<D <M <Y
Y> M> D>

I am apparently not the only one of my friends to have been mistaken for a lawyer.

If you could find and read old shell history files of mine, you would see many enormous strings of commands something like this: 

w
who
df
finger
w
w
ls -l
ls
df
ls -l
ls
ps x
w
w
df
ls -l
w
w
who
ls -l
finger
df
ps x

I would habitually run simple status-reporting commands whenever I had nothing else to do. As a result, I would gradually absorb information about the state of the system, getting a deeper sense of what was going on, and quickly noticing certain kinds of problems if they arose.

When I used GUIs, I would do a somewhat similar thing -- I would constantly pull down all the menus and submenus of each GUI application, and then close them. Or I would do a "Help About". You could call it a nervous habit. Some people watching me found it very confusing or distracting. I thought it was a great and altogether natural way to get to know the computer better.

I seem to remember that Neal Stephenson wrote something about computer users who like to receive status information constantly from their computers and other computer users who find it frightening or disconcerting (because they assume that something is wrong, or lack context to interpret the status information to decide whether something is wrong). I just re-read much of "In the Beginning Was the Command Line" in the hope of finding this passage, but it didn't turn up.

I argued to various people that constantly playing with your computer and trying to get it to elicit status messages or at least to disclose interface elements would give you a much deeper familiarity with it -- that it was a good way of learning even while you were doing something else, or while you were doing nothing at all. And it was a good way of getting closer to the machine. ("It is only by amusing oneself that one can learn." Cited by Kasner and Newman.)

I noticed that, although I am still very active whenever I use a computer, I rarely type "w", "who", "finger", or "ls" unless I specifically need the information provided by these commands. (I still type "df" and "ps" and "ps x".) I wondered what had changed to alter my Unix habits so significantly.

I thought of four relevant changes:

  1. The shared-access system I started to use most had more than one screenful of simultaneous users. So typing "w" or "who" or "finger" became annoying, because I would only get to see a tiny fraction of the total activity (and it was in some sense a random fraction rather than interesting fraction). "w" is much more comprehensive on a lightly-used system than on a heavily-used system. "w | less" takes far too long and is not consistent with browsing for idle curiosity.
  2. My home directory and most subdirectories grew to have more than one screenful of files. Thus, just as the output of "w" would scroll off the screen, the output of "ls -l" would scroll off the screen.
  3. I started to read weblogs and frequently-updating news sites, where I would find frequently-updating information by following my "linkers" (what many other people call a "blogroll") or by telling my browser to reload. This provides a different kind of interesting "idle" activity to compete with simply examining local machine state.
  4. I started to use screen, so that I was less often at a shell prompt and more often inside an application like mutt or lynx (because I didn't have to quit one application in order to start another application, as I did before I started using screen).

I have been very excited about the Hashcash approach to fighting spam.

I thought of some problems with it. I think most of these problems have been considered by the promoters of hashcash, and I hope to find out if they have good ways of dealing with them. (Briefly, the idea of hashcash is to try to get people to attach "postage" to their e-mail, at least when they're mailing people with whom they've never corresponded. That would make spam uneconomical. Mail without any postage could be rejected, or treated more skeptically, by the recipient. But to avoid having to create a financial payment infrastructure, the postage is not actually money, but rather "proof of work" -- easy-to-verify solutions to very difficult math problems. In order to see whether a message contains valid postage, you simply verify whether the math problem solution attached to it is correct. If it is, it serves to prove that whoever is mailing you spent an economically significant amount of computer time to solve the problem, so that it's very unlikely that the message is spam.)

So here are the problems I know of.

  1. Spammers taking over other people's PCs to force them into service generating hashcash. Spammers are already breaking into other people's PCs to force them to send spam to third parties; what would stop them from breaking into a large number of computers and making those computers turn out valid hashcash postage all day? Then the hashcash is still "proof of work", but it's not work done by the spammer -- it's work done by random people whose computers the spammer broke into!
  2. Hardware acceleration. Hashcash would be more easily calculated by FPGA arrays than by computers. Indeed, an EFF-sponsored project used a single self-contained custom machine to outcompete a network of many thousands of volunteers' computers -- including mine! -- in a brute-force cryptographic key search problem, which is very similar to the problems proposed for use as hashcash. What would stop spammers from building machines to calculate lots of hashcash more quickly and cheaply than PCs would? In effect, these would be counterfeit hashcash mints -- they would falsely appear to represent a substantial amount of computer time.
  3. Mailing lists. It's easy to make hashcash compatible with mailing lists (when people subscribe to the list, they promise to accept all messages from the list without demanding any hashcash). The trouble is that any list subscriber can still spam the list. And there are bots capable of subscribing to many mailing lists automatically and then spamming them all. How can a mailing list have a policy capable of making spamming the mailing list uneconomical? (Would a CAPTCHA test to subscribe to a mailing list help solve this problem?)
  4. Falling off the technology curve. If computers get faster, there will be an inflationary effect -- hashcash will become easier and cheaper to generate on modern machines. This is already well understood, and there's a mechanism for recalibrating by adjusting the amount of hashcash you demand (so as it gets easier to make, you can simply ask for correspondingly more of it). Isn't there a problem in that it will become increasingly difficult for non-spammers who are poor to get their messages through when richer non-spammers are willing to spend so dramatically much more computer time generating hashcash to get their own messages through? There are plenty of Nigerians who want to communicate with Americans, and we need mechanisms that won't prevent this entirely simply because a few Nigerians send 419 scam letters to many Americans. Moore's Law seems to make this complicated (but perhaps not catastrophic): it seems that you have to spend exponentially much more time generating hashcash to match what other people can do, if you can't upgrade your computer. That will become catastrophic at some point, if Moore's Law continues to hold and many people can't upgrade their computers regularly!

There's also a metaproblem common to many spam countermeasures: it's a chicken-and-egg deployment problem. MUAs won't attach hashcash until there are a lot of recipients who demand it, but recipients can't demand hashcash until a lot of senders are willing to provide it, right?

Network effects!

Many congratulations to PLoS Biology on its launch!

One thing I didn't realize about PLoS journals is that authors have to pay $1,500 to have their articles published. (The articles are peer-reviewed; it isn't vanity publishing as we understand that term.) I had assumed that the foundation grants supporting PLoS would also take care of the expenses so that authors wouldn't have to pay to publish, but that turned out not to be the case. I suppose this is because many foundations hate to pay for "operational expenses" or "recurring costs", and presumably the costs of reviewing and publishing papers are nothing if not operational and recurring.

Peter Suber thinks this is not such a big problem, for many reasons.

For its part, PLoS says that

a new business model for scientific publishing is required that treats the costs of publication as the final integral step of the funding of a research project.

This model is different from some other open-access publishing, which may not have any "funding" in the first place. It really seems that the relevant costs are coming from the formal peer review and formal editing steps.

I was just re-reading a whitepaper on DRM by Alex Alben. Alben notes that DRM is very controversial, but jokes in a footnote that at least "[a]ll the parties to the debate can agree that DRM stands for 'Digital Rights Management'".

Amusingly enough, Alben is wrong! Thousands of uses of the expansion "digital restrictions management" are attested, possibly inspired by the FSF's suggestion that we that phrase. Many copyright activists are concerned by the use of "rights" to mean "policies" (I am trying to avoid that usage in "How to Abuse Trusted Computing"). Among other things, this might be because "right" (and its equivalents in other languages) has connotations of "justice", and the enforcement of some policy might not have any connection to justice.

Of course, this usage might not have been created solely to polish the image of policies associated with documents by publishers -- since it's also true that "right" has come to mean "policy" in some parts of security engineering. But it always grates on me when somebody describes a way of transmitting or enforcing policies like copy-control policies as "rights expression", "rights management", "rights enforcement", etc. This usage seems especially common among DRM vendors and customers.

I just found it funny that the only thing Alben could find that everybody agreed on isn't actually agreed on at all.

As I mentioned when I first met him, I think Daniel Ellsberg is "a great hero of the American people".

Praveen and I went to hear Ellsberg speak in Berkeley on Friday. I got an autographed copy of Secrets and a story I think is worth mentioning in my discussion of the Wannsee Conference House.

This reminded me that I really ought to finish my Wannsee essay and post it along with my Wannsee pictures. You might recall that I took those pictures but have yet to post them on-line. But I'm thinking that maybe I should read Eichmann in Jerusalem first. It may be that essentially everything I want to say about Wannsee is already there in some form. I suppose that doesn't make my saying it superfluous.

Neil Postman has died. I'm sorry that I never met him.

[Main]
Support Bloggers' Rights!
Support Bloggers' Rights!


Contact: Seth David Schoen