TBTF for 9/22/97: Allez Java
T a s t y B i t s f r o m t h e T e c h n o l o g y F r o n t
Timely news of the bellwethers in computer and communications
technology that will affect electronic commerce -- since 1994
Your Host: Keith Dawson
This issue: < http://www.tbtf.com/archive/09-22-97.html >
_________________________________________________________________________
C o n t e n t s
Fallout from the House crypto debacle
AGIS Internet jettisons the spammers
Northern Light
The ascent of XML
Utility reveals Win 95 passwords
Profiting from typos
Email envy
Voting with their feet
_________________________________________________________________________
..Fallout from the House crypto debacle
Indications [1] are that the Commerce Committee of the US House of
Representatives is likely to vote in favor of unprecedented restric-
tions on Americans' right to be left alone. The so-called Oxley
amendment [2] to the SAFE bill, which started out attempting to
ease encryption export rules, would require Internet technology to
enable immediate access to plaintext for any Net message, without
notification to the sender.
This ZDNet coverage [3] gives an introduction of some of the tech-
nical objections raised last week to the Oxley amendment. Here are
some more recent ones.
- Voices from England [4],[5] and Europe [6] refuted this ap-
proach to encryption. An article in Communications Week Inter-
national [6] claims that the European Commission will refuse
to endorse key recovery in a report to be issued on 10/1/97.
- 28 law professors detailed [7] why the proposed law would be
unconstitutional.
- 65 companies and organizations signed a letter [8] to the House
Commerce Committee opposing Oxley or any similar legislation.
The Congressional Budget Office issued an analysis [9] of the
costs of a key-recovery infrastructure; the top estimate was $2
billion per year. CBO requested expert input into its estimates
(thanks to Rodney Thayer <rodney@sabletech.com> for the first
word on this). Here is some of what the CBO got.
- Donale Eastlake and others estimated upwards of several hun-
dred billion dollars [10].
- William Allen Simpson estimated that Oxley would slow all data
transmission on the Internet by 3 to 8 times, and in addition
would require the construction of a secure infrastructure as
large again as today's Internet for the transmission and stor-
age of users' keys.
- Perry Metzger noted: "The cost to industry of implementing
[Oxley] and... to the government of running it is only the tip
of the iceberg. The cost to the economy [of] criminal activity
that cryptography would normally stop cannot possibly be esti-
mated."
- The last word goes to cryptographer Bruce Schneier: "Law en-
forcement needs to deal with technology. So, no more wiretaps.
Big deal. [FBI Director] Freeh needs to deal with that fact."
[1] http://www.news.com/News/Item/0%2C4%2C14422%2C00.html
[2] http://www.cdt.org/crypto/legis_105/SAFE/Oxley_Manton.html
[3] http://www.zdnet.com/zdnn/content/zdnn/0922/zdnn0013.html
[4] http://www.techweb.com/wire/news/1997/09/0917crylaws.html
[5] http://www5.zdnet.com/zdnn/content/zduk/0918/zduk0001.html
[6] http://www.jya.com/euro-resist.htm
[7] http://www.law.miami.edu/~froomkin/lawprof-letter.htm
[8] http://www.jya.com/safe-oxley-no.htm
[9] http://www.jya.com/gak-costs.htm
[10] http://www.jya.com/gak-costs2.htm
________________
..AGIS Internet jettisons the spammers
Apex Global Internet Services Inc. had tried unilaterally to work
a truce in the spam wars -- it hosted spammers, including the most
notorious of them all, Sanford Wallace's Cyber Promotions, while
sponsoring a trade association of "responsible" spammers: the In-
ternet E-Mail Marketing Council. Last Wednewday the ISP kicked
them all out [11], [12]. It shut down the accounts of three spam
companies and ejected the IEMMC representstive from his office on
the AGISsite. The reasons for the ouster are not clear but may
involve protacted ping-flood attacks directed against CyberPromo.
(Wallace claims that AGIS stopped blocking ping floods a week be-
fore.) This handy page [13] from Randy Benn keeps up-to-date with
news accounts from the spam wars.
[11] http://www.news.com/News/Item/0,4,14429,00.html
[12] http://www.zdnet.com/intweek/daily/970922e.html
[13] http://www.clark.net/pub/rbenn/spam.html
________________
..Northern Light
For the first time since the launch of HotBot, a new player in the
search-engine game bids to index the entire Web. Northern Light [14],
a startup in Cambridge, MA, introduces a new technique -- folders
generated on the fly -- to organize and present search results. The
company offers searches of off-Web content such as journals, maga-
zines, how-to guides, and reference works. Searching the "Special
Collections" is free for now but the company soon start charging;
Web searches will remain free. Wired gives a good summary [15] of
Northern Light's story.
[14] http://www.northernlight.com/
[15] http://www.wired.com/news/news/culture/story/6992.html
________________
..The ascent of XML
The Autumn 1997 number of the World Wide Web Journal [16] will be
a special issue on XML. One of its articles is available on the Web
in pre-copyright form [17]. If you don't know about XML, an evolu-
tionary development from the tradition of SGML and HTML, you prob-
ably should. You'll find a graceful introduction in "The Evolution
of Web Documents: The Ascent of XML," by Dan Connolly, Rohit Khare,
and Adam Rifkin [17].
[16] http://www.w3j.com/
[17] http://www.cs.caltech.edu/~adam/papers/xml/ascent-of-xml.html
________________
..Utility reveals Win 95 passwords
PC Week notes [18] the appearance of a new utility that can reveal
passwords stored in the Windows 95 password list on a local machine.
The tool is called Revelation [19], and it's a free 15K download from
SnadBoy Software. The utility does not rely on decryption; it simply
grabs and displays data from a Windows 95 software buffer. SnadBoy
positions Revelation as a convenience tool for those who have for-
gotten a password that they asked Windows 95 to remember for them.
Its potential for abuse is scary, but fortuately Revelation can't be
used over a network; it must be run from the keyboard attached to a
local machine.
[18] http://www8.zdnet.com/pcweek/news/0908/11mrev.html
[19] http://www.snadboy.com/revelation.shtml
________________
..Profiting from typos
Data Art Corp. [20], a New York Internet consulting company, has hit
on the idea of registering domain names that are slight misspellings
of well-known company or site names. Examples are:
abcnws.com cdnaw.com
atavista.com cityseach.com
barnesandnobels.com compuserver.com
bigfot.com dinsey.com
careermasaic.com dojones.com
careermozaic.com ...
Data Art registered at least 256 such names in the first week in
August. Perhaps they intend to sell the names to people who want to
benefit from "accidental" advertising; meanwhile Data Art is using
the names themselves to this end. Visit a plausible URL constructed
from any of the names and you get an advertisement and an invitation
to contact the company. (The HTML title of each such page is "typo.")
This inventive domain-name wangle was uncovered by Noah Friedman
<friedman@splode.com> and forwarded by glen mccready <glen@qnx.com>.
[20] http://www.dataart.net/about.htm
________________
..Email envy
Daniel Bernstein, the professor who recently won a narrow ruling
[21] in his challenge [22] to US cryptography export restrictions,
acquired a new email address courtesy of the Tonga registry [23].
Robert Harley <Robert.Harley@inria.fr> received a message from
Bernstein at his new address and gave public voice to the severe
case of email envy inspired by
[21] http://www.tbtf.com/archive/12-24-96.html#s01
[22] http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/
[23] http://www.tbtf.com/archive/0110.html#s04
________________
..Voting with their feet
At a recent Microsoft developers' conference in Paris the topic
turned to Java. Microsoft spokesmen began disparaging the Sun-
developed cross-platform language and talking up the Microsoft
alternatives. To the presenters' astonishment, the audience of 1200
developers disrupted the presentation with boos and calls of "Go
Java!" They began walking out of the room -- first in a trickle and
then in a flood. At the end only 50 remained in the audience. This
account [24] of the debacle, penned by an unnamed attendee (believed
to be a Sun employee) was forwarded by Keith Bostic <nev@bostic.com>.
[24] http://www.tbtf.com/resource/gojava.html
_________________________________________________________________________
S o u r c e s
> For a complete list of TBTF's (mostly email) sources, see
< http://www.tbtf.com/sources.html >.
_________________________________________________________________________
TBTF home and archive at < http://www.tbtf.com/ >. To subscribe
send the message "subscribe" to tbtf-request@world.std.com. TBTF
is Copyright 1994-1997 by Keith Dawson, < dawson@world.std.com >.
Commercial use prohibited. For non-commercial purposes please
forward, post, and link as you see fit.
_______________________________________________
Keith Dawson dawson@world.std.com
Layer of ash separates morning and evening milk.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2, by FileCrypt 1.0
iQCVAwUBNCiAnGAMawgf2iXRAQFEJwP9EaunUKSEdVDqKIaxy9vI3jEXI5/dEG44
1CXdOSxIg05AyRVfKxuJB+zbXV+Zbr+X3xjEbfBuiu8OVS0nOv/wX7LEztznA+Tf
NN89yQAx7xEr32xwoI1C4/b3YVSP9kaGtR7cnIqv5WETf8lfKoDCbKvW1zijbHD3
pBCV8pZz2mA=
=7+ow
-----END PGP SIGNATURE-----