Warning:

Tried opening that thread "This forum chosen by FEMA as a Y2K citizens feedback site..." and a java script box opened wanting an answer.

One of the tech types would know better, but it looks WIERD to me!

Diane

-- Diane J. Squire (sacredspaces@yahoo.com), March 05, 1999

Answers

Diane,

I couldn't resist. My saviors actually ask me what I thought. I responded, but it was designed very poorly. The message box was designed to open on every entry, (meaning they really don't know where it's coming from), it won't let you back out to the main area. If they are monitering, they won't just stop to look at their thread, they will look at everything.

-- R. Wright (blaklodg@aol.com), March 05, 1999.

Hi, Diane, I was wondering where you'd gotten to :-)

I also wondered about the authenticity of a thread posted at such an odd time; definitely after working hours for anywhere in the US.

I don't use Java, and although I got some sort of warning, it said something about Privacy Guaranteed.

I won't respond, anyway, not being USian ;-)

-- Tricia the Canuck (jayles@telusplanet.net), March 05, 1999.

I checked that thread out too and then went to FEMA's web site to confirm the e mail address and both are the same so it looks legit.

-- Robert W. (SREKCAP98@aol.com), March 05, 1999.

I didn't get anything the first time I tried it (I go with Java and Java script turned off, cookies disabled, and use Luckman's Anonymous Cookie), so I went back after reading this post with Java enabled.

The first screen says privacy guaranteed, the second says to be sure to include your name and email. (If privacy is to be guaranteed why do they need name and email? Honest fellows, I won't vote more than once.)

Curious. So, the email addy is correct? Maybe someone is using this to get FEMA deluged with a bunch of mail, which can then be blamed on us right-wing, survivalist, religious freak, nutcases that are interested in preparing for y2k. And, so few people use their real name and addy when they post here, why would they think they'll use them to respond to a federal agency?

Methinks it's a hoax.

-- De (dealton@concentric.net), March 05, 1999.

Attention rose growers. We now have a large supply of fertilizer available. Bring your own bucket or wheelbarrow.

-- Ken Seger (kenseger@earthlink.net), March 05, 1999.

This might well not be a hoax. I didn't check the HTML source-code, or validate the email address, but I could easily see someone at FEMA wanting our input (sort of like "know thy enemy").

On the outside chance that this request for our opinion is legit, I SAY WE GIVE IT TO THEM!

-- Anonymous99 (Anonymous99@anonymous.com), March 05, 1999.

C'mon, folks, if FEMA really wanted to sample opinions it wouldn't do it this way. Besides, it would take a committee, several subcommittees, ad hoc whatsits, Robert's Rules of Order, lots of note-taking and paper, a ton of meetings, appointment of a Public relations thingie, press releases, and an elaborate survey form with beautiful graphics (but badly designed).

-- Old Git (anon@spamproblems.com), March 05, 1999.

Here's a clue as to the authenticity of the message"

From FEMA's own Website, it says the following:

"Please note that all FEMA staff email addresses are firstname.lastname@fema.gov"

Notice this person used his name (and searching FEMA's staff directory, there is no one by that name) followed by eipa@fema.gov

Now,. . .eipa is fema's public affairs division, so that may have some legitimacy.

On the whole, however, I don't think this is legit. Not enough detail and notice the reference to "this great country." Not the kind of language I would expect from someone legitimate.

My 2 cents worth

-- FM (vidprof@aol.com), March 05, 1999.

Why would they solicite our thoughts? All they have to do is read all the postings. I was half way through a long "piece of my mind" message when I realized I had already posted most of my thoughts in previous messages. Bill in South Carolina

-- Bill Solorzano (notaclue@webtv.net), March 05, 1999.

Diane, Your scepticism is wise and a good caution to readers of this site. Thanks.

-- Watchful (seethesea@msn.com), March 05, 1999.

The thread was taken out just after I viewed it.

You all should disable Java, there's no need for it here.

In Netscape 4.5, click on Edit menu, chose preferences. Click on the word "advanced", then unckeck both Java enabling boxes.

Here's another reason you should disable Java:

"The Frame-Spoofing Vulnerability January 7, 1999

Netscape has recently been alerted to a vulnerability that affects versions of Netscape Navigator on all available platforms that support the use of frames, including versions 2.0 and later. Netscape has verified that this vulnerability does exist, although no customer incidents have been reported to Netscape. Netscape takes all potential security and privacy issues seriously and is currently working on a fix that will be included in a future version of the browser."

Full story at http://home.netscape.com/products/security/resources/bugs/fram espoofing.html

-- Chris (catsy@pond.com), March 05, 1999.

Is it just me or did the FEMA input post referred to get yanked?

-- Charles R. (chuck_roast@trans.net), March 05, 1999.

No - it doesn't make sense - not that from the fede's it would have to make sense, but this seems all wrong.

First - look at known and open federal site - for example, there is one (oops forgot the specific) on DC's Y2K questions and answers session (yesterday). Go to it, look at the style and method and "feel" of what they present, who they reference, and how they do things. Look at a couple of the .gov sites from your Rep or Senator or state Y2K. there is a feeling there at these sites that is consistent.

But no there. For example - this "thread" is a direct link to an unknown site that requests your id immediately. (Keeping it confidential seems funny too - isn't there a warning common to internet commercial purchaers - give info to catalog tha you have called, not ione that calls you.) From a publicly accessed forum that has a special format and style of question and answer into a relational database, this thread is different that all others.

Now - consider that the threads here (in yourdon.com) are now coming through so fast that they "go off screen" in less than 5-8 hours unless being rapidly responded to and fro.

So, if the unknown reader/writer of this site wanted only 6 hours of comment - he would need to perpetually "bring up" the thread to top of yourdon's recent answers list. Or no longer get the exposure to the public he apparently wants.

I would trust the site ONLY if I could get to it from a link from an official FEMA site that I got to from a second federal site - NOT from FEMA directly. In other words - when the fed Y2K site calls a FEMA site that has this site specifically onit in this exact format requesting this exact same data. Otherwise, it appears to be a hoax to me - or simply one for people to vent, but not get reviewed.

If youwish to vent - do it to somebody paid to professionally ignore you - write your congressman and senator directly.

-- Robert A. Cook, P.E. (Kennesaw, GA) (cook.r@csaatl.com), March 05, 1999.

The FEMA thread you talk about was deleted. I had a post for those guys, if they still want to see it. If you could care less, don't read:

I have no crystal ball. Who knows how Y2K will affect my personal life? There are, however, serveral disturbing aspects which lead me to think that y2k computer problems as well as y2k "human" problems could be severe.

1) We are now more dependent on computers than ever before; they are responsible for the justin time economy. They are in every subtle nook and cranny of our lives. If a large number fail at the same time, people become clueless and work stops.

2) Software upgrades and repair projects OF ANY KIND tend to occur late and over-budget. Why should y2k remediation be an exception?

3) y2k failures can also spring from hardware. Yes, only ~1% of embedded processers might propagate y2k failures, but there are billions of them around the world. Many are serially linked to one another so that error can be propagated rapidly through "complaint" systems. I fear that this sort of thing will be a high risk issue in extremely complex systems such as oil refineries, gas pipelines, power grids, and telecom systems. I fear that many of these embedded systems will be like needles in a haystack to find and equally difficult to replace from undersupplied vendors.

4) A lot of the "legacy systems" that run our government and large corporations were programmed by academic-type nerds who saw the code as a personal, artistic/creative process. Now they have retired or forgotten their little codes which is soon to be pure spaghetti mess soon.

5) There are ALWAYS errors in code remediation, and the bugs don't get erradicated unless many rounds of testing are done. Many people say there is no time for satisfactor or even accurate testings/simulations, only PR stunts.

6) Government agencies have not always had the best track record in honestly revealing the extent of their system remediation or the magnitude of their problem. I am still skeptical of the recent Horn report card and all its high marks. 5) On the human y2k problem...I would like to think that I can trust us all to remain calm in a time of turmoil. But it took only ten minutes after word of the Rodney King verdict got out for LA to go up in flames. There was obviously a lot of festering anger there beforehand, and the verdict was obviously the proverbial match to the powderkeg. Perhaps in the future we can work on the reasons behind whatever festering anger exists rather than "waiting to open the firehoses on something that's already exploded"...More easily said than done admittedly, but a challenge to be aware of nonetheless.

6) Powderkegs are avoided by being honest and open. Tatoo this mantra onto your brain: "Open, good; closed, bad." This, in my humble opinion, is an area of improvement for our Federal Government. The sooner it comes clean with the scoop of where taxpayer dollars are frittered away in scandalous ways, the better. (Because in time, the truth always comes out!) There is still quite a bit of residual mistrust after so many of us were drafted into Vietnam and subjected to stuff like Watergate, Iran-Contra, and the FBI involvement at Wounded Knee in 1973. There are many who feel that their right to privacy has all but eroded from fed-mediated electronic surveillance in the name of the so-called "War on Drugs" or "War on Terrorism." Bureaucratic inertia and the rule of CYA seems to be behind many of these dirty little secrets. But as children we learn that little lies become big lies when we try to cover them up. We learn that it's the big lies that make people really angry. If "Continuity of Full Government Service After y2K" ends up being a Big Lie, then what?

7) The foreign aspects of Y2K are equally if not more troubling. I fully expect Russia to cave in from famine, power failure, nuclear meltdowns, etc. Hardline ex-Soviet generals are salivating for the right moment to step in and reinstate the Soviet Union, and y2k will be It. But this new Soviet Union will be nastier, because it will blame the West for all its troubles. Also I expect petrolem to become as scarce as in 1973 when we nearly went to war with Brezhnev and Sadat. Disruptions in the flow of oil inevitably lead to war. I don't think y2k will be a tranquil commune with nature overseas. It will be a hard battle with the elements. Throw in greed, fear, anger on a mass scale, and you get the picture.

8) Y2K will cease to be a "bump in the road" and a true National Crisis when Y2K errors begin to feed back into the abilty to conduct satisfactory Y2K repairs. Currently, most y2k failures (but not all) can be patched in 72 hours. What happens when programmers are staying at home with their families during a prolonged power outage? What happens when litigation fees prevent companies from making lasting (not slipshod) repairs? What happens when backordered control systems for a nuclear power plant can't get to the power plant because of sporadic electricity or diesel fuel? You get the picture. Our dynamic economy is networked to sustain a degree of abuse and fault tolerance. But it has never been fault tested before full scale. How is it possible for people to know the point at which failures become precipitous? The element of fear is a wild card because it, too, is a factor in tipping the balance towards precipitious global meltdown.

9) Y2K is a gamble. The odds are moderate (but not necessarily high, yet) that y2k will cause great suffering, but that a degree of personal/community preparation will be able to mitigate that suffering. The stakes are extremely high, because some of us have everything to lose if the proper actions are not made. FEMA, in its role as a Federal Insurance Policy, ought to know how to bet given these conditions.

-- Coprolith (coprolith@rocketship.com), March 05, 1999.

This is a thread with links to to "real" government site:

"Federally produced and distributed Y2K awareness information will be distributed soon."

-- Robert A. Cook, P.E. (Kennesaw, GA) (cook.r@csaatl.com), March 05, 1999.

Thanks guys,

I got as far as the warning then shut down the 'puter at the power strip 'n rebooted. So I never saw what was in there.

In my mind, if real, FEMA would likely have had the digital suggestion box on their site, and posted a request here with a link. Truly, I'd be surprised if they even cared what "we" think!

BTW, nice job, Coprolith.

Diane

-- Diane J. Squire (sacredspaces@yahoo.com), March 05, 1999.

Chris;

>"The Frame-Spoofing Vulnerability January 7, 1999

Netscape has recently been alerted to a vulnerability that affects versions of Netscape Navigator on all available platforms that support the use of frames, including versions 2.0 and later. Netscape has verified that this vulnerability does exist, although no customer incidents have been reported to Netscape. Netscape takes all potential security and privacy issues seriously and is currently working on a fix that will be included in a future version of the browser."<

I am using your post from above just as a reference to the follow on response. I hope that you don't mind the theft.

Microsoft has a patch file available to "fix" the Frame spoof problem with MSIE 4.0. It is available at:

www.microsoft.ccom/ie/security/default.asp

S.O.B.

-- sweetolebob (buffgun@hotmail.com), March 05, 1999.

ALL:

Obvious "fat trigger finger syndrome". The correct address is:

www.microsoft.com/ie/security/default.asp

S.O.B.

-- sweetolebob (buffgun@hotmail.com), March 05, 1999.