About The Marauder's App
Originally built at HackNotts, an MLH student hackathon in 2015; by Angus, Harry and James.
We're always messaging our coursemates with crap like:
So we made a webapp to rid ourselves of this annoyance (though James still insists on using Messenger...). You can add friends
by popping open the 'Manage Friends' modal, and entering their full names one at a time. The format is
FirstName SecondName, in fact it is
the same as what
$ finger s13371337 returns on DICE, because, well, that's where we get people's names from.
If you've never heard of
finger before then yes, that exists. Also it never gets old.
Developed by, in order of commits: qaisjp (current maintainer), Angus (original creator), Harjyot, Harry (original creator), James (original creator).
The Marauders App would not be possible without the help of amazing people like Alastair White, Gavin Peng, Han Ricky Yuan, and other mysteriously unnamed people who have volunteered their effort to run around Forrest Hill and Appleton Tower. <3
Wanna help? Check out our GitHub repo!
someone in your friends list is on this computer.
means this machine is free to use.
these ones are offline, and are probably available.
and these have someone using them, though sometimes people forget to log out.
If you have any questions or have suggestions, please message Qais Patankar.
Obviously we take people's privacy pretty seriously, which is why the app only works over a secured connection, using HTTPS.
We scan DICE machines over SSH, running
finger on each one to see who's on it. The username of the person on the machine then gets hashed using sha-512 and a salt.
The hash and machine details are then pushed back here and stored in
Redis before being rendered as a map for you, dear user.
This means a couple of important things - We don't know who is where, as all we see is a big nasty hash like
5d96a594f5 485a89fa0f ac073f1b6b d5b2e5cf81
c193495e93 4c2a6ece4b 007709a4c1 db1070a7b5 9f571f269b 7ef69bfb5b
ab3e8a2e04 835e6635ec 7271a03a which is what we store. There's no software running persistently on DICE machines, no way to execute arbitrary code
on the DICE boxes and communication between the bot and this server is one-way. Also everything we knew about the lab
last time we checked it out is overwritten, as we don't log nor do we have persistent storage. Redis is great like that.
None of the collected data ever leaves .ed.ac.uk or the Informatics firewall, and all update information is sent between servers securely. API keys and hashing salts are easily changed and all our data is meaningless with incorrect copies of these.
Doesn't something like this already exist?
Apparently it does, rwho is a thing. Apparently it also used to be on DICE, but no more. So now you have this snazzy thing instead.
Plans for the future?
Biggest planned improvements are expansion out of
the Drill Hall into other labs and rooms in Forrest Hill Appleton Tower and into the Bayes Building; adding some additional
privacy wherein people have to 'accept' a friendship to show up on another person's map; and finally handy things like
notifying users of where friends are, where there are free computers and where empty rooms (if any) are.
Is this legal?
Yes, all DICE users have access to the same information that we do, and we're within the bounds of the DPA and CMA.