|
|
 |
|
|
|
|
Harvard president Derek Bok commented: "They have an awful lot of clever people down there at MIT, and they did it again." President Paul E. Gray of MIT said: "There is absolutely no truth to the rumor that I had anything to do with it, but I wish there were." |
|
|
|
|
|
|
|
|
The hacks above are verifiable history; they can be proved to have happened. Many other classic-hack stories from MIT and elsewhere, though retold as history, have the characteristics of what Jan Brunvand has called 'urban folklore' (see FOAF). Perhaps the best known of these is the legend of the infamous trolley-car hack, an alleged incident in which engineering students are said to have welded a trolley car to its tracks with thermite. Numerous versions of this have been recorded from the 1940s to the present, most set at MIT but at least one very detailed version set at CMU. |
|
|
|
|
|
|
|
|
Brian Leibowitz has researched MIT hacks both real and mythical extensively; the interested reader is referred to his delightful pictorial compendium The Journal of the Institute for Hacks, Tomfoolery, and Pranks (MIT Museum, 1990; ISBN 0-917027-03-5). The Institute has a World Wide Web page at http://fishwrap.mit.edu/Hacks/Gallery.html. |
|
|
|
|
|
|
|
|
Finally, here is a story about one of the classic computer hacks. |
|
|
|
|
|
|
|
|
Back in the mid-1970s, several of the system support staff at Motorola discovered a relatively simple way to crack system security on the Xerox CP-V timesharing system. Through a simple programming strategy, it was possible for a user program to trick the system into running a portion of the program in 'master mode' (supervisor state), in which memory protection does not apply. The program could then poke a large value into its 'privilege level' byte (normally write-protected) and could then proceed to bypass all levels of security within the file-management system, patch the system monitor, and do numberous other interesting things. In short, the barn door was wide open. |
|
|
|
|
|
|
|
|
Motorola quite properly reported this problem to Xerox via an official 'level 1 SIDR' (a bug report with an intended urgency of 'needs to be fixed yesterday'). Because the text of each SIDR was entered into a database that could be viewed by quite a number of people, Motorola followed the approved procedure: they simply reported the problem as 'Security SIDR', and attached all of the necessary documentation, ways-to-reproduce, etc. |
|
|
|
|
|
|
|
|
The CP-V people at Xerox sat on their thumbs; they either didn't realize the severity of the problem, or didn't assign the nec- |
|
|
|
|
|