The Unix Heritage Society mailing list
 help / color / mirror / Atom feed
* Re: [TUHS] Happy birthday Morris worm
@ 2019-11-12 20:56 Norman Wilson
  2019-11-12 22:00 ` Dave Horsfall
                   ` (2 more replies)
  0 siblings, 3 replies; 31+ messages in thread
From: Norman Wilson @ 2019-11-12 20:56 UTC (permalink / raw)
  To: tuhs

I think I recall an explicit statement somewhere from an
interview with Robert that the worm was inspired partly
by Shockwave Rider.

I confess my immediate reaction to the worm was uncontrollable
laughter.  I was out of town when it happened, so I first
heard it from a newspaper article (and wasn't caught up in
fighting it or I'd have laughed a lot less, of course); and
it seemed to me hilarious when I read that Robert was behind
it.  He had interned with 1127 for a few summers while I was
there, so I knew him as very bright but often a bit careless
about details; that seemed an exact match for the worm.

My longer-term reaction was to completely drop my sloppy
old habit (common in those days not just in my code but in
that of many others) of ignoring possible buffer overflows.
I find it mind-boggling that people still make that mistake;
it has been literal decades since the lesson was rubbed in
our community's collective noses.  I am very disappointed
that programming education seems not to care enough about
this sort of thing, even today.

Norman Wilson
Toronto ON

^ permalink raw reply	[flat|nested] 31+ messages in thread
* [TUHS] buffer overflow (Re:  Happy birthday Morris worm
@ 2019-11-12 22:39 Norman Wilson
  2019-11-13  1:43 ` John P. Linderman
  0 siblings, 1 reply; 31+ messages in thread
From: Norman Wilson @ 2019-11-12 22:39 UTC (permalink / raw)
  To: tuhs

Bakul Shah:

  Unfortunately strcpy & other buffer overflow friendly
  functions are still present in the C standard (I am looking at
  n2434.pdf, draft of Sept 25, 2019). Is C really not fixable?

====

If you mean `can C be made proof against careless programmers,'
no.  You could try but the result wouldn't be C.  And Flon's
Dictum applies anyway, as always.

It's perfectly possible to program in C without overflowing
fixed buffers, just as it's perfectly possible to program in
C without dereferencing a NULL or garbage pointer.  I don't
claim to be perfect, but before the rtm worm rubbed my nose
in such problems, I was often sloppy about them, and afterward
I was very much aware of them and paid attention.

That's all I ask: we need to pay attention.  It's not about
tools, it's about brains and craftmanship and caring more
about quality than about feature count or shiny surfaces
or pushing the product out the door.

Which is a good bit of what was attractive about UNIX in
the first place--that both its ideas and its implementation
were straightforward and comprehensible and made with some
care.  (Never mind that it wasn't perfect either.)

Too bad software in general and UNIX descendants in particular
seem to have left all that behind.

Norman Wilson
Toronto ON

PS: if you find this depressing, cheer yourself up by watching
the LCM video showing off UNICS on the PDP-7.  I just did, and
it did.

^ permalink raw reply	[flat|nested] 31+ messages in thread

end of thread, other threads:[~2019-11-21 22:07 UTC | newest]

Thread overview: 31+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-12 20:56 [TUHS] Happy birthday Morris worm Norman Wilson
2019-11-12 22:00 ` Dave Horsfall
2019-11-12 22:10 ` [TUHS] buffer overflow (Re: " Bakul Shah
2019-11-12 22:14   ` Larry McVoy
2019-11-12 22:41     ` Robert Clausecker
2019-11-12 22:49       ` Arthur Krewat
2019-11-12 23:45       ` Jon Steinhart
2019-11-13  0:38         ` Warren Toomey
2019-11-13  1:09         ` Arthur Krewat
2019-11-13  0:24       ` Larry McVoy
2019-11-12 22:54   ` Dave Horsfall
2019-11-12 23:22     ` Warner Losh
2019-11-12 23:27       ` Arthur Krewat
     [not found]     ` <alpine.DEB.2.20.1911191443530.10845@grey.csi.cam.ac.uk>
2019-11-21 20:02       ` Dave Horsfall
2019-11-21 20:38         ` Warner Losh
2019-11-21 21:04           ` Clem Cole
2019-11-21 22:06           ` Dave Horsfall
2019-11-21 21:48         ` Steffen Nurpmeso
2019-11-13  7:35 ` [TUHS] " arnold
2019-11-13 18:02   ` [TUHS] Happy birthday Morris worm [ really programming education ] Jon Steinhart
2019-11-13 18:49     ` Tyler Adams
2019-11-13 19:15     ` [TUHS] #defines and enums ron
2019-11-13 21:11       ` Warner Losh
2019-11-13 21:22     ` [TUHS] Happy birthday Morris worm [ really programming education ] Chet Ramey
2019-11-15 22:49     ` Adam Thornton
2019-11-15 23:59       ` Theodore Y. Ts'o
2019-11-12 22:39 [TUHS] buffer overflow (Re: Happy birthday Morris worm Norman Wilson
2019-11-13  1:43 ` John P. Linderman
2019-11-21 13:10   ` William Cheswick
2019-11-21 18:04     ` Steve Johnson
2019-11-21 21:51       ` John P. Linderman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).