TBTF for 1999-01-13: Nudiustertian

Keith Dawson (dawson@world.std.com)
Thu, 14 Jan 1999 00:17:40 -0600


TBTF for 1999-01-13: Nudiustertian

T a s t y B i t s f r o m t h e T e c h n o l o g y F r o n t

Timely news of the bellwethers in computer and communications
technology that will affect electronic commerce -- since 1994

Your Host: Keith Dawson

This issue: < http://tbtf.com/archive/1999-01-13.html >

C o n t e n t s

Uncensored Australian crypto report comes to light
NT 4.0 fails government cryptography test
Judge orders Sun, Microsoft to settle Java dispute
Supreme Court says computer algorithms can be patented
Make it up on volume
Quick bits
Microsoft releases a fix for frame spoof
No kudos from BugNet
Cyber Underwriters Laboratories
India warns against US crippleware
A specialized shopping bot
Jargon Scout: verbing dog-food
Physics news of 1998
Year 2000 corner

..Uncensored Australian crypto report comes to light

Redacted passages are now highlighted in red

Electronic Frontiers Australia has posted an uncensored copy of the
Review of Policy relating to Encryption Technologies, called the
Walsh Report [1]. Two years ago the Australian government had been
about to release a study of the effect of encryption technology on
law enforcement and intelligence gathering. The study, commissioned
by the Attorney General's office, was authored by Gerard Walsh, for-
mer deputy director of the Australian Security Intelligence Organ-
isation. Just before publication someone high up in the Australian
government developed cold feet and the release was cancelled. Elec-
tronic Frontiers Australia filed a freedom of information request and
in June 1997 obtained a redacted copy of the report -- that is, with
some sections blacked out on grounds of public safety, law enforce-
ment, or national security -- and posted it on the Web. It now comes
to light that before the report was pulled, "deposit copies" had
been sent to major libraries; an alert student found one such last
month growing dusty in the State Library in Hobart. EFA published
the full report, with the originally censored parts highlighted in
red, at the same URL [1]. Here is one of those redacted sections

> The loss of access to real-time communications of their
> targets, and the inability to access seized stored data,
> will necessitate a range of activities by law enforcement
> and national security agencies which carry greater oper-
> ational, personal and political risk, involve larger fi-
> nancial outlays and staff allocations and will require
> some legislative amendments.

It is remarkable how many of the red passages track with proposals
that, if publicized, would carry "political risk" -- such as the
risk of the public throwing the bums out. Among the initially re-
dacted legislative amendments proposed are those to allow:

- legalized hacking by agencies (1.2.28, 6.2.3)

- legalized planting of trap-doors in proprietary software
(1.2.33, 6.2.10, 6.2.11, 6.2.22)

- protection from disclosure of the methods used by agencies
to obtain encrypted information (6.2.16)

This latter proposal the EFA's Greg Taylor <gtaylor@efa.org.au>
calls "an apparent endorsement of rubber-hose code-breaking." A
more charitable interpretation would be of a law to shield author-
ities from having to reveal in open court that they obtained evi-
dence by cracking into and infecting a suspect's computer -- might
not play well with juries. Prosecutors routinely avoid such embar-
assment by using tainted evidence only to locate and develop other
lines of evidence, which are then used to prosecute.

[1] http://www.efa.org.au/Issues/Crypto/Walsh/index.htm

..NT 4.0 fails government cryptography test

Fixing FIPS 140-1 test failure will impact IE4, Outlook 98

Windows NT 4.0 has failed a critical government test [2] (regis-
tration required) that it must pass in order to be considered for
sensitive applications in US and Canadian government agencies.
Problems that surfaced in Microsoft's CryptoAPIs may be serious
enough to require significant redesign of the operating system.
The company expects to issue a service pack later this year after
NT finally makes it through FIPS 140-1 testing. However, the
patch will cause major problems for common applications, because
only Internet Explorer 5.0 will know how to work in FIPS mode.
The service pack will prevent users who apply it from using IE
4.0, Outlook 98, and possibly other applications such as Internet
Information Server.

[2] http://www.nwfusion.com/news/0111ntcrypt.html

..Judge orders Sun, Microsoft to settle Java dispute

You can tell it's a good decision, it made both companies mad

A US magistrate has ordered Microsoft and Sun to schedule a settle-
ment conference to hash out their ongoing dispute over Java technol-
ogy. Judge Ronald Whyte's order [3] said the companies, which have
developed two different methods for Java to work with Windows,
should develop a single platform that "achieves Sun's goal of uni-
versality and Microsoft's goal of more efficient performance and
ease of coding." Whyte also said the companies should consider
expanding development of Microsoft's J/Direct, which lets Java de-
velopers access native Windows functions directly.

[3] http://www.techweb.com/printableArticle?doc_id=TWB19990108S0001

..Supreme Court says computer algorithms can be patented

Let's patent like it's 1999

The trickle of patents on business models [4] will surely now become
a torrent. The US Supreme Court has let stand a lower court ruling
in the State Street Bank case that mathematical algorithms used in a
program may rate intellectual-property protection [5] (free registra-
tion and cookies required for this link). The silliest patent I've
seen recently claimed exclusive rights to the "method" of teaching
an in-house course using a book. Worse is to come.

[4] http://tbtf.com/archive/1998-08-31.html#Tspx
[5] http://www.nytimes.com/library/tech/99/01/biztech/articles/12patent.html

..Make it up on volume

A business model from cloudcuckooland

Bill Gurley's latest Above The Crowd column [6] is a sober explora-
tion of a business proposition that until recently was the punch line
of a stock joke:

Sure, we'll lose $5 on every sale, but we'll
make it up on volume.

Gurley examines buy.com, a reborn Web virtual store whose business
plan amounts to selling a buck for 85 cents and making it up on ad-
vertising. You can trace a straight line from the idealistic busi-
ness model arising out of the Net's pre-commercial gift economy --
give away real value on your Web site and find a way to make money
from the side-effects -- through banner ads, eyeballs, and branding
to the Americanized, Crazy Eddie purity of buy.com's aspirations.
If the recent market for Net stocks has sent images of tulip bulbs
dancing in your head, Gurley's analysis will do nothing to dispel

Perhaps when the Millenium has past and the stock market crash is
behind us, we can turn again to the serious business of inventing
sustainable business models for the Net.

[6] http://www.news.com/Perspectives/Column/Textonly/0,197,282,00.html?tbtf

..Quick bits

A maze of twisty items, all a little different

..Microsoft releases a fix for frame spoof

See [7] and [8] for a description of this startlingly deep prob-
lem in the architecture of frames. Microsoft has released a patch
for Wintel versions of Explorer 4.01 [9]; patches for Macintosh, HP-
UX, and Solaris versions are not ready yet. As far as I have read,
Netscape has never acknowledged or responded to inquiries about the
frame-spoof problem or said when a fix might be available for Navi-
gator browsers.

[7] http://tbtf.com/archive/1998-11-17.html#s02
[8] http://www.securexpert.com/framespoof/tech.html
[9] http://www.microsoft.com/windows/ie/security/spoof.asp

..No kudos from BugNet

Since 1994 the editors of BugNet have presented an award to a soft-
ware company for the year's best bug-fix performance. This year the
editors surveyed the software field and scowled in disgust, refusing
to grant any award [10]. "We are in the midst of a PC quality / sup-
port crisis," they declare. Here is one sad tale among many that il-
lustrates the sorry attitude of software companies toward the things
they have wrought and the users who are stuck with them.

> Microsoft has a very odd sense of what is and what isn't a
> bug. Earlier this year, BugNet discovered a bug in FrontPage
> which allowed [a user] to delete his entire hard drive --
> including Windows itself -- without a clear warning. This
> was the single most destructive bug we've ever encountered
> ... but Microsoft's response was that this was a feature,
> not a bug.

[10] http://www.bugnet.com/analysis/no_award.html

..Cyber Underwriters Laboratories

The field of computer security has few hard standards: no company
can certify that its software product is secure. Writing on the
l0pht Heavy Industries site, Tan <tan@l0pht.com> suggests look-
ing to Underwriters Laboratories [11] for a model of Net security
certification. Using the example of a UL-certified manufacturer
of safes, Tan writes:

> Vendors claim to be resistant to certain toolsets for cer-
> tain amounts of time. This is not what the computer security
> field looks like today, but is where it needs to go... Cus-
> tomers are pressured by insurance underwriters to use pro-
> ducts that meet UL specifications... Until [Net] losses be-
> come intolerable and insurance is necessary, there may be no
> motivation to drive the certification, approval, or listing
> of [Net security] products by UL or any similar organization.

Thanks to Keith Bostic <nev@bostic.com> for pointing out this pro-

[11] http://www.l0pht.com/cyberul.html

..India warns against US crippleware

An Indian defense official issued a "red alert" [12] against the
dangers of depending on cryptography products developed in the US,
because almost by definition their codes can be broken by US gov-
ernment agencies. Indian might require all local banks and finan-
cial institutions to buy only home-grown crypto software. The let-
ter from the Defence Research and Development Organisation says:

> To put it bluntly, only insecure software can be exported.
> When various multinational companies go around peddling
> 'secure communication software' products to gullible Indian
> customers, they conveniently neglect to mention this aspect
> of the US export law.

[12] http://www.economictimes.com/120199/lead2.htm

..A specialized shopping bot

Uniden introduced a phone at the Consumer Electronics Show that
price-shops every time it's dialed, seeking the cheapest long-
distance rate from among hundreds of plans before each call. The
phone, called the Long Distance Manager, is expected to reach
store shelves this spring at a price of about $49. Thanks to Keith
bostic <nev@bostic.com> for this item.

..Jargon Scout: verbing dog-food

Bringing you the jagged edge of the Net's new lingo since 1995

Jargon Scout [13] is an irregular TBTF feature that aims to give you
advance warning -- preferably before Wired Magazine picks it up --
of jargon that is just about ready to hatch into the Net's language.

Randy Enger <enger at atria dot com> writes:

I heard this twice last month, from two apparently unrelated
sources, one within Rational and one at a Microsoft acronym-
fest [14]. Once might be just irrational exuberance, but twice...

You know the phrase "to eat our own dog-food," employed to
mean that the developers should actually use the products they
develop. Well, dog-food has been verbed.

At Microsoft:

We have to dog-food this architecture before we
release it.

and at Rational, about a new product:

We really need to dog-food this puppy.

(A friend to whom I mentioned this was dismayed by the cannibal-
istic imagery.)

[13] http://tbtf.com/jargon-scout.html
[14] http://tbtf.com/archive/1998-10-27.html#s10

..Physics news of 1998

The brightest stars, the biggest stories

One of my favorite email resources for nudiustertian news from the
world of physics is the AIP's Physics News Update [15], whose re-
search summaries, written by Phillip F. Schewe and Ben Stein, ar-
rive by email weekly [16]. Here are some of Schwe and Stein's picks
as the biggest physics stories in 1998. I've added direct URLs for
the stories as they appeared in PNU.

- The realization (based on observations of distant supernovas)
that the cosmological expansion of the universe is not only
not slowing but is actually accelerating [17], [18]

- The observation of neutrino oscillation [19]

- Bose-Einstein research [20], [21], [22]

- progress in quantum teleportation [23], the complementarity
principle demonstrated for electrons [20]

- quantum computing used to perform simple searches [24]

- the detection of gamma rays from a high-magnetic-field pulsar
(or "magnetar") [25], [26]

- the idea of chaos-based computing [27]

[15] http://www.aip.org/physnews/update/
[16] http://www.aip.org/physnews/update/subpnu.htm
[17] http://www.aip.org/enews/physnews/1998/physnews.355.htm
[18] http://www.aip.org/enews/physnews/1998/physnews.361.htm
[19] http://www.aip.org/enews/physnews/1998/physnews.375.htm
[20] http://www.aip.org/enews/physnews/1998/physnews.362.htm
[21] http://www.aip.org/enews/physnews/1998/physnews.382.htm
[22] http://www.aip.org/enews/physnews/1998/physnews.402.htm
[23] http://www.aip.org/enews/physnews/1998/physnews.356.htm
[24] http://www.aip.org/enews/physnews/1998/physnews.367.htm
[25] http://www.aip.org/enews/physnews/1998/physnews.374.htm
[26] http://www.aip.org/enews/physnews/1998/physnews.394.htm
[27] http://www.aip.org/enews/physnews/1998/physnews.389.htm

..Year 2000 corner

Old McDonald had some code, C-O-B-O-L

For those of you who rejoiced over the holidays because The Little
Drummer Boy drowned out the pervasive babble about Y2K, here's a
little something to jerk you fully into 1999: the latest in barn-
yard sounds from Patrick Tufts <zippy@cs.brandeis.edu>.

> I just taught a tot to say "and the NERD goes why-two-kay,
> why-two-kay".

> --Pat "doomsayer just didn't scan"

The foregoing nugget is carried on TBTF by permission. The author
specified as a condition of publication that the period had to stay
outside the quotation mark.

N o t e s

> This week's TBTF title means, in a backhanded sort of way, "up to the
minute; the latest thing." Mrs Byrne's Dictionary [29] says the word
derives from the Latin phrase "Nunc dies tertius est," meaning "It
is now the third day," so a literal rendering would be "pertaining
to the day before yesterday." The OED is more straightforward [30].

[29] http://www.amazon.com/exec/obidos/ASIN/0806504986/tbtf/
[30] http://tbtf.com/resource/oed-defs.html#nudiustertian

S o u r c e s

> For a complete list of TBTF's (mostly email) sources, see
http://tbtf.com/sources.html .

TBTF home and archive at http://tbtf.com/ . To (un)subscribe send
the message "(un)subscribe" to tbtf-request@tbtf.com. TBTF is Copy-
right 1994-1999 by Keith Dawson, <dawson@world.std.com>. Commercial
use prohibited. For non-commercial purposes please forward, post,
and link as you see fit.
Keith Dawson dawson@world.std.com
Layer of ash separates morning and evening milk.

Version: PGP for Personal Privacy 5.5