Idle Computer Science skills are the Devil's playthings Ah, the sweet, sweet smell of Monday. What better way to start your week than combining it with the latest confession of wrongdoing from The Register readership in the form of our weekly Who, Me? column. Today's blast from the past comes from a somewhat unrepentant reader we shall refer to as "Charles". Take yourself back to …
But give him plenty of work to do and keep a close eye on him.
I'm always happy to work with someone who can learn of their own accord, even better if they learn for learning's sake. And, to paraphrase Nanny Ogg, it's better having them inside pissing out than outside pissing in :)
I recall one of my fellow graduate intake starters doing the same on a company DEC 10 during the lunch break on our second day of training, having just started work, and running it up on every terminal in the terminal room. He was caught. They fired him on the spot.
So, "hire immediately" as long as the developer doesn't continue to do that sort of thing post-hiring!
This post has been deleted by its author
The problem presently, and it is an abiding enigma and expanding conundrum which shows no signs of being able to be commanded and controlled, is that a failure by that and those most vulnerable to catastrophic loss of a failed and increasingly revealing remote narrative control to hire and/or pay an exceedingly generously danegeld sum to that and/or those able to easily disrupt and/or destroy bigger picture stories [and upon which all realities depend upon for their survival in an ignorant and unquestioning belief system/early primitive preprogramming of live assets/liabilities?:-)] ...... in order to immediately compensate one for a certain loss of future earnings even if one chooses to play nicely to the tune of others with an engaging and acceptable revised narrative program, is a natural viable and valuable available option?
Quite whether nowadays, whenever so much is so easily disrupted and/or destroyed and/or held to ransom because of increasingly obvious catastrophic exploitable intelligence/program/OS vulnerabilities, one would choose not to do anything further in the field and just enjoy the fruits of one's danegeld labour in a system so comprehensively compromised, is an interesting question to consider before not answering.
"Whoever controls the media, controls the mind" …. Jim Morrison
“The most dangerous man, to any government, is the man who is able to think things out for himself… Almost inevitably, he comes to the conclusion that the government he lives under is dishonest, insane, and intolerable.” —H.L. Mencken, American journalist
We had students like Charlie. The ones who phoned the computer centre and owned up were thanked, told not to do it again, and the underlying bug was fixed. The ones who ran away leaving someone else to clean up the mess were hunted down and had a very painful interview with the CC director. They also usually got a ban for some weeks or months.
Well, I actually managed to take down the entire support desk* of a major ISP back in the 90's.
Myself and a colleague were attempting to test a customer line (2mbps!!) and our ping tests from our BSD laptops weren't really doing the job.
So, we decided to run a little script to do the job for us, and every iteration spawned another process to, well, help out with the chores so to speak.
*Everything was going splendidly for us, but it became apparent from the cries of consternation around us that something was amiss. By the time the in-house support trotted along to 'fix' the local switches we had definitely decided that we might have possibly had something to do with the disruption.
In an amazing turn of co-incidence, the moment we stopped the scripts running the network appeared to 'resolve' its little tantrum and all was well. We kept our heads down and got on with our work, checking the 5 minute line stats on the customers router for one thing :)
About an hour later I got a call from the senior network god who offered me an opportunity to 'learn how to soak-test a customer connection without taking down the entire network'. Training subsequently given and ne'er a bad word was said.
Needless to say we learnt our lesson(s) and were a *lot* more careful after that. Ah...them's were the days.
About an hour later I got a call from the senior network god who offered me an opportunity to 'learn how to soak-test a customer connection without taking down the entire network'. Training subsequently given and ne'er a bad word was said.
That reminds me of some network chaps, while troubleshooting issues, made the mistake of debug all ...
.. on a core router.
Powerful learning experience that is, and hence I don't recall anyone doing it twice. The more surprising thing is that even with the stories, it did happen more than once.
"debug all ...
.. on a core router."
What would that do? Log every action taken for every packet through the router? That sounds like a bad time for all concerned.
Back when I did tech support for actuaries, I ended up doing a league table for largest log file. Nobody got past 50 million rows, but I had to write a custom file parser to find out what the guy who got to 48million had even done...
"debug all ...
.. on a core router."
What would that do? Log every action taken for every packet through the router? That sounds like a bad time for all concerned.
It would attempt to display debug information on everything. In most cases it will peg the cpu and the router will become unresponsive and only recoverable by powercycling it which is not what you want at an ISP.
The only use for debug all without further specification what you want to debug (say an interface for example) is when you've been debugging various things and want to turn all debugging off with no debug all.
I got one of those chats, although it wasn't my fault.
Another student had sabotaged my mates program and they had a small fisticuffs sessions in the corridor. As a witness, I had to join my mate in the professor's office for a "chat", which involved the prof saying the other student was a git, here, want a fag and a glass of scotch?
Today in America (depending upon the state!), it would a FELONY abuse of computer systems, and if you're a LUCKY bastard of a student, the judge will only give you 3 to 6 months in the County Jail, a $10,000 (7000 Euros) fine and cell where Billy, Bubba, Carlos AND the GUARDS will probably have their way with you since county jails are usually far less controlled than the state or federal prison system. Afterwards, you get 1 to 2 years probation which has LOTS of restrictions on what you can do and which places you can goto! Screw that up and they send you back again for 1 to 3 years in the steel barred pokey!
If you're the UNLUCKY BASTARD with an ornery judge AND/OR if that computer system was doing FEDERAL work (i.e. funded by or doing computing for a federal agency), then your arse is in the kablooie! They fine ya $250,000 US (around 175000 Euros!), and send you to a federal lockup for between 5 to 25 years and you serve the ENTIRE sentence because there is no parole in the Federal system. THEN you get 5 to 10 years probation afterwards AND if you screw that up you go back again and LIKELY get a 2nd Strike and Your Out Sentence (i.e. Life! - you only leave in a pine box!)
In America, you can kill someone and still get only 15 years in the hard-time pokey. Screw up a database system across state lines or at a federal agency, and it could be a 25-to-LIFE SENTENCE for you! And since they TEND to send you to a Max or even Super-Max Penn for computer abuse, you get put in with the big time killers and armed robbery felons, dealing with fellow prisoners where every square inch of their face is tattooed and they tend to be 180cm+ tall and weigh 100 kg+.
Since MOST techie/nerds are slight in stature, YOU BETTER HOPE you don't get put into general population, cuz your rear end is gonna be all raw, red and bleeding after the first day and the next and the next until the end of your sentence OR until ya finally hang yourself in your cell!
.
I'm inclined to be sympathetic and go with the hire option. The type of person who tries something like this and ends up breaking the system as a result is usually the type of curious person who will figure out how everything works and use that knowledge for good. However, I don't think I can do that because of two major problems:
The first problem is that he knew what would happen. If he ran his initial directory bomb long enough that he couldn't recover, that would be just fine and I'd think he should be hired. But he already knew that running this wouldn't help anything and wouldn't be self-limiting. Running it in parallel didn't really produce anything different--it just increased the amount of work needed to clear it up. That doesn't sound like curiosity to me. It sounds like pointless disruption.
The second point has already been made, which is that I'm a lot more likely to consider someone nicely when they've confessed. I've dealt with plenty of people who have done a lot of damage, realized that, and contacted me to give me all the information they have that will help me fix it. I really respect those people; I know that, if we have a problem later when we're working together, they won't hide things from me and they're not going to have some problem letting me help out. By extension, anyone who doesn't confess and leaves me to discover, diagnose, and clear up their problem after they've just left it there is going to find themselves lower on my to-be-hired list than anyone who has confessed or hasn't caused me a problem.
I learned shell script and wrote a login emulator at my first university, while doing a non CS degree, and they weren't very impressed, to say the least. But it did make me realise I was studying the wrong subject, and give me the opportunity to do computer science at a much better university.
Yeah, i did that as well on our Uni vax. Thaught i was so clever at the time. (Obviously I wasnt).
Fotunately (for me), i didnt actually deploy it. I suspect that would have been last-straw territory.
I think i was on a list of troublemakers, as i was smart enough to cause problems, but not smart enough to be any good at it, and the Vax Sysasmin at BIHE really knew his stuff.
Other things i managed was writing scripts with busy-wait loops (inadvertently), doing strange things with directories, and logging on someone who was banned for doing nothing but playing MUDs all day as well as lots of things i dont want to admit.
Saying that, i did teach myself C and C++ and write a chess program in DCL on that box as well.
Frankly, looking back at it, as i wasnt even a computer science student (Electronic Engineering), i was suprised i wasnt just kicked off it.
To be honest, the list of potential trouble-makers was probably an informal one compiled by the local technicians very early in an undergraduate's career at a university. At the time I was at university in the early nineties, universities were not engaged in the current "bums on seats" education method and could thus afford to be choosy with their students.
Thus on the biological sciences course I was on, dissection practicals were introduced fairly early on, the better to identify and get rid of those nitwits who signed up to a zoology course without being prepared to work with dead animals (later on, when "Bums on Seats" was an overt policy, I did hear of zoology students objecting to being told to do dissections, and asking if instead someone else could do the actual dissection whilst they took notes. To his credit, the head of zoology simply said "No, do the practical or not, and if you don't you don't get a mark for it").
The duffers, the stupid, the incautious around sharp blades and hot things were rapidly identified in those early practicals and the informal list made up; subsequently this would determine career pathways for many an undergraduate.
A mate was an op at Plessey on the night shift. He was bored.
He wrote a space invaders on the VAX in DLC, using a spawned process for each sprite and the main routine killing the processes as the sprites got hit.
That was harmless. What wasn't so harmless was another night op getting bored (what is it with night shift and boredom?), he ended up playing Essex MUD, using the modem over the PSS network... That was costly, back then, on its own. Only he was playing a complete team and had 6 sessions going.
Luckily he was good friends with the person responsible for the telephone bill, who managed to spread the 3 figure cost across various projects. Slapped wrist and told not to do it again!
Back before I had a computer of my very own, I had access to the mainframe at work via a bunch of teletypes in a small room down on the ground floor. I used it for various work-related chores, programming in BASIC which I had learnt at college. Soon after we were married, my wife and I had a joint bank account (we both had cheque books), and I decided that it would be a good idea to keep track of our account balance, so I wrote a sort of crude spreadsheet program and stored it in my allocated storage space on the MF.
I only ever accessed this program during the lunch break, so it did not impact my working time, but one day I was summoned to the Head of my department and told in the very strongest terms that I should not be using Company computer time to track my bank account. I was instructed to remove the program from the computer and not do it again, on pain of excommunication (from the MF).
Some time later, we bought a Spectrum for home use, and I started using a modified version of my spreadsheet to control our household finances.
So this sysadmin from BIHE, whom you praise so much, where, or when do you think they gained their skills? Well I'll tell you, spending time at Wigan Technical college hacking their systems! It honed the apparent psychic skills for detecting who was up to "no good". The games were regulated, I learnt system programming too, which became the mechanism to control access to the games on the EE department's PDP, (POLLY) then a discrete area on SYBIL (the EE's VAX). When I renamed the other VAX from VAX to BASIL I didn't make many friends with the academics either.
Nonetheless I saw the value in education, this idle time was self education so I tried to demonstrate some concern for security to those who let me be custodian of this newly formed network and also marvelled at some of the ingenuity I saw with students discovering this new playground.
Don't forget, the academic calendar left a few summer weeks, which was also the sysadmin's playtime in education. I was (and am ) CITSNIC , and still playing, sorry, working with VMS (OpenVMS) even on the odd VAX.
I'd be careful about hiring such folks. Some ikkle firsties turn to the Dark Side because they're bored, and others turn because they're little shits.
The first sort can be quite useful. Find them something to work on that stretches them and interests them - but don't give them any extra privs though, just in case they do turn out to be a little shit.
The latter sort, they'll cause trouble just because they can, and some of them even revel in being told off. I knew of one kid who actually celebrated his 25th bollocking from the director of studies. His usual MO was pretending to be a terminal server to grab credentials - I used to enjoy breaking his little toys and crashing them back to his login prompt, then I'd prove that I'm a little shit too by winding up the operators. Who knew that sending "Hey there you useless tape monkey, come and get me!" as a request to the system console would upset them so much?
I'm always happy to work with someone who can learn of their own accord, even better if they learn for learning's sake. And, to paraphrase Nanny Ogg, it's better having them inside pissing out than outside pissing in :)
While I don't disagree with Nanny Ogg, the main reason I would not hire Charlie is that when he realised it all went bit wrong, he didn't have the guts/integrity to own up to it.
the main reason I would not hire Charlie is that when he realised it all went bit wrong, he didn't have the guts/integrity to own up to it.
Exactly. He knew what he did and did it intentionally. If was something more of an honest mistake where he ,mistyped or didn't know he messed up, that's different.
Plus 10 points for ingenuity, minus 100 for malice.
In his second adventure, having discovered how destructive his script was, he deliberately used it to bring down the whole system. He would have to be extraordinarily talented to make it worth the risk of employing such a psychopath.
I thought about that for a moment, but a simple "while (true) {mkdir a; cd a;}" loop isn't exactly clever. If he could genuinely say he wanted to see how deep he could go before the OS skinned his script alive, but he already knew it wouldn't stop him. Into the pit with this miscreant.
"...to paraphrase Nanny Ogg, it's better having them inside pissing out than outside pissing in :)"
Minor note: I would be confident that Lyndon Johnson's comment about mollifying a political opponent enough to turn him into an ally ("better to have him inside the tent pissing out than outside pissing in") probably came before Nanny Ogg's.
The "rule" usually cited in this context is that quotes gravitate to the more distinguished culprit.
If you really want people to take your comment seriously, tell them Winston Churchill said it first.
-- Benjamin Franklin
How sad for poor old LBJ. :)
I'd prefer to think "good on ol' Sir Pterry; he's risen to the ranks of quotation magnets" (among whom Churchill, Franklin, Mark Twain, and Oscar Wilde are prominent), but I do see your point.
I agree totally.
And I've also managed to bring a few mainframes and minis to their knees over the years.
The classic, related here before, was on a DEC VMS Admin course in Reading. I was bored, the course was covering stuff I already knew, so, for a laugh, I did show users and started logging people off our VAX (each course had their own VAX). It worked fine, so I knocked up a quick bit of DCL that exported the user list to a file and went through the file and logged everybody but big_D off...
Worked a treat. So I went one step further, I turned it into a self-submitting batch file. Submitted it and sat back and relaxed and looked around at frustrated faces as people kept getting logged off...
Only I then made the fatal mistake of logging off myself. That was when I found the fatal flaw in my logic. During the login process, you don't have a username, but you do appear in the "show users" list as <login> and a process ID. ZAP! The login process just wasn't quick enough to get me from <login> to big_D before the batch job had killed my process.
Luckily the instructor saw the funny side, even when he couldn't log onto the console in the computer room. In the end, we had to do a hard reset.
:Loop; type Alt+256>a.txt; type Alt+256>b.txt; Type a.txt>b.txt; type b.txt>a.txt; goto loop.
The faster the CPU, the more RAM it has to play with, & the larger the drives it starts on, the greater the "fun" that results.
You'll need a boot CD/USB device handy so you can delete the two text files to regain control over your computer.
Kiss all the free CPU cycles & drive space goodbye.
The fun you can have when someone challenges you to crash their system without triggering the anti virus routines.
*Ominous maniacal laughter*
Test in Windows command prompt :
Type a>a.txt <ctrl>
The system cannot find the file specified.
So, unless you've already created file a.txt and b.txt, your script is going to fail to do much more than use CPU cycles and fill the command prompt buffer.
And, as soon as you kill the window, the problem is gone.
Do you *really* think I'd post actual code that could be copied & pasted into a CLI that would run?
I just wanted to get the concept across. Those that want to make it function will know how, those that don't will either RTFM to learn or will get nowhere.
Sorry for the confusion.
In the days of spinning rust, perhaps. In the days of solid state storage, urandom is a good compromise between tricking the disk write routines (i.e. ensuring blocks are erased instead of marked for garbage collection) and having to constantly buy and dispose of destroyed media.
If anything's going to cross security domains, physical destruction is important of course. If it's just being wiped for reuse at the same security level, and the recipient isn't authorized to access the stored data, urandom does a pretty good job of wiping things out.
He worked for a government lab while also getting his PHD in particle physics, and during some downtime created some code which generated a recursive zip file, and not just a straight one directory, recursion etc. no it had 4 directors at the top level, which looped back at various points after various other named directories. He then wanted to run the code through his code analyser at work at the government lab, where his major coding tools were (he worked on a major project involving creating software for new research models) so, as you do, he emailed it to his work address (because they don't like taking media and plugging it in, that way lies espionage, and virii and such.
And now you've probably guessed what happened....
So I'm assuming here that he sent a sample of the recursive zip file to his email address and the virus scanner picked it up and...
What happens next is the interesting bit. Any competent virus scanner would (hopefully) be able to detect a malformed zip file and not try and parse it for eternity, and then remove it from the email. I'm guessing this is not what happened, which strongly implies that the bit of software designed to explicitly look for malicious code is pretty poor at finding it.
The severity of the result is going to depend on whether this is a single instance 'scanning' all email, or a separate thread for each email, and whether it has been designed with any sensible timeout. On balance, I think I'd probably design such a thing to use a thread pool, and scan each email on an idle thread, queueing them up if the thread limit is exceeded, and putting a sensible timeout on the processing (maybe 60 seconds which should be more than ample for most cases), with the timeout configurable. There may still be some other attack vectors to cause a denial of service, for instance flooding with multiple malformed messages, so perhaps limit the processing to one message per sender simultaneously. That's not going to deal with multiple malicious emails fro multiple senders, but that's the sort of thing that's getting into DoS prevention/mitigation territory and it has its own solutions.
There used to be quite a few virus scanners that would try to open any zip file they came across. Cat /dev/zero | gzip > nasty.zip was a quick way to create the magic expanding zip file, which when the simple-minded virus scanner found it would crash the system after eating all of its memory.
In a similar sort of theme, the senior staff of a certain Yorkshire university discovered that they had a problem with pornography being emailed around the place, and insisted upon punishment for anyone receiving such filth by email.
Inside of oh, about five minutes, the entirety of the senior faculty were magically receiving both barrels of "rule 34" pornography; indescribable stuff that presumably someone somewhere likes, but which otherwise triggers gag and vomit reflexes whilst at the same time violating anti-porn rules in quite a staggering number of ways.
The rule was rescinded remarkably quickly, with quite a few senior academics forswearing off computers for life.
At one place where I used to work, I can remember someone being hauled over the coals for receiving a dodgy email of some description. In true Kafka-esque style, TPTB would neither tell the individual involved who had sent it, nor what it contained, but were determined to punish him for it anyway.
Needless to say, that particular company no longer trades.
When you say that a competent virus scanner should be able to detect a malformed zip file, I think you may be missing the point. I understood the zip file to be well formed. It's certainly possible to make a zip quine, and although I've never personally seen it done it should in principle be "straightforward" to extend the technique to a valid zip file which contains multiple copies of itself with different names.
Yes. There are various sorts of well-formed pathological zip files (and similarly for other archive formats), well-documented in forums such as BUGTRAQ and VULN-DEV. The topic may have come up in an article in PoC||GTFO, too; I have a vague memory of that.
Anyway, this is why modern malware scanners generally have configurable limits on directory depth, expansion factor, and nesting for archives and other compound file formats. If a limit is reached, the scanner treats the file as malicious.
Of course this is an arms war, with attackers finding new looping constructs the scanner developers forgot to limit, creating polyglot files that scanners interpret incorrectly (or at least not in the way that end users interpret them), and so forth.
"including a small program emulating a login screen, that dumped the entered username and password in a file."
I did exactly the same with old novell dos logon. Whilst they taught you useful things in C or Pascal class , they never seemed to bother with the finishing touches - like compiling and packaging your program. So i had to leave my my malware running in the IDE thingy.
Got found out too, Still got the written warning . very proud of it .
... such shenanigans were considered part of the coursework, if unofficially.
These days, it'll get you expelled and put on a terrorism watch list.
Back in the day, the computer revolution happened. These days, companies like Apple patent paper bags and rounded corners, and charge $999 for simple, nondescript monitor stands. Coincidence? You decide.
and charge $999 for simple, nondescript monitor stands.
<sad Apple geek>
How dare you call it simple and nondescript! Shhh, she's going to hear you!
</sad Apple geek>
Anyhow, I really wonder as to why did people give a hoot about this. It's basic capitalism. Sheep willing to pay, and a company willing to sell to the flock. Supposed customers of "Pro" products are willing to splurge $6K - $15K on a display, ahem, reference display, so why not sell a $1K stand if there are customers willing to pay?
customers willing to piss away tax payers money that should be being spent on nurses , medicine & bandages etc , not lining your office with all the finery you can waste money on just because you think as the head of finance you deserve more expensive equipment than anyone else
Exactly!
One point though:
Separating actual fools from their money is unethical.
Correct, but crooks have been separating fools from their money since forever. This is nothing, erm, "newsworthy". Or have people believed up until that point that Apple was a charity (or an honest garage-run neighborhood sale), not a big, fat megacorp?
No. Back in the day spotting how to do that was almost required, doing it by accident forgiven, finding out how to subvert the system to do it when you shouldn't rewarded with beer and actually doing it on purpose cause for a severe spanking.
But I went to a university whose admin understood undergrads.
he'd be called a script kiddie, and punished accordingly. Which he deserves, from an ethical point of view.
That aside, if I were to be responsible for hiring for any organization which does "serious" work (i.e. security contractor, banking firm, TLA), I definitely won't hire him. Though he's a "deviant soul", thinking out of the box, and creative (mischievously so), this non-conformity could be a curse as well as a blessing.
If you ever find yourself having to unpick such a thing in Windows - 7Zip's file explorer will let you rename files that Windows won't.
You can usually also do tricks with drive mapping to make windows think the filepath is shorter, but that won't work if every individual folder name is already at the limit.
Oh, that is old. With an easy fix.
md empty
robocopy empty directory-to-kill /s /e /r:0 /w:0 /purge
rd empty
This method even gets the link-looped directories, for example, in the user profile.
If you want to make it better set obscure rights after creation, and remove all inheritance ;). Easy to solve for those with enough experience, but hard for those who never had to struggle such weirdness before.
I've done something similar, or rather a program I was in charge of for a security system. Turns out ext3 doesn't like millions of files in a directory (hindsight 20/20, yada yada). Didn't so much run out of inodes as made things nearly impossible to remove -- rm -rf of the top directory didn't work, rm * inside the directory just caused the shell concatenation limits to be hit and nothing to happen. For extra fun there was data outside that directory that needed to stay intact -- ended up writing a small program to loop over the files sequentially and remove them one by one. Took hours to run IIRC on a fairly fast disk subsystem...
Oops!
find is your friend
Not when even it was choking on the sheer number of files. Can't recall the exact problem at this point but could have just been too slow or was chewing up too much RAM given the degree of, ahem, filesystem abuse that had taken place.
Otherwise yep, that's a great way to recover from something like this.
Something to keep people up at night: what happens to a BTRFS volume that has this happen? Nothing good I imagine, but I suspect the solution is more "mkfs.ext4 and restore from backup" than "fix it" given how BTRFS handles certain things.
<i.Recursive algorithms the preferred method of killing a computer.</i>
Bah.
More than one way to skin a c*t (kill somebody's purdy compoota) :
1. Hard reset tool (hammer)
2. 240V directly onto any exposed terminals
3. Remove heatsink and let the CPU die a hot and bothersome death (not always effective)
4. Insert family of rodents into computer box with lots of food and water. Nature will take its course.
5. Iron fillings. Lots of these.
6. Empty a tin of Coke directly on the motherboard and do not wipe up. Bonus points if the motherboard is operational at the time of outpouring.
Others are there, but you get the gist.
Software algorithms will only make it perform undesirably, and can be fixed with the right PFY/knowhow.
Hardware algorithms will make it stop performing permanently. :)
Take your pick.
PS - block of cheese in the mainframe + family of rodents = great fun
That's a surprisingly new addition to most CPUs though, in the grand scale of things - the last CPU to not have it were (IIRC) Netburst P4s and Thorobed Athlons.
I dare say some more specialised chips had it, but from a consumer grade standpoint, I think that's where thermal cutouts started to be 'the norm'.
Steven 'this is just off the top of my head, correct me if I'm wrong, commentards' R
Today, yes. I have had literally that happen (brace broke, heatsink fell off) and have the machine survive with no observable ill effects, I'm using it to this day with a new brace.
Back in the day, that's another matter - I recall seeing a YouTube video specifically testing sudden heatsink detachment on Intel and AMD CPUs - the Intel one got throttled down instantly, the AMD one went up in smoke, also instantly: they did have a similar mechanism, but it was polled relatively rarely on the assumption that thermal runaway does take some time. That was true if the fan died; it was most certainly not true if the heatsink itself departed wholesale...
Incidentally, mine was an AMD and all this flashed before my eyes in the millisecond I realized the funny thump immediately followed by a 747 at takeoff I heard coming from the case could only be one thing - luckily, this happened much later, by then I was covered too apparently.
I'm partial to taking them out behind the shed and applying gunpowder and projectiles.
...which will leave the data-containing silicon bits largely recoverable in their plastic packages, and scattered to the wind to compound the problem. Not really a good way of doing anything other than getting visceral revenge on "that dang compootah!".
Now a hammer to the chips in question, that's cheap, effective, and 100% guaranteed...
Recursive algorithms the preferred method of killing a computer. .... JimPoak
Not many realise, JP, that is what is killing trading markets and stalling progress in education and employment in enjoyment. No original lead in a novel direction.
'Tis where Humanity currently be Stuck, Terrified and Terrorised?
Methinks So. The Evidence is Surely Plain Enough BroadBandCast for All to See with Lots More Yet to be Shown in Support of the Motion, Immaculately Born of SMARTR Notions ‽ .
... provided he’s show promise, otherwise out out out.
That’s not inventive, that’s just stupid. Wrapping it up in mollycoddling “curiosity” is bullshit. You can be curious without fucking things up.
If he didn't realise that the box that was created to do repetitive tasks quickly then took the very repetitive task and did it very quickly, then he’s missing the point. That’s not a BOFH, that’s a user with little knowledge making poor decisions.
If he didn't realise that the box that was created to do repetitive tasks quickly then took the very repetitive task and did it very quickly, then he’s missing the point.
This!
That’s not a BOFH, that’s a user with little knowledge making poor decisions.
The same act in a different context (that of a sysadmin, like the BOFH himself in the '90s) can constitute a BOFH's act.
Never letting the truth get in the way of a true story:
When I was an undergrad, back in the day when VAX systems were new, one of my class mates failed, due to too much time hacking and not not concentrating on coursework. So, what does a hacker do when he's just failed? So the story goes, he broke into the computer systems and gave himself a pass. Inevitably, he was found out and, in an amazing turn of events, struck a deal to show them how he'd done it, in exchange for a pass grade.
The irony was that he failed the next year due to getting involved in too much guild politics. He was granted a repeat of that year and eventually scraped together a pass degree.
The double irony is that he founded various software companies after leaving and managed to do reasonably well for himself.
For me it taught me a lesson in the differences between DOS and Unix.
The intent was to fill the user's disc quota by doing
echo "Don't leave yourself logged in" >> please_logout.txt
./script.sh
Under DOS invoking a batch file from a batch file terminated the old one unless you used "call". Under Unix it spawns a new process. Cue the system dying due to running out of PIDs!
I'm not sure if the system automatically recovered by killing the process or manual intervention was required. Fortunately it was the first week of the uni year, so most people blamed it being all the freshers doing silly things.
Under Unix it spawns a new process. Cue the system dying due to running out of PIDs!
Admins who don't set reasonable resource limits (setrlimit / ulimit) get what they deserve.1
I've seen this plenty of times at customer sites. They report some problem, and it turns out one of their applications has an inadvertent fork bomb or filled up a small /var partition or what have you. "Isn't there some way we can prevent this?" they ask. Yes. Employ a system administrator who actually knows the OS you're running.
1Granted, depending on how long ago this was, it might have been a UNIX variant that didn't have setrlimit. But setrlimit's been around for a while. Man page history says it appeared in BSD 4.1c, and while I'm not sure when AT&T UNIX picked it up (don't have my reference books handy), it was incorporated into POSIX.1 in Issue 4, Version 2, in 1994. As far as I can remember it was in all the UNIX variants I was using in the early 1990s. (I don't remember using it in anything in the '80s.)
Sadly been there back in the early 1980s being responsible for the systems support of a timesharing mainframe at a UK higher education establishment and had to spend considerable effort trying to address activities such as these by 'enthusiatic' (and in some cases 'malicious') members of the student body. While ultimate discipline was down to the academic authorities (not Computer Services) it was necessary to identify the core offenders and generally to take them aside and explain the impacts of their misdemeanours on others. Bearing in mind the very limited resources available (2 x 76 MB disk drives (RP04 formatted for 36 bit use) supporting a community of 20K plus students - yes you read that correctly : two sub-one hundred megabyte disk exchangable disk drives - any mis-use had an immediate impact. What was equally apparant was the distress on other (shall we say less clued up) students if their account was 'taken over' and they were unable to complete coursework. Sometimes more drastic action was needed of course but generally trying to deny access to the system was non-productive as they would generally have access to multiple accounts as a result of their actions.
Of course, now of that would have applied to the activities under taken while a student myself a few years earlier at a different establishment with an even smaller and more limited system.
.. as a schoolboy in the 1970s. We were allowed to use Birmingham University's ICL 1906A, mostly for Fortran and Algol 68 programming. I wrote a macro (= shell script) that recursively created subdirectories, just to see how many could be created. Apparently the operating system only allowed a limited depth of directories - 64 perhaps - and the macro exited with no harm done. Until the overnight accounting program ran, which had a much smaller limit on the level of nesting it could handle, and crashed.
When I got to school the next morning I was summoned by a teacher who had been contacted by the university, and was sent to the university computer centre to explain myself. Their main interest seemed to be in why I had done it, and they accepted my explanation of innocent curiosity.
I can't say that I ever took down a mainframe....but, I did have a pretty darned effective way of "ghosting" a user (Can't log in, can't log out, can't be forced off, etc.; The only way out is for the machine to be shutdown and restarted.). I'll refrain from giving any more details, since I'm not sure that bug on that particular system has been fixed, even though I found it 30+ years ago!
In my first sysadmin job I needed a serial connector to connect an HP server to its green-screen system console. There were none spare but a colleague put one together with a soldering iron, a few bits of wire and some wiring diagrams he found online. We plugged our home-made connector to the server and terminal and it worked. Up came the login prompt.
Within half an hour, the company network ground to a halt. No email. No access to network drives. No telnet access to servers. Nothing. The entire company dead in the water. Within minutes of removing the hand-made connector, everything returned to normal. Network collisions from the connector were believed to be the cause. No recriminations but I wish with hindsight that I'd held on to that connector...for research purposes...for a friend....
Yes, I wrote a script to pretend to be a login screen, on our PrimeOS system. This was in 1984.
But I never did anything to break the computer. What I did notice however, was that the line printer in one of the terminal rooms was particularly noisy when doing a line feed. I then wondered what it would sound like if I sent several line feeds to it. So I created a file with 1000 line feeds, and sent it. There was a lecturer doing a tutorial session in that room, or at least trying to. It was the room next door, and I could hear it. About 1 minute later an angry man runs into the room I'm in and shouted at me "did you do that?". I denied all knowledge, including knowledge of HOW to do it. He couldn't work out how to prove it was me, and left.
I did the same sort of thing (emulating a login prompt from one of a set of guest accounts to see who would could enter their credentials), although in this case it was a Novell NetWare system. The not-too-bright CS teacher at the high school typed in her admin account, and that gave me a chance to explore the Novell admin tools. Eventually, one of my fellow students ratted on me, and the whole thing got me kicked out of the CS course, banned from the credentials that helped entrance into university, and very nearly kicked out of the school.
Make him work as an unpaid student assistant, with his other option being getting kicked out of school.
That way you can give him all the crap work like cleaning up from stupid hackers (and make sure he knows he has to get approval from someone else before running a script he's written to "help" him with mundane tasks, lest he take the mainframe down again) and if he turns out to be bright and has reformed his ways you can offer him a paid job after he graduates.
Also back in the '80s Mrs Muscleguy was a CompSci student and a program she was running on the mainframe entered a loop and could not be shut down and for a time we were threatened with a large bill for the extra time used. But then her lecturers intervened and admitted students had not been taught how to properly kill routines and our family finances were not threatened.
We had two kids and I was on a PhD stipend somewhat less than the married dole (our income went up when we had to claim it), so the proposed amount would have been significant for us.
Ah, those were the days, when all the servers were named after LotR characters and places. I even knew some Vax commands back then, all forgotten now.
While he was doing it with his account - no problem. But the second round doing it at other users: No mercy. First is because he impersonated other users. Second is he knew it would cause problems, and still did it and just walked away. I don't like "leave bombs behind" people with such a low common sense.
Does anyone remember 'The Prisoner'? https://en.wikipedia.org/wiki/The_Prisoner
Where the man in charge (number two) has the most powerful computer and says to number 6 (Patrick McGoohan) to ask the computer any question and the computer will answer it.
So our hero types (slowly) 4 characters and puts this into the the computer, which starts making noises and then emitting smoke before it explodes.
What question did you ask it? says number two.
Our hero replies 'The one question that no-one can answer, WHY?'
It is such a stupid prank that he knew had to be harmful, and showed no skill of intellect at all. Of course everyone thought of capturing login name and password. I actually captured the professor's login and password even. It is not hard. That is not at all a skill worth hiring someone for.
But the point is he kicked every one off who was running when he crashed it, so did actual damage to dozens of people, for no reason and with no gain.
Wow, this is very similar to one of my own first-year shenanigans at uni. Except I was curious as to how much memory my user was allocated in this fancy new multi user system I was given access to, having only seen BBC Micro and an early MS-DOS.
I wrote a simple one line shell script that called itself with a counter that would display. I'd multiply the highest number it got to with the size of "sh" when I ran "top" and that would tell me. Except the counter kept running and running and running...except noticeably slower over time, to the point that Ctrl-C was dead slow. Meanwhile, people in the computer lab started looking up from their green screen terminals and asking each other "is [server name] slow for you?".
It was at that point I hurriedly left the lab. The BOFH pulled me up on it by changing my shell to a script that just displayed "Come and see me" on the terminal.
I wound up employed there doing computer lab support for students, albeit a few years later.
After six years' experience using computers where the filing system had a 'free' command or equivalent, it was a surprise and an irritant getting to university and using a system that had no way of telling you how much space *you* had used and how much space *you* had remaining.
You could find the size of the shared disk, but no way to find out how much space was remaining, and could count the files within a specific directory tree, but nothing that explicity stated how much space *you* had used.
I was also studying Computer Science at a university in the 1980s (yes I am an old git) and some fellow students also performed that prank. The best defence against it was to press Control-C before logging in, to exit the prank script. This would 'turn the tables' on the prankster because now you would have access to their user account and you could encrypt or delete all their files (The prank script needed to be run from a logged-in account)
I was also studying Computer Science at a university in the 1980s
I was as well.
(yes I am an old git)
I don't think this qualifies us as "old" by Reg readership standards. There are still a number of folks here who were working in the industry in the 1970s. Not sure if we have any regulars who were doing significant IT stuff in the '60s, but I wouldn't be surprised.
The best defence against it was to press Control-C before logging in, to exit the prank script.
Yes, that's worth a try, though a clever script author would (assuming UNIX here) trap the signals they could, or even better suppress all line-discipline signal generation using stty.
But then this is why the SAK was invented.
"Not sure if we have any regulars who were doing significant IT stuff in the '60s"
There are quite a few. No, I'm not one of them ... depending on what you mean by "significant", of course. By way of reference, installing a Teletype Model 33 (so-called "ASR-33") and acoustically coupled modem to access the Stanford Tymeshare System was considered quite significant in 1968. Especially at home.
I first made "keep a roof overhead and the dawgs in kibble" dollars with computers in the early 1970s.
Not true. Fork bombs eat memory (including of course swap space if permitted), but that's relatively benign compared to something equivalently evil in filesystem I/O. Fork bombs are (IME) relatively straightforward to defuse.
Though I guess it depends on what the underlying OS is good at defending against.
Back in the late 90s, my school network had a bunch of Windows 98 clients hooked up to some NT4 servers. I was quite a curious student, and often went prying into things that I shouldn't do. The IT tech got wise to this, and tended to keep a close eye on everything that I did.
In an effort to hide some of my shenanigans from him, I created a directory from the command prompt in my home drive using a random Unicode character (using Alt+nnnn). Due to the pretty much non-existent support for Unicode in 98/NT4, this appeared both in Windows and the command prompt as a whitespace character. Any attempts to open this directory from Windows Explorer would just result in a 'file not found' message.
The only way to open this directory was from the command prompt, and it required knowledge of which Unicode character I'd used. Feeling pretty proud of the fact I'd created a space that the IT tech couldn't get into, I thought nothing much more of it.
That is, until the following day, when the computer network was at a grinding halt and it was pretty much unusable. CPU utilisation of the servers was off the scale, and the backup job still hadn't completed. It somehow transpired that not only was the directory non-traversable in Windows Explorer, it wasn't traversable by either the virus scanner or the backup agent, and both of them were stuck in a loop. Once the offending directory had been identified, the finger was firmly pointed at me.
I just about managed to get away with it by pleading complete ignorance and claiming that there must have been some sort of corruption to the file system, which 'coincidentally' happened to affect my home drive.
I can believe it, for some of the systems universities were running in the '80s. Drives were much slower. Filesystems lacked some of the optimizations of modern ones.1 On shared systems contention for CPU and memory resources could be fierce - and they made use of disk-backed virtual memory extensively, increasing contention for the storage system.
And if the filesystem were an NFS mount, over 10BaseT or similar ... it would have been agonizing.
1Note that readdir(2) updates the atime of the directory inode, and unlink(2) updates the ctime. In the Old Times rm -r could quickly fill the write cache just with metadata updates.
10Base-T? In the 1980s I'd have thought 10Base2 or thick ethernet would be more likely. Back in those heady days of t pieces and 50ohm terminators I would fairly regularly lose it with phd students who would decide to add a computer to the network using whatever coaxial cable would fit and without thought to what happens when you get over the magic "around" 200m. you would get added debuging fun when they either put a length of coax between the NIC and the T- piece or saved on the price of a t-piece by just removing the resistor end piece and replacing it with a length of coax directly into a NIC.
I was in better humour dealing with the fallout of the student that going, on a 12 month exchange to a university in Holland wanted to know how to forward email. He followed the instructions failry well but whilst he didn't make the mistake of forwarding mail from Holland back to his account in Edinburgh he did forward the Dutch account to hist home account in New York as hew was going home for a couple of weeks. of course he'd forgotten that his home email forwarded to his account in Edinburgh. I think he had about 30 or 40Mb of mail orbiting over the north sea, across the atlantic and back every 3 or 4 miniutes.
It's good to know that almost 40 years ago, miscreants were spoofing login screens to catch unsuspecting users.
Well, yeah. It's been around nearly as long as login prompts, presumably.
Hell, PLATO IV had a Secure Attention Key - the sole purpose of which is to defeat login spoofing - in 1972. So we're nearly at 50 years, and there are probably earlier examples of login spoofing.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
