Wikipedia has a good write-up at the top of its entry for Internet:
http://en.wikipedia.org/wiki/Internet
and I appreciate the manner in which it addresses the "popular parlance" for "internet" in terms of the commonly used services on the Internet, e.g. "A system running internet services." (my example, based on Wikipedia's narrative).
There is a hot fusion research facility in Princeton, NJ. My understanding is that the facility has done good work since its inception.
I would hate to see such efforts scrubbed. Whatever happens with fusion research, I would like to see such teams and facilities continue to advance their work and contribute towards their research.
A while back, there was a book that I wanted to purchase, but it had mixed reviews. The author had used a publisher that also had PDFs available (if I remember correctly). Anyway, I was able to legitimately buy the PDF on-line for a fraction of the price of the paper-version. I was totally happy with the book, and the purchase.
My only experience with "e-books" has been brief, and negative. The e-book reader on my PDA wants to register itself (I believe with Microsoft) prior to use. I am not bothering with this "solution." Besides, there is a -free- PDF reader available for PDAs from Adobe.
What I really enjoy about the emulators is the mobility that they give you.
I have an Apple II emulator running on a notebook computer, so I have that with me - not just for gaming (downloads of Apple disk images are available), but for playing with the old system. You can do a "call -151" and drop right down to machine language. Boot an (emulated disk) with Integer basic, do a call -151 and then an F666G (I hope I got that address right), and you are in the mini-assembler... You can play with these systems in many ways - not just on the gaming side.
Also, you can look up Apple CE. This program lets you run an Apple emulator on your handheld pocket PC. All the disk images on your emulator can be brought right over. The Apple emulators tend to support a Monochrome mode, and there is a nostalgia to the warm green monitor feel that is produced. Besides, when you save off your spreadsheet at work for someone, and they have trouble reading it, you can always just tell them that it's in "Visicalc."
There are often some (technical) differences between emulated environments and the "real thing" - sound a delays of disk devices, the number of supported expansion devices may differ from the simulated and "real" systems, including how shared resources / critical sections may be handled (if anyone really wants a technical example of this, they can e-mail me).
Anyway, emulators are really expanding the use of "orphaned" platforms.
There are emulators for IBM 370, Apple, Commodore, and many others. At the University of Pennsylvania, they did an "Eniac on a chip" project. For many, the emulator itself is the game.
Just wondering if anyone here has dealt with this...
I have two PDAs (IPAQs) running Linux. Does anyone here have experience running mapping software (pref. with gps support) for handhelds with Familiar Linux?
Actually Fortran (perhaps depending on version) was case sensitive.
In the WATFIV version, a capital letter C in the seventh column denoted a punch card.
I always thought of (and I think I drew once), a cartoon showing a customized keyboard for the LISP language. Only two massive keys - a left parenthesis, and a right parenthesis.
I don't recall, but the people who made the "Happy Hacking" keyboard may also have a version without CAPS keys- it's aimed at certain programmers (presumably the C and Unix crowd).
- Sam
Great job title, but bad for traffic stops...
on
Our Man In Black
·
· Score: 5, Funny
I would feel bad for this guy whenever he gets stopped by a cop......
Cop: Are you are aware you were doing 45 in a 40 - zone?
The NASA guy: ummm. no, but if you say so...
Cop: Where were you going ?
The NASA guy: home - I'm going home from work
Cop: So, where do you work?
The NASA guy: I'm the planetary protection officer - it's my job to protect the earth from interplanetary biologicals and contamination
I am interested in setting up a panel in NYC (New York, New York, USA) somewhere between July 9 and July 11.
Some topics that color my view of e-voting systems briefly follow:
My concern is that any system be appropriately thought out, formally and precisely defined, using rigidly designed systems (not necessarily off-the-shelf), made to precisely and verifiably conduct voting tansactions, without being able to disclose, leak, or bleed any information that is not supposed to escape the system.
The Johns Hopkins study is an excellent reference and resource on the issues that have to be addressed.
I am personally interested in setting up a panel in New York in Mid-July (not much - just about an hour to an hour and-a-half), but at an interesting venue. I am not offering funding, but there could be some visibility.
I would welcome hearing from anyone who is doing interesting work in this area - in the US or overseas, that would be interested in participating on such a panel, to include related topics on technology-and-democracy.
I have posted this before, but I am intersted in setting up a panel on Technology and Democracy, with a focus on e-voting:
I am interested in setting up a panel in NYC (New York, New York, USA) somewhere between July 9 and July 11.
Some topics that color my view of e-voting systems briefly follow:
My concern is that any system be appropriately thought out, formally and precisely defined, using rigidly designed systems (not necessarily off-the-shelf), made to precisely and verifiably conduct voting tansactions, without being able to disclose, leak, or bleed any information that is not supposed to escape the system.
The Johns Hopkins study is an excellent reference and resource on the issues that have to be addressed.
I am personally interested in setting up a panel in New York in Mid-July (not much - just about an hour to an hour and-a-half), but at an interesting venue. I am not offering funding, but there could be some visibility.
I would welcome hearing from anyone who is doing interesting work in this area - in the US or overseas, that would be interested in participating on such a panel, to include related topics on technology-and-democracy.
I can not promise or expect to provide any funding, but there could be some visibility.
I am interested in setting up a panel in NYC (New York, New York, USA) somewhere between July 9 and July 11.
Some topics that color my view of e-voting systems briefly follow:
My concern is that any system be appropriately thought out, formally and precisely defined, using rigidly designed systems (not necessarily off-the-shelf), made to precisely and verifiably conduct voting tansactions, without being able to disclose, leak, or bleed any information that is not supposed to escape the system.
The Johns Hopkins study is an excellent reference and resource on the issues that have to be addressed.
I am personally interested in setting up a panel in New York in Mid-July (not much - just about an hour to an hour and-a-half), but at an interesting venue. I am not offering funding, but there could be some visibility.
I would welcome hearing from anyone who is doing interesting work in this area - in the US or overseas, that would be interested in participating on such a panel, to include related topics on technology-and-democracy.
There are going to be more stories and issues related to Internet voting - here, in the US, and abroad, ranging from small club functions being voted on, through governmental matters from local - to - larger levels...
My concern is that any system be appropriately thought out, formally and precisely defined, using rigidly designed systems (not necessarily off-the-shelf), made to precisely and verifiably conduct voting tansactions, without being able to disclose, leak, or bleed any information that is not supposed to escape the system.
The Johns Hopkins study is an excellent reference and resource on the issues that have to be addressed.
I am personally interested in setting up a panel in New York in Mid-July (not much - just about an hour), but at an interesting venue. I am not offering funding, but there could be some visibility.
I would welcome hearing from anyone who is doing interesting work in this area - in the US or overseas, that would be interested in participating on such a panel, to include related topics on technology-and-democracy.
Well, one advantage of doing your Cert renewal now is that if an empoyer asks what you are doing right now, you have a tangible answer. You can even list that you are doing this on your current resume to show activity.
You might also want to get some professional organization memberships: IEEE, ACM, etc..., and even get involved with available activities. The activities may yield professional contacts but will also help keep you aware of additional technical advances and movements in many areas.
There is something very simple you can do if you aren't impressed with the quality of the HOPE conferences...
Come up with a worthwhile topic, put together a panel, formally submit it, and do the best job that you can to present it.
I've spoken in the HOPE conferences, and so have a number of people in the industry with some worthwhile things to say... Wynn Schwartau... Greg Newby, many others, and some well known "hackers."
There are other people - even if you don't agree with everything that they will say - with interesting and diverse views on society and technology.
If you don't like some of the panels, that provides a great time to go out and see some of New York. One thing that I like, besides the formally established panels, is that they also have (and presume they will for this upcoming conference), set up a sign-up panel - a room where anyone can write-in and take a time slot, and present on their chosen topic. If you don't have time to formally organize a panel, or have a one-man presentation, this can be a viable option.
Anyway, I like the HOPE conferences, and a big part of what you get out of it can be what you put into it
By the way, referring to an earlier post, I have had friends in government circles attend the "Hacker" conferences - none have ever had a problem from the government. On the other hand, the kind of attention you draw, and it's nature will largely be based on what you say and do. Is it possible to draw negative attention from the government at one of these? I'm sure it is. People have done some dumb things at some conferences (stealing items or committing other illegal acts). Don't do anything illegal, and there really shouldn't be any problem.
I remember years ago when Matt Blaze (A very sharp crypto and computer security guy) tried to follow the laws and properly take a phone-crypto device with him. I have the link (and the text) below.
In accordance with his copyright usage requirements, I have the entire article and his copyright notice provided below.
My Life as an International Arms Courier Matt Blaze
Under an obscure provision of US law, devices and computer programs that use encryption techniques to hide information from prying eyes and ears are considered ``munitions'' and subject to the same rules that govern the international arms trade. In particular, taking such items out of this country requires the approval of the State Department, which decides whether exporting something might endanger national security. In the past, these restrictions were of little concern to the average citizen; encryption found most of its application in military and diplomatic communications equipment. Today, however, growing concern over electronic fraud and privacy means that encryption techniques are starting to find their way into more conventional commercial products like laptop computers and portable phones.
Mostly to find out what the process was like, I recently applied for a temporary export license for a portable telephone encryption product that I wanted to take with me on a business trip to England and Belgium.
The item in question is more properly called a ``telephone security device.'' This is a little box that scrambles telephone conversations to protect them against eavesdroppers; this sort of protection is sometimes important when discussing confidential business matters from faraway places. The particular model I bought was already approved for export; it employs a cipher algorithm that the government has already decided is not a threat to national security even should it fall into the hands of some rogue government. This model is aimed primarily, I presume, at international business travelers who want to communicate in a reasonably secure manner with their home offices in the states. In other words, a typical user buys two of them, leaving one at the home office and carrying the other when traveling abroad. The options that came with my device included a James Bond-ish looking acoustic coupler and handset to facilitate its connection to the hardwired phones that are still common in European hotel rooms.
It turns out that there was recently some discussion in the government about exempting products like my secure phone from the licensing paperwork requirements. Unfortunately, however, this exemption never actually took effect. So even though the device I had was already approved for sale abroad, I still needed to get a temporary export license before I could take it with me. But I was assured that ``this is an easy, routine process''. Well, sure enough, about two weeks before I was to leave I got back my official US State Department ``license for the temporary export of unclassified defense articles''. So far, so good.
From what I was able to figure out by reading the license (and having a few conversations with an export lawyer), I'm required to leave from an international airport with a Customs agent present (no problem there, although Customs is geared to arriving, rather than departing, travelers). At the airport, I'm supposed to fill out a form called a ``shipper's export declaration'' (SED) on which I have to declare that ``these commodities are authorized by the US government for export only to Belgium and the United Kingdom. They may not be resold, transshipped, or otherwise disposed of in any country, either in their original form or incorporated into other end-items without the prior written approval of the US Department of State''. Then I'm to present the SED and export license to a Customs official at the airport before I leave. The Customs officer is suppose
I remembered Matt Blaze (really sharp computer security and crypt guy)going through some fun experience that he wrote up in trying to -legally- transport some relatively basic phone-crypto device.
I found the article online, and have posted the text below. Note that the article is copyright Matt Blaze, and that I have followed his guideline for reproducing the article: his copyright notice is intact, and the article is provided in its entirety.
Sam Nitzberg
http://www.iamsam.com
- - -
From: http://www.epic.org/crypto/export_controls/blaze.h tml
- - -
My Life as an International Arms Courier
Matt Blaze
Under an obscure provision of US law, devices and computer programs that use encryption techniques to hide information from prying eyes and ears are considered ``munitions'' and subject to the same rules that govern the international arms trade. In particular, taking such items out of this country requires the approval of the State Department, which decides whether exporting something might endanger national security. In the past, these restrictions were of little concern to the average citizen; encryption found most of its application in military and diplomatic communications equipment. Today, however, growing concern over electronic fraud and privacy means that encryption techniques are starting to find their way into more conventional commercial products like laptop computers and portable phones.
Mostly to find out what the process was like, I recently applied for a temporary export license for a portable telephone encryption product that I wanted to take with me on a business trip to England and Belgium.
The item in question is more properly called a ``telephone security device.'' This is a little box that scrambles telephone conversations to protect them against eavesdroppers; this sort of protection is sometimes important when discussing confidential business matters from faraway places. The particular model I bought was already approved for export; it employs a cipher algorithm that the government has already decided is not a threat to national security even should it fall into the hands of some rogue government. This model is aimed primarily, I presume, at international business travelers who want to communicate in a reasonably secure manner with their home offices in the states. In other words, a typical user buys two of them, leaving one at the home office and carrying the other when traveling abroad. The options that came with my device included a James Bond-ish looking acoustic coupler and handset to facilitate its connection to the hardwired phones that are still common in European hotel rooms.
It turns out that there was recently some discussion in the government about exempting products like my secure phone from the licensing paperwork requirements. Unfortunately, however, this exemption never actually took effect. So even though the device I had was already approved for sale abroad, I still needed to get a temporary export license before I could take it with me. But I was assured that ``this is an easy, routine process''. Well, sure enough, about two weeks before I was to leave I got back my official US State Department ``license for the temporary export of unclassified defense articles''. So far, so good.
From what I was able to figure out by reading the license (and having a few conversations with an export lawyer), I'm required to leave from an international airport with a Customs agent present (no problem there, although Customs is geared to arriving, rather than departing, travelers). At the airport, I'm supposed to fill out a form called a ``shipper's export declaration'' (SED) on which I have to declare that ``these commodities are authorized by the US government for export only to Belgium and the United Kingdom. They may not be resold, transshipped, or otherwise disposed of in any country, either in their original form or incorporated into other end-items without the prior written approval of the US Department of State''. Then I'm to present the SED and export license
If a company has a true concern, there is another way to address the code-escrow problem ("solution") - for a price. Buy the actual source code.
Make the contract one such that what is being bought is not just the binaries or install modules, but the source code along with them. At each release, incremental build, etc... these are shipped to the customer.
Of course, these may be of limited value to the customer without a replication of the original development environment, but this addresses some issues of code escrow. It also firmly and immediately establishes ownership over the (source) code with the customer. If the client-code writing firm wants some rights to parts of the code it is developing for the customer, that can be negotiated.
I have seen a comment about certain areas of coding problem requiring more assumptions than others (someone above mentioned something about missile systems being a well-known domain with few assumptions. I question that.) If you are developing to a specific business environment / platform with many specifics and assumptions - mail server addresses, protocols, etc - - - DOCUMENT IT IN THE CODE !
The client company and the originating firm can draft (or find) a set of coding standards for the code to be developed to. There can be walkthroughs and reviews - a big part of the overall equation is whether the customer is willing to truly pay for traceable, reliable, unambiguous, well-documented and delivered code, or if the customer just wants a big band-aid-kit and to provide a minimal assurance of covering its butt if the developing company gets into trouble.
Slashdot Mirror
Wikipedia has a good write-up at the top of its entry for Internet:
http://en.wikipedia.org/wiki/Internet
and I appreciate the manner in which it addresses the "popular parlance" for "internet" in terms of the commonly used services on the Internet, e.g. "A system running internet services." (my example, based on Wikipedia's narrative).
There is also a good discussion of Capitonyms:
http://en.wikipedia.org/wiki/Capitonym
I think Wikipedia got it right.
There is a hot fusion research facility in Princeton, NJ. My understanding is that the facility has done good work since its inception.
I would hate to see such efforts scrubbed. Whatever happens with fusion research, I would like to see such teams and facilities continue to advance their work and contribute towards their research.
Sam Nitzberg
A while back, there was a book that I wanted to purchase, but it had mixed reviews. The author had used a publisher that also had PDFs available (if I remember correctly). Anyway, I was able to legitimately buy the PDF on-line for a fraction of the price of the paper-version. I was totally happy with the book, and the purchase.
My only experience with "e-books" has been brief, and negative. The e-book reader on my PDA wants to register itself (I believe with Microsoft) prior to use. I am not bothering with this "solution." Besides, there is a -free- PDF reader available for PDAs from Adobe.
PDFs work for me.
Sam Nitzberg
... Unobtanium ;-)
Sorry, I had to do that...
What I really enjoy about the emulators is the mobility that they give you.
I have an Apple II emulator running on a notebook computer, so I have that with me - not just for gaming (downloads of Apple disk images are available), but for playing with the old system. You can do a "call -151" and drop right down to machine language. Boot an (emulated disk) with Integer basic, do a call -151 and then an F666G (I hope I got that address right), and you are in the mini-assembler... You can play with these systems in many ways - not just on the gaming side.
Also, you can look up Apple CE. This program lets you run an Apple emulator on your handheld pocket PC. All the disk images on your emulator can be brought right over. The Apple emulators tend to support a Monochrome mode, and there is a nostalgia to the warm green monitor feel that is produced. Besides, when you save off your spreadsheet at work for someone, and they have trouble reading it, you can always just tell them that it's in "Visicalc."
There are often some (technical) differences between emulated environments and the "real thing" - sound a delays of disk devices, the number of supported expansion devices may differ from the simulated and "real" systems, including how shared resources / critical sections may be handled (if anyone really wants a technical example of this, they can e-mail me).
Anyway, emulators are really expanding the use of "orphaned" platforms.
There are emulators for IBM 370, Apple, Commodore, and many others. At the University of Pennsylvania, they did an "Eniac on a chip" project. For many, the emulator itself is the game.
sam@iamsam.com
http://www.iamsam.com
Just wondering if anyone here has dealt with this...
I have two PDAs (IPAQs) running Linux. Does anyone here have experience running mapping software (pref. with gps support) for handhelds with Familiar Linux?
Also, what map source do you import?
Many thanks-
Sam
Actually Fortran (perhaps depending on version) was case sensitive.
In the WATFIV version, a capital letter C in the seventh column denoted a punch card.
I always thought of (and I think I drew once), a cartoon showing a customized keyboard for the LISP language. Only two massive keys - a left parenthesis, and a right parenthesis.
I don't recall, but the people who made the "Happy Hacking" keyboard may also have a version without CAPS keys- it's aimed at certain programmers (presumably the C and Unix crowd).
- Sam
I would feel bad for this guy whenever he gets stopped by a cop......
Cop: Are you are aware you were doing 45 in a 40 - zone?
The NASA guy: ummm. no, but if you say so...
Cop: Where were you going ?
The NASA guy: home - I'm going home from work
Cop: So, where do you work?
The NASA guy: I'm the planetary protection officer - it's my job to protect the earth from interplanetary biologicals and contamination
Cop: OK buddy, we're going downtown....
I'll laugh if the back-end were an unpatches windows 2000 running an unpatched MS Sql server...
- Sam
The Law of Diminishing Returns...
It's diminishing SCO's profits.....
... too bad your ACOUSTIC coupler doesn't have a built-in spelling checker...
I am interested in setting up a panel in NYC (New York, New York, USA) somewhere between July 9 and July 11.
:
Some topics that color my view of e-voting systems briefly follow
My concern is that any system be appropriately thought out, formally and precisely defined, using rigidly designed systems (not necessarily off-the-shelf), made to precisely and verifiably conduct voting tansactions, without being able to disclose, leak, or bleed any information that is not supposed to escape the system.
The Johns Hopkins study is an excellent reference and resource on the issues that have to be addressed.
I am personally interested in setting up a panel in New York in Mid-July (not much - just about an hour to an hour and-a-half), but at an interesting venue. I am not offering funding, but there could be some visibility.
I would welcome hearing from anyone who is doing interesting work in this area - in the US or overseas, that would be interested in participating on such a panel, to include related topics on technology-and-democracy.
Thank you,
Sam Nitzberg
sam@iamsam.com
http://www.iamsam.com
I have posted this before, but I am intersted in setting up a panel on Technology and Democracy, with a focus on e-voting:
:
I am interested in setting up a panel in NYC (New York, New York, USA) somewhere between July 9 and July 11.
Some topics that color my view of e-voting systems briefly follow
My concern is that any system be appropriately thought out, formally and precisely defined, using rigidly designed systems (not necessarily off-the-shelf), made to precisely and verifiably conduct voting tansactions, without being able to disclose, leak, or bleed any information that is not supposed to escape the system.
The Johns Hopkins study is an excellent reference and resource on the issues that have to be addressed.
I am personally interested in setting up a panel in New York in Mid-July (not much - just about an hour to an hour and-a-half), but at an interesting venue. I am not offering funding, but there could be some visibility.
I would welcome hearing from anyone who is doing interesting work in this area - in the US or overseas, that would be interested in participating on such a panel, to include related topics on technology-and-democracy.
I can not promise or expect to provide any funding, but there could be some visibility.
Thank you,
Sam Nitzberg
sam@iamsam.com
http://www.iamsam.com
I am interested in setting up a panel in NYC (New York, New York, USA) somewhere between July 9 and July 11.
:
Some topics that color my view of e-voting systems briefly follow
My concern is that any system be appropriately thought out, formally and precisely defined, using rigidly designed systems (not necessarily off-the-shelf), made to precisely and verifiably conduct voting tansactions, without being able to disclose, leak, or bleed any information that is not supposed to escape the system.
The Johns Hopkins study is an excellent reference and resource on the issues that have to be addressed.
I am personally interested in setting up a panel in New York in Mid-July (not much - just about an hour to an hour and-a-half), but at an interesting venue. I am not offering funding, but there could be some visibility.
I would welcome hearing from anyone who is doing interesting work in this area - in the US or overseas, that would be interested in participating on such a panel, to include related topics on technology-and-democracy.
Thank you,
Sam Nitzberg
sam@iamsam.com
http://www.iamsam.com
You have Nicholas Wirth AND Vietse Venema !
http://www.iamsam.com
I remember some years back that radio shack had a serial (DB-9 interface) probe with oscilloscope PC software - for about $100.
I don't think that this would have the range that you wanted, but I am sure that this would have it's place.
By the way, did anyone here have one ?
http://www.iamsam.com
Microsoft representatives release statements that their software is only penetrated after patches are released, and we respond on slashdot....
There are going to be more stories and issues related to Internet voting - here, in the US, and abroad, ranging from small club functions being voted on, through governmental matters from local - to - larger levels...
My concern is that any system be appropriately thought out, formally and precisely defined, using rigidly designed systems (not necessarily off-the-shelf), made to precisely and verifiably conduct voting tansactions, without being able to disclose, leak, or bleed any information that is not supposed to escape the system.
The Johns Hopkins study is an excellent reference and resource on the issues that have to be addressed.
I am personally interested in setting up a panel in New York in Mid-July (not much - just about an hour), but at an interesting venue. I am not offering funding, but there could be some visibility.
I would welcome hearing from anyone who is doing interesting work in this area - in the US or overseas, that would be interested in participating on such a panel, to include related topics on technology-and-democracy.
Sam Nitzberg
sam@iamsam.com
http://www.iamsam.com
Well, one advantage of doing your Cert renewal now is that if an empoyer asks what you are doing right now, you have a tangible answer. You can even list that you are doing this on your current resume to show activity.
You might also want to get some professional organization memberships: IEEE, ACM, etc..., and even get involved with available activities. The activities may yield professional contacts but will also help keep you aware of additional technical advances and movements in many areas.
Anyway, it's my two cents...
Sam Nitzberg
http://www.iamsam.com
Maybe some geek chic picked up about 5 Cray YMPs fully loaded for their original list price, along with service contracts.
Come up with a worthwhile topic, put together a panel, formally submit it, and do the best job that you can to present it.
I've spoken in the HOPE conferences, and so have a number of people in the industry with some worthwhile things to say... Wynn Schwartau... Greg Newby, many others, and some well known "hackers."
There are other people - even if you don't agree with everything that they will say - with interesting and diverse views on society and technology.
If you don't like some of the panels, that provides a great time to go out and see some of New York. One thing that I like, besides the formally established panels, is that they also have (and presume they will for this upcoming conference), set up a sign-up panel - a room where anyone can write-in and take a time slot, and present on their chosen topic. If you don't have time to formally organize a panel, or have a one-man presentation, this can be a viable option.
Anyway, I like the HOPE conferences, and a big part of what you get out of it can be what you put into it
By the way, referring to an earlier post, I have had friends in government circles attend the "Hacker" conferences - none have ever had a problem from the government. On the other hand, the kind of attention you draw, and it's nature will largely be based on what you say and do. Is it possible to draw negative attention from the government at one of these? I'm sure it is. People have done some dumb things at some conferences (stealing items or committing other illegal acts). Don't do anything illegal, and there really shouldn't be any problem.
Sam
http://www.iamsam.com
I remember years ago when Matt Blaze (A very sharp crypto and computer security guy) tried to follow the laws and properly take a phone-crypto device with him. I have the link (and the text) below.
.h tml
In accordance with his copyright usage requirements, I have the entire article and his copyright notice provided below.
Sam Nitzberg
http://www.iamsam.com
http://www.epic.org/crypto/export_controls/blaze
My Life as an International Arms Courier
Matt Blaze
Under an obscure provision of US law, devices and computer programs that use encryption techniques to hide information from prying eyes and ears are considered ``munitions'' and subject to the same rules that govern the international arms trade. In particular, taking such items out of this country requires the approval of the State Department, which decides whether exporting something might endanger national security. In the past, these restrictions were of little concern to the average citizen; encryption found most of its application in military and diplomatic communications equipment. Today, however, growing concern over electronic fraud and privacy means that encryption techniques are starting to find their way into more conventional commercial products like laptop computers and portable phones.
Mostly to find out what the process was like, I recently applied for a temporary export license for a portable telephone encryption product that I wanted to take with me on a business trip to England and Belgium.
The item in question is more properly called a ``telephone security device.'' This is a little box that scrambles telephone conversations to protect them against eavesdroppers; this sort of protection is sometimes important when discussing confidential business matters from faraway places. The particular model I bought was already approved for export; it employs a cipher algorithm that the government has already decided is not a threat to national security even should it fall into the hands of some rogue government. This model is aimed primarily, I presume, at international business travelers who want to communicate in a reasonably secure manner with their home offices in the states. In other words, a typical user buys two of them, leaving one at the home office and carrying the other when traveling abroad. The options that came with my device included a James Bond-ish looking acoustic coupler and handset to facilitate its connection to the hardwired phones that are still common in European hotel rooms.
It turns out that there was recently some discussion in the government about exempting products like my secure phone from the licensing paperwork requirements. Unfortunately, however, this exemption never actually took effect. So even though the device I had was already approved for sale abroad, I still needed to get a temporary export license before I could take it with me. But I was assured that ``this is an easy, routine process''. Well, sure enough, about two weeks before I was to leave I got back my official US State Department ``license for the temporary export of unclassified defense articles''. So far, so good.
From what I was able to figure out by reading the license (and having a few conversations with an export lawyer), I'm required to leave from an international airport with a Customs agent present (no problem there, although Customs is geared to arriving, rather than departing, travelers). At the airport, I'm supposed to fill out a form called a ``shipper's export declaration'' (SED) on which I have to declare that ``these commodities are authorized by the US government for export only to Belgium and the United Kingdom. They may not be resold, transshipped, or otherwise disposed of in any country, either in their original form or incorporated into other end-items without the prior written approval of the US Department of State''. Then I'm to present the SED and export license to a Customs official at the airport before I leave. The Customs officer is suppose
I remembered Matt Blaze (really sharp computer security and crypt guy)going through some fun experience that he wrote up in trying to -legally- transport some relatively basic phone-crypto device. I found the article online, and have posted the text below. Note that the article is copyright Matt Blaze, and that I have followed his guideline for reproducing the article: his copyright notice is intact, and the article is provided in its entirety. Sam Nitzberg http://www.iamsam.com - - - From: http://www.epic.org/crypto/export_controls/blaze.h tml - - - My Life as an International Arms Courier Matt Blaze Under an obscure provision of US law, devices and computer programs that use encryption techniques to hide information from prying eyes and ears are considered ``munitions'' and subject to the same rules that govern the international arms trade. In particular, taking such items out of this country requires the approval of the State Department, which decides whether exporting something might endanger national security. In the past, these restrictions were of little concern to the average citizen; encryption found most of its application in military and diplomatic communications equipment. Today, however, growing concern over electronic fraud and privacy means that encryption techniques are starting to find their way into more conventional commercial products like laptop computers and portable phones. Mostly to find out what the process was like, I recently applied for a temporary export license for a portable telephone encryption product that I wanted to take with me on a business trip to England and Belgium. The item in question is more properly called a ``telephone security device.'' This is a little box that scrambles telephone conversations to protect them against eavesdroppers; this sort of protection is sometimes important when discussing confidential business matters from faraway places. The particular model I bought was already approved for export; it employs a cipher algorithm that the government has already decided is not a threat to national security even should it fall into the hands of some rogue government. This model is aimed primarily, I presume, at international business travelers who want to communicate in a reasonably secure manner with their home offices in the states. In other words, a typical user buys two of them, leaving one at the home office and carrying the other when traveling abroad. The options that came with my device included a James Bond-ish looking acoustic coupler and handset to facilitate its connection to the hardwired phones that are still common in European hotel rooms. It turns out that there was recently some discussion in the government about exempting products like my secure phone from the licensing paperwork requirements. Unfortunately, however, this exemption never actually took effect. So even though the device I had was already approved for sale abroad, I still needed to get a temporary export license before I could take it with me. But I was assured that ``this is an easy, routine process''. Well, sure enough, about two weeks before I was to leave I got back my official US State Department ``license for the temporary export of unclassified defense articles''. So far, so good. From what I was able to figure out by reading the license (and having a few conversations with an export lawyer), I'm required to leave from an international airport with a Customs agent present (no problem there, although Customs is geared to arriving, rather than departing, travelers). At the airport, I'm supposed to fill out a form called a ``shipper's export declaration'' (SED) on which I have to declare that ``these commodities are authorized by the US government for export only to Belgium and the United Kingdom. They may not be resold, transshipped, or otherwise disposed of in any country, either in their original form or incorporated into other end-items without the prior written approval of the US Department of State''. Then I'm to present the SED and export license
I would have said:
I would like it done professionally, and with dispatch.
Optionally to throw in, as well:
And with your immediate supervisor's direct supervision.
No, I wouldn't have smiled when I said that.
Sam
If a company has a true concern, there is another way to address the code-escrow problem ("solution") - for a price. Buy the actual source code.
Make the contract one such that what is being bought is not just the binaries or install modules, but the source code along with them. At each release, incremental build, etc... these are shipped to the customer.
Of course, these may be of limited value to the customer without a replication of the original development environment, but this addresses some issues of code escrow. It also firmly and immediately establishes ownership over the (source) code with the customer. If the client-code writing firm wants some rights to parts of the code it is developing for the customer, that can be negotiated.
I have seen a comment about certain areas of coding problem requiring more assumptions than others (someone above mentioned something about missile systems being a well-known domain with few assumptions. I question that.) If you are developing to a specific business environment / platform with many specifics and assumptions - mail server addresses, protocols, etc - - - DOCUMENT IT IN THE CODE !
The client company and the originating firm can draft (or find) a set of coding standards for the code to be developed to. There can be walkthroughs and reviews - a big part of the overall equation is whether the customer is willing to truly pay for traceable, reliable, unambiguous, well-documented and delivered code, or if the customer just wants a big band-aid-kit and to provide a minimal assurance of covering its butt if the developing company gets into trouble.
Sam Nitzberg
sam@iamsam.com
http://www.iamsam.com