(A Javascript-enabled browser is required to email me.)
TBTF logo

TBTF for 1998-02-02: Lie down with trains

Keith Dawson (dawson dot tbtf at gmail dot com)
Mon, 2 Feb 1998 22:12:36 -0400


Threads Domain name policy
See also TBTF for
2000-04-19, 03-31, 1999-12-16, 10-05, 08-30, 08-16, 07-26, 07-19, 07-08, 06-14, 05-22, more...

US Government green paper on domain names

The plan by Ira Magaziner's committee pleases some, frosts many

The Commerce Department's long-awaited domain name plan is available [1]. It proposes transitioning authority to oversee domain naming, the assignment of IP addresses, the registration of Internet protocol and port numbers, and the management of root servers from their current stewards (IANA and NSI ) to a new, US-based not-for- profit corporation with an international board of directors, over a period lasting from 6 to 30 months. The government contract with NSI under which that corporation acts as both registrar and registry for the existing global top-level domains (the proposal separates these functions) will end on 1998-09-30, after a 6-month extension permitted in the contract. NSI must hand over control of the root domain name server at a "date certain" to be negotiated.

The plan suggests that 5 new registries be selected and chartered as soon as possible by the Internet Assigned Numbers Authority. Each new registry would be granted exclusive control over one new TLD . The report solicits comments on what limitations might be placed on the pool of applicants, if any. Applying registries would have to meet technical, managerial, and legal criteria outlined in appendices to the report -- in particular they would need to define resolution processes in case of trademark disputes. Registries would be required to offer equal and open access to all registrars worldwide.

Three other notable facets of the plan:

The existing process for reforming domain naming, CORE [2], is not specifically mentioned in the government report, though many of the green paper's ideas came from CORE ; in fact CORE is among the biggest losers. The 88 entities around the world who each paid $10K to become CORE registrars seem to be out of luck, as do the individuals and companies who pre-registered names with the CORE registrars for the seven new TLDs whose future is now clouded. Emergent, the contractor with which CORE is working to build a registry database, would also seem to be a loser under the government plan, though presumably they have been paid for their work so far. Under the green paper plan, CORE and Emergent could apply to become a registry, but could only submit one of their proposed seven TLDs for consideration. All in all, the government gives greater credence to the companies that have lobbied to run registries for particular new TLDs, such as Image Online Design for .web and Iperdome for .per. But the green paper squelches the ambitions of those who favor a free-for-all marketplace in which anyone could create new TLDs.

I asked Dave Crocker, one of the original members of the International Ad Hoc Committee that led to CORE , to comment on the government green paper; his comments [3] are posted on the TBTF archive by permission.

The plan is being attacked as too US-centric [4] by European observers, who are especially invested in the Geneva-based CORE process. TechWeb [5] quotes David Maher, chair of CORE 's policy oversight committee, as saying the Clinton proposal is "too protective of NSI and other US interests." Maher said, "If this is treated as a US solution to US problems, people outside the US are not going to be happy. I think that's a very severe limitation on the viability of the [proposal]."

Here are other comments [6] by CORE on the green paper. Trademark holders are not happy [7]; they fear they will have to spend money to deal with numerous disparate registrars in order to protect their names.

A mostly sound summary of the user impacts of the green paper can be found on the igoldrush site [8].

The plan is open for comments (send to dns@ntia.dot.gov) until at least the first week in March. The closing date for comments will be determined when the paper is posted to the Federal Register this week.

[1] http://www.ntia.doc.gov/ntiahome/domainname/dnsdrft.htm
[2] http://www.gtld-mou.org/
[3] http://www.tbtf.com/resource/dcrocker-gp.html
[4] http://www.techweb.com/wire/story/domnam/TWB19980130S0009
[5] http://www.techweb.com/wire/story/domnam/TWB19980130S0011
[6] http://real.NewsHub.com/0198/30_06.htm
[7] http://www.techweb.com/wire/story/domnam/TWB19980130S0006
[8] http://www.igoldrush.com/feat9.htm


Threads Open source software and the Linux OS
See also TBTF for
1999-08-16, 05-22, 03-26, 02-15, 02-01, 1998-11-17, 11-11, 11-03, 10-27, 10-12, 08-31, more...

Can freed software make a profit?

If you love your software, set it free

Wired muses [9] on the grand experiment in "freed software" on which Netscape embarked last week [10]. It's an open question whether Netscape can engage developers enough to halt Navigator's slide in the browser standings, let alone whether the company will be successful in "herding the cats" on such a scale. (The question of whether Netscape will ever make money, albeit indirectly, from the giveaway is even more tenuous.) Advice should be easy to come by; I'm sure the central figures in the Linux, perl, and Apache worlds would be happy to offer guidance if asked. If fact Netscape has requested the councel of Eric S. Raymond <esr at snark dot thyrsus.com>, author of the influential paper The Cathedral and the Bazaar [11], on licensing terms, development models, developer relations, and so on. (Raymond hints that he has been asked to meet with other Silicon Valley CEOs on the same trip.)

[9] http://www.wired.com/news/news/technology/story/9966.html
[10] http://www.tbtf.com/archive/1998-01-29.html#s03
[11] http://www.ccil.org/~esr/writings/cathedral.html


Threads Open source software and the Linux OS
See also TBTF for
1999-08-16, 05-22, 03-26, 02-15, 02-01, 1998-11-17, 11-11, 11-03, 10-27, 10-12, 08-31, more...

Sizing Linux

Trying to put numbers on an amorphous market

The free software phenomenon is big and growing fast. It's inherently difficult to estimate the size of the Linux market because there is no central body controlling its distribution, and because the software is available for free download from numerous sites around the world.

First some recent numbers on the commercial competition. A new IDC study [12] indicates that Windows NT shipments outpaced commercial Unix in 1997. Windows NT grew at 78% year-on-year, while Unix grew at 15%. The numbers below presumably refer to installations of NT Server, though the news.com article does not make a distinction with NT Workstation.

    OS               thousands

    NT Server        1300
    NetWare          900
    Comm'l. Unix     717
    OS/2             226
In a SunWorld Online article [13] on Linux support by Red Hat, one of the Linux resellers, an IDG analyst estimated 1997 Linux installations at 2 to 6 million, putting Linux on a par with the Macintosh:
    OS               millions

    NT Workstation   7+
    Linux            2 - 6
    MacOS            3.8
    OS/2             1.2
(Another SunWorld article profiles Linux use in the business world [14]. Note especially the sidebar case study of a system administrator who runs 72 print stations worldwide on Linux.)

An often-quoted source of Linux numbers is a year-old white paper [15] by Bob Young, CEO of Red Hat. Young notes surveys by Unix magazines that point to anywhere from 10% to 34% of their readers using Linux. Here are Young's estimates of the number of Linux systems extant through 1996:

    End of
    year             millions

    1993             0.1
    1994             0.5
    1995             1.5
    1996             3 - 5
In the SunWorld Online piece [13] Red Hat's PR director estimates that in 1997 there were between 5 and 7 million Linux systems operating.

Let's work our way to a new estimate of the 1997 Linux population by other means. At a talk last week by Red Hat staffers at Softpro [16], Donnie Barnes estimated that 400K Red Hat CDs will be sold in 1998. In another context he mentioned that each major release has sold roughly twice as many copies as its predecessor. Taken together these factoids lead to a rough guess of 200K CDs sold in 1997. Figures from Softpro indicate that for 1997 the sales of all other Linux CDs combined added up to about 25% of Red Hat sales. Softpro doesn't carry all the avaliable CDs; in particular some brands that are big sellers in Europe are not represented. So let us hazard an estimate of 300K Linux CDs sold worldwide in 1997.

FTP downloads outnumber Linux CD sales, according to an ongoing survey at the Linux Counter [17] site. These data stretch back to 1994 and so obscure the increasing popularity of the Linux CD products. If we assume that FTP downloads outnumbered CD sales by 3 to 1 in 1997, we arrive at about 1.2 million Linux media kits. CDs typically get used for more than one installation, either by the purchaser or by someone she passes it to (there being no restriction on multiple use, of course). In the extreme case a system administrator might install scores of Linux machines from a single CD or FTP download [14]. If we assume the multiple-use multiplier is 5 or more, we're in the realm of Red Hat's estimate of 5 to 7 million total Linux systems in 1997.

[12] http://www.news.com/News/Item/Textonly/0%2C25%2C18542%2C00.html?pfv
[13] http://www.sun.com/sunworldonline/swol-01-1998/swol-01-eyeoncomp.html#2
[14] http://www.sun.com/sunworldonline/swol-01-1998/swol-01-linux.html
[15] http://www.redhat.com/redhat/linuxmarket.html
[16] http://www.tbtf.com/archive/1998-01-12.html#s07
[17] http://counter.li.org/reports/machines.html


Threads Microsoft security bugs and exploits
See also TBTF for
1999-08-30, 1998-02-02, 01-26, 01-19, 1997-11-17, 11-10, 10-20, 08-11, 06-23, 05-22, 05-08, more...

Microsoft (in)security news

The company responds, though not officially, to a claim of basic security weaknesses

Microsoft has issued a reply [18] to the Peter Gutmann article [19], [20] claiming basic weaknesses in Microsoft's handling and storage of cryptographic keys. It clears up some possible misunderstandings by Gutmann about which technologies are implemented in which Microsoft products, but to my reading does not address the basic vulnerabilities he outlines. The defense consists of assertions that real users wouldn't leave exported keys lying around on their hard disk (uh huh), that security is constantly being improved in Microsoft products (true but not helpful now), that the weaknesses apply only to Microsoft's "base" crypto implementations and not to any third-party package (so?), and that users shouldn't run an unknown applet that could mount these attacks in the first place. Microsoft's rebuttal correctly points out that security is as much a matter of policy and follow-through as of technology. But it's not too much to ask that the base crypto technology, which will end up being used out-of-the-box by the vast majority of Microsoft's customers, provide meaningful assistance to less knowledgable users in following sound security policies. For example the software shouldn't accept an easily-guessed password that can trivially be broken in a dictionary attack.

In other news, Microsoft has posted a patch [21] to fix the mk:// vulnerability reported in TBTF for 1998-01-19 [22].

[18] http://www.tbtf.com/resource/moft-reply-gutmann.txt
[19] http://www.cs.auckland.ac.nz/~pgut001/pubs/breakms.txt
[20] http://www.tbtf.com/archive/1998-01-26.html#s05
[21] http://www.microsoft.com/ie/security/mk.htm
[22] http://www.tbtf.com/archive/1998-01-19.html#s05


Communicator 4 is not browser-safe

What used to be good advice about cross-platform color no longer works

This story is not news to those engaged in building cross-platform, cross-browser Web sites. The so-called "browser-safe palette" [23], a set of 216 colors which since the days of Netscape Navigator 2 has offered the best chance to get Web pages looking the same in Netscape and IE browsers, on Windows, Unix, and Macintosh, no longer works reliably in Communicator 4. For reasons unknown Netscape has changed the browser's dithering algorithms. The results are spelled out in all their unpretty detail on this site [24], whose principals have had no luck at all in getting Netscape to take this problem seriously.

[23] http://www.tbtf.com/archive/1996-02-27.html#cpcc
[24] http://www.artware.de/nc4petition/


CyberSitter's tricks

This censorware is not only overbroad, it's also certifiably brain-dead

In TBTF for 1997-12-24 we looked at the broad-brush way Cyber Patrol blanks out large (and usually innocuous) swaths of the Internet. Now here's a look at CyberSitter which, besides being similarly overbroad, works its protective magic in a singularly deranged fashion.

A note on a mailing list for PerForce, a code source control product, reported a strange problem. When viewed from a particular NT machine, and only from there, two lines of code that should read:

#define one 1 /* foo menu */
#define two 2 /* bar baz */

were always corrupted so as to read:

#define one 1 /* foo me */
# fine two 2 /* bar baz */

It turns out that CyberSitter had been installed on that one NT machine. CyberSitter apparently works by patching the TCP drivers and watching the data flow over every IP connection, filtering out bad words. In the code fragment above, CyberSitter detected the word "nude" -- never mind the punctuation characters and the end-of-line -- and removed it from the stream.

This site [25] reproduces what it claims is the entire censor file for CyberSitter, reverse engineered from the product. Thanks to Dan Kohn <dan at teledesic dot com> and Keith Bostic <nev at bostic dot com> for news on this piece of bad software (and social) engineering.

[25] http://www.moebius.com.au/CSlist.html


The Four Horsemen invade Europe

Infocalypse now

Lawmen's use of the spectres of international terrorism, money laundering, drug dealing, and child pornography to curb the freedoms of the Net is an old story in the USA. Now it seems that such lawmen are getting to European politicians as well [29]. A meeting of EU ministers in Birmingham, UK concluded that law enforcement should be given new powers to tap into email and electronic messaging. With appropriate safeguards, or course, dear boy. Britain is using its rotation in the EU presidency to push the establishment of a pan-European police force to be called Europol, and this body would serve as a fine clearing-point for intercepted cross-border messages.

[29] http://www.wired.com/news/news/politics/story/9962.html


No mere urban legend

The storied "RSA in four lines of perl" tattoo, in the flesh

It was the summer of 1995 when TBTF first noted [30] the urban legend of the RSA tattoo that would render its wearer deportation-proof. Now Keith Bostic <nev at bostic dot com> forwards this photo [31] of Richard White's bio-munition which, if photographs are to be believed, gives new meaning to the phrase "arms race." Though perhaps the perl should have been rendered in barcode to make it machine readable.

[30] http://www.tbtf.com/archive/1995-06-07.html
[31] http://www.dcs.ex.ac.uk/~aba/rsa/tattoo.html


Threads Backhoe vs. fiber, the eternal battle
See also TBTF for
1998-10-12, 02-02, 1997-11-24, 10-06, 08-04, 07-21, 1996-10-31

A downside to recycling railroad right-of-way

Lie down with trains, get up with fiber cuts

A flurry of messages flew across the NANOG mailing list -- a vehicle by which North American network operators keep the Internet running -- yesterday evening: a massive fiber cut had dropped Europe out of sight from many east coast US locations. The explanation came in due course:

FYI a train derailment between Newark NJ and NY cut many fiber bundles, and completely isolated Worldcom Switch #14 as well as affecting several other carriers very severely.
Unlike last year's Summer of the Backhoe [26], [27], this outage resulted directly from the long-haul carriers' propensity [28] for laying fiber in railroad trackbeds.

[26] http://www.tbtf.com/archive/1997-07-21.html#s01
[27] http://www.tbtf.com/archive/1997-08-04.html#s07
[28] http://www.tbtf.com/archive/1996-10-31.html#s09


bul Have you visited Siliconia [32] lately? The Net's premier collection of Silicon Whatever appelations now features 43 Siliconia associated with 55 locations around the world. And the page sports new, bespoke Siliconia artwork, courtesy of the talented CobraBoy <tbyars at earthlink dot net>.

[32] http://www.tbtf.com/siliconia.html

bul Did you know? The Details page [33] lists all manner of fascinating minutiae about TBTF, including privacy and anti-spam policies, trends, emendations, credits, some history, and the tools I use to develop and maintain the site.

[33] http://www.tbtf.com/details.html


bul For a complete list of TBTF's (mostly email) sources, see http://www.tbtf.com/sources.html.

TBTF home and archive at http://www.tbtf.com/ . To subscribe send
the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1997 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.

space ______


Copyright © 1994-2022 by Keith Dawson. Commercial use prohibited. May be excerpted, mailed, posted, or linked for non-commercial purposes.