I had a potentially embarrassing lesson paid to me this week. I’ll lead the non-technical folk through an analogy before getting to the specifics (if you know what ifconfig is, feel free to skip this part, but I’ll try to make it entertaining enough to warrant a read either way).
You have a term paper to write. It’s okay though - it’s on this one book… but it’s the Brother’s Karamazov (1,000+ page Russian novel that doubles as a brick [literally, and conversationally at times]). You have a few novels by Dostoevsky for reference, but the focus is this one epic tome.
You’ve done the necessary preparation - you’ve read, reread and noted the text; truly made it your own. It’s bloated with neon yellow highlights, thickened with dog ears and tattooed with annotations. You even developed a personal thematically-organized appendix in cryptographic scrawl. Every page is now partially yours. You are all set to go. The time to put your preparations to paper are nearly here.
But you deserve a break.
You give yourself one last eve of freedom, out with good friends for food and drink. Hours melt off the clock, you end up warming your body next to a loved one and the next morning you’re headed home with a clearer mind, ready to focus on the task at hand.
What the hell is that? A stack is before you. You don’t say it, but your twisted expression of dread is clear enough. Your roommate calmly explains things got rowdy in the apartment and he’s sorry, man, but your stack of books - that really shouldn’t have been on the coffee table on a Saturday night if they were that important - had been utilized as impromptu towels during a Party Foul. But before you got mad, said with a smirk of pride since he thought this up himself, you should know he threw out those wrinkly distended texts and bought you brand new copies of the exact same books. He even did you a favor - he got newer, more updated versions that preach the latest in Russian-to-English translational techniques that maintain the essence of contemporary colloquialisms. So no hard feelings, right?
Now, to translate.
A portion of my new job is to perform some quality assurance (QA) testing. That process is complex in practice but simple in theory.
Theory: You have a physical test configuration assigned to you. You head to the development portal to find the latest build (computer lingo for most up-to-date code). You use one of many options to transport said code to your system. Then all you have to do is run a local script with a ‘./’ and *kazaam* - upgrade complete. Run through the test steps, document and then you’re done.
I do this once to twice a week as new builds come out to confirm new features don’t break (i.e. make inoperable) tangential functionality.
So here’s what happened:
I ran the above steps on a system. About five minutes later, I had a high priority email in my Outlook inbox (for those also in corporate america, you know those red exclamation points mean business). This person, we’ll call Sally for anonymity’s sake, wants to know if I just reimaged system 511. Why yes, indeed I did - it is assigned to me and I need to check the later code. The CCed list strikes fear into my heart as I recognize names from the org chart. Managers. They’re definitely managers.
Next comes a screenshot - it says it all. The assignment tool we use shows that 511 is Sally’s after all… and I was assigned 551. Here is the oh shit moment. I could have invalidated days, even weeks of testing because of a single freaking digit. I send apologies and offers to rerun any tests I broke, but my fears are quickly quashed — that system was idle and they have a script that will set it up for the next round of tests. Crisis avoided. My resume can stay on the shelf.
But… okay, here’s what I don’t get. How the hell did Sally know it was me?
For those just as curious, follow along…
So I was still logged into this Linux-based system via CLI (command line interface). She was connected as well. So, she ran last and found basically the name of my computer. I understood that part. I even knew enough to run nslookup on my username and found you can trace it to my IP address. But still, there isn’t an easy way that I know of to get from there to my email address… I must be missing something.
So I asked.
Since I knew I hadn’t ruined anything major, I was ballsy enough to wonder how I was traced. Sally told me this - “I remembered a trick that if you use RDC (Remote Desktop Client) you can see who is currently logged in.” Sure enough, my buddies and I tested it and found you can in fact see my domain\username through that process. Then you are a simple LDAP look up using Outlook to see who I am.
That’s some sneaky sneaky business right there.
The whole experience left me with two lessons:
1) Double check you own the system before you pull the trigger on a reimage
2) I have to learn more about IP networking so I’m not struck by the fear of god when someone can stalk me so easily on the web
And I started by setting up a new secure router running DD-WRT and am reading up on Linux tricks. Check my last post if you’re interested in doing the same.