The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 17 Issue 81

Thursday 29 February 1996

Contents

o Risks of Leap Years and Dumb Digital Watches
Mark Brader
o Year 2000 problems, what about Feb 29???
Earle F. Ake
o Happy Leap-Birthday!
Peter G. Neumann
o Faulty program gets one person shot, one roughed up
Tom Ritchford
o Rude bus stops / silent radios / unofficial broadcasts
Philip Overy
o Keyboard RISK [accidental deletion]
Eric Roode
o Trademarks in Cyberspace [such as newton.com]
Simson L. Garfinkel
o Electronic Banking conditions
Paul van Keep
o Re: Libel and censorship issues
Edwin Wiles
o Re: Indecent domain names
Chris Purdom
o Re: NYNEX Web and Web Robots
Russ Broomell
o Re: NYNEX and SurfWatch
Ann Duvall
David B. Slifka
o Re: Risks of year-2000 precautions
Amos Shapir
Dick Mills
RSRMadison
o Info on RISKS (comp.risks)

Risks of Leap Years and Dumb Digital Watches [quadrennial posting]

Mark Brader <msb@sq.com>
Thu, 29 Feb 96 06:38:31 EST
All right now, how many people reading this...
 -> saw a previous appearance of this message in Risks 6.34 or 13.21,
 -> have watches that need to be set back a day because they went
    directly from February 28 to March 1,
 -> and *hadn't realized it yet*?

Mark Brader, SoftQuad Inc., Toronto, msb@sq.com


Year 2000 problems, what about Feb 29???

Earle F. Ake <akee@wpdis03.wpafb.af.mil>
29 Feb 1996 11:30:42 -0500
    We are so worried about the year 2000 and what it will do to our
programs, we fail to realize that 29 Feb still causes headaches with
programs.  We are running an older version of a mail package called em on
our unix systems.  Seems em went nuts today trying to interpret the date Feb
29.  I captured the output of a few commands and no, I have not just put in
the weird dates.  This is what em gave me.

    For those interested, "i" is used to get an index of mail messages,
"r" to normally read a message, "R" to head the message including the
headers, and "$" refers to the last message in the mailbox.

Script started on Thu Feb 29 10:17:47 1996
akee@wpdis01 (1)% em
ASCENT*Mail Version 2.3
(C) Copyright 1987, 1991 Control Data Corporation - All rights reserved
Portions (C) Copyright 1987 The Regents of the University of California

.You have 58 messages (2 new).
Index of unread messages in standard mailbox:

>   From:    To:      Date:    Status: Tag:      Subject:                Lines:
 57 HORNC    AKEE     28 Feb 96   N              This is interesting         30
 58 rmorse   akee     28 Feb 96   N              date                         2
END OF FILE - (q)uit, (b)ack, (h)elp
mail <>i 57-$
Index of messages in standard mailbox:

>   From:    To:      Date:    Status: Tag:      Subject:                Lines:
 57 HORNC    AKEE      1 May 131   N              This is interesting         30
 58 rmorse   akee      1 May 131   N              date                         2

mail <>i57
Index of messages in standard mailbox:

>   From:    To:      Date:    Status: Tag:      Subject:                Lines:
 57 HORNC    AKEE      1 Jan 70   N              This is interesting         30

mail <>i 57-$
Index of messages in standard mailbox:

>   From:    To:      Date:    Status: Tag:      Subject:                Lines:
 57 HORNC    AKEE      1 Jan 70   N              This is interesting         30
 58 rmorse   akee      1 Jan 70   N              date                         2

mail <>i58
Index of messages in standard mailbox:

>   From:    To:      Date:    Status: Tag:      Subject:                Lines:
 58 rmorse   akee      1 Jan 70   N              date                         2

mail <>r58
Message 58

SENT BY         : rmorse (Richard T. Morse S/A)
DATED           : 10 Jan 1936 at 0802 GMT+196:16
SUBJECT         : date
SENT TO         : akee
STATUS          : new, not read

Check out the date on this one!!!!
Richard

mail <>R58
Message 58

>From rmorse Thu Feb 29 10:03:07 1996
Date: Thu, 29 Feb 96 10:03:07 -0500
From: rmorse (Richard T. Morse S/A)
Subject: date
To: akee
Status:  N

Check out the date on this one!!!!
Richard

mail <>x
Are you sure you want to exit?y
akee@wpdis01 (2)% exit
exit

script done on Thu Feb 29 10:19:23 1996

  [The last segment has been reinserted into the ARCHIVE COPY,
  for completeness.  I departed from my usual habits and
  deleted it from the original for space reasons, PGN]

So we have four different date interpretations for 29 Feb 1996.  They are:
"28 Feb 96", "1 May 131", "10 Jan 1936", and "1 Jan 70".  Actually another
one I saw but was unable to reproduce was "29 Dec 95"!

    [Actually, Earle forgot to count 29 Feb 96!  PGN]

Earle Ake, Hassler Communication Systems Technology, Inc. Earle.Ake@hcst.com
2332 Grange Hall Rd; Beavercreek, OH 45431-2345  513-427-9000  Based at WPAFB


Happy Leap-Birthday!

"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 29 Feb 96 07:59:07 PST
Frederick, apprenticed to a PIRATE instead of a PILOT in Gilbert and
Sullivan's *Pirates of Penzance*, would have had his thirty-fifth birthday
today.  In the operetta, at the time he had lived for 21 years in 1877, he
was informed that his indentures were not over because he had not reached
his 21st birthday -- which he then figured out would occur in another 63
years, on 29 Feb 1940.

  Frederick: "In 1940 I of age shall be.
              I'll then return and claim you, I declare it."
  Mabel: "It seems so long!"

  (This was the operetta in which the Major General wanted to have his
  Kate and Edith too.  Pun by PGN, not W.S. Gilbert)


Faulty program gets one person shot, one roughed up

Tom Ritchford <tom@mvision.com>
Tue, 27 Feb 96 15:41:57 EST
>From *The New York Daily News*, Tuesday, February 27:

    The Police Department's stolen-car computer system has brought grief to
still another motorist.  Lester Luis, 23, of Elmhurst, Queens, said
yesterday he was roughed up and arrested Friday after cops pulled over his
car -- because the computer said it was stolen.

    In a similar case two weeks ago, Lebert Folkes, 30, was shot in the face
by police who stopped him after the computer told them he was driving a
stolen car.  Police later admitted they made a mistake.  ...

    Both cases involved cars that had been reported stolen -- but then
recovered without being cleared from a police computer that tracks stolen
vehicles.

        The risks are obvious... no word yet on who's to blame.  TR

Tom Ritchford     tom@mvision.com, tom@weirdos.com


Rude bus stops / silent radios / unofficial broadcasts

Philip Overy <pjo33@mailbox.rl.ac.uk>
Fri, 02 Feb 1996 12:09:43 +0000
Hackers in the UK managed to amend the software of a talking bus stop- it
gives spoken information(as written information and display screens are
vandal-prone and useless to partially- sighted people). The talking bus
stops became quite abusive. The RISK is that when a drunk on the last bus
home hears a lot of swearing and you are the only other person in sight, you
might be assumed to be the source of the insults, and of course the
passengers might take the wrong bus or miss the last one - a passenger who
has been taken miles out of his way in bad weather can be a big risk for the
driver of a one-"man" bus. These risks can be exaggerated - the talking bus
stops I have come across work so rarely that any sound from them comes as a
surprise.

In the same vein, a car I once owned was fitted with a radio which
suppressed all hiss when there was no signal. It worked so well that I
didn't even know it was left switched on - the waveband it received seemed
to apply only to Japan or Korea. When I moved to Brighton, the radio
suddenly boomed into life and I nearly drove off the road in shock.

I also used to work for a telephone company. The salesmen spent a lot of
time in Singapore, where you could buy a highly-illegal hand-held radio
which could broadcast on the most popular BBC news channel ("Radio 4"). If
drivers annoyed him, the salesman would point the transmitter at the
offending car and could usually make a rude message come out of the driver's
car radio. In view of some of the cases of "road rage" we have had here, the
radio was probably more of a risk to its owner than to anyone receiving the
messages - if the listeners ever realised how the message got to their car
radio.

Phil Overy, RAL UK


Keyboard RISK [accidental deletion]

Eric Roode <sdn@mv.mv.com>
Wed, 28 Feb 1996 20:50:07 -0500 (EST)
    I had an interesting, if minor, accidental deletion today. Granted,
it turned out to be my fault, but it is instructive anyhow.

    I came back to my PC, which had Windows for Workgroups 3.11 up, to find
it displaying a dialog box asking me to confirm the deletion of a program
icon. I clicked "no", then poked around and noticed that another program
icon (the DOS prompt) was missing.

    Then I noticed a stack of papers that I had carelessly flopped onto my
desk, and, incidentally, onto the lower right corner of my keyboard. What
had apparently happened when I flopped the papers down was that the DEL key
had been hit, followed by the ENTER key, followed by the DEL key again. (On
nearly every PC keyboard made today, the DEL and ENTER keys appear in the
extreme lower-right corner).

    The currently-selected icon had been the DOS prompt; Windows had
interpreted the DEL as my wanting to delete it, and the ENTER keystroke as
my having confirmed the deletion. It then selected the next icon, and
processed the DEL keystroke similarly.

    The RISKs: First and foremost, having "yes" selected as the default
confirmation selection. Second, the position of the DEL/ENTER keys.  Having
(relatively) powerful actions assigned to keys that are in easy-to-strike
positions is asking for problems.

    Another anecdote along the lines of that latter RISK: I work in a
support group servicing several hundred users, a large portion of whom have
new Gateway computers. The Gateway keyboard has a nifty key remap facility:
you press the "REMAP" key, then press the key you wish to modify, then you
press the key you wish to assign to the first key.  Sounds nifty until you
have to support it: the REMAP key is in the very upper-right corner, just
hanging out in the breeze, waiting for some unsuspecting user to tap it by
accident. Which happens several times a week.


Trademarks in Cyberspace [such as newton.com]

Simson L. Garfinkel <simsong@vineyard.net>
Wed, 28 Feb 1996 11:25:57 -0500
[Based in part on my article which appeared in the *San Jose Mercury News*,
26 Feb 1996, with additions.  SLG]

TRADEMARKS IN CYBERSPACE

Over the past year, the Internet has been struggling with the role
trademark law should play in cyberspace. The problem is that while Apple
Computer Inc. might want a name like newton.com for a Web site to help
promote its Newton personal digital assistant computer, Nabisco might want
newton.com to advertise its Fig Newtons.

Complicating the matter still is Mark Newton, a computer enthusiast in
Brighton, Mich., who runs a bulletin board called the Newtonian BBS. Newton
obtained the domain name newton.com in April 1994.

For years, Internet domains were registered on a first-come, first-serve
basis. Last summer, Network Solutions Inc., the company that runs the
InterNIC, decided to change the policy.

The InterNIC rules are complicated. But they work roughly as follows,
according to David Graves, NSI's business manager:

A person or company can register any domain name not already taken. But if
another person or company then says it holds a ''valid and existing
trademark that is identical'' to that domain name, and if the trademark was
registered before the domain name was awarded, the party holding the
trademark has the right to get that name. The party that registered the
domain name first then has the right to prove that it also has a federal
trademark on the name.

Assuming the party that registered the domain doesn't hold the federal
trademark, NSI gives that person or company ''the ability to register a
different name, and will give them 90 days of simultaneous use. The purpose
for that is to give them the opportunity,'' to migrate to the new name,
said Graves.

In the case of newton.com, both Newton and his Internet service provider,
Innovative Concepts of Ann Arbor, Mich., say they have been contacted by
Apple, which has threatened a lawsuit unless they relinquish the name.

''I haven't done anything wrong,'' Newton said. ''Do I need to trademark my
last name to use it?''

Apparently so. Under Network Solution's policy, Mark Newton's newton.com
domain has been turned off until the dispute is resolved. That's left more
than 300 people who were using newton.com stranded without a domain, says
Mr. Newton.  So he's looking for people who can help him fight the billion
dollar company. He says that any lawyer interested in helping---especially
an attorney who specializes in intellectual property---should send him mail
at mark@ic.net. Don't send mail to mark@newton.com, says Mr. Newton,
because it doesn't work.

 Newton points out that Apple doesn't really need the newton.com ,  because
the company is already using newton.apple.com.

Apple never comments on threatened lawsuits, said Lynne Keast, a company
representative.


Electronic Banking conditions

"pvk@ACM.org (Paul van Keep)" <75170.1045@compuserve.com>
29 Feb 96 09:35:00 EST
Just last week I applied for the new Abn-Amro (a very large Dutch bank)
OfficeNet Electronic Banking product. The general conditions that come with
the product are worth a mention here. I've tried to make a reasonable
translation of the pertinent parts of the liability clause. (BTW. this is a
business product, not for private banking)

"9 Liability

9.1 Bank agrees to ensure complete and secure EB (Electronic Banking; pvk) to
the best of its powers.

9.2 Bank is not to be hel liable for any damage whatsoever incurred by Client,
Bank and/or third parties c.q. Client absolves Bank of claims from third
parties pertaining to:
-...(passing software on to third parties)
-...(misuse or abuse of security measures)
- not, not timely, not correctly and/or not completely functioning of EB, the
Software and/or the EB-Server, unless and in as much as damage is attributable
to malicious intent or gross error by Bank. ... (disclaimer for changing of
software or running software on a PC-platform other than specified by Bank)

The risks? How well has this software been tested? How reliable is it? What
are the incentives for the bank to ensure the reliability and security of the
software if they can never be blamed for errors?
The 'PC-platform' thing is another strange one. No platform has been specified
in the general conditions or any accompanying form or contract. The sales
documentation states using MS-Dos 3.3 (or higher). This would invalidate using
the software on a Unix system, Windows, NT, OS/2, even IBM-Dos.

Paul van Keep (pvk@ACM.org)


Re: Libel and censorship issues (Ebright, RISKS-17.77)

Edwin Wiles <Edwin_Wiles@ssw.mclean.sterling.com>
Tue, 27 Feb 1996 16:23:27 -0500 (EST)
  > But if you don't go there, they can't do anything to you :)

I believe that Airbus Industries is based out of France.

I also believe that France has an extradition treaty with the U.S.

Given those two points, "they" certainly CAN do things to you, such
as charging you with libel under their laws, and asking to have you
extradited so that they can prosecute you for your crimes.

At that point, I think it would be up to the government agency
handling extraditions to decide whether or not they are going to
proceed.  In cases involving "individual vs individual", I suspect
that the government agencies are unlikely to act.  Simply because of
the effort involved in such a request.

However, in the case of a semi-governmental entity, like Airbus, such
a request for extradition of an individual might well be carried through.

While I feel for the individual so charged, the actual prosecution of
such a case would be an incredible precedent setter the internet.

If the case were dismissed due to the fact that the supposed offense
originated in a foreign country, and therefore the laws of that country
apply, it would be a large step towards creating a network for global
free expression.

If the case were carried to the limit, and the decision went against
the individual, it would be a horrid precedent that the tightest laws
in the world control what you can and cannot prudently say on the network.

Edwin Wiles | Sterling Software, Inc. ITD | McLean, VA, USA
Preferred..: ewiles@mclean.sterling.com   Edwin_Wiles@sterling.com


Re: Indecent domain names

Chris Purdom <purdom@rabbit.com>
Tue, 27 Feb 1996 13:58:09 -0500 (EST)
Akin to the "xxx" in NYNEX's URL's, but much worse if the CDA survives,
there are domain names with "indecent" words in them which do not actually
have any obviously indecent material on them.  Merely by providing a link to
these pages you will be causing most web browsers to display the indecent
words when the user moves the mouse over the hypertext link.

Chris Purdom            phone:610-993-1134
Development Team Leader     e-mail: purdom@rabbit.com
Tangram Enterprise Solutions    homepage: http://www.tesi.com/~cpurdom/


Re: NYNEX Web and Web Robots

"Broomell, Russ" <MARKETING/MARKETING/RUSS%Konica_Imaging@mcimail.com>
Wed, 28 Feb 96 08:48 EST
Our earlier discussion about web robots' troublesome habits came back to me
when I read about the name of a NYNEX web page dealing with ISDN access
which contained the letters XXX.  While SurfWatch and other programs might
block this, NYNEX may have done some clever marketing.

ISDN is very useful to people who download large files (maybe naughty
pictures?) from internet sites.  By putting XXX in the HTML code of their
page (i.e. in one of the links), NYNEX would get their ISDN page to be
located by web robots searching for "XXX" - and would address this market
segment.  Either a clever marketing ploy or an accidental misfortune.


Re: NYNEX and SurfWatch (Slifka, RISKS-17.80)

Ann Duvall <ann@surfwatch.com>
Wed, 28 Feb 1996 18:15:16 -0800
> ... SurfWatch, deftly noting the "xxx," decided I was trying to
> access something naughty and blocked the page.

SurfWatch responded to the e-mail by immediately unblocking all blocked
NYNEX locations.  As a company, we are trying to provide tools for parents
and teachers to help them choose what they want to see on the Internet.  We
have found, in our surfing, that sites with "XXX" in the URL almost always
contain sexually explicit material.  In fact, many Adult content providers
have used the "XXX" as a tag to indicate adult-only material.  Therefore, we
block those sites.  In some cases when we have explained this to webmasters,
they have quickly changed their URL addresses, but we are also willing to
unblock individual pages if the address change is not appropriate.

SurfWatch continues to work to keep the Internet an open and free place for
people to communicate and exchange ideas.  We believe that software such as
SurfWatch provides an alternative to Internet censorship by empowering
individuals to make choices.

Ann W. Duvall, President, SurfWatch Software, 105 Fremont Ave Suite F,
Los Altos, CA 94022 ann@surfwatch.com 415-948-9500  415-948-9577 (FAX)


Re: NYNEX and SurfWatch (Duvall, RISKS-17.81)

David B. Slifka <davids@mail.nltl.columbia.edu>
Thu, 29 Feb 96 12:15:09 EST
I received a very nice letter today from Ann Duvall, president of SurfWatch
Software, in response to my submission to RISKS 17.80. She explained the
company's (understandable) rationale that most pages with "xxx" in their
name do contain "sexually explicit material," as I had guessed. She also
informed me that NYNEX's site is now exempted from SurfWatch restrictions,
in order to resolve this particular instance of the conflict.

In the area of software company responses to user complaints, this is
certainly top-notch. I somehow can't picture Bill Gates writing to people
who post to RISKS about Microsoft products, much less seeing that the issues
they mention are resolved. :-)

David


Re: Risks of year-2000 precautions (Brader, RISKS-17.80)

Amos Shapir <amos@nsof.co.il>
Thu, 29 Feb 1996 11:26:52 GMT
Mark's scenario is avoidable, if we, the experts, do our best to make sure
the public is aware of one fact: That the worst that can happen at the
consumer level, is slower processing for a while; no data -- and more
important, no customer money -- will be lost, and all miscalculations could
be backtracked and amended later.

Amos Shapir, nSOF Parallel Software, Ltd., Givat-Hashlosha 48800, Israel
amos@nsof.co.il   Tel: +972 3 9388551   Fax: +972 3 9388552


Re: Risks of year-2000 precautions (Brader, RISKS-17.80)

Dick Mills <rj.mills@pti-us.com>
Wed, 28 Feb 1996 21:24:00 -0500
If one exaggerates a little bit on Mark's theme, we are discussing the end
of civiliation caused by the turn of the millennium.  It reminds me of Isaac
Asimov's classic story; "Nightfall".

This is a particular risk I don't recall having seen before in Risks. i.e.
The event so infrequent, that no matter how predictable it is, or how
much advance warning we have, society never does prepare to deal with it.

Is it a flaw in our risk perception where we incorrectly equate
infrequent==unlikely or infrequent==insignificant?

Dick Mills +1(518)395-5154         http://www.pti-us.com
AKA dmills@albany.net      http://www.albany.net/~dmills


Re: Risks of year-2000 precautions (Russell, RISKS-17.80)

<RSRMadison@aol.com>
Thu, 29 Feb 1996 11:31:32 -0500
In his book "A Mathematician Reads the Newspaper" (BasicBooks, 1995, hc,
ISBN 0-465-04362-3, 203 pages), John Allen Paulos has a chapter entitled
"Researchers Look to Local News for Trends". In it, he mentions Robert Louis
Stevenson's story, "The Imp in the Bottle". Here's what he says:

The story is about "a genie in a bottle who will satisfy your every wish for
love, money, and power. You can buy this amazing bottle for any amount that
you care to offer. The only constraint is that when you are finished with
the bottle, you must sell it for less than what you paid for it. If you
don't sell it to someone for a lower price, you will lose everything and
suffer everlasting torment in hell. What would you pay for such a bottle?

"Certainly you won't pay 1 cent for it because then you won't be able to
sell it for a lower price. You won't pay 2 cents for it either, since no one
will buy it from you for 1 cent for the same reason. Neither will you pay 3
cents for it; the person to whom you would have to sell it for 2 cents
wouldn't be able to sell it for 1 cent. A similar argument applies to a
price of 4 cents, 5 cents, 6 cents, and so on. Mathematical induction can be
used to formalize this argument, which proves conclusively that you
shouldn't buy this magic bottle for any amount of money. Yet you would
almost certainly buy it for $1,000. I know I would. At what point does the
argument against buying the bottle become practically convincing?"

Sounds like we should all withdraw our savings NOW!! But we won't, because we
trust everyone else in the world to behave just as irrationally as we do.

Readers of the Risks forum will particularly appreciate Paulos's chapter
"Ranking Health Risks: Experts and Laymen Differ", but really the whole book
is well worth checking out.

Please report problems with the web pages to the maintainer

Top