Re: Crypto CD UpDate
On Mar 26, 21:18, Timothy C. May wrote:
At 10:16 PM 3/26/96, aba@atlas.ex.ac.uk wrote:
The idea of putting together a CD with crypto stuff is an excellent IDEA, and one which I very much welcome.
However a question .. are you (Ben) located in the US? If so...
that rules out overseas buyers unless you fancy messing with ITAR... Is it possible that you could come to some arrangement with some one outside the ITAR fence who has a CD writer (any one reading have one?) put together the same CD for those outside the US?
ITAR is going to be a mess either way. If the CD is put together outside the U.S., you'd have to only use non-U.S. executables/source (or else put site owners at risk of violating the anti-export language in the ITAR). Of course, a lot of people don't take this seriously, so pick your poison ...
1. The CD-ROM "freezes" the various programs, archives, etc. at the moment the files are finalized and the CD-ROMs are pressed (or burned individually on a CD-R, at somewhat higher per-copy price). If the author of the CD-ROM is not committed to updating the CD-ROM at frequent intervals--say, every few months--then the programs will exhibit "version decay" and be nearly useless. The next point is the reason.
2. The Web does a better job at making the latest versions instantly accessible. True, a CD-ROM will generally have faster access, but I care more about getting the _latest_ version of PGP, even if takes a minute or two to snarf off the Web. That I could get an _older_ version of PGP in fractions of a second off this CD-ROM is not compelling to me.
I'd argue that having a slightly out-of-date CD-ROM is better than nothing, because: - It gives you an idea of what sorts of crypto applications are out there, - It gives you working versions of programs without having to crawl all over the Net hunting for one, - If the authors are smart they'll include URL's to an update site in the documentation (or the CD-ROM producer can do it), - Not everyone out there is Net-savvy, or has the time to go trudging around looking for the latest cutting-edge versions of software. Time *IS* money. I'd almost argue that Tim's emphasis on using the Web to get crypto assumes a sort of Net-centric view of how the crypto is going to be used -- similar to reported provisions in the Leahy bill. The idea that people who just want to encrypt personal data might not need the latest versions of everything out there is reasonable -- as long as the latest versions aren't BUG FIXES. In that case, Tim's argument about stale versions would carry some merit. But this is the case for ALL non-Net distributed software; you don't see companies refusing to cut CD-ROMs simply because they're worried their users won't be able to get the latest bug fixes. In the ideal case, they'd do the best they can to make sure that people did, but you have to be realistic. (Of course, if you're cynical, and believe that software companies care more about money than about helping their customers, then it doesn't matter. ;)
(And fractions of a second is too charitable: in actuality, I'd have to locate the CD-ROM, dismount anything already mounted, mount the CD-ROM, search it for "PGP," etc. Probably not even faster than using Alta Vista and downloading.)
Um, whatever. If you have a CD-ROM, you'll at least have SOME idea of what software is available on it. Not so with the Web (unless somebody wants to do the equivalent of this CD-ROM and put together a page with a HUGE number of links to crypto programs -- not to mention the protections necessary to avoid violating ITAR, e.g. the anti-export measures built into the PGP distribution site) Plus, comparing the speed of a CD-ROM to a modem is like comparing the speed of a station wagon to a skateboard. CD-ROMs aren't exactly fast, but they sure as hell aren't anywhere near as slow as the water-torture speeds of your average v.42bis modem.
3. Where CD-ROMs really shine over modem alternatives is, of course, for very large files. Images, MPEG or Quicktime movies, etc. "Multimedia" being the operative term. For crypto, this is not an issue. (Except for list archives, where having a few hundred megabytes of articles might be nice. However, the absolute KILLER of this idea is the staleness problem mentione in Point #1: if the archives on CD-ROM lack the most recent month or two, their usefullness drops precipitously. If the CD-ROM is a year old, and no updates have appeared, then its archives are useful only to list historians.
I don't buy this. Many of the well-known/widely-used Net-distributed crypto apps haven't put out updates for a LONG time. Even if it was the case that they were throwing out bug fixes every two weeks, my previous comments still hold. (And anyhow, you probably wouldn't WANT to have software THAT unstable in your collection anyway. ;) I'm starting to think that the question of whether this CD-ROM is useful depends on who you're selling it to. People who hang out on Coderpunks, or are "in the loop" as to version updates and crypto sites won't want this. People who want to buy the CD just to be "cool" aren't an issue. The SOHO market (i.e. people who don't normally use the Net, and who ordinarily wouldn't care too much about crypto) seems to be the ideal target. But how do you sell a piece of software to an audience that doesn't know it needs it? Perhaps this could be a chance to spread the gospel, so to speak. However, that would mean the CD would have to be designed around these people -- i.e. for ease of use, etc. These issues have probably been beaten to death a long time ago (e.g. PGP shells), and shouldn't be too difficult to resolve. The multi-platform stuff (DOS/Mac/**IX on one disc) will be harder; you'll need to code a different interface to the CD for each platform.
(In other words, I will almost always go to up-to-date archives on a Web site rather than dusting off a CD-ROM that was issued several months ago.
As would I. But we're "in the loop". Many people aren't. And the real issue being addressed here (getting easy-to-digest crypto to the masses) is a lot more difficult than just pressing a CD-ROM. Ben may need to rethink his strategy on this, in terms of how to most effectively promote this CD to that market.
4. The Web approach allows powerful search engines, links from other pages, and--importantly--multiple jurisdictions. The PGP could come from the U.S., the Digital Postage code from Sweden, and so on. And, again as noted in # 1, the developers could keep improving and iterating the code.
Hmm, do I hear a volunteer for writing that Crypto Software Web page? ;) -H
Henry: On Wed, 27 Mar 1996, Henry Huang wrote:
On Mar 26, 21:18, Timothy C. May wrote:
At 10:16 PM 3/26/96, aba@atlas.ex.ac.uk wrote:
The idea of putting together a CD with crypto stuff is an excellent
ITAR is going to be a mess either way. If the CD is put together outside the U.S., you'd have to only use non-U.S. executables/source (or else
Develop it ad cut it outside the US. << Can it be done in St Pierre? Alternatively, how about Bermuda? >> Include Source code for both US and Non-US versions, but only executable for non-US versions.
target. But how do you sell a piece of software to an audience that doesn't know it needs it?
It doesn't take much. The hard part is configuring a system for the user. Plug and Play Crypto applications are required. Now if the CD-Rom had all the crypto applications, with examples of how to configure various things, you are a step closer towards the plug & play requirement.
to resolve. The multi-platform stuff (DOS/Mac/**IX on one disc) will be harder; you'll need to code a different interface to the CD for each platform.
Depends on your search engine.
issue being addressed here (getting easy-to-digest crypto to the masses) is a lot more difficult than just pressing a CD-ROM. Ben may need to rethink his strategy on this, in terms of how to most effectively promote this CD to that market.
Trial run -- press, say 20 CD-Roms. Have people use them on various platforms, and provide the examples, etc, to make it plug and play for the rest of the world. Then press them in batches of 100, or 500 to sell /distribute to users. Market it on a web page, and accept the various forms of digital currency, credit cards, etc.
Hmm, do I hear a volunteer for writing that Crypto Software Web page? ;)
Just for the links to each of the crypto software archives? It would need somebody playing with alta-vista, etc for a while --- or somebody sending URL, and a brief site description, to maintain such a page. I started to do something like that a long time ago, but got involved in some other projects. << The relics of that can be found at ftp://ftp.netcom.com/pub/gr/graphology/private.html >> << If I knew of any easy way to sort mail with stuff to be added to such a webpage, from the rest of my mail, I'd volunteer. >> xan jonathon grafolog@netcom.com
participants (2)
-
Henry Huang -
Jonathon Blake