Computer underground Digest Wed July 28, 2020 Volume 6 : Issue 68 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Retiring Shadow Archivist: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Copper Ionizer: Ephram Shrustleau CONTENTS, #6.68 (Wed, July 28, 2020) File 1--Preliminary HOPE (Conference) Panels File 2--Re: Sysop Liability for Copyright File 3--Re: Response to - Sysop Liability for Copyright (CuD 6.62) File 4--Re CuD 6.66--Roger Clarke on authoritarian IT File 5--Re: CuD 6.62--Response to Wade Riddick Open Letter File 6--Reply to DNA debate Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. Issues of CuD can also be found in the Usenet news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 UNITED STATES: ( in /pub/CuD/ ( in /pub/Publications/CuD ( in /pub/eff/cud/ in /src/wuarchive/doc/EFF/Publications/CuD/ in /pub/wuarchive/doc/EFF/Publications/CuD/ in /doc/EFF/Publications/CuD/ EUROPE: in pub/doc/cud/ (Finland) in pub/cud/ (United Kingdom) JAPAN: /mirror/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Mon, 25 Jul 2020 02:00:12 -0700 From: Emmanuel Goldstein Subject: Preliminary HOPE (Conference) Panels Here is the first draft of the topics to be covered on the HOPE panels. This is a tentative list - more topics will be added and others will be modified. The actual times of the panels will be released at the conference. +======================================= Hackers On Planet Earth Saturday, August 13th, 12 noon to Sunday, August 14th, 11:59 pm Hotel Pennsylvania, New York City, 18th Floor (People helping to set up the ethernet can come by Friday night.) For full registration info, call (516) 751-2600 or email/finger ======================================================= NETWORK MUSIC PROVIDED IN PART BY SUB-POP OPENING ADDRESS WELCOMING HACKERS TO NEW YORK WILL BE GIVEN BY EX-CENTRAL INTELLIGENCE AGENCY EMPLOYEE ROBERT STEELE. =================== TENTATIVE TOPICS =================== FUN WITH PAGERS Have you ever had the opportunity to monitor the pager of your choice, seeing each and every page as it comes over, alphanumeric included? You will. The entire city of New York is wide open and we'll demonstrate exactly how it's done. More pager tricks and little-known facts will be presented. Hosted by Thomas Icom =============== CELLULAR OK, how is it done, really? We've all heard about cellular phone cloning but how many of us have had the guts to actually do it ourselves? Actually, probably quite a few because it's relatively easy. But, as with any technological trick, there is a multitude of misinformation being handed out. That won't happen here as the true experts will be on hand to demonstrate cloning and answer questions. We will show how cloning is not just for criminals and how you can clone a phone on your own PC! Cellular software to do this will be made available for free! You will also see first hand the risks of using a cellular phone. Hosted by Bernie S. and Count Zero =============== THE N.Y.C. METROCARD New York City has just introduced a brand new farecard system for mass transit, one unlike any other in the United States. We have been gathering data on this system for some time now and hackers all over the world are trying to figure out ways of cracking it. Unlike most other mass transit card systems, this one uses master databases. We will read the cards, duplicate them, and make every attempt to defeat the system. By the end of HOPE, we will have either cracked it or deemed it secure. Your participation is encouraged. We expect to have representatives of the Metropolitan Transit Authority on hand to answer questions and keep a nervous eye on us. =============== CHAOS COMPUTER CLUB For many years now, Germany's Chaos Computer Club has been making headlines all over the world for all kinds of mischief. But, as with all things, there is much much more to the story. For the first time ever, the CCC will be in this country to answer questions and share information of all sorts. =============== HACK-TIC Although it's almost entirely in Dutch, Hack-Tic and the many people involved in its production have been the inspiration for hackers all over the planet. If HOPE is half as successful as the two hacker congresses Hack-Tic has hosted (Galactic Hacker Party of 1989 and Hacking at the End of the Universe of 1993), it will be an incredible event. Because of the far more relaxed atmosphere in Holland, hackers there are able to accomplish much more without all of the paranoia that is so abundant here. We will hear their story and find out about all of the technological projects they're involved in. =============== SOCIAL ENGINEERING By far one of the most effective ways of getting information is the art of social engineering. You will see some live social engineering, get tips on what not to do, hear some great legendary tales from the masters, and listen to social engineering tapes of the past. You are welcome to participate in our social engineering contest - we give you an operator and you go as far as you can. =============== LINUX Linux is the Freely Distributable Unix clone available by ftp from many sites on the Internet. It is a remarkably complete and stable OS for intel-based PC's that is a direct result of the existence of the Internet, which allowed for the cooperative development team of volunteers to communicate in real time during their development of their respective parts of the project. Linux continues to enjoy rapid development and is already a viable and popular alternative to commercial Unix OS's. It is being installed in basements and at commercial, academic, and governmental organizations around the world. Michael Johnston, developer of the new Slackware Professional Linux package (in partnership with Patrick Volkerding, author of the Slackware distribution of Linux on the net), will speak on the differences between the different Linux distributions available "for free" by ftp on the Internet, and in particular the changes in Slackware (the most popular Linux distribution on the net) between versions 1.2 and the new 2.0. =============== UPDATE ON ITALIAN HACKER CRACKDOWN Recently, one of the largest computer raids in history took place in Italy, focusing its attention on Fidonet. The investigation and the overall oppressive atmosphere are continuing. An update from an eyewitness. =============== HOW DO HACKERS HANDLE MALICIOUS USERS? With so many new people being drawn to the net every day, the criminal element is bound to become more visible. This means users who destroy files, wipe entire systems, harrass users, and cause intentional pandemonium. Perhaps the worst part of this is that the media considers such deliberate malice to be another part of hacking. How do hackers deal with such users and the misperceptions of the hacker world that are created? Is it proper for hackers to go to the authorities on such occasions or will that ultimately backfire? You'll hear stories, experiences, suggestions, arguments, etc. from experts and non-experts alike. =============== BOXING Contrary to popular belief, boxing is not dead. As you will see, there are so many possibilities. We will have some top phone phreaks on hand to show you what works, what doesn't, what used to work, what never did, and what probably might. American boxing is only one small part of the entire global picture. In this panel, we guarantee all questions will have answers. Also included: An overview of current inband systems like R1, R2, and C5. The pains of ANI and the ease with which it can be spoofed. Cellular and cordless tricks. Hosted by Billsf and Kevin Crow. =============== AUTHORS Steven Levy (Hackers), Winn Schwartau (Terminal Compromise), Paul Tough (Harpers, Esquire), Paul Bergsman (Control The World With Your Computer), Julian Dibbel (Village Voice, Spin). =============== WEARABLE COMPUTERS AND CHORDIC INPUT Doug Platt of Select Tech will be walking around the HOPE conference wearing and demonstrating a computer of his own design that will be connected live to the Internet via wireless technology. Doug will be reporting live on the HOPE conference via the Internet as he walks around. =============== HISTORY OF 2600 How did it all start? How did it almost never happen at all? Are our phones tapped? What's the craziest letter we ever got? Who are the people behind the names? How many lawsuits have we been threatened with? What do the covers mean? Where is it all leading? Get the picture? =============== FULL DISCLOSURE - LIVE SHORTWAVE BROADCAST FROM HOPE Learn all about Full Disclosure, a magazine many consider to be as dangerous as 2600! Free copies will be available. On Sunday at 8 pm a live call-in from HOPE to "Full Disclosure Live" will take place on international shortwave on WWCR at 5810 KHz shortwave. =============== LEGAL ISSUES Dave Banisar of the newly formed Washington DC based Electronic Privacy Information Center (EPIC) will fill us in on the latest laws, restrictions, and risks facing us all. There will also be updates on the 2600 Pentagon City Mall incident and tips on how to make the Freedom Of Information Act work for you. Come to this panel with any questions or comments about the ACLU, EFF, CPSR, etc. =============== WHAT IS THIS CRYPTOGRAPHY STUFF AND WHY SHOULD I CARE? There have been quite a few articles in the national media recently about cryptography and privacy. Bob Stratton will attempt to provide an introduction to the terms and technology, how it affects the average citizen, and insights into the public policy debate currently raging in Washington and around the world. There will be a special emphasis on the relationship of cryptographic technology and emerging personal communications tools. ------------------------------ Date: Mon, 18 Jul 94 20:36:25 From: "Carolina, Robert" Subject: Re: Sysop Liability for Copyright >From my reading of the posts on this subject, it appears to me that there is a pretty serious misunderstanding of a critical aspect of the Frena case. To put the matter in context, the original poster noted that the court imposed liability regardless of the sysop's knowledge of what users were doing on his board. David Batterson responded: "Nonsense. Frena knew exactly what his users were doing, and so did the court." Later Mr Batterson concludes, "... courts CAN recognize copyright infringement when they see it. And so can I, without being a lawyer." Unfortunately, the Frena decision goes much further than this fairly straightforward conclusion. Because of the procedural posture of the case (motion for summary judgment), the judge was limited in terms of what he could or could not decide. There was not much evidence placed before the court other than the admissions of both parties about the nature of the files. Thus the judge was faced with a simple question: are there any facts in dispute which would merit a trial. Mr Frena clearly was disputing whether or not he had prior knowledge that the copyright files were on his system. By ruling against Frena, the judge was saying that this disputed fact could not influence the outcome of the case. To put it a little differently, the judge was saying: "Even if I believe your story, it just doesn't matter -- you are still going to be guilty of infringement because ignorance of the files' presence on your board is not an excuse." (Yes, I know that the case does not appear to say this, but I assure you that this is the message the court sent to every US lawyer reading the decision. It is also the message that we have to pass on to our clients when they ask us "what have the courts said about this.") Now this kind of a ruling is much more serious than if the judge had merely said, "I don't believe your story and I am finding you liable." Unfortunately, the judge was not willing to wait for a full trial to make this kind of a ruling. Why? There are a few possibilities which are not mutually exclusive. First, he could genuinely believe that a sysop with an "open posting" policy should be strictly liable for the infringing activities of his subscribers. (Mr Batterson appears to agree with this to some extent.) Secondly, he could have been concerned about wasting valuable court time on what he viewed as a "clearly loser" case. This second possibility disturbs me somewhat. If the judge was taking this kind of "shortcut", then he denied Mr Frena his day in court. More importantly, Mr Frena probably would have had the right to make his "I didn't know about it" argument to a jury rather than to the judge. By ruling that the law worked against Frena regardless of the facts in dispute, the judge took the liability phase of the case away from any possible jury consideration. In short, the judge may have decided more than he needed to in order to dispose of this case quickly and cleanly. In my opinion he set a bad precedent in the process. My suspicion is that Mr Frena will probably settle rather than undertake the time and considerable expense of an appeal. The rest of us will have to wait for the outcome of the pending CompuServe audio file litigation in New York before a "major" federal court gives an answer to this question. I must admit that I was intrigued by the force of Mr Batterson's rejoinder on the issue of what a "reasonable sysop" should do. It seems to me that he would wish all publicly accessible file servers to be subject to "pre-posting" editorial control. It could be that he will be proved right in the long run, but I hope not. (Before people shout that this would not be fair, remember that owners and occupiers of real property face a similar standard of liability as regards personal injury suffered by third parties.) I should stress that the opinions expressed above are mine alone, and not necessarily those of Clifford Chance. For those of you who have not yet met me, I am a US lawyer working with the Computer & Communications practice group of a major international law practice in London. The points above will be incorporated into a longer article on the subject of "transmission liability" which I hope to publish this fall. I will send a pointer to the article as and when it is printed. Best regards, /s/Rob Carolina ---- Robert A. Carolina Telephone: (071) 600 1000 Clifford Chance Intl: +44 71 600 1000 200 Aldersgate Street Fax: +44 71 600 5555 London EC1A 4JJ Internet: United Kingdom X.400: on request ------------------------------ Date: Tue, 19 Jul 2020 14:39:48 +1000 (EST) From: Mr Rhys Weatherley Subject: Re: Response to - Sysop Liability for Copyright (CuD 6.62) In CuD 6.64, dbatterson@ATTMAIL.COM(David Batterson ) writes: >If you allow immediately downloads, you are providing tacit approval >for users to upload commercial software programs, which could then be >available for immediate download. I flipping well hope this isn't the default "approval test"! There are millions of machines across the globe that currently allow users to upload files for immediate download with no review by the sysop at all. It's called "USENET". Virtually anyone at any time can post anything anywhere and it is immediately available for viewing (and download with appropriate software) on millions of machines, not to mention the original machine it was posted on. Not just messages like this one, but copyrighted files too. From a theoretical standpoint, there is no observable difference between what happens in a BBS file area and a newsgroup. The software paraphenalia might be slightly different, but the overall effect is the same. Hands up all those who haven't seen at least one copyrighted file or newspaper article posted without permission on USENET in the last month. No one? Does us knowing that this happens somehow make us responsible and we should all be carted off to jail for copyright infringement? This is the real danger of making sysops responsible by default. Applied to USENET sites, if I don't watch my users like a hawk I am responsible when they step out of line behind my back (and I'm also responsible if I miss something). Applied even further, I would be responsible for anything that comes in over my news feed if I don't scan it before making it available. You are welcome to volunteer to scan the thousands of messages per day that hit my system David, but I've got better things to do with my time. I'll take action if I'm notified of a problem, but I can't be expected to prevent the problems from occurring in the first place without censoring my users (and losing the respect of my users in the process). Maybe Frena is guilty of promoting copyright theft. I'm not in a position to judge. But I believe that more evidence is needed than "since there is an open place there he must be guilty of looking the other way". The test for sysop liability needs to have a lot more preconditions added before it really is used against someone unfairly. If the EFF, CPRS, ACLU, etc, can succeed in getting those preconditions added, the world will be a safer place for all of us. ------------------------------ Date: Fri, 22 Jul 94 01:33 EST From: "Charles E. Petras" <0003225457@MCIMAIL.COM> Subject: Re CuD 6.66--Roger Clarke on authoritarian IT I thought the following, which I sent to the paper's author (who is in Australia), might clarify what "authoritarian" stuff we should be talking about. From--Charles E. Petras, MCI Id--322-5457 To--Roger Clarke (author of original paper) I received a copy of your paper as part of the RISKS e-digest on the internet, and I'd like to compliment you on a very insightful presentation of the topic. But, and there is always a but, I feel the need to challenge the following statement that you made: "...the openness and freedom which are supposed to be the hallmarks of democratic government." Specifically I offer the following definitions from the 1928 edition of the American Military Training Manual: DEMOCRACY, at TM 200025, 118120: _A government of the masses._ Authority derived through mass meeting or any other form of direct expression. _Results in a mobocracy._ Attitude toward property is communistic, negating property rights. Attitude toward law is that the will of the majority shall regulate whether it be based upon deliberation or governed by passion, prejudice and impulse without restraint or regard to consequences. _Results in demogogism, license, agitation, discontent, anarchy._ REPUBLIC, at TM 200025, 120121: Authority is derived through the election of public officials best fitted to represent them. Attitude toward property is respect for laws and individual rights, and a sensible economic procedure. Attitude toward law is the administration of justice in accord with fixed principals and established evidence, with a strict regard to consequences. A greater number of citizens and extent of territory may be brought within its compass. _Avoids the dangerous extreme of either tyranny or mobocracy. Results in statesmanship, liberty, reason, justice, contentment and progress._ As a point of information, I live in the United States of America. Some time ago our republican form of government was subverted into a democracy called the 'United States.' This process was started by our Civil War (1860's) which resulted in a strengthing of the central (federal) governemnt, the imposition of the so-called 14th Amendment to our Constitution which created a federal citizen ('United States citizen') who is in reality a subject (as opposed to a Common Law Citizen who is the sovereign person talked about in our Declaration of Independence that creates governments, specifically the fifty republics that banded together to form the 'united States of America'). The capstone to this process was the so-called 17th Amendment to our Constitution which caused (on the federal level) the upper house of the government, the Senate, to be elected by 'the people' as opposed to being appointed by the various state legislatures. This gave the moochers and looters control of the federal government, we went from a country of law, to a country of public policy. With the ensuing loss of private property rights and individual freedoms that is evident today. A democracy that has appointed itself the worlds policeman (and even toppled your [Australia's] government on occasions when it didn't tow-the-line). Hopefully this will clear up any illusions that there is something desirably about having a democratic government. As to the "emergent information societies", well I hope you might reconsider your conclusion. ------------------------------ Date: Tue, 19 Jul 2020 10:56:27 -0500 From: Jason Zions Subject: Re: CuD 6.62--Response to Wade Riddick Open Letter In his response to the Wade Riddick letter, David Moore extracts two quotes without much comment, to wit: QUOTE: ------------- Government, though, has several options for the role it can play in this process: (1) the Commerce Department, perhaps with some authorizing legislation, could call industry heads together and order them to set a common object code standard; (2) Commerce could acceptbids from various companies and groups for such a standard; or (3)finally, the federal government could itself craft a standard with thehelp of qualified but disinterested engineers, and then try to forceit upon the industry through the use of government procurement rules,control over the flow of research and development money or othereconomic levers. ------------- QUOTE: ------------- A serious effort should also be made to reach a consensus with other industrialized nations, for computers are globally interconnected to a degree that no other mass consumer product has been. ------------- The quotes indicate that Wade has little understanding of the way standards are developed in the US. US national standards are voluntary in nature; that is, people volunteer to write them and volunteer to comply with them. Sure, sometimes the federal government uses a big stick to beat vendors into compliance ("Comply with FIPS-151 or we won't buy your computer"), but this stick is different only in dollar volume from that wielded by any other purchaser. Let's examine Wade's three alternatives. Option 1: order industry to set a common object code standard. Never happen; Commerce doesn't have the authority, and I don't know that Congress has it to give to Congress. In any event, there's the small matter of enforcement, as well as the small matter of the billions of dollars of already installed equipment which would be rendered obsolete overnight. Economic damage would be large. Choice 2: accept bids for a standard. And just how are they supposed to select one, pray tell? Would you care to guess just how many years of court time would be consumed by the losers? Choice 3: the fed (probably through NIST) could develop its own standard using qualified but disinterested engineers. And where the hell are they going to find *them*? Engineers that are qualified to do this work are already employed and doing the work for some vendor. Do you have any idea how expensive it is to develop a new CPU architecture? The amount of time it takes to do the job? And before you say "new college grads", try talking to someone who's actually been on an architecture design team; you'll find that significant experience is required to do the job well, and that experience is acquired by doing it in the company of those who've done it before. More important, though, is the fact that there *is* an IEEE standard computer instruction set. IEEE Std 1754-1994 is a specification of the SPARC V8 architecture. Combined with public-domain specs for the SPARC ABI (application binary interface), Wade has pretty much what he wants. By the time he figures out he doesn't really want it, it may be too late. 1754 is hardly the first standard instruction set. There will doubtless be others, and I predict the first use of 1754 in an RFP will generate a lawsuit tying the whole issue up in the courts for years. I believe 1754 is not just Wrong, but is inherently Evil; contrary to Wade, I am of the considered opinion that the instruction set, or the binary level, is exactly the wrong place to drive a stake into the ground. As for the need for serious international standardization efforts, they, too, already exist. Need I remind anyone of the most famous computer standards to be delivered by ISO - the Open System Interconnect standards, i.e. OSI. Sure, they were developed in an international arena. And they're pretty lousy standards. If you think the way we develop standards in the US is crazy, you ought to see how they get built elsewhere. Academics, who haven't bothered to actually implement anything, dream up these glorious pie-in-the-sky designs and then write them into standards, leaving it up to poor benighted engineers to figure out how to build these research castles. David does say one thing upon which I'd like to comment: >One more time. It's the data and the communications interface to >this data that's important. Not the specific hardware or software >applications. Not all the world of computing is data-centric in the sense of long-lived data being operated on over a period of time. Process control applications, for example; the temperature in the reaction vessel yesterday at 2 PM isn't terribly interesting, but the temperature now and over the last 30 seconds is damn important. The goal is to make anything in which the user invests significant amounts of time and money portable to different computing platforms. If users write programs, they should be portable to different platforms, including different operating systems; hence standard programming languages and OS interfaces like POSIX (IEEE 1003.1 et seq). If users collect data, the data should be moveable; hence data format standards like ISO 8824/8825 (ASN.1 and the associated BER). If users buy data collection hardware, the equipment should be moveable; hence standards like SCSI, RS-232 and RS-449, etc. Find the right level of abstraction that maximizes the range of choices available to the user; *that* is where to standardize. With an instruction set or ABI standard, your apps are portable to any machine that runs that instruction set; with a source code standard, your apps are portable to any machine that has a compiler/runtime that can handle the defined interface. The latter is guaranteed to be larger than the former. ------------------------------ Date: Tue, 19 Jul 2020 16:23:51 -0500 (CDT) From: Wade Riddick Subject: Reply to DNA debate (Wayne Riddick Elaborates) "I am the emperor and I want my noodles." That was supposedly one of the most lucid things ever said by the mad King of Bavaria (Frederick or Ludwig--I'm not such which, but neither was he). I don't recall saying anything about noodles in the reprint I recently posted to CUD, but some readers have tried to link me with mad kings, all the same. I think that's partly my fault. The article was originally published in a public policy journal, with a policy crowd in mind. I also had to cope with space limitations. Still, all-in-all I'm grateful to the LBJ Journal for taking a risk on something usually considered far- afield of government work and I'm grateful to the my editors there for helping me better speak to that audience. Because of that original audience, though, I was encouraged to simplify the discourse and use those dastardly "buzzwords." Such buzzwords are appropriate inasmuch as they help the general public get some handle on complex concepts but are, obviously, out- of-place in this forum. As to the controversies such words invoke, I do not think in all fairness I can be blamed for debates that are internal to an industry I have no leadership position in. Yes, I *am* a part of that industry, although some comrades have chosen to attack my party credentials. I don't think the 'credentials' issue is germane, but since it has bothered some readers I'll discuss it with other miscellaneous remarks at the end of this letter. Right now I'd like to address a few points my colleagues have made. In the article, sometimes the terms 'object oriented' and 'object code' are blurred together and interchanged. I got tired of haggling with my LBJ editors, but should have taken the time to correct this before posting it. From the feedback, though, I think most CUD readers inferred the appropriate meaning in each context. Dr. Jerry Leichter, though, did not like my use of the term 'object oriented' and thought I was overly enamored with something that was dead (this may not actually be a crime in my native Louisiana; I'll have to check). In fact, from my reading of the recent BYTE articles on the subject, I thought some of the basic tenants of object orientivity were being affirmed in the market (namely in VBLs, to use another buzzword). BYTE's editors pointed out that the verdict would not be in until several future products like Cairo and Pink hit the market. Even though the jury is still out, I'm inclined to agree with the general sentiment of Dr. Leichter's argument. I wouldn't be dramatic and say that object orientivity is dead, but it's obviously not taking anyone where they wanted to go. Why? Well, VBL's and objects in general are only an adequate solution within a given platform. The issue of cross platform code compatibility remains, so I think object-orientivity, in its current incarnation, fails to solve the problem it sets out for itself unless it reconceptualizes the code in an object itself *as* an object. I must apologize for not going into more technical detail about my proposal. I agree with Dr. Leichter that I do not have all of the necessary qualifications. Frankly, I don't think anyone does for something this broad. My goal in circulating the article was to cast light on the enormous political problem ahead and kind of coordination that would be needed to tackle it. Yes, microkernels are something close to what I'm after and I do not object to them per se. I'd really like to see some standard software plugs for the more common microkernel services. A standard microkernel itself would be too tied to aging hardware. I was glad to see p-code come up. I realize the issue of p-code inefficiency still haunts the industry, but a number of these old interpretation and recompilation schemes are coming back into vogue with new twists that speed them up. They face substantial legal hurdles as to the ownership of such altered programs. If an object code standard existed, those hurdles would vanish because the industry could release its products in object code (encrypted perhaps) form before being bound to the processor/operating system. Yes, I know UNIX is supposed to do something like this and I realize some exotic applications are too novel for such standardization, but tell me, does the bulk of an Excel spreadsheet really do anything that is logically different on all those platforms? Some people have suggested that the power and flexibility to do this comes from source code and not from object code. Why then does source code get altered quite a bit when ported from platform to platform? Is there no way to automate and standardize this? If not at the object code level, then between the source and object code level? I know you cannot standardize future technological developments before they arrive. There is, however, a cost involved in not standardizing what has already come to pass. I can give you a dozen good reasons why different microprocessors have different instructions for adding short (16bit) integers. Different architectures have different ways of storing and adding numbers that are optimal to the tasks they were designed to perform. I know why compilers output different object code when their tasks are radically novel. But as a user with an investment in software and a programmer looking to potential new markets, I find it indefensible that a compiler cannot put out a universal object code instruction for adding two integers. As to the Mac 68000 toolbox, I did not mean to suggest it is interpreted (though parts of it actually are on a 601). I apologize if I said as much in the article; I probably did it to ease the mind of my journal editor. The Mac does, of course, have a large (native) library of standard pre-defined functions with predefined entry points. Much of the logic of this evolution *is* pointed to in the history of the market; I agree. I simply think the evolution is going to have a hard time coming together without some kind of conscious coordination among the (self-interested) firms involved. Some of you shuddered at my solution involving the Commerce Department. Quite frankly, I think the industry itself (through a cartel or a monopoly) may arrive at a fair and equitable solution, but it will take tremendous pressure to tame the profit motive. I know this sounds disingenuous, but you can talk to my journal editor about this. I have to confess that at this stage I don't care one way or the other if a particular agency is involved. (You'll note that I hedge my bets by sprinkling the three possibilities with words like "perhaps" and "could"). I detailed a policy solution because the article was for a novice policy audience. Quite frankly, I think it's asking a lot to outline a solution and paint all the numbers in in a few short pages. I do have some idea as to how much a problem government can be, in general, with new technology. I attended COCOM meetings in 1989 and just a few months ago they decontrolled what they were discussing then. (I was all for dropping PC's on the Russians). I'm aware that large government mandated efforts like ADA have failed. It was not my intention to advocate a particular solution, but rather to hint at the broad outline such a solution was likely to take and the safeguards the polity should take to guard against monopoly. To paraphrase David Moore, there is no one in authority who knows the best way to develop anything. But there are people who set the agendas and who control the development process. And we have democratic control over them. I would like to thank Jerry Leichter for bringing up the issue of hardware compatibility. I have absolutely no desire to impose a hardware standard. I believe I said so in the article, despite being pushed to say something about a 64bit RISC standard by one of the IBM engineers who proofed the article. I fully realize that hardware standards are unwieldy in this industry. They have not always been so in other industries (e.g., rail) and they may not always be so in this one once it peters out (many decades from now). I think that's why I wrote "A computer's instructions are vastly different than the regular objects that come to mind when standards are discussed. The instructions CPUs use are virtual; they are not materially dependent on any particular piece of hardware." To use more buzzwords, processing and bandwidth are becoming cheap; that's the lesson of the fourth technological revolution. Nor do I propose to define a data standard for anything other than *certain* commands. When you can move the basic structure of a program, the data can go with it. But how easy, to use David Moore's example, is it for Deneba to port Canvas to a new platform? If one company comes up with a solution to this dilemma, it will pull strings attached to the entire software industry. And yes, I realize this leaves all sorts of data coordination problems out there. I believe hardware and data standards are best left to the market. That is the cheapest way to obtain the proper information about risky unknowns. I'm also glad Dr. Leichter brought economics into the debate. It was another thing I didn't have the space to discuss and I was sure my policy audience knew enough about it to get by. I have to say though, I found it ironic that the person who "attacked" my credentials in microcomputers proceeded to lecture me on macroeconomics from the basis of his microeconomic business experience. Dr. Leichter wondered if I learned about economics from Marxists or Catholics. I confess that I have been influenced by an even more sinister and anarchic group: economists themselves. I know the market clearing price is where goods are sold, but Dr. Leichter implies this price is somehow optimally determined. So? Optimal for whom? Even extortion is optimal if you play the game with pure self interest. Optimal prices are the residue of quite complex events. They are determined in part by the availability of information (hence the value of figuring out before everyone else which corporation will be taken over). Evidence in the economics literature indicates that 'optimal' behavior goes out the window when you introduce technological change to markets. It has to do with the inherent problems of non-linearity. Because there is no optimal outcome, people often proceed on faith, particularly in new technologies where the path isn't yet clear. The fanaticism of Steve Jobs comes to mind, but so I'm not accused of being Mac- centric, I'll also point to the drive of Bill Gates-whose actions affect market prices even if they're not rational (a reputational market effect) - and to Xerox's "architecture of information" - a fine example of how too much faith and not enough works can pose a problem. In short, certain aspects to the game of technological change have no core (to use the buzzwords of non-cooperative game theory). Where there is no optimal core, the realm of politics comes into play. I refer you to the social choice literature and specifically to Condorcet's voting paradox. Without a core, there often isn't any 'rational' way to solve a problem, it's not even clear what everybody wants (however you measure it). What are you going to do when the outcome of the game is determined by who sets the agenda? It is refreshing to find people who still have more faith in macroeconomics than the macroeconomists do. Haven't you heard the old joke, "If you laid every economist around the world from end to end, they'd still point in every direction?" This is not to attack economics; political science is in an even worse predicament. But these are the inherent difficulties of trying to study a vast non- reversible, non-linear systems. You can't roll back history and experiment with variables. Hence, there is every room for irrationality and emotion in certain economic circumstances. Ignoring emotion doesn't help us understand it or the roll it plays in politics. Because of this non-linearity problem, I cannot roll back history to prove absolutely that we've suffered inefficiency loss in the computer industry. Perhaps when my dissertation is completed, I will have mustered enough statistical evidence to indicate that this is a likely possibility, but that's a few years off. I simply point to the fact that designing for hardware independence is a hot topic and a lot of money is going into it. Perhaps we would not have saved much money if we had made the investment to solve this problem at a time when the technology was less widely spread, but today's corporations are making heavy investments to solve the problem. They must think it will make or save them money in the long run. I would like to thank Rainer Brockerhoff of Brazil for bringing up international aspects of the general standards problem. It was beyond the scope of my article, but I do think international technical standards are incredibly important and that the U.S. needs to get on the ball to make sure mature technologies are well- coordinated and new technologies are not strangled. And if I see one 'non-governmental' factor compelling the American software industry to cooperate, it's international competition. After reading the responses, I feel for some reason compelled to state my ideological inclination on certain issues. I have not bought a Power Mac. Having taken a vow of poverty upon entering graduate school, I own a meager Centris 650 (only 25MHz at that). I do intend to upgrade. I do not like Apple's Newton in its current incarnation. I believe it will be a success if it gets cellular and fax capabilities and sells for around $500. Whoever suggested giving one to every family must be confusing it with Fannie Mae (an understandable mistake). There was a short biography in my original CUD posting because it was a required part for the original policy journal article. I hope it did not mislead anyone about the nature of my credentials or sound arrogant or facetious. It was pro forma and the policy journal's audience could care less about my geek credentials, but I see the error of making the same assumption here. I find the concern that I have not received the proper education touching, but let me put those fears to rest. My first computer class was in Fortran IV in the summer of 1980. I was eleven. Despite that setback, I took BASIC classes the next school year. Those were my last computer related classes (not counting the mandatory half-credit of high school computer literacy). I bought an Apple ][e, taught myself Applesoft BASIC and 6502 machine language (and later 65816 on the ][gs). Among other things, I redesigned part of the BASIC interpreter using bank switched memory (an idea later commercialized by someone else in Beagle BASIC, but I don't guess experimenting with dual stack machines is enough to qualify me as a 'systems programmer'). At one point I wrote a real-time data collection program in 6502 and 6522VIA assembly. I generally did not muck around with modems or disk drive code, fearing my computer would catch a disease or the FBI. Not knowing I could go nowhere with an 8th grade computer education, I took a job with LSU when I graduated high school writing testing and scheduling software on an MS-DOS machine (a platform I still prefer for sheer ease of programming) in BASIC and Pascal. While in college, I spent a summer at the Democratic Senatorial Campaign Committee designing their contributor and media tracking databases in Clipper. On the side I wrote screen savers and fractal generators (who didn't?) for the Mac in Pascal. After getting my B.A., I spent a semester at the University of Sydney where I designed motion after effect software for psychological experiments. I currently have two commercial Mac screen savers on the market - alas, not through a company I started but at least I do own all my copyrights. I am also working on a freeware interactive statistical package for the Mac entitled "Pixelated Entropy." I'll say something about it since I will at some point make it generally available to the academic community. It is designed to explore non-linear models and uses a Photoshop plug-in type system held together through resource files and a little 68000 code. You can write your own models and analytic tools for use by the program. It actually multitasks, survives system crashes and automatically performs tweening so you can generate movies of your models as they change. I'll be happy to give you copies now, but it's in the alpha stage (though there are few bugs) and I don't want to release it while the interface is still in flux. It comes with a fast spatial correlation test, a few differential and difference equations and plenty of source code examples. As to the rest of my vita, I'll be happy to provide references on request and I welcome all inquiries. In short, I do not deny that I lack a doctorate (as yet) or any other credentials qualifying me as an 'expert' in computers. But I don't think anyone qualifies. No one is an expert in *the law*, yet we have a system of law with plenty of experts in various fields and a bulk of precedents that we are all free to cite. The system coordinates things through the use of enlightened self-interest. I believe a coordinated (if loose) framework for interchangeable object code will emerge from the market, given time. But if it does so, it will be in the form of a monopoly and possibly at a high price. (Monopolies are market optimal too). I'm glad most people appear to have ignored my 'lack' of credentials when they read the article. I myself rarely ask about someone's credentials when I talk politics with them and I have been pleased that many engineers, programmers and other sorts have leant me an ear-both on line and off-without a second thought and I hope that they continue to listen to other users out there. Standardization *is* a problem that people perceive in political terms with potential political solutions. I find in general the denial that politics exists in the computer market or anywhere a distasteful political tactic. I find everywhere in online discussions a denial of the fundamental truth that we are taught in grade school. We are the "government." Some people have this Romantic idea of the internet community as a liberated band of individuals freed from the bonds of "government" intervention, living out on some frontier. Maybe no one else is around, but whether it's the internet community setting standards or our elected representatives operating through a (yes) bloated and slow bureaucracy, people and institutions are involved and politics lives on. That's the business of self-governance. Denying the existence of politics-that we govern ourselves-in any area attempts to hide legitimate differences between people and only gives the upper hand to those who already set the agenda and hold the power. I'm sorry if I sound like a revolutionary, but I find the very idea that government in general has nothing to do in setting standards on the Internet hypocritical. Without vast government monies there would be no military, no public universities (nor private ones on the current scale) and thus no Internet. I find the belief that government should fork over the money and shut up about it even worse. It's the same argument used by *some* artists trying to get money from the NEA, industries trying to get price supports, and so on. It's an evil idea. Maybe we do need all of these programs, but we are the government and we have a right to see what we're buying in the full light of day. I have no doubt that most of the money spent on the Internet has given us something of value we would not have had otherwise. But maybe we can do better. Would King Canute have been such a fool if he had built a dike to stem flood-tides? Wouldn't we be fools if we still believed economic forces like interest rates were also controlled by the motions of planetary bodies? In closing, I would like to publicly thank the CUD editors for their patient assistance with the original piece. We had a lot of problems with 'standards.' Wade Riddick ( ------------------------------ End of Computer Underground Digest #6.68 ************************************