It’s been several weeks since Ray Tomlinson, best known for the invention of email, passed on. Email, however, represents only a very small portion of his work and contributions.
While writing a research paper on possible new methods to reduce and eradicate malware, I came across a bit of intriguing history whose available details did not satisfy my curiosity, and I needed to know more than what the internet had to offer. The event in question was the creation of Creeper, a piece of software created in 1971 by Bob Thomas that, according to most sources, is the world’s first computer virus. There hasn’t been a lot of information available on the internet regarding Creeper except that it was created to “infect” computers running the TENEX operating system on ARPAnet. It would cause the machine to print “I’M THE CREEPER. CATCH ME IF YOU CAN.” Then Ray Tomlinson created Reaper whose sole purpose was to seek out and remove Creeper from the machines it had “infected”.
I wanted to know more, though. Why was Creeper created in the first place? Did it cause problems? Was it an annoyance to those managing the machines it affected? Should it really be considered the first virus (technically worm, if that)? In late 2014 I ended up finding Ray Tomlinson on LinkedIn of all places and asked him if I could ask a few questions about Creeper and Reaper. He very kindly obliged.
As far as I am able to tell, the below Q&A (originally published on my personal blog on November 21st, 2014) is one of the last if not the last such interviews Ray had before his death. When I learned he had passed away, I thought it may be time to release this Q&A session to a wider audience who will appreciate it. It has not been edited or altered from the original save for this introduction.
Ray sent me a link before the Q&A that contained the best information I could thus far find online; this information helped me form some of these questions in a better way as it helped me realize that Creeper wasn’t a malevolent or even jovial practical jokeas it is often painted by sensationalist bloggers and journalists. The link he sent is availablehere.
Q. The Creeper started out as more of an experiment according to available resources. What happened that led up to this experiment? Do you know what Bob Tomas’ motives were? Or was it more of a spur of the moment thing on Bob’s part?
A. The contract that Bob was working on was to develop a resource-sharing capability (named RSEXEC) so that users could develop applications that could move to and run on another computer. The motive being to run on a computer that was lightly loaded– a computer on the west coast where it is still early morning rather one on the east coast where everyone is busily computing away, or to run on the computer that has the data that needs processing rather than moving all the data to the user’s computer. Creeper was a demonstration of this capability. Creeper moved because it could, not because it was advantageous to do so. It was a demo and wouldn’t be very interesting if it didn’t do anything.
Q. You’re credited with altering the Creeper at least in such a way so that it would sometimes replicate itself instead of simply “jumpingâ€. Was there more to it than that? What was the motive behind altering the Creeper? And how did you “capture†it when it at the time was only jumping from one machine to another, one at a time?
A. I don’t recall specifically why replication seemed interesting. I think I envisioned applications where one thing leads to another. For example, an application analyses data that indicate the existence of additional data located elsewhere so it splits off an alter ego to go process that data while the existing instance continues the analysis of the data in hand. In such a case the applications instances would naturally terminate as they concluded their analyses so capture was not necessary as long as there were no malfunctions. But, software has bugs. For example, the application might fail to realize it had already visited a data set and run forever repeatedly replicating and jumping from site to site. This possibility led to Reaper, which went looking for instances of Creeper to terminate them. It had the problem of knowing when its job was finished, but it was a simple program so it could keep track of the hosts it was visiting and since there were only 28 or so it would be pretty trivial to visit them all unless the network became disconnected.
Q. Do you know about how many machines the Creeper infected?
A. “Infected†is journalistically interesting, but inaccurate. Creeper was more like an allergy test than a common cold. But, to answer the intent of your question, no more that 28 machines could have been visited by Creeper since that is the number of ARPAnet sites running the TENEX operating system at the time.
Q. Did Creeper ever cause any unintended problems on any or all of the systems it infected?
A. No.
Q. Creeper is generally attributed as the world’s first virus. Of course computer viruses didn’t exist when the Creeper was hopping around, so it wasn’t called a virus until later. How do you feel about its classification?
A. The terminology is squishy and evolving. Technically, Creeper was a “wormâ€. It was its own vector moving itself from machine to machine. Viruses need a vector such as a floppy disk (a highly advanced data storage device at the time and so very uncommon) or thumb drive. There is also the issue of intent. In the present day, viruses (and worms) are regarded as malevolent by all except those for whom they are tools for their illegitimate purposes. This was not the case in the days of Creeper. The community was small and malicious activity was not tolerated so Creeper was at most a neat hack. (Even “hacking†has evolved in meaning; hacking was good then, now– not so much.)
Q. According to other online resources, the main way one could know if a machine had run or was currently running Creeper was to see the following printed out: “I’M THE CREEPER. CATCH ME IF YOU CAN.†Do you know what the general reception of Creeper was of the other owners/operators of TENEX machines on ARPAnet? Did they recognize the positive capabilities that Creeper was built to demonstrate, or was it seen as more of an annoyance in the end?
A. The operators of these other machines were collaborators in this effort. We needed their permission to install RSEXEC in the first place. Since the demo did nothing else interesting we only ran it a few times mostly on our own machines for debugging and then a couple of times to make sure it worked in the wider context and finally a couple of times for the demo itself. So it never became a nuisance.
Q. I see on the link you had sent me that Creeper was mainly intended as a demonstration of the ability for applications to be moved from one machine to another on the ARPAnet in order to more or less distribute computing load between machines running out of resources and machines that were idle or minimally in use. Was this idea picked up in later projects?
A. Not so much. The power of computers and networks advanced quickly enough that the economic benefit it provided never truly dominated the simpler solution of buying another computer or moving the data around.
Q. What do you think about the way the world is moving further and further into cloud computing?
A. Cloud storage and computing is a very nice solution to many kinds of problems. It stumbles when it comes to sensitive data and application.
Q. You solely created the Reaper to eradicate the Creeper, yes? What was the motive behind creating the Reaper?
A. The motive was purely to get the satisfaction of having done it.
Q. How did the Reaper track down and remove Creeper through the network?
A. The RSEXEC provided an API so an application could package itself and its data up and ship itself to another RSEXEC instance on another computer which would unpack and fire up the application on the other computer. That is RSEXEC provided the infrastructure for the purpose. Creeper and Reaper were not subverting some other mechanism to achieve their ends.
Q. The Creeper would be considered a benign virus today in comparison with the thousands of different kinds of malevolent viruses constantly moving about networks. Have you ever thought about the implications if someone developed a Reaper of sorts (or multiple types of Reapers, as it would likely have to be) that would track down and remove these viruses from networks in today’s world? Do you think it may be a plausible way to reduce the virus problem?
A. I haven’t thought about it, but now having done so for about 45 seconds, I don’t think it is practical.
Q. This is sort of unrelated, but I’m curious. I keep an old Macintosh Plus from 1986 and pull it out once in a while for sentimental reasons– I grew up with the machine, and they just don’t make them like that anymore. Do you own any archaic technology for sentimental purposes?
A. Not really. I do have a circuit board from a personal computer I designed and built back around 1979, but it is useless without everything else around it.
Q. If you do keep any archaic technologies, do you happen to still have code from Creeper, Reaper, or other original projects from back in the day of the technological frontier? If not you, then perhaps BBN or other companies might have some of these old projects stored away somewhere?
A. No code, either.
Q. I sometimes like to imagine myself in an ARPAnet world– blazing technological trails and exploring or creating capabilities. Do you ever miss the days of the wild technological frontier? If so, are there specific things that you miss? If not, are there specific reasons why?
A. What I miss most is the uniqueness of that time and being on the frontier– doing things that no one else could do or wanted to do. There are new frontiers, but they don’t seem quite the same. I’m not sure why. Perhaps it is just the passing of four decades.
Q. Are there any other thoughts you’d like to share– on this subject or otherwise?
A. Not that I can think of,
“…no more that 28 machines could have been visited by Creeper since that is the number of ARPAnet sites running the TENEX operating system at the time.”
Think of those millions, or billions, of vegetable individuals created by clonation. When a genetically healthy virus find an attack vector.
This wasn’t written by me.
You should be careful with statements like that, do you want dionicio to blow up?
https://www.youtube.com/watch?v=ZBAijg5Betw
On WhatsApp
Ah… That explains the good quality then.
This was a fascinating read, and a nice change of pace involving a bit of computing history about which I knew absolutely nothing. Thanks for posting.
“[Silicon Valley Continues to Follow in Wall Street’s Footsteps:]… For the first time in my career, I am occasionally embarrassed to tell someone I work in [Information] technology.”
Welcome to the Olds’ Club, Sogrady. Not Quite: Never forget CA is Hollywood Home, also.
“…The overwhelming majority of the people in this industry, of course, are regular, good people.”
Fully Agree.
“… Unless the excesses are widely condemned, and unless we can collectively articulate a vision that isn’t something like ‘we always know best’ or ‘the homeless should just learn a computer language’, I fear Silicon Valley is headed the way of Wall Street. That most of us aren’t responsible for the appalling lack of empathy won’t matter: we’ll all be tarred with the same brush.”
http://redmonk.com/sogrady/
dionicio,
Yea, I think many of us who have been in the software industry for a long time feel that it’s running out of vigor. The industry is just not expanding like it used to. With consumable goods, the business model is to sell things over and over again. Software developers, while we have the same innate need to support ourselves year after year, we also face ever more saturation every year. Certainly much more so than when the industry was young and new.
Heck, back in the day one could build a software empire just by clowning around. And now they’re struggling.
https://www.youtube.com/watch?v=OonpXElRLVw
https://www.youtube.com/watch?v=byU3PZSn-CY
https://www.youtube.com/watch?v=HeJnA8ItA6s
https://www.youtube.com/watch?v=_-8IufkbuD0
Edited 2016-04-07 02:44 UTC
What’s the point of those Youtube links?
No it isnt,
Mostly, I find them humorous. But it was to show change. When demand was high, awful marketing did not matter, sales soared anyways. The exact same Balmer would struggle to drive sales in later years, not because he changed, but because the industry has.
Edited 2016-04-07 07:01 UTC
It might be off topic a bit.
But I think more smaller independent software providers/lone programmers should have a model more akin to a musician doing pub/club gigs than the stadium filling rockstar..
Not a great analogy but you get the drift, ie smaller more regular hand to mouth. or pay the bills kind of gigs ; rather than the one off big glory show/piece that you can retire off.
Especially in this era of corporate wares from the Google’s, Apples, FB’s, Microsoft’s etc particularly vis a vis the privacy and information control space. But also re “bespoke” solutions as contrasted to the one-size-almost-but-doesn’t-quite-fit-all approach of corporate offered tools and solutions.
Little personalized websites offering a display window alternative to FB pages (pulling data or photos from home stored personal cloud storage) is one obvious thing.
Another is offering services more akin to that of a digital plumber (offering little bespoke solutions to fill in the gaps left elsewhere). I’ll try and illustrate this with an example I’ve been looking for but can’t quite find….
They’re are plenty of “notes” apps. But they’re massively chunky for me and note how I want to organise or remind myself. I like speadsheets, that how I want to work. I also spend a huge chunk of my working week driving between sites. Now comes into the pictures smart watches, now I know pebble for instance offer the capability via 3rd party apps to having a verbal note taking apps that will take the voice input from their “smartphone” and via an app on the paired phone carry out voice recognition and create a text based “note”. So we’re nearly there, that might suffice for a lot of people in fulfilling want they want in terms of a dictation and voice to text app. For me it doesn’t do the important bit, automatically putting that text info a new cell, on a new line, of an existing master spreadsheet. An Excel based one please as that’s where I’m comfortable with the filters etc.
Now, I’m not a rich man, however that little bit of new functionality – which surely can’t be more than a few hours work for those with the skills I’d have no hesitation paying £1000 for, it would just be so useful to me.
Am I totally wrong in guesstimating the work involved?
And if not, surely these sorts of digital plumbing jobs should be the new playground of the jobbing programmers not currently engaged in rockstar game development and so on
Edited 2016-04-07 17:40 UTC
The software industry stagnating? LOL. There are new languages, new paradigms, new distribution channels, new business models, etc, etc. What is happening, perhaps, is that the one running out of steam could be you. It’s perfectly normal part of the process of advancing in age.
As to being able to sell little red shovels all of his life.
https://kev.inburke.com/kevin/tsa-randomizer-app-cost-336000/
Via https://www.techdirt.com
http://www.theregister.co.uk/2016/04/07/lorenz_cipher_machine_tnmoc…
Please check comments.