"Cypherpunks Write Code" as a Putdown
At 5:25 PM 7/20/95, Patrick J. LoPresti wrote:
If it is ever feasible to do what you suggest, someone will do it; your musings will have no effect on that. If you want to make a difference, try writing some code yourself...
I want to comment on this latest version of the "Cypherpunks write code" universal putdown. It's become common for debates on what is possible, what is likely, and what should be done for someone to "trump" the argument with the mantra of "Cypherpunks write code." In my posting on why I think Netscape and related operating environments represent the likeliest targets for widespread crypto use (the "big win" I used in my title), I did not whine that others ought to write code for me. I said that this is where users were going in massive numbers. Take it or leave it, as an analysis, but the "try writing some code" is a meaningless insult. The world is made up of bridge designers, legal experts, authors, chip designers, and on and on. Not just programmers. The line "Cypherpunks write code"--which is sometimes treated here with a reverence its origins do not support--was a reference to our view that technology, meaning actual deployment, was more important and interesting than yet more gabbing about liberty and privacy. And what is "writing code"? Is it only Perl and C? Or does defining what a remailer needs to do count as writing code? (Attendees at the first Cypherpunks meeting, almost 3 years ago, can confirm that I was the one who spend about two hours describing Chaum's mix work, and running the "remailer experiment"...we debated how a remailer could actually work, and Eric Hughes took on the task of writing the first one.) The "BlackNet" experiment I ran actually worked...the keys worked, the mechanisms worked, and the experiment has been used by many as an actual concrete illustration of how untraceable information markets will develop. An actual demonstration is worth more than mere speculation, and this was an actual demonstration. I call this "writing code," albeit not C code. (My actual code writing, in real computer languages, is oriented toward Mathematica, on my Mac, and Smalltalk Agents. Not all programming is oriented toward writing Unix tools, and I think the narrow interpretation of "Cypherpunks write code" to mean this is misleading.) In any case, even the ur-crypto hacker Zimmermann is writing very little actual code in PGP these days...does this mean he should "try writing some code" instead of doing what he apparently does best? In short, the insulting tone of many Cypherpunks these days is saddening. I plan to continue to speak my mind, to point out what I think are the more important routes to a desirable future, and to criticize what I think are dead ends and ghettoized approaches. --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@sensemedia.net | anonymous networks, digital pseudonyms, zero 408-728-0152 | knowledge, reputations, information markets, Corralitos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
-----BEGIN PGP SIGNED MESSAGE----- I have already explained my comments in another thread, but I figure I should respond to this anyway.
"tcmay" == Timothy C May <tcmay@sensemedia.net> writes:
tcmay> At 5:25 PM 7/20/95, Patrick J. LoPresti wrote:
If it is ever feasible to do what you suggest, someone will do it; your musings will have no effect on that. If you want to make a difference, try writing some code yourself...
tcmay> In my posting on why I think Netscape and related operating tcmay> environments represent the likeliest targets for widespread tcmay> crypto use (the "big win" I used in my title), I did not whine tcmay> that others ought to write code for me. I said that this is tcmay> where users were going in massive numbers. That is not all you said; you also suggested that existing interfaces for "Tin, Pine, Elm, Joe, Emacs, etc." were a waste of time. tcmay> Take it or leave it, as an analysis, but the "try writing some tcmay> code" is a meaningless insult. I have apologized for the insulting tone, but I do not feel the comment was meaningless. If you are going to criticize my development efforts, I think it is fair for me to ask, "And what have *you* done?" The point being, of course, that the criticism itself is unwarranted; not to make a meaningless insult. tcmay> In short, the insulting tone of many Cypherpunks these days is tcmay> saddening. It was a specific response to an insult of my (and others') work. Again, I apologize. tcmay> I plan to continue to speak my mind, to point out what I think tcmay> are the more important routes to a desirable future, and to tcmay> criticize what I think are dead ends and ghettoized tcmay> approaches. I would hope you would keep the forward-looking vision while ditching the critical tone. Those "ghettoized approaches" are the best we have at present, and they are responsible for the widespread use of PGP, such as it is. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.3beta, an Emacs/PGP interface iQCVAwUBMA7MWnr7ES8bepftAQHgRQP+O60BcHGWSiUETnePX9DrzDKOBfA7VNPB 900twzEO+o21RVBGMePn3zCc2Z70ejsKmgndH/EN74SWt9Ot03BWyWzIFj67BVua GhWhuyeBXTBGe3ZzfKFTmNUqKNQocj5UxD6CDj/2O5powYjYLCzKBHZTI3UGyE57 MjBY/YclZRw= =FPXO -----END PGP SIGNATURE-----
Tim May writes:
Take it or leave it, as an analysis, but the "try writing some code" is a meaningless insult. [more good comments elided]
Agreed. I concur with Tim's further comments, which I've omitted, on the meaning of "Cypherpunks write code". It's clear that the qualifications for being a critic (in the constructive sense) of activity XYZ differ from the requirements for doing XYZ, in the general case. This is the old "Oh, if you're so smart, let's see you do it better" from elementary school. Absurd. One of the primary sources of this dispute is, I think, the fact that c'punks have widely divergent target markets in mind. I was rather surprised to observe this at the last Bay Area physical meeting. Sandy moderated a prognostication session on the future of cryptoanarchy, etc. Towards the end, he asked each person to offer his/her definition of "victory" in the cryptoanarchic program. Some people were adamant that privacy would need to be widely protected across society for them to consider the project a success. Others essentially asserted that they'd be content with what I'll call "the cypherpunk community" enjoying free access to privacy-preserving tools. The various *n*x crypto tools go a long way toward satisfying one market, yet don't appear to help much with another market. So they constitute a "big win" for some c'punks, while remaining largely irrelevant for others. It would behoove c'punks on all sides not to take umbrage at others' embracing different goals. It would be great to hear persuasive arguments as to why "we" should adopt your plan, but "we" are under no obligation to be convinced, or to place any particular value on the achievement of aims we don't share with you. The significant segregation of software developers and software users onto different platforms makes the disunity of purpose much more of an issue than it would be otherwise. A conscious effort must be exerted to ensure that tools developed for the cognoscenti ;) have a chance to run on the machines owned by the rest of the multiverse. For my money, this is the best feature of platform-independent languages, etc. Ideally, Java and such will afford me the opportunity to write code for, say, the Macintosh, which could compete with native code, without my having to break down and use a Mac (gag). On a related note, this summer I've broken down and found myself developing software in Tcl under VMS. (I'm typing this on a VAXstation 4000 VLC.) Bob Snyder has recommended exmh here before, a highly MIME- and PGP-aware mailer for *n*x which is apparently built with Tcl/Tk. Apart from the discussions of possibly using Safe-Tcl for remailers, I haven't seen much talk of using Tcl/Tk for crypto apps here. Can anyone point me in the direction of work on this front, or towards reasons why Tcl/Tk seems like a poor choice ? I'm still pretty new to Tcl. -L. Futplex McCarthy <lmccarth@cs.umass.edu> "Want to put your secret files where no-one will ever be able to access them ? Try ftp://ftp.netcom.com/pub/"
Timothy C. May writes:
In my posting on why I think Netscape and related operating environments represent the likeliest targets for widespread crypto use (the "big win" I used in my title), I did not whine that others ought to write code for me. I said that this is where users were going in massive numbers.
Take it or leave it, as an analysis, but the "try writing some code" is a meaningless insult.
Some of us have spent the last several days not getting sleep and going to meetings here in Stockholm -- defining security standards, talking to Microsoft people about IPSP integration into Win '95 and Windows NT, recruiting people to work on the project we have to make sure that the IETF meeting in Dallas in a few months will have IPSP security. We hope to have the whole infrastructure of the internet encrypted within a year or two. I believe that between IPSP for the links and MOSS (and SHTTP using MOSS for document security) we should have the whole thing wrapped up in a couple of years. Problems still to solve include security for the internet's routing protocols, protection against denial of service attacks, etc. Remailers and the like are still worthwhile areas for effort, of course, but I think of those of applications of the secure infrastructure. Those people who would rather work than talk are invited to start reading the internet drafts (some of which are soon to be RFCs) and help out with the effort. I suspect that a big push from about 25 people could manage to implment just about everything we want and then we could go on and live the rest of our lives. There is a lot of real hard work to do in the next year or two and I invite members of the community to quit waiting for the CryptoRapture in which the X-Ists bring down the cypher systems of the future, and help us actually do the job so that we'll see this stuff in our lifetime. Perry
Perry writes:
I believe that between IPSP for the links and MOSS (and SHTTP using MOSS for document security) we should have the whole thing wrapped up in a couple of years. Problems still to solve include security for the internet's routing protocols, protection against denial of service attacks, etc.
Could someone say a bit more about the perceived difficulties associated with secure network routing protocols ? TIA. I am not at all optimistic about defeating DoS attacks.... [...]
Those people who would rather work than talk are invited to start reading the internet drafts (some of which are soon to be RFCs) and help out with the effort. I suspect that a big push from about 25 people could manage to implment just about everything we want and then we could go on and live the rest of our lives.
There is a lot of real hard work to do in the next year or two and I invite members of the community to quit waiting for the CryptoRapture in which the X-Ists bring down the cypher systems of the future, and help us actually do the job so that we'll see this stuff in our lifetime.
(just felt this was worth quoting) -Futplex <futplex@pseudonym.com>
Perry writes:
I believe that between IPSP for the links and MOSS (and SHTTP using MOSS for document security) we should have the whole thing wrapped up in a couple of years. Problems still to solve include security for the internet's routing protocols, protection against denial of service attacks, etc.
Could someone say a bit more about the perceived difficulties associated with secure network routing protocols ? TIA.
I am not at all optimistic about defeating DoS attacks....
It seems to me that many of these attacks can be defeated by anti-spam routines (with exponential time buildup) and economic mechanisms. That is, you pay "credits", which can possibly be based on real money, for each access. When you use them up, you must contact the service to request more. Coupled with authentication, this makes DoS tough because you must request more credits for your ID, however, if you use them up quicker than average, you must justify why you need them again so soon. Anti-spam routines have been successful on IRC and MUDS against DoS. Each "request" is measured against the time since the last request. If the time is less than the delay, the request is denied (and with exponential buildup, you double the delay so that even "needling" attacks where a DoS attack finds your delay and transmits just under that, has trouble) If the resource is disk space, or network memory buffers, or whatever, you impose similar timing sensitive constraints. This covers most spam based DoS. -Ray
By the way, I'm very disappointed that this sort of topic doesn't come up here more often. I perceive that it may be because lots of people on this list are cyphergroupies and not actually tuned in to the technical issues of securing every-day communication. Futplex writes:
Could someone say a bit more about the perceived difficulties associated with secure network routing protocols ? TIA. ^^^^????
I am not at all optimistic about defeating DoS attacks....
The people building the new routing protocols (BGP, OSPF, etc) have included cryptographic security provisions in them that will work regardless of whether IPSEC is available. Some of these have to be hand configured but thats not actually a problem since peering in many of these systems has to be hand configured in the first place. I had a long talk with the Area Director for routing and such in the bar at the last IETF meeting and he gave me the impression the routing people are acutely aware of the problem and hope to assure that it disappears with time. Given cryptographic security on the routing packets, denial of service attacks directed against routing become hard. Photuris has built in protection against denial of service against it, by the way. With luck, we will be down to dealing with very crude denial of service attacks like packet flooding and hopefully we can come up with reasonable mechanisms to stop them in the ordinary case. Perry PS Again, I strongly encourage people to get involved in the efforts to secure the internet with IPSEC, MOSS and similar things. WE NEED YOU!
On Fri, 21 Jul 1995, Perry E. Metzger wrote:
sure that the IETF meeting in Dallas in a few months will have IPSP
When and where will this be in Dallas? -- Ed Carp, N7EKG Ed.Carp@linux.org, ecarp@netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp@netcom.com for PGP 2.5 public key an88744@anon.penet.fi Q. What's the trouble with writing an MS-DOS program to emulate Clinton? A. Figuring out what to do with the other 639K of memory.
participants (8)
-
Ed Carp [khijol Sysadmin] -
futplex@pseudonym.com -
lmccarth@cs.umass.edu -
Patrick J. LoPresti -
Perry E. Metzger -
Perry E. Metzger -
Ray Cromwell -
tcmay@sensemedia.net