back to article When forgetting to set a password for root is the least of your woes

Take a trip back to when mainframes and terminals were all the rage and The Cloud was the smoke produced by the mainframe when a washing-machine-sized disk was about to let go. Welcome to another Who, Me? confession. Today's plea for forgiveness comes from a reader Regomised as "Doug" and is a warning to careless …

  1. Admiral Grace Hopper

    Nobody told me I wasn't allowed to do it.

    While not a defence in law, this is precisely the approach that is often needed in IT.

    The best tester I ever worked would come up to us and say, "When I do [THIS], then [THIS], then [THIS], it goes kaboom". We would ask, "Why would you even try to do that combination", to which he would reasonably answer, "Because it allowed me to". We would then either make it impossible to so do, unless it was a safe combination and should have worked in which case we would fix it.

    Thank you Gordon, you truly were Entropy's Little Buddy.

    An unguarded prompt is the same opportunity (or temptation). What can I do with this? What could possibly go wrong?

    1. Arthur the cat Silver badge

      Re: Nobody told me I wasn't allowed to do it.

      Thank you Gordon, you truly were Entropy's Little Buddy.

      In my case the guy was named Keith. I think most places have one and they really help you improve things (after causing chaos).

      1. Joe W Silver badge

        Re: Nobody told me I wasn't allowed to do it.

        My father in law had a similar guy in his team. He would carefully read the design documents and then break things very quickly. Best thing was that he actually figured out the password checking program would allow him to enter eight blank spaces as a password, because apparently the " " was counted in more than one list of acceptable characters, and thus fulfilled the "get one character at least from each of these lists"-criterium. Which was a bloody stupid mistake, but every programmer has made one mistake of this kind (at least). If we are lucky it gets caught in testing...

      2. AnotherName

        Re: Nobody told me I wasn't allowed to do it.

        Ours was called Malcolm. He could break anything without trying. Eventually I had to add a series of traps in the code looking for unexpected input and branching to a subroutine with a label called [OhGodItsMalcolm] where the input was discarded before carrying on. This was our first real programming experience on a CCPM-based data processing system using Dataflex 3GL back in the mid 80's. It had 1MB of memory shared between the OS and the three user terminals.

        1. ShadowSystems

          At AnotherName...

          My father used to use me in that role. Set my ~7 year old self down in front of the computer, let me bang the keys seemingly at random, & try to figure out how I managed to make the magic smoke escape.

          "He never left the keyboard! I made sure! How the unholy HELL did he manage to cause the CPU to trigger a thermal run away situation???"

          I didn't know then, I don't know now, I just know that my "I void warranties" t-shirt seems to fit in more ways than one. =-D

        2. Alan Brown Silver badge

          Re: Nobody told me I wasn't allowed to do it.

          I used to get told off for writing this kind of checking by default at high school as "unnecessary" - until it turned out it wasn't

      3. J. Cook Silver badge

        Re: Nobody told me I wasn't allowed to do it.

        ... I think ours at [RedactedCo] is my boss; thankfully, it's usually limited to him breaking his account.


      4. TFL

        Re: Nobody told me I wasn't allowed to do it.

        The computer store I worked in had Heston. Great guy, but got called "Glitch" because weird crashes just seemed to happen around him. Think he's an engineer now, which must be interesting.

      5. This post has been deleted by its author

    2. anothercynic Silver badge

      Re: Nobody told me I wasn't allowed to do it.

      Yeeeeeees... This is what QA is *meant* to do. Try anything, everything, see what happens. Even if that doesn't make sense to a developer and they rant on about how QA are trying all sorts of crap instead of testing the software.

      No love, that *is* testing the software. If you do not sanitise your inputs, and you don't make sure your software doesn't let silly things like that happen, then yes, love, your software is going to do stupid things.

      QA were, as much as they were the bane of the developers, my best friends because they highlighted pathways in the software that hadn't been thought of during the design/development process that needed to be... fixed/accomodated.

      And yes. Unguarded prompts? Oh boy!

      1. Loyal Commenter Silver badge

        Re: Nobody told me I wasn't allowed to do it.

        80%+ of development is handling things going wrong, that not only includes uncontrollable things like network disconnections, running out of memory, etc. as well as sanitising any and all user input. Sanitising user input does, of course, include the fundamental precept that no user input is trusted.

        In my experience, far too many developers only think about the "golden path" through the software, where everything goes exactly as expected.

        1. KittenHuffer Silver badge

          Re: Nobody told me I wasn't allowed to do it.

          I always say that I plan for failure rather than success.

          1. Kabukiwookie

            Re: Nobody told me I wasn't allowed to do it.

            Planning for failure *is* the path to success.

        2. Doctor Syntax Silver badge

          Re: Nobody told me I wasn't allowed to do it.

          "80%+ of development is handling things going wrong"

          It should be. It seems to be less and less the case. Sometimes just working out that things have gone wrong would be a start. Simple things like run a report at 5 mins past the hour to list everything that should have been in that hour's shipment but is still unshipped. It's just easier to let the customer complain.

        3. Anonymous Coward
          Anonymous Coward

          Re: Nobody told me I wasn't allowed to do it.

          "80%+ of development is handling things going wrong"

          As someone struggling to deal with a flakey USB device that randomly disconnects, causing his "quick and easy little test program" to hang randomly, this hits too close to home.

        4. Geez Money

          Re: Nobody told me I wasn't allowed to do it.

          Thinking only in terms of happy paths is the sort of thing that you expect from new grad devs maaaaaybe, anyone with a year of experience in industry still doing it is probably unemployed if I'm honest. Or at least unemployable at anywhere I've worked.

          I recall an interesting stat, I don't remember the exact number but there was a fat metastudy a while back that showed a solid majority (well over 50%) of all outages that cost companies money could be attributed directly to missed error handling conditions. Even pretty bad engineers should be acutely aware of this.

          EDIT: Thinking about it, most places I've worked if you didn't include automated tests for the error conditions or explanation of how they were tested in the pull it would be shut down without further consideration immediately.

          1. Alan Brown Silver badge

            Re: Nobody told me I wasn't allowed to do it.

            The problem isn't the bad engineers. It's the MBAs and accountants with NO engineering or QA training at all

            1. Shalghar

              Re: Nobody told me I wasn't allowed to do it.

              "The problem isn't the bad engineers. It's the MBAs and accountants with NO engineering or QA training at all"

              That is indeed the bane of each and every company. I cannot count the times our manglement tried to "optimise" (AKA: prohibit) any kind of real testing as long as the documentations were according to ISO 9000++ (AKA: falsified). This might come out a tad unhealthy, considering that our machines handle up to 30 tons/30000 kilograms with interesting speed.

              I also cannot count the times that manglement allowed only time for a perfect path and timeframe for an also perfectly new prototype. This realitiy incompatible over optimistic approach failed each and every time, as predicted. Those predictions were naturally brushed aside in sheer arrogance, no matter how often (every time) the writing on the wall was glowing so hard that it could be seen galaxies away.

              Bonus points if this nonsense timeframe was already contractually agreed to (of course without checking on the nominal delivery time for special components, which often exceeded the agreed on delivery date of the finished product) and suddenly bears the danger of not only an angered customer but also hefty penalty fees.

              But as always.... it does not hurt where the decisions are made and the decisions leading to the issue cannot be influenced where it hurts most.

              In such occasions, i really wish for Marx... Not Harpo, Groucho or Karl but the nice little high voltage generator, contacted at the correct place where the issue of the false decision constantly happens.

        5. swm

          Re: Nobody told me I wasn't allowed to do it.

          One thing that is hard to test for is device errors because they don't happen very often. Sometimes planting a branch in code to make it appear that an error has occurred might be the only way.

          1. Electronics'R'Us

            Device errors

            Quite some time ago (around the turn of the century) I was doing test and diagnostics for a new product.

            Said product was in a 3U compact PCI rack with a couple of boards we had designed. My code ran on a host and connected via sockets (the joys of ioctl).

            I was just getting the new tests running prior to these boxes going to production and I was getting weird errors.

            Turns out that during the hardware initialisation (hand crafted PCI enumeration included) none of the initialisation code checked for errors. Therefore a failed init was a totally silent failure until I tried connecting to it.

            I added a status word to the init code and successively cleared bits during the init sequence; in good 'C' fashion, zero in that word post init meant everything had worked but also had the added functionality that a non zero result identified just where in the init sequence things had gone wrong, saving significant troubleshooting time at production.

            I just wish they had followed the 10 commandments for C programmers (see item 6) in the first place.

          2. heyrick Silver badge

            Re: Nobody told me I wasn't allowed to do it.

            Device errors might not happen, but ensuring they are handled is better than some code I've seen (opened a file, spewed out information, closed file) and without one single check. Ironically what brought that down was the file handle being null due to unable to create the file, and then trying to write to a null handle. Oddly enough the system didn't appreciate that.

            But still...

        6. Alan Brown Silver badge

          Re: Nobody told me I wasn't allowed to do it.

          "In my experience, far too many developers only think about the "golden path" through the software, where everything goes exactly as expected."

          Case in point in the old days: giving "restricted accounts" which only let people do email.

          Do you know how many ways there were to break out of Pine (or most other "email programs") into a shell?

          I set up a reward system. Any user who could send me a message after breaking out of the mail system got $10. I thought I'd nailed it down before letting people loose on it but ended up shelling out a few hundred dollars anyway (some didn't bother with the message, but enough did that the holes were picked up quickly)

      2. SCP

        Re: Nobody told me I wasn't allowed to do it.

        "Yeeeeeees... This is what QA is *meant* to do."

        Well, not necessarily. There is a line of reasoning that boils down to "you can't test-in quality" (or more fundamentally you can't bolt it on. Testing can detect and remove flaws - but at best a low test failure rate might indicate good quality. Quality is a result of sound planning, development and implementation using processes that aim to prevent or quickly eliminate defects and errors.

        In this line of thinking Testers test - ideally they should be good engineers familiar with the system and be well read on testing methodologies. Quality Assurance is concerned with making sure things are done in accordance with the appropriate standards and procedures, by suitably skilled people - they might even run key reviews (though not be the subject matter experts). They [should] report independently from project management and [theoretically] are free from the project delivery pressures of the project team.

        In reality quality is everybody's responsibility if you want to build a high quality product.

        1. Jou (Mxyzptlk) Silver badge

          Re: Nobody told me I wasn't allowed to do it.

          "ideally they should be good engineers familiar with the system" NOOOOOO!

          The are restricted in their thinking! He will only test what he knows.

          You need someone who is NOT an Engineer familiar with the system. Those who are UNfamiliar test it the real way, since they don't know what is expected.

          1. SCP

            Re: Nobody told me I wasn't allowed to do it.

            Randomized (or even methodical) input testing based on zero knowledge can be automated using fuzzing techniques.

            Deeper testing of a system requires an understanding of what it is meant to be doing and an knowledge of the ways in which things can go wron. It is this element of engineering that is often overlooked by implementors and is a skill that those who excel at testing have an affinity for. Good testers should always have this different viewpoint of the system. Some of their task can be completed without an understanding of the system - but system knowledge can also be used to inform testing.

            However, all this does not build in quality, but should be _part_ of a process that assures quality (and QA should be checking that that process is being properly applied). If testing is finding more than infrequent design and implementation errors that is an indication that the execution of the design/implementation is flawed. Simply patching up those errors is unlikely to result in a good quality system.

          2. Geez Money

            Re: Nobody told me I wasn't allowed to do it.

            This is a very dev-minded approach to the concept. The good testers I've met in my time understood black box and white box testing, understood the tradeoffs and came to the eng team with what they wanted to know about the system and what they didn't want to know about the system and in what order/when before a single workpiece came their way.

          3. Alan Brown Silver badge

            Re: Nobody told me I wasn't allowed to do it.

            This is why I really HATE being told that I must test the system I just spent 12 months developing and building. It's a recipe for disaster upon deployment.

            It NEEDS someone else to proofread the docs and drive the interfaces

    3. Bobbins

      Re: Nobody told me I wasn't allowed to do it.

      You mean Testers don't do this type of thing as standard? I've beta tested several products in my time. Knowing the product inside out meant that I could think up many a devious way to try and break it by doing something "unusual".

      The mantra goes thus: "If a thing is possible, a user will do it. If a thing is impossible, a user will find a way do it anyway".

      1. Neil Barnes Silver badge

        Re: Nobody told me I wasn't allowed to do it.

        In my most recent incarnation, developing software for an automated cat feeder, I spent a long long time thinking up ways things might confuse the feeder. And yet, every now and then, something surprised us, like a cat simply beating up the feeder, or hiding toys in it, or in one case, an owner who rather than pushing the 'open' button simply picked up his kitten and let the feeder detect it to open the lid...

        1. Korev Silver badge

          Re: Nobody told me I wasn't allowed to do it.

          So did you cat or tail the files for that software?

          1. Anonymous Coward Silver badge

            Re: Nobody told me I wasn't allowed to do it.

            I expect it was developed in a gui using a certain pointing device...

      2. Steve Aubrey

        Re: Nobody told me I wasn't allowed to do it.

        Absolute gold: (one minute)

        1. rototype

          Re: Nobody told me I wasn't allowed to do it.

          I've got to send that to some of our Devs - if not educational it'll at least make them think

        2. Chris 239

          Re: Nobody told me I wasn't allowed to do it.

          That is hilarious!

      3. G.Y.

        compilers Re: Nobody told me I wasn't allowed to do it.

        I once let some compilers compile a 1-liner: "ali baba +40 thieves". Smoke came out of quite a few

        Told an old guy about it; he said "I give my compilers .OBJ files to eat!"

    4. jake Silver badge

      Re: Nobody told me I wasn't allowed to do it.

      I sometimes get paid for destructive testing, hard, firm and software. Paid quite well. Funny thing is I'd do it for free, in some cases. Don't tell anyone :-)

    5. The Boojum

      Re: Nobody told me I wasn't allowed to do it.

      This reminds me of the episode of Cabin Pressure (can't remember which one) where Douglas challenges Martin to find out how many of the safety features they can disable and still fly.

      "Hey, chief, I might be wrong, but I think we're flying into a mountain. This makes me feel... scared of the mountain. One thing we could do is pull up and fly over the mountain. How does that sound to..." </icon>

      1. Mark #255

        Re: Nobody told me I wasn't allowed to do it.

        I think you might be conflating episodes.

        The quote is from "Ipswich", when the staff of MJN Air are having their CAA recertification (and are never in their plane)

        1. TchmilFan

          Re: Nobody told me I wasn't allowed to do it.

          Conflation indeed. The other one is “Timbuktu”

          (For non-listeners, in “Cabin Pressure”, the pilots often play games to pass the time)

          DOUGLAS (protesting): No! No, I’m sorry, I’m done.

          MARTIN: No-no, fair’s fair, Douglas. You promised if I joined in with Flight Deck Buckaroo, I could pick the next game.

          DOUGLAS: But I hate this game!

          MARTIN: Yes, and I hate Flight Deck Buckaroo.

          DOUGLAS: How can you hate Flight Deck Buckaroo? It’s a terrific game! And it’s educational.

          MARTIN: There is nothing educational about seeing who can disable the most instruments without setting off the recorded warning.

          DOUGLAS: Yes there is! You find out all the things you don’t really need! Like altimeters.

          MARTIN: No, this is educational. So, welcome to round two of Beat the Manuals!

      2. Prst. V.Jeltz Silver badge

        Re: Nobody told me I wasn't allowed to do it.

        How did we get onto deliberatley breaking things when supposed to in testing when the story was about engineers with far more access than users pissing about?

        1. Doctor Syntax Silver badge

          Re: Nobody told me I wasn't allowed to do it.

          This is The Register. It happens.

          How did we get to discussing how threads go OT?

        2. Dave@Home

          Re: Nobody told me I wasn't allowed to do it.

          "How did we get onto deliberatley breaking things when supposed to in testing when the story was about engineers with far more access than users pissing about?"

          It was mentioned above squire, unsantised inputs

        3. Anonymous Coward
          Anonymous Coward

          Re: Nobody told me I wasn't allowed to do it.

          I though this was about Boris and the BYOB garden party that never happened... and if it did it was all within Covid guideline

      3. Boris the Cockroach Silver badge

        Re: Nobody told me I wasn't allowed to do it.

        I tried that with the NHS doctors app "Calculate the % chance of death when the patient has major heart surgery"

        Put in normal inputs..... mine came back at about 0.75-1.25%

        Next try how far up I can get the % to go ( 94.5%) as I remember.

        Now lets try putting in some really silly values eg blood pressure 250/10 with a BPM of 0.05

        Yupp crashed.(the bpm did it..... did'nt like values lower than 1)

        But then how many hacks are done with the root account being "admin" and the passy "1234".....

        1. jake Silver badge

          Re: Nobody told me I wasn't allowed to do it.

          "But then how many hacks are done with the root account being "admin" and the passy "1234"....."

          None. Those would be called cracks.

        2. the Jim bloke

          Re: Nobody told me I wasn't allowed to do it.

          and the passy "1234"

          Thats the same combination as my luggage...

        3. irrelevant

          Re: Nobody told me I wasn't allowed to do it.

          The Great Prestel Hack was, I was reliably informed, because the password for System Manager (the highest level account on the system) was 1234.

    6. AbortRetryFail

      Re: Nobody told me I wasn't allowed to do it.

      I had a QA colleague who was like this.

      But, additionally, not only would he do it but he would also meticulously document the steps needed to reproduce it. Often with screenshots.

      He was the best QA Tester I have ever worked with.

    7. Anonymous Coward
      Anonymous Coward

      Re: Nobody told me I wasn't allowed to do it.

      I was supposed to "test" the new program. Unfortunately they did tell me not to do much of anything. So I just looked at what was on the screens and the help text.

      But in fairness it was the new version of the program to create users IDs, accounts and set all the permissions. And they didn't have a test system.

      Apparently there had been a few previous fun cases were the developers doing testing had deleted a few or all the user ids. So the new kid just starting, yeah, don't change anything seems like a good idea.

      1. Ben Tasker

        Re: Nobody told me I wasn't allowed to do it.

        > And they didn't have a test system.

        They did. Every company has a staging/test system it's just that some are fortunate enough to also have a seperate production system.

        1. Swarthy

          Re: Nobody told me I wasn't allowed to do it.

          Just a heads-up: I am stealing that line.

    8. Alan Brown Silver badge

      Re: Nobody told me I wasn't allowed to do it.

      This happens a lot in aviation and the testers are called "pilots"

      God knows why they try weird stuff but they do

    9. Anonymous Coward
      Anonymous Coward

      Re: Nobody told me I wasn't allowed to do it.

      "Nobody told me I wasn't allowed to do it."

      If only Boris Johnson could type and actually had an attention span of more than 2 minutes, he might make a good software tester...

      (Let's face it, there surely has to be something he's useful for?)

    10. Zero*Infinity

      Re: Nobody told me I wasn't allowed to do it.

      As a member of a student informal group that was interested in computers (mainframes at the time), during an ad hoc discussion by this group of testing I stated that terrible inputs should always be filtered. As an example of something that should never be allowed and would be filtered, I entered "remove =/=" on a teletype connected Burroughs 5500 (MCP OS which had a common one-level file system). When the teletype did not respond instantly with a message indicating prohibited input, everyone in the group looked at each other with an immediate packing up, quiet disappearance, and subsequent absence from the university computing center for several days.

      A major historical and continuing design flaw has been the development of ad hoc input parser's by software developers (for parsers or any parameter passing mechanism) which assume an OS, character set (especially escape sequences and display rendering), user cultural behaviors, and downstream/upstream validation filtering. A technique that has proven very effective is to create a LALR(1) grammar exclusively for parsing all input with the grammar establishing which character sets, characters, and character set tuples are allowed for further parsing and analysis by a language or context-specific LALR(1) grammar.

  2. Anonymous Coward
    Anonymous Coward

    Hitting Enter....

    Is exactly why Boots and the Co-Op Dept store in my home town were often filled with white noise of a saturday:

    10 Goto 10 :Goto 10 :Goto 10 :Goto 10 :Goto 10 :Goto 10 :Goto 10 :Goto 10 :Goto 10 :Goto 10 :Goto 10 :Goto 10 :Goto 10 :Goto 10 :Goto 10 :Goto 10 :Goto 10 :Goto 10 :Goto 10 :Goto 10

    was left on the BBC Micro, waiting for so less bright kid to hit enter :-)

    1. Cederic Silver badge

      Re: Hitting Enter....

      I did indeed at one point type something into a demonstration computer in a store.

      10 print "hello"

      20 goto 10


      1. David Nash Silver badge
        Thumb Up

        Re: Hitting Enter....

        heh...who didn't do that, back in the day? That's what store demo computers were for!

        1. Peter Gathercole Silver badge

          Re: Hitting Enter....

          Well, on ZX81s, I had a 6 character program encoded in the graphics character set that loaded a number into the "I" register of the Z80, which was used to store the base address of the character table.

          Typed it into a REM in the first line of the program, with a call to the address of the first byte of the REM (which was one of the few fixed addresses in a program on a ZX81), and the display became a scrambled mess with no way to fix it. The only way was to power-cycle the system.

          I used this method on my own ZX81, which had an extra 1K of static memory added under the keyboard, to provide programmable character sets. It puzzled a lot of people who saw my ZX81 displaying everything in lower-case, and I had some interesting times drawing music on the screen, and playing it at the same time on a Quiksilver sound board.

      2. Prst. V.Jeltz Silver badge

        Re: Hitting Enter....

        in most basic a semicolon after the print would yield more spectacular results

    2. Fonant

      Re: Hitting Enter....

      I remember "a friend" "accidentally" plugging a PC keyboard back into a Dixons demo machine, and "accidentally" deleting autoexec.bat so that the machine would not start the demo next time it was powered on.

      Back in the early 1980s when "Dixons Reject!" was a powerful term of abuse for someone who was completely stupid. Sorry Dixons, RIP.

      1. itzumee

        Re: Hitting Enter....

        Reminds me of when I was working for a well-known (but now sadly defunct) software tools developer's tech support team decades ago and took a call from a pompous tw*t working for PC World, who was trying to blag free support for an issue that required a support contract. When I pointed out that he'd need to pay a small sum of money for me to open a support case, his response was "... but I'm from PC World, do you seriously not know who we are?!" to which I replied "Yes, you're part of Dixons". His response was a "WTF are you talking about!?", I suggested he read that day's newspapers where the headline was PC World bought out by Dixons Retail Group.

    3. Down not across

      Re: Hitting Enter....

      As per the article..

      "Like me, most people used the 'return' key to wake up a terminal."

      Yes. Used to. These days its shift key, backspace, or something like that for that very reason.

      1. TRT Silver badge

        Re: Hitting Enter....

        I tend to use shift now too.

      2. rototype

        Re: Hitting Enter....

        CTRL key for me - always works

      3. Swarthy

        Re: Hitting Enter....

        Esc key user here.

    4. Dave314159ggggdffsdds Silver badge

      Re: Hitting Enter....

      We used to go into the big box computer chain in the days of (locked) scrolling screensavers being standard for display. Quick reboot got you out of the screensaver, change text, then _unplug the keyboard_ and wait for someone to notice.

    5. emfiliane

      Re: Hitting Enter....

      Many years ago, but many years after lessons should have been learned, I remember playing with a PC that was running GORILLA.BAS under QBASIC as a floor demonstration, and it was fun making inputs that blew the map up in unexpected ways, but it was even more fun dropping to the editor and changing random things. Like showing my name at the top instead.

    6. agurney

      Re: Hitting Enter....

      Shouldn't that be fill the keyboard buffer G.10G.10:G.10... ?

      Hitting Enter would expand it to GOTO 10:GOTO 10 .. overwriting the sound buffer causing the chaos.

      Similar fun was to be had on the Beeb with VDU CTRL codes to change graphics modes and the like on demo programs that should have less accepting of their input.

    7. druck Silver badge

      Re: Hitting Enter....


      I used to tap in a little program that disabled both the escape and the break keys, waited 60 seconds, then used the BBC Micro's ENVELOPE command to make the same trim-phone ringing sound as Boot's own phones. I would withdraw to a safe distance to watch the staff running around first trying to find out which phone was ringing, then trying to stop the computer but failing as none of the buttons on their cheat sheet worked. Eventually they would set off the theft alarms when they had to move the computer to find the power button.

      Very childish I know, so sorry if any former Boots staff are reading.

      1. The Oncoming Scorn Silver badge

        Re: Hitting Enter....

        A guy that joined us from Boots (Our local stores computer sales guy), liked a drink (Possibly because of you lot).

        One of his wizard wheezes was on Christmas Eve to sit in the bar of the closest purveyor of falling down liquid (Icon) & ingratiate himself into the rounds of each departments Christmas lunchtime drinks rounds, as they came in on staggered lunchtime breaks, he was finally rumbled when the last departing group asked if he was going back to work "Nope I took today off!" & he then partied (If he was still capable of movement) into the night.

        He slept throughout Christmas Day apart from a valiant & brief effort to attend dinner (Looked at food, felt ill & went back to bed).

    8. jdiebdhidbsusbvwbsidnsoskebid Silver badge

      The BBC Master....

      I remember at school discovering that holding down R whilst powering on did something hideous to the machine. No warning, countdown or on screen confirmation, just immediate Bork. Obviously we did on a few more machines before we convinced ourselves that it wasn't just chance that that particular machine had chosen that particular moment to destroy itself.

      It was near permanent. It took our teacher about a week to find out how to fix it, then about an hour with each machine to actually fix it. As I recall he got it down to a few minutes before finally coming down hard on us for doing it again and again and again.

      1. J.G.Harston Silver badge

        Re: The BBC Master....

        It's not "near pemanent" and it doesn't bork it. All it does it reset the CMOS configuration settings, so it actually un-borks it.

    9. ShadowSystems

      Re: Hitting Enter....

      I once visited my local Fry's Electronics, browsed their demo machines, & discovered one had been left unlocked.

      I changed the DOS prompt to read "C:\> Press any key to initiate the self destruct sequence..."

      It was fun to watch customers approach, lift their hands in preparation to type something, then their eyes go wide & they backpeddled as if confronted with a ravenous Bugbladder beast of Traal.

      Even funnier were the *employees* whom theoreticly should have known better.

      Anyway, one clerk comes over, notices the prompt, & calmly rips the power cord out of the power strip along the back. He unlocks the security cable, removes that computer, puts a fresh one in it's place, locks down the new one, & turns it on.

      No funky prompt, he locks the keyboard, picks up the suspect one, & wanders off.

      Too bad I'd watched him typing in the password of "Frys". Walk up, hit the shift key to get the screen saver lock screen, enter the password, & go back to futzing with their shiny clean demo machine.

      I'd probably go to hell for all the stupid shit I've pulled, but Satan's got a Permanent Restraining Order out on me & I'm not even allowed in the lobby. =-)p

  3. Anonymous Coward
    Anonymous Coward

    Don't do that!

    Worked in an organisation that used smartcard and pins for authentication. I was in the office where the system admins worked. This was not a secure office. The admins regularly left their cards in the reader and buggered off. They usually had a loooong timeout set too. (saves having to put that long and complex four digit pin in.)

    Procedures dictated that unattended smartcards be removed and reported. The System Mangler wasn't happy, the paperwork was a pain, and said to stop it.

    So we (I) did stop. Didn't stop us (me) adding clear sticky tape to the chip or trimming the edges of the card so it was to small for the ID card holder. Or adding facial hair in indelible ink to the picture on the card.

    Turns out this was more effective than them getting bollockings!

    Anonymous for obvious reasons!

    1. Anonymous Coward
      Anonymous Coward

      Re: Don't do that!

      Oh yeah.

      The number of contacts , switches and orifices to which the new fangled invisible sticky tape could be applied.

      Jolly japes on a roll.

      1. Down not across

        Re: Don't do that!

        The matte Scotch is brillianr. when properly affixed, can be very difficult to spot.

        1. Strahd Ivarius Silver badge

          Re: Don't do that!

          If it is brilliant, how do you manage to not see it?

    2. Down not across

      Re: Don't do that!

      I did like the way SunRays did it and your session "followed" you with the card. insert your card to another SR elsewhere in the office... or in another office in another country.

      1. MGyrFalcon

        Re: Don't do that!

        That was a great feature, until you kept forgetting to grab your card when you left the office (which I did all the time). The office manager got irate with me since she had to keep giving me a new card. Also, I'd forget about it, then I would have 3 session going on the server for weeks at a time. I finally remembered and had to go through and kill all of my old sessions off.

      2. biolo

        Re: Don't do that!

        The SunRays were fantastic for that. I was working for Sun at the time, and they were everywhere in the vast Sun facility I was working at. Getting from one side of the facility to the other was about a 15 minute walk. As part of the job I often had to go all over the facility, and being able to just walk around with my ID card and slot it into whichever SunRay was closest meant no dragging a laptop about, and laptops weren't common at the time, most organisations used desktops. Meetings were great too, the team just slotted their ID into the SunRay in the meeting room and there were the materials they wanted to demo.

        The downside was when you forgot to pull your ID card out of the SunRay and walked away, most typically happened when you left your ID card as far away as possible from where you next needed it, usually back at my desk at one far side of the facility. Bonus points if the SunRay in question was behind an ID card secured door (we had them in the comms and server rooms), so in addition to the long walk you needed to beg a colleagues ID card (who then couldn't work on a SunRay until you got back)

        1. Anonymous Coward
          Anonymous Coward

          Re: Don't do that!

          SunRay card was brilliant, still got mine as a reminder.

          When I talk about it to people now I don't think they quite believe me.

    3. big_D Silver badge

      Re: Don't do that!

      The ops caught me once. I'd gone to the loo and forgotten to lock my terminal. When I got back, the terminal was locked, with a note from the op, saying I had to repeat 1,000 times, "I will lock my terminal, when I leave my desk."

      I took him at his word, I wrote the sentence in EDT, copied it 1,000 times.

      I then used the VAX phone command to call him (ICQ, WhatsApp or iMessage for the 1970s user), when he answered, I piped the file with the 1,000 lines to his terminal.

      We had a good laugh and I bought him a beer, when we met up for our AD&D evening.

      1. Russ Pitcher

        Re: Don't do that!

        The accepted practice in our office was to send an email from the offending user's account offering to buy doughnuts for the entire team, which was always honoured. A very tasty way to encourage good behaviour!

        1. Prst. V.Jeltz Silver badge

          Re: Don't do that!

          in my office it was near certain sacking , saved only by me showing remorse ,and initiative, by buying a gizmo to hang round neck that locked the machine when i walked away from it.

  4. John Riddoch


    While at university in the mid 90s, my mate and I were doing some work and needed to FTP a file to/from one of the servers, so we opened up the supplied FTP client (stored on a Novell fileshare IIRC), typed in the server name and found an auto-completed config set for that server. With the root account. And a password saved in the config. We looked at each other and hit "connect"... and promptly had an FTP session on the server as root.

    After confirming we were definitely in as root (by downloading, deleting and re-uploading /etc/passwd - yes, a bad choice in retrospect, we could have FUBAR'd the machine), we decided we'd better tell the lecturer who looked after that box about the issue. The config in the FTP client was removed that day.

    1. GlenP Silver badge

      Re: similar...

      For some reason, probably to provide a maintenance window, the Unix box we were using for an assignment had user logins disabled for an hour at lunchtimes, just when we wanted to use it.

      Fortunately a friendly sysadmin (yes, they do exist) had let slip the password for su so we could use that, then connect to our own accounts.

      There were too many fellow students using the same box for anybody to do anything silly with the access, tempting though rm * (no need for the -r back then) may have been.

  5. Anonymous Coward
    Anonymous Coward

    Marketing Company

    We used to send data to a third party marketing company for them to prepare mailshots for us. This was done via FTP. One day after uploading our file, I decided to cd ../ and much to my surprise, it allowed me to. Being the curious sort, I then typed ls -la and saw a list of recognisable company names. Picking one at random, I was able to access not only their directory but also their data.

    This was in the mid-90s when "hacking" was Very Naughty. I spoke to my boss who was in the same quandary as me - report it as a security risk or potentially get arrested? His decision was to keep quiet about it.

    1. DJV Silver badge

      Re: Marketing Company

      Possibly the best approach might have been to have your boss go apeshit at the third party marketing* company for their lack of security as your own data was as much at risk from anyone else with FTP access as theirs was from you!

      * Ah, a marketing company - well, that probably explains their lack of security. Their server was probably set up by the marketing boss's teenage son whose knowledge was based on his experience with AmigaDOS.

    2. Anonymous Coward
      Anonymous Coward

      Re: Marketing Company

      At the end of the nineties I had a similar issue with an FTP server managed by one of our suppliers. In that case I knew the guy who managed IT there, gave him a quick call and he sorted it out. Had I not known that guy I would have also mentioned it to my boss, with the remark that “if we can see their data, they can probably see ours”…

      1. Robert Sneddon

        Business to Business

        I worked for a while providing ad-hoc IT support for a small building company that provided specialised refurbishment and installation services in a rather cut-throat market. When I was first employed by them to sort out their computers I found their network of desktops and Internet connectivity, such as it was, to be rather lacking in any kind of security. I demonstrated this to the company's boss.

        "Look, XXXX (their main rival for Government contracts and blood enemies) could do THIS and THIS and there's no password set and..." as I brought up the company's current contract list on the screen, followed by the unencrypted tender document he was writing for a future project in the six-digit price region.

        "Oh." he said. "Uh, could you do that to THEIR system, you know, speaking hypothetically..."

    3. Michael Strorm Silver badge

      Re: Marketing Company

      "This was in the mid-90s when "hacking" was Very Naughty."

      People used to complain that "hacking" had been distorted from its original 60s and 70s "hacker culture" definition to instead mean someone doing illegal/dubious security-related things (a la your 90s definition).

      It's ironic that even *that* meaning has been degraded and redefined in an undignified way, a la "life hacks" or (e.g.) "menu hack", the latter being where you use various techniques (e.g. asking the staff for unlisted items or combining existing ones) to create something not on the regular menu.

      I saw a billboard literally this morning where McDonald's informed us that we no longer need a "hack" to get a Chicken Big Mac.


      1. Prst. V.Jeltz Silver badge

        Re: Marketing Company

        whilst most of these modern day "life hacks" are mostly lame stupid and pointless , they are somewhat more in line with the original definition.

        1. MisterHappy

          Re: Marketing Company

          My mum used to get Woman's Own & they had a "Reader's Top Tips" section. These days it would be presented as "Amazing Hacks you never thought you needed!"

          1. Anonymous Coward
            Anonymous Coward

            Re: Marketing Company

            #5 will amaze you!

            Grocery stores hate tip #8!

          2. Dave559 Silver badge

            Re: Marketing Company

            Bah, it's the "Viz" Top Tips section that's definitely the best one! ;-)

            1. Prst. V.Jeltz Silver badge

              Re: Viz


              Ensure you only hire lucky people by randomly binning half the applications!

  6. Frank Zuiderduin

    /etc/shutdown ?

    Binaries in the config dir? Was that really common in those days?

    1. jake Silver badge

      Yes. /etc used to contain the so-called "dangerous" system binaries that are now normally found in /sbin (and possibly in other places, depending on the system).

    2. Doctor Syntax Silver badge

      It's called /etc, not /config . You're just used to it meaning "config" rather than "all sorts of stuff that doesn't fit anywhere else".

      1. Joe W Silver badge

        ... which is why it is called /etc, which is "et cetera"...

        Who'da thunk Latin helps with being administratiion of Linux systems?

        1. Arthur the cat Silver badge

          It was Windows that introduced Id Est as a browser.

          1. Precordial thump Silver badge

            And non sequitur as a user interface

      2. J.G.Harston Silver badge

        And it's also in /etc so it's specifically not in $PATH$ so you have to explicitly type the complete absolute path.

        1. jake Silver badge

          "And it's also in /etc so it's specifically not in $PATH$"

          That's "supposed to not be in your $PATH" ... I strongly suggest double checking this, do not assume, I got bit once at a place where you'd think they'd know better.

          ::grumble:: ::bitch:: ::gripe:: ::moan:: ; Hey you kids, ger orf me lawn!

          1. emfiliane

            It's always useful to cat $PATH on a strange machine, and if it's more than a few lines, step extremely gingerly. Like you, I learned this the hard way....

            1. Down not across

              I'd suggest echo $PATH instead.

  7. Sequin

    In the 90's I was working on a system fro a Police research department based in a Home Office building in London - we were based at the IT centre in Liverpool. At a meeting with the moron of a Chief Inspector in charge of the department (obviously deployed there to get him out of the way) he basically accused us all of being IRA sympathisers - "You've even got an Irish name!" I was told. After biting my tongue and assuring him that we were all sevcurity cleared, he went on about how sensitive the info was, and how access to it must be strictly controlled!

    A week or two later I visited the office to see how the bobbies using the system were getting along and noticed a sticky label on a function key that said "Login". Using my supreme detective skills I asked the bobby what that was for - he said "we can't be arsed typing in user names and passwords, so we found out how to program it into the function key. One press and we're in!". Oh how I laughed!

    1. Coastal cutie

      Never underestimate the ability of Plod to bend IT to make things "easier"

      1. W.S.Gosset

        Or to get around catastrophically stupid and/or ignorant "design" by the IT provider/dept.

        My favourite: ~1998 reporting a stolen credit card (mail intercepted) at the Chelsea police station. The lone PC there was sitting there typing (hunt&pecking) the report into their expensive custom-built police system, and the phone rings. He picks up a tightly-folded battered-looking little square wodge of paper from beside the keyboard, wedges it into the gap between the spacebar and the surrounds, and goes and picks up what turned out to be a lengthy phonecall.

        As he went back to his desk I asked him what on earth the paper + spacebar thing was all about.

        Turns out the IT architects/developers never bothered talking to actual policemen, let alone watching them as they did their jobs. And "for security" they put a short timeout on every data entry screen : stop typing for a minute and you'd lose the lot.

        Well, their job is filled with unschedulable interruptions. And they'd worked out that if you jammed the spacebar it'd keep firing in keystrokes and keep the screen alive. When they could come back to it, they'd just hit Tab (and trailing whitespace was trimmed), then Shift-Tab, and go back to typing where they left off.

        1. Yet Another Anonymous coward Silver badge

          Find the smart guy who came up with that and shoot him, he is obviously some sort of enemy agent

      2. Yet Another Hierachial Anonynmous Coward

        Never underestimate the ability of Plod to bend facts/truths/events to make things "easier"....

        1. Yet Another Anonymous coward Silver badge

          Constable Savage you seem to have entered "guilty" in every field in the database ?

          Yes sir

          Including your password

          Yes sir

          Why ?

          The computer did it sir.

          Savage you are an idiot, who obviously understands nothing about police work or computers. i'm transferring you to the home office.

          1. ralphh

            Thank you, Sir.

      3. Anonymous Coward
        Anonymous Coward

        Surprised that it didn't "fall down the stairs, gov"

    2. Dave314159ggggdffsdds Silver badge

      A colleague of mine once told some bobbies that they couldn't get upgraded replacement kit unless the old kit stopped working. Funnily enough, the stuff they wanted replaced managed to 'fall down the stairs' at the station. From a ground floor office.

      Reminded me of that chap who was so desperate to escape that he not only jumped out of a top floor window, but also pulled all his fingernails out on the way down...

  8. jake Silver badge

    Around 1986 I put together a "screensaver" for Sun gear that made the screen look like it had a couple of bullet holes in it. I occasionally deployed it on workstations where the user (engineer) had walked away, leaving himself logged in. Quite realistic on the colo(u)r Trinitrons of the day ... realistic enough to draw many a scream of "What the FUCK‽‽‽‽" from people who should know better.

    1. Korev Silver badge
      Big Brother

      At employer -1 one if you left your PC unlocked then they'd install and run the Sysinternals BSoD screensaver and then when you asked for help you'd get the bollocking...

      1. Admiral Grace Hopper

        We would type a resignation email and leave it unsent as a warning of why you locked your machine.

        1. the hawk

          We used to hit send on those! One of the few plusses of an open plan office, the boss could see you all sniggering like children so knew it wasn’t real. Newbies learned that lesson *fast*, though.

          1. Flightmode

            We used to type up an email to the CTO or similar (replacing one character in the email address to make sure that it wasn't actually delivered if accidentally sent). The message body varied but usually contained enough profanity and lewdness to get SOMEONE in trouble. Hover the mouse over the send button and walk away.

        2. Anonymous Coward
          Anonymous Coward



      2. Ben Bonsall

        Standard practice with an unlocked pc at our place is to send an email to the whole company mailing list inviting everyone for champagne...

        1. Doctor Syntax Silver badge

          "at our place"

          No 10 or the Cabinet Office?

        2. rototype

          In my experience it's usually p***ing about with the mouse settings to make things awkward (or changing things like the keyboard language settings where inappropriate) - There's a whole raft of things you can do if you have enough time, one favourite is taking a screenshot of the desktop and setting it as the wallpaper after hiding all the icons.

      3. Anonymous South African Coward

        I used to ran the SysInternals BSOD screensaver - and got irritated by the number of people telling me my machine have crashed.

        1. Down not across

          As long as they're only telling and not trying to be more helpful by rebooting it for you.

  9. spireite Silver badge

    It has been known for people to deliberately shut a machine down to prove a point...

    Best working example...Infra guy claims in a meeting that the company has implemented failover/redundancy.

    Techies at the coal face know it isn't....

    Random techie shuts down database server.

    All hell breaks loose.....

    Infra experiences a type of redundancy they didn't expect.

  10. Evil Auditor Silver badge

    "Oh, and secure your root access – and never, ever, leave superuser accounts logged in."

    Or as it had happened: a trader called it a day while, apparently, a trade was already filled in. And later on when cleaning staff came in, dusting everything and the keyboard, an accidental trade in the order of € billions was executed.

    That, at least, was the official explanation. I wasn't involved in its investigation at all but believe it was neither accidental nor cleaning staff...

    1. Arthur the cat Silver badge

      Sometimes it's fat fingers, other times it's malicious minds.

  11. Anonymous South African Coward


    once did change the line

    prompt = $p$g to prompt $p>PORN (IIRC it was so long ago) as a joke

    and ran like merry hell.

    Nothing came of it. Sad panda.

  12. Anonymous Coward
    Anonymous Coward

    Novell tricks

    Back in the days when I was a "student assistant" at Uni, one of the other SAs set up batch files for "dir", "syscon", and other common Novell commands in his home directory that would log someone out. His reasoning being that was the quickest way to get logged out if you left yourself logged in and someone else discovered it.

    So a high-level sysadmin found his account logged in, did a dir and got logged out. For some reason, she was furious... mainly because she wasn't too bright and didn't understand what just happened.

    He got a huge bollocking from the head of sysadmins for his "shenanigans", but when it escalated to the department director, he was cleared and congratulated as a clever chap.

    This didn't endear him to the sysadmins for a while, until they finally actually understood what he was doing, and grudgingly admitted it was a good idea after all.

  13. tatatata

    Telnet from a terminal?

    "We could telnet from these terminals to our box..." Eh? Terminals in those days were connected with an RS232 interface to the Unix boxes, especially those iserver room. That was plain RS232, not the emulated version over TCP/IP that telnet is.

    1. DS999 Silver badge

      Re: Telnet from a terminal?

      The terminals were probably connected to a terminal server like an Annex, which acted as a serial "switch" to allow direct serial connections where you could tell it what server you wanted to be connected to, but also supported telnet to wherever was accessible via its network connection (the entire internet, in some cases)

    2. Doctor Syntax Silver badge

      Re: Telnet from a terminal?

      As I read it Doug was on terminal at client site & telneted from there to his office.

  14. mdayres

    They never learn

    10 years after leaving a sysadmin job at a UK university I decided, on a whim, to try telnetting in to their main admin server. Imagine my surprise when I found my account was still active, the password unchanged and still with sudo access? I did the decent thing and left a message in the operators terminal window…..

  15. DS999 Silver badge

    They should have been fired

    They obviously knew what root was, and were quite familiar with Unix commands since they were able to put together a shutdown command. They either didn't bother to check what server it was or did but lied about not knowing. I'm guessing they were planning to "teach a lesson" to whoever left it logged in as root, but teaching a lesson would be leaving 'echo "you shouldn't leave a root shell logged in"' not leaving a shutdown trap that they know would impact their client's business.

    I usually have sympathy for the "Who Me" subject, but not this week. That's a high school level prank, not something a professional should be doing. If they had worked for me, they would be removed from that client site instantly. If they were REALLY good at their jobs I'd consider keeping them around after making it very clear to them that they will be left without a job and without references should anything remotely like that ever happen again. If they were just average I'd figure they were easily replaceable and would do just that.

  16. Paul Hovnanian Silver badge

    Been there ..

    "never, ever, leave superuser accounts logged in."

    Many times. I walk up to use a terminal and it's logged on as root.

    Look around. "Hello. Is anyone using this? Anyone? Hello?"

    I just type in 'exit' and 'whoami' one more time to find the actual user name of the moron who left the system vulnerable. Log them off and go about my business.

  17. Zippy´s Sausage Factory

    Reminds me of a time way back when a colleague was trying to kill a rogue process, traced it back to its root and cheerfully did "kill -9 1".

    Almost immediately the penny dropped, and was rapidly followed by a facepalm heard all the way across the office.

    Fortunately the system was back up five minutes later and as it was already running slowly we just told everyone it was overloaded and had crashed and nobody seemed to think that was out of the question.

    1. jake Silver badge

      "a colleague was trying to kill a rogue process, traced it back to its root and cheerfully did "kill -9 1"."

      And then he convinced the Boss that it was all the systemd-cancer's fault, and was promptly given permission to replace the clusterfuck with a real init?

  18. fredesmite2



    using someone else's computer system to run your program .. thinking they care about it as much as you do.

    1. doublelayer Silver badge


      Was that relevant? They weren't using cloud systems in the article. The comments haven't been talking about them. If they were, nothing would have been different. Why did you feel the need to say this?

  19. fredesmite2

    Back in day with Unix NFS auto-mount

    If you had root password on Unix ..

    You could mount anyone's NFS home directory on a test lab machine and read their ~/mail that was in text



    So I was told

    Many people have told me that

    I never said this

    No .. I don't recall .

    Yes . Donna and Steve were banging during lunch at her apartment across the street.

    1. Dr Paul Taylor

      Re: Back in day with Unix NFS auto-mount

      Some of us learned lessons like this when the world was innocent.

    2. doublelayer Silver badge

      Re: Back in day with Unix NFS auto-mount

      When you have root access, it means you have ... root access. And you can do all the things that root can do, including reading users' files. If you are supposed to have access to run some commands as root but not to read others' files, then the admins should not give you full root access.

  20. vincent himpe

    all you needed was win95 and solaris

    we had big filers running solaris and samba

    grab a windows 95 computer , hit escape to bypass login screen. make new user on the windows box named 'root' with blank password

    Connect to filer by mapping network drive.

    Drag and drop folders around. copy a bunch of pictures from windows to the filer.

    all that stuff was done by 'root'.

    The cause was a bug in solaris whereby it did not re authenticate. it said you are root over there, so you are root over here...

  21. ColinPa

    The two extremese of testing

    One of our testers said there are two extremes in testing

    1) No matter what we did - we could not break it

    2) If we were careful, and the wind was behind us, and we didnt push it - we could get all of our tests to run.

    His favourite scenario was to limit the virtual storage allocated to each components and then hammer it. Including doing things in "the wrong order" and restarting it half way through. All that was "easy". The hard part was making it repeatable so that the same scenario could be retested with any fixes.

    1. emfiliane

      Re: The two extremese of testing

      To this day there are so many apps in that limbo -- heavily multithreaded to take advantage of all the horsepower in modern CPUs, but one out of every 40 CI runs inexplicably fails, and if you want to paper over the race condition you can just run another and it'll work again.

      Until the bug reports roll in.

    2. jtaylor

      Re: The two extremese of testing

      At a previous job, I built some SMTP relays. They were highly tuned Linux servers with lots of disk space for mail spools. I published benchmarks, something like 1 million messages per day per server.

      Years later, another team took over responsibility for email. Their tech lead made a Great Project to replace this old low-budget infrastructure with world-class appliances. He got test gear and quotes from 3 vendors, any of which utterly eclipsed the performance (and cost) of the Linux relays. Someone got me invited to help test.

      My first suggestion was to list all the failure modes that each device was protected against: failed drives (RAID), redundant power supplies, battery-backed write cache, etc. Then induce every failure mode in rapid sequence. Yank a drive, wait a few minutes, re-insert it, wait until it started to rebuild the array. Then pull power from one supply, reconnect, yank the other power cord, reconnect, then pull both. Power it back on then start the performance test.

      One appliance failed immediately. The others were badly impaired. Vendors got upset, and the tech lead was livid because he didn't look good either.

      At a Meeting with managers and vendors, Tech Lead called me out on this BS. I was only sabotaging the project out of jealousy. He observed that the old relays had never been through that.

      I showed them my original test results, where I had done exactly the same tests, but had first queued up 7 days of email on the Linux relays "because it could happen."

      One appliance really shone. We bought that one. He never invited me to another project.

  22. award

    Unguarded terminals...

    Back in the days of VMS, a favorite activiy on finding an unguarded terminal was to modify the login script to alias 'dir' to 'dir/exclude=*.*', and then logging out...

    The cries of agony from unsuspecting users complaining all their files had been deleted :-)

  23. Hazmoid

    Working for a national company in headquarters, with around 20 IT staff in an open plan office, the rule was if you walked away from your computer without locking it, then it was fair game. One of our staff made a point of setting the desktop to be pictures of kittens and leaving an email to management telling them that you quit.

  24. Bob Scrantzen

    I never needed to hack our shiny new £50,000 UNIX Server, it was left completely open.

    Full rwx permissions and privileges. Just change directory to another user

    I was angry at our 3rd party supplier's incompetence but never said anything

    It was too useful knowing the salary of everyone in the company

    And the secret plans to geographically relocate to a cheaper part of the country, 150 miles away

    Four of us, in the know, went to the Managing Director and complained and the plan was kiboshed.

    (most of our customers were in the South East)

    We set up a meeting at his house one evening

    "How do you know all this?"

    "Can't say, sorry"

    The loophole was never closed

  25. Anonymous Coward
    Anonymous Coward

    Nothing much but treated like naughty schoolboys in front of the headmaster.

    Left alone in the testing and development lab of our parent company in Germany we had access to terminals.

    Played with commands to no real effect, luckily, I guess.

    We found a command/script "crumple" which had the pleasing effect of, well, crumpeling the screen.

    Nothing bad.

    Next day we mentioned it, we were interrogated and finally called into the big bosses office

    It started with "wtf were you thinking of" you could have caused untold damage and cost time and money and so on. (They were all valid points, we had no Unix knowledge and...)

    We left feeling totally told off as if we were still at school.

    Mind you, Munich and a few beers later, wft, Prost!

  26. MarthaFarqhar

    A student who was a Student's Union officer left herself logged in.

    Another student decided to post under her login "I'm a stupid expletive expletive. I've let myself logged in" and an invite to tell her that via her email.

    This was posted to alt.test, misc.politics, alt.flame, alt.tasteless and a few other delectable groups.

    The sysadmins had a hell of a time with her account mailbox being over quota within minutes of this happening.

  27. Nitromoors

    At least they did not leave it with

    rm-rf /*

    lurking on the command line.

    1. MiguelC Silver badge

      I once saw every PC on the school's IT room displaying

      C:\format C:\ /u



      Proceed with Format (Y/N)? y

      in their command prompts, just waiting to be activated by any unsuspecting user

  28. Curtis

    "Curtis broke it"

    I am routinely put on beta teams at my employer with the instructions "Hey, Curtis. See if you can break this". And I do. Because the guys doing the programming don't actually use the software daily.

    To this day, there's one dev who has stated that under no circumstances am I allowed to "test" his software. Interestingly, whenever he says that, upper management then pulls him off whatever project he's working on.

  29. tlhonmey

    Not devious enough.

    Whoever woke it up with enter got to see the command before the machine shut off...

    A really devious person would do something more like:

    echo "alias vi='grep -v bOzO .bashrc > brc ; mv brc .bashrc ; shutdown -h -Q 30' " >> .bashrc

    That way they don't get to see the shutdown command when they wake it up with the enter key. Could lurk for days...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like