Dr. Dobb's Journal November 2001
The Wired Equivalent Privacy (WEP) protocol used in 802.11b wireless networks may not be dead, but it isn't looking too healthy — and Scott Fluhrer, Itsik Mantin, and Adi Shamir's paper, "Weaknesses in the Key Scheduling Algorithm of RC4" (http://www.eyetap.org/~rguerra/toronto2001/rc4_ksaproc.pdf) didn't help much. According to Fluhrer et al.: "RC4 is completely insecure in a common mode of operation...our new passive ciphertext-only attack on this mode can recover an arbitrarily long key."
Moreover, two tools implementing Fluhrer's attack, WEPcrack (http://sourceforge.net/projects/wepcrack) and AirSnort (http://airsnort.sourceforge.net/), have been released on the Internet. "All 802.11b networks with 40/128 bit WEP encryption are vulnerable" to AirSnort, say the tool's developers. "AirSnort requires approximately 100 MB to 1 GB of data to be gathered. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second...As this is a passive attack, nothing can be done to detect [it]."
The next generation 802.11b addresses the key-management problems. Until then, workarounds are possible through virtual private networking, hardware or firmware upgrades, or a wireless firewall gateway of the type proposed in a recent NASA paper (http://www.nas.nasa.gov/Groups/Networks/Projects/Wireless/index.html).
Be Inc., the company founded in 1990 by former Apple president Jean-Louis Gassée, has been sold to Palm for $11 million. Although widely respected for its multimedia capacities and the artistry of its GUI, the OS never found a true home, garnering a user base of about 50,000. BeOS is architected for symmetric multiprocessing and preemptive multitasking, and features a journaling, 64-bit filesystem.
"This move will help us expand the PalmOS platform into broader markets using their multimedia media and Internet expertise," said Palm CEO Carl Yankowski. In addition to acquiring Be's technology and intellectual property rights, Palm made employment offers to the Be engineering team. Gassée will serve in a "temporary advisory relationship" to Palm.
Palm plans to incorporate elements of the BeOS into the PalmOS, but will continue development of the BeOS itself. An effort has been initiated among Be users, however, to change Palm's plans: A survey at http://www.BeFAQs.com/save/ is attempting to collect enough data to convince Palm that the Be community is worth serving.
For an analysis of Be's rise and fall, see http://www.byte.com/documents/s=1115/byt20010824s0001/0827_hacker.html.
Caldera has open sourced the UNIX utilities awk and grep under the GPL, along with the AIM performance benchmarks and UNIX Regular Expression Parser. The newly open-source tools can be downloaded at http://unixtools.sourceforge.net/.
According to Caldera, the company "expects to release further components of the UNIX intellectual property in coming months." Forthcoming utilities include pkgmk, pkgadd, pkgrm, pkginfo, pkgproto, the Bourne shell, lex, yacc, sed, m4, and make. The licenses under which these tools will be released is yet to be determined.
A supercomputer called the "Cosmology Machine," built for the United Kingdom's Durham University by Sun Microsystems, is attempting to recreate the evolution of the universe.
The computer will create models representing different theories of cosmological origins and project the evolution of those virtual universes. The most accurate theories will presumably generate models that evolve to most closely resemble the real universe.
"We are able to instruct the supercomputer as to how to make artificial universes, which can be compared to astronomical observations," said Carlos Frenk, director of Durham's Institute for Computational Cosmology.
Frenk went on to state that "Long-term goals are to understand the formation of structures in the universe, to establish the identity and properties of the dark matter that dominates the dynamics of the universe, to determine the parameters of our world model, and to relate the Big Bang theory to astronomical observations."
The Cosmology Machine is powered by an integrated cluster of 128 Ultra-SparcIII processors and a 24-processor SunFire. It has 112 GB of memory, 7 terabytes of data storage, and can perform up to 456 billion arithmetic operations (228 billion floating point and 228 billion integer operations) in a second. For more information, see http://star-www.dur.ac.uk/cosmology/theory/ICC/.
The Object Management Group (http://www.omg.org/) is hammering out the shape of UML 2.0. At issue are the merits of five proposals defining the UML 2.0 Infrastructure and Object Constraint Language. Final versions of the two new specifications will be adopted in December 2001. The OMG has also issued requests for proposals for the UML 2.0 Superstructure and Diagram Interface.
According to the OMG, "Half of the new standards support object-oriented modeling, analysis, and design. One introduces schedulability concepts to UML, allowing the language to model real-time computing systems; another supports UML representation of component-based infrastructures; while the third lets designers assign action semantics to objects in UML models. Another of the new standards integrates the W3C XML schema definition with OMG's suite of modeling specifications."
A consortium of 17 companies calling themselves the "U2 Partners" (U2P) are writing a series of the UML 2.0 proposals. The U2P includes Oracle, Telelogic, IBM, and Rational, and is the largest group of companies to submit a proposal for the UML 2.0 infrastructure. The U2P specification describes first class extension mechanisms and profiles, and organizes the metamodel into "a number of fine-grained logical packages."
UML first emerged in 1995 as a collaboration among three methodologists seeking to converge their work. The 1.0 specification was submitted to the OMG in 1997. UML 1.4 was adopted in May, and Version 1.5 is expected this month. For information on the U2P's proposals for UML 2.0, see http://www.u2-partners.org/artifacts.htm.