precedence: bulk Subject: RISKS DIGEST 19.29 RISKS-LIST: Risks-Forum Digest Monday 11 August 1997 Volume 19 : Issue 29 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** Contents: Software error may have contributed to Guam crash (Steve Bellovin) Plane crashes into power lines near Los Angeles (PGN) Explosion causes Internet blackout in New England (Edupage) Vonneguten Morgen, Mary Schmich! Internet hoax (PGN) Bank robbery *wanted* poster based on image of wrong person (PGN) No Surfing on the Senate Floor (Edupage via R Spainhower) Yet Another Java Flaw-this time with MSIE? (Randy Holcomb) System malfunction implicated in need for death-penalty review (Webb Bryan) German Telekom's latest phone feature (Wilhelm Mueller) GPS: Exactly - and I do mean EXACTLY! where were you? (Sam Lepore) Y2K lawsuits begin (Jim Huggins) Airline travelers with duplicate names (Chuck Charlton) Re: Clean Sweep wasn't quite soon enough (Steve Branam) More on license forgeries (Mark Laubach via Dave Farber) Re: What to do about software patents (Dan Hicks) Re: Ctrl+Alt+Del (Dave Porter, Jered J Floyd, Bryan Costin, Roland Giersig) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 11 Aug 1997 19:53:19 +0200 From: Steve Bellovin Subject: Software error may have contributed to Guam crash National Transportation Safety Board investigators say that a software error may have been a contributing factor in the crash of the Korean Air 747, Flight 801, in Guam. The bug didn't cause the crash; however, if it were not for the bug, the crash might have been averted. The airport at Guam has a system known as Radar Minimum Safe Altitude Warning. It notifies controllers if a plane is too low; they in turn can notify the pilot. It normally covers a circular area with a 63-mile radius. Because of the bug, it was only covering a one-mile wide strip around the circumference of the circular area. An NTSB member said "This is not a cause -- it might have possibly been a prevention". And why was the code changed? Because the old version gave too many false alarms. [Source: An AP wire story] [225 of the 254 people on board were killed. The bug in the upgraded software apparently existed in airports throughout the world, and was not detected until analysis after the crash. Seeking to discover the exact point in time at which the altitude-warning system had failed, investigators discovered that the system had not issued any expected warnings and had failed completely. PGN] ------------------------------ Date: Sat, 9 Aug 97 16:08:23 PDT From: "Peter G. Neumann" Subject: Plane crashes into power lines near Los Angeles A Piper aircraft crashed into a 500,000-volt power line near the Cajon summit northeast of Los Angeles, causing widespread power interruptions across LA, Orange, and San Bernadino Counties. (The three people on board were killed.) More than 1000 traffic lights were either out or flashing, and apparently had to be reset individually. With record-high temperatures already affecting people's nerves, the evening commute was described as "chaotic". (I thought it always is.) [Source: *San Francisco Chronicle*, 6 Aug 1997, A18] Computer-related? Not necessarily (except maybe for the monitors that might have gotten fried by surges), but just another reminder of how our lives are dependent on our critical infrastructures, which in turn are dependent on all sorts of events *not* happening. Once again, recall that this is the Forum on Risks to the Public in Computers and Related Technologies. Electric power is clearly related! ------------------------------ Date: Sun, 10 Aug 1997 11:19:05 -0400 From: Edupage Editors Subject: Explosion causes Internet blackout in New England (Edupage) More than 200 New England businesses experienced a four-hour Internet blackout on 7 Aug 1997 after an explosion knocked out electrical power in the Boston area. One person was killed in the blast, which overloaded a panel switch at MIT, causing a fire and cutting off Internet access to BBN Planet customers. Access resumed around 10:00 in the evening. The speed with which the incident happened made it impossible to reroute traffic, said a BBN spokesman. (*TechWire*, 8 Aug 1997; Edupage, 10 Aug 1997) ------------------------------ Date: Fri, 8 Aug 97 17:12:23 PDT From: "Peter G. Neumann" Subject: Vonneguten Morgen, Mary Schmich! Internet hoax A column by Mary Schmich in the *Chicago Tribune* has been freely adapted (with only minor alterations) and has appeared widely on the Internet as the seemingly legitimate transcript of an MIT commencement speech supposedly given by noted author Kurt Vonnegut. Of course, Vonnegut never gave a commencement speech at MIT. But the transcript was sufficiently ironic and witty enough to be mistaken for his style, and generated all sorts of interesting responses. Schmich even had callers accusing her of stealing Vonnegut's speech! Other *Tribune* readers recognized the hoax, as did those MIT folks who knew that the commencement address had really been given by U.N. Secretary General Kofi Annan. But on the Internet, no one knows you are a hoaxter unless they happen to open their eyes once in a while to other inputs, so the hoax spread apace. ------------------------------ Date: Sat, 9 Aug 97 15:52:39 PDT From: "Peter G. Neumann" Subject: Bank robbery *wanted* poster based on image of wrong person Edward Sanders happened to visit his regular Bank of America branch at 5th and Brannan in San Francisco after someone else had managed to rob the bank -- without any alarms being activated (and therefore without being photographed). Unfortunately, the FBI thought that Sanders' face -- which had been routinely recorded -- was close enough to eye-witness reports of the robber, after which it appeared on *wanted* posters around town. Sanders wonders why the FBI never bothered to ask the tellers if the selected image was indeed that of the robber. Sanders has filed a $250,000 lawsuit against BoA, with potential triple damages. [Source: *San Francisco Chronicle*, 2 Aug 1997, A1] ------------------------------ Date: Sun, 10 Aug 1997 22:26:55 -0400 From: rs@world.std.com (R Spainhower) Subject: No Surfing on the Senate Floor (Edupage) The 10 Aug 1997 issue of Edupage contained the following awful, scary, horrible thing demonstrating just how behind the times at least three of our Senators are. The most far-reaching RISK: that our legislators are completely incompetent to pass judgement on any technology-related legal issues. But we already knew that, didn't we? Senator Michael B. Enzi (R., Wyoming) wants to use his laptop on the floor of the U.S. Senate, but many of his colleagues are opposed to the idea. Senator Diane Feinstein (D., California) says: "I'm not against computers, but I think they have their place and it's not everywhere. When you're speaking on the Senate floor, you should be speaking from a lifetime of experience, not from what you punch up on a computer." Senator Robert G. Torricelli (D., New Jersey) agrees: "The entry of an electronic notebook on the floor of the United States Senate will inevitably lead to staff instructions on voting and the scripting of all remarks." And the idea makes Senator Robert C. Byrd (D., Virginia) positively cranky: "What will be the next step if we take this? I would be a bit irritable, I think, if I looked around and saw someone sitting beside me, typing on this thing." (*The New York Times*, 10 Aug 1997; (Edupage, 10 August 1997) ------------------------------ Date: Sat, 9 Aug 1997 19:19:11 -0500 From: Randy Holcomb Subject: Yet Another Java Flaw-this time with MSIE? C-Net News is reporting a flaw with Microsoft's Internet Explorer 3.x and 4.0 allows a network connection to be opened to a foreign machine in alleged violation of the Java Security Model. The article can be found at http://www.news.com/News/Item/0,4,13226,00.html. Randy Holcomb ------------------------------ Date: Fri, 8 Aug 1997 15:50:37 -0700 From: Webb Bryan Subject: System malfunction implicated in need for death-penalty review In California last week, death row inmate Thomas Martin Thompson was within hours of his execution when the 9th Circuit Court of Appeals intervened and granted a stay of execution because of a previous error the court had made in not considering an "en banc" review of this case earlier. In Judge Kozinski's dissent within the published opinion _Thompson v. Calderon_, he supplies a brief description of the court's processes that were implicated in the court's previous error to schedule the "en banc" review in the normal timely manner. http://www.appellate-counsellor.com/9thcir/Thompson/main.htm Background: The court operates under a strict set of rules. The rules provide that notice be given to other judges so that they may request "en banc" review (during a limited time period) of a panel's decision before it is published. After the time period expires, their request for "en banc" review would have to follow different procedures (requiring more effort and justification?) The judges appear to have a network of personal computers. E-mail is used to provide the notice of a pending decision, and also for interposing the request for "en banc" review. According to an unnamed "Judge Y" quoted in the decision: "I . . . attempted to determine why I had not become aware of your decision earlier. The answer appears to be that my chambers systems malfunctioned and the opinion simply fell between the cracks. A partial explanation, but not excuse, is that the disposition was circulated shortly before a law clerk transition and that the old and new law clerks assigned to he case failed to communicate." Another judge called "Judge X" also appeared to have problems with the system. From the somewhat fuzzy description, it looks like either (1) Judge X did not receive an e-mail notice of the decision and yet the authoring judge had confirmation of receipt, or (2) Judge X or a law clerk misplaced or lost the e-mail. As a result of Judge X's and Judge Y's problems with the system, they did not timely request "en banc" review of the case; following the rule under which they were requesting the review, the scheduling judge had no authority to schedule the review. Later, after losing his appeal to the U.S. Supreme Court and his request for clemency from the governor, Thompson filed an emergency appeal again to the Court of Appeals for an "en banc" review, which was denied. Then the Court of Appeals, on its own initiative chose to review its panel's earlier decision and reversed itself, rendering the decision discussed here. Risks? (1) Inadequate training and system recovery procedures, (2) Possible bugs in the e-mail system, (3) Possible system design issues (is the e-mail system user friendly for the sorts of message sorting, flagging, and tickling that an appellate judge needs to do, is a higher level of redundancy appropriate, is a more proactive message tickler system appropriate where missed legal deadlines can forever cause litigants to lose full or further opportunity for legal review) (4) The bare facts presented suggest possible employee sabotage, or what would possibly be negligence if done by other than government employees. --Bryan Webb ------------------------------ Date: Fri, 8 Aug 1997 15:42:15 +0200 (MET DST) From: Wilhelm Mueller Subject: German Telekom's latest phone feature With my telephone bill for July, I received a flyer with a description of the latest feature offered by the German Telekom: T-Net-Box, a kind of answering-machine service. To allow calls to reach that answering machine, you'll have to do two things: 1. You have to enable the feature yourself. 2. You have to activate forwarding of incoming calls to the answering machine for certain conditions (always, if busy, after third ring). (Of course, I immediately tried step 2 before step 1, and it seemed to work. But now calls which should have been forwarded were rejected with a message that no T-Net-Box was enabled. I would have liked a bit more of documentation. Oh, well...) Step 1 consists of dialing a toll free number. The call is answered by an automatic responder which explains a few things and asks you to think of a PIN (4 to 10 digits), enter it twice, and, unless you mistyped it the second time, confirms that your T-Net-Box has been enabled. What it does *not* tell you, but that's printed in really *big* letters on the flyer, is that you'll have to pay *only* DM 4,-- per month. For all further operations besides turning forwarding on and off, you'll have to enter the PIN, but you can do it from any touch tone phone. Only (de)activating forwarding (you don't need a PIN for that) and disabling the box must be done from your own phone. So: Somebody has access to my phone. For several reasons I don't want the T-Net-Box, but this person now just enables it when I don't notice and doesn't tell me anything about it. He/she may even at the same time activate forwarding on busy and after third ring, and I would probably not notice. (Immediate call forwarding would be noticeable because the dial tone changes.) Only when I check my next phone bill thoroughly, I'll find out that there are an extra DM 4,-- on it, and then I'll probably have quite a problem getting rid of the unwanted T-Net-Box--German Telekom is known to be not very customer friendly when you think you have paid too much. When I asked at a Telekom shop, they couldn't tell me much about that problem, or about any of the other questions I'd got. (Actually, I hadn't expected them to be able to help me.) The toll free T-Net-Box help line has been busy whenever I tried, so I finally called the regular customer service who told me that someone would call me back--which even happened today. This person now was surprised about my concern. His reaction was essentially, ``But who would do such a thing?'' Besides that immediate risk it seems that the new feature is not well incorporated in what has already been there. I thought about setting the Box to take calls when the line is busy. I've already got call waiting and would have expected the Box to take over when I don't accept the second call. But according to the Telekom person who called me, the Box has precedence; I'd never get call waiting. The person in the shop, though, told it the other way round, so it's probably just one thing I'll have to experiment with. Wilhelm Mueller, Der Senator fuer Bau, Verkehr und Stadtentwicklung, Referat 43, Ansgaritorstrasse 2, D-28195 Bremen, Germany +49-421-361-10629 ------------------------------ Date: Sat, 09 Aug 1997 23:54:36 -0700 From: Sam Lepore Subject: GPS: Exactly - and I do mean EXACTLY! where were you? Recently I was amused by the story of a motorcycle riding friend who has a GPS device on his bike. He started out to visit someone several hundred miles away and saw his map with the destination details blow out of his pocket and get mangled by traffic behind him. But no matter, before leaving he had entered the precise coordinates of his destination in the GPS, so he decided to follow the tracker/advisor and see how close he could get before he had to call. He took a few wrong turns because he wasn't paying attention to the route advisor, and he took a couple of impulsive side trips, eventually getting back 'on course'. Low and behold, several hours later the unit starts beeping to indicate he is within 30 yards of his destination .... and there he is in front of the proper house. As he and his friend settle into conversation, one of the computer savvy room mates takes the GPS off the bike and downloads the recorded trip information to a mapping program. They all have a good laugh at his wrong turns. I, however, am concerned at the potential risks. GPS devices are nearly foolproof already and will come to be trusted as infallible soon. Then when the police demand (or subpoena) a GPS to see EXACTLY where you were at what time (and, oh by the way ... seems you were speeding here, and here, and, oops you were parked right behind The SmutShak for 23 minutes ...) we will not only have to face serious privacy concerns, but be put in the position of having to prove innocence in the face of 'incontrovertible' evidence. Except that it is controvertible ... I've seen GPS devices lose contact with satellites and fill in the missing route segment as it 'should have been'. Despite the convenience GPS offers there is a tremendous risk to privacy if your every move can be recorded. Technology and privacy are antagonists. And I love them both. Sam Lepore, San Francisco ------------------------------ Date: Thu, 7 Aug 1997 11:43:09 -0400 (EDT) From: Jim Huggins Subject: Y2K lawsuits begin Summarized from the *Detroit Free Press,* 7 August 1997, pp. 1A,11A: Produce Palace International (a Warren, MI, fruit & vegetable store) has filed suit against Tec-America Corporation and its local distributor, All-American Cash Register (Inkster, MI), over Y2K problems. The article claims this is one of the first Y2K lawsuits ever filed. In April 1995, the store spent about $100K for a computer system (including 10 registers) that handles purchases and inventory control. Immediately they noticed some problems in the system. The problems escalated in 1996, when customers began using credit cards with 2000 expiration dates. When asked to process such a transaction, the system crashes, requiring 4-5 hours to restart. The system suffered 105 such crashes between 30 April 1996-6 May 1997. Currently, the store is working around the problem by using the system to confirm that customers have sufficient credit, but writing up the transaction on paper. Later, the transactions are manually entered into the system using a 1999 expiration date. The store estimates they have lost over $50K in additional wages paid and hundreds of thousands of dollars in lost business. The article comments that the lawsuit may not help much; lawsuits can take years to resolve, and in the meantime, they're still stuck with a poorly-functioning system. An aside: as bad as things may be in 2000 when all of these systems start failing, I wonder how bad it will be in 1999, when work arounds like these won't work anymore ... --Jim Huggins, GMI Engineering & Management Institute (jhuggins@gmi.edu) ------------------------------ Date: Fri, 8 Aug 1997 09:34:18 -0800 From: Chuck Charlton Subject: Airline travelers with duplicate names In RISKS-19.28, Jordin Kare described a problem with electronic airline ticketing for people with similar names. The problem is worse when you have people with identical names, and affects all forms of airline reservations, not just E-tickets. My father and I have the same name on our driver licenses, except that he is Jr. and I am III. The airlines apparently do not or cannot capture the last few bytes of this kind of common naming convention. I was aware that this could be a problem the last time we travelled together, so I told the travel agent to make sure that she clearly identified that there were two of us, and that we needed two tickets and two seats. When we arrived to check in, we found that the airline had, in its diligence to cope with people who make multiple reservations for a single trip, indeed cancelled one of our tickets and reservations. The counter clerk at check-in was able to get us in ahead of the standby travellers, otherwise we would have been out of luck. We discussed strategy with her, and she suggested that I simply use my middle name instead of my first name whenever I travel with Dad again. ------------------------------ Date: Mon, 11 Aug 1997 12:21:31 -0400 From: Steve Branam Subject: Re: Clean Sweep wasn't quite soon enough (Horning, RISKS-19.28) Jim Horning describes his problems and dismay with bank procedures when his account was raided in an over-the-counter fraud scam, and brings up several electronic banking issues. I think a longer term risk of electronic banking fraud is that people may revert wholesale to paper banking in reaction. That at least gives them the feeling that they are in control of all the transactions, especially if they have the ability to block all electronic access to their accounts. I often worry about what would happen if an electronic transaction was fouled up. There is even greater risk of the "computer is always right" syndrome, already documented in RISKS. I get more and more worried as I think about all the sources of electronic transactions destined for my account, growing every day. It feels very out of control, and I am relying very heavily on a lot of other people's information protection systems. Steve Branam Hub Products Engineering 508-486-6043 branam@dechub.lkg.dec.com Digital Equipment Corporation DTN 226-6043 ------------------------------ Date: Thu, 7 Aug 1997 16:53:43 -0700 From: Mark Laubach Subject: More on license forgeries (Re: Horning, RISKS-19.28) [via Dave Farber] The forger's new techniques I suspect are in response to Wells Fargo's recent use of requiring a fingerprint of the person trying to cash a check if they themselves do not have an account at the bank. I got hit last November in a check washing fraud case. Postal mail was stolen from my mailbox containing a handwritten check from me. Since then, I never leave mail for pickup in my mailbox on the street, it's too easy for someone to drive by and steal the contents. The amount was for about $75.00. The thieves washed the check in solvent, removing the ink, then rewrote the payee and the amount and duplicated my signature. The new amount was $990.00. I found out about the problem via my on-line banking, but I had to wait for the statement to get a hold of the check. The check was cashed in the branch in Palo Alto that is my account home. After providing some evidence and written description of events, the bank eventually gave me $990 back. This past spring, I saw the notes in the bank about the finger printing requirements. With this new scam that Jim points out, the cashier appears to be the account owner and no fingerprint would be required. Intersting way to get around and very difficult to catch. I was put out for inconvenience of having to close and open a new account and for getting a new set of laser checks. Maybe I could put a restriction on my checking account that disallowed the cashing of checks to myself or to "cash". I always use my ATM card for getting money. Mark ------------------------------ Date: Thu, 07 Aug 97 22:35:13 CDT From: danhicks@millcomm.com (Dan Hicks) Subject: Re: What to do about software patents (RISKS-19.27) Something I've discussed with some of my peers (several of whom are spending most of their time engaged in advising lawyers for who are defending us from a meritless patent infringement suit) is some sort of peer review process for patents. It seems to me that it would be possible to set up a reasonably reliable peer review process so that patent applications could be reviewed for obviousness and prior art. In addition to freeing patent attorneys from time-consuming prior-art investigations, it would serve to fulfill the constitutional mandate for the patent process -- to "promote the progress of science" -- by enhancing inter-communications between technologists. Dan Hicks http://www.millcomm.com/~danhicks [Actually not a bad idea. Although this item is only marginally relevant to RISKS, it certainly addresses a serious problem in our technology. Please send any subsequent discussion to Dan, who -- if it has some RISKS relevance -- can perhaps provide a concise summary. PGN] ------------------------------ Date: Thu, 7 Aug 1997 15:55:42 -0400 From: Dave Porter Subject: Re: Ctrl+Alt+Del (VanDyke, RISKS-19.28) In RISKS-19.28, Paul VanDyke commented on the use of Ctrl+Alt+Del being used as the secure-logon sequence on a Windows NT system (his point being the potential confusion since Ctrl+Alt+Del is the reboot sequence when the PC is running in real mode, and in some other protected mode OSes as well). I understand that Microsoft's reason for choosing Ctrl+Alt+Del was that the secure-logon sequence must not be capable of interception by any app, and that it was hard to find a key combination which was not already used by some dusty-deck (if I may mix metaphors) Windows app. Which is not to say that Paul's point has no validity. On NT I sometimes type two Ctrl+Alt+Dels in my impatience to get to the security dialogue. On Windows 95, that's instant death. dave ------------------------------ Date: Fri, 8 Aug 1997 15:48:09 -0400 From: Jered J Floyd Subject: Re: Ctrl-Alt-Del (VanDyke, RISKS-19.28) > I used to think that is was neat to hit C-A-D and not have the computer > reboot, but not anymore. Bad programming Microsoft! No, this was a good move on their part! It was the only conceivable equivalent to the old Secure Attention Key -- so the user can be sure whom he is actually talking to! Nobody under WindowsNT but the operating system can catch the Ctrl-Alt-Delete key combination, so you know that when you press that and get a login window, you're actually getting a Windows NT login window and not a window from a Trojan horse application. jered@mit.edu [Similar comment from Scott Andrew Borton . The DoD Orange Book will live forever on that one. PGN] ------------------------------ Date: Sat, 9 Aug 1997 23:59:45 -0400 From: Bryan Costin Subject: Re: Ctrl-Alt-Del Waitaminit. This person's friend carelessly hit C-A-D on the wrong keyboard, and IBM OS/2 Warp Server reboots, apparently without demanding any kind of confirmation, and it's _Microsoft's_ fault? What about IBM? What about the RISKS of LAN admins with the fast fingers and multiple unlabeled keyboards? MS certainly deserves some criticism, but this is just silly. Even leaving all this aside, the C-A-D combo hasn't defaulted to a completely unconditional reboot under any MS OS since MS-DOS, including all versions of Windows since 3.1 (the earliest version I had around to check.) Nor does Novell NetWare or your average Unix box. I'm honestly stunned that Warp Server is apparently lacking in this respect. Bryan ------------------------------ Date: Mon, 11 Aug 1997 10:25:06 +0200 From: roland.giersig@aut.alcatel.at (Roland Giersig) Subject: Re: Ctrl-Alt-Del (Duennebeil, RISKS-19.28) Subtitled: Microsoft arrogance > I used to think that is was neat to hit C-A-D and not have the computer > reboot, but not anymore. Bad programming Microsoft! Yes, another two cases of blatant M$ arrogance (see also the posting in RISKS-18.70). In the first case, not only that but also of grave impoliteness. I mean, in real life it is customary for a newcomer or guest to (at least at first) ask the owner if one may use certain facilities. Or what would you think of a party guest that uses your phone without asking or starts redecorating your bedroom? In the second case, I think Microsoft is the *only* company that has the audacity to ignore the past and happily change the semantics of Ctrl-Alt-Del by 180 degrees (`login' instead of `shutdown'). But it's not stupidity that is behind that, it's a way to control the market. Just take the latest development with M$ mail: now they use WinWord as the mail editor, so each and every mail is in reality empty with an attached WinWord document. Doesn't matter when you have the same system, but gets hellish complicated in a heterogeneous environment, effectively "forcing" everybody to "upgrade" to the new Wintel system. And this scheme works, given the usual decision-making structure: Managers are the first to get the newest Wintel systems, because these are perfect for them (easy to use, nice to look at, and WinWord doesn't choke on the few-paged documents that managers normally write). Then managers try to send mail to the technical workers and bingo, the scheme works: due to intentionally ignored industry standards, the technical people suddenly aren't able to read the bosses mails (though it works perfectly between them). And now the Dilbert solution: managers (who have the power to make that decision) force the technical people (who don't have any decision power, who always complain but seldom get heard) to "upgrade" their perfectly working old system to the non-standard, non-robust and inadequate new system. Please, open your eyes, look around and tell me: is it that bad or am I just too cynical? Roland ------------------------------ Date: 1 Apr 1997 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Or use Bitnet LISTSERV. Alternatively, (via majordomo) DIRECT REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] => The INFO file (submissions, default disclaimers, archive sites, .mil/.uk subscribers, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 18" for volume 18] or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. The ftp.sri.com site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS ------------------------------ End of RISKS-FORUM Digest 19.29 ************************