My FBI file was for hacking into my school district's AS/400 that handled my school's attendance and grading system. Somehow using a public IP address with no access restrictions allowed a clear telnet path in from home. Compounding username and passwords that were all the same for every employee. I didn't change a thing, just LOLed and told someone. Bad mistake.
This was the late 90s.
Oh well, 2 week suspension and kicked off the computers for less than a year. A nice conference with FBI, police, my parents, IT and school administration. Fun times.
I learned my lesson to not talk about such things because their egoes were too fragile.
When they decided to give students in their website design class ftp accounts on the district wide web/email server running an ancient version of Debian, they didn't disable the shell, just added a login script to a menu for pine, etc. for people who telnetted in, which I'm sure the sysadmin was proud of. However, a few fast CTRL-C's broke out of his script menu loop and got me a shell, and they didn't shadow protect their password files. Ran it through john the ripper and had half the district's e-mail passwords in a default dictionary file including the root pw in a few minutes. LOLed and never told anyone about that.
I had sysadmin rights on my school’s Windows servers after some very simple social engineering (for a 10 year old). The real irony was that I was called to the principal’s office on multiple occasions because I seemed to be able to fix things on the network that the local “admin” (e.g. music teacher) couldn’t.
Fun times indeed.
It completely ruined my respect for authority figures. Which in retrospect has been the most valuable outcome from being the local “that kid from Wargames”
I was in high school from 2007 to 2011. Half of it in rural Alabama, the other half in the Bay.
Even being in the tech capital of the world, the school administration's views on technology and information access were so backwards. Our school basically didn't allow accessing any websites that weren't on some allowlist. Teachers had accounts to bypass the content filter.
We had a game design class that happened after school. Usually that period was reserved for making up classes you failed, but ROP courses that didn't align with the district's curriculum goals were taught as well.
Needless to say, pretty much every resource we needed was blocked. So the teacher would give out his content filter bypass credentials, because the school wouldn't entertain any exceptions to students not being allowed to have them even though they knew there were classes on campus that would have tremendous difficulty. A couple of times a student would leak the credentials to others on campus and it'd take all of 5 minutes to get to everyone on campus via social media.
They'd always treat everyone who knew the bypass accounts as "guilty unless proven otherwise". I ended up in detention a few times for even knowing it. Parents complained to the school a bunch, school just always blanket said "bypassing the content filter as a student is against policy for any reason. No exceptions."
Makes me think back to 1st grade in 1999 when I was first given internet access and being told not to use Google because "it wasn't safe". Couldn't have been that bad because it took another half decade for me to inadvertently end up on the "adult" part of the internet.
Similar time period, I used portable Firefox and then Chrome on a thumb drive to bypass our content filter. I actually find this surprising in retrospect, but I'd guess they were using Content Advisor on Internet Explorer[1]. I carefully guarded my secret.
If I were smarter, I probably would have learned about proxy servers. I was tantalizingly close as is. I had set up port forwarding on our home router and a dyndns account to access my (Linux) desktop via ssh. I'm almost surprised it took me another few years to bump into SOCKS proxies. I already had 99% of the setup, just not the final step. Oh well I guess.
Our school was Windows land as well. They blocked execution of certain programs by some policy in Windows explorer in Windows XP (they had never adopted Vista, and 7 was still "too new"). Funny thing was, if you knew the path to them, you could just point Firefox or Chrome at a file:// URI and run it out of your downloads directory. Oops.
There was also that time I got detention for riding my bike in the school parking lot. Which was dumb, because I always showed up 30+ minutes before any cars did because I made a deal with the sculpting teacher that I wouldn't have to do sculpting if I showed up early to class and learned about the chemistry of clay glazes along with helping him mix them for class, which was honestly far more interesting to me.
Our AP Chemistry teacher was a nuclear engineering postdoc from MIT who spent her entire career helping clean up after US military nuclear accidents.
High school was a weird time. It just boggles my mind still to this day to have a school staffed by some wonderfully brilliant teachers and have an administration that seemed to lived in fear of a student body who dared learn something or learn from someone they didn't approve of.
> They blocked execution of certain programs by some policy in Windows explorer in Windows XP. Funny thing was, if you knew the path to them, you could just point Firefox or Chrome at a file:// URI and run it out of your downloads directory. Oops.
Microsoft security baffles me. You could run Windows Update in the browser (and also antiviruses using ActiveX). Who would think of making it possible to alter the OS… from the browser?
I think those restrictions were really for ATMs and kiosks, but school administrators see them and decide to turn them on. If the user is able to open more than one application there is no hope in locking down functionality. Windows Help Viewer lets you open a web browser for example.
My school disabled right click in Windows Explorer, I'm still not sure why.
I set up a proxy server for myself to use at school and showed a few friends, and then suddenly everyone at my 2000 person highschool knew who I was. Incredibly I didn't get in trouble for it, my principal thought it was clever. Simpler days.
No need for Firefox/chrome to "download" software, you could get a java-based file manager; this allowed browsing the filesystem and running software on the public library computers, which were far more locked down than any school computer I've ever seen (they had software to enforce 15/60 minute session limits, session reservations, etc, and group policies that disabled external storage, explorer, and the start menu; most browser functions were disabled).
If you've got a Citrix-based application available, there's usually some way to trick your way into that system; in my case it was by going to file->open in the weird processor, and right-clicking it to open it in (the remote session) explorer, which had my local media mounted (flash drive), and allowed access to the remote browser. If you can get a cmd prompt, you can also sometimes get around restrictions with that, possibly by using it to open task manager. In college, these weren't locked down so much as intended to be single-purpose (for running Photoshop, etc from home), and I used similar tricks to gain access to a command prompt so I could register fonts for my projects using FontLoader[1].
Of course, despite every PC being on a domain, there was still the local administrator account, which was easily obtained by leaving an unused computer running ophcrack overnight. Eventually I found out that the roaming network administrator account password was simply ford, as the admin left a local account on a computer that wasn't networked; this pretty much lasted me through high school. For bypassing the firewalls? That was simple; I got a free shell account, and later my own server, an early openvz vps.
Once I got my own server, I spent long amounts of time trying to increase the amount of RAM available to me (since it was fair-share CPU on a decent server, building and similar jobs ran far faster than my current digital ocean VPS). At this point, I found out about sshfs on my own computer, and spent ages trying to find a decently cheap Xen VPS so I could use kernel modules for sshfs and swap. Eventually, I gave up. One period of my last semester I was a TA, rarely with any work to do, so I spent most of my time on IRC and setting the wallpaper to be Cyanide & Happiness comics.
> Even being in the tech capital of the world, the school administration's views on technology and information access were so backwards. Our school basically didn't allow accessing any websites that weren't on some allowlist.
That sounds very big tech to me, exactly the model towards which Facebook et al. are moving.
Had a similar problem with feeling betrayed by authority figures when I was called in to be questioned about a hacking incident while in middle school just because I was good at VB in programming glass. Can really ruin a kid's confidence for years to come in case anyone in such position is reading this now.
I can point to several false accusations I suffered as an elementary school student that made me deeply skeptical and wary of authority.
"Even if I color in the lines, or intentionally dabble in creative thinking, some adult might yell at me... Hm. I don't need their permissions. They obviously don't see how great I am so they are a dumb nuisance."
Same thing happened to my friend in high school, there was someone causing some mischief with some of the school computers, and just because he was into BBSs and computers, he was a big suspect, but he was a good talker and was able to avoid any punishment.
He was a good friend because he kept silent about the fact that I was the one doing it ;)
Public network shares, cain&abel, learning about NTLM downgrading and well, these were the days when Wifi was "new" and wireless B and G was considered wow, 54mbps.
Back then, everything really felt like magic.
Old netsend trick, pre windows xp SP2.
There were enough stories at this time online that I knew it was best to say nothing. Did nothing bad, just explored, learned quite a few things and well was surprised how really easy it was to do things.
Nowadays, I feel kids won't/don't get that chance to explore - which is sad. Internet is curated through apps and "enagement" user experience and cloud services/SAAS.
Maybe they can spot a lifetime link to a google sheets master password document. ;)
When I was 11 I social engineered the son of the computing teacher to get all the admin passwords. Then I fucked around with a whole bunch of stuff and showed a friend. When they figured out it'd been hacked they weren't sure who did it, but my buddy broke down very quickly and let them know lol.
I was banned from the computer lab for the whole of my secondary school years. It didn't matter though, because when I was 12 (~1989) the headmaster dropped computing from the school curriculum as "computers are a passing fad". They just used the computers for typing up essays after that.
It's hard not to be critical of this headmaster, but I do have to question both the intelligence and the wisdom of someone who, in 1989, could not clearly see computers had no chance of becoming a "passing fad".
Picking up a copy of The Wall Street Journal at any point in the previous ten years could have clearly indicated that... and any school at which there's a "headmaster"... I would expect the WSJ is not a foreign entity to them.
The fact the parents allowed it to go through, in hindsight, is absurd. The computing teacher did try to teach us outside of school hours some times, but I failed the Computing GCSE (F grade), which is hilarious as at the exact same time I was being offered a job at Argonaut Games after Jez San tried out my 3D engine.
There's the educational, constructive "Hey lokimedes I hear you're pretty good with this computer stuff want to come and help me while I solve a problem?", then there's the not so educational and not so constructive "Hey lokimedes, I hear you're pretty good at this, want to solve this problem for us?".
The "admin" person calling you for the former? Pretty cool. The principal calling you to their office for the latter? It really does say weird things about authority figures to a kid who's paying attention, especially when mixed with the cluelessness about security.
It's not just the words though, here. Being called to the principal's office is an exceptional occasion. If they were called to the office that many times, they'd see through the words and recognise that the adults were out of their depth and that's why they were being called.
I found the password to my teacher's eBoard[1] in 4th grade (a five digit code) and started changing things as a practical joke. Then I started seeing more five digit codes just written on Post-it notes…
I read the opposite, but it's still meaningful. A sysadmin who can't do his job and has to defer to a kid is embarrassing and at that point how can you trust the "authority" to know what they are doing.
This reminds of a Costco bug I discovered, it appears that they fixed it lol.
So, Costco runs AS/400 in stores, and their online store is in .Net MVC. I worked with both technologies and often have to communicate with AS/400 devs and they are close to their retirement so little fucks are given. Plus, working with DB2 is annoying in general, the .NET data provider from IBM is expensive and sucks.
Now onto the bug, when you purchased items online at a discount, you were able to return to store at a full price as their systems were not communicating that a discount was applied. I returned several items, but did not realize until I bought a laptop that was $400 off and tried returning it. I ended up calling Costco and letting them know. Unfortunately, they didn't give me any lifetime membership or a good citizen award.
If any Costco devs read this and know about this send me some love.
Costco still has issues of resolving discounts on a return. I won't state the bug explicitly but I had a conversation with them about how they refunded me a significant amount I never paid on a large purchase and showed them the delta via receipts. Local management was appreciative but didn't seem to have an idea of how to proceed to make things right. Ultimately they said my account would be flagged as owing the difference so the next time I shopped I would be charged for the incorrect refund. The problem is that that didn't work either and I don't shop there often. I tried to do the right thing but ultimately it ends up being their responsibility to handle it when the customer is standing right in front of them showing their loss of revenue.
"I tried to do the right thing but ultimately it ends up being their responsibility to handle it when the customer is standing right in front of them showing their loss of revenue."
I bought some lions mane mushrooms from a grocery store, which cost $10-12 per lbs. The cashier rang them up as "regular" (button) mushrooms at $2 per lbs. I pointed out the mistake and she tried to correct it but chose the button mushroom again. I brought it up a second time and she selected a different incorrect mushroom at a slight increase ($4/lb?). At that point, I gave up. She's the one ringing it up. I tried.
Wegmans has them sometimes. I have two local/independent stores that also carry them. Although, I grow my own due to price. Occasionally I'll get some from a small scale producer who sells to the two local stores.
I was in dire need of an Cat 5 cable a few years ago and went to Walmart to get one. Until this point I had always made my own cables, so when I saw the price ($40ish) I was floored. Unfortunately, I had to buy it anyway. As I was checking out I had that cable and a small bag of beef jerky. The cashier wasn’t paying attention and didn’t engage with me at all. She scanned the beef jerky and moved the cable across the scanner, but it didn’t register. She told me it would be ~$3.50. I considered telling her that missed the cable but given the fact I was mad about the cable costing so much I didn’t say anything. I always wondered if I would feel bad about doing that, but several years later I still don’t.
I once made a purchase of multiple items where the cashier scanned the items, put them in a bag, charged me a total and I paid it. Only sometime later I found out they missed a $100 item.
Did I steal something? Did the cashier give me something for free? Who is responsible? What if I didn't notice the $100 charge absent from the bill? What if I was charged twice as much? What if I told the cashier and they did nothing?
What turns something into a crime, in your eyes?
I certainly don't think I stole anything, nor do I think OP stole anything.
The OP knowingly walked out without being charged. At this point it’s not any different than if he/she had just pocketed it and walked out.
The different between this and the contrived shit you posted is knowing you didn’t pay and walking out of the store in the first place. There isn’t really any subtly here.
It is different. In the checkout case, the cashier's intervening negligent act led to you getting the item for free.
It might still be theft (or fraud or some related charge), but only if those laws create a strict liability crime out of keeping something that you know was given to you by mistake. I'm not sure but I think there might be specific laws to that effect if you knowingly take advantage of a bank's mistake. Whether there's a similar law in general, probably depends on where you live.
In the pure theft case, there's no intervening act by a store employee. It requires criminal intent.
The argument that if the customer knew, it's theft, applies equally to cases where the product is rung up incorrectly, which several other people in this thread have claimed to have witnessed. I guess we're all thieves now. I've been overcharged and undercharged at stores.
Also even if the intervening act by the store employee doesn't matter, it would be impossible to prosecute. They'd have to show that the customer knew the checkout person missed the item. How would they do that? Interrogating people you live with to find out if you mentioned it to them? No, they don't have access to admissions on HN years later.
> In the pure theft case, there's no intervening act by a store employee. It requires criminal intent
Yes there is, they have cameras and people who can frisk at the doors. I don’t think you want to go down the path of “if there was some action an employee could have taken to stop it, it’s not theft”.
> No, they don't have access to admissions on HN years later.
“They can’t prove it” is not an argument that something isn’t theft. You can go through whatever mental gymnastics you want to go over how difficult it will be to legally prove theft for prosecution, but it doesn’t change what it morally is at all.
In smaller stores (fast food restaurants for sure), when the cash doesn’t balance, the employees pay the difference i think. does it hurt walmart or does it hurt the employees in that case?
Who is at fault for that harm? The customer? The employee? The employer? Regulators? Society??
I'm not even sure this is relevant. We're not talking about a cashier returning too much change. In this scenario, there is nothing to not balance. The item wasn't scanned, isn't on a receipt, was simply given away. The balance in the till is still correct.
If an employee of the store quotes you a different price than the label on the shelf or item, you owe the store zero responsibility.
Retail stores change pricing on products and fail to update pricing on the shelf all the time. Home Depot, Walmart, etc have interactions like what OP described occur every day.
The responsibility rests with the corporation to train and reward employee behavior.
If the company has chosen to staff their store with someone that doesn't give a fuck (underpaid, poorly treated, mismanaged, improperly trained, not well rested, etc), then that is a gamble they chose to take, and the last thing I am going to do is rock their boat when they built and arranged it this way.
FWIW, I don't think it was the moral or ethical thing to do. I didn't intend for my post to come off as if I thought it was. I shared this story in the context of process breakdown, not "stealing is ok".
As for my thinking, it was impulsive, I was a fresh grad and didn't have much money, I was upset about the price, I thought the cashier was being rude by completely ignoring me. I felt like I attempted to engage with the process of buying the cable in the correct way and the process broke down in my favor. I was not going to go out of my way to fix it.
Again, none of that makes it the right thing to do. I wouldn't have considered walking in and stuffing it into my pocket, but feeling like I did my best I shrugged my shoulders and went on with my day.
Opening stores in key areas to destroy local business. Draconic contracts with suppliers. Lowest possible quality. Highest possible price. Huge markup.
Can you walk me through the thinking of "corps fuck me over and I should be thankful"?
I met someone many years ago who bragged that they did this with sales tax. They purchased expensive items at Costco in Oregon, paying 0% sales tax, and then returned those items in Washington and received a full refund plus 10% sales tax. This was the first time I met a person who appeared normal but lacked social mores against fraud.
In grade school a class mate told me how to mail letters for free: print where the letter _should be sent_ in the return address, print anything for the apparent delivery address, apply no stamp, and drop in a public mail bin. The letter will be sent "back" to the return address because postage was not paid.
When I got home later that day I excitedly shared with my parents the new hack I had learned and they told me it was wrong because it was stealing. I had been so taken with the neatness of the scheme I did not register its immorality.
I use this exact scam as a way to explain email forging and how the Bad Guys (TM) get spam delivered.
Funny enough, my grandmother told me about a version of this scam, but as a prank. Get some roadkill, put it in a sealed bag. Put that bag in a box. Mail it the slowest way possible to a far away address that doesn't exist. Put your target's address for the Return Address. Be sure to do it in summer. By the time it gets to them... yuck.
I went on a tour of a USPS Bulk Mail Center and asked what was the weirdest thing they ever came across. Mail person said they had a box bleeding onetime. They set it aside for the postal inspectors. Turns out it was steaks.
I would expect that postage scam to only work in the same geographic area. If you put a return as California but dropped it in the box in NY I dont know if they would return it, would they? If so I would imagine they have anti-fraud measures against doing this in mass.
A postmark is applied where the post office receives the letter. If the return address isn't in the post office's service area and there's no postmark, it's fraudulent. I'd be shocked if the automated systems don't check for that before applying a postmark.
Not refuting anything you said, but I personally have dropped letters while traveling on a weekend, just because, so like dropping a letter in Oregon on Saturday evenings, obviously with proper postage, and my return address as in different state 800 miles away. One reason is If the delivery address is in same direction, i.e. if I am travelling towards letter's destination halfway, I like to see it as quick delivery and help to Post, like I am covering half distance for them.
You're right, it's not necessarily fraudulent, and there are cases like yours, or when someone's on vacation and uses their real home address as the return address.
But there's no way to allow those while preventing abuse, so I can't imagine what good options they have other than to reject and trash those pieces of mail (since they have no way to return them). I guess they probably allow them and eat the losses due to abuse?
In uni me and a friend who when to a university across the country (not US) did something similar - he mailed one letter to me once, then I'd replace the letter, cross out the address and write "return to sender". We'd do that over and over again. I think after 3 times the letter just got dropped and not delivered
I'd expect Costco would require receipts for returns, even for online purchases, like most stores. Then the store would only refund the amount after discounts. But perhaps Costco is more trusting of their customers because they have to pay for membership.
> I learned my lesson to not talk about such things
I like how you shared how you learned lesson to not share mischievous activities with people in the same post you then go and share more things you haven't been caught for.
This is going on your permanent school record! /s
That's great. I know even as of recent of 2021 I've seen some places that had 0 security on things.
> I like how you shared how you learned lesson to not share mischievous activities with people in the same post you then go and share more things you haven't been caught for
American public schools are quite adept at teaching distrust in authority, particularly in bureaucrats. That doesn't mean distrust in everybody.
Because in the United States, unprivileged kids often get thrown into what we call the "school-to-prison pipeline" for inconveniencing authority figures.
Unfortunately, they end up learning a different sort of hidden lesson.
I love how student government teaches you how government really works. The election is a popularity contest for a puppet regime with no real power, but you can pat yourself on the back and take price in the democratic process.
This made me think of The Simpsons episode that parodies Evita. Lisa is elected but quickly becomes a tool of the school administration. Season 14 I think
Depending on where you go to school, I think student government actually does have responsibilities with planning events and such, and this gets far more important in college than in k12.
In k12, while it's not really meaningful, It's still an extracurricular activity, and at the same time it shows that you can work with others (theoretically) and that people like you enough to put you there.
Unless you're in an anime. The student council in anime not only has power in the school, but outside political and military power besides.
> American public schools are quite adept at teaching distrust in authority, particularly in bureaucrats.
I wonder to what extent that property is primarily due to them being schools, or primarily due to them being public, or primarily due to them being American, or is it some combination of the three?
My own impression (having experienced both as a child) is that private schools are less prone to bureaucratic inflexibility than public ones, which is one of the reasons why my wife & I have chosen private schooling for our children. But, not the US, so our experiences may not be directly comparable.
I think the example is in the great grand parent comment
> Oh well, 2 week suspension and kicked off the computers for less than a year. A nice conference with FBI, police, my parents, IT and school administration. Fun times.
Something that most would believe as non-malicious and just for the lolz received a (what I personally think is) heavy punishment. So as a kid you learn to just keep that to yourself because you don't know if you'll get a "oh thanks for telling us" or a "you're expelled". Its not explicitly said to distrust but you learn from experience.
I think this is especially prevalent in schools. You'll see things like this even for things that aren't related to computers. When I was a kid, drugs in your locker were your drugs, even though breaking into the lockers was trivial and stashing drugs in other people's lockers was the way business was done.
I wouldn't have told the school of a theft I witnessed even if I knew there were cameras recording the entire thing. You're guilty unless you can prove someone else was more guilty and they're not really concerned about the truth of the matter so they're not trying to help you.
When I was 11 or 12 we had a bunch of old Windows (2000?) boxes with a shared network folder — all the students' files were in the same folder. I had just learned about basic batch file "programming" so I made one called Change Your Grades Click Here!!.bat which asked for your username and password (we had individual accounts on the Mac computers) and saved them to a hidden text file in the same folder. Most people didn't fall for it, but I got one girl's login that actually worked, which scared the shit out of me, and I deleted the program. (I really wanted to tell her that "emma" is not a good password, but I thought it wouldn't turn out well for me.)
A few years later, I cracked the admin password (with a Ophcrack live USB) for a silly reason: they had the machines mostly locked down, and I wanted to change the desktop background hahah. I remember being quite disappointed in the sysadmins that the admin password for all the machines in school was a common dictionary word, cracked in 30 seconds.
Oh, once I met a guy who identified as a "hacker" (in the sense of breaking into systems illegally) and he told me (then a young teen) to "have my fun" before I turned 18 and then to stop, which in retrospect was very good advice.
When dsl was deployed into my town, it was mostly for doctors offices and the local hospitals.
I was one of the first normal citizens to get dsl internet. I opened windows explorer, and saw all the hospitals and doctors office network folder shares, with patient data.
> I got one girl's login that actually worked, which scared the shit out of me, and I deleted the program. (I really wanted to tell her that "emma" is not a good password, but I thought it wouldn't turn out well for me.
With all due respect for HN policy of nuanced, Intelligent debate.
> I learned my lesson to not talk about such things because their egoes were too fragile.
At my university in the early 90s I went the white hat route and had tons of fun. I managed to convince the computing center folks to give me a student job in the Unix group, and then spent the next three years hacking their systems and getting a pat on the back when I did it.
I cracked all the passwords in my MS-DOS based computer programming class by modifying the boot floppy. It was pointless since the assignments were easy and I had perfect grades in that class, and the only thing this allowed me to do was steal other peoples' homework. But eh, boredom....
I also figured out how to auto-crawl the networks of all the schools in our district, which, as a self 15 year old whose only experience was non-networked DOS, is still a proud accomplishment. The only things I found were a bunch of printer management, some office form templates, and a cool video game that was like sim-moonbase.
But then my teacher found the file in my home dir called passwords.txt, and I was busted. Oh well. Instead of an FBI file, I got a detention, and I had to teach him how to write-protect the boot floppies so no one else could do what I had. (he didn't need to know that you could reverse the write-protection with a piece of electrical tape)
> I didn't change a thing, just LOLed and told someone
> Oh well, 2 week suspension
God damn, these idiot school people have no fucking clue that someone who points out a security flaw to you without inflicting any harm is actually doing something good, and that behavior should be encouraged and rewarded.
BRB, preparing my YC S22 application: "BugBakeSale"
"We're bug bounties for America's school districts: HackerOne for the K12 market. The product is free if you let our corporate partners, who also fund the bounties, recruit the winners."
I had two friends that did similar in the early 2000s, except that while the school knew there was a breach, they never caught who did it. Had all student social security numbers, grades, attendance, etc pulled into a thumb drive on the school network. I imagine this happened a lot around various school districts, especially in that time when school networks were less secure.
With all the shenanigans I was into as a turn of the century high school student, I'm incredibly lucky to have never had a (known) FBI run-in.
At my first high school I was expelled for selling teachers a boot floppy that disabled the district's security software (Fortress) on their machine.
At my second high school I was busted twice, once for selling CDs with a much anticipated unreleased movie, and the second time for finding (and copying) a network share that had every student's school photo from that year before they could even purchase it.
Nevermind all the unsavory nonsense I did outside of school and was luckily never busted for.
Good times indeed. I got into similar mischief, but my school didn't really mind. I got a slap on the wrist, because they were to prestigious to court negative attention. Then I got into similar shit in college. I reported it and got lucky again. The guy in charge of their cybersecurity program invited me to take his class which was all master's students and phd candidates as a freshman. I would have bombed as it was all over my head cryptography/math, but at the time I did some extracurricular research that got me a passing grade.
Oh yes. I remember the embarrassment / horror of having the admin just creepily poking my shoulder when at the computer and gently saying: "Hey, I promise I will NOT report you for antyhing, if you just tell me what the hell you just did with our network!"
I had no idea what I had done, honestly, I just sent a large ping packet to some IRC-user. Turns out it killed some vital things in the network.
Also the admin leaving anonymous FTP enabled with write access. That was one weekend with an extreme amount of illegal stuff apparently uploaded via the schools FTP, but that was my classmate which was involved in and not me.
This was at the time when people had dial-up at home so the 256kBps connection at school was awesome.
Late 80s and my junior high school computerized attendance reporting (and some grades) through shared documents on a 'teacher' Appletalk share I had access to (because I set it up!) Well now... ;) Honestly though I never did any of that sort of thing for profit, I managed to satisfy my needs selling disks with games on them and then turning a blind eye when people were playing them during class hours (I was basically used as a free labour resource by the school so I don't feel bad about that in the slightest.) Ah, the things we did when we were teenagers...
I was punished three times for computer curiosity before I learned my lesson. No good deed goes unpunished, especially when it makes somebody powerful look bad.
Seriously, they would have deserved that the school mysteriously becomes littered with printed (or typed) sheets of paper explaining how to access the system and change everyone’s grade.
If it were me, for the second time I would have considered adding a file to everyone’s FTP account (including the admins & professors themselves) explaining how they too can escalate to root.
ouch. I once tried to grab a password file remotely that made the whole computer network crash for some reason. They found out it was me and they said, "please don't do that again." I was really lucky.
I was in junior high early 90s when I got into trouble with my school's networks. Setup was Novell Netware, DOS 6.x. I was never a Netware expert by any means, but by that time I'd been using DOS at home for quite a number of years and knew my way around pretty well. Anyways, the network crashed. I got accused of causing the crash because a teacher had seen me with "a black screen open", aka a DOS prompt. Our Netware setup didn't allow for direct DOS access; we had a limited set of DOS apps from a menu we could run. Well, among those apps was WordPerfect for DOS. There was some function key combo that'd suspend WordPerfect and dump you at a DOS command prompt (I forget the key combo, but we all had those keyboard templates at the time that listed out the various commands helpfully, right in front of you, at school, even!).
Well, being at a DOS prompt was enough circumstantial evidence for me to get suspended for a week (no FBI record, AFAIK). My parents, despite being strict, were also fair and asked me point blank, "Did you have anything to do with what you're being accused of?". Told them no, I was just at a DOS prompt (probably to play either nibbles or gorillas - those classic BASIC games). To their credit, their opinion was if I was going to serve the time, I might as well know how to do the crime (know, not actually do). I had already been tagging along to continuing education computer classes my mom was attending, but my parents started buying me more and more computer books. It got me started down the programming path. I'd already been pretty friendly with our sysadmin at school and he knew I had nothing to do with what happened and hadn't accused me, but the school needed a scape goat, and I was it. He felt bad for me and choose to help me out with my learning, too, instead of continuing the punishment. He gave me a copy of the software he used for after hours remote access over direct dialup. Think it was called Carbon Copy? It was basically just telnet over dialup that allowed me direct access to his PC on the network after hours before I even knew what telnet was. So, I'd connect after dinner and play around for hours as network admin. It wasn't multiprocessed, so I had to be patient. Typically when I'd log in, he was running a nightly backup manually that he'd kick off before he left for the night. I just had to wait for it to complete, then I could do whatever I wanted. I had full access to the grading/attendance system. I could message teachers as other teachers, etc. I could have granted admin access to anyone, but I was smart enough to never touch my own account, instead, created fake admin users and used those, instead. I'd hide files in plain sight using the ALT+255 trick to embed a nonprintable character in file/directory names. You could see them, you just couldn't directly access them without renaming them for most programs. Fun times. I never did anything destructive, though I could have easily.
Security in the 90s was a joke. They were good times, indeed :)
I continued my shenanigans into college. College was my first encounter with Windows NT networks & l0phtcrack. I remember one night, walking into my dorm room with the SAM file from a lab PC on a floppy. I popped it into my own PC, started cracking the passwords, expecting it to run all night. As I got up from my PC to head down for dinner, I was surprised to see that I'd already cracked the administrator password. It was just a 5 character password that was the building code & room number for campus IT. I already knew better than to do anything from my own PC, only ever worked from different lab PCs in different buildings and under assumed accounts. Never reported anything, either, for fear of reprisal.
> I learned my lesson to not talk about such things because their egoes were too fragile.
Yip, ego's and people talk are the downfall of many an innocent `self-education` in the area of IT security.
Post 80's and laws started to change, prior, in the UK it was theft of electricity being the only way to nail some people. Crazy fun times.
Though I do miss the old phone system per-say, outdials, wardialing, things like that, was common with many and just seemed more mysterious as you could only learn thru word of mouth or self-education as no books or internets and BBS's were not as cheap in the UK or common as we never had the official free local calls aspect as you fine folks had in the US.
Do recall a chap getting kicked out of college for doing something I'd done previously, just that he had a bigger ego and not as delicate with the power to steal the admin password. Which involved an ICL George 3 OS mainframe in the times of very large disc platters and admin console journaling that had no encryption. so they rotated discs without adding extra wear of zeroing the previous content, only the file table so you could end up with a user disc platter that had formally been used as a admin console jounal reposatory and could create files without zeroing and dump the previous contents of the disc of that way...which eventually got you the admin password.
Do recall few instances of work related cases in which I needed to do things so, kinda hacked what I needed (resourcefulness) like upon a DPS7 Honeywell mini computer in which needed the admin password to do something and nobody had it at hand at that time of night and the passowrds were kept in a file that was encrypted so I worked out the encryption key by looking at the file as was poor encryption and text files have lots of spaces so saw a pattern with the word OPERA in and tried and tada, got what I needed. The spooked admin next day wondered how I did it so I told him fully, he then went and redid the encryption and challenged me to see if that was secure, I looked at the encrypted file and kinda worked out by the patterning that it had been encrypted twice....yes with the same password OPERA only encrypted with that and then encrypted again with the same. Educational for all back then. Today, not as easy to do that, but still a great story of times of old.
My ego prevents anything else and was an ethical hacker and the 90's was an era in which, we white hats would and was the internet security, bringing down pedo's and bad actors like that that frequented some platforms with ease (looking at you AOL). So whilst illegal per-say, was case of no real official policing of such things as we do today.
But darn, some things learned and worked out, well zero day exploits back then were not as financially economical as they are today and heck, and some never really appreciated how long they would stay obscured from the wild.
I also liked hardware back then, was also fun and many a hidden switch to get a feature you would normally pay silly money for some engineer to `install` though was just some hidden switch was not that uncommon. Heck even today you get kit that is same inside with a model up just adding some small thing and example would be some Fluke multimeters that you effectively pay hundred for a small capacitor and another digit on the outer shell, is a good example current today.
Fun times indeed, but darn, goalposts always moving.
The UNIX family of operating system (Unices) historically stored passwords in /etc/passwd, which was readable (but passwords were soon hashed, i.e. passed through a one-way function to obfuscate them).
Eventually, shadow passwords were introduced to have the passwords themselves stored in another place with stricter access rights (readable only by the sysadmin or their group), so even the hashed versions were inaccessible to normal souls, whereas other information traditionally kept in /etc/passwd - e.g. the user's full name - could and can still be retrieved from that file by making it widely readable - just without the passwords, which were moved to the "shadows".
Debian even back then did protect the passwd files appropriately out of the box, but in this server's case, they did an import from an older system where it wasn't protected, and they couldn't figure out how/bothered to convert it to shadow.
I always thought the shadow was just a way to refer to a hash -- the shadow of a thing being less detailed/unique but still capable of being used for recognition.
Maybe I read Plato around the same time as I heard of it and that biased my thinking.
> Could you please explain what this means? Googling didn't reveal much.
An classic UNIX /etc/passwd file is readable by all local users and in the past used to contain the password hashes. One can download these hashes and crack the passwords offline. At some point the problem was recognized and password hashes were moved to special /etc/shadow file which is accessible only to root and members of shadow group making /etc/passwd useless for extracting passwords.
A quarter century later, statute of limitations expired, systems long gone and replaced with entirely different vendors/technology, nobody cares except you.
A person I know studied in East Germany in the early 80s via a very limited exchange program. After the wall came down, she requested her Stasi file.
It was fascinating what was in the file - lots of misunderstandings and misinterpretations. For example, she was upset when the Challenger exploded, and this mystified the Stasi informers who had previously identified her as a pacifist (in their minds, the Shuttle was 100% military).
Similarly, she was trying to research what happened to a relative who had remained in Germany in the late 30s, and whether she had died of natural causes or been sent to the camps. The Stasi file was filled with speculations on the details of this "sleeper agent" with whom she was trying to establish contact.
All this to say that from the mindset of a spy, everything is spy-craft. Everyone's world-view shapes their interpretation of events and reality itself. Was the shuttle a military venture? Partly. Was it also a tool for science? Yup. But the functionaries who looked at her data in the heat of the cold war certainly couldn't see those distinctions.
For what it's worth, she was able to get her Stasi file, but has never been able to get a copy of her FBI file.
This might be a good way to explain my discomfort with online tracking.
Machines categorising you based on your behaviour, without your knowledge nor your consent. It's not so bad when it serves you ads (unless it sells alcohol to alcoholics), but there's no telling what similar algorithms would say about you in the hands of a rogue government. They can find vulnerable people, people who hate certain people [0], people who talk to certain people or hold certain ideas.
What makes it even more terrifying is that machines can categorise people much faster, based on a much broader set of information. It's not just informants and paper reports, but computers processing and connection millions of data points.
I'm bringing all of my data together[1], and the result is a graph of every place I've visited, every conversation I've had, everything I looked up, every book I've read, every transaction I've made, every video I've watched and everyone I've talked to. There's even more data about me in the wild, and if you combined it with other people's data, you could figure out even more about my every move.
It's a good thing that the Stasi was a few decades early.
There's a beautiful song by Vienna Teng called The Hymn of Acxiom[1][2] that covers this nicely. It's in the form of a hymn sung by the data collecting machine itself. It starts off like a message of love and reassurance, but the reassurance unravels as it goes on, until finally we reach the double meaning of it all: "Embrace you for all you’re/your worth"
Somebody hears you
You know that inside
Someone is learning the colors of all your moods to
(say just the right thing and) show that you’re understood
Here you’re known
Leave your life open
You don’t have to hide
Someone is gathering every crumb you drop
These (mindless decisions and) moments you long forgot
Keep them all
Let our formulas find your soul
We’ll divine your artesian source (in your mind)
Marshal feed and force (our machines will)
To design you a perfect love —
Or (better still)
A perfect lust
O how glorious, glorious:
A brand new need is born
Now we possess you
You’ll own that in time
Now we will build you an endlessly upward world
(reach in your pocket) embrace you for all you’re worth
Is that wrong?
Isn’t this what you want?
This is one of the strangest and most amazing art pieces I've experienced. Perfectly captures our time, both in technology used to produce the song and the meaning of all the words
I hold that we still have not imagined (not even in science fiction) the horrors totalitarian governments are now capable of in a fully-networked, computer-brokered society.
I work on it on and off. Sometimes I'll work on it full time for a few days, and sometimes I'll leave it untouched for months. I started it in late 2019, IIRC.
One other funny detail is that most of the Stasi file was handwritten notes in pencil. The vast majority of it was crap. It seems that a lot of her associates were obligated to report on her to the Stasi, but either couldn't or didn't want to give any details that would be harmful to anyone.
Much of it was along the lines of "[fellow student] says [subject] was disinclined to denounce rent-control as a counter-revolutionary ploy during a late-night discussion with [other student]." or "[room mate] overheard [subject] calling her family in the US, and did not hear any overt discussion of politics."
The Stasi was, especially in the end, exponentional invasive. Meaning they approached allmost anyone in any slightly important position and put pressure on them, to work with them to report on their collegues. (In the end, there were 90 000 of them, with a population of only 16 million).
"you help us (and socialism) and we help your career - or you decline and good luck with your career, or
the carrer of your partner. Your children ..."
The results were mainly those worthless reports.
But if you were on the hook once - they could pressure you into more, if they really were interested in your peers and not just routine surveillance of everyone.
But could you live with knowing you send one to prison for telling a bad joke about the government?
So many still declined, to work with them and suffered the consequences.
In either case, the massive surveillance was well known, it was assumed that everything you say loudly - got recorded.
For an amazing movie (not documentary) about the Stasi, watch "The Lives of Others". It is chilling because you see this institution and how it effects people through the eyes of one of the people responsible for doing the spying.
"Erich Honecker gets up in the morning, goes to the window and says: Good morning dear sun!
The sun replies: Good morning dear Erich.
At noon, Erich says: Good day dear sun!
A good day to you, dear Erich.
In the evening before sunset Erich wants to greet the sun again: Good night dear sun.
...
no reply
Again: Good night dear sun!
still no reply.
But dear sun, what is wrong, why are you not answering anymore?
The sun:
"screw you, I am in the west now."
A reference to the people, who managed to escape into the west and no longer had to fake friendliness with the system. And the way the joke is told in the movie and the reactions towards it, are also telling a lot of the spirit of the time.
but has never been able to get a copy of her FBI file
This can be confusing because there are various bewildering options, some of which are slower (or outright ineffective for personal records) than others but getting FBI records is comparatively straightforward once you've navigated the maze. I did it a few years ago and they sent me a CD's worth of stuff, plus a note of things they had not sent me or had redacted with instruction on challenging their decisions on these.
I'm not positive, but I seem to recall she said that she requested files, but just got back a folder of redacted sheets only showing a few dates and her name scattered throughout.
I wonder how much of that was just regular Stasi bureaucrats trying to keep their job. If everyone on their watchlist was a potential spy, then maybe their bosses stay scared enough to keep them employed? Or maybe that was the metric they used for promotions, and it inevitably became a target, resulting in a massive inflation of potential "spies" within the bureaucracy.
Anyone who is interested in this stuff should watch The Lives of Others (2006). It is unfathomable just how deeply entrenched Stasi was in every affair of citizens in East Germany. No organization in history has perhaps been as effective as them at spycraft, at least of their own people.
Hey, my mother was in almost exactly the same situation and has been talking to people about it. They should get in touch, although I'm not sure how to do that.
This story (assuming it's true) should serve as an excellent example of why you need privacy even if you think that you don't. In peace time the NSA is only looking for "terrorist" and leaves everyone alone, but in case of war they would start creating lists for any and everything. All it takes is one "tough" agent trusting their gut feeling/algorithm based on your browsing history and shopping habits to put a target on your back and you are done.
EDIT: Replacing "if there's any truth to it" by "assuming it's true". I did not mean to imply that the author made up the whole story and thought both expressions were equivalent.
The "if there is any truth to it" remark was unnecessary. The author was very well known on the net when it was a much smaller place (the old Usenet days), and implying that he made it up is, to say the least, impolite.
You may know him but I did not, so I erred on the safe side and added the "if there is any truth to it" as it's a much safer default to assume that everything I read on the Internet is possibly made up.
I don’t think assuming stories as untruthful is using good faith. I think this line of thinking heavily contributes to this post-truth society we live in; if everything online is a lie that leaves the individual to create their own truth from the lies leading to this idea of post-truth. Obviously there is more nuance than this because websites need views for ad revenue and people like lying online for imaginary internet points or attention, but I see little reason to lie on HN unless it’s for a company’s PR.
Whether it's "using good faith" is frankly beside the point. Default skepticism is the only way to not get fooled over and over again. People demonstrably don't need a reason to lie beyond craving notoriety; no one on Reddit gets paid for the tall tales they tell. This doesn't mean you just get to make up your own truth either. Rather, it means that finding the truth is very difficult and sometimes you need to explicitly maintain agnosticism, you know, like GP did.
To lean on "good faith" is just another way to lose your nerve and fling yourself on the mercy of blind belief.
Not believing everything you read that causes searching for additional credible sources for corroboration should be the healthy approach. It's quite disengenious to assume the original poster immediately jumped to any conclusion without additional research and landing that it was fake.
I personally think it is the other way around. If people didn't blindly take any story someone they have never met before says as truth, because of "faith" in humanity or whatever, then there would be far less reason for people to be untruthful all the time.
This is a general comment that is in no way related to this particular case, of course.
I know Les and I was also skeptical as to the truth of the story due to the creative style of writing. A bunch of computer nerds are into fiction writing.
Seeing the reply I'm getting, I think this is just the "English is my second language" showing on my side. I always assumed both expression were somewhat equivalent but clearly they aren't.
I wouldn't concern yourself with it too much. Both of your statements were entirely reasonable and polite in tone and candor. Hair trigger, induced outrage is common among Englisch. They are much less prone to such gewinsel in public, the knives only come out online for whatever reason.
Anyway, it is important to recall that with every move that is made, it will disturb someone else. Impudence should be avoided, but the trivialities and whims of Englisch are of little concern.
I think what /u/not2b was getting at in the bigger picture, is that we can decide for ourselves if something is not likely to be the truth.
But if you explicitly add "if there is any truth to it" to your post, then it suggests to the reader that the story is probably false and that's not a very useful premise to start from.
The safe side is giving them the benefit of the doubt. Possibly made up, sure, but your "if there’s any truth to it" gave a most probably made up vibe. Not only is that uncalled for, it’s pretty inaccurate.
I believe that this happened, but I don’t think that details are accurate. Specifically stories told by FBI agents. Memory is flawed, kids tend to exaggerate things(he was 11 at the time). As far as I understand, it was retold
him by his mother, etc.
Yeah, he's for real, and I heard him tell this story (and a number of others) about 40 years ago, for what that's worth. In addition to his other info on the web mentioned elsewhere here, there are also quite a selection of his files from the Stanford AI Lab (SAIL) system, that have been pulled off of old backup tapes, and with permission appear at https://www.saildart.org/LES (note the 3-letter account name, and 3-letter, single-level subdirectory names that you can click down into).
Cool. I mean, wow, that's a great old resource. I like https://www.saildart.org/[OLD,LES]/ (always interested in what academic researchers at stanford and berkeley were doing around the time I was born, especially machine learning)
"and you are done" While I agree about the need for privacy, I don't think this story is a good argument for it. One of the interesting aspects of this story is that the main actual consequence of this privacy invasion was that he got his glasses back.
I was wondering where all that traffic suddenly came from. As for those neighborhoods that were raided: the 'new' City Hall of Amsterdam is built right on top of one of the largest of them. Not a house left standing of those blocks.
Seems like the safest bet would be to fully inventory every human, know everything about them as well or better than they do, and then, once you're highly assured of their safety to the commonwealth of the country monitor them for even the slightest changes in their disposition or regular pattern of activity.
Of course, you would have to completely disregard any concept that people would have a freedom to privacy to do that, and you would also have to account for natural changes over time.
People make new friends, get exposed to new ideas, and gradually change no matter how hard you try to lock them in a box. The data storage and processing requirements to monitor America's 350 million people would be understated as staggering, the man hours for perfect enforcement incalculable, and even if you reached Pareto parity (monitoring 80% of the highest-risk individuals 100% of the time) you're still going to have people slip through the cracks.
I would place a $100 bet on this already being the practice of the 3 letter agencies and if they haven't fully rolled it out I would hazard an extra tenner on that they're within 5 years of completing it as long as their funding isn't disrupted.
The only defense most of us have against it is that we're not individually interesting so we probably never register as more than a blip on a hard drive somewhere under most circumstances, human eyes never prying into the worlds we make for ourselves.
Where this apparatus gets really interesting is the addition of AI.
Suddenly cross-referencing pockets of activity in the giant trove of permanently stored data can be done for every citizen, not just ones of interest.
You can start modeling and simulating behavior off that data to predict future actions like in Minority Report.
But if you look far enough into the future on that trend and link it into Microsoft's recent patent on resurrecting dead people as AI chatbots from social media data, the treasure trove of all online activity for every citizen becomes a curious anthropological artifact as the people in it die off.
Did you have a nuclear scientist on the verge of a fusion breakthrough die before they could finish their paper? Just feed the entirety of their digital life into the system and extrapolate the non-digital using generalized "human experience" models built off everyone else to resurrect a copy of them (or many copies) in a simulated continuation of their day to day thinking and working.
Very few people fully understand the extent of the digital footprints we are leaving behind in the context of trends in big data.
The data we are leaving behind in mass collection will eventually take on (literally) new life.
Very good point. Everything is framed under the status quo. If shit hits the fan, all those assumptions immediately fly out the window. If the writ of habeas corpus is suspended, NSA instantly transforms from shady to Stasi.
Doesn't mean shit without enforcement, which is conveniently also handled by the same cabal. I can't believe this basic fact has to still be argued in a tech focused forum despite the Snowden leaks.
A whole 6 years after the information was made public by a whistleblower who's still treated as a criminal. Surely you can see how little that means for constitutional enforcement?
All they have to do is mark everything as secret, aggressively pursue whistleblowers, and if they happen to get caught, just have the secret court admit guilt without consequences and let the public assume all is well again. Rinse and repeat.
After all, it isn't like they didn't know what they were doing, they explicitly ignored the restrictions placed on them by relying on secrecy and legal loopholes.
In a section headed by an anime girl, he claims to have, "figured out when and how a bunch of other fantasies got into our DNA and will shortly post an article on this web site that will explain how that happened, why it is causing modern humans to make billions of bad decisions each day, and how we and our descendants are likely to be wiped out soon unless we begin dealing with this problem in a rational way."
Then there's a weird picture of his face, which is how he thinks he'll look in 2043, when "he plans to croak at age 112".
On his bucket list page,
"My choice as a troublemaker will be to get shot in the back while running away from an jealous husband in May 2043".
Let me die a youngman's death
not a clean and inbetween
the sheets holywater death
not a famous-last-words
peaceful out of breath death
When I'm 73
and in constant good tumour
may I be mown down at dawn
by a bright red sports car
on my way home
from an allnight party
Or when I'm 91
with silver hair
and sitting in a barber's chair
may rival gangsters
with hamfisted tommyguns burst in
and give me a short back and insides
Or when I'm 104
and banned from the Cavern
may my mistress
catching me in bed with her daughter
and fearing for her son
cut me up into little pieces
and throw away every piece but one
Let me die a youngman's death
not a free from sin tiptoe in
candle wax and waning death
not a curtains drawn by angels borne
'what a nice way to go' death
The Cavern referenced in the poem is a music club in which the Beatle played at the time, now it's tourist trap with canned pop music (what Brits call "cheesy music").
>> My mother told the investigators how glad she was to get the glasses back, considering that they cost $8. The sourpuss did a slow burn, then said “Lady, this case has cost the government thousands of dollars. It has been the top priority in our office for the last eight weeks. We traced the glasses to your son from the prescription by examining the files of all optometrists in the San Diego area.” He went on to say that they had been interviewing our friends and neighbors for several weeks.
Around 1983, me and a few friends were into "war dialing". We found a bank, did about a half-day of research (default logins for popular systems used by banks), and were able to get into the system. We all got bored and stopped poking around after a day or so - we were kids, none of us understand anything about banking. But one kid continued to poke around for months, and he was making changes, too - like, creating his own "backdoor" accounts. Well, naturally we all got caught, not because of some technical task force or anything, but rather because the one kid was bragging about it on a bunch of local BBS's. Then he ratted out the rest of us.
Keep in mind this was around 1983; it was a different time - "computer crimes" didn't really exist, nor the people to investigate them. And that's basically how we all escaped any significant consequences. I was totally unaware of all this at the time, but it was explained to me later in life (by my mother, who is still bitter about it - sorry, mom; you bought me the Commodore 64! LOL) that the FBI didn't really consider it a crime because nothing was stolen. The local cops proposed "trespassing", but we never stepped foot in the bank; we didn't even know where it was.
Thankfully this was just prior to the release of "War Games". Everything changed after that movie. Law enforcement started to pay attention. There were stories about the FBI investigating kids on local BBS's, thinking they were working for the Soviet Union, trying to access military secrets or something like that.
Lesson learned: "We traced the glasses to your son from the prescription by examining the files of all optometrists in the San Diego area." - if you want your possessions found, you can either attach a note with your home address or an AirTag... or simply something _so_ sketchy that an intelligence agency delivers your stuff together with an awesome story.
A gangster was in prison, when he received a letter from his mother. "We miss you very much, and it will be hard for your father to till the garden without you." "Don't do that, that's where I buried the guns!" he wrote back. A while later he received another note: "Some men from the prison completely dug up our garden looking for those guns, but they didn't find anything." "I know, mama. It was the least I could do for you."
A friend of mine in 1997 got arrested for poking around in air force computer systems. He was charged with a felony not because he did any damage but because it cost $40k to track him down. He also had to pay that back.
"Once again, when computer crime enters the equation, circumstances seem to change. In May of 1997, Wendell Dingus was sentenced by a federal court to six months of home monitoring for computer crime activity. Among the systems he admitted to attacking were the U.S. Air Force, NASA and Vanderbilt University. What is different about this case is the court's order for Dingus to repay $40,000 in restitution to the Air Force Information Warfare Center (AFIWC) for their time and effort in helping to track him."
So... the headline invokes an inappropriate image. The author attracted the attention of the FBI in 1942, when "cryptography" meant wartime codebreaking, and his amateur cypher got lost and then found and turned in by a genuinely concerned citizen.
I mean, OK. Sure, it's bad that kids interested in math get caught up in this. But come on, it was the middle of the biggest war in history and real spies were indeed doing real work with codes like that. This says nothing about modern enforcement regimes, nor should it.
As it relates to the man's story, the most offensive part about it is the demeanor of the agents angry at the kid and being abrupt with the mother. The FBI rightfully investigated at the time what seemed to be a coded key, which is very uncommon. The boy did nothing wrong, and he wasn't punished.
But if the FBI wants to be pissy for hitting a false positive, do it at the water cooler, not toward innocent people. They should have offered the kid a job.
Most importantly, there is something modern enforcement could learn from the story: nothing bad (aside from a stressful meeting) actually happened to the suspected but ultimately innocent kid
If he were dabbling with radios at the age of 11, in 1942, he'd have ran into the same kinds of problems.
Hell, simply being of the wrong ethnicity was more than enough to dump a world of problems on your head in that time period. 120,000 people were sent to internment camps for doing literally nothing, and we're wringing hands over a kid getting a house call from the FBI.
Hell, simply being of the wrong ethnicity was more than enough to dump a world of problems on your head in that time period. 120,000 people were sent to internment camps for doing literally nothing, and we're wringing hands over a kid getting a house call from the FBI.
Actually, wring hands at both things. The camps were atrocities, even if they didn't match quite the enemies' atrocities. But they were also doing this sort of thing to many different sorts of folks.
On the scale of hand-wringing, this doesn't even register. Nothing bad happened to him. The police looked into it, decided this was probably not an issue, filed it, and moved on. No laws were broken. No procedures were violated. Nobody's fundamental human rights were curtailed. The procedures or laws in place weren't unfair or excessive.
This isn't the Rosa Parks, or the Rodney King, or the George Floyd of police abuse. This isn't the springboard for broad, or even narrow reform. This is the system working. I understand that a tinkerer may feel offended by the fact that the police even looked into this in the middle of a world war[1], but if that's the poster child of your problems with the police, you are in a staggeringly privileged position, compared to on-going, actual problems, affecting millions of people every year (outside of the context of, well, a world war.)
[1] That was in large part won by intelligence and counter-intelligence.
Yeah, I read that. I wonder if in another 75 years we'll have become as much more enlightened about race as we did from the 1950's to now and look back on some of our present policies and practices with horror and disgust.
Seems unlikely, the first 80% of improvement is the easiest and we've got to be somewhere close to that now, but I could be wrong.
The systems he described were pretty crazy, confusing race (physical characteristics) and ethnicity (culture). On the other hand, you get that everywhere. I don't even know how to describe my ethnicity. "Generic English-speaking" is my best attempt.
It’s sad that people on positions of authority are always paranoid someone is lying. I was recently pulled over and I was sure I hadn’t done anything and it was on a very busy highway through town and I was literally at a side road so turned off and immediately pulled over. It took seconds. The officer as he approached me put his thumb on the back of my car. From my reading they do that to leave their fingerprints if something goes wrong. He approached and said he just wanted to check if I had my license, something they are not supposed to do since it fosters racial profiling they are supposed to have a reason. But he said I noticed you don’t have an N on your car(the N indicated new drivers) and you looked a little young so wanted to check. Just a bullshit story since I am 40, had 2 teenage kids and a 6 year old in my car and enough facial hair to say I was way beyond a 5 o’clock shadow. Then he began to lecture me how when a car pulls onto a side street it makes him very suspicious. I said well I don’t want anyone getting hit from behind and he replied That he is not affraid of getting hit. All very well I am glad you are not but I had 3 kids in the car and have seen enough videos of officers getting plowed and I didn’t want to be part of that. He let me go and with that I am once again annoyed with the police. If I’ve done something ticket me I’ve never omce fought a ticket. I pay my dues. But like I say that rule is to stop racial profiling so I take it seriously.
Unfortunately police in the US are often idiot bullies given a badge. In general you're best off if you never interact with them, including asking for help.
He was able to tinker with a radio at age of 10, in 1940. I had my first electronic at 19, in 2003, growing up in India.
Today, almost anyone in the world can have access to the latest tech easily. Great minds were there and are everywhere in the world, they just didn't have access to resources. Think how fast the research monopoly of US is going to shrink.
Growing up in a Third-World country, I was tinkering with electronics at age 10 and built my first crystal radio at age 11 from junk parts. Dumpster-diving isn't hard as long as you don't mind the occasional dead dog.
I've found entire, functional computers thrown out. My first web server was a 386 built from dumpster-dived parts, quickly upgraded to a 486 as I found new stuff. I still have those computers, too. It's amazing how wasteful people are with tech. People, please don't throw out working computers if you can avoid it. Take them to a thrift shop or a specialized place that will fix them up and sell them, like Free Geek. Post an ad on Craigslist "free" section.
A year and a half ago, I found an entire HP Elite 8300 standing by the dumpster in the rain. It was only missing a hard disk (likely removed to be shredded).
I brought it in, checked it for rust or damage, let it dry for several days, and ordered a hard drive for it. It runs fine, and I use it as a repo/build server.
Nice. I have an SGI Indigo that I will probably never be able to use again because I forgot its login credentials years ago. And I think the monitor was proprietary to SGI and I tossed because it took up too much room.
Then again, I could probably find a downloadable OS for it somewhere online.
Unless it's been secured, you can probably boot using the miniroot on the installation media, go to the password file and clear the root password and save.
Restart that Indigo, and log on as root, no password.
When doing various services on these machines, I would keep a drive ready to boot miniroot. Would clear the root password, archive the hash, then do the work, put it back and on to the next gig. Most of the time nobody even knew what that password was.
Took {big company IT} quite a while to finally call and ask how those services were getting done...
You can definitely boot that SGI in single-user mode or off a bootable OS and read the passwd file. Just found a guide on resetting the root password on an SGI machine[0]. Someone probably would have paid multiple $hundred for that monitor :(
My early years were in rural India, so even Motorcycles were rare to sight. However, I did my dumpster diving with Books and Magazines, and collected a lot of relics.
Apart from the dead dogs my experience in a first world country was quite similar. But for some reason I'm more impressed with you, probably because here in NL electronics were relatively easy to come by because people were throwing away older generating electronics with great regularity to buy something newer.
Whereas I would expect that in the 3rd world by the time you got your fingers on it it must have been technically beyond salvage.
Thank you. I found the same to be true, though. Most people don't know how to repair radios, or don't know anyone who can do it, so if it's anything more complex than a broken wire, it ended up in the trash. At least the cheap, handheld transistor radios did. Happily, everything was through-hole in the 70's so parts were easy to remove :-)
Yes, thank god for through hole parts, otherwise I don't think I ever would have made it this far. VLSI is killing poor kids' ability to get started with electronics.
What did you do your soldering with?
My first soldering iron(s) were simply screwdrivers in the stove :)
I even recycled the solder but it took a while to understand that you need flux as well as solder to make a good joint.
I don't think heating up a screwdriver ever occurred to me!
My first soldering iron was huge! I don't remember who gave it to me, but it was clearly not for electronics. It had a small wooden handle and a tip that looked like a large, bent flathead screwdriver. It could remove parts, but not much else.
Ha! gotta love google. It looked something like this: https://www.amazon.com/Soldering-Handle-Chisel-Point-Copper/...
Thinking back, my grandfather was a carpenter and left a shop full of tools when he died, so it's possible that it used to be his.
I remember asking for a real soldering iron as a Christmas or birthday present and getting a low-wattage one since they didn't cost that much. Until then, everything was held together by wrapping wire onto leads.
The strange thing is that I remember having a small soldering iron, but I don't remember ever having actual solder.
Interesting thread this. You made me re-live a whole bunch of my past and I noticed something funny (or at least, I think it is funny): to this day I can't help myself, when I walk by a dumpster or the garbage before it is picked up I am still scanning for TVs, tape recorders etc. It's so automatic that if not for this thread I would not have caught on to what that was all about, it's simply a habit.
And I still can't stand waste.
One day we will look back to this age and wonder: how on earth could we have been so wasteful that perfectly good stuff ended up in a landfill.
That soldering iron of yours looks like the perfect tool for some SMD work.
I recall those in the hands of stained glass workers, either that or gas heated ones.
My first upgrade from a screwdriver looked like this:
Which actually worked well enough for tube based electronics, (not even hole through, just built up in the air on metal frames). And it held the heat a lot longer than the screwdrivers, which tended to carbonize after a while.
I got a cease and desist letter from apple around the same age and see it as an achievement I want to frame in the living room (it was when the iPhone 4S and Siri was released. At the time, there was a way you could get Siri working on a jailbroken phone but required running a Siri server that scrapped keys from Apple’s servers. A lot of people were doing what I did a charging for it, so I made a free and public one. I remember the day my VPS provider sent me an email with Apple’s request to shut it down lol)
If bicycle helmets were essential for causal-speed, safe path, everyday bicycling, the Dutch would use them.
Interesting fact: in the US, riders without helmets receive more average buffer space from road vehicles than those with.
If you're downhill mountain biking, wear a proper helmet. If you're racing in Manhattan, wear an equally suitable helmet. If you're leisurely riding on a wide, empty side road in a residential area and cycle often, it may lend more placebo overconfidence to the rider than it confers necessary protection. It seems like gearing-up in knee and elbow pads to go for a simple walk.
I'm sorry, but what you're saying has nothing to do with what I linked to. The linked article is about the development of helmet safety standards and their use in bicycle racing.
Please read the linked article, you may find it interesting.
Those Dutch who don't wear helmets do it because they're idiots, it's as simple as that. Any fall - even if you're standing with your legs on the ground - on a bike can break your skull. You try to avoid a dog or a ball and pull the front brake instead of both - boom broken skull. It's just plain dumb.
Pulling the front or back brakes makes almost no difference at normal speeds (≤15 km/h), and even if it did you can't just say "emergency stop equals broken skull".
Many things can "break your skull", and there are many things you can do to improve safety. A whole bunch of years ago the then-UK government tried to promote "pedestrian helmets". No doubt this improved safety, but they were widely mocked. You need to draw a line somewhere.
Yeah, came to say the same. The multi-part saga of helmet safety is fascinating history, and enlightening to hear the story of the people who were fighting this fight for so long. I’m bookmarking this!
in case you're not aware, the author of this is a known (but not well-known) AI researchers from way, way back.
He invented the "finger" protocol. I chose the university I went to based on the qualitty of the plan files so in some sense, he's the reason I ended up at UCSC.
I'm not sure if there is any historical evidence backing that up (IE, Tim Berners-Lee used Finger protocol as an inspiration. A lot of the UNIX protocols of the time were like that (NNTP in particular), simple call/response with textual commands and arguments.
I thought Finger itself was a copy of the Whois protocol, which runs on port 43. But that's backwards! According to https://datatracker.ietf.org/doc/html/rfc812, sri-nic.arpa supported Whois in 01982, saying, "The NICNAME[/WHOIS] protocol is similar to the NAME/FINGER protocol (RFC 742)," and https://datatracker.ietf.org/doc/html/rfc742 is from December 01977, explaining, "The FINGER program at SAIL, written by Les Earnest, was the inspiration for the NAME program on ITS."
Things like NNTP, SMTP, IRC, and FTP were pretty different from this family of protocols. They're textual, yes, but they're highly stateful protocols with lots of back-and-forth to get anything done. DNS, NFS, and SNMP (01988: https://datatracker.ietf.org/doc/html/rfc1067) were stateless, like Finger, Whois, and HTTP, but used optimized binary structures over UDP. In my view, though, the protocol semantics are a lot more important than its syntax, so I think HTTP is a lot more similar to DNS than to NNTP.
Later, FTP-like numerical status codes and long-lived connections got added back in to HTTP, but they weren't there in HTTP/0.9. Designed at the same time as HTTP, Gopher (port 70) was also a finger-style protocol, and I don't think it has status codes either.
According to https://www.iana.org/assignments/service-names-port-numbers/... the lowest unused ports are currently 4, 6, 8, and 10. I think these were originally the port numbers for the opposite direction of data transmission for services on ports 5, 7, 9, and 11 (RJE, echo, discard, and systat) but that function became obsolete with the switch from NCP to TCP in 01983. I may be misunderstanding this a bit because I don't really understand NCP.
I got a CSIS record at the age of 12 for the same reason. It turned out after someone did a FOIA request that the IRC chatroom I was having some crypto fun in had a CSIS record.
Sadly after that a lot of people got spooked and I lost touch with many there. Never got to meet my friend despite living in the same city :(
It makes me even more sad that we haven't remedied that sort of thing everywhere by giving children rights, including free association with others. In other words, parents cannot govern friends and romantic partners.
There's definitely a balance to be had... Kids don't generally have those rights because they have far too little life experience to judge the effects of associating with people. Adults have seen the life paths of those around them and observed where certain directions can lead. So, parents look out for their kids. Sometimes the parents just have poor judgement, heh
Adults have seen the life paths of those around them and observed where certain directions can lead. So, parents look out for their kids. Sometimes the parents just have poor judgement, heh
That last bit is the issue. DO you really think a racist parent is going to allow a child to date somone that looks different - or a devout catholic is realistically going to allow their child to enter a same-sex relationship?
So would you be alright with your son/daughter choosing their romantic partner as a 50 yr old pedophile, drug dealer, and/or avid supporter of whichever religion or cause you find the most perverse and destructive to humanity?
Obviously, no one should be OK with their child dating someone that is a pedophile. That is obviously child abuse, and call the authorities. I*m not about to let a child be abused, and I find this particular question a strange place to go, since it does seem to be a slippery slope argument.
The only real way a parent would know if someone is a drug dealer is if the parent does drugs, or if their friends have bought or sold to the child. Otherwise, I'm just being judgemental or listening to gossip. If i have suspicions that my child can get in trouble with them, the proper thing to do is to have a discussion with the child. After that, it is their decision.
I don't realistically find any one religion to be that, in general, but again, if it concerns you, talk to your child about your concerns and hope that you aren't being xenophobic instead of reasonable. Same thing with racism: Chances are, you'll just drive a wedge between you and your child.
> parents cannot govern friends and romantic partners.
With absolutely no qualifiers. Unfortunately there are pro-pedophilia people out there, and some are quite public about it (for instance, Richard Stallman at one point). So I think it's important if you take that stance you clarify.
For the second part let's say that there is no question about it (maybe they were convicted). What if they are a violent person? Are you willing to let your child potentially harm themselves or others by being in the influence of violent people?
Lastly you misunderstood what I was saying. From your comment I assume you are against xenophobia and racism (rightly so). What if your child wanted to spend time with another child who openly hated black people or Jewish people?
What I'm saying is as a parent you do have a duty to take care of your child. You should prevent them from being hurt and hurting others. You need to instill in them moral values that make them a good person. If you do not have any power to say, prevent them from spending time with soemone who openly hurts them, then they aren't going to listen to you. They have to learn some things through experience, but other things would hurt them on such a great level that it could be permanently damaging. Yea they might not like it, but when you are a child you don't always have the mental capacity or experience to make all of these decisions logically. True love for someone is not always pretty, it sometimes involves telling them "no" to protect them.
Runs into the same problem the majority of people have in capitalist democracies: rights are tied to economic ability. Kids are usually economically tied to their parents, so if a parent decides "Wups, gotta take a new job across the country" or even "I'm sorry, I don't have time to drive you there."
(As a side note - dumb parents tell their kids "No, you can't be friends with ...." Smart parents ensure their kids will never meet ... before their kids are even born, through zoning laws and buying a home in a good neighborhood. I wonder if housing policy advocates realize how much of housing policy is driven by ensuring that your kids associate with "the right" sort of people.)
It doesn't matter whether or not I am. IF you agree, you do, and if not, you don't. I know some places have children's rights, which include freedom of association, especially as children get older. (Norway, for instance).
Also, freedom of association doesn't refer to who a child can befriend or date. It refers to their ability to participate in causes that affect them, such as volunteering with NGOs.
What you're proposing is extreme by even Norway's standards.
As long as everyone is sharing stories, it was the late '90s in the bay area when I was in high school and poked around in our computer lab systems. Other than running Quake and Starcraft, which we were not supposed to do, it occured to me to install a keylogger on an NT4 machine that was shared by the students and our admin. After finding a stealthy keylogger, installing it and verifying it worked for capturing my own password, I went home excited and nervous. When I got into the lab the next day, I looked around for some privacy and quickly checked the logs. Imagine my satisfaction when her password fell into my lap. I remember it to this day, it was "dj3j". Those were the days, of short passwords at least. I proceeded to immediately remove the log file and keylogger and never used her password, am a white hat through and through. Hopefully she changed it by now...
It makes me wonder -- does everyone end up investigated for their interest in HTTPS and trying to think up encryption methods?
It seems even having a passive interest in computer science or cryptocurrency would inevitably lead to one taking a class or buying a book on these topics. The business person in me always brainstorms the various potential business applications of any technology -- and that inevitably leads to a lot of discussion.
Any system of policing that results in entire professions and swathes of hobbyists being considered and treated as enemies of the state is essentially the same level of injustice as the witch trials of old and shows our species has not improved all that much.
> Any system of policing that results in entire professions and swathes of hobbyists being considered and treated as enemies of the state is essentially the same level of injustice as the witch trials of old and shows our species has not improved all that much.
It's much worse now. Now data is collected on every last person in the US indiscriminately so we're all under constant investigation and being treated like enemies of the state. With detailed records of every person and who they associate with the state is free to pick and choose who to target and can easily find incriminating evidence against anyone they decide has become inconvenient for them. Inquisitors tormenting "witches" couldn't dream of having so much power to abuse.
May I suggest, a brief reading of the Wikipedia article on Crypto Wars[0]:
The Crypto Wars is an unofficial name for the attempts of the United States (US) and allied governments to limit the public's and foreign nations' access to cryptography strong enough to thwart decryption by national intelligence agencies, especially the National Security Agency (NSA).
All of this just seems like government is developing an addiction for lazy police work.
A dragnet approach of digital malware and backdoors is a form of automated policing that will always be as unpopular as red light traffic ticket cameras.
Society has always accepted that some criminals going free is the price we pay for having our rights be respected.
Not any more, but back in the 1970s and before cryptography was considered the province of the military and spies, not for civilians to mess with, in the US and the UK. State-of-the-art crypto was treated much like tech for nuclear weapons. The pioneers of public key cryptography had to fight for their right to publish.
Netscape was required to severely cripple SSL to be allowed to export it in the early 1990s. Since "export" included putting software on an FTP server, this meant no open source crypto software could be on US servers. GNU addressed that problem by hosting some software in Europe.
> security specialists could be struck off or barred from working if they don’t meet “competence and ethical requirements.” … people who aren’t UKCSC-registered professionals might not be able to claim any new legal defences … similar to the General Medical Council and its register of doctors allowed to practice medicine in the UK.
Can you imagine what will happen when measuring pupil dilation goes mainstream? Any authoritarian govt will be able to measure your true intentions. There is no way to hide your pupil dilation.
For example, if you are browsing twitter and see a post of your country "liberating" its enemies. If your pupils and pulse indicate that you don't approve of your country's actions, suddenly you will lose some rights as a citizen. Maybe your house gets raided for "suspicion of terrorism"
With AR/VR devices about to go mainstream, this is very possible.
Yes: avoid OCULUS headsets and Facebook accounts, for precisely this reason. Trust me: HALF LIFE ALYX ain't worth Zuckerberg getting his fingernails on the inside of your scalp.
I had the french secret service come and interrogate me in ~88 (bad cop/good cop) because I had doctored a RS232 cable to be NULL modem, to be able to connect to the X25 "transpac" network using a terminal.
I was 'drafted' in the army back then, basically unpaid slave labour, and I was risking 40+ days in prison for sabotage. I 'escaped' due to a coupe of forward thinking officers who didn't think that was a way to handle a smart 18yo kid.
Was an exchange student at a High School in Michigan (I’m German):
Hacked the local school network to access the cafeteria system and changed my friend’s photo to Tux (Linux mascot). Would also have been able to change the credit of each student - but mentioned to the sys-admins which then challenged me to brute force their Admin password. I successfully did that and they offered me an internship. I learned a lot over the half year that I worked with them, switched from Windows to Debian (on a Mac! I wasn’t allowed to be paid, but they gifted me an iBook before I left).
While I was there I also setup a cgi (web) proxy on a host in Germany, called it “cproxy” and shared it with friends in the high school. At the end of my year, I think half the school was using it to circumvent the schools accept/reject list for web browsing. I kept it running and two years later my parents received a call from the FBI, that they wanted to have a word with me (I was back in Germany at that point). Supposedly someone used it for fraud on eBay. I remember how I had to tell my teacher in (German) school that I had to keep my cellphone with me because the FBI was about to call :-)
Fun times! Really glad that the school in Michigan was so supportive and helped me keep my hacker spirit!
> The friendlier one eventually described how much it had cost to investigate another recent case where a person was reported to have pulled down an American flag and stepped on it. Only after the investigation was well under way did they learn that the perpetrator of this nefarious act was only four years old.
I never cease to be amused and amazed by the incredible lack of imagination discernment law enforcement personnel display at all levels. I'm sure some smart people work at the three letter agencies, but there sure is a range!
To me, I take it as a lesson about the dangers of dogmatic following of rules and how such a system will inevitably provoke people into work that have less than zero desired value. Obviously, as 1984 and many other works remind us, the value is in reinforcing the power of the system - but the official line of the system is to say that's not the case.
The reason government agencies are so fond of crushing people who have the bad luck to become centered in their gaze is that they know or suspect they are not clever enough to match wits with a below-average four year old and they would never want that possible fact to become public knowledge.
Charming story, but only an American would think 1942 was early in WWII. I’m tempted to roll out the old joke about US foreign policy but I’ll save y’all …
I've wondered if they've kept tabs on me since I was young/dumb...
Back before SSL/TLS became a thing, ARP poisoning was all you really needed to find out some fun details. It was basically pretending you're both the network gateway and a client.
This and some poor decisions on my part ended up with an expulsion my senior year, never had a phone call like this - just angry people from the state.
First year emigrating to the US, I started a service to automate the laborious College Algebra online homework with WolframAlpha and $20/job Pakistani teens. Had an AdWords campaign running. Calls kept pouring in - majority from Phoenix university students. If you wanted a perfect score, I’d charge you extra. If you wanted an imperfect score, I’d still charge you extra. Life was good, I was naive. I thought I had cracked it. Then I got served. The CEO of the company (one of the biggest educational publishers) was to fly in personally. They thought I ran a huge operation with many departments, since I would routinely change voices and direct customers around departments. Once my lawyers learned the real scale of the operation, they laughed and managed to get all charges dropped.
Looking back at it, would I have had a chance, had I approached the company in some defensive role against such activity?
But it isn't clear to me if this would provide the kind of information presented in the article (e.g. if you've been simply investigated for a suspected crime).
> listing certain information taken from fingerprint submissions kept by the FBI and related to arrests and, in some instances, federal employment, naturalization, or military service.
In other words. Assuming I spend lot of my youth with cryptography, tor, basically gray area things. I realize they may have a record on me, but is there any way to know if it is safe for me to ever enter the country without them making a huge deal out of it?
I wouldn't ask wouldn't I know people personally who had extended weird discussions for hours before they could enter the country.
In my college (late 90s) no one cared if you put an interface into promiscuous mode and there was no encryption anywhere. I had so many aim and campus system accounts from packet sniffing I didn’t know where to start. Following aim conversations of people in my dorm was pretty funny though.
>After we left the form by her front door her parents somehow figured out who had done that and, when Bobby’s and my parents learned of this stunt they decreed that we would no longer play together. We followed that guidance for over 40 years.
In early e-commerce era in korea, I remember a website storing refund balance into the browser cookies without verification which I told about it to my friend. My friend told that to his friend, and that one was bold enough to steal million dollar amount of goods using that bug, got eventually caught, however was not accused of anything because it was literally the first case of e-commerce related crime committed by teenager. The officials didn't take it seriously. Good old 00's.
> This was just after local citizens of Japanese descent had been rounded up and taken away to concentration camps, though I was not aware of that at the time.
Now that was a piece of history I had never herd about:
> At some point the Jack Armstrong program invited listeners to mail in a Wheaties box top to get a decoder ring that could be used to decipher secret messages that would be given near the end of certain broadcasts.
This gave me a flashback I recall that when I was quite young about age 10 - 13 and I created my own writing system. I think I had read about the Phoenicians and how they made the characters for the alphabet after everyday objects and it inspired me. I recall filling entire notebooks with stories to myself filled with my "language" still English but my writing system.
So my database course used a proprietary database hosted on-campus with IP ACLs. I setup a proxy on the campus cluster and mirrored 90% of it before the lecturer turned it off. I don't understand why they would even look, much less care, about policing closed-source documentation like the Stasi. If it happened these days, it would've been an Aaron Swartz situation.
I had to have a sit-down with the school admins because I used the "netsend" command to send the letter q, one time, to every PC in the school. I thought it was just going to go to the computers in the computer lab.
I have 2 such FBI records and every time I do a background check for a job they don't know what it's for and neither do I. I wish there was a way I could find out if it was computer related or not.
This was a great read! I also love the fact, that this is an old-skool serve via the user's home (~learnest). So much nicer than "You have 2 more Medium articles free this month".
I wonder if gifted and talented programs may also be used to inventory brain capital and feed into algorithmic threat identification, watchlist(s), and/or clandestine services recruiting.
Ran a `netsend` once from the school library. Saw it pop all over everyone's screens, and immediately :homer:'d out of there. Unfortunately don't remember the text I sent.
I got one after I let someone have an account on my Linux server in the mid-90s and they used it to send a very detailed and specific death threat to president@whitehouse.gov.
I love the post. I smiled quite a lot, not only because of the stories themselves, but because of my own childhood tomfoolery, oftentimes including my childhood best friend.
I'm sure more than half of HN has an FBI profile. I know that from an early age I would do internet searches for everything and anything I found fascinating, including hacking, piracy, anonymous proxies, nuclear energy, wilderness survival, firearms, communism, cults, wikileaks, snowden, assange, and a multitude of conspiracy theories.
I grew up fine and have never broken the law. But I sometimes wonder if some computer system or agency sees me differently, just based on keywords.
Generally, the secret service doesn't monitor kids unless they believe that they are somehow a threat to the president.
If you read the story, you'd know that the FBI wasn't "monitoring kids", they were investigating an incident that _could_ have had something to do with international espionage, colored significantly by wartime paranoia. They were obviously embarrassed when all of their leads pointed to a kid.
However, even today, the FBI doesn't monitor kids. Tech giants and social networks do that for them.
Well, maybe not anymore, but the Secret Service used to be charged with investigating computer crimes. I was the victim of one of their covert raids at the Pentagon City mall way back in the early 90s.
They dressed up like mall cops and searched us all. It even ended up on the front page of the Washington Post.
It isn't. But doing it with a snarky one-liner containing nationalistic flamebait is.
It's not hard to criticize something like "the FBI's abuse of power" in thoughtful, substantive ways. Plenty of HN users do that while staying within the site guidelines. From a moderation perspective, the issue here isn't the FBI or any other divisive topic—it's simply comment quality.
"Comments should get more thoughtful and substantive, not less, as a topic gets more divisive."
I still don't see how you are parsing anything nationalistic from this (the comment being a snarky one-liner is what made it nationalistic?). But you are more than welcome to censure any snarky one-liners that you feel go against HN's posting guidelines, regardless of interpretation. Thanks Dang
That is the most ridiculous reason to label something as nationalistic that I think I have ever heard. Thanks Dang, I have a much better idea of what is and isn't acceptable after this conversation. I'll be sure to avoid posting snarky one liners about other nationalist topics in the future, like Apple Pie.
Reports aren't indictments or any curb of freedom from the government
You have to argue in front of a federal judge that the existence of reports chills your speech, but you also have to prove you were effected, so its like schrondinger’s speech where the judge cant curb a government behavior if you cant prove something you didnt do, happened.
Assuming the flag wasn't your property (and that you weren't a four year old like in the story), you probably shouldn't be allowed to do it, but it should be at most a minor vandalism case for local police, not the FBI.
In many time periods in this countries short history, you would be dead wrong. But, I was more pointing to the bravery of these FBI agents, investigating this horrendous crime
Oh well, 2 week suspension and kicked off the computers for less than a year. A nice conference with FBI, police, my parents, IT and school administration. Fun times.
I learned my lesson to not talk about such things because their egoes were too fragile.
When they decided to give students in their website design class ftp accounts on the district wide web/email server running an ancient version of Debian, they didn't disable the shell, just added a login script to a menu for pine, etc. for people who telnetted in, which I'm sure the sysadmin was proud of. However, a few fast CTRL-C's broke out of his script menu loop and got me a shell, and they didn't shadow protect their password files. Ran it through john the ripper and had half the district's e-mail passwords in a default dictionary file including the root pw in a few minutes. LOLed and never told anyone about that.
Good times, the 90s....