**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 2, Issue #2.18 (December 28, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / Alex Smith PERIPATETIC GADFLY: Brendan Kehoe USENET readers can currently receive CuD as alt.society.cu-digest. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors, however, do copyright their material, and those authors should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CONTENTS: File 1: Moderators' Corner File 2: From the Mailbag File 3: Computers Under Attack File 4: CU Resources in Germany File 5: Trade Secrets; When are they Bad? ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ---------------------------------------------------------------------- ******************************************************************** *** CuD #2.18: File 1 of 5: Moderator's corner *** ******************************************************************** From: Moderators Subject: Moderators' Corner Date: December 28, 1990 ++++++++++ In this file: 1. FTP FILES 2. RESOURCES OF CU INTEREST ++++++++++ +++++++++++++++++++++ FTP Files +++++++++++++++++++++ The FTP archives are steadily growing. They include Network Information Access (NIA), a few new CU magazines, and a variety of computer crime statutes (state, federal, foreign), and a few new papers written by law students and attorneys. Thanks to all those who send material along. If you submit a long paper (20 pages or more), please be sure the format is complete (biblio and footnotes not excluded if cited in the text) and line length is not over 80 characters per line. Papers should be of publishable quality and not simply stream-of-consciousness opinion. If you're not sure if your paper is appropriate, send it along anyway. Papers should be timely or of historical/archival value, and not something you happened across on a BBS somewhere that is dated. -------------------- Resources Worth Looking At -------------------- There are a number of first-rate resources available on the nets for computerists of all stripes. Among those of particular value include: 1. TAP MAGAZINE: TAP contains a variety of information and can be obtained for only a postage stamp for each issue from: TAP PO Box 20264 Louisville, KY 40250 2. 2600 Magazine: 2600 covers a broad range of topics, ranging from technical material to political analysis. It is published quarterly in hardcopy format. It also holds periodic meetings and is an excellent resource for information of relevance to a variety of interests. 2600 Magazine can be reached at: 2600@well.sf.ca.us OR 2600 EDITORIAL DEPARTMENT P.O. BOX 99, MIDDLE ISLAND, NY 11953 3. EFF DIGEST: The Electronic Frontier Foundation's first issue of EFF Digest is out, and it is essential reading for those keeping up with the the specifics of EFF activity as well as for following legal cases and other issues affecting the computer world. The first issue provides a detailed summary of the EFF goals and activities to date. E-mail subscription requests: effnews-request@eff.org Editorial submissions: effnews@eff.org Or: Electronic Frontier Foundation 155 Second St. Cambridge, MA 02141 (617) 864-0665 (617) 864-0866 (fax) 4. BMUG (Berkeley Macintosh Users' Group) Magazine: Don't be deceived by the name. BMUG contains a variety of articles relevant to all computerists and is well worth reading. The Fall/Winter 1990 issue of the BMUG newsletter will be available as of February, 1991. Cost is $25 (comes with 6 month BMUG membership). To subscribe, call BMUG at (415) 549-BMUG. 5. PHRACK CLASSIC: What can we say? Contact them at pc@well.sf.ca.us 6. TELECOM DIGEST: TCD, edited by Pat Townson, focuses primarily on telecom issues of all kinds (technical, legal, rumor, facts, news articles). During a period of hot topics, several issues can come out in a day. Pat chases down rumors, keeps posts relevant, and has established TCD as the premier e-mail source for telecom information. There is also an ftp site for back issues. To subscribe, contact: telecom@eecs.nwu.edu 7. NIA: Network Information Access, although fairly new, has published 68 issues to date. The first issues were relative short, but, beginning with #68, the issues will be longer and provide a variety of detailed technical and other information. For more information, drop a note to: elisem@nuchcat.sccsi.com 8. NEWSBYTES: The Newsbytes News Network is an electronic news service dealing solely with technology issues. It is published daily on GEnie and is available in a semi-weekly format on Dialog, America On-Line, NewsNet and a Japanese newsnetwork. Excerpts are also downloaded for publication by Newspapers throughout the country (such as Computer Currents). The service is international and has bureaus from Moscow to Sydney, Australia. For more information, contact: mcmullen@well.sf.ca.us; CompuServe - 70210,172; GEnie - nb.nyc; AppleLink -- x1888 and MCI - 316-9687 with any comments or additions. There are other good resources out there, and we will include them in future issues. There are also a number of good BBSs with extensive collections of text files or discussion sections (Ripco, The Well, The Works, Face-to-Face), and we will list a few of them next month. If you know of exceptional boards worth mentioning, pass the names and numbers along. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Various Subject: From the Mailbag Date: December 28, 1990 ******************************************************************** *** CuD #2.18: File 2 of 5: From the Mailbag *** ******************************************************************** From: Carrier Wave Subject: Operation Sun Devil and Ayn Rand To: TK0JUT1%NIU.BITNET@UICVM.UIC.EDU Date: Fri, 21 Dec 90 09:15 EST Operation Sun Devil and Ayn Rand's Theory of "The Sanction of the Victim" by Michael E. Marotta, mercury@well.sf.ca.us Arthur Koestler's novel, Darkness at Noon, tells of the downfall of a Bolshevik. He is purged by the party, charged with conspiring to assassinate Stalin. Of course, he did no such thing, but he soon comes to understand the needs of his captors. As a Bolshevik, he knows the theory of the centralized democracy and he comes to understand that merely questioning authority is no different than a physical assault on the Leader. The operant theory in this true-to-life example was later enunciated by Ayn Rand in her novel, Atlas Shrugged. She called it "The Sanction of the Victim." In Atlas Shrugged, the heroes are engineers and investors who learn to reject mysticism, altruism and collectivism. They learn to be proud of their own achievements. They identify and reconcile the contradictions that tore them apart and allowed them to be regulated, ruled, taxed and vilified. One of the highlights of this novel is the trial of Hank Rearden, a steel industrialist who violated an equalization of opportunity law. He tells the court that it can sentence him to anything and he is powerless to prevent that but he will not help them by participating. He does not recognize their right to try him and he will not help them pretend that the trial is just. He is acquitted. If this seems too unreal, consider the case of Craig Neidorf in Chicago and compare it to the trials of the Legion of Doom in Atlanta. Neidorf stood his ground, prepared a First Amendment defense and asked for help from the pioneers on the electronic frontier. The government dropped its charges. In Atlanta, the hackers co-operated with the government, informed on each other and even testified against Craig Neidorf and they were sentenced to prison. Neidorf incurred legal expenses near $250,000. This is also about the size of the fines to be paid by each of the LoD hackers in Atlanta. The difference, of course, is that Neidorf is free and they are in jail. The decision to go to trial rested on the premise that Right makes Might. Niedorf prepared a First Amendment argument. In point of fact, victory hinged on the demolition of the government's evidence. A suitable defense could have been created from any perspective. The First Amendment is a broad shield that protects religion, speech and assembly in addition to writing. The Tenth Amendment guarantees all those necessary and proper rights enjoyed by the people that are not specifically enumerated in the Bill of Rights. Niedorf could have claimed that he was performing a challenge commanded of him by the Gods of Olympus. What counted most is that he felt that his accusers were morally wrong. The Legion of Doom went down the drain in Atlanta because they granted the moral high ground to the government. They were wrong in their own eyes and they deserved punishment by their own standards. Their viewpoint and their standards were the same as the government's. The question then becomes: Is hacking right? Unless you want to go to jail, you better find a lot of reasons to believe that it is. +++++++++++++++++++++++++ From: gnu@TOAD.COM Subject: Re: "strangers probing for security flaws" -- another view Date: Fri, 21 Dec 90 13:11:14 -0800 Given the existing state of computer security (i.e. it requires excessive care by a system administrator to make a system more than nominally secure), I think that whatever automation we can bring to bear on security testing is welcome. Suppose there was a free program, available in source code and scrutinized by wizards all over the net, that you could run to test your security. If you had the time, you might run it and fix up the things it found. If you didn't have the time, those things would probably go unfixed. If someone at a remote site (Italy?) volunteers to run such a program and mail you the results as they pertain to your site, are they performing you a service or a disservice? I don't know about you, but when a stranger knocks at my door to tell me that I left my garage door gaping wide open and the neighborhood hoods are eyeing my bicycles, I usually thank her rather than knocking her down and calling the police. Then I go and fix the garage door. If the stranger had taken a few bicycles before coming and telling me about the problem, that would be different. But even that is preferable to their stealing the bicycles and not even telling me I had a problem. Sites all over the Internet *are* being probed by people who want to do them harm. We know this as a fact. I would prefer if we had some volunteer "cop on the beat"s who would walk by periodically and rattle the door to make sure it's locked. John ++++++++++++++++++++++++++ From: snowgoose!@UUNET.UU.NET Date: Mon, 17 Dec 90 16:16:00 -0500 Subject: Is Technology Beyond the Law? Is Technology Beyond the Law? There are many factors which shape events like Operation Sun Devil. Certainly mission, political mandate, public perception, and human frailty are forces which shaped the behavior of the Secret Service. But, the juxtaposition of technology and the law may well be the most significant factor. Law is (or at least, is supposed to be) a reflection of the needs of society for definition of and protection of its interests. Technology presents rapidly changing circumstances with which the law, because the people, cannot keep abreast. Technology is, and will always be, beyond the law? Now, I'm not a lawyer, and I haven't got a clue of how to conceptualize this under the law, but consider the following: One day, the Secret Service shows up at my door with a search warrant to seize and search my computer for incriminating evidence. They get my computer back to their lab and discover that the entire hard disk is encrypted, (probably block by block). Upon further examination, they find either an encryption card or a software encryption routine in the disk driver. I'm not going to give them the key. I have used a sufficiently difficult encryption technique as to frustrate even the NSA. Where does that leave their investigation? Where does that leave my computer? Is there a concept in the law which requires that a law must be enforceable? If so, isn't investigation an enforcement procedure? If so, and if the law isn't enforceable, what happens to my computer with its encrypted disk? I have intentionally exaggerated the technical circumstances to raise the question, but it seems to me that the same situation exists today. The Secret Service has had 40+ computers and 23,000? disks since their seizure on May 8th, 1990. If we assume that the Secret Service has procedures (methods and techniques) for using the seized property in their investigation, then is there a time limit on how long the investigation can continue? If it could be demonstrated that there were *no* procedures for using the seized property in furtherance of the investigation, would they have a right to have seized it? ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ Date: Thu, 6 Dec 90 15:00:32 PST From: Peter Denning Subject: Computers Under Attack ******************************************************************** *** CuD #2.18: File 3 of 5: Computers Under Attack *** ******************************************************************** COMPUTERS UNDER ATTACK Intruders, Worms, and Viruses Edited by Peter J. Denning ACM Press and Addison-Wesley, 1990, 554pp $18.50 ACM members, $20.50 others On behalf of ACM Press and the authors of the 38 articles brought together in this edition, I am proud to announce that our book on the subject of attacks on computers is now available. This subject continues to receive ongoing attention in the national press --for example, the recent discovery of $12M of toll fraud at the NASA Johnson Space Center, Operation Sun Devil, an Esquire article about computer pirates breaking in to the Bell System, and the recent splashy appearance of the NRC report, "Computers at Risk". The purpose of this book is to tell the story of attacks on computers in the words of those who are making the story and who see the broad perspective in which it is taking place. We have painstakingly selected the articles and have provided connective material to bring out the global context and show that the problem is not purely technology, not purely people, but a product of the interaction between people and computers in a growing worldwide network. After and introduction and preface by me, the articles are arranged in six parts. Most of these have been previously published, but there are a few new pieces specifically commissioned for this volume. PART I: THE WORLDWIDE NETWORK OF COMPUTERS Worldnet and ARPANET by Denning, overview of networks by Quarterman, reflections by Thompson, survey of computer insecurities by Witten. PART II: INTRUDERS Reflections by Reid, Wily hacker story by Stoll, a followup commentary by Mandel, and a business perspective by Wilkes. PART III: WORMS Internet worm overview by Denning, perspectives on the Morris worm by MIT's Rochlis et al, Purdue's Spafford, and Utah's Seeley, executive summary of Cornell Report, Morris indictment and trial summary by Montz, original worm paper by Shoch and Hupp. PART IV: VIRUSES Virus overview by Denning, BRAIN and other virus operation by Highland, virus primer by Spafford et al, viral protection in MS/DOS by Brothers, and a perspective on viruses by Cohen. PART V: COUNTERCULTURES Computer property rights by Stallman, cyberspace literature by Paul Saffo, a dialog on hacking and security by Dorothy Denning and Frank Drake. PART VI: SOCIAL, LEGAL, AND ETHICAL IMPLICATIONS A spectrum of commentaries: moral clarity and sending a signal by Denning, global city by Morris, virus bills in congress by Crawford, GAO report summary, legal issues by Samuelson and by Gemingani, computer emergency response by Scherlis et al, ethics statements by various organizations, ACM President's letters by Kocher, ACM forum letters, law and order for the PC by Director, RISKS perspectives by Neumann, crimoids by Parker. To order the book, run to your local bookstore or call ACM Press Order Department. For credit card orders only call 800-342-6626 or in Maryland and outside the continental US call 301-528-4261 and for mail orders ACM Order Department, P. O. Box 64145, Baltimore, MD 21264. The price for ACM members is $18.50 and for nonmembers $20.50. Shipping is extra unless you send a check to the order department. BE SURE TO INCLUDE YOUR ACM MEMBER NUMBER AND THE BOOK ORDER NUMBER (706900). ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: "Martin Huber" Subject: CU Resources in Germany Date: Fri, 14 Dec 90 04:29:59 +0100 ******************************************************************** *** CuD #2.18: File 4 of 5: CU Resources in Germany *** ******************************************************************** {Moderators' note: We in the U.S. tend to be rather insular and often think of the CU world as limited to the 48 contiguous states. We are constantly reminded by cybernauts elsewhere that we should be more aggressive in recognizing that cyberspace is non-territorial. There are numerous articles and newsbits out there that we don't often see because of language barriers. We *STRONGLY ENCOURAGE* readers fluent in other languages to either send over translations or send summaries of various news stories. In addition to their general interest, we are finding that scholars, law students, and others find this information quite helpful. Thanks to Martin for sending the following over. When we spoke with him, he indicated that there is considerable activity in Europe that we neglect here in the U.S., and he uses a comment in Pat Townson's Telecom Digest to segue into the discussion}. ******************* In article <15334@accuvax.nwu.edu> (of Telecom Digest the moderator writes): > >Len Rose is beginning to prepare for his defense in Baltimore in >February. He is looking for Unix experts/gurus who would be willing to >provide general technical testimony about Unix. If anybody is willing >to consider it, or can provide the names of others who might be >willing, call Len at: (708) 527-xxxx. > > >Jim Thomas >Computer Underground Digest > > >[Moderator's Note: Poor Len. He's a great subject-candidate for the >old negro spiritual song, "Nobody Knows the Trouble I've Seen". PAT] I'll side with PAT and Len (although i didn't notice what he did, but today a seemingly funny hack can become a ghostly nightmare real fast). Please understand that i do not side my criminal activities, but IMHO mostly the wrong people get caught. The real criminals nearly get away with it. Me, i can't give him help (other than moral one). But there are some guys here in Germany who should be able to help with real expertise on any kinds of hacks (phone, modem, nets, UNIX boxes, other). They are called CCC (Chaos Computer Club). Their head has been charged with breaking into some kind of NATO network (can't remember details, ask them how it went out). I think they won or got a vote of confidence and a slight punishment because of having alerted security people about the possibility of the hack. Again, to state my opinion: They don't inquire into secrets in order to steal something/rob some bank/whatever, but merely want to enwiden their knowledge and try to pass information to others. (See below). Oh sh..... . Can't find any of their documents in my bureau. Let me try to squeeze my brain: Organization: "Chaos Computer Club" Contact: ??????? - they all have lots of nicknames City: "DW-2000 Hamburg" Country: "Germany" Check like 1-3 year old infos on the famous NATO hack. Names should appear there. I'll be searching back home and try to come up with more info ASAP. Maybe a secondary contact in Hannover will help: This is a german computer magazine called "c't". It is a full-fledged computer magazine for mostly small computers and UNIX systems. The spectrum of articles ranges from problems in information theory over product reviews, hard- und software tests, source code listings in different languages to science-fiction stories. They regularly feature editorials on hacking, law problems and such and are at the approximate level of expertise as BYTE is in the US (in fact, the magazines cooperate). [Of course, professional level in germany is in general not as high as in the US (the states are much larger and thus have more experts), but in science Germany is competitive.] In their January 1991 issue (no kidding, it appears in the mid of December!) they published a report on a sociological study on computer freaks which was carried out by a german university (Univ. of Trier). In the following, i'll give some quotations (transliterated to English): [Note that this is done with no regard to copyright issues, i don't know what position c't has regarding such matters, but i think it is perfectly o.k. to translate something while crediting it to the original author. As for publishing, you have my allowance to publish the english summary as long as c't or the author is not affected by this move] ARTICLE: "c't, Jan. 1990, p.44-46" AUTHOR: "Claudia Schmidt" [Can't find her listed on the publisher staff, seems to be an invited article, i bet she is from the research group] TITLE: Viele Vorurteile - Computerfreaks im Licht der Soziologie [ premonitions abound - computer freaks seen from a sociologist's point of view ] The article starts: "In a study sponsored by the Department of the Interior of the FRG a group of scientists from the University of Trier tried to find access to the world of computer freaks. The sociologists wanted to gain a fundamental platform for the assessment of computer technology und to unemotionalize the discussion on it. Wherever computing centers are, young alert people with rugged hair and deep-set eyes can be seen in front of computer consoles; their arms are bent und their hands seem to be waiting for hitting the buttons of their keyboards which they watch with the same inten- sity a gambler watches the rooling dices. Seemingly more relaxed they sit at desks loaded with computer listings and meditate like scientists over cabalistic treats .... This statement dating back to 1977 clearly demonstrates the premonitions which usually are ascribed to computer freaks[1]. 'Pseudo-empirical criticism on culture, mythos-conserving hearsay!' it is termed by the authors of a 300-page report of the University of Trier[2]. People are adopting fancy images [of freaks] all too eagerly: most of the statements suffer from a pseudo-scientific method of 'associative reasoning', the scientists claim ... The sociologists visited the Chaos Communication Congress 1989 in Hamburg, ..., 'in order to get a lasting impression of the productivity aspects of computer social life' and tested personal attitudes of [computer] freaks in meetings with several [computer] clubs. After field work, 62 interviews of 1 - 2 hours duration complimented by 15 interviews gained from interviews on a BBS were to be evaluated. [A description of a typical freak's school and college time follows (boring classrooms for under-rated geniuses), including the treat- ment of the early attraction of a typical freak towards technology. An interesting bynote states that women tend to exclude the computer of their private live and they are said to 'be afraid to destroy something'. The next paragraph follows the growth of a juvenile freak to a competent and professional specialist: ] Evolution: ... [freaks], according to the scientists can be separated into the classes of 'hackers', 'players', 'programmers', 'crackers' and 'crashers'. Freaks want to use all capabilities of their machines. A high degree of professionalism and competence, in general specialist's knowledge, gives the benefits of good standing, being recognized and admired among fellow professionals. The research group noticed that the rapid evolution of technology posed a problem. Social sciences always lag behind in assessment of new technologies and hust helplessly see a new wave of technology coming just as they finished evaluating it's predecessors. Lots of questions: The only solution to this problem is to tend towards dampening critical opinions: Of course the freak is working all alone ... in front of his computer, but - does he not communicate with fellow freaks over [computer] nets? A computer demands clear and concise commands, it cannot handle ambiguous statements found in everyday's speech. Under the assumption that a broad knowledge of speech is correlated with intellectual capabilities, a person who has to adopt his syntactical capability to abbreviations fitting a machine is in danger! ... the programming paradigm could influence life style towards thinking in rational terms only. Lone guys: On the other hand, there is a thesis that computerization is not the reason but the effect of a culture adoring reasoning, and that the computer is only fulfilling the wishes of men leaning towards a technical zivilisation. ... With the impact of lots of new media at home and at work, can we see an 'impersonalization of learning', will the real world be substituted by a made-up world, which is a secure place to flee to? ... Or is this world of synthetic images the expression of a desire to create new and singular scenarios, stimulating creativity and emotionality in the freaks? Is not today's world by a much higher degree plagued by rationalism and lack of emotions compared to the computerist's world? Summa summarum: For public discussion, the scientists drew the following conclusions: Since the computer is a well-known part of today's work, it is useful for several different specialisations. To the freak, it has become a natural part of his live and he spends a substantial amount of time and money on it. Only people with adequate knowledge can use a computer. A broad knowledge of information science is indispensable for a freak. His main method of learning is autodidactic. ... The 'process of auto-professionalisation' is found across all social and professional levels. Those activities do not tend to neglect leisure-time acti- vities. Electronic media are very important, whereas books are not so important (with the exception of cs books). Data nets created a renaissance of the art of writing letters. Computer freaks are not biased towards technology. From their intimate knowledge of systems and their limitations, their [the freaks] opinions are well balanced and often two- sided. Dangers are seen mainly in big uncontrollable systems. Contours of the information age of tomorrow are seen as changing and not subject to forecast or planning in a deterministic way. Methods of learning und practical work show a high degree of personal autonomy. New forms of self-controlled and self- confident use of communication medias are evolving hand in hand with a culture which does not need federal regulations (e.g. in form of laws). [because they are self-regulating, i can't resist to make my point here] The authors close with a proposal to the ministry of the interior to inquire into the usefulness of computerclubs and groups of hackers as critics of media, similar to the function of ecologist's associations in environment. [ The article closes with the perfectly natural observation that the degree of weirdness and fanaticism does not vary between philanthropists, hobby astrologicians and computer freaks ] [1] J. Weizenbaum, Die Macht der Computer und die Ohnmacht der Vernunft, Frankfurt/a.M., 1977, p.160 [The power of computers and the impotence of common sense] [2] R. Eckert et al., Im Schatten der Computer-Mythen. Zur kulturellen Praxis und den Spezialkulturen von Hackern, Programmierern, Crackern und Spielern. Eine ethnografische Untersuchung, Trier, [In the twilight of computer myths. On the cultural praxis and the specialized cultures of hackers, programmers, crackers and players. An ethnografical study] In the following some more citations from "c't", quoted from the indices: - c't,October 1990,Rechtliche Rahmenbedingungen fuer die Mailbox [ Juristical Framework for BBS ] - c't,February 1990,Es geht um Milliarden - Niederlage der Post in einem Modem-Prozess [ billions on stake - telco looses lawsuit concerning modems ] - c't,May 1989,Hackordnung - Wann wird das Strafrecht fuer Datenreisende zur Falle? [ hacker's laws - when do hackers get trapped in penal law? ] * This is written by a lawyer and treates the relationship * * between german penal law and hacker's activities. - excellent. * - c't,July 1988,Latente Bedrohung - Ueber die Verletzlichkeit der Informationsgesellschaft [ sleeping danger - about the vulnerability of information culture ] * This is an interview with Prof. Dr. Klaus Brunnstein, Univ. of * Hamburg, Inst. for applied computer science. He is specialising * in the field of computer crimes and the security of computer systems * Maybe a candidate for expert opinion? The publishing company is: "Verlag Heinz Heise GmbH" "Postfach 610407" "DW-3000 Hannover 61" Tel. ++49/511/54747-10 (PBX with direct) Fax ++49/511/54747-33 (call extensions) The editor is: "Christian Persson" extension -10 The vice editors are: "Andreas Burgwitz" extension -12 "Detlef Grell", MSEE extension -13 They are reachable on "CosmoNet": T. ++49/511/555398 300 Baud [ In fact, i think it is *their* BBS T. ++49/511/555392 300 Baud ask PAT or other netlanders for T. ++49/511/555686 1200 Baud more info. CosmoNet is well used in T. ++49/511/555630 1200 Baud Germany, maybe even Europe ] T. ++49/511/555302 2400 Baud Datex-P NUA: 45511090835 [ This is the german packet switching network. I have no idea of how to access it from overseas, but a friend of mine working in CA, USA should know it. If you need an european mail feed for this, i have access (in principle) to internet, bitnet, uucp and thus should be able to reach every german host. However, the transition from {internet,bitnet,uucp} to e.g. CosmoNet is newland for me. ] I'll stop here. I have all of the cited articles in my bookshelf. I have a FAX and a copier around. So if Len wants to have some, he should phone / FAX / mail me. Of course, translations are better to be done by somebody which is a native english speaker. I can help with nasty german sentences, no problem (with lightspeed communication? - never!). Anyway, i'll help what i can, sticking to the old prin- ciple: in dubio pro reo. -- /--------------------------------- Martin / Martin Huber | |----------------------------/ Univ. of Saarland | |email: mahu@ee.uni-sb.de Dept. of Electr. Eng. | |Tel: ++49/681/302-3574 D-66 Saarbruecken 11 | |FAX: ++49/681/302-2678 Germany | ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Dark Adept (Ripco-312-528-5020) Subject: Trade Secrets; When are they Bad? Date: Sat, 1 Dec 90 1:38:06 CST ******************************************************************** *** CuD #2.18: File 5 of 5: Trade Secrets: When are they Bad? *** ******************************************************************** Trade Secrets: When are they bad? by The Dark Adept A trade secret is a method or procedure or information used by a company to obtain profit. The law protects trade secrets through copyrighting and patenting and various other laws. The main reason a company protects this type of information is to stop competitors from producing the same product thereby taking away from its profits. The main reason the government protects the rights of the company to protect this information is to promote innovation and progress (at least according to the U.S. Constitution). But, there are times when copyrighting and patenting reduce profits and restrict progress and innovation. The User Interface ================== One of the most important aspects of a computer program is the user interface (the way in which the user is allowed to interact with the computer). Ideally, a program should be able to perform complex tasks and remain user-friendly. However, the user interface does not affect the way in which the program completes its task. Two different programs with the same user interface can perform the same task in two different ways. One might be better or faster at the task than the other. Conversely, two programs that perform different tasks may have the same user interface. The point is that the user interface is generic. It can be applied to many different programs without changing the value of the program. It merely enhances or detracts from the program. In the same way, the user interface of any product does not change the integral operation of the product. Take the automobile, for example. In all automobiles the user interface is the same. There is a wheel you turn for direction. There are pedals on the floor to control speed, etc. The quality of the automobiles are not judged for value by the user interface, but by how the automobile responds to input from the user. How fast it goes, how durable it is, etc., these are the qualities by how an automobile is selected for purchase, and not by the fact that it has a steering wheel. One may take this analogy further by comparing automatic transmissions against stick-shifts. Neither changes the performance of the car in a radical way. A purchaser selects automatic or manual as a matter of either aesthetic preference or familiarity. If the buyer prefers stick over automatic, but the car with the stick is way behind the automatic in terms of performance, he would generally choose the automatic since he is buying the car to perform a task. The way the car performs the task is more important than how he tells the car to perform the task as long as both are equally intelligible to the car. Can you see the point I am trying to make? A program can work either through a command line interface, a key-stroke interface, or a GUI (Graphic User Interface). None of these change the performance of the program to any great extent. They merely change the aesthetics and the ease of use. The interface should not be allowed to be protected under law. To do so would interfere with innovation and progress without conclusively affecting the profits of a company. If company A holds the rights to the best interface, but their program is worthless, then company B will still make more profit. If it is truly the best interface possible, then progress would be slowed since people would have to learn many different types of interfaces to go from one program to another. Clearly, it would be in the interest of all concerned to leave the interface open for public usage and only protect the code behind the interface. Algorithms ========== To protect an algorithm is to, in effect, copyright a mathematical equation. Since all algorithms reduce down to a mathematical model, that model would not be able to be implemented except by whoever holds the rights. This would greatly reduce the productivity of mathematicians. Imagine if someone patented Integral Calculus. Don't laugh. IC is an algorithm like any other. It is a solution to a problem. Or what if someone patented the internal combustion engine? Most of us would be walking. But like the engine, it is not the algorithm of the engine that is important, but how it is implemented. All engines work on the same basic principle, but they do so differently. This is why one engine works better than the other. This is why a buyer would choose one engine over another. Source Code =========== While source code should generally be protected, there are times when it may be more profitable to a company to release either the source code or important information pertaining to it. A prime example is IBM and Apple. Apple chose to keep their operating system under close wraps. IBM, in their usual wisdom, chose to let some of it fly. This caused the market to be flooded with "clone" PC's. Given a choice, most people bought PC's or PC-compatibles. This generated more third-party support and even higher sales. What is the best selling computer today? You got it. Who practically sets the standard for every computer that comes out today? Good guess. While some may say that IBM could have made more money if they had not released the information, I grant you that. But, IBM has something that Apple does not: insured existance. There is no way that IBM could be jettisoned from the marketplace. IBM has insured that they will exist long after Apple closes its doors. All they have to do is keep putting out downward compatible products and people will continue to buy PC's. The Hacker Ethic Vs. The Business Ethic ======================================= Hackers (including programmers) view computer programs different than businessmen do. Bits and pieces of programs are meant to be shared in order to further innovation and increase productivity. Programmers have always shared algorithms, traded libraries, and swapped subroutines. They do this so that they do not have to "reinvent the wheel" every time they write a program. If something is very basic and can be used over and over in many programs, then programmers share it with others. Businessmen, on the other hand, are not motivated by sharing but by making a dollar. There is nothing wrong with this at all. The problem is that sometimes making a dollar in the short run can be detrimental to the overall market in the long run. Being misers with algorithms will force everyone to spend a lot of time and MONEY to develop new products. If something is so basic and so useful, then it should be allowed the freedom to be developed to its fullest. Only then will the real bucks come rolling in. The solution to this paradox is that hackers have to learn that companies need money to keep going, and businessmen have to learn that computers cannot be treated like most products. A compromise needs to be reached so that both profits and innovation are protected without destroying each. Not everything should be given away, and not everything should be kept secret. Both should collaborate on deciding what to release and what to keep. Lately, it has been more of a business decision than a programmer's, and the imbalance is not good. Conclusion ========== There are more things to consider when protecting something in a computer program than next quarter's profits. In the long run, it may be more profitable to let the competition use some of your ideas. The more people who are able to easily access computers, the bigger the market, and the more profit. If only one company has a good interface and the price is high, the market will be small. Obviously, not everything should be allowed to be used freely, but the decision-making process should include more than looking at the bottom line. A fond farewell..... ==================== This is the last in my series of articles for CuD. I have tried to show another side of the Underground than the one that is commonplace. There is much more to the Underground than hacking and phreaking. It is composed of many intelligent people who can make a valuable contribution to the computer industry. They should not be thrown to the wayside as they have been. While I am not a spokesman for anyone down here, and I am certainly long-winded and less intelligent than many, I sincerely hope that these articles have made an impact on someone somewhere. I would also hope that I have inspired other members of the Underground to show that they are more than people who break into systems. This is your chance: start showing people what you really are, and then they will take you seriously. You can do a better job than I did; I know you can! Go out there and do it!!! I would especially like to thank CuD and Jim Thomas for allowing me to espouse my drivel in their fine digest. A finer and fairer publication could not be found anywhere. I would also like to thank Dr. Ripco since it was his BBS that first connected me to Underground when I was a mere pup of 15, 6 years ago. I have yet to see a BBS that compares in quality in all my years down here. As for my future plans, I will be taking a sabbatical from being active in the Underground for a while. I have many things to reflect over and much to plan for my life. I have a few projects that may or may not include programming, writing, and editing a tech journal that will contain articles from members of the Underground of a technical nature. This journal would be sent throughout the computer industry as a means of communication. I know these articles probably sucked, but I gave it my best shot. In the words of the Darkest Adept the world has ever known: Do what thou Wilt shall be the whole of the Law; Love is the Law, Love under Will. Thanks for the memories.... As always, I remain... The Dark Adept Email: Ripco BBS (312)-528-5020 ******************************************************************** ------------------------------ **END OF CuD #2.18** ********************************************************************