TBTF for 1999-08-16: Delusional

Keith Dawson (dawson@world.std.com)
Sun, 15 Aug 1999 22:22:38 -0400


TBTF for 1999-08-16: Delusional

T a s t y B i t s f r o m t h e T e c h n o l o g y F r o n t

Timely news of the bellwethers in computer and communications
technology that will affect electronic commerce -- since 1994

Your Host: Keith Dawson

ISSN: 1524-9948

This issue: < http://tbtf.com/archive/1999-08-16.html >

C o n t e n t s

Food fight
The Microsoft trial you haven't heard of
Domain naming news
Price war for domain names begins
ICANN cuts NSI's influence
Voyeur cams and the law
The short life of the Fidnet proposal
Reno urged banning crypto products on the Internet
Open source governance models
OS usability challenge issued
Censorware Project roasts N2H2's Bess
It's a strange world after all (not)
Too close

..Food fight

A pox on both their houses

Microsoft and AOL have been making an ugly spectacle of themselves
in the fight over instant messaging standards [1]. For three weeks
the two sides have been exchanging rhetoric at a pace and a pitch
that is reminiscent of nothing so much as bitterly divisive polit-
ical battle.

On 22 July Microsoft introduced a client, the MSN Messenger Ser-
vice, that connects with AOL Instant Messenger by requiring users
to supply their AOL screen name and password. AOL spluttered that
this requirement goes against the security admonitions that AOL
constantly inculcates into its customers. And AOL can't have been
thrilled that Microsoft at least potentially possessed login in-
formation for millions of AOL customers -- even though Microsoft
insists it is neither collecting nor saving the logins. Adding
insult to injury, Microsoft's client can also import AIM buddy

As soon as MSN Messenger Service went live AOL blocked its access
to their servers. Microsoft coded around the block. AOL countered.
By the end of the first weekend the two teams had traded hack for
counter-hack five times; the last count I saw tallied 13 round

The two sides have feigned at lawsuits, wrapped themselves in the
robes of open standards and user security, and signed up allies at
a frantic pace.

The battle escalated another notch last week when someone posing
as an independent consultant wrote to security watchdog Richard
Smith, asking him to publicize the assertion that one of AOL's
blocking tactics utilizes a buffer overflow in the AIM client [2].
If true this would point to a dangerous security hole in AIM. But
Smith determined that the "consultant" probably didn't exist and
that the message had originated on a Microsoft internal mail ser-
ver. Microsoft's protested [3] that the unknown perpetrator had
no encouragement from the management. Right. Despite the tainted
source of the accusation, Smith insisted that AOL come clean about
any buffer overflows. AOL has bequeathed no word on the subject.

The irony of Microsoft arguing for open standards, and AOL against
them, was not lost on the SJ Mercury News's Dan Gillmor. He calls
them both aggravating hypocrites [4].

Alex Lash wrote a good overview [5] on the wider Microsoft - AOL
rivalry that he might have subtitled "How do I hate thee? Let me
count the ways."

[1] http://www.news.com/News/Item/Textonly/0,25,39693,00.html
[2] http://www.zdnet.com/intweek/stories/news/0,4164,2314107,00.html
[3] http://www.techweb.com/wire/story/TWB19990813S0015
[4] http://www.sjmercury.com/svtech/columns/gillmor/docs/dg072799.htm
[5] http://www.thestandard.com/articles/article_print/0,1454,5821,00.html

..The Microsoft trial you haven't heard of

Taking the IRS to Tax Court

Late last month, in near-perfect silence, Microsoft wrapped up its
court case against the Commissioner of the Internal Revenue Service
[6]. The only notice of the case was a slip of paper hanging outside
the door of a little-known courtroom at 400 Second St. N.W. in Wash-
ington, DC. Microsoft had sued the IRS in the early 90s over the
favorable tax treatment allowed for CDs and movies, arguing that the
same rules should apply to software. The amount at issue in the case
is a mere $16M that Microsoft paid in taxes in the early 1990s, but
the outcome of the case could affect billions in the years to come --
for other software suppliers as well as for Microsoft. Oracle, Auto-
desk and Adobe all have similar cases pending in the Tax Court. In
1997, after Microsoft's suit was filed, Congress enacted the tax pro-
vision that Microsoft wants. But the company fights on because a loss
in Tax Court could render moot the action of Congress. A ruling in
the case could take another year.

[6] http://www.seattletimes.com/news/business/html98/micr_19990803.html

..Domain naming news

..Price war for domain names begins

CORE, the Council of Registrars, is one of the organizations accred-
ited in the early-phase testing of competitive domain-name registra-
tion. One of CORE's members, CSL GmbH of Duesseldorf, is now offering
two-year registrations in the .com, .net, and .org top-level domains
for 40.9 Euros, or about $43.23 [7]. CSL thus becomes the first com-
petitive registrar to actually compete on the basis of price. NSI
and all the other active test registrars still charge $70 for two
years -- but this won't be true for long. To register your .com do-
main for less than the price of a .nu [8], visit CSL's registration
site joker.com [9]. (This is no joke.)

[7] http://www.internetnews.com/bus-news/article/0,1087,3_181351,00.html
[8] http://www.nic.nu/
[9] http://www.joker.com/

..ICANN cuts NSI's influence

The Internet Commission on Assigned Names and Numbers issued a rul-
ing that will limit Network Solutions's influence on domain naming
policy. ICANN has declared [10] that no entity may send more than a
single representative to the Names Council, a body set up to advise
ICANN on naming policy. Under the previous rules, NSI had 3 seats
on the 21-member council.

[10] http://www.infoworld.com/cgi-bin/displayStory.pl?990813.iiicann.htm

..Voyeur cams and the law

Small, inexpensive video cameras redefine voyeurism

Here is a story ripe for the mainstream press to blow all out of
proportion. USA Today reports [11] on a case of organized voyeurism:
28 athletes from colleges in Illinois and Pennsylvania have filed for
damages against the makers and distributors of videotapes captured
by tiny cameras secreted in college locker rooms. The tapes were
sold over the Internet. Most states have no law against surrepti-
tious videotaping or selling such tapes over the Net, so victims
may have little recourse. This last week my hometown paper carried
news that the Massachusetts senate had just passed such an anti-
voyeur measure. Thanks for the tip on this story to Lynn Saxen-
meyer <saxenmeyer at worldnet dot att dot net>.

[11] http://www.usatoday.com/life/cyber/tech/ctf847.htm

..The short life of the Fidnet proposal

Leaked, criticized, withdrawn, and squashed inside of two days

On 28 July the NY Times reported that the Clinton administration was
mulling a plan [12] for a computer monitoring system, called Fidnet,
that would watch the country's data networks for intruders. The FBI
was to oversee Fidnet, which would expand from monitoring government
networks to private ones. The outcry from civil libertarians was
immediate and deafening, and Fidnet was shelved [13] the next day.
Just to nail that particular coffin, Congress voted [14] on 30 July
to ban the Justice Department from spending any funds on Fidnet.

[12] http://www.zdnet.com/filters/printerfriendly/0,6061,2303703-35,00.html
[13] http://www.zdnet.com/filters/printerfriendly/0,6061,2304083-35,00.html
[14] http://www.techserver.com/noframes/story/0,2294,76087-120171-852121-0,00.html

..Reno urged banning crypto products on the Internet

Cites danger of rendering Wassenaar controls "immaterial"

Late last month the Austrian journal Telepolis published a letter
that US Attorney General Janet Reno sent at the end of May to the
German Justice Minister urging a ban of crypto products on the In-
ternet. John Young has posted a translation on Cryptome [15]. Here
is the original article, in German [16], and the letter as published
in Telepolis [17]. An excerpt from Reno's letter:

> Much work remains to be done. In particular, I believe we must
> soon address the risks posed by electronic distribution of
> encryption software. Although the Wassenaar Nations have now
> reached agreement to control the distribution of mass market
> encryption software of certain cryptographic strength, some
> Wassenaar Nations continue not to control encryption software
> that is distributed over the Internet, either because the
> software is in the "public domain" or because those Nations do
> not control distribution of intangible items. While I rec-
> ognize that this issue is controversial, unless we address
> this situation, use of the Internet to distribute encryption
> products will render Wassenaar's controls immaterial.

Thanks to TBTF Irregular [18] Jon Callas <jon at callas dot org> for
the tip.

[15] http://jya.com/reno-ban.htm
[16] http://www.heise.de/tp/deutsch/inhalt/te/5117/1.html
[17] http://www.heise.de/tp/deutsch/inhalt/te/5117/2.html
[18] http://tbtf.com/the-irregulars.html

..Open source governance models

Variety and innovation rule in open-source development

At last week's LinuxWorld Expo, a panel discussed the various models
of how open source projects are controlled and directed [19]. Con-
trary to what you might expect, open source does not mean "demo-
cratic." Linus Torvalds runs Linux development as an absolute dic-
tatorship buffered by a sizable bureaucracy. At the other end of the
spectrum, Brian Behlendorf says that development of the Apache Web
server is governed by a "round table" of two dozen equals, all of
whom have veto power over proposed features. Perl development pro-
ceeds like a constitutional monarchy. Larry Wall, the language's
original author, has relegated himself to the role of a Supreme
Court, settling the disagreements that the development community
can't resolve.

[19] http://www.techweb.com/wire/story/TWB19990812S0003

..OS usability challenge issued

Linux gets the press, but has BeOS got the goods?

Scot Hacker <shacker at birdhouse dot org>, who runs a tips site [20]
for users of BeOS, is frustrated. The press covers Linux ceaselessly
but rarely writes about BeOS. When this commercial OS is covered,
Hacker believes, the articles are usually written by pundits who have
never tried BeOS or done any real research. He writes,

> BeOS is easier to install, easier to use, and easier to con-
> figure than Linux. It's got a consistent, elegant, light-
> weight, non-chaotic UI, is POSIX compliant, includes a full
> bash shell, boots to full GUI in less than 15 seconds, and
> does multithreaded multitasking like nothing else. It's got a
> fully journaled 64-bit database-like filesystem. I believe
> it's far better suited to become a replacement for or alter-
> native to Windows on the desktop than is Linux. BeOS costs
> just a bit more than a set of Linux CDs. So why is none of
> this coming to light in the press?

(Neal Stephenson's storied essay "In the beginning was the command
line" [21] makes much the same point, at great and entertainingly
readable length.)

Hacker has set up the Alt.OS Usability Challenge [22] to invite tech
publications to compare BeOS with Linux by watching real users. The
model is to sit down a Windows or MacOS user with a Linux distribu-
tion and a BeOS CD and have normal users install, configure, and
use the respective systems; observe and report.

I wish I had the time to mount this test myself, but I don't. I'll
be curious to see how many publications take up the challenge.

By the way, BeOS Tips is served from Hacker's main BeOS develop-
ment machine, which is also running 1.7M keys/sec. in the rc5des
[23] distributed crack. How many Windows, or even Linux, users would
be willing to try this?

[20] http://www.betips.net/
[21] http://www.cryptonomicon.com/beginning.html
[22] http://www.betips.net/challenge/
[23] http://beoscentral.com/teambeos/

..Censorware Project roasts N2H2's Bess

Another proof point that the censorware approach is
fundamentally flawed

The Censorware Project investigated [24] Bess, a product widely used
in schools across the US and Australia and aggressively marketed to
libraries, schools, and governments. N2H2 [25], the company that
markets Bess, claims that the proxy-based filtering software shields
more than seven million schoolchildren. N2H2 is unusual in a couple
of ways. They claim not to block by keywords -- that every one of 8
million sites on their block list has been examined by a human. And
N2H2 is the first of the censorware companies to announce plans to
go public.

The Censorware Project found hundreds of porn sites easily acces-
sible, unblocked by proxies in actual use in schools today, as well
as numerous sites incorrectly blocked for no discernable reason. The
report casts serious doubt on N2H2's claim of 100% human-based fil-
tering, a claim the company president made in Congressional testimony
last May.

N2H2 employs 15 full-time and 58 part-time workers to scan Web sites,
according to their recent IPO filing. The Censorware Project's report
estimates that this number falls short -- by a factor of about 20 --
of the labor force that would be required just to keep up with the
Web's growth (2 million pages per day), let alone to track site up-
dates or to classify the 1 billion Web pages already in existence.

Please note that the report [24] necessarily contains some ugly lan-
guage and many links to offensive sites.

[24] http://censorware.org/reports/bess/
[25] http://www.n2h2.com/

..It's a strange world after all (not)

Don't expect the world to end when this Brookhaven device
goes live

This BBC article [26] speaks of qualms about Brookhaven National
Laboratories' Relativistic Heavy Ion Collider. It seems that once
the machine is activated, scientists aren't 100% certain that it
won't turn the whole earth into strange matter.

Scientists aren't 100% certain that a glass of water at room temp-
erature won't spontaneously develop ice cubes, either, but it's
the way the smart money bets.

The BBC story was pretty convincingly deconstructed on Slashdot [27]
(albeit by Anonymous Cowards). Thanks to TBTF Irregular Jamie Mc-
Carthy <jamie at mccarthy dot org> for that pointer, and to others
regular and Irregular who poured healthy skepticism in my general
direction when I posted this item as a Tasty Bit of the Day.

On the American Physical Society's What's New page [28], Robert Park

> Could the "Big Bang Machine," a.k.a. Relativistic Heavy-Ion
> Collider, produce "perturbations of the universe" -- maybe a
> black hole -- and destroy Earth? The Sunday Times of London
> reported that Brookhaven director John Marburger had appointed
> a panel of physicists to investigate. Not exactly. He asked
> them for a white paper explaining why it's not a worry. In
> spite of millennium madness, Marburger said this morning that
> the net effect has been very positive. Reporters from around
> the world call to ask if there's anything to the story, and
> end up learning about RHIC.

Thanks to TBTF Irregular Greg Roelofs <newt at pobox dot com> for
this one.

[26] http://www.sunday-times.co.uk/news/pages/sti/99/07/18/stinwenws02029.html?99
[27] http://slashdot.org/comments.pl?sid=99%2F07%2F18%2F1415231&cid=&pid=0&startat=&threshold=3&mode=thread&commentsort=3&savechanges=on&op=Change
[28] http://www.aps.org/WN/WN99/wn072399.html

..Too close

Judging now much to worry about near-earth objects

How dangerous, in reality, are asteroids of the sort that starred
in last summer's blockbuster [sic] movie? Should we worry about the
danger from an asteroid with a one-in-a-million chance of striking
earth? Scientists have announced development of the Torino scale
[29], a method of communicating the degree of danger from near-earth
objects. So far no known object has been assigned a Torino number
greater than 0. (At Torino 10 the earth is toast.) See [30] for a
succinct graphic (98K) depicting the factors woven into a Torino
scale number. The scale takes into account the probability of a
collision and its likely kinetic energy -- which depends on the
object's diameter, composition, speed, and strike angle. Thus a
100-m asteroid with a 1-in-100 chance of striking the earth merits
the same level of concern -- 2 on the Torino scale -- as a 5-km as-
teroid with a 1-in-a-million chance.

This site [31] lets you explore the known near-earth objects for
yourself. I particularly like the search function [32], where you
can ask, say, for all known objects that will ever pass closer to
the earth than the moon's orbit (call it 0.0025 AU). This site [33]
lists all known close approaches (closer than about 5M miles) for
the next 100 years.

Scientists estimate that fewer than one in ten near-earth asteroids
have yet been discovered and mapped.

[29] http://science.nasa.gov/newhome/headlines/ast22jul99_2.htm
[30] http://science.nasa.gov/newhome/headlines/images/meteors/torinoscale.gif
[31] http://newton.dm.unipi.it/
[32] http://newton.dm.unipi.it/cgi-neo/neoibo?quicksearch
[33] http://cfa-www.harvard.edu/iau/lists/PHACloseApp.html



A team of Florida physicians recently reported two cases in which
delusional patients have woven the Internet into their fantasy sys-
tems [34]. These are the unfortunates who used to wear aluminum-foil
hats to block the radio messages the CIA was trying to beam into
their heads; now it's the Net that provides a backdrop of threat-
ening and poorly understood technology from which to craft their

Randy Cassingham's engaging periodical This Is True [35] noted this
story under the title "www.ParanoidPsychoticDelusions.com." Of
course I had to add it to the No We Don't have a Web Site page [36],
the home for bogus and self-referential (and mostly nonexistent)
URLs. Thanks to Herbert Hille <hhil at loc dot gov> for the pointer.

[34] http://www.sma.org/smj/internet_press.htm
[35] http://www.thisistrue.com/
[36] http://www.nowedonthaveawebsite.com/

N o t e s

> Apologies for the hiatus between issues. TBTF should settle down to
a more regular schedule now, with the possible exception of a week
in September when I will be on the windjammer Grace Bailey off the
coast of Maine. No, I won't be taking a computer, why do you ask?

> I went to high school with Herbert Hille, my informant for this is-
sue's final item. Through him I've now reconnected with two other
long-lost friends; working on a third.

S o u r c e s

> For a complete list of TBTF's email and Web sources, see
http://tbtf.com/sources.html .

B e n e f a c t o r s

> TBTF is free. If you get value from this publication, please visit the
TBTF Benefactors page [*] and consider contributing to its upkeep.

[*] http://tbtf.com/the-benefactors.html

TBTF home and archive at http://tbtf.com/ . To (un)subscribe send
the message "(un)subscribe" to tbtf-request@tbtf.com. TBTF is Copy-
right 1994-1999 by Keith Dawson, <dawson@world.std.com>. Commercial
use prohibited. For non-commercial purposes please forward, post,
and link as you see fit.
Keith Dawson dawson@world.std.com
Layer of ash separates morning and evening milk.

Version: PGP for Personal Privacy 5.5