Son of CDA bill is filed in the Senate

First Amendment to the US Constitution (1791)

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

Sen. Dan Coats (R-Indiana) was the main Republican sponsor of CDA-I. He has filed a bill, S.1482 [1], that would punish commercial distributors of material deemed "harmful to minors" with six months in jail and a $50,000 fine. Unlike CDA-I, this proposed statute applies only to Web sites. The ACLU, which won in the fight against CDA-I, says [2] the the new bill is clearly out of bounds: it has serious constitutional problems with its definition of "harmful to minors," and does not make any distinction between material that may be, for example, harmful to a six-year-old but valuable for a 16-year-old. The bill does not pin down which community's standards are to be applied in determining whether material is harmful to minors, but rather imposes on the FCC and the Department of Justice the task of explaining what material would infringe the law. The Supreme Court struggled in vain for years to arrive at a national definition of the term "obscenity"; "harmful to minors" is obscenity lite and will prove even more difficult to define. Third, the proposed law could apply to online bookstores such as amazon.com and to ISPs -- publishers and carriers who do not originate such material. CDA-I explicitly exempted carriers such as ISPs from culpability under that law, and a court has upheld [2a] the common carrier nature of ISPs. Finally, the Coats bill would require sites with material "harmful to minors" to take a credit card for age verification. The Supreme Court's majority opinion overturning CDA-I specifically rejected the government's advancement of this proposed tactic.

The bill has no co-sponsors yet.

[1] http://thomas.loc.gov/cgi-bin/query/z?c105:S.1482:
[2] http://www.aclu.org/news/n111397a.html
[2a] http://www.yahoo.com/headlines/971114/wired/stories/cda_1.html

Browser giant is out of compliance with JDK 1.1

When Sun chided and then sued Microsoft for failing to honor its Java licensing agreement, Microsoft pointed out that Sun chooses to ignore the failings of other companies -- particularly Netscape -- to live up to their own contracts. Indeed Netscape has been out of compliance since it failed to deliver a Java Virtual Machine based on Sun's JDK version 1.1 [3], which has been shipping since February. The contract stipulates that Netscape must complete updating its Java implementations within a stated period after a new JDK ships. (How long that period is is not public knowledge; I would guess at 6 months.) Netscape has assured Sun that it plans to come into compliance, with Communicator version 5 in the first half of 1998, and meanwhile Netscape on its own initiative has removed the familiar "steaming cup" Java logo from the About page of Communicator 4.04. Netscape notes that its products are fully compliant with JDK 1.0.2, and that the contract does not require them to remove the logo.

[3] http://www.news.com/News/Item/0%2c4%2c16359%2c00.html

Lately it seems that Intel, Microsoft, and Cyrix are fighting more bugs than the Starship Troopers

See last week's TBTF [4] for background on these recently surfaced security issues.

Pentium "f00f" bug -- Intel has developed a software workaround [5] that must now be incorporated into each operating system that runs on Pentium hardware -- there are probably a few dozen of these. Each OS vendor must rigorously test the fix for its impacts on stability and performance. A vendor whose user base is not all running on the current OS version may need to implement the fix multiple times. Several hundred million users will have to obtain the fix to their OS and install it; many, unlucky, users will have to upgrade their OS version at the same time. Linux was first out of the chute with a f00f fix, introducing patch 2.0.32, which traps the offending op codes before they get to the CPU, before Intel had announced its workaround. The linux fix is available at [6a] (patch) and [6b] (full source). BSDI is testing a fix. Microsoft says it is "in the process of studying the implementation of potential workarounds."

MSIE buffer overrun -- Microsoft has posted a fix [7] for the buffer overrun security problem, #15 on the TBTF 1997 list [8] of Microsoft / MSIE security issues.

Cyrix -- This chipmaker confirms its Pentium workalikes have a problem too [9], this one surfacing only in multiuser configurations.

[4] http://www.tbtf.com/archive/1997-11-10.html
[5] http://www.infoworld.com/cgi-bin/displayStory.pl?971114.wintelfix.htm
[6a] ftp://ftp.kernel.org/pub/linux/kernel/v2.0/patch-2.0.32.gz
[6b] ftp://ftp.kernel.org/pub/linux/kernel/v2.0/linux-2.0.32.tar.gz
[7] http://www.microsoft.com/msdownload/ieplatform/ie4bufferpatch/patch.htm
[8] http://www.tbtf.com/resource/ms-sec-exploit.html
[9] http://www.news.com/News/Item/0%2c4%2c16347%2c00.html

Troubles aren't over for the man who hijacked the InterNIC

Eugene Kashpureff, who hijacked the InterNIC's Web traffic to his own site as a protest against domain naming policy [10], [11], has been arrested by Royal Canadian Mounted Police and is expected to be deported to the US to face charges of wire fraud and computer fraud [12], [13]. The FBI issued a warrent for Kashpureff's arrest on 9/12, located him in Toronto late last month, and requested the cooperation of the RCMP in his apprehension.

[10] http://www.tbtf.com/archive/1997-07-21.html
[11] http://www.tbtf.com/archive/1997-07-28.html
[12] http://192.215.107.71/wire/news/1997/11/1105alternic.html
[13] http://192.215.107.71/wire/news/1997/11/1111kashpureff.html

So what's .nu?

A neighboring island of Tonga [14] has set up in the business of providing domain names to all comers. Niue (pronounced "new-way"), population 2000, has made an arrangement with some enterprising Americans for the privilege of parcelling out .nu domain names [15]. Visit the registry [16] to see it your favorite has already been claimed. (No, you can't have whats.nu, it was among the first to go.) The interesting thing about Niue's entry into the registry fray is that it is the first to break the $50/year price point -- Niue charges $25 per year.

[14] http://www.tbtf.com//archive/1997-06-23.html
[15] http://www.news.com/News/Item/0%2c4%2c16253%2c00.html
[16] http://www.nunames.nu/

First the Justice Department, then the states; et tu, Nader?

You can't have avoided hearing about the Appraising Microsoft Conference [17], [18] held in Washington, D.C. last week an hosted by consumer gadfly Ralph Nader. Nader called Microsoft "uniquely ruthless"; one of the participants dubbed the company "the great white shark of the software business: no conscience, no reticence, just endless appetite." Microsoft executives had been invited but (sensibly) declined to attend. COO Bob Herbold sent a public letter [19] to Nader enumerating the ways in which the deck had been stacked against Microsoft.

Steve Kremer <steve at jokewallpaper.com> thought to call Nader's office to find out what kind of computer the conference instigator uses. Answer: apparently, he doesn't use one at all. Kremer summarized thus on the fight-censorship mailing list:

So when you read the stories coming out of Washington D.C.
about Nader taking Microsoft to task, remember it's being
headlined by someone who has probably never had their hand
on a mouse except maybe to take a dead one out of an OSHA-
approved trap.

Microsoft's partners are not all uniformly happy with the colossus, though they are understandibly reluctant to speak up in public. Allan Hurst <allanh at spectrum.us.com> sends this anonymous account of exchanges between a Microsoft representative and an attendee at a Northern California Microsoft revival meeting -- er, I mean reseller briefing:

    Attendee:  "Is it true that NT 5.0 has 27 million lines of
                code?"
    Microsoft: "Why do you want to know?"


    Microsoft: "So, as you can see, Small Business Server is a
                mission-critical product from Microsoft, and
                is our Big Product Introduction for 4Q97. Does
                anybody know what will be the Big Product In-
                troduction for 1Q98?"

    Attendee:  (shouting) "Yes! Service Pack 1 for Small 
              Business Server!"

    (The "correct" answer, incidentally, turned out to be "NT 5.0".)

One group that is unwaveringly in Microsoft's corner is its shareholders. Those who have stuck with the company's stock over the last year have doubled their money. At the annual meeting, after the speech in which Bill Gates called the Nader conference a "witch hunt," the attendees gave him a standing ovation.

[17] http://www.essential.org/appraising/microsoft/
[18] http://www.yahoo.com/headlines/971114/tech/stories/nader_1.html
[19] http://www.microsoft.com/corpinfo/nader/11-13nader.htm

Helping system administrators find the source of DoS attacks more quickly

MCI has released a must-have tool for system administrators: the Denial of Service Tracker [20]. This security program simplifies the process of tracing DoS attacks, which aim to overload a target com-puter system to the point that it's unusable for anything else. The program works against SYN flood [21], ping flood [22], bandwidth saturation, and concentrated source attacks. Other DoS-based attacks are being added.

[20] http://www.security.mci.net/dostracker
[21] http://www.tbtf.com/archive/1996-09-23.html#s01
[22] http://www.tbtf.com/archive/1997-08-04.html#s01

The original church, stripped of $340M, can't hide behind new corporate shells

A Federal judge has issued a definitive ruling that clears the way for hundreds of lawsuits to go forward against the self-declared religious organization, and in addition calls into question its tax-exempt status [23]. When faced with paying a $6M judgement to a creditor, the Church of Scientology of California dissolved itself and transferred its assets to two new organizations called the Church of Scientology International and the Religious Technology Center. The judge ruled that the new Scientology corporations are merely shells controlled by and identical to the disbanded mother church so their assets are subject to court judgements against the original institution.

Why am I writing about Scientology, new readers may wonder? The CoS has worked aggresively, using channels legal and dirty, to stifle free speech on the Internet and may have been responsible for shutting down a long-running anonymous remailer, anon.penet.fi [24], [25].

[23] http://www.factnet.org/Scientology/court.htm
[24] http://www.tbtf.com//archive/1995-08-21.html
[25] http://www.tbtf.com//archive/1996-09-08.html

Reuters covers the crypto wars

Those who follow the cryptography debate might want to bookmark this page [26] for Reuters News Service stories written (mostly) by Aaron Pressman.

[26] http://www.crypto.com/reuters/

After 15 months at Slate, Michael Kinsley reflects on what the publication has learned

This 2-week-old c|net story [27] recounts a letter that Slate's editor posted on the Microsoft site. The letter itself [27a] took some searching -- after all, 5 months have passed in Internet time -- but was located thanks to the good graces of Anita Rowland <a-anitar at microsoft dot com>. Kinsley has learned that writing on the Web, delivered quickly and with much less editing, tends to be less formal than that of print publications. Do tell. He adds that as the online magazine continues to evolve, features will be "collections of very small, easy-to-digest morsels that still add up to a substantial meal." Sounds like Tasty Bits to me.

[27] http://www.news.com/News/Item/0%2c4%2c16094%2c00.html
[27a] http://home.microsoft.com/reading/archives/reading-11-3.asp

fight-censorship -- mail fight-censorship-announce-request@vorlon.mit.edu without subject and with message: subscribe . Web home at http://www.eff.org/~declan/fc/.

TBTF home and archive at http://www.tbtf.com/ . To subscribe send
the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1997 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
_______________________________________________
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.