TER Volume 5, Issue 5, June 1998

ter - telecommunications electronic reviews

Volume 5, Issue 5, June 1998

Telecommunications Electronic Reviews (TER) is a publication of the Library and Information Technology Association.

Telecommunications Electronic Reviews (ISSN: 1075-9972) is a periodical copyright © 1998 by the American Library Association. Documents in this issue, subject to copyright by the American Library Association or by the authors of the documents, may be reproduced for noncommercial, educational, or scientific purposes granted by Sections 107 and 108 of the Copyright Revision Act of 1976, provided that the copyright statement and source for that material are clearly acknowledged and that the material is reproduced without alteration. None of these documents may be reproduced or adapted for commercial distribution without the prior written permission of the designated copyright holder for the specific documents.


Windows NT Security information on the Web. Part I: Microsoft's Web Site

by Marshall Breeding

Telecommunications Electronic Reviews strives to provide reviews of materials related to the field of telecommunications and networking. While the bulk of the reviews in TER are on books, this column begins a series of reviews where we will examine selected web sites. I will be focusing on sites related to network security. These reviews will cover a number of network operating environments, beginning with Windows NT. In this column, we look at the resources available from Microsoft's own web site.

The Web can serve as an important source of information for security issues. Each of the operating environments comes with its own set of concerns. No system comes totally secure out of the box. Many vendors depend on the web to communicate with their users regarding security issues and to distribute the patches and workarounds necessary to maintain a secure environment.

As the developer of Windows NT, Microsoft provides an important resource for security information through its own site. Despite being one of the largest Web sites around, it is very well organized and contains effective searching capabilities. To find the section on security point your browser at: http://www.microsoft.com/Security.

New security issues arise constantly with each operating system. An active community of hackers works constantly to discover clever ways to compromise the security of each operating system. It is often up to the vendor to develop solutions to the various security flaws that are unearthed. Microsoft regularly issues Security Bulletins on this site that advise system administrators of known security problems and provides solutions or workarounds. I have noticed significant delays, however, between the time that a particular security issue with NT is discussed in other Internet forums and the time that it is acknowledged on this site. Keep in mind as you use this site that the information provided reflects official Microsoft corporate positions on these issues. In many cases the information is defensive of NT and may not fully reflect the seriousness of some of the issues. In a discussion about the ability to capture passwords from clients as they log into an NT server, for example, Microsoft states that it is not a problem since it requires access to the physical network segment. Most network administrators would (or should) be very concerned about this vulnerability.

One of the most important resources on NT security on the Microsoft site are in the White Papers section. These white papers describe the basic security architecture of Windows NT and provide many details on its implementation. The most critical paper in this section for Windows NT is "Securing Windows NT Installation" found at http://www.microsoft.com/ntserver/guide/secure_ntinstall.asp. If you are beginning the deployment of a NT-based network, you should study this document carefully. A more general security paper titled "Security: an Overview," though not specific to NT, describes Microsoft's approach to a number of security issues. Another white paper addresses smart card technologies ( http://www.microsoft.com/security/tech/scards/scardwp.htm). Microsoft's white paper on Server Gated Cryptography is available at http://www.microsoft.com/industry/finserv/press/SGCpaper.htm. This approach to security technology is fairly specific to the financial industry.

Another important security document on this site is one titled "Microsoft Windows NT Server: Security Features and Future Direction" written by Coopers & Lybrand, a major security consulting firm ( http://microsoft.com/ntserver/guide/cooperswp.asp). This 60-page document offers a very in-depth view of the security architecture and implementation of Windows NT. Although this document was developed in August 1997, it is one of the most thorough on NT security.

There are a number of white papers addressing the security issues in Windows NT version 5.0. Although this version of NT is not yet released, network managers need to prepare for the security issues involved with it. The following topics are addressed:

  • IP Security for Microsoft Windows NT Server 5.0
  • Windows NT Active Directory Display Specifiers
  • Active Directory Technical Summary Distributed File System: A
  • Logical View of Physical Storage
  • Secure Networking Using Microsoft Windows NT 5.0 Distributed
  • Security Services
  • Encrypting File System for Windows NT Version 5.0
  • Directory Integration with the Windows NT 5.0 Active
  • Directory
  • Optimizing Applications for Windows NT "Hydra"
  • International Support in Windows NT 5.0

A major resource on the security issues for this next version of NT is the article "Enhanced Security for NT 5.0" by Michael A. Goulde, reprinted from the September 1997 issue of Patricia Seybold's Open Information Systems.

The initial version of Windows NT 4.0 had a number security vulnerabilities. Microsoft fixed many of these problems in their Service Pack 3 (SP3). The document, http://microsoft.com/ntserver/guide/secenhance.asp, describes the security patches included in SP3.

Microsoft's security section has information on a number of security related technologies that are not related to Windows NT specifically that would likely be involved on an NT network. These include technical papers on Authenticode (a method for identifying the source of executable programs), client authentication using digital certificates and digital ID's for servers, Secure Channel (describing Microsoft's support for provides Secure Sockets Layer and Private Communications Technology), Server Gated Cryptography (a security environment for financial transactions such as online banking), Smart cards, Certificate servers, Cryptography, Personal Information Exchange (PFX), Virtual Private Networks, and Microsoft Wallet (Microsoft's approach to secure online purchasing for consumers).

Microsoft makes available an incredible amount of security information on their web site. While the volume of information is great, keep in mind that this web site tends to have a promotional flavor and that all the information may not be completely objective. In the next column we will look at some third-party web sites that look at NT security from a less protective perspective.

Marshall Breeding (breeding@library.vanderbilt.edu or http://www.library.vanderbilt.edu/libtech/breeding/home.html) is Library Technology Analyst at Vanderbilt University.

Copyright © 1998 by Marshall Breeding. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at breeding@library.vanderbilt.edu.

REVIEW OF: Mitchell Shnier. Dictionary of PC Hardware and Data Communication Terms. Sebastopol, CA: O'Reilly & Associates, 1996.

by Pat Ensor

Score one more point for the excellent stable of computing books published by O'Reilly & Associates. Disappointingly, this book does not have an animal "mascot" on the cover, as many of their books do, but it does have elegant, old-fashioned mechanical drawings!

As one might gather from the title, this is a reference book. Its scope is explained in one of the most comprehensive introductions I've ever read to such a work. In the preface, Shnier notes that there are over 900 entries included; the following subject areas are covered: data communication APIs (Application Program Interfaces), wireless communications, the Internet and TCP/IP (Transmission Control Protocol/Internet Protocol), personal computer (PC) hardware, LANs (Local Area Networks), WANs (Wide Area Networks), and multimedia.

The listing of subjects in the paragraph above illustrates why such a book is needed--in our fast-paced computing world, acronyms appear, spread, sometimes even lose their status as acronyms (know what Perl stands for?), with increasing frequency. Many become so common that no one bothers to explain any more what they represent, e.g., TCP/IP. Those who are in the know (or want you to think they are) may pepper their conversations with impenetrable acronyms. "Last week, we were discussing OSI as compared to TCP/IP; today, I was going to look up some RFCs developed by the IETF, that are kept at the InterNIC site, but our T1 was down." Shnier not only tells what an acronym stands for, but also provides a brief definition of the word or phrase. So you can look knowing and say "hmmm, uh huh," when you're around those people, then rush back to your office and pull out your trusty dictionary and see what Shnier has to say about this.

Shnier is a data communications consultant. He began compiling a list of acronyms for his own use, then began adding definitions, again for his use. The result is a reference book that I use frequently in editing technical writing. The dictionary has been made available online through the O'Reilly site ( http://www.oreilly.com), so that it can even be searched in that useful format.

The focus of the dictionary is acronyms and initialisms, but words in the appropriate subject area are also included. A definition may be a few words long, or it may extend over several pages, including illustrative tables. It depends on what is needed to define the word. Cross references are plentiful. When further information might be needed, World Wide Web addresses are given. Of course, these date quickly, but it gives the user of the book at least an idea of where to look for more on the topic.

One certainly might ask, since this book was published in 1996, is it still any good? The answer would be a resounding "yes!" There are certainly some initialisms and words appearing that are not defined here, but the ones that are included are still in use. And if you hesitate to get this volume now, be on the lookout for an updated edition, and snap it right up!

Oh, and BTW (meaning "by the way," which is defined in the book), Perl stands for "Practical Extraction and Report Language."

Pat Ensor (PLEnsor@uh.edu) is the Head of Information Services at University of Houston Libraries, as well as being the editor of the Cybrarian's Manual, the book review editor of TER, and Co-Editor-in-Chief of Public-Access Computer Systems Review.

Copyright © 1998 by Pat Ensor. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at PLEnsor@uh.edu.

REVIEW OF: Todd Courtois. Java Networking and Communications. Upper Saddle River, NJ: Prentice Hall, 1997.

by William Lund

Java seems to have generated a huge number of books. Were it only so that the technology itself were as pervasive. Over all I found Java Networking and Communications to be a very well written book, bringing clarity to a variety of topics which are themselves not well documented by the developers of Java. Prentice Hall's series of Java books runs the gamut from well written authoritative Java texts that educate the reader to "me too" Java books written to capitalize on the frenzy surrounding the technology.

Before reading this book the reader should be concerned about whether to dedicate time now to learning about Java or to wait until it matures or dies. With Microsoft's attempts to thwart Java's penetration into the market, it isn't clear whether we'll see anything of Java five years from now. Sun, for its part, hasn't helped the matter by making significant changes in the Java APIs between releases. Code written for Java 1.0 does not necessarily work well in Java 1.1. Will this continue?

That having been said, if you are in a position to invest time and resources into new technologies that may become critical to your work in years to come, Java Networking and Communications does an excellent job not only presenting the networking interfaces of Java 1.1, but also showing the appropriate usage of additional Java technologies such as threads programming and the use of native libraries (the latter being anathema to the true Java believer). I also appreciated the insightful inclusion of programming examples based on useful applications.

The book includes a CD-ROM with all code examples. For Macintosh it includes the code examples written from the Codewarrier compiler and Sun's Macintosh Java Developer's Kit (JDK) 1.0.2. For Windows 95 and NT the released Sun JDK 1.1.3 is provided. There are also JDK 1.1.2 versions for Solaris. Understandably there is a lag between when a book goes to print and when the reader picks it up. At this writing the most recent version of the JDK available from Sun is version 1.1.5 for Windows 95, Windows NT, and Solaris. Sun has not developed a JDK 1.1 version for the Macintosh OS.

One more kudo to the author: the code examples are well chosen and professional. Frequently I find that code in trade books attempts to pretend that coding is not detailed, finicky work. This author does a very good job adding inline documentation to the book's examples, using coding standards which are easy to read and similar to professional coding standards.

The introduction is brief and provides a context for reading the rest of the book. It identifies those areas where the reader should already be up to speed before beginning the book. Specifically the reader should be familiar with object oriented programming and the concepts of inheritance, methods, and classes. The book is intended for people already familiar with the basics of Java, wanting to learn more about the details and capabilities of networking using Java applications.

If you are not already familiar with communications streams from the UNIX environment, Chapter 2 introduces the topic and provides a foundation for the rest of the book. Streams originated with UNIX networking and have been adopted into Java as the paradigm for communications between Java processes. In this chapter the description of the StringTokenizer Class is an example of how the author shows the appropriate usage of a standard Java class which is itself not well documented in most Java books. More often than not, the authors of general purpose Java books will describe a class without any indication of how to use it appropriately, leaving the reader to figure it out on his or her own.

Chapter 3 discusses using the Java URL class in the Java.net library. The URL provides the basic building block for accessing web content. Using the URL class the programmer can directly download web content to an application. The author provides a "web drone" application which automatically downloads web content from an URL. Additionally, the author describes a new feature of Java 1.1 that permits expanded access to URLs in addition to the "GET" action.

Because communications inherently requires more than one thing to be happening at a time, the use of threads in a communications or networking program is essential. Chapter 4 provides a good discussion of threads of execution in which more than one process is executing at a time under the control of one or more processes. Short of an entire book on the topic, this is a good description of programming using threads.

Sockets provide a real-time interface between two processes. The author includes in Chapter 5 a good primer on internetworking standards, including IP, TCP, and Domain Name Services. The example applications include a "finger" client and a simple web server.

With Java there's always the question as to whether you should be creating a standalone application, an applet within a web browser, or a class to be included within other code. Chapter 6 discusses the pros and cons for each choice. The end of the chapter includes a discussion of debugging communications code, an inherently difficult problem since the order of events is not necessarily always the same.

Datagrams are to Sockets as telegrams are to phone calls. Datagrams provide a way to send what is from a networking perspective an inexpensive communication between two processes. In Chapter 7 the author gives an example of a client/server datagram system for sending messages.

In the 100% Pure Java world, programming using native libraries is a mortal sin. The reality is that Java still lacks significant structures to perform all features required by a full grown programming environment. Since the Java Virtual Machine (VM) is only a few years old, much that UNIX and other operating environments have developed over time is missing. Linking in native libraries that are not written in Java makes your work platform dependent, the very thing you were attempting to avoid by programming in Java. Nonetheless, in Chapter 8 the author provides a good background into this often overlooked facet of Java programming. The native environment the author uses is written in C. The author warns several times that the environment for linking native code to Java is highly platform dependent, even dependent on the version of the Java VM being used. The author includes examples for linking native code under Windows version 3.2, Solaris, and the MacOS.

All of the Java code in this book uses the Java character mode interface. The author has not attempted to include any information about the Java graphical user interfaces that changed between JDK version 1.0 and 1.1. This was probably wise since the reader is focused on the networking aspects of Java rather than trying to figure out how to use the graphical user interface.

The examples in the book are clearly written, well documented and, for the most part, highly useful in themselves. I found it particularly useful to have the methods and states for each class clearly defined. The examples included state testing systems to demonstrate how communications classes, such as the URLConnection class, change states.

In summary, I recommend this book for those interested in understanding the application of Java networking and in writing networking applications.

William Lund (bill_lund@byu.edu) is the Library Information Systems Department Chair at Brigham Young University.

Copyright © 1998 by William Lund. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at bill_lund@byu.edu.

REVIEW OF: W. Russell Neuman, Lee McKnight, and Richard Jay Solomon. The Gordian Knot: Political Gridlock on the Information Highway. Boston: MIT Press, 1997.

by Ray Olszewski

Discussions of a new standard for television broadcasts began in the 1970s. This new approach, which came to be known as High-Definition Television (HDTV), was pursued for over a decade, at international organizations and before the FCC (Federal Communications Commission) in a process dominated by representatives of broadcasters and television equipment manufacturers. Participants advanced a variety of incompatible proposals for HDTV standards, proposals that had the strategic purposes of benefiting their advocates to the disadvantage of competitors. Not until the 1990s did the emphasis shift to favor a digital standard for broadcasting, one that would help integrate the technologies of the broadcast and computer industries.

The authors of The Gordian Knot, three public-policy analysts from the Massachusetts Institute of Technology (MIT), were participants in the "HDTV wars" through most of this time. From their experiences, they came to believe that digital technology demanded a radical change in the methods used to regulate electronic media. The FCC has regulated telephony and broadcast media since 1934. AT&T was kept from direct competition in the computer industry by the terms of an antitrust case against it that was settled in 1956.

The Gordian Knot argues that changes in technology have made obsolete the historical distinctions among media that are the underpinning of traditional regulation. Drawing on their own experience in the debate over HDTV standards, they conclude that the present framework of regulation cannot accommodate either the convergence among media or the speed at which technology reshapes policy issues. They call for adoption of an "Open Communications Infrastructure," a new regulatory and legal framework that relies on competition to set service characteristics and standards.

To persuade us of the merits of their proposal, the authors take us on a tour of the history of regulation, going back to the nineteenth century, where they discuss the history of the then-advanced technologies of telegraphy, telephony, and railroad transportation. They continue through the twentieth century, where they discuss the increasing importance of digital technologies to American productivity and competitiveness, the modern history of broadcast and wireline regulation, the decades-long antitrust battles that ended with the dismembering of AT&T, and their own experience in the HDTV standards battles.

Unfortunately, they don't do any of this very well.

They are at their best when writing from their own experience, either about the HDTV debates or the post-World War II history of telephony. The events from roughly 1970 to 1984 that led to the breakup of AT&T are the one area they cover where my knowledge of the history is as or more detailed than theirs, and here I find the book generally on the mark, covering all the key issues fairly and including only a few, small factual errors (see below).

Similarly, they combine the insights of knowledgeable insiders and disinterested observers in recounting the turf battles that delayed the adoption of an HDTV standard for over a decade and that almost caused the adoption of a technically obsolete approach to improving TV broadcasts.

Even here, though, the accounts are unfocused. They provide a good, comprehensive overview of the history, but not one that helps the reader to see why the authors feel that regulation at its core has failed. The actual experience, based on their reporting, seems equivocal on this issue. Though one can easily see examples of where regulation missed the mark--the FCC always seems to be discussing computer-related issues a decade after they ceased to be important in the marketplace, for example--other instances illustrate the positive role that regulation can play, as in the standardization of frequencies for broadcast radio in the 1930s.

When writing about matters further from their actual experience, though, they tend to be superficial and lacking in critical insights. The chapters on nineteenth century events are fun to read, chock full of juicy tidbits about J.P. Morgan and his yacht (including a photo!), Jay Gould's eavesdropping on others' telegraph communications, and gunslinging range wars over access to key passes for running telegraph lines. But they too are not focused on the nominal purpose of the book. We do learn that the nineteenth century was a very different time and that businessmen then (as now) can be cutthroat in their practices, but we learn little more.

Their attempts to assess the economics of information technologies are also weak. For example, they characterize newer technologies, such as cellular telephones, as lacking strong economies of scale. In doing so, they rely on a simplistic understanding of economies of scale, looking at how costs change with number of subscribers while ignoring the effect that the geographic density of a subscriber population can have on average costs.

Moreover, their detailed analysis emphasizes limitations of cellular technology created by limited capacity and peak-load problems--in fact, they attribute current high prices for cellular service to these limits: "If prices were lower, the increased volume of use would overload the system, degrade the service, discourage other people from using it, and leave them with a bad impression of mobile communications." (p. 239) A service with these characteristics is not an economic challenge to wireline access to the home and office. Despite this, and with only a bit of vague commentary about the newer technologies such as PCS (Personal Communications Service) in between, they later assert: "Wireless access to the local loop makes open competition in provision of local exchange service a meaningful prospect, not in some distant future, but here and now." (p. 254)

In discussing the special features of information technologies, they emphasize the fungibility of bits and bandwidth over the rapid progress in hardware.

Computers confuse definitions because of a mathematical process fundamental to stored-program logic devices that makes no sense to lawyers--recursion. Any digital computer--technically a von Neumann device or a variation of a Turing machine--can imitate any other such machine (albeit at different speeds), and furthermore it can change its own program code, becoming a different machine each time it changes. (p. 235)

This observation is wrong, both technically (the process they are describing is not recursion) and, more importantly, in its emphasis on the wrong characteristics of computers.

What has made regulators unable to keep up with information industries is not the intrinsic versatility of computers and networks--they were versatile in the 1940s, when none of the service issues arose--but the rapid progress in humdrum materials science, which creates faster CPUs, bigger hard disks, faster modems and LANs (Local Area Networks), and the variety of other hardware improvements that we all take for granted. (If their emphasis were right, we would all be working on skillfully-programmed Apple IIs instead of Pentiums and Power Macs with bloatware operating systems and applications.) What regulators have trouble coping with is rapid change of any sort, and the technologies that support computers have experienced extraordinarily rapid change.

The book's chapter on "Networks and Productivity" is its low point. Though the authors promise to show us the evidence that information technologies can confer important competitive advantages by increasing productivity, they never deliver on the promise. Instead, they provide a superficial review of the economics literature on productivity growth, describing studies and their limitations in terms so general that a thoughtful reader can conclude nothing about how good any of the studies are.

Finally, the authors' description of their proposed "Open Communications Infrastructure" is brief, general, and uninformative about the details of how it might work. This, I think, is a result of a basic flaw in the way the authors approached the question. It is not enough to say that the existing system of regulation has flaws, or even that it has serious flaws. To make a case for a different approach, the authors should draw on some experience that indicates how an alternative might work.

For example, contrasting the HDTV debacle with the development of video standards for desktop computers, or perhaps with the establishment of Ethernet as the dominant standard for LAN wiring, might help us understand how a less-regulated environment would handle standards issues better (or worse, depending on the evidence). Examination of the causes and consequences of the large roles that Intel and Microsoft play in desktop computers also would help us understand why government does or does not need to take various sorts of action to "level the playing field."

The book also needs a careful workover by a proofreader and a fact checker. Errors of detail abound. A key Supreme Court decision, Gibbons v. Ogden, is assigned to 1924, when it actually occurred in 1824 (p. 87); a Boston-to-Albany railroad somehow crosses the Appalachians (I think they mean the Alleghenies; p. 46); several puzzling graphs are cited to "Cornell University, 1991," a citation not included in the references (various pages in chapter 4); a key FCC decision is referred to as both "Carterphone" (wrong) and "Carterfone" (right); and MCI was founded by Goeken, not McGowan (p. 178). The problem here, of course, is not the errors one does catch; it is the hesitation one then feels about relying on factual assertions about unfamiliar areas.

On balance, this book fails in its stated purpose. The evidence it marshals in support of its policy recommendations is equivocal at best. Despite a strong personal sympathy for the policy direction the authors suggest, I cannot find in their review of regulatory experience convincing evidence for their policy proposal.

Ray Olszewski (ray@comarre.com) is a consulting economist and statistician. He spent three years as Network Manager at The Nueva School, a private K-8 school in Hillsborough, California. His work includes development of custom Web-based software to support online research.

Copyright © 1998 by Ray Olszewski. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at ray@comarre.com.

REVIEW OF: Valerie Quercia. Internet in a Nutshell, A Desktop Quick Reference. Sebastopol, CA: O'Reilly & Associates, 1997.

by Glenda Slaughter

This book is designed for the entry-level person with a general knowledge of the Internet. The author assumes the reader has a little background in, and knowledge of, the Internet and some of its language. I like the way the author does not define every technical word in the text. Instead, there is a glossary in the back for much of the jargon used in the book. This allows the reader to look there if needed, but it also allows the higher- level reader to bypass a lot of the explanations that tend to accompany most beginning manuals.

I was equally impressed by the way Uniform Resource Locators (URLs) are splashed throughout the book. Whenever there is a reference to something on the Internet, the URL is always listed.

The book starts out with a preface that summarizes the book for its readers. This would be a good quick reference book for the intermediate user. Those not familiar with the Internet could use this book as a guide. Topics of interest include setting up applications, learning how to access the Internet, using the Internet via a browser, and becoming familiar with email. The author has tried to keep the information organized by grouping the "how to's" together and the "where to go's" separately.

Part one only has one chapter. It quickly describes what the Internet is and why you would want to use it. Part two is chapters two and three. An entire chapter is dedicated to Netscape Navigator tips, hints, and how to's. The author goes into the how to's of the product and a few tips, tricks, and shortcuts to make the tool easier to use. The author explains topics like bookmarks and history files and jumps right into cookies and security. The next chapter is dedicated to Microsoft Internet Explorer (MSIE). Besides repeating every topic that was just covered in chapter two, the author adds some practical solutions to this chapter, such as how to import bookmarks from NetScape into MSIE.

This is an excellent section for those who are just beginning with their browser. Those who have already used a browser for a while would be able to skip these two chapters. Personally, I would like to have seen a little history as to why these two browsers were chosen as examples in chapter one, or anywhere in the book for that matter.

Part three includes chapters four through eight. The focus is on where Internet addresses came from, how to read one, and how to access them. This section moves from defining Internet address conventions to overviewing the beginnings of Yahoo!. The author lists URLs of other Web sites that can be used as Internet locators or resources for magazines, news, software, government information, and topics including weather, sports, money, museums, educational needs, animals, nature, travel, arts, books, TV schedules, and movies. Basically, there is a site listed for almost any topic or category one could consider.

There is an entire chapter devoted to search engines and other Internet resource directories and their differences. Basically, the difference is that a directory is a search engine which "provides a catalog of the resources it indexes." The popular search engines are listed with their related URLs, along with other places to find additional search engines. The author reviews each of these search engines along with a basic description of each, syntax usage, and tips. Search engines reviewed include AltaVista, DejaNews, Excite, HotBot, Infoseek, Lycos, Netguide Live, WebCrawler, and Yahoo!.

Also included in this section is a chapter about methods and ideas on locating people and places using search engines. Then the section changes modes and defines Telnet. This includes information on what Telnet is and how to use Telnet within Windows.

Part four includes chapters nine through fifteen. It begins with a discussion of email and newsgroups as an introduction to the section. Email addresses, signature files, and email netiquette follow. Unlike the browser section, a specific email client is not defined. Tips and tricks on managing incoming email are covered, with a highlight given for an upcoming chapter on email filtering. As with all good email manuals, the topic of junk email, more commonly known as spam email, is covered. Included are some ideas on how to avoid being spammed and how to handle spam email.

Another topic discussed is attachments. The author reviews file attachments and the function of MIME (Multimedia Internet Mail Extensions). The two different types of file attachments are ASCII or plain text, and binary data such as graphics and programs. The topic of UNIX mail and the usage of uuencode and uudecode are briefly mentioned. A future topic of file compression is mentioned and recommended for reading. Detailed instructions and examples of how to send an attachment using MSIE and Netscape Messenger are also presented.

The discussion of Internet email continues, and the topic changes to mailing lists. The author explains what a mailing list is, where to find one of interest along with a listing of some mailing lists and a place on the Internet to find more. Also covered are how to subscribe to a mailing list, how to send and receive messages from the list, how to unsubscribe, and a quick reference guide to some common commands.

The Usenet discussion begins by giving some netiquette advice. Included is the naming scheme for Usenet access along with a listing of some of the more common newsgroup topics and where on the Internet you can find them. Examples of how to find additional Usenet groups using the DejaNews search engine are given.

Netscape Messenger and Collabra are discussed in more detail. Netscape Messenger is used to send electronic mail and Collabra is used to access Usenet news. There is a brief review of both products, a tips and help section, and a quick reference for frequently used commands. This chapter shows the reader how to perform the functions discussed earlier concerning email, Usenet, sending email, attachments, and filtering using Netscape. The following chapter covers the same information using MSIE Internet Mail.

MSIE Internet News is used to take a closer look at Usenet news from the MSIE perspective. This chapter covers the basic components of the application, including tips, tricks, shortcuts, and a quick reference. Other functions such as how to subscribe and unsubscribe from a newsgroup and creating an email address book from a newsgroup using MSIE are covered again here.

Part five includes chapters sixteen through nineteen. This section focuses on file handling. After a short review of past chapters, there is a listing of multiple extensions. This list includes the MIME types, how to determine if the file is binary or ASCII, and a short description on how to use the file.

From here, file transfers and FTP (File Transfer Protocol) procedures are covered. How to access files, what program to use, "concepts," and an example of how to transfer a file are all defined. A short discussion of different ways to transfer files is provided, based on whether they are binary or ASCII, along with a sample chart of common file types. The use of WS_FTP is covered along with a short discussion on using UNIX systems and how .netrc files are used to anonymously autolog into a UNIX server. The use of FTP by email using ftpmail is covered with an example given. A short list of commonly used FTP commands and their definitions are also given.

The section further expands on FTP commands including command-line options for UNIX and generic FTP commands that can be used from MS-DOS FTP programs. The subject changes to file compression and archiving. The author gives a review of the importance of compressing large files. There is a table covering compressed file extensions, with programs used to create the file and information on how to uncompress the file included. WinZip is used for compression in the Windows environment. Compress and gzip are reviewed for the UNIX users. For archives, tar procedures are reviewed for UNIX client. The concept of uuencode and uudecode is reviewed for binary UNIX files. A few pages are devoted to the use of StuffIt to compress, decompress, and archive files for Macintosh clients.

Part six includes chapters twenty and twenty-one and is focused on helper applications and plug-ins. This section starts by explaining why a helper application is needed. Plug-ins are used for Netscape and ActiveX controls for MSIE. Helper applications discussed are Telnet, video players, audio players, and viewers. Each section has the URL of the helper application. Directions for installing and configuring these for Navigator and MSIE are included. The author discusses how to choose the best helper application. Apple's QuickTime for the Macintosh and Shockwave and RealAudio for Windows are examples. Each product discussed has an associated URL location. As an added bonus, the author includes a URL for other helper applications such as 3D and animation, business and utilities, presentations, audio/video and image viewers.

Part seven includes chapters twenty-two through twenty-six, covering Web authoring. It begins with an introduction to the WWW (World Wide Web), including how to get started with your personal Web page, pros and cons of renting Web space, and starting your own Web server. HTML (HyperText Markup Language) and text editors are discussed. An entire chapter is focused on HTML. Many common tags and attributes are listed. Another chapter discusses how to add color to your Web pages. The author includes an explanation of the use of "character entities," or special characters. A review of regular and animated GIFs (Graphic Interchange Format), Java applets, CGI (Common Gateway Interface) scripts, and audio files are covered along with a list of URLs to find examples of each.

Part eight includes chapters twenty-seven and twenty-eight, covering Internet Relay Chat (IRC). Chat and other types of Internet communications are compared. Chat is real-time and can be a one-to-one or group discussion. Basic IRC concepts are covered including where to find the software on the Internet, how to configure the program, how to use the software, and where to find someone to "chat" with. Common IRC commands are provided.

A glossary and index finish the book. The glossary contains fifty-eight words, their definitions, references to pertinent chapters, and examples. The index is very detailed (18 pages in length) and includes acronyms and cross references.

This book is very well written. It is excellent reading for the beginner to the intermediate user.

Glenda Slaughter (Wolf@swlink.net) is the System Administrator for Oracle at Motorola in Scottsdale, Arizona.

Copyright © 1998 by Glenda Slaughter. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at Wolf@swlink.net.

About TER