University tales



  •  A friend of mine studied at one University whose system administrator simply didn’t know his job.
    The system was left unpatched. The root password of the webserver of the Computer Science faculty was “computerscience”. Users weren’t smarter, neither: my friend once did a little (unauthorized) vulnerability assessment and discovered that more than 20% of the users never changed the temporary password (which was “temp”, by the way) originally set by the sysadmin. As you may imagine, the system was constantly being compromised by external crackers.
    One day the disk of the main server had no free space left. (There was no user quota policy.) Then the sysadmin, instead of canceling the many sleeping accounts - some of which had not been used in years - had the clever idea of recovering a few Kb by deleting the users’ read and unread mail. When users went into his office to complain, he suggested they should “put their mail on a CD-ROM” (???).

    I, on the other hand, studied Computer Science at an University whose students had unlimited disk quota on the main server. As a consequence the disk was periodically full, which prevented anybody to save his work. Then someone had to alert the sysadmin, which poked around in the users’ home directories and deleted anything he found that seemed too big or useless, upon his personal judgment.
    My workaround to this problem was to keep a few files in my account, each one containing about 100 Kb of garbage. Whenever I needed to save my work when the disk was full, I just had to delete one of the garbage files; then immediately after I could save my work, taking advantage of the space that was temporarily freed.
    This no-quota policy, albeit strange, led to a couple of enlightening discoveries. Once we spotted in a user’s home directory a 0.9-Gbytes .xsession-errors file. In another user’s directory there was the complete source code of a large Linux distro.

    I've a few stories to share about users, too. 

    The computer room of my University was composed of a dozen Linux machines with a public account only. The students logged in as “guest”, then had to telnet to the main UNIX server and login on their personal accounts, where they could store personal files and mail.
    Some day, the system administrator put up a sign saying that he was going to reinstall the OS on all Linux machines and reformat all hard drives. After reading this, a student was very worried about losing all her personal files on the main server. She clearly had no clue about what telnetting to a remote system meant — despite doing this all the time before accessing her personal account.

    Another day, I was in the same computer room. The guy sitting next to me was taking advantage of a feature of a cell phone company that allowed customers to send a SMS via email. This was done by addressing the message to a specially crafted address in a format like 012-3456@sms.phonecom.com. The guy sent a couple of SMSs this way, closed his mailclient and then went away.
    Shortly after, I saw the same guy doing that again, but this time he had probably been struck by amnesia, as he was addressing his messages just to the cell phone number — without the part after the @. The mailclient automatically completed the recipient field with the local domain, so his messages were being sent to non-existent users at our local University. Sure enough, the mailer-daemon then notified him of the failure. Several mailbounces after, he finally asked me for help.
    - Hi, do you know why I am getting these errors?
    - Sure, it is because the address is not complete. You have to add the domain name of the phone company. I don’t remember what it is; do you-
    - What do you mean, “I have to add the domain name”? It is fine as it is. I’ve always done it this way.
    - No, listen, it is not possible that you always had done it this way, because here you’re sending to the local domain. You have to specify a full addr-
    - (outraged) NO, YOU’RE WRONG! I DON’T UNDERSTAND WHAT YOU’RE SAYING, I ALYAYS DID IT THIS WAY!
    And then the stubborn luser left me alone and began again sending email to inexistent addresses.



  •  Reminds me of my university days although in this case I was the user.  I had found a 300MB cracked copy of Quake 2  (ah, the memories) which could run without being installed. A friend of mine stuck it in the server somewhere so every time we needed to get a multiplayer game going in the labs we'd simply copy it from the server to the local machine and play. 

    One day the game was gone from the server and my friend received an email from the admin notifying him that due to lack of HDD space they had to delete some files and they hoped it wasn't something he needed. To this day I'm not sure whether they didn't realise what it was or whether there was a sarcastic undertone to the email. In any case we took to carrying the game in a CD from then on.

     

     



  • Funny. I recall this happened in my university, too... 



  • @DOA said:

     Reminds me of my university days although in this case I was the user.  I had found a 300MB cracked copy of Quake 2  (ah, the memories) which could run without being installed. A friend of mine stuck it in the server somewhere so every time we needed to get a multiplayer game going in the labs we'd simply copy it from the server to the local machine and play. 

     

    Were your school colors, by any chance, maize and blue?  We had the same thing: cracked copies of Quake and Starcraft on public servers.  Wednesday nights some classmates and I would go down to a computer classroom, copy the games to a few workstations, and play for hours.  It was always annoying when some nerd deleted the games to make room for class projects. :-)



  • At my school we got a big network share. With plenty of random crap on it. Yes, there is games there.
    The fun part is that not even the owner of the files is allowed to remove them.
    Of course, the computers them self isn't terribly maintained, there is a bunch of random games on some of the computers.
    At least they had the great idea of sticking the IT students on a partly ad hock network (yes, both wall mounts and non wall mounts). All on a single ADSL line. Now we can do our torrents, gaming and other non work actions unrestricted by the strict major system. Well, this will change after summer when we get new playrooms. They will get us a completely new network to trash with unauthorized equipment, gaming and general non productivity.
    Yeah, the teachers knows what we do. They just ignore it as long as we fill out the boring tests and write crappy software that belongs on this very site. I am not sure who to blame for the quality of the code, the teachers, the students or both.



  •  @AlpineR said:

    Were your school colors, by any chance, maize and blue?
    Nope. I'm getting the impression there were people running around with copies of Quake2 in every uni. :)@AlpineR said:
    It was always annoying when some nerd deleted the games to make room for class projects
    These people should be expelled. There is a line you know.

     



  • When I was a lab monitor, all of the new hires were given a round over orientation over a day or so, which included visiting the labs, taking very short classes, meeting everyone important, etc.

    One of the things that was stressed to us in the "how to use your (university name) computing services shell account" seminar was "Don't do anything illegal. No downloaded movies, no programs that you don't own, no kiddy porn."

    I'm not sure why he had to mention "no kiddy porn" at the end, but sadly I suspect it was a case of explicitly telling people not to do it because someone had, in fact, use their account to host kiddy porn.

    Honestly, how dumb can you possibly be? You work for the computer labs; you should know that your stuff is going to be checked.


  • Discourse touched me in a no-no place

    @Volmarias said:

    I'm not sure why he had to mention "no kiddy porn" at the end

    Lawyers are people too. Not that I agree with the sentiment....


  • @PJH said:

    Lawyers are people too

    , people who need kiddy porn that is.



  • @DOA said:

     @AlpineR said:
    Were your school colors, by any chance, maize and blue?
    Nope. I'm getting the impression there were people running around with copies of Quake2 in every uni. :)
     

    We actually had SunDoom (XDoom? I forget) installed on our servers.  Granted, it usually ran at about 320x240 and 5 fps, but still...

     



  • @DOA said:

     Reminds me of my university days although in this case I was the user.  I had found a 300MB cracked copy of Quake 2  (ah, the memories) which could run without being installed.

    Bleh. We found one of those username==password accounts once on the campus servers that didn't have any quota (back then, quota was 1Mb). So we uploaded the 25Mb REGISTER.EXE (full registered quake1 version), so we could download the game from anywhere inside campus.

    That place had a load of WTFs on UNIX security; while they did have the time to setup a NIS domain, and NFS shares for all students and staff, some of their "security" was just bad. Passwords were randomly generated ... and then kept in plaintext on a series of files with username/password combinations. If this wasn't bad enough, passwords were unchangeable, and the account which had the "password search" script for the admins had "passwd" as password. Add all of this up, and voila: you got a load of "überhackers" whose "hacking" abilities were actually having a copy of the damned password file.

    Of course, they'd fail trying to "hack" me, as I had found out by then that I could either change my password at the NIS master server (where yppasswdd was always running) or just try doing so at some servers which fired up yppasswdd between 16:00 and 17:00.

    It must've taken about 2 years for the sysadmins to realize they were being 0wned, and that was only after some stupid kiddie started cyber-bullying other students, erasing their homedirs and such. Though we think that happened after a real hacker got r00t access, but that's another story.



  • @D0R said:

    The computer room of my University was composed of a dozen Linux machines with a public account only. The students logged in as “guest”, then had to telnet to the main UNIX server and login on their personal accounts, where they could store personal files and mail.
    Some day, the system administrator put up a sign saying that he was going to reinstall the OS on all Linux machines and reformat all hard drives. After reading this, a student was very worried about losing all her personal files on the main server. She clearly had no clue about what telnetting to a remote system meant — despite doing this all the time before accessing her personal account.

     

    The nerve of her, not being totally confident in her understanding of what was going on!



  • @Volmarias said:

    When I was a lab monitor, all of the new hires were given a round over orientation over a day or so, which included visiting the labs, taking very short classes, meeting everyone important, etc.

    One of the things that was stressed to us in the "how to use your (university name) computing services shell account" seminar was "Don't do anything illegal. No downloaded movies, no programs that you don't own, no kiddy porn."

     

    So adult porn and bestiality was basically OK, then ?

    @Volmarias said:

    I'm not sure why he had to mention "no kiddy porn" at the end, but sadly I suspect it was a case of explicitly telling people not to do it because someone had, in fact, use their account to host kiddy porn.

    Honestly, how dumb can you possibly be? You work for the computer labs; you should know that your stuff is going to be checked.

     Yeah, and who is doing the checking: the computer labs staff .....



  •  Oh yeah, well my school had a well-maintained set of computer labs of various types (Windows, Linux) that were easy to use, set up securely (and maintained), with plenty of quota'd disk space and more if you asked the cheerful, knowledgeable support staff and had a reasonable explanation as to why. The network was fast, always up, your files and web space available on or off campus.

    :)

    We had the occasional kinda-WTF, but they weren't hugely bad.



  • @Maciej said:

    The nerve of her, not being totally confident in her understanding of what was going on!

    The nerve of you, resurrecting a [b]four month-old thread[/b] just to post an inane comment like that.



  • @Quietust said:

    @Maciej said:
    The nerve of her, not being totally confident in her understanding of what was going on!
    The nerve of you, resurrecting a four month-old thread just to post an inane comment like that.

     

    4 months (minus a few days) is nothing. I've seen 5+ year old threads turned zombie by kiddos who don't even bother to read the solutions offered to the original question but just add "haf zame prob, plz hlp mi" or some such on quite a few forums.



  • @Maciej said:

    The nerve of her, not being totally confident in her understanding of what was going on!

    You resurrected my creature, now you take care of him/her/it. 



  • No! No thread escapes the slash of my Scythe of Finished Topics! Your necromancy stops here!


Log in to reply