A pox on both their houses

Microsoft and AOL have been making an ugly spectacle of themselves in the fight over instant messaging standards [1]. For three weeks the two sides have been exchanging rhetoric at a pace and a pitch that is reminiscent of nothing so much as a bitterly divisive political battle.

On 22 July Microsoft introduced a client, the MSN Messenger Service, that connects with AOL Instant Messenger by requiring users to supply their AOL screen name and password. AOL spluttered that this requirement goes against the security admonitions that AOL constantly inculcates into its customers. And AOL can't have been thrilled that Microsoft at least potentially possessed login information for millions of AOL customers -- even though Microsoft insists it is neither collecting nor saving the logins. Adding insult to injury, Microsoft's client can also import AIM buddy lists.

As soon as MSN Messenger Service went live AOL blocked its access to their servers. Microsoft coded around the block. AOL countered. By the end of the first weekend the two teams had traded hack for counter-hack five times; the last count I saw tallied 13 round trips.

The two sides have feigned at lawsuits, wrapped themselves in the robes of open standards and user security, and signed up allies at a frantic pace.

The battle escalated another notch last week when someone posing as an independent consultant wrote to security watchdog Richard Smith, asking him to publicize the assertion that one of AOL's blocking tactics utilizes a buffer overflow in the AIM client [2]. If true this would point to a dangerous security hole in AIM. But Smith determined that the "consultant" probably didn't exist and that the message had originated on a Microsoft internal mail server. Microsoft's protested [3] that the unknown perpetrator had no encouragement from the management. Right. Despite the tainted source of the accusation, Smith insisted that AOL come clean about any buffer overflows. AOL has bequeathed no word on the subject.

The irony of Microsoft arguing for open standards, and AOL against them, was not lost on the SJ Mercury News's Dan Gillmor. He calls them both aggravating hypocrites [4].

Alex Lash wrote a good overview [5] on the wider Microsoft - AOL rivalry that he might have subtitled "How do I hate thee? Let me count the ways."

[1] http://www.news.com/News/Item/Textonly/0,25,39693,00.html
[2] http://www.zdnet.com/intweek/stories/news/0,4164,2314107,00.html
[3] http://www.techweb.com/wire/story/TWB19990813S0015
[4] http://www.sjmercury.com/svtech/columns/gillmor/docs/dg072799.htm
[5] http://www.thestandard.com/articles/article_print/0,1454,5821,00.html

Taking the IRS to Tax Court

Late last month, in near-perfect silence, Microsoft wrapped up its court case against the Commissioner of the Internal Revenue Service [6]. The only notice of the case was a slip of paper hanging outside the door of a little-known courtroom at 400 Second St. N.W. in Washington, DC. Microsoft had sued the IRS in the early 90s over the favorable tax treatment allowed for CDs and movies, arguing that the same rules should apply to software. The amount at issue in the case is a mere $16M that Microsoft paid in taxes in the early 1990s, but the outcome of the case could affect billions in the years to come -- for other software suppliers as well as for Microsoft. Oracle, Autodesk, and Adobe all have similar cases pending in the Tax Court. In 1997, after Microsoft's suit was filed, Congress enacted the tax provision that Microsoft wants. But the company fights on because a loss in Tax Court could render moot the action of Congress. A ruling in the case could take another year.

[6] http://www.seattletimes.com/news/business/html98/micr_19990803.html

CORE, the Council of Registrars, is one of the organizations accredited in the early-phase testing of competitive domain-name registration. One of CORE's members, CSL GmbH of Duesseldorf, is now offering two-year registrations in the .com, .net, and .org top-level domains for 40.9 Euros, or about $43.23 [7]. CSL thus becomes the first competitive registrar to actually compete on the basis of price. NSI and all the other active test registrars still charge $70 for two years -- but this won't be true for long. To register your .com domain for less than the price of a .nu [8], visit CSL's registration site joker.com [9]. (This is no joke.)

[7] http://www.internetnews.com/bus-news/article/0,1087,3_181351,00.html
[8] http://www.nic.nu/
[9] http://www.joker.com/

ICANN cuts NSI's influence

The Internet Commission on Assigned Names and Numbers issued a ruling that will limit Network Solutions's influence on domain naming policy. ICANN has declared [10] that no entity may send more than a single representative to the Names Council, a body set up to advise ICANN on naming policy. Under the previous rules, NSI had 3 seats on the 21-member council.

[10] http://www.infoworld.com/cgi-bin/displayStory.pl?990813.iiicann.htm

Small, inexpensive video cameras redefine voyeurism

Here is a story ripe for the mainstream press to blow all out of proportion. USA Today reports [11] on a case of organized voyeurism: 28 athletes from colleges in Illinois and Pennsylvania have filed for damages against the makers and distributors of videotapes captured by tiny cameras secreted in college locker rooms. The tapes were sold over the Internet. Most states have no law against surreptitious videotaping or selling such tapes over the Net, so victims may have little recourse. This last week my hometown paper carried news that the Massachusetts senate had just passed such an anti-voyeur measure. Thanks for the tip on this story to Lynn Saxenmeyer <saxenmeyer at worldnet dot att dot net>.

[11] http://www.usatoday.com/life/cyber/tech/ctf847.htm
[11a] http://www.x10.com/home/offer.cgi?!ZDX30,../1index761.htm
[11b] http://tbtf.com/blurbs.html#scanlon

Leaked, criticized, withdrawn, and squashed inside of two days

On 28 July the NY Times reported that the Clinton administration was mulling a plan [12] for a computer monitoring system, called Fidnet, that would watch the country's data networks for intruders. The FBI was to oversee Fidnet, which would expand from monitoring government networks to watching private ones. The outcry from civil libertarians was immediate and deafening, and the administration shelved Fidnet [13] the next day. Just to nail that particular coffin, Congress voted [14] on 30 July to ban the Justice Department from spending any funds on Fidnet.

[12] http://www.zdnet.com/filters/printerfriendly/0,6061,2303703-35,00.html
[13] http://www.zdnet.com/filters/printerfriendly/0,6061,2304083-35,00.html
[14] http://www.techserver.com/noframes/story/0,2294,76087-120171...
[14a] http://www.nytimes.com/library/tech/99/08/biztech/articles/16monitor.html

Cites danger of rendering Wassenaar controls "immaterial"

Late last month the German online magazine Telepolis published a letter that US Attorney General Janet Reno sent at the end of May to the German Justice Minister urging a ban of crypto products on the Internet. John Young has posted a translation on Cryptome [15]. Here is the original article, in German [16], and the letter as published in Telepolis [17]. An excerpt from Reno's letter:

[15] http://jya.com/reno-ban.htm
[16] http://www.heise.de/tp/deutsch/inhalt/te/5117/1.html
[17] http://www.heise.de/tp/deutsch/inhalt/te/5117/2.html
[18] http://tbtf.com/the-irregulars.html

Variety and innovation rule in open-source development

At last week's LinuxWorld Expo, a panel discussed the various models of how open source projects are controlled and directed [19]. Contrary to what you might expect, open source does not mean "democratic." Linus Torvalds runs Linux development as an absolute dictatorship buffered by a sizable bureaucracy. At the other end of the spectrum, Brian Behlendorf says that development of the Apache Web server is governed by a round table of two dozen equals, all of whom have veto power over proposed features. Perl development proceeds like a constitutional monarchy. Larry Wall, the language's original author, has relegated to himself the role of a Supreme Court, settling the disagreements that the development community can't resolve.

[19] http://www.techweb.com/wire/story/TWB19990812S0003

Linux gets the press, but has BeOS got the goods?

Scot Hacker <shacker at birdhouse dot org>, who runs a tips site [20] for users of BeOS, is frustrated. The press covers Linux ceaselessly but rarely writes about BeOS. When this commercial OS is covered, Hacker believes, the articles are usually written by pundits who have never tried BeOS or done any real research. He writes,

Hacker has set up the Alt.OS Usability Challenge [22] to invite tech publications to compare BeOS with Linux by watching real users. The model is to sit down a Windows or MacOS user with a Linux distribution and a BeOS CD and have normal users install, configure, and use the respective systems; observe and report.

I wish I had the time to mount this test myself, but I don't. I'll be curious to see how many publications take up the challenge.

By the way, BeOS Tips is served from Hacker's main BeOS development machine, which is also running 1.7M keys/sec. in the rc5des [23] distributed crack. How many Windows, or even Linux, users would be willing to try this?

[20] http://www.betips.net/
[21] http://www.cryptonomicon.com/beginning.html
[22] http://www.betips.net/challenge/
[23] http://beoscentral.com/teambeos/

Another proof point that the censorware approach is fundamentally flawed

The Censorware Project investigated [24] Bess, a product widely used in schools across the US and Australia and aggressively marketed to libraries, schools, and governments. N2H2 [25], the company that markets Bess, claims that the proxy-based filtering software shields more than seven million schoolchildren. N2H2 is unusual in a couple of ways. They claim not to block by keywords -- that every one of 8 million sites on their block list has been examined by a human. And N2H2 is the first of the censorware companies to announce plans to go public.

The Censorware Project found hundreds of porn sites easily accessible, unblocked by proxies in actual use in schools today, as well as numerous sites incorrectly blocked for no discernable reason. The report casts serious doubt on N2H2's claim of 100% human-based filtering, a claim the company president made in Congressional testimony last May.

N2H2 employs 15 full-time and 58 part-time workers to scan Web sites, according to their recent IPO filing. The Censorware Project's report estimates that this number falls short -- by a factor of about 20 -- of the labor force that would be required just to keep up with the Web's growth (2 million pages per day), let alone to track site updates or to classify the 1 billion Web pages already in existence.

Please note that the report [24] necessarily contains some ugly language and many links to offensive sites.

[24] http://censorware.org/reports/bess/
[25] http://www.n2h2.com/

Don't expect the world to end when this Brookhaven device goes live

This BBC article [26] speaks of qualms about Brookhaven National Laboratories' Relativistic Heavy Ion Collider. It seems that once the machine is activated, scientists aren't 100% certain that it won't turn the whole earth into strange matter.

Scientists aren't 100% certain that a glass of water at room temperature won't spontaneously develop ice cubes, either, but it's the way the smart money bets.

The BBC story was pretty convincingly deconstructed on Slashdot [27] (albeit by Anonymous Cowards). Thanks to TBTF Irregular Jamie McCarthy <jamie at mccarthy dot org> for that pointer, and to others regular and Irregular who poured healthy skepticism in my general direction when I posted this item as a Tasty Bit of the Day.

On the American Physical Society's What's New page [28], Robert Park writes:

[26] http://www.sunday-times.co.uk/news/pages/sti/99/07/18/stinwenws02029.html?99
[27] http://slashdot.org/comments.pl?sid=99%2F07%2F18%2F1415231&cid=...
[28] http://www.aps.org/WN/WN99/wn072399.html

Judging now much to worry about near-earth objects

How dangerous, in reality, are asteroids of the sort that starred in last summer's blockbuster [sic] movie? Should we worry about the danger from an asteroid with a one-in-a-million chance of striking earth? Scientists have announced development of the Torino scale [29], a method of communicating the degree of danger from near-earth objects. So far no known object has been assigned a Torino number greater than 0. (At Torino 10 the earth is toast.) See [30] for a succinct graphic (98K) depicting the factors woven into a Torino scale number. The scale takes into account the probability of a collision and its likely kinetic energy -- which depends on the object's diameter, composition, speed, and strike angle. Thus a 100-m asteroid with a 1-in-100 chance of striking the earth merits the same level of concern -- 2 on the Torino scale -- as a 5-km asteroid with a 1-in-a-million chance.

This site [31] lets you explore the known near-earth objects for yourself. I particularly like the search function [32], where you can ask, say, for all known objects that will ever pass closer to earth than the moon's orbit (call it 0.0025 AU). This site [33] lists all known close approaches (closer than about 5M miles) for the next 100 years.

Scientists estimate that fewer than one in ten near-earth asteroids have yet been discovered and mapped.

[29] http://science.nasa.gov/newhome/headlines/ast22jul99_2.htm
[30] http://science.nasa.gov/newhome/headlines/images/meteors/torinoscale.jpg
[31] http://newton.dm.unipi.it/
[32] http://newton.dm.unipi.it/cgi-neo/neoibo?quicksearch
[33] http://cfa-www.harvard.edu/iau/lists/PHACloseApp.html

www.ParanoidPsychoticDelusions.com

A team of Florida physicians recently reported two cases in which delusional patients have woven the Internet into their fantasy systems [34]. These are the unfortunates who used to wear aluminum-foil hats to block the radio messages the CIA was trying to beam into their heads; now it's the Net that provides a backdrop of threatening and poorly understood technology from which to craft their delusions.

Randy Cassingham's engaging periodical This Is True [35] noted this story under the title www.ParanoidPsychoticDelusions.com. Of course I had to add it to the No We Don't have a Web Site page [36], the home for bogus and self-referential (and mostly nonexistent) URLs. Thanks to Herbert Hille <hhil at loc dot gov> for the pointer.

[34] http://www.sma.org/smj/internet_press.htm
[35] http://www.thisistrue.com/
[36] http://www.nowedonthaveawebsite.com/

I went to high school with Herbert Hille, my informant for this issue's final item. Through him I've now reconnected with two other long-lost friends; working on a third.

TBTF home and archive at http://tbtf.com/ . To subscribe send the
the message "subscribe" to tbtf-request@tbtf.com. TBTF is Copyright
1994-1999 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Commercial use pro-
hibited. For non-commercial purposes please forward, post, and link as
you see fit.
_______________________________________________
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.