(A Javascript-enabled browser is required to email me.)
TBTF logo

TBTF for 1998-12-07: Six degrees

Keith Dawson ( dawson dot tbtf at gmail dot com )
Mon, 7 Dec 09:11:14 -0400



Three weeks without a TBTF can produce withdrawal symptoms, I can testify from personal experience. The evidence for such symptoms in the readership is less direct -- several of you wrote me asking whether everything is quite all right in my world. Thanks for your concern. Blame the hiatus on a trip to the other coast followed closely by the Thanksgiving holiday and compounded by an unexpected surge of activity in my consulting business. Now let's catch up on some of the recent news.

bul AOLscape

Unless you've been living in an underground bunker on Nantucket [1], you know that America Online plans to acquire Netscape for around $4 billion, in a deal that also involves Sun Microsystems. I won't attempt any grand pronouncements on What it All Means -- seemingly everyone with a modem has already done so [2]. Here are 44 articles and analyses published in the three days after the deal was confirmed on 24 November, and the pace has barely slowed since.

Note added 1998-12-10: An anonymous reader notes:
Nantucket was the first place on the east coast that had xDSL running on wires tarriffed for alarm circuits. And the island is small enough (13 miles, 2 Central Offices) to feed 500Kb to everybody on it. (BTW, I have been running with the same configuration to our local [small business omitted]/ISP for over a year now.)

[1] http://www.boston.com/dailyglobe2/340/metro/Unearthing_fears_in_Nantucket...
[2] http://tbtf.com/resource/AOLscape.html

Threads The Communications Decency Act
See also TBTF for
1999-02-01, 1998-12-15, 12-07, 10-27, 10-19, 10-12, 09-14, 07-27, 1997-11-17, 06-30, 03-21, more...
bul Judge blocks CDA-II

After an all-day hearing on 18 November, U.S. District Judge Lowell A. Reed, Jr. enjoined the Justice Department from enforcing or prosecuting any conduct under the law dubbed CDA-II by its critics [3]. The injunction will last for at least ten days until the issues in the lawsuit can be further litigated. Over the objections of the government, Judge Reed extended the order to cover anyone posting material on the Web, not just the named plaintiffs. The order also precludes retroactive enforcement of the law: if CDA-II is eventually upheld, no-one can be prosecuted for material posted while the restraining order is in efect. While he stressed that the ruling is not a "final order on the merits," the judge's finding expressly states that the plaintiffs apear likely to prevail in their constitutional challenge.

[3] http://www.wired.com/news/print_version/politics/story/...

Threads Ganging up on Microsoft
See also TBTF for
1999-08-16, 07-19, 02-15, 02-01, 01-13, 01-04, 1998-12-23, 12-15, 12-07, 11-11, 10-19, more...
bul Microsoft ordered to purify Java

U.S. District Judge Ronald Whyte granted Sun's request for a preliminary injunction and gave Microsoft 90 days to alter its Java technology in shipping software -- including Windows 98 and Internet Explorer -- that does not pass Sun's compatibility tests, or stop selling that software [4]. The order also requires Microsoft to adjust its Java development tools so that Sun-standard Java is the default setting. Here is the text of the ruling [5] (84K). Sun didn't get everything it wanted -- Microsoft does not have to stop selling "polluted Java" products immediately, nor to retrofit Windows-only Java software that has already been sold. Developers were jubilant [6], [7].

Judge Whyte found that Sun is likely to prevail on the merits. The trial itself has not been scheduled.

Microsoft mulled appealing the ruling for a few days and then announced that they will comply for Windows products and will strip Java from all their Unix and Macintosh products.

[4] http://www.techserver.com/newsroom/ntn/info/111898/info2_6368...
[5] http://www.javasoft.com/lawsuit/111798ruling.html
[6] http://www.news.com/News/Item/Textonly/0,25,28963,00.html?tbtf
[7] http://slashdot.org/articles/98/11/17/2049249.shtml

bul Java Lobby founder pleads for more openness

All is not sweetness and light in Java-land. Java's inventor Sun Microsystems has been under increasing pressure from partner companies to cede some of its control over the standard's development. Rick Ross added to the pressure on 17 November at Comdex [8] when he called for the formation of a three-part Java oversight committee made up of Sun, other Java companies, and not-for-profit institutions.

[8] http://www.computerworld.com/home/news.nsf/all/9811172java


30 years after Engelbart

Obligatory sub-head about the mouse that roared

If you're within 500 miles of Stanford on 9 December, make plans now to go to the symposium Engelbart's Unfinished Revolution [9]. The man who invented the mouse, and much else that we now take for granted in personal computing, will speak on the 30th anniversary of his demonstration at the 1968 Fall Joint Computer Conference. It was the killer demo of all time. (I saw it three years later on grainy 16mm film and it reoriented my career.) Joining Engelbart on stage in this one-day event will be a who's-who of computing visionaries including Marc Andreesen, Stewart Brand, Eric Drexler, Alan Kay, Ted Nelson, Andy van Dam, and Terry Winograd, among many others.

Note added 1998-12-16:
For a detailed discussion of some of Engelbart's ideas that have not been realized after more than 30 years, see this article [9a] from a recent edition of Adam Engst's TidBITS.

[9] http://unrev.stanford.edu/
[9a] http://www.tidbits.com/tb-issues/TidBITS-459.html#lnk3


Claim of "pure email" virus rings hollow

Requires malicious intent and VBScript

Virus fighters for years have dismissed as an urban legend the notion that a computer virus could spread by the simple act of reading email. Now an anti-virus company claims to have isolated precisely such a virus [10] and to have seen 17 variants of it in the wild. In fact the virus in question relies on VBScript and on the tendency of modern email readers to render HTML content. It cannot spread by the actions of innocent users alone, but requires a malicious Web site. Trend Micro claims to have seen 17 variants of the virus, which relies on Microsoft's VScript. At risk are users of Windows 98 and recent versions of Internet Explorer and Outlook 98, which depend on Microsoft's Windows Scripting Host facility. Microsoft calls the claims alarmist, and correctly points out that to become infected a user would not only have to lower the default security settings, but also to acknowledge assent to a dialog that warns about executing downloaded content.

Note added 1998-12-10: Dan Stromberg <strombrg at nis dot acs dot uci dot edu> writes to combat my evident ignorance of virus-writing:
Pure e-mail viruses are strictly possible.

All it takes is one MUA [mail user agent -- Ed.] author who stupidly chose to use gets instead of fgets, or similar, while reading the body of the message into memory. If you study the nature of buffer overflows for about a half hour (given a solid understanding of C and assembler), it becomes really obvious that this is true.

I don't understand why so many people are so confused about this. What's so different about an e-mail message and a username passed to imapd? Neither is intended to allow attacks, but in theory, both are attackable.

Note that a pure e-mail virus is very unlikely to be able to infect more than one MUA. Odds are quite high it would have to be targeted at Outlook alone, or Netscape mail alone, or Eudora mail alone -- perhaps even a single release of one of these products, or another similar MUA product.

Executable content makes it more likely, but the fact is, it's possible even without executable content.

Sometime, as a test, when someone tells you a pure e-mail virus isn't possible, ask them if they understand how buffer overflows work. Odds are, the majority won't be able to tell you. Then go and ask people who do believe a pure e-mail virus is possible, and ask these same people to describe how buffer overflows work. I'm pretty sure you'll find that many more of these people understand what's happening behind the scenes to make such an attack possible.

In a number of cases servers will only pass the first 7 bits of a byte, making shellcode harder to write. I bet a lot of them choke on nulls too, so it's probably 1..127 that'd be allowed with many servers. Still, the possibility exists.

[10] http://www.zdnet.com/zdnn/stories/printer_friendly/0,5444...

space ______

Infosurfing and printer-friendly URLs

The most direct route to the pure bits

Earlier this year I suggested that Whatis.com work up a definition for infosurfing, and that ever-useful resource defined the term this way [11]:

Using the Internet and World Wide Web so that you get maximum information in the shortest amount of time, which for many people means favoring textual content over images.
Drag 'n' drop is the infosurfer's friend. While researching an issue of TBTF I'll turn off image loading, Java, JavaScript, and cookies; open one of my favorite news collection sites, for example Newshub [12]; drag potentially interesting URLs to one of several other browser windows; and cycle among them. To save a story I do View Source, adding the page's URL as a <base href="..."> tag; this ensures that all the links work from the saved piece as long as I'm online. (When you do View Source, the browser stores the source URL in the file's Properties, on Windows, or Get Info, on Macintosh.)

The dedicated infosurfer also knows that many news sites offer a "printer-friendly version" of each of their stories at an alternate URL. The PFV is lighter in site graphics and advertising banners. It tends to run wider than the news story at the official (advertised) URL, which is sometimes squeezed into a narrow column surrounded by graphics-heavy advertising, site branding, and navigational apparatus. Some news sites, for example Wired News, often split a story across several URLs in order to push even more ads at the viewer, while the PFV displays the entire story at a single URL.

For each news site that offers such a friendly service, you can determine the URL of the PFV algorithmically from its advertised URL. Here are the rules, with examples, for five popular news destinations.

replace with and append
News.com /0,4 /Textonly/0,25
advertised http://www.news.com/News/Item/0,4,29009,00.html
pfv http://www.news.com/News/Item/Textonly/0,25,29009,00.html
Industry Standard display/0,1449 article_print/0,1454
advertised http://www.thestandard.net/articles/display/0,1449,2137,00.html
pfv http://www.thestandard.net/articles/article_print/0,1454,2137,00.html
Wired News news/news news/print_version ?wnpg=all
advertised http://www.wired.com/news/news/technology/story/16651.html
pfv http://www.wired.com/news/print_version/technology/story/16651.html?wnpg=all
TechWeb wire/story/ printableArticle?doc_id=
advertised http://www.techweb.com/wire/story/TWB19981117S0021
pfv http://www.techweb.com/printableArticle?doc_id=TWB19981117S0021
ZDnet news/0,4586 printer_friendly/0,5444
advertised http://www.zdnet.com/zdnn/stories/news/0,4586,2171763,00.html
pfv http://www.zdnet.com/zdnn/stories/printer_friendly/0,5444,2171763,00.html

I've added these rules to the TBTF Sources page [13] and will update them as I learn more PFV tricks. TBTF has used PFV links for some time now for news.com and Industry Standard stories (what, you didn't notice?), and starting with this issue will do so for stories from all five news sources listed above.

[11] http://www.whatis.com/infosurf.htm
[12] http://www.newshub.com/tech/bytime.html
[13] http://tbtf.com/sources.html#pfv

space ______

Toys for geeks

Cutting-edge technolust

Dan O'Neill <dano at cadence dot com> sent me this holiday shopping guide [14] for the geek on your list. He promises to pass along more cool electronic toys as he encounters them, so set up a Javelink watch on [14]. O'Neill adds that he looked up the domain names toysforgeeks.com and toys4geeks.com, hoping for sites full of reviews and purchasing pointers for tech gadgets. The names are owned by a venture capital firm [15] but there are no sites behind them yet.

Mick Fox <mickf at aldiscon dot ie> pointed out the Gifts for Geeks site [16]. It carries a single item: an international country-identifier sticker for your car (like the GB or IRL stickers you sometime see) that reads URL.

Chuck Bury <cbury at softhome dot net> likes the small selection of compelling folding objects offered by Hoberman [17], who has been called the Buckminster Fuller of the 90s.

John Pittman <john dot pittman at indsys dot ge dot com> writes that he has a Lego Mindstorms box [18] in a closet supposedly intended for his son. (Uh-huh.) And he has been putting together, Lego-style, an ultimate toy set for using the Global Positioning System:

Pittman is begging Santa for Delorme's TopoUSA [22] -- it talks to a 12XL directly.

The December issue of Wired features an expanded Technolust section listing 101 cool gadgets, instead of the 8 to 10 they ordinarily profile. Unfortunately for the truly wired among us the magazine does not post the current edition until the next one hits the newsstands. Perhaps it will appear online in time for next-day holiday delivery.

[14] http://tbtf.com/resource/toysforgeeks.html
[15] http://www.techfunding.com/
[16] http://www.giftsforgeeks.com/
[17] http://www.hoberman.com/fold/products.html
[18] http://www.legomindstorms.com/
[19] http://www.garmin.com/gps120XL.html
[20] http://www.concentric.net/~mgwolfe/antenna/catalog.shtml
[21] http://www.k8sn.org/~waypoint+/OverviewInfo.htm
[22] http://www.delorme.com/TopoUSA/


A successful experiment in six degrees

It's a small Web after all

You've heard the theory that everyone is connected through a web of acquaintances to everyone else on earth by at most six hops. This Web site [23] aims to put the theory to the test. It's preposterously addictive, surfing from your own circle of friends outward in successive waves. (And the site misses no opportunity to push advertising under your nose as you click addictively.) A few of you know I've joined Six Degrees because I tagged you as business acquaintances. With 11 declared first-degree contacts, my sixth degree reaches to nearly 255,000. I invite you to explore the site; if you have ever sent me email directly, feel free to claim me as an acquaintance and we'll see how wide the ripples spread.

On 2 December I began a real-life experiment in Net-aided human connections on the TBTF site's Tasty Bit of the Day feature. A month ago while on vacation I had found a roll of exposed film on a rustic bench in the open air. No one was around. This was at the landward end of Uncle Tim's Bridge, Wellfleet harbor, Cape Cod, Massachusetts, USA [24]. I decided to have the film developed and see if I could locate its rightful owners. I posted a picture of them on what looks like a family vacation in Washington, D.C. and asked visitors to identify the people if they could. By 5 December 146 people had looked at the picture; then Jay Lepreau <lepreau at cs dot utah dot edu> wrote:

This is amazing; those are friends of ours: [names omitted]. They live in Idaho... they were back east visiting family. [Omitted]'s sister and her husband are our good friends and neighbors here in Salt Lake City. I grew up near Cape Cod on the coast.

What is particularly ironic is that I didn't even click on the picture when I saw your story; instead I went to my wife and said, "This is a great idea someone thought of, and a good one for us to try" -- because last summer we had found a similar roll of film at 8200 feet in the Sawtooth mountains in Idaho. [We were] hoping to see ID, which just missed -- a shot of the front of a car instead of the rear -- but hadn't thought to put it on the Net. Then I came back to the machine and clicked on [25] and was shocked. Perhaps you might reciprocate with a pointer to the pictures when I put them up? Your site gets exposure mine doesn't.

Finally, thanks for TBTF. Your page is one place I check periodically although not religiously.

I'll post a link, Jay, and will even host the pictures if you want. In fact I'm thinking of developing a Found Film site as an adjunct to the No, We Don't Have a Web Site [26] project. Here's a bit of market research toward Found Film: please write to me if you've ever found a roll of film of unknown provenance and debated whether to take it or leave it. Have you ever developed such a find in order to locate its owners? Did you ever find them?

[23] http://www.sixdegrees.com/
[24] http://tbtf.com/pics/thefilm.gif
[25] [omitted]
[26] http://nowedonthaveawebsite.com/


bul Coming next week -- a prognostication quiz for the Net in 1999.


bul For a complete list of TBTF's (mostly email) sources, see http://tbtf.com/sources.html.

TBTF home and archive at http://tbtf.com/ . To subscribe send the
the message "subscribe" to tbtf-request@world.std.com. TBTF is Copy-
right 1994-1998 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Commercial
use prohibited. For non-commercial purposes please forward, post,
and link as you see fit.
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.



Copyright © 1994-2023 by Keith Dawson. Commercial use prohibited. May be excerpted, mailed, posted, or linked for non-commercial purposes.