Embed Notice

Infosec friends, you want to have nightmares tonight? Let me tell you what it was like to work in Silicon Valley in the mid 1990s. I worked at SGI, a major computer manufacturer. When I started, I was given an SGI Indy workstation running IRIX 5.3. It had no root password, setting one up was completely optional. I had full control over all software installed on it, and I could install anything I wanted from our internal dist server, including reinstalling the OS. New OS patches were occasionally available, but finding them and installing them was up to you. That workstation had a publicly routed IPv4 address and was connected to the campus Ethernet, which was in turn connected to the public Internet. There was no firewall, so I could access it from anywhere in the world (and since ssh wasn't much of a thing yet, that connection was unencrypted Telnet). And finally, to add to your nightmare, every workstation ran sendmail and received email directly: you could email me at <name>@sgi.com or directly at <name>@<workstation>.corp.sgi.com, and mail would be routed to my workstation. And yet... it all worked! And if I'm honest, I really miss it. Bad people broke things and ruined the good times for everyone.