Forum on Risks to the Public in Computers and Related Systems
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Volume 17: Issue 81
Thursday 29 February 1996
Contents
Risks of Leap Years and Dumb Digital Watches- Mark Brader
- Year 2000 problems, what about Feb 29???
- Earle F. Ake
- Happy Leap-Birthday!
- Peter G. Neumann
- Faulty program gets one person shot, one roughed up
- Tom Ritchford
- Rude bus stops / silent radios / unofficial broadcasts
- Philip Overy
- Keyboard RISK [accidental deletion]
- Eric Roode
- Trademarks in Cyberspace [such as newton.com]
- Simson L. Garfinkel
- Electronic Banking conditions
- Paul van Keep
- Re: Libel and censorship issues
- Edwin Wiles
- Re: Indecent domain names
- Chris Purdom
- Re: NYNEX Web and Web Robots
- Russ Broomell
- Re: NYNEX and SurfWatch
- Ann Duvall
David B. Slifka - Re: Risks of year-2000 precautions
- Amos Shapir
Dick Mills
RSRMadison - Info on RISKS (comp.risks)
Risks of Leap Years and Dumb Digital Watches [quadrennial posting]
Mark Brader <msb@sq.com> Thu, 29 Feb 96 06:38:31 ESTAll right now, how many people reading this... -> saw a previous appearance of this message in Risks 6.34 or 13.21, -> have watches that need to be set back a day because they went directly from February 28 to March 1, -> and *hadn't realized it yet*? Mark Brader, SoftQuad Inc., Toronto, msb@sq.com
Year 2000 problems, what about Feb 29???
Earle F. Ake <akee@wpdis03.wpafb.af.mil> 29 Feb 1996 11:30:42 -0500
We are so worried about the year 2000 and what it will do to our
programs, we fail to realize that 29 Feb still causes headaches with
programs. We are running an older version of a mail package called em on
our unix systems. Seems em went nuts today trying to interpret the date Feb
29. I captured the output of a few commands and no, I have not just put in
the weird dates. This is what em gave me.
For those interested, "i" is used to get an index of mail messages,
"r" to normally read a message, "R" to head the message including the
headers, and "$" refers to the last message in the mailbox.
Script started on Thu Feb 29 10:17:47 1996
akee@wpdis01 (1)% em
ASCENT*Mail Version 2.3
(C) Copyright 1987, 1991 Control Data Corporation - All rights reserved
Portions (C) Copyright 1987 The Regents of the University of California
.You have 58 messages (2 new).
Index of unread messages in standard mailbox:
> From: To: Date: Status: Tag: Subject: Lines:
57 HORNC AKEE 28 Feb 96 N This is interesting 30
58 rmorse akee 28 Feb 96 N date 2
END OF FILE - (q)uit, (b)ack, (h)elp
mail <>i 57-$
Index of messages in standard mailbox:
> From: To: Date: Status: Tag: Subject: Lines:
57 HORNC AKEE 1 May 131 N This is interesting 30
58 rmorse akee 1 May 131 N date 2
mail <>i57
Index of messages in standard mailbox:
> From: To: Date: Status: Tag: Subject: Lines:
57 HORNC AKEE 1 Jan 70 N This is interesting 30
mail <>i 57-$
Index of messages in standard mailbox:
> From: To: Date: Status: Tag: Subject: Lines:
57 HORNC AKEE 1 Jan 70 N This is interesting 30
58 rmorse akee 1 Jan 70 N date 2
mail <>i58
Index of messages in standard mailbox:
> From: To: Date: Status: Tag: Subject: Lines:
58 rmorse akee 1 Jan 70 N date 2
mail <>r58
Message 58
SENT BY : rmorse (Richard T. Morse S/A)
DATED : 10 Jan 1936 at 0802 GMT+196:16
SUBJECT : date
SENT TO : akee
STATUS : new, not read
Check out the date on this one!!!!
Richard
mail <>R58
Message 58
>From rmorse Thu Feb 29 10:03:07 1996
Date: Thu, 29 Feb 96 10:03:07 -0500
From: rmorse (Richard T. Morse S/A)
Subject: date
To: akee
Status: N
Check out the date on this one!!!!
Richard
mail <>x
Are you sure you want to exit?y
akee@wpdis01 (2)% exit
exit
script done on Thu Feb 29 10:19:23 1996
[The last segment has been reinserted into the ARCHIVE COPY,
for completeness. I departed from my usual habits and
deleted it from the original for space reasons, PGN]
So we have four different date interpretations for 29 Feb 1996. They are:
"28 Feb 96", "1 May 131", "10 Jan 1936", and "1 Jan 70". Actually another
one I saw but was unable to reproduce was "29 Dec 95"!
[Actually, Earle forgot to count 29 Feb 96! PGN]
Earle Ake, Hassler Communication Systems Technology, Inc. Earle.Ake@hcst.com
2332 Grange Hall Rd; Beavercreek, OH 45431-2345 513-427-9000 Based at WPAFB
Happy Leap-Birthday!
"Peter G. Neumann" <neumann@csl.sri.com> Thu, 29 Feb 96 07:59:07 PST
Frederick, apprenticed to a PIRATE instead of a PILOT in Gilbert and
Sullivan's *Pirates of Penzance*, would have had his thirty-fifth birthday
today. In the operetta, at the time he had lived for 21 years in 1877, he
was informed that his indentures were not over because he had not reached
his 21st birthday -- which he then figured out would occur in another 63
years, on 29 Feb 1940.
Frederick: "In 1940 I of age shall be.
I'll then return and claim you, I declare it."
Mabel: "It seems so long!"
(This was the operetta in which the Major General wanted to have his
Kate and Edith too. Pun by PGN, not W.S. Gilbert)
Faulty program gets one person shot, one roughed up
Tom Ritchford <tom@mvision.com> Tue, 27 Feb 96 15:41:57 EST
>From *The New York Daily News*, Tuesday, February 27:
The Police Department's stolen-car computer system has brought grief to
still another motorist. Lester Luis, 23, of Elmhurst, Queens, said
yesterday he was roughed up and arrested Friday after cops pulled over his
car -- because the computer said it was stolen.
In a similar case two weeks ago, Lebert Folkes, 30, was shot in the face
by police who stopped him after the computer told them he was driving a
stolen car. Police later admitted they made a mistake. ...
Both cases involved cars that had been reported stolen -- but then
recovered without being cleared from a police computer that tracks stolen
vehicles.
The risks are obvious... no word yet on who's to blame. TR
Tom Ritchford tom@mvision.com, tom@weirdos.com
Rude bus stops / silent radios / unofficial broadcasts
Philip Overy <pjo33@mailbox.rl.ac.uk> Fri, 02 Feb 1996 12:09:43 +0000
Hackers in the UK managed to amend the software of a talking bus stop- it
gives spoken information(as written information and display screens are
vandal-prone and useless to partially- sighted people). The talking bus
stops became quite abusive. The RISK is that when a drunk on the last bus
home hears a lot of swearing and you are the only other person in sight, you
might be assumed to be the source of the insults, and of course the
passengers might take the wrong bus or miss the last one - a passenger who
has been taken miles out of his way in bad weather can be a big risk for the
driver of a one-"man" bus. These risks can be exaggerated - the talking bus
stops I have come across work so rarely that any sound from them comes as a
surprise.
In the same vein, a car I once owned was fitted with a radio which
suppressed all hiss when there was no signal. It worked so well that I
didn't even know it was left switched on - the waveband it received seemed
to apply only to Japan or Korea. When I moved to Brighton, the radio
suddenly boomed into life and I nearly drove off the road in shock.
I also used to work for a telephone company. The salesmen spent a lot of
time in Singapore, where you could buy a highly-illegal hand-held radio
which could broadcast on the most popular BBC news channel ("Radio 4"). If
drivers annoyed him, the salesman would point the transmitter at the
offending car and could usually make a rude message come out of the driver's
car radio. In view of some of the cases of "road rage" we have had here, the
radio was probably more of a risk to its owner than to anyone receiving the
messages - if the listeners ever realised how the message got to their car
radio.
Phil Overy, RAL UK
Keyboard RISK [accidental deletion]
Eric Roode <sdn@mv.mv.com> Wed, 28 Feb 1996 20:50:07 -0500 (EST)
I had an interesting, if minor, accidental deletion today. Granted,
it turned out to be my fault, but it is instructive anyhow.
I came back to my PC, which had Windows for Workgroups 3.11 up, to find
it displaying a dialog box asking me to confirm the deletion of a program
icon. I clicked "no", then poked around and noticed that another program
icon (the DOS prompt) was missing.
Then I noticed a stack of papers that I had carelessly flopped onto my
desk, and, incidentally, onto the lower right corner of my keyboard. What
had apparently happened when I flopped the papers down was that the DEL key
had been hit, followed by the ENTER key, followed by the DEL key again. (On
nearly every PC keyboard made today, the DEL and ENTER keys appear in the
extreme lower-right corner).
The currently-selected icon had been the DOS prompt; Windows had
interpreted the DEL as my wanting to delete it, and the ENTER keystroke as
my having confirmed the deletion. It then selected the next icon, and
processed the DEL keystroke similarly.
The RISKs: First and foremost, having "yes" selected as the default
confirmation selection. Second, the position of the DEL/ENTER keys. Having
(relatively) powerful actions assigned to keys that are in easy-to-strike
positions is asking for problems.
Another anecdote along the lines of that latter RISK: I work in a
support group servicing several hundred users, a large portion of whom have
new Gateway computers. The Gateway keyboard has a nifty key remap facility:
you press the "REMAP" key, then press the key you wish to modify, then you
press the key you wish to assign to the first key. Sounds nifty until you
have to support it: the REMAP key is in the very upper-right corner, just
hanging out in the breeze, waiting for some unsuspecting user to tap it by
accident. Which happens several times a week.
Trademarks in Cyberspace [such as newton.com]
Simson L. Garfinkel <simsong@vineyard.net> Wed, 28 Feb 1996 11:25:57 -0500[Based in part on my article which appeared in the *San Jose Mercury News*, 26 Feb 1996, with additions. SLG] TRADEMARKS IN CYBERSPACE Over the past year, the Internet has been struggling with the role trademark law should play in cyberspace. The problem is that while Apple Computer Inc. might want a name like newton.com for a Web site to help promote its Newton personal digital assistant computer, Nabisco might want newton.com to advertise its Fig Newtons. Complicating the matter still is Mark Newton, a computer enthusiast in Brighton, Mich., who runs a bulletin board called the Newtonian BBS. Newton obtained the domain name newton.com in April 1994. For years, Internet domains were registered on a first-come, first-serve basis. Last summer, Network Solutions Inc., the company that runs the InterNIC, decided to change the policy. The InterNIC rules are complicated. But they work roughly as follows, according to David Graves, NSI's business manager: A person or company can register any domain name not already taken. But if another person or company then says it holds a ''valid and existing trademark that is identical'' to that domain name, and if the trademark was registered before the domain name was awarded, the party holding the trademark has the right to get that name. The party that registered the domain name first then has the right to prove that it also has a federal trademark on the name. Assuming the party that registered the domain doesn't hold the federal trademark, NSI gives that person or company ''the ability to register a different name, and will give them 90 days of simultaneous use. The purpose for that is to give them the opportunity,'' to migrate to the new name, said Graves. In the case of newton.com, both Newton and his Internet service provider, Innovative Concepts of Ann Arbor, Mich., say they have been contacted by Apple, which has threatened a lawsuit unless they relinquish the name. ''I haven't done anything wrong,'' Newton said. ''Do I need to trademark my last name to use it?'' Apparently so. Under Network Solution's policy, Mark Newton's newton.com domain has been turned off until the dispute is resolved. That's left more than 300 people who were using newton.com stranded without a domain, says Mr. Newton. So he's looking for people who can help him fight the billion dollar company. He says that any lawyer interested in helping---especially an attorney who specializes in intellectual property---should send him mail at mark@ic.net. Don't send mail to mark@newton.com, says Mr. Newton, because it doesn't work. Newton points out that Apple doesn't really need the newton.com , because the company is already using newton.apple.com. Apple never comments on threatened lawsuits, said Lynne Keast, a company representative.
Electronic Banking conditions
"pvk@ACM.org (Paul van Keep)" <75170.1045@compuserve.com> 29 Feb 96 09:35:00 ESTJust last week I applied for the new Abn-Amro (a very large Dutch bank) OfficeNet Electronic Banking product. The general conditions that come with the product are worth a mention here. I've tried to make a reasonable translation of the pertinent parts of the liability clause. (BTW. this is a business product, not for private banking) "9 Liability 9.1 Bank agrees to ensure complete and secure EB (Electronic Banking; pvk) to the best of its powers. 9.2 Bank is not to be hel liable for any damage whatsoever incurred by Client, Bank and/or third parties c.q. Client absolves Bank of claims from third parties pertaining to: -...(passing software on to third parties) -...(misuse or abuse of security measures) - not, not timely, not correctly and/or not completely functioning of EB, the Software and/or the EB-Server, unless and in as much as damage is attributable to malicious intent or gross error by Bank. ... (disclaimer for changing of software or running software on a PC-platform other than specified by Bank) The risks? How well has this software been tested? How reliable is it? What are the incentives for the bank to ensure the reliability and security of the software if they can never be blamed for errors? The 'PC-platform' thing is another strange one. No platform has been specified in the general conditions or any accompanying form or contract. The sales documentation states using MS-Dos 3.3 (or higher). This would invalidate using the software on a Unix system, Windows, NT, OS/2, even IBM-Dos. Paul van Keep (pvk@ACM.org)
Re: Libel and censorship issues (Ebright, RISKS-17.77)
Edwin Wiles <Edwin_Wiles@ssw.mclean.sterling.com> Tue, 27 Feb 1996 16:23:27 -0500 (EST)> But if you don't go there, they can't do anything to you :) I believe that Airbus Industries is based out of France. I also believe that France has an extradition treaty with the U.S. Given those two points, "they" certainly CAN do things to you, such as charging you with libel under their laws, and asking to have you extradited so that they can prosecute you for your crimes. At that point, I think it would be up to the government agency handling extraditions to decide whether or not they are going to proceed. In cases involving "individual vs individual", I suspect that the government agencies are unlikely to act. Simply because of the effort involved in such a request. However, in the case of a semi-governmental entity, like Airbus, such a request for extradition of an individual might well be carried through. While I feel for the individual so charged, the actual prosecution of such a case would be an incredible precedent setter the internet. If the case were dismissed due to the fact that the supposed offense originated in a foreign country, and therefore the laws of that country apply, it would be a large step towards creating a network for global free expression. If the case were carried to the limit, and the decision went against the individual, it would be a horrid precedent that the tightest laws in the world control what you can and cannot prudently say on the network. Edwin Wiles | Sterling Software, Inc. ITD | McLean, VA, USA Preferred..: ewiles@mclean.sterling.com Edwin_Wiles@sterling.com
Re: Indecent domain names
Chris Purdom <purdom@rabbit.com> Tue, 27 Feb 1996 13:58:09 -0500 (EST)Akin to the "xxx" in NYNEX's URL's, but much worse if the CDA survives, there are domain names with "indecent" words in them which do not actually have any obviously indecent material on them. Merely by providing a link to these pages you will be causing most web browsers to display the indecent words when the user moves the mouse over the hypertext link. Chris Purdom phone:610-993-1134 Development Team Leader e-mail: purdom@rabbit.com Tangram Enterprise Solutions homepage: http://www.tesi.com/~cpurdom/
Re: NYNEX Web and Web Robots
"Broomell, Russ" <MARKETING/MARKETING/RUSS%Konica_Imaging@mcimail.com> Wed, 28 Feb 96 08:48 ESTOur earlier discussion about web robots' troublesome habits came back to me when I read about the name of a NYNEX web page dealing with ISDN access which contained the letters XXX. While SurfWatch and other programs might block this, NYNEX may have done some clever marketing. ISDN is very useful to people who download large files (maybe naughty pictures?) from internet sites. By putting XXX in the HTML code of their page (i.e. in one of the links), NYNEX would get their ISDN page to be located by web robots searching for "XXX" - and would address this market segment. Either a clever marketing ploy or an accidental misfortune.
Re: NYNEX and SurfWatch (Slifka, RISKS-17.80)
Ann Duvall <ann@surfwatch.com> Wed, 28 Feb 1996 18:15:16 -0800> ... SurfWatch, deftly noting the "xxx," decided I was trying to > access something naughty and blocked the page. SurfWatch responded to the e-mail by immediately unblocking all blocked NYNEX locations. As a company, we are trying to provide tools for parents and teachers to help them choose what they want to see on the Internet. We have found, in our surfing, that sites with "XXX" in the URL almost always contain sexually explicit material. In fact, many Adult content providers have used the "XXX" as a tag to indicate adult-only material. Therefore, we block those sites. In some cases when we have explained this to webmasters, they have quickly changed their URL addresses, but we are also willing to unblock individual pages if the address change is not appropriate. SurfWatch continues to work to keep the Internet an open and free place for people to communicate and exchange ideas. We believe that software such as SurfWatch provides an alternative to Internet censorship by empowering individuals to make choices. Ann W. Duvall, President, SurfWatch Software, 105 Fremont Ave Suite F, Los Altos, CA 94022 ann@surfwatch.com 415-948-9500 415-948-9577 (FAX)
Re: NYNEX and SurfWatch (Duvall, RISKS-17.81)
David B. Slifka <davids@mail.nltl.columbia.edu> Thu, 29 Feb 96 12:15:09 ESTI received a very nice letter today from Ann Duvall, president of SurfWatch Software, in response to my submission to RISKS 17.80. She explained the company's (understandable) rationale that most pages with "xxx" in their name do contain "sexually explicit material," as I had guessed. She also informed me that NYNEX's site is now exempted from SurfWatch restrictions, in order to resolve this particular instance of the conflict. In the area of software company responses to user complaints, this is certainly top-notch. I somehow can't picture Bill Gates writing to people who post to RISKS about Microsoft products, much less seeing that the issues they mention are resolved. :-) David
Re: Risks of year-2000 precautions (Brader, RISKS-17.80)
Amos Shapir <amos@nsof.co.il> Thu, 29 Feb 1996 11:26:52 GMTMark's scenario is avoidable, if we, the experts, do our best to make sure the public is aware of one fact: That the worst that can happen at the consumer level, is slower processing for a while; no data -- and more important, no customer money -- will be lost, and all miscalculations could be backtracked and amended later. Amos Shapir, nSOF Parallel Software, Ltd., Givat-Hashlosha 48800, Israel amos@nsof.co.il Tel: +972 3 9388551 Fax: +972 3 9388552
Re: Risks of year-2000 precautions (Brader, RISKS-17.80)
Dick Mills <rj.mills@pti-us.com> Wed, 28 Feb 1996 21:24:00 -0500If one exaggerates a little bit on Mark's theme, we are discussing the end of civiliation caused by the turn of the millennium. It reminds me of Isaac Asimov's classic story; "Nightfall". This is a particular risk I don't recall having seen before in Risks. i.e. The event so infrequent, that no matter how predictable it is, or how much advance warning we have, society never does prepare to deal with it. Is it a flaw in our risk perception where we incorrectly equate infrequent==unlikely or infrequent==insignificant? Dick Mills +1(518)395-5154 http://www.pti-us.com AKA dmills@albany.net http://www.albany.net/~dmills
Re: Risks of year-2000 precautions (Russell, RISKS-17.80)
<RSRMadison@aol.com> Thu, 29 Feb 1996 11:31:32 -0500In his book "A Mathematician Reads the Newspaper" (BasicBooks, 1995, hc, ISBN 0-465-04362-3, 203 pages), John Allen Paulos has a chapter entitled "Researchers Look to Local News for Trends". In it, he mentions Robert Louis Stevenson's story, "The Imp in the Bottle". Here's what he says: The story is about "a genie in a bottle who will satisfy your every wish for love, money, and power. You can buy this amazing bottle for any amount that you care to offer. The only constraint is that when you are finished with the bottle, you must sell it for less than what you paid for it. If you don't sell it to someone for a lower price, you will lose everything and suffer everlasting torment in hell. What would you pay for such a bottle? "Certainly you won't pay 1 cent for it because then you won't be able to sell it for a lower price. You won't pay 2 cents for it either, since no one will buy it from you for 1 cent for the same reason. Neither will you pay 3 cents for it; the person to whom you would have to sell it for 2 cents wouldn't be able to sell it for 1 cent. A similar argument applies to a price of 4 cents, 5 cents, 6 cents, and so on. Mathematical induction can be used to formalize this argument, which proves conclusively that you shouldn't buy this magic bottle for any amount of money. Yet you would almost certainly buy it for $1,000. I know I would. At what point does the argument against buying the bottle become practically convincing?" Sounds like we should all withdraw our savings NOW!! But we won't, because we trust everyone else in the world to behave just as irrationally as we do. Readers of the Risks forum will particularly appreciate Paulos's chapter "Ranking Health Risks: Experts and Laymen Differ", but really the whole book is well worth checking out.
Report problems with the web pages to the maintainer