Computer underground Digest Sun June 1, 1997 Volume 9 : Issue 42 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Field Agent Extraordinaire: David Smith Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #9.42 (Sun, June 1, 1997) File 1--Color CuD Spam! File 2--Germany "cybercops" battle offensive speech, violent games File 3--article on WEB TV and the stupidification of computers File 4--Survey says "Censor!" File 5--(CwD-Meeks) -Jacking in from "Media Elite Eat To the Beat" Port File 6--Review of: SENDMAIL (Second Edition) File 7--Cu Digest Header Info (unchanged since 7 May, 1997) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Tue, 03 Jun 97 14:23 CDT From: Cu Digest Subject: File 1--Color CuD Spam! CuD readers on the mailing list had the good fortune to receive up to a dozen copies of last week's CuDs at no extra cost. We're told that some readers were able to sell the extra copies on the street for large sums, some readers even retiring because of their good fortune. For those not on the mailing list (most people receive CuD from comp.society.cu-digest and a few other large distribution points), the problem began with a double mail loop on an east-coast system, the result of an attempted "work-around" that went awry. This sent bounces from that system looping back to the mailing list. Because CuD has no control over the mailing list and no way of editing or modifying it, we were helpless. We do, however, receive all bounces to the list. In this case, we received thousands. CuDs are not sent out on a Unix system, so writing a small filtering script was not possible. So, the weekend was divided between deleting thousands of bounces and trying to respond to CuD readers. And, not surprisingly, the CuD readership was its usual classy self. With the exception of 4-6 impertinent comments, posters were astonishingly sympathetic and helpful. I talked to the fellow who accidentally began the loop, and he was also quite impressed with the civility of CuD readers, even the upset ones. He apologized profusely, and it was just one of those errors that slip by us all on occasion. This was one of the few (perhaps only) times when the mailing list software at weber.ucsd.edu did not filter out "noise." Thanks to the hundreds of CuD readers who expressed sympathy. Given the flurry of deleting, the many, many humorous stories and jokes were deleted, and I wished I'd saved them for a special issue. And, of course, thanks to Bruce Jones who runs weber.ucsd.edu where the mailing list lives, who spent more time than is natural trying to settle things down on his end. He's done a wonderful job with the automated mailing list. So, we resume our regularly scheduled publication.....albeit a day or two late. jt ------------------------------ Date: Wed, 28 May 1997 17:18:16 -0400 From: Declan McCullagh Subject: File 2--Germany "cybercops" battle offensive speech, violent games Source - fight-censorship@vorlon.mit.edu **************** Date--Wed, 28 May 1997 10:25:39 -0700 From--Gurney Halleck I guess now any jerkwater police department can become an International Cyberspace Policing Unit. While they can do what ever they want in their country (I still don't like it), I don't see how they get off "policing" the world Internet. Do they plan to extradite "criminals" to Germany to face charges there? Seems that this police department is over stepping its jurisdiction (unless German police is nationalized and has authority to prosecute national/international crime a la US FBI, DOJ...) I believe that "Nazi" material is criminal in Germany but the tossing off of "right- and left-wing extremism" has ominous undertones. Once again this makes me ask, what is the real value to the citizens? (of Munich in this case) Here we have two full time cops surfing for kiddy porn and hanging out in sleazy chat rooms. Even if they find something they probably can't prosecute (definitely not, if it is out of country). They haven't even had *one* conviction locally. Are the streets of Munich so safe that they don't need cops on the beat? Is there so little crime that they've got spare resources, cops with nothing to do? How do the people of Munich feel about funding an International Cyberporn Squad in lieu of personal safety? ---- Tuesday May 27 7:13 PM EDT FEATURE: Germany's Cybercops Search For Internet Crime By Andrew Gray MUNICH, Germany (Reuter) - Two young men in jeans and sweatshirts surf the Internet, looking for anything they can find in the way of child pornography. They are not perverts or criminals. They are officers from a German police department dedicated to fighting Internet crime. Dozens of confiscated monitors, hard disks and printers are piled up in a storeroom next door to the Munich office where the unit, under the command of Commissioner Karlheinz Moewes, patrols the worldwide computer network. The equipment was seized in raids prompted by research on the Internet from Moewes and his five-member team. It provides the officers with their other main task -- trawling through the bits and bytes for illegal material to secure convictions. "We had 110 cases of suspected child pornography in 1996," said Moewes, a burly, bearded Bavarian whose unit is on the lookout for Internet crime of all sorts. "We find evidence of fraud, banned gambling, right- and left-wing extremism, pornography -- sadly, child pornography and even child pornography with animals," he said. Bavaria, traditionally Germany's most conservative regional state but also a center for hi-tech industry, has been at the forefront of efforts to clean up the Internet. Munich prosecutors last month indicted the head of the German unit of U.S. online service CompuServe, accusing him of allowing users access to pornography, neo-Nazi material and games which glorify violence. GLOBAL NETWORK POSES LEGAL PROBLEMS The Bavarian police set up a working group on hi-tech crime under Moewes in 1995, and the group was upgraded to a department in its own right at the beginning of this year. While other German police forces have officers who search the Net for crime when time allows, the Munich unit is the only one which is devoted full-time to the task. But the global nature of the Internet often makes it difficult for Munich's cyberpolice to act on what they find. Differing national laws on what constitutes pornography, on when a young person is no longer classed as a child, and on who is legally responsible for what is on the Internet all mean that securing convictions is no easy task for Moewes and his team. "When it comes to hardcore pornography, the difficulty for us is that much of what's illegal here in Germany is legal and normal in Scandinavia," Moewes said. Although they pass on their research to the relevant authorities if the trail leads them abroad, the Munich police have had no word back on any resulting convictions. "We've had reports from America where searches have taken place, but we have no information on any concrete results," said Else Diesing, head of the police department which carries out raids on suspects pinpointed by Moewes and his team. Even in Germany, the law moves slowly. No convictions have yet been secured from last year's child pornography cases, although Moewes is hopeful he will soon have a few to show for his efforts. UNDERCOVER ON THE INTERNET The unit's job also is influenced by the normal constraints on how undercover police officers are allowed to operate. The cyberpolice can hang around electronic "chat rooms" where computer users trade information and swap material, for example, but they cannot incite anyone to commit a crime. They must hope the users offer illegal material of their own accord. "To take one example, we got to know someone via the Internet who offered us child pornography," Moewes recalled. The unit agreed on a rendezvous to pick up the material, then called in the undercover officers from Diesing's department. "Our colleagues went to the meeting point, where floppy disks with child pornography were handed over. They briefly viewed the disks, then searched the suspect's apartment and seized his computer," Moewes said. In addition to "virtual stake-outs" of chat rooms, the team also uses keyword searches of the Internet to try to track down web sites containing illegal material. During one such search, the team came across a web page which hit two of their main areas of investigation at once -- a site plastered with swastikas and pornographic pictures. END TO INTERNET ANONYMITY? Moewes has little time for the argument that his officers should not be snooping around cyberspace and that their investigations into the likes of child pornography infringe the basic right to freedom of expression. "In each one of our cases, a child has been abused," he said. "No one talks about the rights of the children." Moewes would also like to see an end to the anonymity which rules in large parts of the Internet, allowing people to post items on electronic bulletin boards or web sites and trade information without revealing their identity. He declined to talk about the CompuServe case in particular, but disputes the claims by online services that they only provide a gateway to cyberspace and cannot influence what people do once they have passed through it. He maintains the companies are already choosing not to allow customers access to certain areas of Usenet -- the part of the Internet where forums and newsgroups are found. "They're already exerting influence, whether they say so or not," he said. Reuters/Variety ------------------------------ Date: 27 May 97 23:17:53 EDT From: Tom Truex <72100.407@CompuServe.COM> Subject: File 3--article on WEB TV and the stupidification of computers SOURCE: oNline Christian eMagazine... 1. REQUEST TO BE PUT ON THE MAILING LIST by sending eMail to sleddog@k-line.org. . 3. World Wide Web: http://www.k-line.org/~sleddog 4. FidoNet (1:369/158), FREQ, using the magic word, "EMAG." =============================================================== EDITORIAL: WEB TV and the stupidification of computers =============================================================== [DISCLAIMER: In our home, the word, "stupid", is considered a bad word. So I use that term very reluctantly in this editorial. I also don't mean to come off sounding like an elitist or know-it-all. Ask anyone who knows me--I'm no rocket scientist myself. :-) So please do not take anything that I say here personally--whether you are stupid, or know someone who is stupid, or you are just looking out for other people who may be considered stupid. END DISCLAIMER] Have you seen the news about the coming of WEB-TV? Supposedly computers have gotten too complicated for the average consumer, so Bill Gates and friends have come up with the great idea of merging the Internet with Television. Hmmm... I have a nagging feeling from deep inside my gut that there is something desperately wrong with this picture. First of all, what about the premise that computers have gotten too complicated for the average consumer? I'll have to admit that my first hand acquaintance with computers only goes back to about 1982. Roughly about the same time that the IBM PC stormed on the market.{2} The original IBM PC and its clones were pretty crude by today's standards. But they also assumed, to some extent, that the people who used them would develop some minimal level of familiarity with the workings of the contraption. As I recall, they gave you a couple of loose-leaf manuals crammed with helpful pointers on the inner workings of the computer and its software. Those machines even booted up with a simplified version of BASIC when you flipped up the ON switch. And from the beginning of the PC, up until the introduction of Windows 95, you always got a version of the BASIC programming language packaged with the operating system. Even through the choir of complaints about Windows 95 when it first came out, I never heard anyone else mention the absence of BASIC. If you bought a computer recently, did YOU notice that BASIC was missing? OK, so what's the point? The point is that the folks who make and market computers used to expect that computer users would want to do some rudimentary programing. It was pretty much required just to install a program. Now, the folks selling computers don't expect users to want to do any programming. AND they are correct. I know that they are correct, because nobody complained when they stopped packaging a programming language with the base computer system. I suspect that a good percentage of computer users today do not do ANY installation of hardware or software. If they do install any hardware nowadays, its mainly done with the "plug and play." And if they do install any software, its mainly done by the "installation wizard." When the installation works, it's a pretty simple affair.{3} The programs of today are generally much easier to use. Point and click on a pretty picture and you are in business. In most cases, you can sit down and use a mass appeal consumer program with little or no training. Which, by the way, can be good. It means that we get more out of our computers without spending a lot of time on the learning curve. Meanwhile, the hardware required to run software keeps getting more sophisticated. The hardware has to be better to keep up with glitzier, and smarter programs. For a while, it was fashionable to call "smarter" programs "user friendly". Perhaps "user friendly" is a gentler term than "user stupid", but for sake of clarity, let me say that they mean the same thing. New computers must be smarter (i.e. friendlier) because they assume a stupider end user. I'm hard pressed to argue against the marketing strategy behind this trend. Namely, that to sell the most copies of a product, one must aim the product to attract the greatest number of potential customers. Or to simplify my point{4}, computers have to be marketed so that sufficiently stupid people can use them. Although only smart people can use unfriendly computers, both smart people AND stupid people can use friendly computers. The simpler the computer interface, the stupider the potential customer can be. All of which brings us to the World Wide Web. More commonly known as "W-W-W dot-something-dot-COM."{5} I've been reading recently that the internet is NOT the same thing as the World Wide Web. Which indeed it is not. But the World Wide Web does seem to get noticed the most. Everybody and everything has a web page, including this eMagazine. So, depending on where you gather your reading material, it's not uncommon to hear a great deal of wailing and gnashing of teeth about how the WWW has both ruined the internet and devastated some other formerly important means of computer communication. Pretty pictures and neat tricks have a premium over content. Indeed, the POINT of the WWW is sometimes not the content at all. The point is sometimes the medium that delivers the pseudo content. The result is, IMHO, a much more "stupid" product. As Forrest Gump demonstrated, stupid is not all bad. Stupid is just not... well.. "smart", like you used to have to be in order to use a computer. Meanwhile most computer users have stampeded away from computer Bulletin Board Systems (BBS) and things like FidoNet, which traditionally placed a premium on content, even if the medium was pretty crude. And now we have the specter of Web-TV. Here I admit to speaking from the wonderful vantage point of ignorance. Which is always easier and often more fun than learning the facts. That is, I know very little about web-tv. What I do know, I gleaned from bits and pieces thrown out by the mainstream media.{6} But for those who lament the stupidification of computing in general, I submit that we ain't seen nothin' yet. Just take a minute and compile a short list of consumer appliances that have contributed to a decline in the national intelligence level. Surely the the television will be on everyone's top 10 list. In fact, the TV is a virtual icon for stupidity. And TV is the model that we are using for the future of computing. Computers have a great potential to educate and inform. To communicate ideas. To persuade. To convert. To stir the human spirit. I suppose that television also had the same potential at one time. A long time ago, that is. FOOTNOTES ------------------------ {2}Before that I had a computer science class in college in which we used a mainframe computer. You fed it with cards that had holes punched in them. A very primitive arrangement. One card for one instruction. I'd like to have exclusive rights on selling those cards if that's how you still had to load Windows 95 . The programing language for that thing was ALGOL. But I digress. Which is why this remark is buried in a footnote. {3}When it DOESN'T work, you're really in trouble though. Don't count on having very much at all in the way of a manual or tips for troubleshooting. {4}To suit the tastes of today's users of computers . Just kidding--if you are reading this eMag, I know that you are a step above the average computer user. {5}Or more recently, "-dot NET" or "-dot ORG" {6}Not always the most reliable means to gather one's information, especially relating to computers. ------------------------------ Date: Thu, 15 May 1997 14:16:47 -0700 (PDT) From: "Brock N. Meeks" Subject: File 4--Survey says "Censor!" RADNOR, Pa., May 13 /PRNewswire/ -- Despite the fact that 29 percent, or nearly one-third, of all Americans access the Internet, 4 of 5 say they are concerned about what can be found, and who might find it, while cruising the Information Superhighway. In a recent nationwide telephone survey of a random sample of Americans ages 18 and older conducted by Chilton Research Services, 80 percent of respondents answered "Yes" when asked, "Do you think that the government should take steps to control access to pornographic or sexually explicit material on the Internet to protect children and teens under 18 years of age?" A significantly higher percentage of women than men favored government intervention. More than 88 percent of women invite censorship or some other action, while 71 percent of men feel such steps are warranted. Respondents were similarly divided by economic and education levels. In all demographic categories a resounding majority wants to limit youngsters' access to sexually explicit material on the Internet, but some groups feel more strongly than others. For instance, among households with incomes below $35,000 annually, 85 percent want Uncle Sam to step in. Among respondents with household incomes above $50,000 the percentage drops to 71 percent. Similarly, 9 in 10 respondents with a high school diploma or less said the government should control access, while 7 in 10 who had at least attended college want such action taken. In addition to worrying what their children might see on the Internet, Americans worry about what others might be able to learn about their private lives. Better than 5 of every 6 respondents (84 percent) said they are concerned about unauthorized or illegal access to personal and financial information through the Internet. A solid majority (65 percent) of all respondents said they were "very concerned," while another 19 percent admitted to being "somewhat concerned." Fewer than 10 percent of respondents were "not at all concerned." Those with less than a high school education and those over 65 years of age expressed less concern, possibly because these groups are not as likely as others to use the Internet. The Chilton EXPRESS telephone omnibus survey was conducted among a sample of 1,000 American men and women ages 18 and older, between April 16 and April 20, 1997. The margin of error is +/- 3 percent. Chilton Research Services, an ABC-owned company, was established in 1957. The company offers full research and consulting services to consumer products companies, business and industry, telecommunications and media, non-profit organizations and government agencies. SOURCE Chilton Research Services CO: Chilton Research Services ST: Pennsylvania IN: PUB CPR MLM SU: 05/13/97 13:57 EDT http://www.prnewswire.com This list is public. To join fight-censorship-announce, send "subscribe fight-censorship-announce" to majordomo@vorlon.mit.edu. More information is at http://www.eff.org/~declan/fc/ ------------------------------ Date: Thu, 15 May 1997 14:16:47 -0700 (PDT) From: "Brock N. Meeks" Subject: File 5--(CwD-Meeks) -Jacking in from "Media Elite Eat To the Beat" Port CyberWire Dispatch // Copyright (c) 1997 // May 23, 1997 Jacking in from the "Media Elite Eat To the Beat" Port: Washington--Howard Fineman, Newsweek's chief political correspondent goes to Washington (state) and comes away... well, with a few tired and shop worn anecdotes in an article published in last Sunday's Washington Post Outlook section. The piece, "Gates Crasher: I Infiltrated (the other) Washington" (catchy, no?? I doubt it was Fineman's original...) starts with a stale tale about how he is able to woo his way into the smooze-fest that Microsoft Mogul Bill Gates held in Seattle a couple of weeks ago in which he invited a select group of some 100 CEO's voted "the most likely to spend another billion or so on my software" to come and try not to be sleepless in Seattle. Now, I don't want to get off on a tangent here, but I've been to Seattle and fercrissake... it's no wonder they drink so much fucking caffeine out there: the place is proverbial "sleepy little town" with a gland problem. Back to Fineman and Seattle. Why a good journalist like Fineman would want to be anywhere near this billionaire's dog and pony show is beyond me. Maybe the "news hook" for Fineman was that Vice President Al Gore was going to be making a cameo appearance and since Fineman covers politics, well, hell, it was a stretch but the plane fare would probably pass muster with the Newsweek bean counters. And if nothing else, it gave Fineman a chance to chat up that most famous East Coast media elite refugee, Michael Kinsley, who now runs _Slate_ magazine. Small aside: Fineman and Kinsley did hang together. In fact, Kinsley treated Fineman to a real Seattle pilgrimage: A tour of the first "Starbucks" coffee shop. However, Fineman damn near caused a riot when he eschewed the half-cafi, double decaf, whole milk, medium foam Cappuccino that Kinsley ordered and asked for "Sanka." Now any hack journalist could have told Fineman the Gates-fest would be nothing more than a corporate blow job in which "vision" was a thinly veiled Microsoft infomerical where "smooze and snooze" were the complete faire of the day. I mean, if you've heard one Gates speech you have, literally, heard them all. And if you've heard one Gore speech on technology, well, you've heard nothing at all and only learned that his speech writer is competent enough to string buzzwords together in the right order. You see, the great untold truth of Washington (the right-coast Washington) is that Gore is a techno-midget, except for the policy end of things and even then, he can give you only about 17.3 seconds of really hard core discussion before he lapses into rhetoric... ah, but I digress... So, Fineman tells us in his article that "what I saw on my tour is simply put: Their Washington is as crucial to the future of government as ours, and each place has to learn the folkways of the other." This is the "kindler, gentler" approach to "the Internet will ruin Democracy" blather pushed onto the scene by Cokie and Steve Roberts a month or so ago. "The info-tech buccaneers are accumulating vast power, and not just in pure cash terms," Fineman writes. "Their business could put the capital out of its misery by facilitating the rise of a wired 'direct democracy' that makes the political class redundant," he writes. Oh, please... here were go again. An inside the beltway political journalist discovers the potential of the Net and starts predicting the downfall of democracy and Washington and... well, it'll be on Newsweek's cover in a just a few issues, I'm sure... "I say, 'Godspeed' to a force that can rattle the ossified power structures of Washington, including the media one that I belong to," Fineman writes. You see, it's Ever So Hip to take potshots at yourself and your own class... I know, I've been doing this for years myself, so my skills are well-honed and I can spot this clever journalistic chicanery in a nanosecond. The story, Fineman says, "for want of a better term is DDD: digital direct democracy. Even now, voters with modems (and the time to use them) have access to most of the information that representatives do." WRONG, but hell, thanks for playing Mr. Fineman, don't let the 33.6 bps modem slap you on the ass as you slide into the bitstream. The truth, of course, is that Washington (the "real" Washington) is all-too- adept at keeping information under lock and key, printed on paper, distributed only to those that are deemed to hold the power.. and this includes lobbyists and the assorted foreign Chinese national, but it sure as hell doesn't mean "voters with modems." Fineman continues in breathless prose about how "soon enough they'll be able to voice their verdicts on issues of the day, in real time." He's talking here about how DDD can lead to the citizenry taking control of the legislative process by raining in their "votes" on issues, presumably changing the course of a vote in the House or Senate... hell, maybe DDD can even weigh in and break one of those infamous Senate filibusters. "It could be a popular idea," deadpans Fineman, noting there could be a "powerful lobby for DDD." Except for one, small CRUCIAL "dddetail": people with modems, who participate online, are as likely to think with one mind and speak with one voice and the new so-called government of Zaire's Laurent Kabila. Fineman eventually gets around to writing what he knows. "You can't reinvent the politics out of government, and the Beltway Bureaucracy is the most durable human edifice since the Ming dynasty." Amen, brother... hear the thunder roll... But all too quickly, Fineman lapses into babble and surprisingly unfounded babble. Gates has "given chunks of money, hard and soft, to both parties." I suppose Fineman wasn't talking about the last election cycle. Because according to the FEC, as sliced and diced at the excellent "show me the money" site maintained by Tony Raymond Gates personally gave only $5,400 to candidates and another $10,000 to his company's own Political Action Committee. Now my pencil may not be as sharp as Fineman's, but I figure that $15,400 in donations from the Richest Man in the World equates to the crumbs left in his dog's dish, but not "chunks" of money. Gates gave NO soft money of his own; however, Microsoft the company gave a total of $77,000, which it spread between Dems and the GOP. That's peanuts. Especially when you consider that Steve Jobs ponied up $150,000 of his own money (which he gave to the Dems.) Fineman relates how Gates introduces Gore to the 100 CEOs in attendance: "He's one of the first policy makers to understand technology and information. I have drawn on his wisdom often." Now, Gates is really much more hip than I thought, because if he made this statement--with a straight face--the man had to be high; or Gates is cracking under all the pressure of being the world's richest man. Taking advise and wisdom on technology from Gore is to take navigation lessons from the skipper of the Titanic. Fineman notes that if Gore has any wisdom to offer his buddy these days, "it should be this: Loosen up. The way NOT to make friends in Washington is to be aloof, mysterious, inaccessible. Also, don't move too quickly. The speed of change might frighten the natives." Indeed, it does. Fineman then notes the laughable column that Cokie and Steve Roberts co-authored... you remember, the one about how the Net is all things dangerous and will, if left unabated, surely bring down "representative democracy" we know it. Fineman goes on to say that the Roberts' rant "produced more flames than an oil field in Abu Dhabi." And then he quotes from my MSNBC Column on the Roberts' article: "The hysterical tone of the column is astounding," wrote cyberpundit Brock N. Meeks. "This sort of journalistic tripe is poison and yet, at the same time, grist for the mill among the twisted jackals who make up Congress and who, it seems, have no qualms about using the Internet as a personal whipping post whenever it suits their fancy." (Odd, but I could have sworn I wrote: "twisted craven jackels...") Then Fineman wraps up: "Let the record reflect that Meeks works for MSNBC, one of whose owners is--you guessed it--a man named Gates, from the other Washington." The inference, of course, is that I've been turned into a fuck chimp for Bill Gates. That I'm suddenly Gate's personal attack dog in D.C. Small Problem, Howie: I don't work for Gates, never met him and don't particular care to. Yes, at MSNBC we take Microsoft's money... and then curse the software they make us use to produce the news. If Fineman really thinks Gates has me on a short leash, then my worst fears have been realized: He's fallen of the wagon and has resumed that nasty Lucky Charms binge/purge routine. Oh the horror of it all... not a pretty sight. Fineman is probably, at this minute, writhing in pain, coughing up blood and having nostalgic thoughts about his college frat parties. I'm very concerned... I'll call the authorities... any minute now. Honest. Meeks out... ------------------------------ Date: Mon, 19 May 1997 21:54:29 -0500 (CDT) From: Eric Behr Subject: File 6--Review of: SENDMAIL (Second Edition) SENDMAIL (Second edition). By Bryan Costales, with Eric Allman. 1996. Sebastopol (Calif): O'Reilly and Associates. 1050 pp. $39.95 (paper). (Reviewed by Eric Behr, Dept. of Mathematics, Northern Illinois University). Even though many people these days spend hours using Web browsers, good old e-mail remains by far the most _important_ Internet application. We have come to rely on it just like our grandparents learned to depend on the telephone. And just like we don't pay much attention to the goings-on at the local phone exchange, we rarely think about the "under the hood" side of e-mail. Until we put our system managers' hats on our heads, that is. Unix computers are preferred as Internet service hubs. Other systems can offer easier configuration or higher cost-effectiveness, but Unix still reigns because of its flexibility, power and the abundance of skilled and experienced administrators. And the most common and mature Unix mail handling software is sendmail(8), whose history spans almost 20 years. Administrators have a love-hate relationship with it. I'm afraid that the "love" column is quite short: sendmail does an essential job very well, provided that it is properly configured and installed. The "hate" side of the ledger spans a few pages: it is probably the biggest potential security hole on your system, because it must assume the superuser's identity in much of its work, even when invoked by regular users; it's a relatively "open" program (source code for most versions is readily available), and hence it attracts swarms of hackers; it uses a complex configuration file written using obscure syntax; it cannot be fully tested until it's actually in place, which means that you will likely be tearing some of your hair out before you arrive at a workable setup; and so on, and so on. I am not a sendmail guru; I have edited a few sendmail.cf files in my life, and I spent several hours studying rewriting rules, but I cannot say that I could configure sendmail for a complex site in my sleep. This review is thus written from the point of view of a moderately advanced system manager who has once or twice dabbled in this subject. I was asked to write it at a very opportune moment - the time when I decided to switch from a vendor's implementation to the public domain version maintained by the original author, Eric Allman. I can use my experiences "from the trenches". My experiences have been mixed, but I recommend that you look at "sendmail" despite my grievances. The book under review is to some extent damned by its own notoriety. It's one of the legendary titles from O'Reilly. We've come to expect everything from it, and when it fails to deliver 100% we are disappointed. But let's not forget that the behavior of a very complex program such as _sendmail_ can't be adequately described in a static book in all its minutiae. It is natural that "sendmail" has its flaws, ranging from simple typos (surprising, frankly, for a second edition from a well-known publisher) to being unrealistic in places, and a little negligent of typical cases. The "Bat Book" is invaluable as a reference and as a confidence booster. Its mere physical size indicates the magnitude of the problem you are about to tackle. The comprehensive lists of options, m4 commands, rewriting rules, debugging switches and the like are a great help for anyone facing the unpleasant task of changing the configuration. Still, it isn't a cookbook. You will have to figure out for yourself which flavors and seasonings to add where, and which recipe works best in your situation. There are few concrete scenarios applicable to real life cases. The book falls short in offering quick and easy solutions, and perhaps this is as it should be - for you are the only person who knows exactly what is required at your installation. I encountered several frustrating problems which the book glossed over, or mentioned them somewhere on page 467, or didn't mention them at all. I would expect this had I used an obscure CPU and/or flavor of Unix -- but the book claims to be oriented towards precisely my situation! I expected a higher batting average. On top of this, the index is not always as helpful as it could be. This is dangerous, and not just for the poor soul who might lose his job if he doesn't upgrade sendmail the right way. We live in a world in which half of the Internet is in the hands of inexperienced administrators, and one-third of it is misconfigured, which affects everybody. I would hate to see the third edition come out (in response to my gripes) in the well-known "... for Dummies" series, but I think that parts of it can be easily made more helpful for a relative novice running one of the proliferating systems such as Linux. I don't want to be accused of taking pot shots, so let me list just a few concrete complaints: - the most common reasons why sendmail relinquishes its root provileges (and hence stops working as advertised) are not listed in an easy to use, clear form - the "pitfalls" section which follows each chapter is a very good idea, but the most likely ones should be prominently grouped in a separate place for easy reference - the $=w class is not documented well enough; the book uses examples in which $=w hostnames are partially qualified (they can't be!) and never mentions that the domain name must be added to the list if the hub is an MX host for that domain (which is almost always so!) - the m4 processor has certain quirks which should be mentioned (or at least mentioned more forcefully) I fell into many traps when switching from a vendor's sendmail to Allman's latest version. At times seeing the familiar SYSERR message in the logs and not knowing what is happening was infuriating. Even after the book became quite dog-eared and (I thought) worn down into submission, it still didn't relinquish its secrets easily. As you can see by now, I've developed a love-hate relationship with it similar to the one with sendmail itself. I found it very useful, because it _does_ have most of the answers in it, and I prefer to leaf through a book than to browse a dozen README files, FAQs, and archives of Web and newsgroup material. Still, I had to consult the FAQs and READMEs more than I expected. Internet mail is becoming more homogeneous; Bitnet relays and intricacies of UUCP have a much smaller role to play now than when sendmail was first conceived. Perhaps a new edition will be better organized and focused more sharply on the few categories of sites and scenarios that are likely to be encountered these days. To summarize - if you have $40 lying around and if you have a major sendmail revamping project in your future, then by all means, get it! But if you are expecting a set of painlessly implemented recipes, forget it. Save the money for a skilled consultant instead. ------------------------------ Date: Thu, 7 May 1997 22:51:01 CST From: CuD Moderators Subject: File 7--Cu Digest Header Info (unchanged since 7 May, 1997) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-6436), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. In ITALY: ZERO! BBS: +39-11-6507540 UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD Web-accessible from: http://www.etext.org/CuD/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #9.42 ************************************