I've just been posting a few links on Facebook and began reminiscing about my days at Edinburgh University. I spent a lot of my 3rd and 4th years there running the Tardis unix cluster, a fantastic experience which fed directly into my addiction for putting things together, taking things apart, and generally dinking about with electronic stuff. But the story of how I got there is very interesting and worth recounting.
One night in 1992 (I was 20) I was in the James Clark Maxwell Building (the Computer Science building on the King's Building's campus of Edinburgh University). I was playing around with one of the SunOs workstations when I found that when it powered on, it would come up with a boot prompt. At the boot prompt, I tried single-user booting it, and it worked. Suddenly I'm root on this workstation. Cool. So I rlogin'd to one of the usual multi-user servers and to my utter astonishment I was logged in as root. So being young and stupid, I found some of my friends and logged them off remotely as a prank.
Then I tried to figure out what was going on. How could I possibly be root on this server? I look around in the workstation I was on and discovered a .rhosts file in the root directory. For those of you who've never administered a Unix box (yes, I was a Unix weenie at University, then a VMS geek while I worked for DEC, before finally succumbing to the inevitable and winding up a Windows guru when I moved to Microsoft) a .rhosts file is a file that says 'if you're user X on this server, then you can remote login as X to all the servers listed in this file without having to give a password'. They're incredibly dangerous and a massive security hole. And all the workstations had them at the time. So – that's what was going on. I tried a few more workstations and pulled a few more stunts on the servers (being late at night I figured it would be cool).
The next afternoon I come to campus and try to login. "Your account has been suspended, please contact the Head of Computer Services".
Stupid stupid stupid.
I had visions of being kicked out of University and my hopes of a cool career in computers being dashed. I didn't do anything that day. I telephoned my Director of Studies (staff-member mentor through University – don't know what the US equivalent is called) and laid out the sordid details. Of course he knew about this and was very stern. He advised me to go to campus tomorrow and fess up. Which I did.
The Head of Computing Services had that poster of a Bald Eagle on his door that says 'I *am* smiling'. I was terrified. I knocked on the door and went in and his opening words were "You can only be Paul Randal". Oh shit I thought. The only reason he knew it was me was that the security door swipe-card system log displayed on real-time on a little workstation in his office, and my swipe late at night was the last one, and just about to scroll off the monitor screen. Foiled by the old 'use your real credentials to get in the building' and then do something stupid mistake.
Stupid stupid stupid.
They thought they were under a major hacker attack (which unbeknown to be had actually happened two months previously – so they thought that was me too). Once I explained, and convinced him that I was very very sorry, he actually smiled and said it was a neat trick that no-one had thought of. Turns out he really just wanted to know how I did it. He actually became a great friend of mine, was my thesis advisor in my final year, set me up to run the Tardis cluster, and recommended me to DEC. Good results can come from very stupid actions. Very rarely.
Anyway, for all those out there who I've said your advice is bad, or you did something daft, or anything like that: I've been there too. Live and learn.
PS And Mum & Dad, given that you read my blog, I think this is the first time you're hearing about this, 17 years later. Heh heh <sheepish grin>.
3 thoughts on “We all do stupid things when we’re young”
See people – even Paul is as dumb as a stick sometimes. And, he’s all mine! LOL.
Cheers,
kt
Here’s one story:
I was scheduled to perform with a band one night at a bar near my school’s campus, and we’d heavily promoted the show. We got there and discovered that the place had double-booked–they gave our slot to the other band and told us to come back the next night. Not to lose out on all of the promotional efforts, I wrote a little shell script to grab all of the e-mail aliases on the server and sent a ad for the next night to every one. I tried to spoof the outgoing e-mail address, but didn’t do a very good job…
The next morning I woke up to a disabled e-mail account and upon calling to inquire I discovered that I had a disciplinary meeting scheduled with the dean. Luckily I was rather clever about the whole thing, if I do say so myself, and upon pointing out that the school didn’t have any rules saying that I couldn’t SPAM everyone, I was released with a very stern warning.
Upon getting my account reinstated I discovered many replies to my e-mail, none of them friendly; this was early enough that people weren’t used to getting promotional e-mail and they took it VERY personally. Despite my efforts the show that night was very badly attended, and a week later I received a note from the dean that included the school’s newly drafted anti-SPAM rule…
Here’s something that happened to me yesterday. There’s a parking lot dedicated for certain employees where I work. The sign reads for *insert department here* employees (well it said something like that. So since I worked for that department I was like, cool, and I can park here. When I got off work I had a parking ticket. Apparently, that parking lot was dedicated for more "important" employees. Right now I feel stupid, because I should have known better. But here’s the thing, I have co-workers and employers who are more upset about this than me. They’re treating me like a criminal because of a dumbass mistake I made. I’m trying to pay for the parking ticket but by the time I get off work, the place that I’m suppose to go to to pay for the ticket is closed.