The comment from the owner of the disk he cracked is pretty great:<p>Doug Wyatt January 4, 2018 at 10:38 PM<p>I'm flabbergasted. That's my Alto disk you broke into!<p>The APL stuff is surely related to some work I did with Leo Guibas, showing why lazy evaluation would be a really good idea for implementing APL: see Compilation and delayed evaluation in APL, published January 1978. (That paper gives me an enviable Erdős number of 3, since Leo is a 2.) I'm sure it's not a complete APL implementation, just a proof of concept. It happens that my very first part-time job at PARC, in 1973, involved writing decision analysis software in APL -- on a timesharing system!<p>Given the AATFDAFD hint, I'd guess the real password is ADDATADFAD. This derives from a project I did with Jef Raskin at UCSD in 1974. (He mentioned it in this interview.) The Data General Nova we were working with produced some garbled message with ADDATADFAD where it should have said ADDITIONAL, and it was a running joke ever after. Strange, the things that occupy some brain cells for over 40 years.<p>Thanks for an amusing blast from the past.<p>-- Doug Wyatt (Xerox PARC 1973-1994)
Reminds me of a year or two ago when I had to boot my old SGI. Forgot the user password on IRIX and thought that this is where I'll be clever (hacking terminals, matrix music in the background, etc.). Turns out, IRIX had 8 character limit for user passwords. Thanks to the modern GPUs and a passwd file restored from the system (on a recovery console), a few hours later I had the password brute-forced. I'll get to be clever hax0r next time, I guess.
Very cool that he found a flaw in the algorithm<p>But this is really the antithesis of what a zero-day originally was, which was a crack circulated on <i>or even before</i> the release day of software[0]. The Alto is 45 years old :)<p>Odd how words and phrases can change so much over a short period of time that they invert their meaning.<p>[0] that's what it meant in the early / mid 1990s when I was peripherally involved. Now it seems to mean 'zero days of notification to the vendor'.
My own adventure disabling PowerBook Password Security on an old Mac:<p><a href="https://bslabs.net/2016/01/30/disabling-powerbook-password-security/" rel="nofollow">https://bslabs.net/2016/01/30/disabling-powerbook-password-s...</a>
Passwords like "HGFIHD" and "AAJMAKAY" look like initialisms. It might be fun to try to decode them. (xxxAKAY on a Xerox PARC disk from the 70s/80s... could it be?)
I always find security measures on old-school systems interesting. They always seem more geared towards keeping semi-honest mischief makers out than serious security. Which makes sense, based on the context of the time I guess.<p>IIRC, the Xerox Pilot OS was purely cooperative multitasking with a single shared address space.
German IT news site heise.de posted a nice tongue-in-cheek article about the vulnerability:
<a href="https://www.heise.de/newsticker/meldung/XeroxDay-Zero-Day-Schwachstelle-bei-Xerox-Alto-gefunden-1elf-3934443.html" rel="nofollow">https://www.heise.de/newsticker/meldung/XeroxDay-Zero-Day-Sc...</a>
> Salting passwords also protects against password attacks using precomputed rainbow tables, but that wasn't a concern back then.<p>Hmm, if not to defend against rainbow tables... why were the passwords salted back then?