[ericfrederich]

I had a co-worker who played minesweeper all day long on his Linux workstation which I had remote access to. I grabbed the source code for the exact version of gnome-mines he was using and compiled my own version with some back doors. I would also launch an xvnc server so I could see him playing from my desk. Sometimes I'd have people over at my desk watching him play. It was hilarious.

I could enable various features while the game was playing. Features included: * Always lose on first click * Always win on first click * Force a guess in all 4 corners... so even if played perfectly he'd have to make 4 guesses. * Load custom designs from text file. For instance I had some that spelled things out. * Every click would be completely surrounded by mines (i.e. the number 8) until half the mines were exhausted. This one was fun because I remember him not believing it and actually clicking on a mine. * Ridiculous sounds when he won or lost

[lofties]

It sounds to me like you installed spyware on your coworkers computer. What kind of company were you working at where people see this as a joke instead of a security breach? And let's not forget the trust coworkers have in you not to fuck with their machines.

[eckza]

Sometimes, it's okay to play practical jokes on your friends.

[slg]

A practical joke, especially in a work environment, should be good-natured and harmless. I think the screen recording aspect of this joke crosses that line. Every other aspect would make for a good prank, but there is just too much potential downside to watching their screen without them knowing. Even if OP didn't see anything but the Minesweeper games and the coworker has no legal expectation of privacy on a work computer, it still violates that person's trust and their likely assumed level of privacy.

[arethuza]

"coworker has no legal expectation of privacy on a work computer"

That does rather vary by country - Germany has some strict rules about what employers can and can't monitor.

Also, some organisations explicitly choose not to monitor computer usage too closely (e.g. by using proxies that intercept HTTPS traffic) out of the fear that this would expose the organisation to greater liabilities in the case that someone was doing personal banking from their work PC.

[tialaramex]

One of the fun things that happens with HTTPS proxies is people desire a policy that only spies on some things people do, and the people making these middleboxes (who are concerned first and foremost with selling a product not with whether that product works or even if such a product could in principle work) are eager to offer that.

This can't work, but, having sold it/ bought it then there's a lot of pressure to make it work.

The best case scenario with such products is that some fraction of traffic is unmolested but the product owner policies do not actually control what that traffic is (which might surprise them and make their overall security policies ineffective but otherwise is no big deal)

The worst case is that in the attempt to do this "selective proxying" some or all traffic security is compromised. Non-participants aren't affected (except it might introduce denial of service) but active participants give up potentially all security. e.g. the company laptop that's configured to the trust the MITM proxy, might not only be uploading your bank password to some screen accessible by an entry level IT guy it might also just inadvertently remove the security of the bank connection altogether so that now random bad guys on the Internet can see everything, whoops.

[lofties]

Spyware is not a prank. Let's not come up with vague definitions of what is, and isn't acceptable.

Coworker has remote access to other coworkers machine and is abusing this trust to install spyware, setting a president for other "jokes".

Sorry man, I don't see anything funny here.

[wruza]

>president for other "jokes"

CJO in modern terms.

[jpendry]

You must be fun at parties.

[loriverkutya]

He is probably fun at parties and not undermining his colleagues trust at work.

[rendall]

I might agree with you if the modified Minesweeper did anything more than (if I read correctly) allow OP only to view and modify that game alone, and only when the worker was actually playing it

Nothing was seen that couldn't be seen by shoulder-surfing.

[murgindrag]

I've been in both kinds of cultures: ones where these kinds of shenanigans were common, and ones where, if HR or IT found out, you'd find your key card deactivated, and a box of your things shipped home.

As ridiculous as it sounds to someone in either camp, both were okay.

The former was an organization where everyone fundamentally trusted each other, and the concept of anyone doing anything really wrong was just foreign. It's so dissimilar to most business in tech today (which are either trillion-dollar megacorps, or places where people jump jobs every 3 years). This was an organization where people stuck around for decades, and everyone really knew each other. Doors weren't locked, and everyone had access to everything. It worked well.

The latter is like most of the tech industry today. My machine is private, and if you've hacked my minesweeper, I'm going to reinstall my OS. I don't know you well enough to know you didn't root my machine or steal my personal files. I'm also talking to HR since you shouldn't work here.

[kbenson]

I think that's the right way to view it. People are viewing this through the lens of their current employment, but that's assuming a lot. I did something somewhat similar (in type, if not scope) when I was young and in tech support. The notable facts at the time were that a) we were friends, b) the computers were customized by us, but for the most part interchangeable because a web browser was the software needed, which allowed us to install Linux if we wanted, and c) I didn't really hack it as much as use an admin account he gave me to help in do something on his box.

Friendship comes fast when you're in your early 20's and there's lots of free time to screw around. It's twenty years later now, and I probably wouldn't do that to any of my coworkers. I probably would do it to any of my siblings though. How invasive you can get away with a prank being without upsetting the person targeted is largely based on trust.

When I pranked my friend, the company we were at had probably 30 people working for it, and there were maybe 16 of us in tech support total. It's easy to trust others when you're such a small group, because you can actually know most the people you work with. If your company employs even hundreds of people, that's much harder to do.

[kbenson]

> Ridiculous sounds when he won or lost

You could really give someone some good experiences with that. A game that it artificially seems like you narrowly escape disaster turn after turn can feel great at the end.

[client4]

Is the company you "work" at hiring? ;)

[Tepix]

This reminds me of a prank i played on a classmate in high school. I snuck a "ver.com" command onto his boot floppy (the real "ver" was a builtin DOS command) that installed a TSR (remember those?).

We had a very simple custom serial bus network back then. It was sufficient to allow me to send a command to his PC to show a fake game screen when the teacher was looking at his PC. A fun exercise in x86 assembly (fun for me at least)!

[m4tthumphrey]

I didn't install anything per se, but gained access to my colleague's machine remotely and would play very subtle audio messages in his headphones whilst he was listening to music. Was amusing to watch his facial expressions. I also messed with the volume every now and then and once went a bit crazy and he sussed it out.

[elygre]

As a consultant, I once did a two-day gig at a client site installing some software on a Sun workstation. It was very unsettling when the "restaurant scene" from "When Harry met Sally" started streaming out from the workstation speakers.

[masonic]

I hope the client fired your company.

[elygre]

That would have been something!

I was on a client-provided workstation, and it was the client project manager (!) who played the sound clip on my workstation.

I believe this was not their first rodeo, but it was embarrassing as he??. And I don't even think we fired the customer!

[booi]

Can you open source this version?

[IgorPartola]

This sounds awesome. Also what kind of workplace was this and did he ever find out?

[muzani]

Did he ever figure out why these "features" happen to him?