Chapter 3 & 4

The computer center where Cliff is working at, was nestled between three particle accelerators - the cyclotron, the Bevatron, and the Hilac, each of which had some historical significance for scientific discoveries. Even though they were obsolete due to advanced ones in other places, physicists and grad students still used them. Cliff says that their network was open in comparison to the Livermore lab, which was closed to the outside world since they did classified research. Cliff could dial in from home if an issue happened.

I was surprised to read that he could dial into the network from his home, even in the late 80s. I think the ability to work remotely did contribute a lot to the accelerated advancement of software systems in the past couple of decades.

The next morning, Cliff talks about the hacker to Dave who thinks about his philosophy of running an open system and trusting the users so that he could devote his time to building software instead of ‘building locks’. They mention this to Marv, Cliff’s new boss and Roy, the division head. Roy asks them for proof. They were initially thinking of just disabling the hacker’s account and sending him an email, but decide to not do it to get proof.

Dave’s comment about using his time to build software rather than build locks reminded me of SWE sentiments (especially junior folks) on using their time to build software rather than writing tests. Dave’s approach resulted in a security breach. Lack of proper testing almost always leads to tech debt, unstable/unmaintainable systems, and major production outages.

Cliff sets out to monitor all the users logging into their network. He writes a program to beep his terminal when someone connected to the Unix computer, and he could see their names. He could recognize some of them, but many were strangers, and he was wondering how he could identify who the hacker was. Luckily, the next day afternoon, he sees Sventek logging in. He figures out that it was from port tt23 and goes to the hardware lab to find out the physical port where the connection came from. He looks at the logs and finds out that the connection could have come from a dial-up modem using telephone lines running at 1,200 baud.

1200 baud = 120 characters per second ≈ 1.2 kbps (kilobits per second). In comparison, today’s ordinary home computers with cable internet could have 1 Gbps (1,000,000 kbps) speed. That is so incredibly remarkable when you think of it. It is mindboggling to think of the amount of data that is crisscrossing across the world due to this increase in data transfer speed.

While Cliff is trying to find out how to monitor the activity of the hacker, he wonders if it is ethical or not. He asks his girlfriend Martha, who is a law student. She says since the person is breaking in, it should be ok. He initially thinks of modifying the Unix daemon, but Dave says it could be risky, and the hacker might also notice the change. He decides to hook up a printer to each of the connections coming in by taking in monitors and printers from different people in the room. By morning, he notices 80 feet of printout of someone’s activity in the night. Stoll finds that the hacker had used the system for three hours through a Tymnet connection. He figures out how the hacker could have done it.

Every five minutes, the Unix system executes its own program named atrun. In turn, atrun schedules other jobs and does routine housecleaning tasks. It runs in a privileged mode, with the full power and trust of the operating system behind it. Were a bogus atrun program substituted, it would be executed within five minutes, with full system privileges.

Stoll, Clifford. The Cuckoo’s Egg.

Stoll says the hacker had exploited a vulnerability in the Gnu-Emacs editor, which enabled him to move a file to protected systems area and execute atrun program. He likens this to a cuckoo laying its egg in another bird's nest. Once inside, the hacker was reading emails, exploring the lab’s network, and accessing other connected computers, all the while constantly checking for system changes to look for signs of whether he was being monitored. Stoll realizes that he needs to be more subtle in his monitoring.

—

The other thought that crossed my mind was about Livermore Laboratory’s need to create their own operating systems and tools. Even today, many large tech companies do this; they build proprietary software instead of relying on open-source or widely used solutions. Luckily, many tech companies open-source their tools, thereby benefiting the industry. I think in the long run, building bespoke solutions for custom needs, either for oneself or to cater to a major customer, mostly results in tech debt, onboarding challenges for new people, a lack of marketable skills for existing people and an overall cost increase. Custom tools could be ahead of time during that time but eventually could lag behind open-source versions.