Exploiting this is close to trivial because the adjacent buffer contains the pw entry. So, you can control what the input is compared with.
That way the password check can get bypassed without injecting code.
> By using this service, you acknowledge that terminal sessions may be logged for educational and debugging purposes. No personal data is collected beyond your IP address.
Is this all open source and is the code available? So that we know where the data is truly going?
And even more to the point: this is a website. What is he afraid of this website doing that all the other websites don't already do? Why single this one out?
Did they get a license from Novell for this or is this as illegal as many of the other emulator sites with copyrighted software on them? Considering the page doesn't mention it, I'm leaning towards it being copyright infringement.
This copy of Unix v4 came from AT&T and not one of the freely licensed ones Caldera released. Caldera may own the rights now for this unearthed copy, but I am not aware that they have given licensed this new release.
In the sense that the company I work for would be financially harmed if copyright infringement of software was freely allowed. I benefit from the ability of people being able to sell rights to use software.
It's one thing to digitize and archive ancient software, it's another thing to allow people to freely use it without acquiring the proper license for it.
Reading the source unearths interesting things: https://sigma-star.at/blog/2025/12/unix-v4-buffer-overflow/
I kept expecting an exploit :) Something to poke at on a slow evening, I guess, though with the buffer in static memory it might be difficult.
Exploiting this is close to trivial because the adjacent buffer contains the pw entry. So, you can control what the input is compared with. That way the password check can get bypassed without injecting code.
I managed to get in after a few tries. But then I got a timeout. I think I'm going to wait until the HN deathhug is over :D
Rate limited! a new record!
Getting a rate limit error, but I haven't used the program.
Almost slashdotted.
Just a heads up:
> By using this service, you acknowledge that terminal sessions may be logged for educational and debugging purposes. No personal data is collected beyond your IP address.
Is this all open source and is the code available? So that we know where the data is truly going?
Hard to trust it if it isn't fully OSS.
This is a cool demo though.
> Hard to trust it
Clarification requested: How is ‘trust’ applicable to this site?
Even if it was open source how do you know its not a fork?
And even more to the point: this is a website. What is he afraid of this website doing that all the other websites don't already do? Why single this one out?
WARNING: YOU ARE ABOUT TO OPEN A WEBPAGE.
> Hard to trust it if it isn't fully OSS
It's an emulated PDP-11, could you elaborate on the threat model here?
I get that companies are being gross about logging everything online, but come on. It's okay to have fun.
Who in their right mind is using this for anything other than curiosity's sake?
Little bit of banking on an emulator on a random website, why not?
bitcoin will not be mined on its own.
Did they get a license from Novell for this or is this as illegal as many of the other emulator sites with copyrighted software on them? Considering the page doesn't mention it, I'm leaning towards it being copyright infringement.
In 2002, Caldera licensed Research Unix <= 7th edition and 32-bit 32V Unix under a BSD-style license.
Gotta stick the "This product includes software developed or owned by Caldera International, Inc." notice on it though.
This copy of Unix v4 came from AT&T and not one of the freely licensed ones Caldera released. Caldera may own the rights now for this unearthed copy, but I am not aware that they have given licensed this new release.
Personal financial stake in this, or do you regularly police the use of ancient software?
>Personal financial stake in this
In the sense that the company I work for would be financially harmed if copyright infringement of software was freely allowed. I benefit from the ability of people being able to sell rights to use software.
It's one thing to digitize and archive ancient software, it's another thing to allow people to freely use it without acquiring the proper license for it.