I was there when he wrote it, on an Indy I'd given him for work purposes. Crazy to think, all these years later, we're still discussing it .. in between setting things up for the Huntington Beach US Open Women's Volleyball competition, he'd be crashing things running eggshell.
Crazy times. I'll never forget going to a Surfrider Foundation party with Aleph1, only to be bored out of our minds and go find a barely open video arcade to throw quarters at ..
Figures you'd pull that string, of all people. Well, I remember him hacking on it - and he had an Indy. Still, long time ago .. neither of us have the braincells we used to. ;)
Well, you have the window from 12/95 to 11/96 to work with. Before that, and you're predating splitvt, which was the work that mostly set us up to write the 1990s-form stack overflow exploit.
I distinctly remember him hacking on stack-smashing techniques while at Cyberworks, during our down-times... he crashed mine and his Indy a couple times, lol .. but maybe it was more of the exploratory work. I didn't pay as much attention as I should have, there were many other things going on at that company at the time, and I didn't really have patience for the people that were being brought in by the money-guy to shore things up, so I lost interest .. But for the brief period Aleph1 and I shared an office, it was definitely an interesting time watching him work. Probably I remember it more fondly than him, though. ;)
Part of the issue here is that we're running into a topic I am extremely, unreasonably nerdy about, since the first post-RTM working overflows are the K-T boundary of computer security. Having a working stack overflow on SGI MIPS, a delay-slot architecture with a split I&D cache, would have been a very big deal, and would force me to revise a mental history I've been grooming for a very long time. I believe Aleph One. :)
(We go back too, him and I; I met my wife at a party at his apartment).
Oh, his version of the history of his seminal paper is definitely canonical, no doubt about that - but I definitely remember seeing him hacking on stack exploits in the period leading up to when he released the paper, whether he had things working or was otherwise probing, and maybe there was a draft/discussion or two that we're both not remembering quite right. I remember him snarfing my DEC Alpha for a few quick checks, too .. Halcyon days indeed.
He and I had made our acquaintance at Union Station, downtown LA after a regularly scheduled 2600 meeting by the pay phones.
Back then, that's how you'd meet decent hackers - first Friday of the month, at some location published in 2600. Near the payphones. Hackerspaces weren't yet quite a thing, although we had the Electric Cafe in Santa Monica that was sorta close .. and there was also the virtual meeting place of The Well, but that was too noisy even in those days.
I offered Aleph1 a job at Cyberworks, a company I'd helped set up after I left operations for a tiny ISP named Earthlink (that's another story) .. he and I would commute out to Pasadena to a tiny nondescript industrial park, where I'd managed to get a bunch of sexy hardware together for the task of building one of California's earliest web agency/bureaux.
I think Aleph1 was only there for the great bandwidth I'd finagled and sexy hardware we had on offer for engineers, from DEC Alpha to SGI boxes - although the Volleyball video streaming from the beach was a pretty fun project, too: He got to string ISDN cables across the sand to an SGI Indy, parked under an umbrella on the beach, right in front of the match.
Good times. So amazing to think how far everything has come since then. If only I'd stuck it out a while longer after Cyberworks went to a business development meeting with that X.com guy, and then some nerds making an "auction site for the Internet", as if that would ever be a thing ..
Was always fun to get down to Union Station early and be among the first to answer the free calls coming in from the other 2600 meetings around the country. ;)
Wasn't too fun getting mis-identified in a game of 'spot the Fed' though, haha.
Yeah, I get that. I knew him before he was famous for bugtraq and the stack-smashing paper, so for me it was like watching a rockstar hacker go from his garage to Madison Square Gardens or something ..
The cute little emulator, which was linked in the article: https://github.com/bordplate/js86. I am curious how they came up with the ABI for variadics, though…
I've been aiming for x86-64 calling conventions, but must admit I've had a tendency to mix them up. It doesn't matter much in this case though. There are no variadic functions used in this post. I'm cheating a lot with the printf-function. You can see the implementation here: https://github.com/bordplate/js86/blob/master/Emulator/Proce...
