←back to thread

The April Fools joke that might have got me fired

(oldvcr.blogspot.com)
526 points goldenskye | 4 comments | 4/1/2025, 7:11:00 AM | HN request time: 0.99s | source
Show context
myself248 ◴[4/1/2025, 3:58:00 PM] No.43548328[source]

In high school, we had a Netware 3.12 environment, and the Guest account was enabled, albeit with very limited privileges. But for some reason, Guest could still use NET SEND, which popped up a little message in the bottom row of the destination machine's display.

The whole district shared a T1 connection to the internet. Which was more than plenty for email, but as this world-wide-web thing started gaining traction, it became quite the bottleneck. And as some of us had discovered mp3 files, the slowness simply would not do.

One day there was some severe weather and a power hiccup during school hours, and every station got a message from ADMIN informing us that the server room was running on UPS power and we should save our files and log out immediately.

Hmmmm.

A few weeks later, one of the bright sparks in the technology program realized that having everyone log off would free up some bandwidth. So he logged onto the next machine over as GUEST, and used a NET SEND ALL "SERVER ROOM POWER FAILURE - 11 MIN OF BATTERY REMAIN - SAVE FILES AND LOG OFF" and sure enough, within about a minute, the whole T1 was his. Did what he needed to do (i.e. leeching an entire fserv) for about 8 minutes, then NET SEND ALL "POWER RESTORED - RESUME YOUR WORK".

A few weeks later some hot commodity had just dropped and he repeated the drill. It still worked.

Nobody noticed that these messages came from GUEST, even the district administrator, who eventually called an electrical contractor to figure out why the power in the server room was so flaky. Someone eventually pointed it out to him, which got a very red-faced "that's really clever but please knock it off", and no further punishment. The next day, the Guest account had a lot fewer privileges.

replies(10): >>43548542 #>>43548580 #>>43549207 #>>43549937 #>>43550153 #>>43550197 #>>43551279 #>>43551610 #>>43551791 #>>43552941 #
gymbeaux ◴[4/1/2025, 5:11:00 PM] No.43549207[source]

In high school a friend figured out you could map any network drive to your desktop and access it (Windows XP), and since everyone in the entire school district had a username of {last name}{first initial}, you could gain read/write access to anyone’s network drive (essentially “home folder”). He used it to get test answers from teachers, I used it to create (empty) folders named “porn”, “porn 2”, et al.

Anyway when he was caught (a fellow classmate ratted him out) he got 10 days out of school suspension. The VP threatened to call the police… for what offense I’m not really sure. There seems to be a fundamental misunderstanding of cybercrime and cybercrime laws. I mean was it really unauthorized access (they called it “hacking” of course) if his user account literally had permission to map network drives?

They removed the ability for student accounts to map network drives, but the district IT guy was not fired. I really don’t get that. Maybe the union saved him… but dog, everyone knows you can map network drives by right clicking on the desktop. I never thought to try it, but that doesn’t mean the district’s IT SME gets a pass.

replies(7): >>43549310 #>>43550920 #>>43550984 #>>43551766 #>>43552353 #>>43552453 #>>43552811 #
1. dandelany ◴[4/1/2025, 11:49:00 PM] No.43552453[source]

Is it still trespassing if the door was unlocked? Yes. Not sure why so many people have trouble applying the same principles of unauthorized access to computers.

replies(1): >>43552817 #
2. atq2119 ◴[4/2/2025, 1:06:00 AM] No.43552817[source]

The interesting bit is that social expectations matter.

There is a social expectation that people can generally only enter your home with explicit permission, and so if they didn't invite you it's trespassing even if the door is unlocked. But maybe you have some close friends who you get used to coming over and just entering even if you may be out at the moment -- and then it's not trespassing anymore.

Remote computer access is a much younger phenomenon than people living in houses, and so social expectations aren't as established. There's a legitimate need for discussion there.

For example, if you have an open webserver that you want people to access, is it trespassing if people fiddle a little with the URLs and encounter documents that you didn't mean to put out there? I'd argue it would make for a healthier and more tech-savvy society if we didn't consider that trespassing.

If we try to push the houses analogy further, it's a bit like inviting people into your house for a big party, and then somebody enters a room that you didn't want them to enter. It's a faux-pas, but you'd probably also have a hard time if you tried to label it trespassing.

replies(1): >>43553376 #
3. macintux ◴[4/2/2025, 3:27:00 AM] No.43553376[source]

There are echoes to discussions a few months ago about IMG_0001.

>>42314547 →

The site displays random, ancient videos uploaded from the early iPhone YouTube app, often without people understanding what they were doing.

I tend to err on the side of caution: I don't expect most people to be tech savvy, and I think those of us who are must exercise restraint to avoid trespassing.

replies(1): >>43555847 #
4. atq2119 ◴[4/2/2025, 12:18:00 PM] No.43555847{3}[source]

I actually agree with you, but the point is the balance.

Don't steal. Don't share embarrassing or humiliating information you may come across.

At the same time, there should be safety from prosecution overreach.

I ask for this mostly not for my current self but for "kids" (including young adults, e.g. college students) who are on a hacker journey in the original sense of the word. As a society, we should encourage rather than stifle that sort of exploration.