|
|
![]() |
Cryptography export policy See also TBTF for 2000-02-06, 1999-10-05, 08-30, 08-23, 08-16, 07-26, 05-22, 05-08, 04-21, 03-01, 01-26, more... |
Redacted passages are now highlighted in red
Electronic Frontiers Australia has posted an uncensored copy of the Review of Policy relating to Encryption Technologies, called the Walsh Report [1]. Two years ago the Australian government had been about to release a study of the effect of encryption technology on law enforcement and intelligence gathering. The study, commissioned by the Attorney General's office, was authored by Gerard Walsh, former deputy director of the Australian Security Intelligence Organisation. Just before publication someone high up in the Australian government developed cold feet and the release was cancelled. Electronic Frontiers Australia filed a freedom of information request and in June 1997 obtained a redacted copy of the report that is, with some sections blacked out on grounds of public safety, law enforcement, or national security and posted it on the Web. It now comes to light that before the report was pulled, "deposit copies" had been sent to major libraries; an alert student found one such last month growing dusty in the State Library in Hobart. EFA published the full report, with the originally censored parts highlighted in red, at the same URL [1]. Here is one of those redacted sections (1.2.22):
This latter proposal the EFA's Greg Taylor <gtaylor at efa dot org dot au> calls "an apparent endorsement of rubber-hose code-breaking." A more charitable interpretation would be of a law to shield authorities from having to reveal in open court that they obtained evidence by cracking into and infecting a suspect's computer might not play well with juries. Prosecutors routinely avoid such embarassment by using tainted evidence only to locate and develop other lines of evidence, which are then used to prosecute.
Fixing FIPS 140-1 test failure will impact IE4, Outlook 98
Windows NT 4.0 has failed a critical government test [2] (registration required) that it must pass in order to be considered for sensitive applications in US and Canadian government agencies. Problems that surfaced in Microsoft's CryptoAPIs may be serious enough to require significant redesign of the operating system. The company expects to issue a service pack later this year after NT finally makes it through FIPS 140-1 testing. However, the patch will cause major problems for common applications, because only Internet Explorer 5.0 will know how to work in FIPS mode. The service pack will prevent users who apply it from using IE 4.0, Outlook 98, and possibly other applications such as Internet Information Server.
![]() |
Ganging up on Microsoft See also TBTF for 1999-08-16, 07-19, 02-15, 02-01, 01-13, 01-04, 1998-12-23, 12-15, 12-07, 11-11, 10-19, more... |
You can tell it's a good decision, it made both companies mad
A US magistrate has ordered Microsoft and Sun to schedule a settlement conference to hash out their ongoing dispute over Java technology. Judge Ronald Whyte's order [3] said the companies, which have developed two different methods for Java to work with Windows, should develop a single platform that "achieves Sun's goal of universality and Microsoft's goal of more efficient performance and ease of coding." Whyte also said the companies should consider expanding development of Microsoft's J/Direct, which lets Java developers access native Windows functions directly.
[3] http://www.techweb.com/printableArticle?doc_id=TWB19990108S0001
![]() |
Software patents See also TBTF for 2000-03-31, 1999-08-30, 06-14, 02-15, 01-26, 01-13, 1998-12-15, 08-31, 05-18, 05-11, 04-27, more... |
Let's patent like it's 1999
The mere flood of patents on business models [4] will surely now become a torrent. The US Supreme Court has let stand a lower court ruling in the State Street Bank case that mathematical algorithms used in a program may rate intellectual-property protection [5] (free registration and cookies required for this link). The silliest patent I've seen recently claimed exclusive rights to the "method" of teaching an in-house course using a book. Worse is to come.
[4] http://tbtf.com/archive/1998-08-31.html#Tspx
[5] http://www.nytimes.com/library/tech/99/01/biztech/articles/12patent.html
A business model from cloudcuckooland
Bill Gurley's latest Above The Crowd column [6] is a sober exploration of a business proposition that until recently was the punch line of a stock joke:
Perhaps when the Millenium has passed and the stock market crash is behind us, we can turn again to the serious business of inventing sustainable business models for the Net.
[6] http://www.news.com/Perspectives/Column/Textonly/0,197,282,00.html?tbtf
A maze of twisty items, all a little different
Microsoft releases a fix for frame spoof
See [7] and [8] for a description of this startlingly deep problem in the architecture of frames. Microsoft has released a patch for Wintel versions of Explorer 4.01 [9]; patches for Macintosh, HP-UX, and Solaris versions are not ready yet. In the email edition I wrote that Netscape has never acknowledged or responded to inquiries about the frame-spoof problem or said when a fix might be available for Navigator browsers. This just in
[7] http://tbtf.com/archive/1998-11-17.html#s02
[8] http://www.securexpert.com/framespoof/tech.html
[9] http://www.microsoft.com/windows/ie/security/spoof.asp
No kudos from BugNet
Since 1994 the editors of BugNet have presented an award to a software company for the year's best bug-fix performance. This year the editors surveyed the software field and scowled in disgust, refusing to grant any award [10]. "We are in the midst of a PC quality / support crisis," they declare. Here is one sad tale among many that illustrates the sorry attitude of software companies toward the things they have wrought and the users who are stuck with them.
[10] http://www.bugnet.com/analysis/no_award.html
Cyber Underwriters Laboratories
The field of computer security has few hard standards: no company can certify that its software product is secure. Writing on the l0pht Heavy Industries site, Tan <tan at l0pht dot com> suggests looking to Underwriters Laboratories [11] for a model of Net security certification. Using the example of a UL-certified manufacturer of safes, Tan writes:
[11] http://www.l0pht.com/cyberul.html
India warns against US crippleware
An Indian defense official issued a "red alert" [12] against the dangers of depending on cryptography products developed in the US, because almost by definition their codes can be broken by US government agencies. India might require all local banks and financial institutions to buy only home-grown crypto software. The letter from the Defence Research and Development Organisation says:
[12] http://www.economictimes.com/120199/lead2.htm
A specialized shopping bot
Uniden introduced a phone at the Consumer Electronics Show that price-shops every time it's dialed, seeking the cheapest longdistance rate from among hundreds of plans before each call. The phone, called the Long Distance Manager, is expected to reach store shelves this spring at a price of about $49. Thanks to Keith bostic <nev at bostic dot com> for this item.
Bringing you the jagged edge of the Net's new lingo since 1995
Jargon Scout [13] is an irregular TBTF feature that aims to give you advance warning preferably before Wired Magazine picks it up of jargon that is just about ready to hatch into the Net's language.
Randy Enger
You know the phrase "to eat our own dog-food," employed to
mean that the developers should actually use the products they
develop. Well, dog-food has been verbed.
At Microsoft:
and at Rational, about a new product:
(A friend to whom I mentioned this was dismayed by the
cannibalistic imagery.)
We have to dog-food this architecture before we
release it.
We really need to dog-food this puppy.
[14] http://tbtf.com/archive/1998-10-27.html#s10
The brightest stars, the biggest stories
One of my favorite email resources for nudiustertian news from the world of physics is the AIP's Physics News Update [15], whose research summaries, written by Phillip F. Schewe and Ben Stein, arrive by email weekly [16]. Here are some of Schwe and Stein's picks as the biggest physics stories in 1998. I've added direct URLs for the stories as they appeared in PNU.
[15] http://www.aip.org/physnews/update/
[16] http://www.aip.org/physnews/update/subpnu.htm
[17] http://www.aip.org/enews/physnews/1998/physnews.355.htm
[18] http://www.aip.org/enews/physnews/1998/physnews.361.htm
[19] http://www.aip.org/enews/physnews/1998/physnews.375.htm
[20] http://www.aip.org/enews/physnews/1998/physnews.362.htm
[21] http://www.aip.org/enews/physnews/1998/physnews.382.htm
[22] http://www.aip.org/enews/physnews/1998/physnews.402.htm
[23] http://www.aip.org/enews/physnews/1998/physnews.356.htm
[24] http://www.aip.org/enews/physnews/1998/physnews.367.htm
[25] http://www.aip.org/enews/physnews/1998/physnews.374.htm
[26] http://www.aip.org/enews/physnews/1998/physnews.394.htm
[27] http://www.aip.org/enews/physnews/1998/physnews.389.htm
![]() |
Year 2000 straws in the wind See also TBTF for 2000-02-06, 1999-12-16, 08-23, 01-26, 01-13, 1998-11-11, 10-12, 07-27, 05-25, 05-11, 04-20 |
Old McDonald had some code, C-O-B-O-L
For those of you who rejoiced over the holidays because The Little Drummer Boy drowned out the pervasive babble about Y2K, here's a little something to jerk you fully into 1999: the latest in barnyard sounds from Patrick Tufts <zippy at cs dot brandeis dot edu>.
--Pat "doomsayer just didn't scan"
[29] http://www.powells.com/cgi-bin/partner?partner_id=23196&cgi=search/search&searchtype=isbn&searchfor=0806504986
[30] http://tbtf.com/resource/oed-defs.html#nudiustertian
TBTF home and archive at http://tbtf.com/ . To subscribe send the the message "subscribe" to tbtf-request@tbtf.com. TBTF is Copyright 1994-1999 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Commercial use pro- hibited. For non-commercial purposes please forward, post, and link as you see fit. _______________________________________________ Keith Dawson dawson dot tbtf at gmail dot com Layer of ash separates morning and evening milk.
TBTF HOME |
CURRENT ISSUE |
TBTF LOG |
TABLE OF CONTENTS |
TBTF THREADS |
SEARCH TBTF |