This month's column has to do with organizations and companies that have, by luck, skill, or bullying, obtained the holy grail of the Web denizen: an eponymous domain name. Remember the apocryphal story of the guy who latched onto "mcdonalds.com" and held it for ransom? Or the very real person that registered "fry.com" and got sued? How about Adam Curry, the former veejay that registered "mtv.com" and had to give it up?
The organization that officially registers domain names, called the InterNIC, has recently tightened the rules for domain name registration. Supposedly, there is now less chance of a domain name being kidnapped. However, I wouldn't count on being able to keep "billgates.com" even if your name is Bill Gates (unless you're THE Bill Gates); the current litigious climate means companies will sue you for possession of a domain name even if you have a reasonable "right" to it. Somehow I can't imagine McDonald's Hardware Store being able to register "mcdonalds.com" even though it would be a "legitimate" registration. All people are equal, but some are more equal than others.
Usage notes: As stated last month, all URLs (Web Page Addresses) in this column are assumed to begin with "http://" unless otherwise indicated, since this is Netscape's default. Visitable links and Internet addresses (outside of tables) will be underlined to mimic the effect in the Netscape browser. Owing to limitations in our publishing process, URLs may be hyphenated by our DTP program; if there is a "real" dash in a Net address, I will use a long dash like this: --. Hyphens, which you should ignore, look like this: -.
This month, just a few random hints and comments from around the Net:
Secure Sockets Layer, or SSL, is a protocol designed to provide an encrypted link between a browser and a server. The link provides both security and authentication: supposedly, when using SSL, you are certain of both who you're talking to and that nobody else can listen in.
You may have already used SSL without knowing it. SSL pages have URLs that begin with "https://." When SSL is active, a blue bar appears at the top of the Netscape window, and the little key in the lower left corner becomes "solid." When the key is "broken," you are browsing over an insecure link.
Some sort of secure link is vital to electronic commerce given the Net's poor overall security. People are very reluctant to transmit their credit card numbers (or other personal information) over a network if they think someone can eavesdrop.
SSL, like many other computer encryption systems, relies on very large numbers used as keys. The idea is that it's theoretically possible to break the encryption, but only at the cost of an unimaginable amount of computing power, essentially because you'd have to try every one of an extremely large number of keys until you found the right one. The security level rises as the keys get longer.
Unfortunately, early versions of Netscape, up through 1.2 Beta 6, use a key-generation method that is relatively easy to "guess." Though the SSL keys themselves are long enough to provide good security, not enough random information goes into generating the keys. Knowing this, an intelligent snooper could greatly reduce the number of keys he has to try before guessing the right one and breaking the encryption.
This is exactly what happened. A pair of California computer science students wrote a program that was able to break SSL message encryption at a high but not intolerable cost in computing power. Fortunately, they did it for the sake of hacking, not to actually steal information, but the security risk is there. One of the students was quoted on CNN as saying, "Whenever a big company says I'm safe, that I shouldn't worry, then I start to worry."
Netscape countered by pointing out that millions of Internet commerce transactions have been processed using SSL, but that no thefts are known to have happened. Indeed, breaking SSL messages requires a very high level of system access and technical expertise, so the risks are, if not negligible, then reasonably small. The company also promised to release a fixed version of the browser within a week of the story reaching the media. The fix will entail updating the key-generation mechanism to make the keys much harder to guess.
Needless to say, if you intend on conducting commerce over the Web, either as buyer or as seller, you will want to upgrade your Netscape software. Expect to be completely unable to log into the Netscape ftp site over the next few weeks as millions of paranoid users upgrade.
To address this problem, Netscape is introducing a product called SmartMarks. This is a sort of bookmark database that you run simultaneously with Netscape. It replaces the old-fashioned bookmark menu with a hierarchical, searchable catalog.
One of the SmartMarks program's more interesting features is its ability to import new catalogs of bookmarks. This means you can distribute or retrieve entire lists of bookmarks for other people to browse. The developers have provided a large number of pre-built catalogs, with more to come. Since a catalog can be exported in Netscape bookmark-file format, you can send your own customized catalogs to other users or post them on the Web; the exported catalogs don't need SmartMarks.
Another cool feature is the Mark Monitor window. Any bookmark in this window will be periodically checked for changes. For example, suppose you like to read "Robert X. Cringeley's" weekly column out on the Net (22.214.171.124/cringe.html). If you create a bookmark to the column's URL and place it in the Monitor window, SmartMarks will let you know when the column is updated. This saves you having to check the Web page periodically for updates.
You can watch for any change to a bookmarked page, or choose to be notified only when links on a page are added or changed. The latter might be useful if you wanted to track an on-line bookmark catalog.
Apparently, you will also eventually be able to check through your catalog for dead links, though this feature wasn't present in the release I had at press time. This would be a great way to reduce clutter, especially given the way Web pages move and disappear.
At least initially, Netscape is offering a beta evaluation version of SmartMarks at home.netscape.com/comprod/smartmarks_install.html. I have so far found the beta release to be rather buggy and erratic (like so many of Netscape's initial offerings), but the idea is sound. It's definitely much better than wading through all those nested bookmark menus.
Apparently, Windows 95 has a very tight limit on how long it's willing to wait for a modem to acknowledge a command. This limit proved to be too short for the Bitsurfr. Trying to dial out with Win95, most users would see a message implying that the modem wasn't responding. Looking at the Modem Log, you would see that Win95 was sending each command twice and not giving the modem time to execute the commands. In some cases, Win95's Plug and Play detection also failed because the modem didn't answer the identity query fast enough.
There is a fix for the problem, but regrettably, it means opening the modem and replacing its firmware, which is contained in two small PROM chips. If you are affected by this problem, which plagues all Bitsurfrs with firmware revisions prior to 'E,' you should call Motorola at (800) 221-4380. Press 3#, then 2# for ISDN technical support. You will probably spend a long time on hold, but eventually you can speak to a service representative and get the new chips sent to you, usually overnight. The repair itself is very simple and requires only a small, thin-bladed screwdriver and a little patience.
In order for this trick to work, you must be using the V.120 protocol to connect to your provider. This is currently the most standard way to get 64kbps access. The default behavior for most ISDN modems is to initiate V.120 sessions as data calls, rather than speech. This places the call in a different rate category (with per-minute charges) for many, but not all, customers.
Once the connection is established, it really doesn't matter how the call was initiated, as far as V.120 is concerned. To experiment with initiating as voice, try adding the string "%A98=S" to your modem initialization.
Under Windows 95, you can do this by opening the Dial-Up Networking window. Click on your ISDN connection's icon with the right mouse button and open the Properties dialog box. Click "Configure...," then choose the Connection page and click "Advanced...." Type "%A98=S" in the "Extra Settings" field (without the quotes), then "OK out." This will add the command string to Win95's modem initialization steps.
Because CompuServe (still, after all this time) uses a 7-bit, even-parity transmission scheme, there were problems seeing the service's prompts in the 8-bit, no-parity Terminal Window provided by the Dial-Up Networking applet. Mr. Allen pointed out that if you type a plus sign (+) and press <Enter> when the Terminal Window opens, CompuServe will immediately shift to 8-bit, no-parity mode, so you can then see the prompts in the Terminal Window. If you have the Microsoft Plus Pack for Windows 95, you can use this same technique with the Dial-Up Scripting Tool to enable automated connection to the Internet via CompuServe.
Ftp was originally a sort of Internet Zmodem. As with the familiar communications-package protocol, the purpose of ftp is to break up a file into chunks, or packets, that can be transmitted over the Internet. Ftp also provides integrity checks to ensure that transmitted files arrive without damage.
As time went on, ftp developed many interesting curlicues and extras, as UNIX utilities are wont to do. Eventually, what was once a trivial command-line utility became an elaborate tool with a couple of dozen commands. In addition to simple things like sending and receiving files, you can now use ftp to browse directories on the remote system, add and remove directories, and even (somewhat indirectly) run programs on the remote machine. This latter capability is incidentally one of the Internet's most vulnerable security loopholes.
For most Web users, the most useful ftp transaction is simple file retrieval. In this scenario, you want to find a file on the remote machine and bring a copy of it to your local machine. This casts your computer in the role of client and the remote machine as the ftp server.
Once the port is opened, the ftp utility will attempt to "log in" to the remote machine. This step is necessary in order to assign security privileges to the session, which is vital as we shall see below.
In the early days of ftp, people transferring files usually had accounts on both ends of the wire, so the login step was trivial. As the Internet began to grow, it became impractical to assign user IDs to everyone who wanted to retrieve files, so a convention was established: nearly all ftp servers accept login requests to the special ID "anonymous" with anything as a password. Convention dictates that the ftp software send the user's e-mail address as the password, but anything can be entered and the session will still proceed. This is the procedure you may have heard called "anonymous ftp."
Needless to say, anonymous users aren't granted the same privilege levels as "real" users of the host system. In most cases, an anonymous user is permitted read access only to a few limited directories where files for public consumption are kept.
Once the login is complete, you can execute any ftp command permitted to you by the remote host. For example, you can list directories (the "ls" command), change from one directory to another ("cd"), retrieve a single file ("get"), or retrieve a set of files using wildcards ("mget"). If you have the right security permissions, you can also create and remove directories ("mkdir" and "rmdir"), send single files ("put"), and send groups of files ("mput").
After you have completed your transfers, the ftp utility will log you out of the remote system and relinquish the connection, allowing another user to access the site. It's worth noting that all your transactions with the ftp site can be logged by the remote system; this is one of the reasons the site asks for your e-mail address as a form of identification.
There is often, but not always, a "read me" or index file in each directory that you can browse to find out more (just click on the link like any other document; Netscape will open the index as a text file). Sometimes, there is a special Descriptions file, which Netscape can interpret and so place a description next to each file. In all too many cases, though, you're on your own. For this reason, the more you know about the file you want, the better chance you have of finding it.
Some of the large archives now have HTML-based searchable indexes that help you find a file by its description or keywords. However, this functionality hasn't spread far enough to be globally useful yet. The quickest way to find something on an ftp site is to already know the file's name and directory.
The most important reason to be non-anonymous may be your personal Web page, if you have one. Many Internet providers allow you to set up a Web page (for personal purposes) at no cost or for a nominal fee. You will need to get the HTML documents that make up your Web page to the provider's web host system; this is generally done using ftp.
Obviously, you wouldn't want just anyone to log in anonymously and alter your Web page. Instead, you use ftp with an explicit login using your normal ID and password. This will grant you the same privileges on the host system you have during a normal login. With this access, you can install your HTML documents, create directories, and so on. Other people--as long as they don't have your ID and password--won't be able to disturb your Web page.
Netscape's ftp capability is fairly simple. It allows only anonymous logins, and can only retrieve files, not send them. Retrieving multiple files will open multiple connections to the host (rather than fetching the files in sequence); this slows down access and inconveniences other users by tying up ftp channels.
Ftp archives are a prime conduit for computer viruses. Since an ftp site can be put up by practically anyone with Internet access, you often know little about the probity of the person or organization hosting the site. Some of the most virulent and destructive viruses have infected this country from foreign ftp sites.
Evaluate the reliability of the site's owner very carefully before running a program you've retrieved. Sites hosted by software and hardware vendors, for example, are likely to be quite safe and well-run. University sites are all too likely to be infested; college students sometimes think of viruses as pranks, but you may not get the joke. Be especially careful of files hosted on private Web pages: there are a few very malicious people out on the Net, and you don't want to be a casualty.