
Please Stop Attacking MIT's Network - sweettea
http://blog.achernya.com/2013/01/please-stop-attacking-mits-network-in.html
======
gojomo
As I'd mentioned on an earlier submission about W3C's site being inaccessible:

A cool thing about Aaron's activism was that it involved building things,
circumventing censorship, and spreading information, rather than sabotage and
denial-of-service.

~~~
wavesounds
Its not black and white. Sure Aaron built things but he also threatened to
destroy JSTOR's business model. Likewise a DDoS may seem destructive but if it
causes MIT to have better Ethics and Leadership as a result then its well
worth the discomfort. If theres a bug in your system you sometimes have to
replace some lines of code to make it better, this isn't destruction its just
change.

~~~
gojomo
If the effect of a 'protest' is to prevent people from accessing online
information that they'd like to access, it goes against Aaron's anti-
censorship views.

Every bully wants to 'discomfort' their opponents into changing. Those who use
DDoS are more like the federal prosecutors -- making 'destructive' threats,
expecting change through punishment -- than Aaron.

~~~
Yver
And how did that work out for him by the way? I head they've dropped their
lawsuit?

Also, if DDoS is "destructive" then copying a file is stealing.

~~~
gojomo
How did it work out for him? For Aaron's causes, his constructive rather than
destructive approach worked fairly well, creating change and earning wide
awareness and respect.

I wish he'd stuck it out; had there been a trial (and possibly sentencing),
the public would have learned many of the same lessons about overzealous
prosecution, the JSTOR project, the CFAA, the obsolescence of copyright, and
importance of open access. Plus, he'd still be with us.

I also believe Aaron's causes with regard to copyright and censorship will
succeed in coming decades, easily within his natural lifespan, and he would
have helped them succeed faster, so I'm sad he'll miss it.

DDoS is destructive (unlike any amount of copying) because it disables access
and functionality and effectively censors content by blocking individual
learning and communication. It causes more resources to be be wasted on
paranoia and layers-of-defense. It causes a hardening of positions and growth
of suspicion. It is much easier to portray Aaron's supporters as 'vandals' if
they help by actually committing vandalism. (I'd guess that as an 'applied
sociologist', Aaron understood this well.)

That these DoS effects are often temporary is no defense: it's destroying
people's freedom-to-communicate for a time... and the early death of a young
person should remind you that ultimately all we have is time.

~~~
Firehed
I regretfully disagree with you, in regards to the case playing out actually
being helpful to the cause. The public, by and large, doesn't give a damn
about this kind of thing.

His suicide, tragically, appears to have helped the cause - the media loves
the wild speculation and gossip that it brought about. So while his end goal
may now stand a chance of coming to fruition, he won't be around to witness
it.

The number of things that went wrong in order to generate this outcome is just
astonishing. While I knew nothing of Aaron or his cause prior to this
happening (see? media effects _sigh_ ), I at least hope the public outcry
brings about what appears to be some much-needed change.

~~~
worldsayshi
I fear that this martyrization of him sends a weird message. His struggle
wasn't very appreciated before his death and first now it "seems that people
listen to him".

~~~
j45
That's an interesting reflection. Time will tell.

------
wavesounds
To me this feels a bit like a lunch counter cook complaining all these black
people showing up in his restaurant are causing him extra work.

The whole point of a protest is to put pressure on the system your trying to
change. Start a walkout/go on strike if you dont want to deal with the
problems the organization you're working for caused.

The school only gets power from its students. Without the students there is no
school. You have more power then you think. Take a stand, make a difference.

~~~
Permit
>To me this feels a bit like a lunch counter cook complaining all these black
people showing up in his restaurant are causing him extra work.

Are black people notorious for eating or something? That kind of came out of
left field, there.

~~~
wavesounds
Yeah I was comparing a DDoS to lunch counter Sit-ins of the 60s. During the
civil rights movement blacks and other protestors would overwhelm a restaurant
taking up all the space at the counter until the owners agreed to meet their
demands. It's a proven non-violent protest that works and is very similar to
what DDoS does, except instead of human bodies filling up a restaurant you're
using http requests to fill up a server. Sorry for the lack of context in the
original post.

~~~
btilly
The significant difference is that when the owner gets unhappy about it, it is
trivial to figure out who to talk to to get the problem fixed.

The same is not true of DDoS attacks.

~~~
wavesounds
Thats a good point. But It all depends if you block your IP address or not. If
it was a legal form a protest that people didn't have to worry about going to
jail for you could easily make your information known. Problem is the
government doesn't understand technology and will label you a hacker instead
of non-violent protestor.

------
rdl
The other great protest is that any HS senior (or grad student applicant) who
has an offer from MIT and from another comparable school (Stanford, CMU,
etc.), tell MIT no, and tell them why you're saying no.

I suspect if 5-10 people who got MIT "yes" did this, MIT admissions and the
MIT President would go batshit.

(You can do this even if you were on the fence about MIT, or even if you
intended to go somewhere else anyway.)

Anon should promote this plan to HS seniors on the admissions boards and other
forums likely to be frequented by top school applying seniors.

~~~
cwoebker
Given how many applicants MIT gets I do not think that 5-10 people would be
enough to seriously upset them. Don't forget they can just get a couple more
students with perfect SATs if they want. Furthermore, like the author said, it
wasn't MIT as a community that went after Aaron, it was the administration.

~~~
rdl
5-10 who write means hundreds more who feel the same but didn't write

------
leepowers
My guess is someone wants to "send a message" to MIT and so they're attacking
the most vulnerable, most exploitable part of MIT's infrastructure: a non-
critical system run by student volunteers. I doubt it's anything personal
against Alex or other MIT students.

Imagine if a thousand members of Anonymous staged a non-violent protest at
MIT, marching across campus. This would inconvenience some students, possibly
even prevent them from attending class. Should this protest be condemned as an
unconscionable attack on students? Of course not. It's a perfectly acceptable
form of civil disobedience. Why shouldn't this extend to online protests via
DDoS?

~~~
Permit
Why is it perfectly acceptable to inconvenience people from their studies?
Man, this kind of attitude makes me want to encourage harsher penalties on
people who pull this bullshit. You do your movement no favours when you
inconvenience the same people you want on your side.

~~~
wonnage
You must not live in the US, as we have freedom of assembly here

~~~
sethist
There seems to be a common misunderstanding of what protest rights you have in
the US. The first amendment does not give you the right to protest anything,
at any point, in any manner that you want. In fact, the government has a duty
to protect my rights if your protest in infringing on them. The Occupy
movement is another group that completely failed to understand that fact. You
are legally allowed to protest, but preventing someone from going to work or
class is a quick way to get your protest shutdown. I don't think it is
unreasonable to extend that same logic to DDoS attacks.

~~~
leepowers
Civil disobedience is illegal by definition. DDoS attacks are illegal.
Marching down the middle of the street is illegal. But are these acts immoral?

~~~
sethist
If they seriously infringe on the rights of other individuals, then yes I
think they are immoral. Putting your own political motivations (no matter how
righteous) above the rights of others is a selfish act.

------
latj
I do not condone the attacks that may be occurring. However, if you are trying
to get someone's attention- it makes more sense to get the attention of the
students rather than the administration. Today's MIT students are tomorrow's
death-ray designers, robot-maintainers, and policy makers. They are tomorrow's
administration- and they may not have made up their minds yet about ethical
issues of intellectual property or the nature of doing and sharing science. It
doesnt make sense to target the administration of today. They have already
made up their minds.

~~~
danielweber
As a first guess, MIT students are very unlikely to react to someone causing
them trouble by become more sympathetic with the people causing them trouble.

Especially if the message of the attackers is "people who break into the
network shouldn't have the cops called on them." (Although we should wait for
Hal Abelson's report to find out what happened behind the scenes.)

~~~
aaron695
I couldn't disagree more. These are MIT graduates, highly intelligent people,
not some slack jaw locals.

They are fully capable to look at the issues and take moral responsibility for
the University they are part of.

How can an intelligent person support a organisation by being part in it, then
take no responsibility for what it does.

Yes I know the commoners do this all the time for their entire lives, but
being better educated (However you do it) is about moving on from this
simplistic me me me mentality and looking at the total issue.

~~~
danielweber
I really hope "better educated" and "looking at the total issue" isn't code
for "agrees with me."

~~~
aaron695
No, it's meant as a 'don't drink the coolaid' and think just because you are
part of something you are A. Right B. Don't have to accept any responsibility
for the organisation you are part of.

If MIT did something wrong and you go to MIT you are responsible for being
part of that organisation. No one is forced to go to MIT.

Take responsibility for who you support, be it a university, club or a job.

If you think MIT did nothing wrong, then say they did nothing wrong. Don't say
I'm a member of MIT but nothing bad(= short internet issues) should happen to
me cause I'm just one of the many in this organisation.

------
darkarmani
Please let me read your blog page without needed to turn on lots of
javascript. The page is blank without whitelisting JS content.

~~~
bjhoops1
Seriously? Still on the disable-JavaScript kick? _scratches head_

~~~
mixmastamyk
Yeah, how silly to disable anonymous remote code execution by default. ;)
Flashy pages that eschew compatibility and separation of concerns (even
accessibility, seo at times) are the new standard, get used to it.

Would you accept a Word.doc that required scripting to display itself?
Shouldn't the response to a non-visible blog post be WTF?

(Strangely enough, I am able to read the page w/o js, but responding in
general to this type of comment I see on HN frequently.)

~~~
esrauch
I wouldn't accept the word scripting because I don't trust their security
model; I expect there to be a very high chance of getting a virus from MS
Office scripting. I see a very low chance of getting a virus from js; there
have also been 0-day exploits from <img> tags, why do you feel OK with images
enabled?

~~~
mixmastamyk
There have been hundreds (thousands?) of javascript exploits. Javascript is
also a major component in user tracking. Go to a news site and you'll see a
dozen trackers most likely against your wishes, reducing privacy and
performance. It's a hostile internet out there.

Hostile images may exist but they are an order of mag. or two less common of a
threat. Of course, where to draw the line is subjective, but the idea that
blocking js by default is silly is misguided, imho.

~~~
chc
Can you link to a recent (for any reasonable value of the word) remote code
execution vulnerability with JavaScript? Because my observation has been that
RCE through codecs has been a much bigger vector for compromised systems.

~~~
thematt
Why does it have to be specifically RCE? Here are some lists of Firefox's and
Chrome (fixed) security vulnerabilities. Browse the lists and you'll find
plenty of critical issues related to Javascript.

[http://www.mozilla.org/security/known-
vulnerabilities/firefo...](http://www.mozilla.org/security/known-
vulnerabilities/firefox.html)

[http://googlechromereleases.blogspot.com/2009/08/stable-
upda...](http://googlechromereleases.blogspot.com/2009/08/stable-update-
security-fixes.html)

------
ryguytilidie
I feel like this guy could not miss the point by much more distance. How much
of a shell do you have to live in to think "well sure, someone died after
fighting for the rights of millions of people, but jesus, you people are going
to inconvenience us for a few hours? this is just ridiculous!"

~~~
Confusion
So after someone important to me dies, I can come over to your place and annoy
you for a few hours? What exactly does that accomplish?

Lumping everything connected to 'MIT' together as the same evil thing is
shortsighted and counterproductive.

~~~
MrScruff
I'm beginning to wonder if all the people preaching this 'Aaron died for your
benefit so now you must suffer' line are Catholics.

Taken to the extreme, this line of reasoning is what makes certain terrorist
groups think killing random civilians is acceptable. After all, if you're a
citizen of a country then you should be held personally accountable for all
the perceived crimes perpetrated by your government, right?

------
thorum
I don't go to MIT, but a commenter on a previous article about this said that
MIT's network had been having trouble for weeks. That is, before the Aaron
Swartz tragedy. Is there some other reason why someone would be DDOS'ing MIT?

~~~
geofft
That was me, I think, and I believe we now know that they are uncorrelated
(although I'm not paying as much attention to all of this as I should). If I
recall correctly, the symptoms from a few weeks ago were with the ISPs MIT
connects to, not internal to MIT's own network.

~~~
saraid216
I've noticed some really weird blips with ISPs in general in the past several
months. Nothing I can pin down, but my working knowledge is incredibly low, so
I don't know the tools. For instance, I run a Mumble server on a Linode,
nothing special, and last night, all of my SF/BayArea friends had a storm of
disconnect-reconnects. I didn't have time to diagnose at the time, but I doubt
I would have found anything either.

------
Apocryphon
I suppose the one silver lining is that this could be useful data for MIT
admins to locate weaknesses in their network.

~~~
danielweber
It's not supposed to be a hardened network that freaks out whenever anyone
connects to it.

Or is that the goal? To make MIT stop being so open?

~~~
kylec
I think that's a false dichotomy. It's possible to make the network and the
attached services more resilient to a DoS without making it less open.

~~~
mpyne
Maybe they could, I don't know, filter out requests from certain malicious MAC
addresses? Start dropping packets from the wrong IP address? Surely _that_
would suffice, right?

------
3327
why should they stop? MIT has blood on its hands. maybe you should email your
schools president for an apology? maybe all the students should? Why are you
the victim? why are students of MIT the victim? there is only 1 victim here
and its nor you or the students of MIT.

------
paupino_masano
I'm just getting a blank page - is that what others are seeing?

~~~
mappu
Yep, totally blank page. JS enabled, no plugins, no caching, Chrome Beta 24
from New Zealand. All HTML loads fine.

There's an uncaught TypeError in common.js:40 (looks like jQuery.browser isn't
getting defined?) which seems to cause the blogger object to not be created,
breaking classic.js and gadgets.js nearly immediately.

Ridiculous

~~~
paupino_masano
Yeah - you're absolutely right. It's to do with this line:

    
    
       http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js
    

It seems Google API's have upgraded this particular URL to point to 1.9 which
deprecates jQuery.browser. Technically they need to update their template to
use something like:

    
    
       http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js

~~~
mappu
Sounds about right - i'm glad browser sniffing is going away. Not sure what's
up with blogger's testing team - maybe everyone's busy helping out with the
GAE outage?

Next question - why doesn't everyone get the blank page?

EDIT: By your profile, i'm guessing you're also in NZ - Looks like they might
have just pushed the update out to only parts of their CDN.

------
hakaaak
I think it is B.S. when hackers take down an easy target for no apparently
good reason.

I respect those that take chances to risk their freedom for the good of
humanity. For example, if a government were lying to its people about
something that was negatively impacting them or their future, and only bad was
coming from that information being restricted, then I could not argue with
those that took on risk to release that information. I could not support doing
anything illegal, but I would at least respect it. But, busting on MIT has no
value I can see, and in-general attack-oriented hacking is just as bad as the
Cobra Kai.

------
rikacomet
Can we just all calm down? there isn't proof(I haven't seen one yet) that
proves that it was DDoS'd, nor do I believe that anyone has come forward to
claim it. So why jump to assumptions. When you say,RIP it means to let a
friend rest in peace. If any problems are faced by MIT, it shouldn't be blamed
on well-wishers of Aaron. Posting it on YC, seems ridiculous to me, as if its
a clear accusation, and if its posted here, anyone who did it would just stop.

Indeed it does raises eyebrows, the timing of this, but lets not jump to
conclusions without solid facts.

-1 for this article. Sorry Sweettea, No offence meant.

------
rdl
Would there be any legal problem with essentially "hellbanning" those
responsible from any online service you operate (with the possible exception
of E911, etc.)? If we find out who at MIT was responsible, as well as Ortiz
and Heymann, refusing to allow them to create accounts, or putting their
accounts into a horrible tarpit with no outside connectivity, would seem like
a much better form of protest than DDoSing MIT.

------
noonespecial1
still cant believe this school pushed for jail time

------
aaron695
This cause is trying to change the access across the world for scientific
articles and you're complaining for a short period

"A few class websites are inaccessible, a few friends' blogs are down, and web
development is a bit annoying"

That's the most selfish thing I've seen today.

No argument why this form of protest won't work just it interrupts your
current lifestyle.

And IMO it will help, it keep momentum and adds publicity to the other means
also going on.

~~~
simonster
> This cause is trying to change the access across the world for scientific
> articles and you're complaining for a short period

Many MIT professors make their academic articles freely available on their lab
websites. As Anonymous continues to attack the MIT network, they are making it
more difficult for members of the general public to access academic articles.
This isn't about open access. It's about exacting revenge for Aaron Swartz's
death. Unfortunately, it's targeting the wrong people.

> No argument why this form of protest won't work just it interrupts your
> current lifestyle.

MIT students would support an effective protest that interrupts their
lifestyles, but attacking student-run websites won't work because the only
people who suffer are students who have to clean up after you. The people
responsible for Aaron Swartz's prosecution couldn't care less.

~~~
aaron695
>"They are making it more difficult for members of the general public to
access academic article"

Given what may happen if change can be made is this really anything? This is
how most of the mostly 3rd world student/academics live 100% of the time for
most articles.

They are not attacking students sites AFAIK they are attacking the MIT network
I really doubt the Faculty are not seeing this and thinking.

This is an attack for unproportionately persecuting someone for trying to free
up scientific information. I don't see it as revenge for his death.

DoJ won't change, but academics might.

------
paulhauggis
Now you know why I hate anonymous

~~~
BrokenPipe
You hate everyone and nobody then. Peaceful protest to raise awareness in my
view.

------
guard-of-terra
The new blogger does not let me to zoom in by the means of ctrl+. It's so
pathetic that I don't understand why people use it. You can turn that off
can't you?

Back to the content of an article: Aaron suffered for nothing, but the student
thinks that he should be extempt from suffering for nothing. What makes him
think so? Life is pain.

He should be feeling shame right now, excruciating one, but instead he tells
other people what to do and don't.

------
j0j0r0
fuck you MIT! fuck you, fuck you, fuck you.

~~~
GeorgeTirebiter
Given that eloquent pair of sentences, I must ask: what do you know about MIT?

~~~
j0j0r0
well, in this case, enough to know that the organization should suffer shame.

so, i do apologize if i upset you, and didn't intend to speak to _everyone_
associated with the organization.

in other cases, i would admit that beautiful and wonderful things have come
from _individuals_ at MIT...but that is not the context within which my
eloquent pair of sentences were made.

however, in this case, it seems that academic snobbery and/or greed was a
contributing factor to the suicide of a great individual, and that is enough
for me to make my comment.

:)

------
armored_mammal
If the students have failed to vehemently distance themselves and protest to
the administration, or even quit MIT for somewhere else, then they are just as
guilty. Their attendance abets the status quo. Especially since it's a private
university.

Quit whining.

~~~
jeremyis
Does this mean Americans that haven't protested or denounced their citizenship
are just as guilty for the sometimes awful things the American government
does?

~~~
armored_mammal
Fortunately protesting at the ballot box allows Americans some measure of
escape from culpability for the actions of the US government, however most are
still responsible having voted for Democrats or Republicans, the very ones who
have put into place many of the policies that are ostensibly so objectionable.

The fact that people find it impossible to keep their hands clean is a fact of
life and of human nature, but that shouldn't just excuse everyone. It should
be a reason to try for better.

