www.satn.org
|
||||||||||
|
|
|||||||||
|
Comments from Frankston, Reed, and Friends
|
|||||||||
Thursday, February 21, 2002 BobF at 6:45 PM [url]: Re: Too much surveillance means too little freedom I wrote this in response to a William Safire column: "Too much surveillance means too little freedom". This is another piece I sent to David Farber's list. I have a backlog of pieces I want to write for SATN but reactive writing gets priority because, well, it's a reaction. I remember arriving at SFO (San Francisco Airport) unsure of which plane to take-did I want to fly to Seattle or Boston that night. It was about 9PM so I needed to decide soon and I had open tickets I could use for either one so I didn't have to decide till I walked up to the gate. These days that would mark me as very suspicious or worse. Imagine my having to explain to a security guard as I entered the airport that I didn't know which coast I was flying to and didn't see why it was his business and I did have at least half an hour to decide which coast. I'm still mulling a longer set of 9/11 comments. I do remember the "duck and cover" 1950's in New York. We assumed that the missile would be aimed at Columbus Circle (59th and Broadway). 10 Megatons you might survive, 100 don't bother. It was a time when we saw terrorists everywhere and knew that they did in deed have weapons of mass destruction and the means to deploy them and wouldn't limit themselves to symbolic targets. While many did accept Joe McCarthy's claims (slightly before my awareness), imagine if we had put all our energy into bomb shelters and protection and didn't allow for any risk taking and uncertainty? As an aside, I remember Khrushchev's (USSR leader in the 1950's) son (now a US citizen) talking on C-Span about his father's first visit to the US. As basically a hick from the boondocks (to loosely translate into American metaphors) he was surprised and shocked at the hostile reception he got and the clear message was that he had better prepare to defend himself. The reason I haven't yet written my longer comments is that there are a set of complex issues. The simple point is that it dangerous to try to avoid risk either by fearing engagement with the world outside the US (and thus letting problems fester) or the other extreme, by banning uncertainty and tolerating free speech only as long as it isn't abused. Alas, in email, I have to be explicit and point out that this is meant to be read sarcastically. Note that when I write on the Web I try very hard to avoid accidentally using words like "foreign" and other implicitly US-centric language. The concept of "free speech" is a subtle example since it is very much a US term embodied in the (US) Constitution. In fact, it was added only as an amendment. I personally consider it to be an early form of the Internet in the sense that it shifted the onus of "dealing with it" from the speaker to the listener. Innovation is almost by its nature disruptive and thus likely to fail if permission is required (AKA prior restraint). It's the danger that Larry Lessig points out as people try to make the Internet "safe". Wednesday, February 20, 2002 DPR at 10:28 AM [url]: Fibers into the home actually ET abduction probes? Is it possible that ZDNet and David Coursey have hired the media consultants who shaped the Star, the Globe and the National Inquirer? The headline on Coursey's ZDNet piece today tells it all. Ultrawideband: How it could watch you in your boudoir. Amid a collection of technically misinformed assertions, Coursey emphasizes speculation that UWB might be used to spy in our homes. Sounds scary, right? Right up there with the assertions that any use of UWB would cause planes to fall from the sky (another rumor used by opponents to block any commercial use of UWB technology). Giving Coursey the benefit of the doubt, maybe the deeper intellectual issues associated with spectrum policy are too boring for his readership, so he felt compelled to spice it up with something his readers could relate to - peeping Toms. But I think that's being too nice. Maybe the next thing for ZDNet to cover is the tie-in between Britney Spears' dating problems and MP3 downloading... Tuesday, February 19, 2002 BobF at 11:05 PM [url]: Billy Tauzin featured in Slate This letter has been forwarded to David Farber's IP list. That version was in plain text. This version retains the typography and should be more readable. I wrote this note last night and wanted time to mull it. It is interesting to note how much the Enron story makes great theater whereas the Telecom issues that are more significant go unnoticed. I also happen to be listening to the C-Span as I write this. It is a replay of a 12/5/2001 episode on Watergate including Nixon's explicit orders to stop pursuing specific anti-trust cases. Billy Tauzin the co-author of the �Tauzin-Dingell� bill that will perpetuate the incumbents control over connectivity and assure that the current businesses are preserved by preventing new ones from threatening them. (An admittedly biased summary) I was going to just forward a pointer to the article but in reading it I felt obliged to comment further. So far as much as I've ranted about the telecommunications situation I�ve given the benefit of the doubt to the players. For example, I�ve hesitated to compare the Bells with Enron but there is a parallel in that the accounting practices of the Bells might be mathematically correct but the premises are completely fictitious as they are based on regulatory constructs rather than a marketplace. The articles points out that he is �pro-business�. But there is a big difference between preserving current companies (by, for example, shielding them from scrutiny) and preserving �business� in the sense of facilitating the marketplace. In an attempt to learn more I went to his web site at http://www.house.gov/tauzin/and then the English version but the site hasn�t been updated in a long time. The name of the bill he is sponsoring the �Internet Freedom and Broadband Deployment Act of 2001� (http://thomas.loc.gov/cgi-bin/query/D?c107:1:./temp/~c107oEqT7i::) In looking at the bill the key provision is �(a) FREEDOM FROM REGULATION- Except to the extent that high speed data service and Internet access service are expressly referred to in this Act, neither the Commission, nor any State, shall have authority to regulate the rates, charges, terms, or conditions for, or entry into the provision of, any high speed data service or Internet access service, or to regulate the facilities used in the provision of either such service.� While the bill is supposed to provide a choice of Internet Service Providers it fails to provide a choice of ACCESS providers. This is part of the basic misunderstanding. The problem is not in being unable to reach a particular service; it is in having sufficient access to the Internet to invent new services. Where is the incentive to increase the access beyond minimal goals? It would be nice if the removal of regulations also removes protection from anti-trust but that is probably too much to expect. The story is at http://slate.msn.com/?id=2062048
Some Excerpts
Sunday, February 17, 2002 BobF at 1:16 PM [url]: Don't worry, it's for your own good. This is based on another note I sent to David Farber's IP list (though he hasn't forwarded yet -- I'll updated this not if he does) responding to a series of comments prompted by the controversy over whether ComCast should be analyzing web traffic even if they claim to be doing no tracking of personal information. As David Reed has pointed out, part of the problem is that such meddling is not really transparent. This is in response to a letter that pointed out an additional problem due to software that ComCast told people they need to install on their local machines. But that software caused severe system problems that were hard to find. The two problems are closely related in that the damage is unintentional but stems from agendas that do not include sufficient attention to the demographic units (AKA user) needs. It is fair to blame ComCast for the problems caused by finagling people into getting them to run spy-ware on personal computers. But it is symptomatic of an attitude that considers programs that watch our web activities as simply extensions of the normal marketing practice of trying to target audiences and is even seen as virtuous by trying to presents us with only product blurbs we would be interested in. In an older essay on my connectivity theme I cite George Bell, then president of Excite, who was excited(!) to tell us about the near-future in which they would be able to pop up just the right ad as you browsed. For example they would look you up in the GM Warranty database and find that you were a Florida resident whose Cadillac was a few years old and you were ready for a new one. I see the obvious next step is the banner: "The Morning-After Pill: You forgot something last night". An interesting example is Limewire. In the post-Napster era, it is understandable that one would want to use the patronage model to support music. Advertising is one form of this but so is selling demographic data. Why do you think warranty cards ask about all those personal questions? This is the way "free" online services tried to pay for themselves. There are many programs like this and if you use unique email addresses every time you register online you'll also see which companies supplement their income by selling your good name. The good news is that most don't but financial desperation is a strong motivator. I can sympathize with the reality that such practices are considered normal marketing even though I find them sleazy. But, as the Comcast/Broadjump example demonstrates, there is real damage caused by using software that is well below acceptable standards. One example was an early "CD-Plus" (CDs with software to enhance the experience), whose install procedure was simply to copy the software into the C:\Windows directory on top of what might've already been there. I found this out immediately since I used a different name. In fact, I often run without a C: drive and find all sorts of sloppiness. Getting software to run well in a wide variety of environments is not easy but normal software companies try. The sleaze-ware (if I may be permitted to be judgmental) providers are not intentionally malicious; they might simply not understand any of this. It's like being unable to transition from the control one is used to in the print media to the dynamics of the Web. At least the web pages are treated as foreign and allowed to cause only limited havoc; the sleaze-ware that infests ones computer is run with full authority and is essentially a virus. Two worlds:
I use they/we since my guilt is closer to the latter group but am trying to be evenhanded. I do consider it to be very unethical to install software under false pretenses (you must run this to use our service) and then compound it by negligence. DPR at 11:29 AM [url]: Attack of the middleboxes I had a dream last night, very surreal. I dialed Dan Bricklin's phone number. After a short pause, a clipped midwestern female voice answered: "This is Dan." His usual greeting, but not his usual voice. "Who are you, really?" "This is really Dan." I decided to go along with the gag. We talked about the speech we are giving together in April at the DiamondCluster Exchange on mobile technologies and business. It sure seemed like Dan, but each response began with a pause and the voice was definitely alien. "Did you know your voice is different?" I say. "No, but come to think of it, you sound different too." Then I dial Bob Frankston's number. Same voice: "Hello." "Hi Bob." "Who is this?" "David, of course." Bob is talking at about 200 milliFrankstons and the voice is clear as a bell, compared to his usual high-speed outpouring of syllables. Again I go along with the gag - must be a conspiracy between Bob and Dan using some kind of voice-changing software. As I talk to him I notice that some of the phrases uttered by the voice are pure garble - like the Sprint commercial. "Regulatorium" seems to be replaced by "Regular Tory, um, ...", "DNS" becomes "venus", etc. This sure is strange. So I say to Bob, "Hey, this voice-changing software really doesn't work for you." Bob says, "what software?" And I realize it isn't Bob. It's the phone company... they have put in a translator. Bob and I decide to try something hard, and call up a friend of mine in Germany. Same clipped midwestern voice, English words, but this time I can't make sense of it at all. "Speak English, please" I say, and with that, the midwestern voice starts to emit sensible words. I guess the phone company's software kann nicht Deutsch verstehen. A surreal dream? Yes. But in the world of today's high speed ISPs, it's becoming reality. Recently I was staying in the Ritz-Carlton in Pasadena, which has a nice high-speed Internet service from STSN. But when I had connected my computer and signed on, something strange happened. I had composed a few emails on the plane, so I told Eudora to check mail (which also sends any pending mail). I got an immediate response that my mail server was not responding, but the messages I was sending got sent. Pinging my mail server I discovered that indeed it was down due to a problem. So how did my mail get sent (I use the same machine as my SMTP server, and it was clearly down). My curiosity go the best of me - I decided to use telnet to connect to my SMTP server as if I was Eudora. Lo and behold, I got a response from a server that identified itself as belonging to STSN. But wait - the address I was telneting to was the numerical address of my server, not STSN's server. I tried another SMTP server. Same result - STSN's server answered. Then I tried a machine that doesn't exist. STSN's server again... it seems that STSN has set itself up to intercept connections to any machine at all if the target is identified with an SMTP port. It then accepts all the mail you send, presumably forwarding it on. I sent a message to myself, and sure enough when I got it, the routing headers showed that it had been routed through STSN's email server, rather than mine. Is this a good thing? Well, I'm not sure. STSN's server does not handle all of the features supported by other SMTP servers (such as SMTP-AUTH). This disconcerted a friend who uses SMTP-AUTH when he talks to his server - when he sent a message, his email package complained that SMTP-AUTH was rejected by his own server! And the idea of an intermediary injecting itself at a point where it can read my mail is also somewhat disquieting. Another example is Comcast's recent debacle. Recently Comcast changed its subscribers over to a system that intercepted all web traffic being routed to any server on port 80 (the default port used for HTTP requests). This interceptor received the request, studied it, and modified it, forwarding the request to its original destination. When the destination replied, it forwarded the result back to the browser machine, again slightly modified in an attempt to make itself invisible. This was apparently an attempt on Comcast's part to track all web traffic from its users. Soon after beginning this exercise, with its cover blown, Comcast was forced to state that it would not track or record user's web accesses. What's interesting is that Comcast justified its action by saying that its Terms of Service allowed monitoring. David Coursey, the Rush Limbaugh of ZDNet columnists, decided to blast those who complained as "privacy nuts" who should just switch providers if they don't like the Terms of Service. But neither of these folks admitted that Comcast's actions went beyond mere tracking, to reading and modifying traffic between user and server. In fact, it is not clear to me that Comcast actually removed the interception boxes, or if it merely stopped recording the data captured. Each of these examples represents a new and rapidly accelerating phenomenon - the rise of middleboxes, pieces of hardware and software that place themselves in the middle of communications. Sometimes they are called "transparent middleboxes" - but since they don't really understand what is going on, they are hardly undetectable. Like the midwestern voice in my dream, they can introduce errors and restrict users to communicating only in the subset language understood by the middlebox - I had to get my German friend to switch to English, even though I understand German perfectly. My biggest problem with middleboxes is that they block innovation. Imagine trying to deliver singing telegrams over the phone with the "lady in the middle". Or in the case of the ISP, what do you, as a customer or eBusiness, do when middleboxes intercept every protocol, and only support those that they understand or like. Other problems involve unreliability, distortion, etc. It's hard to authenticate where a message is coming from if all messages seem to be originated at a middlebox. And of course, the solution to any of these problems involves the ISP who caused them in the first place - they are happy to fix their middlebox to support you better, "but let's talk price, because it will cost us to make the software smarter". Cui bono? Similar schemes have been called "protection rackets". The benefit of middleboxes accrues only to the ISPs, while the costs spread to everyone on the Internet. Costs include unreliability, bugs, performance, etc. And of course there are risks to privacy (if you have a middlebox, the temptation to spy and meddle becomes higher - and what about the temptation to subpoena captured data? Unlike librarians, ISPs don't have a tradition of resisting pressure to rat on their users or police their users habits). But the biggest cost in my mind is the impact on innovation. As these middleboxes proliferate, deploying new protocols and new applications must take them into account. NAT routers and firewalls were the first middleboxes, and they have already impacted the ability to deploy streaming multimedia and multiuser collaboration software. Middleboxes that intercept SMTP can slow or prevent deployment of SMTP enhancements that support better authentication and security. Middleboxes that intercept web access will slow or prevent innovations that make the web more effective and powerful. The problem is that middleboxes insist on understanding (or assuming they understand) what is being said over the network. Imagine trying to run a modem with the "lady in the middle", even if she can whistle pretty well. I suppose the lady could learn to speak German, but that leaves Swahili speakers disenfranchised. It's not clear that middleboxes are legal. In the telephone case they clearly aren't - telephone companies that record or intentionally interfere with ordinary communications violate the law. But ISPs don't seem to worry about that. Perhaps they also might be liable for civil damages, especially if they pervasively interfere with Fortune 500 company web sites and email traffic, decreasing the chances that users can get through to them. I'm not a lawyer, so I'll leave it there. But there is something that we as technologists can do to preserve innovation. That is to move all Internet protocols to be based on end-to-end cryptographic authentication and security. This makes middleboxes fail to work. Even with low-strength encryption, middleboxes just can't do their job - they can't make those little modifications on which their spoofing depends, and they can't read the contents of messages enough to discriminate among the traffic. And if middleboxes can't be made to work easily, vendors won't build them and ISPs won't be tempted to deploy them. DPR at 10:33 AM [url]: Microsoft Office XP and the home user I am finally getting around to thinking about upgrading all the computers in my house with a next generation of office productivity software. There are 8 machines here now (not counting my old P5 100 MHz laptop). So just the cost of upgrading to Office XP Standard is daunting (close to $3000). Of course two of the machines are my kids', so I can save a little there by buying the student and teacher edition. And on a couple of the machines, I suppose I can get away (perhaps) with the Word viewer and Powerpoint viewer that you can download from MS's website (though it doesn't say it supports Word XP or Powerpoint XP). This has got me wondering... do I really want all these copies? How to economize without sacrificing the gains of having computers where I need them? After all, there are only 4 human beings here and a dog. Alternatives I'm seriously considering: Star Office, which is free. Keeping all files in HTML form (see Bob's post on HTML lite below). Converting all files into some common format like PDF that can be viewed everywhere in a more WYSIWYG form than HTML. Of course MS could fix this with a home network license if they wanted... |
||||||||||