Retrotechtacular: Wising Up with the SAGE System

The birth of the supersonic jet made the United States’ airstrike defenses look antiquated. And so, during the Cold War, the government contracted a number of institutions and vendors to create and maintain the Semi-Automatic Ground Environment (SAGE) aircraft detection system with Western Electric as project manager.

SAGE was developed at MIT’s Lincoln Laboratory on computers built by IBM. It used the AN/FSQ-7 in fact, which was The Largest Computer Ever Built. SAGE operated as a network of defense sectors that divided the continental U.S. and Canada. Each of these sectors contained a directional center, which was a four-story concrete blockhouse that protected and operated a ‘Q7 through its own dedicated power station. The SAGE computers employed hot standby processors for maximum uptime and would fail over to nearby direction centers when necessary.

Information is fed into each directional center from many radar sources on land, in the air, and at sea. The findings are evaluated on scopes in dimly-lit rooms on the front end and stored on magnetic cores on the back end. Unidentifiable aircraft traces processed in the air surveillance room of the directional center are sent to the ID room where they are judged for friendliness. If found unfriendly, they are sent to the weapons direction room for possible consequences.

Continue reading “Retrotechtacular: Wising Up with the SAGE System”

Generating the Mandelbrot Set With IBM Mainframes

[Ken Shirriff] is apparently very cool, and when he found out the Computer History Museum had a working IBM 1401 mainframe, he decided to write a program. Not just any program, mind you; one that would generate a Mandelbrot fractal on a line printer.

The IBM 1401 is an odd beast. Even though it’s a fully transistorized computer, these transistors are germanium. These transistors are stuffed onto tiny cards with resistors, caps, and diodes, than then stuck in a pull-out card cage that, in IBM parlance, is called a ‘gate’. The computer used decimal arithmetic, and things like ‘bytes’ wouldn’t be standard for 20 years after this computer was designed – 4,000 characters of memory are stored in a 6-bit binary coded decimal format.

To the modern eye, the 1401 appears to be a very odd machine, but thanks to the ROPE compiler, [Ken] was able to develop his code and run it before committing it to punched cards. An IBM 029 keypunch was used to send the code from a PC to cards with the help of some USB-controlled relays.

With the deck of cards properly sorted, the 1401 was powered up, the cards loaded, and the impressive ‘Load’ button pressed. After 12 minutes of a line printer hammering out characters one at a time, a Mandelbrot fractal appears from a line printer. Interestingly, the first image of the Mandelbrot set was printed off a line printer in 1978. The IBM 1401 was introduced nearly 20 years before that.

SpoofedMe Attack Steals Accounts by Exploiting Social Login Mechanisms

We’ve all seen the social logon pop up boxes. You try to log into some website only to be presented with that pop up box that says, “Log in with Facebook/Twitter/Google”. It’s a nice idea in theory. You can log into many websites by using just one credential. It sounds convenient, but IBM X-Force researchers have recently shown how this can be bad for the security of your accounts. And what’s worse is you are more vulnerable if the service is offered and you are NOT using it. The researcher’s have called their new exploit SpoofedMe. It’s aptly named, considering it allows an attacker to spoof a user of a vulnerable website and log in under that user’s account.

So how does it work? The exploit relies on vulnerabilities in both the identity provider (Facebook/Twitter/etc) and the “relying website”. The relying website is whatever website the user is trying to log into using their social media account. The easiest way to describe the vulnerability is to walk through an example. Here we go.

Let’s imagine you are an attacker and you want to get into some victim’s Slashdot account. Slashdot allows you to create a local account within their system if you like, or you can log in using your LinkedIn account. Your victim doesn’t actually have a LinkedIn account, they use a local Slashdot account.

The first step of your attack would be to create a LinkedIn account using your victim’s email address. This needs to be the same address the victim is using for their local Slashdot account. This is where the first vulnerability comes in. LinkedIn needs to allow the creation of the account without verifying that the email address belongs to you.

The second step of the attack is now to attempt to log into Slashdot using your newly created LinkedIn account. This is where the second vulnerability comes in. Some social media services will authenticate you to websites like Slashdot by sending Slashdot your user information. In this case, the key piece of information is your email address. Here’s the third vulnerability. Slashdot sees that your LinkedIn account has the same email address as one of their local users. Slashdot assumes that LinkedIn has verified the account and permits you, the attacker, to log in as that user. You now have access to your victim’s Slashdot account. In another scenario, Slashdot might actually merge the two credentials together into one account.

What’s really interesting about this hack is that it isn’t even very technical. Anyone can do this. All you need is the victim’s email address and you can try this on various social media sites to see if it works. It’s even more interesting that you are actually more vulnerable if you are not using the social logons. Some real world examples of this vulnerability are with LinkedIn’s social logon service, Amazon’s service, and’s service. Check out the demonstration video below. Continue reading “SpoofedMe Attack Steals Accounts by Exploiting Social Login Mechanisms”

Thinkpad 701c: Reverse Engineering a Retro Processor Upgrade

[Noq2] has given his butterfly new wings with a CPU upgrade. Few laptops are as iconic as the IBM Thinkpad 701 series and its “butterfly” TrackWrite keyboard. So iconic in fact, that a 701c is part of the permanent collection of the Museum of Modern Art in New York.

Being a 1995 vintage laptop, [Noq2’s] 701c understandably was no speed demon by today’s standards. The fastest factory configuration was an Intel 486-DX4 running at 75 MHz. However, there have long been rumors and online auctions referring to a custom model modified to run an AMD AM-5×86 at 133 MHz. The mods were performed by shops like Hantz + Partner in Germany. With this in mind, [Noq2] set about reverse engineering the modification, and equipping his 701c with a new processor.

thinkpad-brainsurgeryThe first step was determining which AMD processor variant to use. It turns out that only a few models of AMD’s chips were pin compatible with the 208 pin Small Quad Flat Pack (SQFP) footprint on the 701c’s motherboard. [Noq2] was able to get one from an old Evergreen 486 upgrade module on everyone’s favorite auction site. He carefully de-soldered the AM-5×86 from the module, and the Intel DX4 from the 701c. A bit of soldering later, and the brain transplant was complete.

Some detailed datasheet research helped [noq2] find the how to increase the bus clock on his 5×86 chip, and enable the write-back cache. All he had to do was move a couple of passive components and short a couple pins on the processor.

The final result is a tricked out IBM 701c Thinkpad running an AMD 5×86 at 133 MHz. Still way too slow for today’s software – but absolutely the coolest retro mod we’ve seen in a long time.

Capacitive Sensing And Old IBM Keyboards


The pen is mightier than the sword, but the IBM Model M keyboard, properly applied, can knock teeth in. There are a few more IBM keyboards even better suited to blunt force trauma – the extremely vintage beam spring keyboards made for terminals and desktop publishers. Being so very old, there’s no easy way to connect these keyboards to a modern system, so when [xwhatsit] wanted to make his work, he needed to build his own controller.

The beam spring keyboards use capacitive switches, and with 122 keys, the usual method of reading capacitance – putting a capacitor in an oscillator – would be far too slow to be of any use in a keyboard. There is another method of reading capacitance: measuring the current going through the capacitive switch. This can easily be accomplished with an LM339 comparator.

[xwhatsit]’s keyboard controller uses this capacitive sensing circuit to read the four rows of keys, with a few shift registers taking care of the columns. An ATMega32u2 is the brains of the outfit, running LUFA to translate the key presses to USB.

If you’re lucky enough to have one of these ancient keyboards, [xwhatsit] is selling a few over on the usual mechanical keyboard forums. There’s also a controller for the Model F keyboard using the same basic circuit. If you need one just drop him a line or grab the gerbers and roll your own.



Retrotechtacular: Once Upon A Punched Card


Ah, the heady days of the early 60s, where companies gave their salesmen exquisitely produced documentaries, filled with incidental music written by the best composers of the era, and a voice actor that is so unabashedly ordinary you would swear you’ve heard him a hundred times before. It’s a lot better than any PowerPoint presentation anyone could come up, and lucky for us, these 16mm films are preserved on YouTube for everyone to enjoy. This one was sent out to IBM sales reps pushing a strange technology called a ‘punched card’, a system so efficient it will save your company tens of thousands of dollars in just a few short years.

Like most explanations of what a punched card does, this IBM documercial begins with the history of the Jacquard loom that used punched cards for storing patterns for textile weaving. In a rare bit of historical context befitting IBM, this film also covers the 1880 US census, an important part in the evolution of punched cards being used not as instructions for a loom, but data that could be tabulated and calculated.

The United States takes a census every ten years. The tenth census of 1880 took so long to compile into the data – seven years – it was feared the next census of 1890 wouldn’t be complete until the turn of the century. This problem was solved by [Herman Hollerith] and his system of encoding census data onto punched cards for tabulation. [Hollerith] would later go on to found the Tabulating Machine Company that would later merge with two other companies to form IBM. Isn’t it great that IBM chose to include that little nugget in their film.

As a point of interest, the film does contain a short pitch for IBM punched card writers, sorters, and calculators – the backbone of IBM’s medium to large size business sales. At the time this film was produced (1964) IBM was ready to announce the System/360, what would become the de facto mainframe for businesses of all sizes.  Yes, the /360 also used punched cards, but we wonder how many angry phone calls the sales reps received months after showing this film.

Laser Etching Brings New Life To An IBM Keyboard


[Evan] was perusing his local thrift store when he found a beautiful IBM Model M 122-key keyboard made in 1987.

“This is my keyboard, there are many like it, but this one is mine.”

~The Typist’s Creed

In [Evan’s] case, this might actually be the only one like it still in use today. An idea formed in his head. What if he took this ancient keyboard, gave it a USB driver, and customized the keys on a hardware level to do exactly what he wanted.

The first step was converting it to USB. He’s using a Teensy 2.0 mostly because it is super inexpensive, and its able to act as a USB HID device. In addition to wiring up the keyboard to the Teensy he’s also added foot pedals that connect via 1/8″ stereo plugs — these kind of act like extra mouse buttons, allowing him to scroll through galleries left to right, add page breaks, and other macros to increase efficiency.

Continue reading “Laser Etching Brings New Life To An IBM Keyboard”