Best language for illicit code

By William Entriken

2 minutes

So public safety comes into my room last night while I’m sleeping with a fanfare of the head of public safety, head of network security and 10+ other people. One is standing by to turn off the circuit breaker, and they’re ready to seize my computer. So I sat with them in the living room to answer some questions. Here is the conversation between the network security guy (herein: NSG) and myself:

NSG: We’re here to talk to you about illicit computer usage
ME: Oh wow, what specifically?
NSG: According to some information on one of your websites, we have reason to believe that you have gained unauthorized access to some of our servers and/or network equipment.
ME: And why is that?
NSG: Apparently you have the ability to see if any given student is at their computer at the time
ME: Hmm, yes I do
NSG: So it seems like you have illegally accessed our router table to get this information
ME: Why don’t I pull up the site so we can be clear on what you’re talking about
NSG: Ok
ME: (typing)
Computer: Please enter a student’s name to see if they are online and where they are:?
ME: Is this what you’re talking about?
NSG: Yes
ME: (type type type)
Computer: [[student]] has 2 computer logged in on campus at [[location]]
NSG: Yeah, how are you doing that?
ME: Do you know PHP?
NSG: Sort of (that’s IT speak for: “not really, but I get paid for it”)
ME: (type type typearoo) here’s how I get the IP address
Computer: $ip=gethostbyname("STUDENTNAME.student.villanova.edu")
NSG: Hmm…
ME: Any more questions?
NSG: Um… well apparently you also know what classes all the students are in, how do you do that?
ME: Do you know what LDAP is?
NSG: Yes, I administer LDAP
ME: Hmm…
ME: (typing typing)
Computer: $ ldapsearch -h ldap.villanova.edu -b o=villanova.edu uniqueMember=[[STUDENT'S DN]]
ME: All this information is public, do I need to hit enter?
NSG: No, that’s not necessary
ME: Any more problems?
NSG: Um… well it appears that you’re running a wireless router on campus and that’s not allowed
ME: OK -
NSG: OK… I guess that’s it
(Exeunt fanfare stage left)

So the moral of the story is, if you’re doing anything cool on a computer that someone else might think is illicit, make sure you use short, simple, easy to understand code. because if I wrote the host lookup in brainf***, that would have taken some time to explain.

Comments

The official X thread

@fulldecent

Please discuss this topic anywhere and let me know any great comments or media coverage I should link here.