When digging inside my Acorn Risc-PC I once found a message along the lines of "Help! We are being kept in a cellar and forced to write software!"... :-)
With regards to the copy protection aspect, it was a pretty common practice back in the day (perhaps even still is).
In the Macintosh Classic's ROM, there were debug sequences that not only would display pictures of the development team, but write the text "STOLEN FROM APPLE COMPUTER" to the screen. http://appletothecore.me/files/mac_se_easter_egg.php
Oracle did something similar with the network protocol of its database driver. Not to prevent copying, but to prevent others from writing their own drivers: http://dacut.blogspot.de/2008/03/oracle-poetry.html
I doubt that it would work in practice. Sega tried similar thing (requiring games on Sega Genesis to print "PRODUCED BY OR UNDER LICENSE FROM SEGA ENTERPRISES LTD.") to block interoperability, and they lost a case against Accolade.
I usually use wikiquote to verify attribution, but this one is not mentioned there. Is there any proof, or is this simply the most popular attribution? Sadly, most are simply popular, which has led me to be suspicious.
i strongly recommend The Moon is a Harsh Mistress (one of Heinlein's more celebrated novels) to tech-savvy political thinkers. It is a fascinating take on sovereignty in a futuristic world.
Back when I was a summer intern at Sun in 1987, it was common knowledge among the engineers at Sun that NFS stood for "No File Security", and the rpc mount protocol would trust the client to tell the server its host name, which the server would look up in /etc/exports to decide how much to trust it.
So if you know that Scott McNealy's workstation's name was "doober" (which it was), and it gave permission to a server named "mama", then on any workstation you could type:
% hostname mama; mount doober:/usr /mnt; hostname `hostname`
And you'd have Scott McNealy's /usr file system mounted.
NFS used to be one of the most popular ways to break into machines on the 1990s Internet. Leendert van Doorn wrote a CLI for NFS that was modified with a bunch of different exploits and passed around among hackers. Everyone who attacked Unix systems in (say) 1995 had a copy of NFS shell.
I wrote one myself. Fun things: 'int getuid() { return 0; }' in the userland code was sufficient for authentication. And the mountd returned the root handle of the file system. When you presented that handle to nfsd it would happily serve you even when you are no longer in the exports table.
For those who aren't familiar with this, up until the mid-1990s or so, Sun let individual engineers name their own workstations. In fact many regarded this as a privilege. Each workstation ran its own copy of sendmail, so one's email address was login@hostname. People came up with all kinds of clever login/hostname combinations, such as what Don mentioned, eat@joes.
My all time favorite was Rich Burridge's, whose workstation was named "stard". Since his login was richb, his email address was...
Userid mapping is easy: Centrally manage the password file, so you don't need to map. Anything else is madness; hopefully you figure this out early, it is painful to fix later.
Too right. The madness arrives when you have to retrofit the mapping and people have used different uid numbers for the same user and different users have the same uid across machines.
I may be missing something, but what is the link between the DES chip and the message being triggered? Because the message shouldn't be triggered without doing the convoluted key combination, right?
I wonder if this trap street message, which was inserted in some code initializing a DES chip, was chosen because it was rumored that NSA had backdoored DES. The article doesn't mention it, but it would be quite a coincidental choice!
As far as I can tell, it was not inserted in code initializing a DES chip. It was shipped with the ROM monitor, and the DES chip, which would have been initialized by software (not boot ROM), was not even shipped.
The article is a little confusing but it looks like an email reply to multiple questions, the first one "Why this message" and the second one "Why the empty chip slot". (And the third one about a Sun-2 emulator, which also comes out of nowhere.)
The article explains that the message is a trap street; it says that Gilmore had read it and noted it years before and at he "plucked it" as the secret message.
I can't seem to find in the article the reason he plucked just that message, and why he stuffed it in the DEC routine.
Sun is a computer manufacturer, long a leader in the technical workstation and database markets. Many Web pages are served from a Sun server. Sun is now a multi-billion-dollar company; working there made me financially independent. It was acquired by Oracle in 2010. I was its fifth employee, and later a consultant. I handled architecture, design, implementation, and debugging of Sun Workstations. Wrote and maintained bootstrap and diagnostic ROMs for the Sun-1, Sun-2, and Sun-3. Debugged first prototypes of Sun-1 and Sun-2, working with the hardware designer. Worked on first bringup ever of Unix on Motorola 68010 and 68020. Designed and diagnosed the chip designs for the SPARCstation-1 and SPARCstation-2. Straddled the hardware and software camps to locate, explain, and solve design, implementation, and manufacturing problems. Pulled many chestnuts out of fires. Debugged Unix utilities, kernel, device drivers, and CAD software. Diagnostics. Documentation. Electronic mail maintenance, support, and enhancement. Performance and code generation improvement. General technical support. Network relations. Contributed to lively corporate culture.
He stopped by our offices last year on his way across the country and we took him out to lunch. He seemed genuinely thankful when I told him I'm an EFF supporter. Fun guy to talk to, and he's really into what the EFF is doing.
"Vinod Khosla, first President of Sun, came to me at one point and said to put something hidden, triggered in an unexpected way, into the ROM Monitor, so that if somebody cloned the Sun Workstation (violating our software’s copyright), we could do that unexpected thing to the competitor’s demo workstation at a trade show and thereby prove that they had cloned it."
"I had found that saying years
before on a hand-painted sign tacked up on a pole or tree in central Pennsylvania, wrote it into one of my notebooks at the time, and plucked it out as the hidden thing after Vinod asked."
If you hit L1-A to get into the boot monitor and typed the phrase "Love your country but never trust its government.", it would simply echo it back to you instead of printing an error.
There was definitely no DES software in the Sun boot ROMs, and the DES chips were optional and rarely used. If there was any DES software in the boot ROMs, it would have been illegal to ship Sun Workstations overseas, since DES software was officially considered an export controlled munition.
To address that problem, John funded and helped build Deep Crack [1], a hardware DES cracker, whose purpose was to prove that it was well within the capabilities of the NSA to crack DES (which they lied to deny), since EFF could do it for a few hundred thousands of dollars.
They published a book with the VHDL source code so you could build you own, which didn't include a floppy disk because that would have been considered a munition, so they printed the checksummed source code in the book along with software to reliably bootstrap scanning it in and validating it. (Like a software error correcting paper floppy disk, to get around the stupid export control laws.)
>In 1998, the EFF built Deep Crack for less than $250,000. In response to DES Challenge II-2, on July 15, 1998, Deep Crack decrypted a DES-encrypted message after only 56 hours of work, winning $10,000. This was the final blow to DES, against which there were already some published cryptanalytic attacks. The brute force attack showed that cracking DES was actually a very practical proposition. Most governments and large corporations could reasonably build a machine like Deep Crack.
>Six months later, in response to RSA Security's DES Challenge III, and in collaboration with distributed.net, the EFF used Deep Crack to decrypt another DES-encrypted message, winning another $10,000. This time, the operation took less than a day – 22 hours and 15 minutes. The decryption was completed on January 19, 1999. In October of that year, DES was reaffirmed as a federal standard, but this time the standard recommended Triple DES.
>The small key-space of DES, and relatively high computational costs of Triple DES resulted in its replacement by AES as a Federal standard, effective May 26, 2002.
John Gilmore {sun,pacbell,uunet,pyramid,amdahl}!hoptoad!gnu gnu@toad.com
Love your country but never trust its government.
-- from a hand-painted road sign in central Pennsylvania
This is all very interesting information on DES and John Gilmore.
But I was only wondering if choosing to put just that phrase in just that DES chip initialization code could have been a reference to the alleged backdooring of DES by NSA.
Most possibly an idle question, so please, move on!
No. John Gilmore does not, and did not at the time, think NSA had "backdoored" DES. He's one of the original "cypherpunks" from the 90s, and to anyone paying attention to cryptography in the 90s, the story behind NSA's involvement in DES is very well known:
NSA asked for (and got) a key strength reduction in DES and a set of mysterious changes to the algorithm's substitution tables ("s-boxes"). For a long time, there were murmurs that those unexplained s-box changes weakened DES so that NSA could cryptanalyze it.
It turned out, though, that the s-box changes strengthened DES against a class of attacks that NSA knew about and few others did: the s-box changes made it much harder to employ differential cryptanalysis against the cipher.
The key strength reduction obviously (especially in retrospect) wasn't a good thing, but by the 1990s any competent engineer could make a clear-eyed decision about the key strength they wanted, and, if DES's wasn't adequate for their application, could deploy either a different cipher, or Triple DES.
Or maybe it was just put there because a clone maker might change functionality but would be sure not to cast a glance at crypto-related code. Noone audits crypto code, right?
http://webcache.googleusercontent.com/search?q=cache:https:/...