TBTF for 3/2/98: Light work

Keith Dawson (dawson@world.std.com)
Sat, 28 Feb 1998 22:22:18 -0600


TBTF for 3/2/98: Light work

T a s t y B i t s f r o m t h e T e c h n o l o g y F r o n t

Timely news of the bellwethers in computer and communications
technology that will affect electronic commerce -- since 1994

Your Host: Keith Dawson

This issue: < http://www.tbtf.com/archive/03-02-98.html >

C o n t e n t s

Internet Council of Registrars burgled
Sun and Microsoft meet in court over Java
Throw down your crutches and encrypt
Netscape crypto easily boosted to full strength
HP's VerSecure
Many hands make light work
ISPs, hosts, and CSPs
Teledesic puts up a test bird
Iridium puts on a light show
Another new Mersenne prime
Israelis demonstrate a tunable quantum observer
An operating system popularity meter
Auckland in the dark

..Internet Council of Registrars burgled

Why *those* two servers, exactly?

This news is not exactly new, but the news may be that it has at-
tracted so little notice. On Sunday 2/15, thieves broke into a Best
Internet San Francisco co-location facility, cut a lock off a steel
cage, and made off with two 200-pound servers being used to test the
Shared Registry System [1] for the Internet Council of Registrars.
CORE is nearly ready to go live with its long-debated evolution of
the domain name system, in contrast to the US government's "green
paper" solution [2], which is months from approval and probably
years from implementation. According to a c|net account [3], CORE
said its servers were stolen when a CORE worker scheduled to be at
the facility called in sick. There was no sign of forced entry into
the Best facility. The two Sun Enterprise 450 servers were not the
most expensive equipment in the facility, but no other cages were
disturbed. Local police are working on the case and the FBI and
CERT were notified. Emergent Corp., which is contracted by CORE to
operate the SRS, had the system back online on new servers within
30 hours. At the time of the burglary CORE was low-key and sought
to dampen speculation. They promised to put up a statement on their
Web site, but if they've done so I couldn't find it.

[1] http://www.gtld-mou.org/press/core-2.html
[2] http://www.tbtf.com/archive/02-02-98.html#s01
[3] http://www.news.com/News/Item/Textonly/0,25,19220,00.html?pfv

..Sun and Microsoft meet in court over Java

This one is going to take a little time

Sun and Microsoft kept their first court date [4] on 2/26, and U.S.
District Judge Ronald Whyte declined to grant Sun an injunction
forbidding Microsoft from using the name Java in its products. The
judge took the question under advisement. As to when the case might
actually be adjudicated, Sun asked for a trial date in April -- of

[4] http://www.internetnews.com/Reuters/sun.html

..Throw down your crutches and encrypt

Two items on crippled crypto

..Netscape crypto easily boosted to full strength

An Australian doing business as Fortify.net [5] is distributing a
program for Unix and Win-32 (containing no crypto code) with which
anyone can convert their export copy of Netscape Navigator into a
US-strength, 128-bit version. Netly News coverage [6] paints the
Feds pacing and gnashing their teeth over the development, which
breaks no laws. At the Financial Cryptography conference in An-
guilla, attendees ran a contest for the most compact perl code to
effect this transformation ("Run this on your export version of
netscape 4.04 to enable strong crypto!"). Ian Goldberg, who through
his connection with the conference sports the world's coolest email
address -- n@ai -- posted a 99-byte essay, only to be trumped by a
Russian programmer who shaved it by 15 bytes. The result:

#!/usr/bin/perl -0777pi
s/(TS:.*?0)/$_=$1;y,a-z, ,;s, $,true,gm;s, 512,2048,;$_/es;

[5] http://www.fortify.net/
[6] http://cgi.pathfinder.com/netly/opinion/0,1042,1767,00.html

..HP's VerSecure

HP has obtained government approval to export systems based on its
VerSecure architecture [7], which uses expiring software tokens to
assure that the crypto provided to each user meets local laws. (No
shippping products are based on VerSecure, and any such products
will be subject to a further government review.) The Commerce De-
partment license allows HP to export VerSecure-based products only
to the UK, Germany, France, Denmark, and Australia. HP's system
envisions encryption in VerSecure-based hardware -- PCs, servers,
cell phones -- only after a token exchange with a "Security Domain
Authority" clears the scrambling. Imagine SDAs as networked encryp-
tion checkpoints run by approved organizations in each country.
Each user would obtain a software token, expiring after one year
unless renewed, that controls the strength of encryption and the
availability of key-recovery features. Token policies would be based
on the local laws prevailing in each country: for example, tokens
distributed in France would activate a back door for law enforce-
ment, because French law requires that feature. This Reuters story
[8] quotes a Center for Democracy and Technology spokesman calling
VerSecure a "Rube Golberg approach." (Our British cousins would say
"Heath Robinson.")

How long before some hacker finds a way around the tokens to allow
full-strength, un-escrowed encryption?

Thanks to Matthew D. Healy <healy@seviche.med.yale.edu> for the
story suggestion.

[7] http://www.techserver.com/newsroom/ntn/info/022798/info1_24794_body.html
[8] http://www.wired.com/news/news/technology/story/10620.html

..Many hands make light work

OK, you can crack DES. How *fast* can you crack DES?

RSA has established an ongoing series of challenges [9] to break
messages encrypted with 56-bit DES. Twice a year, on 1/13 and
7/13, the company will post a new challenge and will only pay a
winner if the message is decoded faster than it was last time.
If the new contest is beaten in less than 25% of the reference
time, the winner gets $10K; 50% pays $5K, and 75% $1K. The first
DES crack took 140 days on the calendar, but when RSA launched
DES Challenge II they set the bar higher and established a refer-
ence time of 90 days. On 2/26 the message was decoded after 39
days by an anonymous participant working under the auspices of
distributed.net [10]. The secret message was "Many hands make
light work." Distributed.net offered thanks to RSA for the im-
plied endorsement.

[9] http://www.rsa.com/rsalabs/des2/html/continued.html
[10] http://www.rsa.com/pressbox/html/980226.html

..ISPs, hosts, and CSPs

Consolidations and realigning business models are the order
of the day

RCN of Princeton, NJ, known mainly for its plans to wire city cen-
ters with fiber, is buying Virginia-based ISP Erol's and Massachu-
setts-based Ultranet [11]. The acquisitions give RCN 325,000 dialup
customers on the eastern seaboard, and should provide rich fields
for cross-selling once RCN gets their fiber alight.

Best Internet and Hiway Technologies announced plans to merge [12].
The companies say that one advantage of combining forces will be
fail-safe access for their customers: Best (San Francisco) worries
about earthquakes and Hiway (Florida) has hurricanes to contend

Netscape, smarting from competition with Microsoft, is floating a
balloon about becoming a CSP (commerce service provider) [13] -- that
is, hosting commerce sites for customers of their back-end software.
Such talk is not going down well with Netscape's ISP and CSP custo-
mers, and first returns from the analyst community aren't entirely
positive either. Representative quote: "It baffles me. It sounds
like a desperate move."

[11] http://www.zdnet.com/intweek/daily/980224k.html
[12] http://www.news.com/News/Item/Textonly/0,25,19571,00.html?pfv
[13] http://www.news.com/News/Item/Textonly/0,25,19545,00.html?pfv

..Teledesic puts up a test bird

It's only a test, but it's Ka band and it's broadband

Teledesic is the company planning to ring the world with satellites
to make T1-or-better Internet access available at any point on the
surface [14]. On 2/18 they launched an experimental satellite named
"T1" [15]; the news was blacked out until 2/26. T1 is not a prototype
of the satellites Teledesic is planning, it's merely a test bed
operating in the Ka band (28.6 - 29.1 GHz) at E1 speeds (2.048
MBPS). Teledesic officially won the right to Ka frequencies last
November [16]. T1 was put into orbit by a Pegasus rocket, launched
from underneath an airborne L-1011. The service planned when Tele-
desic goes live, by the end of 2002, will be 2 MBPS upstream and 64
MBPS down.

[14] http://www.tbtf.com/archive/09-08-97.html#s06
[15] http://www.news.com/News/Item/Textonly/0,25,19550,00.html?pfv
[16] http://www.techweb.com/wire/news/1997/11/1121skybridge.html

..Iridium puts on a light show

Getting our entertainment where we can find it

These low-earth-orbit satellites will enable worldwide phone ser-
vices beginning this year. Fifty-one are presently in orbit. It
turns out that the satellites' antennas catch the sun and cause
"flares" [17] visible from the ground. For minutes at a time the
satellites brighten from magnitude 6 (binoculars required) to
magnitude -2 or even -4 (brighter than Venus). This useful page
provided by the German Space Operations Centre [18] will calculate
for you the next seven Iridium flares visible from your location.
(Their initial mission was to calculate and display appearances of
the Mir satellite.) First you need to say exactly where on earth
you are. Using the Census Bureau's Tiger Mapping Service [19] you
can pinpoint a spot in the US to 4 decimal places of latitude and
longitude, or within about 6 feet. Start at this atlas of place
names [20] for rough coordinates that you can feed to the Tiger
for refinement.

[17] http://www2.satellite.eu.org/sat/vsohp/iridium.html
[18] http://www.gsoc.dlr.de/satvis/
[19] http://tiger.census.gov/
[20] http://www.ahip.getty.edu/tgn_browser/

..Another new Mersenne prime

The Great Internet Mersenne Prime Search ferrets out M-37

The largest prime number now known is 2^23021377 - 1. It was discov-
ered by Roland Clarkson, one of 4,000 current participants in GIMPS
[21], using a Pentium box running code written by George Woltman (who
is mersenne.org). This is the first Mersenne prime discovered using
Scott Kurowski's Internet software and server [22], which coordinates
the large number of volunteer computers. When last we visited GIMPS
(see TBTF for 9/8/97 [23]), the previous record-holder, M-36, had
just been uncovered. This new Mersenne prime is only a tiny bit
larger, relatively speaking, at 909,526 digits vs. 895,932. You can
download the number itself [24] from mersenne.org. This file is, of
course, about a megabyte in size.

[21] http://www.mersenne.org/3021377.htm
[22] http://www.entropia.com/primenet/status.shtml
[23] http://www.tbtf.com/archive/09-08-97.html#s07
[24] http://www.mersenne.org/files/prime3.txt

..Israelis demonstrate a tunable quantum observer

Half-looking at particles being waves

Researchers at the Weizmann Institute have demonstrated [25], and
controlled, one of the strange everyday home truths of the quantum
world -- that the act of observing something perturbs it. In this
case, what is perturbed is the tendency of electrons to act like
waves. The Israeli researchers have produced a tunable sensor that
can watch which of two openings electrons go through. When the
sensor is fully "alert," each electron provably goes through one
opening or the other. When the sensor is not "looking," electrons go
through both openings in a wavelike way and interfere on the other
side. Such control over this basic quantum phenomenon could be im-
portant to devices built of quantum parts, for example the chips
described in TBTF tor 2/23/98 [26]. Thanks for the story suggestion
to Eliyahu Skoczylas <eliyahu@photonet.com>.

[25] http://www.iinsnews.com/sci/980226/98022625.html
[26] http://www.tbtf.com/archive/02-23-98.html#s07

..An operating system popularity meter

If they think you're technical, go crude

This page [27] reports the latest results of Alta Vista searches
counting Web pages that make assertions such as "MacOS sucks" or
"Unix rules." Right now Unix is way ahead in the Sucks/Rules ratio,
and Linux is far ahead of Windows. This page [28], in contrast, dis-
penses with any pretense of fairness or sampling and baldly asserts
that all operating systems suck.

[27] http://electriclichen.com/linux/srom.html
[28] http://www.io.com/~pde/os-suck.html

..Auckland in the dark

When the power goes out for a week (and counting) in an El Nino

Peter Gutmann (who outed Microsoft's naked emperor of security --
see TBTF for 1/26/98 [29]) is writing an ongoing account [30] of the
anguish Auckland, New Zealand is going through after losing all power
to the central city. Four cables all failed. Gutman is unsparing in
his gaze at the recent practices of the power company, Mercury En-
ergy, which has spent $300M on a failed attempted takeover of a
rival energy company while eliminating excess capacity and waste of
the sort that we might have referred to, in an ealier and less en-
lightened age, as safety margins. Some excerpts:

> The following writeup is a (hopefully) more balanced view of
> what's going on than the one being provided through official
> channels.

> The city of Auckland has... four 110kV cables feeding the
> central business district... The suspicion is that the El Nino
> summer has dried out and heated the ground so that vibration
> and ground movement (shrinkage) have damaged the cables.

> Mercury ran an emergency feed for several miles over a string
> of poles, which had hardly been completed when the second
> cable failed. They then tried to force a full load over the
> remaining cables by management will-power alone, which
> unfortunately wasn't enough to overcome the basic laws of
> physics, and everything which was left failed as well.

> I think I'll join the class action suits; the fact that the
> university machines are down means that I've had to use tin
> to read news for nearly a week, that's got to be worth sev-
> eral hundred thousand dollars compensation for mental anguish.

> Q: How many Aucklanders does it take to change a lightbulb?
> A: Does it matter?

[29] http://www.tbtf.com/archive/01-26-98.html#s05
[30] http://www.kcbbs.gen.nz/users/peterg/power.txt

N o t e s

> This week's TBTF comes to you a few days early, as I'm going to be out
of IP reach for a while.

S o u r c e s

> For a complete list of TBTF's (mostly email) sources, see
http://www.tbtf.com/sources.html .

TBTF home and archive at < http://www.tbtf.com/ >. To subscribe
send the message "subscribe" to tbtf-request@world.std.com. TBTF
is Copyright 1994-1998 by Keith Dawson, < dawson@world.std.com >.
Commercial use prohibited. For non-commercial purposes please
forward, post, and link as you see fit.
Keith Dawson dawson@world.std.com
Layer of ash separates morning and evening milk.

Version: PGP for Personal Privacy 5.5