Hacker News new | past | comments | ask | show | jobs | submit login
Hacking the Dropbox Space Race (burtonthird.com)
80 points by pshken on Oct 21, 2012 | hide | past | web | favorite | 23 comments

Attaching the MIT brand name to cheating doesn't make it hacking. Most, if not all of the techniques described in the post are pretty well known.

Dropbox initiated the Space Race as a gesture of goodwill to students, and it's hard to fathom how or why people won't receive it in the same vein.

it is amazing you think of it as cheating. if these guys really wanted to cheat we would just max out the extra 25 gigs and get it. We had already gotten 15 gigs legitimately. We aren't insulting the goodwill of Dropbox, we just think its fun to be atop the list despite having a student body of a 5th of what the other universities have. It is also classic tongue in cheek that Ben Bitdiddle and Alyssa Hacker were atop the list. This was a benign prank and was done mostly to amuse. More than the hack itself it was just the timing that makes this hack memorable. It was hardly a non-trivial hack. MIT was leading the space race a few days ago, and then we exhausted our student body and i find it more amusing than desperate to come back in the lead like this. And you know what, somewhere in the offices of dropbox drew and arash are probably smiling profusely and proud of their alma mater.

yes we are :)

Well then- no harm no foul. Guess I took the post too seriously..

haha nice :D

This is hacking in the old jargon file sense (http://www.catb.org/jargon/html/H/hack.html) or the MIT IHTFP sense (http://hacks.mit.edu/).

Automation, spoofing and security breaking tools are improving all the time. It's important that it's security researchers (and students) who are driving the arms race, not the criminal element.

I used hacking in the exact same sense. I applaud their initiative and hacker mentality.

But, it still doesn't change my opinion that it's cheating, and as user nthitz said, it's just a case of students being sore losers.

Is it cheating? I'd imagine so, but I'd need to see the rules to make sure. Is it a hack? By my standards, it definitely has hack value [1].

I'm representing another school in the Space Race, but I smiled when I visited dropbox.com/spacerace and saw MIT back at the top of the leaderboard (with less space racers than the previous leader). I couldn't wait to read how they did it. With a smaller student body, they needed to be clever to "win".

[1]: http://en.wikipedia.org/wiki/Hacker_(programmer_subculture)#...

This is clever in the same way that spammers are clever to spam millions of people without getting caught.

In my opinion, when something is less ethical (or unethical) it doesn't detract from its cleverness.

I tend to think the space race as a very smart viral campaign. The space is not free; it lasts only for two years, and then you have to start paying for it.

I'm a bit confused, someone was suspended or banned from using the MIT network for doing this?

Well, the private aspects of the network. Can't SSH in and certs no longer work. We're not sure if it was an automated response (the Moira system was being taxed pretty hard) or if an individual actually revoked it. It's possible we were bogging down some aspect of the network and this was the easiest way to stop it.

We're hoping for the best. Nobody intended to be destructive, it was just a fun project.

You faked thousands of dropbox accounts, created thousands of fake mailing lists and it seems you bogged down parts of the network. This may not be terribly destructive, but it is reckless and borderline malicious. Someone at MIT and Dropbox will now have to spend their time checking their systems for your manipulations. It may have been fun, but I don't think it was worth it.

> "it seems you bogged down parts of the network"

It's MIT and Dropbox... I'm sure internally MIT can handle a one thousand new mailing lists at any given occasion (until they are deleted), and I'm 100% sure Dropbox didn't even notice a blip on their network as a result.

And also MIT don't have to check for anything. They deleted everything when they were done.

I don't know why it was such a big deal for some MIT students to feel like they have to win the Spacerace either, but I did actually enjoy the article, although I'm not sure why the effort was made in the first place either.

MIT probably has 100,000+ emails registered. A couple thousand accounts that each get one email sent to them doesn't make much of a dent. The post mentioned the purposeful renaming of lists to avoid being obnoxious. Combine all that with it all happening earlier sunday morning and I doubt it had much effect on the network.

The most interesting part is that MIT uses client side X.509 certs which basically no one ever uses.

Scientific cluster computing (such as for the LHC or Open Science Grid) uses them all the time for authentication, both in CLI tools and on web pages.

Talk about sore losers.

another posting of this that seems to be getting pushed down for some reason http://news.ycombinator.com/item?id=4679965

I find this arrogant and stupid, and by no means worthy of the word 'hacker'. It's cheating, plain and simple.

As a student from CMU, I must say, well played, MIT. :) We would have conceived of a hack as well but unfortunately we were in the midst of midterm week. Next time, perhaps. ;)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact