Ask HN: Ominous email from PG

36 points by ABrandt ↗ HN
So late last night I was playing around with some scripting that interacted with HN (submitted a story). I'm not a hacker in the technical sense, so I was just playing around to see what I could make. After a few runs, I got an ominous email from pg asking "What are you doing?". Scary stuff.

Has anyone else experienced this? Is this an automated email when abuse is detected or did I really raise some red flags? Its from pg's email address, but the sender is "<censored>". I'm pretty curious about all this since he didn't reply to my reply.

Thanks.

39 comments

[ 1.8 ms ] story [ 77.6 ms ] thread
Yes, it was me. You submitted quite a lot of stories while you were testing whatever you were testing. It was hard not to notice.
Oh, okay. Sorry again. I was testing a script that pulled text from a file on my computer and submitted it to HN in the appropriate fields. I had a feeling it might look suspicious, but it was just too much fun to play with. Lesson learned.
Scripts that are submitting stories seems like a really bad road to be going down (even if you do it with a reduced rate)...
Totally agree. I definitely don't have any malicious intent to use this. It was just fascinating to see if I could.

I'm new to this programming thing so perhaps I get a little carried away when I develop a new found power.

Yes, you got carried away.

If something hasn't been submitted by a human being, it's probably not worth being submitted by a script.

Edit: What's the deal with the downvotes? The OP said he was parsing a file for multiple automated submissions.

This is bad. Even if he's collecting them for later in a batch, one would have to ask himself if the links are all that good. I would assume by pg's responses, he would agree.

I can imagine submitting a link from the shell. What if I blog to posterous in mutt, then want to submit the link. A shell script is still invoked by a human.
Submitting a story with a script doesn't mean it's automated, he could be writing his own client.
Its from pg's email address, but the sender is "<censored>"

Just a guess, but judging by the first part of that address, PG might prefer that the address not be made public.

Good call. I had considered that but it was plainly visible to me so I figured it was nothing to hide. I trust your opinion though and censored the address.
"What are you doing?" is not very ominous. What were you doing, out of curiosity?
Maybe not, but I certainly perceived it to be ominous at 3 am. See my reply to pg. In hindsight it was a bit of a bad idea.
I saw your reply where you said you were running automatic submissions. What was your point in doing that though? Gathering up lots of interesting stories and avoiding having to submit them manually? Trying to auto-submit the ever-popular Atlantic, NY Times, and TechCrunch articles to increase your karma? Spamming HN for profit? Or, just to see if you could? (As you allude to..)
The experiment started when I came across a story about the best time to submit a story to HN. The article concluded that a certain time when I'm usually sleeping is best so I thought, "hmm, that sucks. How can I get around this?". I know submission time ultimately doesn't matter, but I decided to hack something together anyways.

Probably an ethical gray area, but like I said; it ultimately was just a lot of harmless fun. I'm not going to do anything with it. You'll know I'm lying if you see me submit something before 10 PST :)

So what time did the story conclude was the best time? Just curious.
> Maybe not, but I certainly perceived it to be ominous at 3 am,

If you're freaked by getting e-mail at 3am, you shouldn' t be doing things at 3am that might result in e-mail.

It's ok. I did something stupid ages ago (posting a thread more reddit-suited than HN IIRC, which I might not) and got an email from pg politely but firmly asking me never to do it again. Just do as the man asks and don't worry about it.
I got the exact same email from pg a couple of years ago. I had installed the XSS Me addon to Firefox, and inadvertently had it spamming the submission form.
On the other hand, you should definitely continue "playing around to see what I could make". That's how you become a hacker (not to be mistaken with a cracker).
Please tell us about the time you, ABrandt, most successfully hacked some (non-computer) system to your advantage.

note: non-computer

If you're insinuating this is some kind of YC application stunt, I can assure you its not (didn't apply and no plans to).

I do enjoy "hacking" non-computer systems though (a valuable skill they teach in business). I think social hacking can be quite amusing. Once I was pulled over for speeding 20 mph over the limit, with an expired license, and no proof of insurance. I was young. The officer had every reason to arrest me on the spot. When he asked me what the hell I was doing, I answered completely seriously, "Sorry Officer, but I've got extreme diarrhea and need to get out of this car." He took a step back and promptly told me to go home. Pretty simple but my friends couldn't believe I had the cahones to say that.

I think it's in reference to your statement "I'm not a hacker in the technical sense." Which may imply you are a hacker in some other sense, e.g. social, as you have elaborated.
Maybe it's just me, but I would have just responded to the email instead of posting on HN about it.
The OP's second paragraph implies that he did reply and explains his post.
"I'm pretty curious about all this since he didn't reply to my reply."

So he emailed PG back, and didn't get a response. Having attempted that, I would say that posting on HN is exactly the thing to do, at least in this case.

Yep, that was exactly my thought process. Thank you for clarifying.
If you've never had someone contact you to stop (spamming|scraping|crawling|DOSing) their web service, then you're not experimenting enough.

That said, once they ask you to stop, it's the decent ethical thing to simply stop :)

that's great advice in spirit, but terrible advice in reality. At the least, your ISP might ban you, and at the worst, the cops or FBI could show up to ask what you are doing.

http://nmap.org/book/legal-issues.html

There are a lot of thoughts on this subject over on the nmap.org site on messing around with data on someone else's computer, be that a private or public service.

On a related subject. I accidentally mis-configured remote desktop on Ubuntu, I selected the 'configure network to automatically accept connections' which uses uPnP to open a port on your router (poorly named I think).

Someone ran a port scan on my IP and noticed port 5900 was open and decided to connect to it, I had my computer configured to automatically accept connections (because I use the iPhone VNC client as a remote control), I was quite glad I was using my computer at the time and noticed them connecting!

My first reaction was to run NMAP against there IP, I guess thats probably a bad move!

Yup, I did this a couple years ago when working on a javascript-based bookmarklet that would reformat the live hn site to look better on iPhones. One wrong semi colon and it was upvoting every story on the page. pg sent me a 'What are you doing?' type of email, to which I replied and all was well.
Scary stuff? If he was really that scary I'd go as PG for Halloween and watch all the little future entrepreneurs wet their pants when they see me. Either that, or I'd float them a couple bucks each for 6% of their candy.
Although that would be awesome to see, I was exaggerating the level of fear I felt. It'd probably be more accurate to say it was exciting for me honestly. I'm fairly isolated from any startup scene, so I love any bit of interaction I can get.
This is a very wrong way to get attention. Do you realize how important each minute of PG is? It is like throwing a stone at someone's window to get attention. You do get the attention, but at what cost?
ok I apologize :). First time being downvoted. My bad. Please don't down vote anymore. I was not against experimentation. I just thought experimenting was a bad idea if the value of the result was less than the value of the damage. My mis judgement I guess.
To be fair when i realised i had enough scripting knowledge to be dangerous i did try some things like this. My advice is to definitely try stuff like this out, because its an excellent learning experience, but on places you dont care about being banned from, theres a million HN clones out there, go forth.

In order to learn to develop things to withstand such attacks you first need to understand them yourself.

See xkcd: http://xkcd.com/810/

"But what will you do when spammers train their bots to make automated constructive and helpful comments?"

"Mission Fucking Accomplished."

What is really cool about this story is knowing that PG keeps such close tabs on the HN community.