Computer underground Digest Sun May 19, 1996 Volume 8 : Issue 37 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Field Agent Extraordinaire: David Smith Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #8.37 (Sun, May 19, 1996) File 1--(Fwd) JAVA BLACK WIDOWS - SUN DECLARES WAR File 2--The Internet is a library File 3--Boardwatch Magazine -- A review File 4--"Zen And Blarney" (Boardwatch Reprint on Kevin Kehoe) File 5--Cu Digest Header Info (unchanged since 7 Apr, 1996) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Sun, 12 May 1996 19:53:03 +0000 From: David Smith Subject: File 1--(Fwd) JAVA BLACK WIDOWS - SUN DECLARES WAR "Black Widow" is a really cool name for what are essentially Java virii. -- David Smith -- bladex@bga.com ------- Forwarded Message Follows ------- Date-- Sat, 11 May 1996 15:48:06 -0400 (EDT) From-- "Home Page Press, Inc." Subject-- JAVA BLACK WIDOWS - SUN DECLARES WAR JAVA BLACK WIDOWS - SUN DECLARES WAR Sun Microsystems' has declared war on Black Widow Java applets on the Web. This is the message from Sun in response to an extensive Online Business Consultant (OBC/May 96) investigation into Java security. OBC's investigation and report was prompted after renowned academics, scientists and hackers announced Java applets downloaded from the WWW presented grave security risks for users. Java Black Widow applets are hostile, malicious traps set by cyberthugs out to snare surfing prey, using Java as their technology. OBC received a deluge of letters asking for facts after OBC announced a group of scientists from Princeton University, Drew Dean, Edward Felten and Dan Wallach, published a paper declaring "The Java system in its current form cannot easily be made secure." The paper can be retrieved at http://www.cs.princeton.edu/sip/pub/secure96.html. Further probing by OBC found that innocent surfers on the Web who download Java applets into Netscape's Navigator and Sun's HotJava browser, risk having "hostile" applets interfere with their computers (consuming RAM and CPU cycles). It was also discovered applets could connect to a third party on the Internet and, without the PC owner's knowledge, upload sensitive information from the user's computer. Even the most sophisticated firewalls can be penetrated . . . "because the attack is launched from behind the firewall," said the Princeton scientists. One reader said, "I had no idea that it was possible to stumble on Web sites that could launch an attack on a browser." Another said, "If this is allowed to get out of hand it will drive people away from the Web. Sun must allay fears." The response to the Home Page Press hostile applet survey led to the analogy of Black Widow; that the Web was a dangerous place where "black widows" lurked to snare innocent surfers. As a result the Princeton group and OBC recommended users should "switch off" Java support in their Netscape Navigator browsers. OBC felt that Sun and Netscape had still to come clean on the security issues. But according to Netscape's Product Manager, Platform, Steve Thomas, "Netscape wishes to make it clear that all known security problems with the Navigator Java and JavaScript environment are fixed in Navigator version 2.02." However, to date, Netscape has not answered OBC's direct questions regarding a patch for its earlier versions of Navigator that supported Java . . . the equivalent of a product recall in the 3D world. Netscape admits that flaws in its browsers from version 2.00 upwards were related to the Java security problems, but these browsers are still in use and can be bought from stores such as CompUSA and Cosco. A floor manager at CompUSA, who asked not to be named, said "its news to him that we are selling defective software. The Navigator walks off our floor at $34 a pop." OBC advised Netscape the defective software was still selling at software outlets around the world and asked Netscape what action was going to be taken in this regard. Netscape has come under fire recently for its policy of not releasing patches to software defects; but rather forcing users to download new versions. Users report this task to be a huge waste of time and resources because each download consists of several Mbytes. As such defective Navigators don't get patched. OBC also interviewed Sun's JavaSoft security guru, Ms. Marianne Mueller, who said "we are taking security very seriously and working on it very hard." Mueller said the tenet that Java had to be re-written from scratch or scrapped "is an oversimplification of the challenge of running executable content safely on the web. Security is hard and subtle, and trying to build a secure "sandbox" [paradigm] for running untrusted downloaded applets on the web is hard." Ms. Mueller says Sun, together with their JavaSoft (Sun's Java division) partners, have proposed a "sandbox model" for security in which "we define a set of policies that restrict what applets can and cannot do---these are the boundaries of the sandbox. We implement boundary checks---when an applet tries to cross the boundary, we check whether or not it's allowed to. If it's allowed to, then the applet is allowed on its way. If not, the system throws a security exception. "The 'deciding whether or not to allow the boundary to be crossed' is the research area that I believe the Princeton people are working on," said Mueller. "One way to allow applets additional flexibility is if the applet is signed (for example, has a digital signature so that the identity of the applet's distributor can be verified via a Certificate Authority) then allow the applet more flexibility. "There are two approaches: One approach is to let the signed applet do anything. A second approach is to do something more complex and more subtle, and only allow the applet particular specified capabilities. Expressing and granting capabilities can be done in a variety of ways. "Denial of service is traditionally considered one of the hardest security problems, from a practical point of view. As [Java's creator] James Gosling says, it's hard to tell the difference between an MPEG decompressor and a hostile applet that consumes too many resources! But recognizing the difficulty of the problem is not the same as 'passing the buck.' We are working on ways to better monitor and control the use (or abuse) of resources by Java classes. We could try to enforce some resource limits, for example. These are things we are investigating. "In addition, we could put mechanisms in place so that user interface people (like people who do Web browsers) could add 'applet monitors' so that browser users could at least see what is running in their browser, and kill off stray applets. This kind of user interface friendliness (letting a user kill of an applet) is only useful if the applet hasn't already grabbed all the resources, of course." The experts don't believe that the problem of black widows and hostile applets is going to go away in a hurry. In fact it may get worse. The hackers believe that when Microsoft releases Internet Explorer 3.00 with support for Java, Visual Basic scripting and the added power of its ActiveX technology, the security problem will become worse. "There is opportunity for abuse, and it will become an enormous problem," said Stephen Cobb, Director of Special Projects for the National Computer Security Association (NCSA). "For example, OLE technology from Microsoft [ActiveX] has even deeper access to a computer than Java does." JavaSoft's security guru Mueller agreed on the abuse issue: "It's going to be a process of education for people to understand the difference between a rude applet, and a serious security bug, and a theoretical security bug, and an inconsequential security-related bug. In the case of hostile applets, people will learn about nasty/rude applet pages, and those pages won't be visited. I understand that new users of the Web often feel they don't know where they're going when they point and click, but people do get a good feel for how it works, pretty quickly, and I actually think most users of the Web can deal with the knowledge that not every page on the web is necessarily one they'd want to visit. Security on the web in some sense isn't all that different from security in ordinary life. At some level, common sense does come into play. "Many people feel that Java is a good tool for building more secure applications. I like to say that Java raises the bar for security on the Internet. We're trying to do something that is not necessarily easy, but that doesn't mean it isn't worth trying to do. In fact it may be worth trying to do because it isn't easy. People are interested in seeing the software industry evolve towards more robust software---that's the feedback I get from folks on the Net." # # # The report above may be reprinted with credit provided as follows: Home Page Press, Inc., http://www.hpp.com and Online Business ConsultantOE Please refer to the HPP Web site for additional information about Java and OBC. =========================================================== ............Home Page Press, Inc. http://www.hpp.com home of Go.FetchOE ........Free TEXT version - Online Business Today email: obt.text@hpp.com ....Free PDF version - Online Business Today email: obt.pdf@hpp.com OBC / Online Business Consultant, $595/year email: obc@hpp.com ------------------------------ Date: Sun, 21 Apr 96 16:07:26 PDT From: jblumen@INTERRAMP.COM Subject: File 2--The Internet is a library SEX, LAWS AND CYBERSPACE BULLETIN No. 1 April 20, 1996 This is the first in an occasional series of essays from Jonathan Wallace and Mark Mangan, the authors of Sex, Laws and Cyberspace, (SLAC) a new book from Henry Holt on Internet censorship and the Communications Decency Act. We will send three or four pieces of mail a month on focused, factual topics relating to the federal government's attempt to regulate the Net. If you wish to receive the SLAC bulletin, please send mail to co-author Mark Mangan at markm@bway.net. THE INTERNET IS A LIBRARY by Jonathan Wallace jblumen@spectacle.org The Internet is the latest in a series of communications revolutions that have initially baffled legislators and judges, who must select the correct analogy to apply in writing new laws, or interpreting old ones. To pick just one example, when the telephone was introduced, courts struggled with the question whether it was simply a new form of telegraph, or something else entirely. Today, policy makers are asking what the correct analogy is for the Internet. The Communications Decency Act (CDA), and its supporters on the religious right and elsewhere, have a quick answer for the question: the Internet is no different than a broadcast medium, like the radio or TV, and should be governed in the same strict way. The language of the CDA was, in fact, borrowed from FCC regulations pertaining to broadcast. The correct analogy is something far different: the Internet is a vast library, containing every type of information known to humans. We can learn a great deal about the way that legislators and judges should deal with the Net by examining the way that libraries function. A constant criticism levelled at the Internet by CDA proponents is that explicit sexual information is far more freely available to minors there than in a bookstore or library. This sounds reasonable, but is completely untrue. While free speech proponents have heard this statement many times while maintaining an uncomfortable silence, a look at the actual policies of librarians confirms that most do not consider it their job to police what children read. Instead, the child's parent decides whether or not the child is to have a library card and is responsible for supervising what a child takes out from the library. One of the most persuasive witnesses to testify in ACLU v. Reno, the lawsuit against the CDA currently pending in federal court in Philadelphia, was Robert B. Croneberger, Director of Pittsburgh's Carnegie Library. (The American Library Association, of which Croneberger is a member, is also a plaintiff in the case.) He testified that the library currently has 277,000 cardholders, one third of them minors. Croneberger said in the affidavit he filed with the court: "It is the mission of the Carnegie Library of Pittsburgh to provide the widest array of information to the widest possible audience--both adults and minors. To that end, the library makes no distinctions between patrons on the basis of age. The library does not offer separate library cards for adults and children and the library does not place restrictions on what minors can read, use or borrow in the library." He observed that the librarian is not competent to judge what children are mature enough to read. "Age must not be a restriction imposed by anyone except the parents of a child, who can judge the maturity of that child." In court, responding to the government's cross-examination, Croneberger elaborated: "If we as librarians are put in a position of making decisions for other people's children, we would fail miserably." Croneberger testified that some libraries have created a separate type of library card for juveniles, but that most have not. Within days after his testimony in court, I spotted the following in The Brooklyn Heights Paper, my community newspaper: "After months of wrangling, the Brooklyn Public Library has finally decided to give an inch in the debate over whether minors should be allowed access to R-rated videos. "The new policy, adopted by the BPL board earlier this month, will allow parents to obtain restricted library cards for children younger than 13 years of age. The card would prohibit children from borrowing any adult material, be it movies, research material, or Shakespeare's plays." The contrast to the CDA is interesting. Nobody is burning any books, or even removing them from the library shelves. Instead, the library will continue to contain every conceivable kind of information, including works on sex. Some libraries--like the Brooklyn Public library--will simply not let children with the juvenile card take these works out. Most libraries, as Croneberger testified, will let children look at anything, once their parents have decided to allow them to have a library card. The CDA is a book-burning law. The prison terms and fines it provides for are very specific, while its defenses--that an information provider tried to use "reasonable and effective" means to prevent children from accessing the material--are very vague. This means that a provider feeling the chilling effect of the law is much safer deleting information from the Internet (the equivalent of burning a book) than relying on a vague defense. Nevertheless, CDA proponents point to the "reasonable and effective" measures defense as proof that the CDA, like the Brooklyn Public Library's new rule, merely governs who can receive material, but does not lead to its destruction. However, all prior indecency laws are extremely specific about their "safe harbors". Television and radio can safely broadcast indecent material after ten p.m. 900 line providers need not fear prosecution so long as they take a credit card from the caller. While the CDA calls for providers of commercial information to take credit cards or set up passworded accounts, nothing in the CDA spells out anything else a provider of free online information can do to avoid getting in trouble. Advocates of the CDA want to have it both ways. Even as they argue to the Philadelphia court that the vague safe harbor makes the CDA a "narrowly tailored" law, and therefore constitutional, they have been loud and insistent that no form of regulation short of electronic "book-burning" will protect minors. Senators James Exon, Dan Coats and Charles Grassley--the CDA's three biggest Senate advocates--repeatedly said during the Senate debate in June 1995 that children could outwit any technical protection available. Neatly summarizing these arguments is the following excerpt from a FAQ distributed by Reverend Donald Wildmon's American Family Association: "Q: Aren't there 'technical fixes' that are less intrusive than a regulatory or criminal law approach? "A: No. To date, only a few software programs have been released to regulate children's access to pornography, such as SurfWatch and NetNanny. Also, these programs can be bypassed by users with a good knowledge of the Internet and some technical sophistication. Even if better technical solutions become available, this approach is inadequate in and of itself because: children can walk down the street to another computer; parents' technical ability often pales in comparison to their children's expertise; pornographers aren't legally discouraged from peddling their materials to children." Rather than listening to what CDA proponents tell us, or tell the court, we should listen to what they tell one another. Prosecutors will later argue that virtually any form of control used by information providers was not "reasonable" or "effective", thus sending them to prison despite their extensive efforts to seek a safe harbor. The CDA was invented by people who believe that some books should also be banned. The day the CDA passed, Senator Coats indiscreetly commented that certain portions of Catcher in the Rye would (and should) be illegal under the new law if posted online. The CDA's most vocal proponents on the religious right have been involved in numerous efforts to ban books from school libraries. If the Philadelphia court fails to recognize that the Internet is a vast library, it will open the door to radical censorship. It will also allow a preposterous distinction to be drawn between text on paper and electronic text, between Catcher in the Rye in your library and on the Internet. But if the judges apply the right analogy and recognize that the Internet is a library, they will ensure the survival of the fearless freedom of speech into the 21st century. Resources: The ACLU, http://www.aclu.org Center for Democracy and Technology, http://www.cdt.org Voters' Telecommunications Watch, http://www.vtw.org Wallace and Mangan report on ACLU v. Reno, http://www.spectacle.org/cda/cdamn.html Sex, Laws and Cyberspace, http://www.spectacle.org/freespch/ ----------------------------- Jonathan Wallace The Ethical Spectacle http://www.spectacle.org ACLU v. Reno plaintiff http://www.spectacle.org/cda/cdamn.html Co-author, Sex, Laws and Cyberspace (Henry Holt, 1996) http://www.spectacle.org/freespch/ Free speech absolutist--and proud to be ------------------------------ Date: Tue, 19 Mar 1996 17:25:17 -0600 From: cudigest@SUN.SOCI.NIU.EDU(Computer underground Digest) Subject: File 3--Boardwatch Magazine -- A review When CuD first reviewed BOARDWATCH magazine back in 1991 (CuD 3.31), we were impressed by the content. At that time, the content focused primarily on BBSes, and the articles focused heavily on BBS software, reviews of hardware and BBSes, and included lists of BBS outlets in various area codes. Although there were occasional pieces by a variety of guest writers, Jack Rickard did much of the writing, and coverage on non-BBS news was rather limited. I dug out an old copy of BOARDWATCH from November, 1991 and thumbed through it. The cover, a black-and-white picture of Jim Harrer of Mustang Software and John Friel of Qmodem, captured what BOARDWATCH was about: BBSes, BBS personalities, and BBS news. And, of course, lots of ads. The layout was an improvement over earlier years, but it had a long way to go before appealing to a broader audience. A year later, we reviewed it again and noted the gradual expansion of topics to include Internet issues and the addition of a few specialists, including "Legally Online" by Lance Rose. It was movin' on up, and Rickard was obviously committed to producing a broad-based magazine that covered an increasingly broad, yet detailed, news outlet for cyberspace issues. Rickard has succeeded. In my view, Boardwatch has become an exceptional source for Internet news. The layout has gone from simple monotone covers to the more recent full-color graphics, including covers that are slick and eye-catching. Rickard has added over a dozen regular writers and columnists, inlcuding John Dvorak, "Dr. Bob" Rankin, and Ric Manning. Interviews, reviews, social and political critique, news summaries, hardward and software discussions, and other features and tidbits cover the full range of issues relevant to online interests. The May, 1996, issue includes a cover story on Microsoft and the Interent, 15 columns by the BOARDWATCH stable of regular contributors, and items about Cuba on the Internet, digital economics, and a wealth of factoids (California ranks first in the number of .com, .net, .edu, and .org Internet domains, North Dakato near last) that will make you rich if you ever take "the Internet for $150, please." It remains a steal at $36 a year for 12 issues. Why is it worth subbing to? Here's a blurb from the BOARDWATCH homepage (http://www.boardwatch.com) -- Check out the homepage and consider a sub -- they'd make a great gift. (No, we're not payed to hype BOARDWATCH -- it really is *that* good). ========================================================== Boardwatch Magazine is a printed monthly magazine available at over 12,000 newsstand locations around the country at a cover price of $4.95. Each issue features over 144 pages of the leading online editorial covering the Internet, Online Services, and the communications industry. Boardwatch is read by the movers and shakers in the Internet community, including over 3200 Internet Service Providers (well there are that many and they read Boardwatch) , thousands of software developers and consultants - essentially anyone involved in developing and providing online services. A with the latest online networking news and information. Subscriptions are just $36 per year - a savings of $24 over the newsstand price. Additional savings with a two year subscription at just $59 - $61 off the newstand price for over 50% savings. TOP TEN REASONS TO SUBSCRIBE: 1. JACK'S EDITORIALS. Some claim he's lost in cyberspace. Certifiable. Totally wrong on a monthly basis. Those who have been taking their licks online over the years and surviving tend to read closely. Like coffee, wine, and fine cigars, it's an acquired taste. 2. JOHN C. DVORAK. The final word in the final pages of Boardwatch. Identified communications as the "Fourth Killer Application" in 1983. Also picked Boardwatch as the one to read on the topic in 1989. Joined the writing staff in 1994. 3. WINDOWS95 NETWORKING COVERAGE. Boardwatch identified WindowsNT as the low-cost server for Internet Applications in March, 1995. Fall of 1995 brought Windows95 with a host of communication features and the Boardwatch staff fell in love with it. Future issues show you how to make the connection and take advantage of the incredibly powerful communication features of Windows95 - via the TCP/IP Internet. 4. LEGAL AND POLITICAL COVERAGE. Lance Rose, Jim Warren, and others cover the legal aspects of operating an online service in today's world, developments you may have a CRITICAL need to know in the future. And they show the process where laws are created and modified - so you can influence them BEFORE they become your most recent business nightmare. 5. TECHNICAL COVERAGE. Reviews of Web Server software, BBS software, hardware devices, HTML page design tricks - unabashedly technical and decidedly NOT for the novice or the faint at heart. Boardwatch delivers the latest technological edge to Internet Service Providers, online content developers, and the power players in the online community. 6. ADVERTISING . Yep. You wouldn't think it, but most of our readership finds as much education in the ads as in the editorial. We intentionally nurture the small, startup developers in hardware and software. The ones that can't afford the larger magazines, but often have the most interesting products for communications and online services. Knowing what they are up to is part of staying sharp on what's happening in the community. 7. LETTERS TO THE EDITOR. Not a strong feature in most magazines. For some reason, it's become the most closely read section in Boardwatch. Find out what other professionals in the online community have on their minds. And watch Jack gently respond with kindness and understanding of their plight. 8. LISTS AND LISTS OF LISTS. Boardwatch started life as a list of bulletin boards in 1987. They've never gotten over compiling lists of things. 9. IT'S CHEAP. On the newsstand at $4.95 and cheap at twice the price. Subscribe for two years at $59 and get it delivered at your home or office early at $2.46 per copy. Let's see, as a computer professional, I can tell that this is a savings of....$2.49 per copy. Or in UNIX terms THREE FREE PIZZAS A YEAR! 10. YOU STILL CAN'T TAKE OUR WEB SITE TO THE BATHROOM WITH YOU! Current Subscription Rates are: * for U.S., Canada, and Mexico: 1 year (12 issues): $36.00 2 years (24 issues): $59.00 * Overseas: (sent Air-Mail) 1 year (12 issues): $99.00 Or contact us voice at 800-933-6038 ------------------------------ Date: Tue, 19 Mar 1996 00:33:47 -0600 From: cudigest@SUN.SOCI.NIU.EDU(Computer underground Digest) Subject: File 4--"Zen And Blarney" (Boardwatch Reprint on Kevin Kehoe) ((MODERATOR'S NOTE: Way back in CuD's first year, circa 1990, Brendan Kehoe contacted us and offered to put CuDs up on his system at Widener for ftp access. At the time, this took some courage, because although CuD was as legal and law-abiding as it is today, it was perceived by some to be a "hackers'" 'Zine that advocated illegal activity, and some even wondered why CuD editors (and posters) weren't "busted" along with the rest of the "Internet scum." Although the perception was absurdly erroneous, it refelected the mood of the times, and it this made some sysads concerned with their liability for making issues available. Brendan, however, realized that providing an ftp site would make CuDs more widely available would be a useful resource, so he set up our first ftp site. Since then, Brendan moved on and up, CuD's ftp site moved over to ftp.eff.org, and life goes on. Brendan (along with Stanton McClandish) still archives CuD. Brendan also survived a near-fatal automobile accident a few years ago. Bob Rankin profiled Brendan in a recent issue of Boardwatch (which is another reason we think that, like Brendan, Boardwatch is comprised of the "good guys"). From: Boardwatch, March, 1996: COPYRIGHT 1996 by Jack Rickard. Not to be reprinted without permission by Bob Rankin Zen and Blarney Brendan Kehoe is one of the good guys. As author of the classic Zen and the Art of the Internet guide, developer of the Archie file-locator client software, archivist for the Computer Underground Digest and general doer of good online deeds, Kehoe personifies the phrase "net citizen." Kehoe is a soft-spoken young man with a fiery Irish spirit who seems most content when he is doing something for others. While in college he wrote the Zen guide to help fellow students understand what he had learned about the Internet, and this free guide became an instant sensation. When he's not off doing volunteer work in the community or answering a seemingly endless stream of e-mail from fellow Internauts, Brendan works for Cygnus Support in Mountain View, CA as manager of the C++ Development group. Born in Dublin, Ireland some 25 years ago, Kehoe came to America when he was 4 years old and developed the computer habit not long afterward. But the road that led him from Commodore to SparcStation was not without a few bumps. In December of 1993, Kehoe sustained severe head injuries in an automobile accident and was not expected to recover. Miraculously, he survived the crash and emerged with a new outlook on life and what really matters. Recently I talked with Brendan about Zen, the accident, and his life both on and offline. Here's what he had to say... Doc: What was it that attracted you to the Internet? Brendan: Just being able to find things out really quickly. In high school I was blowing away my physics teacher by bringing in a copy of a technical report only a day after some scientist had announced a major discovery. It was really neat that you could find that much stuff that quickly. Now the problem we're running into is how to organize that massive amount of information. Doc: You had a brush with death about two years ago. Can you tell me what happened that day? Brendan: I was in rural Pennsylvania, coming home from a friend's house on New Year's Eve of 1993. Whatever we were talking about, it so captivated us that I went right through a stop sign and was hit by a Jeep Cherokee in the driver's side of the car. We went into a spin and ended up being jammed about a foot into some guy's house. Fortunately, a lady who was following us saw the whole thing and was able to call 911 on her cellular phone. I was flown by helicopter to the hospital at the University of Pennsylvania, where I had three sessions of brain surgery. I was in a coma for three days and after I came out of that I was in something called an aphasia for about three weeks. I had an attention span of about 2 seconds - I was swearing, talking in numbers - actually consistent numbers, my friend said. Then one morning I just magically woke up, rang for the nurse and asked for a newspaper to find out what day it was and why I was there. Doc: I understand you're considering a move from software engineering to teaching elementary school. Brendan: One of the interesting results of the whole accident thing was that it really pointed out the fragility of life to me, and that you should do things that you're going to be gratified for having done years later. Being a software engineer is fine and I can do all this cool stuff, but I don't get much out of it. And I know that 2 or 3 years down the line everything I do will be completely changed. So as all this fragility of life stuff was hitting me I started really enjoying working with kids, reading things with them and things like that. I started going into classrooms to watch teachers work, and figure out what kind of stuff I'd be able to do and how it would feel. I was also volunteering at a support network for battered women - I'd keep the kids busy while the moms were in with a counselor. It was really interesting - escaping from a C++ meeting, spending an hour so playing with the kids and then returning to work. The difference between the two was amazing, and I started thinking "I suppose I could do this." Doc: So you're changing your occupation to a vocation... Brendan: Exactly. Everybody's telling me "Why you gonna do that - there's no way you can get anywhere near the money you're making now." But it's a trade-off depending on what you really want out of life. If I can figure out a way to live off a teacher's salary and continue writing Internet books it could work. It better! Doc: About your book... the title is an obvious play on Zen and the Art of Motorcycle Maintenance; is there any special significance to the "Zen" thing for you? Brendan: I had actually just finished reading Motorcycle Maintenance when I was finishing the first draft of my book, and I realized that a lot of the stuff that Robert Persig did in his book was to encourage people to learn the basics and then go off and learn more by themselves. This was the approach I was taking with Zen, to give everybody the raw tools they need without deluging them in hundreds and hundreds of pages of random stuff - instead relying on them to take what I've given them and learn it in their own way. Doc: You were a student when you started the book, right? Brendan: Yup, at a place called Widener University in Pennsylvania. While I was a student there I took on the job of becoming their UNIX system administrator. Widener had just gotten hooked up to the Net and nobody could figure out what in the world to do with it, so I started trying to figure it out for myself. I wasn't actually reading anything from anyone - just going exploring and trying all these different commands. When people saw that I was figuring it out I got hit with so many questions I was going nuts. So I thought why not just write it down, and that's where the idea of the online first edition [of "Zen"] came from. I took about four months of writing down all the questions I was being asked and putting it in a form that was usable. And after making it available to students at Widener I realized that people everywhere must have the same questions. So I figured "what the hell" and put it out on the Net. About two and a half weeks later I got a call from David Farber at University of Pennsylvania saying "How would you feel about making this a published book?" That was February of 1992, and I had the galley copy done by mid-April. The 4th Edition [ISBN 0-13-452914-6, Prentice Hall PTR, $23.95, (800)382-3419] now has a chapter on the Web, a section on how to write your own home page, and an appendix on how to safely introduce your kids to the Net. Doc: How many copies of the "Zen" book have sold so far? Brendan: I actually don't know. In January of 1994, it was something like 75,000 copies and another 20,000 or so of the 4th edition were sold last year. Doc: When you published "Zen" it attracted a lot of attention. What kind of opportunities did that present, and how did it change your life? Brendan: It's been really surreal - it still blows me away when I go into a bookstore and see my name on the spine of a book. It still hasn't quite settled in. What's really nice is that having the book out makes it so that people feel like "Oh, maybe he can answer my question" and I get all these random questions in my e-mail asking how to do this, that or the other thing. And I don't have any problem answering them because I figure they don't know me, I don't know them, but somehow we're able to help each other. Doc: I got a kick out of the opening paragraph on your http://www.zen.org site: "The Zen Internet Group is a very small, covert group of highly technical people struggling to overcome the drudgery of day-to-day life and burrow down into the world like a spoon into a banana split, splitting apart the atoms of closed-mindedness and tie-dyeing the very fabric of the universe, venting our frustrations at working on computers all day at work by coming home and working on a computer." Doc: Is the Zen Group for real, or is it just a whimsical thing? Brendan: I liked the idea of getting the zen.org domain so I thought I'd make up the Zen Internet Group in the hopes that maybe someday it will actually exist. We do get deluged with people asking us about the Zen religion, though. Doc: You've got a nice collection of "kids stuff" on your web site. Tell me how that came about. Brendan: Originally it was just interesting things that I'd found, and I realized that they were all over but they weren't in any one place. Even Yahoo hadn't been set up completely at that point. I realized that people might not be seeing good uses of the Net if it's all spread out like that, so I just put them all together and wound up with a mention in Yahoo and several other places. Now I'm getting lots of people sending me mail with suggestions for additions, and there are about 2000 hits per week. It would probably be better if I had a faster modem on my machine! Doc: Given your interest in kids and their welfare, what's your take on protecting them from inappropriate or indecent materials on the Net? Brendan: Well there are a few solutions now that make it really easy for people to do it. There's SurfWatch and NetNanny which cause a web browser to deny certain pages, but I always try to explain to people that they should consider the Internet like a playground. They wouldn't encourage their kids to just run off and play all by themselves - and at the same time they shouldn't let them go on and use the Internet completely unattended. Even if it is right there in the living room, they don't know what's going to be on the screen. There are a lot of parents that don't feel as comfortable with computers as their kids do, but that's an opportunity to let the kids show off how great they are and how well they can do all this stuff. The best approach is for parents to actually do it along with their kids, and to explain that the same rules apply for both strangers on the street and strangers on the Net. I'm actually working on a kids book now, as part of a series of Zen books, which should come out around the end of this summer. It's called Zen and the Art of the Internet - Parents & Educators Guide. It expands on how to introduce kids to the Net and gives teachers ideas for integrating the Internet in their classrooms. Doc: Do you see any room for a legislative solution to the problem? Brendan: Not really. There could be some approaches but the problem with most of the ones that are out now, such as the Exon bill that's causing all the controversy, is the Internet is a global medium. So any legislation we pass here in the U.S. wouldn't mean anything because a person could set up a site in Sweden or Finland or wherever and jump over the law by operating outside the country. Doc: A lot of people see you as a kind of Internet hero. Who do you see as the people who have done the most good for the Net? Brendan: There's a group up in Canada called Bunyip that did Archie. Alan Emtage was one of the key guys there. The way that they set up Archie, along with the way folks at University of Nevada-Reno did Gopher,together helped to really spawn the growth of the Net and all the stuff that's happening today. There's also David Farber at U. Penn who seems to be at the forefront of everything; and both Mitch Kapor and John Perry Barlow at EFF who I admire for their speeches on privacy and the Internet. Doc: How do you use the Internet on a personal basis? Brendan: I use e-mail, probably more than I should. I use it to be able to work from home easily. The other day my girlfriend came down with strep throat and was wondering what to do about it. I was able to do a Lycos search and find a list of ten key ways to deal with it without getting a throat culture. I also like finding information on certain musicians and writers. There's a newsgroup for Anne Rice, so I'll look there to see if she'll be making any appearances in the Bay area. Doc: How do you see the Internet changing society or the way we live by the turn of the century? Brendan: I'm convinced that before the year 2000 we'll come up with a way for more people to afford it - it's still too elitist. You still need a really nice computer to be able to do it. There's a project going on out here in Sunnyvale now where you can get an Internet connection using just your existing cable and television [no computer required] for $30 a month. It's an interesting sign that they're trying to come up with ways to make it less expensive. One thing I'm positive that's gonna happen within the next year is that we'll solve the whole digital cash and electronic money thing. Right now there are three or four different approaches to doing secure transfers over the Net. Some of the projects underway now include really big names like Sun Microsystems and Microsoft so even by the end of this year there should be some internationally agreed upon standard for doing secure money transfers, banking, and buying - it's just going to go right up through the roof. Doc: Any parting comments, oh great Zen Master of the Internet? :-) Brendan: When people ask me, "Is the World Wide Web it for the Net?" I have to tell them no, because it's just like if they'd asked me two years ago if Archie and Gopher were it. It's only limited by the human imagination and there's no way that our imaginations are going to stall on something like the Web. And now we've got Java coming up. There's always something new coming. Some people have asked me if there will be a 5th or 6th edition of my book and I tell them in all likelihood there will because this thing [the Net] changes so quickly. Even now, "Zen" is out of date on some things because it doesn't do heavy coverage of Java. There's no way anybody can be exactly up to date unless they sit in front of their computer with ten other people typing simultaneously. I've been saying if people wanna use the Net, go in and use it now - don't wait for it to get better. It's going to consistently get better and you're never going to find a stalling point. The Internet itself is going to have to change soon, because we're running out of addresses. There is a proposed 128-bit addressing scheme and people on the East coast are experimenting with a gigabit connection now. So yeah, it's gonna really transform, but there will be a lot of constants. E-mail will still be e-mail, probably very similar to the format it is now. We'll see a growing up and a firming up. Even if you look three years ago at the way things stood then compared to now it's amazing. It's funny when you hear Vint Cerf (one of the chief architects of the TCP/IP protocol) talk now - he can't believe the way some of the things have grown. And I'd love to know what Marc Andreessen really thinks about what Mosaic turned into, other than the fact that he's a billionaire now. Connecting With The Zen Man brendan@zen.org http://www.zen.org/~brendan ======================================================================= Editor: Jack Rickard - Volume X: Issue 3 - ISSN:1054-2760 - March 1996 Copyright 1996 Jack Rickard - ALL RIGHTS RESERVED ------------------------------ Date: Thu, 21 Mar 1996 22:51:01 CST From: CuD Moderators Subject: File 5--Cu Digest Header Info (unchanged since 7 Apr, 1996) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (860)-585-9638. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) Brussels: STRATOMIC BBS +32-2-5383119 2:291/759@fidonet.org In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #8.37 ************************************