Aardvark Weekly
New Zealand's Leading Weekly Net-News Online Publication
Net-Industry
Commentary!
You really should use a Java-capable Browser!

Add this ticker to your page
ASB Bank
Please support Aardvark - CLICK THE AD!
Enabled Are YOU Aardvark Enabled?

Have Your Say

New Sites


Email Addresses

For Publication

Tip-offs
Strictly Confidential!

Editor
Not for publication


Click HERE for DAILY Net News

Commentary for: 26 January 1997

What's Netscape playing at?
award logo Hey, good news! Not only is Netscape going to let you use its browser free of charge, it's also going to give you the source code if you want it.

"Big Wow! <yawn>" I hear some of you saying, how many Net users would have the time, let alone the skills, to sit down and make sense of what must be many thousands of lines of C or C++ programming code?

A good question - but irrelevant.

The best thing about Netscape's release of this code is that we'll get to see how well it's been written. Ever since version 1 of Netscape's Navigator browser, users have been grizzling about the numerous bugs. At last some of us will get the chance to see if these are caused by bad design, bad programming or simply the huge complexity of the product.

Others are asking whether the release of the source code will actually spell the end of Navigator. I mean, once a few wannabe programmers get their hands on the code and start modifying it, who knows what bugs and security holes they'll add. How are you going to know whether that "great new improved" version from "Acme Hack" is really safe?

Well I don't think this is going to be a problem, after all there are already numerous large software products which have survived in the same situation. Linux, GCC, PovRay and a number of other large software projects have benefited immensely from the concerted efforts of a very large group of programmers. These products are every bit as good (some would say better) than the fully commercial equivalents and there has been little or no problems with deliberate or accidental bad-hacks.

But what's the real reason?
It's pretty obvious why Netscape decided to give away the Navigator product; I mean, beggar all people actually register it anyway and it's very hard to sell something that your competitor is happy to give away for free.

Microsoft's continued erosion of Navigator's marketshare in the browser area is proof that Netscape probably had no choice in the matter - they didn't jump, they were pushed.

The release of source code is a different matter though. What do Netscape have to gain from this?

Well one thing's for sure, there's going to be a huge groundswell of support in some developer circles. I expect to see Navigator gain the same level of support as those other free "programmer-supported" products I mentioned previously. There's also a very good chance that we'll see a more stable product within 12 months as a result.

The importance of gaining the support of the programmer community should not be underestimated. IBM made this fatal mistake when they launched OS/2 - spending 50 million dollars targeting end-users while at the same time trying to milk developers for over-priced tools and programmer resources.

Marketshare or mindshare?

Is it a cunning plot?
So where do Netscape go from here?
Well nobody makes money from Web browsers - they're a loss leader that simply establishes the vendor's name in the marketplace.

Microsoft have always understood this and now Netscape do.

The real money is in the provision of server-based products, especially in the Intranet market. Big companies and corporations can end up spending a small fortune on web-servers, mail-servers and the like and that's where Netscape will be focusing its activities in future.

Of course they're not about to move out of the browser market completely, look for a Navigator 5 to arrive probably later this year. It was planned that this would be a "pure Java" product, something which would vastly simplify the support of multiple operating systems and computer types - however there are rumblings that Netscape will back away from their "full-on" Java support - only time will tell I guess.

One thing is for sure, many of those large organisations which switched to Microsoft's browser to save the costs of buying multiple licenses for the Netscape product may now be reconsidering their options - and that's good news for Netscape.

Is this a giant scam or what?
Remember a couple of weeks ago how I mentioned that the direct marketers were combing Web-sites for email addresses?

Well it appears that pickings are now getting so lean that they're actually creating new email addresses to send their junk-email to!

Last week I started receiving email from usa.net telling me that I'd been allocated a NEW email address (at usa.net) and that I should make a note of it for future reference. I received this message for each and every address used on both Aardvark and 7am.com. I suspect a lot of other people who have used their email addresses on a Web site have received the same garbage.

This worries me for two reasons.

  1. To have the email address removed you must contact usa.net and tell them. This obviously means that you are then a "qualified" candidate for spam. You've just proved that they've got a valid email address and you read your messages.

  2. Within a day or so, this new address started receiving junk mail from purveyors of "adult products". Since I've never promoted or even used this new address myself, it is obvious that usa.net or whoever created the account did so with the sole intention of using it for spam delivery.
It would be a real worry if this whole strategy has been orchestrated by usa.net themselves. They have yet to respond to an email in which I asked them to explain and cancel the accounts - although the flow of mail has now stopped. Now I may be wrong, it could be that some 3rd party is simply using usa.net as a means of performing this scam but if that's the case, why no explanation from them? If it wasn't them, it still highlights a huge hole in their system. When requesting an address from one of these free mail services, no account should be made active until the requester of the address is sent an acknowledgment and confirms that they really want it. To have acceptance as the default is lunacy - the operators of mailing lists learnt a long time ago that this confirmation process was essential. Until it was implemented, one of the most effective ways to piss your enemies off was to subscribe them to 1000 different lists, an act which would generate a stream of thousands of email messages every day to fill their mailbox. By not providing a similar protection mechanism to control the creation of new accounts, usa.net has a lot to answer for!

Another worrying aspect of this whole thing is the number of Net users who may misunderstand the situation and think that the advisory email is from their ISP or some other "official source". Some of these will switch to using this new email address at usa.net in the belief that their original email address has been changed. Remember that novice users find this whole Internet thing very confusing and may not even be aware of how unscrupulous some of these spammers are.

I'd certainly like to hear from anyone else whose been the recipient of this garbage and I've already warned usa.net that unless they remove the accounts concerned and immediately terminate all mail forwarding, I'll be taking legal action on the basis that they are "passing off" their email address as a bona fide part of 7am and representing themselves as an authorised forwarding agent for its email.

The eagle-eyed amongst you will notice that I've now removed all the email addresses from 7am News and the same will soon be the case here at Aardvark. You can still use the previously published addresses but I'll also be replacing them with a contact form. As I said the other week - I suggest you do the same if you've got a Web site.

Bloody spammers!
Listen to Peter, he knows what he's talking about!
Microsoft has a security time bomb!
Peter Gutmann is a very smart guy and his involvement in matters relating to data encryption goes way-back. We should all take note of him therefore when he says that Microsoft's Net products have flaws that can allow malicious hackers to steal the very valuable private encryption keys some are using.

One of the biggest hurdles to the use of the Net for critical commercial and legal purposes is the difficulty associated with verifying that the sender of an email or visitor at a Web site is who they say they are and the relative insecurity of the transfer of data around the Net. For an example of how easy it is to impersonate someone else, just look at all the junk email people receive with bogus "from" or "reply" addresses.

To overcome these problems, many people are using "keys" which, when used with signing or encryption software, effectively provide an undeniable proof that the sender is who they say they are. These keys become a sort of "electronic passport" and it is absolutely critical that they do not fall into the wrong hands - or the person who steals them can masquerade as you. Imagine the ramifications if they send out a thousand copies of an email containing libelous statements in your name - signed with YOUR digital key as proof of identity.

Now Peter's saying that some of Microsoft's cornerstone Net products, primarily their browser (Internet Explorer) and Web server (IIS) are so fundamentally flawed that they can allow hackers to steal these digital keys from a user's hard disk. He's saying the flaws are so serious that nobody should surf the Web until the holes are fixed - a pretty stern warning!

Of course it's all a matter of risk versus benefit. If you don't have any encryption or personal IDs on your computer and there's nothing else on your hard disk that would result in catastrophic consequences should someone steal it - then surf-on. Those who are surfing the Net from work and whose machines carry sensitive data should perhaps think again.

Peter, why not drop me an email or write us small piece with some more detail, perhaps giving some idea of the degree of risk for the average Net user?


This Week's Featured "Aardvark Enabled" Site

Muster & Co

Get your own site Aardvark Enabled
and you too could appear here!


The I.C.B.I.T Award
I Can't Believe It's True!

When did Netscape release version 5?

I must admit that I'm a little puzzled. When I first looked at this site I was using my favourite browser, Netscape 3 so I wasn't too surprised (although a little annoyed) to see a message telling me that I needed to upgrade my browser. So... I fired up Netscape 4.04, the, most recent release from the Netscape stable and... you guessed it, the message was still there!

I think what these people are trying to tell us is that we MUST use IE4 to look at their web page "properly". I suspect this is all a load of doggy-doody, that page wouldn't look good even if I were wearing rose-coloured glasses and I'm not about to infect my system with IE4 just to find out.

Don't blame my browser buddy!

But... gee whiz, it must be a "wundaful" site, after all, check out how many people have visited it! Or maybe they're cheating.. could it be? Nah.. surely not? :-)

 
Right of Reply.

Tim Wood of IHUG sent this response to last week's story titled Banners Bring Big Bucks.

Tim's Reply


New Zealand News Wires

New Zealand News headlines from the best News sites on the NZ Web, all on one page to save you time, money and frustration - updated every 15 minutes.

All the nation's news on one page!

Or...

WorldWires - World news headlines

On TV Today
Turn on your Java!
Add this Remote to your own pages!

Aardvark Daily is a publication of, and is copyright to, Bruce Simpson, all rights reserved
Aardvark's logo created by WebDesign,