human-nets@ucbvax.ARPA (07/21/85)
From: Charles McGrew (The Moderator) <Human-Nets-Request@Rutgers> HUMAN-NETS Digest Sunday, 21 Jul 1985 Volume 8 : Issue 23 Today's Topics: Query - References on Graphic User Interfaces, Computers and the Law - The case of the Plainfield "hackers", Computers and People - "Finger" responses & Computer Mediated Communication, Announcement - AI in Education mailing list ---------------------------------------------------------------------- Date: Wed 17 Jul 85 13:47:57-PDT From: Mark Richer <RICHER@SUMEX-AIM.ARPA> Subject: QUERRY references on graphic user interfaces To: ai-ed@SUMEX-AIM.ARPA, ailist@SRI-KL.ARPA, To: cc: info-graphics@AIDS-UNIX.ARPA, works@RUTGERS.ARPA I am trying to collect references on the design, implementation and evaluation of user interfaces, particularly interfaces that employ interactive graphics (basically any bit-map display graphics), multiple windows, non-keyboard input devices (e.g., mouse), etc. Basically what are the key articles that have formed the core of conventional wisdom on workstation design and user-interfaces. Even more specifically, I want to get references on user-interface design in knowledge-based systems, especially browsers. Besides STEAMER and work I know of from Stanford (Mitch Model and ONCOCIN more recently), I have come across very little in the AI literature on graphic interfaces. Perhaps, I have missed some key articles, even in IEEE Computer or something. If I get a good response I can make a bibliography available one way or another on the net. I really would like complete references to specific articles rather than check out Englebart or Card&Moran. Though general pointers are also welcome. Thanks in advance to anyone that can contribute. mark ------------------------------ Date: 18 Jul 85 15:36:49 EDT From: *Hobbit* <AWalker@RUTGERS.ARPA> Subject: More press To: "Inquiring minds who want to know": ; [ Ed. Note: This message is in reference to the recent arresting of several Plainfield, NJ teenagers on charges of breaking into various computers - including a tank manufacturer, and appropriating AT&T credit card numbers, etc.] Well, since we all now know what's going on via the papers and vidiot box, here's the basic story from my end. A friend of one of the kids whose bboard was confiscated has a legit account on one of our machines. He called me up Monday night, rather frantic, and told me what was going on, that his friend's bboard had been nabbed and that there was going to be a press conference at the Middlesex County Prosecutor's office the next morning. I decided, after also being prodded by Geoff, that it would be a zippy thing to attend it, being as what I had never been to a press conference before and the subject matter was more or less up my alley. After finding out that the conference had been moved to the South Plainfield PD, I got a call from the above kid whose bboard had been confiscated. He was on his way down to the area [he lives somewhere around Morristown] for the conference with some friends, and didn't know how to find it. I told him to come meet me at Rutgers so we could confer, get lunch, and figure out what to do next. Therefore, a while later, the five of us rolled into the South Plainfield Police Department, where we met the investigating officer [Grennier] in the parking lot. He talked civilly to us and didn't seem all that surprised that we were down to attend the press conference. And when I called the PD, no one had mentioned any restrictions on attendance. But a while later, the Dick Tracy rough-guy types started arriving, and Grennier's whole outlook took an abrupt 180. He told us that we were not invited to the press conference, and that our attending ''since we were knowledgeable about computers, it would be an obstruction of justice'' or something to that effect. This was coupled with a threat to arrest us for this supposed obstruction if we continued to hang around. Then one of the Dick Tracies told us this in much more abrupt terms and told us to beat it the hell outa there. It is likely that Grennier got barfed heavily on by these fellows for even *talking* to us. The tough guys followed us out to the car, and started doing ''Hey, you got a *PROBLEM*? MOVE IT!!! YOU AIN'T MOVIN' FAST ENOUGH!!!'' -- slamming my car door on me, the whole tough cop bit. And of course *all* of them had their sidearms on prominent display, as though there were a threat to their lives and manhood within five miles of the place. It was clear that they were *deathly* *afraid* of our presence at the press conference, and that they wanted us out of there before the press showed up so we couldn't talk to them. There is a new New Jersey law, that was passed last March sometime, that deals with disseminating information or accessing someone else's computer or ... Does anyone have the *text* of this law? -- But the point is, it's brandy-new and hasn't been tested in the courts yet. The police in this case are using a bunch of helpless kids to set an incorrect precedent, feeding the media exactly what they want the media to hear, making the kids look like part of a massive Communist plot or something, and generally fabricating a massive publicity stunt out of the whole thing. It really stinks, and although we realized this on the way back to Rutgers, there wasn't much we could do that day. We felt that we had been abused by these guys, and that the way they had treated us was highly illegal, but I wasn't sure enough of this to stand up for my rights in the SPPD parking lot. So life went on for a couple of days, and then this afternoon, a reporter from the Star-Ledger calls me up. It seems that they are really doing some investigation into this, and trying to ascertain what *real* hackers are and what they really do. So I gave them about half an hour's worth of earful, and voiced the opinions of many of us about the *wide* difference between Hackers and Crackers. [Results of this [she talked to a number of people] will be in the Sunday Star-Ledger, for you local types.] It looks like things may actually turn for the better if the ACLU and the press gets their act together and leans on these stuffy law-enforcement types to be a little more fair. **Also**, she informed me that the cops had no right to turn us out of a press conference, regardless of our age or general scruffiness level, and that really pisses me off. Apparently a *press* conference is open to anyone who wishes to attend, as far as she knows. Does anyone have the real poop on this? Anyway, this is basically what has gone down with the case so far. I do not mean to excuse the kids who stole goods with the swiped credit card numbers. However, this case should serve as an example to *merchants* and *businesses* to tighten up their security a little bit, by *not* using dumb passwords, and perhaps shredding those little carbon-copy frobs from the credit card forms. But as far as moving satellites and frobbing defense machines goes, this is unadulterated horseshit, and there's nothing wrong with disseminating info found in *published* DoD documents and such. And last I heard, garbage picking [what they call ''trashing''] isn't illegal either. After all, *they* threw it out, so *they* have no call to say that anyone else wasn't supposed to have it. People who throw out sensitive material should render it unreadable first. The kids took lots of precautions to *not* allow things like AT&T calling card numbers on to their bboards. Although I have not seen the contents of any of these bboards, I do believe that things are being badly distorted, and it's not the fault of the *press* this time. They are just being fed one side of the story. The crimes actually committed in this case appear to have *no* relation with computers -- the credit card numbers were found on the carbons in the trash, and as far as I can tell, were not disseminated via the bboards. _H* ------------------------------ Date: Fri 12 Jul 85 17:20:35-EDT From: Thomas.Finholt@CMU-CS-C.ARPA Subject: "Finger" responses To: mkb@CMU-CS-C.ARPA, sproull@CMU-CS-C.ARPA Here is a summary of the responses to my earlier query about "finger" policy at other sites (not including the two fine responses which have already appeared here). These responses highlight two concerns. First, it appears that as the population of connected users grows the old rules (eg the Kansas Turnpike Law: use computers in a reasonable and prudent fashion) are not adequate. This is demonstrated by at least a couple of the responses that indicate that users with obvious female names are vulnerable to computer harassment. However, there does appear to be a genuine audience for features which offer some sort of dynamic information about other users. Therefore, a second concern is establishing limits for disclosure of this kind of information. At a minimum, most people seem to be against involuntary release of phone numbers and addresses. Beyond this, though, there is not much consensus. People who like open "finger" policies generally cite two reasons. First, many of them enjoy the convenience of "finger" (ie to locate friends or advisors). Second, they argue that most "finger" information is essentially public knowledge, much as a phone book listing. Also, some people mentioned that "finger" is indeed a form of diversion.: "Personally, I find 'finger' invaluable. Locally, I use it to figure out if someone (e.g. my boss, who is on the third floor while I'm in the basement) is logged in at the present time, and how long they've been idle at their terminal. Using this information, I decide whether or not to bother walking down to their office. On a network basis, I usually use 'finger' to see when the last time someone logged in (or when they last read mail, although UNIX finger usually doesn't provide this info). This is convenient if I send mail to a guy and don't get a response back -- I can figure out if he's on vacation or what-have-you." "People should be made aware that fingerable information is public. I can't believe they didn't know this already, but many users are naive. Systems probably shouldn't tell all and sundry the home addresses and telephone numbers that people are dialed in from." "I, too, frequently amuse myself at periods of low productivity by fingering random sites, particularly places I've been at or visited. I do so to see what kind of machines people have, what users are running, and whether there's anyone logged on that I know. Reading plan files is also a source of entertainment. " It appears that attitudes toward "finger" information are strongly shaped by equipment installed at a particular site or by "finger" conventions at the sites where they first began computing.: "I have always been somewhat shocked by the easy availability of finger information on tops-20 and unix systems. I started my computing career at Dartmouth where we considered privacy an important issue. The Dartmouth timesharing system originally allowed non-privileged users access to CPU time and memory size tables of the jobs currently in execution. Later, the user ID was included in the available info as well and there was a significant minority which opposed making this accessible. It would have been considered a breach of privacy to give out info on where a person was logged in or what their phone number was. Of course, the whole idea of one's personal files being readable by world as a default is even more shocking." "The PLATO system is a rather special case. The system was conceived and designed, not as a general purpose computing facility, but as a resource for offering instructional materials. It is a timesharing system. We had about 1500 terminals connected, and during 'prime time hours' we might have 600-700 terminals active, about half of which would be in use by students doing classwork and about half by teachers and other users. I think the privacy issues were strongly influenced by the fact that U of I is a public institution and must be very careful about federal guidelines. One PLATO feature was 'talk'. You could 'page' a person and talk to him using the two bottom lines of the screen. There were many busy people who DID NOT want to be disturbed by browsers who just called up to chat, so you could opt not to be included in the 'active user' list. The 'active user' list only includes ID's and not location. Many people felt that it was nobody's business where they were sitting. Furthermore, many female users who used isolated terminals felt that telling their location was a security problem. " Here is an interesting description of "fingering" in the BITNET universe: "First, on BITNET, there are very few DEC's (VAXEN, whatever) - the majority of the network is IBM and there are no 'plans' associated with an IBM account (8 charcter userid and 8 character nodename). On BITNET/EARN/NETNORTH, one sends a SMSG (Special MesSaGe) to query another node about who is logged in, how many users are logged in, what time it is there, what the node is connected up to, and a few other things - mostly trivial in nature. For a good portion of EARN (the European Advanced Research Network), requests of this kind are blocked - which is part of the reason that EARN agreed to hook up to BITNET - if it would not be subject to this kind of querying. Sure, there are ways around it - but for those countries in Europe accessible via CUNY - the command is blocked. FOr those accessible via GWU, it isn't. Still, some sites on BITNET don't allow it - they include MVS sites - but the reason they don't is because those people with userids that sound like a female (Jane_doe@Yalevm) get harrassed over the network simply because the querier recognizes that the user is female. " Several ideas were proposed to maintain the essence of "finger", without unduly compromising privacy and security: "As far as format goes, I think the only truly important parts of the finger output (for a network finger) are the person's full name, his login name, the time of last login (or 'on since'), idle time, and if he desires, his phone number. Let's face it: if I'm at Purdue and you're at CMU, it really doesn't matter to me whether you're running EMACS or whatever. Most of the processes I see on those outputs I have no idea what they are anyway, never having used TOPS-20 or whatever it is you run. On the other hand though, I personally don't object to having my current process, etc. displayed for others (UNIX finger doesn't do that though). " "Perhaps 'remote' finger should give less information than 'local' finger. I rarely need or use the phone numbers of people in Pittsburgh when I finger them from Texas. CMU distributes a digest of finger output to many sites (via the 'gloria' program.) Perhaps what we need is a global Gloria, containing the sanitized plan files of users who are interested in participating. While that only addresses the problem of the plan file, not the location information, I think the latter is secondary. " "I think it wouldn't be to hard for computers to (optionally) withhold stuff like phone numbers while letting the other stuff go all over the place. Deciding which is what is the tricky part, though... " Finally, concerns about "finger" are not new. Here are instructions for reading about an earlier finger debate which took place in 1979 on the ARPAnet: "Long ago in a network far away (The ARPANET, circa March, 1979) there was an intense dicussion of FINGER that spread to the whole network from a small beginning as a local discussion at CMU. The entire discssion transcript was recorded and archived in MSGGROUP, and it is available to you via annonymous FTP from [ECLC]<MSGGROUP>msggroup.*.* along with thousands of other messages. The discussion started with message number 0794 {# 94 in file MSGGROUP.0701-0800.*}. I am not sure where the discussion ended, because it carried on for manths, and became interspersed with other topics. So, I leave it to you to sift through the transcript if you are interested. You might find it useful to wear heat resistant glasses for your reading. Lots of flames. " Tom Finholt ------------------------------ Date: 10 Jul 85 16:42:28 PDT (Wednesday) From: Hoffman.ES@Xerox.ARPA Subject: Computer-Mediated Communication "Affect in Computer-Mediated Communication: An Experiment in Synchronous Terminal-to-Terminal Discussion" by S. Kiesler, D. Zubrow, A. M. Moses (all of CMU) and V. Geller (of AT&T), in 'Human-Computer Interaction', Vol. 1, No. 1, 1985, pages 77-104. Abstract: With the spread of computer networks, communication via computer conferences, electronic mail, and computer bulletin boards will become more common in society, but little is known about the social psychological implications of these technologies. One possibility is a change in physiological arousal, feelings, and expressive behavior -- that is, affect. These computer-mediated communication technologies focus attention on the message, transmit social information poorly, and do not have a well-developed social etiquette. Therefore, these technologies might be associated with less attention to others, less social feedback, and depersonalization of the communciation setting. In the present study we examined what would happen to feelings and interpersonal behavior in an experiment in which two people met for the first time and discussed a series of questions in order to get to know one another. We measured physiological arousal (pulse and palmar sweat), subjective affect (emotional state and evaluations), and expressive behavior (self-disclosure and uninhibited behavior) in both synchronous computer-mediated and face-to-face discussions. (For comparison purposes, we also examined these effects under high- and low-evaluation anxiety.) Communicating by computer did not influence physiological arousal, and it did not change emotions or self-evaluations. However, people who communicated by computer evaluated each other less favorably than did people who communicated face-to-face, they felt and acted as though the setting was more impersonal, and their behavior was more uninhibited. These findings suggest that computer-mediated communication, rather than provoking emotionality per se, elicits asocial or unregulated behavior. Of course, our data are based on a laboratory experiment using just one type of computer-mediated communication, but the results are generally consistent with anecdotal evidence and new field research on how people use computers to communicate in organizations. ------------------------------ Date: Mon 24 Jun 85 14:16:53-PDT From: Mark Richer <RICHER@SUMEX-AIM.ARPA> Subject: new AI in education mail list There seemed to be enough interest to create a mailing list on artificial intelligence in education. If there are several people at one site that are interested, try to form a local distribution system. Here's the description: AI-ED@SUMEX-AIM Discussions related to the application of artificial intelligence to education. This includes material on intelligent computer assisted instruction (ICAI) or intelligent tutoring systems (ITS), interactive encyclopedias, intelligent information retrieval for educational purposes, and pychological and cognitive science models of learning, problem solving, and teaching that can be applied to education. Issues related to teaching AI are welcome. Topics may also include evaluation of tutoring systems, commercialization of AI based instructional systems, description of actual use of an ITS in a classroom setting, user-modeling, intelligent user-interfaces, and the use of graphics or videodisk in ICAI. Announcements of books, papers, conferences, new products, public domain software tools, etc. are encouraged. Archives of messages are kept on SUMEX-AIM in: <BBOARD>AI-ED.TXT All requests to be added to or deleted from these lists, problems, questions, etc., should be sent to AI-Ed-Request@SUMEX-AIM Coordinator: Mark Richer <Richer@SUMEX-AIM> ------------------------------ End of HUMAN-NETS Digest ************************