News and commentary from the cross-platform scripting community.
|
||
|
Mail Starting 9/30/97 | |
It's worth noting that TeamFusion won't work unless your server is running on Windows NT 4.0. And the client only works on Windows 95 or NT. Seems like the "team" NetObjects is catering to is pretty homogenous.
From: mark_gardner@merck.com (Gardner, Mark J.);
Sent at 9/30/97; 3:38:45 PM;
Whose team is NetObjects on?It'd be interesting to run a poll focused on website development teams to find out the mix of platforms involved. I suspect that the percentage for whom TF is a good fit is relatively small.
See http://www.netobjects.com/html/sysreqbodyabouttf.html.
Turn on "recycle passwords" in PGP. I think it can be made to timeout in any number of minutes up to 5 (future versions of PGP will allow longer times).
From: sdorner@qualcomm.com (Steve Dorner);
Sent at 9/30/97; 3:17:26 PM;
Re:"pgp & eudora"Steve:
From: dwiner@well.com (Dave Winer);
Sent at ;
Re:"pgp & eudora"When DaveNet pieces go out there are about 100 pieces of email.
It's too much work to enter the passphrase 100 times.
Dave
I'm not sure I think clicking the sign button is all that much work, but in any case if you save some stationery with the sign flag on and set it as the default stationery, messages will be signed by default.
From: sdorner@qualcomm.com (Steve Dorner);
Sent at 9/30/97; 2:49:04 PM;
pgp & eudoraAfter reading your site for so long, I was suddenly hit--wow, I've got something to say in my own little world and Mr. Winer and co. have provided the perfect medium for me to say it! Thanks.
From: biztech@worldnet.att.net (Bruce Jorgensen);
Sent at 9/30/97; 12:25:07 PM;
wow, I've got it!Soon, probably by the end of October, I'll have my own Frontier hosted site up focused on small biz entrepreneuring. I teach a class locally on how to get going in a small biz. The good, local site dedicated to everything small biz will be my goal. I take as my inspiration the following:
"Nothing in the world can take the place of persistence. Talent will not; nothing is more common than unsuccessful men with talent. Genius will not; unrewarded genius is almost a proverb. Education will not; the world is full of educated derelicts. Persistence and determination alone are omnipotent. The slogan "Press On" has solved and always will solve the problems of the human race." --Calvin Coolidge
I'm hoping to call my site "Big-Plans" Thanks again for your persistence with your 3+ years of singing the "keep digging" song.
Good cryptography is really hard to do. Its hard enough to cover up the security flaws in the existing systems and its a joke to think that "secure" back doors can be safely added "just in case" someone needs access. One of the most interesting aspects of crypto development is that the hackers are a necessary part of the development cycle. They're the ones who prove the worth of the crypto software.
From: mark@apple.com (Mark Altenberg);
Sent at 9/30/97; 10:37:11 AM;
Re:Bill Gates on PrivacyThe implications of the power of the community on the Internet are probably demonstrated more by the interest in the use of cryptography than almost anything else. Have you ever wondered what you could do if you could use the idle CPU cycles of 10,000 connected computers? Check out the Bovine RC5 cracking effort at http://rc5.distributed.net/.
Making it seamless and easy to use is the right idea. PGP has made some good steps in this direction, but no one has yet come close to the integration of digital signatures that was provided in PowerTalk, one of those great Apple innovations that died on the vine (sigh... ).
One thing that hasn't caught on yet is the creation of "secure" directory services. With public key cryptography you must acquire the public keys of the individuals with whom you want to communicate. Currently, you have to figure out how to access a public key server, get the keys and use them to encrypt or verify messages.
This is the perfect opportunity for one of the Internet directory services (Four11, Big Foot, White Pages, etc.) to stand out and take the next step: add public keys to your directory records. Or turn it around: PGP or Verisign should provide complete directory services, including your personal info along with the public keys. However, the client side still needs work to make the integration seamless. I'm interested in sending authentic and secure messages, not finding and fumbling around with the keys.
Today we put snailmail letters inside envelopes, with some assurance that our mail is private, and we aren't considered suspicious. Cryptography must become a seamless part of our electronic communications for the same reason.
Microsoft Outlook Express supports S/MIME too. In fact if you read the tea leaves vendors representing something like 70%+ of the email market (by my calculations) share have said that they will support S/MIME. There are lots of complicated issues about some of the email crypto standards that are still being worked out, so making and hard & fast conclusions about the future in this area would be a mistake right now.
From: alexhop@microsoft.com (Alex Hopmann);
Sent at 9/30/97; 10:54:40 AM;
Outlook ExpressIn any case I encourage you to go download Outlook Express (its out today!) as part of the Internet Explorer 4 release. Also there is a domestic version that supports strong (128 bit) encryption, although I'm not sure if that will be available today, or just soon.
Last week on 9/24 The House's Commerce Committee approved the Security and Freedom through Encryption Act (SAFE), without an amendment that would have allowed for government controls on encryption technology. It is not over yet though. The bill, H.R. 695, has a long way to go before it gets to the full House for a vote. We'll have to stay on top of those boys up there in Washington.
From: jevans@shokt.com (Jeff Evans);
Sent at 9/30/97; 2:01:17 PM;
House's Commerce Committee approved SAFE on 9/24 without amendmentA pointer to EFF http://www.eff.org/ and the work they do would be a good one Dave. I find them to be the best source of info on matters of free speech, privacy, encryption and intellectual property.
They have not posted the 9/24 news yet however. I found it on News.com last week.
I would like to suggest a global strategy on encryption. The wider perspective can be more powerful.
From: storms@pi.net (Jan M.J. Storms);
Sent at 9/30/97; 8:32:24 PM;
Re:Bill Gates on PrivacyIf American companies cannot export encryption, maybe they can import it.
It might be useful to have a kind of plugin approach which works in all applications, *and* in every country.
I downloaded the PGP upgrade for Eudora yesterday after you mentioned it, installed it, sent a signed/encrypted piece of email to myself, received it as "gobbledy-gook", selected Decrypt/Verify, and it decrypted it back to my original message.
From: williamk@perigee.net (William Kruidenier);
Sent at 9/30/97; 2:08:55 PM;
Re:Ideas for PrivacyIn other words, you can check it out by yourself, although getting a buddy will help spread the word (and sending encrypted messages to yourself is a bit schizophrenic, huh?).
Thanks for alerting us to the PGP stuff.
Dave - another aspect to the privacy debate is what happens to information once it safely lands somewhere. And that seems to have the populace in a greater uproar than the sanctity of the message itself.
From: rob@eyegive.com (Robert Grosshandler);
Sent at 9/30/97; 1:02:15 PM;
Re:Ideas for PrivacySecondly, there's a yin and yang in the crypto debate because it affects net commerce - if we start yelling so loudly that it scares off the consumer, we've hurt the process as much as helped it.
While http://www.eyegive.com/ can't help the second item, we're working on the first. Besides http://www.truste.org/ we've taken the strongest position possible in protecting peoples' personal data.
Did you know that if I promise you not to disclose your information, and then I go bankrupt, the bankruptcy court has the power to nullify my promise? Since that data is an asset of the business, they're entitled to mine those assets in favor of the creditors.
At eyegive, we've taken the unique step of creating a contract with our members that licenses that information from them, leaving ownership in their hands, not ours. Not perfect yet, but now only the license is my property, and that license is limited in scope and time, and can go away in the event of a bankruptcy.
Good luck on the DaveNet Live tonight. I wish I could go, but I am stuck here in Houston. There is a topic that might be good to discuss - I wrote a bit about it on my website, but I wonder if people want to discuss it. Is there a relationship between software piracy and the pricing for software? For example, does a company like Connectix, which charges very reasonable prices for their excellent products, "suffer" as much from software piracy as companies like Microsoft and Adobe, with heavily marketed and expensive software products? Would generating a lower price point for entry into a software market be a more effective deterrent against damage against software piracy and software piracy itself than such things as the SPA and copy protection? I would sincerely like to hear what kind of a discussion such a topic would bring up.
From: rsucgang@bcm.tmc.edu (richard sucgang phd);
Sent at 9/30/97; 9:36:17 AM;
Re:"Flash Format"Oh, I don't know if I mentioned it to you before, but I did put up a vector graphic format version of the rearing cowboy logo for other people to use, downloadable from the new Frontier section of my website
http://www.io.com/~pantheon/frontierBoard
I also have some ideas for Frontier and scripting.com graphics online.
I've been thinking about privacy for a while, and one idea that i've had is that there should be an API for encryption. One of the problems with encryption is that its a completely different application with different ways of doing things. Previously, if you want to encrypt email you have to open PGP and encrypt it there then copy the text to Eudora and then send it.
From: aburgel+@andrew.cmu.edu (Alexander Burgel);
Sent at 9/30/97; 1:48:42 PM;
Re:Ideas for PrivacyThankfully PGP now is builtin to Eudora, but it shouldn't stop there. I want to encrypt my Netscape email (and not with S/MIME) but i have to go back to PGP and copy and paste. What if i want to encrypt my Word document, or my spreadsheet before i send it across the net, or what if i want to just leave it on my drive. I think it would be great if PGP or some company like that publishes an API, with little or no licensing fee, so every program can encrypt data. I'm sure everyone would encrypt their files if all they had to do is select encrypt from a menu. Ubiquitous encryption is what we need, and what easier way to do it then by having a secure API that everyone can use. No more copying and pasting text.
Dave, I think the problem is that "the rest of us" don'e really care about privacy. For example when it comes down to deeds (not words)
From: bcox@gmu.edu (Brad Cox);
Sent at 9/30/97; 1:23:05 PM;
Re:Bill Gates on Privacy1) We use (eaily traceable) credit cards in favor of (anonymous) cash in our daily transactions.
2) We buy and use trivially tappable wireless telephones in favor of relatively secure wired phones.
3) To "The rest of us" it seems more fearsome that a terrorist might get off than that honest folks might suffer from bad encryption.
The problem, I think, lies with the fact that our rhetoric is based on a term, "privacy", that people don't care much about, and never developed rhetoric based on "property" that people do care about.
So paradoxes abound. The very folks (EFF) that are the most wrought about "privacy" are the same ones that are arguing "Information wants to be free" (eg anti-property).
There are articles about this at http://www.virtualschool.edu/mon, including links to a recent book, "Superdistribution: Objects as Property on the Electronic Frontier", which explains how the property issue (as distinct from the privacy issue) can be solved.
Also note the link to The Camden Conference on Telecommunications: Reshaping American Communities. DeMarco organized it in response to my IEEE paper, Objects as Property. Conference is October 24-26, 1997; Camden Maine. Speakers: Brad Cox, Tom DeMarco, Esther Dyson, Howard Gardner, George Gilder, Rushworth Kidder, Gov. Angus King, Ted Leonsis, Ira Magaziner, Jim Maxim, Bob Metcalfe, Nicholas Negroponte, Evan Richert, John Sculley, Ray Smith, Elliot Soloway, Hal Varian, Shoshana Zuboff. Its sold out now tho.
Thanks for the excellect DaveNet pieces on privacy and your effort to get people to be more involved in the whole encryption/privacy issue.
From: spector@zeitgeist.com (David HM Spector);
Sent at 9/30/97; 1:38:01 PM;
pointer to politcal action on privacy...I have put together a free package that will be useful for people looking to let their elected officials know what their opinions are on this issue. It's a set of data bases (distrbiuted both in Excel & tab-delimited formats) of name/address/phone/fax/email contact information for every member of the House and Senate.
Also included are sample letters, and instructions on how to make it all work with MSOffice (the formats are such that they may be used with either Macintoshes or Wintel boxes).
It can be accessed at:
http://www.zeitgeist.com/crypto
~or~
ftp://www.zeitgeist.com/pub/Politics
I will be adding functionality to it (incl. Java applets to make it more interative) soon. It's gotten a lot of good comments, but I am always interested in constructive feedback on what I can add to make it a more useful tool.
I know you'll be at Seybold, and I know you like to see gorgeous Frontier sites.
From: dori@workbook.com (Dori Smith);
Sent at 9/30/97; 10:33:23 AM;
A Seybold invitationI'd like to invite you to stop by the Apple Theater and see a demonstration of The Workbook Online. My boss, Doug Dawirs, will be there:
Wednesday, 11:30 am-11:50 am and 3:30 pm-3:50 pm
Thursday, 1:30 pm-1:50 pm
Friday, Noon-12:20 pmVirtually every page you'll see is generated on-the-fly with Frontier CGI's. Apple was so knocked out by what I did that they invited us to share their space at the show. Introduce yourself to him, and he'll be happy to give you the Frontier-centric demo and show you what's under the hood.
Check it out; I promise you'll be impressed.
The IETF has apparantly dropped S/MIME in favor of PGP as a standard... because of the patents/righ ts RSA holds on it. But PGP is being sued by RSA over some technology as well. Eudora (which you co uld say is popular, heh) went against the tide by choosing PGP. http://www.news.com/News/Item/0,4, 13760,00.html (IETF article) http://www.news.com/News/Item/0,4,13904,00.html (RSA lawsuit article) I think it's pretty safe to say there is a battle... but I'm not sure if it's with the standards bodies. I'm a relative newbie in this area as well. I decided to download PGP just a few weeks ago .
From: tomalak@dsoe.com (Lawrence Lee);
Sent at 9/30/97; 10:31:38 AM;
PGP vs S/MIMERick's message about S/MIME is interesting in light of the following Sept. 26 article:
From: maurice@envirolink.org (Maurice Rickard);
Sent at 9/30/97; 1:13:12 PM;
Re:Ideas for Privacyhttp://www.wired.com/news/news/technology/story/7220.html
The headline is "S/MIME Cracked by a Screensaver," and the gist is that cryptology expert Bruce Schneier has written a program that distributes the cracking task over a network. Some quotes:
"'On average, it takes 35 days on a 166 MHz Pentium,' said Schneier, who is also the author of the book Applied Cryptography....
"Got an office with a dozen machines? You can crack a message in a little less than three days. Got a thousand? Your wait will be just 50 minutes. The program, which began as a screensaver that searched for large prime numbers, will be made available on Schneier's Web site today.
"The program will only crack messages encrypted with RSA Data Security's S/MIME mail encryption standard, and at that, only messages that are encrypted with a 40-bit key. But that's exactly the encryption that's being offered today by the most commonly used versions of Netscape Messenger and Microsoft Outlook Express."
This isn't to say that S/MIME is insecure as such, just that the 40-bit flavor being offered in these (and other?) products is easily crackable by anyone who wants to do it.
Denise Caruso's point hit home for me. I was trying to explain the crypto debate to my girlfriend the other night, but in trying to explain it to her, I got confused between the export restrictions and the general privacy issue. Her concern was that of the general computer-illiterate population (terrorists can use encryption, terrorism is bad, ergo encryption is bad). I ended up deciding that I don't care if U.S. software companies are restricted from exporting strong encryption, as long as *I* can get it. She ended up agreeing that she wouldn't want to give a copy of her keys to the police when she moved into her new apartment.
From: nbornstein@plr.com (Niel M. Bornstein);
Sent at 9/30/97; 1:11:30 PM;
Re:Ideas for PrivacySure, it's a shame that U.S. developers have their hands tied when it comes to the global encryption market, but what matters most to me is that my personal communications are safe from prying eyes. If need be, I'll obtain stronger encryption software from overseas.
I originally started to send this reply in Netscape, but I don't understand their security. It's much more cryptic, if you'll pardon the pun, than Eudora with PGP.
Rick:
From: dwiner@well.com (Dave Winer);
Sent at ;
Re:Ideas for PrivacySeems like you're going against the flow. As a newbie to encryption and digital signatures, PGP is e verywhere and S/MIME only comes up rarely, with people who are insiders. Maybe PGP is just a brand name, so can you get them to back S/MIME? A standards battle, in public, would be the *worst thing possible* in an already confusing area.
Dave
S/MIME is emerging as the standard for signed and encrypted email (as supported, for example, by the mail product I used to send you this, which happens to be ours :>, but by others as well.).
From: rick@netscape.com (Rick Schell);
Sent at 9/30/97; 9:22:33 AM;
Re:Ideas for PrivacyDon:
From: dwiner@well.com (Dave Winer);
Sent at ;
Re:Ideas for PrivacyUntil someone at the FBI or the CIA blackmails him.
I bet he'd ask for an exception for the President.
Dave
Thanks for the thoughtful article, and the ongoing advocacy of privacy and free speech on the Web.
From: don_wakefield@MENTORG.COM (Don Wakefield);
Sent at 9/30/97; 9:00:28 AM;
Ideas for PrivacyIn 'Ideas For Privacy' you quote Susan A. Kitchens on the Chelsea-goes-to-college scenario, ending thusly:
"Mr. Clinton figures out how to send email to his daughter. Someone starts packet-sniffing for the correspondence. Letters from Dad end up being front page news. Mr. Clinton gets encryption religion."
I guess I'm just more skeptical. If Al Gore is Clinton's bulldog, then he is already *for* encryption. He just wants the benevolent hand of government on the back doorhandle. So the above might more likely be rephrased:
"Mr. Clinton figures out how to send email to his daughter. Someone starts packet-sniffing for the correspondence. Letters from Dad end up being front page news. Mr. Clinton renews his fight for key-escrow encryption."