The Unix Heritage Society mailing list
 help / color / mirror / Atom feed
* Re: [TUHS] Happy birthday Morris worm
@ 2019-11-12 20:56 Norman Wilson
  2019-11-12 22:00 ` Dave Horsfall
                   ` (2 more replies)
  0 siblings, 3 replies; 44+ messages in thread
From: Norman Wilson @ 2019-11-12 20:56 UTC (permalink / raw)
  To: tuhs

I think I recall an explicit statement somewhere from an
interview with Robert that the worm was inspired partly
by Shockwave Rider.

I confess my immediate reaction to the worm was uncontrollable
laughter.  I was out of town when it happened, so I first
heard it from a newspaper article (and wasn't caught up in
fighting it or I'd have laughed a lot less, of course); and
it seemed to me hilarious when I read that Robert was behind
it.  He had interned with 1127 for a few summers while I was
there, so I knew him as very bright but often a bit careless
about details; that seemed an exact match for the worm.

My longer-term reaction was to completely drop my sloppy
old habit (common in those days not just in my code but in
that of many others) of ignoring possible buffer overflows.
I find it mind-boggling that people still make that mistake;
it has been literal decades since the lesson was rubbed in
our community's collective noses.  I am very disappointed
that programming education seems not to care enough about
this sort of thing, even today.

Norman Wilson
Toronto ON

^ permalink raw reply	[flat|nested] 44+ messages in thread
* Re: [TUHS] Happy birthday, Morris worm
@ 2019-11-15 14:31 Doug McIlroy
  2019-11-15 14:39 ` Warner Losh
  0 siblings, 1 reply; 44+ messages in thread
From: Doug McIlroy @ 2019-11-15 14:31 UTC (permalink / raw)
  To: tuhs

> That was the trouble; had he bothered to test it on a private network (as
> if a true professional would even consider carrying out such an act)[*] he
> would've noticed that his probability calculations were arse-backwards

Morris's failure to foresee the results of even slow exponential
growth is matched by the failure of the critique above to realize
that Morris wouldn't have seen the trouble in a small network test.

The worm assured that no more than one copy (and occasionally one clone)
would run on a machine at a time. This limits the number of attacks
that any one machine experiences at a time to roughly the
number of machines in the network. For a small network, this will
not be a major load.


The worm became a denial-of-service attack only because a huge
number of machines were involved.

I do not remember whether the worm left tracks to prevent its
being run more than once on a machine, though I rather think
it did. This would mean that a small network test would not
only behave innocuously; it would terminate almost instantly.

Doug

^ permalink raw reply	[flat|nested] 44+ messages in thread
* Re: [TUHS] Happy birthday Morris worm
@ 2019-11-13 13:47 Doug McIlroy
  0 siblings, 0 replies; 44+ messages in thread
From: Doug McIlroy @ 2019-11-13 13:47 UTC (permalink / raw)
  To: tuhs

Most of this post is off topic; the conclusion is not.

On the afternoon of Martin Luther King Day, 1990, AT&T's
backbone network slowed to a crawl. The cause: a patch intended
to save time when a switch that had taken itself off line (a
rare, but routine and almost imperceptible event) rejoined the
network. The patch was flawed; a lock should have been taken
one instruction sooner.

Bell Labs had tested the daylights out of the patch by
subjecting a real switch in the lab to tortuously heavy, but
necessarily artificial loads. It may also have been tested on
a switch in the wild before the patch was deployed throughout
the network, but that would not have helped.

The trouble was that a certain sequence of events happening
within milliseconds on calls both ways between two heavily
loaded switches could evoke a ping-pong of the switches leaving
and rejoining the network.

The phenomenon was contagious because of the enhanced odds of a
third switch experiencing the bad sequence with a switch that
was repeatedly taking itself off line. The basic problem (and
a fortiori the contagion) had not been seen in the lab because
the lab had only one of the multimillion-dollar switches to
play with.

The meltdown was embarrassing, to say the least. Yet nobody
ever accused AT&T of idiocy for not first testing on a private
network this feature that was inadvertently "designed to
compromise" switches.

Doug

^ permalink raw reply	[flat|nested] 44+ messages in thread
* Re: [TUHS] Happy birthday Morris worm
@ 2019-11-12 22:24 Norman Wilson
  0 siblings, 0 replies; 44+ messages in thread
From: Norman Wilson @ 2019-11-12 22:24 UTC (permalink / raw)
  To: tuhs

Dave Horsfall:

  And for those who slagged me off for calling him an idiot, try this quick 
  quiz: on a scale from utter moron to sheer genius, what do you call 
  someone who deliberately releases untested software designed to compromise 
  machines that are not under his administrative control in order to make 
  some sort of a point?

=====

I'd call that careless and irresponsible.  Calling it stupid or
idiotic is, well, a stupid, idiotic simplification that succeeds
in being nasty without showing any understanding of the real problem.

Carelessness and irresponsibility are characteristic of people
in their late teens and early 20s, i.e. Robert's age at the time.
Many of us are overly impressed with our own brilliance at that
age, and even when we take some care (as I think Robert did) we
don't always take enough (as he certainly didn't).

Anyone who claims not to have been at least a bit irresponsible
and careless when young is, in my opinion, not being honest.  Some
of my former colleagues at Bell Labs weren't always as careful and
responsible as they should be, even to the point of causing harm
to others.  But to their credit, when they screwed up that way they
owned up to having done so, tried to make amends, and tried to do
better in future, just as Robert did.  It was just Robert's bad
luck that he screwed up in such a public way and did harm to so
many people.

I save my scorn for those who are long past that age and still
behave irresponsibly and harmfully, like certain high politicians
and certain high-tech executives.

Probably future discussion of this should move to COFF unless it
relates directly to the culture and doings in 1127 or other historic
UNIX places.

Norman Wilson
Toronto ON

^ permalink raw reply	[flat|nested] 44+ messages in thread
[parent not found: <mailman.3.1572832803.30037.tuhs@minnie.tuhs.org>]
* Re: [TUHS] Happy birthday Morris worm
@ 2019-11-02 14:12 Doug McIlroy
  2019-11-02 20:12 ` Warner Losh
  0 siblings, 1 reply; 44+ messages in thread
From: Doug McIlroy @ 2019-11-02 14:12 UTC (permalink / raw)
  To: tuhs

Full disclosure: I served as a character witness at Robert Morris's trial.
Before the trial, the judge was quite incredulous that the prosecutor
was pursuing a felony charge and refused to let the trial go forward
without confirmation from the prosecutor's superiors in Washington.

> I'm sure that Bob was proud of his son's accomplishments -- but not
that one.

As Bob ut it, "It {being the father] is not a great career move."
Robert confessed to Bob as soon as he realized the folly of loosing
an exponential, even with a tiny growth rate per generation. I 
believe that what brought computers to their knees was the
overwhelming number of attacks, not the cost of cecryption. The
worm did assure that only one copy would be allowed to proceed
at a time.

During high school, Robert worked as a summer employee for Fred
Grampp. He got high marks for finding and correcting an exploit.

> making use of known vulnerabilities

Buffer overflows were known to cause misbehavior, but few people
at the time were conscious that the misbehavior could be controlled.
I do not know whether Berkeley agonized before distributing the
"debug" feature that allowed remote super-user access via sendmail.
But they certainly messed up by not documenting it.

Doug

^ permalink raw reply	[flat|nested] 44+ messages in thread

end of thread, other threads:[~2019-11-21 22:07 UTC | newest]

Thread overview: 44+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-12 20:56 [TUHS] Happy birthday Morris worm Norman Wilson
2019-11-12 22:00 ` Dave Horsfall
2019-11-12 22:10 ` [TUHS] buffer overflow (Re: " Bakul Shah
2019-11-12 22:14   ` Larry McVoy
2019-11-12 22:41     ` Robert Clausecker
2019-11-12 22:49       ` Arthur Krewat
2019-11-12 23:45       ` Jon Steinhart
2019-11-13  0:38         ` Warren Toomey
2019-11-13  1:09         ` Arthur Krewat
2019-11-13  0:24       ` Larry McVoy
2019-11-12 22:54   ` Dave Horsfall
2019-11-12 23:22     ` Warner Losh
2019-11-12 23:27       ` Arthur Krewat
     [not found]     ` <alpine.DEB.2.20.1911191443530.10845@grey.csi.cam.ac.uk>
2019-11-21 20:02       ` Dave Horsfall
2019-11-21 20:38         ` Warner Losh
2019-11-21 21:04           ` Clem Cole
2019-11-21 22:06           ` Dave Horsfall
2019-11-21 21:48         ` Steffen Nurpmeso
2019-11-13  7:35 ` [TUHS] " arnold
2019-11-13 18:02   ` [TUHS] Happy birthday Morris worm [ really programming education ] Jon Steinhart
2019-11-13 18:49     ` Tyler Adams
2019-11-13 19:15     ` [TUHS] #defines and enums ron
2019-11-13 21:11       ` Warner Losh
2019-11-13 21:22     ` [TUHS] Happy birthday Morris worm [ really programming education ] Chet Ramey
2019-11-15 22:49     ` Adam Thornton
2019-11-15 23:59       ` Theodore Y. Ts'o
  -- strict thread matches above, loose matches on Subject: below --
2019-11-15 14:31 [TUHS] Happy birthday, Morris worm Doug McIlroy
2019-11-15 14:39 ` Warner Losh
2019-11-13 13:47 [TUHS] Happy birthday " Doug McIlroy
2019-11-12 22:24 Norman Wilson
     [not found] <mailman.3.1572832803.30037.tuhs@minnie.tuhs.org>
2019-11-04 18:10 ` Paul McJones
2019-11-04 18:57   ` Bakul Shah
2019-11-04 19:24     ` Richard Salz
2019-11-05  3:48       ` Lawrence Stewart
2019-11-05 16:04         ` Ronald Natalie
2019-11-06 10:37           ` arnold
2019-11-06 13:35             ` Ronald Natalie
2019-11-04 19:25     ` SPC
2019-11-04 20:27     ` Dan Cross
2019-11-04 22:10       ` Michael Kjörling
2019-11-05  0:25     ` Anthony Martin
2019-11-02 14:12 Doug McIlroy
2019-11-02 20:12 ` Warner Losh
2019-11-03 17:12   ` Paul Winalski

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).