10-minute story: Codekey
Jan. 20th, 2014 07:43 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
radfrac_archive_fullSo I was thinking about why the last story felt kind of limp.
First I thought it was the length, but I think actually it's not a formal issue -- not the thing that's bothering me, anyway. It's the emotional content--it wants. I think probably a story shouldn't want anything (or shouldn't appear to.) It should present something, and leave you to feel how you feel. Hopefully really bad.
So maybe this, written over lunch, gets a little closer to what I wanted to do with the previous story.
Codekey
I spend about two hours a day at work looking for forged and duplicated codekeys. This isn’t as skilled a task as it might sound, if it does sound skilled to you. Most of the duplicated keys have been replaced and most of the forgeries excluded. However, although I don’t do anything except run the checks and then eyeball the login stats, I have manually discovered as many as three or four forged keys in a month, forgeries that the checks missed. This makes me feel like a relevant stage in the search process—a needful, rather than needless, redundancy. (I don’t create the checks. I don’t have the skill.)
I was using a duplicate key for a while without realizing it. That was actually one of the flags that let the security team know there was a problem. So I guess in a way I was important to that process as well, the process of discovering the breakdown. I was working late a lot in those days to try and catch up, and that’s how they noticed.
The guy who was using my key wasn’t attempting anything criminal. He didn’t know he had a duplicate key. He bought it off another guy in an auction, who bought it off a stockpiler. (We discourage people from stockpiling, but we can’t really stop them.) The stockpiler may have legitimately bought the key from us--the trail gets hazy here, because the breakdown came first and then the breach came about three days later. We didn’t notice the breakdown for almost two weeks, until the match between my key and his key flagged it. So the cause and effect of a particular duplicate or forgery can be difficult to pin down.
I had an uncomfortable conversation with the security team and my boss and some of the senior coders where they suggested, kindly, that I had given him the codekey—just as a friend to a friend, as a favour, not for the purposes of fraud, they stressed to me. This was before we discovered the flaw that led to the breakdown and then the breach. Once we discovered the flaw, they apologized to me, or Ryan did, in the hallway one night when we were both working late. That was how I worked out that their suspicions had been more serious that I realized, that criminal prosecution had been discussed, that lawyers were involved. Because the strange thing is that I knew the guy who had the duplicate of my codekey. We were sort of friends, I guess, but I didn’t give him the key. In fact, I hadn’t heard from him for a long time at that point already, and I haven’t heard from him since.
Though if you think about it, it isn’t that strange that I would know him. We like a lot of the same kinds of things, and I might even have mentioned my employer to him, when I was first hired, as something he’d want to check out, something he’d like. It is a funny thing, though. It wasn’t my fault, about the duplicate key, and that became clear after not that much investigation, and I think I may even have gotten a slightly higher bonus than usual to make up for the toxic atmosphere of suspicion I’d mostly been oblivious to. Yet it seems to me that an aura of – if not corruption in the ethical sense, maybe in the sense of bad or damaged code – has remained with me, as if I had been the weak point of the breach, instead of being (albeit inadvertently) the catalyst for the discovery of the breakdown. I didn’t cause either the breach or the breakdown, and certainly not the flaw – I don’t have the skills – and everyone knows this, but they also all remember the time when they thought maybe I had. Emotionally, I mean. In their bodies, when they see me. Or so I assume.
This way that they know I did something wrong, or weak, even though I didn't, does a strange thing to what I remember. I didn't give him the codekey, but I can see how I could have done it. If I think about it, which I often do while I am searching for forged and duplicated keys, I can sort of create a false memory, in some ways more vivid than the real memory, since the real memory is of not doing something--that is, of no specific action. I was proud of the work we were doing and my small part in it. I would have wanted to impress him, since I knew it was actually more his kind of thing than mine, that he probably understood it better than I did. I would have wanted to give him the key.
He’s probably annoyed now that something I suggested led to his being under suspicion. If I was investigated, he must have been. Maybe he was questioned, or threatened with legal action. I don’t actually know. I thought about sending him a message, just something short and apologetic--sorry about the trouble--but then it seemed like my apologizing would just make me seem even more like the cause of the problem. My apologizing would make him blame me more, not less. He may blame me anyway. That's probably why he hasn’t contacted me, though he might just be busy.
(901 words)
First I thought it was the length, but I think actually it's not a formal issue -- not the thing that's bothering me, anyway. It's the emotional content--it wants. I think probably a story shouldn't want anything (or shouldn't appear to.) It should present something, and leave you to feel how you feel. Hopefully really bad.
So maybe this, written over lunch, gets a little closer to what I wanted to do with the previous story.
Codekey
I spend about two hours a day at work looking for forged and duplicated codekeys. This isn’t as skilled a task as it might sound, if it does sound skilled to you. Most of the duplicated keys have been replaced and most of the forgeries excluded. However, although I don’t do anything except run the checks and then eyeball the login stats, I have manually discovered as many as three or four forged keys in a month, forgeries that the checks missed. This makes me feel like a relevant stage in the search process—a needful, rather than needless, redundancy. (I don’t create the checks. I don’t have the skill.)
I was using a duplicate key for a while without realizing it. That was actually one of the flags that let the security team know there was a problem. So I guess in a way I was important to that process as well, the process of discovering the breakdown. I was working late a lot in those days to try and catch up, and that’s how they noticed.
The guy who was using my key wasn’t attempting anything criminal. He didn’t know he had a duplicate key. He bought it off another guy in an auction, who bought it off a stockpiler. (We discourage people from stockpiling, but we can’t really stop them.) The stockpiler may have legitimately bought the key from us--the trail gets hazy here, because the breakdown came first and then the breach came about three days later. We didn’t notice the breakdown for almost two weeks, until the match between my key and his key flagged it. So the cause and effect of a particular duplicate or forgery can be difficult to pin down.
I had an uncomfortable conversation with the security team and my boss and some of the senior coders where they suggested, kindly, that I had given him the codekey—just as a friend to a friend, as a favour, not for the purposes of fraud, they stressed to me. This was before we discovered the flaw that led to the breakdown and then the breach. Once we discovered the flaw, they apologized to me, or Ryan did, in the hallway one night when we were both working late. That was how I worked out that their suspicions had been more serious that I realized, that criminal prosecution had been discussed, that lawyers were involved. Because the strange thing is that I knew the guy who had the duplicate of my codekey. We were sort of friends, I guess, but I didn’t give him the key. In fact, I hadn’t heard from him for a long time at that point already, and I haven’t heard from him since.
Though if you think about it, it isn’t that strange that I would know him. We like a lot of the same kinds of things, and I might even have mentioned my employer to him, when I was first hired, as something he’d want to check out, something he’d like. It is a funny thing, though. It wasn’t my fault, about the duplicate key, and that became clear after not that much investigation, and I think I may even have gotten a slightly higher bonus than usual to make up for the toxic atmosphere of suspicion I’d mostly been oblivious to. Yet it seems to me that an aura of – if not corruption in the ethical sense, maybe in the sense of bad or damaged code – has remained with me, as if I had been the weak point of the breach, instead of being (albeit inadvertently) the catalyst for the discovery of the breakdown. I didn’t cause either the breach or the breakdown, and certainly not the flaw – I don’t have the skills – and everyone knows this, but they also all remember the time when they thought maybe I had. Emotionally, I mean. In their bodies, when they see me. Or so I assume.
This way that they know I did something wrong, or weak, even though I didn't, does a strange thing to what I remember. I didn't give him the codekey, but I can see how I could have done it. If I think about it, which I often do while I am searching for forged and duplicated keys, I can sort of create a false memory, in some ways more vivid than the real memory, since the real memory is of not doing something--that is, of no specific action. I was proud of the work we were doing and my small part in it. I would have wanted to impress him, since I knew it was actually more his kind of thing than mine, that he probably understood it better than I did. I would have wanted to give him the key.
He’s probably annoyed now that something I suggested led to his being under suspicion. If I was investigated, he must have been. Maybe he was questioned, or threatened with legal action. I don’t actually know. I thought about sending him a message, just something short and apologetic--sorry about the trouble--but then it seemed like my apologizing would just make me seem even more like the cause of the problem. My apologizing would make him blame me more, not less. He may blame me anyway. That's probably why he hasn’t contacted me, though he might just be busy.
(901 words)
