Subject: RISKS DIGEST 9.78

Subject: RISKS DIGEST 9.78
REPLY-TO: [email protected]

RISKS-LIST: RISKS-FORUM Digest Thursday 5 April 1990 Volume 9 : Issue 78

FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
RAF Tornado collision (Dorothy R. Graham via PGN)
New Georgia Automobile Tags (Warren Tucker)
British tax tales (Bob Gray via Mark Brader)
Oslo Day in Norway? No way! (Paul Dorey)
Computer backorder on cover letters (Yuri Rubinsky)
London Underground driver's action (Martyn Ould)
Hi-Tech Loo (Wayne W. Lui via Brian Randell)
Proposed UK Authority for Risk Management (Brian Randell) [See Box for cases]
More on Prodigy's Updating of a User's Disks (Eric Roskos, Paul Eggert)
April Fools Day on the net (D. Waitzman via Martin Minow)
Automated Fast Food (Dave Curry)
UNIX Trix (Paul Eggert)
Re: PSU Hackers thwarted (Pete Mellor)
Three Australians indicted for computer tampering (PGN)

The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome.
CONTRIBUTIONS to [email protected], with relevant, substantive "Subject:" line
(otherwise they may be ignored). REQUESTS to [email protected].
TO FTP VOL i ISSUE j: ftp CRVAX.sri.com<CR>login anonymous<CR>AnyNonNullPW<CR>
cd sys$user2:[risks]<CR>get risks-i.j . Vol summaries now in risks-i.0 (j=0)

----------------------------------------------------------------------

Date: Thu, 5 Apr 1990 9:40:14 PDT
From: "Peter G. Neumann" <[email protected]>
Subject: RAF Tornado collision (sent by Dorothy R. Graham)

In August 1988 two RAF Tornado fighters collided over the village of Millburn
in Cumbria, UK, killing the four crewman. Originating from different
airfields, each plane was using the SAME preprogrammed cassette to control its
on-board computer in low-altitude flight, which resulted in their both coming
together at the same height at the same location at the same time. The MoD
report identified an "extraordinary" series of coincidences, and put the blame
on insufficient coordination among different RAF bases. New rules have been
established.

Source: The (London) Sunday Times, 11 March 1990, excerpting a Ministry of
Defence report. Thanks to Dorothy R. Graham for clipping it.

------------------------------

Date: Thu, 29 Mar 90 00:01:31 EST
From: [email protected] (Warren Tucker)
Subject: New Georgia Automobile Tags

I heard on a local radio station this afternoon that many Georgia Citizens are
being erroneously arrested out of state for possession of stolen vehicles. It
seems that numbers in the new series license tags (issued since January)
sometimes :-) match numbers from the previous series. Unfortunately for many
people, some match numbers belonging to vehicles stolen as long ago as 1983.
One elderly gentleman was arrested for riding his own motorcycle. A couple
spent the night in an Indiana jail for driving their own car. The state motor
vehicle people say they'll get NCIC information updated by September. Adds new
meaning to the slogan "Stay and See Georgia," doesn't it?

Warren Tucker, TuckerWare

[Ray Houghton of Augusta GA sent me a clipping
from the Augusta Chronicle, 27 March 1990. PGN]

------------------------------

Date: Fri, 30 Mar 90 05:17:01 EST
From: Mark Brader <[email protected]>
Subject: British tax tales

The following items were forwarded to Usenet's soc.culture.britsh
by Bob Gray ([email protected]), having originally appeared on Oracle.
For those who don't know, the term "poll tax" is used in Britain for
a new, flat "per head" tax, replacing what we call property taxes;
it has nothing to do with voting.

[reformatted]

Student Andrew Mursell, 19, of Ryde, Isle of Wight, expected to
pay 70 pounds in poll tax but has just received a bill for nearly
4,000,000 pounds. Medina Council said it was a computing error.

A man waiting for a bus at Maidstone, Kent, was stunned when
a postman tried to force him to take a poll tax demand.
The letter was addressed to The Occupier, Bus Stop, High Street.
"The postman said he tried to give it to the man at the front of the
bus queue, but he refused to take it, and I can't blame him," said a
council official. "It was all down to a computer error."''

[The second case was also noted by Dave Horsfall <[email protected]>
in Australia! Small world. PGN]

------------------------------

Date: Tue Mar 27 21:45:28 1990
From: [email protected] (Paul Dorey)
Subject: Oslo Day in Norway? No way!

The 'Daily Telegraph' of Tuesday March 27th reports a Reuter news
agency story:

" A Norwegian Bank was embarrassed yesterday after a cashpoint computer
apparently applied its own form of 'fuzzy logic' and handed out thousands of
pounds no one had asked for. A long queue formed at the Oslo cashpoint after
news spread that customers were receiving 10 times what they requested. "

Paul Dorey ([email protected])

------------------------------

Date: Sat, 24 Mar 90 15:35:18 EST
From: Yuri Rubinsky <[email protected]>
Subject: Computer backorder on cover letters

After I stopped by this company's booth at the recent CD-ROM conference,
the following letter arrived here from a major CPU manufacturer...

Dear Mr. Rubinsky:

Thank you for your [company name] literature order.

We are very sorry, but the following items that you have requested are
currently on backorder:

EXPECTED
PRODUCT CODE DESCRIPTION ARRIVAL DATE
------------ ----------- ------------
T217 DEAR CUSTOMER COVER LETTER FOUR WEEKS

Your order will be filled at the earliest possible date. In the
meantime, your patience in regard to this matter is greatly appreciated.

Please feel free to call our Literature Distribution Center at
[800-number]. Our operators will be happy to help you place an order
for any additional literature, or refer you to your nearest [company
name] sales office to help you with any technical questions regarding
our products. If you call to check the status of your order, please
reference your order #[number].

Again, thank you for your order, and we hope to be of service to you
in the future.
Sincerely,

[empty space here]

[company name]
Literature Distribution Center

Curiously, one week earlier I received the literature I had requested --
without a cover letter.

Submitted to comp.risks and rec.humor.funny by Yuri Rubinsky, SoftQuad Inc.,
720 Spadina Ave., Toronto, Ontario, Canada M5S 2T9

------------------------------

Date: Mon, 26 Mar 90 12:05:45 BST
From: Martyn Ould <[email protected]>
Subject: London Underground driver's action (RISKS-9.76)

I heard an interview with the driver of the train shortly after he had averted
the accident. As I remember it, he said that he had seen the train approaching
him at speed from behind and had taken the action he was trained to take,
namely to short circuit a particular circuit. It sounded, the way he put it,
as though it was an instinctive action and his presence of mind was in the
response to his training. I hope he got a bonus.

Another interesting feature of the accident which I didn't get to the bottom
of was that one of the passengers, also interviewed afterwards, seemed to
suggest that passengers in the last carriage (ie the one about to be crushed)
scrambled through the connecting door into the preceding carriage, in response
to hearing the driver shouting at the signalling staff over his comms -
presumably he had switched on the PA so that passengers could be warned at the
same time. I hope he got two bonuses!

Martyn Ould, Praxis plc, 20 Manvers Street, BATH BA1 1PX, UK

------------------------------

Date: Thu, 29 Mar 90 13:52:59 BST
From: Brian Randell <[email protected]>
Subject: Hi-Tech Loo

I just saw this on soc.culture.japan, and couldn't resist reposting it
to RISKS just to see what sort of reactions it would arouse. Brian Randell

>From: [email protected] (wayne.w.lui)
>Newsgroups: soc.culture.japan
>Subject: A loo full of technology
>Date: 28 Mar 90 04:01:24 GMT [edited by PGN]

Japanese technology is plumbing new depths -- it's created the intelligent
toilet. Last october, Toto Ltd., Omron Corp. and Nippon Telegraph and
Telephone Corp. (NTT) jointly developed the ultimate in information technology:
the fancy flusher. Makers say a trip to this toilet may save you a trip to the
doctor. The intelligent diagnostic system packs the latest state-of-the-art
goodies. The toilet bowl has a sensor to perform urine analyses and then zaps
the data onto a display screen that shows the concentration levels of sugar,
protein, urobilinogen, and blood in the urine for the occupant's viewing.
Users can chart their blood pressure by sticking their left index finger into a
sensor-sensitive unit on the toilet. The information then can be viewed on the
second screen of the diagnostic system.
What goes in also comes out. The diagnostic system has a printer and an
integrated circuit (IC) memory disk card drive that can store up to 130
examinations. The IC card can also be inserted into a compatible computer
system for simple record updates. [...] NTT officials see the diagnostic
system eventually having on-line communications capabilities enabling users to
send information directly to hospitals or clinics.

Source: Kyodo News. Date: 24 March 1990

[This opens up all sorts of privacy issues! There is also a potential
problem with a user being identified and trapped for capture. PGN]

------------------------------

Date: Mon, 19 Mar 90 21:59:35 BST
From: Brian Randell <[email protected]>
Subject: Proposed UK Authority for Risk Management

MODERN HAZARDS DEMAND A `SAFETY CULTURE'

At a time of increasing concern over both public safety and `green issues',
an Authority for Risk Management would have a vital role as Britain's main
source for scientific assessment of risks. As an independent umbrella
organisation, taking in such agencies as the Food Safety Directorate and the
Chief Medical and Veterinary Officers, Richard North argues it would help to
ensure more public confidence in official information.

The British democracy is the most mature in the world. Perhaps, accordingly, it
has problems responding to a new desire in its citizens to be better informed.

An older generation accepts that the Government knows best, but this
comfortable assumption has been eroded fast. Last week, a local government
report described Britain's proneness to disaster as being more appropriate to a
third world country.

There has been an embarrassing plethora of major disasters - Piper Alpha, the
Bradford football fire, the King's Cross tube fire, the Zeebrugge ferry
sinking and several others - which suggest a failure to develop a proper
safety culture.

There has also been a worrying series of insidious problems.

In 1988, South West Water allowed poison into the the drinking water at
Camelford; bovine spongiform encephalopathy, "mad cow disease", has invaded
domestic herds; eggs and poultry have been found to be pathogenic. Groups
have sprung up to complain about pesticide residues in food and veterinary
product residues in farm animals.

The Authority for Risk Management, ARM, would be the formal means by which such
risks - and those of nuclear power, public transport, environmental pollution,
food poisoning, even global warming - are scientifically assessed, brought to
public attention, rationally explained, and responses to them costed.

One of its jobs would be to develop a way of talking about the tolerability
of risks; almost all of us take huge risks every day with hardly a second
thought, yet get very nervous about much smaller - but involuntary - hazards.

ARM would be a creature of Parliament, and report to it. Its advice would be
given in public, and ministers would have to respond in public. ARM would not
be directly democratic, but would be required to hold open meetings, in the
way the BBC has done in recent years. Indeed, it could develop a "roadshow"
approach, taking key issues to the public, and inviting comment.

ARM's rigorously independent scientists will not be allowed to become
purists. Their advice would have to be accompanied with the cost
implications of new policy. The minister, public and Parliament need to know
how much they are going to spend to live in a safer environment, and decide
if they want to pay the price. ....

ARM would develop a culture of its own - both stricly regulatory and alert to
costs. It would look a little like the Office of Technology Assessment in the
USA. But OTA advises Congress, and only on specific matters drawn to its
attention by elected representatives. ARM would have a stronger statutory,
and innovatory, role. The creation of ARM could make Britain a world leader
in the "greening" of government.

BOX: Catalogue of UK disaster and disease

The following is a list of recent key events which have encouraged discussion
on whether Britain is adequately able to manage risk, whether in terms of
disaster or disease.

1984 - May: 16 die in Abbeystead pumping station in Lancashire. November:
Hundreds flee as fire breaks out in Oxford Circus Tube.

1985 - May: Legionnaire's disease in Staffordshire kills 30 in a month. May:
Bradford City football stadium fire; 56 killed.

1986 - November: BSE identified for first time (confirming first outbreak was
in 1985). November: North Sea helicopter crash; 45 dead.

1987 - March: Herald of Free Enterprise capsizes; 193 dead. October: Gale
force winds lash Britain after low-key warning. November: King's Cross Fire;
31 dead.

1988 - April: Independent committee set up to investigate BSE. July: Piper
Alpha explosion; 167 dead. August: Department of Health issues press release
suggesting advoidance of raw eggs. October: In the year so far, 46
egg-associated outbreaks of food poisoning involving 1,000 people. December:
Clapham rail disaster; 35 dead. December: Lockerbie air disaster; 270 dead.
December: 26 people are reported to have died in salmonella-linked deaths in
the year so far. December: Edwina Currie says most egg production is infected
with salmonella. December: Government announces increased controls on egg
producers.

1989 - January; M1 Boeing 737 air crash; 47 dead. February: Department of
Health announces that 61 people died of listeriosis in previous year. April:
Hillborough stadium crush: 95 dead. July: 2 die, 80 ill in salmonella
outbreak. August: Marchioness river boat sinks; 51 dead. December: Royal
Oldham Hospital salmonella outbreak; 3 dead.

1990 -January: 29,998 cases of salmonella in humans in past year, up from
27,478 in the previous year.

Brian Randell, Computing Laboratory, University of Newcastle upon Tyne, UK
EMAIL = [email protected]
PHONE = +44 91 222 7923 FAX = +44 91 222 8232

------------------------------

Date: Mon, 26 Mar 90 09:50:20
From: Eric Roskos <[email protected]>
Subject: More on Prodigy's Updating of a User's Disks

In a recent RISKS posting, I responded to Donald B. Weschler's
statement that Prodigy could update arbitrary files on the user's hard
disk by saying that it appeared that Prodigy only does cache management
of data in a single file, STAGE.DAT, via this method.

In response to my comment I received mail from Simson Garfinkel, who
wrote the recent Christian Science Monitor article on Prodigy. He said
that Prodigy's manager of software services had told him that they could
indeed update other files, including .EXE files, thus avoiding the need
to send out update disks.

Seeking an explanation, I asked what could be updated by this method on
Prodigy's technical service bulletin board about a week ago, and also
wrote to one of their technical support people asking for clarification.
In response to this, Prodigy, who has always previously answered my
technical questions immediately, simply ignored the question altogether.
It has now been deleted from the bulletin board by Prodigy's automatic
article-expiration software. Harold Goldes, the Prodigy representative
who I asked about the updating, likewise did not reply.

There were several messages by users who read my posting; they all said
the same thing -- that Prodigy could update .EXE files. One person said
that he had expressed concerned about the problem, but that Prodigy had
replied "trust us, no one has the access needed to cause an unauthorized
update." None of the posters said where they obtained their information,
but all postings are screened by Prodigy's staff before appearing on the
board, and Prodigy did nothing to correct these statements. Thus, I
tend to believe them, since they support the statement made by the
Prodigy manager.

Needless to say, this is not encouraging. I re-checked my files in the
Prodigy directory this evening, and found that no file but STAGE.DAT has
been updated since I installed the software nearly a year ago. I
examined the contents of STAGE.DAT with a disassembler, and it does not
seem to be 8086 code. It has always been my belief that STAGE.DAT
contains code interpreted by the main Prodigy program, since Prodigy
also runs on the Macintosh and since STAGE.DAT seems from Prodigy's
previous descriptions to contain definitions of graphics screens and
windows displayed while the system is operating.

If it is indeed an interpreted environment, it would be relatively easy
for Prodigy to prevent unauthorized updates of anything but STAGE.DAT.

If, however, the claims are correct, the Prodigy updating mechanism
would seem to be a considerable risk to Prodigy and its users, as in the
case of a disgruntled employee who arranged for an "update" to occur
after leaving the company, or of someone who discovered a way to
circumvent Prodigy's access controls. Prodigy acknowledges the
possibility of such unauthorized access by outsiders in its membership
agreement: "Unauthorized access to the PRODIGY service or to restricted
portions of the service is a breach of this agreement and a violation of
law."

This same agreement also tries (in capital letters) to limit Prodigy's
liability: "ANY LIABILITY OF PRODIGY, INCLUDING WITHOUT LIMITATION ANY
LIABILITY FOR DAMAGES CAUSED OR ALLEGEDLY CAUSED BY ANY FAILURE OF
PERFORMANCE, ... DELETION, ... THEFT OR DESTRUCTION OR UNAUTHORIZED
ACCESS TO, ALTERATION OF, OR USE OF RECORDS ... [including] TORTIOUS
BEHAVIOR ... SHALL BE STRICTLY LIMITED TO THE AMOUNT PAID BY OR ON
BEHALF OF THE MEMBER TO PRODIGY FOR THE PRODIGY SERVICE IN THE PRECEDING
12 MONTHS." At current service fees, this would be a maximum of $120
liability on the part of Prodigy for damage to a user's data.

------------------------------

Date: Wed, 28 Mar 90 13:48:37 PST
From: [email protected] (Paul Eggert)
Subject: Risk-free PRODIGY

Here's what the PRODIGY folks say about risks in using their service.
In junk mail I just got from them, the front teaser says:

A second chance to try the most exciting new
personal computer service ever.

But you have just 7 days left to take advantage of this _risk-free_ offer.

Inside, there's more:

Now you can use your computer in ways
you never did (or could) before.

But hurry, this RISK-FREE Offer expires in 7 days. [...]
And now you can try the PRODIGY service...RISK-FREE.
There's absolutely no obligation. [...]
Risk-Free OFFER TERMS: If you are not completely satisified with the
PRODIGY service during your first month, simply mark your first bill
``cancel'' when it comes, return it, and owe nothing. [...]

------------------------------

Date: Mon, 2 Apr 90 06:58:26 PDT
From: "Martin Minow, ML3-5/U26 02-Apr-1990 0957" <[email protected]>
Subject: April Fools Day on the net

[an explanation for Risks redistribution problems?]

(I removed some page separators).

Network Working Group D. Waitzman
Request for Comments: 1149 BBN STC
1 April 1990

A Standard for the Transmission of IP Datagrams on Avian Carriers

Status of this Memo

This memo describes an experimental method for the encapsulation of
IP datagrams in avian carriers. This specification is primarily
useful in Metropolitan Area Networks. This is an experimental, not
recommended standard. Distribution of this memo is unlimited.

Overview and Rational

Avian carriers can provide high delay, low throughput, and low
altitude service. The connection topology is limited to a single
point-to-point path for each carrier, used with standard carriers,
but many carriers can be used without significant interference with
each other, outside of early spring. This is because of the 3D ether
space available to the carriers, in contrast to the 1D ether used by
IEEE802.3. The carriers have an intrinsic collision avoidance
system, which increases availability. Unlike some network
technologies, such as packet radio, communication is not limited to
line-of-sight distance. Connection oriented service is available in
some cities, usually based upon a central hub topology.

Frame Format

The IP datagram is printed, on a small scroll of paper, in
hexadecimal, with each octet separated by whitestuff and blackstuff.
The scroll of paper is wrapped around one leg of the avian carrier.
A band of duct tape is used to secure the datagram's edges. The
bandwidth is limited to the leg length. The MTU is variable, and
paradoxically, generally increases with increased carrier age. A
typical MTU is 256 milligrams. Some datagram padding may be needed.

Upon receipt, the duct tape is removed and the paper copy of the
datagram is optically scanned into a electronically transmittable
form.

Discussion

Multiple types of service can be provided with a prioritized pecking
order. An additional property is built-in worm detection and
eradication. Because IP only guarantees best effort delivery, loss
of a carrier can be tolerated. With time, the carriers are self-
regenerating. While broadcasting is not specified, storms can cause
data loss. There is persistent delivery retry, until the carrier
drops. Audit trails are automatically generated, and can often be
found on logs and cable trays.

Security Considerations

Security is not generally a problem in normal operation, but special
measures must be taken (such as data encryption) when avian carriers
are used in a tactical environment.

Author's Address

David Waitzman, BBN Systems and Technologies Corporation,
BBN Labs Division, 10 Moulton Street, Cambridge, MA 02238
Phone: (617) 873-4323 EMail: [email protected]

------------------------------

Date: Mon, 02 Apr 90 13:41:01 PDT
From: [email protected]
Subject: Automated Fast Food

Went to the local Arby's today...

They don't have cash registers anymore. Instead, they've got touch-screens
in the counter, and the customer is expected to navigate through a series
of menus, touching the items he wants.

Some notes:

- The screens are IBM PS/2 color monitors, with a "micro-touch" label
stuck on them

- The menus are reasonably well designed, with large squares to push,
etc. Unfortunately, the screens are positioned such that the glare
makes them hard to read. I expect people with bad eyesight, or who
forgot their glasses, would also have problems.

- There is a "delete" option for when you screw up, or have fat fingers

- The manager thought the system was the best thing since sliced bread
and pop-top beer cans. I unfortunately was there during the lunch
hour, so didn't have time to engage him in conversation to find out
just why he liked it so much, even in face of the obvious problems
the system has.

- There is *no* way to do a special order from the customer screen.
When I complained about this to the manager (who was standing there
making noises about how great this system was), he said "yes you
can, we do it from back here". When I asked him what the point of
me doing my own order was if he had to come over and adjust it for
the special-ness, he just didn't seem to see the problem. Sigh.

- After you enter your stuff and press "finished order", then the person
behind the counter comes up and takes your money, just like before, and
they get your order for you. The whole time we were ordering, these
folks were just standing around watching us. So I'm not sure how these
devices are supposed to save any money/time/whatever.

- It took me about three times as long to place my order and get my
food as it did before, when I'd just say "super, no sauce, fries,
large coke". And I had to fill my own soft drink, too.

Another example of adding technology "becuase it is there", and taking
a giant step backwards as a result.

Dave Curry, SRI International

------------------------------

Date: Wed, 21 Mar 90 18:23:30 PST
From: Pete Mellor <[email protected]>
Subject: Re: PSU Hackers thwarted (Angela Marie Thomas, RISKS-9.74)

David C. Lawrence (RISKS-9.75) questions the validity of assigning amounts of
cash to computer time and other services allegedly 'stolen' by hackers.
Obviously, the sums quoted depend on what the services *could have* been sold
for *if* the owner of the system had been running a bureau service.

Where the service is charged for only in "funny money" for departmental
accounting purposes, such figures should be regarded with suspicion.

Some years ago, I was working in a department which owned an ICL 1904S running
the GEORGE 3 operating system. This had an automatic accounting system which
calculated charges via a complex algorithm whose parameters were defined by
the system manager (so much per Kbyte of filestore space, so much per mill
second, etc.), and printed cash invoices to users every month.

Our system manager, a man not known for wasting resources, had been very
successfully augmenting the departmental budget by cross-charging for bureau
services provided to other departments.

One Friday afternoon, after the department had celebrated someone's imminent
departure in the traditional way at the pub, he noticed that the system was
clogged up by several very large core images whose size and mill consumption
could only indicate mass playing of Star-Trek. He therefore ran the accounting
package, traced the individuals by their account names, and duly presented
them with personal bills of several hundreds of pounds each for 'computing
services'.

Nobody paid up, but a few programmers got a nasty shock!

Peter Mellor, Centre for Software Reliability,
City University, Northampton Square, London EC1V 0HB

------------------------------

Date: Mon, 2 Apr 90 13:09:51 PDT
From: [email protected] (Paul Eggert)
Subject: UNIX Trix

The following note is taken in its entirety from page 1 of CommUNIXque 1:1
(Second Quarter 1990), a quarterly newsletter put out by ASCAR Business
Systems, Glendale, CA.

UNIX Trix

For those of you in the reseller business, here is a helpful tip that
will save your support staff a few hours of precious time. Before you
send your next machine out to an untrained client, change the
permissions on /etc/passwd to 666 and make sure there is a copy
somewhere on the disk. Now when they forget the root password, you can
easily login as an ordinary user and correct the damage. Having a
bootable tape (for larger machines) is not a bad idea either. If you
need some help, give us a call.

I wonder how many UNIX machines have their security turned off this way?

------------------------------

Date: 4 Apr 90 08:37:00
From: Peter G. Neumann <[email protected]>
Subject: Three Australians indicted for computer tampering

John Markoff's article in the 4 April 1990 NY Times notes the indictment and
arrest of three Australians for breaking into and tampering with computers in
the U.S. and Australia, after a two-year investigation. Computers included
Citicorp as well as many on the Internet -- at Los Alamos National Laboratory,
Harvard University, Digital Equipment Corp., Lawrence Livermore National
Laboratories, Boston University, New York University, the University of Texas
and Bellcore. The three were identified as Nanshon Even-Chaim, 18; Richard
Jones, 20, and David John Woodcock, 21. Jones and Even-Chaim are students and
Woodcock is a computer programmer. (Handles are Phoenix, Electron and Nom.)
"Dave" had previously called the NY Times.

------------------------------

End of RISKS-FORUM Digest 9.78
************************