Project MAC, where we met S at MIT A the Software Arts building where we worked together T and the attic N where VisiCalc was written
Other writings on our personal sites:

RSS Feeds:



Comments from Frankston, Reed, and Friends

Thursday, May 05, 2005

DPR at 9:57 PM [url]:

Embarrassed, another apology to UC Berkeley EECS

Egg all over my face, I've apparently gotten the facts wrong again! No excuses.

The EECS policy is not what I had heard (from 2 independent sources there, but I should have checked further, and it's my fault alone). I am embarrassed, and feel the profound need to apologize.

The following is a statement the policy that is being imposed, from an official email that was shared with me this afternoon. It's far more limited what I had stated. What I want to do here is get the facts straight, and any further critique I might offer seems really inappropriate at this time.

As part of the continuing effort to improve the overall IT security for EECS community and to help our users to be in compliant with the various campus policies (http://itpolicy.berkeley.edu), the Committee of Computing, Network, and Instructional Labs (CNIL) has approved the proposal to block all incoming (campus and internet into EECS) traffic on ports 21 (ftp), 23 (telnet), 25 (smtp), 80 (http), 443 (https), and 587 (email submission), except for pre-registered systems running those services. The block will take effect March 15th, 2005.

**If you have a desktop or laptop and do not run email server or web server, chances are this will not impact you at all. All EECS outgoing traffic are also not impacted.

There will be two town hall meetings (Feb 17th, 1-3pm @ woz and Feb 22nd 1-3 @ hogan) during which we will discuss more details about this proposal, as well as other possible future IT security implementations. Please plan to attend at least one of these meetings and share your comments and feedback.

Here are the details:

1. Services impacted are:

FTP (21)
TELNET (23) -- kerberized telnet only.
SMTP (25)
HTTP (80)
HTTPS (443)
Email submission (587)

2. Effective 2/7/05, technical point of contact for servers needing to run one or more of the impacted services should use the "system registration/update" form (http://iris.eecs.berkeley.edu/db/network) to pre-register. All new system activations will also allow registration of these services. Please be aware that other EECS and campus level policies still apply to these systems/services.

3. Blocks will be put in place on March 15th, 2005. All systems not pre-registered will have these ports protected from external probes and DoS attacks at our border. Registration will continue to be allowed by using the same form and will take at most two (2) working days to activate.

Again, I feel I should apologize to those at the Berkeley EECS for getting the facts wrong and for any distress that I have caused.

Wednesday, May 04, 2005

DPR at 1:58 PM [url]:

Correction: UC Berkeley policy is not campus wide, merely departmental

I apologize to all of UC Berkeley for including the full campus in my comments below. My information from several Berkeley sources was not completely correct. All of UC Berkeley has not adopted this policy - it is a departmental thing. The CS department definitely has implemented that policy, however, and perhaps other departments have adopted it as well.

However, the fundamental point remains crucial. If you delegate the idea of what is appropriate communications to the IT department of the school or department you work in without protest, you have sold your right to do research or communicate freely.

DPR at 9:12 AM [url]:

Free Speech dies, with nary a protest, at UC Berkeley

UC Berkeley, home of the Free Speech Movement, has just removed itself from the Internet.* [correction: the original posting here was based on erroneous information, for which I take full responsbility. See next post. The relevant policy is a policy of one or more departments at Berkeley, not the entire campus]

The FSM responded strongly to the campus's attempt to claim that its "ownership" of the campus facilities allowed it to decide who could communicate what ideas to whom.

In other words, before communicating about an idea, one had to ask the administrators' permission. Though it was typically granted, the triggering events that led to riots and civil disobedience were attempts by students to speak, to organize with like-minded people various kinds of ideologies that the campus administration found to be uncomfortable (like civil rights).

It may seem like a stretch, but one or more departments at UC Berkeley, in particular the CS department, have begun to require computers to register all "contact ports" on every computer on the campus, implicitly requiring pre-authorization before you can provide information to those who request it.

If you run a "service" on your personal computer that uses such a port, you have no recourse but to register that port, telling the administrators about it, and get them to "open up the firewall" in order for you to speak.

This has been done in the name of "security", and indeed, it may reduce the level of spam and bots on campus (though email seems to be the viral replication process of choice, and unless the administration reads your email, mucking with its content if they don't like it, that seems to be the far bigger risk).

In fact, the problem is that the kind of "security" being offered provides no security at all to the end user, but does reduce the workload of the IT department. Further, it creates the opportunity for administrative attempts to control content and speech. It creates the precedent that attempts to bypass the firewall by building an overlay network or using encryption with your friends will be seen as an attack on "security", which it is not, since it is clearly done by consent.

Finally, it disrupts research, which is the main output of UCB. Research runs on open communications. It's not just an issue of political viewpoint, but while the rest of the world is becoming more open, UCB is shutting itself off, admittedly only in a small way today, but the UC administration is hardly likely to stop there in deciding what communications are worthy and what communications are not.

There is no Mario Savio today. UCB's view of itself as just another corporation that claims ownership of all information flow on its premises is becoming precedent by default and passivity. You won't find anyone at UCB putting their jobs or degrees on the line. It's not time for the rest of us to save Berkeley from itself (I'm not suggesting "mass hack attacks" would help - they would hurt). It's time for UCB netizens to listen to an address to another college, at another time, about expediency vs. freedom. And ask themselves whether freedom is just an abstraction - whether the IT department should decide what research should be done and what ideas should be disseminated.

And for that matter, ask themselves whether by delegating the very definition of "security" to the IT department, and continuing to use wide-open operating systems without sensible authentication, they haven't given the IT department the right to decide how they work.

Would you give the IT department the right to tell you whether you could receive cellphone calls in the halls of the Berkeley campus, or whether you must register a special password every time you give out your phone number on a business card, so that your phone number cannot be used for spam?

By delegating to IT the definition of security, that's exactly what you will get.

*UC Berkeley now requires advance permission to receive TCP connections at any port on any computer. This policy is typical of "locked down" corporations, but now applies to one or more departments of UC Berkeley, including CS.

Tuesday, May 03, 2005

BobF at 11:29 PM [url]:

DIY, not just Connectivity!

The "official" home of this essay has been moved to DIYConnectivity on Frankston.com. This is in keeping with my practice of posting the longer essays on that site where I have more control over the presentation. SATN is better for shorter entries in the style of a blog.

A connectivity infrastructure must emerge out of a more fundamental marketplace dynamic and not as goal in itself.

We do need a connectivity infrastructure. Everyone should be able to take advantage of the Internet. It's not just about the Web it's also about the economy and our lives. We mustn't confuse getting what we ask for with creating what we need. To build on a classic metaphor, it's more important to learn how to fish than have someone serve you a fish dinner.

The importance of the Internet lies in the dynamic process by which a very simple design decision made in the 1970's has become the defining infrastructure for the world. It's what happens when you give billions of people the opportunity to create their own solutions and share them.

The Internet has transformed society because it is a marketplace where we can exchange ideas and solutions. What makes it so powerful is that it is digital which allows us to regenerate solutions that work and share them. Ideas that don't work are simply forgotten. That's the essence of the process.

The process works very rapidly when we don't have to wait for others and take advantage of the opportunities we have. In the early days, even before the current Internet, we had very slow communications lines -- the teletypes could only handle 10 cps (characters per second) or 0.1 Kbps (kilobits per second). At the time it seemed very fast and we found we could start sending email and start connecting the computers to each other. We didn't even consider using those computers for phone calls -- we just used the traditional phone system.

The phone system had a very different dynamic -- it did use computers but those were built for one purpose -- handling phone calls. That was necessary since the technology was barely up to the task.

We talk about computer networks and phone networks as if they are the same. They now use essentially the same technology and seem to be converging. But that's an illusion. It's as if we took a snapshot of the solar system and observed two planets that seemed to be near each other. We don't confuse them because we know they are in different orbits.

In the time that my personal computer connection went from .01 Kbps to 10,000 Kbps the phone network has gone from 64 Kbps to 64 Kbps.

The phone system has long been a challenge for computer people. In the early days we used modems to send data over the voice system by pretending it is a funny sounding voice. In fact, the early modems were developed by "the phone company", ATT's Bell Labs but the technology evolved rapidly outside the phone network as individuals tried to solve their own problems rather than waiting for the promised digital phone network -- ISDN.

The reason that ISDN failed is because it was valuable! The modems took an inexpensive transport, unmeasured consumer telephony (in the US), and created valuable services. The value went to the users, not the transport providers permitting innovation without prejudging the value. With ISDN the transport providers tried to capture the value of the applications -- that's what a service-provider does. This meant one had to prejudge the value and thus prevented discovery and penalized those who availed themselves of ISDN's capabilities!

ISDN delivered an instance of what was needed but without any of the marketplace dynamics. It was a dead fish. By the time that the carriers offered ISDN with pricing more like their analog service the game was over -- modems were as ISDN because increased computing capabilities allowed the users to reinvent ISDN from the edge!

We see this pattern repeated again and again. The latest is the IPTV effort. At least some carriers are putting in special provisioning so they can (again) try to provide TV service. We also see this same behavior when cities try to be connectivity providers but do so in the guise of municipal Cable TV. This fixation on Television (video streams) is actually far worse than ISDN because it reserves a class of service as special. The basic connectivity is to be funded by keeping a particular class of services out of the marketplace! Yet we are at a point at which video is like voice -- just another stream on the network. Those attempting to give us connectivity now have the incentive to continue to assure scarcity!

The other lesson of ISDN is that we don't need to make such a deal. We should just look at the entire telecommunications industry as a technology scrap-heap full of useful components. Sure, there's a lot of copper and fiber buried out there. It will soon be "ours" anyway but only if we don't get too excited and pay for it at today's inflated prices which make old ISDN prices seem low. We can't afford to give up our opportunity to do it ourselves because we can and we will. The entire telecommunications infrastructure is no value in itself! A single strand can carry a trillion bits per second. We don't have enough traffic to use more than a small fraction and we won't have enough traffic as long as we only permit "valuable" services.

So, let's forget about all that copper and glass for the moment. Just be creative. Who needs it anyway? The FCC has already noticed that rural connectivity (AKA "Broadband") is spreading far faster than their models had predicted and it's all taken place using 802.11. 802.11 uses frequencies which were considered worthless because they were blocked by water vapors. With some simple protocols we were able to create valuable services. At the same time Congress seems to think that "spectrum" is so valuable that they can use it to balance the budget and they are willing to forgo future opportunity by locking down so-called intellectual property so we can't learn from it and repurpose it!

Wi-Fi (802.11) uses the so-called "unlicensed" spectrum. Imagine the phrase "unlicensed speech". It's telling that we assume we must first ask permission and we must beg for solutions because we don't have the option of doing it ourselves. Of course we don't want to do everything ourselves but instead of preselecting winners and appointing gatekeepers we must allow everyone to try so we can have a large set of choices. Our experience with digital systems, as well as speech, shows that the "bad" ideas are self-limiting and minor compared with the benefits of having so many opportunities for "good". We, as the marketplace, can decide what is we consider good according to the needs at any given time and are not limited to arbitrary prior selection.

The tendency to focus simply on the risks and difficulties leaves as impoverished. Unless we recognize the dynamics of the marketplace, especially a digital marketplace, we find ourselves regulating the future until it's just the past all over again. The cooperation necessary to support the early experimental "radio" which used simple signaling lead us into a trap. Notice that the word radio is ambiguous -- the same word is used for a technology and a business. It makes us consider the Regulatorium a necessity rather than a short-term expedience.

Wi-Fi is a powerful demonstration of why that experiment should be put to rest. The combination of packet-based connectivity that means we only need to send very low power signals over a short distance and our ability to spread the energy out to the point that it's essentially invisible shows we needn't be hobbled by our fears. The US constitution recognizes the dangers of prior restraint and the very first amendment prohibits such prior restraint so as to assure opportunity for new voices. Those who argue that we must ask permission because of the possibility that the new technologies might interfere with the old approaches are both ignorant of technology and of a failure to allow for the benefits of innovation. There must be a real, not hypothetical, reason for restrictions. The onus is on those who want to impose restraints to demonstrate that the restraints are necessary and that there is no alternative that is less restrictive. It is foolish and irresponsible to ask permission from those whose only answer is "no because that's the rule".

We don't have to wait for the newer technologies, we can and should take advantage of today's Wi-Fi because it is so readily available and gives us a simple way to experiment with wireless connectivity. These experiments are likely to fail if they are tied to the funding models that subvert discovery and deny us the value of the common good.

The Internet itself is an ongoing experiment that's far from perfect. We have a vibrant P2P community that attests to the need to work around problems with the IP protocol and the business models. Given what we understood in the 1970's it's very good but it's just a work in progress.

Be most cautious when the answer is obvious. I do argue that IP connectivity is a useful model. If we fund it as a common good or utility our society (which is the world, not just one country) will benefit far beyond the relatively small costs of maintaining such an infrastructure. It's a very simple infrastructure if we normalizing it to IP. There are technical challenges but the marketplace will attract those who see solutions rather than those who only see the difficulties. Some may be naively optimistic but that just creates new opportunities for others to try their approach. We shouldn't anoint one "true" approach when we must explore many even as we use what is the "best" at a given moment.

There is no transition from today's telecommunications infrastructure. We will create a new connectivity infrastructure and use what is available. It just like using railroad rights-of-way for bike paths rather than personal trains.

Even though there isn't a single best answer, we do know that normalizing on IP connectivity is a powerful approach. We should assume IP connectivity and uses what we have available as long as we don't have to give up future opportunity. As the P2P efforts show, we can build on IP connectivity as we discovery better approaches.

The true lesson of the Internet is in the end-to-end argument. It gives us a real working model of how individual efforts can composite into a valuable whole. I've only touched upon the topic and only in a very limited arena. I feel as if I've got a whole movie and this is just one cel. A cel? Well, to understand that we have to go back to the days when movies were analog and on film and ?

For more, see the Archive.

© Copyright 2002-2008 by Daniel Bricklin, Bob Frankston, and David P. Reed
All Rights Reserved.

Comments to: webmaster at satn.org, danb at satn.org, bobf at satn.org, or dpreed at satn.org.

The weblog part of this web site is authored with Blogger.