Hacker News new | past | comments | ask | show | jobs | submit login
Please Stop Attacking MIT's Network (achernya.com)
365 points by sweettea on Jan 15, 2013 | hide | past | favorite | 207 comments



As I'd mentioned on an earlier submission about W3C's site being inaccessible:

A cool thing about Aaron's activism was that it involved building things, circumventing censorship, and spreading information, rather than sabotage and denial-of-service.


Its not black and white. Sure Aaron built things but he also threatened to destroy JSTOR's business model. Likewise a DDoS may seem destructive but if it causes MIT to have better Ethics and Leadership as a result then its well worth the discomfort. If theres a bug in your system you sometimes have to replace some lines of code to make it better, this isn't destruction its just change.


If the effect of a 'protest' is to prevent people from accessing online information that they'd like to access, it goes against Aaron's anti-censorship views.

Every bully wants to 'discomfort' their opponents into changing. Those who use DDoS are more like the federal prosecutors -- making 'destructive' threats, expecting change through punishment -- than Aaron.


And how did that work out for him by the way? I head they've dropped their lawsuit?

Also, if DDoS is "destructive" then copying a file is stealing.


How did it work out for him? For Aaron's causes, his constructive rather than destructive approach worked fairly well, creating change and earning wide awareness and respect.

I wish he'd stuck it out; had there been a trial (and possibly sentencing), the public would have learned many of the same lessons about overzealous prosecution, the JSTOR project, the CFAA, the obsolescence of copyright, and importance of open access. Plus, he'd still be with us.

I also believe Aaron's causes with regard to copyright and censorship will succeed in coming decades, easily within his natural lifespan, and he would have helped them succeed faster, so I'm sad he'll miss it.

DDoS is destructive (unlike any amount of copying) because it disables access and functionality and effectively censors content by blocking individual learning and communication. It causes more resources to be be wasted on paranoia and layers-of-defense. It causes a hardening of positions and growth of suspicion. It is much easier to portray Aaron's supporters as 'vandals' if they help by actually committing vandalism. (I'd guess that as an 'applied sociologist', Aaron understood this well.)

That these DoS effects are often temporary is no defense: it's destroying people's freedom-to-communicate for a time... and the early death of a young person should remind you that ultimately all we have is time.


I regretfully disagree with you, in regards to the case playing out actually being helpful to the cause. The public, by and large, doesn't give a damn about this kind of thing.

His suicide, tragically, appears to have helped the cause - the media loves the wild speculation and gossip that it brought about. So while his end goal may now stand a chance of coming to fruition, he won't be around to witness it.

The number of things that went wrong in order to generate this outcome is just astonishing. While I knew nothing of Aaron or his cause prior to this happening (see? media effects sigh), I at least hope the public outcry brings about what appears to be some much-needed change.


I fear that this martyrization of him sends a weird message. His struggle wasn't very appreciated before his death and first now it "seems that people listen to him".


That's an interesting reflection. Time will tell.


Yes, of course death brings more attention and a wider audience. If it bleeds, it leads, on the net as well as TV.

But within the tech community that is already familiar with open access, copyright reform, and anti-SOPA efforts, a trial, ending in either acquittal or conviction, would have focused a lot of attention. The same defenses of Aaron's actions, and attacks on prosecutorial overreach, would have been aired. And any sentence beyond community service or perhaps a few weeks' jail time would have triggered enduring protests and similar petitions for pardon/redress.


> Also, if DDoS is "destructive" then copying a file is stealing.

How does that follow?


"destruction" and "stealing" are both words with a physical connotation, that is misleading when used in a computational/digital context.


I'd argue "destroy" means simply "cause to no longer be". "Stealing" means simply "Remove <x> from someone else's possession and put into your own".

The reason we don't refer to copying as stealing is not because it's "not physical" but more because only the second part of the definition holds.


A DDOS is a trespass to chattels. It denies others the use of a resource they own or have a right to use.

I would rather see anonymous discover who at MIT is responsible for this matter and dox them than deny students access to their network. Doxing is like a sniper attack. DDoSing is like dropping napalm on villages.


Haven't there been lots of problems with doxxing the wrong people?

I don't think anyone will know, actually, who is responsible without the investigation that MIT is already doing. We can speculate, but we'll probably get it wrong.


Well, unlike most defendants he chose not to find out how well it would work out, so we'll never know.


> Sure Aaron built things but he also threatened to destroy JSTOR's business model.

Yeah.. but not really. The non-public domain documents would still be copyrighted so nobody without a license to them would be creating a JSTOR competitor anytime soon.

Furthermore, torrent of PDFs would never replace a subscription to JSTOR for any university. Universities that currently subscribe to JSTOR would still be subscribing to JSTOR, the only difference is that unaffiliated individuals would have other options. How much of JSTOR's operating budget is coming from selling individual articles to people not in universities?


http://www.generalist.org.uk/blog/2011/jstor-where-does-your...

"The figure of $145k for individual articles is definitely interesting – only 0.35% of JSTOR’s revenue came from pay-per-view cases? This is vastly lower than I expected; quite possibly the prices are so high (and JSTOR access so common, academically) that very few people are willing to pay and unable to circumvent it via a friend. The estimate quoted is $19/article as an average – so perhaps only seven and a half thousand articles over the year?"


>Sure Aaron built things but he also threatened to destroy JSTOR's business model.

Well, destroying someone's business model isn't, of itself evil. A business model doesn't have a right to exist for its own sake. For example, I'd love to see someone destroy the business model of patent trolls.

Not saying that JSTOR has an immoral or unnecessary business model. I don't know actually, but I'm just reacting to the idea that sometimes comes up that if there is a business model for something no one has a right to destroy it.


Great point. Historically the business model of JSTOR, and indeed all academic journals, was to to add value by printing, publishing and distributing academic papers. This was an essential function until recently, but we don't need them any more. They've become sadly quite parasitic and anachronistic. By destroying business models we progress.


Yep. They belong in the same group as the MAFIAA and are not needed anymore.


But it won't. I certainly hope MIT makes serious changes in its leadership and ethics (if it turns out, after all, that MIT was in some way responsible -- that's still very unclear), but that's not because anyone's DDoSing MIT, it's because I can see the story.

If there's a bug in your system, fix the bug. Don't delete a file in another directory and call it change.


if it turns out, after all, that MIT was in some way responsible -- that's still very unclear

In the Boston Globe, Aaron's lawyer says that a suggested plea deal with probation and no actual jail sentence was rejected by MIT, and that played a part in the prosecutor pushing for harsher judgement. If there is any truth in that, then there is evidence that MIT did indeed play enough of a role to have some of the responsibility here.

We won't have a full picture of what their role might have been until Abelson's report comes out. Which likely will take a good deal of time.


So MIT should have had reasonable cause to believe that there was a risk of suicide should they decide to prosecute a case? And that makes them responsible? Is that a road we want to go down?


You seem to be reading something into what I said that I did not say.

It is my belief that MIT as an institution should have a policy on the appropriate severity of response to actions such as Aaron's. They need to for the simple reason that they have made a conscious decision to choose to make themselves a natural lightning rod for this type of incident. Therefore they help set the bar for what an appropriate reaction should be.

My further belief is that if this policy is set in accord with the bulk of opinion of MIT students and alums, then we'd have had a different result in this case.

This does not mean that they should be held to be at legal fault for the suicide. However if you have even a passing familiarity with root cause analysis you'll know the value of habitually fixing systemic issues you identify which are several layers removed from the ultimate failure.

I am cautiously optimistic that Abelson's report will address this issue.


Of course not, MIT administration's alleged behavior was terrible even in absence of Swartz's suicide.


No the issue is that they decided to prosecute the case.


Correction. MIT did not prosecute the case.

They brought in the feds. There is evidence that they asked the prosecutor to go hard on Aaron. But the prosecutor is not directly affiliated with MIT.


Do you have a link to the evidence? My current understanding is that MIT didn't want Aaron to avoid jail. Is that correct ?


The evidence is comments by Aaron's lawyer as quoted in the Boston Globe.

See http://www.bostonglobe.com/metro/2013/01/15/humanity-deficit... for the article.


The "evidence" is bullshit. Look at exactly what is said.

AS, for all of whatever it was good that he brought the world, was mentally ill. For whatever reason, he did not receive the help that is freely available in our society. (There was a lot more available before Reagan cut it to shreds, so he could pass on big bucks to his rich cronies, but I digress...)

THAT is the true tragedy here. Depression is a totally, totally fucked up brain function anomaly. People who have not experienced it are simply clueless and should STFU. The REST of you: get help. Get Help - Now!


IANAL, but there were two parties that could escalate this to federal court, JSTOR and MIT. JSTOR didn't, so it is probably MIT. Suicide aside, there seems to be a gross injustice in this case (35, hell even 5 years for a crime that had little to no impact on either JSTOR or MIT, seems ludicorous).


Yes, if that turns out to be accurate I will be very angry with MIT. While I would like to trust the defense lawyers (including Lessig, who I look up to a lot) on this, they are admittedly not the most unbiased parties, and out of a desire for fairness I'm withholding judgment until more facts come out.

I am absolutely looking forward to Abelson's report.


True but Aaron's activism resulted in him being bullied until he took his own life. It's a difficult topic.

If you assume that ddos from a collective is similar to blocking a road by a collective during a strike or manifestation then I must say that some people won't be able to get to work that day and in general nobody would get hurt.

This sort of pacific interruption raises awareness, which by itself is very important for a functioning democracy.


This "pacific interruption", as you delicately describe it, hurts innocent teachers and students who had nothing to do with the alleged bullying of Swartz, who was already suicidal prior to his prosecution.

Regardless of what one may think of computer laws, there is no proven link between his suicide and the criminal charges he faced, and any claims to the contrary have so far been entirely speculative and coming from people who never met the guy--one can't help but wonder if they had even heard of him before last week.

In addition, many of Swartz's accomplishments have been exaggerated specifically to fuel a frenzied mob. E.g., "co-creator of Reddit" which contradicts the public statements of other Reddit founders, and "creator of RSS" when he was one member of a group that took over Netscape's technology.

Of course, my saying this will be used as a reason to attack me for discounting contributions that he actually made, which isn't the case. I am simply pointing out that the knee-jerk righteous indignation and mad desire to blame is getting out of hand. It's becoming an angry mob, directing its violence at convenient targets to feed a primal hunger for revenge.


He was depressed, and because of the case he was considered by his lawyer at suicide risk but I'm not aware of any reported attempt of suicide by Aaron.

Again, if some people can't go to work because of a strike, even if it seemingly hurting teachers, student or general population it is in fact benefiting them and the right price for democracy. Democracy can only be with awareness and without it is just a different kind of manipulated monarchy.

And the rest of your 'additions' seems very ugly. He was part of a joint-venture or similar between companies where they all called each other cofunder, not co creator. And check at what age he did work on RSS, if that's not an accomplishment I don't know what is. Not an angry mob, nobody is being physically hurt, just slightly interrupted from what they were doing just as it happens when there's a strike or a big manifestation.


"no proven link between his suicide and the criminal charges he faced, and any claims to the contrary have so far been entirely speculative and coming from people who never met the guy"

Please stop spreading lies and disinformation.

'killed by the government,' father tells mourners [1]

'depressed about his case/upcoming trial, but we had no idea what he was going through was this painful.' from his mother [2]

[1] http://www.latimes.com/news/nation/nationnow/la-na-nn-aaron-...

[2] http://news.ycombinator.com/item?id=5047398


Your links have absolutely no proof in them. A grieving Father's statement on who he blames for his sons death is not proof.


"..coming from people who never met the guy"

They clearly show that the statement from vor_ which I quoted is incorrect.


There are all sorts of unanswered questions but whether or not it affected his mental state is not among them. I'm angry about an unjust prosecution that should never have had the opportunity to cause this damage. I can't know if things would have ended differently but that's not a question we should have to ask.

Unfortunately this is part of deeper systemic problems and bringing up his accomplishments is rather irrelevant and distasteful. If exaggerating his accomplishments helps to spread the story, I have absolutely no problem with that because it has nothing to do with the real issues.


I've been trying to stay out of this, but I gotta agree with you hear. For all we know, Aaron got dumped by his girlfriend last week or something.

People are just using his suicide to turn him into a martyr for a cause they believe in, and its disturbing.


> For all we know, Aaron got dumped by his girlfriend last week or something.

You mean Taren Stinebrickner-Kauffman? She was the one who found his body.

Any other speculations you'd like to share?


But why protest student blogs and class websites? Why not target the prosecutor's office?

Blockading a key port that is shipping war supplies or preforming a DDOS attack against government websites can be legitimate form of protest, but those actions are very hard to plan and pull off.

This attack (if it is an attack) just seems like someone is going after the low-hanging fruit of MIT's network.


Perhaps easier targets. Perhaps because the people behind the ddos want actual students and teachers of the MIT to revolt against those that decided to continue the case against Aaron. Who said nobody is attacking the persecutor's office and why is it either and not both ?


This is a common argument against activism and it's a classic logical fallacy.

You're doing X, but Y would be more effective, therefore X is pointless.

In reality what happens is that someone does X and someone else does Y, and it's not uncommon for the same group to do both.

Fwiw, I don't have any view on whether this attack (if it is one) is justified. I haven't read enough on what MIT have/haven't done so I can't comment.


The post you're replying to doesn't say anything about being pointless, but besides that, surely it's not a logical fallacy to point out that one action is more effective than another.


meh, he didn't say pointless but seems like he meant it by saying " low hanging fruit"


The converse fallacy would be that "anything X that is easy for me to do is therefore an effective form of activism."


"True but Aaron's activism resulted in him being bullied until he took his own life."

You state that like it is the only reason he did it. It contributed, yes, but it wasn't the sole cause.


Yeah, well, people who aren't Aaron are kind of mad at MIT right now.

That said, MIT has some smart people, surely they can put their noggins together to figure out a way to stem the attack. Maybe once and for all, and for the good of the internet, they can contribute this tool for unilaterally turning off DDOSes to the public.


Distributed denial of service attacks are very difficult to deal with (I have dealt with—read: suffered through—several each year for the past ten years on and off.) Often there is little to nothing you can do within your network to improve the situation.

It's an issue of raw volume, once the attacker(s) exceed your capacity you're saturated and dead in the water. At this point, the techniques that will help must be applied at a point where the pipe has greater capacity than the attack, and depend on the exact nature of the attack and so vary in effectiveness.

That isn't to say the situation couldn't be improved, but I think widespread infrastructural changes would be needed and isn't the kind of thing MIT folks could just work out and apply to their current situation.


I know the mechanics of DDOS. I was around when some of the first distributed attacks were being directed at best.com (et al: http://www.pentics.net/), my ISP at the time.

I was using understatement to mock both MIT's reputation for innovation and intelligence and their role in the events that appear to have spurred the attack, so maybe they could put their vaunted brainpower to work solving that problem instead of killing downloaders, so to speak.


Oh sorry. The way you spoke of MIT was probably meant to be the tell but I hope you don't blame me for missing it.

(I do know some disturbingly brilliant people from MIT... I also have had occasion to meet some people who are disturbingly not brilliant, but no worries, they had ample levels of the Dunning-Kruger effect to make up for it.)


DDoSes are far, far easier to carry out. The low barrier to entry means that far more people can engage in that kind of "activism" than would be able even to write the python script Aaron used to download the JSTOR articles.


And look how well that worked out.


To me this feels a bit like a lunch counter cook complaining all these black people showing up in his restaurant are causing him extra work.

The whole point of a protest is to put pressure on the system your trying to change. Start a walkout/go on strike if you dont want to deal with the problems the organization you're working for caused.

The school only gets power from its students. Without the students there is no school. You have more power then you think. Take a stand, make a difference.


Except the black protesters of Greensboro went and tried to order food so they could eat it and pay for it as they correctly claimed they were at liberty to do. They did not turn off the lights of the restaurant and block the door to the kitchen to deny the other patrons from being able to eat.


>To me this feels a bit like a lunch counter cook complaining all these black people showing up in his restaurant are causing him extra work.

Are black people notorious for eating or something? That kind of came out of left field, there.


Yeah I was comparing a DDoS to lunch counter Sit-ins of the 60s. During the civil rights movement blacks and other protestors would overwhelm a restaurant taking up all the space at the counter until the owners agreed to meet their demands. It's a proven non-violent protest that works and is very similar to what DDoS does, except instead of human bodies filling up a restaurant you're using http requests to fill up a server. Sorry for the lack of context in the original post.


The significant difference is that when the owner gets unhappy about it, it is trivial to figure out who to talk to to get the problem fixed.

The same is not true of DDoS attacks.


Thats a good point. But It all depends if you block your IP address or not. If it was a legal form a protest that people didn't have to worry about going to jail for you could easily make your information known. Problem is the government doesn't understand technology and will label you a hacker instead of non-violent protestor.


> The same is not true of DDoS attacks.

It should be pretty clear in this case, though.


He's analogizing DDoS attacks to the lunch counter sit ins that were used as a means of nonviolent protest during the civil right movement. https://en.wikipedia.org/wiki/Greensboro_sit-ins


I think it is referring to the sit-ins that occurred in the 60s.

http://en.wikipedia.org/wiki/Sit-ins#Civil_Rights_Movement



You might be well in the running for stupidest thing ever said on HN.



Yeah, that twitter is stupider than anything I've seen on HN.


I'm not sure what you mean by this. All the tweets from that twitter account come from comments made by HN users.


I realize that. I'm just struggling to find one that seems unreasonable even out of context. It reads like as a list of valid opinions the curator disagrees with, which comes across as more than a little bit pissy.


Really?

'Affiliation with MIT right now, even as a student, looks to me like affiliation with the Nazi youth.'

Not unreasonable?


Well, okay, that one has pretty bad grammar. But no, that seems like a sensible analogy to describe a way a person feels right now.


It may sensibly describe how someone feels, but how that person feels may not be sensible....


Why? This is far from stupid.


The other great protest is that any HS senior (or grad student applicant) who has an offer from MIT and from another comparable school (Stanford, CMU, etc.), tell MIT no, and tell them why you're saying no.

I suspect if 5-10 people who got MIT "yes" did this, MIT admissions and the MIT President would go batshit.

(You can do this even if you were on the fence about MIT, or even if you intended to go somewhere else anyway.)

Anon should promote this plan to HS seniors on the admissions boards and other forums likely to be frequented by top school applying seniors.


Given how many applicants MIT gets I do not think that 5-10 people would be enough to seriously upset them. Don't forget they can just get a couple more students with perfect SATs if they want. Furthermore, like the author said, it wasn't MIT as a community that went after Aaron, it was the administration.


5-10 who write means hundreds more who feel the same but didn't write


Unless you were planning to not attend MIT in the first place, I would absolutely not recommend this. Its not worth compromising your future to send a message.


My guess is someone wants to "send a message" to MIT and so they're attacking the most vulnerable, most exploitable part of MIT's infrastructure: a non-critical system run by student volunteers. I doubt it's anything personal against Alex or other MIT students.

Imagine if a thousand members of Anonymous staged a non-violent protest at MIT, marching across campus. This would inconvenience some students, possibly even prevent them from attending class. Should this protest be condemned as an unconscionable attack on students? Of course not. It's a perfectly acceptable form of civil disobedience. Why shouldn't this extend to online protests via DDoS?


Why is it perfectly acceptable to inconvenience people from their studies? Man, this kind of attitude makes me want to encourage harsher penalties on people who pull this bullshit. You do your movement no favours when you inconvenience the same people you want on your side.


I'm not a member of any movement, Anonymous or otherwise. The point I was trying to raise: civil disobedience is disruptive by nature and will inconvenience and annoy - but it is far from immoral. Why should a DDoS be considered any differently? The methods of physical and virtual protest are different but their ends are the same.


But methods matter, unless you want to argue that the ends justify the means. Which would be a bit of a stretch in this case, by the way, since the most likely ends range somewhere between nothing and causing a bunch of problems for people who have had nothing to do with this whole story.


You must not live in the US, as we have freedom of assembly here


There seems to be a common misunderstanding of what protest rights you have in the US. The first amendment does not give you the right to protest anything, at any point, in any manner that you want. In fact, the government has a duty to protect my rights if your protest in infringing on them. The Occupy movement is another group that completely failed to understand that fact. You are legally allowed to protest, but preventing someone from going to work or class is a quick way to get your protest shutdown. I don't think it is unreasonable to extend that same logic to DDoS attacks.


Civil disobedience is illegal by definition. DDoS attacks are illegal. Marching down the middle of the street is illegal. But are these acts immoral?


If they seriously infringe on the rights of other individuals, then yes I think they are immoral. Putting your own political motivations (no matter how righteous) above the rights of others is a selfish act.


The easy answer if you want to march down the street is you tell city hall and get a parade permit. Did anybody tell MIT and apply for a packet storm permit?


Marching down the middle of the street is not illegal. Indeed, many fundamental cases of constitutional law note that the street is a "per se" public forum, i.e., the most public a forum can be, and is thus subject to the highest protections for speech.

Marching down a street and merely disrupting traffic is thus quite legal, however, if your marching causes dangerous disruptions to traffic (i.e., accidents), then it is not.


Just don't expect sympathy from anyone you've inconvenienced when that right is infringed upon.


You can't assemble if it infringes on any one elses right to get to a public destination.


[deleted]


You must not have read the part about Aaron not actually being an MIT student at all - hence the trespass charges.


The trespassing charges were dropped. He was indicted for wire fraud, computer fraud, unlawfully obtaining information from a protected computer and recklessly damaging a protected computer.


None of which makes my point untrue. That he was not a student there. He may not have been charged with trespass, but MIT was not his alma mater, and thus owed him nothing in that regard.


> My guess is someone wants to "send a message" to MIT and so they're attacking the most vulnerable, most exploitable part of MIT's infrastructure: a non-critical system run by student volunteers. I doubt it's anything personal against Alex or other MIT students.

But they're not sending a message to MIT, because the systems they are attacking don't matter to the faculty or administration. They're just creating a mess for the student volunteers.


Administration and faculty should care about students and they should listen to their students. If a service outage occurs and effects thousands of students I have no doubt faculty is going to be made aware of it - regardless of who is responsible for maintaining the service.

Maybe we are giving the attackers too much credit. They may not be sophisticated enough to understand the relationship between the system they're attacking and the rest of MIT's infrastructure. More likely this was low-hanging fruit, an easy to attack, ergo it was attacked.


Who should blame the administration instead of the DDOS'ers.


And suppose they do. What then? MIT has already said an investigation will be conducted. Is the DDoS going to continue until it's finished? How does that help anyone? Or should the students demand heads immediately, without waiting for the full facts? How does that help?


I do not condone the attacks that may be occurring. However, if you are trying to get someone's attention- it makes more sense to get the attention of the students rather than the administration. Today's MIT students are tomorrow's death-ray designers, robot-maintainers, and policy makers. They are tomorrow's administration- and they may not have made up their minds yet about ethical issues of intellectual property or the nature of doing and sharing science. It doesnt make sense to target the administration of today. They have already made up their minds.


As a first guess, MIT students are very unlikely to react to someone causing them trouble by become more sympathetic with the people causing them trouble.

Especially if the message of the attackers is "people who break into the network shouldn't have the cops called on them." (Although we should wait for Hal Abelson's report to find out what happened behind the scenes.)


As a first guess, MIT students are very unlikely to react to someone causing them trouble by become more sympathetic with the people causing them trouble.

That was my general reaction to protests on campus when I was a student there. I often saw the same general pattern I see here: protests would be highly visible and inconvenient to the people who couldn't do anything to address the issue, and would have no impact at all on the people who could.


I think "very unlikely" might be an understatement.


How do you know that MIT students aren't the ones leading the charge? I wouldn't be surprised to learn it.


I couldn't disagree more. These are MIT graduates, highly intelligent people, not some slack jaw locals.

They are fully capable to look at the issues and take moral responsibility for the University they are part of.

How can an intelligent person support a organisation by being part in it, then take no responsibility for what it does.

Yes I know the commoners do this all the time for their entire lives, but being better educated (However you do it) is about moving on from this simplistic me me me mentality and looking at the total issue.


How can an intelligent person support a organisation by being part in it, then take no responsibility for what it does.

Being a student at MIT (or an alum) does not automatically imply support for everything MIT does. That said, I expect many MIT students and alumni to be paying very close attention (as I am) to the investigation that Prof. Abelson is conducting, and what follows from it. And I expect that MIT's administration knows that. But I seriously doubt that this DDoS attack will make any students pay attention who weren't paying attention already.


I really hope "better educated" and "looking at the total issue" isn't code for "agrees with me."


No, it's meant as a 'don't drink the coolaid' and think just because you are part of something you are A. Right B. Don't have to accept any responsibility for the organisation you are part of.

If MIT did something wrong and you go to MIT you are responsible for being part of that organisation. No one is forced to go to MIT.

Take responsibility for who you support, be it a university, club or a job.

If you think MIT did nothing wrong, then say they did nothing wrong. Don't say I'm a member of MIT but nothing bad(= short internet issues) should happen to me cause I'm just one of the many in this organisation.


If you're trying to simply "get the attention" of the student body, congratulations you have it.

If you're trying to get the student body on your side, you're doing the exact opposite. If I pay $X/year to attend an institution, and someone wants to fuck with my ability to learn to further their own political goals (no matter how noble) you're not winning me over.


Let me get this straight- "no matter how noble" a political goal is- to you, that message being spread to others is less important than uninterrupted access to download your class syllabus or read your friends' blogs?

If your parents or government have not already paid for your tuition I urge you to think of something else to do with that money.


This is true if by "get the attention of" you mean "shoot yourself in the foot".

People who are sympathetic to political action tend to become significantly less sympathetic when they are personally inconvenienced by said political action. And their ire tends to be directed at whoever they see as being most directly responsible for their inconvenience.

I am someone who broadly agrees with Aaron's goals. I agree with the principle of the protests. And it is for exactly THAT reason that I am squarely against this DDoS attack.


Just because that's true for you doesn't mean it is for everyone. If an institution I'm associated with or deal with regularly is doing/has done something unethical, I have no problem with people inconveniencing me to raise awareness of that. I would rather support justice rather than convenience.

It's not like MIT has apologized for this, either.


If you already support the protest, then you're likely to be more forgiving of being inconvenienced by it. But if you don't, what happens then?

As for MIT's response, see http://web.mit.edu/newsoffice/2013/letter-on-death-of-aaron-... for something that suggests that something much more useful than a formal apology is coming. If you're inclined to be cynical about the inquiry that we've been promised, I highly recommend researching Abelson first.

Of course this is too little, too late for Aaron Swartz. But I couldn't have asked for an MIT president who presumably does not have the full picture to have made a more meaningful gesture.


MIT politics is, and has long been, that the students of today hate the administration of today. This might be correlated to the number of folks in the MIT administration who are not MIT alums, incidentally. Fix that, and everything else follows.


I think that's the eternal position. The complaint in my day was "the administration ignores the students," so the administration asked for student input on the next controversial decision, and then did what they were going to do anyway.


Who do you think should fix it if not the MIT students?

Why don't they go and physically remove administration from the MIT and never let it back?

It seems impossibly unlawful when I write this but you know, there were times when students had a political agendas and they used to run over campuses, barricade them and battle the police. And now it's like "we're gonna hate them for life and not do a thing".

I understand I'm telling other people what to do but then again, the OP tells other people what to do[n't].


By what right to they have to "take over" MIT and "never let administration back"?

It's not their property, and no amount of "cause celebre" or "protest du jour" should make it such.


It's not "the administration" property either.

And when you come to think about it, how can an university be someone's property? Surely you can own buildings, but how do you own education and knowledge?


I'd say it's even more counterproductive then. No one at mit hadn't heard of the scandal at this point, but a few people's minds might get changed on hacktivists in general.

Putting up the messages on those department sites won't inconvenience a bunch of people, but this might.


Please let me read your blog page without needed to turn on lots of javascript. The page is blank without whitelisting JS content.


Seriously? Still on the disable-JavaScript kick? scratches head


Yeah, how silly to disable anonymous remote code execution by default. ;) Flashy pages that eschew compatibility and separation of concerns (even accessibility, seo at times) are the new standard, get used to it.

Would you accept a Word.doc that required scripting to display itself? Shouldn't the response to a non-visible blog post be WTF?

(Strangely enough, I am able to read the page w/o js, but responding in general to this type of comment I see on HN frequently.)


I wouldn't accept the word scripting because I don't trust their security model; I expect there to be a very high chance of getting a virus from MS Office scripting. I see a very low chance of getting a virus from js; there have also been 0-day exploits from <img> tags, why do you feel OK with images enabled?


There have been hundreds (thousands?) of javascript exploits. Javascript is also a major component in user tracking. Go to a news site and you'll see a dozen trackers most likely against your wishes, reducing privacy and performance. It's a hostile internet out there.

Hostile images may exist but they are an order of mag. or two less common of a threat. Of course, where to draw the line is subjective, but the idea that blocking js by default is silly is misguided, imho.


Can you link to a recent (for any reasonable value of the word) remote code execution vulnerability with JavaScript? Because my observation has been that RCE through codecs has been a much bigger vector for compromised systems.


Why does it have to be specifically RCE? Here are some lists of Firefox's and Chrome (fixed) security vulnerabilities. Browse the lists and you'll find plenty of critical issues related to Javascript.

http://www.mozilla.org/security/known-vulnerabilities/firefo...

http://googlechromereleases.blogspot.com/2009/08/stable-upda...


http://www.metasploit.com/modules/exploit/windows/browser/ie... was a cool one, but really, almost EVERY vulnerability requires JavaScript for the heap spray, even if the bug is somewhere else. Of course, running plug-ins in web pages is even more retarded than running JavaScript. By the way, images can spray the heap too, but, for some reason, they are not commonly used.



I see an obvious solution to this without disabling JS...


Not disabled, white-listed.

The internet is way better when you don't allow all of the annoying to dangerous JS to run.


Is there a possible way to use the internet without?

At least it is my experience, that without NoScript any given site will either take half an hour to load, or have some annoying ads, as an overlay over the content. ( Not to mention videos which start to play automatically, flash banners and sound effects.) Seriously I have no problem with an advertisement which just displays a picture or text. But any possible use of JS in a ad is a use I do not want.


Most of the internet is unambiguously better with js off.


Well, that sounds like the definitive word on the subject.


[deleted]


Do the Java vulnerabilities piggyback off of JS somehow? Or did you misread parent?


Java?


woops, let's go with mis-read.


Really? I browse with NoScript and JS turned off, and it worked just fine for me. (Which is more than can be said for most blogspot posts, e.g., by Google, which I always find frustrating.)


Maybe you already had blogger whitelisted?


Please let me read relevant discussion without having to scroll through a two page meta-debate. If you have an issue with the blog's presentation, kindly send it to the author directly.


This is as expected. If you want to disable the browser, you should a blank page. Javascript is as much a part of web content as html.

If you're worried about security, run Linux or OSX as your operating system.


Wow! That is not a comment I expected from HN.

You do know that Java7 (also part of the web) has a cross-platform 0day exploit. Your OS will not save you here (layered defense might help though).

Something as inelegant as click-jacking will not be prevented by your silver-bullet OS of choice, either.

> Javascript is as much a part of web content as html.

Why is javascript required to see content for a simple blog page?


Blank screening even with JavaScript enabled.


It's blank for me in 3 different browsers, looks like some javascript errors.


I feel like this guy could not miss the point by much more distance. How much of a shell do you have to live in to think "well sure, someone died after fighting for the rights of millions of people, but jesus, you people are going to inconvenience us for a few hours? this is just ridiculous!"


As I read it, the point of the post is that the student workers are the only ones being inconvenienced and that Anonymous should be targeting the administration directly.

In particular, note this part: "Scripts is MIT's largest web host but it's run entirely by student volunteers. Any and all attacks that are supposed to get the attention of the administration are instead being handled by SIPB members."

Presumably, the author would feel differently if the ones actually affected were those responsible for Aaron's death, even if the author was personally inconvenienced.


So after someone important to me dies, I can come over to your place and annoy you for a few hours? What exactly does that accomplish?

Lumping everything connected to 'MIT' together as the same evil thing is shortsighted and counterproductive.


I'm beginning to wonder if all the people preaching this 'Aaron died for your benefit so now you must suffer' line are Catholics.

Taken to the extreme, this line of reasoning is what makes certain terrorist groups think killing random civilians is acceptable. After all, if you're a citizen of a country then you should be held personally accountable for all the perceived crimes perpetrated by your government, right?


I don't go to MIT, but a commenter on a previous article about this said that MIT's network had been having trouble for weeks. That is, before the Aaron Swartz tragedy. Is there some other reason why someone would be DDOS'ing MIT?


That was me, I think, and I believe we now know that they are uncorrelated (although I'm not paying as much attention to all of this as I should). If I recall correctly, the symptoms from a few weeks ago were with the ISPs MIT connects to, not internal to MIT's own network.


I've noticed some really weird blips with ISPs in general in the past several months. Nothing I can pin down, but my working knowledge is incredibly low, so I don't know the tools. For instance, I run a Mumble server on a Linode, nothing special, and last night, all of my SF/BayArea friends had a storm of disconnect-reconnects. I didn't have time to diagnose at the time, but I doubt I would have found anything either.


Ah, I see. Thank you.


I'm guessing that a non trivial number of people heard about it and decided to join the attack, regardless of whether or not it was actually an attack to begin with.


That actually does sound likely, knowing the internet.


I suppose the one silver lining is that this could be useful data for MIT admins to locate weaknesses in their network.


It's not supposed to be a hardened network that freaks out whenever anyone connects to it.

Or is that the goal? To make MIT stop being so open?


I think that's a false dichotomy. It's possible to make the network and the attached services more resilient to a DoS without making it less open.


Maybe they could, I don't know, filter out requests from certain malicious MAC addresses? Start dropping packets from the wrong IP address? Surely that would suffice, right?


Oh please. Hardened systems and open access are not mutually exclusive. Pretending they are is the domain of untalented admins and those that wish to mislead you on reasoning for policy.

Also, this is MIT, the biggest threats to their network live on campus and are poking around on that network every day.


So maybe we should punch random strangers in the face in hopes of locating their weaknesses at stopping punches?


I said it's a silver lining, not a net positive.


Not strangers. Just women and children.


Good timing too as I assume IAP is an off peak time for people's work getting disrupted.


There's a lot going on during IAP… see for example http://student.mit.edu/iap/fc6.html


There's always a lot, but just on sheer number of people around there has to be less than say, late November.


why should they stop? MIT has blood on its hands. maybe you should email your schools president for an apology? maybe all the students should? Why are you the victim? why are students of MIT the victim? there is only 1 victim here and its nor you or the students of MIT.


I'm just getting a blank page - is that what others are seeing?



Yep, totally blank page. JS enabled, no plugins, no caching, Chrome Beta 24 from New Zealand. All HTML loads fine.

There's an uncaught TypeError in common.js:40 (looks like jQuery.browser isn't getting defined?) which seems to cause the blogger object to not be created, breaking classic.js and gadgets.js nearly immediately.

Ridiculous


Yeah - you're absolutely right. It's to do with this line:

   http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js
It seems Google API's have upgraded this particular URL to point to 1.9 which deprecates jQuery.browser. Technically they need to update their template to use something like:

   http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js


Sounds about right - i'm glad browser sniffing is going away. Not sure what's up with blogger's testing team - maybe everyone's busy helping out with the GAE outage?

Next question - why doesn't everyone get the blank page?

EDIT: By your profile, i'm guessing you're also in NZ - Looks like they might have just pushed the update out to only parts of their CDN.


Are you using NoScript or something like it? The page needs JS to render.


Hmm, it does seem that the page is being returned but I get JS errors in Chrome, Firefox and Safari on OSX (blogger not defined). Oh well, never mind - the Pastebin and screenshots above give the gist of the story!



The content is actually hosted on blogblog.com, one of Google's Blogger servers. Do you have a problem accessing that?


Works for me.


I think it is B.S. when hackers take down an easy target for no apparently good reason.

I respect those that take chances to risk their freedom for the good of humanity. For example, if a government were lying to its people about something that was negatively impacting them or their future, and only bad was coming from that information being restricted, then I could not argue with those that took on risk to release that information. I could not support doing anything illegal, but I would at least respect it. But, busting on MIT has no value I can see, and in-general attack-oriented hacking is just as bad as the Cobra Kai.


Can we just all calm down? there isn't proof(I haven't seen one yet) that proves that it was DDoS'd, nor do I believe that anyone has come forward to claim it. So why jump to assumptions. When you say,RIP it means to let a friend rest in peace. If any problems are faced by MIT, it shouldn't be blamed on well-wishers of Aaron. Posting it on YC, seems ridiculous to me, as if its a clear accusation, and if its posted here, anyone who did it would just stop.

Indeed it does raises eyebrows, the timing of this, but lets not jump to conclusions without solid facts.

-1 for this article. Sorry Sweettea, No offence meant.


Would there be any legal problem with essentially "hellbanning" those responsible from any online service you operate (with the possible exception of E911, etc.)? If we find out who at MIT was responsible, as well as Ortiz and Heymann, refusing to allow them to create accounts, or putting their accounts into a horrible tarpit with no outside connectivity, would seem like a much better form of protest than DDoSing MIT.


still cant believe this school pushed for jail time


This cause is trying to change the access across the world for scientific articles and you're complaining for a short period

"A few class websites are inaccessible, a few friends' blogs are down, and web development is a bit annoying"

That's the most selfish thing I've seen today.

No argument why this form of protest won't work just it interrupts your current lifestyle.

And IMO it will help, it keep momentum and adds publicity to the other means also going on.


> This cause is trying to change the access across the world for scientific articles and you're complaining for a short period

Many MIT professors make their academic articles freely available on their lab websites. As Anonymous continues to attack the MIT network, they are making it more difficult for members of the general public to access academic articles. This isn't about open access. It's about exacting revenge for Aaron Swartz's death. Unfortunately, it's targeting the wrong people.

> No argument why this form of protest won't work just it interrupts your current lifestyle.

MIT students would support an effective protest that interrupts their lifestyles, but attacking student-run websites won't work because the only people who suffer are students who have to clean up after you. The people responsible for Aaron Swartz's prosecution couldn't care less.


>"They are making it more difficult for members of the general public to access academic article"

Given what may happen if change can be made is this really anything? This is how most of the mostly 3rd world student/academics live 100% of the time for most articles.

They are not attacking students sites AFAIK they are attacking the MIT network I really doubt the Faculty are not seeing this and thinking.

This is an attack for unproportionately persecuting someone for trying to free up scientific information. I don't see it as revenge for his death.

DoJ won't change, but academics might.


Now you know why I hate anonymous


You hate everyone and nobody then. Peaceful protest to raise awareness in my view.


[deleted]


Are you drunk?


Sorry, did I go over your head?


The new blogger does not let me to zoom in by the means of ctrl+. It's so pathetic that I don't understand why people use it. You can turn that off can't you?

Back to the content of an article: Aaron suffered for nothing, but the student thinks that he should be extempt from suffering for nothing. What makes him think so? Life is pain.

He should be feeling shame right now, excruciating one, but instead he tells other people what to do and don't.


fuck you MIT! fuck you, fuck you, fuck you.


Given that eloquent pair of sentences, I must ask: what do you know about MIT?


well, in this case, enough to know that the organization should suffer shame.

so, i do apologize if i upset you, and didn't intend to speak to _everyone_ associated with the organization.

in other cases, i would admit that beautiful and wonderful things have come from _individuals_ at MIT...but that is not the context within which my eloquent pair of sentences were made.

however, in this case, it seems that academic snobbery and/or greed was a contributing factor to the suicide of a great individual, and that is enough for me to make my comment.

:)


If the students have failed to vehemently distance themselves and protest to the administration, or even quit MIT for somewhere else, then they are just as guilty. Their attendance abets the status quo. Especially since it's a private university.

Quit whining.


That's insane. There's no way an individual student can possibly vet and approve every decision made by the school administration. If the U.S. president engages is an immoral action do I bear the guilt of his actions because I voted for him? Should I renounce my U.S. citizenship whenever my congress-critter misbehaves? Of course not. That is the worst thing I could do. I would be far more effective if I stuck around and campaigned against an immoral leader and tried to get a replacement elected.

I imagine the point of this attack is to effect/inconvenience students so they complain to the MIT administration. The school bureaucracy won't listen to random strangers on the internet, but they will listen to students.


I imagine the point of this attack is to effect/inconvenience students so they complain to the MIT administration.

If that's the objective, it's not a very well chosen one IMO. As I and others have posted elsewhere in this thread, MIT is already conducting an investigation, and I expect that students who are at all likely to complain to the administration already know about this and are already watching what happens, and will make their displeasure known if the appropriate action isn't taken once the investigation is complete. I doubt that this DDoS attack will have a significant effect on that.

Plus, as has also been posted elsewhere in this thread, investigations take time. Is this DDoS attack going to continue until it's finished? How does that help? Or is the objective to get students to demand heads before all the facts are known? How does that help?


Really?... It's not their battle. Why does a student at MIT have to have a position on this at all?


What, do you think people have no social responsibility towards the institutions they support?

If you belonged to the Westboro Baptist Church or some other group it'd be legit to claim you're responsible for their actions to a certain degree.

Why do MIT students get a special exemption from the chain of responsibility that applies to everyone else?

If you are a member of a collectivist institution it's also your responsibility to take what action you can to shape its moral aspect. And to be silent is to abet.


What makes you think students at MIT aren't trying to make a difference? Do you expect something to happen within days of a tragedy? This takes organization, and outrage, and discussion. People searching for solutions. The wrong message would be to attack students, who are also ultimately victims of information monopoly.

I fear you're cutting off the nose to spite the face.

And these frequent DDoS attacks are partly to blame for Aaron's death, it's the reason why prosecutors are so hardcore about "hacking" or anything vaguely similar to it.


Well trolled.

I am not associated with MIT. However I consider Abelson's forthcoming report as being more representative of the organization, than whatever random administrator was dealing with the prosecutor. Abelson was undoubtably there before the administrator in question, will be there after, and is far more widely known than the currently faceless administrator.

Look at http://en.wikipedia.org/wiki/Hal_Abelson then get back to me on whether that is a reputation that a student should be proud of or rejecting.


You lost me at Westboro Baptist Church, which isn't comparable. WBC is a voluntary group, which I assume you can enter and exit without penalty.

Imagine you're a student, halfway through your 4 year program at MIT... You don't know Aaron, or anything about his situation. Yes, you get an exemption from blame, because it has nothing to do with you and it's not your business. You cannot just exit and go elsewhere without seriously hurting yourself.

When you're enrolled at a University, you are not part of a collectivist institution, you are a customer at a business. If you choose to go elsewhere, that's on you, but who is anyone else to tell you what you should do? You're starting to sound like the WBC...


And your tuition money is so entirely different than tithing how?

Likewise, customers have social responsibility in their purchasing decisions, and transferring credits to another school isn't all that huge of a deal, either, so I'm kind of finding your take a little overblown. Obviously every student at MIT volunteered to come there, too.


That's like saying that if your father raped someone, you raped that person too. It's the same logic that was applied to Jews, Gypsies, and slaves for centuries (and is still applied in the Middle East today). It has no place in modern discourse.


It's more like ignoring that your father raped someone or tolerating it or telling him it's fine instead of getting him help or reporting it.


No, It's more like your 18th cousin 6 times removed raped someone... You don't know the guy, never met him, and some troll on the internet is blaming you for murder because you haven't publicly denounced him.


I'm sorry, what? If I were attending MIT today, you can bet that I wouldn't drop out of school over some guy's suicide.


>Quit whining.

What an excellent way to win the hearts and minds of the MIT student body. Congratulations you've managed to belittle and alienate the same people you'd want on your side!


Why would anyone want to have on their side people who choose to give money to support a murderous anti-freedom organization like MIT?

You know what it represents now. You choose to continue to be associated with them. That is not an innocent decision.


It's incredible, because it's people like yourself who drive people away from the causes you're trying to promote. But somehow you can't see that.

Any cause would do well to distance itself from people who compare MIT to the Nazi Youth[1]. Extremes don't help.

[1]http://news.ycombinator.com/item?id=5050412


A murderous anti-freedom organization that was apparently OK with a six-month plea deal[1] that Swartz's legal team rejected. So I guess if you want to go that route you can call them "anti-freedom", though I too am against the freedom to crack into other people's networks too. But murderous? Hyperbolic silliness.

You do not help the cause you claim to support by screaming, spittle-flecked, at passers-by.

[1] - http://boston.com/metrodesk/2013/01/14/mit-hacking-case-lawy...


Does this mean Americans that haven't protested or denounced their citizenship are just as guilty for the sometimes awful things the American government does?


Fortunately protesting at the ballot box allows Americans some measure of escape from culpability for the actions of the US government, however most are still responsible having voted for Democrats or Republicans, the very ones who have put into place many of the policies that are ostensibly so objectionable.

The fact that people find it impossible to keep their hands clean is a fact of life and of human nature, but that shouldn't just excuse everyone. It should be a reason to try for better.


Why the rhetorical question ?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: