Power grab in namespace
The organization proposes to propogate an alternate domain-name service, with the root servers run by itself instead of by IANA. There would be less mechanism and red tape for ISPs who want to issue and develop new top-level domains. A total of six ISPs to date have come out in support of the plan, out of the many thousands worldwide. Another supporter is Image Online Design, the company that recently sued IAHC and IANA over the .web domain . If eDNS gains wide support, the result will be a schism of the Internet's name space. In the worst case identical names could be issued by registries on each side of the divide; users would be able to get to some addresses, but not others, depending on which root DNS their ISP consulted.
See the eDNS home page  for details on their point of view. Yahoo carried an eDNS press release  apparently verbatim. This TechWire page  provides a more balanced view. Beyond these pieces press coverage has been slim to nonexistant. Controversy over eDNS has been boiling furiously for weeks in newsgroups and on the IAHC's discussion list -- for example, this archive  lists 750 messages since the first of March.
Neither the IAHC nor the IANA has made any public response to the eDNS push. I called IAHC member Dave Crocker <dcrocker at imc dot org> to ask why. He responded "We've been focusing on doing our job. The fact that some people wish independently to do a similar job is unfortunate but seems to me best left outside of our concern. The marketplace will decide." Crocker said he is quite pleased with the technical quality of the work the IAHC has managed to do, on a volunteer basis and under tight time constraints. He added, "Many people don't perceive the complexity of the problems, so to them [our plans] might look overblown" and the simpler-seeming eDNS scheme might appeal.
Thanks to Marcia Blake <mblake at optocomm dot com> who first alerted me to eDNS.
Microsoft scrambles to close loopholes in software and image
|||Paul Greene||2/27||WPI||3.0, 3.01||yes||4.0|
|||David Ross||3/4||UMD||3.0, 3.01, 3.01a||no||4.0 with|
SP 1 or 2
Microsoft now has a patch  available for download that fixes all three bugs.
The WPI bug  (also called Cybersnot, after the domain name at which it was published) exploits the surprising fact that a remote machine can directly access and run Windows "Shortcuts" -- .LNK or .URL files. This bug is the most widely dangerous of the three. The second bug , called UMD, as demonstrated requires the user to double-click on an icon imbedded in a Web page; this action can run a program on the client machine. Machines in networks behind firewalls are not vulnerable, so the bug affects far fewer machines than the original one. The MIT bug  uses .ISP files, yet another flavor of automatically executable objects in the Microsoft environment, this one intended to help users sign up for Internet service. (Per- haps characteristicly, the MIT page sniffs at the weak "exploit" examples developed by UMD.)
When Microsoft first posted a patch to the WPI bug, an Israeli computer security / antivirus company, EliaShim, saw an opportunity to add value (and get lots of publicity and names for their database). The effect of the Microsoft patch is to warn the user if s/he is about to download a Shortcut. EliaShim has posted a stronger patch that unilaterally prevents the download of a Shortcut. (You can download the patch, called IE-SAFE, here  -- but note that EliaShim collects contact information from you before letting you download, a move I consider borderline sleazy.) EliaShim claims that the bug affects not only IE, but also Microsoft's Internet Mail and Internet News applications running on Win 95 and Win NT, a claim which Microsoft doesn't quite deny.
A blizzard of news coverage followed the first bug's announcement: by the morning of 3/4 the story had spread from seven Net news organizations to page 1 of the New York Times, above the fold. Coverage has tailed off rapidly with the drumbeat of new discoveries; the news value of "more of the same" has a perilously short half-life. This is a shame, because the real story is in the pattern. As the UMD discoverer David Ross noted, these bugs all result from the expedited push to integrate the Internet Explorer with the traditional Microsoft desktop. The desktop was designed to be private. Networks aren't private.
Thanks to Dan Kohn <dan at teledesic dot com> for the URL .
If you're in the mood for an anti-Microsoft rant of uncommon eloquence, Walker can supply that too .
Thanks to Keith Bostic <bostic at bostic dot com> for the word on this delightful service.
Here, again from the TidBITS newsletter, is part 2  of Stuart Cheshire's <cheshire at cs dot stanford dot edu> essay on the effects of latency in communication networks. This part explores how bandwidth can be used more efficiently and how it affects a connection's overall latency. These articles were adapted from Cheshire's white paper  "Latency and the Quest for Interactivity," commissioned by Volpe Welty Asset Management, L.L.C.
By now you may have heard the term egosurfing, which appeared in Wired's Jargon Watch column some months ago. Egosurfing is the act of feeding your own name to the search engines and visiting the resulting hits. I'd like to propose a related term that rises from a deeper stratum. Idsurfing is the practice of pulling search-engine hits from your own Web site's referrer log file and feeding the successful query strings to a browser. In its aggrevated form, which we can call extreme idsurfing, you watch the log with the Unix command tail -f and backtrack your visitors' clickstreams in real time. Don't have immediate access to your logs? Then pay a visit to Magellan's Search Voyeur page , which displays a random selection of the strings the search engine's visitors feed it, refreshed every 20 seconds. (What a great venue for changing advertising.) You can click on a string that interests you to reissue the same search for yourself.
Once the hip-to-the-net-compared-to-much-of-the-rest-of-Europe
Netherlanders and the French start using spamming programs,
I'm looking forward to seeing the entire email-using popula-
tion of the north american continent being spammed with junk-
mail for services they don't want in countries they've never
heard of, written in languages they can't even read.
Revenge will be so sweet.
As a special favor to the spammers, I have placed their message  on the TBTF archive without permission.
E.Commerce Today -- this commercial publication provided background information for some of the pieces in this issue of TBTF. For com- plete subscription details see <../resource/E.CT.txt>.
TidBITS -- mail firstname.lastname@example.org with no subject and with message: subscribe TidBITS Your Name . Web home at <http://www.ctidbits.com>. Web archive at <http://www.tidbits.com/tb-issues/default.html>.
0xdeadbeef -- mail email@example.com without subject and with message: subscribe .
TBTF home and archive at <http://www.tbtf.com/>. To subscribe send the message "subscribe" to firstname.lastname@example.org. TBTF is Copyright 1994-1997 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com- mercial use prohibited. For non-commercial purposes please forward, post, and link as you see fit. _______________________________________________ Keith Dawson dawson dot tbtf at gmail dot com Layer of ash separates morning and evening milk.