Hacker News new | past | comments | ask | show | jobs | submit login
Why the Sun 2 has a message “Love your country, but never trust its government” (nohats.ca)
266 points by longwave on Jan 25, 2016 | hide | past | favorite | 59 comments

HN hug of death, so cached version (text-only):


HN has a hug of death now? Man, this place is turning into reddit... ducks

When digging inside my Acorn Risc-PC I once found a message along the lines of "Help! We are being kept in a cellar and forced to write software!"... :-)

Okay, I checked on the details. The verbatim message was "Help! We're being held prisoner in a software factory!". Close enough! :)

The general form of this joke apparently goes back to at least the 1950s:


Hah, I didn't know about that story, but it certainly sounds plausible!

Is it similar to this easter egg? http://www.mackido.com/EasterEggs/BlueMeanies.html

That's good, it's more obviously a joke. Your original could almost be confused with a legitimate cry for help!

With regards to the copy protection aspect, it was a pretty common practice back in the day (perhaps even still is).

In the Macintosh Classic's ROM, there were debug sequences that not only would display pictures of the development team, but write the text "STOLEN FROM APPLE COMPUTER" to the screen. http://appletothecore.me/files/mac_se_easter_egg.php

That's in part because Apple was the canonical case of a company whose ROMS were stolen by cloners.

Oracle did something similar with the network protocol of its database driver. Not to prevent copying, but to prevent others from writing their own drivers: http://dacut.blogspot.de/2008/03/oracle-poetry.html

I doubt that it would work in practice. Sega tried similar thing (requiring games on Sega Genesis to print "PRODUCED BY OR UNDER LICENSE FROM SEGA ENTERPRISES LTD.") to block interoperability, and they lost a case against Accolade.

OK, is this for real ? Does everyone have to use the Oracle OCI library under the hood ?

Definitely real. I WTF'd the first time I read that poem out of a packet capture.

LEGO tried to do the same thing with their Mindstorms SDK.

If anyone was curious, this quote is credited to Robert A. Heinlein, a science fiction writer.

More and more it seems like trusting any large org structure is a fools errand.

> More and more

Same as always, rather.

Great quote.

I usually use wikiquote to verify attribution, but this one is not mentioned there. Is there any proof, or is this simply the most popular attribution? Sadly, most are simply popular, which has led me to be suspicious.

i strongly recommend The Moon is a Harsh Mistress (one of Heinlein's more celebrated novels) to tech-savvy political thinkers. It is a fascinating take on sovereignty in a futuristic world.

I had a fluke network tester that would put "elvis lives" in the padding of it's ping tests.

> NFS ran in plaintext and used the sender’s IP address for authentication

and it still does

It was much worse than that.

Back when I was a summer intern at Sun in 1987, it was common knowledge among the engineers at Sun that NFS stood for "No File Security", and the rpc mount protocol would trust the client to tell the server its host name, which the server would look up in /etc/exports to decide how much to trust it.

So if you know that Scott McNealy's workstation's name was "doober" (which it was), and it gave permission to a server named "mama", then on any workstation you could type:

% hostname mama; mount doober:/usr /mnt; hostname `hostname`

And you'd have Scott McNealy's /usr file system mounted.

This also worked over the internet!

NFS used to be one of the most popular ways to break into machines on the 1990s Internet. Leendert van Doorn wrote a CLI for NFS that was modified with a bunch of different exploits and passed around among hackers. Everyone who attacked Unix systems in (say) 1995 had a copy of NFS shell.

I wrote one myself. Fun things: 'int getuid() { return 0; }' in the userland code was sufficient for authentication. And the mountd returned the root handle of the file system. When you presented that handle to nfsd it would happily serve you even when you are no longer in the exports table.

NFS also hosted one of the first widely-exploited integer overflows (not for code exec, but for privilege escalation).

I thought "doober" was Wayne Rosing's machine.

(Not that this is of any consequence....) :-)

I grepped some old email, and you're right! My favorite email address from that time was eat@joes.

(WARNING: crusty Sun old-timer memories follow)

For those who aren't familiar with this, up until the mid-1990s or so, Sun let individual engineers name their own workstations. In fact many regarded this as a privilege. Each workstation ran its own copy of sendmail, so one's email address was login@hostname. People came up with all kinds of clever login/hostname combinations, such as what Don mentioned, eat@joes.

My all time favorite was Rich Burridge's, whose workstation was named "stard". Since his login was richb, his email address was...


Speaking of rich bastards, who could forget Rich Morin's "Canta Forda Computer Laboratory"? http://www.cfcl.com/

There are solutions though[1]

[1]: https://wiki.debian.org/NFS/Kerberos

Actually getting Kerberos+NFS to work is a huge pain, though. Then there's the consideration of userid mapping.

Userid mapping is easy: Centrally manage the password file, so you don't need to map. Anything else is madness; hopefully you figure this out early, it is painful to fix later.

Too right. The madness arrives when you have to retrofit the mapping and people have used different uid numbers for the same user and different users have the same uid across machines.

I may be missing something, but what is the link between the DES chip and the message being triggered? Because the message shouldn't be triggered without doing the convoluted key combination, right?

Gilmore's reply seems to be in the context of a thread that had discussed the DES chip.

It had nothing to do with the DES chip, which was optional. The phrase was in the Sun-2 boot ROMs, which John wrote.

Sun Microsystems Founders Panel - CHM [1].

[1]: https://youtu.be/dkmzb904tG0?t=1h38m29s

Isn't there a name for this? Poison pill? Logic bomb? Honey token?


Apple does something like this as well:


Ask NSA...

Nor its marketing industry.

I wonder if this trap street message, which was inserted in some code initializing a DES chip, was chosen because it was rumored that NSA had backdoored DES. The article doesn't mention it, but it would be quite a coincidental choice!

As far as I can tell, it was not inserted in code initializing a DES chip. It was shipped with the ROM monitor, and the DES chip, which would have been initialized by software (not boot ROM), was not even shipped.

The article is a little confusing but it looks like an email reply to multiple questions, the first one "Why this message" and the second one "Why the empty chip slot". (And the third one about a Sun-2 emulator, which also comes out of nowhere.)

The entire article explains what the string is doing there. You don't have to speculate.

The article explains that the message is a trap street; it says that Gilmore had read it and noted it years before and at he "plucked it" as the secret message.

I can't seem to find in the article the reason he plucked just that message, and why he stuffed it in the DEC routine.

Am I missing something?

Yes, the message is totally in keeping with John's character. "Contributed to lively corporate culture" is one way of putting it! ;)



Things I've Put A Lot of Energy Into

Sun Microsystems

Sun is a computer manufacturer, long a leader in the technical workstation and database markets. Many Web pages are served from a Sun server. Sun is now a multi-billion-dollar company; working there made me financially independent. It was acquired by Oracle in 2010. I was its fifth employee, and later a consultant. I handled architecture, design, implementation, and debugging of Sun Workstations. Wrote and maintained bootstrap and diagnostic ROMs for the Sun-1, Sun-2, and Sun-3. Debugged first prototypes of Sun-1 and Sun-2, working with the hardware designer. Worked on first bringup ever of Unix on Motorola 68010 and 68020. Designed and diagnosed the chip designs for the SPARCstation-1 and SPARCstation-2. Straddled the hardware and software camps to locate, explain, and solve design, implementation, and manufacturing problems. Pulled many chestnuts out of fires. Debugged Unix utilities, kernel, device drivers, and CAD software. Diagnostics. Documentation. Electronic mail maintenance, support, and enhancement. Performance and code generation improvement. General technical support. Network relations. Contributed to lively corporate culture.

John Gilmore's political views are well known. And the statement was likely chosen because he felt it was inline with his own beliefs:



Fifth employee at Sun, wrote the first version of what became DHCP, started the EFF. What an awesome life.

He stopped by our offices last year on his way across the country and we took him out to lunch. He seemed genuinely thankful when I told him I'm an EFF supporter. Fun guy to talk to, and he's really into what the EFF is doing.

It's DES. And yes.

"Vinod Khosla, first President of Sun, came to me at one point and said to put something hidden, triggered in an unexpected way, into the ROM Monitor, so that if somebody cloned the Sun Workstation (violating our software’s copyright), we could do that unexpected thing to the competitor’s demo workstation at a trade show and thereby prove that they had cloned it."

"I had found that saying years before on a hand-painted sign tacked up on a pole or tree in central Pennsylvania, wrote it into one of my notebooks at the time, and plucked it out as the hidden thing after Vinod asked."

Thanks for the spelling correction, very helpful.

By the way, I read your quote twice but I can't find any mention of NSA and DES backdoors.

If you hit L1-A to get into the boot monitor and typed the phrase "Love your country but never trust its government.", it would simply echo it back to you instead of printing an error.

There was definitely no DES software in the Sun boot ROMs, and the DES chips were optional and rarely used. If there was any DES software in the boot ROMs, it would have been illegal to ship Sun Workstations overseas, since DES software was officially considered an export controlled munition.

To address that problem, John funded and helped build Deep Crack [1], a hardware DES cracker, whose purpose was to prove that it was well within the capabilities of the NSA to crack DES (which they lied to deny), since EFF could do it for a few hundred thousands of dollars.

They published a book with the VHDL source code so you could build you own, which didn't include a floppy disk because that would have been considered a munition, so they printed the checksummed source code in the book along with software to reliably bootstrap scanning it in and validating it. (Like a software error correcting paper floppy disk, to get around the stupid export control laws.)

>In 1998, the EFF built Deep Crack for less than $250,000. In response to DES Challenge II-2, on July 15, 1998, Deep Crack decrypted a DES-encrypted message after only 56 hours of work, winning $10,000. This was the final blow to DES, against which there were already some published cryptanalytic attacks. The brute force attack showed that cracking DES was actually a very practical proposition. Most governments and large corporations could reasonably build a machine like Deep Crack.

>Six months later, in response to RSA Security's DES Challenge III, and in collaboration with distributed.net, the EFF used Deep Crack to decrypt another DES-encrypted message, winning another $10,000. This time, the operation took less than a day – 22 hours and 15 minutes. The decryption was completed on January 19, 1999. In October of that year, DES was reaffirmed as a federal standard, but this time the standard recommended Triple DES.

>The small key-space of DES, and relatively high computational costs of Triple DES resulted in its replacement by AES as a Federal standard, effective May 26, 2002.

[1] https://en.wikipedia.org/wiki/EFF_DES_cracker

    John Gilmore {sun,pacbell,uunet,pyramid,amdahl}!hoptoad!gnu    gnu@toad.com
    Love your country but never trust its government.
        -- from a hand-painted road sign in central Pennsylvania

OK, this whole thread has gone out of hand.

This is all very interesting information on DES and John Gilmore.

But I was only wondering if choosing to put just that phrase in just that DES chip initialization code could have been a reference to the alleged backdooring of DES by NSA.

Most possibly an idle question, so please, move on!

No. John Gilmore does not, and did not at the time, think NSA had "backdoored" DES. He's one of the original "cypherpunks" from the 90s, and to anyone paying attention to cryptography in the 90s, the story behind NSA's involvement in DES is very well known:

NSA asked for (and got) a key strength reduction in DES and a set of mysterious changes to the algorithm's substitution tables ("s-boxes"). For a long time, there were murmurs that those unexplained s-box changes weakened DES so that NSA could cryptanalyze it.

It turned out, though, that the s-box changes strengthened DES against a class of attacks that NSA knew about and few others did: the s-box changes made it much harder to employ differential cryptanalysis against the cipher.

The key strength reduction obviously (especially in retrospect) wasn't a good thing, but by the 1990s any competent engineer could make a clear-eyed decision about the key strength they wanted, and, if DES's wasn't adequate for their application, could deploy either a different cipher, or Triple DES.

Or maybe it was just put there because a clone maker might change functionality but would be sure not to cast a glance at crypto-related code. Noone audits crypto code, right?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact