TBTF for 11/17/97: Make no law

Keith Dawson (dawson@world.std.com)
Mon, 17 Nov 1997 07:29:31 -0600


TBTF for 11/17/97: Make no law

T a s t y B i t s f r o m t h e T e c h n o l o g y F r o n t

Timely news of the bellwethers in computer and communications
technology that will affect electronic commerce -- since 1994

Your Host: Keith Dawson

This issue: < http://www.tbtf.com/archive/11-17-97.html >

C o n t e n t s

Which part of "make no law" don't you understand?
Netscape removes Java logo from Communicator 4.04
Pentium "f00f" bug
MSIE buffer overrun
Kashpurev arrested, held in Canada
Another Pacific island is registering domain names
Ganging up on Microsoft
MCI releases free denial-of-service trace tool
Scientology loses a big one
A resource for cryptography news
Learning to write online

..Which part of "make no law" don't you understand?

Son of CDA bill is filed in the Senate

"Congress shall make no law respecting an establishment of religion,
or prohibiting the free exercise thereof; or abridging the freedom
of speech, or of the press; or the right of the people peaceably
to assemble, and to petition the Government for a redress of
grievances." -- First Amendment to the US Constitution (1791)

Sen. Dan Coats (R-Indiana) was the main Republican sponsor of CDA-I.
He has filed a bill, S.1482 [1], that would punish commercial dis-
tributors of material deemed "harmful to minors" with six months in
jail and a $50,000 fine. Unlike CDA-I, this proposed statute applies
only to Web sites. The ACLU, which won in the fight against CDA-I,
says [2] the the new bill is clearly out of bounds: it has serious
constitutional problems with its definition of "harmful to minors,"
and does not make any distinction between material that may be, for
example, harmful to a six-year-old but valuable for a 16-year-old.
The bill does not pin down which community's standards are to be
applied in determining whether material is harmful to minors, but
rather imposes on the FCC and the Department of Justice the task of
explaining what material would infringe the law. The Supreme Court
struggled in vain for years to arrive at a national definition of
the term "obscenity"; "harmful to minors" is obscenity lite and will
prove even more difficult to define. Finally, the proposed law could
apply to online bookstores such as amazon.com and to ISPs -- publish-
ers and carriers who do not originate such material. CDA-I explicitly
exempted carriers such as ISPs from culpability under that law, and
courts have upheld the common carrier nature of ISPs.

The bill has no co-sponsors yet.

[1] http://thomas.loc.gov/cgi-bin/query/z?c105:S.1482:
[2] <a href="http://www.aclu.org/news/n111397a.html">http://www.aclu.org/news/n111397a.html</a>

..Netscape removes Java logo from Communicator 4.04

Browser giant is out of compliance with JDK 1.1

When Sun chided and then sued Microsoft for failing to honor its
Java licensing agreement, Microsoft pointed out that Sun chooses to
ignore the failings of other companies -- particularly Netscape --
to live up to their own contracts. Indeed Netscape has been out of
compliance since it failed to deliver a Java Virtual Machine based
on Sun's JDK version 1.1 [3], which has been shiping since February.
The contract stipulates that Netscape must complete updating its
Java implementations within a stated period after a new JDK ships.
(How long that period is is not public knowledge; I would guess at
6 months.) Netscape has assured Sun that it plans to come into com-
pliance, with Communicator version 5 in the first half of 1988, and
meanwhile Netscape on its own initiative has removed the familiar
"steaming cup" Java logo from the About page of Communicator 4.04.
Netscape notes that its products are fully compliant with JDK 1.0.2,
and that the contract does not require them to remove the logo.

[3] http://www.news.com/News/Item/0%2c4%2c16359%2c00.html


Lately it seems that Intel, Microsoft, and Cyrix are fighting
more bugs than the Starship Troopers

See last week's TBTF [4] for background on these recently surfaced
security issues.

..Pentium "f00f" bug

Intel has developed a software workaround [5] that must now be
incorporated into each operating system that runs on Pentium
hardware -- there are probably a few dozen of these. Each OS
vendor must rigorously test the fix for its impacts on stabil-
ity and performance. A vendor whose user base is not all run-
ning on the current OS version may need to implement the fix
multiple times. Several hundred million users will have to ob-
tain the fix to their OS and install it; many, unlucky, users
will have to upgrade their OS version at the same time. Linux
was first out of the chute with a f00f fix, introduccing patch
2.0.64 [6], which traps the offending op codes before they get
to the CPU, before Intel had announced its workaround. BSDI is
testing a fix. Microsoft says it is "in the process of studying
the implementation of potential workarounds."

..MSIE buffer overrun

Microsoft has posted a fix [7] for the buffer overrun security
problem, #15 on the TBTF 1997 list [8] of Microsoft / MSIE
security issues.


This chipmaker confirms its Pentium workalikes have a problem
too [9], this one surfacing only in multiprocessor configurations.

[4] http://www.tbtf.com/archive/11-10-97.html
[5] http://www.infoworld.com/cgi-bin/displayStory.pl?971114.wintelfix.htm
[6] http://www.linuxhq.com/kpatch21.html
[7] http://www.microsoft.com/msdownload/ieplatform/ie4bufferpatch/patch.htm
[8] http://www.tbtf.com/resource/ms-sec-exploit.html
[9] http://www.news.com/News/Item/0%2c4%2c16347%2c00.html

..Kashpurev arrested, held in Canada

Troubles aren't over for the man who hijacked the InterNIC

Eugene Kashpureff, who hijacked the InterNIC's Web traffic to his
own site as a protest against domain naming policy [10], [11], has
been arrested by Royal Canadian Mounted Police and is expected to
be deported to the US to face charges of wire fraud and computer
fraud [12], [13]. The FBI issued a warrent for Kashpureff's arrest
on 9/12, located him in Toronto late last month, and requested the
cooperation of the RCMP in his apprehension.

[10] http://www.tbtf.com/archive/07-21-97.html
[11] http://www.tbtf.com/archive/07-28-97.html

..Another Pacific island is registering domain names

So what's .nu?

A neighboring island of Tonga [14] has set up in the business of
providing domain names to all comers. Niue (pronounced "new-way"),
population 2000, has made an arrangement with some enterprising
Americans for the privilege of parcelling out .nu domain names [15].
Visit the registry [16] to see it your favorite has already been
claimed. (No, you can't have "whats.nu," it was among the first to
go.) The interesting thing about Niue's entry into the registry
fray is that it is the first to break the $50/year price point --
Niue charges $25 per year.

[14] http://www.tbtf.com/archive/06-23-97.html
[15] http://www.news.com/News/Item/0%2c4%2c16253%2c00.html
[16] http://www.nunames.nu/

..Ganging up on Microsoft

First the Justice Department, then the states; et tu, Nader?

You can't have avoided hearing about the Appraising Microsoft
Conference [17], [18] held in Washington, D.C. last week an
hosted by consumer gadfly Ralph Nader. Nader called Microsoft
"uniquely ruthless"; one of the participants dubbed the company
"the great white shark of the software business: no conscience,
no reticence, just endless appetite." Microsoft executives had
been invited but (sensibly) declined to attend. COO Bob Herbold
sent a public letter [19] to Nader enumerating the ways in which
the deck had been stacked against Microsoft.

Steve Kremer <steve@jokewallpaper.com> thought to call Nader's
office to find out what kind of computer the conference instigator
uses. Answer: apparently, he doesn't use one at all. Kremer sum-
marized thus on the fight-censorship mailing list:

> So when you read the stories coming out of Washington D.C.
> about Nader taking Microsoft to task, remember it's being
> headlined by someone who has probably never had their hand
> on a mouse except maybe to take a dead one out of an OSHA-
> approved trap.

Microsoft's partners are not all uniformly happy with the colos-
sus, though they are understandibly reluctant to speak up in
public. Allan Hurst <allanh@spectrum.us.com> sends this anonymous
account of exchanges between a Microsoft representative and an
attendee at a Northern California Microsoft reseller briefing:

Attendee: "Is it true that NT 5.0 has 27 million lines of
Microsoft: "Why do you want to know?"

Microsoft: "So, as you can see, Small Business Server is a
mission-critical product from Microsoft, and
is our Big Product Introduction for 4Q97. Does
anybody know what will be the Big Product In-
troduction for 1Q98?"


(The "correct" answer, incidentally, turned out to be "NT 5.0".)

One group that is unwaveringly in Microsoft's corner is its share-
holders. Those who have stuck with the company's stock over the last
year have doubled their money. At the annual meeting, after the
speech in which Bill Gates called the Nader conference a "witch
hunt," the attendees gave him a standing ovation.

[17] http://www.essential.org/appraising/microsoft/
[18] http://www.yahoo.com/headlines/971114/tech/stories/nader_1.html
[19] http://www.microsoft.com/corpinfo/nader/11-13nader.htm

..MCI releases free denial-of-service trace tool

Helping system administrators find the source of DoS attacks
more quickly

MCI has released a must-have tool for system administrators: the
Denial of Service Tracker [20]. This security program simplifies the
process of tracing DoS attacks, which aim to overload a target com-
puter system to the point that it's unusable for anything else. The
program works against SYN flood [21], ping flood [22], bandwidth sat-
uration, and concentrated source attacks. Other DoS-based attacks
are being added.

[20] http://www.security.mci.net/dostracker
[21] http://www.tbtf.com/archive/09-23-96.html#s01
[22] http://www.tbtf.com/archive/08-04-97.html#s01

..Scientology loses a big one

The original church, stripped of $340M, can't hide behind new
corporate shells

A Federal judge has issued a definitive ruling that clears the way
for hundreds of lawsuits to go forward against the self-declared
religious organization, and in addition calls into question its
tax-exempt status [23]. When faced with paying a $6M judgement to a
creditor, the Church of Scientology of California dissolved itself
and transferred its assets to two new organizations called the
Church of Scientology International and the Religious Technology
Center. The judge ruled that the new Scientology corporations are
merely shells controlled by and identical to the disbanded mother
church so their assets are subject to court judgements against the
original institution.

Why am I writing about Scientology, new readers may wonder? The CoS
has worked aggresively, using channels legal and dirty, to stifle
free speech on the Internet and may have been responsible for shut-
ting down a long-running anonymous remailer, anon.penet.fi [24],

[23] http://www.factnet.org/Scientology/court.htm
[24] http://www.tbtf.com/archive/08-21-95.html
[25] http://www.tbtf.com/archive/09-08-96.html

..A resource for cryptography news

Reuters covers the crypto wars

Those who follow the cryptography debate might want to bookmark
this page [26] for Reuters News Service stories written (mostly)
by Aaron Pressman.

[26] http://www.crypto.com/reuters/

..Learning to write online

After 15 months at Slate, Michael Kinsley reflects on what the
publication has learned

This 2-week-old c|net story [27] tells of a letter that Slate's edi-
tor posted on the Microsoft site. The letter itself is long gone --
after all, 5 months have passed in Internet time -- no trace of it
remains on Slate's site or on Microsoft's. Reportedly, Kinsley has
learned that writing on the Web, delivered quickly and with much
less editing, tends to be less formal than that of print publica-
tions. Do tell. He adds that as the online magazine continues to
evolve features will be "collections of very small, easy-to-digest
morsels that still add up to a substantial meal." Sounds like Tasty
Bits to me.

[27] http://www.news.com/News/Item/0%2c4%2c16094%2c00.html

S o u r c e s

> For a complete list of TBTF's (mostly email) sources, see
< http://www.tbtf.com/sources.html >.

> fight-censorship -- mail fight-censorship-announce-request@vorlon.-
mit.edu without subject and with message: subscribe . Web home at
< http://www.eff.org/~declan/fc/ >.

TBTF home and archive at < http://www.tbtf.com/ >. To subscribe
send the message "subscribe" to tbtf-request@world.std.com. TBTF
is Copyright 1994-1997 by Keith Dawson, < dawson@world.std.com >.
Commercial use prohibited. For non-commercial purposes please
forward, post, and link as you see fit.
Keith Dawson dawson@world.std.com
Layer of ash separates morning and evening milk.

Version: 2.6.2