Friday, July 18 2003

Unrepentant sinner

Undergrads love free Internet porn. This is not news. Undergrads will go to great lengths to hide their porn collections from the sysadmins. This also is not news. Sometimes they outsmart themselves. This is just plain fun.

About fifteen years ago, I started working in a university Computer Science department that had many dozens of Sun workstations set up for instructional use. Contrary to the opinions of the more motivated proto-hackers and a certain rabid weasel affiliated with the EFF (who I’m told has calmed down a bit over the years), we weren’t a pack of brutal fascists ruthlessly suppressing free expression. Our facility was funded specifically for CS instruction, and anything that actively interfered with student classwork (including faculty research!) had to go. Sometimes that included free expression, but really, that was just a bonus.

It might sound crazy today, when a 30 gigabyte disk is often the smallest thing you can find in the stores, but students had disk quotas in the megabytes (as low as one (1) megabyte), and when the disks filled up, we had to start deleting files.

Downloaded porn was the first thing to go. Unofficially, we didn’t care what you had in your home directory, but a full file system affected other students, and the fastest way to solve the immediate problem was to find the half-dozen biggest porn collections and nuke them.

[I should note at this point that we used soft disk quotas, which merely warned you when you exceeded them rather than actively stopping you; we understood that 1 or 2 meg was ridiculous for anyone interested in learning more about computers than what was taught in their COBOL class, but it was enough for our funded purpose, and we needed a baseline number to effectively allocate our very limited resources.]

Several high-profile incidents eventually led us to add some additional unofficial rules about student porn collections: don’t view them in a crowded lab where you can be caught at it, and don’t make them readable by all other students. The one about not flashing the pictures up on someone else’s screen to harass or offend them was an official rule.

A few weeks into each quarter, a dozen or so new students inevitably found the Zurich anonymous FTP archives at MIT and downloaded the whole collection. The stuff was pretty primitive in those days, with a lot of badly-scanned black-and-white images from old magazines, but there was a fair amount of kink, and on more than one occasion I was glad that the dithering of my monochrome monitor kept me from being able to make out certain details of the images.

Yes, I looked at the stuff. Most of the time it was easy to guess the contents of wettits3.gif, but the First Level of porn-hiding was renaming the files, and since I really didn’t want to delete anything I didn’t have to, I would at least skim through the more cleverly-named collections, trying to give them the benefit of the doubt. Of course, by the third time I found someone who had renamed all of his porn to look like a Spice3 distribution, I didn’t even bother looking at the pictures. Laugh, nuke, move on.

The Second Level of porn-hiding was to make “hidden” directories. A little knowledge is dangerous, and far too many of the undergrads really thought that they could make use of various Unix features to hide files from the sysadmins. Some were dim enough to put it all in a directory named .porn, but the brighter ones tried names like “.. ” (there’s a space at the end of that one) and .profile.

Unfortunately for them, these tricks didn’t even slow me down, because my tools didn’t care what they named their files and directories. With no effort at all, I could find out exactly where they’d hidden their files (du), and what kind of data was in each one (file). The quota system had already told me they had 60 megabytes of stuff somewhere on the disk; it was based strictly on block ownership, and didn’t even bother looking at the directory structure.

The Third Level was hiding your porn in someone else’s home directory, hopefully on another file system. This allowed them to create slightly larger collections before they filled up a disk, but once that happened, the results were the same.

One undergrad in particular just couldn’t accept the limits we placed on his hobby. Every week or two his disk would fill up, and I would start cleaning up his directory. It got to be annoying enough that I built a Perl script that automatically checked every large file for the magic cookies that signified an image, and let it just delete his files in wholesale lots.

This led to an attempt to subvert my tools by embedding things into the file names in the hope that they’d be interpreted incorrectly. This was a well-known vulnerability in shell pipelines, but unfortunately for him I was using Perl, which cheerfully ignored this trick.

He was the only student ever to reach Level Four. As I mentioned, we had a whole bunch of Sun workstations, and each one had its own disk space, including the /tmp and /usr/tmp directories that could be used by any user for temporary scratch space.

/tmp was out, since it was cleaned out every time the workstation rebooted, but he realized that /usr/tmp survived a reboot, and a quick check revealed that there was plenty of space available on each workstation to hide part of his collection. Even better, those disks were completely separate from the normal user file systems, so we probably wouldn’t go looking for porn there. He used the .whatever trick to hide the directories from casual observers, and set up a script to automatically distribute his collection around our network.

It worked, too. I think he’d gotten away with it for about a month before he made a mistake that got our attention. What he hadn’t realized was that all of the machines he was hiding his files on were diskless workstations, and those apparently-separate /usr/tmp directories were actually located across the network on one of our file servers, and they shared that space.

Worse, they not only shared that space with each other, they shared it with the server, and the server used it for things like sending email and spooling print jobs.

So, the day came when he decided to automatically unpack all of the porn being sent across Usenet and distribute it into his hidden collection. Unfortunately, this was also the day that major assignments were due in several classes, and without warning, every printer in our labs stopped working.

The chairman of the department was not amused.