(A Javascript-enabled browser is required to email me.)

TBTF for 1996-05-12: Pasta, fruit, and a roll

Keith Dawson (dawson dot tbtf at gmail dot com)
Mon, 13 May 1996 07:11:55 -0400

HTML 3.2 tries to halt proprietary drift

On 1996-05-07 the World Wide Web Consortium (W3C) announced [1] agreement with major industry players (including IBM, Microsoft, Netscape, Novell, SoftQuad, Spyglass, and Sun) on the specification for HTML 3.2. Work is continuing on the spec so final details are not available, but see [2] for a summary of features and [3] for the DTD. Quoting from the press release [1]:

> Design work on HTML 3.2 is based upon HTML 2.0 and draws from such
> sources as the HTML+ and HTML 3.0 drafts, and extensions proposed by
> W3C member companies, including contributions popularized by Netscape
> Communications Corporation. HTML 3.2 will add widely deployed features
> such as tables, applets, and text flow around images, while providing
> full backwards compatibility with the existing standard HTML 2.0.

The HTML 3.2 spec represents the W3C's attempt to get back out in front of the tidal wave of HTML evolution and divergence. It should be bigger news than it is; in almost a week since the W3C announcement I've only seen the news picked up by one service (below). An Alta Vista search reveals no other substantial coverage.

>>From Computer Industry Daily (1996-05-09):

> The WWW Consortium unveiled the updated HTML 3.2 standard. The
> new specification attempts to resolve many of the problems caused
> by proprietary Web browsers, which implement nonstandard features
> for improved performance. HTML 3.2 includes multimedia applets,
> forms and style enhancements, and tables for online documents.
> Specialist Dan Connolly says, "The main purpose of the specifi-
> cation is to get everyone on the same page of the map."

To get an idea how close W3C came to meeting its goals, compare the May 7 press release [1] with one issued March 4 [4] and announcing the formation of the industry working group.

[1] <http://www.w3.org/pub/WWW/MarkUp/Wilbur/pr7may96.html>
[2] <http://www.w3.org/pub/WWW/MarkUp/Wilbur/>
[3] <http://www.w3.org/pub/WWW/MarkUp/Wilbur/HTML3.2.dtd>
[4] <http://www.w3.org/pub/WWW/MarkUp/960304_News>



According to a story on page 3 of the current Internet Week (subscribers-only URL not supplied), Digital's Alta Vista was being entirely too successful for Sun's taste. The search engine had garnered rave reviews since its introduction in 12/95 [5]. It kept winning prizes, such as "Best Search Engine" in the C/Net Awards for Internet Excellence [6]. It routinely harvested favorable press ink for Digital and for the Alpha chip technology on which Alta Vista is built. Sun's own UltraSparc technology could use that kind of exposure, Sun reckoned; so last January Sun asked Infoseek (the first Internet search company): please build an Alta Vista killer.

The result is Ultraseek [7]. It won't open up to the public until June and the advance access granted to the press is hampered by a test database of limited size -- so adjust your PR filter accordingly.

Ultraseek runs on a single Sun Microsystems Ultra Enterprise 4000 server and claims a speed up to 1000 transactions per second. Infoseek says that Ultraseek's speed advantage over other search engines grows wider the larger the database and the more complex the query. Using patented technology licenced from Xerox Palo Alto Research Center, Infoseek claims query performance will go down by a factor of only 10 for each 1000-fold increase in database size.

The Alta Vista search site is currently handling in the neighborhood of 10 million hits per day. Assuming that a third of these hits are search requests, the Ultraseek engine could process these 3+ million transactions in about an hour. This BOTEC suggests that Ultraseek may have a raw capacity tens of times greater than that of Alta Vista today.

[5] <http://www.tbtf.com/archive/1995-12-18.html>
[6] <http://www.cnet.com/Content/Features/Special/Awards/ss5.html>
[7] <http://www.ultraseek.com/>


Prodigy bought out by executives and Mexican backers

The following is from a press release datelined 1996-05-12, White Plains, NY. TBTF was scooped on this item by Seidman's Online Insider [8], to which I happily defer analysis -- the world of the commercial online services being Mr. Seidman's particular bailiwick.

> International Wireless Incorporated and a group of Prodigy executives
> announced the acquisition of Prodigy Services Company from its owners,
> IBM Corporation and Sears, Roebuck and Co. The announcement was made
> today by Greg Carr and Terry Dillon, Co-Chairmen, International Wire-
> less, and Edward A. Bennett, President & Chief Executive Officer, Pro-
> digy.

> The agreement calls for International Wireless to acquire the entire
> Prodigy service in an acquisition led by Prodigy management. Financial
> terms of the agreement were not disclosed. The acquisition is subject
> to regulatory approval, which is expected in June.

> International Wireless is a global communications company with inter-
> ests in cellular telephone properties, online services and Internet
> content development and is headed by Messrs. Carr and Dillon. Paul
> DeLacey is President and CEO of International Wireless.

> Participating as a financial and strategic partner in the new venture
> is Grupo Carso, Mexico's leading industrial and telecommunications
> corporation, which includes in its holdings TelMex, the telephone and
> telecommunications company serving Mexico. Grupo Carso is a major
> shareholder in International Wireless and is embarking on interna-
> tional expansion in the Internet and technological markets.

[8] <http://www.clark.net/pub/robert/current.html>


Two new Java security holes

  1. A group at UC Berkeley (Chad Yoshikawa <chad at cs dot berkeley dot edu>, Brent Chun <bnc at cs dot berkeley dot edu>, and David Culler <culler@cs dot berkeley.edu>) has discovered a new security hole [9] in Java-capable browsers such as Netscape. The hole allows for opening sockets to arbitrary ports on web servers that serve Trojan-horse applets. In this preliminary writeup [9] the group also describes a new application of the "covert channels" hole discovered by the Princeton group [10] to create "Web Graffiti" -- the dynamic insertion of text, graphics, or applets into HTML pages. If you have a Java-capable browser you can follow a link [11] from the Berkeley group's writeup to see a harmless demonstration of Web Graffiti.

  2. Daniel Abplanalp and Stephan Goldstein <goldstei at iamexwi dot unibe dot ch> have discovered a way [12] for a Java applet to learn the pathname of the directory from which the Netscape Navigator browser was launched. This hardly sounds like a major security threat, but it is clearly unintended by Java's designers. The authors have sent full details to Sun and Netscape and have withheld them from publication until a fix is available.

[9] <http://whenever.cs.berkeley.edu/graffiti/>
[10] <http://www.cs.princeton.edu/sip/pub/secure96.html>
[11] <http://whenever.cs.berkeley.edu/graffiti/trojan_horse.html>
[12] <http://catless.ncl.ac.uk/Risks/18.06.html#subj1>


Of maps and imagemaps

Yahoo has added a U.S.-only map service [13] to its offering, and it is slick. You can feed it a street address or the intersection of any two streets and quickly get back a compact map (typically 6K, and interlaced) centered on the target location, at a scale of 1500 feet per inch. You can specify city and state (which yields a scale of around 1.5 miles per inch), or for finer detail city, state, and zip code. The maps are provided by Etak, Inc. [14] and the map service is hosted by Proximus Corp. [15].

Proximus provides similar custom services to Lycos [16] and to GeoCities i[17], and these latter two services let you map the home location of a domain name or an email address. (Yahoo uses an extra domain name, maps.yahoo.com, to cloak the Proximus origin of the map service; GeoCities uses a CGI script; Yahoo doesn't bother.)

All three services use client-side imagemaps to provide navigation from the returned map -- e.g., zoom in or out, move in any direction. Lycos also adds a dynamically generated server-side map for the use of those browsers that don't support client-side imagemaps, a neat trick indeed. Going in the other direction, Jon Stevens <jon at aggroup dot com> [18] posted this note just now to the apple-internet-announce mailing list:

> AMapMap [19] is a small shareware ($15) Droplet Application that will
> convert your web server-side imagemaps (Both CERN and NCSA format)
> to client-side imagemaps. It requires UserLand Frontier to do its
> magic. Please see the ReadMe file for more information on obtaining
> Frontier, using the Droplet, and paying the shareware fee.

[13] <http://maps.yahoo.com/yahoo/>
[14] <http://www.etak.com/>
[15] <http://www.proximus.com/>
[16] <http://www.proximus.com/lycos/>
[17] <http://www.proximus.com/geocities/>
[18] <http://www.clearink.com/>
[19] <ftp://sparc.clearink.com/pub/mac/amapmap/AMapMap.sit.hqx>


Your own private tunnel

Here is a product of a sort we will be seeing more of in the coming months: it uses the open Internet, or a commercial online service, to extend the range of a company's private, internal network -- the so-called "little-i intranet". InfoExpress's [20] Virtual TCP Online [21] has client and server pieces; the server runs on a variety of Unix and Windows platforms [22] and the client runs only on Windows 3.1 and Windows 95.

>>From the Weekly Recap (1996-04-29):

> InfoExpress announced the launch of Virtual TCP Online, a middleware
> application that turns commercial on-line services and Internet access
> services into secure Virtual Private Networks. Users run the Virtual
> TCP Online software while logged into a commercial online service or
> Internet service provider. The software creates a secure encrypted
> TCP/IP tunnel between the remote PC and the corporate Intranet. Vir-
> tual TCP Online thus extends corporate networks to wherever the user
> is, and uses today's online services to provide employees with remote
> access to corporate data.

[20] <http://www.infoexpress.com/>
[21] <http://www.infoexpress.com/tunnel/von.htm>
[22] <http://www.infoexpress.com/tunnel/vonp.htm>


The Lunch Menu Man

A mixed-media item to go out on. The original interface to this peculiar and disquieting service was the telephone. Do this: call 704-377-4444, and when the recording begins hit 1955. Then just listen to the man read the lunch menu for a school district in North Carolina. He has a Web page now [23], but the audio is considerably better over the phone. I learned of this odd duck from a mailing list maintained by Jon Callas <jon at worldbenders dot com>. On 4/26 someone posted his story to Hotwired's Net.Soup and claimed that he is becoming a cult figure in New York media circles. An Alta Vista search reveals that National Public Radio aired a 4-minute spot about David Price, former used-car salesman from Concord, North Carolina, on 1996-01-22 [24], [25]; by that date he had received more than 18,000 "hits" on his phone message. Download [26] (86 KB) if you would like to hear Mr. Price say "Pasta, fruit, and a roll."

[23] <http://www.charlotte.com/ads/menuman/>
[24] <http://majorca.npr.org/programs/atc/music/Jan.96/atc.01.22.96.Monday.html>
[25] <>
[26] <http://www.edge.net/kdf/audio/lunch.au>


> A BOTEC is a back-of-the-envelope calculation.


>>Computer Industry Daily -- mail cid@computereconomics.com with subject:
> Subscribe .

>>Seidman's Online Insider -- mail listserv@peach.ease.lsoft.com without
> subject and with message: Subscribe Online-L Firstname Lastname .

>>Apple Internet Announce mailing list -- mail listproc@abs.apple.com without
> subject and with message: subscribe apple-internet-announce Your Name .

>>Weekly Recap -- mail majordomo@case.wsgr.com without subject
> and with message: Subscribe multimedia-list .

TBTF alerts you weekly to bellwethers in computer and communications tech-
nology, with special attention to commerce on the Internet. See the archive
at <http://www.tbtf.com/>. To subscribe send the message
"subscribe" to tbtf-request@world.std.com. Commercial use prohibited. For
non-commercial purposes please forward and post as you see fit.
Keith Dawson dawson dot tbtf at gmail dot com dawson@atria.com
Layer of ash separates morning and evening milk.