A while back, my friend Nick introduced me to Project Euler, which is a really cool (well, not really cool, but nerd-cool, which is better anyway) collection of little mathematical puzzles that are best solved through the application of computer programming.

I’ve been looking to learn Python for a while now, so I decided to start working through some of the Project Euler problems as a way to learn Python. I did the first two on the train: summing all natural multiples of 3 or 5 below 1,000, and summing the even Fibonacci numbers below 4 million.

If you care, my code is below:

Somebody told me this code is a bit counter-intuitive and hard to read, which might be true. I tried to use as few variables (two), loops (one) and iterations (only 333 rather than 999) as possible.

j = 0
count = 0
while 3*j < 1000:

if 5*j < 1000 and int(((5*j)/ 3.0)) != ((5*j)/ 3.0):

count = count + 3*j + 5*j

else:

count = count + 3*j

j = j + 1

print “This program sums all the natural numbers below 1,000 that are multiples of 3 or 5:”, count

Same story here, there’s more self-evident ways to code the Fibonacci sequence. One of my friends told me that in Python, you can assign two variables in one line so you could just do “a, b = a+b, a”, but I didn’t know that, so this is what I did. I thought using the transitive property of addition rather than introducing another variable was at least slightly clever:

a = 1
b = 1
total = 0

while b < 4000000:

if int(b/2.0) == b/2.0:

total = total + b

a = a + b
b = a – b

print total

I’m pretty pleased with the new design, I think it’s very clean and modern-looking without being too gimmicky. It does have some fancyness like transparency, and rounded corners and so forth, so if anyone out there is running into weird glitches (things overlapping, sections disappearing, etc.) I’d appreciate hearing about them. You can leave a comment, or email me. Please include your operating system and browser, too.

Hack the Gibson!

However, if you had been reading the tech sections of major media sources in the past few days, you might easily be forgiven for thinking that Conficker was on the verge of ending the internet (or possibly the world) as we know it. A roundup of some of the coverage I’ve seen:

“The Worm That Ate the Web” from Slate, who couldn’t resist the temptation to slap an over-the-top headline on an otherwise fairly good article.

“Worm Infects Millions of Computers Worldwide” from the New York Times, which also features the priceless quote, “If you’re looking for a digital Pearl Harbor, we now have the Japanese ships steaming toward us on the horizon,” from some guy at a security firm.

“The Conficker Worm: What happens next?” from CBS News, which characterizes it as “one of the most dangerous threats ever,” a phrase that practically cries out for some sort of qualifier—surely the Ebola virus and nuclear war clock in ahead of Conficker on the threat scale, yes?

“Computer experts brace for ‘Conficker’ worm” from Reuters, who’ve since redirected some of their links to the more accurate, but still ominous-sounding “Malicious virus quiet, but attack may be in works”

The short, boring version of this story is that Conficker is not that different from other worms in the past. It’s somewhat more advanced, with peer-to-peer communication and a cryptographically-protected system for phoning home for instructions. However, where it really excels is public relations. By having a clever, funny-sounding name (“Conficker” is pronounced like an accented “configure”, but “ficker” is a noun form of the German verb ficken, which means “to fuck”) and by setting the latest version, Conficker.C, to start listening for instructions on April 1, the worm’s authors tapped into a perfect storm of tech journalists desperate to write an April Fool’s Day story that doesn’t boil down to “Somebody said something funny on teh internets” and antivirus software companies eager to scare people into buying their product (nevermind that the vulnerability Conficker exploits has already been closed by normal Windows updates).

Much of the coverage has focused on the supposedly mysterious intentions of the worm’s creators: as of right now, the worm isn’t actually doing anything to infected computers. It’s taken them over, (pwned, or zombied if you prefer colorful verbiage) but the botnet is still waiting for further instructions from its masters. Many of the articles have this attitude of, “What happens now is ANYONE’S guess! They could do ANYTHING!”

I hate to be the one to kill the mystery, but I can tell you right now that these computers will eventually be used for either a) sending spam, or b) DDoS attacks, or both. The reason I know this is because these are basically the only things anyone ever uses a botnet for. I suppose they might also harvest personal information from infected machines, but there isn’t really any need to create a large, coordinated, remotely-controllable network for that purpose.

It’s really too bad that botnet hackers are so uninventive. When I talk to laypeople about my project, and about hackers, these are the kinds of hackers they typically think of: low-grade criminals who are out to make a buck. But to me, these kinds of botnet spammers are absolutely the least-interesting subspecies of hacker. I have some respect for the technical know-how needed to uncover a vulnerability and exploit it, but the motivation behind it is so pedestrian and petty. As one article put it, “The days of hacker meritocracy earned through digitally destructive acts…have given way to profit schemes in which malware and hacking skills are used to snoop on networks.”

I was brainstorming with a friend of mine, trying to come up with more interesting things to do with a botnet. Some options include:
-> Running SETI@Home on the zombie machines.
-> Using them to brute-force crack cryptography.
-> Find giant prime numbers with them.
-> Conduct sociological research on worm victims. It would be a rare chance to study computer use habits without subjects modifying their behavior.
-> Play Six Degrees of Separation with victims’ email address books. I’d be very curious to find out the average number of nodes separating two people in a botnet.

If any Russian botnet masters are reading this, drop me an encrypted email, we can work something out!

My other idea for a creative, malicious virus or worm wouldn’t necessarily require a botnet. It seems to me that viruses typically target computer resources and data, so it would be novel to see a virus that targeted the human users behind those computers. You could write a virus that sent out emails designed to introduce acute social awkwardness. It would probably be possible to use a heuristic that combined data from a victim’s email contact list with public search results to identify certain types of people, then the virus could send out targeted emails.

Send long, heartfelt declarations of love to email contacts of the opposite sex: “I know you’ve probably never thought of me this way, but I’ve always loved you…”

Identify co-workers who have the emails at the same domain name: “Hey, about that project you asked me to work on: I went on kind of a bender this weekend, so I didn’t really get anything done…”

Extra-credit for .edu domains: “Professor _______, your ideas are laughable and you’re so boring I always sleep through your class.”

For bonus points, spot variations of “Dad” and “Mom” in a contact list: “Dad, I need to tell you, I’m running away to join a corporeal mime troupe. This is what I really want to do with my life.” / “Mom, I’m gay. I thought it was important for you to know.”

For added realism, the virus could be programmed to only send messages late on Friday and Saturday nights, when many suspiciously honest and poorly-typed emails are typically sent.

One person I shared this idea with commented that, “That would be the most evil computer virus ever!” Luckily for the world, my coding skills are nowhere near up to the task of actually writing such a virus. I’m probably not that evil, either.

However, I would like to see the malicious hackers of the world up their game a little bit. If you’re going to be evil anyway, at least be evil and clever! It’s not like they’re handing out extra-long jail sentences for creativity.