Computer underground Digest Sun May 19, 1996 Volume 8 : Issue 37

Computer underground Digest Sun May 19, 1996 Volume 8 : Issue 37
ISSN 1004-042X

Editor: Jim Thomas ([email protected])
News Editor: Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Field Agent Extraordinaire: David Smith
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #8.37 (Sun, May 19, 1996)

File 1--(Fwd) JAVA BLACK WIDOWS - SUN DECLARES WAR
File 2--The Internet is a library
File 3--Boardwatch Magazine -- A review
File 4--"Zen And Blarney" (Boardwatch Reprint on Kevin Kehoe)
File 5--Cu Digest Header Info (unchanged since 7 Apr, 1996)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Sun, 12 May 1996 19:53:03 +0000
From: David Smith <[email protected]>
Subject: File 1--(Fwd) JAVA BLACK WIDOWS - SUN DECLARES WAR

"Black Widow" is a really cool name for what are essentially Java virii.

-- David Smith
-- [email protected]

------- Forwarded Message Follows -------
Date-- Sat, 11 May 1996 15:48:06 -0400 (EDT)
From-- "Home Page Press, Inc." <[email protected]>
Subject-- JAVA BLACK WIDOWS - SUN DECLARES WAR

JAVA BLACK WIDOWS - SUN DECLARES WAR

Sun Microsystems' has declared war on Black Widow Java
applets on the Web. This is the message from Sun in response
to an extensive Online Business Consultant (OBC/May 96)
investigation into Java security.

OBC's investigation and report was prompted after renowned
academics, scientists and hackers announced Java applets
downloaded from the WWW presented grave security risks for
users. Java Black Widow applets are hostile, malicious traps set
by cyberthugs out to snare surfing prey, using Java as their technology.
OBC received a deluge of letters asking for facts after OBC
announced a group of scientists from Princeton University, Drew
Dean, Edward Felten and Dan Wallach, published a paper declaring
"The Java system in its current form cannot easily be made secure."
The paper can be retrieved at
http://www.cs.princeton.edu/sip/pub/secure96.html.

Further probing by OBC found that innocent surfers on the Web who
download Java applets into Netscape's Navigator and Sun's
HotJava browser, risk having "hostile" applets interfere with their
computers (consuming RAM and CPU cycles). It was also discovered
applets could connect to a third party on the Internet and, without the
PC owner's knowledge, upload sensitive information from the user's
computer. Even the most sophisticated firewalls can be penetrated . . .
"because the attack is launched from behind the firewall," said the
Princeton scientists.

One reader said, "I had no idea that it was possible to stumble on
Web sites that could launch an attack on a browser." Another said,
"If this is allowed to get out of hand it will drive people away from the
Web. Sun must allay fears."

The response to the Home Page Press hostile applet survey led to the
analogy of Black Widow; that the Web was a dangerous place where
"black widows" lurked to snare innocent surfers. As a result the
Princeton group and OBC recommended users should "switch off"
Java support in their Netscape Navigator browsers. OBC felt that Sun
and Netscape had still to come clean on the security issues. But
according to Netscape's Product Manager, Platform, Steve Thomas,
"Netscape wishes to make it clear that all known security problems with
the Navigator Java and JavaScript environment are fixed in Navigator
version 2.02."

However, to date, Netscape has not answered OBC's direct questions
regarding a patch for its earlier versions of Navigator that supported
Java . . . the equivalent of a product recall in the 3D world. Netscape
admits that flaws in its browsers from version 2.00 upwards were
related to the Java security problems, but these browsers are still in use
and can be bought from stores such as CompUSA and Cosco. A floor
manager at CompUSA, who asked not to be named, said "its news to
him that we are selling defective software. The Navigator walks off our
floor at $34 a pop."

OBC advised Netscape the defective software was still selling at
software outlets around the world and asked Netscape what action was
going to be taken in this regard. Netscape has come under fire recently
for its policy of not releasing patches to software defects; but rather
forcing users to download new versions. Users report this task to be a
huge waste of time and resources because each download consists of
several Mbytes. As such defective Navigators don't get patched.

OBC also interviewed Sun's JavaSoft security guru, Ms. Marianne Mueller,
who said "we are taking security very seriously and working on it very
hard." Mueller said the tenet that Java had to be re-written from scratch or
scrapped "is an oversimplification of the challenge of running executable
content safely on the web. Security is hard and subtle, and trying to build
a secure "sandbox" [paradigm] for running untrusted downloaded applets
on the web is hard."

Ms. Mueller says Sun, together with their JavaSoft (Sun's Java division)
partners, have proposed a "sandbox model" for security in which "we
define a set of policies that restrict what applets can and cannot do---these
are the boundaries of the sandbox. We implement boundary checks---when
an applet tries to cross the boundary, we check whether or not it's allowed
to. If it's allowed to, then the applet is allowed on its way. If not, the
system throws a security exception.

"The 'deciding whether or not to allow the boundary to be crossed' is the
research area that I believe the Princeton people are working on," said
Mueller. "One way to allow applets additional flexibility is if the applet
is signed (for example, has a digital signature so that the identity of the
applet's distributor can be verified via a Certificate Authority) then allow
the applet more flexibility.

"There are two approaches: One approach is to let the signed applet
do anything. A second approach is to do something more complex and
more subtle, and only allow the applet particular specified capabilities.
Expressing and granting capabilities can be done in a variety of ways.

"Denial of service is traditionally considered one of the hardest security
problems, from a practical point of view. As [Java's creator] James
Gosling says, it's hard to tell the difference between an MPEG
decompressor and a hostile applet that consumes too many resources!
But recognizing the difficulty of the problem is not the same as 'passing
the buck.' We are working on ways to better monitor and control the
use (or abuse) of resources by Java classes. We could try to enforce
some resource limits, for example. These are things we are investigating.

"In addition, we could put mechanisms in place so that user interface
people (like people who do Web browsers) could add 'applet monitors'
so that browser users could at least see what is running in their browser,
and kill off stray applets. This kind of user interface friendliness (letting
a user kill of an applet) is only useful if the applet hasn't already grabbed
all the resources, of course."

The experts don't believe that the problem of black widows and hostile
applets is going to go away in a hurry. In fact it may get worse. The
hackers believe that when Microsoft releases Internet Explorer 3.00 with
support for Java, Visual Basic scripting and the added power of its
ActiveX technology, the security problem will become worse.

"There is opportunity for abuse, and it will become an enormous
problem," said Stephen Cobb, Director of Special Projects for the
National Computer Security Association (NCSA). "For example, OLE
technology from Microsoft [ActiveX] has even deeper access to a
computer than Java does."

JavaSoft's security guru Mueller agreed on the abuse issue: "It's going
to be a process of education for people to understand the difference
between a rude applet, and a serious security bug, and a theoretical
security bug, and an inconsequential security-related bug. In the case of
hostile applets, people will learn about nasty/rude applet pages, and
those pages won't be visited. I understand that new users of the Web
often feel they don't know where they're going when they point and click,
but people do get a good feel for how it works, pretty quickly, and I
actually think most users of the Web can deal with the knowledge that
not every page on the web is necessarily one they'd want to visit.
Security on the web in some sense isn't all that different from security
in ordinary life. At some level, common sense does come into play.

"Many people feel that Java is a good tool for building more secure
applications. I like to say that Java raises the bar for security on the
Internet. We're trying to do something that is not necessarily easy, but
that doesn't mean it isn't worth trying to do. In fact it may be worth
trying to do because it isn't easy. People are interested in seeing the
software industry evolve towards more robust software---that's the
feedback I get from folks on the Net."

# # #

The report above may be reprinted with credit provided as follows:

Home Page Press, Inc., http://www.hpp.com and Online Business ConsultantOE
Please refer to the HPP Web site for additional information about Java and OBC.
===========================================================
...........Home Page Press, Inc. http://www.hpp.com home of Go.FetchOE
.......Free TEXT version - Online Business Today email: [email protected]
...Free PDF version - Online Business Today email: [email protected]
OBC / Online Business Consultant, $595/year email: [email protected]

------------------------------

Date: Sun, 21 Apr 96 16:07:26 PDT
From: [email protected]
Subject: File 2--The Internet is a library

SEX, LAWS AND CYBERSPACE BULLETIN No. 1
April 20, 1996

This is the first in an occasional series of essays from Jonathan
Wallace and Mark Mangan, the authors of Sex, Laws and Cyberspace,
(SLAC) a new book from Henry Holt on Internet censorship and the
Communications Decency Act. We will send three or four pieces of mail
a month on focused, factual topics relating to the federal
government's attempt to regulate the Net. If you wish to receive the
SLAC bulletin, please send mail to co-author Mark Mangan at
[email protected].

THE INTERNET IS A LIBRARY

by Jonathan Wallace [email protected]

The Internet is the latest in a series of communications revolutions
that have initially baffled legislators and judges, who must select
the correct analogy to apply in writing new laws, or interpreting old
ones. To pick just one example, when the telephone was introduced,
courts struggled with the question whether it was simply a new form of
telegraph, or something else entirely. Today, policy makers are asking
what the correct analogy is for the Internet. The Communications
Decency Act (CDA), and its supporters on the religious right and
elsewhere, have a quick answer for the question: the Internet is no
different than a broadcast medium, like the radio or TV, and should be
governed in the same strict way. The language of the CDA was, in fact,
borrowed from FCC regulations pertaining to broadcast.

The correct analogy is something far different: the Internet is a
vast library, containing every type of information known to humans. We
can learn a great deal about the way that legislators and judges
should deal with the Net by examining the way that libraries function.

A constant criticism levelled at the Internet by CDA proponents is
that explicit sexual information is far more freely available to
minors there than in a bookstore or library. This sounds reasonable,
but is completely untrue. While free speech proponents have heard this
statement many times while maintaining an uncomfortable silence, a
look at the actual policies of librarians confirms that most do not
consider it their job to police what children read. Instead, the
child's parent decides whether or not the child is to have a library
card and is responsible for supervising what a child takes out from
the library.

One of the most persuasive witnesses to testify in ACLU v. Reno, the
lawsuit against the CDA currently pending in federal court in
Philadelphia, was Robert B. Croneberger, Director of Pittsburgh's
Carnegie Library. (The American Library Association, of which
Croneberger is a member, is also a plaintiff in the case.) He
testified that the library currently has 277,000 cardholders, one
third of them minors.

Croneberger said in the affidavit he filed with the court:

"It is the mission of the Carnegie Library of Pittsburgh to provide
the widest array of information to the widest possible audience--both
adults and minors. To that end, the library makes no distinctions
between patrons on the basis of age. The library does not offer
separate library cards for adults and children and the library does
not place restrictions on what minors can read, use or borrow in the
library."

He observed that the librarian is not competent to judge what children
are mature enough to read. "Age must not be a restriction imposed by
anyone except the parents of a child, who can judge the maturity of
that child." In court, responding to the government's
cross-examination, Croneberger elaborated: "If we as librarians are
put in a position of making decisions for other people's children, we
would fail miserably."

Croneberger testified that some libraries have created a separate type
of library card for juveniles, but that most have not. Within days
after his testimony in court, I spotted the following in The Brooklyn
Heights Paper, my community newspaper:

"After months of wrangling, the Brooklyn Public Library has finally
decided to give an inch in the debate over whether minors should be
allowed access to R-rated videos.

"The new policy, adopted by the BPL board earlier this month, will
allow parents to obtain restricted library cards for children younger
than 13 years of age. The card would prohibit children from borrowing
any adult material, be it movies, research material, or Shakespeare's
plays."

The contrast to the CDA is interesting. Nobody is burning any books,
or even removing them from the library shelves. Instead, the library
will continue to contain every conceivable kind of information,
including works on sex. Some libraries--like the Brooklyn Public
library--will simply not let children with the juvenile card take
these works out. Most libraries, as Croneberger testified, will let
children look at anything, once their parents have decided to allow
them to have a library card.

The CDA is a book-burning law. The prison terms and fines it provides
for are very specific, while its defenses--that an information
provider tried to use "reasonable and effective" means to prevent
children from accessing the material--are very vague. This means that
a provider feeling the chilling effect of the law is much safer
deleting information from the Internet (the equivalent of burning a
book) than relying on a vague defense.

Nevertheless, CDA proponents point to the "reasonable and effective"
measures defense as proof that the CDA, like the Brooklyn Public
Library's new rule, merely governs who can receive material, but does
not lead to its destruction. However, all prior indecency laws are
extremely specific about their "safe harbors". Television and radio
can safely broadcast indecent material after ten p.m. 900 line
providers need not fear prosecution so long as they take a credit card
from the caller. While the CDA calls for providers of commercial
information to take credit cards or set up passworded accounts,
nothing in the CDA spells out anything else a provider of free online
information can do to avoid getting in trouble.

Advocates of the CDA want to have it both ways. Even as they argue to
the Philadelphia court that the vague safe harbor makes the CDA a
"narrowly tailored" law, and therefore constitutional, they have been
loud and insistent that no form of regulation short of electronic
"book-burning" will protect minors. Senators James Exon, Dan Coats
and Charles Grassley--the CDA's three biggest Senate
advocates--repeatedly said during the Senate debate in June 1995 that
children could outwit any technical protection available. Neatly
summarizing these arguments is the following excerpt from a FAQ
distributed by Reverend Donald Wildmon's American Family Association:

"Q: Aren't there 'technical fixes' that are less intrusive than a
regulatory or criminal law approach?

"A: No. To date, only a few software programs have been released to
regulate children's access to pornography, such as SurfWatch and
NetNanny. Also, these programs can be bypassed by users
with a good knowledge of the Internet and some technical
sophistication. Even if better technical solutions become available,
this approach is inadequate in and of itself because: children can
walk down the street to another computer; parents' technical ability
often pales in comparison to their children's expertise; pornographers
aren't legally discouraged from peddling
their materials to children."

Rather than listening to what CDA proponents tell us, or tell the
court, we should listen to what they tell one another. Prosecutors
will later argue that virtually any form of control used by
information providers was not "reasonable" or "effective", thus
sending them to prison despite their extensive efforts to seek a safe
harbor.

The CDA was invented by people who believe that some books should
also be banned. The day the CDA passed, Senator Coats indiscreetly
commented that certain portions of Catcher in the Rye would (and
should) be illegal under the new law if posted online. The CDA's most
vocal proponents on the religious right have been involved in numerous
efforts to ban books from school libraries. If the Philadelphia court
fails to recognize that the Internet is a vast library, it will open
the door to radical censorship. It will also allow a preposterous
distinction to be drawn between text on paper and electronic text,
between Catcher in the Rye in your library and on the Internet.

But if the judges apply the right analogy and recognize that the
Internet is a library, they will ensure the survival of the fearless
freedom of speech into the 21st century.

Resources:

The ACLU, http://www.aclu.org

Center for Democracy and Technology,
http://www.cdt.org

Voters' Telecommunications Watch,
http://www.vtw.org

Wallace and Mangan report on ACLU v. Reno,
http://www.spectacle.org/cda/cdamn.html

Sex, Laws and Cyberspace,
http://www.spectacle.org/freespch/

-----------------------------
Jonathan Wallace
The Ethical Spectacle
http://www.spectacle.org
ACLU v. Reno plaintiff
http://www.spectacle.org/cda/cdamn.html
Co-author, Sex, Laws and Cyberspace
(Henry Holt, 1996)
http://www.spectacle.org/freespch/

Free speech absolutist--and proud to be

------------------------------

Date: Tue, 19 Mar 1996 17:25:17 -0600
From: [email protected](Computer underground Digest)
Subject: File 3--Boardwatch Magazine -- A review

When CuD first reviewed BOARDWATCH magazine back in 1991 (CuD 3.31),
we were impressed by the content. At that time, the content focused
primarily on BBSes, and the articles focused heavily on BBS
software, reviews of hardware and BBSes, and included lists of BBS
outlets in various area codes. Although there were occasional pieces
by a variety of guest writers, Jack Rickard did much of the writing,
and coverage on non-BBS news was rather limited.

I dug out an old copy of BOARDWATCH from November, 1991 and thumbed
through it. The cover, a black-and-white picture of Jim Harrer of
Mustang Software and John Friel of Qmodem, captured what BOARDWATCH
was about: BBSes, BBS personalities, and BBS news. And, of course,
lots of ads. The layout was an improvement over earlier years, but
it had a long way to go before appealing to a broader audience.

A year later, we reviewed it again and noted the gradual expansion
of topics to include Internet issues and the addition of a few
specialists, including "Legally Online" by Lance Rose. It was movin'
on up, and Rickard was obviously committed to producing a
broad-based magazine that covered an increasingly broad, yet
detailed, news outlet for cyberspace issues.

Rickard has succeeded. In my view, Boardwatch has become an
exceptional source for Internet news.

The layout has gone from simple monotone covers to the more recent
full-color graphics, including covers that are slick and
eye-catching. Rickard has added over a dozen regular writers and
columnists, inlcuding John Dvorak, "Dr. Bob" Rankin, and Ric
Manning. Interviews, reviews, social and political critique, news
summaries, hardward and software discussions, and other features and
tidbits cover the full range of issues relevant to online interests.

The May, 1996, issue includes a cover story on Microsoft and the
Interent, 15 columns by the BOARDWATCH stable of regular
contributors, and items about Cuba on the Internet, digital
economics, and a wealth of factoids (California ranks first in the
number of .com, .net, .edu, and .org Internet domains, North Dakato
near last) that will make you rich if you ever take "the Internet
for $150, please." It remains a steal at $36 a year for 12 issues.

Why is it worth subbing to?
Here's a blurb from the BOARDWATCH homepage
(http://www.boardwatch.com) --
Check out the homepage and consider a sub -- they'd make a great
gift. (No, we're not payed to hype BOARDWATCH -- it really
is *that* good).

==========================================================

Boardwatch Magazine is a printed monthly magazine available
at over 12,000 newsstand locations around the country at a
cover price of $4.95. Each issue features over 144 pages of
the leading online editorial covering the Internet, Online
Services, and the communications industry. Boardwatch is
read by the movers and shakers in the Internet community,
including over 3200 Internet Service Providers (well there
are that many and they read Boardwatch) , thousands of
software developers and consultants - essentially anyone
involved in developing and providing online services. A with
the latest online networking news and information.

Subscriptions are just $36 per year - a savings of $24 over
the newsstand price. Additional savings with a two year
subscription at just $59 - $61 off the newstand price for
over 50% savings.

TOP TEN REASONS TO SUBSCRIBE:

1. JACK'S EDITORIALS.

Some claim he's lost in cyberspace. Certifiable. Totally
wrong on a monthly basis. Those who have been taking their
licks online over the years and surviving tend to read
closely. Like coffee, wine, and fine cigars, it's an
acquired taste.

2. JOHN C. DVORAK.

The final word in the final pages of Boardwatch.
Identified communications as the "Fourth Killer
Application" in 1983. Also picked Boardwatch as the one to
read on the topic in 1989. Joined the writing staff in
1994.

3. WINDOWS95 NETWORKING COVERAGE.

Boardwatch identified WindowsNT as the low-cost server for
Internet Applications in March, 1995. Fall of 1995 brought
Windows95 with a host of communication features and the
Boardwatch staff fell in love with it. Future issues show
you how to make the connection and take advantage of the
incredibly powerful communication features of Windows95 -
via the TCP/IP Internet.

4. LEGAL AND POLITICAL COVERAGE.

Lance Rose, Jim Warren, and others cover the legal aspects
of operating an online service in today's world,
developments you may have a CRITICAL need to know in the
future. And they show the process where laws are created
and modified - so you can influence them BEFORE they
become your most recent business nightmare.

5. TECHNICAL COVERAGE.

Reviews of Web Server software, BBS software, hardware
devices, HTML page design tricks - unabashedly technical
and decidedly NOT for the novice or the faint at heart.
Boardwatch delivers the latest technological edge to
Internet Service Providers, online content developers, and
the power players in the online community.

6. ADVERTISING

. Yep. You wouldn't think it, but most of our readership
finds as much education in the ads as in the editorial. We
intentionally nurture the small, startup developers in
hardware and software. The ones that can't afford the
larger magazines, but often have the most interesting
products for communications and online services. Knowing
what they are up to is part of staying sharp on what's
happening in the community.

7. LETTERS TO THE EDITOR.

Not a strong feature in most magazines. For some reason,
it's become the most closely read section in Boardwatch.
Find out what other professionals in the online community
have on their minds. And watch Jack gently respond with
kindness and understanding of their plight.

8. LISTS AND LISTS OF LISTS.

Boardwatch started life as a list of bulletin boards in
1987. They've never gotten over compiling lists of
things.

9. IT'S CHEAP.

On the newsstand at $4.95 and cheap at twice the price.
Subscribe for two years at $59 and get it delivered at
your home or office early at $2.46 per copy. Let's see, as
a computer professional, I can tell that this is a savings
of....$2.49 per copy. Or in UNIX terms THREE FREE PIZZAS A
YEAR!

10. YOU STILL CAN'T TAKE OUR WEB SITE TO THE BATHROOM WITH
YOU!

Current Subscription Rates are:
* for U.S., Canada, and Mexico:
1 year (12 issues): $36.00
2 years (24 issues): $59.00

* Overseas: (sent Air-Mail)
1 year (12 issues): $99.00

Or contact us voice at 800-933-6038

------------------------------

Date: Tue, 19 Mar 1996 00:33:47 -0600
From: [email protected](Computer underground Digest)
Subject: File 4--"Zen And Blarney" (Boardwatch Reprint on Kevin Kehoe)

((MODERATOR'S NOTE: Way back in CuD's first year, circa 1990,
Brendan Kehoe contacted us and offered to put CuDs up on his system
at Widener for ftp access. At the time, this took some courage,
because although CuD was as legal and law-abiding as it is today, it
was perceived by some to be a "hackers'" 'Zine that advocated
illegal activity, and some even wondered why CuD editors (and
posters) weren't "busted" along with the rest of the "Internet
scum." Although the perception was absurdly erroneous, it refelected
the mood of the times, and it this made some sysads concerned with
their liability for making issues available. Brendan, however,
realized that providing an ftp site would make CuDs more widely
available would be a useful resource, so he set up our first ftp
site. Since then, Brendan moved on and up, CuD's ftp site moved over
to ftp.eff.org, and life goes on. Brendan (along with Stanton
McClandish) still archives CuD. Brendan also survived a near-fatal
automobile accident a few years ago.

Bob Rankin profiled Brendan in a recent issue of Boardwatch (which
is another reason we think that, like Brendan, Boardwatch is
comprised of the "good guys").

From: Boardwatch, March, 1996:
COPYRIGHT 1996 by Jack Rickard. Not to be reprinted without
permission

by Bob Rankin

Zen and Blarney

Brendan Kehoe is one of the good guys. As author of the classic Zen
and the Art of the Internet guide, developer of the Archie
file-locator client software, archivist for the Computer Underground
Digest and general doer of good online deeds, Kehoe personifies the
phrase "net citizen."

Kehoe is a soft-spoken young man with a fiery Irish spirit who seems
most content when he is doing something for others. While in college
he wrote the Zen guide to help fellow students understand what he had
learned about the Internet, and this free guide became an instant
sensation. When he's not off doing volunteer work in the community or
answering a seemingly endless stream of e-mail from fellow Internauts,
Brendan works for Cygnus Support in Mountain View, CA as manager of
the C++ Development group.

Born in Dublin, Ireland some 25 years ago, Kehoe came to America when
he was 4 years old and developed the computer habit not long
afterward. But the road that led him from Commodore to SparcStation
was not without a few bumps. In December of 1993, Kehoe sustained
severe head injuries in an automobile accident and was not expected to
recover. Miraculously, he survived the crash and emerged with a new
outlook on life and what really matters.

Recently I talked with Brendan about Zen, the accident, and his life
both on and offline. Here's what he had to say...

Doc: What was it that attracted you to the Internet?

Brendan: Just being able to find things out really quickly. In high
school I was blowing away my physics teacher by bringing in a copy of
a technical report only a day after some scientist had announced a
major discovery. It was really neat that you could find that much
stuff that quickly. Now the problem we're running into is how to
organize that massive amount of information.

Doc: You had a brush with death about two years ago. Can you tell me
what happened that day?

Brendan: I was in rural Pennsylvania, coming home from a friend's
house on New Year's Eve of 1993. Whatever we were talking about, it so
captivated us that I went right through a stop sign and was hit by a
Jeep Cherokee in the driver's side of the car. We went into a spin and
ended up being jammed about a foot into some guy's house.

Fortunately, a lady who was following us saw the whole thing and was
able to call 911 on her cellular phone. I was flown by helicopter to
the hospital at the University of Pennsylvania, where I had three
sessions of brain surgery. I was in a coma for three days and after I
came out of that I was in something called an aphasia for about three
weeks. I had an attention span of about 2 seconds - I was swearing,
talking in numbers - actually consistent numbers, my friend said. Then
one morning I just magically woke up, rang for the nurse and asked for
a newspaper to find out what day it was and why I was there.

Doc: I understand you're considering a move from software engineering
to teaching elementary school.

Brendan: One of the interesting results of the whole accident thing
was that it really pointed out the fragility of life to me, and that
you should do things that you're going to be gratified for having done
years later. Being a software engineer is fine and I can do all this
cool stuff, but I don't get much out of it. And I know that 2 or 3
years down the line everything I do will be completely changed.

So as all this fragility of life stuff was hitting me I started really
enjoying working with kids, reading things with them and things like
that. I started going into classrooms to watch teachers work, and
figure out what kind of stuff I'd be able to do and how it would feel.
I was also volunteering at a support network for battered women - I'd
keep the kids busy while the moms were in with a counselor. It was
really interesting - escaping from a C++ meeting, spending an hour so
playing with the kids and then returning to work. The difference
between the two was amazing, and I started thinking "I suppose I could
do this."

Doc: So you're changing your occupation to a vocation...

Brendan: Exactly. Everybody's telling me "Why you gonna do that -
there's no way you can get anywhere near the money you're making now."
But it's a trade-off depending on what you really want out of life. If
I can figure out a way to live off a teacher's salary and continue
writing Internet books it could work. It better!

Doc: About your book... the title is an obvious play on Zen and the
Art of Motorcycle Maintenance; is there any special significance to
the "Zen" thing for you?

Brendan: I had actually just finished reading Motorcycle Maintenance
when I was finishing the first draft of my book, and I realized that a
lot of the stuff that Robert Persig did in his book was to encourage
people to learn the basics and then go off and learn more by
themselves. This was the approach I was taking with Zen, to give
everybody the raw tools they need without deluging them in hundreds
and hundreds of pages of random stuff - instead relying on them to
take what I've given them and learn it in their own way.

Doc: You were a student when you started the book, right?

Brendan: Yup, at a place called Widener University in Pennsylvania.
While I was a student there I took on the job of becoming their UNIX
system administrator. Widener had just gotten hooked up to the Net and
nobody could figure out what in the world to do with it, so I started
trying to figure it out for myself.

I wasn't actually reading anything from anyone - just going exploring
and trying all these different commands. When people saw that I was
figuring it out I got hit with so many questions I was going nuts. So
I thought why not just write it down, and that's where the idea of the
online first edition [of "Zen"] came from.

I took about four months of writing down all the questions I was
being asked and putting it in a form that was usable. And after
making it available to students at Widener I realized that people
everywhere must have the same questions. So I figured "what the hell"
and put it out on the Net.

About two and a half weeks later I got a call from David Farber at
University of Pennsylvania saying "How would you feel about making
this a published book?" That was February of 1992, and I had the
galley copy done by mid-April.

The 4th Edition [ISBN 0-13-452914-6, Prentice Hall PTR, $23.95,
(800)382-3419] now has a chapter on the Web, a section on how to write
your own home page, and an appendix on how to safely introduce your
kids to the Net.

Doc: How many copies of the "Zen" book have sold so far?

Brendan: I actually don't know. In January of 1994, it was something
like 75,000 copies and another 20,000 or so of the 4th edition were
sold last year.

Doc: When you published "Zen" it attracted a lot of attention. What
kind of opportunities did that present, and how did it change your
life?

Brendan: It's been really surreal - it still blows me away when I go
into a bookstore and see my name on the spine of a book. It still
hasn't quite settled in. What's really nice is that having the book
out makes it so that people feel like "Oh, maybe he can answer my
question" and I get all these random questions in my e-mail asking how
to do this, that or the other thing. And I don't have any problem
answering them because I figure they don't know me, I don't know them,
but somehow we're able to help each other.

Doc: I got a kick out of the opening paragraph on your
http://www.zen.org site:

"The Zen Internet Group is a very small, covert group of highly
technical people struggling to overcome the drudgery of day-to-day
life and burrow down into the world like a spoon into a banana split,
splitting apart the atoms of closed-mindedness and tie-dyeing the very
fabric of the universe, venting our frustrations at working on
computers all day at work by coming home and working on a computer."

Doc: Is the Zen Group for real, or is it just a whimsical thing?

Brendan: I liked the idea of getting the zen.org domain so I thought
I'd make up the Zen Internet Group in the hopes that maybe someday it
will actually exist. We do get deluged with people asking us about the
Zen religion, though.

Doc: You've got a nice collection of "kids stuff" on your web site.
Tell me how that came about.

Brendan: Originally it was just interesting things that I'd found, and
I realized that they were all over but they weren't in any one place.
Even Yahoo hadn't been set up completely at that point. I realized
that people might not be seeing good uses of the Net if it's all
spread out like that, so I just put them all together and wound up
with a mention in Yahoo and several other places.

Now I'm getting lots of people sending me mail with suggestions for
additions, and there are about 2000 hits per week. It would probably
be better if I had a faster modem on my machine!

Doc: Given your interest in kids and their welfare, what's your take
on protecting them from inappropriate or indecent materials on the
Net?

Brendan: Well there are a few solutions now that make it really easy
for people to do it. There's SurfWatch and NetNanny which cause a web
browser to deny certain pages, but I always try to explain to people
that they should consider the Internet like a playground. They
wouldn't encourage their kids to just run off and play all by
themselves - and at the same time they shouldn't let them go on and
use the Internet completely unattended. Even if it is right there in
the living room, they don't know what's going to be on the screen.

There are a lot of parents that don't feel as comfortable with
computers as their kids do, but that's an opportunity to let the kids
show off how great they are and how well they can do all this stuff.
The best approach is for parents to actually do it along with their
kids, and to explain that the same rules apply for both strangers on
the street and strangers on the Net.

I'm actually working on a kids book now, as part of a series of Zen
books, which should come out around the end of this summer. It's
called Zen and the Art of the Internet - Parents & Educators Guide. It
expands on how to introduce kids to the Net and gives teachers ideas
for integrating the Internet in their classrooms.

Doc: Do you see any room for a legislative solution to the problem?

Brendan: Not really. There could be some approaches but the problem
with most of the ones that are out now, such as the Exon bill that's
causing all the controversy, is the Internet is a global medium. So
any legislation we pass here in the U.S. wouldn't mean anything
because a person could set up a site in Sweden or Finland or wherever
and jump over the law by operating outside the country.

Doc: A lot of people see you as a kind of Internet hero. Who do you
see as the people who have done the most good for the Net?

Brendan: There's a group up in Canada called Bunyip that did Archie.
Alan Emtage was one of the key guys there. The way that they set up
Archie, along with the way folks at University of Nevada-Reno did
Gopher,together helped to really spawn the growth of the Net and all
the stuff that's happening today.

There's also David Farber at U. Penn who seems to be at the forefront
of everything; and both Mitch Kapor and John Perry Barlow at EFF who I
admire for their speeches on privacy and the Internet.

Doc: How do you use the Internet on a personal basis?

Brendan: I use e-mail, probably more than I should. I use it to be
able to work from home easily. The other day my girlfriend came down
with strep throat and was wondering what to do about it. I was able to
do a Lycos search and find a list of ten key ways to deal with it
without getting a throat culture.

I also like finding information on certain musicians and writers.
There's a newsgroup for Anne Rice, so I'll look there to see if she'll
be making any appearances in the Bay area.

Doc: How do you see the Internet changing society or the way we live
by the turn of the century?

Brendan: I'm convinced that before the year 2000 we'll come up with a
way for more people to afford it - it's still too elitist. You still
need a really nice computer to be able to do it. There's a project
going on out here in Sunnyvale now where you can get an Internet
connection using just your existing cable and television [no computer
required] for $30 a month. It's an interesting sign that they're
trying to come up with ways to make it less expensive.

One thing I'm positive that's gonna happen within the next year is
that we'll solve the whole digital cash and electronic money thing.
Right now there are three or four different approaches to doing secure
transfers over the Net. Some of the projects underway now include
really big names like Sun Microsystems and Microsoft so even by the
end of this year there should be some internationally agreed upon
standard for doing secure money transfers, banking, and buying - it's
just going to go right up through the roof.

Doc: Any parting comments, oh great Zen Master of the Internet? :-)

Brendan: When people ask me, "Is the World Wide Web it for the Net?" I
have to tell them no, because it's just like if they'd asked me two
years ago if Archie and Gopher were it. It's only limited by the human
imagination and there's no way that our imaginations are going to
stall on something like the Web. And now we've got Java coming up.
There's always something new coming.

Some people have asked me if there will be a 5th or 6th edition of my
book and I tell them in all likelihood there will because this thing
[the Net] changes so quickly. Even now, "Zen" is out of date on some
things because it doesn't do heavy coverage of Java.

There's no way anybody can be exactly up to date unless they sit in
front of their computer with ten other people typing simultaneously.
I've been saying if people wanna use the Net, go in and use it now -
don't wait for it to get better. It's going to consistently get better
and you're never going to find a stalling point.

The Internet itself is going to have to change soon, because we're
running out of addresses. There is a proposed 128-bit addressing
scheme and people on the East coast are experimenting with a gigabit
connection now. So yeah, it's gonna really transform, but there will
be a lot of constants. E-mail will still be e-mail, probably very
similar to the format it is now. We'll see a growing up and a firming
up. Even if you look three years ago at the way things stood then
compared to now it's amazing.

It's funny when you hear Vint Cerf (one of the chief architects of the
TCP/IP protocol) talk now - he can't believe the way some of the
things have grown. And I'd love to know what Marc Andreessen really
thinks about what Mosaic turned into, other than the fact that he's a
billionaire now.

Connecting With The Zen Man

[email protected] http://www.zen.org/~brendan

=======================================================================

Editor: Jack Rickard - Volume X: Issue 3 - ISSN:1054-2760 - March 1996
Copyright 1996 Jack Rickard - ALL RIGHTS RESERVED

------------------------------

Date: Thu, 21 Mar 1996 22:51:01 CST
From: CuD Moderators <[email protected]>
Subject: File 5--Cu Digest Header Info (unchanged since 7 Apr, 1996)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

SUBSCRIBE CU-DIGEST
Send the message to: [email protected]

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to [email protected]
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (860)-585-9638.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown)
Brussels: STRATOMIC BBS +32-2-5383119 2:291/[email protected]
In ITALY: ZERO! BBS: +39-11-6507540
In LUXEMBOURG: ComNet BBS: +352-466893

UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

------------------------------

End of Computer Underground Digest #8.37
************************************