(A Javascript-enabled browser is required to email me.)
TBTF logo

TBTF for 1998-03-02: Light work

Keith Dawson ( dawson dot tbtf at gmail dot com )
Sat, 28 Feb 22:49:02 -0400


Internet Council of Registrars burgled

Why those two servers, exactly?

This news is not exactly new, but the news may be that it has attracted so little notice. On Sunday 2/15, thieves broke into a Best Internet San Francisco co-location facility, cut a lock off a steel cage, and made off with two 200-pound servers being used to test the Shared Registry System [1] for the Internet Council of Registrars. CORE is nearly ready to go live with its long-debated evolution of the domain name system, in contrast to the US government's "green paper" solution [2], which is months from approval and probably years from implementation. According to a c|net account [3], CORE said its servers were stolen when a CORE worker scheduled to be at the facility called in sick. There was no sign of forced entry into the Best facility. The two Sun Enterprise 450 servers were not the most expensive equipment in the facility, but no other cages were disturbed. Local police are working on the case and the FBI and CERT were notified. Emergent Corp., which is contracted by CORE to operate the SRS, had the system back online on new servers within 30 hours. At the time of the burglary CORE was low-key and sought to dampen speculation. They promised to put up a statement on their Web site, but if they've done so I couldn't find it.

[1] http://www.gtld-mou.org/press/core-2.html
[2] http://www.tbtf.com/archive/1998-02-02.html#s01
[3] http://www.news.com/News/Item/Textonly/0,25,19220,00.html?pfv


Sun and Microsoft meet in court over Java

This one is going to take a little time

Sun and Microsoft kept their first court date [4] on 2/26, and U.S. District Judge Ronald Whyte declined to grant Sun an injunction forbidding Microsoft from using the name Java in its products. The judge took the question under advisement. As to when the case might actually be adjudicated, Sun asked for a trial date in April -- of 1999.

[4] http://www.internetnews.com/Reuters/sun.html


Throw down your crutches and encrypt

Two items on crippled crypto

bul Netscape crypto easily boosted to full strength

An Australian doing business as Fortify.net [5] is distributing a program for Unix and Win-32 (containing no crypto code) with which anyone can convert their export copy of Netscape Navigator into a US-strength, 128-bit version. Netly News coverage [6] paints the Feds pacing and gnashing their teeth over the development, which breaks no laws. At the Financial Cryptography conference in Anguilla, attendees ran a contest for the most compact perl code to effect this transformation ("Run this on your export version of netscape 4.04 to enable strong crypto!"). Ian Goldberg, who through his connection with the conference sports the world's coolest email address -- n@ai -- posted a 99-byte essay, only to be trumped by a Russian programmer who shaved it by 15 bytes. The result:

#!/usr/bin/perl -0777pi
s/(TS:.*?0)/$_=$1;y,a-z, ,;s, $,true,gm;s, 512,2048,;$_/es;

[5] http://www.fortify.net/
[6] http://cgi.pathfinder.com/netly/opinion/0,1042,1767,00.html

bul HP's VerSecure

HP has obtained government approval to export systems based on its VerSecure architecture [7], which uses expiring software tokens to assure that the crypto provided to each user meets local laws. (No shippping products are based on VerSecure, and any such products will be subject to a further government review.) The Commerce Department license allows HP to export VerSecure-based products only to the UK, Germany, France, Denmark, and Australia. HP's system envisions encryption in VerSecure-based hardware -- PCs, servers, cell phones -- only after a token exchange with a "Security Domain Authority" clears the scrambling. Imagine SDAs as networked encryption checkpoints run by approved organizations in each country. Each user would obtain a software token, expiring after one year unless renewed, that controls the strength of encryption and the availability of key-recovery features. Token policies would be based on the local laws prevailing in each country: for example, tokens distributed in France would activate a back door for law enforcement, because French law requires that feature. This Reuters story [8] quotes a Center for Democracy and Technology spokesman calling VerSecure a "Rube Golberg approach." (Our British cousins would say "Heath Robinson.")

How long before some hacker finds a way around the tokens to allow full-strength, un-escrowed encryption?

Thanks to Matthew D. Healy <healy at seviche dot med dot yale dot edu> for the story suggestion.

[7] http://www.techserver.com/newsroom/ntn/info/022798/info1_24794_body.html
[8] http://www.wired.com/news/news/technology/story/10620.html


Many hands make light work

OK, you can crack DES. How fast can you crack DES?

RSA has established an ongoing series of challenges [9] to break messages encrypted with 56-bit DES. Twice a year, on 1/13 and 7/13, the company will post a new challenge and will only pay a winner if the message is decoded faster than it was last time. If the new contest is beaten in less than 25% of the reference time, the winner gets $10K; 50% pays $5K, and 75% $1K. The first DES crack took 140 days on the calendar, but when RSA launched DES Challenge II they set the bar higher and established a reference time of 90 days. On 2/26 the message was decoded after 39 days by an anonymous participant working under the auspices of distributed.net [10]. The secret message was "Many hands make light work." Distributed.net offered thanks to RSA for the implied endorsement.

[9] http://www.rsa.com/rsalabs/des2/html/continued.html
[10] http://www.rsa.com/pressbox/html/980226.html


ISPs, hosts, and CSPs

Consolidations and realigning business models are the order of the day

bul RCN of Princeton, NJ, known mainly for its plans to wire city centers with fiber, is buying Virginia-based ISP Erol's and Massachusetts-based Ultranet [11]. The acquisitions give RCN 325,000 dialup customers on the eastern seaboard, and should provide rich fields for cross-selling once RCN gets their fiber alight.

bul Best Internet and Hiway Technologies announced plans to merge [12]. The companies say that one advantage of combining forces will be fail-safe access for their customers: Best (San Francisco) worries about earthquakes and Hiway (Florida) has hurricanes to contend with.

bul Netscape, smarting from competition with Microsoft, is floating a balloon about becoming a CSP (commerce service provider) [13] -- that is, hosting commerce sites for customers of their back-end software. Such talk is not going down well with Netscape's ISP and CSP customers, and first returns from the analyst community aren't entirely positive either. Representative quote: "It baffles me. It sounds like a desperate move."

[11] http://www.zdnet.com/intweek/daily/980224k.html
[12] http://www.news.com/News/Item/Textonly/0,25,19571,00.html?pfv
[13] http://www.news.com/News/Item/Textonly/0,25,19545,00.html?pfv


Teledesic puts up a test bird

It's only a test, but it's Ka band and it's broadband

Teledesic is the company planning to ring the world with satellites to make T1-or-better Internet access available at any point on the surface [14]. On 2/18 they launched an experimental satellite named "T1" [15]; the news was blacked out until 2/26. T1 is not a prototype of the satellites Teledesic is planning, it's merely a test bed operating in the Ka band (28.6 - 29.1 GHz) at E1 speeds (2.048 MBPS). Teledesic officially won the right to Ka frequencies last November [16]. T1 was put into orbit by a Pegasus rocket, launched from underneath an airborne L-1011. The service planned when Teledesic goes live, by the end of 2002, will be 2 MBPS upstream and 64 MBPS down.

[14] http://www.tbtf.com/archive/1997-09-08.html#s06
[15] http://www.news.com/News/Item/Textonly/0,25,19550,00.html?pfv
[16] http://www.techweb.com/wire/news/1997/11/1121skybridge.html


Iridium puts on a light show

Getting our entertainment where we can find it

These low-earth-orbit satellites will enable worldwide phone services beginning this year. Fifty-one are presently in orbit. It turns out that the satellites' antennas catch the sun and cause "flares" [17] visible from the ground. For minutes at a time the satellites brighten from magnitude 6 (binoculars required) to magnitude -2 or even -4 (brighter than Venus). This useful page provided by the German Space Operations Centre [18] will calculate for you the next seven Iridium flares visible from your location. (Their initial mission was to calculate and display appearances of the Mir satellite.) First you need to say exactly where on earth you are. Using the Census Bureau's Tiger Mapping Service [19] you can pinpoint a spot in the US to 4 decimal places of latitude and longitude, or within about 50 feet. Start at this atlas of place names [20] for rough coordinates that you can feed to the Tiger for refinement.

Note added 1998-03-04: Tom Szymanski wrote to point out an error (corrected above): 4 decimal places of latitude/longitude is about 50 feet, not about 6 feet as I had originally written. Szymanski also noted limitations to the accuracy of the Tiger Mapping Service: "The bottom line is that all digits after the 3rd decimal place are suspect." While Tiger's accuracy is sufficient for sighting Iridium flares, it can't pinpoint you much closer than about 300 feet. "Tiger maps were designed to keep census workers from getting lost, not surveyors." Szymanski quotes from the Tiger documentation:
Coordinates in Tiger files have six implied decimal places. The positional accuracy of these coordinates in not as great as the six decimal places suggest. The positional accuracy varies with the source material used, but at best meets the established National Map Accuracy standards (approximately +/- 167 feet). ... The Census Bureau can not specify the accuracy of [list of other information sources used to make Tiger maps].

[17] http://www2.satellite.eu.org/sat/vsohp/iridium.html
[18] http://www.gsoc.dlr.de/satvis/
[19] http://tiger.census.gov/
[20] http://www.ahip.getty.edu/tgn_browser/


Another new Mersenne prime

The Great Internet Mersenne Prime Search ferrets out M-37

The largest prime number now known is 2^23021377 - 1. It was discovered by Roland Clarkson, one of 4,000 current participants in GIMPS [21], using a Pentium box running code written by George Woltman (who is mersenne.org). This is the first Mersenne prime discovered using Scott Kurowski's Internet software and server [22], which coordinates the large number of volunteer computers. When last we visited GIMPS (see TBTF for 1997-09-08 [23]), the previous record-holder, M-36, had just been uncovered. This new Mersenne prime is only a tiny bit larger, relatively speaking, at 909,526 digits vs. 895,932. You can download the number itself [24] from mersenne.org. This file is, of course, about a megabyte in size.

[21] http://www.mersenne.org/3021377.htm
[22] http://www.entropia.com/primenet/status.shtml
[23] http://www.tbtf.com/archive/1997-09-08.html#s07
[24] http://www.mersenne.org/files/prime3.txt


Israelis demonstrate a tunable quantum observer

Half-looking at particles being waves

Researchers at the Weizmann Institute have demonstrated [25], and controlled, one of the strange everyday home truths of the quantum world -- that the act of observing something perturbs it. In this case, what is perturbed is the tendency of electrons to act like waves. The Israeli researchers have produced a tunable sensor that can watch which of two openings electrons go through. When the sensor is fully "alert," each electron provably goes through one opening or the other. When the sensor is not "looking," electrons go through both openings in a wavelike way and interfere on the other side. Such control over this basic quantum phenomenon could be important to devices built of quantum parts, for example the chips described in TBTF tor 1998-02-23 [26]. Thanks for the story suggestion to Eliyahu Skoczylas <eliyahu at photonet dot com>.

[25] http://www.iinsnews.com/sci/980226/98022625.html
[26] http://www.tbtf.com/archive/1998-02-23.html#s07


An operating system popularity meter

If they think you're technical, go crude

This page [27] reports the latest results of Alta Vista searches counting Web pages that make assertions such as "MacOS sucks" or "Unix rules." Right now Unix is way ahead in the Sucks/Rules ratio, and Linux is far ahead of Windows. This page [28], in contrast, dispenses with any pretense of fairness or sampling and baldly asserts that all operating systems suck.

[27] http://electriclichen.com/linux/srom.html
[28] http://www.io.com/~pde/os-suck.html


Auckland in the dark

When the power goes out for a week (and counting) in an El Nino summer

Peter Gutmann (who outed Microsoft's naked emperor of security -- see TBTF for 1998-01-26 [29]) is writing an ongoing account [30] of the anguish Auckland, New Zealand is going through after losing all power to the central city. Four cables all failed. Gutman is unsparing in his gaze at the recent practices of the power company, Mercury Energy, which has spent $300M on a failed attempted takeover of a rival energy company while eliminating excess capacity and waste of the sort that we might have referred to, in an ealier and less enlightened age, as safety margins. Some excerpts:

The following writeup is a (hopefully) more balanced view of what's going on than the one being provided through official channels.

The city of Auckland has... four 110kV cables feeding the central business district... The suspicion is that the El Nino summer has dried out and heated the ground so that vibration and ground movement (shrinkage) have damaged the cables.

Mercury ran an emergency feed for several miles over a string of poles, which had hardly been completed when the second cable failed. They then tried to force a full load over the remaining cables by management will-power alone, which unfortunately wasn't enough to overcome the basic laws of physics, and everything which was left failed as well.

I think I'll join the class action suits; the fact that the university machines are down means that I've had to use tin to read news for nearly a week, that's got to be worth several hundred thousand dollars compensation for mental anguish.

Q -- How many Aucklanders does it take to change a lightbulb?
A -- Does it matter?

[29] http://www.tbtf.com/archive/1998-01-26.html#s05
[30] http://www.kcbbs.gen.nz/users/peterg/power.txt


bul This week's TBTF comes to you a few days early, as I'm going to be out of IP reach for a while.


bul For a complete list of TBTF's (mostly email) sources, see http://www.tbtf.com/sources.html.

TBTF home and archive at http://www.tbtf.com/ . To subscribe send
the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1998 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.

space ______