Article by Christy Ramsey

My college completely replaced its computer system. Gone were punch cards and the stacks of paper cascading through metal benches. Instead plastic globes embedded with shiny glass and keyboards drew me into their orbit and I spent years exploring the world of Digital Equipment Corporation and its PDP 11/70

The very name Digital Equipment Corporation (DEC) invited investigation.  Their computer systems were named, “PDP” which stood for Peripheral Data Processor, which is a description of a computer (as was “digital equipment”). But, bankers didn’t give loans to computer companies when DEC was starting up, so the computer makers at DEC got financing for Peripheral Data Processors by Digital Equipment Corporation instead. They gave the banks an Easter Egg with a computer company hidden inside.

DEC PDP 11/70 its operating system programs were written in BASIC. 101 BASIC Computer Games indeed! Sweet. Even better, the sysops were learning the new system along with the students. The race between who could explore and claim the uncharted system first was on! The crown of King of Computer Lab passed back and forth daily, sometimes hourly as new exploits were set free by student pioneers and then corralled by the settlers in the staff office.

PIP

DEC continued the word play by naming their system’s copy program PIP, Peripheral Interchange Program, (never say the c-word!) Lazy students discovered that instead of laboriously retyping a friend’s programming assignment printout into their own account, they could just PIP and Print! In minutes, the homework was at the printer with their own account number attached. More time for creative computing or fraternity fun. 

Sadly, the student copying was poorly hidden, having a dozen programs turned in with the same formatting and variable names soon tipped off the professors. One got the system administrators to remove student access to PIP. Back to typing from printouts while parties were rocking and unexplored computer vistas beckoned? NO! Remember: the operating system programs, including PIP, were written in BASIC. I could program in BASIC. So I started working on a BASIC program to copy files from one account to another.

I thought I was busted when a professor shoulder surfed my work. I tensed as he pointed to the heart of my copying code on the screen. He said “Good job. You need LINE INPUT instead of INPUT here”. Hackers help each other along the way. After applying his addition the code worked. I lowered the permissions so that anyone could execute it and PIP was back! His help was multiplied to help many tired typists.

I kept the name PIP to reduce the mental load for some of our easily confused computer using students (They often were coming from or going to football practice, we all have our strengths and weaknesses.) Keeping the name the same eased “customer support” requests but also attracted the attention of a system administrator. She burst into computer lab demanding, “WHO IS RUNNING PIP?!” I calmly turned to her and confessed, “I am. It’s my own copying program since the system PIP doesn’t work anymore.” As if I didn’t know why “it didn’t work anymore”. She glared at me. There was no rule about writing programs; that is what we were supposed to be learning. To break her stare, I offered a compromise: “I could change the name….” She left the room. In a couple of days, PIP access was quietly restored to students. Hackers fix what doesn’t work.

LIMITS

In the late seventies, computer storage space was expensive and therefore scarce. To encourage students to be thrifty yet allow them to work on large projects, storage limits were only checked and quotas enforced only when a user logged out. One could work with large data files and save temporary files while logged in at the computer terminal, but users the sign out process checked to make sure you were under your storage quota before logging off.

The Computer Club had wrangled a shared account for games which was constantly just below the quota limit. This meant the last person out of the account before the lab closed had to delete saved games or scratch files or even (horrors) game programs so the account could be logged off and locked. At closing time one night, I was dreading the shared club account cleaning, deleting files is not a hacker value, so I raced to get off the club shared account before a friend could close out, so I could stick her with the custodian job. Don’t judge me, she was doing the same, both of us smirking at each other as we knew without speaking the rules and the stakes of the contest.

Well, we thought we knew the stakes, we both logged off without clearing out the account! What? We were way over the limit. We left the closed lab swearing to each other we had not deleted files. The next day, before logging in, we did a directory of the account and confirmed we had closed the account while over quota. Could nearly simultaneous log outs defeat the quota check? The first college level Synchronized Keyboarding Team was born. Soon curious students wondered at our practice sessions: two students with their fingers hovering over RETURN (not ENTER back then) counting down before stabbing the key on GO! After practicing, any pair of us could log out over quota every time.

After betting the computer director we could sign off while over quota, we showed him what a little teamwork could do. He paid up and got DEC engineers to fly in and fix the bug. Due to our revelation, every DEC system in the nation was patched. No longer did PDPs simply check to see if any other users were logged in as part of the log out process. This method allowed two signing off users to “vouch” for each other concurrently. Instead, the system set a counter that tracked the number of users logged into an account, the log off decremented the counter, and the user who pulled it down to zero had to be under quota to log out. The supervisor sent a memo to every user telling them their over quota days were over. We didn’t mind, we didn’t need the space and it was rude to take scarce resources belonging to all. Besides…we had other ways around the quota if we needed them.

PRESIDENTIAL PARDON

Remember those teletype terminals? The metal benches that squatted over piles of paper? The college administration decided to establish a satellite computer lab in a classroom building about 500 yards from the computer lab which was in the basement of the library. Not wanting to waste equipment or buy additional Televideo terminals, those sad old paper spewing benches with keyboards were exiled to a large closet under the stairs in the classroom building. They were linked by wire thrown into a shallow trench between the library and closet which was then covered with dirt. No grounding. No shielding. No conduit. No joy. Every time a leaf rustled or clouds bumped, the connection was lost and had to be reset. Students soon learned that the steampunk single line limited terminals were now not just slow, but often dead. No one used them. The staff complained about the work it took to keep old terminals in any empty room connected. They were ignored. I guess having a second computer lab to brag about without any additional cost, was worth grumbling from the support staff even if it was unused.

The satellite lab did have two advantages. One was no waiting or time limit for terminal use. No one was there. This was also the second advantage. No. One. Was. There. Not only were students not in the building, there was NO staff in the evening. So no one shoulder surfing your code (see above). The computer aides and supervisors were 500 yards and four doors away. So even if you popped up on the status monitor, you had plenty of time for a getaway assuming your activities were worth leaving the comfy library to investigate. Faced with chasing one stray or shepherding the corralled herd, supervisors rarely left the ranch house.

One night I was working on a project in my private computer lair. The door opens. This has never happened. Stay calm, someone is probably just lost. It was the president of the college. This may be bad, I thought, he probably isn’t lost. But I smiled and said “Hello”.  Why not? I wasn’t breaking any rules as far as he knew. Mostly, because they hadn’t made computer rules yet.

The President boomed out a way too loud greeting for a nearly empty closet: “Hello! Glad to see you working in here. How is the lab working out?” I bet he was glad to see me. I wondered how many times he had found an empty room, probably every other time. I thought, here’s my chance to speak truth to power and to practice the Hacker ethic when caught, don’t retreat, charge!

“Well”, thinking quickly, “they aren’t really used. You see, there is no supervision here. If a student gets stuck there is no one to help.” I wanted to frame the lack of supervision as a lost opportunity for help and learning for this poor lonely student, me…not have him wonder what other opportunities I could find with no supervision. I also was hoping for some extra hours since I was one of the computer aides. Maybe I could get paid to be in my private computer lair. Go big or go home. And I lived on-campus, so home was not an option.

He left abruptly. It was only after he left that I noticed I wasn’t breathing.

The next day, I came into the main computer lab in the library and found the benches were back! The supervisor told me he didn’t understand it, he had been complaining for weeks with no result, but today the old terminals were just brought back from the classroom building without explanation.

I was happy to explain. “Oh, I told the president last night the classroom lab just wasn’t working out. You’re welcome.” I had lost my private computer lair, but the look on his face was almost worth it. I didn’t investigate whether the terminals returned so lone students could get help or to prevent lone students from helping themselves.

IT’S A TRAP!

I went back to my college about a decade after the exploits and had a tour of the completely rebuilt computer center. I pressed him about the current balance between freedom and security. He admitted that there was one way a student could not only get banned from the computer but expelled from the college: if a “password grabber” program was found on their account.

I didn’t have to ask what that was. I had written the first one on the system. Thankfully they had not thought to make that rule back then. Although, I wondered if I should ask if they would name the rule after me, like other alumni had plaques or buildings dedicated to them. Probably best I didn’t pursue the honor.

The password grabber started with ringing bells on the printer. Some student watching the system status screens discovered that printing was done with something then called “pseudo-keyboards”, “virtual” would be the term today. These keyboards could be attached to devices other than your own terminal, like a printer, and control that device. The first exploit was to send ^G (ASCII Code 07) to a pseudo-keyboard attached to the printer. In the ASCII standard, ^G is defined as BEL, which made a beep or ding: a BELL. Later, I learned how to rapidly turn on and off the single toned beep, to match the frequency of notes and play a little melody, but for now, we were limited to trying to time the commands to have the printer play a single note version of Jingle Bells, more or less. The Line Printer Jukebox effort did not get good reviews among the music critics trying to program in the lab.

After the complaints became greater than the giggles, which was nearly instantaneously, I thought about other system devices that pseudo keyboards could be attached. I realized that devices included every terminal including the ones the staff used to log-in as administrator. In fact, pseudo-keyboards could do more with terminals than ring a bell, they could display text: like the text in a standard log off message and the system login prompt. Since the system login program was written in BASIC, the display output could be matched by a BASIC program. I knew BASIC. With INPUT replaced by INKEY$ for password entry (so “stars” could be displayed instead of typed password characters) a write of the entered credentials to a file, and after printing the standard “Invalid login. Please try again.”, an exit to the real login program: I had a password grabber.

Since there was no fear of expulsion in those days, and I had a friendly helper/competitor relationship with the staff; I showed the director the abilities of pseudo-keyboards beyond beeping the printer. This added some drama to his every login. From then on he started every login by first savagely jamming down CTRL-C and filling the screen with ^Cs, sometimes with a victorious chuckle. After all, a ^C stops the execution of processes and BASIC programs such as my password grabber, which then returns the terminal to system control.

I was a little sad at the brief life of my password grabber. ^C seemed a little like cheating, it was too easy to break a program. (Breaking password grabbers is why some systems require CTRL-ALT-DEL, a descendent of ^C, before logging on today.)

In my sadness, I wondered why system programs written in BASIC didn’t break with ^C. Searching the manuals I found that the system offered a ^C trap, that sent execution to a special handler in the program instead of stopping the program. Another ^C would break the handler execution…unless the first thing the handler did was re-enable the ^C trap. I never used the ^C proof program or shared it, I didn’t want to risk it getting out. Beside it would have ruined the joy the director’s login finger dance gave us. He was happy he outsmarted me. I was happy knowing he just thought he did.

I was glad to have the opportunity and time to explore a new computer system. By being helpful on various projects, sharing what I found with the administrators, and even working at the computer center my hacking was viewed as exploring and learning not as a threat to system security, other students or the college. I hope the hacker ethos of helping others use computer and other systems even better than their makers planned continues to make on-line and real life more efficient, helpful, happy and secure.