From j.m.doyle at sbcglobal.net  Tue Apr  1 20:32:43 2014
From: j.m.doyle at sbcglobal.net (Jim Doyle)
Date: Tue, 01 Apr 2014 20:32:43 -0700
Subject: [GPSCC-chat] Junior State reminder
Message-ID: <533B84DB.6090905@sbcglobal.net>

The coordinator for Junior State sent this reminder:

Hi Mr. Doyle,

I would like to remind you one last time that the
Political Fair is this Saturday at one! Once again,
thank you so much for being a part of this event!

Sincerely,
Harry Yoon
Political Fair Coordinator 

-- 
Harry




From carolineyacoub at att.net  Thu Apr  3 09:13:12 2014
From: carolineyacoub at att.net (Caroline Yacoub)
Date: Thu, 3 Apr 2014 09:13:12 -0700 (PDT)
Subject: [GPSCC-chat] Fw: BREAKING: Amazing news for whales
In-Reply-To: <664872654.1396475141910.JavaMail.www@app346>
References: <664872654.1396475141910.JavaMail.www@app346>
Message-ID: <1396541592.80398.YahooMailNeo@web185305.mail.gq1.yahoo.com>

At last! Some good news!

----- Forwarded Message -----
From: "Phil Kline, Greenpeace" <webmaster at greenpeaceusa.org>
To: carolineyacoub at att.net 
Sent: Wednesday, April 2, 2014 1:55 PM
Subject: BREAKING: Amazing news for whales
 


Greenpeace 
 
    

Caroline?-
Jump for joy ? no whaling in the Southern Ocean this year!

  
I have amazing news that I've waited my whole life to be able to share with you. Japan has officially cancelled all plans to hunt whales in the Southern Ocean in 2014.?

This will be the first year since 1904 that no whales will be hunted in Antarctic waters.?

This is huge. Today marks a phenomenal victory for whales ? and for Greenpeace supporters like you who have joined together to call for an end to commercial whaling. I can only imagine that if we could communicate this news to whales ? they?d also be jumping for joy.

Since 1989, Greenpeace has sent nine anti-whaling expeditions to the Antarctic. More recently, supporters like you have fought tirelessly to end the subsidies that keep commercial whaling alive and stop the unjust and unprofitable market for whale meat.

This day wouldn't have been possible without your support.Thank you!

I hope you will take the time to celebrate this great news for whales with me today. This is proof that, together, we can make real change to protect the world?s whales and the oceans that they live in.


For the whales, 

Phil Kline
Senior Oceans Campaigner

P.S. Today is a huge victory for whales, but we know we still have a long road ahead. Greenpeace is fully committed to ending ALL commercial whaling ? but we need your help. Please keep this momentum going with your donation today. Your support will help us in the fights ahead in 2014 ? protecting endangered whales, our oceans, and our planet.  
??  ?? 
Click here to forward this message. 

  


Greenpeace 
702 H Street, NW, Suite 300, Washington, DC 20001 |
			1-800-722-6995 

You received this mailing because 
			carolineyacoub at att.net is subscribed to our mailing list. 
			To change your subscriptions please click here.  We value your privacy. If you have any questions about how we use your information please read our privacy policy.
Email not displaying correctly? View it in your browser 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140403/6bc1b8f3/attachment.html>

From pagesincolor at yahoo.com  Thu Apr  3 10:06:40 2014
From: pagesincolor at yahoo.com (John Thielking)
Date: Thu, 3 Apr 2014 10:06:40 -0700 (PDT)
Subject: [GPSCC-chat] RT Censors Entire Episode Of Breaking The Set
Message-ID: <1396544800.20309.YahooMailNeo@web161901.mail.bf1.yahoo.com>

If you go to the Breaking The Set Youtube page located here:
http://www.youtube.com/user/breakingtheset 

you can see that there is the Friday 3-28-14 show posted as show # 353 and there is the 4-2-14 show posted as show # 354. I will swear on a stack of bibles (but not in vain) that on Monday 3-31-14 there was a single broadcast of a new BTS show at 3PM Pacific Time featuring an anonymous artist who had his face hidden who was talking about his campaign to overturn copyright laws in his country. The new Monday show was not repeated in the 6:30PM PT time slot nor was it repeated in the 8:30AM PT time slot the next day. In its place was the 3-28-14 show # 353. I left messages about this on the BTS and Abby Martin Facebook pages and did get one terse response from the BTS people saying they weren't sure why this happened (but acknowledging that it DID happen, so it's not my imagination or missrecollection of a previous but different show broadcast in the Monday 3PM time slot).

Publicly, Abby Martin maintains that RT.com allows her editorial freedom with her show and brags that she didn't get fired for criticizing Putin's "invasion" and "aggression" in Crimea on air on one of her shows a couple of weeks ago. But I wonder if that is all there is to the story. Monday's incident has left me feeling just a little suspicious. What do you think?

John Thielking

PS Monday was a holiday for some people, but quite often what happens on holidays (and other alternative media broadcasters do this too) is that they will broadcast a new show on the holiday and then rerun an old show the day after. The reruns the day after happened on BTS and Flashpoints on kpfa.org, which is normal. I have no beef with that.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140403/412496db/attachment.html>

From snug.bug at hotmail.com  Thu Apr  3 12:23:37 2014
From: snug.bug at hotmail.com (Brian)
Date: Thu, 3 Apr 2014 12:23:37 -0700
Subject: [GPSCC-chat] RT Censors Entire Episode Of Breaking The Set
In-Reply-To: <1396544800.20309.YahooMailNeo@web161901.mail.bf1.yahoo.com>
References: <1396544800.20309.YahooMailNeo@web161901.mail.bf1.yahoo.com>
Message-ID: <BAY177-W20D95D05FF914531556A0D9E6C0@phx.gbl>

RT does some good work, but their work on 9/11 has mostly been terrible.  They seem to have a 
talent for picking out the most discrediting people to represent the 9/11 Truth movement, 
consistently featuring persons such as the blatant con artist William Rodriguez, and  the bigot and 
violence-monger and liar Dr. Kevin Barrett.

Another 9/11 "expert" of RT's is Webster Tarpley, who famously wiped out in 2007 when he 
published the Kennebunkport Letter warning that a Cheney-orchestrated terrorist attack was 
imminent.   Signatories included several prominent members of the peace movement, 
including Cindy Sheehan and Cynthia McKinney and Ann Wright.  When these worthies
protested that their signatures had been obtained under false pretenses, Tarpley melted down
and called them "wretched individuals".

Tarpley's nonsense dampened the good relations that the truth movement had been developing
in the peace movement, and it badly divided the truth movement--some siding with Tarpley (and 
his buddy Barrett) out of personal loyalties, and others deploring Tarpley's poor political sense 
and the idiocy of repeatedly  warning of upcoming attacks that never come to pass.  Apparently
Tarpley's notoriety both in the truth movement and the peace movement was unknown to RT
when they interviewed him.

RT's most recent 9/11-related coverage  of which I am aware (Abby Martin, a veteran of the truth 
movement in San Diego, has refrained from covering it) was last fall, a 13-minute segment  on 
Operation Gladio--a NATO operation of several decades' duration under which terrorist bombings 
were done in Italy and blamed on Communists.  The 1980 bombing of the Bologna railway station 
killed 80 civilians.   

https://www.youtube.com/watch?v=vka7Da6e9LY#t

The segment has some good information and interviewed some solid people, but it's very sloppy 
in its details.   At one point it falsely accuses Rachel Maddow of making personal attacks on 9/11 
family members who were truthers, and right in the middle they feature Kevin Barrett's claim that 
the respected Egyptian journalist Mohamed Heikal had admitted that he had been "virtually 
running so-called Al-Qaeda" at a time when he was "at the highest levels of government in 
Europe".   I tried to verify this claim and found nothing to support it.    That this libel did not raise 
a shitstorm would appear to be a testament to Barrett's insignificance as an "expert" at Press TV.

The segment shows that RT failed to vet its experts and does not check its facts.  Take it with a
teaspoon of salt.





























 



Date: Thu, 3 Apr 2014 10:06:40 -0700
From: pagesincolor at yahoo.com
To: sosfbay-discuss at cagreens.org; palestineis at dslextreme.com
Subject: [GPSCC-chat] RT Censors Entire Episode Of Breaking The Set

If you go to the Breaking The Set Youtube page located here:
http://www.youtube.com/user/breakingtheset


you can see that there is the Friday 3-28-14 show posted as show # 353 and there is the 4-2-14 show posted as show # 354. I will swear on a stack of bibles (but not in vain) that on Monday 3-31-14 there was a single broadcast of a new BTS show at 3PM Pacific Time featuring an anonymous artist who had his face hidden who was talking about his campaign to overturn copyright laws in his country. The new Monday show was not repeated in the 6:30PM PT time slot nor was it repeated in the 8:30AM PT time slot the next day. In its place was the 3-28-14 show # 353. I left messages about
 this on the BTS and Abby Martin Facebook pages and did get one terse response from the BTS people saying they weren't sure why this happened (but acknowledging that it DID happen, so it's not my imagination or missrecollection of a previous but different show broadcast in the Monday 3PM time slot).
Publicly, Abby Martin maintains that RT.com allows her editorial freedom with her show and brags that she didn't get fired for criticizing Putin's "invasion" and "aggression" in Crimea on air on one of her shows a couple of weeks ago. But I wonder if that is all there is to the
 story. Monday's incident has left me feeling just a little suspicious. What do you think?
John Thielking
PS Monday was a holiday for some people, but quite often what happens on holidays (and
 other alternative media broadcasters do this too) is that they will broadcast a new show on the holiday and then rerun an old show the day after. The reruns the day after happened on BTS and Flashpoints on kpfa.org, which is normal. I have no beef with that.
_______________________________________________
sosfbay-discuss mailing list
sosfbay-discuss at cagreens.org
http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140403/e6bcf73e/attachment.html>

From tnharter at aceweb.com  Thu Apr  3 22:47:22 2014
From: tnharter at aceweb.com (Tian Harter)
Date: Thu, 03 Apr 2014 22:47:22 -0700
Subject: [GPSCC-chat] San Jose State Earth Day
Message-ID: <533E476A.5010405@aceweb.com>

Hello Yall,

The letter I got from San Jose State about tabling says they have four 
levels of table this year:

*Level Price Description*

Bronze


	

Free

	

Table, Two Chairs

Silver


	

$100

	

Table, Two Chairs, Free Parking, 2 Meal Vouchers, 2 Earth Day San Jose 
T-Shirts, Logo on Website.

Gold


	

$250

	

Table, Two Chairs, Free Parking, 2 Meal Vouchers, 2 Earth Day San Jose 
T-Shirts, Shade Structure, Logo on Website and Printed Materials, 
Included in Event Passport.

Platinum


	

$500

	

Table, Two Chairs, Free Parking, 2 Meal Vouchers, 2 Earth Day San Jose 
T-Shirts, Shade Structure, Included in Event Passport, Prime Location, 
Logo on Website, All Publications and Earth Day San Jose T-shirts.

*Vendor booths come with one 6-foot table and two chairs*


It's short notice but I have to ask. Do we want to spring for silver 
level or settle for bronze?
We have only a few days to decide.

Whatever the choice, the event is on April 22 from 10:30 AM to 3:30 PM.
Who wants to volunteer to table with me?

-- 
Tian
http://tian.greens.org
Latest change: Added pictures from SJBPs Hippies vs. Hipsters Ride.
There's a dog angel on a Rhode Island quarter in my home.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140403/5b701771/attachment.html>

From spencer.graves at prodsyse.com  Thu Apr  3 23:58:40 2014
From: spencer.graves at prodsyse.com (Spencer Graves)
Date: Thu, 03 Apr 2014 23:58:40 -0700
Subject: [GPSCC-chat] San Jose State Earth Day
In-Reply-To: <533E476A.5010405@aceweb.com>
References: <533E476A.5010405@aceweb.com>
Message-ID: <533E5820.3030709@prodsyse.com>

Hi, Tian, et al.:


       What additional benefits would we get from Silver that we would 
not get from Bronze?


       I'm all for supporting our volunteer tablers,  However, we have a 
bank balance of only $1,004, and at our last meeting, March 27, we 
collected $18.  In my memory, we've spent over $100 to table at a few 
events, but I think we've declined more often at that level.  How much 
do we usually collect when tabling at events like this?  I'm inclined to 
vote "no", though I might be persuaded otherwise.


       Spencer


On 4/3/2014 10:47 PM, Tian Harter wrote:
> Hello Yall,
>
> The letter I got from San Jose State about tabling says they have four 
> levels of table this year:
>
> *Level Price Description*
>
> Bronze
>
>
> 	
>
> Free
>
> 	
>
> Table, Two Chairs
>
> Silver
>
>
> 	
>
> $100
>
> 	
>
> Table, Two Chairs, Free Parking, 2 Meal Vouchers, 2 Earth Day San Jose 
> T-Shirts, Logo on Website.
>
> Gold
>
>
> 	
>
> $250
>
> 	
>
> Table, Two Chairs, Free Parking, 2 Meal Vouchers, 2 Earth Day San Jose 
> T-Shirts, Shade Structure, Logo on Website and Printed Materials, 
> Included in Event Passport.
>
> Platinum
>
>
> 	
>
> $500
>
> 	
>
> Table, Two Chairs, Free Parking, 2 Meal Vouchers, 2 Earth Day San Jose 
> T-Shirts, Shade Structure, Included in Event Passport, Prime Location, 
> Logo on Website, All Publications and Earth Day San Jose T-shirts.
>
> *Vendor booths come with one 6-foot table and two chairs*
>
>
> It's short notice but I have to ask. Do we want to spring for silver 
> level or settle for bronze?
> We have only a few days to decide.
>
> Whatever the choice, the event is on April 22 from 10:30 AM to 3:30 PM.
> Who wants to volunteer to table with me?
> -- 
> Tian
> http://tian.greens.org
> Latest change: Added pictures from SJBPs Hippies vs. Hipsters Ride.
> There's a dog angel on a Rhode Island quarter in my home.
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss


-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140403/e570cd72/attachment.html>

From pagesincolor at yahoo.com  Fri Apr  4 17:29:18 2014
From: pagesincolor at yahoo.com (John Thielking)
Date: Fri, 4 Apr 2014 17:29:18 -0700 (PDT)
Subject: [GPSCC-chat] San Jose State Earth Day
In-Reply-To: <533E5820.3030709@prodsyse.com>
References: <533E476A.5010405@aceweb.com> <533E5820.3030709@prodsyse.com>
Message-ID: <1396657758.98330.YahooMailNeo@web161905.mail.bf1.yahoo.com>

I can help table. I vote for the Bronze package. Also please note (Drew and others) that I am now giving away any remaining copies of my Peacemovies.com 2011 and 2012 booklets.? You can sell them at the tables if you like, but in that case just give all the proceeds to the Green Party. When I am tabling they will be given away. My Peacemovies.com project is now officially a volunteer project/hobby if I'm doing it at all anymore. Thanks.

Sincerely,

John Thielking




________________________________
 From: Spencer Graves <spencer.graves at prodsyse.com>
To: Tian Harter <tnharter at aceweb.com>; sosfbay-discuss at cagreens.org 
Sent: Thursday, April 3, 2014 10:58 PM
Subject: Re: [GPSCC-chat] San Jose State Earth Day
 


Hi, Tian, et al.:? 


????? What additional benefits would we get from Silver that we
      would not get from Bronze?? 


????? I'm all for supporting our volunteer tablers,? However, we
      have a bank balance of only $1,004, and at our last meeting, March
      27, we collected $18.? In my memory, we've spent over $100 to
      table at a few events, but I think we've declined more often at
      that level.? How much do we usually collect when tabling at events
      like this?? I'm inclined to vote "no", though I might be persuaded
      otherwise.? 


????? Spencer 



On 4/3/2014 10:47 PM, Tian Harter wrote:

Hello Yall,

The letter I got from San Jose State about tabling says they have
      four levels of table this year:


Level Price Description
Bronze
 Free Table, Two Chairs 
Silver
 $100 Table, Two Chairs, Free Parking, 2 Meal Vouchers, 2 Earth Day San Jose T-Shirts, Logo on Website. 
Gold
 $250 Table, Two Chairs, Free Parking, 2 Meal Vouchers, 2 Earth Day San Jose T-Shirts, Shade Structure, Logo on Website and Printed Materials, Included in Event Passport.   
Platinum
 $500 Table, Two Chairs, Free Parking, 2 Meal Vouchers, 2 Earth Day San Jose T-Shirts, Shade Structure, Included in Event Passport, Prime Location, Logo on Website, All Publications and Earth Day San Jose T-shirts. 
Vendor
booths come with one 6-foot table and two chairs

It's short notice but I have to ask. Do we want to spring for
      silver level or settle for bronze?
We have only a few days to decide. 

Whatever the choice, the event is on April 22 from 10:30 AM to
      3:30 PM.
Who wants to volunteer to table with me?

-- 
Tian http://tian.greens.org Latest change: Added pictures from SJBPs Hippies vs. Hipsters Ride. 
There's a dog angel on a Rhode Island quarter in my home.


_______________________________________________
sosfbay-discuss mailing list sosfbay-discuss at cagreens.org http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss


-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web: www.structuremonitoring.com

_______________________________________________
sosfbay-discuss mailing list
sosfbay-discuss at cagreens.org
http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140404/9db5e305/attachment.html>

From pagesincolor at yahoo.com  Fri Apr  4 19:36:54 2014
From: pagesincolor at yahoo.com (John Thielking)
Date: Fri, 4 Apr 2014 19:36:54 -0700 (PDT)
Subject: [GPSCC-chat] Fw: [VFP101] Spring War Crimes Times
In-Reply-To: <1396664321.22589.YahooMailNeo@web181605.mail.ne1.yahoo.com>
References: <1396664321.22589.YahooMailNeo@web181605.mail.ne1.yahoo.com>
Message-ID: <1396665414.48407.YahooMailNeo@web161905.mail.bf1.yahoo.com>

FYI


----- Forwarded Message -----
From: Phil <depotchief at ambergrass.com>
To: VFP101 - Phil Yahoo Group <VFP_101 at yahoogroups.com> 
Sent: Friday, April 4, 2014 6:18 PM
Subject: [VFP101] Spring War Crimes Times
 


? 
I have
just received a packet of the Spring War Crimes Times that I will bring to
the April VFP101 meeting. If you have a location to place War Crimes Times please pick some
up. I have been leaving them at the Cupertino library and am looking for other
locations.
?
The
front page article in the War Crimes Times by Chris Hedges, ?The Menace of the Military Mind? is so
well written that that I want to pass along an on-line link to the article. 
http://www.truthdig.com/report/item/the_menace_of_the_military_mind_20140203 

Check it
out.
Phil
__._,_.___
Reply via web post  Reply to sender   Reply to group   Start a New Topic  Messages in this topic (2)  
Visit Your Group 
 
? Privacy ? Unsubscribe ? Terms of Use 
. 

__,_._,___
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140404/03448827/attachment.html>

From j.m.doyle at sbcglobal.net  Fri Apr  4 21:12:57 2014
From: j.m.doyle at sbcglobal.net (Jim Doyle)
Date: Fri, 04 Apr 2014 21:12:57 -0700
Subject: [GPSCC-chat] SJSU Earth DAy
Message-ID: <533F82C9.5090605@sbcglobal.net>

Bronze  Free   Table, Two Chairs

Silver  $100   Table, Two Chairs, 

The other added benefits: Free Parking, 2 Meal Vouchers, 
       2 Earth Day San Jose T-Shirts, Logo on Website

do not add Green Party value, they benefit, for the most
part, the tablers.


How much does the parking cost?
Are parking spaces available?

Jim Doyle




From pagesincolor at yahoo.com  Sat Apr  5 08:00:36 2014
From: pagesincolor at yahoo.com (John Thielking)
Date: Sat, 5 Apr 2014 08:00:36 -0700 (PDT)
Subject: [GPSCC-chat] SJSU Earth DAy
In-Reply-To: <533F82C9.5090605@sbcglobal.net>
References: <533F82C9.5090605@sbcglobal.net>
Message-ID: <1396710036.75740.YahooMailNeo@web161904.mail.bf1.yahoo.com>

Tian and John won't be needing any parking spaces. Parking is available in city garages for maybe $2 per hour at most. Or on Earth Day people can take the light rail for $4 round trip. A power bar for lunch costs $2.

John Thielking




________________________________
 From: Jim Doyle <j.m.doyle at sbcglobal.net>
To: sosfbay discussion group <sosfbay-discuss at cagreens.org> 
Sent: Friday, April 4, 2014 8:12 PM
Subject: [GPSCC-chat] SJSU Earth DAy
 

Bronze? Free?  Table, Two Chairs

Silver? $100?  Table, Two Chairs, 

The other added benefits: Free Parking, 2 Meal Vouchers, 
? ? ?  2 Earth Day San Jose T-Shirts, Logo on Website

do not add Green Party value, they benefit, for the most
part, the tablers.


How much does the parking cost?
Are parking spaces available?

Jim Doyle


_______________________________________________
sosfbay-discuss mailing list
sosfbay-discuss at cagreens.org
http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140405/6b73ac66/attachment.html>

From spencer.graves at prodsyse.com  Sun Apr  6 13:41:14 2014
From: spencer.graves at prodsyse.com (Spencer Graves)
Date: Sun, 06 Apr 2014 13:41:14 -0700
Subject: [GPSCC-chat] Richmond Mayor Gayle McLaughlin, this Wednesday,
 April 9, 7 PM, Laboreres' Local 270 , 509 Emory Street, San Jose, CA
In-Reply-To: <0a0d87efba4c17d6263718e4f790515753f.20140326234423@mail160.atl81.rsgsv.net>
References: <0a0d87efba4c17d6263718e4f790515753f.20140326234423@mail160.atl81.rsgsv.net>
Message-ID: <5341BBEA.9050905@prodsyse.com>

Hello, All:


       Please come if you can to a dialogue with Gayle McLaughlin, the 
Green Mayor of Richmond, CA.  Below please find a brief summary of some 
of her recent accomplishments.


       Spencer Graves


-------- Original Message --------
Subject: 	Dialogue with Richmond Mayor Gayle McLaughlin on April 9
Date: 	Wed, 26 Mar 2014 23:45:00 +0000
From: 	Human Agenda <humanagendausa at gmail.com>
Reply-To: 	Human Agenda <humanagendausa at gmail.com>
To: 	<spencer.graves at prodsyse.com>



Dialogue with Richmond Mayor Gayle McLaughlin on April 9

	Email not displaying correctly?
View it in your browser 
<http://us6.campaign-archive2.com/?u=0a0d87efba4c17d6263718e4f&id=99745f953c&e=790515753f>. 


GOVERNMENT FOR THE PEOPLE
CAN WE DO IT HERE?

A Dialogue with Richmond Mayor Gayle McLaughlin
*Gayle McLaughlin* is a social activist who has
   participated in the peace, social justice, civil rights,
   and environmental movements.
?I remain ever-committed to elevate and bring forward the "goodness" that
    defines us here in Richmond. We must always remember that our goodness
    outweighs our challenges? ~ Mayor McLaughlin
*Wednesday, April 9*
7:00 PM
Laboreres' Local 270
509 Emory Street
San Jose, CA 95110

*_What We Might Learn from Mayor McLaughlin & the Richmond City Council:_*

  * Community gardens, bike paths, bay trail construction, and park
    renovations have created a healthy environment
  * Through advancing solar installation and creating a model green job
    training program, Richmond has graduated hundreds of residents now
    working in the green economy
  * As an area hit hard by bank speculators and foreclosures, the Mayor
    of Richmond has used the power of eminent domain and other tools to
    hold banks and financial institutions accountable.
  * City programs have strengthened local schools
  * A recently approved municipal ID for all Richmond residents, allows
    everyone-- including immigrant residents--access to services such as
    bank accounts
  * A progressive coalition has made all the above possible.

*Sponsored by:* Sunnyvale Mayor Jim Griffith, San Jose Councilmember Ash 
Kalra, Affordable Housing Network, Community Homeless Alliance Ministry 
(CHAM), and Santa Clara County Green Party
/FREE, OPEN TO THE PUBLIC & WHEEL CHAIR ACCESSIBLE./

*For more information & to RSVP email us at humanagendausa at gmail.com or 
call Karen Wald (408) 775-6837
or Richard Hobbs (408)460 460-299*

Forward to Friend 
<http://us6.forward-to-friend2.com/forward?u=0a0d87efba4c17d6263718e4f&id=99745f953c&e=790515753f> 

/Copyright ? *|2013|* *|HUMAN AGENDA|*, All rights reserved./
unsubscribe from this list 
<http://humanagenda.us6.list-manage1.com/unsubscribe?u=0a0d87efba4c17d6263718e4f&id=f73c400ceb&e=790515753f&c=99745f953c> 
update subscription preferences 
<http://humanagenda.us6.list-manage.com/profile?u=0a0d87efba4c17d6263718e4f&id=f73c400ceb&e=790515753f> 




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140406/db5cde0b/attachment.html>

From pagesincolor at yahoo.com  Sun Apr  6 13:48:04 2014
From: pagesincolor at yahoo.com (John Thielking)
Date: Sun, 6 Apr 2014 13:48:04 -0700 (PDT)
Subject: [GPSCC-chat] Richmond Mayor Gayle McLaughlin, this Wednesday,
	April 9, 7 PM, Laboreres' Local 270 , 509 Emory Street, San Jose, CA
In-Reply-To: <5341BBEA.9050905@prodsyse.com>
References: <0a0d87efba4c17d6263718e4f790515753f.20140326234423@mail160.atl81.rsgsv.net>
	<5341BBEA.9050905@prodsyse.com>
Message-ID: <1396817284.68803.YahooMailNeo@web161906.mail.bf1.yahoo.com>

Sounds interesting. And I don't even have to travel to Richmond.

John Thielking




________________________________
 From: Spencer Graves <spencer.graves at prodsyse.com>
To: GPSCC <sosfbay-discuss at cagreens.org> 
Sent: Sunday, April 6, 2014 1:41 PM
Subject: [GPSCC-chat] Richmond Mayor Gayle McLaughlin, this Wednesday, April 9, 7 PM, Laboreres' Local 270 , 509 Emory Street, San Jose, CA
 


Hello, All:? 


????? Please come if you can to a dialogue with Gayle McLaughlin,
    the Green Mayor of Richmond, CA.? Below please find a brief summary
    of some of her recent accomplishments.? 


????? Spencer Graves



-------- Original Message -------- 
Subject: Dialogue with Richmond Mayor Gayle McLaughlin on April 9 
Date: Wed, 26 Mar 2014 23:45:00 +0000 
From: Human Agenda <humanagendausa at gmail.com> 
Reply-To: Human Agenda <humanagendausa at gmail.com> 
To: <spencer.graves at prodsyse.com> 

Dialogue with Richmond Mayor Gayle McLaughlin on April 9  

 Email not displaying correctly?
View it in your browser.      
GOVERNMENT FOR THE PEOPLE?
CAN WE DO IT HERE?   
A Dialogue with Richmond Mayor Gayle McLaughlin
?
? Gayle McLaughlin is a social activist who has
? participated in the peace,
                                      social justice, civil rights,
? and environmental movements.?
??I remain ever-committed to elevate and bring forward the "goodness" that
? ?defines us here in Richmond.
                                        We must always remember that our
                                        goodness
? ?outweighs our challenges? ~
                                        Mayor McLaughlin
?
Wednesday, April 9
7:00 PM
?
Laboreres' Local 270?
509 Emory Street
San Jose, CA 95110

What We Might Learn from Mayor McLaughlin & the Richmond City Council:
	* Community gardens, bike paths, bay trail construction, and park renovations have created a healthy environment
	* Through advancing solar installation and creating a model green job training program, Richmond has graduated hundreds of residents now working in the green economy
	* As an area hit hard by bank speculators and foreclosures, the Mayor of Richmond has used the power of eminent domain and other tools to hold banks and financial institutions accountable.
	* City programs have strengthened local schools
	* A recently approved municipal ID for all Richmond residents, allows everyone-- including immigrant residents--access to services such as bank accounts
	* A progressive coalition has made all the above possible.?
Sponsored by: Sunnyvale Mayor Jim Griffith, San Jose Councilmember Ash Kalra, Affordable Housing Network, Community Homeless Alliance Ministry (CHAM), and Santa Clara County Green Party
?
FREE, OPEN TO THE PUBLIC & WHEEL CHAIR ACCESSIBLE.

For more information & to RSVP email us at humanagendausa at gmail.com or call?Karen Wald (408) 775-6837
or Richard Hobbs (408)460
                                        460-299  
??Forward to Friend?  
Copyright ? *|2013|* *|HUMAN AGENDA|*, All rights reserved.
 
unsubscribe from this list????update subscription preferences?  
    


_______________________________________________
sosfbay-discuss mailing list
sosfbay-discuss at cagreens.org
http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140406/546cf959/attachment.html>

From j.m.doyle at sbcglobal.net  Sun Apr  6 14:12:37 2014
From: j.m.doyle at sbcglobal.net (Jim Doyle)
Date: Sun, 06 Apr 2014 14:12:37 -0700
Subject: [GPSCC-chat] reimbursing P.O. Box
Message-ID: <5341C345.4010802@sbcglobal.net>

Andrea,
How much was the fee for the "new" GPSCC P.O. Box?
  PO Box 611083, San Jose, CA 95161
Let me know and I will send you the amount.

Is that an annual fee?

Jim Doyle

P.S.  As far as I know, we do not receive very much mail.
How often do you anticipate looking for our mail?



From spencer.graves at structuremonitoring.com  Sun Apr  6 14:45:38 2014
From: spencer.graves at structuremonitoring.com (Spencer Graves)
Date: Sun, 06 Apr 2014 14:45:38 -0700
Subject: [GPSCC-chat] reimbursing P.O. Box
In-Reply-To: <5341C345.4010802@sbcglobal.net>
References: <5341C345.4010802@sbcglobal.net>
Message-ID: <5341CB02.3080100@structuremonitoring.com>

Hi, Jim, et al.:


       Andrea can correct me if I misunderstood, but I don't think she 
volunteered to check the mail regularly.  I believe I heard her asking 
for someone else to do that.


       However, I believe we could have mail sent there forwarded to 
someone else -- and I'm willing to accept that mail if no one else 
volunteers.


       Spencer


On 4/6/2014 2:12 PM, Jim Doyle wrote:
> Andrea,
> How much was the fee for the "new" GPSCC P.O. Box?
>  PO Box 611083, San Jose, CA 95161
> Let me know and I will send you the amount.
>
> Is that an annual fee?
>
> Jim Doyle
>
> P.S.  As far as I know, we do not receive very much mail.
> How often do you anticipate looking for our mail?
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss


-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com



From peacemovies at gmail.com  Sun Apr  6 16:28:30 2014
From: peacemovies at gmail.com (John Thielking)
Date: Sun, 6 Apr 2014 16:28:30 -0700
Subject: [GPSCC-chat] SJSU Earth DAy
In-Reply-To: <533F82C9.5090605@sbcglobal.net>
References: <533F82C9.5090605@sbcglobal.net>
Message-ID: <CAMxmhMcbw9Vpidjq3hPe-b3mMqT4w753V0DLBWsrMD_bt17EAw@mail.gmail.com>

Hmmmm,

It seems that others are able to post to the chat list but I am not able to
post from pagesincolor at yahoo.com.  I will try posting from
peacemovies at gmail.com. My previous response to this item was the following:

1) I prefer that we use the Bronze package. I can't see justifying the
extra expense for the Silver package vs the cost of parking elsewhere
downtown and/or buying our own food.

2) I am able to help out with tabling on Earth Day at SJSU.

3) I am no longer conducting Peacemovies.com as a business. There is no
longer any need to pay me anything for the Peacemovies.com 2011 and 2012
booklets sold or given away by the Green Party. I will be giving away the
booklets whenever I am tabling and others are welcome to give the booklets
away or sell them and donate the entire proceeds to the Green Party.
Thanks.

Sincerely,

John Thielking


On Fri, Apr 4, 2014 at 8:12 PM, Jim Doyle <j.m.doyle at sbcglobal.net> wrote:

> Bronze  Free   Table, Two Chairs
>
> Silver  $100   Table, Two Chairs,
> The other added benefits: Free Parking, 2 Meal Vouchers,       2 Earth Day
> San Jose T-Shirts, Logo on Website
>
> do not add Green Party value, they benefit, for the most
> part, the tablers.
>
>
> How much does the parking cost?
> Are parking spaces available?
>
> Jim Doyle
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140406/427584ec/attachment.html>

From leedobell at aol.com  Sun Apr  6 22:39:29 2014
From: leedobell at aol.com (Leedobell)
Date: Mon, 7 Apr 2014 01:39:29 -0400 (EDT)
Subject: [GPSCC-chat] AAAS: Climate change may trigger 'abrupt'
 world-wide consequences
In-Reply-To: <5329C916.4050602@charter.net>
References: <532975F7.5030201@prodsyse.com> <5329C916.4050602@charter.net>
Message-ID: <8D1203AE0CF6F6F-1D9C-32ED8@webmail-vm026.sysops.aol.com>

I think we need to do something to say "Thank you" to Katherine Hayhoe for having the guts to put her name on the report.
Caroline



-----Original Message-----
From: Wes Rolley <wrolley at charter.net>
To: Post South SF Bay discuss <sosfbay-discuss at cagreens.org>
Sent: Wed, Mar 19, 2014 9:43 am
Subject: Re: [GPSCC-chat] AAAS: Climate change may trigger 'abrupt' world-wide consequences


          
    
On 3/19/2014 3:48 AM, Spencer Graves      wrote:
    
    
<snip>
      
      p.s.  Might someone have time to skim the full AAAS report?  If      yes, I'd like to know if it mentions "chaos theory" or      "catastrophe theory".  I believe it should be cited in relevant      Wikipedia articles.  I don't have time at the moment to do that      research, but I could help someone else with the knowledge to make      appropriate changes to Wikipedia.      
    
    Spencer, the full article is a very good summary statement of what    is known and what is still un-known and has no reference to chaos    theory.  While risk assessment is a major subject in the report, it    is referenced in terms of "tail risk".     
Where there is a range of uncertainty, the      high-side projections represent tail risk, a common
      concept in the world of finance.
    It is probably appropriate to express things in this manner as the    terminology isin  fairly common parlance from the discussion of the    financial meltdown that we have just gone through.  It is the    financial risk of climate change that will probably drive much of    the changes we need as insurance companies, real estate investment    trusts, etc. take action to protect their assets.  Consider what a 7    ft. sea level rise would do to S. Florida real estate.  
    
    As the Daily Climate summarizes this: "The significance of Tuesday's    report lies not in its findings, which cover familiar ground, but in    who is saying it: the world's largest general scientific body, and    one of its most respected."  It should be deeply disconcerting to    deniers that Katherine Hayhoe's name is on the report as she is    political conservative (Republican?)  and an Evangelical Christian.    
    
-- 
      "Anytime you have an opportunity to make things better and you      don't, then you are wasting your time on this Earth"      - Roberto Clemente
  

_______________________________________________
sosfbay-discuss mailing list
sosfbay-discuss at cagreens.org
http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140407/28f26657/attachment.html>

From peacemovies at gmail.com  Mon Apr  7 08:47:04 2014
From: peacemovies at gmail.com (John Thielking)
Date: Mon, 7 Apr 2014 08:47:04 -0700
Subject: [GPSCC-chat] AAAS: Climate change may trigger 'abrupt'
	world-wide consequences
In-Reply-To: <8D1203AE0CF6F6F-1D9C-32ED8@webmail-vm026.sysops.aol.com>
References: <532975F7.5030201@prodsyse.com> <5329C916.4050602@charter.net>
	<8D1203AE0CF6F6F-1D9C-32ED8@webmail-vm026.sysops.aol.com>
Message-ID: <CAMxmhMfazNBB1X-T+A-nzmgNr0VrGP=R1=X5Nrmh7qpv_p6uPg@mail.gmail.com>

I can take the time to read the report. Something is still very odd with my
e-mails going to and coming from the chat e-mail list. I have a different
version of this e-mail sent to my pagesincolor at yahoo.com e-mail address
than was sent to my peacemovies at gmail.com.  I guess gmail compresses the
entire thread of all of the e-mails on this subject into just one e-mail
like segment.  In any event, the link to the article is not included in the
latest version of the e-mail sent to me at pagesincolor at yahoo.com. So here
it is again for any of you who may have missed it:

A new report by the American Association for the Advancement of Science
(AAAS) warns that, "Climate change may trigger 'abrupt' world-wide
consequences" (
http://america.aljazeera.com/articles/2014/3/18/report-climate-changemaytriggerabruptworldwideconsequences.html).


John Thielking


On Sun, Apr 6, 2014 at 10:39 PM, Leedobell <leedobell at aol.com> wrote:

> I think we need to do something to say "Thank you" to Katherine Hayhoe for
> having the guts to put her name on the report.
> Caroline
>
>
> -----Original Message-----
> From: Wes Rolley <wrolley at charter.net>
> To: Post South SF Bay discuss <sosfbay-discuss at cagreens.org>
> Sent: Wed, Mar 19, 2014 9:43 am
> Subject: Re: [GPSCC-chat] AAAS: Climate change may trigger 'abrupt'
> world-wide consequences
>
>  On 3/19/2014 3:48 AM, Spencer Graves wrote:
>
> <snip>
>
> p.s.  Might someone have time to skim the full AAAS report?  If yes, I'd
> like to know if it mentions "chaos theory" or "catastrophe theory".  I
> believe it should be cited in relevant Wikipedia articles.  I don't have
> time at the moment to do that research, but I could help someone else with
> the knowledge to make appropriate changes to Wikipedia.
>
> Spencer, the full article is a very good summary statement of what is
> known and what is still un-known and has no reference to chaos theory.
> While risk assessment is a major subject in the report, it is referenced in
> terms of "tail risk".
>
> Where there is a range of uncertainty, the high-side projections represent
> tail risk, a common
> concept in the world of finance.
>
> It is probably appropriate to express things in this manner as the
> terminology isin  fairly common parlance from the discussion of the
> financial meltdown that we have just gone through.  It is the financial
> risk of climate change that will probably drive much of the changes we need
> as insurance companies, real estate investment trusts, etc. take action to
> protect their assets.  Consider what a 7 ft. sea level rise would do to S.
> Florida real estate.
>
> As the Daily Climate summarizes this: "The significance of Tuesday's
> report lies not in its findings, which cover familiar ground, but in who is
> saying it: the world's largest general scientific body, and one of its most
> respected."  It should be deeply disconcerting to deniers that Katherine
> Hayhoe's name is on the report as she is political conservative
> (Republican?)  and an Evangelical Christian.
> --
> "Anytime you have an opportunity to make things better and you don't, then
> you are wasting your time on this Earth" - *Roberto Clemente*
>
> _______________________________________________
> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140407/fbc0e06b/attachment.html>

From carolineyacoub at att.net  Mon Apr  7 16:53:21 2014
From: carolineyacoub at att.net (Caroline Yacoub)
Date: Mon, 7 Apr 2014 16:53:21 -0700 (PDT)
Subject: [GPSCC-chat] [350 SV Chat] Top 10 enviro groups (incl 350) have
	15M members, $525M budget
In-Reply-To: <457983ac-a0ab-4870-baca-1288084230ee@googlegroups.com>
References: <457983ac-a0ab-4870-baca-1288084230ee@googlegroups.com>
Message-ID: <1396914801.11074.YahooMailNeo@web185306.mail.gq1.yahoo.com>

Aren't we clever? We're already doing this.


________________________________
 From: David Kerrigon <dkerrigon at gmail.com>
To: 350-silicon-valley-chat at googlegroups.com 
Sent: Monday, April 7, 2014 2:57 PM
Subject: [350 SV Chat] Top 10 enviro groups (incl 350) have 15M members, $525M budget
 


My comments:?There may be?enough enviro membership?to pass strong federal climate legislation which would cause other nations to follow suit. To do this:
A) Need 11M of those members actively involved in direct action (or need to join with other groups like unions to attain numbers). http://kerrigon.blogspot.com/. 11M represents the equivalent of the power of the fossil fuel industry, which is currently able to dictate federal climate/energy policy. The?fossil fuel industry?currently has the power and effective propaganda machine to prevent a?filibuster-proof?pro-climate congress (unlike CA, where strong climate laws have passed.)? 
B) engage enviro-group members to gradually increase the number of direct actions they undertake. The goal is 1 or more hours of activism per month (with some folks?contributing many more hours)?



From: http://insideclimatenews.org/news/20140407/infographic-field-guide-us-environmental-movement?

Infographic: A Field Guide to the U.S. Environmental Movement
The 10 organizations leading the environmental movement collectively have 15 million members and and an annual budget of more than $525 million.
By Katherine Bagley, InsideClimate News 
Apr 7, 2014 
Credit: Paul Horn/InsideClimate News
The 120-year-old U.S. environmental movement has undergone a tectonic shift and resurgence over the last several years, spearheaded by the failed legislative effort to cap carbon emissions in 2010. In the aftermath of that debacle, some the biggest environmental groups reshaped their missions?supplementing inside-the-Beltway campaigning with grassroots organizing and civil disobedience action not seen in this country since the 1970s. New groups from the hyperlocal to the national and global were born.
Today the 10 organizations driving the modern green wave?profiled in the infographic below?collectively have 15 million members, 2,000-plus staffers and annual budgets of more than $525 million to advance environmental agendas at the local, national and international levels.
Although often characterized as a monolithic entity, each group has its own priorities and tactics, and each represents diverse interests and constituents?from youth climate activists to hunters and anglers. In recent years these organizations and others have found common cause over stopping the Canada-to-Texas Keystone XL tar sands pipeline, wielding their collective power to help turn the project into the red line on climate change for President Obama.
-- 
You received this message because you are subscribed to the Google Groups "350 Silicon Valley Chat" group.
To unsubscribe from this group and stop receiving emails from it, send an email to 350-silicon-valley-chat+unsubscribe at googlegroups.com.
To post to this group, send email to 350-silicon-valley-chat at googlegroups.com.
Visit this group at http://groups.google.com/group/350-silicon-valley-chat.
For more options, visit https://groups.google.com/d/optout.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140407/7849b6b2/attachment.html>

From pagesincolor at yahoo.com  Mon Apr  7 21:04:05 2014
From: pagesincolor at yahoo.com (John Thielking)
Date: Mon, 7 Apr 2014 21:04:05 -0700 (PDT)
Subject: [GPSCC-chat] Can Flash Mobs And Olive Drab Clubs Defeat The NSA?
Message-ID: <1396929845.23116.YahooMailNeo@web161905.mail.bf1.yahoo.com>

Can Flash Mobs And Olive Drab Clubs
Defeat The NSA?

By John Thielking
4-7-2014

For the past few days this author has
been brainstorming about how to regain some small pieces of his
privacy in the face of continuing (and progressing) NSA and other
alphabet soup organizations' blanket surveillance. The goal is to
find a way to preserve or at least momentarily regain privacy without
using  methods that require that they be secure from eavesdropping
(such as by not using encryption or much of any electronic hardware
which has been proven to have numerous back doors in both hardware
and software).

Up to this point, this author has been
content to merely take the simple countermeasure of leaving his cell
phone at home and seldom if ever taking it with him when going to any
place in public such as a shopping trip or a political protest. Going
on vacation out of town is the exception to this and the author has
found it necessary to submit to surveillance while on vacation. Most
recently, this prohibition on carrying his cell phone in public has
been extended to include leaving his electronic wristwatch at home
and covering up his VTA bus pass/Clipper Card which has an RFID chip
in it with tin foil and keeping it in his wallet in case the fare
inspector wants to see it while he is riding the light rail. Various
sources have indicated that blanket radio surveillance of a city can
reveal what is being typed on various people's computer monitors and
cell phone signals can carry for up to 20 miles.  So based on that
information, it is likely that radio surveillance can reveal the
locations of various people's electronic wristwatches. All modern
wristwatches have batteries in them powering the watch (even the
quartz ones that look like the old kind that you used to have to keep
wound up to keep them running) so all modern wristwatches can likely
be tracked this way.  It is possible to carry a cell phone in public
and not be tracked, at least not in real time. To do this do the
following: If your cell phone is a smart phone, put it in airplane
mode and then turn it off. If it is a feature phone with no airplane
mode available, turn it off and then take the battery out. Then place
the phone inside of a paper envelope. This prevents the conductive
parts of the phone such as various external metal extrusions that
penetrate the case and the conductive touch screen from contacting
the aluminum foil and defeating the Faraday Cage effect that will be
formed by the aluminum foil in the last step.  Then take a sheet of
tin foil and cover the outside of the envelope that contains the cell
phone. With the cell phone in airplane mode, it will not try too hard
to signal the nearest cell tower nor will it use a lot of energy
trying to connect using WiFi so the rapid battery drain that happens
when covering up a turned off feature phone that still has the
battery installed will not occur, at least not significantly, so the
battery life will be up to a week or more when covered with tin foil.
Note that since most smart phones have at least 1GB of available
memory, it is quite possible/likely that the microphone of the cell
phone is recording sounds (and the times that the sounds were
recorded) for broadcast to the NSA later when you exit airplane mode
to make a call or surf the web or answer e-mail.  To prevent this
from doing anything significant to compromise your privacy, if you
are a girl person, you can place an activated white noise generator
(about the size of a small radio, available from your local anti-spy
equipment web site --- I bought mine about 15 years ago, so sorry but
I forgot exactly where I got it ) put this in your purse next to your
envelope and tin foil encased cell phone.  This way, it will be much
more difficult for the NSA to piece together where you were based on
recorded background noises.

Now for the part that has something to
do with the title of this article.  This author, in talking to one of his relatives who had visited China recently, was inspired by the
relative's story of how the Chinese have been dealing with their own
surveillance state.  It seems that a widespread phenomenon in China
is that everyone tends to dress the same so that they will blend in
to the crowd of people in their surroundings. This author did a bit
of research online to try to find a way to defeat facial recognition
software used by drones and various city-wide security cameras that
are either connected to the Internet directly or that at least have
TV monitors which can have their signals monitored by blanket radio
surveillance. During this research, this author came across various
references to the fact that some people in China and Australia are
now using full face covering black visors in place of sunscreen. It
seems that these full face visors are being marketed as being
superior to sunscreen, since sunscreen only blocks the burning UVB
rays and not the skin wrinkling  UVA rays, while the visors block up
to 99% of both UVA and UVB rays. It could be argued that these visors
are ?medically necessary? and thus they might even be exempt from
laws in various places that seek to ban the wearing of masks at
political protests.  The desireable feature of these visors is that
they may defeat facial recognition software. At least in the case of
a human viewing the catalog pictures showing the models wearing these
visors, the facial features of the models appear to be completely
obscured. It is not clear if software used to enhance images could
penetrate the low contrast ?image? of the models' faces that may
be allowed to show through by the dark plastic of these visors.  This
author was unable to find a mirrored version of one of these visors
for sale that certainly would not be able to be penetrated by image
enhancing software, but he was able to find a picture of a Chinese
person wearing a mirrored version.

Now for the ?plan? of how to defeat
the NSA surveillance using an Olive Drab Club and/or a Flash Mob.

	1. On some Sunday afternoon or other that is convenient, have people come together in a specific open space inside of a shopping mall such as the food court at a specific time. Ask them to all dress the same such as by wearing black pants and blank white shirts. Ask them to wear the UVA/UVB blocking full face visors over their full faces for the duration of the event. Ask them to not carry any electronic devices with them on the final leg of their trip to the location inside the mall. They can leave their cell phones and watches in their cars. Any ID cards or other things with RFID chips in them should be covered with an envelope and a sheet of tin foil if they are to be carried with the person. The use of license plate readers and other tracking methods by the police and NSA while protestors are traveling to the mall or on their way home after the event will not affect the success of this protest.

	1. When the people are all assembled, this will form the first ?Flash Mob?. The goal is to get as big a mob of people all milling around as close together as possible to confuse any tracking software that may be attempting to follow individuals through the images broadcast over the mall security cameras. If the Flash Mob is done inside the mall building during the day, any really high tech drones circling overhead outside will not be able to use their infrared cameras to penetrate the walls of the building as they will be blinded by reflected sunlight. Thus the enhanced software that may be able to track individuals buried inside the Flash Mob should be much harder if not impossible for the NSA to use to tease apart who exactly went where inside the Flash Mob.
	2. While people are buried inside the Flash Mob, they are all handed regular wristwatches that can be used to help keep track of the exact time to be ready to reassemble in the second Flash Mob at the end of the event. It is not important that the individual watches may have their locations tracked during the event. So long as the face shields are kept covering people's faces, the individual watches will not reveal people's individual identities. 
	3. Then for the next 2-3 hours the people go on various shopping trips. They are all careful to always pay with cash and they are encouraged to wear a particular type of backpack to carry the stuff they buy, so again, everyone tends to look the same. They can go anywhere in town to go shopping, not just shop at that one mall. If they are traveling large distances that can not be covered on foot, they should pay cash to use public transportation and not use their own vehicles.   They are encouraged to remove any deactivated RIFD/antishoplifting  tags that may be on the merchandise that they purchased prior to reassembling for the second Flash Mob. It is also recommended that people talk as little as possible or not at all during this part of the event in case security cameras or their loaned watches are recording/transmitting and/or analyzing their voices.
	4. After 2-3 hours of shopping, everyone checks the time on their borrowed watches and reassembles at the appointed time inside the shopping mall. The Flash Mob is repeated with everyone trying to get as close as possible together while dropping off their loaned wristwatches. 
	5. Then people disperse and go back to their homes. They can get to their homes any way that they wish with as little or as much of their faces and identities exposed to surveillance as they desire.  License plate readers, etc won't be able to figure out what stores they went into or what they purchased during the event unless they start talking about their experiences that happened at the event. 

The End.

PS Individuals can attempt to duplicate
the anonymizing effect of the Flash Mob on their own by modifying a
bit what they do while inside of a building out of sight of any drone
IR cameras outside the building during the day or security cameras
inside the building, such as by using a bathroom stall to change
clothes. Start by traveling to the building in question on foot or on
public transportation or if the building allows all day parking for
non-customers you can drive your car there. Be undisguised in regards
to your external appearance. Let any facial recognition software or
license plate readers figure out that it is you going there. You
won't be able to keep the tracking software from following you to and
from your residence anyway, at least during the times after 2015 when
surveillance drones are going to be everywhere over every city. Keep
your face covering visor and a change of shirt concealed inside of a
backpack. Leave all electronic devices at home or in your car. Inside
the building and inside the bathroom stall, change your shirt to a
different color and take out a different colored but similar sized
backpack that was concealed inside the first backpack. Put the first
backpack inside of the second backpack along with the original shirt
you were wearing. Put the visor on over your entire face. Exit the
bathroom stall and exit the building and go shopping on foot or using
public transportation, paying with cash always. While shopping you
can optionally lift the visor enough while indoors to reveal your
face to the cashier and other people who it would be polite to reveal
your face to while communicating with them, but don't lift the visor
high enough for security cameras, usually mounted in the ceilings, to
see your face. To go home, go back into the same building and a
bathroom stall and reverse the process so that you exit the building
wearing the first t-shirt and displaying the first backpack and
concealing the second t-shirt and face covering visor and second
backpack inside the first backpack.  Hopefully you have enough room
in the backpacks for the backpacks and the items that you purchased
at the stores you visited.  Be sure to pay cash and not talk much if
at all while shopping. If you need to travel at night, to remain
anonymous using the above procedure, be sure to go into a crowd
inside of a building such as a disco dance floor that will remain
crowded late into the evening. Do some dancing on the dance floor
while entering and exiting the building and make it look like the
?real you?, identifiable by the drones circling outside the
building, which can see some limited detail using IR cameras and have
limited ability to track individuals inside the building from a
viewpoint outside the building, make it look like you spent the whole
time dancing during your shopping trip.  Good luck and have some fun
and retain your sense of humor while attempting to defeat the NSA
surveillance, at least for a few hours. :>).  If more people adopt
these methods as the surveillance state expands and more people begin
to feel inconvenienced by it, it should get easier and more reliable
to use these methods to temporarily defeat the NSA surveillance.  For
instance, if enough people all dress the same, then it will only be
necessary to hide your visor inside one backpack when going to the
disco building and it won't be necessary to change your shirt or
backpack, just whip out your visor while inside the disco building
out of view of any cameras.  This last stage is when, like the
Chinese, we will all become members of the Olive Drab Club.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140407/fe7b0fd3/attachment.html>

From pagesincolor at yahoo.com  Mon Apr  7 21:06:08 2014
From: pagesincolor at yahoo.com (John Thielking)
Date: Mon, 7 Apr 2014 21:06:08 -0700 (PDT)
Subject: [GPSCC-chat] Fw: Can Flash Mobs And Olive Drab Clubs Defeat The NSA?
In-Reply-To: <1396929845.23116.YahooMailNeo@web161905.mail.bf1.yahoo.com>
References: <1396929845.23116.YahooMailNeo@web161905.mail.bf1.yahoo.com>
Message-ID: <1396929968.23132.YahooMailNeo@web161905.mail.bf1.yahoo.com>




----- Forwarded Message -----
From: John Thielking <pagesincolor at yahoo.com>
To: Greens Discussion List <sosfbay-discuss at cagreens.org>; Donna Wallach <palestineis at dslextreme.com> 
Sent: Monday, April 7, 2014 9:04 PM
Subject: Can Flash Mobs And Olive Drab Clubs Defeat The NSA?
 


Can Flash Mobs And Olive Drab Clubs
Defeat The NSA?

By John Thielking
4-7-2014

For the past few days this author has
been brainstorming about how to regain some small pieces of his
privacy in the face of continuing (and progressing) NSA and other
alphabet soup organizations' blanket surveillance. The goal is to
find a way to preserve or at least momentarily regain privacy without
using  methods that require that they be secure from eavesdropping
(such as by not using encryption or much of any electronic hardware
which has been proven to have numerous back doors in both hardware
and software).

Up to this point, this author has been
content to merely take the simple countermeasure of leaving his cell
phone at home and seldom if ever taking it with him when going to any
place in public such as a shopping trip or a political protest. Going
on vacation out of town is the exception to this and the author has
found it necessary to submit to surveillance while on vacation. Most
recently, this prohibition on carrying his cell phone in public has
been extended to include leaving his electronic wristwatch at home
and covering up his VTA bus pass/Clipper Card which has an RFID chip
in it with tin foil and keeping it in his wallet in case the fare
inspector wants to see it while he is riding the light rail. Various
sources have indicated that blanket radio surveillance of a city can
reveal what is being typed on various people's computer monitors and
cell phone signals can carry for up to 20 miles.  So based on that
information, it is likely that radio surveillance can reveal the
locations of various people's electronic wristwatches. All modern
wristwatches have batteries in them powering the watch (even the
quartz ones that look like the old kind that you used to have to keep
wound up to keep them running) so all modern wristwatches can likely
be tracked this way.  It is possible to carry a cell phone in public
and not be tracked, at least not in real time. To do this do the
following: If your cell phone is a smart phone, put it in airplane
mode and then turn it off. If it is a feature phone with no airplane
mode available, turn it off and then take the battery out. Then place
the phone inside of a paper envelope. This prevents the conductive
parts of the phone such as various external metal extrusions that
penetrate the case and the conductive touch screen from contacting
the aluminum foil and defeating the Faraday Cage effect that will be
formed by the aluminum foil in the last step.  Then take a sheet of
tin foil and cover the outside of the envelope that contains the cell
phone. With the cell phone in airplane mode, it will not try too hard
to signal the nearest cell tower nor will it use a lot of energy
trying to connect using WiFi so the rapid battery drain that happens
when covering up a turned off feature phone that still has the
battery installed will not occur, at least not significantly, so the
battery life will be up to a week or more when covered with tin foil.
Note that since most smart phones have at least 1GB of available
memory, it is quite possible/likely that the microphone of the cell
phone is recording sounds (and the times that the sounds were
recorded) for broadcast to the NSA later when you exit airplane mode
to make a call or surf the web or answer e-mail.  To prevent this
from doing anything significant to compromise your privacy, if you
are a girl person, you can place an activated white noise generator
(about the size of a small radio, available from your local anti-spy
equipment web site --- I bought mine about 15 years ago, so sorry but
I forgot exactly where I got it ) put this in your purse next to your
envelope and tin foil encased cell phone.  This way, it will be much
more difficult for the NSA to piece together where you were based on
recorded background noises.

Now for the part that has something to
do with the title of this article.  This author, in talking to one of his relatives who had visited China recently, was inspired by the
relative's story of how the Chinese have been dealing with their own
surveillance state.  It seems that a widespread phenomenon in China
is that everyone tends to dress the same so that they will blend in
to the crowd of people in their surroundings. This author did a bit
of research online to try to find a way to defeat facial recognition
software used by drones and various city-wide security cameras that
are either connected to the Internet directly or that at least have
TV monitors which can have their signals monitored by blanket radio
surveillance. During this research, this author came across various
references to the fact that some people in China and Australia are
now using full face covering black visors in place of sunscreen. It
seems that these full face visors are being marketed as being
superior to sunscreen, since sunscreen only blocks the burning UVB
rays and not the skin wrinkling  UVA rays, while the visors block up
to 99% of both UVA and UVB rays. It could be argued that these visors
are ?medically necessary? and thus they might even be exempt from
laws in various places that seek to ban the wearing of masks at
political protests.  The desireable feature of these visors is that
they may defeat facial recognition software. At least in the case of
a human viewing the catalog pictures showing the models wearing these
visors, the facial features of the models appear to be completely
obscured. It is not clear if software used to enhance images could
penetrate the low contrast ?image? of the models' faces that may
be allowed to show through by the dark plastic of these visors.  This
author was unable to find a mirrored version of one of these visors
for sale that certainly would not be able to be penetrated by image
enhancing software, but he was able to find a picture of a Chinese
person wearing a mirrored version.

Now for the ?plan? of how to defeat
the NSA surveillance using an Olive Drab Club and/or a Flash Mob.

	1. On some Sunday afternoon or other that is convenient, have people come together in a specific open space inside of a shopping mall such as the food court at a specific time. Ask them to all dress the same such as by wearing black pants and blank white shirts. Ask them to wear the UVA/UVB blocking full face visors over their full faces for the duration of the event. Ask them to not carry any electronic devices with them on the final leg of their trip to the location inside the mall. They can leave their cell phones and watches in their cars. Any ID cards or other things with RFID chips in them should be covered with an envelope and a sheet of tin foil if they are to be carried with the person. The use of license plate readers and other tracking methods by the police and NSA while protestors are traveling to the mall or on their way home after the event will not affect the success of this protest.

	1. When the people are all assembled, this will form the first ?Flash Mob?. The goal is to get as big a mob of people all milling around as close together as possible to confuse any tracking software that may be attempting to follow individuals through the images broadcast over the mall security cameras. If the Flash Mob is done inside the mall building during the day, any really high tech drones circling overhead outside will not be able to use their infrared cameras to penetrate the walls of the building as they will be blinded by reflected sunlight. Thus the enhanced software that may be able to track individuals buried inside the Flash Mob should be much harder if not impossible for the NSA to use to tease apart who exactly went where inside the Flash Mob.
	2. While people are buried inside the Flash Mob, they are all handed regular wristwatches that can be used to help keep track of the exact time to be ready to reassemble in the second Flash Mob at the end of the event. It is not important that the individual watches may have their locations tracked during the event. So long as the face shields are kept covering people's faces, the individual watches will not reveal people's individual identities. 
	3. Then for the next 2-3 hours the people go on various shopping trips. They are all careful to always pay with cash and they are encouraged to wear a particular type of backpack to carry the stuff they buy, so again, everyone tends to look the same. They can go anywhere in town to go shopping, not just shop at that one mall. If they are traveling large distances that can not be covered on foot, they should pay cash to use public transportation and not use their own vehicles.   They are encouraged to remove any deactivated RIFD/antishoplifting  tags that may be on the merchandise that they purchased prior to reassembling for the second Flash Mob. It is also recommended that people talk as little as possible or not at all during this part of the event in case security cameras or their loaned watches are recording/transmitting and/or analyzing their voices.
	4. After 2-3 hours of shopping, everyone checks the time on their borrowed watches and reassembles at the appointed time inside the shopping mall. The Flash Mob is repeated with everyone trying to get as close as possible together while dropping off their loaned wristwatches. 
	5. Then people disperse and go back to their homes. They can get to their homes any way that they wish with as little or as much of their faces and identities exposed to surveillance as they desire.  License plate readers, etc won't be able to figure out what stores they went into or what they purchased during the event unless they start talking about their experiences that happened at the event. 

The End.

PS Individuals can attempt to duplicate
the anonymizing effect of the Flash Mob on their own by modifying a
bit what they do while inside of a building out of sight of any drone
IR cameras outside the building during the day or security cameras
inside the building, such as by using a bathroom stall to change
clothes. Start by traveling to the building in question on foot or on
public transportation or if the building allows all day parking for
non-customers you can drive your car there. Be undisguised in regards
to your external appearance. Let any facial recognition software or
license plate readers figure out that it is you going there. You
won't be able to keep the tracking software from following you to and
from your residence anyway, at least during the times after 2015 when
surveillance drones are going to be everywhere over every city. Keep
your face covering visor and a change of shirt concealed inside of a
backpack. Leave all electronic devices at home or in your car. Inside
the building and inside the bathroom stall, change your shirt to a
different color and take out a different colored but similar sized
backpack that was concealed inside the first backpack. Put the first
backpack inside of the second backpack along with the original shirt
you were wearing. Put the visor on over your entire face. Exit the
bathroom stall and exit the building and go shopping on foot or using
public transportation, paying with cash always. While shopping you
can optionally lift the visor enough while indoors to reveal your
face to the cashier and other people who it would be polite to reveal
your face to while communicating with them, but don't lift the visor
high enough for security cameras, usually mounted in the ceilings, to
see your face. To go home, go back into the same building and a
bathroom stall and reverse the process so that you exit the building
wearing the first t-shirt and displaying the first backpack and
concealing the second t-shirt and face covering visor and second
backpack inside the first backpack.  Hopefully you have enough room
in the backpacks for the backpacks and the items that you purchased
at the stores you visited.  Be sure to pay cash and not talk much if
at all while shopping. If you need to travel at night, to remain
anonymous using the above procedure, be sure to go into a crowd
inside of a building such as a disco dance floor that will remain
crowded late into the evening. Do some dancing on the dance floor
while entering and exiting the building and make it look like the
?real you?, identifiable by the drones circling outside the
building, which can see some limited detail using IR cameras and have
limited ability to track individuals inside the building from a
viewpoint outside the building, make it look like you spent the whole
time dancing during your shopping trip.  Good luck and have some fun
and retain your sense of humor while attempting to defeat the NSA
surveillance, at least for a few hours. :>).  If more people adopt
these methods as the surveillance state expands and more people begin
to feel inconvenienced by it, it should get easier and more reliable
to use these methods to temporarily defeat the NSA surveillance.  For
instance, if enough people all dress the same, then it will only be
necessary to hide your visor inside one backpack when going to the
disco building and it won't be necessary to change your shirt or
backpack, just whip out your visor while inside the disco building
out of view of any cameras.  This last stage is when, like the
Chinese, we will all become members of the Olive Drab Club.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140407/536f9b23/attachment.html>

From peacemovies at gmail.com  Mon Apr  7 21:11:03 2014
From: peacemovies at gmail.com (John Thielking)
Date: Mon, 7 Apr 2014 21:11:03 -0700
Subject: [GPSCC-chat] Can Flash Mobs And Olive Drab Clubs Defeat The NSA?
Message-ID: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>

Can Flash Mobs And Olive Drab Clubs Defeat The NSA?


 By John Thielking

4-7-2014


 For the past few days this author has been brainstorming about how to
regain some small pieces of his privacy in the face of continuing (and
progressing) NSA and other alphabet soup organizations' blanket
surveillance. The goal is to find a way to preserve or at least momentarily
regain privacy without using methods that require that they be secure from
eavesdropping (such as by not using encryption or much of any electronic
hardware which has been proven to have numerous back doors in both hardware
and software).


 Up to this point, this author has been content to merely take the simple
countermeasure of leaving his cell phone at home and seldom if ever taking
it with him when going to any place in public such as a shopping trip or a
political protest. Going on vacation out of town is the exception to this
and the author has found it necessary to submit to surveillance while on
vacation. Most recently, this prohibition on carrying his cell phone in
public has been extended to include leaving his electronic wristwatch at
home and covering up his VTA bus pass/Clipper Card which has an RFID chip
in it with tin foil and keeping it in his wallet in case the fare inspector
wants to see it while he is riding the light rail. Various sources have
indicated that blanket radio surveillance of a city can reveal what is
being typed on various people's computer monitors and cell phone signals
can carry for up to 20 miles. So based on that information, it is likely
that radio surveillance can reveal the locations of various people's
electronic wristwatches. All modern wristwatches have batteries in them
powering the watch (even the quartz ones that look like the old kind that
you used to have to keep wound up to keep them running) so all modern
wristwatches can likely be tracked this way. It is possible to carry a cell
phone in public and not be tracked, at least not in real time. To do this
do the following: If your cell phone is a smart phone, put it in airplane
mode and then turn it off. If it is a feature phone with no airplane mode
available, turn it off and then take the battery out. Then place the phone
inside of a paper envelope. This prevents the conductive parts of the phone
such as various external metal extrusions that penetrate the case and the
conductive touch screen from contacting the aluminum foil and defeating the
Faraday Cage effect that will be formed by the aluminum foil in the last
step. Then take a sheet of tin foil and cover the outside of the envelope
that contains the cell phone. With the cell phone in airplane mode, it will
not try too hard to signal the nearest cell tower nor will it use a lot of
energy trying to connect using WiFi so the rapid battery drain that happens
when covering up a turned off feature phone that still has the battery
installed will not occur, at least not significantly, so the battery life
will be up to a week or more when covered with tin foil. Note that since
most smart phones have at least 1GB of available memory, it is quite
possible/likely that the microphone of the cell phone is recording sounds
(and the times that the sounds were recorded) for broadcast to the NSA
later when you exit airplane mode to make a call or surf the web or answer
e-mail. To prevent this from doing anything significant to compromise your
privacy, if you are a girl person, you can place an activated white noise
generator (about the size of a small radio, available from your local
anti-spy equipment web site --- I bought mine about 15 years ago, so sorry
but I forgot exactly where I got it ) put this in your purse next to your
envelope and tin foil encased cell phone. This way, it will be much more
difficult for the NSA to piece together where you were based on recorded
background noises.


 Now for the part that has something to do with the title of this article.
This author, in talking to one of his relatives who had visited China
recently, was inspired by the relative's story of how the Chinese have been
dealing with their own surveillance state. It seems that a widespread
phenomenon in China is that everyone tends to dress the same so that they
will blend in to the crowd of people in their surroundings. This author did
a bit of research online to try to find a way to defeat facial recognition
software used by drones and various city-wide security cameras that are
either connected to the Internet directly or that at least have TV monitors
which can have their signals monitored by blanket radio surveillance.
During this research, this author came across various references to the
fact that some people in China and Australia are now using full face
covering black visors in place of sunscreen. It seems that these full face
visors are being marketed as being superior to sunscreen, since sunscreen
only blocks the burning UVB rays and not the skin wrinkling UVA rays, while
the visors block up to 99% of both UVA and UVB rays. It could be argued
that these visors are "medically necessary" and thus they might even be
exempt from laws in various places that seek to ban the wearing of masks at
political protests. The desireable feature of these visors is that they may
defeat facial recognition software. At least in the case of a human viewing
the catalog pictures showing the models wearing these visors, the facial
features of the models appear to be completely obscured. It is not clear if
software used to enhance images could penetrate the low contrast "image" of
the models' faces that may be allowed to show through by the dark plastic
of these visors. This author was unable to find a mirrored version of one
of these visors for sale that certainly would not be able to be penetrated
by image enhancing software, but he was able to find a picture of a Chinese
person wearing a mirrored version.


 Now for the "plan" of how to defeat the NSA surveillance using an Olive
Drab Club and/or a Flash Mob.



   1.

   On some Sunday afternoon or other that is convenient, have people come
   together in a specific open space inside of a shopping mall such as the
   food court at a specific time. Ask them to all dress the same such as by
   wearing black pants and blank white shirts. Ask them to wear the UVA/UVB
   blocking full face visors over their full faces for the duration of the
   event. Ask them to not carry any electronic devices with them on the final
   leg of their trip to the location inside the mall. They can leave their
   cell phones and watches in their cars. Any ID cards or other things with
   RFID chips in them should be covered with an envelope and a sheet of tin
   foil if they are to be carried with the person. The use of license plate
   readers and other tracking methods by the police and NSA while protestors
   are traveling to the mall or on their way home after the event will not
   affect the success of this protest.



   1.

   When the people are all assembled, this will form the first "Flash Mob".
   The goal is to get as big a mob of people all milling around as close
   together as possible to confuse any tracking software that may be
   attempting to follow individuals through the images broadcast over the mall
   security cameras. If the Flash Mob is done inside the mall building during
   the day, any really high tech drones circling overhead outside will not be
   able to use their infrared cameras to penetrate the walls of the building
   as they will be blinded by reflected sunlight. Thus the enhanced software
   that may be able to track individuals buried inside the Flash Mob should be
   much harder if not impossible for the NSA to use to tease apart who exactly
   went where inside the Flash Mob.
   2.

   While people are buried inside the Flash Mob, they are all handed
   regular wristwatches that can be used to help keep track of the exact time
   to be ready to reassemble in the second Flash Mob at the end of the event.
   It is not important that the individual watches may have their locations
   tracked during the event. So long as the face shields are kept covering
   people's faces, the individual watches will not reveal people's individual
   identities.
   3.

   Then for the next 2-3 hours the people go on various shopping trips.
   They are all careful to always pay with cash and they are encouraged to
   wear a particular type of backpack to carry the stuff they buy, so again,
   everyone tends to look the same. They can go anywhere in town to go
   shopping, not just shop at that one mall. If they are traveling large
   distances that can not be covered on foot, they should pay cash to use
   public transportation and not use their own vehicles. They are encouraged
   to remove any deactivated RIFD/antishoplifting tags that may be on the
   merchandise that they purchased prior to reassembling for the second Flash
   Mob. It is also recommended that people talk as little as possible or not
   at all during this part of the event in case security cameras or their
   loaned watches are recording/transmitting and/or analyzing their voices.
   4.

   After 2-3 hours of shopping, everyone checks the time on their borrowed
   watches and reassembles at the appointed time inside the shopping mall. The
   Flash Mob is repeated with everyone trying to get as close as possible
   together while dropping off their loaned wristwatches.
   5.

   Then people disperse and go back to their homes. They can get to their
   homes any way that they wish with as little or as much of their faces and
   identities exposed to surveillance as they desire. License plate readers,
   etc won't be able to figure out what stores they went into or what they
   purchased during the event unless they start talking about their
   experiences that happened at the event.


 The End.


 PS Individuals can attempt to duplicate the anonymizing effect of the
Flash Mob on their own by modifying a bit what they do while inside of a
building out of sight of any drone IR cameras outside the building during
the day or security cameras inside the building, such as by using a
bathroom stall to change clothes. Start by traveling to the building in
question on foot or on public transportation or if the building allows all
day parking for non-customers you can drive your car there. Be undisguised
in regards to your external appearance. Let any facial recognition software
or license plate readers figure out that it is you going there. You won't
be able to keep the tracking software from following you to and from your
residence anyway, at least during the times after 2015 when surveillance
drones are going to be everywhere over every city. Keep your face covering
visor and a change of shirt concealed inside of a backpack. Leave all
electronic devices at home or in your car. Inside the building and inside
the bathroom stall, change your shirt to a different color and take out a
different colored but similar sized backpack that was concealed inside the
first backpack. Put the first backpack inside of the second backpack along
with the original shirt you were wearing. Put the visor on over your entire
face. Exit the bathroom stall and exit the building and go shopping on foot
or using public transportation, paying with cash always. While shopping you
can optionally lift the visor enough while indoors to reveal your face to
the cashier and other people who it would be polite to reveal your face to
while communicating with them, but don't lift the visor high enough for
security cameras, usually mounted in the ceilings, to see your face. To go
home, go back into the same building and a bathroom stall and reverse the
process so that you exit the building wearing the first t-shirt and
displaying the first backpack and concealing the second t-shirt and face
covering visor and second backpack inside the first backpack. Hopefully you
have enough room in the backpacks for the backpacks and the items that you
purchased at the stores you visited. Be sure to pay cash and not talk much
if at all while shopping. If you need to travel at night, to remain
anonymous using the above procedure, be sure to go into a crowd inside of a
building such as a disco dance floor that will remain crowded late into the
evening. Do some dancing on the dance floor while entering and exiting the
building and make it look like the "real you", identifiable by the drones
circling outside the building, which can see some limited detail using IR
cameras and have limited ability to track individuals inside the building
from a viewpoint outside the building, make it look like you spent the
whole time dancing during your shopping trip. Good luck and have some fun
and retain your sense of humor while attempting to defeat the NSA
surveillance, at least for a few hours. :>). If more people adopt these
methods as the surveillance state expands and more people begin to feel
inconvenienced by it, it should get easier and more reliable to use these
methods to temporarily defeat the NSA surveillance. For instance, if enough
people all dress the same, then it will only be necessary to hide your
visor inside one backpack when going to the disco building and it won't be
necessary to change your shirt or backpack, just whip out your visor while
inside the disco building out of view of any cameras. This last stage is
when, like the Chinese, we will all become members of the Olive Drab Club.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140407/c212a19b/attachment.html>

From spencer.graves at structuremonitoring.com  Mon Apr  7 22:05:46 2014
From: spencer.graves at structuremonitoring.com (Spencer Graves)
Date: Mon, 07 Apr 2014 22:05:46 -0700
Subject: [GPSCC-chat] Can Flash Mobs And Olive Drab Clubs Defeat The NSA?
In-Reply-To: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
Message-ID: <534383AA.6030603@structuremonitoring.com>

       For my thoughts on this, see the blog of the San Jos? Peace & 
Justice Center on "Restrict secrecy more than data collection" 
(http://sanjosepeace.wordpress.com/).


       In brief, I believe the most important reform we can get would be 
to make it practically impossible for the government to oppose democracy 
anywhere in secret.  This won't happen unless the public demands honest 
protection for people who expose information classified in violation of 
such a policy and major penalties for government officials who try to 
punish whistleblowers.


             1.  Doing this will almost certainly increase the US 
national security, defined in terms of the well being of the 99%. This 
follows, because the world is less safe today because of secret 
opposition to democracy at home and abroad by US government officials in 
the past.


             2.  We're not going to be able to keep people from 
collecting data.  There are already massive private databases of the 
times and license plate numbers of all vehicles that drove through a 
point covered by any of thousands, perhaps millions, of surveillance 
cameras.  In Colorado, that technology is used to send you a monthly 
bill for your use of toll roads.  Beyond this, a reporter for Al Jazeera 
recently wrote that a company developing face recognition software got a 
photo of her from a place like Facebook and programmed their door to 
recognize her and open for her.  Soon, private security companies will 
be taking photographs of crowds and matching names to faces of everyone 
attending a public rally.


       I'm currently working on a 60-second video to advertise this 
blog.  For a preliminary version of this, see 
"https://drive.google.com/folderview?id=0B1bTqmKWlWxhQzZZbUpibXBrMk0&usp=sharing"; 
comments welcomed.


       Spencer


On 4/7/2014 9:11 PM, John Thielking wrote:
>
> Can Flash Mobs And Olive Drab Clubs Defeat The NSA?
>
>
> By John Thielking
>
> 4-7-2014
>
>
> For the past few days this author has been brainstorming about how to 
> regain some small pieces of his privacy in the face of continuing (and 
> progressing) NSA and other alphabet soup organizations' blanket 
> surveillance. The goal is to find a way to preserve or at least 
> momentarily regain privacy without using methods that require that 
> they be secure from eavesdropping (such as by not using encryption or 
> much of any electronic hardware which has been proven to have numerous 
> back doors in both hardware and software).
>
>
> Up to this point, this author has been content to merely take the 
> simple countermeasure of leaving his cell phone at home and seldom if 
> ever taking it with him when going to any place in public such as a 
> shopping trip or a political protest. Going on vacation out of town is 
> the exception to this and the author has found it necessary to submit 
> to surveillance while on vacation. Most recently, this prohibition on 
> carrying his cell phone in public has been extended to include leaving 
> his electronic wristwatch at home and covering up his VTA bus 
> pass/Clipper Card which has an RFID chip in it with tin foil and 
> keeping it in his wallet in case the fare inspector wants to see it 
> while he is riding the light rail. Various sources have indicated that 
> blanket radio surveillance of a city can reveal what is being typed on 
> various people's computer monitors and cell phone signals can carry 
> for up to 20 miles. So based on that information, it is likely that 
> radio surveillance can reveal the locations of various people's 
> electronic wristwatches. All modern wristwatches have batteries in 
> them powering the watch (even the quartz ones that look like the old 
> kind that you used to have to keep wound up to keep them running) so 
> all modern wristwatches can likely be tracked this way. It is possible 
> to carry a cell phone in public and not be tracked, at least not in 
> real time. To do this do the following: If your cell phone is a smart 
> phone, put it in airplane mode and then turn it off. If it is a 
> feature phone with no airplane mode available, turn it off and then 
> take the battery out. Then place the phone inside of a paper envelope. 
> This prevents the conductive parts of the phone such as various 
> external metal extrusions that penetrate the case and the conductive 
> touch screen from contacting the aluminum foil and defeating the 
> Faraday Cage effect that will be formed by the aluminum foil in the 
> last step. Then take a sheet of tin foil and cover the outside of the 
> envelope that contains the cell phone. With the cell phone in airplane 
> mode, it will not try too hard to signal the nearest cell tower nor 
> will it use a lot of energy trying to connect using WiFi so the rapid 
> battery drain that happens when covering up a turned off feature phone 
> that still has the battery installed will not occur, at least not 
> significantly, so the battery life will be up to a week or more when 
> covered with tin foil. Note that since most smart phones have at least 
> 1GB of available memory, it is quite possible/likely that the 
> microphone of the cell phone is recording sounds (and the times that 
> the sounds were recorded) for broadcast to the NSA later when you exit 
> airplane mode to make a call or surf the web or answer e-mail. To 
> prevent this from doing anything significant to compromise your 
> privacy, if you are a girl person, you can place an activated white 
> noise generator (about the size of a small radio, available from your 
> local anti-spy equipment web site --- I bought mine about 15 years 
> ago, so sorry but I forgot exactly where I got it ) put this in your 
> purse next to your envelope and tin foil encased cell phone. This way, 
> it will be much more difficult for the NSA to piece together where you 
> were based on recorded background noises.
>
>
> Now for the part that has something to do with the title of this 
> article. This author, in talking to one of his relatives who had 
> visited China recently, was inspired by the relative's story of how 
> the Chinese have been dealing with their own surveillance state. It 
> seems that a widespread phenomenon in China is that everyone tends to 
> dress the same so that they will blend in to the crowd of people in 
> their surroundings. This author did a bit of research online to try to 
> find a way to defeat facial recognition software used by drones and 
> various city-wide security cameras that are either connected to the 
> Internet directly or that at least have TV monitors which can have 
> their signals monitored by blanket radio surveillance. During this 
> research, this author came across various references to the fact that 
> some people in China and Australia are now using full face covering 
> black visors in place of sunscreen. It seems that these full face 
> visors are being marketed as being superior to sunscreen, since 
> sunscreen only blocks the burning UVB rays and not the skin wrinkling 
> UVA rays, while the visors block up to 99% of both UVA and UVB rays. 
> It could be argued that these visors are "medically necessary" and 
> thus they might even be exempt from laws in various places that seek 
> to ban the wearing of masks at political protests. The desireable 
> feature of these visors is that they may defeat facial recognition 
> software. At least in the case of a human viewing the catalog pictures 
> showing the models wearing these visors, the facial features of the 
> models appear to be completely obscured. It is not clear if software 
> used to enhance images could penetrate the low contrast "image" of the 
> models' faces that may be allowed to show through by the dark plastic 
> of these visors. This author was unable to find a mirrored version of 
> one of these visors for sale that certainly would not be able to be 
> penetrated by image enhancing software, but he was able to find a 
> picture of a Chinese person wearing a mirrored version.
>
>
> Now for the "plan" of how to defeat the NSA surveillance using an 
> Olive Drab Club and/or a Flash Mob.
>
>
> 1.
>
>     On some Sunday afternoon or other that is convenient, have people
>     come together in a specific open space inside of a shopping mall
>     such as the food court at a specific time. Ask them to all dress
>     the same such as by wearing black pants and blank white shirts.
>     Ask them to wear the UVA/UVB blocking full face visors over their
>     full faces for the duration of the event. Ask them to not carry
>     any electronic devices with them on the final leg of their trip to
>     the location inside the mall. They can leave their cell phones and
>     watches in their cars. Any ID cards or other things with RFID
>     chips in them should be covered with an envelope and a sheet of
>     tin foil if they are to be carried with the person. The use of
>     license plate readers and other tracking methods by the police and
>     NSA while protestors are traveling to the mall or on their way
>     home after the event will not affect the success of this protest.
>
>
> 2.
>
>     When the people are all assembled, this will form the first "Flash
>     Mob". The goal is to get as big a mob of people all milling around
>     as close together as possible to confuse any tracking software
>     that may be attempting to follow individuals through the images
>     broadcast over the mall security cameras. If the Flash Mob is done
>     inside the mall building during the day, any really high tech
>     drones circling overhead outside will not be able to use their
>     infrared cameras to penetrate the walls of the building as they
>     will be blinded by reflected sunlight. Thus the enhanced software
>     that may be able to track individuals buried inside the Flash Mob
>     should be much harder if not impossible for the NSA to use to
>     tease apart who exactly went where inside the Flash Mob.
>
> 3.
>
>     While people are buried inside the Flash Mob, they are all handed
>     regular wristwatches that can be used to help keep track of the
>     exact time to be ready to reassemble in the second Flash Mob at
>     the end of the event. It is not important that the individual
>     watches may have their locations tracked during the event. So long
>     as the face shields are kept covering people's faces, the
>     individual watches will not reveal people's individual identities.
>
> 4.
>
>     Then for the next 2-3 hours the people go on various shopping
>     trips. They are all careful to always pay with cash and they are
>     encouraged to wear a particular type of backpack to carry the
>     stuff they buy, so again, everyone tends to look the same. They
>     can go anywhere in town to go shopping, not just shop at that one
>     mall. If they are traveling large distances that can not be
>     covered on foot, they should pay cash to use public transportation
>     and not use their own vehicles. They are encouraged to remove any
>     deactivated RIFD/antishoplifting tags that may be on the
>     merchandise that they purchased prior to reassembling for the
>     second Flash Mob. It is also recommended that people talk as
>     little as possible or not at all during this part of the event in
>     case security cameras or their loaned watches are
>     recording/transmitting and/or analyzing their voices.
>
> 5.
>
>     After 2-3 hours of shopping, everyone checks the time on their
>     borrowed watches and reassembles at the appointed time inside the
>     shopping mall. The Flash Mob is repeated with everyone trying to
>     get as close as possible together while dropping off their loaned
>     wristwatches.
>
> 6.
>
>     Then people disperse and go back to their homes. They can get to
>     their homes any way that they wish with as little or as much of
>     their faces and identities exposed to surveillance as they desire.
>     License plate readers, etc won't be able to figure out what stores
>     they went into or what they purchased during the event unless they
>     start talking about their experiences that happened at the event.
>
>
> The End.
>
>
> PS Individuals can attempt to duplicate the anonymizing effect of the 
> Flash Mob on their own by modifying a bit what they do while inside of 
> a building out of sight of any drone IR cameras outside the building 
> during the day or security cameras inside the building, such as by 
> using a bathroom stall to change clothes. Start by traveling to the 
> building in question on foot or on public transportation or if the 
> building allows all day parking for non-customers you can drive your 
> car there. Be undisguised in regards to your external appearance. Let 
> any facial recognition software or license plate readers figure out 
> that it is you going there. You won't be able to keep the tracking 
> software from following you to and from your residence anyway, at 
> least during the times after 2015 when surveillance drones are going 
> to be everywhere over every city. Keep your face covering visor and a 
> change of shirt concealed inside of a backpack. Leave all electronic 
> devices at home or in your car. Inside the building and inside the 
> bathroom stall, change your shirt to a different color and take out a 
> different colored but similar sized backpack that was concealed inside 
> the first backpack. Put the first backpack inside of the second 
> backpack along with the original shirt you were wearing. Put the visor 
> on over your entire face. Exit the bathroom stall and exit the 
> building and go shopping on foot or using public transportation, 
> paying with cash always. While shopping you can optionally lift the 
> visor enough while indoors to reveal your face to the cashier and 
> other people who it would be polite to reveal your face to while 
> communicating with them, but don't lift the visor high enough for 
> security cameras, usually mounted in the ceilings, to see your face. 
> To go home, go back into the same building and a bathroom stall and 
> reverse the process so that you exit the building wearing the first 
> t-shirt and displaying the first backpack and concealing the second 
> t-shirt and face covering visor and second backpack inside the first 
> backpack. Hopefully you have enough room in the backpacks for the 
> backpacks and the items that you purchased at the stores you visited. 
> Be sure to pay cash and not talk much if at all while shopping. If you 
> need to travel at night, to remain anonymous using the above 
> procedure, be sure to go into a crowd inside of a building such as a 
> disco dance floor that will remain crowded late into the evening. Do 
> some dancing on the dance floor while entering and exiting the 
> building and make it look like the "real you", identifiable by the 
> drones circling outside the building, which can see some limited 
> detail using IR cameras and have limited ability to track individuals 
> inside the building from a viewpoint outside the building, make it 
> look like you spent the whole time dancing during your shopping trip. 
> Good luck and have some fun and retain your sense of humor while 
> attempting to defeat the NSA surveillance, at least for a few hours. 
> :>). If more people adopt these methods as the surveillance state 
> expands and more people begin to feel inconvenienced by it, it should 
> get easier and more reliable to use these methods to temporarily 
> defeat the NSA surveillance. For instance, if enough people all dress 
> the same, then it will only be necessary to hide your visor inside one 
> backpack when going to the disco building and it won't be necessary to 
> change your shirt or backpack, just whip out your visor while inside 
> the disco building out of view of any cameras. This last stage is 
> when, like the Chinese, we will all become members of the Olive Drab Club.
>
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss


-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140407/826e6cb5/attachment.html>

From peacemovies at gmail.com  Mon Apr  7 23:31:44 2014
From: peacemovies at gmail.com (John Thielking)
Date: Mon, 7 Apr 2014 23:31:44 -0700
Subject: [GPSCC-chat] Can Flash Mobs And Olive Drab Clubs Defeat The NSA?
In-Reply-To: <534383AA.6030603@structuremonitoring.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<534383AA.6030603@structuremonitoring.com>
Message-ID: <CAMxmhMeoNe_aGqOPmPWJmqGBzXLOWMtEBG2kY=1RDuL14_rPUQ@mail.gmail.com>

Spencer,

I hope you read my entire piece, though it was a bit long. I read your
entire piece on the Peace Center Blog. I do care how much data is collected
on me and I make it as hard as practical for the people doing the
collecting to do their jobs. I don't use a VPN to anonymize my web surfing
as I'm sure there is probably a back door to that program that is being
used by any data collector worth their salt. The Torr system itself was
developed by the US govt, so I need not explain any more about that.  But
if there is a way that uses basic physics such as aluminum foil blocking
all signals to and from a cell phone or RFID chip I will certainly use that
idea to its best advantage. To the best of my knowledge, God did not design
a "back door" that lets the US govt send or receive electromagnetic signals
from the interior of a Faraday Cage! Similarly, God did not design a "back
door" that lets the US govt see through the reflection of a one way mirror
while not illuminating the back side.  It is these types of very basic
techniques that I am referring to in my piece. Like I said in my piece, all
that matters is that people are able to make an anonymous shopping trip
between the first Flash Mob and the second one, or between the time they
exit the disco building the first time and the time they enter it the
second time. The license plate readers, drone cameras and the cell tower
trackers can data collect on me all they want at other times and they will
never figure out where it was that I went shopping in between those two
points in time that I mentioned, if I'm doing the procedure correctly. And
the procedure doesn't have to be done perfectly every time for it to work
most of the time if there are enough people doing it with me. If my
disguise is penetrated one day, it likely will not be penetrated the next
day, assuming there are many others using the exact same disguise. This
failure tolerant method is superior to encryption, which works only until
it is penetrated the first time. And of course at the beginning it is
necessary that it not be too obvious that I'm the only guy in CA or Oregon
with a full UVA/UVB face shield, especially one worn at night time. I have
until 2015 to fix that, before the drones overhead can follow me all the
way home while I'm looking conspicuous even if I am "anonymous", Hah!  That
point I hope to change by pointing out the cultural shifts regarding
surveillance that happened or are happening in China and how we can
occasionally and temporarily defeat the data collection process if we all
work together.  Of course, I'll bet that the Chinese are also in love with
their new fangled cell phones and are quite content to be tracked all over
the place even while they try not to be noticed by the security people who
are tailing them by continuing to wear Olive Drab. Just because they are
content doesn't mean that I am.
 Thanks.

Sincerely,

John Thielking


On Mon, Apr 7, 2014 at 10:05 PM, Spencer Graves <
spencer.graves at structuremonitoring.com> wrote:

>        For my thoughts on this, see the blog of the San Jos? Peace &
> Justice Center on "Restrict secrecy more than data collection" (
> http://sanjosepeace.wordpress.com/).
>
>
>       In brief, I believe the most important reform we can get would be to
> make it practically impossible for the government to oppose democracy
> anywhere in secret.  This won't happen unless the public demands honest
> protection for people who expose information classified in violation of
> such a policy and major penalties for government officials who try to
> punish whistleblowers.
>
>
>             1.  Doing this will almost certainly increase the US national
> security, defined in terms of the well being of the 99%.  This follows,
> because the world is less safe today because of secret opposition to
> democracy at home and abroad by US government officials in the past.
>
>
>             2.  We're not going to be able to keep people from collecting
> data.  There are already massive private databases of the times and license
> plate numbers of all vehicles that drove through a point covered by any of
> thousands, perhaps millions, of surveillance cameras.  In Colorado, that
> technology is used to send you a monthly bill for your use of toll roads.
> Beyond this, a reporter for Al Jazeera recently wrote that a company
> developing face recognition software got a photo of her from a place like
> Facebook and programmed their door to recognize her and open for her.
> Soon, private security companies will be taking photographs of crowds and
> matching names to faces of everyone attending a public rally.
>
>
>       I'm currently working on a 60-second video to advertise this blog.
> For a preliminary version of this, see
> "https://drive.google.com/folderview?id=0B1bTqmKWlWxhQzZZbUpibXBrMk0&usp=sharing"<https://drive.google.com/folderview?id=0B1bTqmKWlWxhQzZZbUpibXBrMk0&usp=sharing>;
> comments welcomed.
>
>
>       Spencer
>
>
> On 4/7/2014 9:11 PM, John Thielking wrote:
>
>  Can Flash Mobs And Olive Drab Clubs Defeat The NSA?
>
>
>  By John Thielking
>
> 4-7-2014
>
>
>  For the past few days this author has been brainstorming about how to
> regain some small pieces of his privacy in the face of continuing (and
> progressing) NSA and other alphabet soup organizations' blanket
> surveillance. The goal is to find a way to preserve or at least momentarily
> regain privacy without using methods that require that they be secure from
> eavesdropping (such as by not using encryption or much of any electronic
> hardware which has been proven to have numerous back doors in both hardware
> and software).
>
>
>  Up to this point, this author has been content to merely take the simple
> countermeasure of leaving his cell phone at home and seldom if ever taking
> it with him when going to any place in public such as a shopping trip or a
> political protest. Going on vacation out of town is the exception to this
> and the author has found it necessary to submit to surveillance while on
> vacation. Most recently, this prohibition on carrying his cell phone in
> public has been extended to include leaving his electronic wristwatch at
> home and covering up his VTA bus pass/Clipper Card which has an RFID chip
> in it with tin foil and keeping it in his wallet in case the fare inspector
> wants to see it while he is riding the light rail. Various sources have
> indicated that blanket radio surveillance of a city can reveal what is
> being typed on various people's computer monitors and cell phone signals
> can carry for up to 20 miles. So based on that information, it is likely
> that radio surveillance can reveal the locations of various people's
> electronic wristwatches. All modern wristwatches have batteries in them
> powering the watch (even the quartz ones that look like the old kind that
> you used to have to keep wound up to keep them running) so all modern
> wristwatches can likely be tracked this way. It is possible to carry a cell
> phone in public and not be tracked, at least not in real time. To do this
> do the following: If your cell phone is a smart phone, put it in airplane
> mode and then turn it off. If it is a feature phone with no airplane mode
> available, turn it off and then take the battery out. Then place the phone
> inside of a paper envelope. This prevents the conductive parts of the phone
> such as various external metal extrusions that penetrate the case and the
> conductive touch screen from contacting the aluminum foil and defeating the
> Faraday Cage effect that will be formed by the aluminum foil in the last
> step. Then take a sheet of tin foil and cover the outside of the envelope
> that contains the cell phone. With the cell phone in airplane mode, it will
> not try too hard to signal the nearest cell tower nor will it use a lot of
> energy trying to connect using WiFi so the rapid battery drain that happens
> when covering up a turned off feature phone that still has the battery
> installed will not occur, at least not significantly, so the battery life
> will be up to a week or more when covered with tin foil. Note that since
> most smart phones have at least 1GB of available memory, it is quite
> possible/likely that the microphone of the cell phone is recording sounds
> (and the times that the sounds were recorded) for broadcast to the NSA
> later when you exit airplane mode to make a call or surf the web or answer
> e-mail. To prevent this from doing anything significant to compromise your
> privacy, if you are a girl person, you can place an activated white noise
> generator (about the size of a small radio, available from your local
> anti-spy equipment web site --- I bought mine about 15 years ago, so sorry
> but I forgot exactly where I got it ) put this in your purse next to your
> envelope and tin foil encased cell phone. This way, it will be much more
> difficult for the NSA to piece together where you were based on recorded
> background noises.
>
>
>  Now for the part that has something to do with the title of this
> article. This author, in talking to one of his relatives who had visited
> China recently, was inspired by the relative's story of how the Chinese
> have been dealing with their own surveillance state. It seems that a
> widespread phenomenon in China is that everyone tends to dress the same so
> that they will blend in to the crowd of people in their surroundings. This
> author did a bit of research online to try to find a way to defeat facial
> recognition software used by drones and various city-wide security cameras
> that are either connected to the Internet directly or that at least have TV
> monitors which can have their signals monitored by blanket radio
> surveillance. During this research, this author came across various
> references to the fact that some people in China and Australia are now
> using full face covering black visors in place of sunscreen. It seems that
> these full face visors are being marketed as being superior to sunscreen,
> since sunscreen only blocks the burning UVB rays and not the skin wrinkling
> UVA rays, while the visors block up to 99% of both UVA and UVB rays. It
> could be argued that these visors are "medically necessary" and thus they
> might even be exempt from laws in various places that seek to ban the
> wearing of masks at political protests. The desireable feature of these
> visors is that they may defeat facial recognition software. At least in the
> case of a human viewing the catalog pictures showing the models wearing
> these visors, the facial features of the models appear to be completely
> obscured. It is not clear if software used to enhance images could
> penetrate the low contrast "image" of the models' faces that may be allowed
> to show through by the dark plastic of these visors. This author was unable
> to find a mirrored version of one of these visors for sale that certainly
> would not be able to be penetrated by image enhancing software, but he was
> able to find a picture of a Chinese person wearing a mirrored version.
>
>
>  Now for the "plan" of how to defeat the NSA surveillance using an Olive
> Drab Club and/or a Flash Mob.
>
>
>
>    1.
>
>    On some Sunday afternoon or other that is convenient, have people come
>    together in a specific open space inside of a shopping mall such as the
>    food court at a specific time. Ask them to all dress the same such as by
>    wearing black pants and blank white shirts. Ask them to wear the UVA/UVB
>    blocking full face visors over their full faces for the duration of the
>    event. Ask them to not carry any electronic devices with them on the final
>    leg of their trip to the location inside the mall. They can leave their
>    cell phones and watches in their cars. Any ID cards or other things with
>    RFID chips in them should be covered with an envelope and a sheet of tin
>    foil if they are to be carried with the person. The use of license plate
>    readers and other tracking methods by the police and NSA while protestors
>    are traveling to the mall or on their way home after the event will not
>    affect the success of this protest.
>
>
>
>    1.
>
>    When the people are all assembled, this will form the first "Flash
>    Mob". The goal is to get as big a mob of people all milling around as close
>    together as possible to confuse any tracking software that may be
>    attempting to follow individuals through the images broadcast over the mall
>    security cameras. If the Flash Mob is done inside the mall building during
>    the day, any really high tech drones circling overhead outside will not be
>    able to use their infrared cameras to penetrate the walls of the building
>    as they will be blinded by reflected sunlight. Thus the enhanced software
>    that may be able to track individuals buried inside the Flash Mob should be
>    much harder if not impossible for the NSA to use to tease apart who exactly
>    went where inside the Flash Mob.
>     2.
>
>    While people are buried inside the Flash Mob, they are all handed
>    regular wristwatches that can be used to help keep track of the exact time
>    to be ready to reassemble in the second Flash Mob at the end of the event.
>    It is not important that the individual watches may have their locations
>    tracked during the event. So long as the face shields are kept covering
>    people's faces, the individual watches will not reveal people's individual
>    identities.
>     3.
>
>    Then for the next 2-3 hours the people go on various shopping trips.
>    They are all careful to always pay with cash and they are encouraged to
>    wear a particular type of backpack to carry the stuff they buy, so again,
>    everyone tends to look the same. They can go anywhere in town to go
>    shopping, not just shop at that one mall. If they are traveling large
>    distances that can not be covered on foot, they should pay cash to use
>    public transportation and not use their own vehicles. They are encouraged
>    to remove any deactivated RIFD/antishoplifting tags that may be on the
>    merchandise that they purchased prior to reassembling for the second Flash
>    Mob. It is also recommended that people talk as little as possible or not
>    at all during this part of the event in case security cameras or their
>    loaned watches are recording/transmitting and/or analyzing their voices.
>     4.
>
>    After 2-3 hours of shopping, everyone checks the time on their
>    borrowed watches and reassembles at the appointed time inside the shopping
>    mall. The Flash Mob is repeated with everyone trying to get as close as
>    possible together while dropping off their loaned wristwatches.
>     5.
>
>    Then people disperse and go back to their homes. They can get to their
>    homes any way that they wish with as little or as much of their faces and
>    identities exposed to surveillance as they desire. License plate readers,
>    etc won't be able to figure out what stores they went into or what they
>    purchased during the event unless they start talking about their
>    experiences that happened at the event.
>
>
>  The End.
>
>
>  PS Individuals can attempt to duplicate the anonymizing effect of the
> Flash Mob on their own by modifying a bit what they do while inside of a
> building out of sight of any drone IR cameras outside the building during
> the day or security cameras inside the building, such as by using a
> bathroom stall to change clothes. Start by traveling to the building in
> question on foot or on public transportation or if the building allows all
> day parking for non-customers you can drive your car there. Be undisguised
> in regards to your external appearance. Let any facial recognition software
> or license plate readers figure out that it is you going there. You won't
> be able to keep the tracking software from following you to and from your
> residence anyway, at least during the times after 2015 when surveillance
> drones are going to be everywhere over every city. Keep your face covering
> visor and a change of shirt concealed inside of a backpack. Leave all
> electronic devices at home or in your car. Inside the building and inside
> the bathroom stall, change your shirt to a different color and take out a
> different colored but similar sized backpack that was concealed inside the
> first backpack. Put the first backpack inside of the second backpack along
> with the original shirt you were wearing. Put the visor on over your entire
> face. Exit the bathroom stall and exit the building and go shopping on foot
> or using public transportation, paying with cash always. While shopping you
> can optionally lift the visor enough while indoors to reveal your face to
> the cashier and other people who it would be polite to reveal your face to
> while communicating with them, but don't lift the visor high enough for
> security cameras, usually mounted in the ceilings, to see your face. To go
> home, go back into the same building and a bathroom stall and reverse the
> process so that you exit the building wearing the first t-shirt and
> displaying the first backpack and concealing the second t-shirt and face
> covering visor and second backpack inside the first backpack. Hopefully you
> have enough room in the backpacks for the backpacks and the items that you
> purchased at the stores you visited. Be sure to pay cash and not talk much
> if at all while shopping. If you need to travel at night, to remain
> anonymous using the above procedure, be sure to go into a crowd inside of a
> building such as a disco dance floor that will remain crowded late into the
> evening. Do some dancing on the dance floor while entering and exiting the
> building and make it look like the "real you", identifiable by the drones
> circling outside the building, which can see some limited detail using IR
> cameras and have limited ability to track individuals inside the building
> from a viewpoint outside the building, make it look like you spent the
> whole time dancing during your shopping trip. Good luck and have some fun
> and retain your sense of humor while attempting to defeat the NSA
> surveillance, at least for a few hours. :>). If more people adopt these
> methods as the surveillance state expands and more people begin to feel
> inconvenienced by it, it should get easier and more reliable to use these
> methods to temporarily defeat the NSA surveillance. For instance, if enough
> people all dress the same, then it will only be necessary to hide your
> visor inside one backpack when going to the disco building and it won't be
> necessary to change your shirt or backpack, just whip out your visor while
> inside the disco building out of view of any cameras. This last stage is
> when, like the Chinese, we will all become members of the Olive Drab Club.
>
>
> _______________________________________________
> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
>
>
> --
> Spencer Graves, PE, PhD
> President and Chief Technology Officer
> Structure Inspection and Monitoring, Inc.
> 751 Emerson Ct.
> San Jos?, CA 95126
> ph:  408-655-4567
> web:  www.structuremonitoring.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140407/a975ea9b/attachment.html>

From peacemovies at gmail.com  Tue Apr  8 07:15:43 2014
From: peacemovies at gmail.com (John Thielking)
Date: Tue, 8 Apr 2014 07:15:43 -0700
Subject: [GPSCC-chat] Can Flash Mobs And Olive Drab Clubs Defeat The NSA?
In-Reply-To: <CAMxmhMeoNe_aGqOPmPWJmqGBzXLOWMtEBG2kY=1RDuL14_rPUQ@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<534383AA.6030603@structuremonitoring.com>
	<CAMxmhMeoNe_aGqOPmPWJmqGBzXLOWMtEBG2kY=1RDuL14_rPUQ@mail.gmail.com>
Message-ID: <CAMxmhMcYu7p4-LG3hGx5ajmxkMSzROVnCFBEg07JbzjSZ0fYKw@mail.gmail.com>

Actually, now that I think about this some more, the UVA/UVB face shield is
often illuminated from the backside --- in the Infrared spectrum.  So maybe
that particular piece of hardware won't work so well in disguising people's
faces when they are confronted with IR cameras. It still might be effective
against IR cameras most of the time during daylight hours when there is
lots of reflected sunlight around to confuse the situation, and as long as
indoor security systems are not yet equipped with IR cameras, but not so
well at night. Fortunately there is a company that makes IR shielding
hoodies and body suits. These are much more expensive than the visors ($35
vs $300+) so it is not clear how the masses will be able to adopt using
those. Maybe someone can come up with an IR resistant film (and one way
optical mirror?) to put on the inside of the visors. That would keep the
cost factor within reason and also allow polite society to continue to
function inside of buildings where the face shield can be partly lifted to
reveal your face to someone you have to communicate with while not
revealing your face to the overhead security cameras.

John Thielking


On Mon, Apr 7, 2014 at 11:31 PM, John Thielking <peacemovies at gmail.com>wrote:

> Spencer,
>
> I hope you read my entire piece, though it was a bit long. I read your
> entire piece on the Peace Center Blog. I do care how much data is collected
> on me and I make it as hard as practical for the people doing the
> collecting to do their jobs. I don't use a VPN to anonymize my web surfing
> as I'm sure there is probably a back door to that program that is being
> used by any data collector worth their salt. The Torr system itself was
> developed by the US govt, so I need not explain any more about that.  But
> if there is a way that uses basic physics such as aluminum foil blocking
> all signals to and from a cell phone or RFID chip I will certainly use that
> idea to its best advantage. To the best of my knowledge, God did not design
> a "back door" that lets the US govt send or receive electromagnetic signals
> from the interior of a Faraday Cage! Similarly, God did not design a "back
> door" that lets the US govt see through the reflection of a one way mirror
> while not illuminating the back side.  It is these types of very basic
> techniques that I am referring to in my piece. Like I said in my piece, all
> that matters is that people are able to make an anonymous shopping trip
> between the first Flash Mob and the second one, or between the time they
> exit the disco building the first time and the time they enter it the
> second time. The license plate readers, drone cameras and the cell tower
> trackers can data collect on me all they want at other times and they will
> never figure out where it was that I went shopping in between those two
> points in time that I mentioned, if I'm doing the procedure correctly. And
> the procedure doesn't have to be done perfectly every time for it to work
> most of the time if there are enough people doing it with me. If my
> disguise is penetrated one day, it likely will not be penetrated the next
> day, assuming there are many others using the exact same disguise. This
> failure tolerant method is superior to encryption, which works only until
> it is penetrated the first time. And of course at the beginning it is
> necessary that it not be too obvious that I'm the only guy in CA or Oregon
> with a full UVA/UVB face shield, especially one worn at night time. I have
> until 2015 to fix that, before the drones overhead can follow me all the
> way home while I'm looking conspicuous even if I am "anonymous", Hah!  That
> point I hope to change by pointing out the cultural shifts regarding
> surveillance that happened or are happening in China and how we can
> occasionally and temporarily defeat the data collection process if we all
> work together.  Of course, I'll bet that the Chinese are also in love with
> their new fangled cell phones and are quite content to be tracked all over
> the place even while they try not to be noticed by the security people who
> are tailing them by continuing to wear Olive Drab. Just because they are
> content doesn't mean that I am.
>  Thanks.
>
> Sincerely,
>
> John Thielking
>
>
> On Mon, Apr 7, 2014 at 10:05 PM, Spencer Graves <
> spencer.graves at structuremonitoring.com> wrote:
>
>>        For my thoughts on this, see the blog of the San Jos? Peace &
>> Justice Center on "Restrict secrecy more than data collection" (
>> http://sanjosepeace.wordpress.com/).
>>
>>
>>       In brief, I believe the most important reform we can get would be
>> to make it practically impossible for the government to oppose democracy
>> anywhere in secret.  This won't happen unless the public demands honest
>> protection for people who expose information classified in violation of
>> such a policy and major penalties for government officials who try to
>> punish whistleblowers.
>>
>>
>>             1.  Doing this will almost certainly increase the US national
>> security, defined in terms of the well being of the 99%.  This follows,
>> because the world is less safe today because of secret opposition to
>> democracy at home and abroad by US government officials in the past.
>>
>>
>>             2.  We're not going to be able to keep people from collecting
>> data.  There are already massive private databases of the times and license
>> plate numbers of all vehicles that drove through a point covered by any of
>> thousands, perhaps millions, of surveillance cameras.  In Colorado, that
>> technology is used to send you a monthly bill for your use of toll roads.
>> Beyond this, a reporter for Al Jazeera recently wrote that a company
>> developing face recognition software got a photo of her from a place like
>> Facebook and programmed their door to recognize her and open for her.
>> Soon, private security companies will be taking photographs of crowds and
>> matching names to faces of everyone attending a public rally.
>>
>>
>>       I'm currently working on a 60-second video to advertise this blog.
>> For a preliminary version of this, see
>> "https://drive.google.com/folderview?id=0B1bTqmKWlWxhQzZZbUpibXBrMk0&usp=sharing"<https://drive.google.com/folderview?id=0B1bTqmKWlWxhQzZZbUpibXBrMk0&usp=sharing>;
>> comments welcomed.
>>
>>
>>       Spencer
>>
>>
>> On 4/7/2014 9:11 PM, John Thielking wrote:
>>
>>  Can Flash Mobs And Olive Drab Clubs Defeat The NSA?
>>
>>
>>  By John Thielking
>>
>> 4-7-2014
>>
>>
>>  For the past few days this author has been brainstorming about how to
>> regain some small pieces of his privacy in the face of continuing (and
>> progressing) NSA and other alphabet soup organizations' blanket
>> surveillance. The goal is to find a way to preserve or at least momentarily
>> regain privacy without using methods that require that they be secure from
>> eavesdropping (such as by not using encryption or much of any electronic
>> hardware which has been proven to have numerous back doors in both hardware
>> and software).
>>
>>
>>  Up to this point, this author has been content to merely take the
>> simple countermeasure of leaving his cell phone at home and seldom if ever
>> taking it with him when going to any place in public such as a shopping
>> trip or a political protest. Going on vacation out of town is the exception
>> to this and the author has found it necessary to submit to surveillance
>> while on vacation. Most recently, this prohibition on carrying his cell
>> phone in public has been extended to include leaving his electronic
>> wristwatch at home and covering up his VTA bus pass/Clipper Card which has
>> an RFID chip in it with tin foil and keeping it in his wallet in case the
>> fare inspector wants to see it while he is riding the light rail. Various
>> sources have indicated that blanket radio surveillance of a city can reveal
>> what is being typed on various people's computer monitors and cell phone
>> signals can carry for up to 20 miles. So based on that information, it is
>> likely that radio surveillance can reveal the locations of various people's
>> electronic wristwatches. All modern wristwatches have batteries in them
>> powering the watch (even the quartz ones that look like the old kind that
>> you used to have to keep wound up to keep them running) so all modern
>> wristwatches can likely be tracked this way. It is possible to carry a cell
>> phone in public and not be tracked, at least not in real time. To do this
>> do the following: If your cell phone is a smart phone, put it in airplane
>> mode and then turn it off. If it is a feature phone with no airplane mode
>> available, turn it off and then take the battery out. Then place the phone
>> inside of a paper envelope. This prevents the conductive parts of the phone
>> such as various external metal extrusions that penetrate the case and the
>> conductive touch screen from contacting the aluminum foil and defeating the
>> Faraday Cage effect that will be formed by the aluminum foil in the last
>> step. Then take a sheet of tin foil and cover the outside of the envelope
>> that contains the cell phone. With the cell phone in airplane mode, it will
>> not try too hard to signal the nearest cell tower nor will it use a lot of
>> energy trying to connect using WiFi so the rapid battery drain that happens
>> when covering up a turned off feature phone that still has the battery
>> installed will not occur, at least not significantly, so the battery life
>> will be up to a week or more when covered with tin foil. Note that since
>> most smart phones have at least 1GB of available memory, it is quite
>> possible/likely that the microphone of the cell phone is recording sounds
>> (and the times that the sounds were recorded) for broadcast to the NSA
>> later when you exit airplane mode to make a call or surf the web or answer
>> e-mail. To prevent this from doing anything significant to compromise your
>> privacy, if you are a girl person, you can place an activated white noise
>> generator (about the size of a small radio, available from your local
>> anti-spy equipment web site --- I bought mine about 15 years ago, so sorry
>> but I forgot exactly where I got it ) put this in your purse next to your
>> envelope and tin foil encased cell phone. This way, it will be much more
>> difficult for the NSA to piece together where you were based on recorded
>> background noises.
>>
>>
>>  Now for the part that has something to do with the title of this
>> article. This author, in talking to one of his relatives who had visited
>> China recently, was inspired by the relative's story of how the Chinese
>> have been dealing with their own surveillance state. It seems that a
>> widespread phenomenon in China is that everyone tends to dress the same so
>> that they will blend in to the crowd of people in their surroundings. This
>> author did a bit of research online to try to find a way to defeat facial
>> recognition software used by drones and various city-wide security cameras
>> that are either connected to the Internet directly or that at least have TV
>> monitors which can have their signals monitored by blanket radio
>> surveillance. During this research, this author came across various
>> references to the fact that some people in China and Australia are now
>> using full face covering black visors in place of sunscreen. It seems that
>> these full face visors are being marketed as being superior to sunscreen,
>> since sunscreen only blocks the burning UVB rays and not the skin wrinkling
>> UVA rays, while the visors block up to 99% of both UVA and UVB rays. It
>> could be argued that these visors are "medically necessary" and thus they
>> might even be exempt from laws in various places that seek to ban the
>> wearing of masks at political protests. The desireable feature of these
>> visors is that they may defeat facial recognition software. At least in the
>> case of a human viewing the catalog pictures showing the models wearing
>> these visors, the facial features of the models appear to be completely
>> obscured. It is not clear if software used to enhance images could
>> penetrate the low contrast "image" of the models' faces that may be allowed
>> to show through by the dark plastic of these visors. This author was unable
>> to find a mirrored version of one of these visors for sale that certainly
>> would not be able to be penetrated by image enhancing software, but he was
>> able to find a picture of a Chinese person wearing a mirrored version.
>>
>>
>>  Now for the "plan" of how to defeat the NSA surveillance using an Olive
>> Drab Club and/or a Flash Mob.
>>
>>
>>
>>    1.
>>
>>    On some Sunday afternoon or other that is convenient, have people
>>    come together in a specific open space inside of a shopping mall such as
>>    the food court at a specific time. Ask them to all dress the same such as
>>    by wearing black pants and blank white shirts. Ask them to wear the UVA/UVB
>>    blocking full face visors over their full faces for the duration of the
>>    event. Ask them to not carry any electronic devices with them on the final
>>    leg of their trip to the location inside the mall. They can leave their
>>    cell phones and watches in their cars. Any ID cards or other things with
>>    RFID chips in them should be covered with an envelope and a sheet of tin
>>    foil if they are to be carried with the person. The use of license plate
>>    readers and other tracking methods by the police and NSA while protestors
>>    are traveling to the mall or on their way home after the event will not
>>    affect the success of this protest.
>>
>>
>>
>>    1.
>>
>>    When the people are all assembled, this will form the first "Flash
>>    Mob". The goal is to get as big a mob of people all milling around as close
>>    together as possible to confuse any tracking software that may be
>>    attempting to follow individuals through the images broadcast over the mall
>>    security cameras. If the Flash Mob is done inside the mall building during
>>    the day, any really high tech drones circling overhead outside will not be
>>    able to use their infrared cameras to penetrate the walls of the building
>>    as they will be blinded by reflected sunlight. Thus the enhanced software
>>    that may be able to track individuals buried inside the Flash Mob should be
>>    much harder if not impossible for the NSA to use to tease apart who exactly
>>    went where inside the Flash Mob.
>>     2.
>>
>>    While people are buried inside the Flash Mob, they are all handed
>>    regular wristwatches that can be used to help keep track of the exact time
>>    to be ready to reassemble in the second Flash Mob at the end of the event.
>>    It is not important that the individual watches may have their locations
>>    tracked during the event. So long as the face shields are kept covering
>>    people's faces, the individual watches will not reveal people's individual
>>    identities.
>>     3.
>>
>>    Then for the next 2-3 hours the people go on various shopping trips.
>>    They are all careful to always pay with cash and they are encouraged to
>>    wear a particular type of backpack to carry the stuff they buy, so again,
>>    everyone tends to look the same. They can go anywhere in town to go
>>    shopping, not just shop at that one mall. If they are traveling large
>>    distances that can not be covered on foot, they should pay cash to use
>>    public transportation and not use their own vehicles. They are encouraged
>>    to remove any deactivated RIFD/antishoplifting tags that may be on the
>>    merchandise that they purchased prior to reassembling for the second Flash
>>    Mob. It is also recommended that people talk as little as possible or not
>>    at all during this part of the event in case security cameras or their
>>    loaned watches are recording/transmitting and/or analyzing their voices.
>>     4.
>>
>>    After 2-3 hours of shopping, everyone checks the time on their
>>    borrowed watches and reassembles at the appointed time inside the shopping
>>    mall. The Flash Mob is repeated with everyone trying to get as close as
>>    possible together while dropping off their loaned wristwatches.
>>     5.
>>
>>    Then people disperse and go back to their homes. They can get to
>>    their homes any way that they wish with as little or as much of their faces
>>    and identities exposed to surveillance as they desire. License plate
>>    readers, etc won't be able to figure out what stores they went into or what
>>    they purchased during the event unless they start talking about their
>>    experiences that happened at the event.
>>
>>
>>  The End.
>>
>>
>>  PS Individuals can attempt to duplicate the anonymizing effect of the
>> Flash Mob on their own by modifying a bit what they do while inside of a
>> building out of sight of any drone IR cameras outside the building during
>> the day or security cameras inside the building, such as by using a
>> bathroom stall to change clothes. Start by traveling to the building in
>> question on foot or on public transportation or if the building allows all
>> day parking for non-customers you can drive your car there. Be undisguised
>> in regards to your external appearance. Let any facial recognition software
>> or license plate readers figure out that it is you going there. You won't
>> be able to keep the tracking software from following you to and from your
>> residence anyway, at least during the times after 2015 when surveillance
>> drones are going to be everywhere over every city. Keep your face covering
>> visor and a change of shirt concealed inside of a backpack. Leave all
>> electronic devices at home or in your car. Inside the building and inside
>> the bathroom stall, change your shirt to a different color and take out a
>> different colored but similar sized backpack that was concealed inside the
>> first backpack. Put the first backpack inside of the second backpack along
>> with the original shirt you were wearing. Put the visor on over your entire
>> face. Exit the bathroom stall and exit the building and go shopping on foot
>> or using public transportation, paying with cash always. While shopping you
>> can optionally lift the visor enough while indoors to reveal your face to
>> the cashier and other people who it would be polite to reveal your face to
>> while communicating with them, but don't lift the visor high enough for
>> security cameras, usually mounted in the ceilings, to see your face. To go
>> home, go back into the same building and a bathroom stall and reverse the
>> process so that you exit the building wearing the first t-shirt and
>> displaying the first backpack and concealing the second t-shirt and face
>> covering visor and second backpack inside the first backpack. Hopefully you
>> have enough room in the backpacks for the backpacks and the items that you
>> purchased at the stores you visited. Be sure to pay cash and not talk much
>> if at all while shopping. If you need to travel at night, to remain
>> anonymous using the above procedure, be sure to go into a crowd inside of a
>> building such as a disco dance floor that will remain crowded late into the
>> evening. Do some dancing on the dance floor while entering and exiting the
>> building and make it look like the "real you", identifiable by the drones
>> circling outside the building, which can see some limited detail using IR
>> cameras and have limited ability to track individuals inside the building
>> from a viewpoint outside the building, make it look like you spent the
>> whole time dancing during your shopping trip. Good luck and have some fun
>> and retain your sense of humor while attempting to defeat the NSA
>> surveillance, at least for a few hours. :>). If more people adopt these
>> methods as the surveillance state expands and more people begin to feel
>> inconvenienced by it, it should get easier and more reliable to use these
>> methods to temporarily defeat the NSA surveillance. For instance, if enough
>> people all dress the same, then it will only be necessary to hide your
>> visor inside one backpack when going to the disco building and it won't be
>> necessary to change your shirt or backpack, just whip out your visor while
>> inside the disco building out of view of any cameras. This last stage is
>> when, like the Chinese, we will all become members of the Olive Drab Club.
>>
>>
>> _______________________________________________
>> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>
>>
>>
>> --
>> Spencer Graves, PE, PhD
>> President and Chief Technology Officer
>> Structure Inspection and Monitoring, Inc.
>> 751 Emerson Ct.
>> San Jos?, CA 95126
>> ph:  408-655-4567
>> web:  www.structuremonitoring.com
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140408/f0ab5d54/attachment.html>

From carolineyacoub at att.net  Tue Apr  8 19:38:48 2014
From: carolineyacoub at att.net (Caroline Yacoub)
Date: Tue, 8 Apr 2014 19:38:48 -0700 (PDT)
Subject: [GPSCC-chat] Fw: Ben & Jerry to Address United We Stand Fest UCLA
In-Reply-To: <32d7ea9e5ff3d6e89c13e92082c7b01d3fa.20140408171100@mail54.wdc03.rsgsv.net>
References: <32d7ea9e5ff3d6e89c13e92082c7b01d3fa.20140408171100@mail54.wdc03.rsgsv.net>
Message-ID: <1397011128.81388.YahooMailNeo@web185304.mail.gq1.yahoo.com>

Wow! Jill Stein will be there!

----- Forwarded Message -----
From: Free & Equal <info at freeandequal.org>
To: Juanita <carolineyacoub at att.net> 
Sent: Tuesday, April 8, 2014 10:11 AM
Subject: Ben & Jerry to Address United We Stand Fest UCLA
 


Ben & Jerry to Address United We Stand Fest UCLA  
Please add info at freeandequal.org to your address book to avoid spam filters.  
View this email in your browser            
Greetings Dedicated Supporters,

Ben Cohen & Jerry Greenfield, co-founders of Ben & Jerry?s Ice Cream, will address the audience of Free & Equal?s United We Stand Festival at UCLA on May 10th, 2014, via video.
?
Ben and Jerry are known for their activism for social change. In the area of environmental justice, they support mandatory GMO labeling, and all Ben & Jerry?s products will be 100% non-GMO by the end of this year. They also support getting Big Money out of politics.?

Ben?s Stamp Stampede and the company?s Get the Dough Out of Politics campaigns are akin to Free & Equal?s educational platform to awaken ?We the People? to restore the integrity of the electoral process, as well as to elect honest, independent leaders.

The United We Stand Festival at UCLA is the kick-off for a University Bus Tour across America, combining music and education to awaken the nation. It will inspire both adults and young people to take part in making our world a better place. By electing?principled?leaders who are not swayed by special interests, we can restore a world of peace, liberty, harmony, justice, ecology, and prosperity for all.?

Musical headliners at UCLA include Playing for Change, Public Enemy (Rock n Roll Hall of Famers), members of Wu-Tang Clan, Immortal Technique, The Siren, Cynic, Rooftop Revolutionaries, and more.

Speakers include Larry King (media legend),Marianne Williamson (New York Times bestselling author & independent congressional candidate [CA-33]),?David Bronner (CEO of Dr. Bronner's Magic Soaps), Sean Stone (son of Oliver Stone, host of Buzzsaw), Dr. Jill Stein, Gov. Gary Johnson, Amber Lyon (Emmy winning journalist/whistleblower), Ben Swann (Emmy winning journalist), Abby Martin (host of Breaking the Set on RT America), Diane Goldstein (Law Enforcement Against Prohibition), Pamela Donnelly (Amazon Bestselling Author and Education Reform Advocate), and many more.

Tickets are on sale now at UCLA Central Ticket Office and Ticketmaster.com.

Let's make a difference together!

With warmest regards,
The Free & Equal Elections Foundation      
  
Facebook  
  
Twitter  
  
FE Home  
  
UWSF Home  
  
YouTube  
  
Pinterest  
  
Google Plus          
Free & Equal Elections Foundation is a 501(c)(3) non-profit, non-partisan grassroots organization, whose mission is to shift the power back to the individual voter through education.   
Copyright ? 2014 The Free & Equal Elections Foundation, All rights reserved.


Our mailing address is:

The Free & Equal Elections Foundation
23679 Calabasas Rd. #219Calabasas, CA 91302
Add us to your address book

unsubscribe from this list??? update subscription preferences?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140408/bfdfc0a9/attachment.html>

From peacemovies at gmail.com  Wed Apr  9 12:29:18 2014
From: peacemovies at gmail.com (John Thielking)
Date: Wed, 9 Apr 2014 12:29:18 -0700
Subject: [GPSCC-chat] Can Flash Mobs And Olive Drab Clubs Defeat The NSA?
In-Reply-To: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
Message-ID: <CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>

I have also posted my comments and article here

https://www.indybay.org/newsitems/2014/04/08/18753809.php

Below is my latest comment:

I realize I made a snide remark that drones deployed everywhere in 2015
could be, but likely would not be, used to find lost pets. The NSA's vast
surveillance state is already incapable of using the facial recognition
database to figure out who that child rapist is who revealed his face in
one of his videos where I saw a still picture of that portion of his video
on TV. They also were incapable of tracking the cell phone of an old man
who went missing along the coast in Marin county, CA who was found dead a
few days later after he had crawled out of his crashed car at the bottom of
a ravine. Will drones and other tracking methods be used for actually
useful law enforcement and emergency purposes such as finding missing
persons and kidnap victims? It is a nice pipe dream to have and it might
take some of the sting out of the loss of privacy produced by the
deployment of these rogue machines, but somehow I have the thought that the
NSA will screw that up too and ultimately not come through with much of
anything useful.

John Thielking


On Mon, Apr 7, 2014 at 9:11 PM, John Thielking <peacemovies at gmail.com>wrote:

> Can Flash Mobs And Olive Drab Clubs Defeat The NSA?
>
>
>  By John Thielking
>
> 4-7-2014
>
>
>  For the past few days this author has been brainstorming about how to
> regain some small pieces of his privacy in the face of continuing (and
> progressing) NSA and other alphabet soup organizations' blanket
> surveillance. The goal is to find a way to preserve or at least momentarily
> regain privacy without using methods that require that they be secure from
> eavesdropping (such as by not using encryption or much of any electronic
> hardware which has been proven to have numerous back doors in both hardware
> and software).
>
>
>  Up to this point, this author has been content to merely take the simple
> countermeasure of leaving his cell phone at home and seldom if ever taking
> it with him when going to any place in public such as a shopping trip or a
> political protest. Going on vacation out of town is the exception to this
> and the author has found it necessary to submit to surveillance while on
> vacation. Most recently, this prohibition on carrying his cell phone in
> public has been extended to include leaving his electronic wristwatch at
> home and covering up his VTA bus pass/Clipper Card which has an RFID chip
> in it with tin foil and keeping it in his wallet in case the fare inspector
> wants to see it while he is riding the light rail. Various sources have
> indicated that blanket radio surveillance of a city can reveal what is
> being typed on various people's computer monitors and cell phone signals
> can carry for up to 20 miles. So based on that information, it is likely
> that radio surveillance can reveal the locations of various people's
> electronic wristwatches. All modern wristwatches have batteries in them
> powering the watch (even the quartz ones that look like the old kind that
> you used to have to keep wound up to keep them running) so all modern
> wristwatches can likely be tracked this way. It is possible to carry a cell
> phone in public and not be tracked, at least not in real time. To do this
> do the following: If your cell phone is a smart phone, put it in airplane
> mode and then turn it off. If it is a feature phone with no airplane mode
> available, turn it off and then take the battery out. Then place the phone
> inside of a paper envelope. This prevents the conductive parts of the phone
> such as various external metal extrusions that penetrate the case and the
> conductive touch screen from contacting the aluminum foil and defeating the
> Faraday Cage effect that will be formed by the aluminum foil in the last
> step. Then take a sheet of tin foil and cover the outside of the envelope
> that contains the cell phone. With the cell phone in airplane mode, it will
> not try too hard to signal the nearest cell tower nor will it use a lot of
> energy trying to connect using WiFi so the rapid battery drain that happens
> when covering up a turned off feature phone that still has the battery
> installed will not occur, at least not significantly, so the battery life
> will be up to a week or more when covered with tin foil. Note that since
> most smart phones have at least 1GB of available memory, it is quite
> possible/likely that the microphone of the cell phone is recording sounds
> (and the times that the sounds were recorded) for broadcast to the NSA
> later when you exit airplane mode to make a call or surf the web or answer
> e-mail. To prevent this from doing anything significant to compromise your
> privacy, if you are a girl person, you can place an activated white noise
> generator (about the size of a small radio, available from your local
> anti-spy equipment web site --- I bought mine about 15 years ago, so sorry
> but I forgot exactly where I got it ) put this in your purse next to your
> envelope and tin foil encased cell phone. This way, it will be much more
> difficult for the NSA to piece together where you were based on recorded
> background noises.
>
>
>  Now for the part that has something to do with the title of this
> article. This author, in talking to one of his relatives who had visited
> China recently, was inspired by the relative's story of how the Chinese
> have been dealing with their own surveillance state. It seems that a
> widespread phenomenon in China is that everyone tends to dress the same so
> that they will blend in to the crowd of people in their surroundings. This
> author did a bit of research online to try to find a way to defeat facial
> recognition software used by drones and various city-wide security cameras
> that are either connected to the Internet directly or that at least have TV
> monitors which can have their signals monitored by blanket radio
> surveillance. During this research, this author came across various
> references to the fact that some people in China and Australia are now
> using full face covering black visors in place of sunscreen. It seems that
> these full face visors are being marketed as being superior to sunscreen,
> since sunscreen only blocks the burning UVB rays and not the skin wrinkling
> UVA rays, while the visors block up to 99% of both UVA and UVB rays. It
> could be argued that these visors are "medically necessary" and thus they
> might even be exempt from laws in various places that seek to ban the
> wearing of masks at political protests. The desireable feature of these
> visors is that they may defeat facial recognition software. At least in the
> case of a human viewing the catalog pictures showing the models wearing
> these visors, the facial features of the models appear to be completely
> obscured. It is not clear if software used to enhance images could
> penetrate the low contrast "image" of the models' faces that may be allowed
> to show through by the dark plastic of these visors. This author was unable
> to find a mirrored version of one of these visors for sale that certainly
> would not be able to be penetrated by image enhancing software, but he was
> able to find a picture of a Chinese person wearing a mirrored version.
>
>
>  Now for the "plan" of how to defeat the NSA surveillance using an Olive
> Drab Club and/or a Flash Mob.
>
>
>
>    1.
>
>    On some Sunday afternoon or other that is convenient, have people come
>    together in a specific open space inside of a shopping mall such as the
>    food court at a specific time. Ask them to all dress the same such as by
>    wearing black pants and blank white shirts. Ask them to wear the UVA/UVB
>    blocking full face visors over their full faces for the duration of the
>    event. Ask them to not carry any electronic devices with them on the final
>    leg of their trip to the location inside the mall. They can leave their
>    cell phones and watches in their cars. Any ID cards or other things with
>    RFID chips in them should be covered with an envelope and a sheet of tin
>    foil if they are to be carried with the person. The use of license plate
>    readers and other tracking methods by the police and NSA while protestors
>    are traveling to the mall or on their way home after the event will not
>    affect the success of this protest.
>
>
>
>    1.
>
>    When the people are all assembled, this will form the first "Flash
>    Mob". The goal is to get as big a mob of people all milling around as close
>    together as possible to confuse any tracking software that may be
>    attempting to follow individuals through the images broadcast over the mall
>    security cameras. If the Flash Mob is done inside the mall building during
>    the day, any really high tech drones circling overhead outside will not be
>    able to use their infrared cameras to penetrate the walls of the building
>    as they will be blinded by reflected sunlight. Thus the enhanced software
>    that may be able to track individuals buried inside the Flash Mob should be
>    much harder if not impossible for the NSA to use to tease apart who exactly
>    went where inside the Flash Mob.
>    2.
>
>    While people are buried inside the Flash Mob, they are all handed
>    regular wristwatches that can be used to help keep track of the exact time
>    to be ready to reassemble in the second Flash Mob at the end of the event.
>    It is not important that the individual watches may have their locations
>    tracked during the event. So long as the face shields are kept covering
>    people's faces, the individual watches will not reveal people's individual
>    identities.
>    3.
>
>    Then for the next 2-3 hours the people go on various shopping trips.
>    They are all careful to always pay with cash and they are encouraged to
>    wear a particular type of backpack to carry the stuff they buy, so again,
>    everyone tends to look the same. They can go anywhere in town to go
>    shopping, not just shop at that one mall. If they are traveling large
>    distances that can not be covered on foot, they should pay cash to use
>    public transportation and not use their own vehicles. They are encouraged
>    to remove any deactivated RIFD/antishoplifting tags that may be on the
>    merchandise that they purchased prior to reassembling for the second Flash
>    Mob. It is also recommended that people talk as little as possible or not
>    at all during this part of the event in case security cameras or their
>    loaned watches are recording/transmitting and/or analyzing their voices.
>    4.
>
>    After 2-3 hours of shopping, everyone checks the time on their
>    borrowed watches and reassembles at the appointed time inside the shopping
>    mall. The Flash Mob is repeated with everyone trying to get as close as
>    possible together while dropping off their loaned wristwatches.
>    5.
>
>    Then people disperse and go back to their homes. They can get to their
>    homes any way that they wish with as little or as much of their faces and
>    identities exposed to surveillance as they desire. License plate readers,
>    etc won't be able to figure out what stores they went into or what they
>    purchased during the event unless they start talking about their
>    experiences that happened at the event.
>
>
>  The End.
>
>
>  PS Individuals can attempt to duplicate the anonymizing effect of the
> Flash Mob on their own by modifying a bit what they do while inside of a
> building out of sight of any drone IR cameras outside the building during
> the day or security cameras inside the building, such as by using a
> bathroom stall to change clothes. Start by traveling to the building in
> question on foot or on public transportation or if the building allows all
> day parking for non-customers you can drive your car there. Be undisguised
> in regards to your external appearance. Let any facial recognition software
> or license plate readers figure out that it is you going there. You won't
> be able to keep the tracking software from following you to and from your
> residence anyway, at least during the times after 2015 when surveillance
> drones are going to be everywhere over every city. Keep your face covering
> visor and a change of shirt concealed inside of a backpack. Leave all
> electronic devices at home or in your car. Inside the building and inside
> the bathroom stall, change your shirt to a different color and take out a
> different colored but similar sized backpack that was concealed inside the
> first backpack. Put the first backpack inside of the second backpack along
> with the original shirt you were wearing. Put the visor on over your entire
> face. Exit the bathroom stall and exit the building and go shopping on foot
> or using public transportation, paying with cash always. While shopping you
> can optionally lift the visor enough while indoors to reveal your face to
> the cashier and other people who it would be polite to reveal your face to
> while communicating with them, but don't lift the visor high enough for
> security cameras, usually mounted in the ceilings, to see your face. To go
> home, go back into the same building and a bathroom stall and reverse the
> process so that you exit the building wearing the first t-shirt and
> displaying the first backpack and concealing the second t-shirt and face
> covering visor and second backpack inside the first backpack. Hopefully you
> have enough room in the backpacks for the backpacks and the items that you
> purchased at the stores you visited. Be sure to pay cash and not talk much
> if at all while shopping. If you need to travel at night, to remain
> anonymous using the above procedure, be sure to go into a crowd inside of a
> building such as a disco dance floor that will remain crowded late into the
> evening. Do some dancing on the dance floor while entering and exiting the
> building and make it look like the "real you", identifiable by the drones
> circling outside the building, which can see some limited detail using IR
> cameras and have limited ability to track individuals inside the building
> from a viewpoint outside the building, make it look like you spent the
> whole time dancing during your shopping trip. Good luck and have some fun
> and retain your sense of humor while attempting to defeat the NSA
> surveillance, at least for a few hours. :>). If more people adopt these
> methods as the surveillance state expands and more people begin to feel
> inconvenienced by it, it should get easier and more reliable to use these
> methods to temporarily defeat the NSA surveillance. For instance, if enough
> people all dress the same, then it will only be necessary to hide your
> visor inside one backpack when going to the disco building and it won't be
> necessary to change your shirt or backpack, just whip out your visor while
> inside the disco building out of view of any cameras. This last stage is
> when, like the Chinese, we will all become members of the Olive Drab Club.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140409/daaf2f77/attachment.html>

From cls at truffula.us  Wed Apr  9 14:47:03 2014
From: cls at truffula.us (Cameron L. Spitzer)
Date: Wed, 09 Apr 2014 14:47:03 -0700
Subject: [GPSCC-chat] Heartbleed is real.  Do something real.
In-Reply-To: <CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
Message-ID: <5345BFD7.4090800@truffula.us>


Most of the "secure" web sites you use have been *broken for the last 
two years*.  Bruce Schneier says the OpenSSL "Heartbleed" bug disclosed 
yesterday, on a scale of 1 to 10, is an 11, "catastrophic 
<https://www.schneier.com/blog/archives/2014/04/heartbleed.html>." I 
recommend James Fallows' coverage 
<http://news.google.com/news/url?sr=1&sa=t&ct2=us%2F4_0_g_1_0_a&gid=EPG&bvm=section&usg=AFQjCNEu3o2CQaPZQdOvNQcoeO4LudiYbA&did=3147203463190269418&sig2=WnjE8vYpCP_1I61JMFmwhw&ei=dbdFU7mIBZG0mQKAQg&rt=HOMEPAGE&vm=STANDARD&authuser=0&url=http%3A%2F%2Fwww.theatlantic.com%2Ftechnology%2Farchive%2F2014%2F04%2Fthe-5-things-to-do-about-the-new-heartbleed-bug/360395/> 
at the Atlantic. Arstechnica 
<http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/> 
is even better, they demonstrate the exploit against yahoo.com.

If you bank online, you need to check your bank's site with something 
like this <http://filippo.io/Heartbleed/>, and change your password.  
Change it now, then check the site.  If the check fails, check it again 
later, and change your password /again/ when it passes.
The first change neutralizes your password which *was probably stolen* 
during the last two years.  The second neutralizes the new one that was 
stolen yesterday before your bank fixed its server.  Now that the bug is 
public, you can safely assume *all* unpatched sites are compromised.
If you run an HTTPS web server, you need to update it, and then you need 
to get a new cert.  That's what your bank needs to do.
If someone else runs an HTTPS web server for you, check it.  If it's 
broken and they don't fix it soon, change providers.

Forward as you see fit.

-/Cameron/


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140409/27e428da/attachment.html>

From pagesincolor at yahoo.com  Wed Apr  9 15:16:51 2014
From: pagesincolor at yahoo.com (John Thielking)
Date: Wed, 9 Apr 2014 15:16:51 -0700 (PDT)
Subject: [GPSCC-chat] Heartbleed is real.  Do something real.
In-Reply-To: <5345BFD7.4090800@truffula.us>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
Message-ID: <1397081811.59530.YahooMailNeo@web161905.mail.bf1.yahoo.com>

I don't use online banking much, though I do pay bills with a debit card. I may be able to use a real credit card soon instead, though I have yet to actually receive the card that I was notified that was sent to me in the mail. Like I said in another thread, the US govt likely has a backdoor into every encryption method out there, including RSA's stuff (there was a specific news item on that one) and anyone running HTTPS. My best bet in regards to this is that my Direct Express online access/password only allows me to look at my account balance and transaction history.? As far as I know, I can't look up my account number or transfer money by logging in. Good luck.

Sincerely,

John Thielking




________________________________
 From: Cameron L. Spitzer <cls at truffula.us>
To: sosfbay-discuss at cagreens.org 
Sent: Wednesday, April 9, 2014 2:47 PM
Subject: [GPSCC-chat] Heartbleed is real.  Do something real.
 



Most of the "secure" web sites you use have been broken for the last two years.? Bruce Schneier says the OpenSSL "Heartbleed" bug disclosed yesterday, on a scale of 1 to 10, is an 11, "catastrophic."? I recommend James Fallows' coverage at the Atlantic.? Arstechnica is even better, they demonstrate the exploit against yahoo.com.

If you bank online, you need to check your bank's site with
      something like this, and change your password.? Change it now, then check the site.? If the check fails, check it again later, and change your password again when it passes.
The first change neutralizes your password which was probably stolen during the last two years.? The second neutralizes the new one that was stolen yesterday before your bank fixed its server.? Now that the bug is public, you can safely assume all unpatched sites are compromised.
If you run an HTTPS web server, you need to update it, and then
      you need to get a new cert.? That's what your bank needs to do.
If someone else runs an HTTPS web server for you, check it.? If
      it's broken and they don't fix it soon, change providers.

Forward as you see fit.

-Cameron




_______________________________________________
sosfbay-discuss mailing list
sosfbay-discuss at cagreens.org
http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140409/0eaaaec9/attachment.html>

From peacemovies at gmail.com  Wed Apr  9 15:19:18 2014
From: peacemovies at gmail.com (John Thielking)
Date: Wed, 9 Apr 2014 15:19:18 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <5345BFD7.4090800@truffula.us>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
Message-ID: <CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>

I don't use online banking much, though I do pay bills with a debit card. I
may be able to use a real credit card soon instead, though I have yet to
actually receive the card that I was notified that was sent to me in the
mail. Like I said in another thread, the US govt likely has a backdoor into
every encryption method out there, including RSA's stuff (there was a
specific news item on that one) and anyone running HTTPS. My best bet in
regards to this is that my Direct Express online access/password only
allows me to look at my account balance and transaction history.  As far as
I know, I can't look up my account number or transfer money by logging in.
Good luck.

Sincerely,

John Thielking


On Wed, Apr 9, 2014 at 2:47 PM, Cameron L. Spitzer <cls at truffula.us> wrote:

>
> Most of the "secure" web sites you use have been *broken for the last two
> years*.  Bruce Schneier says the OpenSSL "Heartbleed" bug disclosed
> yesterday, on a scale of 1 to 10, is an 11, "catastrophic<https://www.schneier.com/blog/archives/2014/04/heartbleed.html>."
> I recommend James Fallows' coverage<http://news.google.com/news/url?sr=1&sa=t&ct2=us%2F4_0_g_1_0_a&gid=EPG&bvm=section&usg=AFQjCNEu3o2CQaPZQdOvNQcoeO4LudiYbA&did=3147203463190269418&sig2=WnjE8vYpCP_1I61JMFmwhw&ei=dbdFU7mIBZG0mQKAQg&rt=HOMEPAGE&vm=STANDARD&authuser=0&url=http%3A%2F%2Fwww.theatlantic.com%2Ftechnology%2Farchive%2F2014%2F04%2Fthe-5-things-to-do-about-the-new-heartbleed-bug/360395/>at the Atlantic.
> Arstechnica<http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/>is even better, they demonstrate the exploit against
> yahoo.com.
>
> If you bank online, you need to check your bank's site with something like
> this <http://filippo.io/Heartbleed/>, and change your password.  Change
> it now, then check the site.  If the check fails, check it again later, and
> change your password *again* when it passes.
> The first change neutralizes your password which *was probably stolen*during the last two years.  The second neutralizes the new one that was
> stolen yesterday before your bank fixed its server.  Now that the bug is
> public, you can safely assume *all* unpatched sites are compromised.
> If you run an HTTPS web server, you need to update it, and then you need
> to get a new cert.  That's what your bank needs to do.
> If someone else runs an HTTPS web server for you, check it.  If it's
> broken and they don't fix it soon, change providers.
>
> Forward as you see fit.
>
> -*Cameron*
>
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140409/068f9f66/attachment.html>

From cls at truffula.us  Wed Apr  9 16:50:58 2014
From: cls at truffula.us (Cameron L. Spitzer)
Date: Wed, 09 Apr 2014 16:50:58 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
Message-ID: <5345DCE2.1000305@truffula.us>



Nobody credible is suggesting the NSA or anybody else has a backdoor in 
Secure Shell Version 2 (SSH) or the ciphers it uses. If it were even 
suspected, there would be a mad race to come up with a replacement.
SSH was developed in Finland because it's the only developed nation not 
subject to the US' "munitions related" export controls.  That's why the 
big security software developers all have offices there.  They learned 
that lesson from NSA's heavy-handed interference with the original 
Digital Encryption Standard and Pretty Good Privacy.  If you've been 
researching the history of digital security, you already know about 
those outrages.

To understand these problems, you have to distinguish /algorithm/ from 
/implementation/.  There is no "/method/."  The strength of SSH and its 
ciphers, and of PGP/GPG, and anything else that uses asymmetric 
encryption, including SSL, comes from the mathematical reality that it's 
astronomically more difficult to factor the product of two very large 
prime numbers than it was to multiply those two primes in the first 
place.  The NSA is about as "likely" to find a way around that as they 
are to find a way to travel faster than light.  That's algorithm.  
Vulnerabilities like Heartbleed come from mistakes in implementation, 
not from weaknesses in the mathematical algorithms themselves.  The last 
one we all had to patch (it was in SSH) was due to a mistake where a 
pseudorandom number was more predictable than it should have been.

Heartbleed <http://heartbleed.com/> gives a black eye to the "open 
source fanboys" who've been claiming for years that nothing this serious 
would ever get past the "crowd" of reviewers.  "Vulns" this bad get 
stopped in code-review all the time, and one got through.  But it hardly 
means "the NSA has a back door in everything."  ("The NSA has a back 
door in everything" is a way to rationalize your own choices of 
convenience over security.  Everybody does it.)
Nor does it mean the closed source implementations are better. Microsoft 
has its own SSL implementation.  It's surely been code-reviewed by NSA, 
and it may even have NSA's backdoor in it. Perhaps that's in the pile 
Snowden handed off to Greenwald, and /Der Spiegel/ hasn't got around to 
revealing it.

By the way, the media are reporting "two thirds of the Web" vulnerable. 
According to Netcraft 
<http://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html>, 
it's 17% of hostnames.  Maybe the "two thirds" is because that 17% is 
most of the big names.

-/Cameron/



On 04/09/2014 03:19 PM, John Thielking wrote:
> I don't use online banking much, though I do pay bills with a debit 
> card. I may be able to use a real credit card soon instead, though I 
> have yet to actually receive the card that I was notified that was 
> sent to me in the mail. Like I said in another thread, the US govt 
> likely has a backdoor into every encryption /method/ [emphasis added] 
> out there, including RSA's stuff (there was a specific news item on 
> that one) and anyone running HTTPS. My best bet in regards to this is 
> that my Direct Express online access/password only allows me to look 
> at my account balance and transaction history.  As far as I know, I 
> can't look up my account number or transfer money by logging in. Good 
> luck.
>
> Sincerely,
>
> John Thielking
>
>
> On Wed, Apr 9, 2014 at 2:47 PM, Cameron L. Spitzer <cls at truffula.us 
> <mailto:cls at truffula.us>> wrote:
>
>
>     Most of the "secure" web sites you use have been *broken for the
>     last two years*.  Bruce Schneier says the OpenSSL "Heartbleed" bug
>     disclosed yesterday, on a scale of 1 to 10, is an 11,
>     "catastrophic
>     <https://www.schneier.com/blog/archives/2014/04/heartbleed.html>."  I
>     recommend James Fallows' coverage
>     <http://news.google.com/news/url?sr=1&sa=t&ct2=us%2F4_0_g_1_0_a&gid=EPG&bvm=section&usg=AFQjCNEu3o2CQaPZQdOvNQcoeO4LudiYbA&did=3147203463190269418&sig2=WnjE8vYpCP_1I61JMFmwhw&ei=dbdFU7mIBZG0mQKAQg&rt=HOMEPAGE&vm=STANDARD&authuser=0&url=http%3A%2F%2Fwww.theatlantic.com%2Ftechnology%2Farchive%2F2014%2F04%2Fthe-5-things-to-do-about-the-new-heartbleed-bug/360395/>
>     at the Atlantic. Arstechnica
>     <http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/>
>     is even better, they demonstrate the exploit against yahoo.com
>     <http://yahoo.com>.
>
>     If you bank online, you need to check your bank's site with
>     something like this <http://filippo.io/Heartbleed/>, and change
>     your password.  Change it now, then check the site.  If the check
>     fails, check it again later, and change your password /again/ when
>     it passes.
>     The first change neutralizes your password which *was probably
>     stolen* during the last two years.  The second neutralizes the new
>     one that was stolen yesterday before your bank fixed its server. 
>     Now that the bug is public, you can safely assume *all* unpatched
>     sites are compromised.
>     If you run an HTTPS web server, you need to update it, and then
>     you need to get a new cert.  That's what your bank needs to do.
>     If someone else runs an HTTPS web server for you, check it.  If
>     it's broken and they don't fix it soon, change providers.
>
>     Forward as you see fit.
>
>     -/Cameron/
>
>
>
>     _______________________________________________
>     sosfbay-discuss mailing list
>     sosfbay-discuss at cagreens.org <mailto:sosfbay-discuss at cagreens.org>
>     http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
>
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140409/aefad3cb/attachment.html>

From peacemovies at gmail.com  Wed Apr  9 17:37:54 2014
From: peacemovies at gmail.com (John Thielking)
Date: Wed, 9 Apr 2014 17:37:54 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <5345DCE2.1000305@truffula.us>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
	<5345DCE2.1000305@truffula.us>
Message-ID: <CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>

Cameron,

It is reassuring to know that not all software companies are under the
thumb of the NSA. However, I also heard that the hardware that we commonly
use is also compromised, so that no software can overcome the built in back
doors on those devices.  I don't have an exact reference for that hardware
bit. I heard about it on a recent broadcast of the news on rt.com. Also, an
online book I read on privacy for journalists and other sources have said
that the emf coming from computer monitors and the computers themselves can
be monitored remotely even if the computer is not connected to the
Internet, to again compromise privacy. Remember that the tiny radios in
cell phones can communicate with cell towers up to 20 miles away (which
fact some are using to discredit claims that cell phones on flight 93 on
9/11 couldn't have communicated with the ground --- which has since
modified my position on that point since finding that out). So it seems
reasonable that an emf source consuming many watts, such as a computer,
could easily be monitored from at least a quarter mile away or more.  Any
thoughts?  Thanks.

Sincerely,

John Thielking


On Wed, Apr 9, 2014 at 4:50 PM, Cameron L. Spitzer <cls at truffula.us> wrote:

>
>
> Nobody credible is suggesting the NSA or anybody else has a backdoor in
> Secure Shell Version 2 (SSH) or the ciphers it uses.  If it were even
> suspected, there would be a mad race to come up with a replacement.
> SSH was developed in Finland because it's the only developed nation not
> subject to the US' "munitions related" export controls.  That's why the big
> security software developers all have offices there.  They learned that
> lesson from NSA's heavy-handed interference with the original Digital
> Encryption Standard and Pretty Good Privacy.  If you've been researching
> the history of digital security, you already know about those outrages.
>
> To understand these problems, you have to distinguish *algorithm* from
> *implementation*.  There is no "*method*."  The strength of SSH and its
> ciphers, and of PGP/GPG, and anything else that uses asymmetric encryption,
> including SSL, comes from the mathematical reality that it's astronomically
> more difficult to factor the product of two very large prime numbers than
> it was to multiply those two primes in the first place.  The NSA is about
> as "likely" to find a way around that as they are to find a way to travel
> faster than light.  That's algorithm.  Vulnerabilities like Heartbleed come
> from mistakes in implementation, not from weaknesses in the mathematical
> algorithms themselves.  The last one we all had to patch (it was in SSH)
> was due to a mistake where a pseudorandom number was more predictable than
> it should have been.
>
> Heartbleed <http://heartbleed.com/> gives a black eye to the "open source
> fanboys" who've been claiming for years that nothing this serious would
> ever get past the "crowd" of reviewers.  "Vulns" this bad get stopped in
> code-review all the time, and one got through.  But it hardly means "the
> NSA has a back door in everything."  ("The NSA has a back door in
> everything" is a way to rationalize your own choices of convenience over
> security.  Everybody does it.)
> Nor does it mean the closed source implementations are better.  Microsoft
> has its own SSL implementation.  It's surely been code-reviewed by NSA, and
> it may even have NSA's backdoor in it.  Perhaps that's in the pile Snowden
> handed off to Greenwald, and *Der Spiegel* hasn't got around to revealing
> it.
>
> By the way, the media are reporting "two thirds of the Web" vulnerable.  According
> to Netcraft<http://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html>,
> it's 17% of hostnames.  Maybe the "two thirds" is because that 17% is most
> of the big names.
>
> -*Cameron*
>
>
>
> On 04/09/2014 03:19 PM, John Thielking wrote:
>
> I don't use online banking much, though I do pay bills with a debit card.
> I may be able to use a real credit card soon instead, though I have yet to
> actually receive the card that I was notified that was sent to me in the
> mail. Like I said in another thread, the US govt likely has a backdoor into
> every encryption *method* [emphasis added] out there, including RSA's
> stuff (there was a specific news item on that one) and anyone running
> HTTPS. My best bet in regards to this is that my Direct Express online
> access/password only allows me to look at my account balance and
> transaction history.  As far as I know, I can't look up my account number
> or transfer money by logging in. Good luck.
>
> Sincerely,
>
> John Thielking
>
>
> On Wed, Apr 9, 2014 at 2:47 PM, Cameron L. Spitzer <cls at truffula.us>wrote:
>
>>
>> Most of the "secure" web sites you use have been *broken for the last
>> two years*.  Bruce Schneier says the OpenSSL "Heartbleed" bug disclosed
>> yesterday, on a scale of 1 to 10, is an 11, "catastrophic<https://www.schneier.com/blog/archives/2014/04/heartbleed.html>."
>> I recommend James Fallows' coverage<http://news.google.com/news/url?sr=1&sa=t&ct2=us%2F4_0_g_1_0_a&gid=EPG&bvm=section&usg=AFQjCNEu3o2CQaPZQdOvNQcoeO4LudiYbA&did=3147203463190269418&sig2=WnjE8vYpCP_1I61JMFmwhw&ei=dbdFU7mIBZG0mQKAQg&rt=HOMEPAGE&vm=STANDARD&authuser=0&url=http%3A%2F%2Fwww.theatlantic.com%2Ftechnology%2Farchive%2F2014%2F04%2Fthe-5-things-to-do-about-the-new-heartbleed-bug/360395/>at the Atlantic.
>> Arstechnica<http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/>is even better, they demonstrate the exploit against
>> yahoo.com.
>>
>> If you bank online, you need to check your bank's site with something
>> like this <http://filippo.io/Heartbleed/>, and change your password.
>> Change it now, then check the site.  If the check fails, check it again
>> later, and change your password *again* when it passes.
>> The first change neutralizes your password which *was probably stolen*during the last two years.  The second neutralizes the new one that was
>> stolen yesterday before your bank fixed its server.  Now that the bug is
>> public, you can safely assume *all* unpatched sites are compromised.
>> If you run an HTTPS web server, you need to update it, and then you need
>> to get a new cert.  That's what your bank needs to do.
>> If someone else runs an HTTPS web server for you, check it.  If it's
>> broken and they don't fix it soon, change providers.
>>
>> Forward as you see fit.
>>
>> -*Cameron*
>>
>>
>>
>> _______________________________________________
>> sosfbay-discuss mailing list
>> sosfbay-discuss at cagreens.org
>> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>
>
>
>
> _______________________________________________
> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140409/223d6866/attachment.html>

From cls at truffula.us  Wed Apr  9 18:54:25 2014
From: cls at truffula.us (Cameron L. Spitzer)
Date: Wed, 09 Apr 2014 18:54:25 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
	<5345DCE2.1000305@truffula.us>
	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>
Message-ID: <5345F9D1.4080107@truffula.us>



I've heard no credible allegations that PC motherboard hardware is 
compromised.  PCs would be compromised in the OS, which is one of the 
arguments for avoiding MSFT Windows for personal use.  There are also 
credible allegations the NSA (and private and corporate criminals) bugs 
PC keyboards.
It's widely suspected that the major router manufacturers have backdoors 
in the core routers that handle Internet traffic.  It's easier to deploy 
that way, compared to setting up a secret room at the telco office with 
a fiber splitter, as has been observed in San Francisco.  I expect 
confirmation of that will eventually come from Snowden's pile.
But if your traffic is encrypted with SSH or correctly implemented SSL, 
that doesn't do them much good.  That's why it's called a secure tunnel.

One CRT monitor was observable from dozens of yards away.  It took 
equipment the size of a truck to do it.  But a roomful of them would be 
so difficult, it would be easier to bug the office some other way.  
(Leave a thumb drive with your PC malware on the sidewalk in front of a 
bank.  There's a 40% chance you'll have access to the bank's internal 
network within a day.  People are stupid and lazy and curious.  They'll 
stick it in their desktop to see if there's porn on it.  I forgot which 
university runs that experiment annually, but I'll bet it's Purdue.)  
Observing a modern monitor is much more difficult.  Maybe they can do it 
on a targeted basis, but It's not practical for a mass surveillance program.

A cell phone puts out short four watt bursts of UHF.  Which is why you 
shouldn't hold them next to your brain all day.  Nothing that emits that 
much radiation by accident is allowed in the US or EU market.  
Incidental emissions from PCs and network cables is in the low 
milliwatts.  It's not for safety, it's to avoid interference with 
broadcast TV.  That's why it's so darned hard to get a PC case back 
together, the case has to approximate a Faraday cage for the product to 
get past the FCC and TUV.

I wish I didn't understand this intense focus on /surreptitious/ 
surveillance.  The vast majority of surveillance of innocent US 
residents is right out in the open.  And it isn't just voluntary, we 
demand it, we clamor for it!   Give me my "free" Gmail!  Sell me a phone 
that cost $600 to make for $50!  Give me a pre-installed computer 
operating system that I don't need to know anything about to use!  Maybe 
there's a dirty movie on this thumb drive I found on the street.  But I 
do understand it, and it makes me sad.  We kvetch about our privacy, but 
we readily trade it away for entertainment and small grocery discounts.  
Our money ain't where our mouths are.

-Cameron




On 04/09/2014 05:37 PM, John Thielking wrote:
> Cameron,
>
> It is reassuring to know that not all software companies are under the 
> thumb of the NSA. However, I also heard that the hardware that we 
> commonly use is also compromised, so that no software can overcome the 
> built in back doors on those devices.  I don't have an exact reference 
> for that hardware bit. I heard about it on a recent broadcast of the 
> news on rt.com <http://rt.com>. Also, an online book I read on privacy 
> for journalists and other sources have said that the emf coming from 
> computer monitors and the computers themselves can be monitored 
> remotely even if the computer is not connected to the Internet, to 
> again compromise privacy. Remember that the tiny radios in cell phones 
> can communicate with cell towers up to 20 miles away (which fact some 
> are using to discredit claims that cell phones on flight 93 on 9/11 
> couldn't have communicated with the ground --- which has since 
> modified my position on that point since finding that out). So it 
> seems reasonable that an emf source consuming many watts, such as a 
> computer, could easily be monitored from at least a quarter mile away 
> or more.  Any thoughts?  Thanks.
>
> Sincerely,
>
> John Thielking
>
>
> On Wed, Apr 9, 2014 at 4:50 PM, Cameron L. Spitzer <cls at truffula.us 
> <mailto:cls at truffula.us>> wrote:
>
>
>
>     Nobody credible is suggesting the NSA or anybody else has a
>     backdoor in Secure Shell Version 2 (SSH) or the ciphers it uses. 
>     If it were even suspected, there would be a mad race to come up
>     with a replacement.
>     SSH was developed in Finland because it's the only developed
>     nation not subject to the US' "munitions related" export
>     controls.  That's why the big security software developers all
>     have offices there.  They learned that lesson from NSA's
>     heavy-handed interference with the original Digital Encryption
>     Standard and Pretty Good Privacy.  If you've been researching the
>     history of digital security, you already know about those outrages.
>
>     To understand these problems, you have to distinguish /algorithm/
>     from /implementation/.  There is no "/method/." The strength of
>     SSH and its ciphers, and of PGP/GPG, and anything else that uses
>     asymmetric encryption, including SSL, comes from the mathematical
>     reality that it's astronomically more difficult to factor the
>     product of two very large prime numbers than it was to multiply
>     those two primes in the first place.  The NSA is about as "likely"
>     to find a way around that as they are to find a way to travel
>     faster than light.  That's algorithm.  Vulnerabilities like
>     Heartbleed come from mistakes in implementation, not from
>     weaknesses in the mathematical algorithms themselves.  The last
>     one we all had to patch (it was in SSH) was due to a mistake where
>     a pseudorandom number was more predictable than it should have been.
>
>     Heartbleed <http://heartbleed.com/> gives a black eye to the "open
>     source fanboys" who've been claiming for years that nothing this
>     serious would ever get past the "crowd" of reviewers.  "Vulns"
>     this bad get stopped in code-review all the time, and one got
>     through.  But it hardly means "the NSA has a back door in
>     everything." ("The NSA has a back door in everything" is a way to
>     rationalize your own choices of convenience over security. 
>     Everybody does it.)
>     Nor does it mean the closed source implementations are better. 
>     Microsoft has its own SSL implementation.  It's surely been
>     code-reviewed by NSA, and it may even have NSA's backdoor in it. 
>     Perhaps that's in the pile Snowden handed off to Greenwald, and
>     /Der Spiegel/ hasn't got around to revealing it.
>
>     By the way, the media are reporting "two thirds of the Web"
>     vulnerable. According to Netcraft
>     <http://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html>,
>     it's 17% of hostnames.  Maybe the "two thirds" is because that 17%
>     is most of the big names.
>
>     -/Cameron/
>
>
>
>     On 04/09/2014 03:19 PM, John Thielking wrote:
>>     I don't use online banking much, though I do pay bills with a
>>     debit card. I may be able to use a real credit card soon instead,
>>     though I have yet to actually receive the card that I was
>>     notified that was sent to me in the mail. Like I said in another
>>     thread, the US govt likely has a backdoor into every encryption
>>     /method/ [emphasis added] out there, including RSA's stuff (there
>>     was a specific news item on that one) and anyone running HTTPS.
>>     My best bet in regards to this is that my Direct Express online
>>     access/password only allows me to look at my account balance and
>>     transaction history.  As far as I know, I can't look up my
>>     account number or transfer money by logging in. Good luck.
>>
>>     Sincerely,
>>
>>     John Thielking
>>
>>
>>     On Wed, Apr 9, 2014 at 2:47 PM, Cameron L. Spitzer
>>     <cls at truffula.us <mailto:cls at truffula.us>> wrote:
>>
>>
>>         Most of the "secure" web sites you use have been *broken for
>>         the last two years*. Bruce Schneier says the OpenSSL
>>         "Heartbleed" bug disclosed yesterday, on a scale of 1 to 10,
>>         is an 11, "catastrophic
>>         <https://www.schneier.com/blog/archives/2014/04/heartbleed.html>." 
>>         I recommend James Fallows' coverage
>>         <http://news.google.com/news/url?sr=1&sa=t&ct2=us%2F4_0_g_1_0_a&gid=EPG&bvm=section&usg=AFQjCNEu3o2CQaPZQdOvNQcoeO4LudiYbA&did=3147203463190269418&sig2=WnjE8vYpCP_1I61JMFmwhw&ei=dbdFU7mIBZG0mQKAQg&rt=HOMEPAGE&vm=STANDARD&authuser=0&url=http%3A%2F%2Fwww.theatlantic.com%2Ftechnology%2Farchive%2F2014%2F04%2Fthe-5-things-to-do-about-the-new-heartbleed-bug/360395/>
>>         at the Atlantic. Arstechnica
>>         <http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/>
>>         is even better, they demonstrate the exploit against
>>         yahoo.com <http://yahoo.com>.
>>
>>         If you bank online, you need to check your bank's site with
>>         something like this <http://filippo.io/Heartbleed/>, and
>>         change your password.  Change it now, then check the site. 
>>         If the check fails, check it again later, and change your
>>         password /again/ when it passes.
>>         The first change neutralizes your password which *was
>>         probably stolen* during the last two years.  The second
>>         neutralizes the new one that was stolen yesterday before your
>>         bank fixed its server.  Now that the bug is public, you can
>>         safely assume *all* unpatched sites are compromised.
>>         If you run an HTTPS web server, you need to update it, and
>>         then you need to get a new cert.  That's what your bank needs
>>         to do.
>>         If someone else runs an HTTPS web server for you, check it. 
>>         If it's broken and they don't fix it soon, change providers.
>>
>>         Forward as you see fit.
>>
>>         -/Cameron/
>>
>>
>>
>>         _______________________________________________
>>         sosfbay-discuss mailing list
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140409/152a7e1b/attachment.html>

From peacemovies at gmail.com  Wed Apr  9 20:19:44 2014
From: peacemovies at gmail.com (John Thielking)
Date: Wed, 9 Apr 2014 20:19:44 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <5345F9D1.4080107@truffula.us>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
	<5345DCE2.1000305@truffula.us>
	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>
	<5345F9D1.4080107@truffula.us>
Message-ID: <CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>

Thanks for a very interesting conversation Cameron. I guess if TV monitors
can not be radio-surveillanced from more than a few feet away and without a
truckload of equipment, then  my Flash Mob inside a mall idea (see the
thread Can Flash Mobs and Olive Drab Clubs Defeat The NSA?) may work better
if the mall in question just happens to not have their security system
connected to the Internet so that the protestors can't be individually
tracked in real time by the NSA.  Probably also the random CCTV security
systems throughout San Jose are not likely to be tipping off the NSA in
real time to my location. And at the very least the electronic watches that
people may have on are also likely secure from remote sensing.  Thanks for
the reality check.  I still don't trust my keyboard or my Windows XP to not
compromise https though.  When I buy my next computer, it will probably
still run windows, but it definitely won't be a laptop with a built in
camera and microphone....

John Thielking



On Wed, Apr 9, 2014 at 6:54 PM, Cameron L. Spitzer <cls at truffula.us> wrote:

>
>
> I've heard no credible allegations that PC motherboard hardware is
> compromised.  PCs would be compromised in the OS, which is one of the
> arguments for avoiding MSFT Windows for personal use.  There are also
> credible allegations the NSA (and private and corporate criminals) bugs PC
> keyboards.
> It's widely suspected that the major router manufacturers have backdoors
> in the core routers that handle Internet traffic.  It's easier to deploy
> that way, compared to setting up a secret room at the telco office with a
> fiber splitter, as has been observed in San Francisco.  I expect
> confirmation of that will eventually come from Snowden's pile.
> But if your traffic is encrypted with SSH or correctly implemented SSL,
> that doesn't do them much good.  That's why it's called a secure tunnel.
>
> One CRT monitor was observable from dozens of yards away.  It took
> equipment the size of a truck to do it.  But a roomful of them would be so
> difficult, it would be easier to bug the office some other way.  (Leave a
> thumb drive with your PC malware on the sidewalk in front of a bank.
> There's a 40% chance you'll have access to the bank's internal network
> within a day.  People are stupid and lazy and curious.  They'll stick it in
> their desktop to see if there's porn on it.  I forgot which university runs
> that experiment annually, but I'll bet it's Purdue.)  Observing a modern
> monitor is much more difficult.  Maybe they can do it on a targeted basis,
> but It's not practical for a mass surveillance program.
>
> A cell phone puts out short four watt bursts of UHF.  Which is why you
> shouldn't hold them next to your brain all day.  Nothing that emits that
> much radiation by accident is allowed in the US or EU market.  Incidental
> emissions from PCs and network cables is in the low milliwatts.  It's not
> for safety, it's to avoid interference with broadcast TV.  That's why it's
> so darned hard to get a PC case back together, the case has to approximate
> a Faraday cage for the product to get past the FCC and TUV.
>
> I wish I didn't understand this intense focus on *surreptitious*surveillance.  The vast majority of surveillance of innocent US residents
> is right out in the open.  And it isn't just voluntary, we demand it, we
> clamor for it!   Give me my "free" Gmail!  Sell me a phone that cost $600
> to make for $50!  Give me a pre-installed computer operating system that I
> don't need to know anything about to use!  Maybe there's a dirty movie on
> this thumb drive I found on the street.  But I do understand it, and it
> makes me sad.  We kvetch about our privacy, but we readily trade it away
> for entertainment and small grocery discounts.  Our money ain't where our
> mouths are.
>
> -Cameron
>
>
>
>
>
> On 04/09/2014 05:37 PM, John Thielking wrote:
>
>   Cameron,
>
>  It is reassuring to know that not all software companies are under the
> thumb of the NSA. However, I also heard that the hardware that we commonly
> use is also compromised, so that no software can overcome the built in back
> doors on those devices.  I don't have an exact reference for that hardware
> bit. I heard about it on a recent broadcast of the news on rt.com. Also,
> an online book I read on privacy for journalists and other sources have
> said that the emf coming from computer monitors and the computers
> themselves can be monitored remotely even if the computer is not connected
> to the Internet, to again compromise privacy. Remember that the tiny radios
> in cell phones can communicate with cell towers up to 20 miles away (which
> fact some are using to discredit claims that cell phones on flight 93 on
> 9/11 couldn't have communicated with the ground --- which has since
> modified my position on that point since finding that out). So it seems
> reasonable that an emf source consuming many watts, such as a computer,
> could easily be monitored from at least a quarter mile away or more.  Any
> thoughts?  Thanks.
>
>  Sincerely,
>
>  John Thielking
>
>
> On Wed, Apr 9, 2014 at 4:50 PM, Cameron L. Spitzer <cls at truffula.us>wrote:
>
>>
>>
>> Nobody credible is suggesting the NSA or anybody else has a backdoor in
>> Secure Shell Version 2 (SSH) or the ciphers it uses.  If it were even
>> suspected, there would be a mad race to come up with a replacement.
>> SSH was developed in Finland because it's the only developed nation not
>> subject to the US' "munitions related" export controls.  That's why the big
>> security software developers all have offices there.  They learned that
>> lesson from NSA's heavy-handed interference with the original Digital
>> Encryption Standard and Pretty Good Privacy.  If you've been researching
>> the history of digital security, you already know about those outrages.
>>
>> To understand these problems, you have to distinguish *algorithm* from
>> *implementation*.  There is no "*method*."  The strength of SSH and its
>> ciphers, and of PGP/GPG, and anything else that uses asymmetric encryption,
>> including SSL, comes from the mathematical reality that it's astronomically
>> more difficult to factor the product of two very large prime numbers than
>> it was to multiply those two primes in the first place.  The NSA is about
>> as "likely" to find a way around that as they are to find a way to travel
>> faster than light.  That's algorithm.  Vulnerabilities like Heartbleed come
>> from mistakes in implementation, not from weaknesses in the mathematical
>> algorithms themselves.  The last one we all had to patch (it was in SSH)
>> was due to a mistake where a pseudorandom number was more predictable than
>> it should have been.
>>
>> Heartbleed <http://heartbleed.com/> gives a black eye to the "open
>> source fanboys" who've been claiming for years that nothing this serious
>> would ever get past the "crowd" of reviewers.  "Vulns" this bad get stopped
>> in code-review all the time, and one got through.  But it hardly means "the
>> NSA has a back door in everything."  ("The NSA has a back door in
>> everything" is a way to rationalize your own choices of convenience over
>> security.  Everybody does it.)
>> Nor does it mean the closed source implementations are better.  Microsoft
>> has its own SSL implementation.  It's surely been code-reviewed by NSA, and
>> it may even have NSA's backdoor in it.  Perhaps that's in the pile Snowden
>> handed off to Greenwald, and *Der Spiegel* hasn't got around to
>> revealing it.
>>
>> By the way, the media are reporting "two thirds of the Web" vulnerable.  According
>> to Netcraft<http://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html>,
>> it's 17% of hostnames.  Maybe the "two thirds" is because that 17% is most
>> of the big names.
>>
>> -*Cameron*
>>
>>
>>
>> On 04/09/2014 03:19 PM, John Thielking wrote:
>>
>> I don't use online banking much, though I do pay bills with a debit card.
>> I may be able to use a real credit card soon instead, though I have yet to
>> actually receive the card that I was notified that was sent to me in the
>> mail. Like I said in another thread, the US govt likely has a backdoor into
>> every encryption *method* [emphasis added] out there, including RSA's
>> stuff (there was a specific news item on that one) and anyone running
>> HTTPS. My best bet in regards to this is that my Direct Express online
>> access/password only allows me to look at my account balance and
>> transaction history.  As far as I know, I can't look up my account number
>> or transfer money by logging in. Good luck.
>>
>> Sincerely,
>>
>> John Thielking
>>
>>
>> On Wed, Apr 9, 2014 at 2:47 PM, Cameron L. Spitzer <cls at truffula.us>wrote:
>>
>>>
>>> Most of the "secure" web sites you use have been *broken for the last
>>> two years*.  Bruce Schneier says the OpenSSL "Heartbleed" bug disclosed
>>> yesterday, on a scale of 1 to 10, is an 11, "catastrophic<https://www.schneier.com/blog/archives/2014/04/heartbleed.html>."
>>> I recommend James Fallows' coverage<http://news.google.com/news/url?sr=1&sa=t&ct2=us%2F4_0_g_1_0_a&gid=EPG&bvm=section&usg=AFQjCNEu3o2CQaPZQdOvNQcoeO4LudiYbA&did=3147203463190269418&sig2=WnjE8vYpCP_1I61JMFmwhw&ei=dbdFU7mIBZG0mQKAQg&rt=HOMEPAGE&vm=STANDARD&authuser=0&url=http%3A%2F%2Fwww.theatlantic.com%2Ftechnology%2Farchive%2F2014%2F04%2Fthe-5-things-to-do-about-the-new-heartbleed-bug/360395/>at the Atlantic.
>>> Arstechnica<http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/>is even better, they demonstrate the exploit against
>>> yahoo.com.
>>>
>>> If you bank online, you need to check your bank's site with something
>>> like this <http://filippo.io/Heartbleed/>, and change your password.
>>> Change it now, then check the site.  If the check fails, check it again
>>> later, and change your password *again* when it passes.
>>> The first change neutralizes your password which *was probably stolen*during the last two years.  The second neutralizes the new one that was
>>> stolen yesterday before your bank fixed its server.  Now that the bug is
>>> public, you can safely assume *all* unpatched sites are compromised.
>>> If you run an HTTPS web server, you need to update it, and then you need
>>> to get a new cert.  That's what your bank needs to do.
>>> If someone else runs an HTTPS web server for you, check it.  If it's
>>> broken and they don't fix it soon, change providers.
>>>
>>> Forward as you see fit.
>>>
>>> -*Cameron*
>>>
>>>
>>>
>>> _______________________________________________
>>> sosfbay-discuss mailing list
>>>
>>>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140409/2e63b933/attachment.html>

From rainbeaufriend at riseup.net  Thu Apr 10 06:16:13 2014
From: rainbeaufriend at riseup.net (Drew)
Date: Thu, 10 Apr 2014 06:16:13 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
	<5345DCE2.1000305@truffula.us>
	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>
	<5345F9D1.4080107@truffula.us>
	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
Message-ID: <ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>

Cameron, I and others can help people move to a (user-friendly), freedom-respecting GNU/Linux computer system such as Puppy Linux http://puppylinux.com , or Zorin http://www.zorin-os.com/ , or Linux Mint, etc.

Green is Freedom!

Drew
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140410/27ff48e7/attachment.html>

From rob.means at electric-bikes.com  Thu Apr 10 12:17:39 2014
From: rob.means at electric-bikes.com (rob.means at electric-bikes.com)
Date: Thu, 10 Apr 2014 12:17:39 -0700
Subject: [GPSCC-chat] Other Voices article for publication in 4/18 Milpitas
	Post
Message-ID: <3aa411abd07f4849b66970f061a0727a.squirrel@www.electric-bikes.com>

Other Voices

 Did you hear that the world as we know it will end soon? Superstorms like
Hurricane Sandy and Typhoon Haiyan, once rare, will be common. Clean
water will be scarce. Food shortages and disease will ravage the poor.
The Sixth Great Extinction of species, which we are witnessing, will
accelerate. And lots of war and violence is likely to accompany the
societal stresses, societal collapses and resulting mass migrations of
people trying to survive. These disasters are happening now, and are
predicted to get worse over the next 20 to 40 years. In fact, it will
likely happen quickly as a tipping point is reached that causes sudden
and extreme change.

If your source for news hasn't alerted you, find a better one. This news
affects you personally, unlike a missing plane or crazed shooter far away.
The fact that most folks did not hear about this real and important news
which says something about our ?lame-stream? media (roughly 90% of which
is controlled by just 6 companies). Contrary to the widely advertised
?fact? (by lame-stream media) that the media has a liberal bias, most
media is actually an extension of huge corporations that are only
interested in making money. (If you retain any doubt about that, search
online for ?15 things everyone would know if there were a liberal media?.)

These dire predictions of worldwide catastrophe represent the current
scientific knowledge relevant to climate change ? knowledge distilled from
hundreds of hard-headed, and often conservative, scientists, specialists
and experts. The Intergovernmental Panel on Climate Change (IPCC) has been
issuing reports since 1990, each one more certain and more dire than the
one before ? and always slower and more conservative than on-the-ground
reality. (This under-estimating is to be expected because of the
conservative nature of scientists and the consensus process used to write
the reports. Expected, but rarely noted.) On April 7, the IPCC issued the
second part of their latest 3-part assessment; this one considers observed
impacts and future risks of climate change. The report notes that research
on the effects of climate change has doubled since the last report in 2007
? and so has understanding about what needs to done to insulate people
from more severe consequences.

This second part follows the first part of their report issued last
September, which concluded the scientific evidence for climate change was
?unequivocal?. That report answered the question of ?what?s happening to
the climate and why?? This second part tackles the more practical ?So,
what does it mean for us??
 The short answer is ?lots of bad stuff will happen if we don't
dramatically reduce carbon emissions now.? The long answer is at
http://www.ipcc.ch/report/ar5/wg2/

For those of us living in California, the options for reducing CO2
emissions are plentiful. And it won't even require sacrifice. On a
per-capita basis, Europeans generate less than half the greenhouse gas
emissions as Americans, and their lives are every bit as comfortable as
ours - if not more so.

So, let's change! Although individuals can do a lot, to really turn things
around will require rule changes at the societal level. Rules that reward
carbon companies (oil, coal and gas) and penalize clean-energy companies
must change.

Nationally, our government is so gridlocked by special interest money and
Republican obstructionism that change will likely be delayed until we pass
the tipping point into a horrible future. Locally, however, LEAN and PACE
are two ways the City Council can help the residents of Milpitas, that is
?we the people?, to convert to clean energy.

LEAN stands for Local Energy Aggregation Network, a non-profit
organization helping communities develop clean energy CCAs nationwide.
(CCA is an acronym for Community Choice Aggregation, a form of group
purchasing.) Milpitas is already part of a CCA that purchases electricity
for city governments around the Bay. We could build on that success by
creating a program that extends those  benefits enjoyed by City Hall to
your home and mine.

Property Assessed Clean Energy (PACE) is a way to pay for upgrading
buildings with energy-efficiency and energy-generating features.
Interested property owners, including businesses, can get 100% financing
for their projects, and repay through a property tax assessment for up to
20 years.  This assessment mechanism eliminates upfront costs, provides
low-cost long-term financing, and makes it easy for owners to transfer the
PACE assets and debts to a new owner upon sale. To top it off, PACE
creates local private-sector jobs and makes our nation more energy
independent and secure by reducing demand for carbon fuels.  PACE programs
add value to a community ? whether by adding photo-voltaic (PV) panels or
reducing energy use - and enjoy bi-partisan support at federal, state and
local levels.

Currently, our governments are insufficiently prepared for the reality of
a changing climate that impacts our food, water, health and survival. If
we had retained President Carter's energy goals, our task would be easy.
If the progressive candidate Bill Clinton had been a progressive
President, we would not be in such a dire situation now. If our current
governments, including city councils, don't respond soon, we may all be
condemned to a world unfit for human beings.





From spencer.graves at prodsyse.com  Thu Apr 10 12:46:02 2014
From: spencer.graves at prodsyse.com (Spencer Graves)
Date: Thu, 10 Apr 2014 12:46:02 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>	<5345BFD7.4090800@truffula.us>	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>	<5345DCE2.1000305@truffula.us>	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>	<5345F9D1.4080107@truffula.us>	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
Message-ID: <5346F4FA.7000309@prodsyse.com>

Hi, Cameron, Drew, et al.:


       1.  Do you have any reactions to the suggestion that a user could 
increase rather than decrease their vulnerability if they change a 
password BEFORE a host fixes the software on their end? The concern is 
that some of the information stolen via Heartbleed may still need need 
more work to decode than a password change before the host software is 
patched.  If this is accurate, we should first check the hosts for our 
greatest vulnerabilities to ensure that they've installed an appropriate 
patch, then change our password, log out, then quickly log back in and 
change the password again, as Cameron suggested.  If I understand 
correctly, the need to change the password twice is because a data thief 
may catch the first password change but is unlikely to be able to react 
quickly enough with that new information to catch your second password 
change if you do it quickly enough.


       2.  Wikipedia has an article on "Heartbleed", which been updated 
every few minutes since it was created 2014-04-09 04:39 UTC.  If you 
have information that you feel is not properly reflected there, I'd like 
to know.  I might be able to help update it, though my schedule today is 
quite busy.


       Be safe.
       Spencer


On 4/10/2014 6:16 AM, Drew wrote:
> Cameron, I and others can help people move to a (user-friendly), 
> freedom-respecting GNU/Linux computer system such as Puppy Linux 
> http://puppylinux.com , or Zorin http://www.zorin-os.com/ , or Linux 
> Mint, etc.
>
> Green is Freedom!
>
> Drew
> -- 
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss


-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140410/ce7b0002/attachment.html>

From peacemovies at gmail.com  Thu Apr 10 22:07:49 2014
From: peacemovies at gmail.com (John Thielking)
Date: Thu, 10 Apr 2014 22:07:49 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <5346F4FA.7000309@prodsyse.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
	<5345DCE2.1000305@truffula.us>
	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>
	<5345F9D1.4080107@truffula.us>
	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
Message-ID: <CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>

KRON4 TV news had an interesting piece on this bug tonight. Hopefully they
rebroadcast it at 11 so you all can see it. They were saying that they
found out who created the bug, that it was a "mistake" and that it could
take years for all the web sites involved to be fixed. What a headache.

John Thielking


On Thu, Apr 10, 2014 at 12:46 PM, Spencer Graves <
spencer.graves at prodsyse.com> wrote:

>  Hi, Cameron, Drew, et al.:
>
>
>       1.  Do you have any reactions to the suggestion that a user could
> increase rather than decrease their vulnerability if they change a password
> BEFORE a host fixes the software on their end?  The concern is that some of
> the information stolen via Heartbleed may still need need more work to
> decode than a password change before the host software is patched.  If this
> is accurate, we should first check the hosts for our greatest
> vulnerabilities to ensure that they've installed an appropriate patch, then
> change our password, log out, then quickly log back in and change the
> password again, as Cameron suggested.  If I understand correctly, the need
> to change the password twice is because a data thief may catch the first
> password change but is unlikely to be able to react quickly enough with
> that new information to catch your second password change if you do it
> quickly enough.
>
>
>       2.  Wikipedia has an article on "Heartbleed", which been updated
> every few minutes since it was created 2014-04-09 04:39 UTC.  If you have
> information that you feel is not properly reflected there, I'd like to
> know.  I might be able to help update it, though my schedule today is quite
> busy.
>
>
>       Be safe.
>       Spencer
>
>
> On 4/10/2014 6:16 AM, Drew wrote:
>
> Cameron, I and others can help people move to a (user-friendly),
> freedom-respecting GNU/Linux computer system such as Puppy Linux
> http://puppylinux.com , or Zorin http://www.zorin-os.com/ , or Linux
> Mint, etc.
>
> Green is Freedom!
>
> Drew
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
> _______________________________________________
> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
>
>
> --
> Spencer Graves, PE, PhD
> President and Chief Technology Officer
> Structure Inspection and Monitoring, Inc.
> 751 Emerson Ct.
> San Jos?, CA 95126
> ph:  408-655-4567
> web:  www.structuremonitoring.com
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140410/960abcb3/attachment.html>

From cls at truffula.us  Fri Apr 11 08:45:52 2014
From: cls at truffula.us (Cameron L. Spitzer)
Date: Fri, 11 Apr 2014 08:45:52 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
	<5345DCE2.1000305@truffula.us>
	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>
	<5345F9D1.4080107@truffula.us>
	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
Message-ID: <53480E30.3040002@truffula.us>


I may have been unclear.
1.  Check your bank (etc) site for the vulnerability.
If it's bad, make a note.
2.  Change your password.

3.  Go back to the bad ones tomorrow and check them again.
4.  If a site has changed from bad to good, change your password there.

5.  Repeat again tomorrow until there are no more bad sites on your list.

If the first check of a site was good, you'll only change that site's 
password once.
If the first check was bad, you'll have to change your password twice.  
The first change deactivates the password which was probably stolen over 
the last two years, replacing it with a temporary password.  The second 
replaces the temporary password, which may also have been stolen.


The work your bank (etc) has to do is more elaborate.  They have to 
replace the trust certificates that SSL protects. because those have 
secret keys and they also could have been stolen.  However, when a site 
goes from bad to good it's a pretty good indication they're doing all of 
that.  The certs are mainly important for protecting you from impostor 
web sites.  Impostors are mainly a threat to people who follow links 
received in email, but they can also appear if the DNS is compromised 
anywhere along the line. That mostly happens to Microsoft Windows users 
with malware (that's most consumers who use Windows at home) and on 
corporate intranets.  Ironically, even though Microsoft's implementation 
of SSL was not affected, the prevalence of Windows malware greatly 
magnifies the vulnerability, One more example of how Windows ruins 
everything, even for non-Windows users!


The OpenSSL source code's history is visible at its Github page. Several 
security blogs show how you can look up the Dec 31 2011 change that 
introduced the bug and the April 7 2014 change that fixes it.  No 
stealthy detective work is needed.  However, Github is pretty swamped 
this week with everybody looking at these two changes, so you might get 
a timeout or a 500 error.

It will take years for everybody to fix everything.  There are home 
routers, ATM machines, point of sale terminals (we used to call them 
"cash registers") and other "appliances" (voting machines?) which use 
the buggy OpenSSL, and most consumers never update the firmware in those 
things.
Corporate intranets with huge software stacks (internal accounting 
processes etc) will be the most work.
But almost large consumer-facing commerce sites will have this fixed 
within a few weeks.  The fix isn't difficult for professionally managed 
web sites, and the urgency is high and unusually well understood.



On 04/10/2014 10:07 PM, John Thielking wrote:
> KRON4 TV news had an interesting piece on this bug tonight. Hopefully 
> they rebroadcast it at 11 so you all can see it. They were saying that 
> they found out who created the bug, that it was a "mistake" and that 
> it could take years for all the web sites involved to be fixed. What a 
> headache.
>
> John Thielking
>
>
> On Thu, Apr 10, 2014 at 12:46 PM, Spencer Graves 
> <spencer.graves at prodsyse.com <mailto:spencer.graves at prodsyse.com>> wrote:
>
>     Hi, Cameron, Drew, et al.:
>
>
>           1.  Do you have any reactions to the suggestion that a user
>     could increase rather than decrease their vulnerability if they
>     change a password BEFORE a host fixes the software on their end? 
>     The concern is that some of the information stolen via Heartbleed
>     may still need need more work to decode than a password change
>     before the host software is patched.  If this is accurate, we
>     should first check the hosts for our greatest vulnerabilities to
>     ensure that they've installed an appropriate patch, then change
>     our password, log out, then quickly log back in and change the
>     password again, as Cameron suggested.  If I understand correctly,
>     the need to change the password twice is because a data thief may
>     catch the first password change but is unlikely to be able to
>     react quickly enough with that new information to catch your
>     second password change if you do it quickly enough.
>
>
>           2.  Wikipedia has an article on "Heartbleed", which been
>     updated every few minutes since it was created 2014-04-09 04:39
>     UTC.  If you have information that you feel is not properly
>     reflected there, I'd like to know.  I might be able to help update
>     it, though my schedule today is quite busy.
>
>
>           Be safe.
>           Spencer
>
>
>     On 4/10/2014 6:16 AM, Drew wrote:
>>     Cameron, I and others can help people move to a (user-friendly),
>>     freedom-respecting GNU/Linux computer system such as Puppy Linux
>>     http://puppylinux.com , or Zorin http://www.zorin-os.com/ , or
>>     Linux Mint, etc.
>>
>>     Green is Freedom!
>>
>>     Drew
>>     -- 
>>     Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>
>>
>>     _______________________________________________
>>     sosfbay-discuss mailing list
>>     sosfbay-discuss at cagreens.org  <mailto:sosfbay-discuss at cagreens.org>
>>     http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
>
>     -- 
>     Spencer Graves, PE, PhD
>     President and Chief Technology Officer
>     Structure Inspection and Monitoring, Inc.
>     751 Emerson Ct.
>     San Jos?, CA 95126
>     ph:408-655-4567  <tel:408-655-4567>
>     web:www.structuremonitoring.com  <http://www.structuremonitoring.com>
>
>
>     _______________________________________________
>     sosfbay-discuss mailing list
>     sosfbay-discuss at cagreens.org <mailto:sosfbay-discuss at cagreens.org>
>     http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
>
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140411/a11aee51/attachment.html>

From peacemovies at gmail.com  Fri Apr 11 12:14:33 2014
From: peacemovies at gmail.com (John Thielking)
Date: Fri, 11 Apr 2014 12:14:33 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <53480E30.3040002@truffula.us>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
	<5345DCE2.1000305@truffula.us>
	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>
	<5345F9D1.4080107@truffula.us>
	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
	<53480E30.3040002@truffula.us>
Message-ID: <CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>

After reading this I'm not likely to trust ATMs for awhile with any of my
debit cards or credit cards. At least my latest credit card company and one
of my debit cards I'm pretty sure I can just go to the bank teller of any
bank and get a "cash advance" from the teller instead of using an ATM.
Often times I don't need a PIN when doing that, just a photo ID.  I think
the fees for that method may even be less than using the ATM anyway. Do you
think that the bank teller's systems are likely to be more secure than
their ATM's?
  Thanks for clarifying the other info Cameron.

Sincerely,

John Thielking


On Fri, Apr 11, 2014 at 8:45 AM, Cameron L. Spitzer <cls at truffula.us> wrote:

>
> I may have been unclear.
> 1.  Check your bank (etc) site for the vulnerability.
> If it's bad, make a note.
> 2.  Change your password.
>
> 3.  Go back to the bad ones tomorrow and check them again.
> 4.  If a site has changed from bad to good, change your password there.
>
> 5.  Repeat again tomorrow until there are no more bad sites on your list.
>
> If the first check of a site was good, you'll only change that site's
> password once.
> If the first check was bad, you'll have to change your password twice.
> The first change deactivates the password which was probably stolen over
> the last two years, replacing it with a temporary password.  The second
> replaces the temporary password, which may also have been stolen.
>
>
> The work your bank (etc) has to do is more elaborate.  They have to
> replace the trust certificates that SSL protects. because those have secret
> keys and they also could have been stolen.  However, when a site goes from
> bad to good it's a pretty good indication they're doing all of that.  The
> certs are mainly important for protecting you from impostor web sites.
> Impostors are mainly a threat to people who follow links received in email,
> but they can also appear if the DNS is compromised anywhere along the
> line.  That mostly happens to Microsoft Windows users with malware (that's
> most consumers who use Windows at home) and on corporate intranets.
> Ironically, even though Microsoft's implementation of SSL was not affected,
> the prevalence of Windows malware greatly magnifies the vulnerability, One
> more example of how Windows ruins everything, even for non-Windows users!
>
>
> The OpenSSL source code's history is visible at its Github page.  Several
> security blogs show how you can look up the Dec 31 2011 change that
> introduced the bug and the April 7 2014 change that fixes it.  No stealthy
> detective work is needed.  However, Github is pretty swamped this week with
> everybody looking at these two changes, so you might get a timeout or a 500
> error.
>
> It will take years for everybody to fix everything.  There are home
> routers, ATM machines, point of sale terminals (we used to call them "cash
> registers") and other "appliances" (voting machines?) which use the buggy
> OpenSSL, and most consumers never update the firmware in those things.
> Corporate intranets with huge software stacks (internal accounting
> processes etc) will be the most work.
> But almost large consumer-facing commerce sites will have this fixed
> within a few weeks.  The fix isn't difficult for professionally managed web
> sites, and the urgency is high and unusually well understood.
>
>
>
>
> On 04/10/2014 10:07 PM, John Thielking wrote:
>
>  KRON4 TV news had an interesting piece on this bug tonight. Hopefully
> they rebroadcast it at 11 so you all can see it. They were saying that they
> found out who created the bug, that it was a "mistake" and that it could
> take years for all the web sites involved to be fixed. What a headache.
>
>  John Thielking
>
>
> On Thu, Apr 10, 2014 at 12:46 PM, Spencer Graves <
> spencer.graves at prodsyse.com> wrote:
>
>>  Hi, Cameron, Drew, et al.:
>>
>>
>>       1.  Do you have any reactions to the suggestion that a user could
>> increase rather than decrease their vulnerability if they change a password
>> BEFORE a host fixes the software on their end?  The concern is that some of
>> the information stolen via Heartbleed may still need need more work to
>> decode than a password change before the host software is patched.  If this
>> is accurate, we should first check the hosts for our greatest
>> vulnerabilities to ensure that they've installed an appropriate patch, then
>> change our password, log out, then quickly log back in and change the
>> password again, as Cameron suggested.  If I understand correctly, the need
>> to change the password twice is because a data thief may catch the first
>> password change but is unlikely to be able to react quickly enough with
>> that new information to catch your second password change if you do it
>> quickly enough.
>>
>>
>>       2.  Wikipedia has an article on "Heartbleed", which been updated
>> every few minutes since it was created 2014-04-09 04:39 UTC.  If you have
>> information that you feel is not properly reflected there, I'd like to
>> know.  I might be able to help update it, though my schedule today is quite
>> busy.
>>
>>
>>       Be safe.
>>       Spencer
>>
>>
>> On 4/10/2014 6:16 AM, Drew wrote:
>>
>>  Cameron, I and others can help people move to a (user-friendly),
>> freedom-respecting GNU/Linux computer system such as Puppy Linux
>> http://puppylinux.com , or Zorin http://www.zorin-os.com/ , or Linux
>> Mint, etc.
>>
>> Green is Freedom!
>>
>> Drew
>> --
>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>
>>   _______________________________________________
>> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>
>>
>>
>> --
>> Spencer Graves, PE, PhD
>> President and Chief Technology Officer
>> Structure Inspection and Monitoring, Inc.
>> 751 Emerson Ct.
>> San Jos?, CA 95126
>> ph:  408-655-4567
>> web:  www.structuremonitoring.com
>>
>>
>> _______________________________________________
>> sosfbay-discuss mailing list
>> sosfbay-discuss at cagreens.org
>> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>
>
>
>
> _______________________________________________
> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140411/9d65b34f/attachment.html>

From peacemovies at gmail.com  Fri Apr 11 12:52:20 2014
From: peacemovies at gmail.com (John Thielking)
Date: Fri, 11 Apr 2014 12:52:20 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
	<5345DCE2.1000305@truffula.us>
	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>
	<5345F9D1.4080107@truffula.us>
	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
Message-ID: <CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>

People should also know that there may be additional security gaps in ATMs
and Point Of Sale terminals due to their owners' slow response to the need
to do away with using Windows XP. For instance, the last time I went to
Round Table Pizza a couple of weeks ago, the screen saver on their POS
terminal still said "Windows XP". Chase signed a contract for another year
of support from MS for Win XP for their ATMs, but I can only assume that
everyone else will no longer have support for Win XP after early April
2014.  Good luck on that one too.

John Thielking


On Fri, Apr 11, 2014 at 12:14 PM, John Thielking <peacemovies at gmail.com>wrote:

> After reading this I'm not likely to trust ATMs for awhile with any of my
> debit cards or credit cards. At least my latest credit card company and one
> of my debit cards I'm pretty sure I can just go to the bank teller of any
> bank and get a "cash advance" from the teller instead of using an ATM.
> Often times I don't need a PIN when doing that, just a photo ID.  I think
> the fees for that method may even be less than using the ATM anyway. Do you
> think that the bank teller's systems are likely to be more secure than
> their ATM's?
>   Thanks for clarifying the other info Cameron.
>
> Sincerely,
>
> John Thielking
>
>
> On Fri, Apr 11, 2014 at 8:45 AM, Cameron L. Spitzer <cls at truffula.us>wrote:
>
>>
>> I may have been unclear.
>> 1.  Check your bank (etc) site for the vulnerability.
>> If it's bad, make a note.
>> 2.  Change your password.
>>
>> 3.  Go back to the bad ones tomorrow and check them again.
>> 4.  If a site has changed from bad to good, change your password there.
>>
>> 5.  Repeat again tomorrow until there are no more bad sites on your list.
>>
>> If the first check of a site was good, you'll only change that site's
>> password once.
>> If the first check was bad, you'll have to change your password twice.
>> The first change deactivates the password which was probably stolen over
>> the last two years, replacing it with a temporary password.  The second
>> replaces the temporary password, which may also have been stolen.
>>
>>
>> The work your bank (etc) has to do is more elaborate.  They have to
>> replace the trust certificates that SSL protects. because those have secret
>> keys and they also could have been stolen.  However, when a site goes from
>> bad to good it's a pretty good indication they're doing all of that.  The
>> certs are mainly important for protecting you from impostor web sites.
>> Impostors are mainly a threat to people who follow links received in email,
>> but they can also appear if the DNS is compromised anywhere along the
>> line.  That mostly happens to Microsoft Windows users with malware (that's
>> most consumers who use Windows at home) and on corporate intranets.
>> Ironically, even though Microsoft's implementation of SSL was not affected,
>> the prevalence of Windows malware greatly magnifies the vulnerability, One
>> more example of how Windows ruins everything, even for non-Windows users!
>>
>>
>> The OpenSSL source code's history is visible at its Github page.  Several
>> security blogs show how you can look up the Dec 31 2011 change that
>> introduced the bug and the April 7 2014 change that fixes it.  No stealthy
>> detective work is needed.  However, Github is pretty swamped this week with
>> everybody looking at these two changes, so you might get a timeout or a 500
>> error.
>>
>> It will take years for everybody to fix everything.  There are home
>> routers, ATM machines, point of sale terminals (we used to call them "cash
>> registers") and other "appliances" (voting machines?) which use the buggy
>> OpenSSL, and most consumers never update the firmware in those things.
>> Corporate intranets with huge software stacks (internal accounting
>> processes etc) will be the most work.
>> But almost large consumer-facing commerce sites will have this fixed
>> within a few weeks.  The fix isn't difficult for professionally managed web
>> sites, and the urgency is high and unusually well understood.
>>
>>
>>
>>
>> On 04/10/2014 10:07 PM, John Thielking wrote:
>>
>>  KRON4 TV news had an interesting piece on this bug tonight. Hopefully
>> they rebroadcast it at 11 so you all can see it. They were saying that they
>> found out who created the bug, that it was a "mistake" and that it could
>> take years for all the web sites involved to be fixed. What a headache.
>>
>>  John Thielking
>>
>>
>> On Thu, Apr 10, 2014 at 12:46 PM, Spencer Graves <
>> spencer.graves at prodsyse.com> wrote:
>>
>>>  Hi, Cameron, Drew, et al.:
>>>
>>>
>>>       1.  Do you have any reactions to the suggestion that a user could
>>> increase rather than decrease their vulnerability if they change a password
>>> BEFORE a host fixes the software on their end?  The concern is that some of
>>> the information stolen via Heartbleed may still need need more work to
>>> decode than a password change before the host software is patched.  If this
>>> is accurate, we should first check the hosts for our greatest
>>> vulnerabilities to ensure that they've installed an appropriate patch, then
>>> change our password, log out, then quickly log back in and change the
>>> password again, as Cameron suggested.  If I understand correctly, the need
>>> to change the password twice is because a data thief may catch the first
>>> password change but is unlikely to be able to react quickly enough with
>>> that new information to catch your second password change if you do it
>>> quickly enough.
>>>
>>>
>>>       2.  Wikipedia has an article on "Heartbleed", which been updated
>>> every few minutes since it was created 2014-04-09 04:39 UTC.  If you have
>>> information that you feel is not properly reflected there, I'd like to
>>> know.  I might be able to help update it, though my schedule today is quite
>>> busy.
>>>
>>>
>>>       Be safe.
>>>       Spencer
>>>
>>>
>>> On 4/10/2014 6:16 AM, Drew wrote:
>>>
>>>  Cameron, I and others can help people move to a (user-friendly),
>>> freedom-respecting GNU/Linux computer system such as Puppy Linux
>>> http://puppylinux.com , or Zorin http://www.zorin-os.com/ , or Linux
>>> Mint, etc.
>>>
>>> Green is Freedom!
>>>
>>> Drew
>>> --
>>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>>
>>>   _______________________________________________
>>> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>>
>>>
>>>
>>> --
>>> Spencer Graves, PE, PhD
>>> President and Chief Technology Officer
>>> Structure Inspection and Monitoring, Inc.
>>> 751 Emerson Ct.
>>> San Jos?, CA 95126
>>> ph:  408-655-4567
>>> web:  www.structuremonitoring.com
>>>
>>>
>>> _______________________________________________
>>> sosfbay-discuss mailing list
>>> sosfbay-discuss at cagreens.org
>>> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>>
>>
>>
>>
>> _______________________________________________
>> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>
>>
>>
>> _______________________________________________
>> sosfbay-discuss mailing list
>> sosfbay-discuss at cagreens.org
>> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140411/b93a7054/attachment.html>

From peacemovies at gmail.com  Fri Apr 11 14:19:19 2014
From: peacemovies at gmail.com (John Thielking)
Date: Fri, 11 Apr 2014 14:19:19 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
	<5345DCE2.1000305@truffula.us>
	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>
	<5345F9D1.4080107@truffula.us>
	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
Message-ID: <CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>

Another more specific question for you Cameron:

Is the patch for the Heartbleed bug supported for systems running Windows
XP, which was just barely out of date as of the time of broad announcement
of the Heartbleed bug, or do the people currently running Windows XP also
have to upgrade their OS?  I know my home computer only has 500 MB of
memory so I can't just do an easy upgrade to Win 7.  I hope not too many
POS terminals are also in the same boat.  They should upgrade to a new OS
anyway, but this problem may just compound the problem presented by the
Heartbleed bug itself.

John Thielking


On Fri, Apr 11, 2014 at 12:52 PM, John Thielking <peacemovies at gmail.com>wrote:

> People should also know that there may be additional security gaps in ATMs
> and Point Of Sale terminals due to their owners' slow response to the need
> to do away with using Windows XP. For instance, the last time I went to
> Round Table Pizza a couple of weeks ago, the screen saver on their POS
> terminal still said "Windows XP". Chase signed a contract for another year
> of support from MS for Win XP for their ATMs, but I can only assume that
> everyone else will no longer have support for Win XP after early April
> 2014.  Good luck on that one too.
>
> John Thielking
>
>
> On Fri, Apr 11, 2014 at 12:14 PM, John Thielking <peacemovies at gmail.com>wrote:
>
>> After reading this I'm not likely to trust ATMs for awhile with any of my
>> debit cards or credit cards. At least my latest credit card company and one
>> of my debit cards I'm pretty sure I can just go to the bank teller of any
>> bank and get a "cash advance" from the teller instead of using an ATM.
>> Often times I don't need a PIN when doing that, just a photo ID.  I think
>> the fees for that method may even be less than using the ATM anyway. Do you
>> think that the bank teller's systems are likely to be more secure than
>> their ATM's?
>>   Thanks for clarifying the other info Cameron.
>>
>> Sincerely,
>>
>> John Thielking
>>
>>
>> On Fri, Apr 11, 2014 at 8:45 AM, Cameron L. Spitzer <cls at truffula.us>wrote:
>>
>>>
>>> I may have been unclear.
>>> 1.  Check your bank (etc) site for the vulnerability.
>>> If it's bad, make a note.
>>> 2.  Change your password.
>>>
>>> 3.  Go back to the bad ones tomorrow and check them again.
>>> 4.  If a site has changed from bad to good, change your password there.
>>>
>>> 5.  Repeat again tomorrow until there are no more bad sites on your list.
>>>
>>> If the first check of a site was good, you'll only change that site's
>>> password once.
>>> If the first check was bad, you'll have to change your password twice.
>>> The first change deactivates the password which was probably stolen over
>>> the last two years, replacing it with a temporary password.  The second
>>> replaces the temporary password, which may also have been stolen.
>>>
>>>
>>> The work your bank (etc) has to do is more elaborate.  They have to
>>> replace the trust certificates that SSL protects. because those have secret
>>> keys and they also could have been stolen.  However, when a site goes from
>>> bad to good it's a pretty good indication they're doing all of that.  The
>>> certs are mainly important for protecting you from impostor web sites.
>>> Impostors are mainly a threat to people who follow links received in email,
>>> but they can also appear if the DNS is compromised anywhere along the
>>> line.  That mostly happens to Microsoft Windows users with malware (that's
>>> most consumers who use Windows at home) and on corporate intranets.
>>> Ironically, even though Microsoft's implementation of SSL was not affected,
>>> the prevalence of Windows malware greatly magnifies the vulnerability, One
>>> more example of how Windows ruins everything, even for non-Windows users!
>>>
>>>
>>> The OpenSSL source code's history is visible at its Github page.
>>> Several security blogs show how you can look up the Dec 31 2011 change that
>>> introduced the bug and the April 7 2014 change that fixes it.  No stealthy
>>> detective work is needed.  However, Github is pretty swamped this week with
>>> everybody looking at these two changes, so you might get a timeout or a 500
>>> error.
>>>
>>> It will take years for everybody to fix everything.  There are home
>>> routers, ATM machines, point of sale terminals (we used to call them "cash
>>> registers") and other "appliances" (voting machines?) which use the buggy
>>> OpenSSL, and most consumers never update the firmware in those things.
>>> Corporate intranets with huge software stacks (internal accounting
>>> processes etc) will be the most work.
>>> But almost large consumer-facing commerce sites will have this fixed
>>> within a few weeks.  The fix isn't difficult for professionally managed web
>>> sites, and the urgency is high and unusually well understood.
>>>
>>>
>>>
>>>
>>> On 04/10/2014 10:07 PM, John Thielking wrote:
>>>
>>>  KRON4 TV news had an interesting piece on this bug tonight. Hopefully
>>> they rebroadcast it at 11 so you all can see it. They were saying that they
>>> found out who created the bug, that it was a "mistake" and that it could
>>> take years for all the web sites involved to be fixed. What a headache.
>>>
>>>  John Thielking
>>>
>>>
>>> On Thu, Apr 10, 2014 at 12:46 PM, Spencer Graves <
>>> spencer.graves at prodsyse.com> wrote:
>>>
>>>>  Hi, Cameron, Drew, et al.:
>>>>
>>>>
>>>>       1.  Do you have any reactions to the suggestion that a user could
>>>> increase rather than decrease their vulnerability if they change a password
>>>> BEFORE a host fixes the software on their end?  The concern is that some of
>>>> the information stolen via Heartbleed may still need need more work to
>>>> decode than a password change before the host software is patched.  If this
>>>> is accurate, we should first check the hosts for our greatest
>>>> vulnerabilities to ensure that they've installed an appropriate patch, then
>>>> change our password, log out, then quickly log back in and change the
>>>> password again, as Cameron suggested.  If I understand correctly, the need
>>>> to change the password twice is because a data thief may catch the first
>>>> password change but is unlikely to be able to react quickly enough with
>>>> that new information to catch your second password change if you do it
>>>> quickly enough.
>>>>
>>>>
>>>>       2.  Wikipedia has an article on "Heartbleed", which been updated
>>>> every few minutes since it was created 2014-04-09 04:39 UTC.  If you have
>>>> information that you feel is not properly reflected there, I'd like to
>>>> know.  I might be able to help update it, though my schedule today is quite
>>>> busy.
>>>>
>>>>
>>>>       Be safe.
>>>>       Spencer
>>>>
>>>>
>>>> On 4/10/2014 6:16 AM, Drew wrote:
>>>>
>>>>  Cameron, I and others can help people move to a (user-friendly),
>>>> freedom-respecting GNU/Linux computer system such as Puppy Linux
>>>> http://puppylinux.com , or Zorin http://www.zorin-os.com/ , or Linux
>>>> Mint, etc.
>>>>
>>>> Green is Freedom!
>>>>
>>>> Drew
>>>> --
>>>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>>>
>>>>   _______________________________________________
>>>> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>>>
>>>>
>>>>
>>>> --
>>>> Spencer Graves, PE, PhD
>>>> President and Chief Technology Officer
>>>> Structure Inspection and Monitoring, Inc.
>>>> 751 Emerson Ct.
>>>> San Jos?, CA 95126
>>>> ph:  408-655-4567
>>>> web:  www.structuremonitoring.com
>>>>
>>>>
>>>> _______________________________________________
>>>> sosfbay-discuss mailing list
>>>> sosfbay-discuss at cagreens.org
>>>> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>>
>>>
>>>
>>> _______________________________________________
>>> sosfbay-discuss mailing list
>>> sosfbay-discuss at cagreens.org
>>> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140411/bfe76a14/attachment.html>

From peacemovies at gmail.com  Fri Apr 11 15:29:36 2014
From: peacemovies at gmail.com (John Thielking)
Date: Fri, 11 Apr 2014 15:29:36 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
	<5345DCE2.1000305@truffula.us>
	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>
	<5345F9D1.4080107@truffula.us>
	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
Message-ID: <CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>

Sorry to keep dragging this out, but I finally decided to search the RT.com
web site using the search term "computer hardware" to see if I could find
an article or two relating to my previous statement that RT.com broadcast
the claim that computer hardware in general has been compromised by the
NSA. I did find the following article at

http://rt.com/op-edge/nsa-hacking-individual-computers-008/


that states that some of the material provided by Snowden does in fact
indicate that some people's computers are implanted with special chips to
aid the NSA in monitoring them. This may not be widespread just yet, but it
does fit with previously broadcast info from RT.com that was saying that
certain people's laptops that have been ordered online are sometimes
transhipped to special NSA facilities where they have their hardware
modified to contain implanted viruses or malware (in the CMOS perhaps?).
Of course the article also says that the NSA may choose to bug all
computers sold in a specific city, if that city is a region of interest for
the NSA. I'll bet that Eugene, Oregon (Berkeley North) could be one of
those places. And who knows, they might put radio bugs in all the watches
sold there too.
  More to think about I guess.

A more speculative opinion piece is located here:

http://rt.com/op-edge/nsa-spying-future-total-952/


and a link to the Derspiegal article that this stuff is based on is
contained here:

http://rt.com/op-edge/annie-machon-nsa-spying-925/<http://rt.com/op-edge/nsa-spying-future-total-952/>

Any further thoughts?

John Thielking


On Fri, Apr 11, 2014 at 2:19 PM, John Thielking <peacemovies at gmail.com>wrote:

> Another more specific question for you Cameron:
>
> Is the patch for the Heartbleed bug supported for systems running Windows
> XP, which was just barely out of date as of the time of broad announcement
> of the Heartbleed bug, or do the people currently running Windows XP also
> have to upgrade their OS?  I know my home computer only has 500 MB of
> memory so I can't just do an easy upgrade to Win 7.  I hope not too many
> POS terminals are also in the same boat.  They should upgrade to a new OS
> anyway, but this problem may just compound the problem presented by the
> Heartbleed bug itself.
>
> John Thielking
>
>
> On Fri, Apr 11, 2014 at 12:52 PM, John Thielking <peacemovies at gmail.com>wrote:
>
>> People should also know that there may be additional security gaps in
>> ATMs and Point Of Sale terminals due to their owners' slow response to the
>> need to do away with using Windows XP. For instance, the last time I went
>> to Round Table Pizza a couple of weeks ago, the screen saver on their POS
>> terminal still said "Windows XP". Chase signed a contract for another year
>> of support from MS for Win XP for their ATMs, but I can only assume that
>> everyone else will no longer have support for Win XP after early April
>> 2014.  Good luck on that one too.
>>
>> John Thielking
>>
>>
>> On Fri, Apr 11, 2014 at 12:14 PM, John Thielking <peacemovies at gmail.com>wrote:
>>
>>> After reading this I'm not likely to trust ATMs for awhile with any of
>>> my debit cards or credit cards. At least my latest credit card company and
>>> one of my debit cards I'm pretty sure I can just go to the bank teller of
>>> any bank and get a "cash advance" from the teller instead of using an ATM.
>>> Often times I don't need a PIN when doing that, just a photo ID.  I think
>>> the fees for that method may even be less than using the ATM anyway. Do you
>>> think that the bank teller's systems are likely to be more secure than
>>> their ATM's?
>>>   Thanks for clarifying the other info Cameron.
>>>
>>> Sincerely,
>>>
>>> John Thielking
>>>
>>>
>>> On Fri, Apr 11, 2014 at 8:45 AM, Cameron L. Spitzer <cls at truffula.us>wrote:
>>>
>>>>
>>>> I may have been unclear.
>>>> 1.  Check your bank (etc) site for the vulnerability.
>>>> If it's bad, make a note.
>>>> 2.  Change your password.
>>>>
>>>> 3.  Go back to the bad ones tomorrow and check them again.
>>>> 4.  If a site has changed from bad to good, change your password there.
>>>>
>>>> 5.  Repeat again tomorrow until there are no more bad sites on your
>>>> list.
>>>>
>>>> If the first check of a site was good, you'll only change that site's
>>>> password once.
>>>> If the first check was bad, you'll have to change your password twice.
>>>> The first change deactivates the password which was probably stolen over
>>>> the last two years, replacing it with a temporary password.  The second
>>>> replaces the temporary password, which may also have been stolen.
>>>>
>>>>
>>>> The work your bank (etc) has to do is more elaborate.  They have to
>>>> replace the trust certificates that SSL protects. because those have secret
>>>> keys and they also could have been stolen.  However, when a site goes from
>>>> bad to good it's a pretty good indication they're doing all of that.  The
>>>> certs are mainly important for protecting you from impostor web sites.
>>>> Impostors are mainly a threat to people who follow links received in email,
>>>> but they can also appear if the DNS is compromised anywhere along the
>>>> line.  That mostly happens to Microsoft Windows users with malware (that's
>>>> most consumers who use Windows at home) and on corporate intranets.
>>>> Ironically, even though Microsoft's implementation of SSL was not affected,
>>>> the prevalence of Windows malware greatly magnifies the vulnerability, One
>>>> more example of how Windows ruins everything, even for non-Windows users!
>>>>
>>>>
>>>> The OpenSSL source code's history is visible at its Github page.
>>>> Several security blogs show how you can look up the Dec 31 2011 change that
>>>> introduced the bug and the April 7 2014 change that fixes it.  No stealthy
>>>> detective work is needed.  However, Github is pretty swamped this week with
>>>> everybody looking at these two changes, so you might get a timeout or a 500
>>>> error.
>>>>
>>>> It will take years for everybody to fix everything.  There are home
>>>> routers, ATM machines, point of sale terminals (we used to call them "cash
>>>> registers") and other "appliances" (voting machines?) which use the buggy
>>>> OpenSSL, and most consumers never update the firmware in those things.
>>>> Corporate intranets with huge software stacks (internal accounting
>>>> processes etc) will be the most work.
>>>> But almost large consumer-facing commerce sites will have this fixed
>>>> within a few weeks.  The fix isn't difficult for professionally managed web
>>>> sites, and the urgency is high and unusually well understood.
>>>>
>>>>
>>>>
>>>>
>>>> On 04/10/2014 10:07 PM, John Thielking wrote:
>>>>
>>>>  KRON4 TV news had an interesting piece on this bug tonight. Hopefully
>>>> they rebroadcast it at 11 so you all can see it. They were saying that they
>>>> found out who created the bug, that it was a "mistake" and that it could
>>>> take years for all the web sites involved to be fixed. What a headache.
>>>>
>>>>  John Thielking
>>>>
>>>>
>>>> On Thu, Apr 10, 2014 at 12:46 PM, Spencer Graves <
>>>> spencer.graves at prodsyse.com> wrote:
>>>>
>>>>>  Hi, Cameron, Drew, et al.:
>>>>>
>>>>>
>>>>>       1.  Do you have any reactions to the suggestion that a user
>>>>> could increase rather than decrease their vulnerability if they change a
>>>>> password BEFORE a host fixes the software on their end?  The concern is
>>>>> that some of the information stolen via Heartbleed may still need need more
>>>>> work to decode than a password change before the host software is patched.
>>>>> If this is accurate, we should first check the hosts for our greatest
>>>>> vulnerabilities to ensure that they've installed an appropriate patch, then
>>>>> change our password, log out, then quickly log back in and change the
>>>>> password again, as Cameron suggested.  If I understand correctly, the need
>>>>> to change the password twice is because a data thief may catch the first
>>>>> password change but is unlikely to be able to react quickly enough with
>>>>> that new information to catch your second password change if you do it
>>>>> quickly enough.
>>>>>
>>>>>
>>>>>       2.  Wikipedia has an article on "Heartbleed", which been updated
>>>>> every few minutes since it was created 2014-04-09 04:39 UTC.  If you have
>>>>> information that you feel is not properly reflected there, I'd like to
>>>>> know.  I might be able to help update it, though my schedule today is quite
>>>>> busy.
>>>>>
>>>>>
>>>>>       Be safe.
>>>>>       Spencer
>>>>>
>>>>>
>>>>> On 4/10/2014 6:16 AM, Drew wrote:
>>>>>
>>>>>  Cameron, I and others can help people move to a (user-friendly),
>>>>> freedom-respecting GNU/Linux computer system such as Puppy Linux
>>>>> http://puppylinux.com , or Zorin http://www.zorin-os.com/ , or Linux
>>>>> Mint, etc.
>>>>>
>>>>> Green is Freedom!
>>>>>
>>>>> Drew
>>>>> --
>>>>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>>>>
>>>>>   _______________________________________________
>>>>> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Spencer Graves, PE, PhD
>>>>> President and Chief Technology Officer
>>>>> Structure Inspection and Monitoring, Inc.
>>>>> 751 Emerson Ct.
>>>>> San Jos?, CA 95126
>>>>> ph:  408-655-4567
>>>>> web:  www.structuremonitoring.com
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> sosfbay-discuss mailing list
>>>>> sosfbay-discuss at cagreens.org
>>>>> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> sosfbay-discuss mailing list
>>>> sosfbay-discuss at cagreens.org
>>>> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140411/efcbc703/attachment.html>

From spencer.graves at prodsyse.com  Fri Apr 11 21:33:36 2014
From: spencer.graves at prodsyse.com (Spencer Graves)
Date: Fri, 11 Apr 2014 21:33:36 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>	<5345BFD7.4090800@truffula.us>	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>	<5345DCE2.1000305@truffula.us>	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>	<5345F9D1.4080107@truffula.us>	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>	<5346F4FA.7000309@prodsyse.com>	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>	<53480E30.3040002@truffula.us>	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
Message-ID: <5348C220.9020504@prodsyse.com>

Hi, Cameron, et al.:


       A discussion of how to deal with problems like Heartbleed is now 
available on Wikiversity, "Managing risk from cyber attacks".


       Please revise this as you see fit or send suggestions to me.  
Cameron has done a great service in providing his expertise on this 
list.  The Wikipedia article on Heartbleed received almost 47,000 views 
on April 11 (UTC), and over 39,000 on the three previous days combined.  
If this Wikiversity article gets a small portion of that number of 
views, it will provide a great service humanity.


       Creating that article helped me think through what seemed like a 
sensible reaction.  Alarmists said we should change all our passwords.  
I think that's overkill.  Even creating a simple list of all the 
accounts and passwords I've created over the years was more work than I 
felt justified.  And creating such a list would miss the point.  We need 
to worry about the financial institutions that manage savings.  If cyber 
thieves drain those accounts, it could create big problems for us.  For 
more, see the Wikiversity article 
(https://en.wikiversity.org/wiki/Managing_risk_from_cyber_attacks).


       Thanks again, Cameron -- and thanks to John and Drew for their 
additional comments.


       Spencer


On 4/11/2014 3:29 PM, John Thielking wrote:
> Sorry to keep dragging this out, but I finally decided to search the 
> RT.com web site using the search term "computer hardware" to see if I 
> could find an article or two relating to my previous statement that 
> RT.com broadcast the claim that computer hardware in general has been 
> compromised by the NSA. I did find the following article at
>
> http://rt.com/op-edge/nsa-hacking-individual-computers-008/
>
>
> that states that some of the material provided by Snowden does in fact 
> indicate that some people's computers are implanted with special chips 
> to aid the NSA in monitoring them. This may not be widespread just 
> yet, but it does fit with previously broadcast info from RT.com that 
> was saying that certain people's laptops that have been ordered online 
> are sometimes transhipped to special NSA facilities where they have 
> their hardware modified to contain implanted viruses or malware (in 
> the CMOS perhaps?).  Of course the article also says that the NSA may 
> choose to bug all computers sold in a specific city, if that city is a 
> region of interest for the NSA. I'll bet that Eugene, Oregon (Berkeley 
> North) could be one of those places. And who knows, they might put 
> radio bugs in all the watches sold there too.
>   More to think about I guess.
>
> A more speculative opinion piece is located here:
>
> http://rt.com/op-edge/nsa-spying-future-total-952/
>
>
> and a link to the Derspiegal article that this stuff is based on is 
> contained here:
>
> http://rt.com/op-edge/annie-machon-nsa-spying-925/ 
> <http://rt.com/op-edge/nsa-spying-future-total-952/>
>
>
> Any further thoughts?
>
> John Thielking
>
>
> On Fri, Apr 11, 2014 at 2:19 PM, John Thielking <peacemovies at gmail.com 
> <mailto:peacemovies at gmail.com>> wrote:
>
>     Another more specific question for you Cameron:
>
>     Is the patch for the Heartbleed bug supported for systems running
>     Windows XP, which was just barely out of date as of the time of
>     broad announcement of the Heartbleed bug, or do the people
>     currently running Windows XP also have to upgrade their OS?  I
>     know my home computer only has 500 MB of memory so I can't just do
>     an easy upgrade to Win 7.  I hope not too many POS terminals are
>     also in the same boat.  They should upgrade to a new OS anyway,
>     but this problem may just compound the problem presented by the
>     Heartbleed bug itself.
>
>     John Thielking
>
>
>     On Fri, Apr 11, 2014 at 12:52 PM, John Thielking
>     <peacemovies at gmail.com <mailto:peacemovies at gmail.com>> wrote:
>
>         People should also know that there may be additional security
>         gaps in ATMs and Point Of Sale terminals due to their owners'
>         slow response to the need to do away with using Windows XP.
>         For instance, the last time I went to Round Table Pizza a
>         couple of weeks ago, the screen saver on their POS terminal
>         still said "Windows XP". Chase signed a contract for another
>         year of support from MS for Win XP for their ATMs, but I can
>         only assume that everyone else will no longer have support for
>         Win XP after early April 2014.  Good luck on that one too.
>
>         John Thielking
>
>
>         On Fri, Apr 11, 2014 at 12:14 PM, John Thielking
>         <peacemovies at gmail.com <mailto:peacemovies at gmail.com>> wrote:
>
>             After reading this I'm not likely to trust ATMs for awhile
>             with any of my debit cards or credit cards. At least my
>             latest credit card company and one of my debit cards I'm
>             pretty sure I can just go to the bank teller of any bank
>             and get a "cash advance" from the teller instead of using
>             an ATM. Often times I don't need a PIN when doing that,
>             just a photo ID.  I think the fees for that method may
>             even be less than using the ATM anyway. Do you think that
>             the bank teller's systems are likely to be more secure
>             than their ATM's?
>               Thanks for clarifying the other info Cameron.
>
>             Sincerely,
>
>             John Thielking
>
>
>             On Fri, Apr 11, 2014 at 8:45 AM, Cameron L. Spitzer
>             <cls at truffula.us <mailto:cls at truffula.us>> wrote:
>
>
>                 I may have been unclear.
>                 1.  Check your bank (etc) site for the vulnerability.
>                 If it's bad, make a note.
>                 2.  Change your password.
>
>                 3.  Go back to the bad ones tomorrow and check them again.
>                 4.  If a site has changed from bad to good, change
>                 your password there.
>
>                 5.  Repeat again tomorrow until there are no more bad
>                 sites on your list.
>
>                 If the first check of a site was good, you'll only
>                 change that site's password once.
>                 If the first check was bad, you'll have to change your
>                 password twice.  The first change deactivates the
>                 password which was probably stolen over the last two
>                 years, replacing it with a temporary password.  The
>                 second replaces the temporary password, which may also
>                 have been stolen.
>
>
>                 The work your bank (etc) has to do is more elaborate. 
>                 They have to replace the trust certificates that SSL
>                 protects. because those have secret keys and they also
>                 could have been stolen.  However, when a site goes
>                 from bad to good it's a pretty good indication they're
>                 doing all of that.  The certs are mainly important for
>                 protecting you from impostor web sites. Impostors are
>                 mainly a threat to people who follow links received in
>                 email, but they can also appear if the DNS is
>                 compromised anywhere along the line.  That mostly
>                 happens to Microsoft Windows users with malware
>                 (that's most consumers who use Windows at home) and on
>                 corporate intranets. Ironically, even though
>                 Microsoft's implementation of SSL was not affected,
>                 the prevalence of Windows malware greatly magnifies
>                 the vulnerability, One more example of how Windows
>                 ruins everything, even for non-Windows users!
>
>
>                 The OpenSSL source code's history is visible at its
>                 Github page.  Several security blogs show how you can
>                 look up the Dec 31 2011 change that introduced the bug
>                 and the April 7 2014 change that fixes it.  No
>                 stealthy detective work is needed. However, Github is
>                 pretty swamped this week with everybody looking at
>                 these two changes, so you might get a timeout or a 500
>                 error.
>
>                 It will take years for everybody to fix everything. 
>                 There are home routers, ATM machines, point of sale
>                 terminals (we used to call them "cash registers") and
>                 other "appliances" (voting machines?) which use the
>                 buggy OpenSSL, and most consumers never update the
>                 firmware in those things.
>                 Corporate intranets with huge software stacks
>                 (internal accounting processes etc) will be the most work.
>                 But almost large consumer-facing commerce sites will
>                 have this fixed within a few weeks.  The fix isn't
>                 difficult for professionally managed web sites, and
>                 the urgency is high and unusually well understood.
>
>
>
>
>                 On 04/10/2014 10:07 PM, John Thielking wrote:
>>                 KRON4 TV news had an interesting piece on this bug
>>                 tonight. Hopefully they rebroadcast it at 11 so you
>>                 all can see it. They were saying that they found out
>>                 who created the bug, that it was a "mistake" and that
>>                 it could take years for all the web sites involved to
>>                 be fixed. What a headache.
>>
>>                 John Thielking
>>
>>
>>                 On Thu, Apr 10, 2014 at 12:46 PM, Spencer Graves
>>                 <spencer.graves at prodsyse.com
>>                 <mailto:spencer.graves at prodsyse.com>> wrote:
>>
>>                     Hi, Cameron, Drew, et al.:
>>
>>
>>                           1.  Do you have any reactions to the
>>                     suggestion that a user could increase rather than
>>                     decrease their vulnerability if they change a
>>                     password BEFORE a host fixes the software on
>>                     their end? The concern is that some of the
>>                     information stolen via Heartbleed may still need
>>                     need more work to decode than a password change
>>                     before the host software is patched.  If this is
>>                     accurate, we should first check the hosts for our
>>                     greatest vulnerabilities to ensure that they've
>>                     installed an appropriate patch, then change our
>>                     password, log out, then quickly log back in and
>>                     change the password again, as Cameron suggested. 
>>                     If I understand correctly, the need to change the
>>                     password twice is because a data thief may catch
>>                     the first password change but is unlikely to be
>>                     able to react quickly enough with that new
>>                     information to catch your second password change
>>                     if you do it quickly enough.
>>
>>
>>                           2. Wikipedia has an article on
>>                     "Heartbleed", which been updated every few
>>                     minutes since it was created 2014-04-09 04:39
>>                     UTC.  If you have information that you feel is
>>                     not properly reflected there, I'd like to know. I
>>                     might be able to help update it, though my
>>                     schedule today is quite busy.
>>
>>
>>                           Be safe.
>>                           Spencer
>>
>>
>>                     On 4/10/2014 6:16 AM, Drew wrote:
>>>                     Cameron, I and others can help people move to a
>>>                     (user-friendly), freedom-respecting GNU/Linux
>>>                     computer system such as Puppy Linux
>>>                     http://puppylinux.com , or Zorin
>>>                     http://www.zorin-os.com/ , or Linux Mint, etc.
>>>
>>>                     Green is Freedom!
>>>
>>>                     Drew
>>>                     -- 
>>>                     Sent from my Android device with K-9 Mail.
>>>                     Please excuse my brevity.
>>>
>>>
>>
>>                     _______________________________________________
>>                     sosfbay-discuss mailing list
>>                     sosfbay-discuss at cagreens.org
>>                     <mailto:sosfbay-discuss at cagreens.org>
>>                     http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>
>

-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140411/13ad8b64/attachment.html>

From tnharter at aceweb.com  Sat Apr 12 00:57:11 2014
From: tnharter at aceweb.com (Tian Harter)
Date: Sat, 12 Apr 2014 00:57:11 -0700
Subject: [GPSCC-chat] Gayle McLaughlin spoke in San Jose
Message-ID: <5348F1D7.3080004@aceweb.com>

Please visit this page for my writeup of the event:

http://tian.greens.org/SanJose/HumanAgenda/GayleMcLaughlinApril9th14.html

Those who were there, if you see something on that page that can be improved
please let me know.

-- 
Tian
http://tian.greens.org
Latest change: Added pictures from SJBPs Hippies vs. Hipsters Ride.
There's a dog angel on a Kentucky quarter in my home.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140412/f938b3db/attachment.html>

From peacemovies at gmail.com  Sat Apr 12 08:05:54 2014
From: peacemovies at gmail.com (John Thielking)
Date: Sat, 12 Apr 2014 08:05:54 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <5348C220.9020504@prodsyse.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
	<5345DCE2.1000305@truffula.us>
	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>
	<5345F9D1.4080107@truffula.us>
	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
	<5348C220.9020504@prodsyse.com>
Message-ID: <CAMxmhMdGaMFULruCU5cfmaQY+S49d8y4VcVubgezfy8_N9gzYg@mail.gmail.com>

Thanks for the web update Spencer. I double checked my Direct Express
online account and it is possible to send money to another bank account
after logging in, but there is also what is called "two factor security"
involved. It seems that I have to enter the code on the back of my debit
card before I can transfer money and even then the transaction might be
declined by Comerica Bank. I'm working with the account issuer to disable
online access and have them send me a paper bill in the mail with all of my
transactions for the month listed instead of having online access, but it
is not clear how much trouble it will be to do this since the customer
service rep said they weren't sure if it was possible to do this for an
active online account. She had the tech support people arrange to call me
back sometime next week. She also said that it was not possible to only
disable the online funds transfer feature and online bill pay. Two factor
security is better than just having a password and login required before
you can send money from an online bank account. If your bank doesn't have
at least that level of security, they are fools and you should switch banks
or at least disable online access for your account. Hopefully my security
code is secure on the Direct Express web site as I've never entered that
code when using that site. I'm still going to disable online access
entirely ASAP if I am allowed to do that.

On a related note, I did a search to find out if the Heartbleed bug affects
security for credit card numbers and PINs, not just passwords, and found at
least one article that confirms that it DOES affect other data such as CC
numbers. That article is located here:

http://www.christianpost.com/news/heart-bleed-virus-update-open-ssl-computer-bug-how-to-protect-your-security-passwords-for-gmail-yahoo-facebook-117732/


I also did a search to try to find out if the Heartbleed patch is available
for Windows XP. I found a bunch of articles that talked about the end of XP
security support on April 8, 2014 and that talked about the Heartbleed bug,
but none of the articles raised any alarms for XP users trying to patch the
Heartbleed bug.

John Thielking


On Fri, Apr 11, 2014 at 9:33 PM, Spencer Graves <spencer.graves at prodsyse.com
> wrote:

>  Hi, Cameron, et al.:
>
>
>       A discussion of how to deal with problems like Heartbleed is now
> available on Wikiversity, "Managing risk from cyber attacks".
>
>
>       Please revise this as you see fit or send suggestions to me.
> Cameron has done a great service in providing his expertise on this list.
> The Wikipedia article on Heartbleed received almost 47,000 views on April
> 11 (UTC), and over 39,000 on the three previous days combined.  If this
> Wikiversity article gets a small portion of that number of views, it will
> provide a great service humanity.
>
>
>       Creating that article helped me think through what seemed like a
> sensible reaction.  Alarmists said we should change all our passwords.  I
> think that's overkill.  Even creating a simple list of all the accounts and
> passwords I've created over the years was more work than I felt justified.
> And creating such a list would miss the point.  We need to worry about the
> financial institutions that manage savings.  If cyber thieves drain those
> accounts, it could create big problems for us.  For more, see the
> Wikiversity article (
> https://en.wikiversity.org/wiki/Managing_risk_from_cyber_attacks).
>
>
>       Thanks again, Cameron -- and thanks to John and Drew for their
> additional comments.
>
>
>       Spencer
>
>
> On 4/11/2014 3:29 PM, John Thielking wrote:
>
>   Sorry to keep dragging this out, but I finally decided to search the
> RT.com web site using the search term "computer hardware" to see if I could
> find an article or two relating to my previous statement that RT.com
> broadcast the claim that computer hardware in general has been compromised
> by the NSA. I did find the following article at
>
> http://rt.com/op-edge/nsa-hacking-individual-computers-008/
>
>
>  that states that some of the material provided by Snowden does in fact
> indicate that some people's computers are implanted with special chips to
> aid the NSA in monitoring them. This may not be widespread just yet, but it
> does fit with previously broadcast info from RT.com that was saying that
> certain people's laptops that have been ordered online are sometimes
> transhipped to special NSA facilities where they have their hardware
> modified to contain implanted viruses or malware (in the CMOS perhaps?).
> Of course the article also says that the NSA may choose to bug all
> computers sold in a specific city, if that city is a region of interest for
> the NSA. I'll bet that Eugene, Oregon (Berkeley North) could be one of
> those places. And who knows, they might put radio bugs in all the watches
> sold there too.
>    More to think about I guess.
>
>  A more speculative opinion piece is located here:
>
> http://rt.com/op-edge/nsa-spying-future-total-952/
>
>
>  and a link to the Derspiegal article that this stuff is based on is
> contained here:
>
> http://rt.com/op-edge/annie-machon-nsa-spying-925/<http://rt.com/op-edge/nsa-spying-future-total-952/>
>
>  Any further thoughts?
>
>  John Thielking
>
>
> On Fri, Apr 11, 2014 at 2:19 PM, John Thielking <peacemovies at gmail.com>wrote:
>
>>  Another more specific question for you Cameron:
>>
>>  Is the patch for the Heartbleed bug supported for systems running
>> Windows XP, which was just barely out of date as of the time of broad
>> announcement of the Heartbleed bug, or do the people currently running
>> Windows XP also have to upgrade their OS?  I know my home computer only has
>> 500 MB of memory so I can't just do an easy upgrade to Win 7.  I hope not
>> too many POS terminals are also in the same boat.  They should upgrade to a
>> new OS anyway, but this problem may just compound the problem presented by
>> the Heartbleed bug itself.
>>
>>  John Thielking
>>
>>
>> On Fri, Apr 11, 2014 at 12:52 PM, John Thielking <peacemovies at gmail.com>wrote:
>>
>>>  People should also know that there may be additional security gaps in
>>> ATMs and Point Of Sale terminals due to their owners' slow response to the
>>> need to do away with using Windows XP. For instance, the last time I went
>>> to Round Table Pizza a couple of weeks ago, the screen saver on their POS
>>> terminal still said "Windows XP". Chase signed a contract for another year
>>> of support from MS for Win XP for their ATMs, but I can only assume that
>>> everyone else will no longer have support for Win XP after early April
>>> 2014.  Good luck on that one too.
>>>
>>>  John Thielking
>>>
>>>
>>> On Fri, Apr 11, 2014 at 12:14 PM, John Thielking <peacemovies at gmail.com>wrote:
>>>
>>>>   After reading this I'm not likely to trust ATMs for awhile with any
>>>> of my debit cards or credit cards. At least my latest credit card company
>>>> and one of my debit cards I'm pretty sure I can just go to the bank teller
>>>> of any bank and get a "cash advance" from the teller instead of using an
>>>> ATM. Often times I don't need a PIN when doing that, just a photo ID.  I
>>>> think the fees for that method may even be less than using the ATM anyway.
>>>> Do you think that the bank teller's systems are likely to be more secure
>>>> than their ATM's?
>>>>    Thanks for clarifying the other info Cameron.
>>>>
>>>>  Sincerely,
>>>>
>>>>  John Thielking
>>>>
>>>>
>>>> On Fri, Apr 11, 2014 at 8:45 AM, Cameron L. Spitzer <cls at truffula.us>wrote:
>>>>
>>>>>
>>>>> I may have been unclear.
>>>>> 1.  Check your bank (etc) site for the vulnerability.
>>>>> If it's bad, make a note.
>>>>> 2.  Change your password.
>>>>>
>>>>> 3.  Go back to the bad ones tomorrow and check them again.
>>>>> 4.  If a site has changed from bad to good, change your password there.
>>>>>
>>>>> 5.  Repeat again tomorrow until there are no more bad sites on your
>>>>> list.
>>>>>
>>>>> If the first check of a site was good, you'll only change that site's
>>>>> password once.
>>>>> If the first check was bad, you'll have to change your password
>>>>> twice.  The first change deactivates the password which was probably stolen
>>>>> over the last two years, replacing it with a temporary password.  The
>>>>> second replaces the temporary password, which may also have been stolen.
>>>>>
>>>>>
>>>>> The work your bank (etc) has to do is more elaborate.  They have to
>>>>> replace the trust certificates that SSL protects. because those have secret
>>>>> keys and they also could have been stolen.  However, when a site goes from
>>>>> bad to good it's a pretty good indication they're doing all of that.  The
>>>>> certs are mainly important for protecting you from impostor web sites.
>>>>> Impostors are mainly a threat to people who follow links received in email,
>>>>> but they can also appear if the DNS is compromised anywhere along the
>>>>> line.  That mostly happens to Microsoft Windows users with malware (that's
>>>>> most consumers who use Windows at home) and on corporate intranets.
>>>>> Ironically, even though Microsoft's implementation of SSL was not affected,
>>>>> the prevalence of Windows malware greatly magnifies the vulnerability, One
>>>>> more example of how Windows ruins everything, even for non-Windows users!
>>>>>
>>>>>
>>>>> The OpenSSL source code's history is visible at its Github page.
>>>>> Several security blogs show how you can look up the Dec 31 2011 change that
>>>>> introduced the bug and the April 7 2014 change that fixes it.  No stealthy
>>>>> detective work is needed.  However, Github is pretty swamped this week with
>>>>> everybody looking at these two changes, so you might get a timeout or a 500
>>>>> error.
>>>>>
>>>>> It will take years for everybody to fix everything.  There are home
>>>>> routers, ATM machines, point of sale terminals (we used to call them "cash
>>>>> registers") and other "appliances" (voting machines?) which use the buggy
>>>>> OpenSSL, and most consumers never update the firmware in those things.
>>>>> Corporate intranets with huge software stacks (internal accounting
>>>>> processes etc) will be the most work.
>>>>> But almost large consumer-facing commerce sites will have this fixed
>>>>> within a few weeks.  The fix isn't difficult for professionally managed web
>>>>> sites, and the urgency is high and unusually well understood.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 04/10/2014 10:07 PM, John Thielking wrote:
>>>>>
>>>>>  KRON4 TV news had an interesting piece on this bug tonight.
>>>>> Hopefully they rebroadcast it at 11 so you all can see it. They were saying
>>>>> that they found out who created the bug, that it was a "mistake" and that
>>>>> it could take years for all the web sites involved to be fixed. What a
>>>>> headache.
>>>>>
>>>>>  John Thielking
>>>>>
>>>>>
>>>>> On Thu, Apr 10, 2014 at 12:46 PM, Spencer Graves <
>>>>> spencer.graves at prodsyse.com> wrote:
>>>>>
>>>>>>  Hi, Cameron, Drew, et al.:
>>>>>>
>>>>>>
>>>>>>       1.  Do you have any reactions to the suggestion that a user
>>>>>> could increase rather than decrease their vulnerability if they change a
>>>>>> password BEFORE a host fixes the software on their end?  The concern is
>>>>>> that some of the information stolen via Heartbleed may still need need more
>>>>>> work to decode than a password change before the host software is patched.
>>>>>> If this is accurate, we should first check the hosts for our greatest
>>>>>> vulnerabilities to ensure that they've installed an appropriate patch, then
>>>>>> change our password, log out, then quickly log back in and change the
>>>>>> password again, as Cameron suggested.  If I understand correctly, the need
>>>>>> to change the password twice is because a data thief may catch the first
>>>>>> password change but is unlikely to be able to react quickly enough with
>>>>>> that new information to catch your second password change if you do it
>>>>>> quickly enough.
>>>>>>
>>>>>>
>>>>>>       2.  Wikipedia has an article on "Heartbleed", which been
>>>>>> updated every few minutes since it was created 2014-04-09 04:39 UTC.  If
>>>>>> you have information that you feel is not properly reflected there, I'd
>>>>>> like to know.  I might be able to help update it, though my schedule today
>>>>>> is quite busy.
>>>>>>
>>>>>>
>>>>>>       Be safe.
>>>>>>       Spencer
>>>>>>
>>>>>>
>>>>>> On 4/10/2014 6:16 AM, Drew wrote:
>>>>>>
>>>>>>  Cameron, I and others can help people move to a (user-friendly),
>>>>>> freedom-respecting GNU/Linux computer system such as Puppy Linux
>>>>>> http://puppylinux.com , or Zorin http://www.zorin-os.com/ , or Linux
>>>>>> Mint, etc.
>>>>>>
>>>>>> Green is Freedom!
>>>>>>
>>>>>> Drew
>>>>>> --
>>>>>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> sosfbay-discuss mailing list
>>>>>> sosfbay-discuss at cagreens.org
>>>>>> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>>>>
>>>>>
>>>>>
> --
> Spencer Graves, PE, PhD
> President and Chief Technology Officer
> Structure Inspection and Monitoring, Inc.
> 751 Emerson Ct.
> San Jos?, CA 95126
> ph:  408-655-4567
> web:  www.structuremonitoring.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140412/ef7087a8/attachment.html>

From spencer.graves at structuremonitoring.com  Sat Apr 12 09:46:30 2014
From: spencer.graves at structuremonitoring.com (Spencer Graves)
Date: Sat, 12 Apr 2014 09:46:30 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <CAMxmhMdGaMFULruCU5cfmaQY+S49d8y4VcVubgezfy8_N9gzYg@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>	<5345BFD7.4090800@truffula.us>	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>	<5345DCE2.1000305@truffula.us>	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>	<5345F9D1.4080107@truffula.us>	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>	<5346F4FA.7000309@prodsyse.com>	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>	<53480E30.3040002@truffula.us>	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>	<5348C220.9020504@prodsyse.com>
	<CAMxmhMdGaMFULruCU5cfmaQY+S49d8y4VcVubgezfy8_N9gzYg@mail.gmail.com>
Message-ID: <53496DE6.7040901@structuremonitoring.com>

       Cameron mentioned routers.  I just confirmed that they could be a 
problem and added information on what to do about that to the 
Wikiversity article on "Managing risk from cyber attacks".


       Spencer


On 4/12/2014 8:05 AM, John Thielking wrote:
> Thanks for the web update Spencer. I double checked my Direct Express 
> online account and it is possible to send money to another bank 
> account after logging in, but there is also what is called "two factor 
> security" involved. It seems that I have to enter the code on the back 
> of my debit card before I can transfer money and even then the 
> transaction might be declined by Comerica Bank. I'm working with the 
> account issuer to disable online access and have them send me a paper 
> bill in the mail with all of my transactions for the month listed 
> instead of having online access, but it is not clear how much trouble 
> it will be to do this since the customer service rep said they weren't 
> sure if it was possible to do this for an active online account. She 
> had the tech support people arrange to call me back sometime next 
> week. She also said that it was not possible to only disable the 
> online funds transfer feature and online bill pay. Two factor security 
> is better than just having a password and login required before you 
> can send money from an online bank account. If your bank doesn't have 
> at least that level of security, they are fools and you should switch 
> banks or at least disable online access for your account. Hopefully my 
> security code is secure on the Direct Express web site as I've never 
> entered that code when using that site. I'm still going to disable 
> online access entirely ASAP if I am allowed to do that.
>
> On a related note, I did a search to find out if the Heartbleed bug 
> affects security for credit card numbers and PINs, not just passwords, 
> and found at least one article that confirms that it DOES affect other 
> data such as CC numbers. That article is located here:
>
> http://www.christianpost.com/news/heart-bleed-virus-update-open-ssl-computer-bug-how-to-protect-your-security-passwords-for-gmail-yahoo-facebook-117732/
>
>
> I also did a search to try to find out if the Heartbleed patch is 
> available for Windows XP. I found a bunch of articles that talked 
> about the end of XP security support on April 8, 2014 and that talked 
> about the Heartbleed bug, but none of the articles raised any alarms 
> for XP users trying to patch the Heartbleed bug.
>
> John Thielking
>
>
> On Fri, Apr 11, 2014 at 9:33 PM, Spencer Graves 
> <spencer.graves at prodsyse.com <mailto:spencer.graves at prodsyse.com>> wrote:
>
>     Hi, Cameron, et al.:
>
>
>           A discussion of how to deal with problems like Heartbleed is
>     now available on Wikiversity, "Managing risk from cyber attacks".
>
>
>           Please revise this as you see fit or send suggestions to
>     me.  Cameron has done a great service in providing his expertise
>     on this list.  The Wikipedia article on Heartbleed received almost
>     47,000 views on April 11 (UTC), and over 39,000 on the three
>     previous days combined.  If this Wikiversity article gets a small
>     portion of that number of views, it will provide a great service
>     humanity.
>
>
>           Creating that article helped me think through what seemed
>     like a sensible reaction.  Alarmists said we should change all our
>     passwords.  I think that's overkill.  Even creating a simple list
>     of all the accounts and passwords I've created over the years was
>     more work than I felt justified.  And creating such a list would
>     miss the point.  We need to worry about the financial institutions
>     that manage savings.  If cyber thieves drain those accounts, it
>     could create big problems for us.  For more, see the Wikiversity
>     article
>     (https://en.wikiversity.org/wiki/Managing_risk_from_cyber_attacks).
>
>
>           Thanks again, Cameron -- and thanks to John and Drew for
>     their additional comments.
>
>
>           Spencer
>
>
>     On 4/11/2014 3:29 PM, John Thielking wrote:
>>     Sorry to keep dragging this out, but I finally decided to search
>>     the RT.com web site using the search term "computer hardware" to
>>     see if I could find an article or two relating to my previous
>>     statement that RT.com broadcast the claim that computer hardware
>>     in general has been compromised by the NSA. I did find the
>>     following article at
>>
>>     http://rt.com/op-edge/nsa-hacking-individual-computers-008/
>>
>>
>>     that states that some of the material provided by Snowden does in
>>     fact indicate that some people's computers are implanted with
>>     special chips to aid the NSA in monitoring them. This may not be
>>     widespread just yet, but it does fit with previously broadcast
>>     info from RT.com that was saying that certain people's laptops
>>     that have been ordered online are sometimes transhipped to
>>     special NSA facilities where they have their hardware modified to
>>     contain implanted viruses or malware (in the CMOS perhaps?).  Of
>>     course the article also says that the NSA may choose to bug all
>>     computers sold in a specific city, if that city is a region of
>>     interest for the NSA. I'll bet that Eugene, Oregon (Berkeley
>>     North) could be one of those places. And who knows, they might
>>     put radio bugs in all the watches sold there too.
>>       More to think about I guess.
>>
>>     A more speculative opinion piece is located here:
>>
>>     http://rt.com/op-edge/nsa-spying-future-total-952/
>>
>>
>>     and a link to the Derspiegal article that this stuff is based on
>>     is contained here:
>>
>>     http://rt.com/op-edge/annie-machon-nsa-spying-925/
>>     <http://rt.com/op-edge/nsa-spying-future-total-952/>
>>
>>
>>     Any further thoughts?
>>
>>     John Thielking
>>
>>
>>     On Fri, Apr 11, 2014 at 2:19 PM, John Thielking
>>     <peacemovies at gmail.com <mailto:peacemovies at gmail.com>> wrote:
>>
>>         Another more specific question for you Cameron:
>>
>>         Is the patch for the Heartbleed bug supported for systems
>>         running Windows XP, which was just barely out of date as of
>>         the time of broad announcement of the Heartbleed bug, or do
>>         the people currently running Windows XP also have to upgrade
>>         their OS?  I know my home computer only has 500 MB of memory
>>         so I can't just do an easy upgrade to Win 7.  I hope not too
>>         many POS terminals are also in the same boat.  They should
>>         upgrade to a new OS anyway, but this problem may just
>>         compound the problem presented by the Heartbleed bug itself.
>>
>>         John Thielking
>>
>>
>>         On Fri, Apr 11, 2014 at 12:52 PM, John Thielking
>>         <peacemovies at gmail.com <mailto:peacemovies at gmail.com>> wrote:
>>
>>             People should also know that there may be additional
>>             security gaps in ATMs and Point Of Sale terminals due to
>>             their owners' slow response to the need to do away with
>>             using Windows XP. For instance, the last time I went to
>>             Round Table Pizza a couple of weeks ago, the screen saver
>>             on their POS terminal still said "Windows XP". Chase
>>             signed a contract for another year of support from MS for
>>             Win XP for their ATMs, but I can only assume that
>>             everyone else will no longer have support for Win XP
>>             after early April 2014.  Good luck on that one too.
>>
>>             John Thielking
>>
>>
>>             On Fri, Apr 11, 2014 at 12:14 PM, John Thielking
>>             <peacemovies at gmail.com <mailto:peacemovies at gmail.com>> wrote:
>>
>>                 After reading this I'm not likely to trust ATMs for
>>                 awhile with any of my debit cards or credit cards. At
>>                 least my latest credit card company and one of my
>>                 debit cards I'm pretty sure I can just go to the bank
>>                 teller of any bank and get a "cash advance" from the
>>                 teller instead of using an ATM. Often times I don't
>>                 need a PIN when doing that, just a photo ID.  I think
>>                 the fees for that method may even be less than using
>>                 the ATM anyway. Do you think that the bank teller's
>>                 systems are likely to be more secure than their ATM's?
>>                   Thanks for clarifying the other info Cameron.
>>
>>                 Sincerely,
>>
>>                 John Thielking
>>
>>
>>                 On Fri, Apr 11, 2014 at 8:45 AM, Cameron L. Spitzer
>>                 <cls at truffula.us <mailto:cls at truffula.us>> wrote:
>>
>>
>>                     I may have been unclear.
>>                     1.  Check your bank (etc) site for the vulnerability.
>>                     If it's bad, make a note.
>>                     2.  Change your password.
>>
>>                     3.  Go back to the bad ones tomorrow and check
>>                     them again.
>>                     4.  If a site has changed from bad to good,
>>                     change your password there.
>>
>>                     5.  Repeat again tomorrow until there are no more
>>                     bad sites on your list.
>>
>>                     If the first check of a site was good, you'll
>>                     only change that site's password once.
>>                     If the first check was bad, you'll have to change
>>                     your password twice.  The first change
>>                     deactivates the password which was probably
>>                     stolen over the last two years, replacing it with
>>                     a temporary password.  The second replaces the
>>                     temporary password, which may also have been stolen.
>>
>>
>>                     The work your bank (etc) has to do is more
>>                     elaborate. They have to replace the trust
>>                     certificates that SSL protects. because those
>>                     have secret keys and they also could have been
>>                     stolen. However, when a site goes from bad to
>>                     good it's a pretty good indication they're doing
>>                     all of that. The certs are mainly important for
>>                     protecting you from impostor web sites. Impostors
>>                     are mainly a threat to people who follow links
>>                     received in email, but they can also appear if
>>                     the DNS is compromised anywhere along the line.
>>                     That mostly happens to Microsoft Windows users
>>                     with malware (that's most consumers who use
>>                     Windows at home) and on corporate intranets.
>>                     Ironically, even though Microsoft's
>>                     implementation of SSL was not affected, the
>>                     prevalence of Windows malware greatly magnifies
>>                     the vulnerability, One more example of how
>>                     Windows ruins everything, even for non-Windows users!
>>
>>
>>                     The OpenSSL source code's history is visible at
>>                     its Github page. Several security blogs show how
>>                     you can look up the Dec 31 2011 change that
>>                     introduced the bug and the April 7 2014 change
>>                     that fixes it.  No stealthy detective work is
>>                     needed. However, Github is pretty swamped this
>>                     week with everybody looking at these two changes,
>>                     so you might get a timeout or a 500 error.
>>
>>                     It will take years for everybody to fix
>>                     everything. There are home routers, ATM machines,
>>                     point of sale terminals (we used to call them
>>                     "cash registers") and other "appliances" (voting
>>                     machines?) which use the buggy OpenSSL, and most
>>                     consumers never update the firmware in those things.
>>                     Corporate intranets with huge software stacks
>>                     (internal accounting processes etc) will be the
>>                     most work.
>>                     But almost large consumer-facing commerce sites
>>                     will have this fixed within a few weeks. The fix
>>                     isn't difficult for professionally managed web
>>                     sites, and the urgency is high and unusually well
>>                     understood.
>>
>>
>>
>>
>>                     On 04/10/2014 10:07 PM, John Thielking wrote:
>>>                     KRON4 TV news had an interesting piece on this
>>>                     bug tonight. Hopefully they rebroadcast it at 11
>>>                     so you all can see it. They were saying that
>>>                     they found out who created the bug, that it was
>>>                     a "mistake" and that it could take years for all
>>>                     the web sites involved to be fixed. What a headache.
>>>
>>>                     John Thielking
>>>
>>>
>>>                     On Thu, Apr 10, 2014 at 12:46 PM, Spencer Graves
>>>                     <spencer.graves at prodsyse.com
>>>                     <mailto:spencer.graves at prodsyse.com>> wrote:
>>>
>>>                         Hi, Cameron, Drew, et al.:
>>>
>>>
>>>                               1.  Do you have any reactions to the
>>>                         suggestion that a user could increase rather
>>>                         than decrease their vulnerability if they
>>>                         change a password BEFORE a host fixes the
>>>                         software on their end? The concern is that
>>>                         some of the information stolen via
>>>                         Heartbleed may still need need more work to
>>>                         decode than a password change before the
>>>                         host software is patched.  If this is
>>>                         accurate, we should first check the hosts
>>>                         for our greatest vulnerabilities to ensure
>>>                         that they've installed an appropriate patch,
>>>                         then change our password, log out, then
>>>                         quickly log back in and change the password
>>>                         again, as Cameron suggested.  If I
>>>                         understand correctly, the need to change the
>>>                         password twice is because a data thief may
>>>                         catch the first password change but is
>>>                         unlikely to be able to react quickly enough
>>>                         with that new information to catch your
>>>                         second password change if you do it quickly
>>>                         enough.
>>>
>>>
>>>                               2. Wikipedia has an article on
>>>                         "Heartbleed", which been updated every few
>>>                         minutes since it was created 2014-04-09
>>>                         04:39 UTC.  If you have information that you
>>>                         feel is not properly reflected there, I'd
>>>                         like to know. I might be able to help update
>>>                         it, though my schedule today is quite busy.
>>>
>>>
>>>                               Be safe.
>>>                               Spencer
>>>
>>>
>>>                         On 4/10/2014 6:16 AM, Drew wrote:
>>>>                         Cameron, I and others can help people move
>>>>                         to a (user-friendly), freedom-respecting
>>>>                         GNU/Linux computer system such as Puppy
>>>>                         Linux http://puppylinux.com , or Zorin
>>>>                         http://www.zorin-os.com/ , or Linux Mint, etc.
>>>>
>>>>                         Green is Freedom!
>>>>
>>>>                         Drew
>>>>                         -- 
>>>>                         Sent from my Android device with K-9 Mail.
>>>>                         Please excuse my brevity.
>>>>
>>>>
>>>
>>>                         _______________________________________________
>>>                         sosfbay-discuss mailing list
>>>                         sosfbay-discuss at cagreens.org
>>>                         <mailto:sosfbay-discuss at cagreens.org>
>>>                         http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>>
>>
>
-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140412/7d0af136/attachment.html>

From wrolley at charter.net  Sat Apr 12 10:04:51 2014
From: wrolley at charter.net (Wes Rolley)
Date: Sat, 12 Apr 2014 10:04:51 -0700
Subject: [GPSCC-chat] Latest OpEd in Morgan Hill Times.
Message-ID: <53497233.1090109@charter.net>

After a change in the editorial responsibilities at the paper, I am back 
writing an occasional OpEd.  This is my latest.  It is dependent on the 
fact that Morgan Hill is going through an update to it's General Plan.  
While that is not true of most cities, he basic idea still holds.  It is 
idiotic for cities to become dependent on growth to fund government.  It 
will become increasingly likely that governments will face bankruptcy.

__

The City of Morgan Hill is now in the process of updating the 
community's General Plan. According to a recent headlined story in the 
Times, they are not satisfied with citizen participation. That sent me 
to the web site Morgan Hill 2035. And, after reading the section on the 
Economy, I decided to participate, returning to the task of writing a 
Green Talk column, an effort that I set aside after the 2012 election. I 
am not sure that the City will welcome my return.

My main concern was to make sure that the economic assumptions behind 
the new plan are right. While there are some easily corrected mistakes 
in the Economic Plan document, such as double counting work location in 
Table 1-5 so that we have 191.5% of workers accounted for. My real 
problem with these economic assumptions is the fact that they are 
premised on continued growth, both in population and in the tax base 
that supports City services.

If the experiences of the past seven or eight years will teach us 
anything, it should be that economic growth is a fickle thing, here 
today but always at risk. When government is depended on sales taxes to 
fund it's activities, it needs to be attentive to those things which 
affect consumer behavior. To the extent that we depend on real estate 
taxes, as the housing debacle of 2007/8 demonstrated, governments are 
forced to cut spending and their only segment of their budget where than 
can cut enough to make a difference is employee salaries. Would it not 
be much better to make sure that we don't require continuous economic 
growth to keep government working?

Lurking in the background is the notion that we live in a world without 
limits. It has always seemed that way, especially in America where the 
push to the West provided new land, new jobs and new consumers. The 
largess of the land seemed without limit. But increasingly a few 
economists are beginning to challenge this often unstated assumption. 
Most of us have the common sense to know that the world is changing and 
not necessarily for the better. We are running up against limits that we 
have never before had to face.

Let us examine the relationship between land, water and energy. 
California is blessed with abundant fertile land. It appeared that we 
had enough water to farm even the drier parts of the Central Valley. You 
either put a dam across a river to capture spring runoff or you pumped 
ground water for irrigation. But, ground water needs to be replenished 
or the land will begin to sink. That was the fate of Alviso until 
government stepped in an made sure that ground water was replenished, 
but not before Alviso dropped below sea level.

Now in the second decade of this century, we have also to face the fact 
that we have changed our climate. California will become increasingly 
dry. Additional dams won't provide more water if the existing reservoirs 
are not full. California agriculture will surely shrink. At the same 
time ,we are replenishing the soil with nitrogen from natural gas and 
phosphates from abroad, 80% of the world supply coming from Morocco. The 
cost of food is going to increase and then, since Morgan Hill is 
basically suburban, more people will turn to their own land as a source 
of food. My wife and I do that now, sourcing almost all of our fruit and 
much of our vegetables from our on garden.

Since agriculture and transportation are contending for the same 
supplies of natural gas, and that supply will be sold at the best price, 
the costs for both food and transportation will continue to rise faster 
than the industrial sector can raise wages.

Some economists, notably Herman Daly of the Univ. of Maryland are now 
calling for the recognition that a Steady State Economy is a good thing 
and that continued unlimited growth is bad. Dr. Brian Czech has written 
a recent book entitled Supply Shock that makes it even more clear how we 
got here and where we might be headed if we do not heed the warnings. 
The cliff is precipitous.

I am not confident that we will listen. There were those who warned us 
of the housing bubble and the financial fraud inherent in some of the 
derivative schemes being marketed by Wall Street and we did not listen 
then. The next crash appears to be worse than the last and will surely 
happen by 2035.

I would prefer to live in a community where we have shed our dependence 
on growth to fund government, where government has helped to build 
self-sufficiency into the fabric of our daily lives.  This General Plan 
update seems to be the place where we can make that happen.


-- 
"Anytime you have an opportunity to make things better and you don't, 
then you are wasting your time on this Earth" - /Roberto Clemente/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140412/52d9780f/attachment.html>

From cls at truffula.us  Sat Apr 12 11:10:15 2014
From: cls at truffula.us (Cameron L. Spitzer)
Date: Sat, 12 Apr 2014 11:10:15 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <5348C220.9020504@prodsyse.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>	<5345BFD7.4090800@truffula.us>	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>	<5345DCE2.1000305@truffula.us>	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>	<5345F9D1.4080107@truffula.us>	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>	<5346F4FA.7000309@prodsyse.com>	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>	<53480E30.3040002@truffula.us>	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
	<5348C220.9020504@prodsyse.com>
Message-ID: <53498187.3040909@truffula.us>


 >Alarmists said we should change all our passwords.  I think that's 
overkill.

I disagree.
Bruce Schneier is no "alarmist."  He's the author of the standard 
textbook Applied Cryptography, and a member of the Electronic Frontier 
Foundation's advisory board.  And he's the best tech writer to general 
audiences since Carl Sagan.  If you're having trouble with rational risk 
assessment (a widespread problem among activists), you should read his 
book /Beyond Fear/ <https://www.schneier.com/book-beyondfear.html>.

This is the worst Internet security problem due to a single programming 
error that I can remember, ever, because of the circumstances of its 
deployment and the nature of the exploit.
When a vulnerability like this one is discovered, you /must/ assume the 
bad guys have had the use of it since it was deployed.
It allows not just stealing your password, but stealing the secrets that 
would make it impossible for your browser to detect an impostor HTTPS site.
And in the standard deployment, exploiting the bug leaves no trace.
In this case, the window was wide open for roughly two years. Your 
passwords have /probably/ been stolen from affected sites.
Whether you have been managing them well is irrelevant.  Take all the 
needless risks you like, but don't lead others to take risks by denying 
them.

Throwaway passwords used only for commenting on newspaper articles (etc) 
need not be replaced, unless they share recovery secrets with more 
sensitive accounts.  But /anything/ useful for identity theft poses a risk.
For example, the attacker might use your account at some ancestry site 
to discover some non-secret "secret" (e.g., street you lived on as a 
child, mother's maiden name) to accomplish a password reset on your bank 
site.  (Next time, /lie/ about your mother's maiden name, and keep the 
lie someplace safe.)  Identity thieves work on thousands of identities 
at a time, filling in a jigsaw puzzle on each potential victim.  They 
use efficient, automated, mass production techniques.  They rattle 
/every/ doorknob.  You never know which pieces they already have or 
still need.

I've been following my employer's well organized response to this 
problem.  One takeaway is our local experts are not at all concerned 
about Secure Shell V2.  A long obsolete implementation used SSL, but the 
one we've been using doesn't.  I had been mistaken about that.  They're 
also pretty confident about password managers that do client side 
encryption.  E.g., LastPass <https://lastpass.com/> and Kwallet 
<http://userbase.kde.org/KDE_Wallet_Manager>. These tools make it 
practical to maintain distinct, strong passwords for each web site and 
hosted application, so you can stop using "log in with Facebook" type 
shortcuts.  Of course, LastPass on an unmaintained Windows XP host is 
only as secure as that host.  If it's full of memory-scraping malware, 
you've got a local version of Heartbleed.

Rational risk assessment means ignoring irrelevant factors.  Mass 
production identity thieves don't care about your politics. 
(Spearfishers do.  They use everything they know about you to compile a 
word list for guessing password and recovery secrets.) They don't care 
how paranoid you are about mass surveillance.

Forward this message as you see fit.
-/Cameron/



On 04/11/2014 09:33 PM, Spencer Graves wrote:
> Hi, Cameron, et al.:
>
>
>       A discussion of how to deal with problems like Heartbleed is now 
> available on Wikiversity, "Managing risk from cyber attacks".
>
>
>       Please revise this as you see fit or send suggestions to me.  
> Cameron has done a great service in providing his expertise on this 
> list.  The Wikipedia article on Heartbleed received almost 47,000 
> views on April 11 (UTC), and over 39,000 on the three previous days 
> combined.  If this Wikiversity article gets a small portion of that 
> number of views, it will provide a great service humanity.
>
>
>       Creating that article helped me think through what seemed like a 
> sensible reaction.  Alarmists said we should change all our 
> passwords.  I think that's overkill.  Even creating a simple list of 
> all the accounts and passwords I've created over the years was more 
> work than I felt justified.  And creating such a list would miss the 
> point.  We need to worry about the financial institutions that manage 
> savings.  If cyber thieves drain those accounts, it could create big 
> problems for us.  For more, see the Wikiversity article 
> (https://en.wikiversity.org/wiki/Managing_risk_from_cyber_attacks).
>
>
>       Thanks again, Cameron -- and thanks to John and Drew for their 
> additional comments.
>
>
>       Spencer
>
>
> On 4/11/2014 3:29 PM, John Thielking wrote:
>> Sorry to keep dragging this out, but I finally decided to search the 
>> RT.com web site using the search term "computer hardware" to see if I 
>> could find an article or two relating to my previous statement that 
>> RT.com broadcast the claim that computer hardware in general has been 
>> compromised by the NSA. I did find the following article at
>>
>> http://rt.com/op-edge/nsa-hacking-individual-computers-008/
>>
>>
>> that states that some of the material provided by Snowden does in 
>> fact indicate that some people's computers are implanted with special 
>> chips to aid the NSA in monitoring them. This may not be widespread 
>> just yet, but it does fit with previously broadcast info from RT.com 
>> that was saying that certain people's laptops that have been ordered 
>> online are sometimes transhipped to special NSA facilities where they 
>> have their hardware modified to contain implanted viruses or malware 
>> (in the CMOS perhaps?).  Of course the article also says that the NSA 
>> may choose to bug all computers sold in a specific city, if that city 
>> is a region of interest for the NSA. I'll bet that Eugene, Oregon 
>> (Berkeley North) could be one of those places. And who knows, they 
>> might put radio bugs in all the watches sold there too.
>>   More to think about I guess.
>>
>> A more speculative opinion piece is located here:
>>
>> http://rt.com/op-edge/nsa-spying-future-total-952/
>>
>>
>> and a link to the Derspiegal article that this stuff is based on is 
>> contained here:
>>
>> http://rt.com/op-edge/annie-machon-nsa-spying-925/ 
>> <http://rt.com/op-edge/nsa-spying-future-total-952/>
>>
>>
>> Any further thoughts?
>>
>> John Thielking
>>
>>
>> On Fri, Apr 11, 2014 at 2:19 PM, John Thielking 
>> <peacemovies at gmail.com <mailto:peacemovies at gmail.com>> wrote:
>>
>>     Another more specific question for you Cameron:
>>
>>     Is the patch for the Heartbleed bug supported for systems running
>>     Windows XP, which was just barely out of date as of the time of
>>     broad announcement of the Heartbleed bug, or do the people
>>     currently running Windows XP also have to upgrade their OS?  I
>>     know my home computer only has 500 MB of memory so I can't just
>>     do an easy upgrade to Win 7.  I hope not too many POS terminals
>>     are also in the same boat.  They should upgrade to a new OS
>>     anyway, but this problem may just compound the problem presented
>>     by the Heartbleed bug itself.
>>
>>     John Thielking
>>
...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140412/d38de298/attachment.html>

From cls at truffula.us  Sat Apr 12 11:48:43 2014
From: cls at truffula.us (Cameron L. Spitzer)
Date: Sat, 12 Apr 2014 11:48:43 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <CAMxmhMdGaMFULruCU5cfmaQY+S49d8y4VcVubgezfy8_N9gzYg@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
	<5345DCE2.1000305@truffula.us>
	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>
	<5345F9D1.4080107@truffula.us>
	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
	<5348C220.9020504@prodsyse.com>
	<CAMxmhMdGaMFULruCU5cfmaQY+S49d8y4VcVubgezfy8_N9gzYg@mail.gmail.com>
Message-ID: <53498A8B.5000308@truffula.us>



 >I also did a search to try to find out if the Heartbleed patch is 
available for Windows XP


It seems you misunderstood what the Heartbleed problem is about. If you 
don't know a term here, please follow its link:

OpenSSL <https://www.openssl.org/> is a popular implementation 
<http://en.wikipedia.org/wiki/Implementation#Computer_science> of the 
Secure Sockets Layer and Transport Layer Security (SSL/TLS 
<http://en.wikipedia.org/wiki/Transport_Layer_Security>) protocol 
<http://searchnetworking.techtarget.com/definition/protocol>s. Those 
protocols are a set of rules to encrypt your data so it can be sent 
securely through an insecure medium.

The Common Vulnerabilities and Exposures CVE-2014-0160 (Heartbleed) 
buffer overrun bug <https://www.google.com/search?q=cve-2014-0160> 
compromises systems running certain versions of OpenSSL and products 
which include those versions.  The most visible is the Apache HTTPS web 
server.

*OpenSSL runs on unix*.  Microsoft uses its own implementations of SSL 
and TLS.  MSFT's SSL/TLS may have similar bugs, but it doesn't have this 
one.  (Pedantically, OpenSSL /has/ been ported to Windows.  It runs 
there.  But *Windows doesn't come with OpenSSL*, and Web servers on 
Windows typically use MSFT's software stack.  Web servers running 
OpenSSL on Windows are very rare.  OpenSSL on Windows would most likely 
be found on something like an ATM or voting machine, never on a home PC.)

("unix" in lowercase is a common, convenient nickname for any software 
distribution <http://distrowatch.com/> derived from or mimicking Bell 
Labs' UNIX^TM . That's GNU, Linux, BSD, Solaris, Ubuntu, Android, etc.  
Windows XP steals a bunch of ideas from unix, but it's not a unix.)



On 04/12/2014 08:05 AM, John Thielking wrote:
> Thanks for the web update Spencer. I double checked my Direct Express 
> online account and it is possible to send money to another bank 
> account after logging in, but there is also what is called "two factor 
> security" involved. It seems that I have to enter the code on the back 
> of my debit card before I can transfer money and even then the 
> transaction might be declined by Comerica Bank. I'm working with the 
> account issuer to disable online access and have them send me a paper 
> bill in the mail with all of my transactions for the month listed 
> instead of having online access, but it is not clear how much trouble 
> it will be to do this since the customer service rep said they weren't 
> sure if it was possible to do this for an active online account. She 
> had the tech support people arrange to call me back sometime next 
> week. She also said that it was not possible to only disable the 
> online funds transfer feature and online bill pay. Two factor security 
> is better than just having a password and login required before you 
> can send money from an online bank account. If your bank doesn't have 
> at least that level of security, they are fools and you should switch 
> banks or at least disable online access for your account. Hopefully my 
> security code is secure on the Direct Express web site as I've never 
> entered that code when using that site. I'm still going to disable 
> online access entirely ASAP if I am allowed to do that.
>
> On a related note, I did a search to find out if the Heartbleed bug 
> affects security for credit card numbers and PINs, not just passwords, 
> and found at least one article that confirms that it DOES affect other 
> data such as CC numbers. That article is located here:
>
> http://www.christianpost.com/news/heart-bleed-virus-update-open-ssl-computer-bug-how-to-protect-your-security-passwords-for-gmail-yahoo-facebook-117732/
>
>
> I also did a search to try to find out if the Heartbleed patch is 
> available for Windows XP. I found a bunch of articles that talked 
> about the end of XP security support on April 8, 2014 and that talked 
> about the Heartbleed bug, but none of the articles raised any alarms 
> for XP users trying to patch the Heartbleed bug.
>
> John Thielking
>
>
> On Fri, Apr 11, 2014 at 9:33 PM, Spencer Graves 
> <spencer.graves at prodsyse.com <mailto:spencer.graves at prodsyse.com>> wrote:
>
>     Hi, Cameron, et al.:
>
>
>           A discussion of how to deal with problems like Heartbleed is
>     now available on Wikiversity, "Managing risk from cyber attacks".
>
>
>           Please revise this as you see fit or send suggestions to
>     me.  Cameron has done a great service in providing his expertise
>     on this list.  The Wikipedia article on Heartbleed received almost
>     47,000 views on April 11 (UTC), and over 39,000 on the three
>     previous days combined.  If this Wikiversity article gets a small
>     portion of that number of views, it will provide a great service
>     humanity.
>
>
>           Creating that article helped me think through what seemed
>     like a sensible reaction.  Alarmists said we should change all our
>     passwords.  I think that's overkill.  Even creating a simple list
>     of all the accounts and passwords I've created over the years was
>     more work than I felt justified.  And creating such a list would
>     miss the point.  We need to worry about the financial institutions
>     that manage savings.  If cyber thieves drain those accounts, it
>     could create big problems for us.  For more, see the Wikiversity
>     article
>     (https://en.wikiversity.org/wiki/Managing_risk_from_cyber_attacks).
>
>
>           Thanks again, Cameron -- and thanks to John and Drew for
>     their additional comments.
>
>
>           Spencer
>
>
>     On 4/11/2014 3:29 PM, John Thielking wrote:
>>     Sorry to keep dragging this out, but I finally decided to search
>>     the RT.com web site using the search term "computer hardware" to
>>     see if I could find an article or two relating to my previous
>>     statement that RT.com broadcast the claim that computer hardware
>>     in general has been compromised by the NSA. I did find the
>>     following article at
>>
>>     http://rt.com/op-edge/nsa-hacking-individual-computers-008/
>>
>>
>>     that states that some of the material provided by Snowden does in
>>     fact indicate that some people's computers are implanted with
>>     special chips to aid the NSA in monitoring them. This may not be
>>     widespread just yet, but it does fit with previously broadcast
>>     info from RT.com that was saying that certain people's laptops
>>     that have been ordered online are sometimes transhipped to
>>     special NSA facilities where they have their hardware modified to
>>     contain implanted viruses or malware (in the CMOS perhaps?).  Of
>>     course the article also says that the NSA may choose to bug all
>>     computers sold in a specific city, if that city is a region of
>>     interest for the NSA. I'll bet that Eugene, Oregon (Berkeley
>>     North) could be one of those places. And who knows, they might
>>     put radio bugs in all the watches sold there too.
>>       More to think about I guess.
>>
>>     A more speculative opinion piece is located here:
>>
>>     http://rt.com/op-edge/nsa-spying-future-total-952/
>>
>>
>>     and a link to the Derspiegal article that this stuff is based on
>>     is contained here:
>>
>>     http://rt.com/op-edge/annie-machon-nsa-spying-925/
>>     <http://rt.com/op-edge/nsa-spying-future-total-952/>
>>
>>
>>     Any further thoughts?
>>
>>     John Thielking
>>
>>
>>     On Fri, Apr 11, 2014 at 2:19 PM, John Thielking
>>     <peacemovies at gmail.com <mailto:peacemovies at gmail.com>> wrote:
>>
>>         Another more specific question for you Cameron:
>>
>>         Is the patch for the Heartbleed bug supported for systems
>>         running Windows XP, which was just barely out of date as of
>>         the time of broad announcement of the Heartbleed bug, or do
>>         the people currently running Windows XP also have to upgrade
>>         their OS?  I know my home computer only has 500 MB of memory
>>         so I can't just do an easy upgrade to Win 7.  I hope not too
>>         many POS terminals are also in the same boat.  They should
>>         upgrade to a new OS anyway, but this problem may just
>>         compound the problem presented by the Heartbleed bug itself.
>>
>>         John Thielking
>>
>>
>>         On Fri, Apr 11, 2014 at 12:52 PM, John Thielking
>>         <peacemovies at gmail.com <mailto:peacemovies at gmail.com>> wrote:
>>
>>             People should also know that there may be additional
>>             security gaps in ATMs and Point Of Sale terminals due to
>>             their owners' slow response to the need to do away with
>>             using Windows XP. For instance, the last time I went to
>>             Round Table Pizza a couple of weeks ago, the screen saver
>>             on their POS terminal still said "Windows XP". Chase
>>             signed a contract for another year of support from MS for
>>             Win XP for their ATMs, but I can only assume that
>>             everyone else will no longer have support for Win XP
>>             after early April 2014.  Good luck on that one too.
>>
>>             John Thielking
>>
>>
>>             On Fri, Apr 11, 2014 at 12:14 PM, John Thielking
>>             <peacemovies at gmail.com <mailto:peacemovies at gmail.com>> wrote:
>>
>>                 After reading this I'm not likely to trust ATMs for
>>                 awhile with any of my debit cards or credit cards. At
>>                 least my latest credit card company and one of my
>>                 debit cards I'm pretty sure I can just go to the bank
>>                 teller of any bank and get a "cash advance" from the
>>                 teller instead of using an ATM. Often times I don't
>>                 need a PIN when doing that, just a photo ID.  I think
>>                 the fees for that method may even be less than using
>>                 the ATM anyway. Do you think that the bank teller's
>>                 systems are likely to be more secure than their ATM's?
>>                   Thanks for clarifying the other info Cameron.
>>
>>                 Sincerely,
>>
>>                 John Thielking
>>
>>
>>                 On Fri, Apr 11, 2014 at 8:45 AM, Cameron L. Spitzer
>>                 <cls at truffula.us <mailto:cls at truffula.us>> wrote:
>>
>>
>>                     I may have been unclear.
>>                     1.  Check your bank (etc) site for the vulnerability.
>>                     If it's bad, make a note.
>>                     2.  Change your password.
>>
>>                     3.  Go back to the bad ones tomorrow and check
>>                     them again.
>>                     4.  If a site has changed from bad to good,
>>                     change your password there.
>>
>>                     5.  Repeat again tomorrow until there are no more
>>                     bad sites on your list.
>>
>>                     If the first check of a site was good, you'll
>>                     only change that site's password once.
>>                     If the first check was bad, you'll have to change
>>                     your password twice.  The first change
>>                     deactivates the password which was probably
>>                     stolen over the last two years, replacing it with
>>                     a temporary password.  The second replaces the
>>                     temporary password, which may also have been stolen.
>>
>>
>>                     The work your bank (etc) has to do is more
>>                     elaborate. They have to replace the trust
>>                     certificates that SSL protects. because those
>>                     have secret keys and they also could have been
>>                     stolen. However, when a site goes from bad to
>>                     good it's a pretty good indication they're doing
>>                     all of that. The certs are mainly important for
>>                     protecting you from impostor web sites. Impostors
>>                     are mainly a threat to people who follow links
>>                     received in email, but they can also appear if
>>                     the DNS is compromised anywhere along the line.
>>                     That mostly happens to Microsoft Windows users
>>                     with malware (that's most consumers who use
>>                     Windows at home) and on corporate intranets.
>>                     Ironically, even though Microsoft's
>>                     implementation of SSL was not affected, the
>>                     prevalence of Windows malware greatly magnifies
>>                     the vulnerability, One more example of how
>>                     Windows ruins everything, even for non-Windows users!
>>
>>
>>                     The OpenSSL source code's history is visible at
>>                     its Github page. Several security blogs show how
>>                     you can look up the Dec 31 2011 change that
>>                     introduced the bug and the April 7 2014 change
>>                     that fixes it.  No stealthy detective work is
>>                     needed. However, Github is pretty swamped this
>>                     week with everybody looking at these two changes,
>>                     so you might get a timeout or a 500 error.
>>
>>                     It will take years for everybody to fix
>>                     everything. There are home routers, ATM machines,
>>                     point of sale terminals (we used to call them
>>                     "cash registers") and other "appliances" (voting
>>                     machines?) which use the buggy OpenSSL, and most
>>                     consumers never update the firmware in those things.
>>                     Corporate intranets with huge software stacks
>>                     (internal accounting processes etc) will be the
>>                     most work.
>>                     But almost large consumer-facing commerce sites
>>                     will have this fixed within a few weeks. The fix
>>                     isn't difficult for professionally managed web
>>                     sites, and the urgency is high and unusually well
>>                     understood.
>>
>>
>>
>>
>>                     On 04/10/2014 10:07 PM, John Thielking wrote:
>>>                     KRON4 TV news had an interesting piece on this
>>>                     bug tonight. Hopefully they rebroadcast it at 11
>>>                     so you all can see it. They were saying that
>>>                     they found out who created the bug, that it was
>>>                     a "mistake" and that it could take years for all
>>>                     the web sites involved to be fixed. What a headache.
>>>
>>>                     John Thielking
>>>
>>>
>>>                     On Thu, Apr 10, 2014 at 12:46 PM, Spencer Graves
>>>                     <spencer.graves at prodsyse.com
>>>                     <mailto:spencer.graves at prodsyse.com>> wrote:
>>>
>>>                         Hi, Cameron, Drew, et al.:
>>>
>>>
>>>                               1.  Do you have any reactions to the
>>>                         suggestion that a user could increase rather
>>>                         than decrease their vulnerability if they
>>>                         change a password BEFORE a host fixes the
>>>                         software on their end? The concern is that
>>>                         some of the information stolen via
>>>                         Heartbleed may still need need more work to
>>>                         decode than a password change before the
>>>                         host software is patched.  If this is
>>>                         accurate, we should first check the hosts
>>>                         for our greatest vulnerabilities to ensure
>>>                         that they've installed an appropriate patch,
>>>                         then change our password, log out, then
>>>                         quickly log back in and change the password
>>>                         again, as Cameron suggested.  If I
>>>                         understand correctly, the need to change the
>>>                         password twice is because a data thief may
>>>                         catch the first password change but is
>>>                         unlikely to be able to react quickly enough
>>>                         with that new information to catch your
>>>                         second password change if you do it quickly
>>>                         enough.
>>>
>>>
>>>                               2. Wikipedia has an article on
>>>                         "Heartbleed", which been updated every few
>>>                         minutes since it was created 2014-04-09
>>>                         04:39 UTC.  If you have information that you
>>>                         feel is not properly reflected there, I'd
>>>                         like to know. I might be able to help update
>>>                         it, though my schedule today is quite busy.
>>>
>>>
>>>                               Be safe.
>>>                               Spencer
>>>
>>>
>>>                         On 4/10/2014 6:16 AM, Drew wrote:
>>>>                         Cameron, I and others can help people move
>>>>                         to a (user-friendly), freedom-respecting
>>>>                         GNU/Linux computer system such as Puppy
>>>>                         Linux http://puppylinux.com , or Zorin
>>>>                         http://www.zorin-os.com/ , or Linux Mint, etc.
>>>>
>>>>                         Green is Freedom!
>>>>
>>>>                         Drew
>>>>                         -- 
>>>>                         Sent from my Android device with K-9 Mail.
>>>>                         Please excuse my brevity.
>>>>
>>>>
>>>
>>>                         _______________________________________________
>>>                         sosfbay-discuss mailing list
>>>                         sosfbay-discuss at cagreens.org
>>>                         <mailto:sosfbay-discuss at cagreens.org>
>>>                         http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>>
>>
>
>     -- 
>     Spencer Graves, PE, PhD
>     President and Chief Technology Officer
>     Structure Inspection and Monitoring, Inc.
>     751 Emerson Ct.
>     San Jos?, CA 95126
>     ph:408-655-4567  <tel:408-655-4567>
>     web:www.structuremonitoring.com  <http://www.structuremonitoring.com>
>
>
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140412/e3bb3458/attachment.html>

From spencer.graves at prodsyse.com  Sat Apr 12 12:58:59 2014
From: spencer.graves at prodsyse.com (Spencer Graves)
Date: Sat, 12 Apr 2014 12:58:59 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <53498187.3040909@truffula.us>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>	<5345BFD7.4090800@truffula.us>	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>	<5345DCE2.1000305@truffula.us>	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>	<5345F9D1.4080107@truffula.us>	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>	<5346F4FA.7000309@prodsyse.com>	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>	<53480E30.3040002@truffula.us>	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>	<5348C220.9020504@prodsyse.com>
	<53498187.3040909@truffula.us>
Message-ID: <53499B03.9090409@prodsyse.com>

Hi, Cameron:


       Thanks very much for all you've written on this.


       Do you think the Wikipedia article on "Heartbleed" could be 
improved, e.g., by adding a section on "Gravity" (or some similar 
title), explaining what you just said?  I can help you with 
implementation if you don't feel comfortable with the Mediawiki markup 
language and the Wikipedia culture, I can help with that. Additions 
without appropriate citations may be quickly reverted, but balanced 
comments with reasonable citations will likely be retained.  I think 
it's worth doing, because (as I previously noted) this "Heartbleed" 
article received almost 47,000 views on April 11 (UTC), and over 39,000 
on the three previous days combined.


       Example:  17:12 today (5:12 PM, UTC), an anonymous user added a 
comment that, "It is believed that Heartbleed originates from the same 
organisation as stuxnet and duqu."  This comment included a reference to 
an article that mentioned neither stuxnet nor duqu.  It was undone 49 
minutes later.  The article also includes comments that, "According to 
two insider sources speaking to Bloomberg.com, the United States 
National Security Agency was aware of the flaw since shortly after its 
introduction, but chose to keep it secret, instead of reporting it, in 
order to exploit it for their own purposes."  These comments cite 3 
sources and are likely to remain in the article unless none of the 3 
actually mention the NSA.


       Best Wishes,
       Spencer


On 4/12/2014 11:10 AM, Cameron L. Spitzer wrote:
>
> >Alarmists said we should change all our passwords.  I think that's 
> overkill.
>
> I disagree.
> Bruce Schneier is no "alarmist."  He's the author of the standard 
> textbook Applied Cryptography, and a member of the Electronic Frontier 
> Foundation's advisory board.  And he's the best tech writer to general 
> audiences since Carl Sagan.  If you're having trouble with rational 
> risk assessment (a widespread problem among activists), you should 
> read his book /Beyond Fear/ 
> <https://www.schneier.com/book-beyondfear.html>.
>
> This is the worst Internet security problem due to a single 
> programming error that I can remember, ever, because of the 
> circumstances of its deployment and the nature of the exploit.
> When a vulnerability like this one is discovered, you /must/ assume 
> the bad guys have had the use of it since it was deployed.
> It allows not just stealing your password, but stealing the secrets 
> that would make it impossible for your browser to detect an impostor 
> HTTPS site.
> And in the standard deployment, exploiting the bug leaves no trace.
> In this case, the window was wide open for roughly two years. Your 
> passwords have /probably/ been stolen from affected sites.
> Whether you have been managing them well is irrelevant.  Take all the 
> needless risks you like, but don't lead others to take risks by 
> denying them.
>
> Throwaway passwords used only for commenting on newspaper articles 
> (etc) need not be replaced, unless they share recovery secrets with 
> more sensitive accounts.  But /anything/ useful for identity theft 
> poses a risk.
> For example, the attacker might use your account at some ancestry site 
> to discover some non-secret "secret" (e.g., street you lived on as a 
> child, mother's maiden name) to accomplish a password reset on your 
> bank site.  (Next time, /lie/ about your mother's maiden name, and 
> keep the lie someplace safe.) Identity thieves work on thousands of 
> identities at a time, filling in a jigsaw puzzle on each potential 
> victim.  They use efficient, automated, mass production techniques.  
> They rattle /every/ doorknob.  You never know which pieces they 
> already have or still need.
>
> I've been following my employer's well organized response to this 
> problem.  One takeaway is our local experts are not at all concerned 
> about Secure Shell V2.  A long obsolete implementation used SSL, but 
> the one we've been using doesn't.  I had been mistaken about that.  
> They're also pretty confident about password managers that do client 
> side encryption.  E.g., LastPass <https://lastpass.com/> and Kwallet 
> <http://userbase.kde.org/KDE_Wallet_Manager>. These tools make it 
> practical to maintain distinct, strong passwords for each web site and 
> hosted application, so you can stop using "log in with Facebook" type 
> shortcuts.  Of course, LastPass on an unmaintained Windows XP host is 
> only as secure as that host.  If it's full of memory-scraping malware, 
> you've got a local version of Heartbleed.
>
> Rational risk assessment means ignoring irrelevant factors. Mass 
> production identity thieves don't care about your politics.  
> (Spearfishers do.  They use everything they know about you to compile 
> a word list for guessing password and recovery secrets.)  They don't 
> care how paranoid you are about mass surveillance.
>
> Forward this message as you see fit.
> -/Cameron/
>
>
>
> On 04/11/2014 09:33 PM, Spencer Graves wrote:
>> Hi, Cameron, et al.:
>>
>>
>>       A discussion of how to deal with problems like Heartbleed is 
>> now available on Wikiversity, "Managing risk from cyber attacks".
>>
>>
>>       Please revise this as you see fit or send suggestions to me.  
>> Cameron has done a great service in providing his expertise on this 
>> list.  The Wikipedia article on Heartbleed received almost 47,000 
>> views on April 11 (UTC), and over 39,000 on the three previous days 
>> combined.  If this Wikiversity article gets a small portion of that 
>> number of views, it will provide a great service humanity.
>>
>>
>>       Creating that article helped me think through what seemed like 
>> a sensible reaction.  Alarmists said we should change all our 
>> passwords.  I think that's overkill.  Even creating a simple list of 
>> all the accounts and passwords I've created over the years was more 
>> work than I felt justified. And creating such a list would miss the 
>> point.  We need to worry about the financial institutions that manage 
>> savings. If cyber thieves drain those accounts, it could create big 
>> problems for us.  For more, see the Wikiversity article 
>> (https://en.wikiversity.org/wiki/Managing_risk_from_cyber_attacks).
>>
>>
>>       Thanks again, Cameron -- and thanks to John and Drew for their 
>> additional comments.
>>
>>
>>       Spencer
>>
>>
>> On 4/11/2014 3:29 PM, John Thielking wrote:
>>> Sorry to keep dragging this out, but I finally decided to search the 
>>> RT.com web site using the search term "computer hardware" to see if 
>>> I could find an article or two relating to my previous statement 
>>> that RT.com broadcast the claim that computer hardware in general 
>>> has been compromised by the NSA. I did find the following article at
>>>
>>> http://rt.com/op-edge/nsa-hacking-individual-computers-008/
>>>
>>>
>>> that states that some of the material provided by Snowden does in 
>>> fact indicate that some people's computers are implanted with 
>>> special chips to aid the NSA in monitoring them. This may not be 
>>> widespread just yet, but it does fit with previously broadcast info 
>>> from RT.com that was saying that certain people's laptops that have 
>>> been ordered online are sometimes transhipped to special NSA 
>>> facilities where they have their hardware modified to contain 
>>> implanted viruses or malware (in the CMOS perhaps?).  Of course the 
>>> article also says that the NSA may choose to bug all computers sold 
>>> in a specific city, if that city is a region of interest for the 
>>> NSA. I'll bet that Eugene, Oregon (Berkeley North) could be one of 
>>> those places. And who knows, they might put radio bugs in all the 
>>> watches sold there too.
>>>   More to think about I guess.
>>>
>>> A more speculative opinion piece is located here:
>>>
>>> http://rt.com/op-edge/nsa-spying-future-total-952/
>>>
>>>
>>> and a link to the Derspiegal article that this stuff is based on is 
>>> contained here:
>>>
>>> http://rt.com/op-edge/annie-machon-nsa-spying-925/ 
>>> <http://rt.com/op-edge/nsa-spying-future-total-952/>
>>>
>>>
>>> Any further thoughts?
>>>
>>> John Thielking
>>>
>>>
>>> On Fri, Apr 11, 2014 at 2:19 PM, John Thielking 
>>> <peacemovies at gmail.com <mailto:peacemovies at gmail.com>> wrote:
>>>
>>>     Another more specific question for you Cameron:
>>>
>>>     Is the patch for the Heartbleed bug supported for systems
>>>     running Windows XP, which was just barely out of date as of the
>>>     time of broad announcement of the Heartbleed bug, or do the
>>>     people currently running Windows XP also have to upgrade their
>>>     OS?  I know my home computer only has 500 MB of memory so I
>>>     can't just do an easy upgrade to Win 7.  I hope not too many POS
>>>     terminals are also in the same boat. They should upgrade to a
>>>     new OS anyway, but this problem may just compound the problem
>>>     presented by the Heartbleed bug itself.
>>>
>>>     John Thielking
>>>
> ...
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss


-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140412/f6ba3194/attachment.html>

From peacemovies at gmail.com  Sat Apr 12 17:23:16 2014
From: peacemovies at gmail.com (John Thielking)
Date: Sat, 12 Apr 2014 17:23:16 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <53499B03.9090409@prodsyse.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
	<5345DCE2.1000305@truffula.us>
	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>
	<5345F9D1.4080107@truffula.us>
	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
	<5348C220.9020504@prodsyse.com> <53498187.3040909@truffula.us>
	<53499B03.9090409@prodsyse.com>
Message-ID: <CAMxmhMcH_yFmjJMLK1-8PRZU1X3yBCku68jwBqRmCu9pHWU4Rg@mail.gmail.com>

I attended a retired union worker's BBQ today where reps from various
legislators' offices were available to answer questions. I mentioned the
Heartbleed bug a couple of times in my comments (once before and once after
the legislators' assistants and some legislators themselves showed up
late). I mentioned that the Heartbleed bug affects the security of credit
card numbers and PINS as well as the passwords to your favorite web sites.
I mentioned that to find out if your favorite web site has been patched to
fix the Heartbleed bug, you can simply Google for "Heartbleed" and find an
article that has a link to one of the sites that allows you to test the web
sites that you use to see if they have fixed the bug. I also urged the
legislators to come up with rules requiring banks to take various
additional security measures and to allow online account feature choices
that would tend to thwart any similar future bug. Such security features
and selections include: Any two factor security for transferring funds
online should include an offline component such as mailing the customer a
new debit card upon their request with new card numbers and a new security
code on the back. The new security code should only need to be used if the
customer transfers money online or uses the online bill pay features, so
that if the customer does not use those features, the new security code
would not be entered into the user interface of the bank's web site by the
customer. Another user selection would include the ability to let the
customer select (through a secure method) to either disable the online
money transfer features such as bank account money transfers and online
bill pay at some point after the creation of the account or to sign up for
a secure online account at the start that has those online features
permanently disabled. The "secure method" for changing (enabling or
disabling) these features could include, in the case of Direct Express
where there are not always Comerica bank branches available in every town,
a network of banks such as Chase and Wells Fargo, who do tend to have
branches in more places, who could securely transfer such requests to
Comerica upon the customer visiting the local branch and presenting a photo
ID. It is possible to implement part of these features without making any
changes to existing procedures by simply using an online bank account that
requires you to enter your current 3 or 4 digit security code on the back
of your debit card before making any online money transfers or before using
online bill pay features. Then if you want to be secure in this way, order
a new debit or credit card with all new numbers and simply never use those
online money transfer features so that you never enter the new security
code into your bank's web site user interface. If you really want to be
secure, you can tell your bank to disable online access to your account(s).
That way if someone hacks your security code when you use it on a third
party web site, they won't be able to use your bank's web site to steal any
funds from you (especially from your other accounts such as your savings
accounts), at least not through the front door anyhow. As for legislation
or not, it may be best to simply present these ideas to the experts and
legislators and have them lobby the banks, rather than casting new sections
of law into stone, as the banks may need to adapt quickly to future
security threats that may circumvent these new ideas and because of that
they should not have their hands tied by legislation. The next opportunity
to do this type of lobbying in the San Jose area will be at the Senior Scam
Stopper Seminar, Friday, April 18th, 2014 from 2PM-4PM at the Campbell
Community Center Orchard City Banquet Hall, 1 W Campbell Avenue, Campbell,
CA 95008. CA State Assembly member Paul Fong is putting on this event in
conjunction with the Contractors State License Board. The event will
include a panel of experts on preventing seniors from being scammed. It is
recommended to RSVP for this event as seating will be limited. To RSVP,
call 408-371-2802 or visit www.asmdc.org/yh. Thanks.


 Sincerely,


 John Thielking


On Sat, Apr 12, 2014 at 12:58 PM, Spencer Graves <
spencer.graves at prodsyse.com> wrote:

>  Hi, Cameron:
>
>
>       Thanks very much for all you've written on this.
>
>
>       Do you think the Wikipedia article on "Heartbleed" could be
> improved, e.g., by adding a section on "Gravity" (or some similar title),
> explaining what you just said?  I can help you with implementation if you
> don't feel comfortable with the Mediawiki markup language and the Wikipedia
> culture, I can help with that.  Additions without appropriate citations may
> be quickly reverted, but balanced comments with reasonable citations will
> likely be retained.  I think it's worth doing, because (as I previously
> noted) this "Heartbleed" article received almost 47,000 views on April 11
> (UTC), and over 39,000 on the three previous days combined.
>
>
>       Example:  17:12 today (5:12 PM, UTC), an anonymous user added a
> comment that, "It is believed that Heartbleed originates from the same
> organisation as stuxnet and duqu."  This comment included a reference to an
> article that mentioned neither stuxnet nor duqu.  It was undone 49 minutes
> later.  The article also includes comments that, "According to two insider
> sources speaking to Bloomberg.com, the United States National Security
> Agency was aware of the flaw since shortly after its introduction, but
> chose to keep it secret, instead of reporting it, in order to exploit it
> for their own purposes."  These comments cite 3 sources and are likely to
> remain in the article unless none of the 3 actually mention the NSA.
>
>
>       Best Wishes,
>       Spencer
>
>
> On 4/12/2014 11:10 AM, Cameron L. Spitzer wrote:
>
>
> >Alarmists said we should change all our passwords.  I think that's
> overkill.
>
> I disagree.
> Bruce Schneier is no "alarmist."  He's the author of the standard textbook
> Applied Cryptography, and a member of the Electronic Frontier Foundation's
> advisory board.  And he's the best tech writer to general audiences since
> Carl Sagan.  If you're having trouble with rational risk assessment (a
> widespread problem among activists), you should read his book *Beyond
> Fear* <https://www.schneier.com/book-beyondfear.html>.
>
> This is the worst Internet security problem due to a single programming
> error that I can remember, ever, because of the circumstances of its
> deployment and the nature of the exploit.
> When a vulnerability like this one is discovered, you *must* assume the
> bad guys have had the use of it since it was deployed.
> It allows not just stealing your password, but stealing the secrets that
> would make it impossible for your browser to detect an impostor HTTPS site.
> And in the standard deployment, exploiting the bug leaves no trace.
> In this case, the window was wide open for roughly two years.  Your
> passwords have *probably* been stolen from affected sites.
> Whether you have been managing them well is irrelevant.  Take all the
> needless risks you like, but don't lead others to take risks by denying
> them.
>
> Throwaway passwords used only for commenting on newspaper articles (etc)
> need not be replaced, unless they share recovery secrets with more
> sensitive accounts.  But *anything* useful for identity theft poses a
> risk.
> For example, the attacker might use your account at some ancestry site to
> discover some non-secret "secret" (e.g., street you lived on as a child,
> mother's maiden name) to accomplish a password reset on your bank site.
> (Next time, *lie* about your mother's maiden name, and keep the lie
> someplace safe.)  Identity thieves work on thousands of identities at a
> time, filling in a jigsaw puzzle on each potential victim.  They use
> efficient, automated, mass production techniques.  They rattle *every*doorknob.  You never know which pieces they already have or still need.
>
> I've been following my employer's well organized response to this
> problem.  One takeaway is our local experts are not at all concerned about
> Secure Shell V2.  A long obsolete implementation used SSL, but the one
> we've been using doesn't.  I had been mistaken about that.  They're also
> pretty confident about password managers that do client side encryption.
> E.g., LastPass <https://lastpass.com/> and Kwallet<http://userbase.kde.org/KDE_Wallet_Manager>.
> These tools make it practical to maintain distinct, strong passwords for
> each web site and hosted application, so you can stop using "log in with
> Facebook" type shortcuts.  Of course, LastPass on an unmaintained Windows
> XP host is only as secure as that host.  If it's full of memory-scraping
> malware, you've got a local version of Heartbleed.
>
> Rational risk assessment means ignoring irrelevant factors.  Mass
> production identity thieves don't care about your politics.  (Spearfishers
> do.  They use everything they know about you to compile a word list for
> guessing password and recovery secrets.)  They don't care how paranoid you
> are about mass surveillance.
>
> Forward this message as you see fit.
> -*Cameron*
>
>
>
> On 04/11/2014 09:33 PM, Spencer Graves wrote:
>
> Hi, Cameron, et al.:
>
>
>       A discussion of how to deal with problems like Heartbleed is now
> available on Wikiversity, "Managing risk from cyber attacks".
>
>
>       Please revise this as you see fit or send suggestions to me.
> Cameron has done a great service in providing his expertise on this list.
> The Wikipedia article on Heartbleed received almost 47,000 views on April
> 11 (UTC), and over 39,000 on the three previous days combined.  If this
> Wikiversity article gets a small portion of that number of views, it will
> provide a great service humanity.
>
>
>       Creating that article helped me think through what seemed like a
> sensible reaction.  Alarmists said we should change all our passwords.  I
> think that's overkill.  Even creating a simple list of all the accounts and
> passwords I've created over the years was more work than I felt justified.
> And creating such a list would miss the point.  We need to worry about the
> financial institutions that manage savings.  If cyber thieves drain those
> accounts, it could create big problems for us.  For more, see the
> Wikiversity article (
> https://en.wikiversity.org/wiki/Managing_risk_from_cyber_attacks).
>
>
>       Thanks again, Cameron -- and thanks to John and Drew for their
> additional comments.
>
>
>       Spencer
>
>
> On 4/11/2014 3:29 PM, John Thielking wrote:
>
>   Sorry to keep dragging this out, but I finally decided to search the
> RT.com web site using the search term "computer hardware" to see if I could
> find an article or two relating to my previous statement that RT.com
> broadcast the claim that computer hardware in general has been compromised
> by the NSA. I did find the following article at
>
> http://rt.com/op-edge/nsa-hacking-individual-computers-008/
>
>
>  that states that some of the material provided by Snowden does in fact
> indicate that some people's computers are implanted with special chips to
> aid the NSA in monitoring them. This may not be widespread just yet, but it
> does fit with previously broadcast info from RT.com that was saying that
> certain people's laptops that have been ordered online are sometimes
> transhipped to special NSA facilities where they have their hardware
> modified to contain implanted viruses or malware (in the CMOS perhaps?).
> Of course the article also says that the NSA may choose to bug all
> computers sold in a specific city, if that city is a region of interest for
> the NSA. I'll bet that Eugene, Oregon (Berkeley North) could be one of
> those places. And who knows, they might put radio bugs in all the watches
> sold there too.
>    More to think about I guess.
>
>  A more speculative opinion piece is located here:
>
> http://rt.com/op-edge/nsa-spying-future-total-952/
>
>
>  and a link to the Derspiegal article that this stuff is based on is
> contained here:
>
> http://rt.com/op-edge/annie-machon-nsa-spying-925/<http://rt.com/op-edge/nsa-spying-future-total-952/>
>
>  Any further thoughts?
>
>  John Thielking
>
>
> On Fri, Apr 11, 2014 at 2:19 PM, John Thielking <peacemovies at gmail.com>wrote:
>
>>  Another more specific question for you Cameron:
>>
>>  Is the patch for the Heartbleed bug supported for systems running
>> Windows XP, which was just barely out of date as of the time of broad
>> announcement of the Heartbleed bug, or do the people currently running
>> Windows XP also have to upgrade their OS?  I know my home computer only has
>> 500 MB of memory so I can't just do an easy upgrade to Win 7.  I hope not
>> too many POS terminals are also in the same boat.  They should upgrade to a
>> new OS anyway, but this problem may just compound the problem presented by
>> the Heartbleed bug itself.
>>
>>  John Thielking
>>
>>    ...
>
>
> _______________________________________________
> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
>
>
> --
> Spencer Graves, PE, PhD
> President and Chief Technology Officer
> Structure Inspection and Monitoring, Inc.
> 751 Emerson Ct.
> San Jos?, CA 95126
> ph:  408-655-4567
> web:  www.structuremonitoring.com
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140412/73685eef/attachment.html>

From rainbeaufriend at riseup.net  Sat Apr 12 17:49:40 2014
From: rainbeaufriend at riseup.net (Drew)
Date: Sat, 12 Apr 2014 17:49:40 -0700
Subject: [GPSCC-chat] climate crisis documentary
Message-ID: <73e4ddf9-fa3a-48e6-9e4e-bb2424b042a0@email.android.com>

SUNDAY: "Years of Living Dangerously" is an ambitious four-part documentary that uses celebrity star power to call attention to the issue of climate change. Participants include Arnold Schwarzenegger, Matt Damon, Jessica Alba and Harrison Ford. 10 p.m., Showtime.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140412/795cee5b/attachment.html>

From rainbeaufriend at riseup.net  Sat Apr 12 18:12:56 2014
From: rainbeaufriend at riseup.net (Drew)
Date: Sat, 12 Apr 2014 18:12:56 -0700
Subject: [GPSCC-chat] Merc excuses SJ's crimes v outside Pepe
Message-ID: <c2eb6f6a-89e6-4c2a-a0c6-363ba78655f9@email.android.com>

Drew: Below SJ Merky attempts to shift blame focus to state. Surely the state, the nation and our society should take the major responsibility, but that's no excuse for San Jose's abuse of our outside people. Frankly I've speculated whether San Jose or our 1 percenter real estate organized crime syndicate that control much of our Santa Clara Valley politics that manipulated Fish and Game into that unbelievably inhumane maneuver just to distract the people's attention away from San Jose's fascistic behavior vs our outside population.



4/11/14 
Mercury News editorial: Homelessness isn't just a city responsibility.
Mercury News editorial: Homelessness isn't just a city responsibility. Mercury News Editorial . The pressure is on San Jose to deal with the epidemic of homelessness that's turning pockets of the city into Third World encampments, polluting waterways and unsettling nearby neighborhoods. The squalid 75-acre camp known as The Jungle near Story Road is said to be the largest of its kind on the continental United States. But San Jose is not causing or ignoring this problem. Nor is Santa Clara County, whose work with the city on homelessness is one of the best collaborations ever for the two governments. All cities in Silicon Valley should accept regional responsibility for the poverty growing in our midst. But if there is a single villain to call out, it's the state of California. The Legislature and Gov. Jerry Brown took away cities' capacity to build affordable housing when they dismantled redevelopment agencies and failed to replace the housing money. That cost San Jose some $40
million a year it had used to help nonprofits and others build affordable projects. Despite an explosion of homelessness statewide -- California now has 20 percent of the nation's homeless -- Sacramento has turned its back. Or worse. Now the state Fish and Game Department is citing San Jose for the camps' pollution of rivers. It suggests the homeless should be arrested. Really? What is this, a Les Miserables revival? National and local leaders know what works: Put people in actual homes and set up the support services they need to function in society. This has been shown time and again to be cheaper in the long run, and Destination Home, the local partnership working toward the goal, does a great job. But there's no place to house people and no money to build units. Many of today's homeless have incomes -- low wage jobs, military or disability pensions. Some even have rent vouchers, but market rents are so high, landlords choose not to accept them. San Jose's proposal to turn some
high vacancy motel rooms into efficiencies for the homeless is a great idea, but it will provide maybe 60 units. The valley needs an infusion of affordable apartments to give Destination Home a chance to do its work. San Jose Housing Director Leslye Corsiglia, who has been fighting the good fight for decades, says the federal government offers some support, and local cities and the county are exploring the idea of a joint powers authority to pool resources. There's some federal money available for housing, and local agencies are grabbing as much as they can. The state is the missing player. Construction cranes over downtown and North San Jose are building hundreds of market rate apartments. But when rents come down, so will the cranes. Builders will never create enough housing to make it cheap here. The state took away San Jose's capacity to leverage nonprofit resources for affordable housing. Until it accepts responsibility and gets back in the game, the homeless camps will grow. .





-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140412/e5c54946/attachment.html>

From spencer.graves at prodsyse.com  Sat Apr 12 18:15:12 2014
From: spencer.graves at prodsyse.com (Spencer Graves)
Date: Sat, 12 Apr 2014 18:15:12 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <CAMxmhMcH_yFmjJMLK1-8PRZU1X3yBCku68jwBqRmCu9pHWU4Rg@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>	<5345DCE2.1000305@truffula.us>	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>	<5345F9D1.4080107@truffula.us>	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>	<5346F4FA.7000309@prodsyse.com>	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>	<53480E30.3040002@truffula.us>	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>	<5348C220.9020504@prodsyse.com>	<53498187.3040909@truffula.us>	<53499B03.9090409@prodsyse.com>
	<CAMxmhMcH_yFmjJMLK1-8PRZU1X3yBCku68jwBqRmCu9pHWU4Rg@mail.gmail.com>
Message-ID: <5349E520.1080207@prodsyse.com>

John:


       Possibly the largest network of Automated Teller Machines (ATMs) 
in the world may be those run by credit unions.  Many if not all credit 
unions world wide honor each other's debit cards. Provident Credit Union 
(providentcu.org) advertises, "Over 28,000 CO-OP Network ATMs worldwide 
(including over 5,500 ATMs in 7-Eleven stores around the country). 
Provident deposits accepted at many of these locations. Over 22,000 
MoneyPass ATMs nationwide (including at US Bank, Dunkin' Donuts, 
Walgreens, and more).  Over 4,900 Alliance One ATMs in 43 states 
nationwide.  Provident members can use any Bank of the West ATM without 
incurring a surcharge. Bank of the West has over 650 branches in 19 
states (including many in San Francisco Bay Area). Provident deposits 
accepted at many of these locations."   I just checked to see what 
Provident Credit Union offered for St. Francis, KS, where I attended 
High School.  They said they had no branches near there. The nearest ATM 
was 25 miles away, and they listed 3 others within 40 miles.  I checked 
Denver 200 miles from St. Francis:  I got a list of over 50 branches I 
could enter and many more ATMs.


       I rarely enter a Provident CU office;  the closest is 3-4 miles 
away.  I usually get cash back when I use my debit card with major 
retailers.  If I need to make a deposit or I need more cash, I use the 
ATM at a credit union closer that's less than one mile from where we 
live.  If I recall correctly, I had a problem once making a deposit at 
this other credit union.  A few months later, the problem was resolved.


        Spencer


On 4/12/2014 5:23 PM, John Thielking wrote:
>
> I attended a retired union worker's BBQ today where reps from various 
> legislators' offices were available to answer questions. I mentioned 
> the Heartbleed bug a couple of times in my comments (once before and 
> once after the legislators' assistants and some legislators themselves 
> showed up late). I mentioned that the Heartbleed bug affects the 
> security of credit card numbers and PINS as well as the passwords to 
> your favorite web sites. I mentioned that to find out if your favorite 
> web site has been patched to fix the Heartbleed bug, you can simply 
> Google for "Heartbleed" and find an article that has a link to one of 
> the sites that allows you to test the web sites that you use to see if 
> they have fixed the bug. I also urged the legislators to come up with 
> rules requiring banks to take various additional security measures and 
> to allow online account feature choices that would tend to thwart any 
> similar future bug. Such security features and selections include: Any 
> two factor security for transferring funds online should include an 
> offline component such as mailing the customer a new debit card upon 
> their request with new card numbers and a new security code on the 
> back. The new security code should only need to be used if the 
> customer transfers money online or uses the online bill pay features, 
> so that if the customer does not use those features, the new security 
> code would not be entered into the user interface of the bank's web 
> site by the customer. Another user selection would include the ability 
> to let the customer select (through a secure method) to either disable 
> the online money transfer features such as bank account money 
> transfers and online bill pay at some point after the creation of the 
> account or to sign up for a secure online account at the start that 
> has those online features permanently disabled. The "secure method" 
> for changing (enabling or disabling) these features could include, in 
> the case of Direct Express where there are not always Comerica bank 
> branches available in every town, a network of banks such as Chase and 
> Wells Fargo, who do tend to have branches in more places, who could 
> securely transfer such requests to Comerica upon the customer visiting 
> the local branch and presenting a photo ID. It is possible to 
> implement part of these features without making any changes to 
> existing procedures by simply using an online bank account that 
> requires you to enter your current 3 or 4 digit security code on the 
> back of your debit card before making any online money transfers or 
> before using online bill pay features. Then if you want to be secure 
> in this way, order a new debit or credit card with all new numbers and 
> simply never use those online money transfer features so that you 
> never enter the new security code into your bank's web site user 
> interface. If you really want to be secure, you can tell your bank to 
> disable online access to your account(s). That way if someone hacks 
> your security code when you use it on a third party web site, they 
> won't be able to use your bank's web site to steal any funds from you 
> (especially from your other accounts such as your savings accounts), 
> at least not through the front door anyhow. As for legislation or not, 
> it may be best to simply present these ideas to the experts and 
> legislators and have them lobby the banks, rather than casting new 
> sections of law into stone, as the banks may need to adapt quickly to 
> future security threats that may circumvent these new ideas and 
> because of that they should not have their hands tied by legislation. 
> The next opportunity to do this type of lobbying in the San Jose area 
> will be at the Senior Scam Stopper Seminar, Friday, April 18^th , 2014 
> from 2PM-4PM at the Campbell Community Center Orchard City Banquet 
> Hall, 1 W Campbell Avenue, Campbell, CA 95008. CA State Assembly 
> member Paul Fong is putting on this event in conjunction with the 
> Contractors State License Board. The event will include a panel of 
> experts on preventing seniors from being scammed. It is recommended to 
> RSVP for this event as seating will be limited. To RSVP, call 
> 408-371-2802 or visit www.asmdc.org/yh <http://www.asmdc.org/yh>. Thanks.
>
>
> Sincerely,
>
>
> John Thielking
>
>
>
> On Sat, Apr 12, 2014 at 12:58 PM, Spencer Graves 
> <spencer.graves at prodsyse.com <mailto:spencer.graves at prodsyse.com>> wrote:
>
>     Hi, Cameron:
>
>
>           Thanks very much for all you've written on this.
>
>
>           Do you think the Wikipedia article on "Heartbleed" could be
>     improved, e.g., by adding a section on "Gravity" (or some similar
>     title), explaining what you just said?  I can help you with
>     implementation if you don't feel comfortable with the Mediawiki
>     markup language and the Wikipedia culture, I can help with that. 
>     Additions without appropriate citations may be quickly reverted,
>     but balanced comments with reasonable citations will likely be
>     retained.  I think it's worth doing, because (as I previously
>     noted) this "Heartbleed" article received almost 47,000 views on
>     April 11 (UTC), and over 39,000 on the three previous days combined.
>
>
>           Example:  17:12 today (5:12 PM, UTC), an anonymous user
>     added a comment that, "It is believed that Heartbleed originates
>     from the same organisation as stuxnet and duqu."  This comment
>     included a reference to an article that mentioned neither stuxnet
>     nor duqu.  It was undone 49 minutes later.  The article also
>     includes comments that, "According to two insider sources speaking
>     to Bloomberg.com, the United States National Security Agency was
>     aware of the flaw since shortly after its introduction, but chose
>     to keep it secret, instead of reporting it, in order to exploit it
>     for their own purposes."  These comments cite 3 sources and are
>     likely to remain in the article unless none of the 3 actually
>     mention the NSA.
>
>
>           Best Wishes,
>           Spencer
>
>
>     On 4/12/2014 11:10 AM, Cameron L. Spitzer wrote:
>>
>>     >Alarmists said we should change all our passwords.  I think
>>     that's overkill.
>>
>>     I disagree.
>>     Bruce Schneier is no "alarmist."  He's the author of the standard
>>     textbook Applied Cryptography, and a member of the Electronic
>>     Frontier Foundation's advisory board.  And he's the best tech
>>     writer to general audiences since Carl Sagan.  If you're having
>>     trouble with rational risk assessment (a widespread problem among
>>     activists), you should read his book /Beyond Fear/
>>     <https://www.schneier.com/book-beyondfear.html>.
>>
>>     This is the worst Internet security problem due to a single
>>     programming error that I can remember, ever, because of the
>>     circumstances of its deployment and the nature of the exploit.
>>     When a vulnerability like this one is discovered, you /must/
>>     assume the bad guys have had the use of it since it was deployed.
>>     It allows not just stealing your password, but stealing the
>>     secrets that would make it impossible for your browser to detect
>>     an impostor HTTPS site.
>>     And in the standard deployment, exploiting the bug leaves no trace.
>>     In this case, the window was wide open for roughly two years. 
>>     Your passwords have /probably/ been stolen from affected sites.
>>     Whether you have been managing them well is irrelevant.  Take all
>>     the needless risks you like, but don't lead others to take risks
>>     by denying them.
>>
>>     Throwaway passwords used only for commenting on newspaper
>>     articles (etc) need not be replaced, unless they share recovery
>>     secrets with more sensitive accounts.  But /anything/ useful for
>>     identity theft poses a risk.
>>     For example, the attacker might use your account at some ancestry
>>     site to discover some non-secret "secret" (e.g., street you lived
>>     on as a child, mother's maiden name) to accomplish a password
>>     reset on your bank site.  (Next time, /lie/ about your mother's
>>     maiden name, and keep the lie someplace safe.)  Identity thieves
>>     work on thousands of identities at a time, filling in a jigsaw
>>     puzzle on each potential victim.  They use efficient, automated,
>>     mass production techniques. They rattle /every/ doorknob.  You
>>     never know which pieces they already have or still need.
>>
>>     I've been following my employer's well organized response to this
>>     problem.  One takeaway is our local experts are not at all
>>     concerned about Secure Shell V2.  A long obsolete implementation
>>     used SSL, but the one we've been using doesn't.  I had been
>>     mistaken about that.  They're also pretty confident about
>>     password managers that do client side encryption.  E.g., LastPass
>>     <https://lastpass.com/> and Kwallet
>>     <http://userbase.kde.org/KDE_Wallet_Manager>.  These tools make
>>     it practical to maintain distinct, strong passwords for each web
>>     site and hosted application, so you can stop using "log in with
>>     Facebook" type shortcuts.  Of course, LastPass on an unmaintained
>>     Windows XP host is only as secure as that host.  If it's full of
>>     memory-scraping malware, you've got a local version of Heartbleed.
>>
>>     Rational risk assessment means ignoring irrelevant factors.  Mass
>>     production identity thieves don't care about your politics. 
>>     (Spearfishers do.  They use everything they know about you to
>>     compile a word list for guessing password and recovery secrets.) 
>>     They don't care how paranoid you are about mass surveillance.
>>
>>     Forward this message as you see fit.
>>     -/Cameron/
>>
>>
>>
>>     On 04/11/2014 09:33 PM, Spencer Graves wrote:
>>>     Hi, Cameron, et al.:
>>>
>>>
>>>           A discussion of how to deal with problems like Heartbleed
>>>     is now available on Wikiversity, "Managing risk from cyber
>>>     attacks".
>>>
>>>
>>>           Please revise this as you see fit or send suggestions to
>>>     me.  Cameron has done a great service in providing his expertise
>>>     on this list.  The Wikipedia article on Heartbleed received
>>>     almost 47,000 views on April 11 (UTC), and over 39,000 on the
>>>     three previous days combined.  If this Wikiversity article gets
>>>     a small portion of that number of views, it will provide a great
>>>     service humanity.
>>>
>>>
>>>           Creating that article helped me think through what seemed
>>>     like a sensible reaction. Alarmists said we should change all
>>>     our passwords.  I think that's overkill.  Even creating a simple
>>>     list of all the accounts and passwords I've created over the
>>>     years was more work than I felt justified.  And creating such a
>>>     list would miss the point.  We need to worry about the financial
>>>     institutions that manage savings.  If cyber thieves drain those
>>>     accounts, it could create big problems for us.  For more, see
>>>     the Wikiversity article
>>>     (https://en.wikiversity.org/wiki/Managing_risk_from_cyber_attacks).
>>>
>>>
>>>           Thanks again, Cameron -- and thanks to John and Drew for
>>>     their additional comments.
>>>
>>>
>>>           Spencer
>>>
>>>
>>>     On 4/11/2014 3:29 PM, John Thielking wrote:
>>>>     Sorry to keep dragging this out, but I finally decided to
>>>>     search the RT.com web site using the search term "computer
>>>>     hardware" to see if I could find an article or two relating to
>>>>     my previous statement that RT.com broadcast the claim that
>>>>     computer hardware in general has been compromised by the NSA. I
>>>>     did find the following article at
>>>>
>>>>     http://rt.com/op-edge/nsa-hacking-individual-computers-008/
>>>>
>>>>
>>>>     that states that some of the material provided by Snowden does
>>>>     in fact indicate that some people's computers are implanted
>>>>     with special chips to aid the NSA in monitoring them. This may
>>>>     not be widespread just yet, but it does fit with previously
>>>>     broadcast info from RT.com that was saying that certain
>>>>     people's laptops that have been ordered online are sometimes
>>>>     transhipped to special NSA facilities where they have their
>>>>     hardware modified to contain implanted viruses or malware (in
>>>>     the CMOS perhaps?).  Of course the article also says that the
>>>>     NSA may choose to bug all computers sold in a specific city, if
>>>>     that city is a region of interest for the NSA. I'll bet that
>>>>     Eugene, Oregon (Berkeley North) could be one of those places.
>>>>     And who knows, they might put radio bugs in all the watches
>>>>     sold there too.
>>>>       More to think about I guess.
>>>>
>>>>     A more speculative opinion piece is located here:
>>>>
>>>>     http://rt.com/op-edge/nsa-spying-future-total-952/
>>>>
>>>>
>>>>     and a link to the Derspiegal article that this stuff is based
>>>>     on is contained here:
>>>>
>>>>     http://rt.com/op-edge/annie-machon-nsa-spying-925/
>>>>     <http://rt.com/op-edge/nsa-spying-future-total-952/>
>>>>
>>>>
>>>>     Any further thoughts?
>>>>
>>>>     John Thielking
>>>>
>>>>
>>>>     On Fri, Apr 11, 2014 at 2:19 PM, John Thielking
>>>>     <peacemovies at gmail.com <mailto:peacemovies at gmail.com>> wrote:
>>>>
>>>>         Another more specific question for you Cameron:
>>>>
>>>>         Is the patch for the Heartbleed bug supported for systems
>>>>         running Windows XP, which was just barely out of date as of
>>>>         the time of broad announcement of the Heartbleed bug, or do
>>>>         the people currently running Windows XP also have to
>>>>         upgrade their OS?  I know my home computer only has 500 MB
>>>>         of memory so I can't just do an easy upgrade to Win 7.  I
>>>>         hope not too many POS terminals are also in the same boat. 
>>>>         They should upgrade to a new OS anyway, but this problem
>>>>         may just compound the problem presented by the Heartbleed
>>>>         bug itself.
>>>>
>>>>         John Thielking
>>>>
>>     ...
>>
>>
>>     _______________________________________________
>>     sosfbay-discuss mailing list
>>     sosfbay-discuss at cagreens.org  <mailto:sosfbay-discuss at cagreens.org>
>>     http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>

-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140412/ca48f7d7/attachment.html>

From rainbeaufriend at riseup.net  Sat Apr 12 18:19:52 2014
From: rainbeaufriend at riseup.net (Drew)
Date: Sat, 12 Apr 2014 18:19:52 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <CAMxmhMcH_yFmjJMLK1-8PRZU1X3yBCku68jwBqRmCu9pHWU4Rg@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
	<5345DCE2.1000305@truffula.us>
	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>
	<5345F9D1.4080107@truffula.us>
	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
	<5348C220.9020504@prodsyse.com> <53498187.3040909@truffula.us>
	<53499B03.9090409@prodsyse.com>
	<CAMxmhMcH_yFmjJMLK1-8PRZU1X3yBCku68jwBqRmCu9pHWU4Rg@mail.gmail.com>
Message-ID: <194cf841-7820-40e7-a22c-f17105373a18@email.android.com>

Credit Unions are better for society and their customers in so many ways, let's not encourage banks at all. Credit Unions!

Green is union!

Drew
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140412/abb647da/attachment.html>

From cls at truffula.us  Sat Apr 12 18:27:13 2014
From: cls at truffula.us (Cameron L. Spitzer)
Date: Sat, 12 Apr 2014 18:27:13 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <53499B03.9090409@prodsyse.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>	<5345BFD7.4090800@truffula.us>	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>	<5345DCE2.1000305@truffula.us>	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>	<5345F9D1.4080107@truffula.us>	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>	<5346F4FA.7000309@prodsyse.com>	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>	<53480E30.3040002@truffula.us>	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>	<5348C220.9020504@prodsyse.com>
	<53498187.3040909@truffula.us> <53499B03.9090409@prodsyse.com>
Message-ID: <5349E7F1.7060601@truffula.us>


 >"It is believed that Heartbleed originates from the same organisation 
as stuxnet and duqu."

That's just silly, of course.  OpenSSL is developed in the open using a 
collaboration tool called Git that was invented for Linux kernel 
development.
OpenSSL's Git instance is online where anyone can fetch any version any 
time.
To see the fix, just google "heartbleed git commits" and follow the 
first link 
<http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3#patch2>.  
That's the fix (bug code in red, fix code in green, in two files) being 
introduced to the code line.

The bug was introduced with the heartbeat feature.  That commit is here 
<http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4817504d069b4c5082161b02a22116ad75f822b1>.
Robin Segglemann is not mysterious.  He's given interviews about it by 
now.  It's a dumb error (missing bounds check, shouldn't trust the 
remote system) that was all too common in networking software a decade 
ago but reviewers usually look for these days.
A stealthy intelligence agency introducing a secret back door would have 
made some effort to hide it or sneak it in.  It would be much more subtle.


 >"the United States National Security Agency was aware of the flaw 
since shortly after its introduction"

Of Course.  OpenSSL is open source security software.  NSA reviews that 
more carefully and faster than anybody else does.  We'd all be amazed if 
they, of all reviewers, /didn't/ spot a missing bounds check.  (More 
disappointed than amazed it got past everybody else.)  Discovering the 
bug and not promptly informing OpenSSL's maintainers was evil.



On 04/12/2014 12:58 PM, Spencer Graves wrote:
> Hi, Cameron:
>
>
> [...]     Example:  17:12 today (5:12 PM, UTC), an anonymous user 
> added a comment that, "It is believed that Heartbleed originates from 
> the same organisation as stuxnet and duqu." This comment included a 
> reference to an article that mentioned neither stuxnet nor duqu.  It 
> was undone 49 minutes later.  The article also includes comments that, 
> "According to two insider sources speaking to Bloomberg.com, the 
> United States National Security Agency was aware of the flaw since 
> shortly after its introduction, but chose to keep it secret, instead 
> of reporting it, in order to exploit it for their own purposes." [...]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140412/0b5fe83e/attachment.html>

From peacemovies at gmail.com  Sat Apr 12 18:29:57 2014
From: peacemovies at gmail.com (John Thielking)
Date: Sat, 12 Apr 2014 18:29:57 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <194cf841-7820-40e7-a22c-f17105373a18@email.android.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
	<5345DCE2.1000305@truffula.us>
	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>
	<5345F9D1.4080107@truffula.us>
	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
	<5348C220.9020504@prodsyse.com> <53498187.3040909@truffula.us>
	<53499B03.9090409@prodsyse.com>
	<CAMxmhMcH_yFmjJMLK1-8PRZU1X3yBCku68jwBqRmCu9pHWU4Rg@mail.gmail.com>
	<194cf841-7820-40e7-a22c-f17105373a18@email.android.com>
Message-ID: <CAMxmhMcrALaQAPZmhB1mKL26z-sZfXRTK3ZXoecbVR2zq282=w@mail.gmail.com>

Drew,

My plan is easily adaptable to your preference to use credit unions. Many
seniors are stuck using Comerica as that is the bank that issues the Direct
Express debit card that they use to get their SS benefits. I'm sure that
the credit unions likely have the same problems as the major banks when it
comes to allowing their customers to customize the features of their online
accounts that would help with security in the ways that I described.  If
that is true, the credit unions need to be lobbied on this too.

John Thielking


On Sat, Apr 12, 2014 at 6:19 PM, Drew <rainbeaufriend at riseup.net> wrote:

> Credit Unions are better for society and their customers in so many ways,
> let's not encourage banks at all. Credit Unions!
>
> Green is union!
>
>
> Drew
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140412/58ef4a2a/attachment.html>

From cls at truffula.us  Sat Apr 12 18:51:44 2014
From: cls at truffula.us (Cameron L. Spitzer)
Date: Sat, 12 Apr 2014 18:51:44 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
	<5345DCE2.1000305@truffula.us>
	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>
	<5345F9D1.4080107@truffula.us>
	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
Message-ID: <5349EDB0.8020209@truffula.us>


To give you a sense of the care that went into the RT article, they 
misspelled Stuxnet.  A proper name a security expert or a journalist on 
that beat would know well.

I think it was already well known NSA bugs computers domestically.  It's 
not surprising they do it to mail orders instead of burglarizing each 
end-user's office, it's safer and more efficient.  Which is why that 
particular revelation didn't stand out in the pack.

There are two common mechanisms.  A compromised BIOS can be used to 
launch a hidden, compromised kernel instead of the one your distro 
(Windows or Linux) maintains for you.  And the keyboard or its 
"controller" on the motherboard can be modified to log keystrokes.  
These techniques are not unique to the NSA.  The east European malware 
syndicate uses BIOS attacks, and industrial spies and private eyes use 
key loggers.

If you suspect a BIOS compromise, launch your system from a USB key 
prepared on a trusted system.  Whatever tricks the bad BIOS plays are 
not going to get past a stock GRUB installation.  You could even get a 
VM in Finland and build the GRUB image there from trusted sources.  It 
seems like a lot of trouble to go to about a rather remote risk, 
compared with much larger risks (e.g., using MS Windows or Gmail...) we 
tolerate for convenience.


On 04/11/2014 03:29 PM, John Thielking wrote:
> Sorry to keep dragging this out, but I finally decided to search the 
> RT.com web site using the search term "computer hardware" to see if I 
> could find an article or two relating to my previous statement that 
> RT.com broadcast the claim that computer hardware in general has been 
> compromised by the NSA. I did find the following article at
>
> http://rt.com/op-edge/nsa-hacking-individual-computers-008/
>
>
> that states that some of the material provided by Snowden does in fact 
> indicate that some people's computers are implanted with special chips 
> to aid the NSA in monitoring them. This may not be widespread just 
> yet, but it does fit with previously broadcast info from RT.com that 
> was saying that certain people's laptops that have been ordered online 
> are sometimes transhipped to special NSA facilities where they have 
> their hardware modified to contain implanted viruses or malware (in 
> the CMOS perhaps?).  Of course the article also says that the NSA may 
> choose to bug all computers sold in a specific city, if that city is a 
> region of interest for the NSA. I'll bet that Eugene, Oregon (Berkeley 
> North) could be one of those places. And who knows, they might put 
> radio bugs in all the watches sold there too.
>   More to think about I guess.
>
> A more speculative opinion piece is located here:
>
> http://rt.com/op-edge/nsa-spying-future-total-952/
>
>
> and a link to the Derspiegal article that this stuff is based on is 
> contained here:
>
> http://rt.com/op-edge/annie-machon-nsa-spying-925/ 
> <http://rt.com/op-edge/nsa-spying-future-total-952/>
>
>
> Any further thoughts?
>
> John Thielking
>
>
> On Fri, Apr 11, 2014 at 2:19 PM, John Thielking <peacemovies at gmail.com 
> <mailto:peacemovies at gmail.com>> wrote:
>
>     Another more specific question for you Cameron:
>
>     Is the patch for the Heartbleed bug supported for systems running
>     Windows XP, which was just barely out of date as of the time of
>     broad announcement of the Heartbleed bug, or do the people
>     currently running Windows XP also have to upgrade their OS?  I
>     know my home computer only has 500 MB of memory so I can't just do
>     an easy upgrade to Win 7.  I hope not too many POS terminals are
>     also in the same boat.  They should upgrade to a new OS anyway,
>     but this problem may just compound the problem presented by the
>     Heartbleed bug itself.
>
>     John Thielking
>
>
>     On Fri, Apr 11, 2014 at 12:52 PM, John Thielking
>     <peacemovies at gmail.com <mailto:peacemovies at gmail.com>> wrote:
>
>         People should also know that there may be additional security
>         gaps in ATMs and Point Of Sale terminals due to their owners'
>         slow response to the need to do away with using Windows XP.
>         For instance, the last time I went to Round Table Pizza a
>         couple of weeks ago, the screen saver on their POS terminal
>         still said "Windows XP". Chase signed a contract for another
>         year of support from MS for Win XP for their ATMs, but I can
>         only assume that everyone else will no longer have support for
>         Win XP after early April 2014.  Good luck on that one too.
>
>         John Thielking
>
>
>         On Fri, Apr 11, 2014 at 12:14 PM, John Thielking
>         <peacemovies at gmail.com <mailto:peacemovies at gmail.com>> wrote:
>
>             After reading this I'm not likely to trust ATMs for awhile
>             with any of my debit cards or credit cards. At least my
>             latest credit card company and one of my debit cards I'm
>             pretty sure I can just go to the bank teller of any bank
>             and get a "cash advance" from the teller instead of using
>             an ATM. Often times I don't need a PIN when doing that,
>             just a photo ID.  I think the fees for that method may
>             even be less than using the ATM anyway. Do you think that
>             the bank teller's systems are likely to be more secure
>             than their ATM's?
>               Thanks for clarifying the other info Cameron.
>
>             Sincerely,
>
>             John Thielking
>
>
>             On Fri, Apr 11, 2014 at 8:45 AM, Cameron L. Spitzer
>             <cls at truffula.us <mailto:cls at truffula.us>> wrote:
>
>
>                 I may have been unclear.
>                 1.  Check your bank (etc) site for the vulnerability.
>                 If it's bad, make a note.
>                 2.  Change your password.
>
>                 3.  Go back to the bad ones tomorrow and check them again.
>                 4.  If a site has changed from bad to good, change
>                 your password there.
>
>                 5.  Repeat again tomorrow until there are no more bad
>                 sites on your list.
>
>                 If the first check of a site was good, you'll only
>                 change that site's password once.
>                 If the first check was bad, you'll have to change your
>                 password twice.  The first change deactivates the
>                 password which was probably stolen over the last two
>                 years, replacing it with a temporary password.  The
>                 second replaces the temporary password, which may also
>                 have been stolen.
>
>
>                 The work your bank (etc) has to do is more elaborate. 
>                 They have to replace the trust certificates that SSL
>                 protects. because those have secret keys and they also
>                 could have been stolen.  However, when a site goes
>                 from bad to good it's a pretty good indication they're
>                 doing all of that.  The certs are mainly important for
>                 protecting you from impostor web sites. Impostors are
>                 mainly a threat to people who follow links received in
>                 email, but they can also appear if the DNS is
>                 compromised anywhere along the line.  That mostly
>                 happens to Microsoft Windows users with malware
>                 (that's most consumers who use Windows at home) and on
>                 corporate intranets. Ironically, even though
>                 Microsoft's implementation of SSL was not affected,
>                 the prevalence of Windows malware greatly magnifies
>                 the vulnerability, One more example of how Windows
>                 ruins everything, even for non-Windows users!
>
>
>                 The OpenSSL source code's history is visible at its
>                 Github page.  Several security blogs show how you can
>                 look up the Dec 31 2011 change that introduced the bug
>                 and the April 7 2014 change that fixes it.  No
>                 stealthy detective work is needed. However, Github is
>                 pretty swamped this week with everybody looking at
>                 these two changes, so you might get a timeout or a 500
>                 error.
>
>                 It will take years for everybody to fix everything. 
>                 There are home routers, ATM machines, point of sale
>                 terminals (we used to call them "cash registers") and
>                 other "appliances" (voting machines?) which use the
>                 buggy OpenSSL, and most consumers never update the
>                 firmware in those things.
>                 Corporate intranets with huge software stacks
>                 (internal accounting processes etc) will be the most work.
>                 But almost large consumer-facing commerce sites will
>                 have this fixed within a few weeks.  The fix isn't
>                 difficult for professionally managed web sites, and
>                 the urgency is high and unusually well understood.
>
>
>
>
>                 On 04/10/2014 10:07 PM, John Thielking wrote:
>>                 KRON4 TV news had an interesting piece on this bug
>>                 tonight. Hopefully they rebroadcast it at 11 so you
>>                 all can see it. They were saying that they found out
>>                 who created the bug, that it was a "mistake" and that
>>                 it could take years for all the web sites involved to
>>                 be fixed. What a headache.
>>
>>                 John Thielking
>>
>>
>>                 On Thu, Apr 10, 2014 at 12:46 PM, Spencer Graves
>>                 <spencer.graves at prodsyse.com
>>                 <mailto:spencer.graves at prodsyse.com>> wrote:
>>
>>                     Hi, Cameron, Drew, et al.:
>>
>>
>>                           1.  Do you have any reactions to the
>>                     suggestion that a user could increase rather than
>>                     decrease their vulnerability if they change a
>>                     password BEFORE a host fixes the software on
>>                     their end? The concern is that some of the
>>                     information stolen via Heartbleed may still need
>>                     need more work to decode than a password change
>>                     before the host software is patched.  If this is
>>                     accurate, we should first check the hosts for our
>>                     greatest vulnerabilities to ensure that they've
>>                     installed an appropriate patch, then change our
>>                     password, log out, then quickly log back in and
>>                     change the password again, as Cameron suggested. 
>>                     If I understand correctly, the need to change the
>>                     password twice is because a data thief may catch
>>                     the first password change but is unlikely to be
>>                     able to react quickly enough with that new
>>                     information to catch your second password change
>>                     if you do it quickly enough.
>>
>>
>>                           2. Wikipedia has an article on
>>                     "Heartbleed", which been updated every few
>>                     minutes since it was created 2014-04-09 04:39
>>                     UTC.  If you have information that you feel is
>>                     not properly reflected there, I'd like to know. I
>>                     might be able to help update it, though my
>>                     schedule today is quite busy.
>>
>>
>>                           Be safe.
>>                           Spencer
>>
>>
>>                     On 4/10/2014 6:16 AM, Drew wrote:
>>>                     Cameron, I and others can help people move to a
>>>                     (user-friendly), freedom-respecting GNU/Linux
>>>                     computer system such as Puppy Linux
>>>                     http://puppylinux.com , or Zorin
>>>                     http://www.zorin-os.com/ , or Linux Mint, etc.
>>>
>>>                     Green is Freedom!
>>>
>>>                     Drew
>>>                     -- 
>>>                     Sent from my Android device with K-9 Mail.
>>>                     Please excuse my brevity.
>>>
>>>
>>>                     _______________________________________________
>>>                     sosfbay-discuss mailing list
>>>                     sosfbay-discuss at cagreens.org  <mailto:sosfbay-discuss at cagreens.org>
>>>                     http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>
>>
>>                     -- 
>>                     Spencer Graves, PE, PhD
>>                     President and Chief Technology Officer
>>                     Structure Inspection and Monitoring, Inc.
>>                     751 Emerson Ct.
>>                     San Jos?, CA 95126
>>                     ph:408-655-4567  <tel:408-655-4567>
>>                     web:www.structuremonitoring.com  <http://www.structuremonitoring.com>
>>
>>
>>                     _______________________________________________
>>                     sosfbay-discuss mailing list
>>                     sosfbay-discuss at cagreens.org
>>                     <mailto:sosfbay-discuss at cagreens.org>
>>                     http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>
>>
>>
>>
>>                 _______________________________________________
>>                 sosfbay-discuss mailing list
>>                 sosfbay-discuss at cagreens.org  <mailto:sosfbay-discuss at cagreens.org>
>>                 http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
>
>                 _______________________________________________
>                 sosfbay-discuss mailing list
>                 sosfbay-discuss at cagreens.org
>                 <mailto:sosfbay-discuss at cagreens.org>
>                 http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
>
>
>
>
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140412/d5abec60/attachment.html>

From leedobell at aol.com  Sat Apr 12 21:01:37 2014
From: leedobell at aol.com (Leedobell)
Date: Sun, 13 Apr 2014 00:01:37 -0400 (EDT)
Subject: [GPSCC-chat] Gayle McLaughlin spoke in San Jose
In-Reply-To: <5348F1D7.3080004@aceweb.com>
References: <5348F1D7.3080004@aceweb.com>
Message-ID: <8D124E433EF400A-14A8-9127@webmail-vm039.sysops.aol.com>

Nicely done. Is it on our website?



-----Original Message-----
From: Tian Harter <tnharter at aceweb.com>
To: sosfbay-discuss <sosfbay-discuss at cagreens.org>
Sent: Sat, Apr 12, 2014 12:47 am
Subject: [GPSCC-chat] Gayle McLaughlin spoke in San Jose


          
    Please visit this page for my writeup of the event:
    
        http://tian.greens.org/SanJose/HumanAgenda/GayleMcLaughlinApril9th14.html
    
    Those who were there, if you see something on that page that can be    improved
    please let me know.
    
-- 
Tian
http://tian.greens.org
Latest change: Added pictures from SJBPs Hippies vs. Hipsters Ride. 
There's a dog angel on a Kentucky quarter in my home.
  

_______________________________________________
sosfbay-discuss mailing list
sosfbay-discuss at cagreens.org
http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140413/742f1b5d/attachment.html>

From peacemovies at gmail.com  Sat Apr 12 21:49:11 2014
From: peacemovies at gmail.com (John Thielking)
Date: Sat, 12 Apr 2014 21:49:11 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <5349EDB0.8020209@truffula.us>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<CAMxmhMf8RkeCNcdWkcVJ-zQCFKpwDZFKYchKWLv92tQeyUgBYA@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
	<5345DCE2.1000305@truffula.us>
	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>
	<5345F9D1.4080107@truffula.us>
	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
	<5349EDB0.8020209@truffula.us>
Message-ID: <CAMxmhMeLteAeU0MAUPJOhRBfPxLCtbL6S1+cDEzCr2tY1jYDMQ@mail.gmail.com>

Cameron, Drew and anyone else familiar with the trials and tribulations of
software development:

I was serious when I suggested that the banks (or if you prefer, credit
unions) should come up with a better User Interface for their online
accounts that has the option to be inherently secure, rather than
inherently insecure.  At the present moment, I'm trying to guesstimate how
or what program might work to encourage the development of such a new UI.
It could be a community development project, like what I think Cameron was
saying that the SSL software for Unix was.  I definitely have problems
conceiving of a program that has too much government funding, as I suspect
that would turn out much like the rebuilding of Iraq or Afghanistan by the
likes of Haliburton. But it would be nice to have some formal input from
Congress and/or industry experts to provide a strong shot in the arm to get
this off the ground. A legislative mandate to require particular features
for a UI is likely not wise, since if insurmountable security flaws
inherent in any design that is easily modifiable by customer service
clicking a button develop, this may require a quick return to the old
system and any laws that prevent that could cause more harm than the good
that would come out of the new UI concept. Another option besides allowing
customer service to modify features is to simply have three types of
accounts available that can't be modified by customer service after the
customer signs up: 1) no online access, 2) online access to only account
balances and transaction history, similar to what you can get out of an ATM
statement print and 3) regular, fully featured online banking. Any comments
one way or the other? Any ideas? Thanks.

Sincerely,

John Thielking


On Sat, Apr 12, 2014 at 6:51 PM, Cameron L. Spitzer <cls at truffula.us> wrote:

>
> To give you a sense of the care that went into the RT article, they
> misspelled Stuxnet.  A proper name a security expert or a journalist on
> that beat would know well.
>
> I think it was already well known NSA bugs computers domestically.  It's
> not surprising they do it to mail orders instead of burglarizing each
> end-user's office, it's safer and more efficient.  Which is why that
> particular revelation didn't stand out in the pack.
>
> There are two common mechanisms.  A compromised BIOS can be used to launch
> a hidden, compromised kernel instead of the one your distro (Windows or
> Linux) maintains for you.  And the keyboard or its "controller" on the
> motherboard can be modified to log keystrokes.  These techniques are not
> unique to the NSA.  The east European malware syndicate uses BIOS attacks,
> and industrial spies and private eyes use key loggers.
>
> If you suspect a BIOS compromise, launch your system from a USB key
> prepared on a trusted system.  Whatever tricks the bad BIOS plays are not
> going to get past a stock GRUB installation.  You could even get a VM in
> Finland and build the GRUB image there from trusted sources.  It seems like
> a lot of trouble to go to about a rather remote risk, compared with much
> larger risks (e.g., using MS Windows or Gmail...) we tolerate for
> convenience.
>
>
>
> On 04/11/2014 03:29 PM, John Thielking wrote:
>
>   Sorry to keep dragging this out, but I finally decided to search the
> RT.com web site using the search term "computer hardware" to see if I could
> find an article or two relating to my previous statement that RT.com
> broadcast the claim that computer hardware in general has been compromised
> by the NSA. I did find the following article at
>
> http://rt.com/op-edge/nsa-hacking-individual-computers-008/
>
>
>  that states that some of the material provided by Snowden does in fact
> indicate that some people's computers are implanted with special chips to
> aid the NSA in monitoring them. This may not be widespread just yet, but it
> does fit with previously broadcast info from RT.com that was saying that
> certain people's laptops that have been ordered online are sometimes
> transhipped to special NSA facilities where they have their hardware
> modified to contain implanted viruses or malware (in the CMOS perhaps?).
> Of course the article also says that the NSA may choose to bug all
> computers sold in a specific city, if that city is a region of interest for
> the NSA. I'll bet that Eugene, Oregon (Berkeley North) could be one of
> those places. And who knows, they might put radio bugs in all the watches
> sold there too.
>    More to think about I guess.
>
>  A more speculative opinion piece is located here:
>
> http://rt.com/op-edge/nsa-spying-future-total-952/
>
>
>  and a link to the Derspiegal article that this stuff is based on is
> contained here:
>
> http://rt.com/op-edge/annie-machon-nsa-spying-925/<http://rt.com/op-edge/nsa-spying-future-total-952/>
>
>  Any further thoughts?
>
>  John Thielking
>
>
> On Fri, Apr 11, 2014 at 2:19 PM, John Thielking <peacemovies at gmail.com>wrote:
>
>>  Another more specific question for you Cameron:
>>
>>  Is the patch for the Heartbleed bug supported for systems running
>> Windows XP, which was just barely out of date as of the time of broad
>> announcement of the Heartbleed bug, or do the people currently running
>> Windows XP also have to upgrade their OS?  I know my home computer only has
>> 500 MB of memory so I can't just do an easy upgrade to Win 7.  I hope not
>> too many POS terminals are also in the same boat.  They should upgrade to a
>> new OS anyway, but this problem may just compound the problem presented by
>> the Heartbleed bug itself.
>>
>>  John Thielking
>>
>>
>> On Fri, Apr 11, 2014 at 12:52 PM, John Thielking <peacemovies at gmail.com>wrote:
>>
>>>  People should also know that there may be additional security gaps in
>>> ATMs and Point Of Sale terminals due to their owners' slow response to the
>>> need to do away with using Windows XP. For instance, the last time I went
>>> to Round Table Pizza a couple of weeks ago, the screen saver on their POS
>>> terminal still said "Windows XP". Chase signed a contract for another year
>>> of support from MS for Win XP for their ATMs, but I can only assume that
>>> everyone else will no longer have support for Win XP after early April
>>> 2014.  Good luck on that one too.
>>>
>>>  John Thielking
>>>
>>>
>>> On Fri, Apr 11, 2014 at 12:14 PM, John Thielking <peacemovies at gmail.com>wrote:
>>>
>>>>   After reading this I'm not likely to trust ATMs for awhile with any
>>>> of my debit cards or credit cards. At least my latest credit card company
>>>> and one of my debit cards I'm pretty sure I can just go to the bank teller
>>>> of any bank and get a "cash advance" from the teller instead of using an
>>>> ATM. Often times I don't need a PIN when doing that, just a photo ID.  I
>>>> think the fees for that method may even be less than using the ATM anyway.
>>>> Do you think that the bank teller's systems are likely to be more secure
>>>> than their ATM's?
>>>>    Thanks for clarifying the other info Cameron.
>>>>
>>>>  Sincerely,
>>>>
>>>>  John Thielking
>>>>
>>>>
>>>> On Fri, Apr 11, 2014 at 8:45 AM, Cameron L. Spitzer <cls at truffula.us>wrote:
>>>>
>>>>>
>>>>> I may have been unclear.
>>>>> 1.  Check your bank (etc) site for the vulnerability.
>>>>> If it's bad, make a note.
>>>>> 2.  Change your password.
>>>>>
>>>>> 3.  Go back to the bad ones tomorrow and check them again.
>>>>> 4.  If a site has changed from bad to good, change your password there.
>>>>>
>>>>> 5.  Repeat again tomorrow until there are no more bad sites on your
>>>>> list.
>>>>>
>>>>> If the first check of a site was good, you'll only change that site's
>>>>> password once.
>>>>> If the first check was bad, you'll have to change your password
>>>>> twice.  The first change deactivates the password which was probably stolen
>>>>> over the last two years, replacing it with a temporary password.  The
>>>>> second replaces the temporary password, which may also have been stolen.
>>>>>
>>>>>
>>>>> The work your bank (etc) has to do is more elaborate.  They have to
>>>>> replace the trust certificates that SSL protects. because those have secret
>>>>> keys and they also could have been stolen.  However, when a site goes from
>>>>> bad to good it's a pretty good indication they're doing all of that.  The
>>>>> certs are mainly important for protecting you from impostor web sites.
>>>>> Impostors are mainly a threat to people who follow links received in email,
>>>>> but they can also appear if the DNS is compromised anywhere along the
>>>>> line.  That mostly happens to Microsoft Windows users with malware (that's
>>>>> most consumers who use Windows at home) and on corporate intranets.
>>>>> Ironically, even though Microsoft's implementation of SSL was not affected,
>>>>> the prevalence of Windows malware greatly magnifies the vulnerability, One
>>>>> more example of how Windows ruins everything, even for non-Windows users!
>>>>>
>>>>>
>>>>> The OpenSSL source code's history is visible at its Github page.
>>>>> Several security blogs show how you can look up the Dec 31 2011 change that
>>>>> introduced the bug and the April 7 2014 change that fixes it.  No stealthy
>>>>> detective work is needed.  However, Github is pretty swamped this week with
>>>>> everybody looking at these two changes, so you might get a timeout or a 500
>>>>> error.
>>>>>
>>>>> It will take years for everybody to fix everything.  There are home
>>>>> routers, ATM machines, point of sale terminals (we used to call them "cash
>>>>> registers") and other "appliances" (voting machines?) which use the buggy
>>>>> OpenSSL, and most consumers never update the firmware in those things.
>>>>> Corporate intranets with huge software stacks (internal accounting
>>>>> processes etc) will be the most work.
>>>>> But almost large consumer-facing commerce sites will have this fixed
>>>>> within a few weeks.  The fix isn't difficult for professionally managed web
>>>>> sites, and the urgency is high and unusually well understood.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 04/10/2014 10:07 PM, John Thielking wrote:
>>>>>
>>>>>  KRON4 TV news had an interesting piece on this bug tonight.
>>>>> Hopefully they rebroadcast it at 11 so you all can see it. They were saying
>>>>> that they found out who created the bug, that it was a "mistake" and that
>>>>> it could take years for all the web sites involved to be fixed. What a
>>>>> headache.
>>>>>
>>>>>  John Thielking
>>>>>
>>>>>
>>>>> On Thu, Apr 10, 2014 at 12:46 PM, Spencer Graves <
>>>>> spencer.graves at prodsyse.com> wrote:
>>>>>
>>>>>>  Hi, Cameron, Drew, et al.:
>>>>>>
>>>>>>
>>>>>>       1.  Do you have any reactions to the suggestion that a user
>>>>>> could increase rather than decrease their vulnerability if they change a
>>>>>> password BEFORE a host fixes the software on their end?  The concern is
>>>>>> that some of the information stolen via Heartbleed may still need need more
>>>>>> work to decode than a password change before the host software is patched.
>>>>>> If this is accurate, we should first check the hosts for our greatest
>>>>>> vulnerabilities to ensure that they've installed an appropriate patch, then
>>>>>> change our password, log out, then quickly log back in and change the
>>>>>> password again, as Cameron suggested.  If I understand correctly, the need
>>>>>> to change the password twice is because a data thief may catch the first
>>>>>> password change but is unlikely to be able to react quickly enough with
>>>>>> that new information to catch your second password change if you do it
>>>>>> quickly enough.
>>>>>>
>>>>>>
>>>>>>       2.  Wikipedia has an article on "Heartbleed", which been
>>>>>> updated every few minutes since it was created 2014-04-09 04:39 UTC.  If
>>>>>> you have information that you feel is not properly reflected there, I'd
>>>>>> like to know.  I might be able to help update it, though my schedule today
>>>>>> is quite busy.
>>>>>>
>>>>>>
>>>>>>       Be safe.
>>>>>>       Spencer
>>>>>>
>>>>>>
>>>>>> On 4/10/2014 6:16 AM, Drew wrote:
>>>>>>
>>>>>>  Cameron, I and others can help people move to a (user-friendly),
>>>>>> freedom-respecting GNU/Linux computer system such as Puppy Linux
>>>>>> http://puppylinux.com , or Zorin http://www.zorin-os.com/ , or Linux
>>>>>> Mint, etc.
>>>>>>
>>>>>> Green is Freedom!
>>>>>>
>>>>>> Drew
>>>>>> --
>>>>>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>>>>>
>>>>>>   _______________________________________________
>>>>>> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Spencer Graves, PE, PhD
>>>>>> President and Chief Technology Officer
>>>>>> Structure Inspection and Monitoring, Inc.
>>>>>> 751 Emerson Ct.
>>>>>> San Jos?, CA 95126
>>>>>> ph:  408-655-4567
>>>>>> web:  www.structuremonitoring.com
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> sosfbay-discuss mailing list
>>>>>> sosfbay-discuss at cagreens.org
>>>>>> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> sosfbay-discuss mailing list
>>>>> sosfbay-discuss at cagreens.org
>>>>> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>>>>
>>>>
>>>>
>>>
>>
>
>
> _______________________________________________
> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140412/b1d18af7/attachment.html>

From rainbeaufriend at riseup.net  Sun Apr 13 07:11:51 2014
From: rainbeaufriend at riseup.net (Drew)
Date: Sun, 13 Apr 2014 07:11:51 -0700
Subject: [GPSCC-chat] End banks deathgrip on your money
In-Reply-To: <CAMxmhMcrALaQAPZmhB1mKL26z-sZfXRTK3ZXoecbVR2zq282=w@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<5345F9D1.4080107@truffula.us>
	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
	<5348C220.9020504@prodsyse.com> <53498187.3040909@truffula.us>
	<53499B03.9090409@prodsyse.com>
	<CAMxmhMcH_yFmjJMLK1-8PRZU1X3yBCku68jwBqRmCu9pHWU4Rg@mail.gmail.com>
	<194cf841-7820-40e7-a22c-f17105373a18@email.android.com>
	<CAMxmhMcrALaQAPZmhB1mKL26z-sZfXRTK3ZXoecbVR2zq282=w@mail.gmail.com>
Message-ID: <636d7c1b-521a-4b55-8d51-b1f0fefee77d@email.android.com>

This is not just my "preference" -- banks are designed to be leaches whereas credit unions are designed from the start to provide service to their members. The Occupy Movement realized this fact and thankfully more and more are moving their money away from the capitalist engines of world destruction (ie. banks) to engines of empowering the people.

No senior in Santa Clara County need be stuck with Comerica since for just one example, Meriwest Credit Union is open to any resident of this county.  Credit unions have expanded their coverage this way all over the country so most people are covered and need not fund the capitalist death machine via banks.

Green is union!

Drew
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140413/325329d7/attachment.html>

From Rob at MeansForDemocracy.org  Fri Apr 11 09:40:50 2014
From: Rob at MeansForDemocracy.org (Rob Means)
Date: Fri, 11 Apr 2014 09:40:50 -0700
Subject: [GPSCC-chat] help people move to a (user-friendly),
 freedom-respecting GNU/Linux computer system
In-Reply-To: <mailman.1.1397156401.1110.sosfbay-discuss@cagreens.org>
References: <mailman.1.1397156401.1110.sosfbay-discuss@cagreens.org>
Message-ID: <53481B12.2020202@MeansForDemocracy.org>

Cameron and Drew helped me move to an Ubuntu operating system. They both 
deserve my thanks. Yes, there is some overhead in migrating one's 
computer, but in the long run I have saved time and effort over dealing 
with Microsoft security issues and seemingly interminable start-up time 
(my computer boots up and is ready to go in seconds, not minutes.)

On 04/10/2014 12:00 PM, sosfbay-discuss-request at cagreens.org wrote:
> Message: 1
> Date: Thu, 10 Apr 2014 06:16:13 -0700
> From: Drew <rainbeaufriend at riseup.net>
> Cc: sosfbay discussion group <sosfbay-discuss at cagreens.org>
> Subject: Re: [GPSCC-chat] Heartbleed is real. Do something real.
>
> Cameron, I and others can help people move to a (user-friendly), freedom-respecting GNU/Linux computer system such as Puppy Linux http://puppylinux.com , or Zorin http://www.zorin-os.com/ , or Linux Mint, etc.
>
> Green is Freedom!
>
> Drew
>
> -- 
> Rob Means for Milpitas City Council 2014
> http://MeansForDemocracy.org     FPPC # (pending)
> 1421 Yellowstone Ave., Milpitas, CA 95035-6913
> 408-262-0420h, 408-262-8975w, Rob at MeansForDemocracy.org
> --------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140411/ab2c9e67/attachment.html>

From peacemovies at gmail.com  Sun Apr 13 08:29:48 2014
From: peacemovies at gmail.com (John Thielking)
Date: Sun, 13 Apr 2014 08:29:48 -0700
Subject: [GPSCC-chat] End banks deathgrip on your money
In-Reply-To: <636d7c1b-521a-4b55-8d51-b1f0fefee77d@email.android.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<5345F9D1.4080107@truffula.us>
	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
	<5348C220.9020504@prodsyse.com> <53498187.3040909@truffula.us>
	<53499B03.9090409@prodsyse.com>
	<CAMxmhMcH_yFmjJMLK1-8PRZU1X3yBCku68jwBqRmCu9pHWU4Rg@mail.gmail.com>
	<194cf841-7820-40e7-a22c-f17105373a18@email.android.com>
	<CAMxmhMcrALaQAPZmhB1mKL26z-sZfXRTK3ZXoecbVR2zq282=w@mail.gmail.com>
	<636d7c1b-521a-4b55-8d51-b1f0fefee77d@email.android.com>
Message-ID: <CAMxmhMfEkOOhxUqkUO+QMsWzO5MY_zjoBA20+eVKYZEJNpUCxA@mail.gmail.com>

Drew,

With all due respect I am proof positive that not just anyone can get a
checking account with just any credit union. I got turned down by Tech CU
because they said I had a "derogatory" Chex Systems report. When I ordered
my "report" and score it had very little in it. It had an item for my
ordering checks from Chase and an item for my opening an account with
Citibank.  Nothing else. Not even a report of my 2 overdrafts with Chase.
My "score" (which cost me $10 to obtain) was some 760+ out of a possible
999. I hope you are right in that literally anyone can get an account at
Meriwest.  I would try them too, but since I'm moving to Eugene in June I'm
planning to try to open an account with a local credit union when I get
there.  I hope you aren't simply being insulted by my use of the word
"bank" when I attempt to make a groundbreaking suggestion about how all
online accounts weather at a credit union or a bank can be made inherently
secure, instead of the default for the current system of online banking,
er, I mean online credit unioning which to the best of my knowledge is
inherently insecure. Do you know if your credit union offers you the option
to set up your online access to your account so that you can only view your
account balance and transaction history and not be able to transfer funds?
Is this set up only available by walking into a branch and setting it up
(and can't be switched back and forth online between no funds transfer
available and funds transfer available?) If they do that, that's great. I
would hope to find a CU like that in Eugene. Then I can set all my
passwords that I use on the Internet (except for my bitcoin exchange
password) to literally be what I have heard on the news is most often used
by everyone else, ie "password" or "123456789" and I would never lose a
penny due to ID theft online, at least so long as https remains secure and
my credit card numbers are safe.. That is what I call an "inherently
secure" account. If I can't find a CU that offers that feature for an
online account, then my previous comments stand about wanting to do a
community project where someone we know (or heaven forbid, us ourselves)
programs a new type of User Interface that, if you really insist, only CU's
can use so they can knock Banks flat on their asses by stealing all of
their customers due to the CU's superior security for the new limited
access accounts for online credit unioning.  Let's do this thing and stop
bickering over when it is not OK to use the term "bank" in a conversation,
or whatever else it was that was ticking you off just now.  You are right!
Green is GO! Go get 'em baby!

John Thielking


On Sun, Apr 13, 2014 at 7:11 AM, Drew <rainbeaufriend at riseup.net> wrote:

> This is not just my "preference" -- banks are designed to be leaches
> whereas credit unions are designed from the start to provide service to
> their members. The Occupy Movement realized this fact and thankfully more
> and more are moving their money away from the capitalist engines of world
> destruction (ie. banks) to engines of empowering the people.
>
> No senior in Santa Clara County need be stuck with Comerica since for just
> one example, Meriwest Credit Union is open to any resident of this county.
> Credit unions have expanded their coverage this way all over the country so
> most people are covered and need not fund the capitalist death machine via
> banks.
>
> Green is union!
>
> Drew
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140413/5aacde5a/attachment.html>

From aradhana.panicker619 at gmail.com  Sun Apr 13 08:39:15 2014
From: aradhana.panicker619 at gmail.com (Aradhana Panicker)
Date: Sun, 13 Apr 2014 08:39:15 -0700
Subject: [GPSCC-chat] please unsubsribe me. thank you.
Message-ID: <CAOifPokMfBUUd5J3uBtcb-ex4yRcs9h=s9ZcML=iX4pEVTDvVA@mail.gmail.com>

-- 
Best regards,
Aradhana Panicker
408.219.3344
LinkedIn: aradhanapanicker <http://www.linkedin.com/in/aradhanapanicker>
Twitter: @aradhana_pan <https://twitter.com/aradhana_pan>
aradhana.panicker619 at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140413/95a6b1ce/attachment.html>

From spencer.graves at structuremonitoring.com  Sun Apr 13 09:06:43 2014
From: spencer.graves at structuremonitoring.com (Spencer Graves)
Date: Sun, 13 Apr 2014 09:06:43 -0700
Subject: [GPSCC-chat] End banks deathgrip on your money
In-Reply-To: <CAMxmhMfEkOOhxUqkUO+QMsWzO5MY_zjoBA20+eVKYZEJNpUCxA@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>	<5346F4FA.7000309@prodsyse.com>	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>	<53480E30.3040002@truffula.us>	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>	<5348C220.9020504@prodsyse.com>
	<53498187.3040909@truffula.us>	<53499B03.9090409@prodsyse.com>	<CAMxmhMcH_yFmjJMLK1-8PRZU1X3yBCku68jwBqRmCu9pHWU4Rg@mail.gmail.com>	<194cf841-7820-40e7-a22c-f17105373a18@email.android.com>	<CAMxmhMcrALaQAPZmhB1mKL26z-sZfXRTK3ZXoecbVR2zq282=w@mail.gmail.com>	<636d7c1b-521a-4b55-8d51-b1f0fefee77d@email.android.com>
	<CAMxmhMfEkOOhxUqkUO+QMsWzO5MY_zjoBA20+eVKYZEJNpUCxA@mail.gmail.com>
Message-ID: <534AB613.8070700@structuremonitoring.com>

Credit unions are officially cooperatives.  However, how many credit 
unions have members who actually exercise effective oversight of the 
senior management? Without that, credit unions can be managed by and for 
the benefit of their senior management, just like private companies.  
After spending a year studying alternatives, my wife and I moved from 
Wells Fargo to Provident in March 2011.  Last year, I asked about their 
member meetings:  They have an obligatory membership meeting once a year 
-- in Los Angeles.  I'd have to work to learn more about how they manage 
things, and I decided (correctly or incorrectly) that I would be better 
off spending my time elsewhere.  Spencer


On 4/13/2014 8:29 AM, John Thielking wrote:
> Drew,
>
> With all due respect I am proof positive that not just anyone can get 
> a checking account with just any credit union. I got turned down by 
> Tech CU because they said I had a "derogatory" Chex Systems report. 
> When I ordered my "report" and score it had very little in it. It had 
> an item for my ordering checks from Chase and an item for my opening 
> an account with Citibank.  Nothing else. Not even a report of my 2 
> overdrafts with Chase. My "score" (which cost me $10 to obtain) was 
> some 760+ out of a possible 999. I hope you are right in that 
> literally anyone can get an account at Meriwest.  I would try them 
> too, but since I'm moving to Eugene in June I'm planning to try to 
> open an account with a local credit union when I get there.  I hope 
> you aren't simply being insulted by my use of the word "bank" when I 
> attempt to make a groundbreaking suggestion about how all online 
> accounts weather at a credit union or a bank can be made inherently 
> secure, instead of the default for the current system of online 
> banking, er, I mean online credit unioning which to the best of my 
> knowledge is inherently insecure. Do you know if your credit union 
> offers you the option to set up your online access to your account so 
> that you can only view your account balance and transaction history 
> and not be able to transfer funds? Is this set up only available by 
> walking into a branch and setting it up (and can't be switched back 
> and forth online between no funds transfer available and funds 
> transfer available?) If they do that, that's great. I would hope to 
> find a CU like that in Eugene. Then I can set all my passwords that I 
> use on the Internet (except for my bitcoin exchange password) to 
> literally be what I have heard on the news is most often used by 
> everyone else, ie "password" or "123456789" and I would never lose a 
> penny due to ID theft online, at least so long as https remains secure 
> and my credit card numbers are safe.. That is what I call an 
> "inherently secure" account. If I can't find a CU that offers that 
> feature for an online account, then my previous comments stand about 
> wanting to do a community project where someone we know (or heaven 
> forbid, us ourselves) programs a new type of User Interface that, if 
> you really insist, only CU's can use so they can knock Banks flat on 
> their asses by stealing all of their customers due to the CU's 
> superior security for the new limited access accounts for online 
> credit unioning.  Let's do this thing and stop bickering over when it 
> is not OK to use the term "bank" in a conversation, or whatever else 
> it was that was ticking you off just now.  You are right! Green is GO! 
> Go get 'em baby!
>
> John Thielking
>
>
> On Sun, Apr 13, 2014 at 7:11 AM, Drew <rainbeaufriend at riseup.net 
> <mailto:rainbeaufriend at riseup.net>> wrote:
>
>     This is not just my "preference" -- banks are designed to be
>     leaches whereas credit unions are designed from the start to
>     provide service to their members. The Occupy Movement realized
>     this fact and thankfully more and more are moving their money away
>     from the capitalist engines of world destruction (ie. banks) to
>     engines of empowering the people.
>
>     No senior in Santa Clara County need be stuck with Comerica since
>     for just one example, Meriwest Credit Union is open to any
>     resident of this county. Credit unions have expanded their
>     coverage this way all over the country so most people are covered
>     and need not fund the capitalist death machine via banks.
>
>     Green is union!
>
>     Drew
>     -- 
>     Sent from my Android device with K-9 Mail. Please excuse my brevity.
>     _______________________________________________
>     sosfbay-discuss mailing list
>     sosfbay-discuss at cagreens.org <mailto:sosfbay-discuss at cagreens.org>
>     http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
>

-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140413/2c153072/attachment.html>

From peacemovies at gmail.com  Sun Apr 13 09:23:45 2014
From: peacemovies at gmail.com (John Thielking)
Date: Sun, 13 Apr 2014 09:23:45 -0700
Subject: [GPSCC-chat] End banks deathgrip on your money
In-Reply-To: <534AB613.8070700@structuremonitoring.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
	<5348C220.9020504@prodsyse.com> <53498187.3040909@truffula.us>
	<53499B03.9090409@prodsyse.com>
	<CAMxmhMcH_yFmjJMLK1-8PRZU1X3yBCku68jwBqRmCu9pHWU4Rg@mail.gmail.com>
	<194cf841-7820-40e7-a22c-f17105373a18@email.android.com>
	<CAMxmhMcrALaQAPZmhB1mKL26z-sZfXRTK3ZXoecbVR2zq282=w@mail.gmail.com>
	<636d7c1b-521a-4b55-8d51-b1f0fefee77d@email.android.com>
	<CAMxmhMfEkOOhxUqkUO+QMsWzO5MY_zjoBA20+eVKYZEJNpUCxA@mail.gmail.com>
	<534AB613.8070700@structuremonitoring.com>
Message-ID: <CAMxmhMeWid6y+vkgk+C0tVbe5zKT8YKOiihvSbxB2AnXZ-9pEg@mail.gmail.com>

I went to Meriwest's web site (www.meriwest.com) and it does appear that
they at least offer online e-statements of your transaction history without
having to log in to or enable online banking. If the e-statements get
updated more than once per month or if certain features of online banking
can be disabled then it seems we have a winner. I will visit them on Monday
to find out more. Thanks Drew.

John Thielking


On Sun, Apr 13, 2014 at 9:06 AM, Spencer Graves <
spencer.graves at structuremonitoring.com> wrote:

>  Credit unions are officially cooperatives.  However, how many credit
> unions have members who actually exercise effective oversight of the senior
> management?  Without that, credit unions can be managed by and for the
> benefit of their senior management, just like private companies.  After
> spending a year studying alternatives, my wife and I moved from Wells Fargo
> to Provident in March 2011.  Last year, I asked about their member
> meetings:  They have an obligatory membership meeting once a year -- in Los
> Angeles.  I'd have to work to learn more about how they manage things, and
> I decided (correctly or incorrectly) that I would be better off spending my
> time elsewhere.  Spencer
>
>
> On 4/13/2014 8:29 AM, John Thielking wrote:
>
>  Drew,
>
>  With all due respect I am proof positive that not just anyone can get a
> checking account with just any credit union. I got turned down by Tech CU
> because they said I had a "derogatory" Chex Systems report. When I ordered
> my "report" and score it had very little in it. It had an item for my
> ordering checks from Chase and an item for my opening an account with
> Citibank.  Nothing else. Not even a report of my 2 overdrafts with Chase.
> My "score" (which cost me $10 to obtain) was some 760+ out of a possible
> 999. I hope you are right in that literally anyone can get an account at
> Meriwest.  I would try them too, but since I'm moving to Eugene in June I'm
> planning to try to open an account with a local credit union when I get
> there.  I hope you aren't simply being insulted by my use of the word
> "bank" when I attempt to make a groundbreaking suggestion about how all
> online accounts weather at a credit union or a bank can be made inherently
> secure, instead of the default for the current system of online banking,
> er, I mean online credit unioning which to the best of my knowledge is
> inherently insecure. Do you know if your credit union offers you the option
> to set up your online access to your account so that you can only view your
> account balance and transaction history and not be able to transfer funds?
> Is this set up only available by walking into a branch and setting it up
> (and can't be switched back and forth online between no funds transfer
> available and funds transfer available?) If they do that, that's great. I
> would hope to find a CU like that in Eugene. Then I can set all my
> passwords that I use on the Internet (except for my bitcoin exchange
> password) to literally be what I have heard on the news is most often used
> by everyone else, ie "password" or "123456789" and I would never lose a
> penny due to ID theft online, at least so long as https remains secure and
> my credit card numbers are safe.. That is what I call an "inherently
> secure" account. If I can't find a CU that offers that feature for an
> online account, then my previous comments stand about wanting to do a
> community project where someone we know (or heaven forbid, us ourselves)
> programs a new type of User Interface that, if you really insist, only CU's
> can use so they can knock Banks flat on their asses by stealing all of
> their customers due to the CU's superior security for the new limited
> access accounts for online credit unioning.  Let's do this thing and stop
> bickering over when it is not OK to use the term "bank" in a conversation,
> or whatever else it was that was ticking you off just now.  You are right!
> Green is GO! Go get 'em baby!
>
>  John Thielking
>
>
> On Sun, Apr 13, 2014 at 7:11 AM, Drew <rainbeaufriend at riseup.net> wrote:
>
>> This is not just my "preference" -- banks are designed to be leaches
>> whereas credit unions are designed from the start to provide service to
>> their members. The Occupy Movement realized this fact and thankfully more
>> and more are moving their money away from the capitalist engines of world
>> destruction (ie. banks) to engines of empowering the people.
>>
>> No senior in Santa Clara County need be stuck with Comerica since for
>> just one example, Meriwest Credit Union is open to any resident of this
>> county. Credit unions have expanded their coverage this way all over the
>> country so most people are covered and need not fund the capitalist death
>> machine via banks.
>>
>> Green is union!
>>
>> Drew
>> --
>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>> _______________________________________________
>> sosfbay-discuss mailing list
>> sosfbay-discuss at cagreens.org
>> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>
>
>
> --
> Spencer Graves, PE, PhD
> President and Chief Technology Officer
> Structure Inspection and Monitoring, Inc.
> 751 Emerson Ct.
> San Jos?, CA 95126
> ph:  408-655-4567
> web:  www.structuremonitoring.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140413/f5ff86af/attachment.html>

From wrolley at charter.net  Sun Apr 13 09:43:05 2014
From: wrolley at charter.net (Wes Rolley)
Date: Sun, 13 Apr 2014 09:43:05 -0700
Subject: [GPSCC-chat] climate crisis documentary
In-Reply-To: <73e4ddf9-fa3a-48e6-9e4e-bb2424b042a0@email.android.com>
References: <73e4ddf9-fa3a-48e6-9e4e-bb2424b042a0@email.android.com>
Message-ID: <534ABE99.8010403@charter.net>

On 4/12/2014 5:49 PM, Drew wrote:
> SUNDAY: "Years of Living Dangerously" is an ambitious four-part 
> documentary that uses celebrity star power to call attention to the 
> issue of climate change. Participants include Arnold Schwarzenegger, 
> Matt Damon, Jessica Alba and Harrison Ford. 10 p.m., Showtime.
Thanks for calling attention to this, Drew.   You might also note that 
one of the producers was James Cameron.

Ultimately, this is a hell of a lot more important than NSA spyingon our 
emails and a number of other issues that take our attention.

Here is another take from the IPPC on the results of our continued 
inattention to this threat.  I have a new granddaughter (since Dec.) and 
it depresses me to think of the world that she will live in.
http://www.independent.co.uk/environment/climate-change/leaked-climate-change-report-scientific-body-warns-of-devastating-rise-of-45c-if-we-carry-on-as-we-are-9256708.html 

Opening paragraph:
> Global greenhouse gas emissions over the past decade were the "highest 
> in human history", according to the world's leading scientific body 
> for the assessment of climate change. Without further action, 
> temperatures will increase by about 4 to 5C, compared with 
> pre-industrial levels, it warns, a level that could reap devastating 
> effects on the planet.

-- 
"Anytime you have an opportunity to make things better and you don't, 
then you are wasting your time on this Earth" - /Roberto Clemente/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140413/c34aa2db/attachment.html>

From rainbeaufriend at riseup.net  Sun Apr 13 10:25:01 2014
From: rainbeaufriend at riseup.net (Drew)
Date: Sun, 13 Apr 2014 10:25:01 -0700
Subject: [GPSCC-chat] End banks deathgrip on your money
In-Reply-To: <CAMxmhMfEkOOhxUqkUO+QMsWzO5MY_zjoBA20+eVKYZEJNpUCxA@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
	<5348C220.9020504@prodsyse.com> <53498187.3040909@truffula.us>
	<53499B03.9090409@prodsyse.com>
	<CAMxmhMcH_yFmjJMLK1-8PRZU1X3yBCku68jwBqRmCu9pHWU4Rg@mail.gmail.com>
	<194cf841-7820-40e7-a22c-f17105373a18@email.android.com>
	<CAMxmhMcrALaQAPZmhB1mKL26z-sZfXRTK3ZXoecbVR2zq282=w@mail.gmail.com>
	<636d7c1b-521a-4b55-8d51-b1f0fefee77d@email.android.com>
	<CAMxmhMfEkOOhxUqkUO+QMsWzO5MY_zjoBA20+eVKYZEJNpUCxA@mail.gmail.com>
Message-ID: <b4a23e11-cc41-41a5-8af7-03afa88cb4dc@email.android.com>

No I'm not "insulted",  just concerned that collectively we move our money out of the banks into credit unions.
Truly banks are fueling the destruction of the planet.

Green is local!

Drew


-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140413/02024d3f/attachment.html>

From spencer.graves at prodsyse.com  Sun Apr 13 14:46:20 2014
From: spencer.graves at prodsyse.com (Spencer Graves)
Date: Sun, 13 Apr 2014 14:46:20 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <5349E7F1.7060601@truffula.us>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>	<5345BFD7.4090800@truffula.us>	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>	<5345DCE2.1000305@truffula.us>	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>	<5345F9D1.4080107@truffula.us>	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>	<5346F4FA.7000309@prodsyse.com>	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>	<53480E30.3040002@truffula.us>	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>	<5348C220.9020504@prodsyse.com>	<53498187.3040909@truffula.us>
	<53499B03.9090409@prodsyse.com> <5349E7F1.7060601@truffula.us>
Message-ID: <534B05AC.2070600@prodsyse.com>

Hi, Cameron, et al.:


       Might anyone have a source to back up Cameron's discussion about 
Heartbleed and identity theft operations  of some criminal organizations?


       I'd like to add a discussion of that to the Wikipedia article on 
"Heartbleed", but I'm concerned that my comments on that would be 
removed if I don't cite a credible source.


       Thanks,
       Spencer


On 4/12/2014 6:27 PM, Cameron L. Spitzer wrote:
>
> >"It is believed that Heartbleed originates from the same organisation 
> as stuxnet and duqu."
>
> That's just silly, of course.  OpenSSL is developed in the open using 
> a collaboration tool called Git that was invented for Linux kernel 
> development.
> OpenSSL's Git instance is online where anyone can fetch any version 
> any time.
> To see the fix, just google "heartbleed git commits" and follow the 
> first link 
> <http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3#patch2>.  
> That's the fix (bug code in red, fix code in green, in two files) 
> being introduced to the code line.
>
> The bug was introduced with the heartbeat feature.  That commit is 
> here 
> <http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4817504d069b4c5082161b02a22116ad75f822b1>.
> Robin Segglemann is not mysterious.  He's given interviews about it by 
> now.  It's a dumb error (missing bounds check, shouldn't trust the 
> remote system) that was all too common in networking software a decade 
> ago but reviewers usually look for these days.
> A stealthy intelligence agency introducing a secret back door would 
> have made some effort to hide it or sneak it in.  It would be much 
> more subtle.
>
>
> >"the United States National Security Agency was aware of the flaw 
> since shortly after its introduction"
>
> Of Course.  OpenSSL is open source security software.  NSA reviews 
> that more carefully and faster than anybody else does. We'd all be 
> amazed if they, of all reviewers, /didn't/ spot a missing bounds 
> check.  (More disappointed than amazed it got past everybody else.)  
> Discovering the bug and not promptly informing OpenSSL's maintainers 
> was evil.
>
>
>
> On 04/12/2014 12:58 PM, Spencer Graves wrote:
>> Hi, Cameron:
>>
>>
>> [...]     Example:  17:12 today (5:12 PM, UTC), an anonymous user 
>> added a comment that, "It is believed that Heartbleed originates from 
>> the same organisation as stuxnet and duqu." This comment included a 
>> reference to an article that mentioned neither stuxnet nor duqu.  It 
>> was undone 49 minutes later. The article also includes comments that, 
>> "According to two insider sources speaking to Bloomberg.com, the 
>> United States National Security Agency was aware of the flaw since 
>> shortly after its introduction, but chose to keep it secret, instead 
>> of reporting it, in order to exploit it for their own purposes." [...]
>
>
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss


-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140413/b521096a/attachment.html>

From gerrygras at earthlink.net  Sun Apr 13 15:54:32 2014
From: gerrygras at earthlink.net (gerry)
Date: Sun, 13 Apr 2014 15:54:32 -0700 (GMT-07:00)
Subject: [GPSCC-chat] Earthlink DSL Problem
Message-ID: <14121224.1397429673150.JavaMail.root@elwamui-rustique.atl.sa.earthlink.net>


This email is coming from a computer at the Palo Alto Library, not my home computer.

FYI, Earthlink is having a DSL problem, in 12 area codes, all in California:
http://support.earthlink.net/contact/outages.php

Gerry




From tnharter at aceweb.com  Mon Apr 14 02:14:35 2014
From: tnharter at aceweb.com (Tian Harter)
Date: Mon, 14 Apr 2014 02:14:35 -0700
Subject: [GPSCC-chat] SPAM Alert: tnharter@aol.com has been hacked. Don't
	open it!
Message-ID: <534BA6FB.1080808@aceweb.com>

I got a call that tnharter at aceweb.com has been hacked from Julie.

She told me it had sent something she wasn't going to open.

I called AOL. They wouldn't let me change the password because I don't 
know the security answer.

Sorry about that!

-- 
Tian
http://tian.greens.org
Latest change: Added pictures from SJBPs Hippies vs. Hipsters Ride.
There's a dog angel on a Kentucky quarter in my home.




From spencer.graves at structuremonitoring.com  Mon Apr 14 05:26:43 2014
From: spencer.graves at structuremonitoring.com (Spencer Graves)
Date: Mon, 14 Apr 2014 05:26:43 -0700
Subject: [GPSCC-chat] SPAM Alert: tnharter@aol.com has been hacked.
 Don't open it!
In-Reply-To: <534BA6FB.1080808@aceweb.com>
References: <534BA6FB.1080808@aceweb.com>
Message-ID: <534BD403.1010107@structuremonitoring.com>

Hi, Tian, at al.:


       I suggest you not give up on changing your password.


       The Heartbleed bug makes it easier for criminal organizations to 
guess your passwords and answers to your security questions.  Cameron 
noted that several criminal organizations collate data stolen via 
Heartbleed with data someone (not necessarily you) entered into a 
genealogical database or posted on Facebook or someplace else.  They 
might get enough to access your bank account or obtain a credit card in 
your name.


       I know a victim of a similar scam:  A thief had taken out a 
credit card in the name of my friend, who almost got stuck with the 
bills.  My friend took the problem to the police, who managed to find 
the thief and get a conviction.  My friend ultimately did not have to 
pay the bills, but it took a lot of work to avoid paying.  The entire 
experience produced a lot of anxiety.


       Cameron is correct:  Heartbleed is real.  Do something real -- or 
run an unacceptable risk of being victimized.  For my suggestions on 
what to do, see Wikiversity, "Managing risk from cyber attacks" 
(https://en.wikiversity.org/wiki/Managing_risk_from_cyber_attacks).


       Spencer


On 4/14/2014 2:14 AM, Tian Harter wrote:
> I got a call that tnharter at aceweb.com has been hacked from Julie.
>
> She told me it had sent something she wasn't going to open.
>
> I called AOL. They wouldn't let me change the password because I don't 
> know the security answer.
>
> Sorry about that!
>


-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com



From wrolley at charter.net  Mon Apr 14 07:17:42 2014
From: wrolley at charter.net (Wes Rolley)
Date: Mon, 14 Apr 2014 07:17:42 -0700
Subject: [GPSCC-chat] Cherries
Message-ID: <534BEE06.7030501@charter.net>

I went to a fruit growers meeting on Saturday.  Interesting topic was 
the fact that no one has good cherry crops in the South County this 
year.  Not in Morgan Hill, not in Gilroy, not even down in Hollister 
(San Benito County).

Lest you think that the culprit might be colony collapse disorder in 
bees, or drought, the information that I was given by a respected Morgan 
Hill Grower is simply that it was too warm this winter... or conversely, 
there was not enough hours of chill (850 for many varieties) to trigger 
the right response in most cherry varieties. So, localvores beware, 
cherries will be much more expensive if they are available at all before 
Washington crops come in... and those will not be local.

Why do I post this?  Because both the drought and the effect of rising 
temperatures on food prices are both features of climate change that the 
scientists have been warning us about.
-- 
"Anytime you have an opportunity to make things better and you don't, 
then you are wasting your time on this Earth" - /Roberto Clemente/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140414/a4bf5357/attachment.html>

From wrolley at charter.net  Mon Apr 14 07:38:24 2014
From: wrolley at charter.net (Wes Rolley)
Date: Mon, 14 Apr 2014 07:38:24 -0700
Subject: [GPSCC-chat] Political biology.
Message-ID: <534BF2E0.6080701@charter.net>

While walking my dog, Mr. Lucky, yesterday, I listened to episode 28 
(April 3, 2014) of the /Inquiring Minds/ podcast.  It was basically an 
interview of Univ. of Neb. - Lincoln professor John Hibbing conducted by 
Chris Mooney (Author of /The Republican War on Science/ and 
/Unscientific America/).  The title of the podcast was /The Biology of 
Ideology/.  The basic premise is that Conservatives and Liberals live in 
very different worlds... a difference that can be objectively 
measured.   The podcast is available for free from Itunes and most other 
podcast broadcasting sites.

If there are biological difference between conservatives and liberals we 
ought to know what they are.  To begin with, conservatives live in a 
more dangerous world.   They focus much more readily on negative things 
and their attention lingers longer when compared to conservatives.   
Hibbing dances around the implication that it is ALL genetic but 
suggests that there is a genetic component (based on twin studies and 
adoptive subjects) which will be very difficult to "tease out" if we 
ever do.

I can't do it all justice, but would suggest that after you listen to 
the podcast, there are two things that become apparent.  (1) Because you 
are living in different worlds, can hear different political debates 
together,  It may not be possible to use arguments that appear rational 
to you in trying to change the mind of a person of the other 
persuasion.  Perhaps this relates to the polarization of politics now.  
In this case, (2) maybe the best approach is to understand that 
compromise may be the only way to resolve some policy concerns.

Another concern for me is the fact that the factors which drive a 
conservative personality may also tend to make them more successful in 
business and therefore more able to provide the financing for political 
activism.  Move to Amend is the right approach to solving this problem 
as the SCOTUS chips away at current campaign finance constraints.


-- 
"Anytime you have an opportunity to make things better and you don't, 
then you are wasting your time on this Earth" - /Roberto Clemente/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140414/3c2f6207/attachment.html>

From cls at truffula.us  Mon Apr 14 08:06:12 2014
From: cls at truffula.us (Cameron L. Spitzer)
Date: Mon, 14 Apr 2014 08:06:12 -0700
Subject: [GPSCC-chat] Cherries
In-Reply-To: <534BEE06.7030501@charter.net>
References: <534BEE06.7030501@charter.net>
Message-ID: <534BF964.7070408@truffula.us>


My impression is the actual climate situation is quite a bit worse than 
the public is being told.  Scientists active in the field complain in 
private that the IPCC's function is to water down the findings because 
the reality is far beyond what politicians can admit in public and 
remain in office.

That said, we climate activists need to be very careful to always speak 
with scientific accuracy.  Every mistake or distortion is carefully 
recorded by the denialist campaign, and never goes away.  Some of the 
most persuasive talking points in that campaign are exaggerated 
predictions from decades past which didn't come true.  Rush Limbaugh's 
web site has a countdown to the day and minute when Al Gore said New 
York would be under water, Hurricane Sandy notwithstanding.

There's a rich irony here.  No scientist positively attributes any 
particular extreme weather event to global warming.  That's despite the 
fact that we are beginning to get large events which were highly 
improbable (p < 0.01) before the current temperature anomaly.  Climate 
models don't predict such brief events as a single warm winter.  They 
just say warm winters are more likely.

I'm here to congratulate Wes for getting it exactly right.  May we all 
speak as carefully and as authoritatively, citing real evidence, as he does.

-/Cameron/




On 04/14/2014 07:17 AM, Wes Rolley wrote:
> I went to a fruit growers meeting on Saturday.  Interesting topic was 
> the fact that no one has good cherry crops in the South County this 
> year.  Not in Morgan Hill, not in Gilroy, not even down in Hollister 
> (San Benito County).
>
> Lest you think that the culprit might be colony collapse disorder in 
> bees, or drought, the information that I was given by a respected 
> Morgan Hill Grower is simply that it was too warm this winter... or 
> conversely, there was not enough hours of chill (850 for many 
> varieties) to trigger the right response in most cherry varieties.  
> So, localvores beware, cherries will be much more expensive if they 
> are available at all before Washington crops come in... and those will 
> not be local.
>
> Why do I post this?  Because both the drought and the effect of rising 
> temperatures on food prices are both features of climate change that 
> the scientists have been warning us about.
> -- 
> "Anytime you have an opportunity to make things better and you don't, 
> then you are wasting your time on this Earth" - /Roberto Clemente/
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140414/f5e5b2c1/attachment.html>

From tnharter at aceweb.com  Mon Apr 14 10:22:08 2014
From: tnharter at aceweb.com (Tian Harter)
Date: Mon, 14 Apr 2014 10:22:08 -0700
Subject: [GPSCC-chat] Cherries
In-Reply-To: <534BF964.7070408@truffula.us>
References: <534BEE06.7030501@charter.net> <534BF964.7070408@truffula.us>
Message-ID: <534C1940.9030700@aceweb.com>

Cherries are one of my favorite fruits. I'm bummed that there won't be 
much local fruit this year. :-(

On 04/14/2014 08:06 AM, Cameron L. Spitzer wrote:
>
> My impression is the actual climate situation is quite a bit worse 
> than the public is being told.  Scientists active in the field 
> complain in private that the IPCC's function is to water down the 
> findings because the reality is far beyond what politicians can admit 
> in public and remain in office.
>
> That said, we climate activists need to be very careful to always 
> speak with scientific accuracy.  Every mistake or distortion is 
> carefully recorded by the denialist campaign, and never goes away.  
> Some of the most persuasive talking points in that campaign are 
> exaggerated predictions from decades past which didn't come true.  
> Rush Limbaugh's web site has a countdown to the day and minute when Al 
> Gore said New York would be under water, Hurricane Sandy notwithstanding.
>
> There's a rich irony here.  No scientist positively attributes any 
> particular extreme weather event to global warming.  That's despite 
> the fact that we are beginning to get large events which were highly 
> improbable (p < 0.01) before the current temperature anomaly.  Climate 
> models don't predict such brief events as a single warm winter.  They 
> just say warm winters are more likely.
>
> I'm here to congratulate Wes for getting it exactly right.  May we all 
> speak as carefully and as authoritatively, citing real evidence, as he 
> does.
>
> -/Cameron/
>
>
>
>
> On 04/14/2014 07:17 AM, Wes Rolley wrote:
>> I went to a fruit growers meeting on Saturday.  Interesting topic was 
>> the fact that no one has good cherry crops in the South County this 
>> year.  Not in Morgan Hill, not in Gilroy, not even down in Hollister 
>> (San Benito County).
>>
>> Lest you think that the culprit might be colony collapse disorder in 
>> bees, or drought, the information that I was given by a respected 
>> Morgan Hill Grower is simply that it was too warm this winter... or 
>> conversely, there was not enough hours of chill (850 for many 
>> varieties) to trigger the right response in most cherry varieties.  
>> So, localvores beware, cherries will be much more expensive if they 
>> are available at all before Washington crops come in... and those 
>> will not be local.
>>
>> Why do I post this?  Because both the drought and the effect of 
>> rising temperatures on food prices are both features of climate 
>> change that the scientists have been warning us about.
>> -- 
>> "Anytime you have an opportunity to make things better and you don't, 
>> then you are wasting your time on this Earth" - /Roberto Clemente/
>>
>>
>> _______________________________________________
>> sosfbay-discuss mailing list
>> sosfbay-discuss at cagreens.org
>> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss


-- 
Tian
http://tian.greens.org
Latest change: Added pictures from SJBPs Hippies vs. Hipsters Ride.
There's a dog angel on a Kentucky quarter in my home.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140414/032a166f/attachment.html>

From j.m.doyle at sbcglobal.net  Mon Apr 14 14:54:11 2014
From: j.m.doyle at sbcglobal.net (Jim Doyle)
Date: Mon, 14 Apr 2014 14:54:11 -0700
Subject: [GPSCC-chat] Jim out of town
Message-ID: <534C5903.1080203@sbcglobal.net>

I will be out of town the 16-th through the 30-th of April inclusive.
There are no pressing treasurer's duties pending as far as I know.

Jim Doyle



From peacemovies at gmail.com  Mon Apr 14 18:49:19 2014
From: peacemovies at gmail.com (John Thielking)
Date: Mon, 14 Apr 2014 18:49:19 -0700
Subject: [GPSCC-chat] End banks deathgrip on your money
In-Reply-To: <b4a23e11-cc41-41a5-8af7-03afa88cb4dc@email.android.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
	<5348C220.9020504@prodsyse.com> <53498187.3040909@truffula.us>
	<53499B03.9090409@prodsyse.com>
	<CAMxmhMcH_yFmjJMLK1-8PRZU1X3yBCku68jwBqRmCu9pHWU4Rg@mail.gmail.com>
	<194cf841-7820-40e7-a22c-f17105373a18@email.android.com>
	<CAMxmhMcrALaQAPZmhB1mKL26z-sZfXRTK3ZXoecbVR2zq282=w@mail.gmail.com>
	<636d7c1b-521a-4b55-8d51-b1f0fefee77d@email.android.com>
	<CAMxmhMfEkOOhxUqkUO+QMsWzO5MY_zjoBA20+eVKYZEJNpUCxA@mail.gmail.com>
	<b4a23e11-cc41-41a5-8af7-03afa88cb4dc@email.android.com>
Message-ID: <CAMxmhMdNqspDqTM8o9h0nikASek=zC=-2g8tPVkGZeLb6ymZ6A@mail.gmail.com>

Well, for what it is worth I went to Meriwest today and successfully opened
a checking account. There were no red flags that they could see in my Chex
Systems report, though the customer service rep said that if my $5k debt on
my defaulted Chase credit card did show up in the Chex Systems report they
would deny me an account. There was a bit of a hassle involved in getting
address verification that would satisfy Meriwest management who had to
approve the account application. They really wanted a utility bill or a
lease agreement that showed where I live. My room mate pays the space rent
and utilities and there is no written agreement between us, though there is
a formal application for park residency on file with the mobile home park
management. The customer service rep said the park agreement would not be
sufficient. So I asked them if I could use my Social Security benefit tax
statement and/or a statement of account activity from my Medicare Advantage
program provider. I came back an hour later with those documents along with
what was left of the notice from when I got my new credit card. When I did
that, they approved the account straight away, despite an earlier
conversation that indicated that it might take up to one week for
management to approve the application.  All of this means that anyone who
receives their mail at a PO Box and doesn't pay their utility bill
themselves or have a written rental agreement with their landlord can't get
an account there.  Well Drew was partly right at least. I at least, as a
test case, was able to get an account there, despite my poor credit history.

Now for a preliminary analysis of the real goal I had in mind which was to
find a credit union that has "inherently secure" online credit unioning of
some form or another available:

It took a bit of convincing and a call by the customer service rep to
management on the phone before she could confirm that indeed there is a
feature on the web site that allows people with accounts to log into just
the e-statement feature separately from the online banking log in.  The
e-statements are only updated once per month. I told the rep that I would
like to see a system developed where the e-statements are updated daily.

Earlier today, I attempted to find out if there were any other credit
unions or banks that had a separate log in for e-statements. Bank Of The
West has separate log ins available for a bunch of features, but not for
e-statements. Nobody else has anything like this feature available at
Meriwest at all.

Later when I attempted to access the e-statement feature online, I was
unable to create a log in just yet as apparently the online portion of the
system doesn't recognize my account information just yet. I looked at the
online registration for both the e-statement log in creation and the online
banking log in creation. There are fewer questions to answer on the
e-statement log in than there are on the online banking log in.  I'm hoping
that after I create the e-statement log in I will still be unable to create
a valid online banking log in as I told the rep repeatedly that I wanted
online banking disabled. I also set up the account to have telephone
banking disabled. I'm not sure how to test out spoofing that to see if it
is really disabled, so I will probably leave that one alone. I asked if
there was any way for them to disable online money transfer and bill pay
for valid online accounts. There is no such feature yet. There also is not
yet a two factor security system in place for online money transfer and
online bill pay. Direct Express debit card accounts have this feature.
Also, Meriwest does not allow cash advances at their teller window for
debit cards that have the Master Card logo, so people getting their Social
Security payments on their Direct Express cards have to change over to
direct deposit to their Meriwest accounts or use the money to bank account
feature within the Direct Express log in to transfer large sums from Social
Security to their Meriwest accounts. The ATM outside the branch is supposed
to work with MC, according to the rep, though I didn't see a MC logo on the
ATM. Transferring money that way is expensive as it will cost $3 every time
you make an ATM withdrawl from a Direct Express card.  Another beef I have
with Meriwest is that I have yet to determine if various account activity
alerts advertised at their online account log in page are available if you
don't sign up for online account access. Chase alerts me to a low balance
by e-mail even though I don't online bank with them. Meriwest's PIN
generation tool that is used when you sign up for a debit card is secure
and all done over the phone, not online. There is no minimum balance to
avoid service charges on the Meriwest checking account as long as the
account is used periodically. If you anticipate leaving it idle for long
periods and don't want to be charged $3 per month service fees, just keep a
minimum balance of $100.  They didn't discuss other miscellaneous fees when
I signed up, but later I noticed when reading their CU network card that
has my account number on it that there are various fees charged such as
$0.17 per check for more than 11 checks deposited and a $5 "check
withdrawl" fee per check withdrawl and so on. When I signed up for the
account, I was able to add features that make Point Of Sale terminal
transactions and ATM withdrawls that use the PIN # get declined if there
are not enough funds in the account, but all other types of overdrafts will
still go through, with a $35 overdraft fee attached.   I'll let you know if
I find out more.

Sincerely,

John Thielking


On Sun, Apr 13, 2014 at 10:25 AM, Drew <rainbeaufriend at riseup.net> wrote:

> No I'm not "insulted", just concerned that collectively we move our money
> out of the banks into credit unions.
> Truly banks are fueling the destruction of the planet.
>
> Green is local!
>
>
> Drew
>
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140414/25509c11/attachment.html>

From rainbeaufriend at riseup.net  Mon Apr 14 20:42:03 2014
From: rainbeaufriend at riseup.net (Drew)
Date: Mon, 14 Apr 2014 20:42:03 -0700
Subject: [GPSCC-chat] End banks deathgrip on your money
In-Reply-To: <CAMxmhMdNqspDqTM8o9h0nikASek=zC=-2g8tPVkGZeLb6ymZ6A@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
	<5348C220.9020504@prodsyse.com> <53498187.3040909@truffula.us>
	<53499B03.9090409@prodsyse.com>
	<CAMxmhMcH_yFmjJMLK1-8PRZU1X3yBCku68jwBqRmCu9pHWU4Rg@mail.gmail.com>
	<194cf841-7820-40e7-a22c-f17105373a18@email.android.com>
	<CAMxmhMcrALaQAPZmhB1mKL26z-sZfXRTK3ZXoecbVR2zq282=w@mail.gmail.com>
	<636d7c1b-521a-4b55-8d51-b1f0fefee77d@email.android.com>
	<CAMxmhMfEkOOhxUqkUO+QMsWzO5MY_zjoBA20+eVKYZEJNpUCxA@mail.gmail.com>
	<b4a23e11-cc41-41a5-8af7-03afa88cb4dc@email.android.com>
	<CAMxmhMdNqspDqTM8o9h0nikASek=zC=-2g8tPVkGZeLb6ymZ6A@mail.gmail.com>
Message-ID: <d84bf7eb-fd55-4bd1-8599-baf369451c2f@email.android.com>

I'm confident that even folks using P.O. Boxes can prove their residency and get a Meriwest Credit Union account.

I have my account set to reject overdrafts so I don't pay overdraft fees like Chase ripped me off for (and had a class action lawsuit and government investigation over).

Green is local!

Drew
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140414/6db187b6/attachment.html>

From peacemovies at gmail.com  Mon Apr 14 22:03:40 2014
From: peacemovies at gmail.com (John Thielking)
Date: Mon, 14 Apr 2014 22:03:40 -0700
Subject: [GPSCC-chat] End banks deathgrip on your money
In-Reply-To: <d84bf7eb-fd55-4bd1-8599-baf369451c2f@email.android.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
	<5348C220.9020504@prodsyse.com> <53498187.3040909@truffula.us>
	<53499B03.9090409@prodsyse.com>
	<CAMxmhMcH_yFmjJMLK1-8PRZU1X3yBCku68jwBqRmCu9pHWU4Rg@mail.gmail.com>
	<194cf841-7820-40e7-a22c-f17105373a18@email.android.com>
	<CAMxmhMcrALaQAPZmhB1mKL26z-sZfXRTK3ZXoecbVR2zq282=w@mail.gmail.com>
	<636d7c1b-521a-4b55-8d51-b1f0fefee77d@email.android.com>
	<CAMxmhMfEkOOhxUqkUO+QMsWzO5MY_zjoBA20+eVKYZEJNpUCxA@mail.gmail.com>
	<b4a23e11-cc41-41a5-8af7-03afa88cb4dc@email.android.com>
	<CAMxmhMdNqspDqTM8o9h0nikASek=zC=-2g8tPVkGZeLb6ymZ6A@mail.gmail.com>
	<d84bf7eb-fd55-4bd1-8599-baf369451c2f@email.android.com>
Message-ID: <CAMxmhMcEcfZLV7VoYYGaH-mo4sLv1LbtwemN6C79wmbHfOwTww@mail.gmail.com>

Based on your reply, I'm adding the following PS to my lengthy letter to
Lofgren and Honda prior to the Senior Scam Prevention event on Friday:

PS Another issue is overdrafts. All banks and credit unions should be
required to offer (and to CLEARLY STATE that such an option is available)
an option to have your account reject ALL overdrafts. Chase does not
currently offer this and Meriwest may offer this but failed miserably to
explain this option.



On Mon, Apr 14, 2014 at 8:42 PM, Drew <rainbeaufriend at riseup.net> wrote:

> I'm confident that even folks using P.O. Boxes can prove their residency
> and get a Meriwest Credit Union account.
>
> I have my account set to reject overdrafts so I don't pay overdraft fees
> like Chase ripped me off for (and had a class action lawsuit and government
> investigation over).
>
>
> Green is local!
>
> Drew
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140414/526ffa58/attachment.html>

From peacemovies at gmail.com  Tue Apr 15 11:28:13 2014
From: peacemovies at gmail.com (John Thielking)
Date: Tue, 15 Apr 2014 11:28:13 -0700
Subject: [GPSCC-chat] Heartbleed is real. Do something real.
In-Reply-To: <534B05AC.2070600@prodsyse.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<5345BFD7.4090800@truffula.us>
	<CAMxmhMeFiXji3noc06xS0b_dL6_z-=KxTxYtyj4XbHQNfL5dUg@mail.gmail.com>
	<5345DCE2.1000305@truffula.us>
	<CAMxmhMf8u4m068+o8Y3j9ZA-Kn63pWZ7GrgjJjJJThuNdTOQnw@mail.gmail.com>
	<5345F9D1.4080107@truffula.us>
	<CAMxmhMfm=vq3qtXKiKGYxfS_BZLLa36SR15vZnEyAm4-pKCgQg@mail.gmail.com>
	<ade0abf6-f97f-4e0e-895e-4647ea41e79f@email.android.com>
	<5346F4FA.7000309@prodsyse.com>
	<CAMxmhMcJ7twLpPwR_wXFGDRXa2Jfym_Awd8a0d73wr3q-SyrZw@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
	<5348C220.9020504@prodsyse.com> <53498187.3040909@truffula.us>
	<53499B03.9090409@prodsyse.com> <5349E7F1.7060601@truffula.us>
	<534B05AC.2070600@prodsyse.com>
Message-ID: <CAMxmhMeB5orK7eoQaFEHXgyiy07ipJG7ujUSTPp1QonBdzZKPA@mail.gmail.com>

My apologies for this thread skipping back from the Move Your Money Out Of
Banks thread back to this thread, but I can't find any trace of the other
thread in my gmail inbox. Anyway, to continue the discussion between Drew
and myself about Meriwest, I went there again this AM to try to iron out
some remaining issues. First, I asked them about overdraft protection/no
protection options and the fees involved. They told me that yes I could
select the option where ALL overdrafts (er well they literally said ACH
overdrafts) would be declined. But they also said that if a non PIN
required transaction was declined due to insufficient funds, there would be
no debit to my account for the attempted draft, but there would still be a
$35 fee charged to my account.  I selected the "decline ACH overdrafts too"
option and crossed my fingers and hoped that no one would attempt multiple
unauthorized ACH overdrafts to my account.

Later after I went home I called Direct Express to order a new card to
protect myself from the Heartbleed bug possibly compromising my debit card
numbers and I asked them about their policies on overdrafts. They said that
most of the time an overdraft is not possible since they will decline all
attempted overdrafts except in the rare case where a merchant had a credit
charge go through after the maximum 5-10 day waiting period and you
happened to have spent those funds already. In that case, there is no
overdraft fee involved. They know you are good for the funds and they wait
patiently for the next deposit from Social Security to come through and
deduct what you owe them from that. Also, in the case of any attempted
overdraft being declined, there still is no fee involved. Comerica is an
exception to the bad track records of banks such as Chase and Wells Fargo.
Plus, the Direct Express card itself is managed under contract with the
Treasury Dept, which either through the contract terms or just plain old
incentives, provides Comerica with the motivation to treat the Direct
Express customers at least with a touch of respect. Chase has an F rating
with the BBB and has a customer complaint roster and government actions
list on the BBB web site that is a mile long. Comerica's BBB file is fairly
clean, with only a few complaints and they have a much deserved B- to A+
rating from the BBB depending on which specific branch you look up. I could
not find a single govt action against Comerica on the BBB web site. I have
no regrets continuing to have a Direct Express debit card and will likely
continue to get my SS deposits there even if I end up doing a cash advance
every month for the full amount and depositing that into my new credit
union account in Eugene.  My original reason for doing that was not because
I had any knowledge about Comerica's BBB ratings. It was simply to protect
myself from a possibly jealous dealer (Chase) possibly closing my account
if they found out I was trading bitcoin. Comerica doesn't have the
authority to close my Direct Express account. Only the Social Security
Admin can close the account without my authorization. So as long as I am
trading bitcoin that will be what I end up doing..

I also went to the Meriwest branch today to try to finish creating a log in
for e-statements without having to first sign up for online banking. The
web site was down so we couldn't do anything. But the customer service
person (different person from yesterday) still had the, hopefully mistaken,
belief that you have to sign up for online banking before you can create a
log in for the e-statements feature. I will try again tomorrow. Cheers!

Sincerely,

John Thielking


On Sun, Apr 13, 2014 at 2:46 PM, Spencer Graves <spencer.graves at prodsyse.com
> wrote:

>  Hi, Cameron, et al.:
>
>
>       Might anyone have a source to back up Cameron's discussion about
> Heartbleed and identity theft operations  of some criminal organizations?
>
>
>       I'd like to add a discussion of that to the Wikipedia article on
> "Heartbleed", but I'm concerned that my comments on that would be removed
> if I don't cite a credible source.
>
>
>       Thanks,
>       Spencer
>
>
> On 4/12/2014 6:27 PM, Cameron L. Spitzer wrote:
>
>
> >"It is believed that Heartbleed originates from the same organisation as
> stuxnet and duqu."
>
> That's just silly, of course.  OpenSSL is developed in the open using a
> collaboration tool called Git that was invented for Linux kernel
> development.
> OpenSSL's Git instance is online where anyone can fetch any version any
> time.
> To see the fix, just google "heartbleed git commits" and follow the first
> link<http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3#patch2>.
> That's the fix (bug code in red, fix code in green, in two files) being
> introduced to the code line.
>
> The bug was introduced with the heartbeat feature.  That commit is here<http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4817504d069b4c5082161b02a22116ad75f822b1>
> .
> Robin Segglemann is not mysterious.  He's given interviews about it by
> now.  It's a dumb error (missing bounds check, shouldn't trust the remote
> system) that was all too common in networking software a decade ago but
> reviewers usually look for these days.
> A stealthy intelligence agency introducing a secret back door would have
> made some effort to hide it or sneak it in.  It would be much more subtle.
>
>
> >"the United States National Security Agency was aware of the flaw since
> shortly after its introduction"
>
> Of Course.  OpenSSL is open source security software.  NSA reviews that
> more carefully and faster than anybody else does.  We'd all be amazed if
> they, of all reviewers, *didn't* spot a missing bounds check.  (More
> disappointed than amazed it got past everybody else.)  Discovering the bug
> and not promptly informing OpenSSL's maintainers was evil.
>
>
>
> On 04/12/2014 12:58 PM, Spencer Graves wrote:
>
> Hi, Cameron:
>
>
> [...]     Example:  17:12 today (5:12 PM, UTC), an anonymous user added a
> comment that, "It is believed that Heartbleed originates from the same
> organisation as stuxnet and duqu."  This comment included a reference to an
> article that mentioned neither stuxnet nor duqu.  It was undone 49 minutes
> later.  The article also includes comments that, "According to two insider
> sources speaking to Bloomberg.com, the United States National Security
> Agency was aware of the flaw since shortly after its introduction, but
> chose to keep it secret, instead of reporting it, in order to exploit it
> for their own purposes." [...]
>
>
>
>
>
> _______________________________________________
> sosfbay-discuss mailing listsosfbay-discuss at cagreens.orghttp://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
>
>
> --
> Spencer Graves, PE, PhD
> President and Chief Technology Officer
> Structure Inspection and Monitoring, Inc.
> 751 Emerson Ct.
> San Jos?, CA 95126
> ph:  408-655-4567
> web:  www.structuremonitoring.com
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140415/3de16844/attachment.html>

From tnharter at aceweb.com  Tue Apr 15 13:28:19 2014
From: tnharter at aceweb.com (Tian Harter)
Date: Tue, 15 Apr 2014 13:28:19 -0700
Subject: [GPSCC-chat] SJS says our vendor packet will be in the mail soon.
Message-ID: <534D9663.7010308@aceweb.com>

I'd say check the mail in a week or so...

-- 
Tian
http://tian.greens.org
Latest change: Added a writeup of Mayor Gayle McLaughlin's SJ visit.
There's a dog angel on a Kentucky quarter in my home.




From carolineyacoub at att.net  Wed Apr 16 10:54:27 2014
From: carolineyacoub at att.net (Caroline Yacoub)
Date: Wed, 16 Apr 2014 10:54:27 -0700 (PDT)
Subject: [GPSCC-chat] stuff that's going on
Message-ID: <1397670867.34446.YahooMailNeo@web185303.mail.gq1.yahoo.com>

I went to a health care coalition meeting last night and found out about a lot of things that are going on. So I don't freak out our moderator, I will only tell you about a couple of them at a time.
Caroline

1.California Alliance for Retired Americans is having a house party on May 3 for "How to Protect and Improve Social Security for Future Generations."
It is at 181 Anne Way, Los Gatos from 2-5 pm. RSVP to Carol Garvey at 408-472-6218.

2.Reel Work Film Festival
?? Thurs. April24?? Citizen Koch? 
??? San Jose City College?? Theater Drama building 6:30 pm

??? Fri. April 25? Where Soldiers Come 
??? SJ Peace and Justice Center? 7:00 pm


??? Tues. April29?? Inocente
????S J City College, Student Center Community Room 204? 1230 pm

???? Wed. April 30?? Cointelpro 101
????? SJ City College, Student Center 204? 6:30pm

????? Sat. May 3?? Shift Change
????? SJ Peace and Justice Center 7:00 pm

????? Wed. May 7?? Default: The Student Loan Documentary
SJ City College Student Center 204?? 12:15 pm

????? Thur. May 8??? A Place At the Table
????? SJ City College Student Center 204??? 6:30 pm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140416/3e0e49a6/attachment.html>

From peacemovies at gmail.com  Wed Apr 16 11:52:11 2014
From: peacemovies at gmail.com (John Thielking)
Date: Wed, 16 Apr 2014 11:52:11 -0700
Subject: [GPSCC-chat] Rebuttal To Report Linking Diablo Canyon Power Plant
	To Health Problems
Message-ID: <CAMxmhMe++B8c71ZH+a9EPz-z2Nd5HVTdv_QuudGsfYb1nkXiKA@mail.gmail.com>

Rebuttal To Report Linking Diablo Canyon Power Plant To Health Problems

Hello,

I have just now published an article on indybay talking about the
controversy that is sure to erupt concerning the SLO County Health Dept
rebuttal to a recent activist's report that attempted to link various
negative health stats in SLO to the operation of the Diablo Nuclear Power
Plant.  That article is located here:

https://www.indybay.org/newsitems/2014/04/16/18754240.php


Thanks.

Sincerely,

John Thielking
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140416/945904b1/attachment.html>

From peacemovies at gmail.com  Wed Apr 16 16:26:26 2014
From: peacemovies at gmail.com (John Thielking)
Date: Wed, 16 Apr 2014 16:26:26 -0700
Subject: [GPSCC-chat] End banks deathgrip on your money
In-Reply-To: <CAMxmhMcEcfZLV7VoYYGaH-mo4sLv1LbtwemN6C79wmbHfOwTww@mail.gmail.com>
References: <CAMxmhMdJ0BdF0qwF_A+H9=Y3Acp5Nun=3mp7C4enmpRsfbeT9g@mail.gmail.com>
	<53480E30.3040002@truffula.us>
	<CAMxmhMd28JzRvFr74y+=rGc_fFqpusQYbbdLSkp5zNg8tgvFbA@mail.gmail.com>
	<CAMxmhMf6Yn7SCGaE_g_3GMd9jCk3PNZw7ofS_RgbCWBD=-S7ig@mail.gmail.com>
	<CAMxmhMf4nBM_UVyU41oeUsQFQiD4syP8ZxgvbsfwA2ALtF+bbA@mail.gmail.com>
	<CAMxmhMfF7t-B0Hw5t==HXqxCZPaZSmciN9ffztkkWQHAxo3KYA@mail.gmail.com>
	<5348C220.9020504@prodsyse.com> <53498187.3040909@truffula.us>
	<53499B03.9090409@prodsyse.com>
	<CAMxmhMcH_yFmjJMLK1-8PRZU1X3yBCku68jwBqRmCu9pHWU4Rg@mail.gmail.com>
	<194cf841-7820-40e7-a22c-f17105373a18@email.android.com>
	<CAMxmhMcrALaQAPZmhB1mKL26z-sZfXRTK3ZXoecbVR2zq282=w@mail.gmail.com>
	<636d7c1b-521a-4b55-8d51-b1f0fefee77d@email.android.com>
	<CAMxmhMfEkOOhxUqkUO+QMsWzO5MY_zjoBA20+eVKYZEJNpUCxA@mail.gmail.com>
	<b4a23e11-cc41-41a5-8af7-03afa88cb4dc@email.android.com>
	<CAMxmhMdNqspDqTM8o9h0nikASek=zC=-2g8tPVkGZeLb6ymZ6A@mail.gmail.com>
	<d84bf7eb-fd55-4bd1-8599-baf369451c2f@email.android.com>
	<CAMxmhMcEcfZLV7VoYYGaH-mo4sLv1LbtwemN6C79wmbHfOwTww@mail.gmail.com>
Message-ID: <CAMxmhMfcbZN0C8vA7NCQziNBhzqLfhpLMtW+2_CZZEEVdPZXTg@mail.gmail.com>

Oh, here is that thread that seemed to disappear in my G-mail inbox.
Anyhow, I sent the following additional comments to Mike Honda and Zoe
Lofgren. There is also a complete article on Indybay at

https://www.indybay.org/newsitems/2014/04/15/18754160.php

John Thielking

I need to add a few additional comments:

1) Meriwest still charges $35 for attempted ACH overdrafts even if you
select to have such overdrafts declined when they occur. Direct Express
never charges an overdraft fee and most of the time it is not possible to
get an overdraft to occur.

2) Although I told Meriwest customer service that I wanted online banking
"disabled", they later said that I could still create an online banking log
in from my home computer if I had all the correct information such as my
mother's maiden name and drivers license #. My requested standard for banks
and credit unions is that when the customer requests to not enable online
banking that it should be necessary to show a photo ID to customer service
at a branch location and state that they would like to enable online
banking before the customer can create a valid log in for full access
online banking that includes the features of money transfer and online bill
pay.

3) I was finally able to create an e-statement only log in on Meriwest's
web site without first using online banking in any way. That part is
satisfactory.

Please forward these additional comments to Mike Honda and staff. Thank you.

Sincerely,

John Thielking, San Jose, CA


On Mon, Apr 14, 2014 at 10:03 PM, John Thielking <peacemovies at gmail.com>wrote:

> Based on your reply, I'm adding the following PS to my lengthy letter to
> Lofgren and Honda prior to the Senior Scam Prevention event on Friday:
>
> PS Another issue is overdrafts. All banks and credit unions should be
> required to offer (and to CLEARLY STATE that such an option is available)
> an option to have your account reject ALL overdrafts. Chase does not
> currently offer this and Meriwest may offer this but failed miserably to
> explain this option.
>
>
>
> On Mon, Apr 14, 2014 at 8:42 PM, Drew <rainbeaufriend at riseup.net> wrote:
>
>> I'm confident that even folks using P.O. Boxes can prove their residency
>> and get a Meriwest Credit Union account.
>>
>> I have my account set to reject overdrafts so I don't pay overdraft fees
>> like Chase ripped me off for (and had a class action lawsuit and government
>> investigation over).
>>
>>
>> Green is local!
>>
>> Drew
>> --
>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>
>> _______________________________________________
>> sosfbay-discuss mailing list
>> sosfbay-discuss at cagreens.org
>> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140416/8cbb04d8/attachment.html>

From peacemovies at gmail.com  Sat Apr 19 09:41:33 2014
From: peacemovies at gmail.com (John Thielking)
Date: Sat, 19 Apr 2014 09:41:33 -0700
Subject: [GPSCC-chat] Quarreling Over Which Energy Sources To Use To
 Generate Electricity Is A Distraction
Message-ID: <CAMxmhMdPqj24EDUfTMRhzXyZAasaeJHqAN3qO-80tnn=fegY5A@mail.gmail.com>

Subject: Quarreling Over Which Energy Sources To Use To Generate
Electricity Is A Distraction.


I have another thought on this whole discussion about ending nuclear power
generation of electricity. If you take the possible effects of net CO2
emissions that would occur if the world switched over to 100% organic
agriculture, this whole discussion about which energy sources to use for
generating electricity could be seen as a distraction from the real issue.
For a discussion of this issue I invite you to view Thom Hartmann's latest
episode of The Big Picture, available on Youtube here:

http://www.youtube.com/watch?v=Gnhm4gXoAYI

According to the person he interviewed on that episode, if we switched to
100% organic agriculture, we would end up sequestering 100% of a year's
emissions of CO2. Since the USDA standard for switching from labeling your
crop from conventional to "organic" is to let your fields lie fallow for 3
years without applying pesticides, the maximum length of time this should
take to accomplish, if we get cracking now everywhere, is only 3 years.

John Thielking
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140419/fa70d76f/attachment.html>

From spencer.graves at prodsyse.com  Mon Apr 21 20:33:34 2014
From: spencer.graves at prodsyse.com (Spencer Graves)
Date: Mon, 21 Apr 2014 20:33:34 -0700
Subject: [GPSCC-chat] Steve Raney, 350.org this Thursday, 7 - 7:30 PM,
	April 24
Message-ID: <5355E30E.9000002@prodsyse.com>

Hello, All:


Steve Raney, Principal at Cities21 in Palo Alto (350.org volunteer), 
will speak on "Strategies to Defeat Exxon/Koch: Politics of Federal 
Climate Legislation" during the pre-meeting period before our regular 
monthly meeting this Thursday. An outline of his presentation appears 
below and on our web site, "www.cagreens.org/santaclara".


You are welcome to come for the presentation and leave after if you wish.


Hope to see you then.


Best Wishes,
Spencer


Outline:
1) Political strategies to enact strong federal climate legislation 
within 36 months (in the face of the overwhelming political power of the 
fossil fuel industry).
2) Strategies of 350.org, Citizens Climate Lobby, and Environmental 
Defense.
3) Professor Erica Chenoweth?s dataset of past international citizen 
movements shows that when 3.5% of a country?s population (11 million 
pro-climate Americans) is actively involved in a movement, 80% of those 
movements achieve their objectives.


-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com



From spencer.graves at prodsyse.com  Mon Apr 21 20:55:16 2014
From: spencer.graves at prodsyse.com (Spencer Graves)
Date: Mon, 21 Apr 2014 20:55:16 -0700
Subject: [GPSCC-chat] Speaker for May 22?
Message-ID: <5355E824.2070002@prodsyse.com>

Hello, All:


       Do you have suggestions for someone to invite to speak 7 - 7:30 
PM before our May 22 meeting?


       I'm thinking of inviting someone from the local League of Women 
Voters to talk with us about their "smartvoter.org" initiative and other 
sources of information for voters -- and how we might support their 
efforts this election year.  There won't be much time for us to do much 
between our May 22 meeting and the June 3 primary, but we might be able 
to do something if anyone is interested.


       What do you think?


       Best Wishes,
       Spencer


-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com



From perrysandy at aol.com  Mon Apr 21 21:02:33 2014
From: perrysandy at aol.com (perrysandy at aol.com)
Date: Tue, 22 Apr 2014 00:02:33 -0400 (EDT)
Subject: [GPSCC-chat] Speaker for May 22?
In-Reply-To: <5355E824.2070002@prodsyse.com>
References: <5355E824.2070002@prodsyse.com>
Message-ID: <8D12BF6D2DBAA3A-3088-40249@webmail-m130.sysops.aol.com>


Hi Spencer,

Brian Davis wants to talk with us about his anti-cigarette campaign (see below).



Sandy



Dear Sandy Perry,
 
We met at the health fair on Saturday.  As I mentioned, our project, Butt Out of Our Bars, is focused on the issue of tobacco companies targeting our young adults in San Jose?s bars with major discounts like $1 packs of cigarettes which make it easy to get hooked on tobacco and hard to quit.  
 
We are also working on the e-cigarette issue.  As you may know, e-cigarettes contain at least 10 toxic chemicals and that increasing numbers of underage youth are using them.
 
You mentioned that you may be able to give us the opportunity to speak at your meeting on April 24th.  If that is not possible, please let me know if we can present at the May 22nd meeting.  I have attached our endorsement and model support letter forms and our brochure.
 
Thank you very much for your time and consideration!
 
Sincerely,
 
 
Brian Davis
California Tobacco Control Program (CTCP) Coordinator
39184 State Street
Fremont, CA 94538
Phone: (510) 456-3540
Cell: (510) 459-4122
Email: bdavis at tri-cityhealth.org
http://www.tri-cityhealth.org 





-----Original Message-----
From: Spencer Graves <spencer.graves at prodsyse.com>
To: GPSCC <sosfbay-discuss at cagreens.org>
Sent: Mon, Apr 21, 2014 8:56 pm
Subject: [GPSCC-chat] Speaker for May 22?


Hello, All:


       Do you have suggestions for someone to invite to speak 7 - 7:30 
PM before our May 22 meeting?


       I'm thinking of inviting someone from the local League of Women 
Voters to talk with us about their "smartvoter.org" initiative and other 
sources of information for voters -- and how we might support their 
efforts this election year.  There won't be much time for us to do much 
between our May 22 meeting and the June 3 primary, but we might be able 
to do something if anyone is interested.


       What do you think?


       Best Wishes,
       Spencer


-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com

_______________________________________________
sosfbay-discuss mailing list
sosfbay-discuss at cagreens.org
http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140422/3b5611c5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 42012 bytes
Desc: not available
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140422/3b5611c5/attachment.jpg>

From spencer.graves at prodsyse.com  Mon Apr 21 21:46:56 2014
From: spencer.graves at prodsyse.com (Spencer Graves)
Date: Mon, 21 Apr 2014 21:46:56 -0700
Subject: [GPSCC-chat] Speaker for May 22?
In-Reply-To: <8D12BF6D2DBAA3A-3088-40249@webmail-m130.sysops.aol.com>
References: <5355E824.2070002@prodsyse.com>
	<8D12BF6D2DBAA3A-3088-40249@webmail-m130.sysops.aol.com>
Message-ID: <5355F440.90702@prodsyse.com>

Hi, Sandy, et al.:


       Might it be feasible to ask Brian Davis to come June 26 or July 24?


       I have not yet contacted anyone about May 22, so we could have 
Brian Davis then.  However, I'd prefer to have something on May 22 that 
relates to the June 3 election.  I don't see anything in Brian Davis' 
email suggesting that his comments would relate to anything on the June 
3 ballot.  Therefore, my preference is to contact the League of Women 
Voters (and perhaps others) who could talk about the voter information 
available on the web.  If they don't respond by, say, April 26, we see 
if Brian Davis is still available for May 22.


       Thanks,
       Spencer


On 4/21/2014 9:02 PM, perrysandy at aol.com wrote:
> Hi Spencer,
> Brian Davis wants to talk with us about his anti-cigarette campaign 
> (see below).
> Sandy
> Dear Sandy Perry,
> We met at the health fair on Saturday. As I mentioned, our project, 
> Butt Out of Our Bars, is focused on the issue of tobacco companies 
> targeting our young adults in San Jose's bars with major discounts 
> like $1 packs of cigarettes which make it easy to get hooked on 
> tobacco and hard to quit.
> We are also working on the e-cigarette issue.  As you may know, 
> e-cigarettes contain at least 10 toxic chemicals and that increasing 
> numbers of underage youth are using them.
> You mentioned that you may be able to give us the opportunity to speak 
> at your meeting on April 24^th . If that is not possible, please let 
> me know if we can present at the May 22^nd meeting.  I have attached 
> our endorsement and model support letter forms and our brochure.
> Thank you very much for your time and consideration!
> Sincerely,
> *Brian Davis*
> California Tobacco Control Program (CTCP) Coordinator
> 39184 State Street
> Fremont, CA 94538
> Phone: (510) 456-3540
> Cell: (510) 459-4122
> Email: bdavis at tri-cityhealth.org <mailto:bdavis at tri-cityhealth.org>
> http://www.tri-cityhealth.org <http://www.tri-cityhealth.org/>
>
> -----Original Message-----
> From: Spencer Graves <spencer.graves at prodsyse.com>
> To: GPSCC <sosfbay-discuss at cagreens.org>
> Sent: Mon, Apr 21, 2014 8:56 pm
> Subject: [GPSCC-chat] Speaker for May 22?
>
> Hello, All:
>
>
>         Do you have suggestions for someone to invite to speak 7 - 7:30
> PM before our May 22 meeting?
>
>
>         I'm thinking of inviting someone from the local League of Women
> Voters to talk with us about their "smartvoter.org" initiative and other
> sources of information for voters -- and how we might support their
> efforts this election year.  There won't be much time for us to do much
> between our May 22 meeting and the June 3 primary, but we might be able
> to do something if anyone is interested.
>
>
>         What do you think?
>
>
>         Best Wishes,
>         Spencer
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss


-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140421/5b056440/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 42012 bytes
Desc: not available
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140421/5b056440/attachment.jpe>

From perrysandy at aol.com  Mon Apr 21 23:23:18 2014
From: perrysandy at aol.com (perrysandy at aol.com)
Date: Tue, 22 Apr 2014 02:23:18 -0400 (EDT)
Subject: [GPSCC-chat] Speaker for May 22?
In-Reply-To: <5355F440.90702@prodsyse.com>
References: <5355E824.2070002@prodsyse.com>
	<8D12BF6D2DBAA3A-3088-40249@webmail-m130.sysops.aol.com>
	<5355F440.90702@prodsyse.com>
Message-ID: <8D12C0A7C50D876-ACFC-4144B@webmail-vm010.sysops.aol.com>


Hi Spencer,

I will contact him, I believe his campaign is time-sensitive.


Sandy


-----Original Message-----
From: Spencer Graves <spencer.graves at prodsyse.com>
To: perrysandy <perrysandy at aol.com>; sosfbay-discuss <sosfbay-discuss at cagreens.org>
Sent: Mon, Apr 21, 2014 9:47 pm
Subject: Re: [GPSCC-chat] Speaker for May 22?


          
    
Hi, Sandy, et al.:   
      
      
            Might it be feasible to ask Brian Davis to come June 26 or      July 24?   
      
      
            I have not yet contacted anyone about May 22, so we could      have Brian Davis then.  However, I'd prefer to have something on      May 22 that relates to the June 3 election.  I don't see anything      in Brian Davis' email suggesting that his comments would relate to      anything on the June 3 ballot.  Therefore, my preference is to      contact the League of Women Voters (and perhaps others) who could      talk about the voter information available on the web.  If they      don't respond by, say, April 26, we see if Brian Davis is still      available for May 22.  
      
      
            Thanks, 
            Spencer 
            
      
      On 4/21/2014 9:02 PM, perrysandy at aol.com wrote:
    
    
        
Hi Spencer,
        
 
        
Brian Davis wants to talk with us about his anti-cigarette          campaign (see below).
        
 
        
 
        
 
        
Sandy
        
 
        
 
        
          
Dear Sandy Perry,
          
 
          
We met at the health fair on Saturday.             As I mentioned, our project, Butt Out of Our Bars, is            focused on the issue of tobacco companies targeting our            young adults in San Jose?s bars with major discounts like $1            packs of cigarettes which make it easy to get hooked on            tobacco and hard to quit.  
          
 
          
We are also working on the e-cigarette            issue.  As you may know, e-cigarettes contain at least 10            toxic chemicals and that increasing numbers of underage            youth are using them.
          
 
          
You mentioned that you may be able to            give us the opportunity to speak at your meeting on April 24th.             If that is not possible, please let me know if we can            present at the May 22nd meeting.  I have attached            our endorsement and model support letter forms and our            brochure.
          
 
          
Thank you very much for your time and            consideration!
          
 
          
Sincerely,
          
 
          
 
          
Brian Davis
              California Tobacco Control Program (CTCP) Coordinator
              39184 State Street
              Fremont, CA 94538
              Phone: (510) 456-3540
              Cell: (510) 459-4122
              Email: bdavis at tri-cityhealth.org
              http://www.tri-cityhealth.org 
              
            
        
        
-----Original Message-----
          From: Spencer Graves <spencer.graves at prodsyse.com>
          To: GPSCC <sosfbay-discuss at cagreens.org>
          Sent: Mon, Apr 21, 2014 8:56 pm
          Subject: [GPSCC-chat] Speaker for May 22?
          
          
            
Hello, All:


       Do you have suggestions for someone to invite to speak 7 - 7:30 
PM before our May 22 meeting?


       I'm thinking of inviting someone from the local League of Women 
Voters to talk with us about their "smartvoter.org" initiative and other 
sources of information for voters -- and how we might support their 
efforts this election year.  There won't be much time for us to do much 
between our May 22 meeting and the June 3 primary, but we might be able 
to do something if anyone is interested.


       What do you think?


       Best Wishes,
       Spencer



          
        
            
_______________________________________________
sosfbay-discuss mailing list
sosfbay-discuss at cagreens.org
http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
    
    
    
    
-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com

  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140422/3fa63ac0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 42012 bytes
Desc: not available
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140422/3fa63ac0/attachment.jpe>

From spencer.graves at structuremonitoring.com  Tue Apr 22 07:43:52 2014
From: spencer.graves at structuremonitoring.com (Spencer Graves)
Date: Tue, 22 Apr 2014 07:43:52 -0700
Subject: [GPSCC-chat] Speaker for May 22?
In-Reply-To: <8D12C0A7C50D876-ACFC-4144B@webmail-vm010.sysops.aol.com>
References: <5355E824.2070002@prodsyse.com>	<8D12BF6D2DBAA3A-3088-40249@webmail-m130.sysops.aol.com>	<5355F440.90702@prodsyse.com>
	<8D12C0A7C50D876-ACFC-4144B@webmail-vm010.sysops.aol.com>
Message-ID: <53568028.9020603@structuremonitoring.com>

Hi, Sandy:


       Great.  Please contact him.  Could you also ask about the urgency 
of his campaign, and whether others would compare the urgency relative 
to a program on web-based voter information?


       Thanks,
       Spencer


p.s.  If it had already been scheduled, I would NOT ask to reconsider ;-)


On 4/21/2014 11:23 PM, perrysandy at aol.com wrote:
> Hi Spencer,
> I will contact him, I believe his campaign is time-sensitive.
> Sandy
> -----Original Message-----
> From: Spencer Graves <spencer.graves at prodsyse.com>
> To: perrysandy <perrysandy at aol.com>; sosfbay-discuss 
> <sosfbay-discuss at cagreens.org>
> Sent: Mon, Apr 21, 2014 9:47 pm
> Subject: Re: [GPSCC-chat] Speaker for May 22?
>
> Hi, Sandy, et al.:
>
>
>       Might it be feasible to ask Brian Davis to come June 26 or July 24?
>
>
>       I have not yet contacted anyone about May 22, so we could have 
> Brian Davis then.  However, I'd prefer to have something on May 22 
> that relates to the June 3 election.  I don't see anything in Brian 
> Davis' email suggesting that his comments would relate to anything on 
> the June 3 ballot.  Therefore, my preference is to contact the League 
> of Women Voters (and perhaps others) who could talk about the voter 
> information available on the web.  If they don't respond by, say, 
> April 26, we see if Brian Davis is still available for May 22.
>
>
>       Thanks,
>       Spencer
>
>
> On 4/21/2014 9:02 PM, perrysandy at aol.com wrote:
>> Hi Spencer,
>> Brian Davis wants to talk with us about his anti-cigarette campaign 
>> (see below).
>> Sandy
>> Dear Sandy Perry,
>> We met at the health fair on Saturday.  As I mentioned, our project, 
>> Butt Out of Our Bars, is focused on the issue of tobacco companies 
>> targeting our young adults in San Jose's bars with major discounts 
>> like $1 packs of cigarettes which make it easy to get hooked on 
>> tobacco and hard to quit.
>> We are also working on the e-cigarette issue.  As you may know, 
>> e-cigarettes contain at least 10 toxic chemicals and that increasing 
>> numbers of underage youth are using them.
>> You mentioned that you may be able to give us the opportunity to 
>> speak at your meeting on April 24^th .  If that is not possible, 
>> please let me know if we can present at the May 22^nd meeting.  I 
>> have attached our endorsement and model support letter forms and our 
>> brochure.
>> Thank you very much for your time and consideration!
>> Sincerely,
>> *Brian Davis*
>> California Tobacco Control Program (CTCP) Coordinator
>> 39184 State Street
>> Fremont, CA 94538
>> Phone: (510) 456-3540
>> Cell: (510) 459-4122
>> Email: bdavis at tri-cityhealth.org <mailto:bdavis at tri-cityhealth.org>
>> http://www.tri-cityhealth.org <http://www.tri-cityhealth.org/>
>>
>> -----Original Message-----
>> From: Spencer Graves <spencer.graves at prodsyse.com>
>> To: GPSCC <sosfbay-discuss at cagreens.org>
>> Sent: Mon, Apr 21, 2014 8:56 pm
>> Subject: [GPSCC-chat] Speaker for May 22?
>>
>> Hello, All:
>>
>>
>>         Do you have suggestions for someone to invite to speak 7 - 7:30
>> PM before our May 22 meeting?
>>
>>
>>         I'm thinking of inviting someone from the local League of Women
>> Voters to talk with us about their "smartvoter.org" initiative and other
>> sources of information for voters -- and how we might support their
>> efforts this election year.  There won't be much time for us to do much
>> between our May 22 meeting and the June 3 primary, but we might be able
>> to do something if anyone is interested.
>>
>>
>>         What do you think?
>>
>>
>>         Best Wishes,
>>         Spencer
>>
>>
>> _______________________________________________
>> sosfbay-discuss mailing list
>> sosfbay-discuss at cagreens.org
>> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>

-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140422/6de73788/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 42012 bytes
Desc: not available
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140422/6de73788/attachment.jpe>

From wrolley at charter.net  Tue Apr 22 08:34:03 2014
From: wrolley at charter.net (Wes Rolley)
Date: Tue, 22 Apr 2014 08:34:03 -0700
Subject: [GPSCC-chat] Joe Romm on Earth Day.
Message-ID: <53568BEB.4070907@charter.net>

Quick summary:
> What the day --- indeed, the whole year --- should be about is not 
> creating misery upon misery for our children and their children and 
> their children, and on and on for generations (see "Is the global 
> economy a Ponzi scheme? 
> <http://thinkprogress.org/romm/2009/03/08/203784/ponzi-scheme-madoff-friedman-natural-capital-renewable-resources/>"). 
> Ultimately, stopping climate change is not about preserving the earth 
> or creation but about preserving ourselves.

Full Post on Climate Progress is here:
http://thinkprogress.org/climate/2014/04/22/3428728/rename-earth-day-2/

-- 
"Anytime you have an opportunity to make things better and you don't, 
then you are wasting your time on this Earth" - /Roberto Clemente/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140422/3ee24957/attachment.html>

From carolineyacoub at att.net  Tue Apr 22 09:34:49 2014
From: carolineyacoub at att.net (Caroline Yacoub)
Date: Tue, 22 Apr 2014 09:34:49 -0700 (PDT)
Subject: [GPSCC-chat] Speaker for May 22?
In-Reply-To: <53568028.9020603@structuremonitoring.com>
References: <5355E824.2070002@prodsyse.com>	<8D12BF6D2DBAA3A-3088-40249@webmail-m130.sysops.aol.com>	<5355F440.90702@prodsyse.com>	<8D12C0A7C50D876-ACFC-4144B@webmail-vm010.sysops.aol.com>
	<53568028.9020603@structuremonitoring.com>
Message-ID: <1398184489.17595.YahooMailNeo@web185306.mail.gq1.yahoo.com>

I'm confused--Do we or do we not have a speaker for this week's meeting?
|Caroline


________________________________
 From: Spencer Graves <spencer.graves at structuremonitoring.com>
To: perrysandy at aol.com; spencer.graves at prodsyse.com; sosfbay-discuss at cagreens.org 
Sent: Tuesday, April 22, 2014 7:43 AM
Subject: Re: [GPSCC-chat] Speaker for May 22?
 


Hi, Sandy:? 


????? Great.? Please contact him.? Could you also ask about the
      urgency of his campaign, and whether others would compare the
      urgency relative to a program on web-based voter information?? 


????? Thanks, 
????? Spencer 


p.s.? If it had already been scheduled, I would NOT ask to
      reconsider ;-)? 
?


On 4/21/2014 11:23 PM, perrysandy at aol.com wrote:

Hi Spencer,
>?
>I will contact him, I believe his campaign is time-sensitive.
>?
>?
>Sandy
>-----Original Message-----
>From: Spencer Graves <spencer.graves at prodsyse.com>
>To: perrysandy <perrysandy at aol.com>; sosfbay-discuss <sosfbay-discuss at cagreens.org>
>Sent: Mon, Apr 21, 2014 9:47 pm
>Subject: Re: [GPSCC-chat] Speaker for May 22?
>
>
>Hi, Sandy, et al.: ? 
>
>
>????? Might it be feasible to ask Brian Davis to come
                June 26 or July 24? ? 
>
>
>????? I have not yet contacted anyone about May 22, so
                we could have Brian Davis then.? However, I'd prefer to
                have something on May 22 that relates to the June 3
                election.? I don't see anything in Brian Davis' email
                suggesting that his comments would relate to anything on
                the June 3 ballot.? Therefore, my preference is to
                contact the League of Women Voters (and perhaps others)
                who could talk about the voter information available on
                the web.? If they don't respond by, say, April 26, we
                see if Brian Davis is still available for May 22.? 
>
>
>????? Thanks, 
>????? Spencer 
>????? 
>
>On 4/21/2014 9:02 PM, perrysandy at aol.com wrote:
>
>Hi Spencer,
>>?
>>Brian Davis wants to talk with us about his anti-cigarette campaign (see below).
>>?
>>?
>>?
>>Sandy
>>?
>>?
>>Dear Sandy Perry,
>>?
>>We met at the health fair on Saturday.? As I mentioned, our project, Butt Out of Our Bars, is focused on the issue of tobacco companies targeting our young adults in San Jose?s bars with major discounts like $1 packs of cigarettes which make it easy to get hooked on tobacco and hard to quit.? 
>>?
>>We are also working on the e-cigarette issue.? As you may know, e-cigarettes contain at least 10 toxic chemicals and that increasing numbers of underage youth are using them.
>>?
>>You mentioned that you may be able to give us the opportunity to speak at your meeting on April 24th.? If that is not possible, please let me know if we can present at the May 22nd meeting.? I have attached our endorsement and model support letter forms and our brochure.
>>?
>>Thank you very much for your time and consideration!
>>?
>>Sincerely,
>>?
>>?
>>Brian Davis
>>California Tobacco Control Program (CTCP)
                        Coordinator
>>39184 State Street
>>Fremont, CA 94538
>>Phone: (510) 456-3540
>>Cell: (510) 459-4122
>>Email: bdavis at tri-cityhealth.org
>>http://www.tri-cityhealth.org
>>
>>
>>-----Original Message-----
>>From: Spencer Graves <spencer.graves at prodsyse.com>
>>To: GPSCC <sosfbay-discuss at cagreens.org>
>>Sent: Mon, Apr 21, 2014 8:56 pm
>>Subject: [GPSCC-chat] Speaker for May 22?
>>
>>
>>Hello, All: Do you have suggestions for someone to invite to speak 7 - 7:30 
PM before our May 22 meeting? I'm thinking of inviting someone from the local League of Women 
Voters to talk with us about their "smartvoter.org" initiative and other 
sources of information for voters -- and how we might support their 
efforts this election year.  There won't be much time for us to do much 
between our May 22 meeting and the June 3 primary, but we might be able 
to do something if anyone is interested. What do you think? Best Wishes, Spencer  
>>_______________________________________________
sosfbay-discuss mailing list sosfbay-discuss at cagreens.org http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>

-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web: www.structuremonitoring.com 

_______________________________________________
sosfbay-discuss mailing list
sosfbay-discuss at cagreens.org
http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140422/1a224f93/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 42012 bytes
Desc: not available
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140422/1a224f93/attachment.jpe>

From spencer.graves at structuremonitoring.com  Tue Apr 22 10:01:23 2014
From: spencer.graves at structuremonitoring.com (Spencer Graves)
Date: Tue, 22 Apr 2014 10:01:23 -0700
Subject: [GPSCC-chat] Steve Raney with 350.org to speak this Thursday,
 April 24 (was:  Re:  Speaker for May 22?)
In-Reply-To: <1398184489.17595.YahooMailNeo@web185306.mail.gq1.yahoo.com>
References: <5355E824.2070002@prodsyse.com>	<8D12BF6D2DBAA3A-3088-40249@webmail-m130.sysops.aol.com>	<5355F440.90702@prodsyse.com>	<8D12C0A7C50D876-ACFC-4144B@webmail-vm010.sysops.aol.com>
	<53568028.9020603@structuremonitoring.com>
	<1398184489.17595.YahooMailNeo@web185306.mail.gq1.yahoo.com>
Message-ID: <5356A063.5090507@structuremonitoring.com>

Hi, Caroline, et al.:


       Yes.  Steve Raney with 350.org will speak on ""Strategies to 
Defeat Exxon/Koch: Politics of Federal Climate Legislation" 7 - 7:30 PM 
at the San Jos? Peace & Justice Center;  see 
"www.cagreens.org/santaclara" for an outline.


       The discussion below is about a speaker for 30 days from now, not 2.


       Spencer


On 4/22/2014 9:34 AM, Caroline Yacoub wrote:
> I'm confused--Do we or do we not have a speaker for this week's meeting?
> |Caroline
>
> ------------------------------------------------------------------------
> *From:* Spencer Graves <spencer.graves at structuremonitoring.com>
> *To:* perrysandy at aol.com; spencer.graves at prodsyse.com; 
> sosfbay-discuss at cagreens.org
> *Sent:* Tuesday, April 22, 2014 7:43 AM
> *Subject:* Re: [GPSCC-chat] Speaker for May 22?
>
> <snip>

> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org <mailto:sosfbay-discuss at cagreens.org>
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
>
>


-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:www.structuremonitoring.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140422/c41992ca/attachment.html>

From perrysandy at aol.com  Tue Apr 22 22:11:17 2014
From: perrysandy at aol.com (perrysandy at aol.com)
Date: Wed, 23 Apr 2014 01:11:17 -0400 (EDT)
Subject: [GPSCC-chat] Proposed GPSCC Agenda 4-24-14
Message-ID: <8D12CC99717650A-1458-46DF9@webmail-m216.sysops.aol.com>


Hi Everyone,

Sorry this is cutting it a little close, but here is a proposed agenda for Thursday's meeting at 7 pm at SJPJC. Please send additions or amendments. Thanks!


Sandy






Green Party Meeting  Thursday, Apr 24, 2014

 

7:00-7:30   GUESTSPEAKER:  

 

SteveRaney, Principal atCities21 in Palo Alto (350.org volunteer), will speak on  "Strategiesto Defeat Exxon/Koch: Politics of Federal Climate Legislation".  Outline:  
1) Political strategies to enact strong federal climate legislation within 36months (in the face of the overwhelming political power of the fossil fuelindustry). 
2) Strategies of 350.org, Citizens Climate Lobby, and Environmental Defense. 
3) Professor Erica Chenoweth?s dataset of past international citizen movementsshows that when 3.5% of a country?s population (11 million pro-climateAmericans) is actively involved in a movement, 80% of those movements achieve theirobjectives. 

 

7:30   Meetingstarts. Identify Facilitator, Note Taker, Vibes Watcher, Time Keeper, andAgenda Preparer for February.

 

7:40   Introductions, announcements, additions orcorrections to agenda. Agree on speaker for May 22 meeting.

 

7:55   Treasurer's report and hat passing

         

8:00   Report on climate change work. Caroline

 

8:15   Reporton single payer health care work. Andrew Hill Fair. Caroline and Sandy 

 

8:30   Report on April tabling. Junior State. GayleMcLaughlin. Other?

 

8:45   Report on Global Climate Convergence at DeAnza April 22 to May 1. Laura Wells will be there on April 28. Luis Rodriguezappearance pending. Angela Davis May 12.

 

9:05   Do we have to select delegates for the June21-22 Plenary? Is anyone even going?

 

9:15   Report on updating web site with statecandidate information. Spencer

 

9:20   Adjourn

 

 

 



 

 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140423/51e30ad0/attachment.html>

From rainbeaufriend at riseup.net  Wed Apr 23 08:06:31 2014
From: rainbeaufriend at riseup.net (Drew)
Date: Wed, 23 Apr 2014 08:06:31 -0700
Subject: [GPSCC-chat] Mo. 28th Laura Wells on Campus
In-Reply-To: <13273301c3c51ae2e4725eea78ea24b9.squirrel@fruiteater.riseup.net>
References: <13273301c3c51ae2e4725eea78ea24b9.squirrel@fruiteater.riseup.net>
Message-ID: <57391516-ddca-43c0-9984-fad38e9f5376@email.android.com>

Laura Wells, 2014 Green Party candidate for California'
 State Controller (ie. chief financial officer), will be speaking at De Anza next Monday Ap. 28, (sometime between 11 & 1, exact sched. tba), on the Campus Center patio stage, as well as classes tbd.

I know Laura personally and heartily endorse her candidacy. Please see http://www.laurawells.org/ for full info on her campaign.

Previously (2006 I believe) Laura Wells received more votes than any other California Green Party candidate running for a state office. 

Green is ... a state bank!
Drew

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140423/c4634a2a/attachment.html>

From wrolley at charter.net  Wed Apr 23 16:22:59 2014
From: wrolley at charter.net (Wes Rolley)
Date: Wed, 23 Apr 2014 16:22:59 -0700
Subject: [GPSCC-chat] Mercury News editorial: Feinstein bill risks further
 damage to Delta - San Jose Mercury News
Message-ID: <53584B53.6000002@charter.net>

Mercury News absolutely right about DiFi.

http://www.mercurynews.com/opinion/ci_25608771/mercury-news-editorial-feinstein-bill-risks-further-damage
-- 
"Anytime you have an opportunity to make things better and you don't, 
then you are wasting your time on this Earth" - /Roberto Clemente/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140423/b255fbb4/attachment.html>

From pagesincolor at yahoo.com  Wed Apr 23 16:54:46 2014
From: pagesincolor at yahoo.com (John Thielking)
Date: Wed, 23 Apr 2014 16:54:46 -0700 (PDT)
Subject: [GPSCC-chat] Mercury News editorial: Feinstein bill risks
	further damage to Delta - San Jose Mercury News
In-Reply-To: <53584B53.6000002@charter.net>
References: <53584B53.6000002@charter.net>
Message-ID: <1398297286.52011.YahooMailNeo@web161905.mail.bf1.yahoo.com>

This article is ok. I really wanted to comment on the editorial in favor of GMO labeling, but I don't see a box where I can enter any comments. It is obvious why a CA bill can not address the issue of the labeling of alcohol. That decision is handled by the federal govt, not the states.? We went over this issue when prop 37 was up for discussion.

John Thielking




________________________________
 From: Wes Rolley <wrolley at charter.net>
To: Post South SF Bay discuss <sosfbay-discuss at cagreens.org> 
Sent: Wednesday, April 23, 2014 4:22 PM
Subject: [GPSCC-chat] Mercury News editorial: Feinstein bill risks further damage to Delta - San Jose Mercury News
 


Mercury News absolutely right about DiFi.

http://www.mercurynews.com/opinion/ci_25608771/mercury-news-editorial-feinstein-bill-risks-further-damage

-- 
"Anytime you have an opportunity to make things better and you
      don't, then you are wasting your time on this Earth"
      - Roberto Clemente
_______________________________________________
sosfbay-discuss mailing list
sosfbay-discuss at cagreens.org
http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140423/85d0f509/attachment.html>

From WB4D23 at aol.com  Wed Apr 23 17:29:48 2014
From: WB4D23 at aol.com (WB4D23 at aol.com)
Date: Wed, 23 Apr 2014 20:29:48 -0400 (EDT)
Subject: [GPSCC-chat] Proposed GPSCC Agenda 4-24-14
Message-ID: <af9ad.b3a89cb.4089b4fc@aol.com>

In the past, we have tabled at the Berryessa Arts & Wine  Festival on the 
Saturday before Mother's Day (in May).  
Have we stopped doing that?  Have we gotten an invite to  table 
as we have for years?  Warner
 
 
In a message dated 4/22/2014 10:11:50 P.M. Pacific Daylight Time,  
perrysandy at aol.com writes:

Hi Everyone,
 
Sorry this is cutting it a little close, but here is a proposed agenda  for 
Thursday's meeting at 7 pm at SJPJC. Please send additions or amendments.  
Thanks!
 
 
Sandy

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140423/721916a3/attachment.html>

From spencer.graves at prodsyse.com  Wed Apr 23 21:39:20 2014
From: spencer.graves at prodsyse.com (Spencer Graves)
Date: Wed, 23 Apr 2014 21:39:20 -0700
Subject: [GPSCC-chat] Proposed GPSCC Agenda 4-24-14
In-Reply-To: <8D12CC99717650A-1458-46DF9@webmail-m216.sysops.aol.com>
References: <8D12CC99717650A-1458-46DF9@webmail-m216.sysops.aol.com>
Message-ID: <53589578.5030302@prodsyse.com>

Below please find a slight revision to Sandy's agenda.  See you tomorrow 
evening.  Spencer


On 4/22/2014 10:11 PM, perrysandy at aol.com wrote:
> *Green Party Meeting  Thursday, Apr 24, 2014*
> 7:00-7:30 GUEST SPEAKER*: *
> **
> *Steve Raney*, Principal at Cities21 in Palo Alto (350.org volunteer), 
> will speak on  "Strategies to Defeat Exxon/Koch: Politics of Federal 
> Climate Legislation". Outline:
> 1) Political strategies to enact strong federal climate legislation 
> within 36 months (in the face of the overwhelming political power of 
> the fossil fuel industry).
> 2) Strategies of 350.org, Citizens Climate Lobby, and Environmental 
> Defense.
> 3) Professor Erica Chenoweth's dataset of past international citizen 
> movements shows that when 3.5% of a country's population (11 million 
> pro-climate Americans) is actively involved in a movement, 80% of 
> those movements achieve their objectives. 
> <http://kerrigon.blogspot.com/2013/12/11-million-americans-can-save-climate.html?view=sidebar>
> 7:30 Meeting starts. Identify Facilitator, Note Taker, Vibes Watcher, 
> Time Keeper, and Agenda Preparer for February.
> 7:40 Introductions, announcements, additions or corrections to agenda. 
> Agree on speaker for May 22 meeting.
> 7:55 Treasurer's report and hat passing
> 8:00 Report on climate change work. Caroline
> 8:15Report on single payer health care work. Andrew Hill Fair. 
> Caroline and Sandy
> 8:30Report on April tabling. Junior State. Gayle McLaughlin. Other?
> 8:45Report on Global Climate Convergence at De Anza April 22 to May 1. 
> Laura Wells will be there on April 28. Luis Rodriguez appearance 
> pending. Angela Davis May 12.
> 9:05Do we have to select delegates for the June 21-22 Plenary? Is 
> anyone even going?
> 9:15  Proposed:  The Green party of Santa Clara County endorses the 
> campaign by "tri-cityhealth.org" to get San Jos? to pass an ordinance 
> to "Stop Big Tobacco from Targeting our Young People in San Jose's Bars".


> 9:25 Report on updating web site with state candidate information. Spencer
> 9:30Adjourn
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss


-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140423/1c658da5/attachment.html>

From spencer.graves at prodsyse.com  Wed Apr 23 21:47:11 2014
From: spencer.graves at prodsyse.com (Spencer Graves)
Date: Wed, 23 Apr 2014 21:47:11 -0700
Subject: [GPSCC-chat] Proposed: SC Greens to support the Tri-cityhealth.org
 initiative to "Kick Big Tobacco Out of Our Bars"
Message-ID: <5358974F.1080103@prodsyse.com>

Hello, All:


The agenda for tomorrow's meeting includes a proposal to endorse an 
initiative to ask the San Jos? City Council to support an ordinance 
banning big tobacco from distributing cheap cigarettes at bars -- and to 
place a statement to the effect on our web site. I expect this will be a 
"no brainer".


However, I thought you might like to know about this campaign so those 
of you who live in San Jos? can contact your City Council representative 
about this.


BACKGROUND:

Every week, representatives of tobacco companies visit many of San 
Jose?s bars, where they offer $1 packs of cigarettes and other major 
discounts that hook our young people and make it harder to quit. The 
Butt Out of Our Bars Campaign is working to pass an ordinance that would 
add San Jose to the list of other Bay Area cities (San Francisco, 
Oakland, Hayward, Fremont and many others) that have passed laws keeping 
Big Tobacco out of their bars.
Tobacco companies know that young people especially are ?price 
sensitive,? meaning that they are more likely to smoke and less likely 
to quit if they can get super cheap cigarettes. Big Tobacco is willing 
to sell their product for less now so they can addict more customers for 
life.
This may seem like a ?no brainer? but Mayor Reed and the Council will 
not take action unless they know that the community cares about this 
blatant targeting of our young people. Please help us convince the City 
to protect the health of San Jose?s youth!
The most important people to contact right now are the members of the 
Rules Committee, which may be considering our proposal in late May. 
Please contact them and tell them to ?Keep Big Tobacco representatives 
and their $1 cigarette pack offers away from our young adults in the bars.?
Thanks for helping!

Rules Committee Members
Mayor Chuck Reed ? (408) 535-4800 -- mayoremail at sanjoseca.gov
Vice Mayor Madison Nguyen (District 7) ? (408) 535-4907 -- 
district7 at sanjoseca.gov
Councilmember Pete Constant (District 1) ? (408) 535-4901 ? 
district1 at sanjoseca.gov
Councilmember Pierluigi Oliverio (District 6) ? (408) 535-4906 -- 
Pierluigi.Oliverio at sanjoseca.gov
(Alternate) Councilmember Rose Herrera (District 8) ? (408) 535-4908 -- 
district8 at sanjoseca.gov


Brian Davis
California Tobacco Control Program (CTCP) Coordinator
39184 State Street
Fremont, CA 94538



-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com



From rainbeaufriend at riseup.net  Wed Apr 23 22:47:22 2014
From: rainbeaufriend at riseup.net (Drew)
Date: Wed, 23 Apr 2014 22:47:22 -0700
Subject: [GPSCC-chat] Proposed: SC Greens to support the
	Tri-cityhealth.org initiative to "Kick Big Tobacco Out of Our Bars"
In-Reply-To: <5358974F.1080103@prodsyse.com>
References: <5358974F.1080103@prodsyse.com>
Message-ID: <c451ec3c-3227-4ada-9b05-6c479ce2df6b@email.android.com>

Excellent idea in my opinion (though i don't currently serve on the Council).

Green is GO!
Drew
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140423/49e2ba1c/attachment.html>

From rainbeaufriend at riseup.net  Wed Apr 23 22:55:26 2014
From: rainbeaufriend at riseup.net (Drew)
Date: Wed, 23 Apr 2014 22:55:26 -0700
Subject: [GPSCC-chat] Green SoS candidate excluded.from debate
In-Reply-To: <CAHPiNOi3pguQfpRvELigGNvDXeSAS1vTb5FVtw=s4iL+8MHfdQ@mail.gmail.com>
References: <CAHPiNOi3pguQfpRvELigGNvDXeSAS1vTb5FVtw=s4iL+8MHfdQ@mail.gmail.com>
Message-ID: <6b8c6006-91fa-4735-9366-e5408cd63d94@email.android.com>




-------- Original Message --------
From: David Curtis <apparatuslv at gmail.com>
Sent: April 23, 2014 7:17:17 PM PDT
To: GPCA member general discussion <gpca-forum at cagreens.org>
Subject: Re: [gpca-forum] David in the LA Times AGAIN TODAY

Green Party Candidate Left Out of Press Club Debate http://
go.fox40.com/1hqhM4J  <http://t.co/dwjAMZU6t1> via
@FOX40<https://twitter.com/FOX40>


On Wed, Apr 23, 2014 at 2:35 PM, Marnie Glickman
<marnie.glickman at gmail.com>wrote:

> WHAT'S A CA CALIFORNIA GREEN PARTY CANDIDATE GOT TO DO TO GET A LITTLE
> RESPECT?
>
>
> http://www.latimes.com/opinion/opinion-la/la-ol-can-a-green-party-candidate-break-the-political-glass-ceiling-20140423,0,619214.story#axzz2zfOSFyn1
>
> --
>
>
> Marnie Glickman
> 415.259.7121
>
>
>
> _______________________________________________
> gpca-forum mailing list
> gpca-forum at cagreens.org
> http://lists.cagreens.org/mailman/listinfo/gpca-forum
>
>


-- 
*David Curtis*
Secretary, Marin County Green Party
CA Secretary of State Candidate 2014
member of the GPUS

follow me on Twitter @dc_us
http://www.votedavidcurtis.org/


------------------------------------------------------------------------

_______________________________________________
gpca-forum mailing list
gpca-forum at cagreens.org
http://lists.cagreens.org/mailman/listinfo/gpca-forum

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140423/758fcaf8/attachment.html>

From andi at wrytor.com  Thu Apr 24 11:42:57 2014
From: andi at wrytor.com (Andrea Dorey)
Date: Thu, 24 Apr 2014 11:42:57 -0700
Subject: [GPSCC-chat] Agenda for SCCGP meeting?
Message-ID: <79AF0238-4FE5-44E7-BEC3-25C07674BDD9@wrytor.com>

Sandy,

I don't seem to be on the list for agenda.

Please add:

?Final report for new Lundy Main PO address for SCCGP

?Possible return to video discussions on Green related topics (traditionally held at Caroline Yacoub's home)

Question:  will we be getting an update on the USGS version of waters rising due to climate change?

Thanks,
Andrea
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140424/30638972/attachment.html>

From snug.bug at hotmail.com  Thu Apr 24 12:32:37 2014
From: snug.bug at hotmail.com (Brian)
Date: Thu, 24 Apr 2014 12:32:37 -0700
Subject: [GPSCC-chat] Inequality for All Tonight in Palo Alto
Message-ID: <BAY177-W38B42020D93D27B6C372199E5B0@phx.gbl>

7:30 

Baptist Church at 305 N. California Ave   (Coming north on Alma Street/Central Expressway, 
turn right on N. California soon after you cross Oregon Ave./Page Mill Road)

Essential viewing.

http://www.peaceandjustice.org/inequality-for-all/
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140424/4335b746/attachment.html>

From perrysandy at aol.com  Thu Apr 24 18:18:09 2014
From: perrysandy at aol.com (perrysandy at aol.com)
Date: Thu, 24 Apr 2014 21:18:09 -0400 (EDT)
Subject: [GPSCC-chat] Final Agenda for GPSCC April 24
In-Reply-To: <79AF0238-4FE5-44E7-BEC3-25C07674BDD9@wrytor.com>
References: <79AF0238-4FE5-44E7-BEC3-25C07674BDD9@wrytor.com>
Message-ID: <8D12E3B5A792BCC-848-CEBE@webmail-va031.sysops.aol.com>


 
Green PartyMeeting Thursday, Apr 24, 2014
7:00-7:30   GUESTSPEAKER:  
Steve Raney, Principal at Cities21 in Palo Alto (350.org volunteer), willspeak on  "Strategies to Defeat Exxon/Koch: Politics of FederalClimate Legislation".  Outline: 
1) Political strategies to enact strong federal climate legislation within 36months (in the face of the overwhelming political power of the fossil fuelindustry). 
2) Strategies of 350.org, Citizens Climate Lobby, and Environmental Defense. 
3) Professor Erica Chenoweth?s dataset of past international citizen movementsshows that when 3.5% of a country?s population (11 million pro-climateAmericans) is actively involved in a movement, 80% of those movements achieve theirobjectives. 
7:30   Meeting starts. Identify Facilitator, Note Taker,Vibes Watcher, Time Keeper, and Agenda Preparer for February.
7:40   Introductions,announcements, additions or corrections to agenda. Agree on speakerfor May 22 meeting.
7:50   Treasurer'sreport and hat passing
7:55   Final report on LundyP.O. Box. Andrea
8:00   Report onclimate change work. Caroline
8:15   Report on singlepayer health care work. Andrew Hill Fair. Caroline and Sandy 
8:30   Report on Apriltabling. Junior State. Gayle McLaughlin. Earth Day SJSU. Other?
8:45   Report on GlobalClimate Convergence at De Anza April 22 to May 1. 
9:05   Do we have to selectdelegates for the June 21-22 Plenary? Is anyone even going?
9:15  Proposed:  The Green party of Santa Clara Countyendorses the campaign by "tri-cityhealth.org" to get San Jos? to passan ordinance to "Stop Big Tobacco from Targeting our Young People in SanJose?s Bars".  
9:20 Report on updating web site with state candidate information. Spencer
9:25   Letter-writing atCaroline?s house. Caroline 
9:30   Video discussions onGreen-related topics. Andrea
9:35   Adjourn
 
 

 
 
-----Original Message-----
From: Andrea Dorey <andi at wrytor.com>
To: sosfbay-discuss <sosfbay-discuss at cagreens.org>
Cc: Sandy Perry <perrysandy at aol.com>
Sent: Thu, Apr 24, 2014 11:43 am
Subject: Agenda for SCCGP meeting?


Sandy,


I don't seem to be on the list for agenda.


Please add:


?Final report for new Lundy Main PO address for SCCGP


?Possible return to video discussions on Green related topics (traditionally held at Caroline Yacoub's home)


Question:  will we be getting an update on the USGS version of waters rising due to climate change?


Thanks,
Andrea

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140424/4a7c9e54/attachment.html>

From spencer.graves at prodsyse.com  Thu Apr 24 23:12:40 2014
From: spencer.graves at prodsyse.com (Spencer Graves)
Date: Thu, 24 Apr 2014 23:12:40 -0700
Subject: [GPSCC-chat] minutes of April 24 meeting of the Green Party of
	Santa Clara County
In-Reply-To: <8D12E3B5A792BCC-848-CEBE@webmail-va031.sysops.aol.com>
References: <79AF0238-4FE5-44E7-BEC3-25C07674BDD9@wrytor.com>
	<8D12E3B5A792BCC-848-CEBE@webmail-va031.sysops.aol.com>
Message-ID: <5359FCD8.4070702@prodsyse.com>

Please reply to all with any additions or corrections.  Spencer


On 4/24/2014 6:18 PM, perrysandy at aol.com wrote:
> *Green Party Meeting Thursday, Apr 24, 2014*
> 7:00-7:30 GUEST SPEAKER*: *
> *Steve Raney*, Principal at Cities21 in Palo Alto (350.org volunteer), 
> will speak on  "Strategies to Defeat Exxon/Koch: Politics of Federal 
> Climate Legislation". Outline:
> 1) Political strategies to enact strong federal climate legislation 
> within 36 months (in the face of the overwhelming political power of 
> the fossil fuel industry).
> 2) Strategies of 350.org, Citizens Climate Lobby, and Environmental 
> Defense.
> 3) Professor Erica Chenoweth's dataset of past international citizen 
> movements shows that when 3.5% of a country's population (11 million 
> pro-climate Americans) is actively involved in a movement, 80% of 
> those movements achieve their objectives. 
> <http://kerrigon.blogspot.com/2013/12/11-million-americans-can-save-climate.html?view=sidebar>
> 7:30 Meeting starts. Identify Facilitator: Sandy


> Note Taker:  Spencer


> Vibes Watcher:  John


> Time Keeper:  John


> and Agenda Preparer for May: Caroline

> 7:40 Introductions:

       Caroline Yacoub


        Betsy, on County Council


       Peter O'Reilly:  for Diane Richy.  Labor event at Apple, May 2.  
at 12, meet at BJs.  Organized by Working Partnerships USA. Sat. May 3, 
program for Lynn Stuart.


        Sandy Perry


       John Thielking went to the Staple's protest also.  Wants help to 
analyze the veracity of that vast amounts of carbon can be sequestered 
using organic agriculture, came out of April 18 discussion on Tom 
Hartman's show (Big Picture RT).


       Andrea Dorey.  Supports Nader.  Read "Only the super rich can 
save us" (fiction)


       Max, student at DeAnza


       Blair.


        Spencer


       Drew:  Started the DeAnza Green party with Sandy.


> , announcements, additions or corrections to agenda. Agree on speaker 
> for May 22 meeting:


       Sandy will invite Brian Davis.


> 7:50 Treasurer's report and hat passing


> 7:55Final report on Lundy P.O. Box. Andrea:


       Green Party of Santa Clara County
       PO Box 611083, San Jos?, CA 95161-1083


       $56 for 2 years.


       SG to put the new address on the web site and ask Brian Davis 
where he got the old address.


       Forwarding:  First class until April 13, 2015;  newspapers and 
magazines in June 12, 2014.


> 8:00 Report on climate change work. Caroline


       The news story on the demonstration in Richmond distorted the 
purpose:  The announced purpose was to protest global warming and 
Keystone XL.  The news said it was a memorial for the accident last year.


       350.org has several groups divestment, fracking, and other 
themes.  See "350.org" for details on which groups they have and when 
and where they meet.  Caroline likes their energy and attitude.  We need 
people attending there to help build coalition.


       Sandy agrees:  We need to join other coalitions.


       Max joined "Wage Theft" coalition.


> 8:15Report on single payer health care work. Andrew Hill Fair. 
> Caroline and Sandy


       Caroline is so thrilled:  at the Health Fair this year, they had 
for the lunch pizza, plant based, no GMO, vegan, ... .... "Plant Based 
Pizza" on Meridian & Willow.  The attendees were very happy and positive 
about our candidates.  People took our 4-candidate fliers.  The speakers 
started late and some of them (including Sandy) did not get to speak.  
It was a very good effective event for Single Payer and for the Green 
tabling.  3 new languages added to the Green Party sign.



       We had a great month tabling.


> 8:30Report on April tabling. Junior State.



       Caroline also liked Junior State the week before.  Made many 
buttons.  Someone told John that he actually used peacemovies.com. 
Collected $32.


> Gayle McLaughlin.


       The Green party was mentioned many times.  She described what 
they did, how they did it:  The Richmond Progressive Alliance coalition 
of Greens and anti-corporate Democrats.


> Earth Day SJSU. Other?


       Tian went.  They had plenty of literature, buttons.  Could not 
find the banner.  Otherwise it was great.  Tian's hat was hemp, and one 
guys shoes were hemp.  John helped.  Called into Tom Hartman's radio 
show, plugged our 4 candidates for state office.


       Collected $12.


       Annual COPE (Committee on Political Education of the South Bay 
Labor Council) at a San Jos? Convention Center:  Pete was escorted out.  
They also asked Sandy to leave.


       Pete has talked with Zoe about the Ukraine.  She verbally said 
that if Russia invaded, NATO should also.  She was not that strong in a 
letter.


> 8:45Report on Global Climate Convergence at De Anza April 22 to May 1.


       Jill Stein has called for an "Earth Day to May Day" Global 
Climate Convergence.


       Span of control is key in organizational development theory.  
There must be about 20 Democratic clubs.


Immigration rights march on May 1.


        What about Cinco de Mayo?  Not so political.  More of a 
non-political party.  Cancelled in the past because of riots.


       Drew will provide info later about a disability pride parade on 
19 July from the train station to City Hall in Mt. View.


       Mayor of Albany, CA, is paying homeless $3K to move someplace else.


> 9:05Do we have to select delegates for the June 21-22 Plenary? Is 
> anyone even going?


       Drew would like to go.  Santa Barbara.


> 9:15Proposed:The Green party of Santa Clara County endorses the 
> campaign by "tri-cityhealth.org" to get San Jos? to pass an ordinance 
> to "Stop Big Tobacco from Targeting our Young People in San Jose's Bars".


       Consensus on endorsing.


What letters do we write?


       John will draft a letter to the City Council on this.



> 9:20 Report on updating web site with state candidate information. Spencer


       Tian will help make a 5-candidate flier.  Sandy will look for 
more info.  Jena Goodman, Lt. Gov.

> 9:25Letter-writing at Caroline's house. Caroline


       Caroline will write  a physical letter.  Caroline would like to 
organize a letter writing day at her house.  She will provide the 
postage.  next Wednesday, April 30, noon.  323 N. Murphy Ave., Svle.


> 9:30Video discussions on Green-related topics. Andrea


       Caroline and Andrea will take the next step.


> 9:35Adjourn
> -----Original Message-----
> From: Andrea Dorey <andi at wrytor.com>
> To: sosfbay-discuss <sosfbay-discuss at cagreens.org>
> Cc: Sandy Perry <perrysandy at aol.com>
> Sent: Thu, Apr 24, 2014 11:43 am
> Subject: Agenda for SCCGP meeting?
>
> Sandy,
>
> I don't seem to be on the list for agenda.
>
> Please add:
>
> *---Final report for new Lundy Main PO address for SCCGP*
>
> *---Possible return to video discussions on Green related topics 
> (traditionally held at Caroline Yacoub's home)*
>
> Question:  will we be getting an update on the USGS version of waters 
> rising due to climate change?
>
> Thanks,
> Andrea
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss


-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140424/9605de1a/attachment.html>

From snug.bug at hotmail.com  Fri Apr 25 08:35:25 2014
From: snug.bug at hotmail.com (Brian)
Date: Fri, 25 Apr 2014 08:35:25 -0700
Subject: [GPSCC-chat] Net Neutrality Action Page
Message-ID: <BAY177-W4173274EB851E4607F57059E5A0@phx.gbl>

The Obama administration stabs us in the back again.

http://www.savetheinternet.com/what-can-i-do
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140425/5b9d9681/attachment.html>

From wrolley at charter.net  Fri Apr 25 09:26:32 2014
From: wrolley at charter.net (Wes Rolley)
Date: Fri, 25 Apr 2014 09:26:32 -0700
Subject: [GPSCC-chat] Earth Day's past
Message-ID: <535A8CB8.4060200@charter.net>

It is great that Santa Clara Greens participated in so many Earth Day 
activities.   The linked video gives you a good glimpse of Earth Days 
past and an indication of just how much we have lost due to the current 
polarization of the Congress.

http://www.hulu.com/watch/67649

Notes:
During the first Earth Day, part of the activities at San Jose State was 
the burial of a Volkswagen.
Pete McCloskey was a congressman from Santa Clara / San Mateo County.
Not mentioned in this video clip was the fact that Hayes and his 
organization named a "Dirty Dozen" of Congress Critters (2 Democrats and 
10 Republicans) of which the 2 Democrats were primaried out and 5 of the 
10 Republicans were defeated in the next election.
-- 
"Anytime you have an opportunity to make things better and you don't, 
then you are wasting your time on this Earth" - /Roberto Clemente/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140425/de9e9a44/attachment.html>

From andi at wrytor.com  Fri Apr 25 11:36:02 2014
From: andi at wrytor.com (Andrea Dorey)
Date: Fri, 25 Apr 2014 11:36:02 -0700
Subject: [GPSCC-chat] minutes of April 24 meeting of the Green Party of
	Santa Clara County
In-Reply-To: <5359FCD8.4070702@prodsyse.com>
References: <79AF0238-4FE5-44E7-BEC3-25C07674BDD9@wrytor.com>
	<8D12E3B5A792BCC-848-CEBE@webmail-va031.sysops.aol.com>
	<5359FCD8.4070702@prodsyse.com>
Message-ID: <29A512D6-1FB5-4570-820C-1D990D5CD4CB@wrytor.com>

One important proposal was made that the USGS map be made available for any and all tabling events by the Green Party in order to get the rising waters issue to as many people as possible.  There was an informal consensus to the proposal.  The map was taken home by Drew.  

Also, the banner is usually with Caroline, and has been a favorite with the thousands of people encountered at tabling events over the years.  Caroline is seeking more languages and always presents it as an example of the Green Party's global political presence and interest in the rights of all peoples.

[Some ideas not on the agenda but brought up at meetings deserve to be noted.  Andrea]

On Apr 24, 2014, at 11:12 PM, Spencer Graves wrote:

> Please reply to all with any additions or corrections.  Spencer 
> 
> 
> On 4/24/2014 6:18 PM, perrysandy at aol.com wrote:
>>  
>> Green Party Meeting Thursday, Apr 24, 2014
>> 7:00-7:30   GUEST SPEAKER: 
>> Steve Raney, Principal at Cities21 in Palo Alto (350.org volunteer), will speak on  "Strategies to Defeat Exxon/Koch: Politics of Federal Climate Legislation".  Outline:  
>> 1) Political strategies to enact strong federal climate legislation within 36 months (in the face of the overwhelming political power of the fossil fuel industry). 
>> 2) Strategies of 350.org, Citizens Climate Lobby, and Environmental Defense. 
>> 3) Professor Erica Chenoweth?s dataset of past international citizen movements shows that when 3.5% of a country?s population (11 million pro-climate Americans) is actively involved in a movement, 80% of those movements achieve their objectives. 
>> 7:30   Meeting starts. Identify Facilitator:  Sandy 
> 
> 
>> Note Taker:  Spencer 
> 
> 
>> Vibes Watcher:  John 
> 
> 
>> Time Keeper:  John 
> 
> 
>> and Agenda Preparer for May: Caroline 
> 
>> 7:40   Introductions:  
> 
>       Caroline Yacoub
> 
> 
>        Betsy, on County Council 
> 
> 
>       Peter O'Reilly:  for Diane Richy.  Labor event at Apple, May 2.  at 12, meet at BJs.  Organized by Working Partnerships USA.  Sat. May 3, program for Lynn Stuart.    
> 
> 
>        Sandy Perry 
> 
> 
>       John Thielking went to the Staple's protest also.  Wants help to analyze the veracity of that vast amounts of carbon can be sequestered using organic agriculture, came out of April 18 discussion on Tom Hartman's show (Big Picture RT).  
> 
> 
>       Andrea Dorey.  Supports Nader.  Read "Only the super rich can save us" (fiction)  
> 
> 
>       Max, student at DeAnza 
> 
> 
>       Blair.  
> 
> 
>        Spencer 
> 
> 
>       Drew:  Started the DeAnza Green party with Sandy.  
> 
> 
>> , announcements, additions or corrections to agenda. Agree on speaker for May 22 meeting: 
> 
> 
>       Sandy will invite Brian Davis.  
>       
> 
>> 7:50   Treasurer's report and hat passing
> 
> 
>> 7:55   Final report on Lundy P.O. Box. Andrea: 
> 
> 
>       Green Party of Santa Clara County 
>       PO Box 611083, San Jos?, CA 95161-1083 
>       
> 
>       $56 for 2 years
	charged on Andrea's Visa and is to be reimbursed by Treasurer.
>  
> 
> 
>       SG to put the new address on the web site and ask Brian Davis where he got the old address. 
	Caroline says the address is still on our old brochures, etc., and needs to be changed.  Andrea suggested a stamper be made to make the change and 		also could be used on envelopes.  No objections; ALD will do that.  A printing party will be organized.
> 
> 
>       Forwarding:  First class until April 13, 2015;  newspapers and magazines in June 12, 2014.  
> 
> 
>> 8:00   Report on climate change work. Caroline
> 
> 
>       The news story on the demonstration in Richmond distorted the purpose:  The announced purpose was to protest global warming and Keystone XL.  The news said it was a memorial for the accident last year.  
> 
> 
>       350.org has several groups divestment, fracking, and other themes.  See "350.org" for details on which groups they have and when and where they meet.  Caroline likes their energy and attitude.  We need people attending there to help build coalition.  
> 
> 
>       Sandy agrees:  We need to join other coalitions.  
> 
> 
>       Max joined "Wage Theft" coalition.  
> 
> 
>> 8:15   Report on single payer health care work. Andrew Hill Fair. Caroline and Sandy
> 
> 
>       Caroline is thrilled:  at the Health Fair this year, they had for the lunch pizza, plant based, no GMO, vegan, ... .... "Plant Based Pizza" on Meridian & Willow.  The attendees were very happy and positive about our candidates.  People took our 4-candidate fliers.  The speakers started late and some of them (including Sandy) did not get to speak.  It was a very good effective event for Single Payer and for the Green tabling.  3 new languages added to the Green Party sign and 5 or more voting registrations were given out.
> 
> 
> 
>       We had a great month tabling.  
> 
> 
>> 8:30   Report on April tabling. Junior State.
> 
> 
> 
>       Caroline also liked Junior State the week before.  Made many buttons.  Someone told John that he actually used peacemovies.com.  Collected $32.  
> 
> 
>> Gayle McLaughlin.
> 
> 
>       The Green party was mentioned many times.  She described what they did, how they did it:  The Richmond Progressive Alliance coalition of Greens and anti-corporate Democrats.  
> 
> 
>> Earth Day SJSU. Other?
> 
> 
>       Tian went.  They had plenty of literature, buttons.  Could not find the banner.  Otherwise it was great.  Tian's hat was hemp, and one guy's shoes were hemp.  John helped.  Called into Tom Hartman's radio show, plugged our 4 candidates for state office.  
> 
> 
>       Collected $12. 
> 
> 
>       Annual COPE (Committee on Political Education of the South Bay Labor Council) at a San Jos? Convention Center:  Pete was escorted out.  They also asked Sandy to leave.  
> 
> 
>       Pete has talked with Zoe Lofgren about the Ukraine.  She verbally said that if Russia invaded, NATO should also.  She was not that strong in a letter.  
> 
> 
>> 8:45   Report on Global Climate Convergence at De Anza April 22 to May 1. 
> 
> 
>       Jill Stein has called for an "Earth Day to May Day" Global Climate Convergence.  
> 
> 
>       Span of control is key in organizational development theory.  There must be about 20 Democratic clubs.  
>    
> 
>       Immigration rights march on May 1.  Noted that this is international Labor Day.
>   
> 
>        What about Cinco de Mayo?  Not so political.  More of a non-political event, and cancelled in the past because of riots, according to a few people.  
> 
> 
>       Drew will provide info later about a disability pride parade on 19 July from the train station to City Hall in Mt. View.  
> 
> 
>       Mayor of Albany, CA, is paying homeless $3K to move someplace else.  
>   
> 
>> 9:05   Do we have to select delegates for the June 21-22 Plenary? Is anyone even going?
> 
> 
>       Drew would like to go.  Santa Barbara.  
>      
> 
>> 9:15  Proposed:  The Green Party of Santa Clara County endorses the campaign by "tri-cityhealth.org" to get San Jos? to pass an ordinance to "Stop Big Tobacco from Targeting our Young People in San Jose?s Bars".  Some in the group plan to write individual personal letters.
> 
> 
>       Consensus on endorsing.  
> 
> 
>       What letters do we write?  
> 
> 
>       John will draft a letter to the City Council on this.  
> 
>       
> 
>> 9:20  Report on updating web site with state candidate information. Spencer
> 
> 
>       Tian will help make a 5-candidate flier.  Sandy will look for more info.  Jena Goodman, Lt. Gov.  
>       
>> 9:25   Letter-writing at Caroline?s house. Caroline 
> 
> 
>       Caroline will write  a physical letter.  Caroline would like to organize a letter writing day at her house.  She will provide the postage.  Next Wednesday, April 30, noon.  323 N. Murphy Ave., Sunnvale.  
> 
> 
>> 9:30   Proposed video discussions on Green-related topics. Andrea
> 
> 	Proposal was to reinstate the popular video showings at Caroline's home;  included potluck food with discussions.
>       	
> 	Caroline and Andrea will take the next step, which to date may be next  Wednesday.  Info to be sent soon, and all interested are invited.
> 
> 
>> 9:35   Adjourn
>>  
>>  
>>  
>>  
>> -----Original Message-----
>> From: Andrea Dorey <andi at wrytor.com>
>> To: sosfbay-discuss <sosfbay-discuss at cagreens.org>
>> Cc: Sandy Perry <perrysandy at aol.com>
>> Sent: Thu, Apr 24, 2014 11:43 am
>> Subject: Agenda for SCCGP meeting?
>> 
>> Sandy,
>> 
>> I don't seem to be on the list for agenda.
>> 
>> Please add:
>> 
>> ?Final report for new Lundy Main PO address for SCCGP
>> 
>> ?Possible return to video discussions on Green related topics (traditionally held at Caroline Yacoub's home)
>> 
>> Question:  will we be getting an update on the USGS version of waters rising due to climate change?
>> 
>> Thanks,
>> Andrea
>> 
>> 
>> _______________________________________________
>> sosfbay-discuss mailing list
>> sosfbay-discuss at cagreens.org
>> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss
> 
> 
> -- 
> Spencer Graves, PE, PhD
> President and Chief Technology Officer
> Structure Inspection and Monitoring, Inc.
> 751 Emerson Ct.
> San Jos?, CA 95126
> ph:  408-655-4567
> web:  www.structuremonitoring.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140425/e17e2c45/attachment.html>

From wrolley at charter.net  Fri Apr 25 15:49:06 2014
From: wrolley at charter.net (Wes Rolley)
Date: Fri, 25 Apr 2014 15:49:06 -0700
Subject: [GPSCC-chat] Bay Area influence on Earth Day.
Message-ID: <535AE662.5090800@charter.net>

I recently became aware of just how much the Bay Area influenced the 1st 
Earth Day.

One of the founders and the senatorial co-chair of the Earth Day 
Movement, Gaylord Nelson, while a Senator from Wisconsin, was a graduate 
of San Jose State before attending Univ. of Wisconsin Law School.

The other co-chair(House of Representatives)  was Pete McCloskey, 
Congressman from Santa Clara / San Mateo counties, Graduate Stanford U 
(1959) and Stanford Univ Law School (1953).

Denis Hayes, the coordinator for the First Earth Day and the founder of 
the Earth Day Network was hired into this job directly out of Stanford U 
where he had been Student Body President.

A humanities professor at San Jose State, John Sperling, led his 
students in burying a volkswagen as an example of how we should lower 
CO2 emissions.  He later (1976)  resigned from San Jose State and 
founded the Univ. of Phoenix.

Since then, many other leaders have come from the bay area, most notably 
the late Stephen Schneider of Stanford Univ.

Our problem is to ensure that this leadership continues.

-- 
"Anytime you have an opportunity to make things better and you don't, 
then you are wasting your time on this Earth" - /Roberto Clemente/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140425/b041aaaf/attachment.html>

From spencer.graves at structuremonitoring.com  Fri Apr 25 16:01:57 2014
From: spencer.graves at structuremonitoring.com (Spencer Graves)
Date: Fri, 25 Apr 2014 16:01:57 -0700
Subject: [GPSCC-chat] Bay Area influence on Earth Day.
In-Reply-To: <535AE662.5090800@charter.net>
References: <535AE662.5090800@charter.net>
Message-ID: <535AE965.2000303@structuremonitoring.com>

typo correction:  McClosky graduated from Stanford in 1950 (not 1959), 
then Stanford Law School in 1953, as indicated.


On 4/25/2014 3:49 PM, Wes Rolley wrote:
> I recently became aware of just how much the Bay Area influenced the 
> 1st Earth Day.
>
> One of the founders and the senatorial co-chair of the Earth Day 
> Movement, Gaylord Nelson, while a Senator from Wisconsin, was a 
> graduate of San Jose State before attending Univ. of Wisconsin Law 
> School.
>
> The other co-chair(House of Representatives)  was Pete McCloskey, 
> Congressman from Santa Clara / San Mateo counties, Graduate Stanford U 
> (1959) and Stanford Univ Law School (1953).
>
> Denis Hayes, the coordinator for the First Earth Day and the founder 
> of the Earth Day Network was hired into this job directly out of 
> Stanford U where he had been Student Body President.
>
> A humanities professor at San Jose State, John Sperling, led his 
> students in burying a volkswagen as an example of how we should lower 
> CO2 emissions.  He later (1976)  resigned from San Jose State and 
> founded the Univ. of Phoenix.
>
> Since then, many other leaders have come from the bay area, most 
> notably the late Stephen Schneider of Stanford Univ.
>
> Our problem is to ensure that this leadership continues.
>
> -- 
> "Anytime you have an opportunity to make things better and you don't, 
> then you are wasting your time on this Earth" - /Roberto Clemente/
>
>
> _______________________________________________
> sosfbay-discuss mailing list
> sosfbay-discuss at cagreens.org
> http://lists.cagreens.org/cgi-bin/mailman/listinfo/sosfbay-discuss


-- 
Spencer Graves, PE, PhD
President and Chief Technology Officer
Structure Inspection and Monitoring, Inc.
751 Emerson Ct.
San Jos?, CA 95126
ph:  408-655-4567
web:  www.structuremonitoring.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140425/e4bcf388/attachment.html>

From perrysandy at aol.com  Sun Apr 27 18:39:34 2014
From: perrysandy at aol.com (perrysandy at aol.com)
Date: Sun, 27 Apr 2014 21:39:34 -0400 (EDT)
Subject: [GPSCC-chat] Luis Rodriguez at De Anza College TOMORROW Monday at
	Noon
Message-ID: <8D13099D7CCD8B8-1518-1B9BA@webmail-m295.sysops.aol.com>


Luis Rodriguez at De Anza CollegeMonday April 28
?Imagine a New California?
Green Party-endorsed candidate for Governor and renownedauthor Luis Rodriguez will appear at De Anza College in Cupertino on Monday,April 28. Luis will speak with students and then address an audience at theCampus Center patio stage at 12 noon.
You have a real choice in the CaliforniaPrimary Election that will be held on this June 3. The Luis Rodriguez campaign has stood for immigrantrights, labor rights, universal health care, anti-fracking, pro-environment,closing prisons, opening schools, and ending poverty. You do not have tovote for ?Austerity Jerry? Brown or ?Tea Party Tim? Donnelly for Governor. 
You can vote for a candidate you believe in. The?lesser of two evils? is not good enough. Luis intends to become one of the?top two? candidates who will proceed to the November general election and confrontthe major parties over their policies of budget cuts, jails, deportations, andpoverty in the midst of plenty. 
Luis Rodriguez is the award-winning author of fifteenbooks in poetry, children?s literature, fiction and nonfiction, including thecontroversial 1993 memoir of gang life, Always Running, La Vida Loca, GangDays in L.A.. This book has sold around a half million copies and was thesubject of various banning battles in California cities such as San Jose,Fremont, Santa Rosa, Santa Barbara, and San Diego. He is co-founder of thenonprofit cultural space Tia Chucha?s Centro Cultural & Bookstore in theSan Fernando Valley.  
 
TIME:                    12 NOON, MONDAY APRIL 28
PLACE:                  CAMPUS CENTER PATIO STAGE
                                DE ANZA COLLEGE
                                21250 STEVENSCREEK BOULEVARD
                                CUPERTINO,CALIFORNIA 95014
 
http://rodriguezforgovernor.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140427/caec3192/attachment.html>

From carolineyacoub at att.net  Mon Apr 28 09:02:01 2014
From: carolineyacoub at att.net (Caroline Yacoub)
Date: Mon, 28 Apr 2014 09:02:01 -0700 (PDT)
Subject: [GPSCC-chat] letters
Message-ID: <1398700921.17704.YahooMailNeo@web185305.mail.gq1.yahoo.com>

Wednesday at noon I will be hosting a lunch and letter writing. I have writing materials, stamps, salad, bread, and cookies. I would love to have a bunch of people here to write to government officials, the Koch brothers, or anybody else you think needs to hear about climate, the pipeline, single payer health care, homelessness, or any other subject dear to your heart. Emails are too easy to ignore. Support your local post office. Send snail mail.?
Caroline
323 N. Murphy Ave.
Sunnyvale
408-530-0118
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140428/d0b59355/attachment.html>

From wrolley at charter.net  Mon Apr 28 09:58:42 2014
From: wrolley at charter.net (Wes Rolley)
Date: Mon, 28 Apr 2014 09:58:42 -0700
Subject: [GPSCC-chat] Delta Vision Foundation Survey
Message-ID: <535E88C2.8060805@charter.net>

Part of the group that created the first draft of a new vision for the 
CA Delta set up a private foundation to monitor what was happening.  
They have an online survey as to progress made to date that you can 
review at this link:
http://deltavisionfoundation.us2.list-manage.com/track/click?u=37289db013af53c1da797dc28&id=890693197d&e=e7094c39e1

I took that survey.   It asks you to rate various areas of progress 
toward meeting the original goals. It is sort of a scorecard. Each 
segment allows for some direct input (comments).  I provided the 
following as   In part 1 of the survey, I submitted the following:

> While the BDCP is required to state how these plans affect climate 
> change, in particular sea lever rise, they fail to adequately address 
> how climate change, especially sea level rise, is going to affect the 
> project.  It makes little sense to terminate the proposed tunnels at 
> the current pumping location on Clifton Forebay when that location is 
> threatened by 1 M of sea level rise during the useful life of this 
> project.  It promises to be a large short term benefit for a few with 
> long term financial implications for all.


-- 
"Anytime you have an opportunity to make things better and you don't, 
then you are wasting your time on this Earth" - /Roberto Clemente/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cagreens.org/pipermail/sosfbay-discuss_lists.cagreens.org/attachments/20140428/2b2a9945/attachment.html>

From tnharter at aceweb.com  Wed Apr 30 10:05:42 2014
From: tnharter at aceweb.com (Tian Harter)
Date: Wed, 30 Apr 2014 10:05:42 -0700
Subject: [GPSCC-chat] Luis J. Rodriguez for Governor!
Message-ID: <53612D66.6020604@aceweb.com>

Tuesday Luis J. Rodriguez spoke at De Anza college. Glad to see a Green 
candidate stumping!

http://tian.greens.org/GreenParty/California/LuisJRodriguez/index.html

-- 
Tian
http://tian.greens.org
Latest change: Added a writeup of Mayor Gayle McLaughlin's SJ visit.
There's a raven on a New York quarter in my home.