- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
The real WTF here was the article its self.
Admin
Admin
That would require a trip to a museum to obtain said floppy disk. At least the problem wasn't on one of the C-64s. He would have had to find a data cassette tape!
Admin
Alpha radiation won't go through your skin. However, if it's inhaled then it'll hurt you from inside. That's why Radon gas is harmful.
"Because of the short range of absorption, alphas are not generally dangerous to life unless the source is ingested or inhaled, but then they become extremely dangerous."
http://en.wikipedia.org/wiki/Alpha_particle
My favorite thing about internet comments: They're made by retards that don't know what they're talking about; yet feel the need to espouse their thoughts.
Now for the rest of you, stick to what you know. And share some of your own tech support stories. Please stop showing everyone how little you know about alpha radiation.
Admin
Is it just me or did this read like a articulate, eloquently put, load of nonsense?
Admin
I was thinking that it sounds like a call I get every other week. The belt on the CD drive broke but they have it so all I need to is find a replacement for this 10 year old rubber band looking thing because USBs don't work and then they tried to hook it up to the network but then it got infected so it won't even boot up now but they need the data for a presentation tomorrow morning.
Does that mean that my job is one continuous WTF?
Admin
Admin
RS232.
Easy, primitive, robust.
I like it.
Admin
Having worked in this environment, I know this is pretty much dead on. They use horrifically old machines attached to some instrument because the software costs thousands and the company that makes it might not even be in business anymore. The machines aren't networked or even used for anything besides running the instrument, so all software updates do is risk upsetting the balance of things.
Admin
NT 4 didn't have EFS in it. Any encryption would be an add-on. And it didn't have CryptAPI, secret storage, etc. The guy was lucky the encryption password was the same as admin's.
To "reset password" suggestion:
It doesn't give you access to encrypted files.
Admin
Admin
Doesn't that invalidate your certificates that allow you to decrypt your data?
Or wait, the article said something about third-party encryption. Never mind.
Admin
Speaking as a scientist/grad student/slave in a chemistry department (1st floor) at a university this really hit home. My lab just purchased a $100,000+ scintillation counter for $10,000 by buying one made in 2001. It has a built-in Pentium computer running Windows NT 4.0 and it most certainly didn't support USB. All my fellow students have laptops without floppy drives so I added USB support by installing a driver from some dude with a geocities page. It actually worked thanks to the intel 440 chipset.
http://www.geocities.com/mypublic99/index.html Only downside is that the USB drive needs to be formatted in NTFS and you need to eject the drive rather than just pull it out.
vulputate
Admin
He was probably talking about using a cd-burner with NT4. There must be some sort of decryption driver in NT4, or he would not have been able to work with those files in NT4 :-)
But it would probably not work anyway, because I doubt the machine had a cd burner at all, and he would not dare to install a new cd burner anyway
The machine didn't have a USB driver and probably not a cd burner. It is much better to put the files on an USB than finding a floppy.
Admin
Hatstand
Admin
Alpha radiation is blocked by all sorts of things (both skin and paper will remove most of it), but it deals really serious damage to you if it does manage to get inside your body somehow. Gamma rays are much better at going through things but don't hurt as much. So you really don't to go somewhere flooded with alpha rays in case you have a cut or something like that.
Admin
So the WTF is... leaving instructions on how to do it again instead of just changing/documenting the password?
Admin
It seems like you forgot how small and slow floppy drives are.
the article doesn't say how much data but i does imply they had a lot "During the course of several weeks, they had amassed all the data they would need"
In my experience scientific instruments can generate anywhere between a tiny amount to a virtual shitload of data.
How many disks would they need? 10 = 14 Mb 100 = 144 Mb 1000 = 1.4 Gb
When i was much younger, I remember trying zip up and span Duke nukem 3d, onto 5 disks. I never had a set unzip properly, there were always problems.
Floppy disks are gone, and good riddance, they were small, slow, and unreliable. Floppy disks can get bad sectors if you look at one the wrong way.
Admin
FTFY
Admin
Maybe it's not a WTF, but I thought it was a fairly interesting read. Maybe it's a typical day in the life of an IT guy, but I'm not an IT guy. I thought about taking the drive out and mounting it on another machine before it was mentioned, but oops--politics and encryption.
Admin
From what I remember, NT4 only used LM hashes, so passwords are case insensitive and are hashed in two 7 character blocks. Brute force cracking is quite fast :)
Admin
Yes, yes it does. Don't feel bad, it applies to all of us. Open ticket on my system: "user needs new mouse, if you don't have any than I suggest it's time we buy some"
Let's start with, I don't get to determine the budget for equipment (like most of us here from the sounds of it).
Then add that the mice are all trackballs.
Then add that I send out a message on daily basis with instructions on how to clean them, so that they work.
I walk to the desk in question, move the mouse and say "looks fine to me". User says, "well yes, but I had to clean it"
My response: "uh huh" User: "I have to clean it every day" Me: "Well, you might want to consider cleaning your desk instead. How about the chips on the desk. Those are going to crumb up the rollers in the mouse." User: "It's snack day" Me: "Well, if I replace that mouse with the one in my hand (also a trackball), you'll still have to clean it every day" (Implication being the issue is not with the mouse). User: "Oh" Me, walking away irritated, annoyed, ready to spit and spewing venom at everyone crossing my path, asking rather loudly why people don't understand how IT people are always so cranky.
Admin
http://en.wikipedia.org/wiki/Commodore_1541
Admin
Why didn't he just look under the keyboard for the password?
Admin
The real fun was installing slackware with 10 floppy disks. I never went with more than 10 floppies because it seemed that either I'd get them crossed up and get 2 X2 disks and no X3 disk, or the transient magnetic field would corrupt them. I tried a pillow case filled with magnets, but that only made it worse... Anyways, I'd start the install, drive to local community college for internet access, get the next 10 disks, drive back, rinse/repeat. I think slackware was 50 disks or so for a full install with the NEW 2.0 kernel that had this new feature called 'ELF' binaries... I went with the 1.0.86 kernel because that was the stable one. Finally, a few weeks later, I got a walnut creek cd-rom and no more floppy disk commuting to re-transfer disk 7 out of 9 of the X-Windows series to complete the install. In hindsight, it's a good thing gas was cheaper because the 5-6 CC trips would be the cost of an XP licenset these days.
Admin
And like some people have said, sometimes NT is the only option.
Admin
That story didn't make a whole lot of sense. At some point basic USB volume support was added to NT 4. A removable hard drive attached the computer, if recognized by the bios, would show up as a volume, but it was not hot-pluggable. The article states the machine was unpatched though, so perhaps that's right out. NT did not have FAT32 support, so perhaps that was the problem.
Adding a CD burner would have required admin access.
Admin access was required to add drivers to the computer to support a USB memory stick, but changing the password would not create a problem with the certificate used for encrypting the files because third-part encryption was used.
What doesn't make sense is that the submitter discovered the password then proceeded to use Knoppix to get to the files. What's unclear is whose account the encrypted files were under, how they were then decrypted given the third part tool (did that not have a password as well)? This would have been a great story if the resolution had been better explained.
Like the commenter above, I think something fishy was going on here. The sense of urgency, the desire to keep the IT person from taking the computer, or even opening the case at all, smells like data theft. So the submitter helpfully extracted the data surgically without leaving any traces. Perhaps he could have tried another password, one that is often helpful in situations such as these -- the letters N and O.
Admin
Edit: Adding CD burner software would have required admin access and opening the case. Adding a USB burner, probably out of the question for NT.
Admin
Admin
http://en.wikipedia.org/wiki/Alexander_Litvinenko
Although most of my work has been with iodine-151 (a gamma emitter), I've been around all kinds of radioactive substances. You definitely don't want to be too casual about any of them.
Admin
Bigger than an Imperial crapton, smaller than a Metric crapton.
Admin
I actually thought the title gave a good job of summarising it. Read the title and expected (almost) exactly what happened.
Admin
In Soviet Russia , people don't get killed (or perhaps people from Soviet Russia in the UK).
Admin
It was really not all that hard to reset the admin pw on an NT4 box with a linux boot CD...once you discovered that it was possible. I did that on NT4/SP4 machines when developers forgot their passwords and had to get data.
Admin
True that NT 4 support for USB was through 3rd party drivers, but you have the dates wrong. NT 3.1 - 3.5 were released before Windows 95, but 4.0 (and I believe 3.51) were released after Windows 95 "Gold" (aka RTM in current terms)
Admin
But you didn't account for the fox, what's going to stop him from eating the chicken?
Admin
Sheesh, people... Firstly universities tend to be stupid and lazy. I would have at least tried logging in via the (hidden) Administrator account that exists by default on most machines. he could then change the password for the account he wanted to get into (Although it does seem to suggest that the files were encrpyted, the story only talks about him trying to get access to an Admin account).
<not serious - before you all start jumping up and down> Secondly, As everyone knows, passwords are hashed. This means that many (or several) passwords may create the same hash value (there are an infinite (assuming there is no length limit) number of passwords that can be used, but a finite number of Hash Values (which are limited to a fixed number of charatcers, typically 16 or 20 {depending on the Hash Algorithm})) - assuming, of course, that the password is not salted before being hashed. The fact that the cracker returned 'spiderman911' is purely conincidental.
The hash of 'spiderman911' just happened to be the same as that of his really secure password '4E^fg@p[;*)', because an academic would:
</not serious - before you all start jumping up and down>
Admin
Because the user called and claimed he couldn't open the files anymore. Maybe that user account got messed up.
Admin
Didn't every PC from that era have floppy drives?
Admin
I have to admit that these days I'm tending to skip the article on TDWTF and go straight to the comments. I've noticed the articles becoming less and less interesting and the comments becoming more and more interesting.
You folk are a real riot. Keep it up.
Oh, and Alex, FFS mate, get some tree based forum software for this site like the rest of the planet has. Surely one of your sponsors has something that would suffice?
Admin
Sounds like it was a service polling a hardware device that was collecting the data in question running as the system or admin account in this case. He needed the admin pass, or admin privileges to access that. In addition, he needed the admin pass to install the USB driver to pull the data off the disk.
And yeah, this as sad as it is, is a frighteningly common occurrence working in IT support.
Admin
Admin
I'm fairly sure the update was also available on the interwebs... Of course back then it was probably cheaper and easier to just buy the new computer anyway.
Sure is fast. Some passwords come up in a matter of seconds. I remember trying it with our school's staff accounts way back... Of the 30 or so accounts, I think I had about 10 in seconds, another 10 within about half an hour, and all but 2 by the end of the day. The 2 remaining were easy to get though - one was mine, and the other was the principal's, who I simply asked what it was. And yes, I worked for the school doing IT and I had a reason to do it. I needed to recreate all the accounts in LDAP on a new server with as little interruption as possible.
Admin
You are in a maze of twisty little comments, all different.
Admin
Absolutely. If this is a data collector for a piece of equipment, you can bet the serial and parallel ports are configured and working. Some kermit or the native Zmodem serial transfer on NT would have been my first choice. But, if the tech had only a "netbook" and not a notebook, serial is not an option. Unless you are truly prepared with an expensive USB to DB9 serial cable.
Admin
What are you talking about? I use those all the time. They're quite cheap. A quick amazon search shows several name brand ones under $20, and others even cheaper: http://www.amazon.com/s/ref=nb_ss_gw?url=search-alias%3Daps&field-keywords=usb+serial+converter&x=0&y=0
In case you don't know, a good many small embedded microcontrollers (like Atmel's AVR, or Microchip's PIC) still have RS-232 ports. Even common wireless routers more often than not have RS-232 ports. http://oldwiki.openwrt.org/OpenWrtDocs(2f)Customizing(2f)Hardware(2f)Serial_Console.html
Admin
FTW
Admin
There is no reason to hack passwords so as to have '..as little interruption as possible.' AFAIK Hacking a password (at least an account password - not sure on whether hacking a password-protected document is quite the same) without someone's knowledge is illegal in most parts of the world (certainly these days it's a breach of Data Privacy law).
It doesn't matter that you did it to simplify something, or with good intention. If I found that admins at my work had done (or even tried to do) similar, there would be some lawyers asking questions quick smart.
Admin
The real wtf is that it's spelled NUCLEIDE and none of you dumb shits noticed.
Admin