

The Greatest Hacks of My Life - tansey
http://wesleytansey.com/the-10-greatest-hacks-of-my-life/

======
winsbe01
vending machine hacks, although both illegal and immoral, provide an immense
source of joy in knowing that you _beat the system_, regardless of what treat
may come out.

here's my biggest vending machine hack: freshman year in college, there was a
vending machine in our dorm building. it wasn't cheap (obviously), but it got
lots of use because it had something extra: a card reader for our IDs. if we
pre-loaded our card with money, we could use it to buy sodas, snacks, and
washer/dryer cycles. very convenient.

but the vending machine had a quirk: occasionally, for reasons unknown, it
would just start spitting out coins. it was a pretty rare occurance (and a
very exciting one) that it became known colloquially as "hitting the jackpot".
every time we went to the machine, we would cross our fingers, hoping to
"win".

while it seemed like a random occurance at first, i knew it couldn't be
completely random, and i wanted to figure out _why_ it was happening. so i
began investigating. whenever i went to the machine, i would try different
combinations of buttons, choosing different rows/columns, but i couldn't
recreate the behavior. accompanying my friends to the machine, i paid
attention to how they were inputting their order (and if they subsequently
"won") to try and figure it out.

after lots of observation, i found a pattern: everyone who ever won used their
card to buy something. focusing on the card reader, i also found that these
people had accidentally put their card in _incorrectly _ before righting it.
with a theory loosely in place, i put some money on my card and gave it a
whirl.

and it worked! here's the behavior: if you put your card in incorrectly, the
machine couldn't read it because the stripe was on the wrong side, so it spit
the card back out and flashed an error on the screen which would clear after a
few seconds. while the error was showing, the machine would not accept your
card. however, if you put your card in _immediately_ after the error cleared,
here's what happened:

1\. screen displays the amount of money on your card

2\. choose your drink

3\. drink is vended while the same amount of money is displayed (i.e. not
subtracting the price of the drink.

4\. the machine begins spitting out coins in the amount of your card value
minus the price of the drink

5\. the card is returned with the _original balance_ still intact

so, if i had $20 on my card, and i bought a powerade that costs $1.50, i would
walk away from the machine with a powerade, $20 still on my card, and $18.50
in change.

horribly immoral and illegal? absolutely. however, i still feel immensely
proud that i not only figured out what was happening, but how to reproduce it.

~~~
akat
immoral - yes. but how would this be illegal?

~~~
dpark
As a general rule, taking money that does not belong to you is illegal.

------
markmccraw
Disclaimer: I'm a poker player and small time affiliate.

The poker related ones seem to venture well into the unethical or illegal
category. That doesn't take away from the difficulty or cleverness of the
hacks, but unlike the candy theft story, there is no acknowledgment that some
of those things might have been unethical or illegal.

Edit: I now see the conclusion that notes the potential for illegality, but I
feel like the body comes off as way too proud about aiding a scam of a
business (the affiliate "arbitrage")

~~~
tansey
I'm interested to understand why you think so.

Most people in college at the time were signing up for poker sites without any
affiliate reference, so they would get nothing. At least with Aces Up they got
something back.

My poker bot was against the T&C of the site, so I could see the ethical issue
there. The bot barely won any money at the $5 SNGs (maybe $100), and factoring
in the massive amounts I lost playing my expert strategy at $2/$4 limit, it
was net negative.

The affiliate arbitrage thing was definitely unethical, though as I noted, I
did not participate directly. It was also against their T&C and my friend
eventually drifted into some even more shady areas of affiliate dealings (100%
rakeback via a similar system, etc) that lead to him being banned on most
sites.

I don't know that any of those three are illegal at all. Regardless, I suppose
I may have a predisposition for finding an angle and considering ethics as an
after thought.

Edit: In response to your edit, I suppose you could look at it as a scam of a
business. In truth, most people had a love/hate relationship with PartyPoker
since they took high rakes, didn't permit rakeback programs, and were ruthless
about shutting down accounts and seizing the money with the claim that "we're
not a bank". Being in the bot community and watching lots of people lose
thousands of dollars because PP deemed their account suspicious was enough to
make me lose any empathy for PartyPoker.

~~~
gizmo
> Regardless, I suppose I may have a predisposition for finding an angle and
> considering ethics as an after thought.

Many of us have a predisposition for finding an angle. Finding an angle is, I
agree, part of the joy of hacking. But you can never let ethics become a mere
afterthought. You certainly can't _justify_ unethical behavior by simply
asserting you're predisposed to unethical behavior.

~~~
tansey
I totally agree. I am simply predisposed. These days I like to think I'm a
little wiser, thoughtful, and empathetic than I was as a kid, so I walk things
through a little more in my mind. :)

~~~
thenextcorner
Probably against the T&C's of the affiliate program as well, where the
company, reading this, might get back to you for a claw back. At least, that's
what I would consider/investigate if I was the affiliate manager.

Al in all, clever

------
vasco
Stealing from a vending machine is now hacking?

I guess a few of you could also find out that if someone left a window open
you could get in their house and take a free TV, that would also show you the
joy of "beating a system"...

~~~
tansey
I'm not proud that I stole from the vending machine. I'm proud that I figured
out _how_ to steal from it.

Fundamentally, I see no difference between being a 17 year old in a basement
figuring out that if you send excessive amounts of data into an unchecked
buffer, you can gain control over program flow, and being a 13 year-old kid
figuring out that by rocking a machine back and forth, you can cause the front
items to rub up against the edge of the rack, effectively sawing the plastic
off. What is the difference really? Both are fine if you don't use it in the
real world and illegal if you do.

And I don't think it's the same as crawling into an open window. Rather, it's
more like lock picking, particularly after they started installing these rock-
resistant cages and we had to get creative by using two-man teams (one rocking
forward, one rocking back). I believe DefCon has a lock picking session every
year.

~~~
Newgy
Rocking a vending machine is so obvious that it does not constitute a "hack".

~~~
middus
Yes, to you it might be. To a 13yr old... maybe not so much.

------
jgrahamc
My little story. A little hack for love: [http://blog.jgc.org/2011/02/hacking-
toshiba-t4800ct-love-sto...](http://blog.jgc.org/2011/02/hacking-
toshiba-t4800ct-love-story_9458.html)

~~~
mkopinsky
I once did something similar. I was in a school that had dumb terminals on
which you could only check email - they set the login shell for all student
users as pine. We found that you could set bash or lynx or the like as the
spell checker or external editor, and in so doing, get proper internet access
(or as proper as you could consider lynx).

------
driverdan
Having lived a previous life as a blackhat, ID thief, and credit card scammer
I could write a book (and may someday) about hacks I came up with. Here are a
few:

I sold fake IDs at college. The real IDs were plastic cards and had multi-
spectrum holograms, something you can't easily fake. Combining methods I found
on the internet with my own discoveries I created simulated holograms using
clear spray paint, lamination pouches, Pearlex pigment powder, Alps thermal
printer, and a bad ass laminator. They were good enough to pass most bouncers
in-state and was told that one passed a cop.

Our college IDs could be used at campus stores, vending machines, etc. The mag
stripe just had your school ID encoded on it. If you had a mag stripe encoder
(like me) and knew someone's ID you could encode it onto your own ID (or a
fake one you printed yourself, like I did). The problem was finding school ID
numbers.

To communicate with students there was a set of folders outside the main
office of each department. Each student had their own folder, sorted in
alphabetical order. This was also where you got your grades at the end of the
quarter. I realized that your grades had your full student ID number listed
(which was also your SSN!). All I had to do was go through the folders and
find grades other students hadn't picked up yet to get their ID numbers.

Luckily the school stopped printing full numbers on student correspondence not
long after that.

------
IsaacL
This is a greatest story of how the hacker mindset evolves over time. I wish I
had more cool stories like that from my teenage years - I had a friend who was
always thinking up crazy moneymaking schemes or trying to hack the school's
computer systems, and I was always saying "oh, if it was that easy, everyone
would do it". I've been trying to erase that mindset from my brain.

------
Stwerner
I really like reading blog posts on this topic. The "greatest hack" question
on the YC app always made me hesitate because I don't really think of anything
I do as "hacking". It is good to see different categories of hacks to get an
idea of what everyone is talking about. If anyone has any links to good posts
in the same vein, I would love if you would share.

------
cgag
I'm certainly impressed by that poker bot, but it sure is depressing reading
about it at 22 and having never really written anything more than 1k LOC. I
feel hopelessly behind sometimes.

edit: I also wanted to mention that Curvio sounds like a great idea, do you
have any competitors? It's one of those ideas where I'm surprised it hasn't
already been done, which I feel is usually a good sign.

~~~
sounds
I remember being 22 and feeling hopelessly behind.

Keep at it!

~~~
no-go-mojo
How do you feel behind at 22? Your 20s should mostly be blown away on things
you'd not do later in life. I think.

~~~
kragen
Why? If you wouldn't do them later in life, why would you do them in your 20s
either? Unless you mean things like claiming to be 23, which would be
dishonest if you weren't.

~~~
no-go-mojo
No man, partying 6 nights in a row, hanging out being care free, living for
the moment etc. So if someone asks you, how were your 20s, you smile and say
wooh, they were good, and off record. :-)

Basically I'm saying party it up, learn a bit about everything and everyone,
back pack across a continent or two, and don't be in such a rush to jump in
the rat race. When you're in your late 20s, dropping everything and rolling
out will most likely be near impossible. You will be more rooted like an older
tree. Right now just see and feel the world you have come into and just play
with it.

My 2 cents.

P.S. to me a Michael Jackson or Mark Zuckerberg are not a great life, because
they were/are unidimensional. They are what they are and not much outside of
it. In technology, a rounded and balanced figure I can think of Steve Jobs. He
got the fuck out, then got back in. In is always there, you can always get
back in, but you can't always get out.

Good luck!

~~~
kragen
> partying 6 nights in a row, hanging out being care free, living for the
> moment etc.

If those are good things to do, why are they not good when you're not in your
20s? If they're not good things to do, why would they be good in your 20s?

They sound kind of like stupid, boring wastes of time to me. But if they
genuinely make you happy, why would they stop genuinely making you happy
because your hair fell out and you got fat?

> When you're in your late 20s, dropping everything and rolling out will most
> likely be near impossible.

When I was 29 I quit my job, and then digitized the Oxford English Dictionary,
published my first peer-reviewed paper, moved into a Volkswagen bus, drove all
over the country with my wife (having to learn to rebuild the van's engine in
the process), and moved to Argentina.

You can live a cliché, but you don't have to.

> P.S. to me a Michael Jackson or Mark Zuckerberg are not a great life,
> because they were/are unidimensional. They are what they are and not much
> outside of it.

Given that statement, I'd bet money you don't know Zuck personally.

------
josephmosby
I was an assistant to a university sysadmin when I was in school. I always
wondered why we bothered locking the computers themselves from being opened
when it would have been exceedingly difficult to walk out of there with
anything...

Now I know, O Manual Deep Freeze Hacker. Solid work.

------
jlind
This reminds me of how we figured out in our high school computer labs how to
circumvent the monitoring/control software the teacher would use.

First it was succeptible to killing the process, easy enough. Once that was
blocked, we figured out that some clever use of some default applications in
windows would cause it to crash and give us freedom. After those
vulnerabilties were fixed or blocked, and we had tried pretty much anything
else we could think of, someone figured out that hitting ctrl + alt while we
logged in would prevent it from even loading in the first place!

Unfortunately it was pretty easy for our teacher to catch us in the silly act
of banging on our keyboards at login.

~~~
stabro
And your comment reminds me of the method I used to circumvent my teachers
monitoring/control software. He had his running over the LAN so all we did was
bring USB wifi adapters which got us on the schools WLAN which took our
computers off his software for some reason or the other.

------
rkudeshi
Lots of interesting stuff, very impressed. Good luck with Curvio!

------
Splines
There's something universal about the struggle between IT and students in
schools. It's definitely a breeding ground for creativity and information
sharing.

------
vinhboy
Great stories. Couple of similarities to my life. But hey, have you ever
considered building a bot to play Omaha?

------
edge17
i'm not a nostalgic guy, but this made me reminisce a bit about how I got to
26 :)

------
scott_s
Hey, Wesley. I didn't know you were on HN. Small internet.

