Volume 4, Issue 4, May 1, 1997
Telecommunications Electronic Reviews (TER) is a publication of the Library and Information Technology Association.
Telecommunications Electronic Reviews (ISSN: 1075-9972) is a periodical copyright © 1997 by the American Library Association. Documents in this issue, subject to copyright by the American Library Association or by the authors of the documents, may be reproduced for noncommercial, educational, or scientific purposes granted by Sections 107 and 108 of the Copyright Revision Act of 1976, provided that the copyright statement and source for that material are clearly acknowledged and that the material is reproduced without alteration. None of these documents may be reproduced or adapted for commercial distribution without the prior written permission of the designated copyright holder for the specific documents.
Contents:
- REVIEW OF: Daniel J. Blum and David M. Litwack. The E-Mail Frontier: Emerging Markets and Evolving Technologies. by Marshall Breeding
- REVIEW OF: Simson Garfinkel and Gene Stafford. Practical UNIX and Internet Security (2nd edition). by Patrick Flannery
- REVIEW OF: Elisabeth Logan and Myke Gluck, eds. Electronic Publishing: Applications and Implications. ASIS Monograph Series. by David G. Sherwood
- About TER
REVIEW OF: Daniel J. Blum and David M. Litwack. The E-Mail Frontier: Emerging Markets and Evolving Technologies. Reading, MA: Addison-Wesley, 1994.
by Marshall Breeding
Blum and Litwack deliver a comprehensive and insightful treatment of electronic communication, at least as it stood at the end of 1994. The E-Mail Frontier stands as one of the best sources on historical development, relevant standards, and technical information related to electronic communications.
The authors begin with a vision statement for electronic mail:
E-mail is a key communications application of the information age. It enables people or mail-enabled applications to exchange revisable multimedia information, workflow, and electronic data interchange transactions. This exchange can occur with anyone, anytime, anywhere with speed, ease of use, intelligence, security, and at low cost. (p. 2)
The book proceeds to make its way through its major topics. The four broad categories include an overview of electronic communication, the market and specific implementations that have emerged, the standards and technologies that underlie email, and, finally, a set of recommendations.
While the market perspectives and specific email implementations described in the book became out of date, the treatments of the standards and technologies have more lasting relevance. Chapters explore two parallel email universes, that of the X.400- and X.500- based private networks and that of the Simple Network Management Protocol (SNMP)-based Internet.
The authors give significant emphasis to X.400, devoting all of Chapter Six to a technical treatment, and parts of others to descriptions of X.400-based systems. I especially appreciated the straightforward explanations of the architecture and components of an X.400 system: User Agent, Message Transfer Agent, Message Store, and Access Unit. Other issues such as security, integration with X.500 directory services, and interoperability with other messaging systems are also given significant attention.
Since the writing of this book, X.400 has lost considerable ground, while Internet Mail has enjoyed explosive growth. Many considered Internet Mail an intermediate solution while the world awaited the development and acceptance of X.400-based systems. Just as OSI (Open Systems Interconnection) never gained sufficient momentum to overcome the dominance of TCP/IP (Transmission Control Protocol/Internet Protocol) on the networking level, X.400 failed to gained supremacy over Internet Mail. Blum and Litwack give clear descriptions of the protocols and systems that comprise Internet Mail. Internet Mail messages conform to a structure defined by RFC 822. (The mechanism for establishing standards related to the Internet involves "request for comments" or RFCs publicly submitted for review, and eventual acceptance and implementation.)
The Simple Mail Transfer Protocol, or SMTP, (RFC 821) defines how messages traverse the Internet. Other Internet standards are integral to mail, such as the Domain Name System. Privacy Enhanced Mail makes mail significantly more secure and Multipurpose Internet Mail Extensions allows the integration of non-textual information with mail interactions. While SMTP provides for the delivery of messages among mail servers on the Internet, other protocols structure the retrieval of mail by individual users from mail servers.
The Post Office Protocol (version 3) prevails as the preferred method for end-user retrieval of mail messages, especially through popular programs such as Eudora. While the book mentions the Interactive Mail Addressing Protocol, then in a version called IMAPbis2, it predates the recent explosion of IMAP version 4 implementations. IMAP holds significant architectural advantages over POP3, especially in the ability to provide access to mail from a variety of remote locations.
One of the major challenges for electronic messages is developing directory services. Email works well and easily when participants already know each other's email addresses. But for email to become more effective, some means of discovering email addresses must be available. While some alternatives have emerged, such as Whois++, the directory services architecture with the most promise is X.500. Implementations of X.500-based directory services exist for both X.400 and Internet Mail.
One of the major complications relating to directory services involves how information on each local mail server can be shared and replicated among other servers. As the number of servers grows and the extent of the information expands, the ability to distribute and synchronize this information becomes enormously difficult. Even today, no authoritative email directory service exists. Even the ability to have comprehensive directory services within large organizations continues to be difficult. Directory services continues to be a major obstacle in the achievement of electronic messaging conforming to Blum and Litwack's vision.
The business world adds a new dimension to electronic mail in supporting financial transactions and electronic commerce. Electronic Data Interchange (EDI) and X.12 provide one means of supporting these types of business activities. Many businesses have automated the process of purchasing, invoicing, and payment authorization through EDI, which defines a set of electronic conversations that can take place between businesses and customers in support of these transactions. The current business practices of just-in-time inventories would be difficult to maintain without the efficiencies offered by EDI over paper-based processes.
Explosive development of electronic commerce has occurred since this book's writing. While EDI continues to be a mainstay of business automation, many organizations have implemented models of electronic commerce based on the World Wide Web. The Web has become ubiquitous for many aspects of the commercial world and offers itself as a major vehicle for both consumer-oriented and business-to-business financial transactions.
Another dimension of email emerges as electronic messaging becomes integrated into other applications and no longer exists only as a discrete activity. An increasing number of applications can automatically interact with other computer systems and with human participants through integrated electronic messaging capabilities. These types of "smart applications" will bring electronic messaging into the realm of workflow automation and will create opportunities for new ways of conducting business operations.
The book builds toward a concluding chapter that assesses the state of electronic messaging at the time of writing as compared to the vision statement originally presented. The mixed results the authors described in 1994 persist through 1997. Successes include broad implementation of local, enterprise-wide, and global messaging systems, a rapidly increasing bandwidth on networks available for delivering messages, and a commercial world that makes considerable use of electronic commerce. Obstacles and remaining challenges involve security, manageability, and directory services.
Although it is a little dated, I consider The E-Mail Frontier a valuable resource for anyone needing to understand the underpinnings of electronic communication. While the book's approach tends to be technical, the material should be understandable to less technical readers also.
Marshall Breeding (breeding@library.vanderbilt.edu) is Library Networks and Microcomputer Analyst at Vanderbilt University and author of TCP/IP for the Internet , among other works.
Copyright © 1997 by Marshall Breeding. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at breeding@library.vanderbilt.edu.
REVIEW OF: Simson Garfinkel and Gene Stafford. Practical UNIX and Internet Security (2nd edition). Sebastopol, CA: O'Reilly & Associates, 1996.
by Patrick Flannery
This volume is an update of the considerably slimmer first edition published in 1991. While most of the original edition (dealing primarily with issues of UNIX security) has been brought up to date, it is the new material dealing with issues of network security that make this second edition so valuable. Most of us have come to realize that, as our services have migrated from being on-site to network-accessible, our concerns have grown accordingly, and our need to understand at least the basics of security in an Internet environment has reached critical mass.
So why must we learn about security in a wired world? Well, to quote the classic paranoid, "How do I know someone's not out to get me?" In fact as the networked numbers grow, the chances increase that someone is in fact out to get us, or at least get at our systems. As the authors explain in their excellent overview of the issue, there are structural insecurities built into the very bases of the Internet--TCP/IP (Transmission Control Protocol/ Internet Protocol) and UNIX.
Of course, what once were virtues are now vices, and it must be recognized that the designers of both TCP/IP and UNIX lived in, and programmed for, a much more secure and trusting environment than the commerce-driven Internet of today. In fact, one can go so far as to say that, by hard-coding those insecurities into TCP/IP and UNIX, programmers guaranteed the growth of networking by making it so darned easy to do. (It's difficult in a UNIX world not to network with other machines, unlike, say, the PC world, where networking is still seen as the equivalent of asking a dog to walk on its hind legs). Perhaps it's sufficient to say that the success of TCP/IP and UNIX, upon which the Internet still depends, also contains the seeds of its undoing.
So how does this book serve not only techies, but also those who must make reasonably informed decisions involving limited dollars? As Garfinkel and Spafford point out, 100% security, in addition to being a philosophical problem, costs far more than most organizations--for example, libraries--are able to pay. Consequently they have structured their text around a series of helpful issues which, in sum, probably account for more than 98% of the everyday security problems we face as operators of information servers. While the average administrator might blanche at the thought of understanding NFS (Network File System) or (horrors!) the kill command, he or she will immediately see the utility of educating users not to tape passwords to monitors, or the need to have personnel policies which enhance systems security, or why controlling access to servers is a project into which we might want to sink a little money. Despite its heft, the text does a reasonably good job of being readable for various categories of the technology-dependent.
And as a technical manual? Again, Garfinkel and Stafford do a good job under trying circumstances. UNIX is one of those peculiar words that imply linguistically that it is one thing when it is in fact several dozen things that bear a passing resemblance to each other owing to the existence of a common great-grandfather. So it is notoriously difficult to discuss the technicalities of UNIX security in such a way as not to lose the interest of the techie involved in AIX (Advanced Interactive eXchange) or Sun or HP (Hewlett-Packard) or Linux or SCO (Santa Cruz Operation)-specific security issues.
In fact, most techies might be tempted to bypass this title in favor of a vendor-specific publication. In doing so, they will miss an excellent structured presentation on generic UNIX issues of benefit to all system administrators. More importantly, by including pointers on how to find security information on the Internet, the authors are able to extend the life span of this edition beyond the pitifully short time most technical books live these days. In fact, without this section, the book might have already outlived its usefulness by the time this reviewer returned his review. Thankfully such is not the case--a knowledge of how to access security data from CERT (Computer Emergency Response Team), or how to download software patches, or where to post a (secure) question about hackers is a tool system administrators leave out of their toolkits at their peril.
In sum, the authors have managed to expand the scope of a classic text and increase its utility by focusing on core issues, and using the resources of the Internet itself as pointers to more current information. In this fuzzy age of transition from paper to digital text, such may be all we can ask of authors. For both the seasoned techie and the haggard administrator grown, in the words of a colleague, "beyond her expertise," Practical UNIX & Internet Security provides useful assurances that, while they are out to get us, we can dodge 98% of the bullets. And in a wired world, 98% is as perfect as it's going to get. Be careful out there.
Patrick Flannery (patrickf@library.tmc.edu) is Network & Systems Analyst for the Texas Medical Center Library in Houston, Texas.
Copyright © 1997 by Patrick Flannery. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at patrickf@library.tmc.edu.
REVIEW OF: Elisabeth Logan and Myke Gluck, eds. Electronic Publishing: Applications and Implications. ASIS Monograph Series. Medford, NJ: Information Today, 1997.
by David G. Sherwood
This slim volume (150 pages) is itself a demonstration of the advantage of timeliness that electronic publishing can have over conventional publishing. The almost two years between composition of the chapters and their availability in print is an eon in net-time, and much has changed since these once cutting-edge papers were first presented at the American Society of Information Science midyear meeting in Minneapolis in May of 1995. In that year--before the browser wars--Yahoo was just a project at Stanford University, Gopher-based campus-wide information systems were common, and the Web was not the ubiquitous presence it has become.
This volume, however, retains value because it examines, from various points of view, the big problems that remain to be solved if publishing is to move from a print-based product to an electronic one: problems of access, the absence of pervasive standards, the difficulty of keeping pace with rapidly evolving technologies, questions about intellectual property, and the re-allocation of the traditional roles of author, editor, publisher, librarian, and peer reviewer in the new environment of electronic publishing.
As authors of the book's eleven chapters, academic librarians from the U.S. and Canada are joined by experts from departments of computer science, schools of library and information science, and other fields. Divided into three sections, the book begins with papers that describe some standards and technology issues including the development of a Standard Generalized Markup Language (SGML) document type definition for museum information, geographic and spatial information standards, the place of cataloging in accessing electronic resources, and the special challenges of electronic publishing in the Chinese language.
A second section both reports on specific electronic publishing projects and highlights some important questions related to such projects. Included in this section are articles that describe the development of a pioneering electronic news source, explore the problem of (de)centralization in a university's electronic publishing program, highlight the role of professional societies, compare electronic versus print access, and probe the implications for electronic publishing of scholars' use of book reviews. A third section stylishly cuts through the thorny tangle of the copyright problem.
In their introduction, editors Logan and Gluck rightly point out that this collection of articles does not completely resolve any of the issues it raises, but readers will find their understanding of those issues enhanced by the efforts of the contributors to this volume.
David G. Sherwood (davids@creighton.edu) is Reference Librarian/Internet and Support Services Coordinator at Creighton University's Reinert/Alumni Memorial Library in Omaha, NE.
Copyright © 1997 by David G. Sherwood. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at davids@creighton.edu.