On Fri, Nov 15, 2019, 7:32 AM Doug McIlroy <doug@cs.dartmouth.edu> wrote:
> That was the trouble; had he bothered to test it on a private network (as
> if a true professional would even consider carrying out such an act)[*] he
> would've noticed that his probability calculations were arse-backwards

Morris's failure to foresee the results of even slow exponential
growth is matched by the failure of the critique above to realize
that Morris wouldn't have seen the trouble in a small network test.

The worm assured that no more than one copy (and occasionally one clone)
would run on a machine at a time. This limits the number of attacks
that any one machine experiences at a time to roughly the
number of machines in the network. For a small network, this will
not be a major load.


The worm became a denial-of-service attack only because a huge
number of machines were involved.

I do not remember whether the worm left tracks to prevent its
being run more than once on a machine, though I rather think
it did. This would mean that a small network test would not
only behave innocuously; it would terminate almost instantly.

it had code to do that, but IIRC, there were bugs in that code that prevented it being completely effective in some cases... the sorts of cases, though, that a small scale test wouldn't likely catch.

Warner