* [TUHS] Cool talk on Unix and Sendmail history, by Eric Allman
@ 2023-07-21 18:53 Rich Morin
2023-07-21 22:14 ` [TUHS] " Grant Taylor via TUHS
2023-07-22 14:54 ` Rich Salz
0 siblings, 2 replies; 36+ messages in thread
From: Rich Morin @ 2023-07-21 18:53 UTC (permalink / raw)
To: The Eunuchs Hysterical Society
Lessons Learned from Sendmail
https://www.youtube.com/watch?v=Re1MAO6jOLE
-r
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-21 18:53 [TUHS] Cool talk on Unix and Sendmail history, by Eric Allman Rich Morin
@ 2023-07-21 22:14 ` Grant Taylor via TUHS
2023-07-21 22:30 ` Larry McVoy
2023-07-22 14:54 ` Rich Salz
1 sibling, 1 reply; 36+ messages in thread
From: Grant Taylor via TUHS @ 2023-07-21 22:14 UTC (permalink / raw)
To: tuhs
On 7/21/23 1:53 PM, Rich Morin wrote:
> Lessons Learned from Sendmail
> https://www.youtube.com/watch?v=Re1MAO6jOLE
Thank you for sharing that video Rich.
The credits are finishing now.
A surprising amount of Eric's talk resonated with me. I find it
entertaining that he and I are doing strikingly similar things with
email, both MTA and MUA, for seemingly similar reasons.
Thank you again.
Grant. . . .
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-21 22:14 ` [TUHS] " Grant Taylor via TUHS
@ 2023-07-21 22:30 ` Larry McVoy
2023-07-21 22:33 ` Grant Taylor via TUHS
` (4 more replies)
0 siblings, 5 replies; 36+ messages in thread
From: Larry McVoy @ 2023-07-21 22:30 UTC (permalink / raw)
To: Grant Taylor; +Cc: tuhs
On Fri, Jul 21, 2023 at 05:14:57PM -0500, Grant Taylor via TUHS wrote:
> On 7/21/23 1:53???PM, Rich Morin wrote:
> >Lessons Learned from Sendmail
> >https://www.youtube.com/watch?v=Re1MAO6jOLE
>
> Thank you for sharing that video Rich.
>
> The credits are finishing now.
>
> A surprising amount of Eric's talk resonated with me. I find it
> entertaining that he and I are doing strikingly similar things with email,
> both MTA and MUA, for seemingly similar reasons.
>
> Thank you again.
I think it was pre-COVID but I had a gathering of systems people at my
place in the Santa Cruz mountains and Kirk and Eric were there. I ended
up talking to Eric for quite a while and what went through my mind was
"This is so pleasant, I'd hire this guy or happily work for this guy.
He gets C like I do and likes it like I do". It really was super
pleasant to realize I'm not the last guy who wants to use C for
serious work.
I suspect we're dinosaurs but we're cut from the same clothe dinosaurs.
A few pics here, not up to my usual level but whatever:
http://mcvoy.com/lm/2019-bsd-bbq/
--
---
Larry McVoy Retired to fishing http://www.mcvoy.com/lm/boat
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-21 22:30 ` Larry McVoy
@ 2023-07-21 22:33 ` Grant Taylor via TUHS
2023-07-21 22:39 ` Larry McVoy
2023-07-21 23:39 ` Steve Nickolas
` (3 subsequent siblings)
4 siblings, 1 reply; 36+ messages in thread
From: Grant Taylor via TUHS @ 2023-07-21 22:33 UTC (permalink / raw)
To: tuhs
On 7/21/23 5:30 PM, Larry McVoy wrote:
> It really was super pleasant to realize I'm not the last guy who
> wants to use C for serious work.
I thought the same thing about m4.
I still like m4.
I've used m4 for more than trivial things within the last few years.
> I suspect we're dinosaurs but we're cut from the same clothe dinosaurs.
:-)
Grant. . . .
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-21 22:33 ` Grant Taylor via TUHS
@ 2023-07-21 22:39 ` Larry McVoy
0 siblings, 0 replies; 36+ messages in thread
From: Larry McVoy @ 2023-07-21 22:39 UTC (permalink / raw)
To: Grant Taylor; +Cc: tuhs
On Fri, Jul 21, 2023 at 05:33:11PM -0500, Grant Taylor via TUHS wrote:
>
> On 7/21/23 5:30???PM, Larry McVoy wrote:
> >It really was super pleasant to realize I'm not the last guy who wants to
> >use C for serious work.
>
> I thought the same thing about m4.
>
> I still like m4.
>
> I've used m4 for more than trivial things within the last few years.
>
> >I suspect we're dinosaurs but we're cut from the same clothe dinosaurs.
I think you get good at using C, and/or m4, and at a certain point it is
easier to write good code in that than start over in a different set of
tools.
My older son is learning CS and I told him that C is a lot like a
sports car on a twisty mountain road that has no guard rails. If
you are someone who wants to be on your phone in the car, you are
gonna have a bad time. On the other hand, if you are an expert
driver, it's a lot of fun.
Kids these days, all they want is guard rails :)
--lm
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-21 22:30 ` Larry McVoy
2023-07-21 22:33 ` Grant Taylor via TUHS
@ 2023-07-21 23:39 ` Steve Nickolas
2023-07-22 4:37 ` John Cowan
2023-07-22 1:48 ` segaloco via TUHS
` (2 subsequent siblings)
4 siblings, 1 reply; 36+ messages in thread
From: Steve Nickolas @ 2023-07-21 23:39 UTC (permalink / raw)
To: tuhs
On Fri, 21 Jul 2023, Larry McVoy wrote:
> I think it was pre-COVID but I had a gathering of systems people at my
> place in the Santa Cruz mountains and Kirk and Eric were there. I ended
> up talking to Eric for quite a while and what went through my mind was
> "This is so pleasant, I'd hire this guy or happily work for this guy.
> He gets C like I do and likes it like I do". It really was super
> pleasant to realize I'm not the last guy who wants to use C for
> serious work.
>
> I suspect we're dinosaurs but we're cut from the same clothe dinosaurs.
>
> A few pics here, not up to my usual level but whatever:
>
> http://mcvoy.com/lm/2019-bsd-bbq/
I feel like C is one of the only languages worth using for serious code.
Most of my code is still C.
-uso.
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-21 22:30 ` Larry McVoy
2023-07-21 22:33 ` Grant Taylor via TUHS
2023-07-21 23:39 ` Steve Nickolas
@ 2023-07-22 1:48 ` segaloco via TUHS
2023-07-22 1:55 ` Jon Forrest
2023-07-22 6:45 ` Lars Brinkhoff
4 siblings, 0 replies; 36+ messages in thread
From: segaloco via TUHS @ 2023-07-22 1:48 UTC (permalink / raw)
To: Larry McVoy; +Cc: Grant Taylor, tuhs
> A few pics here, not up to my usual level but whatever:
>
> http://mcvoy.com/lm/2019-bsd-bbq/
Hah, that reminds me of an implementation trip I was on once. They put our "classroom" back in an old warehouse full of all sorts of junk. Well, one particular week they were doing a bunch of loading/unloading and there was frequently a forklift, keys and all, parked there in this large, tempting warehouse, in the dead of winter in BFE Pennsylvania. Nothing was done that violated company policy, but then again, can't violate a company policy that doesn't exist in writing :)
Can't say I've ever gotten any projects at work to bite on C, but I've had some moderate success reducing most of our boilerplate templates into m4 macros...just in time for a lull in new work. We've got a new project starting soon though that I'm excited to finally use it with, maybe I'll finally convert someone else at work to using some UNIX tools.
- Matt G.
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-21 22:30 ` Larry McVoy
` (2 preceding siblings ...)
2023-07-22 1:48 ` segaloco via TUHS
@ 2023-07-22 1:55 ` Jon Forrest
2023-07-22 6:45 ` Lars Brinkhoff
4 siblings, 0 replies; 36+ messages in thread
From: Jon Forrest @ 2023-07-22 1:55 UTC (permalink / raw)
To: tuhs
On 7/21/2023 3:30 PM, Larry McVoy wrote:
> I think it was pre-COVID but I had a gathering of systems people at my
> place in the Santa Cruz mountains and Kirk and Eric were there. I ended
> up talking to Eric for quite a while and what went through my mind was
> "This is so pleasant, I'd hire this guy or happily work for this guy.
I've had the pleasure and honor of working with and for Eric several
times in my career. He's one of the best programmers I've ever seen.
Jon
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-21 22:30 ` Larry McVoy
` (3 preceding siblings ...)
2023-07-22 1:55 ` Jon Forrest
@ 2023-07-22 6:45 ` Lars Brinkhoff
4 siblings, 0 replies; 36+ messages in thread
From: Lars Brinkhoff @ 2023-07-22 6:45 UTC (permalink / raw)
To: Larry McVoy; +Cc: Grant Taylor, tuhs
Larry McVoy wrote:
> I'm not the last guy who wants to use C for serious work.
I'm using many diffent languages for many things. But when I write
stuff that I'm humbly HOPING will be useful, say, 30 years from now, I
pick C. It seems to me it's likely it will stick around, close to its
current form, a long time from now. I don't think I could make that bet
on other languages that are popular now, either due to the language
itself being in flux, or its libraries, ecosystem, etc.
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-21 18:53 [TUHS] Cool talk on Unix and Sendmail history, by Eric Allman Rich Morin
2023-07-21 22:14 ` [TUHS] " Grant Taylor via TUHS
@ 2023-07-22 14:54 ` Rich Salz
2023-07-22 15:24 ` Warner Losh
2023-07-22 20:52 ` Dave Horsfall
1 sibling, 2 replies; 36+ messages in thread
From: Rich Salz @ 2023-07-22 14:54 UTC (permalink / raw)
To: Rich Morin; +Cc: The Eunuchs Hysterical Society
[-- Attachment #1: Type: text/plain, Size: 476 bytes --]
He says he wraps everything he uses in the standard library; "this tends to
make my code idiosyncratic." At some Usenix, someone once summed it up to
me as "It is the most beautiful code that is completely unmodifiable."
Seemed appropriate. (Compare to procmail, where the quote was "seen the
source? Gaah, my eyes are melting.")
I enjoyed watching this, thanks. I agree with the other comment "what,
nothing about security?" Sendmail did enable the first Internet worm :)
[-- Attachment #2: Type: text/html, Size: 606 bytes --]
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-22 14:54 ` Rich Salz
@ 2023-07-22 15:24 ` Warner Losh
2023-07-22 16:12 ` Arrigo Triulzi via TUHS
2023-07-22 20:52 ` Dave Horsfall
1 sibling, 1 reply; 36+ messages in thread
From: Warner Losh @ 2023-07-22 15:24 UTC (permalink / raw)
To: Rich Salz; +Cc: The Eunuchs Hysterical Society
[-- Attachment #1: Type: text/plain, Size: 1628 bytes --]
On Sat, Jul 22, 2023, 8:54 AM Rich Salz <rich.salz@gmail.com> wrote:
> He says he wraps everything he uses in the standard library; "this tends
> to make my code idiosyncratic." At some Usenix, someone once summed it up
> to me as "It is the most beautiful code that is completely unmodifiable."
> Seemed appropriate. (Compare to procmail, where the quote was "seen the
> source? Gaah, my eyes are melting.")
>
Back in the 80s I looked at sendmail.. lots of things like strcpy written
inline. It was a mess in some ways, but ran more slowly if you cleaned all
that stuff up. It was decently well done, but had also clearly grown well
beyond its original framing...
The thing is... you don't need wrappers for standard calls. You just need
portable implementations of them for the times they are missing or broken.
I enjoyed watching this, thanks. I agree with the other comment "what,
> nothing about security?" Sendmail did enable the first Internet worm :)
>
Some of that was the times: almost nothing cared about security in a world
full of active attackers... having already forgotten the lessons of the
early v5 deployments exposing unix to lots of bored college students that
needed to do something and quickly found holes in unix's protections..
though known at the time, the stack smash wasn't believed generally to be a
severe threat. Even after the eorm, it was 10 years later openbsd started
its wide spread effort to fix them...
Gets() was the real problem that leD to the worm. The insecurity was baked
into the APIs until the 90s... and many insecure APIs weren't removed until
the last decade.
Warner
>
[-- Attachment #2: Type: text/html, Size: 2646 bytes --]
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-22 14:54 ` Rich Salz
2023-07-22 15:24 ` Warner Losh
@ 2023-07-22 20:52 ` Dave Horsfall
1 sibling, 0 replies; 36+ messages in thread
From: Dave Horsfall @ 2023-07-22 20:52 UTC (permalink / raw)
To: The Eunuchs Hysterical Society
On Sat, 22 Jul 2023, Rich Salz wrote:
> (Compare to procmail, where the quote was "seen the source? Gaah, my
> eyes are melting.")
The Procmail source is so bad that even the author has abandoned it; it's
likely to be riddled with security holes too, so you'd be nuts to use it.
> I enjoyed watching this, thanks. I agree with the other comment "what,
> nothing about security?" Sendmail did enable the first Internet worm :)
Like C, Sendmail was not really designed with secure coding in mind.
-- Dave
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
@ 2023-07-30 17:33 Douglas McIlroy
0 siblings, 0 replies; 36+ messages in thread
From: Douglas McIlroy @ 2023-07-30 17:33 UTC (permalink / raw)
To: TUHS main list
"Lessons learned" overlooked the Morris worm, which exploited not only
the unpardonable gets interface, but also the unpardonable back door
that Allman built into sendmail.
This reminds me of how I agonized over Mike Lesk's refusal to remove
remote execution from uucp. (Like Eric, Mike created the feature to
help fix the myriad trouble reports these communication facilities
stimulated.) It seemed irresponsible to distribute v7 with the feature
present, yet the rest of uucp provided an almost indispensable
service. The fig leaf for allowing uucp in the distribution was that
remote execution was described in the manual. If you didn't like it
you could delete or fix uucp. (Sendmail's Trojan horse was
undocumented, though visible in the code.)
Doug
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
@ 2023-07-30 18:22 Norman Wilson
2023-07-30 21:43 ` Rob Pike
0 siblings, 1 reply; 36+ messages in thread
From: Norman Wilson @ 2023-07-30 18:22 UTC (permalink / raw)
To: tuhs
Doug McIlroy:
This reminds me of how I agonized over Mike Lesk's refusal to remove
remote execution from uucp.
====
Uux, the remote-execution mechanism I remember from uucp, had
rather better utility than the famous Sendmail back-door: it
was how uucp carried mail, by sending a file to be handed to
mailer on the remote system. It was clearly dangerous if
the remote site accepted any command, but as shipped in V7
only a short list of remote commands was allowed: mail rmail
lpr opr fsend fget. (As uucp was used to carry other things
like netnews, the list was later extended by individual sites,
and eventually moved to a file so reconfiguration needn't
recapitulate compilation).
Not the safest of mechanisms, but at least in V7 it had a use
other than Mike fixing your system for you.
Is there some additional history here? e.g. was the list of
permitted commands added after arguments about safety, or
some magic command that let Mike in removed? Or was there a
different remote-execution back door I don't remember and don't
see in a quick look at uuxqt.c?
Norman Wilson
Toronto ON
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-30 18:22 Norman Wilson
@ 2023-07-30 21:43 ` Rob Pike
2023-07-30 23:34 ` George Michaelson
0 siblings, 1 reply; 36+ messages in thread
From: Rob Pike @ 2023-07-30 21:43 UTC (permalink / raw)
To: Norman Wilson; +Cc: tuhs
[-- Attachment #1: Type: text/plain, Size: 1665 bytes --]
There was also a feature Mike Lesk added that allowed a marked line,
something like
%! command
to cause the command to be executed when the recipient read the mail, for
example to demonstrate a feature of a program or teach the recipient
something. He meant well. Dennis had the closest he ever had to a
conniption, and it was taken out post haste. Meaning well is not enough.
-rob
On Mon, Jul 31, 2023 at 4:23 AM Norman Wilson <norman@oclsc.org> wrote:
> Doug McIlroy:
>
> This reminds me of how I agonized over Mike Lesk's refusal to remove
> remote execution from uucp.
>
> ====
>
> Uux, the remote-execution mechanism I remember from uucp, had
> rather better utility than the famous Sendmail back-door: it
> was how uucp carried mail, by sending a file to be handed to
> mailer on the remote system. It was clearly dangerous if
> the remote site accepted any command, but as shipped in V7
> only a short list of remote commands was allowed: mail rmail
> lpr opr fsend fget. (As uucp was used to carry other things
> like netnews, the list was later extended by individual sites,
> and eventually moved to a file so reconfiguration needn't
> recapitulate compilation).
>
> Not the safest of mechanisms, but at least in V7 it had a use
> other than Mike fixing your system for you.
>
> Is there some additional history here? e.g. was the list of
> permitted commands added after arguments about safety, or
> some magic command that let Mike in removed? Or was there a
> different remote-execution back door I don't remember and don't
> see in a quick look at uuxqt.c?
>
> Norman Wilson
> Toronto ON
>
[-- Attachment #2: Type: text/html, Size: 2578 bytes --]
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-30 21:43 ` Rob Pike
@ 2023-07-30 23:34 ` George Michaelson
2023-07-30 23:59 ` Erik E. Fair
0 siblings, 1 reply; 36+ messages in thread
From: George Michaelson @ 2023-07-30 23:34 UTC (permalink / raw)
To: tuhs
It must be the fate of all UUCP-like protocols to recapitulate the
life of UUCP. My memory is that ACSNet (quite UUCP like) had both an
execute, and a *@dom.ain and even root@* handling, and that it caused
some DOS consequences.
There's nothing implicitly wrong with remote execution, remote job
entry was a thing back in the coloured book protocols. I guess the
problem inherent in "just do this thing" in UUCP was the permissions
and runtime context. But a chroot() and permissions drop should have
made it less risky. There is the "but anyone can inject it" problem.
Execute on read is just awful. But, now we have HTML to track "they
read it" through URL fetch.
G
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-30 23:34 ` George Michaelson
@ 2023-07-30 23:59 ` Erik E. Fair
2023-07-31 0:26 ` Warner Losh
` (2 more replies)
0 siblings, 3 replies; 36+ messages in thread
From: Erik E. Fair @ 2023-07-30 23:59 UTC (permalink / raw)
To: George Michaelson; +Cc: tuhs
Date: Mon, 31 Jul 2023 09:34:56 +1000
From: George Michaelson <ggm@algebras.org>
[...]
Execute on read is just awful. But, now we have HTML to track "they
read it" through URL fetch.
And then the utterly disastrous: JavaScript. It should be *eliminated*
from the WWW as the gross security violation it is.
"don't run software from strangers",
Erik Fair
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-30 23:59 ` Erik E. Fair
@ 2023-07-31 0:26 ` Warner Losh
2023-07-31 22:57 ` Grant Taylor via TUHS
2023-08-01 1:51 ` Niklas Karlsson
2023-07-31 0:41 ` segaloco via TUHS
2023-08-01 9:22 ` Marc Donner
2 siblings, 2 replies; 36+ messages in thread
From: Warner Losh @ 2023-07-31 0:26 UTC (permalink / raw)
To: Erik E. Fair; +Cc: The Eunuchs Hysterical Society
[-- Attachment #1: Type: text/plain, Size: 554 bytes --]
On Sun, Jul 30, 2023, 5:59 PM Erik E. Fair <fair-tuhs@netbsd.org> wrote:
>
> Date: Mon, 31 Jul 2023 09:34:56 +1000
> From: George Michaelson <ggm@algebras.org>
>
> [...]
>
> Execute on read is just awful. But, now we have HTML to track "they
> read it" through URL fetch.
>
> And then the utterly disastrous: JavaScript. It should be *eliminated*
> from the WWW as the gross security violation it is.
>
> "don't run software from strangers",
>
Write once, run everywhere.
Warner
> Erik Fair
>
[-- Attachment #2: Type: text/html, Size: 1293 bytes --]
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-31 0:26 ` Warner Losh
@ 2023-07-31 22:57 ` Grant Taylor via TUHS
2023-07-31 23:05 ` Warner Losh
2023-08-01 1:51 ` Niklas Karlsson
1 sibling, 1 reply; 36+ messages in thread
From: Grant Taylor via TUHS @ 2023-07-31 22:57 UTC (permalink / raw)
To: tuhs
On 7/30/23 7:26 PM, Warner Losh wrote:
> Write once, run everywhere.
Wasn't that "Java" proper and not "JavaScript"?
Grant. . . .
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-31 22:57 ` Grant Taylor via TUHS
@ 2023-07-31 23:05 ` Warner Losh
2023-08-01 2:45 ` Grant Taylor via TUHS
0 siblings, 1 reply; 36+ messages in thread
From: Warner Losh @ 2023-07-31 23:05 UTC (permalink / raw)
To: Grant Taylor; +Cc: The Eunuchs Hysterical Society
[-- Attachment #1: Type: text/plain, Size: 339 bytes --]
On Mon, Jul 31, 2023, 4:58 PM Grant Taylor via TUHS <tuhs@tuhs.org> wrote:
> On 7/30/23 7:26 PM, Warner Losh wrote:
> > Write once, run everywhere.
>
> Wasn't that "Java" proper and not "JavaScript"?
>
It was.. but since Javascript has the name Java in it... I thought I'd make
that joke...
Warner
>
> Grant. . . .
>
[-- Attachment #2: Type: text/html, Size: 903 bytes --]
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-31 23:05 ` Warner Losh
@ 2023-08-01 2:45 ` Grant Taylor via TUHS
0 siblings, 0 replies; 36+ messages in thread
From: Grant Taylor via TUHS @ 2023-08-01 2:45 UTC (permalink / raw)
To: tuhs
On 7/31/23 6:05 PM, Warner Losh wrote:
> It was.. but since Javascript has the name Java in it... I thought I'd
> make that joke...
Fair enough.
I thought perhaps I was misremembering things and more caught up in
trying to correct my mental understanding and failed to see the humor.
--
Grant. . . .
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-31 0:26 ` Warner Losh
2023-07-31 22:57 ` Grant Taylor via TUHS
@ 2023-08-01 1:51 ` Niklas Karlsson
2023-08-01 2:47 ` Grant Taylor via TUHS
2023-08-01 3:20 ` Theodore Ts'o
1 sibling, 2 replies; 36+ messages in thread
From: Niklas Karlsson @ 2023-08-01 1:51 UTC (permalink / raw)
To: The Eunuchs Hysterical Society
[-- Attachment #1: Type: text/plain, Size: 726 bytes --]
Den mån 31 juli 2023 kl 02:27 skrev Warner Losh <imp@bsdimp.com>:
>
>
> On Sun, Jul 30, 2023, 5:59 PM Erik E. Fair <fair-tuhs@netbsd.org> wrote:
>
>>
>> Date: Mon, 31 Jul 2023 09:34:56 +1000
>> From: George Michaelson <ggm@algebras.org>
>>
>> [...]
>>
>> Execute on read is just awful. But, now we have HTML to track
>> "they
>> read it" through URL fetch.
>>
>> And then the utterly disastrous: JavaScript. It should be *eliminated*
>> from the WWW as the gross security violation it is.
>>
>> "don't run software from strangers",
>>
>
>
> Write once, run everywhere.
>
I've seen some cynical people render it as "write once, run away".
Niklas
[-- Attachment #2: Type: text/html, Size: 1559 bytes --]
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-08-01 1:51 ` Niklas Karlsson
@ 2023-08-01 2:47 ` Grant Taylor via TUHS
2023-08-01 3:20 ` Theodore Ts'o
1 sibling, 0 replies; 36+ messages in thread
From: Grant Taylor via TUHS @ 2023-08-01 2:47 UTC (permalink / raw)
To: tuhs
On 7/31/23 8:51 PM, Niklas Karlsson wrote:
> I've seen some cynical people render it as "write once, run away".
I've heard:
- Write once and crash everywhere.
- Just another vulnerability announcement.
--
Grant. . . .
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-08-01 1:51 ` Niklas Karlsson
2023-08-01 2:47 ` Grant Taylor via TUHS
@ 2023-08-01 3:20 ` Theodore Ts'o
1 sibling, 0 replies; 36+ messages in thread
From: Theodore Ts'o @ 2023-08-01 3:20 UTC (permalink / raw)
To: Niklas Karlsson; +Cc: The Eunuchs Hysterical Society
On Tue, Aug 01, 2023 at 03:51:28AM +0200, Niklas Karlsson wrote:
> >
> > Write once, run everywhere.
>
> I've seen some cynical people render it as "write once, run away".
I've always preferred, "Write once, run screaming". :-)
- Ted
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-30 23:59 ` Erik E. Fair
2023-07-31 0:26 ` Warner Losh
@ 2023-07-31 0:41 ` segaloco via TUHS
2023-08-01 9:22 ` Marc Donner
2 siblings, 0 replies; 36+ messages in thread
From: segaloco via TUHS @ 2023-07-31 0:41 UTC (permalink / raw)
To: Erik E. Fair; +Cc: tuhs
> And then the utterly disastrous: JavaScript. It should be eliminated
> from the WWW as the gross security violation it is.
>
> "don't run software from strangers",
>
> Erik Fair
The browser is becoming more and more of an OS of its own, it just needs to act like it in the security realm.
- Matt G.
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-07-30 23:59 ` Erik E. Fair
2023-07-31 0:26 ` Warner Losh
2023-07-31 0:41 ` segaloco via TUHS
@ 2023-08-01 9:22 ` Marc Donner
2023-08-01 10:58 ` Erik E. Fair
2 siblings, 1 reply; 36+ messages in thread
From: Marc Donner @ 2023-08-01 9:22 UTC (permalink / raw)
To: Erik E. Fair; +Cc: tuhs
[-- Attachment #1: Type: text/plain, Size: 870 bytes --]
Nathaniel (Mr Mime) Borenstein came up with something (atomicmail?) that
was intended to be more functional than raw text but safer than free
execution of unknown code. I disremember the details. I don’t think it
ever got traction.
On Sun, Jul 30, 2023 at 7:59 PM Erik E. Fair <fair-tuhs@netbsd.org> wrote:
>
> Date: Mon, 31 Jul 2023 09:34:56 +1000
> From: George Michaelson <ggm@algebras.org>
>
> [...]
>
> Execute on read is just awful. But, now we have HTML to track "they
> read it" through URL fetch.
>
> And then the utterly disastrous: JavaScript. It should be *eliminated*
> from the WWW as the gross security violation it is.
>
> "don't run software from strangers",
>
> Erik Fair
>
--
=====
nygeek.net
mindthegapdialogs.com/home <https://www.mindthegapdialogs.com/home>
[-- Attachment #2: Type: text/html, Size: 1589 bytes --]
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-08-01 9:22 ` Marc Donner
@ 2023-08-01 10:58 ` Erik E. Fair
2023-08-02 0:37 ` Dave Horsfall
0 siblings, 1 reply; 36+ messages in thread
From: Erik E. Fair @ 2023-08-01 10:58 UTC (permalink / raw)
To: Marc Donner; +Cc: tuhs
Date: Tue, 1 Aug 2023 05:22:17 -0400
From: Marc Donner <marc.donner@gmail.com>
Nathaniel (Mr Mime) Borenstein came up with something (atomicmail?)
that was intended to be more functional than raw text but safer
than free execution of unknown code. I disremember the details.
I don't think it ever got traction.
You remember correctly. It got stomped by those of us in the IETF MIME working group with approximately the same forceful negative reaction as you've seen here to Mike Lesk's idea of instantly executed Unix commands in e-mail.
I'm hardly innocent of this - while writing & operating the AppleLink/Internet e-mail gateway at Apple in the 1990s, I discovered that I could download the entire user directory from AppleLink (over 50k users: all Apple employees, Apple 3rd-party developers, Apple retail dealers - the whole "Apple Federation" at that time was on AppleLink), which included both usernames and "full name" fields, which could provide the basis for an AppleLink directory lookup service on the Internet. I figured it'd be easy to use FINGER & WHOIS as the protocol ports since the outputs of those are basically unstructured (unspecified) ASCII text, e.g. "finger fair@applelink.apple.com" would return a list of all usernames and full names matching "fair".
I was writing in Perl because e-mail gatewaying is primarily about string handling, and it sucks to write in C for that. The best performing way to implement the text search was to use its eval() function with a regex constructed from the network protocol input. I tested it, and it worked great, but I bet you can guess where this is going - how to perfectly sanitize the search term inputs taken directly from the net so they don't become arbitrary Perl code?
I never deployed it, partly because I couldn't convince myself I'd made the service completely secure, and partly as a privacy matter: finger (especially after the 1989 Morris Worm & the increasing amounts of e-mail spam) was not a service that sites were offering any longer because there were too many bad actors on the Internet, and it just wasn't a good idea to be as open & trusting as the ARPANET had been. I lament the passing of that culture from time to time.
I think anyone with a modicum of experience in computer & systems security can instantly recognize the dangers in executable code transmitted unsolicited to unwary recipients and automatically executed without prior, explicit permission, and works to stop anything along those lines from becoming standard practice because, despite all the protestations that "it's run in a sandbox, it's safe!", the proponents can never prove their case beyond reasonable doubt.
How many bugs were discovered in the "restricted shell" (rsh) over the years?
Sometimes we fail to prevent such bad ideas from being implemented: JavaScript in HTML/HTTP is one such. What concerns me these days is how often JavaScript is showing up in text/html e-mail. At least visiting a website (URL) with a web browser is, to some degree, an act of volition. Particularly with MIME, Internet e-mail has to be parsed and presented (and which HTML parsers these days do not also include a JavaScript interpreter?), not merely spewed to a presumed-ASCII (OK, UTF-8) terminal. Even simple spew could be dangerous: who remembers "intelligent terminal" transmit-back codes and the mischief those caused?
IIRC, the question we posed to Nathaniel was: "do we really want to enable letter bombs?"
Some of us also remembered (and possibly referenced) the UNAbomber.
Erik
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-08-01 10:58 ` Erik E. Fair
@ 2023-08-02 0:37 ` Dave Horsfall
2023-08-02 14:52 ` Ron Natalie
0 siblings, 1 reply; 36+ messages in thread
From: Dave Horsfall @ 2023-08-02 0:37 UTC (permalink / raw)
To: The Eunuchs Hysterical Society
On Tue, 1 Aug 2023, Erik E. Fair wrote:
> Even simple spew could be dangerous: who remembers "intelligent
> terminal" transmit-back codes and the mischief those caused?
ASCII bombs were fairly popular in the old MS-DOS BBS days (format the
disk, anyone?), and it was possible over packet radio too (sort of a BBS
via Amateur i.e. "ham" radio).
-- Dave (vk2kfu)
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-08-02 0:37 ` Dave Horsfall
@ 2023-08-02 14:52 ` Ron Natalie
2023-08-02 21:14 ` Grant Taylor via TUHS
2023-08-02 23:33 ` Dave Horsfall
0 siblings, 2 replies; 36+ messages in thread
From: Ron Natalie @ 2023-08-02 14:52 UTC (permalink / raw)
To: Dave Horsfall, The Eunuchs Hysterical Society
ASCII Bombs? Like my Letter Bomb Transport Protocol (LBTP)?
https://groups.google.com/g/net.followup/c/OJBALbzTq4w/m/LoxMnbz0bwMJ
It seems to have lost something in the formatting (the leading spaces
were all removed).
------ Original Message ------
From "Dave Horsfall" <dave@horsfall.org>
To "The Eunuchs Hysterical Society" <tuhs@tuhs.org>
Date 8/1/23, 8:37:20 PM
Subject [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric
Allman
>On Tue, 1 Aug 2023, Erik E. Fair wrote:
>
>> Even simple spew could be dangerous: who remembers "intelligent
>> terminal" transmit-back codes and the mischief those caused?
>
>ASCII bombs were fairly popular in the old MS-DOS BBS days (format the
>disk, anyone?), and it was possible over packet radio too (sort of a BBS
>via Amateur i.e. "ham" radio).
>
>-- Dave (vk2kfu)
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-08-02 14:52 ` Ron Natalie
@ 2023-08-02 21:14 ` Grant Taylor via TUHS
2023-08-02 22:20 ` segaloco via TUHS
2023-08-02 23:33 ` Dave Horsfall
1 sibling, 1 reply; 36+ messages in thread
From: Grant Taylor via TUHS @ 2023-08-02 21:14 UTC (permalink / raw)
To: tuhs
On 8/2/23 9:52 AM, Ron Natalie wrote:
> ASCII Bombs? Like my Letter Bomb Transport Protocol (LBTP)?
>
> https://groups.google.com/g/net.followup/c/OJBALbzTq4w/m/LoxMnbz0bwMJ
~chuckle~
> It seems to have lost something in the formatting (the leading spaces
> were all removed).
Ya....
People think I'm weird for not liking languages that use white space as
structural definition. Frequently those people have not experienced
such a failure as what has happened to your ASCII Bomb.
Grant. . . .
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-08-02 21:14 ` Grant Taylor via TUHS
@ 2023-08-02 22:20 ` segaloco via TUHS
2023-08-02 22:37 ` Warner Losh
2023-08-02 23:49 ` Rich Salz
0 siblings, 2 replies; 36+ messages in thread
From: segaloco via TUHS @ 2023-08-02 22:20 UTC (permalink / raw)
To: Grant Taylor; +Cc: tuhs
> People think I'm weird for not liking languages that use white space as
> structural definition.
>
> Grant. . . .
This is my chief gripe with Python, although on the flip side Python isn't the right language anyway for most scenarios where I use whitespace/indentation to imply structure the language itself can't articulate. It's meant for mainly functional programming as I understand it so the structure does enforce some stylistic practices conducive to good functional programming. Still a shame to force a particular style approach by default rather than just strongly suggest it.
What strikes me particularly odd about the Python case is that its not like that space-sensitivity evolved out of the same line of reasoning as the compulsory spacing in FORTRAN, COBOL, etc. It seems mainly to be a way to operate without code blocks, with the "blocks" being implied by indentation rather than braces, parens, or some other delimiter.
In UNIX of course we have our own little variation on this problem with make(1) and the need to tab out the rule definition. I seem to recall reading somewhere (perhaps Doug's McIlroy's UPM excerpts) that that Stu Feldman considered undoing that but there were already users who that would've caused trouble for, so make's early, entrenched adoption stymied attempts at the time to rectify this. Anyone with better details feel free to correct me.
- Matt G.
P.S. This answer can be off list or spin off a separate thread for make junkies, but did any AT&T or BSD revision of make(1) support rule names coming from variables rather than explicitly entered?
For instance:
$(BIN): $(OBJS)
$(CC) $(LDFLAGS) -o $(BIN) $(OBJS) $(LIBS)
I used to use this in makefiles but at some point, I think with one of the BSDs, it balked at the idea of a variable rule name and so it fell out of my practice in trying to avoid GNUisms.
It's been a while but I feel like I ran through and tried this on V7, System III, and PDP-11 System V and all of them were unhappy about that construct. I can try and get on the LCMs 3B400 later to see what SVR3 does. I don't remember which of the BSDs (if not multiple) I ran into that issue on initially, but I can't imagine one of the major streams would work that in without the other two wanting to copy their notes.
Maybe an alternative question is if folks are aware of make implementations besides GNU that *do* support that sort of thing.
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-08-02 22:20 ` segaloco via TUHS
@ 2023-08-02 22:37 ` Warner Losh
2023-08-02 23:49 ` Rich Salz
1 sibling, 0 replies; 36+ messages in thread
From: Warner Losh @ 2023-08-02 22:37 UTC (permalink / raw)
To: segaloco; +Cc: Grant Taylor, tuhs
[-- Attachment #1: Type: text/plain, Size: 3290 bytes --]
On Wed, Aug 2, 2023 at 4:20 PM segaloco via TUHS <tuhs@tuhs.org> wrote:
> > People think I'm weird for not liking languages that use white space as
> > structural definition.
> >
> > Grant. . . .
>
> This is my chief gripe with Python, although on the flip side Python isn't
> the right language anyway for most scenarios where I use
> whitespace/indentation to imply structure the language itself can't
> articulate. It's meant for mainly functional programming as I understand
> it so the structure does enforce some stylistic practices conducive to good
> functional programming. Still a shame to force a particular style approach
> by default rather than just strongly suggest it.
>
> What strikes me particularly odd about the Python case is that its not
> like that space-sensitivity evolved out of the same line of reasoning as
> the compulsory spacing in FORTRAN, COBOL, etc. It seems mainly to be a way
> to operate without code blocks, with the "blocks" being implied by
> indentation rather than braces, parens, or some other delimiter.
>
> In UNIX of course we have our own little variation on this problem with
> make(1) and the need to tab out the rule definition. I seem to recall
> reading somewhere (perhaps Doug's McIlroy's UPM excerpts) that that Stu
> Feldman considered undoing that but there were already users who that
> would've caused trouble for, so make's early, entrenched adoption stymied
> attempts at the time to rectify this. Anyone with better details feel free
> to correct me.
>
> - Matt G.
>
> P.S. This answer can be off list or spin off a separate thread for make
> junkies, but did any AT&T or BSD revision of make(1) support rule names
> coming from variables rather than explicitly entered?
>
> For instance:
>
> $(BIN): $(OBJS)
> $(CC) $(LDFLAGS) -o $(BIN) $(OBJS) $(LIBS)
>
> I used to use this in makefiles but at some point, I think with one of the
> BSDs, it balked at the idea of a variable rule name and so it fell out of
> my practice in trying to avoid GNUisms.
>
BSD has long supported
PROG=cat
.include <bsd.prog.mk>
to have it deal with all the details. Of course, FreeBSD's is more complex
than that, because nothing is ever simple.
And I think even V7 make supported what you described, as well as implicit
rules for compiling .c into a .o or into a binary.
> It's been a while but I feel like I ran through and tried this on V7,
> System III, and PDP-11 System V and all of them were unhappy about that
> construct. I can try and get on the LCMs 3B400 later to see what SVR3
> does. I don't remember which of the BSDs (if not multiple) I ran into that
> issue on initially, but I can't imagine one of the major streams would work
> that in without the other two wanting to copy their notes.
>
They'd likely be happier if you used {} instead of () for variable
expansion.
> Maybe an alternative question is if folks are aware of make
> implementations besides GNU that *do* support that sort of thing.
>
The NetBSD/FreeBSD pmake does, and has since before NetBSD/FreeBSD were a
thing (at least to 4.2BSD, and I think even further back since I'm nearly
positive V7 supported it, though I've not cranked up a V7 VM to chek).
Warner
[-- Attachment #2: Type: text/html, Size: 4146 bytes --]
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-08-02 22:20 ` segaloco via TUHS
2023-08-02 22:37 ` Warner Losh
@ 2023-08-02 23:49 ` Rich Salz
1 sibling, 0 replies; 36+ messages in thread
From: Rich Salz @ 2023-08-02 23:49 UTC (permalink / raw)
To: segaloco; +Cc: Grant Taylor, tuhs
[-- Attachment #1: Type: text/plain, Size: 177 bytes --]
> [Python is] meant for mainly functional programming as I understand it
Not true. It has some neat functional features (list comprehensions) but
that's not really its intent.
[-- Attachment #2: Type: text/html, Size: 233 bytes --]
^ permalink raw reply [flat|nested] 36+ messages in thread
* [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman
2023-08-02 14:52 ` Ron Natalie
2023-08-02 21:14 ` Grant Taylor via TUHS
@ 2023-08-02 23:33 ` Dave Horsfall
1 sibling, 0 replies; 36+ messages in thread
From: Dave Horsfall @ 2023-08-02 23:33 UTC (permalink / raw)
To: The Eunuchs Hysterical Society
On Wed, 2 Aug 2023, Ron Natalie wrote:
> ASCII Bombs? Like my Letter Bomb Transport Protocol (LBTP)?
Some "smart" terminals could have their function keys programmed by escape
characters, then subsequently invoked...
> https://groups.google.com/g/net.followup/c/OJBALbzTq4w/m/LoxMnbz0bwMJ
>
> It seems to have lost something in the formatting (the leading spaces
> were all removed).
Aha... Much better with a bit of imagination :-)
Which reminds me: the reason why I refuse to use Python is that white
space is part of the syntax; the last language I used with that property
was FORTRAN (and I also had to learn COBOL as part of my CS degree, but
fortunately never had to use it).
-- Dave
^ permalink raw reply [flat|nested] 36+ messages in thread
end of thread, other threads:[~2023-08-02 23:49 UTC | newest]
Thread overview: 36+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-21 18:53 [TUHS] Cool talk on Unix and Sendmail history, by Eric Allman Rich Morin
2023-07-21 22:14 ` [TUHS] " Grant Taylor via TUHS
2023-07-21 22:30 ` Larry McVoy
2023-07-21 22:33 ` Grant Taylor via TUHS
2023-07-21 22:39 ` Larry McVoy
2023-07-21 23:39 ` Steve Nickolas
2023-07-22 4:37 ` John Cowan
2023-07-22 1:48 ` segaloco via TUHS
2023-07-22 1:55 ` Jon Forrest
2023-07-22 6:45 ` Lars Brinkhoff
2023-07-22 14:54 ` Rich Salz
2023-07-22 15:24 ` Warner Losh
2023-07-22 16:12 ` Arrigo Triulzi via TUHS
2023-07-22 20:52 ` Dave Horsfall
2023-07-30 17:33 Douglas McIlroy
2023-07-30 18:22 Norman Wilson
2023-07-30 21:43 ` Rob Pike
2023-07-30 23:34 ` George Michaelson
2023-07-30 23:59 ` Erik E. Fair
2023-07-31 0:26 ` Warner Losh
2023-07-31 22:57 ` Grant Taylor via TUHS
2023-07-31 23:05 ` Warner Losh
2023-08-01 2:45 ` Grant Taylor via TUHS
2023-08-01 1:51 ` Niklas Karlsson
2023-08-01 2:47 ` Grant Taylor via TUHS
2023-08-01 3:20 ` Theodore Ts'o
2023-07-31 0:41 ` segaloco via TUHS
2023-08-01 9:22 ` Marc Donner
2023-08-01 10:58 ` Erik E. Fair
2023-08-02 0:37 ` Dave Horsfall
2023-08-02 14:52 ` Ron Natalie
2023-08-02 21:14 ` Grant Taylor via TUHS
2023-08-02 22:20 ` segaloco via TUHS
2023-08-02 22:37 ` Warner Losh
2023-08-02 23:49 ` Rich Salz
2023-08-02 23:33 ` Dave Horsfall
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).