US Government green paper on domain names
The plan by Ira Magaziner's committee pleases some, frosts many
The Commerce Department's long-awaited domain name plan is available . It proposes transitioning authority to oversee domain naming, the assignment of IP addresses, the registration of Internet protocol and port numbers, and the management of root servers from their current stewards (IANA and NSI ) to a new, US-based not-for- profit corporation with an international board of directors, over a period lasting from 6 to 30 months. The government contract with NSI under which that corporation acts as both registrar and registry for the existing global top-level domains (the proposal separates these functions) will end on 1998-09-30, after a 6-month extension permitted in the contract. NSI must hand over control of the root domain name server at a "date certain" to be negotiated.
The plan suggests that 5 new registries be selected and chartered as soon as possible by the Internet Assigned Numbers Authority. Each new registry would be granted exclusive control over one new TLD . The report solicits comments on what limitations might be placed on the pool of applicants, if any. Applying registries would have to meet technical, managerial, and legal criteria outlined in appendices to the report -- in particular they would need to define resolution processes in case of trademark disputes. Registries would be required to offer equal and open access to all registrars worldwide.
Three other notable facets of the plan:
The existing process for reforming domain naming, CORE , is not specifically mentioned in the government report, though many of the green paper's ideas came from CORE ; in fact CORE is among the biggest losers. The 88 entities around the world who each paid $10K to become CORE registrars seem to be out of luck, as do the individuals and companies who pre-registered names with the CORE registrars for the seven new TLDs whose future is now clouded. Emergent, the contractor with which CORE is working to build a registry database, would also seem to be a loser under the government plan, though presumably they have been paid for their work so far. Under the green paper plan, CORE and Emergent could apply to become a registry, but could only submit one of their proposed seven TLDs for consideration. All in all, the government gives greater credence to the companies that have lobbied to run registries for particular new TLDs, such as Image Online Design for .web and Iperdome for .per. But the green paper squelches the ambitions of those who favor a free-for-all marketplace in which anyone could create new TLDs.
I asked Dave Crocker, one of the original members of the International Ad Hoc Committee that led to CORE , to comment on the government green paper; his comments  are posted on the TBTF archive by permission.
The plan is being attacked as too US-centric  by European observers, who are especially invested in the Geneva-based CORE process. TechWeb  quotes David Maher, chair of CORE 's policy oversight committee, as saying the Clinton proposal is "too protective of NSI and other US interests." Maher said, "If this is treated as a US solution to US problems, people outside the US are not going to be happy. I think that's a very severe limitation on the viability of the [proposal]."
Here are other comments  by CORE on the green paper. Trademark holders are not happy ; they fear they will have to spend money to deal with numerous disparate registrars in order to protect their names.
A mostly sound summary of the user impacts of the green paper can be found on the igoldrush site .
The plan is open for comments (send to email@example.com) until at least the first week in March. The closing date for comments will be determined when the paper is posted to the Federal Register this week.
Wired muses  on the grand experiment in "freed software" on which Netscape embarked last week . It's an open question whether Netscape can engage developers enough to halt Navigator's slide in the browser standings, let alone whether the company will be successful in "herding the cats" on such a scale. (The question of whether Netscape will ever make money, albeit indirectly, from the giveaway is even more tenuous.) Advice should be easy to come by; I'm sure the central figures in the Linux, perl, and Apache worlds would be happy to offer guidance if asked. If fact Netscape has requested the councel of Eric S. Raymond <esr at snark dot thyrsus.com>, author of the influential paper The Cathedral and the Bazaar , on licensing terms, development models, developer relations, and so on. (Raymond hints that he has been asked to meet with other Silicon Valley CEOs on the same trip.)
Trying to put numbers on an amorphous market
The free software phenomenon is big and growing fast. It's inherently difficult to estimate the size of the Linux market because there is no central body controlling its distribution, and because the software is available for free download from numerous sites around the world.
First some recent numbers on the commercial competition. A new IDC
 indicates that Windows NT shipments outpaced commercial
Unix in 1997. Windows NT grew at 78% year-on-year, while Unix grew
at 15%. The numbers below presumably refer to installations of
NT Server, though the news.com article does not make a distinction
with NT Workstation.
NT Server 1300
Comm'l. Unix 717
In a SunWorld Online article
 on Linux support by Red Hat, one
of the Linux resellers, an IDG analyst estimated 1997 Linux
installations at 2 to 6 million, putting Linux on a par with the Macintosh:
NT Workstation 7+
Linux 2 - 6
(Another SunWorld article profiles Linux use in the business world
. Note especially the sidebar case study of a system
administrator who runs 72 print stations worldwide on Linux.)
An often-quoted source of Linux numbers is a year-old white paper
 by Bob Young, CEO of Red Hat. Young notes surveys by Unix
magazines that point to anywhere from 10% to
34% of their readers using Linux. Here are Young's estimates of the
number of Linux systems extant through 1996:
1996 3 - 5
In the SunWorld Online piece
 Red Hat's PR director estimates
that in 1997 there were between 5 and 7 million Linux systems
Let's work our way to a new estimate of the 1997 Linux population by other means. At a talk last week by Red Hat staffers at Softpro , Donnie Barnes estimated that 400K Red Hat CDs will be sold in 1998. In another context he mentioned that each major release has sold roughly twice as many copies as its predecessor. Taken together these factoids lead to a rough guess of 200K CDs sold in 1997. Figures from Softpro indicate that for 1997 the sales of all other Linux CDs combined added up to about 25% of Red Hat sales. Softpro doesn't carry all the avaliable CDs; in particular some brands that are big sellers in Europe are not represented. So let us hazard an estimate of 300K Linux CDs sold worldwide in 1997.
FTP downloads outnumber Linux CD sales, according to an ongoing survey at the Linux Counter  site. These data stretch back to 1994 and so obscure the increasing popularity of the Linux CD products. If we assume that FTP downloads outnumbered CD sales by 3 to 1 in 1997, we arrive at about 1.2 million Linux media kits. CDs typically get used for more than one installation, either by the purchaser or by someone she passes it to (there being no restriction on multiple use, of course). In the extreme case a system administrator might install scores of Linux machines from a single CD or FTP download . If we assume the multiple-use multiplier is 5 or more, we're in the realm of Red Hat's estimate of 5 to 7 million total Linux systems in 1997.
The company responds, though not officially, to a claim of basic security weaknesses
Microsoft has issued a reply  to the Peter Gutmann article ,  claiming basic weaknesses in Microsoft's handling and storage of cryptographic keys. It clears up some possible misunderstandings by Gutmann about which technologies are implemented in which Microsoft products, but to my reading does not address the basic vulnerabilities he outlines. The defense consists of assertions that real users wouldn't leave exported keys lying around on their hard disk (uh huh), that security is constantly being improved in Microsoft products (true but not helpful now), that the weaknesses apply only to Microsoft's "base" crypto implementations and not to any third-party package (so?), and that users shouldn't run an unknown applet that could mount these attacks in the first place. Microsoft's rebuttal correctly points out that security is as much a matter of policy and follow-through as of technology. But it's not too much to ask that the base crypto technology, which will end up being used out-of-the-box by the vast majority of Microsoft's customers, provide meaningful assistance to less knowledgable users in following sound security policies. For example the software shouldn't accept an easily-guessed password that can trivially be broken in a dictionary attack.
What used to be good advice about cross-platform color no longer works
This story is not news to those engaged in building cross-platform, cross-browser Web sites. The so-called "browser-safe palette" , a set of 216 colors which since the days of Netscape Navigator 2 has offered the best chance to get Web pages looking the same in Netscape and IE browsers, on Windows, Unix, and Macintosh, no longer works reliably in Communicator 4. For reasons unknown Netscape has changed the browser's dithering algorithms. The results are spelled out in all their unpretty detail on this site , whose principals have had no luck at all in getting Netscape to take this problem seriously.
This censorware is not only overbroad, it's also certifiably brain-dead
In TBTF for 1997-12-24 we looked at the broad-brush way Cyber Patrol blanks out large (and usually innocuous) swaths of the Internet. Now here's a look at CyberSitter which, besides being similarly overbroad, works its protective magic in a singularly deranged fashion.
A note on a mailing list for PerForce, a code source control product, reported a strange problem. When viewed from a particular NT machine, and only from there, two lines of code that should read:
#define one 1 /* foo menu */
#define two 2 /* bar baz */
were always corrupted so as to read:
#define one 1 /* foo me */
# fine two 2 /* bar baz */
It turns out that CyberSitter had been installed on that one NT machine. CyberSitter apparently works by patching the TCP drivers and watching the data flow over every IP connection, filtering out bad words. In the code fragment above, CyberSitter detected the word "nude" -- never mind the punctuation characters and the end-of-line -- and removed it from the stream.
This site  reproduces what it claims is the entire censor file for CyberSitter, reverse engineered from the product. Thanks to Dan Kohn <dan at teledesic dot com> and Keith Bostic <nev at bostic dot com> for news on this piece of bad software (and social) engineering.
Lawmen's use of the spectres of international terrorism, money laundering, drug dealing, and child pornography to curb the freedoms of the Net is an old story in the USA. Now it seems that such lawmen are getting to European politicians as well . A meeting of EU ministers in Birmingham, UK concluded that law enforcement should be given new powers to tap into email and electronic messaging. With appropriate safeguards, or course, dear boy. Britain is using its rotation in the EU presidency to push the establishment of a pan-European police force to be called Europol, and this body would serve as a fine clearing-point for intercepted cross-border messages.
The storied "RSA in four lines of perl" tattoo, in the flesh
It was the summer of 1995 when TBTF first noted  the urban legend of the RSA tattoo that would render its wearer deportation-proof. Now Keith Bostic <nev at bostic dot com> forwards this photo  of Richard White's bio-munition which, if photographs are to be believed, gives new meaning to the phrase "arms race." Though perhaps the perl should have been rendered in barcode to make it machine readable.
Lie down with trains, get up with fiber cuts
A flurry of messages flew across the NANOG mailing list -- a vehicle by which North American network operators keep the Internet running -- yesterday evening: a massive fiber cut had dropped Europe out of sight from many east coast US locations. The explanation came in due course:
Did you know? The Details page  lists all manner of fascinating minutiae about TBTF, including privacy and anti-spam policies, trends, emendations, credits, some history, and the tools I use to develop and maintain the site.
TBTF home and archive at http://www.tbtf.com/ . To subscribe send the message "subscribe" to firstname.lastname@example.org. TBTF is Copyright 1994-1997 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com- mercial use prohibited. For non-commercial purposes please forward, post, and link as you see fit. _______________________________________________ Keith Dawson dawson dot tbtf at gmail dot com Layer of ash separates morning and evening milk.