From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id 480b0273 for ; Tue, 12 Nov 2019 22:01:01 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id 857A79C10C; Wed, 13 Nov 2019 08:00:59 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id 3CC619BB79; Wed, 13 Nov 2019 08:00:35 +1000 (AEST) Received: by minnie.tuhs.org (Postfix, from userid 112) id B745A9BB79; Wed, 13 Nov 2019 08:00:32 +1000 (AEST) Received: from viclamta25p.bpe.bigpond.com (viclamta25p.bpe.bigpond.com [203.38.21.89]) by minnie.tuhs.org (Postfix) with ESMTPS id CDF429BB5B for ; Wed, 13 Nov 2019 08:00:31 +1000 (AEST) Received: from smtp.telstra.com ([10.10.26.4]) by viclafep25p-svc.bpe.nexus.telstra.com.au with ESMTP id <20191112220029.VOXC6432.viclafep25p-svc.bpe.nexus.telstra.com.au@smtp.telstra.com> for ; Wed, 13 Nov 2019 09:00:29 +1100 X-RG-Spam: Unknown X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedufedruddvledgudehlecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfupfevtfgpvffgnffuvffttedpqfgfvfenuceurghilhhouhhtmecugedttdenucenucfjughrpeffhffvufgjkfhffgggtgesthdttddttdervdenucfhrhhomhepffgrvhgvucfjohhrshhfrghllhcuoegurghvvgeshhhorhhsfhgrlhhlrdhorhhgqeenucffohhmrghinhepghhiiihmohguohdrtghomhdrrghunecukfhppeduuddtrddugedurdduleefrddvfeefnecurfgrrhgrmhephhgvlhhopegrnhgvuhhrihhnrdhhohhrshhfrghllhdrohhrghdpihhnvghtpeduuddtrddugedurdduleefrddvfeefpdhmrghilhhfrhhomhepoegurghvvgeshhhorhhsfhgrlhhlrdhorhhgqedprhgtphhtthhopeeothhuhhhssehtuhhhshdrohhrgheqnecuvehluhhsthgvrhfuihiivgeptd X-RazorGate-Vade-Verdict: clean 0 X-RazorGate-Vade-Classification: clean X-RG-VS-CLASS: clean Received: from aneurin.horsfall.org (110.141.193.233) by smtp.telstra.com (5.8.418) id 5D8A7DF907FDECA1 for tuhs@tuhs.org; Wed, 13 Nov 2019 09:00:29 +1100 Received: from aneurin.horsfall.org (localhost [127.0.0.1]) by aneurin.horsfall.org (8.15.2/8.15.2) with ESMTP id xACM0SqF099859 for ; Wed, 13 Nov 2019 09:00:28 +1100 (EST) (envelope-from dave@horsfall.org) Received: from localhost (dave@localhost) by aneurin.horsfall.org (8.15.2/8.15.2/Submit) with ESMTP id xACM0QvE099856 for ; Wed, 13 Nov 2019 09:00:28 +1100 (EST) (envelope-from dave@horsfall.org) X-Authentication-Warning: aneurin.horsfall.org: dave owned process doing -bs Date: Wed, 13 Nov 2019 09:00:26 +1100 (EST) From: Dave Horsfall To: The Eunuchs Hysterical Society In-Reply-To: <1573592179.5935.for-standards-violators@oclsc.org> Message-ID: References: <1573592179.5935.for-standards-violators@oclsc.org> User-Agent: Alpine 2.21.9999 (BSF 287 2018-06-16) X-GPG-Public-Key: http://www.horsfall.org/gpgkey.pub X-GPG-Fingerprint: 05B4 FFBC 0218 B438 66E0 587B EF46 7357 EF5E F58B X-Home-Page: http://www.horsfall.org/ X-Witty-Saying: "chmod 666 the_mode_of_the_beast" MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Subject: Re: [TUHS] Happy birthday Morris worm X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" On Tue, 12 Nov 2019, Norman Wilson wrote: > I think I recall an explicit statement somewhere from an interview with > Robert that the worm was inspired partly by Shockwave Rider. Yes, I noticed the similarity too. > I confess my immediate reaction to the worm was uncontrollable laughter. > I was out of town when it happened, so I first heard it from a newspaper > article (and wasn't caught up in fighting it or I'd have laughed a lot > less, of course); and it seemed to me hilarious when I read that Robert > was behind it. He had interned with 1127 for a few summers while I was > there, so I knew him as very bright but often a bit careless about > details; that seemed an exact match for the worm. That was the trouble; had he bothered to test it on a private network (as if a true professional would even consider carrying out such an act)[*] he would've noticed that his probability calculations were arse-backwards, and so spread much faster than it "should" have. > My longer-term reaction was to completely drop my sloppy old habit > (common in those days not just in my code but in that of many others) of > ignoring possible buffer overflows. I find it mind-boggling that people > still make that mistake; it has been literal decades since the lesson > was rubbed in our community's collective noses. I am very disappointed > that programming education seems not to care enough about this sort of > thing, even today. Yep. Don't use fixed-length buffers unless you *know* that it will not overflow (i.e. the data is under your control), and don't trust user input (especially if the reader is an interpreter with the possibility of spawning a shell); there are of course others. This is what you get when people call themselves programmers because they once took a course in programming or read a book; that's like calling oneself a doctor because you took a first-aid course... One of my favourite examples is "Barbie the Computer Engineer" (grep the net for it, but warning: the title contains a naughty word). Oh, OK; here's a sanitised URL: http://www.gizmodo.com.au/2014/11/barbie-fks-it-up-again/ Yes, that really is the URL; I've just tested it (but contents may offend some viewers; you have been warned). [*] And for those who slagged me off for calling him an idiot, try this quick quiz: on a scale from utter moron to sheer genius, what do you call someone who deliberately releases untested software designed to compromise machines that are not under his administrative control in order to make some sort of a point? I don't know about other countries, but try that in Australia and you'd be seriously out of pocket and/or doing porridge. -- Dave (BSc, majoring in Computer Science and Mathematics)