Archive

Thinking

It's the fifth--no, seventh--week of 2023 and I'm just now getting around to writing about my word for the year. Last year it was PRACTICE, in an attempt to spend my energy actually doing the things I already know help me that I never do. Like most years, 2022 went well until it didn't, and I finished the year feeling underwater.

My word for 2023 is MOVEMENT. The obvious sense of the word applies: I want to move my body more, do more yoga, blah blah, the usual New Years' stuff. It also encompasses a goal I have to go places more often, even if it's just on a walk to explore the neighborhood.

The word MOVEMENT also sums up my feeling that I need to keep things in motion more generally; given the speed I'm writing this newsletter, you can see why. I have a tendency to get stuck in decision loops, afraid to move on until I've gathered all the data or thought through every possibility, stranded on an empty page because I don't know what I'm writing yet. I avoid all movement because I can't tell which way is forward, which way yields progress instead of pitfalls.

Welcome to the doldrums of the year between Thanksgiving and The Holidays, where if you are anything like me your brain feels like molasses that you'd rather be turning into cookies. I am simultaneously shocked that it's almost 2023 and also that there is still over a week until Hanukkah starts.

Thinking

I'm guessing, since you're subscribed to my newsletter, that you already think it is worthwhile to learn about the history of cryptography. It is, as people have incessantly told me during grad school, "inherently interesting." Secret codes! Spies! Super cool technology! What's not to love?

See, the thing is, when an academic tells you something is inherently interesting they often mean it as a sideways insult: this thing is interesting a priori, without the theory and scholarly attention necessary to make something truly important. Not trivia, but not necessarily "scholarly." Yes, that is a direct quote. Unsurprisingly, I've found this attitude more common among those who also look down on writing for a broader audience.

Like half my twitter timeline, I've set up a mastodon account as insurance against a sudden collapse of the birdsite. You can find me at https://mastodon.social/@jillianefoley

Thinking

The term "Crypto Wars" gets used these days to describe the repeated attempts by the government to control various aspects of consumer encryption and the inevitable strong pushback by activists, researchers, and sometimes industry. Nerds (especially those who participated in one or more of them) will sometimes enumerate the Crypto Wars like old grizzled veterans talking about Normandy:

Thinking

Last week Kate Carpenter, the host of the excellent podcast Drafting the Past, posted on twitter about the problem of working backstory or context into a first chapter of a history book without losing readers. This sounded to me like the same problem that fiction writers face, especially in science fiction and fantasy where worldbuilding is key.

One concept that comes up a lot when you read SFF writing advice is infodumping: when a story veers off into a long exposition, usually explaining some piece of character backstory, world history, politics ... you get the idea. This is generally considered to be a bad thing, though there are some (published) writers who can get away with it, especially in epic fantasy.

The most common tip I've seen to avoid the dreaded infodumping is to only dole out context in bits as it is needed in the immediate scene. If you need to lay the background for a later part of the book, find a way to make that piece of information relevant to an earlier scene, so that it can tie in to the plot or character motivation. Another tip I've learned from listening to many hours of Print Run Podcast's critiques of (mostly fiction) first pages is that a particularly intriguing bit of plot or character-building can earn a bit of leeway with reader attention or missing backstory.

Thinking

Last week on the SIGCIS listserv, someone circulated a new-ish collection of oral histories out of Stanford's engineering school, which includes some big-name computer scientists. I was excited to see Martin Hellman and Vint Cerf on the list--two big players in modern cryptography and the internet, respectively. I've used a couple of oral histories from both of them for my dissertation so far, but more is always better, right?

I'm starting to realize that's not necessarily true, not for oral histories.

All of this comes from the perspective of having never conducted oral history interviews myself. I've thought about it, and so far have decided that it is both more work than I can do right now and methodologically complicated for my project. But I have made pretty heavy use of some oral histories conducted by, for example, the Charles Babbage Institute, especially its NSF-funded series on computer security history.

Thinking

We left off last week with the idea of connecting time-sharing networks. To make a very long story short: the Arpanet and subsequent development of today's internet protocols (TCP/IP) connected those networks together as part of a project of the US Advanced Research Projects Agency (hence: ARPAnet) to share computing resources.

The design of the original Arpanet protocols, and later TCP/IP, did not include encryption at any layer of the network and precluded the possibility of encrypting metadata. This is often attributed to the nature of the original Arpanet: connecting highly-restricted networks at prestigious universities and other research sites. The threat model simply did not include consideration for someone eavesdropping, and messaging was not the network's primary use.

Last week's newsletter talked about how early computer privacy concerns emphasized encryption data banks, not data as it traveled. Network engineers, from telephones to computers, didn't worry about encryption, and scholars followed suit. As historians Bradley Fidler and Quinn DuPont put it: "histories of computer networks tended to neglect cryptography, and histories of cryptography tended to neglect computer networks." Even Janet Abbate's groundbreaking history of the creation of Internet protocols, in which she took a science studies approach to see how military priorities and political negotiations shaped technical decisions, downplayed decisions about network security. This separation between modern network engineering and cryptography is particularly strange because both fields trace their origins to Claude Shannon's work during WWII, and wartime communications considered encryption, of course.

As promised, I'm writing a bit more about the history of internet (in)security. This week is part 1, covering the basics of early computer security and what that meant before interconnected networks. Part 2 will look at how design choices for Arpanet and later protocols shaped internet insecurity.

Thinking

Computer security started out as a locksmithing problem. Early commercial computers were very expensive and the organizations that built or leased or purchased them needed to protect that investment, so those computers were housed in specialized secure rooms. IBM engineer Walter Tuchman described security in the early days of mainframe computing as "locked desk drawers, locked doors on computer rooms, and loyal well-behaved employees, the latter probably being the weakest link." Computer security sometimes got caught up in college protests in the 1960s and 1970s, when the military-sponsored machines were the target of antiwar and anti-government protests.

Once universities debuted time-sharing networks, where small workstations were networked into a central mainframe, the question of access became more complicated. How could time-sharing computer administrators reproduce their physical access controls within a networked system? Time-sharing systems had one security advantage over our modern idea of networks: they were closed networks. Before the development of the inter-network protocols that underpin today's internet, a time-sharing network was an island, unconnected to similar networks at other universities or institutions. Each time-sharing network was centralized on one or more computers, and access to those centralized resources could only be done by way of one of the terminals that comprised the network.

Thinking

Last week, Twitter's former head of security, Pieter Zatko, aka Mudge, testified before the US House Judiciary Committee about his allegations of security vulnerabilities and shitty practices at the company. It's not his first time testifying before Congress -- he was part of a hacker group called l0pht that testified before the Senate in 1998 about security vulnerabilities of the internet. They claimed that any of them could take down the Internet within thirty minutes.

Mudge's testimony last week is part of a larger power struggle between the US government, Twitter (and to some extent, its fellow social media behemoths), and, annoyingly, Elon Musk. His allegations have bearing on an earlier FTC consent decree that required Twitter to ensure security for its users private information, as well as on the threatened deal for Elon Musk to buy Twitter. Those things have been taking up much of the airtime in mainstream news coverage of Mudge's allegations.

But the connection of these two testimonies, separated by over two decades, makes it clear that the fundamental problems of online security haven't changed. It's hard to keep data protected from malicious actors. It's hard to keep data protected from incompetent actors. It's all hard!

We just got back from a nine-day trip and I am tired. But one of the goals of this newsletter is forcing me to write even when I don't want to, so here we go.

Thinking

I keep having this problem, doing research on the early internet era, where I can list out a bunch of events but don't have a great sense of their relationship to each other or to broader context. Often, I don't even totally have the facts straight, because it's all on, you know, the internet, which is a hellscape archive in which to work. (At least I get to work from home?). Wikipedia sometimes fills in the gaps, as it's surprisingly good for scientific and technical detail. There are also good number of historically-minded engineers who like to write blog posts, often about things they lived through or contributed to directly. And for a handful of topics, there's great historical research to lean on, often through the IEEE Annals of the History of Computing.

But for a lot of things, it's pretty sparse. My pinned tweet complained about this nearly two years ago:

Thinking

I've been reading and rambling my way into the last part of my dissertation lately, while simultaneously trying to think through how I want to revise my book proposal before I go on submission.

The dissertation and my draft proposal are both pretty much chronological. The project was initially inspired as a hate-rewrite of a narrative popular book that got a lot of things wrong, so that's not surprising. I'm telling a story that's not new, and in fact a lot of my argument is about unearthing different explanations for why the story unfolded the way it did. Which means, of course, that I am still writing in the contours of that existing narrative valley.

The super simplified version of that popular story goes like this: Within the past fifty years, some very smart nerds discovered new cryptographic techniques and wanted to start putting encryption into computers, but the US government didn't like that. The nerds fought back against the overwhelming power of the government, through a series of battles culminating in the "Crypto Wars" of the mid-1990s. We can use encryption on the internet because those nerds beat the Clinton administration and defeated an insidious government proposal for accessing encrypted data known as the Clipper Chip. Freedom wins, and as a bonus now we have Bitcoin. Hooray!

Welcome to my experiment in keeping up with writing and thinking and getting better at both.

Thinking

The first draft of a project (or a chapter, etc) is always hardest for me. People say things like:

• “just write 500 words a day, and in five months you’ll have a book!”

• “write as you research, and you can put all the pieces together later!”