(A Javascript-enabled browser is required to email me.)
TBTF logo

TBTF for 1998-10-12: Fiber bites

Keith Dawson ( dawson dot tbtf at gmail dot com )
Tue, 13 Oct 02:42:11 -0400


Contents


Microsoft legal news

It's been a long time since the last TBTF and we have a deal of catching up to do. Let's get to it.

bul Trial delayed

On 9/14 the judge hearing the Microsoft antitrust case rejected the largest US corporation's [1] bid to throw it out of court. Judge Thomas Penfield Jackson did dismiss one of the charges filed by 20 states [2]. He cited recent legal precedent against the idea of "leverage" in antitrust cases -- rejecting the states' allegation that Microsoft tried to leverage its Windows monopoly for competitive advantage in the market for Internet browsers. The judge let stand a similar charge in the DoJ's case that does not rely on the leverage argument.

In separate action, Judge Jackson allowed a request by both sides for a 3-week delay in the trial's start date, to October 15.

ZDNet's coverage [3] stresses new revelations from Microsoft executives' email messages, formerly under seal, which peppered the judge's 54-page ruling [4].

bul Witnesses swapped

On 10/6 the Justice Department swapped in two new witnesses (keeping to the limit of 12) and Microsoft followed suit [5] later in the week, asking the judge for a 3-week delay to depose the new players. (But a Microsoft lawyer said what the company really needs is a "more normal" schedule, leading to a trial date next year.) On 10/9 Judge Jackson granted a further delay of only four days, to October 19 [6].

bul Give me your papers

Also last week, Microsoft filed a motion to obtain from two university professors the tapes and transcripts of interviews with Netscape employees who admit to mistakes that led to the company's decline. The interviews are quoted in a not-yet-released book, Competing on Internet Time, by Michael Cusumano of MIT and David Yoffie of Harvard. On 10/9 a judge in Boston turned down this request [7]. The book had been slated to go on sale in January, but Simon & Schuster moved up its release to later this month.

bul And other stories

Finally, the NY Times has the best coverage of Microsoft's other legal woes [8] (free registration and cookies required) -- separate lawsuits filed by Sun, Caldera, and Bristol Technologies, a Rhode Island company alleging unfair trade practices in Microsoft's licensing of Windows NT.

[1] http://www.mercurycenter.com/business/top/011263.htm
[2] http://washingtonpost.com/wp-srv/WPcap/1998-09/15/013r-091598-idx.html
[3] http://www.zdnet.com/zdnn/stories/zdnn_smgraph_display/0,4436,2137487,00.html
[4] http://www.dcd.uscourts.gov/98-1232f.html
[5] http://www.thestandard.com/articles/article_print/0,1454,1985,00.html
[6] http://www.computerworld.com/home/news.nsf/all/9810095ms
[7] http://www.washingtonpost.com/wp-srv/WPcap/1998-10/09/081r-100998-idx.html
[8] http://www.nytimes.com/library/tech/yr/mo/...

space ______

Linux company Red Hat gets investment

Don't be surprised if similar announcements come from other open-software vendors

On 9/29 Red Hat Software announced equity investments from Intel, Netscape, and venture capital firms Benchmark Capital and Greylock [9]. Red Hat provides documentation, customer support, and tools to help users install and modify the freely distributed Linux operating system. This funding will help the company serve its corporate customers who demand accountability and 7x24 service as a part of their Linux purchase.

[9] http://www.techweb.com/wire/story/TWB19980929S0013?ls=twb_text

space ______

JavaScript privacy bugs hit Netscape, then Microsoft

Guard your privacy from Cache Cow and the Cuartango Hole

Dan Brumleve wrote with word of a new vulnerability he had discovered in all versions of Netscape Navigator. (Internet Explorer is immune.) See the exploit page [10]. The exploit, which Brumleve calls Cache-Cow, captures the entire browsing history of the victim's copy of Navigator, including all form data that has ever been sent via the GET method -- including any passwords. The exploit uses JavaScript to compromise all versions of Navigator prior to 4.06; a slightly reworked version of the CGI script [11] fells 4.06 as well.

According to one security researcher, the same vulnerability can be exploited via email. This means your browser cache could be stolen if you simply read an email message.

Netscape acknowledged the Cache-Cow vulnerability [12] and released version 4.07 of Navigator and Communicator to fix it. Five days later Brumleve posted Son-of-Cache-Cow [13] (Cache-Calf?). It steals the cache off of 4.07 in exactly the same way. Netscape has acknowledged [14] this one too, calling it the Injection Bug. Unlike the earlier acknowledgement [12], this one does not mention Brumleve by name. Perhaps they're getting annoyed with him.

A more serious security threat affecting Internet Explorer 4.01 was discovered by Web developer Juan Carlos Garcia Cuartango. Using the Cuartango Hole [15], an attacker can steal any file off your disk for which the name and location are known or can be guessed. Here is the discoverer's exploit page [16]. Microsoft has confirmed the problem and is working on a fix, Wired reports [17], but I couldn't find any mention of Cuartango on Microsoft's security site [18].

[10] http://www.shout.net/~nothing/cache-cow/
[11] http://www.shout.net/nothing/view-cache-cow-4.06.cgi
[12] http://home.netscape.com/products/security/resources/bugs/brumlevecache.html
[13] http://www.shout.net/~nothing/son-of-cache-cow/index.html
[14] http://home.netscape.com/products/security/resources/bugs/injection.html
[15] http://www.wired.com/news/news/technology/story/15530.html
[16] http://pages.whowhere.com/computers/cuartangojc/cuartangoh1.html
[17] http://www.wired.com/news/news/technology/story/15459.html
[18] http://www.microsoft.com/security/

space ______

Microsoft patches "Cross-Frame" security hole

Fixing a problem before we knew there was one

Eric Scheid forwarded this tidbit from the TidBITS newsletter. Internet Explorer versions 3.x and 4.x on Windows and Macintosh is susceptible to what Microsoft is calling the Cross-Frame Security Bug [19]. In all cases the supplied patch works on 4.01 versions of the browser; users of earlier versions are advised to upgrade and then to download the patch. The bug would allow an attacker to access files on local disks [20]. Under Windows, any program that uses the IE HTML engine (such as Quicken and Eudora) would also be vulnerable until the IE patch was applied.

[19] http://www.microsoft.com/ie/security/?/ie/security/xframe.htm
[20] http://www.microsoft.com/ie/security/xframe-details.htm

space ______

Access to government cookies denied

Putnam Pit publisher, punted, plans appeal

TBTF for 1997-11-24 [21] brought you news of Geoffrey Davidian's lonely fight against the forces of darkness in the town of Cookeville, Tennessee. Davidian, publisher of a local muckraking newspaper, brought suit in federal court after being denied access to browser cookie files from the town government's computers. Davidian wanted to check whether public servants were accessing pornography on the public's nickel, he said. In late September U.S. District Judge Thomas Higgins dismissed the publisher's lawsuit but left the legal question of whether cookie files are public records up to the state [22]. (Those who prefer sites that don't force-feed cookies can read coverage here [23].) Davidian has said he will appeal the decision.

[21] http://tbtf.com/archive/1997-11-24.html#s07
[22] http://www.nytimes.com/library/tech/98/09/cyber/articles/29putnam.html
[23] http://www.techserver.com/newsroom/ntn/info/100298/info6_1881_noframes.html

space ______

Followup: Congressional hypocrites

Flash! politicians behave hypocritically. Film at 11

If you haven't done so, please visit the 284 Most Hypocritical Members of Congress page [24]. For two days after the previous issue [25] came out this page was linked from Slashdot [26] ("News for nerds. Stuff that matters.") and the TBTF site enjoyed its busiest day ever by a factor of more than two. (The archived discussion is here [27].) Memo to Rob Malda, a.k.a. Cmdr. Taco, the proprietor of Slashdot: you're sitting on a gold mine there, and I hope you know it, and I hope you thrive. The meme [28] that it may be considered hypocritical to vote for the Communications Decency Act and then to vote to release the Starr report has gotten wide currency. The page was linked from a number of conventional news sites including PC Week, and also from a number of sites with which I wouldn't ordinarily wish to be associated (First Amendment politics making for the strangest of bedfellows).

I'm delighted to report that the Hypocrites page is now getting hits from users searching for the names of particular politicians in commercial search engines. Warms the cocktails of my heart, it does.

Herewith a quick summary of some of the fallout from the Starr Report.

bul Larry Flynt, publisher of Hustler Magazine, has publicly offered Special Prosecutor Kenneth Starr a job as full-time advisor on pornographic material [29]. Flynt writes:

The quality and quantity of material you have assembled in your report contains more pornographic references than those provided by Hustler Online services this month.
bul A German journalist is pushing for the criminal indictment of Starr under that country's laws for knowingly publishing pornography on the Net [30].

bul And as the Son of CDA [31] made its way through the US Congress, G-rated Walt Disney Co. lobbied hard to relax the proposed rule [32]. The company fears that, with its current wording, CDA-II would require them to demand a credit card as proof of age from all visitors to disney.com.

[24] http://tbtf.com/resource/hypocrites.html
[25] http://tbtf.com/archive/1998-09-14.html#s01
[26] http://slashdot.org/
[27] http://slashdot.org/articles/98/09/15/1628251.shtml
[28] http://www.whatis.com/meme.htm
[29] http://www.hustler.com/preview/starrjob.html
[30] http://news.bbc.co.uk/hi/english/world/europe/newsid_178000/178790.stm
[31] http://tbtf.com/archive/1998-07-27.html#s01
[32] http://www.sjmercury.com/business/tech/docs/026013.htm

space ______

Year 2000 corner

bul Horde this book

It won't be a huge genre -- there's not enough time left -- but the coming troubles have now inspired the first Y2K technothriller. Read Y2K: It's Already Too Late by Jason Kelly [33] (paperback, self-published) and follow the fictional exploits of a software engineer as he struggles to save the world after the bug tanks human societies worldwide. I haven't read this book. Amazon's reader reviews are more than usually polarized: Tom Clancy fans, or those simply in search of a good yarn, are panning it, while those who believe January 1, 2000 will dawn on the End Of Civilization As We Know It are giving the book five stars. Thanks to Declan McCullagh for the item, and the title.

[33] http://www.powells.com/cgi-bin/partner?partner_id=23196&cgi=search/search&searchtype=isbn&searchfor=0966438701

bul Bill protects sharing of Y2K data

On 10/1 Congress unanimously passed [34] the Year 2000 Information and Readiness Disclosure Act, a day after its quick passage in the Senate. The President is expected to sign it into law quickly. The bill would let companies share information on how to fix the year 2000 computer problem without worrying about lawsuits if the information turned out to be wrong.

[34] http://nytsyn.com/IMDS%7CCND7%7Cread%7C/home/content/users/...

bul Using time zones as sentries

How to get early warning on the effects of the Y2K bug? Look east as many timezones as you can on December 31, 1999. The head of a Senate committee on the Y2K problem, Bob Bennett (R-Utah), said a Year 2000 "First Alert" system [35] focused on what happens as New Zealand and other Pacific countries pass midnight would give the United States more than 17 hours notice of how utilities and transport services may be disrupted.

[35] http://www.techweb.com/wire/story/y2k/TWB19981002S0013

bul A summary of Y2K in one animated GIF

This image [36] (77K) is signed "Mars" and looks like the work of a professional political cartoonist. It's scattered about the Web now; Altavista turns up 29 instances of it. The earliest one I saw was dated September 2.

[36] http://freepages.misc.rootsweb.ancestry.com/~nielsp/234/anim/htm/mil_bug.gif

space ______

Physics bits

bul Meteor storm may endanger satellites

Once a year the Leonids put on a light show (a meteor shower), and three times a century it's directed by William Berkeley Enos [37] (a meteor storm). Every year on November 17 and 18 earth's orbit passes through that of comet Tempel-Tuttle and fortunate watchers may see 5 to 10 meteors a minute in midnight skies. Every 32 years we run into the vicinity of the comet's head and the shooting-star count can rise to 10,000 a minute, though rates of 100-1000 a minute are more common. Most of the meteoroids are smaller than grains of sand but some are as big as marbles.

Five weeks from now this 155,000-mph travelling sandblast will arrive for the first time at an earth bejeweled with satellites [38]. The meteoroid density may be as high as one in every square meter; if so then every satellite in orbit will get hit. NASA plans to turn the eye of the Space Telescope away from the onslaught [39] and other satellite owners with mobility will turn their birds for minimum cross section in the direction of the constellation Leo. Communications with ground stations will be minimized and electronics shut down for safety where possible. The storm should last for 2 or 3 hours; Asia will be facing Leo when it peaks. Some geostationary satellites will get peppered, possibly damaging electronics, while others will be shielded in earth's shadow. Low-earth satellites orbit once every 1-1/2 or 2 hours so probably cannot avoid hits. The Mir astranauts will weather the storm in their Soyuz escape capsule and NASA is delaying a shuttle launch until earth is through the comet's path.

November 1999 could be worse.

[37] http://us.imdb.com/Name?Berkeley,+Busby
[38] http://www.examiner.com/981004/1004meteor.shtml
[39] http://www-space.arc.nasa.gov/~leonid/

bul Gamma-ray pulsar turns night into day

On August 27 an exotic star two-thirds of the way to the galactic core caused ten X-ray satellites to sit up and take notice. It blasted them with gamma radiation strong enough to penetrate their shielding and overload some of their instruments, regardless of where in the sky they happened to be pointing. The blast ionized earth's upper atmosphere at night as strongly as the daytime sun. It came from the star SGR 1400+14 in the constellation Aquila, one of four soft gamma repeaters discovered since 1979. This NASA page [40] (loads 135K, mostly images) details the event and provides background on magnetars -- postulated neutron stars with magnetic fields exceeding a quadrillion times that of earth, or 1000 times stronger than those of "ordinary" pulsars. Magnetars were first hypothesized in 1992 and the first solid evidentiary sighting came in May of this year [41].

The gamma-ray pulses are generated by starquakes, in which the neutron star's iron crust is deformed so far by magnetic forces that it cracks. Pent-up energy is released and seismic waves produce a flash of X-rays. Such a starquake can release 1019 times more energy than the 1906 San Francisco earthquake, 20.1 on the Richter scale [42]. Here's a graph [43] of the 12-minute energy tail following the August 27 quake. The energy released in the first instant equaled the Sun's output over 1000 years, or enough energy to run all of earth's civilizations for a billion billion years at the current burn rate. The astronauts aboard Mir each sustained a whole-body radiation dose equivalent to a dental X-ray.

[40] http://wwwssl.msfc.nasa.gov/newhome/headlines/ast29sep98_1.htm
[41] http://science.msfc.nasa.gov/newhome/headlines/ast20may98_1.htm
[42] http://wwwssl.msfc.nasa.gov/newhome/headlines/ast09jul98_1.htm
[43] http://tbtf.com/pics/gamma.gif

bul Swinging into space

If this article [44] is serious and aboveboard, a Scottish fabric company is working with a NASA spinoff headed by Dr. Robert Forward to develop ropes to swing spacecraft to the moon. Just like Tarzan, only in space you couldn't hear him yodel. I'm flummoxed. Readers conversant with physics: please write discussing whether or not this article, and the idea behind it, makes the slightest bit of sense. Thanks to Jon Callas for the item.

Note added 1998-10-13 & updated 10/14, 10/15: The URL given for the Scotsman article went unavailable a few hours after this issue hit the airwaves. I've modified the reference below so that now [44] points to the right place -- thanks to Chuck Bury for tracking down the relocated page, as I had failed to do. The Scotsman article's source may have been this New Scentist piece [44a] from last February.

Various knowledgeable souls have written to inform me that the idea of using ropes to get into space (or to move around in it) is well established and feasible, though some applications fall outside the current state-of-the-art for the tensile strength of ropes. One reader pointed to Arthur C. Clarke's 1980 novel Fountains of Paradise. Doggone it, I read Fountains years ago, but didn't connect his idea of a geosynchronous "space elevator" with the more dynamic versions of the concept now being explored. Another variant of the space tethers idea figures in The Descent of Anansi [44c] by Larry Niven and Steven Barnes, but it's not a major theme in that work of fiction.

Other sites related to the concept of space tethers that I and others have turned up since this issue shipped:

[44] http://tspl.realise.com/htdig/ne/04/ne04luna981012.html
[44a] http://www.newscientist.com/ns/980221/ntether.html
[44c] http://www.powells.com/cgi-bin/partner?partner_id=23196&cgi=search/search&searchtype=isbn&searchfor=0812512928
[44d] http://www.tethers.com/
[44e] http://www.mnstf.org/minicon/history/minicon30/robert-forward.html
[44f] http://home.earthlink.net/~jedcline/mcbl.html
[44g] http://www.affordablespaceflight.com/howitworks.html

______

Fiber bites backhoe

Don't get mad, get even

The NANOG mailing list, stalwart of network operators everywhere, has lately carried news of more than the usual number of optical-fiber bundles cut by rampaging backhoes. Last Thursday this note, from a local newscast, was posted to the list:
don't get mad

[Atlantic County, NJ] While attempting to wreak havoc on the world's telecommunications infrastructure, a backhoe mistook a gas main as a fiber optic cable. The evil yellow beast was destroyed in the resulting fireball.

The ensuing discussion thread [45] Internet 1, Backhoe 0 turned up many examples of the Net's revenge fantasies; two of the best are BizarroLand's [46] and Adam Rothschild's videorealistic essay [47] (103K).

[45] http://www.cctec.com/maillists/nanog/current/msg01164.html
[46] http://www.bizarroland.com/gopher.html
[47] http://www.millburn.net/backhoe2.jpg


Notes

bul Alaska was pretty wonderful, thanks for asking. But TBTF took three weeks off instead of the planned two courtesy of a bug (it was definitely not a feature) that got to me in the recirculated substance that passes for air on a transcontinental flight. Several folks wrote with suggestions for Net access while on a cruise vacation and Marc Kupper provided the mother lode. Follow this link [48] if you're interested in a brief essay titled An Alaska Cruise: Net Access and What I Read.

[48] http://tbtf.com/resource/alaska.html


Sources

bul For a complete list of TBTF's (mostly email) sources, see http://www.tbtf.com/sources.html.


TBTF home and archive at http://www.tbtf.com/ . To subscribe send
the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1998 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
_______________________________________________
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.

___