[liberationtech] Commotion Beta is out: Free Wireless Mesh Network Software (Giuseppe CALAMITA)
Giuseppe Calamita
giuseppe.calamita at gmail.com
Tue Mar 26 10:29:53 PDT 2013
Hello, regarding the step 5 of the Commotion environment: "Maintain Your
Network" I'd suggest to use a crowdmap like mine: http://linkem.crowdmap.com
it is the best paradigm to answer the question: "when your connection is in
trouble when it is due to your provider or a network jammer?"
I'm available to show how my crowdmap work.
Thank you.
Twitter handle: @cypherinfo
-----Original Message-----
From: liberationtech-bounces at lists.stanford.edu
[mailto:liberationtech-bounces at lists.stanford.edu] On Behalf Of
liberationtech-request at lists.stanford.edu
Sent: Tuesday, March 26, 2013 3:26 PM
To: liberationtech at lists.stanford.edu
Subject: liberationtech Digest, Vol 148, Issue 1
Send liberationtech mailing list submissions to
liberationtech at lists.stanford.edu
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.stanford.edu/mailman/listinfo/liberationtech
or, via email, send a message with subject or body 'help' to
liberationtech-request at lists.stanford.edu
You can reach the person managing the list at
liberationtech-owner at lists.stanford.edu
When replying, please edit your Subject line so it is more specific
than "Re: Contents of liberationtech digest..."
Today's Topics:
1. Re: skype (Anthony Papillion)
2. Re: US State Dept Discourages Using Technology to Promote
Democracy, Human Rights, and Citizen Engagement in Ukraine?
(Jillian C. York)
3. Re: Crypho (Cooper Quintin)
4. Re: Disturbing (Doug Schuler)
5. Re: Privacy, data protection questions (Rich Kulawiec)
6. Re: Privacy, data protection questions (Brian Conley)
7. Fwd: USAID/Humanity United Tech Challenge for Atrocity
Prevention (Sam King)
8. Crypho (Yiorgis Gozadinos)
9. CfP: Africomm 2013 in Blantyre, Malawi on 25-28 Nov 2013
(Yosem Companys)
10. Google Earth Outreach Developer Grants (Yosem Companys)
11. Re: Crypho (Steve Weis)
12. Re: Commotion Beta is out: Free Wireless Mesh Network
Software (Adam Fisk)
13. Re: Commotion Beta is out: Free Wireless Mesh Network
Software (Adam Fisk)
14. Re: Crypho (Yiorgis Gozadinos)
15. Call for abstract: Citizen Media: New Mediations of Civic
Engagement, Manchester, 13-14 June 2013 (Yosem Companys)
16. Re: National Security Letters (NSLs) - in case you missed
this (hwamyeon)
17. Re: Crypho (ddahl at nulltxt.se)
18. I-Power : Using Crowd Support, Not Bribes, to Redress Public
Grievances (Yosem Companys)
19. Question on Uzbekistan (Yosem Companys)
20. Re: Privacy, data protection questions (Rich Kulawiec)
21. A tool for encrypted laptops (Tom Ritter)
22. New session starting for Stanford's online crypto course
(Steve Weis)
23. Re: Crypho (Steve Weis)
24. Part-time CTO with Sayfty.com (Sajan Ravindran)
25. Re: Privacy, data protection questions (Brian Conley)
26. Re: Crypho (Brian Conley)
27. Re: A tool for encrypted laptops (Karl Fogel)
28. Re: A tool for encrypted laptops (Tom Ritter)
29. @KandaharMedia (Gregory Foster)
30. Public Administration & Information Technology Book Series
(Springer) (Yosem Companys)
31. Re: A tool for encrypted laptops (Andreas Bader)
32. Re: New session starting for Stanford's online crypto course
(Andreas Bader)
33. Re: Crypho (Yiorgis Gozadinos)
34. Re: A tool for encrypted laptops (Julian Oliver)
35. Re: A tool for encrypted laptops (Julian Oliver)
36. Re: A tool for encrypted laptops (Michael Rogers)
37. Re: A tool for encrypted laptops (Nick Daly)
38. Re: Crypho (hellekin)
39. India: Govt asks telcos to install local server for security
audit (ilf)
40. Re: A tool for encrypted laptops (Julian Oliver)
41. Bitmessage is a P2P communications protocol used to send
encrypted messages to another person or to many subscribers.
(Eugen Leitl)
42. New book of interest to list: Beyond WikiLeaks - Implications
for the Future of Communications, Journalism and Society
(Patrick McCurdy)
43. CfP: SSCR Special Issue on "Quantifying Politics Using Online
Data" (Yosem Companys)
----------------------------------------------------------------------
Message: 1
Date: Fri, 22 Mar 2013 16:19:00 -0500
From: Anthony Papillion <anthony at cajuntechie.org>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] skype
Message-ID: <BLU0-SMTP311EBF05BBFCF22497762CCA0D40 at phx.gbl>
Content-Type: text/plain; charset="ISO-8859-1"
On 03/22/2013 04:03 PM, Andreas Bader wrote:
>
> Here in Europe IPs mostly change every 24h. Some need more time.
> If you are quick enough the IP change is no problem.
ISP's usually store the IP's they have assigned to customers for a
certain period of time. Even if your IP changes, there is an entry in a
database somewhere that notes what your IP was. At the very least,
knowing your IP denotes what ISP you're on and (depending on how large
your ISP is) your locale.
I'm not trying to argue with you here. I just think it's a pretty big
deal that *anyone* can get your IP.
------------------------------
Message: 2
Date: Fri, 22 Mar 2013 22:20:52 +0100
From: "Jillian C. York" <jilliancyork at gmail.com>
To: Stanford tech list <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] US State Dept Discourages Using
Technology to Promote Democracy, Human Rights, and Citizen
Engagement
in Ukraine?
Message-ID:
<CAN=RHL=eD2Cdo9UamTDJxhFV_5_+BQXyGShNM1ko=PveA2gg1w at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Yes, that's a longer version of my first comment.
On Mar 22, 2013 5:29 PM, "David Golumbia" <dgolumbia at gmail.com> wrote:
> the whole thing is not a big deal, but i will risk repeating myself: the
> original comment on this list overlooked the phrase " *unless they have
> an explicit component related to the requested program objectives listed
> above*," and this is actually a solicitation *for *proposals, not an
> effort to discourage them. The original "discourage" comment was just
> trying to ensure that proposals were area- and program-specific. State has
> already modified the page to make this clear, perhaps in reaction to
> comments such as the original one on this list:
> http://www.state.gov/j/drl/p/206488.htm. It's now clear that there is no
> intent to discourage applications.
>
>
> On Fri, Mar 22, 2013 at 11:36 AM, Jillian C. York
<jilliancyork at gmail.com>wrote:
>
>> I just really don't see why this is a big deal. So State's funding
>> priorities for tech stuff aren't about those subjects. So what?
>>
>
>
> --
> David Golumbia
> dgolumbia at gmail.com
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130322/c
08d6e10/attachment-0001.html>
------------------------------
Message: 3
Date: Fri, 22 Mar 2013 14:26:44 -0700
From: Cooper Quintin <cooper at radicaldesigns.org>
To: liberationtech at lists.stanford.edu
Subject: Re: [liberationtech] Crypho
Message-ID: <514CCC94.6020801 at radicaldesigns.org>
Content-Type: text/plain; charset=ISO-8859-1
Nadim,
It seems like Cryptocat has a browser plugin, which I though offers more
security than just delivering js straight from the server to the
browser. I am incorrect in my assumption?
The other difference between this and Cryptocat is, as Jason mentioned,
the fact that it uses strong authentication, where Cryptocat is more
oriented toward anonymity and privacy.
For what it's worth, I would prefer to use Cryptocat over Crypho for
most of the use cases I am interested in.
Cooper Quintin
PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA
On 03/22/2013 02:03 PM, Nadim Kobeissi wrote:
> How is this any different from Cryptocat?
>
>
> NK
>
>
> On Fri, Mar 22, 2013 at 4:59 PM, Cooper Quintin
> <cooper at radicaldesigns.org <mailto:cooper at radicaldesigns.org>> wrote:
>
> I had a chance to try out crypho a couple of weeks ago at a demo they
> put on at noisebridge. I have some concerns about it, namely the
> delivery of crypto code over javascript without any sort of
verification
> of it's authenticity (via browser plugin, etc.), since this point has
> already been discussed to death on this list however, I do not wish to
> re-open that debate.
> I managed to find a couple of javascript injection attacks in the beta
> already, though the developer assures me that they are working on
fixing
> all the bugs right now, still the lack of attention to basic web
> security at such an early stage is concerning.
> That aside it seems okay, though I have some worries about side
channel
> attacks and the fact that it hasn't been peer reviewed as far as I can
> tell yet.
> It does seem like an interesting project though, with some smart
people
> behind it. I am looking forward to seeing the code once they open
> source it.
>
> Cooper Quintin
> PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA
>
> On 03/22/2013 01:48 PM, R. Jason Cronk wrote:
> > Anybody know the people who are doing this? http://www.crypho.com/
> >
> > It's still in beta, so I'm assuming they are working out bugs prior
to
> > releasing the code which they say they will do. See
> > http://www.crypho.com/faq.html
> >
> >
> > Is it Open-Source?
> >
> > Yes! We are reviewing the source code for release. It will be
> > available under an OSI approved license in the near future.
> >
> >
> >
> >
> >
> > *R. Jason Cronk, Esq., CIPP/US*
> > /Privacy Engineering Consultant/, *Enterprivacy Consulting Group*
> > <enterprivacy.com <http://enterprivacy.com>>
> >
> > * phone: (828) 4RJCESQ
> > * twitter: @privacymaverick.com <http://privacymaverick.com>
> > * blog: http://blog.privacymaverick.com
> >
> >
> >
> > --
> > Too many emails? Unsubscribe, change to digest, or change password
> by emailing moderator at companys at stanford.edu
> <mailto:companys at stanford.edu> or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> --
> Too many emails? Unsubscribe, change to digest, or change password
> by emailing moderator at companys at stanford.edu
> <mailto:companys at stanford.edu> or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>
>
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
emailing moderator at companys at stanford.edu or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
------------------------------
Message: 4
Date: Fri, 22 Mar 2013 14:28:05 -0700
From: Doug Schuler <douglas at publicsphereproject.org>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] Disturbing
Message-ID:
<40413AE5-AA98-416A-8A8D-71E128305048 at publicsphereproject.org>
Content-Type: text/plain; charset="iso-8859-1"
This is one way to register a complaint: http://capwiz.com/fabbs/home/
Are there others?
BTW, what about other social sciences? Just political science??
-- Doug
On Mar 21, 2013, at 7:55 AM, Yosem Companys wrote:
> WASHINGTON, March 20, 2013 /PRNewswire-USNewswire/ -- The following is
being released by the American Political Science Association:
> (Logo: http://photos.prnewswire.com/prnh/20120604/DC18511LOGO-b )
> This afternoon, the United States Senate delivered a devastating blow to
the integrity of the scientific process at the National Science Foundation
(NSF) by voting for the Coburn Amendment to the Continuing Appropriations
Act of 2013.
> Senator Coburn (R-OK) submitted an amendment (SA 65, as modified) to the
Mikulski-Shelby Amendment (SA 26) to H.R. 933 (Full-Year Continuing
Appropriations Act of 2013). The amendment places unprecedented restriction
on the national research agenda by declaring the political science study of
democracy and public policy out of bounds. The amendment allows only
political science research that promotes "national security or the economic
interests of the United States."
> Adoption of this amendment is a gross intrusion into the widely-respected,
independent scholarly agenda setting process at NSF that has supported our
world-class national science enterprise for over sixty years.
> The amendment creates an exceptionally dangerous slippery slope. While
political science research is most immediately affected, at risk is any and
all research in any and all disciplines funded by the NSF. The amendment
makes all scientific research vulnerable to the whims of political pressure.
> Adoption of this amendment demonstrates a serious misunderstanding of the
breadth and importance of political science research for the national
interest and its integral place on the nation's interdisciplinary scientific
research agenda.
> Singling out any one field of science is short-sighted and misguided, and
poses a serious threat to the independence and integrity of the National
Science Foundation.
> And shackling political science within the national science agenda is a
remarkable embarrassment for the world's exemplary democracy.
> For the latest in political science research in the news, follow us on
Facebook and Twitter.
> About the American Political Science Association
> Founded in 1903, the American Political Science Association is the leading
professional organization for the study of political science and serves more
than 15,000 members in over 80 countries. With a range of programs and
services for individuals, departments and institutions, APSA brings together
political scientists from all fields of inquiry, regions, and occupational
endeavors within and outside academe in order to expand awareness and
understanding of politics.
> SOURCE American Political Science Association
>
>
> RELATED LINKS
> http://www.apsanet.org --
> Too many emails? Unsubscribe, change to digest, or change password by
emailing moderator at companys at stanford.edu or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
Douglas Schuler
douglas at publicsphereproject.org
----------------------------------------------------------------------------
--
Public Sphere Project
http://www.publicsphereproject.org/
Liberating Voices! A Pattern Language for Communication Revolution
(project)
http://www.publicsphereproject.org/patterns/lv
Liberating Voices! A Pattern Language for Communication Revolution (book)
http://mitpress.mit.edu/catalog/item/default.asp?ttype=2&tid=11601
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130322/d
d27d9c0/attachment-0001.html>
------------------------------
Message: 5
Date: Fri, 22 Mar 2013 18:50:37 -0400
From: Rich Kulawiec <rsk at gsp.org>
To: liberationtech <liberationtech at mailman.stanford.edu>
Subject: Re: [liberationtech] Privacy, data protection questions
Message-ID: <20130322225037.GA31162 at gsp.org>
Content-Type: text/plain; charset=us-ascii
On Fri, Mar 22, 2013 at 09:58:17AM -0500, Andrew Haeg wrote:
> We're in the late prototype phase for
Groundsource<http://groundsourcing.com>,
> a mobile data collection and engagement platform -- designed for
> journalists, researchers, NGO's and others to use to gather first-hand
> knowledge. We've used the prototype to validate the need for the
> platform, and now privacy & data protection have moved front and center as
> we ramp up for a beta phase later this spring/summer.
>
> We've had some early discussions with the Tor Project about protecting
> journalists using the platform in countries with repressive regimes (down
> the road). We're also looking into using Wickr for encrypting
> communications. In the short term, we need advisors who can help guide our
> decisions around privacy and personal data collection & protection.
Ok. Here's some advice. You're not going to like it. ;-) Sorry.
But better now than later, when lives are on the line.
I'd like to ask you to open a web browser and use your favorite
search engine to search for:
mobile malware epidemic
smartphone malware
android malware
windows phone malware
and similar.
Then I'd like you to explain how you propose to keep all those mobile
phones secure in the face of routine malware, let alone targeted and
custom malware crafted by hostile governments who would very much like
all those journalists and researchers and NGOs you mentioned to STFU
because they're saying and reporting and doing things those
governments find...disturbing.
Forget all the other security and privacy issues for a moment (some of
which I touched on in a previous list message [1]): how, EXACTLY, do you
propose to keep those phones from being infested just like a gazillion
other phones already are or will be real soon now?
Because once those endpoints are compromised, all the crafty routing and
anonymization and encryption layers you could possibly put in place aren't
going to matter very much. And those endpoints WILL be compromised
(probably much sooner than you think) because they're going to be in the
hands of journalists and researchers and NGOs, *not* in the hands of
paranoid clueful paranoid diligent (did I mention paranoid?) geeks.
Oh, sure, someone sufficiently knowledgeable, cautious, etc.
can probably keep *one* phone secure. Just like someone with those
qualities might be able to keep a single Windows system secure. There are
people on this list who are capable of both of those things. But dozens?
Hundreds? Thousands? Being carried around all over the place by
their owners?
There's not a chance in hell. None. This is not a solved problem in
computing. Nor is there even a hint of a twitch of a notion of a
suggestion of a whisper that it will be solved anytime soon.
It's not even solved for people who've stacked the deck in their favor
(e.g., those who have the luxury of centralized control) let alone for
those who are allowing end users to connect their own. And most of them
aren't painting big targets on their chests, they're just caught up in
the general crossfire...unlike *your* users, who are self-nominating to be
on the business end of some very serious attention from some very
determined,
clueful and nasty people -- people who probably *already* have been
working on building or buying custom malware for phones because of course
that's what any prudent adversary with sufficient resources would be
doing just about now.
Yeah, okay, so I'm making the point at your expense, and I don't really
mean to do that, so I'll make it in the more general case: look, people,
unless you can produce a plan -- and more than that, a plan that's been
proven in the field to work -- for keeping, let's say, a population of, oh,
a thousand independent scattered phones free of malware, then you CAN'T
deploy your whizbang singing dancing smartphone app because it's going to
be promptly undermined. Any government worthy of the term "oppressive"
is going to 0wn each and every phone of interest and is going to install
trackers, spyware, keystroke loggers, and whatever else occurs to them,
and you're not going to stop them. At best, you might figure out that
this is happening after-the-fact and remediate some of them...until they
go back out in the field and get infested again. Lather, rinse, repeat.
Not to put too fine a point on it (but I suppose I will anyway):
If someone else can run arbitrary code on your computer,
it's not YOUR computer any more. [2]
The phone may be in a journalist's hand or it may be in a researcher's
pocket, but it's not theirs. *Not any more*.
Which means that your liberation app, the one that you designed and
developed and sweated over, the one that your user is trusting to
send and receive sensitive information, the one that's connecting
to a backend through umpteen layers of encryption and obfuscation
and misdirection and whatever...is now running on the government's phone.
---rsk
[1]
https://mailman.stanford.edu/pipermail/liberationtech/2013-March/007672.html
[2] I'm probably quoting somebody. But I don't know who.
------------------------------
Message: 6
Date: Fri, 22 Mar 2013 16:29:38 -0700
From: Brian Conley <brianc at smallworldnews.tv>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] Privacy, data protection questions
Message-ID:
<CANi2r6Ufi6otkmDzEqd2GtyngE5=rob7Y70=aRgh0ZDnp5xc8A at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Nose to the grindstone Andrew. Use Rich's email to remind you this is hard,
but its still worth doing.
Also remember you aren't going to solve these problems, but you may make it
easier for people who want to act.
Lastly, if Rich is really getting you down, click this link:
http://2.bp.blogspot.com/-w7WBItj9rgA/UCv2vNYVuhI/AAAAAAAAAW0/U1yNrdmndV8/s1
600/haters_gonna_hate3.jpg
That said, do speak to Nathan Freitas, Harlo Holmes, Hans Christoph-Steiner
and others at the Guardian Project, and Bryan Nunez, et al at Witness about
Informacam, IOCipher, and other steps they're taking to solve some of these
problems.
Don't just innovate, collaborate.
I'd also like to talk to you about our work on StoryMaker an app to allow
individuals to produce compelling stories and publish them via Tor among
other features.
cheers
Brian
On Fri, Mar 22, 2013 at 3:50 PM, Rich Kulawiec <rsk at gsp.org> wrote:
> On Fri, Mar 22, 2013 at 09:58:17AM -0500, Andrew Haeg wrote:
> > We're in the late prototype phase for Groundsource<
> http://groundsourcing.com>,
> > a mobile data collection and engagement platform -- designed for
> > journalists, researchers, NGO's and others to use to gather first-hand
> > knowledge. We've used the prototype to validate the need for the
> > platform, and now privacy & data protection have moved front and center
> as
> > we ramp up for a beta phase later this spring/summer.
> >
> > We've had some early discussions with the Tor Project about protecting
> > journalists using the platform in countries with repressive regimes
(down
> > the road). We're also looking into using Wickr for encrypting
> > communications. In the short term, we need advisors who can help guide
> our
> > decisions around privacy and personal data collection & protection.
>
> Ok. Here's some advice. You're not going to like it. ;-) Sorry.
> But better now than later, when lives are on the line.
>
> I'd like to ask you to open a web browser and use your favorite
> search engine to search for:
>
> mobile malware epidemic
> smartphone malware
> android malware
> windows phone malware
>
> and similar.
>
> Then I'd like you to explain how you propose to keep all those mobile
> phones secure in the face of routine malware, let alone targeted and
> custom malware crafted by hostile governments who would very much like
> all those journalists and researchers and NGOs you mentioned to STFU
> because they're saying and reporting and doing things those
> governments find...disturbing.
>
> Forget all the other security and privacy issues for a moment (some of
> which I touched on in a previous list message [1]): how, EXACTLY, do you
> propose to keep those phones from being infested just like a gazillion
> other phones already are or will be real soon now?
>
> Because once those endpoints are compromised, all the crafty routing and
> anonymization and encryption layers you could possibly put in place aren't
> going to matter very much. And those endpoints WILL be compromised
> (probably much sooner than you think) because they're going to be in the
> hands of journalists and researchers and NGOs, *not* in the hands of
> paranoid clueful paranoid diligent (did I mention paranoid?) geeks.
>
> Oh, sure, someone sufficiently knowledgeable, cautious, etc.
> can probably keep *one* phone secure. Just like someone with those
> qualities might be able to keep a single Windows system secure. There are
> people on this list who are capable of both of those things. But dozens?
> Hundreds? Thousands? Being carried around all over the place by
> their owners?
>
> There's not a chance in hell. None. This is not a solved problem in
> computing. Nor is there even a hint of a twitch of a notion of a
> suggestion of a whisper that it will be solved anytime soon.
>
> It's not even solved for people who've stacked the deck in their favor
> (e.g., those who have the luxury of centralized control) let alone for
> those who are allowing end users to connect their own. And most of them
> aren't painting big targets on their chests, they're just caught up in
> the general crossfire...unlike *your* users, who are self-nominating to be
> on the business end of some very serious attention from some very
> determined,
> clueful and nasty people -- people who probably *already* have been
> working on building or buying custom malware for phones because of course
> that's what any prudent adversary with sufficient resources would be
> doing just about now.
>
> Yeah, okay, so I'm making the point at your expense, and I don't really
> mean to do that, so I'll make it in the more general case: look, people,
> unless you can produce a plan -- and more than that, a plan that's been
> proven in the field to work -- for keeping, let's say, a population of,
oh,
> a thousand independent scattered phones free of malware, then you CAN'T
> deploy your whizbang singing dancing smartphone app because it's going to
> be promptly undermined. Any government worthy of the term "oppressive"
> is going to 0wn each and every phone of interest and is going to install
> trackers, spyware, keystroke loggers, and whatever else occurs to them,
> and you're not going to stop them. At best, you might figure out that
> this is happening after-the-fact and remediate some of them...until they
> go back out in the field and get infested again. Lather, rinse, repeat.
>
> Not to put too fine a point on it (but I suppose I will anyway):
>
> If someone else can run arbitrary code on your computer,
> it's not YOUR computer any more. [2]
>
> The phone may be in a journalist's hand or it may be in a researcher's
> pocket, but it's not theirs. *Not any more*.
>
> Which means that your liberation app, the one that you designed and
> developed and sweated over, the one that your user is trusting to
> send and receive sensitive information, the one that's connecting
> to a backend through umpteen layers of encryption and obfuscation
> and misdirection and whatever...is now running on the government's phone.
>
> ---rsk
>
>
> [1]
>
https://mailman.stanford.edu/pipermail/liberationtech/2013-March/007672.html
>
> [2] I'm probably quoting somebody. But I don't know who.
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
Brian Conley
Director, Small World News
http://smallworldnews.tv
m: 646.285.2046
Skype: brianjoelconley
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130322/0
6215a54/attachment-0001.html>
------------------------------
Message: 7
Date: Fri, 22 Mar 2013 22:54:16 -0700
From: Sam King <samking at cs.stanford.edu>
To: activists <activists at lists.stanford.edu>, Code the Change Events
<code-the-change-events at googlegroups.com>, service4all
<service4all at lists.stanford.edu>, service4sci_eng
<service4sci_eng at lists.stanford.edu>, Liberation Technologies
<liberationtech at lists.stanford.edu>, sl-chat
<sl-chat at cs.stanford.edu>
Subject: [liberationtech] Fwd: USAID/Humanity United Tech Challenge
for Atrocity Prevention
Message-ID:
<CAD=Dypbg2h7mamQg7x8sEgooRSQZJOTA6d-YQEKJ7i=d4msA1w at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
---------- Forwarded message ----------
From: Mia Newman <newman.mia at gmail.com>
Date: Tue, Mar 19, 2013 at 7:15 AM
Subject: USAID/Humanity United Tech Challenge for Atrocity Prevention
To: Sam King <samking at cs.stanford.edu>
Hi Sam,
Not sure if you remember me, but we talked when I was president of Stanford
STAND for the past few years, and I also remember seeing you around at
LibTech seminars. I'm now working on a Gardner fellowship from the Haas
Center for the year at a foundation called Humanity United, which works on
anti-genocide and anti-human trafficking around the world. One of the
projects I've been working on is called the Tech Challenge for Atrocity
Prevention <http://www.thetechchallenge.org>. The Tech Challenge is a
prize-based challenge that hopes to spark new interdisciplinary
partnerships and new thinking on the application of technological solutions
to daunting problems in conflict situations. It seems like something
totally up your alley, especially because of your work with Code the
Change. I really hope you're interested in participating, but even if not
please feel free to forward widely - we're hoping to spread the word as
much as possible, especially outside the traditional human rights community.
To let you know where we are now: our second and final round formally
launched in early March. Three challenges are now open, soliciting
excellent proposals to compete for prizes of up to $10,000. The open
challenges are:
- The MODEL <http://www.thetechchallenge.org/#!model> Challenge: to
model conflict situations to determine community-level risk of violence
(TopCoder) - *Geared toward technical coders and data modelers
interested in applying their skills to conflict datasets. The challenge
is
composed of two stages: first to discover data and then to model it. *
- The COMMUNICATE
<http://www.thetechchallenge.org/#!communicate>Challenge: to
facilitate on-the-ground communication among communities
affected by conflict (Innocentive) - *Ideal for a wide audience with
varying backgrounds to apply their experience and creativity to overcome
the challenge of secure two-way communication.*
- The ALERT <http://www.thetechchallenge.org/#!alert> Challenge: to
develop improved methods of gathering and verifying information from
hard-to-access conflict areas (OpenIDEO) - *This platform was
specifically selected to channel empathy, ideation, and analysis to help
communities in conflict inform the wider world about their situation.
With
its multi-stage process, a new part of the challenge is opening every few
weeks, and we encourage you to continue to revisit the site. *
It would be great if you could pass along this email to anyone you think
might be interested in participating! Feel free to contact me with
questions or comments, and you can also check our
FAQ<http://www.thetechchallenge.org/faqs/Tech_Challenge_for_Atrocity_Prevent
ion_-_FAQ.pdf>for
more information.
Thanks, and hope you're doing well!
Mia
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130322/e
2416725/attachment-0001.html>
------------------------------
Message: 8
Date: Sat, 23 Mar 2013 11:57:41 +0100
From: Yiorgis Gozadinos <ggozad at crypho.com>
To: liberationtech at lists.stanford.edu
Subject: [liberationtech] Crypho
Message-ID: <266428EF-CD39-4CB5-8515-9CD51742468E at crypho.com>
Content-Type: text/plain; charset=us-ascii
Hey!
Yosem contacted me and Geir (aka Crypho) on twitter and made us aware of
LibTech. He was also kind to forward to me the discussion on our product.
So, here's a short summary hopefully addressing your questions.
Crypho is a web app allowing teams to share confidential data. You can chat,
edit documents, share files in private spaces, in real-time or async
(everything is persisted). All data & keys are encrypted in the browser, so
the server only sees ciphertext. It focuses on businesses and will be
marketed as Software-as-a-Service. It does not provide anonymity, but
focuses on data confidentiality.
Technology wise, it consists of a thin server side written in Twisted &
ejabberd and a fat js client that is based on Backbone.js. Encryption uses
solely SJCL. In particular AES256 is used to encrypt the data, while El
Gamal ecc is used to share keys among members of a team. We are working hard
on ensuring a good security level and the injection attacks that Cooper
mentioned are all fixed. We have not yet had an independent security audit,
but will hopefully do so as soon as we can afford one.
We are aware of the potential problems of serving js. We will eventually
ship an installable app, but at the moment, with daily updates, ease of
deployment wins. That said, we also had a few interesting discussion with
Mozilla folks discussing potential ways of ensuring the authenticity of
served js. It is a direction we would like to explore in the future.
With regards to open-source: Crypho has been initially developed as
closed-source. However we both have been working in open-source for years
and during our trip to the US we decided to switch direction and open-source
the project. This will take time and will happen gradually. There are parts
of the app that are legacy code, and some have commercial licenses. As we
progress through removing them we hope to be releasing steadily components
and eventually the whole app.
Our focus at the moment is finding our market fit. This unfortunately slows
down everything else and eats up most of our time, but to code we need a
salary, so please bear with us :)
If any of you would like to try it out please go ahead. Needless to say,
this is not to be used as life-critical tool, but we sure appreciate
feedback ;)
--
Yiorgis Gozadinos
www.crypho.com
------------------------------
Message: 9
Date: Sat, 23 Mar 2013 09:41:29 -0700 (PDT)
From: Yosem Companys <companys at stanford.edu>
To: Liberation Technologies <liberationtech at lists.stanford.edu>
Cc: Gertjan van Stam <gertjan.vanstam at worksgroup.org>
Subject: [liberationtech] CfP: Africomm 2013 in Blantyre, Malawi on
25-28 Nov 2013
Message-ID:
<CANhci9GDFSW85O_JW7s=k7p7d8FLhRqVvtN4_9G6P0Ae5=QLvg at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
From: Gertjan van Stam <gertjan.vanstam at worksgroup.org>
5th International IEEE EAI Conference on e-Infrastructure and e-Services
for Developing Countries,
25-28 November 2013 in Blantyre, Malawi.
Your contributions are invited for research and development of:
* e-Infrastructure: Original ideas, design/implementation of ICT
infrastructures for developing countries
* e-Services: Innovative e-Government, e-Commerce and e-Business
services for developing countries
* Policy & Governance : Presentation/discussion of policies, models,
governance issues and challenges
I would hope we can bring together researchers and practitioners that
meet to discuss relevant African developments in the engineering and
utilization of Information and Communication Technologies, taking into
account the specific cultures and contexts of Africa. The organizing
team is from and in Africa, and this is a prime opportunity to discuss
in an international forum of professionals the wonders and challenges
we discover and face in this challenging and worthwhile realm.
Please encourage all, professors, practitioners and students to file
their contributions!
The dates:
Abstract submission: 30 June 2013
(https://www.easychair.org/conferences/?conf=africomm2013)
Paper submission: 07 July 2013
Notification of acceptance: 01 September 2013
Camera ready: 30 September 2013
Conference dates: 25-28 November 2013
Hoping to see you in Blantyre in November,
Regards,
Gertjan
_______________________________________
Gertjan van Stam
http://www.twitter.com/gertjanvanstam
http://www.facebook.com/gertjanvanstam
http://gertjanvanstam.blogspot.com
Skype: gertjan_van_stam
Telephone: +263776638773
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130323/e
f516340/attachment-0001.html>
------------------------------
Message: 10
Date: Sat, 23 Mar 2013 12:14:35 -0700 (PDT)
From: Yosem Companys <companys at stanford.edu>
To: Liberation Technologies <liberationtech at lists.stanford.edu>
Subject: [liberationtech] Google Earth Outreach Developer Grants
Message-ID:
<CANhci9E-9RpTv7sQXwZS0FTQvzvLMFV1acvqfMiiq+0KGm9Z0w at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Does your nonprofit need funding for a developer to build an online map?
Google Earth Outreach Developer Grants 2013 was announced on March 13 to
provide funding to nonprofits in need of a developer to built a cutting-edge
map. Ranging around $10,000 to $20,000, these grants provide the mechanism
for nonprofits in many countries to visualize the issues they care most
about in a geospatial context using state-of-the-art technologies.
We launched Developer Grants in 2011 and saw the impacts a map can have, and
we?ve been able to offer these grants again in 2012 and 2013. This year,
we?re looking for projects that use the latest mapping tools in novel ways.
Check out what other nonprofits have done in prior years, learn about
eligibility, and most importantly, apply by the deadline of April 18, 2013,
on the Google Earth Outreach Developer Grants section of our site.
Best regards,
The Google Earth Outreach team
------------------------------
Message: 11
Date: Sat, 23 Mar 2013 17:11:37 -0700
From: Steve Weis <steveweis at gmail.com>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] Crypho
Message-ID:
<CACJAJ5_Ni0gyS=2df3CBROmcP-7Vv46QdgL_UTLQFhcbiUWSyg at mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"
Hi Yiorgis. The Crypho web page says:
"No-one can access your data, either in transit or when stored ? Not even
Crypho staff or the government."
Yet, you acknowledge that "we are aware of the potential problems of
serving JS [Javascript]", meaning it's trivial for your staff or a
government to compromise the Javascript code and cause it to leak plaintext
data.
Even the authors of the Stanford Javascript Crypto Library (SJCL), which
Crypho "uses solely", say that it's not feasible to secure:
"Unfortunately, [SJCL] is not as great as in desktop applications because
it is not feasible to completely protect against code injection, malicious
servers and side-channel attacks." (http://crypto.stanford.edu/sjcl/)
On Sat, Mar 23, 2013 at 3:57 AM, Yiorgis Gozadinos <ggozad at crypho.com>wrote:
> We are aware of the potential problems of serving js. We will eventually
> ship an installable app, but at the moment, with daily updates, ease of
> deployment wins.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130323/5
de8618b/attachment-0001.html>
------------------------------
Message: 12
Date: Sat, 23 Mar 2013 21:06:45 -0700
From: Adam Fisk <afisk at bravenewsoftware.org>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] Commotion Beta is out: Free Wireless
Mesh Network Software
Message-ID:
<CAFHDbZRLUAuNeNSrak5+JkO4X7oVQY8fFFRdmaisWCR89mg6bQ at mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"
Congrats guys! I've had a small glimpse into the immense amount of work
that has gone into this and really looking forward to taking it for a spin.
Exciting!
On Thursday, March 21, 2013, Andrew Reynolds wrote:
> Thanks James,
>
> The Commotion team is excited about the new developer release of the
> Commotion platform. We have already received several bug reports and
> feature requests following our initial DR1 binary upload a few days ago.
> This has helped us take steps towards bringing this from the current,
> unstable nightly build to a stable release.
>
> The focus of this release has been to improve Commotion?s usability, so
> that both developers and users without extensive background knowledge in
> mesh networking can get a mesh network up and running. This lack of
> usability has historically been a barrier to implementation and
> experimentation.
>
> The goal of this release is to provide opportunities for a wider
> community of testers, including security and application developers, to
> experiment with the Commotion platform. This release itself does not
> have strong security, but contains tools and APIs to develop secure
> applications. We are looking forward to working with developers in our
> community to develop secure tools on top of this platform.
>
> While we have implemented new security features that differentiate this
> release from our last, users should carefully read the warning label,
> located on our Download page, before using the software in a situation
> where security is required. The warning will be updated to reflect the
> current audits once we have completed thorough testing and evaluation of
> the new release.
>
> Commotion development is ongoing. We currently have a multi-year
> development roadmap
> <
>
https://code.commotionwireless.net/projects/commotion/wiki/Hackday-Roadmap-N
otes
> >
> that lays out all the planned features we will implement. We strongly
> invite constructive feedback, contributions, and experimentation with
> our software <https://github.com/opentechinstitute/commotion-openwrt>.
> We are working hard towards our full version 1.0 release which we are
> aiming to land towards the end of this year.
>
> -andrew
>
> On 03/21/2013 03:47 PM, James Losey wrote:
> > Hi All,
> >
> > I wanted to share that OTI released Commotion Beta, free, open source,
> > wireless networking platform this week. This ?Developer Release #1?
(DR1)
> > makes Commotion?s technology available for testing and feedback and is
> > freely available from the project website: www.commotionwireless.net. I
> > would encourage you to check it out, but please head our caution that
> this
> > release is BETA and thus should not be used for mission-critical and/or
> > sensitive communications until version 1.0 is released. This release
> > includes:
> >
> > - A fully integrated web-interface in addition to traditional
> > command-line access.
> > - QuickStart setup wizard
> > - A set of core libraries that will form the backbone of a common
> > network management interface across Commotion platforms
> > - An application portal that makes it easy to announce and discover
> > authenticated local social applications
> > - A debugging tool to provide one-click error reports for network
> > maintainers
> >
> > There are also security features including basic network encryption,
> which
> > brings mesh networking up to the level of security expected from today?s
> > wireless networks. Commotion adds an additional layer of security by
> > allowing the use of network keys and application signing through the use
> of
> > The Serval Project?s http://www.servalproject.org/ Serval daemon,
> making it
> > easier to identify bad-agents posing as legtimate services. These
> features
> > form the foundation for the Commotion security features under active
> > development. Again, this is beta and *not* for sensitive communications
> at
> > this time.
> >
> > If you want to try setting up your own network, interested in providing
> > feedback or just want to learn more head over over to
> > www.commotionwireless.net.
> >
> > Best,
> > James
> >
> >
> > RELEASE: OTI Launches Commotion Beta: Free Wireless Mesh Network
> Software
> > Commotion Technology Revolutionizes Community Wireless by Providing a
> Safe,
> > Low-Cost Option
> > *Published: * March 20, 2013
> >
> > Washington, DC ? The New America Foundation's *Open Technology
> > Institute <http://oti.newamerica.net/>
> > *(OTI) announced today the public release of Commotion Beta - a free,
> open
> > source, wireless networking platform. This ?Developer Release #1? (DR1)
> > makes Commotion?s technology available for testing and feedback and is
> > freely available from the project website:
> > *www.commotionwireless.net<https://commotionwireless.net/>
> > *. Please note that Commotion is in Beta and should not be used for
> > mission-critical and/or sensitive communications until version 1.0 is
> > released.
> >
> > Commotion is a cutting-edge open-source communications software platform
> > that uses laptops, mobile phones, and other Wi-Fi devices to create
> > decentralized, wireless ?mesh? networks. Commotion interconnects
devices
> > directly to one-another in a peer-to-peer manner to form a ?spider web?
> of
> > connectivity.
> >
> > ?Commotion Beta is a transformative technology - the culmination of
years
> > of research and development by hundreds of developers around the globe,?
> > said New America Vice President and OTI Director Sascha Meinrath, who is
> > the founder of Commotion Wireless. ?Commotion is an incredible resource
> for
> > empowering communities and constituencies worldwide, helping with a
> variety
> > of different needs, from spreading low-cost connectivity, securing
> > communications, and enhancing disaster-response.?
> >
> > Commotion Beta adds new usability enhancements and features that
simplify
> > mesh network setup and reduce the difficulty of network maintenance.
DR1
> > contains a fully integrated web-interface in addition to traditional
> > command-line access. Among the new technical features in DR1 are a
> > QuickStart setup wizard, a set of core libraries that will form the
> > backbone of a common network management interface across Commotion
> > platforms, an application portal that makes it easy to announce and
> > discover authenticated local social applications, and a debugging tool
to
> > provide one-click error reports for network maintainers. These features
> > will be ported to the Android, Linux, and OS X clients over the next
> > quarter.
> >
> > The DR1 release also includes key security features, beginning with
basic
> > network encryption, which brings mesh networking up to the level of
> > security expected from today?s wireless networks. Commotion adds an
> > additional layer of security by allowing the use of network keys and
> > application signing through the use of The Serval Project?s
> > http://www.servalproject.org/ Serval daemon, making it easier to
> identify
> > bad-agents posing as legtimate services. These features form the
> foundation
> > for the Commotion security features under active development.
> >
> >
> >
> > --
> > Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu <javascript:;> or changing
> your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu <javascript:;> or changing
> your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
Sent from Gmail Mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130323/2
2dccc35/attachment-0001.html>
------------------------------
Message: 13
Date: Sat, 23 Mar 2013 22:10:03 -0700
From: Adam Fisk <afisk at bravenewsoftware.org>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] Commotion Beta is out: Free Wireless
Mesh Network Software
Message-ID:
<CAFHDbZQzLe-z+vMqSRtEdwb3cnZ7re2J-HXd=TBw0qnPiuh6eA at mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"
Congrats guys! I've had a small glimpse into the immense amount of work
that has gone into this and really looking forward to taking it for a spin.
Exciting!
On Thursday, March 21, 2013, Andrew Reynolds wrote:
> Thanks James,
>
> The Commotion team is excited about the new developer release of the
> Commotion platform. We have already received several bug reports and
> feature requests following our initial DR1 binary upload a few days ago.
> This has helped us take steps towards bringing this from the current,
> unstable nightly build to a stable release.
>
> The focus of this release has been to improve Commotion?s usability, so
> that both developers and users without extensive background knowledge in
> mesh networking can get a mesh network up and running. This lack of
> usability has historically been a barrier to implementation and
> experimentation.
>
> The goal of this release is to provide opportunities for a wider
> community of testers, including security and application developers, to
> experiment with the Commotion platform. This release itself does not
> have strong security, but contains tools and APIs to develop secure
> applications. We are looking forward to working with developers in our
> community to develop secure tools on top of this platform.
>
> While we have implemented new security features that differentiate this
> release from our last, users should carefully read the warning label,
> located on our Download page, before using the software in a situation
> where security is required. The warning will be updated to reflect the
> current audits once we have completed thorough testing and evaluation of
> the new release.
>
> Commotion development is ongoing. We currently have a multi-year
> development roadmap
> <
>
https://code.commotionwireless.net/projects/commotion/wiki/Hackday-Roadmap-N
otes
> >
> that lays out all the planned features we will implement. We strongly
> invite constructive feedback, contributions, and experimentation with
> our software <https://github.com/opentechinstitute/commotion-openwrt>.
> We are working hard towards our full version 1.0 release which we are
> aiming to land towards the end of this year.
>
> -andrew
>
> On 03/21/2013 03:47 PM, James Losey wrote:
> > Hi All,
> >
> > I wanted to share that OTI released Commotion Beta, free, open source,
> > wireless networking platform this week. This ?Developer Release #1?
(DR1)
> > makes Commotion?s technology available for testing and feedback and is
> > freely available from the project website: www.commotionwireless.net. I
> > would encourage you to check it out, but please head our caution that
> this
> > release is BETA and thus should not be used for mission-critical and/or
> > sensitive communications until version 1.0 is released. This release
> > includes:
> >
> > - A fully integrated web-interface in addition to traditional
> > command-line access.
> > - QuickStart setup wizard
> > - A set of core libraries that will form the backbone of a common
> > network management interface across Commotion platforms
> > - An application portal that makes it easy to announce and discover
> > authenticated local social applications
> > - A debugging tool to provide one-click error reports for network
> > maintainers
> >
> > There are also security features including basic network encryption,
> which
> > brings mesh networking up to the level of security expected from today?s
> > wireless networks. Commotion adds an additional layer of security by
> > allowing the use of network keys and application signing through the use
> of
> > The Serval Project?s http://www.servalproject.org/ Serval daemon,
> making it
> > easier to identify bad-agents posing as legtimate services. These
> features
> > form the foundation for the Commotion security features under active
> > development. Again, this is beta and *not* for sensitive communications
> at
> > this time.
> >
> > If you want to try setting up your own network, interested in providing
> > feedback or just want to learn more head over over to
> > www.commotionwireless.net.
> >
> > Best,
> > James
> >
> >
> > RELEASE: OTI Launches Commotion Beta: Free Wireless Mesh Network
> Software
> > Commotion Technology Revolutionizes Community Wireless by Providing a
> Safe,
> > Low-Cost Option
> > *Published: * March 20, 2013
> >
> > Washington, DC ? The New America Foundation's *Open Technology
> > Institute <http://oti.newamerica.net/>
> > *(OTI) announced today the public release of Commotion Beta - a free,
> open
> > source, wireless networking platform. This ?Developer Release #1? (DR1)
> > makes Commotion?s technology available for testing and feedback and is
> > freely available from the project website:
> > *www.commotionwireless.net<https://commotionwireless.net/>
> > *. Please note that Commotion is in Beta and should not be used for
> > mission-critical and/or sensitive communications until version 1.0 is
> > released.
> >
> > Commotion is a cutting-edge open-source communications software platform
> > that uses laptops, mobile phones, and other Wi-Fi devices to create
> > decentralized, wireless ?mesh? networks. Commotion interconnects
devices
> > directly to one-another in a peer-to-peer manner to form a ?spider web?
> of
> > connectivity.
> >
> > ?Commotion Beta is a transformative technology - the culmination of
years
> > of research and development by hundreds of developers around the globe,?
> > said New America Vice President and OTI Director Sascha Meinrath, who is
> > the founder of Commotion Wireless. ?Commotion is an incredible resource
> for
> > empowering communities and constituencies worldwide, helping with a
> variety
> > of different needs, from spreading low-cost connectivity, securing
> > communications, and enhancing disaster-response.?
> >
> > Commotion Beta adds new usability enhancements and features that
simplify
> > mesh network setup and reduce the difficulty of network maintenance.
DR1
> > contains a fully integrated web-interface in addition to traditional
> > command-line access. Among the new technical features in DR1 are a
> > QuickStart setup wizard, a set of core libraries that will form the
> > backbone of a common network management interface across Commotion
> > platforms, an application portal that makes it easy to announce and
> > discover authenticated local social applications, and a debugging tool
to
> > provide one-click error reports for network maintainers. These features
> > will be ported to the Android, Linux, and OS X clients over the next
> > quarter.
> >
> > The DR1 release also includes key security features, beginning with
basic
> > network encryption, which brings mesh networking up to the level of
> > security expected from today?s wireless networks. Commotion adds an
> > additional layer of security by allowing the use of network keys and
> > application signing through the use of The Serval Project?s
> > http://www.servalproject.org/ Serval daemon, making it easier to
> identify
> > bad-agents posing as legtimate services. These features form the
> foundation
> > for the Commotion security features under active development.
> >
> >
> >
> > --
> > Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu <javascript:;> or changing
> your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu <javascript:;> or changing
> your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
Sent from Gmail Mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130323/7
4319aca/attachment-0001.html>
------------------------------
Message: 14
Date: Sun, 24 Mar 2013 11:08:42 +0100
From: Yiorgis Gozadinos <ggozad at crypho.com>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] Crypho
Message-ID: <15B3D18B-954E-40B2-A350-850F8ED7918C at crypho.com>
Content-Type: text/plain; charset=windows-1252
On Mar 24, 2013, at 01:11 , Steve Weis <steveweis at gmail.com> wrote:
> Hi Yiorgis. The Crypho web page says:
> "No-one can access your data, either in transit or when stored ? Not even
Crypho staff or the government."
>
> Yet, you acknowledge that "we are aware of the potential problems of
serving JS [Javascript]", meaning it's trivial for your staff or a
government to compromise the Javascript code and cause it to leak plaintext
data.
>
> Even the authors of the Stanford Javascript Crypto Library (SJCL), which
Crypho "uses solely", say that it's not feasible to secure:
> "Unfortunately, [SJCL] is not as great as in desktop applications because
it is not feasible to completely protect against code injection, malicious
servers and side-channel attacks." (http://crypto.stanford.edu/sjcl/)
Hey Steve,
Thanks for bringing this up. We are aware of the js crypto controversy and
it is a challenge for us as we are trying to make crypto more approachable.
On the technical side, like I said, we will try to address the issue of
trusted js by implementing apps as well as explore ways of asserting the
authenticity of served js. Open-sourcing the client code will certainly help
in auditing. There are other things we put in place to help, CSP,
Strict-Transport-Security and X-Frame-Options headers for example or a
proper SSL setup.
These cannot guarantee of course that we haven't overseen things, but our
hope is that gradually we can build trust on our app.
Now, similar issues exist of course on networked desktop apps just as well.
Nobody can guarantee that malware will not eavesdrop on you, and it is
pretty hard to assert there are no backdoors in proprietary software.
The argument, when stretched, eventually leads to: Unless you are a skilled
cryptographer, and can audit/inspect/write your own code, you should not be
using crypto because it is dangerous and you will invariably screw up
somewhere. While this is true in a few cases, and it should not be taken
lightly, it leaves something to be desired for the rest of us.
In my professional life, I have yet to see somebody who is not a geek, or
has received training, use PGP or encrypt data strongly. The process is
complex, and it is easier to screw up than use properly. In addition to
that, "normal" people when faced with the choice between security and
convenience, will invariably pick the second.
Businesses start recognising that they over-share, and some even become
reluctant to use cloud services, because of various reasons, be it policy,
fear or cross-border legislation. What we try to do, is bridge the gap, and
provide a familiar and convenient interface sacrificing in the way as little
security as possible.
Again, that does not make Crypho the tool of choice if you are an activist,
risking your life. Between the activist and John Doe the lawyer who wants to
share a contract with his client without storing it plain in the US, there
is a big gap. We hope that Crypho will cater well for the second case.
--
Yiorgis Gozadinos
www.crypho.com
------------------------------
Message: 15
Date: Sun, 24 Mar 2013 09:00:38 -0700 (PDT)
From: Yosem Companys <companys at stanford.edu>
To: Liberation Technologies <liberationtech at lists.stanford.edu>
Cc: Mona Baker <mona.baker at manchester.ac.uk>, Luis P?rez-Gonz?lez
<Luis.Perez-Gonzalez at manchester.ac.uk>
Subject: [liberationtech] Call for abstract: Citizen Media: New
Mediations of Civic Engagement, Manchester, 13-14 June 2013
Message-ID:
<CANhci9GO+tLrTXWN4vwBjatHMnSTfmrZuHmd5CatoY=o4WgvRw at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Citizen Media: New Mediations of Civic Engagement
A two-day colloqium organised by the Division of Languages and Intercultural
Studies
School of Arts, Languages and Cultures, University of Manchester
13-14 June 2013, Manchester Conference Centre
http://citizenmediacolloquium.wordpress.com
The rapid shift from a mass media to a digital media culture in the past
couple of decades has been the subject of considerable research. One
important facet of this shift has been the process of media convergence and
the concomitant blurring of boundaries between production and consumption
practices in a wide range of contexts, including citizen journalism (news
reporting, community radio and television, documentary filmmaking),
individual or participatory co-creational work (self-broadcasting,
crowdsourcing, fansubbing, scanlation, gaming), networked platforms of
public deliberation (blogging, wikis) and other performative expressions of
publicness (graffiti and citizen photography). Focusing on the involvement
of citizens in this emergent digital culture, this two-day colloquium
organised by the Division of Languages and Intercultural Studies aims to
bring together researchers and citizen media practitioners from different
disciplinary and professional backgrounds with a v
iew to sharing experiences and debating a number of recurrent themes in the
field. These include:
? interrogating the ?citizen? in ?citizen media?: what senses of
?citizenship? are activated in citizen media practices, and with what
implications;
? the dialectic between citizen media and new technologies: empowering
synergy or regulative tension;
? strategic vs therapeutic forms of self-mediation: activism, hacktivism,
alter-globalism, altruistic humanitarianism and narcisstic exhibitionism;
? citizen media and protest movements;
? the ethics of witnessing and solidarity;
? playful forms of self-mediation (parody, satire);
? the threat of co-optation: containing the subversive within existing
structures of political and corporate power;
? citizen media and the discursive constitution of public selves;
? citizen media and the construction of communities;
? citizen media and ?the democratic deficit?;
? citizen media practices and piracy.
The programme is designed to ensure maximum participation by all attendees,
and to allow sufficient time for discussion and exchange of views. There
will be no parallel panels, andpresentation slots are therefore limited.
Plenary speakers
Stuart Allan is Professor of Journalism and Director of the Centre for
Journalism and Communication Research at Bournemouth University, UK. He has
published widely on the emergence and development of news on the Internet,
the online reporting of war, conflict and crisis, science journalism, and
citizen journalism. His most recent book, Citizen Witnessing: Revisioning
Journalism in Times of Crisis, was published by Polity in January 2013.
Bolette Blaagaard is Assistant Professor at Aalborg University, Denmark and
former Research Fellow at City University, London, where she was involved in
setting up an international network to debate issues of citizenship and
journalism, as well as carrying out research on citizen journalism and its
implications for journalistic practices and education. She is co-editor of
After Cosmopolitanism (Routlege 2012) and Deconstructing Europe (Routledge
2011).
Simon Lindgren is Professor of Sociology at Ume? University, Sweden. He
researches digital culture with a focus on social connections, social
organization and social movements. He is actively taking part in developing
theoretical as well as methodological tools for analysing discursive and
social network aspects of the evolving new media landscape. His publications
cover themes like hacktivism, digital piracy, citizen journalism,
subcultural creativity and learning, popular culture and visual politics.
Simon is the author of New Noise: A Cultural Sociology of Digital Disruption
(2013).
Ivan Sigal is Executive Director and co-founder of Global Voices, a
community of more than 700 authors and 600 translators around the world who
collect and make available reports from blogs and citizen media
everywhere,with emphasis on voices that are not ordinarily heard in
international mainstream media. He is author of White Road (Steidl Verlag
2012) and has extensive experience in supporting and training journalists
and working on media co-productions in the Soviet Union and Asia.
Participating as Presenter
If you are interested in presenting a paper, please send an abstract of 300
words by 15 April 2013 to Mona Baker (mona.baker at manchester.ac.uk) or Luis
P?rez-Gonz?lez (Luis.Perez-Gonzalez at manchester.ac.uk). Notifications of
acceptance will be sent out by 25 April 2013.
Registration Fees (to include lunch and refreshments on 13 & 14 June)
Full registration: ?50
--
Mona Baker
Professor of Translation Studies
Centre for Translation and Intercultural Studies, Division of
Languages and Intercultural Studies School of Arts, Languages and
Cultures University of Manchester Oxford Road Manchester, M13 9PL,
UK Tel. (direct) +44 (0)161-275-8125
Email: mona.baker at manchester.ac.uk
http://staffprofiles.humanities.manchester.ac.uk/Profile.aspx?Id=Mona.Baker
http://manchester.academia.edu/MonaBaker
------------------------------
Message: 16
Date: Sun, 24 Mar 2013 08:10:56 -0400
From: hwamyeon <hwamyeon at gmail.com>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] National Security Letters (NSLs) - in
case you missed this
Message-ID: <514EED50.9020508 at gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
On 03/22/13 13:00, Yosem Companys wrote:
> * I was told that my security research activities are a "legal grey
> area", but that the investigation was being closed. The SS said that
> the data they have on me "is safe" and "will be destroyed" after some
> "expiration period". I vehemently expressed my distrust that it would
> be held securely or destroyed.
>
>
I wouldn't necessarily doubt them on that account. They can only collect
this data on you under very specific legal authorities (usually an
executive order). Those legal authorities all specify expiration periods
on the collected data, beyond which it is illegal to store the
information. This is usually about five years, though sometimes a set
date is used. While they may hold onto your data for a few years, it
will eventually be destroyed. Otherwise, the officers in charge of your
data could face prosecution from their attorney general, and the
compliance officer they work under would have their career threatened.
If there were illegal activities involved in monitoring you, I would
very much doubt they would acknowledge it at all or so much as speak to
you, much less over a recordable medium such the phone.
------------------------------
Message: 17
Date: Sun, 24 Mar 2013 14:05:35 -0500 (CDT)
From: <ddahl at nulltxt.se>
To: "liberationtech" <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] Crypho
Message-ID: <E1UJqEZ-00086x-Rr at rmm6prod02.runbox.com>
Content-Type: text/plain; charset="utf-8"
Nice reply, sorry was sleeping, then woke up and got the chainsaw out and
started clearing trees again:) Haters gonna hate;)
On Sun, 24 Mar 2013 11:08:42 +0100, Yiorgis Gozadinos <ggozad at crypho.com>
wrote:
>
> On Mar 24, 2013, at 01:11 , Steve Weis <steveweis at gmail.com> wrote:
>
> > Hi Yiorgis. The Crypho web page says:
> > "No-one can access your data, either in transit or when stored ? Not
even Crypho staff or the government."
> >
> > Yet, you acknowledge that "we are aware of the potential problems of
serving JS [Javascript]", meaning it's trivial for your staff or a
government to compromise the Javascript code and cause it to leak plaintext
data.
> >
> > Even the authors of the Stanford Javascript Crypto Library (SJCL), which
Crypho "uses solely", say that it's not feasible to secure:
> > "Unfortunately, [SJCL] is not as great as in desktop applications
because it is not feasible to completely protect against code injection,
malicious servers and side-channel attacks."
(http://crypto.stanford.edu/sjcl/)
>
> Hey Steve,
>
> Thanks for bringing this up. We are aware of the js crypto controversy and
it is a challenge for us as we are trying to make crypto more approachable.
>
> On the technical side, like I said, we will try to address the issue of
trusted js by implementing apps as well as explore ways of asserting the
authenticity of served js. Open-sourcing the client code will certainly help
in auditing. There are other things we put in place to help, CSP,
Strict-Transport-Security and X-Frame-Options headers for example or a
proper SSL setup.
> These cannot guarantee of course that we haven't overseen things, but our
hope is that gradually we can build trust on our app.
>
> Now, similar issues exist of course on networked desktop apps just as
well. Nobody can guarantee that malware will not eavesdrop on you, and it is
pretty hard to assert there are no backdoors in proprietary software.
>
> The argument, when stretched, eventually leads to: Unless you are a
skilled cryptographer, and can audit/inspect/write your own code, you should
not be using crypto because it is dangerous and you will invariably screw up
somewhere. While this is true in a few cases, and it should not be taken
lightly, it leaves something to be desired for the rest of us.
>
> In my professional life, I have yet to see somebody who is not a geek, or
has received training, use PGP or encrypt data strongly. The process is
complex, and it is easier to screw up than use properly. In addition to
that, "normal" people when faced with the choice between security and
convenience, will invariably pick the second.
>
> Businesses start recognising that they over-share, and some even become
reluctant to use cloud services, because of various reasons, be it policy,
fear or cross-border legislation. What we try to do, is bridge the gap, and
provide a familiar and convenient interface sacrificing in the way as little
security as possible.
>
> Again, that does not make Crypho the tool of choice if you are an
activist, risking your life. Between the activist and John Doe the lawyer
who wants to share a contract with his client without storing it plain in
the US, there is a big gap. We hope that Crypho will cater well for the
second case.
>
> --
> Yiorgis Gozadinos
> www.crypho.com
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
emailing moderator at companys at stanford.edu or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
------------------------------
Message: 18
Date: Sun, 24 Mar 2013 14:01:31 -0700 (PDT)
From: Yosem Companys <companys at stanford.edu>
To: Liberation Technologies <liberationtech at lists.stanford.edu>
Cc: Vikas Nath <vikas.nath at gmail.com>
Subject: [liberationtech] I-Power : Using Crowd Support, Not Bribes,
to Redress Public Grievances
Message-ID:
<CANhci9ERsnTwRQtqobi1xh7u9ZKWM8cPmC_a_+0V=RZeRqMWEA at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
From: V Nath <vikas.nath at gmail.com>
I am looking for feedback on the "I-Power" platform.
I - Power plans on - Using Crowd Support, Not Bribes, to Redress Public
Grievances.
People feel powerless when Governments fail to act on their grievances.
I-Power web + mobile platform will provide people with online legal tools
and crowd support to resolve their public grievances quickly. No more
bribes!
You will find the concept note open to improvement at:
https://www.newschallenge.org/open/open-government/submission/i-power-resolv
e-pubic-grievances-legally-with-crowd-support-and-without-bribes/
If you find it useful, then please login and share "comments" - because they
will help fine-tune the platform.
Organisations / groups who would like to host and pilot this idea are
equally welcome.
Best regards,
Vikas Nath
------------------------------
Message: 19
Date: Sun, 24 Mar 2013 19:35:47 -0700
From: Yosem Companys <companys at stanford.edu>
To: Liberation Technologies <liberationtech at lists.stanford.edu>
Cc: Melanie Adrian <Melanie_Adrian at carleton.ca>
Subject: [liberationtech] Question on Uzbekistan
Message-ID:
<CANhci9HVKNKjTntDZd2SXT81PHZYaa92HvbLaNkh7ymmG=kn2Q at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
From: Melanie Adrian <Melanie_Adrian at carleton.ca>
I am wondering if any of you have followed the implementation (or lack
thereof) of the 2005 Uzbek case decided on by the Human Rights
Committee of the ICCPR? This is the case of Ms. Hudoyberganova who
petitioned the Committee after she was denied the right to wear her
headscarf at Tashkent State Institute for Eastern Languages. The
Committee decided in her favor. Did the Uzbek state address this issue
at all following the decision? I can't seem to find anything on this.
Thanks so much for your help,
melanie
Case Reference:
Human Rights Committee of the ICCPR, "Communication No.931/2000:
Uzbekistan," in CCPR/C/82/D/931/2000, ed. United Nations (2005).
*****
Dr. Melanie Adrian
Assistant Professor
Department of Law and Legal Studies
Carleton University
Loeb Building
Office C-465
1125 Colonel By Drive
Ottawa, ON, K1S 5B6
Canada
Tel: 613.520.2600 x.2085
Fax: 613.520.4467
Websites:
http://www2.carleton.ca/law/about-the-department/department-faculty/adrian-m
elanie/
http://carleton-ca.academia.edu/MelanieAdrian
Follow the Department of Law and Legal Studies on Twitter @cuLegalStudies
------------------------------
Message: 20
Date: Mon, 25 Mar 2013 08:52:59 -0400
From: Rich Kulawiec <rsk at gsp.org>
To: liberationtech <liberationtech at mailman.stanford.edu>
Subject: Re: [liberationtech] Privacy, data protection questions
Message-ID: <20130325125259.GA5556 at gsp.org>
Content-Type: text/plain; charset=us-ascii
On Fri, Mar 22, 2013 at 04:29:38PM -0700, Brian Conley wrote:
> Nose to the grindstone Andrew. Use Rich's email to remind you this is
hard,
> but its still worth doing.
I've read this multiple times and I still have no idea how your remarks
relate to what I wrote in re the (in)security of smartphones, the
resulting pervasive malware epidemic and the subsequent serious
architectural problems for application developers, including but not
limited to this one. ("serious architectural problems" == "you're
building on enemy territory, this probably won't end well")
Neither coffee nor scotch (both applied liberally) have yielded any
enlightenment, so I must now ask: Whiskey Tango Foxtrot, Over?
---rsk
------------------------------
Message: 21
Date: Mon, 25 Mar 2013 11:57:16 -0400
From: Tom Ritter <tom at ritter.vg>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: [liberationtech] A tool for encrypted laptops
Message-ID:
<CA+cU71nt+yfCBYeeY5jdaGeOTDCavFnfcttNB1Nem1DX7DR1rw at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Hi all - at the risk of shilling, my company has released an Open
Source tool called "You'll Never Take Me Alive". If your encrypted
laptop has its screen locked, and is plugged into power or ethernet,
the tool will hibernate your laptop if either of those plugs are
removed. So if you run out for lunch, or leave it unattended (but
plugged in) at starbucks, and someone grabs your laptop and runs,
it'll hibernate to try to thwart memory attacks to retrieve the disk
encryption key. Not foolproof, but something simple and easy.
It the moment it only supports Bitlocker, but support for Truecrypt is
coming[0]. If you have suggestions - add them to the github issues
page.
https://isecpartners.com/news-events/news/2013/march/yontma.aspx
https://github.com/iSECPartners/yontma
-tom
[0] https://github.com/iSECPartners/yontma/issues/5
------------------------------
Message: 22
Date: Mon, 25 Mar 2013 09:42:17 -0700
From: Steve Weis <steveweis at gmail.com>
To: "liberationtech at lists.stanford.edu"
<liberationtech at lists.stanford.edu>
Subject: [liberationtech] New session starting for Stanford's online
crypto course
Message-ID:
<CACJAJ5_GPcLbeQ1MccySHhrKWVUzauFYMLzaqBDPe3H0uCCTbg at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
A new session of Dan Boneh's free online crypto course is starting today:
https://www.coursera.org/course/crypto
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130325/2
aa54aa2/attachment-0001.html>
------------------------------
Message: 23
Date: Mon, 25 Mar 2013 10:20:39 -0700
From: Steve Weis <steveweis at gmail.com>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] Crypho
Message-ID:
<CACJAJ59ah94YTRy3O8AbsRYofWKdRXUEg5ptA2pMT+ZmdpdKQg at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Hi Yiorgis. The "ways of asserting the authenticity of served [JavaScript]"
always reduce to trusted code executing on the client. You need to trust
whatever is authenticating the served application. You can't get around it.
This approach always ends up with either trusting the service or running
client-side code. The former is a perfectly fine business model and the
standard for almost all web apps, but you can't make the claim that "the
government and our staff cannot access your data". It's simply not true,
and not just because there might be incidental bugs you're working on
fixing. It's fundamentally untrue.
I appreciate the challenge you are trying to tackle and understand that
delivering client-side code across all browsers and platforms is a
non-starter for an early startup. If it were an easy problem, we wouldn't
be having this discussion. I wish you luck in solving it.
On Sun, Mar 24, 2013 at 3:08 AM, Yiorgis Gozadinos <ggozad at crypho.com>wrote:
> On the technical side, like I said, we will try to address the issue of
> trusted js by implementing apps as well as explore ways of asserting the
> authenticity of served js. Open-sourcing the client code will certainly
> help in auditing. There are other things we put in place to help, CSP,
> Strict-Transport-Security and X-Frame-Options headers for example or a
> proper SSL setup.
> These cannot guarantee of course that we haven't overseen things, but our
> hope is that gradually we can build trust on our app.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130325/1
aad5c2c/attachment-0001.html>
------------------------------
Message: 24
Date: Mon, 25 Mar 2013 12:49:48 -0500
From: Sajan Ravindran <sajan.ravindran at nyu.edu>
To: liberationtech at lists.stanford.edu
Subject: [liberationtech] Part-time CTO with Sayfty.com
Message-ID:
<CAC44GrMpuP9WF7YFxv8zdRNUNst5HkuAE2NWh-Xz2gDut+8aUQ at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Hi, This looks like an interesting position for someone interested in
technology and women's safety issues. The position is based in New York. If
interested, please get in touch with Shruti Kapoor at shruti at sayfty.com
directly.
Regards,
Sajan
-----------------------------------------------------------------Part-time
Chief Technology Officer (Midtown)About Us
We are a pre-venture early stage startup working towards women's personal
safety tools. We aim to help women in developing countries protect
themselves against violence. Through our products we want to help women
become more alert and secure.
Overview
We are an early stage start up looking for a Part-time Chief Technology
Officer (CTO). You will steer the successful development and execution of
the technology roadmap with proposed timelines and deliverables. Applicants
must be willing to participate in product/service development as the
offering evolves. Additionally, the CTO must be an architect, web
developer, interface designer and debugger. The CTO will be responsible for
all technical aspects of the business and manage any technical resources or
team members as the company grows.
Responsibilities
Identify opportunities and risks for delivering the company's vision
Develop the site from scratch, including: business requirements, system
requirements, coding, QA, timely deployment, performance monitoring and
documentation
Evaluate and identify appropriate technology platforms for delivering the
company's services
Lead strategic planning to achieve business goals by identifying and
prioritizing development initiatives and setting timetables for the
evaluation, development, and deployment of all infrastructure and web-based
services
Select and manage staff of web developers to ensure on time delivery and
exceptional quality of product and service for customers
Experience
Hands-on experience coding in more than one currently popular web
application frameworks
Hands on experience with system design and architecture
Amazon AWS experience preferred
Previous success in the startup world highly desired
Experience working within e-commerce and software development companies
preferred
Skills
Ability to discern user requirements and develop specifications
Skilled in Ruby, PHP or Java, MySQL, Postgres or MongoDB, Node.js, jQuery,
Backbone, CSS, HTML5
Familiarity with technical requirements of Social Internet marketing and
search engine optimization (SEO)
Excellent interpersonal and communication skills
Ability to articulate ideas to both technical and non-technical audiences
Superior analytical and problem-solving abilities
Education
BS/MS in Computer Science or equivalent experience
Compensation
Limited cash + Equity compensation
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130325/c
e3b8bdb/attachment-0001.html>
------------------------------
Message: 25
Date: Mon, 25 Mar 2013 10:57:10 -0700
From: Brian Conley <brianc at smallworldnews.tv>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] Privacy, data protection questions
Message-ID:
<CANi2r6UO0amqTLxsgsKS5_PmPhzY4ZoVANnpKbDa5Dn7K9pqwA at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Rich,
Mostly I'm taking issue with your nonconstructive demeanor. I've not seen
you take the Guardian Project to task for trying to solve some of the same
problems. I've not seen you take Tor project or Whisper Systems to task.
You have essentially shat on someone's head who is taking a risk by being
open and asking for feedback.
As this is a LIST that numerous people have mentioned is beneficial to them
as a "place for discussion" one might expect common courtesy to prevail. I
know that is not the general tendency on the internet, where trolls abound.
Perhaps we could all try to be a bit less trollish, and perhaps more
"gnomish." I would present Steve Weis' critical, yet cordial response to
Crypho on another thread as a good example:
"Hi Yiorgis. The "ways of asserting the authenticity of served
[JavaScript]" always reduce to trusted code executing on the client. You
need to trust whatever is authenticating the served application. You can't
get around it.
This approach always ends up with either trusting the service or running
client-side code. The former is a perfectly fine business model and the
standard for almost all web apps, but you can't make the claim that "the
government and our staff cannot access your data". It's simply not true,
and not just because there might be incidental bugs you're working on
fixing. It's fundamentally untrue.
I appreciate the challenge you are trying to tackle and understand that
delivering client-side code across all browsers and platforms is a
non-starter for an early startup. If it were an easy problem, we wouldn't
be having this discussion. I wish you luck in solving it."
Regards,
Brian
On Mon, Mar 25, 2013 at 5:52 AM, Rich Kulawiec <rsk at gsp.org> wrote:
> On Fri, Mar 22, 2013 at 04:29:38PM -0700, Brian Conley wrote:
> > Nose to the grindstone Andrew. Use Rich's email to remind you this is
> hard,
> > but its still worth doing.
>
> I've read this multiple times and I still have no idea how your remarks
> relate to what I wrote in re the (in)security of smartphones, the
> resulting pervasive malware epidemic and the subsequent serious
> architectural problems for application developers, including but not
> limited to this one. ("serious architectural problems" == "you're
> building on enemy territory, this probably won't end well")
>
> Neither coffee nor scotch (both applied liberally) have yielded any
> enlightenment, so I must now ask: Whiskey Tango Foxtrot, Over?
>
> ---rsk
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
Brian Conley
Director, Small World News
http://smallworldnews.tv
m: 646.285.2046
Skype: brianjoelconley
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130325/b
044bd52/attachment-0001.html>
------------------------------
Message: 26
Date: Mon, 25 Mar 2013 10:57:57 -0700
From: Brian Conley <brianc at smallworldnews.tv>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] Crypho
Message-ID:
<CANi2r6X-4-5hJ2v+Hugwpvvo-W_Zn=M5FQzQz++C-rQFwjBC5g at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Thanks for this Steve, its a rare breath of fresh air to see someone
respond firmly, critically, yet also collegially.
+1 for gnomish anti-troll behavior!
B
On Mon, Mar 25, 2013 at 10:20 AM, Steve Weis <steveweis at gmail.com> wrote:
> Hi Yiorgis. The "ways of asserting the authenticity of served
> [JavaScript]" always reduce to trusted code executing on the client. You
> need to trust whatever is authenticating the served application. You can't
> get around it.
>
> This approach always ends up with either trusting the service or running
> client-side code. The former is a perfectly fine business model and the
> standard for almost all web apps, but you can't make the claim that "the
> government and our staff cannot access your data". It's simply not true,
> and not just because there might be incidental bugs you're working on
> fixing. It's fundamentally untrue.
>
> I appreciate the challenge you are trying to tackle and understand that
> delivering client-side code across all browsers and platforms is a
> non-starter for an early startup. If it were an easy problem, we wouldn't
> be having this discussion. I wish you luck in solving it.
>
> On Sun, Mar 24, 2013 at 3:08 AM, Yiorgis Gozadinos
<ggozad at crypho.com>wrote:
>
>> On the technical side, like I said, we will try to address the issue of
>> trusted js by implementing apps as well as explore ways of asserting the
>> authenticity of served js. Open-sourcing the client code will certainly
>> help in auditing. There are other things we put in place to help, CSP,
>> Strict-Transport-Security and X-Frame-Options headers for example or a
>> proper SSL setup.
>> These cannot guarantee of course that we haven't overseen things, but
>> our hope is that gradually we can build trust on our app.
>>
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
Brian Conley
Director, Small World News
http://smallworldnews.tv
m: 646.285.2046
Skype: brianjoelconley
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130325/9
96e38df/attachment-0001.html>
------------------------------
Message: 27
Date: Mon, 25 Mar 2013 13:41:13 -0500
From: Karl Fogel <kfogel at red-bean.com>
To: Tom Ritter <tom at ritter.vg>
Cc: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] A tool for encrypted laptops
Message-ID: <87fvzjl3ue.fsf at kwarm.red-bean.com>
Content-Type: text/plain
Tom Ritter <tom at ritter.vg> writes:
>Hi all - at the risk of shilling, my company has released an Open
>Source tool called "You'll Never Take Me Alive". If your encrypted
>laptop has its screen locked, and is plugged into power or ethernet,
>the tool will hibernate your laptop if either of those plugs are
>removed. So if you run out for lunch, or leave it unattended (but
>plugged in) at starbucks, and someone grabs your laptop and runs,
>it'll hibernate to try to thwart memory attacks to retrieve the disk
>encryption key. Not foolproof, but something simple and easy.
>
>It the moment it only supports Bitlocker, but support for Truecrypt is
>coming[0]. If you have suggestions - add them to the github issues
>page.
>
>https://isecpartners.com/news-events/news/2013/march/yontma.aspx
>https://github.com/iSECPartners/yontma
What a terrfic idea, Tom -- thanks.
Your paragraph above doesn't mention it, but appears this is (right now)
only for MS Windows. Any chance of Linux support coming soon, and in
the long run of getting folded in as a kernel service so that I can just
configure it from my System Settings menu eventually? :-)
I'm sure others will be asking about Mac OS X too.
-K
------------------------------
Message: 28
Date: Mon, 25 Mar 2013 15:15:00 -0400
From: Tom Ritter <tom at ritter.vg>
To: Karl Fogel <kfogel at red-bean.com>
Cc: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] A tool for encrypted laptops
Message-ID:
<CA+cU71nR24JwOeoukHnW65E2B8AO9c81gCqYztXRL8-TDPuHfA at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
On 25 March 2013 14:41, Karl Fogel <kfogel at red-bean.com> wrote:
> Your paragraph above doesn't mention it, but appears this is (right now)
> only for MS Windows. Any chance of Linux support coming soon, and in
> the long run of getting folded in as a kernel service so that I can just
> configure it from my System Settings menu eventually? :-)
>
> I'm sure others will be asking about Mac OS X too.
https://github.com/iSECPartners/yontma/issues/2 - Linux
https://github.com/iSECPartners/yontma/issues/3 - Mac
The more folks add +1's to the tickets they care about, the more
likely the authors (who code it in their free time) will be to work on
it. I know the authors don't have a lot of Linux/Mac experience
though, so any pointers into how those disk encryption systems could
be detected, and how to get the events for ethernet/power plug removal
would be appreciated and probably improve motivation. =)
-tom
------------------------------
Message: 29
Date: Mon, 25 Mar 2013 22:00:23 -0500
From: Gregory Foster <gfoster at entersection.org>
To: liberationtech at lists.stanford.edu
Subject: [liberationtech] @KandaharMedia
Message-ID: <51510F47.9070202 at entersection.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
YouTube (Mar 25) - "War of the words - Afghanistan's information battle"
by NATO:
http://www.youtube.com/watch?v=3ZSKk6HwvgE
re: the Kandahar Media and Information Center (KMIC)
https://twitter.com/KandaharMedia
http://www.kandahar-gov.com/english/
ymmv,
gf
--
Gregory Foster || gfoster at entersection.org
@gregoryfoster <> http://entersection.com/
------------------------------
Message: 30
Date: Mon, 25 Mar 2013 22:55:26 -0700 (PDT)
From: Yosem Companys <companys at stanford.edu>
To: Liberation Technologies <liberationtech at lists.stanford.edu>
Cc: Chris Reddick <Chris.Reddick at utsa.edu>
Subject: [liberationtech] Public Administration & Information
Technology Book Series (Springer)
Message-ID:
<CANhci9FJ9UG7zEOG+9sOh8FqzS-6jVxy8qtGV8sxN14t0RTT4Q at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
From: Chris Reddick <Chris.Reddick at utsa.edu>
Dear E-Government Researchers:
Public Administration and Information Technology (PAIT), the book series, is
now accepting proposals for editors or authors of books in the series. If
you are interested in submitted a book proposal, for either an authored or
edited book, please do so by April 15, 2013. The proposal development form
is attached. Notifications of the acceptance of book proposals will be given
by May 1.
Some possible topics (but not limited to) of particular interest are:
? Transformation Government and IT
? Performance Management/Measurement, IT, and Government
? Nonprofit Fundraising and the Internet
? Civic Engagement and the Internet
? Social Media, Campaigns, and Elections
? Semantic Web Technologies for Government
? Homeland Security, Emergency Management, and IT
? Emerging Technologies in Public Administration
? Environmental Policy/Management and IT
? Administrative Law and IT
? Public Budgeting & Finance and IT
The book series has a strong emphasis on manuscripts that have significant
international content. Therefore, any books proposed must have an
international dimension to them, rather than focusing on a specific country.
Details on the book series can be found at the website
(http://www.springer.com/series/10796). The current books published (or
forthcoming) in the series are shown below (book title, first author, and
status).
Web 2.0 Technologies and Democratic Governance, Reddick (Published)
>From Machinery to Mobility, Roy (Forthcoming, 2013)
Government e-Strategic Planning and Management, Anthopoulos (Forthcoming,
2013)
Open Government, Gasc?-Hern?ndez (Forthcoming, 2013)
Evaluating e-Participation, Aichholzer (Forthcoming, 2013)
Setting Sail into the Age of Digital Local Government, Wohlers (Forthcoming,
2014)
Measuring E-government Efficiency, Rodr?guez-Bol?var (Forthcoming, 2014)
Warm regards,
Christopher G. Reddick, Ph.D.
Professor and Department Chair
Department of Public Administration
The University of Texas at San Antonio
501 W. Cesar E. Chavez Blvd.
San Antonio, Texas 78207-4415
USA
Email: chris.reddick at utsa.edu
------------------------------
Message: 31
Date: Tue, 26 Mar 2013 05:55:19 +0000
From: Andreas Bader <andreas.bader at nachtpult.de>
To: liberationtech at lists.stanford.edu
Subject: Re: [liberationtech] A tool for encrypted laptops
Message-ID: <51513847.1070407 at nachtpult.de>
Content-Type: text/plain; charset=ISO-8859-1
> Hi all - at the risk of shilling, my company has released an Open
> Source tool called "You'll Never Take Me Alive". If your encrypted
> laptop has its screen locked, and is plugged into power or ethernet,
> the tool will hibernate your laptop if either of those plugs are
> removed. So if you run out for lunch, or leave it unattended (but
> plugged in) at starbucks, and someone grabs your laptop and runs,
> it'll hibernate to try to thwart memory attacks to retrieve the disk
> encryption key. Not foolproof, but something simple and easy.
>
> It the moment it only supports Bitlocker, but support for Truecrypt is
> coming[0]. If you have suggestions - add them to the github issues
> page.
>
> https://isecpartners.com/news-events/news/2013/march/yontma.aspx
> https://github.com/iSECPartners/yontma
>
> -tom
Great Idea, solves a huge problem with the hack of SEDs.
But Windows itself is a big security hole, why don't you offer this for
Linux? When I encrypt my Laptop with Bitlocker and Yontma, then I have a
half Open Source secured Laptop..
-Andreas
------------------------------
Message: 32
Date: Tue, 26 Mar 2013 06:16:23 +0000
From: Andreas Bader <andreas.bader at nachtpult.de>
To: liberationtech at lists.stanford.edu
Subject: Re: [liberationtech] New session starting for Stanford's
online crypto course
Message-ID: <51513D37.7060300 at nachtpult.de>
Content-Type: text/plain; charset=ISO-8859-1
Steve Weis:
> A new session of Dan Boneh's free online crypto course is starting today:
> https://www.coursera.org/course/crypto
Thanks, started it =)
Seems to be for amateurs, but I will see.
-Andreas
------------------------------
Message: 33
Date: Tue, 26 Mar 2013 09:24:13 +0100
From: Yiorgis Gozadinos <ggozad at crypho.com>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] Crypho
Message-ID: <06EFBE5A-1371-4899-BCC9-3BB029D9796B at crypho.com>
Content-Type: text/plain; charset=iso-8859-1
On Mar 25, 2013, at 18:20 , Steve Weis <steveweis at gmail.com> wrote:
> Hi Yiorgis. The "ways of asserting the authenticity of served
[JavaScript]" always reduce to trusted code executing on the client. You
need to trust whatever is authenticating the served application. You can't
get around it.
>
> This approach always ends up with either trusting the service or running
client-side code. The former is a perfectly fine business model and the
standard for almost all web apps, but you can't make the claim that "the
government and our staff cannot access your data". It's simply not true, and
not just because there might be incidental bugs you're working on fixing.
It's fundamentally untrue.
>
> I appreciate the challenge you are trying to tackle and understand that
delivering client-side code across all browsers and platforms is a
non-starter for an early startup. If it were an easy problem, we wouldn't be
having this discussion. I wish you luck in solving it.
Hey Steve,
I can't say how much I appreciate your comments :)
If I may I would like to leave aside the rest, and try to share my
not-implemented and purely based on intuition and speculation vision on
authenticated js. This of course means that I acknowledge the fact that the
way we serve crypho leaves a lot to be desired in terms of security, and
apps will be our short-term solution. I strongly believe though in the
browser as the platform, and want to take this as the opportunity to see
whether there exists a viable solution outside the apps.
Assuming there is a point of reference for js code, some published instance
of the code, that can be audited and verified by others that it does not
leak. The point then becomes: "Is the js I am running in my browser the same
as the js that everybody else is?".
Like you said, it comes down to the trust one can put in the verifier.
A first step could be say for instance a browser extension, that compares a
hash of the js with a trusted authority. The simplest version of that would
be a comparison of a hash with a hash of the code on a repo.
Another (better) idea, would be if browser vendors would take up the task
(say Mozilla for instance) and act as the trusted authority and built-in
verifier. Developers would sign their code and the browser would verify.
Finally, I want to think there must be a way for users to broadcast some
property of the js they received. Say for example the color of a hash. Then
when I see blue when everyone else is seeing pink, I know there is something
fishy. There might be a way to even do that in a decentralised way, without
having to trust a central authority.
All this smells like overkill if there is no general interest in pursuing
it, but I would love to hear your thoughts as well as other's on this.
--
Yiorgis Gozadinos
www.crypho.com
------------------------------
Message: 34
Date: Tue, 26 Mar 2013 10:59:22 +0100
From: Julian Oliver <julian at julianoliver.com>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] A tool for encrypted laptops
Message-ID: <20130326095922.GA20783 at waka>
Content-Type: text/plain; charset=us-ascii
..on Tue, Mar 26, 2013 at 05:55:19AM +0000, Andreas Bader wrote:
> > Hi all - at the risk of shilling, my company has released an Open
> > Source tool called "You'll Never Take Me Alive". If your encrypted
> > laptop has its screen locked, and is plugged into power or ethernet,
> > the tool will hibernate your laptop if either of those plugs are
> > removed. So if you run out for lunch, or leave it unattended (but
> > plugged in) at starbucks, and someone grabs your laptop and runs,
> > it'll hibernate to try to thwart memory attacks to retrieve the disk
> > encryption key. Not foolproof, but something simple and easy.
> >
> > It the moment it only supports Bitlocker, but support for Truecrypt is
> > coming[0]. If you have suggestions - add them to the github issues
> > page.
> >
> > https://isecpartners.com/news-events/news/2013/march/yontma.aspx
> > https://github.com/iSECPartners/yontma
> >
> > -tom
>
> Great Idea, solves a huge problem with the hack of SEDs.
> But Windows itself is a big security hole, why don't you offer this for
> Linux? When I encrypt my Laptop with Bitlocker and Yontma, then I have a
> half Open Source secured Laptop..
For your Linux laptop why not just use an encrypted file-system and
lid-switch?
Close the lid and the machine hibernates. If you forget to close the lid
then
time it out to a screen lock. Can be done in a few lines of shell script
with
xtrlock and a /proc/acpi/button/lid/LID/state trigger.
Cheers,
--
Julian Oliver
http://julianoliver.com
http://criticalengineering.org
------------------------------
Message: 35
Date: Tue, 26 Mar 2013 11:25:04 +0100
From: Julian Oliver <julian at julianoliver.com>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] A tool for encrypted laptops
Message-ID: <20130326102504.GB20783 at waka>
Content-Type: text/plain; charset=us-ascii
..on Tue, Mar 26, 2013 at 10:59:22AM +0100, Julian Oliver wrote:
> ..on Tue, Mar 26, 2013 at 05:55:19AM +0000, Andreas Bader wrote:
> > > Hi all - at the risk of shilling, my company has released an Open
> > > Source tool called "You'll Never Take Me Alive". If your encrypted
> > > laptop has its screen locked, and is plugged into power or ethernet,
> > > the tool will hibernate your laptop if either of those plugs are
> > > removed. So if you run out for lunch, or leave it unattended (but
> > > plugged in) at starbucks, and someone grabs your laptop and runs,
> > > it'll hibernate to try to thwart memory attacks to retrieve the disk
> > > encryption key. Not foolproof, but something simple and easy.
> > >
> > > It the moment it only supports Bitlocker, but support for Truecrypt is
> > > coming[0]. If you have suggestions - add them to the github issues
> > > page.
> > >
> > > https://isecpartners.com/news-events/news/2013/march/yontma.aspx
> > > https://github.com/iSECPartners/yontma
> > >
> > > -tom
> >
> > Great Idea, solves a huge problem with the hack of SEDs.
> > But Windows itself is a big security hole, why don't you offer this for
> > Linux? When I encrypt my Laptop with Bitlocker and Yontma, then I have a
> > half Open Source secured Laptop..
>
> For your Linux laptop why not just use an encrypted file-system and
lid-switch?
> Close the lid and the machine hibernates. If you forget to close the lid
then
> time it out to a screen lock. Can be done in a few lines of shell script
with
> xtrlock and a /proc/acpi/button/lid/LID/state trigger.
>
In fact here's a quick crude sketch that polls rather than triggers from
/proc:
//--------------------------------------------------------------------------
--->
#!/bin/sh
while true;
do
AC=$(acpi -a | awk '{ print $3 }')
if [ "$AC" = "off-line" ]:
then
echo "Power unplugged. Hibernating."
pm-hibernate
fi
sleep 1
done
//<-------------------------------------------------------------------------
---
Add it to /etc/init.d/ and it will hibernate the machine when the power is
unplugged. You could also have it read STDIN, waiting N attempts for a
password
before hibernating on failed auth.
Cheers,
--
Julian Oliver
http://julianoliver.com
http://criticalengineering.org
------------------------------
Message: 36
Date: Tue, 26 Mar 2013 13:03:56 +0000
From: Michael Rogers <michael at briarproject.org>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] A tool for encrypted laptops
Message-ID: <51519CBC.2000704 at briarproject.org>
Content-Type: text/plain; charset=ISO-8859-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 26/03/13 09:59, Julian Oliver wrote:
> For your Linux laptop why not just use an encrypted file-system and
> lid-switch? Close the lid and the machine hibernates. If you forget
> to close the lid then time it out to a screen lock. Can be done in
> a few lines of shell script with xtrlock and a
> /proc/acpi/button/lid/LID/state trigger.
Last time I tried it wasn't simple to get Linux to hibernate with an
encrypted swap partition. Are there now distros that support this out
of the box?
Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJRUZy8AAoJEBEET9GfxSfMvYEH/0nl+wEL8eoO2DAwc6kWvHhP
hlnKn3wju31Iy0pQoPdPu1hKYesAkI2C3WJsUB/zvqZqTrcaoK//KgLHaEaZD5J2
mxqyP1fOQjvy1lulMBRhklV94zAGqIRy9a941GjqbL8GUz+MS9HDdjr0Fptnfgw5
OoHJplww5QNQduvv0oAJxzQfftonoofX+z6U3LSIlN2VcbAU4uKsg9Z/5G8zGqBs
hoILNOP0PqqiE7dofoqfleTcIZC0c5qFYeS30ahRwqfpAkWtQnIDQwV3VmCvRgXk
bZWYyQt7H3k9zTSOED0ntjFyZvunsudPQ7bWkbGgCC5trrCxFoN2R5AQf9tmVOs=
=nPzo
-----END PGP SIGNATURE-----
------------------------------
Message: 37
Date: Tue, 26 Mar 2013 08:11:18 -0500
From: Nick Daly <nick.m.daly at gmail.com>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] A tool for encrypted laptops
Message-ID:
<CAM-YhhCi75m6LuS3NdpmYKk1PRs85CnD3Y58K7YrOz-kT02Rew at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
On Tue, Mar 26, 2013 at 8:03 AM, Michael Rogers wrote:
> On 26/03/13 09:59, Julian Oliver wrote:
>> For your Linux laptop why not just use an encrypted file-system and
>> lid-switch? Close the lid and the machine hibernates. If you forget
>> to close the lid then time it out to a screen lock.
>
> Last time I tried it wasn't simple to get Linux to hibernate with an
> encrypted swap partition. Are there now distros that support this out
> of the box?
Debian. It's worked beautifully for me since Squeeze (at least, maybe
Lenny?).
------------------------------
Message: 38
Date: Tue, 26 Mar 2013 10:16:36 -0300
From: hellekin <hellekin at cepheide.org>
To: liberationtech at lists.stanford.edu
Subject: Re: [liberationtech] Crypho
Message-ID: <51519FB4.5010604 at cepheide.org>
Content-Type: text/plain; charset=ISO-8859-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 03/26/2013 05:24 AM, Yiorgis Gozadinos wrote:
>
> "Is the js I am running in my browser the same as the js that
> everybody else is?".
>
*** The LibreJS project [1] tries to solve that issue to ensure the
code is unmodified free software. There's probably room for cooperation.
Assuming Javascript code does not call other sources that will run in
the same space as the rest of it, and bypass the checks.
==
hk
[1] https://www.gnu.org/software/librejs/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJRUZ+zAAoJEDhjYTkcokoTJ4AP/2jmmbuTeXxR3JOgFSWSI5Zs
KdvPEqIiUnXhYVmOaslyGnvZwKKY+q/gDnN/b5I2XEidIuTdrtRy+MCf/O9Hba3C
w1GpA4LM1Vhlyfld6UNmMJ9aYoxRByJW04uIpkzpi9pQ1C9rR2VvqENXfoDpQ50a
UdIX67Yahhs5s4zrAplFVDhQMdHfMOUWEzoLHQl3ppSyoCvT9JdwCsGO/sWIYtdL
E/sZuRq69kjbDqtHDBUZzhQHNpKzMF5qeGRhq7nLrRykCbBICfazUXZG3A0n6ecT
YGXVhuHm37xhFwxWTp8ncpbMgiPfrJQn2hcL5lTXiccdjcip24FJmbe8u7nYI4bg
FMNH0tTTKqZ8t1stnHxxCc18thCPygeu+Mj+rWkDFnvvzJa9jOdTQaENa29MaGRO
+z50c6gd1Yrca1lc+yXpkK50fgaLI+w/qREne1uButlOCp5p538cslqbjMUxZw/P
LLTcGJEHq4rCyp5dgJxkMN+q2Bq4Z1YklpnGVJMlEPDmzFkyWvQ19Cs5BilzQ9hY
0mmqBAyGAkjgaBhl1F3nUuVLg1tcNb12np59Rdr5Y/QxvKqBYnUCh3ZY/sQOBDrH
CiSKMXAFt+F5K29EWbHpDXNtZ7wRcHLZzNHUrvQyMYyh9PrLnRjCWqGZC2SXjWVi
ESbmQDRnurbNjbPWCXQf
=YUSu
-----END PGP SIGNATURE-----
------------------------------
Message: 39
Date: Tue, 26 Mar 2013 14:25:13 +0100
From: ilf <ilf at zeromail.org>
To: liberationtech at lists.stanford.edu
Subject: [liberationtech] India: Govt asks telcos to install local
server for security audit
Message-ID: <20130326132513.GA7466 at zeromail.org>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Can anyone tell me what exactly is meant by this?
http://www.business-standard.com/article/economy-policy/govt-asks-telcos-to-
install-local-server-for-security-audit-113032200231_1.html
Govt asks telcos to install local server for security audit
Order also includes a complete audit trail to be maintained for six
months of the network operated in India
New Delhi, Mar 22 (PTI) Government has told all telecom service
operators, including those offering international calls, to install a
remote access server within the country for security audit, Parliament
was informed today.
The order is based on recommendations of a committee formed by the
Department of Telecom (DoT) for monitoring of on-line mirror image and
audit trail of Remote Access (RA) logs, Minister of State for
Communications and IT Milind Deora said in a written reply to the Rajya
Sabha.
"...A direction has been issued vide letter dated January 31, 2013 to
all the telecom service providers including ILD service providers to
install a local RA storage server in the country and store all RA
command logs in the said server for the purpose of audit by security
agencies," he added.
DoT's order for lawful interception and monitoring of all calls
including those provided by International Long Distance (ILD) operators
also includes a complete audit trail to be maintained for six months of
the network operated in India.
After six months, the remote access logs should be stored in external
storage memories for an additional period of one year.
The government has been insisting that telecom operators provide access
to all communication send through their network, mainly for the national
security reason.
--
ilf
?ber 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
-- Eine Initiative des Bundesamtes f?r Tastaturbenutzung
------------------------------
Message: 40
Date: Tue, 26 Mar 2013 14:40:19 +0100
From: Julian Oliver <julian at julianoliver.com>
To: Michael Rogers <michael at briarproject.org>
Cc: liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [liberationtech] A tool for encrypted laptops
Message-ID: <20130326134019.GF20783 at waka>
Content-Type: text/plain; charset=us-ascii
..on Tue, Mar 26, 2013 at 01:03:56PM +0000, Michael Rogers wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 26/03/13 09:59, Julian Oliver wrote:
> > For your Linux laptop why not just use an encrypted file-system and
> > lid-switch? Close the lid and the machine hibernates. If you forget
> > to close the lid then time it out to a screen lock. Can be done in
> > a few lines of shell script with xtrlock and a
> > /proc/acpi/button/lid/LID/state trigger.
>
> Last time I tried it wasn't simple to get Linux to hibernate with an
> encrypted swap partition. Are there now distros that support this out
> of the box?
All good for me here with Debian and swap encryption.
Cheers,
--
Julian Oliver
http://julianoliver.com
http://criticalengineering.org
------------------------------
Message: 41
Date: Tue, 26 Mar 2013 14:50:03 +0100
From: Eugen Leitl <eugen at leitl.org>
To: Liberation Technologies <liberationtech at lists.stanford.edu>
Subject: [liberationtech] Bitmessage is a P2P communications protocol
used to send encrypted messages to another person or to
many
subscribers.
Message-ID: <20130326135003.GC6172 at leitl.org>
Content-Type: text/plain; charset=us-ascii
https://bitmessage.org/wiki/Main_Page
Bitmessage
Bitmessage is a P2P communications protocol used to send encrypted messages
to another person or to many subscribers. It is decentralized and trustless,
meaning that you need-not inherently trust any entities like root
certificate
authorities. It uses strong authentication which means that the sender of a
message cannot be spoofed, and it aims to hide "non-content" data, like the
sender and receiver of messages, from passive eavesdroppers like those
running warrantless wiretapping programs. If Bitmessage is completely new to
you, you may wish to start by reading the whitepaper.
Download
An open source client is available for free under the very liberal MIT
license. For screenshots and a description of the client, see this
CryptoJunky article: "Setting Up And Using Bitmessage".
Download for Windows
If you are looking for someone to message, visit the forum or send me a
greeting. Here is my address: BM-BcJFNZDyzQKXCVJZtBJGqoon2f7GKo6s
Source code
You may view the Python source code on Github. Bitmessage requires PyQt and
OpenSSL. Step-by-step instructions on how to run the source code on Windows
or Linux is available here.
Bitmessage should run on any OS though it is only lightly tested on OSX. The
start-on-boot and minimize-to-tray features are only implemented for Windows
thus far.
Security audit needed
Bitmessage is in need of an independent audit to verify its security. If you
are a researcher capable of reviewing the source code, please email the lead
developer or send a bitmessage to the address above. You will be helping to
create a great privacy option for people everywhere!
Forum
Visit or subscribe to the Bitmessage subreddit.
A community-based forum for questions, feedback, and discussion is also
available at Bitmessage.org/forum.
------------------------------
Message: 42
Date: Tue, 26 Mar 2013 14:07:56 +0000
From: Patrick McCurdy <Patrick.McCurdy at uottawa.ca>
To: "liberationtech at lists.stanford.edu"
<liberationtech at lists.stanford.edu>
Subject: [liberationtech] New book of interest to list: Beyond
WikiLeaks - Implications for the Future of Communications,
Journalism
and Society
Message-ID:
<B921498CEB8FE842974B3BBC311759274E7C4DE0 at CMS-P03.uottawa.o.univ>
Content-Type: text/plain; charset="iso-8859-2"
Hi all,
Perhaps this new edited book on WikiLeaks (which has contributions from a
few list members including Jillian York) may be of interest. It was released
in the UK on Friday and is also now out in North America (ignore the "wait
times" on sites like Amazon, the book is being distributed now). Any
questions, let me know.
Beyond WikiLeaks:
Implications for the Future of Communications, Journalism and Society
Edited by Benedetta Brevini, Arne Hintz and Patrick McCurdy ; Palgrave
Macmillan
http://www.palgrave.com/products/title.aspx?pid=637302
Revelations published by the whistleblower platform WikiLeaks, including the
releases of U.S. diplomatic cables in what became referred to as
'Cablegate', put WikiLeaks into the international spotlight and sparked
intense debate about the role and impact of leaks in a digital era. 'Beyond
WikiLeaks' opens a space to reflect on the broader implications across
political and media fields, and on the transformations that result from new
forms of leak journalism and transparency activism. A select group of
renowned scholars, international experts, and WikiLeaks 'insiders' discuss
the consequences of the WikiLeaks saga for traditional media, international
journalism, freedom of expression, policymaking, civil society, social
change, and international politics. >From short insider reports to elaborate
and theoretically informed academic texts, the different chapters provide
critical assessments of the current historical juncture of our mediatized
society and offer outlooks of the fu
ture. Authors include, amongst others, Harvard University's Yochai Benkler;
Graham Murdoch of Loughborough University; net activism scholar, Gabriella
Coleman; the Director for International Freedom of Expression at the
Electronic Frontier Foundation, Jillian York; and Guardian editor, Chris
Elliott. The book also includes a conversation between philosopher, Slavoj
Zizek, and WikiLeaks founder, Julian Assange, and its prologue is written by
Birgitta J?nsd?ttir, Icelandic MP and editor of the WikiLeaks video
'Collateral Murder'.
"This is a genuinely outstanding collection of crisply written, thoroughly
argued and well-sourced essays on a landmark information policy and freedom
case. Internationally known writers and dynamic younger researchers join
forces to address Wikileaks' pivotal issues for the Internet era." - John
D.H. Downing, Editor, Sage Encyclopedia of Social Movement Media
"Benedetta Brevini, Arne Hintz and Patrick McCurdy have assembled a truly
impressive international range of authors to interrogate some key questions
of our age: does Wikileaks represent a decisively new way of representing
the world? If so, does this signal a new way of doing politics? In whose
long-term interests, and with what consequences for democratic cultures?
This is a landmark collection." - Nick Couldry, Goldsmiths, University of
London, UK
"The WikiLeaks complex of information, events, networks, and people provides
a focus for transformations of law-state-society relations. This book's
superb entree into many of the myriad faces of the WikiLeaks moment tells us
what should be our attendant attentions, our research agendas." - Sandra
Braman, University of Wisconsin-Milwaukee, USA
"This book traces the paradigm shift that WikiLeaks has brought for freedom
of expression, the role of the media, and grassroots activism. It is a
powerful intervention into the struggle for a free and open Internet and
features authoritative contributions by a prestigious collection of
academics, activists and public intellectuals who understand what is at
stake." - Marc Raboy, McGill University, Canada
Contents:
Foreword; Birgitta Jonsdottir
Introduction; B.Brevini, A.Hintz & P.McCurdy
1. WikiLeaks and the Networked 4th Estate; Yochai Benkler
2. Follow the Money: WikiLeaks and the Political Economy of Disclosure;
Benedetta Brevini & Graham Murdock
3. The Leak Heard Round the World? Cablegate in the Evolving Global
Mediascape; Lisa Lynch
4. WikiLeaks and the Public Interest Dilemma: A View from Inside the Media;
Chris Elliot
5. 'Something Old, Something New...': WikiLeaks, Newspapers and Conjoint
Approaches to Political Exposure; Hopeton S. Dunn
6. WikiLeaks and Whistleblowing: The Framing of Bradley Manning; Einar
Thorsen, Chindu Sreedharan & Stuart Allan
7. From the Pentagon Papers to Cablegate: How the Network Society Has
Changed Leaking; Patrick McCurdy
8. Dimensions of Modern Freedom of Expression: WikiLeaks, Policy Hacking,
and Digital Freedoms; Arne Hintz
9. Weak Links and WikiLeaks: How Control of Critical Internet Resources and
Social Media Companies' Business Models Undermine the Networked Free Press;
Dwyane Winseck
10. WikiLeaks, Secrecy and Freedom of Information: The Case of the UK; David
Banisar & Francesca Fanucci
11. WikiLeaks, Anonymous, and the Exercise of Individuality: Protesting in
the Cloud; Stefania Milan
12. Anonymous and the Politics of Leaking; Gabriella Coleman
13. The Internet and Transparency Beyond WikiLeaks; Jillian C. York
14. WikiLeaks and the Arab Spring: The Twists and Turns of Media, Culture
and Power; Ibrahim Saleh
15. Twelve Theses on WikiLeaks; Geert Lovink & Patrice Riemens
16. Amy Goodman in conversation with Julian Assange and Slavoj ?i?ek
--------------------------------------------
Patrick McCurdy, Ph.D.
Professeur adjoint / Assistant Professor
D?partement de communication / Department of Communication
Universit? d'Ottawa / University of Ottawa
55 Laurier Avenue East, Room 11147, Ottawa, ON, K1N 6N5
Email: pmccurdy at uOttawa.ca<mailto:pmccurdy at uOttawa.ca>
Web: http://www.communication.uottawa.ca/eng/faculty/mccurdy.html
Tel: 613.562.5800 ext. 2728
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130326/d
6ce4a87/attachment-0001.html>
------------------------------
Message: 43
Date: Tue, 26 Mar 2013 07:25:43 -0700 (PDT)
From: Yosem Companys <companys at stanford.edu>
To: Liberation Technologies <liberationtech at lists.stanford.edu>
Subject: [liberationtech] CfP: SSCR Special Issue on "Quantifying
Politics Using Online Data"
Message-ID:
<CANhci9Gn7E8aVvRDSSBvUPMMcJGcyKz9PoFC3SqGyHRmh_ZXDQ at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Social Science Computing Review - Special Issue
Large web-based datasets make possible political studies at a scale
inconceivable just a few decades before. Everything from personal opinions
to popular political movements leaves a footprint online, and provides a
first-hand account of both everyday and historic events. This new data also
calls for new approaches -- quantitative methods developed in the realms of
political and social science, but also in data analysis and mining. Applied
to online data, these make possible language modeling, topic tracking,
novelty detection, social network mining, and many more types of analyses,
all providing new insights into social and political realities.*
The Social Science Computing Review <http://ssc.sagepub.com/> calls for
contributions to a special issue on "Quantifying Politics Using Online
Data". This special issue focuses on the application of quantitative
methods in political analysis of online data. The sources of such data
include, but are not limited to Twitter, Facebook, YouTube, news comments,
Wikipedia edits, discussion forums, blogs, etc. *Interdisciplinary
submissions are particularly encouraged and all submissions will be
reviewed by experts both from political and computer
sciences<https://sites.google.com/site/qpol2013/organization>
.*
*
Important dates
June 1, 2013 -- Abstracts (1 page excluding references) due
June 7, 2013 -- Abstracts notifications sent out
July 7, 2013 -- Submission deadline (11h59pm Hawaii
time<http://www.timeanddate.com/worldclock/city.html?n=103>
)
August 20, 2013 -- Author notification sent out
September 1, 2013 -- Camera ready version due
November 1, 2013 -- Expected online
publication<http://online.sagepub.com/site/sphelp/SageColl_PAP.xhtml>
date
February 15, 2014 -- Expected print publication date
*Reviewing process*
The special edition will apply a two-step reviewing process. The 1-page
abstract, due by June 1, will be reviewed by the editors and checked for
(i) topical relevance, (ii) presentation quality, (iii) novelty, and (iv)
at least one quantitative finding. This last requirements means that there
has to be *at** least one number in th**e abstract that quantifies some
aspect of politics*. Authors of abstracts that satisfy the conditions are
then invited to submit a full paper by July 7. This paper will then undergo
a conference style reviewing cycle to ensure timely publication. All
submissions will be reviewed by at least three distinct
experts<https://sites.google.com/site/qpol2013/organization>.
Additional external reviewers might be called upon depending on the
submission volume. Authors will receive acceptance notification and
detailed feedback from the reviewers on August 20.
About SSCR
Social Science Computer Review (SSCR) is an interdisciplinary journal
covering social science instructional and research applications of
computing, as well as societal impacts of information technology. It was
ranked 26 out of 89 journals in Social Sciences, Interdisciplinary by
Thomson Reuters' 2011 Journal Citation Reports with an impact factor of 1.1.
About the Editors
Yelena Mejova <http://www.linkedin.com/in/yelenamejova> <ymejova (AT)
yahoo-inc (DOT) com> is a post-doctoral researcher at Yahoo!
Research<http://research.yahoo.com/> in
Barcelona, Spain. Specializing in text retrieval and mining, she created
and analyzed multiple web-based datasets, including webpages, blogs,
reviews, and Twitter. This analysis included sentiment detection, political
opinion extraction, and topic tracking, and in particular the political
support classification and evaluation.
Ingmar Weber <http://www.linkedin.com/profile/view?id=164716418>
<ingmarweber
(AT) acm (DOT) org> is a Senior Scientist at Qatar Computing Research
Institute <http://qcri.org.qa/>. His research covers a wide subject area
from classical information retrieval, to sponsored search, with recent work
focussing on computational political science and interdisciplinary studies
in web science. He has studied the polarization in US politics in web
search and on Twitter, and is currently investigating Arab politics in
social media.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130326/1
36ba14e/attachment.html>
------------------------------
--
Too many emails? Unsubscribe, change to digest, or change password by
emailing moderator at companys at stanford.edu or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
End of liberationtech Digest, Vol 148, Issue 1
**********************************************
More information about the liberationtech
mailing list