prove something as a forgery. If you don't
have possession of the unique signing key, you can't produce a signature
before OR after the fact.
> Anyone who scoops up one of the unsigned articles in a google search,
> doesn't even know that there are other, signed, articles.
And of course they could never be informed of that existance, now could
they?
Moron.
>> Or were you as oblivious to the fact that most major Linux distributors
>> use GnuPG to validate their updates as you are about PGP and digital
>> signatures in general?
>
> As said above, you miss the point completely. The point that *signed*
> data proves that the signer had access to the signee's private key was
> never questioned.
Actually, it's you who are woefully confused. The *point* here is that
UNsigned data proves an author had no access to a specific key even more
clearly than the fact than a valid signatory had access to that same key.
Keys can be shared or stolen. Because of this a valid looking signature
isn't an absolute guarantee of authorship. OTOH, digital signatures are
for all intents and purposes impossible to forge. No key, no signature.
Simple as that. If I challenge you to produce a specific signature and
you can not, you are obviously not the key's owner or their "agent".
Period. Because of this, digital signatures are inherently useful for
disclaiming forgeries.
>> And yet here you are spewing venom without so much as an *attempt* at
>> constructing a logical rebuttal of your own.
>
> Hope I could help here. You sure find a way not to get it. But hey, I
> tried.
Helping is obviously the furthest thing from your agenda. For "some
reason" you seem to want to discredit one of the more valid reasons for
PGP signing publically posted messages. And that "reason" pretty
obviously revolves around the fact that you want to portray unsigned
forgeries as being every bit as valid as signed messages.
There's only one logical explanation for any of this. You're a forger
wanting to limit the ability of your victims to disprove you handiwork.
Ok, that's not entirely true. There's a second logical explanation. You
really are just so stump stupid you can't wrap your limited mental
capacity around the fact that if you don't have possession of a key you
can't produce a valid digital signature using that key.
If I were you I'd go with option A. Something about being that stupid
just makes "carer criminal" sound so much more appealing. :)
>> Grow a fucking IQ. You haven't fooled anyone here into believing PGP is
>> useless a an identity theft prevention tool, or you're anything but a
>> congenital idiot.
>
> PGP is useful as an identity theft prevention tool if, and only if PGP
> is the *only* signature mechanism in use and *all* data is signed.
False. I could create a brand new key, right now, and never publish a
single signed text with it. If you posted something in my name, I could
easily prove it to be a forgery by signing that text with my refutation
attached, and challenging you to sign the original with that key. My
identity could be irrefutable proved through various means, not the least
of which is showing up in a court room with the key and my driver's
license on the day you're facing your charges.
> Otherwise you cannot tell for certain that unsigned data *must* be
> bogus.
Yes, you can. By challenging the author of the unsigned text to sign it.
If they can not, they are not you. :)
Guy Macon
rea...@justlinux.ca wrote:
>Put the pgp in your headers, [...] That's what we tell
>_all_ pgp [users]. No more and no less.
I have decided to try following the above advice at least
for a little while as an experiment if I can do it in
Mozilla Thunderbird. Do you have a URL for an add-on
that will allow me to "put the pgp in my headers?"
>Hold yourself out to employers as a legitimate professional engineer
>and we will continue to keep the facts at the fore.
I don't "hold myself out to employers as a legitimate professional
engineer." That would be fraud and it would never occur to me to
do such a thing. I just checked the archive and only found one
spot something I wrote could possibly be misinterpeted as making
such a claim:
"The goodness of the design *is* up to me in the absence
of a spec for some aspect of it. That's what being a
professional engineer is all about. Another part of
that is, in turn, being able to determine what aspects
need to be verified, and stating that in the rules (or
spec) for the design."
For the record, when I wrote the above I did NOT intend to
apply the title "Professional Engineer" to myself and I
apologize to anyone who got that impression. The term
"Professional Engineer" may only be used by those who have
a specific license which I do not have. I apologize for
any confusion this may have caused. If I did wish to claim
to be a Professional Engineer I would have put that claim
on my online resume -- my main way to reach employers.
Guy Macon
George Orwell wrote:
>
>realto wrote:
>
>>>Wrong. Developing a pattern of signing posts allows you to repudiate
>>>unsigned posts.
>>
>> It allows you to _vainly_ repudiate unsigned posts. It allows you to
>> allege, but not _prove_, that an unsigned post is not yours.
>
>Bullshit! I can prove you wrong very easily. I'll sign this post using a
>freshly generated key with KeyID 0xb4bf2412. Even with an obviously bogus
>user ID of "TEST USER" I can use that signature to positively prove any
>posts you made claiming to be TEST USER did not come from me because you
>will never be able to generated a valid signature using that key. End of
>story. You're out of luck because you don't own the key, which makes your
>forgeries less than useless to you. They are in fact, magically
>transformed into evidence against someone like you, who tries to impugn
>the reputation of another for whatever bizarre, self beguiling reasons
>you believe you have.
>
>Feel free to prove me wrong of course, by signing any text with KeyID
>0xb4bf2412.
Minor Quibble: It appears to me that you can easily prove
that any attempt by "realto" to impersonate TEST USER is
bogus -- which is what I originally asked for, how to best
handle forgeries. It doesn't apply to the other meaning of
repudiate, which would be you posting without a signature
claiming to be TEST USER and then posting with the signature
claiming that the unsigned post wasn't from you. *That*
claim would not be provable. This doesn't negate the point
you made above, of course.
Anonymous Remailer (austria)
George Orwell wrote:
FWIW.....
gpg: armor header: Hash: RIPEMD160
gpg: armor header: Version: GnuPG v1.4.7 (GNU/Linux)
gpg: original file name=''
gpg: Signature made Tue 24 Jul 2007 05:31:35 PM EDT using DSA key ID B4BF2414
gpg: using classic trust model
gpg: Good signature from "TEST USER <nom...@dev.null>"
gpg: textmode signature, digest algorithm RIPEMD160
George Orwell
> >Sucks to be your newsreader.
>
> >|Article pager commands:
> >|
> >|[...]
> >| \ Show signature (on/off).
> >| ] Show PGP signature (on/off).
>
> Since when did mixmaster hide pgp trash?
Mixmaster is a newsreader?
Must be Eelbash again. Are they all Eelbash up there in Canada?
http://www.sentex.net/~slink/toronto1.html
And the women are big and the men are dumb
And the children are loopy 'cause they live in a slum!
The water is polluted and the mayor's a dork!
They dress real bad and they think they're New York...
In Toronto . . . !
Ontario . . . oh-oh!
Guy Macon
> Minor Quibble: It appears to me that you can easily prove
> that any attempt by "realto" to impersonate TEST USER is
> bogus -- which is what I originally asked for, how to best
> handle forgeries. It doesn't apply to the other meaning of
> repudiate, which would be you posting without a signature
> claiming to be TEST USER and then posting with the signature
> claiming that the unsigned post wasn't from you. *That*
> claim would not be provable. This doesn't negate the point
> you made above, of course.
So he can easily prove that the posting he made without a signature is
bogus by not posting with the signature claiming that the unsigned post
wasn't from him?
How does that differ from the situation where someone else posts under his
name without a signature?
an...@anon.com
>George Orwell wrote:
>>Bullshit! I can prove you wrong very easily. I'll sign this post
>>using a freshly generated key with KeyID 0xb4bf2412. Even with an
>>obviously bogus user ID of "TEST USER" I can use that signature to
>>positively prove any posts you made claiming to be TEST USER did
>>not come from me because you will never be able to generated a
>>valid signature using that key. End of story. You're out of luck
>>because you don't own the key, which makes your forgeries less
>>than useless to you. They are in fact, magically transformed into
>>evidence against someone like you, who tries to impugn the
>>reputation of another for whatever bizarre, self beguiling reasons
>>you believe you have.
>>Feel free to prove me wrong of course, by signing any text with
>>KeyID 0xb4bf2412.
>Minor Quibble: It appears to me that you can easily prove
>that any attempt by "realto" to impersonate TEST USER is
>bogus -- which is what I originally asked for, how to best
>handle forgeries.
Minor quibble? First of all, we are not impersonating you. We have
much better things to do. But it wouldn't surprise us in the least
if you impersonated us impersonating you. That is your style. You
just want to make a fuss.
Second of all, he cannot prove that _any_ post on usenet, including
pgp posts, was not written by him. And this is major, not minor.
If he signed his name to a post calling you a phoney, he could not
prove it wasn't him that wrote the post. What's more, if we signed
his name to a post calling you a phoney, he couldn't prove that he
didn't write that post as well. This is the nature of usenet and
there is no way around it.
The pgp doesn't work on usenet. It is meaningless. It's a toy and
those who use it always turn out to be, upon inspection, children,
psychologically, if not chronologically, and they have nothing worth
"protecting" with pgp trash anyway.
Now haven't you had enough time to whine about the diabolical plots
against you? You falsely promoted yourself as an "Electrical
Engineer", you were exposed, and you changed your web page. Or at
least it was changed the last time we looked, and we don't want to
go back and see your face again.
So it's over. Go on back to doing whatever it is you do and stop
using usenet newsgroups in your never-ending search for pity.
cordially, as always,
rm
an...@anon.com
>> >Sucks to be your newsreader.
>> >|Article pager commands:
>> >|
>> >|[...]
>> >| \ Show signature (on/off).
>> >| ] Show PGP signature (on/off).
>> Since when did mixmaster hide pgp trash?
>Mixmaster is a newsreader?
Yep, if you have even basic skills. And if you aren't posting from
mixmaster, you must be using windoze...
cordially, as always,
rm
Nomen Nescio
> George Orwell <nob...@mixmaster.it> says:
>> an...@anon.com wrote:
>
>>>>> There is no good reason not to bury pgp in headers. Putting that
>>>>> garbage in your .sig violates the 4 line rule, and assaults the
>>>>> eyesight of everybody who reads your post.
>>>>
>>>> Sucks to be your newsreader.
>>>>
>>>> |Article pager commands:
>>>> |
>>>> |[...]
>>>> | \ Show signature (on/off).
>>>> | ] Show PGP signature (on/off).
>>>
>>> Since when did mixmaster hide pgp trash?
>>
>> Mixmaster is a newsreader?
>
> Yep, if you have even basic skills.
So, what basic skills do I need to use mixmaster as a newsreader? And why
should I leave the comfort of my usual newsreader. Only to brag about a few
PGP signatures? My, you've got problems.
> And if you aren't posting from
> mixmaster, you must be using windoze...
Yeah, right...
Ok, I take it back. You can't be Eelbash. Even Eelbash was smart enough to
know how to integrate mixmaster into his newsreader.
Fellas, we finally found someone even more stupid than Eelbash. I never
deemed that possible but here he is.
Nomen Nescio
> Nomen Nescio wrote:
>
> > You miss the point: A PGP signature on one article doesn't hinder *you*
> > from posting another one without signature. You *cannot prove* that you
> > did *not post* it.
> >
> > All you *can* prove is that you did post the ones *with* signatures.
>
> WTF are you babbling about? Of course you can prove that you didn't post
> something without a signature, by challenging the actual author to sign
> it using a specific key you use to sign other things. They can't do that,
> which proves thay don't have possession of that key. IOW, they're not you.
Ok, one last try before I give up. There's no use in trying to educate a
certified loon.
Suppose Alice has a habit of always signing her posts.
Now a post appears under Alice's name, calling Bob a [HATE CRIME].
The others demand Alice to explain herself for this outrageous insults that
could harm Bob's reputation.
"Oh, I didn't post it. Must have been someone else." says Alice.
"It was posted under your name. Prove that you didn't post it!", they say.
"No problem. I call to thee, thou unbound void! The creator of this piece
shall sign it now!"
Nothing happens.
"See?" says Alice, "Nobody replied. Therefore I cannot have posted this
message."
You call *that* a proof?
> >> We see your pathetic breed in action all the time. You retards are so
> >> fucking stupid
> >
> > [blablablabla]
>
> That's a pretty predictable response coming from someone with no actual
> argument to pose.
I was just condensing your paragraph about breed, retards and whatnot.
You call *that* an argument?
> I'll take it to mean that in spite of all your blustering you're fully
> aware that it's impossible to forge a PGP signature,
I wouldn't go as far as saying it is impossible but I agree that it
involves a ridiculous high amount of determination, time, skills and money
and that practically nothing and nobody is worth the effort, even for an
unlimited attacker, given a small time frame.
> and that unsigned
> messages in another persons' name are obvious forgeries when the true
> owner of the the identity uses message tamper-proofing like PGP to verify
> their real messages.
There it is again. The true owner of the identity is still free to post
without his mighty tamper-proof PGP signature.
He cannot proof his non-authorship on a message posted under his name
without a signature with absolute certainty as you try to claim.
He can, however, point out his habit of always signing messages and that he
would, of course, never post anything as stupid as you just did. Some might
believe him, some might not.
Yet, he does not have any proof in the mathematical sense of 100% absolute
positive certainty.
> > It eludes me how you reach this conclusion. It's a classic Boschloo.
> > Yes, a signature is most certainly tamper-proof. No, you can't prove
> > shit about unsigned messages.
>
> Sure you can. By challenging the forger to create a digital signature
> using your key,
If the forger posts under your name, who do you challenge? Yourself?
If the key owner did not post it, why should he sign it? He'd deny it.
And if he did post it but doesn't want to confirm it, he'd deny it also.
Which, as we see, means just that: No, you can't prove shit about unsigned
messages.
> which validates the message in question. How can you be
> so addle minded you fail to be able to grasp this simple principal, and
> still maintain autonomic functions?
To the contrary. You seem to be very narrow-minded and hardly think
further.
Say, you don't happen to have posted about the differences of mixmaster
running as a daemon or from cron a while ago? Just wondering. Your
low-level of understanding seems so familiar.
> > Nobody will challenge you if *you*, the key holder, deny authorship. It
> > still doesn't prove that you're not the author. PGP doesn't prevent
> > anyone from lying. That's what the tiny brain chips are for.
>
> It doesn't prevent anyone from lying, as is so clearly evidenced by your
> presence here.
Where did I lie about what? And how does that relate to my presence in this
newsgroup?
> PGP exists, and so do you.
Now that's what I call a nice catchphrase.
I sign, therefore I am.
I don't sign, therefore I am not?
Brilliant!
Remember Twinky Admin's often used phrase "I don't have access to my
computer right now, so no PGP signature"?
> > People *may* trust you when you have a history of *always* signing your
> > articles. They don't have to. Forget to sign your post once and they
> > have all reason to believe that the next unsigned message is also from
> > you.
>
> Irrelevant nonsense. In fact the pattern doesn't actually have to exist
> at all for a key holder to prove something as a forgery. If you don't
> have possession of the unique signing key, you can't produce a signature
> before OR after the fact.
I won't anyway. Still doesn't prove anything. Who would force you to sign
your message under your name if you want it to be plausible deniable?
Nobody, that's who.
> > Anyone who scoops up one of the unsigned articles in a google search,
> > doesn't even know that there are other, signed, articles.
>
> And of course they could never be informed of that existance, now could
> they?
They usually won't.
> >> Or were you as oblivious to the fact that most major Linux distributors
> >> use GnuPG to validate their updates as you are about PGP and digital
> >> signatures in general?
> >
> > As said above, you miss the point completely. The point that *signed*
> > data proves that the signer had access to the signee's private key was
> > never questioned.
> Actually, it's you who are woefully confused. The *point* here is that
> UNsigned data proves an author had no access to a specific key even more
> clearly
Made my day. Really.
So, someone who has access to a specific key can never post any UNsigned
data? How?
> No key, no signature.
You seem to imply the inverse to be true, too. That is not the case.
Sorry to break it to you, sonny, but that's the truth.
> Simple as that. If I challenge you to produce a specific signature and
> you can not, you are obviously not the key's owner or their "agent".
Or I don't want to sign it.
> Period.
Sorry, had to move your Period. Expanding your horizon is not as easy,
I'm afraid.
> Because of this, digital signatures are inherently useful for
> disclaiming forgeries.
No. Digital signatures are useful for what they are meant to be: Proving
authorship. They cannot prove non-authorship in a system that does not
force signatures on everything.
> Helping is obviously the furthest thing from your agenda. For "some
> reason" you seem to want to discredit one of the more valid reasons for
> PGP signing publically posted messages.
Not in the slightest. I tried to bring your false sense of security to your
attention. Too bad you couldn't grasp it.
> And that "reason" pretty
> obviously revolves around the fact that you want to portray unsigned
> forgeries as being every bit as valid as signed messages.
I don't. I'm saying unsigned messages cannot be proven to be invalid.
> There's only one logical explanation for any of this.
Your limited mind shows again.
> You're a forger wanting to limit the ability of your victims to disprove
> you handiwork.
There I am, trying to share the wisdom of what PGP can do and what it
cannot do, and you call me a forger?
> Ok, that's not entirely true. There's a second logical explanation. You
> really are just so stump stupid you can't wrap your limited mental
> capacity around the fact that if you don't have possession of a key you
> can't produce a valid digital signature using that key.
Oh, I got that. Years ago. What your limited mental capacity is unable to
wrap is the fact that if you possess a key, you still can choose to produce
no digital signature whatsoever.
> If I were you I'd go with option A. Something about being that stupid
> just makes "carer criminal" sound so much more appealing. :)
You're this newsgroups' career fool then, I suppose?
> >> Grow a fucking IQ. You haven't fooled anyone here into believing PGP is
> >> useless a an identity theft prevention tool, or you're anything but a
> >> congenital idiot.
> >
> > PGP is useful as an identity theft prevention tool if, and only if PGP
> > is the *only* signature mechanism in use and *all* data is signed.
>
> False. I could create a brand new key, right now, and never publish a
> single signed text with it.
*GASP*
So all your never signed texts are forgeries? Like the one I'm replying to?
What a logic loop.
> If you posted something in my name, I could
> easily prove it to be a forgery by signing that text with my refutation
> attached,
So, could I. Faster than you. With my key that I never published before.
And that proves what now?
> and challenging you to sign the original with that key.
Challenge who? I posted under your name, did you already forget how your
sentence began?
Have fun challenging yourself. Of course, you can sign my post now because
you've got the key.
And that proves what now?
> My
> identity could be irrefutable proved through various means, not the least
> of which is showing up in a court room with the key and my driver's
> license on the day you're facing your charges.
"Your honor, I did not sign this message with my key. Therefore it is clear
that I cannot have posted this at all."
I would really like to see that. So, when and which court?
> > Otherwise you cannot tell for certain that unsigned data *must* be
> > bogus.
>
> Yes, you can. By challenging the author of the unsigned text to sign it.
> If they can not, they are not you. :)
They are you. It says so in the From line. Who do you challenge again?
Yourself? But you got the key already, so you can sign the text. And that
proves what now?
an...@anon.com
>Ok, I take it back. You can't be Eelbash. Even Eelbash was smart
>enough to know how to integrate mixmaster into his newsreader.
Ah, so you are using mixmaster to post to usenet. See, wasn't that
easy? You need mixmaster. But you don't need slrn.
>Fellas, we finally found someone even more stupid than Eelbash. I
>never deemed that possible but here he is.
You do understand that it is mixmaster, and not slrn, that is
posting your anonymous usenet articles?
We feel sorry for the kind of people who need to insult others
through anonymous newsreaders.
cordially, as always,
rm
Guy Macon
Someone pretending to be Guy Macon <nob...@pseudo.borked.net> wrote:
The post I am replying to claims to be from Guy Macon but is not.
Not that anyone reading alt.privacy.anon-server and seeing that
the email address is a well-known anonymous remailer would have
any trouble figuring that out. It is slightly rude to the reader,
though, by making it a bit harder to figure out quoting that is
several layers deep.
>> Minor Quibble: It appears to me that you can easily prove
>> that any attempt by "realto" to impersonate TEST USER is
>> bogus -- which is what I originally asked for, how to best
>> handle forgeries. It doesn't apply to the other meaning of
>> repudiate, which would be you posting without a signature
>> claiming to be TEST USER and then posting with the signature
>> claiming that the unsigned post wasn't from you. *That*
>> claim would not be provable. This doesn't negate the point
>> you made above, of course.
>
>So he can easily prove that the posting he made without a signature is
>bogus
I just said that he *cannot* prove that the posting he himself
made without a signature isn't from him. He can only prove that
someone else posting without a signature isn't him; the proof
is in the inability to produce a post with a signature on demand.
Guy Macon
Nomen Nescio wrote:
>
>an...@anon.com wrote:
an...@anon.com? I didn't see any post with that in the From: line.
(checks Google Groups) Ah. My RM filter caught that. OK, I am
whitelisting that one as well, but I will be glad to remove the
whitelisting if "an...@anon.com" requests it.
Guy Macon
Nomen Nescio wrote:
>Ok, one last try before I give up. There's no use in trying to educate a
>certified loon.
>
>Suppose Alice has a habit of always signing her posts.
>Now a post appears under Alice's name, calling Bob a [HATE CRIME].
>The others demand Alice to explain herself for this outrageous insults that
>could harm Bob's reputation.
>
>"Oh, I didn't post it. Must have been someone else." says Alice.
>
>"It was posted under your name. Prove that you didn't post it!", they say.
>
>"No problem. I call to thee, thou unbound void! The creator of this piece
>shall sign it now!"
>
>Nothing happens.
>
>"See?" says Alice, "Nobody replied. Therefore I cannot have posted this
>message."
>
>You call *that* a proof?
Actually, it leaves the unsigned post in the "unknown author" class.
Assuming that she did the above, an analysis of Alice's motivations
is in order. Either [A] She wants us to believe she sent the unsigned
post or [B] She doesn't want us to believe she sent the unsigned post.
If A is true, why is she claiming that it isn't? If B is true, why
did she put the name "Alice" on the unsigned post? A reasonable
person would consider it highly probable that the post calling Bob
a [HATE CRIME] was written by someone pretending to be Alice. That's
the reasonable explanation for the creator of the unsigned post refusing
to create a signed post while claiming to be Alice. This is not proof
in the absute sense, but it is strong evidence, given the fact that
Alice has no motivation to behave as you described.
Guy Macon
an...@anon.com wrote:
>You falsely promoted yourself as an "Electrical Engineer",
>you were exposed, and you changed your web page. Or at
>least it was changed the last time we looked, and we don't
>want to go back and see your face again.
It was "Electrical Engineer" when I was applying for a job
with that title, which is rare; "Electronics Engineer" is
far more common. It currently reflects that job title of
the last job I applied for. And got, by the way; short
term but interesting work and good pay. Let me know what
kind of car you like to buy and I will tell you which parts
I was responsible for creating.
>So it's over. Go on back to doing whatever it is you do and stop
>using usenet newsgroups in your never-ending search for pity.
When I decide that I need someone to tell me what I am not
allowed to post to Usenet, I will invite you to apply for the
job.
BTW, I am still waiting for you to explain how I can do
what you constantly demand; put PGP signing in the headers.
Anonymous
> Anonymous <nob...@remailer.paranoici.org> says:
> >George Orwell <nob...@mixmaster.it> wrote:
>
> >> Not that I think PGP stuff belongs in headers. The choices are inline or
> >> MIME, with inline being preferable for something like Usenet where MIME
> >> attachments might be stripped here and there.
>
> >Agreed.
>
> There is no good reason not to bury pgp in headers. Putting that
> garbage in your .sig violates the 4 line rule, and assaults the
> eyesight of everybody who reads your post.
For your info, PGP "signatures" aren't the same as .sig-type
signatures.
Nomen Nescio
> >enough to know how to integrate mixmaster into his newsreader.
>
> Ah, so you are using mixmaster to post to usenet. See, wasn't that
> easy? You need mixmaster. But you don't need slrn.
Using mixmaster with slrn! (repost for information)
===================================================
Sometimes you may want to follow-up or reply anonymously to an article
you are reading in slrn. Here's how.
Put the code from [1] in "$HOME/.slrn/mixmaster.sl". Put the code
from [2] in "$HOME/.slrnrc".
[1]
define mixmaster_ff ()
{
pipe_article("mixmaster -ff");
}
definekey ("mixmaster_ff", "&", "article");
define mixmaster_fr ()
{
pipe_article("mixmaster -fr");
}
definekey ("mixmaster_fr", "\e&", "article");
[2]
interpret ".slrn/mixmaster.sl"
Now when you're in article mode, you can hit & to make an anonymous
follow-up or ESC-& to make an anonymous mail reply.
HTH!
Cyberiade.it Anonymous Remailer
> George Orwell <nob...@mixmaster.it> says:
>
>>You're out of luck because you don't own the key, which makes your
>>forgeries less than useless to you. They are in fact, magically
>>transformed into evidence against someone like you, who tries to impugn
>>the reputation of another for whatever bizarre, self beguiling reasons
>>you believe you have.
>
>>Feel free to prove me wrong of course, by signing any text with KeyID
>>0xb4bf2412.
>
> We just proved you wrong, George. You actually wrote this post that you
> are reading right now!
Um, no you didn't. You failed to do exactly what he said you'd fail to
do. Provide a valid PGP signature for your stupidity. And you never will,
proving that what you wrote is a "forgery". And just how full of shit you
really are. :)
Nomen Nescio
> much better things to do. But it wouldn't surprise us in the least
> if you impersonated us impersonating you. That is your style. You
> just want to make a fuss.
He wants to make a fuss! Fuck me, if you're Roger Manyard then you need help
mate. Searching your name on Google shows you have an obsession with this Guy
Macon guy, and that's just posts under your own name, it looks like you also
use mail2news gateways to attack him anonymously.
Who gives a shit what he describes himself as on Usenet? So he's not an
electrical engineer. Nobody in their right mind is going to hire him just
because of a Usenet claim. Hey, I'm a Shuttle Commander, NASA come and get me!
If he wants to PGP sign his messages, that's his choice. No Usenet provider in
the world has ToS which state he can't do it. Personally I think the guy
should do it just to annoy you, you deserve all you get.
Anonymous Remailer (austria)
Guy Macon wrote:
> Anonymous Remailer austria wrote:
>
>>By the way, you've outed yourself as the troll "Dan C" from the
>>Pensacola. Florida area and this IP address - 70.187.51.136. Hopefully
>>Guy Macon can make use of that bit of knowledge.
>
> I can, if it's true. Of course I need to see the evidence for myself.
> How did you arrive at the conclusion above?
The goofy bastard either isn't trying very hard to hide the fact that
he's this "Dan" moron from Florida, or he really is so stupid he just
sucks when it comes to nym hopping. Probably a combination of both. He's
just too stupid to try very hard. ;)
All you really need to do to verify it is wander off to groups.google.com
and do an advanced search for author "Dan C" and the word PGP. All the
same stupid shit he's yapping about here in APAS will magically appear
before your eyes word for word in other groups. Even his idiotic sign off
and odd fixation with the word "bugger" jumps right out eith the
appropriate search. As does his "we" delusions. Beyond that there's
dozens of little "tells" in his grammar and writing style.
He's your stalker all right. No doubt at all it's the same net loon using
multiple nyms. At least you now have a real sounding name and an IP
address to attache to the "fat retarded kid" image you probably have in
the back of your mind. ;-)
Cyberiade.it Anonymous Remailer
Why are you having so much trouble grasping the context here? Nobody's
saying anything like you silly scenario, they're rightfully saying that
you can't make credible posts claiming to be someone else if that person
signs their own, and you can not.
What you're trying to spin this into is something completely different.
So why would you want to do that? Are you just ignorant, or is there some
real agenda here?
>
>> >> We see your pathetic breed in action all the time. You retards are
>> >> so fucking stupid
>> >
>> > [blablablabla]
>>
>> That's a pretty predictable response coming from someone with no actual
>> argument to pose.
>
> I was just condensing your paragraph about breed, retards and whatnot.
Shoe, fits, wear it.
>
> You call *that* an argument?
I call it an accurate assessment of you personally, and as such, an
important part of the debate. It's pretty clear you're either thick or
dishonest, either of which discredits anything you have to say.
>> I'll take it to mean that in spite of all your blustering you're fully
>> aware that it's impossible to forge a PGP signature,
>
> I wouldn't go as far as saying it is impossible but I agree that it
> involves a ridiculous high amount of determination, time, skills and
> money and that practically nothing and nobody is worth the effort, even
> for an unlimited attacker, given a small time frame.
The PGP is useful for the purposes you're claiming it isn't. Simple as
that.
Thank you for admitting you're wrong. Was it so hard to do that you
couldn't have done it right from the start?
>> and that unsigned
>> messages in another persons' name are obvious forgeries when the true
>> owner of the the identity uses message tamper-proofing like PGP to
>> verify their real messages.
>
> There it is again. The true owner of the identity is still free to post
> without his mighty tamper-proof PGP signature.
I guess it was, for you anyway. <sigh>
Nobody said anything different. the simple point you seem to be
impervious to is that it is *NOT* possible for someone to post signed
text with a key they don't control.
>> > It eludes me how you reach this conclusion. It's a classic Boschloo.
>> > Yes, a signature is most certainly tamper-proof. No, you can't prove
>> > shit about unsigned messages.
>>
>> Sure you can. By challenging the forger to create a digital signature
>> using your key,
>
> If the forger posts under your name, who do you challenge? Yourself?
No silly. The forger.
Please don't project your multiple personality disorders onto others.
It's not polite.
> Which, as we see, means just that: No, you can't prove shit about
> unsigned messages.
Yes you can. When you challenge the forger to produce a copy of the text
with a valid PGP signature attached you prove that it's a forgery.
> Say, you don't happen to have posted about the differences of mixmaster
> running as a daemon or from cron a while ago? Just wondering. Your
> low-level of understanding seems so familiar.
I see you've been frantically trying to study up, trying to pretend you
didn't just wander in after a Google search of your favorite stalking
victim lead you here, but no.
>> > Nobody will challenge you if *you*, the key holder, deny authorship.
>> > It still doesn't prove that you're not the author. PGP doesn't
>> > prevent anyone from lying. That's what the tiny brain chips are for.
>>
>> It doesn't prevent anyone from lying, as is so clearly evidenced by
>> your presence here.
>
> Where did I lie about what? And how does that relate to my presence in
> this newsgroup?
You're a liar. You're trying to diminish one of the inherent benefits of
digital signatures, because you're fully aware that their usage will make
your stalking job much harder.
>> PGP exists, and so do you.
>
> Now that's what I call a nice catchphrase.
Glad you like it. Maybe your should replace your "Ubuntu" signature with
it. :)
> Remember Twinky Admin's often used phrase "I don't have access to my
> computer right now, so no PGP signature"?
Sure do. And many other examples just like that. I also remember people
requesting that he and others sign an acknowledgment when he regained
access before they accepted those posts, and the key holders in question
doing just that.
You need to expand your research. :)
>> > People *may* trust you when you have a history of *always* signing
>> > your articles. They don't have to. Forget to sign your post once and
>> > they have all reason to believe that the next unsigned message is
>> > also from you.
>>
>> Irrelevant nonsense. In fact the pattern doesn't actually have to exist
>> at all for a key holder to prove something as a forgery. If you don't
>> have possession of the unique signing key, you can't produce a
>> signature before OR after the fact.
>
> I won't anyway. Still doesn't prove anything. Who would force you to
> sign your message under your name if you want it to be plausible
> deniable? Nobody, that's who.
Irrelevant. Without the key *you* can't sign a forgery, making the
forgery obvious.
That's really what this is all bout. You see one of your favorite games
being taken away from you.
>> > Anyone who scoops up one of the unsigned articles in a google search,
>> > doesn't even know that there are other, signed, articles.
>>
>> And of course they could never be informed of that existance, now could
>> they?
>
> They usually won't.
Ahhh yes.... the "crystal ball" argument.
LOL!
>> >> Or were you as oblivious to the fact that most major Linux
>> >> distributors use GnuPG to validate their updates as you are about
>> >> PGP and digital signatures in general?
>> >
>> > As said above, you miss the point completely. The point that *signed*
>> > data proves that the signer had access to the signee's private key
>> > was never questioned.
>
>> Actually, it's you who are woefully confused. The *point* here is that
>> UNsigned data proves an author had no access to a specific key even
>> more clearly
>
> Made my day. Really.
I'm glad you revel in your own defeat. It's a bit odd, but hey, as long
as you're happy with it. :)
> So, someone who has access to a specific key can never post any UNsigned
> data? How?
Nobody ever said they couldn't.
>> No key, no signature.
>
> You seem to imply the inverse to be true, too. That is not the case.
Liar. I've specifically stated the inverse is NOT true.
>> Simple as that. If I challenge you to produce a specific signature and
>> you can not, you are obviously not the key's owner or their "agent".
>
> Or I don't want to sign it.
No, you can't.
>> Because of this, digital signatures are inherently useful for
>> disclaiming forgeries.
>
> No. Digital signatures are useful for what they are meant to be: Proving
> authorship. They cannot prove non-authorship in a system that does not
> force signatures on everything.
LOL!
You are one of the exceptionally under informed masses. Truly exceptional.
Cyberiade.it Anonymous Remailer
> Minor quibble? First of all, we
<FLUSH!>
FIRST of all there is no "we". The voices in your head aren't real people
Dan. You're imagining them. Have the nice lady in the white coat adjust
your medication.
Anonymous
> Cyberiade.it Anonymous Remailer <anon...@remailer.cyberiade.it> says:
>
>>Header signatures are problematic if not impossible for most people to
>>verify because virtually all software adheres to RFC standards and
>>handles inline or MIME signatures alone,
>
> Ah, since the bread is too big for the toaster it is not worth eating?
Were you trying to make a point here? You failed.
Simple facts:
1) There's established standards for implementing digital signatures in
messages.
2) None of them put signature data in any header.
> You don't _need_ "virtually all software" to verify pgp trash, unless
> you don't know what pgp is, or how to use it.
Of course you do.
>
>>the "4 line rule" never was a rule in the first place even though the
>>RFC in question specifically EXEMPTS digital signatures from that
>>guideline <snicker>, and if you're eyes are "assaulted" by PGP
>>signatures you have deep seeded mental issues that go far beyond
>>anything relating to a few lines of text.
>
> Everything below the "-- " is part of the .sig. There is no "pgp .sig"
> separate from the .sig. It is part of the .sig.
Absolutely not true according the to RFC's you're lying about.
> You probably think it is ok to use a 100 line .sig because you'll argue
> that it is really 25 different .sigs, each only 4 lines long.
ROTFL!
Do you have any idea how stupid you look now? :)
> You guys are a riot.
>
> The people (more and more all the time) who put their pgp trash in their
> headers rarely have .sigs that violate the 4-line standard.
You're babbling again.
Anonymous
> Anonymous <cri...@ecn.org> says:
>>anon wrote:
>
>>> There is no good reason not to bury pgp in headers. Putting that
>>> garbage in your .sig violates the 4 line rule, and assaults the
>>> eyesight of everybody who reads your post.
>
>>You truly are a world class imbecile...
>
>>From RFC 1855:
>
>> - Forging of news articles is generally censured. You can protect
>> yourself from forgeries by using software which generates a
>> manipulation detection "fingerprint", such as PGP (in the US).
>
>>That's the exact same RFC you're getting your "4 lines" buffoonery from.
>
> The 4-line "buffoonery" as you call it is a long time standard of usenet
> netiquette and any reference to this netiquette standard in an RFC is
> pointless.
Wrong. It's a guideline, not a standard. Nobody is bound to it, and the
RFC your wetting yourself over clearly states that. Even the specific
word "should" is defined to remove this ambiguity from all but the
tiniest of minds.
>
> And just because the guy who wrote the RFC 1855 doesn't understand the
> limitation of pgp trash, doesn't mean that you have to misunderstand
ROTFL!
So when RFC can be twisted into something that you think might convince
someone you have a vague relationship with a clue it's Gospel even though
it self-defines as a mere guideline, but when it specifically and clearly
disagrees with your idiocy the author is guilty of ignorance.
> those limitations as well. You have our permission to actually sit
> down, hold your knees down so they won't jerk, and _think_ about what we
> are saying.
That's your problem sonny, people ARE thinking about it, analyzing it,
researching it, and finding out you're a flaming idiot. Then cockslapping
you with the lot of it. :)
> The fact that you put pgp trash in some posts with your name on them
> does not prove that other posts with your name on them, that do not have
> pgp trash, are not yours.
Sure they do.You proved that very clearly all by yourself in the post
where you claimed to be responding to one of your own messages, but
failed to be able to attach a valid PGP signature to that text. As
predicted. Kicked your own ass pretty thoroughly as a matter of fact.
Ari
>>Suppose Alice has a habit of always signing her posts.
>>Now a post appears under Alice's name, calling Bob a [HATE CRIME].
>>The others demand Alice to explain herself for this outrageous insults that
>>could harm Bob's reputation.
>>
>>"Oh, I didn't post it. Must have been someone else." says Alice.
>>
>>"It was posted under your name. Prove that you didn't post it!", they say.
>>
>>"No problem. I call to thee, thou unbound void! The creator of this piece
>>shall sign it now!"
>>
>>Nothing happens.
>>
>>"See?" says Alice, "Nobody replied. Therefore I cannot have posted this
>>message."
>>
>>You call *that* a proof?
>
> Actually, it leaves the unsigned post in the "unknown author" class.
>
> Assuming that she did the above, an analysis of Alice's motivations
> is in order.
Guy, I gotta jump in here, Buddy, and lend you friendly advice.
"Stay down, stay down."
Ari
> It was "Electrical Engineer" when I was applying for a job
> with that title, which is rare; "Electronics Engineer" is
> far more common. It currently reflects that job title of
> the last job I applied for. And got, by the way; short
> term but interesting work and good pay. Let me know what
> kind of car you like to buy and I will tell you which parts
> I was responsible for creating.
F50.
Ari
> He wants to make a fuss! Fuck me, if you're Roger Manyard then you need help
> mate. Searching your name on Google shows you have an obsession with this Guy
> Macon guy, and that's just posts under your own name, it looks like you also
> use mail2news gateways to attack him anonymously.
>
> Who gives a shit what he describes himself as on Usenet? So he's not an
> electrical engineer. Nobody in their right mind is going to hire him just
> because of a Usenet claim. Hey, I'm a Shuttle Commander, NASA come and get me!
Columbia, Columbia, are you there?
Ari
>>Fellas, we finally found someone even more stupid than Eelbash. I
>>never deemed that possible but here he is.
>
> You do understand that it is mixmaster, and not slrn, that is
> posting your anonymous usenet articles?
>
> We feel sorry for the kind of people who need to insult others
> through anonymous newsreaders.
Fellas?
We?
Who the fuck do you two think you are? Spartacus and Tony Soprano?
You know, this whole posting via whatthefuckever anonymous, what a
blowbag of egotistical bullshit. Not one of any of you have, ever or
will likely ever be worth filing a civil lawsuit much less be picked up
by any TLA foreign or domestic.
It is fun to watch, actually it's an office worth of belly laffs, to
spectate while you anonymous clowns swing feather punches at each other,
claiming the non existent crown of King Of Invisible DungSlung.
Sorry, carry on. Wait, let me get my co-workers over here.....
Hey, Fellas and We's, the anonymous asstwerps are flexing their tiny
biceps and swishing their cocks and tails, bring a Bud Light and hunker
down, this is going to be hilarious!!
Ari
> Sometimes you may want to follow-up or reply anonymously to an article
> you are reading in slrn. Here's how.
>
> Put the code from [1] in "$HOME/.slrn/mixmaster.sl". Put the code
> from [2] in "$HOME/.slrnrc".
>
> [1]
> define mixmaster_ff ()
> {
> pipe_article("mixmaster -ff");
>
> }
>
> definekey ("mixmaster_ff", "&", "article");
>
> define mixmaster_fr ()
> {
> pipe_article("mixmaster -fr");
Wow, that is sooooofucking interesting. Gee, thanksola, do you have
anything Einstinean? Maybe some sexy C# code? Anything, I can't keep my
eyes of this really fucking great shite.
Ari
> an...@anon.com? I didn't see any post with that in the From: line.
> (checks Google Groups) Ah. My RM filter caught that. OK, I am
> whitelisting that one as well, but I will be glad to remove the
> whitelisting if "an...@anon.com" requests it.
Here's a request. Got a fist? Lessee, Renter, if you could shove it up
your tiny white ass? C'mon, give it a try. You've gotten your butt cut
to shreds in this thread anyway, what's a little more bloody bleeding?
an...@anon.com
>I just said that he *cannot* prove that the posting he himself
>made without a signature isn't from him. He can only prove that
>someone else posting without a signature isn't him; the proof
>is in the inability to produce a post with a signature on demand.
How are you going to find him to make this demand? If somebody is
impersonating you, then you are the only person that can be asked
for the signature "on demand."
Please stop your whining. You are just making yourself look sillier
and sillier.
cordially, as always,
rm
an...@anon.com
>>an...@anon.com wrote:
>an...@anon.com? I didn't see any post with that in the From: line.
>(checks Google Groups) Ah. My RM filter caught that. OK, I am
>whitelisting that one as well, but I will be glad to remove the
>whitelisting if "an...@anon.com" requests it.
We saw one an...@anon.com that was obviously written by you and it
was apparently intended for us. And you don't have an RM filter.
We are one an...@anon.com, at least while this foolishness lasts.
But we don't mind admitting our real name (Ron Matthews) because for
us anonymity is just a game. We don't take it seriously because we
don't have to take it seriously. We have nothing to hide.
Go on home, sir.
cordially, as always,
rm
an...@anon.com
>That's the reasonable explanation for the creator of the unsigned
>post refusing to create a signed post while claiming to be Alice.
>This is not proof in the absute sense, but it is strong evidence,
>given the fact that Alice has no motivation to behave as you
>described.
How are you going to reach the person you claim is impersonating
Alice? If Alice wants you to think that she didn't post what she
actually did post, she is not going to obey your demand. Or she
might not obey your demand, even if she doesn't care who you think
sent the message, simply because you're an asshole and she never
does what assholes demand.
Bugger off. We've all had enough of your silliness.
cordially, as always,
rm
an...@anon.com
>an...@anon.com wrote:
>>You falsely promoted yourself as an "Electrical Engineer",
>>you were exposed, and you changed your web page. Or at
>>least it was changed the last time we looked, and we don't
>>want to go back and see your face again.
>It was "Electrical Engineer" when I was applying for a job
>with that title, which is rare;
That's what we said.
>"Electronics Engineer" is far more common. It currently reflects
>that job title of the last job I applied for. And got, by the way;
>short term but interesting work and good pay. Let me know what
>kind of car you like to buy and I will tell you which parts I was
>responsible for creating.
That's a truly frightening thought. We hope you had nothing to do
with airbags, for instance. We shudder to think what would happen
if, for example, you brought back and gave to the Engineer, who was
designing the airbags, cold coffee and pissed him off. What if he
had an allergy to peanuts and you gave him a peanut butter sandwich
instead of the ham and cheese that you were supposed to get?
>>So it's over. Go on back to doing whatever it is you do and stop
>>using usenet newsgroups in your never-ending search for pity.
>When I decide that I need someone to tell me what I am not
>allowed to post to Usenet, I will invite you to apply for the
>job.
Well, then why not at least go back and pretend you still have an RM
filter and then you can pretend that you don't read us anymore.
cordially, as always,
rm
an...@anon.com
You only have one signature. By definition. If you use pgp, it is
part of your signature, unless you put it in the headers or an
attachment.
Some of you guys...
cordially, as always,
rm
an...@anon.com
>Using mixmaster with slrn! (repost for information)
>===================================================
>Sometimes you may want to follow-up or reply anonymously to an article
>you are reading in slrn. Here's how.
>Put the code from [1] in "$HOME/.slrn/mixmaster.sl". Put the code
>from [2] in "$HOME/.slrnrc".
>[1]
>define mixmaster_ff ()
>{
> pipe_article("mixmaster -ff");
>}
>definekey ("mixmaster_ff", "&", "article");
>define mixmaster_fr ()
>{
> pipe_article("mixmaster -fr");
>}
>definekey ("mixmaster_fr", "\e&", "article");
>[2]
>interpret ".slrn/mixmaster.sl"
>Now when you're in article mode, you can hit & to make an anonymous
>follow-up or ESC-& to make an anonymous mail reply.
>HTH!
It's much easier to simply pipe it from vim and you can do that with
any newsreader where you can use your own editor. But we appreciate
your article. We don't use slrn because it is a really shitty
newsreader but a lot of idiots do and since they are unlikely to be
able to handle the mixmaster menus, you have given them another
gadget to work with.
cordially, as always,
rm
an...@anon.com
>> Minor quibble? First of all, we are not impersonating you. We
>> have much better things to do. But it wouldn't surprise us in
>> the least if you impersonated us impersonating you. That is your
>> style. You just want to make a fuss.
>He wants to make a fuss! Fuck me, if you're Roger Manyard then you
>need help mate. Searching your name on Google shows you have an
>obsession with this Guy Macon guy, and that's just posts under your
>own name, it looks like you also use mail2news gateways to attack
>him anonymously.
Hardly, mate. He impersonates us and then attacks himself. He has
done it with other people besides us. Look around some more.
You'll figure it out.
>Who gives a shit what he describes himself as on Usenet? So he's
>not an electrical engineer. Nobody in their right mind is going to
>hire him just because of a Usenet claim. Hey, I'm a Shuttle
>Commander, NASA come and get me!
Perhaps if you had gone through school and the licensing process
necessary to call yourself a professional, you would understand.
>If he wants to PGP sign his messages, that's his choice. No Usenet
>provider in the world has ToS which state he can't do it.
>Personally I think the guy should do it just to annoy you, you
>deserve all you get.
And just like you say that it doesn't matter if you claim to be an
astronut, it doesn't matter to us what you think about Macon, us, or
anything else. But you are entertaining, mate!
BTW: Our name is Ron Matthews. "Roger Manyard" is a work of
fiction, created by trolls a long, long time ago. Apparently there
used to be a troll named "Roger Maynard" who posted semi-regularly
10 or 15 years ago and somebody decided to skew the letters in his
name and give that name to us as some sort of insult.
cordially, as always,
rm
an...@anon.com
>Why are you having so much trouble grasping the context here? Nobody's
>saying anything like you silly scenario, they're rightfully saying that
>you can't make credible posts claiming to be someone else if that person
>signs their own, and you can not.
Unbelievable. What you are saying is true only if "that person"
_must_ sign their posts. But since they don't have to sign their
posts, they cannot prove that a post without their signature is an
imposter or a genuine post that they either forgot to sign, or
simply chose not to sign.
>What you're trying to spin this into is something completely
>different. So why would you want to do that? Are you just
>ignorant, or is there some real agenda here?
The only "agenda" for us is to help people like you understand
simple logic. PGP does not work like you "think" it does. If it
did, everyone would use it.
But hardly anyone uses it. That should be enough right there to
help you understand the value of pgp trash. With usenet it is an
affectation. A toy. With email it has a limited reliability at
best. That's just the way it is. We know that you _wish_ it were
otherwise, but it's not.
Now go away. Please.
cordially, as always,
rm
an...@anon.com
><FLUSH!>
Wow. This guy thinks we're Dan C. And he thinks that we are a
loon. This has to be ANC, right?
cordially, as always,
rm
an...@anon.com
><FLUSH!>
Actually, it is probably Dan C himself, upset because he isn't
receiving any attention in this thread, so he is injecting his own
identity in there.
Or it could be Guy Macon, trying to keep this troll alive and using
somebody else's name because nobody takes him seriously.
Our name is Ronald Matthews and we are Canadian. And we wouldn't
live in Florida, or anywhere else in that shithole of a country,
even if we were American.
cordially, as always,
rm
an...@anon.com
>anon wrote:
>> Cyberiade.it Anonymous Remailer <anon...@remailer.cyberiade.it> says:
>>>Header signatures are problematic if not impossible for most
>>>people to verify because virtually all software adheres to RFC
>>>standards and handles inline or MIME signatures alone,
>> Ah, since the bread is too big for the toaster it is not worth
>> eating?
>Were you trying to make a point here? You failed.
We're not surprised.
>Simple facts:
>1) There's established standards for implementing digital
There are?
>signatures in messages.
How you implement pgp is totally irrelevant. The only thing that
matters is whether you can use it to verify a signature. And you
can use pgp in headers or mime, to verify a signature.
>2) None of them put signature data in any header.
Who cares? All you are doing is admitting that you don't know how
to do it.
But, increasingly, more and more people are doing it because of
usenet complaints. Perhaps, when enough people start doing it,
people like you will consider it "official" and start doing it
yourselves.
>> You don't _need_ "virtually all software" to verify pgp trash,
>> unless you don't know what pgp is, or how to use it.
>Of course you do.
No, you don't. Please give us a partial list. Tell us all the
software that you need to verify a pgp signature.
>>>the "4 line rule" never was a rule in the first place even though the
>>>RFC in question specifically EXEMPTS digital signatures from that
>>>guideline <snicker>, and if you're eyes are "assaulted" by PGP
>>>signatures you have deep seeded mental issues that go far beyond
>>>anything relating to a few lines of text.
>> Everything below the "-- " is part of the .sig. There is no "pgp
>> .sig" separate from the .sig. It is part of the .sig.
>Absolutely not true according the to RFC's you're lying about.
>> You probably think it is ok to use a 100 line .sig because you'll
>> argue that it is really 25 different .sigs, each only 4 lines
>> long.
>ROTFL!
>Do you have any idea how stupid you look now? :)
Right. You don't know how to put pgp in headers. You think that
you need all kinds of software to verify a signature. And you don't
know what a sig file is. It's probably best for you to remain
anonymous.
But our name is Ronald L. Matthews. And we know that you only need
one piece of software to verify a pgp signature. We'll leave it to
you to figure out what that piece of software is.
cordially, as alway,
rm
an...@anon.com
>anon wrote:
>> The 4-line "buffoonery" as you call it is a long time standard of
>> usenet netiquette and any reference to this netiquette standard
>> in an RFC is pointless.
>Wrong. It's a guideline, not a standard. Nobody is bound to it, and the
>RFC your wetting yourself over clearly states that.
The four line signature rule is a standard established by usage.
RFCs are guidelines, which may, or may not, be consistent with
established usage. Many RFCs inform and establish usage, but
established usage, particularly usage that predates the relevant
RFC, is the standard, not the RFC. An RFC is simply an opinion or a
recommendation and nobody has to obey it.
And while established usage is sometimes recognized by law, RFCs
are never recognized as legally binding.
>Even the specific word "should" is defined to remove this ambiguity
>from all but the tiniest of minds.
Is it possible for you to say something without attaching a childish
insult?
>> And just because the guy who wrote the RFC 1855 doesn't
>> understand the limitation of pgp trash, doesn't mean that you
>> have to misunderstand
>ROTFL!
Well, no, you aren't rolling on the floor. In fact, you are not
even laughing. So why do you say that you are?
>So when RFC can be twisted into something that you think might
>convince someone you have a vague relationship with a clue it's
There is that cliche "clue" word again. You are not worth our time.
Bye.
cordially, as always,
rm
--
juris doctor, University of Toronto Faculty of Law
Guy Macon
I looked and did not find what you decribe. I found him quoting
those keywords fairly often, which is not surprising considering the
many flaming interactions between the two on alt.os.linux.slackware.
Try setting the Return only messages where the author is option to
youmust...@lan.invalid and you will see what I mean. Try
searching for posts by that author with the word impersonating in
them, for example.
Someone (I wish I could take credit, but it wasn't me) did some
research that is quite convincing if you follow the links and
read the posts it references. Do a Google Groups search on
[ Roger Maynard FAQ ] and you will see it.
I don't want to assume that you are wrong -- or that you are
Roger Maynard trying to pin the blame for your actions on Dan
C -- so I will assume that my searching skills are at fault
here. Could you please provide a Message-ID to one of the
posts you describe above?
--
Remailer Operators: Please feel free to filter out any posts
with "Guy Macon" or "guymacon" in the Subject or From lines.
an...@anon.com
>On Wed, 25 Jul 2007 03:44:45 GMT, an...@anon.com wrote:
>>>Fellas, we finally found someone even more stupid than Eelbash. I
>>>never deemed that possible but here he is.
>> You do understand that it is mixmaster, and not slrn, that is
>> posting your anonymous usenet articles?
>> We feel sorry for the kind of people who need to insult others
>> through anonymous newsreaders.
>Fellas?
>We?
>Who the fuck do you two think you are? Spartacus and Tony Soprano?
Is there some reason we are supposed to care about who you think, we
think, we are?
We do feel sorry for those who need to insult others, whether
through an anon newsreader, or an effectively anon yahoo account.
>You know, this whole posting via whatthefuckever anonymous, what a
>blowbag of egotistical bullshit. Not one of any of you have, ever
>or will likely ever be worth filing a civil lawsuit much less be
>picked up by any TLA foreign or domestic.
Ah, so you can't figure the stuff out. And because this damages
your already diminished self-esteem, you lash out at us in a vain
attempt to feel superior. Insulting others makes you feel good
about yourself, althoug we suspect that you are anything but the
insulting type when confronted face to face. And the fact that you
are a whimp, and are generally pushed around as you limp through
life, is the primary reason your self-esteem has become so damaged.
But take heart. Your inferior status is probably owing to bad
genes, and for that reason you don't have to blame yourself for
being a loser. It's probably not a good idea to blame your parents
however, because they didn't have a choice about who they are,
either. You could try blaming God, if you are the superstitious
type. But then you have to recognize that the Lord works in
mysterious ways and that you are the way you are for a reason.
Perhaps your role in this universe can be found in some future
assassination of an important person. Or perhaps your entire
purpose lies simply in being worm fodder after you are buried.
>It is fun to watch, actually it's an office worth of belly laffs,
>to spectate while you anonymous clowns swing feather punches at
>each other, claiming the non existent crown of King Of Invisible
>DungSlung.
Gee, that's really clever stuff. King of Invisible DungSlung!
Guy Macon
an...@anon.com wrote:
>We saw one an...@anon.com that was obviously written
>by you and it was apparently intended for us.
Message-ID, please. I want to see the headers.
Please consider the implications of what you wrote above.
It leaves me with:
[1] You have shown yourself to be willing to impersonate me,
pretend to be an employer who supposedly fired me, etc.
for the stated reason that you don't like something I wrote.
[2] You have shown yourself to be willing to assume that an
anonymous post is "obviously written by me" when it wasn't.
[3] You are posting to alt.privacy.anon-server with opinions
about PGP signatures that the regulars consider to be wrong.
[4] This behavior us sure to result in you being flamed by users
-- and operators -- of anonymous remailers, which you can then
claim to be "obviously" from me.
I can only conclude that attempting to appease you by avoiding
any actions which will "set you off" is futile. If I give you
no reason to impersonate and harass, you will just make one up.
>And you don't have an RM filter.
If you say so.
Anonymous Remailer (austria)
anon wrote:
Actually no it's not. That's why PGP/GnuPG escapes sigdash delimiters in
clearsigned messages, making the signature a part of the message body by
definition, and appending a digital signature that isn't governed by your
silly "4 line" straw grab. This is to prevent clients/filters which drop
signatures from borking up message authentication.
You have a hardon for PGP because it allows people to trivially defeat
your long and colorful history of forging other people's posts. You have
no life beyond Usenet and your harassment of others. Widespread use of
digital signatures would take that away from you, and the possibility is
frightening in your world.
Guy Macon
an...@anon.com wrote:
>Tell us all the software that you need to verify a pgp signature.
Interesting comment, comming from someone who ignores
repeated requests to tell us all the software that you
need to put PGP in headers. Ideally, one that works with
Mozilla Thunderbird.
>Right. You don't know how to put pgp in headers.
And, it appears, neither do you.
Guy Macon
an...@anon.com wrote:
>Actually, it is probably Dan C himself, upset because he isn't
>receiving any attention in this thread, so he is injecting his own
>identity in there.
>
>Or it could be Guy Macon, trying to keep this troll alive and using
>somebody else's name because nobody takes him seriously.
There is an old saying that the man who keeps looking for
someone hiding under the bed has hidden under a few himself.
You just can't handle the concept of someone who refuses to
stoop to your level.
George Orwell
> Guy Macon <http://www.guymacon.com/> says:
>
>>I just said that he *cannot* prove that the posting he himself made
>>without a signature isn't from him. He can only prove that someone else
>>posting without a signature isn't him; the proof is in the inability to
>>produce a post with a signature on demand.
>
> How are you going to find him to make this demand? If somebody is
> impersonating you, then you are the only person that can be asked for
> the signature "on demand."
Uh, dumbfuck... you've already proved how this works by barking on
command to the "TEST USER" sub-thread, and demonstrated exactly how
effective PGP can be in ferreting out your juvenile forgeries by failing
to be able to digitally sign onwe of your more laughable attempts.
That's not to say you've actually come up with anything that's competent
mind you, just that your antics seem to get more pathetic over time.
Anonymous Sender
> We are one an...@anon.com, at least while this foolishness lasts. But we
> don't mind admitting our real name (Ron Matthews)
No, that's just one of dozens of "rm" pseudonyms you've used over the
years. And I do mean years, because you've been at is since the early
90's.
You even used "Cordial Boy" for a while in '93, which shows what a one
trick pony you really are. :)
> cordially, as always,
<laugh>