>Sent: Saturday, January 11, 1997 3:35 PM
>Subject: TBTF for 1/11/97: Numberless infinities
>-----BEGIN PGP SIGNED MESSAGE-----
>__ __| _ )__ __| ___| .adAMMMb. .dAMMMAbn.
> | _ \ | _| .adAWWWWWWWWWAuAWWWWWWWWWWAbn.
> _| __/ _| _| .adWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWbn.
> Tasty Bits "~^Y" / ..dMWMP".ammmmdMMMUP^~"
> from the | Y dMAbammdAMMMMMMP^~"
> Technology Front | | MMMMMMMMMMMMU^"
> l : Y^YUWWWWUP^"
>Your Host: Keith Dawson \ j
> To read this issue of TBTF on the Web see
> Commerce Department issues new rules for cryptography export
> The crypto debate in a nutshell
> Information warfare: studies military and civilian
> RSA challenges the Net to break 56-bit DES
> Three ways to fight email spam, and two asides
> Will Compaq acquire Digital?
> IAHC domain-name plan is drawing fire
> Worldwide roaming acess
> Microsoft backpedals on license wording
> FC97 conference, Anguilla, BWI: bandwidth on a beach
> Pretty bad publicity
> The Saturn-like object near Comet Hale-Bopp
> Numberless infinities
>||| Commerce Department issues new rules for cryptography export |||
>The new regulations governing crypto export are dubbed EAR (Export
>istration Regulations) -- for the hypertext version  thank John
><email@example.com>: the full text  weighs in at 109K. EAR replaces the
>(International Trafficking in Arms Regulations), administered by the
>Department since the early days of the Cold War. The revised
>contain the same "prior restraint" features that got the ITAR declared
>unconstitutional in Federal court in December . The plaintiff in
>case, Daniel Bernstein, has requested  that the government delay im-
>plementing the new rules until a judge rules on their
>if such a delay is not stipulated  then Bernstein will ask for an
>junction. Bernstein is scheduled to begin teaching a class on
>next Monday 1/13/97, and unless the EAR is delayed he could face
>tion if he posts course materials on the Internet.
>Posters to the Cryptography mailing list, particularly Lucky Green
><firstname.lastname@example.org>, have uncovered the following wrinkles in the new
>regulations. In each post Green cautions "IANAL" (I am not a lawyer),
>and I hereby do the same.
>o The EAR bans the export of certain non-crypto data security software
> such as virus checkers and firewalls. Any U.S. company offering a
> virus checker for download on its Web or FTP site is probably in vio-
> lation of the EAR.
>o Key-recovery provisions stipulate that keys be made available without
> knowledge of the user. Some suggested key-recovery schemes would
> the user when keys were requested; such schemes are presumably now
> of bounds.
>o The new rules forbid U.S. entites from entering into foreign
> for cryptographic work, closing the loophole long used by C2 and
> . The prohibition against "financing, contracting, service,
> transportation, freight forwarding, or employment" can be found about
> halfway down ; search for "General Prohibition Seven."
>||| The crypto debate in a nutshell |||
>Carl M. Ellison <email@example.com> has put considerable thought into
>ing the debate over cryptography, and his distillation of the central
>issue  is one of the more clearheaded pieces of writing you'll find
>anywhere in this emotional landscape. As Ellison sees it, a fundamental
>question goes unaddressed by either side: do citizens of a country have
>a right to attempt to achieve privacy from their government, or should
>they be forced to submit to covert surveillance? Both sides vigorously
>behave as if the answer to this question were obvious, but their
>answers are diametrical opposites.
>If anyone wishes to contribute an analysis based on quantum
>ity, I'll publish any such essay that that illuminates the debate.
>||| Information warfare: studies military and civilian |||
>A panel security experts convened by the Defense Department recommended
>spending an additional $3 billion over the next 5 years to stiffen U.S.
>telecom/computing infrastructure resistance to an anticipated
>Pearl Harbor." The story appeared in the Wall Street Journal for
>you will need to sign up for a trial subscription to follow this link
>The report is bluntly worded and calls the current military
>security practices and assumptions "ingredients in a recipe for a
>security disaster." (Military spokesmen demur, anxious not to
>outside kibbutzing on their current $1.6B annual info-security budget.)
>The task force's chairman, Duane Andrews, noted in an interview that
>law forbids the military from implementing strong countermeasures, such
>as a program to "repel and pursue" those who try to hack into DoD com-
>puter systems. He wants the law changed so the Pentagon can respond by
>injecting attackers' computers with "a polymorphic virus that wipes out
>the system, takes it down for weeks." Fans of due process will be grat-
>ified that there is no report of such a technique (William Gibson
>it "ice") being mentioned in the study proper.
>Andrews added, "Most of the stuff in [the report] is a message to
>try, too. A large international bank has exactly the same problems and
>challenges as the Defense Department."
>Dan Farmer <firstname.lastname@example.org> would probably agree. The man whose 1994
>release of the SATAN security-scanning program  got him dismissed
>from SGI has recently published  the results of a study in which he
>examined the vulnerability of 1700 high-profile, commerce-oriented Web
>sites. These are the kind of sites we'd like to believe are exquisitely
>sensitized to security concerns. Farmer did nothing illegal, he claims:
>"I barely electronically breathed on these hosts." Nevertheless he
>over 60% of the sites vulnerable to compromise or destruction by simple
>and widely known breakin techniques. He estimates that a further 10% to
>20% would yield to more sophisticated attacks.
>Thanks to Dan Kohn <email@example.com> for pointing me to the military
>study and to Keith Bostic <firstname.lastname@example.org> for the civilian.
>||| RSA challenges the Net to break 56-bit DES |||
>RSA wants to demonstrate the relative vulnerability of the 56-bit Data
>Encryption Standard (approved for export, with key recovery under the
>new EAR) against the company's own RC5 Symmetric Block Cipher
>RSA will award $10,000 to the first sender of the secret DES key used
>to encode a target "ciphertext," which they will post to their Web site
>on 1/27. At the same time the company will initiate 12 shots at RC5,
>RSA's block cipher (summary at , details at ). Participants are
>challenged to discover RC5 keys ranging in length from 40 to 128 bits
>in steps of 16 bits; prizes offered range from $200 to several thousand
>dollars based on key length.
>Peter Trei <email@example.com> has been working on code to make it easy
>for PC users across the Net to participate in these challenges. He
>in a work-in-progress reports to the Cryptography list that code should
>be available by mid-to-late January.
>||| Three ways to fight email spam, and two asides |||
>If you use email you're in no doubt that spam is on the rise. Zero Junk
>Mail Inc.  offers the service of removing your name from the
>lists; they claim they can reduce your junk mail by 75% within a year.
>The catch is that even those spam practitioners who follow the recom-
>mendations of the Direct Marketing Association by offer their victims a
>way off their lists may not accept third-party "unsubscribe" requests.
>Media Daily spotlights ZJM and two other antispam products at .
>TSW offers a $10 shareware package called eFilter  for PCs that
>views the email waiting on your POP server and deletes messages
>ing keywords that you specify, leaving a log for your examination. The
>drawback here is that it only works for repeat offences from a
>spammer. Don't know about you, but the bulk of the spam I receive is
>Rosalind Resnick <firstname.lastname@example.org>, one of the early practi-
>tioners who helped us all to figure out how online marketing could be
>done within the best traditions of the Net, may have invented a better
>way. Her NetCreations site offers a service  at which users can
>up for online solicitations that they actually want to read. At the
>time of my visit the site listed 1327 areas of interest. I sincerely
>hope that the online direct-marketing community flocks to Resnick's
>service and she becomes very rich. The gloomy alternative is spelled
>out by John C. Dvorak <email@example.com> in the December 1996 Boardwatch
>> In direct mail, you lose money if you solicit people who do not want
>> to buy. So you are careful [to target your messages] or you go broke.
>> With email marketing, this natural selection process will never hap-
>> pen... Why should anyone care about targeting when mail is free?...
>> I wonder what we will do when thousands of spams show up in our email
>> each and every day?
>Aside (1): speaking of early practitioners, I recently recrossed the
>traces of Christopher Locke <firstname.lastname@example.org>, whose writings while
>he was at Mecklermedia, in 1994, laid the foundations for my thinking
>about online marketing. Locke is now VP Business Development and web-
>master at Displaytech , a Colorado manufacturer of "portable
>that don't suck." His breathlessly postmodern press release begins:
>> Displaytech makes miniature high-resolution full-color multi-hyphen-
>> modified displays that fit on a computer chip the size of your thumb-
>> nail. magnifying the image yields a virtual screen as good as any
>> desktop monitor. the tech is fast and small enough so that it can
>> be embedded in head mounted color displays that don't make the people
>> wearing them look as if they just landed from mars.
>Aside (2): speaking of Boardwatch magazine, their third quarterly guide
>to U.S. ISPs is now available; it contains the best answer, in
>detail, that I have ever read to the question: What is the Internet?
>article, written by editor Jack Rickard, like the rest of the ISP guide
>is available on the Web  (53K), but I suggest you obtain  the
>trees edition and give it close study.
>||| Will Compaq acquire Digital? |||
>A rumor to this effect was carried in ComputerGram some time before
>If you have a subscription (I don't, myself) you can follow this link
>Rumors over the last six months have suggested that Compaq, desiring to
>be taken seriously as an enterprise-capable computer company, wanted to
>Digital's systems support business. These talks came to a halt and were
>renewed recently, again according to rumor, this time with the aim of a
>full acquisition. ComputerGram runs through a money exercise to
>that at current stock prices such a deal would make sense even if
>closed down the Alpha chip business and wrote it off.
>||| Followups |||
> || IAHC domain-name plan is drawing fire ||
> TBTF for 12/24/96 
> TechWire reports  that opposition is mounting to the draft Inter-
> national Ad Hoc Committee plan for extending the number of top-level
> domains. Complaints include the 60-day waiting period for new names
> and the proposed lottery system for choosing the initial suppliers.
> The president of one Web-design firm, who has invested to develop
> the unofficial top-level name .web, says he is "unwilling to roll
> the dice" on this sunk cost. An overall criticism is that the com-
> mittee's recommendations are unbalanced, favoring large tradename
> holders at the expense of smaller players -- a charge that is fre-
> quently levelled against InterNIC, which currently holds a monopoly
> in granting top-level names.
>  <http://www.tbtf.com/archive/12-24-96.html>
>  <http://188.8.131.52/wire/news/0105domain.html>
> || Worldwide roaming acess ||
> TBTF for 11/12/96 
> Netcom, one of the largest U.S. ISPs, has signed with AimQuest 
> provide global roaming access to its customers. AimQuest's program is
> one of several sources of "virtual tunneling" among a network of ISPs
> to extend the geographical reach of all the members.
>  <http://www.tbtf.com/archive/11-12-96.html>
>  <http://www.aimquest.com/ncrel.html>
> || Microsoft backpedals on license wording ||
> TBTF for 12/14/96 
> Microsoft will reword its Java SDK license agreement to assuage user
> fears that their applications might be legally bound to run
> on Microsoft's Java Virtual Machine. According to TechWire , some
> user organizations have told their engineers to de-install the Visual
> J++ Java development environment, worried that under deadline
> engineers might succumb to the temptation offered by existing ActiveX
> (i.e., OLE) components -- thus rendering important aplications
> specific and obviating the "write-once, run-anywhere" promise of
>  <http://www.tbtf.com/archive/12-14-96.html>
>  <http://184.108.40.206/wire/news/0105java.html>
> || FC97 conference, Anguilla, BWI: bandwidth on a beach ||
> TBTF for 9/23/96 
> Preparations continue apace for the first refereed conference on
> cial cryptography. Robert Hettinga <email@example.com>, one of the
> ganizers, reports that Community Connexion is about to make the
> largest ecash transaction to date by purchasing its exhibition space
> using DigiCash's ecash .
> Below is an excerpt from a Hettinga rant in which he expounds, with
> storied prolixity, on the reasons why you must attend this
> Reason number 8:
> > FC97 is chance for those of us who only know each other on the net
> > to actually meet face to face and start to develop the kind of per-
> > sonal relationships and trust we'll all need to create the future
> > of finance on the Internet... And, while the whole point to finan-
> > cial cryptography is that we won't need to have face-to-face
> > for financial relationships, much less regulation, there's still,
> > currently, more bandwidth in a conversation on an Anguillan beach
> > to develop that trust relationship than there is anywhere on the
> > Internet.
> I've got my reservations in (settlement by First Virtual) -- if
> going I'll see you on the beach in February.
>  <http://www.tbtf.com/archive/09-23-96.html>
>  <http://www.digicash.com/>
>||| Pretty bad publicity |||
>Herewith two examples of corporate moves that the PR firms of PGP, Inc.
>and Viacom should have warned their clients away from.
>o Mark Rosen <firstname.lastname@example.org> is developing a program he has been
> calling Very Good Privacy. He received a complaining letter from PGP,
> Inc. and was casting about for a new name. Posting a call for alter-
> natives to the cypherpunks mailing list (subject: "The product
> ly known as VGP") netted these not terribly helpful suggestions:
> >>From Timothy C. May <email@example.com>:
> > How about something like "Really Secure Algorithm"? (I doubt
> > people would confuse your program with the Republic of South
> > Africa, usually abbreviated as "RSA," so there should be no
> > further collision problems.)
> >>From <firstname.lastname@example.org>:
> > Call it Prince Cypher, the product formerly known as VGP.
> A tip of the Tasty Hat to Peter S. Langston <email@example.com> for this
> one. Further credit where due: Langston titled his email "Pretty bad
>o From Edupage (1/5/97):
> > Viacom, which owns the copyright to "Star Trek" products, is
> > Web sites to remove any Star Trek artistic renderings, sound files,
> > video clips, and book excerpts they are now presenting. There is an
> > official Star Trek site available on the Microsoft Network,
> > only to MSN subscribers. (Atlanta Journal-Constitution 3 Jan 97 F3)
> An Infoseek search turns up 84,618 sites that contain the phrase
> Trek," and 8,044 with this phrase in their title. That's a lot of
> bles to stomp.
>||| The Saturn-like object near Comet Hale-Bopp |||
>Comet Hale-Bopp is now separating from the sun in the morning sky and
>is expected to make a spectacular showing over much of the world in
>March and April. It may even be The Comet of the Century, though astro-
>nomers are touchingly reticent to say so after the over-hyped and dis-
>appointing displays of Kohoutek in 1974 and Halley in 1986.
>Riley Rainey <firstname.lastname@example.org> sent along a fine piece (titled
>Bits from the Astronomical Front) regarding the comet and the furor
>erupted around it last November. Three days later the Red Rock Eater
>Service carried an account of the affair by Paul Saffo, emphasizing
>the Internet can be used to quash a rumor that happens not to be true,
>well as it can be used to fan one.
>Last November an amateur astronomer named Chuck Shramek took a photo-
>graph that had him puzzled: it seemed to show a "Saturn-like object" in
>the field of view with the comet. Shramek could not find any
>ing bright star with his PC-based "sky" software, MegaStar. Making the
>assumption that the unknown object was near the comet when imaged,
>concluded that this was a UFO four times as large as the Earth. He
>a late-night national talk-radio show hosted by Art Bell and, as Rainey
>> Lots of furor followed. The San Jose Mercury News covered it. MS-NBC
>> covered it. Megabytes of netnews traffic. Outraged scientists. Out-
>> raged conspiracy buffs. Outraged aliens...
>Russell Sipe <email@example.com> had been growing an award-winning site
>devoted to the comet with contributions from its discovers, Alan Hale
>and Tom Bopp. Within a couple of days he had pulled together a defini-
>tive debunk  of the Saturn-Like Object: identifying it (it was the
>8th-magnitude star SAO 141894), explaining its apparent ring-like
>and guessing plausibly why Shramek had failed to identify it using
>The comet will make its closest approach to the sun in late March and
>closest approach to Earth on April 1. It will then be about 100 million
>miles away. See  for help in visualizing Hale-Bopp's path through
>inner solar system.
>||| Numberless infinities |||
>TBTF for 5/20/96 
>Microsoft Word macro viruses are on the rise. This URL  details six
>macro viruses that infect Word documents or templates; a further 152
>are listed but not described in full. DataFellows sells products for
>Windows and OS/2 environments that detect and remove these viruses, as
>well as the numberless infinities of more conventional viruses tied to
>a single platform .
>>> Today's TBTF title comes from a 17th-century sonnet by the English
>> poet John Donne -- somehow it seems especially appropriate in this
>> pre-millenial time. Holy Sonnet number VII begins:
>> At the round earths imagin'd corners, blow
>> Your trumpets, Angells, and arise, arise
>> From death, you numberlesse infinities
>> Of soules, and to your scattred bodies goe...
>>>For a complete list of TBTF's (mostly email) sources, see
>>>E.Commerce Today -- this commercial publication provided background in-
>> formation for some of the pieces in this issue of TBTF. For complete
>> subscription information see <ftp://ftp.tbtf.com/e.commerce-today.txt>.
>>>Cryptography -- email firstname.lastname@example.org without subject and with message:
>> subscribe cryptography [ email@example.com ] .
>>>Edupage -- mail firstname.lastname@example.org without subject and with message:
>> subscribe edupage Your Name . Web home at <http://www.educom.edu/>.
>>>Red Rock Eater News Service -- mail email@example.com
>> without subject and with message: subscribe . Web home at
>> <http://communication.ucsd.edu/pagre/rre.html>. Email-based archive
>> at <http://communication.ucsd.edu/pagre/archive_help.html>.
>TBTF alerts you weekly to bellwethers in computer and communications
>nology, with special attention to commerce on the Internet. Published
>1994. See the archive at <http://www.tbtf.com/>. To subscribe send the
>sage "subscribe" to firstname.lastname@example.org. TBTF is Copyright 1996
>Keith Dawson, <email@example.com>. Commercial use prohibited. For
>commercial purposes please forward and post as you see fit.
>-----BEGIN PGP SIGNATURE-----
>-----END PGP SIGNATURE-----