RISKS-LIST: Risks-Forum Digest Tuesday 20 October 2009 Volume 25 : Issue 82 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/25.82.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Toyota uncontrolled acceleration (David Lesher) Another Therac-25 rerun (Jeremy Epstein) Custom license plate lands man a database full of fines (Rob McCool) Risks of namespace conflicts among city names (Cody Boisclair) More on hospital error leads to radiation overdoses (Gene Spafford) Internet Pioneers Speak Out on Net Neutrality (Lauren Weinstein) Accessing your legacy (Peter Bernard Ladkin) Re: A Time Machine time bomb (Alan J Rosenthal) Re: Microsoft's Danger Data Service (David Lesher, John Murrell via John F. McMullen) Inexcusable Complexity, Re: The risks of being cute (Ed Lowry) Re: The risks of being cute (Curt Sampson) Re: System diversity helps in power control system (Ian Botham) Rethinking What Leads the Way: Science, or New Technology? (John Markoff on W. Brian Arthur, via PGN) Computers, Freedom and Privacy 2010 Conference: Call for Proposals () Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 19 Oct 2009 17:10:15 -0400 (EDT) From: "David Lesher" <wb8foz_at_private> Subject: Toyota uncontrolled acceleration There have been several recent cases where Toyotas have suddenly accelerated out of control. The most notable had a passenger who called 911 and reported her spouse, a Calf. Highway Patrol officer who taught driving safety, was unable to stop their car. They crashed with all on board killed. Toyota has recalled several million cars to replace a floor mat that may jam the accelerator. But the crash raises the question: why couldn't an experienced officer stop a runaway car? a) It was a loaner from the dealer. b) It was equipped with a keyless RFID ignition lock. To force such off, you must *hold* the Start button down for 3+ seconds; touching it is ineffective. c) The transmission was some mix of manual and automatic, with a series of gates to keep you from mis-shifting. Apparently there is no clutch petal. d) There were passerby reports the car brakes were on fire as it went by. I see two big risks here. The first is changing longstanding, well-understood, user interfaces without considering the uninitiated driver. While Windows may have taught some of us that of course we use the Start button to stop; it's not clear such learning transfers to driving. And when you hide a vital safety function behind a time delay.... The second is more alarming. I thought that there was a {?unwritten} requirement that no US road-legal car could even overpower its own brakes; i.e., given full throttle and full brakes; the car stops, period. (This may not be the case for a dedicated race car...) Is this no longer true? Are there production cars where the brakes can't stop a runaway? (That does not say you couldn't fade the brakes into worthlessness, but we can assume the driver knew that.) There are obvious add-ons that could reduce the possibility of a recurrence [Tie brake activation to a throttle cutoff, add a real STOP button to the dash, etc.] but those add complexity or direct costs...and may provoke new problems. While Toyota's head is now on the chopping block; they won't be the last. ------------------------------ Date: Sun, 18 Oct 2009 09:00:52 -0400 From: Jeremy Epstein <jeremy.j.epstein_at_private> Subject: Another Therac-25 rerun (Re: Lesher, RISKS-25.81) David Lesher noted a recent Cedars-Sinai Therac-25-like failure. *WiReD* is reporting another one at an unnamed Cleveland hospital, where medical staff noticed that the patient was out of position and hit the emergency stop button, but the machine didn't correctly put the shielding in place or move the patient out of the machine. The problem was a "known bug" which had been deferred to a future release. Just to be clear, unlike the Therac incident, there was no significant excess radiation involved, and it does not appear that anyone was harmed. No word on whether the bug was in the application software designed for the instrument, or something inherent in the system (e.g., a buggy operating system). Still, the RISKS of software-controlled medical instruments are pretty clear, and are likely to increase as high tech equipment becomes more prevalent. http://www.wired.com/threatlevel/2009/10/gamma/ ------------------------------ Date: Fri, 16 Oct 2009 22:54:23 -0700 (PDT) From: Rob McCool <robm_at_private> Subject: Custom license plate lands man a database full of fines http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2009/10/16/national/a072720D99.DTL&tsp=1 An Alabama man ordered a license plate with seven occurrences of the letter X, to pay homage to Racer X, a favorite character of his. He is now getting as many as 10 tickets a day because the city's traffic enforcement division uses this as a placeholder in their database for cars with no license plates. Yet another instance of an information system failing to account for the unexpected, people working around that limitation, and an edge case arriving some time later to cause trouble. [Apparently $19,000 thus far. Craig Reise suggested that ``Maybe a `missing license plate' checkbox or drop-down would been a good idea in this application... Bob Frankston said, ``Reminds me of people with the name Ng vs. payroll systems.'' RISKS has had a few similar stories in the past. PGN] ------------------------------ Date: Sat, 17 Oct 2009 21:07:38 -0400 From: Cody Boisclair <cody_at_private> Subject: Risks of namespace conflicts among city names It's not just GPSes that get confused by multiple locations having the same name; even weather forecasts can be surprisingly deceptive for the same reason. I recently upgraded my MacBook from OS X 10.5 (Leopard) to 10.6 (Snow Leopard). The weather widget included in the OS changed its information provider with the update; in 10.5 it used AccuWeather, while in 10.6 it gets its information from The Weather Channel. To make the transition as seamless as possible, Apple designed it so that the widget in 10.6 would import its information from the 10.5 version. Or more accurately, it imports the name of the city-- and *nothing else*, even though it's very much possible to enter one's location as a postal code in the widget. You've probably already guessed at the sort of problems this could cause -- and sure enough, it did. In 10.5, I entered my location into the weather widget as the ZIP code 30605, representing the city of Athens, Georgia in the US. This seemed the most unambiguous way of doing it, given the sheer number of towns out there called Athens. Upon upgrading to 10.6, nothing seemed incredibly out of the ordinary at first glance during the summer and the beginning of fall -- any glitches could easily have been excused by the cached weather information being a couple hours stale. As fall weather began to arrive, however, I noticed more and more discrepancies between what the weather widget claimed and the actual weather I encountered outside. And yet, the widget was still showing "Athens" as the location, as if nothing had changed. I decided today to take a look at the properties for the widget... and sure enough, despite the fact that I originally entered the location as a postal code, the stored location had been changed to Athens, *Greece*. Oops. Judging from the order in which The Weather Channel lists its disambiguations for these city names, I imagine the same thing would occur for anyone living in Rome, Georgia; Birmingham, England; Portland, Maine; Paris, Texas; London, Ontario... and, depending on weather patterns, could easily have gone unnoticed for as long as it did for me. Cody "codeman38" Boisclair cody@private http://www.zone38.net/ ------------------------------ Date: Wed, 14 Oct 2009 19:44:01 -0400 From: Gene Spafford <spaf_at_private> Subject: More on hospital error leads to radiation overdoses (Re: Lesher, RISKS-25.81) 206 people received 8 times the expected dose of X-rays as a result of a misunderstanding setting a CT machine...and then not finding it for 18 months. It was finally found when one of the patient complained about his hair falling out after a test. "You have to be pretty confident to think you know more than the guys who designed the equipment." [Source: latimes.com, 13 Oct 2009] http://www.latimes.com/news/local/la-me-cedars13-2009oct13,0,1200257.story ------------------------------ Date: Fri, 16 Oct 2009 14:58:43 -0700 From: Lauren Weinstein <pfir_at_private> Subject: Internet Pioneers Speak Out on Net Neutrality Internet Pioneers Speak Out on Net Neutrality http://www.vortex.com/FCC-Net-Neutrality-Letter.pdf http://lauren.vortex.com/archive/000625.html 15 October 2009 Honorable Julius Genachowski Chairman, Federal Communications Commission Washington, DC Dear Mr. Chairman: We appreciate the opportunity to send you this letter. As individuals who have worked on the Internet and its predecessors continuously beginning in the late 1960s, we are very concerned that access to the Internet be both open and robust. We are very pleased by your recent proposal to initiate a proceeding for the consideration of safeguards to that end. In particular, we believe that your network neutrality proposal's key principles of "nondiscrimination" and "transparency" are necessary components of a pro-innovation public policy agenda for this nation. This initiative is both timely and necessary, and we look forward to a data-driven, on-the-record proceeding to consider all of the various options. We understand that your proposal, while not even yet part of a public proceeding, already is meeting with strong and vocal resistance from some of the organizations that the American public depends upon for broadband access to the Internet. As you know, the debate on this topic has been lengthy, and many parties opposing the concept have systematically mischaracterized the views of those who endorse and support your position. We believe that the existing Internet access landscape in the U.S. provides inadequate choices to discipline the market through facilities-based competition alone. Your network neutrality proposals will help protect U.S. Internet users' choices for and freedom to access all available Internet services, worldwide, while still providing for responsible network operation and management practices, including appropriate privacy-preserving protections against denial of service and other attacks. One persistent myth is that "network neutrality" somehow requires that all packets be treated identically, that no prioritization or quality of service is permitted under such a framework, and that network neutrality would forbid charging users higher fees for faster speed circuits. To the contrary, we believe such features are permitted within a "network neutral" framework, so long they are not applied in an anti-competitive fashion. We believe that the vast numbers of innovative Internet applications over the last decade are a direct consequence of an open and freely accessible Internet. Many now-successful companies have deployed their services on the Internet without the need to negotiate special arrangements with Internet Service Providers, and it's crucial that future innovators have the same opportunity. We are advocates for "permissionless innovation" that does not impede entrepreneurial enterprise. We commend your initiative to protect and maintain the Internet's unique openness, and support the FCC process for considering the adoption of your proposed nondiscrimination and transparency principles. Respectfully, Vinton G. Cerf, Internet Pioneer Stephen D. Crocker, Internet Pioneer David P. Reed, Internet Pioneer Lauren Weinstein, Internet Pioneer Daniel Lynch, Internet Pioneer ------------------------------ Date: Sun, 18 Oct 2009 08:58:37 +0200 From: Peter Bernard Ladkin <ladkin_at_private-bielefeld.de> Subject: Accessing your legacy People who use computers and the Internet as major professional tools are all getting closer to dying. The organiser (organiser? provoker) of our traditional music group died suddenly last year and his professional and personal correspondence was inaccessible. Nobody could find out who Mario knew or whom he was encouraging to come to our sessions. And not just us -- he organised a lot for concertina players throughout Germany. (I wrote a couple of poems in tribute, one in English and one in German, accessible through irishsessionbielefeld.de ) Today I heard belatedly about the death of one of my most extensive correspondents of the last 17 years. His son found the e- mail address of a mailing-list correspondent of ours in his papers. Not on his machine, mind -- in his A4 bleached- wood-fibre Nachlass. Which leads to the moral: * Please leave access details to computerised personal and professional information in a secure place to which your executors will have access when you fall over. The question is precisely how you organise your computerised life so that your executors can find out, for example, whom you know, and how to pass on info to others if you organised groups, while keeping those things inaccessible which you don't wish to bequeath to posterity. I don't think there are obvious general answers. But telling your executor about the most obvious stuff is not hard. Peter Bernard Ladkin, Causalis Limited and University of Bielefeld www.causalis.com www.rvs.uni-bielefeld.de ------------------------------ Date: Sat, 17 Oct 2009 11:56:08 -0400 (EDT) From: flaps_at_private (Alan J Rosenthal) Subject: Re: A Time Machine time bomb (Ron Garret, RISKS-25.81) This seems to me to be an inherent risk of any automated backup aging process: adding a bunch of new data to be backed up will cause a bunch of old backups to be deleted. If you want the computer to decide without consulting you how many of your backups to keep, then you relinquish the power to decide how many of your backups to keep. ------------------------------ Date: Tue, 13 Oct 2009 14:24:26 -0400 (EDT) From: "David Lesher" <wb8foz_at_private> Subject: Re: Microsoft's Danger Data Service (Re: RISKS-25.81) Re: Cloud Danger, literally... M$ loses T-mobile data One aspect of Sidekick's design that was not directly Microsoft's fault is both a caution, and maybe a lesson, for the design and legal communities. Unlike most of the competition; the Sidekick user allegedly had no way to do her/his own backups, and still doesn't. Palms, iPhones, etc not just allow such but make it simple to do so to a local computer. But from what I've read, Sidekick users had no such option bundled with their purchase. (There was reportedly some extra cost add-on that could back up *Danger's* copy of same to a user machine, but no direct way. And with the Danger database corrupted...it's too late now.) Now we know that many many [but not all] of the customers would never bother to perform a local backup. [I'm hard pressed to imagine Sidekick's most famous user, Paris Hilton, on the phone to Tech Support asking for backup help....] But if it's true that their users had no real option to do so, that surely dilutes one legal excuse for Microsoft, that backups were really the users' responsibility. Another dimension of the saga... where do such cloud based devices fall in the world of Carnivore err DCS-1000? I suspect the legal stance DoJ takes is the user voluntarily shared the data (be it calendar data, pictures, or voice recordings) with Microsoft/Danger; ergo she had no expectations of privacy. Hmm, I wonder if users can FOIA their lost data back from the FBI? ------------------------------ Date: Thu, 15 Oct 2009 12:16:00 -0400 From: "John F. McMullen" <johnmac13_at_private> Subject: Re: Microsoft's Danger Data Service (Re: RISKS-25.81) John Murrell <jmurrell_at_private> Sidekick depression eases; Microsoft says recovery under way The prospects for recovering the personal data lost by T-Mobile Sidekick customers in a server snafu at Microsoft's Danger unit have gone from bleak to hazy to substantially brighter. In a post early today, Roz Ho, Microsoft's VP for (ideally) Premium Mobile Experiences, said "We are pleased to report that we have recovered most, if not all, customer data for those Sidekick customers whose data was affected by the recent outage. We plan to begin restoring users' personal data as soon as possible, starting with personal contacts, after we have validated the data and our restoration plan. We will then continue to work around the clock to restore data to all affected users, including calendar, notes, tasks, photographs and high scores, as quickly as possible. We now believe that data loss affected a minority of Sidekick users." She went on: "We have determined that the outage was caused by a system failure that created data loss in the core database and the back-up. We rebuilt the system component by component, recovering data along the way. This careful process has taken a significant amount of time, but was necessary to preserve the integrity of the data. ... We have made changes to improve the overall stability of the Sidekick service and initiated a more resilient backup process to ensure that the integrity of our database backups is maintained." http://click1.newsletters.siliconvalley.com/wsqfqmtdr_ohmctgnpjnp_myfvsqln.html That said, Microsoft continued to run away from Danger lest its other cloud computing efforts be injured. Microsoft spokeswoman Tonya Klause said Wednesday, "The Danger Service platform, which experienced the outage, is a standalone service operating on non-Microsoft technologies, and is not related to Microsoft's cloud services platform or Windows Live. Other and future Microsoft mobile products and services are entirely based on Microsoft technologies and Microsoft's cloud service platform and software." The good news on the recovery front arrived too late to stop the first wave of the inevitable lawsuits including a pair in Northern California that seek class action status and assert negligence and false claims by Microsoft and T-Mobile. [Source: MediaNews Group, 1560 Broadway, Ste. 2100, Denver, CO 80202] ------------------------------ Date: Thu, 15 Oct 2009 15:08:33 -0400 From: Ed Lowry <eslowry_at_private> Subject: Inexcusable Complexity, Re: The risks of being cute (RISKS-25.80) In RISKS-25.80 Donald Norman lectures us on simplicity versus complexity issues and admonishes "please don't write about topics on which you are not an expert". In software, that would lead to almost total silence on software's biggest challenge, expressing it simply. At present there is no software language technology available which provides for simplicity of expression as advanced as what was designed at IBM in the early 1970s and implemented at Digital Equipment Corporation in the early 1980s. I have seen no evidence of organizations or leadership in software that aspire to expertise that advanced. If there is I would like to hear about it. The capabilities of the most advanced facilities for executing simply-expressed software have moved backwards over the past 20 years. The expertise has been fading too. Twenty five years ago, expressions such as: * count every person whose spouse is veteran; * sum revenue of every year after 1981; * every element of where some isotope of it is stable; could be executed as part of general purpose programming and database language, but not today. There are three sources of inexcusable complexity plaguing software today where software leaders have mostly obstructed progress. They can be eliminated by: -- combining structural with functional expressiveness, - using data objects that are designed to be easily arranged, -- increasing language generality. They are described in "Inexcusable Complexity" at http://users.rcn.com/eslowry . One result of neglecting simplification is that students everywhere are routinely taught how to arrange pieces of information by teachers who have little idea what is a reasonable structure for well-designed pieces of information. Decades of obstructing simplification has undermined public safety and some currently high priorities of the US government: * technical education, * innovation, * cyber security, * reducing health care costs, * reducing government spending. The risks of neglecting progress in a fundamental part of information technology for 35 years: a widening swath of death destruction, ignorance, agony, waste, criminality, and dangers to national security. ------------------------------ Date: Fri, 16 Oct 2009 22:39:12 +0900 From: Curt Sampson <cjs_at_private> Subject: Re: The risks of being cute (RISKS-25.79,80,81) >> The more complex the machinery, the simpler the interface will be." > This last sentence, without more context, explanation, or scope of > applicability, is worse than a simple conundrum; it is a disservice to > public understanding of the perils of complexity that the RISKS forum, as > I've known it, serves to explore. Indeed. But even if we take the sentiment as a whole, rather than focusing on the last sentence, I think I'd go further than you and say that this way of looking at things is not only a disservice to the public, but a danger to the public, and even each of us in our private lives. It's not only wrong on occasion; it's wrong frequently enough that I believe we should never think about things this way: we should be appropriately suspicious when we do ever think about it this way. How wrong this idea can go was made most viscerally clear to me when, after some years of film photography on '60s- and '70s-era cameras, I bought a digital SLR. I spent quite some time (almost two hours, actually) writing up a detailed example of the differences, but it became too large for a RISKS post. When you start analyzing in detail the use of the three simple settings (focus, aperture and shutter speed) that are the primary controls on both digital and analogue cameras, you run into huge, unforeseen (and often not seen terribly clearly afterward) differences well before you even reach those modes on the dial beyond 'M', 'A', 'S' and 'P' that instead have funny pictures (and even more mysterious effects on those three settings --though those setting are all that they affect). Through thinking about this a bit more, I now have great sympathy for any Airbus pilot who pushed a little hard on the rudders. How was he to know? I'd do the same. I think it comes down to Fred Brooks' essential vs. inessential complexity; the essential doesn't go away: it just gets disguised, and in the disguising of it, we lose the instincts we've developed and have to relearn them, perhaps without realising, in the moment, that we need to do so. > It may have been wrong of me to call it exactly as I saw it, an > unintended parody, suggesting that complexity of machinery and the > complexity of its interface are inversely related. No, they are proportionally related. As I now know too well, and yet not well enough. Curt Sampson <cjs_at_starling-software.com> +81 90 7737 2974 ------------------------------ Date: Sat, 17 Oct 2009 00:43:10 +1100 From: Ian Botham <ianb30804_at_private> Subject: Re: System diversity helps in power control system This article missed the major issue, which was that a virus outbreak crippled the Windows desktops of a large government utility. I have talked to some insiders, and thought the facts might be of interest to Risks readers. The organisation is a large electrical distribution utility in Australia. It has around 2700 Windows desktops in a head office, and some dozen regional offices, all connected via a WAN. I haven't heard how the virus (W32.virut.cf) got into the internal network initially (if anybody knows), but I heard that the anti-virus software was out of date, and while it could recognise infected exe's it couldn't kill the virus process or stop it spreading via Windows file shares. The virus infected exe files, then the anti-virus software detected this and quarantined the files -- with the result that soon there were no exe's left to run, and the desktop boxes were junk. Initially the scale and seriousness of the situation wasn't realised, and after several days a high percentage of the organisation's desktops were close to useless. The effect on day to day operations was crippling. As the original article mentioned, the SCADA system is on Solaris and so was not at risk. However, the trouble ticket system runs on Windows servers, and while not affected was at risk. Eventually the decision was made that all desktops had to be re-imaged to get rid of the virus, and it took more than 2 weeks from the initial detection of the virus to get most of the desktops back in operation. The most obvious risk is that of letting anti-virus software get out of date. However, that shouldn't blind us to the bigger risk of having the day to day operation of a large organisation dependent on a large collection of Windows computers -- which will always be vulnerable to a zero-day exploit of some kind. I know there's no easy fix for this risk, but that doesn't make the risk go away. Finally, I'm not an anti-Windows zealot, but I just can't resist ! How will the Windows marketing droids spin the lower TCO of Windows, and discount the cost of thousands of employees twiddling their thumbs for a few weeks ? ------------------------------ Date: Tue, 20 Oct 2009 11:24:52 PDT From: "Peter G. Neumann" <neumann_at_private> Subject: Rethinking What Leads the Way: Science, or New Technology? (John Markoff on W. Brian Arthur) John Markoff has a very interesting column in The New York Times' Science Times, 20 Oct 2009, on what appears to be a very interesting new book: W. Brian Arthur The Nature of Technology: What It Is and How it Evolves Free Press, 246 pages, 2009 Markoff notes that this book "reframes the relationship between science and technology as part of an effort to come up with a comprehensive theory of innovation. The relationship is more symbiotic than is generally conceded." Arthur was trained as an engineer, mathematician, and economist, and those disciplines are all brought to bear. Markoff concludes with this paragraph: "Dr. Arthur's view is that technology is something that defines us as human and that, in the end, we will be able to control a set of technologies that rather than conquering us will extend our humanity." This has of course been an ongoing topic here in one guise or another, and can benefit from Arthur's analysis -- particularly as it might (or might not) relate to the computer field. (That might be a subject for John Markoff's blog!) ------------------------------ Date: Mon, 19 Oct 2009 13:36:16 -0400 From: technews_at_private Subject: Computers, Freedom and Privacy 2010 Conference: Call for Proposals Organizers of the 20th annual ACM Computers, Freedom, and Privacy conference, which takes place June 15-18, 2010, in San Jose, have announced a call for proposals to help shape the program for next year's gathering. The theme of the conference is Computers, Freedom, and Privacy in the Networked Society and seeks to address how constant connection in social, communication, information, and physical environments impacts freedom and privacy, and how computers can be used to improve freedom and privacy. Organizers are seeking suggestions for speakers, topics, workshops, tutorials, and panel sessions. The proposals should take advantage of the location of the conference, include a diverse set of panelists and new voices, offer a number of perspectives on challenging issues, and explore cutting-edge technology, legal, and policy issues. Possible topics include social networks, cloud computing, surveillance networks, anonymity in a networked world, ethics and computing, accessibility, open source, and media concentration, advertising, and political campaigning on the Internet. The final program will be assembled partly from the proposals. The early bird deadline for proposals is Dec. 1, 2009, and the final deadline is Jan. 31, 2010. http://usacm.acm.org/usacm/weblog/index.php?p=3D749#more-749 ------------------------------ Date: Thu, 29 May 2008 07:53:46 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users should contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 25.82 ************************Received on Tue Oct 20 2009 - 14:35:03 PDT
This archive was generated by hypermail 2.2.0 : Tue Oct 20 2009 - 15:39:38 PDT