obscuring passwords

150 views
Skip to first unread message

Joseph M. Newcomer

unread,
May 29, 1991, 12:44:19 PM5/29/91
to
When TSS/360 was first delivered, it was intended for IBM 2741s
(hardcopy half-duplex devices). When it asked you to log in it first
typed some gobbledegook (involving *, #, $, H, X and a few other
characters) for 8 character positions. It would send out 8 characters,
carriage return, 8 characters, etc.

We attached TTY33s to the system.

The TTY33 driver knew that a return needed to be changed to a CR/LF
sequence (on the 2741 the return code implicitly upspaced; the password
hacking was done by privileged code and could send out the special code
to do a bare CR, which was not the same as the application code).
However, the password code called the TTY33 driver at the normal entry
point, so for a few weeks we would get
********
########
XXXXXXXX
HHHHHHHH
_

where the _ indicates the place the user could type the password. This
was eventually replaced with code to handle the bare CR. Most of us
just flipped the FDX/HDX switch from its normal HDX setting to FDX to
type our passwords. However, the more naive users didn't and we had a
few cases of fraudulent usage.

It is truly amazing the cruft we tolerated. Half-duplex terminals!
Echh! (IBM was deeply commited at the time to half-duplex as it clearly
was a winner---you didn't need to interrupt the CPU for every character.
The original VAX VMS operating system from DEC made sure that putting
a terminal in "raw" mode or reading single characters without echo was a
PRIVILEGED I/O system call, and we were told, when we complained about
this obvious piece of stupidity, that it was a deliberate design
decision to kill off EMACS-style editors, which were not Politically
Correct inside DEC; it looked like a serious move to half-duplex to us!)

Mark Crispin

unread,
May 30, 1991, 12:40:15 AM5/30/91
to
In article <0cExdXW00...@andrew.cmu.edu> jn...@andrew.cmu.edu (Joseph M. Newcomer) writes:
> The original VAX VMS operating system from DEC made sure that putting
>a terminal in "raw" mode or reading single characters without echo was a
>PRIVILEGED I/O system call, and we were told, when we complained about
>this obvious piece of stupidity, that it was a deliberate design
>decision to kill off EMACS-style editors, which were not Politically
>Correct inside DEC; it looked like a serious move to half-duplex to us!)

This, and other cretinisms in VMS, virtually guaranteed that when the
PDP-10 was axed by DEC most of the orphaned TOPS-10 and TOPS-20
hackers moved to UNIX instead of VMS, DEC's "single architecture,
single operating system" `solution'.

When asked why VMS didn't have command or file completion, a VMS
operating system programmer told me that such facilities were
`inefficient' and he would personally see to it that it would never be
added to VMS. He seemed to be irrationally pleased at the thought of
TOPS-20 users being forced to do without some of their beloved
features. The BSD UNIX guys, on the other hand, just rose to the
challenge and implemented completion.

Adam J Felson

unread,
May 30, 1991, 1:39:18 AM5/30/91
to
>In article <0cExdXW00...@andrew.cmu.edu> jn...@andrew.cmu.edu (Joseph M.
Newcomer) writes:
>> The original VAX VMS operating system from DEC made sure that putting
>>a terminal in "raw" mode or reading single characters without echo was a
>>PRIVILEGED I/O system call, and we were told, when we complained about
>>this obvious piece of stupidity, that it was a deliberate design
>>decision to kill off EMACS-style editors, which were not Politically
>>Correct inside DEC; it looked like a serious move to half-duplex to us!)
>

huh?? I've used VMS since vs. 2.5 and have used RSX vs 4.1... For no echo, I've
simply used
the io$_noecho mask when doing a $QIO system call. No priv. required.


__a__d__a__m__

Norman Diamond

unread,
May 30, 1991, 3:33:26 AM5/30/91
to

>When asked why VMS didn't have command or file completion, a VMS
>operating system programmer told me that such facilities were
>`inefficient' and he would personally see to it that it would never be
>added to VMS.

This seems a bit strange. Most of the features of the VMS operating system
seem to be a little bit more user-oriented than efficiency-oriented. The
designers weren't always imaginative enough, or were overly confident about
what they thought users would never want; but the system is not user-hostile.

It might be argued that C-shell aliases or DCL symbols make command
completion unnecessary; I have no opinion. I made a command procedure for
command line editing, and would have included filename completion if I had
thought of it. It was really very easy. However, the functionality of
Control-Y was diminished a little bit while using that procedure.
(I was not working for Digital then, either.)
--
Norman Diamond dia...@tkov50.enet.dec.com
If this were the company's opinion, I wouldn't be allowed to post it.
Permission is granted to feel this signature, but not to look at it.

Norman Diamond

unread,
May 30, 1991, 3:38:37 AM5/30/91
to

Yes, and I used VMS operating system version 2.0. However, Mr. Newcomer
wrote about version 1.0, so we really have to wait for an answer from
someone who used version 1.0.

Larry Campbell

unread,
May 30, 1991, 10:36:12 PM5/30/91
to
In article <1991May30.0...@tkou02.enet.dec.com> dia...@jit533.enet@tkou02.enet.dec.com (Norman Diamond) writes:
-In article <1991May30.0...@milton.u.washington.edu> m...@milton.u.washington.edu (Mark Crispin) writes:
-
->When asked why VMS didn't have command or file completion, a VMS
->operating system programmer told me that such facilities were
->`inefficient' and he would personally see to it that it would never be
->added to VMS.
-
-This seems a bit strange. Most of the features of the VMS operating system
-seem to be a little bit more user-oriented than efficiency-oriented. The
-designers weren't always imaginative enough, or were overly confident about
-what they thought users would never want; but the system is not user-hostile.

Strange, but true. I know the engineer Mark is talking about, and when I
was at DEC heard him express the same opinions. In fact, several desperate
hackers inside DEC *volunteered* to write command and filename completion
code for VMS -- one of them, Stan Rabinowitz, actually did go and write a
very nice package -- and the response from this particular engineer, who
unfortunately and inexplicably carried a lot of weight in VMS-land, was
essentially "that stuff will go into VMS over my dead body." This is not an
exaggeration -- he had a real emotional reaction to it.

I think it's probably not too inaccurate to say that one of the best things
that ever happened to VMS was this engineer's departure from DEC.
--
Larry Campbell The Boston Software Works, Inc., 120 Fulton Street
camp...@redsox.bsw.com Boston, Massachusetts 02109 (USA)

Lon Stowell

unread,
May 30, 1991, 3:23:30 PM5/30/91
to
>In article <1991May2...@maximo.enet.dec.com> a...@maximo.enet.dec.com (Adam J Felson) writes:
>>In article <0cExdXW00...@andrew.cmu.edu> jn...@andrew.cmu.edu (Joseph M.
>Newcomer) writes:
>>> The original VAX VMS operating system from DEC made sure that putting
>>>a terminal in "raw" mode or reading single characters without echo was a
>>>PRIVILEGED I/O system call, and we were told, when we complained about
>>>this obvious piece of stupidity, that it was a deliberate design
>>>decision to kill off EMACS-style editors, which were not Politically
>>>Correct inside DEC; it looked like a serious move to half-duplex to us!)

It might also have been done by someone actually PAYING for
network traffic charges. If you've ever gotten the bill for
the packet charges with a raw mode application you just might
be inclined to destroy a few programmers for lunch.

Same thing if you've ever attempted to use a raw mode
application over a VSAT network.....

mor...@ramblr.enet.dec.com

unread,
May 31, 1991, 5:16:44 PM5/31/91
to
In article <1991May31....@redsox.bsw.com>,
camp...@redsox.bsw.com (Larry Campbell) writes:

|>->When asked why VMS didn't have command or file completion, a VMS
|>->operating system programmer told me that such facilities were
|>->`inefficient' and he would personally see to it that it would never be
|>->added to VMS.
|>-
|>-This seems a bit strange. Most of the features of the VMS operating system
|>-seem to be a little bit more user-oriented than efficiency-oriented. The
|>-designers weren't always imaginative enough, or were overly confident about
|>-what they thought users would never want; but the system is not
|>user-hostile.
|>
|>Strange, but true. I know the engineer Mark is talking about, and
|>when I
|>was at DEC heard him express the same opinions. In fact, several
|>desperate
|>hackers inside DEC *volunteered* to write command and filename
|>completion

|>code for VMS ...

OK, I'll bite. What is "command and filename completion" and why would
I want it?

(Perhaps I know it by a different name)

-Mike

Ranjan Bagchi

unread,
May 31, 1991, 9:03:38 PM5/31/91
to
In article <1991May31.2...@engage.pko.dec.com> mor...@ramblr.enet.dec.com writes:
>|>
>|>Strange, but true. I know the engineer Mark is talking about, and
>|>when I
>|>was at DEC heard him express the same opinions. In fact, several
>|>desperate
>|>hackers inside DEC *volunteered* to write command and filename
>|>completion
>|>code for VMS ...
>
>OK, I'll bite. What is "command and filename completion" and why would
>I want it?
>
>(Perhaps I know it by a different name)
>
>-Mike


Every use emacs or tcsh? In the simplest example, you type enough
of a command or filename for it to uniquely identify the one you want, hit
TAB, and it finishes it up for you. Or you type less then enough, do a ^D, and
it gives you your options.

A godsend.

-rj
--
--------------------------------------------------------------------------------
Ranjan Bagchi - asleep...... | v,i,j,k,l,s,a[99];
bag...@eecs.umich.edu | main() {
------------------------------- for(scanf("%d",&s);*a-s;v=a[j*=v]-a[i],k=i<s,j+=(v=j<s&&(!k&&!!printf(2+"\n\n%c"-(!l<<!j)," #Q"[l^v?(l^j)&1:2])&&++l||a[i]<s&&v&&v-i+j&&v+i-j))&&!(l%=s),v||(i==j?a[i+=k]=0:++a[i])>=s*k&&++a[--i]) ;
} /* Osovlanski and Nissenbaum */
--------------------------------------------------------------------------------

Mark Crispin

unread,
Jun 2, 1991, 6:45:00 PM6/2/91
to
In article <1991May31.2...@engage.pko.dec.com> mor...@ramblr.enet.dec.com () writes:
>OK, I'll bite. What is "command and filename completion" and why would
>I want it?

Command and filename completion refers to the ability of being able to
type a truncated version of a command or file name and then type a
particular character to cause the `system' to fill in the remaining
characters. In the more sophisticated versions, if there is an
ambiguity the completion is to the point of ambiguity.

Consider the following directory:
% ls
monthly-progress-report-1990-nov
monthly-progress-report-1990-dec
monthly-progress-report-1991-jan-part-1
monthly-progress-report-1991-jan-part-2
monthly-progress-report-1991-feb
monthly-progress-report-1991-mar
report-distribution
%

You could display the fourth file in this list with:
% cat m$1$j$1
where `$' represents where you type the completion character. The
resulting command would display as:
% cat monthly-progress-report-1991-jan-part-1

ESC is a popular choice for the completion character. GNU EMACS is
the exception in that it uses TAB. Various other bells and whistles
to the overall concept of completion. exist. On TOPS-20, CTRL/F
completed an individual filename field; ? displayed the list of
matching files at that point. UNIX csh has the latter functionality
as CTRL/D (not to be confused with the CTRL/D to log you out). Even
MS-DOS has a program to install filename completion!!

Command completion is more or less an irrelevant concept on UNIX, as
you are very rarely talking to anything like a `command decoder'. On
systems which have command-rich command languages (albeit not
necessarily `rich command languages'!), command completion acts in an
analogous manner to file completion, and can be a lifesaver when
commands are long, complex strings.

One explanation I heard as to why DEC detested the idea of command
completion was that most DEC terminals after the VT-100 series are
crippled so that the ESC character is difficult or impossible to
enter. Reputedly, their terminal design engineers had a hissy fit
when they found that some of DEC's software was using characters like
ESC, CTRL/Q, and CTRL/S. This was also rumored to be behind DEC's
enmity towards TECO.

This sounds rather more plausible, actually, than the irrational
excuse of `inefficiency' made by the VMS developer I talked to.

DEC may be having a change of heart; completion has finally made its
way into ULTRIX. Anyway, our 4.1 system has it. Of course, at this
point towards the end of ULTRIX's lifetime DEC may no longer care
about such religious issues...

-- DoD#105

Anthony J Stieber

unread,
Jun 3, 1991, 2:52:54 PM6/3/91
to

>Command completion is more or less an irrelevant concept on UNIX, as
>you are very rarely talking to anything like a `command decoder'. On
>systems which have command-rich command languages (albeit not
>necessarily `rich command languages'!), command completion acts in an
>analogous manner to file completion, and can be a lifesaver when
>commands are long, complex strings.

tcsh (modified csh) does have command completion, but, as you say it's
not that useful. Most unix commands are short, and are easy to make
even shorter with aliases. Sometimes I remember to use it for commands
like "uncompressdir", which is about the longest standard unix
command. On the other hand, command completion is extremely useful for
GNU Emacs, which also uses spacebar as well as tab. Another feature is
command option completion. This isn't useful for the mostly short unix
command options, but is for the long command options (ala Multics) that
the FSF is putting in its unix command suite.

Being forced to use MS-DOS, I've found several file name completion
programs, and many unix like commnads. It makes MS-DOS just bearable.
--
<-:(= Anthony Stieber ant...@csd4.csd.uwm.edu uwm!uwmcsd4!anthony

hoskinsa

unread,
Jun 3, 1991, 7:46:43 AM6/3/91
to

[stuff deleted about command completion being kept out of VMS]

Why is this necessary with VMS? Commands can be abbreviated.

Just wondering...

Asher (hosk...@prl.philips.co.uk)

Adrian J Ho

unread,
Jun 3, 1991, 6:31:14 PM6/3/91
to
In article <12...@uwm.edu> ant...@convex.csd.uwm.edu (Anthony J Stieber) writes:
>Being forced to use MS-DOS, I've found several file name completion
>programs, and many unix like commnads. It makes MS-DOS just bearable.

Agreed. When I began a 3-month internship two summers ago, I found
that it only took a year of Unix for me to hate MS-DOS with surprising
viciousness (my colleagues were shocked when mild-mannered me sat down
at my company-assigned AT, typed for 2 minutes and started hissing and
spitting at the screen 8-).

My first (self-imposed) task was to grab the SunOS csh(1) man page and
re-engineer an MS-DOS version from scratch. Finished aliases,
filename completion, shell variables and history substitution before
my boss forced me to get back to serious work. (Oh, and of course I
tried to "cure" my back/slash schizophrenia by substituting all
slashes internally with backslashes, except those that were already
preceded by a backslash. That had its own problems, of course. 8-)

Pulled out all the manual C optimization stops I knew then, but could
only get filename completion to work acceptably fast on an AT -- all
bets were off on an XT. The rest of the stuff worked fine on any of
the PC family. Made for a decent (if large) overlay for the dreaded
COMMAND.COM, and I was happy so long as I didn't have to shell out
from BRIEF. 8-)

I still have the source code on disk back in Singapore, and I'll post
it someday if (a) anyone's interested, and (b) I still have net.access
when I return home. (I also have the code on paper -- it's currently
the only resident of a box labelled "Junk". 8-)

Come to think of it, I'll have to work with PCs again when I go back
home. MOMMY!!!! 8-)

Is there anyone else out there who was ... er ... courageous/stupid
enough to re-write csh? 8-)

--
-----------------------------------------------------------------------------
Adrian Ho, EECS (pronounced "eeks!") Dept. Phone: (415) 642-5563
UC Berkeley adri...@barkley.berkeley.edu

Harry Herman

unread,
Jun 3, 1991, 6:25:59 PM6/3/91
to

>In article <1991May31.2...@engage.pko.dec.com> mor...@ramblr.enet.dec.com () writes:
>>OK, I'll bite. What is "command and filename completion" and why would
>>I want it?

>Command and filename completion refers to the ability of being able to
>type a truncated version of a command or file name and then type a
>particular character to cause the `system' to fill in the remaining
>characters. In the more sophisticated versions, if there is an
>ambiguity the completion is to the point of ambiguity.

[rest deleted]

>-- DoD#105

The only home computer I owned was a Heathkit H-8, back around 1980. The
system included some programs (the text editor for sure, and I think
one or two others) that used FORCED command completion. As soon as you
typed in enough letters to make the command unique, it typed the rest of
the command name for you and, and if you were dumb enough to want to
complete the command name, it took what you typed as the start of the
next field of the command.

Harry Herman
herman@corpane

Paul Wexelblat

unread,
Jun 3, 1991, 3:36:50 PM6/3/91
to

As added information re: the filename/command completion (actually
it was called 'recognition') capability as it existed at DEC, the TOPS-20
feature was, in fact, inherited as part of TENEX from the folks
at BBN. TOPS-10 had no recognition capability. DEC did not remove
the feature from TENEX when it was renamed TOPS-20. ((the only real change
was to replace the code for the snazzy BBN pager with code to support
the DEC "equivalent".))

...Wex

Norman Diamond

unread,
Jun 3, 1991, 10:28:51 PM6/3/91
to

>[stuff deleted about command completion being kept out of VMS]
>Why is this necessary with VMS? Commands can be abbreviated.

I (and others) already pointed this out. However, filenames generally
cannot be abbreviated. When I worked for a Digital customer a few years
ago and wrote a .COM file to do command history and editing (before the
OS had it), I also would have put in filename completion if I'd ever heard
of it or thought of it before then.

Francis Stracke

unread,
Jun 4, 1991, 4:33:23 PM6/4/91
to

My first (self-imposed) task was to grab the SunOS csh(1) man page and
re-engineer an MS-DOS version from scratch. Finished aliases,
filename completion, shell variables and history substitution before
my boss forced me to get back to serious work. (Oh, and of course I
tried to "cure" my back/slash schizophrenia by substituting all
slashes internally with backslashes, except those that were already
preceded by a backslash. That had its own problems, of course. 8-)

I've heard there's an undocumented internal flag in Mess-Dos that
tells the system to switch to / instead of \ (and - instead of / for
options).

--
/============================================================================\
| Francis Stracke | My opinions are my own. I don't steal them.|
| Department of Mathematics |=============================================|
| University of Chicago | Welcome to the Real World. Enjoy the |
| fra...@zaphod.uchicago.edu | show. |
\============================================================================/

DJ Delorie

unread,
Jun 4, 1991, 4:33:19 PM6/4/91
to
In article <FRANCIS.91...@daisy.uchicago.edu>, fra...@daisy.uchicago.edu (Francis Stracke) writes:
> I've heard there's an undocumented internal flag in Mess-Dos that
> tells the system to switch to / instead of \ (and - instead of / for
> options).

Except that none of the utilities obey the internal flag anymore.
MS-DOS accepts file names with / in them - it's the utilties that
parse the / as a switch (like DIR /P \BIN).

DJ
d...@ctron.com

Larry Campbell

unread,
Jun 4, 1991, 9:42:59 PM6/4/91
to
In article <1991Jun03....@corpane.uucp> her...@corpane.uucp (Harry Herman) writes:
-The only home computer I owned was a Heathkit H-8, back around 1980. The
-system included some programs (the text editor for sure, and I think
-one or two others) that used FORCED command completion. As soon as you
-typed in enough letters to make the command unique, it typed the rest of
-the command name for you and, and if you were dumb enough to want to
-complete the command name, it took what you typed as the start of the
-next field of the command.

An early version of an email user agent I used way back when had this
"feature". Imagine my horror when I rapidly typed:

prompt> da<return>
prompt> ex<return>

intending to issue the commands "daytime" (show current time of day) and
then "exit", when what to my wondering eyes should appear, but:

prompt> delete all
prompt> exit
Expunging deleted messages... done.

Aarggh! Twelve years later, the memory still stings...

Raymond Chen

unread,
Jun 4, 1991, 11:52:24 PM6/4/91
to
In article <BAGCHI.91M...@zip.eecs.umich.edu>, bagchi@eecs (Ranjan Bagchi) writes:
> A godsend.

Also a security risk. Create a file with embedded newlines in its
name and watch the fireworks!

Lars Poulsen

unread,
Jun 4, 1991, 5:12:56 PM6/4/91
to
>I still have the source code on disk back in Singapore, and I'll post
>it someday if (a) anyone's interested, and (b) I still have net.access
>when I return home.

This would be immensely useful to people who occasionally get forced to
use ATT System V. I have a hard time without CSH.
--
/ Lars Poulsen, SMTS Software Engineer
CMC Rockwell la...@CMC.COM

Harry Herman

unread,
Jun 4, 1991, 5:56:17 PM6/4/91
to


>[stuff deleted about command completion being kept out of VMS]

>Why is this necessary with VMS? Commands can be abbreviated.

>Just wondering...

> Asher (hosk...@prl.philips.co.uk)

Commands can be abbreviated, but file names cannot. So, while command
completion may not be required, I would certainly welcome file name
completion.


Harry herman
herman@corpane

Luke Mewburn

unread,
Jun 5, 1991, 2:42:45 AM6/5/91
to
ray...@math.berkeley.edu (Raymond Chen) writes:

>In article <BAGCHI.91M...@zip.eecs.umich.edu>, bagchi@eecs (Ranjan Bagchi) writes:
>> A godsend.

[refering to filename completion...]

>Also a security risk. Create a file with embedded newlines in its
>name and watch the fireworks!

I know that tcsh I am running on an A/UX box handles this
gracefully. Any char that is not a 'normal' character (inc. space, and
quotes, etc. Ie, stuff which is not 32-127 ascii, and stuff that is
32-127 ascii but used by the shell), is escaped by a '\'
So the file:"HE HE" expands to "HE\ HE".
I find this is very good...
--
____________________________________________________________________________
| | |
| Luke Mewburn (Zak) | This side for lease... |
| s90...@minyos.xx.rmit.oz.au | (No disclaimer, can't afford it:-) |

Mike

unread,
Jun 5, 1991, 7:03:40 AM6/5/91
to
her...@corpane.uucp:
>
>hosk...@prlhp1.prl.philips.co.uk:

>
>>[stuff deleted about command completion being kept out of VMS]
>>
>>Why is this necessary with VMS? Commands can be abbreviated.
>>
>>Just wondering...
>
>Commands can be abbreviated, but file names cannot. So, while command
>completion may not be required, I would certainly welcome file name
>completion.

What about logicals? As in "define some-symbol file-name" ?

Speaking of completions, I seem to recall hearing from an old
housemate (hello, Brian, I know you're out there) about a system
which idiotically added completion to passwords, thereby allowing
someone to break into someone else's account with at most 26 (well,
I don't know what char system was used -- say 128) tries!

Anyone know what system this was?

Ciao,
Mike, who is too young to remember this stuff first-hand

--
Mike Zraly ``Times are bad. Children no longer
mzr...@ldbvax.dnet.lotus.com obey their parents, and everyone is
or c/o seao...@athena.mit.edu writing a book.'' -- Cicero

Alan Krantz

unread,
Jun 5, 1991, 12:59:04 PM6/5/91
to

Huh??? I've run csh on many system V system - the last one - I think
was a 3b2 or something like that. The major problem I have is that
system 5.X (I'm not sure what X was) didn't support job control...


One thing I wish they would add to bsd is the ability to "attach/detach" a job.
I guess when I get 4.4 I will try adding something like that... Hopefully it
won't be too difficult...

Paul Wexelblat

unread,
Jun 5, 1991, 11:53:15 AM6/5/91
to
Response to why command completion (actually called recognition) is
necessary on VMS since abbreviation available:

On TENEX (TOPS-20) the completions would produce a readable typescript
with all command names and file names represented in full. This was/is
nice if a script or somesuch is wanted (other folks may not know your
peculiar abbreviations (no slur intended)).

...Wex

Garrett Wollman

unread,
Jun 4, 1991, 9:33:58 PM6/4/91
to
In article <12...@uwm.edu> ant...@convex.csd.uwm.edu (Anthony J Stieber) writes:
>tcsh (modified csh) does have command completion, but, as you say it's
>not that useful. Most unix commands are short, and are easy to make
>even shorter with aliases. Sometimes I remember to use it for commands
>like "uncompressdir", which is about the longest standard unix
>command.

All of the GNU programs based on libreadline.a (now there's a folklore
topic... why do all Unix system libraries match lib[^.]+.a? Why not
just [^.]+.a?) use Tab (and M-Tab?) for completion, and M-? for "list
options"; this is all pretty much consistent with Emacs. At one point
in time, BASH (the GNU shell) would even complete partial host names
(after an @ sign) by looking in hosts.txt! I find it very useful.

> On the other hand, command completion is extremely useful for
>GNU Emacs, which also uses spacebar as well as tab. Another feature is
>command option completion. This isn't useful for the mostly short unix
>command options, but is for the long command options (ala Multics) that
>the FSF is putting in its unix command suite.
>

But why complete the long options when you can just abbreviate them?
[Answer: because you want to know if the abbreviation you just used
was the one you wanted...]

Command completion is sometimes useful. I rarely ever use the actual
completer for commands, but I use the "list options" key more often,
since sometimes it's easier to do, say, messM-? than to forget what
you were doing and do a 'find `echo $PATH | tr ':' ' '` -name 'mess*'
-print' and then proceed as before. Similarly, when you're in the
middle of typing a long command, it is sometimes very useful to be
able to list the files in the current directory (for example), rather
than wiping the whole line, doing an ls (which I alias to 'ls -CF' but
that's another story), and then trying to remember the command that I
wanted to apply to the file that I have now found.

When I released my version of 4.3-reno FTP hacked with Readline and
History support, many people wanted to know when I was going to add
completion for remote file names (the answer was never, because of
protocol complexities and the need to parse the command line being
entered to figure out where the file name should be completed, not to
mention the need for OS independence)...

-GAWollman

PS: See wuarchive.wustl.edu:~pub/ftp.rline.tar.Z. Known to work on
this Encore MultiMax (running Umax 4.3) and somebody else's Suns.

Garrett A. Wollman - wol...@emily.uvm.edu

Disclaimer: I'm not even sure this represents *my* opinion, never
mind UVM's, EMBA's, EMBA-CF's, or indeed anyone else's.

Warner Losh

unread,
Jun 6, 1991, 1:54:50 AM6/6/91
to

In addition, on TOPS-20 you could hit a key (say ?) and you would be
given a list of what was valid at that point. So, if you were in
VMS-land and typed"DIRE /?" it would give you a list of all the valid
switches (along with how to use each one (eg /OUTPUT=filename)).
Also, there were noise words:
@ dir<ESC>
became
@ dirECTORY (of directory)
so you'd have a clue as to what is going ON. VMS kinda sorts, but not
really has a similar sort of thing (type SORT sometime and watch it
prompt for input file and output file (if memory servers).

So, it IS needed on VMS. I really HATED to see it not there. After
all, with all the DCLTABLES in memory, the parser should have had
enough information to do almost everything (except the noise words).

Warner
--
Warner Losh i...@Solbourne.COM
Free to a good home: 10,000 Miller Moths. Must promise not to breed them.

b...@ecl.psu.edu

unread,
Jun 6, 1991, 1:27:26 AM6/6/91
to

Closely associated with command completion is the "?" to list all
the possibilities. This could be valid command names, qualifiers, or
parameter type (like the VMS prompt if parameter is ommitted), it tells
you whatever is appropriate for the current location in the command.

This gives you the capabilities of a menu driven system. Might save a lot
of time by eliminating trivial uses of HELP. For instance, I just typed:

$ backup [...] $tape1:ss/rew/dens=6250/block=32000/

and it suddenly occurs to me I forgot the name of the qualifier to specify
tape expiration date. I might be reluctant to type ^U and HELP BACKUP.
Just typing a ? and getting a full list of qualifiers would be neat.
Of course, it wouldn't help much on UNIX, where it'd generally just
list all the letters of the alphabet (in upper and lower case).
Yes, I know, UNIX commands are so short they're easy to retype.

Norman Diamond

unread,
Jun 6, 1991, 3:45:37 AM6/6/91
to
In article <1991Jun5.0...@uvm.edu> wol...@emily.uvm.edu (Garrett Wollman) writes:

>[...] (now there's a folklore topic... why do all Unix system libraries
>match lib[^.]+.a? Why not just [^.]+.a?) [...]

Because theoretically you can make other kinds of archives (*.a) besides
just libraries. Don't know the last times anyone actually did so, though.
Also, /lib tends to contain other stuff besides libraries -- I guess "they"
didn't want to put the passes of the C compiler in /bin because then people
might execute individual passes of the compiler when they didn't mean to.
However, it's hard to imagine what other *.a files might be in /lib (and
even /usr/lib) besides libraries. So maybe it's a good question after all.

Jeremy J. Epstein

unread,
Jun 6, 1991, 1:01:26 PM6/6/91
to
In article <1991Jun6.0...@tkou02.enet.dec.com>, dia...@jit533.swstokyo.dec.com (Norman Diamond) writes:
> In article <1991Jun5.0...@uvm.edu> wol...@emily.uvm.edu (Garrett Wollman) writes:
>
> >[...] (now there's a folklore topic... why do all Unix system libraries
> >match lib[^.]+.a? Why not just [^.]+.a?) [...]
>
> Because theoretically you can make other kinds of archives (*.a) besides
> just libraries. Don't know the last times anyone actually did so, though.

In at least one Version 7 system the plotting library source (libplot.a,
lib4014.a, etc.) was kept in .a files. The makefile unarchived the source
from the .a files, compiled it, and then removed the .c files. I have no
idea why this was done, but since I had to debug this crap I know it's true!
--
Jeremy Epstein
TRW Systems Division
703-876-8776
jje%vir...@uunet.uu.net

Rich Alderson

unread,
Jun 6, 1991, 9:38:14 PM6/6/91
to
In article <1991May31....@redsox.bsw.com>, campbell@redsox (Larry Campbell) writes:
>Strange, but true. I know the engineer Mark is talking about, and when I
>was at DEC heard him express the same opinions. In fact, several desperate
>hackers inside DEC *volunteered* to write command and filename completion
>code for VMS -- one of them, Stan Rabinowitz, actually did go and write a
>very nice package -- and the response from this particular engineer, who
>unfortunately and inexplicably carried a lot of weight in VMS-land, was
>essentially "that stuff will go into VMS over my dead body." This is not an
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>exaggeration -- he had a real emotional reaction to it.

What, were there too many witnesses to take him up on the challenge? :-)
--
Rich Alderson 'I wish life was not so short,' he thought. 'Languages take
Tops-20 Mgr. such a time, and so do all the things one wants to know about.'
AIR, Stanford --J. R. R. Tolkien,
alde...@alderson.stanford.edu _The Lost Road_

Harry Herman

unread,
Jun 6, 1991, 6:24:46 PM6/6/91
to

>her...@corpane.uucp:
>>
>>hosk...@prlhp1.prl.philips.co.uk:
>>
>>>[stuff deleted about command completion being kept out of VMS]
>>>
>>>Why is this necessary with VMS? Commands can be abbreviated.
>>>
>>>Just wondering...
>>
>>Commands can be abbreviated, but file names cannot. So, while command
>>completion may not be required, I would certainly welcome file name
>>completion.

>What about logicals? As in "define some-symbol file-name" ?

^^^^^^^^^
Notice you STILL have to type the file name in at least once. With
name completion, you would only have to type the first few characters
here, and it would complete the name here so you would not have to type
the full name even then. I use logicals a lot, but would not mind having
file name completion. Also helps eliminate spelling errors when typing
in 39_character.39_character files names (for the masochists out there
that REALLY like long file names) :-).


>Speaking of completions, I seem to recall hearing from an old
>housemate (hello, Brian, I know you're out there) about a system
>which idiotically added completion to passwords, thereby allowing
>someone to break into someone else's account with at most 26 (well,
>I don't know what char system was used -- say 128) tries!

>Anyone know what system this was?

Can't say as I have ever heard about this, but it would have been fun
in college :-)

>Ciao,
> Mike, who is too young to remember this stuff first-hand

>--
>Mike Zraly ``Times are bad. Children no longer
>mzr...@ldbvax.dnet.lotus.com obey their parents, and everyone is
>or c/o seao...@athena.mit.edu writing a book.'' -- Cicero

Harry Herman
herman@corpane

Don Stokes

unread,
Jun 7, 1991, 6:34:26 PM6/7/91
to
b...@ecl.psu.edu writes:

> This gives you the capabilities of a menu driven system. Might save a lot
> of time by eliminating trivial uses of HELP. For instance, I just typed:
>
> $ backup [...] $tape1:ss/rew/dens=6250/block=32000/
>
> and it suddenly occurs to me I forgot the name of the qualifier to specify
> tape expiration date. I might be reluctant to type ^U and HELP BACKUP.
> Just typing a ? and getting a full list of qualifiers would be neat.

Ummmm.... the usual approach to this problem (since V4.0) is to hit the
backspace key (or Ctrl/H or F12 on the LK-$%&*@!-201), stick a pling in
front of the command, press return and then HELP BACKUP. Then recall
the command and continue. You're a little screwed if the command has
gone onto a second (or more) line (*when* are they going to fix that???)
-- one approach is to type something invalid so that the command
interpreter chucks it out (*nice* having the CLI chuck out syntax errors
without invoking the image) ...

Don Stokes, ZL2TNM / / d...@zl2tnm.gp.co.nz (home)
Systems Programmer /GP/ GP PRINT LIMITED Wellington, d...@gp.co.nz (work)
__________________/ / ---------------- New_Zealand__________________________

Anthony J Stieber

unread,
Jun 6, 1991, 11:31:54 PM6/6/91
to

Check out "screen" available on prep.ai.mit.edu:~ftp/pub/gnu/screen-2.1.tar.Z

It does multiple full screen VT100 emulators even on terminals that
don't do VT100 emulation. It also does screen dumps to files and
detaching a process, that you can attach to an another login.


--
<-:(= Anthony Stieber ant...@csd4.csd.uwm.edu uwm!uwmcsd4!anthony

Psion Mailing List
subscriber submissions psion ----------\
the (human) moderator psion-owner -------+--@csd4.csd.uwm.edu
subscriptions and file requests psion-request ----/

Alan Krantz

unread,
Jun 7, 1991, 12:37:46 PM6/7/91
to
In article <12...@uwm.edu> ant...@convex.csd.uwm.edu (Anthony J Stieber) writes:
>In article <1991Jun5.1...@colorado.edu> a...@tigger.Colorado.EDU (Alan Krantz) writes:
>>In article <1991Jun4.2...@spectrum.CMC.COM> la...@spectrum.CMC.COM (Lars Poulsen) writes:
>
>>One thing I wish they would add to bsd is the ability to "attach/detach" a job.
>>I guess when I get 4.4 I will try adding something like that... Hopefully it
>>won't be too difficult...
>
>Check out "screen" available on prep.ai.mit.edu:~ftp/pub/gnu/screen-2.1.tar.Z
>
>It does multiple full screen VT100 emulators even on terminals that
>don't do VT100 emulation. It also does screen dumps to files and
>detaching a process, that you can attach to an another login.

This is a different issue from attach/dettach. The attach/dettach
situation occurs when a ethernet or phone line connection goes down
but the computer stays up. Then instead of a sig-hangup killing your
job it would be nice to regain tty control... I know this doesn't
happen a lot in some situtations but it happens often enough to me that
it would be nice - and no I'm not about to add a checkpoint procedure to
every program I write (perform a checkpoint on a sig-hangup). I've used
screens before - and prefer using plain job control or windows (I have
access to xterminals and workstations) over using screen...


------------------------------------------------------------------
| Mail: 2985 E Aurora Email: a...@boulder.colorado.edu|
| Apt 215 South Vmail: Home: (303) 449-5455 |
| Boulder, Co 80303 Office: (303) 492-8115 |
------------------------------------------------------------------

Ralf....@b.gp.cs.cmu.edu

unread,
Jun 8, 1991, 10:04:21 AM6/8/91
to
In article <1991Jun7.1...@colorado.edu>, a...@tigger.Colorado.EDU (Alan Krantz) wrote:
}In article <12...@uwm.edu> ant...@convex.csd.uwm.edu (Anthony J Stieber) writes:
}>In article <1991Jun5.1...@colorado.edu> a...@tigger.Colorado.EDU (Alan Krantz) writes:
}>>One thing I wish they would add to bsd is the ability to "attach/detach" a job.
}>
}>Check out "screen" available on prep.ai.mit.edu:~ftp/pub/gnu/screen-2.1.tar.Z
}
}This is a different issue from attach/dettach. The attach/dettach
}situation occurs when a ethernet or phone line connection goes down
}but the computer stays up. Then instead of a sig-hangup killing your
}job it would be nice to regain tty control... I know this doesn't
}happen a lot in some situtations but it happens often enough to me that
}it would be nice - and no I'm not about to add a checkpoint procedure to
}every program I write (perform a checkpoint on a sig-hangup). I've used

CMU has had detachable ptys in Mach since very early on (at least as far
back as fall 1986). And yes, it is useful to be able to disconnect and
later come right back to where you were (though it can be a bit of a
problem if you are on a different type of terminal when you come back
:-).

--
{backbone}!cs.cmu.edu!ralf ARPA: RA...@CS.CMU.EDU FIDO: Ralf Brown 1:129/53
BITnet: RALF%CS.CMU.EDU@CARNEGIE AT&Tnet: (412)268-3053 (school) FAX: ask
DISCLAIMER? Did | It isn't what we don't know that gives us trouble, it's
I claim something?| what we know that ain't so. --Will Rogers

Harry Herman

unread,
Jun 8, 1991, 8:02:06 AM6/8/91
to

>In article <12...@uwm.edu> ant...@convex.csd.uwm.edu (Anthony J Stieber) writes:
>>In article <1991Jun5.1...@colorado.edu> a...@tigger.Colorado.EDU (Alan Krantz) writes:
>>>In article <1991Jun4.2...@spectrum.CMC.COM> la...@spectrum.CMC.COM (Lars Poulsen) writes:
>>
>>>One thing I wish they would add to bsd is the ability to "attach/detach" a job.
>>>I guess when I get 4.4 I will try adding something like that... Hopefully it
>>>won't be too difficult...
>>
>>Check out "screen" available on prep.ai.mit.edu:~ftp/pub/gnu/screen-2.1.tar.Z
>>
>>It does multiple full screen VT100 emulators even on terminals that
>>don't do VT100 emulation. It also does screen dumps to files and
>>detaching a process, that you can attach to an another login.

>This is a different issue from attach/dettach. The attach/dettach
>situation occurs when a ethernet or phone line connection goes down
>but the computer stays up. Then instead of a sig-hangup killing your
>job it would be nice to regain tty control... I know this doesn't
>happen a lot in some situtations but it happens often enough to me that
>it would be nice - and no I'm not about to add a checkpoint procedure to
>every program I write (perform a checkpoint on a sig-hangup). I've used
>screens before - and prefer using plain job control or windows (I have
>access to xterminals and workstations) over using screen...

Gee, this is a standard feature on DEC's VMS operating system. I use it
all the time. I dial in to work from home and do not disable call waiting
since I know that I can dial back into work within 15 minutes of being
hung up on and resume right where I left off. You have to log back in
to the same username and password, and then the login program looks and
sees one or more processes that were hung up on, and asks if you one to
re-connect to it (or one of the list), or if you want to create a new
process and leave the others hanging. Personally, I would hate to
switch to Unix if I was going to lose that feature. Lets me stay logged
in for hours from home reading news and working on stuff of personal
interest, and never lose a phone call. Too bad I can't afford an
extra phone line, but South Central Bell charges full price for a second
line (Illinois Bell gave a 50% discount), and when they asked why I
needed two phone lines, and I said for a modem, they wanted to charge
me for a business phone line instead of a residential line.

>
>------------------------------------------------------------------
>| Mail: 2985 E Aurora Email: a...@boulder.colorado.edu|
>| Apt 215 South Vmail: Home: (303) 449-5455 |
>| Boulder, Co 80303 Office: (303) 492-8115 |
>------------------------------------------------------------------

Harry Herman
herman@corpane

Anthony J Stieber

unread,
Jun 8, 1991, 3:05:01 PM6/8/91
to
In article <1991Jun7.1...@colorado.edu> a...@tigger.Colorado.EDU (Alan Krantz) writes:
>In article <12...@uwm.edu> ant...@convex.csd.uwm.edu (Anthony J Stieber) writes:
>>Check out "screen" available on prep.ai.mit.edu:~ftp/pub/gnu/screen-2.1.tar.Z

>This is a different issue from attach/dettach. The attach/dettach


>situation occurs when a ethernet or phone line connection goes down
>but the computer stays up. Then instead of a sig-hangup killing your

>job it would be nice to regain tty control [...]

Hmmm, well, this is exactly what "screen" allows me to do. Line noise
is a real problem for me at 2400bps, so I often get disconected. I
just call in again and type "screen -r" which reattaches me to the
screen started in another login. I've found this part of screen to be
it's most useful feature many other reasons as well. It's also
possible to explicitly disconnect from a screen, then go login
somewhere else, like a terminal nearby, or at home. It really cuts
down on the amount of time I need to login to my accounts, because
I'm already logged in. Just reconnect to already existing jobs.

Alan Krantz

unread,
Jun 8, 1991, 3:12:06 PM6/8/91
to
In article <1991Jun08.1...@corpane.uucp> her...@corpane.uucp (Harry Herman) writes:
>Gee, this is a standard feature on DEC's VMS operating system. I use it
>all the time. I dial in to work from home and do not disable call waiting

Yea - and it was a standard feature of TOPS-10 too. However, one feature
doesn't make an OS. I don't want to get into the VMS vs UNIX war - but
I will say I've used both and my personal preference is UNIX (BSD 4.3)
despite all of its problems.... And I'm sure (somewhere) there are those
who like VMS despite its problems...

Alan Krantz

unread,
Jun 8, 1991, 6:33:04 PM6/8/91
to
In article <12...@uwm.edu> ant...@convex.csd.uwm.edu (Anthony J Stieber) writes:
>
>>This is a different issue from attach/dettach. The attach/dettach
>>situation occurs when a ethernet or phone line connection goes down
>>but the computer stays up. Then instead of a sig-hangup killing your
>>job it would be nice to regain tty control [...]
>
>Hmmm, well, this is exactly what "screen" allows me to do. Line noise
>is a real problem for me at 2400bps, so I often get disconected. I
>just call in again and type "screen -r" which reattaches me to the
>screen started in another login. I've found this part of screen to be

Ok Ok. I took a quick look at the code and see that screen does more or
less what I was talking about. It looks a little bit like a hack - but
it does do the job.... Thanks for the pointer.

I still think it would be pretty easy to add a attach/dettach system
call to unix - though the described situtation doesn't happen that
often....

Steve Lamont

unread,
Jun 9, 1991, 12:30:38 PM6/9/91
to
In article <1991Jun7.1...@colorado.edu> a...@tigger.Colorado.EDU (Alan Krantz) writes:
>This is a different issue from attach/dettach. The attach/dettach
>situation occurs when a ethernet or phone line connection goes down
>but the computer stays up. Then instead of a sig-hangup killing your
>job it would be nice to regain tty control...

This was one of the (few?) endearing features of CTSS, the Cray Time Sharing
System, developed at the Lawrence Livermore National Labs and the National
Magnetic Fusion Energy Computer Center. You didn't so much log onto CTSS as
you "visited" it. All jobs ran essentially in the foreground, you started a
job and it just ran, whether you were logged on or not. You could run
multiple jobs by using something called "suffixes" which I won't go into
in this posting.

A really useful feature of CTSS was that all of the process context lived
within the confines of the job's core image itself and the system swapped your
job to something called a drop file, which lived in the file space alotted
to the user. This was essentially an executable file, so if the system crashed,
you could restart your job from more or less where it was executing without
having to muck about with checkpoint-restart nonsense. Checkpointing was
completely automatic. (There were actually a couple of minor pathological
gotchas that could prevent the job from being in a state where it could be
restarted, but they were fairly rare).

spl (the p stands for
put that in your
virtual memory Un*x
box and smoke it! :-) )--
Steve Lamont, SciViGuy -- (408) 646-2752 -- a guest at network.ucsd.edu --
NPS Confuser Center / Code 51 / Naval Postgraduate School / Monterey, CA 93943
"When people are programming virtual 5-D webs of glowing spidersilk by pure
thought power -- there will still be hackers." T.Neff in alt.folklore.computers

Bill Pechter

unread,
Jun 10, 1991, 12:54:14 PM6/10/91
to
In article <1991Jun08.1...@corpane.uucp> her...@corpane.uucp (Harry Herman) writes:
> info re: reattatching and deattaching ttys to processes deleted to
> save bandwidth

>
>Gee, this is a standard feature on DEC's VMS operating system. I use it
>all the time.
> Harry Herman
> herman@corpane

This feature didn't show up until (I think) VMS v4.2. The RSTS/E operating
system had this years before VMS did. It was one of the last things
that I saw when I worked at DEC. It's a very useful feature (especially
with bad phone lines).


--
Bill Pechter | "The postmaster always pings twice."
Pyramid Technology | bi...@pyrite.nj.pyramid.com
10 Woodbridge Center Drive | rutgers!pyrnj!pyrite!bill
Woodbridge, NJ 07095 (908)602-6308 | pyramid!pyrnj!pyrite!bill

Rick Kelly

unread,
Jun 7, 1991, 7:37:00 PM6/7/91
to
> My first (self-imposed) task was to grab the SunOS csh(1) man page and
> re-engineer an MS-DOS version from scratch. Finished aliases,
> filename completion, shell variables and history substitution before
> my boss forced me to get back to serious work. (Oh, and of course I
> tried to "cure" my back/slash schizophrenia by substituting all
> slashes internally with backslashes, except those that were already
> preceded by a backslash. That had its own problems, of course. 8-)
>
>I've heard there's an undocumented internal flag in Mess-Dos that
>tells the system to switch to / instead of \ (and - instead of / for
>options).

That worked up through MSDOS 3.3. In MSDOS 4.0 and beyond it ignores
the flag, although to allows you to set it.

When I have to use MSDOS, I use 3.1. I have a command called switchar that
switches things to / and - on boot. But a lot of commands have / as the
option switch embedded in the code.

Rick Kelly r...@rmkhome.UUCP frog!rmkhome!rmk r...@frog.UUCP

der Mouse

unread,
Jun 11, 1991, 1:22:11 AM6/11/91
to
In article <1991Jun5.0...@uvm.edu>, wol...@emily.uvm.edu (Garrett Wollman) writes:
> [W]hen you're in the middle of typing a long command, it is sometimes

> very useful to be able to list the files in the current directory
> (for example), rather than wiping the whole line, doing an ls
> ([...]), and then trying to remember the command that I wanted to

> apply to the file that I have now found.

Goodness, if we're discussing shells with filename show-match
features...don't all such shells remember the deleted stuff when you
wipe the whole line, so you can just yank it back later? (If not, I'd
call it a major failing....)

der Mouse

old: mcgill-vision!mouse
new: mo...@larry.mcrcim.mcgill.edu

der Mouse

unread,
Jun 11, 1991, 1:32:04 AM6/11/91
to
In article <1991Jun06.2...@corpane.uucp>, her...@corpane.uucp (Harry Herman) writes:
> [Filename completion] [a]lso helps eliminate spelling errors when

> typing in 39_character.39_character files names (for the masochists
> out there that REALLY like long file names) :-).

When moving files from one machine to another recently, I got a message
from tar I've never seen in real use before. (Real use as opposed to
testing to exercise that pathway in the code.) The message?

tar: ./netnews/larry-home/mouse/net-misc/KiloMonkeys/1989.Sep.22.10:03:58....@kolmogorov.physics.uiuc.edu: name too long for tar

I eventually put it on the tape under the name

./netnews/larry-home/mouse/net-misc/KiloMonkeys/198909221...@kolmogorov.physics.uiuc.edu

instead.

>> [A] system which idiotically added completion to passwords,

Yow!

Norman Diamond

unread,
Jun 11, 1991, 3:08:58 AM6/11/91
to
In article <1991Jun11.0...@thunder.mcrcim.mcgill.edu> mo...@thunder.mcrcim.mcgill.edu (der Mouse) writes:
>In article <1991Jun5.0...@uvm.edu>, wol...@emily.uvm.edu (Garrett Wollman) writes:
>>[W]hen you're in the middle of typing a long command, it is sometimes
>>very useful to be able to list the files in the current directory
>>(for example), rather than wiping the whole line, doing an ls
>>([...]), and then trying to remember the command that I wanted to
>>apply to the file that I have now found.

Yes. This is exactly what first taught me why window systems are useful.
(Just think of window systems as a rich slob's substitute for filename
completion :-)

>Goodness, if we're discussing shells with filename show-match
>features...don't all such shells remember the deleted stuff when you
>wipe the whole line, so you can just yank it back later? (If not, I'd
>call it a major failing....)

Well, sometimes the terminal driver doesn't pass the deleted line to
the shell's input stream. Do you really want to remove line editing
from the driver and put it into every application?

Larry Campbell

unread,
Jun 11, 1991, 10:57:14 PM6/11/91
to
Okay, folks, now for some Real Folklore (tm):

In article <1991Jun06.2...@corpane.uucp> her...@corpane.uucp (Harry Herman) writes:
-
->Speaking of completions, I seem to recall hearing from an old
->housemate (hello, Brian, I know you're out there) about a system
->which idiotically added completion to passwords, thereby allowing
->someone to break into someone else's account with at most 26 (well,
->I don't know what char system was used -- say 128) tries!

I never heard of such a system, but this sounds like it might be a slightly
garbled explanation of a Really Neat security bug in Tenex.

For you younger folks out there, Tenex was a nifty operating system written
by BBN for the DEC PDP-10 (with a BBN-built paging box addon). Tenex was
*much* nicer than DEC's operating system (called the PDP-10 Monitor back
then, and TOPS-10 later), as it had demand paging, a nice file system with
long file names and a hierarchical directory structure, a process tree
structure not unlike UNIX, and a nice command language with command and
filename completion. This was, oh, around 1969.

Tenex provided users with lots of control over the address space. You could
read all, and write some, of the hardware page access bits, to make pages
read-only, to create no-access guard pages (for stack limits), etc.

In Tenex, the system call roughly equivalent to chdir(2), called CNDIR I
think, could optionally take a password argument, which you would supply if
trying to connect to a directory that was password-protected against you.
If the password supplied was incorrect, the CNDIR would sensibly do a
three-second non-interruptible sleep before returning the "invalid password"
error, to prevent the obvious exhaustive attacks.

Now, the security bug worked like this. The clever programmer would set up
a CNDIR call to the targeted directory, and make the first byte of the
password string be the last byte on a page. He would then request that the
following page be made nonexistent, and then try the CNDIR. CNDIR would
fetch the first byte of the password supplied, and compare it against the
first byte of the actual password. (Passwords were not encrypted in
Tenex.) If they didn't match, the CNDIR would stop right there, do its
three-second wait, and report the error. If they did match, though, CNDIR
would fetch the next byte of the password.

Remember that the next byte is the first byte of a nonexistent page.
Attempting to fetch this byte would cause a page fault. The standard action
the kernel took for a "nonexistent page" fault was to create a new,
writeable page full of zeroes. So the CNDIR would fetch a null byte, this
would fail to match the second byte of the password, and a three-second
sleep followed by an error return would happen.

Now, in both cases, we've gotten an "invalid password" error return (unless
the password was only one byte long and we guessed right the first time).
But if the first byte matched, the page containing the second byte will no
longer be marked "nonexistent", since the kernel has just created a page
full of zeroes. If the first byte didn't match, the page will still be
marked nonexistent. A simple system call to retrieve the relevant page
status bits, and we now know whether the first character matched. Once we
get a match, we move the password string one byte back, so the second
character is the last byte on a page, and so forth.

Each try took three seconds, so to entertain the onlooker, the program would
print out each attempted password, once every three seconds, like this
(assuming the password is BABBLE):

A
B
BA
BAA
BAB
BABA
BABB
BABBA
BABBB
BABBC
BABBD
BABBE
BABBF
... etc.


THE LEGEND OF THE DISCOVERY OF THIS BUG AT XEROX PARC

Here comes the folklore part. Legend has it that this bug was discovered,
not on a PDP-10 at all, but on a PDP-10 clone built at Xerox PARC, which is
an interesting story in itself.

Around 1973 (I think) some researchers at Xerox PARC wanted to buy a PDP-10
to run Tenex. The problem was that, at the time, Xerox was in the computer
business and made a machine called the XDS-940 (originally the SDS-940,
built by Scientific Data System, which Xerox acquired); the XDS-940 was
comparable to and competitive with the PDP-10. So management nixed the
PDP-10 purchase.

Never ones to be daunted by managerial dicta, the PARC people decided to
build their own PDP-10. And they did. They built a machine, called the
MAXC, that was a PDP-10 with BBN paging, and I believe it was both smaller
and faster than the real DEC equivalent. Getting Tenex for it was no
problem, because Tenex's development had been funded by ARPA (now DARPA),
and so was in the public domain.

And one day, someone discovered this nifty security bug on the MAXC. The
bug also existed on a true-blue Tenex system, as well as in the early
internal versions of TOPS-20, DEC's enhanced version of Tenex, which is
where I saw it demonstrated. DEC did fix the bug before version 1.0 of
TOPS-20 was shipped, but I don't know when -- if ever -- Tenex got the fix.
--
Larry Campbell The Boston Software Works, Inc., 120 Fulton Street
camp...@redsox.bsw.com Boston, Massachusetts 02109 (USA)

Gerard K. Newman

unread,
Jun 12, 1991, 7:53:14 PM6/12/91
to
The discussion of the (probably fictitious) system which had command-completion on
passwords, it reminded me of a bug in an early version of RSX-11M (circa V3.0)
wherein the ^R character (retype current line) would actually echo what was
read in during a no-echo read (as one would do, for instance, to collect a
password).

--
gkn Gerard K. Newman g...@sdsc.edu 619.534.5076
San Diego Supercomputer Center g...@sdsc.bitnet 619.534.5152 FAX
PO Box 85608 sdsc::gkn (27.1/span)
San Diego, CA 92186-9784 ucsd!gkn

Alan Krantz

unread,
Jun 13, 1991, 10:51:00 AM6/13/91
to
In article <35...@ucsd.Edu> g...@ucsd.Edu (Gerard K. Newman) writes:

>passwords, it reminded me of a bug in an early version of RSX-11M (circa V3.0)
>wherein the ^R character (retype current line) would actually echo what was

Why is this a bug? I know of several systems that would do this...

Rich Alderson

unread,
Jun 13, 1991, 3:12:07 PM6/13/91
to
In article <35...@ucsd.Edu>, gkn@ucsd (Gerard K. Newman) writes:
>The discussion of the (probably fictitious) system which had command-
>completion on passwords,

Well, no one else has stepped up to say which system it was, so I will.

As I understand it, TENEX was still a research tool when DEC licensed it from
BBN, and did not have passwords yet. DEC added them as one of the features of
Tops-20 v1.0.

The usual command input routine was used to read the password, so escape
completion was there by default. Oops.

I don't remember whether the fix was called a patch level, or v2.0.

Passwords could contain only alphanumerics, $, _, and maybe dots, and had to
start with an alphanumeric. Thus 36 tries max.

I have been told this story by two independent sources. I don't know from
personal experience. But then, *that's* what makes it *folklore*!

Paul Wexelblat

unread,
Jun 13, 1991, 2:21:40 PM6/13/91
to

>The discussion of the (probably fictitious) system which had
command-completion on
>passwords, it reminded me of a bug in an early version of RSX-11M (circa V3.0)
>wherein the ^R character (retype current line) would actually echo what was
>read in during a no-echo read (as one would do, for instance, to collect a
>password).

TOPS-10 would not only do this, but it was not considered a bug.
If anyone actually typed their password and walked away from their
terminal prior to hitting Return, the ascii was still in the buffer for
another to type ^R for. The feeling was that only the account owner
would be at the terminal between typing the password and hitting Return, so the
typeout would be under that persons control, and would help in case of
fat-fingering

...Wex (former DEC SCNSER person)

Mark Crispin

unread,
Jun 13, 1991, 6:05:57 PM6/13/91
to
In article <1991Jun13....@leland.Stanford.EDU> alde...@Alderson.Stanford.EDU (Rich Alderson) writes:
>Well, no one else has stepped up to say which system it was, so I will.
>
>As I understand it, TENEX was still a research tool when DEC licensed it from
>BBN, and did not have passwords yet. DEC added them as one of the features of
>Tops-20 v1.0.
>
>The usual command input routine was used to read the password, so escape
>completion was there by default. Oops.
>
>I don't remember whether the fix was called a patch level, or v2.0.
>
>Passwords could contain only alphanumerics, $, _, and maybe dots, and had to
>start with an alphanumeric. Thus 36 tries max.
>
>I have been told this story by two independent sources. I don't know from
>personal experience. But then, *that's* what makes it *folklore*!

The above story is complete and utter fiction. Both Tenex and TOPS-20
have always had passwords. No released version of TOPS-20 ever had
this bug.

Someone else posted almost the true story. I will repeat it.

In versions of Tenex prior to 1.34 (and in versions of TOPS-20 prior
to 6.1), passwords were stored in plaintext in the directory. This
was `alright' because only a privileged system call could read that
data. System calls which checked passwords simply did a
case-independent compare of the given password with the actual
password. This compare failed as soon as a character mismatch
occurred.

The bug was that you could align the given password string so that it
was at the end of a page boundary, and have the next page in the
address space mapped to a non-existant page of a write-protected file.
Normally, Tenex would create a page when you tried to access a
non-existant page, but in this case it couldn't (since the file was
write-protected).

So, you did a password-checking system call (e.g. the system call
which tried to obtain owner access to another directory) set up in
this way and you would get one of two failures: Incorrect Password
meant that your prefix was wrong, Page Fault meant that your prefix
was right but that you need more characters.

This made a brute-force password hunt be an additive function (since
you can verify subsets) instead of a multiplicative function.

The fix was to copy the user's password into a buffer first and then
do the compare, instead of comparing with the user's password from the
user's address space.

Later on, when encrypted passwords came about, this was all rewritten.

Bob Clements

unread,
Jun 14, 1991, 12:53:03 PM6/14/91
to
Hi, Larry,

In article <1991Jun12....@redsox.bsw.com> camp...@redsox.bsw.com (Larry Campbell) writes:
>Okay, folks, now for some Real Folklore (tm):
[...The great TENEX page-boundary password bug...]

A couple additions:
> ... (Passwords were not encrypted in Tenex.) ...

Encrypted passwords were added to TENEX very shortly after this
incident. Unfortunately, DEC had already started their offshoot
on the way to TOPS-20, so - even though we gave them the new code - they
had plaintext passwords in TOPS-20 when it was released a while later.

>And one day, someone discovered this nifty security bug on the MAXC. The
>bug also existed on a true-blue Tenex system, as well as in the early
>internal versions of TOPS-20, DEC's enhanced version of Tenex, which is
>where I saw it demonstrated. DEC did fix the bug before version 1.0 of
>TOPS-20 was shipped, but I don't know when -- if ever -- Tenex got the fix.

I must admit I never heard that this was discovered at PARC. I
know who first brought the bug to our attention in the TENEX
development group (Alan Bell), and I have always been under the
impression that he discovered it at BBN. We, including Alan,
worked closely with PARC in those days, on InterLISP among other
things, so I guess it could have been found at either end of the
Arpanet.

And it was fixed in the source code and the BBN systems within
about two minutes of being reported, and the bug fix went out
to the other TENEX sites on the net about two minutes after that.

(The quick fix was to always reference the first and eighth word
of the test password block, so the page would always be created.
For those who don't know, the number "eight" comes from the
fact that all user names, passwords, filenames, filename extensions
and the like are up to 39 characters long on TENEX, or 40 characters
with the terminating NULL, and there are of course five ASCII [7-bit]
characters in a 36-bit word.)

>--
>Larry Campbell The Boston Software Works, Inc., 120 Fulton Street
>camp...@redsox.bsw.com Boston, Massachusetts 02109 (USA)


Bob Clements, K1BC, clem...@bbn.com

Erkki Ruohtula

unread,
Jun 19, 1991, 1:01:43 PM6/19/91
to
In article <64...@bbn.BBN.COM> clem...@bbn.com (Bob Clements) writes:
...

For those who don't know, the number "eight" comes from the
fact that all user names, passwords, filenames, filename extensions
and the like are up to 39 characters long on TENEX, or 40 characters
with the terminating NULL, and there are of course five ASCII [7-bit]
characters in a 36-bit word.)

Ah, that must be where the VAX/VMS 39-chars.39-chars filename limits must
originally derive from! I had been wondering about this.

Or maybe someone intimate with the history of VMS has the true explanation?

--
Erkki Ruohtula / Nokia Telecommunications
e...@tele.nokia.fi / P.O. Box 33 SF-02601 Espoo, Finland
Disclaimer: These are my private opinions and do not represent the position
of Nokia Telecommunications.

Anthony A. Datri

unread,
Jun 19, 1991, 3:53:24 PM6/19/91
to
>Ah, that must be where the VAX/VMS 39-chars.39-chars filename limits must
>originally derive from! I had been wondering about this.

Perhaps. Back before VMS 3.6 or so, though, filenames were 9.3. We shall
not speak here of the horrors that Eunice did on such a machine to use
UNIX filenames 8^).

--


Fly to the sky on GI-GI____________ and shout to
da...@convex.com

Bill Pechter

unread,
Jun 19, 1991, 9:17:21 PM6/19/91
to
In article <ERU.91Ju...@tnso04.tele.nokia.fi> e...@tnso04.tele.nokia.fi (Erkki Ruohtula) writes:
>Ah, that must be where the VAX/VMS 39-chars.39-chars filename limits must
>originally derive from! I had been wondering about this.
>
>Or maybe someone intimate with the history of VMS has the true explanation?

39 Character.39 Character filenames didn't happen until at least V3.x...

I think it was still 8char.3char exten. when v2.0 came out. Must've been
a file system change along with the clustered multiple root entry stuff
in v3 to set up for the Vax Cluster.

Anyone remember @db0gen (use minimum.par) booting!

Long live the old mcr sye command.

Bill

Nolan Hinshaw

unread,
Jun 21, 1991, 6:48:43 PM6/21/91
to
e...@tnso04.tele.nokia.fi (Erkki Ruohtula) writes:


>Ah, that must be where the VAX/VMS 39-chars.39-chars filename limits must
>originally derive from! I had been wondering about this.

>Or maybe someone intimate with the history of VMS has the true explanation?


The VMS filename convention, according to the VMS docs, now
conforms with ANSII conventions. Remember, I said that it's
according to VMS docs, like release notes and the like.
--
Nolan Hinshaw Internet: no...@twg.com
The Wollongong Group Dingalingnet: (415)962-7197
Piobairi Uillean, San Francisco
Is mise mo drumadoir eile fein!

der Mouse

unread,
Jun 22, 1991, 7:15:22 AM6/22/91
to
In article <5...@pyrite.nj.pyramid.com>, bi...@pyrite.nj.pyramid.com (Bill Pechter) writes:
> In article <ERU.91Ju...@tnso04.tele.nokia.fi> e...@tnso04.tele.nokia.fi (Erkki Ruohtula) writes:
>> Ah, that must be where the VAX/VMS 39-chars.39-chars filename limits
>> must originally derive from! I had been wondering about this.
> 39 Character.39 Character filenames didn't happen until at least
> V3.x...

If so, 'twas only for x > 7. The latest VMS I used extensively was
3.7, and it still had 9.3, not 39.39, filenames. (I think it was 9.3.
I'm sure it was N.3 for N >=9 and < about 20....) I *think* 3.7 was
the last 3.x VMS; my basis for thinking so is that I seem to recall
that we had a 4.0 that we never upgraded to, though the memory is
rather hazy - this was several years ago.

Harry Herman

unread,
Jun 22, 1991, 2:07:17 PM6/22/91
to

>In article <ERU.91Ju...@tnso04.tele.nokia.fi> e...@tnso04.tele.nokia.fi (Erkki Ruohtula) writes:
>>Ah, that must be where the VAX/VMS 39-chars.39-chars filename limits must
>>originally derive from! I had been wondering about this.
>>
>>Or maybe someone intimate with the history of VMS has the true explanation?

>39 Character.39 Character filenames didn't happen until at least V3.x...

>I think it was still 8char.3char exten. when v2.0 came out. Must've been
>a file system change along with the clustered multiple root entry stuff
>in v3 to set up for the Vax Cluster.

I would assume that that VMS used 9.3, not 8.3, since VMS was based on
RSX-11 from the PDP-11s, and RSX used 9.3. File names on RSX were stored
encoded in a format called RAD50 that only used A-Z, 0-9 and a couple of
other characters to make up a 40(10) (or 50(8) and PDPs used base 8).
Since there were fewer characters, DEC packed three characters into each
16-bit word, instead of two characters. That is why the PDP operating
systems used file names that were multiples of three characters.

When wildcard lookups were added, the file processor (or the user program
if it was bypassing the file processor) had to expand the RAD50 file
name from the file header back to ASCII and then do the wildcard lookup.
Of course, since VMS now uses ASCII character file names, the unpacking
is no longer required.

>Long live the old mcr sye command.

What was SYE? It does not ring a bell with me.

>Bill

>--
>Bill Pechter | "The postmaster always pings twice."
>Pyramid Technology | bi...@pyrite.nj.pyramid.com
>10 Woodbridge Center Drive | rutgers!pyrnj!pyrite!bill
>Woodbridge, NJ 07095 (908)602-6308 | pyramid!pyrnj!pyrite!bill


Harry Herman
herman@corpane

Reply all
Reply to author
Forward
0 new messages