EVERYBODY'S INTERNET UPDATE (formerly the Big Dummy Update) ==================== Number 3 - June, 1994 ------------------------------------------------------------------------------ An online publication of the Electronic Frontier Foundation ------------------------------------------------------------------------------ At long last, here it is! If it wasn't one thing, it was another. You'll note the new name. IDG Books, which has a whole series of "Dummies" guides ("DOS for Dummies," etc.), got increasingly upset with our use of the word "Dummy." Since they were first, our name had to go, which caused a delay in getting this out (not to mention the printed version of the guide itself, appearing soon on a bookstore shelf near you), since we had to come up with a new name. Then there was the root canal gone bad and, well, you don't want to hear about it. In any case, what all this means is that from now on, this Update is officially Everybody's Internet Update. The original guide itself will be called Everybody's Guide to the Internet in the printed version and EFF's Guide to the Internet in the online version. See the Contact Info section below for how to obtain the latest copy of the online guide and back issues of the Updates. As always, comments and suggestions are most welcome! You'll find my e- mail address in the Contact Info section (fortunately, *that* hasn't changed). -- Adam Gaffin CONTENTS: 1. Privacy on the Internet 1.1 Online envelopes 1.2 The keys to protection 1.3 Sealing the envelope with Pretty Good Privacy 1.4 Trust and digital signatures 1.5 A word about credit cards 1.6 The government steps in 1.7 Anonymity on the Net 1.8 Anon caveats 1.9 FYI 2. File transfers, part II 2.1 From mailbox to you 2.2 Sinking your teeth into gopher files 2.3 Uploading files 2.4 Talking MIME 2.5 When things go wrong 3. Haven't I seen you before? Mass mailings infest Usenet 4. Addressing an e-mail problem 5. Online urban legends: another one 6. Faxing gets easier 7. Public-access sites 8. Services of the month 8.1 News of the World 8.2 Mailing lists 8.3 World-Wide Web 8.4 Gopher 8.5 Telnet 8.6 FTP 9. Errata/Updates 10. Contact Info 1. PRIVACY ON THE INTERNET 1.1 ONLINE ENVELOPES When you drop a letter in the slot of a mailbox, chances are you don't worry too much about somebody opening the envelope and reading your letter before it gets to your recipient. But if you go on vacation and dash off a quick postcard, you assume that everybody along the line, from the mailman to the person who sorts the mail at work is going to read what you wrote. Internet e-mail today is more akin to a postcard than a letter. Chances are that nobody is reading your messages before they get to your correspondents -- if for no other reason than trying to read that flood of mail would tire even the strongest set of eyes. But there's little to stop somebody who wants to from reading your e-mail -- an Internet message consists of simple ASCII text that is as easily readable as that postcard. The issue of e-mail privacy has become a more important one in recent years, as the Internet moves from a convenience to a necessity for growing numbers of people. The idea that your e-mail *could* be read by others is potentially unsettling enough -- Americans and many other people have a constitutional right to privacy. And would you buy something from an online merchant if that meant sending your credit-card information via e- mail? What we need then, is the online equivalent of a postal envelope -- something that will keep prying eyes away from your messages. That equivalent is encryption: transforming your ASCII characters into seeming gibberish that only your recipient can translate. 1.2 THE KEYS TO PROTECTION If you're of a certain age, you remember decoder rings (maybe you even got them with your cereal). If you wanted to send somebody a secret message, you used the ring to come up with replacement characters for the actual letters on paper. Then, at the other end, your recipient used an identical decoder ring to translate the characters back into your message. That's essentially how classic encryption works. It's great for kids and secret agents, not so great for people who use a worldwide computer network. For how do you get the "decoder ring" (or more technically: the key) to the person at the other end? If you send it to her, you have to do it over the network, which means somebody could intercept your encryption key and so be able to read any messages you might send over the network. Enter public-key cryptography. In this system, you have two keys -- one public and one private. The public key, available to anybody, lets a person encrypt a message meant for you. But only the private key, the one that you hold, can then decrypt the message. Even the person who wrote the original message cannot decrypt the message once it's been encrypted. The encryption is based on a complex mathematical formula that, theoretically, would take even a giant mainframe thousands, if not millions of years to figure out. What this means is that you can now send a private message over a public network -- because only the recipient has the means to decode it. A growing number of commercial applications, for example, Lotus Development Corp.'s Notes groupware package, use public-key cryptography to ensure the privacy of messages. You'll sometimes see the letters RSA used in connection with this form of encryption. It comes from Rivest, Shamir and Adelson, the three people who came up with the mathematical formulas used in the process. 1.3 SEALING THE ENVELOPE WITH PGP Actually using a public-key encryption system is a lot like using uuencode and uudecode to send binary files via Internet e-mail. Basically, you write your message, encrypt it, and then send it via e-mail. Unlike uuencode and many other Internet programs, which you can run on your public-access site, however, encryption and decryption are things you'll want to do on your own personal computer. This is because you'll want to keep your private key, well, private, and the only way to ensure that is to keep it only on your very own machine. Pretty Good Privacy (PGP), invented by Philip Zimmermann, has quickly become the most popular, widely available public-key system, partly because it works, partly because it's free, so we'll look at how it works. Before we do, though, there's an important caveat. The most recent version of the software (version 2.6, released in late May) is legally available only to U.S. residents and is not supposed to be exported to other countries (because of U.S. laws relating to the export of munitions, which, for some reason, have been extended to encryption programs). Further, the software in PGP 2.6 has been designed so that, after Sept. 1, 1994, earlier versions of PGP will be unable to decrypt messages encrypted with version 2.6 (this is to resolve some patent issues between Zimmermann and the people who hold the actual RSA patent). Americans who want to get a copy of version 2.6 (currently available for MS-DOS and Unix machines, with a Macintosh version under development) have to go through a little treasure hunt. First, use anonymous ftp or ncftp to connect to net-dist.mit.edu. Use cd to switch to the pub/PGP directory and get two files: rsalicen.txt and mitlicen.txt. These explain the limitations on the software (for example, it is only for non- commercial use). Then, use telnet to connect back to net-dist.mit.edu. Log on as: getpgp You'll then be asked a series of questions designed to ensure that you really are an American and plan only to use the software for non- commercial purposes. Then, finally, you'll be told the hidden ftp directory where you'll find the software. The site is run by MIT, which says it has designed it so that only people using American sites will be able to get in. In a word: Phew! Now, that having been said, version 2.6 has already found its way outside of the U.S., and both it, and a compatible version called version 2.6ui, can be found on several Gopher and ftp sites outside the U.S. (for example, the ftp site ftp.demon.co.uk in the pub/pgp directory). Assuming you have an MS-DOS computer, in either the U.S. or foreign case, you'll want to get the files in the directory that end in .zip. Once you download and unpack the software (it's compressed with PKZIP), the first thing you want to do is read the documentation. Even if you're one of those people who toss documentation on the floor, you'll really want to read the docs with PGP. Zimmermann not only provides a lucid and comprehensive set of directions for using the software, but a good basic discussion of the various political and social issues related to encryption. After you've read the documentation, it's time to create your public and private keys. In the MS-DOS version, you do this by issuing the following command at your command prompt: pgp -ka (all PGP commands are issued this way). PGP relies on time stamping to help authenticate messages (more on why you need authentication in a bit). If you didn't set a time variable in your autoexec.bat file, you'll get a warning message (which should remind you to go read Zimmermann's directions on how to do this). Then, you follow a series of simple prompts (for example, you'll be asked how strong an encryption you want). Finally, the software gets ready to generate your unique keys. You'll be asked to type a series of random characters. PGP keeps track of the amount of time between each key you hit and uses that to help generate a unique set of keys for you. You'll also be asked for a password to use with your secret key, just in case it falls into the wrong hands. So now you have keys. Now what? Recall that the basic premise behind public-key encryption is that you use somebody else's public key to send them a message. So the first step is to ask them for their public key. Because it's basically a series of characters, they can send it to you via e-mail . Once you have that, PGP lets you set up a "key ring" of all your correspondent's keys. When you use PGP on a message to somebody whose public key you have, PGP encrypts the message and appends a copy of the public key. It's somewhat similar to uuencoding a message: pgp -e docu.txt Fred would encrypt a file called "docu.txt" to your friend Fred (assuming he's in your public key ring) and create a new file called docu.pgp, which is the encrypted message. Assuming you're sending the file via Internet e- mail (as opposed to, say, handing it to him on a disk, you'll need to add an -a flag, which lets PGP know that it should "translate" the encrypted message into a series of ASCII characters, like this: pgp -ea docu.txt Fred You can now upload this resulting .pgp file to your public-access site and then insert in an e-mail message to your friend (see section 2.3 below for more information on uploading files to a public-access site). One bonus of PGP encryption is that the message is compressed at the same time it's encrypted, reducing the amount of time it takes to up/download it. 1.4. TRUST AND DIGITAL SIGNATURES All of this sounds great, how do you know that the public key in your key ring is really from Fred and not from, say, Devious System Administrator Sam, who substituted his own key for Fred's? The most obvious way is if Fred personally hands you a diskette with his public key on it, which you then load onto your computer. But this will not always be practical on an international network. As Zimmermann explains in his documentation, tultimately, it all gets down to a matter of trust. What if Bob, whom you trust, gives you a key that he says is from Fred? Can you trust that it is really Fred's key? There are now several public-key servers, on which you can download somebody's public key, but again, the question is whether you can trust these servers. A related issue is how you can verify whether an e-mail message or Usenet posting really comes from the person whose name is in the "return" field in the message header. That's where digital signatures come in. PGP lets you embed a unique "signature" in your outbound messages that could only be generated by your secret key. This lets you prove to others that you really did or did not send a given message. In addition the the signature function in PGP, you may also see references to Privacy Enhanced Mail. This is an Internet digital-signature standard that has gained considerable currency. Like PGP, it provides a signature. Unlike PGP, however, it does not need to be part of an encryption system -- if all you're doing is filling out an order form for something, you may only want to prove to the recipient who you are, but not care who sees the form itself. 1.5 A WORD ABOUT CREDIT CARDS There are now several commercial services on the Net that let you order their products online, by sending them your credit card numbers in e-mail. Good idea? The proprietors of these services argue that e-mail is at least as secure as the counter at your favorite local restaurant, where you don't think twice about having your credit information imprinted on a fairly accessibly carbon form. The difference, however, is that it's relatively hard to get that information distributed -- and who wants to dive through dumpsters to find discarded carbons (although that has been done). On the Internet, your credit information can be quickly distributed worldwide with a few keystrokes. Such concerns have helped hold up the development of on-line "malls" on the Net. Work, however, is being done to overcome this. CommerceNet, a $12 million Internet joint effort by several U.S. government agencies and private companies in the Silicon Valley area, will be built around order forms that use a relative of the encryption offered in PGP. This way, when you fill out an order form, it will be instantly encrypted before being shipped to a CommerceNet vendor. Couple this with a digital- signature standard such as PEM and the result could be the growth of electronic commerce on the Net. 1.6 THE GOVERNMENT STEPS IN The Clinton Administration currently has proposals for establishing an encryption system developed by the National Security Agency as a national standard. Administration officials argue that as more and more communications become transmitted in digital form, a system is needed to protect them from eavesdropping. At the same time, however, the government proposal calls for creation of "escrow" databases that would hold the keys to decrypting any communications encrypted with this NSA system, known generically as the Clipper chip (the mathematical encryption formulas, officially government secrets, would be embedded in chips to make reverse engineering of them more difficult). Under the administration plan, each chip would have its keys stored in two separate databases, administered by two separate federal agencies. If a government official wanted to listen in on a given data link, he would have to go to court (as under current wiretap laws) to gain access to these keys. That, at least, is the theory. A coalition of civil-liberties groups (including the EFF), computer companies and others have united to oppose the plan. A key concern is the ease with which government agents could gain access to the keys (those with long memories recall the ease with which the FBI impinged on the civil rights of Americans citizens in the 1950s and 1960s). Given that the government has said repeatedly it will not outlaw private encyrption systems, the net effect could be to create a civil-liberties risk for law-abiding citizens while criminals simply use other encryption systems to avoid government eavesdropping. U.S. companies argue that Clipper could harm the competitiveness of U.S. telecommunications and computer products in the world market -- what foreign government would let their citizens use products to which the U.S. government holds the keys? 1.7 ANONYMITY ON THE NET There are times when you might want to participate in a Usenet discussion or send e-mail without letting recipients know who you are. Say you're the victim of abuse and want to discuss that subject. Or you work for a software company that's releasing buggy software and you want the world to know. Or you like discussing intimate sexual practices but would just as soon not have your boss/friends/significant other find out. Several "anon" servers around the world can give you the anonymity you want. Probably the best known is anon.penet.fi, run by Johan Helsingius (better known on the Net as Julf), of Espoo, Finland, so let's take a look at how it works. The basic principal is simple. A database at anon.penet.fi assigns you a dummy name. Then, every time you send e-mail or a Usenet posting through the site, this dummy name is substituted for your real name and e-mail address before the message is forwarded. The software even knows how to look for standard .signature files (i.e., anything after "--" at the bottom of a message) and strips those out. You get assigned your "anon" address the first time you send e-mail or a posting through the site. It will look like something like this: an12345@anon.penet.fi. Any e-mail or postings you route through the site will have that return address. Any replies or messages you get will be routed to your real address. One twist is that replies will also be "anonymized" so you will have no way of knowing who the other person is unless he tells you within his message. Posting to a Usenet group is the easiest part of using the system. Compose an e-mail message containing your posting and send it to newsgroupname@anon.penet.fi, for example: alt.sex.hamster.duct-tape@anon.penet.fi You can only post to the newsgroups the server itself gets, so that might rule out postings in some regional newsgroups. Sending e-mail anonymous is a little trickier, because of the mechanics of Internet e-mail. The first thing you want to do is to give yourself a password on anon.penet.fi (to help defeat any crackers who might try to use your address). Compose an e-mail message to password@anon.penet.fi You can leave the "subject:" line blank. Then, as the message, write whatever sequence of letters and numerals you want as a password. Once you get confirmation back from the anon server that you have a password, you're ready to go. If you really don't want a password, write to password@anon.penet.fi, only instead of sending a password, write: none). Now start a message to anon@anon.penet.fi, rather than the person you're really trying to reach. Fill in the "subject:" line with the real subject of the message. Here comes the tricky part -- you'll have to put a couple of odd lines in your message header. The easiest way to do this is to write, as the very first two lines of your message: X-Anon-To: user@site.name X-Password: yourpassword substituting the real e-mail address you're trying to reach and your real anon password, of course. Follow these two lines by a blank line and then your actual message (the blank line is important). If you've told the password database you don't want a password, you don't need an X- Password line. You can also use the X-Anon-To line for cross-posting to several Usenet newsgroups at once (the method shown earlier only works for one group at a time). Instead of an e-mail address, write the names of the newsgroups to which you want to post, separated by a comma (but not a space), for example: X-Anon-To: misc.test,alt.test,ne.test If you have set yourself up with a password on the anon server, you'll need to include an X-Password line as well. 1.8 ANON CAVEATS Helsingius' server has proven very popular, so it could take several hours for your messages to be processed and transmitted. In his help file about the system, Helsingius writes: "If you intend to mail/post something that might cost you your job or marriage or inheritance, _please_ send a test message first. The software has been pretty well tested, but some mailers on the way (and out of my control) screw things up." You can post test messages to your heart's content in the misc.test and alt.test newsgroups. Can the system be cracked? Helsingius admits that's a possibility. Password-protecting your messages only works if the messages get to Finland first. If, for some reason, your message is mis-routed or bounced somewhere, it could wind up being read (all the more reason to use the methods discussed above to encrypt private messages). And there is a "societal" risk to using an anonymous server. Some people will automatically discount anything that is said in an anonymous Usenet posting. Some people have even gone so far as to propose software methods to automatically delete any postings -- on virtually every Usenet site -- that come from an anon server. Conversely, Helsingius doesn't want the system to become a haven for net.abuse by people hiding behind anonymity. He can and does respond to complaints about such behavior. 1.9 FYI: Gary Edstrom maintains a five-part "Frequently Asked Questions" series on PGP and related issues (as well as a list of public key servers). You can find it posted in the news.answers or alt.security.pgp newsgroups in Usenet. The latter newsgroup is an excellent source of information on the latest happenings with PGP. You can also find the FAQ on the ftp site rtfm.mit.edu. Look in the pub/usenet-by-group/alt-security-pgp directory. The newsgroup sci.crypt is where you'd go for more technically oriented discussions on cryptography and encryption, as well as where you'll find FAQs on public-key cryptography and Internet privacy. Again, many of these files will be available via ftp or ncftp at rtfm.mit.edu, this time in the pub/usenet-by-group/sci-crypt directory. To discuss the ramifications of the Clipper chip, try the alt.privacy.clipper, comp.org.eff.talk and comp.org.cpsr newsgroups. EFF's Gopher site (gopher.eff.org) and ftp site (ftp.eff.org) have extensive collections of documents on issues related to encryption, online privacy, government actions, etc. On the Gopher server in particular, simple browsing will yield a large number of interesting documents. You can maintain complete instructions for using anon.penet.fi by sending an e-mail message to help@anon.penet.fi. The system responds automatically, so it doesn't matter what you write. If you want the instructions in German, write to deutsch@anon.penet.fi. There are a number of anon servers besides anon.penet.fi. You can get a copy of Matthew Ghio's anon list and directions for using these servers by sending e-mail to mg5n+remailers@andrew.cmu.edu. This address automatically responds with a copy of the list, so you can write anything at all. The Usenet newsgroups alt.privacy.anon-server and alt.anonymous are where you can discuss anon servers as well as read news about new servers. 2 FILE TRANSFERS, PART II 2.1 FROM MAILBOX TO YOU Say somebody sends you an e-mail message that you want to transfer to your own computer. Assuming you're connected to a Unix public-access site, and that the message is straight ASCII, you have a couple of options. The quick and dirty way is to start your computer's screen-capture or logging function before you open the message. Then call up the message and, when done, stop the logging, and the file's saved to your computer. That method's good if you only want to transfer one message. But what if you want to save several messages to a single file (a bunch of items from a mailing list, say)? Then you might want to save them to a file on your public-access site first and then download that. If you use the Pine mail program, open up the message and then hit your e key. You'll be asked to enter a file name in your home directory. Once done, go to the next message and repeat the process. When finished, you'll have a single large file in your home directory for downloading. Note that when you do this, Pine will mark the message for deletion, so if you want to keep it in your mailbox (to reply, perhaps), answer N when you exit Pine and are asked if you want to delete the marked files. If you use Elm, instead, hit your s key, either within the message or with the cursor on its entry in the message menu. You'll get something that looks like this: =jdoe which comes from the e-mail address of the sender. If you hit enter, you'll save the message to a file called jdoe in your Mail directory. If you want to save it to a differently named file in your home directory, hit your backspace key once and then type in the file name you want (but without the equal sign). As in Pine, the messages will be marked for deletion, so keep that in mind if you want to retain them in your mailbox. In either case, you can now download the file using the comands discussed in the Big Dummy Update No. 2. 2.2 SINKING YOUR TEETH INTO GOPHER FILES. Gopher has a similar mechanism for saving files to your home directory. When you want to save a document or file from a Gopher menu to your home directory, hit your s key with the cursor on the item you want. You'll be given a default file name. You can hit enter or backspace over that name if you want to use something else (Note: if the name is more than a line long, which could cause problems if you download it to certain types of computers, you may not be able to back space all the way back. If so, open up the document and e-mail it to yourself and then save it to a file). There is one important difference between saving messages from Pine and Elm and saving Gopher documents. Unlike the mail programs, Gopher does not append files to the end of an existing file; instead, it overwrites them. So say there are three documents in a Gopher directory you want. Make sure to save them to differently named files. 2.3 UPLOADING FILES If you want to upload files to a Unix public-access site, you'll have to let both that computer and your own know that you're about to transfer a file. First let the public-access site know it's about to get a file. To do that for a Zmodem transfer, type rz at your command prompt and hit enter. Then do whatever you have to on your end to upload a file via Zmodem. The similar commands for Xmodem and Ymodem are rx and rb, respectively. As with downloading files, you can, in many cases, have the two computers automatically adjust the line endings of ASCII files during the transfer, by adding an -a flag, for example: rz -a 2.4 TALKING MIME In Chapter 9 of Everybody's Guide to the Internet (formerly, the Big Dummy's Guide to the Internet), you saw how to use programs called uuencode and uudecode to e-mail binary files (spreadsheets, graphics and the like). It works, but it's a clumsy process. The past couple of years, though, have seen the development of the Multi-purpose Internet Mail Extensions (MIME), which make e-mailing these files very easy. If you use an e-mail program such as cc:Mail or Microsoft Mail at work, or if you dial into bulletin-board systems, then you're used to the idea of file attachments -- you write a message, and then tell the computer you want to attach a file. MIME is essentially the Internet equivalent. The one caveat is that your recipient also has to have a MIME-enabled mail program; otherwise you could run into problems (and in that case, you'll have to fall back on uuencode). Probably the best way to use MIME on a Unix public-access site is with Pine -- it makes it very easy. Let's say you've just uploaded a graphics file that you want to mail to a friend. Call up Pine and start a message to your friend. With the cursor still in the header area (i.e., the area where you put in his e-mail address), hit control-J. You'll be asked for the name of the file you want to attach. Type in its name (or path if you put it somewhere besides your home directory) and that's it! You can now compose a message to your friend and then send it off as you would normally (only now it will come with an attached file). Assuming your recipient also uses Pine, when he gets your message, one of his options will be to hit control-V. If he hits that, he'll be asked if he wants to view or save the attached file. Assuming it's a binary file, he should hit his s key and then type in the name of the file under which to save the attachment. When he exits Pine, he can then download the file -- without the muss of first uudecoding it. A number of companies now sell software that lets users of proprietary e- mail systems send and receive MIME attachments. So if you plan on exchaning binary files with somebody on one of these systems (our friend, the cc:Mail user, for example) -- ask if her system can accept MIME attachments. It will make life a lot easier for both of you. 3. HAVEN'T I SEEN YOU BEFORE? MASS MAILINGS INFEST USENET All that "Information Superhighway" hype is beginning to take its toll on increasingly weary net.denizens. Recent months have seen growing infestations of mass mailings on the Usenet, and there are no signs of them slowing down. Couple that with a steady increase in junk e-mail (in recent weeks, your faithful Dummy has gotten unsolicited ads urging him to do everything from hire a private investigator to buy genuine Soviet- era rubles) and you can understand why some people are getting a little cranky. Usenet has always had people who would post large numbers of messages to totally inappropriate newsgroups. Collge students, for example, sometimes think that the rest of the world cares about their tuition increases. But they tended to do this in as appropriate a manner as they could, by "cross-posting," which means each site gets only one copy of their message, and which means that readers generally only get to see the message once. Now what we are seeing is people who post large volumes of messages, one at a time, to several thousand Usenet newsgroups and Internet and Bitnet mailing lists. This can mean tremendous increases in the load on individual Internet sites (one fellow who did this in January to proclaim the imminent end of the world was responsible for sites getting hit with 6 megabytes of postings all at once) and means that you will see the same exact message in every single newsgroup you read. A law firm in Phoenix, Arizona pulled this stunt in April to advertise its alleged expertise in immigration law. Do you read alt.sewing? You saw their ad. Are you only interested in the New England issues discussed in ne.general? You saw their ad. Looking for some anti-Bill Gates rants in alt.fan.bill-gates? Guess what you saw. The law firm repeated the posting, albeit in fewer newsgroups, in June. So what to do? One of the great things about the Net is how easy it is to fight back. In less than 24 hours, that law firm, and the site they used to post their ad, received some 200 megabytes worth of protests, enough to crash the public-access site several times (which in a way was too bad, since that site's administrators quickly pulled the lawyer's account for such a gross violation of netiquette). When you see something like this, just hit your 'r' key and respond, politely of course, that you don't feel Usenet is the place for junk mail. You won't be alone -- thousands of other people will join you in sending these protest messages (unfortunately, there's no guaranteee it will work -- the lawyers said they would repeat their escapade in a second because online advertising has resulted in many new clients). One thing you shouldn't do is to post your response in Usenet newsgroups. All you'll be doing is creating more of a mess for others to wade through. If you want to discuss such "spamming" (from the way the pink luncheon meat spatters when thrown against a wall), the place to do it is alt.current-events.net-abuse, which was set up after the attack of the lawyers. Now, in the future, there's a chance you may actually see fewer of these types of postings. An informal network of "spam" watchers (widespread posting is known as "spamming" from the way, like the original luncheon meat, these things can get spattered all over) have devised ways to delete these mass postings from sites around the world. Now some have argued that, while such mass "cancelling" may be good in these early cases, who's to stop somebody from doing something similar to non-spam messages he finds offensive? It's an issue that will likely come up again and again, in newsgroups such as alt.current-events.net-abuse. 4. ADDRESSING AN E-MAIL PROBLEM Another word of e-mail advice: be careful when addressing your messages. adamg@world.std.com is not the same person as adam@world.std.com. A single missing letter can send your message to the wrong person -- or into the ether. 5. ONLINE URBAN LEGENDS: ANOTHER ONE Sooner or later, you'll run into the infamous Dave Rhodes MAKE.MONEY.FAST letter on Usenet. And not long after, you'll run into a message about Nieman-Marcus or Mrs. Fields or the Waldorf-Astoria having their secret cake/cookie recipe divulged by somebody upset at getting billed a large sum of money for a copy. Wrong, wrong, wrong. None of these establishments have ever done such a thing (and there is no such concoction as Waldorf Red Velvet Cake, at least not served at the Waldorf-Astoria). But for what it's worth, here's the alleged Nieman- Marcus/Mrs. Fields secret cookie recipe: 2 cups butter 4 cups flour 2 tsp. soda 2 cups sugar 5 cups blended oatmeal** 24 oz. chocolate chips 2 cups brown sugar 1 tsp. salt 1 8 oz. Hershey Bar (grated) 4 eggs 2 tsp. baking powder 3 cups chopped nuts 2 tsp. vanilla (your choice) Cream the butter and both sugars. Add eggs and vanilla; mix together with flour, oatmeal, salt, baking powder, and soda. Add chocolate chips, Hershey Bar and nuts. Roll into balls and place two inches apart on a cookie sheet. Bake for 10 minutes at 375 degrees. Makes 112 cookies. ** measure oatmeal and blend in a blender to a fine powder. 6. FAXING GETS EASIER TPC, the folks who run the free Internet-to-fax gateways, recently made it a lot easier to send e-mail to fax machines. You may recall from Update 2 how you had to do a lot of fooling around with the phone number to translate it into a valid Internet address. Now, you don't have to. Here's a sample address, for a fax machine with a phone number of 1 (212) 555-1234: remote-printer.John_Doe/5th_floor@12125551234.iddd.tpc.int Note that you have to start the number with the country's international dialing code. And remember how TPC does not reach every single part of the world. To get a list of covered areas, send e-mail to tpc-coverage@town.hall.org. Also please note that Digital Chicken, the Ontario fax service mentioned in Update 2, has stopped offering its free Ontario fax service. 7. PUBLIC-ACCESS SITES ILLINOIS Chicago. WorldWide Access, (312) 282-8605. Charges: $19.50 a month; $25 a month for SLIP/PPP access. Voice number: (708) 367-1870. Vernon Hills. WorldWide Access, (708) 367-1871. Charges: $19.50 a month;$25/month for SLIP/PP access. Voice number: (708) 367-1870. AUSTRALIA Canberra. InterConnect Australia. $95 set-up fee; $20 a month plus 15 cents a minute, $1 per megabyte of FTP'ed files. For dial-in numbers call one of their voice numbers: 008 818 262 or 03 528 2239. NEW SOUTH WALES Sydney. InterConnect Australia. See under Canberra. Sydney. DIALix Services, (02) 948-6918, log in as: guest. $80 a year minimum; 1 cent a minute plus 1 cent per every 1,000 bytes of Internet traffic. QUEENSLAND Brisbane. InterConnect Australia. See under Canberra. SOUTH AUSTRALIA Adelaide. InterConnect Australia. See under Canberra. Adelaide. APANA, (08) 373-5485, log in as: guest. $65 a year. VICTORIA Melbourne. InterConnect Australia. See under Canberra. WESTERN AUSTRALIA Perth. InterConnect Australia. See under Canberra. Perth. DIALix Services, (09) 244-3233, log in as: guest. $80 annual minimum fee; 1 cent per minute and 1 cent per 1,000 bytes Internet traffic. 7.2 FYI: The Australian sites listed this month come from a list maintained by Zik Saleeba. You can get the most current version of the list (which also includes information on sites that provide e-mail and Usenet access) via ftp/ncftp and World-Wide Web. For the former, connect to archie.au. Look in the usenet/FAQs/alt.internet.access.wanted directory for Network_Access_in_Australia_FAQ file. For the former, point your Web client at http://www.cs.monash.edu.au/~zik/netfaq.html 8. SERVICES OF THE MONTH 8.1 NEWS OF THE WORLD Norwaves is a weekly summary of news accounts from Norwegian newspapers, compiled by the Norwegian Ministry of Foreign Affairs. To subscribe, send an e-mail message to listserv@nki.no Leave the "subject:" line blank. As your message, write: SUBSCRIBE NORWAVES Your Name 8.2 MAILING LISTS ESAPRESS is a mailing list to distribute press releases from the European Space Agency. To subscribe, send an e-mail message to listserv@esoc.bitnet Leave the "subject:" line blank, and as your message, write SUB ESAPRESS Your Name Bits and Bytes is a monthly compendium of news and views about the computer industry, compiled by Jay Machado. To subscribe, send e-mail to listserv@acad1.dana.edu Leave the "subject:" line blank, and as your message, write SUBSCRIBE bits-n-bytes 8.3 WORLD-WIDE WEB CHINA http://www.ihep.ac.cn:3000/ihep.html. This is the People's Republic's first Internet connection, run by the Institute for High Energy Physics in Beijing. The first page on this server has information about the institute, how to find the e-mail addresses of Chinese scientists and the like. Go down further for the China Home Page, where you'll find such things as information about Chinese provinces (under "Chinese Regional Information") and the addresses and phone numbers of foreign companies in Beijing. EATS http://www.osf.org:8001/boston-food/boston-food.html. If you're hungry and headed for Boston, check out Ellis Cohen's reviews and news of some 500 Boston-area restaurants. Reviews are listed by both type of cuisine and by location. http://gsb.stanford.edu/goodlife/home.html The Guide to the Good Life maintains a similar listing of restaurants south of San Francisco. FINANCES http://nearnet.gnn.com/gnn/meta/finance/index.html The Global Network Navigator's newest "meta-center" is a collection of documents and information links about personal finances. ROTARY http://www.tecc.co.uk/public/PaulHarris/ Look here for more information than you'd ever thought you'd need about the worldwide organization. 8.4 GOPHER BLACK STUDIES umslvma.umsl.edu From the main menu, select "Library," "Subjects" and then "Black Studies." You'll find a variety of documents and directories on the black experience in the U.S., as well as pointers to other gophers related to black studies. LAW wld.westlaw.com Westlaw's Legal Directory lets you search for information about thousands of law firms and government agencies across the U.S. 8.5 TELNET GOVERNMENT cap.gwu.edu The General Accounting Office, the watchdog agency of the U.S. Congress, now publishes daily electronic information about its reports (you can then order the full reports for a fee). When you connect to this site, log on as guest with a password of visitor At the main menu, type: go gao MUSIC cdconnection.com This site lets you buy CDs online. 8.6 FTP TRAVEL ftp.cc.umanitoba.ca The rec-travel directory contains a collection of travelogues and guides, organized geographically. The online-info file, updated by Brian Lucas, is a listing of other travel-related resources available on the Internet. 9. ERRATA/UPDATES The ftp path given in Big Dummy Update 2 for Arthur McGee's listings of black and African Internet resources was wrong (because of a certain Big Dummy Update's editor's painful relationship with his keyboard). The correct citation should be: ftp.netcom.com Look in the pub/amcgee/african/my_african_related_lists The address given for the Tico Times in Costa Rica in Chapter 10 of the book is wrong. It should be ttimes@huracan.cr. ------------------------------------------------------------------------------ 10. CONTACT INFO Everybody's Internet Update is published monthly by the Electronic Frontier Foundation. Current and back copies are available by anonymous ftp at ftp.eff.org in the pub/Net_info/EFF_Net_Guide/Updates directory; by gopher at gopher.eff.org (select Net Info, then EFF Net Guide, then Updates); and by WWW at http://www.eff.org/pub/Net_info/EFF_Net_Guide/Updates/ To obtain a copy of the entire EFF Guide to the Internet, use anonymous ftp or ncftp to connect to ftp.eff.org and look in the /pub/Net_info/EFF_Net_Guide directory, or use gopher to connect to gopher.eff.org and then select Net Info and then EFF Net Guide. You'll find several versions for different types of computers. The file netguide.eff is the generic ASCII version. For general information on the Electronic Frontier Foundation, send an e- mail message to info@eff.org. To ask a specific question, write ask@eff.org. To reach Adam Gaffin, write adamg@world.std.com. Everybody's Internet Update is copyright 1994 by the Electronic Frontier Foundation, Washington, D.C.