Vitanuova for 2004 October
<M <Y
Y> M>

It looks like Aaron got a lot of people to subscribe to seth-trips.

The comments on TCG's best principles document that I wrote for EFF are now up on the EFF site.

Here is a passage I wrote that didn't make the final cut. I was talking about what it means to have "control" of a computer.

Presumably there is a continuum here, in the sense that someone could argue that "control" of a computer shouldn't stop at the mere option to program it, but should extend to redesigning the functions implemented in its hardware. Such a person would presumably complain that AMD, Intel, and Transmeta know how to alter the microcode inside CPUs after the point of retail sale, but refrain from sharing all the details with the public, even though doing so would expand computer owners' control over the instruction sets their microprocessors implement. In a layered system, it is true that owner control will always be partial at some layer -- if only because computers are implemented in the physical world and our control over that world is subject to fundamental limitations.

This reminds me of the question of "equivalent access to modify" that I and others brought up in a discussion some time ago about the GNU GPL and embedded software. The GPL uses an ingenious concept when defining source code: "The source code for a work means the preferred form of the work for making modifications to it." That definition is ingenious because it isn't at all specific to the technology used to create the work. The source code to my TCG principles comments, for example, is a LaTeX file (and an Adobe Illustrator file and an OmniGraffle file, which were both converted to EPS and then to PNG before ending up inside the PDF above).

Now, this is pretty amazing. The GPL's broad definition of "source code" automatically implies that the source code for that PDF includes the two OmniGraffle files, even though OmniGraffle hadn't even been written when the GPL was drafted (and even though the GPL was meant to apply to software works rather than to other kinds of literary works).

The GPL's defintion of "source code" is a structural definition: it suggests that there shouldn't be anyone who has more privileged access to modify a software program than any of the software program's end-recipients does. Some people then worry about how this principle extends to embedded software. When embedded software is published under the GPL, vendors may provide CDs of source code along with the devices that contain object code -- or sometimes they provide written commitments to provide such CDs, or make downloads available (which FSF doesn't think constitutes a "medium customarily used for software interchange").

The result is that you can modify the software, but not necessarily the software within any particular device. So you might say that embedded devices tend to erase the structural equality between all parties that the GPL establishes for software published for computers. There is somebody who has a more privileged kind of access to modify the software within a device than even the owner of the device does. So for example, you might ship a PVR that contains only GPL-covered software, but the PVR might contain some kind of secret key or secret handshake that's needed in order to perform software upgrades. You publish all your source code, but nobody can actually install a modification without your help. (In my TCG comments, I discussed a related example involving the video game Netrek, which is, in fact, free software, but which different people have very unequal access to modify usefully, because of the use of secret keys to try to authenticate client software versions to servers.)

I remember having several discussions about whether the GPL could be amended to say that a manufacturer of a device that incorporates GPL-covered software -- and involves the exercise of a section 106 copyright right in that software! -- must provide "equivalent access to modify" that software. (Equivalent to what? One possibility is "equivalent to the manufacturer's own ongoing access" and another possibility is "equivalent to that conveyed by the manufacturer to any other party".) Another question is whether this would even be a good idea.

One obstacle to that suggestion is the general problem of computer security. Implementations of computer security usually rely on not giving all parties equivalent access to modify software; only some parties get that kind of access. The existing GPL has a clear rule that is not incompatible with traditional computer security: anyone who exercises certain exclusive rights of the copyright holder must provide source code access. But source code doesn't include things like passwords, cryptographic keys, and configuration files, which cause particular instances of software to treat different people unequally even though the underlying software program itself, as a literary work, might well be equally available to them.

A broad rule about providing equivalent access to modify software seems like something that would create a lot of mischief with various computer security policies. I think this is just an illustration of another comment of mine in the TCG comments: that Bruce Schneier is right to say that all security systems shift power from someone to someone else, and that the value of a security measure is something that different observers will disagree about. If you like some security policy, you may be grateful that the enforcement of that policy isn't hampered by an "equivalent access to modify" rule; if you hate it, you may wish there were such a rule.

Most people accept -- in some sense -- that their CPU vendors have not published the means of changing the microcode inside CPUs. But they don't necessarily approve of that decision, and they may well believe (as against the CPU vendors) that the world would be a better place if that information were revealed. And part of what drives them to that concern may just be a long-established concern with assymetries of power. If CPUs were elementary particles, and nobody had ever taken one apart, that would be one thing; instead, there is somebody who knows how to change how your CPU works, and that person won't tell you. So the sense of control seems to be, in a way, a question of jealousy: is there somebody else in the world who can make changes and achieve results that I can't? It isn't an absolute question of what you can do or what you can't do, but a question of who's preventing you, and what that person is keeping secret from you.

One really funny thing about this is the way that different people develop different intuitions about which things are properly under their control. For example, not many people say that they should be able to control somebody else's e-mail client, or the rain, or the Pentagon's web server. But many people have developed an intuition that they should be able to control software that runs on their computers. And other people have developed an intuition that they should be able to control programs that they write, even when they're running on someone else's computer. "The prayers of both could not be answered. That of neither has been answered fully."

I want to think more about the idea of control as arising out of jealousy. (I should probably say contrast rather than jealousy.)

My article about deception in Other #5 was published some time ago (though the cover date is October 2004). I was hoping it might be on-line, but it looks like you'll have to get the print edition if you want to read it. Computer security fans will note the lack of an insightful discussion of attestation of code identity; Barbara Nitke fans will note the lack of an insightful discussion of masochism. If you do buy Other #5, I hope you like my article anyway.

Unfortunately, my article was very abstract by Other's standards. Thanks to Charlie and Annalee for accepting it.

If I'd posted this item in the days of my Advogato diary, I would certainly have had to title it "In Other news".

I think the television broadcasters at the Iowa DTV symposium in Des Moines were a tougher audience for EFF's message about the broadcast flag than the hackers at DEF CON, but I had a very nice time on my first trip to Iowa. The climate and flora reminded me a lot of Massachusetts, where I grew up. I'm glad I got to go.

Biella and other anthropologists have gotten an issue of Anthropological Quarterly devoted to free software and copyright issues, including Rosemary Coombe and a collaborator talking about the Maori language. This looks great -- in typography, editing, and substance.

To further protect your book content, printing and image copying functions are disabled on all Google Print content pages.

Similarly:

We've put a number of measures in place to prevent the downloading, copying, or printing of your content [...] Pages displaying your content have print, cut, copy, and save functionality disabled in order to protect your content.

I'm surprised at how much effort Google went to here. I would have expected my browser not to be vulnerable to having any of its "functionality disabled", yet, with a recent Firefox, I found that I couldn't

  1. print the page to a PostScript file,
  2. right-click on the page at all,
  3. save the page to disk (the image would somehow not be downloaded at all),
  4. view the precious image in Page Info/Media (although I could see which image it was),
  5. save the precious image in Page Info/Media,
  6. find the precious image in the DOM Inspector (which seemed like the really heavy artillery), although the DOM Inspector did let me see its URL as part of an uninterpreted style definition, and seem to reveal the trick: defining a style called ".theimg", with the definition
    { background-image:url("http://print.google.com/long url with cryptographic signature"); background-repeat:no-repeat; background-position:center left; background-color:white; }
    and then invoking that style inside a <div> tag:
    <div class=theimg><img src=images/cleardot.gif width=575 height=928 class=border></div>

So I tried turning off JavaScript, and I found that I was essentially no better off: right-clicking caused a copy of cleardot.gif, not the .theimg background, to be saved to disk. For some reason, Save Page As.../Web Page (complete) still declined to download the background image at all, even in the absence of JavaScript, as if perhaps the CSS parser in the display logic in Firefox is smarter than the CSS parser in the Save Page As... code.

The two ways I've found so far that work to capture images from Google Print are a screen capture (I used xwd, which of course worked perfectly) and looking in the on-disk cache (ls -lrt .mozilla/firefox/default.*/Cache/[0-9A-F]*). I'm still puzzled about why Page Info and the DOM Inspector won't actually reveal the image referenced in the .theimg style or allow it to be saved.

If you wanted to write a proxy that would make Google Print pages capable of being saved to disk, you would presumably want to match

background-image:url("http://print.google.com/\([^"]+\)")

(although you'd need to be careful to match only the one in the definition of ".theimg", because it looks like there may at least one other background-image:url) and then replace

<div class="theimg"

with

<div class="x"

and somewhere nearby (I'm not sure how many tags up you'd need to go) insert a plain old

<img src="http://print.google.com/$1">

I haven't tried this because it felt like too much work relative to the previous two methods.

Contrary to what I expected, Google Print does not seem to check referer, so it seems to be possible merely to extract the URL from the definition of .theimg, and then to load it directly. Perhaps that will change in the future.

Google must have hired some experts on html image protection or html obfuscation. To be sure, there are lots of other tricks in Google Print that I had never seen before. It is hard to think that the author of that HTML obfuscation was not the subject of Richard Stallman's accidental haiku. It is amusing to think that Mr. Bad's "other" DeCSS might at last be used for some kind of circumvention (although I doubt it, because presumably Google Print simply won't work at all with the CSS removed).

Google Print's version of the first page of Alice in Wonderland

Someone I know said:

The problem with "don't be evil" is that people get mad at Google when it acts like a business, instead of like the Messiah.

After an exciting slashdotting that took vitanuova offline for a while, I learned that Gervase Markham, a Mozilla developer, did a similar analysis and even found some other useful approaches. He's kept on researching this and continues to post information about Google Print on his site.

(This article has been updated.)

Several people suggested I compare Google Print with Amazon Search Inside the Book. I signed up for an Amazon account for the first time in years (I'd been adhering strictly to the Free Software Foundation's Amazon boycott, which I didn't even know had ended until I looked at the FSF site while writing this entry). The comparisons are relatively straightforward. First I'll talk about non-DRM functionality. Here are the advantages of Google over Amazon:

  1. Google Print is integrated with Google.
  2. Google Print appears to have pages scanned at a higher resolution, although it's been difficult for me to tell for sure because I haven't been able to get the same page from each.

And here are the advantages of Amazon over Google:

  1. Amazon's search has (at the moment) more books included. Because of Amazon's relationships with publishers, it might take Google a long time to catch up.
  2. Amazon's search appears to allow you to view more pages of a single book from a single search than Google Print does. There is a way to get Google Print to show you more pages (by doing a new search for a sentence on the last page Google Print was willing to show you), but it isn't automated and requires a good deal of human effort.

All right, how about the measures used to prevent people from saving the images? Here I was surprised at the result, because among friends of mine who are likely to have a strong opinion about this kind of thing, Amazon has a poor reputation and Google has an excellent reputation. Nonetheless, Google has exerted more effort to stop people from saving images from Google Print and it is significantly easier to save images from Amazon's search.

Amazon uses a JavaScript that prevents people from right-clicking on images, but merely disabling JavaScript was completely sufficient to allow me to save them directly from FireFox. What's more, from the Amazon search, I could immediately see the precious image in Page Info as well as the DOM Inspector. (Amazon also does not check referer, and you can get a URL from the DOM Inspector that will work directly. I have not investigated whether either Amazon or Google uses cookies to verify that you have personally performed a search that actually resulted in the particular book page of interest.)

By contrast, none of these methods worked with Google, and I had to resort to much more involved techniques to save precious images from Google Print.

There are (since security is observer-relative and, as Bruce Schneier says, security will always shift "power in varying degrees to one set of players from another") at least two ways of looking at this contrast. One is to say that Google has engaged in better engineering than Amazon; it has obviously spent more time and engaged in more resources trying to figure out how to prevent people from saving images from modern HTML pages. The other is to say that Google has imposed more restrictions on its users than Amazon has, and that Amazon has done a better (less bad) thing by not trying hard to disable end users' browser features.

I think it's a good thing, a powerful thing, to read advertising that isn't directed at you. I had a fascinating time last summer when National Journal favored EFF with a free introductory subscription. National Journal is among the top two or three insider publications about U.S. Federal politics, and, as one lawyer put it, talks about "what the real political issues are" and "how the government actually makes decisions" rather than the television or civics-class or Presidential debate versions of those topics. It costs more to subscribe than I can ever imagine being able to afford, and it's a really useful publication. Almost nobody knows about its existence apart from people who do politics professionally, including members of Congress and Congressional staffers. The most fascinating thing about reading National Journal isn't the reporting, though, although it's really excellent. It's the advertising. Ads in National Journal don't promote toothpaste or liquor or perfume or cars (at least not particular brands). They promote things like weapons systems, like industries, like legislation. Our helicopter is more lethal and cheaper. Our industry employs millions of people. Our bill will create jobs and a level playing field. I had never seen ads like those before; at first, I thought they were a joke. They're not. They're just not aimed at me; they're aimed at Congressional staff. They're constructed just like regular advertising, and they're aimed at someone completely different from you.

Here is some Google advertising that isn't aimed at you (unless you're a commercial publisher):

Google Print is a book marketing program, as opposed to an online library [...]

It's from the Google Print FAQ for Publishers, all of which is aimed at commercial publishers (not you). (P.S. to Google: how come the Publisher FAQ defaults to HTTPS, where the Consumer FAQ isn't even available in HTTPS -- trying it in HTTPS just redirects you to the Google home page?)

In one sense, Google Print's customers are commercial publishers rather than end users (much as Google Search's customers are advertisers rather than end users, as is the case with a number of other advertising-supported services). If you think of it that way, you could conclude that Google Print's more restrictive coding is a better service to Google Print's customers. If you were involved in the Dmitry Sklyarov case, you might remember the perennial oddity: Adobe kept saying that Adobe eBook DRM was a good idea. Activists pointed out that customers (end users) hated it. Cleverer activists pointed out that Adobe's DRM customers are not end users; they're commercial publishers. Commercial publishers often feel that they have different interests from their customers; people who supply or market to commercial publishers, like Adobe and now like Google, are apt to feel an urge to make their immediate customers happy and leave a portion of the task of making end users happy to others. I don't think that this is an absolute division, merely because commercial publishers and readers have an "incomplete antagonism" rather than a "complete antagonism". Therefore Google would also, for example, like end users to like Google Print, not least so they keep coming back and increasing their use of other Google services.

I don't have a specific conclusion about whether Amazon or Google has a better book search overall. Amazon so alienated me with its patent litigation against Barnes and Noble that, even though the FSF called off the boycott, it's hard for me to imagine myself using Amazon again on a regular basis. As a rule, I don't like e-books (even open format e-books; I buy DRM-restricted e-books only in the course of making political or technical criticism of them and never to read). I prefer paper books, which I normally buy through Powell's, Bookfinder.com, and in person from local independent book stores. But I often wish that I could find a particular phrase again months or years after reading it. I already do Google searches in the hope of finding references to those phrases; I can imagine Google Print increasing the frequency with which those searches find success. (I haven't seen whether Google Print will be able to handle wildcard searches; that will be interesting, too.)

I have some more general conclusions to offer, rather than preferring one search service over another.

First, the web standards developers have done a great job in keeping HTML and other web standards human-readable, open, and typically relatively close to the source code from which they're generated. I'm aware of other criticisms of them, but they've done a great thing here, and I hope they keep it up. Google knows that it would be badly disserved by a change away from web standards compliance, so notwithstanding what some commercial publishers might want, I don't think it will ever do anything to damage the value that web standards have created.

Second, Mozilla developers have done a great job in creating a high-quality free software browser that responds directly to its users' demands and is accountable solely to them. It's amazing to see that it takes less than a day between a user's complaint about how Mozilla deals with a site and the time Mozilla developers suggest workarounds or even begin to implement fixes within Mozilla. (And this is true whether the user's difficulties are intentional or unintentional on the part of the site's author.) I'll say again that I think Mako is right that free software is unique in being solely accountable to end users in the long term. (It is possible that there are economic situations where users might not be served well by that kind of accountability, but it's not easy for me to believe that they're the rule. People who work in advertising, maybe including most every non-technical person at Google, may come to develop a different intuition, especially because many of the most famous examples of "accountability to users" seem to center on allowing users not to view advertising they don't like.)

Third, this experience seems to be providing actual ideas for feature enhancements in Mozilla, and I look forward to them. I'll keep on eye on Gervase Markham's site.

Ed Felten pointed out something that I had been worrying about in the back of my mind: my "slow attestations" scheme (see my suggestion, discussion on the Cryptography list, Unlimited Freedom's critique, and the EFF comments on the TCG Principles, where slow attestations are discussed in section 6.4) has a serious flaw. The trouble is severe enough that slow attestations probably won't accomplish what I wanted them to.

Felten observes that sealed storage can be used as a sort of proxy for attestation. (I discuss that in section 6.1 of the EFF comments mentioned above.) That is, a given entity can use sealed storage as a way to verify that the state of a machine is the same at some future time as it is at the present. It does this by generating a secret, somehow ascertaining the present state of the machine, and asking the machine to seal the secret. Later, the entity can challenge the machine by asking it to hash the relevant secret with a nonce; if the machine responds correctly, then, assuming sealed storage is secure and works as designed, the machine's state must be the same as it was when the secret was sealed. There are some fine details here, but in theory this should work.

Felten observes that this way of using sealed storage undermines the effectiveness of slow attestations, because slow attestations were meant to make it expensive to ascertain the state of a machine every time anyone tries to do so. However, sealed storage would allow somebody to use attestation (including slow attestation) just once to verify a machine's state, and then issue it a key, token, or even a cryptographic certificate that serves to prove that state as rapidly as desired any time in the future. That makes the expense of verifying a slow attestation an expense that only has to be incurred once per machine (perhaps more precisely, once per machine/OS configuration/application combination, as Felten notes), and only has to be incurred by a single party, since that party can then act as a certifier, if other parties trust it.

I haven't been able to come up with a countermeasure that would restore the benefit of slow attestations. It would, of course, be possible to tinker with sealed storage as well as attestation, but I'm afraid that sort of speculation leads to chaos as well as an arguments that it would significantly increase the cost of implementing the TPM specification.

Lachlan Hunt had the best suggestion yet for defeating Google Print DRM with Firefox: put the line

img[src="images/cleardot.gif"] { visibility: hidden; }

into chrome/userContent.css, and then (following somebody else's suggestion) Edit/Preferences/Web features/Advanced JavaScript Options/Allow Scripts To: Disable or replace context menus (no). That is the end of Google Print's control over your right mouse click feature, at least until Google changes the name of cleardot.gif.

[image of Advanced JavaScript options]

A lot of people read my earlier piece on Google Print through links from slashdot and Boing Boing, and a few sent me comments on it. They weren't necessarily as convenient in their suggestions as Lachlan Hunt's solution. One reader suggested that a proxy called Proxomitron can perform regular expression substitutions in retrieved pages, and even provided a plausible regular expression to "provide thumbnails of background images" in all retrieved pages, thus allowing browsers which provide limited access to background images to make use of direct links. It sounds like this technique was earlier developed by people who were frustrated with recent tricks used by IMDB to prevent people from saving images.

The peculiar tragedy of Proxomitron, as I understand it, is that it was Windows freeware maintained as a public service by a man who abandoned the project (last year) and then died (this year). The result of all this is that nobody else will readily be able to maintain or enhance the project. (They can't even readily fix bugs.) I don't know any reason to believe that the author meant for his project to die with him. I would be happy to hear from a Proxomitron user that the story has a more optimistic conclusion...

Google Print seems to return a consistent, stable URL in response to a given book search result (even if you search some time later with a different browser). It also seems to return a consistent, stable "sig" parameter for a given page of a given book, regardless of which particular search was used to obtain it. That means that URLs to book images can be bookmarked and can also be given to other people. Browser cookies are not relevant; I was able to delete my Google cookie and even access URLs with lynx.

Contrast this URL from an actual search with an edited version of the same.

Gervase Markham has some analysis of the parameters in a Google Print URL, including a similar conclusion about "sig".

You can download Google Print precious images with Firefox or lynx, but not with wget, as someone noted -- the user agent makes it give a 403. The same is true of curl, which implies that Google Print has a list of banned user agents. However, wget --agent="Crystal Geyser Natural Alpine Spring Water" worked just fine, as did wget --agent="Opening Brief of Petitioners". (Perhaps the user-agent discrimination is aimed at preventing people from using wget -r, although I don't know if wget makes any attempt to parse CSS. It doesn't seem to; even --page-requisites doesn't appear to try to parse CSS, merely to download external CSS files.)

Google's URL structure seems to make the virtual host name merely cosmetic; all URLs at print.google.com start with "http://print.google.com/print?" -- something I noticed after reading Google's robots.txt and noticing that it was the same as print.google.com's robots.txt. If you find a Google Print precious image URL and change it to use www.google.com/print? instead of print.google.com/print?, it still works perfectly.

I had a nice time at Writers With Drinks and Bootie. This particular Writers With Drinks even featured Lessig.

Writers With Drinks is held at the Make-Out Room, which is not far from the Elbo Room. I wonder if the latter is the only venue in San Francisco that is also a book by Daniel Dennett.

Google recently changed the language in its consumer FAQ from "To further protect your book content" to "To protect the publisher's book content", which makes me wonder if the consumer FAQ language was originally cribbed from an earlier FAQ for publishers. (Obviously, the materials for publishers were written earlier, because publishers have been submitting materials to Google Print for some time.)

Another FAQ answer says:

In order to enforce content viewing limits, we must keep track of page views by users. We do not associate any of your searches, or the specific pages you view, with personally identifiable information about you, such as your name or address. We're only concerned with the number of pages you've viewed in the particular book you're looking at. As always, we strongly encourage you to read our Privacy Policy (and everyone else's) to be fully informed about how your confidentiality is protected.

Other people were wondering whether this is done with a cookie, with IP addresses, or perhaps with some other tracking mechanism Google's discovered (cf. Martin Pool's meantime). I have yet to do any experiments about this; I'll probably try some browsing with Tor when I get a moment. (That reminds me of the oppositional geolocation issue; I know from Nitke work that commercial geolocation providers claim to be trying to identify IP addresses of proxies in order to allow them to be blacklisted. I've made a note to post later on about different threat models for proxy systems, but I won't go into that any further here.)

Another question is whether Google can avoid collecting PII if it uses particular enforcement methods. We know that PII collection is often in some sense inadvertent. I've heard lots of people -- not just Google -- talk about how they were not going to collect PII for various applications, but they often ended up collecting things from which PII could be deduced (in case of a court order, for instance). I expect to be doing a lot more research about this general problem, not in connection with Google Print, but for an EFF project on data retention. A lot of people have too-clever methods for "not collecting PII" that actually aren't, at least if the threat model is a court order demanding production to a technically knowledgeable person.

The Google Privacy Policy (not yet specifically updated for Google Print) says:

Google collects limited non-personally identifying information your browser makes available whenever you visit a website. This log information includes your Internet Protocol address, browser type, browser language, the date and time of your query and one or more cookies that may uniquely identify your browser.

I realize it's conventional in much of the Internet industry to say that an IP address is non-PII, as Google does; still, "Internet Protocol address [...] date and time" have often been sufficient to identify an individual when combined after the fact with ISP records, as in the RIAA file-sharing cases (first by means of 512(h) prelitigation subpoenas and later by means of subpoenas in John Doe lawsuits). (For various reasons, this identification process sometimes produced inaccurate results; that's one reason I say "have often been sufficient" rather than "have always been sufficient". I'm assuming here that it's sufficient often enough to raise a privacy concern.) That means that this information isn't PII to Google, in the sense that it doesn't allow Google alone to identify someone personally, but it is PII in a more absolute sense (in that there is a foreseeable way that it might be used to identify someone personally). This can be contrasted with pure demographic information, which, under certain assumptions, couldn't be used by anybody to personally identify an individual. An IP address is far from being purely demographic!

Amazon.com's privacy policy is much worse; it doesn't even claim to try to avoid collecting PII, but rather plunges right into the question of with whom the collected PII may be shared. Interestingly, Amazon suggests using anonymizing technologies (although its list is way out of date -- it includes ZKS, which has totally abandoned the consumer privacy market). Using Amazon's Search Inside the Book anonymously is an interesting question; I understand you have to log in to do it, although I don't think Amazon verifies any of the information you provide when you create an account.

I wasn't able to use Google Print through Anonymizer.com, although it seems to me that this was Anonymizer.com's fault (for mangling Google's HTML badly) rather than Google's (since it appears Google did not refuse to serve Google Print pages to Anonymizer.com).

Of course, Julie Cohen wrote an entire law review article, a modern classic, on whether copyright would lead to the erosion of anonymity for readers. "A Right to Read Anonymously: A Closer Look at 'Copyright Management' in Cyberspace", 28 Conn. L. Rev. 981 (1996). This has been an on-going theme in her work; see also her working paper "Normal Discipline in the Age of Crisis". It's a little funny to look at the footnotes in "A Right to Read Anonymously", because it was written before the DMCA and before any large-scale deployment of DRM, so a lot of the things that have become concrete were then speculative (and not all of them developed quite as Prof. Cohen imagined. But it would also have been speculative to say in 1996 that "we must keep track of page views by users" for copyright reasons; now Google has said it.

I'll be in Rio de Janeiro, but the Vintage Computer Festival is coming back in Mountain View in early November, at the Computer History Museum.

I've gotten a couple of spam messages in the past month from some English teachers in Hong Kong. They're asking for people in the West to help back them up on a point about English grammar. Apparently, English grammar books available in Hong Kong misrepresent the rule about when you should use the present perfect and when you should use the simple past. The teachers sending the spam know the rule, but their students seem to consider the textbooks better authority than the teachers -- and won't listen when the teachers try to teach the correct rule. So the teachers decided to send out a spam appeal for native English speakers to try to get the correct rule into a publication so it would be persuasive to Hong Kong students learning English as a second language.

In my view, the present perfect is forbidden when the verb is qualified by an adverbial referring to a time period, except if the time period includes the present.

So, for future reference, here's the way the Oxford English Grammar (ed. Sidney Greenbaum) puts the matter, which agrees with my intuition as a native English speaker:

5.27 Present perfect

[...]

The present perfect [tense] competes with the past [tense], which occurs more frequently. The present perfect is generally excluded if there are expressions that refer to a specific time in the past. Contrast:

[24] I worked in New York in 1990.
[24a] I worked (or have worked) in New York for many years.

On the other hand, the past is generally excluded in the presence of expressions that refer to a period of time extending to the time of speaking or hearing.

[24b] I have worked in New York since 1990.

I hope that's authoritative enough, and I hope that helps get the English teachers to stop sending spam.

It's interesting to consider what happens if the period of time described in the adverbial includes time up to but not including the present. Perhaps changing from one tense to another can be a way of indicating an important change, or even serve as a performative. This reminds me of a significant use of tense in the Aeneid that's hard to capture concisely in English:

"quo res summa loco, Panthu? quam prendimus arcem?"
vix ea fatus eram gemitu cum talia reddit:
"venit summa dies et ineluctabile tempus
Dardaniae. fuimus Troes, fuit Ilium et ingens
gloria Teucrorum [...]"

Aeneid II, 322-6.

I asked him: "Where's the heart of things, Panthus? what fort should we fight for?"

I had hardly said this when he groaned and answered:

"The final day and unavoidable time has dawned for us. We Trojans have been, Troy has been, and her people's great glory as well."

(Some people say: "Troy has been, and we have been Trojans." Since the Latin is so concise, it might even be better to say "Troy was and we Trojans were".)

Joe Slater suggested that "fuimus Troes, fuit Ilium" could be translated "we Trojans are done, Ilium is done...".

I'm having a great time learning a little bit of Brazilian Portuguese in preparation for my upcoming trip to Rio de Janeiro. Now I know how to say "ich bin vegetarisch", "ani tzimchoni" [phonetic], "mi estas vegetarano", and "[eu] sou vegetariano". Five languages down, thousands to go...

Oddly, I've never learned how to say that I'm vegetarian in Latin. ("Carnem edere nolo", "aves edere nolo", "pisces edere nolo", etc., or "non edo", should be totally sufficient, but they're not particularly concise.) This might actually be an issue when I attend the Latin-speaking dinner in Berkeley on Saturday.

I particularly enjoy learning Brazilian Portuguese because it's a beautiful language and relatively familiar because of its similarity to Latin. (It seems closer to Latin than any other Romance language I've seen.)

Ich arbeite mit Rechtsanwälten in Amerika. Eu trabalho com os advogados em os Estados Unidos. Laboro hic in California cum iurisconsultis (qui libertatem Interretis conservare temptant). Aber ich bin kein Rechtsanwalt. Mas não sou advogado. Tamen non sum iurisconsultus.

(Maybe that should be "com advogados" and maybe "não sou um advogado", but I feel pretty good with the articles where they are.)

I finally got to go to a cena Latina in Berkeley, and had a wonderful time. It's been quite some time since I had a chance to speak Latin, but I found that I was much more fluent than I expected. I managed to express sentiments such as

with relative ease in Latin. I also made a couple of jokes about the fact that the modern Latin word for "juice" is the same as the classical (and modern) Latin word for "law" or "rights". Those jokes don't translate particularly well.

We also had an interesting discussion when the founder of SALVI received a cell phone call in Latin. One question was whether all her friends speak Latin ("if they did, I wouldn't have very many friends") and another, after she had to go because her battery was running out, was why a battery is called a pila in modern Latin. (See above, but a simpler answer might be that the word is borrowed from Spanish.)

I had a lovely time and would certainly go again to future cenae Latinae; I'm also going to join SALVI and buy a contemporary Latin dictionary. And I'm even tempted to try to go to an intensive Latin immersion program such as the SALVI-sponsored rusticatio or the class taught by Reginald Foster.

Immediately after the cena Latina, I went to Michelle's house and started studying Portuguese with her. Somehow I managed to avoid any particular degree of linguistic confusion; the only cross-linguistic error I made all night was when describing the cena Latina to Michelle and discussing the names of languages; I said that Latin-speakers call Portuguese "lingua Lusitanica" and that they call Latin "lingua Latina", but that if "lingua" were masculine it would be "Latino". (Nope -- that's Portuguese; it would be "Latinus", like the Aeneid character.)

I understand that a number of Brazilians have studied Latin, so perhaps if I get a negative answer to "fala Ingles?" I should try "fala Latim?".

Anyway, I had a great time studying with Michelle, and she helped me improve my Portuguese accent a bit. Michelle has a tremendous facility with accents and speaks Brazilian Portuguese beautifully, even though she hasn't been to Brazil yet. Michelle pointed out that Brazilian Portuguese does have a real future tense; the guidebooks suggest "vou + ", which translates literally as "I'm going to ..." and which is apparently the most common future construction in modern Portuguese, but which does not mean that there isn't a separate future tense.

My most complicated Portuguese sentence yet was something like "O Consulado-Geral do Brasil, que fica na Rua Montgomery (perto da Rua do Mercado), deu-me um visto". (Why not "deu para mim"? What preposition would you use if you weren't using a personal pronoun? Is it "a"? Please don't answer that if you're reading this after October 2004.) Esta frase é a verdade!

OK, I'm going to try to convert one of those Latin jokes into an English joke.

Q. How are lawyers like this fruit salad?

A. They both spend hours stewing in ius.

Henry Beard was actually able to translate English jokes into Latin jokes that were still funny. For example, he has an amusing Latin rendering of the baseball chant "we want a pitcher, not a glass of water".

I show up in Prof. Shulman's report on the impact of information technology on Federal rulemaking. He seems pretty down on action centers. You can see what Ren and I had to say about this a few months ago.

Everyone at Prof. Shulman's workshop seemed to feel that there is a systematic asymmetry between people who engage in lobbying on a professional basis and people who do it as a hobby. (It seems to trivialize it to say "as a hobby" because nonprofessional commenters often care a great deal more about what they're saying than do professional commenters. Maybe I should say "avocational commenters" or simply "nonprofessional commenters".) The trouble is that professional commenters can usually afford to do more research, to become more familiar with the law, to learn more about the specific interests and concerns of the agency (or of particular staff members), to do prettier layout and presentation, and much more. Despite the theoretical prospect that treating them differently might violate the Administrative Procedure Act, it's hard for anyone to avoid the psychological effects of contrasting a professionally typeset article with a poorly hand-written informal note. Some people (especially some professional lobbyists) don't feel particularly unhappy with the imbalance. There has been a lot of optimism that the Internet might erode this asymmetry, by allowing the general public to do more research more quickly and cheaply, or to co-ordinate comments by people who exist outside of a formal organization. Unfortunately, that doesn't seem to be happening to the degree optimists had hoped. (Maybe this should be described as another case of the failure of the most optimistic predictions about the disintermediating effects of the Internet, as described, for example, by Brown and Duguid in The Social Life of Information.)

If it did happen, in any case, action centers would probably play only an indirect role. Most people who use action centers to comment to agencies in rulemaking proceedings do not, in fact, use them in a way that immediately leads a receiving agency to lend more weight to the petition. As Ren and I described, action centers might have other useful functions. But the ways in which rulemaking disadvantages the general public run fairly deep. Agencies emphasize that rulemaking is not a matter of popular vote, which leads to strange situations where one corporation (citing hard figures about millions of dollars, or merely citing a single code section or prior regulatory decision that seems to call for some interest of its to be taken into account) may beat out vast numbers of people who can only say that a proposed rule with disadvantage them each individually.

On the bright side, there's a lot more publicity surrounding many kinds of government activities than ever before, and a lot more contextual information available to anyone who merely becomes curious. That is a success of open-government legislation, not to mention of librarians, not to mention of Google.

I think people like Brown and Duguid are going to have more prominence in the next decade. Like the telephone, the Internet has had some important disintermediating effects, but like the telephone's, they have been far from total. You can call pretty much any government employee, but you probably don't, because you don't know the actual telephone number of the government employee you would want to call, and if you did call, you might not be able to make your case as clearly as you can to a friend or colleague, and the government employee might not particularly care to hear from you anyway. Now the same thing is true of e-mail!

I haven't finished reading Prof. Shulman's report yet, but I'm grateful to him for the opportunity to participate in his workshop. If the Federal Docket Management System ends up supporting RSS, that alone will be progress, whatever happens to action centers.

Here is a portion of what Babelfish said I had to say in a letter I wrote to a hotel in Brazil:

It forgives me, nao I say the Portuguese well! Study and I wait to speak more better when I go to Brazil. Debtor.

It sounds like Babelfish might be talking about itself.

I'm now playing at Standard difficulty and have lost seven pounds (over 3.1 kg). Annalee says she can't hear about DDR without imagining that I'm playing Deutsche Demokratische Republik (possibly a somewhat less congenial game than Dance Dance Revolution).

I have previously reported that, unlike the Cumaean Sybil, Annalee remained one color and her hair remained kempt. It seems necessary to set the record straight by clarifying that, although Annalee herself has remained one color and her hair has remained kempt, her hair has not remained one color.

(See Aeneid VI, 47-8.)

There is now a second PLoS journal: PLoS Medicine. It joins PLoS Biology as a free peer-reviewed scientific journal in the life sciences.

Happy 90th birthday to Martin Gardner!

"I only read Playboy for the Perl modules." -- Chris Palmer (after a suggestion by Nick Moffitt)

Zack Weinberg and I went to a Noe Venable concert at 12 Galaxies, the Mission's only nightclub named in honor of Frank Chiu. It was far too noisy, but Noe performed some great songs, including a number of new pieces that I continue to hope she'll record on a fourth CD.

My sister advises me that her college will award PE credit to students for playing Dance Dance Revolution. (See PE 43a, "Dance Dance Revolution".)

Q. What do Debian advocates say about people who've decamped to use Gentoo?

A. They've sold their birthright for a mess of portage.

I have signed a contract with No Starch Press to write a book about trusted computing, to be published in 2005.

The first day of the Nitke trial (or evidentiary hearing, if you prefer) was very interesting. It's the first time I've seen a 28 USC 2284 three-judge panel. The first day featured mainly witnesses who were afraid of being prosecuted for publishing sexually explicit material on-line. All of them described knowing personally people whose lives were severely disrupted by obscenity prosecutions or threatened prosecutions. It seems that pornography tears families apart -- when the Justice Department prosecutes publishers.

The first day also featured testimony from Prof. Arthur Danto, who described Barbara Nitke's photography as "high art". (See also Nitke's excerpt from his written testimony.)

[This entry has been corrected.]

I visited the World Trade Center site for the first time on Wednesday. As millions of people know, and as Mako said, it's now a huge construction site surrounded by a sort of outdoor museum. The museum part is not officially permanent, but it seems unexpectedly durable and surprisingly elaborate. I found Christoffer's name immediately on one of the plaques -- which called all the people who died "heroes" -- and felt like I was at the Vietnam memorial in D.C.

I found "heroes" to be a very loaded term. To me, the September 11th attack dead are murder victims, most of whose last moments are shrouded in mystery. They say that many people tried heroically to stop the hijackers. The plaque calls every one of the dead a hero. Is it heroism to be murdered sensationally or notoriously? I'm sure the plaque aims to honor the dead; what if the plaque simply said "we honor the dead"?

When I walked around the site, I kept looking up and trying to imagine where Christoffer died, but I have no idea of the geography of the attacks and formed no image. The site was constantly surrounded by mourners and tourists, although the city seems to disapprove of the favored sign of mourning -- that is, leaving mementos behind. A sign starkly warns that all objects left behind will be removed immediately. It seems that people who want to leave something behind have to visit, not the actual WTC site, but rather some place like the New York New York casino in Las Vegas, which I found awash in September 11-related expression when I visited a few years ago. (I left something in honor of Christoffer there. I have never seen anything else that serious or genuine in Las Vegas.)

At the House of the Wannsee Conference in Berlin, about which I still need to write something up, there is a very prominent display to try to show you exactly how things were. There is a photograph of the room in the Wannsee Conference era, there is a seating chart: here was Heydrich, here sat Muller, here was Eichmann. There is a conference table where the Nazi conference table was placed. The Nazi documents that were sitting on the table are sitting on the table. You see: this is how it was, this is where it was.

Even with the museum-like signage around the WTC site, I did not feel any sense of where the planes had been, or where the explosions had come, or where the debris had fallen, or where the people had fled, or which tower had been which, or where Christoffer had died. There are very few cues for someone who was not already familiar with these details.

Maybe that distinction is one reason that I started to cry when I first walked into the room where they planned the Holocaust but that I didn't start to cry when I saw the ruins of the World Trade Center. There is very little there that speaks to me of the actual unfolding of the disaster, no lines that invite you to walk the path of Christoffer's plane or the path of the fleeing workers, but rather a lot of backhoes and a new PATH station (brimming with security and barricades as if it were someone's priority to try to destroy this PATH station a second time). In fact, usually what people seem to say about the WTC site is that they simply see an enormous gap and notice its emptiness most of all. There is no re-enactment or re-construction or explanatory diagram, and (with the exception of that famous cross) practically no artifact. What they say is that you just notice what isn't there.

I missed much of the second day of evidentiary hearings in Nitke v. Ashcroft because of time zone troubles. (Rather than helping me adjust to Eastern time, my schedule seemed to bring my biological clock somewhere out toward Hawaii.) The morning was taken up with technical experts, who sparred over the question of how accurate geolocation technology can be under various circumstances. In the afternoon, the court heard testimony about the fear of prosecution and about the variation in community standards, including a Free Speech Coalition attorney who talked about how prosecutors view obscenity prosecutions. The government also had an expert who proposed that Barbara Nitke require mail-in registrations through the U.S. Postal Service before allowing people to view controversial photographs. This would be more direct than IP address-based geolocation because postmarks directly reflect physical locations. That witness testified that he had used this scheme when he operated a BBS in the past, and that it took several weeks for him to receive and process a typical registration request.

In closing arguments, the plaintiffs emphasized that the government had not tried to rebut much of the plaintiffs' evidence. The government responded that (1) the plaintiffs had not directly demonstrated by expert testimony that community standards vary geographically within the U.S., and that (2) the plaintiffs did not show anything Internet-specific and hence were apparently trying to overturn Miller v. California, not the CDA, and that (3) under Miller it was perfectly legitimate for obscenity law to impose burdens, costs, and collateral damage on prospective speakers. The government concluded that, even if geolocation is somewhat imprecise or somewhat costly, Miller stands for the proposition that speakers may be required to use comparable measures to avoid running afoul of obscenity laws. Finally, the government said it admitted that (as it had not disputed) Barbara Nitke's works all have significant artistic value, and therefore could not constitutionally be restricted for adults under Miller; therefore, Barbara Nitke cannot reasonably fear prosecution and should not have standard to challenge the CDA. (In a sense, this argument reduced to "people whose works have SLAP value cannot constitutionally be prosecuted under Miller, so they shouldn't be afraid of prosecution; people whose works lack SLAP value can be prosecuted and can't raise a successful first amendment defense, so they can't claim that the CDA is censoring them"; in particular, the government argued that Nitke hadn't identified anyone in particular who believed that Nitke's work lacked SLAP value. It suggested that this sort of question should be thus be left to individual courts in individual trials.)

The trial concluded on Thursday, a day ahead of schedule. The court invited amici curiae to submit briefs by November 10.

The interesting thematic thing for me in the government's closing arguments was the idea that Miller lets the government get away with a fair amount of collateral damage. There seemed to be a sense on the government's part that the government didn't have to rebut evidence about certain ways in which the CDA chilled or burdened speech because Miller specifically authorizes the government to chill and burden a certain amount of speech in order to suppress obscenity. In effect, the government said that the law was already on its side unless someone could show a particularly exotic reason why speech had been chilled beyond what was reasonable. The existence of this argument seems to me like another good reason to overturn Miller. Even though many people's real quarrel is with Miller, having Miller floating over everyone's head seems to empower the government to argue, whenever speech is chilled, that this is just a necessary incident of enforcing rules previously approved in Miller, so that your "real quarrel is with Miller, not with" whatever particular regulation or incentive might be at issue.

Because I missed all the testimony given on behalf of Quova, I don't know whether my "heckler's veto" argument about proxies showed up in the cross-examination. (Quova's technology might allow some people at an institution like a university to take actions that prevent other people at the same institution from accessing materials they would otherwise have been allowed to access, so someone at an institution who doesn't want other people there to see or to do something online may be able to exercise a kind of heckler's veto.) I'll try to get ahold of the transcript and find out whether it's in there anywhere.

I'm enjoying my trip to New York quite a lot, because I'm gotten to spend almost all my time with friends and family and enjoying good food, Federal courts, and mass transit.

Several people wanted me to point out this unusual situation.

This week and next, I am going to New York City to sit in a Federal courtroom and going to Rio de Janeiro to stay in a resort on the Copacabana. However, the court trip is a vacation and the Copacabana trip is for work.

Vitanuova for 2004 October
<M <Y
Y> M>
[Main]
Support Bloggers' Rights!
Support Bloggers' Rights!


Contact: Seth David Schoen