Exploiting this is close to trivial because the adjacent buffer contains the pw entry. So, you can control what the input is compared with.
That way the password check can be bypassed without injecting code.
> By using this service, you acknowledge that terminal sessions may be logged for educational and debugging purposes. No personal data is collected beyond your IP address.
Is this all open source and is the code available? So that we know where the data is truly going?
And even more to the point: this is a website. What is he afraid of this website doing that all the other websites don't already do? Why single this one out?
Yeah it’s unlikely that this site will collect any meaningful data and it’s unlikely that you lose any meaningful data by playing with a virtual unix from the 70ies.
Did they get a license from Novell for this or is this as illegal as many of the other emulator sites with copyrighted software on them? Considering the page doesn't mention it, I'm leaning towards it being copyright infringement.
This copy of Unix v4 came from AT&T and not one of the freely licensed ones Caldera released. Caldera may own the rights now for this unearthed copy, but I am not aware that they have provided licenses for this new release.
If your argument is that Caldera might not actually have the rights to UNIX in the first place to grant the license, that's fair.
But the license they provided (http://www.lemis.com/grog/UNIX/ancient-source-all.pdf) explicitly names versions 1, 2, 3, 4, 5, 6, and 7 of UNIX for the 16-bit PDP-11. Yes, these versions originated at AT&T (Bell Labs) but are distinct legally from SysIII and SysV UNIX, also from AT&T, which are explicitly not covered by the Caldera license.
In the sense that the company I work for would be financially harmed if copyright infringement of software was freely allowed. I benefit from the ability of people being able to sell rights to use software.
It's one thing to digitize and archive ancient software, it's another thing to allow people to freely use it without acquiring the proper license for it.
> By using this service, you acknowledge that terminal sessions may be logged for educational and debugging purposes. No personal data is collected beyond your IP address.
Is this all open source and is the code available? So that we know where the data is truly going?
Hard to trust it if it isn't fully OSS.
This is a cool demo though.
Clarification requested: How is ‘trust’ applicable to this site?
It's an emulated PDP-11, could you elaborate on the threat model here?
I get that companies are being gross about logging everything online, but come on. It's okay to have fun.
Who in their right mind is using this for anything other than curiosity's sake?
You aren’t getting downvoted enough.
Gotta stick the "This product includes software developed or owned by Caldera International, Inc." notice on it though.
But the license they provided (http://www.lemis.com/grog/UNIX/ancient-source-all.pdf) explicitly names versions 1, 2, 3, 4, 5, 6, and 7 of UNIX for the 16-bit PDP-11. Yes, these versions originated at AT&T (Bell Labs) but are distinct legally from SysIII and SysV UNIX, also from AT&T, which are explicitly not covered by the Caldera license.
In the sense that the company I work for would be financially harmed if copyright infringement of software was freely allowed. I benefit from the ability of people being able to sell rights to use software.
It's one thing to digitize and archive ancient software, it's another thing to allow people to freely use it without acquiring the proper license for it.