
Ask HN: Ominous email from PG - ABrandt
So late last night I was playing around with some scripting that interacted with HN (submitted a story). I'm not a hacker in the technical sense, so I was just playing around to see what I could make. After a few runs, I got an ominous email from pg asking "What are you doing?". Scary stuff.<p>Has anyone else experienced this? Is this an automated email when abuse is detected or did I really raise some red flags? Its from pg's email address, but the sender is "&#60;censored&#62;". I'm pretty curious about all this since he didn't reply to my reply.<p>Thanks.
======
pg
Yes, it was me. You submitted quite a lot of stories while you were testing
whatever you were testing. It was hard not to notice.

~~~
ABrandt
Oh, okay. Sorry again. I was testing a script that pulled text from a file on
my computer and submitted it to HN in the appropriate fields. I had a feeling
it might look suspicious, but it was just too much fun to play with. Lesson
learned.

~~~
duck
Scripts that are submitting stories seems like a really bad road to be going
down (even if you do it with a reduced rate)...

~~~
ABrandt
Totally agree. I definitely don't have any malicious intent to use this. It
was just fascinating to see if I _could_.

I'm new to this programming thing so perhaps I get a little carried away when
I develop a new found power.

~~~
runjake
Yes, you got carried away.

If something hasn't been submitted by a human being, it's probably not worth
being submitted by a script.

Edit: What's the deal with the downvotes? The OP said he was parsing a file
for multiple automated submissions.

This is bad. Even if he's collecting them for later in a batch, one would have
to ask himself if the links are all that good. I would assume by pg's
responses, he would agree.

~~~
doki_pen
I can imagine submitting a link from the shell. What if I blog to posterous in
mutt, then want to submit the link. A shell script is still invoked by a
human.

------
rewind
Scary stuff? If he was really that scary I'd go as PG for Halloween and watch
all the little future entrepreneurs wet their pants when they see me. Either
that, or I'd float them a couple bucks each for 6% of their candy.

~~~
ABrandt
Although that would be awesome to see, I _was_ exaggerating the level of fear
I felt. It'd probably be more accurate to say it was exciting for me honestly.
I'm fairly isolated from any startup scene, so I love any bit of interaction I
can get.

~~~
SudarshanP
This is a very wrong way to get attention. Do you realize how important each
minute of PG is? It is like throwing a stone at someone's window to get
attention. You do get the attention, but at what cost?

~~~
SudarshanP
ok I apologize :). First time being downvoted. My bad. Please don't down vote
anymore. I was not against experimentation. I just thought experimenting was a
bad idea if the value of the result was less than the value of the damage. My
mis judgement I guess.

------
bobf
"What are you doing?" is not very ominous. What _were_ you doing, out of
curiosity?

~~~
ABrandt
Maybe not, but I certainly perceived it to be ominous at 3 am. See my reply to
pg. In hindsight it was a bit of a bad idea.

~~~
bobf
I saw your reply where you said you were running automatic submissions. What
was your point in doing that though? Gathering up lots of interesting stories
and avoiding having to submit them manually? Trying to auto-submit the ever-
popular Atlantic, NY Times, and TechCrunch articles to increase your karma?
Spamming HN for profit? Or, just to see if you could? (As you allude to..)

~~~
ABrandt
The experiment started when I came across a story about the best time to
submit a story to HN. The article concluded that a certain time when I'm
usually sleeping is best so I thought, "hmm, that sucks. How can I get around
this?". I know submission time ultimately doesn't matter, but I decided to
hack something together anyways.

Probably an ethical gray area, but like I said; it ultimately was just a lot
of harmless fun. I'm not going to do anything with it. You'll know I'm lying
if you see me submit something before 10 PST :)

~~~
cromulent
Set up your own local hn and play around with that instead.

<http://github.com/nex3/arc/blob/master/how-to-run-news>

------
alphaBetaGamma
On the other hand, you should _definitely_ continue "playing around to see
what I could make". That's how you become a hacker (not to be mistaken with a
cracker).

------
EvanK
If you've never had someone contact you to stop
(spamming|scraping|crawling|DOSing) their web service, then you're not
experimenting enough.

That said, once they ask you to stop, it's the decent ethical thing to simply
stop :)

~~~
gregory80
that's great advice in spirit, but terrible advice in reality. At the least,
your ISP might ban you, and at the worst, the cops or FBI could show up to ask
what you are doing.

<http://nmap.org/book/legal-issues.html>

There are a lot of thoughts on this subject over on the nmap.org site on
messing around with data on someone else's computer, be that a private or
public service.

~~~
VBprogrammer
On a related subject. I accidentally mis-configured remote desktop on Ubuntu,
I selected the 'configure network to automatically accept connections' which
uses uPnP to open a port on your router (poorly named I think).

Someone ran a port scan on my IP and noticed port 5900 was open and decided to
connect to it, I had my computer configured to automatically accept
connections (because I use the iPhone VNC client as a remote control), I was
quite glad I was using my computer at the time and noticed them connecting!

My first reaction was to run NMAP against there IP, I guess thats probably a
bad move!

------
j_baker
Maybe it's just me, but I would have just responded to the email instead of
posting on HN about it.

~~~
sorbus
"I'm pretty curious about all this since he didn't reply to my reply."

So he emailed PG back, and didn't get a response. Having attempted that, I
would say that posting on HN is exactly the thing to do, at least in this
case.

~~~
ABrandt
Yep, that was exactly my thought process. Thank you for clarifying.

------
iuguy
It's ok. I did something stupid ages ago (posting a thread more reddit-suited
than HN IIRC, which I might not) and got an email from pg politely but firmly
asking me never to do it again. Just do as the man asks and don't worry about
it.

------
cperciva
_Its from pg's email address, but the sender is " <censored>"_

Just a guess, but judging by the first part of that address, PG might prefer
that the address not be made public.

~~~
ABrandt
Good call. I had considered that but it was plainly visible to me so I figured
it was nothing to hide. I trust your opinion though and censored the address.

------
geuis
Yup, I did this a couple years ago when working on a javascript-based
bookmarklet that would reformat the live hn site to look better on iPhones.
One wrong semi colon and it was upvoting every story on the page. pg sent me a
'What are you doing?' type of email, to which I replied and all was well.

------
enduser
Please tell us about the time you, ABrandt, most successfully hacked some
(non-computer) system to your advantage.

note: _non-computer_

~~~
ABrandt
If you're insinuating this is some kind of YC application stunt, I can assure
you its not (didn't apply and no plans to).

I do enjoy "hacking" non-computer systems though (a valuable skill they teach
in business). I think social hacking can be quite amusing. Once I was pulled
over for speeding 20 mph over the limit, with an expired license, and no proof
of insurance. I was _young_. The officer had every reason to arrest me on the
spot. When he asked me what the hell I was doing, I answered completely
seriously, "Sorry Officer, but I've got extreme diarrhea and need to get out
of this car." He took a step back and promptly told me to go home. Pretty
simple but my friends couldn't believe I had the cahones to say that.

~~~
timmorgan
I think it's in reference to your statement _"I'm not a hacker in the
technical sense."_ Which may imply you are a hacker in some other sense, e.g.
social, as you have elaborated.

------
rg
See xkcd: <http://xkcd.com/810/>

"But what will you do when spammers train their bots to make automated
constructive and helpful comments?"

"Mission Fucking Accomplished."

------
TamDenholm
To be fair when i realised i had enough scripting knowledge to be dangerous i
did try some things like this. My advice is to definitely try stuff like this
out, because its an excellent learning experience, but on places you dont care
about being banned from, theres a million HN clones out there, go forth.

In order to learn to develop things to withstand such attacks you first need
to understand them yourself.

------
mshafrir
I got the exact same email from pg a couple of years ago. I had installed the
XSS Me addon to Firefox, and inadvertently had it spamming the submission
form.

------
dropkick
What is really cool about this story is knowing that PG keeps such close tabs
on the HN community.

