Oblomovka

2010-09-14»

There’s been a lot of alarming but rather brief statements in the past few days about Haystack, the anti-censorship software connected with the Iranian Green Movement.  Austin Heap, the co-creator of Haystack and co-founder of parent non-profit, the Censorship Research Center, stated that the CRC had “halted ongoing testing of Haystack in Iran”; EFF made a short announcement urging people to stop using the client software;  the Washington Post wrote about unnamed “engineers” who said that “lax security in the Haystack program could hurt users in Iran”.

A few smart people asked the obvious, unanswered question: What exactly happened? Between all those stern statements, there is little public information about why the public view of Haystack switched from it being a “step forward for activists working in repressive environments” that provides “completely uncensored access to the internet from Iran while simultaneously protecting the user’s identity” to being something that no-one should ever consider using.

Obviously, some security flaw in Haystack had become apparent. But why was the flaw not more widely documented? And why now?

As someone who knows a bit of the back story, I’ll  give as much information as I can. Firstly, let me say I am frustrated that I cannot provide all the details. After all, I believe the problem with Haystack all along has been due to explanations denied: either because its creators avoided them, or because those who publicized Haystack failed to demand them. I hope I can convey why we still have one more incomplete explanation to attach to Haystack’s name.

(Those who’d like to read the broader context for what follows should look to the discussions on the Liberation Technology mailing list. It’s an open and public mailing list, but it with moderated subscriptions and with the archives locked for subscribers only. I’m hoping to get permission to publish the core of the Haystack discussion more publicly.)

First, the question that I get asked most often: why make such a fuss, when the word on the street is that a year on from its original announcement, the Haystack service was almost completely nonexistent, a beta product restricted to only a few test users, all of whom were in continuous contact with its creators?

One of the many new facts about Haystack that the large team of external investigators, led by Jacob Appelbaum and Evgeny Morozov, have learned in the past few days is that there were more users of Haystack software than Haystack’s creators knew. Despite the lack of a “public” executable for examination, versions of the Haystack binary were being passed around, just like “unofficial” copies of Windows (or videos of Iranian political violence) get passed around. Copying: it’s how the Internet works.

But the understood structure of Haystack included a centralized, server-based model for providing the final leg of censorship circumvention. We were assured that Haystack had a high granularity of control over usage. Surely those servers blocked rogue copies, and ensured that bootleg Haystacks were excluded from the service?

Apparently not. Last Friday, Jacob Appelbaum approached me with some preliminary concerns about the security of the Haystack system. I brokered a conversation between him, Austin Heap, Haystack developer Dan Colascione and the CEO of CRC, Babak Siavoshy. Concerned by what Jacob had deduced about the system, Austin announced that he was shutting down Haystack’s central servers, and would keep Haystack down until the problems were resolved.

Shortly after, Jacob obtained a Haystack client binary. On Sunday evening, Jacob was able to conclusively demonstrate to me that he could still use Haystack using this client via Austin’s servers.

When I confronted Austin with proof of this act, on the phone, he denied it was possible. He repeated his statement that Haystack was shut down. He also said that Jacob’s client had been “permanently disabled”. This was all said as I watched Jacob  using Haystack, with his supposedly “disabled” client, using the same Haystack servers Austin claimed were no longer operational.

It appeared that Haystack’s administrator did not or could not effectively track his users and that the methods he believed would lock them out were ineffective. More brutally, it also demonstrated that the CRC did not seem able to adequately monitor nor administrate their half of the live Haystack service.

Rogue clients; no apparent control. This is why I and others decided to make a big noise on Monday: it was not a matter of letting just CRC’s official Haystack testers quietly know of problems; we feared there was a potentially wider and vulnerable pool of users who were background users of Haystack that none of us, including CRC, knew how to directly reach.

Which brings us to the next question: why reach out and tell people to stop using Haystack?

As you might imagine from the above description of  Haystack’s system management, on close and independent examination the Haystack system as a whole, including these untracked binaries, turn out to have very little protection from a high number of potential attacks — including attacks that do not need Haystack server availability. I can’t tell you the details; you’ll have to take it on my word that everyone who learns about them is shocked by their extent.  When I spelled them out to Haystack’s core developer, Dan Colascione late on Sunday, he was shocked too (he resigned from Haystack’s parent non-profit the Censorship Research Center last night, which I believe effectively kills Haystack as a going concern. CRC’s advisory board have also resigned.)

Deciding whether publishing further details of these flaws put Haystack users in danger is not just a technical question. Does the Iranian government have sufficient motivation to hurt Haystack users, even if they’re just curious kids who passed a strange and exotic binary around? There’s no evidence the Iranian government has gone after the users of other censorship circumvention systems. The original branding of Haystack as  “Green Movement” software may increase the apparent value of constructing an attack against Haystack, but Haystack client owners do not have any connection with the sort of high-value targets a government might take an interest in. The average Haystack client owner is probably some bright mischievous kid who snagged it to access Facebook.

Lessons? Well, as many have noted, reporters do need to ask more questions about too-good-to-be-true technology stories.  Coders and architects need to realize (as most do) that you simply can’t build a safe, secure, reliable system without consulting with other people in the field, especially when your real adversary is a powerful and resourceful state-sized actor, and this is your first major project. The Haystack designers lived in deliberate isolation from a large community that repeatedly reached out to try and help them. That too is a very bad idea. Open and closed systems alike need independent security audits.

These are old lessons, repeatedly taught.

New lessons? Well, I’ve  learned that even apparent vaporware can have damaging consequences (I originally got re-involved in investigating Haystack because I was worried the lack of a real Haystack behind the hype might encourage Iranian-government fake Haystack malware — as though such things were even needed!).

Should one be a good cop or a bad cop? I remember sitting in a dark bar in San Francisco back in July of 2009, trying to persuade a blasé Heap to submit Haystack for an independent security audit. I spoke honestly to anyone who contacted me at EFF or CPJ about my concerns, and would prod other human rights activists to share what we knew about Haystack whenever I met them (most of us were skeptical of his operation, but without sufficient evidence to make a public case). I encouraged journalists to investigate the back story to Haystack. I kept a channel open to Austin throughout all of this, which I used to occasionally nudge him toward obtaining an audit of his system, and, finally, get a demonstration that answered some of our questions (and raised many more). Perhaps I should have acted more directly and publicly and sooner?

And I think about Austin Heaps’ own end quote from his Newsweek article in August, surely the height of his fame.”A mischievous kid will show you how the Internet works”, he warns. The Internet is mischievous kids; you try and work around them at your peril. And theirs.

5 Comments »

2010-04-08»

I don’t know why but from the age of eight to I think fifteen, I just assumed every drawing of a bearded man in or on Personal Computer World was meant to be Guy Kewney. He was the model journalist to me– why wouldn’t he also be the model for all those techies PCW’s graphic editors had to draw?

Not Guy.

As a pre-teen, I was a Personal Computer World kid. I loved the binding, the glossy cover, the thick tall pages, the sprawling reviews, the narrow columns of crazy computer classifieds that would stand like columns over pages and pages and pages of dot-matrix printed listings at the back, the love-hate relationship with the dull business business that would dog it into the grey IBM years, the arty covers, the bearded pundits. But most of all I loved reading Guy Kewney, the beardyist pundit of all.

Cromemco and Nascom, Siriuses and Osbornes. They seemed like far-off planets, and Kewney seemed like some pipe-smoking Dan Dare, giving a jocular downbeat debriefing in the mess, of his latest voyages with the Osborne or the COSMAC ELF, even when the most exciting software they did was inventory management. Kewney made even dull corporate machinations the stuff of high drama.

Aged 10 or 11, I would run around the house playing these elaborate fantasy games, muttering under my breath stage directions, and leaping from chair to chair in our living room. My adventures were set — and I am not joking here — in a 21st century where Apple-IBM and Sinclair-Acorn would heroically battle as giant zaibatsu corporations flying amazing robot battalions around in space. The dramatic climax would always involve me, as the captain of the flagship of the corporate fleet, controller of the inventory, master of the Science of Cambridge, shouting some secret password that would override all the command centers of the opposing army. My favourite Words Of Power in these fantasies was Angelo Zgorelec!, the mystical founder of PCW, whose name appeared on every issue’s masthead, and who I imagined to be a Tharg-like being of supreme wisdom (and great aural resonance).

But the person from whose writing I drew the strategies and the battles and the drama of those corporate tussles was Kewney.

Also not Guy.

I still remember one of his columns. In it, Kewney, boggling at the effort to which software publisher Acornsoft had gone to copy-protect software , published the one-line command for rendering its primitive DRM completely useless. I don’t remember the details, but I do recall just stopping and staring and then laughing and rocking in glee at the audacity of it, and wondering why no-one ever said all those other hidden incantations that I was sure existed out loud in other newspapers and magazines. Then I watched him defend his decision after a barrage of outraged readers (swamped by those who cheered him on) chastised him the next month. It really stuck in my mind as this example of the power of words to unwind elaborate but unsustainable practices.

John Lettice says in his obituary that PCW had to pay Acorn for that Kewney column. They shouldn’t have. And if they had to because of the law, well then, the law was wrong: spelling out these magical words of power, causing corporate battalions to flash out of existence at a single, carefully-researched command, really was Kewney’s job, and he did it masterfully.

I met him once. I’d just started writing for PCW myself, in about 1990, only to discover that my rapid promotion to the flagship of the British tech mag fleet was because they’d sacked all the old guard in a labour dispute and were desperate to fill those gaping pages with cheap young new writers. I tagged along to some press conference and actually overhearing David Tebbutt or Christopher Bidmead or some other Elder God complaining loudly about the wide-eyed children who had stolen everyone’s jobs, yet wouldn’t stop babbling about how honoured they were to meet them.

After that, I always averted my eyes and ceased to bother the titans. When I finally met Kewney, I think I just stood awkwardly by his side, surely making him even more uncomfortable than he must have been.

Or looked. To me, some idiot kid, he did not look well. When I said this to equally squeaky kid co-worker, they told me he had always looked ill, a boney, pale man who was constantly being stabbed with allergies and posture problems, aches and pains and deadlines and all-nighters, triumphing over the all to file his copy mere hours before printers might knock down his door and wring his neck.

I found this hard to believe, because he always looked so erect and noble in his byline pictures. Also in all those cover paintings of him. And in those games where he flew across the corporate landscape, making the world change with a word or two. It just made him seem all the braver.

Now Guy Kewney is gone, and I have this beard, but the words of power are all gone too. And frankly, I do not feel too well myself. Timor mortis conturbat me.

5 Comments »

2010-04-01»

Watching that $14 Elements demo for the iPad reminded me again of the throwaway line that geeks of a certain age make of the iPad — that it all seems a bit CD-ROM.

For those of you blessed with senile amnesia or youth, CD-ROMs were the first wave of “interactive media” in the mid-eighties, and the great hope for publishing houses struggling to understand what they might be doing in the 21st century. Companies from Dorling-Kindersley to News Corp threw millions into CD-ROM publishing, with very little ultimate return. They’d do some fancy-schmancy David Bowie joint project, or an incredibly complex animated re-working of their existing bestsellers. Each one won more awards than it sold copies, and eventually those “interactive divisions” were rolled into the “online media” departments, where their designers would get drunk and bitter, until one night they were sacked after uploading 640MB Adobe Director files onto the website front page.

look before you jump

Back then, geeks were unused to other industry sectors barging into our little rustic byte farmyards with their fancy suits and corporate expense accounts, braying triumphantly about digital convergence, and then, seconds later, striding into the business-model threshing machine that thrummed in the corner. We did not know then that there was a queue of people like this, waiting to dance past us into the bloody knives. We watched their cockiness with alarm, not with the disdain that would come later (and definitely not with own brand of hubristic Internet rockstar smugness, the smugness that tempts us all to look a bit less closely at ourselves, and a bit more closely at that thresher).

No, back then it was all a bit shocking. We assumed these people knew what they were doing. God knows we knew we didn’t have a clue. The only way we knew how to fill a CD-ROM was burning a complete archive of Fred Fish Amiga Freeware on it. Seven hundred megabytes just seemed an insanely large amount to want to fill with professional product.

Subsequent to the threshing, people muttered about how it was the Internet that killed the CD-ROM, but I think that, as ever, the real murderer was economics. A “professional” CD-ROM was just too expensive to produce, relative to the format it was generally parasitical upon.

The classic example for me was the brief phase of magazines including a free CD-ROM on the front of their mag. Dave and I would marvel at the incredible lopsided nature of this venture. The CD-ROM could hold close to a gigabyte of data, including programs, movies and graphics; all of which had to be commissioned, collated, edited, integrated together, checked for viruses, cleared for copyright, tested, mastered, and burned. If done welll, a front-mounted CD-ROM was clearly a far more complex and expensive venture than actually putting out a magazine — and yet they usually paid a single person to do it all, didn’t charge for the CD, and probably got little advertising revenue from it.

The ultimate portrayal of this problem was when, in a desperate attempt to include some unique content, they’d include on the CD-ROM a PDF file of the magazine it was sellotaped to. The PDF would usually take 50MB, if they were lucky. All that unique content that it had taken the rest of the editorial team a month to create — and there was still 650MB to go.

Most started attempting to bridge that gap with incredibly fancy interactive environments that would quickly consumer their annual budget. The ones that survived would ultimately collapse into padding the CD-ROM out with… well, the Fred Fish Amiga Archive, generally. Professional product got thrown out of the window in an attempt to feed the ever-hungry maw of interactive content.

This, to me, is the flipside of the “digital technology makes everything cheaper” argument. It makes a lot of work cheaper, but it can also professional media fantastically more expensive than its analogue equivalents.

In some ways, the equivalent to a newspaper is just a README HTML file, full of plaintext with a few images — but no-one is going to pay a quid for a README file. So what will you pay a quid for? Maybe some other super-awesome interactive newspaper with 3D pictures and audio interviews and in-depth statistical analysis and a 30 minute vodcast with the most famous writers, and, and, and… how much editorial budget do you want to throw on this again?

Elements is going to do fantastically, because it benefits from that “fresh platform” smell that exudes from the iPad. But can you re-gear a newspaper or a publishing house to produce the level of interactive complexity that a $5 app is going to demand, when it is competing with games and films in the same app niche?

Honestly, it might be possible. We’re not in the age of CD-ROMs now. Our price-points are all over the shop, and a sealed environment like the iPad permits all kinds of unnatural pricing inversions. We’ll pay more for a ringtone than a full MP3. We pay $10 for a README file on our Amazon Kindle, and a dollar for a pocket application that plays farts.

But if you want to play that game, you’re running against the clock. Other applications are going to make yours look ridiculously clumsy in a matter of months (honestly, in a year people will be amazed anyone paid $14 for a bunch of text, a rotating picture of a rock, and a quick Wolfram Alpha search). Plus the seals on that environment get corroded by open competition every day.

Often the solution to this problem really is to run away and hide. Don’t listen to those “interactive media” gurus: stick with what you know. No-one demands now to know why their magazines don’t have DVDs on the cover. When books have CD-ROMs or allied websites these days, they’re usually buried at the back, hardly updated, and just contained the original text and some errata. We don’t really care. It’s okay. We just wanted a book. We love you as you are.

I know that publishing companies will be tempted to go for the all-singing, all-dancing iPad application. But what they’re doing that, my suspicion is that what they’re aiming for is a product which exudes credibility, status — an aura of a professional media product. And when you’re spending the kind of money that a professional application requires, solely to improves your status in the world, you’re not selling a product, you’re buying the love of your audience. That may be an investment in credibility, but it’s not an incoming revenue stream.

The goldrush economics of the iPad will hide this for a little while, because everything will be briefly profitable. But to be sustainable, you need to either be producing something that consistently costs you less than it earns, or will produce regular super-hits among a string of drabber products, or just makes you so much money in its first few months that you never need work again. You can’t just make some single wonderful shiny demo product. You need to keep producing them; you need some way of economizing that process. And you need to stop others from making their shiny thing cheaper than, yet interchangeable with, yours. Otherwise you’re just throwing nice fancy gee-gaws into the thresher’s hungry mouth.

36 Comments »

2010-03-24»

My real Ada Lovelace day piece goes out this Friday, in my Irish Times column. Honestly, it’s more an introduction to the idea (and why identifying diverse role models in tech is important) than a real story about a technologist I know, though it does mention a few.

I sort of sabotaged myself last year by listing forty women in tech who have inspired me, not realising I could have padded that out for an entire lifetime of ALDs. This year, I was going to salute the women of the EFF (without looking like I was just sucking up to my bosses), but Cory beat me to it with his profile of Cindy Cohn, EFF’s legal director.

(Then again, he didn’t mention EFF’s executive director, Shari Steele, who led the EFF to its current amazing successes; Jennifer Granick, its senior criminal lawyer (you want to watch this video to get an idea of Granick’s work); Marcia Hofmann who has leads many of EFF’s FOIA-related scoops, Gwen Hinze who steers EFF’s work at WIPO, against ACTA and beyond; Corynne McSherry who mends free speech when it runs into the DMCA; Eva Galperin who is your first responder when your digital rights catch on fire, Rebecca Jeschke who keeps obscure tech issues in the headlines where they belong; Alyssa Ralston who brings the money in, Katina Bishop who masterminds EFF’s awesome events and more awesome major donors; Leticia Perez and Andrea Chiang who make sure the briefs get filed and the bills get paid — and I sabotaged myself again, didn’t I?)

1 Comment »

2010-03-19»

For a moment, climbing out of the too-fresh sunshine and with the taste of a farewell Guinness still on my tongue, slumping into the creaky old couch in the slightly grimy, Noisebridge to write something from scratch, San Francisco felt like Edinburgh in August, a day before the Festival.

Edinburgh for me was always the randomizer, the place I hitched to every year, camped out in, and came out in some other country, six weeks later, with hungover and overdrawn, with a new skill or passion or someone sadder or more famous or just more fuddled and dumber than ever.

Today was my last day at EFF. Just before our (their? Our.) 20th birthday party in February, where I had the profoundly fannish pleasure to write and barely rehearse a 30 minute sketch starring Adam Savage, Steve Jackson, John Gilmore, me in my underpants, and Barney the Dinosaur, I callously told them I was leaving them all for another non-profit. We commiserated on Thursday, in our dorky way, by playing Settlers of Catan and Set and Hungry Hippos together. They bought me money to buy a new hat. I logged off the intranet, had a drink, and wandered off into a vacation.

In April, after a couple of weeks of … well, catching up on my TV-watching, realistically … I’ll be kickstarting a new position at the Committee to Protect Journalists as Internet Advocacy Coordinator.

I’ve known the CPJ people for a few years now, talking airily to them about the networked world as they grimly recorded the rising numbers of arrested, imprisoned, tortured, threatened and murdered Internet journalists in the world. Bloggers, online editors, uploading videographers. Jail, dead, chased into exile. As newsgathering has gone digital, it’s led to a boom in unmediated expression. But those changes have also disintermediated away the few institutional protections free speech’s front line ever had.

CPJ has incredible resources for dealing with attacks on the free press on every continent: their team assists individuals, lobbies governments at the highest levels, documents and publicizes, names and shames. They were quick to recognize and reconfigure for a digital environment (you have to admire an NGO that knew enough to snag a three letter domain in ’95). Creating a position for tackling the tech, policy and immediate needs of online journalism was the next obvious step.

The question I had for them in my interview was the same that almost everybody I’ve spoken to about this job has asked me so far. On the Internet, how do you (they? We.) define who a journalist is?

The answer made immediate sense. While “journalism” or “newsgathering” or “reportage” as an abstract idea might seem problematic when cut from its familiar institutions, and pasted into the Internet… nonetheless, you know it when you see it. When someone is arrested or threatened or tortured for what they’ve written, if you can pull up what they said in a mailreader or a browser, it really doesn’t take long to identify whether it’s journalism or not.

What’s harder is untangling the slippery facts of the case — whether the journalist was targeted because of their work, or other reasons; whether it was the government or a criminal enterprise that did the deed; where the leverage points are to seek justice or freedom.

In those fuzzier areas, in the same way as EFF uses its legal staff to map the unclear world of the frontier into clear legal lines, CPJ uses its staff’s investigative journalist expertise to uncover what really happened, and then uses the clout of that reinforced and unassailable truth to lobby and expose.

Honestly, I’m still only beginning to map out how I might help in all this. I spent a week last month in New York where CPJ is based, listening to their regional experts talk about every continent, all the dictators, torturers, censors and thugs, all the bloggers and web publishers and whistleblowers.

I know I am starting on that ignorance rollercoaster you get when striking out into new territory. I can tell these people about proxies, AES encryption and SMS security, but I still can’t pronounce Novaya Gazeta, or remember what countries border Kenya. You surprise yourself with how much old knowledge becomes freshly useful, at the same time as you feel stupid for every dumbly obvious fact you fail to grasp.

I think part of my usefulness will come from writing more, and engaging more with the communities here I know well to explain and explore the opportunities and threats their incredible creations are creating today. At the same tie, I’m already resigned to taking a hit in my reputational IQ as I publicly demonstrate my ignorance (my friends in Africa and Russia are already facepalming, I can tell). Hope you’ll forgive me.

In the mean time, I’ll be setting up my monthly donation to EFF. I’ve said it before and I’ll bore you again, EFF are an incredible organization, made up of some of the smartest and most dedicated people I’ve ever met. I smugly joined in 2005 thinking I understood tech policy, and spent the next few years amazed at what it was like to live as the only person who didn’t have an EFF to help me understand what I was looking at and what to do about it. I guess I finally got the hang of juggling five hundred daily emails, a dozen issues refracted through dozens of cultures across the world. And I guess that’s aways the cue to switch tracks and reset to being dumb and ready to learn again.

Incidentally, EFF is looking for an IP attorney right now. I don’t know how many lawyers read this blog, but if you know a smart IP legal person who wants to randomize their life for the opportunity to become even smarter for a good cause, get them to apply. They won’t regret it, not for a minute.

7 Comments »

2010-01-31»

Does anyone else get weepy on long haul flights? I’m currently on a Virgin America flight (hello gogo wi-fi, hello deucing my carbon credits for another decade), watching a House marathon (which is protecting me somewhat from emotional liability), but I still get a little tearful after the fifth hour. Maybe it’s oxygen dep, maybe it’s sheer boredom, maybe it’s NOT JUST ME. One time I burst into tears at an inflight showing of Mission to Mars. I hope it’s not just me.

Anyway, it means I have time for you. I have a little less time for Virgin’s chairback entertainment system. Watching the Linux boot-up errors scroll back used to give me a wriggle of delight, but now the wonder of that has worn off, it’s just constantly irritating. There’s latency issues, especially with fast-forwarding in movies, which is like trying to tap-dance on black ice. There’s pages full of “this service isn’t ready yet”, terrible anti-aliasing on the branding. Oh, and my main credit card doesn’t work on purchases, coming up with a “Credit values of $9999 not allowed” error. The same card gives the same error on my neighbour’s machine. Another card that has a variant of my name works fine. My main credit card has an apostrophe in the surname. I do hope Little Bobby Tables doesn’t take a flight on VIrgin any time soon.

Here’s the question that is gripping plenty of my friends in fear tonight. Do open systems inevitably suck at UI, compared to closed systems run by control freaks? Will the iPad (sorry, that is “iPad”) mean our children will not code, and Stallman will die alone, the last free programmer strangled with the DRMed guts of the last Macmillan author?

I think the guilt is exacerbated by all of our concerned essays being interleaved by admissions that we, too, will be getting one. It’s like a “Just Say No” ad recorded by people conspicuously tapping their upper arms.

But, you know, I’m optimistic. I’ve had these chills before. The first time, actually, was Windows 3.1, back when I was six or something. Okay, twenty-one. Windows was amazing, and unprogrammable to anyone who didn’t have a proper programming job, and thus couldn’t justify the expense of the dev environment, the Petzold, and the fancy 486 to run it all on. To people accustomed to working with a $50 copy of Turbo Pascal and a 80×25 Hercules card, this was a horror show. In the space between DOS’s QBASIC and Visual Basic, the Windows platform was closed to amateurs.

As was the Mac, compared to the Apple II ecosystem. I remember in 1992, in a run-down London flat, having somehow managed to beg a Mac from a local dealer, sitting and dolefully staring at it because outside of playing MacWrite and admiring the screen resolution, there was damn all you could do with it.

As for the risks to interactivity and creativity: I remember when the WebTV was announced, and we huddled in corners and worried for the future of the Internet. Unlike Windows and the Mac, the WebTV may well have died because it sucked: but I notice that it has no descendants on the technology family tree. No-one makes a web browser at arm’s length, for watching. Even the supposedly sealed iPad sits close enough to our laps for us want to make something, even if it’s just finger paintings.

Of course, the iPad (sorry, just “iPad”) is different because of the lockdown. Even if we had the resources to write something for it, we can’t without Apple’s whim. But I remain confident that the same forces that wash away proprietariness in general purpose computers in the past will eat away at the iPad. Maybe it will be like Windows, where the system itself becomes more open just by virtue of a disinterest in its owners in keeping it closed. My own, perhaps overgenerous feeling is the App Store is not an artifact of Jobs’ control-freak mentality, but a paranoid reaction to iPhone OS’s lack of decent sandboxing; that paranoia may be whittled away slowly.

Or it could be like the Mac, which became more open out of competition with more other open systems. Closed costs money to maintain, and open has more features. It may be that the iPad gives up its closed nature when faced with competitors that take its lead, and run faster and more alluringly than even Apple can keep up with. That seems less likely, to me: Apple knows its strengths, and the open world is so far struggling to emulate its aesthetic integrity and hardware integration. Closed costs money, but also lets Apple create new revenue streams for it and its partners. Open has more features, so Apple concentrates and creating a few features very well. Well, shrug: we have competition. That’s good. It’s not like the other proprietary behemoths are doing a good job mimicking Apple either.

Or it could be that we have to become outlaws. The problem with a closed system in our post-DMCA world is not that it exists, but that it’s a criminal act to open it. Some prosecutors claim it’s a criminal act to even talk about how how to open it. It’s certain criminal to sell other people ways to open it.

Despite that, open is still so important than thousands of people do it to their iPhones. Millions of people buy Android systems in preference to iPhone partly because of that power. And if the iPad is successful, surely millions will either jailbreak them, or buy open alternatives out of a wish to reach for something that Apple isn’t offering them.

It’s easy to see the iPad as the final tragedy in a long history of openness and tinkerability in general purpose computing. But the truth is, the cyclical fight against locked-in systems has been the recurring theme of computing since the mainframes. Our open systems are as wonderful as they are because they had to set themselves up against the shiny proprietary wonders of a previous age. The iPad isn’t a threat; it’s an inspiration. They’re always trying to steal the revolution; we always have to steal it back.

18 Comments »

2009-09-22»

All of these conversations I’ve been having online (as opposed to the dramatic monologues here) have had me thinking about the nature of online discussion, and confronting my own behaviour in them.

What are you like when you’re deep into an argument online? I have two sides: the one which you can see with my postings, which are long, mostly fiercely polite, quasi-grammatical, and, if I may say so, devastatingly reasoned.

You have to imagine me writing these, though, pacing around madly in my bedroom, muttering little speeches to myself and visualizing the horrible death of my correspondent in a hail of unavoidable saucepans. Also I drool, but only a little bit, and only from the mouth.

Is everyone like this? I don’t know, because people don’t like to talk about it. Recently, I’ve been looking at how people manage their own emotions when discussing online. It’s complicated, because the unwritten rules of much online discussion is that “if you emote, you lose”, and others that “if you emote, you win”. Either way, bringing emotions into it changes the game. But what the hell does winning and losing mean?

People talk about the disrespect and ferocity of online flame wars. I think it’s about audience. I think the novel nature of online discussions is that you have a passive, silent audience out there. I think that’s far significant than all that talk of anonymity, or the death of civilized discourse.

The closest equivalent to Internet discussion forums for me when I was young was Paddy, who I lived with. Paddy was a man who could argue for hours without coming up for breath. You’d say your triumphant logicbuster, and magically by the time you’d finished, he’d already have (verbally) posted a five page reply up in your face. I remember one night when I got so mad with him for his relentless logical verbal one-upping that the only snappy come-back I could devise with was to quietly leave the room, go upstairs to the bathroom, spray my entire face with shaving foam so I looked like a giant Michelin head, and then creep up behind him and go “ARRGH!”. I hold that I won that argument squarely and fairly. (You occasionally see this rhetorical device at Prime Minister’s Question Time.)

Anyway, what was annoying with Paddy, as I finally got him to admit one day, was that he wasn’t trying to convince you he was right: he was trying to convince a mysterious third-party.

There was no third-party in our arguments. When we got started both of us could empty a room faster than karoake-ing opera singer.

But on the public Internets, you’ve always got an eye to the third-party. Every talk you see online has an imaginary crowd around it, imaginarily clapping or stomping. Either way, you can’t just communicate these side-line emotions with the person you’re talking to, except by stumbling off into private email. Which is usually about as calming as going outside the bar for the fight. Actually, private email isn’t even private, because there is always this sense it will be magically reforwarded into the public view, exposing your vulnerability to the same audience.

Every discussion is a group monkey dance.

1 Comment »

2009-06-05»

When do you stop being a reader online, and start being a participant? This would seem to be an important question, especially among those who insist that the exact ratios between consumers and creators should determine how significant the result is. That is, if most “user-generated” content on the Net is made up of a tiny percentage of the overall audience, should we care about it less? Me, I don’t think so, but for arguments that get bogged down in exactly how “democratic” the Internet is, it does seem to be critical.

What I do think is that the very fact that the line is blurred is in itself significant. Let me contrast it with my experience growing up in the Seventies and Eighties. I didn’t go to arty clubs in London; I didn’t make my own teen fanzine. I didn’t even send off for any fanzines. What I did was buy Time Out, and FactSheet Five, and read the reviews. Obsessively. I loved it. I don’t know why I rarely watched the films I read about, or buy the thousands of zines that Mike Gunderloy (pboh) obsessively reviewed each issue. It just seemed a step too far, somehow. I was perhaps a little scared that the reality wouldn’t live up to the dream. But I’m sure there were thousands, hundreds of thousands like me. People read books, never knowing there are whole communities of book-readers who create conventions and have conversations about those books, writing fan fiction and holding long correspondences with the author. It’s not that they can’t imagine it, but it’s that there’s a natural stopping point. You’d have to be crazy to finish the latest Neil Gaiman book, and then think you could write him a letter.

When I went online for the first time, that distinction blurred for the first time. I’d read my heroes posting items, and then I’d reply (just really because the keyboard was there, and the bulletin board prompt gave you that option), and my heroes would write back. I’d be involved. It was barely a transition. It’s the same frisson people get when celebrities call them out on Twitter. Actually, they don’t even have to be acknowledged; just the figment of a conversation is more than you’d expect reading a book or watching a film.

This may be obvious, or even hard to imagine a world without that lack of transition if you’ve grown up with the Net. Talking to Debbie today, she described how Sears Catalogues were called “wishbooks” in the early West, and we talked about how FactSheet Five was a wishbook, too. It broadened your mind: but it only occurred to the most ambitious (or deluded) that you could actually pursue those wishes, or that they represented anywhere that was truly accessible: just viewable. I think old media taught us to observe the spectacle, but assume it took place somewhere else, somewhere remote.

It takes a while, even online, to notice this is possible: that such-and-such may have a blog, and might read the comments, and might reply. But it’s not quite the same leap, especially as you quickly find yourself in a community of others making those leaps just like you. It’s not how many create; it’s how easy the jump from watcher to do-er is. The two are connected: the easier the transition, the more creators there are. But the transitions the thing. Not everybody wants to be a creator; but everybody who wants to create should at least know that that is an option.

2 Comments »

2009-06-03»

So it was being stuck without wifi in the Library of Congress the other week that finally made me decide to overwrite the T-Mobile firmware on my Android G1 with something with root access. I was talking with the US Copyright and Patent offices about how to improve access to copyrighted material for the reading disabled (in the hopes, partially, to encourage them to support the Treaty for the Visually Impaired at WIPO the following week).

I know some people frown on net access at such affairs, but as Cory once noted, if you think people are distracted when they have net at meetings, you should see how distracted they get when they don’t have net.  A bunch of us were scrabbling to get information in and out of the public meeting in advance of the transcript becoming available. So, for instance, I recorded my comments onto my phone, and then mailed them out to the rest of the EFF international staff to hear as they were already preparing to fly to Geneva.

The same thing happened, only more fervently at WIPO, with Jamie Love and other attendees  frantically twittering out to the wider world about the imminent attempts to kill the treaty, and thus getting the visible external support they needed to put pressure on countries to keep the Treaty alive (thanks to everyone who contacted their governments, by the way).

All of this networked analysis and activism gets much harder when you don’t have laptop connectivity. Because my G1 phone wasn’t rooted (and T-Mobile forbids tethering apps in Google’s Android app Market), I couldn’t link my computer to my phone’s 3G network. And I wasn’t quite ready to multi-task listening to my fellow panellists and attempting to re-flash firmware at the same time.

I’m glad I waited. It turns out that these days, it’s relatively easy to drop in a version of Android that gives you power over your own device. These instructions on how to root your G1 take you through the tortuous (but by now pretty foolproof) procedure.

In the end, I chose to install JesusFreke’s distribution of the Android OS, which now has a great little utility to manage who gets root on your phone (each application’s request is intercepted, and you, as user, get to allow or deny it). This tethering application is incredibly easy-to-use, and lets you share your 3G connection via wifi or bluetooth (I haven’t tried the bluetooth). You can WEP encrypt the wifi connection, or allow access to only selected users.

Of course, next time I go to the LoC, I’ll be sure to keep the wifi node open. I wouldn’t want the MPAA guys doing without!

1 Comment »

2009-02-21»

So my schedule these days — I have a schedule! Do you know what a change that is in my life? — anyway, my schedule these days generally involves collapsing asleep at 9PM and waking up, actually refreshed, at around 8PM. I have traded away several hours of my life in return for not feeling attached by a very taut piece of elastic to whatever is the closest bed, tugging tugging tugging me back.

I greatly enjoy feeling well-slept, but it does mean that my usual hours of blogging (and doing any other writing or wild-eyed crazy plotting) are now contemptibly small.

Like everyone, I am still working out how to make do with less.

Also like almost everyone, I stayed up very late on New Years Eve 1999/2000. I wasn’t wandering the streets, drunk like a skunk. I was inside Netscape Communication’s server management offices, munching on sushi, and watching techies desperately guarding against the chance that the Y2K bug would take down netscape.com and other important pieces of Internet infrastructure.

A few minutes before the clockover, I realised that all the clocks in the ops center were set to slightly different times (all the better to see which ones failed, I guess), and I would have no real idea of when midnight actually happened. I eventually got hold of an accurate time signal (I think I caled POPCORN, which is the US’s speaking clock). I was the only person in the cubicles who actually knew what the time really was.

In the seconds around midnight, different engineers would shout out to their colleagues that key services were still operational: “Web3 is okay!” “DNS3 is Okay”.

At the exact moment of 00:00AM, 2000 AD, I can reveal that, at Netscape, the primary concern was the fishcam. “Fishcam is … okay!” (Big cheer).

You’ll be pleased to know it’s okay again.

2 Comments »