(A Javascript-enabled browser is required to email me.)
TBTF logo

TBTF for 1999-01-13: Nudiustertian

Keith Dawson (dawson dot tbtf at gmail dot com)
Thu, 14 Jan 00:47:51 -0400


Contents


Uncensored Australian crypto report comes to light

Redacted passages are now highlighted in red

Electronic Frontiers Australia has posted an uncensored copy of the Review of Policy relating to Encryption Technologies, called the Walsh Report [1]. Two years ago the Australian government had been about to release a study of the effect of encryption technology on law enforcement and intelligence gathering. The study, commissioned by the Attorney General's office, was authored by Gerard Walsh, former deputy director of the Australian Security Intelligence Organisation. Just before publication someone high up in the Australian government developed cold feet and the release was cancelled. Electronic Frontiers Australia filed a freedom of information request and in June 1997 obtained a redacted copy of the report — that is, with some sections blacked out on grounds of public safety, law enforcement, or national security — and posted it on the Web. It now comes to light that before the report was pulled, "deposit copies" had been sent to major libraries; an alert student found one such last month growing dusty in the State Library in Hobart. EFA published the full report, with the originally censored parts highlighted in red, at the same URL [1]. Here is one of those redacted sections (1.2.22):

The loss of access to real-time communications of their targets, and the inability to access seized stored data, will necessitate a range of activities by law enforcement and national security agencies which carry greater operational, personal and political risk, involve larger financial outlays and staff allocations and will require some legislative amendments.
It is remarkable how many of the red passages track with proposals that, if publicized, would carry "political risk" — such as the risk of the public throwing the bums out. Among the initially redacted legislative amendments proposed are those to allow:

This latter proposal the EFA's Greg Taylor <gtaylor at efa dot org dot au> calls "an apparent endorsement of rubber-hose code-breaking." A more charitable interpretation would be of a law to shield authorities from having to reveal in open court that they obtained evidence by cracking into and infecting a suspect's computer — might not play well with juries. Prosecutors routinely avoid such embarassment by using tainted evidence only to locate and develop other lines of evidence, which are then used to prosecute.

[1] http://www.efa.org.au/Issues/Crypto/Walsh/index.htm

___

NT 4.0 fails government cryptography test

Fixing FIPS 140-1 test failure will impact IE4, Outlook 98

Windows NT 4.0 has failed a critical government test [2] (registration required) that it must pass in order to be considered for sensitive applications in US and Canadian government agencies. Problems that surfaced in Microsoft's CryptoAPIs may be serious enough to require significant redesign of the operating system. The company expects to issue a service pack later this year after NT finally makes it through FIPS 140-1 testing. However, the patch will cause major problems for common applications, because only Internet Explorer 5.0 will know how to work in FIPS mode. The service pack will prevent users who apply it from using IE 4.0, Outlook 98, and possibly other applications such as Internet Information Server.

[2] http://www.nwfusion.com/news/0111ntcrypt.html

___

Judge orders Sun, Microsoft to settle Java dispute

You can tell it's a good decision, it made both companies mad

A US magistrate has ordered Microsoft and Sun to schedule a settlement conference to hash out their ongoing dispute over Java technology. Judge Ronald Whyte's order [3] said the companies, which have developed two different methods for Java to work with Windows, should develop a single platform that "achieves Sun's goal of universality and Microsoft's goal of more efficient performance and ease of coding." Whyte also said the companies should consider expanding development of Microsoft's J/Direct, which lets Java developers access native Windows functions directly.

[3] http://www.techweb.com/printableArticle?doc_id=TWB19990108S0001

space ______

Supreme Court says computer algorithms can be patented

Let's patent like it's 1999

The mere flood of patents on business models [4] will surely now become a torrent. The US Supreme Court has let stand a lower court ruling in the State Street Bank case that mathematical algorithms used in a program may rate intellectual-property protection [5] (free registration and cookies required for this link). The silliest patent I've seen recently claimed exclusive rights to the "method" of teaching an in-house course using a book. Worse is to come.

[4] http://tbtf.com/archive/1998-08-31.html#Tspx
[5] http://www.nytimes.com/library/tech/99/01/biztech/articles/12patent.html

space ______

Make it up on volume

A business model from cloudcuckooland

Bill Gurley's latest Above The Crowd column [6] is a sober exploration of a business proposition that until recently was the punch line of a stock joke:

Sure, we'll lose $5 on every sale, but we'll make it up on volume.
Gurley examines buy.com, a reborn Web virtual store whose business plan amounts to selling a buck for 85 cents and making it up on advertising. You can trace a straight line from the idealistic business model arising out of the Net's pre-commercial gift economy -- give away real value on your Web site and find a way to make money from the side-effects — through banner ads, eyeballs, and branding to the Americanized, Crazy Eddie purity of buy.com's aspirations. If the recent market for Net stocks has sent images of tulip bulbs dancing in your head, Gurley's analysis will do nothing to dispel them.

Perhaps when the Millenium has passed and the stock market crash is behind us, we can turn again to the serious business of inventing sustainable business models for the Net.

[6] http://www.news.com/Perspectives/Column/Textonly/0,197,282,00.html?tbtf

___

Quick bits

A maze of twisty items, all a little different

bul Microsoft releases a fix for frame spoof

See [7] and [8] for a description of this startlingly deep problem in the architecture of frames. Microsoft has released a patch for Wintel versions of Explorer 4.01 [9]; patches for Macintosh, HP-UX, and Solaris versions are not ready yet. In the email edition I wrote that Netscape has never acknowledged or responded to inquiries about the frame-spoof problem or said when a fix might be available for Navigator browsers. This just in —

Note added 1999-01-15: Marek Jeziorek <marek at netscape dot com> writes:
We will release an update with the next point release 4.51.

[7] http://tbtf.com/archive/1998-11-17.html#s02
[8] http://www.securexpert.com/framespoof/tech.html
[9] http://www.microsoft.com/windows/ie/security/spoof.asp

bul No kudos from BugNet

Since 1994 the editors of BugNet have presented an award to a software company for the year's best bug-fix performance. This year the editors surveyed the software field and scowled in disgust, refusing to grant any award [10]. "We are in the midst of a PC quality / support crisis," they declare. Here is one sad tale among many that illustrates the sorry attitude of software companies toward the things they have wrought and the users who are stuck with them.

Microsoft has a very odd sense of what is and what isn't a bug. Earlier this year, BugNet discovered a bug in FrontPage which allowed [a user] to delete his entire hard drive -- including Windows itself — without a clear warning. This was the single most destructive bug we've ever encountered... but Microsoft's response was that this was a feature, not a bug.
Note added 1999-01-16: Hendrik Levsen <info at levsen dot org> writes to point out that BugNet may not be blameless in this business: they make money by scaring computer users with a new horrendous bug every day:
And you bought something from them. Sheesh... It doesn't say on microwave ovens that you can't dry your cat in them either. If you had checked this "bug" yourself you would've seen that only people who dry their cats in microwaves can possibly delete their hard disk with FrontPage.

[10] http://www.bugnet.com/analysis/no_award.html

bul Cyber Underwriters Laboratories

The field of computer security has few hard standards: no company can certify that its software product is secure. Writing on the l0pht Heavy Industries site, Tan <tan at l0pht dot com> suggests looking to Underwriters Laboratories [11] for a model of Net security certification. Using the example of a UL-certified manufacturer of safes, Tan writes:

Vendors claim to be resistant to certain toolsets for certain amounts of time. This is not what the computer security field looks like today, but is where it needs to go... Customers are pressured by insurance underwriters to use products that meet UL specifications... Until [Net] losses become intolerable and insurance is necessary, there may be no motivation to drive the certification, approval, or listing of [Net security] products by UL or any similar organization.
Thanks to Keith Bostic <nev at bostic dot com> for pointing out this proposal.

[11] http://www.l0pht.com/cyberul.html

bul India warns against US crippleware

An Indian defense official issued a "red alert" [12] against the dangers of depending on cryptography products developed in the US, because almost by definition their codes can be broken by US government agencies. India might require all local banks and financial institutions to buy only home-grown crypto software. The letter from the Defence Research and Development Organisation says:

To put it bluntly, only insecure software can be exported. When various multinational companies go around peddling 'secure communication software' products to gullible Indian customers, they conveniently neglect to mention this aspect of the US export law.
Note added 1999-01-14: Udhay Shankar <udhay at pobox dot com> writes:
You may be interested in knowing that N. Vittal, the Central Vigilance Commissioner who is contemplating this, is one of the few bureaucrats who is widely respected in the IT community. His previous stint as Secretary, Department of Electronics was marked by several far-seeing initiatives, and he is generally regarded as being very clued-in.

[12] http://www.economictimes.com/120199/lead2.htm

bul A specialized shopping bot

Uniden introduced a phone at the Consumer Electronics Show that price-shops every time it's dialed, seeking the cheapest longdistance rate from among hundreds of plans before each call. The phone, called the Long Distance Manager, is expected to reach store shelves this spring at a price of about $49. Thanks to Keith bostic <nev at bostic dot com> for this item.

___

Jargon Scout: verbing dog-food

Bringing you the jagged edge of the Net's new lingo since 1995

Jargon Scout [13] is an irregular TBTF feature that aims to give you advance warning — preferably before Wired Magazine picks it up — of jargon that is just about ready to hatch into the Net's language.

Randy Enger writes:

I heard this twice last month, from two apparently unrelated sources, one within Rational and one at a Microsoft acronym-fest [14]. Once might be just irrational exuberance, but twice...

You know the phrase "to eat our own dog-food," employed to mean that the developers should actually use the products they develop. Well, dog-food has been verbed.

At Microsoft:

We have to dog-food this architecture before we release it.

and at Rational, about a new product:

We really need to dog-food this puppy.

(A friend to whom I mentioned this was dismayed by the cannibalistic imagery.)

[13] http://tbtf.com/jargon-scout.html
[14] http://tbtf.com/archive/1998-10-27.html#s10
___

Physics news of 1998

The brightest stars, the biggest stories

One of my favorite email resources for nudiustertian news from the world of physics is the AIP's Physics News Update [15], whose research summaries, written by Phillip F. Schewe and Ben Stein, arrive by email weekly [16]. Here are some of Schwe and Stein's picks as the biggest physics stories in 1998. I've added direct URLs for the stories as they appeared in PNU.

[15] http://www.aip.org/physnews/update/
[16] http://www.aip.org/physnews/update/subpnu.htm
[17] http://www.aip.org/enews/physnews/1998/physnews.355.htm
[18] http://www.aip.org/enews/physnews/1998/physnews.361.htm
[19] http://www.aip.org/enews/physnews/1998/physnews.375.htm
[20] http://www.aip.org/enews/physnews/1998/physnews.362.htm
[21] http://www.aip.org/enews/physnews/1998/physnews.382.htm
[22] http://www.aip.org/enews/physnews/1998/physnews.402.htm
[23] http://www.aip.org/enews/physnews/1998/physnews.356.htm
[24] http://www.aip.org/enews/physnews/1998/physnews.367.htm
[25] http://www.aip.org/enews/physnews/1998/physnews.374.htm
[26] http://www.aip.org/enews/physnews/1998/physnews.394.htm
[27] http://www.aip.org/enews/physnews/1998/physnews.389.htm

___

Year 2000 corner

Old McDonald had some code, C-O-B-O-L

For those of you who rejoiced over the holidays because The Little Drummer Boy drowned out the pervasive babble about Y2K, here's a little something to jerk you fully into 1999: the latest in barnyard sounds from Patrick Tufts <zippy at cs dot brandeis dot edu>.

I just taught a tot to say "and the NERD goes why-two-kay, why-two-kay".

--Pat "doomsayer just didn't scan"

The foregoing nugget is carried on TBTF by permission. The author specified as a condition of publication that the period had to stay outside the quotation mark.

Notes

bul This week's TBTF title means, in a backhanded sort of way, "up to the minute; the latest thing." Mrs Byrne's Dictionary [29] says the word derives from the Latin phrase Nunc dies tertius est, meaning "It is now the third day," so a literal rendering would be "pertaining to the day before yesterday." The OED is more straightforward [30].

[29] http://www.powells.com/cgi-bin/partner?partner_id=23196&cgi=search/search&searchtype=isbn&searchfor=0806504986
[30] http://tbtf.com/resource/oed-defs.html#nudiustertian


Sources

bul For a complete list of TBTF's (mostly email) sources, see http://tbtf.com/sources.html.

TBTF home and archive at http://tbtf.com/ . To subscribe send the
the message "subscribe" to tbtf-request@tbtf.com. TBTF is Copyright
1994-1999 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Commercial use pro-
hibited. For non-commercial purposes please forward, post, and link as
you see fit.
_______________________________________________
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.

___