TBTF for 1999-10-05: Offlist

Keith Dawson (dawson@world.std.com)
Tue, 5 Oct 1999 22:06:33 -0400


TBTF for 1999-10-05: Offlist

T a s t y B i t s f r o m t h e T e c h n o l o g y F r o n t

Timely news of the bellwethers in computer and communications
technology that will affect electronic commerce -- since 1994

Your Host: Keith Dawson

ISSN: 1524-9948

This issue: < http://tbtf.com/archive/1999-10-05.html >

To comment on this issue, please visit this page at Take It Offline:
< http://www.takeitoffline.com/1/H/RsNRIBn9EJCQYhlafHO.html >

B e n e f a c t o r s

TBTF is free. If you get value from this publication, please visit
the TBTF Benefactors page < http://tbtf.com/the-benefactors.html >
and consider contributing to its upkeep.

C o n t e n t s

Transmeta aims squarely at Intel
ICANN, NSI, Commerce kiss and make up
US cryptography export rules eased
97 >> 512
A working Israeli quantum computer (not)
Take It Offline: enhancing online discussion
Neural network said to beat people at speech recognition
Quick bits and followups
Amazon's zShops
Google site comes out of beta
Eclipse followups
On trusting code
Egg hunt

..Transmeta aims squarely at Intel

A new patent reveals how they plan to skirt Intel's patents

For over a year folks have been reading the tea leaves of Trans-
meta patent filings [1] to divine what the secretive company is in
business for. Why do we care? Mostly because Microsoft co-founder
Paul Allen is an investor and Linus Torvalds, father of Linux,
works there [2]. Transmeta's new patent [3] reveals, to those who
troll these deep waters, that the company is developing a processor
capable of running the Intel instruction set (no surprise so far)
while skating around Intel's own technology patents. This CNet story
[4] notes that Torvalds has hinted that Transmeta might debut its
products at the Comdex trade show in November [5]. And a TBTF in-
formant who must remain nameless (heck, I don't know who s/he is)
claims that Microsoft's Windows 2000 kernel / driver team possesses
detailed knowledge of Transmeta's strategy and operates under a
non-disclosure agreement with the company. Who knows, in a few
years we may speak of the Winsmeta duopoly.

[1] http://tbtf.com/archive/1998-11-17.html#s05
[2] http://tbtf.com/archive/1997-03-09.html#s07
[4] http://www.news.com/News/Item/Textonly/0,25,424001,00.html
[5] http://www.news.com/News/Item/Textonly/0,25,122755,00.html

..ICANN, NSI, Commerce kiss and make up

An interlocking set of agreements removes some roadblocks stalling
domain-name reform

The three parties have been wrangling over contractual terms for the
last year. Last week they announced a complex series of agreements
that resolve all of the issues outstanding among them, including
funding for ICANN's continuing operations. The best summary I've
found of the interlocking agreements is this fact sheet [6] on
Commerce's site. The agreements could come into effect as early as
November, after ICANN takes public comment and ratifies them.


- NSI assents to ICANN's authority and agrees to sign a modified
Registrar Agreement.

- Commerce takes over operation of the InterNIC.

- The fee NSI charges to competitive registrars drops from $9
to $6.

- NSI agrees in principle to a per-name fee to fund ICANN's
operations, provided that NSI does not owe more than $2M
under such a program. NSI hands over $1.5M to ICANN immed-

- NSI continues to run the authoritative root server for at
least four years. Even after its eventual transfer to ICANN,
Commerce continues to assert policy authority to direct this
server. (I wonder what the EU thinks of this provision.)

- NSI must totally separate its registry and registrar func-
tions. If it accomplishes this within 18 months then it can
hold onto the root server for an additional four years.

- NSI effectively gives up the claim that it owns the intel-
lectual property represented by the .com/.org/.net database.

With the contract fight behind them, ICANN moved forward with their
proposal for a uniform policy for resolving disputes over domain
names [7], [8]. Its main goals are to render domain-name hoarding
profitless and to remove most disputes from the courts in favor of
binding arbitration. ICANN will take public comments [8] on the
proposal until 13 October.

At the recent conference [9] "Governing the Commons: The Future of
Global Internet Administration," many participants were critical of
ICANN's attempts to establish Internet policy, according to this
account [10] written by Ted Byfield <tbyfield at panix dot com> for
the German magazine Telepolis. Byfield notes that ICANN has blown
past the already controversial proposals of the IAHC-gTLD-MoU-CORE
group [11], [12], which wanted to establish "equitable dispute reso-
lution mechanisms." ICANN proposes a much stronger "uniform dispute
resolution policy," drawing even more fire.

[6] http://www.ntia.doc.gov/ntiahome/domainname/agreements/summary-factsheet.htm
[7] http://www.news.com/News/Item/Textonly/0,25,805704,00.html
[8] http://www.icann.org/udrp/udrp.htm
[9] http://www.cpsr.org/conferences/dns99/dnsconf99.htm
[10] http://www.heise.de/tp/english/inhalt/te/5345/1.html
[11] http://www.gtld-mou.org/
[12] http://tbtf.com/resource/domain-name-hist.html

..US cryptography export rules eased

Declare defeat, but stay in

On 16 September the administration announced changes in the US cryp-
tography export regime. Like numerous other changes in the past,
this one was presented as a relaxation of the rules that will bene-
fit consumers. It's far from clear that this is the case.

Once the new rules go into effect in December, after a one-time re-
view any retail product featuring encryption of any strength will
be exportable to individuals and companies -- but not to govern-
ments -- in all but 7 countries worldwide. This relaxation is tied
to funding for a new FBI research lab and to disturbing loosening
of the rules of evidence in court cases that involve encryption.

The Electronic Privacy Information Center links the White House an-
nouncement, commentary, and analysis from this page [13]. EPIC re-
mains agnostic on the proposals. General counsel David Sobel said,
"It appears that the FBI and large computer companies have reached
an agreement on encryption, but that is not necessarily in the in-
terest of the average computer user."

The legislative vehicle for these new initiatives is the selfsame
Cyberspace Electronic Security Act that, in an earlier draft, would
have allowed secret police break-ins to alter computer equipment
[14]. That provision is gone now; it was probably a trial balloon

A week after the latest proposals were announced. EPIC's Mark Roten-
berg found himself sharing a conference panel with William Reinsch,
the administration official tasked with carrying out US crypto ex-
port policy. Rotenberg later described his address to the politech
mailing list:

> I opened by quoting Senator Aiken's line regarding Vietnam
> that the US should "declare victory and then get out." I
> suggested that with the crypto issue, the Administration
> has decided to "declare defeat, but stay in."

[13] http://www.epic.org/crypto/announce_9_16.html
[14] http://tbtf.com/archive/1999-08-23.html#s01

..97 >> 512

International group breaks the seventh Certicom challenge

Irish mathematician Robert Harley announced [15] that his team had
cracked the seventh and most difficult Certicom ECC Challenge prob-
lem to date. Certicom has confirmed the correct result [16]. So far
seven Certicomm exercises and challenges have been cracked since
December 1997; Harley's growing team has broken each one of them.

The solution required 16,000 MIPS-years -- twice the effort of the
recently broken, 512-bit RSA-155 [17]. The team struck it lucky,
finding the solution in less than a third of the expected time.
The distributed computation was run by 195 volunteers, on a total
of 740 computers, over 40 days.

While this result strengthens the case of those who have contended,
on theoretical grounds, that a crypto key based on ECDL (Elliptic
Curve Discrete Logarithms) is inherently harder to break than an
RSA key, it does not prove that assertion. Rather, it indicates
that at the current state of the art, the best mathematical tools
and algorithms known for cracking ECDL take longer to run than the
best tools known for cracking RSA.

On 12 September I posted as a Tasty Bit of the Day Harley's call for
more machines to throw at the problem; others, including TechDirt,
publicized it as well. This graph [18], adapted from Harley's site,
rather dramatically shows the effect of the call for participants.

[15] http://cristal.inria.fr/~harley/ecdl/
[16] http://www.certicom.com/press/99/sept2899.htm
[17] archive/1999-08-30.html#s01
[18] http://tbtf.com/pics/ecdl-prog.gif

..A working Israeli quantum computer (not)

British Sunday paper gets trolled

This Sunday Times (UK) story [19] claims that a European Institute
of Quantum Computing Network has been hastily formed to develop
commercial banking codes based on quantum entanglement. The news-
paper claims:

> The institute was founded a few weeks after news leaked from
> the Israel's Weizmann Institute that it was using a mixture
> of quantum computing and special optical technology to break
> the RSA-512 code, the system used by the European banking
> system. It claims it has developed a hand-held device that
> can break the code in 12 microseconds.

The "special optical technology" sure sounds like Shamir's TWINKLE
[20]. An opto-electronic sieving device, which as far as I know has
never been constructed, is exactly what you'd want if your goal was
to accelerate a brute-force attack on RSA-512. But 12 microseconds?
It seems unlikely in the extreme. Its inventor extimates that TWINKLE
would speed up sieving by a factor of 1000 -- that is, for RSA-512,
this step would take hours instead of months. And quantum computers
are generally thought to be years from practical realization, if not
decades. Here's the succinct dismissal of crypto expert Peter Gut-
mann <pgut001 at cs dot auckland dot ac dot nz>, writing on the EU-
crypto mailing list:

> I would say the quantum crypto aspect is at least as accurate
> as the confused gobbledigook in the rest of the article, which
> looks like it was cobbled together from pieces of reports on
> TWINKLE, the factoring of RSA-512 in August, and a sales pitch
> for some crowd in Europe. I assume the latter was the driving
> force behind the story.

[19] http://www.sunday-times.co.uk/news/pages/tim/99/09/29/timintint02001.html?1341861
[20] http://tbtf.com/archive/1999-05-08.html#s02

..Take It Offline: enhancing online discussion

New free service should prove a boon to list managers, members,
and those in need of ad hoc groupware

Last week Internicity, Inc. released Take It Offline [21]. TBTF is
proud to offer you this exclusive first look. (Full disclosure:
Steve Yost, Internicity's principal, is a TBTF Irregular [22] and a
friend of mine. I offered him ideas and advice from the earliest
days of Take It Offline, and the TBTF Irregulars supplied beta
feedback. I don't have any financial interest in Internicity.)

TIO provides a convenient, lightweight venue for ad-hoc, online
group discussions. Did someone on your mailing list just raise an
off-topic but intriguing idea? In less than a minute you can create
a private TIO discussion space and post its URL to your list. Then
anyone interested in following the diversionary thread can parti-
cipate at Take It Offline. The mailing list stays focused. Once
the TIO discussion winds down, the thread stays live, so you get
no 404s from a mailing list's Web archive or from search spiders.

TIO can be useful in the absence of a mailing list. Say you need
to coordinate a seminar schedule involving 10 people. You can cre-
ate a TIO space and mail its URL to the 10 individuals, then work
out the details in Take It Offline. Those who wish to can get
email each time a note is added to the discussion; a daily digest
is also available.

The site is lean and speedy, light on graphics, clean and attrac-
tive. The privacy policy is featured prominently and it is aggres-
sively visitor-friendly. Posters to TIO can use any name they like;
no registration or passwords are required. An email address is
needed only to start a thread. Cookies are used only for visitor
convenience; the site works fine if you refuse them.

In deference to the recent Jargon Scout entry [23], Internicity has
also registered the name Takeitofflist.com.

Take It Offline can provide a free forum for mailing lists, such as
this one, that don't offer threaded discussions. Let's try it now.
Visit this TIO space [24] if you want to explore TIO's implications
for the dynamics of mailing lists or the workings of hypertexts.
I'll be following this thread closely and posting to it from time
to time.

[21] http://www.takeitoffline.com/
[22] http://tbtf.com/the-irregulars.html
[23] http://tbtf.com/jargon-scout.html#e2e
[24] http://www.takeitoffline.com/1/H/emxb7z9ubBnT5eAuc8l.html

..Neural network said to beat people at speech recognition

But who can replace a man?

Researchers at the University of Southern California announced [25] a
neural network system, curiously unnamed, that they claim performs
better than humans at recognizing words under noisy conditions. In
the tests described, the USC system was pitted against human sub-
jects in the task of picking out individual words amid varying
amounts of white noise or conversational babble. The system per-
formed as well or better than the human subjects across the board;
the noisier the conditions the greater its advantage [26].

The researchers say that this performance, far beyond that of con-
ventional voice-recognition systems, stems from the unique neuron-
mimicking chips they have developed. Like neurons, the chips signal
by varying their *rate* of output. Previous neural circuits kept
their output clocked, ignoring this timing aspect of the way biolog-
ical neurons operate.

It's unclear how well such a system would scale. The reported exper-
iments used only four separate words, on which the USC system had
been trained. Adding more words might dilute its accuracy; such has
been the experience of other neural networks. But USC obtained their
results with a circuit of only 33 neuromime chips, versus the hun-
dreds or thousands of (software or hardware) simulated neurons used
in other research.

I can't judge the significance of this announcement; I've seen some
skepticism directed towards it but no substantial arguments. Perhaps
the researchers are onto something truly important with their un-
clocked neuromimes.

Thanks to Eric Rachner <erachner at aventail dot com> for the first
alert on this story.

[25] http://www.sciencedaily.com/releases/1999/10/991001064257.htm
[26] http://tbtf.con/pics/USC-neural.gif

..Quick bits and followups

A little maze of twisty items, all different

..Amazon's zShops

Everyone writes about Amazon.com. That's because almost anything
they do ends up looking like a leading indicator for where Internet
commerce is headed next. Amazon's latest move is a stunner, but the
jury is definitely out on whether or not it's a good idea. Amazon
has introduced zShops [27], [28], a way for a small business or an
individual to offer anything for sale to Amazon's millions of daily
visitors, using Amazon's fabled One Click ordering. On the one hand,
Amazon continues to do what they've always done best: leave the com-
petition at the last turn scratching their heads. On the other hand,
Amazon looks set to squander its hard-won brand name by representing
hundreds of thousands of items and merchants that don't measure up
to its quality standards.

[27] http://www.seattle-pi.com/business/amaz01.shtml
[28] http://auctions.amazon.com/exec/varzea/subst/home/fixed.html

..Google site comes out of beta

Jochen Schwarze <jochen dot schwarze at orthogon dot de> was the
first to send word of the formal launch of the Google search site
[29]. The company introduces a feature called GoogleScout, which
seems to be a form of "more like this link." TBTF profiled Google
on 1998-05-11 [30] -- the first press coverage for the site in En-
glish, before its founders had left Stanford.

[29] http://www.google.com/pressrel/pressrelease4.html
[30] http://tbtf.com/archive/1998-05-11.html#s08

..Eclipse followups

The article "The partial eclipse at the Duomo" in the previous issue
[31] prompted these notable eclipse pointers.

- Mark Dionne <mdionne at mediaone dot net> directs out attention
to this stunning photograph [32], taken from the Mir space station,
of the August 11 total eclipse on the face of Europe. (Two weeks
later the last Mir crew turned out the lights and pulled the plug

- Peter Kaiser <kaiser at acm dot org> kindly gave permission to
post on the TBTF archive his account [34] of travelling to view
the eclipse. It's not what you might be expecting. Kaiser gives
step-by-step instructions for recreating his eclipse experience
in New york City. On the west side. On Riverside Drive. Oh, just
go read it [34].

[31] http://tbtf.com/archive/1999-09-11.html#s08
[32] http://antwrp.gsfc.nasa.gov/apod/ap990830.html
[33] http://www.cnn.com/TECH/space/9908/28/mir.farewell.reut/index.html
[34] http://tbtf.com/resource/kaiser-eclipse.html

..On trusting code

Think Open Source guarantees you can know what a program does?
Think again

This classic paper [35] by Ken Thompson, co-inventor of Unix, is dis-
quieting in the extreme. It is Thompson's 1984 acceptance speech for
the ACM's Turing Award. Understanding it requires some grasp of the
mechanics of programming. That said, those who read and grok "Re-
flections on Trusting Trust" will emerge considerably more paranoid
than they went in. The effect is likely to be permanent.

> The moral is obvious. You can't trust code that you did not
> totally create yourself. (Especially code from companies that
> employ people like me.) No amount of source-level verification
> or scrutiny will protect you from using untrusted code... As
> the level of program gets lower, these [Trojans] will be hard-
> er and harder to detect. A well installed microcode bug will
> be almost impossible to detect.

I'm interested in what non-programmers are able to make of Thomp-
son's revelations; let's Take It Offline [36]. Other insights on
this paper are welcome too.

[35] http://www.acm.org/classics/sep95/
[36] http://www.takeitoffline.com/1/H/ryToV91WMVflxRhI63YY.html

..Egg hunt

What do you call an Easter egg in a search engine?

Easter eggs, as usually defined, are the amusing personal messages
that programmers leave buried in commercial software [37]. The Web
is broadening the possibilities to which an Easter egg can aspire.
The first search-engine egg I've encountered is built into Google's
priority rules. Whose home page do you suppose tops Google's reply
when you enter "more evil than satan himself" [38]? This offbeat
discovery has been circulating on various mailing lists in recent
days and was picked up by the Memepool [39] blog [40]. If you've
seen any other search eggs, or noted other directions in which
Easter eggs are expanding, let's Take It Offline here [41].

[37] http://tbtf.com/archive/1997-01-29#s10
[38] http://www.google.com/search?q=more+evil+than+satan+himself
[39] http://www.memepool.com/
[40] http;//tbtf.com/jargon-scout.html#blog
[41] http://www.takeitoffline.com/1/H/WuyYlLViKRbpQsFQnC.html

O f f l i s t d i s c u s s i o n s

> These are the forums I've set up at Take It Offline for those who want
to comment on and discuss this issue's articles. I'll be monitoring
and posting to these forums actively until at least 15 October.

- The Take It Offline service and its impact on the dynamics
of email lists and discussions

- Ken Thompson's paper "Reflections on Trusting Trust"

- Easter eggs built into search-engine rules

- Other comments about this issue of TBTF

N o t e s

> Four days on a windjammer off the coast of Maine was the longest I've
been out of reach of IP tone since 1995; couldn't even raise a cell-
phone response. A few of you were kind enough to inquire about the
fate of a certain schooner in the winds of Hurricane Floyd. We trun-
cated the sail a half day early on Thursday morning, fleeing for
Camden harbor in rain and 40-mph following winds. Didn't see another
single darn fool out on the water all the way home. Nice day for a
sail though.

S o u r c e s

> For a complete list of TBTF's email and Web sources, see
http://tbtf.com/sources.html .

TBTF home and archive at http://tbtf.com/ . To (un)subscribe send
the message "(un)subscribe" to tbtf-request@tbtf.com. TBTF is Copy-
right 1994-1999 by Keith Dawson, <dawson@world.std.com>. Commercial
use prohibited. For non-commercial purposes please forward, post,
and link as you see fit.
Keith Dawson dawson@world.std.com
Layer of ash separates morning and evening milk.

Version: PGP for Personal Privacy 5.5