back to article Experimental 'insult bot' gets out of hand during unsupervised weekend

It's that time of the week again, where Reg readers 'fess up to IT errors and jokes that went awry, in the hope of some catharsis. Since it's a Bank Holiday for those in the UK, today we've chosen a tale from "Gary" in which some harmless fun got out of hand over a weekend. Back in 1984, Gary was working in the research arm …

Page:

  1. big_D Silver badge

    Costly? No...

    But I was on a VAX tuning course in Reading. The course was okay, but not really teaching me anything new on the first day.

    So, my neighbour and I decided to have a bit of fun and were logging people on the course off at random - we had our own server dedicated to the course. Then we were battling each other, seeing who could log the other off quickest.

    We then broke for coffee and when we came back, I ran up a short script. The script was "innoquous" enough, it would list all logged on users into an array and any that weren't me got logged off. I ran it once, it worked perfectly. I then changed it to be a self-submitting batch job. Nobody could log back on, it was funny... Until I accidentally logged myself off (I had multiple sessions on multiple VAXes open and logged off the "wrong" session.

    Anyway, what I hadn't thought about was, during the logon process, your username doesn't appear in the userlist, just a process id with "<LOGIN>". Oops. The script was busy terminating all the people logging on, including myself.

    The lecturer saw the funny side, we then went into the server room attached to the lab and tried to log onto the console... You go it! No dice. In the end, we had to power down the machine and reboot!

    1. MiguelC Silver badge

      Re: Costly? No...

      A briefly former colleague got marched out on his first day for a similar stunt.... so you got lucky with your lecturer ;)

      1. BillG
        Devil

        VAX/VMS Hacker Fun Times

        VAX/VMS had so many holes, even with a non-admin account you could do some nasty things, such as reading coworker's emails (child's play). Or spoofing other users on PHONE.

        This Reg comment is for those of us with a non-admin account that exploited holes in VAX so freakin' outrageous, that I/we won't post them here for fear the statute of limitations might be eternal. And/or, we never got caught and we are afraid old co-workers might be on El-Reg.

        1. GX5000
          Big Brother

          Re: VAX/VMS Hacker Fun Times

          miss the days @dec...

          They still track all of you so no worries.

        2. Anonymous Coward
          Anonymous Coward

          Re: VAX/VMS Hacker Fun Times

          A long time ago, I did a stint as a contractor for a long gone company who made telecoms equipment at a plant in Liverpool. The department had a VAX running VMS for various purposes and I had a user account on it.

          When you logged in on a terminal, the interface was so simple that you could easily simulate the log in process with some DCL script. I couldn't resist the temptation and planted my log in simulator on the department manager's terminal when he had logged out to go for a meeting.

          When he next tried to log in, he got the standard response that you'd see if you mistyped your password. My script then silently quit and returned control to the actual log in screen. In operation, it was completely indistinguishable from the real thing and I was watching as he logged in a second time without giving it a second's thought.

          His face was a picture when I got him to look at the contents of a new file in my account!

          It was even more of a picture when I showed him how the script could even circumvent the VMS equivalent of the Windows 'three finger salute' before logging in.

          He took it quite well!

          (I had been there some time and knew the bloke well. My little hack wasn't illegal in those days either, as long as I didn't do anything with his credentials of course.)

          1. Anonymous Coward
            Anonymous Coward

            Re: VAX/VMS Hacker Fun Times

            Plessy / GPT, I assume?

            1. big_D Silver badge

              Re: VAX/VMS Hacker Fun Times

              I remember having to come up from Southampton to GPT in Coventry. The managers were always happy to see me, because it meant they could take me to the company golf club for lunch and get their silver-service lunch for free.

              One manager was very miffed, when I told him one day, that I needed to go into town at lunch to pay some bills. He even offered to let me go in to town early, on company time, so he could get his lunch!

          2. Anonymous Coward
            Anonymous Coward

            Re: VAX/VMS Hacker Fun Times

            I did exactly the same thing at university, but in csh script on their unix mainframe. Suffice to say I was very lucky that my second university was both understanding, and more prestigious.

      2. I Am Spartacus

        Re: Costly? No...

        I was, briefly, a lecturer at DEC in Reading and London. I had to march someone off a course.

        It was a DECNet IV Internals course, if I recall, and was one that was on the US Restricted list. That meant that everyone had to sign an agreement that they would not give anything the learnt to those peskie Russions/Syrians/Koreans/Cubans etc. Anyway, they way it went was that I handed out the forms, and the course notes, did an introduction before coffee, when I collected and checked the forms.

        Well, one idiot had signed the form Mickey Mouse.

        The training superintendent had got out of bed the wrong side that day, and was not amused. So joker boy was sent home to his company to explain why he had been thrown off the course.

        1. big_D Silver badge

          Re: Costly? No...

          We had a factory on the Isle of White with several hundred VT100s installed (offices and production hall). We had a lightning strike and there was a corridor stacked from floor to ceiling long one wall with dead temrinals. Because of the Coco agreement (I think it was called something like that, related to I Am Spartacus's story above) the terminals were defined as highly advanced technology that couldn't be exported.

          That mean we couldn't simply throw them out, they had to be destroyed completely and that witnessed by a member of HMG and a certificate signed. Luckily there was a junk yard next door with a metal press. All the terminals were placed in the press and crushed.

          1. PM from Hell

            Re: Costly? No...

            The actual restrictions were CoCom, the Coordinating Committee for Multilateral Export Controls organized to restrict Western exports to COMECON countries.

            During this period I once had to get an export licence from the American Department of Defence for an IBM RD6000 as it was classed as being powerful enough to run ICBM simulations for design purposes. It had more processing power than the combined CPU's of the 7 mainframes I had installed in the datacentre and more total Ram (an incredible 64 MB).

    2. Korev Silver badge
      Joke

      Re: Costly? No...

      >I was on a VAX tuning course in Reading

      You can tune a vacuum cleaner, who knew?

      1. Francis Boyle Silver badge

        Not only can you tune a vacuum cleaner

        you can play it as well.

      2. Shadow Systems

        At Korev, re: tuning a vacuum...

        You can tune a vacuum but you can't tuna fish. =-)p

        1. Giovani Tapini

          Re: At Korev, re: tuning a vacuum...

          trying....to....resist...downvote...for...really carp...joke

          1. PM from Hell
            Flame

            Re: At Korev, re: tuning a vacuum...

            Well your comment was a bit fishy

    3. The Man Who Fell To Earth Silver badge
      Happy

      They should have just bought Abuse

      Abuse (Don't Ask Software, 1981)

      Apparently quite valuable to collectors, EUR 149,90.

    4. Anonymous Coward
      Anonymous Coward

      Re: Costly? No...

      Run once ... I wrote a small batch file to send out a form mail to 81 users. It worked: sending 81 mails to each user ... "Didn't you test it?" "Well, I sent a mail to myself and it worked ... "

      1. Rich 11

        Re: Costly? No...

        I wrote a small batch file to send out a form mail to 81 users. It worked: sending 81 mails to each user

        Back in the mists of time I wrote a bash script which ran as a cron job to check a mailbox every 10 or 15 minutes (or whatever it was) and forward any received emails to a mailing list. This was so long ago that finding properly designed and suitably tested software (ie what I later learned to call a listserv) wasn't an option in the limited time I had available. I set this up for the Very Important User in my organisation and tested it. He was happy with the results, and I have to admit I was reasonably comfortable with it although I knew the testing had been limited. Unfortunately, the timing necessitated that it must go live on a Thursday afternoon when I had the Friday and Monday booked off to go visit my girlfriend for the first time in achingly too long, so I threw caution to the winds and agreed to make it live.

        When I got back four days later I discovered the the VIU had given me a mailing list of 26 equally-VIUs in his international field of expertise but three of these supposedly intelligent fuckers had given him incorrect email addresses (or he had just copied them down wrong). You can imagine how pleased they all were with the geometric increase in 'recipient does not exist' messages everyone received combined with the 'Stop sending me this shit!' messages they all contributed to for four days.

        1. TonyJ

          Re: Costly? No...

          "... combined with the 'Stop sending me this shit!' messages they all contributed to for four days...."

          And people still do this, like mindless sheep.

    5. Gerhard Mack

      Re: Costly? No...

      I had some lab admins in high school play the kill the other admin game where they would both log in to the Novel server and kill the other guy. Unfortunately, one day they rushed in, sat down and managed to send the kill command with exactly the wrong timing and caused a deadlock. Both PCs were useless until the Novel server was rebooted.

      1. theblackhand

        Re: Costly? No...

        "Both PCs were useless until the Novel server was rebooted."

        Probably completely useless information now:

        1. Drop to debugger:

        <left-shft><esc><right-shft><alt>

        2. Put the dead process to sleep:

        EIP = CSleepUntilInterrupt

        3. Exit the debugger:

        G

        All going well, you might be able to shutdown cleanly following that....

    6. Tegne
      Headmaster

      Re: Costly? No...

      After writing COBOL code onto gridded paper on a local College programming course we were then allowed to attempt to compile it and debug it once it had been keyed in by some faceless admin member.

      Our time on each terminal was limited so I used this time to do pretty much anything other than what I was supposed to do.

      I discovered that you could copy in a new copy of VAX/VMS equivalent of the autoexec.bat file into anyone elses root folder so decided to see what would happen if I copied in a file containing a single command 'Logout' (or whatever the equivalent was).

      Much glee was had as my fellow students were immediately logged out the next time they tried to connect.

      Much less glee was had when I tested whether the same would work with the Admin account. It did.

      There was quite some cursing from the tutor as he failed to log into his account for the rest of the lesson...

  2. Peter Gathercole Silver badge

    At University at Durham (and Newcastle)..

    ..they ran a slightly obscure OS on their s370 called MTS (the Michigan Terminal System).

    Unusually for a mainframe OS of the time (I was there in 1978 on), it drove interactive terminal sessions, and our use was controlled by accounting limits. Not surprisingly, these limits were, well, limiting.

    I found two ways around this. One was that if you allocated a temporary disk (which allowed you to borrow disk for that session,but which disappeared when you logged out), and then explicitly relinquished it, the space would be added to your permanent disk allocation!

    The other was that when a new year started, the initial passwords on the subsidiary computing students accounts were predictable, so you found one, but didn't change the password. You then watched for any activity. If after a suitable time you did not see the account being used (which was possible, as subsid. students tended to swap courses) you could then appropriate the account.

    This was how I managed to get enough interactive time to become (I believe) the first person (at Durham, anyway) to complete with a perfect 500 point score, the version of the original Colossal Cave adventure with the Repository ("A crowd of dwarves burst through the hole in the wall, shouting and cheering..." or something similar).

    Strange, almost immediately, the game stopped working at Durham. Coincidence?

    1. Anonymous Coward
      Anonymous Coward

      Re: At University at Durham (and Newcastle)..

      The other was that when a new year started, the initial passwords on the subsidiary computing students accounts were predictable, so you found one, but didn't change the password.

      Queen's Belfast used to do a similar thing. A script allocated 200(?) new accounts at the beginning of the year, of the form "aaaannnn', and assigned passwords through a predictable algorithm. If there were only 160 new students that year you knew the alphabetically last 40 accounts & their resources were there for the taking by whoever changed the password first. After a while, most of the hackers had 10-20 extra accounts available.

      As for "Colossal Cave" adventure, I once got summoned to the computer centre manager's office and shown a large pile of fanfold paper and asked if I knew what it was. A quick check showed it to be Colossal Cave adventure, from Jack Pike, which I had reworked to fit in the 25Kwords we engineering students were allowed. It was in my user directory, with the data file in one of the 'borrowed' accounts, from where a couple of friends and I (I thought) played it at break times. When I admitted I knew what it was, I was then asked why that one program accounted for 90% of billable computer time over the previous month... Apparently someone had told the CompSci students about it.

      Somewhat to my surprise I was simply asked to restrict access to my friends & I, or it would be deleted.

      1. Tony Gathercole ...

        Re: At University at Durham (and Newcastle)..

        Queen's Belfast used to do a similar thing. A script allocated 200(?) new accounts at the beginning of the year, of the form "aaaannnn', and assigned passwords through a predictable algorithm. If there were only 160 new students that year you knew the alphabetically last 40 accounts & their resources were there for the taking by whoever changed the password first. After a while, most of the hackers had 10-20 extra accounts available.

        Been on both sides of this one. As a student in the mid-1970s it was fair game to collect as many PPNs (can you guess which OS?) as possible to extend the miserable CPU and storage allowances handed out to even full degree Computational Science undergrads - things got better in the final year when I unaccountably failed to close down the staff account I'd been allocated for working on a departmental project over the summer vacation; pissed-off the post-grads when they realised that I'd also been allocated a full Electronic Computing Labs (ie support staff) account on the ICL 1906A (:ECLAJG) running George 4.

        Later, working for Trent Poly, I wrote the system that took extracts from the student course registration database and pre-loaded the accounts at the start of each course year. I'm hoping that I'm remembering correctly that the default was to allocate a pseudo-randomly generated password. However, whatever it was any degree of security would have been negated by the fact that each student was given a card with their username and password printed on it! I know for a fact that these were (mis)appropriated by all sorts of nefarious characters from various departments! (We had ways of watching you...)

    2. Steve the Cynic

      Re: At University at Durham (and Newcastle)..

      ..they ran a slightly obscure OS on their s370 called MTS (the Michigan Terminal System).

      Unusually for a mainframe OS of the time (I was there in 1978 on), it drove interactive terminal sessions, and our use was controlled by accounting limits. Not surprisingly, these limits were, well, limiting.

      Ah, yes, MTS. I remember it well. I passed two years as a beginning student at RPI (the Rensselaer Polytechnic Institute, aka "the Tute Screw", in Troy NY) in 1984-1986. The student mainframe, an IBM 3081D (for "dual" = dual processor, nicknamed "Sybil"(1)), ran MTS instead of an IBM OS, and yes, we had accounting limits turned on, even for class-specific accounts. It was annoying when I had some time free during the day and I could burn through my current batch of CPU-time pseudo-dollars without the slightest difficulty in an hour or so of compile-run-edit-compileagain.

      (1) See https://en.wikipedia.org/wiki/Shirley_Ardell_Mason for why that might be.

      1. JohnnyS777

        MTS was at Simon Fraser University in the early 80's.

        I had a job for a year in a physics lab at SFU and they didn't turn off the accounting for us, even though we were supposed to have unlimited processing: They just set it to a huge limit. IIRC, students would get about 10 bucks or so for a course, depending on the expected programming work required. Since I was a researcher, my max was set to 100,000 dollars. So I could run whatever FORTRAN number-crunching I wanted and never lose a research run because of hitting the limit.

        We had limited terminals in the lab, so I'd often go work in the large student computer lab which always had a few terminals free and lots of co-eds. When you logged off the terminal, it flashed up a number showing how many dollars were left in the account. Once I logged out and a student behind me gasped and asked "How many courses are you TAKING???"

        We got a good laugh out of that!

        1. Rich 11

          Re: MTS was at Simon Fraser University in the early 80's.

          Since I was a researcher, my max was set to 100,000 dollars.

          My limit was always a negative number one short of two to a certain power. It was embarrassing how many CS students couldn't work out why.

          1. Anonymous Coward
            Joke

            Re: MTS was at Simon Fraser University in the early 80's.

            My limit was always a negative number

            Nowadays they call it student debt.

        2. gregthecanuck
          Happy

          Re: MTS was at Simon Fraser University in the early 80's.

          Ahh good old SFU. Took an APL course there in the summer of 1979. Still have the manuals somewhere. There's a skillset never put to use in real life! :)

    3. Giovani Tapini

      Re: At University at Durham (and Newcastle)..

      I am reminded of the Kobayashi Maru - sometimes cheating pays!

    4. I Am Spartacus

      Re: At University at Durham (and Newcastle)..

      Ahh yes, MTS ar Durham.

      I was there 77-80. And managed to crash the mainframe whilst we played. There were so many holes in MTS it was more of a colander than an OS.

      1. MrXavia
        Facepalm

        Re: At University at Durham (and Newcastle)..

        My Secondary school (mid 90's) was very insecure with passwords...

        The head of IT at the time decided that we students kept loosing our passwords too often so they were assigned to us and we were blocked from changing them, I objected and convinced him to let me enter my own password, but not before I worked out how they assigned the passwords, which meant I had access to everyone's account if I wanted it... I even saw the admins password, he was so slow typing it!

        Lucky for them I never misused my knowledge.. I just helped the odd friend log in when they forgot their password...

  3. beep54
    Happy

    screw ups

    That is so much more funny than when I accidentally submitted a batch of cards that generated an infinite loop of printing mostly empty pages. Now, those were really large pages then. I just giggled at the process for a bit before telling the operator, uh, you need to terminate that one please.

    1. Christoph

      Re: screw ups

      One of the computing students had just been made lady vice-president of the student's union. She left one of her programs lying around in the punch room long enough for someone to insert some extra cards. The operators had to abort the program to stop it printing endless pages filled with "Long live the lady vice-president".

    2. Terry 6 Silver badge

      Re: screw ups

      At school that was our (real) challenge. Punch cards had to be stacked and sent off to a distant computer centre, returning a week or so later with the errors to be corrected. But whatever our official project the real aim was to hide code that put the distant machine into a loop, without the code being picked out and intercepted before it was run.

  4. Danny 14

    our apprentice was tasked with cataloging and recycling the old redundant hardware. one cycle we had a pallet of about 100 dell d510 laptops, all old and well out of warranty. we also had a shrink wrapped pallet of brand new boxed 5430s ready to be unboxed and imaged.

    it doesnt take a genius to figure out what happened.

    luckily later in the week the apprentice couldnt find the boxes laptops (it was on his job list) and we managed to get in touch with the recyclers and get them back. that only cost us 50 in van fees.....

  5. iron Silver badge

    "Since it's a Bank Holiday for those in the UK"

    No, it's a Bank Holiday for England and Wales so not the UK.

    1. David Neil
      Happy

      Working at a Scottish bank

      Got the day off

    2. Anonymous Coward
      Anonymous Coward

      So what's the story about the two different holidays? Which lot decided to be different and why?

      1. Nick Ryan Silver badge

        Not sure who, but I'm pretty sure that the aim is/was to have the same number of public/"bank" holidays across the union however when one part of the union insists on having an additional day off, they have to drop one of the existing days to keep the total the same.

      2. Tony Gathercole ...

        Birthday boy

        Once upon a time the August Bank Holiday was uniform across the UK on the first Monday in the month, then for some in-explicable reason (something to do with evening out the bank holidays through the year) in England and Wales it was moved to the last Monday.

        I know this for I was born on the bank holiday Monday when it was in the right place in August. Mind you, my late Mother used to claim that I'd never done a stroke of work since ...

      3. agurney

        "So what's the story about the two different holidays? "

        Pragmatism.

        In England, everyone's on holiday on the same day, everything's shut and the roads are gridlocked as everyone tries to head to the beach.

        Holidays in Scotland are staggered, so, for example, Glasgow's on holiday but, say, Paisley isn't, meaning the day trippers have somewhere to spend their cash, the load on the popular destinations is spread over a few weeks, and the roads aren't as congested as much of the country is still working a 9-5.

        There are a few downsides, for example if you work in an area that has different holidays to a child's school.

        1. Just Enough

          Scotland wide

          "Holidays in Scotland are staggered"

          Local holidays in Scotland have nothing to do with bank holidays. Scottish bank holidays are Scotland wide.

          1. agurney

            Re: Scotland wide

            "Local holidays in Scotland have nothing to do with bank holidays. Scottish bank holidays are Scotland wide."

            you would think so, but it's not that simple as Banks in Scotland do not always close on Scottish bank holidays, and neither are they statutory holidays.

          2. Stevie

            Re: Scotland wide

            Holidays in Scotland are staggered.

            It's the whisky. I blame the whisky.

            1. Danny 2

              Re: Scotland wide

              We used to have regional holidays (the Glasgow Trades, the Edinburgh trades a fortnight later).

              In my first electronics job I was taught only to get drunk on the day before a work day, never before a holiday. I know in England you drink when you get a day off - up here we are professionals, we only get drunk when our hangover falls on a workday, our employers pay for that.

        2. Anonymous Coward
          Anonymous Coward

          > Holidays in Scotland are staggered,

          I thought staggering was simply the result of how the Scots tend to spend their holidays....

        3. Anonymous Coward
          Anonymous Coward

          Rubbish. Scotland does not have regional bank holidays. Don't let the truth get in the way of a rant. P.S. England has regional holiday periods also.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like