HUMAN-NETS Digest V8 #23
human...@ucbvax.arpa
HUMAN-NETS Digest Sunday, 21 Jul 1985 Volume 8 : Issue 23
Today's Topics:
Query - References on Graphic User Interfaces,
Computers and the Law - The case of the Plainfield "hackers",
Computers and People - "Finger" responses &
Computer Mediated Communication,
Announcement - AI in Education mailing list
----------------------------------------------------------------------
Date: Wed 17 Jul 85 13:47:57-PDT
From: Mark Richer <RIC...@SUMEX-AIM.ARPA>
Subject: QUERRY references on graphic user interfaces
To: ai...@SUMEX-AIM.ARPA, ail...@SRI-KL.ARPA,
To: cc: info-g...@AIDS-UNIX.ARPA, wo...@RUTGERS.ARPA
I am trying to collect references on the design, implementation and
evaluation of user interfaces, particularly interfaces that employ
interactive graphics (basically any bit-map display graphics),
multiple windows, non-keyboard input devices (e.g., mouse), etc.
Basically what are the key articles that have formed the core of
conventional wisdom on workstation design and user-interfaces.
Even more specifically, I want to get references on user-interface
design in knowledge-based systems, especially browsers. Besides
STEAMER and work I know of from Stanford (Mitch Model and ONCOCIN more
recently), I have come across very little in the AI literature on
graphic interfaces. Perhaps, I have missed some key articles, even in
IEEE Computer or something.
If I get a good response I can make a bibliography available one way
or another on the net.
I really would like complete references to specific articles rather
than check out Englebart or Card&Moran. Though general pointers are
also welcome.
Thanks in advance to anyone that can contribute.
mark
------------------------------
Date: 18 Jul 85 15:36:49 EDT
From: *Hobbit* <AWa...@RUTGERS.ARPA>
Subject: More press
To: "Inquiring minds who want to know": ;
[ Ed. Note: This message is in reference to the recent arresting of
several Plainfield, NJ teenagers on charges of breaking into various
computers - including a tank manufacturer, and appropriating AT&T
credit card numbers, etc.]
Well, since we all now know what's going on via the papers and vidiot
box, here's the basic story from my end.
A friend of one of the kids whose bboard was confiscated has a legit
account on one of our machines. He called me up Monday night, rather
frantic, and told me what was going on, that his friend's bboard had
been nabbed and that there was going to be a press conference at the
Middlesex County Prosecutor's office the next morning. I decided,
after also being prodded by Geoff, that it would be a zippy thing to
attend it, being as what I had never been to a press conference before
and the subject matter was more or less up my alley. After finding
out that the conference had been moved to the South Plainfield PD, I
got a call from the above kid whose bboard had been confiscated. He
was on his way down to the area [he lives somewhere around Morristown]
for the conference with some friends, and didn't know how to find it.
I told him to come meet me at Rutgers so we could confer, get lunch,
and figure out what to do next.
Therefore, a while later, the five of us rolled into the South
Plainfield Police Department, where we met the investigating officer
[Grennier] in the parking lot. He talked civilly to us and didn't
seem all that surprised that we were down to attend the press
conference. And when I called the PD, no one had mentioned any
restrictions on attendance. But a while later, the Dick Tracy
rough-guy types started arriving, and Grennier's whole outlook took an
abrupt 180. He told us that we were not invited to the press
conference, and that our attending ''since we were knowledgeable about
computers, it would be an obstruction of justice'' or something to
that effect. This was coupled with a threat to arrest us for this
supposed obstruction if we continued to hang around. Then one of the
Dick Tracies told us this in much more abrupt terms and told us to
beat it the hell outa there. It is likely that Grennier got barfed
heavily on by these fellows for even *talking* to us. The tough guys
followed us out to the car, and started doing ''Hey, you got a
*PROBLEM*? MOVE IT!!! YOU AIN'T MOVIN' FAST ENOUGH!!!'' -- slamming my
car door on me, the whole tough cop bit. And of course *all* of them
had their sidearms on prominent display, as though there were a threat
to their lives and manhood within five miles of the place.
It was clear that they were *deathly* *afraid* of our presence at the
press conference, and that they wanted us out of there before the
press showed up so we couldn't talk to them. There is a new New
Jersey law, that was passed last March sometime, that deals with
disseminating information or accessing someone else's computer or ...
Does anyone have the *text* of this law? -- But the point is, it's
brandy-new and hasn't been tested in the courts yet. The police in
this case are using a bunch of helpless kids to set an incorrect
precedent, feeding the media exactly what they want the media to hear,
making the kids look like part of a massive Communist plot or
something, and generally fabricating a massive publicity stunt out of
the whole thing. It really stinks, and although we realized this on
the way back to Rutgers, there wasn't much we could do that day. We
felt that we had been abused by these guys, and that the way they had
treated us was highly illegal, but I wasn't sure enough of this to
stand up for my rights in the SPPD parking lot.
So life went on for a couple of days, and then this afternoon, a
reporter from the Star-Ledger calls me up. It seems that they are
really doing some investigation into this, and trying to ascertain
what *real* hackers are and what they really do. So I gave them about
half an hour's worth of earful, and voiced the opinions of many of us
about the *wide* difference between Hackers and Crackers. [Results of
this [she talked to a number of people] will be in the Sunday
Star-Ledger, for you local types.] It looks like things may actually
turn for the better if the ACLU and the press gets their act together
and leans on these stuffy law-enforcement types to be a little more
fair. **Also**, she informed me that the cops had no right to turn us
out of a press conference, regardless of our age or general
scruffiness level, and that really pisses me off. Apparently a
*press* conference is open to anyone who wishes to attend, as far as
she knows. Does anyone have the real poop on this?
Anyway, this is basically what has gone down with the case so far. I
do not mean to excuse the kids who stole goods with the swiped credit
card numbers. However, this case should serve as an example to
*merchants* and *businesses* to tighten up their security a little
bit, by *not* using dumb passwords, and perhaps shredding those little
carbon-copy frobs from the credit card forms. But as far as moving
satellites and frobbing defense machines goes, this is unadulterated
horseshit, and there's nothing wrong with disseminating info found in
*published* DoD documents and such. And last I heard, garbage picking
[what they call ''trashing''] isn't illegal either. After all, *they*
threw it out, so *they* have no call to say that anyone else wasn't
supposed to have it. People who throw out sensitive material should
render it unreadable first. The kids took lots of precautions to
*not* allow things like AT&T calling card numbers on to their bboards.
Although I have not seen the contents of any of these bboards, I do
believe that things are being badly distorted, and it's not the fault
of the *press* this time. They are just being fed one side of the
story. The crimes actually committed in this case appear to have *no*
relation with computers -- the credit card numbers were found on the
carbons in the trash, and as far as I can tell, were not disseminated
via the bboards.
_H*
------------------------------
Date: Fri 12 Jul 85 17:20:35-EDT
From: Thomas....@CMU-CS-C.ARPA
Subject: "Finger" responses
To: m...@CMU-CS-C.ARPA, spr...@CMU-CS-C.ARPA
Here is a summary of the responses to my earlier query about "finger"
policy at other sites (not including the two fine responses which have
already appeared here). These responses highlight two concerns. First,
it appears that as the population of connected users grows the old
rules (eg the Kansas Turnpike Law: use computers in a reasonable and
prudent fashion) are not adequate. This is demonstrated by at least a
couple of the responses that indicate that users with obvious female
names are vulnerable to computer harassment. However, there does
appear to be a genuine audience for features which offer some sort of
dynamic information about other users. Therefore, a second concern is
establishing limits for disclosure of this kind of information. At a
minimum, most people seem to be against involuntary release of phone
numbers and addresses. Beyond this, though, there is not much
consensus.
People who like open "finger" policies generally cite two reasons.
First, many of them enjoy the convenience of "finger" (ie to locate
friends or advisors). Second, they argue that most "finger"
information is essentially public knowledge, much as a phone book
listing. Also, some people mentioned that "finger" is indeed a form of
diversion.:
"Personally, I find 'finger' invaluable. Locally, I use it to figure
out if someone (e.g. my boss, who is on the third floor while I'm in
the basement) is logged in at the present time, and how long they've
been idle at their terminal. Using this information, I decide whether
or not to bother walking down to their office. On a network basis, I
usually use 'finger' to see when the last time someone logged in (or
when they last read mail, although UNIX finger usually doesn't provide
this info). This is convenient if I send mail to a guy and don't get
a response back -- I can figure out if he's on vacation or
what-have-you."
"People should be made aware that fingerable information is public. I
can't believe they didn't know this already, but many users are naive.
Systems probably shouldn't tell all and sundry the home addresses and
telephone numbers that people are dialed in from."
"I, too, frequently amuse myself at periods of low productivity by
fingering random sites, particularly places I've been at or visited.
I do so to see what kind of machines people have, what users are
running, and whether there's anyone logged on that I know. Reading
plan files is also a source of entertainment. "
It appears that attitudes toward "finger" information are strongly
shaped by equipment installed at a particular site or by "finger"
conventions at the sites where they first began computing.:
"I have always been somewhat shocked by the easy availability of
finger information on tops-20 and unix systems. I started my computing
career at Dartmouth where we considered privacy an important issue.
The Dartmouth timesharing system originally allowed non-privileged
users access to CPU time and memory size tables of the jobs currently
in execution. Later, the user ID was included in the available info
as well and there was a significant minority which opposed making this
accessible. It would have been considered a breach of privacy to give
out info on where a person was logged in or what their phone number
was. Of course, the whole idea of one's personal files being readable
by world as a default is even more shocking."
"The PLATO system is a rather special case. The system was conceived
and designed, not as a general purpose computing facility, but as a
resource for offering instructional materials. It is a timesharing
system. We had about 1500 terminals connected, and during 'prime time
hours' we might have 600-700 terminals active, about half of which
would be in use by students doing classwork and about half by teachers
and other users. I think the privacy issues were strongly influenced
by the fact that U of I is a public institution and must be very
careful about federal guidelines. One PLATO feature was 'talk'. You
could 'page' a person and talk to him using the two bottom lines of
the screen. There were many busy people who DID NOT want to be
disturbed by browsers who just called up to chat, so you could opt not
to be included in the 'active user' list. The 'active user' list only
includes ID's and not location. Many people felt that it was nobody's
business where they were sitting. Furthermore, many female users who
used isolated terminals felt that telling their location was a
security problem. "
Here is an interesting description of "fingering" in the BITNET
universe:
"First, on BITNET, there are very few DEC's (VAXEN, whatever) - the
majority of the network is IBM and there are no 'plans' associated
with an IBM account (8 charcter userid and 8 character nodename). On
BITNET/EARN/NETNORTH, one sends a SMSG (Special MesSaGe) to query
another node about who is logged in, how many users are logged in,
what time it is there, what the node is connected up to, and a few
other things - mostly trivial in nature. For a good portion of EARN
(the European Advanced Research Network), requests of this kind are
blocked - which is part of the reason that EARN agreed to hook up to
BITNET - if it would not be subject to this kind of querying. Sure,
there are ways around it - but for those countries in Europe
accessible via CUNY - the command is blocked. FOr those accessible
via GWU, it isn't. Still, some sites on BITNET don't allow it - they
include MVS sites - but the reason they don't is because those people
with userids that sound like a female (Jane_doe@Yalevm) get harrassed
over the network simply because the querier recognizes that the user
is female. "
Several ideas were proposed to maintain the essence of "finger",
without unduly compromising privacy and security:
"As far as format goes, I think the only truly important parts of the
finger output (for a network finger) are the person's full name, his
login name, the time of last login (or 'on since'), idle time, and if
he desires, his phone number. Let's face it: if I'm at Purdue and
you're at CMU, it really doesn't matter to me whether you're running
EMACS or whatever. Most of the processes I see on those outputs I
have no idea what they are anyway, never having used TOPS-20 or
whatever it is you run. On the other hand though, I personally don't
object to having my current process, etc. displayed for others (UNIX
finger doesn't do that though). "
"Perhaps 'remote' finger should give less information than 'local'
finger. I rarely need or use the phone numbers of people in
Pittsburgh when I finger them from Texas. CMU distributes a digest of
finger output to many sites (via the 'gloria' program.) Perhaps what
we need is a global Gloria, containing the sanitized plan files of
users who are interested in participating. While that only addresses
the problem of the plan file, not the location information, I think
the latter is secondary. "
"I think it wouldn't be to hard for computers to (optionally) withhold
stuff like phone numbers while letting the other stuff go all over the
place. Deciding which is what is the tricky part, though... "
Finally, concerns about "finger" are not new. Here are instructions
for reading about an earlier finger debate which took place in 1979 on
the ARPAnet:
"Long ago in a network far away (The ARPANET, circa March, 1979) there
was an intense dicussion of FINGER that spread to the whole network
from a small beginning as a local discussion at CMU. The entire
discssion transcript was recorded and archived in MSGGROUP, and it is
available to you via annonymous FTP from [ECLC]<MSGGROUP>msggroup.*.*
along with thousands of other messages. The discussion started with
message number 0794 {# 94 in file MSGGROUP.0701-0800.*}. I am not
sure where the discussion ended, because it carried on for manths, and
became interspersed with other topics. So, I leave it to you to sift
through the transcript if you are interested. You might find it
useful to wear heat resistant glasses for your reading. Lots of
flames. "
Tom Finholt
------------------------------
Date: 10 Jul 85 16:42:28 PDT (Wednesday)
From: Hoffm...@Xerox.ARPA
Subject: Computer-Mediated Communication
"Affect in Computer-Mediated Communication: An Experiment in
Synchronous Terminal-to-Terminal Discussion" by S. Kiesler, D. Zubrow,
A. M. Moses (all of CMU) and V. Geller (of AT&T), in 'Human-Computer
Interaction', Vol. 1, No. 1, 1985, pages 77-104.
Abstract:
With the spread of computer networks, communication via computer
conferences, electronic mail, and computer bulletin boards will become
more common in society, but little is known about the social
psychological implications of these technologies. One possibility is
a change in physiological arousal, feelings, and expressive behavior
-- that is, affect. These computer-mediated communication
technologies focus attention on the message, transmit social
information poorly, and do not have a well-developed social etiquette.
Therefore, these technologies might be associated with less attention
to others, less social feedback, and depersonalization of the
communciation setting. In the present study we examined what would
happen to feelings and interpersonal behavior in an experiment in
which two people met for the first time and discussed a series of
questions in order to get to know one another. We measured
physiological arousal (pulse and palmar sweat), subjective affect
(emotional state and evaluations), and expressive behavior
(self-disclosure and uninhibited behavior) in both synchronous
computer-mediated and face-to-face discussions. (For comparison
purposes, we also examined these effects under high- and
low-evaluation anxiety.) Communicating by computer did not influence
physiological arousal, and it did not change emotions or
self-evaluations. However, people who communicated by computer
evaluated each other less favorably than did people who communicated
face-to-face, they felt and acted as though the setting was more
impersonal, and their behavior was more uninhibited. These findings
suggest that computer-mediated communication, rather than provoking
emotionality per se, elicits asocial or unregulated behavior. Of
course, our data are based on a laboratory experiment using just one
type of computer-mediated communication, but the results are generally
consistent with anecdotal evidence and new field research on how
people use computers to communicate in organizations.
------------------------------
Date: Mon 24 Jun 85 14:16:53-PDT
From: Mark Richer <RIC...@SUMEX-AIM.ARPA>
Subject: new AI in education mail list
There seemed to be enough interest to create a mailing list on
artificial intelligence in education. If there are several people at
one site that are interested, try to form a local distribution system.
Here's the description:
AI-ED@SUMEX-AIM
Discussions related to the application of artificial intelligence
to education. This includes material on intelligent computer
assisted instruction (ICAI) or intelligent tutoring systems (ITS),
interactive encyclopedias, intelligent information retrieval for
educational purposes, and pychological and cognitive science models
of learning, problem solving, and teaching that can be applied to
education. Issues related to teaching AI are welcome. Topics may
also include evaluation of tutoring systems, commercialization of
AI based instructional systems, description of actual use of an ITS
in a classroom setting, user-modeling, intelligent user-interfaces,
and the use of graphics or videodisk in ICAI. Announcements of
books, papers, conferences, new products, public domain software
tools, etc. are encouraged.
Archives of messages are kept on SUMEX-AIM in:
<BBOARD>AI-ED.TXT
All requests to be added to or deleted from these lists, problems,
questions, etc., should be sent to AI-Ed-Request@SUMEX-AIM
Coordinator: Mark Richer <Richer@SUMEX-AIM>
------------------------------
End of HUMAN-NETS Digest
************************