This is a look back at some odd terms used by those of us in the computer and security industry, and what their origins are.

Bug

We use the term “bug” to mean glitch or flaw, and it is still widely used today. The origins are sketchy, and don’t involve a computer. Thomas Edison referred to “bug” in a letter from March of 1878 - in reference to telephone equipment, although Edison often used the term to refer to glitches in equipment. However this is the first written use of the term in reference to such glitches. The term bug was commonly used with any equipment glitches for the next few decades, although it seemed to be used more for electrical equipment.

A more modern use involving computer equipment did actually involve an insect. It seems that on September 9th in 1947 in was discovered that a moth had interfered with some of the electrical circuitry in the Harvard Mark II Aiken Relay Calculator, causing a failure. This was discovered by a colleague of Grace Hopper inside a Navy building, and while she often got the credit for the find, it was in fact just someone on her team - although she certainly loved to repeat her colleague found it. They used the term “bug” whenever they encountered troubles, like all of their engineering predecessors did, but as the group became more focused on software the term seemed to evolve into a reference to just computers - mainly software flaws.

Patch

“Patch” refers to patching of software in IT. One would think it is because it is like applying a bandage to help heal “wounded” software, but that is not the case.

In the early computer days, a hard-coded copy of the software was stored on rolls of paper or on punch cards. These types of media held their data via holes punched in them. Let’s say you had a program that printed off reports, but the headers at the top of the report columns needed to be renamed, instead of rewriting things from scratch, you’d code up and print out the changes only. In the case of the paper rolls, you would find the part in the old roll to be replaced, cut out that section (like with scissors or something) and then “patch” in your new code using sticky tape. With punch cards, it was way easier and you just replaced the old punch cards with new ones. This was “patching” the software.

It was said that sticking tape directly on the old section of the paper roll or a punch card for fixing one character or something was patching, and technically it was, but the name came about from the replacement of a section. Having grown up with a programmer for a Dad who started mainframe coding very early in the 1960s was my first source for this tidbit.

Pwn

The term “pwn” means to “own” and is often attributed to the gaming community, with supposedly the earliest reference being in a hand-made World of WarCraft map that made a reference to pwning all of something, instead of owning all of something. With the O and P keys on the keyboard right next to each other, this completely makes sense - and I do agree this is most likely why the term came about. However this is not the earliest reference.

I remember quite clearly seeing this term on a hacker BBS back in the day, and it was often used in IRC channels - both of these technologies go back into the 1980’s, with IRC becoming a thing in roughly 1988. It was simple enough - if a hacker had managed to gain administrative access to a system and the legitimate admins did not know the hacker was there, the hacker owned the system. Alice might say “Bell Telephone doesn’t own that server, I own it!” A simple typo and you have “pwn”. Considering “leet speak” was around it wasn’t hard to work “pwn” into the lingo quite naturally.

Now computer gaming was also becoming very popular at this time amongst the hacker types, so it is understandable that credit may fall into the gaming arena as there were many more gamers than hackers, especially by the time WarCraft came out. But as someone who hacked and gamed back then, I saw it in the hacker world and with hacker-type references well before gamers were using it. In fact my guess is hackers brought the term to the gaming community.

Zero Day

In the early days of software, when personal computers had just started and BBSs were a thing, it was a common occurrence to want to acquire software without paying for it. My Dad and his friends at work would all pool their money and buy one copy of a program and a bunch of blank floppy disks, and proceed to make copies for each other. As copy protection became a thing, one would have to use some rather sophisticated attacking of the software disk at a low level to defeat the copy protection and make the copies. I became quite good at this, so for my Dad and his friends this kind of became my “role” in his warez gang.

Through the BBS community, I learned that the big disk vendors would get their orders from the software vendors along with a very copyable clean version of the software, and as a part of the mass production process, they would add the copy protection. And either through an insider stealing a copy of the clean version or by breaking into a manufacturer’s BBS system (if they had one), one might obtain their own clean copy, upload it to some hacker BBS, and become an underground hero. The biggest prize (which consisted entirely of kudos and clout) was being the first person to get a clean copy up on a hacker BBS. To do it before the product even went on sale meant you had uploaded the copy of a program that had wasn’t public, or in other words it had been public for zero days, and this became known as a “zero day”. As it “Billy is a great source of zero days, he’s uploaded 4 in the past month to the BBS.” Obviously with leet speak it morphed into 0day, which also pops up quite frequently today as well.

Later in the hacking world, having possession of a software flaw that allowed for bypassing of some restriction to allow for illicit access - if both the software vendor AND the unlucky admins of systems that were impacted by the flaw - became known as a zero day. The reason that admins having knowledge of the bug was bad, even if a patch wasn’t available, was because this was in the days of an Internet presence usually not being critical to most organizations. Remote security flaw allowed for intruders? An admin might mitigate it by shutting off Internet access until they had a patch applied. Or they could disable a service, or reconfigure the app to not use the feature that was exploited.

Later this meant a flaw with no patch even if everyone was aware of it, although mentally I like the “zero days before vendors or the admins know” the best.

Conclusion

It isn’t often that my age is helpful, but the fact that I was around for some of these terms or had access to people who were there really helped. I hope you found this entertaining.