(A Javascript-enabled browser is required to email me.)
TBTF logo

TBTF for 1997-05-08: Touché

Keith Dawson (dawson dot tbtf at gmail dot com)
Thu, 08 May 1997 23:59:44 -0400


Threads Domain name policy
See also TBTF for
2000-04-19, 03-31, 1999-12-16, 10-05, 08-30, 08-16, 07-26, 07-19, 07-08, 06-14, 05-22, more...

IAHC Memorandum of Understanding signed; opposition swells apace

Last week 57 organizations signed [1] the IAHC's Memorandum of Understanding, an act which should have started the clock for implementing the IAHC's plan to reform the assigning of top-level domain names. But 21 groups and companies that had been expected to sign did not, among them two organizations represented on the IAHC itself. The ITU and the WIPO responded to pressure from the US and the EU and refrained from signing until their member states could consider the issues [2]. The main player behind the IAHC plan, the Internet Society, said on 5/6 that a rules committee is looking into alternatives to two features of the plan that the White House criticized last week. The rules committee will consider ways eliminate a lottery as the means of choosing registrars and will lift the maximum number of registrars, which was set at 28 in the MoU. Critics seized upon these after-the-fact concessions [3] as a sign that the IAHC plan is in retreat.

[1] <http://www.itu.int/PPI/press/releases/1997/itu-08.html>
[2] <http://www.news.com/News/Item/0,4,10345,00.html>
[3] <>

Threads Cryptography export policy
See also TBTF for
2000-02-06, 1999-10-05, 08-30, 08-23, 08-16, 07-26, 05-22, 05-08, 04-21, 03-01, 01-26, more...

Administration feints a relaxation of bank crypto export

The Clinton administration, in a move apparently intended to slow the momentum of the pro-crypto bills now making their way through both houses of Congress [4], [5], [6], announced a policy that will allow banks to obtain a one-time approval to export software that is limited to encrypting financial data [7]. This announcement doesn't actually change anything. Previous policy in theory required a case-by-case review, but in fact it's long been straightforward to obtain a crypto export license if the overseas customer was a financial institution. Today's announcement merely plugs a conspicuous hole in the January Export Administration Regulations -- the lack of any explicit exception for the financial industry. One poster to the Cryptography list called today's announcement "simply a public acknowledgment that [the administration] will look favorably on export requests to banks and that someday they'll try to draft specific regulations on the subject." An EPIC policy analyst called the move a "small step forward," as it does not address broader crypto needs such as email privacy.

[4] <http://thomas.loc.gov/cgi-bin/query/z?c105:H.R.695:>
[5] <http://thomas.loc.gov/cgi-bin/query/z?c105:S.376:>
[6] <http://www.wired.com/news/politics/story/3727.html>
[7] <http://www.zdnet.com/intweek/daily/970508a.html>


Windows Magazine de-lists MS Office 97 and MS Outlook

Windows Magazine has removed Microsoft's Office 97 and Outlook from its "WinList" of recommended products -- the first time in the publication's history that any product has been de-listed due to late-surfacing bugs and design flaws. (WinMag praises Excel 97, however, and it remains on the list.) Fred Langa, editorial director of CMP Media's PC group, writes in his "The Explorer" column in the June issue [8] that WinMag subjected Office 97 to real-world use, not just laboratory testing. Serious flaws emerged in Word 97 and Outlook, Microsoft's email/calender/PIM application. Word 97 is not backward compatibile with earlier versions of Word -- when asked to save a document in Word 95 format it writes a Rich Text Format file but names it ".doc." Anyone who has relied on RTF to move documents among different versions of Word (or worse, across platforms) knows that RTF does not preserve all formatting information, although that is its purpose. And Outlook, when used in conjunction with MS Exchange for email transport, causes major instability problems. A WinMag reviewer writes, "When I chose Word 97 as my e-mail editor, I encountered dozens of productivity-stopping, out-of-memory errors and system lockups I'd never had before." Langa summarizes the situation: "Top tier products don't break each other. We recommend you stay with Office 95."

[8] <http://www.winmag.com/library/1997/0601/analy035.htm>


Threads Microsoft security bugs and exploits
See also TBTF for
1999-08-30, 1998-02-02, 01-26, 01-19, 1997-11-17, 11-10, 10-20, 08-11, 06-23, 05-22, 05-08, more...

Microsoft IE security hole #9 exploits PowerPoint

Yesterday Andrew Smith <andrewsmith at earthlink dot net> discovered yet another way to craft a Web page to launch an arbitrary application on a user's Windows machine, using a convenience feature in PowerPoint. Following well-established tradition, Smith notified Microsoft and posted a page [9] describing the exploit. Today Microsoft sent Smith a fix and he verified that it corrects the problem. (The fix is available from [9a] or [9b].)

BugFound byDate MSIE vers.W-95 W-NTDamage Attacks via
#9 Andrew Smith 5/7 3 yes yes Can run arbitrary program on your PC PowerPoint presentation

Note added 1997-06-06: See this table for a summary of all Microsoft security exploits covered by TBTF in 1997.

[9] <http://home.earthlink.net/~andrewsmith/iehack.htm>
[9a] <http://www.microsoft.com/ie/security/powerpoint.htm>
[9b] <http://www.download.com/PC/Result/Download/0,21,0-27747,00.html>


Downloading Adobe PDF files considered hazardous

The German magazine c't has pointed out [10] a potential security hazard from downloading files in the Adobe Acrobat Portable Document Format. The new version (1.2) of the PDF spec widens a hole that was already present, especially for Windows machines, c't asserts. A hotlink in the text of a PDF file can execute an arbitrary program on the receiving machine; it's even possible for a downloading document to cause a program to run without user action. Adobe has informed c't [11] that the breach will be fixed in a new version of Acrobat Reader and Exchange, 3.0.1; users will be required to assent before any local program is run.

[10] <http://www.heise.de/ct/english/9706n1>
[11] <http://www.heise.de/ct/english/9706n2>


When crypto patents expire

The key discoveries underlying public-key cryptography date to the mid-1970s, and the U.S. patents protecting the technology are due to expire soon. When, exactly, takes a bit of figuring out: the U.S. entry into the GATT treaty modified some of the patent rules. Tim Dierks <tim at dierks dot org> cleared up the confusion in an article [12] posted earlier this year to sci.crypt. Here's a summary:

Name Number Filed Issued Expires
Diffie-Hellman 4,200,770 09/06/77 04/29/80 1997-09-06
Hellman-Merkle 4,218,582 10/06/77 08/19/80 1997-10-06
RSA 4,405,829 12/14/77 09/20/83 09/20/00
# oops, millenium bug

[12] <http://xp9.dejanews.com/getdoc.xp?recnum=13019054&server=db96q5&CONTEXT=863132947.24706&hitnum=3>


Cracks apPeering

The practice of freely exchanging traffic among ISPs -- called "peering" -- is beginning to creak and boom like the ice on a river in springtime. For some while now the largest ISPs, such as MCI and UUnet, have charged the smallest ones for carrying their traffic. Now it looks as if the midsized ISPs will have to start paying as well. UUNet Technologies recently informed a dozen midsized ISPs, including The Well, that it will begin charging them for access to its network [13].

[13] <>


An update on censorware

TBTF for 1997-04-04 [14]

Declan McCullagh's fight-censorship list recently carried a sampling of 11 email letters addressed to CyberSitter protesting the blockage of the authors' sites, which do indeed seem to be innocent of any objectionable material. If you'd like to judge for yourself the appropriateness of the sites that CyberSitter blocks, see this recently posted snapshot [15] of the entire blacklist. The American Library Association has issued interim guidelines for its members on the subject of blocking software [16] -- it recommends against implementing such software at this time. The ALA will revisit the issue once the Supreme Court rules on the Communications Decency Act this summer.

[14] <http://www.tbtf.com/archive/1997-04-04.html>
[15] <http://www.c2.net/~sameer/cybersitter.txt>
[16] <http://www.news.com/News/Item/0,4,10341,00.html>


Applets and animations, alive-alive-o

Stock images are easy to come by on the Web (see for example [17]), but where do you turn if you want to juvinate your Web site with a low-cost 3D model, animation, or Java applet? Soon you'll be able to browse and buy from StockObjects [18], a company that is out in front of a market it fervently hopes will materialize. StockObjects is being developed by the creators of Rhizome [19], an arts mailing list and Web magazine whose subscribers include a wide variety of freelance designers and modelers. (Any reference to Lucia's fictitious hometown Riseholme [20] is, presumably, unintentional.) You can register (for free) and explore the StockObjects site [21], but at this writing they don't have much content in place.

[17] <http://www.photodisc.com/>
[18] <http://www.wired.com/news/business/story/3718.html>
[19] <http://www.rhizome.com/>
[20] <http://www.amazon.com/exec/obidos/ISBN=1559212527/tbtfA/>
[21] <http://www.stockobjects.com/>


Next, positronic brains

[22], [23]
From Edupage (1997-04-20):

Protonic chips never forget: Researchers at the University of
New Mexico and Sandia National Laboratories are investigating
the use of protonic memory for making cheap forget-me-not
computer chips. In 1995, they noticed during experiments on
silicon wafers that protons deep within the wafers were re-
sponding to electrical signals on the surface. Research
showed the protons can be precisely controlled with standard
microcircuits -- and are thus able to store data. Protonic
chips won't need the fancy processing used in "flash" non-
volatile memory chips, and can operate at low power levels,
thus prolonging battery life in laptops. Protonic chips
currently are being tested at Texas Instruments. (Business
Week 21 Apr 97)

[22] <http://www.amazon.com/exec/obidos/ISBN=0553294385/tbtfA/>
[23] <http://www.dom.net/wrd/new/ref/asimov/>


Be kind

Ken Shan <ken at digitas dot harvard dot edu> is one trusting guy: he offers [24] to the entire Web the opportunity to edit his signature file. Have a go.

[24] <http://www.digitas.harvard.edu/cgi-bin/ken/sig>


Threads Open source software and the Linux OS
See also TBTF for
1999-08-16, 05-22, 03-26, 02-15, 02-01, 1998-11-17, 11-11, 11-03, 10-27, 10-12, 08-31, more...


Bill Gates invited 100 CEOs from leading companies worldwide to Seattle to discuss the future of technology [25]. As I write this I'm listening to the Vice President's keynote [26]; afterwards the executives will retire to Gates's 20,000-square-foot mansion [27], still under construction, for dinner. (One account I read claimed that the visitors will be required to cross a stone masons' picket line.)

Sun's CEO Scott McNealy wasn't invited, though it's not an arduous plane trip, and he can't figure out why. I offer as consolation this anecdote to demonstrate that Sun doesn't lose every battle with the Redmond giant. It was penned by Don Pardo <pardo at cs dot washington dot edu>.

I was at a barbeque/etc. party recently. This really happened:

Ruben: "So, I hear your company hired the guy who wrote Linux."

Me: "It's true."

Ron: "Hm, well my company [Microsoft] hired the guy who wrote Tetris."


Ruben (turning to Ron): "So when are you guys gonna start hiring people who know about operating systems?"

Note added 1996-05-09: Some background: Linus Tovalds, the creator of Linux, whose move from Finland to Silicon Valley was noted in TBTF [28], recently went to work for Sun -- at least he did according to an April Fools posting [29a], crafted by Liem Bahneman <roland at starfleet dot com> to resemble a Reuters news release. A number of people were taken in including your humble unpaid net.journalist, who duly reported the move as fact when this issue of TBTF was distributed in email form. Thanks to Greg Roelofs <roelofs at prpa dot philips dot com> for pointing out the egg on my face. You can find the story of Sun abandoning Solaris development to embrace Solinux in a number of places on the Web, most of them, such as these [29b], [29c], omitting Bahneman's "April Fools" note at the bottom.

[25] <http://www.audionet.com/video/netshow/ceosummit/>
[26] <http://www.pcweek.com/radio/0505/srzgore.ram>
[27] <http://www.morsepr.com/MMdocs/Bill.html>
[28] <http://www.tbtf.com/archive/1997-03-09.html>
[29a] <http://www.tara-lu.com/~jimb/aklug/0551.html>
[29b] <http://lucifier.rosprint.ru/lists/1997_04_01/Linux-Kernel/msg00211.html>
[29c] <http://www.pop-mg.rnp.br/portugues/servicos/listas/tec-l/msg00007.html>


bul April Fools is an unofficial American holiday observed on the first day of April each year. On this day it is accepted, indeed expected, that people in all parts of society will play elaborate practical jokes on one another and on the world at large. April Fools is the second most popular holiday among American computer professionals, after Halloween.


bul For a complete list of TBTF's (mostly email) sources, see http://www.tbtf.com/sources.html>.

bul E.Commerce Today -- this commercial publication provided background information for some of the pieces in this issue of TBTF. For complete subscription details see <../resource/E.CT.txt>.

bul Cryptography -- mail majordomo@c2.net without subject and with message: subscribe cryptography [ your@email.address ] .

bul FC -- mail fight-censorship-announce-request@vorlon.mit.edu without subject and with message: subscribe . Web home at <http://www.eff.org/~declan/fc/>.

bul Edupage -- mail listproc@educom.unc.edu without subject and with message: subscribe edupage Your Name . Web home at <http://www.educom.edu/>.

TBTF home and archive at <http://www.tbtf.com/>. To subscribe
send the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1997 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.



Copyright © 1994-2017 by Keith Dawson. Commercial use prohibited. May be excerpted, mailed, posted, or linked for non-commercial purposes.