15 Jul
2018
15 Jul
'18
6:02 p.m.
From: Keith Halewood
Sent: Sunday, July 15, 2018 10:02 AM
To: hecnet at Update.UU.SE
Subject: [HECnet] Thrashing about...
When (in university days) you share a vaxcluster with
at least 40 concurrents students EDTing then ALGOL68ing their programming assignments, it
was fun to write a kind of ?TELL <userid> message? which mailbox?d >a >message
to a central server which worked out if they were on the local node or somewhere else in
the cluster, passed the message along and then broadcast it to the target user?s logged in
terminal.
This reminds me of a time in the 80s, when a string overflow bug in the PHONE utility
allowed users to broadcast arbitrary strings to other people?s terminal sessions,
addressing them by username.
It became quite popular at MegaBig engineering company where I was working at the time,
for sending one line messages. Unfortunately, the broadcast was anonymous, and so
pranksters started using it to insult people, and broadcast insulting messages to the
managers and executives.
It only took a little while to find the string overflow and patch it. However, it had
become so popular by then for short messages, that I had to write a replacement utility
that didn?t have the mischief potential that the original did. I had reported it to DEC
but didn?t get much of a response. I dunno when they finally fixed it ? it was present at
least from VMS 5.4 through 6.1.
--
Lee K. Gleason N5ZMR
Control-G Consultants
lee.gleason at comcast.net