News and commentary from the cross-platform scripting community.
cactus Mail Starting 6/12/98

From: jknight@ai.mit.edu (James Knight);
Sent at Sun, 14 Jun 1998 00:06:02 -0700;

Wow, talk about conspiracy theory. I hope you're going to see X-Files so you can confirm all your ideas about mass destruction of the world. Maybe you could even join them in their quest to Fight The Future.

From: yourke@earthlink.net (Alex Yourke);
Sent at Fri, 12 Jun 1998 20:00:12 -0700;

Thank you, Dave, for your perspective on what the government may be up to. I tend to discount most conspiracy theories, and I admit your thesis strikes me as a little bit out there, but my attention has been redirected. I'll keep an eye out for more evidence of what you are suggesting, government control of internet communication.

From: shall@bank-banque-canada.ca (Stephen Hall);
Sent at Fri, 12 Jun 1998 14:13:02 -0400;

I am a Canadian, someone who lives in the American sphere of influence (to borrow a term from geopolitics). Living my life in the shadow of the United States, I generally admire, sometimes resent and often puzzle over the public debate in the Great Republic to the south.

I think it important to understand the implications of how the Internet makes it possible for individuals and companies outside the United States to conduct business in cheerful noncompliance (indeed, contravention) of American intellectual-property, tax, privacy and encryption laws, and still be fully accessible to Americans via the Net.

Think about it. If strong encryption is easily available outside the United States, how long will the FBI and Justice Department's insistence on export controls, let alone a government-mandated central key registry, make any sense?

As for why Washington has decided to pick on Microsoft, I would caution against thinking there is some conspiracy underway. Governments as large as the U.S. federal government are generally too disorganized to act this way and not be found out. There would be gossip and leaks popping up all around Washington if such were the case. More probably, there is probably a general sentiment that Microsoft is getting ready to invade and take over businesses outside the computer software industry and this has engendered the political and bureaucratic will to do something (anything) about the Redmond behemoth. If I posed a possible threat to every auto dealer, travel agent, insurance seller, online retailer and media outlet in the country, then I would expect to generate some heat.

Best of luck on the commercial Frontier release. I'm a big fan of your determination to leverage XML and look forward to using it (and paying you for your efforts).

From: InterMark_Consulting_Group@compuserve.com (Erik Sherman);
Sent at Fri, 12 Jun 1998 17:02:12 -0700;

A few points (as usual <g>).

  1. I think the "one world government" angle is off the mark. The intelligence community wants to control encryption because they want to see what everyone is doing - comes from being professional busy bodies. But you are assuming too much craftiness on the part of government. I think things "just happen" a lot more than any of us would care to realize. Frankly, I think life by accident is a lot more scary.

  2. While the Justice Department is leaning on Microsoft and Gates, it's not about browsers. It's about Microsoft becoming the main distributor for all software on top of the biggest producer, which means they have a lock on the market beyond normal competition.

  3. The secret to free speech is to say what you think publically, not encrypt it. The question is one of fear. The solution is to say to the government's face what you would say in an encrypted message. Free speech requires public ownership, not whispering.

  4. Gardens in New England! A GREAT topic. If you are serious and would like to see some wonderful growing things outside of someone's personal garden and around Boston, I'd suggest the Arnold Arboretum, the Mt. Auburn Cemetary in Cambridge, the National Seashore on Cape Cod, and Blythwold (OK, so it's in Rhode Island, but it's an old mansion with astounding gardens).

From: wesf@cs.utexas.edu (Wesley Felter);
Sent at Fri, 12 Jun 1998 17:05:00 -0700;
Privacy and the Government

Your theory about the government's motives for the current MS situation is an interesting one. I don't know if I completely believe it, but it makes a lot of sense.

I saw a presentation on NT 5.0. One of the notable features slated to be included in NT 5 is IPSec; that's transparent, automatic encryption of all network traffic between any two computers that support it. You don't need to modify any of your software (like the Web browser), and unlike many other networking innovations proposed in the last few years (remember multicast?), IPSec doesn't require any kind of support from ISPs either. Apple is on the bandwagon, too, but who knows when they could ship it. I can easily see why the governments of the world would be afraid of this. Microsoft is in a position to put crypto in everyone's computer in the next few years, unless the government rules that crypto can't be integrated into an operating system.

Short-term, there's another big problem in the crypto world. The RSA algorithm is the heart of almost all systems that use cryptography, and it's patented by RSA Data Security, Inc., a division of Security Dynamics. As one might expect, they're milking their patent for all it's worth. I can't complain about that; they invented it and they deserve to profit from it.

But there's something else going on. Every secure Web browser includes licensed RSA crypto code. But that's not all you need for secure connections. Each secure Web server has to have a certificate or digital ID. The software to create certificates is widely available, even for free. But there's a catch: Many Web browsers will only accept certificates that are issued by VeriSign, which is known as a "trusted third party". VeriSign charges about $300/year for these certificates. While this might seem OK at first, most peole don't seem to know that VeriSign is a subsidiary of RSA Data Security. So first they charge you for the actual crypto software (which they have a monopoly on) and then they charge you separately for a certificate which is needed to use the software (and they also have a near-monopoly on certificates).

IMO, this arrangement amounts to a privacy tax. You're welcome to use secure Web and email, but you'll pay RSA one way or another. Considering the open-standards heritage of the Net, this worries me.

From: ltymowski@ibm.net (Luke Tymowski);
Sent at Fri, 12 Jun 1998 16:31:39 -0400;
some observations on IE 5

I've been using IE 5 today. It's been interesting. IE now works with MS Proxy Server 2.0, something the various releases of 3.x - 4.x never could manage. Biggest surprise: it now renders page as fast as Opera, at least on my two machines.

That IE wouldn't work with MS Proxy Server 2.0 was a big surprise. One interesting effect was that all the people in the office who preferred IE to Netscape eventually gave up on IE and installed Netscape, which worked perfectly with Proxy Server.

One of the biggest edges that Opera had was the speed with which it displayed pages. That it wouldn't interpret DHTML and style sheets as well as IE and Netscape kept me from buying a copy. Now that IE 5 has the speed advantage of Opera, why buy Opera other than for political reasons?

From: raymond@btw.com (Eric Raymond);
Sent at Fri, 12 Jun 1998 13:21:22 -0700;

I assume you mean Y2K when you say 1/1/00. There is a use for standardization in buzzwords.

Interestingly the commercial sector is putting lots of pressure on this front. Last year our company was acquired by Sierra OnLine which is in turn owned by a large conglomerate.

In the past few months we have had a number of strong moves to fix Y2K bugs in our systems by the end of THIS year. The pressure is coming from a block of the conglomerates, suppliers and customers. In effect they are saying they won't do business with us unless we are Y2K compliant. And this goes much deeper into the business. Things like voicemail and phone systems, regional and long distance carriers. And it has a domino effect because we pass that requirement on down the food chain.

From: bakin@haas.berkeley.edu (Jerry Asher);
Sent at Fri, 12 Jun 1998 12:46:56 -0700;

On our government's incompetence: in my experience I've often found very smart people working for government, and while I may not agree with their conclusions, I've often been very impressed with their grasp of the issues. I find the automatic badmouthing of our government's abilities to be a cheap shot intended to shut off debate. It's a political statement and a crowd pleaser.

Regarding the Year 2000 problem, it appears to have little to do with the government and everything to do with private industry. Grace Hopper may have invented COBOL for the Navy, but the Navy didn't write the accounting programs nor mandate two digit date fields nor the elimination of maintenance budgets. That was private industry ignoring the technology they depend on.

Reread the RISKS Digest on comp.risks. Y2K has been discussed in that forum for close to twenty years now.

You got big fear regarding 1/1/00? Me too. There have been net discussions, twenty years old now debating which Southern Pacific Island you should be on to avoid the fallout that will predominate in the Northern Hemisphere. Your issues to consider are wind and weather patterns, independence of food supply, levels of technology, and dependence on the outside world.)

At any rate, the government programmed few of the Y2K computers, private industry did. It's not the government's computers facing the Dow 10,000 crisis, it's Wall Streets'. It's not the government's computers that will croak on payroll and accounts receivables/payables to overnight (1/1/00) bankrupt their companies, it's private industries software installed by the Big 10, then 6, soon to be 4 eventually 1 accounting firms.

I love good conspiracy theories, I do, they can be just as interesting as good detective fiction, and even more fun and scary then the best monster flick, but I just don't see it in our government's reluctance to release powerful encryption. I disagree with their plans, but I am sure their motives are good: public safety. It's not going to work though, powerful encryption in the digital age is just too easy, and even more true than with gun control, they will find that when you outlaw encryption, only outlaws will have encryption. (Write to me and I'll tell you about a distribution system already in place world wide to distribute Gigabyte one time pads: they call themselves Block-Buster Video)

From: mac@angola.wpi.com (Michael McCarthy);
Sent at Fri, 12 Jun 1998 12:46:36 -0700;

Try this variant: regardless of governments' initial motives and purposes, once it gets into the computer business with things like regulating encryption and deciding Gates' fate, sooner or later it dawns on the various bureaucrats that there are these other, longer-term, big-think advantages --the ones you listed.

At that point its stops being mere politics - big companies funding lobbying groups to compete for them instead of in the market -- and starts being Big Politics - government-centric people fighting for full, or continued, control over everything.

So even if Janet Reno's motives are exactly what she says they are - today - it doesn't matter. In the long run, government forces will see the opportunity presented, as you describe.

Wow. Thanks for the spotlight.

From: Quic1estca@aol.com ();
Sent at Fri, 12 Jun 1998 15:42:34 EDT;

There is a way a trade-off could be achieved. It has to do with electronic money.

Money needs to be endowed with memory. Electronic currency units on your storage card need to know who they belong to. Ditto when stored on a hard drive, or when zipping from account to account between banks.

Of course, the memory should not be readable--it should be encrypted. Currency units should accumulate an encrypted "karma" as they change owners--as they go through their "avatars." Only the owner should normally be able to decrypt and read the part of the karma that refers to him, plus the bit about the person he got the currency unit from.

Imagine an economy where money has become electronic, and carries its encrypted karma around. Just give law enforcement controlled access to the karma. Use a legitimate form of key escrow for that purpose. Entrust a special institution with the keys, answerable only to judges. How can you organize terrorist networks, smuggle arms, deal drugs, or buy politicians and generals without money? And how can you get away with it? Money without memory. Once all money remembers where it has been, such games become unthinkable assuming that the law-enforcement structure remains free of corruption.

Nirvana would be needed to purge currency units of accumulated karma. A central bank could record all of the karma on a currency unit in a database, strip the unit to return it to its pristine state where it only knows that it belongs to the central bank, and return it to circulation. Previous owners could check the databases, using their decryption tools, to make sure that the information is correct and untainted. And a judge could allow law enforcement to delve into the database, use an escrowed key, and read specific records, when necessary.

One final twist--tax reform. If you decide that electronic money transactions will be taxed in real time as such, say every time an electronic currency unit changes hands--undergoes an avatar change--you have something very powerful in its simplicity and amazingly unobtrusive.

Now would that not be a good basis for a trade-off that would completely free encrypted communications from government interference? Give them money with memory--and give us freedom of encrypted speech and a new tax system for the 21st century.

From: phred@teleport.com (Fred Heutte);
Sent at Fri, 12 Jun 1998 12:32:50 -0700;

Before you get even more worked-up about the dangers of the net and politics, I suggest a look at David Brin's rather contrarian new book, "The Transparent Society." It's not the standard rant in favor of the point of view than strong crypto will solve all our problems. He's certainly in favor of strong crypto, but with a much wider view of the issues of surveillance, privacy and accountability. I don't agree with everything he says but it is thought-provoking, and that is his stated purpose.

From: adul@cmg.FCNBD.COM (Albert Dul);
Sent at Fri, 12 Jun 1998 12:32:14 -0700;

OK, this doesn't have to do with the government angle, but is a few tidbits on Y2K.

Be careful if you're writing a date parser. It's possible to let an existing parser resolve a x/x/00 date to 1900, then just add a hundred years if the year digits were before a certain time, like 70. Easy fix? Nope. Try February 29, 2000. 2/29/00. There is no Feb 29, 1900, so it may resolve to March 1, 1900. Adding a hundred years to this gives something other than what the user typed in. Fun!

Some airlines have established no-fly zones over parts of the United States on 12/31/99, just in case hell breaks loose. I really hope the radar at O'Hare keeps working.

Here's another fun problem. Many information technology systems cannot take the Dow Jones Industrial Average past 9,999. The Dow 10,000 Problem, or D10K can easily occur before the year 2000. The Dow may suddenly read zero as the fifth digit is truncated. Having worked in financial software development for almost 10 years now, I don't even want to think about it... We already have the Y2K and Euro Dollar mega projects to contend with.

Doing some Mac development, I'm just using the 64 bit LongDateTime data type, and taking the clock out to the year 28,000. I don't want to have to fix something I wrote in 2038 when I'm 72 because I chose to use an easier 32 bit time value! :-)

Not looking forward to hearing Prince's "1999" ad nauseum next year.

From: scottwil@microsoft.com (Scott Wiltamuth);
Sent at Fri, 12 Jun 1998 12:31:30 -0700;

Kind of ironic that you wrote 1/1/00 and not "1/1/2000", don't you think?

Check out the y2k stuff on http://www.yardeni.com/ and you'll be even more frightened. Yardeni is the Chief Economist of Deutsche Bank Securities. He has collected a clearinghouse of info on y2k, much of it about the government's lack of progress in addressing their own computer systems.

His conclusion is that there is a 60% chance of a worldwide recession due to y2k problems. This opinion is not widely shared, but it seems that the people on the other side of the argument have very little data to back up their arguments.

It would be interesting to hear what you think will actually happen on 1/1/2000, and what (if anything) you'll do to prepare. E.g., it might be reasonable to avoid flying in January 2000, and to make sure you have groceries and cash on hand. (Kind of sounds like preparing for a big blizzard, eh?) The interesting aspect of such a piece would be personalizing a problem that is large, abstract and seemingly (but not actually) far away.

From: petienne@logibro.com (Pierre-Etienne Chartier);
Sent at Fri, 12 Jun 1998 12:30:48 -0700;

Your idea about 1/1/00 is very interesting and very entertaining too. A friend of mine, currently doing his master in philosophy, often researches those subjects and will probably love your piece, I will forward it to him.

However, I really don't think the American government is trying to gain control of the Internet. They actually gave it away three years ago. NSF owned the Internet's backbone and got rid of it, for many reasons, and transferred it to companies such as ANS, Uunet and others. They did it again by transferring the Internic afterwards.

You'll probably tell me that NSF is part of the American goverment but that they have a very different mentality. However, if the American government wanted control, they would have kept it through the NSF.

Furthermore, I am a big Neo-Keynesian. The economy should be left alone (up to a certain extent of course...). If the American government wanted to control so much, they would be putting down the US's competitiveness in the IT industry and give huge advantages to other countries. This would be too bas as the US are far ahead of anybody else.

I may also have a different opinion since I am Canadian. For me, the American government is not THE government but rather a government and this one very rarely affects my way of living and my rights.

From: jhendry@cmg.fcnbd.com (Jonathan Hendry);
Sent at Fri, 12 Jun 98 13:53:00 -0500;

"Don't we need the software industry totally focused on avoiding this?"

I don't think it's really a software industry issue. Most of the problems are going to be in software developed in-house, and in embedded systems. If the non-software companies using those systems don't bother to find and fix the problems, it doesn't matter what the software industry does. The software industry can have ready-to-use shrinkwrap replacement products, but it won't help if they aren't used.

The most crucial stuff is the software running the power, nat'l gas, and heating oil systems. I wouldn't be surprised if a reactor melts down due to Y2K.

As long as people have power, and heat, I think things will turn out okay for the most part. Businesses will have to fall back to paper and pen. Lines will be long because the registers won't work. Prices will probably rise due to constricted supply. But the crucial systems will keep running. Enterprising entrepreneurs will bypass the computerized distribution systems, loading trucks at the warehouse and unloading at supermarkets.

I don't expect that New York will be consumed by riots, as some have suggested. I don't think riots have ever been very popular in mid-winter.

From: david@coursey.com (David Coursey);
Sent at Fri, 12 Jun 1998 12:06:01 -0700;

The problem with these global conspiracies is no one is organized enough to actually create one. The Y2K problem is our own creation -- not the governments -- and if everything falls over dead we'll have idiot programmers to thank, not the fedgov. People want the government out of our business, except of course when things are so messed up that only government action might save the day.

From: faisal@faisal.com (Faisal Jawdat);
Sent at Fri, 12 Jun 1998 14:49:53 -0400;

Paranoid much?

I get feelings like that some times.

I disagree on the issue of why they're going after Bill Gates, though. Based on living in Washington for the past 15 years, my guess is that they're going after Bill Gates because... hey, it's good press. You'd be surprised how much happens around here for good press. "Follow the PR" is one of the few things that comes close to "Follow the money" for successful politican watching.

And what about the Y2K problem? Good question. I'll be in a field. Near no airports. With stone aged weapons. And food.

Finally, your article reminded me of something. You have to read this book. It's mandatory:


From: psnively@rdoor.com (Paul Snively);
Sent at Fri, 12 Jun 1998 10:27:06 -0700;

My take on Coins is that it, or something very much like it, is absolutely necessary for XML to succeed in the real world. By that I mean that having markup for semantics, rather than presentation, necessitates a way of implementing that semantics, as I've written about before. For better or worse--and I actually think Java 1.1.6 is pretty darned good, especially in conjunction with the Java Foundation Classes and ObjectSpace's Java Generic Library--using Java is the best way to get cross-platform code that can be signed, shipped across the net, and deployed as transparently on the machine in front of you, some server somewhere, whatever, as the implementation of the Java virtual machine for that platform can allow.

JavaBeans are an interesting vehicle, and represent a consolidation of the entire 25+ years of thinking about how object-oriented programming "best practices" should work. For example, JavaBeans defines some interfaces and naming conventions; it does *not* define a "base class" that all beans must inherit from. A simple bean can be a bean just by providing get/set methods for its properties. A more complex bean might go so far as to provide its own GUI for modifying its properties, an icon to present to any bean-authoring tools that want it, a BeanInfo class to provide more detailed, explicit information about its properties, methods, and/or events, and so on. Beans rely heavily on the reflection/introspection capabilities of Java 1.1 to allow, e.g. the visual "wiring together" of beans, with one serving as an event source and another serving as event listener. We can expect to see the tools to allow this mature within the next six months to a year--in fact, Symantec's Visual Cafe, in particular, already has a rather nice JavaBean editor.

Finally, the dynamic loading aspect of Java coupled with JavaSoft's new JavaBean Activation Framework will make it still easier to compose software systems the bulk of whose functionality might not even exist within the piece of software that is initially executed, but rather is loaded on demand, either from a local disk or from somewhere else on the network. To the extent that JavaBean authors are careful to craft their beans in such a way that they are referentially transparent--think of a JavaBean as a (potentially heavyweight) mathematical function that takes an "argument" (listens for an event of a particular type with a particular value) and returns a "result" (fires an event of a particular type with a particular value)--it becomes easier to compose large, complex systems out of beans. With ongoing improvements in JIT technology, it even becomes practical from a performance standpoint. As an example of this, see http://infospheres.cs.caltech.edu and follow the links to UberNet, which is a Java framework for networking that allows for the dynamic creation of new networking protocols at run time, and only the sender has to know about the protocol ahead of time: the receiver can be told by the sender about the new protocol, and the receiver can then dynamically receive the new protocol, and then continue to communicate with the sender using the new protocol! To put this in some perspective, imagine that your sender and receiver were using AppleTalk protocols to communicate but you decided that TCP/IP was better. You could tell the sender to use TCP/IP assuming you had support for it there, but perhaps that support didn't exist at the receiving end. The sender would tell the receiver "I'm switching to TCP/IP; here's where to find the TCP/IP protocol," and the receiver would download it, install it, and thenceforth the system could use TCP/IP. It's almost certainly not feasible to do protocol-stack-level programming in Java in the absence of a good JIT, but with one, it certainly is.

All of this verbiage about Java is to support the point that, since XML gives us a completely open, completely dynamic set of tags that can be defined, it takes a completely open (in the sense of ability to distribute code), completely dynamic (in the sense of being able to add new code at runtime) cross-platform (because XML obviously is) language to provide the meaning for those tags. Coins would appear to provide this very important mapping from XML syntax to Java semantics. All I would need to ensure that *my* interpretation of some XML tag is the same as *your* interpretation would be to say, "hey, have you got a Coin for that?" and, if so, we'd have baseline compatibility, plus I could extend and/or override that interpretation with the appropriate Java programming.

I'd say that Coins, coupled with a good validating XML parser in Java, is a big win for the XML community. Ideally we'll start seeing Coins for XML documents offered at the same time and in the same places as the DTD's for those documents.

From: josh@stonecottage.com (Josh Lucas);
Sent at Fri, 12 Jun 1998 11:38:39 -0400;

I've been following coins for a little while now and I think they are pretty cool.

I think one of the best ways for them to be used would be for a distribute Java application which needs objects on various machines to communicate. By not serializing the objects, the application could(hopefully) process the XML much quicker and have certain other classes bound to certain elements. That is where it could get cool. Kind of like style sheets for Java and XML.

One problem I've talked with Bill about a little is the lack of focus on interapplication communication and interlanguage communication. I've been trying to think about that more to see how that could fit within either the Coins framework or something else.

From: todd@polygon.net (Todd Blanchard);
Sent at Fri, 12 Jun 1998 09:28:35 -0600;
Coins - ugh

The underlying concepts in coins are not new. Persistent Software used to sell (maybe they still do) a product that mapped C++ objects to RDBMS. It also relied on code generation to produce both the class of interest and a number of support classes (about 7 per logical class!).

The mechanism is essentially the same, only the output format is different - XML vs SQL.

Anyhow, I'd never use it for several reasons.

1) I dislike code generation "solutions" of any kind. In my experience they are unwieldy and inelegant.

2) The implementation style is similar to CORBA, but with CORBA I get something cool - distributed objects. Here I only get a new file format and it costs me dearly in size and complexity. Poor tradeoff.

3) Serialization is automatic - here I have to do extra work to get persistence. When I employ serialization, its seldom to exchange data.

4) Serialization file format is reasonably space efficient. XML can easily quintuple the size of your data. I don't view this as a good thing.

I don't think it'll catch on. Too much cost for too little benefit.

This page was last built on Sunday, June 14, 1998 at 12:07:49 AM, with Frontier version 5.0.2b20. Mail to: dave@scripting.com. © copyright 1997-98 UserLand Software.