TBTF for 1999-02-01: Squammers
T a s t y B i t s f r o m t h e T e c h n o l o g y F r o n t
Timely news of the bellwethers in computer and communications
technology that will affect electronic commerce -- since 1994
Your Host: Keith Dawson
This issue: < http://tbtf.com/archive/1999-02-01.html >
________________________________________________________________________
C o n t e n t s
CDA-II ruled unconstitutional
Squammers
Windows Refund Day
A new kind of trademark dispute
Net weather and traffic
IBM joins Linux International
Book bots
Followups
Intel's Big Brother problems multiply
Compromised utility package updated
We can get it for you wholesale
Becoming a Y2K urban legend
An interview at the NSA
Rings
________________________________________________________________________
..CDA-II ruled unconstitutional
Laudable goal, terrible legislation
The judge hearing the CDA-II (Child Online Protection Act) chal-
lenge has ruled that the law is unconstitutional [1]. No word yet
on whether the government will appeal. (Remember, this is a law
that Janet Reno's Justice Department advised they could not en-
force.) The judge said
> Perhaps we do the minors of this country harm if First
> Amendment protections, which they will with age inherit
> fully, are chipped away in the name of their protection.
[1] http://www.news.com/News/Item/Textonly/0,25,31724,00.html?tbtf
____________
..Squammers
Domain name squatters who spam the InterNIC
Network Solutions, Inc. has recently been falling behind with reg-
istration requests. They say [2] that domain-name squatters have
been bombarding NSI with bogus requests, crashing their servers and
delaying processing of ordinary business. This activity has been
going on for some time, but in January it reached a level double
that of legitimate registrations. Wired's coverage is here [3].
This is not a story about speculators of domain-name homesteaders
who put down their money on a bet about the Net's direction. The
squatters pay nothing, financing their bets with everyone else's
money; a subset of them, the squammers, additionally throw sand
in the gears for the rest of us.
Mailing-list discussion -- see this thread on NANOG [4] for ex-
ample -- has fleshed out the picture of the squammers. A squatter
reserves a domain name, perhaps giving a bogus email address and/or
physical address, and ignores the bill when/if it comes. After 30
days NSI suspends the name. When another 30 days have passed and no
payment has arrived NSI releases the name. The original squatter now
showers the registrar with many (probably automated) requests to
re-register that name. Thus the name remains tied up and the squam-
mer never pays a cent. If a buyer wants the name, they ends up pay-
ing the original NSI bill as well as whatever usurious ransom the
squammer has been able to negotiate.
Posters on NANOG are playing the story as yet another example of
NSI's incompetence [4], and certainly this interpretation is sup-
portable. One measure NSI has taken to slow the squammers was to
drop (without announcement) the "initial creation date" and "cur-
rent status" fields from the information it publicly reports about
name ownership and status. This will have little impact on squam-
mers -- surely they know when they registered a name -- but will
break ISPs' existing procedures and software and inconvenience all
legitimate users of the name database. NSI's ill-advised policies
are partly to blame for creating a something-for-nothing opportun-
ity for squammers, who would vanish into the night if NSI made reg-
istrants supply two valid DNS servers before reserving a name, and
particularly if they required a valid credit-card number up front.
News.com plays one domain-name squatter's story [5] as a tale of a
little guy against the megacorp. Their reporter appears to have been
completely bamboozled by Jerry Sumpton [6] of Freeview Listings, who
lost his bid to extort $13,000 from Avery-Denison Inc. for the names
avery.net and dennison.net.
Ian Andrew Bell shoots straighter [7]. He points out that Sumpton
holds as many as 30,000 domain names: many proper names and many
words from the dictionary, largely in the .net domain. Sumpton's
business plan of record -- renting mailboxes at $4.95 per month on,
e.g., smith.net -- makes no sense if he has to pay over $1M per year
for the names. It makes sense only if he never pays for a name until
someone signs up for a mailbox on it, or better yet bids to buy it
from him. (Note: no evidence suggests that Sumpton is one of the
squammers; NSI has not made public any results from its attempts to
trace these miscreants.)
The handy Domain Surfer site [8] offers the fastest way I've found
to explore the domain namespace and winkle out homesteaders, spec-
ulators, and squatters.
[2] http://rs.internic.net/customer_advisory.html
[3] http://www.wired.com/news/print_version/technology/story/17522.html?wnpg=all
[4] http://www.cctec.com/maillists/nanog/current/msg00256.html
[5] http://www.news.com/News/Item/Textonly/0,25,21333,00.html?tbtf
[6] http://rs.internic.net/cgi-bin/whois?JS1578
[7] http://xent.ics.uci.edu/FoRK-archive/jan99/0345.html
[8] http://www.domainsurfer.com/
____________
..Windows Refund Day
Ready to demand your money back from Mr. Bill?
Proponents of non-Microsoft operating systems have declared 15 Feb-
ruary Windows Refund Day [9] to encourage PC buyers to get cash back
for the Windows software they have never used. Microsoft's end-user
license agreement gives purchasers the right to obtain a refund
from their PC vendor if they've installed an alternative OS such as
Linux or IBM's OS/2 without having used Windows. The effort was in-
spired by Geoffrey Bennett's tale [10] of pursuing a refund from
Toshiba over 4 months, eventually with success. The Windows Refund
Center [11] features links to other such stories, some without a
happy ending after two years. On 15 February Linux users in Cali-
fornia plan to show up on the doorstep of their local Microsoft of-
fice for their refunds.
[9] http://www.wired.com/news/print_version/technology/story/17452.html?wnpg=all
[10] http://www.netcraft.com.au/geoffrey/toshiba.html
[11] http://www.linuxmall.com/refund/
____________
..A new kind of trademark dispute
Is a search site that sells keywords diluting copyrights?
Estee Lauder has filed suit against Excite for selling its trade-
marked terms "Estee Lauder" and "Origins" to the Fragrance Counter,
a competitor [12]. Search engines commonly sell keywords to whomever
is willing to pay, displaying the buyer's ad banners whenever a vis-
itor searches on one of the keywords. So far no law or court prece-
dent restricts the search companies from selling whatever they
please. The Lauder action is being publicized by BannerStake [13],
which offers a keyword of your choice to 12 search engines and dis-
plays the banners that they display, if any. I tried the keyword
"Linux" and found that Excite appears to have sold it to Microsoft.
Probably last Halloween [14].
[12] http://www.internetnews.com/IAR/1999/01/2901-lawsuit.html
[13] http://www.bannerstake.com/
[14] http://tbtf.com/archive/1998-11-03.html#s02
____________
..Net weather and traffic
Internet tomography and an index of Net health
The journal Nature carries an article [15] on Net tomography. The
authors have developed skitter, a "tomography scanning tool" that
dynamically discovers and depicts global Internet topology and meas-
ures the performance of specific paths through the Internet. Skitter
uses ping ICMP packets to develop a diagram of Net connectivity at
a point in time. Here is a sample interconnectivity diagram [16]
(194K).
Another view of the state of Net health is provided by the Internet
Traffic Report [17], which also uses ping to derive indices of world-
wide round-trip times and packet loss. Thanks to Tom Parmenter <tom-
par at world dot std dot com> for pointing out this service.
[15] http://helix.nature.com/webmatters/tomog.html
[16] http://helix.nature.com/webmatters/tomfigs/fig1.html
[17] http://www.internettrafficreport.com/
____________
..IBM joins Linux International
Open source OS's momentum looks unstoppable in the server space
Following Sun's lead [18], IBM Software Solutions has become a spon-
soring corporate member of Linux International. Besides these two
the roster [19] now includes Silicon Graphics and Compaq. Missing for
the moment is HP, though that company has recently announced that it
will sell Linux on its NetServer systems and has struck an alliance
with Linux packager Red Hat [20]. This article [21] discusses recent
Linux initiatives by HP and SGI.
[18] http://tbtf.com/archive/1998-05-25.html#s03
[19] http://www.li.org/sponsors/sponcorp/index.shtml
[20] http://www.news.com/News/Item/Textonly/0,25,31511,00.html
[21] http://www.internetnews.com/Reuters/1999/01/2805-linux.html
____________
..Book bots
Two sites comparison-shop the Net booksellers
You've read about the coming wonderful world of intelligent agents
that will make Web comparison-shopping a breeze, once the nirvana of
universal XML arrives to usher in the day. But even now clever folks
are implementing services to help you compare prices for commodities
on the Net. Consider books. The free service AddALL [22] will search
for any book and compare prices, including shipping, across 34 sep-
arate online bookstores, and display the results in price order in
the currency of your choice. The search is a little clunky; I find
it's best find my book first at Amazon or Barnesandnoble and then
price-shop at AddALL. The site needs a going-over by someone with a
strong grasp of English syntax, but so what? It's an extremely useful
labor of love and seems to be under constant improvement.
A few months back Glenn Fleischman got to musing on how URLs might
be used like programs, and the result is isbn.nu [23]. You can get
a price comparison, including shipping charges, for any book by
feeding its International Standard Book Number to this site as if
it were a directory name. For example, entering
http://isbn.nu/0201149370/price
compares prices for John Hanson Mitchell's "Ceremonial Time: 15,000
Years on One Square Mile" across 8 online stores. Leave off the
trailing "/price" and the site takes you to Amazon.com's order page
for the book. Prefer another store? You can append the name of one
of 10 other online bookstores from a list on the site.
[22] http://www.addall.com/
[23] http://isbn.nu/
____________
..Followups
..Intel's Big Brother problems multiply
On 27 January pressure on Intel increased again to scrap its plans
to include a consumer-identifying serial number in each Pentium III
[24]. A lawmaker in Arizona has said he will file a bill this week
making it illegal for any company to manufacture or sell a PC chip
in that state that features a unique identifying number in the hard-
ware [25]. Intel runs two chip fabs in Arizona and its CEO, Craig
Barrett, has a home there. Such a law could have an unintended im-
pact on Sun Microsystems, whose Sparc chips have for years included
a serial number to prevent piracy.
Cryptographer Bruce Schneier has a commentary on ZDNet [26] explain-
ing in simple terms exactly why Intel's scheme will not work to en-
hance consumer security or authentication.
Finally, Dan Kohn passes along a pointer to a FAQ [27] on the Intel
chip flap, which claims that Intel has not turned off the ID number
in the hardware at all, as it claims. (The multi-part FAQ begins
here [28].)
[24] http://tbtf.com/archive/1999-01-26.html#s03
[25] http://www.news.com/News/Item/Textonly/0,25,31482,00.html?tbtf
[26] http://www.zdnet.com/zdnn/stories/comment/0,5859,2194863,00.html
[27] http://www.zdnet.com/zdhelp/static/p3/p3_3.html
[28] http://www.zdnet.com/zdhelp/static/p3/p3_1.html
____________
..Compromised utility package updated
In the aftermath of the backdooring of ftp.win.tue.nl [29], the author
of one of the affected utilities, util-linux, has released an updated
package [30] to the sunsite and tsx-11 software depots. He writes:
> If you get it from ftp.win.tue.nl (very unwise), check the md5sum:
> d98b2a08c4865c14b9aefec3586c685a util-linux-2.9h.tar.gz
Contrary to a note I posted at [29] after the email edition went out,
Hotmail administrators were in fact immediately responsive when not-
ified about the compromised code at ftp.win.tue.nl that referenced
two Hotmail drop boxes, according to John R Levine <johnl at iecc dot
com>, one of the perpetrators of Internet for Dummies.
[29] http://tbtf.com/archive/1999-01-26.html#s01
[30] http://www.geek-girl.com/bugtraq/1999_1/0364.html
____________
..We can get it for you wholesale
TBTF for 1999-01-13 [31] covered buy.com and its "sell a buck for 85
cents and make it up on advertising" business model. Now competitor
Onsale has abandoned retail markups and thrown in its lot with the
tulip traders [32]. It's a win for consumers in the short term, but
how will Web merchants endure in this atmosphere of purest helium?
[31] http://tbtf.com/archive/1999-01-13.html#s05
[32] http://www.onsale.com/aboutus/ir/pr/pr1199901.htm
____________
..Becoming a Y2K urban legend
This note was sent in by faithful TBTF reader Cheryl Stocks <cstock
at ibm dot net>:
> I think we have a new urban legend category.
> I read your story "Report of a very Confucian incentive is a
> joke" [33] recently, and got a chuckle from it. Today my hus-
> band said "Did you hear that British Air is going to require
> 40% of its executives to be in the air at midnight, New Year's
> Eve, this year?"
[33] http://tbtf.com/archive/1999-01-26.html#s11
____________
..An interview at the NSA
"Good Will Hunting" missed the mark
A long-time reader sent this account [34] of a recent job interview
at the US National Security Agency. My informant was not offered a
job but came away impressed with the professionalism, seriousness,
and collegial atmosphere at the agency, but. Here's an excerpt on
the agency's training program for new hires.
> The first interview is with the mathematician who is head of
> the training program, which lasts three years. The program
> starts with a quick review of algebra and then launches into
> crypto stuff, and it's full-time for months at a time, two
> hours of lecture and six hours of study every day, in a big
> classroom with forty other newly hired mathematicians, some
> just out of college, some PhD's.
[34] http://tbtf.com/resource/NSA-interview.html
____________
..Rings
A pretender to the ring-world throne
Last November GeoCities bought Starseed [35], the inventor of the
WebRing [36]. A WebRing collects many Web sites on a similar topic
(e.g., fan sites for a particular music group) and stitches them
into a circular structure. From any ring member you can move ahead
or back in the ring or jump to the ring's head. Starseed's imple-
mentation of this novel navigation system is highly structured,
with Ring Members (individual sites), Ring Masters, and a central
Ring Server (Starseed's) to enable navigation. At the time of its
purchase by GeoCities, Starseed had attracted 66,000 "affinity
groups" to join in rings; in all 900,000 Web sites participated.
Now that Yahoo has announced plans to acquire GeoCities [37] it will
be the lord of the rings.
But don't count out the pretender to the throne: Bomis [38], whose
hands-off technology runs rings around any site without requiring
the intervention, or even the knowledge, of its Webmaster. Bomis's
lightweight approach to ring construction wraps ringed Web sites
within frames; an Escape button allows the visitor to jump out of
the ring context and back to the unframed site at any point.
The Bomis maintainers strut a subversively cheeky attitude. See for
example their FAQ page [39], and don't miss the infrequently asked
questions [40]. They don't tell us what, if anything, "Bomis" means,
but they provide a page where you can guess [41], one chance in
65,340.
[35] http://www.news.com/News/Item/Textonly/0,25,28639,00.html?tbtf
[36] http://www.webring.com/
[37] http://www.news.com/News/Item/Textonly/0,25,31582,00.html?tbtf
[38] http://www.bomis.com/
[39] http://www.bomis.com/bomis_faq.html
[40] http://www.bomis.com/ifaq.html
[41] http://www.bomis.com/whatisbomis.html
________________________________________________________________________
S o u r c e s
> For a complete list of TBTF's (mostly email) sources, see
http://tbtf.com/sources.html .
________________________________________________________________________
TBTF home and archive at http://tbtf.com/ . To (un)subscribe send
the message "(un)subscribe" to tbtf-request@tbtf.com. TBTF is Copy-
right 1994-1999 by Keith Dawson, <dawson@world.std.com>. Commercial
use prohibited. For non-commercial purposes please forward, post,
and link as you see fit.
_______________________________________________
Keith Dawson dawson@world.std.com
Layer of ash separates morning and evening milk.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5
iQCVAwUBNrZ1HmAMawgf2iXRAQGQCAP9GyFJcTtItcV4nSk5Ek773ct2gee7Z+za
CLp4IkkYejrP3pnom0n3D6Cebvv+CLV9DsncjPkicR7Zb7diKMahkCRg1k9h4UoV
6wTKd3GbdK+KFp1RWA6LggpHjqtmC21aVSuMST9AHvDtn5lESYLYHmRSADgMOMQ3
LsjqegIo/cg=
=8309
-----END PGP SIGNATURE-----