This Week in Hax

Thursday, July 2, 2009

free vs Free

This started as an email reply to my dad in response to this article.

I saw this via slashdot, so you probably read it. Obviously I agree with Galdwell that taking digital recording over the web without paying for them is not simply a "choice" it is theft.

I get the sense that Anderson is not necessarily advocating copyright infringement (which is different from stealing, especially for things like newspaper articles which are given away for zero dollars), but saying that when the incremental costs are essentially zero (which they are on the web and internet as a whole) the price will go to zero. I haven't read his book, but from what I've heard, he talks about ways that a business can survive when it is selling things for free.

As an aside, though I don't think it is terribly important to this discussion, I'd like to make clear the distinction between the two definitions of "free." There is an ambiguity in English (which isn't resent in German and some other languages, by the way), namely that free" means both "costing zero dollars" and "freedom." This is the hing that the Free Software people always make a big deal about, sincethey are fine with people charging for Free Software, as long as the recipients of the program have the freedom to modify, etc. the program.

In this case, there is a phrase, invented by Stewart Brand, which gets thrown around that says that "information wants to be free." It's certainly possible to disagree with this, but it is primarily in situations of censorship; where it is very difficult to keep information hidden once it has leaked out. The idea is that you have to exert a lot of pressure (= time, attention, and money) to prevent information from flowing between people, that the uninhibited exchange of information is the natural state of info.

If you believe that "information wants to be free," then you would have to spend an enormous amount of time and energy trying to keep it from being free, especially on the internet. This is what we've seen with the RIAA, where they are trying hard to give certain people access to information, while barring others, who haven't bought the song, or live in a country which hasn't agreed to certain licensing terms, for example.

A radically different way of looking at things, then would be to say that rather than try to put information in a little box and then give people access to only that box, take a step back and let information do what it does best: spread around. The "problem" with this is that you pretty much have to give up on trying to extract money from each transfer of info between two people, since doing so will vastly limit the usefulness and exposure of the information.

Or, to put it like a Mathematician, if you have a problem with people stealing things, simply define their action as not stealing.

Anderson argues, [the] magic of the word "free" creates instant demand among consumers, then Free (Anderson honors it with a capital) represents an enormous business opportunity

Arg, just what we need, another definition of "Free." Free Software people already have enough trouble getting their definition to gain traction as it is.

Anderson cautions that this philosophy of embracing the Free involves moving from a “scarcity” mind-set to an “abundance” mind-set.

I like this idea, since it is the only one that makes sense in the digital world. There isn't (for all practical purposes) any cost involved in making a copy of a set of bits, so the notion that there can be any sort of sacristy of any digital item is false. Companies have tried to artificially create scarcity where there is none through things like DRM or activation keys or licensing, but it goes against the natural properties of the medium, that there is no scarcity.

For a detailed, well-researched account of this phenomenon, look at this page talking about the complex issues involved in scarcity in Sony's "Home" service. A choice quote:

There are things about Home that are simply beyond my understanding. Chief among these bizarre maneuvers is the idea that, when manufacturing their flimsy dystopia, they actually ported the pernicious notion of scarcity from our world into their digital one. This is like having the ability to shape being from non-being at the subatomic level, and the first thing you decide to make is AIDS.

He gives the example that "if you approach an arcade machine and there is a person standing in front of it, you will not be able to play it." It is foolish to invent scarcity in a system which is free of it.

The problem is that our entire economy presumes the existence of scarcity, so we don't have a good way to deal with abundance, since we have never really encountered it before. The rules of economics will have to be rethought, or at least, some of the aspects reconsidered, in an environment which lacks something as fundamental to economics as scarcity.

More importantly, Gladwell makes an interesting argument that just because some costs of production have gone down, that does not mean the overall price of a product must go down. Instead, he cites examples where people
have absorbed these cost reductions, but turned their efforts towards ever more elaborate, and expensive, applications.

The YouTube example is an interesting one, since both authors use it. My take on it is that it isn't intended to make money now; Google knew that it was a money loser going it. I think that the idea for Google was that online video was a growing and important market, and they wanted to control the largest provider so that they would have a foot in the door once it matured. This may sound like a cop-out, but plenty of "traditional" companies have loss leaders, it's just that in this case, YouTube is not so much a loss leader for another Google project, but for the future, when it will be profitable (or that is Google's hope). If they didn't think it was worth it, they would drop it like it's hot.

In this case, I don't think YouTube is that good of an example for Anderson, since it doesn't show how a business can survive off of giving stuff away for free, it shows how a business is willing to take even very large losses in order to enter a market. The best I could see is that it is a good example of how people will react to free publishing and viewing of videos. So rather than looking at whether or not YouTube is profitable, look at whether or not people using YouTube as a platform can be profitable.

Genetic engineering means that drug development is poised to follow the same learning curve of the digital world, to "accelerate in performance while it drops in price."

I can see where he's coming from, but until the cost of physically producing the drugs is "too cheap to meter," I think pharmaceutical products will still cost money. What I could see happening is if a "pill printer" is invented, which would allow anyone with the blueprints for a drug to make physical pills, then the price of drugs would quickly approach zero. I get the sense that creating such a device is unlikely, or at least, unlikely enough that it won't be cost-comparable to paper printers. But assuming that did happen, then drugs would "only" be information, and a downward pressure on prices would arise the same way it has for music.

Genzyme isn’t a mining company: its real assets are intellectual property—information, not stuff. But, in this case, information does not want to be free. It wants to be really, really expensive.

Assuming that information wants to be anthropomorphized, I would say that the information wants to be free, but the drug company wants exactly the opposite. That is to say that if the "source code" of the drug ever got leaked, it would be very difficult to keep it from spreading around, the "wants to be free" part of the quote.

Overall, I think that Anderson has some interesting ideas, but may go a bit too far with them, since "Free: Sometimes a Good Price for Certain Things" wouldn't be as interesting. It could be that Gladwell overstates Anderson's commitment to the idea in order to set up a straw man, or Anderson overstates the point to try to push people's expectations; I'd have to read the book to know for sure.

I think that there is a lot to be said for free information, and that Free (as in Freedom) sharing without restrictions on use and reuse are best for the information, but not always best for the creator of the information. This is extremely dependent on the field and particular scenario, which is why it is so tricky.

The Open Source Software movement argues that Open Source development is a superior way to develop software, since the benefits to the code of low barriers to entry outweighs the harm to the developers of having a harder time of making money off of the code. This equation changes even within software development, as Open Source Software has had a hard time gaining traction in game development and video editing software. In those cases, the advantage to the coder of being paid for professional development outweighs the cost to the code base of having a limited number of contributors.

I would take an even broader look and find that as the cost of information technology has dropped, the returns to those who deal in information and intellectual property have increased, greatly.

And this leaves room for entities (not necessarily even "companies") which have vastly lower costs, by employing people part-time or on a case-by-case basis to eat their lunch. One interesting business model which hasn't been explored much (except by Amazon's Mechanical Turk) is the idea of "micro employment" (my term), in which people are paid per task, and the tasks last on the order of hours to days. Rather than hiring a journalist to a full-time position, you ask for stories, and pay people per story. Then, rather than paying for a copy of the story the person wrote, you would pay them to produce a story, which could then be read by anyone without restriction. There are certainly advantages and disadvantages to this idea, so I'm not saying that this exact thing will be the future of all employment, but it could be an interesting way to go.

The problem for the recording industry so far, and coming for the newspaper industry, is that they sold a completely homogeneous product. My copy of a CD is identical to any other, whether I pay for it like a law abiding citizen, or steal it. Once it is produced it becomes generic information, both easy to reproduce and steal today, and equally valuable to anyone.

So, maybe rather than trying to sue people into supporting an old business model, you can embrace that fact and charge money before the information is produced, and then give out unlimited, unrestricted copies once it has been produced? For musicians, this is pretty easy, since a lot of musicians make most of their money from touring and merchandise anyway, abandon the notion that recorded music is a business and treat it like advertising for live shows. For a lot of artists signed to major labels, this is the only hope they have of digging themselves out of the hole that the recording company puts them in. But that is a whole other rant.

But what about intellectual property whose value is highly individualized?

I think this could be a major way forward. I would charge an individual to produce information (I don't like the term "intellectual property," because falsely equates physical property with information). In this case, the information I gave them would come without restrictions, except for proper attribution, which I consider even more important in an "abundance" economy than a "scarcity" one. If they shared the information around, it would actually be better for me, since it would be free advertising for other people to buy my service as well.

Legal or medical advice? Architectural strucutral plans for the building you want someone to put up for you? Not just "a database program" which you can steal, but an actual database that works, well, for your company?

Again, it is not "stealing" if the company intentionally gives away copies for Free (without any restrictions). Is it possible to "steal" Linux? Only if you take aspects of it and release them as closed source software, but it is impossible, by definition, to "steal" copies of Linux, so the term doesn't even apply.

This is what companies like Oracle do a lot of. It is the "infrastructure" model of Open Source software, in which you give away the infrastructure and charge for the customization.

A similar scenario would be giving away the plans for a theoretical bridge between two perfectly even concrete blocks over a big, perfectly flat, concrete base, but charge for building a custom-designed bridge in a particular place. I imagine that the basic ideas behind a bridge are given away freely in the form of textbooks, and that the real thing you are paying an engineer for is figuring out how to adapt those generic plans to suit a particular location (where rocks need to be blasted, roads re-routed, etc.). It would be to everyone's benefit to have some people who did nothing but think about how to make better generic bridges, and then gave that info away for free, so that the actual bridges could be made better. Concretely, the plans for "a suspension bridge" should be free, but you could charge for the plans for "the Golden Gate bridge."

The returns to people who do a good job at these things are high. They are higher now, relative to average compensation across the economy, than they were 10, 20, or 30 years ago, when many of the tools they routinely use today did not exist.

This makes me think of the fairly abstract, philosophical issue of whether people "deserve" to be paid. Surely, I shouldn't be forced to pay someone who has dedicated their life to learning to hula hoop really well. If they want to charge money for a performance, that is fine, but they can't force me to go. Likewise, it would be unreasonable for them to expect the government to force people to pay them for making a plastic ring and wiggling it around their hips. If there were a large hula hoop industry that was seeing its revenues decline, they would probably whine about how they needed the government to set up laws to protect them.

Likewise, there is nothing that says that there have to be professional musicians, actors, or producers. We have those professions now, but if the technology changes to make their jobs useless, why should everyone else pay to keep them around? It doesn't need to cost anything aside from the bandwidth used to distribute music, so why do we need a company whose purpose is to distribute music? Similarly, it costs almost nothing to send bits of text around, so why do we need newspaper companies with a fleet of distributors?

People will lose their jobs. Maybe even more than will gain new jobs from new business models. But should we have resisted the development of cars to save the buggy whip manufacturers?

So a newspaper might have little future reporting on the small amount of real news, and large amount of nonsense, currently in a paper. But they might have a great future generating customized content to, for example, an oil company that wants to be up to date on economic, political, and weather issues that impact its industry. That company might have exactly zero interest in giving away the custom content it paid for because 1. it paid for it and 2. the only other customers are its competitors.

Or, the company would merely only want that information to exist, for its own purposes, but not care about other people getting it. Aside from the issue of competitors knowing, if I want to know stuff about the oil industry, why would I care if other people knew that stuff as well? I can see a system in which people care more about information existing than being able to prevent other people from having it. I pay money to learn to dance, but I don't expect that the teacher will prevent other people from learning what I did. Also, the teacher does not try to prevent me from teaching other people what I learned, because it serves as advertising of his teaching skill.

The Kindle sounds like a rip off to me- [I] have a computer, what do I need with another device that costs more than a mid range laptop? But I don't blame people for telling them to take a hike. Without readers authors are out of work. But without content there is no reason to buy a Kindle.

Well, the point of the Kindle (for consumers) is that it is much more pleasant to look at than a computer screen for long reads. The "E-Ink" display technology doesn't require any active light or power to hold an image, so it looks a lot more like paper than a computer screen. It is also light and portable if you are comparing it to a book. I don't read enough books to make it worthwhile for me, but think about how much cleaner your room would be if all of your books were consolidated in a single device. If you get the chance, take a look at one in a store sometime, they really do look like paper.

I do have some problems with it, like the DRM that Amazon has for downloaded books, but that is more of an aspect of their service, and not of the device itself. The newly released model, the Kindle DX, can read arbitrary PDFs.

It seems like the example of the Kindle at the beginning was more about who got what cut of the money than any philosophical debate about freedom and sharing. I bet that if you flipped the equation around, so the publisher got 70% and Amazon got 30%, there wouldn't be a complaint.

As for this part:

The people at Amazon valued the newspaper's contribution so little, in fact, that they felt they ought then to be able to license it to anyone else they wanted.

I would have to look at the specifics to get a clearer picture, but it strikes me that the newspaper shouldn't care whether someone is buying an article on a Kindle, on a computer, or on an iPhone 58G QMBZ, as long as the consumer is paying the correct amount. The author shouldn't have the right to dictate on what devices their content can be purchased or viewed; they should only be able to charge for a copy. It would be like saying, "you may only read this book while in a brick house." Why should they even know what device I am using to view or purchase the content?

Again, I think this is a question of pure revenues; the publisher didn't really care that much about the third part licensing, except for the fact that Amazon might license the creator's content for less than the creator would have. If the "third parties" agreed to a price set by the content creator, then you probably wouldn't hear anything about it.

Again, I'd have to look more at this deal to learn the specifics, but I really don't like the amount of control authors have to deny access to certain devices or systems. It means that any new device coming to the market has to spend a huge amount of time and energy setting up licensing deals in order to be granted the "privilege" of purchasing and playing content. This greatly limits the amount of innovation that can happen around content-centric devices. A more open model, in which all content is DRM-free and a standard way of purchasing content exists and does not know or care about the particular device being used would be much better.

From someone whose entire livelihood depends on customized intellectual property.

I think that you are likely to be pretty well off, since, privacy issues aside, you only stand to benefit from your diagnoses being freely redistributable. A diagnosis of one person's X-Ray is pretty useless to someone else, except for someone trying to learn, and in that case, it would be good for society if the means of learning were as cheap and easy as possible.

In conclusion

It seems like there is a big split between the "old and not-really-applicable-to-the-internet" model of "information is a just like a widget, and you pay for each individual item" and the "new-but-incomplete" model of "information has no restrictions on its distribution." The new system is very incomplete and has a lot of problems, the biggest of which being "how do you pay for it?" Some people are starting to figure this out for certain areas, and I'm certain that more will follow. It is important to be open to the possibility that companies and even jobs will look dramatically different once this new model has fully set in. There might be less "9 to 5 in a cubicle" and more freelance-type work where people are paid for jobs lasting moths, weeks, days, hours, or minutes. It's exciting to think about what is ahead and to envision how these new technologies can change the way the world works.

Friday, June 26, 2009

Fully Homomorphic encryption

This was originally a response to an email from my dad, but I've turned it into a blog post. The original story is on Slashdot and the abstract for the paper is also available.

This is great. We can then store all our data on NSA computers, access it anywhere, and not care that they can read the unencrypted data. In fact, I am sure they have high quality back up.

I think you are being sarcastic, but the idea behind the system is that if it works correctly (which is something that the NSA might have figured out a way around), you would never actually send the NSA your unencrypted data.

Interesting that IBM would push this as a feature of cloud computing.

Well, the big idea is that this lets you overcome one of the classical big problems with cloud computing, namely the hesitation associated with giving anyone (even a "super-duper-trustworthy person") all of your private data. This way, you get the advantage of letting someone else deal with your IT costs (where they can apply more specialized expertise and take advantage of economies of scale) without having to give up confidentiality of your data.

IBM could build a bunch of big datacenters, and then have people pay to host their applications and data in the cloud, secure in the knowledge that their data is safer than with a traditional cloud.

After all, this could be valuable without ever resorting to a cloud.

Absolutely. Assuming this holds up to scrutiny (which is certainly not a guarantee), this could be one of the biggest advances in cryptography in decades, perhaps even since the invention of public-key cryptography (which enabled https, among many others). It would allow computers to process information they know nothing about, including down to the level of the processor. That is, the processor itself can't decrypt the data on which it is operating.

Suppose your accountant was working on the company's books. The laptop could have encrypted data, and the accountant could do all their work without ever having an unencrypted copy on the computer.

Exactly. Or think of a database admin who has to ensure that the database stays running efficiently, but shouldn't be allowed to see the people's encrypted data.

Even the output file could be encrypted (I assume).

Yes, that is the whole point. The client takes some encrypted data and a program and produces an encrypted version of that data and a modified program which, when run on the encrypted data, will produce the same result as running the original program on the unencrypted data and then encrypting it.

So I fill out my tax form, send it to some company, they do a computation, and give me an encrypted tax return, but they never get to see any of my private data. The result only gets decrypted on my computer.

If someone stole the laptop they would have useless files.

Exactly, and that could be a big boon as well. Not only do you not have to worry about lost laptops revealing information, but that info never needs to make it to those companies in the first place.

But IBM has to find a way to say this is marketable. Right now the advantage of the cloud to a commercial entity has to be its capacities: High volume storage, data integrity, security, or analysis expertise. By offering to do at least some things without ever seeing the data the big company gives you a reason to let them have your data. Or, I suppose, one could say "they have your files, but they do NOT have your data"

Exactly. They will say, "running a massive supercomputer is HARD! Let us do that for you and sell you some time and space on the server." It is like the old time-sharing days.

I think that if the following three things happen, this could be earthshattering:

The system turns out to be secure.

The overhead (both time and space) of the system isn't vastly higher than the unencrypted version; say, less than an order of magnitude slower.

IBM resists the temptation to patent the idea.

1) is important for obvious reasons; if the system isn't secure, it is just a fancy waste of time. If doing the fully homomorphic encryption is much, much slower then this won't see much use outside of specialized applications. 3) is important because putting a patent on the system which prevented or impeded the development of alternative implementations and usages would prevent it from becoming a universal standard, able to replace legacy systems. The temptation to patent and hold onto it will be high, as it could be a large competitive advantage, but it could end up being much more useful to the world in general if it became ubiquitous.

Sunday, June 21, 2009

Weekly Update 4: Completion of Version Control Integration

Whew! This has been a busy week! I did not get the rules integration completed as I had hoped, as the Git hooks ended up taking a lot longer than expected (and are still not yet done). The problem is that access checking under Git is MUCH more difficult than under SVN for a few reasons:

SVN calls the pre-commit hook once for each commit (duh), but Git only calls the update hook once per push (per brach or tag).
Figuring out which commits to check is non-trivial, and can involve a number of different conditions.
The author of a SVN commit is the same as the authenticated username of the person uploading the commit, so access checking is easy. In Git, the author, committer, and pusher can be totally different people, and Git (correctly) does not store any information about the pusher.
Passing the appropriate authorization information to the hooks is non-trivial.

Definitions/Clarifications

There are a couple of complex ideas in there, so I'll take a moment to define what I'm talking about.

Once per push

With DVCSs, commits happen on the user's local computer, so Drupal (obviously) cannot check commits until they are pushed to the server repository. What this means is that Drupal sees a whole bunch of commits at a time.

Author, Committer, Pusher

This is a distinction that does not exist within centralized VCSs, as there is only one way for a commit to enter the repository. In Git, and I believe the other DVCSs as well, there is a difference between the author of a commit, the committer, and the person who is pushing to a repository. For the purposes of demonstration, I will call the author Alice, the committer Carol, and the pusher Pat.

Author: The person who originally wrote the commit. This gets set when you run "git commit", and does not change as a commit floats around between repositories.
Committer: The person who added the commit to the repository. By default, is the same as the author. It will be different if, for example, Alice emails her patch to Carol who commits it to her repository. In Carol's repository, Alice will be the author and Carol will be the committer. If Carol emails the patch to Charlie and he commits it, then Charlie would be the new committer.
Pusher: The person who pushes a commit to a remote repository. It is this person who needs to be authorized in order for a push to succeed. It doesn't much matter who a commit was written by, as long as the person adding it to the mainline repository is allowed to do so.

In the original examples, Alice writes a commit, mails it as a patch to Carol, who then asks Pat to upload it to drupal.org. Pat has an account on drupal.org, but neither Alice nor Carol do. Pat pushes the patch to the main repository on drupal.org, and the push succeeds because Pat is allowed to push.

With the current workflow on drupal.org, Alice would post a patch as an attachment on a bug, Carol would mark the patch "reviewed and tested by the community," and Pat would commit the patch to CVS.

Authenticated username

Since no mention of Pat is included in the commit he is pushing, some method external to Git is needed to determine whether a push should be allowed.

Solutions

So far, I have only implemented solutions to 1 and 2, though the way to progress forward on 3 and 4 is now much more clear (after this week's IRC discussion).

Which commits to check

Figuring out which commits to check can be tricky, since an updated ref could be a fast-forward (nothing but a linear set of commits between the old and new location of the ref), a non-fast-forward push (such as a rebase), or the creation of a branch (so the "old commit" is 0000000000...). Additionally, if a ref is changed, but does not introduce any commits, then no commits need to be checked. This will occur if, for example there are three branches, "master", "next", and "test", where "test" and "next" point to the same commit. If "test" is changed to point at "master", then no commits are actually added to the repository, so the only check should be whether the user is authorized to modify branches. This adds complexity which is not present in the SVN backend.

I have a draft implementation of this logic, but it needs to be tested. I am working on the tests, which will include a set of sample repositories and push different sets of commits to ensure that the correct set of commits is tested.

Authentication and Authorization

The solution I came up with on IRC was to mimic the behavior of programs like InDefero and gitosis by using ssh forced commands to associate usernames with ssh keys. Here is the steps the control flow will take:

user runs git push
User connects to server via ssh. All users connect through the common user git.
ssh server looks up user's key in .ssh/authorized_keys and sees that there is a command= property on that user's key
The value of command= is run, which would be something like git-serve.php .
git-serve.php checks whether there is a drupal user with (or who has a vcs account username) and if so, sets an env variable GIT_DRUPAL_USER_NAME.
git-serve.php grabs the value of the env var (which was set by ssh) SSH_ORIGINAL_COMMAND, which will be git receive-pack and runs that (if step 5 passed).
git receive-pack runs the update hook once for each branch or tag being updated. It gets the user name from GIT_DRUPAL_USER_NAME.
The update hook builds $operation, $operation_items for each commit being added (using the steps described earlier) and sets the author of $operation to GIT_DRUPAL_USER_NAME.
If any of has_write_access($operation, $operation_items) fails, then that ref update is refused.

It is complicated, but it should be doable, and won't actually be all that much code (since ssh handles a lot of it).

Friday, June 19, 2009

Researchers conclude piracy not stifling content creation

An interesting look by Ars Technica at the effect (or lack thereof) of piracy on music creation.

I have long said that the purpose of copyright law should (and was, you know, like in the Constitution) be about "promoting the progress of science and the useful arts" and only incidentally about supporting artists and their families.

I don't care about the livelihood of artists. I really don't, and neither should you. I mean, people not starving to death is always cool, but it doesn't really affect me if some random musician gets paid or not. What I do care about is that new music that I like gets produced. If new music that I like is being produced, as long as it is not created by child slavery or prostitution or something, I really couldn't care less whether the artists are granted monopolies on their creations or the music is created on communes where everyone is forced to use the communal toilet to fertilize the glorious communist fields.

Congress only has the power to "promote the progress of science and the useful arts," and if the current copyright system fails to do this, as this and other articles argue, then that system is unconstitutional.

CNNfail and expectations of news networks

This started as a reply to my dad about this article, but got long enough that I decided to make it a blog post.

Interesting read, but I would frame it differently. I gave up on CNN a long time ago.

I don't think I ever gave them a serious chance, and having watched the Daily Show for more than a few episodes, I feel entirely justified in this conclusion.

It seemed that they had concluded, as a business decision, that there was not viewership for news.

Or at least, that it was more cost-effective to report on Paris Hilton than to report news.

Sure, sending reporters around the world is expensive, but it really is not necessary. You gain something from boots on the ground, but what you really need is the determination to discuss the news.

The interesting thing to me is just how much you can actually report without boots on the ground at all. As I have said to Evie a number of times when discussing the future of news, "international news is just local news in a different place." One thing that we are clearly seeing is that it is very possible for the "new media" to have detailed, up-to-date, and accurate accounts of events happening on the other side of the world.

The "old media" system relies on a small number of people dedicating all of their time on all of the news, but the new media allows a large group of people each to focus on one event or category and thoroughly report on just that one topic. For example, the guy who put together the Tatsuma site probably does not also cover the tax breaks for green roofs in New York. If he were a TV channel, that would be a problem, since you couldn't rely on him for your sole source of news. In a new media setting, you only go to him for info about the Iran elections, and go to someone who devotes their whole day/month/life to green roofs in New York. Everything is important to someone, and if it isn't, it likely isn't newsworthy.

My counter example" my beloved CNBC. Now it is only business and financial news. However, they really do B and F news. In depth, in detail, intelligently. No Paris Hilton, no jokes, no pointless chatter among the hosts.

Given the trends among other TV "News" networks, this is surprising and encouraging.

It looks like it should be very cheap to produce. They have several people in the studio, and they report the news. Much of the time is devoted to interviewing people who know what they are talking about (senior executives at corporations and securities analysts), and giving them time to answer thoughtful questions. I have seen them spend 20 minutes discussing interest rate policies and its effects on financial companies with the head of a major insurer.

I'm not that into the details of B&F news, but I really wish that this type of news network existed for other areas as well, and I'm finding that more and more of this kind of thing is done on blogs and social media.

If CNN were to have someone like that on at all, they would ask some idiotically simplistic question, then cut them off after the first 15 seconds of the answer.

And then have the host blather on about some generic topic that only tangentially related to the topic and finish off with a half-hour of soundbites.

CNN could do this. But they have decided that Brittny Speers's haircut is more newsworthy.

I think the problem, and the most profound part of the article, is that there exists this implicit idea with people who complain about this kind of thing that there is some sort of "social contract" between the "news" networks and the people that the news companies will report on what is relevant and important. The reality is that these companies are businesses, and so will do whatever they can to maximize profits. I think that the problem arises when the networks advertise themselves as the former but deliver the latter. People don't get outraged when E! reports on Britteny Spears' haircut because they make no claim to be anything but a gossip column about celebrities.

The technological and social frameworks for a complete replacement of these old media businesses are not quite yet in place, but they are close, and when they are, the entertainment companies posing as news are going to be in trouble.

Wednesday, June 10, 2009

Weekly Update 2: Completion of Version Control Integration

A little late this week, as I was moving into my summer apartment.

The biggest (and really only) news is that I finished the Subversion hooks, and (slightly) improved the backend in general. It is now possible to deny commit access to users based on whether or not they have a Drupal account with that particular Subversion repository. Branches and tags, however, are not supported, as the Subversion backend does not support them. There is the framework for doing so, as the repository creation/edit form accepts path patterns for trunk, branches and tags, so adding support should not be too difficult.
The post-commit hooks allows Drupal to gather log information as each commit is made, rather than on a cron run. There isn't much else to it, but it can provide for a bit more immediacy of actions, and in the future, could be an event for the Rules module (something I will work on later in the summer).
Both of the hooks come with a set of SimpleTests for ensuring their correct functioning. The tests take a little while to run, as creating, checking out, and committing to a subversion repository take a while (and don't play that nice with the OS-level filecache, since new objects are being created each time), but are helpful for verifying that everything is in working order. They test both positive and negative cases, making sure the hooks fail gracefully when passed invalid information. They currently all pass (as one should hope !), and are able to catch a decently wide range of errors in the operation of the hooks.
A minor aside, but it bears mentioning, since I spent several hours testing it, but I discovered that Subversion allows any UTF-8 character for any string (comments, user names, and files). However, certain tools restrict especially the username to a subset of those characters, depending on the configuration options for that program. For example, the svnserve 'passwd' file format uses brackets and equals signs as part of its syntax, so those characters are prohibited in entries in that file, thus preventing Subversion users from having those names. However, if authentication is done in a different way, such as with ssh keys, this restriction no longer applies.

Well, that's all for now, stay tuned next week as I complete the Git repository hooks.

Tuesday, June 2, 2009

Weekly Update 1: Completion of Version Control Integration

This week was not a terribly busy one, with most of my time spent getting acquainted with the APIs of Drupal, the versioncontrol module, and Subversion. I was able to complete the pre-commit hook for Subversion, as well as the basic configuration for the other Subversion hooks.

I also identified a number of areas in which the SVN backend needs more work, such as recognizing branches and tags. The framework is in place, as the repository creation form includes fields for the branch and tag patterns, but currently no code makes use of those fields. Subversion is a tricky case, as it has no native concept of branches or tags, so the branch of a commit depends on the path of the files it modifies in the repository.

With the prep work out of the way, I hope to push forward to complete the Subversion hooks and begin on the next step of the project, the hooks for Git.