Re: Censorware Summit Take II, from The Netly News
I can't wait until the tags include information on *political* content, or *credibility factor* (i.e. sanctioned by medai conglomerate or not) etc... At 02:06 PM 7/16/97 -0700, Declan McCullagh wrote:
***********
http://pathfinder.com/netly/opinion/0,1042,1173,00.html
The Netly News (http://netlynews.com) July 16, 1997
At The Censorware Summit by Declan McCullagh (declan@well.com)
If you host a web page or publish online, be warned: soon your site might become invisible. Search engines won't index it and web browsers won't show it. Unless, that is, you agree to attach special labels to your web pages identifying how violent, sexually explicit, or inappropriate for kids your site is.
This was the thrust of today's White House censorware summit, where President Clinton sat down with high tech firms and non-profit groups in a private meeting to talk about pressuring the Net community to make cyberspace childsafe through labels. "We need to encourage every Internet site, whether or not it has material harmful to minors, to rate its contents," Clinton said after the meeting. Vice President Gore was there, too, giving a quick demonstration of how labeling works.
Spooked by the threat of a revised Communications Decency Act, high tech firms are seriously backing labels for the first time. Joining Clinton in coercing Internet users and businesses to label all their web pages were Yahoo, Excite, and Lycos. "I threw a gauntlet to other search engines in today's meeting saying that collectively we should require a rating before we index pages," Robert Davis, the president of Lycos, told me. Translation: if you don't play ball, and label your site, search engines will ignore you.
As will future users of Microsoft's Internet Explorer browser. The next version of IE will default to displaying only properly labeled web pages, according to Ken Wasch, the president of the Software Publishers Association. Since many users won't turn off that feature to reach unrated sites, many large web sites now are facing hefty pressure to self-label.
Other high tech firms rushed to join the presidential limelight. Netscape promised to join Microsoft and include label-reading software in the next version of its browser. America Online's Steve Case thanked Clinton for "backing industry's efforts to make cyberspace a safer place." IBM announced a $100,000 grant to RSACi, a PICS-based rating standard originally designed for video games but adapted for the Web. The industry giant also pledges to incorporate RSACi into future products.
[...]
Read the complete text of my article. The RSACnews system would include just that: a system that allows a board of media conglomerates to decide what's a "news site" or not. In other words, what's "credible." -Declan On Wed, 16 Jul 1997 geeman@best.com wrote:
I can't wait until the tags include information on *political* content, or *credibility factor* (i.e. sanctioned by medai conglomerate or not) etc...
At 02:06 PM 7/16/97 -0700, Declan McCullagh wrote:
***********
http://pathfinder.com/netly/opinion/0,1042,1173,00.html
The Netly News (http://netlynews.com) July 16, 1997
At The Censorware Summit by Declan McCullagh (declan@well.com)
If you host a web page or publish online, be warned: soon your site might become invisible. Search engines won't index it and web browsers won't show it. Unless, that is, you agree to attach special labels to your web pages identifying how violent, sexually explicit, or inappropriate for kids your site is.
This was the thrust of today's White House censorware summit, where President Clinton sat down with high tech firms and non-profit groups in a private meeting to talk about pressuring the Net community to make cyberspace childsafe through labels. "We need to encourage every Internet site, whether or not it has material harmful to minors, to rate its contents," Clinton said after the meeting. Vice President Gore was there, too, giving a quick demonstration of how labeling works.
Spooked by the threat of a revised Communications Decency Act, high tech firms are seriously backing labels for the first time. Joining Clinton in coercing Internet users and businesses to label all their web pages were Yahoo, Excite, and Lycos. "I threw a gauntlet to other search engines in today's meeting saying that collectively we should require a rating before we index pages," Robert Davis, the president of Lycos, told me. Translation: if you don't play ball, and label your site, search engines will ignore you.
As will future users of Microsoft's Internet Explorer browser. The next version of IE will default to displaying only properly labeled web pages, according to Ken Wasch, the president of the Software Publishers Association. Since many users won't turn off that feature to reach unrated sites, many large web sites now are facing hefty pressure to self-label.
Other high tech firms rushed to join the presidential limelight. Netscape promised to join Microsoft and include label-reading software in the next version of its browser. America Online's Steve Case thanked Clinton for "backing industry's efforts to make cyberspace a safer place." IBM announced a $100,000 grant to RSACi, a PICS-based rating standard originally designed for video games but adapted for the Web. The industry giant also pledges to incorporate RSACi into future products.
[...]
-----BEGIN PGP SIGNED MESSAGE----- In <Pine.GSO.3.95.970717182623.19394a-100000@well.com>, on 07/17/97 at 06:27 PM, Declan McCullagh <declan@well.com> said:
Read the complete text of my article. The RSACnews system would include just that: a system that allows a board of media conglomerates to decide what's a "news site" or not.
In other words, what's "credible."
Well I don't know about anyone else but the more information that comes out on this the worse & worse it looks. Between this & the Netscape/Microsoft/Verisign Sellout I would say that things are looking much worse that if the CDA had been left intact. I think that several of us need to get together with the authors of Lynx and produce a GNU secure webbrowser and take on these SOB's. I don't think that it would be all that much work to mimick NetScapes plugin interface so the same plugins will work with the GNU browser. The "Net" will not be safe as long as N$ is allowed to do whatever they please. - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBM86+MI9Co1n+aLhhAQFSEwP/dTQ0Fbx17xZTt9xAdGo2/6yr1zhc0TSi R1suEjgTXrzaEDBhgiEEx+yVF0ojU39VX2lMjVOlOH9KHSts2Lf9Oy5D2BVjpl/t 2UYok42qu5Qr7S0lZB5NgqzRa+VpvzMMVaIUdxHySTAstQ35l1oEkpMkESAWyr0p XpNT49OOhUc= =7S8S -----END PGP SIGNATURE-----
On Thu, 17 Jul 1997, William H. Geiger III wrote:
I think that several of us need to get together with the authors of Lynx and produce a GNU secure webbrowser and take on these SOB's.
I don't think that it would be all that much work to mimick NetScapes plugin interface so the same plugins will work with the GNU browser.
While they are still in early stages, Project Mnemonic is a team of programmers working on an open, modular GNU browser that will have the kind of functionality that you describe (and eventually be able to run in various modes, such as text only, svgalib, X, etc). They need C++ programmers to help, so spread the word. The story is at <http://www.wired.com/news/news/technology/story/3907.html>. m <http://dsl.org/m/> Copyright (c) 1997 Michael Stutz; this information is email stutz@dsl.org free and may be reproduced under GNU GPL, and as long as this sentence remains; it comes with absolutely NO WARRANTY; for details see <http://dsl.org/copyleft/>.
At 08:40 PM 7/17/97 -0400, William H. Geiger III wrote:
I think that several of us need to get together with the authors of Lynx and produce a GNU secure webbrowser and take on these SOB's.
Nothing wrong with releasing a GNU browser, but you will find it difficult to impossible to match the features of a modern browser such as Communicator and MSIE. Some may be happy with Lynx. Myself and most consumers will stick with Communicator and MSIE. [...]
The "Net" will not be safe as long as N$ is allowed to do whatever they please.
The Net would be considerably safer if Netscape and others would be allowed to do as they please. Unfortunately, export laws are a reality and Netscape and Microsoft do what they can to bring strong crypto to as many people as possible without ending up in jail. My posts on this topic should not be taken as bashing these software vendors for attempting to make their products available to a larger number of customers. I certainly do not question the integrity of people such as Tom Weinstein who have worked hard to make the best of a shitty situation. A situation they did not create. [That questionable honor goes to the USG]. I merely question the wisdom to rely on a solution that can be disabled at any time, for any reason, or no reason at all, by a party outside your company simply by revoking a single cert. One should not make one's fate subject to the future whim of a third party. Thanks, --Lucky Green <shamrock@netcom.com> PGP encrypted mail preferred. DES is dead! Please join in breaking RC5-56. http://rc5.distributed.net/
-----BEGIN PGP SIGNED MESSAGE----- In <3.0.2.32.19970717200041.0072b488@netcom10.netcom.com>, on 07/17/97 at 08:00 PM, Lucky Green <shamrock@netcom.com> said:
At 08:40 PM 7/17/97 -0400, William H. Geiger III wrote:
I think that several of us need to get together with the authors of Lynx and produce a GNU secure webbrowser and take on these SOB's.
Nothing wrong with releasing a GNU browser, but you will find it difficult to impossible to match the features of a modern browser such as Communicator and MSIE. Some may be happy with Lynx. Myself and most consumers will stick with Communicator and MSIE.
Well 90% of the "features" of these browsers are complete crap. I have yet to see a web site that did anything constructive with frames and animated gifs are compleetly worthless. There are some intresting plug-ins for Netscape but as I said in my previous post I don't think mimicking the interface should be that hard. As far as the e-mail & news clients they are still far behind where the industry is in these areas. I was thinking more allong the lines of providing a strong, secure GNU browser for doing transactions over the net and save the game playing for NS & MS.
[...]
The "Net" will not be safe as long as N$ is allowed to do whatever they please.
The Net would be considerably safer if Netscape and others would be allowed to do as they please. Unfortunately, export laws are a reality and Netscape and Microsoft do what they can to bring strong crypto to as many people as possible without ending up in jail. My posts on this topic should not be taken as bashing these software vendors for attempting to make their products available to a larger number of customers. I certainly do not question the integrity of people such as Tom Weinstein who have worked hard to make the best of a shitty situation. A situation they did not create. [That questionable honor goes to the USG].
No not really. All one has to do is look at Netscapes & Microsofts track record. Security has never been a primary concern of theirs. While this is expected from Microsoft (I don't think they could find a security protocol if it bit them on the ass) one would hope the Netscape would be a little better at it. As far as making their product to a large number of customers one has to question what type of product they are getting. It seem obvious the both Netscape & Microsoft have chosen to go down the "GAK/Policy Token/Manditory Rating" path and have done so long before the WhiteHouse meeting this week.
I merely question the wisdom to rely on a solution that can be disabled at any time, for any reason, or no reason at all, by a party outside your company simply by revoking a single cert. One should not make one's fate subject to the future whim of a third party.
While I do not question the integrety of Tom as I don't know him that well to form a judgment I do question the integrety of the owners & management of the company he works for. As their products stand right now I would not trust the "domestic" versions for anything more than insignificant purchases of beads and trinkets over the net let alone the hacked "export" versions. As far as using their product for finacial transactions well you know the old saying ... "A fool and his money were lucky to have ever met in the first place". - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBM87gCY9Co1n+aLhhAQHdOwP+KBX7S0+Yuq+y7lEJqbM49SFJuXnzplsH FlTrNvkbfKIpH5vhqLuD8Bo+p0jnBVjK795mVaeSxAB5Fd2OmZ69vSKLBzNozWwp g5QF/dP6ajAaUr7idRRMfWCfkUmSP6KbTUv2k0f3qaE0wfnNnLRtIQ7cuXLES0N2 qmk77G7w/xw= =sfgO -----END PGP SIGNATURE-----
On Thu, 17 Jul 1997, William H. Geiger III wrote:
Well 90% of the "features" of these browsers are complete crap. I have yet to see a web site that did anything constructive with frames and animated gifs are compleetly worthless.
I aggry however there are now meany sites that are now only have frame based interfaces. When useing when useing lynx I have to decode the frames manuly. [...]
I was thinking more allong the lines of providing a strong, secure GNU browser for doing transactions over the net
So basicly a non-nonsence bussness web-broser. It would have to be devloped outside the cyber certion though. Please excuse my spelling as I suffer from agraphia see the url in my header. Never trust a country with more peaple then sheep. ex-net.scum and proud You Say To People "Throw Off Your Chains" And They Make New Chains For Themselves? --Terry Pratchett
? the Platypus {aka David Formosa} <dformosa@st.nepean.uws.edu.au> writes:
On Thu, 17 Jul 1997, William H. Geiger III wrote:
Well 90% of the "features" of these browsers are complete crap. I have yet to see a web site that did anything constructive with frames and animated gifs are compleetly worthless.
I aggry however there are now meany sites that are now only have frame based interfaces. When useing when useing lynx I have to decode the frames manuly.
I have the first the third editions of Ian raham's excellent _HTML Sourcebook. The first edition has screen shots from dozens of browsers. Where did they all go? :-)
I was thinking more allong the lines of providing a strong, secure GNU browser for doing transactions over the net
So basicly a non-nonsence bussness web-broser. It would have to be devloped outside the cyber certion though.
Non-crypt stuff like frames and animated gifs could be added here. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
On Fri, 18 Jul 1997, ? the Platypus {aka David Formosa} wrote:
On Thu, 17 Jul 1997, William H. Geiger III wrote:
Well 90% of the "features" of these browsers are complete crap. I have yet to see a web site that did anything constructive with frames and animated gifs are compleetly worthless.
I aggry however there are now meany sites that are now only have frame based interfaces. When useing when useing lynx I have to decode the frames manuly.
Get the new version of Lynx. (2.7?) It does a better job of handling frames. alano@teleport.com | "Those who are without history are doomed to retype it."
On Fri, Jul 18, 1997 at 02:48:15PM -0700, Alan wrote:
Get the new version of Lynx. (2.7?) It does a better job of handling frames.
You should get it anyway, because of serious security related bug: Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Lynx Temporary Files & LYDownload.c Vulnerabilities July 16, 1997 16:00 GMT Number H-82 ______________________________________________________________________________ PROBLEM: Two vulnerabilities exist for Lynx: 1) temporary files, and 2) LYDownload.c. PLATFORM: All Unix or Unix-like systems running Lynx up to and including version 2.7.1 DAMAGE: 1) May allow local users to gain root privileges. 2) This vulnerability may be exploited by anyone who can provide Lynx a carefully crafted URL. SOLUTION: Apply patches or workarounds listed below. [...] -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html
On Thu, 17 Jul 1997, Lucky Green wrote:
Nothing wrong with releasing a GNU browser, but you will find it difficult to impossible to match the features of a modern browser such as Communicator and MSIE. Some may be happy with Lynx. Myself and most consumers will stick with Communicator and MSIE.
Is there any particular reason that NCSA's Mosaic is being ignored? Sure, it's not GNU (hence not free to *everyone*) but it's out there, and it works. --- John Adams -=- Computer Specialist & Network Guru O- NADEP Cherry Point Pensacola Florida +1.904.452.8551 DSN:922-8551 jadams@seahawk.navy.mil PGP ID 0x84E18C41 via key server - opinions expressed are entirely my own
On Fri, 18 Jul 1997, John Adams wrote:
On Thu, 17 Jul 1997, Lucky Green wrote:
Nothing wrong with releasing a GNU browser, but you will find it difficult to impossible to match the features of a modern browser such as Communicator and MSIE. Some may be happy with Lynx. Myself and most consumers will stick with Communicator and MSIE.
Is there any particular reason that NCSA's Mosaic is being ignored? Sure, it's not GNU (hence not free to *everyone*) but it's out there, and it works.
I've always been an admirer of the HotJava concept, if not the execution. In other words, a dynamically modifiable browser that "learns" how to handle new objects on-the-fly. When I first read Gosling's white paper on Java this was the biggest "ahaa!" I had. I believe there is a version that uses Python instead of Java, but despite the fact that I admire Python quite a bit Java definitely has the momentum here. How hard would it be to implement a Java-based browser that has most of the goodies that we need from day to day (crypto, tables, plug-ins, etc)? Implement this thing like Linux so that we get a core team going and everybody starts throwing in chunks of code, objects etc. The first cut of this beast could be minimal and with its hot extensibility could grow to accomodate anyone's needs. Jim Burnes
On Fri, 18 Jul 1997, Jim Burnes wrote:
On Fri, 18 Jul 1997, John Adams wrote:
On Thu, 17 Jul 1997, Lucky Green wrote:
Nothing wrong with releasing a GNU browser, but you will find it difficult to impossible to match the features of a modern browser such as Communicator and MSIE. Some may be happy with Lynx. Myself and most consumers will stick with Communicator and MSIE.
Is there any particular reason that NCSA's Mosaic is being ignored? Sure, it's not GNU (hence not free to *everyone*) but it's out there, and it works.
I've always been an admirer of the HotJava concept, if not the execution. In other words, a dynamically modifiable browser that "learns" how to handle new objects on-the-fly. When I first read Gosling's white paper on Java this was the biggest "ahaa!" I had. I believe there is a version that uses Python instead of Java, but despite the fact that I admire Python quite a bit Java definitely has the momentum here.
Slight correction...there is not a version of HotJava that uses Python. I was talking about a different product. jim
At 1:33 pm -0400 on 7/18/97, Tim May wrote: <an excellent description of the industrial strength software bloat which now afflicts the browser market> "The Geodesic Network, OpendDoc, and CyberDog" http://www.shipwright.com/rants/rant_03.html is the first rant I wrote on <ducking> geodesic </d> software. It ended up in a much(!) shorter form as a full-page opinion piece in InfoWorld two years ago this October. Actually, it's about what happened to me at MacWorld almost exactly two years ago. Anyway, OpenDoc is now dead, probably because it wasn't geodesic enough, I think. After all, it called itself a compound document archichitecture, and people have figured out by now that software won't be about documents at all. OpenDoc, as implemented, layered too much onto an increasingly bloated MacOS. It was awfully slow and required many twidgits and tweaks to make it all go, and there wasn't enough stuff there when you were finished to want to use it all. It became the bloatware it was trying to replace. There will be sucessors to OpenDoc, but I also agree with Dave W(h)iner that Java is probably more brand name than anything else. Like Chauncey Gardner, Java is what we project onto it. But, sooner or later, probably when we figure out how to make bits of code handle money in somekind of micromoney ecology, with bits of cash as software and processor 'food', we'll have geodesic software. Software which scales and upgrades itself to the processor it's using, and which is infinitely configurable and extremely efficient in its use of computation resources. Software which gets smaller in order to solve smaller specific problems instead of getting larger in never-ending cycles of feature-creep. Software which auctions its services to the highest bidder, and which when outcompeted by a rival, dies, just like any form of life. As far as hardware goes, the world will not be populated with the kind of top-down network-as-mainframe network computer of Larry Ellison's wet dreams. Microprocessor prices will continue to collapse at least for the next 10 years, and computers will trend toward ubiquity, moving into practically every artifact of civilization, and all those computers will talk to each other on a ubiquitous global internet. The software those computers use will not be hard-wired, it will be flexible and upgradable. It will be 'out of control'. It will be geodesic, like the network itself. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/
On Fri, 18 Jul 1997, Robert Hettinga wrote:
At 1:33 pm -0400 on 7/18/97, Tim May wrote:
<an excellent description of the industrial strength software bloat which now afflicts the browser market>
"The Geodesic Network, OpendDoc, and CyberDog" http://www.shipwright.com/rants/rant_03.html is the first rant I wrote on <ducking> geodesic </d> software. It ended up in a much(!) shorter form as a full-page opinion piece in InfoWorld two years ago this October. Actually, it's about what happened to me at MacWorld almost exactly two years ago. ... The software those computers use will not be hard-wired, it will be flexible and upgradable. It will be 'out of control'. It will be geodesic, like the network itself.
Cheers, Bob Hettinga
I think that depends on what people start adopting. If you want "geodesic" software, use Linux. Pieces are there from every continent, and all any business needs to do to have a driver and applications written for any hardware is to release the spec. It is flexible and upgradable and 'out of control', and is developed on the internet. Interestingly enough, the only stego-crypto "device" I know of is the linux loop device. There are some crypto plugins for MS, but nothing I know of will bury your info encrypted with DES or IDEA in the lsbs of a .wav file. The other interesting thing is that the bloatware is only possible BECAUSE of Moore's law. Windows really needs 16Mb, a big hard drive, and a fast pentium, and it is nice that the price point (around $2k) of the new machines are about right for each release of a new MS product. But even if cpu-memory power (and price per bit sent over the internet) keeps doubling, the complexity of code is growing exponentially too. Or was growing - I think it has past the point where they can add code to the blob and have it work. If you are right, then there should be a shift from MS to Linux or FreeBSD. Especially if the Wabi32 or Wine projects succeed :). --- reply to tzeruch - at - ceddec - dot - com ---
At 12:52 am -0400 on 7/20/97, sar wrote: Just to be clear, when I talk about geodesic software, I'm not talking about linux, as much as I like the idea of linux personally. In fact, if the Mac ever dies, I'll probably end up on linux someday. Certainly, once you put any machine on the internet, its software becomes more geodesic than it was sitting on a desktop or in a rack, and, for the sake of argument, I'm willing to agree that because of increasing availablity of cool free net.stuff in linux, it may more geodesic than Microsoft or Apple operating systems. I could be wrong, but the cycle from not having what you need to do something new, to installing it and running it, is too slow for modern operating systems like linux to call them geodesic software in the sense that I was using the phrase. Java the brand-name claims to do this in "market"space, but Java as running software ain't there yet in cyberspace, and may never be. I'm beginning to think that until it's possible for a given processor to autonomously buy the software it needs for cash in an auction market, and then download and install that software, all at run time, the superscalibility of an environment where software is dispersed through the network (again, "surfacted" is not a bad word to describe this), and run in the smallest possible bits at the processor level just won't happen. Nonetheless, I do think that the linux gang is going in the right direction, especially since most most of the cash-settlement technology we on this list have all come to know and love is more likely to be used in linux than anywhere else. Finally, there's the issue of Mhyrvold's software-as-a-gas idea. That is, that bloatware is a direct result of Moore's Law. Or, more properly, Parkinson's Law of bureaucracy ("an organization will expand to fit it's available resources") come to microprocessing. In an absolute sense, of course, more processing power is more software waste. My Mac wastes more cycles than I can physically count in a lifetime waiting for my next keystroke, and, after more than half a lifetime at the keyboard, I am a pretty fast typist. However, at some point, I think that the added "waste" of profit-and-loss responsibility at the processor level, effectively a cash-settled auction market for cycle-time, will yield much more efficiency in allocating processor time than piling on yet another feature and compiling it in with the rest of some vertically integrated application behemouth. Waiting for everybody else's requested features to creep by before the application can let us have the one we need to use will be a thing of the past when that happens. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/
On Sun, 20 Jul 1997, Robert Hettinga wrote:
In an absolute sense, of course, more processing power is more software waste. My Mac wastes more cycles than I can physically count in a lifetime waiting for my next keystroke, and, after more than half a lifetime at the keyboard, I am a pretty fast typist.
The problem is that it wastes all those cycles until you hit enter (or OK) and only then begins whatever arduous task, usually with a slowly moving progress bar or dialog box. What I really hate are the installs that are going to take 15 minutes but insist that you don't do anything else while it is copying files. Unless you already started something in the background which will happily run, but there is no shrink window widget. That will probably all go away "RSN", but it will take something like a web based process dispatch where you are filling in a form (maybe without knowing it) and it is submitted to be dispatched to the least busy processor in your network. Plan 9 was trying to do something like this, and the current SMP stuff at least attempts to do scheduling - we still have this technology in a very mature state from mainframes and things like vaxclusters. But to go back to your comparison of lines v.s. nodes, the network and busses are getting faster and the processors are two at about the same rate, so both lines and nodes are getting cheaper, though not uniformly. If lines become cheaper (in bits/sec/$) than nodes, we will have 10 CPU boxes for 40 keyboard/display boxes, or some other appropriate ratio. Otherwise some combination of distributionware will become available so you can run cpu intensive apps (e.g. spice electronic modeling) like DES keyspace searches, though on your local net. Even something like a "batch" program for Windows NT, but the GUI paradigm makes clicking on Go a little difficult :). There is another problem with software being purchased (or rented?) in the model you describe. It becomes cheaper to purchase it in bulk (e.g. one transaction giving access to a os and a library, and have the most used components cached locally) than to go out and buy each piece as I need it. I have a toolbox in case I need to fix something. If I had to drive to store for each tool as I needed it, the sunk costs would then exceed the price of the tool. It would get worse if I tried to determine the best price or best tool from among several stores. I purchase one tool box which handles 99.5% of the cases I am likely to see and have only one set of sunk costs. E$ transactions have a very tiny transaction cost, but it is not zero, and because it requires crypto it is noticable in CPU time and cycles. If you had to purchase 100 components to run Netscape (minimally the graphics, http parsing, and a few other things first, then every time you clicked on a new type of object), each having to be transacted and downloaded, it would be worse than the existing bloatware. Much like the cost of Email is not zero, but a large amount is included in my monthly ISP payment since the cost of tracking exceeds the cost of transmission. A large amount of software may eventually become a public good. But as I may occasionally need a special tool which is not in my box, I may want access to special software or capacity. --- reply to tzeruch - at - ceddec - dot - com ---
On Sat, 19 Jul 1997, Mismatched NFS IDs wrote:
I think that depends on what people start adopting. If you want "geodesic" software, use Linux. Pieces are there from every continent, and all any business needs to do to have a driver and applications written for any hardware is to release the spec. It is flexible and upgradable and 'out of control', and is developed on the internet. Interestingly enough, the only stego-crypto "device" I know of is the linux loop device.
Like a geodesic network, it naturally routes around obstructions or any attempts to stop it. This is a story I did for Wired News today about a possible attempt at stopping free software in the most obvious manner -- close the hardware. Notice the outcome. [1][USEMAP] [INLINE] [2][USEMAP] [3][USEMAP] [INLINE] _______________ ______________ [4][LINK] [INLINE] [5][LINK] _Consortium Segregates the Bus_ _by [6]Michael Stutz _ 3:07pm 21.Jul.97.PDT A coming improvement to the PC architecture promises to dramatically enhance throughput for high-end servers, while at the same time only granting a select few the right to create software for it. Some programmers say this is a move by corporate giants like Microsoft to enforce a prohibition on the growing free software movement, and have begun to fight it. Intelligent Input/Output, or I20, is the technical specification for the next breed of high-end PC hardware devices invented by Intel and developed by the [7]I2O SIG, an industry consortium. Conforming hardware will help relieve I/O-intensive enterprise applications, such as client/server networking and videoconferencing, by taking the I/O load from the CPU, said consortium spokesman Michael LoBue. "It 'tweaks' the basic architecture by offloading I/O processing from the CPU to a dedicated I/O processor," he said. This built-in processor is part of an intelligent I/O subsystem that would even allow I2O devices to communicate with each other - for example, a network card could make a request directly to a disk controller - without intervention by the CPU or operating system. Eventually, OEMs such as H-P and Dell may release high-end systems conforming with I2O, some before the calendar year's end. "We feel that the technology is promising," said Patrick Franklin, Microsoft's I2O SIG rep, who confirmed that its NT 5 operating system will begin to implement I2O compatibility while noting that "there's the risk that I2O performance will not justify the cost." But another issue has begun to raise a stink with programmers - the ability to write and share software for I2O-enabled hardware devices is controlled by the Microsoft-dominated SIG. "It looks as if the I2O SIG agreements are deliberately written to exclude free software," said Bruce Perens, chairman of [8]Software in the Public Interest, a nonprofit organization formed to support Debian GNU/Linux, a free Linux operating system package. "It's my opinion that this was a very deliberate decision on the part of the I2O consortium, and specifically on the part of their sponsors Microsoft and Novell." Free software - software whose source code is shared throughout the Net community - has taken a good portion of the high-powered server market that I2O targets, said Perens. "[For] [9]Web servers, file servers, and big-ticket systems, people have dumped high-priced commercial server packages in favor of free software." Because software development for I2O peripherals is forbidden for nonmembers, the US$5,000 yearly membership dues will put individuals and small organizations out of the game. Members themselves are not permitted to disclose their source code, and Microsoft has veto power to drop any organization from the SIG. This makes a grim scenario for independent programmers. The usual reason for keeping a hardware system closed - to prevent cloning of the device - does not apply in this case, as all I2O hardware vendors have access to the same documentation. "Five thousand dollars is assurance that the little guys, people like [10]Linus Torvalds [the original author of Linux] who might work for a college or program at home on hardware they purchased with their own money, will be locked out," Perens said. But, says LoBue, "I try to tell these people that one, this isn't a conspiracy and two, the founders are not stupid, ignorant people unaware of a free approach to licensing - so grow up, get over it. Either join or wait until such time as they feel that it doesn't need to be licensed. Boy, they're sure having a lot of fun on their soapbox lecturing about how ruin and damnation will happen because there are 'proprietary specs.' I would claim that I2O is _not_ a proprietary spec - _anybody_ is free to join the SIG." Proprietary specs have surfaced many times throughout PC history; the outcomes have almost never been good. The MicroChannel Architecture bus was IBM's one-time attempt to keep the PC bus its own. It didn't work. "MCA was doomed from the start," said Microsoft's Franklin, citing the difficulties in getting a license from the IBM bureaucracy as a prime catalyst for its demise. Similarly, it may prove tough to impossible to keep determined hackers from programming their own hardware: Some have even now routed around the I2O membership requirements, informing Wired News that the secret document describing I2O in its current revision was [11]openly available from the I2O SIG's own site. _Related Wired Links:_ [INLINE] _[12]Penguin Plaque Honors Linux Creator 9.Jul.97_ [13][LINK] [14][USEMAP] [15]Feedback: Let us know how we're doing. [16]Tips: Have a story or tip for Wired News? Send it. [17]Copyright © 1993-97 Wired Ventures, Inc. and affiliated companies. All rights reserved. [18][USEMAP] [INLINE] [INLINE] [19]PSINet. Sign up now and get $200 of free Internet faxing. [20]Consortium Segregates the Bus [INLINE] _TECHNOLOGY_ _Today's Headlines_ _[21]Email Spy Lurks in Corporate Future [22]Digital Maps Help You Take a High-Tech Hike __[23]Consortium Segregates the Bus [24]Net Cannot Work by Man Alone [25]Launch Entrepreneurs Bet Down Under Goes Over [26]Sun's Adventures in the Third Dimension __[27]Tools: Internet Explorer 4.0 Preview 2 [28]Street Cred: The Interface Hackers [29]Geek Talk: VBScript _[30]PSINet. Sign up now and get $200 of free Internet faxing. References 1. LYNXIMGMAP:http://www.wired.com/news/news/technology/story/5343.html#masthead.map 2. LYNXIMGMAP:http://www.wired.com/news/news/technology/story/5343.html#nav1.map 3. LYNXIMGMAP:http://www.wired.com/news/news/technology/story/5343.html#nav2.map 4. http://www.wired.com/wired/ 5. http://www.wired.com/news/news/technology 6. mailto:stutz@dsl.org 7. http://www.i2osig.org/ 8. http://www.debian.org/social_contract.html 9. http://www.netcraft.com/Survey/Changes/ALL/ 10. http://www.forwiss.uni-passau.de/forwiss/archive/linux/personen/interview.ht... 11. ftp://ftp.i2osig.org/ver1-5.pdf 12. http://www.wired.com/news/news/culture/story/1763.html 13. http://www.wired.com/news/news/technology 14. LYNXIMGMAP:http://www.wired.com/news/news/technology/story/5343.html#navstrip.map 15. mailto:news_feedback@wired.com 16. mailto:tips@wired.com 17. http://www.wired.com/wired/full.copyright.html 18. LYNXIMGMAP:http://www.wired.com/news/news/technology/story/5343.html#nav3.map 19. http://www.wired.com/cgi-bin/nredirect/zMN5zNoNlV+G@http://www.psi.net/banne... 20. http://www.wired.com/news/news/technology/story/5343.html 21. http://www.wired.com/news/news/technology/story/5315.html 22. http://www.wired.com/news/news/technology/story/5313.html 23. http://www.wired.com/news/news/technology/story/5343.html 24. http://www.wired.com/news/news/technology/story/5321.html 25. http://www.wired.com/news/news/technology/story/5304.html 26. http://www.wired.com/news/news/technology/story/5287.html 27. http://www.wired.com/news/news/technology/story/5337.html 28. http://www.wired.com/news/news/technology/story/5272.html 29. http://www.wired.com/news/news/technology/story/5266.html 30. http://www.wired.com/cgi-bin/nredirect/zMN5zNoNlV+G@http://www.psi.net/banne...
-----BEGIN PGP SIGNED MESSAGE----- In <Pine.LNX.3.95.970721183747.25439E-100000@devel.nacs.net>, on 07/21/97 at 06:40 PM, Michael Stutz <stutz@dsl.org> said:
Because software development for I2O peripherals is forbidden for nonmembers, the US$5,000 yearly membership dues will put individuals and small organizations out of the game. Members themselves are not permitted to disclose their source code, and Microsoft has veto power to drop any organization from the SIG. This makes a grim scenario for independent programmers.
Sounds like a text book example for a anti-trust lawsuit angainst Microsoft, Intell & the I20 SIG. I wonder what Watcom, Borland and a few of the other compiler manufactures think about this. - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBM9QMSo9Co1n+aLhhAQHATQP/Ro6oxfT+LyCJKl9OLI+XR5y3tx2fnCYm 616EqwP17/ACaoB+9zp0sKVPyzcrJeZHsedR7OCt1oek5LmWrJERtTH3hlk3G68m 51C2/c/M3RPriv6ewqRehLBfLsxJmSwY4Yr6o4x3Ypadf/5Kh8ciVsmTw7WsSVIM jOqS0p8QMNo= =zzAz -----END PGP SIGNATURE-----
At 08:10 PM 7/19/97 -0400, you wrote:
On Fri, 18 Jul 1997, Robert Hettinga wrote:
At 1:33 pm -0400 on 7/18/97, Tim May wrote:
<an excellent description of the industrial strength software bloat which now afflicts the browser market>
"The Geodesic Network, OpendDoc, and CyberDog" http://www.shipwright.com/rants/rant_03.html is the first rant I wrote on <ducking> geodesic </d> software. It ended up in a much(!) shorter form as a full-page opinion piece in InfoWorld two years ago this October. Actually, it's about what happened to me at MacWorld almost exactly two years ago. ... The software those computers use will not be hard-wired, it will be flexible and upgradable. It will be 'out of control'. It will be geodesic, like the network itself.
Cheers, Bob Hettinga
I think that depends on what people start adopting. If you want "geodesic" software, use Linux. Pieces are there from every continent, and all any business needs to do to have a driver and applications written for any hardware is to release the spec. It is flexible and upgradable and 'out of control', and is developed on the internet. Interestingly enough, the only stego-crypto "device" I know of is the linux loop device.
There are some crypto plugins for MS, but nothing I know of will bury your info encrypted with DES or IDEA in the lsbs of a .wav file.
take a look at http://members.iquest.net/~mrmil/stego.html it has steganography programs for win95,dos,mac and amiga. as well as links to other stego pages and a paper on " covert channels in the tcp/ip suite"
The other interesting thing is that the bloatware is only possible BECAUSE of Moore's law. Windows really needs 16Mb, a big hard drive, and a fast pentium, and it is nice that the price point (around $2k) of the new machines are about right for each release of a new MS product. But even if cpu-memory power (and price per bit sent over the internet) keeps doubling, the complexity of code is growing exponentially too. Or was growing - I think it has past the point where they can add code to the blob and have it work.
If you are right, then there should be a shift from MS to Linux or FreeBSD. Especially if the Wabi32 or Wine projects succeed :).
--- reply to tzeruch - at - ceddec - dot - com ---
On Sun, 20 Jul 1997, sar wrote:
There are some crypto plugins for MS, but nothing I know of will bury your info encrypted with DES or IDEA in the lsbs of a .wav file.
take a look at http://members.iquest.net/~mrmil/stego.html it has steganography programs for win95,dos,mac and amiga. as well as links to other stego pages and a paper on " covert channels in the tcp/ip suite"
I took a look and everything I have seen can do stego, and some encryption, but it is one file in one file. I was not clear because the loop device can mount a filesystem, and encrypt and/or stego an entire directory tree in one file transparently, so I can mount my stego-crypto image on /home/me and do everything as I normally would on an unencrypted partition. ftp://csclub.uwaterloo.ca/pub/linux-stego/index.html I can do the same with CFS, but it doesn't do stego, and I don't know if it is available for many platforms outside unix. --- reply to tzeruch - at - ceddec - dot - com ---
At 12:20 PM 7/21/97 -0400, you wrote:
On Sun, 20 Jul 1997, sar wrote:
There are some crypto plugins for MS, but nothing I know of will bury your info encrypted with DES or IDEA in the lsbs of a .wav file.
take a look at http://members.iquest.net/~mrmil/stego.html it has steganography programs for win95,dos,mac and amiga. as well as links to other stego pages and a paper on " covert channels in the tcp/ip suite"
I took a look and everything I have seen can do stego, and some encryption, but it is one file in one file.
I was not clear because the loop device can mount a filesystem, and encrypt and/or stego an entire directory tree in one file transparently, so I can mount my stego-crypto image on /home/me and do everything as I normally would on an unencrypted partition.
ftp://csclub.uwaterloo.ca/pub/linux-stego/index.html
I can do the same with CFS, but it doesn't do stego, and I don't know if it is available for many platforms outside unix.
--- reply to tzeruch - at - ceddec - dot - com ---
there are programs witch let you encrypt entire disk volumes transparently for dos and windows such as 'Secure FileSystem' available at http://www.cs.auckland.ac.nz/~pgut001/sfs.html. I've never used any such programs so I really cant say with any confidence how well or if they work..
At 9:42 AM -0700 7/18/97, Jim Burnes wrote:
I've always been an admirer of the HotJava concept, if not the execution. In other words, a dynamically modifiable browser that "learns" how to handle new objects on-the-fly. When I first read Gosling's white paper on Java this was the biggest "ahaa!" I had. I believe there is a version that uses Python instead of ...
For a short while after getting my first real Web access, after many years of shell accounts at Portal, Netcom, etc., I thought Netscape (OK, "Navigator") would be my Swiss Army Knife of apps. The One True Web App. As it turned out, I continued using Eudora Pro for e-mail. I'd been using it since 1992, and it had evolved along with other tools and remained better than what Netscape had included in Navigator. At least to me it was better. And I adopted Newswatcher, a Mac app, for my newsreader. So all I use Navigator for is Web browsing. Sadly, Navigator 3.0 just about tripled in footprint, from about 5 MB to about 14 MB (for a relatively crash-free setup, though it still crashes with "Type 11" memory errors a couple of times a day). As I can't see any particular advantages to Version 3 over Version 2, except for "dancing Java images," :-{, I'm seriously considering abandoning 3 and going back to 2. I'm not at all convinced that monolithic apps like this will do well. A cluster of smaller apps, provided they have relatively consistent look-and-feel, as they mostly do, will probably do better for many of us. Smaller, nimbler apps are harder for government forces to regulate, influence, and limit. What does this mean for crypto, certificates, etc.? It means that what Netscape, Microsoft, and other monolithic app suppliers don't hold all the cards. What the government forces/cajoles NS and MS to do with certificates, crypto, Web ratings, could end up helping more users decide to defect from the monolithic apps to smaller,less constraining apps. Maybe this is part of why Netscape's stock price is continuing its long downward slide.... Note to NS and MS employees reading this: If your products become associated with Big Brother, a lot of people will shun them even further. (Sidenote: I don't follow the "certificates" debate very closely. What I think, however, is that I will not be constrained at all in communicating with my offshore friends securely, regardless of what the government does with export laws and GAK. Unless they outlaw domestic unescrowed crypto, or illegalize the communications across U.S. borders with unescrowed crypto, which seems ipso facto a violation of the First Amendment.) --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
On Fri, 18 Jul 1997, Tim May wrote:
I'm not at all convinced that monolithic apps like this will do well. A cluster of smaller apps, provided they have relatively consistent look-and-feel, as they mostly do, will probably do better for many of us. Smaller, nimbler apps are harder for government forces to regulate, influence, and limit.
What does this mean for crypto, certificates, etc.? It means that what Netscape, Microsoft, and other monolithic app suppliers don't hold all the cards. What the government forces/cajoles NS and MS to do with certificates, crypto, Web ratings, could end up helping more users decide to defect from the monolithic apps to smaller,less constraining apps.
It has been called bloatware and it affects everything. Consider PGP 5.0. As far as I know, all the technology being scanned in over this month is available outside the US (e.g. SSLeay, and zip). Although I would rather have multiple implementations, SSLeay is a DLL under windows, but now I am also going to have a PGP50 DLL, both with MPI and crypto libraries. And that doesn't count the same functions which are in both netscape and msie. Both Netscape and MSIE could have taken an approach where the crypto was put in a different app (i.e. safepassage), so the SSLproxy app would only be available in the US, and cloned at full strength elsewhere. You can do something equivalent on the server side (443 -> SSL-to-plain -> 80). Unless I am really doing something graphic based, I use Lynx. Or "geturl http://whatever | tablerender | less". What is worse about MS/NS is that they can't be automated. I can do a croned geturl every 5 minutes, but how do I extract a given table from a site and import it into excel automatically? I think excel will eventually support URLs in some fashion if it doesn't already, but there are more things which won't parse as easily. And what if the data is on the other side of a form? I think part, if not most of the problem is the GUI paradigm. It is very expensive to start another app, so people clamor for features to be built in to existing apps, so every app must do things other apps do. If you can't click on it, you can't do it. If there is no Download and save the Nth GIF on this page every 5 minutes, I won't be able to do this with a normal browser. This is in contrast to the CLI-filter-pipe paradigm where every program just does one thing. That thing can be extremely flexible (e.g. awk), but it has a limited scope, and another app does other things, but they are designed to be chainable. But it requires thinking to build these chains and "average" users refuse to learn how. geturl www.wherever | grep "pic.gif" | awk ... >nextfile.get; geturl `cat nextfile.get` >`date ..` as a cron job will do the function I suggested above. The question is how to merge the two so GUI apps are small and chainable (maybe embeddable?). --- reply to tzeruch - at - ceddec - dot - com ---
participants (16)
-
? the Platypus {aka David Formosa} -
Alan -
Declan McCullagh -
dlv@bwalk.dm.com -
geeman@best.com -
Jim Burnes -
John Adams -
Kent Crispin -
Lucky Green -
Michael Stutz -
Mismatched NFS IDs -
Robert Hettinga -
sar -
Tim May -
Unprivileged user -
William H. Geiger III