In our server closet there was a mac mini sitting on another rack mounted server and plugged directly into a switch. IT found it, asked around and nobody knew what it was, so they unpugged it. Immediately the whole of engineering and support were basically offline.

Despite the thing looking suspicious as possible, I had set this thing up as an employee a year before. We were not allowed direct network access to our hosted prod network so as a "stop gap" I setup a SSH tunnel that listened on the mini's IP. At first we used this for access to the support web interface so it could be taken off the internet. At the time my request for a server was rejected. One by one more things got added to the list of things proxied over the device, eventually including basically all internal pages, git access, and about a dozen other random services. I finally got it moved into the server room, but not to real hardware. Once we built a DC we got peered access and the mini finally died.

Step 1 was to do the ‘scream test’. Some how the enterprise routed the most random traffic through there as we took offline random servers and people’s desktops. Turns out the screaming that happens is at you for making things break instead of a pat on the back for discovering bad networking.

As the project ramped down they ended up having to buy an iMac off of us. Someone stopped using it and before the case even got cold I had installed a CI build agent on it to run Karma tests. Which ended up being invaluable but also never managed to get replaced with a real piece of hardware. So they just dragged that thing around as the project went into maintenance.

There's Nothing as Permanent as a Temporary Solution™:)

[0] http://thecodelesscode.com/case/234

[1] https://github.com/chrislgarry/Apollo-11/blob/master/Luminar...

"Shadow IT" is the official name for circumstances that lead to this and it's the consequence of:

A) Deprioritising "non-urgent" but "important" tasks consistently

and

B) IT being bureaucratic and/or unable to allocate budget

I had a Mac Pro (trashcan) at Ubisoft that was the only way people were able to play our studios live game from within the office. (Ubisoft had a "NO OUTBOUND CONNECTIONS TO INTERNET" policy for Studios)

That same Mac Pro was running our internal slack bot to run Maintenances (and, insult people).

I left Ubisoft 5 years ago, as far as I know that Mac Pro is still plugged in on my former desk chugging along, last time I asked my former manager about it was last year.

----

At another company (now owned by Oracle), we had an internal IRC (this was before Slack) and nobody thought about it.

One day it went down, and traceroute had indicated it was in our server room; after checking every single server we could not find it, until someone noticed an ethernet cable that went through a run into the floor but didn't come back out.

After opening the suspended floor we noticed a laptop running Solaris. That was our IRCd and the OS had an uptime of close to 8 years.

Universities seem to install unlimited hurdles to achieving anything. The stuff staff and students do within the network to make shit work is amazing.

Client's IT loved to unplug that thing.

> mac mini proxy server

I love that the programmer's solution is more expensive than doing it the right way had OP's request been approved.

But yea, in the early days that mac sat on my desk. It only got moved when I pointed out the issue to our new security team and their jaw hit the floor. =)

Probably still the case in a lot of startups.

But yea.. same deal with wifi. Its amazing how often the wifi password is posted on something visible. In fact I have found the password in so many public images which means somebody on the street could just connect to the wifi network fomr the street.

// AUTOGENERATED DO NOT DELETE

Good points. The problem is, there are over 1000 people coming and going every day, the site has a BYOD strategy and the IT team is 4 people. We tried implementing 802.1X for LAN devices but it was soo much overhead that we dropped that.

The thing of this case is that the person was only able to place the Pi there because he had a key to the network closet. That's game over no matter how many security protocols you implement

We did change the server passwords though

Hard to get the budget for serious switching hardware, even harder to get people who know how to manage them as I'm just an external contractor but can't exceed the alotted budget for my work there

https://www.reddit.com/r/sysadmin/comments/agij7x/remember_t...

Android's Location Services: https://support.google.com/android/answer/3467281#location_a...

iOS's Location Services: https://support.apple.com/en-gb/102515

In fact, Google provides it as a paid API: https://developers.google.com/maps/documentation/geolocation..., but you require BSSID's and not just SSID names to try to curb abuse.

But, like (say) RIPE Atlas, it just isn't very commonly known.

Data in Wigle is collected mostly by wardriving, which (in a nutshell) is just driving around and passively recording the information that WiFi access points are shouting about themselves to whoever is listening.

The data is collected by volunteers, but it is not strictly free. The way that the project is funded is by selling the data to companies who use it for geolocation services.

Regular folks can do some basic searches on the dataset without cost, though, which is what the author has done here.

The curious case of the Raspberry Pi in the network closet (2019) - https://news.ycombinator.com/item?id=29965110 - Jan 2022 (262 comments)

The curious case of the Raspberry Pi in the network closet - https://news.ycombinator.com/item?id=18919129 - Jan 2019 (154 comments)

https://news.ycombinator.com/item?id=29965250

As far as I know there also were no court proceedings as this was handled internally

> ssh [email protected]

Now that's cool haha!

Malicious is implied.

Like were they snooping for something they could whistle-blow, or where they trying to gain access to financial accounts? What was the extent of damage possible by the setup? Are there ways to mitigate such damage now knowing a pi with such loaded software may be in wider distribution and might be installed somewhere on your network?

That's one of the biggest roles of the CISO, and that's why their rank is so high despite often having much fewer direct reports than other CxO's - so they can stop crazy stuff from happening, even if it comes from high-ranking people.

Never found out what came of it, but I wondered then as I do now if someone had just enabled AP mode on their phone.

Especially wild if you consider health insurance is tied to the employment.

3-6 months notice period is standard in EU countries. Unless you are sabotaging or always drunk there are no ways they will fire you quickly.

At Will employment cuts both ways.

Company fires their employee at 8:30AM on the spot: Employee is now without income and likely health insurance and his ability to pay rent, buy food and merely exist might now be in jeopardy.

Employee quits at 8:30AM on the spot: Company is at worst set back a bit until they backfill that job. At best they don't even notice. Unless that employee was some keystone that held the whole business together, there is no existential threat to the company.

Ps: without at will system you can simply stop showing off at work with the same results.

I'm a software developer. I'm hired, retained, and often promoted on my ability to look at situations, contemplate actions, and predict their consequences. If I have a piece of paper in hand that announces my resignation, I've been interviewing for weeks, signing acceptance letters, stalking my boss trying to figure out when in the next 36-72 hours I can get him alone and show him the piece of paper.

If I can manage all of that without my head catching on fire, then if I meant the company harm it would have already been accomplished prior to cornering my boss. I have probably known for days that my time here is up. We don't just wake up one morning to a phone call telling us we have a new job.

For well paying jobs it’s pretty rare unless you do something bad. Obviously if they just did that to random people it would really hurt morale and other workers may want to leave.

But it’s legal. On the other side, with similar exceptions, on any day you can walk into your job and say goodbye forever and never come back.

Except in reality, almost nobody can do that, because they need to eat and pay rent. And if you did, you'd burn a lot of bridges.

Leaving without notice is a good way to alienate a lot of contacts that most people will really want to maintain. But even beyond that from what I understand most places have policies in place to prevent employees coming back if they've left without notice.

Meanwhile, if my employer fires me without notice and I've got a mortgage, mouths to feed, and/or medical bills, then I don't really have the leverage to say "I'm sorry, by firing me without notice, you are ineligible from asking to rehire me."

And I am left thinking, if in the future I see a coworker leave on the day by his own choice. I wouldn’t hold it against him. The company has shown how easily they are willing to let go of a huge number of people. Why should I be mad at any of my coworkers if they decide to leave on the day? The company already set the bar for how this works.

I've quit without notice once in my career. I already had the next job line up though.

There are A TON of people people who would probably love to walk in and quit tomorrow if they had another job lined up or the means to go without one for a short while.

Or there are layoffs.

when I was an intern, a person next to me just didn't come back one work. And wefound a large-font printout of employment contract with corresponding section highlighted by marker.

I still wonder what made him quit, but as an intern I didn't talk to to people much and didn't care about company politics.

It’s not quite like this in New Zealand, but wow would an employer be foolish to have an employee leave under a cloud and not immediately block all access.

It’s borderline impossible to fire someone here, so it’s not US style lockdown, but cutting access seems basic.

But not always; my kid resigned from AWS in November and they asked him to work the two weeks, even having him push to prod on the second to last day.

If I have unlimited vacation - I'll take 4 weeks every month!

https://www.helpside.com/wp-content/uploads/2017/12/Vacation...

I've personally been involved on the employer side of such a situation with an irrational person and it's a pretty scary deal when you're in a small team where each dev has a lot of power.

I think even in Europe it's relatively rare to make someone work their notice period if they've been fired due to the risk of retaliation. They just pay them to not work instead. In certain high-risk professions (sales is a big one) you don't even work your notice period if you resign.

When things go wrong, the benefits of aggressive termination are clear. But when things don't go wrong (vast majority of time), the alternative's benefits are not so clear — employees have more time to hand-off their work, document things that are in their head, better good-will towards the company and its management, etc.

So, because one approach has a clear, measurable benefit (avoid some disasters), and the other approach has un-clear hard-to-measure ones, people sometimes dismiss the hard-to-measure side as unimportant. That's the fallacy.

[1] https://en.wikipedia.org/wiki/McNamara_fallacy

In many, many other countries, letting someone go is a long process that involves a lot of time for both parties to shore things up and be prepared to move on without incident.

"almost as powerful as the Rasberry Pi itself: the nRF52832-MDK. A very powerful wifi, bluetooth and RFID reader."

First of all, the puny little Cortex-M is no where near as powerful as the rPi. Second of all, nRF52 series does not do WiFi, and third of all, RFID will not work without the coil plugged in (which it is not in the picture), and in any case only has a range of an inch at best.

:)

(next step is RV64 hardware with linux, then this RV64 hardware with an ultra-minimal kernel not using gcc/clang compilers).

How would one even handle zooming and paning in such a case ? With forms ?

Yes, with basic and stupid html forms.

Have a look at links web browser.

> Legal has taken over

Which would imply there were probably consequences.