Crypto CD UpDate

Timothy C. May tcmay at got.net
Thu Mar 28 12:41:39 PST 1996 


Thoughtful comments, so I'll comment on Henry's comments:


At 6:10 PM 3/27/96, Henry Huang wrote:

>I'd argue that having a slightly out-of-date CD-ROM is better than nothing,
>because:
>
>- It gives you an idea of what sorts of crypto applications are out there,

True, but your later point about who the intended market is makes the point
I was making: the likeliest users pretty much know what they want and snarf
the most recent (and debugged) version off the Net. (I have little
interest, speaking as a user, in the zillions of variants of CryptDisk and
SmartCrypt and whatnot that get mentioned here....I really only want
"MacPGP" in its latest version, at this time, and for this the Web is
certainly fast enough for me.)

And I suspect I am not that unusual. The faster access to a CD-ROM is not
too useful to most, as the time to install, learn, use, etc. a new crypto
program is many orders of magnitude greater than getting it by even a 14.4
modem.

>- If the authors are smart they'll include URL's to an update site
>  in the documentation (or the CD-ROM producer can do it),

Indeed. Of course, many of these URLs will be dead within a few months of
the CD-ROM being cut, so search engines remain the best way to find the
actual sites and latest version.

>- Not everyone out there is Net-savvy, or has the time to go trudging
>  around looking for the latest cutting-edge versions of software.
>  Time *IS* money.

I agree. But they should learn to use search engines....even AOL and
Compuserve are now offering such access to Alta Vista and such. Not to
sound elitist--just realist--but anyone who wants "AmigaCrypt" and can't
find a way to retrieve it from whatever obscure site that updates it with
bug fixes, is lost.

(And I think we have to be careful to remember the scope of Mr. Holiday's
offer. What are the odds that he will become a nearly full-time archiver of
interesting crypto programs and do the scouring of the Net/Web for
interesting programs? What are the odds that AmigaCrypt will even _be_ on
his CD-ROM?)


>I'd almost argue that Tim's emphasis on using the Web to get crypto
>assumes a sort of Net-centric view of how the crypto is going to be
>used -- similar to reported provisions in the Leahy bill.  The idea
>that people who just want to encrypt personal data might not need the
>latest versions of everything out there is reasonable -- as long as
>the latest versions aren't BUG FIXES.
                     ^^^^^^^^^^^^^^^^

Well, this is really what I had in mind as the main reason for using the
latest version. Bug fixes that fix the actual crypto code may be less
common than bug fixes that let the program work with the latest OS and
such, but in either case it is important to have the bug fix. (Imagine the
frustration of a user trying to run WindowsCryptomatic and finding,
eventually, that the problem that prevented it from running in Windows 3.1
was fixed in WindowsCryptomatic 1.3? And that Mr. Holiday's opus only
contained an early version of WindowsCryptomatic?)

My essential point is that nearly any target user I can think of is going
to zoom down the directory tree to his machine, his OS, his configuration,
and then look for the handful of programs that work...the other 619
megabytes on the CD-ROM don't interest him. And he's going to want a
robust, recent version. For nearly all target users, the Web is the ideal
solution.

(At least compared to a one-off CD-ROM....I haven't seen comments from Mr.
Holiday recently, but I rather doubt he'll commit to an essentially
full-time job of updating the CD-ROM. And of course, will customers buy it?
This I doubt.)


>
>In that case, Tim's argument about stale versions would carry some
>merit.  But this is the case for ALL non-Net distributed software; you
>don't see companies refusing to cut CD-ROMs simply because they're
>worried their users won't be able to get the latest bug fixes.  In the
>ideal case, they'd do the best they can to make sure that people did,
>but you have to be realistic.

Companies cut CD-ROMs for lots of reasons. Often, it is much cheaper than
distributing a dozen or more floppies. And manuals are often distributed
online, in Postscript or Acrobat sorts of formats, thus cutting printing
costs. If the Cypherpunks folks had a similar problem--distributing
hundreds or thousands of floppies and printed manuals--then a CD-ROM would
be a compelling alternative.

Such is not the case, as the software already exists on the Web. So, what's
the compelling reason, especially given the disadvantages cited?

(An interesting question is why commercial vendors don't distribute on the
Web. Well, some do. Netscape, for example. "Click to download." But large,
expensive packages such as FrameMaker or Photoshop have other issues at
hand--security, payment, lots of manuals, etc. I eventually expect more
distribution via the Web. Not a wholly original thought.)


>Plus, comparing the speed of a CD-ROM to a modem is like comparing the
>speed of a station wagon to a skateboard.  CD-ROMs aren't exactly fast,
>but they sure as hell aren't anywhere near as slow as the water-torture
>speeds of your average v.42bis modem.

It depends on how narrow one's focus is. As I recall, it only took me a
couple of minutes to download and automatically unbinhex/unstuff the latest
MacPGP. I submit that _most_ crypto users and potential users have the same
focus: they have little need to download tens of megabytes of programs, so
the speed issue fades out.

...
>I don't buy this.  Many of the well-known/widely-used Net-distributed
>crypto apps haven't put out updates for a LONG time.  Even if it was the
>case that they were throwing out bug fixes every two weeks, my previous
>comments still hold.  (And anyhow, you probably wouldn't WANT to have
>software THAT unstable in your collection anyway.  ;)

I wouldn't. To answer this question we (or Mr. Holiday) need to look at
some numbers:

-- the frequency of "significant" updates for products

-- the frequency of updates of Mr. Holiday's proposed CD-ROM

I could give anecdotal experiences, but why bother. (I'll give one: I
downloaded PGPhone, for the Mac only initially, the day it became available
at the MIT Web site. For various reasons, I couldn't get it to work. This
was last fall. I understand a new version that fixes some problems now
exists, several months later. So, a CD-ROM that had the version of last
fall would not be too interesting.)

My guestimate is that a CD-ROM of crypto programs would have to be updated
TWICE a year, consistently, to be useful. While I know nothing about Mr.
Holiday (itself a reputation issue, not meaning any disrespect to Mr.
Holiday), I do know that most "volunteer" projects follow a characteristic
lifecycle: initial excitement, a "let's put on a show!" attitude, hard work
to get thet first release out, a period of recuperation, and then, often,
abandonment.

(I plead guilty to this on my Cyphernomicon. There is no way in hell I'm
going to devote months of my life to trying to keep it current, especially
when it's so much easier now to just use Alta Vista to search Web pages and
Usenet articles for keywords and concepts.)

>I'm starting to think that the question of whether this CD-ROM is useful
     ^^^^^^^^^^^^^^^^^

This is where I started from!

>depends on who you're selling it to.  People who hang out on Coderpunks,
>or are "in the loop" as to version updates and crypto sites won't want
>this.  People who want to buy the CD just to be "cool" aren't an issue.

Indeed on both of these points.

>The SOHO market (i.e. people who don't normally use the Net, and who
>ordinarily wouldn't care too much about crypto) seems to be the ideal
>target.  But how do you sell a piece of software to an audience that
>doesn't know it needs it?

Indeed. Plus, the whole idea of "selling" this CD-ROM will trigger
resistance. (I'm not saying Mr. Holiday doesn't have a right to try to sell
it--though he may find that he'll have to be _very_ careful and diligent on
getting appropriate releases, else he could find himself in hot water if
even a _single_ author objects to having his program on such a CD-ROM!)


>Perhaps this could be a chance to spread the gospel, so to speak.  However,
>that would mean the CD would have to be designed around these people --
>i.e. for ease of use, etc.  These issues have probably been beaten to
>death a long time ago (e.g. PGP shells), and shouldn't be too difficult
>to resolve.  The multi-platform stuff (DOS/Mac/**IX on one disc) will
>be harder; you'll need to code a different interface to the CD for each
>platform.

Now this project is turning into a Big Project. Good luck!


>
>Hmm, do I hear a volunteer for writing that Crypto Software Web page?  ;)
>


Actually, I've found there is no need for a specific page. There are
hundreds of pages that have links to thousands of other pages.

Maybe I've just gotten "searchcentric," but I rarely go to specific pages
anymore to find information. Instead, I keep Alta Vista always ready to go
and use it to zoom in quickly.

These "metapages" are better than pages!

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."

More information about the cypherpunks-legacy mailing list