(A Javascript-enabled browser is required to email me.)
TBTF logo

TBTF for 1997-08-18: Know when to hold 'em

Keith Dawson (dawson dot tbtf at gmail dot com)
Sun, 17 Aug 1997 23:31:29 -0400


  • Show me the money -- Quick, name the largest software companies

  • Lasing the blues -- For three decades researchers have quested after the blue laser; it's now in sight

  • Tasty bits at lunchtime -- What are the best restaurants for the amateur industrial spy?

  • Bluffers -- Instant expertise is yours in a campy series of books from England

Crack-a-Mac Challenge broken, then reinstated

Note added 1997-08-18: The vulnerability exploited in this crack was in Lasso, a CGI database interface to FileMaker Pro. Blue World, the developers of Lasso, not only fixed the bug within 24 hours -- on a Sunday -- but also offered to underwrite the entire cost of the 100,000-kroner prize. With the Lasso fix in place, Joakim Jardenberg has reopened the Crack-a-Mac challenge. See [0] for details.

Joakim Jardenberg <joakim at infinit dot se> opened a challenge to all the world's hackers called "Crack-a-Mac, the Next Generation" [1] on July 4. (A previous Crack-a-Mac challenge had gone unbroken [2].) On Sunday 8/17 he declared: "The challenge is off due to what looks like a perfectly successful crack" by an Australian hacker called Starfire <Starfire at bellair dot net>. Jardenberg is not releasing details of the crack, which do not affect either the MacOS or the WebSTAR server, because no fix is available. Apple's Chuq Von Rospach <chuqui at plaidworks dot com>, who knows details of the attack, called it "subtle, non-obvious, and a real gem." Jardenberg and Von Rospach said that the crack is dependent on site configuration and would affect comparitively few sites. Jardenberg writes on the challenge's top page, "Puhhh, what a lousy way to wake up..." Here is his email.

From: Joakim Jardenberg <joakim at infinit dot se>
Subject: Yes! Crack a Mac is cracked!

Howdy Folks!

Bad news. Around 07.30 (GMT+0200) this sunday morning the
Crack a Mac challenge was cracked. At this time we can not
reveal the method that was used, as there is no fix for the
problem yet!

We will return with more public info as soon as there is a

Worried Mac webmasters with a setup that is similar to the one
used at the Crack a Mac server can send a private mail to
jokim@infinit.se with brief information about their setup and
if they are in the "danger-zone" they will receive a mail with
an outline of the problem.

Hope you understand that it is for everyone's safety that we
are careful about this info...

The Cracker is a wise and friendly guy from Australia, who
really deserves the 100.000 kronor.

The cracked page is available from the server:

Best regards


Here is the message that Starfire added to the challenge's home page to claim the 100,000-kroner prize:
Ogle This:

This has been quite a challenge.

But then what would you expect from a Mac. The OS is Rock Solid
and enthroned on a pretty funky system.

I will hopefully own one very soon....

Once the appropriate considerations have been addressed by the
administrators of this site, I hope they will continue the quest.
They have every reason to be confident...

Perhaps APPLE will take the hint and support people like Joakim.
He and his current sponsors richly deserve a pat on the back.
Few people have the guts to pull it off...

ps: You know I can't answer the obvious, so please, don't ask.



[0] http://www.tbtf.com/index.html#tbotoday
[1] http://hacke.infinit.se/
[2] http://hacke.infinit.se/old/resumeng.html

Threads Cryptography export policy
See also TBTF for
2000-02-06, 1999-10-05, 08-30, 08-23, 08-16, 07-26, 05-22, 05-08, 04-21, 03-01, 01-26, more...

PGP 5.0 legally escapes US export restrictions

The US crypto export policy, which has lately been looking more and more like a Swiss cheese, last week took on the semblance of an aerogel [3]. On 8/11 at Hacking in Progress 97 [4], a hackers' gathering convened on a campground near Amsterdam, European hackers completed the first phase of the PGP 5.0i project: they posted a perfect copy of PGP 5.0 source code on the Net [5]. (This is the Unix command-line version -- Windows and Macintosh variants will be completed in the coming weeks.) The source code was exported from the US legally, in the form of a 6,000-page book -- US restrictions on crypto export exempt material in printed form. Ståle Schumacher <stale at hypnotech dot com>, maintainer of the International PGP Home Page in Oslo, Norway, coordinated a team of offshore workers who scanned, proofread, and compiled the code. The story has been picked up by ZDNet [6] and by InfoWorld [7]. Bruce Schneier, author of Applied Cryptography, said of the exploit: "Inherently you can't protect data with a national boundary. Export systems do not work -- encryption software has been out in the public domain for a long time."

[3] http://www.lbl.gov/Science-Articles/Archive/aerogel-insulation.html
[5] http://www.ifi.uio.no/pgp/download.shtml
[6] http://www5.zdnet.com/zdnn/content/zdnn/0812/zdnn0006.html
[7] http://www.infoworld.com/cgi-bin/displayStory.pl?970814.wcrypto.htm


Dispatches from IETF Munich

Rodney Thayer <rodney at sabletech dot com>, security consultant and stalwart of the Digital Commerce Society of Boston, was in Munich [8] last week at the thrice-yearly meeting of the Internet Engineering Task Force [9]. By special arrangement TBTF carried his dispatches from that front each day. The conference began breaking down its systems at noon on Friday so Thayer's final dispatch hasn't arrived as this issue wraps; it will appear soon as a Tasty Bit of the Day. The entire week's reporting on the folks who define the Net resides on the TBTF archive [10] by permission.

Day 0: The scene
Day 1: The games begin
Day 2: Are you in possession of Digital Identity Hash?
Day 3: Ssh. People are watching the network!
Day 4: Them vs. us -- or, strange bedfellows
Day 5: (not yet)

[8] http://www.city.net/countries/germany/munich/
[9] http://www.ietf.org/meetings/Munich.html
[10] http://www.tbtf.com/resource/ietf-munich-rt.html


Show me the money

Quick, who's making the most money selling software? Bet the first companies to mind were Microsoft and Oracle, in that order. They are actually numbers two and five on the list. Only three pure-play software companies (the other is Novell) make the top ten. They're outgunned in the software market by companies offering their customers enterprise-scale services and integration, and in some cases iron as well.
From Edupage (1997-08-14):

The ten leading companies in software revenue last year were
(in descending order): IBM, Microsoft, Hitachi, Computer
Associates, Oracle, Fujitsu, SAP, Bull HN Information Systems,
Digital Equipment Corporation, and Novell. And of the top
thirty companies, 37% are in California, 13% in Massachusetts,
10% in Pennsylvania, 7% in New York, and 33% in other states,
provinces, and countries. (Investor's Business Daily 13 Aug 97)


Lasing the blues

Most commercial lasers you encounter day-to-day (those in CD-ROM readers, for example) radiate in the infrared. For more than three decades researchers have pursued the dream of the blue laser -- a semiconductor that emits continuous pure blue light at room temperature. Blue laser light, higher in frequency and shorter in wavelength than infrared, could record and read data in smaller areas. A current-day CD-ROM device constructed with such a laser could store 2.7 GB, and a DVD device 28 gigs, with no other changes in the mechanism.

Scientific American reports [11] that a Japanese researcher of almost legendary stature among his peers, Shuji Nakamura of Nichia Chemical Industries, has demonstrated a gallium nitride laser that produced light for over 100 hours. (Rather a showman, Nakamura used one of his blue lasers as a pointing device at a scientific conference.) Nakamura hopes to achieve a commercial-grade laser capable of 100,000 hours of operation by 1998.

[11] http://www.sciam.com/0997issue/0997techbus2.html


Tasty bits at lunchtime

This note from Allan Hurst <allanh at supportnet dot com> purports to finger the best restaurants in Silicon Valley for lunchtime intelligence gathering. Got any other favorites? (I sense another TBTF feature in the making.) Remember, the emphasis should be on a restaurant's industrial espionage potential; other considerations, such as ambience, good food, or speedy service, are secondary.
Over the past ten years, I've gotten some of my very best --
read: "most accurate" -- information having lunch in Cuper-
tino. Sitting around outside at Erik's DeliCafe on Stevens
Creek in Cupertino, having a leisurely solo lunch while read-
ing a newspaper, can be MOST informative. Chili's and Uno's
down the street aren't bad for information gathering, either.
Ditto Fresh Choice (at Vallco Fashion Park) and The Pepper-
mill (on DeAnza).

Companies oft-overheard in the Cupertino area include Apple,
Tandem, HP, Microsoft, and Symantec. Chip-level hardware in-
formation (e.g., Intel, NatSemi, Cirrus, etc.) can often be
overheard at the McDonald's on Lawrence Expressway or the
Carl's Jr. on Bowers, both in Santa Clara. Very occasion-
ally, interesting corporate level tidbits can be overheard in
the evening at Chef Chu's, in Los Altos.

P.S. -- For years, the McDonald's on Lawrence was hysterical
during lunchtime. Their french-fry timing computer had an
electronic beeping tone that sounded so much like a Motorola
pager that multiple people in line could be see grabbing at
their beepers every time a new batch of fries was ready.
They've long since changed out the french fry timing computer
for a new automated fry-robot which is comparatively silent.
What they lost in audio atmosphere they gained in geeky spec-
tatorship, as customers in line stare at the fry-bot, utterly
mesmerized by its movements. The interaction of people and
technology never ceases to fascinate me.



One cultural innovation from England that deserves to spread more widely is a series of diminuitive books called the Bluffer's Guides. They run about 60 pages and £3. You won't find them in most local bookstores in the US. (My local bookstore stocks the Guides [12], but then my home is on the Net.) W.H.Smith or Waterstones may carry them in the physical world. (Smith is still working on their Web site [13], while Waterstones' is well developed [14].) Each slim volume in the Bluffer's Guides series -- there are over 50 of them -- attempts to convey enough of the buzzwords and context of its particular topic to allow the reader to pass as an expert in casual conversation. Topics range from Advertising, Antiques, and Ballet through Skiing, University, and Wine. The booklets are constructed to a simple formula. Each section begins with an admirably pithy definition of its term and then proceeds to skewer and slather its subject in robust post-Python style. If you were to read only the opening paragraph of each section, you would discover embedded within each Guide an even smaller tract that illuminates its subject thoroughly and concisely. Consider these examples from "Bluff your way on the Internet" [12].
Understanding URLs:

URLs contain similar cryptic sequences of letters to e-mail
adresses (.kwiknet.co.uk etc.) but are easy to tell apart. An
e-mail adress always has the @ symbol in the middle and no /
marks. A URL never has an @ and, apart possibly from the home
page, will be full of / marks. Indeed, a URL can sprawl over
several lines: the computer where the site resides may store
hundreds of thousands of files, and the / marks help it to
sort the files into groups.

Using Newsgroups:

On screen, a newsgroup looks like a catalog of titles. You
click on one which looks interesting to view the text of that
particular posting. Successive postings in reaction to each
other can result in a discussion straying somewhat from the
original topic. Titles such as "Re: Lewd acts with vegetables
(was: Recommendations please for best CD of Mahler's Fifth)"
are common.

The people responsible for the Bluffer's Guides reserved the name bluffers.com a year ago but have not put up a Web page. After publishing [12] I don't see how they could.
Note added 2002-11-29: I received this note from Tobias Steed of Oval Books:
Thank you for your kind words about The Bluffer's Guides on your web site.

I... am happy to tell you that we have had a considerable web presence for the last two years: www.bluffers.com or www.ovalbooks.com. You may also be interested to know that the titles are now available in the US through our US distributor Globe Pequot Press and therefore more readily available through amazon.com and on the internet retailers as well as Borders and select other stores. Individuals can order from Globe on 1-800-243-0495.

[12] http://www.amazon.com/exec/obidos/expert-query/tbtfA/
[13] http://www.whsmith.com/
[14] http://waterstones.com/


none Today's TBTF title comes from a Kenny Rogers song about poker, a game singularly in tune with the American character, and the natural habitat of the bluffer. Tonight the Internet let me down (as another country/western title has it): I could not turn up the song's author or title on the Web and had to fall back on good old-fashioned telephonic friendware. (Thanks, Greg and Val.) The song is called The Gambler [15], [15a].
Note added 1997-08-18: Ken Deifik <kend at loop dot com> sent this poignant correction to my mistaken assertions about The Gambler.
The song The Gambler is not from a movie. It was written by Don Schlitz in 1978. It was Don's first hit, though he went on to become one of the most successful songwriters of the 80's, and is still quite active. The song was cut by Bobby Bare on RCA and by Don, himself, on Capitol before Kenny Rogers cut it in mid 1979. Kenny changed the melody ever so slightly and made it a standard. The song was so successful that a TV movie and a series of sequels were made BECAUSE of it.

I knew Don Schlitz when he was still a struggling writer. He worked nights at the Vanderbilt University computer center, where I would visit him. He did some kind of work tending to the mainframes. The very last time I saw him was the day Kenny Rogers cut the Gambler. He had just come from the session and felt that Kenny had done a hell of a job. I have not been back to Nashville since 1979, and hence haven't run into him since.

[15] http://www.lyrics.ch/cgi-bin/normal.pl?exact=on&artist=Kenny+Rogers&album=Non+Album+Tracks
[15a] http://swamp.ntr.net/guitar/r/rogers_kenny/the_gambler.crd

none Going to a technical conference or trade show that would interest TBTF readers? Email me before you leave if you're willing to write daily dispatches for this newsletter.

none I dislike spam as much as you do, and I don't want to make it easy for the spammers' address-hoovering tools to collect victims' contact information from the TBTF home and archive. (Note that no reader has complained about this to date.) On the other hand, I want to make it possible for members of the TBTF community privately to contact people mentioned in the articles, should they want to. For these reasons I've started a new convention on the Web site when referencing the email addresses of correspondents, informants, or participants in the stories that appear in this newsletter: I add plausible obfuscation to each such address, except for my own. (This doesn't apply to the retro-push edition.) It works like this:

Email address as it appears in TBTF: <doyle at cs dot und dot edu>

Actual email address: <doyle@cs.und.edu>

Thanks to Tad Staley <tstaley at msn dot com> for this suggestion, and more generally for pointing out the very existence of "the TBTF community." Hmm. Consequences will flow from this insight.


none For a complete list of TBTF's (mostly email) sources, see http://www.tbtf.com/sources.html.

none Edupage -- mail listproc@educom.unc.edu without subject and with message: subscribe edupage Your Name . Web home at http://www.educom.edu/ .

TBTF home and archive at http://www.tbtf.com/ . To subscribe send
the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1997 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.



Copyright © 1994-2017 by Keith Dawson. Commercial use prohibited. May be excerpted, mailed, posted, or linked for non-commercial purposes.