Dear All: This Post was created by Sue Swiggum from the The Ships List. She has a creative writing ability and creates these really wonderful posts every 3 months or so. She has gracefully agreed to let us publish her memo. I'd like to see her publish a book on the subject but until then the rest of the admins will just continue to plead with her to let us send her memos to our lists :-). I've modified her memo slightly to cover our particular situation as compared to her list. So thanks again Sue. Best Regards John A Hansen List Admin Subject Lines -- Subject Lines -- Subject Lines -- Subject Lines -- plus ... a few tidbits and gentle reminders which you might find useful. Regarding "Subject Lines" .... you'll see my other comments for Digest members below. Do include your surnames ( in Caps) in the subject line > location > dates and then include them again in the body of your message where you give the full details of your ancestor. If your details are sketchy at this point, then just put what ever you do have; sometimes the most minor of details can often provide the breakthrough. Subject lines such as "HELP" may not get you any HELP ... "PASSENGER LIST" may not get you any PASSENGER LIST ... "NEW SUBSCRIBER" may only get you a HELLO if you are lucky. The reason is not because you are being intentionally ignored, but rather because our wonderful members with the resources to help you are VERY busy, so they scan the subject lines looking for a subject about which they have knowledge. Sometimes they have no time to open every message and peek to see if they can help, so do yourselves a big favor by drawing the right kind of attention to yourself and giving an assist to those with the resources and knowledge who are able to help. If you are making a general or other emigration/immigration inquiry, take a moment to read your own subject line first, to check if it is meaningful for your query. Put as much info in the subject line as can be reasonably done. Try not to _begin_ your subject line with numbers, as the robot handling the list mail sometimes rejects those. ps. A list member (who is one of our big helpers) has also suggested that when any of us respond to a message with an inappropriate subject line, that we alter it slightly. I do this sometimes, but on a busy day I sometimes overlook this step. ++ Answering: If you able to answer another member's query, then please share that answer with other list members ... UNLESS, the reply is very specifically directed to the poster [such as, "we have a Bill Smith living next door ... could he be yours?"] If your answer will be of interest to other list members, such as ship movements, dates, ports, microfilm numbers, "how-to" research immigration/emigration related sources etc., etc., then please share that with the list. ++ Quoting: When responding to a query on the list, by all means quote the original message so that we ALL know what you are talking about. BUT, edit <snip> the original message to just illustrate the part which you have answered. On my recent roll call for instance, the actual post for the roll call should have been snipped. ++ <snip>'s: As mentioned above, "snipping" [editing] is recommended, to save from excessive "quoting" and wasting band-width by filling up the Digests. List Mode members, also <snip> the 'tag-lines' from the original post, and refrain from sending any "piggy-backed" messages with your post unless they follow the thread. ++ Forwarding Mail: When forwarding mail [Fwd:] because you may have mis-addressed the original or you are sending a repeat of an earlier query, take a moment to edit all the unnecessary 'headers' and taglines etc. They take up too much room, and serve no purpose. Some may just "delete" rather than paging down to find your message. Consider copy/paste into a new message, rather than "Fwd:". ++ CAPS: Do not write your message in "CAPS" [Capital letters]. Messages/Queries written ALL in CAPS tend to be difficult to read, for most of us. In the "world" of cyber-space, CAPS are considered the equivalent of SHOUTING! Save CAPS for ship names, surnames, or anything else you wish to stress. (CAPS are okay from vision-impaired members) ++ WebPages: Do not "quote" an entire web page, rather, POST the URL and give a brief description of the site, and an explanation of why you found it useful. ++ Citing: When quoting any information found elsewhere, eg. ... a web page, a book, a document ... always cite (give credit) to the website, and/or the author, the publication etc. Apart from being common courtesy, it can also cover many possible copyright infringements when you quote an excerpt from an original document/publication. Content from a public document is not copyright, but the compilation of those facts can be. ++ Subject Lines: These are SO important as this is your "headline" to attract the attention of those who may be able to help you. Digest members ..... remember to change the subject line to reflect the topic. If you send a subject which says ... Re: Surname-D Digest V02 #xx ... then this is meaningless, and may go unread. Also, include your year of interest. ++ Thank you: Please NEVER forget to send a thank you to someone who has answered your query. It is so nice to send some appreciation to those who have helped you. These should be in the form of a PRIVATE message, but I won't mind if you have been totally overwhelmed by the number of responses, and you wish to thank everyone by means of the list. :-) It only takes a moment, and shows that you don't take any contribution for granted. ++ Reply Most often any info request etc should be posted to the list [email protected] Do not reply to me as list admin because I then just forward to the list. Please reply to the List even if you are on the Digest [email protected] ++ Not A Subscriber. You will sometimes get a "Not A Subscriber" notice. These are posts that get bounced to me because the poster is sending from a different address than they are subscribed with. I forward these to the list. The address that you are registered with can be just slightly different, sometimes the ISP inserts a extra server or other identification in the email id. To check your own address, send your self a email and look at the headers to look at your "from" address. Make sure your email program inserts this address in your post and then subscribe to the mailing lists of your choice. ++ Virus alerts Please just send these directly to me and keep the discussion off the mailing list. ++ Signature Blocks Signature Blocks and Lines are your address at the bottom of your message. No signatures lines over 4 lines. The VLF will automatically put anybody on moderate that can't seem to get their sig line down. Large sig lines clog up the search engine and the archives. VLF is a patented system from Piglet (the Listowners admin) and she rents it out for a royalty fee per use. VLF = Very Large Flyswatter to keep posters in line :-) ++ Be Nice No Flames, No Selling, No Religion, No Politics These are all interesting and emotional items. Trying to admin a list under those circumstance just takes to much time from my Genealogy and my Grandchildren :-) Hope all this helps. Best Regards John A Hansen [email protected] List Admin

Dear All: Generally speaking a roll call does not do much for the genealogy of our list. However, once a year seems to be an appropriate timing to dust off those brick walls and see where things stand. I know from the various emails that I receive that many of you have made great strides this year due to new databases on line and new web sites etc. So what I propose is as follows: A: Post the brick wall ancestor and other ancestors that seem to have been created to give you a a hard time. Some ancestors of mine have covered their tracks so well, it must have been deliberate :-) Please use the standard format in the subject line for everyone's benefit. This standard has been used and was created in order to allow many people to skim the subject lines and then determine if there is any interest or should the delete key be used. So one ancestor per message. The format is : SURNAME > location > time Note the surname is in Caps. The new search engines here in Rootsweb are coming on line and are working well. Then give the pertinent details in the message body. B: No signatures lines over 4 lines. The VLF will automatically put anybody on moderate that can't seem to get their sig line down. Large sig lines clog up the search engine and the archives. VLF is a patented system from Piglet (the Listowners admin) and she rents it out for a royalty fee per use. VLF = Very Large Flyswatter to keep posters in line :-) C: Also post any great web sites that you've found that really helped. I may put some of these in the taglines for future reference. Lets Go! Best Regards John A Hansen [email protected] List Admin

Dear All: This is a one-time heads up notice. There are 3 new and one oldie and toughie virii out "in the wild" Three are rated level 2 and one is rated level 1 ( low risk) Please don't start numerous threads on the mailing list on this subject. If there are more warning please send direct to me for checking. Lets keep these lists focused on genealogy. If you get an infected message from someone then let me know so they can be removed temporarily from the list. All the AV software companies have updated their databases. Norton just released their latest updates this morning and could be more soon. A: Get your virus definitions updated as of today ( and everyday) B: They are purely an attachment virus ( so simpler to handle) "don't open attachments" Let's get ahead of this one and avoid the mess we had two weeks ago :-) See the following AV web pages describing the three http://www3.ca.com/Virus/ http://vil.nai.com/vil/ http://www.sarc.com/avcenter/ http://www.antivirus.com/vinfo/ http://vil.mcafee.com/newVirus.asp Best Regards John A Hansen List Admin.

Dear All: This is a one-time heads up notice. Please don't start numerous threads on this subject. The new virus Gokar is out "in the wild" today. All the AV software companies have updated their databases. Get it now! See the following AV web pages describing Gokar: http://www3.ca.com/Virus/Virus.asp?ID=10606 http://vil.nai.com/vil/virusSummary.asp?virus_k=99282 http://www.sarc.com/avcenter/venc/data/[email protected] http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_GOKAR.A Best Regards John A Hansen List Admin.

Dear All: There is a new virus announced as being out as of 7.30 am this morning Dec 4th. The general announcement from www.sarc.com is below. It is not a really serious virus except for it's wide distribution already this morning. A couple of significant points. A: get your virus definitions updated as of today B: It's purely an attachment virus ( so simpler to handle) Let's get ahead of this one and avoid the mess we had two weeks ago :-) Best Regards John A Hansen [email protected] [email protected] Discovered on: December 4, 2001 Last Updated on: December 4, 2001 at 11:21:17 AM PST [email protected] is a mass-mailing worm that is written in Visual Basic. The worm has been compressed using a known Portable Executable (PE)* file compressor. The worm can spread its infection using the ICQ network as well as by email using Microsoft Outlook. If IRC is installed, this worm can also insert mIRC scripts that will enable the computer to be used in Denial of Service (DOS) attacks. Type: Worm Infection Length: 38,912 bytes Virus Definitions: December 4, 2001

Dear All: The message below is from Sue on the TSL list and she states the situation quite clearly. The difficulty is that the attachment may not show or there is a false extension. It appears to have xxx.doc or xx.txt but the real extension ( .scr.or .exe) is 59 spaces to the right. So even if you get a email from a trusted source ( me or others) and there is no message etc, be very careful. It will also show about 29 or 30k as the size of the message. So that is a dead giveaway in that there is 30 k of message and it doesn't show up anyway . I have also received a mumber of these and have advised some of you of the problem. We will correspond to make sure your computer is clean before resubscribing. If anyone receives one of these virus transmissions from a member: A: advise the list of the name B: send me the name and email address and mail list. Best Regards John A Hansen [email protected] List Admin Forwarded message Many of you will remember the "badtrans" virus last August. People seemed to wise-up about that one, but now there is another _strain_ of the badtrans virus called [email protected] and I have received quite a few of them ... some from current list members. I am Bcc'ing those list members whose computers are infected, so if you receive a copy of this message without the [TSL] prepend, please quickly go to the link below to learn how to clean the virus out of your computer. You will NEVER receive a virus through the list, but if listmembers get infected, their computer may send you the virus, which _may_ have a list subject line. My Norton "anti-virus" program is doing a very good job of detecting, but Norton doesn't seem to have a complete write-up about this one. They do mention the file extensions etc., but they don't mention how the email will appear or whether there is a message or not. My experience has been that only one has arrived with a subject line from a list post, the others simply have a "Re:" in the subject line. I have seen no message (but maybe Norton is deleting that too) Most of those I have received have come from Australian or New Zealand email addresses, so they must have gotten it first. Also, I don't know whether my Norton is doing this (the write-up doesn't say) but the email addresses of the sending computers is altered by having an underline character preceeding the address, such as <[email protected]> PLEASE remember to make sure you have up-to-date Anti Virus software, AND remember to update the Virus definitions regularly. There are a lot of good Anti Virus programs out there (I use Norton) but they aren't any good unless you update them. You can read about this virus and how to remove it from your system on the Norton Symantec site ... http://www.symantec.com/avcenter/ http://www.symantec.com/avcenter/venc/data/[email protected] Sue --

Dear All: Some volunteers from the society of the Daughters of the American Revolution ( DAR) have established a wonderful new program for users of Rootsweb. These volunteers will do lookups in their database and records if you think one of your ancestors served in some capacity during the American Revolution. These volunteers have more databases that are available to them than the ones commonly used by the search engines. The process is fairly simple : Go to the DAR message board: There are two ways to do that: > www.rootsweb.com > message boards > topics > organizations and societies > DAR Or if you want the easy way :-) http://boards.ancestry.com/mbexec?htx=board&r=rw&p=topics.organizations.dar Address your message as follows: subject : DAR Lookup > surname> location > dates In the body of the message put the information regarding the person, Be sure to fill out the surnames box at the bottom since the new search engine will be keying on that item. Leave the email response box checked and you will be notified when the DAR volunteers respond . Give them a week or so to get to your request. We really appreciate their efforts. This info can be key for: a: joining these prestigious organizations ( DAR & SAR) b: sending a request for the copies of the files that were submitted and the information they have available. Many thanks to: Glenda Thompson DAR VIS Volunteer Vice Chrm. Patriot Lookup for organizing this effort and all the many volunteers that are donating their time and effort to us instead of pursuing their own ancestors, Best Regards John A Hansen DAR board admin. BTW: Please forward this message to other lists and boards that each of you are involved in. A word of thanks to each volunteer that does this work and especially the one that responds to your post would probably be highly appreciated.

Dear All: This is the next step in Virus activity as previously described. Note that this virus infects even the user who does NOT open the attachment, but merely opens the basic email in a preview pane or otherwise even tries to read the basic email itself. So those that depend on their virus protection as being "don't open attachments" are going to get caught here. Also recognize that this virus is far worse that SirCam etc etc. I've also seen warning of the next mutant of this being a really dangerous payload. It was also self mutate. Best Regards John A Hansen [email protected] List Admin -----Original Message----- From: Peter Mueller [mailto:[email protected]] Sent: Tuesday, September 18, 2001 1:42 PM To: Incidents List Cc: Vuln Dev Subject: RE: New "concept" virus/worm? http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp <exerp from securityfocus> Experts are tracking a fast-spreading virus that propagates both by sending itself as an email attachment, and by hacking into vulnerable web servers. The [email protected] worm infects IIS servers by exploiting the 'MS IIS/PWS Escaped Characters Decoding Command Execution Vulnerability' -- the same hole exploited by the recent Code Blue worm. The worm also attacks Microsoft Outlook users, arriving as an apparently blank message with an attachment called 'readme.exe.' As with other viruses, opening the attachment will infect the machine. But unlike most so-called mass mailers, Nimda can also infect Outlook and Outlook Express users who know better than to open strange attachments. By exploiting a bug in Internet Explorer discovered last March, the worm is able to infect victim computers when the email is read, or even displayed in Outlook's preview pane. A patch for the 'Microsoft IE MIME Header Attachment Execution Vulnerability' is available from Microsoft's web site. Once it has infected a machine, Nimda exposes local hard drives to the network, and spreads further through already-open file shares. Cyber security mailing lists began buzzing with word of the [email protected] worm Tuesday morning, after network administrators noticed a massive increase in probes for unpatched Microsoft's IIS web server software. No destructive payload was immediately identified in the worm, but network administrators report that the worm consumes massive amounts of bandwidth in its feverish search for vulnerable servers. The virus comes at a time of heightened sensitivity to Internet attack. On Monday the U.S. National Infrastructure Protection Center (NIPC) issued an advisory warning that a group of vigilante hackers called 'The Dispatchers' have threatened to launch distributed denial of service attacks against unnamed Internet hosts, in response to the September 11th terrorist attacks on the United States. "The Dispatchers claim to have over 1,000 machines under their control for the attacks," the advisory reads. "It is likely that the attackers will mask their operations by using the IP addresses and pirated systems of uninvolved third parties." ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

Dear All: There is a nasty worm making the rounds today. Details at http://www.sarc.com/avcenter/venc/data/[email protected] [email protected] Discovered on: September 18, 2001 Last Updated on: September 18, 2001 at 12:38:50 PM PDT Symantec Security Response has received a number of submissions on [email protected] and is rating it as a Category 4. Please update your AV software ASAP. I subscribe to numerous virus and security email lists and will try to keep you advised of Class 4 virus threats after I verify that it is not a hoax. Best Regards John A Hansen [email protected] List Admin

Dear All: As many of you have noticed, there is a new influx of postings from the Affiliated message board. These posting are now always identified as coming from the Message board The posts on the message boards and posts to the mailing lists are somewhat different. On the Message boards the initial inquiry comes in ,usually with some detail. The follow on threads then are brief and to the point. Sometimes only a cryptic sentence or two. Since the full thread is easily visible, there is no need to repeat all the details, dates, locations, etc. Each post on the the mailing lists is very complete with dates, locations, names etc. This allows each post to stand on it's own for understanding the content. The new top header was a compromise to satisfy a group that was protesting that it wasn't obvious that these other messages were, in fact, coming over from the message boards. So Rootsweb came up with that format and suddenly there it was. I think most list admins all thought it was the answer to the previous protests over the lack of identity of gatewayed messages. There are also numerous suggestions and many recommendations on the various lists about getting the "gateway" message size reduced and less intrusive. Like so many times in life we go from one extreme to the other; so we went from no notice of a gatewayed message to one taking up 50% of the message body :-) However, a couple of suggestions and options for those of you that don't like the board postings. The messages from the gateway always have the "from" address [email protected] Merely add the above address to the filters in your email program. Then ALL messages from ALL message boards will be taken out...right now! Hope this helps clarify the situation and provides some relief. BTW: Some will see this message coming from the gateway, since I'm posting it there as well. Best Regards John A Hansen [email protected] List Admin

Dear ALL: A short introduction and a update on the issue of virus and security. My name is John A. Hansen and the new mailing List Adm. I'm retired ( mostly) with a Scottish wife, 4 grown children and 7 grandchildren. We live in Issaquah Wa ( near Seattle) and tracing a bunch of ancestors. Did you notice that your number of "dead ends" grows exponentially with the number of generations you try to go back :-). The virus issue is on everyone's mind today and will be even more so in coming months. The current famous one is Code Red , but that is serious mostly for people running servers for web pages and larger networks etc. However, there are a couple of baddies out there right now. One is Sir Cam and the other is Bad Trans. You can get the details on these by going to www.sarc.com and looking at their level 4 alerts. However, there is also more serious virii ( plural) coming and the gloves are off. There are now at least several groups of offshore professionals thieves that have discovered that using viruses is a easy way to get new fraud victims. The scam works like this. These professionals are getting victims easily and cheaply by using virus to plant Trojans, "cuckoo eggs" and other programs ( called malware) to forward "info" to a site, called a "drop". The specific info they want is credit card numbers, SSN, bank account numbers, passwords etc. They use that info for identity theft and just to ding your account or credit card for a few bucks. While the general warning to never ever ever open an attachment is good, there are other ways for them to get in. Attachments can be single extensions ( PDF, jpg, zip etc) and any email message with the standard html format can easily have embedded scripts ( you don't even have to open it , they will do all the work for you ! So get and maintain a set of Antivirus software ....now! I've included a nicely written overall summary by BJ Hamilton of the virus and Firewall situation. I use ZoneAlarm pro as my firewall because I have a home network and I like to mess around with this stuff:-) But their freeware program is also good. I do consistently get pings and probes so I know it's happening. A freeware version of the Program is available at www.zonelabs.com. It's a bit of a pain to run because you keep getting alerts, but that's better than not knowing. I also use the programs mentioned below to test my security on a regular basis ( once a month) . There is also the program at www.pcpitstop.com that does free online testing of your computer status and security. Some references for Anti virus software are as follows and freeware and shareware products are available at www.tucows.com. There is also a nice site at www.webattack.com/freeware with good programs. If you have any further questions about viruses, please consult your anti-virus software vendor or visit one of these sites: http://www.mcafee.com/anti-virus/default.asp? http://antivirus.about.com/compute/antivirus/ http://www.symantec.com/avcenter/ http://www.claws-and-paws.com/virus/ http://www.eicar.com/ http://www.av-test.org/ http://helpvirus.com/ My candidates for review ( from my own favorites file) http://www.securityportal.com/articles/malware20010129.html http://securityportal.com/virus/ http://www.antivirus.com/vinfo/vprimer.htm http://www.sarc.com/avcenter/security/ ( see article on email worms) http://www.sarc.com/ ( nice summary of current active "level 4" virus threats http://www.sarc.com/avcenter/security/Content/2000_05_26_a.html ( good article on embedded scripting and the countermeasures) Some Newsgroups: alt.comp.virus alt.comp.anti-virus alt.comp.source.code symantec.support.**** ( specific version of OS) There is also a good mailing list here at Rootsweb. The name is [email protected] The list adm is George Elting. subscribe by sending email to: [email protected] My strong recommendation for your protection is to: A: Get Anti virus Software of some kind. B: Update it once a week C: Install a firewall ( software version) D: Use passwords on access to your computer E: Do a security check with an Internet site once a month. It's easy and free F: Do Not open any message with attachments. Remember attachments now can be single extensions, including .pdf etc In case you receive a message with a virus or attachments the Virus procedure is simply as follows. Remember attachments now can be single extensions, including .pdf etc A: Send the name of the person to me with copy to the list for a heads up. B: Delete the message I will then remove the infected user. There are some options if you are unfortunate and get infected some way. These options include using the digest mode and posting to the message boards since many of these lists are gatewayed from the message boards as well. If we all work together, we can keep this mailing list clean. Best Regards John A Hansen [email protected] List Adm -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of BJ Hamilton Sent: Monday, August 06, 2001 9:26 PM To: Family Tree Maker Discussion List Subject: Re: virus is getting bad.... I had it, too... reprinted with permission from BJ Hamilton JAH Dear All: There is quite a bit of emotional rhetoric regarding viruses and network security. So this is a brief explanation of terms and then a web address that has outstanding advice as well as explanations and some diagnostic tools to help you determine how vulnerable your system is. I heartily recommend you run both his Shields and Probe applications. Definitions: 1. Firewall - this is normally a computer which protects a local area network (LAN) by restricting who may access the LAN from the internet as well as restricting who on the LAN may access the internet and what areas may be accessed. They may be very sophisticated and expensive running on a separate computer or they can simply be a utility, which runs on your personal computer protecting you from the Internet. Consequently they can be very expensive or on the other hand they can be rather inexpensive. Some of the personal firewalls will cost around $30-$50. BlackGuard, Symantic and McAfee (I think) all offer personal firewalls. One firewall that has received a lot of praise is ZoneAlarm (found at: http://www.zonelabs.com). It is free for personal use although they also offer a version, ZoneAlarm Pro, for about $40 which checks your email for viruses. I use the free version. 2. Routers and Gateways - These may be computers but tend to be dedicated machines which sit between networks and forward (or route) all packets (traffic) to other networks (The internet is just like a big series of networks and all traffic is forwarded by routers using the TCP/IP addresses.) Again these can be very expensive devices but within the past year or two, D-Link, Linksys and SMC have been developed inexpensive devices for home and small office use. These tend to cost about $130 - $200. They are rather simple to install and operate. I simply installed mine, provided it with my ISP ID and Password and did nothing else. It is always on - protecting all of my computers from external probes because it answers the Internet address and then routes the packets to the appropriate internal network addresses. The gateways and routers have no files or programs, which can be accessed so they act as a protection against anyone attempting to access my computer. Normally they do not stop your machine from accessing the Internet. They also allow multiple users/computers to access the Internet simultaneously using a single ISP address. Because no one can get your internal computer address, it acts as a sort of firewall also. For maximum protection, I use both a gateway and a personal firewall. I use the firewall because it allows me to control what programs or utilities on my computer can access the network. I have a list of applications that I have granted access to the network. If another program attempts to access the network, ZoneAlarm intercepts the attempt, opens a dialog window and I can either prohibit the access or allow the access (on a once only basis or continuous basis). For those who want more details about security in general, I suggest the following web site: https://grc.com/x/ne.dll?bh0bkyd2 ( Note by JAH) : This site does a full online security check on your computer as well. Run both the "shields up" and "probes" ! This site is provided by Steve Gibson. This web site provides extensive information in an easy reading manner for the non-technophile. Explore to your heart's content. I'm going to have to go back and revisit it because he has done considerable upgrading since I last looked at the site. Let me know if I haven't answered your question or if you don't understand my explanations. BJ Hamilton