[Info-vax] Any PDP-11 RSX-11 fans looking to be horribly underpaid

Johnny Billquist bqt at softjar.se
Tue Jan 16 16:13:58 EST 2018 

On 2018-01-14 16:54, Bill Gunshannon wrote:
> On 01/14/2018 05:17 AM, Simon Clubley wrote:
>> On 2018-01-12, terry-groups at glaver.org <terry-groups at glaver.org> wrote:
>>>
>>> I guess this proves the people who said "no company would be insane 
>>> enough to
>>> run those operating systems in production" wrong, over in the security
>>> vulnerability thread.
>>
>> While it's not exactly a great situation to be in, it is manageable
>> in some environments to some extent provided you take the proper
>> precautions and provided you realise that your old systems are
>> hopelessly insecure.
>>
>> My real problem is with those people who think they can treat their
>> old VMS systems as if they were modern secured systems because in
>> their mindset "those security issues that other operating systems
>> have don't affect VMS so I don't have to worry about them". :-(
>>
>> Those are the people who need to be woken up before the third party
>> security researchers do it for them.
>>
>> Simon.
>>
> 
> I have never heard of any successful break-ins of an RSX system
> thru the Internet and, yes, they do have TCP/IP.

While I don't have any reports of break-ins to tell, I do have an 
example of a crashed RSX system through the internet. This was many 
years ago, on a RSX-11M-PLUS V4.4 system back in the mid 90s. 
Magica.Update.UU.SE actually, which is still available online, and since 
there are guest accounts, break-ins are sort of a non-issue.

But anyway, some russians found out about the system, and logged in. 
Funnily enough, they had quite some experience with RSX, from working on 
russian clones, and a russified version of RSX. They had found some 
security issues back in time, which they were curious if they were still 
around, and they tested them, and crashed the system.
They mailed me and apologized a lot, and told me about the issues, which 
I forwarded to Mentec. At least some of them were fixed in the next RSX 
release. :-)
But I know a way or two to crash an RSX system straight away even today.
If I ever get to do a new release of RSX, a few more of those holes will 
be fixed.

But, all that said, Magica.Update.UU.SE (a real 11/70) and 
Mim.Update.UU.SE (an emulated 11/74) are online on the internet, and 
constantly being hit by people and bots from all over the world, with no 
issues so far. And believe me, they get hit *a lot*.

Mostly funny to see how confused people and bots get.

   Johnny

-- 
Johnny Billquist                  || "I'm on a bus
                                   ||  on a psychedelic trip
email: bqt at softjar.se             ||  Reading murder books
pdp is alive!                     ||  tryin' to stay hip" - B. Idol

More information about the Info-vax mailing list