The Clinton Administration last week revealed plans for implementing its key-recovery framework (in a Bureau of Export Administration interim rule). The wording released last week contained more than a few surprises to those who had listened to Clinton Administration assurances in October, reflecting the deep split in opinion within the Administration . Within a day the Business Software Alliance had dropped its cautious support of the plan . The original policy proposed using key recovery to ensure that cryptography could be cracked after the fact, but the interim rule proposes key escrow, which would allow real-time eavesdropping on encrypted communications. A BSA spokeswoman compared the October and December plans with the difference between giving the police the power to apply for a search warrant vs. giving them keys to every door.
An observer said that a statement summarizing the goals of the program was indistinguishable from a description of original Clipper program goals.
On 12/6 the Telecommunications Industry Association came out against the plan  and it was denounced by executives for Sun Microsystems and Tandem.
Despite the opposition, a number of companies are working on key-recovery products, including an HP-Intel-Microsoft partnership  and an IBM-lead alliance -- which this week added 29 new members .
Yesterday U.S. Representative Bob Goodlatte said he will reintroduce legislation to ease crypto export resctictions . The legislation failed last year when time ran out in the Congressional session.
Princeton University's Safe Internet Programming team  has uncovered a major security flaw  in the way the Web operates. This is the group that found the DNS Java hole (see TBTF for 1996-03-10 ) and the MS Internet Explorer DOS breach (TBTF for 1996-08-25 ). In the new attack, dubbed "web spoofing," an attacker intervenes between a user browsing the Web and a real Web site. By mimicking the appearance and behavior of the genuine Web site, the interloper can intercept all of the user's interactions, including any passwords, PINs, credit-card numbers, etc. You can retrieve the Princeton group's paper in various forms (not including HTML) from the SIP site .
Late last month Microsoft turned over the latest leaf in its "embrace and extend" strategy (a waggish Microsoft employee recently said in my hearing, "'Embrace and extend' is like what a boa constrictor does to a rat"). The company plans  to develop a native-code compiler for Java, tied to ActiveX, and a set of proprietary extensions to the language that let developers create faster-running Java executables -- but they will run only on Windows. Microsoft will also rename the Win32 Java Virtual Machine as the "Microsoft Virtual Machine" and will not support all of the core JDK 1.1 APIs in Internet Explorer or Windows. A few days after this news broke Javasoft officials sought to downplay any dissention in the ranks, as evidenced by this note from the TechKnow Times (1996-12-05):
> Javasoft VP John Kannegaard said that the rumors about rivalry and
> contention between Sun and Microsoft over variations in Java, im-
> plementations are unfounded. "Don't believe everything you were
> told, or read, because it turns out not to be true," Kannegaard ad-
> vised. "The Java industry is working as we'd hoped. It's certainly
> a very happy place. Any rumors to the contrary are certainly false."
Meanwhile, Sun has geared up a "100% Pure Java" initiative , trying to pressure Microsoft into relenting on its plans for diluting the language's "write once, run anywhere" nature. 100 companies have signed up. Netscape shared the stage with Sun, even though Netscape has done its own flirting with proprietary Java extensions.
TBTF for 1996-10-20  discussed two studies that disagree wildly about the coming of e-commerce, its size and timing. (There has been a spate of such studies lately; the current issue of Nua Internet Surveys  lists 38 of them.) The outlook was downbeat at a recent round-table discussion sponsored by Red Herring magazine in San Francisco . Seven executives from different areas of Internet commerce were generally optimistic about the long-term prospects for online sales. But when asked when they believe 5% of sales would take place electronically, four of the seven declined to guess, and the other three offered an average estimate of four years -- after the turn of the century.
As a counterexample, consider Cisco's Web site , which in the 5 months since the company started processing orders online has grown into the giant of online commerce . The site already handles 6% of the company's business; its goal is 30% by years' end. That would represent $1.1 billion per year. Customers place orders for 5- and 6-figure products without any apparent qualms about security.
The cable channels are getting creative with Web business models. First MTV pressured online service providers to pay multimillion-dollar fees or risk seeing their suscribers barred from the MTV site. A week later other cable players -- Discovery Online, CNN, and ESPN -- were talking of added-value Internet services priced in multiple tiers, the way cable content is packaged today. ISVs were becoming increasingly nervous, as evidenced by this comment from the CEO of @Home (reported in Edupage, 1996-12-08):
> "We talk to hundreds of content providers. The common theme is, they're
> the ones who think they should be getting paid right now rather than
> being the one who pays."
Xoom Software, a new Internet-only publisher of consumer and small-business software, had developed a spam-blocker called Email Robot. How to promote a technology for blocking unwanted email? Why, send an unsolicited email announcement to six million PC users , that's how. This action represents the largest known spam in the history of computing.
When the National Science Foundation stopped funding the Internet backbone in the spring of 1995 it turned over operation of four U.S. Network Access Points to private companies -- in fact, to the "baby Bell" regional phone companies created at the breakup of the Bell system. Most of the world's Internet traffic passes through these (and a few other) NAPs. The phone companies charge local and regional ISPs thousands of dollars a month for access to the Internet through these NAPs. Now a player from outside the telphone fraternity is breaking into this cozy business -- and is charging no connection fees to ISPs. Genuity  is an ISP for large-scale customers and a subsidiary of Bechtel, the international construction and engineering company. The ISP has opened a new NAP  in Phoenix, which it intends to run on a not-for-profit basis in order to build its network services business. For a quick overview of the existing U.S. NAPs see the Genuity topology map .
At Internet World in New York Genuity also announced the Hopscotch service , which it calls an "industrial-strength solution to Net traffic." It involves real-time tracking of Net congestion and optimal routing of the ISP's customers' data.
Messenger  -- The Internet Company, Cambridge MA, introduced Messenger, which uses a new UDP-like protocol (incorporating reliability features such as resend) to enable publishers to push content over multiple channels. The Messenger application is standalone, i.e. not a browser plugin; it is not compatible with HTML or HTTP.
Gigex  -- V-Cast, Inc., has introduced Gigex (FAQ at ), an Internet delivery service with guaranteed delivery, tracking, and confirmation of large software packages and files of up to 1 gigabyte. Gigex delivers despite network outages or hardware reboots. Gigex is available now for all Windows platforms; Macintosh and UNIX versions are to be released early next year. It costs the sender $1 to send each package (of whatever size); senders must prepay $500. The service uses a small "delivery agent" of about 200K, which is downloaded to perform the transfer and which self-destructs when it is done.
Channel Manager  -- DataChannel Corporation  introduced Channel Manager, said to be the first Intranet administration tool that allows IS managers to manage Web channels and other information sources on employee desktops. (I was unable to get the demo  to work, perhaps due to weak Java support in the Macintosh version of Navigator Gold 3.0.)
Here are quick summaries of some recent industry moves; announcements have been thick on the ground from the Internet World show in New York this past week.
Microsoft acquires NetCarta  -- NetCarta's WebMapper is one of the more impressive Web-site management products on the market. Its "Cyberbolic" view  of a site is the best way I've seen to visualize a site at a glance, no matter how large. Microsoft will market WebMapper as part of its BackOffice suite.
Netscape licenses ODI's Persistent Storage Engine  -- following Object Design, Inc. deals with Microsoft and Borland, Netscape said it will include PSE in its new Communicator client suite, due to beta early in 1997. The software will allow Communicator users to store local copies of downloaded Java applets, saving network bandwidth the next time an applet is needed. Neither Microsoft nor Borland has yet announced specific product plans for PSE.
PGP announces PGPcookie.cutter, PGPmail 4.5 -- Following its acquisition of PrivNet (see TBTF for 1996-12-02 ), PGP Inc. has announced its plans  for the company's cookie-management technology: it will be available in January for Windows and Macintosh at $19.95. In other news, PGP disclosed an enhanced version of PGPmail integrated with Eudora ; and yesterday the company hosted a meeting of the Cypherpunks ; and the company unvieled a FutureSplash-enhanced Web site . (FutureWave  makes this friendly replacement for the clumsy technology of animated GIFs; animations are small and stream in full motion even over a slow modem connection.)
Taligent technology bridges Web server APIs -- Taligent started life as a joint venture among IBM, Apple, and HP; it built object-oriented frameworks in C++ on the way to developing a new operating system. The large-scale plans are history now and Taligent is an IBM subsidiary; and some of its technology is beginning to make its way into the world. From IBM's AlphaWorks pages you can download an early version of Taligent's WebRunner , a C++-based object framework that lets developers write Internet extensions, applications, and forms without concern for which gateway standards or server platforms will be used. WebRunner code interfaces with CGI, Netscape API (NSAPI), and Internet Service API (ISAPI) without modification.
Want to invent Net businesses by the dozen, the way Bill Gross does ? Start at this site  in Tripod's Toybox. It takes you step-by-step from naming and presenting a logo for your nascent Cyberbusiness through churning out a suitably buzzword-laden business plan. The business names are generated in a "choose one from column A and one from column B" fashion. As best I can determine, Column A and Column B each contain 13 name fragments. See  for a table of the graphics out of which you construct logos for the resulting 169 potential companies (total load size is 58 KB).
The site went online some time ago -- there isn't even a link to it from the Toybox page now, though there was yesterday. At this writing 103 of the 169 domain names have already been claimed. I wonder how many of them used the Toybox Business Plan site to get started? The 66 available names are shown at .
No breakthrough technology here, just one of those Web pages that makes you shake your head in wonder, the way you did the first time you saw the FedEx package tracking page . Flyte Trax [46a] provides real-time information on the path of U.S. commercial airliners in flight, with a map and projected time of arrival (the data come from U.S. air traffic control). You can query any flight in the air. I've put a representative result page on the TBTF archive .
Last week your correspondent attended the NII Awards dinner and the associated Digital Footprint conference in New York. NII had asked me to help judge this year's entrants and I was delighted to do so. If you find yourself getting discouraged about the direction the Web is taking, visit the NII site <http://www.gii-awards.com/winnerz.html> for evidence that people continue to invent worthwhile and ennobling ways to use the technology.
TechKnow Times -- mail email@example.com with subject: subscribe . Web home at <http://www.TechKnowTimes.com/>.
Nua Internet Surveys -- mail firstname.lastname@example.org without subject and with message: subscribe . Web home at <http://www.nua.ie/>.
Edupage -- mail email@example.com without subject and with message: subscribe edupage Your Name . Web home at <http://www.educom.edu/>.
TBTF alerts you weekly to bellwethers in computer and communications tech- nology, with special attention to commerce on the Internet. Published since 1994. See the archive at <http://www.tbtf.com/>. To subscribe send the mes- sage "subscribe" to firstname.lastname@example.org. TBTF is Copyright 1996 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Commercial use prohibited. For non- commercial purposes please forward and post as you see fit. _______________________________________________ Keith Dawson dawson dot tbtf at gmail dot com Layer of ash separates morning and evening milk.