[Date Prev][Date Next][Thread Prev][Thread Next][Author Index][Date Index][Thread Index]
Your fans in Russia talk about you...
- To: <us>, <acad!crunch>, <phil>
- Subject: Your fans in Russia talk about you...
- From: Mark S. Miller <mark>
- Date: Fri, 30 Dec 88 22:46:46 PST
- Cc: <mark>
- In-reply-to: <Marc>,33 PST <8812291958.AA24759@xxxxxxxxxx>
I disagree with your premises, but largely agree with your conclusion.
First, the disagreement:
The question is not: "Can Xanadu be abused?", but rather, "If they use
Xanadu, will they find it more difficult to engage in tyrannical
information practices than if they do something else?". We should not
imagine for one moment that Xanadu is their only option for on-line
access to information with version support. We will have competitors
whose technological aspects may not be as tyranny discouraging as
The original design perspective back in '79 & '80 through till today
is one of fear of the oncoming Ministry of Truth, and the need of the
system to be resistant to future tyrannical action. Just because this
was a goal doesn't mean we've achieved it, and indeed, I wish it were
far more non-subvertible than it is. However, it is likely to be far
more non-subvertible than a system designed without this perspective.
The non-subvertibility of the system relies largely on the write-once
nature of most of the semantic objects (Orgls & DataBerts), the
distributed dissemination nature of the system, and the reliance on
basic authentication mechanisms.
The single most critical anti-ministry-of-truth-measure is the
immutability of published material. Recall that the ID of published
material contains an authenticated hash of the contents of that
material. (Implementation note: The ID of the Orgl at the top
of a hierarchical document contains a hash of just the contents of
that orgl itself, the important part of which is the oMap. However,
the oMap contains the IDs of all objects referred to, and therefore the
authentication provided by the hash is transitive.) The result is
that no one may fake the contents while preserving the ID without
Now I am making many seemingly unrealistic assumptions--such as that
they care whether they get caught. I claim this is so. There is no
centralized information system which cannot be made to deny access to
some of its clients, or present them only with an edited alternate.
The most that Xanadu can do to protect freedoms here is to make
visible the fact that this is being done--to force on the Powers the
costs that deniability removes. Certainly, they will still engage in
much above-board info control, but lack of deniability raises the
costs on the margin, and so reduces the incidence. In an age when
they are making much of Glasnost, the margin is perhaps wider than
normal, but would exist nonetheless.
Xanadu is most subject to subversion when you have a small number of
backends run by one organization, of one mind, and disconnected from
other backends. It is least subject to subversion when the Xanadu
system as a whole is widely distributed, especially when every
frontend is also a functioning backend, and the frontend-cacheBackend
combination is running on the user's own personal computer. In this
case, with authenticated hashes in IDs, holes in the interlinked
public information will be as visible as the people removed from
Soviet publicity photos. They can give you a new document and tel you
to believe it instead of the old one, but they won't actually be
Notice that with this authenticated ID property, that densely linked
Hypertext is much safer than non-hypertext, because whatever
subnetwork you try to remove from the network of linked material will
have to cut across many arcs. Therefore, if they selectively import
published material from abroad, the number of links out to
irretrievable documents will be painfully obvious to readers.
Now for the agreement:
My understanding is that there are VERY VERY FEW personal computers in
the Soviet Union. If access to Xanadu is by terminal to a centralized
host, most everything stated above is void. Also, with so little
access to computers there, it is hard to see what they would do
with Xanadu at all (for good or evil). My guess would be that the
market for Xanadu on Spectra-70 computers is as large as the Soviet
market. We don't want to sell them a trivial number of systems so
they can then study them like crazy (though we cannot prevent them
from obtaining the shrink-wrap).
My major reason for agreeing with your conclusion is to avoid a
domestic "lightning-rod". Xanadu will eventually be connected to
domestic freedom of speech controversies, and when that happens we
don't want to be easy targets. Also we don't want to attract bad
attention from our own Powers early. Right now there is a very
positive attitude among many here towards the Soviets, just as there
was when the soviets were our allies a small number of years before
the McCarthy Era. (yes, it is largely justified now, and not then.
So what.) That combined with the fact that Crunch made the initial
contact, and that many of us are Anarcho-Capitalists, makes us
potentially easy media targets. (Lit Machines has us on record as
being largely libertarian, and many of us are so registered.)
Phil--could you say a few words about the "avoid lighting rod"
principle as you've applied it to the rocket biz?
In short, I'd just as soon wait until we get distributed publishing
Xanadu working (after first product), when we understand the security
& authentication aspects of this thing better, and when the Soviets
have enough computer access in their society to make societal use
(P.S. What are the issues in getting an export licence?)
(P.S. When you started with your tales of the military, I thought
where you were leading was to on-line fact forums making military
planning much more effective (by destroying aircraft carriers before
the war). And that this is an effect we may not be too eager to have
on their military.)