Computer underground Digest    Wed  July 28, 1994   Volume 6 : Issue 68
                           ISSN  1004-042X

       Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
       Archivist: Brendan Kehoe
       Retiring Shadow Archivist: Stanton McCandlish
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Copper Ionizer:        Ephram Shrustleau

CONTENTS, #6.68 (Wed, July 28, 1994)

File 1--Preliminary HOPE (Conference) Panels
File 2--Re: Sysop Liability for Copyright
File 3--Re: Response to - Sysop Liability for Copyright (CuD 6.62)
File 4--Re CuD 6.66--Roger Clarke on authoritarian IT
File 5--Re: CuD 6.62--Response to Wade Riddick Open Letter
File 6--Reply to DNA debate

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send a one-line message:  SUB CUDIGEST  your name
Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on  internet);
and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE:   from the ComNet in LUXEMBOURG BBS (++352) 466893;
          In ITALY: Bits against the Empire BBS: +39-461-980493

  UNITED STATES:  etext.archive.umich.edu (141.211.164.18)  in /pub/CuD/
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
                  world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
                  uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/
                  wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
  EUROPE:         nic.funet.fi in pub/doc/cud/ (Finland)
                  ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

  JAPAN:          ftp.glocom.ac.jp /mirror/ftp.eff.org/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

----------------------------------------------------------------------

Date: Mon, 25 Jul 1994 02:00:12 -0700
From: Emmanuel Goldstein <emmanuel@WELL.SF.CA.US>
Subject: Preliminary HOPE (Conference) Panels

Here is the first draft of the topics to be covered on the HOPE
panels. This is a tentative list - more topics will be added and
others will be modified. The actual times of the panels will be
released at the conference.
  +=======================================
Hackers On Planet Earth
Saturday, August 13th, 12 noon
to Sunday, August 14th, 11:59 pm
Hotel Pennsylvania, New York City, 18th Floor
(People helping to set up the ethernet can come by Friday night.)

For full registration info, call (516) 751-2600 or
email/finger info@hope.net
=======================================================
NETWORK MUSIC PROVIDED IN PART BY SUB-POP

OPENING ADDRESS WELCOMING HACKERS TO NEW YORK WILL BE GIVEN BY
EX-CENTRAL INTELLIGENCE AGENCY EMPLOYEE ROBERT STEELE.

===================     TENTATIVE TOPICS     ===================

FUN WITH PAGERS

Have you ever had the opportunity to monitor the pager of your
choice, seeing each and every page as it comes over, alphanumeric
included? You will. The entire city of New York is wide open and
we'll demonstrate exactly how it's done. More pager tricks and
little-known facts will be presented.
Hosted by Thomas Icom
===============
CELLULAR

OK, how is it done, really? We've all heard about cellular phone
cloning but how many of us have had the guts to actually do it
ourselves? Actually, probably quite a few because it's relatively
easy. But, as with any technological trick, there is a multitude
of misinformation being handed out. That won't happen here as the
true experts will be on hand to demonstrate cloning and answer
questions. We will show how cloning is not just for criminals and
how you can clone a phone on your own PC! Cellular software to do
this will be made available for free! You will also see first
hand the risks of using a cellular phone.
Hosted by Bernie S. and Count Zero
===============
THE N.Y.C. METROCARD

New York City has just introduced a brand new farecard system for
mass transit, one unlike any other in the United States. We have
been gathering data on this system for some time now and hackers
all over the world are trying to figure out ways of cracking it.
Unlike most other mass transit card systems, this one uses master
databases. We will read the cards, duplicate them, and make every
attempt to defeat the system. By the end of HOPE, we will have
either cracked it or deemed it secure. Your participation is
encouraged. We expect to have representatives of the Metropolitan
Transit Authority on hand to answer questions and keep a nervous
eye on us.
===============
CHAOS COMPUTER CLUB

For many years now, Germany's Chaos Computer Club has been making
headlines all over the world for all kinds of mischief. But, as
with all things, there is much much more to the story. For the
first time ever, the CCC will be in this country to answer
questions and share information of all sorts.
===============
HACK-TIC

Although it's almost entirely in Dutch, Hack-Tic and the many
people involved in its production have been the inspiration for
hackers all over the planet. If HOPE is half as successful as the
two hacker congresses Hack-Tic has hosted (Galactic Hacker Party
of 1989 and Hacking at the End of the Universe of 1993), it will
be an incredible event. Because of the far more relaxed
atmosphere in Holland, hackers there are able to accomplish much
more without all of the paranoia that is so abundant here. We
will hear their story and find out about all of the technological
projects they're involved in.
===============
SOCIAL ENGINEERING

By far one of the most effective ways of getting information is
the art of social engineering. You will see some live social
engineering, get tips on what not to do, hear some great
legendary tales from the masters, and listen to social
engineering tapes of the past. You are welcome to participate in
our social engineering contest - we give you an operator and you
go as far as you can.
===============
LINUX

Linux is the Freely Distributable Unix clone available by ftp
from many sites on the Internet.  It is a remarkably complete and
stable OS for intel-based PC's that is a direct result of the
existence of the Internet, which allowed for the cooperative
development team of volunteers to communicate in real time during
their development of their respective parts of the project. Linux
continues to enjoy rapid development and is already a viable and
popular alternative to commercial Unix OS's.  It is being
installed in basements and at commercial, academic, and
governmental organizations around the world. Michael Johnston,
developer of the new Slackware Professional Linux package (in
partnership with Patrick Volkerding, author of the Slackware
distribution of Linux on the net), will speak on the differences
between the different Linux distributions available "for free" by
ftp on the Internet, and in particular the changes in Slackware
(the most popular Linux distribution on the net) between versions
1.2 and the new 2.0.
===============
UPDATE ON ITALIAN HACKER CRACKDOWN

Recently, one of the largest computer raids in history took place
in Italy, focusing its attention on Fidonet. The investigation
and the overall oppressive atmosphere are continuing. An update
from an eyewitness.
===============
HOW DO HACKERS HANDLE MALICIOUS USERS?

With so many new people being drawn to the net every day, the
criminal element is bound to become more visible. This means
users who destroy files, wipe entire systems, harrass users, and
cause intentional pandemonium. Perhaps the worst part of this is
that the media considers such deliberate malice to be another
part of hacking. How do hackers deal with such users and the
misperceptions of the hacker world that are created? Is it proper
for hackers to go to the authorities on such occasions or will
that ultimately backfire? You'll hear stories, experiences,
suggestions, arguments, etc. from experts and non-experts alike.
===============
BOXING

Contrary to popular belief, boxing is not dead. As you will see,
there are so many possibilities. We will have some top phone
phreaks on hand to show you what works, what doesn't, what used
to work, what never did, and what probably might. American boxing
is only one small part of the entire global picture. In this
panel, we guarantee all questions will have answers. Also
included: An overview of current inband systems like R1, R2, and
C5. The pains of ANI and the ease with which it can be spoofed.
Cellular and cordless tricks.
Hosted by Billsf and Kevin Crow.
===============
AUTHORS

Steven Levy (Hackers), Winn Schwartau (Terminal Compromise),
Paul Tough (Harpers, Esquire), Paul Bergsman (Control The World
With Your Computer), Julian Dibbel (Village Voice, Spin).
===============
WEARABLE COMPUTERS AND CHORDIC INPUT

Doug Platt of Select Tech will be walking around the HOPE
conference wearing and demonstrating a computer of his own design
that will be connected live to the Internet via wireless
technology. Doug will be reporting live on the HOPE conference
via the Internet as he walks around.
===============
HISTORY OF 2600

How did it all start? How did it almost never happen at all? Are
our phones tapped? What's the craziest letter we ever got? Who
are the people behind the names? How many lawsuits have we been
threatened with? What do the covers mean? Where is it all
leading? Get the picture?
===============
FULL DISCLOSURE - LIVE SHORTWAVE BROADCAST FROM HOPE

Learn all about Full Disclosure, a magazine many consider to be
as dangerous as 2600! Free copies will be available.  On Sunday
at 8 pm a live call-in from HOPE to "Full Disclosure Live" will
take place on international shortwave on WWCR at 5810 KHz
shortwave.
===============
LEGAL ISSUES

Dave Banisar of the newly formed Washington DC based Electronic
Privacy Information Center (EPIC) will fill us in on the latest
laws, restrictions, and risks facing us all. There will also be
updates on the 2600 Pentagon City Mall incident and tips on how
to make the Freedom Of Information Act work for you. Come to this
panel with any questions or comments about the ACLU, EFF, CPSR,
etc.
===============
WHAT IS THIS CRYPTOGRAPHY STUFF AND WHY SHOULD I CARE?

There have been quite a few articles in the national media
recently about cryptography and privacy. Bob Stratton will
attempt to provide an introduction to the terms and technology,
how it affects the average citizen, and insights into the public
policy debate currently raging in Washington and around the
world. There will be a special emphasis on the relationship of
cryptographic technology and emerging personal communications
tools.

------------------------------

Date: Mon, 18 Jul 94 20:36:25
From: "Carolina, Robert" <Robert.Carolina@CCHANCE.CO.UK>
Subject: Re: Sysop Liability for Copyright

>From my reading of the posts on this subject, it appears to me
that there is a pretty serious misunderstanding of a critical
aspect of the Frena case. To put the matter in context, the
original poster noted that the court imposed liability regardless
of the sysop's knowledge of what users were doing on his board.
David Batterson responded: "Nonsense. Frena knew exactly what his
users were doing, and so did the court." Later Mr Batterson
concludes, "... courts CAN recognize copyright infringement when
they see it. And so can I, without being a lawyer." Unfortunately,
the Frena decision goes much further than this fairly
straightforward conclusion.

Because of the procedural posture of the case (motion for summary
judgment), the judge was limited in terms of what he could or
could not decide. There was not much evidence placed before the
court other than the admissions of both parties about the nature
of the files. Thus the judge was faced with a simple question: are
there any facts in dispute which would merit a trial.

Mr Frena clearly was disputing whether or not he had prior
knowledge that the copyright files were on his system. By ruling
against Frena, the judge was saying that this disputed fact could
not influence the outcome of the case. To put it a little
differently, the judge was saying: "Even if I believe your story,
it just doesn't matter -- you are still going to be guilty of
infringement because ignorance of the files' presence on your
board is not an excuse." (Yes, I know that the case does not
appear to say this, but I assure you that this is the message the
court sent to every US lawyer reading the decision. It is also the
message that we have to pass on to our clients when they ask us
"what have the courts said about this.")

Now this kind of a ruling is much more serious than if the judge
had merely said, "I don't believe your story and I am finding you
liable." Unfortunately, the judge was not willing to wait for a
full trial to make this kind of a ruling. Why? There are a few
possibilities which are not mutually exclusive. First, he could
genuinely believe that a sysop with an "open posting" policy
should be strictly liable for the infringing activities of his
subscribers. (Mr Batterson appears to agree with this to some
extent.)

Secondly, he could have been concerned about wasting valuable
court time on what he viewed as a "clearly loser" case. This
second possibility disturbs me somewhat. If the judge was taking
this kind of "shortcut", then he denied Mr Frena his day in court.
More importantly, Mr Frena probably would have had the right to
make his "I didn't know about it" argument to a jury rather than
to the judge. By ruling that the law worked against Frena
regardless of the facts in dispute, the judge took the liability
phase of the case away from any possible jury consideration.

In short, the judge may have decided more than he needed to in
order to dispose of this case quickly and cleanly. In my opinion
he set a bad precedent in the process. My suspicion is that Mr
Frena will probably settle rather than undertake the time and
considerable expense of an appeal. The rest of us will have to
wait for the outcome of the pending CompuServe audio file
litigation in New York before a "major" federal court gives an
answer to this question.

I must admit that I was intrigued by the force of Mr Batterson's
rejoinder on the issue of what a "reasonable sysop" should do. It
seems to me that he would wish all publicly accessible file
servers to be subject to "pre-posting" editorial control. It could
be that he will be proved right in the long run, but I hope not.
(Before people shout that this would not be fair, remember that
owners and occupiers of real property face a similar standard of
liability as regards personal injury suffered by third parties.)

I should stress that the opinions expressed above are mine alone,
and not necessarily those of Clifford Chance. For those of you who
have not yet met me, I am a US lawyer working with the Computer &
Communications practice group of a major international law
practice in London. The points above will be incorporated into a
longer article on the subject of "transmission liability" which I
hope to publish this fall. I will send a pointer to the article as
and when it is printed.

Best regards,

/s/Rob Carolina
----
Robert A. Carolina      Telephone: (071) 600 1000
Clifford Chance         Intl:     +44 71 600 1000
200 Aldersgate Street   Fax:      +44 71 600 5555
London   EC1A  4JJ      Internet: Robert.Carolina@cchance.co.uk
United Kingdom          X.400:    on request

------------------------------

Date: Tue, 19 Jul 1994 14:39:48 +1000 (EST)
From: Mr Rhys Weatherley <rhys@FIT.QUT.EDU.AU>
Subject: Re: Response to - Sysop Liability for Copyright (CuD 6.62)

In CuD 6.64, dbatterson@ATTMAIL.COM(David  Batterson ) writes:

>If you allow immediately downloads, you are providing tacit approval
>for users to upload commercial software programs, which could then be
>available for immediate download.

I flipping well hope this isn't the default "approval test"!  There
are millions of machines across the globe that currently allow users
to upload files for immediate download with no review by the sysop at
all.  It's called "USENET".  Virtually anyone at any time can post
anything anywhere and it is immediately available for viewing (and
download with appropriate software) on millions of machines, not to
mention the original machine it was posted on.  Not just messages like
this one, but copyrighted files too.  From a theoretical standpoint,
there is no observable difference between what happens in a BBS file
area and a newsgroup.  The software paraphenalia might be slightly
different, but the overall effect is the same.

Hands up all those who haven't seen at least one copyrighted file or
newspaper article posted without permission on USENET in the last
month.  No one?  Does us knowing that this happens somehow make us
responsible and we should all be carted off to jail for copyright
infringement?

This is the real danger of making sysops responsible by default.
Applied to USENET sites, if I don't watch my users like a hawk I am
responsible when they step out of line behind my back (and I'm also
responsible if I miss something).

Applied even further, I would be responsible for anything that comes
in over my news feed if I don't scan it before making it available.
You are welcome to volunteer to scan the thousands of messages per day
that hit my system David, but I've got better things to do with my
time.  I'll take action if I'm notified of a problem, but I can't be
expected to prevent the problems from occurring in the first place
without censoring my users (and losing the respect of my users in the
process).

Maybe Frena is guilty of promoting copyright theft.  I'm not in a
position to judge.  But I believe that more evidence is needed than
"since there is an open place there he must be guilty of looking the
other way".  The test for sysop liability needs to have a lot more
preconditions added before it really is used against someone unfairly.
If the EFF, CPRS, ACLU, etc, can succeed in getting those
preconditions added, the world will be a safer place for all of us.

------------------------------

Date: Fri, 22 Jul 94 01:33 EST
From: "Charles E. Petras" <0003225457@MCIMAIL.COM>
Subject: Re CuD 6.66--Roger Clarke on authoritarian IT

I thought the following, which I sent to the paper's author (who is in
Australia), might clarify what "authoritarian" stuff we should be talking
about.

From--Charles E. Petras, MCI Id--322-5457
To--Roger Clarke (author of original paper)

I received a copy of your paper as part of the RISKS e-digest on the
internet, and I'd like to compliment you on a very insightful presentation
of the topic.

But, and there is always a but, I feel the need to challenge the following
statement that you made:

        "...the openness and freedom which are supposed to be
         the hallmarks of democratic government."

Specifically I offer the following definitions from the 1928 edition of the
American Military Training Manual:

        DEMOCRACY, at TM 200025, 118120: _A government of the masses._ Authority
derived through mass meeting or any other form of direct expression.
_Results in a mobocracy._ Attitude toward property is communistic, negating
property rights.  Attitude toward law is that the will of the majority shall
regulate whether it be based upon deliberation or governed by passion,
prejudice and impulse without restraint or regard to consequences. _Results
in demogogism, license, agitation, discontent, anarchy._

        REPUBLIC, at TM 200025, 120121: Authority is derived through the election
of public officials best fitted to represent them.  Attitude toward property
is respect for laws and individual rights, and a sensible economic
procedure.  Attitude toward law is the administration of justice in accord
with fixed principals and established evidence, with a strict regard to
consequences. A greater number of citizens and extent of territory may be
brought within its compass. _Avoids the dangerous extreme of either tyranny
or mobocracy.  Results in statesmanship, liberty, reason, justice,
contentment and progress._

As a point of information, I live in the United States of America.  Some
time ago our republican form of government was subverted into a democracy
called the 'United States.'  This process was started by our Civil War
(1860's) which resulted in a strengthing of the central (federal)
governemnt, the imposition of the so-called 14th Amendment to our
Constitution which created a federal citizen ('United States citizen') who
is in reality a subject (as opposed to a Common Law Citizen who is the
sovereign person talked about in our Declaration of Independence that
creates governments, specifically the fifty republics that banded together
to form the 'united States of America').

The capstone to this process was the so-called 17th Amendment to our
Constitution which caused (on the federal level) the upper house of the
government, the Senate, to be elected by 'the people' as opposed to being
appointed by the various state legislatures.  This gave the moochers and
looters control of the federal government, we went from a country of law, to
a country of public policy.  With the ensuing loss of private property
rights and individual freedoms that is evident today.  A democracy that has
appointed itself the worlds policeman (and even toppled your [Australia's]
government on occasions when it didn't tow-the-line).

Hopefully this will clear up any illusions that there is something desirably
about having a democratic government.

As to the "emergent information societies", well I hope you might reconsider
your conclusion.

------------------------------

Date: Tue, 19 Jul 1994 10:56:27 -0500
From: Jason Zions <jazz@HAL.COM>
Subject: Re: CuD 6.62--Response to Wade Riddick Open Letter

In his response to the Wade Riddick letter, David Moore extracts two quotes
without much comment, to wit:

QUOTE:                  -------------
Government, though, has several options for the role it can play in
this process:  (1) the Commerce Department, perhaps with some
authorizing legislation, could call industry heads together and order
them to set a common object code standard; (2) Commerce could
acceptbids from various companies and groups for such a standard; or
(3)finally, the federal government could itself craft a standard with
thehelp of qualified but disinterested engineers, and then try to
forceit upon the industry through the use of government procurement
rules,control over the flow of research and development money or
othereconomic levers.
                        -------------
QUOTE:                  -------------
A serious effort should also be made to reach a consensus
with other industrialized nations, for computers are
globally interconnected to a degree that no other mass
consumer product has been.
                        -------------

The quotes indicate that Wade has little understanding of the way
standards are developed in the US. US national standards are voluntary
in nature; that is, people volunteer to write them and volunteer to
comply with them. Sure, sometimes the federal government uses a big
stick to beat vendors into compliance ("Comply with FIPS-151 or we
won't buy your computer"), but this stick is different only in dollar
volume from that wielded by any other purchaser.

Let's examine Wade's three alternatives. Option 1: order industry to
set a common object code standard. Never happen; Commerce doesn't have
the authority, and I don't know that Congress has it to give to
Congress. In any event, there's the small matter of enforcement, as
well as the small matter of the billions of dollars of already
installed equipment which would be rendered obsolete overnight.
Economic damage would be large. Choice 2:  accept bids for a standard.
And just how are they supposed to select one, pray tell? Would you
care to guess just how many years of court time would be consumed by
the losers? Choice 3: the fed (probably through NIST) could develop
its own standard using qualified but disinterested engineers. And
where the hell are they going to find *them*? Engineers that are
qualified to do this work are already employed and doing the work for
some vendor. Do you have any idea how expensive it is to develop a new
CPU architecture? The amount of time it takes to do the job? And
before you say "new college grads", try talking to someone who's
actually been on an architecture design team; you'll find that
significant experience is required to do the job well, and that
experience is acquired by doing it in the company of those who've done
it before.

More important, though, is the fact that there *is* an IEEE standard
computer instruction set. IEEE Std 1754-1994 is a specification of the
SPARC V8 architecture. Combined with public-domain specs for the SPARC
ABI (application binary interface), Wade has pretty much what he
wants. By the time he figures out he doesn't really want it, it may be
too late.

1754 is hardly the first standard instruction set. There will
doubtless be others, and I predict the first use of 1754 in an RFP
will generate a lawsuit tying the whole issue up in the courts for
years. I believe 1754 is not just Wrong, but is inherently Evil;
contrary to Wade, I am of the considered opinion that the instruction
set, or the binary level, is exactly the wrong place to drive a stake
into the ground.

As for the need for serious international standardization efforts,
they, too, already exist. Need I remind anyone of the most famous
computer standards to be delivered by ISO - the Open System
Interconnect standards, i.e. OSI. Sure, they were developed in an
international arena. And they're pretty lousy standards. If you think
the way we develop standards in the US is crazy, you ought to see how
they get built elsewhere. Academics, who haven't bothered to actually
implement anything, dream up these glorious pie-in-the-sky designs and
then write them into standards, leaving it up to poor benighted
engineers to figure out how to build these research castles.

David does say one thing upon which I'd like to comment:

>One more time.  It's the data and the communications interface to
>this data that's important.  Not the specific hardware or software
>applications.

Not all the world of computing is data-centric in the sense of
long-lived data being operated on over a period of time. Process
control applications, for example; the temperature in the reaction
vessel yesterday at 2 PM isn't terribly interesting, but the
temperature now and over the last 30 seconds is damn important.

The goal is to make anything in which the user invests significant
amounts of time and money portable to different computing platforms.
If users write programs, they should be portable to different
platforms, including different operating systems; hence standard
programming languages and OS interfaces like POSIX (IEEE 1003.1 et
seq). If users collect data, the data should be moveable; hence data
format standards like ISO 8824/8825 (ASN.1 and the associated BER). If
users buy data collection hardware, the equipment should be moveable;
hence standards like SCSI, RS-232 and RS-449, etc.

Find the right level of abstraction that maximizes the range of
choices available to the user; *that* is where to standardize. With an
instruction set or ABI standard, your apps are portable to any machine
that runs that instruction set; with a source code standard, your apps
are portable to any machine that has a compiler/runtime that can
handle the defined interface.  The latter is guaranteed to be larger
than the former.

------------------------------

Date: Tue, 19 Jul 1994 16:23:51 -0500 (CDT)
From: Wade Riddick <riddick@JEEVES.LA.UTEXAS.EDU>
Subject: Reply to DNA debate (Wayne Riddick Elaborates)

     "I am the emperor and I want my noodles."

     That was supposedly one of the most lucid things ever said by
the mad King of Bavaria (Frederick or Ludwig--I'm not such which,
but neither was he).  I don't recall saying anything about noodles
in the reprint I recently posted to CUD, but some readers have
tried to link me with mad kings, all the same.  I think that's
partly my fault.  The article was originally published in a public
policy journal, with a policy crowd in mind.  I also had to cope
with space limitations.  Still, all-in-all I'm grateful to the LBJ
Journal for taking a risk on something usually considered far-
afield of government work and I'm grateful to the my editors there
for helping me better speak to that audience.
     Because of that original audience, though, I was encouraged
to simplify the discourse and use those dastardly "buzzwords."
Such buzzwords are appropriate inasmuch as they help the general
public get some handle on complex concepts but are, obviously, out-
of-place in this forum.  As to the controversies such words invoke,
I do not think in all fairness I can be blamed for debates that are
internal to an industry I have no leadership position in.
     Yes, I *am* a part of that industry, although some comrades
have chosen to attack my party credentials.  I don't think the
'credentials' issue is germane, but since it has bothered some
readers I'll discuss it with other miscellaneous remarks at the end
of this letter.  Right now I'd like to address a few points my
colleagues have made.

     In the article, sometimes the terms 'object oriented' and
'object code' are blurred together and interchanged.  I got tired
of haggling with my LBJ editors, but should have taken the time to
correct this before posting it.  From the feedback, though, I think
most CUD readers inferred the appropriate meaning in each context.
Dr. Jerry Leichter, though, did not like my use of the term 'object
oriented' and thought I was overly enamored with something that
was dead (this may not actually be a crime in my native Louisiana;
I'll have to check).  In fact, from my reading of the recent BYTE
articles on the subject, I thought some of the basic tenants of
object orientivity were being affirmed in the market (namely in
VBLs, to use another buzzword).
     BYTE's editors pointed out that the verdict would not be in
until several future products like Cairo and Pink hit the market.
Even though the jury is still out, I'm inclined to agree with the
general sentiment of Dr. Leichter's argument.  I wouldn't be
dramatic and say that object orientivity is dead, but it's obviously
not taking anyone where they wanted to go.  Why?  Well, VBL's and
objects in general are only an adequate solution within a given
platform.  The issue of cross platform code compatibility remains,
so I think object-orientivity, in its current incarnation, fails to
solve the problem it sets out for itself unless it reconceptualizes
the code in an object itself *as* an object.

     I must apologize for not going into more technical detail
about my proposal.  I agree with Dr. Leichter that I do not have
all of the necessary qualifications.  Frankly, I don't think anyone
does for something this broad.  My goal in circulating the article
was to cast light on the enormous political problem ahead and kind
of coordination that would be needed to tackle it.
     Yes, microkernels are something close to what I'm after and I
do not object to them per se.  I'd really like to see some standard
software plugs for the more common microkernel services.  A
standard microkernel itself would be too tied to aging hardware.  I
was glad to see p-code come up.  I realize the issue of p-code
inefficiency still haunts the industry, but a number of these old
interpretation and recompilation schemes are coming back into vogue
with new twists that speed them up.  They face substantial legal
hurdles as to the ownership of such altered programs.  If an object
code standard existed, those hurdles would vanish because the
industry could release its products in object code (encrypted
perhaps) form before being bound to the processor/operating system.
     Yes, I know UNIX is supposed to do something like this and I
realize some exotic applications are too novel for such
standardization, but tell me, does the bulk of an Excel spreadsheet
really do anything that is logically different on all those
platforms?  Some people have suggested that the power and
flexibility to do this comes from source code and not from object
code.  Why then does source code get altered quite a bit when ported
from platform to platform?  Is there no way to automate and
standardize this?  If not at the object code level, then between
the source and object code level?
     I know you cannot standardize future technological
developments before they arrive. There is, however, a cost involved
in not standardizing what has already come to pass. I can give you a
dozen good reasons why different microprocessors have different
instructions for adding short (16bit) integers.  Different
architectures have different ways of storing and adding numbers
that are optimal to the tasks they were designed to perform.  I
know why compilers output different object code when their tasks
are radically novel.  But as a user with an investment in software
and a programmer looking to potential new markets, I find it
indefensible that a compiler cannot put out a universal object code
instruction for adding two integers.

     As to the Mac 68000 toolbox, I did not mean to suggest it is
interpreted (though parts of it actually are on a 601).  I
apologize if I said as much in the article; I probably did it to
ease the mind of my journal editor.  The Mac does, of course, have
a large (native) library of standard pre-defined functions with
predefined entry points.  Much of the logic of this evolution *is*
pointed to in the history of the market; I agree.  I simply think
the evolution is going to have a hard time coming together without
some kind of conscious coordination among the (self-interested)
firms involved.
     Some of you shuddered at my solution involving the Commerce
Department.  Quite frankly, I think the industry itself (through a
cartel or a monopoly) may arrive at a fair and equitable solution,
but it will take tremendous pressure to tame the profit motive.  I
know this sounds disingenuous, but you can talk to my journal
editor about this.  I have to confess that at this stage I don't
care one way or the other if a particular agency is involved.
(You'll note that I hedge my bets by sprinkling the three
possibilities with words like "perhaps" and "could").  I detailed a
policy solution because the article was for a novice policy
audience.  Quite frankly, I think it's asking a lot to outline a
solution and paint all the numbers in in a few short pages.
     I do have some idea as to how much a problem government can
be, in general, with new technology.  I attended COCOM meetings in
1989 and just a few months ago they decontrolled what they were
discussing then.  (I was all for dropping PC's on the Russians).
I'm aware that large government mandated efforts like ADA have
failed.  It was not my intention to advocate a particular solution,
but rather to hint at the broad outline such a solution was likely
to take and the safeguards the polity should take to guard against
monopoly.  To paraphrase David Moore, there is no one in authority
who knows the best way to develop anything.  But there are people
who set the agendas and who control the development process.  And
we have democratic control over them.

     I would like to thank Jerry Leichter for bringing up the issue
of hardware compatibility.  I have absolutely no desire to impose a
hardware standard.  I believe I said so in the article, despite
being pushed to say something about a 64bit RISC standard by one of
the IBM engineers who proofed the article.  I fully realize that
hardware standards are unwieldy in this industry.  They have not
always been so in other industries (e.g., rail) and they may not
always be so in this one once it peters out (many decades from
now).  I think that's why I wrote "A computer's instructions are
vastly different than the regular objects that come to mind when
standards are discussed.  The instructions CPUs use are virtual;
they are not materially dependent on any particular piece of
hardware."  To use more buzzwords, processing and bandwidth are
becoming cheap; that's the lesson of the fourth technological
revolution.
     Nor do I propose to define a data standard for anything
other than *certain* commands.  When you can move the basic
structure of a program, the data can go with it.  But how easy, to
use David Moore's example, is it for Deneba to port Canvas to a new
platform?  If one company comes up with a solution to this dilemma,
it will pull strings attached to the entire software industry.  And
yes, I realize this leaves all sorts of data coordination problems
out there.  I believe hardware and data standards are best left to
the market.  That is the cheapest way to obtain the proper
information about risky unknowns.

      I'm also glad Dr. Leichter brought economics into the debate.
It was another thing I didn't have the space to discuss and I was
sure my policy audience knew enough about it to get by.  I have to
say though, I found it ironic that the person who "attacked" my
credentials in microcomputers proceeded to lecture me on
macroeconomics from the basis of his microeconomic business
experience.
     Dr. Leichter wondered if I learned about economics from
Marxists or Catholics.  I confess that I have been influenced by an
even more sinister and anarchic group: economists themselves.  I
know the market clearing price is where goods are sold, but Dr.
Leichter implies this price is somehow optimally determined.  So?
Optimal for whom?  Even extortion is optimal if you play the game
with pure self interest.
     Optimal prices are the residue of quite complex events.  They
are determined in part by the availability of information (hence
the value of figuring out before everyone else which corporation
will be taken over).  Evidence in the economics literature
indicates that 'optimal' behavior goes out the window when you
introduce technological change to markets.  It has to do with the
inherent problems of non-linearity.  Because there is no optimal
outcome, people often proceed on faith, particularly in new
technologies where the path isn't yet clear.  The fanaticism of
Steve Jobs comes to mind, but so I'm not accused of being Mac-
centric, I'll also point to the drive of Bill Gates-whose actions
affect market prices even if they're not rational (a reputational
market effect) - and to Xerox's "architecture of information" - a
fine example of how too much faith and not enough works can pose a
problem.
     In short, certain aspects to the game of technological change
have no core (to use the buzzwords of non-cooperative game theory).
Where there is no optimal core, the realm of politics comes into
play.  I refer you to the social choice literature and specifically
to Condorcet's voting paradox.  Without a core, there often isn't
any 'rational' way to solve a problem, it's not even clear what
everybody wants (however you measure it).  What are you going to do
when the outcome of the game is determined by who sets the agenda?
     It is refreshing to find people who still have more faith in
macroeconomics than the macroeconomists do.  Haven't you heard the
old joke, "If you laid every economist around the world from end to
end, they'd still point in every direction?"  This is not to attack
economics; political science is in an even worse predicament.  But
these are the inherent difficulties of trying to study a vast non-
reversible, non-linear systems.  You can't roll back history and
experiment with variables.  Hence, there is every room for
irrationality and emotion in certain economic circumstances.
Ignoring emotion doesn't help us understand it or the roll it plays
in politics.
     Because of this non-linearity problem, I cannot roll back
history to prove absolutely that we've suffered inefficiency loss
in the computer industry.  Perhaps when my dissertation is
completed, I will have mustered enough statistical evidence to
indicate that this is a likely possibility, but that's a few years
off.  I simply point to the fact that designing for hardware
independence is a hot topic and a lot of money is going into it.
Perhaps we would not have saved much money if we had made the
investment to solve this problem at a time when the technology was
less widely spread, but today's corporations are making heavy
investments to solve the problem.  They must think it will make or
save them money in the long run.

     I would like to thank Rainer Brockerhoff of Brazil for
bringing up international aspects of the general standards problem.
It was beyond the scope of my article, but I do think international
technical standards are incredibly important and that the U.S.
needs to get on the ball to make sure mature technologies are well-
coordinated and new technologies are not strangled.  And if I see
one 'non-governmental' factor compelling the American software
industry to cooperate, it's international competition.

      After reading the responses, I feel for some reason compelled
to state my ideological inclination on certain issues.  I have not
bought a Power Mac.  Having taken a vow of poverty upon entering
graduate school, I own a meager Centris 650 (only 25MHz at that).
I do intend to upgrade.  I do not like Apple's Newton in its
current incarnation.  I believe it will be a success if it gets
cellular and fax capabilities and sells for around $500.  Whoever
suggested giving one to every family must be confusing it with
Fannie Mae (an understandable mistake).

     There was a short biography in my original CUD posting because
it was a required part for the original policy journal article.  I
hope it did not mislead anyone about the nature of my credentials
or sound arrogant or facetious.  It was pro forma and the policy
journal's audience could care less about my geek credentials, but I
see the error of making the same assumption here.  I find the
concern that I have not received the proper education touching, but
let me put those fears to rest.
     My first computer class was in Fortran IV in the summer of
1980.  I was eleven.  Despite that setback, I took BASIC classes
the next school year.  Those were my last computer related classes
(not counting the mandatory half-credit of high school computer
literacy).  I bought an Apple ][e, taught myself Applesoft BASIC
and 6502 machine language (and later 65816 on the ][gs).  Among
other things, I redesigned part of the BASIC interpreter using bank
switched memory (an idea later commercialized by someone else in
Beagle BASIC, but I don't guess experimenting with dual stack
machines is enough to qualify me as a 'systems programmer').  At one
point I wrote a real-time data collection program in 6502 and
6522VIA assembly.  I generally did not muck around with modems or
disk drive code, fearing my computer would catch a disease or the
FBI.
     Not knowing I could go nowhere with an 8th grade computer
education, I took a job with LSU when I graduated high school
writing testing and scheduling software on an MS-DOS machine (a
platform I still prefer for sheer ease of programming) in BASIC and
Pascal.  While in college, I spent a summer at the Democratic
Senatorial Campaign Committee designing their contributor and media
tracking databases in Clipper.  On the side I wrote screen savers
and fractal generators (who didn't?) for the Mac in Pascal.  After
getting my B.A., I spent a semester at the University of Sydney
where I designed motion after effect software for psychological
experiments.  I currently have two commercial Mac screen savers on
the market - alas, not through a company I started but at least I
do own all my copyrights.
     I am also working on a freeware interactive statistical
package for the Mac entitled "Pixelated Entropy."  I'll say
something about it since I will at some point make it generally
available to the academic community.  It is designed to explore
non-linear models and uses a Photoshop plug-in type system held
together through resource files and a little 68000 code.  You can
write your own models and analytic tools for use by the program. It
actually multitasks, survives system crashes and automatically
performs tweening so you can generate movies of your models as they
change.  I'll be happy to give you copies now, but it's in the alpha
stage (though there are few bugs) and I don't want to release it
while the interface is still in flux.  It comes with a fast spatial
correlation test, a few differential and difference equations and
plenty of source code examples.

     As to the rest of my vita, I'll be happy to provide references
on request and I welcome all inquiries.  In short, I do not deny
that I lack a doctorate (as yet) or any other credentials
qualifying me as an 'expert' in computers.  But I don't think
anyone qualifies.  No one is an expert in *the law*, yet we have a
system of law with plenty of experts in various fields and a bulk
of precedents that we are all free to cite.  The system coordinates
things through the use of enlightened self-interest.  I believe a
coordinated (if loose) framework for interchangeable object code
will emerge from the market, given time.  But if it does so, it
will be in the form of a monopoly and possibly at a high price.
(Monopolies are market optimal too).
     I'm glad most people appear to have ignored my 'lack' of
credentials when they read the article.  I myself rarely ask about
someone's credentials when I talk politics with them and I have
been pleased that many engineers, programmers and other sorts have
leant me an ear-both on line and off-without a second thought and I
hope that they continue to listen to other users out there.
Standardization *is* a problem that people perceive in political
terms with potential political solutions.

     I find in general the denial that politics exists in the
computer market or anywhere a distasteful political tactic.  I find
everywhere in online discussions a denial of the fundamental truth
that we are taught in grade school.  We are the "government."  Some
people have this Romantic idea of the internet community as a
liberated band of individuals freed from the bonds of "government"
intervention, living out on some frontier.  Maybe no one else is
around, but whether it's the internet community setting standards or
our elected representatives operating through a (yes) bloated and
slow bureaucracy, people and institutions are involved and politics
lives on.  That's the business of self-governance.
     Denying the existence of politics-that we govern ourselves-in
any area attempts to hide legitimate differences between people and
only gives the upper hand to those who already set the agenda and
hold the power.  I'm sorry if I sound like a revolutionary, but I
find the very idea that government in general has nothing to do in
setting standards on the Internet hypocritical.  Without vast
government monies there would be no military, no public
universities (nor private ones on the current scale) and thus no
Internet.
     I find the belief that government should fork over the money
and shut up about it even worse.  It's the same argument used by
*some* artists trying to get money from the NEA, industries
trying to get price supports, and so on.  It's an evil idea.  Maybe
we do need all of these programs, but we are the government and we
have a right to see what we're buying in the full light of day.  I
have no doubt that most of the money spent on the Internet has
given us something of value we would not have had otherwise.  But
maybe we can do better.  Would King Canute have been such a fool if
he had built a dike to stem flood-tides?  Wouldn't we be fools if
we still believed economic forces like interest rates were also
controlled by the motions of planetary bodies?

     In closing, I would like to publicly thank the CUD editors
for their patient assistance with the original piece.  We had a lot
of problems with 'standards.'

     Wade Riddick (riddick@jeeves.la.utexas.edu)

------------------------------

End of Computer Underground Digest #6.68
************************************