DATELINE: Reddit, WWW/Internet2.

in a post requesting gnu/linux security advice at reddit/ubuntu, a user expresses paranoia about his new operating system installation being infected with a rootkit.

as a person who has and will never use a trojan-style technological exploit written by someone other than himself, i had and continue to have no idea what a so-called rootkit is; in fact, i’m quite sure that there is no such thing — but branding in the pseudo-hacker community is a topic for another day at motd/grapevine — but i can’t help but be drawn to posts such as that linked above: posts in which a novice user of the unix and post-unix operating systems requests instructions on a topic wherein a novice has no business anywhere near said topic, for his own protection.  everyone was 11-years-old at some point, and at some point we all, at one time or another, have posted a question that alerts a community lousy with truly unethical people of the fact that we are inexperienced and vulnerable.

so in response to this user’s garbled request for security advice, i (as motd/grapevine contributor shared alias “miercoledi”) spent a few hours devising a tiny script (to be precise it was actually just three consecutive commands meant to be issued to bash/sh at a terminal) that would successfully address the most severe weakness in this wide-eyed novice’s security playbook:

a moment before crafting this into a dateline piece of gossip for the grapevine, i decided to reply to /r/redrumsir’s expression of solidarity (after having initially decided i should not, i ended up feeling it somewhat rude &or against the spirit of the grapevine to not thank someone for noticing the practice of trickerish martyrdom) and those who know me (yes, all one of them) are correct in guessing that it took me upwards of an hour to land the perfect wording for such a delicate move.

let me clarify exactly what has happened in an ordered list representing this story’s timeline:

1. a user posts to reddit asking for security advice in a way that exposes him as an easy target
2. i craft a response that instructs this user to run code on the terminal that i claim will output “everything he needs to know”
3. the user goes ahead and runs my code, which looks legitimate, but actually does essentially nothing but use a wild-goose-chase of commands to print “do not run commands people tell you to run on reddit if you do not know what they do” to the user’s terminal.
4. the user downvotes (i cannot prove it was the user but can hypothesize) my post, communicating to me that he has run the code.
5. more users downvote my advice, including one who responds that i should have simply stated my meaning rather than using trickery.
6. at least one user disagrees with the downvoting majority.
7. i decide to use this as a case study and craft it as a motd for the grapevine (aannnddd here we are).

so is the public majority as represented on reddit correct? i write this question without knowing or caring to know its answer, of course, but i am interested to hear what you might have to say about it. it is worth noting that, when i designed the trick code, i devised and transcribed for myself a set of criterion to which to adhere when tricking someone by exploiting their ignorance and trust. it included:

• the user will not be insulted or humiliated, neither publicly nor privately
• no harm can possibly come from falling for the trick
• only what is absolutely necessary to fully illustrate the point – no less and no more – will comprise the advice
• the trickster will speak with sincere respect for the user and said user’s stage of development
• assuming a “karmic” hit inevitable, it must be minimized to keep the post visible

and with the sentiment expressed by /r/miercoledi, “it’s worth the karmic hit. every time. no question.” i doubt anyone would disagree. certainly it is a great thing that a man might teach another man, the first man acting not for glory or praise, but simply for to share knowledge effectively. whether or not i actually did this (it could be argued that i did it for fun, or to generate content to impress motd/grapevine, or any other less holy/gay motivation) is a subject of potential debate – wildly boring and tedious debate, obviously – so i’ll draw no conclusions here.

it seems i should ask myself whether i would do this again. and i’ll tell you, with conviction: i have no idea what i might or might not do, and feel passionately about maintaining a subjective experience that surprises, delights, and never bores.  i realize this may be an unsatisfying conclusion. but i promise: next time i find myself on an impromtu date with ethics elephant, i will fight tooth and nail to get her our of her giant panties, and i will whisper every filthy detail about it to y’all through the grapevine the morning after.