Posters to the Cryptography mailing list, particularly Lucky Green <shamrock at netcom dot com>, have uncovered the following wrinkles in the new regulations. In each post Green cautions "IANAL" (I am not a lawyer), and I hereby do the same.
If anyone wishes to contribute an analysis based on quantum complementarity, I'll publish any such essay that illuminates the debate.
The task force's chairman, Duane Andrews, noted in an interview that U.S. law forbids the military from implementing strong countermeasures, such as a program to "repel and pursue" those who try to hack into DoD computer systems. He wants the law changed so the Pentagon can respond by injecting attackers' computers with "a polymorphic virus that wipes out the system, takes it down for weeks." Fans of due process will be gratified that there is no report of such a technique (William Gibson called it "ice") being mentioned in the study proper.
Andrews added, "Most of the stuff in [the report] is a message to industry, too. A large international bank has exactly the same problems and challenges as the Defense Department."
Dan Farmer <zen at trouble dot org> would probably agree. The man whose 1994 release of the SATAN security-scanning program  got him dismissed from SGI has recently published the results of a study  in which he examined the vulnerability of 1700 high-profile, commerce-oriented Web sites. These are the kind of sites we'd like to believe are exquisitely sensitized to security concerns. Farmer did nothing illegal, he claims: "I barely electronically breathed on these hosts." Nevertheless he found over 60% of the sites vulnerable to compromise or destruction by simple and widely known breakin techniques. He estimates that a further 10% to 20% would yield to more sophisticated attacks.
Thanks to Dan Kohn <dan at teledesic dot com> for pointing me to the military study and to Keith Bostic <bostic at bsdi dot com> for the civilian.
Peter Trei <trei at process dot com> has been working on code to make it easy for PC users across the Net to participate in these challenges. He notes in a work-in-progress report to the Cryptography list that code should be available by mid-to-late January.
TSW offers a $10 shareware package called eFilter  for PCs that previews the email waiting on your POP server and deletes messages containing keywords that you specify, leaving a log for your examination. The drawback here is that it only works for repeat offences from a particular spammer. Don't know about you, but the bulk of the spam I receive is one-shot.
Rosalind Resnick <rosalind at netcreations dot com>, one of the early practitioners who helped us all to figure out how online marketing could be done within the best traditions of the Net, may have invented a better way. Her NetCreations site offers a service  at which users can sign up for online solicitations that they actually want to read. At the time of my visit the site listed 1327 areas of interest. I sincerely hope that the online direct-marketing community flocks to Resnick's service and she becomes very rich. The gloomy alternative is spelled out by John C. Dvorak <dvorak at aol dot com> in the December 1996 Boardwatch magazine:
> In direct mail, you lose money if you solicit people who do not want
> to buy. So you are careful [to target your messages] or you go broke.
> With email marketing, this natural selection process will never hap-
> pen... Why should anyone care about targeting when mail is free?...
> I wonder what we will do when thousands of spams show up in our email
> each and every day?
Aside : speaking of early practitioners, I recently recrossed the traces of Christopher Locke <clocke at panix dot com>, whose writings while he was at Mecklermedia, in 1994, laid the foundations for my thinking about online marketing. Locke is now VP Business Development and webmaster at Displaytech , a Colorado manufacturer of "portable displays that don't suck." His breathlessly postmodern press release begins:
> Displaytech makes miniature high-resolution full-color multi-hyphen-
> modified displays that fit on a computer chip the size of your thumb-
> nail. magnifying the image yields a virtual screen as good as any
> desktop monitor. the tech is fast and small enough so that it can
> be embedded in head mounted color displays that don't make the people
> wearing them look as if they just landed from mars.
Aside : speaking of Boardwatch magazine, their third quarterly guide to U.S. ISPs is now available; it contains the best answer, in technical detail, that I have ever read to the question: What is the Internet? This article (written by editor Jack Rickard), like the rest of the ISP guide, is available on the Web  (53K) -- but I suggest you obtain  the dead-trees edition and give it close study.
TBTF for 1996-12-24 
TechWire reports  that opposition is mounting to the draft International Ad Hoc Committee plan for extending the number of top-level domains. Complaints include the 60-day waiting period for new names and the proposed lottery system for choosing the initial suppliers. The president of one Web-design firm, who has invested to develop the unofficial top-level name .web, says he is "unwilling to roll the dice" on this sunk cost. An overall criticism is that the committee's recommendations are unbalanced, favoring large tradename holders at the expense of smaller players -- a charge that is frequently levelled against InterNIC, the current monopoly holder in the granting of top-level names.
Worldwide roaming access
TBTF for 1996-11-12 
Netcom, one of the largest U.S. ISPs, has signed with AimQuest  to provide global roaming access to its customers. AimQuest's program is one of several sources of "virtual tunneling" among a network of ISPs to extend the geographical reach of all the members.
Microsoft backpedals on license wording
TBTF for 1996-12-14 
Microsoft will reword its Java SDK license agreement to assuage user fears that their applications might be legally bound to run exclusively on Microsoft's Java Virtual Machine. According to TechWire , some user organizations have told their engineers to de-install the Visual J++ Java development environment, worried that under deadline pressure engineers might succumb to the temptation offered by existing ActiveX (i.e., OLE) components -- thus rendering important aplications Windows-specific and obviating the "write-once, run-anywhere" promise of Java.
FC97 conference, Anguilla, BWI: bandwidth on a beach
TBTF for 1996-09-23 
Preparations continue apace for the first refereed conference on financial cryptography. Robert Hettinga <rah at shipwright dot com>, one of the organizers, reports that Community Connexion is about to make the world's largest ecash transaction to date by purchasing its exhibition space using DigiCash's ecash .
Below is an excerpt from a Hettinga rant in which he expounds, with storied prolixity, on the reasons why you must attend this conference. Reason number 8:
> FC97 is chance for those of us who only know each other on the net
> to actually meet face to face and start to develop the kind of per-
> sonal relationships and trust we'll all need to create the future
> of finance on the Internet... And, while the whole point to finan-
> cial cryptography is that we won't need to have face-to-face contact
> for financial relationships, much less regulation, there's still,
> currently, more bandwidth in a conversation on an Anguillan beach
> to develop that trust relationship than there is anywhere on the
I've got my reservations in (settlement by First Virtual) -- if you're going I'll see you on the beach in February.
Mark Rosen <mrosen at peganet dot com> is developing a program he has been calling Very Good Privacy. He received a complaing letter from PGP, Inc. and was casting about for a new name. Posting a call for alternatives to the cypherpunks mailing list (subject: "The product formerly known as VGP") netted these not terribly helpful suggestions:
>>From Timothy C. May <tcmay at got dot net>:
> How about something like "Really Secure Algorithm"? (I doubt
> people would confuse your program with the Republic of South
> Africa, usually abbreviated as "RSA," so there should be no
> further collision problems.)
>>From <snow at smoke dot suba dot com>:
> Call it Prince Cypher, the product formerly known as VGP.
A tip of the Tasty Hat to Peter S. Langston <psl at acm dot org> for this one. Further credit where due: Langston titled his email "Pretty bad publicity."
From Edupage (1997-01-05):
> Viacom, which owns the copyright to "Star Trek" products, is ordering
> Web sites to remove any Star Trek artistic renderings, sound files,
> video clips, and book excerpts they are now presenting. There is an
> official Star Trek site available on the Microsoft Network, available
> only to MSN subscribers. (Atlanta Journal-Constitution 3 Jan 97 F3)
(For a .gif image of the sort of letter Viacom has been sending see [29a].) An Infoseek search turns up 84,618 sites that contain the phrase "Star Trek," and 8,044 with this phrase in their title. That's a lot of Tribbles to stomp.
Riley Rainey <rrainey at ix dot netcom dot com> sent along a fine piece (titled Tasty Bits from the Astronomical Front) regarding the comet and the furor that erupted around it last November. Three days later the Red Rock Eater News Service carried an account of the affair by Paul Saffo, emphasizing that the Internet can be used to quash a rumor that happens not to be true, as well as it can be used to fan one.
Last November an amateur astronomer named Chuck Shramek took a photograph that had him puzzled: it seemed to show a "Saturn-like object" in the field of view with the comet. Shramek could not find any corresponding bright star with his PC-based "sky" software, MegaStar. Making the assumption that the unknown object was near the comet when imaged, Shramek concluded that this was a UFO four times as large as the Earth. He called a late-night national talk-radio show hosted by Art Bell and, as Rainey describes it:
> Lots of furor followed. The San Jose Mercury News covered it. MS-NBC
> covered it. Megabytes of netnews traffic. Outraged scientists. Out-
> raged conspiracy buffs. Outraged aliens...
[ Joe Bob says "Check it out." -- ed. ]
Russell Sipe <rsipe at sipe dot com> had been growing an award-winning site  devoted to the comet with contributions from its discovers, Alan Hale and Tom Bopp. Within a couple of days he had pulled together a definitive debunk  of the Saturn-Like Object: identifying it (it was the 8th-magnitude star SAO 141894), explaining its apparent ring-like spokes, and guessing plausibly why Shramek had failed to identify it using MegaStar.
The comet will make its closest approach to the sun in late March and its closest approach to Earth on April 1. It will then be about 100 million miles away. See  for help in visualizing Hale-Bopp's path through the inner solar system.
Microsoft Word macro viruses are on the rise. This URL  details six macro viruses that infect Word documents or templates; a further 152 are listed but not described in full. DataFellows sells products for Windows and OS/2 environments that detect and remove these viruses, as well as the numberless infinities of more conventional viruses tied to a single platform .
Today's TBTF title comes from a 17th-century sonnet by the English poet John Donne -- it seems especially appropriate in this pre-millenial time. Holy Sonnet number VII begins:
For a complete list of TBTF's (mostly email) sources, see <http://www.tbtf.com/sources.html>.
E.Commerce Today -- this commercial publication provided background information for some of the pieces in this issue of TBTF. For complete subscription information see <http://www.tbtf.com/resource/e.commerce-today.txt>.
Cryptography -- email email@example.com without subject and with message: subscribe cryptography [ firstname.lastname@example.org ] .
Edupage -- mail email@example.com without subject and with message: subscribe edupage Your Name . Web home at <http://www.educom.edu/>.
Red Rock Eater News Service -- mail firstname.lastname@example.org without subject and with message: subscribe . Web home at <http://communication.ucsd.edu/pagre/rre.html>. Email-based archive at <http://communication.ucsd.edu/pagre/archive_help.html>.
TBTF alerts you weekly to bellwethers in computer and communications tech- nology, with special attention to commerce on the Internet. Published since 1994. See the archive at <http://www.tbtf.com/>. To subscribe send the mes- sage "subscribe" to email@example.com. TBTF is Copyright 1996 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Commercial use prohibited. For non- commercial purposes please forward and post as you see fit. _______________________________________________ Keith Dawson dawson dot tbtf at gmail dot com Layer of ash separates morning and evening milk.