precedence: bulk Subject: Risks Digest 21.48 RISKS-LIST: Risks-Forum Digest Monday 18 June 2001 Volume 21 : Issue 48 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at and by anonymous ftp at ftp.sri.com, cd risks . Contents: Unexpected network congestion: remote consequences of Seti@Home (Steve Loughran) Site puts private cell calls on Web (Bruce Hamilton) European Commission "Net-security" site invaded by hackers (Declan McCullagh) Formula 1's string of control-system failures (Stellios Keskinidis) A320 Incident (Peter B. Ladkin) Re: Computer train trauma (Philip Nasadowski) Lincolnshire University offers first course on rail disasters (Tom Van Vleck) NYSE: "Throw up your hands and reboot" (Chris Norloff) Re: Billboard error messages (David M Chess) Response to LWN's statement about Linux security costs (Kevin Postlewaite via Gerrit Muller) Windows XP adds its own links (George C. Kaplan) Re: Office XP modifies what you type (Andy Newman, Gerard A. Joseph) Re: Steve Gibson's and Windows XP (Chris Dodd) Re: The risks of clueless marketing (Tony Martin-Jones) Re: And you thought Keith Lynch was kidding! (Phil Carmody, Paul Ward, Ken Knowlton) On the deceptiveness of pop-under ads (ocschwar) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Tue, 12 Jun 2001 17:10:24 -0700 From: "Steve Loughran" Subject: Unexpected network congestion: remote consequences of Seti@Home I came across an interesting little article on Sun's best practices site, titled, "Network Wedged by Little Green Men" http://dcb.sun.com/practices/devtales/network_wedged.jsp It covers how a small firm's network kept on slowing down to a halt. The problem was tracked down to Seti@home screen savers repeatedly trying to connect to the Seti servers, which were inaccessible due to attempted cable theft (as noted in past RISKS). The local firm's Internet access used NAT address translation, and each screen saver made multiple attempts to connect. Each connection attempt used a NAT assignment, an assignment which took a while to be cleaned up. Before long the company had exhausted their pool of 128 NAT addresses, even though only six people were present. Only through router interrogation was the problem identified. The article closes by saying the problem was "solved" by increasing the number of available NAT addresses, although of course that didn't fix the problem, merely caused it to 'go away'. A real solution would be to have the screen-saver software implement incremental backoff and other mechanisms designed to gracefully handle a complete loss of remote server access. One would hope that the authors of the next generation of distributed computation applications take heed of the lessons of the current batch. -Steve ------------------------------ Date: Thu, 7 Jun 2001 10:57:01 -0700 From: bruce_hamilton@agilent.com Subject: Site puts private cell calls on Web Citizens in Ottawa were probably not aware that they were providing content for a new Web site that streams live audio onto the Net. The site uses conversations pulled from a radio that scans cellphone frequencies in the city. *CTIA Daily News* Bruce Hamilton bruce_hamilton@agilent.com Tel: 650-485-2818 Fax: 650-485-8092 Agilent Technologies MS 24M-A, 3500 Deer Creek Road, Palo Alto CA 94303 ------------------------------ Date: Wed, 13 Jun 2001 09:58:18 -0400 From: Declan McCullagh Subject: European Commission "Net-security" site invaded by hackers European 'safer Internet' site hit by hackers, By Joris Evers (IDG) http://www.cnn.com/2001/TECH/internet/06/11/safer.net.hack.idg/index.html Hackers embarrassed the European Commission last week by identifying and exploiting two security holes on a new commission-sponsored Web site that promotes safer use of the Internet. One of the holes allowed the hackers to get administrator privileges on the server that powers the Safer Internet Exchange site [...] ------------------------------ Date: Fri, 8 Jun 2001 18:35:48 +1000 (EST) From: Stellios Keskinidis Subject: Formula 1's string of control-system failures If you've been watching F1 over the past month or so you would of very likely heard about making launch control and traction control systems legal and how nearly all teams are using them. Unfortunately, not all things have been going to plan for team I am the most a fan of - "Since the electronic device was legalised by the FIA at the Spanish Grand Prix, Mika Hakkinen has fallen foul of it once and Coulthard twice. Software programming has been stated as being the main cause of its malfunction." - http://www.formula1.com/news/headlines01/06/s5819.html and further "Coulthard stalled his car on the grid at the first traction control race in Barcelona prompting team boss Ron Dennis (Team Boss), to accuse him of 'Brain fade'.... Dennis admitted that it was a software glitch and he was wrong to have thought that it may have been down to driver error. " - http://www.formula1.com/news/headlines01/05/s5731.html not to mention the four cars that stalled it on the grid in Austria "Several teams have expressed their anxiety over the possibility of a recurrence of the situation in Austria, where four cars failed to start. With the narrowness of the makeshift pit straight on the Monte Carlo street circuit there will be less room in which to manoeuvre cars and avoid potential disaster." - http://www.formula1.com/news/headlines01/05/s5607.html Are the cars becoming too computerised and resulting in more points of failure? Are the teams throwing themselves out of the competition by not testing properly, possibly due to the time constraints? The catch there is that they think they are ready (in testing) when they are not in a live run paying a costly price. Just another classic case of Software Engineering. Cars can only go so fast around any track, I think within the next 5-10 years they will reach their limits in speed and the teams will focus more than they are now, on the "computerisation" of the car where we will see more failures/crashes and stalls on the grid. This sounds all too familiar when the aviation industry embraced technology. Are they repeating those mistakes? It can now be said "Would you hop into a car that travels over 300km/h that is controlled by software you wrote". One thing is for sure, this is soon to be race against technology and not who was the better driver on the day and as if it wasn't already a 2-man race anyway (Mclaren and Ferrari). Stellios Keskinidis http://members.optushome.com.au/stelliosk ------------------------------ Date: Mon, 18 Jun 2001 12:54:17 +0200 From: "Peter B. Ladkin" Subject: A320 Incident Tim van Beveren reported in *Flight International*, 22-28 May 2001, on a 20 Mar 2001 incident to a Lufthansa Airbus A320 on takeoff from Frankfurt. This incident was reported at greater length and detail in *Air Safety Week*, 4 Jun 2001, by David Evans and Tim van Beveren. The captain was Pilot Flying (PF). there was some degree of turbulence during takeoff, shortly after rotation, which resulted in the left wing moving down. The captain applied correction (right lateral roll control) but the wing dipped further left, reaching 21 degrees bank, and the wingtip is reported to have come within half a meter of the ground, and according to computer modelling of the digital flight data recorder the airplane "came within a few seconds of striking the ground". The First Officer, the pilot not flying (PNF), realising there could be a control problem, switched "priority" to his sidestick controller and recovered the aircraft. The aircraft was flown up to 12,000ft on autopilot, the crew confirmed the problem, that the CAP's sidestick was controlling for roll in the reverse sense (normally, putting the sidestick to the left commands left roll; to the right commands right roll. Control-reversal here means that CAP's sidestick gave right roll on a left movement and left roll on a right movement). The aircraft had just come out of maintenance. Maintenance is a known risk -- James Reason, an authority on human factors in aviation safety and Professor of Psychology at the University of Manchester, amongst others, has detailed how significant problems may arise through maintenance of complex systems. It has happened many times that aircraft have come out of maintenance with control systems reversed in one or more of the three axes (roll, pitch, yaw). This has been the cause of a number of accidents with general aviation aircraft, but my informal requests for information turned up no recent accidents to commercial aircraft due to this cause. Evans and van Beveren report that "reversed controls are deemed impossible on transport-category aircraft" and that Boeing claims that the B737 aircraft cannot be reverse-connected without it being discovered before flight, normally through mandatory post-maintenance checks, but at the latest by the pilot's preflight check, as the controls could not be moved. At Lufthansa's code-sharing partner, United Air Lines, certified inspectors must be stationed both inside and outside the cockpit to conduct a functional check after the flight control system has been worked on; a flight test is also required before the aircraft is returned to service after this kind of repair. It is believed that either of these measures would have caught the control-reversal problem, and so general maintenance procedures at Lufthansa Technik will be subject to detailed inquiry. There have been a number of reports as to what fault caused the lateral control reversal, including the two sources above. However, I have found none of the explanations so far satisfactory, as they raise further puzzles that they do not solve. The following architectural description of the A320 primary flight control system (PFCS) is drawn from Cary R. Spitzer, Digital Avionics Systems, Second Edition, McGraw-Hill 1993. The A320 sidestick controller generates input to five of the seven flight control computers which form part of the primary flight control system (PFCS). These five are the two Elevator Aileron Computers (ELACs) and the three Spoiler Elevator Computers (SECs). Each wing has two outboard ailerons, and five inboard spoilers (overwing surfaces which can be raised). Lateral (roll) control proceeds via four of the five spoilers and the two ailerons. Each of the two ELACS and three SECs control some combination of these 12 control surfaces. There is a significant amount of control redundancy. Initial reports said that Lufthansa Technik personnel had been repairing one of the two ELACs, and had found a damaged pin on a connector. They had replaced the connector and this had apparently caused the control reversal. This explanation made no sense to me as it stood, because (a) the connectors are standardised. Replacing one with another should give exactly the same connections as were there before; (b) if one ELAC was receiving reversed signals, and the other was not, and the three SECs were not, then (i) the PFCS architecture would detect a discrepancy on the channels, and (ii) on each side, one aileron would operate counter to the other, but all spoilers would operate correctly-sensed, and it is hard to see how this could lead to the extreme control discrepancy reportedly experienced by the PF. The Aviation Safety Week report on June 4 suggested that "Repair work involving complete rewiring "upstream" of the connector pins was conducted over several work shifts". The ELAC connector with the damaged pin has 140 pins and is one of four such for the ELAC, for a total of 560 pins. It seems to me that to get control reversal without the phenomena in (b) above, there must have been a reversed signal downstream of the sidestick but upstream of where the sidestick movement is multiplexed into the five input signals to the five PFCS computers which receive them. I do not yet have, nor have I heard, a coherent suggestion as to how that could occur. There has been considerable discussion of and speculation concerning: maintenance procedures at Lufthansa Technik, which has one of the very highest reputations for maintenance quality; wiring, wiring conventions and connectors in the A320 series; why the pilots did not discover the discrepancy during the usual preflight control checks (the A320 displays control surface displacement on the cockpit display, the ECAM, when the sidestick is intentionally moved and the airplane is on the ground, as during a preflight control system check). I think it is fair to say that few hard facts have emerged yet concerning any of these, and I find it hard to make any useful inferences about what actually went on from the publicly available information. What emerges most clearly so far from this incident is that the simple physical complexity of the control system has confused some. Amongst other things, explanations have been proposed by presumably technically competent people that do not fit the control system architecture. It is hard to see how that phenomenon could have occurred with the simpler architectures of mechanical control systems. On the other hand, the PNF was able to take over normal control of the aircraft with one button push (the "control priority" takeover on the sidestick), which could also not happen with the simpler mechanical architectures. We have very little information so far on the incident. It is certain that the puzzles will be solved further along the investigative line, and very likely that the results of the investigation will be highly significant for the care and feeding of fly-by-wire architectures. Peter Ladkin, University of Bielefeld, http://www.rvs.uni-bielefeld.de ------------------------------ Date: Sat, 16 Jun 2001 21:45:17 -0400 From: Philip Nasadowski Subject: Re: Computer train trauma (RISKS-21.47) [PGN notes: Lord Wodehouse forwarded Philip's reply to his message in RISKS-21.47, with this comment: As we make systems more complex and clever, they become when they fail, less reliable and more stupid. The present efforts to overcomplicate engineering solutions in the name of progress and efficiency thus continues the themes explored in Edward Tenner's book Why Things Bite Back published 1996, which although I do not like his term "revenge effect", because it is too emotive, is a good description of various well intentioned(?) ideas and efforts that have had surprising(?) results, which were not what was intended. Pharmaceutical companies not excepted either! John] I'm in the US, and we have the same stupidity over here too. The new GE locomotives for Amtrak (our national joke of a railroad) are excessively computerized, and grind to a halt on occasion - requiring a lengthy (10 minutes!) reboot. This is especially bad when one dies on approach to NY city! The recent Long Island Rail Road cars have had numerous problems too: The automated announcements are always not working (to the extent of announcing stations in an order that cannot exist), worse, the computerized door systems were an early nightmare - they would sometimes open the doors enroute (imagine a standing room only train going 60 - 80 mph over rough track), or refuse to open the doors when stopped. The latter was caused because the system will "lock out" any door panel where the conductor (guard) presses a door open/close button repeatedly (which was needed with the old pneumatic system on the old cars). Most disturbing was the early brake failures. The computer-controlled braking systems would on occasion react very slowly to braking commands. This caused a number of trains to be removed from service, enroute. Oddly enough, the 30 year old electric units the LIRR has, which have been battered and poorly maintained, seem to run just fine without all this computer stuff in them. ------------------------------ Date: Mon, 18 Jun 2001 12:03:50 -0400 From: Tom Van Vleck Subject: Lincolnshire University offers first course on rail disasters http://dailynews.yahoo.com/h/nm/20010618/od/college_dc_1.html ------------------------------ Date: Thu, 14 Jun 2001 08:11:00 -0400 From: "Chris Norloff" Subject: NYSE: "Throw up your hands and reboot" When the New York Stock Exchange computer systems crashed for 85 minutes (8 Jun 2001), Andrew Brooks, chief of equity trading at Baltimore mutual fund giant T. Rowe Price, was quoted as saying "Hey, we're all subject to the vagaries of technology. It happens on your own PC at home. You just throw up your hands and reboot." The RISKS? Thinking that a world trading center needs no more reliability than a desktop PC. A certain company (who's "not a monopoly") is training legions of users to expect computer systems to be unreliable. source: http://www.washingtonpost.com/ac3/ContentServer?articleid=A42885-2001Jun8&pagename=article Chris Norloff ------------------------------ Date: Wed, 13 Jun 2001 16:53:44 -0400 From: "David M Chess" Subject: Re: Billboard error messages (RISKS-21.45,46) The most notable example I've seen was one of those portable highway-side signs that was declaring in foot-high letters "BATTERIES NEED RECHARGING". I suffered momentary brain-lock trying to figure out how it could know that some car going by had a battery problem. The general risk, of course, is in piping STDERR to STDOUT. Web sites that send complex error dumps to visitors' browsers are doing the same pointless thing... ------------------------------ From: "Kevin Postlewaite" To: "'lwn@lwn.net'" Subject: Response to LWN's statement about Linux security costs Date: Thu, 31 May 2001 12:25:25 -0700 [From Linux Weekly News, courtesy of Gerrit Muller, Re: http://www.extra.research.philips.com/natlab/sysarch/] In LWN's front page article about the relative security costs of Linux versus Windows, you wrote: "While it is nice to see a (hopefully) objective result that favors Linux, it is also a little disappointing. 5-15% is a fairly small margin; we should really be able to do better than that. It's a start, anyway. " I used to work for PricewaterhouseCoopers auditing computer security of our clients. We would go in and try to penetrate our clients' systems (with their permission, of course). The main flaws that existed did not have to do with the particular OS but depended on the skill and conscientiousness of the system administrators, as well as the computer-security education of the company's employees. The most successful penetrations were obtained when some sysadmin would set the root password to root (or better yet, none at all) or have the Windows Administrator password be Administrator. Also, a surprisingly high number of employees would gladly give out useful information (including accounts and passwords) to people that they didn't know over the phone. People were the weakest link, not the OSes. Thus, I wouldn't expect that the underlying OS would affect the expected damages by much. Far more important than installing Linux is educating the users(not that they shouldn't install Linux anyway :-) ). -Kevin ------------------------------ Date: Thu, 07 Jun 2001 20:37:04 -0700 From: "George C. Kaplan" Subject: Windows XP adds its own links Walter S. Mossberg's "Personal Technology" (*Wall Street Journal*, 7 Jun 2001) describes a new "feature" of Internet Explorer under Windows XP: it will turn some words on web pages you view into hyperlinks, pointing to Microsoft web sites. So, first we have Office XP changing your documents as you type them, without telling you (Jonathan Arnold, RISKS-21.42). Now Internet Explorer will edit your documents for you at the other end: when people read them. Mossberg discusses this feature and the associated risks in detail. Microsoft's arrogance shines through brilliantly in one quote: the new feature "will spare users from 'under-linked' sites". Words fail me. George C. Kaplan, Communication & Network Services University of California at Berkeley 510-643-0496 gckaplan@ack.berkeley.edu ------------------------------ Date: Thu, 14 Jun 2001 08:42:32 +1000 From: Andy Newman Subject: Re: Office XP modifies what you type (Deegan/Arnold, RISKS-21.42) Thanks to the many who pointed out my mis-reading of the RFC and the missing of the empty path segment. Therefore MS *are* wrong in modifying the path. The interesting thing is I fell into the risk I pointed out - seeing a collection of '/' separated tokens (empty or not) made me apply a file system interpretation to a URL and stopped me even contemplating what use an empty path component is and why it should be valid. Andy Newman, Silverbrook Research, ------------------------------ Date: Wed, 13 Jun 2001 17:05:56 +1000 From: "Gerard A. Joseph" Subject: Re: Office XP modifies what you type (Deegan/Arnold, RISKS-21.42) I am in total agreement with the people complaining about automatically-enabled mechanisms that unilaterally correct textual input. I have just migrated to Windows 2000 and am now in a state of euphoria that I can actually enter a one-word folder name in upper case without the second and subsequent letters being preemptively and irreversibly changed to lower case. Imagine, I can now name a folder NSA without it reappearing as Nsa. (If it was possible to do this in Windows 95, no one was able to tell me how.) For years, I have had to put up with such aberrations as letters addressed to "Mr Ga Joseph", a combination of an autocorrect feature that is enabled by default (or by an administrator), and an imbecilic writer who (a) omits periods between initials, (b) doesn't know how to either turn off the feature or reverse its individual perpetrations, (c) accepts as gospel anything the word processor dishes up from his input, and (d) lacks the intelligence or good manners to care about any of the foregoing. And then all those well-known organizations Ibm, Cia, Hr, Po, Cert, Un, etc. Of course, at the spiritual heart of all this nonsense is the bone-headed spelling checker, one of the stupidest abominations ever unleashed on a para-literate user community. There's a universal truth, as true in textual composition as it is in computer security: no piece of technology can substitute for appropriate human practices. ------------------------------ Date: Fri, 15 Jun 2001 06:19:25 -0000 From: chrisd@reservoir.com (Chris Dodd) Subject: Re: Steve Gibson's and Windows XP (Crooke, RISKS-21.46) > It is also time for backbone providers to introduce sensible firebreaks > and reduce their trust in traffic passing through their systems. IMO this conclusion is completely wrong -- the whole point of the Internet is that the component parts need not be trusted to be infallible. Its never been the case that the endpoints are entirely trustworthy, but as the Internet grows, this problem becomes more noticeable. As far as the proposed solution is concerned, its already the case that potentially useful features of the Internet (such as source routing) are mostly useless due to the fact that many routers don't follow the protocol in the name of security. Source IP filtering (at least as proposed by RFC 2827) is even worse, as it breaks things that are actually being used, such as Mobile IP (RFC 2002). What's more, it wouldn't even do anything to stop the attack reported by Steve. The real RISK here is in the rush to improve security (at least for some people), we end up seriously impairing the functionality of the Internet for everyone. Chris Dodd ------------------------------ Date: Thu, 14 Jun 2001 06:48:09 +1000 (EST) From: tmj@enternet.com.au (Tony Martin-Jones) Subject: Re: The risks of clueless marketing (J.McCarthy RISKS-21.46) On the contrary: as "XP" are the Greek letters of the chi-rho, the monogram for the name of Christ, they obviously hope it will be Micros**t's saviour. ------------------------------ Date: Thu, 14 Jun 2001 17:31:03 GMT From: Phil Carmody Subject: Re: And you thought Keith Lynch was kidding! (RISKS-21.47) It's not really the 'HEX' that is the gz file, it's the 'binary', written in LSB-last format (and the LSB is byte-aligned). For reference, it is not the whole of the source that has been zipped, as that was too large to mathematically prove as prime -- it is just the descramble functions. My justification was that copyleft's 2 T-shirts did the same split, and they were subpoenaed for them both. No attempt was made to be clever, I simply wanted source code that had been already accused of being a circumvention device to be propagated. [My favourite headline was "When Mathematicians Turn Bad", in *The Register*.] Phil [Phil noted subsequently that Keith's posting was two months after Phil's earlier postings, and that RISKS is actually recycling a topic that has been beaten to death elsewhere. Apologies to readers of elsewhere. PGN] ------------------------------ Date: 14 Jun 2001 10:28:43 -0400 From: pasward@styx.uwaterloo.ca Subject: Re: And you thought Keith Lynch was kidding! (PGN, RISKS-21.42) One of the strangest consequences of copyright law is that it would seem to outlaw possession of certain integers, as does trademark and trade secret law. In fact, any piece of intellectual property can be encoded as a single integer, which would be protected. Don't blame DMCA for what is an inherent property of all intellectual property law. paulward (DrGS) ------------------------------ Date: Wed, 13 Jun 2001 21:11:32 EDT From: KCKnowlton@aol.com Subject: Re: And you thought Keith Lynch was kidding! Illegal possession of certain integers (RISKS Vol 21 Issue 47) is not really new. Any 10-color, 200x200-pixel image of child pornography is simply a 40,000-digit integer that I think, for quite some time now, has been illegal for you to possess. Ken Knowlton ------------------------------ Date: Thu, 14 Jun 2001 03:55:13 -0400 From: "The guy named after an Om Kalthoum song" Subject: On the deceptiveness of pop-under ads (Re: RISKS-21.47) Nytimes.com and latimes.com do indeed use pop-unders, but if you look at the script used to pop them, you will find that in the NY Times version, there is a myDelay variable, but it is set to 0, and no such variable in the LA Times version. The folks in fastclick.net ought to kick themselves for even thinking of delaying the pop-unders, without which their ethics would be less likely to fall under criticism. The folks in nytimes.com deserve both credit and discredit for setting myDelay to 0. Of course, this still leaves them open to reprobation if someone visits their site while his computer is under a heavy load, and the pop-under takes a while to pop under. Pop-unders, when their origin isn't concealed, are actually a smart idea. One of the problems with web advertising for funding the Web is that under that scheme writers attract viewers only to send them to who-knows-where. This solves that problem by attracting the viewer to the ad after he is done reading the article and thus more likely to have a look-see. And the RISK? There is no need to compromise your own reputation by writing the equivalent of this: " $I_Am_Slimy = 0; if ($I_Am_Slimy) { ... }" when you can just choose not to be slimy. ------------------------------ Date: 12 Feb 2001 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, SEND DIRECT E-MAIL REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) which now requires confirmation to majordomo@CSL.sri.com (not to risks-owner) [with option of E-mail address if not the same as FROM: on the same line, which requires PGN's intervention -- to block spamming subscriptions, etc.] or INFO [for unabridged version of RISKS information] .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 20" for volume 20] http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. Lindsay Marshall has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r http://the.wiretapped.net/security/info/textfiles/risks-digest/ . http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/ ==> PGN's comprehensive historical Illustrative Risks summary of one liners: http://www.csl.sri.com/illustrative.html for browsing, http://www.csl.sri.com/illustrative.pdf or .ps for printing ------------------------------ End of RISKS-FORUM Digest 21.48 ************************