IETF

The Internet Engineering Task Force is a group of very smart people with the goal of making solid interoperable internet protocols that are not encumbered by patents or trademarks. They meet up four times a year at different locations all over the world. I try to attend at least two each year.

ietf

If you are a software engineer interested in protocols, I really recommend attending these meetings. These are not “sit back and relax” conferences you take as a break from boring work days. These are meetings where smart people work hard to make things happen (ahum, though sometimes not as fast as we would want to).

Recent Posts

Why the Sun 2 has the message “Love your country, but never trust its government”

(UPDATE: Sevan Janiyan pointed out the Sun 2 was not a SPARC system)

Yesterday, Alec Muffet posted a few tweets regarding the Sun SPARC 2 bootloader’s DES routines.

des

Alec figured that message was never supposed to be seen and suggested it was a kind of silent protest of someone in Sun against the US Government. I replied, saying I was pretty sure such a message anywhere in the Sun bootprom code must have originated by John Gilmore. So I asked John, and he did not disappoint. This is what I wrote me back:

> That must have been you? :)

Yes. Vinod Khosla, first President of Sun, came to me at one point
and said to put something hidden, triggered in an unexpected way, into
the ROM Monitor, so that if somebody cloned the Sun Workstation
(violating our software’s copyright), we could do that unexpected thing
to the competitor’s demo workstation at a trade show and thereby prove
that they had cloned it.

The ROM Monitor command that printed “Love your country, but never
trust its government.” was “k2” followed by control-B and RETURN. (To
get to the ROM Monitor from the running Unix display, you had to hold
down the L1 key and hit “A” then release both; the monitor had special
code looking for that key sequence.) I had found that saying years
before on a hand-painted sign tacked up on a pole or tree in central
Pennsylvania, wrote it into one of my notebooks at the time, and
plucked it out as the hidden thing after Vinod asked. In the source
code it was obscured as a set of hex numbers, but in the binary it was
visible. (I didn’t bother to XOR it with something to make it more
hidden.)

The circumstance Vinod was concerned about never did come about;
nobody stole the Sun boot roms. Early 680x0s didn’t come with a
standard MMU, so everybody who wanted virtual memory had to invent
their own, and our roms were very tied to our custom static-ram based
zero-wait-state MMU, which was also patented. A few companies
licensed the board design from us, like Imagen for a laser printer
controller, but they had a license to use the ROMs.

The DES chip slot was intended to speed up DES for high security
networking applications, and we did get it working. I think Bill Joy
was the one who made it a part of the architecture, all the way
through the Sun-3, thinking that we’d use it as part of securing the
network file system. But the chip was expensive and
export-controlled, and our software never really used it (NFS ran in
plaintext and used the sender’s IP address for authentication!). So
it didn’t get stuffed on the production boards, and eventually they
stopped stuffing the support chips too. Tom Lyon wrote a nice device
driver for it, and a “des” user command that would use the chip for
file encryption if it existed (or fall back to software).
In one 68010 based model we also put in a slot for an Intel floating
point chip — I think the one that came with the 80286. We got it
working (I did the initial debugging) and fed it commands and
arguments via manual peek/poke in software. Doing that was somewhat
faster than the software floating point that we were otherwise using,
despite the overhead. But as I recall, Intel wouldn’t sell us the
chips in volume, because they didn’t want to make the 68000 more
competitive against their own x86 chips. So we had to wait til the
68020/68881 came out (Sun-3 era) before we had fast floating point.

It’s nice that Matt Fredette made a Sun-2 emulator. I may have
images of old SunOS release tapes that might work in it. And I have a
Sun “FE Handbook” for the field engineers, that has a lot of the
details about what chips go where, what the jumpers on each board
mean, what the memory map of each board looks like, and etc.

You can forward this info on to whoever…

John

  1. The SLOTH attack and IKE/IPsec Leave a reply
  2. 66% of VPN’s are not in fact broken 5 Replies
  3. DNSSEC prevented NetworkSolutions from stealing customer email Leave a reply
  4. The weak DH and LogJam attack impact on IKE / IPsec (and the *swans) 2 Replies
  5. Some alt.fan.pratchett quotes from the Usenet days Leave a reply
  6. Don’t stop using IPsec just yet 14 Replies
  7. deFUDing “DNSSEC has failed” 16 Replies
  8. Development of libreswan vs openswan 6 Replies
  9. History and implementation status of Opportunistic Encryption for IPsec 5 Replies