vending machine hacks, although both illegal and immoral, provide an immense source of joy in knowing that you _beat the system_, regardless of what treat may come out.
here's my biggest vending machine hack: freshman year in college, there was a vending machine in our dorm building. it wasn't cheap (obviously), but it got lots of use because it had something extra: a card reader for our IDs. if we pre-loaded our card with money, we could use it to buy sodas, snacks, and washer/dryer cycles. very convenient.
but the vending machine had a quirk: occasionally, for reasons unknown, it would just start spitting out coins. it was a pretty rare occurance (and a very exciting one) that it became known colloquially as "hitting the jackpot". every time we went to the machine, we would cross our fingers, hoping to "win".
while it seemed like a random occurance at first, i knew it couldn't be completely random, and i wanted to figure out _why_ it was happening. so i began investigating. whenever i went to the machine, i would try different combinations of buttons, choosing different rows/columns, but i couldn't recreate the behavior. accompanying my friends to the machine, i paid attention to how they were inputting their order (and if they subsequently "won") to try and figure it out.
after lots of observation, i found a pattern: everyone who ever won used their card to buy something. focusing on the card reader, i also found that these people had accidentally put their card in _incorrectly _ before righting it. with a theory loosely in place, i put some money on my card and gave it a whirl.
and it worked! here's the behavior: if you put your card in incorrectly, the machine couldn't read it because the stripe was on the wrong side, so it spit the card back out and flashed an error on the screen which would clear after a few seconds. while the error was showing, the machine would not accept your card. however, if you put your card in _immediately_ after the error cleared, here's what happened:
1. screen displays the amount of money on your card
2. choose your drink
3. drink is vended while the same amount of money is displayed (i.e. not subtracting the price of the drink.
4. the machine begins spitting out coins in the amount of your card value minus the price of the drink
5. the card is returned with the _original balance_ still intact
so, if i had $20 on my card, and i bought a powerade that costs $1.50, i would walk away from the machine with a powerade, $20 still on my card, and $18.50 in change.
horribly immoral and illegal? absolutely. however, i still feel immensely proud that i not only figured out what was happening, but how to reproduce it.
i mean, it was purposefully acquiring money that didn't exactly belong to me. the Right Thing To Do would have been to report the error and get it corrected, instead of leaving it open for exploit, like when my friends or I needed quarters for laundry.
Disclaimer: I'm a poker player and small time affiliate.
The poker related ones seem to venture well into the unethical or illegal category. That doesn't take away from the difficulty or cleverness of the hacks, but unlike the candy theft story, there is no acknowledgment that some of those things might have been unethical or illegal.
Edit: I now see the conclusion that notes the potential for illegality, but I feel like the body comes off as way too proud about aiding a scam of a business (the affiliate "arbitrage")
Most people in college at the time were signing up for poker sites without any affiliate reference, so they would get nothing. At least with Aces Up they got something back.
My poker bot was against the T&C of the site, so I could see the ethical issue there. The bot barely won any money at the $5 SNGs (maybe $100), and factoring in the massive amounts I lost playing my expert strategy at $2/$4 limit, it was net negative.
The affiliate arbitrage thing was definitely unethical, though as I noted, I did not participate directly. It was also against their T&C and my friend eventually drifted into some even more shady areas of affiliate dealings (100% rakeback via a similar system, etc) that lead to him being banned on most sites.
I don't know that any of those three are illegal at all. Regardless, I suppose I may have a predisposition for finding an angle and considering ethics as an after thought.
Edit: In response to your edit, I suppose you could look at it as a scam of a business. In truth, most people had a love/hate relationship with PartyPoker since they took high rakes, didn't permit rakeback programs, and were ruthless about shutting down accounts and seizing the money with the claim that "we're not a bank". Being in the bot community and watching lots of people lose thousands of dollars because PP deemed their account suspicious was enough to make me lose any empathy for PartyPoker.
IANAL, but depending on state law, running the poker games on your campus might be illegal (not a law I'd agree with, but possibly illegal).
In a regulated online poker scene in the US, botting would likely be illegal, just like using a computer to aid your play in a live casino is.
While I understand the value of rakeback and low rakes and poker sites not treating their customers poorly, I don't think it is relevant to whether creating a bunch of fake accounts to receive affiliate commission is okay.
Anyhow, seems like it's all in the past, so all of this shouldn't matter much.
> Regardless, I suppose I may have a predisposition for finding an angle and considering ethics as an after thought.
Many of us have a predisposition for finding an angle. Finding an angle is, I agree, part of the joy of hacking. But you can never let ethics become a mere afterthought. You certainly can't justify unethical behavior by simply asserting you're predisposed to unethical behavior.
Probably against the T&C's of the affiliate program as well, where the company, reading this, might get back to you for a claw back.
At least, that's what I would consider/investigate if I was the affiliate manager.
I'm not proud that I stole from the vending machine. I'm proud that I figured out how to steal from it.
Fundamentally, I see no difference between being a 17 year old in a basement figuring out that if you send excessive amounts of data into an unchecked buffer, you can gain control over program flow, and being a 13 year-old kid figuring out that by rocking a machine back and forth, you can cause the front items to rub up against the edge of the rack, effectively sawing the plastic off. What is the difference really? Both are fine if you don't use it in the real world and illegal if you do.
And I don't think it's the same as crawling into an open window. Rather, it's more like lock picking, particularly after they started installing these rock-resistant cages and we had to get creative by using two-man teams (one rocking forward, one rocking back). I believe DefCon has a lock picking session every year.
Destructive security hacking isn't typically celebrated here either. Lock picking isn't destructive. The objection isn't the legality of it, but that you were stealing from a company in a couple of these cases.
I remember with those old vending machines with the circular rings - sometimes they get hung up. Someone buys a packet of chips but it just hangs on, and that someone misses out. Passers-by sees it and they try to get two packet of chips, so they pay for another packet of chips. Of course - now two packets of chips are stuck. Sometimes this can go up to three or four.
What I used to do when I see it is spend a minute looking at it, buy a packet of chip in such a way that all two, three or four packs fall down, then hand out the "free" ones to people watching. :)
Now that vending machine technology has improved, I do not see many of these "opportunities" anymore, but sometimes you see the odd one where the door is jammed and there are several packets of chips behind it. I get out my metal ruler and fix up the door, then pick the packets of chips up.
I was getting chips that aren't "mine", but at the time I really hoped I was doing a public service when I was fiddling with those vending machines... (there's a little show-off element to it. ok, more than a little. :) )
I once did something similar. I was in a school that had dumb terminals on which you could only check email - they set the login shell for all student users as pine. We found that you could set bash or lynx or the like as the spell checker or external editor, and in so doing, get proper internet access (or as proper as you could consider lynx).
Having lived a previous life as a blackhat, ID thief, and credit card scammer I could write a book (and may someday) about hacks I came up with. Here are a few:
I sold fake IDs at college. The real IDs were plastic cards and had multi-spectrum holograms, something you can't easily fake. Combining methods I found on the internet with my own discoveries I created simulated holograms using clear spray paint, lamination pouches, Pearlex pigment powder, Alps thermal printer, and a bad ass laminator. They were good enough to pass most bouncers in-state and was told that one passed a cop.
Our college IDs could be used at campus stores, vending machines, etc. The mag stripe just had your school ID encoded on it. If you had a mag stripe encoder (like me) and knew someone's ID you could encode it onto your own ID (or a fake one you printed yourself, like I did). The problem was finding school ID numbers.
To communicate with students there was a set of folders outside the main office of each department. Each student had their own folder, sorted in alphabetical order. This was also where you got your grades at the end of the quarter. I realized that your grades had your full student ID number listed (which was also your SSN!). All I had to do was go through the folders and find grades other students hadn't picked up yet to get their ID numbers.
Luckily the school stopped printing full numbers on student correspondence not long after that.
This is a greatest story of how the hacker mindset evolves over time. I wish I had more cool stories like that from my teenage years - I had a friend who was always thinking up crazy moneymaking schemes or trying to hack the school's computer systems, and I was always saying "oh, if it was that easy, everyone would do it". I've been trying to erase that mindset from my brain.
I really like reading blog posts on this topic. The "greatest hack" question on the YC app always made me hesitate because I don't really think of anything I do as "hacking". It is good to see different categories of hacks to get an idea of what everyone is talking about. If anyone has any links to good posts in the same vein, I would love if you would share.
I'm certainly impressed by that poker bot, but it sure is depressing reading about it at 22 and having never really written anything more than 1k LOC. I feel hopelessly behind sometimes.
edit: I also wanted to mention that Curvio sounds like a great idea, do you have any competitors? It's one of those ideas where I'm surprised it hasn't already been done, which I feel is usually a good sign.
Don't worry too much about it. I know it is often said that good programmers start early, but it is not an absolute rule. Not that I consider myself great or anything, but I start to program when I was around 24-25. Now, 5 years later I am making a quite decent living of it doing interesting stuff.
Thanks! Keep working hard and you'll be just fine. We all feel that we need to play catch-up to someone. My boss had like 25 publications by the time he was my age, so I know the feeling. Like others have said, use it to your advantage as a way to push yourself harder.
There are a few competitors, but generally they're celeb fashion/gossip blogs. We're the only site that I'm aware of which is focused on actually being more like a search engine. It's been tried a few times throughout the last 15 years, and even Liz Lemon mentions it at the end of a 30 Rock episode. The problem is that costume designers are very busy and in general Hollywood does not want to work with you, so you need to do all the legwork yourself.
Additionally, it's only in recent years that crowdsourcing has become a viable solution, both in terms of paid (e.g., Mechanical Turk) and organic (e.g., StackOverflow) platforms. We rely heavily on crowdsourcing to help us generate some of our data and it's so far worked out really well in private testing. The key is really about getting an efficient, organized workflow that you can repeat and scale out. It wasn't easy to find, but I think we have it down now and are looking forward to launching in November! :D
No man, partying 6 nights in a row, hanging out being care free, living for the moment etc. So if someone asks you, how were your 20s, you smile and say wooh, they were good, and off record. :-)
Basically I'm saying party it up, learn a bit about everything and everyone, back pack across a continent or two, and don't be in such a rush to jump in the rat race. When you're in your late 20s, dropping everything and rolling out will most likely be near impossible. You will be more rooted like an older tree. Right now just see and feel the world you have come into and just play with it.
My 2 cents.
P.S. to me a Michael Jackson or Mark Zuckerberg are not a great life, because they were/are unidimensional. They are what they are and not much outside of it. In technology, a rounded and balanced figure I can think of Steve Jobs. He got the fuck out, then got back in. In is always there, you can always get back in, but you can't always get out.
> partying 6 nights in a row, hanging out being care free, living for the moment etc.
If those are good things to do, why are they not good when you're not in your 20s? If they're not good things to do, why would they be good in your 20s?
They sound kind of like stupid, boring wastes of time to me. But if they genuinely make you happy, why would they stop genuinely making you happy because your hair fell out and you got fat?
> When you're in your late 20s, dropping everything and rolling out will most likely be near impossible.
When I was 29 I quit my job, and then digitized the Oxford English Dictionary, published my first peer-reviewed paper, moved into a Volkswagen bus, drove all over the country with my wife (having to learn to rebuild the van's engine in the process), and moved to Argentina.
You can live a cliché, but you don't have to.
> P.S. to me a Michael Jackson or Mark Zuckerberg are not a great life, because they were/are unidimensional. They are what they are and not much outside of it.
Given that statement, I'd bet money you don't know Zuck personally.
I was an assistant to a university sysadmin when I was in school. I always wondered why we bothered locking the computers themselves from being opened when it would have been exceedingly difficult to walk out of there with anything...
Now I know, O Manual Deep Freeze Hacker. Solid work.
This reminds me of how we figured out in our high school computer labs how to circumvent the monitoring/control software the teacher would use.
First it was succeptible to killing the process, easy enough. Once that was blocked, we figured out that some clever use of some default applications in windows would cause it to crash and give us freedom. After those vulnerabilties were fixed or blocked, and we had tried pretty much anything else we could think of, someone figured out that hitting ctrl + alt while we logged in would prevent it from even loading in the first place!
Unfortunately it was pretty easy for our teacher to catch us in the silly act of banging on our keyboards at login.
And your comment reminds me of the method I used to circumvent my teachers monitoring/control software. He had his running over the LAN so all we did was bring USB wifi adapters which got us on the schools WLAN which took our computers off his software for some reason or the other.