(A Javascript-enabled browser is required to email me.)
TBTF logo

TBTF for 1999-08-16: Delusional

Keith Dawson (dawson dot tbtf at gmail dot com)
Sun, 15 Aug 22:11:43 -0400


Food fight

A pox on both their houses

Microsoft and AOL have been making an ugly spectacle of themselves in the fight over instant messaging standards [1]. For three weeks the two sides have been exchanging rhetoric at a pace and a pitch that is reminiscent of nothing so much as a bitterly divisive political battle.

On 22 July Microsoft introduced a client, the MSN Messenger Service, that connects with AOL Instant Messenger by requiring users to supply their AOL screen name and password. AOL spluttered that this requirement goes against the security admonitions that AOL constantly inculcates into its customers. And AOL can't have been thrilled that Microsoft at least potentially possessed login information for millions of AOL customers -- even though Microsoft insists it is neither collecting nor saving the logins. Adding insult to injury, Microsoft's client can also import AIM buddy lists.

As soon as MSN Messenger Service went live AOL blocked its access to their servers. Microsoft coded around the block. AOL countered. By the end of the first weekend the two teams had traded hack for counter-hack five times; the last count I saw tallied 13 round trips.

The two sides have feigned at lawsuits, wrapped themselves in the robes of open standards and user security, and signed up allies at a frantic pace.

The battle escalated another notch last week when someone posing as an independent consultant wrote to security watchdog Richard Smith, asking him to publicize the assertion that one of AOL's blocking tactics utilizes a buffer overflow in the AIM client [2]. If true this would point to a dangerous security hole in AIM. But Smith determined that the "consultant" probably didn't exist and that the message had originated on a Microsoft internal mail server. Microsoft's protested [3] that the unknown perpetrator had no encouragement from the management. Right. Despite the tainted source of the accusation, Smith insisted that AOL come clean about any buffer overflows. AOL has bequeathed no word on the subject.

The irony of Microsoft arguing for open standards, and AOL against them, was not lost on the SJ Mercury News's Dan Gillmor. He calls them both aggravating hypocrites [4].

Alex Lash wrote a good overview [5] on the wider Microsoft - AOL rivalry that he might have subtitled "How do I hate thee? Let me count the ways."

[1] http://www.news.com/News/Item/Textonly/0,25,39693,00.html
[2] http://www.zdnet.com/intweek/stories/news/0,4164,2314107,00.html
[3] http://www.techweb.com/wire/story/TWB19990813S0015
[4] http://www.sjmercury.com/svtech/columns/gillmor/docs/dg072799.htm
[5] http://www.thestandard.com/articles/article_print/0,1454,5821,00.html


Threads Ganging up on Microsoft
See also TBTF for
1999-08-16, 07-19, 02-15, 02-01, 01-13, 01-04, 1998-12-23, 12-15, 12-07, 11-11, 10-19, more...

The Microsoft trial you haven't heard of

Taking the IRS to Tax Court

Late last month, in near-perfect silence, Microsoft wrapped up its court case against the Commissioner of the Internal Revenue Service [6]. The only notice of the case was a slip of paper hanging outside the door of a little-known courtroom at 400 Second St. N.W. in Washington, DC. Microsoft had sued the IRS in the early 90s over the favorable tax treatment allowed for CDs and movies, arguing that the same rules should apply to software. The amount at issue in the case is a mere $16M that Microsoft paid in taxes in the early 1990s, but the outcome of the case could affect billions in the years to come -- for other software suppliers as well as for Microsoft. Oracle, Autodesk, and Adobe all have similar cases pending in the Tax Court. In 1997, after Microsoft's suit was filed, Congress enacted the tax provision that Microsoft wants. But the company fights on because a loss in Tax Court could render moot the action of Congress. A ruling in the case could take another year.

[6] http://www.seattletimes.com/news/business/html98/micr_19990803.html


Threads Domain name policy
See also TBTF for
2000-04-19, 03-31, 1999-12-16, 10-05, 08-30, 08-16, 07-26, 07-19, 07-08, 06-14, 05-22, more...

Domain naming news

bul Price war for domain names begins

CORE, the Council of Registrars, is one of the organizations accredited in the early-phase testing of competitive domain-name registration. One of CORE's members, CSL GmbH of Duesseldorf, is now offering two-year registrations in the .com, .net, and .org top-level domains for 40.9 Euros, or about $43.23 [7]. CSL thus becomes the first competitive registrar to actually compete on the basis of price. NSI and all the other active test registrars still charge $70 for two years -- but this won't be true for long. To register your .com domain for less than the price of a .nu [8], visit CSL's registration site joker.com [9]. (This is no joke.)

Note added 1999-08-22: TBTF Irregular Simon Whitaker <simon at netcetera dot org> went immediately to register a .com name with Joker.com and recounts his experiences here. Whitaker calls Joker.com "a refreshing if rough-cut alternative."

[7] http://www.internetnews.com/bus-news/article/0,1087,3_181351,00.html
[8] http://www.nic.nu/
[9] http://www.joker.com/

bul ICANN cuts NSI's influence

The Internet Commission on Assigned Names and Numbers issued a ruling that will limit Network Solutions's influence on domain naming policy. ICANN has declared [10] that no entity may send more than a single representative to the Names Council, a body set up to advise ICANN on naming policy. Under the previous rules, NSI had 3 seats on the 21-member council.

[10] http://www.infoworld.com/cgi-bin/displayStory.pl?990813.iiicann.htm

space ______

Voyeur cams and the law

Small, inexpensive video cameras redefine voyeurism

Here is a story ripe for the mainstream press to blow all out of proportion. USA Today reports [11] on a case of organized voyeurism: 28 athletes from colleges in Illinois and Pennsylvania have filed for damages against the makers and distributors of videotapes captured by tiny cameras secreted in college locker rooms. The tapes were sold over the Internet. Most states have no law against surreptitious videotaping or selling such tapes over the Net, so victims may have little recourse. This last week my hometown paper carried news that the Massachusetts senate had just passed such an anti-voyeur measure. Thanks for the tip on this story to Lynn Saxenmeyer <saxenmeyer at worldnet dot att dot net>.

Note added 1999-08-17: Here's an example of such a cam [11a], being marketed as a consumer item.

Bill Scanlon <wscanlon at execpc dot com>, an attorney who is a longtime TBTF reader, blurbist [11b], and self-described "regular," adds this clarification on torts and common law.

It is not correct that "most states have no law against" what the 28 athletes complain happened to them.

Most states have no statutory law against that sort of thing.

However, in all states of the United States except Louisiana the system of law is at least partially a "common law" system. In a "common law" system, what the law is is defined by not only the legislature and executive, in statutes, but also the courts, in their opinions on cases that come before them. Court-defined law is referred to as "common law." Indeed, the "common law" includes much of contract law and "tort law" - the law concerning injuries against a person's person or property on the basis of which the injured person (or her/his representatives) may sue to recover compensation for the injuries.

In almost all states, what the 28 athletes alleged happened to them would be "torts" under the common law even if not under statutory law. The torts involved would be violations of various forms of the right to privacy.

[11] http://www.usatoday.com/life/cyber/tech/ctf847.htm
[11a] http://www.x10.com/home/offer.cgi?!ZDX30,../1index761.htm
[11b] http://tbtf.com/blurbs.html#scanlon

space ______

The short life of the Fidnet proposal

Leaked, criticized, withdrawn, and squashed inside of two days

On 28 July the NY Times reported that the Clinton administration was mulling a plan [12] for a computer monitoring system, called Fidnet, that would watch the country's data networks for intruders. The FBI was to oversee Fidnet, which would expand from monitoring government networks to watching private ones. The outcry from civil libertarians was immediate and deafening, and the administration shelved Fidnet [13] the next day. Just to nail that particular coffin, Congress voted [14] on 30 July to ban the Justice Department from spending any funds on Fidnet.

Note added 1999-08-16: Today's NY Times features an interview [14a] (free registration and cookies required) with Richard Clarke, the National Security Council's counterterrorism czar. He considers Fidnet anything but dead, and says Congress will surely finance the system once lawmakers understand it and Clinton gives it the go-ahead.

[12] http://www.zdnet.com/filters/printerfriendly/0,6061,2303703-35,00.html
[13] http://www.zdnet.com/filters/printerfriendly/0,6061,2304083-35,00.html
[14] http://www.techserver.com/noframes/story/0,2294,76087-120171...
[14a] http://www.nytimes.com/library/tech/99/08/biztech/articles/16monitor.html


Threads Cryptography export policy
See also TBTF for
2000-02-06, 1999-10-05, 08-30, 08-23, 08-16, 07-26, 05-22, 05-08, 04-21, 03-01, 01-26, more...

Reno urged banning crypto products on the Internet

Cites danger of rendering Wassenaar controls "immaterial"

Late last month the emended German online magazine Telepolis published a letter that US Attorney General Janet Reno sent at the end of May to the German Justice Minister urging a ban of crypto products on the Internet. John Young has posted a translation on Cryptome [15]. Here is the original article, in German [16], and the letter as published in Telepolis [17]. An excerpt from Reno's letter:

Much work remains to be done. In particular, I believe we must soon address the risks posed by electronic distribution of encryption software. Although the Wassenaar Nations have now reached agreement to control the distribution of mass market encryption software of certain cryptographic strength, some Wassenaar Nations continue not to control encryption software that is distributed over the Internet, either because the software is in the "public domain" or because those Nations do not control distribution of intangible items. While I recognize that this issue is controversial, unless we address this situation, use of the Internet to distribute encryption products will render Wassenaar's controls immaterial.
Thanks to TBTF Irregular [18] Jon Callas <jon at callas dot org> for the tip.

[15] http://jya.com/reno-ban.htm
[16] http://www.heise.de/tp/deutsch/inhalt/te/5117/1.html
[17] http://www.heise.de/tp/deutsch/inhalt/te/5117/2.html
[18] http://tbtf.com/the-irregulars.html


Threads Open source software and the Linux OS
See also TBTF for
1999-08-16, 05-22, 03-26, 02-15, 02-01, 1998-11-17, 11-11, 11-03, 10-27, 10-12, 08-31, more...

Open source governance models

Variety and innovation rule in open-source development

At last week's LinuxWorld Expo, a panel discussed the various models of how open source projects are controlled and directed [19]. Contrary to what you might expect, open source does not mean "democratic." Linus Torvalds runs Linux development as an absolute dictatorship buffered by a sizable bureaucracy. At the other end of the spectrum, Brian Behlendorf says that development of the Apache Web server is governed by a round table of two dozen equals, all of whom have veto power over proposed features. Perl development proceeds like a constitutional monarchy. Larry Wall, the language's original author, has relegated to himself the role of a Supreme Court, settling the disagreements that the development community can't resolve.

[19] http://www.techweb.com/wire/story/TWB19990812S0003


OS usability challenge issued

Linux gets the press, but has BeOS got the goods?

Scot Hacker <shacker at birdhouse dot org>, who runs a tips site [20] for users of BeOS, is frustrated. The press covers Linux ceaselessly but rarely writes about BeOS. When this commercial OS is covered, Hacker believes, the articles are usually written by pundits who have never tried BeOS or done any real research. He writes,

BeOS is easier to install, easier to use, and easier to configure than Linux. It's got a consistent, elegant, lightweight, non-chaotic UI, is POSIX compliant, includes a full bash shell, boots to full GUI in less than 15 seconds, and does multithreaded multitasking like nothing else. It's got a fully journaled 64-bit database-like filesystem. I believe it's far better suited to become a replacement for or alternative to Windows on the desktop than is Linux. BeOS costs just a bit more than a set of Linux CDs. So why is none of this coming to light in the press?
(Neal Stephenson's storied essay In the beginning was the command line [21] makes much the same point, at great and entertainingly readable length.)

Hacker has set up the Alt.OS Usability Challenge [22] to invite tech publications to compare BeOS with Linux by watching real users. The model is to sit down a Windows or MacOS user with a Linux distribution and a BeOS CD and have normal users install, configure, and use the respective systems; observe and report.

I wish I had the time to mount this test myself, but I don't. I'll be curious to see how many publications take up the challenge.

By the way, BeOS Tips is served from Hacker's main BeOS development machine, which is also running 1.7M keys/sec. in the rc5des [23] distributed crack. How many Windows, or even Linux, users would be willing to try this?

[20] http://www.betips.net/
[21] http://www.cryptonomicon.com/beginning.html
[22] http://www.betips.net/challenge/
[23] http://beoscentral.com/teambeos/


Censorware Project roasts N2H2's Bess

Another proof point that the censorware approach is fundamentally flawed

The Censorware Project investigated [24] Bess, a product widely used in schools across the US and Australia and aggressively marketed to libraries, schools, and governments. N2H2 [25], the company that markets Bess, claims that the proxy-based filtering software shields more than seven million schoolchildren. N2H2 is unusual in a couple of ways. They claim not to block by keywords -- that every one of 8 million sites on their block list has been examined by a human. And N2H2 is the first of the censorware companies to announce plans to go public.

The Censorware Project found hundreds of porn sites easily accessible, unblocked by proxies in actual use in schools today, as well as numerous sites incorrectly blocked for no discernable reason. The report casts serious doubt on N2H2's claim of 100% human-based filtering, a claim the company president made in Congressional testimony last May.

N2H2 employs 15 full-time and 58 part-time workers to scan Web sites, according to their recent IPO filing. The Censorware Project's report estimates that this number falls short -- by a factor of about 20 -- of the labor force that would be required just to keep up with the Web's growth (2 million pages per day), let alone to track site updates or to classify the 1 billion Web pages already in existence.

Please note that the report [24] necessarily contains some ugly language and many links to offensive sites.

[24] http://censorware.org/reports/bess/
[25] http://www.n2h2.com/


It's a strange world after all (not)

Don't expect the world to end when this Brookhaven device goes live

This BBC article [26] speaks of qualms about Brookhaven National Laboratories' Relativistic Heavy Ion Collider. It seems that once the machine is activated, scientists aren't 100% certain that it won't turn the whole earth into strange matter.

Scientists aren't 100% certain that a glass of water at room temperature won't spontaneously develop ice cubes, either, but it's the way the smart money bets.

The BBC story was pretty convincingly deconstructed on Slashdot [27] (albeit by Anonymous Cowards). Thanks to TBTF Irregular Jamie McCarthy <jamie at mccarthy dot org> for that pointer, and to others regular and Irregular who poured healthy skepticism in my general direction when I posted this item as a Tasty Bit of the Day.

On the American Physical Society's What's New page [28], Robert Park writes:

Could the "Big Bang Machine," a.k.a. Relativistic Heavy-Ion Collider, produce "perturbations of the universe" -- maybe a black hole -- and destroy Earth? The Sunday Times of London reported that Brookhaven director John Marburger had appointed a panel of physicists to investigate. Not exactly. He asked them for a white paper explaining why it's not a worry. In spite of millennium madness, Marburger said this morning that the net effect has been very positive. Reporters from around the world call to ask if there's anything to the story, and end up learning about RHIC.
Thanks to TBTF Irregular Greg Roelofs <newt at pobox dot com> for this one.

[26] http://www.sunday-times.co.uk/news/pages/sti/99/07/18/stinwenws02029.html?99
[27] http://slashdot.org/comments.pl?sid=99%2F07%2F18%2F1415231&cid=...
[28] http://www.aps.org/WN/WN99/wn072399.html


Torino scale

Too close

Judging now much to worry about near-earth objects

How dangerous, in reality, are asteroids of the sort that starred in last summer's blockbuster [sic] movie? Should we worry about the danger from an asteroid with a one-in-a-million chance of striking earth? Scientists have announced development of the Torino scale [29], a method of communicating the degree of danger from near-earth objects. So far no known object has been assigned a Torino number greater than 0. (At Torino 10 the earth is toast.) See [30] for a succinct graphic (98K) depicting the factors woven into a Torino scale number. The scale takes into account the probability of a collision and its likely kinetic energy -- which depends on the object's diameter, composition, speed, and strike angle. Thus a 100-m asteroid with a 1-in-100 chance of striking the earth merits the same level of concern -- 2 on the Torino scale -- as a 5-km asteroid with a 1-in-a-million chance.

This site [31] lets you explore the known near-earth objects for yourself. I particularly like the search function [32], where you can ask, say, for all known objects that will ever pass closer to earth than the moon's orbit (call it 0.0025 AU). This site [33] lists all known close approaches (closer than about 5M miles) for the next 100 years.

Scientists estimate that fewer than one in ten near-earth asteroids have yet been discovered and mapped.

[29] http://science.nasa.gov/newhome/headlines/ast22jul99_2.htm
[30] http://science.nasa.gov/newhome/headlines/images/meteors/torinoscale.jpg
[31] http://newton.dm.unipi.it/
[32] http://newton.dm.unipi.it/cgi-neo/neoibo?quicksearch
[33] http://cfa-www.harvard.edu/iau/lists/PHACloseApp.html




A team of Florida physicians recently reported two cases in which delusional patients have woven the Internet into their fantasy systems [34]. These are the unfortunates who used to wear aluminum-foil hats to block the radio messages the CIA was trying to beam into their heads; now it's the Net that provides a backdrop of threatening and poorly understood technology from which to craft their delusions.

Randy Cassingham's engaging periodical This Is True [35] noted this story under the title www.ParanoidPsychoticDelusions.com. Of course I had to add it to the No We Don't have a Web Site page [36], the home for bogus and self-referential (and mostly nonexistent) URLs. Thanks to Herbert Hille <hhil at loc dot gov> for the pointer.

[34] http://www.sma.org/smj/internet_press.htm
[35] http://www.thisistrue.com/
[36] http://www.nowedonthaveawebsite.com/


bul Apologies for the hiatus between issues. TBTF should settle down to a more regular schedule now, with the possible exception of a week in September when I will be on the windjammer Grace Bailey off the coast of Maine. No, I won't be taking a computer, why do you ask?

bul I went to high school with Herbert Hille, my informant for this issue's final item. Through him I've now reconnected with two other long-lost friends; working on a third.


bul For a complete list of TBTF's email and Web sources, see http://tbtf.com/sources.html.


bul TBTF is free. If you get value from this publication, please visit the TBTF Benefactors page and consider contributing to its upkeep.

TBTF home and archive at http://tbtf.com/ . To subscribe send the
the message "subscribe" to tbtf-request@tbtf.com. TBTF is Copyright
1994-1999 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Commercial use pro-
hibited. For non-commercial purposes please forward, post, and link as
you see fit.
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.



Copyright © 1994-2022 by Keith Dawson. Commercial use prohibited. May be excerpted, mailed, posted, or linked for non-commercial purposes.

Most recently updated 1999-08-22