Re: NYT on Internet Flaws
As I pointed out to Ian on Sunday, this is a very old, very well-known bug. As I also pointed out, it is a well- understood fact about Internet security as it stands today that if you can't trust the people on your subnet, you're screwed. I also mentioned the facts that have been mentioned by others on this list (firewalls, most home users don't use NFS, etc.) It is profoundly irritating to find this splashed on the front page of the NYT, contributing to the FUD that largely benefits luddites like First Virtual and those, like MS$, pushing for a return to proprietary networks. (One quote from FV marketing director Pierre Wolfe at the ML conference I recently attended, "The Internet may end up as a ghetto, where people are afraid to engage in commercial activity.") Furthermore, neither the original post or the NYT article place any blame on the role of government regulation or greedy patent-holders in disrupting the formation of protocols based on strong cryptography, which are two of the major culprits in this matter.
Douglas Barnes wrote:
It is profoundly irritating to find this splashed on the front page of the NYT, contributing to the FUD that largely benefits luddites like First Virtual and those, like MS$, pushing for a return to proprietary networks. (One quote from FV marketing director Pierre Wolfe at the ML conference I recently attended, "The Internet may end up as a ghetto, where people are afraid to engage in commercial activity.")
It is a fact of life now that there are many journalists lurking on cypherpunks, and other places on the net. I have been directly contacted by three reporters just in the past week. Our PR department tells me that cypherpunks, and my name, are routinely mentioned by reporters these days. I've seen my postings to this list quoted without my prior knowlege in at least one news article. I wish that folks sending to this list would realize this new world exists, as much as it sucks, and spend a bit more time double checking before posting anything alarmist. In particular, there have been several recent false alarms regarding netscape security sent to this list and others. While I don't want to sweep real security holes under the rug, I think it hurts both cypherpunk and netscape interests for false claims to be coming out of this list. Just to make things clear, I'm not an official spokesperson for Netscape and anything sent to this list is my personal opinion. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
I wish that folks sending to this list would realize this new world exists, as much as it sucks, and spend a bit more time double checking before posting anything alarmist. In particular, there have been several recent false alarms regarding netscape security sent to this list and others. While I don't want to sweep real security holes under the rug, I think it hurts both cypherpunk and netscape interests for false claims to be coming out of this list.
I completely agree that the reporters on this list make things very difficult and people do need to be very careful about posting things which will get misinterpreated by reporters.. but-- This list is -not- an "announcement" list. If I see a potential bug, I want other cypherpunks to tell me whether I am onto something or not, so I would post. If some idiot reporter takes that and writes an article saying "XXX has a hole" that is -EXTREMELY BAD REPORTING-. I understand though, that we can't control what the reporters say and how they interpret what we say. It is very important to word your posts carefully such that when you post a bug a reporter won't think that they should write an article on it until it is verified. It's very sad, though, that we have to be very careful about what we post now because of the media attention. I would prefer if the list could just be a forum where we can discuss things, but that is not the case.
Just to make things clear, I'm not an official spokesperson for Netscape and anything sent to this list is my personal opinion.
As if that is going to help when a reporter sees your post. "Jeff Weinstein, Electronic Munitions Specialist at Netscape, said, 'XXXX'" -- doesn't put you down as "spokesperson for netscape", and doesn't contain any factual errors, but is damn misleading and makes it sound like you are speaking for Netscape... I guess I'm rather lucky being in charge of a sole proprietorship-- there isn't very much difference between me speaking for myself and speaking for my business. (There are some differences, yes, but very small.) -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer@c2.org
According to rumor, sameer said:
I completely agree that the reporters on this list make things very difficult and people do need to be very careful about posting things which will get misinterpreated by reporters.. but--
This list is -not- an "announcement" list. If I see a potential bug, I want other cypherpunks to tell me whether I am onto something or not, so I would post. If some idiot reporter takes that and writes an article saying "XXX has a hole" that is -EXTREMELY BAD REPORTING-.
It's the "information wants to be free" mindset meeting the "I've got an hour till deadline and my house payment is due, and if I get scooped again I'm out of a job" mentality. (Apologies to the reporters on the list who work hard to develop stories, and do a good job for the most part). What is happening is two different systems are interfacing, and the "bad reporting" we see are just translation errors. In the many to many system on the net, there is information flowing both ways, and knowledge is additive. In traditional media, it's a one way flow, and a "story" is often a one shot information transaction, with little opportunity built into the paradigm to expand or correct the information once it is sent. Will the interface get better? My hope is that it will, because as more and more people get involved in the net, the audience for traditional media will become more aware of inaccuracies, and poor information will be less saleable than it is currently. -- Kevin Prigge | Holes in whats left of my reason, CIS Consultant | holes in the knees of my blues, Computer & Information Services | odds against me been increasin' email: klp@cis.umn.edu | but I'll pull through...
In article <199510120347.UAA27336@infinity.c2.org>, sameer wrote:
I completely agree that the reporters on this list make things very difficult and people do need to be very careful about posting things which will get misinterpreated by reporters.. but--
This list is -not- an "announcement" list. If I see a potential bug, I want other cypherpunks to tell me whether I am onto something or not, so I would post. If some idiot reporter takes that and writes an article saying "XXX has a hole" that is -EXTREMELY BAD REPORTING-. I understand though, that we can't control what the reporters say and how they interpret what we say. It is very important to word your posts carefully such that when you post a bug a reporter won't think that they should write an article on it until it is verified. It's very sad, though, that we have to be very careful about what we post now because of the media attention. I would prefer if the list could just be a forum where we can discuss things, but that is not the case.
Folks: Don't lose heart completely that your discussions on this list are not being read carefully by some of the media. As a case in point, I'm a freelance magazine writer who has been lurking on this list for at least 6 months (although I do get behind at times due to the volume). My reason for doing so is to become familiar enough with crypto issues so I might be able to write intelligently about these at some point in the future. Bad or superficial reporting is just that. It is part of a writer's job to understand what he is writing about, or at least understand it enough to be able to accurately inform the uninformed about something. You shouldn't be too disheartened about mis-reporting regarding this list because there is definitely something you can do about it -- at least after the fact. There is nothing that makes a sincere writer squirm more than his getting his facts wrong or even inadvertently misinforming his readers. If someone mis-reports something which is discussed on the cypherpunk list, a letter to the editor clearly pointing out the factual error not only has a good chance of getting printed, but also places the writer in an uncomfortable position of having egg on his face with his colleagues, bosses, etc. And while this might not undo the damage done by the original article, the writer or reporter is subsequently likely to check his facts a lot more carefully when writing about the topic again (unless he or his editors have a hidden agenda). Which isn't to say that the writers and reporters who lurk here will necessarily agree completely with the general cypherpunk views regarding crypto-anarchy and other such matters. However, this is high quality mail list and the more that writers and reporters lurking here, the more chance there is that your views will be understood and given serious consideration. And those views will increasingly surface as at least _one_ point of view presented in media articles, whether they specifically mention cypherpunks or not. Worthwhile ideas, if a few people keep putting them out there, have a way permeating a culture in strange and sometimes almost untraceable ways. Or as Margaret Mead put it: "Never doubt that a small group of thoughtful, committed citizens can change the world; indeed, it's the only thing that ever does." ... back into lurk mode. -- Blake Harris
I completely agree that the reporters on this list make things very difficult and people do need to be very careful about posting things which will get misinterpreted by reporters.. but--
Blake writes..
Folks:
Don't lose heart completely that your discussions on this list are not being read carefully by some of the media. As a case in point, I'm a freelance magazine writer who has been lurking on this list for at least 6 months (although I do get behind at times due to the volume). My reason
I've been on this list almost since it start.. and in that time I've become a freelance writer.. as have other more well known list members.. I think the thing to understand is that there is always room for misinterpretation.. by reporters and by our own flames (if the list traffic is any judge..)... To speculate further on the human condition would be off topic..but it's clear the Cypherpunks is a very valuable thing to many people for many reason and I think (from the point of self interest) to all of society.. /hawk Harry Hawk habs@panix.com
Excerpts from mail: 11-Oct-95 Re: NYT on Internet Flaws Douglas Barnes@communiti (1042*)
It is profoundly irritating to find this splashed on the front page of the NYT, contributing to the FUD that largely benefits luddites like First Virtual and those, like MS$, pushing for a return to proprietary networks.
???Luddites??? Excuse me, have I missed something? Let's look at FV's founders: -- Einar Stefferud is one of the grand old men of the Internet, a major contributor to Internet standards efforts for over 20 years, and a behind the scenes player in almost every major email-related development in the last 20 years. -- Marshall Rose is the author of SNMP, lots of widely used software, and six books on Internet-related technology. He's been a major factor for progress in IETF and Interop for many years. -- I'm one of the authors of MIME and lots of widely used software. I am most commonly criticized for being technology-crazy, as in the multimedia excesses of the CMU Andrew system, rather than for being a Luddite. Collectively, I'd venture to say that FV's people have pushed the Internet envelope more than any other similarly-sized group of people you could find anywhere on the planet. And in our current incarnation, we deployed the first Internet-wide open payment system, and have run it through a year (this coming Sunday) of exponential growth with only a few days of downtime. As I understand it, a "Luddite" is someone who is unreasonably opposed to technological innovation. The only thing I can assume is that, in your lexicon, "Luddite" is synonymous with "sees problems with the deployment of public key encryption technology to the masses". If believing that cryptography isn't magic and isn't a perfect solution to all problems makes us Luddites, then we're Luddites. In point of fact, we're very heavy users of cryptography internally, we have just chosen not to make all our users master its subtleties. Watch for the first visible use of cryptography in our system, coming soon -- we're going to push the envelope in the safe deployment of cryptography, too. -- Nathaniel -------- Nathaniel S. Borenstein <nsb@fv.com> | When privacy is outlawed, Chief Scientist, First Virtual Holdings | only outlaws will have privacy! FAQ & PGP key: nsb+faq@nsb.fv.com | SUPPORT THE ZIMMERMANN DEFENSE FUND! ---VIRTUAL YELLOW RIBBON-->> zldf@clark.net <http://www.netresponse.com/zldf>
participants (7)
-
blake@io.org -
cman@communities.com -
Harry S. Hawk -
Jeff Weinstein -
Kevin L Prigge -
Nathaniel Borenstein -
sameer