precedence: bulk Subject: Risks Digest 20.24 RISKS-LIST: Risks-Forum Digest Thursday 11 March 1999 Volume 20 : Issue 24 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at and at ftp.sri.com/risks/ . Contents: Risks of testing a nuclear power plant for Y2K compliance (Robert Brill) ATC Equipment test almost causes landing collision in Australia (Pat Dirks) win9x instability? (Norman Choe) Outlook Express Date: parsing (Kenneth C. Dyke) Fonte des neiges (Bertrand Meyer) Risks of voice-recognition software (Chris Leeson) Rogue spelling checker at work (Andrew Koenig) Glitch opens jail cell doors (David Kennedy) Super Hornet (PGN) Italian hospitalized for hallucinations after Net surfing spree (Lloyd Wood) Damning critique of WIPO Internet domain name proposal (Lance J. Hoffman) Bringing Y2K fears to a new high -- or low (Michael P. Gerlek) Regular break-ins at the Pentagon? (Martin Ward) Re: Remote surgery (Declan O'Kane) More on-line trauma (JJSantos) Re: Lack of Anonymity in Microsoft Word (Yvo Desmedt) Re: Write-protectable hard-drives (Richard Schroeppel) Networking'99--NetAdmins & SysAdmins Share Solutions (enotify) Workshop on Countering Cyber-Terrorism (Clifford Neuman) PDPTA'99 on Fault Tolerance and Reconfiguration in Distributed Systems (Pradip Srimani) FMICS4 (Diego Latella) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 08 Mar 1999 16:20:22 -0500 From: Robert Brill Subject: Risks of testing a nuclear power plant for Y2K compliance Pennsylvania's Peach Bottom Atomic Power Station was subjected to detailed software analyses and simulations to check Y2K compliance, and concluded that everything would be OK. However, when the clock was moved ahead, the primary and backup monitoring systems crashed, every computer screen blanked out, and forced manual procedures. The cause was attributed to a technician improperly setting the test clock. The systems remained down for seven hours. ``Although the cause was human error, technology specialists say the glitch here illustrates an unanticipated peril of the Year 2000 problem: As computer systems that have been repaired are now being tested in live conditions, inadvertent mistakes and undiscovered bugs can bring the machines -- and the organizations that rely on them -- to a grinding halt.'' [Source: Rajiv Chandrasekaran, Big Glitch at Nuclear Plant Shows Perils of Y2K Tests, *The Washington Post* A03, 7 Mar 1999. PGN-ed] ------------------------------ Date: Mon, 8 Mar 1999 14:51:55 -0800 From: Pat Dirks Subject: ATC Equipment test almost causes landing collision in Australia I snipped this item (A Pull-Up Down-Under) from AvWeb's AVflash. It's a weekly mailing of aviation-related items from AvWeb (www.avweb.com): Controllers in Sydney, Australia last week during a temporary communications outage (due to testing of new equipment) could only watch as a Boeing 747-400 with 220 passengers on final approach headed for a 36-seat Dash 8 on the runway. Fortunately, the 747 pilot (whose final clearance had not been received due to the outage) pulled up at the last moment, missing the Dash by 200 feet. [Full story at http://www.avweb.com/newswire/news9910.html#7; PGN-ed] Note from PWD: ordinary, internationally accepted rules prohibit landing without an explicit clearance. The Boeing 747 should not have landed but, of course, it's only too easy to assume that, having gotten this far without a word from the tower to the contrary, landing clearance had been granted. In the event of communications failure (or to communicate with planes not equipped with a radio) light signals are used from the control tower: a red light is a signal NOT to land, so the tower reacted appropriately to the situation. A 747 pilot whose radios are in fine working order won't be LOOKING for light signals from the tower, of course. This does, indeed, sound like a close call and highlights the dangers of working on or around complex systems that are in active use. ------------------------------ Date: Thu, 4 Mar 1999 16:28:30 -0500 From: norman@environs.com (Norman Choe) Subject: win9x instability? Computer Hangs After 49.7 Days The information in this article applies to: Microsoft Windows 95 Microsoft Windows 95 OEM Service Release versions 2, 2.1, 2.5 Microsoft Windows 98 SYMPTOMS After 49.7 days of continuous operation, your Windows 95-based computer may stop responding (hang). CAUSE There is a problem with the timing algorithm in the Vtdapi.vxd file. (taken from http://support.microsoft.com/support/kb/articles/q216/6/41.asp) However, i would like to point out that Microsoft already has a good fix for this... there's no way in hell any win 9x machine could possibly run for that long without crashing ANYway, so this instability is purely theoretical. norman@environs.com http://www.environs.com/ [Intriguingly, there may be some evidence to the contrary! In December 1998, Ed Felten's testimony for the Justice Department indicated that during the previous seven months he had been running Windows 98 more or less uninterruptedly at Princeton, *after* removing Internet Explorer (using the program that he demonstrated to DoJ). He testified that there had been no unexplained crashes during that period. Meanwhile, many other folks report that various windows versions typically require a reboot as often as every week or two. Incidentally, the actual "hang-time" is roughly 49.710269 days, which corresponds to 2^32 milliseconds. This was noted by several correspondents, including Andrew Koenig , who asks, ``Isn't a 32-bit millisecond counter even sillier than a 2-digit year counter?'' Ah, yes. I don't think I have mentioned Multics' 1965 choice of a 71-bit microsecond clock recently enough, so let me do it again. A little bit of foresight (well, actually, quite a few bits) deserves some Y2Kudos. PGN] ------------------------------ Date: Sat, 6 Mar 99 00:12:23 -0800 From: "Kenneth C. Dyke" Subject: Outlook Express Date: parsing Given that I typically sort my inbox based on Date Sent, with newer e-mail at the top, it seemed odd to see messages showing up at the top of my list with dates such as this: Fri, Aug 1, 1919, 12:28 PM Being curious, I took a look at the actual Date: line in the header: Date: Sun, 4 Jan 2099 18:28:02 -0200 So, one obviously bogus date is somehow parsed to be in the future (according to how it was sorted in the list), but is then displayed as being 80 years old. Sadly, this wasn't the only case I found. I also had a piece of e-mail with the following date header: Date: 6/30/98 11:14:34 PM Pacific Daylight Time Outlook Express displayed it as: Mon, Jul 30, 2018, 3:14 AM Interestingly, it displayed it *above* most of my other mail (which is dated correctly from 1999), but *below* the bogus mail shown up above. I suddenly have renewed faith in Microsoft's Y2K efforts. -Ken ------------------------------ Date: Sat, 6 Mar 1999 11:39:48 -0800 From: Bertrand.Meyer@eiffel.com Subject: Fonte des neiges Here is a new, although perhaps unconscious, addition to the growing practice of applying computer terminology to other walks (or in this case runs) of life, as in "the economy needs rebooting". If you go skiing at Mountain High in San Bernardino county, California, you will see at the top of the main lift in the West Resort a sign stating various regulations, ending (I swear I am not making this up) with the following injunction in upper case: NO INVERTED ARIAL As someone who frequently needs Unix fonts to match Windows ones, I knew exactly what the rule would have been if this had been Zermatt: NO INVERTED HELVETICA. The possibilities for more such rules, in the PGN* style, appear almost endless. I don't know if it was a result of the eth-Arial atmosphere up there, but when running down the slopes I could think of quite a few, a couple of which I am including here for fear of being PGNed**: - On the way down, don't be too Bold! - NEVER fall on your TypeFace. The Impact might make you look Comic (especially if it leaves you Sans your skis). These are all Modern but, ever the Bookman, I had a few more literate ones, from some older Century Schoolbook, such as: - When in Rome, ignore the rest of Italics: do as the Roman does. (Although at Times you should do as the New Roman.) I hope this (delivered by Courier to the comp.risks Bookshelf) is a welcome diversion from the usually more Aerial topics of comp.risks. Oh, and for anyone who missed the profoundly subtle cross-linguistic Subject header: Fonte is a translation of the English word "font" into French computerese (replacing the proper French term), but also means, among other things, melting, so that "fonte des neiges" is melting of the snows (thaw) as well as font of the snows. I still fear that the Moderator will have a few additions of his own, at least if he remains True to Type -- or is this just TrueType?. * Puns Grossly Noxious ** Preempted Gracefully by Neumann -- Bertrand Meyer Interactive Software Engineering, Santa Barbara, Melting *Ice* expert, see http://eiffel.com/products/bench/ [I'm thawed of as very font of contributions such as Bertand's. 'Snow joke. (Are we playing Al-fonts and Gaston with E-le-fonts?) Merci! Pierre/PGN] ------------------------------ Date: Thu, 11 Mar 1999 10:52:13 -0000 From: "LEESON, Chris" Subject: Risks of voice-recognition software Quoted from an article appearing in the "Backbytes" section of Computing (11 March 1999); The article describes a demonstration of some voice-recognition software: > A representative from the company was just about to start the > demonstration and asked everyone in the room to be quiet. > Just then someone in the back of the room yelled: 'Format c: Return". > Someone else chimed in: "Yes, Return" > Unfortunately the software worked! I seem to remember someone in an earlier RISKS posting suggesting a similar scenario using words (maliciously) planted into a music CD ("Delete my files"/"Yes, I'm sure"). Unfortunately I cannot find the original posting. [RISKS-19.25 and 20.10 were recent item on this topic, although it has certainly been an ongoing theme... PGN] ------------------------------ Date: Sun, 7 Mar 1999 13:01:31 -0500 (EST) From: Andrew Koenig Subject: Rogue spelling checker at work Headline from AP wire today: ``Pope Beautifies 10 more'' Andrew Koenig, ark@research.att.com, http://www.research.att.com/info/ark [Papal ben-E-diction? Vaticanonesses? Vaticancan ladies? PGN] ------------------------------ Date: Wed, 03 Mar 1999 23:50:20 -0500 From: David Kennedy CISSP Subject: Glitch opens jail cell doors RISKS has reported numerous cases of prison doors opening or not opening because of computer malfunctions. In the latest episode, cell doors on the ninth floor of the Kenton County Detention Center in Covington KY opened spuriously and remained open for 9.5 hours, although the convicts were still confined within a larger area. [Source: The Cincinnati Enquirer, 3 Mar 1999, http://enquirer.com/editions/1999/03/03/loc_glitch_opens_cell.html; PGN-ed. Good case for layered security, domains of protection, etc.] David Kennedy CISSP Director of Research Services ICSA Inc. http://www.icsa.net ------------------------------ Date: Wed, 10 Mar 99 10:50:53 PST From: "Peter G. Neumann" Subject: Super Hornet *Defense Daily* (vol 201, no 43, page 1) reports that in a Senate hearing Senator Chuck Robb (D-Virginia) raised the issue of obtaining an unclassified version of a report on the Navy's Operational Test IIB of the F/A-18E/F Super Hornet aircraft. [In the absence of information (the Navy has denied a FOIA request), it is not clear who may be getting stung by the Hornet's performance (or lack thereof?). PGN-ed] ------------------------------ Date: Wed, 3 Mar 1999 13:22:14 +0000 (GMT) From: Lloyd Wood Subject: Italian hospitalized for hallucinations after Net surfing spree An Italian man was diagnosed with ``acute Internet intoxication'' (including delirium and mental confusion) attributed to his spending three straight days surfing the Internet. A psychiatrist in Rome suggested that this was not unusual, believing that several hundred Romans were suffering as well. He claimed most of those were around 30, single, educated, and with no prior history of mental problems, all spending at least 10 hours a day on-line, and he recommended keeping use under 5 to 6 hours a day. That would seem to put a lot of us at risk. [Lloyd forwarded a message to me from glen mccready to 0xdeadbeef@substance.blackdown.org with the above Subject, reforwarding a copyrighted article from nandotimes.com, 2 Mar 1999, that came via William Knowles . As we approach April Fool's Day, it seems to be more difficult to separate the wheat from the chaff, as in the case of "Mobile phones cause memory loss" in RISKS-20.23, which is speculative at best. I have adapted the nandotimes item for RISKS, although it falls in a similar category. PGN-ed] ------------------------------ Date: Sun, 07 Mar 1999 23:32:22 -0500 From: "Lance J. Hoffman" Subject: Damning critique of WIPO Internet domain name proposal Just in time for the last public hearing this coming Wednesday (10 Mar 1999) in Washington, law professor Michael Froomkin of the University of Miami has issued on his web page a damning critique of the current domain name proposal of the World Intellectual Property Organization. I'll let his paper speak for itself, but this issue is so important to the future of an Internet-enhanced society that I urge wide circulation and reading of the Froomkin critique before a grand disaster is set up by an organization with tenuous legitimacy and experience in Internet-related matters, but with plenty of baggage from the existing powers-that-be. I've reproduced just the opening part below, but URLs to more detailed arguments are given there. From Froomkin's Web page (http://www.law.miami.edu/~amf/quickguide.htm): Major Flaws in the WIPO Domain Name Proposal -- A Quick Guide A. Michael Froomkin, Professor of Law Executive Summary The World Intellectual Property Organization's plan to restructure the way Internet domain names in .com, .net, and .org are assigned and adjudicated is deeply flawed. The plan, contained in WIPO's "Interim Report" is designed to solve problems caused when Internet domain names collide with trademarked words. WIPO was asked to make suggestions for better dispute resolution, and it claims to have produced a plan that creates no new rights for intellectual property holders. In fact, however, the plan would impose extensive Alternate Dispute Resolution on all domain name registrants accused of infringing of any type of intellectual property with their registration. The WIPO plan's flaws include: * Bias. The plan is biased in favor of trademark holders * Enabling censorship. The WIPO plan fails to protect fundamental free-speech interests including parody, and criticism of corporations; * Zero Privacy. The WIPO plan provides zero privacy protections for the name, address and phone number of individual registrants * Intimidation. The WIPO plan creates an expensive loser-pays arbitration process with uncertain rules that will intimidate persons who have registered into surrendering valid registrations * Tilts the playing field. The WIPO plan would always allow challengers to domain names registrations to appeal to a court, but would often deny this privilege to the original registrant * Smorgasbord approach to law. Instead of directing arbitrators to apply applicable law, WIPO proposes using additional, different, rules it selected-rules that will often disadvantage registrants. A brief memo explaining these points follows. A more detailed, 50-page version, is also available in various file formats from http://www.law.miami.edu/~amf . This paper also proposes an alternate, fairer, reform plan. The key elements of the simpler reform plan are: * Reduce speculative registration: Require advance payment before registration * Penalize false contact details: De-register domains with fake contact information * Consider creating special rules to penalize large-scale domain speculation * Trust courts to continue to clarify relevant law * Understand that rapid changes in technology may make domain names less important * Create differentiated commercial and non-commercial top-level domains Lance J. Hoffman, Director, Cyberspace Policy Institute, Professor EECS The George Washington University, Washington DC 20052. Phone (202) 994-5513 ------------------------------ Date: Tue, 09 Mar 1999 08:18:00 -0800 From: "Michael P. Gerlek" Subject: Bringing Y2K fears to a new high -- or low From this week's *Infoworld*, in an article entitled 'Planning Beyond Y2K Disruptions': "People act on fear a lot, and in fear there may be a financial impact. We don't want people going and buying generators when they should be out buying jeans." -- Director of the Year-2000 project for Levi Strauss While this does make some sense from a purely business perspective, that it nonetheless is reaching anyone's radar screen makes me a lot more nervous about people reacting to Y2K fears than I am about Y2K itself. Michael P. Gerlek / mpg@flaxen.com ------------------------------ Date: Mon, 8 Mar 1999 10:33:08 GMT From: Martin Ward Subject: Regular break-ins at the Pentagon? A report from Edupage: > The Pentagon says that defense analysts have successfully thwarted new and > recent attempts to break into open Pentagon networks on the Internet. A > Pentagon spokesman admits, "There are literally hundreds of attempts weekly > to break into the computers. It's a constant because there's a certain > cachet to getting into the Pentagon system." The Department of Defense > insists that 99.95% of hacking attempts fail to penetrate beyond the open > networks and pose no national security threat. (*The New York Times*, > 5 Mar 1999) So there are hundreds of attempts per week and 99.95% of them fail. Let's assume about 200 attempts per week. That means, by my calculations, there are about five *successful* attempts to break in to Pentagon systems every year. Sometimes, 99.95% success just isn't good enough. Martin.Ward@durham.ac.uk http://www.dur.ac.uk/~dcs0mpw Erdos number: 4 Maintainer of the G.K.Chesterton web site: http://www.dur.ac.uk/~dcs0mpw/gkc/ [Amazingly, Prentiss Riddle came up with EXACTLY the same numbers and the same conclusion. Unfortunately, the standard response seems to be to "blame the hackers" (e.g., Cloverdale) rather than to strive for systems that are significantly more secure! PGN] ------------------------------ Date: Wed, 3 Mar 1999 17:57:54 -0000 From: "Dr Declan O'Kane" Subject: Re: Remote surgery (Rhodes, RISKS-20.23) One issue with surgery-by-wire is that who is legally accountable if a viscus is accidentally perforated or an artery accidentally cut ? Will surgeons blame their network connections ? Will we see Dr X and a Network company being sued for medical malpractice ? I would feel far more comfortable with an average surgeon with his/her hands inside me than an expert at the end of a long wire ! Another example of technology looking for an application. Declan O'Kane MRCP(UK) ------------------------------ Date: Thu, 4 Mar 1999 19:28:20 EST From: JJSantos@aol.com Subject: More on-line trauma I had an interesting experience happen to me that shook the foundations of my trust in my online experience. I'm an AOL user. (Now before my elitist compatriots cry out - I have been on the internet from the days of FTP and gopher - local access #s make AOL convenient). I recently logged on to find a message in my in-box titled "requested info"; expecting another spam, I was surprised to find one word in its contents - my password. Yes - access to online banking, funds, accounts, e-zines, and so on. The return address was an AOL domain. Less than a minute after opening the message, I was "Instant Messaged" by someone ("Bob SiteOp") claiming to be an AOL employee, asking whether I received the "requested info" message, and asking me to repeat its contents. Of course, I didn't bite (or should that be byte?). After a few phone calls and messages to AOL to report the matter, most of the front line phone attendants would either chalk it up to a virus/trojan horse, or claim that the situation I described was impossible -- "AOL doesn't keep passwords on a file". yeah. I finally clamored enough to get a supervisor that recognized the seriousness of the situation. Haven't heard a thing since she took the info and promised to followup. A couple of points here; clearly - a serious breach of AOL security took place; I've narrowed it down to their Instant Messaging 3rd party software, and an auto attendant mail feature. The person who instant messaged me was clearly in on this scam, and operates on the net out of small business in New Jersey (either legitimately or illegitimately). Unfortunately, since AOL doesn't have "standardized" id (or screen) names (or a way of authenticating who is at the other end), from that point on I was very uncomfortable messaging ANYONE - AOL or not --- who do you really know who you are talking to? Switching to the phone, I thought, would alleviate that fear. But after a few calls, subsequent AOL employees would tell me that the prior employees I spoke to couldn't have been employees (based on the name I was given), or were at least not giving me correct information. A slippery slope of trust -- who DO YOU believe? In the meantime, I've changed my passwords (regularly), "Bob Siteop" continues to prowl the electronic alleys for prey, and I've become one computer professional that is beginning to ask himself "what have we wrought?". ------------------------------ Date: Thu, 11 Mar 1999 18:48:41 +0900 (JST) From: Yvo Desmedt Subject: Re: Lack of Anonymity in Microsoft Word You probably heard that Microsoft Word adds information in the document that can uniquely identify the author, see e.g.: http://cnn.com/TECH/computing/9903/08/microsoft.privacy.02/index.html At the 1996 Information Hiding workshop, I predicted such a danger. See the second paragraph of Section 3 "Covert identification" starting with "First, any technique using covert channels ..." in the paper ESTABLISHING BIG BROTHER USING COVERT CHANNELS AND OTHER COVERT TECHNIQUES which is available from http://www.cs.uwm.edu/~desmedt/topics-covert.html I welcome any comments. Yvo ------------------------------ Date: Wed, 3 Mar 1999 08:52:36 -0700 (MST) From: Richard Schroeppel Subject: Re: Write-protectable hard-drives (Cargill, RISKS-20.21) A write protect button-toggle-switch was standard on disk drives for the (c. 1975) Digital PDP10 systems. The switch prevented the disk write-head from carrying current. The TOPS-10 operating system supported the feature, allowing the operator to declare drives read-only, or change the software setting. The OS couldn't read the physical switch, and could be confused by operator error: if a drive was physically read-only, but the OS thought it was writable, reading a file would cause the OS to try to update the most-recent-access time in the directory. None of the hard disks I presently use has a write-protect switch. Rich Schroeppel rcs@cs.arizona.edu ------------------------------ Date: Wed, 10 Mar 1999 03:58:43 -0800 (PST) From: enotify@usenix.org Subject: Networking'99--NetAdmins & SysAdmins Share Solutions CONFERENCE ON NETWORK ADMINISTRATION Wednesday and Thursday, April 7-8, 1999 NETWORKING TUTORIAL PROGRAM Friday and Saturday, April 9-10, 1999 WORKSHOP ON INTRUSION DETECTION AND NETWORK MONITORING Sunday and Monday, April 11-12, 1999 For the full tutorial and technical program, and online registration, http://www.usenix.org/networking99 Sponsored by USENIX, the Advanced Computing Systems Association Co-Sponsored by SAGE, the System Administrators Guild Co-located at Santa Clara Marriott Hotel, Santa Clara, California, USA ------------------------------ Date: Wed, 10 Mar 1999 20:18:55 -0800 (PST) From: Clifford Neuman Subject: Workshop on Countering Cyber-Terrorism Countering Cyber-Terrorism June 22-23 Marina del Rey, California A workshop sponsored by the Information Sciences Institute of the University of Southern California Please check the web page http://www.isi.edu/cctws for more information, including a position paper from the organizers which will be available two weeks prior to the submission deadline. Organizer's Paper Available April 5, 1999 Position Papers Due April 19, 1999 Organizing Committee: Bob Balzer, Information Sciences Institute, Balzer@isi.edu Thomas Longstaff, CERT Coordination Center, tal@cert.org Don Faatz, the MITRE Corporation, dfaatz@mitre.org Clifford Neuman, Information Sciences Institute, bcn@isi.edu ------------------------------ Date: Sat, 27 Feb 1999 09:01:37 -0700 (MST) From: pradip srimani Subject: PDPTA'99 on Fault Tolerance and Reconfiguration in Distributed Systems Call for Papers for a Special Session on Fault Tolerance and Reconfiguration in Distributed Systems Las Vegas, Nevada, USA, June 30 - July 2, 1999 International Conference on Parallel and Distributed Processing Techniques and Applications (PDPTA'99, 28 Jun -- 1 Jul 1999) http://www.cs.colostate.edu:80/~srimani/pdpta99.html The focus of this special session will be on fault-tolerance issues of distributed enterprise systems for time-critical and computation-intensive applications. Send extended abstracts by 15 Mar 1999 to Shahram Latifi Pradip K Srimani Department of Electrical and Department of Computer Science Computer Engineering Colorado State University University of Nevada, Las Vegas Ft. Collins Las Vegas, NV 89154-4026 CO 80523 USA E-mail: latifi@ee.unlv.edu srimani@CS.ColoState.EDU Voice: (702) 895-4016 Voice: (970) 491-7097 Fax: (702) 895-4075 Fax: (970) 491-2466 ------------------------------ Date: Sun, 7 Mar 1999 18:10:47 +0100 (MET) From: Diego Latella Subject: FMICS4 ERCIM Working Group on Formal Methods for Industrial Critical Systems Fourth International Workshop on Formal Methods for Industrial Critical Systems July 11-12 1999 Deadline for submission: March 30th, 1999 The Fourth International Workshop on Formal Methods for Industrial Critical Systems will take place in Trento on July 11-12, 1999, as a satellite meeting of FLoC'99 (http://www.cs.bell-labs.com/cm/cs/what/floc99/) Authors are invited to send their papers to: S. Gnesi, CNR-IEI, Via S. Maria 46, I56126 Pisa - ITALY phone: +39 050 593489 http://www.cnuce.pi.cnr.it/cnuweb/research/resgroups/conc-meth/FMICS/WS/Trento99/workshop.html ------------------------------ Date: 23 Sep 1998 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, SEND DIRECT E-MAIL REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 19" for volume 19] or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. PostScript copy of PGN's comprehensive historical summary of one liners: illustrative.PS at ftp.sri.com/risks . ------------------------------ End of RISKS-FORUM Digest 20.24 ************************