Given my ongoing research (if you can call it such) into the 70’s era of computing for a thing? This caught my interest.
Students hijacking admin privileges on a system? And it not basically immediately leading to ‘you have been expelled from this institute and criminal charges pressed for tampering with campus property and records tampering.’
This is straight up baffling to me.
A good lesson in cultural difference and cultural shifts! RMS always was a little bit extreme in his values, but that’s why he started GNU and it’s why we know him. For myself, in the 80s, in the UK, at university and indeed at work, people could and would do things which today and especially in the US might result in severe consequences, but would not have done then and there. At work I used the rhosts mechanism to get root on some Sun workstations (in the 90s, in the UK) outside of my department - I had root within - and when discovered it shocked and appalled our sysadmin, in part because he thought I must have been much more devious and competent than I’d actually needed to be. There were no consequences, that I recall. (I think I was seeking better Usenet access - hardly a good justification.)
Here’s the text in question, in the core-utils documentation (there’s a recent HN discussion here):
Why GNU
sudoes not support the `wheel’ group(This section is by Richard Stallman.)
Sometimes a few of the users try to hold total power over all the rest. For example, in 1984, a few users at the MIT AI lab decided to seize power by changing the operator password on the Twenex system and keeping it secret from everyone else. (I was able to thwart this coup and give power back to the users by patching the kernel, but I wouldn’t know how to do that in Unix.)
However, occasionally the rulers do tell someone. Under the usual
sumechanism, once someone learns the root password who sympathizes with the ordinary users, he or she can tell the rest. The “wheel group” feature would make this impossible, and thus cement the power of the rulers.I’m on the side of the masses, not that of the rulers. If you are used to supporting the bosses and sysadmins in whatever they do, you might find this idea strange at first.
Edit: in the UK, a new law in 1990 specifically laid out some computer related offences, it having been found that laws against theft and criminal damage did not cover the territory.
Things were indeed different in the old days. An example of how things were before the Web and Google, we had search engines called Archie and Veronica that listed files available via public FTP servers. I was interested in the Logo programming language so did a search to see if anyone had anything related to “logo”. There were a few, but they were buried in a ton of “logout” files. Even worse, most of them were publicly writable and were for users on .mil machines. I didn’t bother looking to see if their “login” scripts were equally open, but even if not you can see how easy it would have been for anyone on the Internet to take over these accounts.
I was at the MIT AI Lab during Richard “RMS” Stallman’s transition from “everyone should have root access” to his early days of GNU. The main difference between then and now, I think, is that the relatively small community of nerds at companies, governments, and universities were rarely malicious (and maybe that the internet was still relatively new). There was nothing remotely like the present day ransomware attacks. But then came Robert Morris Jr.’s 1988 “internet worm,” which was viewed by many of us as the white-hat stunt that it was, even though: yes, it did do a noticeable amount of damage as IT staffers far and wide tried to clean up the mess. And yes, Morris was convicted of a felony. But it’s worth noting that he was sentenced only to four months probation plus community service and a fine. Before that tipping point, being caught with the root password alone would not get you expelled. And the FBI was only just gearing up to fight cyber crime beyond more isolated white-collar theft. Only in the late 1990s, did I start hearing about foreign actors “pounding at the doors” of MIT servers, much to the annoyance of our own IT staff. The rest is history.
It is worth highlighting the cultural spirit of the clever, mischievous, but innocuous “hack” at MIT, back in the 1970s. One of my favorite stories was about the “call elevator” feature of MIT Lisp machines, some of the very first “personal computers,” long before IBM ventured beyond mainframes. Late one night, a small team of brilliant “ninjas” inserted a carefully disguised, extra wire into the elevator controller above the 9th floor machine room at Tech Square. Thereafter, pressing two keystrokes on your workstation was all you needed to summon an elevator, which which appeared with perfect timing, just as you walked into the elevator lobby.
Now THAT is really damned clever.
Given that the IBM 5100 “portable” APL/Basic computer predates the MIT Lisp Machines I don’t think you are being entirely fair to IBM.
That’s a fair “call out.” Especially as IBM most certainly sold more 5100s than the number wire-wrapped MIT Lisp Machines that ever existed. I think that number was about 50.
IBM actually claims “the first personal computer” for the 610 Auto-Point, a small, directly programmable vacuum tube computer from 1957.
Edit: Am I just incapable of finding it, or has IBM really purged the entire history section from their web appearance without any traces left?
Here’s the copy from archive_org: https://www.ibm.com/ibm/history/exhibits/vintage/vintage_4506VV4001.html
They were actually somewhat more moderate about that claim:
Some historians have called it “BM’s first personal computer” – perhaps because, in part, it was known as the Personal Automatic Calculator while in development.
Missed this thread earlier. Yes, those days were different… in the 1990s while in the university, working for the computing center, I could get UNIX accounts in other universities just by nicely asking, sort of sysadmin camaraderie.
One could argue that I somewhat later then misused that by grabbing copies of the weakly encrypted password files and brute-forcing many of the passwords.
But I didn’t use the found passwords for gaining more access, I just let the other admins know about the weaknesses. So I guess I was doing some sort of tiger teaming, unasked. These days one would probably be in serious legal trouble.
[thinking] I think I did talk with my manager before embarking on the cracking.