History of the Finger
Protocol
by Rajiv
Shah
Draft 0.1 - June 2,
2000
I. Specific Issues of
Interest
B. Running Code – Actual Implementations of
Finger
3. GNU Finger – October 1992 replaces
Berkeley 4.3 Finger code (Brittenson and Fox 1992)
5. Configurable Finger Daemon
(CFingerd)
V. Alternative uses for
Finger
A. Information Revealed and its
Consequences
C. Control by the System
Administrators
Finger was one of the first
computer network applications.[1]
It enabled people to see who else was using the computer system as well as find
basic information on that user.
(Zimmerman 1991) To find information about a specific
user, it was necessary to know that person's email address.[2] For example, in response to the command
Finger atstarr@unix.amherst.edu a computer running the Finger program would
respond with the following information:
Login
name: atstarr
In real life: Andrew Starr
Office:
Kansas City
Home phone:
555-5555
Last
login Mon Nov 8 13:22 on ttyre from
sdn-ar-001mokcit
Plan:
To
come so far one must be brave.
ATStarr@Amherst.Edu
http://www.amherst.edu/~atstarr/menu.html
Typical information provided by Finger would be a person's real name,
their office location and phone number, and they last time they logged in. Users also could modify the plan field
to add whatever text they wished.
In this example, Andrew added a quotation, his email address, and the URL
for his web page.
The Finger command was
created in the early 1970s by Les Earnest at the Stanford Artificial
Intelligence Lab (SAIL).[3]
(Zimmerman 1991)
Brian Harvey at SAIL implemented the original Finger protocol. (Zimmerman 1991)
The Finger program inspired
a copycat program, Name, written by Earl Killian for the ITS system at MIT.[4]
(Zimmerman 1991) Greg Hinchliffe brought up the Finger
server for SRI-KA and SRI-KL. (Harrenstien 1977)
Les
Earnest on the origins of Finger:
Finger was named for the act
of pointing. I recall that sometime
after it became popular I received a message from a system administrator who
thought that it should be renamed so that users would not have to use a "dirty" word. I gave his request all the consideration
that it deserved.
I created Finger around 1971
to meet a local need at the Stanford Artifical [sic] Intelligence Lab. People generally worked long hours
there, often with unpredictable schedules.
When you wanted to meet with some group, it was important to know who was
there and when the others would likely reappear. It also was important to be able to
locate potential volleyball players when you wanted to play, Chinese food freaks
when you wanted to eat, and antisocial computer users when it appeared that
something strange was happening on the system.
The only tool then available
for seeing who was running on our DEC-10 computer was a WHO program that showed
IDs and terminal line numbers for people who were logged in. There was no information available on
people who were not logged in. I
frequently saw people running their Fingers down the WHO display saying things
like "There's Don and that's Pattie but I don't know when Tom was last seen." or
"Who in hell is VVK and where does line 63 go?"
I wrote Finger and developed
the supporting database to provide this information in traditional human terms
-- real names and places. Because I
preferred to talk face to face rather than through the computer or telephone, I
put in the feature that tells how long the terminal had been idle, so that I
could assess the likelihood that I would find them there if I walked down the
hall.
The program was an instant
hit. Some people asked for the Plan
file feature so that they could explain their absence or how they could be
reached at odd times, so I added it.
I found it interesting that this feature evolved into a forum for social
commentary and amusing observations.
Finger was picked up by a
number of other groups with DEC-10 computers that were connected to Arpanet --
software flowed in all directions around the net in those days. It later migrated to Un*x, probably via
U.C. Berkeley. Somewhere along the
line the idea arose to provide a network Finger service. I don't remember who suggested that but
it seemed like a good idea at the time so I stuck it in. Some other anxious people wanted to be
able to verify that their mail was delivered to specific addressees, so the Mail
feature was also added.
While I was somewhat
surprised by the popularity of Finger, it has not been as successful as an
earlier program that I invented -- the spelling checker. It too was created to fill a personal
need that many others apparently share.
We didn't think about commercial development and software protection in
those days, but if we had we probably could have made something out of it. On the other hand, I enjoyed the
comradery of those gentler times and have no regrets. (Earnest 1990)[5]
In 1977 K. Harrenstien wrote the first RFC, RFC 742, on the Name/Finger
protocol. (Harrenstien 1977) He noted that at the time only SAIL,
SRI, and ITS supported this protocol.
However, by publishing this standard, it would be possible for other
computers to implement Finger.
Jeff Allen discussing the
original Finger protocol:
"This simple protocol was
easy to design, easy to implement, and most importantly, solved the problem at
hand nicely: it allowed the researchers on a handful of machines to find out who
was logged into a handful of other machines on the net. From there, it evolved
into a quick and easy way for people to distribute information about themselves
to others. It remains one of the primary ways PGP keys are exchanged." (Allen 1995)
In 1979 there was the CMU Finger controversy. (Discussed
below)
In 1988 the Morris Worm exploited the Finger command. (Discussed in
Security section)
Between 1990 to 1991, D. Zimmerman developed an "IAB standards track
protocol" for Finger. The document
was RFC 1288 "The Finger User Information Protocol" and obsoleted RFCs 1196,
1194, and 742. This is still the
"official" standard for the Finger protocol. (Zimmerman 1991)
The original 1971 SAIL Finger command allowed people to query a database
that contained information about the computer systems users. For example, it provided information
about how long the terminal had been idle.
Earnest notes that he later added the plan feature because people wanted
to be able to update and modify the information that was
displayed.
Finger then spread to others with DEC-10 computers **Is this the same as
PDP-10 Computer??**
Later migrated to Unix via
U.C. Berkeley **Need more info**
Later added mail feature
**Need more info**
Calls it the Name/Finger
protocol **After this RFC it would only be called the Finger protocol, What
happened to Name?**
The RFC noted that SAIL,
SRI, and ITS support this protocol
In comparison to the later
RFCs, RFC 742 does not explicitly mention examples of what information should be
public. Instead it merely states
that the returned information should include the full names, last known
terminal, and idle time (time since they last used the terminal). And the RFC suggests if the user is not
logged in, the Finger protocol should return the "plan
feature".
There is no mention in the RFC that information such as office location
and phone number should be returned in response to the Finger command. There is also no mention in the RFC that
the Finger command should tell others if a person has new email and when they
last checked their email. Although,
the some of the examples show this information being
provided.
**Need to learn the history of this
RFC**
Between 1990 to 1991, D.
Zimmerman developed an "IAB standards track protocol" for the Finger
command. This document, RFC 1288
"The Finger User Information Protocol", is still the "official" standard for the
Finger protocol. (Zimmerman 1991). RFC 1288 was preceded by RFC 1194 of
November 1990, RFC 1196 of December 1990, and RFC 742. RFC's 1194 and 1196 are basically
identical with RFC 1288 with only some minor corrections and
clarifications. However, RFC 1288
differs in some aspects significantly from the RFC 742. RFC 1288 tried not to invalidate any of
the existing implementations or add any unnecessary restrictions. Thus it attempted to maintain backward
compatibility **Was it truly backward compatible, what were the differences**.
(Zimmerman 1991)
The RFC notes that the most prevalent implementation of Finger was that
of the BSD Unix version. "Thus,
this memo is based around the BSD version's behavior." The RFC then notes the problems with the
BSD implementation of Finger. It
suffers from not offering enough options to tailor the Finger RUIP for a
particular sites's privacy policy or to protect the user from dangerous
data. The RFC also emphasizes that
there are many potential security problems with the Finger protocol. The RFC notes that the Finger protocol
returns information about a system's users, which may be a "sensitive issue at
best." (Zimmerman 1991)
The two most common Finger queries are the {C} query and the {U}{C}
query.
The {C} query is a request for a list of all online users. The RFC states any users of the protocol
must return a list of all the users with their full names or “actively refuse”
the query. Additionally the
standard recommends that the system administrator also include other useful
information such as the terminal location, office location, office phone number,
job name, and idle time. (Zimmerman
1991)
The {U}{C} query is request for more specific information about just one
user. The RFC notes that “if you
really want to refuse this service, you probably don’t want to be running Finger
in the first place.” The {U}{C}
query must return the persons full name and any information that would be
revealed by the {C} query.
Additionally, the standard recommends that additional information such as
office location, office phone number, home phone number, status of login, and a
user information file. The user
information file (or a plan file) is a file where a user may leave a short
message to be included in response to a Finger request. (Zimmerman 1991)
RFC 1288 also differs from RFC 742 in extensively discussing security
concerns with the Finger protocol.
The RFC notes that Finger is one of ways an intruder may attempt to hack
into a computer system. The
emphasis here is not a surprise. In
1988, the Morris worm exploited security holes in the Finger protocol. (Zimmerman 1991)
The
RFC explicitly discusses security concerns about the information disclosed by
Finger:
Warning!! Finger discloses
information about users; moreover, such information may be considered
sensitive. Security administrators
should make explicit decisions about whether to run Finger and what information
should be provided in responses.
One existing implementation provides the time the user last logged in,
the time he last read mail, whether unread mail was waiting for him, and who the
most recent unread mail was from!
This makes it possible to track conversations in progress and see where
someone's attention was focused.
Sites that are information-security conscious should not run Finger
without an explicit understanding of how much information it is giving away.
(Zimmerman 1991)
The RFC also recommended
that implementations of Finger should allow administrators to tailor the
information returned such as whether to return office location, office phone
number, and logged out time. (Zimmerman 1991)
The examples at the end of the RFC show that much more information than
in previous RFC. For example, it
information such as office location, directory, shell, and home phone were
provided in the examples. (Zimmerman
1991)
To use Finger, it is necessary for the host computer to run the Finger
daemon (a program running in the background) which will answer Finger requests.
Finger appeared in version 3.0 of the Berkeley Software Distribution
(BSD) Unix.[6] According to the system documentation
the Finger command usually "displays the user's login name, real name, terminal
name and write status (as a ``*'' before the terminal name if write permission
is denied), idle time, login time, office location and office phone
number." By using the –l option,
the following information would be displayed: "the user's home directory, home
phone number, login shell, and the contents of the files ".forward'', ".plan'"
and ".project'' from the user's home directory."
In Sun's Solaris the default for the Finger command is to display the
following information: user name, user's full name, terminal name (prepended
with a `*' (asterisk) if write-permission is denied), idle time, login time, and
host name if logged in remotely.[7] If queried for a specific user than the
following is provided: the user
name and the user's full name, the user's home directory and login shell, time
the user logged in if currently logged in, or the time the user last logged in;
and the terminal or host from which the user logged in, last time the user
received mail, and the last time the user read mail, the first line of the
$HOME/.project file, if it exists, the contents of the $HOME/.plan file, if it
exists
The Finger command was
designed to provide information about users on a computer system. This worked well in the 1970s when there
were many people connected to one computer. However, by the 1990s, the networking
environment had changed. In the
1990s there were many computers mostly with a single user. To Finger someone in the 1990s, it was
necessary to Finger each individual computer. The GNU Finger implementation solved
this problem by creating a central database listing all of the users in the
site. This database was derived by
continuously querying all the different computers at a "site".[8]
GNU Finger was developed in October 1992 and replaced Berkeley 4.3 Finger code.
(Brittenson
and Fox 1992)
The GNU Finger displayed the
the full name, home directory, shell, mail forwarding, Whether the user has any
unread mail, and if so, when it was last read, the last login time and remote
host (if known)and `.plan' and/or `.project' file. It also allowed users to disable Finger
individually by linking `~user/.Fingerrc' to `/bin/true'.
Another implementation of
Finger, it is more recent. It
claims that it has several security advantages over conventional implementations
of the Finger command. For example,
it allows .pgpfiles, no printing of users shell, home directory, and last login
time. It also allows users to turn
off Finger information by creating a .noFinger file or a user can update and
store their own information.[9]
CFingerd is considered a
hacked Finger daemon which provides extra security functions. It is considered an excellent
replacement for standard Finger daemons. (1998) It was written by Ken Hollis with
security issues in mind. According
to its creators, cFingerd was created because many sites were turning off Finger
for outside users. The system
administrators did not want outsiders obtaining information about the users on
the system. This program was
created to provide these sites with a secure alternative. [10]
FFingerd was created as
secure Finger service in response to system administrators disabling the Finger
service because Finger advertised too much information about the system and the
security flaws in standard Finger daemons.
Some key features: "It has been verified to compile on a wide variety of
Unix variants. It does not run with superuser privileges. It can display PGP
public keys, too. It even has a fascist logging option for paranoid
administrators. Users can exclude their account from Fingering. You can't see if
an account has been excluded or is not there."[11]
Alternative to wu-ftpd and BSD Finger daemon which have security
flaws. It is designed for Linux.[12]
In response to standard Finger daemon's that provide home directory,
shell, and last login information which is valuably to hackers, PsFingerd was created. Some of the features of psFingerd
are: Disallowing indirect Fingers
and empty Fingers, Support for pgp public key, .noFinger option, and the ability
for users to hide their real name.[13]
For
Windows
http://www.marketrends.net/infod/
infod -- Windows Finger
Daemon
Information
Retrieval
“Using this dandy little
tool, among other things, I've found earthquake updates; a directory that lists
which sodas are available in certain soda machines at Columbia University and
Carnegie Mellon University, and National Football League standings.”[14]
An interesting use of the Finger command was done at Carnegie-Mellon University in the 1970s. It involved wiring up a Coke machine to
sense how many bottles were present of various flavors inside the machine. Next a program was written that allowed
the status of the Coke machine to be determined by the use of the Finger
command, Finger coke@cmua.[15]
Plan files were the old home of ASCII art. Plans contain varied individualized
information. For example, favorite quotes, ASCII art, and marketing information
could be in a plan file. It was a
precursor to the world wide web home page.[16]
A short time ago, the CMU
Finger program was endowed with the ability to reveal when a user last logged in
and when that user last read his/her mail with our RDMAIL program. To respect the privacy of the individual
I arranged for two user profile bits to be added to our existing profile
facility (which determines whether a user automatically sees a bulletin board,
or gets a message when mail arrives etc.) The two new bits determine whether
Finger may reveal the date/time a user last logged in and the date/time that the
MAIL.MSG file was last changed. The
default setting for the profile bits inhibits Finger from revealing this
information. – Email from Ivor Durham
To recapitulate, Ivor Durham added some privacy bits to allow a user to
turn off information about their behavior.
According to a report by Mike Schwartz, this information was (1) whether
the user is currently logged on, (2) when the user had logged off, (3) whether
there was any mail in the mailbox, (4) when the user has last read mail, and (5)
if there is mail, the most recent sender.
The privacy bits were an option that allowed people to decide if they
want this information revealed.
Moreover, the privacy bits had a default setting to prevent this
information from being released.
Thus, to enable others to find out when you last logged on, a person had
to proactively turn their privacy bit "on" to reveal this information. At CMU the other information revealed in
the Finger command such as your office location and office number were left to
the discretion of the user. Thus
with the addition of the privacy bits, a user could now ensure that no
information about them was revealed if someone "Fingered"
them.
Ivor
Durham was a graduate student who helped maintain the computer system
responsible for running the Finger command. It was Durham who ensured that the
Finger program was modified with the privacy bits. The decision for the implementation of
the privacy bits was not made by Durham, but by the operations manager who
insisted that people should be able to decide on whether to keep their
information private.
**I
am still in the process of determining all of the reasoning and decisions that
lead up to the implementation of the privacy bits.**
The
privacy bits were likely stored in the mail preferences of the rdmail program.
(Lamb 1999)
At the time of this Finger controversy, the CS department’s computers
were connected to the ARPAnet. This
allowed them to communicate with other computers on the ARPAnet. The existing campus computers were not
connected to the computers in the CS department. In fact, there was no general campus
network for the CMU campus.
Access to the computers and
the Finger command was generally open only to the faculty, graduate students,
and the computer science departmental staff. The departmental staff varied from the
technical people who maintained the computer systems to secretaries who would
use the network for email and word processing. A few graduate students would volunteer
to help maintain the computer systems and would receive extra computing
privileges in return for their help.
About the time the
Carnegie-Mellon University computer-center staff was ordered by the CMU administration to
change the name of the "Finger" command
(despite it being an ARPAnet standard). They changed "Finger" to "where" and
also took it upon themselves to change Paul's name to "Paul Hilwhere" (initially intending it to be
temporary). Paul actually approved
of the change (as a kind of gentle protest), and it remained that way for some
time.[17]
At some point, someone in
Warner Hall, Warner Hall was the administration building, the upper floors were
people like the president, vice-president, provost, one of them people higher up
thought Finger implied some sort of grotesque image and thought Finger should be
renamed. I don’t know how there
minds worked, but they thought it had obscene connotations so they insisted that
it should be renamed, and the computer services people did rename it, I am not
sure whether they forced us to rename our version, because they never used our
machines. (Lamb 1999)
"the Tops-20 systems
deployed for undergraduate use at the university had their ``finger'' commands
renamed to ``where'' because someone in the administration thought that the
``finger'' command verb might be interpreted in a rude manner." (Everhart 1999)
**NEED TO FIND MORE INFO ON
THIS**
According to Emailman, "In
prior days, when more people used shell accounts, "Finger Me!" was heard at
campuses around the world!"[18]
The amount of information available depends on the implementation of
Finger. The following are typical
fields that are returned:
Real Name, Terminal Name,
Write Status **What is this**, Idle Time, Login Time, Office Location, Office
Phone Number, Home Directory, Login Shell, Home Phone Number, .forward, .plan,
.project, Last Received Mail, Last Read Mail.
The more controversial fields are when and where you last logged off,
when you last received email, and when you last checked your email.
Different implementations of Finger may show different information. For example, Fingering a person at the
Internet Chess Club will only provide a person's rating and win loss
record. If the person is logged on,
ICC will also provide how long they have been logged on, how long they have been
idle, whether playing or not, whether observing or not, etc., and any "notes" a
person has written.[19] In Maximum Security, the author
notes that at universities you can typically get the name, telephone number,
dorm room number, and major of students. (1998)
Because many people are unaware of the information provided by Finger,
some institutions have turned Finger off or set the default for the Finger
command to off. In December 03,
1998, the Academic Information Systems (AcIS) at Columbia University in New York
decided to modify the Finger command so that people must “turn it on” if they
want to be Fingered. According to
Jeffrey Eldredge the manager for computer support services, “The reason AcIS
decided to select a default of “Fingeroff” rather than “Fingeron” was that many
people are not aware that this command exists and how it provides [the entire
world] access to personal information.”
According to Eldredge “Today’s world of computing and communications is
not such a kind and gentle place; thus, users are demanding better mechanisms to
protect their privacy.” Eldredge
noted that reasoning was based on a number of incidents. (Horan 1998)
When the University of Minnesota Duluth shut off the ability for remote
users to "Finger" users they noted issues of performance and privacy. "We have had users harassed on-line by
otherwise unknown folks on the Internet.
The harasser's used Finger service to find out information about who was
logged on."[20]
**(I remember hearing
stories where students would get harassed because people could find their
telephone number and address easily through the Finger command (and the
phonebook) I am sure the university
is constantly turning peoples information off)**
Finger triggers Privacy
Alarms
Many college and university
computer system administrators are responding to rising concerns over misuse of
the Finger tool with modifications that restrict the information users can
glean, and some have eliminated it altogether. Critics note the tool violates
privacy -- it provides information about where people are logging on and when
they're doing it -- and security -- crackers can use it to obtain information
that can help them break into computer accounts. "A telephone directory is a
great thing, until you realize that people who don't have your best interests in
mind can use the information in it to do terrible things to you," says one
university computer system administrator. (Chronicle of Higher Education 7/13/94
A15)
“The best managed systems
allow users to make their own decisions whether information about their email
reading habits and last login time will be displayed.” (Notess 1995)
This was a central issue in the CMU controversy.
There is little
documentation and information for how users can change or stop information the
Finger command reveals. Sometimes
users can change information such as the address or phone number. But other times, all of this information
including the last login time and mail information is not modifiable by the
user. According to MS, usually
users are allowed to change their information, however most users don’t know
they can request or do this. (MS)
To change information, users would use the chfn (change Finger) UNIX
command. However, sometimes systems
have this command disabled for security reasons.[21]
System administrators have a great deal of control over the Finger
daemon. First, they could decide
whether to run Finger. Second, they
could control what information would be available on the users on the
system. For example, system
administrators could decide whether to place fields for office location, home
phone number, and a .plan file.
They could also remove about certain users who did not fished to be
Fingered. Moreover, depending upon
a system administrator's acumen, they could modify the defaults of the Finger
daemon, for example, the controversy at CMU or the actions at Columbia
University.
On November 2, 1988, the
Internet was infected by a worm program.
The Morris worm infected thousands of machines and disrupted normal
Internet operations for several days.
The worm was only able to successfully attack Sun workstations and VAXes
running Berkeley Unix code. The
worm program relied on several known access loopholes in sendmail and
Fingerd. The worm was able to
create a memory overflow and then execute a small program. Only 4.3 BSD VAX machines suffered from
this attack.[22]
(Reynolds 1989; Spafford 1988)
The Finger program suffered
from two major security flaws. The
first was that the Finger program provided information for hackers. The second was that some implementations
of the Finger daemon were not secure as the Morris worm highlighted. As a result of the security and privacy
problems many sites began not allowing Finger requests from remote users. (1998) Or sites just eliminated
Finger.
"This excess information
could be used as clues for guessing user passwords or exploiting other system
problems."[23] "The Finger service is the most common
method of acquiring the necessary hints for cracking user passwords and
compromising a user's account."[24] It was also used by spammers. [25]
"Some Finger daemons release
information about the user's shell, home directory and group membership. This
information may be used by hackers to attack the system. Some of the information
can also be used to compromise the user account. For example, information such
as the last time a user logged into the system could be used to build a table of
usage patterns. Another example is that by knowing a user's home directory and
exploiting a vulnerability in the mail system, a hacker could create an entrance
into the system."[26]
By attacking the Finger
service it is possible to disrupt an NIS based network.[27]
Scalability of
Finger
"With regard to solving what
we now understand as the very complicated
problem of Directory Services, Finger is a complete failure. In its time,
it was a nice little application of the evolving network.
Why doesn't Finger fit the
bill for a network-wide Directory Service?
The biggest problem is that there is no cross-indexing in the system of
servers. There are literally millions of servers out there, each holding a
little bit of useful information. The problem is getting the right server, and
retrieving the information of interest. Because the results of a Finger query
can't be reliably parsed by a computer program, the arduous task of searching
the global Finger database can't even be automated. It has to be done by hand by an
experienced network user, one who knows how to find the information they are
after." (Allen 1995)
Finger is not designed to
log requests. So finding out who is
Fingering you is complicated. You
can use MasterPlan to identify who is trying to Finger you. It will also see if someone is trying to
“clock” you. Clocking is the use of network utilities to monitor another user.
(MS)
Finger through a Web
browser, See
http://www-bprc.mps.ohio-state.edu/cgi-bin/Finger.pl
Video Finger,
http://www.media.mit.edu/people/wad/mas961/vidFinger.html
Discussion group on the
Finger User Information Protocol, http://listserv.spc.edu/archives/info-Finger.html
Maximum Security : A Hacker's Guide to
Protecting Your Internet Site and Network: Sams, 1998.
Allen, Jeff R. "Finding a
Needle in a Virtual Haystack." A paper delivered at the Ninth System
Administration Conference, Montery, CA, Sep 18-22 1995.
Brittenson, Jan, and Brian
Fox. GNU Finger. October 1992.
Accessed May 16 2000. URL. Available from
http://www.gnu.org/manual/finger-1.37/html_mono/finger.html.
Earnest, Les. Origins of the finger command. Feb 9
1990. Accessed August 8 1999. URL. Available from
http://www.web.us.uu.net/staff/djm/lore/finger-origin.
Everhart, Craig. "Email
Communication." , 1999.
Hafner, Katie, and Matthew
Lyon. Where Wizards Stay Up Late: The Origins of the Internet. New
York, NY: Touchstone, 1996.
Harrenstien, K. RFC:
742 NAME/FINGER. Dec 30 1977. Accessed May 20 1999. URL. Available
from ftp://ftp.isi.edu/in-notes/rfc742.txt.
Horan, Brian. "Columbia U.'s
AcIS modifies command for "fingering"." Columbia University Daily Spectator,
December 3 1998.
Lamb, David Alex. "Personal
Interview." , 1999.
Notess, Greg R. "On The
Nets: Finding and Creating Finger Information." Online, May 1995.
Reynolds, J. RFC 1135: The Helminthiasis of the Internet.
Dec 1989. Accessed May 15 2000. URL. Available from
http://www.cis.ohio-state.edu/htbin/rfc/rfc1135.html.
Spafford, Eugene H. The Internet Worm Program: An Analysis.
West Lafayette, IN: Purdue University, 1988, CSD-TR-823.
Zimmerman, D. The Finger User Information Protocol.
Network Working Group, December 1991. Accessed June 3 1999. URL. Available from
http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1288.txt.
[1] For background on Finger
see (1998; Notess 1995),
http://www.faqs.org/faqs/signature_Finger_faq/,
and http://webopedia.internet.com/TERM/f/Finger.html.
[2] Technically it is the user
name and the host computer they are accessing. In fact, at some institutions such as
the University of Illinois, the email address will not work because it
represents several different hosts.
[3] See http://www.loria.fr/services/tex/historique/SAIL-byebye.txt
for a history of SAIL
[4] Mark Crispin MSGGROUP#1726
Finger “was the inspiration for the NAME program at
ITS.”
[5] Part of this is excerpted
in (Hafner and Lyon 1996, 216)
[13] http://www.progsoc.uts.edu.au/local/Fingerd/ Modified fFingerd by Felix von
Leitner –
[14] 9/6/94 Newsday B29,
COMPUTERS IN THE 90s LIFE IN CYBERSPACE Let Your 'Finger' Do the Cybering by
Joshua Quittner. See ftp://ftp.csd.uwm.edu/pub/Fingerinfo
or http://ils.unc.edu/emailpro/public_html/More_Fing.html
for a list of sites that include topics such as weather reports, sport scores,
and news.
[17] Posted to Risk by Jim Horning, http://catless.ncl.ac.uk/Risks/18.08.html