| « Dying of Thirst | Magic Number 7 » |
Daniel wasn't terribly surprised that the principal wanted to see him. After all, Daniel had dropped off a note with a link to the school's new website earlier that day. Principal Dauterive probably wanted to review it with him.
Dauterive glared at him from across the desk. "Daniel," he said sternly, "we need to talk about your recent hacking."
Despite, or perhaps, because of the Dot-Com fever, the district provided no guidance. Or hosting, for that matter. The school's computer classes mainly focused on keyboarding using PS/2s running DOS 4 , and the school's records-system ran on a TI-990, there wasn't exactly a wealth of HTML among the faculty. Since the district's primary export was football players, the student body wasn't significantly more savvy.
Daniel received a floppy disk containing a wad of "cute" animated GIFs, a hard copy of the previous year's yearbook, and the instructions "make a website," the promise that this would "look good on a college application", and a free pass out of study hall. Since he didn't have much to work with, Daniel went to the website of another school in the district, just to get ideas- and maybe borrow a few assets.
One of the images on their front-page didn't load completely. A few refreshes didn't fix the problem, so Daniel tried to right-click and view the image in its own window. Instead of a picture, partially loaded or otherwise, he saw a page with this message:
This image was not fully uploaded. Would you like to upload a new copy?
Daniel shrugged and clicked "Yes", assuming that he'd see a login screen.
He landed at the admin page of the site. It was little more than a CGI based file manager, but in 1998, that was wizardry for a school website. As limited as it was, it offered to let him modify files on the site.
Daniel did the responsible thing: he emailed the site administrator, explained the problem and provided instructions to reproduce. He also tried to make the severity of the flaw clear by pointing out that he could do things like delete the entire site.
"What? No- I… wait. Look, I didn't hack anything. It just let me in!"
"We're past the point of excuses," Dauterive said. "We trusted you to put together our website, and you used that trust to flagrantly violate the Computer Use Rules."
Daniel sunk into the chair and glared at the principal's desk. Now that the official handbook was in play, Daniel was almost certainly officially screwed. Still, it was worth trying to escape undeserved punishment. "What rule did I break?" Daniel asked.
"I'm not liking your attitude," Dauterive said. "I think you should be more apologetic."
"I just want to know what I did wrong," Daniel said. "What, exactly, was against the rules?"
"I gave you a chance." Dauterive pulled out a copy of the school rules, helpfully condensed onto a single sheet. He traced down the list with a finger, skipping the non-computer rules like, "No hand holding", "no sharp objects", "no guns, spiked chains, brass knuckles, weapons or other weapons".
"I'm looking at a pretty flagrant breach of most of the rules listed here," Dauterive said. "'No transferring information between computers'. Obviously, I think we can all agree you've broken that one. Oh, 'no personal media'. You were using that floppy disk. And let's not forget the main rule: no accessing unauthorized sites. That one's for your protection, you know. You can find all sorts of horrible things on the Internet."
In the end, Daniel adopted the properly apologetic attitude Dauterive wanted and plead down to a two-week suspension from school computer facilities. When he got back at the library computer, he spent a moment looking up who the aggrieved website administrator was. It turned out to be Jacob Dauterive, Principal Dauterive's son.
|
Although the article reads like it's been exaggerated for increased comedy value, it does remind me of an experience I had.
I did a six month contract for a music related dot.com at the tail end of the 1990's. On arrival I found that their entire hosting capacity was a single PC server built from parts bought on Tottenham Court Road (a London street known for budget electrical retailers). It ran RedHat Linux with every package installed, back when this meant everything would be enabled by default, and no updates had been installed since the machine had been set up. There were also no back up procedures. I pointed out that this meant there was no redundancy, and seeing as there was no firewall, it also meant there was a huge security risk in running all those services. I was told that no way could I bring the machine down while I updated it and stripped the unnecessary packages, while all budget was earmarked for marketing and couldn't be used to buy another server for redundancy or a tape drive for back ups. It's worth pointing out that the company consisted of a two man editorial team (one an unpaid intern), six marketing people, the boss, and myself as the sole developer. Cut to four months later, and I was asked into the meeting room by the grim faced looking boss. Already in the room was a guy in a suit who I'd never seen before. The boss proceeded to explain that the server had been hacked, and as I was the only person with the root password since the previous contractor had left, I must be behind it. I calmly reminded her of my concerns about the server when I joined the company, and how I didn't need to "hack" a server I already had root access to. This did no good, as it turned out the guy I'd not seen before was my replacement, and he was prepared to tell the boss anything to get me out of the way. At this point I stood up, told the boss she would receive my last invoice in the post, and left. Despite a letter acknowledging my last invoice, she tried to not pay me. Cue one trip to the Small Claims Court, which my former boss failed to attend, and suddenly a cheque arrives in the post. A shame she paid, as I'd hoped to instruct bailiffs to remove the server - which I would only return on receipt of payment of my outstanding invoice. Having wiped the disks first of course. |
| « Dying of Thirst | Magic Number 7 » |
