1996-03-28 - Re: Crypto CD UpDate

Header Data

From: Henry Huang <hwh6k@fulton.seas.virginia.edu>
To: “Timothy C. May” <tcmay@got.net>
Message Hash: 1cb629c6f6cb4ec215e986b18b64b5a120be8d245d9a8915f6dd3484ca8caab9
Message ID: <199603271810.NAA75303@fulton.seas.Virginia.EDU>
Reply To: N/A
UTC Datetime: 1996-03-28 01:26:23 UTC
Raw Date: Thu, 28 Mar 1996 09:26:23 +0800

Raw message

From: Henry Huang <hwh6k@fulton.seas.virginia.edu>
Date: Thu, 28 Mar 1996 09:26:23 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Crypto CD UpDate
Message-ID: <199603271810.NAA75303@fulton.seas.Virginia.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mar 26, 21:18, Timothy C. May wrote:
> At 10:16 PM 3/26/96, aba@atlas.ex.ac.uk wrote:
> >The idea of putting together a CD with crypto stuff is an excellent
> >IDEA, and one which I very much welcome.
> >
> >However a question .. are you (Ben) located in the US?  If so...
> >
> >that rules out overseas buyers unless you fancy messing with ITAR...
> >Is it possible that you could come to some arrangement with some one
> >outside the ITAR fence who has a CD writer (any one reading have one?)
> >put together the same CD for those outside the US?

ITAR is going to be a mess either way.  If the CD is put together outside
the U.S., you'd have to only use non-U.S. executables/source (or else
put site owners at risk of violating the anti-export language in the
ITAR).  Of course, a lot of people don't take this seriously, so pick
your poison ...

> 1. The CD-ROM "freezes" the various programs, archives, etc. at the moment
> the files are finalized and the CD-ROMs are pressed (or burned individually
> on a CD-R, at somewhat higher per-copy price). If the author of the CD-ROM
> is not committed to updating the CD-ROM at frequent intervals--say, every
> few months--then the programs will exhibit "version decay" and be nearly
> useless.
> The next point is the reason.
> 
> 2. The Web does a better job at making the latest versions instantly
> accessible. True, a CD-ROM will generally have faster access, but I care
> more about getting the _latest_ version of PGP, even if takes a minute or
> two to snarf off the Web. That I could get an _older_ version of PGP in
> fractions of a second off this CD-ROM is not compelling to me.

I'd argue that having a slightly out-of-date CD-ROM is better than nothing,
because:

- It gives you an idea of what sorts of crypto applications are out there,

- It gives you working versions of programs without having to crawl
  all over the Net hunting for one,

- If the authors are smart they'll include URL's to an update site
  in the documentation (or the CD-ROM producer can do it),

- Not everyone out there is Net-savvy, or has the time to go trudging
  around looking for the latest cutting-edge versions of software.
  Time *IS* money.

I'd almost argue that Tim's emphasis on using the Web to get crypto
assumes a sort of Net-centric view of how the crypto is going to be
used -- similar to reported provisions in the Leahy bill.  The idea
that people who just want to encrypt personal data might not need the
latest versions of everything out there is reasonable -- as long as
the latest versions aren't BUG FIXES.

In that case, Tim's argument about stale versions would carry some
merit.  But this is the case for ALL non-Net distributed software; you
don't see companies refusing to cut CD-ROMs simply because they're
worried their users won't be able to get the latest bug fixes.  In the
ideal case, they'd do the best they can to make sure that people did,
but you have to be realistic.

(Of course, if you're cynical, and believe that software companies
care more about money than about helping their customers, then it doesn't
matter.  ;)

> (And fractions of a second is too charitable: in actuality, I'd have
> to locate the CD-ROM, dismount anything already mounted, mount the
> CD-ROM, search it for "PGP," etc. Probably not even faster than
> using Alta Vista and downloading.)

Um, whatever.  If you have a CD-ROM, you'll at least have SOME idea of
what software is available on it.  Not so with the Web (unless somebody
wants to do the equivalent of this CD-ROM and put together a page with
a HUGE number of links to crypto programs -- not to mention the protections
necessary to avoid violating ITAR, e.g. the anti-export measures built
into the PGP distribution site)

Plus, comparing the speed of a CD-ROM to a modem is like comparing the
speed of a station wagon to a skateboard.  CD-ROMs aren't exactly fast,
but they sure as hell aren't anywhere near as slow as the water-torture
speeds of your average v.42bis modem.

> 3. Where CD-ROMs really shine over modem alternatives is, of course, for
> very large files. Images, MPEG or Quicktime movies, etc. "Multimedia" being
> the operative term. For crypto, this is not an issue. (Except for list
> archives, where having a few hundred megabytes of articles might be nice.
> However, the absolute KILLER of this idea is the staleness problem mentione
> in Point #1: if the archives on CD-ROM lack the most recent month or two,
> their usefullness drops precipitously. If the CD-ROM is a year old, and no
> updates have appeared, then its archives are useful only to list
> historians.

I don't buy this.  Many of the well-known/widely-used Net-distributed
crypto apps haven't put out updates for a LONG time.  Even if it was the
case that they were throwing out bug fixes every two weeks, my previous
comments still hold.  (And anyhow, you probably wouldn't WANT to have
software THAT unstable in your collection anyway.  ;)

I'm starting to think that the question of whether this CD-ROM is useful
depends on who you're selling it to.  People who hang out on Coderpunks,
or are "in the loop" as to version updates and crypto sites won't want
this.  People who want to buy the CD just to be "cool" aren't an issue.
The SOHO market (i.e. people who don't normally use the Net, and who
ordinarily wouldn't care too much about crypto) seems to be the ideal
target.  But how do you sell a piece of software to an audience that
doesn't know it needs it?

Perhaps this could be a chance to spread the gospel, so to speak.  However,
that would mean the CD would have to be designed around these people --
i.e. for ease of use, etc.  These issues have probably been beaten to
death a long time ago (e.g. PGP shells), and shouldn't be too difficult
to resolve.  The multi-platform stuff (DOS/Mac/**IX on one disc) will
be harder; you'll need to code a different interface to the CD for each
platform.

> (In other words, I will almost always go to up-to-date archives on a Web
> site rather than dusting off a CD-ROM that was issued several months ago.

As would I.  But we're "in the loop".  Many people aren't.  And the real
issue being addressed here (getting easy-to-digest crypto to the masses)
is a lot more difficult than just pressing a CD-ROM.  Ben may need to
rethink his strategy on this, in terms of how to most effectively promote
this CD to that market.

> 4. The Web approach allows powerful search engines, links from other pages,
> and--importantly--multiple jurisdictions. The PGP could come from the U.S.,
> the Digital Postage code from Sweden, and so on. And, again as noted in #
> 1, the developers could keep improving and iterating the code.

Hmm, do I hear a volunteer for writing that Crypto Software Web page?  ;)

-H






Thread