56-bit RC5 is the latest victim of the massive distributed computer that is the Internet
In the largest distributed computing show of force ever mounted, an informal worldwide coalition  cracked RSA Data Security's 56-bit RC5 challenge , after 250 days and 34 quadrillion keys -- almost twice the effort required for last summer's DES crack . (The title of this story is the target phrase.) The Bovine RC5 Cooperative writes  (revealing the useful rule of thumb that 1 PowerPC = 2.36 Pentia):
At the close of this contest our 4000 active teams were
processing over 7 billion keys each second at an aggregate
computing power equivalent to more than 26 thousand Pentium
200s or over 11 thousand PowerPC 604e/200s.
Is Internet Explorer a virus?
C|net runs a fine summary  of the various problems reported by folks installing and running Internet Explorer 4.0. Besides the security  and privacy  issues covered by TBTF, users have reported problems with install, uninstall, fonts, graphics and UI, and conflicts with non-Microsoft applications. C|net helpfully supplies links to articles in Microsoft's answerbase and to other Web resources for avoiding these problems or for working around them. Amid this flood of issues, someone (anonymous) posted to rec.humor.funny a warning to watch out for an extremely contagious virus named IE4 . Let's look more closely at two of the recently isolated issues.
Installing IE4 on a Win95 machine apparently introduces a subtle bug in Netscape Navigator, if the latter exists on the machine; deinstalling IE4 does not help. (The problem has been reported with version 3.) Navigator POST or PUT requests fail and show up in Web server logs as "POST or PUT without Content-length" errors. Here is a detailed description of the problem , including a pointer to a mailing list the author has set up to discuss the bug.
Another IE4 problem is described in this c|net story : the browser makes use of a new feature, embedded fonts, in such a way as to render downloaded fonts vulnerable to theft. Microsoft looked into the problem after it was written up in Daniel Will-Harris's column  last week and declared it not to be serious, to the consternation of those who make their living designing commercial fonts.
The Web authoring tool opens up a gaping CGI security hole
On 10/10 Microsoft released beta code for the extensions necessary to use FrontPage 98 on Unix systems. On 10/11 Mark Slemko posted to Usenet the news of serious security holes in the code on Unix systems running the Apache Web server (exploit page is here ). Microsoft paid serious attention and on 10/15 posted a page  recommending against installing FrontPage 98 on Unix/Apache systems until a correction can be developed. (The fix will posted for download from this page  when available.) Slemko's page  gives a solid if brief grounding in the security considerations for CGI programs running under Unix and the failings of the FrontPage solution. He stresses that the problem was caught early because Microsoft, in keeping with Unix convention, published some (not all) of the Unix extension source code. Microsoft pledges  to publish source for the fix as well. Thanks to Jamie McCarthy for word on this security hole.
Right back at'cha
Microsoft countersued Sun in US District Court on 10/27 , , saying that Sun has failed to deliver technology that passes Sun's own test suites and that runs on the Microsoft Reference Implementation. The suit also says Sun did not provide a public set of test suites, as required by their 1996 agreement. Microsoft said Sun "consistently failed in its obligation to treat Microsoft on an equal footing with all other licensees," accusing Sun of business interference and unfair practices for statements that Microsoft's implementation of Java is incompatible with the language as developed by Sun.
A win-win for everybody but the lawyers
Confirming rumors that began circulating nearly two weeks ago, Digital and Intel have announced a settlement agreement  to end their patent disputes. (NY Times coverage is here .) The two companies will expand their relationship; Intel will purchase Digital's semiconductor operations and will provide foundry services back to the Maynard company. In turn Digital anounced plans to develop systems based on Intel's 64-bit architecture, code-named Merced (developed in conjunction with DEC rival Hewlett Packard). The agreement gives DEC a graceful exit strategy from dependence on Alpha, a technically impressive chip that never garnered significant market share. (C|net conducted a poll  in which respondents split down the middle on the question of whether the deal is good news, or the end of the line, for Alpha technology.) The 2500 employees at the Digital fab in Hudson, MA will become Intel employees. Confidential sources within Digital wonder whether the deal could represent a perfect opportunity for the Board of Directors to replace CEO Robert Palmer, who, with his intensive chip-design background, might be an excellent choice to run the fab for Intel.
Claims the software vendor violated terms of a 1995 anti-trust settlement
Justice asked a federal court to fine Microsoft $1M per day for violating a 1995 court order that bars the company from anti-competitive licensing practices . The action was triggered by Microsoft's allegedly requiring PC makers to bundle the Internet Explorer Web browser. The DOJ press release is available at , the original 1995 case at . The two sides will meet in U.S. District Court on 12/5. The heart of the case is raised by this 57-word passage: is Internet Explorer part of the operating system or is it a separate "Covered Product" ?
Microsoft shall not enter into any License Agreement in which
the terms of that agreement are expressly or impliedly con-
ditioned upon: (1) the licensing of any other Covered Product,
Operating System Software product or other product (provided,
however, that this provision in and of itself shall not be
construed to prohibit Microsoft from developing integrated
In a routine Securities and Exchange Commission filing on 10/29, Microsoft said: "Management currently believes that resolving these matters will not have a material adverse impact on the company's financial position, or its results of operations."
The next generation of processors may need approval to export; critics say a new law sets the bar too close to the desktop
A bill to authorize Defense Department spending, which is mere days from going to the President for signature, includes a scarcely noticed provision that may introduce PC exporters to the "joys" of Commerce Department licensing , . An amendment to the authorization bill specifies that machines capable of 2,000 MTOPS (million theoretical operations per second) need a license before export to some 50 countries, including Russia, China, and India. By some reconings, next year's 450-MHz Pentium II machines might exceed the 2,000 MTOPS limit. Other likely candidates are Sun's Ultrasparc III, DEC's 21264 Alpha, and the second-generation Power 3 from IBM. The bill might conceivably apply to multiple-processor machines; if so then it would affect a wide variety of workstations and servers of the current hardware generation.
Live in Phoenix? Fat pipes coming
The Baby Bell planned  to roll out Digital Subscriber Line service to 11 cities early in 1997 with its entire 14-state region to be covered by the end of the year. These plans were delayed and scaled back after a management shakeup . Now the company is ready to begin offering DSL service ,  in a single city, Phoenix. US West does not specify whether its "MegaBit Services" feature the same data transfer rate upstream as downstream; they do say that DSL provides a continuous Internet connection over a line that can handle voice traffic simultaneously. DSL will be phased in over the central offices in Phoenix, eventually covering half a million business and home customers. Denver will follow early next year and other locations in the US West region will be added later. Here's what pricing looks like, after a $199 installation fee.
192 Kbps -- $ 40 / mo.
320 Kbps -- $ 65
704 Kbps -- $125
ObjectWatch, headed by Roger Sessions, specializes in training and development for Microsoft object technologies. Sessions recently completed work on a book about COM and DCOM  and in the course of his research formed what we might assume are informed opinions on Microsoft's attitudes about object technologies. Sessions devotes the current number of his ObjectWatch newsletter  to the Redmond giant's views on Java. Summary:
[Microsoft] fully supports and really likes Java the language.
It is committed to providing competitive tools for developing
Java components to run on the component tier. As far as the
libraries and Java run-time environment, it says let each
company provide the best underlying support for Java that it
can, and may the best architecture win.
Irish Deputy Prime Minister Mary Harney is enjoying an official visit to Silicon Valley . We know she's enjoying it because she said, in a dinner speech to the Irish Trade Board, "I am told that every day, 61 new software millionaires are created in Silicon Valley. I am free this evening if they want to call me." Harney noted that Ireland is now the second-largest exporter of software in the world; its more than 400 software companies turn over $750 million annually. Another sign of Ireland's technical prowess is the recent award to NUA Ltd., an Internet consultancy and developer, Web-site design contract for Thomas Publishing Company's American Export Register . NUA won in an open competition against 11 US Web-development firms. NUA publishes Internet Surveys  and New Thinking , and is a solid exemplar of how to build an online reputation.
SNS -- send mail to firstname.lastname@example.org requesting a free sample issue. The newsletter costs $195 for 13 months. Web home at http://www.tapsns.com/.
TBTF home and archive at http://www.tbtf.com/ . To subscribe send the message "subscribe" to email@example.com. TBTF is Copyright 1994-1997 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com- mercial use prohibited. For non-commercial purposes please forward, post, and link as you see fit. _______________________________________________ Keith Dawson dawson dot tbtf at gmail dot com Layer of ash separates morning and evening milk.