[1010] in RISKS Forum
RISKS DIGEST 15.71
daemon@ATHENA.MIT.EDU (RISKS Forum)
Tue Mar 29 20:34:20 1994
From: RISKS Forum <risks@csl.sri.com>
Date: Tue, 29 Mar 94 17:29:37 PST
Reply-To: risks@csl.sri.com
To: RISKS-LIST:;@csl.sri.com
RISKS-LIST: RISKS-FORUM Digest Tuesday 29 March 1994 Volume 15 : Issue 71
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for information on RISKS (comp.risks) *****
Contents:
Risks of washroom automation (Paul Colley)
Pay-per-View failure lets adult station go unscrambled (Mike Carleton)
Role-playing Addiction (Mich Kabay)
Software theft statistics (Mich Kabay)
Risks of spelling checkers (John Girard, PGN)
Busy-waiting woes (Darren Senn)
Recent useful newspaper pieces on crypto policy (Lance J. Hoffman)
Re: L.A. Phone Fire (Nevin Liber)
Re: Canadian Poodles using 911 (Shawn Mamros)
Re: Banknotes and photocopiers (Mike Sullivan)
Re: IRS persistence (Robin Kenny)
Preliminary Program: 7th IEEE Computer Security Foundations Workshop (Li Gong)
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
----------------------------------------------------------------------
Date: Mon Mar 28 14:22:02 1994
From: ember!pacolley@qucis.queensu.ca
Subject: Risks of washroom automation (Erma Bombeck)
Here's one paragraph of Erma Bombeck's humour column, The Kingston
Whig-Standard, 28 March 1994.
"I dropped by an airport washroom. In my stall, I wrestled
with my jumpsuit, and in doing so the belt fell into the
commode. Before I could retrieve it, the automatic flusher
sucked it away and into the sewers of San Jose. I held my
hands under the automatic water tap and went for a paper
towel. I turned in time to see my handbag fall into the
sink and activate the water. It proceeded to drown."
The column also enumerates many other more familiar problems with
automation.
- Paul Colley colley@qucis.queensu.ca +1 613 545 3807
[Beware of the automatic handwringer. PGN]
------------------------------
Date: Tue, 29 Mar 94 13:37:20 EST
From: mcarleton@zendia.enet.dec.com
Subject: Pay-per-View failure lets adult station go unscrambled
Cable company adds unexpected Spice to subscriber's dinner hour.
A problem with a pay-per-view system caused all customers of the Greater
Media Cable TV service in Worcester Massachusetts to receive the unscrambled
broadcast of an Adult cable cannel offered by the system. The Spice cable
channel was unscrambled for 90 minutes between 6:00pm and 7:30pm on Monday
March 28th.
According to a representative of the cable company, Ed Goldstien, the
cause of the glitch was not known and an investigation was in progress.
Goldstien presented the cable company's apology and promise that it would not
happen again to subscribers over the local radio station WXLO.
The Greater Media Cable system uses a call in voice response system to allow
customers to activate the pay-per-view stations offered by the system. The
activation code for the customer's cable box is broadcast over the cable
system to unscramble the selected pay-per-view offering. RISKS readers could
speculate that this incident is an indication that a universal activation
code must exist for all cable decoders in the system. We could further
speculate that the voice response system could have broadcast this code in
response to a pay-per-view request of a single subscriber if internal tables
were faulty.
The RISK here is dependence on an automatic system to save cost when the cost
of its failure is not taken into account.
Mike Carleton mcarleton@zendia.enet.dec.com
------------------------------
Date: 29 Mar 94 12:59:07 EST
From: "Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
Subject: Role-playing Addiction
Washington Post Staff Writer John Schwartz has published a moving and
insightful article entitled, "Game Boy." It explores the life and death of
an eighteen year old man addicted to cyberspace role-playing. I have asked
Mr Schwartz for permission to post the original article in its entirety. For
the time being, here's a brief summary.
<<begin summary>>
Nathaniel Davenport was an unassertive, socially-isolated teenager who did
poorly in high school but had excellent S.A.T. scores. He entered the
University of California at Santa Cruz autumn 92 and quickly became active in
AmberMUSH, a M.U.D. (multi-user dimension) loosely based on the _Amber_
stories of Roger Zelazny. AmberMUSH "features a series of mirrors that you
walk through into different elaborate fictional situations: One is the ruins
of a city; another a rowdy Western town; a third, the smoky darkness of the
"World's End Bar," a cross-dimensional speakeasy. Wherever you go, other
players are there, gathered from around the world to engage in a collective
fantasy; you converse with whoever is in the `room' you are in at the time,
something like a pickup game in basketball."
Nathaniel became a M.U.D. addict. He was asked to leave his university
because he had missed all of his classes while living in AmberMUSH. Back in
Virginia, he continued his addiction through student terminals at George
Mason University, where he would spend entire days interacting with other
role players from around the world.
Nathaniel's persona in AmberMUSH was Sabbath, a beautiful seductress devoid
of empathy for the characters she manipulated. For example, she spent months
seducing another character, only to goad him to his death in a battle with a
more powerful character.
After bitter arguments with his family, Nathaniel agreed to get a job. He
began working at a computer company from 5 a.m. to 1:30 p.m. He incorporated
his new job into his frenetic role-playing life by skimping on sleep. A week
after starting work, he apparently fell asleep at the wheel of his mother's
car and smashed head-on into a truck. He died instantly.
When Nathaniel's father sent out requests for correspondence on the Internet,
addressing the AmberMUSH users his son had spent so much of his life with, he
was astonished at the volume and quality of the responses.
Over time, Tom Davenport came to believe that Nathaniel's interactions were
not futile game-playing or pornographic flirting. "[I]n his quest to better
himself, Nathaniel had also turned to the tool he was most comfortable with:
He was using his character to explore social interactions, to learn to be
funny, charming, direct. `He was using the net,' says Davenport, `to work out
his life.'"
"Contacted via e-mail, AmberMUSH administrator Mark Grundy said the death of
Nathaniel Davenport has made him think hard about players' responsibility to
one another in the on-line society. `The future for human relationships in
the Communication Age seems particularly uncertain,' Grundy wrote. `For me,
the lesson that Tom has taught is that the answers can come, if you look for
them with the right heart.'"
<<end summary>>
This young man, isolated from a local community, unhappy in his own skin,
found happiness as a different person in a different world. The pity is that
he lost touch with his own body's needs.
Like a rat on an endorphin high, poor Nathaniel died from addiction to his
own form of satisfaction. Should we shrug and dismiss his death? "It's his
problem--he was free to act as he chose." Surely, but could anyone in his
cyberspace community have helped avoid this sad end, crushed uselessly at the
age of 18? I wonder if cyberspace role-players will reach out to accept and
support the tangible person behind the electronic persona? Would it have
helped if someone had asked how Nathaniel was doing instead of focusing only
on Sabbath?
As human beings interact electronically, we will be forced to integrate
morality and reason into cyberspace. Cyberspace must not remain a moral
vacuum; common sense must grow to encompass all the ways we now have to touch
other people's lives and alter our own.
Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn
------------------------------
Date: 29 Mar 94 12:59:16 EST
From: "Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
Subject: Software theft statistics
>From the Associated Press newswire via Executive News Service on CompuServe
(GO ENS):
JEANNINE AVERSA, Associated Press Writer, reports on the Software Publishers
Association's statistics concerning software theft. Key findings:
o Worldwide losses of $7.4 billion for business software in 1993.
o Rate is down 25% from $9.7 billion in 1992.
o Business software (spreadsheets, electronic mail, accounting and
data base programs) sales revenues in 1993 were $6.8 billion.
o Companies whose employees make unauthorized copies or put single-copy
programs on network servers account for the most frequent violations of
software copyright.
o The SPA audited or initiated lawsuits against 245 companies, all of
which were resolved out of court.
o Settlements totalled $3 million.
o Manufacturers in the U.S. lost $1.57 billion; Japan lost $650 million;
France lost $435 million.
o Software theft grew fastest in India and Pakistan (up 95%); Korea and
Brazil showed 89%, and Malaysia's theft grew 88%.
Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn
------------------------------
Date: Tue, 29 Mar 94 23:32 BST-1
From: John Girard <jgirard@cix.compulink.co.uk>
Subject: Risks of spelling checkers
I was recently quite shocked (UK: gob-smacked) to find that an event
connected with my spell checker could have put me at risk of losing my job.
I was editing a publication to be sent to several hundred of my client
contacts, and had made a series of trivial spelling corrections, the last
being a "replace". Sitting poised over the replace button, I was presented
with the suggestion that the word "Goldman" (as in a large company we all
know) should be replaced with "goddamn". The word processor involved was MS
Word for the Macintosh. I then tested this on Word for Windows, and got the
same result. (I have the `always suggest' option selected)
This event scared me greatly, because it is easy to go unconscious in front
of the mouse and press "replace" one too many times without realizing the
result. I contacted my support agency and was told that "goddamn" is in the
main dictionary, and that I could not delete it from the main dictionary. It
was suggested that I program Goldman as a replacement to goddamn.
Of course, defining a replacement in this one case does not assure me that
the "bad" word will not be suggested in the future for other replacements.
And, I have not yet encountered other unprofessional and undesirable word
replacements which I would grudgingly agree that, in an academic sense,
belong in the dictionary, but are a risk to my job. Yet, I wait in fear of
these discoveries.
My concern here is that products such as word processors that are sold for
use in "business" applications should either not freely suggest profane words
in the main dictionary, or should have an option to leave them out or supply
an extra warning. Obviously, the problem is further complicated by words or
phrases that have different meanings in different countries even when the
language seems otherwise equivalent.
Has anyone else had problems similar to this? Are there any alternative
"business-oriented" main dictionaries which can be purchased to eliminate the
risk? And, should I be obligated to live-with/fix this problem when
purchasing a "business" product?
John Girard New Science Associates, Ltd./ UK
------------------------------
Date: Tue, 28 Mar 94 16:21:07 PST
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Re: Risks of spelling checkers (Girard, RISKS-15.71)
The RISKS archives are full of cases such as transforming a Mafia "enforcer"
into an "informer", "payout" into "peyote", "back in the black" to "back in
the AfroAmerican", and many other garbles. And I just happen to notice a note
from Abhijit Chaudhari <abhijit@sware.com> in the YUCKS digest (from
spaf@cs.purdue.edu) noting that NeXTSTEP 3.0 Webster's barfs on "UNIX", and
offers "unfix" instead. That is not Unix-friendly, although I distinctly
recall Steve Jobs suggesting at the San Francisco birth announcement for NeXT
that NeXT was UNIX-emulatable and UNIX-friendly (but that nobody would care
once they had seen NeXT!). I wonder what that spelling corrector does to
NeXT? Maybe it gets turned into a NeWT.
------------------------------
Date: Tue, 29 Mar 1994 00:19:48 -0800 (PST)
From: sinster@scintilla.santa-clara.ca.us (Darren Senn)
Subject: Busy-waiting woes
A few years back, I was working as a student computer consultant at UC Santa
Cruz. The San Diego Supercomputer Center was pulling itself up by its
bootstraps, and a few of the researchers at UCSC had won grants of CPU time
on SDSC's CRAY Y/MP.
SDSC sent some of their tech. support staff up to Santa Cruz to give our
researchers a quick introduction to UNICOS (CRAY's flavor of SYSV UNIX) and
SDSC's special features. Needless to say, they didn't want to leave their
tech support people in Santa Cruz, so they gave us a small grant for our
consultants to use while learning their system. I was one of the lucky
consultants who got to participate.
So far so good.
At the same time, one of my friends was finishing up his physics thesis (a
weird little study of aerodynamic surfaces), and had written a small flight
simulator to do some of his calculations. This study was weird enough that my
friend was calling his programs 'funny', 'goofy', 'damgoofy', etc. It was a
simple program which simulated the flight of a plane for a short duration, and
the user couldn't adjust any control surfaces after the program started.
As a favor to him and as a convenient way to learn more about the Y/MP,
I ported his program over to UNICOS.
The program normally asked the user for its parameters when it started up,
printed the results to the terminal, and waited for the user to hit return
before quitting. The program was almost entirely math, so all I had to do was
convert it to batch processing. Simple: just change a few scanf()'s to
fscanf()'s, tweak a few paths, and we're all set.... Or so I thought.
(ominous background music, please).
I ftp'd the files over to the cray, compiled them, and made a few short test
runs. No problems. So I set it up to calculate 30 seconds of flight at 1ms
intervals, and to print out the time when it started and stopped. Then I set
it loose. It was truly impressive watching those columns of numbers scrolling
by. But alas, my next class was starting, so I couldn't wait for it to
finish. I was capturing the output to a file anyway, so I just disconnected
and went to my class.
That was Friday evening.
Sunday morning rolls around, and I get rudely shaken from bed by a phone call
at 7am! Imagine the nerve! hmph. It was SDSC's support staff calling. It
seems that a renegade program had eaten up all the consultant's time grant
by running continuously (100% CPU usage) for 35 hours in the interactive
`batch` queue! Clearly this program was intended as some warped prank,
considering it was called 'damgoofy'! Uh-oh. I was sure there was some kind
of mistake, so I rushed up to campus to see what had happened.
It turns out that I had forgotten to remove the program's last gets(): that's
the line which made the simulator wait for the user to hit return before
quitting. That shouldn't have been a problem in itself, since the function
should've immediately returned with an error after it discovered it had lost
it's terminal (when I logged out). It didn't. No problem, right? The
program should've just stopped waiting for input, consuming no CPU resources.
Nope. Under that version of UNICOS, the program was waiting in a busy-loop,
uselessly using the CPU while it waited for input. :( Ooooops!
Luckily SDSC was nice to us, and the Y/MP was underutilized back then anyway,
so they just refunded the money, my friend got an impressive simulation, and
I got an anecdote. :)
Darren Senn Phone: (408) 988-2640 Snail: 620 Park View Drive #206
sinster@scintilla.santa-clara.ca.us Santa Clara, CA 95054
------------------------------
Date: Tue, 29 Mar 1994 14:01:51 -0500 (EST)
From: "Lance J. Hoffman" <hoffman@seas.gwu.edu>
Subject: Recent useful newspaper pieces on crypto policy
Two interesting newspaper articles on encryption policy recently appeared:
In The Australian, an influential national newspaper similar to The Guardian
in the U. K. or The New York Times in the U. S., a large article describes
the Clipper chip controversy including a bit more technical detail than is
common for U. S. newspapers. Professor Bill Caelli of Queensland University
of Technology's School of Data Communications is quoted as saying "Is Clipper
the start of a more onerous agenda? Does Clipper represent attempts to
outlaw the use of encryption in any form by the public unless he or she uses
an 'approved' (and breakable) cipher system such as Clipper? This last
question is a far darker scenario and goes to the very heart of freedom and
privacy in a democratic society." -- All this in The Australian of 29 March
1994.
In the New York Times of 26 March 1994, on the first page of the second
section and wrapping around to page 26, there is an article "Collisions in
Cyberspace on Data Encryption Plan" which starts "To paraphrase Oscar Wilde,
the Clinton Administration threw a couple of its lions into a den of savage
Daniels here this week" (now last week). That refers to the Fourth
Conference on Computers, Freedom, and Privacy in Chicago, and the article
appears under a wonderful photo of Emmanuel Goldstein, editor of 2600, clad
in T-shirt, etc., taling with Frank Carey of Bell Labs, replete in coat and
tie, but holding beer bottle. The article goes on to describe an arrest of a
man in the conference hotel (actually a conference attendee) who fit the
description of fugitive hacker Kevin Mitnick and the rough go Dave Lytel of
the President's Office of Science and Technology Policy had as the keynote
speaker trying to defend Clipper.
Professor Lance J. Hoffman, Department of Electrical Eng. and Computer Science
The George Washington University, Washington, D. C. 20052 (202) 994-4955
------------------------------
Date: Tue, 29 Mar 1994 02:32:49 -0700 (MST)
From: Nevin Liber <nevin@cs.arizona.edu>
Subject: Re: L.A. Phone Fire (Weinstein, RISKS-15.67)
We felt the effects here in Tuscon, Arizona, 500 miles and another state away
from Los Angeles. I went to the local grocery store to do some shopping and,
you guessed it, they couldn't take my charge card because of that fire (they
had notices posted throughout the store).
I guess it's not just earthquakes anymore that have a rippling effect all the
way to Arizona...
------------------------------
Date: Tue, 29 Mar 94 10:55:27 EST
From: mamros@ftp.com (Shawn Mamros)
Subject: Re: The RISKs of Canadian Poodles using 911 (RISKS 15.70)
John Oram <oramy92@halcyon.com>, in RISKS 15.70:
>They had 911 on speed dial? Come on - that's inexcusable, given how easy it
>is to accidentally hit the wrong button on a phone.
Not when the phone manufacturer provides speed dial buttons explicitly
labelled for that purpose. I own a General Electric phone (purchased about
five years ago) that has three buttons on it labelled "Fire", "Police", and
"Ambulance".
There are other risks associated with such a phone, in addition to
that of pets (or small children) accidentally hitting one of those
buttons. The buttons need to be programmed with the correct number,
since 911 is not (yet) universal in the US. If the owner of a phone
does not set the numbers for those buttons - or worse, moves without
changing the numbers (where one of the old or new locations does not
have 911) - one could picture a scenario where a guest is present, the
phone's owner is incapacitated, and the guest tries to use the "Ambulance"
button to contact same...
-Shawn Mamros mamros@ftp.com
[RISKS received a large number of messages on this topic, including those
Jay Schmidgall <jay@VNET.IBM.COM>,
Jeff Nelson <jnelson@gauche.zko.dec.com>,
Nevin Liber <nevin@cs.arizona.edu>,
Tom Russ <tar@ISI.EDU>)
Andrew Duane <duane@zk3.dec.com>
who noted built-in emergency features. The risks therein seem quite
widespread. Also,
Bob Peterson <peterson@choctaw.csc.ti.com>
noted the risks of defaults returning when batteries are replaced. PGN]
------------------------------
Date: 29 Mar 94 00:12:24 EST
From: Mike Sullivan <74160.1134@CompuServe.COM>
Subject: Banknotes and photocopiers
In RISKS-15.70, Tom Standage noted that some color photocopiers prevent
forgery by reacting to the color shift in the ink. This seems similar to how
our Xerox black-and-white copiers react to an American Express card. The
cards apparently use two different inks for the pattern filling the face of
the card, one of which is invisible to the copier, although both inks look
identical to the eye. When photocopied, the card image bears the word VOID
all over its face (this is the green card; haven't tried it with a gold or
platinum one). Perhaps a similar technology is involved in preventing copying
of currency.
------------------------------
Date: Wed, 30 Mar 94 10:16:25 +1000
From: Robin Kenny <robink@hatchet.aus.hp.com>
Subject: Re: IRS persistence (Methvin, RISKS-15.70)
This is not a good idea. What happened to me, basically, was that I closed my
old VISA account with the State Bank Victoria (Australia) with 4 cents
credit, <CREDIT, not debit>, believing I was a good guy for not trying to get
the money out - after all, it probably costs VISA $x per transaction. Some
years later I had occasion to apply for another VISA card...
When trying to use my bank DEBIT card to pay for petrol a security alert was
flashed to the operator and my card was seized. Using my ATM card showed no
funds and my ATM card was seized. My PASSBOOK account had a security trigger
fire when I presented it at the local branch... It was all caused by the
previous VISA account; the four cents was never allowed to be reabsorbed by
the bank and my application for a new card found a bug in the validation
software that said "there is a problem with this applicant". This
automatically put a hold on all my finances! Even the home loan joint account
was frozen. It took TEN WORKING DAYS for a human to finally backtrack to the
root cause (the security re-asserted itself each night) I did get an official
letter of explanation (I was beyond accepting apologies) on letter-head so
future repercussions could be minimised.
What may happen to "dwm" could be something bizarre like being arrested by
the IRS for undisclosed income, not so improbable as a friend had his 1987
tax refund assessed as income for 1988!
(Did I read in RISKS about a person having $1M accidentally transferred into
their savings account, now fighting it out with the bank over the $50,000
funds-transfer tax?)
[The original item was in RISKS-15.60. I don't
recall seeing the transfer-tax item before. PGN]
Robin Kenny (robink@hparc0.aus.hp.com)
------------------------------
Date: Tue, 29 Mar 94 10:33:56 -0800
From: Li Gong <gong@csl.sri.com>
Subject: Preliminary Program: 7th IEEE Computer Security Foundations Workshop
[This workshop is by invitation of the General Chair only. To participate,
please contact Professor Ravi Sandhu at sandhu@isse.gmu.edu as early as
possible since the number of spaces is very limited.]
7th IEEE Computer Security Foundations Workshop (CSFW-7) (Preliminary Program)
Franconia, New Hampshire, June 14-16, 1994
Tuesday, June 14
8:50-9:00am -- Welcoming Remarks
Ravi Sandhu (George Mason University, General Chair)
Li Gong (SRI, Program Chair)
9:00-10:30am -- Non-Interference and Composability
Session chair: Jose Meseguer (SRI)
* Unwinding Forward Correctability
Jonathan Millen (MITRE)
* A State-Based Approach to Non-Interference
William Young and William Bevier (Computational Logic, Inc.)
* Combining Components and Policies
George Dinolt, Lee Benzinger and Mark Yatabe (Loral)
11:00-12:00pm -- Formal Methods and Semantics
Session chair: Simon Foley (University College Cork)
* Formal Methods for the Informal World
Carol Muehrcke (Secure Computing Corporation)
* Formal Semantics of Rights and Confidentiality in Deductive
Databases with General Integrity Constraints
Adrian Spalka (University of Bonn)
12:00-2:00pm -- Lunch Break and Croquet Tournament
2:00-3:00pm -- Modeling
Session chair: Stewart Lee (University of Toronto)
* Confidentiality in a Replicated Architecture Trusted Database System:
A Formal Model
Oliver Costich, John McLean and John McDermott (Naval Research Lab)
* Conceptual Foundations for a Model of Task-based Authorizations
Ravi Sandhu and Roshan Thomas (George Mason University)
3:30-5:00pm -- Panel on "The General Write-Up Problem"
Panel moderator: John McDermott (Naval Research Lab)
Panelists: to be confirmed
Wensdesday, June 15
9:00-10:30am -- Cryptographic Protocol Analysis
Session chair: Virgil Gligor (University of Maryland)
* A Model of Computation for the NRL Protocol Analyzer
Catherine Meadows (Naval Research Lab)
* AUTLOG -- An Advanced Logic of Authentication
Volker Kessler and Gabriele Riemer (Siemens, AG)
* Nonmonotonic Cryptographic Protocols
Aviel Rubin and Peter Honeyman (University of Michigan)
11:00-12:00pm -- Security Policies
Session chair: John McLean (Naval Research Lab)
* Formal Specification of Information Flow Security Policies and Their
Enforcement in Security Critical Systems
Ramesh Peri and William Wulf (University of Virginia)
* A Taxonomy of Security Properties for CCS
Roberto Gorrieri and Riccardo Focardi (Universita di Bologna)
12:00-2:00pm -- Lunch Break and Croquet Tournament
2:00-3:00pm -- Access Control
Session chair: Joshua Guttman (MITRE)
* One-Representative Safety Analysis in the Non-Monotonic Transform
Model
Ravi Sandhu and Paul Ammann (George Mason University)
* Reasoning about Confidentiality Requirements
Simon Foley (University College Cork, Ireland)
3:30-5:00pm -- Panel on "Reconsidering the Role of the Reference Monitor"
* Redrawing the Security Perimeter of a Trusted System
Dan Sterne and Glen Benson (Trusted Information Systems)
Panel moderator: Dan Sterne
Panelists: Len LaPadula (MITRE), Ravi Sandhu (GMU),
Carl Landwehr (NRL), and Glenn Benson (TIS)
Thursday, June 16
9:00-10:30am -- Protocol Security
Session chair: Michael Merritt (AT&T Bell Labs)
* Development of Authentication Protocols: Some Misconceptions
and a New Approach
Wenbo Mao and Colin Boyd (University of Manchester)
* A Taxonomy of Replay Attacks
Paul Syverson (Naval Research Lab)
* Cryptographic Protocols Flaws
Ulf Carlsen (Telecom Bretagne, France)
11:00-12:00pm -- Workshop Business Meeting
12:00pm -- Workshop Adjourns
------------------------------
Date: ongoing
From: RISKS-request@csl.sri.com
Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
Undigestifiers are available throughout the Internet, but not from RISKS.
SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup on your system, if possible
and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA)
with SUBSCRIBE RISKS or UNSUBSCRIBE RISKS as needed. Users on US Military
and Government machines should contact <risks-request@pica.army.mil> (Dennis
Rears). UK subscribers please contact <Lindsay.Marshall@newcastle.ac.uk>.
Local redistribution services are provided at many other sites as well.
Check FIRST with your local system or netnews wizards. If that does not
work, send requests to <risks-request@csl.sri.com> (not automated).
CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, and nonrepetitious. Diversity is
welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS
MESSAGES in responses to them. Contributions will not be ACKed; the load is
too great. **PLEASE** include your name & legitimate Internet FROM: address,
especially from .UUCP and .BITNET folks. Anonymized mail is not accepted.
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
ARCHIVES: "ftp crvax.sri.com<CR>login anonymous<CR>YourName<CR> cd risks:<CR>
Issue j of volume 15 is in that directory: "get risks-15.j<CR>". For issues
of earlier volumes, "get [.i]risks-i.j<CR>" (where i=1 to 14, j always TWO
digits) for Vol i Issue j. Vol i summaries in j=00. "dir" (or "dir [.i]")
lists (sub)directory; "bye<CR>" logs out. CRVAX.SRI.COM = [128.18.30.65];
<CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password.
WAIS and bitftp@pucc.Princeton.EDU are alternative repositories.
FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving
it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info
regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL
RISKS COMMUNICATIONS; as a last resort you may try phone PGN at
+1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM .
------------------------------
End of RISKS-FORUM Digest 15.71
************************
