Software Piracy
What is Software Piracy
The PC industry is just over 20 years old. In those 20 years, both the quality and quantity of available software programs have increased dramatically. Although approximately 70% of the worldwide market is today supplied by developers in the United States, significant development work is occurring in scores of nations around the world. But in both the United States and abroad, unauthorized copying of personal computer software is a serious problem. On average, for every authorized copy of personal computer software in use, at least one unauthorized copy is made. Unauthorized copying is known as software piracy, and in 1994 it cost the software industry in excess of US$15 billion. Piracy is widely practiced and widely tolerated. In some countries, legal protection for software is nonexistent (i.e., Kuwait); in others, laws are unclear (i.e. Israel), or not enforced with sufficient commitment (i.e., the PRC). Significant piracy losses are suffered in virtually every region of the world. In some areas (i.e., Indonesia), the rate of unauthorized copies is believed to be in excess of 99%.
Why do People Use Pirated Software?
A major reason for the use of pirated software is the prices of the REAL thing. Just walk into a CompUSA, Electronics Boutique, Computer City, Egghead, etc and you will notice the expensive price tags on copies of the most commonly used programs and the hottest games. Take the recent Midwest Micro holiday catalogue for example and notice the prices. Microsoft Windows 95: $94, Microsoft Office 95: $224, Microsoft Visual C++: $250, Borland C++: $213, Corel Draw 7: $229, Corel Office Professional 7: $190, Lotus Smartsuite 96: $150, Microsoft Flight Simulator95: $50, Warcraft 2: $30. The list goes on and on and the prices for the programs listed above were only upgrade versions. Users of the software listed above include anywhere from large companies like AT&T to yourself, the average user at home. Although a $30 game like Warcraft 2 doesn't seem like much, by the time you finish reading this paper, it will seem like a fortune.
Ease of Availability
Since the law states clearly that making a copy of what you own and distributing it or installing more than one copy of one piece of software on two separate computers is illegal, then why do the average Joes like you and us still do it? There are many answers to that question and all of them seem legitimate except that no answers can be legally justified. A friend borrowing another friend's Corel draw or Windows 95 to install on their own PC is so common that the issue of piracy probably doesn't even come to mind right away or even at all.
Pirated Software on the Internet
The Internet is sometimes referred to as a "Pirate's Heaven." Pirated software is available all over the net if you bother to look for them. Just go to any of the popular search engines like Excite, Infoseek or Yahoo and type in the common phrase "warez, appz, gamez, hacks" and thousands of search results will come up. Although many of the links on the pages will be broken because the people have either moved the page or had the page shut down, some of the links will work and that one link usually has a decent amount of stuff for you to leech off of or a better way to put it is for you to download.
Web Sites That we Have Personally Visited:
Jelle's Warez Collection
Wazh's Warez Page
Beg's Warez Page
Chovy's Empire
The Spawning Grounds
GAMEZ
Lmax's Warez Page
Jugg's Warez-List
Jureweb Warez Page
Top Warez Page
Why Are They There?
Why is there pirated software on the net? There could only be two possible answers. Either the people who upload these files are very nice people or they do it just because its illegal and browsers of the web like us wouldn't mind taking our time to visit these sites to download the software. What they get out of it is the thousands of "hits" their sites get a day which makes them very happy.
Anonymous and Account-Based FTP Sites
FTP stands for File Transfer Protocol. FTP sites are around so that people can exchange software with each other and companies like Microsoft can distribute info and demos to users who visit their FTP site. Something they don't want happening is the distribution of their full-release products on "Pirate" FTP sites. "Pirate" FTP sites come and go. Most sites don't stay up for more than a day or two. They are also referred to as 0 day FTP sites. Its extremely difficult to logon to these sites becasuse they are usually full of leechers like us or require a username and password.
FTP Sites That we Have Visited:
ftp://ftp.epri.com
ftp://ftp.dcs.gla.ac.uk
ftp://204.177.0.18
ftp://207.48.187.133
ftp://192.88.237.2
ftp://153.104.11.94
ftp://208.137.11.105
ftp://194.85.157.2
Newsgroups
There are over 20,000 newsgroups on the net. The majority of them are nonsense but if you happen to stumble upon the right one, you'll be able to get almost any crackor serial number for any game or program. Although programs and games are not abundant on newsgroups, you'll be able to obtain registered programs of such popular shareware like Winzip and Mirc and if you post trade requests, people will respond to your request.
Newsgroups With Cracks, Serial #'s, Programs and Games
News:alt.binaries.cracks
News:alt.binaries.games
News:alt.crackers
News:alt.cracks
News:alt.hacker
News:alt.binaries.warez.ibm-pc
News:alt.binaries.warez.ibm-pc.games
News:alt.warez.ibm-pc
Exchanging Through E-Mail
It is illegal to send copyrighted programs and games through e-mail but does anyone really care? Everyday, there are hundreds and thousands of illegally attached programs and games sent through the net in the form of e-mail. Just visit any of the above newsgroups and you'll see listings of people who want to trade through e-mail. We placed an ad in news:alt.binaries.cracks requesting three programs: Magnaram 97, Qemm8.0 and Corel Draw 7. We managed to receive both Magnaram 97 and Qemm 8.0 through e-mail from some nice person but did not receive Corel Draw 7 most likely because it was not a reasonable demand.
Modem Speeds
Part of the reason nobody sent us Corel Draw 7 is because of the size of the program and the many hours it takes to upload and download it. The two most common modem speeds at the time that this report was written are 28.8kbps and 14.4kbps. Both speeds are considered to be extremely slow when it comes to transferring enormous amounts of data. Most of the programs and games nowadays are on CD-Roms which if full, contain 650MB of data. The new X2 Technology, Cable modems, ISDN modems and DirecPC satellite dishes could solve the long download time problems a little better considering that all the above mentioned modems are two to fourteen times faster in transferring data than the 28.8kbps modems.
Cost of Pirated Software To The Industry
Piracy cost companies that produce computer software $13.1 billion in lost revenue during 1995. The loss exceeded more than the combined revenues of the 10 largest personal computer software companies. The dollar loss estimates were up from the $12.2 billion in 1994 because of the spreading use of computers worldwide.
Microsoft (The Big Loser)
MS Windows 95 $179
MS Office Pro 95 $535
MS Project 95 $419
MS Publisher 97 $69
MS Visual C++ 4.0 $448
These are the prices they expect people to buy their software at. In Hong Kong, copies of these lucrative pieces software can be had for about five US dollars for all of them on one CD very easily. That will be further explained later.
The Honest Consumer
Software piracy harms all software companies and, ultimately, the end user. Piracy results in higher prices for honest users, reduced levels of support and delays in funding and development of new products, causing the overall breadth and quality of software to suffer.
US Laws
In 1964, the United States Copyright Office began to register software as a form of literary expression. The Copyright Act, Title 17 of the U.S. Code, was amended in 1980 to explicitly include computer programs. Today, according to the Copyright Act, it is illegal to make or distribute copyrighted material without authorization. The only
exceptions are the user's right to make a copy as an "essential step" in using the program (for example, by copying the program into RAM) and to make a single backup copy for archival purposes (Title 17, Section 117). No other copies may be made without specific authorization from the copyright owner. In December 1990, the U.S. Congress approved the Software Rental Amendments Act, which generally prohibits the rental, leasing or lending of software without the express written permission of the copyright holder. This amendment followed the lead of the British Parliament (which passed a similar law, The Copyright, Designs and Patents Act, in 1988), and adds significant additional protection against unauthorized copying of personal computer software. In addition, the copyright holder may grant additional rights at the time the personal computer software is acquired. For example, many applications are sold in LAN (local area network) versions that allow a software package to be placed on a LAN for access by multiple users. Additionally, permission is given under special license agreement to make multiple copies for use throughout a large organization. But unless these rights are specifically granted, U.S. law prohibits a user from making duplicate copies of software except to ensure one working copy and one archival copy. Without authorization from the copyright owner, Title 18 of U.S. Code prohibits duplicating software for profit, making multiple copies for use by different users within an organization, downloading multiple copies from a network, or giving an unauthorized copy to another individual. All are illegal and a federal crime. Penalties include fines of up to $250,000 and jail terms up to five years (Title 18, Section
2320 and 2322).
Business Software Alliance (BSA)
The Business Software Alliance (BSA) promotes the continued growth of the software industry through its international public policy, enforcement, and education programs in 65 countries throughout North America, Europe, Asia, and Latin America. Founded in 1988, BSA's mission is to advance free and open world trade for legitimate business software by advocating strong intellectual property protection for software.
BSA's worldwide members include the leading publishers of software for personal computers such as Adobe Systems, Inc., Apple Computer, Inc., Autodesk, Inc., Bentley Systems, Inc., Lotus Development Corp., Microsoft Corp., Novell, Inc., Symantec Corp., and The Santa Cruz Operation, Inc. BSA's Policy Council consists of these publishers and other leading computer technology companies including Apple Computer Inc., Computer Associates International, Inc., Digital Equipment Corp., IBM Corp., Intel Corp., and Sybase, Inc. Statistics of Software Piracy.
Court Cases
Inslaw vs. Dept. of Justice
-Sued Justice Dept for Software piracy.
-In 1982, Inslaw landed a $10M contract with the Justice Dept. to install
PROMIS case-tracking software in 20 offices.
-They allegedly spent $8M enhancing PROMIS on the assumption that they
could renogotiate the contract to recoup the expenses.
-But after the Justice Dept. got the source code, they terminated the contract
pirated the code
-By 1985, Inslaw was forced into bankruptcy.
-Owners kept fighting and the case ended up in the US Bankruptcy Court
-In Feb. '88, Inslaw was awarded $6.8M in damages plus legal fees
Novell and Microsoft Settle Largest BBS Piracy Case Ever
-Scott W. Morris, operator of the Assassin's Guild BBS, agreed to pay
Microsoft and Novell $73,00 in cash and forfeit computer hardware valued at
More than $40,000
-In the raid, marshals seized 13 computers, 11 modems, a satellite dish, 9 gigs
of online data, and over 40 gigs of off-line data
Novell Files Software Piracy Suits Against 17 Companies in California
-The suits allege that the defendants were fraudulently obtaining Novell
upgrades and/or counterfeiting NetWare boxes to give the appearance of a
a new product
-The suit follows Novell's discovery that the upgrade product was being sold
in Indonesia, the United Kingdom, United Arab Emirates, as well as the US
F.B.I. Reveals Arrest in Major CD-Rom Piracy Case
-The first major case of CD-Rom piracy in the United States
-A Canadian father and son were found in possession of 15,000 counterfeit
copies of Rebel Assault and Myst that were being sold at 25% of the retail
value
-Both men were free on bail
Pirated Software in Asia and the Rest of the World
Pirate Plants in China
The Chinese government says there are 34 factories in China producing compact discs and laser discs. Authorities say most have legitimate licenses to produce legal CDs.
But production capacity far outstrips domestic demand. According to the International Intellectual Property Alliance, a Washington, D.C.-based consortium of film, music, computer software and publishing businesses, China produces an estimated 100 million pirated CDs a year, while its domestic market is only 5 million to 7 million CDs annually.
Where is the oversupply going? To Hong Kong, and then overseas. Another major problem is that Chinese officials and soldiers have money invested to these factories so no matter how hard the US pushes China to close down these factories, the Chinese government will have a laid back approach. Software piracy in Asia is connected to organized crime.
Vendors in Hong Kong
The Golden Shopping Arcade in Hong Kong's Sham Shui Po district is a software pirate's dream and software companies nightmare. Here you can buy Cd's called Installer discs for about nine dollars US. All volumes of these installers contain 50+ programs each compressed with a self-extracting utility. Volume 2 has a beta copy of Windows 95 as well as OS/2 Warp, CorelDraw! 5, Quicken 4.0, Atari Action Pack for Windows, Norton Commander, KeyCad, Adobe Premier, Microsoft Office, and dozens of other applications, including a handful written in Chinese. The programs on this disc cost around $20,00-$35,000 US retail. It is very common for a store to be closed for a portion of the day and then reopen later because of raids from authorities. These stores as you can expect are extremely crowded with kids and tourists.
US Tourists
A good number of Americans who travel to Hong Kong or another part of Asia will bring home pirated software of some sort because of the very low prices for expensive pieces of software here in the US. The usual way to do it is to stuff the cd's in clothes and hand carried luggage. Another approach is sending them back to the US using the postal service. Both of these methods work very well. We have had relatives who have done this for us and the success rate thus far is 100%. The United States Customs Service has been trained in the apprehension of software pirates at ports of entry but this is a joke because they are more worried about illegal immigrants and terrorists rather than software pirates.
Software Piracy
What is Software Piracy
The PC industry is just over 20 years old. In those 20 years, both the quality and quantity of available software programs have increased dramatically. Although approximately 70% of the worldwide market is today supplied by developers in the United States, significant development work is occurring in scores of nations around the world. But in both the United States and abroad, unauthorized copying of personal computer software is a serious problem. On average, for every authorized copy of personal computer software in use, at least one unauthorized copy is made. Unauthorized copying is known as software piracy, and in 1994 it cost the software industry in excess of US$15 billion. Piracy is widely practiced and widely tolerated. In some countries, legal protection for software is nonexistent (i.e., Kuwait); in others, laws are unclear (i.e. Israel), or not enforced with sufficient commitment (i.e., the PRC). Significant piracy losses are suffered in virtually every region of the world. In some areas (i.e., Indonesia), the rate of unauthorized copies is believed to be in excess of 99%.
Why do People Use Pirated Software?
A major reason for the use of pirated software is the prices of the REAL thing. Just walk into a CompUSA, Electronics Boutique, Computer City, Egghead, etc and you will notice the expensive price tags on copies of the most commonly used programs and the hottest games. Take the recent Midwest Micro holiday catalogue for example and notice the prices. Microsoft Windows 95: $94, Microsoft Office 95: $224, Microsoft Visual C++: $250, Borland C++: $213, Corel Draw 7: $229, Corel Office Professional 7: $190, Lotus Smartsuite 96: $150, Microsoft Flight Simulator95: $50, Warcraft 2: $30. The list goes on and on and the prices for the programs listed above were only upgrade versions. Users of the software listed above include anywhere from large companies like AT&T to yourself, the average user at home. Although a $30 game like Warcraft 2 doesn't seem like much, by the time you finish reading this paper, it will seem like a fortune.
Ease of Availability
Since the law states clearly that making a copy of what you own and distributing it or installing more than one copy of one piece of software on two separate computers is illegal, then why do the average Joes like you and us still do it? There are many answers to that question and all of them seem legitimate except that no answers can be legally justified. A friend borrowing another friend's Corel draw or Windows 95 to install on their own PC is so common that the issue of piracy probably doesn't even come to mind right away or even at all.
Pirated Software on the Internet
The Internet is sometimes referred to as a "Pirate's Heaven." Pirated software is available all over the net if you bother to look for them. Just go to any of the popular search engines like Excite, Infoseek or Yahoo and type in the common phrase "warez, appz, gamez, hacks" and thousands of search results will come up. Although many of the links on the pages will be broken because the people have either moved the page or had the page shut down, some of the links will work and that one link usually has a decent amount of stuff for you to leech off of or a better way to put it is for you to download.
Web Sites That we Have Personally Visited:
Jelle's Warez Collection
Wazh's Warez Page
Beg's Warez Page
Chovy's Empire
The Spawning Grounds
GAMEZ
Lmax's Warez Page
Jugg's Warez-List
Jureweb Warez Page
Top Warez Page
Why Are They There?
Why is there pirated software on the net? There could only be two possible answers. Either the people who upload these files are very nice people or they do it just because its illegal and browsers of the web like us wouldn't mind taking our time to visit these sites to download the software. What they get out of it is the thousands of "hits" their sites get a day which makes them very happy.
Anonymous and Account-Based FTP Sites
FTP stands for File Transfer Protocol. FTP sites are around so that people can exchange software with each other and companies like Microsoft can distribute info and demos to users who visit their FTP site. Something they don't want happening is the distribution of their full-release products on "Pirate" FTP sites. "Pirate" FTP sites come and go. Most sites don't stay up for more than a day or two. They are also referred to as 0 day FTP sites. Its extremely difficult to logon to these sites becasuse they are usually full of leechers like us or require a username and password.
FTP Sites That we Have Visited:
ftp://ftp.epri.com
ftp://ftp.dcs.gla.ac.uk
ftp://204.177.0.18
ftp://207.48.187.133
ftp://192.88.237.2
ftp://153.104.11.94
ftp://208.137.11.105
ftp://194.85.157.2
Newsgroups
There are over 20,000 newsgroups on the net. The majority of them are nonsense but if you happen to stumble upon the right one, you'll be able to get almost any crackor serial number for any game or program. Although programs and games are not abundant on newsgroups, you'll be able to obtain registered programs of such popular shareware like Winzip and Mirc and if you post trade requests, people will respond to your request.
Newsgroups With Cracks, Serial #'s, Programs and Games
News:alt.binaries.cracks
News:alt.binaries.games
News:alt.crackers
News:alt.cracks
News:alt.hacker
News:alt.binaries.warez.ibm-pc
News:alt.binaries.warez.ibm-pc.games
News:alt.warez.ibm-pc
Exchanging Through E-Mail
It is illegal to send copyrighted programs and games through e-mail but does anyone really care? Everyday, there are hundreds and thousands of illegally attached programs and games sent through the net in the form of e-mail. Just visit any of the above newsgroups and you'll see listings of people who want to trade through e-mail. We placed an ad in news:alt.binaries.cracks requesting three programs: Magnaram 97, Qemm8.0 and Corel Draw 7. We managed to receive both Magnaram 97 and Qemm 8.0 through e-mail from some nice person but did not receive Corel Draw 7 most likely because it was not a reasonable demand.
Modem Speeds
Part of the reason nobody sent us Corel Draw 7 is because of the size of the program and the many hours it takes to upload and download it. The two most common modem speeds at the time that this report was written are 28.8kbps and 14.4kbps. Both speeds are considered to be extremely slow when it comes to transferring enormous amounts of data. Most of the programs and games nowadays are on CD-Roms which if full, contain 650MB of data. The new X2 Technology, Cable modems, ISDN modems and DirecPC satellite dishes could solve the long download time problems a little better considering that all the above mentioned modems are two to fourteen times faster in transferring data than the 28.8kbps modems.
Cost of Pirated Software To The Industry
Piracy cost companies that produce computer software $13.1 billion in lost revenue during 1995. The loss exceeded more than the combined revenues of the 10 largest personal computer software companies. The dollar loss estimates were up from the $12.2 billion in 1994 because of the spreading use of computers worldwide.
Microsoft (The Big Loser)
MS Windows 95 $179
MS Office Pro 95 $535
MS Project 95 $419
MS Publisher 97 $69
MS Visual C++ 4.0 $448
These are the prices they expect people to buy their software at. In Hong Kong, copies of these lucrative pieces software can be had for about five US dollars for all of them on one CD very easily. That will be further explained later.
The Honest Consumer
Software piracy harms all software companies and, ultimately, the end user. Piracy results in higher prices for honest users, reduced levels of support and delays in funding and development of new products, causing the overall breadth and quality of software to suffer.
US Laws
In 1964, the United States Copyright Office began to register software as a form of literary expression. The Copyright Act, Title 17 of the U.S. Code, was amended in 1980 to explicitly include computer programs. Today, according to the Copyright Act, it is illegal to make or distribute copyrighted material without authorization. The only
exceptions are the user's right to make a copy as an "essential step" in using the program (for example, by copying the program into RAM) and to make a single backup copy for archival purposes (Title 17, Section 117). No other copies may be made without specific authorization from the copyright owner. In December 1990, the U.S. Congress approved the Software Rental Amendments Act, which generally prohibits the rental, leasing or lending of software without the express written permission of the copyright holder. This amendment followed the lead of the British Parliament (which passed a similar law, The Copyright, Designs and Patents Act, in 1988), and adds significant additional protection against unauthorized copying of personal computer software. In addition, the copyright holder may grant additional rights at the time the personal computer software is acquired. For example, many applications are sold in LAN (local area network) versions that allow a software package to be placed on a LAN for access by multiple users. Additionally, permission is given under special license agreement to make multiple copies for use throughout a large organization. But unless these rights are specifically granted, U.S. law prohibits a user from making duplicate copies of software except to ensure one working copy and one archival copy. Without authorization from the copyright owner, Title 18 of U.S. Code prohibits duplicating software for profit, making multiple copies for use by different users within an organization, downloading multiple copies from a network, or giving an unauthorized copy to another individual. All are illegal and a federal crime. Penalties include fines of up to $250,000 and jail terms up to five years (Title 18, Section
2320 and 2322).
Business Software Alliance (BSA)
The Business Software Alliance (BSA) promotes the continued growth of the software industry through its international public policy, enforcement, and education programs in 65 countries throughout North America, Europe, Asia, and Latin America. Founded in 1988, BSA's mission is to advance free and open world trade for legitimate business software by advocating strong intellectual property protection for software.
BSA's worldwide members include the leading publishers of software for personal computers such as Adobe Systems, Inc., Apple Computer, Inc., Autodesk, Inc., Bentley Systems, Inc., Lotus Development Corp., Microsoft Corp., Novell, Inc., Symantec Corp., and The Santa Cruz Operation, Inc. BSA's Policy Council consists of these publishers and other leading computer technology companies including Apple Computer Inc., Computer Associates International, Inc., Digital Equipment Corp., IBM Corp., Intel Corp., and Sybase, Inc. Statistics of Software Piracy.
Court Cases
Inslaw vs. Dept. of Justice
-Sued Justice Dept for Software piracy.
-In 1982, Inslaw landed a $10M contract with the Justice Dept. to install
PROMIS case-tracking software in 20 offices.
-They allegedly spent $8M enhancing PROMIS on the assumption that they
could renogotiate the contract to recoup the expenses.
-But after the Justice Dept. got the source code, they terminated the contract
pirated the code
-By 1985, Inslaw was forced into bankruptcy.
-Owners kept fighting and the case ended up in the US Bankruptcy Court
-In Feb. '88, Inslaw was awarded $6.8M in damages plus legal fees
Novell and Microsoft Settle Largest BBS Piracy Case Ever
-Scott W. Morris, operator of the Assassin's Guild BBS, agreed to pay
Microsoft and Novell $73,00 in cash and forfeit computer hardware valued at
More than $40,000
-In the raid, marshals seized 13 computers, 11 modems, a satellite dish, 9 gigs
of online data, and over 40 gigs of off-line data
Novell Files Software Piracy Suits Against 17 Companies in California
-The suits allege that the defendants were fraudulently obtaining Novell
upgrades and/or counterfeiting NetWare boxes to give the appearance of a
a new product
-The suit follows Novell's discovery that the upgrade product was being sold
in Indonesia, the United Kingdom, United Arab Emirates, as well as the US
F.B.I. Reveals Arrest in Major CD-Rom Piracy Case
-The first major case of CD-Rom piracy in the United States
-A Canadian father and son were found in possession of 15,000 counterfeit
copies of Rebel Assault and Myst that were being sold at 25% of the retail
value
-Both men were free on bail
Thursday, 18 October 2012
X Hacking54
HACKING
Contents
~~~~~~~~
This file will be divided into four parts:
Part 1: What is Hacking, A Hacker's Code of Ethics, Basic Hacking Safety
Part 2: Packet Switching Networks: Telenet- How it Works, How to Use it,
Outdials, Network Servers, Private PADs
Part 3: Identifying a Computer, How to Hack In, Operating System
Defaults
Part 4: Conclusion- Final Thoughts, Books to Read, Boards to Call,
Acknowledgements
Part One: The Basics
~~~~~~~~~~~~~~~~~~~~
As long as there have been computers, there have been hackers. In the 50's
at the Massachusets Institute of Technology (MIT), students devoted much time
and energy to ingenious exploration of the computers. Rules and the law were
disregarded in their pursuit for the 'hack'. Just as they were enthralled with
their pursuit of information, so are we. The thrill of the hack is not in
breaking the law, it's in the pursuit and capture of knowledge.
To this end, let me contribute my suggestions for guidelines to follow to
ensure that not only you stay out of trouble, but you pursue your craft without
damaging the computers you hack into or the companies who own them.
I. Do not intentionally damage *any* system.
II. Do not alter any system files other than ones needed to ensure your
escape from detection and your future access (Trojan Horses, Altering
Logs, and the like are all necessary to your survival for as long as
possible.)
III. Do not leave your (or anyone else's) real name, real handle, or real
phone number on any system that you access illegally. They *can* and
will track you down from your handle!
IV. Be careful who you share information with. Feds are getting trickier.
Generally, if you don't know their voice phone number, name, and
occupation or haven't spoken with them voice on non-info trading
conversations, be wary.
V. Do not leave your real phone number to anyone you don't know. This
includes logging on boards, no matter how k-rad they seem. If you
don't know the sysop, leave a note telling some trustworthy people
that will validate you.
VI. Do not hack government computers. Yes, there are government systems
that are safe to hack, but they are few and far between. And the
government has inifitely more time and resources to track you down than
a company who has to make a profit and justify expenses.
VII. Don't use codes unless there is *NO* way around it (you don't have a
local telenet or tymnet outdial and can't connect to anything 800...)
You use codes long enough, you will get caught. Period.
VIII. Don't be afraid to be paranoid. Remember, you *are* breaking the law.
It doesn't hurt to store everything encrypted on your hard disk, or
keep your notes buried in the backyard or in the trunk of your car.
You may feel a little funny, but you'll feel a lot funnier when you
when you meet Bruno, your transvestite cellmate who axed his family to
death.
IX. Watch what you post on boards. Most of the really great hackers in the
country post *nothing* about the system they're currently working
except in the broadest sense (I'm working on a UNIX, or a COSMOS, or
something generic. Not "I'm hacking into General Electric's Voice Mail
System" or something inane and revealing like that.)
X. Don't be afraid to ask questions. That's what more experienced hackers
are for. Don't expect *everything* you ask to be answered, though.
There are some things (LMOS, for instance) that a begining hacker
shouldn't mess with. You'll either get caught, or screw it up for
others, or both.
XI. Finally, you have to actually hack. You can hang out on boards all you
want, and you can read all the text files in the world, but until you
actually start doing it, you'll never know what it's all about. There's
no thrill quite the same as getting into your first system (well, ok,
I can think of a couple of bigger thrills, but you get the picture.)
One of the safest places to start your hacking career is on a computer
system belonging to a college. University computers have notoriously lax
security, and are more used to hackers, as every college computer depart-
ment has one or two, so are less likely to press charges if you should
be detected. But the odds of them detecting you and having the personel to
committ to tracking you down are slim as long as you aren't destructive.
If you are already a college student, this is ideal, as you can legally
explore your computer system to your heart's desire, then go out and look
for similar systems that you can penetrate with confidence, as you're already
familar with them.
So if you just want to get your feet wet, call your local college. Many of
them will provide accounts for local residents at a nominal (under $20) charge.
Finally, if you get caught, stay quiet until you get a lawyer. Don't vol-
unteer any information, no matter what kind of 'deals' they offer you.
Nothing is binding unless you make the deal through your lawyer, so you might
as well shut up and wait.
Part Two: Networks
~~~~~~~~~~~~~~~~~~
The best place to begin hacking (other than a college) is on one of the
bigger networks such as Telenet. Why? First, there is a wide variety of
computers to choose from, from small Micro-Vaxen to huge Crays. Second, the
networks are fairly well documented. It's easier to find someone who can help
you with a problem off of Telenet than it is to find assistance concerning your
local college computer or high school machine. Third, the networks are safer.
Because of the enormous number of calls that are fielded every day by the big
networks, it is not financially practical to keep track of where every call and
connection are made from. It is also very easy to disguise your location using
the network, which makes your hobby much more secure.
Telenet has more computers hooked to it than any other system in the world
once you consider that from Telenet you have access to Tymnet, ItaPAC, JANET,
DATAPAC, SBDN, PandaNet, THEnet, and a whole host of other networks, all of
which you can connect to from your terminal.
The first step that you need to take is to identify your local dialup port.
This is done by dialing 1-800-424-9494 (1200 7E1) and connecting. It will
spout some garbage at you and then you'll get a prompt saying 'TERMINAL='.
This is your terminal type. If you have vt100 emulation, type it in now. Or
just hit return and it will default to dumb terminal mode.
You'll now get a prompt that looks like a @. From here, type @c mail <cr>
and then it will ask for a Username. Enter 'phones' for the username. When it
asks for a password, enter 'phones' again. From this point, it is menu
driven. Use this to locate your local dialup, and call it back locally. If
you don't have a local dialup, then use whatever means you wish to connect to
one long distance (more on this later.)
When you call your local dialup, you will once again go through the
TERMINAL= stuff, and once again you'll be presented with a @. This prompt lets
you know you are connected to a Telenet PAD. PAD stands for either Packet
Assembler/Disassembler (if you talk to an engineer), or Public Access Device
(if you talk to Telenet's marketing people.) The first description is more
correct.
Telenet works by taking the data you enter in on the PAD you dialed into,
bundling it into a 128 byte chunk (normally... this can be changed), and then
transmitting it at speeds ranging from 9600 to 19,200 baud to another PAD, who
then takes the data and hands it down to whatever computer or system it's
connected to. Basically, the PAD allows two computers that have different baud
rates or communication protocols to communicate with each other over a long
distance. Sometimes you'll notice a time lag in the remote machines response.
This is called PAD Delay, and is to be expected when you're sending data
through several different links.
What do you do with this PAD? You use it to connect to remote computer
systems by typing 'C' for connect and then the Network User Address (NUA) of
the system you want to go to.
An NUA takes the form of 031103130002520
\___/\___/\___/
| | |
| | |____ network address
| |_________ area prefix
|______________ DNIC
This is a summary of DNIC's (taken from Blade Runner's file on ItaPAC)
according to their country and network name.
DNIC Network Name Country DNIC Network Name Country
_______________________________________________________________________________
|
02041 Datanet 1 Netherlands | 03110 Telenet USA
02062 DCS Belgium | 03340 Telepac Mexico
02080 Transpac France | 03400 UDTS-Curacau Curacau
02284 Telepac Switzerland | 04251 Isranet Israel
02322 Datex-P Austria | 04401 DDX-P Japan
02329 Radaus Austria | 04408 Venus-P Japan
02342 PSS UK | 04501 Dacom-Net South Korea
02382 Datapak Denmark | 04542 Intelpak Singapore
02402 Datapak Sweden | 05052 Austpac Australia
02405 Telepak Sweden | 05053 Midas Australia
02442 Finpak Finland | 05252 Telepac Hong Kong
02624 Datex-P West Germany | 05301 Pacnet New Zealand
02704 Luxpac Luxembourg | 06550 Saponet South Africa
02724 Eirpak Ireland | 07240 Interdata Brazil
03020 Datapac Canada | 07241 Renpac Brazil
03028 Infogram Canada | 09000 Dialnet USA
03103 ITT/UDTS USA | 07421 Dompac French Guiana
03106 Tymnet USA |
There are two ways to find interesting addresses to connect to. The first
and easiest way is to obtain a copy of the LOD/H Telenet Directory from the
LOD/H Technical Journal #4 or 2600 Magazine. Jester Sluggo also put out a good
list of non-US addresses in Phrack Inc. Newsletter Issue 21. These files will
tell you the NUA, whether it will accept collect calls or not, what type of
computer system it is (if known) and who it belongs to (also if known.)
The second method of locating interesting addresses is to scan for them
manually. On Telenet, you do not have to enter the 03110 DNIC to connect to a
Telenet host. So if you saw that 031104120006140 had a VAX on it you wanted to
look at, you could type @c 412 614 (0's can be ignored most of the time.)
If this node allows collect billed connections, it will say 412 614
CONNECTED and then you'll possibly get an identifying header or just a
Username: prompt. If it doesn't allow collect connections, it will give you a
message such as 412 614 REFUSED COLLECT CONNECTION with some error codes out to
the right, and return you to the @ prompt.
There are two primary ways to get around the REFUSED COLLECT message. The
first is to use a Network User Id (NUI) to connect. An NUI is a username/pw
combination that acts like a charge account on Telenet. To collect to node
412 614 with NUI junk4248, password 525332, I'd type the following:
@c 412 614,junk4248,525332 <---- the 525332 will *not* be echoed to the
screen. The problem with NUI's is that they're hard to come by unless you're
a good social engineer with a thorough knowledge of Telenet (in which case
you probably aren't reading this section), or you have someone who can
provide you with them.
The second way to connect is to use a private PAD, either through an X.25
PAD or through something like Netlink off of a Prime computer (more on these
two below.)
The prefix in a Telenet NUA oftentimes (not always) refers to the phone Area
Code that the computer is located in (i.e. 713 xxx would be a computer in
Houston, Texas.) If there's a particular area you're interested in, (say,
New York City 914), you could begin by typing @c 914 001 <cr>. If it connects,
you make a note of it and go on to 914 002. You do this until you've found
some interesting systems to play with.
Not all systems are on a simple xxx yyy address. Some go out to four or
five digits (914 2354), and some have decimal or numeric extensions
(422 121A = 422 121.01). You have to play with them, and you never know what
you're going to find. To fully scan out a prefix would take ten million
attempts per prefix. For example, if I want to scan 512 completely, I'd have
to start with 512 00000.00 and go through 512 00000.99, then increment the
address by 1 and try 512 00001.00 through 512 00001.99. A lot of scanning.
There are plenty of neat computers to play with in a 3-digit scan, however,
so don't go berserk with the extensions.
Sometimes you'll attempt to connect and it will just be sitting there after
one or two minutes. In this case, you want to abort the connect attempt by
sending a hard break (this varies with different term programs, on Procomm,
it's ALT-B), and then when you get the @ prompt back, type 'D' for disconnect.
If you connect to a computer and wish to disconnect, you can type <cr> @
<cr> and you it should say TELENET and then give you the @ prompt. From there,
type D to disconnect or CONT to re-connect and continue your session
uninterrupted.
Outdials, Network Servers, and PADs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In addition to computers, an NUA may connect you to several other things.
One of the most useful is the outdial. An outdial is nothing more than a modem
you can get to over telenet- similar to the PC Pursuit concept, except that
these don't have passwords on them most of the time.
When you connect, you will get a message like 'Hayes 1200 baud outdial,
Detroit, MI', or 'VEN-TEL 212 Modem', or possibly 'Session 1234 established
on Modem 5588'. The best way to figure out the commands on these is to
type ? or H or HELP- this will get you all the information that you need to
use one.
Safety tip here- when you are hacking *any* system through a phone dialup,
always use an outdial or a diverter, especially if it is a local phone number
to you. More people get popped hacking on local computers than you can
imagine, Intra-LATA calls are the easiest things in the world to trace inexp-
ensively.
Another nice trick you can do with an outdial is use the redial or macro
function that many of them have. First thing you do when you connect is to
invoke the 'Redial Last Number' facility. This will dial the last number used,
which will be the one the person using it before you typed. Write down the
number, as no one would be calling a number without a computer on it. This
is a good way to find new systems to hack. Also, on a VENTEL modem, type 'D'
for Display and it will display the five numbers stored as macros in the
modem's memory.
There are also different types of servers for remote Local Area Networks
(LAN) that have many machine all over the office or the nation connected to
them. I'll discuss identifying these later in the computer ID section.
And finally, you may connect to something that says 'X.25 Communication
PAD' and then some more stuff, followed by a new @ prompt. This is a PAD
just like the one you are on, except that all attempted connections are billed
to the PAD, allowing you to connect to those nodes who earlier refused collect
connections.
This also has the added bonus of confusing where you are connecting from.
When a packet is transmitted from PAD to PAD, it contains a header that has
the location you're calling from. For instance, when you first connected
to Telenet, it might have said 212 44A CONNECTED if you called from the 212
area code. This means you were calling PAD number 44A in the 212 area.
That 21244A will be sent out in the header of all packets leaving the PAD.
Once you connect to a private PAD, however, all the packets going out
from *it* will have it's address on them, not yours. This can be a valuable
buffer between yourself and detection.
Phone Scanning
~~~~~~~~~~~~~~
Finally, there's the time-honored method of computer hunting that was made
famous among the non-hacker crowd by that Oh-So-Technically-Accurate movie
Wargames. You pick a three digit phone prefix in your area and dial every
number from 0000 --> 9999 in that prefix, making a note of all the carriers
you find. There is software available to do this for nearly every computer
in the world, so you don't have to do it by hand.
Part Three: I've Found a Computer, Now What?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This next section is applicable universally. It doesn't matter how you
found this computer, it could be through a network, or it could be from
carrier scanning your High School's phone prefix, you've got this prompt
this prompt, what the hell is it?
I'm *NOT* going to attempt to tell you what to do once you're inside of
any of these operating systems. Each one is worth several G-files in its
own right. I'm going to tell you how to identify and recognize certain
OpSystems, how to approach hacking into them, and how to deal with something
that you've never seen before and have know idea what it is.
VMS- The VAX computer is made by Digital Equipment Corporation (DEC),
and runs the VMS (Virtual Memory System) operating system.
VMS is characterized by the 'Username:' prompt. It will not tell
you if you've entered a valid username or not, and will disconnect
you after three bad login attempts. It also keeps track of all
failed login attempts and informs the owner of the account next time
s/he logs in how many bad login attempts were made on the account.
It is one of the most secure operating systems around from the
outside, but once you're in there are many things that you can do
to circumvent system security. The VAX also has the best set of
help files in the world. Just type HELP and read to your heart's
content.
Common Accounts/Defaults: [username: password [[,password]] ]
SYSTEM: OPERATOR or MANAGER or SYSTEM or SYSLIB
OPERATOR: OPERATOR
SYSTEST: UETP
SYSMAINT: SYSMAINT or SERVICE or DIGITAL
FIELD: FIELD or SERVICE
GUEST: GUEST or unpassworded
DEMO: DEMO or unpassworded
DECNET: DECNET
DEC-10- An earlier line of DEC computer equipment, running the TOPS-10
operating system. These machines are recognized by their
'.' prompt. The DEC-10/20 series are remarkably hacker-friendly,
allowing you to enter several important commands without ever
logging into the system. Accounts are in the format [xxx,yyy] where
xxx and yyy are integers. You can get a listing of the accounts and
the process names of everyone on the system before logging in with
the command .systat (for SYstem STATus). If you seen an account
that reads [234,1001] BOB JONES, it might be wise to try BOB or
JONES or both for a password on this account. To login, you type
.login xxx,yyy and then type the password when prompted for it.
The system will allow you unlimited tries at an account, and does
not keep records of bad login attempts. It will also inform you
if the UIC you're trying (UIC = User Identification Code, 1,2 for
example) is bad.
Common Accounts/Defaults:
1,2: SYSLIB or OPERATOR or MANAGER
2,7: MAINTAIN
5,30: GAMES
UNIX- There are dozens of different machines out there that run UNIX.
While some might argue it isn't the best operating system in the
world, it is certainly the most widely used. A UNIX system will
usually have a prompt like 'login:' in lower case. UNIX also
will give you unlimited shots at logging in (in most cases), and
there is usually no log kept of bad attempts.
Common Accounts/Defaults: (note that some systems are case
sensitive, so use lower case as a general rule. Also, many times
the accounts will be unpassworded, you'll just drop right in!)
root: root
admin: admin
sysadmin: sysadmin or admin
unix: unix
uucp: uucp
rje: rje
guest: guest
demo: demo
daemon: daemon
sysbin: sysbin
Prime- Prime computer company's mainframe running the Primos operating
system. The are easy to spot, as the greet you with
'Primecon 18.23.05' or the like, depending on the version of the
operating system you run into. There will usually be no prompt
offered, it will just look like it's sitting there. At this point,
type 'login <username>'. If it is a pre-18.00.00 version of Primos,
you can hit a bunch of ^C's for the password and you'll drop in.
Unfortunately, most people are running versions 19+. Primos also
comes with a good set of help files. One of the most useful
features of a Prime on Telenet is a facility called NETLINK. Once
you're inside, type NETLINK and follow the help files. This allows
you to connect to NUA's all over the world using the 'nc' command.
For example, to connect to NUA 026245890040004, you would type
@nc :26245890040004 at the netlink prompt.
Common Accounts/Defaults:
PRIME PRIME or PRIMOS
PRIMOS_CS PRIME or PRIMOS
PRIMENET PRIMENET
SYSTEM SYSTEM or PRIME
NETLINK NETLINK
TEST TEST
GUEST GUEST
GUEST1 GUEST
HP-x000- This system is made by Hewlett-Packard. It is characterized by the
':' prompt. The HP has one of the more complicated login sequences
around- you type 'HELLO SESSION NAME,USERNAME,ACCOUNTNAME,GROUP'.
Fortunately, some of these fields can be left blank in many cases.
Since any and all of these fields can be passworded, this is not
the easiest system to get into, except for the fact that there are
usually some unpassworded accounts around. In general, if the
defaults don't work, you'll have to brute force it using the
common password list (see below.) The HP-x000 runs the MPE operat-
ing system, the prompt for it will be a ':', just like the logon
prompt.
Common Accounts/Defaults:
MGR.TELESUP,PUB User: MGR Acct: HPONLY Grp: PUB
MGR.HPOFFICE,PUB unpassworded
MANAGER.ITF3000,PUB unpassworded
FIELD.SUPPORT,PUB user: FLD, others unpassworded
MAIL.TELESUP,PUB user: MAIL, others
unpassworded
MGR.RJE unpassworded
FIELD.HPPl89 ,HPPl87,HPPl89,HPPl96 unpassworded
MGR.TELESUP,PUB,HPONLY,HP3 unpassworded
IRIS- IRIS stands for Interactive Real Time Information System. It orig-
inally ran on PDP-11's, but now runs on many other minis. You can
spot an IRIS by the 'Welcome to "IRIS" R9.1.4 Timesharing' banner,
and the ACCOUNT ID? prompt. IRIS allows unlimited tries at hacking
in, and keeps no logs of bad attempts. I don't know any default
passwords, so just try the common ones from the password database
below.
Common Accounts:
MANAGER
BOSS
SOFTWARE
DEMO
PDP8
PDP11
ACCOUNTING
VM/CMS- The VM/CMS operating system runs in International Business Machines
(IBM) mainframes. When you connect to one of these, you will get
message similar to 'VM/370 ONLINE', and then give you a '.' prompt,
just like TOPS-10 does. To login, you type 'LOGON <username>'.
Common Accounts/Defaults are:
AUTOLOG1: AUTOLOG or AUTOLOG1
CMS: CMS
CMSBATCH: CMS or CMSBATCH
EREP: EREP
MAINT: MAINT or MAINTAIN
OPERATNS: OPERATNS or OPERATOR
OPERATOR: OPERATOR
RSCS: RSCS
SMART: SMART
SNA: SNA
VMTEST: VMTEST
VMUTIL: VMUTIL
VTAM: VTAM
NOS- NOS stands for Networking Operating System, and runs on the Cyber
computer made by Control Data Corporation. NOS identifies itself
quite readily, with a banner of 'WELCOME TO THE NOS SOFTWARE
SYSTEM. COPYRIGHT CONTROL DATA 1978,1987'. The first prompt you
will get will be FAMILY:. Just hit return here. Then you'll get
a USER NAME: prompt. Usernames are typically 7 alpha-numerics
characters long, and are *extremely* site dependent. Operator
accounts begin with a digit, such as 7ETPDOC.
Common Accounts/Defaults:
$SYSTEM unknown
SYSTEMV unknown
Decserver- This is not truly a computer system, but is a network server that
has many different machines available from it. A Decserver will
say 'Enter Username>' when you first connect. This can be anything,
it doesn't matter, it's just an identifier. Type 'c', as this is
the least conspicuous thing to enter. It will then present you
with a 'Local>' prompt. From here, you type 'c <systemname>' to
connect to a system. To get a list of system names, type
'sh services' or 'sh nodes'. If you have any problems, online
help is available with the 'help' command. Be sure and look for
services named 'MODEM' or 'DIAL' or something similar, these are
often outdial modems and can be useful!
GS/1- Another type of network server. Unlike a Decserver, you can't
predict what prompt a GS/1 gateway is going to give you. The
default prompt it 'GS/1>', but this is redifinable by the
system administrator. To test for a GS/1, do a 'sh d'. If that
prints out a large list of defaults (terminal speed, prompt,
parity, etc...), you are on a GS/1. You connect in the same manner
as a Decserver, typing 'c <systemname>'. To find out what systems
are available, do a 'sh n' or a 'sh c'. Another trick is to do a
'sh m', which will sometimes show you a list of macros for logging
onto a system. If there is a macro named VAX, for instance, type
'do VAX'.
The above are the main system types in use today. There are
hundreds of minor variants on the above, but this should be
enough to get you started.
Unresponsive Systems
~~~~~~~~~~~~~~~~~~~~
Occasionally you will connect to a system that will do nothing but sit
there. This is a frustrating feeling, but a methodical approach to the system
will yield a response if you take your time. The following list will usually
make *something* happen.
1) Change your parity, data length, and stop bits. A system that won't re-
spond at 8N1 may react at 7E1 or 8E2 or 7S2. If you don't have a term
program that will let you set parity to EVEN, ODD, SPACE, MARK, and NONE,
with data length of 7 or 8, and 1 or 2 stop bits, go out and buy one.
While having a good term program isn't absolutely necessary, it sure is
helpful.
2) Change baud rates. Again, if your term program will let you choose odd
baud rates such as 600 or 1100, you will occasionally be able to penetrate
some very interesting systems, as most systems that depend on a strange
baud rate seem to think that this is all the security they need...
3) Send a series of <cr>'s.
4) Send a hard break followed by a <cr>.
5) Type a series of .'s (periods). The Canadian network Datapac responds
to this.
6) If you're getting garbage, hit an 'i'. Tymnet responds to this, as does
a MultiLink II.
7) Begin sending control characters, starting with ^A --> ^Z.
8) Change terminal emulations. What your vt100 emulation thinks is garbage
may all of a sudden become crystal clear using ADM-5 emulation. This also
relates to how good your term program is.
9) Type LOGIN, HELLO, LOG, ATTACH, CONNECT, START, RUN, BEGIN, LOGON, GO,
JOIN, HELP, and anything else
Contents
~~~~~~~~
This file will be divided into four parts:
Part 1: What is Hacking, A Hacker's Code of Ethics, Basic Hacking Safety
Part 2: Packet Switching Networks: Telenet- How it Works, How to Use it,
Outdials, Network Servers, Private PADs
Part 3: Identifying a Computer, How to Hack In, Operating System
Defaults
Part 4: Conclusion- Final Thoughts, Books to Read, Boards to Call,
Acknowledgements
Part One: The Basics
~~~~~~~~~~~~~~~~~~~~
As long as there have been computers, there have been hackers. In the 50's
at the Massachusets Institute of Technology (MIT), students devoted much time
and energy to ingenious exploration of the computers. Rules and the law were
disregarded in their pursuit for the 'hack'. Just as they were enthralled with
their pursuit of information, so are we. The thrill of the hack is not in
breaking the law, it's in the pursuit and capture of knowledge.
To this end, let me contribute my suggestions for guidelines to follow to
ensure that not only you stay out of trouble, but you pursue your craft without
damaging the computers you hack into or the companies who own them.
I. Do not intentionally damage *any* system.
II. Do not alter any system files other than ones needed to ensure your
escape from detection and your future access (Trojan Horses, Altering
Logs, and the like are all necessary to your survival for as long as
possible.)
III. Do not leave your (or anyone else's) real name, real handle, or real
phone number on any system that you access illegally. They *can* and
will track you down from your handle!
IV. Be careful who you share information with. Feds are getting trickier.
Generally, if you don't know their voice phone number, name, and
occupation or haven't spoken with them voice on non-info trading
conversations, be wary.
V. Do not leave your real phone number to anyone you don't know. This
includes logging on boards, no matter how k-rad they seem. If you
don't know the sysop, leave a note telling some trustworthy people
that will validate you.
VI. Do not hack government computers. Yes, there are government systems
that are safe to hack, but they are few and far between. And the
government has inifitely more time and resources to track you down than
a company who has to make a profit and justify expenses.
VII. Don't use codes unless there is *NO* way around it (you don't have a
local telenet or tymnet outdial and can't connect to anything 800...)
You use codes long enough, you will get caught. Period.
VIII. Don't be afraid to be paranoid. Remember, you *are* breaking the law.
It doesn't hurt to store everything encrypted on your hard disk, or
keep your notes buried in the backyard or in the trunk of your car.
You may feel a little funny, but you'll feel a lot funnier when you
when you meet Bruno, your transvestite cellmate who axed his family to
death.
IX. Watch what you post on boards. Most of the really great hackers in the
country post *nothing* about the system they're currently working
except in the broadest sense (I'm working on a UNIX, or a COSMOS, or
something generic. Not "I'm hacking into General Electric's Voice Mail
System" or something inane and revealing like that.)
X. Don't be afraid to ask questions. That's what more experienced hackers
are for. Don't expect *everything* you ask to be answered, though.
There are some things (LMOS, for instance) that a begining hacker
shouldn't mess with. You'll either get caught, or screw it up for
others, or both.
XI. Finally, you have to actually hack. You can hang out on boards all you
want, and you can read all the text files in the world, but until you
actually start doing it, you'll never know what it's all about. There's
no thrill quite the same as getting into your first system (well, ok,
I can think of a couple of bigger thrills, but you get the picture.)
One of the safest places to start your hacking career is on a computer
system belonging to a college. University computers have notoriously lax
security, and are more used to hackers, as every college computer depart-
ment has one or two, so are less likely to press charges if you should
be detected. But the odds of them detecting you and having the personel to
committ to tracking you down are slim as long as you aren't destructive.
If you are already a college student, this is ideal, as you can legally
explore your computer system to your heart's desire, then go out and look
for similar systems that you can penetrate with confidence, as you're already
familar with them.
So if you just want to get your feet wet, call your local college. Many of
them will provide accounts for local residents at a nominal (under $20) charge.
Finally, if you get caught, stay quiet until you get a lawyer. Don't vol-
unteer any information, no matter what kind of 'deals' they offer you.
Nothing is binding unless you make the deal through your lawyer, so you might
as well shut up and wait.
Part Two: Networks
~~~~~~~~~~~~~~~~~~
The best place to begin hacking (other than a college) is on one of the
bigger networks such as Telenet. Why? First, there is a wide variety of
computers to choose from, from small Micro-Vaxen to huge Crays. Second, the
networks are fairly well documented. It's easier to find someone who can help
you with a problem off of Telenet than it is to find assistance concerning your
local college computer or high school machine. Third, the networks are safer.
Because of the enormous number of calls that are fielded every day by the big
networks, it is not financially practical to keep track of where every call and
connection are made from. It is also very easy to disguise your location using
the network, which makes your hobby much more secure.
Telenet has more computers hooked to it than any other system in the world
once you consider that from Telenet you have access to Tymnet, ItaPAC, JANET,
DATAPAC, SBDN, PandaNet, THEnet, and a whole host of other networks, all of
which you can connect to from your terminal.
The first step that you need to take is to identify your local dialup port.
This is done by dialing 1-800-424-9494 (1200 7E1) and connecting. It will
spout some garbage at you and then you'll get a prompt saying 'TERMINAL='.
This is your terminal type. If you have vt100 emulation, type it in now. Or
just hit return and it will default to dumb terminal mode.
You'll now get a prompt that looks like a @. From here, type @c mail <cr>
and then it will ask for a Username. Enter 'phones' for the username. When it
asks for a password, enter 'phones' again. From this point, it is menu
driven. Use this to locate your local dialup, and call it back locally. If
you don't have a local dialup, then use whatever means you wish to connect to
one long distance (more on this later.)
When you call your local dialup, you will once again go through the
TERMINAL= stuff, and once again you'll be presented with a @. This prompt lets
you know you are connected to a Telenet PAD. PAD stands for either Packet
Assembler/Disassembler (if you talk to an engineer), or Public Access Device
(if you talk to Telenet's marketing people.) The first description is more
correct.
Telenet works by taking the data you enter in on the PAD you dialed into,
bundling it into a 128 byte chunk (normally... this can be changed), and then
transmitting it at speeds ranging from 9600 to 19,200 baud to another PAD, who
then takes the data and hands it down to whatever computer or system it's
connected to. Basically, the PAD allows two computers that have different baud
rates or communication protocols to communicate with each other over a long
distance. Sometimes you'll notice a time lag in the remote machines response.
This is called PAD Delay, and is to be expected when you're sending data
through several different links.
What do you do with this PAD? You use it to connect to remote computer
systems by typing 'C' for connect and then the Network User Address (NUA) of
the system you want to go to.
An NUA takes the form of 031103130002520
\___/\___/\___/
| | |
| | |____ network address
| |_________ area prefix
|______________ DNIC
This is a summary of DNIC's (taken from Blade Runner's file on ItaPAC)
according to their country and network name.
DNIC Network Name Country DNIC Network Name Country
_______________________________________________________________________________
|
02041 Datanet 1 Netherlands | 03110 Telenet USA
02062 DCS Belgium | 03340 Telepac Mexico
02080 Transpac France | 03400 UDTS-Curacau Curacau
02284 Telepac Switzerland | 04251 Isranet Israel
02322 Datex-P Austria | 04401 DDX-P Japan
02329 Radaus Austria | 04408 Venus-P Japan
02342 PSS UK | 04501 Dacom-Net South Korea
02382 Datapak Denmark | 04542 Intelpak Singapore
02402 Datapak Sweden | 05052 Austpac Australia
02405 Telepak Sweden | 05053 Midas Australia
02442 Finpak Finland | 05252 Telepac Hong Kong
02624 Datex-P West Germany | 05301 Pacnet New Zealand
02704 Luxpac Luxembourg | 06550 Saponet South Africa
02724 Eirpak Ireland | 07240 Interdata Brazil
03020 Datapac Canada | 07241 Renpac Brazil
03028 Infogram Canada | 09000 Dialnet USA
03103 ITT/UDTS USA | 07421 Dompac French Guiana
03106 Tymnet USA |
There are two ways to find interesting addresses to connect to. The first
and easiest way is to obtain a copy of the LOD/H Telenet Directory from the
LOD/H Technical Journal #4 or 2600 Magazine. Jester Sluggo also put out a good
list of non-US addresses in Phrack Inc. Newsletter Issue 21. These files will
tell you the NUA, whether it will accept collect calls or not, what type of
computer system it is (if known) and who it belongs to (also if known.)
The second method of locating interesting addresses is to scan for them
manually. On Telenet, you do not have to enter the 03110 DNIC to connect to a
Telenet host. So if you saw that 031104120006140 had a VAX on it you wanted to
look at, you could type @c 412 614 (0's can be ignored most of the time.)
If this node allows collect billed connections, it will say 412 614
CONNECTED and then you'll possibly get an identifying header or just a
Username: prompt. If it doesn't allow collect connections, it will give you a
message such as 412 614 REFUSED COLLECT CONNECTION with some error codes out to
the right, and return you to the @ prompt.
There are two primary ways to get around the REFUSED COLLECT message. The
first is to use a Network User Id (NUI) to connect. An NUI is a username/pw
combination that acts like a charge account on Telenet. To collect to node
412 614 with NUI junk4248, password 525332, I'd type the following:
@c 412 614,junk4248,525332 <---- the 525332 will *not* be echoed to the
screen. The problem with NUI's is that they're hard to come by unless you're
a good social engineer with a thorough knowledge of Telenet (in which case
you probably aren't reading this section), or you have someone who can
provide you with them.
The second way to connect is to use a private PAD, either through an X.25
PAD or through something like Netlink off of a Prime computer (more on these
two below.)
The prefix in a Telenet NUA oftentimes (not always) refers to the phone Area
Code that the computer is located in (i.e. 713 xxx would be a computer in
Houston, Texas.) If there's a particular area you're interested in, (say,
New York City 914), you could begin by typing @c 914 001 <cr>. If it connects,
you make a note of it and go on to 914 002. You do this until you've found
some interesting systems to play with.
Not all systems are on a simple xxx yyy address. Some go out to four or
five digits (914 2354), and some have decimal or numeric extensions
(422 121A = 422 121.01). You have to play with them, and you never know what
you're going to find. To fully scan out a prefix would take ten million
attempts per prefix. For example, if I want to scan 512 completely, I'd have
to start with 512 00000.00 and go through 512 00000.99, then increment the
address by 1 and try 512 00001.00 through 512 00001.99. A lot of scanning.
There are plenty of neat computers to play with in a 3-digit scan, however,
so don't go berserk with the extensions.
Sometimes you'll attempt to connect and it will just be sitting there after
one or two minutes. In this case, you want to abort the connect attempt by
sending a hard break (this varies with different term programs, on Procomm,
it's ALT-B), and then when you get the @ prompt back, type 'D' for disconnect.
If you connect to a computer and wish to disconnect, you can type <cr> @
<cr> and you it should say TELENET and then give you the @ prompt. From there,
type D to disconnect or CONT to re-connect and continue your session
uninterrupted.
Outdials, Network Servers, and PADs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In addition to computers, an NUA may connect you to several other things.
One of the most useful is the outdial. An outdial is nothing more than a modem
you can get to over telenet- similar to the PC Pursuit concept, except that
these don't have passwords on them most of the time.
When you connect, you will get a message like 'Hayes 1200 baud outdial,
Detroit, MI', or 'VEN-TEL 212 Modem', or possibly 'Session 1234 established
on Modem 5588'. The best way to figure out the commands on these is to
type ? or H or HELP- this will get you all the information that you need to
use one.
Safety tip here- when you are hacking *any* system through a phone dialup,
always use an outdial or a diverter, especially if it is a local phone number
to you. More people get popped hacking on local computers than you can
imagine, Intra-LATA calls are the easiest things in the world to trace inexp-
ensively.
Another nice trick you can do with an outdial is use the redial or macro
function that many of them have. First thing you do when you connect is to
invoke the 'Redial Last Number' facility. This will dial the last number used,
which will be the one the person using it before you typed. Write down the
number, as no one would be calling a number without a computer on it. This
is a good way to find new systems to hack. Also, on a VENTEL modem, type 'D'
for Display and it will display the five numbers stored as macros in the
modem's memory.
There are also different types of servers for remote Local Area Networks
(LAN) that have many machine all over the office or the nation connected to
them. I'll discuss identifying these later in the computer ID section.
And finally, you may connect to something that says 'X.25 Communication
PAD' and then some more stuff, followed by a new @ prompt. This is a PAD
just like the one you are on, except that all attempted connections are billed
to the PAD, allowing you to connect to those nodes who earlier refused collect
connections.
This also has the added bonus of confusing where you are connecting from.
When a packet is transmitted from PAD to PAD, it contains a header that has
the location you're calling from. For instance, when you first connected
to Telenet, it might have said 212 44A CONNECTED if you called from the 212
area code. This means you were calling PAD number 44A in the 212 area.
That 21244A will be sent out in the header of all packets leaving the PAD.
Once you connect to a private PAD, however, all the packets going out
from *it* will have it's address on them, not yours. This can be a valuable
buffer between yourself and detection.
Phone Scanning
~~~~~~~~~~~~~~
Finally, there's the time-honored method of computer hunting that was made
famous among the non-hacker crowd by that Oh-So-Technically-Accurate movie
Wargames. You pick a three digit phone prefix in your area and dial every
number from 0000 --> 9999 in that prefix, making a note of all the carriers
you find. There is software available to do this for nearly every computer
in the world, so you don't have to do it by hand.
Part Three: I've Found a Computer, Now What?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This next section is applicable universally. It doesn't matter how you
found this computer, it could be through a network, or it could be from
carrier scanning your High School's phone prefix, you've got this prompt
this prompt, what the hell is it?
I'm *NOT* going to attempt to tell you what to do once you're inside of
any of these operating systems. Each one is worth several G-files in its
own right. I'm going to tell you how to identify and recognize certain
OpSystems, how to approach hacking into them, and how to deal with something
that you've never seen before and have know idea what it is.
VMS- The VAX computer is made by Digital Equipment Corporation (DEC),
and runs the VMS (Virtual Memory System) operating system.
VMS is characterized by the 'Username:' prompt. It will not tell
you if you've entered a valid username or not, and will disconnect
you after three bad login attempts. It also keeps track of all
failed login attempts and informs the owner of the account next time
s/he logs in how many bad login attempts were made on the account.
It is one of the most secure operating systems around from the
outside, but once you're in there are many things that you can do
to circumvent system security. The VAX also has the best set of
help files in the world. Just type HELP and read to your heart's
content.
Common Accounts/Defaults: [username: password [[,password]] ]
SYSTEM: OPERATOR or MANAGER or SYSTEM or SYSLIB
OPERATOR: OPERATOR
SYSTEST: UETP
SYSMAINT: SYSMAINT or SERVICE or DIGITAL
FIELD: FIELD or SERVICE
GUEST: GUEST or unpassworded
DEMO: DEMO or unpassworded
DECNET: DECNET
DEC-10- An earlier line of DEC computer equipment, running the TOPS-10
operating system. These machines are recognized by their
'.' prompt. The DEC-10/20 series are remarkably hacker-friendly,
allowing you to enter several important commands without ever
logging into the system. Accounts are in the format [xxx,yyy] where
xxx and yyy are integers. You can get a listing of the accounts and
the process names of everyone on the system before logging in with
the command .systat (for SYstem STATus). If you seen an account
that reads [234,1001] BOB JONES, it might be wise to try BOB or
JONES or both for a password on this account. To login, you type
.login xxx,yyy and then type the password when prompted for it.
The system will allow you unlimited tries at an account, and does
not keep records of bad login attempts. It will also inform you
if the UIC you're trying (UIC = User Identification Code, 1,2 for
example) is bad.
Common Accounts/Defaults:
1,2: SYSLIB or OPERATOR or MANAGER
2,7: MAINTAIN
5,30: GAMES
UNIX- There are dozens of different machines out there that run UNIX.
While some might argue it isn't the best operating system in the
world, it is certainly the most widely used. A UNIX system will
usually have a prompt like 'login:' in lower case. UNIX also
will give you unlimited shots at logging in (in most cases), and
there is usually no log kept of bad attempts.
Common Accounts/Defaults: (note that some systems are case
sensitive, so use lower case as a general rule. Also, many times
the accounts will be unpassworded, you'll just drop right in!)
root: root
admin: admin
sysadmin: sysadmin or admin
unix: unix
uucp: uucp
rje: rje
guest: guest
demo: demo
daemon: daemon
sysbin: sysbin
Prime- Prime computer company's mainframe running the Primos operating
system. The are easy to spot, as the greet you with
'Primecon 18.23.05' or the like, depending on the version of the
operating system you run into. There will usually be no prompt
offered, it will just look like it's sitting there. At this point,
type 'login <username>'. If it is a pre-18.00.00 version of Primos,
you can hit a bunch of ^C's for the password and you'll drop in.
Unfortunately, most people are running versions 19+. Primos also
comes with a good set of help files. One of the most useful
features of a Prime on Telenet is a facility called NETLINK. Once
you're inside, type NETLINK and follow the help files. This allows
you to connect to NUA's all over the world using the 'nc' command.
For example, to connect to NUA 026245890040004, you would type
@nc :26245890040004 at the netlink prompt.
Common Accounts/Defaults:
PRIME PRIME or PRIMOS
PRIMOS_CS PRIME or PRIMOS
PRIMENET PRIMENET
SYSTEM SYSTEM or PRIME
NETLINK NETLINK
TEST TEST
GUEST GUEST
GUEST1 GUEST
HP-x000- This system is made by Hewlett-Packard. It is characterized by the
':' prompt. The HP has one of the more complicated login sequences
around- you type 'HELLO SESSION NAME,USERNAME,ACCOUNTNAME,GROUP'.
Fortunately, some of these fields can be left blank in many cases.
Since any and all of these fields can be passworded, this is not
the easiest system to get into, except for the fact that there are
usually some unpassworded accounts around. In general, if the
defaults don't work, you'll have to brute force it using the
common password list (see below.) The HP-x000 runs the MPE operat-
ing system, the prompt for it will be a ':', just like the logon
prompt.
Common Accounts/Defaults:
MGR.TELESUP,PUB User: MGR Acct: HPONLY Grp: PUB
MGR.HPOFFICE,PUB unpassworded
MANAGER.ITF3000,PUB unpassworded
FIELD.SUPPORT,PUB user: FLD, others unpassworded
MAIL.TELESUP,PUB user: MAIL, others
unpassworded
MGR.RJE unpassworded
FIELD.HPPl89 ,HPPl87,HPPl89,HPPl96 unpassworded
MGR.TELESUP,PUB,HPONLY,HP3 unpassworded
IRIS- IRIS stands for Interactive Real Time Information System. It orig-
inally ran on PDP-11's, but now runs on many other minis. You can
spot an IRIS by the 'Welcome to "IRIS" R9.1.4 Timesharing' banner,
and the ACCOUNT ID? prompt. IRIS allows unlimited tries at hacking
in, and keeps no logs of bad attempts. I don't know any default
passwords, so just try the common ones from the password database
below.
Common Accounts:
MANAGER
BOSS
SOFTWARE
DEMO
PDP8
PDP11
ACCOUNTING
VM/CMS- The VM/CMS operating system runs in International Business Machines
(IBM) mainframes. When you connect to one of these, you will get
message similar to 'VM/370 ONLINE', and then give you a '.' prompt,
just like TOPS-10 does. To login, you type 'LOGON <username>'.
Common Accounts/Defaults are:
AUTOLOG1: AUTOLOG or AUTOLOG1
CMS: CMS
CMSBATCH: CMS or CMSBATCH
EREP: EREP
MAINT: MAINT or MAINTAIN
OPERATNS: OPERATNS or OPERATOR
OPERATOR: OPERATOR
RSCS: RSCS
SMART: SMART
SNA: SNA
VMTEST: VMTEST
VMUTIL: VMUTIL
VTAM: VTAM
NOS- NOS stands for Networking Operating System, and runs on the Cyber
computer made by Control Data Corporation. NOS identifies itself
quite readily, with a banner of 'WELCOME TO THE NOS SOFTWARE
SYSTEM. COPYRIGHT CONTROL DATA 1978,1987'. The first prompt you
will get will be FAMILY:. Just hit return here. Then you'll get
a USER NAME: prompt. Usernames are typically 7 alpha-numerics
characters long, and are *extremely* site dependent. Operator
accounts begin with a digit, such as 7ETPDOC.
Common Accounts/Defaults:
$SYSTEM unknown
SYSTEMV unknown
Decserver- This is not truly a computer system, but is a network server that
has many different machines available from it. A Decserver will
say 'Enter Username>' when you first connect. This can be anything,
it doesn't matter, it's just an identifier. Type 'c', as this is
the least conspicuous thing to enter. It will then present you
with a 'Local>' prompt. From here, you type 'c <systemname>' to
connect to a system. To get a list of system names, type
'sh services' or 'sh nodes'. If you have any problems, online
help is available with the 'help' command. Be sure and look for
services named 'MODEM' or 'DIAL' or something similar, these are
often outdial modems and can be useful!
GS/1- Another type of network server. Unlike a Decserver, you can't
predict what prompt a GS/1 gateway is going to give you. The
default prompt it 'GS/1>', but this is redifinable by the
system administrator. To test for a GS/1, do a 'sh d'. If that
prints out a large list of defaults (terminal speed, prompt,
parity, etc...), you are on a GS/1. You connect in the same manner
as a Decserver, typing 'c <systemname>'. To find out what systems
are available, do a 'sh n' or a 'sh c'. Another trick is to do a
'sh m', which will sometimes show you a list of macros for logging
onto a system. If there is a macro named VAX, for instance, type
'do VAX'.
The above are the main system types in use today. There are
hundreds of minor variants on the above, but this should be
enough to get you started.
Unresponsive Systems
~~~~~~~~~~~~~~~~~~~~
Occasionally you will connect to a system that will do nothing but sit
there. This is a frustrating feeling, but a methodical approach to the system
will yield a response if you take your time. The following list will usually
make *something* happen.
1) Change your parity, data length, and stop bits. A system that won't re-
spond at 8N1 may react at 7E1 or 8E2 or 7S2. If you don't have a term
program that will let you set parity to EVEN, ODD, SPACE, MARK, and NONE,
with data length of 7 or 8, and 1 or 2 stop bits, go out and buy one.
While having a good term program isn't absolutely necessary, it sure is
helpful.
2) Change baud rates. Again, if your term program will let you choose odd
baud rates such as 600 or 1100, you will occasionally be able to penetrate
some very interesting systems, as most systems that depend on a strange
baud rate seem to think that this is all the security they need...
3) Send a series of <cr>'s.
4) Send a hard break followed by a <cr>.
5) Type a series of .'s (periods). The Canadian network Datapac responds
to this.
6) If you're getting garbage, hit an 'i'. Tymnet responds to this, as does
a MultiLink II.
7) Begin sending control characters, starting with ^A --> ^Z.
8) Change terminal emulations. What your vt100 emulation thinks is garbage
may all of a sudden become crystal clear using ADM-5 emulation. This also
relates to how good your term program is.
9) Type LOGIN, HELLO, LOG, ATTACH, CONNECT, START, RUN, BEGIN, LOGON, GO,
JOIN, HELP, and anything else
Windows NT vs Unix as an operating system
Evolution & Development History
In the late 1960s a combined project between researchers at MIT, Bell Labs and General Electric led to the design of a third generation of computer operating system known as MULTICS (MULTiplexed Information and Computing Service). It was envisaged as a computer utility, a machine that would support hundreds of simultaneous timesharing users. They envisaged one huge machine providing computing power for everyone in Boston. The idea that machines as powerful as their GE-645 would be sold as personal computers costing only a few thousand dollars only 20 years later would have seemed like science fiction to them. However MULTICS proved more difficult than imagined to implement and Bell Labs withdrew from the project in 1969 as did General Electric, dropping out of the computer business altogether.
One of the Bell Labs researchers (Ken Thompson) then decided to rewrite a stripped down version of MULTICS, initially as a hobby. He used a PDP-7 minicomputer that no was using and wrote the code in assembly. It was initially a stripped down, single user version of MULTICS but Thompson actually got the system to work and one of his colleagues jokingly called it UNICS (UNiplexed Information and Computing Service). The name stuck but the spelling was later changed to UNIX. Soon Thompson was joined on the project by Dennis Richie and later by his entire department.
UNIX was moved from the now obsolete PDP-7 to the much more modern PDP-11/20 and then later to the PDP-11/45 and PDP-11/70. These two latter computers had large memories as well as memory protection hardware, making it possible to support multiple users at the same time. Thompson then decided to rewrite UNIX in a high-level language called B. Unfortunately this attempt was not successful and Richie designed a successor to B called C. Together, Thompson and Richie rewrote UNIX in C and subsequently C has dominated system programming ever since. In 1974, Thompson and Richie published a paper about UNIX and this publication stimulated many universities to ask Bell Labs for a copy of UNIX. As it happened the PDP-11 was the computer of choice at nearly all university computer science departments and the operating systems that came with this computer was widely regarded as being dreadful and hence UNIX quickly came to replace them. The version that first became the standard in universities was Version 6 and within a few years this was replaced by Version 7. By the mid 1980s, UNIX was in widespread use on minicomputers and engineering workstations from a variety of vendors.
In 1984, AT&T released the first commercial version of UNIX, System III, based on Version 7. Over a number of years this was improved and upgraded to System V. Meanwhile the University of California at Berkeley modified the original Version 6 substantially. They called their version 1BSD (First Berkeley Software Distribution). This was modified over time to 4BSD and improvements were made such as the use of paging, file names longer than 14 characters and a new networking protocol, TCP/IP. Some computer vendors like DEC and Sun Microsystems based their version of UNIX on Berkeley's rather than AT&T's. There was a few attempts to standardise UNIX in the late 1980s, but only the POSIX committee had any real success, and this was limited.
During the 1980s, most computing environments became much more heterogeneous, and customers began to ask for greater application portability and interoperability from systems and software vendors. Many customers turned to UNIX to help address those concerns and systems vendors gradually began to offer commercial UNIX-based systems. UNIX was a portable operating system whose source could easily be licensed, and it had already established a reputation and a small but loyal customer base among R&D organisations and universities. Most vendors licensed source bases from either the University of California at Berkeley or AT&T(r) (two completely different source bases). Licensees extensively modified the source and tightly coupled them to their own systems architectures to produce as many as 100 proprietary UNIX variants. Most of these systems were (and still are) neither source nor binary compatible with one another, and most are hardware specific.
With the emergence of RISC technology and the breakup of AT&T, the UNIX systems category began to grow significantly during the 1980s. The term "open systems" was coined. Customers began demanding better portability and interoperability between the many incompatible UNIX variants. Over the years, a variety of coalitions (e.g. UNIX International) were formed to try to gain control over and consolidate the UNIX systems category, but their success was always limited. Gradually, the industry turned to standards as a way of achieving the portability and interoperability benefits that customers wanted. However, UNIX standards and standards organisations proliferated (just as vendor coalitions had), resulting in more confusion and aggravation for UNIX customers.
The UNIX systems category is primarily an application-driven systems category, not an operating systems category. Customers choose an application first-for example, a high-end CAD package-then find out which different systems it runs on, and select one. The final selection involves a variety of criteria, such as price/performance, service, and support. Customers generally don't choose UNIX itself, or which UNIX variant they want. UNIX just comes with the package when they buy a system to run their chosen applications.
The UNIX category can be divided into technical and business markets: 87% of technical UNIX systems purchased are RISC workstations purchased to run specific technical applications; 74% of business UNIX systems sold are multiuser/server/midrange systems, primarily for running line-of-business or vertical market applications.
The UNIX systems category is extremely fragmented. Only two vendors have more than a 10% share of UNIX variant license shipments (Sun(r) and SCO); 12 of the top 15 vendors have shares of 5% or less (based on actual 1991 unit shipments, source: IDC). This fragmentation reflects the fact that most customers who end up buying UNIX are not actually choosing UNIX itself, so most UNIX variants have small and not very committed customer bases.
Operating System Architecture
Windows NT was designed with the goal of maintaining compatibility with applications written for MS-DOS, Windows for MS-DOS, OS/2, and POSIX. This was an ambitious goal, because it meant that Windows NT would have to provide the applications with the application programming interfaces (API) and the execution environments that their native operating systems would normally provide. The Windows NT developers accomplished their compatibility goal by implementing a suite of operating system environment emulators, called environment subsystems. The emulators form an intermediate layer between user applications and the underlying NT operating system core.
User applications and environment subsystems work together in a client/server relationship. Each environment subsystem acts as a server that supports the application programming interfaces of a different operating system . Each user application acts as the client of an environment subsystem because it uses the application programming interface provided by the subsystem. Client applications and environment subsystem servers communicate with each other using a message-based protocol.
At the core of the Windows NT operating system is a collection of operating system components called the NT Executive. The executive's components work together to form a highly sophisticated, general purpose operating system. They provide mechanisms for:
Interprocess communication.
Pre-emptive multitasking.
Symmetric multiprocessing.
Virtual memory management.
Device Input/Output.
Security.
Each component of the executive provides a set of functions, commonly referred to as native services or executive services. Collectively, these services form the application programming interface (API) of the NT executive.
Environment subsystems are applications that call NT executive services. Each one emulates a different operating system environment. For example, the OS/2 environment subsystem supports all of the application programming interface functions used by OS/2 character mode applications. It provides these applications with an execution environment that looks and acts like a native OS/2 system. Internally, environment subsystems call NT executive services to do most of their work. The NT executive services provide general-purpose mechanisms for doing most operating system tasks. However the subsystems must implement any features that are unique to the their operating system environments.
User applications, like environment subsystems, are run on the NT Executive. Unlike environment subsystems, user applications do not directly call executive services. Instead, they call application programming interfaces provided by the environment subsystems. The subsystems then call executive services as needed to implement their application programming interface functions.
Windows NT presents users with an interface that looks like that of Windows 3.1. This user interface is provided by Windows NT's 32-bit Windows subsystem (Win32). The Win32 subsystem has exclusive responsibility for displaying output on the system's monitor and managing user input. Architecturally, this means that the other environment subsystems must call Win32 subsystem functions to produce output on the display. It also means that the Win32 subsystem must pass user input actions to the other environment subsystems when the user interacts with their windows.
Windows NT does not maintain compatibility with device drivers written for MS-DOS or Windows for MS-DOS. Instead, it adopts a new layered device-driver architecture that provides many advantages in terms of flexibility, maintainability, and portability. Windows NT's device driver architecture requires that new drivers be written before Windows NT can be compatible with existing hardware. While writing new drivers involves a lot of development effort on the part of Microsoft and independent hardware vendors (IHV), most of the hardware devices supported by Windows for MS-DOS will be supported by new drivers shipped with the final Windows NT product.
The device driver architecture is modular in design. It allows big (monolithic) device drivers to be broken up into layers of smaller independent device drivers. A driver that provides common functionality must only be written once. Drivers in adjacent layers can then simply call the common device driver to get their work done. Adding support for new devices is easier under Windows NT than most operating systems because only the hardware-specific drivers need to be rewritten.
Windows NT's new device driver architecture provides a structure on top of which compatibility with existing installable file systems (for example, FAT and HPFS) and existing networks (for example, Novell and Banyan Vines) was relatively easy to achieve. File systems and network redirectors are implemented as layered drivers that plug easily into the new Windows NT device driver architecture.
In any Windows NT multiprocessor platform, the following conditions must hold:
All CPUs are identical, and either all have identical coprocessors or none has a coprocessor.
All CPUs share memory and have uniform access to memory.
In a symmetric platform, every CPU can access memory, take an interrupt, and access I/O control registers. In an asymmetric platform, one CPU takes all interrupts for a set of slave CPUs.
Windows NT is designed to run unchanged on uniprocessor and symmetric multiprocessor platforms
A UNIX system can be regarded as hierarchical in nature. At the highest level is the physical hardware, consisting of the CPU or CPUs, memory and disk storage, terminals and other devices.
On the next layer is the UNIX operating system itself. The function of the operating system is to allow access to and control the hardware and provide an interface that other software can use to access the hardware resources within the machine, without having to have complete knowledge of what the machine contains. These system calls allow user programs to create and manage processes, files and other resources. Programs make system calls by loading arguments into memory registers and then issuing trap instructions to switch from user mode to kernel mode to start up UNIX. Since there is no way to trap instructions in C, a standard library is provided on top of the operating system, with one procedure per system call.
The next layer consists of the standard utility programs, such as the shell, editors, compilers, etc., and it is these programs that a user at a terminal invokes. They use the operating system to access the hardware to perform their functions and generally are able to run on different hardware configurations without specific knowledge of them.
There are two main parts to the UNIX kernel which are more or less distinguishable. At the lowest level is the machine dependent kernel. This is a piece of code which consists of the interrupt handlers, the low-level I/O system device drivers and some of the memory management software. As with most of the Unix operating system it is mostly written in C, but since it interacts directly with the machine and processor specific hardware, it has to be rewritten from scratch whenever UNIX is ported to a new machine. This kernel uses the lowest level machine instructions for the processor which is why it must be changed for each different processor.
In contrast, the machine independent kernel runs the same on all machine types because it is not as closely reliant on any specific piece of hardware it is running on. The machine independent code includes system call handling, process management, scheduling, pipes, signals, memory paging and memory swapping functions, the file system and the higher level part of the I/O system. The machine independent part of the kernel is by far the larger of the two sections, which is why it UNIX can be ported to new hardware with relative ease.
Unix does not use the DOS and Windows idea of independently loaded device drivers for each additional hardware item that is not under BIOS control in the machine which is why it must be recompiled whenever hardware is added or removed, the kernel needing to be updated with the new information. This is the equivalent of adding a device driver to a configuration file in DOS or Windows and then rebooting the machine. It is however a longer process to undertake.
Memory Management
Windows NT provides a flat 32-bit address space, half of which is reserved for the OS, and half available to the process. This provides a separate 2 gigabytes of demand-paged virtual memory per process. This memory is accessible to the software developer through the usual malloc() and free() memory allocation and deallocation routines, as well as some advanced Windows NT-specific mechanisms.
For a programmer desiring greater functionality for memory control, Windows NT also provides Virtual and Heap memory management APIs.
The advantage of using the virtual memory programming interface (VirtualAlloc(), VirtualLock(), VirtualQuery(), etc.) is that the developer has much more control over whether backing store (memory committed in the paging (swap) file to handle physical memory overcommitment) is explicitly marked, and removed from the available pool of free blocks. With malloc(), every call is assumed to require the memory to be available upon return from the function call to be used. With VirtualAlloc() and related functions, the memory is reserved, but not committed, until the page on which an access occurs is touched. By allowing the application to control the commitment policy through access, less system resources are used. The trade-off is that the application must also be able to handle the condition (presumably with structured exception handling) of an actual memory access forcing commitment.
Heap APIs are provided to make life easier for applications with memory-using stack discipline. Multiple heaps can be initialised, each growing/shrinking with subsequent accesses. Synchronisation of access to allocated heaps can be done either explicitly through Windows NT synchronisation objects, or by using an appropriate parameter at the creation of a heap. All access to memory in that particular heap is synchronised between threads in the process.
Memory-mapped files are also provided in Windows NT. This provides a convenient way to access disk data as memory, with the Windows NT kernel managing paging. This memory may be shared between processes by using CreateFileMapping() followed by MapViewOfFile().
Windows NT provides thread local storage (TLS) to accommodate the needs of multithreaded applications. Each thread of a subprocess has its own stack, and may have its own memory to keep various information.
Windows NT is the first operating system to provide a consistent multithreading API across multiple platforms. A thread is unit of execution in a process context that shares a global memory state with other threads in that context (if any). When a process is created in Windows NT, memory is allocated for it, a state is set up in the system, and a thread object is created. To start a thread in a currently executing process, the CreateThread() call is used as a function pointer is passed in through lpStartAddr; this address may be any valid procedure address in an application.
Windows NT supports a number of different types of multiprocessing hardware. On these designs, it's possible for different processors to be running different threads an application simultaneously. Take care to use threads in an application to synchronise access to common resources between threads. Fortunately, Windows NT has very rich synchronisation facilities.
Most UNIX developers don't use threads in their applications since support is not consistent between UNIX platforms.
Handles don't have a direct mapping from UNIX; however, they're very important to Win32 applications and deserve discussion. When kernel objects (such as threads, processes, files, semaphores, mutexes, events, pipes, mailslots, and communications devices) are created or opened using the Win32 API, a HANDLE is returned. This handle is a 32-bit quantity that is an index into a handle table specific to that process. Handles have associated ACLs, or Access Control Lists, that Windows NT uses to check against the security credentials of the process. Handles can be obtained by explicitly creating them (usually when an object is created), as the result of an open operation (e.g. OpenEvent()) on a named object in the system, inherited as the result of a CreateProcess() operation (a child process inherits an open handle from its parent process if inheritance was specified when the original handle was created and if the child process was created with the "inherit handles" flag set), or "given away" by DuplicateHandle(). It is important to note that unless one of these mechanisms is used, a handle will be meaningless in the context of a process.
For example, suppose process 1 calls CreateEvent() to return a handle that happens to have the ordinal value 0x1FFE. This event will be used to co-ordinate an operation between different processes. Process 2 must somehow get a handle to the event that process 1 created. If process 1 somehow "conjures" that the right value to use is 0x1FFE, it still won't have access to the event created by process 1, since that handle value means nothing in the context of process 2. If instead, process 1 calls DuplicateHandle()with the handle of process 2 (acquired through calling OpenProcess() with the integral id of process 2), a handle that can be used by process 2 is created. This handle value can be communicated back to process 1 through some IPC mechanism.
Handles that are used for synchronisation (semaphores, mutexes, events) as well as those that may be involved in asynchronous I/O (named pipes, files, communications) may be used with WaitForObject() and WaitForMultipleObject(), which are functionally similar to the select() call in UNIX.
Prior to 3BSD most UNIX systems were based on swapping. When more processes existed than could be kept in physical memory, some of them were swapped out to disk or drum storage. A swapped out process was always swapped out in its entirety and hence any current process was always either in memory or on disk as a complete unit.
All movement between memory and disk was handled by the upper level of a split level scheduler, known as the (memory) swapper. Swapping from memory to disk was initiated when the kernel ran out of free physical memory.
In order to choose a victim to evict, the swapper would first look at the processes that were being blocked by having to wait for something such as terminal input or a print job to respond. If more than one process was found, that process whose priority plus residence time was the highest was chosen as a candidate for swapping to disk. Thus a process that had consumed a large amount of CPU time recently was a good candidate, as was one that had been in memory a long time, even if it was mostly doing I/O. If no blocked process was available in memory then a ready process was chosen based on the same criteria of priority plus residence time.
Starting with 3BSD, memory paging was added to the operating system to handle the ever larger programs that were being written. Both 4BSD and System V implemented demand paging in a similar fashion. The theory of demand paging is that a process need not necessarily be entirely resident in memory in order to continue execution. All that is actually required is the user structure and the page tables. If these are swapped into memory, the process is then deemed to be sufficiently in memory and can be scheduled to execute. The pages of the text, data and stack segments are brought in dynamically, one at a time, as they are referenced, thus leaving memory free for other tasks rather than filling it with tables of data which may be referenced only once. If the user structure and page table are not in memory, the process cannot be executed until the swapper swaps them into memory from disk.
Paging is implemented partly by the main kernel and partly by a process called the page daemon. Like all daemons, the page daemon is started up periodically so that it can look around to see if there is any work for it to do. If it discovers that the number of free pages in memory is too low, it initiates action to free up more pages.
When a process is started it may cause a page fault due to one of its pages is not being resident in memory. When a page fault occurs, the operating system takes the first page frame free on the list of page frames, removes it from the list and reads the needed page into it. If the free page frame list is empty, the process must be suspended until the page daemon has had time to free a page frame from another process.
The page replacement algorithm is executed by the page daemon. At a set interval (commonly 250 millisec but varying from system to system) it is activated to see if the number of free page frames is at least equal to a system parameter known as lotsfree (typically set to 1/4 of memory). If there are insufficient page frames, the page daemon will start transferring pages from memory to disk until the lotsfree parameter value of page frames are available. Alternatively, if the page daemon discovers that more than lotsfree page frames are on the free list, it has no need to perform any function and terminates until its next call by the system. If the machine has plenty of memory and few active processes, it will be inactive for most of the time.
The page daemon uses a modified version of the clock algorithm. It is a global algorithm, which means that when removing a page it does not take into account whose page is being removed. Thus the number of pages each process has assigned to it varies in time, depending both on its own requirements and other process requirements. The size of the data segment may vary depending upon what has been requested, the operating system tracking allocated and unallocated memory blocks while the memalloc function manages the content of the data segment.
Process Management, Inter-process Communication and Control
The Windows NT process model differs from that of UNIX in a number of aspects, including process groups, terminal groups, setuid, memory layout, etc. For some programs, such as shells, a re-architecture of certain portions of the code is inevitable. Fortunately, most applications don't inherently rely on the specific semantics of UNIX processes, since even this differs between UNIX versions.
Quoting from the online help provided with the Windows NT SDK:
Win32 exposes processes and threads of execution within a process as objects. Functions exist to create, manipulate, and delete these objects.
A process object represents a virtual address space, a security profile, a set of threads that execute in the address space of the process, and a set of resources or objects visible to all threads executing in the process. A thread object is the agent that executes program code (and has its own stack and machine state). Each thread is associated with a process object which specifies the virtual address space mapping for the thread. Several thread objects can be associated with a single process object which enables concurrent execution of multiple threads in a single address space (possible simultaneous execution in a multiprocessor system running Windows NT). On multiprocessor systems running Windows NT, multiple threads may execute at the same time but on different processors.
In order to support the process structure of Windows NT, APIs include:
* Support for process and thread creation and manipulation.
* Support for synchronisation between threads within a process and synchronisation objects that can be shared by multiple processes to allow synchronisation between threads whose processes have access to the synchronisation objects.
* A uniform sharing mechanism that provides security features that limit/control the sharing of objects between processes.
Windows NT provides the ability to create new processes (CreateProcess) and threads (CreateThread). Rather than "inherit" everything always, as is done in UNIX with the fork call, CreateProcess accepts explicit arguments that control aspects of process creation such as file handle inheritance, security attributes, debugging of the child process, environment, default directory, etc. It is through the explicit creation of a thread or process with appropriate security descriptors that credentials are granted to the created entity.
Win32 does not provide the capability to "clone" a running process (and it's associated in-memory contents); this is not such a hardship, since most UNIX code forks and then immediately calls exec. Applications that depend on the cloning semantics of fork may have to be rearchitected a bit to use threads (especially where large amounts of data sharing between parent and child occurs), or in some cases, to use IPC mechanisms to copy the relevant data between two distinct processes after the CreateProcess call is executed.
If a child process is to inherit the handles of the creator process, the bInherit flag of the CreateProcess call can be set. In this case, the child's handle table is filled in with handles valid in the context of the child process. If this flag is not specified, handles must be given away by using the DuplicateHandlecall.
Windows NT was not designed to support "dumb terminals" as a primary emphasis, so the concept of terminal process groups and associated semantics are not implemented. Applications making assumptions about groups of applications (for example, killing the parent process kills all child processes), will have to investigate the GenerateConsoleCtrlEvent API, which provides a mechanism to signal groups of applications controlled by a parent process using the CREATE_NEW_PROCESS_GROUP flag in the CreateProcess API.
Programs making assumptions about the layout of processes in memory (GNU EMACS, for example, which executes, then "dumps" the image of variables in memory to disk, which is subsequently "overlayed" on start-up to reduce initialisation time), especially the relationship of code segments to data and stack, will likely require modification. Generally, practices such as these are used to get around some operating system limitation or restriction. At this level, a rethinking of the structure of that part of the application is generally in order, to examine supported alternatives to the "hack" that was used (perhaps memory mapped files for particular cases like this). For those who must deal with an application's pages on this level, there is a mechanism by which a process may be opened (OpenProcess), and individual memory pages, threads, and stacks examined or modified.
There is no direct equivalent of the UNIX setuid. There are, however, a number of Windows NT alternatives to use depending on the task to be accomplished. If the task at hand is a daemon that runs with a fixed user context, it would be best to use a Windows NT service (again, the online help is invaluable for this information). A Windows NT service is equivalent to a "daemon" running with fixed user credentials, with the added benefit of being administrable locally or remotely through standard Windows NT administration facilities. For instances when a process must "impersonate" a particular user, it's suggested that a server program be written that communicates thr
In the late 1960s a combined project between researchers at MIT, Bell Labs and General Electric led to the design of a third generation of computer operating system known as MULTICS (MULTiplexed Information and Computing Service). It was envisaged as a computer utility, a machine that would support hundreds of simultaneous timesharing users. They envisaged one huge machine providing computing power for everyone in Boston. The idea that machines as powerful as their GE-645 would be sold as personal computers costing only a few thousand dollars only 20 years later would have seemed like science fiction to them. However MULTICS proved more difficult than imagined to implement and Bell Labs withdrew from the project in 1969 as did General Electric, dropping out of the computer business altogether.
One of the Bell Labs researchers (Ken Thompson) then decided to rewrite a stripped down version of MULTICS, initially as a hobby. He used a PDP-7 minicomputer that no was using and wrote the code in assembly. It was initially a stripped down, single user version of MULTICS but Thompson actually got the system to work and one of his colleagues jokingly called it UNICS (UNiplexed Information and Computing Service). The name stuck but the spelling was later changed to UNIX. Soon Thompson was joined on the project by Dennis Richie and later by his entire department.
UNIX was moved from the now obsolete PDP-7 to the much more modern PDP-11/20 and then later to the PDP-11/45 and PDP-11/70. These two latter computers had large memories as well as memory protection hardware, making it possible to support multiple users at the same time. Thompson then decided to rewrite UNIX in a high-level language called B. Unfortunately this attempt was not successful and Richie designed a successor to B called C. Together, Thompson and Richie rewrote UNIX in C and subsequently C has dominated system programming ever since. In 1974, Thompson and Richie published a paper about UNIX and this publication stimulated many universities to ask Bell Labs for a copy of UNIX. As it happened the PDP-11 was the computer of choice at nearly all university computer science departments and the operating systems that came with this computer was widely regarded as being dreadful and hence UNIX quickly came to replace them. The version that first became the standard in universities was Version 6 and within a few years this was replaced by Version 7. By the mid 1980s, UNIX was in widespread use on minicomputers and engineering workstations from a variety of vendors.
In 1984, AT&T released the first commercial version of UNIX, System III, based on Version 7. Over a number of years this was improved and upgraded to System V. Meanwhile the University of California at Berkeley modified the original Version 6 substantially. They called their version 1BSD (First Berkeley Software Distribution). This was modified over time to 4BSD and improvements were made such as the use of paging, file names longer than 14 characters and a new networking protocol, TCP/IP. Some computer vendors like DEC and Sun Microsystems based their version of UNIX on Berkeley's rather than AT&T's. There was a few attempts to standardise UNIX in the late 1980s, but only the POSIX committee had any real success, and this was limited.
During the 1980s, most computing environments became much more heterogeneous, and customers began to ask for greater application portability and interoperability from systems and software vendors. Many customers turned to UNIX to help address those concerns and systems vendors gradually began to offer commercial UNIX-based systems. UNIX was a portable operating system whose source could easily be licensed, and it had already established a reputation and a small but loyal customer base among R&D organisations and universities. Most vendors licensed source bases from either the University of California at Berkeley or AT&T(r) (two completely different source bases). Licensees extensively modified the source and tightly coupled them to their own systems architectures to produce as many as 100 proprietary UNIX variants. Most of these systems were (and still are) neither source nor binary compatible with one another, and most are hardware specific.
With the emergence of RISC technology and the breakup of AT&T, the UNIX systems category began to grow significantly during the 1980s. The term "open systems" was coined. Customers began demanding better portability and interoperability between the many incompatible UNIX variants. Over the years, a variety of coalitions (e.g. UNIX International) were formed to try to gain control over and consolidate the UNIX systems category, but their success was always limited. Gradually, the industry turned to standards as a way of achieving the portability and interoperability benefits that customers wanted. However, UNIX standards and standards organisations proliferated (just as vendor coalitions had), resulting in more confusion and aggravation for UNIX customers.
The UNIX systems category is primarily an application-driven systems category, not an operating systems category. Customers choose an application first-for example, a high-end CAD package-then find out which different systems it runs on, and select one. The final selection involves a variety of criteria, such as price/performance, service, and support. Customers generally don't choose UNIX itself, or which UNIX variant they want. UNIX just comes with the package when they buy a system to run their chosen applications.
The UNIX category can be divided into technical and business markets: 87% of technical UNIX systems purchased are RISC workstations purchased to run specific technical applications; 74% of business UNIX systems sold are multiuser/server/midrange systems, primarily for running line-of-business or vertical market applications.
The UNIX systems category is extremely fragmented. Only two vendors have more than a 10% share of UNIX variant license shipments (Sun(r) and SCO); 12 of the top 15 vendors have shares of 5% or less (based on actual 1991 unit shipments, source: IDC). This fragmentation reflects the fact that most customers who end up buying UNIX are not actually choosing UNIX itself, so most UNIX variants have small and not very committed customer bases.
Operating System Architecture
Windows NT was designed with the goal of maintaining compatibility with applications written for MS-DOS, Windows for MS-DOS, OS/2, and POSIX. This was an ambitious goal, because it meant that Windows NT would have to provide the applications with the application programming interfaces (API) and the execution environments that their native operating systems would normally provide. The Windows NT developers accomplished their compatibility goal by implementing a suite of operating system environment emulators, called environment subsystems. The emulators form an intermediate layer between user applications and the underlying NT operating system core.
User applications and environment subsystems work together in a client/server relationship. Each environment subsystem acts as a server that supports the application programming interfaces of a different operating system . Each user application acts as the client of an environment subsystem because it uses the application programming interface provided by the subsystem. Client applications and environment subsystem servers communicate with each other using a message-based protocol.
At the core of the Windows NT operating system is a collection of operating system components called the NT Executive. The executive's components work together to form a highly sophisticated, general purpose operating system. They provide mechanisms for:
Interprocess communication.
Pre-emptive multitasking.
Symmetric multiprocessing.
Virtual memory management.
Device Input/Output.
Security.
Each component of the executive provides a set of functions, commonly referred to as native services or executive services. Collectively, these services form the application programming interface (API) of the NT executive.
Environment subsystems are applications that call NT executive services. Each one emulates a different operating system environment. For example, the OS/2 environment subsystem supports all of the application programming interface functions used by OS/2 character mode applications. It provides these applications with an execution environment that looks and acts like a native OS/2 system. Internally, environment subsystems call NT executive services to do most of their work. The NT executive services provide general-purpose mechanisms for doing most operating system tasks. However the subsystems must implement any features that are unique to the their operating system environments.
User applications, like environment subsystems, are run on the NT Executive. Unlike environment subsystems, user applications do not directly call executive services. Instead, they call application programming interfaces provided by the environment subsystems. The subsystems then call executive services as needed to implement their application programming interface functions.
Windows NT presents users with an interface that looks like that of Windows 3.1. This user interface is provided by Windows NT's 32-bit Windows subsystem (Win32). The Win32 subsystem has exclusive responsibility for displaying output on the system's monitor and managing user input. Architecturally, this means that the other environment subsystems must call Win32 subsystem functions to produce output on the display. It also means that the Win32 subsystem must pass user input actions to the other environment subsystems when the user interacts with their windows.
Windows NT does not maintain compatibility with device drivers written for MS-DOS or Windows for MS-DOS. Instead, it adopts a new layered device-driver architecture that provides many advantages in terms of flexibility, maintainability, and portability. Windows NT's device driver architecture requires that new drivers be written before Windows NT can be compatible with existing hardware. While writing new drivers involves a lot of development effort on the part of Microsoft and independent hardware vendors (IHV), most of the hardware devices supported by Windows for MS-DOS will be supported by new drivers shipped with the final Windows NT product.
The device driver architecture is modular in design. It allows big (monolithic) device drivers to be broken up into layers of smaller independent device drivers. A driver that provides common functionality must only be written once. Drivers in adjacent layers can then simply call the common device driver to get their work done. Adding support for new devices is easier under Windows NT than most operating systems because only the hardware-specific drivers need to be rewritten.
Windows NT's new device driver architecture provides a structure on top of which compatibility with existing installable file systems (for example, FAT and HPFS) and existing networks (for example, Novell and Banyan Vines) was relatively easy to achieve. File systems and network redirectors are implemented as layered drivers that plug easily into the new Windows NT device driver architecture.
In any Windows NT multiprocessor platform, the following conditions must hold:
All CPUs are identical, and either all have identical coprocessors or none has a coprocessor.
All CPUs share memory and have uniform access to memory.
In a symmetric platform, every CPU can access memory, take an interrupt, and access I/O control registers. In an asymmetric platform, one CPU takes all interrupts for a set of slave CPUs.
Windows NT is designed to run unchanged on uniprocessor and symmetric multiprocessor platforms
A UNIX system can be regarded as hierarchical in nature. At the highest level is the physical hardware, consisting of the CPU or CPUs, memory and disk storage, terminals and other devices.
On the next layer is the UNIX operating system itself. The function of the operating system is to allow access to and control the hardware and provide an interface that other software can use to access the hardware resources within the machine, without having to have complete knowledge of what the machine contains. These system calls allow user programs to create and manage processes, files and other resources. Programs make system calls by loading arguments into memory registers and then issuing trap instructions to switch from user mode to kernel mode to start up UNIX. Since there is no way to trap instructions in C, a standard library is provided on top of the operating system, with one procedure per system call.
The next layer consists of the standard utility programs, such as the shell, editors, compilers, etc., and it is these programs that a user at a terminal invokes. They use the operating system to access the hardware to perform their functions and generally are able to run on different hardware configurations without specific knowledge of them.
There are two main parts to the UNIX kernel which are more or less distinguishable. At the lowest level is the machine dependent kernel. This is a piece of code which consists of the interrupt handlers, the low-level I/O system device drivers and some of the memory management software. As with most of the Unix operating system it is mostly written in C, but since it interacts directly with the machine and processor specific hardware, it has to be rewritten from scratch whenever UNIX is ported to a new machine. This kernel uses the lowest level machine instructions for the processor which is why it must be changed for each different processor.
In contrast, the machine independent kernel runs the same on all machine types because it is not as closely reliant on any specific piece of hardware it is running on. The machine independent code includes system call handling, process management, scheduling, pipes, signals, memory paging and memory swapping functions, the file system and the higher level part of the I/O system. The machine independent part of the kernel is by far the larger of the two sections, which is why it UNIX can be ported to new hardware with relative ease.
Unix does not use the DOS and Windows idea of independently loaded device drivers for each additional hardware item that is not under BIOS control in the machine which is why it must be recompiled whenever hardware is added or removed, the kernel needing to be updated with the new information. This is the equivalent of adding a device driver to a configuration file in DOS or Windows and then rebooting the machine. It is however a longer process to undertake.
Memory Management
Windows NT provides a flat 32-bit address space, half of which is reserved for the OS, and half available to the process. This provides a separate 2 gigabytes of demand-paged virtual memory per process. This memory is accessible to the software developer through the usual malloc() and free() memory allocation and deallocation routines, as well as some advanced Windows NT-specific mechanisms.
For a programmer desiring greater functionality for memory control, Windows NT also provides Virtual and Heap memory management APIs.
The advantage of using the virtual memory programming interface (VirtualAlloc(), VirtualLock(), VirtualQuery(), etc.) is that the developer has much more control over whether backing store (memory committed in the paging (swap) file to handle physical memory overcommitment) is explicitly marked, and removed from the available pool of free blocks. With malloc(), every call is assumed to require the memory to be available upon return from the function call to be used. With VirtualAlloc() and related functions, the memory is reserved, but not committed, until the page on which an access occurs is touched. By allowing the application to control the commitment policy through access, less system resources are used. The trade-off is that the application must also be able to handle the condition (presumably with structured exception handling) of an actual memory access forcing commitment.
Heap APIs are provided to make life easier for applications with memory-using stack discipline. Multiple heaps can be initialised, each growing/shrinking with subsequent accesses. Synchronisation of access to allocated heaps can be done either explicitly through Windows NT synchronisation objects, or by using an appropriate parameter at the creation of a heap. All access to memory in that particular heap is synchronised between threads in the process.
Memory-mapped files are also provided in Windows NT. This provides a convenient way to access disk data as memory, with the Windows NT kernel managing paging. This memory may be shared between processes by using CreateFileMapping() followed by MapViewOfFile().
Windows NT provides thread local storage (TLS) to accommodate the needs of multithreaded applications. Each thread of a subprocess has its own stack, and may have its own memory to keep various information.
Windows NT is the first operating system to provide a consistent multithreading API across multiple platforms. A thread is unit of execution in a process context that shares a global memory state with other threads in that context (if any). When a process is created in Windows NT, memory is allocated for it, a state is set up in the system, and a thread object is created. To start a thread in a currently executing process, the CreateThread() call is used as a function pointer is passed in through lpStartAddr; this address may be any valid procedure address in an application.
Windows NT supports a number of different types of multiprocessing hardware. On these designs, it's possible for different processors to be running different threads an application simultaneously. Take care to use threads in an application to synchronise access to common resources between threads. Fortunately, Windows NT has very rich synchronisation facilities.
Most UNIX developers don't use threads in their applications since support is not consistent between UNIX platforms.
Handles don't have a direct mapping from UNIX; however, they're very important to Win32 applications and deserve discussion. When kernel objects (such as threads, processes, files, semaphores, mutexes, events, pipes, mailslots, and communications devices) are created or opened using the Win32 API, a HANDLE is returned. This handle is a 32-bit quantity that is an index into a handle table specific to that process. Handles have associated ACLs, or Access Control Lists, that Windows NT uses to check against the security credentials of the process. Handles can be obtained by explicitly creating them (usually when an object is created), as the result of an open operation (e.g. OpenEvent()) on a named object in the system, inherited as the result of a CreateProcess() operation (a child process inherits an open handle from its parent process if inheritance was specified when the original handle was created and if the child process was created with the "inherit handles" flag set), or "given away" by DuplicateHandle(). It is important to note that unless one of these mechanisms is used, a handle will be meaningless in the context of a process.
For example, suppose process 1 calls CreateEvent() to return a handle that happens to have the ordinal value 0x1FFE. This event will be used to co-ordinate an operation between different processes. Process 2 must somehow get a handle to the event that process 1 created. If process 1 somehow "conjures" that the right value to use is 0x1FFE, it still won't have access to the event created by process 1, since that handle value means nothing in the context of process 2. If instead, process 1 calls DuplicateHandle()with the handle of process 2 (acquired through calling OpenProcess() with the integral id of process 2), a handle that can be used by process 2 is created. This handle value can be communicated back to process 1 through some IPC mechanism.
Handles that are used for synchronisation (semaphores, mutexes, events) as well as those that may be involved in asynchronous I/O (named pipes, files, communications) may be used with WaitForObject() and WaitForMultipleObject(), which are functionally similar to the select() call in UNIX.
Prior to 3BSD most UNIX systems were based on swapping. When more processes existed than could be kept in physical memory, some of them were swapped out to disk or drum storage. A swapped out process was always swapped out in its entirety and hence any current process was always either in memory or on disk as a complete unit.
All movement between memory and disk was handled by the upper level of a split level scheduler, known as the (memory) swapper. Swapping from memory to disk was initiated when the kernel ran out of free physical memory.
In order to choose a victim to evict, the swapper would first look at the processes that were being blocked by having to wait for something such as terminal input or a print job to respond. If more than one process was found, that process whose priority plus residence time was the highest was chosen as a candidate for swapping to disk. Thus a process that had consumed a large amount of CPU time recently was a good candidate, as was one that had been in memory a long time, even if it was mostly doing I/O. If no blocked process was available in memory then a ready process was chosen based on the same criteria of priority plus residence time.
Starting with 3BSD, memory paging was added to the operating system to handle the ever larger programs that were being written. Both 4BSD and System V implemented demand paging in a similar fashion. The theory of demand paging is that a process need not necessarily be entirely resident in memory in order to continue execution. All that is actually required is the user structure and the page tables. If these are swapped into memory, the process is then deemed to be sufficiently in memory and can be scheduled to execute. The pages of the text, data and stack segments are brought in dynamically, one at a time, as they are referenced, thus leaving memory free for other tasks rather than filling it with tables of data which may be referenced only once. If the user structure and page table are not in memory, the process cannot be executed until the swapper swaps them into memory from disk.
Paging is implemented partly by the main kernel and partly by a process called the page daemon. Like all daemons, the page daemon is started up periodically so that it can look around to see if there is any work for it to do. If it discovers that the number of free pages in memory is too low, it initiates action to free up more pages.
When a process is started it may cause a page fault due to one of its pages is not being resident in memory. When a page fault occurs, the operating system takes the first page frame free on the list of page frames, removes it from the list and reads the needed page into it. If the free page frame list is empty, the process must be suspended until the page daemon has had time to free a page frame from another process.
The page replacement algorithm is executed by the page daemon. At a set interval (commonly 250 millisec but varying from system to system) it is activated to see if the number of free page frames is at least equal to a system parameter known as lotsfree (typically set to 1/4 of memory). If there are insufficient page frames, the page daemon will start transferring pages from memory to disk until the lotsfree parameter value of page frames are available. Alternatively, if the page daemon discovers that more than lotsfree page frames are on the free list, it has no need to perform any function and terminates until its next call by the system. If the machine has plenty of memory and few active processes, it will be inactive for most of the time.
The page daemon uses a modified version of the clock algorithm. It is a global algorithm, which means that when removing a page it does not take into account whose page is being removed. Thus the number of pages each process has assigned to it varies in time, depending both on its own requirements and other process requirements. The size of the data segment may vary depending upon what has been requested, the operating system tracking allocated and unallocated memory blocks while the memalloc function manages the content of the data segment.
Process Management, Inter-process Communication and Control
The Windows NT process model differs from that of UNIX in a number of aspects, including process groups, terminal groups, setuid, memory layout, etc. For some programs, such as shells, a re-architecture of certain portions of the code is inevitable. Fortunately, most applications don't inherently rely on the specific semantics of UNIX processes, since even this differs between UNIX versions.
Quoting from the online help provided with the Windows NT SDK:
Win32 exposes processes and threads of execution within a process as objects. Functions exist to create, manipulate, and delete these objects.
A process object represents a virtual address space, a security profile, a set of threads that execute in the address space of the process, and a set of resources or objects visible to all threads executing in the process. A thread object is the agent that executes program code (and has its own stack and machine state). Each thread is associated with a process object which specifies the virtual address space mapping for the thread. Several thread objects can be associated with a single process object which enables concurrent execution of multiple threads in a single address space (possible simultaneous execution in a multiprocessor system running Windows NT). On multiprocessor systems running Windows NT, multiple threads may execute at the same time but on different processors.
In order to support the process structure of Windows NT, APIs include:
* Support for process and thread creation and manipulation.
* Support for synchronisation between threads within a process and synchronisation objects that can be shared by multiple processes to allow synchronisation between threads whose processes have access to the synchronisation objects.
* A uniform sharing mechanism that provides security features that limit/control the sharing of objects between processes.
Windows NT provides the ability to create new processes (CreateProcess) and threads (CreateThread). Rather than "inherit" everything always, as is done in UNIX with the fork call, CreateProcess accepts explicit arguments that control aspects of process creation such as file handle inheritance, security attributes, debugging of the child process, environment, default directory, etc. It is through the explicit creation of a thread or process with appropriate security descriptors that credentials are granted to the created entity.
Win32 does not provide the capability to "clone" a running process (and it's associated in-memory contents); this is not such a hardship, since most UNIX code forks and then immediately calls exec. Applications that depend on the cloning semantics of fork may have to be rearchitected a bit to use threads (especially where large amounts of data sharing between parent and child occurs), or in some cases, to use IPC mechanisms to copy the relevant data between two distinct processes after the CreateProcess call is executed.
If a child process is to inherit the handles of the creator process, the bInherit flag of the CreateProcess call can be set. In this case, the child's handle table is filled in with handles valid in the context of the child process. If this flag is not specified, handles must be given away by using the DuplicateHandlecall.
Windows NT was not designed to support "dumb terminals" as a primary emphasis, so the concept of terminal process groups and associated semantics are not implemented. Applications making assumptions about groups of applications (for example, killing the parent process kills all child processes), will have to investigate the GenerateConsoleCtrlEvent API, which provides a mechanism to signal groups of applications controlled by a parent process using the CREATE_NEW_PROCESS_GROUP flag in the CreateProcess API.
Programs making assumptions about the layout of processes in memory (GNU EMACS, for example, which executes, then "dumps" the image of variables in memory to disk, which is subsequently "overlayed" on start-up to reduce initialisation time), especially the relationship of code segments to data and stack, will likely require modification. Generally, practices such as these are used to get around some operating system limitation or restriction. At this level, a rethinking of the structure of that part of the application is generally in order, to examine supported alternatives to the "hack" that was used (perhaps memory mapped files for particular cases like this). For those who must deal with an application's pages on this level, there is a mechanism by which a process may be opened (OpenProcess), and individual memory pages, threads, and stacks examined or modified.
There is no direct equivalent of the UNIX setuid. There are, however, a number of Windows NT alternatives to use depending on the task to be accomplished. If the task at hand is a daemon that runs with a fixed user context, it would be best to use a Windows NT service (again, the online help is invaluable for this information). A Windows NT service is equivalent to a "daemon" running with fixed user credentials, with the added benefit of being administrable locally or remotely through standard Windows NT administration facilities. For instances when a process must "impersonate" a particular user, it's suggested that a server program be written that communicates thr
William Henry Gates III
William Henry Gates III
Chairman and Chief Executive Officer
Microsoft Corporatio
William (Bill) H. Gates is chairman and chief executive officer of Microsoft Corporation, the leading provider, worldwide, of software for the personal computer. Microsoft had revenues of $8.6 billion for the fiscal year ending June 1996, and employs more than 20,000 people in 48 countries.
Background on Bill
Born on October 28, 1955, Gates and his two sisters grew up in Seattle. Their father, William H. Gates II, is a Seattle attorney. Their late mother, Mary Gates, was a schoolteacher, University of Washington regent and chairwoman of United Way International.
Gates attended public elementary school and the private Lakeside School. There, he began his career in personal computer software, programming computers at age 13.
In 1973, Gates entered Harvard University as a freshman, where he lived down the hall from Steve Ballmer, now Microsoft's executive vice president for sales and support. While at Harvard, Gates developed the programming language BASIC for the first microcomputer -- the MITS Altair.
In his junior year, Gates dropped out of Harvard to devote his energies to Microsoft, a company he had begun in 1975 with Paul Allen. Guided by a belief that the personal computer would be a valuable tool on every office desktop and in every home, they began developing software for personal computers.
Gates' foresight and vision regarding personal computing have been central to the success of Microsoft and the software industry. Gates is actively involved in key management and strategic decisions at Microsoft, and plays an important role in the technical development of new products. A significant portion of his time is devoted to meeting with customers and staying in contact with Microsoft employees around the world through e-mail.
Under Gates' leadership, Microsoft's mission is to continually advance and improve software technology and to make it easier, more cost-effective and more enjoyable for people to use computers. The company is committed to a long-term view, reflected in its investment of more than $2 billion on research and development in the current fiscal year.
As of December 12, 1996, Gates' Microsoft stock holdings totaled 282,217,980 shares, currently selling at $95.25, as of Feb. 20th, 1997.
Giving a rough estimate of total worth:$ 26,881,262,595
In 1995, Gates wrote The Road Ahead, his vision of where information technology will take society. Co-authored by Nathan Myhrvold, Microsoft's chief technology officer, and Peter Rinearson, The Road Ahead held the No. 1 spot on the New York Times' bestseller list for seven weeks. Published in the U.S. by Viking, the book was on the NYT list for a total of 18 weeks. Published in more than 20 countries, the book sold more than 400,000 copies in China alone. In 1996, while redeploying Microsoft around the Internet, Gates thoroughly revised The Road Ahead to reflect his view that interactive networks are a major milestone in human history. The paperback second edition has also become a bestseller. Gates is donating his proceeds from the book to a non-profit fund that supports teachers worldwide who are incorporating computers into their classrooms.
In addition to his passion for computers, Gates is interested in biotechnology. He sits on the board of the Icos Corporation and is a shareholder in Darwin Molecular, a subsidiary of British-based Chiroscience. He also founded Corbis Corporation, which is developing one of the largest resources of visual information in the world-a comprehensive digital archive of art and photography from public and private collections around the globe. Gates also has invested with cellular telephone pioneer Craig McCaw in Teledesic, a company that is working on an ambitious plan to launch hundreds of low-orbit satellites around the globe to provide worldwide two-way broadband telecommunications service.
In the decade since Microsoft has gone public, Gates has donated more than $270 million to charities, including $200 million to the William H. Gates Foundation. The focus of Gates' giving is in three areas: education, population issues and access to technology.
Gates was married on Jan. 1, 1994 to Melinda French Gates. They have one child, Jennifer Katharine Gates, born in 1996.
Times are changing fast. Three years ago, while President Bushs camp was mounting a direct-mail campaign unchanged from that of Reagan before him, the Clinton camp, host to a horde of so-called "computer whiz kids," all in their twenties, was developing a completely new set of election tactics, using personal computer networks and electronic mail, or "e-mail". Many of these twenty-some-odd-year-old mini-Clintons, who now occupy the White House, show up for work in sneakers, T-shirts, and jeans, and spend each day, from morn till night, tapping away at personal-computer keyboards. As I myself have often experienced of late, when you exchange business cards with an American you nearly always see, imprinted on the card along with the phone and fax numbers, an e-mail number, as well. When the person inquires, "What is your e-mail number?"and you reply, "I don't have one yet," you can catch the briefest glimmer in his eye, which seems to say, "A bit behind the times, aren't we?" The darling of this multimedia age is a man named Bill Gates. Won over by then Vice-Presidential candidate Gores promise to vigorously promote the "information superhighway," Gates, declaring himself a representative of Silicon Valley, donated a large amount of money to the Clinton campaign. The support of Bill Gates boosted the popularity of the Democratic Party. This year, Forbes Magazine's traditional annual list ranked this same Bill Gates, head of Microsoft Corp., as the worlds richest human being. Myths and legends about this youthful success story abound; he has already published an autobiography which, along with a critical biography of Gates, is being read by people all over the world. He is, in short, a super-famous man. Gates rear-echelon e-mail activities have been reprinted not only in America and Europe, but even, in translation, in Japanese newspapers. Gates has been known for some time as a political liberal and a strong supporter of the Democratic Party; lately, however, the word about town is that Gates and the Democratic Party have had a falling-out. The U.S. Department of Justice under the Clinton administration, citing doubts about the legality under U.S. antitrust laws of attempted buy-outs of other companies by Microsoft, has put such purchases on hold, causing them to fall through and, it is said, greatly angering Bill Gates.
Gates: "modern-day Rockefeller"
Gates, an object of admiration for most Americans as a "modern-day Rockefeller," is also, it seems, an object of envy who arouses fierce jealousy: charges are currently being brought against him for violation of antitrust laws. Simply put, the Justice Department, under the traditional notion that allowing software makers to merge with the company which makes their computer operating systems to form a single giant company is less desirable than keeping them separate, is moving to block Gates' path. Some 80% of the personal computers in the world today use the MS DOS or Windows operating systems both Microsoft products. If you purchase a piece of software, such as a word processor, and try to run it on your personal computer, you will be unable to run the program unless it is first able to connect with and operating system. Because of this judgment that it is best to keep separate that which ought to be consolidated, it is difficult to see how the Internet, or any other information network, can in future be integrated into a single, unified whole. The specter of an antitrust law born in the age of Standard Oil has risen once again to haunt us. As a rule, disputes such as this are amicably settled by lobbyists. Astoundingly, however, Bill Gates had not a single lobbyist in Washington. Absorbed in his work, it seems, he had neglected to devote any attention to lobbying activities. Then, too, his is such a new industry that it simply hadn't had time to hire lobbyists and launch a carefully planned program of lobbying activities. Thus it appears that Gates' split with the Democratic Party is a fair accomplishment.
"The Road Ahead"
In "The Road Ahead," a book-and-CD-ROM package, Gates "predicts the future for you" (as Newsweek's cover put it). And, surprise!, things look bright indeed to America's richest guy. The "information highway" -- Gates generally clips it to a plain "the highway" -- isn't here yet; the Internet is only a genetic precursor, according to Gates. But when "the highway" itself arrives at our doors, with its ubiquitous high-bandwidth digital video feeds, our lives will undergo a seismic change for the better.
This "World of Tomorrow" prognostication game is old enough hat that even Gates admits many of his predictions will soon look comical. The CD-ROM's video portrait of "the highway" circa 2004 -- a world of heavy makeup, bad Muzak and super-efficient cappuccino bars -- will make for good party entertainment a decade hence. So will its wide-eyed virtual-reality walk-through of the still-unfinished Gates mansion, the Hearst Castle of the '90s.
"The Road Ahead," like an AT&T ad, is built around a ritual repetition of the word "will." I used the CD-ROM's "full text search" function and, though it wouldn't tell me how many times "will" appears, it reported that the word turns up on just about every page.
You will use "the highway" to "shop, order food, contact fellow hobbyists, or publish information for others to use." You will select how, when and where you wish to receive your news and entertainment. You will benefit from lower prices and the elimination of middlemen that the network's "friction-free" marketplace allows. Your wallet PC will identify you at airport gates and highway tollbooths. Your children will tap a torrent of homework helpers.
As the CD-ROM narrator breathlessly puts it, "The information flow into your home will be incredible!" ("Get the mop, Martha!")
At some point, all these "wills" change in character from predictive to prescriptive, and Gates' friendly if cool tone acquires an undercurrent of coercion. The promise of "the highway," according to Gates, is that it will allow us all to control our destinies more fully. The not-so-well-buried subtext of "The Road Ahead," though, tells a different story -- of Gates' and Microsoft's desperate struggle to maintain control of the high-tech marketplace.
"The Road Ahead" won't satisfy readers curious for insights into Chairman Bill's psyche; it mostly has the bland, confident air of an annual report. But in its very first chapter -- next to a cute high-school picture of Gates and Paul Allen scrunched over an old teletype terminal -- Gates does give one clue to his mindset. He was attracted to computers as a kid, he explains, because "we could give this big machine orders and it would always obey."
It's easy to jump on a line like that and make Gates out as some kind of silicon-chip Nazi. But of course he's only being honest about the attraction computer science has always held for engineers, enthusiasts and precocious children: the appeal of instantly responsive, utterly submissive systems that can be gradually massaged toward perfection.
Though digital technology invites its creators into a world of absolute control, the computer market remains a place of frustrating chaos. Gates long ago adopted the strategy that made Microsoft's fortune: ship early with imperfect products, seize market share and then upgrade toward an acceptable level of performance. This drives engineers nuts, but it's sharp business, and it has kept the company on top of the software industry -- until now.
Conclusion and personal ideas:
William Henry Gates III, as you have read, is quite an incredible man. His intelligence and insight into the future, shows how "ahead of his time", he is. In almost all of our daily lives, (whether you know it or not), Gates has done something, influenced someone, invented some new software, that is relevant to what you do. Whether you are a news reporter, or a bagger at a grocery store, a high-tech attorney, or a low-tech gardener, it seems that not a day goes by, without some mention of technology, computers, or what's in store for us.
He is quite a pioneer in his field, and has brought a new realization to many, regarding the future. In fact, his 1995, best selling book, is titled: "The Road Ahead". This man has such power over our society, and our country, that his ideas are often met with resistance. Many people believe that it is terrible that someone with ideas and goals like his, should have so much power and say in our everyday life.
It is obvious to many that he tells the truth, when he talks about the future, and how he thinks it will be. Because with his economic stature, and powerful ideas, he will be able to change the world.
I believe he is one of the most magnificent men in our recent history, to be compared to Hitler, Rockefeller, Martin Luther King, and many other influential people. He has influenced me personally, just with the use of computers in our everyday lives, (more in mine that others), and the majority of our U.S. population. His presence in our economy, society, and life cannot be ignored, and I believe that this will become even more evident, as we move into the 21st century.
Chairman and Chief Executive Officer
Microsoft Corporatio
William (Bill) H. Gates is chairman and chief executive officer of Microsoft Corporation, the leading provider, worldwide, of software for the personal computer. Microsoft had revenues of $8.6 billion for the fiscal year ending June 1996, and employs more than 20,000 people in 48 countries.
Background on Bill
Born on October 28, 1955, Gates and his two sisters grew up in Seattle. Their father, William H. Gates II, is a Seattle attorney. Their late mother, Mary Gates, was a schoolteacher, University of Washington regent and chairwoman of United Way International.
Gates attended public elementary school and the private Lakeside School. There, he began his career in personal computer software, programming computers at age 13.
In 1973, Gates entered Harvard University as a freshman, where he lived down the hall from Steve Ballmer, now Microsoft's executive vice president for sales and support. While at Harvard, Gates developed the programming language BASIC for the first microcomputer -- the MITS Altair.
In his junior year, Gates dropped out of Harvard to devote his energies to Microsoft, a company he had begun in 1975 with Paul Allen. Guided by a belief that the personal computer would be a valuable tool on every office desktop and in every home, they began developing software for personal computers.
Gates' foresight and vision regarding personal computing have been central to the success of Microsoft and the software industry. Gates is actively involved in key management and strategic decisions at Microsoft, and plays an important role in the technical development of new products. A significant portion of his time is devoted to meeting with customers and staying in contact with Microsoft employees around the world through e-mail.
Under Gates' leadership, Microsoft's mission is to continually advance and improve software technology and to make it easier, more cost-effective and more enjoyable for people to use computers. The company is committed to a long-term view, reflected in its investment of more than $2 billion on research and development in the current fiscal year.
As of December 12, 1996, Gates' Microsoft stock holdings totaled 282,217,980 shares, currently selling at $95.25, as of Feb. 20th, 1997.
Giving a rough estimate of total worth:$ 26,881,262,595
In 1995, Gates wrote The Road Ahead, his vision of where information technology will take society. Co-authored by Nathan Myhrvold, Microsoft's chief technology officer, and Peter Rinearson, The Road Ahead held the No. 1 spot on the New York Times' bestseller list for seven weeks. Published in the U.S. by Viking, the book was on the NYT list for a total of 18 weeks. Published in more than 20 countries, the book sold more than 400,000 copies in China alone. In 1996, while redeploying Microsoft around the Internet, Gates thoroughly revised The Road Ahead to reflect his view that interactive networks are a major milestone in human history. The paperback second edition has also become a bestseller. Gates is donating his proceeds from the book to a non-profit fund that supports teachers worldwide who are incorporating computers into their classrooms.
In addition to his passion for computers, Gates is interested in biotechnology. He sits on the board of the Icos Corporation and is a shareholder in Darwin Molecular, a subsidiary of British-based Chiroscience. He also founded Corbis Corporation, which is developing one of the largest resources of visual information in the world-a comprehensive digital archive of art and photography from public and private collections around the globe. Gates also has invested with cellular telephone pioneer Craig McCaw in Teledesic, a company that is working on an ambitious plan to launch hundreds of low-orbit satellites around the globe to provide worldwide two-way broadband telecommunications service.
In the decade since Microsoft has gone public, Gates has donated more than $270 million to charities, including $200 million to the William H. Gates Foundation. The focus of Gates' giving is in three areas: education, population issues and access to technology.
Gates was married on Jan. 1, 1994 to Melinda French Gates. They have one child, Jennifer Katharine Gates, born in 1996.
Times are changing fast. Three years ago, while President Bushs camp was mounting a direct-mail campaign unchanged from that of Reagan before him, the Clinton camp, host to a horde of so-called "computer whiz kids," all in their twenties, was developing a completely new set of election tactics, using personal computer networks and electronic mail, or "e-mail". Many of these twenty-some-odd-year-old mini-Clintons, who now occupy the White House, show up for work in sneakers, T-shirts, and jeans, and spend each day, from morn till night, tapping away at personal-computer keyboards. As I myself have often experienced of late, when you exchange business cards with an American you nearly always see, imprinted on the card along with the phone and fax numbers, an e-mail number, as well. When the person inquires, "What is your e-mail number?"and you reply, "I don't have one yet," you can catch the briefest glimmer in his eye, which seems to say, "A bit behind the times, aren't we?" The darling of this multimedia age is a man named Bill Gates. Won over by then Vice-Presidential candidate Gores promise to vigorously promote the "information superhighway," Gates, declaring himself a representative of Silicon Valley, donated a large amount of money to the Clinton campaign. The support of Bill Gates boosted the popularity of the Democratic Party. This year, Forbes Magazine's traditional annual list ranked this same Bill Gates, head of Microsoft Corp., as the worlds richest human being. Myths and legends about this youthful success story abound; he has already published an autobiography which, along with a critical biography of Gates, is being read by people all over the world. He is, in short, a super-famous man. Gates rear-echelon e-mail activities have been reprinted not only in America and Europe, but even, in translation, in Japanese newspapers. Gates has been known for some time as a political liberal and a strong supporter of the Democratic Party; lately, however, the word about town is that Gates and the Democratic Party have had a falling-out. The U.S. Department of Justice under the Clinton administration, citing doubts about the legality under U.S. antitrust laws of attempted buy-outs of other companies by Microsoft, has put such purchases on hold, causing them to fall through and, it is said, greatly angering Bill Gates.
Gates: "modern-day Rockefeller"
Gates, an object of admiration for most Americans as a "modern-day Rockefeller," is also, it seems, an object of envy who arouses fierce jealousy: charges are currently being brought against him for violation of antitrust laws. Simply put, the Justice Department, under the traditional notion that allowing software makers to merge with the company which makes their computer operating systems to form a single giant company is less desirable than keeping them separate, is moving to block Gates' path. Some 80% of the personal computers in the world today use the MS DOS or Windows operating systems both Microsoft products. If you purchase a piece of software, such as a word processor, and try to run it on your personal computer, you will be unable to run the program unless it is first able to connect with and operating system. Because of this judgment that it is best to keep separate that which ought to be consolidated, it is difficult to see how the Internet, or any other information network, can in future be integrated into a single, unified whole. The specter of an antitrust law born in the age of Standard Oil has risen once again to haunt us. As a rule, disputes such as this are amicably settled by lobbyists. Astoundingly, however, Bill Gates had not a single lobbyist in Washington. Absorbed in his work, it seems, he had neglected to devote any attention to lobbying activities. Then, too, his is such a new industry that it simply hadn't had time to hire lobbyists and launch a carefully planned program of lobbying activities. Thus it appears that Gates' split with the Democratic Party is a fair accomplishment.
"The Road Ahead"
In "The Road Ahead," a book-and-CD-ROM package, Gates "predicts the future for you" (as Newsweek's cover put it). And, surprise!, things look bright indeed to America's richest guy. The "information highway" -- Gates generally clips it to a plain "the highway" -- isn't here yet; the Internet is only a genetic precursor, according to Gates. But when "the highway" itself arrives at our doors, with its ubiquitous high-bandwidth digital video feeds, our lives will undergo a seismic change for the better.
This "World of Tomorrow" prognostication game is old enough hat that even Gates admits many of his predictions will soon look comical. The CD-ROM's video portrait of "the highway" circa 2004 -- a world of heavy makeup, bad Muzak and super-efficient cappuccino bars -- will make for good party entertainment a decade hence. So will its wide-eyed virtual-reality walk-through of the still-unfinished Gates mansion, the Hearst Castle of the '90s.
"The Road Ahead," like an AT&T ad, is built around a ritual repetition of the word "will." I used the CD-ROM's "full text search" function and, though it wouldn't tell me how many times "will" appears, it reported that the word turns up on just about every page.
You will use "the highway" to "shop, order food, contact fellow hobbyists, or publish information for others to use." You will select how, when and where you wish to receive your news and entertainment. You will benefit from lower prices and the elimination of middlemen that the network's "friction-free" marketplace allows. Your wallet PC will identify you at airport gates and highway tollbooths. Your children will tap a torrent of homework helpers.
As the CD-ROM narrator breathlessly puts it, "The information flow into your home will be incredible!" ("Get the mop, Martha!")
At some point, all these "wills" change in character from predictive to prescriptive, and Gates' friendly if cool tone acquires an undercurrent of coercion. The promise of "the highway," according to Gates, is that it will allow us all to control our destinies more fully. The not-so-well-buried subtext of "The Road Ahead," though, tells a different story -- of Gates' and Microsoft's desperate struggle to maintain control of the high-tech marketplace.
"The Road Ahead" won't satisfy readers curious for insights into Chairman Bill's psyche; it mostly has the bland, confident air of an annual report. But in its very first chapter -- next to a cute high-school picture of Gates and Paul Allen scrunched over an old teletype terminal -- Gates does give one clue to his mindset. He was attracted to computers as a kid, he explains, because "we could give this big machine orders and it would always obey."
It's easy to jump on a line like that and make Gates out as some kind of silicon-chip Nazi. But of course he's only being honest about the attraction computer science has always held for engineers, enthusiasts and precocious children: the appeal of instantly responsive, utterly submissive systems that can be gradually massaged toward perfection.
Though digital technology invites its creators into a world of absolute control, the computer market remains a place of frustrating chaos. Gates long ago adopted the strategy that made Microsoft's fortune: ship early with imperfect products, seize market share and then upgrade toward an acceptable level of performance. This drives engineers nuts, but it's sharp business, and it has kept the company on top of the software industry -- until now.
Conclusion and personal ideas:
William Henry Gates III, as you have read, is quite an incredible man. His intelligence and insight into the future, shows how "ahead of his time", he is. In almost all of our daily lives, (whether you know it or not), Gates has done something, influenced someone, invented some new software, that is relevant to what you do. Whether you are a news reporter, or a bagger at a grocery store, a high-tech attorney, or a low-tech gardener, it seems that not a day goes by, without some mention of technology, computers, or what's in store for us.
He is quite a pioneer in his field, and has brought a new realization to many, regarding the future. In fact, his 1995, best selling book, is titled: "The Road Ahead". This man has such power over our society, and our country, that his ideas are often met with resistance. Many people believe that it is terrible that someone with ideas and goals like his, should have so much power and say in our everyday life.
It is obvious to many that he tells the truth, when he talks about the future, and how he thinks it will be. Because with his economic stature, and powerful ideas, he will be able to change the world.
I believe he is one of the most magnificent men in our recent history, to be compared to Hitler, Rockefeller, Martin Luther King, and many other influential people. He has influenced me personally, just with the use of computers in our everyday lives, (more in mine that others), and the majority of our U.S. population. His presence in our economy, society, and life cannot be ignored, and I believe that this will become even more evident, as we move into the 21st century.
Subscribe to:
Posts (Atom)