Advertisment

Tasty Bits From The Technology Front

author-image
PCQ Bureau
New Update

The week before last Greg Roelofs < href="mailto:newt@uchicago.edu">newt@uchicago.edu> was at the Software Development

conference in San Francisco wearing his “Linux Inside” tee shirt.

Advertisment

For those of you who’ve been on another planet, Linux

(“linn-ucks”) <http://www.linux.com/>

is a freely distributable version of the Unix operating system for 80386, 80486, and

Pentium machines that contains no proprietary code 1996–Ed>. Linux was originally written by Linus Torvalds in Helsinki, Finland and is

now enhanced by a worldwide community of developers. It contains a lot of code written by

Richard Stallman and the Free Software Foundation.

Let Greg pick up his story before arriving in San

Francisco:

"About a year ago I heard about a cute “Linux

Inside" logo patterned after the Intel version. It was nowhere to be found on the net

by that point. SSC–publisher of the Linux Journal–had apparently distributed

stickers with the logo with early issues of the Journal but had been advised to stop due

to the commercial nature of the distribution), so I made my own. I intentionally did not

upload it to ftp sites in order to avoid CD-ROM distribution, but I did add it to my Linux

Logos Web page < href="http://quest.jpl.nasa.gov/Info-ZIP/people/greg/greg_lnxpics.html">http://quest.jpl.nasa.gov/Info-ZIP/people/greg/greg_lnxpics.html>

with a disclaimer that it was intended as satire and should not be used

commercially.”

Advertisment

So, Greg gets some T-shirts made with his cute "Linux

Inside" logo patterned after the Intel version; kind of a light gold on

robin’s-egg blue, can''t you just see it? He wears the tee shirt to SD ''96 on Tuesday

March 25. In retrospect, he acknowledges that wandering into the Intel booth wearing that

particular T-shirt might not have been the brightest idea going. He did enjoy the booth

staffer’s double-take, though.

On April Fool''s Day lawyers from Intel phoned Greg and

requested that he remove all traces of the logo from his Web pages.

He has now done so. But try an Alta Vista search for

"image:linuxinside" any you''ll see 98 other sites sporting the logo, or one

derived from it, or one developed independently. Greg didn''t encourage its spread.

He’s not courting trouble. But Intel will find that trying to suppress this piece of

light satire has about the same effect as clapping your hands on a drop of mercury.

Advertisment

All Greek To Me

Pushing HTML beyond the established standards, as both

Netscape and Microsoft do, can be a two-edged sword. Feeling a bit snippy with Microsoft

today, are we, sir? Like to take it out on the users, would we, sir? Don Reed

reveals an underhanded way to do that. Here''s his response to a

query on the Apple Internet Authoring mailing list:

"I have to recreate a Greek letter to use for a

scientific article. Are the HTML codes for the Greek symbols still in discussion by the

WWW steering committee?"

Advertisment

At present, the best solution is tell people to use

Microsoft Explorer to view it. Microsoft has added a FACE attribute to Netscape''s FONT

entity. The line would look something like “ text text.”

Some Microsoft-hostile people put this line in their pages

routinely. When an Explorer user sees their pages, they’re all Greek!

Sources

Advertisment

Apple Internet Users mailing list-mail href="mailto:listproc@abs.apple.com">listproc@abs.apple.com without subject and with

message: subscribe apple-internet-users Your Name .

Apple Internet Authoring mailing list -mail href="mailto:listproc@abs.apple.com">listproc@abs.apple.com without subject and with

message: subscribe apple-internet-authoring Your Name .

Anatomy Of A Net Attack

Advertisment

Fred Cohen <fc@all.net>

is president of Management Analytics in Hudson, Ohio, a consulting firm specializing in

Net security. The firm operates the Info-Sec Heaven site at <http://all.net/>

and publishes a monthly series of essays called “Internet Holes”, found at href="http://all.net/journal/netsec/top.html">http://all.net/journal/netsec/top.html,

on information-security topics. The March essay, found at href="http://all.net/journal/netsec/9603.html">http://all.net/journal/netsec/9603.html,

espoused a policy of "zero tolerance" for Net attacks:

"Take a zero-tolerance attitude toward investigating

attempts to scan or enter your system. The idea that one attempt to guess a password or

gain unauthorized entry is too small to bother with opens a giant hole. With modern attack

tools, instead of scanning for a lot of services on one computer, I can scan for a few

services at many computers. By staying below your incident detection threshold, an

attacker can go after systems at will and without fear of recourse. With zero-tolerance,

each questionable activity results in another message to the systems administrator at the

site where the attack originates. Pretty soon, the activities will be seen as

significant."

Apparently some twisted Netizen took this policy as a

personal affront on his right to telnet wherever he damn well pleased. Over a period of

several days, a shadowy band of crackers used a newly discovered vulnerability in URLs to

enlist innocent collaborators in a denial-of-service attack. (The defences of all.net

proved more than ample.) Cohen wrote in comp.risks:

Advertisment

"...there is a more basic flaw in the URLs used in the

Internet that appears to make firewalls very weak prey for attackers and enables Web sites

to launch highly distributed and hard-to-trace attacks. The basic flaw was published some

weeks ago... and extensions have now been used to launch probes and attacks by the

thousands from sites all over the net."

Cohen has posted a detailed and disturbing account, at

http://all.net/journal/netsec/9604.html, of the attack on all.net. Read it if you’ve

ever wondered what it’s like to be a system administrator under siege.

How Fast Are Your Web Pages?

Webmasters: do you monitor your servers to see how fast

they are serving pages to users? Do you then think you know something about the quality of

the experience your users have when they visit your site?

Allow Bernard Hughes politely to differ. Hughes offers a

Web service called OnTime Delivery that tracks and reports on the time it’s taking

your users to load your pages. From May to September 1995 he ran a test using 200 pages

volunteered by respondents to Usenet postings. The results, found at href="http://www.timedancer.com/Beta/">http://www.timedancer.com/Beta/, posted last

December, are somewhat counter-intuitive. They lead to the conclusion that most of the

variability in Web performance can be attributed to servers and their

“pipes”–the quality and speed of their network connections.

One finding: Web pages aren’t delivered faster, in

aggregate, at any particular time of day, as href="http://www.timedancer.com/Beta/daily.html">http://www.timedancer.com/Beta/daily.html

reveals. But for any single page, the time required to deliver it can range over a factor

of three or four from one request to another, according to href="http://www.timedancer.com/Beta/spread.html">http://www.timedancer.com/Beta/spread.html.

Taken together, these results seems to exculpate Internet load and implicate servers as

the main contributors to the variability we perceive on the Web.

Another surprise: a 28.8 kbps modem on the client-end

downloaded pages, is, on an average, only 40 percent faster than one running at 14.4 kbps,

according to http://www.timedancer.com/Beta/144v288.html.

Note that these results apply to Web browsing only, and would certainly look different if

you timed other services such as FTP. The OnTime Delivery service costs $2 or less per URL

per week; see http://www.timedancer.com/Forms/Subscription_Form2.html.

Thanks to Frostie Sprout for alerting the Apple Internet Users

mailing list to this resource.

A Model Of Server Performance

Louis Slothouber <louis@starnine.com>

of StarNine Technologies, makers of the leading Macintosh Web server, has developed a

mathematical model of Web server performance—see the executive summary at href="http://louvx.biap.com/white-papers/performance/summary.html">http://louvx.biap.com/white-papers/performance/summary.html

and the full paper at href="http://louvx.biap.com/white-papers/performance/overview.html">http://louvx.biap.com/white-papers/performance/overview.html.

(Adobe Acrobat PDF and MS Word forms of the paper are available from href="http://louvx.biap.com/white-papers/default.html">http://louvx.biap.com/white-papers/default.html.)

The model reproduces the exponential behavior of servers under increasing

load—familiar to Webmasters everywhere—of fairly flat response leading up to a

“wall.” The model indicates that the wall’s position is determined mostly

by available network bandwidth and the average size of files served.

Some intriguing results: when network bandwidth is a

bottleneck, doubling the server’s speed results in only a slight improvement. Adding

a second, identical server has no effect at all. But adding a second server that is slower

than the first actually decreases performance.

Serious Wordsmithery At

Cork and Case

Peter Flynn <webmaster@www.ucc.iw>,

webmaster of University College, Cork, runs a Web-accessible acronym server, at href="http://curia.ucc.ie/info/net/acronyms/acro.html">http://curia.ucc.ie/info/net/acronyms/acro.html,

that has won Magellan 4-star and Point Top-5 percent awards. On my first visit I just had

to see if the 16,252-entry database contained LFSUX; it didn’t so I added it. Thanks

to Peter Langston <psl@acm.org> for forwarding this

marginally CDA-acceptable mnemonic from the alt.folklore.computers newsgroup:

"...the PPC

architecture defines the instruction:

"Load Floating-point Single-precision indeXed with

Update with the mnemonic "LFSUX". Whenever the Mac debugger... finds this in the

disassembly, it adds the comment: "It’s also a bitch, then you die."

Anu Garg at Case Western Reserve University offers an

e-mail interface (described at href="http://www.ucc.ie/info/net/acronyms/mailserver.htmlgarg">http://www.ucc.ie/info/net/acronyms/mailserver.htmlgarg

) to services called Dictionary/by/Mail, Thesaurus/by/Mail, A.Word.A.Day, and

Anagram/by/Mail. (For a Web-based anagram service see href="http://www.infobahn.com/pages/anagram.html">http://www.infobahn.com/pages/anagram.html.)

I use the thesaurus service often enough that I''ve aliased it from all of my

Internet-visible Unix accounts.

Free Services Page

This page, http://www.netmind.com/,

courtesy of NetMind, lists a number of imaginative free services on the Web: e-mail

agents, fax senders, synthesizers, etc. One service listed ( href="http://csugrad.cs.vt.edu/~eburke/anag%20rams.html">http://csugrad.cs.vt.edu/~eburke/anag

rams.html) generates anagrams, though I prefer Anagram Insanity at href="http://www.infobahn.com/pages/anagram.html">http://www.infobahn.com/pages/anagram.html.

There. Now don’t blame me for the hours you’re about to waste.

A most useful free service hosted by NetMind is URL-Minder

<http://www.netmind.com/URL-minder/URL-minder.html>.

While I use URL-Minder extensively, I haven’t wanted to air it on TBTF until some

privacy concerns were addressed. Now that they are, I can recommend this service to you

unreservedly.

URL-Minder sends you e-mail when a URL that you register

changes. It''s that simple, and it''s free.

URL-Minder represents an example of the now classic model

of early Internet commerce. The model is to give away something of value, capture

information about your users, and find a way to exploit that information for gain without

compromising your users'' privacy.

Crime On The Net

Author and Cypherpunk Charles Platt''s < href="mailto:cp@panix.com">cp@panix.com> book "Anarchy Online" will be

published by Harper-Collins sometime in 1996. Platt has retained all electronic rights and

has posted the book to the Web at http://anarchy-online.dementia.org/book/.

Subtitled “A close look at crime in cyberspace; an uncensored look at sex on the

net,” the book discusses the Marty Rimm cyberporn incident, the Communications

Decency Act, the Jake Baker case, and much more. An online document at href="http://anarchy-online.dementia.org/book/anarchy_online.html">http://anarchy-online.dementia.org/book/anarchy_online.html

summarizes each of the seven chapters and has links to the full text.

"Decency" May

Pervert Net Architecture

David P Reed <dpreed@reed.com>

is one of the fundamental inventors of today’s Internet. His paper with Saltzer and

Clark, End-To-End Arguments in System Design, published in the ACM Transactions on

Computer Systems, first characterized the primary approach to the Internet’s

architecture, an approach that arguably has been a pivotal reason for its exponential

growth. This philosophy—to avoid building special functionality into net internals

solely to enforce an end-to-end policy—has led directly to the simplicity, low cost,

and radical scalability of the Internet.

Reed doesn''t involve himself much in political causes, but

rumors of an impending "Exon Box" impelled him to take keyboard in hand. His

post, at href="http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/commentary/comment-reed-960331.html">http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/commentary/comment-reed-960331.html,

has been circulating under the title “End-to-end philosophy endangered.” An Exon

Box is a router designed to enable ISPs to restrict access to "indecent" or

unrated sites unless an "adult" enters an authorization code to allow

transmission of such packets to the site.

Reed expresses the hope that we will work with him to

discourage the use of inappropriate architectural changes to the fundamental routing

policy of the Net to achieve political ends.

Sources: Apple Internet Users mailing

list: mail listproc@abs.apple.com without

subject and with message: subscribe apple-internet-users Your Name. MEME: mail href="mailto:listserv@sjuvm.stjohns.edu">listserv@sjuvm.stjohns.edu with message:

subscribe meme firstname lastname. Web home at <http://www.reach.com/matrix/>.

Patel’s Ruling: Source

Code Is Protected Speech

Early in 1995 Daniel Bernstein, a math graduate student at

Berkeley, filed a lawsuit against several U.S. government agencies with the intention of

rendering unconstitutional the ITAR provisions that limit export of cryptographic

algorithms from the US. Bernstein claimed that the restriction on his cryptographic

algorithm "Snuffle," which he had been fighting since 1991, is unconstitutional

prior restraint of protected speech.

On April 15, US District Judge Marilyn Patel ruled that the

source code for Snuffle is speech that is protected from prior restraint by the First

Amendment to the US Constitution. The decision in this widely followed case will have

implications far beyond the issue of cryptographic export;

it will affect questions of secure electronic commerce and

First Amendment protection of electronic communication.

See < href="http://www.albany.globalone.net/theMESH/claw13.html">http://www.albany.globalone.net/theMESH/claw13.html>

for background on the Bernstein case and on the constitutional questions it raises. At

this writing the full text of the Patel decision is online only in image form < href="http://www.eff.org/pub/Legal/Cases/Bernstein_v_DoS/Legal/Decision_041596/">http://www.eff.org/pub/Legal/Cases/Bernstein_v_DoS/Legal/Decision_041596/>.

The Electronic Freedom Foundation intends to make it available in text form at < href="http://www.eff.org/pub/Legal/Cases/Bernstein_v_DOS/Legal/041596.decision1">http://www.eff.org/pub/Legal/Cases/Bernstein_v_DOS/Legal/041596.decision>,

but it is not there at this moment.

By Keith Dawson <dawson@atria.com>.

TBTF (archived at http://www.atria.com/~dawson/tbtf)

focuses weekly on bellwethers in computer and datacom. To subscribe send the message

"subscribe" to tbtf-request@world.std.com.

By arrangement with Keith Dawson.

Advertisment