Domain name policy
See also TBTF for 2000-04-19, 03-31, 1999-12-16, 10-05, 08-30, 08-16, 07-26, 07-19, 07-08, 06-14, 05-22, more...
Thanks to Dan Kohn <dan at teledesic dot com> for the quick heads-up on this news, barely a day old at this writing.
Do you remember the palmy days when software product development cycles were measured in years, not quarters? In quarters, not months? In months, not weeks? Netscape bears much of the credit, or blame, for setting the now-dizzying pace of Internet tool development, where availavility of beta code for version n+1 often precedes the official release of version n. When Microsoft joined the fray with all guns blazing the pace, amazingly, accelerated. Now the two companies are urging the once-leisurely disciplines of public-opinion shaping and legal maneuvering to the same blistering pace. Netscape, following up on its anti-competitive charges against Microsoft (see TBTF for 1996-08-08 ), on 8/12 sent a second letter  to the Justice Department, this one filled with chewy details of the alleged practices turned up in a Netscape "investigation." Within days Microsoft had posted a rebuttal  on their Web site, with links to some of the vendors cited as sources by Netscape, disclaiming any coersion or damage. In my opinion this round is a draw, and I would like both parties please to withdraw to their corners, bloodied.
Dan Kohn <dan at teledesic dot com> forwarded me information on this latest escalation (this is getting repetitive -- Dan, do you want to just write for TBTF?) in a mail message titled "Banging on an elephant with a twig."
See also TBTF for 1997-07-28, 01-11, 1996-08-25, 08-08, 05-20
The Princeton team that found numerous security holes in Sun Microsystems' Java language and implementation (see TBTF for 1996-03-10 ) has now turned its spotlight on Microsoft's Internet Explorer browser. Judging from the Hack Microsoft page  and the Exploder  (and similar topics covered in TBTF for 1995-12-15  and 1995-11-19 ), you might expect these experts not to encounter heavy sledding in finding holes in a Microsoft product. But MSIE 3.0 is reported by Microsoft's friends and adversaries alike to be woven of sterner stuff. Nonetheless, the Princeton group reported finding a serious flaw in Explorer 3.0 running under Windows 95. Quoting from the comp.risks newsgroup posting by Ed Felten <felten at cs dot princeton dot edu>: "An attacker could exploit the flaw to run any DOS command on the machine of an Explorer user who visits the attacker's page." The group found a way to deliver a document to the visitor's browser, bypassing the security checks that would normally be applied. Such a document could contain, for example, a Microsoft Word macro that executes arbitrary DOS commands. The following response, from Thomas Reardon <thomasre at microsoft dot com>, was posted to Risks the next day.
> We now post the virus warning dialog on local files (file: urls). We
> have always posted it on remote files (http: urls). Note that the root
> of the problem is not Java or the browser, but in macro-enabled appli-
> cations. IE3 has a mechanism to warn users about safety of documents
> when used with common macro-enabled applications. We are have updated
> Microsoft Word such that by default it will not run macros embedded in
This posting leaves me uncertain of the exact status of these fixes. Are patches to be made available? In what shipping versions of what Microsoft products will the fixes appear?
Phil Zimmermann, the man who let the genie of strong crypto out of the bottle, will be presented the Norbert Wiener award in October. The Wiener award is given annually by the Computer Professionals for Social Responsibility  to honor excellence in promoting the responsible use of technology. (I would nominate this vehicle  for next year's award, but it would be redundant.)
Are you a Mac developer? Want to learn details of implementing crypto software on that platform? Then register for a free conference to be held in Cupertino on 9/5 and 9/6, 1996. The conference is hosted by Vinnie Moscaritolo <vinnie at apple dot com> and is billed as The First- Ever- Last- Minute- Under- the- Radar- Ask- Forgiveness- but- Not- Permission Macintosh Cryptography and Internet Commerce Software Development Workshop. For details and a registration form see .
You may have heard that hackers invaded the Web site of the Department of Justice a week ago and made "interesting" alterations. For at least several hours the site displayed anti-government propaganda, a swastika, and other content that rendered it illegal under the Communications Decency Act. DoJ technicians turned off the server on Saturday morning and restored its proper content, but not before enterprising Netizens captured the doctored site in all its glory and reposted it elsewhere. Examples may be found at  and . For CNN reportage on the breakin see . Thanks to Jon Callas <jon at worldbenders dot com> and the others who sent news of the bit of hacker lore in the making.
See also TBTF for 1997-10-20, 1996-10-31, 10-09, 09-08, 08-25, 1995-12-22, 11-29
Nathan Syfrig <nsyfrig at condor dot depaul dot edu> wrote to the e$ mailing list to describe a recent development in the spam wars. A company called Cyber-Promo, well known to spamfighters, has come up with a new twist to avoid ISPs' prohibitions on unsolicited commercial messages.
> A friend of mine got an innocuous e-mail with a reply-to address of
> email@example.com, saying that she was the recipient of an "electronic
> postcard"... [she was instructed] to reply with the word "POSTCARD" in
> the mail header. So she responded (thinking that this was a new twist
> to the recent Web greeting card fad): It was a marketing spam! However,
> because the original was not commercial and the actual content had to
> be "requested," it was not unsolicted... In my book, this is worse than
> being direct about it!
So if spam offends you, don't reply "POSTCARD" to an unknown address. The next time Cyber-Promo runs this spam the return address will almost certainly be different.