Why those two servers, exactly?

This news is not exactly new, but the news may be that it has attracted so little notice. On Sunday 2/15, thieves broke into a Best Internet San Francisco co-location facility, cut a lock off a steel cage, and made off with two 200-pound servers being used to test the Shared Registry System [1] for the Internet Council of Registrars. CORE is nearly ready to go live with its long-debated evolution of the domain name system, in contrast to the US government's "green paper" solution [2], which is months from approval and probably years from implementation. According to a c|net account [3], CORE said its servers were stolen when a CORE worker scheduled to be at the facility called in sick. There was no sign of forced entry into the Best facility. The two Sun Enterprise 450 servers were not the most expensive equipment in the facility, but no other cages were disturbed. Local police are working on the case and the FBI and CERT were notified. Emergent Corp., which is contracted by CORE to operate the SRS, had the system back online on new servers within 30 hours. At the time of the burglary CORE was low-key and sought to dampen speculation. They promised to put up a statement on their Web site, but if they've done so I couldn't find it.

[1] http://www.gtld-mou.org/press/core-2.html
[2] http://www.tbtf.com/archive/1998-02-02.html#s01
[3] http://www.news.com/News/Item/Textonly/0,25,19220,00.html?pfv

This one is going to take a little time

Sun and Microsoft kept their first court date [4] on 2/26, and U.S. District Judge Ronald Whyte declined to grant Sun an injunction forbidding Microsoft from using the name Java in its products. The judge took the question under advisement. As to when the case might actually be adjudicated, Sun asked for a trial date in April -- of 1999.

[4] http://www.internetnews.com/Reuters/sun.html

Two items on crippled crypto

Netscape crypto easily boosted to full strength

An Australian doing business as Fortify.net [5] is distributing a program for Unix and Win-32 (containing no crypto code) with which anyone can convert their export copy of Netscape Navigator into a US-strength, 128-bit version. Netly News coverage [6] paints the Feds pacing and gnashing their teeth over the development, which breaks no laws. At the Financial Cryptography conference in Anguilla, attendees ran a contest for the most compact perl code to effect this transformation ("Run this on your export version of netscape 4.04 to enable strong crypto!"). Ian Goldberg, who through his connection with the conference sports the world's coolest email address -- n@ai -- posted a 99-byte essay, only to be trumped by a Russian programmer who shaved it by 15 bytes. The result:

#!/usr/bin/perl -0777pi
s/(TS:.*?0)/$_=$1;y,a-z, ,;s, $,true,gm;s, 512,2048,;$_/es;

[5] http://www.fortify.net/
[6] http://cgi.pathfinder.com/netly/opinion/0,1042,1767,00.html

HP's VerSecure

HP has obtained government approval to export systems based on its VerSecure architecture [7], which uses expiring software tokens to assure that the crypto provided to each user meets local laws. (No shippping products are based on VerSecure, and any such products will be subject to a further government review.) The Commerce Department license allows HP to export VerSecure-based products only to the UK, Germany, France, Denmark, and Australia. HP's system envisions encryption in VerSecure-based hardware -- PCs, servers, cell phones -- only after a token exchange with a "Security Domain Authority" clears the scrambling. Imagine SDAs as networked encryption checkpoints run by approved organizations in each country. Each user would obtain a software token, expiring after one year unless renewed, that controls the strength of encryption and the availability of key-recovery features. Token policies would be based on the local laws prevailing in each country: for example, tokens distributed in France would activate a back door for law enforcement, because French law requires that feature. This Reuters story [8] quotes a Center for Democracy and Technology spokesman calling VerSecure a "Rube Golberg approach." (Our British cousins would say "Heath Robinson.")

How long before some hacker finds a way around the tokens to allow full-strength, un-escrowed encryption?

Thanks to Matthew D. Healy <healy at seviche dot med dot yale dot edu> for the story suggestion.

[7] http://www.techserver.com/newsroom/ntn/info/022798/info1_24794_body.html
[8] http://www.wired.com/news/news/technology/story/10620.html

OK, you can crack DES. How fast can you crack DES?

RSA has established an ongoing series of challenges [9] to break messages encrypted with 56-bit DES. Twice a year, on 1/13 and 7/13, the company will post a new challenge and will only pay a winner if the message is decoded faster than it was last time. If the new contest is beaten in less than 25% of the reference time, the winner gets $10K; 50% pays $5K, and 75% $1K. The first DES crack took 140 days on the calendar, but when RSA launched DES Challenge II they set the bar higher and established a reference time of 90 days. On 2/26 the message was decoded after 39 days by an anonymous participant working under the auspices of distributed.net [10]. The secret message was "Many hands make light work." Distributed.net offered thanks to RSA for the implied endorsement.

[9] http://www.rsa.com/rsalabs/des2/html/continued.html
[10] http://www.rsa.com/pressbox/html/980226.html

Consolidations and realigning business models are the order of the day

RCN of Princeton, NJ, known mainly for its plans to wire city centers with fiber, is buying Virginia-based ISP Erol's and Massachusetts-based Ultranet [11]. The acquisitions give RCN 325,000 dialup customers on the eastern seaboard, and should provide rich fields for cross-selling once RCN gets their fiber alight.

Best Internet and Hiway Technologies announced plans to merge [12]. The companies say that one advantage of combining forces will be fail-safe access for their customers: Best (San Francisco) worries about earthquakes and Hiway (Florida) has hurricanes to contend with.

Netscape, smarting from competition with Microsoft, is floating a balloon about becoming a CSP (commerce service provider) [13] -- that is, hosting commerce sites for customers of their back-end software. Such talk is not going down well with Netscape's ISP and CSP customers, and first returns from the analyst community aren't entirely positive either. Representative quote: "It baffles me. It sounds like a desperate move."

[11] http://www.zdnet.com/intweek/daily/980224k.html
[12] http://www.news.com/News/Item/Textonly/0,25,19571,00.html?pfv
[13] http://www.news.com/News/Item/Textonly/0,25,19545,00.html?pfv

It's only a test, but it's Ka band and it's broadband

Teledesic is the company planning to ring the world with satellites to make T1-or-better Internet access available at any point on the surface [14]. On 2/18 they launched an experimental satellite named "T1" [15]; the news was blacked out until 2/26. T1 is not a prototype of the satellites Teledesic is planning, it's merely a test bed operating in the Ka band (28.6 - 29.1 GHz) at E1 speeds (2.048 MBPS). Teledesic officially won the right to Ka frequencies last November [16]. T1 was put into orbit by a Pegasus rocket, launched from underneath an airborne L-1011. The service planned when Teledesic goes live, by the end of 2002, will be 2 MBPS upstream and 64 MBPS down.

[14] http://www.tbtf.com/archive/1997-09-08.html#s06
[15] http://www.news.com/News/Item/Textonly/0,25,19550,00.html?pfv
[16] http://www.techweb.com/wire/news/1997/11/1121skybridge.html

Getting our entertainment where we can find it

These low-earth-orbit satellites will enable worldwide phone services beginning this year. Fifty-one are presently in orbit. It turns out that the satellites' antennas catch the sun and cause "flares" [17] visible from the ground. For minutes at a time the satellites brighten from magnitude 6 (binoculars required) to magnitude -2 or even -4 (brighter than Venus). This useful page provided by the German Space Operations Centre [18] will calculate for you the next seven Iridium flares visible from your location. (Their initial mission was to calculate and display appearances of the Mir satellite.) First you need to say exactly where on earth you are. Using the Census Bureau's Tiger Mapping Service [19] you can pinpoint a spot in the US to 4 decimal places of latitude and longitude, or within about 50 feet. Start at this atlas of place names [20] for rough coordinates that you can feed to the Tiger for refinement.

[17] http://www2.satellite.eu.org/sat/vsohp/iridium.html
[18] http://www.gsoc.dlr.de/satvis/
[19] http://tiger.census.gov/
[20] http://www.ahip.getty.edu/tgn_browser/

The Great Internet Mersenne Prime Search ferrets out M-37

The largest prime number now known is 2^23021377 - 1. It was discovered by Roland Clarkson, one of 4,000 current participants in GIMPS [21], using a Pentium box running code written by George Woltman (who is mersenne.org). This is the first Mersenne prime discovered using Scott Kurowski's Internet software and server [22], which coordinates the large number of volunteer computers. When last we visited GIMPS (see TBTF for 1997-09-08 [23]), the previous record-holder, M-36, had just been uncovered. This new Mersenne prime is only a tiny bit larger, relatively speaking, at 909,526 digits vs. 895,932. You can download the number itself [24] from mersenne.org. This file is, of course, about a megabyte in size.

[21] http://www.mersenne.org/3021377.htm
[22] http://www.entropia.com/primenet/status.shtml
[23] http://www.tbtf.com/archive/1997-09-08.html#s07
[24] http://www.mersenne.org/files/prime3.txt

Half-looking at particles being waves

Researchers at the Weizmann Institute have demonstrated [25], and controlled, one of the strange everyday home truths of the quantum world -- that the act of observing something perturbs it. In this case, what is perturbed is the tendency of electrons to act like waves. The Israeli researchers have produced a tunable sensor that can watch which of two openings electrons go through. When the sensor is fully "alert," each electron provably goes through one opening or the other. When the sensor is not "looking," electrons go through both openings in a wavelike way and interfere on the other side. Such control over this basic quantum phenomenon could be important to devices built of quantum parts, for example the chips described in TBTF tor 1998-02-23 [26]. Thanks for the story suggestion to Eliyahu Skoczylas <eliyahu at photonet dot com>.

[25] http://www.iinsnews.com/sci/980226/98022625.html
[26] http://www.tbtf.com/archive/1998-02-23.html#s07

If they think you're technical, go crude

This page [27] reports the latest results of Alta Vista searches counting Web pages that make assertions such as "MacOS sucks" or "Unix rules." Right now Unix is way ahead in the Sucks/Rules ratio, and Linux is far ahead of Windows. This page [28], in contrast, dispenses with any pretense of fairness or sampling and baldly asserts that all operating systems suck.

[27] http://electriclichen.com/linux/srom.html
[28] http://www.io.com/~pde/os-suck.html

When the power goes out for a week (and counting) in an El Nino summer

Peter Gutmann (who outed Microsoft's naked emperor of security -- see TBTF for 1998-01-26 [29]) is writing an ongoing account [30] of the anguish Auckland, New Zealand is going through after losing all power to the central city. Four cables all failed. Gutman is unsparing in his gaze at the recent practices of the power company, Mercury Energy, which has spent $300M on a failed attempted takeover of a rival energy company while eliminating excess capacity and waste of the sort that we might have referred to, in an ealier and less enlightened age, as safety margins. Some excerpts:

TBTF home and archive at http://www.tbtf.com/ . To subscribe send
the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1998 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
_______________________________________________
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.