by January 4, 1999 0 comments

The week before last Greg Roelofs <newt@uchicago.edu> was at the Software Development
conference in San Francisco wearing his “Linux Inside” tee shirt.

For those of you who’ve been on another planet, Linux
(“linn-ucks”) <http://www.linux.com/>
is a freely distributable version of the Unix operating system for 80386, 80486, and
Pentium machines that contains no proprietary code [it was distributed with PC Quest March
1996–Ed]. Linux was originally written by Linus Torvalds in Helsinki, Finland and is
now enhanced by a worldwide community of developers. It contains a lot of code written by
Richard Stallman and the Free Software Foundation.

Let Greg pick up his story before arriving in San
Francisco:

“About a year ago I heard about a cute “Linux
Inside” logo patterned after the Intel version. It was nowhere to be found on the net
by that point. SSC–publisher of the Linux Journal–had apparently distributed
stickers with the logo with early issues of the Journal but had been advised to stop due
to the commercial nature of the distribution), so I made my own. I intentionally did not
upload it to ftp sites in order to avoid CD-ROM distribution, but I did add it to my Linux
Logos Web page <http://quest.jpl.nasa.gov/Info-ZIP/people/greg/greg_lnxpics.html>
with a disclaimer that it was intended as satire and should not be used
commercially.”

So, Greg gets some T-shirts made with his cute “Linux
Inside” logo patterned after the Intel version; kind of a light gold on
robin’s-egg blue, can”t you just see it? He wears the tee shirt to SD ”96 on Tuesday
March 25. In retrospect, he acknowledges that wandering into the Intel booth wearing that
particular T-shirt might not have been the brightest idea going. He did enjoy the booth
staffer’s double-take, though.

On April Fool”s Day lawyers from Intel phoned Greg and
requested that he remove all traces of the logo from his Web pages.

He has now done so. But try an Alta Vista search for
“image:linuxinside” any you”ll see 98 other sites sporting the logo, or one
derived from it, or one developed independently. Greg didn”t encourage its spread.
He’s not courting trouble. But Intel will find that trying to suppress this piece of
light satire has about the same effect as clapping your hands on a drop of mercury.

All Greek To Me

Pushing HTML beyond the established standards, as both
Netscape and Microsoft do, can be a two-edged sword. Feeling a bit snippy with Microsoft
today, are we, sir? Like to take it out on the users, would we, sir? Don Reed
reveals an underhanded way to do that. Here”s his response to a
query on the Apple Internet Authoring mailing list:

“I have to recreate a Greek letter to use for a
scientific article. Are the HTML codes for the Greek symbols still in discussion by the
WWW steering committee?”

At present, the best solution is tell people to use
Microsoft Explorer to view it. Microsoft has added a FACE attribute to Netscape”s FONT
entity. The line would look something like “ text text.”

Some Microsoft-hostile people put this line in their pages
routinely. When an Explorer user sees their pages, they’re all Greek!

Sources

Apple Internet Users mailing list-mail listproc@abs.apple.com without subject and with
message: subscribe apple-internet-users Your Name .

Apple Internet Authoring mailing list -mail listproc@abs.apple.com without subject and with
message: subscribe apple-internet-authoring Your Name .

Anatomy Of A Net Attack

Fred Cohen <fc@all.net>
is president of Management Analytics in Hudson, Ohio, a consulting firm specializing in
Net security. The firm operates the Info-Sec Heaven site at <http://all.net/>
and publishes a monthly series of essays called “Internet Holes”, found at http://all.net/journal/netsec/top.html,
on information-security topics. The March essay, found at http://all.net/journal/netsec/9603.html,
espoused a policy of “zero tolerance” for Net attacks:

“Take a zero-tolerance attitude toward investigating
attempts to scan or enter your system. The idea that one attempt to guess a password or
gain unauthorized entry is too small to bother with opens a giant hole. With modern attack
tools, instead of scanning for a lot of services on one computer, I can scan for a few
services at many computers. By staying below your incident detection threshold, an
attacker can go after systems at will and without fear of recourse. With zero-tolerance,
each questionable activity results in another message to the systems administrator at the
site where the attack originates. Pretty soon, the activities will be seen as
significant.”

Apparently some twisted Netizen took this policy as a
personal affront on his right to telnet wherever he damn well pleased. Over a period of
several days, a shadowy band of crackers used a newly discovered vulnerability in URLs to
enlist innocent collaborators in a denial-of-service attack. (The defences of all.net
proved more than ample.) Cohen wrote in comp.risks:

“…there is a more basic flaw in the URLs used in the
Internet that appears to make firewalls very weak prey for attackers and enables Web sites
to launch highly distributed and hard-to-trace attacks. The basic flaw was published some
weeks ago… and extensions have now been used to launch probes and attacks by the
thousands from sites all over the net.”

Cohen has posted a detailed and disturbing account, at
http://all.net/journal/netsec/9604.html, of the attack on all.net. Read it if you’ve
ever wondered what it’s like to be a system administrator under siege.

How Fast Are Your Web Pages?

Webmasters: do you monitor your servers to see how fast
they are serving pages to users? Do you then think you know something about the quality of
the experience your users have when they visit your site?

Allow Bernard Hughes politely to differ. Hughes offers a
Web service called OnTime Delivery that tracks and reports on the time it’s taking
your users to load your pages. From May to September 1995 he ran a test using 200 pages
volunteered by respondents to Usenet postings. The results, found at http://www.timedancer.com/Beta/, posted last
December, are somewhat counter-intuitive. They lead to the conclusion that most of the
variability in Web performance can be attributed to servers and their
“pipes”–the quality and speed of their network connections.

One finding: Web pages aren’t delivered faster, in
aggregate, at any particular time of day, as http://www.timedancer.com/Beta/daily.html
reveals. But for any single page, the time required to deliver it can range over a factor
of three or four from one request to another, according to http://www.timedancer.com/Beta/spread.html.
Taken together, these results seems to exculpate Internet load and implicate servers as
the main contributors to the variability we perceive on the Web.

Another surprise: a 28.8 kbps modem on the client-end
downloaded pages, is, on an average, only 40 percent faster than one running at 14.4 kbps,
according to http://www.timedancer.com/Beta/144v288.html.
Note that these results apply to Web browsing only, and would certainly look different if
you timed other services such as FTP. The OnTime Delivery service costs $2 or less per URL
per week; see http://www.timedancer.com/Forms/Subscription_Form2.html.
Thanks to Frostie Sprout for alerting the Apple Internet Users
mailing list to this resource.

A Model Of Server Performance

Louis Slothouber <louis@starnine.com>
of StarNine Technologies, makers of the leading Macintosh Web server, has developed a
mathematical model of Web server performance—see the executive summary at http://louvx.biap.com/white-papers/performance/summary.html
and the full paper at http://louvx.biap.com/white-papers/performance/overview.html.
(Adobe Acrobat PDF and MS Word forms of the paper are available from http://louvx.biap.com/white-papers/default.html.)
The model reproduces the exponential behavior of servers under increasing
load—familiar to Webmasters everywhere—of fairly flat response leading up to a
“wall.” The model indicates that the wall’s position is determined mostly
by available network bandwidth and the average size of files served.

Some intriguing results: when network bandwidth is a
bottleneck, doubling the server’s speed results in only a slight improvement. Adding
a second, identical server has no effect at all. But adding a second server that is slower
than the first actually decreases performance.

Serious Wordsmithery At
Cork and Case

Peter Flynn <webmaster@www.ucc.iw>,
webmaster of University College, Cork, runs a Web-accessible acronym server, at http://curia.ucc.ie/info/net/acronyms/acro.html,
that has won Magellan 4-star and Point Top-5 percent awards. On my first visit I just had
to see if the 16,252-entry database contained LFSUX; it didn’t so I added it. Thanks
to Peter Langston <psl@acm.org> for forwarding this
marginally CDA-acceptable mnemonic from the alt.folklore.computers newsgroup:

"…the PPC [Apple/Motorola/IBM PowerPC chip]
architecture defines the instruction:

"Load Floating-point Single-precision indeXed with
Update with the mnemonic "LFSUX". Whenever the Mac debugger… finds this in the
disassembly, it adds the comment: "It’s also a bitch, then you die."

Anu Garg at Case Western Reserve University offers an
e-mail interface (described at http://www.ucc.ie/info/net/acronyms/mailserver.htmlgarg
) to services called Dictionary/by/Mail, Thesaurus/by/Mail, A.Word.A.Day, and
Anagram/by/Mail. (For a Web-based anagram service see http://www.infobahn.com/pages/anagram.html.)
I use the thesaurus service often enough that I”ve aliased it from all of my
Internet-visible Unix accounts.

Free Services Page

This page, http://www.netmind.com/,
courtesy of NetMind, lists a number of imaginative free services on the Web: e-mail
agents, fax senders, synthesizers, etc. One service listed (http://csugrad.cs.vt.edu/~eburke/anag
rams.html
) generates anagrams, though I prefer Anagram Insanity at http://www.infobahn.com/pages/anagram.html.
There. Now don’t blame me for the hours you’re about to waste.

A most useful free service hosted by NetMind is URL-Minder
<http://www.netmind.com/URL-minder/URL-minder.html>.
While I use URL-Minder extensively, I haven’t wanted to air it on TBTF until some
privacy concerns were addressed. Now that they are, I can recommend this service to you
unreservedly.

URL-Minder sends you e-mail when a URL that you register
changes. It”s that simple, and it”s free.

URL-Minder represents an example of the now classic model
of early Internet commerce. The model is to give away something of value, capture
information about your users, and find a way to exploit that information for gain without
compromising your users” privacy.

Crime On The Net

Author and Cypherpunk Charles Platt”s <cp@panix.com> book "Anarchy Online" will be
published by Harper-Collins sometime in 1996. Platt has retained all electronic rights and
has posted the book to the Web at http://anarchy-online.dementia.org/book/.
Subtitled “A close look at crime in cyberspace; an uncensored look at sex on the
net,” the book discusses the Marty Rimm cyberporn incident, the Communications
Decency Act, the Jake Baker case, and much more. An online document at http://anarchy-online.dementia.org/book/anarchy_online.html
summarizes each of the seven chapters and has links to the full text.

"Decency" May
Pervert Net Architecture

David P Reed <dpreed@reed.com>
is one of the fundamental inventors of today’s Internet. His paper with Saltzer and
Clark, End-To-End Arguments in System Design, published in the ACM Transactions on
Computer Systems, first characterized the primary approach to the Internet’s
architecture, an approach that arguably has been a pivotal reason for its exponential
growth. This philosophy—to avoid building special functionality into net internals
solely to enforce an end-to-end policy—has led directly to the simplicity, low cost,
and radical scalability of the Internet.

Reed doesn”t involve himself much in political causes, but
rumors of an impending "Exon Box" impelled him to take keyboard in hand. His
post, at http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/commentary/comment-reed-960331.html,
has been circulating under the title “End-to-end philosophy endangered.” An Exon
Box is a router designed to enable ISPs to restrict access to "indecent" or
unrated sites unless an "adult" enters an authorization code to allow
transmission of such packets to the site.

Reed expresses the hope that we will work with him to
discourage the use of inappropriate architectural changes to the fundamental routing
policy of the Net to achieve political ends.

Sources: <B>Apple</B> Internet Users mailing
list: mail listproc@abs.apple.com without
subject and with message: subscribe apple-internet-users Your Name. MEME: mail listserv@sjuvm.stjohns.edu with message:
subscribe meme firstname lastname. Web home at <http://www.reach.com/matrix/>.

Patel’s Ruling: Source
Code Is Protected Speech

Early in 1995 Daniel Bernstein, a math graduate student at
Berkeley, filed a lawsuit against several U.S. government agencies with the intention of
rendering unconstitutional the ITAR provisions that limit export of cryptographic
algorithms from the US. Bernstein claimed that the restriction on his cryptographic
algorithm "Snuffle," which he had been fighting since 1991, is unconstitutional
prior restraint of protected speech.

On April 15, US District Judge Marilyn Patel ruled that the
source code for Snuffle is speech that is protected from prior restraint by the First
Amendment to the US Constitution. The decision in this widely followed case will have
implications far beyond the issue of cryptographic export;

it will affect questions of secure electronic commerce and
First Amendment protection of electronic communication.

See <http://www.albany.globalone.net/theMESH/claw13.html>
for background on the Bernstein case and on the constitutional questions it raises. At
this writing the full text of the Patel decision is online only in image form <http://www.eff.org/pub/Legal/Cases/Bernstein_v_DoS/Legal/Decision_041596/>.
The Electronic Freedom Foundation intends to make it available in text form at <http://www.eff.org/pub/Legal/Cases/Bernstein_v_DOS/Legal/041596.decision>,
but it is not there at this moment.

By Keith Dawson <dawson@atria.com>.
TBTF (archived at http://www.atria.com/~dawson/tbtf)
focuses weekly on bellwethers in computer and datacom. To subscribe send the message
"subscribe" to tbtf-request@world.std.com.
By arrangement with Keith Dawson.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

<