TBTF for 10/27/97: Wireland

tbtf-approval@fenris.imagiware.com
Wed, 29 Oct 1997 21:46:13 -0600


-----BEGIN PGP SIGNED MESSAGE-----

TBTF for 10/27/97: Wireland

T a s t y B i t s f r o m t h e T e c h n o l o g y F r o n t

Timely news of the bellwethers in computer and communications
technology that will affect electronic commerce -- since 1994

Your Host: Keith Dawson

This issue: < http://www.tbtf.com/archive/10-27-97.html >
________________________________________________________________________=
_

C o n t e n t s

It's time to move to a longer key length
IE 4.0 bugs, issues, and rumors
Don't run MS FrontPage 98 beta on Unix/Apache
Microsoft countersues Sun =20
Digital and Intel settle
Justice Department asks Microsoft fine of $1M per day
Stop that Pentium II at the border
US West introduces DSL service, finally
How Microsoft sees Java
Wireland
________________________________________________________________________=
_

=2E.It's time to move to a longer key length

56-bit RC5 is the latest victim of the massive distributed computer
that is the Internet

In the largest distributed computing show of force ever mounted, an
informal worldwide coalition [1] cracked RSA Data Security's 56-bit
RC5 challenge [2], after 250 days and 34 quadrillion keys -- almost
twice the effort required for last summer's DES crack [3]. (The
title of this story is the target phrase.) The Bovine RC5 Coopera-
tive writes [4] (revealing the useful rule of thumb that 1 PowerPC
=3D 2.36 Pentia):

> At the close of this contest our 4000 active teams were
> processing over 7 billion keys each second at an aggregate
> computing power equivalent to more than 26 thousand Pentium
> 200s or over 11 thousand PowerPC 604e/200s.

[1] http://www.distributed.net/
[2] http://www.rsa.com/rsalabs/97challenge/
[3] http://www.tbtf.com/archive/06-23-97.html
[4] http://catless.ncl.ac.uk/Risks/19.43.html
________________

=2E.IE 4.0 bugs, issues, and rumors

Is Internet Explorer a virus?

C|net runs a fine summary [5] of the various problems reported by
folks installing and running Internet Explorer 4.0. Besides the
security [6] and privacy [7] issues covered by TBTF, users have
reported problems with install, uninstall, fonts, graphics and UI,
and conflicts with non-Microsoft applications. C|net helpfully
supplies links to articles in Microsoft's answerbase and to other
Web resources for avoiding these problems or for working around
them. Amid this flood of issues, someone (anonymous) posted to
rec.humor.funny a warning to watch out for an extremely contagious
virus named IE4 [8]. Let's look more closely at two of the recently
isolated issues.
=20
Installing IE4 on a Win95 machine apparently introduces a subtle bug
in Netscape Navigator, if the latter exists on the machine; dein-
stalling IE4 does not help. (The problem has been reported with
version 3.) Navigator POST or PUT requests fail and show up in Web
server logs as "POST or PUT without Content-length" errors. Here is
a detailed description of the problem [9], including a pointer to a
mailing list the author has set up to discuss the bug.
=20
Another IE4 problem is described in this c|net story [10]: the browser
makes use of a new feature, embedded fonts, in such a way as to ren-
der downloaded fonts vulnerable to theft. Microsoft looked into the
problem after it was written up in Daniel Will-Harris's column [11]
last week and declared it not to be serious, to the consternation of
those who make their living designing commercial fonts.

[5] http://www.cnet.com/Dispatch/0%2c118%2c255%2c00.html
[6] http://www.tbtf.com/archive/10-20-97.html#s01
[7] http://www.tbtf.com/archive/10-06-97.html#s02
[8] http://www.tbtf.com/resource/ie4-virus.html
[9] http://www.arctic.org/~dgaudet/apache/no-content-length/
[10] http://www.news.com/News/Item/0%2C4%2C15698%2C00.html
[11] http://news.i-us.com/wire/
________________

=2E.Don't run MS FrontPage 98 beta on Unix/Apache

The Web authoring tool opens up a gaping CGI security hole

On 10/10 Microsoft released beta code for the extensions necessary
to use FrontPage 98 on Unix systems. On 10/11 Mark Slemko posted to
Usenet the news of serious security holes in the code on Unix sys-
tems running the Apache Web server (exploit page is here [12]). Mi-
crosoft paid serious attention and on 10/15 posted a page [13] recom-
mending against installing FrontPage 98 on Unix/Apache systems until
a correction can be developed. (The fix will posted for download
from this page [14] when available.) Slemko's page [12] gives a solid
if brief grounding in the security considerations for CGI programs
running under Unix and the failings of the FrontPage solution. He
stresses that the problem was caught early because Microsoft, in
keeping with Unix convention, published some (not all) of the Unix
extension source code. Microsoft pledges [13] to publish source for
the fix as well. Thanks to Jamie McCarthy for word on this security
hole.

[12] http://www.worldgate.com/~marcs/fp/
[13] http://www.microsoft.com/frontpage/wpp/apache.htm
[14] http://www.microsoft.com/frontpage/wpp/
________________

=2E.Microsoft countersues Sun

Right back at'cha

Microsoft countersued Sun in US District Court on 10/27 [15], [16],
saying that Sun has failed to deliver technology that passes Sun's
own test suites and that runs on the Microsoft Reference Imple-
mentation. The suit also says Sun did not provide a public set of
test suites, as required by their 1996 agreement. Microsoft said Sun
"consistently failed in its obligation to treat Microsoft on an
equal footing with all other licensees," accusing Sun of business
interference and unfair practices for statements that Microsoft's
implementation of Java is incompatible with the language as devel-
oped by Sun.

[15] http://www.wired.com/news/news/business/story/8015.html
[16] http://www.news.com/News/Item/0%2C4%2C15686%2C00.html
________________

=2E.Digital and Intel settle

A win-win for everybody but the lawyers

Confirming rumors that began circulating nearly two weeks ago, Digi-
tal and Intel have announced a settlement agreement [17] to end their
patent disputes. (NY Times coverage is here [18].) The two companies
will expand their relationship; Intel will purchase Digital's semi-
conductor operations and will provide foundry services back to the
Maynard company. In turn Digital anounced plans to develop systems
based on Intel's 64-bit architecture, code-named Merced (developed
in conjunction with DEC rival Hewlett Packard). The agreement gives =
=20
DEC a graceful exit strategy from dependence on Alpha, a technically=20
impressive chip that never garnered significant market share. (C|net
conducted a poll [19] in which respondents split down the middle on=20
the question of whether the deal is good news, or the end of the
line, for Alpha technology.) The 2500 employees at the Digital fab
in Hudson, MA will become Intel employees. Confidential sources with-
in Digital wonder whether the deal could represent a perfect oppor-
tunity for the Board of Directors to replace CEO Robert Palmer, who,
with his intensive chip-design background, might be an excellent
choice to run the fab for Intel.

[17] http://www.intel.com/pressroom/archive/releases/CN102797.HTM =
=20
[18] http://nytsyn.com/IMDS%7CCND7%7Cread%7C/home/content/users/imds/...
[19] http://www.news.com/News/Item/0%2C4%2C15770%2C00.html
________________

=2E.Justice Department asks Microsoft fine of $1M per day

Claims the software vendor violated terms of a 1995 anti-trust
settlement

Justice asked a federal court to fine Microsoft $1M per day for
violating a 1995 court order that bars the company from anti-
competitive licensing practices [20]. The action was triggered by
Microsoft's allegedly requiring PC makers to bundle the Internet
Explorer Web browser. The DOJ press release is available at [21],
the original 1995 case at [22]. The two sides will meet in U.S.
District Court on 12/5. The heart of the case is raised by this
57-word passage: is Internet Explorer part of the operating sys-
tem or is it a separate "Covered Product" [23]?

> Microsoft shall not enter into any License Agreement in which
> the terms of that agreement are expressly or impliedly con-
> ditioned upon: (1) the licensing of any other Covered Product,
> Operating System Software product or other product (provided,
> however, that this provision in and of itself shall not be
> construed to prohibit Microsoft from developing integrated
> products).
=20
In a routine Securities and Exchange Commission filing on 10/29,=20
Microsoft said: "Management currently believes that resolving
these matters will not have a material adverse impact on the
company's financial position, or its results of operations."

[20] http://www.cnn.com/TECH/9710/20/microsoft.ap/index.html
[21] http://www.usdoj.gov/atr/press_releases/1997press/1235.htm
[22] http://www.usdoj.gov/atr/cases3/micros0/micros0.htm
[23] http://www.news.com/News/Item/0%2C4%2C15629%2C00.html
________________

=2E.Stop that Pentium II at the border

The next generation of processors may need approval to export; critics
say a new law sets the bar too close to the desktop

A bill to authorize Defense Department spending, which is mere days
from going to the President for signature, includes a scarcely no-
ticed provision that may introduce PC exporters to the "joys" of
Commerce Department licensing [24], [25]. An amendment to the author-
ization bill specifies that machines capable of 2,000 MTOPS (million
theoretical operations per second) need a license before export to
some 50 countries, including Russia, China, and India. By some
reconings, next year's 450-MHz Pentium II machines might exceed the
2,000 MTOPS limit. Other likely candidates are Sun's Ultrasparc III,
DEC's 21264 Alpha, and the second-generation Power 3 from IBM. The
bill might conceivably apply to multiple-processor machines; if so
then it would affect a wide variety of workstations and servers of
the current hardware generation.

[24] http://www.news.com/News/Item/0%2C4%2C15805%2C00.html
[25] http://www.wired.com/news/news/politics/story/8090.html
________________

=2E.US West introduces DSL service, finally

Live in Phoenix? Fat pipes coming

The Baby Bell planned [26] to roll out Digital Subscriber Line ser-
vice to 11 cities early in 1997 with its entire 14-state region to
be covered by the end of the year. These plans were delayed and
scaled back after a management shakeup [27]. Now the company is ready
to begin offering DSL service [28], [29] in a single city, Phoenix. US
West does not specify whether its "MegaBit Services" feature the same
data transfer rate upstream as downstream; they do say that DSL pro-
vides a continuous Internet connection over a line that can handle
voice traffic simultaneously. DSL will be phased in over the central
offices in Phoenix, eventually covering half a million business and
home customers. Denver will follow early next year and other loca-
tions in the US West region will be added later. Here's what pricing
looks like, after a $199 installation fee.

192 Kbps $ 40 / mo.
320 Kbps $ 65
704 Kbps $125

[26] http://www.tbtf.com/archive/01-21-97.html#s01
[27] http://www.tbtf.com/archive/09-15-97.html#s05
[28] http://www.uswest.com/com/aboutusw/newsreleases/comm/102897.html
[29] http://www.infoworld.com/cgi-bin/displayStory.pl?971028.wdsl.htm
________________

=2E.How Microsoft sees Java

An object expert has reason to take Microsoft at its word in its Java
battle with Sun

ObjectWatch, headed by Roger Sessions, specializes in training and
development for Microsoft object technologies. Sessions recently
completed work on a book about COM and DCOM [30] and in the course
of his research formed what we might assume are informed opinions
on Microsoft's attitudes about object technologies. Sessions de-
votes the current number of his ObjectWatch newsletter [31] to the
Redmond giant's views on Java. Summary:

> [Microsoft] fully supports and really likes Java the language.
> It is committed to providing competitive tools for developing
> Java components to run on the component tier. As far as the
> libraries and Java run-time environment, it says let each
> company provide the best underlying support for Java that it
> can, and may the best architecture win.

[30] http://www.amazon.com/exec/obidos/ISBN%3D047119381X/
[31] http://www.objectwatch.com/issue7.htm
________________

=2E.Wireland

The US exports more software than any other country. Who do you suppose
is in second place?

Irish Deputy Prime Minister Mary Harney is enjoying an official
visit to Silicon Valley [32]. We know she's enjoying it because she
said, in a dinner speech to the Irish Trade Board, "I am told that
every day, 61 new software millionaires are created in Silicon
Valley. I am free this evening if they want to call me." Harney=20
noted that Ireland is now the second-largest exporter of software
in the world; its more than 400 software companies turn over $750
million annually. Another sign of Ireland's technical prowess is
the recent award to NUA Ltd., an Internet consultancy and developer,
of the Web-site design contract for Thomas Publishing Company's
American Export Register [33]. NUA won in an open competition
against 11 US Web-development firms. NUA publishes Internet Surveys
[34] and New Thinking [35], and is a solid exemplar of how to build
an online reputation.

[32] http://www.infoworld.com/cgi-bin/displayStory.pl?971028.wireland.ht=
m
[33] http://www.thomaspublishing.com/pageaer.html
[34] http://www.nua.ie/surveys/
[35] http://www.nua.ie/newthinking/
________________________________________________________________________=
_

S o u r c e s

> For a complete list of TBTF's (mostly email) sources, see
< http://www.tbtf.com/sources.html >.
________________________________________________________________________=
_

TBTF home and archive at < http://www.tbtf.com/ >. To subscribe
send the message "subscribe" to tbtf-request@world.std.com. TBTF
is Copyright 1994-1997 by Keith Dawson, < dawson@world.std.com >.
Commercial use prohibited. For non-commercial purposes please
forward, post, and link as you see fit.
_______________________________________________
Keith Dawson dawson@world.std.com
Layer of ash separates morning and evening milk.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2, by FileCrypt 1.0

iQCVAwUBNFgClGAMawgf2iXRAQFS1gP+I7eqJSMSIm5gpl4jIxdgrLa3Ipf0Y+7v
7j6RRCo/wP3ZZ3FcFjtgpfiZ8gGjsKNtK//NU/jrYfomXcRmVO6a2g4X20qCvVr0
bi2ZIZ5P6xfSPTeE1CvHy/qyMf7N3u/lvCRwR7VxrXkHjy2FP+ZmBLjRi/LYcCqz
91kBLLZsnko=3D
=3DKFdj
-----END PGP SIGNATURE-----