When I was working for Palm, I came to them because they bought out startup AnyDay.com. If you believe in patents, which I don’t, we invented the online calendar, which is why they bought us.
After the dotcom crash at the end of 2001, Palm decided in their shortsighted way that their future was as a hardware company, not calendar and contacts in the cloud. They had a big project they needed my office (Cambridge, MA) to finish, and they thought they were going to lay us all off and everything would work. And in fact they TOLD us they were going to lay us off.
Then someone said “What about all the Palm VII users?” The Palm VII was the first smart mobile device. “How are they going to be able to sign in to their MyPalm (what Anyday.com had been rebranded as) accounts with their Palm VII passwords and see all their data there?”
So began project Midway, named for the makers of the Mortal Combat machine we had in our office. The problem was the Palm VII database (like the Anyday database) stored users passwords in a one way hash. A one-way hash protects passwords by converting the original password into a fixed string of characters that cannot realistically be reversed to reveal the original password. When a user logs in, the system hashes the password they enter and compares that hash to the stored hash in the database, so the actual password never needs to be stored or exposed.
We were able to sync the Palm VII calendar information into the Anyday database (named Mayan, because we grok calendars), and once that was done it would become the database of record. But we had no way to know WHAT the hashed passwords were, so we could not move them.
To solve that, we took all the Palm VII users and created Anyday accounts for them with all their calendar/contact information etc. A complete rollover. And we instituted a cutoff so that going forward, when someone tried to create a calendar or contact in their Palm VII, it would (when it was online) send that info to Anyday.com. So now Anyday.com was the password of record.
But we couldn’t bring password for the Palm VII users. Nowadays we’d just tell the users they had to reset their password, but back them we were a lot more sensitive. I decided the best thing to do was to make the Palm VII users passwords “FU” which I explained stood for “Friendly User.”
And they bought it.
Then when a user tried to login to MyPalm.com we took their password, hashed it and compared it to the hash in the database. If it failed, we look at the hashed password and if it was “FU” then we tried to authenticate the unencrypted password against the legacy Palm database. If it succeeded, we hashed the password and overwrote the FU with the hash in the users password field.
It worked perfectly and on February 1st, 2 days before our home team New England Patriots won the Super Bowl, Palm closed the Cambridge office and laid me and most of my colleagues off.
But every now and then I’d hear stories from the few friends who remained: “We’re trying to diagnose some problem with project Midway and engineers and product managers are in a room yelling “FU” at each other.
When they lay you off too soon
—
by