Archive for the ‘Computers’ Category

Unix Magic

Wednesday, October 1st, 2014

The snow that began falling overnight is still coming down as dawn breaks. He makes the easy decision to wait a few hours before heading into work. The roads will be a mess and the kids will be staying home from school. He nods a grateful thanks that they still have power.

Having set the pot of coffee to brew in the kitchen, he sits at the desk in the den and boots the computer. Flipping the toggle switch to the second phone line, the one the company pays for, he listens impatiently to the modem dialing out. In a few moments he’s connected to the data center’s RAC server.

By the second login error message, he knows something is wrong. He tries a couple different servers, but already knows what he’s going to see. A sense of foreboding flashes through his mind and settles in his stomach.

“We’re having some comm problems,” the data center manager advises when he calls in on the first line. “Not sure when they’ll be fixed.”

He sends an email to his boss, telling him he’ll be a few hours late, and advising him of the remote access problems. A few minutes later he gets a terse “ok, see you when you get in.”

Around nine he heads out the door. The snow is still coming down, but only lightly. Taking a minute to lock the hubs on the 4-wheel-drive, he’s able to get down the quarter-mile-long driveway on the first attempt. Thankfully, there’s not much traffic and the main roads have been plowed. It only takes a little over an hour to get there. There aren’t many people in.

His boss is, though. He can tell instantly from the dark, worried look on his face that something is wrong. He doesn’t share what it is. “Just sit tight for awhile. Don’t log in to any of the systems. There are a couple folks who will be here shortly to discuss something.”

Walking to his desk, the earlier premonition that lay, untethered, in the pit of his stomach turns leaden. He’s pretty sure he knows what it is. His mind flashes through possibilities, outcomes. How he’ll have to play this. There are the binaries, of course, unintelligible without some pretty advanced decompiling and reverse engineering. There aren’t many people who can do that. And the source code is encrypted, sure. But he knows he’ll give the key. It could easily be brute-forced, anyway.

He thinks through the three different versions. How they might be interpreted.

And so it is. Towards noon the two-person Bell Labs security team from New Jersey arrives. A man and a woman. They are very polite, never once indicating irritation at having had to fly on such short notice and in such awful weather. Their interview with him, and the multi-page, handwritten affidavit, takes a couple hours. Midway through, he gives them the key.

“baseball.”

The programming is at a deeper level than they understand. Twice they pause to call a senior security colleague, a systems programmer, back in New Jersey. Opening the files in his lab, the senior security fellow corroborates what he tells them, what the programs do. The systems programmer confirms his explanations of the subtle differences between the three versions.

Towards the end, having finally convinced themselves that the twenty-odd computers managing the U.S. government’s primary communications network have not been fatally compromised, the security duo probes one last time into why he had done what he had done. Why he had written the programs that allowed him to become root, at will, on all those systems.

“Look at the timestamp of the binaries,” he said. “Those setuid executables have been sitting out there, on all those servers, for over a year.”

“What kind of competent data center would ever go that long and not discover that sort of thing?”

*

Prologue: a few years earlier, in May 1987, Borland released, to much anticipation, its first C compiler. He had never been, before or since, as excited about a technology product. He was fortunate in having a suite of Unix systems available at work, each with their own C compiler. But at home, on his own PC, he was reduced to building programs with Pascal, or the one emasculated version of C for which a compiler was in the public domain. He couldn’t afford the Microsoft or IBM C compilers.

With the newfound software in hand, he put aside the other languages he had been working with. Lisp, Prolog, Pascal, Basic and the rest no longer held any appeal. C did everything he wanted.

He didn’t fully appreciate it at the time. As the primary systems administrator manning the Unix systems at the underground, originally-designed-to-withstand-nuclear-attack facility – from which one of the U.S. government’s defense communications networks was run – he enjoyed significant discretion on how he managed those systems. On how he spent his time.

He spent hours studying Unix and C. The internals of the operating system fascinated him. And it was systems programming that most intrigued him. He loved peering into that murky, little-known area where hardware and operating system came together. There was a pristine elegance to how it all worked. And C was his flashlight.

Little wonder then, given his frequent need to become root to manage some task or other, and his intellectual deep dive into the bowels of the operating system, that he would identify a couple of interesting, obscure system calls. That he would end up creating a couple of tiny programs, binary executables that dispensed with having to know or type in the root password. That instantly gave him that privilege with just a couple of quick keystrokes.

*

Originally just an intellectual exercise, an exploration into how the operating system could be programmed, those programs quickly became a convenience. He used them many times, every day. He found being able to become root in a literal second – and just as quickly to dismiss the privilege – a delightful benefit.

Fast forward a couple years and he has been promoted and is working at a different facility, now on the U.S. government’s largest telecom network. Serious business. And work that he loves, supporting the application software that runs that network.

The only downside is that the folks who run the data center and manage the servers – a different group altogether – are only marginally competent. Depending upon who answers the phone, you might get what you need, or you might not.

It doesn’t take long. A few frustrating vignettes. A few failures to get what is needed. A few times where the urgency to fix some problem or address some issue just isn’t there.

He can fix this.

A couple of quick compiles to create the binaries. A tiny shell script, a simple wrapper which the data center staff don’t understand – a hint of the problem – but dutifully execute when he calls. Setuid. Done.

Only much later, after the security team has gone home and he’s been told not to come in the next day while they hold the big meeting to discuss what happened and whether he should be fired or not, does he hear all the details.

How through simple happenstance one of the System Administrators saw the odd program running the evening before. How the mystery of what the program did was amplified by the knowledge that it shouldn’t be there. How the initial concern turned to panic when they discovered the same program living on all the systems. How that fear quickly permeated to the highest levels of the company.

Deep down he knows, he knew from the beginning, that doing what he did was wrong. There was always a tiny edge of misgiving every time he typed those two simple letters. But in his wildest dreams he never imagined the furor the programs would come to cause.

He’ll take with him the lesson that just because something is well intentioned, is intended solely for good purposes, doesn’t make it the right thing to do. He’ll never again take for granted the interpretation of what he does.

He’ll be forever grateful to his boss. It was a close run thing and he made the difference.

Mostly, he is disappointed. Disappointed that people he worked with every day could be so wrong about character. That they would so quickly transmogrify their own failings into such righteous indignation. That they would urge so stridently to have him fired. There’s a lesson there, too.

He takes the high road, putting aside the disappointments, assimilating the lessons, and moving on. Except for the one thing. The one, quiet reproach he allows himself. The single, soft rejoinder. The vanity tag for his truck that comes a few weeks later.

UNIX MGC.

Blogging Software and WordPress

Sunday, May 17th, 2009

After installing WordPress 2.7.1 on my domain host a week ago my first thoughts about the software were… this is terrific! I was much impressed with the intuitive ease of the user interface, the instant ability to easily change its look and feel in the admin panel, and the overall “clean” sense that the software presented.

Software is never quite so simple, of course. It didn’t take me but a couple days to run into a couple of niggles. Like when I tried to post an image and found its aspect ratio badly corrupted on the blog (the image presented properly in the admin interface but was badly distorted when uploaded to the site). That led to several hours of trying different things and looking at the php code and doing searches on the wordpress.org forums.

You know, that general frustration that often comes with software which isn’t doing what you expect or need it to do. And which seems inconsistent with what it was doing just a day before.

I had a general sense of what the problem was – the default theme in WordPress presents a fixed width column for where content is displayed and the image I was trying to upload was wider than that. You can see this in both the landscape-format images I uploaded below – where the images extend far to the right of the center column. But the curious thing is that the first wider-than-the-fixed-column-width image I had uploaded a few days ago worked fine. It worked a few days ago, so why won’t it work now?

I eventually figured out how to make it work. Turns out you have to add an explicit caption to the image, at which point the the correct size of the image, and thus its aspect ratio, is maintained. If you don’t insert a caption it messes it up.

Not sure if that’s a bug or a feature – don’t know why a little piece of meta data like an image caption should matter. But it does.

That notwithstanding, after a week I remain mostly impressed with WordPress. I’m still early in the learning curve with this software and will be tweaking the look of this blog as I’m able to find time to explore it more.