Latent-Time
starwars
in the chain or just the final hop?
Frog-Admin
On Thu, 11 Sep 2003, starwars <nob...@tatooine.homelinux.net> wrote:
>If I use the Latent-Time header, is it applied to every remailer
>in the chain or just the final hop?
- -Latency is a CPUNK directive
- -You have to supply the 'Latency' for each remailer
- -Remailer has to understand it
Miscellaneous Functions
http://frogadmin.yi.org/MISC/
http://frogadmin.yi.org/MISC/CompCaps.html
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2GImoDgT488d3zFAQFzxQgAgA54h4Ld602fv4qQ4sNI+R1ZichI6yPc
xiXXX67TTrM1Rx8TFu+20pPjJ15hj4665xYJEG5c0i5DN5rsZtXHhcWfizF97XYg
AbPzLLUHp6K2j7PL7EFmvtg30CJ2LTi4EQzMmttbUheEqFzoCHOYQYn9MgXSqz4h
qB5AbJ9vTExJvKkDfKAbvCberg8KOIe1j50XD6DMc7NXke2h/ePFKHKzqtziTuko
T1z4c30w9CiPCtKpsEtYO6M42aDqr/OoL87VQymPYMCv+67QcRmmuna0u7y16+rT
uuURto6/2qIZnRi6z5+atkahcxcyTJWCZ+o649ruQ5hewlpT4fQQxg==
=kc6O
-----END PGP SIGNATURE-----
starwars
On Tue, 10 Jun 2003, Anonymous...@See.Comment.Header (Vic) wrote:
>Several days ago some Usenets posts I made with Frog as the
>final remailer failed to appear on my main news server so I thought
>Frog was not functioning correctly. Then, I checked on an alternate
>server and indeed the missing Frog posts were there. Since that
>time it appears that my main news server (located in Germany)
>has begun to block postings thru Frog, but not other remailers.
>Has anyone had a similar experience? Any idea why a news
>server would block one remailer, but not (yet) others?
Because frog-admin is a psychotic criminal who responds to legitimate abuse
complaints by flooding the people who complain, and then adds their names and
email addresses to the headers of every post through his remailer to flood and
spam people who complain about all his other abuse.
If that wasn't bad enough, he threatens to get people fired from their jobs for
disagreeing with him on Usenet. Luckily, he's so obviously a psychotic maniac
that nobody would fire anyone based on the lies of this kook. But behavior like
that gets punished, and people now back away warily from the unmedicated
psychotic and refuse to forward his floods and abuse.
Since other remops aren't abusive criminals, they aren't treated like this.
frog-admin is now a sad pariah, and his remailer is blocked by all responsible
remops. Avoid frog and you should be okay.
An Metet
>
> - -Latency is a CPUNK directive
Ah, then I may be doing something stupid. I use Quicksilver and
send Mixmaster-encoded messages. Is the Latent-Time header just
ignored under those circumstances?
starwars
Thanks for that. Any serious answers?
Tarapia Tapioco
An Metet <anm...@liberty.gmsociety.org> wrote:
Fuck off troll
Frog-Admin
Unlike JBN2, which offers a separate graphical element (TextBox, Combo, OptionButton) for each *valid* parameter, (12 on main page, 18 on normal mode) QS has just one single freetext window.
QS lets you enter anything, won't control anything, and your message's reliability may suffer.
e.g.: There has been hundreds of posts in apas about messages being lost for missing or extra colons.
In short:
JBN2 won't even offer the possibility to insert a 'latency' directive with MIX (where it is meaningless), while offering a combo with CPUNK (where it is useful).
QS won't control or propose anything.
JBN will also propose an authoritative help file on those matters.
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2QtWYDgT488d3zFAQEQqAf/TJ4dwO8UNoP2CGIf6KXgGlqDDHze8lT0
i7Qmi2aI4XWIE6O4TmO48DP9Em647R5J+96/qQD+WB6TxQp1Jq/V9QP8Y07V7shE
aodnVk8+Xy6guBi9Bh40vdq42z/sV35xBokvnvDD+5on0vQjmrfIeMnugILkf/9u
WzxxVNc3V4LDbjs9LQQVX48GlIf8uAdpRK+sPgS4gd8zgTUQG3xy1CJvnVcjH7x6
Ald6exSZrMYlbQhDGRvM4PyWvWRMAHACjy4wEUVwsNaa7wEm/WCLzyKsO/h3y0bR
MmZJrIjSFUdtf1YB4O/SRbcpk4iz4pSQieOj79WVHxcegYyWQDUIQg==
=HfLx
-----END PGP SIGNATURE-----
starwars
Anonymous...@See.Comment.Header (Frog-Admin) wrote:
>
> JBN2 won't even offer the possibility to insert a 'latency' directive
> with MIX (where it is meaningless), while offering a combo with CPUNK
> (where it is useful).
> QS won't control or propose anything.
> JBN will also propose an authoritative help file on those matters.
Thanks for the answer. So there's no way to manually control the
latency of Mixmaster-encoded messages, oh well. Looks like I'll
just have to carefully select the remailers that have longer
latencies.
Frog-Admin
If you use CPUNK encryption,
and choose remailers which are REMIX-compliant,
and if they hold good keys for transparent-remix
Your Cpunk messages will be mix-encapsulated,
your Cpunk latency directives will be interpreted,
you will get the best of both worlds
PS
Re-read the caveats
JBN offers possibility to automatically select remix-compliant remailers
Other clients: I don't know / probably not
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2TE54DgT488d3zFAQGxZQf+NZ9twNTnoWMZrtpHAJp+cd29Dk0PZ0t9
DOSzXX4bXifDqdQhEk0PysMfQOMt83V8Zh1szTstVnD5UyL/xBhImuYrj6XR/4T+
Zo/iZDFNYs3kqcWY3KgjTmToO0KrYbCfa0+zBuigERDqC6PArksvElrwtOTHxukU
5TJ46HoMkQr5QgKFzdIoVKpCxroV8Q9KscVB2lQVwSy/y9vw+Iofnp7JldLjCYjW
fyHSFMy5e79wdDjqvLvDxkVFIuUFqzHFPbEgYQiWmT015yWZOScxmeZ0NAlxs9UM
tEsi26Ka89Qo5e0RDTUKDAgvaKoeaAIoeZzFMzwCBdM6uFvvCAgsQA==
=udXm
-----END PGP SIGNATURE-----
QuickSilver
Hi Frog!
I happened across your post and thought I would add a few comments.
In article <N36YJ8L737878.5013078704@Gilgamesh-frog.org>
Anonymous...@See.Comment.Header (Frog-Admin) wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Fri, 12 Sep 2003, An Metet <anm...@liberty.gmsociety.org> wrote:
> >Anonymous...@See.Comment.Header (Frog-Admin) wrote:
> >>
> >> - -Latency is a CPUNK directive
> >
> >Ah, then I may be doing something stupid. I use Quicksilver and
> >send Mixmaster-encoded messages. Is the Latent-Time header just
> >ignored under those circumstances?
>
> Unlike JBN2, which offers a separate graphical element (TextBox, Combo, OptionButton) for each
> *valid* parameter, (12 on main page, 18 on normal mode) QS has just one single freetext window.
I guess we all like to push the client we prefer. I see you choose to
critize QS for problems when you don't even know if they still exist. I
have worked very hard in recent years to improve QS. This has been
based on feedback. Sometimes I'm a bit dense and don't get the picture
right away.
Well, anyway, JBN is not perfect. The JBN GUI is counterintuitive and a
new user must read the manual over and over to begin to grasp what is
required. And there is very little context sensitive help. All in all,
JBN does the job well but not in a friendly way. I receive mail
frequently from new QS users who tell me of their bad experiences with
JBN. Very few I talk to find the program appealing. I'm sure RProcess,
like myself, thought he had created the best possible interface. I'm
inclined to think the best is somewhere between the 2--with a
preference toward my own ideas!
As for the freetext window. It is simplicity in itself. It is in fact
the single biggest success of my QS design. I know this from the mail I
receive. There is little required to learn and 95 out of 100 people
understand immediately. They create messages, test them, and save these
messages as templates. It is a simple system. Nearly everybody gets it.
> QS lets you enter anything, won't control anything, and your message's reliability may suffer.
> e.g.: There has been hundreds of posts in apas about messages being lost for missing or extra colons.
The QS support in a.p.a-s is far less than it was 2 or 3 years ago.
This is because I have worked very hard to improve documentation and
even automatically popup dialogs explaining areas where I found there
was confusion.
> In short:
> JBN2 won't even offer the possibility to insert a 'latency' directive with MIX (where it is
> meaningless), while offering a combo with CPUNK (where it is useful). QS won't control or propose
> anything. JBN will also propose an authoritative help file on those matters.
What about JBN's use of VB random functions. Microsoft clearly states
those are not suitable for cryptographic purposes. This is a serious
security consideration. People should know about that. What about JBN's
limited range of supported protocols? Type 1 is, today, on the verge of
obsolesence. JBN uses Mixmaster 2.0.4. This was good 5 years ago, but
now is considered nearly as inferior as cpunk. This is a legitimate
security concern. Also, I have seen JBN users come here pissed off
because JBN wiped out their PGP keyrings. The worst part of that
problem is that JBN forces the user to put remailer and nym keys on
their main PGP keyrings.
What about the future? JBN has not been updated in 5 years and there
are no plans to do so. Considering what we can actually see in the near
future, JBN and Reliable are on the virge of obsolesence. People want
new protocols supported in their remailer client. For people that study
incredibly hard to learn how to use JBN, there will be no new versions
and no incorporation of new technologies. Another unwelcome dilemma
when using JBN relates to the desire to upgrade other software packages
and the need to retain backwards compatibility for JBN. That new
windows platform they'd like may not be possible and no new PGP
version, either. I can't understand why you won't update JBN, but that
is your business.
That is my perspective on the differences between the 2 clients. I'm
sure you are not surprised that I don't see things the way you do.
Generally, I don't comment on JBN, but I consider this a special case.
Richard
- --
R.Christman
quick...@skuz.net
http://quicksilvermail.net
visit http://www.noreply.org
an incredible resource of statistical information for remailer users
QuickSilver Help Pages http://www.cotse.net/users/bluejay/qs/menu.html
If you are new here, click for important info regarding frog-admin.
http://quicksilver.skuz.net/BEWARE.html
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQBVAwUBP2Zz3/kiDnOECmYBAQHKbQIAreX9HsNzP9PA/dKCBIQjv7H6CyCgRjdw
0E+ORmQK4c6+JMsulXjaSn9RWnSVZqfbNz61uZvwaEyfbn3vt7vfYQ==
=E49z
-----END PGP SIGNATURE-----
QuickSilver
Hi Frog!
I happened across your post and thought I would add a few comments.
In article <N36YJ8L737878.5013078704@Gilgamesh-frog.org>
Anonymous...@See.Comment.Header (Frog-Admin) wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Fri, 12 Sep 2003, An Metet <anm...@liberty.gmsociety.org> wrote:
> >Anonymous...@See.Comment.Header (Frog-Admin) wrote:
> >>
> >> - -Latency is a CPUNK directive
> >
> >Ah, then I may be doing something stupid. I use Quicksilver and
> >send Mixmaster-encoded messages. Is the Latent-Time header just
> >ignored under those circumstances?
>
> Unlike JBN2, which offers a separate graphical element (TextBox, Combo, OptionButton) for each
> *valid* parameter, (12 on main page, 18 on normal mode) QS has just one single freetext window.
I guess we all like to push the client we prefer. I see you choose to
critize QS for problems when you don't even know if they still exist. I
have worked very hard in recent years to improve QS. This has been
based on feedback. Sometimes I'm a bit dense and don't get the picture
right away.
Well, anyway, JBN is not perfect. The JBN GUI is counterintuitive and a
new user must read the manual over and over to begin to grasp what is
required. And there is very little context sensitive help. All in all,
JBN does the job well but not in a friendly way. I receive mail
frequently from new QS users who tell me of their bad experiences with
JBN. Very few I talk to find the program appealing. I'm sure RProcess,
like myself, thought he had created the best possible interface. I'm
inclined to think the best is somewhere between the 2--with a
preference toward my own ideas!
As for the freetext window. It is simplicity in itself. It is in fact
the single biggest success of my QS design. I know this from the mail I
receive. There is little required to learn and 95 out of 100 people
understand immediately. They create messages, test them, and save these
messages as templates. It is a simple system. Nearly everybody gets it.
> QS lets you enter anything, won't control anything, and your message's reliability may suffer.
> e.g.: There has been hundreds of posts in apas about messages being lost for missing or extra colons.
The QS support in a.p.a-s is far less than it was 2 or 3 years ago.
This is because I have worked very hard to improve documentation and
even automatically popup dialogs explaining areas where I found there
was confusion.
> In short:
> JBN2 won't even offer the possibility to insert a 'latency' directive with MIX (where it is
> meaningless), while offering a combo with CPUNK (where it is useful). QS won't control or propose
> anything. JBN will also propose an authoritative help file on those matters.
What about JBN's use of VB random functions. Microsoft clearly states
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQBVAwUBP2Z1fvkiDnOECmYBAQGsAgIApHyk/SgyydHVcNUt0VB+TTzBUSY2xXL3
MwDsvjuXMKIqH+E841YkoawtLbPORx+n+3Xs8EtWx7OCOHMXCcbMmA==
=eBBA
-----END PGP SIGNATURE-----
Anonymous
<Use-Author-Supplied-Address-Header@[127.1]> wrote:
>Well, anyway, JBN is not perfect. The JBN GUI is counterintuitive and a
>new user must read the manual over and over to begin to grasp what is
>required
LIE or IGNORANCE
Prepackaged templates work without any modification
POT CALLING KETTLE BLACK
QS has no GUI at all: a white sheet, where a missing colon sends the
mail to the bucket.
For 4 years, you were unable to build a GUI for QS, because you don't
master the Cpunk parameters yourself.
>What about JBN's use of VB random functions. Microsoft clearly states
>those are not suitable for cryptographic purposes. This is a serious
>security consideration. People should know about that.
LIE or IGNORANCE
VB random functions are not used in JBN for cryptographic purposes,
but only to internally name the files. They could as well be named
sequentially without any consequence.
>What about JBN's
>limited range of supported protocols? Type 1 is, today, on the verge of
>obsolesence. JBN uses Mixmaster 2.0.4. This was good 5 years ago, but
>now is considered nearly as inferior as cpunk. This is a legitimate
>security concern.
LIE or IGNORANCE
Mixmaster 2.04 and 2.9x and 3.xx are cryptographically identical: RSA
1024
>Also, I have seen JBN users come here pissed off
>because JBN wiped out their PGP keyrings. The worst part of that
>problem is that JBN forces the user to put remailer and nym keys on
>their main PGP keyrings.
LIE or IGNORANCE
There are at least 10 different methods to handle separate keyrings.
Your story of PGP wiping keyrings is pure invention, unlike QS
database crashing and losing all.
>What about the future? JBN has not been updated in 5 years and there
>are no plans to do so. Considering what we can actually see in the near
>future, JBN and Reliable are on the virge of obsolesence. People want
>new protocols supported in their remailer client. For people that study
>incredibly hard to learn how to use JBN, there will be no new versions
>and no incorporation of new technologies. Another unwelcome dilemma
>when using JBN relates to the desire to upgrade other software packages
>and the need to retain backwards compatibility for JBN. That new
>windows platform they'd like may not be possible and no new PGP
>version, either. I can't understand why you won't update JBN, but that
>is your business.
Put a GUI on QS, and then you may speak of JBN development.
People running JBN or Reliable certainly don't need your assistance
and don't care telling their plans to people like you.
Repeating lies and flooding apas with your trolls won't help your case
either.
-=-
This message was posted via two or more anonymous remailing services.
Tarapia Tapioco
<Use-Author-Supplied-Address-Header@[127.1]> wrote:
>Well, anyway, JBN is not perfect. The JBN GUI is counterintuitive and a
>new user must read the manual over and over to begin to grasp what is
>required
LIE or IGNORANCE
Prepackaged templates work without any modification
POT CALLING KETTLE BLACK
QS has no GUI at all: a white sheet, where a missing colon sends the
mail to the bucket.
For 4 years, you were unable to build a GUI for QS, because you don't
master the Cpunk parameters yourself.
>What about JBN's use of VB random functions. Microsoft clearly states
>those are not suitable for cryptographic purposes. This is a serious
>security consideration. People should know about that.
LIE or IGNORANCE
VB random functions are not used in JBN for cryptographic purposes,
but only to internally name the files. They could as well be named
sequentially without any consequence.
>What about JBN's
>limited range of supported protocols? Type 1 is, today, on the verge of
>obsolesence. JBN uses Mixmaster 2.0.4. This was good 5 years ago, but
>now is considered nearly as inferior as cpunk. This is a legitimate
>security concern.
LIE or IGNORANCE
Mixmaster 2.04 and 2.9x and 3.xx are cryptographically identical: RSA
1024
>Also, I have seen JBN users come here pissed off
>because JBN wiped out their PGP keyrings. The worst part of that
>problem is that JBN forces the user to put remailer and nym keys on
>their main PGP keyrings.
LIE or IGNORANCE
There are at least 10 different methods to handle separate keyrings.
Your story of PGP wiping keyrings is pure invention, unlike QS
database crashing and losing all.
>What about the future? JBN has not been updated in 5 years and there
>are no plans to do so. Considering what we can actually see in the near
>future, JBN and Reliable are on the virge of obsolesence. People want
>new protocols supported in their remailer client. For people that study
>incredibly hard to learn how to use JBN, there will be no new versions
>and no incorporation of new technologies. Another unwelcome dilemma
>when using JBN relates to the desire to upgrade other software packages
>and the need to retain backwards compatibility for JBN. That new
>windows platform they'd like may not be possible and no new PGP
>version, either. I can't understand why you won't update JBN, but that
>is your business.
Put a GUI on QS, and then you may speak of JBN development.
Anonymous
<Use-Author-Supplied-Address-Header@[127.1]> wrote:
>Generally, I don't comment on JBN, but I consider this a special case.
And that is the BIGGEST lie for the end.
4 years of unrepentant trolling, flooding, and littering apas with
your mess.
Hiring scumbags like BlueJay to make more noise and prevent any
technical discussion.
Accusing others to distract attention from your own flooding.
You STINK.
futureworlds
<Use-Author-Supplied-Address-Header@[127.1]> wrote:
>Generally, I don't comment on JBN, but I consider this a special case.
And that is the BIGGEST lie for the end.
Nomen Nescio
<Use-Author-Supplied-Address-Header@[127.1]> wrote:
>Generally, I don't comment on JBN, but I consider this a special case.
And that is the BIGGEST lie for the end.
Nomen Nescio
<Use-Author-Supplied-Address-Header@[127.1]> wrote:
>Generally, I don't comment on JBN, but I consider this a special case.
And that is the BIGGEST lie for the end.
4 years of unrepentant trolling, flooding, and littering apas woth
Tarapia Tapioco
<Use-Author-Supplied-Address-Header@[127.1]> wrote:
>Generally, I don't comment on JBN, but I consider this a special case.
And that is the BIGGEST lie for the end.
4 years of unrepentant trolling, flooding, and littering apas with
An Metet
>POT CALLING KETTLE BLACK
>QS has no GUI at all: a white sheet, where a missing colon sends the
>mail to the bucket.
Er... If it had "no GUI" you'd run it in a DOS box thicko.
>For 4 years, you were unable to build a GUI for QS, because you don't
>master the Cpunk parameters yourself.
That's because QS doesn't support Cpunk.
>>What about JBN's use of VB random functions. Microsoft clearly states
>>those are not suitable for cryptographic purposes. This is a serious
>>security consideration. People should know about that.
>
>LIE or IGNORANCE
>VB random functions are not used in JBN for cryptographic purposes,
>but only to internally name the files. They could as well be named
>sequentially without any consequence.
What about latency on outbound messages? Decided by examining chicken entrails
I suppose.
An Metet
STFU troll
Anonymous Sender
><Use-Author-Supplied-Address-Header@[127.1]> wrote:
>
>>Generally, I don't comment on JBN, but I consider this a special case.
>
>And that is the BIGGEST lie for the end.
>
>4 years of unrepentant trolling, flooding, and littering apas with
>your mess.
>Hiring scumbags like BlueJay to make more noise and prevent any
>technical discussion.
>Accusing others to distract attention from your own flooding.
>
>You STINK.
Awww... Trolly couldn't master Quicksilver even when people like bluejay who
it thinks are cretins can.
Tarapia Tapioco
>On Tue, 16 Sep 2003, Anonymous <Bigapple...@Optonline.Net> wrote:
>>For 4 years, you were unable to build a GUI for QS, because you don't
>>master the Cpunk parameters yourself.
>
>That's because QS doesn't support Cpunk.
*YOU* said it.
QS support for CPUNK is so poor that it is almost unexistant.
Cristman's knowledge of CPUNK capabilities and parameters is scarce
and partial at best.
Saying "QS fully supports Cpunk" is certainly a gross fraud.
But I would not have said: "QS doesn't support Cpunk"
*YOU* said it.
Italy Anonymous Remailer
<Use-Author-Supplied-Address-Header@[127.1]> wrote:
>Generally, I don't comment on JBN, but I consider this a special case.
And that is the BIGGEST lie for the end.
Tarapia Tapioco
wrote:
>On Fri, 12 Sep 2003, An Metet <anm...@liberty.gmsociety.org> wrote:
>>Anonymous...@See.Comment.Header (Frog-Admin) wrote:
>>>
>>> - -Latency is a CPUNK directive
>>
>>Ah, then I may be doing something stupid. I use Quicksilver and
>>send Mixmaster-encoded messages. Is the Latent-Time header just
>>ignored under those circumstances?
>
>Unlike JBN2, which offers a separate graphical element (TextBox,
>Combo, OptionButton) for each *valid* parameter, (12 on main page, 18
>on normal mode) QS has just one single freetext window.
That is 18 controls that JBN2 performs, and QS does not.
Or 18 possibilities to lose a post that QS has and JBN2 doesn't have
if you are a TLA or a masochist.
Anonymous
Anonymous...@See.Comment.Header (Frog-Admin) wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Sun, 14 Sep 2003, starwars <nob...@tatooine.homelinux.net> wrote:
> >In article <N36YJ8L737878.5013078704@Gilgamesh-frog.org>
> >Anonymous...@See.Comment.Header (Frog-Admin) wrote:
> >>
> >> JBN2 won't even offer the possibility to insert a 'latency' directive
> >> with MIX (where it is meaningless), while offering a combo with CPUNK
> >> (where it is useful).
> >> QS won't control or propose anything.
> >> JBN will also propose an authoritative help file on those matters.
> >
> >Thanks for the answer. So there's no way to manually control the
> >latency of Mixmaster-encoded messages, oh well. Looks like I'll
> >just have to carefully select the remailers that have longer
> >latencies.
>
> If you use CPUNK encryption,
> and choose remailers which are REMIX-compliant,
> and if they hold good keys for transparent-remix
> Your Cpunk messages will be mix-encapsulated,
> your Cpunk latency directives will be interpreted,
> you will get the best of both worlds
>
> PS
> Re-read the caveats
> JBN offers possibility to automatically select remix-compliant remailers
> Other clients: I don't know / probably not
Hey Dumb Ass,
Are you retarded? The man says he understands and that he
prefers MIXMASTER! He wants security not the pathetic JBN that
you wrote. STFU and GET OUT
edo
You are a very mean person. You should seek professional help.
Helene De Portes
<Use-Author-Supplied-Address-Header@[127.1]> wrote:
>Generally, I don't comment on JBN, but I consider this a special case.
And that is the BIGGEST lie for the end.
Italy Anonymous Remailer
<Use-Author-Supplied-Address-Header@[127.1]> wrote:
>Generally, I don't comment on JBN, but I consider this a special case.
And that is the BIGGEST lie for the end.
Anonymous
<Use-Author-Supplied-Address-Header@[127.1]> wrote:
>Well, anyway, JBN is not perfect. The JBN GUI is counterintuitive and a
>new user must read the manual over and over to begin to grasp what is
>required
LIE or IGNORANCE
Prepackaged templates work without any modification
POT CALLING KETTLE BLACK
QS has no GUI at all: a white sheet, where a missing colon sends the
mail to the bucket.
For 4 years, you were unable to build a GUI for QS, because you don't
master the Cpunk parameters yourself.
>What about JBN's use of VB random functions. Microsoft clearly states
>those are not suitable for cryptographic purposes. This is a serious
>security consideration. People should know about that.
LIE or IGNORANCE
VB random functions are not used in JBN for cryptographic purposes,
but only to internally name the files. They could as well be named
sequentially without any consequence.
>What about JBN's
>limited range of supported protocols? Type 1 is, today, on the verge of
>obsolesence. JBN uses Mixmaster 2.0.4. This was good 5 years ago, but
>now is considered nearly as inferior as cpunk. This is a legitimate
>security concern.
LIE or IGNORANCE
Mixmaster 2.04 and 2.9x and 3.xx are cryptographically identical: RSA
1024
>Also, I have seen JBN users come here pissed off
>because JBN wiped out their PGP keyrings. The worst part of that
>problem is that JBN forces the user to put remailer and nym keys on
>their main PGP keyrings.
LIE or IGNORANCE
There are at least 10 different methods to handle separate keyrings.
Your story of JBN wiping keyrings is pure invention, unlike QS
database crashing and losing all.
>What about the future? JBN has not been updated in 5 years and there
>are no plans to do so. Considering what we can actually see in the near
>future, JBN and Reliable are on the virge of obsolesence. People want
>new protocols supported in their remailer client. For people that study
>incredibly hard to learn how to use JBN, there will be no new versions
>and no incorporation of new technologies. Another unwelcome dilemma
>when using JBN relates to the desire to upgrade other software packages
>and the need to retain backwards compatibility for JBN. That new
>windows platform they'd like may not be possible and no new PGP
>version, either. I can't understand why you won't update JBN, but that
>is your business.
Put a GUI on QS, and then you may speak of JBN development.
People running JBN or Reliable certainly don't need your assistance
and don't care telling their plans to people like you.
Repeating lies and flooding apas with your trolls won't help your case
either.
-=-
Anonymous
<Use-Author-Supplied-Address-Header@[127.1]> wrote:
>Well, anyway, JBN is not perfect. The JBN GUI is counterintuitive and a
>new user must read the manual over and over to begin to grasp what is
>required
LIE or IGNORANCE
Prepackaged templates work without any modification
POT CALLING KETTLE BLACK
QS has no GUI at all: a white sheet, where a missing colon sends the
mail to the bucket.
For 4 years, you were unable to build a GUI for QS, because you don't
master the Cpunk parameters yourself.
>What about JBN's use of VB random functions. Microsoft clearly states
>those are not suitable for cryptographic purposes. This is a serious
>security consideration. People should know about that.
LIE or IGNORANCE
VB random functions are not used in JBN for cryptographic purposes,
but only to internally name the files. They could as well be named
sequentially without any consequence.
>What about JBN's
>limited range of supported protocols? Type 1 is, today, on the verge of
>obsolesence. JBN uses Mixmaster 2.0.4. This was good 5 years ago, but
>now is considered nearly as inferior as cpunk. This is a legitimate
>security concern.
LIE or IGNORANCE
Mixmaster 2.04 and 2.9x and 3.xx are cryptographically identical: RSA
1024
>Also, I have seen JBN users come here pissed off
>because JBN wiped out their PGP keyrings. The worst part of that
>problem is that JBN forces the user to put remailer and nym keys on
>their main PGP keyrings.
LIE or IGNORANCE
There are at least 10 different methods to handle separate keyrings.
Your story of PGP wiping keyrings is pure invention, unlike QS
database crashing and losing all.
>What about the future? JBN has not been updated in 5 years and there
>are no plans to do so. Considering what we can actually see in the near
>future, JBN and Reliable are on the virge of obsolesence. People want
>new protocols supported in their remailer client. For people that study
>incredibly hard to learn how to use JBN, there will be no new versions
>and no incorporation of new technologies. Another unwelcome dilemma
>when using JBN relates to the desire to upgrade other software packages
>and the need to retain backwards compatibility for JBN. That new
>windows platform they'd like may not be possible and no new PGP
>version, either. I can't understand why you won't update JBN, but that
>is your business.
Put a GUI on QS, and then you may speak of JBN development.
starwars
Tarapia Tapioco <comes...@ntani.firenze.linux.it> wrote:
>
> >That's because QS doesn't support Cpunk.
>
it will sink into your ego-filled skull?
*KNOCK KNOCK* HELLO FROG! Repeat after me, "CPunk is insecure".
Geesus, is there anybody there?? The fucken lights are on but
there's nobody at home.
OK, it supports reply-blocks which Mixmaster doesn't do. Who gives a
flying fuck? What's the point in supporting a secondary function
like that when the primary function of providing anonymity is blown
out of the water?
> Cristman's knowledge of CPUNK capabilities and parameters is scarce
> and partial at best.
Good, lets hope he never bothers to learn them. His time will be
better spent on developing support for Mixminion which will actually
provide anonymity. That's the subject of this newsgroup remember?
Not your ego or a test to see if it's possible to get all 32bit
colors on a single fucking webpage, but anonymous services.
Thank-you for listening....
Yeah, like fuck you did. You wouldn't listen if somebody told you
that your ass was on fire.
Boschloo Champerty Bluejay
There, now you won't even have to read it. Your sack of shit
censored service will save you the trouble.
Fucking French twat
Meep meep, catch me, catch me
Anonymous Sender
> <Use-Author-Supplied-Address-Header@[127.1]> wrote:
>
> >What about JBN's use of VB random functions. Microsoft clearly states
> >those are not suitable for cryptographic purposes. This is a serious
> >security consideration. People should know about that.
>
> LIE or IGNORANCE
> VB random functions are not used in JBN for cryptographic purposes,
> but only to internally name the files. They could as well be named
> sequentially without any consequence.
LIE or IGNORANCE
in Prep.bas:
Public Function GetLatent(Latent) As Date
If Latent = "" Then
minl = LatentValue(Cnf(5, 5))
maxl = LatentValue(Cnf(5, 6))
l = (Rnd(1) * (maxl - minl)) + minl
If maxl < minl Then maxl = minl + 0.5
GetLatent = Date + Time + (l / 24)
Just another Fr-oll
Anonymous <Bigapple...@Optonline.Net> wrote:
>
> On Mon, 15 Sep 2003, QuickSilver
> <Use-Author-Supplied-Address-Header@[127.1]> wrote:
>
> >Generally, I don't comment on JBN, but I consider this a special case.
>
> And that is the BIGGEST lie for the end.
>
> 4 years of unrepentant trolling, flooding, and littering apas with
> your mess.
But nobody does it better than you, dear Frog.
> Hiring scumbags like BlueJay to make more noise and prevent any
> technical discussion.
Nobody's hired anybody. All of us seperate trolls harass you because we're
intelligent enough to see what's the real deal. It has nothing to do with
Christman or QS. You are so fucking wrapped up in yourself that you fail
to see what has been common knowledge amoung many remailer users for a long
long time. You may run a reliable remailer, offer good stats and resources
and know what you're talking about, but you're a pathalogical LIAR and a
CHEATER.
> Accusing others to distract attention from your own flooding.
Again, nobody does it better than you. WAIT, what the fuck am I saying?
Let's suppose Christman really does have this sinister alter-ego that's
diametrically opposed to his usual cordial, intelligent posting. Even when
flaming you, a reader would have a hard time calling a genuine Christman
post anywhere near a flooding troll...thing. But his fictitious troll-
personality would be doing it so well (in your fantasy-land) that there's
absolutely no way anyone would dream of attributing the foul-mouthed
derserved bashing you get in posts like this one...you FUCKING LIAR...to
him. Whereas you, you troll and flood anonymously, but it's so absolutely
transparently YOU, that it's obvious that you just taunt us with the fact
that we can't prove it's you. Well, so what the fuck. We don't have to
prove it.
>
> You STINK.
Yep. I do. Don't know about Christman, though.
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info.
An Metet
No effort was made to verify the identity of the sender.
--------------------------------------------------------
Definitely a LIE then, unless HALLUCINATION
There is a Prep.bas module in JBN2, but no Function GetLatent in it
Nomen Nescio
Definitely a LIE then, unless HALLUCINATION
QuickSilver
In article <ML0EUCW337878.9516898148@Gilgamesh-frog.org>
Anonymous...@See.Comment.Header (Frog-Admin) wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Sun, 14 Sep 2003, starwars <nob...@tatooine.homelinux.net> wrote:
> >In article <N36YJ8L737878.5013078704@Gilgamesh-frog.org>
> >Anonymous...@See.Comment.Header (Frog-Admin) wrote:
> >>
> >> JBN2 won't even offer the possibility to insert a 'latency' directive
> >> with MIX (where it is meaningless), while offering a combo with CPUNK
> >> (where it is useful).
> >> QS won't control or propose anything.
> >> JBN will also propose an authoritative help file on those matters.
> >
> >Thanks for the answer. So there's no way to manually control the
> >latency of Mixmaster-encoded messages, oh well. Looks like I'll
> >just have to carefully select the remailers that have longer
> >latencies.
>
> If you use CPUNK encryption,
> and choose remailers which are REMIX-compliant,
> and if they hold good keys for transparent-remix
> Your Cpunk messages will be mix-encapsulated,
> your Cpunk latency directives will be interpreted,
> you will get the best of both worlds
Hi frog,
First of all, you know as well as I do that what you have proposed here
is NOT the best of both worlds. Nothing in Cpunk is better than
anything Mixmaster. The person tells you he uses QS. He wants security,
not inferior type 1 functionality. Secondly, anyone can understand that
repeated use of the latent-time directive leads to patterns of use that
greatly enhance traffic analysis. That is to say, cpunk is insecure and
using latent time makes things worst.
BTW I just saw that anon followup you posted to 'enough is too much'.
Ah, the beauty of a pgp signature. Most embarassing I'd say :)
> PS
> Re-read the caveats
> JBN offers possibility to automatically select remix-compliant remailers
> Other clients: I don't know / probably not
QS supports Mixmaster 2.9 and 3. That's the important factor. It
doesn't support inferior protocols and that is exactly as it should be.
Richard
- --
R.Christman
quick...@skuz.net
http://quicksilvermail.net
visit http://www.noreply.org
an incredible resource of statistical information for remailer users
QuickSilver Help Pages http://www.cotse.net/users/bluejay/qs/menu.html
If you are new here, click for important info regarding frog-admin.
http://quicksilver.skuz.net/BEWARE.html
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQBVAwUBP2fCefkiDnOECmYBAQHY/wIA6CfWcdmRhztwiwHbpwUUmbbDzFgPwoYJ
bUmy4IacE4uLQBZxp6FfUfVeCGIrem2n9asF7St3Ov69DT9UqpQEIQ==
=WCoY
-----END PGP SIGNATURE-----
BiKiKii-Admin
Excuse me, what is your point?
Does the above come from JBN source code, if so what version?
It looks conspicuously like the code from Reliable which handles the
following functions:
Cnf(5, 5) equates to:
Random Latency Minimum (HH:MM)
The minimum amount of time a message will be held in the pool ...
Cnf(5, 6) equates to:
Random Latency Maximum (HH:MM)
The maximum amount of time a message will be held in the pool ...
The point was "JBN's use of VB random functions ... for cryptographic purposes".
For the most part JBN uses VB random functions for the generation of file names,
reply block tags, Encrypt-Key passwords, garbage generation, selecting
random remailers, mail queue time and order, etc.
As far as "cryptographic purposes" JBN does use VB random functions for password chaf.
If any deficiency does exist in this function it is easily eliminated
by utilizing Secure Mode which conventionally encrypts the data with PGP.
Better yet storing the the data on a encrypted volume as outline within the manual.
BiKiKii
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2fBk/BluLRpZm7PAQHJXggAmA4xVOvka9ivILfD5Uorhvjyee4t9dqg
t/WlXx7AOeR96gcVhENCqAw9wytkD3nltor9V/zOv0xR4J1Zz17oYJjQQda7WXe1
bgEMvqoP0eeiibh1IJWAccGWB47qmC8GC9wVMYTa/qsVqsduHiP00oYb5laI6tCt
K7UHWXBxPc2P+IXqEYuaetTzHj91CrCZqqg9ZxZUk99v7DYUHEnpgwebdOMD99/v
ECA5840mQ6WjVkybTmjIDVGCpJZ2heWGSNmeCKeG0du7kqcYzR+WX5ct7AdHJzZE
2lnml9TAemFD1odbpmLmFUm7lAblxkmRSv/00kXi1fSHNN1AGUTiJA==
=JW6d
-----END PGP SIGNATURE-----
FUD-Admin
>4 years of unrepentant trolling, flooding, and littering apas with
>your mess.
And then, being stupid enough to PGP sign it.
How do you tell when Frog-Admin just lost an argument? Easy, he floods the thread.
Explain this away, Frog-Admin, you stupid shitsucker. You PGP signed one of your
"anonymous" "troll" posts. Moron.
From: Tarapia Tapioco <comes...@ntani.firenze.linux.it>
Comments: This message did not originate from the Sender address above.
It was remailed automatically by anonymizing remailer software.
Please report problems or inappropriate use to the
remailer administrator at <ab...@ntani.firenze.linux.it>.
Subject: Re: enough is too much
Organization: ><((((ş> Happy Lobster & Partners <°))))><
X-Comment: In Case of Emergency, Flush the Toilet
X-Mailer: JackB.Nymble Version 2.1
Newsgroups: alt.privacy.anon-server
References: <3HYB4M7537...@Gilgamesh-frog.org> <de52fb76de9822eb...@anonymous.poster>
Message-ID: <0eea20aab54c4bfa...@firenze.linux.it>
Date: 15 Sep 2003 00:36:10 +0200
Lines: 38
X-Mail2News-Contact: http://80.65.224.85/
Path: nwrddc01.gnilink.net!cyclone2.gnilink.net!cyclone1.gnilink.net!chi1.webusenet.com!sjc70.webusenet.com!news.webusenet.com!cyclone.bc.net!news.alt.net!Gilgamesh-frogadmin.yi.org!not-for-mail
Xref: cyclone1.gnilink.net alt.privacy.anon-server:210399
X-Received-Date: Sun, 14 Sep 2003 18:37:22 EDT (nwrddc01.gnilink.net)
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 14 Sep 2003, An Metet <anm...@freedom.gmsociety.org> wrote:
>NOTE: This message was sent thru a mail2news gateway.
>No effort was made to verify the identity of the sender.
>--------------------------------------------------------
>
>On 14 Sep 2003, Anonymous...@See.Comment.Header (tired of the
>bitching) wrote:
>>ok.. i'm sure this will win me the troll of the month award, but i dont
>>care.
>>how about everybody lay off of frog and get down to doing something
>>important... like get another 50 people to decide they're willing to run a
>>remailer?!?
>>
>>in care you havent noticed, a network of 45 is pretty tiny and could fall
>>apart easily.. it really does need to double, preferably triple, in size
>>and soon at that.
>
>Knock yourself out. Have at it. Let us know when your ready to start taking
>the abuse.
Frog-Admin is taking most of the abuse and he got a thick skin.
Other remops should be safe from cretins like the obnoxious bird.
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2TV04DgT488d3zFAQGwUAf/Umxid3/+DamkNbQbQkFVNHsif7AK9/aY
Yqa7qeyqE36fuNeB8rXJDNiO2Osx5bOYUA9mBq6n0CBV33Wti1Mu+vRucNHfnIye
vCeghfiH5ZLHZR8GHTKAOwVqgLcxCXEYxA4Z3yWcgxtdd01zmWK/DWo6qF113t5f
mjaBBt749QCqLCXIPPy7L+EbCFjwoeWnYK9c2GtOQxH2YFg4bOzMwtl2gP/PrsZS
M57KNygQAC1tO5odEGufUVhv27HWuZRU7sHmVlEMqwnKrPW2mIhoSfxGlbtOZYR2
YvrYahfbls2O4LyIN3IcSMnNPxjyNpYOPIisfrf70rqHyIoUq2zb+A==
=SOmA
-----END PGP SIGNATURE-----
BlackTroll
>-----BEGIN PGP SIGNED MESSAGE-----
>
>>In article <N36YJ8L737878.5013078704@Gilgamesh-frog.org>
>>Anonymous...@See.Comment.Header (Frog-Admin) wrote:
>>>
>>> JBN2 won't even offer the possibility to insert a 'latency' directive
>>> with MIX (where it is meaningless), while offering a combo with CPUNK
>>> (where it is useful).
>>> QS won't control or propose anything.
>>> JBN will also propose an authoritative help file on those matters.
>>
>>Thanks for the answer. So there's no way to manually control the
>>latency of Mixmaster-encoded messages, oh well. Looks like I'll
>>just have to carefully select the remailers that have longer
>>latencies.
>
>If you use CPUNK encryption,
> and choose remailers which are REMIX-compliant,
> and if they hold good keys for transparent-remix
>Your Cpunk messages will be mix-encapsulated,
>your Cpunk latency directives will be interpreted,
>you will get the best of both worlds
But with a message that can be replayed by any remop in the chain.
Mixmaster supports a latency directive which will be seen and acted upon by
the last remailer in your chain.
>
>PS
>Re-read the caveats
>JBN offers possibility to automatically select remix-compliant remailers
>Other clients: I don't know / probably not
>
>-----BEGIN PGP SIGNATURE-----
>Version: N/A
>
>iQEVAwUBP2TE54DgT488d3zFAQGxZQf+NZ9twNTnoWMZrtpHAJp+cd29Dk0PZ0t9
>DOSzXX4bXifDqdQhEk0PysMfQOMt83V8Zh1szTstVnD5UyL/xBhImuYrj6XR/4T+
>Zo/iZDFNYs3kqcWY3KgjTmToO0KrYbCfa0+zBuigERDqC6PArksvElrwtOTHxukU
>5TJ46HoMkQr5QgKFzdIoVKpCxroV8Q9KscVB2lQVwSy/y9vw+Iofnp7JldLjCYjW
>fyHSFMy5e79wdDjqvLvDxkVFIuUFqzHFPbEgYQiWmT015yWZOScxmeZ0NAlxs9UM
>tEsi26Ka89Qo5e0RDTUKDAgvaKoeaAIoeZzFMzwCBdM6uFvvCAgsQA==
>=udXm
>-----END PGP SIGNATURE-----
Frog-Admin
On Tue, 16 Sep 2003, Anonymous <Bigapple...@Optonline.Net> wrote:
>On Mon, 15 Sep 2003, QuickSilver
><Use-Author-Supplied-Address-Header@[127.1]> wrote:
FIRST:
Thank you for quoting the Christman post.
news:200309160229....@skuz.net
It got eliminated by my newsserver's filters,
which is in line with my policy to eliminate posts
whose technical value is nil or negative
(disinformative posts)
But the content of this one is *very* interesting
for quite a few other regards
and will allow me to act upon
1)
For the past 4 years, I had given Richard Christman the benefit of the doubt
and that *some day* he would add *something* to QS
to trap typos/syntax/coherency errors at the source
a GUI to help keying (and eliminate the missing/extra colons problem)
controls behind that GUI to highlight coherency errors
In post news:200309160229....@skuz.net, Richard Christman says:
|As for the freetext window. It is simplicity in itself.
|It is in fact the single biggest success of my QS design.
IOW it kills any hope that QS will have any kind of input control any time.
Remailer messages must obey a strict syntax, or they will be lost
QS definitely favors the *appearence* of simplicity over the *necessity* of control
QS will *not* deliver any early warning upon typos
QS will let the user wuth the *false* impression that the message is OK and will be processed
Bypassing any control or error messages just "to make things look simple" is a FRAUD, and it is routinely sentenced as such in every consumer issue in occidental world.
Incidentally, that will generate buzz in apas,
unfortunate newbies wondering why their messages won't arrive
will ask why
and willy nilly contribute to the publicity of a product which does not deliver
All those elements are the mark of SNAKE OIL,
and Richard Christman admittance will make me
make a move I did not expect to take begore QS's 4th aniversary
formally designate QuickSilver as SNAKE OIL
2)
My answer to a person asking a technical question was purely technical and factual
- -Latency is a Cpunk directive
- -QS did not detect the discrepancy between Mix and Latency
because it does not perform that control
because it does not perform *any* control at all
Those are incontrovertible facts,
but they triggered a diatribe by Richard Christman
-Marketing mottos (QS is new, JBN is old)
-FUD about Reliable and JBN alleged vulnerabilities
while that junk had already been technically answered
- -a mini-flood is actually developing in apas
to distract attention from that clear exemple
of QS shortcoming and absent reporting
Attacking anything that walks,
flooding pure-marketing mottos when technically questioned
spreading FUD about 'competitors'
This to be related with the direct attacks and accusations against me (Frog-Admin) starting 2 weeks after I offered JBN2 quickStart as a hekp to JBN.
All those elements are the mark of SNAKE OIL,
and Richard Christman admittance will make me
make a move I did not expect to take begore QS's 4th aniversary
formally designate QuickSilver as SNAKE OIL
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Now, let's go to your post, as it contains a few minor inaccuracies
>>Well, anyway, JBN is not perfect. The JBN GUI is counterintuitive and a
>>new user must read the manual over and over to begin to grasp what is
>>required
>
>LIE or IGNORANCE
>Prepackaged templates work without any modification
provisions:
it is better to have JBN QuickStart installed
one must replace remailer names
>POT CALLING KETTLE BLACK
>QS has no GUI at all: a white sheet, where a missing colon sends the
>mail to the bucket.
>For 4 years, you were unable to build a GUI for QS, because you don't
>master the Cpunk parameters yourself.
I already discussed the QS fraud of bypassing all controls just to make things look simple and working while they are not.
>>What about JBN's use of VB random functions. Microsoft clearly states
>>those are not suitable for cryptographic purposes. This is a serious
>>security consideration. People should know about that.
>
>LIE or IGNORANCE
>VB random functions are not used in JBN for cryptographic purposes,
>but only to internally name the files. They could as well be named
>sequentially without any consequence.
Dingo-Admin and Bikikii-Admin already confirmed your point
>>What about JBN's
>>limited range of supported protocols? Type 1 is, today, on the verge of
>>obsolesence. JBN uses Mixmaster 2.0.4. This was good 5 years ago, but
>>now is considered nearly as inferior as cpunk. This is a legitimate
>>security concern.
>
>LIE or IGNORANCE
>Mixmaster 2.04 and 2.9x and 3.xx are cryptographically identical:
>RSA 1024
100% correct
There is nothing to differentiate a MIX message by 2.04 or 2.9x or 3.xx.
Except the header
it is not used by mixmaster anyways
a simple HEXA hack of MIXMASTE.EXE allows to generate *any* header
That is a good thing, BTW:
unlike PGP,
where new versions may be uncompatible with PGP 2.x
and sometimes with themselves
(you can't decrypt what you encrypyed with the same software)
MIX protocol did not change a iota between versions
Mistaking a protocol for a version number is certainly the mark of great ignorance
>>Also, I have seen JBN users come here pissed off
>>because JBN wiped out their PGP keyrings. The worst part of that
>>problem is that JBN forces the user to put remailer and nym keys on
>>their main PGP keyrings.
>
>LIE or IGNORANCE
>There are at least 10 different methods to handle separate keyrings.
>Your story of PGP wiping keyrings is pure invention, unlike QS
>database crashing and losing all.
I have PGP 2.x with 2 keyrings (personal and RemailerServer)
I have PGP 6.58 with 5 keyrings (RemailerServer, NymServer, Personal1, Personal2, Personal3)
I only use 2 main techniques
-removable disk (floppy or encrypted containers)
-different user profiles under Win2K
Duplicating confidential information over multiple places is a BAD idea anyways, privacy-wise.
My personal balance between Security-Privacy and Security-RiskOfLoss is that I keep *one* backup on *one* encrypted zip diskette
>>What about the future? JBN has not been updated in 5 years and there
>>are no plans to do so. Considering what we can actually see in the near
>>future, JBN and Reliable are on the virge of obsolesence. People want
>>new protocols supported in their remailer client. For people that study
>>incredibly hard to learn how to use JBN, there will be no new versions
>>and no incorporation of new technologies. Another unwelcome dilemma
>>when using JBN relates to the desire to upgrade other software packages
>>and the need to retain backwards compatibility for JBN. That new
>>windows platform they'd like may not be possible and no new PGP
>>version, either. I can't understand why you won't update JBN, but that
>>is your business.
>
>Put a GUI on QS, and then you may speak of JBN development.
>People running JBN or Reliable certainly don't need your assistance
>and don't care telling their plans to people like you.
>
>Repeating lies and flooding apas with your trolls won't help your case
>either.
You forgot mentioning that in that last paragraph, Richard Christman also claims reading the minds of all Reliable/JBN operators and developers, and knowing the future.
Programmer, Prosecutor, MindReader, SoothSayer, the sky is the limit to Christman's claims.
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2g9MYDgT488d3zFAQFWeAf/UW4DxOo4svkWMzp+zRTBZNwO4PKAnFyH
e78xkpC17I8utJCaWsDl8URMnEBevQJ0qjXlDFQ4u4QQLJoPHCcSvYCt0nXV6z3m
d+7JiVPvq2en1YJL5623Hb8SIx/CY3wDo3SeCRY/NDRFbf7FdoUN+d041vum/zu2
e5JPqLUefWMD07n11EvwJ/88X+izTHyUlPLHSgYDiCwxcqDPedrnija/pDnYtTRq
qFdhypcLwKFwTg+pRo4D09Yp/CU8Pp7X0lIX5cSNLNkYJbErPydUo4rFcR7WifcQ
CKX8EguZihIUUNHg4cTemWaM7Ely9H/oUqQCzkrX8u5WsP1JewcKLA==
=udaW
-----END PGP SIGNATURE-----
Frog-Admin
This is to be related with the direct attacks and accusations against me (Frog-Admin) starting 2 weeks after I offered JBN2 QuickStart as a help to JBN.
All those elements are the mark of SNAKE OIL,
and Richard Christman admittance will make me
make a move I did not expect to take before QS's 4th aniversary
formally designate QuickSilver as SNAKE OIL
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Now, let's go to your post, as it contains a few minor inaccuracies
>>Well, anyway, JBN is not perfect. The JBN GUI is counterintuitive and a
>>new user must read the manual over and over to begin to grasp what is
>>required
>
>LIE or IGNORANCE
>Prepackaged templates work without any modification
provisions:
it is better to have JBN QuickStart installed, download updated keys/stats
FYI, I did not know myself:
- -this Spring, that I would have a Wion32 NymServer software working in September
- -3 weeks ago, that my efforts to port JBN2 and Reliable to PGP8 would be halted, at least temporarily
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2g+dYDgT488d3zFAQGR+wf/chKlVahyCztQ8fGwxeVn9n6ctjS00vWS
kUwFFUOiIN59mnghBFLcdjf4F8mBobS1Ep6+XLcM44RSn8/Rem7cTmWKlPVf7NDe
/luwl1qKeOmBOwz+bpzMNVQfsBLgxbMLl5GBc4iIqTyPCKeQ8r9EgbPjqSk9bQHl
G0d+DpOAZB/KDfBFFn8w4F3CUJr0wuIu1WzFKD2PA9lmOsonOXm+59UsRjaw8gUS
ElYjQsTJbna5L0FcrT0+3zLmNEgs6+NdqGq8EuSbDm3wvf3Vr+WkOliGN2fc4L1W
eamnZrnyOGGCthhLedFL18EK7ZcFLjyA1JFlhVXFaof0ihnin5LxSg==
=1PGg
-----END PGP SIGNATURE-----
Frog-Admin
There was a FUD post lately, probably from SnakeOil factory or subsidiaries,
about alleged Reliable vulnerability because of the use of MS VB Rnd() function to calculate latencies.
Troll claimed that, because Rnd does not generate random numbers, but pseudorandom sequences
(in pseudorandom sequences, the seed entirely determines the succession of figures), it would allow to determine the order in which messages are sent.
Knowing the Reliable start time by +- 5 minutes would allow to determine the seed.
- From there, correlate the input sequence with the output sequence in a latency interval.
It is easy to write a VB proggy and determine that
- -Randomize() does not use a HH:NN:SS timer
- ---> it is most probably the 1/1000th second simple-precision timer
(alternative is that it uses the high-precision timer...)
+-5 minutes gives 300.000 different seeds,
to be compared with the number of messages in the latency interval (less than hundred)
Guessing the "seed" is more difficult than guessing the sequence.....
xxxxxxxxxxxxxxxxx
Even if it was possible to determine the 'seed' exactly (HOW?)
The Rnd() function is used to determine the Reliable internal file names.
In case a random-chosen name already exists (file name collision),
rnd() is invoked again until the name does not collide an existing file name
--->>>> unless attacker *also* knows all the file names on the system,
the number of times the rnd() function will be called is *genuine* random
--->>>> the number generated by rnd() is genuine random
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2hHZ4DgT488d3zFAQHZYwf/feDVlgS7rrlEjIQ+zjyKUomGHFgjG6XH
+sjr2WI/Lwp+xfArEkCldpJ7kJJUslGu81NnJM59WP9DXqpyPg6BrNXx4g8+B75Q
GqHO4Lek1HtnxSRrkm+Vfko7yeJOeVJIl2Naiu5H1BZFHb46uzCG1v6gl0hzVGfC
SIlmuXXH+r3uHyxSFupaiblxCwLeYb3yiteM/XdXjQ0pJEjV+Ub31Keze64n/Kdm
3yULRtZrlSuNVUaL6x13rVMfl6ii6talM92I10H/lnnPG8Kb44u6p+AnXf8Y/5eK
C9gYQwRdGUVmWS0hWUuC4VdOqZ2VfSLhIjTr8qJ0IqWBIoafm3hgQA==
=O6L4
-----END PGP SIGNATURE-----
Frog-Admin
Correct, but 18 is a minimum:
18 cases where QS will let the user put or forget a semi-colon, and JBN2 wont.
But there are many other possibilities to make errors:
- -misspelling a keyword
JBN2 essential keywords are harcoded in the program
and put automatically
JBN2 secondary keywords belong to the conf.dat files
are selected from combos
JBN2 essential variables (remailer names) (+-Signsend...)
are selected from closed-list combos
JBN2 secondary variables (remailer names)
are selected from combos
.
But there are all the cases where keywords must have some cohenrency between them
latency is cpunk keyword
+signsend is ny keyword
...
So, the total is not '18 controls more', nor '18 times more control' nor '2**18 times more controls, but an odd figure which reflects the variety of all remailg parameters ignored by Richard Christman and not implemented in QS.
JBN2 performs a vast range of controls, suggests keywords wherever it can, and ennsures syntactical correctness.
QS is SNAKE OIL because
- -it deleberately bypasses all those necessary controls
- --to wrongly report succesful constructione of message
- --to give a misleading appearence of simplicity
- -and there is no hope that this situation will change
(see news:H0DHTYOT3788...@Gilgamesh-frog.org )
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2hOzIDgT488d3zFAQHzDggAkqcpfZHWXtUKunFRkm4xfPDqCeWx1Ice
e1hf4OmpQ5M2+C2lFzyTwlZunY25pf0i2V43CQlhPh8JmBWXbOjxDE33bYBhd+Jj
kcQ8PzYJQT+4AfEq/cMq9ikEitx+0QAyAXb49mhMoq+9iKaSFhDOc5erjNnDZaM7
7pXNUujez3cAVixdSuY2/EbkhMQb73OJ8e6qCJ298vc9BjZSGY8FpzNC+c76lSbm
s2a+z9Bh2+iKIuWiIDQAhu+AyMGVlz9jpGNp07BUnMi4o58bXqDHzQ7+GXXVS+8U
Z95s0HtXqjvPvS5viYCPr2Ia3QeOb+MB+cT7SXc9wuq/+SucbMg9jw==
=LR5w
-----END PGP SIGNATURE-----
futureworlds
On Fri, 8 Aug 2003, "Dave Korn" <no....@my.mailbox.invalid> wrote:
<snip>
>Yep, but frog aside, what about jbn? What kind of security problem does it
>have?
There may be problems with JBN's use of VB random functions. Reliable
certainly has some problems there.
FWIW, M$ categorically state that the random functions in VB should not be
used in crypto applications.
Anonymous
> There is a Frog user who has been flooding the Usenet newsgroups
> rec.radio.shortwave, rec.radio.amateur.misc, and rec.radio.scanner for
> almost three months now. Lately, he has taken to using my name and
> reposting long, controversial anti-government and anti-gay screeds.
> His posts frequently exceed a BI that indicates net abuse, and his
> posts have also been listed in the NoCeM bulletins. The flooder is a
> true net-abuser.
You have legitimate grounds for complaint.
> I have tried to use the information in the Frog headers to file a
> complaint, but they lead nowhere. I am considering filing complaints
> with the French authorities at this point, but would rather resolve it
> with Frog.
>
> Can anyone in this news group provide me with a working abuse address?
The unfortunate problem is that frog-admin simply does _not_ care
about remailer abuse. I think she even enjoys allowing her remailer
to be used for forged abusive posts -- he has a long history of doing
nothing about it.
Fortunately, an increasing number of remops are breaking links with
frog, so it will be more difficult for abusers to chain to it.
Good luck!
-=-
This message was posted via two or more anonymous remailing services.
Frog-Admin
On Wed, 17 Sep 2003, Nomen Nescio <nob...@dizum.com> wrote:
>On Mon, 15 Sep 2003, QuickSilver
><Use-Author-Supplied-Address-Header@[127.1]> wrote:
>
>>Well, anyway, JBN is not perfect. The JBN GUI is counterintuitive and a
>>new user must read the manual over and over to begin to grasp what is
>>required. And there is very little context sensitive help. All in all,
>>JBN does the job well but not in a friendly way. I receive mail
>>frequently from new QS users who tell me of their bad experiences with
>>JBN. Very few I talk to find the program appealing. I'm sure RProcess,
>>like myself, thought he had created the best possible interface. I'm
>>inclined to think the best is somewhere between the 2--with a
>>preference toward my own ideas!
>
>Obviously, you have not even one clue about Windows programming. Remember
>all software purchased must be configured. JBN is easy.
It has nothing to do about 'Windows programming', but about 'programming'.
The trend for the past 20 years has been to evolve
from 'batch' systems,
where tiny errors were detected days/weeks later
along with 'final result',
in infamious 'error logs'
to interactive systems where intensive error detection is performed at the source where information is collected / created.
By refusing to perform an early detection of errors, Richard Christman belongs to something which disappeared with the last operational 80-cols Hollerith punched card reader
By making the end-user believe that 'everything is OK' while
*NO* control has been performed
the message is probably doomed
Richard Christman commits a FRAUD
see news:H0DHTYOT3788...@Gilgamesh-frog.org
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2hRcIDgT488d3zFAQGAlwgAjkfW5/smu+Wd8DTk1W9S3puE/JpMESlS
acWJdiPtZPHCyDGtZ/ZKCdasE7QzpJoAaRaoqrBni/wgyOa0g99KGHRPTBJTjA/9
j822EtAQjOOEppDW/rjUYZ8tmEUrVzeIpsFf454MR8AzosWBo/IW+7mwh8rMAOUM
/qCKTes2mKkfQ4KeZyCuEEzkMag5uN6WqTgUAEoAzOa62FUMcoavDx4r0IiWAiEm
D5Rn6yAUdNWkVQGSwfjIYtMTTKWq5P+gc31679Bc6eOIiNd0XXj+DN4VyYPXP0ZM
VKeaVNzBrOhV7aDlwR4dvRlfeK5u72AzhRy6pdbpj8AvnyBk8J8qCQ==
=Gfh8
-----END PGP SIGNATURE-----
Tarapia Tapioco
> news:200309160229....@skuz.net
> It got eliminated by my newsserver's filters,
> which is in line with my policy to eliminate posts
> whose technical value is nil or negative
very much that the Banana or Frell servers have the ability to
evaluate the technical content of a posting. Even Deep Thought would
refer to this task as "tricky".
> 1)
> For the past 4 years, I had given Richard Christman the benefit of the doubt
No you haven't, you post every day with monotonous regularity that
users should avoid Quicksilver. You even make claims about its
immature developer.
> In post news:200309160229....@skuz.net, Richard Christman says:
> |As for the freetext window. It is simplicity in itself.
> |It is in fact the single biggest success of my QS design.
> IOW it kills any hope that QS will have any kind of input control any time.
It appears that JBN has little input control over your PGP signature.
QS users might take time to create a successful template, but once
it exists, it works forever. You are one of the most experienced JBN
users in apa-s and today you blew it by signing an anonymous message.
Nobody is buying that crap about failing to quote somebody else.
You sent the message anonymously and wanted it to be that way.
As a side note, I'd also like to point out the awful job that JBN
makes of wrapping your postings. Responding to you is like
undertaking a Cut&Paste training course.
> All those elements are the mark of SNAKE OIL,
> and Richard Christman admittance will make me
> make a move I did not expect to take begore QS's 4th aniversary
> formally designate QuickSilver as SNAKE OIL
OMG! Frog-Admin has declared QS to be SNAKE OIL. So what exactly
are the implications of this statement? Are you going to ban people
from using it? Is your ego so inflamed that you think people will
care what you call it?
> My answer to a person asking a technical question was purely technical and factual
You never provide a straight factual answer. You point the finger
and throw personal insults at people, which is very different to my
understanding of factual.
> - -a mini-flood is actually developing in apas
> to distract attention from that clear exemple
> of QS shortcoming and absent reporting
How do you know a flood is developing? Until it pops out, only the
instigator knows it's coming.
> All those elements are the mark of SNAKE OIL,
> and Richard Christman admittance will make me
> make a move I did not expect to take before QS's 4th aniversary
> formally designate QuickSilver as SNAKE OIL
I've no doubt that Richard Christman will be completely crushed to
hear that you have refuted his application. After all, he relied
upon you completely to market it for him.
An Metet
<1d278a6e4517adc2...@remailer.frell.eu.org>
BlackTroll <fr...@expires-200309.rodent.frell.eu.org> wrote:
>
> Mixmaster supports a latency directive which will be seen and acted upon by
> the last remailer in your chain.
This seems to contradict what's been previously posted. Does
Latent-Time have any effect on Mixmaster posted messages or not?
Frog Sucks!
>1)
>For the past 4 years, I had given Richard Christman the benefit of the doubt
STFU/FOAD Frog-Admin, flooding shithead. Do you think this is distracting people from how you
accidentally signed one of your anonymous "troll" messages?
You've attacked Richard Christman for four fucking years with your sock puppets, you
fucking LIAR! Now you're caught.
Go die you piece of shit!
From: Tarapia Tapioco <comes...@ntani.firenze.linux.it>
Comments: This message did not originate from the Sender address above.
It was remailed automatically by anonymizing remailer software.
Please report problems or inappropriate use to the
remailer administrator at <ab...@ntani.firenze.linux.it>.
Subject: Re: enough is too much
Organization: ><((((ş> Happy Lobster & Partners <°))))><
X-Comment: In Case of Emergency, Flush the Toilet
X-Mailer: JackB.Nymble Version 2.1
Newsgroups: alt.privacy.anon-server
References: <3HYB4M7537...@Gilgamesh-frog.org> <de52fb76de9822eb...@anonymous.poster>
Message-ID: <0eea20aab54c4bfa...@firenze.linux.it>
Date: 15 Sep 2003 00:36:10 +0200
Lines: 38
X-Mail2News-Contact: http://80.65.224.85/
Path: nwrddc01.gnilink.net!cyclone2.gnilink.net!cyclone1.gnilink.net!chi1.webusenet.com!sjc70.webusenet.com!news.webusenet.com!cyclone.bc.net!news.alt.net!Gilgamesh-frogadmin.yi.org!not-for-mail
Xref: cyclone1.gnilink.net alt.privacy.anon-server:210399
X-Received-Date: Sun, 14 Sep 2003 18:37:22 EDT (nwrddc01.gnilink.net)
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 14 Sep 2003, An Metet <anm...@freedom.gmsociety.org> wrote:
>NOTE: This message was sent thru a mail2news gateway.
>No effort was made to verify the identity of the sender.
>--------------------------------------------------------
>
>On 14 Sep 2003, Anonymous...@See.Comment.Header (tired of the
>bitching) wrote:
>>ok.. i'm sure this will win me the troll of the month award, but i dont
>>care.
>>how about everybody lay off of frog and get down to doing something
>>important... like get another 50 people to decide they're willing to run a
>>remailer?!?
>>
>>in care you havent noticed, a network of 45 is pretty tiny and could fall
>>apart easily.. it really does need to double, preferably triple, in size
>>and soon at that.
>
>Knock yourself out. Have at it. Let us know when your ready to start taking
>the abuse.
Frog-Admin is taking most of the abuse and he got a thick skin.
Other remops should be safe from cretins like the obnoxious bird.
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2TV04DgT488d3zFAQGwUAf/Umxid3/+DamkNbQbQkFVNHsif7AK9/aY
Tarapia Tapioco
Tarapia Tapioco <comes...@ntani.firenze.linux.it> wrote:
>
> In article <A2PRH6FS3788...@anonymous.poster>
> Just another Fr-oll <anon...@panta-rhei.dyndns.org> wrote:
> >
> >
> > All of us seperate trolls harass you because we're SNIP!
>
> Admission of trolling noted.
>
> P.S. It's spelled sepArate, imbecile.
My bad. Allow me to fix that.
In article <H8YFHW3Q37880.0472569444@anonymous>
Anonymous <Bigapple...@Optonline.Net> wrote:
>
> On Mon, 15 Sep 2003, QuickSilver
> <Use-Author-Supplied-Address-Header@[127.1]> wrote:
>
>> Generally, I don't comment on JBN, but I consider this a special case.
>
> And that is the BIGGEST lie for the end.
>
> 4 years of unrepentant trolling, flooding, and littering apas with
> your mess.
But nobody does it better than you, dear Frog.
> Hiring scumbags like BlueJay to make more noise and prevent any
> technical discussion.
Nobody's hired anybody. All of us separate trolls harass you because we're
futureworlds
Anonymous...@See.Comment.Header (Frog-Admin) wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Tue, 16 Sep 2003, Anonymous <Bigapple...@Optonline.Net> wrote:
> >On Mon, 15 Sep 2003, QuickSilver
> ><Use-Author-Supplied-Address-Header@[127.1]> wrote:
>
> FIRST:
> Thank you for quoting the Christman post.
> news:200309160229....@skuz.net
> It got eliminated by my newsserver's filters,
> which is in line with my policy to eliminate posts
> whose technical value is nil or negative
> (disinformative posts)
> But the content of this one is *very* interesting
> for quite a few other regards
> and will allow me to act upon
>
..a feeble plan to divert attention from the fact that Frog outed himself
as the notorious flooder.
Frog-Admin
On Wed, 17 Sep 2003, Tarapia Tapioco <comes...@ntani.firenze.linux.it> wrote:
>> Thank you for quoting the Christman post.
>> news:200309160229....@skuz.net
>> It got eliminated by my newsserver's filters,
>> which is in line with my policy to eliminate posts
>> whose technical value is nil or negative
>Clever indeed. We have three filtered news services, but I doubt
>very much that the Banana or Frell servers have the ability to
>evaluate the technical content of a posting. Even Deep Thought would
>refer to this task as "tricky".
You are unable to make the difference between a 'policy',
which is an objective, a desired goal.
A 'filter' which is one of the technical ways to achieve such goal.
(nilsimsa, MD5, Bayesian ... are other techniques)
You are probably too close to a person who can't make the difference betweeen:
a new PROTOCOL
(Cpunk Plaintex, Cpunk PGP, Mix, Mixminion are 4 different protocols)
a new PROGRAM VERSION
(Mixmaster 2.04 b45, 2.04b46, 2.9, 3.0 are
different program versions from the same protocol
Unless you are the kind of person who sends PaintShopPro6 images, using the .bmp program)
Both are not mutually exclusive.
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2hokoDgT488d3zFAQGCeQgAlEW3OEySw4zJPuvu8sX5fBhvSLQOeLtM
V0b302bkTw9uKPMECaFQ4cFvDladt8ByBKVunUuIVc4UwmqzP1MaD8shcoMurATJ
o0sztGfbWma+drz1xStk3M9UOmB99pbShDbpJNt72VK2RafsG0GOyROTNH+GjbOO
1MW5aXFbkdB4NmHq1iQDM5TmUPcx5RnuxHfwZxovuQPoXAUfMrmv+EMih24MQXxT
0sXzk/W8uFDQiLY/RUY3LyWJNWqmncJxJiG5FFNcMHAR1xiVdTSF8EOrJNz3B4GQ
EzSSvEznNLVO7sFW4E2hKsQgeDMdBrm9ri47toSMEnThbw9foeStCw==
=wZV1
-----END PGP SIGNATURE-----
Anonymous via the Cypherpunks Tonga Remailer
Mixmaster has a pooling scheme that is vastly superior to what was thought
about at the time Type I evolved. There is no latent-time directive in Type II
nor is there any need for it from an anonymity point of view.
Hybrid Remailers (as Reliable) interpret Type I directives if they find one in
a message. But this only works at the last hop.
An Metet
No effort was made to verify the identity of the sender.
--------------------------------------------------------
In article <WTCXZQB33...@Gilgamesh-frog.org>
Anonymous...@See.Comment.Header (Frog-Admin) wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Wed, 17 Sep 2003, Tarapia Tapioco <comes...@ntani.firenze.linux.it> wrote:
> >> Thank you for quoting the Christman post.
> >> news:200309160229....@skuz.net
> >> It got eliminated by my newsserver's filters,
> >> which is in line with my policy to eliminate posts
> >> whose technical value is nil or negative
>
> >Clever indeed. We have three filtered news services, but I doubt
> >very much that the Banana or Frell servers have the ability to
> >evaluate the technical content of a posting. Even Deep Thought would
> >refer to this task as "tricky".
>
> You are unable to make the difference between a 'policy',
> which is an objective, a desired goal.
> A 'filter' which is one of the technical ways to achieve such goal.
> (nilsimsa, MD5, Bayesian ... are other techniques)
>
> You are probably too close to a person who can't make the difference betweeen:
> a new PROTOCOL
> (Cpunk Plaintex, Cpunk PGP, Mix, Mixminion are 4 different protocols)
> a new PROGRAM VERSION
> (Mixmaster 2.04 b45, 2.04b46, 2.9, 3.0 are
> different program versions from the same protocol
>
> Unless you are the kind of person who sends PaintShopPro6 images, using the .bmp program)
Since you're being such a stickler for detail, fucker, *.bmp is a format,
not a program.
Frog-Admin
Getting out of my usual policy of *never-to-deny* to say:
NO, I DID NOT FORGE THIS POST TO MAKE QS FOLKS LOOK MORE IGNORANT AND DENSE THAN THEY ARE.
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2h/vYDgT488d3zFAQGZsAgA0QSAI6XnZtoA6NClFO9TQgc6AEQXot8t
Pf/v7XCYQSbAIfJdnkKUQXqMCxaon8CcLz0Er918LofKZihh5bTNHlfhyTFXRAix
Zt51NjX3nFbOH7yvXufsR7/00GKTqGDnWQjdMCXaYYGrsW4SlzEUMQ29oEij9TW4
fttSq1PMuZU1XUcHUPlAUkl/nHgGMjVw+s2UjrnJrVNd5Zc+TZLhrQ8yJxV8tIeG
MsKrFR5wOBz/qaGiyawLmmw9iBfSipA+s+hI+m/SoN1UfWTkWyyEai+LW/mbSTRM
vbX0eByw5GzASFVJ4HblUU+aKJgGX61w/k8GHHZExqO6iHvSV3abig==
=Uq0i
-----END PGP SIGNATURE-----
Anonymous via the Cypherpunks Tonga Remailer
[snip]
>
>Let's hope that Frog manages to stay up and running. It's
>one of very few remailers which allows custom from headers,
>has relatively short latency and is up and running 24 and 7
>with very few exceptions. It appears that a group of
>undercover agents are working tirelessly to post smears
>about the Frog remailer and to try to interfere with its
>operation. All I know is that Frog is one of very few who
>carry the mail and get the job done day after day. I wish
>there were others which worked as well.
It is not beyond the undercover frog to interfere in their operation. A
remop who begs and spams as hard as frog does to have people use his
remailer is reason enough to avoid it like the plague, if you value your
anonymity. Besides, frog is a known troll hole for abusers, and that gives
all remailers a bad reputation. Stop using frog.
futureworlds
On Thu, 31 Jul 2003, Cheshire Admin <ad...@cheshire.hopto.org> wrote:
>A sad state of affairs, that reflects poorly on the state of
>remailing, and points up the fecklessness of the users of this group,
>and the vulnerability of the system to a government disinformation
>campaign. Who would have thought it this easy to disrupt the primary
>newsgroup devoted to remailing?
What a surprise. The fascist Frog-Admin floods the group and his little Mini-Me
Cheshire-Admin suggests turning apas into a censored dictatorship. I can't imagine
who he wants as moderator. If Little Hitler Boy Cheshire isn't threatening other
remops and trying to destroy the network, he's trying to declare himself King.
Go fuck yourself, Frog Junior!
The Black Troll
>
>On Tue, 16 Sep 2003, Anonymous <Bigapple...@Optonline.Net> wrote:
>>On Mon, 15 Sep 2003, QuickSilver
>><Use-Author-Supplied-Address-Header@[127.1]> wrote:
>
>FIRST:
>Thank you for quoting the Christman post.
> news:200309160229....@skuz.net
>It got eliminated by my newsserver's filters,
> which is in line with my policy to eliminate posts
> whose technical value is nil or negative
Or written by someone you don't like.
Or a followup to someone you don't like.
Or just for the fucking hell of it!
> (disinformative posts)
>But the content of this one is *very* interesting
> for quite a few other regards
> and will allow me to act upon
>
>1)
>For the past 4 years, I had given Richard Christman the benefit of the doubt
> and that *some day* he would add *something* to QS
> to trap typos/syntax/coherency errors at the source
> a GUI to help keying (and eliminate the missing/extra colons problem)
> controls behind that GUI to highlight coherency errors
Hang on a minute... The only other person around here that claims QuickSilver
does not have a GUI is....<insert drum roll here>...LE TROLL.
Not content with fucking up royally and PGP signing a troll post, Frog-Admin
joins LE TROLL in attacking QuickSilver. Quel Surprise!
>In post news:200309160229....@skuz.net, Richard Christman says:
>|As for the freetext window. It is simplicity in itself.
>|It is in fact the single biggest success of my QS design.
>IOW it kills any hope that QS will have any kind of input control any time.
>
>Remailer messages must obey a strict syntax, or they will be lost
>QS definitely favors the *appearence* of simplicity over the *necessity* of
>control
Bollocks. Quicksilver uses Mixmaster. It is not subject to your beloved
partitioning attacks. It calls Mixmaster to generate a message complying with
the "strict syntax". You just failed to master it. You, like JBN, are
obsolete.
>QS will *not* deliver any early warning upon typos
>QS will let the user wuth the *false* impression that the message is OK and
>will be processed
>Bypassing any control or error messages just "to make things look simple" is
>a FRAUD, and it is routinely sentenced as such in every consumer issue in
>occidental world.
What about the oriental world retard?
>
>Incidentally, that will generate buzz in apas,
> unfortunate newbies wondering why their messages won't arrive
> will ask why
> and willy nilly contribute to the publicity of a product which does not
>deliver
Uh-huh. Shame the buzz surrounding Frog-The-Troll hasn't worked as good
publicity for you. Shoulda stopped talking out of both sides of your mouth a
*long* time ago.
>All those elements are the mark of SNAKE OIL,
> and Richard Christman admittance will make me
> make a move I did not expect to take begore QS's 4th aniversary
> formally designate QuickSilver as SNAKE OIL
>
Like the stats snake oil you peddle? I think not. QuickSilver works for the
end user. Your stats don't. They omit a significant number of remailers. In
recent times they have been reset regularly thus manipulating the qualifying *
remailers. They list your stupid/unbelievable personal latency. In short, they
are not trustworthy.
>
>2)
>My answer to a person asking a technical question was purely technical and
>factual
>- -Latency is a Cpunk directive
>- -QS did not detect the discrepancy between Mix and Latency
> because it does not perform that control
> because it does not perform *any* control at all
>Those are incontrovertible facts,
That is utter hogwash. Latent-Time: is a cludge added onto Cpunk to try and
mitigate some of its weaknesses. It is supported by most, if not all, exit
remailers. There it serves a purpose. Within the chain it does not - unless
you are an adversary of anonymity.
> but they triggered a diatribe by Richard Christman
> -Marketing mottos (QS is new, JBN is old)
> -FUD about Reliable and JBN alleged vulnerabilities
> while that junk had already been technically answered
Er no... Your LE TROLL personality shouted about it. Someone else pointed out
how easy it would be to trace messages because of the use of a non-crypto rand
function.
>- -a mini-flood is actually developing in apas
> to distract attention from that clear exemple
> of QS shortcoming and absent reporting
Bollocks again. A mini-flood is being brewed up by YOU to try and hide your
PGP-signing slipup.
>Attacking anything that walks,
>flooding pure-marketing mottos when technically questioned
>spreading FUD about 'competitors'
>This to be related with the direct attacks and accusations against me
>(Frog-Admin) starting 2 weeks after I offered JBN2 quickStart as a hekp to JBN.
The criticism existed long before you did that.
>All those elements are the mark of SNAKE OIL,
> and Richard Christman admittance will make me
> make a move I did not expect to take begore QS's 4th aniversary
> formally designate QuickSilver as SNAKE OIL
>
>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>XXXX
>Now, let's go to your post, as it contains a few minor inaccuracies
>
>>>Well, anyway, JBN is not perfect. The JBN GUI is counterintuitive and a
>>>new user must read the manual over and over to begin to grasp what is
>>>required
>>
>>LIE or IGNORANCE
>>Prepackaged templates work without any modification
>
>provisions:
>it is better to have JBN QuickStart installed
>one must replace remailer names
This isn't going to stop people believing you write LE TROLL posts. It will
strengthen that belief.
>>POT CALLING KETTLE BLACK
>>QS has no GUI at all: a white sheet, where a missing colon sends the
>>mail to the bucket.
>>For 4 years, you were unable to build a GUI for QS, because you don't
>>master the Cpunk parameters yourself.
>
>I already discussed the QS fraud of bypassing all controls just to make
>things look simple and working while they are not.
You mean you rehashed your anonymous troll post. There can not be many left
who don't see you're equally foul with and without the signature.
>>>What about JBN's use of VB random functions. Microsoft clearly states
>>>those are not suitable for cryptographic purposes. This is a serious
>>>security consideration. People should know about that.
>>
>>LIE or IGNORANCE
>>VB random functions are not used in JBN for cryptographic purposes,
>>but only to internally name the files. They could as well be named
>>sequentially without any consequence.
>
>Dingo-Admin and Bikikii-Admin already confirmed your point
They're in denial. You're further round the bend than last week's turds.
That would explain your PGP signature fuck-up. Wrong keyring. Default key
Frog-Admin, not Script Kiddie, LE TROLL, Patrick Paris, or Feltching-For-Free.
>I only use 2 main techniques
> -removable disk (floppy or encrypted containers)
> -different user profiles under Win2K
>
>Duplicating confidential information over multiple places is a BAD idea
>anyways, privacy-wise.
>My personal balance between Security-Privacy and Security-RiskOfLoss is that
>I keep *one* backup on *one* encrypted zip diskette
>
>>>What about the future? JBN has not been updated in 5 years and there
>>>are no plans to do so. Considering what we can actually see in the near
>>>future, JBN and Reliable are on the virge of obsolesence. People want
>>>new protocols supported in their remailer client. For people that study
>>>incredibly hard to learn how to use JBN, there will be no new versions
>>>and no incorporation of new technologies. Another unwelcome dilemma
>>>when using JBN relates to the desire to upgrade other software packages
>>>and the need to retain backwards compatibility for JBN. That new
>>>windows platform they'd like may not be possible and no new PGP
>>>version, either. I can't understand why you won't update JBN, but that
>>>is your business.
>>
>>Put a GUI on QS, and then you may speak of JBN development.
>>People running JBN or Reliable certainly don't need your assistance
>>and don't care telling their plans to people like you.
>>
>>Repeating lies and flooding apas with your trolls won't help your case
>>either.
YOUR trolls.
Frog-Admin
On Wed, 17 Sep 2003, Anonymous <Bigapple...@Optonline.Net> wrote:
>On Wed, 17 Sep 2003, futureworlds
><Use-Author-Supplied-Address-Header@[127.1]> wrote:
>>On Fri, 8 Aug 2003, "Dave Korn" <no....@my.mailbox.invalid> wrote:
>>
>><snip>
>>
>>>Yep, but frog aside, what about jbn? What kind of security problem does it
>>>have?
>>
>>There may be problems with JBN's use of VB random functions. Reliable
>>certainly has some problems there.
>>
>
>Blanket statements, when specifics have already been provided as to WHY
>this statement is misleading FUD.
>
>Stop trying to scare the newbies into using Quicksilver and losing their
>mail, Richard.
Repeating things over and over, like a mantra, until mind numbs,
is one of the characteristics shared by the tribe of pseudo-experts
Repetition is no substitute to intelligence, nor to facts.
But it does not matter, both intelligence and facts are disturbing to them
Expect the various mantras to pop again and again:
Christman will go on insisting that:
mixmaster 2.04, 2.9 an 3.0 are different protocols
latest being more secure
Cpunk encapsulated in Mix is less secure than Mix only
Max-directives for nyms create a partitioning vulnerability
Rnd functions in JBN/reliable are used for cryptographic purposes
QS supports mixminion
...
he is a programmer, a prosecutor, a mind-reader, a soothsayer and a genius
So will various trolls, but who is surprised?
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2iub4DgT488d3zFAQH4eggA3ERSREvKG3lB62kHUd0uU9FBB4/AHlRX
VzMf3SmF8RhSyLEo8phpuQOwG0Heyktfck3OwFuPaqQf9IY4yWFjIyrwffQMhs4a
cAOlv5yJ1nBInmtX7xzwlVkQzaleetajH6G5fm0mfZpZX5SkeNcui0JEMca7kJLV
FXT7XfY/LqGSLLDUK7HUtmgNxODt4OvMJihIC1uqbQvQtw6rvUEnevO8HY26AZQl
l02ics+5qDoLg5c5y2G7/dmb73ZH+B66dLRcrANzuUicmMEprHQj9MyPeU9qC/lF
Jst27bqO6dyH5tZzdCeWdgqYcnIDHar+CTIwhfbclyncLXBYXY98IA==
=KRbV
-----END PGP SIGNATURE-----
Frog Sucks!
>Repeating things over and over, like a mantra, until mind numbs,
> is one of the characteristics shared by the tribe of pseudo-experts
What a fucking joke, from the biggest flooder the remailer network has ever seen.
Do you think you can say shit like this after flooding the same message 10s of thousands
of times for months on end?
Fuck you, Frog.
Franz Weigel
> Where can I see the X-Remailer-Contact abuse you say frog is
> commiting?
Look at the headers of a post through frog.
X-Remailer-Contact: http://80.65.224.85/ In case my abuse address is
unreachable: It is because I have been flooded by <m...@uiuc.edu>,
please contact <ab...@uiuc.edu>
That e-mail address belongs to someone who submitted abuse complaints
to frog-admin. FA does not like to deal with abuse and put the
complainant's e-mail address in his remailer headers as his abuse
address.
Whether the complaints were right or wrong, it's inexcusable of FA to
publish that e-mail address in this way. This sort of thing brings
down the reputation of all remops. That's why frog is being cut off
from the rest of the remailer system.
Anonymous Sender
wrote:
>FYI, I did not know myself:
>- -this Spring, that I would have a Wion32 NymServer software working
>in September
>- -3 weeks ago, that my efforts to port JBN2 and Reliable to PGP8
>would be halted, at least temporarily
That sounds interesting.
How far did you go? Why did you stop? What happened?
Are you alone on that project?
Nomen Nescio
<fr...@expires-200309.rodent.frell.eu.org> wrote:
>>For the past 4 years, I had given Richard Christman the benefit of the doubt
>> and that *some day* he would add *something* to QS
>> to trap typos/syntax/coherency errors at the source
>> a GUI to help keying (and eliminate the missing/extra colons problem)
>> controls behind that GUI to highlight coherency errors
>Hang on a minute... The only other person around here that claims QuickSilver
>does not have a GUI is....<insert drum roll here>...LE TROLL.
STRAY CAT = FROG = LE TROLL = ME TOO
One freetext box does not qualify as a GUI, if you compare it to the
30 combos and textboxes in JBN. Even PI has a richer GUI than QS.
Frog-Admin
Didn't I suggest to read the JBN Help file?
It's all written here:
http://www.skuz.net/potatoware/jbn2/JBNH-en.htm#BookMessage
|To add a Latent-Time directive to a remailer, which affects how long the
|remailer holds the message before remailing it, select the desired latency
|value from the drop-down list to the left of the Add button, or type in the
|value.
|
|Note: In the case of Mixmaster remailers, a Latent-Time directive may only be
|added to the last remailer in the chain. Further, if a Latent-Time directive is
|added, the remailer must support the hybrid capability. (JBN will warn you if
|you violate this limitation.)
|
|A Message Book may be in Cypherpunk mode or Mixmaster mode (if installed). This
|determines what kind of remailers are used to send the message. To switch
|between Cypherpunk and Mixmaster mode, use the Remailers menu, or press Ctrl-M.
|When in Cypherpunk mode, the Remailer Chain list will be blue-green. When in
|Mixmaster mode, it will be magenta (light purple).
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
HOW IT WORKS:
QS:
the author doesn't know the feature
the author did not implement it
you are on your own in front of a blank page
and left to wrongly believe that QS checked your input
and that the network will process the message as you expected
You beg on apas for a detailed information and you get marketing crap
'QS is new', 'JBN is obsolete', 'Reliable is obsolete too'
plus a string of messages to hide QS shortcoming
and total lack of control of anything
JBN2+Cpunk:
Latency combo is displayed and you can add the Latency at every hop
(remailer must support latency
all do - if the feature was not supported by that hop,
you would get an error message
JBN2+Mix
Latency combo is not displayed as the feature is unusual
JBN2|Option|Show Advanced ---> Latency combo shows
Select any hop but the last one: Latency Combo is grayed and locked
Select the last hop: Latencty Combo is unlocked
Try to Queue you message:
If the last remailer does not support 'hybrid' and 'Latency'
an error message pops and details the problem
BOTTOM LINE
JBN2 offers both
a guide to go through the arcane rules of composing a valid message
a control that the rules are respected
a guarantee that your message will propagate and show as *you* expect
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Incidentally,
you will notice that Reliable remailers are the only ones to offer 'hybrid'
http://frogadmin.yi.org/MISC/CompCaps.html
Loosely related:
the MAX directives were not implemented *at all* in non-Reliable
(Mixmaster) remailers until a few months ago
and after a frantic campaign of FUD saying it created a risk of partitioning for nyms
(I don't know if the official version supports it)
Hope that this will give you a fresh insight
why the 'experts' from Mixmaster and QS gang against RProcess
who alone authored Reliable, JBN1, JBN2, Potato in less than 2 years
while 4 years later they still don't offer the same set of features.
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2leoYDgT488d3zFAQEFSAf7BLQSmWina+vCvMsWG2GEjHPZkEh/qSuV
BjOriAWqhxvIP/nOohIvmGCAMTgoq2A5rNK+Z1kkJgLAhEDHYAokv/Ba0C0nwobU
U8o5Fg8DvW/YLnRKPpqb5Db30nTHXW8NMC52ldUb6gpGX5+gSyKz6LBqpwxUfniO
EMPv7fnALDhzfvH/4E1hpFTUKJZuuf/6GgIwVDZwoZjiQG+IH89X5Mfdslunprxo
ghHMDyAr8Qw9u+A4wAg4nYXpu7g8YMrzer4dDMvbBds2Byu2RKKJ/hKvbMcsfDcE
hH/LnLCNh3emQEPJ9EanbCtoEPxtZ2ZPnfvWVoe/EtfeY9n+0+Uq9Q==
=1AxA
-----END PGP SIGNATURE-----
Frog-Admin
On Wed, 17 Sep 2003, Anonymous via the Cypherpunks Tonga Remailer <nob...@cypherpunks.to> wrote:
>An Metet <anm...@freedom.gmsociety.org> wrote:
>
>> In article
>> <1d278a6e4517adc2...@remailer.frell.eu.org>
>> BlackTroll <fr...@expires-200309.rodent.frell.eu.org> wrote:
>> >
>> > Mixmaster supports a latency directive which will be seen and acted upon by
>> > the last remailer in your chain.
>>
>> This seems to contradict what's been previously posted. Does
>> Latent-Time have any effect on Mixmaster posted messages or not?
>
>Mixmaster has a pooling scheme that is vastly superior
And another serving of marketing hype
>There is no latent-time directive in Type II
>nor is there any need for it from an anonymity point of view.
Of course, the user's point of view is irrelevant
>Hybrid Remailers (as Reliable) interpret Type I directives if they find one in
>a message. But this only works at the last hop.
Reliable remailers are the *only* ones to offer the necessary "hybrid" capability.
http://frogadmin.yi.org/MISC/CompCaps.html
More news:03YM7IDC3788...@Gilgamesh-frog.org
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2liVoDgT488d3zFAQHoSgf/ebremwaS6iaug75FOkvA49WpejX+YgQd
Y/a6bbLfcDF9u5wVlGcVcuIPwfAueF4Gc4ggJDxQLlizr0EnpLRisbbDsVswHgOt
bb8cgfcXHNgYj+bgfQ0Y4ojmOsTfnPJ6RPS6EyoXOvgvYWzdI06vRuVCiBp6r1Zo
CYHu3x0Y4yjkagshUeSeKjNSsOC2u/tuEknZUPMPuNAsf2nt0dDBOMLdNvqAYYxd
ctbk0c2QLrQECQhzU40v6m0j6iwBfZPjQvu/Lk7pYq7RQXiG0WQhdJpi98WwATbH
EQTypKd+niJoz1d/X1VZG3zPfFbU0jgQna0Kh/u5EIo0bHxEPh++8Q==
=N8th
-----END PGP SIGNATURE-----
Anonymous via the Cypherpunks Tonga Remailer
> >> This seems to contradict what's been previously posted. Does
> >> Latent-Time have any effect on Mixmaster posted messages or not?
> >
> >Mixmaster has a pooling scheme that is vastly superior
>
> And another serving of marketing hype
No. The stop-and-go algorithm implemented in Reliable fails badly under
certain active attachs such as n minus one attack. Having a timed dynamic pool
mixing algorithm is better in this and many other cases.
If you are interested I can point you to some interesting literature in the
field discussing this very item.
> >There is no latent-time directive in Type II
> >nor is there any need for it from an anonymity point of view.
>
> Of course, the user's point of view is irrelevant
Frankly yes. You seem to think that options are good in an anonymity system.
They only help to divide the users into different groups that use different
"features".
> >Hybrid Remailers (as Reliable) interpret Type I directives if they find one in
> >a message. But this only works at the last hop.
>
> Reliable remailers are the *only* ones to offer the necessary "hybrid" capability.
correct.
ishtar
Frog-Admin
On Thu, 18 Sep 2003, Anonymous wrote:
>Anonymous...@See.Comment.Header (Frog-Admin) wrote:
>No. The stop-and-go algorithm implemented in Reliable fails badly under
>certain active attachs such as n minus one attack. Having a timed dynamic pool
>mixing algorithm is better in this and many other cases.
Are there *practical* consequences for real users?
If only the "attacker's" messages stand up
and if he is only shooting his own foot,
the point is moot.
>If you are interested I can point you to some interesting literature in the
>field discussing this very item.
Drop the URLs, but as an operator I got other priorities.
eg floodings: I would need a specific tweak against the
Frog,*,Frog,*,Frog .... attack more than anything else
If think I found a defense, but I am unwilling to dig into the mixmaster code.
If you want to help on that matter, I got an email ...
eg a port of nilsimsa as a Win32 .DLL so that I can test it conveniently
eg ... a whole shopping list of terribly trivial things
>> >There is no latent-time directive in Type II
>> >nor is there any need for it from an anonymity point of view.
>>
>> Of course, the user's point of view is irrelevant
>
>Frankly yes. You seem to think that options are good in an anonymity system.
>They only help to divide the users into different groups that use different
>"features".
Let's agree that we disagree, then.
I run a remailer to help real-life users
and give them the largest choice,
not for the sake of cryptological correctness.
If they want to use one feature or the other, that's their decision.
Look at http://frogadmin.yi.org/cgi-bin/Spy1.exe
the MAILOUT figure gives you an estimate of
how many people probably used the Latent directive.
Whatever silly/outstanding they are trying to achieve,
there is nothing that would not be cured by an extra hop
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2l3voDgT488d3zFAQFw6Af/b2BcMCim65PLDGApU1duPLN+UwekCE22
qtCO0qHmbDM1DZArRsFtr0uzVFlgOGklvMi2fHgoHm/ggZzFywr322Jp4tD5RxRi
rn9LdMgJViqYmUyXci+PcJOQjKj5wmt5pD7sOAxOxCcxbxX1y9F2Mf+qYHGLfejV
uIOVQQvwkdnhMtTiMoOgiG/XTSvNwWz/RYvyF/ynQ2whWSbHPLcroulSLaz9+FWC
BVVlAgsozECTbUSGOdbLvh71/JQRQ6PI9kgAq7HoNF8151NMcPuoSfZbnguydqNM
JlFySk31uuMdhan7BtMkpj8CWqe2ADdeP5nOgCcCHQe0JFK26OPW+Q==
=0gzF
-----END PGP SIGNATURE-----
Frog-Admin
Following
http://frogadmin.yi.org/NYMSERVER/Bugs.html#Bug_20030830
I started shopping for a 3rd party .dll.
One .dll looked promising and supported PGP8.
I contemplated writing a wrapper so that new.dll would emulate spgp.dll
and could be substituted to it at minimum/null cost of modifying Reliable/JBN
Preliminary tests failed
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2l9sIDgT488d3zFAQE7YQf9GaGLWbJfTNipuRRrXoe8Lsivt32tg9Va
sLf0BCFrtVdoGutK2H754zSiMNmx7VwTYZC0YrIDbWAQ21YaceHEE4aU9xvzX9+a
lizLXp1Db1leadsx7nEnAJlpi/t2jf1T/M7jhasJkGmLbVJ+IBeddVKJi+qEyDws
tx9sHmy3jlz8iFAaGb7HBZZNXCN5srr5RXlEAtJM32OVxwdq7xaTG/QNUY2skLIR
sGNC4trh6Wi3WXrcMxpttcy0cNwuodmyKLmNzKypGdm/tJxEEpuou3ojr6rFkcQD
G1nf8Ysqe3GzwRIJhk+r08d2yuiugGHlz3RckeEoR6R/QhImT/h+7A==
=gJjG
-----END PGP SIGNATURE-----
Nomen Nescio
wrote:
>Hope that this will give you a fresh insight
> why the 'experts' from Mixmaster and QS gang against RProcess
> who alone authored Reliable, JBN1, JBN2, Potato in less than 2 years
> while 4 years later they still don't offer the same set of features.
More investigation than your tiny little frog-brain will hold has been
done by "experts". They come to a simple conclusion about anonymity
systems - KISS. Keep It Simple Stupid!
You're so Stupid you want to introduce extra complexities.
Extra complexities, extra parameters, extra options. These all allow
the remailer user base to be divided up into little groups and
identified one by one.
You, and your troll alter-ego, were the only people insisting
partitioning attacks did not exist. Now you discount their seriousness.
Why?
Anonymous via the Cypherpunks Tonga Remailer
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Thu, 18 Sep 2003, Anonymous wrote:
> >Anonymous...@See.Comment.Header (Frog-Admin) wrote:
>
> >No. The stop-and-go algorithm implemented in Reliable fails badly under
> >certain active attachs such as n minus one attack. Having a timed dynamic pool
> >mixing algorithm is better in this and many other cases.
>
> Are there *practical* consequences for real users?
> If only the "attacker's" messages stand up
> and if he is only shooting his own foot,
> the point is moot.
The attacker would not be shooting in his foot, he would be able to trace a
message through a remailer. The idea is simple: Delay all mail from getting
to a remailer. After some time - not long - the pool will be more or less
empty as messages are sent out after their assigned time. This would take a
few hours at most. Then let the one message you are interested in to the
remailer. Any message that exits the remailer now is either your target or a
dummy generated by the remailer.
The stop and go schema implemented in Reliable does not very well protect
from that. It would be not difficult for an ISP to pull that, and given
how often remailers are down for some time who tells us they are not trying?
I'm no VB programmer (I prefer to get my hands dirty with C :-)) but maybe
you can modify Reliable to keep a minimum amount of messages in the pool at
all times as mixmaster does? If you modify it to also only send a fraction
(nn%) every m minutes (as set by the operator) then this is a lot more
difficult, even for an ISP.
> >If you are interested I can point you to some interesting literature in the
> >field discussing this very item.
>
> Drop the URLs, but as an operator I got other priorities.
> eg floodings: I would need a specific tweak against the
> Frog,*,Frog,*,Frog .... attack more than anything else
> If think I found a defense, but I am unwilling to dig into the mixmaster code.
> If you want to help on that matter, I got an email ...
If you have a solution for that that would be a good thing. Let me know if I
can help you with this. ish...@hod.aarg.net
> eg a port of nilsimsa as a Win32 .DLL so that I can test it conveniently
> eg ... a whole shopping list of terribly trivial things
>
> >> >There is no latent-time directive in Type II
> >> >nor is there any need for it from an anonymity point of view.
> >>
> >> Of course, the user's point of view is irrelevant
> >
> >Frankly yes. You seem to think that options are good in an anonymity system.
> >They only help to divide the users into different groups that use different
> >"features".
>
> Let's agree that we disagree, then.
Agreed :o)
ishtar
Frog-Admin
On Thu, 18 Sep 2003, Anonymous via the Cypherpunks Tonga Remailer <nob...@cypherpunks.to> wrote:
>Anonymous...@See.Comment.Header (Frog-Admin) wrote:
>The attacker would not be shooting in his foot, he would be able to trace a
>message through a remailer. The idea is simple: Delay all mail from getting
>to a remailer. After some time - not long - the pool will be more or less
>empty as messages are sent out after their assigned time. This would take a
>few hours at most. Then let the one message you are interested in to the
>remailer. Any message that exits the remailer now is either your target or a
>dummy generated by the remailer.
>
>The stop and go schema implemented in Reliable does not very well protect
>from that. It would be not difficult for an ISP to pull that, and given
>how often remailers are down for some time who tells us they are not trying?
It was THAT one!!!
- -Look at
http://frogadmin.yi.org/Graphs/Browse.html
eg http://frogadmin.yi.org/Graphs/IDAY_20030916.gif
One can check afterwards that such attack did not take place
- -Remailers with their own SMTP directly receive mail
and are not dependant on ISP's manipulation
- -Frog feeds on multiple sources:
-SMTP
-half a dozen POP boxes for 'private users'
see http://frogadmin.yi.org/Tek/Frog_Rcv_Alias.html
all that is mixed and attacker should control *all* the boxes
to perform your attack
- -Frog has multiple connexions and that adds to the mix
- -Bounces are recycled in a semi-automated way, and that adds to the entropy
>I'm no VB programmer (I prefer to get my hands dirty with C :-)) but maybe
>you can modify Reliable to keep a minimum amount of messages in the pool at
>all times as mixmaster does? If you modify it to also only send a fraction
>(nn%) every m minutes (as set by the operator) then this is a lot more
>difficult, even for an ISP.
Messages for stats, remailer-xxx, FromHead, usual dummy ...
and a sustained user traffic don't let my MAILOUT empty
>> >If you are interested I can point you to some interesting literature in the
>> >field discussing this very item.
>>
>> Drop the URLs, but as an operator I got other priorities.
>> eg floodings: I would need a specific tweak against the
>> Frog,*,Frog,*,Frog .... attack more than anything else
>> If think I found a defense, but I am unwilling to dig into the mixmaster
>> code.
>> If you want to help on that matter, I got an email ...
>
>If you have a solution for that that would be a good thing. Let me know if I
>can help you with this. ish...@hod.aarg.net
I send you a copy of the mail I already sent to a few persons, with my elucubrations,
and you tell me if it makes sense
If it does not ... I can take it.
I never claimed to have an intricate knowledge of the structure of MIX packets.
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2mPDIDgT488d3zFAQGOEwgAxzYtlBUAgHAiIY5pZ5PLWQ3OIl8muPJ+
57EJPD1HgMxejZhsQg+7Am4TLMC9/z/CYv3ZmwzGyHR0YsKJPUSfKPqrVe4Bcga+
8jgoSvpabUvR8HC4sjS2Ygby/3/OlhdWEudvKifxpOnZ6PlDG4o6v5bAYoqcwT75
ozq3/vN94JYC6q5GtLAWFtaiP+9UTBAclQS7eqDke1iGNCkglbzYLpaSNObX3Y6u
33sC6s7FnuBVRTLF1w2UuPLoBc7/BVu4iiLajbNJLbXxhDkqK+vGRoU90QjxOKeQ
yJ3ZphORswvbn+OkVDvaXsVTJXugFJ65kD3HzebOFJnBKfARSjLg0A==
=g3Pr
-----END PGP SIGNATURE-----
Anonymous via the Cypherpunks Tonga Remailer
> >The attacker would not be shooting in his foot, he would be able to trace a
> >message through a remailer. The idea is simple: Delay all mail from getting
> >to a remailer. After some time - not long - the pool will be more or less
> >empty as messages are sent out after their assigned time. This would take a
> >few hours at most. Then let the one message you are interested in to the
> >remailer. Any message that exits the remailer now is either your target or a
> >dummy generated by the remailer.
> >
> >The stop and go schema implemented in Reliable does not very well protect
> >from that. It would be not difficult for an ISP to pull that, and given
> >how often remailers are down for some time who tells us they are not trying?
>
> It was THAT one!!!
> - -Look at
> http://frogadmin.yi.org/Graphs/Browse.html
> eg http://frogadmin.yi.org/Graphs/IDAY_20030916.gif
> One can check afterwards that such attack did not take place
Hmm. ok. But if it took place it's too late, isn't it?
> - -Remailers with their own SMTP directly receive mail
> and are not dependant on ISP's manipulation
An ISP controlls your connectivity to the world. While they might not
control the mailserver they use they certainly can block/delay others from
getting to you or you getting to them.
> - -Frog feeds on multiple sources:
> -SMTP
> -half a dozen POP boxes for 'private users'
> see http://frogadmin.yi.org/Tek/Frog_Rcv_Alias.html
> all that is mixed and attacker should control *all* the boxes
> to perform your attack
or just your connectivity :)
> - -Frog has multiple connexions and that adds to the mix
as in IP providers? That's good then.
> - -Bounces are recycled in a semi-automated way, and that adds to the entropy
What do you mean with entropy?
> >I'm no VB programmer (I prefer to get my hands dirty with C :-)) but maybe
> >you can modify Reliable to keep a minimum amount of messages in the pool at
> >all times as mixmaster does? If you modify it to also only send a fraction
> >(nn%) every m minutes (as set by the operator) then this is a lot more
> >difficult, even for an ISP.
>
> Messages for stats, remailer-xxx, FromHead, usual dummy ...
> and a sustained user traffic don't let my MAILOUT empty
The user traffic would be cut off in that case, remailer-xxx are easily
distinguishable from the rest...
> >> >If you are interested I can point you to some interesting literature in the
> >> >field discussing this very item.
> >>
> >> Drop the URLs, but as an operator I got other priorities.
> >> eg floodings: I would need a specific tweak against the
> >> Frog,*,Frog,*,Frog .... attack more than anything else
> >> If think I found a defense, but I am unwilling to dig into the mixmaster
> >> code.
> >> If you want to help on that matter, I got an email ...
> >
> >If you have a solution for that that would be a good thing. Let me know if I
> >can help you with this. ish...@hod.aarg.net
>
> I send you a copy of the mail I already sent to a few persons, with my elucubrations,
> and you tell me if it makes sense
> If it does not ... I can take it.
> I never claimed to have an intricate knowledge of the structure of MIX packets.
I didn't get it yet. Maybe later.
Ishtar
George Orwell
On Tue, 10 Jun 2003, Anonymous...@See.Comment.Header (Vic) wrote:
>Several days ago some Usenets posts I made with Frog as the
>final remailer failed to appear on my main news server so I thought
>Frog was not functioning correctly. Then, I checked on an alternate
>server and indeed the missing Frog posts were there. Since that
>time it appears that my main news server (located in Germany)
>has begun to block postings thru Frog, but not other remailers.
>Has anyone had a similar experience? Any idea why a news
>server would block one remailer, but not (yet) others?
Because frog-admin is a psychotic criminal who responds to legitimate abuse
complaints by flooding the people who complain, and then adds their names and
email addresses to the headers of every post through his remailer to flood and
spam people who complain about all his other abuse.
If that wasn't bad enough, he threatens to get people fired from their jobs for
disagreeing with him on Usenet. Luckily, he's so obviously a psychotic maniac
that nobody would fire anyone based on the lies of this kook. But behavior like
that gets punished, and people now back away warily from the unmedicated
psychotic and refuse to forward his floods and abuse.
Since other remops aren't abusive criminals, they aren't treated like this.
frog-admin is now a sad pariah, and his remailer is blocked by all responsible
remops. Avoid frog and you should be okay.
Frog-Admin
On Thu, 18 Sep 2003, Anonymous via the Cypherpunks Tonga Remailer <nob...@cypherpunks.to> wrote:
>> It was THAT one!!!
>> - -Look at
>> http://frogadmin.yi.org/Graphs/Browse.html
>> eg http://frogadmin.yi.org/Graphs/IDAY_20030916.gif
>> One can check afterwards that such attack did not take place
>
>Hmm. ok. But if it took place it's too late, isn't it?
I believe in deterrence.
If attacker knows that such action would not be unnoticed....
>> - -Remailers with their own SMTP directly receive mail
>> and are not dependant on ISP's manipulation
>
>An ISP controlls your connectivity to the world. While they might not
>control the mailserver they use they certainly can block/delay others from
>getting to you or you getting to them.
You mean:
selectively intercepting packets 25, 110 and 2525 (my alternate SMTP port)
That's a bit expensive for the attacker, and a dubious result
>> - -Frog has multiple connexions and that adds to the mix
>as in IP providers? That's good then.
ADSL on one Name+Address, Cable on another Name+Address, switched on a 3rd,
all interconnected though ehernet
>> - -Bounces are recycled in a semi-automated way, and that adds to the entropy
>What do you mean with entropy?
I recycle bounces when I feel like
Same for posts intercepted by some filters, which I decide to salvage after summarily review.
>> >If you have a solution for that that would be a good thing. Let me know if I
>> >can help you with this. ish...@hod.aarg.net
>>
>> I send you a copy of the mail I already sent to a few persons, with my
>> elucubrations,
>> and you tell me if it makes sense
>> If it does not ... I can take it.
>> I never claimed to have an intricate knowledge of the structure of MIX
>> packets.
>
>I didn't get it yet. Maybe later.
I just sent it know, I got a visitor.
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2nrFYDgT488d3zFAQE+0ggAvHdriG8IgBw5olDg5GobdwsRrUzBcq34
cqwm7NB6FjUwBVqyYTIK4UhxHNubRJFL955jOTx/eZkY5NcURZ+NaWImoEKrTFnO
NQzX0/WtKmuDVFjOZ7+n3Zk6OOSMgHF6Z0phZHZyD8qeq9MPKBSKhQiWqMdDKrtG
oA3KPIGCZILPs4iat5Mo45GyL7k7aLPkcIKV4pwxQl/uvyNTGPY5QGELp1IQIm80
DqmMqlRDTwB8n3Tu0A6jjflG1g4F39+eYihK8Nm2xjwnAEwlEjIhBB1xbRQCICFt
FyJjLPAi27rNcnKXAHDbaFohhzsmLwxCMKcNrIQV1YOnWYB/25zUBA==
=Lm+D
-----END PGP SIGNATURE-----
Anonymous via the Cypherpunks Tonga Remailer
> >> - -Remailers with their own SMTP directly receive mail
> >> and are not dependant on ISP's manipulation
> >
> >An ISP controlls your connectivity to the world. While they might not
> >control the mailserver they use they certainly can block/delay others from
> >getting to you or you getting to them.
>
> You mean:
> selectively intercepting packets 25, 110 and 2525 (my alternate SMTP port)
> That's a bit expensive for the attacker, and a dubious result
However mostly trivial for your ISP or its backbone providers. You can
almost say that it is built into the hardware.
> >I didn't get it yet. Maybe later.
>
> I just sent it know, I got a visitor.
Got it. Will look into it after some social activity.
ishtar
Anonymous
>On Thu, 18 Sep 2003, Anonymous via the Cypherpunks Tonga Remailer <nob...@cypherpunks.to> wrote:
>>Hmm. ok. But if it took place it's too late, isn't it?
>I believe in deterrence.
>If attacker knows that such action would not be unnoticed....
If the attacker wants, what makes you think users will see accurate
graphs? (See below.....)
>>An ISP controlls your connectivity to the world. While they might not
>>control the mailserver they use they certainly can block/delay others from
>>getting to you or you getting to them.
>
>You mean:
>selectively intercepting packets 25, 110 and 2525 (my alternate SMTP port)
>That's a bit expensive for the attacker, and a dubious result
Trivial, absolutely trivial, for anyone with any competence working at
an ISP. Even without administrative access, it's possible to intercept
and inject new content. I've seen it done in the late-1990s as an
information warfare research project, all in software. And if someone
can place a box in between you and the rest of the ISP's network, it
becomes even easier--the simplest MITM attack.
Frog-Admin
On Thu, 18 Sep 2003, Anonymous via the Cypherpunks Tonga Remailer <nob...@cypherpunks.to> wrote:
>Anonymous...@See.Comment.Header (Frog-Admin) wrote:
>
>> >> - -Remailers with their own SMTP directly receive mail
>> >> and are not dependant on ISP's manipulation
>> >
>> >An ISP controlls your connectivity to the world. While they might not
>> >control the mailserver they use they certainly can block/delay others from
>> >getting to you or you getting to them.
>>
>> You mean:
>> selectively intercepting packets 25, 110 and 2525 (my alternate SMTP port)
>> That's a bit expensive for the attacker, and a dubious result
>
>However mostly trivial for your ISP or its backbone providers. You can
>almost say that it is built into the hardware.
Yes, "expensive" is not the proper word.
I rather meant:
- -there are other ways to achieve the same result, which don't require that type of access
- -if you have that type of access, you can hurt the remailer much more than that
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2rB9YDgT488d3zFAQF8pgf/UvCdxNxWEsid1MO565bt3jygUwvf9mDS
nmVxUQNWHRrQwqrcjR/t33yKFN2cIh28gI5oWLkRPwSGgoUKd9GmDUmYSHcJGzXU
gQyS8sQDHibWwxA+NLlE+HdeMIu50wu22Aj/VykQFHW5lH7kP4U9uitiul3LF0Iu
VLK8hftoLKZceIbUQYbeKMgJNXFq3yUIenjn+zzcEyxbm4dj07IM2naUUXos3GWI
gqgSxB0JLaKqSfH5TrCPwrMvbYPMDVKPtZxo5H4nUPRr8UI4SWnncwU/Ww51ZDGH
1i2J7KvoV3eeMfXb/EEj22sg2MT5SLhyjd2znFZ292VhjFgPXGsW5g==
=atKT
-----END PGP SIGNATURE-----
Anonymous via the Cypherpunks Tonga Remailer
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Thu, 18 Sep 2003, Anonymous via the Cypherpunks Tonga Remailer <nob...@cypherpunks.to> wrote:
> >Anonymous...@See.Comment.Header (Frog-Admin) wrote:
> >
> >> >> - -Remailers with their own SMTP directly receive mail
> >> >> and are not dependant on ISP's manipulation
> >> >
> >> >An ISP controlls your connectivity to the world. While they might not
> >> >control the mailserver they use they certainly can block/delay others from
> >> >getting to you or you getting to them.
> >>
> >> You mean:
> >> selectively intercepting packets 25, 110 and 2525 (my alternate SMTP port)
> >> That's a bit expensive for the attacker, and a dubious result
> >
> >However mostly trivial for your ISP or its backbone providers. You can
> >almost say that it is built into the hardware.
>
> Yes, "expensive" is not the proper word.
> I rather meant:
> - -there are other ways to achieve the same result, which don't require that type of access
> - -if you have that type of access, you can hurt the remailer much more than that
The target wasn't to 'hurt the remailer' but to delay messages for a few hours
to perform an attack on a user which Reliable doesn't protect from as good as
it could.
ishtar, digging through the source trying to find your answers
Anonymous via the Cypherpunks Tonga Remailer
> about at the time Type I evolved. There is no latent-time directive in Type II
> nor is there any need for it from an anonymity point of view.
>
> a message. But this only works at the last hop.
Many remailers seem to have very low latencies. Some are under 15
minutes, according to the melontraffickers stats. Surely such low
latencies make traffic analysis easier? My impression is that the
remailer will reorder the messages in the pool before sending, but with a
very short latency it seems entirely plausible that there will be few or
no other messages waiting to be sent.
Is this impression incorrect, and, if not, is there any better solution
than manually choosing high-latency remailers?
Anonymous via the Cypherpunks Tonga Remailer
If it was exactly 15 minutes every time that would be a problem. However
what is reported is only the average latency of a remailer. On
www.noreply.org/latency there are some interesting graphs that
demonstrate what I mean. They show you the distribution of latencies
quite good.
To your other question whether it is possible that no other messages
will arive or wait to be sent in this short time I can tell you that
that depends on the mixing algorithm.
With Reliable messages are assigned a time when they will be sent as
they arrive at the remailer. It doesn't matter that no new traffic comes
in, they will be sent at the assigned time. So this could happen,
although I do not think that it will be the case unless there is
some attack. At least not if the parameters are set to have at least a
few minutes of latency.
Mixmaster keeps a pool of at least n messages (n can be set by the
operator and is usually 20 to 50 messages in size). Messages are added
to the pool. When the time is come that it wants to send messages it
picks random messages out of the pool. So there always is at least some
reordering, unless of course the operator chooses stupid parameters. If
no new messages arrive nothing is sent (also the pool size varies over
time depending on the rate and sendpool settings).
ishtar
Tarapia Tapioco
<fr...@expires-200309.rodent.frell.eu.org> wrote:
>>For the past 4 years, I had given Richard Christman the benefit of the doubt
>> and that *some day* he would add *something* to QS
>> to trap typos/syntax/coherency errors at the source
>> a GUI to help keying (and eliminate the missing/extra colons problem)
>> controls behind that GUI to highlight coherency errors
>Hang on a minute... The only other person around here that claims QuickSilver
>does not have a GUI is....<insert drum roll here>...LE TROLL.
STRAY CAT = FROG = LE TROLL = ME TOO
Frog-Admin
OK, you OUTed me
I confess, but I won't leak details
Look there:
http://frogadmin.yi.org/PotatoX_REL007.html
If I am able to filter messages from the MAILOUT folder at that moment,
just imagine what kind of other twaeaking I am doing to fool your attack.
>ishtar, digging through the source trying to find your answers
Thanks
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The worst attacks I felt vulnerable to were 2 variants of REPLAY attack:
1) If original message is CPUNK + is intercepted at the source,
transparent-remix will make the replay attack not-detectable to MD5_filter_as_implemented_in_Reliable.
2) Even without transparent-remix involved, it is trivial to defeat the way MD5 filter is implemented on Reliable:
- -just add extra characters at the end of the 1st PGP-encrypted message
I wrote a patch, but I don't recall if I implemented it for good...
I recall the tests I performed at the time, and logging for 1 month did not detect that any such attack had taken place.
I implemented my modified, "hardened" MD5 check for NymServer, though.
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2s2FYDgT488d3zFAQHPHwf/Sgh/oZTWGOax47hRrvCTaALjXw8iZLoW
6s+HSWH79I45nmvo/kmSn1ED8aiHeFrkimOhxtzJ969SEmE7UBjxnDDu1rtNEWSF
F9ES/RZwmSTt5UcLhkgpSTPhYTJf8YUeY8oGdkNRPNb16bTA13xV+507Dp7D2nmW
usVPLDLcVrzhPIFCJDiZUSNHgpkqtbwomE3k66mO2fWE/8ID0RV5FP2szVLgnYPg
955In/2nbXc7yvLp/L7ozJHLveJNS2IC73oV5BrCEo1JUUIlrHgqOoLiB0ej9pVy
7ITuAmk4DOocelE5DIvCDSsFVPc4yELng2MwiAw83IAvj6TH3q8o9Q==
=663c
-----END PGP SIGNATURE-----
Frog-Admin
On Fri, 19 Sep 2003, Anonymous via the Cypherpunks Tonga Remailer <nob...@cypherpunks.to> wrote:
>In article <e1032efb2d2fcd93...@cypherpunks.to>
>Anonymous via the Cypherpunks Tonga Remailer <nob...@cypherpunks.to> wrote:
>>
>> Mixmaster has a pooling scheme that is vastly superior to what was thought
>> about at the time Type I evolved. There is no latent-time directive in Type
>> II
>> nor is there any need for it from an anonymity point of view.
>>
>> Hybrid Remailers (as Reliable) interpret Type I directives if they find one
>> in
>> a message. But this only works at the last hop.
>
>Many remailers seem to have very low latencies. Some are under 15
>minutes, according to the melontraffickers stats. Surely such low
>latencies make traffic analysis easier? My impression is that the
>remailer will reorder the messages in the pool before sending, but with a
>very short latency it seems entirely plausible that there will be few or
>no other messages waiting to be sent.
You hit the nail on the head, but you didn't see it.
The key word is not "high latency", but "high number of other messages to hide yours".
A one-year_latency_remailer which processes one message/year won't conceal your message very well: your message will be one out of one.
A one-second_latency_remailer which processes 1000 messages/second will do quite an outstanding job: your message will be one out of 1000.
You understand that the 'key factor' is DailyVolume*Latency
The 'best' remailer to your concern will be a high-volume + high-latency remailer.
But you'll find out that, because people (or their remailer client) prefer low-latency remailers, high-latencty remailers will generally have low volumes.
I did not perform the calculations, but the key factor DailyVolume*Latency is probably similar for all remailers
>Is this impression incorrect, and, if not, is there any better solution
>than manually choosing high-latency remailers?
High 'key factor' remailers would be the solution, *not* high-latency
If you think that you are more clever than the system,
and that a manual touch will fool an automated spying:
CPUNK + manual latency at each hop is certainly what will appeal to you most.
Are such precautions necessary? I let you the choice.
For remailer weekly volumes, see
Thesaurus
http://frogadmin.yi.org/Thesaurus/
http://frogadmin.yi.org/Thesaurus/Thesaurus.html
http://frogadmin.yi.org/Thesaurus/Thesaurus.gif
http://frogadmin.yi.org/Thesaurus/Thesaurus.xls
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2s6WIDgT488d3zFAQHHOwgAmuW49PQi50tpnw24ZPRXrEeDbL5oDtar
UN08x0PlJPhBuplblAToE+XaFAEYJ8a81QKmGg5fy5n5fjpX4q25XI2fcBF1cWxs
kLNxr7MfXdspDTDfSkFVeJ7zlz1IDifh9W86fb+mLkXY0sfqtqkt0svnNKP8k9J+
kv0j1szRLu9pX97SSs0oUDsxqOBX2lFoVt+w0Ezny61M+UoIo2RIdcqAkym3RBW0
zTd1jAlmUPTVtHUXhezqUokHWKyI5f0h/A6B25dQ9lqocYDwL8sMHoJ0hGXXeHhp
sdcODWux3ALoICJyJ5b1LlbFZ1Nx/JQEhmEHMlWknqS0YHTfsqBYQg==
=Df1A
-----END PGP SIGNATURE-----
Tarapia Tapioco
> If it was exactly 15 minutes every time that would be a problem. However
> what is reported is only the average latency of a remailer. On
> www.noreply.org/latency there are some interesting graphs that
> demonstrate what I mean. They show you the distribution of latencies
> quite good.
Thanks Ishtar! I'm new to anonymous remailing so that site looks like
it'll be useful.
Frog-Admin
Nearly unrelated but....
After http://frogadmin.yi.org/NYMSERVER/Bugs.html#Bug_20030830
I started shopping for a replacement of SR Heller's SPGP.DLL
One of the components looked promising,
Besides the NymServer, it could potentially make JBN2 and Reliable PGP-7/8 compatible.
I contacted the author of the component ...
who told me he had been recently contacted by the author of PI32 too.
I don't know if that's good news for PI32, though,
because I did never manage to have the PGP component work properly ...
:-((( :-((( :-((( :-((( :-((( :-((( :-((( :-((( :-((( :-(((
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2tCSoDgT488d3zFAQEsewgAhqHPOQRSTh1Tjg8p8mf3fUScjm4+gzJV
BS5LoILMcVwJmshV7MXMBroThUQ1K3QZSL2mcw2nhLxL9/hSU/AyWdCXGinJ4LbC
N7pT/QAbgOgIFzlW0C+a83jJWLdsR0NJC1DxacN/Fxg2fnluufKtvMqjuwFWeVI/
iDWCXJcaZ2eUmiAn5o7SmtCT9hwWfL/p6IlOqTyXnWJA+GDXRwEo9kBc6+XMTeJc
uK6zPOFWenSVPIHaHGs9z/kRcdfYJcasVAvUfJeMg8bpBi8FlYHZfcxOlzaLFq9h
vGDAtYP70NvW1J8I0vOR5IBviD+g+TqXBQjKJVJW7a0yQyYlua7iPQ==
=q3L8
-----END PGP SIGNATURE-----
Fritz Wuehler
frog-admin has shown over the course of the last 4 years that he is entirely
untrustworthy. He has outed several individuals for remailer 'abuse' knowing full
well that remailers actually do provide true anonymity and his certainty of to the
actual person behind the abuse is not 100%. He might 'out' you when you have done
nothing. No one here supports him other than his own sock puppets. The fact is
most members here have killfiled his arrogant rants. He is a spammer, liar, and
megalomaniac. And now he has become a nobody, as well. Use ANY of his services at
your own risk.
Get out frog, we are sick of you.
futureworlds
In article <86e14dffa2a947fb...@tatooine.homelinux.net>
starwars <nob...@tatooine.homelinux.net> wrote:
>
>
> A "dirty tricks" group was formed last year by someone out of Homeland
> Security to quietly disrupt the remailers and get them to quit.
>
> They are quietly flooding, trolling, trouble-making and staging phony ego
> wars in an effort to end anonymous messaging on the Web. They want to see
>
> and record all, and end privacy. Yes, highly paid trolls.
>
> The privacy issue will not become public, as the government thinks that
> they will easily lose in the public media.
>
> The remailer infighting just diverts attention, and is what the "dirty
> tricks" group is trying to make happen.
>
> Keep our freedom and fight back!!!
Well, your small diatribe might have found some credence here if it
were not for Frog's outing people; his screwing around with headers in
order to flood some innocent party, and try to get the man fired from
his job; plus the psychotic episodes of his hateful posts regarding his
"enemies" and the fact that he'd like to see them shot.
Now, these are just a few of his indiscretions, but putting them
together is enough for some to ascertain that Frog has went "around the
bend" and can no longer be trusted.
No, there is no government plot afoot. Only those of Frog himself, and
his own plots did him in.
futureworlds
frog-admin posted this message. It is well known that he is a liar
and the worst abuser of the remailer network in its history.
Recently frog committed a very offensive and abusive act. An
individual had contacted him wishing to have his email address
blocked from receiving anon mail from frog. It was not the guys
first request for this blocking. Frog decided he did not like
this fellow and placed his email address plus the abuse address
of the guys ISP in the 'X-Remailer-Contact' header of ALL
messages forwarded by frog remailer.
In case you don't get the picture, the 'X-Remailer-Contact' header
is where you write to report abuse of the remailer. Every message
leaving frog remailer carried the addresses noted above. Every
message sent to frog's abuse address also went to this other guys
address and his ISPs abuse address. This could easily result in
your ISP terminating your account for some percieved wrong you
never committed. frog's conduct was very serious abuse, in itself.
Anonymous via the Cypherpunks Tonga Remailer
> >The target wasn't to 'hurt the remailer' but to delay messages for a few hours
> >to perform an attack on a user which Reliable doesn't protect from as good as
> >it could.
>
> OK, you OUTed me
hehe :-)) "Frog outed!", anyone? :o)
> I confess, but I won't leak details
> Look there:
> http://frogadmin.yi.org/PotatoX_REL007.html
> If I am able to filter messages from the MAILOUT folder at that moment,
> just imagine what kind of other twaeaking I am doing to fool your attack.
>
> >ishtar, digging through the source trying to find your answers
>
> Thanks
>
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> The worst attacks I felt vulnerable to were 2 variants of REPLAY attack:
Yes, we all know that Type I is subject to replay attacks, unless Max-Count
together with Max-Date is used. I seem to remember a discussion about that
several months back.
> 2) Even without transparent-remix involved, it is trivial to defeat the way MD5 filter is implemented on Reliable:
> - -just add extra characters at the end of the 1st PGP-encrypted message
By the way, about the stuff you mailed me about. It does not look like what you
want is possible. Want me to mail it to you or should I just post it here?
ishtar
Nomen Nescio
wrote:
>For remailer weekly volumes, see
>Thesaurus
> http://frogadmin.yi.org/Thesaurus/
> http://frogadmin.yi.org/Thesaurus/Thesaurus.html
> http://frogadmin.yi.org/Thesaurus/Thesaurus.gif
> http://frogadmin.yi.org/Thesaurus/Thesaurus.xls
Frog is really processing 70.000 messages / week?
Frog-Admin
Lately, it has been pretty stable around 10.000 msg/day
Browse into Frog Remailer Load Graphs
http://frogadmin.yi.org/Graphs/Browse.html
PeakLoads
http://frogadmin.yi.org/PeakLoads.html
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2wCmoDgT488d3zFAQFCdAf8CA1xV18ZJSkn/feChwnO0fpitPGe5Huh
PzCacVY0MfQolHN1y4SbWc1kbLTb3fyipReC7JuM39c1UaEl5QeXALa3J0NO7LTX
9CE4T4AwiEvVmCJd5mtcLN+vPq/hbnIvMxvX0A/hGFmSSa0wISBxsnDazPJc4ld/
6x5Zh+7q5I87JdqJP/i4eoNJheNlaeOFgrEzzor+6UZZon/bUUZSmEyw1M6+ets9
qYs+2FeJ6l7p382eiugBl3Bong6DnnRIq41/0VrKKBHlD45tkfX1MIdbABL4o78q
AAwP6vfeGKshR1aMMllZ+EElE9c1z4jvRW/UD9Cl251YQumwJiW6RQ==
=lrG9
-----END PGP SIGNATURE-----
Frog-Admin
On Fri, 19 Sep 2003, Anonymous via the Cypherpunks Tonga Remailer <nob...@cypherpunks.to> wrote:
>Anonymous...@See.Comment.Header (Frog-Admin) wrote:
>> The worst attacks I felt vulnerable to were 2 variants of REPLAY attack:
>
>Yes, we all know that Type I is subject to replay attacks, unless Max-Count
>together with Max-Date is used. I seem to remember a discussion about that
>several months back.
Max-Count (Max-Date,Max-Size) are user-defined and work well with Reliable
it is probably a 'must' for anybody with a real privacy concern
and doesn't want to limit himself to reply-blocks pointing to NG
Replay caches are not user-defined and there was a vulnerability there
>By the way, about the stuff you mailed me about. It does not look like what you
>want is possible. Want me to mail it to you or should I just post it here?
POST your answers if you want, and quote my questions at will.
>ishtar
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP2wI/4DgT488d3zFAQGKvQgA3CFD2AgK7/bBwRtkMbyd0bZC959ZqPZN
PMIUHDmhMCKuu9zzUy7gqynxohbTZpjTAddfDhkZTZRn+wcws9YhpOILWl0+zkwH
VVs+gEAY4cwvEm+NdSn7n+++HG56dcsPOKDKJn+1dWJHNTKsn8sMy6uFTYKqXj4S
DW62tdu1aelGJxBWcHxI7UScf5jNQrVIH5qB7h3nASGLffAYnsQa4iaiuRFDNow2
UWItju8W7gG/9Brii7DWctWZmBLi9A0YGZEF5SmCBc6Ul3A0/la4f5OSvG2od/3K
/ziQOxsj4VKIInEXP/5bgjp+UBsNtoULqun986uE3r5eqhk8DMgdCg==
=XAe3
-----END PGP SIGNATURE-----
edo
A remailer user's opinion:
Since I'm just a mere user of the system, it's possible my input
is superfluous, but I'll give it anyway.
I have no way of knowing how egregious Gardner's actions were,
nor do I care. All I know for sure is that Frog's remailer is
putting the real address of a man (an outsider to the remop
club) in the headers. It seems Gardner did not do anything
sinister, illegal or threatening.
As a user I cannot trust that Frog might also see some stupid
thing I do as a terrible transgression against humanity and
likewise cause me grief. I will never use Frog again regardless
of what other remops do as far as blocking and regardless of
whether Frog fixes the headers. I applaud those remops who are
standing up for the users, not the clique.
Anonymous via the Cypherpunks Tonga Remailer
> POST your answers if you want, and quote my questions at will.
Here you have the information you asked for. I hope everything is clear,
if not I can try to find out more.
> Problem:
> Attacks hammering a remailer's bandwidth + CPU,
> e.g. *,frog,*,frog,*,frog,*,frog,*,frog,*,frog,*,frog,*,frog,*,frog,*,frog
>
> My idea was to get rid of such flooding messages by targeting the very time they spend in the system. After a few of their too many hops on a wounded remailer, they become too old.
> I tried to lower my PACKETEXP IDEXP to very low values (6 hours),
> in hoped that the timestamp on incoming messages would qualify them for being summarily discarded.
> It did not work
>
> Q1)
> In the case of a multi-hop MIX message, what is the timestamp on the message?
> - -the time the original message was created (x hops ago)
> (that's what I believe, to have my idea work)
> - -the time the packet header was reconstructed (previous hop)
The timestamp in a Type II packet is the time of the original message creation.
but: it is in days rather than seconds, and set in the past for up to 2 or 3 days.
================================
Timestamp: A timestamp is introduced with the byte sequence (48, 48, 48,
48, 0). The following two bytes specify the number of days since Jan 1,
1970, given in little-endian byte order. A random number of up to 3 may be
subtracted from the number of days in order to obscure the origin of the
message.
================================
> Q2)
> Summary tests showed that very low expiration dates are not taken into account.
> Is there a hard-coded lower limit to the expiration times, which cannot be overridden by user parameters? (this lower limit should be lowered, for a Mixmaster 2.04b47)
The lowest limit is set to 4 days (see main.c). This makes sense given that
the timestamp can be very old even on new messages.
> XXXXXXXXXXXXXXXXXXXXXXXXXXXX
> In case the timestamp on the message is not what I hope
> [time the original message was created (x hops ago)]
> maybe the remops (as a whole) should evaluate the inconveniences of
> switching to
> [time the original message was created (x hops ago)]
> instead of
> [time the packet header was reconstructed (previous hop)]
>
> Of course,
> it gives more insight on the initial emitter
I bet this is the reason why the timestamp was done this way. To not leak too
much information while still not forcing remailers to keep the replay cache for
forever.
> but
> the attack *,frog,*,frog,*,frog is very popular,
> and there is little the targeted remailer can do but drastically dump mail
>
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> In any case, can you answer Q1 Q2
>
> Thanks
ishtar
Anonymous via the Cypherpunks Tonga Remailer
Sure, he sends all his floods through his own remailer to be able to
claim he's "under attack". Or he just massages his numbers.
Frog-Admin
On Sun, 21 Sep 2003, Anonymous via the Cypherpunks Tonga Remailer <nob...@cypherpunks.to> wrote:
>Anonymous...@See.Comment.Header (Frog-Admin) wrote:
>
>> POST your answers if you want, and quote my questions at will.
>
>Here you have the information you asked for. I hope everything is clear,
>if not I can try to find out more.
Thanks for your time searching and reading the doc.
I really have to arbiter my time ...
>> Q1)
>> In the case of a multi-hop MIX message, what is the timestamp on the message?
>> - -the time the original message was created (x hops ago)
>> (that's what I believe, to have my idea work)
>> - -the time the packet header was reconstructed (previous hop)
>
>The timestamp in a Type II packet is the time of the original message creation.
>but: it is in days rather than seconds, and set in the past for up to 2 or 3
>days.
May I reformulate:
- -It is the time the original message was created (x hops ago)
- -It is in days
- -it is purposedly biased by a [-0 or -1 or -2 or -3] random factor
Actually: [DateWritten] = [DateReal] - [RandomBias]
The filter on PacketDate can't be lowered below 4 days
because the bias can be up to 3 days
Consequences:
Lowering the targeted remailer's PACKETEXP IDEXP to the minimum
may have some value when the remailer is already seriously wounded
(Numeric values for simplification:
if the attacked_remailer's latency is 6 hours and the neighbour_remailer's is 0 hours
lowering the PACKETEXP IDEXP to 4 days would:
- -eliminate 1/4 of packets at hop >4
(those with RandomBias=3)
- -eliminate 1/4 of packets at hop >8
(those with RandomBias=2)
- -eliminate 1/4 of packets at hop >12
(those with RandomBias=1)
- -eliminate 1/4 of packets at hop >16
Q1) (curiosity, maybe more)
Is 'RandomBias' the same for all 20 layers of a packet?
if it were different for each layer,
lowering the PACKETEXP IDEXP would be more efficient
because of combined probabilities
Q2) (Bug)
Did you notice that all that nice construction can be easily defeated:
attacker just has to put a date 1 month or 10 years ahead
and all 20 hops will be performed, whatever happens but packet loss
SUGGESTED FIXES:
1) Additional control:
Packets with (date > today) are discarded
2) (see Q1): If all layers are biased with same RandomBias,
maybe it is worth making that RandomBias random at each layer
to benefit the combined probabilities
Of course,
attacker can use an unmodified version to directly his attack,
frog,*,frog,* .....
but generally
-attacks have a 'self-multiplying' phase first
and the final hammering is launched by a remix-to by a remailer server
Would those modifications cause any problem (for bona fide packets) which I overlooked ?
IIRC:
BIKIKII and PANTA have C capabilities ......
and could produce a 2.04b47 if the changes are valid
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBP21bkIDgT488d3zFAQH3QAgAh+/xpvXCkSdN/QWFLewJNqqPEtCdL4r8
fxg7Wnk/b3MzoA8ZaoUw63BCXi8ZzBHuZzaHNKz18UKIvTUZIK2qBj0SF02y0xK1
BIM/LPzuObgSUga97ghHh3hY0y78QmRLVqu3Awt8If7t3N+xmv/PrReMMPwCt2B4
00GMfYczFmQL5bYo3l89NzlrQ0N2yHMuzdm8jdLTYm9z8XYQZ+jVzXrPNfiJJAV4
MfqgUctmhbDHQLCEWJ1ey5Z8igVw8KEk9Y6exU+eN6Jjs8Q0oQOdE0JbamKevVl0
netYJ8ifmtc/MhuFEZkJPXgTSHGo2BFCKy83wR6Z7pMr4xr4HcScIA==
=GL0M
-----END PGP SIGNATURE-----
futureworlds
Frog-admin, make your newsserver filters public. Secret filters are
not acceptable.
Nomen Nescio
wrote:
Proof?
Each of the nice people at mixmaster are worth 10.000 idiots like you
and they forgot such a test?
>SUGGESTED FIXES:
>1) Additional control:
> Packets with (date > today) are discarded
>2) (see Q1): If all layers are biased with same RandomBias,
> maybe it is worth making that RandomBias random at each layer
> to benefit the combined probabilities
>Of course,
> attacker can use an unmodified version to directly his attack,
> frog,*,frog,* .....
> but generally
> -attacks have a 'self-multiplying' phase first
> and the final hammering is launched by a remix-to by a remailer server
>
>Would those modifications cause any problem (for bona fide packets)
>which I overlooked ?
>
>IIRC:
> BIKIKII and PANTA have C capabilities ......
> and could produce a 2.04b47 if the changes are valid
Fix yor brains first, cocksucking moron.
Anonymous via the Cypherpunks Tonga Remailer
correct.
> >Consequences:
> >Lowering the targeted remailer's PACKETEXP IDEXP to the minimum
> >may have some value when the remailer is already seriously wounded
> >(Numeric values for simplification:
> >if the attacked_remailer's latency is 6 hours and the
> >neighbour_remailer's is 0 hours
> >lowering the PACKETEXP IDEXP to 4 days would:
> >- -eliminate 1/4 of packets at hop >4
> > (those with RandomBias=3)
> >- -eliminate 1/4 of packets at hop >8
> > (those with RandomBias=2)
> >- -eliminate 1/4 of packets at hop >12
> > (those with RandomBias=1)
> >- -eliminate 1/4 of packets at hop >16
> >
> >Q1) (curiosity, maybe more)
> >Is 'RandomBias' the same for all 20 layers of a packet?
no.
> >Q2) (Bug)
> >Did you notice that all that nice construction can be easily defeated:
> > attacker just has to put a date 1 month or 10 years ahead
> > and all 20 hops will be performed, whatever happens but packet loss
This construction is replay prevention without having to keep ids forever. It
was not designed and is not really suitable as an anti-DoS measure.
> Proof?
> Each of the nice people at mixmaster are worth 10.000 idiots like you
> and they forgot such a test?
Such a test would not really be useful.
> >SUGGESTED FIXES:
> >1) Additional control:
> > Packets with (date > today) are discarded
I guess this would not hurt anonymity. You should contact the mixmaster folks
asking for that.
> >2) (see Q1): If all layers are biased with same RandomBias,
> > maybe it is worth making that RandomBias random at each layer
> > to benefit the combined probabilities
> >Of course,
> > attacker can use an unmodified version to directly his attack,
> > frog,*,frog,* .....
> > but generally
> > -attacks have a 'self-multiplying' phase first
> > and the final hammering is launched by a remix-to by a remailer server
> >
> >Would those modifications cause any problem (for bona fide packets)
> >which I overlooked ?
lowering idexp by too much will drop real messages.
> >IIRC:
> > BIKIKII and PANTA have C capabilities ......
> > and could produce a 2.04b47 if the changes are valid
As I already wrote, talk to the mixmaster people.
ishtar
Tarapia Tapioco
No effort was made to verify the identity of the sender.
--------------------------------------------------------
On 21 Sep 2003, Anonymous...@See.Comment.Header (Frog-Admin)
wrote:
Remailer, stats, m2news, a nym-server to come, and now you fix the
Mixmaster bugs.
I don't think that ridiculing the Bavarians on their own backyard will
help your popularity among them.