Two in the morning. House silent except for the monitor's hum. I've been sitting here for twenty minutes, cursor blinking in the address bar, reloading the page every few minutes like something might change.
It doesn't.
The defacement sits there—mocking, permanent, public. Everyone who visits the site sees this. Everyone who trusts my tutorials, who comes to learn, who thinks I know what I'm doing.
I close the browser. Stare at the desktop. My reflection in the dark monitor looks tired.
I open my text editor. The backup files are local—everything is recoverable. But recovering means facing every page I've written, every tutorial, every example, and putting it back piece by piece.
The cursor blinks in the empty file.
I start typing.
---
Two weeks to pull the backup files and rebuild the site. Then twenty minutes to fix what actually mattered: the guestbook code. No input validation, just raw user input piped straight to the system. The hole SteeZ showed me months ago.
Every fixed line feels like penance.
---
Programming class. Friday.
I stay after the bell rings. Everyone files out. Mr. Caldwell looks up from his desk.
"Got a minute?" I ask.
"Sure."
I walk to his office. He follows, closes the door.
I pull out my laptop—the old Gateway, carrying it to school in my backpack all day just for this. Open it on his desk.
"Remember when you said... when you're ready to do things the right way, you'd help?"
He nods slowly. "I remember."
"I think I'm ready." I turn the screen toward him. "I fixed the website. The one that got defaced. I want to show you what I did."
Caldwell pulls his chair closer. Looks at the code on screen.
I walk him through it. The original guestbook script—how it took user input and passed it directly to the system shell. No filtering. No validation.
"So if someone typed a semicolon and a shell command..." Caldwell says.
"It would execute. That's how they got in."
"And your fix?"
I show him the new version. Input validation. Whitelisting allowed characters. Escaping special characters before any system calls.
Caldwell reads through it quietly. Scrolls down. Back up. Reads again.
"This is good," he says. "You closed the hole."
"Yeah."
"But let me ask you something." He leans back. "Why did you validate the input here?" He points to one line. "But not here?" Points to another.
I look at where he's pointing. "That one doesn't go to the system. It just writes to a file."
"True. But what if someone puts HTML in their name? Or JavaScript? Gets stored in your file, displayed on your page?"
My stomach drops. "Cross-site scripting."
"Exactly." He pulls out a piece of paper, starts drawing. "You fixed the immediate vulnerability. But security isn't about patching individual holes."
He draws boxes. User input. Processing. Storage. Display.
"You have to think about the whole system. Where does untrusted data come from? Where could things go wrong?"
"There's a book I want you to read," Caldwell says. He writes down a title. "It's about secure coding practices. Teaches you how to think about security from the start, not just bolt it on after."
I take the paper. "Thanks."
He looks at the code again, then closes my laptop. "You could've just restored from backup and moved on. Instead you learned why it happened. Came to ask what you might have missed."
"The IRC stuff taught you real skills," Caldwell says. "But this?" He taps my computer. "This is building on rock."
The genuine version of this novel can be found on another site. Support the author by reading it there.
"Keep this up. Come ask questions when you're stuck. I'll help you do it right."
"I will. Thanks."
"And Scotto?" He looks up. "I submitted your Northwestern recommendation this morning."
---
Weeks pass. Grades are looking good. I’m actually doing things with real people after school again, and phone bills have dropped.
I haven't been logging in much at all. I already know I'm not staying. I just haven't said it out loud yet.
Before I go, there's one more thing.
I open a second mIRC window. The DalNet server list is still saved from months ago. I connect.
The familiar welcome message scrolls by. Different now, new server names, updated rules. But still DalNet.
I join #kaos.
I type, delete, type some more. I have no idea how to write a goodbye.
Nothing for a few seconds. Then:
No one else responds. d0pe, JaXx—offline or moved on. This chapter is done.
I close the DalNet window.
Take a deep breath.
Connect to our goodmonin2ya server and join #crew.
The cursor is blinking. Waiting.
SpaceGoat hesitates. I can almost see him staring at his screen, though I still have no idea what he looks like, or even if he's a he at all.
Another pause. Longer this time.
ICQ-I Seek You. Instant messaging without the channels.
PM windown lights up.
[FLiPZ] so this is it huh
[SKa] yeah
[FLiPZ] wanted to say thanks man
[FLiPZ] i learned a lot from you
[SKa] what are you talking about
[SKa] i never really believed you had the skills, but you def do man
[FLiPZ] nah
[FLiPZ] you pushed me to get better.
[SKa] that wasn't my intention, ha, but thanks
[FLiPZ] we're a crew
[SKa] yeah
[SKa] we are
I stare at the screen. My fingers hover over the keyboard.
The cursor blinks. No immediate response. They don't need to say anything else.
I type: /quit Peace
Hit enter.
* SKa has quit IRC (Peace)
I open Winamp.
The playlist loads. 437 albums.
I double-click on "Smells Like Teen Spirit."
The opening guitar riff hits.