I would say, without much hesitation, that I don't view morality in the same light as you. If I treated morality based upon a presumed consequence, then I'm just flattering myself. While it's true that life is full of functions, f(x) does not generally result in instant satisfaction or a light you can see after striking a match. When I make a decision, the flowchart doesn't always go toward 1) How will this decision affect others? 2) How will this decision affect me? The other option outside of the box could be 3) Will this decision open other options for me? Sometimes, you have to break a window to enter a building.
It was my first month at a job when I created a simple app that told me how much time I had logged for today and the previous work day (which was either yesterday or Friday depending on the current day of the week). My colleague had also created a similar app, but his was writing to the database whereas mine was only reading. A software developer can see where this story is going. They shut our access down, and we had to retrieve our records through an internal site.
A good developer is stubborn by habit or design. Neither of us were done, and both of us would spend months finding a backdoor. My request was reasonable. The data I wanted was for consumption, his was for manipulation. They were after him as they wanted to validate his input before it ever hit the server. Data corruption is a serious thing, and they weren't keen on him opening Pandora's box and potentially hosing the server.
He had found a unique way to accomplish what he had sought out to do. He wouldn't share it until he was finished, and he wouldn't share it with anyone but me. Developers are strange like that. We want to be the first to do something, but afterwards we'll share our code (imperfections and all). The irony out of this entire endeavor is that they patched his means of entrance the day after he left the company (on his own terms). His app wouldn't work after that, but it didn't phase me as I was still attempting to make my own unique way of accessing the data.
About a month after he left, I hit a few breakthroughs - but they led to nowhere. API's required access tokens, and traversing HTML forms required unchanging tags and authentication. Both methods of access showed promise, but required a lot of work. For a fleeting moment, I thought of brute-forcing the sysadmin. I decided against it... not for reasons of consequence, but for reasons of self-merit. It was beneath me, and cumbersome. Sure, I briefly hearkened to voices of the past accusing me of being a two-bit cheat. I'm not averse to cheating, it will always be a tool in my belt. Those vehemently opposed are generally self-righteous pricks. Aside from that, let's continue...
I decided to go the API route, but I needed the access token. Using Fiddler to capture my HTTPS traffic, I discovered how to get the token. Once I recovered it, the rest was cake. I was able to make an API call from the system. I made it look like the system was calling itself which meant security was no longer at issue. My simple app, as unethical as it may have seemed to create it, is one of my most cherished creations. Not because of what it does, but because of the route I took.
0 comments:
Post a Comment