|
|
The same argument that Sun makes for Java (write once, run
everywhere) can be made even more forcefully by Wintel: if
we own the everywhere, you only have to write it once. As
objectionable as it sounds, it is a world that MIS directors
technically crave, even as they financially fear it.
![]() |
Microsoft security bugs and exploits See also TBTF for 1999-08-30, 1998-02-02, 01-26, 01-19, 1997-11-17, 11-10, 10-20, 08-11, 06-23, 05-22, 05-08, more... |
The German computer magazine c't [1] commissioned a study of IE4 security features by Ralf Hueskes, an Internet consultant. He found the Microsoft's Dynamic HTML feature allows a Web page to steal any text, HTML, or image file from the computer of an IE4 user, as long as its name and path are known. Hueskes's description of the exploit is here [2]; and an early form of the upcoming c't article [3] is included on the TBTF archive by permission. Here is Hueskes's exploit page [4]. Microsoft has already issued a patch [5] for the problem. See the summary [6] of all MS security bugs and exploits reported in TBTF in 1997.
[1] http://www.heise.de/ct/
[2] http://www.jabadoo.de/press/ie4_us.html
[3] http://www.tbtf.com/resource/ct-exploit-14.html
[4] http://www.jabadoo.de/press/ie4demo.html
[5] http://www.microsoft.com/msdownload/ieplatform/ie4patch/ie4patch.htm
[6] http://www.tbtf.com/resource/ms-sec-exploits.html
Internet Explorer 3 has been popular in the blindness community because it supports Microsoft's Active Accessibility technology, so it works with third-party text-to-speech screen readers. (I wonder what Active Accessibility will be called now that the Active Platform denomination has been discarded on the middenheap of software history [7].) Microsoft advised blind users not to download beta versions of IE4 because Active Accessibility had not yet been fully integrated, but it was promised for the final version of the new browser. The company ran into technical difficulties [8] and reneged on this promise. Activist blind users reacted with considerable anger [9] and threatened lawsuits on human-rights grounds. For insight into the point of view of this community of users, whose lives have decidedly not been enhanced by the advent of mouse-icon-windows software, peruse this archive of the Jaws for Windows mailing list [10].
[7] http://www.tbtf.com/archive/1997-09-29.html#s02
[8] http://www.microsoft.com/enable/products/ie4.htm
[9] http://www.reference.com/cgi-bin/pn/go.py?choice=message...
[10] http://www.reference.com/cgi-bin/pn/listarch?list=jfw@yoyo.cc.monash.edu.au
As a followup to the Sun Microsystems suit against Microsoft [11], and a reinforcement of the importance of COM+ to Microsoft's strategy [12], here is MSNBC [13] on the reason Microsoft didn't ship one of the omitted Java components, remote method invocation. In short, RMI plus Java add up to a credible competitor to COM+.
In my view it's far from clear whether Microsoft was or was not obligated to ship RMI -- it turns on the question of whether RMI is part of "core" Java, and I expect Sun's and Microsoft's lawyers to argue opposite viewpoints, and vehemently.
See these two resources [13b], [13c] for technical details of what RMI is, what pieces of Java Microsoft omitted from IE4, and what was altered.
For those of you who saw the unconfirmed note on the Java Forum site [13d] -- the author now retracts his suspicions.
[11] http://www.tbtf.com/archive/1997-10-06.html#s01
[12] http://www.tbtf.com/archive/1997-09-29.html#s02
[13] http://www.msnbc.com/news/116052.asp
[13a] ftp://ftp.microsoft.com/developr/MSDN/UnSup-ed/rmi.zip
[13b] http://www.javaworld.com/jw-10-1997/jw-10-lawsuit.html
[13c] http://www.javaworld.com/jw-10-1997/jw-10-sdk.html
[13d] http://www.javalobby.org/scripts/forum.dll?13@^3727@.ee6c1a5
![]() |
Cryptography export policy See also TBTF for 2000-02-06, 1999-10-05, 08-30, 08-23, 08-16, 07-26, 05-22, 05-08, 04-21, 03-01, 01-26, more... |
Want to give the Bureau of Export Administration the benefit of your thinking on crypto export controls? You have a rare opportunity to do so, as the Bureau has issued a call for comments [14] on how existing export controls have affected exporters and the general public. The invitation says that the Bureau is "reviewing the foreign policy-based export controls in the Export Administration Regulations to determine whether they should be modified, rescinded, or extended."
The ISP market is consolidating at the top, leaving small, local providers filling niche roles and mid-sized regionals feeling an increasing upward pull. The news last week was IGC's purchase of Netcom [15]. IGC is a so-called competitive local exchange carrier. This new hybrid beast offers local and long-distance services to, among other customers, the Baby Bells. In other telecomm merger news this year we've seen GTE acquire BBN Planet, Intermedia swallow Digex, and WorldCom ingest MFS communications, which had in turn just purchased UUNet Technologies, one of the largest operators of local Internet access. The chances are good that either GTE or WorldCom will acquire MCI.
![]() |
The Alta Vista search engine See also TBTF for 1997-10-20, 08-11, 04-04, 1996-12-24, 01-14, 1995-12-18 |
TBTF for 1997-08-11 [16] noted that the Alta Vista service seemed to be further limiting the number of pages it indexed (or, at any rate, reported) for some Web sites, particularly smaller ones. I'm pleased to note that the ceiling has now lifted. The table shows the number of pages returned for "url:xxx.yyy" Alta Vista searches in August and at present. Thanks to Jamie McCarthy <jamie at voyager dot net> for the pointer.
pp. indexed in: | pp. indexed in: | ||||
site | 08-97 | 10-97 | site | 08-97 | 10-97 |
fas.org | 40 | 16035 | privacy.org | 79 | 238 |
epic.org | 40 | 992 | harvard.net | 616 | 731 |
vtw.org |
40 | 168 | eff.org | 911 | 28535 |
cdt.org | 40 | 336 | microsoft.com | 1854 | 111904 |
patents.com |
40 | 452 | w3.org | 3905 | 185051 |
polymers.com |
40 | 332 | netscape.com | 4517 | 66630 |
tbtf.com | 40 | 519 | geocities.com | 14427 | 358912 |
internic.net | 41 | 24601 | stanford.edu | 49274 | 837292 |
[16] http://www.tbtf.com/archive/1997-08-11.html#Tavs
[16a] http://altavista.digital.com/av/content/pr101497.htm
![]() |
Email spam and antispam tactics See also TBTF for 2000-07-20, 1999-07-19, 1998-11-17, 07-27, 03-30, 02-09, 01-12, 1997-11-24, 10-20, 09-29, 09-22, more... |
On 10/14 Cyber Promotions spammed its 2.9-million-strong mailing list with an offer to sell -- that very same mailing list. You can read the offer in all its oleaginous glory at [17]. Thanks to Karl Hakkarainen <kh at augment-systems dot com> for the timely forward (and to Captain Farris for the spelling lesson).
After being summarily ejected [18] by AGIS, his ISP of last resort, Cyber Promo's Sanford Wallace (who proudly calls himself the Spam King) won a court order forcing AGIS to restore his service for 2 weeks. The mandated resumption has come and gone and news reports now say [19], [20] that Sanford Wallace is electronically homeless. He claims to be servicing his customers (i.e., spamming the rest of us) as usual, however. How can this be? This article ([21], alternate at [22]), posted to news.admin.net-abuse.email, sheds light on the spam-meister's wicked, wicked way of duping innocent folks into serving as his proxy spammer-for-a-day.
[17] http://www.tbtf.com/resource/cyberpro-self-spam.html
[18] http://www.tbtf.com/archive/1997-09-22.html#s02
[19] http://www.news.com/News/Item/0%2C4%2C15374%2C00.html
[20] http://www.wired.com/news/news/business/story/7789.html
[21] http://www.flinet.com/~erwyn/spam/trowbridge.html
[22] http://www.circumtech.com/news/spammerforaday.html
Though Microsoft has by and large removed all traces of Java from its pages [23], it recently introduced a Java-enhanced online customer support site [24]. Not only do you need to visit with Java enabled -- considered an impolite requirement among broadminded webmasters -- but you are required to accept a cookie before you will be helped. You must sip the brew and bite the cookie. (This latter resounding phrase comes courtesy of Jargon Scout [25] Glenn Fleishman <glenn at popco dot com>. Lest we forget how Microsoft truly feels about Java, Glenn D'Mello <Glenn.Dmello at bglobal dot com> forwards this firkin from the IE4 end-user license agreement. Remember, all of us who have downloaded and run IE4 have agreed to these sentiments.
7. NOTE ON JAVA SUPPORT. The SOFTWARE PRODUCT may contain
support for programs written in Java. Java technology is not
fault tolerant and is not designed, manufactured, or intended
for use or resale as on-line control equipment in hazardous
environments requiring fail-safe performance, such as in the
operation of nuclear facilities, aircraft navigation or com-
munication systems, air traffic control, direct life support
machines, or weapons systems, in which the failure of Java
technology could lead directly to death, personal injury, or
severe physical or environmental damage.
[This] software is not designed or intended for use in on-line
control of aircraft, air traffic, aircraft navigation or aircraft
communications; or in the design, construction, operation or
maintenance of any nuclear facility.
HIGH RISK ACTIVITIES. The Software is not fault-tolerant and is
not designed, manufactured or intended for use or resale as
on-line control equipment in hazardous environments requiring
fail-safe performance, such as in the operation of nuclear
facilities, aircraft navigation or communication systems, air
traffic control, direct life support machines, or weapons
systems, in which the failure of the Software could lead
directly to death, personal injury, or severe physical or
environmental damage ("High Risk Activities"). Accordingly,
Licensor and its suppliers specifically disclaim any express or
implied warranty of fitness for High Risk Activities.
Bottom line: there is no story in Microsoft's Java license wording.
[23] http://www.tbtf.com/archive/1997-09-29.html#s03
[24] http://www.news.com/News/Item/0%2C4%2C15057%2C00.html
[25] http://www.tbtf.com/jargon-scout.html
[25a] http://java.sun.com/products/jdk/1.1/LICENSE
[25b] http://home.netscape.com/download/license_text.html
In the middle of the night after Microsoft released IE 4.0,
someone (presumably Microsoft employees) placed a large Internet
Explorer logo on the front lawn of Netscape's headquarters. Though
it was past midnight some Netscape employees were hard at work.
They tipped the IE logo on its side, spray-painted "Netscape Now!"
on the surface facing the road, and surmounted it with a 7-foot
statue of Mozilla, Netscape's mascot. The story was posted to
rec.humor.funny on 10/3 by John Stracke <francis at netscape dot com> and is
mirrored at
[26].
"Sure it's childish," a Netscapee was quoted as saying, "but they started it."
[26] http://people.netscape.com/francis/MozillaTriumphant.html
Glen McCready <glen at substance dot abuse dot blackdown dot org> forwarded a report of yet another delicate tussle occupying the well-oiled legal machine in Redmond. It seems that the English grocery chain Adsa is using the name "microsoft" for its brand of ladies underthings made from polyamide elastane lycra. The story proves elusive on the Web; I could turn up only this single reference from Slate [27], which looks as if it may be ephemeral. The Financial Times site denies all knowledge.
From Computergram (1997-10-13):
Microsoft Corp's busy legal team took time off from working
out their defense to Sun Microsystems Inc's Java suit and got
their "knickers in a twist" over a range of women's underwear.
Red-faced Microsoft executives were outraged when they discov-
ered that UK supermarket group Asda was calling a range of
bras, panties, and thongs "microsoft." The software giant de-
manded that Asda remove the name from its own range of "soft-
wear" because the public might get "confused." Asda chose
microsoft, according to the Financial Times, because the fab-
ric name polyamide elastane lycra, was a bit of a mouthful for
its customers. Now Asda is refusing to drop its microsoft
knickers -- though it has promised only to use the microsoft
name in connection with women's underwear.
SNS -- send mail to sns@tapsns.com requesting a free sample issue.
The newsletter costs $195 for 13 months. Web home at
http://www.tapsns.com/.
TBTF home and archive at http://www.tbtf.com/ . To subscribe send the message "subscribe" to tbtf-request@world.std.com. TBTF is Copyright 1994-1997 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com- mercial use prohibited. For non-commercial purposes please forward, post, and link as you see fit. _______________________________________________ Keith Dawson dawson dot tbtf at gmail dot com Layer of ash separates morning and evening milk.
TBTF HOME |
CURRENT ISSUE |
TBTF LOG |
TABLE OF CONTENTS |
TBTF THREADS |
SEARCH TBTF |