If whoever wrote this wants to add an authentic terminal front-end, I wrote a VT420 hardware emulator that works in the browser and we can wire them together!
Exploiting this is close to trivial because the adjacent buffer contains the pw entry. So, you can control what the input is compared with.
That way the password check can be bypassed without injecting code.
The crypt() of the input, not the input itself, but guessing at the (PDP-11 assembly :/ ) code for crypt() a bit, it looks like it stops after 64 characters if it can’t find a null terminator before that, so
should work as an exploit, and indeed it does. (Arbitrary 64-character password, then 36 bytes to pad to the end of the 100-byte buffer, then the part of root’s /etc/passwd entry for said password until at least the second colon.)
> By using this service, you acknowledge that terminal sessions may be logged for educational and debugging purposes. No personal data is collected beyond your IP address.
Is this all open source and is the code available? So that we know where the data is truly going?
And even more to the point: this is a website. What is he afraid of this website doing that all the other websites don't already do? Why single this one out?
Yeah it’s unlikely that this site will collect any meaningful data and it’s unlikely that you lose any meaningful data by playing with a virtual unix from the 70ies.
Did they get a license from Novell for this or is this as illegal as many of the other emulator sites with copyrighted software on them? Considering the page doesn't mention it, I'm leaning towards it being copyright infringement.
This copy of Unix v4 came from AT&T and not one of the freely licensed ones Caldera released. Caldera may own the rights now for this unearthed copy, but I am not aware that they have provided licenses for this new release.
If your argument is that Caldera might not actually have the rights to UNIX in the first place to grant the license, that's fair.
But the license they provided (http://www.lemis.com/grog/UNIX/ancient-source-all.pdf) explicitly names versions 1, 2, 3, 4, 5, 6, and 7 of UNIX for the 16-bit PDP-11. Yes, these versions originated at AT&T (Bell Labs) but are distinct legally from SysIII and SysV UNIX, also from AT&T, which are explicitly not covered by the Caldera license.
>Redistributions of source code and documentation must retain the above copyright notice
The archived tape doesn't have this, which contradicts the license. This makes me think the license may only be referring to a set of source code that they released with this license text already applied as opposed to what was recently archived.
>Redistributions in binary form must reproduce the above copyright notice
I don't see the copyright notice on that page. So at the very least that may need to be added.
In the sense that the company I work for would be financially harmed if copyright infringement of software was freely allowed. I benefit from the ability of people being able to sell rights to use software.
It's one thing to digitize and archive ancient software, it's another thing to allow people to freely use it without acquiring the proper license for it.
The people who preserve vintage software typically respect boundaries in order to avoid cases where the copyright holder would be financially harmed. It is not a perfect guarantee, but it is a reasonable one.
Hardline stances usually cause more harm than good anyhow. I remember collecting Apple II gear in the late 1990's and early 2000's. The people saying that any form of copyright infringement was bad were either ignored or flamed since a lot of people just looked at their collection of software from the late 1970's and early 1980's and said, "we're at risk of losing this if we don't make it available, and the copyright holders won't lose anything if we do make it available." Which wasn't strictly true since there were some software developers who created software in the early 1990's who were still selling it. Unfortunately their absolutist attitude did not earn them many allies, so it became a lost cause.
https://mmastrac.github.io/blaze/
> By using this service, you acknowledge that terminal sessions may be logged for educational and debugging purposes. No personal data is collected beyond your IP address.
Is this all open source and is the code available? So that we know where the data is truly going?
Hard to trust it if it isn't fully OSS.
This is a cool demo though.
Clarification requested: How is ‘trust’ applicable to this site?
It's an emulated PDP-11, could you elaborate on the threat model here?
I get that companies are being gross about logging everything online, but come on. It's okay to have fun.
Who in their right mind is using this for anything other than curiosity's sake?
You aren’t getting downvoted enough.
Gotta stick the "This product includes software developed or owned by Caldera International, Inc." notice on it though.
But the license they provided (http://www.lemis.com/grog/UNIX/ancient-source-all.pdf) explicitly names versions 1, 2, 3, 4, 5, 6, and 7 of UNIX for the 16-bit PDP-11. Yes, these versions originated at AT&T (Bell Labs) but are distinct legally from SysIII and SysV UNIX, also from AT&T, which are explicitly not covered by the Caldera license.
>Redistributions of source code and documentation must retain the above copyright notice
The archived tape doesn't have this, which contradicts the license. This makes me think the license may only be referring to a set of source code that they released with this license text already applied as opposed to what was recently archived.
>Redistributions in binary form must reproduce the above copyright notice
I don't see the copyright notice on that page. So at the very least that may need to be added.
In the sense that the company I work for would be financially harmed if copyright infringement of software was freely allowed. I benefit from the ability of people being able to sell rights to use software.
It's one thing to digitize and archive ancient software, it's another thing to allow people to freely use it without acquiring the proper license for it.
Hardline stances usually cause more harm than good anyhow. I remember collecting Apple II gear in the late 1990's and early 2000's. The people saying that any form of copyright infringement was bad were either ignored or flamed since a lot of people just looked at their collection of software from the late 1970's and early 1980's and said, "we're at risk of losing this if we don't make it available, and the copyright holders won't lose anything if we do make it available." Which wasn't strictly true since there were some software developers who created software in the early 1990's who were still selling it. Unfortunately their absolutist attitude did not earn them many allies, so it became a lost cause.