After an agent had been terminated, their punishment points would decay over time until such a time they reached zero (or another configurable threshold depending on how desperate the company was for warm bodies), at which time they would be sent an e-mail to their personal e-mail (which was collected during the application process), inviting them to “re-apply”. Being an early telephony company we also would send them a robo-call with the “good news”. This process was known as a “life-cycle” and it was common in certain labor markets for employees to have many such lifecycles. Another way employees could stave off automated termination was to work for unpaid overtime, which offered to reduce their point values per unit of overtime worked. Everything was tracked to second granularity thanks to deep integration with phone switches and the adoption of the open source Asterisk CTI.
This orwellian automation terrorized the poor employees who worked there for years, long after I left, before it was finally shut down by court order. I had designed it as a plug-in architecture and when it was shut down there were many additional features, orders, and punishment_types.
Edit: Since I am getting downvoted, I will just add context -> https://idiallo.com/blog/when-a-machine-fired-me
I was on the other end of a similar system.
Personally while I'm opposed to programmer certification, systems like these certainly make me wish such a thing existed.
I often say that telemarketing should be considered a less honourable occupation than prostitution (in the latter case, you have two people voluntarily exchanging value; in the former case, you have one person trying to scam the other). Now I'm beginning to suspect it also has worse working conditions.
Your employer's mistake was working in the call center business, they should've sold your system instead.
"I take lots of cigarette and bathroom breaks to fix my makeup/hair and Snapchat my friends. I can't see myself working hard. I am not a sheep". Those are the exact words.
This is a scene from a government organization in Romania.
Now, i am in the US and I've not witnessed it here but here i am in executive role so i hangout with different people.
I asked them why not do your job properly? They answered, if they are going to do their job then they'll most likely receive a promotion, raise and more responsibilities come with it. For them more money = more problem.
They told me that for them money does not matter and all they want is experiencing different cultures, traveling etc... and work has no place in it.
This is something I had never heard before!
They somehow managed to rationalize not performing their jobs.
We hosted dedicated servers and most of the time, they were mostly Plesk or cPanel servers run by people selling email and or web hosting to hundreds of clients from a single server.
This one time a client joins the network, buys a server from us, and migrates from Rackspace. We wondered why he'd move from Rackspace given they were better than us, and it turns he was kicked off of their network because he basically submitted tens of support tickets daily asking for all kinds of optimisations, improvements, and silly stuff not covered by the support contract. Rackspace had decided he wasn't worth it and booted him.
We ended up with him and boy was he a pain in the backside. Anyway...
Long story short, he cost us more in engineering time than he paid us and this irritated the owner of our business. The owner had my team leader find someone on his team willing to do the following: dump the guy's Plesk database containing all of his customers and make a copy of it on our network. I took on the task and was told it was simply a backup. I was young and didn't really think things through. I feel bad about it now because...
The customer was booted from the network a month later and all of his customers were offered free email and or web hosting for the year, including migrating them over to our network... the owner absolutely annihilated the guy. He contacted all his customers and simply wiped him out.
That same owner is now a highly respected business man and an MBE.
You might be able to do some digging and find out who this company and owner is, if you look hard enough.
Probably not that many other web host CEOs with an award from the Queen.
He was working on a large, industrial construction project and they were nearing the end of it, so a QA engineer was scheduled to do a walk-through, and before that happened a higher-up purposefully damaged finished work, dented a pipe with wrench, unscrewed a bolt, etc... That way when the QA engineer did his checks, he'd find these obvious, easily fixable defects and mark them, whereas if he had found no problems, he would end up digging deeper, since he'll feel like he has to find something, and then he might potentially uncover some major, catastrophic problem that'd be impossible to fix and still hit the customer's deadline.
Theoretically everyone's happier at the end of it... QA because they did their job and found stuff wrong, the client cause the project was finished on time, and all that for an afternoon of extra work.
I worked for a company with an extensive QA process and on occasion I found myself being less then thorough before handing the code off. I knew there were bugs, but just left them in there, because they had bug quotas they had to meet, and we had a tight deadline, etc... At least that's what you tell yourself to justify the behavior.
Sometimes I wonder just how much of this kind of greasing-the-wheels goes on in other industries...
The non-gamers at the publishing company seemed to feel they had to get back to you with a handful of changes. If your game was really polished, the changes would be pointless or even harmful things. I quickly learned to leave in a few obvious things that were trivial fixes, e.g. blocky bitmaps, misspellings, jarring colors.
Instead of coming back with:
> we really like the game, but couldn't the snake be an F-15 fighter, and couldn't the scrolling be vertical instead of horizontal?
...it would be more like:
> Change that color, fix that icon, correct that spelling
I wonder if there's a name for doing this?
ERM software. When a new client comes onboard, install the product and database, but make sure not to make any optimizations, not even the basic indexes in the DB. Depending on the usage, the DB will get slower and slower in a few months. Then send a "consultant" who will simply run a script and add indexes etc and test a bit (no more than an afternoon worth of effort) and charge a high fee for it.
We had a project once for conversion (not getting into details). My team found a tool online. Boss bought it, finished the entire project in one day. Boss bills for month (which was the original estimate), puts the team to work on another project for the next 29 days, gets paid for that too. The only decent thing in this story is that we didn't know before the quote, that such a tool was available. Some would say this is smart way to do business, it felt shitty for me though.
Holy crap, that process was all kinds of frustrating and drawn out.
About 3 months after we placed the offer, the bank put the house up for auction on another site, to try and drum up more offered. On the auction day, I checked in routinely no one was bidding. All was looking great. About three hours before closing, a bid came in that was lower than our offer. OK, still good. Then another about an hour later. Still good. Then the "final hour" of the auction happened and it slowly but surely started ticking upwards, bids started trickling in and the price started climbing higher and higher. About 20 minutes before the end it got past our offer and my heart sank. As the end time drew near it started getting bumped out by further offers.
I told my wife we'd been outbid, after a stressful day, following on from months of stress and frustration.
Next day, our realtor reaches out to the selling realtor who reported that the bank told her no one else had actually bid on the house.
Yay.
1. I know the guy who, pre-Snowden, actually designed many of the pieces of network gear needed for the dragnet. His perspective was basically: Yes it's wrong, but what do I know? I just design electronic circuits.
2. Same guy also mentioned how at another company he worked at they used DNS tricks to exfiltrate data out of their enterprise clients. Nothing crazy, mostly just analytics to aid in things like product design. They got caught though. First Intel went out, then a couple hours later 4 other big tech companies (including Apple and Microsoft). Then a huge swath of devices stopped reporting. They got acquired shortly afterwards for a large, but sub-billion dollar amount.
3. I know a couple people that crack into devices and sell the 0days to the highest bidder. I consider this practice for anything cyber-physical (self-driving cars, etc) to be so unreasonably unethical that it should be against international law. It's one thing to sell these things to an allied government, it's quite another to have them on the open market.
Honest question...why?
The result/intent seems the same whether done by a state or nonstate actor. In fact a state actor seems more likely to use it because of a greater feeling of moral justification.
In case anyone wonders, this is why so many engineering schools are increasing their focus on teaching ethics.
EDIT: I don't expect to receive an answer to this (and that's fine), but I'll give more color to my guess. Meraki had a side venture in internet connectivity-enabled location analytics which was more profitable than its actual router sales. This is one of the reasons why its acquisition price was so high. It has since contributed to a location analytics service within Cisco.
This outlook, along with "well if I don't do it someone else will anyway", is why tech workers are quickly becoming the new bankers in the view of the public.
So when they blogged about their web site becoming occasionally very slow, I sheepishly emailed them, and asked if this might be due to my scripts. I assumed that of course they'd have some sort of IP based limiter in place in case I got to greedy. Well, they didn't. They requested that I send them my scripts, which I happily did. They also banned my account, which I thought was quite petty.
They might have unbanned me a couple weeks after that, but I quickly lost interest in Quake Live.
I was asked to write an Applesoft BASIC program to help the front office collate and remove duplicates from attendance lists taken first and second period. At some point, I added some obfuscated code that would add John's name in when the total number of names was over some threshold.
Believe me, I'm very very ashamed of myself...
Read up a bit about DOW and the Bopal disaster and started to feel horrible about my work.
Tried to gently bring concerns up with the management, and was laid off immediately.
I feel really bad about doing that work, but trying to make up for it by not eating animal products anymore.
I hope karma does happen in the end but I fear it doesn't.
The first project was for a large, (now) well-known fintech company. They needed to develop login integrations with consumer banks to acquire customer account information for verification purposes. But many such banks didn't particularly want to grant them any special API access. More importantly, these banks typically forbid scraping and made it explicitly difficult by implementing JavaScript-based computational measures required on the client in order to successfully login. I helped this company develop methodologies for bypassing the anti-scraping measures on several banking websites. However, I stopped working on this because 1) I felt uncomfortable with the cavalier way they were ignoring banks' refusals, then using the reversed integrations and onboarded customers as a bargaining chip for more formal partnerships, and 2) performing huge amounts of analytics on customer data acquired as part of the account verification process.
The second project was for a tech startup working on insurance and credit analytics. This company is one of several that popped up in recent years to use machine learning and social data in order to develop a more "complete" credit score (in their eyes). They had an impressive team of machine learning researchers but their data acquisition team was comparatively mediocre. So I worked with them to improve their acquisition methodologies for a variety of social media websites. I stopped working with them for three reasons: 1) fundamentally, I lost faith that their product was actually generating a meaningful signal over traditional means, 2) I was worried that the data they were collecting might introduce spurious correlations or illegal biases, and 3) if any team was going to do this correctly, I didn't think this particular team was the qualified one to do it.
Could you expand on the correctness aspect? I'm currently working in this space for what I believe to be good reasons (to improve the accessibility of a particular service for visually impaired users). But I'm eager not to abuse my position and knowledge.
I know this isn't the point of the thread, but I couldn't help myself. I will ask for forgiveness (as I am sure we have all done in both technical and ethical matters)
I'm sorry your daughter didn't get Nsync tickets.
Sure enough that's exactly what happened and a really hard working and honest developer lost their job so an executive could save face.
Left that company a month later but I still feel horrible
int main(int args, char ** argv)
{
static int foo[640*1024];
return 0;
}
First, I'd have been able to run it (or grade it even without running it). And yes. I've seen a lot of crappy Haskell code. I've written a good amount of that myself when I was learning Haskell back then.
Second, assuming I didn't know Haskell, I'd have stopped your babbling in the presentation at some point and asked you to run it.
Third, any student that does unusual things is either very good or very cheeky, so those students deserve special attention. So 10 minutes at your and my convenience to run the demo in my office would always have been an option.
(But then, teaching at my university probably was quite different from teaching at your university).
I'm still not sure whether or not that was net good/bad. I'm sure that the tool has caused some real familial stress. We could fall back on the "well if not us someone else would have" but that's a cop-out.
Our site was checkashleymadison.com. Later on we got rid of the domain. We had a ton of interest from advertisers, but we thought it best not to try and make money off of the exposition of others. Overall we took in something like 1.2mm uniques over 24 hours. It was a pretty crazy day, and my first time speaking with the media. Looking back, I'm glad that I didn't say anything too dumb.
Originally we intended to stay anonymous, but I forgot to tell a The Hill reporter of that wish and my name was published. After that I spoke on the record to whatever journalists were still interested.
Then we'd loaded all this in google maps and let users of the app figure out what demographics frequent particular locations on the map. For example a use-case of this would be a coffee company figuring out where to open a new coffee shop.
The boss (non technical) privately asked me one day to do some research about automating some data entry processes, basically reading from excel files, some databases, formatting and putting it all in another database.
I found out later that if that script is made it would lay off a number of people doing data-entry. I didn't go through with it for many reasons.
I blogged about it on my personal blog. All the posts were about how to solve issues I had using it. This was before stack overflow.
After I had about 10 such posts I wrote a post titled "interwoven teamsite sucks" and linked all the other posts there.
I started noticing traffic to that post from specific ips accross the country.
A week later I was pulled into a meeting with the top see directors and told to remove my blog. Interwoven was an Accenture client.
I removed it.
In order for this to be legal, the sweepstakes games have to have a defined number of entries as well as a defined number of winners and losers. None of our games did, it was just too prohibitive. We did provide to our customers, by law, our average payouts and our games did adhere to those through averages over time. But there were many occasions where the games didn't pay out jackpots regularly or paid them out too frequently, hurting stores that were using our software. Our recourse was to provide them more "entries" to distribute to sell to their players, which of course cost us nothing.
Business was good for quite a while, but stricter laws and states cracking down really killed profits. I just feel like any type of gambling in unethical, it seems to really pray on people's dopamine addictions. And these internet cafes, in particularly, are largely occupied by retires who, I'd wager, can't really afford to be throwing their money way.
Years later, my Aunt and Uncle became addicted to gambling on those casino boats and have now lost the house my Grandmother left to them when she passed. I don't necessarily believe in karma, but that certainly made me rethink it.
I quit instead.
That just sends me stampeding for the [X] on the tab button all the faster.
Could you explain this position? (Honestly asking.)
Probably pre checking one of those cookie policy checkboxes or what not. Wasn't too happy about that, especially when the software used removed the feature before for exactly the reason you may expect.
I also previously used a mod to read personal messages on a forum once, though that's one of those things which is heavily, heavily debated about on community management sites, with about half the audience saying its an unethical breach of privacy and the other half saying either that it's their site and property deal with it or that it's a good way to stop poaching and abusers.
But that one wasn't exactly coded by myself, so eh, it's an edge case for this question.
So probably a tie between those two, depending on what you count by 'as a programmer'. Fortunately, everything else I've been asked to do in my career has been pretty normal/ethical.
In any case, the startup I worked for previous was split up and sold/aqui-hired out to two different companies, and myself and the technology I'd created, and the million+ email addresses we'd collected went to this one.
I went along with it because they were one of the few companies I knew of with access to the twitter fire hose feed, which interested me, and they had dept. of defense contacts - which ( in my mind ) legitimized their presence in the U.S.A. at the time.
Out of the many shady-feeling project, the one that made my skin crawl the most was an automated fuzzy matching system I was ordered to create, that tried its best to match users on Twitter to users on Facebook, using nothing beyond the normal publicly available meta data ( name, age, icon, the regular profile stuff ) and the followers/people followed on the twitter side, and friends and likes on the Facebook side.
It was surprisingly easy to match people, and felt more than a little wrong to me when I really thought about it... but the tech/challenge was just too fun to work on to routinely give it more than a perfunctory thought.
I wasn't comfortable working for a company that preys on the fiscally challenged, so I found another job and quit the contracting company I worked for.
I think it would be difficult, but possible to run an ethical payday loan company that focuses on building people up and out of long term debt.
I agree with you though, that's a sleazy way to make money, IMO.
I totally understand. It just made me feel dirty. I quit as soon as I was able.
E.g. watching an ad to double my score/gems, sure. Making me watch an ad after every level before I can continue, hell no, that’s an instant uninstall.
Know anything about that or the extent of it?
[0] https://www.vox.com/2018/4/2/17189078/grindr-hiv-status-data...
I may have infected my classmates with RATs in school with another partner and uncovered a large number of class romances.
I may have been an asshole as a kid. I'm just glad I grew up.
In another occasion, I cracked the copy protection on one of their applications. They had a full license, but the protection relied on a magic 5¼ floppy disk and their new machine only had a 3½ drive.
I promised myself I'd never work on accounting software again. Later, I ignored the owner's questions about what kind of internet businesses to invest in. He was dangling some of his money in front of me, but I didn't fall for it. Which was a good call, because a few years afterwards, he got in trouble for aiding his sketchy clients I mentioned above.
I haven't had to hack independent media agencies and opposition parties yet and I plan to keep it that way.
i have a couple of guesses.
I used to feel really bad about this, but apparently there are whole teams dedicated to this sort of "cleanup" in M&A nowadays. Now I just feel bad about everything!
I finished it in 5 minutes. My boss asked what happened, I told him, and he told me to revert the code, work on other tasks, and redo it at the end of the day so he could bill for 8 hours (in addition to billing for the other tasks I worked on).
I did it and didn’t say anything. This was just a few weeks into my career.
I’m surprised this kind of thing doesn’t happen more often, to be honest. The people handling the business and writing the checks never seem to know anything about software. You could probably get away with telling them just about anything.
I’ve only ever seen it happen once, though. Software industry has been pretty honest in my experience (at least as far as billing goes...)
The problem with trying to charge for programming work is that so much non-trivial work can be summed up as a few keystrokes, or an addition of a single line, or even producing less code (by deletion/refactoring). That said, I don't understand why your boss thought this subterfuge was necessary. If the client is non-technical enough to approve 8 hours of billing for something that takes 5 minutes to fix, how is that client competent enough to look through the git history to know that it was only 5 minutes of work?
I also think most people are aware that's the case, and are fine with it since they've got an estimate that they've approved. The estimate was good enough to justify the business value so they expect to pay the full hours.
Letting people know you need more time is probably a bigger issue.
Otherwise, if it takes half the time use the other half to test, or train yourself to be better at your job. IMO
We're a software contractor for: DHS, ICE, CBP and more. Took the job knowing that was some of our clientèle.
Was in a tough spot. That job was hiring. Didn't have other bites. Food and living expenses is nice to have (and so is not living in a car).
I also have a clean criminal record, and nothing exciting in my history.
https://en.wikipedia.org/wiki/Programming_ethics
Also WRT ageism and changing ethics over time, "we don't have automated testing infrastructure" was BAU in the 80s/90s yet today would be an ethical WTF moment.
Something that probably still happens today is the old "address ... economic .. issues related to work projects" Pointing out this thing is never going to run a net profit just means I'll get downsized first; everyone who's numerate could run the numbers if they wanted to and they're all theoretically responsible adults at the meeting table, so ... If you mean address the fundamental economic issue, as in make sure my resume is updated while avoiding a meaningless fight with execs, sure...
Oh and edited to add, WRT taking responsibility, a couple of times I've optimized and improved processes to the point its a one line shell script wrapping a grep or echo and that's kinda queasy taking responsibility for "writing" that. Replace half the job responsibilities (and presumably employee slots) of a department with a one line sql query in a cronjob, that kind of thing.
I’m sure he knew and accepted it anyway because he was a great teacher that seemed to enjoy letting us creatively solve problems more than sticking to specific curriculum. Was my favorite class in school.
I still feel a little guilty about that though.
The teacher's face was priceless as she discovered my work was on the school server since "3 days ago". (she was looking for it specifically every single day)
It was a small 30 person company with an overbearing founder.
We ran a chat program called Pandion to allow non-IT staff to quickly ask each other work questions.
The boss had already asked us in IT to set up journaling in Outlook so he was getting a copy of every email sent and received by his staff.
Next he turned his attention to Pandion and I was tasked with setting up a regular report containing all chat messages that were logged on the server.
I knew everyone in the company personally and didn't care to read their private messages...but the boss wanted to get a copy right away before it was announced to staff.
So I send a copy to him, containing the last few days of messages that had been sent.
Of course a couple of staff were dating. Apparently Glen* and Amy* used Pandion for personal messages to each other.
I'm sitting with the boss explaining how the staff don't know their messages are being reported on and we can start publishing the report after the next team meeting, but the boss wanted none of that...
So we start going through it together. One of the first messages is from Glen telling Amy that she's as tight as the seal on his lunchbox. The boss had a good sense of humor and we both pissed ourselves laughing, but it still goes against my values.
Also trolled my non-programming friends who had computers by installing a personally developed backdoor that allowed me to open and close their cd-rom tray remotely. That was really fun.
A colleague of mine developed and infected every student-accessible computer with a remote-access tool listening over a TCP socket. We'd mostly use it to open and close CD trays. Another colleague was unsatisfied by how the TCP approach made the CD trays go off one-by-one if you tried the batch mode, so he wrote another remote-access tool, this time masquerading as a Windows service, and listening over UDP. Then he'd use UDP broadcast to simultaneously open and close CD trays everywhere in school.
Fun times.
Oh, and one of the first things they did to me when I was getting to know them was installing and hiding simple PHP script in my WWW folder on my account on school server. The script would basically evaluate its input param in backticks. That is, a minimal remote shell accessible in my public folder. AFAIR it took me couple of months to track down why some weird things were happening to my account from time to time.
In high school (2010-ish), I was on the student council so I had insider access of sorts to a lot of the inner workings of the school administration. One day, during a short meeting with them, the principal told us on the council that the IT department was installing wifi for personal device use. Since we had difficulties with getting school bonds passed by voters at the time, the wifi was supposed to enable us students to bring our laptops from home and use them in the classroom (since most classrooms only had 3-4 computers, with older schools only having 1-2 computers per classroom for staff use only). Naturally, we were all on board since it would enable us to finish our schoolwork without fighting over computer space.
Fast forward two months and I notice that the wifi seemingly hasn't been installed yet. I ask the principal and was told that it was supposed to be installed and working perfectly. So I did some digging on one of the school computers. This is where I found out how the school district's IT department submitted updates.
The IT department ran an old Novell Netware server for account login, Faronics Deep Freeze on the end user machines to protect against student abuse, and a Windows network share for unattended updates. Since the Windows Netware client cannot assign local Windows permissions (or it wasn't configured properly in my case), everything inside Windows was ran with admin privileges (you were logged into Netware but ran under a local admin user account in Windows). Since Deep Freeze reverted changes to the file system on reboot, the assumption was that the students could completely wreck the install all they wanted with a simple reboot being all that was needed to effectively reset the machines to the default configuration.
This strategy worked well, but there is a huge flaw. Because you had local admin rights, you had full access to whatever resources you wanted under Windows XP Professional (the OS of choice back then). This includes the ability to install software or games (we had some epic district-wide Halo CE LAN parties), see network information (MAC address, IP octet configuration, etc), and everything else you could do to a local computer. The only caveat is that whatever changes you made would be erased on reboot. I guess the assumption with this is that the average inner city high school student wouldn't have the technical expertise to know how to read this information, let alone access it. But, with me being gifted with tech skills at an early age, I could do some damage.
Back to the wifi story. I noticed in my digging that my Novell account credentials would let me into their update share. I was able to mount the share as a network drive and look through it. I saw everything from MS Office VLKs, the Faronics uninstaller, network diagrams, etc. I did have some ethics back then, so I didn't touch anything related to a license key. But I did find the wifi deployment timetable document.
It turns out that the IT department had already deployed the wifi to my school and was fully functional...for them only. They had made it as a hidden network only accessible to them for "maintenance purposes". (Keep in mind that most of the school and administration was under the impression that it was going to be for student use.) The timetable document also listed the wifi password for the hidden network. With that information and the MAC/IP pattern I swiped from one of the school machines, I was able to log onto the "maintenance" wifi with my own personal laptop. This made me the talk of the student body ironically, with even one of the assistant principals asking me for help because the IT department had stopped communicating with the administration regarding the rollout.
Anyways, I used my newfound wifi powers to do my work and prep for college. Never used any of the serials or anything, just wanted to stop fighting over computer use. Ended up keeping the timetable document on a thumb drive until graduation before sticking it in my desk for a few more years. When I moved to Seattle for work, I ended up tossing the drive into the ship canal under the Fremont Bridge. (If someone finds it, I'll buy them a beer.)
Anyways, that's my unethical story.
TL;DR: Hacked into a network share to get wifi access in high school because the IT department embezzled funds.
I made it for fun, not really to cheat or anything, but once other students found out about it they asked for copies of it. Within a day or two the whole class had a copy of this program.
I didn't understand operator precedence, nor did I bother to test the program. Everyone used it in the exam and the whole class flunked due to BODMAS shenanigans.
My first project was an 'X-Ray': for a fee user could upload a photo of person and see them naked. The website just applied a picture of naked body to the uploaded face. We collected all of the resulting pictures and displayed them in a slideshow on a TV in the office for laughs.
The big project was 'download anything'. We had an affiliate program where partners were driving traffic to us and received 70% of profit. All the traffic was coming with ?search=keyword URL parameter and our landing page looked like a file sharing website with search results for 'keyword'. It was 2012, downloading shit from file shares was a big thing these days. Depending on the USER_AGENT, the visitor downloaded keyword.exe or keywork.apk. On Windows, it was an 'installer' that asked user to send an SMS to premium number in order to 'activate the download'. On Android, it was an app that just sent the premium SMS by itself — easy money!
We had a lot of fun and profit doing that, and I left that job not because of guilt, but because I burned out. Only after I left I was able to look at it from a different perspective.
Another one is installing basically trackware on the website, from an external party, that recorded certain input fields so it could mail you later when you didnt buy the product...
I then lied and told the CFO and CEO that it would be prohibitively hard to do and they dropped it. :P
For a final project presented which was ostensibly a limited auto-translation application, I made an application which just popped up an alert, "program unable to run due to security"
Got an A!
The whole class was playing networked DOOM about 10 minutes later.
I thought I was going to get suspended or expelled, but instead the teacher in charge of IT came to me and said "I know you did it, if you show me how you did it you wont get in trouble."
The look of disappointment on his face when he saw how easy it was... I'll never forget it. I wonder how much the school paid for that 'security' :)
I wonder how common this is. I've seen it happen at my school - when you have a VNC server on every machine with a 3-character password (three guesses what that is...), the local admin password on every machine is school, and the domain admin password is a single dictionary word, bad things are going to happen.
For you spring chickens "war" was exploiting the IRC protocol to take over channels, kill users, etc. The protocol was pretty vanilla back then and was vulnerable to a lot of those things. This was back in the 1990s.
This included inventing "DCC RAW" based "clonebot" code in the old Unix ircII client. I figured out you could just open a socket with the client so you could write a simple client script to create huge numbers of sock puppets. I'm not 100% sure but I think I was the first one to do this.
I learned a lot from that stuff but these days I wouldn't wreck a public volunteer chat network.
My most benign bot simply played back the subtitles of Robocop in realtime on a loop.
First of all, this was 1999, and the market (tech-stocks) were in peak ridiculous bubble mode. The hack was that the software used to simulate trades and track portfolios used delayed quotes. So, I simply used real-time quotes looked for gains in a short period and bought held for a bit, then sold. Essentially I had a time machine. I think at the end of year my account had over $500 million in it. The teacher knew I was "cheating" but still gave me the extra credit along with another student who didn't "cheat". An extra perk is the cutest girls in that class constantly asked me how I had so much in my portfolio.
When you looked at the official conditions of the training, you had to have 10 years of experience just to have the right to follow it, I was supposed to have passed diplomas to have the right to line up. I finally realized that my company had to produce fake degrees with a fake resume or I must have been 10 years older developpers.
It is obvious afterwards that employees, or even managers of training centers were in the scheme, there is indeed in my country a law that obliges companies to spend money in training every year. The company was doing this scheme on a large scale, we were 40 The worst part was that most of my colleagues were younger trainees than me, only three or four of us were officially employed and had real diplomas, so we were sent to the most difficult cases.
The advice we received was to be aggressive with the students to prevent them from asking too many questions, to be impeccably dressed and to be "handsome". It was not easy to teach to 15 years older So that my classes were not too pathetic and to make a minimum illusion I often prepared my courses the day before until 5 o'clock in the morning.
The trainees who gave the training deemed easier were recruited on the line, preferably if they were foreign, they were sent to give a test training and if it went badly they were sent back on the spot without remuneration. I don't know how or why, but I did about nine months of this before I left.
I also worked at a startup briefly that was run by a convicted con man. The business was legit but it was immediately clear he was using the same confidence techniques on everyone - clients, employees, etc. Not a good scene.
He regularely told me I should copy and paste the meta title and descriptions into a Word document (ugh) so he could edit on them. When he was done I was supposed to put them back in, manually of course.
Now, normally I‘d tell a client that such a task could be easily automated. However he was a very shitty boss and I was getting paid hourly.
So I simply built a crawler that analyzed every site and pulled its metadata, put it in an Excel table (I convinced him it was easier for me to copy/paste) and sent it to him via email. He then gave me the updated table, for which I simply wrote a script to execute some SQL queries to put them in.
This turned what what’s effectively 2 hours of work each time into 20-30 because of the number of pages.
One time I remember I forgot to update the metadata one of the pages. When he complained and I realized, I quickly ran the script and told him he‘d have to „refresh his cache“ or something. He never noticed any of this.
In another occasion, I was assigned to a project that I didn't find motivating at all, so my plan was to "slack off" and work on my own stuff as much as possible. The only question was how much did I have to work to make the management believe I was giving it my 100%. There was another member in the team, who was a great guy but an average dev, and I realized that I could easily make 2x more progress than him in the eyes of the managers and still have almost half of the day "free", so that is exactly what I did. Later I got a bonus for my "hard work".
But the one I regret the most is installing keyloggers on several computers in high school (msn era) and obtained passwords for most of my classmates. At least I was careful enough and didn't tell anyone at the time.
I just kind of brushed him off at the time. I'm still sorry I didn't collect evidence and then report him. He was a real dirt bag.
So one week there was this very hard problem. I didn't knew how to solve this but I figured out that there is one answer per 10 tests.
I bruteforced easy tests and send program with different answers std::cout<<30<<endl; ... So I send like 500 different programs. Then I just combined correct result with size of test ;p. I use while true to figure size for every test ;p
I passed every test. Week later my solution was removed and I got very nice e-mail about what I did and how wrong It was to exploit platform.
I still managed to be in top 10 at then end of competition but It was mistake huge mistake
Ps. Competition was with very good prizes but still I am ashamed of myself for that.
One or two clicks and some php magic.
I was pretty young so it's not something I would do today.
Think, contact.bankna.me, support.bankna.me, aus.bankna.me, customer-support.bankna.me, login.bankna.me etc etc.
They would often take down the subdomain and leave the parent name intact so they could keep cutting off the individual heads of hydra, if you will.
What hurts most is that it is still in a common practice in that company and industry.
I then sold the cheat source code to a forum of cheaters, who integrated it into their own offering and paid me a small royalty. The source code was pretty much copy pasted from a guide with minimal changes to work on the correct memory addresses.
Also helped build a site that tricked google into ranking us higher.
Online lending, for example, is a pretty tricky area. You have to subscribe to a pretty hardcore version of a capitalist moral philosophy to justify the %xxx percent interest those places charge. Especially as the 'ideal' customer isn't the one who pays you back, it's the desperate population who continually re-up their ridiculously expensive loans.
The most unethical thing I have done as a programmer is going to work everyday.
If you've never had the displeasure of being a student or teacher at ITT Tech, I'd describe it as a cross between community college and vocational school but where everyone is pretending it's a 4-year college. It felt like a place where dreams go to die, and no where did I see that more in the way they set me up to teach classes.
Now, first I should say I have a lot of sympathy for my students there. They were generally folks who honestly wanted to make better lives for themselves and got duped by ITT Tech into thinking it was a place where they could do that. Those students are now stuck with a lot of crappy debt they can't easily get out of and also didn't learn much, because as I learned from teaching there, the goal was not really to teach anyone anything.
I taught two classes: software engineering principles and Linux system administration. I had not special qualifications to teach either of those classes, but they needed someone to teach them, I had an MS in CS, and I had some idea of what to do. The SE class consisted of two students and we'd meet for 4 hours every Saturday for 3 months. We'd sit together and read the textbook, then do some problem sets out of the textbook ("how would you design this system or organize this work?"). Nothing truly objectionable, just the same shit the passes for "education" in most school. I think I gave both of the students As at the end of the semester.
The Linux system administration class was another story. I had three students, although one showed up maybe 3 times all semester, and they had all in theory already taken a class teaching them Linux/Unix basics, but as became immediately apparent none of them had actually used Linux before, just read about it in a book. So began our awful semester of them pretending to learn and me increasingly transitioning from teaching to pretending to teach.
They started out needing to install Linux on their laptops. This was around 2010, so not quite as easy as today but already very easy (the worst case scenario was you failed to get hardware acceleration for graphics or something like that, not non-functional input devices). Yet somehow every week for the first month we had to reinstall Linux. I don't know what was happening in the week between classes, but somehow Linux disappeared from their computers and we had to go through it all over again. This obviously put us way behind.
Once we got Linux running on their computers we started to try to do some basic system admin stuff (there was a syllabus telling me what stuff they should be able to do by the end). I don't think we ever really made it past creating users and installing packages (is installing packages even still sys admin work?). They constantly got stuck on basic things, forgetting how to `ls` and `cd`. By the end of the semester I think they still couldn't reliably `sudo` on the first try.
I knew this was bad and had been talking to my supervisor about it, but he kept telling me it was fine just do my best and work with them where they were. When the end of the semester came I didn't know what to do about grades because they had tried but were just unprepared for the class. At university I would have failed them, but ITT Tech insisted I give them Cs. I was pretty unhappy about that whole situation but what could we do.
When they offered me classes for the next semester I declined. I didn't want to be part of a system that was all about pretending to teach people things while also charging them a bunch of money. But for one terrible semester I was complicit to a system of exploiting desperate folks (some of my students had been in prison and were trying to get their lives back together and giving up a lot to pay for classes to be there).
E.g. at a contractor company, a client wanted to lease 5 developers for a project. We didn't have enough free developers, so they assigned a single guy to the project, who was making commits from 5 different accounts. The client was paying for 5 devs of course.
There was also a client who was building slot machines, and we wrote the software for it. We ran experiments to figure out the best way to rip off gambling addicts.
The first company I worked for took EU innovation grants and when the deadline came, they simply copied their existing product, replaced the logo and showcased it as something they used the grant for.
Initially, everyone will be paid out on time and later he will refuse to pay holding 500-1M from each company.
He made 10s of millions doing that you'll be surprised that everyone threatened with a lawsuit but never reached the court.
Now, he has a lot of real estate in NYC.