Subject: RISKS DIGEST 12.27 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Sunday 7 September 1991 Volume 12 : Issue 27 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Play the lottery via Nintendo (Mike Cepek) Re: Salomon Brothers -- Database Design (Jeff Berkowitz) The REAL RISKS and REWARDS of E-Mail (Larry Press via Tom Lincoln) Re: ``Returns for Senders'' (Willis H. Ware) Re: +&*#$ (John Moore, Andy Goldstein) Re: A number is no name (RMRichardson, Bob Frankston) Re: Unusual characters in addresses (David Lamb) Re: A permanent EMAIL address (Mike Van Pelt) Re: RISKS of using electronic mail" (David Parnas, John Sloan) Re: The Dead Sea Scrolls and Data Security (Chuck Karish) Re: WHOIS (David A. Curry, Chuck Karish) A better model for cracking (Scott Draves) Prize for Most Useful Computer Virus (Cliff Stoll) 15,000 Cuckoo Letters [Another RISK OF EMAIL?] (Cliff Stoll) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. For vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 12, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Fri, 06 Sep 1991 18:23:01 CDT From: "Mike Cepek, MGI" Subject: Play the lottery via Nintendo [ From the Minneapolis Star Tribune, 1-Sep-1991, Section B. I will let it speak for itself. See if you can keep from laughing. - mkc ] LOTTERY MAY USE NINTENDO AS ANOTHER WAY TO PLAY Several kinks have yet to be worked out [...] Minnesota gamblers soon could be winning jackpots as early as 1993 from the comfort of their own living rooms... the state will begin testing a new system next summer that will allow gamblers to pick numbers and buy tickets at home by using a Nintendo control deck. [...] The system, to be created by the state and Control Data Corp., would be somewhat similar to banking with an automated teller machine card. Gamblers would use a Nintendo control deck and a state lottery cartridge [...] The cartridge would be connected by phone to the lottery's computer system, allowing players to pick Lotto America, Daily 3 and Gopher 5 numbers, and play the instant cash games. Players would gain access to the system by punching in personal security codes or passwords. Incorrect passwords would be rejected. Only adults would be allowed to play. [...A] number of kinks, including setting up a pay-in-advance system for players to draw on, computer security and adult registration, must be worked out. [...] 32% of Minnesota households have Nintendo units. About half of those who use the units are older than 18 [...] [...] Those chosen to participate [in the summer experiment] will be given a Nintendo control deck, phone modem and lottery cartridge. ------------------------------ Date: Sat, 7 Sep 91 22:35:58 GMT From: jjb@sequent.com Subject: Re: Salomon Brothers -- Database Design (RISKS-12.24) >The recent Salomon Brothers securities scandal was caused in part by sloppy >database design according to an employee in the database programming department... I can't let this this abuse of the concept of "responsibility" go by. Saying that Salomon's DB programmers in any way "caused" the scandal, even "in part", is like saying that police "caused" an automobile accident because they didn't happen to catch the speeder before s/he hit somebody! After all, the police *do* have "responsibility" for catching speeders. It is incredible to me how we have moved away from the concept of individual responsibility and toward reliance on various societal "mommies and daddies" to watch over behavior. I can't help but think that our newfound ability to create computerized "mommies" encourages this trend. Jeff Berkowitz, Sequent Computer Systems: uunet!sequent!jjb or jjb@sequent.com ------------------------------ Date: Fri, 06 Sep 91 21:19:16 PDT From: Tom Lincoln Subject: The REAL RISKS and REWARDS of E-Mail (By Larry Press) The LA Times of Sept 6 ran an article on the DEMOS network in Moscow as it operated during the coup attempt. Larry Press, who played a major role, felt that this article did not do justice to the full set of facts. Here is his version: ------- Forwarded Message Date: Fri 6 Sep 91 11:46:51-PDT From: Laurence I. Press To: lincoln%iris@rand.org Copyright, Larry Press, August 26, 1991, do not reproduce or quote without permission. This file may be forwarded around the net as long as this note is attached. A Computer Network for Democracy and Development Larry Press "Oh, do not say. I've seen the tanks with my own eyes. I hope we'll be able to communicate during the next few days. Communists cannot rape the Mother Russia once again!" This message was sent from Moscow at 5:01 AM on August 19. It was written by 26 year-old Vadim Antonov, a senior programmer at the Demos Cooperative in the Soviet Union. Demos operates a computer-based communication network which spans the Soviet Union, and within a few hours, Vadim's message had been relayed to computers in 70 Soviet cities from Leningrad in the West to Vladivostok in the East. The message had also been sent to a computer in Helsinki Finland, which is connected to the non-Soviet computer networks. From Finland, the message was relayed to networks such as The Internet, serving millions of users on all continents. Seconds after it reached Finland, I could read it at my computer in Los Angeles, California. The message was particularly important to me because the week before the coup attempt I had been in Moscow and spent several days with Vadim and his colleagues at Demos. We met professionally and as friends. Demos' RELCOM (RELiable COMmunication) network celebrated the first birthday of its link to Finland on August 22. During that first year, RELCOM spread to 70 Soviet cities, and over 400 organizations were using it -- universities, research institutes, stock and commodity exchanges, news services, high schools, politicians, and government agencies. As is typical with computer networks, noone knows how many users RELCOM actually reaches. During the Coup During the days of the coup, RELCOM was pressed into service in support of the constitutional government. The junta moved quickly to control mass media. When I learned of the coup, I immediately sent a worried message to Vadim's wife Polina Antonova, who also works at Demos. I did not receive her answer until August 20 at 12:17 AM Moscow time: "Dear Larry, Don't worry, we're OK, though frightened and angry. Moscow is full of tanks and military machines -- I hate them. They try to close all mass media, they stopped CNN an hour ago, and Soviet TV transmits opera and old movies. But, thank Heaven, they don't consider RELCOM mass media or they simply forgot about it. Now we transmit information enough to put us in prison for the rest of our life. Greetings from Natasha. Cheers, Polina." The Demos staff had learned of the coup around 6 AM on the 19th, and immediately began sending political information to the Soviet Union and the outside world. By 12:30 PM, Moscow time, I was reading news releases from the independent Soviet news agency Interfax. Although outlawed by the junta, news from Interfax, the Radio Moscow World Service, the Russian Information Agency, Northwest Information Agency (Leningrad), and Baltfax was disseminated by RELCOM throughout the coup attempt. RELCOM also distributed news from official sources opposed to the coup. For example, a copy of the letter Boris Yeltsin read from a tank turret in front of the Russian Parliament building was brought to Demos headquarters (a short trip), entered into a computer, and forwarded across the network. By early evening, several people in the United States had also translated it, and an English-language version was broadcast to the non-Soviet networks. There were also many eye-witness reports. Pay phones were working in Moscow, and people in the streets could phone news in. At one point, Polina told me she was leaving for the Russian Parliament Building with a portable computer so she could report from there. Later I learned that she had not gone because the phone service to the building was unreliable. Of course all the news did not come from Moscow. The network was buzzing with reports and official notices from Leningrad, Kiev, the Baltic capitals, and many other Soviet cities. News also came in from the West. I wrote regular summaries of the news as broadcast on radio and television in the United States. Jonathan Grudin, a colleague in Denmark, did the same for BBC news. Regular reports were also posted from Finland, giving both Finnish and Baltic news summaries. These were translated into Russian by Polina and others, and transmitted throughout the Soviet Union. Western news was welcome, but the link to Finland became a bottleneck. Before the coup, 6,000 messages were passed between Finland and RELCOM on a typical day. After the coup began, traffic increased substantially, prompting Vadim to broadcast this message at 6:44 PM on the 19th: "Please stop flooding the only narrow channel with bogus messages with silly questions. Note that it's neither a toy nor a means to reach your relatives or friends. We need the bandwidth to help organize the resistance. Please, do not (even unintentionally) help these fascists!" This plea notwithstanding, traffic rose to a high of 13,159 messages on the 21st. While news of tank movements, demonstrations, and official political statements was of practical value, it also provided emotional support. When the coup was finished, and there was time to rest, I received a message from Polina that said in part "You can't even imagine how grateful we are for your help and support in this terrible time! The best thing is to know that we aren't alone." That message paid me 1,000 times for the hours spent at my computer keyboard. Danger At the beginning of the coup, memories of the Hungarian revolt, Kruschev's ouster, the Prague Spring, and Tiananmen Square did not give one much hope. Had the coup succeeded, the Demos staff and people using their network would have been in great danger. As Vadim noted in a message to Doug Jones, a professor at the University of Iowa: "If these dogs win, for certain they'll throw us in prison -- we distributed the proclamation from Yeltsin and the Moscow and Leningrad Soviets throughout the entire Soviet Union, together with the forbidden communiques from Interfax ... Greetings from the underground." Demos headquarters is in a small building near the Kremlin. The KGB knew of RELCOM, and had they decided to, they could have easily shut the network off early in the coup. When a friend asked why they didn't, Polina replied "Thank Heaven, these cretins don't consider us mass media!" After the coup, she and others speculated that the KGB was generally passive because they were not confident the coup would succeed. Sensing danger, the Demos staff arranged for backup computers to substitute for the vulnerable headquarters machine if necessary. On the 20th at 8:30 PM Moscow time, Vadim sent this message to Doug Jones: "Yes, we already prepared to shift to underground; you know -- reserve nodes, backup channel, hidden locations. They'll have a hard time catching us! Anyway, our main communication line is still open and it makes us more optomistic." They not only hid the computers, many people left Demos headquarters and communicated from their homes and other locations. Polina told me: "Don't worry; the only danger for us is if they catch and arrest us, as we are sitting at home (valera is at Demos) and distributing all the information we have." When the coup was finally defeated, George Tereshko, broadcast the following thanks for the risk taken by the Demos staff: "When the dark night fell upon Moscow, RELCOM was one source of light for us. Thanks to these brave people we could get information and hope." Of course, for now, the story appears to have had a happy ending. At 3:07 PM on the 21st, I received this from Polina: "Really good news. Right now we're listening to Radio Russia (without any jamming!); they told that the eight left Moscow, noone knows where ... Hard to believe ... Maybe, they've really run away?" And on the 22nd at 1:31 PM she wrote: "Now Vadim and I have to do our usual work (that's so nice!) and Valera and Mike Korotaev went to sleep. They were on duty the whole night. Now there is celebration in Moscow. We just watched president Gorbachev on TV." RELCOM in Peace Time In the past, a network like RELCOM would have been prohibited in the Soviet Union. Like any communication media, it is incompatible with repressive dictatorship. Gorbachev's Glasnost made RELCOM possible, and in one year, it became a significant segment of the Soviet communication infrastructure. Part of the reason for RELCOM's success is the fact that postal and telephone service in the Soviet Union are poor, making electronic mail very attractive. Another element of their success is that they use low-cost, appropriate technology. The primary technology used by RELCOM is the voice phone system, low cost modems, and standard personal computers. The final element in their success is the people at Demos. They are very skillful as technicians and as entrepreneurs (Demos is 100% free enterprise), yet they are different than their counterparts in the United States. They are more idealistic and less competitive. If they were in the US, my guess is they would either be graduate students in computer science or they would be driving BMWs and sipping Perrier. As such, RELCOM may be a good model for other countries with poor telephone and postal systems, little capital, and well educated, motivated young professionals. Networks like RELCOM, probably using satellite technology, may change the face of the earth in peace time as well as helping to keep the peace. [Larry Press is Professor of Computer Information Systems at California State University at Dominguez Hills. He has visited Chile several times, most recently as an organizer of the EIES held last July. The week before the coup, Press co-chaired a conference on human-computer interaction in Moscow. While there, he spent several days visiting the Demos Cooperative, which operates RELCOM, an important Soviet computer network. During the coup, he relayed news to his friends at Demos.] ------------------------------ Date: Fri, 06 Sep 91 15:11:26 PDT From: "Willis H. Ware" Subject: Re: ``Returns for Senders'' (RISKS-12.26) I'm afraid that the author chases a vacuous ghost. She apparently doesn't really understand how the direct mail business works but evidently hopped onto a seemingly significant process. The true situation is the quote from Krause in the final paragraph. Her facts are correct but the implications are not. If one moves, there will be some collection of mail that he will want forwarded. Among the set will be journal and technical magazines subscriptions, favorite mail order outlets, the family's hobby magazines, the children's items, charitable organizations that one supports and wishes to hear from, -- on and on. Address information is traded and exchanged on a huge basis and any legitimate address change will readily and quickly find its way into the whole direct mail system. Try the following experiment. Move but have no mail forwarded to the new residence; route it to a POBox. Then place just one order from some mail order house and have it delivered to the new residence address. Sit back and log the buildup of direct-mail materials. It will startle you how quickly your address gets around. Such a phenomenon is of course the fallacy, if not silliness, of writing to the Direct Mail Marketing Association and asking to be removed from circulation. It will only do some good if one also forswears to never again order anything by mail. The most that the USPS update-list sales will do is possibly shorten the response time of updating mailing lists -- although it isn't certain that the USPS is indeed swifter than other methods; and it facilitates the job of the list maintainers by providing material in machine readable form from a single source. These are, to be sure, important points but not the ones that the author identified in the article. For an extensive treatment of direct mail marketing and its list ramifications, see the report of the Privacy Protection Study Commission. Willis H. Ware ------------------------------ Date: Sat, 7 Sep 91 00:15:37 -0700 From: anasaz!qip!john@asuvax.eas.asu.edu Subject: Re: +&*#$ (RISKS-12.21) As a ham radio operator, for years I have had an amateur radio license plate. In the late '60s, when motor vehicle departments were first computerizing, I was pulled over one night by a policeman. When I asked why he had stopped me, he said that my license number was not valid - the computer (in Topeka, KS) would not accept a license number of WA0DVD - although I suspect that this same computer had originally issued the registration. This took some explaining, and if the police dispatcher that night had not been a friend of mine I might have had an even tougher time of it. John Moore anasaz!john@asuvax.eas.asu.edu ------------------------------ Date: Fri, 6 Sep 91 22:15:20 PDT From: Andy Goldstein - VMS Development 06-Sep-1991 1609 Subject: RE: +&*#$ Bob Frankston's posting about strange characters on New Hampshire license plates reminds me of one of the little bits of dirt that came out about the Ed King administration in Massachusetts back when Dukakis was elected for the second time. Seems the registry of motor vehicles had been issuing special license plates to friends of the governor that contained stars, squiggles, and other symbols expressly chosen because they had no representation on the registry's computer system. Talk about diplomatic immunity! ------------------------------ Date: Fri, 6 Sep 1991 20:00:02 PDT From: RMRichardson.OSBU_North@xerox.com Subject: Re: A number is no name (Frankston, RISKS-12.26) > There is a proposed character set, Unicode, that is intended to encode > all glyphs. Sorry, this is not quite correct. Unicode is an attempt at a universal character set, not a glyph set. In some cases a Unicode character may be represented by more than one glyph; choosing which glyph is then a rendering (font, maybe?) problem. Rich ------------------------------ Date: 7 Sep 1991 01:31 -0400 From: Subject: Re: A number is no name (RISKS DIGEST 12.26) I was, perhaps, a bit sloppy in my use of the term "glyph". I did indeed mean to say that each numeric code stood for a canonical character not a rendering. Unicode is a great improvement over ASCII but doesn't solve all the encoding and representation problems. While Unicode doesn't preserve font distinctions it does preserve case distinctions but sometimes the case distinction is not signficant but the font distinction might be or the shading or ... ------------------------------ Date: 7 Sep 91 12:25:15 GMT From: dalamb@avi.umiacs.umd.edu (David Lamb) Subject: Re: Unusual characters in addresses (Re: RISKS-12.26) Regarding the discussion of unusual characters in licence plates: it's not surprising there should be difficulties interfacing with the "real world" when we can't even interface with our technically-defined software world. Back in the late 70's and early 80's I maintained Carnegie-Mellon's RDMAIL system; when we shifted to supporting RFC733, we implemented the whole thing (there was even a hack for handling :postal:) except for retrieving foreign mailing lists on :include:. We immediately broke most other mailers on the net, and got so much flack that we had to turn off half the stuff in the RFC for outgoing mail. I wasn't too surprised that folks didn't want to parse :include:, but was a bit more suprised nobody wanted to handle spaces in names (at the time we were the only site we knew of that would let your mail name be "David Lamb@cmu-10a" (if that's who you really were, of course)). I'm not sure what this has to do with RISKS, unless it's something along the line of "forall x,y, x wants y to adhere to x's standards". ------------------------------ Date: Fri, 6 Sep 91 19:21:27 PDT From: mvp%hsv3@apple.com (Mike Van Pelt) Subject: Re: A permanent EMAIL address One way to have a permanent email address is to subscribe to one of the more stable and inexpensive services (say, The Well) and put in a .forward file to wherever you happen to be at the moment. If you change jobs, delete the .forward file and read your mail on the public access site until you get a new address. ------------------------------ Date: Fri, 6 Sep 1991 17:31:09 -0400 From: David Parnas Subject: Re: "risks of using electronic mail" (RISKS-12.26) The discussion of "risks of using electronic mail" that I started, began at the trivial level and seems to be descending even further. I wished to remind users of a simple risk, not to suggest that an employer had any obligation for forward the mail of former employees or that there was no solution for people who had advance warning that they would be leaving. Those things are obvious. There is however one difference between the situation with "snail mail" and that for electronic mail. In the former case it is not necessary that the owner or new occupant of your house or apartment be cooperative. In the electronic mail situation they are involved. They can discard your mail, store it in a deep electronic well, read it, respond to it, etc. If you tell your snail mail service that you are moving, the new occupants need not be involved at all and cannot intercept your love letters. Dave [Well, mail for the former occupant tends to get (mis)delivered anyway, including after the one-year forwarding expires. Worse yet, my mailman apparently cannot read English, although he is pretty good at numbers. I often get mail for neighboring streets for which the street number matches! PGN] ------------------------------ Date: Sat, 7 Sep 91 10:05:05 MDT From: jsloan@niwot.scd.ucar.EDU (John Sloan) Subject: Re: RISKS of using electronic mail (Cooper, RISKS-12.26) Will we have this same discussion ten years from now when cellular phones are cheap, and the expanded cellular communications infrastructure means we all have one in our hip pocket? Our cellphone numbers won't be tied to geographic locations, as they are with wired telephones, but rather associated with an individual. I have a bad feeling that we'll all be arguing about the risks of universal identifiers like SSNs while publishing our universal telephone numbers in our network signatures. (We'll also need voice mail built into those hip pocket cellphones!) John Sloan NCAR/SCD, P.O. Box 3000, Boulder CO 80307 +1 303 497 1243 ------------------------------ Date: Sat, 7 Sep 91 16:22:39 PDT From: mindcrf!karish@decwrl.dec.com (Chuck Karish) Subject: Re: The Dead Sea Scrolls and Data Security (Leichter, RISKS-12.26) A security system that implements the `born classified' doctrine must try to deny access to information which, if properly related to other marginally sensitive information, will allow conclusions to be drawn which will compromise the national interest. The act of declaring a particular piece of information to be sensitive alerts the bad guy to its importance. Since the information is protected by only the very lowest levels of national security restrictions, it is likely to be available to moderately well-connected information brokers. Two consequences: First, modest restrictions on the availability of data impact the ordinary citizen's access to information about how the world works much more than it protects `us' from the bad guys. Second, material that's completely innocuous must also be declared sensitive, to avoid giving the bad guys information about which data the security establishment considers to be important and providing them with a starting point in using the powerful correlation techniques that will turn these hints into solid intelligence. Note that I use this last word in a technical sense; no judgement as to the wisdom of playing this game is intended. ------------------------------ Date: Fri, 06 Sep 91 21:02:56 -0500 From: "David A. Curry" Subject: Re: WHOIS You're going to have the NIC very mad at you; registrations for WHOIS are sent to REGISTRAR@NIC.DDN.MIL, not NIC@NIC.DDN.MIL. Furthermore, there is a special template to use. I presume the newest template is in the NETINFO: directory somewhere; here's a slightly old one: FULL NAME: U.S. MAIL ADDRESS: PHONE: AUTHORIZING HOST: PRIMARY LOGIN NAME: PRIMARY NETWORK MAILBOX: ALTERNATE NETWORK MAILBOXES (if any): MILNET TAC ACCESS? (y/n): TERMINATION DATE: --Dave ------------------------------ Date: Sat, 7 Sep 91 16:22:39 PDT From: mindcrf!karish@decwrl.dec.com (Chuck Karish) Subject: Re: whois (RISKS-12.26) My understanding of the charter of the `whois' database is that it is meant to provide a directory of the people who make the Internet work, not of all the people who use the Internet. I'm in the database because I'm the zone technical contact for the mindcraft.com domain. The NIC is not in the business of providing a directory service for everyone on the Internet. Maybe there's a business opportunity here ... Chuck Karish, Mindcraft, Inc karish@mindcraft.com (415) 323-9000 ------------------------------ Date: Sat, 07 Sep 91 13:34:54 -0400 From: Scott_Draves@WOOZLE.GRAPHICS.CS.CMU.EDU Subject: a better model for cracking Cracking systems is often called the electronic equivalent of breaking and entry. I'd like to propose another model: Say I telephone your residence, and your six year old child answers. I tell her to go to a filing cabinet, and retrieve a document. She does so. I tell her to read the document to me over the phone. She does so. I hang up. Models like these are an important part of deciding how to penalize crackers. We must be careful to base our laws on the right model. My opinion is that organizations (eg att) are using the "breaking and entry" model to shift public perception of the problem. Instead of "our vulnerable systems are being compromised" we have "our systems are being victimized by criminals". ------------------------------ Date: Sun, 8 Sep 91 00:33:24 -0700 From: Cliff Stoll Subject: Prize for Most Useful Computer Virus Prize for Most Useful Computer Virus Computer virus specialist Fred Cohen writes an intriguing article in the September/October 1991 issue of The Sciences (published by the New York Academy of Sciences). In short, Dr. Cohen describes ways in which computer viruses and virus-like programs can be beneficial. These include automated bill-collectors, where, "each bill collector virus is a small program designed to collect one bill"; this program modifies itself depending on the debtor's response. Another instance is maintenance viruses which dispose of temporary files or hung programs. Dr. Cohen has published "A Short Course on Computer Viruses". Curiously, his publisher is offering a $1,000 prize for the most useful computer virus. However, "contest rules prohibit any entries that have been released into a computing environment without the permission of the owner or without mechanisms to control their spread" He points out that malicious and unauthorized viruses have given a bad name to viruses. I'll say! Strangely, though, I've heard less of viruses in the past year than in years past. I wonder if the fad is finally passing? -Cliff Stoll cliff@cfa.harvard.edu [Cliff, I guess you have not been reading VIRUS-L, which documents the continuing incidents and the continuing proliferation of new strains. PGN] ------------------------------ Date: Sun, 8 Sep 91 00:29:08 -0700 From: Cliff Stoll Subject: 15,000 Cuckoo Letters [Another RISK OF EMAIL?] In 1989, I wrote, "The Cuckoo's Egg", the true story of how we tracked down a computer intruder. Figuring that a few people might wish to communicate with me, I included my e-mail address in the book's forward. To my astonishment, it became a bestseller and I've received a tidal wave of e-mail. In 2 years, about 15,000 letters have arrived over four networks (Internet, Genie, Compuserve, and AOL). This suggests that about 1 to 3 percent of readers send e-mail. I've been amazed at the diversity of the questions and comments: ranging from comments on my use of "hacker" to improved chocolate chip cookie recipes. Surprisingly, very few flames and insulting letters arrived - a few dozen or so. I've tried to answer each letter individually; lately I've created a few macros to answer the most common questions. About 5% of my replies bounce, I wonder how many people don't get through. I'm happy to hear from people; it's a gas to realize how far the book's reached (letters from Moscow, the South Pole, Finland, Japan, even Berkeley); but I'm going to spend more time doing astronomy and less time answering mail. Cheers, Cliff Stoll cliff@cfa.harvard.edu ------------------------------ End of RISKS-FORUM Digest 12.27 ************************