My first DDoS attack, kinda

Enter my home town: Wilburton, Oklahoma. A small town(~3000 people) you've probably never heard of, and probably won't again after this article. When you think Oklahoma you probably think back woods and redneck, not computers. You're usually correct, but I didn't quite fit that stereotype. This is how I came to be banned from using the computers at my high school for a semester.

How I got here

I figured out what programming was around 13 (7th grade). Instantly fell in love with it. So much so that I'd stay up til 3 AM on school nights learning more about it, leading to failing grades until some parental intervention stepped in.

So, I knew my way around a computer. I was young. Just the right kind of person to be a bit dangerous. Luckily I never enjoyed the hacking scene and never crossed over to the script kiddie stuff, but I knew the basics of vulnerabilities.

The day the internet broke

I was a junior the year this happened. It was sometime in the first semester. There is usually an inherit trait among programmers: curiosity. A yearning for wanting to know the consequences of a previously untried action. My lunch periods usually consisted of boredom. Recently the blocks at the school had been relaxed, so flash games could be played in the library. Hence, that was where me and my friends went to during our free time. Someone mentioned something about the command line and hacking. I don't quite remember what led up to it, but I ended up typing something like this:

ping -n 10000 -l 10000 1.2.3.4

The IP(1.2.3.4 is just a placeholder)) I used was the particular IP returned when content was blocked. They did block some content, but it wasn't horrible yet(at some point my own website got blocked for flash games. Ruthless!)

For the non-technical people reading: This is a command which basically says "send this huge message to a server and tell it to send back a huge reply". This command took me a tiny bit of research (using ping /?) to even know. I wasn't a black-hat by any means.

So, the technically minded out there are thinking "there is no way this would break anything"... Well, it didn't.. but then I ran it from 4 other consoles on the computer. At this point I started to hear "hey is the internet slow for you?" asked around the room. This is where I made the naive mistake of running with it. So, I opened like 10 command lines on this computer running this crude flood ping. Then, I went to the free computer beside me and did the same thing there. I think I did it on a total of 4 computers.

And then everything stopped working

I did not expect what came next. I had expected for there to be fairly strict controls on bandwidth. I thought I just maxed out the router in the library. Like the young naive teenager I was though, I left it running... on all 4 computers.

I was in 5th period when I started to realize what I had actually done. The teacher tried to load something on the internet and it wasn't working. "Connection timed out". I would later find out that I had brought the networks of the high school, middle school, elementary, and portions of the college to a stand still; as well as inflicting some damage on the IP address I used

About 30 minutes later it started working... another 5 minutes later, just before class was over, the principal knocks on the class' door. "I need to speak with Jordan".

"Ah shit."

So, we meet in the principal's office. My friend Joe is also there, and the IT guy. He starts saying that someone maliciously attacked the school network and their upstream provider for censorship. My friend Joe stares blankly and says "I have no idea what you're talking about." At this point, I know there is no point in not confessing, so I do. "Yea, he didn't have anything to do with it. I did it".

I can't remember of what follows but I was scared out of my mind. Not of police being called or whatever punishment they were going to arrange. The only thing on my mind was how much trouble I would be in when I got home. I got in-school-suspension before for some stupid thing. I was assigned 3 days of it... That was the worst month of my life though at home.

Anyway, so he sends me back to class and says he'll decide my punishment. Later he calls me back in and hands me my sentence "You can not touch a computer for the rest of the semester". Luckily, I didn't have a programming or typing course. I had both the next year.

Somehow, I manage to never have to tell my parents. They didn't find out until I was moved out.

It's hilarious looking back on it, but man was it scary when it was happening.

Unforeseen Consequences

This lead to interesting situations. The IT guy was usually not on premises, so I would literally get called out of classes to fix some teachers' computers. During this time, I had to walk them through what to do, since I couldn't touch the keyboard or mouse. That was annoying, at best.

The most awesome part of this story is that I landed my first programming job literally, without a doubt because of my fame from crashing the network. My first boss had a son who was a grade below me. He was complaining about how he can't find anyone who knows anything about computers in this small town. His son popped off that I do. This conversation took place in the drive through of McDonald's. I happened to be working drive through. So, I say "that'll be ..." and he proceeds to ask "Hey what programming languages do you know". Completely caught off guard I start saying the last language I used. "C++". He gave me his business card and we exchanged numbers. About 2 months later I graduated from high school and began working there gaining vital experience right out of the gate.

I had quite a bit of fun with other stuff in high school as well.

Other "hacks"

CD_Opener

I wrote a program called CD_Opener. It was my first real program to use threading and the Win32 API at the same time. It was a simple and stupid program. It did nothing but open a pop-up window with just an "OK" button. In one thread it would keep your CD drive open no matter what, in the other it told a story through these popup windows you clicked through. There were two versions, titled "ending" and "nonending" The nonending version told the story so that it fell into an infinite recursion along the lines of "and a dialog box opened on my comptuer... and do you know what it said?". There was no way to kill it other than to use task manager. The ending version was more polite and eventually the story did come to an end

After showing my friends this program(and how to run it), it was not uncommon to come in to the library to see 6 computers with their CD drives stuck open and a familiar popup dialog.

Getting around censors

At one point I built a small PHP script to dumbly download whatever files I told it to and give me a link to it hosted by my server. This was only effective though for flash games and other single-file things.

The unfinished senior prank

I found an absolutely brilliant vulnerability in the high school network my senior year. Basically, all the computers used a common "student" account. The student account was of course just a template. When a student logged in, it copied over the template. Changes in this way didn't persist.

However, the huge flaw with this design was that I found I way to put my own files into the template student account. I tested it with a small batch file and logged in with another computer and indeed, it did run on startup. I then proceeded to delete the batch file. I thought long and hard about writing a senior prank program that would run on almost every computer on the school at a certain time of day. Nothing harmful or distasteful, but not something one would forget either.

I ended up writing a stub program, but never finished it and as far as I can remember never exploited this vulnerability. I vaguely remember leaving a text file in some obscure folder, but I probably ended up deleting it after a while.

Many more vulnerabilities lie here, but I won't go into them here. Our IT guy didn't have the best knowledge of basic security.

Conclusion/Disclaimer

If you're under 18 and reading this, Please don't try to break your school's network. There are many more positive ways to get a reputation. My school was easy on me. I have read(as an adult) about similar (trivial) cases of such things where the school involves the police and the kid receives a record that'll stay with him for life.

Posted: 4/18/2013 3:45:49 AM

An analysis of the history of programming paradigms

Hi, so, when did functional programing become such a huge thing that every language implements. What led to it's popularity? And I'm sure some of you may be wondering: now that we have functional programming in mainstream languages, what's next? Well, I'm going to attempt an educated guess at that. But, first, we need a history lesson of the different programming paradigms, and why they came to be implemented in the popular languages that businesses use each day.

As usual, hardly anything in computer science is "new". There was a LOT of experimentation in the 60s and 70s with different programming languages and thus different paradigms. I'd argue to say that everything language related has been tried at least once during that time period even. I'm not going to cover that here though, instead I'm going to cover their introduction to mainstream languages.

Also, one last thing: This is mostly educated guesses. I have no proof to back me up. It's about like answering "why did Pokemon become popular"... No proof exists, but we can make guesses at why.

The First Mainstream Language

First, we have procedural programming. This was especially well marked with the creation and rise of C. The reason I believe this became popular was because you could write code which could translate very closely to assembly language. Resources were scarce, but writing directly in assembly language had begun to be impractical. Now, you may ask, why didn't other paradigms become popular at this point?

I'll list the problems with each paradigm:

Functional programming was there with Lisp and friends. However, garbage collection is practically required and never comes free. With resources being scarce, this was not the best way to go. Also, at this point most people knew assembly language and still were familiar with low level details like punch cards. Putting a huge amount of abstraction on top of that concept meant that it would be quite hard to learn

Stack-oriented programming was there with Forth and friends. This didn't require garbage collection, but was still a huge layer of abstraction on top of the actual instruction set. Despite this, it didn't mean it was slower. My best guess is that this was harder for assembly-skilled programmers to adapt to.

Ok, so it's seen now that procedural programming is the best step forward from assembly coding because assembly basically is procedural programming. C introduced many things though. The biggest thing is it made cross-compiling feasible, and the language was fairly simple which made making new compilers easy. Looking into all this in detail though really makes me wonder why Forth didn't win out against C for the most popular mainstream language.

Object Oriented Programming

Next on the list of big paradigm shifts: object oriented programming. This of course existed long before it went mainstream. The turning point that it really became popular was with the rise of the GUI. Objects are a natural fit with GUI elements. My guess for why it didn't go mainstream sooner is because it made compilers more complicated and have to worry about more than just doing a single pass at code and calling it good. Eventually, compilers caught up though and C++ replaced C for the main programming language spot. This idea of object oriented programming really got kicked into mainstream with the popularity of Java. You can see some more history about object oriented programming at this very helpful Programmers.Stackexchange answer

Garbage Collection

So, what's next? Probably the biggest one is garbage collection. Memory(and good collection algorithms) were finally cheap enough to let programmers forget about managing memory. Of course, this existed long before it went mainstream, but most programmers considered it slow and wasteful(which it arguably was at the time). I think the big reason garbage collection went so mainstream is because we finally reached a tipping point where computing time(and resources) were cheaper than programming time.

Generics

Generics would probably be next: statically typing an object which can take more than a single type. C++ had it first of course. I'm not sure if it became "mainstream" before it hit Java and .Net or not. It arguably has been popular for sometime now. Ada has had generics since it was first designed in the 70s. I believe the primary reason for generics becoming so mainstream is because object oriented programming became mainstream. Doing OOP in a statically-typed way is quite cumbersome without generics. People were beginning to realize that duplicating code and using tons of explicit casts was really a bad practice.

Functional Programming

Next up is everyone's recent favorite: functional programming. I actually saw this trend develop(and was a programmer at the time). Functional programming really seemed to hit mainstream with .Net support, though Javascript has been functional since 1995. Javascript didn't become really used though until at least the early 2000s with the advent of modern browsers and more adherence to standards. (and the beginning of intense hatred for IE 6). So, I wouldn't really consider functional programming to have became mainstream until everyones favorite languages started adding functional aspects. The primary driving reason for functional programming is that suddenly everyone's new PC started coming with dual-core processors. Suddenly, concurrent programming was something everyone was concerned with. Functional programming is a perfect fit for concurrent tasks. Functional programs have no state and naturally are as content working in parallel. This has also seen the popularity of many languages rise as well. Haskell is beginning to be considered "not just a research language". F# is actually used in some production products, Scala appears to be where all of the modern JVM programmers are at. Javascript is now seeing a huge amount of utilization, which naturally requires functional programming to be "proper".

So, what's next? This is only a guess, but I this is what I think the big paradigm of the next decade will be

Next?: Metaprogramming

I'm of course no stranger to this. I use T4 in a lot of my projects. It's a way to take tedious code and turn it into something that just-works, and wouldn't be possible by other means. Another example of this is all of the dependency injection things out there now. That's really just a step away from metaprogramming. Writing programs which write themselves. And of course, reflection with .Net (and Java?) is common place already. However, there aren't many mainstream languages at this point which make metaprogramming particularly easy. However, we're already seeing a rise in this with mainstream languages like Ruby and Python. Where I think metaprogramming really shines though is in statically-typed languages... where there isn't a lot of easy to use support other than some fairly basic APIs. T4 of course is an exception(and my favorite one), but even T4 has definitely not made it to mainstream usage.

So, why isn't metaprogramming already all the rage? I think the big reason is compiler complexity. It can be an enormously difficult thing to implement an interpreter within a compiler. Other than this though, I truly think it's just a matter of time. This is why I do not have a good reason for why it isn't already the rage. All of the problems it use to have such as code bloat and memory issues really don't matter a whole lot now.

Posted: 11/4/2012 6:49:53 AM