Talk (software)

talk
	Command-line Unix "talk", using a split screen user interface, was popular in the 1980s and early 1990s.
Operating system	Unix, Unix-like, V
Platform	Cross-platform

talk is a Unix text chat program, originally allowing messaging only between the users logged on to one multi-user computer—but later extended to allow chat to users on other systems.

Although largely superseded by IRC and other modern systems, it is still included with most Unix-like systems today, including Linux,^[1] BSD systems^[2] and macOS.^[3]

History

Similar facilities existed on earlier system such as Multics, CTSS, PLATO, and NLS.^[4] Early versions of talk^[when?] did not separate text from each user. Thus, if each user were to type simultaneously, characters from each user were intermingled. Since slow teleprinter keyboards were used at the time (11 characters per second maximum^{[citation needed]}), users often could not wait for each other to finish. It was common etiquette for a long typing user to stop when intermingling occurred to see the listener's interrupting response. This is much the same as interrupting a long monologue when speaking in person. More modern versions use curses to break the terminal into multiple zones for each user, thus avoiding intermingling text.

In 1983, a new version of talk was introduced as a Unix command with 4.2BSD, and would also accommodate electronic conversations between users on different machines. Follow-ons to talk included ntalk, Britt Yenne's ytalk^[5] and Roger Espel Llima's utalk.^[6] ytalk was the first of these to allow conversations between more than two users, and was written in part to allow communication between users on computers with different endianness. utalk uses a special protocol over UDP (instead of TCP used by the rest) that is more efficient and allows edition of the entire screen. All of these programs split the interface into different sections for each participant. The interfaces did not convey the order in which statements typed by different participants would be reassembled into a log of the conversation. Also, all three programs are real-time text, where they transmit each character as it was typed. This leads to a more immediate feel to the discussion than recent instant messaging clients or IRC. Users more familiar with other forms of instant text communication would sometimes find themselves in embarrassing situations by typing something and deciding to withdraw the statement, unaware that other participants of the conversation had seen every keystroke happen in real time.

A similar program exists on VMS systems called phone.^[7]

Security

A popular program called "flash", which sent malformed information via the talk protocol, was frequently used by pranksters to corrupt the terminal output of the unlucky target in the early 1990s.^{[citation needed]} It did this by including terminal commands in the field normally designated for providing the name of the person making the request. When the victim would receive the talk request, the name of the person sending the request would be displayed on their screen. This would cause the terminal commands to execute, rendering the person's display unreadable until they reset it. Later versions of talk blocked flash attempts and alerted the user that one had taken place. Later it became clear that, by sending different terminal commands, it is even possible to have the user execute commands. As it has proven impossible to fix all programs that output untrusted data to the terminal, modern terminal emulators have been rewritten to block this attack, though some may still be vulnerable.^[8]^[9]

References

^ man talk, ubuntu.com
^ man talk, freebsd.org
^ man talk, apple.com
^ Day, John (December 19, 2002). "[ih] Origin of 'talk' command". internet-history (Mailing list).
^ "YTalk – About". ytalk.ourproject.org.
^ "utalk – a UDP-based talk protocol". utalk.ourproject.org.
^ Vos, Marc H.E. "Marc's Place – VMS – Phone". marc.vos.net. Retrieved 2016-10-19.
^ "Updated vte packages fix gnome-terminal vulnerability". Red Hat Customer Portal. February 24, 2003. RHSA-2003:053-10, CVE-2003-0070, Red Hat Bugzilla 1616950. Archived from the original on March 4, 2016.
^ Moore, H D; Digital Defense (July 11, 2009) [February 25, 2003]. "Gnome-Terminal Window Title Reporting Escape Sequence Command Execution Vulnerability". SecurityFocus. CVE-2003-0070. Archived from the original on January 28, 2021.