Hackers: Heroes of the Computer Revolution 78
| Hackers: Heroes of the Computer Revolution | |
| author | Steven Levy |
| pages | Delt |
| publisher | 448 |
| rating | 9/10 |
| reviewer | |
| ISBN | 0385312105 |
| summary | Learn the roots of the revolution |
The Book
A disclaimer. I love this book. It has its flaws, but it's an important piece of storytelling and history. It came out in 1984, back before the word "hacker" could start a flame war, and was re-issued in 1994. The people in the book are brilliant; some are dreamy-eyed utopians, some are pragmatic robber barons and some just want to hack. If nothing else, it illustrates that the current dramas being played out on slashdot, linuxtoday.com, USENET, etc. are not new ones. They go back to the beginnings of the computer industry, with many of the same personalities still involved.A warning. I'm going to use the word "hacker" as it was originally used, i.e. NOT as the picture of a greasy haired little dope smoker trying to break into Spacely's Sprockets web server. It's a word that's sadly fallen out of favor, mostly due to lack of clue in the media.
"Hackers: Heroes of the Computer Revolution" is broken into four parts. It starts with The Tech Model Railroad Club at MIT in the late 50's and chronicles Samson, Gosper, Deutsch, Greenblatt and company as they discover the IBM 704, the TX-0 and the PDP-*, moves to Northern California in the early 70's and the rise of Apple, zeroes in on Sierra On-Line and the increasing market share of game software in the third part and ends with a view of RMS in the epilogue. But all the parts are woven together to give a cogent overview of not only the building of the computer industry, but also demonstrates that the personalities and philosophies of the hackers involved are inextricably tied to their programs and the companies they founded and/or worked for. This book also chronicles something that's important and often lost in the shuffle as of late, The Hacker Ethic. It's defined thusly in the Jargon Dictionary:
Hacker Ethic, the n. 1. The belief that information-sharing is a powerful positive good, and that it is an ethical duty of hackers to share their expertise by writing free software and facilitating access to information and to computing resources wherever possible.
And laid out as such the in the book:
- Access to computers should be unlimited and total.
Always yield to the Hands-On Imperative
All information should be free.
Mistrust authority--promote decentralization.
Hackers should be judged by their hacking.
You can create art and beauty on a computer.
Computers can change your life for the better.
The beginning of the Greek melodrama that is now the Open/Closed Source debate is detailed quite well in this book. Some of the people in it have become more rich and famous, and some have become future Trivial Pursuit answers. But every single one helped shaped the modern computing experience to some extent.
Two little pieces of trivia from the book:
1. The original Ultima (for the Apple) was written by Lord British, real name Richard Garriot, whose father was Owen Garriot, one of the Skylab astronauts.
2. It's rumored that Gates and Allen wrote their first moneymaker, Altair BASIC, on a government funded computer ( and according to Bill Gates' Open Letter to Computer Hobbyists, it cost $40K. Wonder if they ever paid us back?:) ).
Why Should You Read This Book?
Those that don't learn from history are condemned to repeat it, and each other.I think Bob Young, Bill Gates, Larry Ellison, Linus Torvalds and YOU should read this book for one very good reason. Software and hardware make up a major part of many of our lives nowadays, and to just blunder along with no sense of the past is not only foolish, it's not very graceful. Those that have made the history need to remember it, and those that are just now coming up need to learn it. If the names Ted Nelson, Adam Osborne, LISP, Greenblatt, Gosper or Slug Russell mean anything to you, you'll dig this book. Hell, even if the names mean nothing to you, and you hang out on this website, you'd probably dig it anyway. This book details the beginnings of the coder/hacker culture that is coming to fruition now. The Linux community, and the Open Source/Free Software/Whatever The Hell It's Called This Week Movement can learn a lot from it.
Also, it's just a hell of a fun read.
Purchase this book at Amazon.
Ultima (Score:1)
_Hackers_ is one of my all time favorite books, glad to see it positively reviewed here.
Jason Asbahr
Origin Systems, Inc.
Ultima Online 2 [uo2.com]
Re:Think man, think (Score:1)
If a hacker goes into a system out of curiosity, takes a peek and figures out how something works, it's called hacking. If he does harm, he's being a cracker. It's the motivation that differs, and agreed, that's a lot. But.
I believe in the sacrosanct confidentiality, and I think a confidential information is one that should not be accessed under any circumstance the owner does not want, and not an information that cannot be used for ill purpose.
Sure, I can read my sister's diary and no harm will come of it. I will feel empowered by a secret, but the knowledge I gleaned. I'm not going to blackmail her with the info, I just satisfied a curiosity I believe inherent and essential to my personality.
But the unethical act, here, is not the use of the information, but the unlawful access of the information itself. That's a distinction we didn't make back in the 80's, when 'information' was mostly the contents of the 'porn' directory of your fellow alumni. In today's age, information on computer systems has become much more sensitive.
That's the idea behind my flagging a dychotomy, and why my use of the term 'hacker' was changed from the original for the purpose of my post.
"There is no surer way to ruin a good discussion than to contaminate it with the facts."
Re:Thank God (Score:1)
Re:Access to information (Score:2)
a good hack is anything interesting, or amusing, and above all clever.
A possable example is the hack to Xdoom to kill processes.
Free Software: Hacker's comeback (Score:2)
One of the major figure responsible for the destruction of the original hackerdom was Bill Gates. When first version of his Basic was freely passed among hackers, Bill wrote an Open Letter, declaring Software should be proprietary, and asking hackers to pay license fees for each copy of his Microsoft Basic. As time went on, Bill Gates became the richest man on earth, building his fortunes on selling and manipulating proprietary software. Business became the way of life, backstabing is common, information fell under NDAs and patents and became the subjects of lawsuits, and The Dark Age was upon the computer world.
One of the last holdouts from the original hackerdom was Richard M. Stallman [fsf.org], or RMS, of the MIT AI Labs, who would stay to the True Way to the end. To keep the original vision alive, and to make Free Software against the tide of privatiziation, he founded the GNU Project [gnu.org] and the Free Software Foundation [fsf.org] in 1983. He declared [fsf.org] that he would write a complete Unix-like operating system, composed of only Free Software, so he can share with other people who have the same dream. He began by writing free replacements of basic Unix utilities, and a free C compiler (gcc) [fsf.org]. Gradually the FSF provided most of the foundation for a Free Software/Open Source OS infrastructure. The GNU tools liberate hackers from dependence on proprietary development tools and provide the foundation which enables other Free Software projects to flourish. And by 1991, these tools enabled Linus Torvalds, a Finnish CS student, to develop the Linux kernal. This kernel filled in the last missing pieces of a totally Free OS, and by 1992 RMS's original aim was practically fulfilled.
While the proprietary software universe continued with rises and falls of companies, Bill Gates of Microsoft went on for world conquest. The Microsoft Empire destroyed or assimilated competitors, and by 1997 virtually no alternatives existed. People became subjects of Bill Gates, whose power reached far and wide. People looked toward the sky for hopes of liberation, but no one seemed answering the call.
However with the spread of the Internet, the Free Software community, composed of GNU, Linux, Apache, Perl, BSDs, etc., quietly continued to develop more Free source code and gathered strength. Finally in 1998, beginning with Netscape looking to Free Software for allies in resisting Microsoft, the New Hope is shown to the world. The vision of the original hackers, a world where the Software is By the People, Of the People and For the People, is coming into being. The Revenge against Bill Gates is in full swing. The war for liberation [slashdot.org] is intensifying!
[slashdot.org]
Re:Access to information (Score:2)
There's a big difference between educating someone and spoonfeeding them. Proper education ignites in the student a love of learning and a desire to learn more. Sure, the earliest steps are going to resemble spoonfeeding. That's only to make the inevitable missteps less painful. As the student begins to succeed, there is less need for spoonfeeding.
They won't gain critical thinking skills or the ability to learn the solution to their problems on their own.
Sure they will. Just not the first time. Very few take to computers like a duck to water. Most people (I'd guess even most slashdotters) need(ed) someone to show them a few basics early on. The critical thinking skills and the tenacity to struggle through when problems seem impossible come later.
The hairier the problem, the more satisfying it is to solve.
Re:Access to information (Score:1)
Also, there's a difference between information that should remain personal, and that which should be public. All have differing views on this, so I'll give mine.
The amount of money in my account, my sexual preferences, my phone number, a letter to my girlfriend, and my e-mail address is my private information. I have the right to choose who knows, and who is allowed to disclose those pieces of information.
Now other pieces of information like how much a publically traded company makes, how the government spends money, etc should be public made available to those to whom the government/company is responsible to.
Processes on the other hand should almost always be made public. These include how the bank secures my money, how the government takes census, how UCLA decides who goes in the dorm, and who gets booted, etc. And if any of those things aren't made public, it is perfectly ok to determine them through reverse engineering and hacking. For one thing, I don't want my bank using a cruddy method of protecting my money that any two-bit cracker can break through. Therefore, I shall try and break through. If I can, I tell them how I did it. (now, in reality I am neither skilled enough to do this, nor willing to risk jail time. However, I don't think this should be jaileable offense)
There's a difference between healthy competition and ranking, and elitism. We rank the quality of teachers, actors, politicians, employers, etc... Why not rank the quality of hackers?Now elitism is a danger. There are various things that may usually correlate with someone who is not a hacker, but are not direct indicators. Examples include people with poor spelling and grammer, people with @aol.com addresses, people who like MS stuff, etc... However, I have found that while those (and I've fit in the @aol.com address thing before) people tend to get flamed, there are always people willing to help and nurture them. And if they are humble, good, and able to demonstrate that they can hack, then I have found that there usually is acceptance.
The other issue you brought up was the idea that the level of info you have access to is in proportion to your skill. I don't believe this (though there are certainly many in the hacker/script-kiddies community who try to enforce this). When a hacker frees information, it is for everyone's benefit (there was plenty of universally available information on building [pick your color] boxes.) Now maybe the respect you're given depends on your skill, but no matter what your skill, the information should be available to you.
Well, I've ranted long enough, time to go....
The Manifestos (Score:1)
"GNU... is the name for the complete Unix-compatible software system which I am writing so that I can give it away free... Once GNU is written, everyone will be able to obtain good system software free, just like air."----The GNU Manifesto, Richard Stallman, Free Software Foundation, 1985
Microsoft Windows vs. GNU/Linux, 2000
Re:Hackers Part Deux? (Score:1)
What! How could anyone possibly steal and lock away the Mosaic code? Boy, the Jews are gonna be pissed off when they hear about this.
;)
Thats the way! (Score:1)
That book gives a good picture of the reality hacking. Or should i say, the good old time hacking.
Some days ago i saw this new TV program, called The Net, it was totaly Sandra-Bullock-as-Angela-Bennet-in-the-net based, this char in this program
was allso named Angela, and she did fix software bugs too. And they did
switch her identify too, as you surly understand i allmost started to cry.
And thoose screen effect that Hollowood thinks is simular to a "hack".
Well, your screen dont start turn around and strong colors dont apend when
you receive an e-mail. The worse thing was when she took up this voise
controled computer that she could talk to and the computer would answer.
She did talk without any problem and the computer did read it right and
no wrong spelling.
Hollywood, PLZ stop it
Re:If information should be free, then ... (Score:2)
The thing is as beautifully orchestrated as a fine novel- it's so much more than just information. Steven Levy absolutely rules
Seconded (Score:2)
My heros page (Score:2)
Re:Think man, think (Score:2)
Great analogy, but a wrong one.
A cracker would break the lock to read the diary (for whatever reasons).
A hacker would figure out how the lock worked, pick it, and then notify his sister that her diary may be insecure. Moreover, this act would occur without the hacker caring about the contents of the diary, and possibly (in my case) going to great lengths to make sure that he didn't see a word.
WRT privacy of personal information, the hacker really only cares about his own. The cracker wants to did it up for personal reasons (blackmail, negotiations, espionage, etc.). The hacker (again, I'm going by my own morals here) would take care to avoid being in the situation that allows him to see the info.
As an example: if I break into your box because of some undocumented exploit, I'd verify the exploit and mail it to you, possibly with a patch. I would not go straight to
It is a very subtle and possibly subjective distinction, but it does need to be made.
thanks to all who posted on this thread (Score:1)
I'm often asked to write a sequel to Hackers. In a sense, much of what I've written since is a followup. Many of the themes, and often some of the same people, appear in my subsequent books, and certainly my magazine journalism. Some of the people in the book I'm currently finishing, Crypto, have more than a bit of the hacker spirit in them (Whit Diffie, etc). And it was great to meet Linus Torvalds when I did an article about Open Source for Newsweek some time ago. It is really terrific that Richard Stallman was far from "the last true hacker" and that the very best of the spirit he represents still blazes brightly.
Thanks for posting, folks.
Steven Levy
Re:Thank God (Score:1)
It's not, though. I got my copy from amazon just two weeks ago. Normal shipment, i.e. no waiting.
Re:If information should be free, then ... (Score:1)
Follow-up interviews with some people from Hackers (Score:2)
A damn good read, IMO.
Re:Access to information (Score:1)
Access to information (Score:5)
Disclaimer++: I'm not flaming [cr|h]ackers nor am I denouncing the principles listed in the book's review. If anything, I'm curious to read the book. I'm outlining an apparent contradiction and trying to resolve it.
I always thought that was something of a dychotomy. On one side, the hacker mindset is that all computer systems should be wide open. On the other hand, the hacker mistrusts organizations and governments.
And herein lies the contradiction: if it's alright to break into a system because you have the technical skill and invested efforts to do so, the hacker ethic says you can. Yet if a government breaks into your system, it's wrong and unethical, and a break of the sacrosanct privacy.
I think this ties in to the elitist approach to hacker standing: a hacker proves its worth by his hacks. The point being, if you have to use technical skill and cracking knowledge to get into a system, you can. If all that is being used is political weight to finance an intrusion campaign, then it's wrong, because no effort is spent on actually penetrating the system.
And so, the hacker maxim has to be revised: I think it should read, the level of information you are allowed to get is proportional to the skill you display.
And so we're back to an elitist system, where not much thought is given to equality, but where strength determines the level of freedom you have. I can't help but feel this is a wrong system, because it sounds like anarchy without concern for the other members of your society. The law of the jungle, if you will.
Anyone wish to contradict me? I'd love to know what you guys think.
"There is no surer way to ruin a good discussion than to contaminate it with the facts."
excellent book (Score:1)
Good to see this review.
Re:Access to information (Score:1)
Hackers Part Deux? (Score:2)
The Free Software Revolutionaries
---------------------------------
Linus Torvalds & Linux
Richard Stallman, Eric S. Raymond & GNU
Phil Zimmerman & PGP
The Internet Hackers
--------------------
Tim Berners-Lee & the WWW
Scott Andreesen & Netscape
James Gosling, Sun & Java
More Game Hackers
----------------
John Carmack, John Romero & Id
The Where Are They Now Files
----------------------------
Gate$ & Jobs
Any names I forgot?
Re:Access to information (Score:2)
The point being, if you have to use technical skill and cracking knowledge to get into a system, you can. If all that is being used is political weight to finance an intrusion campaign, then it's wrong, because no effort is spent on actually penetrating the system.
First, I have to agree that this philosophy does, pragmatically, lead to a form of anarchy. It works in well in small, contained environments where people basically have similar ethics (eg, the early MIT lab) and less well in large, morally heterogenious (sp? to early to spell) environments.
However, to a hacker (and I use this in the strict mucking-about-on-computers-'cause-it's-fun sense) the difference here is not so much the deed (getting into machines) as the reason (learning, challenge of the puzzle, etc). At one time, there was no money/notoriety/teenage testosterone boy ego type of advantage to hacking on systems. It was done for other reasons. It was assumed that if you had attained a high enough level of proficiency to get into things you weren't supposed to, you weren't motivated by these things because there were certainly better ways of attaining them.
Governments (and corp.s) obviously have other motivations. They are not interested in intellectual challenges. If they want into your system, it's not to see you did a cool hack. They want to know if you would think about blowing something up. They're actions are similar, they're motivations vastly different, and therefore their ethical stance very much at odds with the hacker ethos.
So, I wouldn't say that the hackers desire for total access is at odds (ethically) with the equally strong desire for privacy. It's just based on a (in my opinion) flawed assumption that increased ability is an indicator of higher ethical standards. When you inflate ability through artificial means (money, hiring someone else to do it, etc) you're committing a shady act before you even get anything.
It's really more of a technocratic elitism than anarchy. And just because I don't think it's necessarily a good basis for an ethical system, it's certainly debatable whether any other system is better.
whew.There *is* Glory in Software Engineering (Score:5)
The other thing which I remember from reading Hackers, was a sort of vague feeling (which I've since refined a bit) of being a disciple of an art rather than just a programmer. The way I look at this (for myself) is, that yes, I'm payed by my employer, but my ultimate allegiance is to the field of computers, not to any particular manifestation of it (such as a company). As such the field (art) itself means much more to me than any one company and Linux (to me) is the/an embodyment of this spirit
This book drives home the fact the openness of information (or source code for us geeks) is a good thing, a concept that a few years ago seemed to wither away and which has now been (due to the success of Linux) thrust again into the public's view. If you want a good read of where much of this comes from, read Hackers
Further Info (Score:1)
Aren't the pioneers of the information age just frightening?
Which way now? Down.
Re:Cycles (Score:2)
Now, yes, there's been a lot more free software available lately, but if you look at it in the larger picture, most companies are still closed source. There are only a handful of companies that even consider free software and there are still a large percentage that probably don't even see it on their radar. They know what Linux is, of course, but the concept as a whole isn't something they even care about.
So "hacking" and the free software movement really isn't much different now than it was back then - it's just a different environment. The "next cycle"? Hell, it might be that everyone jumps on the OpenSource bandwagon, but I doubt it. It's just not worth it to most companies and whether you like it or not, programmers would make less money.
-----------
"You can't shake the Devil's hand and say you're only kidding."
Another good one by Steven Levy (Score:2)
Cycles (Score:2)
It's interesting how the whole open source movement these days really does subscribe to Levy's description of the "Golden Age" of hacking. People get to see the source code of other people's work, modify it so that it's "better," then rerelease it back for everyone else's "consumption." It's kind of like the TMRC, only a much wider group of hackers (ie the whole world) is now involved. It's like it's just another cycle in the history of hacking, just on a much larger scale than ever.
Anyone have any ideas on what the next "cycle" might be?
The differences between hackers and government. (Score:2)
A government can, with relative ease, stop an individual from doing something the government doesn't like. Part of that ability to stop comes from the government's ability to monitor the actions of all citizens in order to catch the ones that are doing things the government doesn't like.
The level of enforcement authority is the main difference between an individual hacker, and the government.
Whether or not the elitist system is bad, we already have one. The level of information you are allowed to get is currently proportional to the amount of money (or power) you have to spend on information retrieval. It's not anarchy, yet, due to the fact that there are government controls on who can (theoretically, at least) gain access to more specific information. However, I would guess that the Pres. of the US, and other world leaders, have more access to information about an individual (should they care to ask), than I would have about the President.
Figuring out how to balance the needs of the country for security from criminals, with the needs of the country for security from governments, is a hard problem, at least from the government's point of view.
From my point of view, it's easy. "I'm not a criminal, so leave me alone." Not everyone has this view, and it is a somewhat dangerous position to actually have implemented. If I'm being entirely left alone by the government, then some criminal may just attack me (since the gov. isn't watching me). I am willing to take that risk. Many people are not, and they probably shouldn't be forced to take that risk.
Agreed (Score:1)
He's been pretty well known in the Mac community for a while now, he used to write a good column for MacWorld, wrote a few books, etc.
- Darchmare
- Axis Mutatis, http://www.axismutatis.net
Re:Think man, think (Score:1)
I think the difference between your analogy and mine arises when you understand what is a security hole exploit and what is an allowed activity. If you believe everything you can do should be allowed, then you don't believe in the unethical breech of privacy. If you understand that not just because you can do it means it's right, then you can do some decent ethical hacking.
As a matter of fact, this makes sense in the hacker vs. cracker debate: whereas hackers can do what crackers do and more, they do so out of curiosity, and more or less as a public service. Whereas crackers, and especially script kiddies, feel empowered with the capacity to break a system, and reason that since they can do it without illegal equipment, it justifies their actions.
"There is no surer way to ruin a good discussion than to contaminate it with the facts."
Re:Think man, think (Score:1)
A hacker can do far more than a cracker. The temptation is surely there to do everything possible, whether out of curiosity or corruption. However, along with the years of learning and doing comes a sense of Right and Wrong. Age and maturity bear wisdom as their child, and this wisdom grows into a personal representation of the Hacker's Ethic.
5kR1p4 K1DD135 lack the knowledge. Crackers lack the maturity. As such, there can be no representation of the Hacker's Ethic for them. In time, perhaps, but a lot of things happen between now and then.
In conclusion, I will greatfully use a metaphor I saw in another post. As the American Indian has the Red Road, the Buddist has the Buddha Dharma, and the Christian has the Straight and Narrow, so does the Hacker have the computer and the Hacker's Ethic. The journey into computers and hackerdom closely parallels one's personal development.
As it should be, waiting is.
zantispam.unMount(SoapBox);
Re:Hopefully (Score:1)
- Darchmare
- Axis Mutatis, http://www.axismutatis.net
Woz, Jobs & blue boxes (Score:1)
In fact, many hackers *ARE* greasy little dope smokers.
Good book (Score:1)
Freedom Coders (Score:1)
I recognize that reclaiming the word "hacker" from the media is an uphill battle that many people here are fighting, but it seems to beg the question as to why you'd even WANT to be called a hacker in the first place.
When most people say "hacker," they mean cracker. The media won't use the word "cracker," because it sounds like slang. (In fact, it's already taken, as a racial slang term, making it a word you basically can't say on TV.) Hackers who aren't crackers are just coders, committed to the cause of freedom (esp. of information).
I'd rather people call me a Freedom Coder than they call me a "hacker." The term itself automatically communicates the fact that I write code, that I have an ethical system, and that I care about freedom. What does the word "hacker" convey? Mistrust of authority, at best?
Re:Hackers Part Deux? (Score:1)
Larry Wall (Perl seems to be the de facto languge for CGI)
Alan Cox and/or any of the other more prominent Linux hackers (maybe just put short one-page profiles of some of the more major contributers in the chapter on Torvalds and Linux)
the guy who wrote/engineered/whatever C++ (his name escapes me)
The CEO of RedHat (can't remember his name either - hey, I'm on a roll!)
I'm sure there are plenty of others, too. Not all of them would need a chapter of their own, but there are many people who are less well known than those you've mentioned, yet who still deserve at least some recognition for what they've done, IMHO at least.
Oh, and please forgive me if I've accidentally used a name in the wrong place, or something of the like; I have an uncanny ability to mess up names, whenever and however possible.
Re:Further Info (Score:1)
The movie was so full of flaws and mischaracterizations it's not even funny. I'll toss out one example: If you had watched the movie and didn't know any better, you'd have thought that Windows was a 'big player' by the time the Mac was released. In reality, it didn't get anywhere until Win3.X came out.
Hackers was written as an exploration of the hacker community at MIT, etc. PoSV was made to sell advertising slots.
- Darchmare
- Axis Mutatis, http://www.axismutatis.net
Security *IS* Stability (Score:2)
If you ever want to find a program that's easy to crash, look for one that's been designed without any security in mind. Similarly, if you wish to locate the most stable, trustable system, look for those where security is a critical specification to which every design pattern must adhere to.
This isn't that hard to understand. Software that's not designed to accept data streams that lack "sanity"(translation: Data formatted according to the protocol specification) from external procedures, processes, or network connections is doomed to, on occasion, accidentally recieve such "contraband" information and crash and burn from the time-bomb buried within.
Often, such missing sanity checks are the result of the following "famous last words" from a software developer: "That'll never happen--the code would never do that."
Not only can it happen, not only will it happen eventually, but because of those who would exploit such weaknesses--be they joyriders, or worse--it will happen to such a degree that customers will be harmed, and code will need to be patched and deployed long after it was written.
The same kind of bean counters that decide it's cheaper to let 100K people die from an exploding gas tank and settle each of those lawsuits than fix a problem that's embedded in a few million vehicles also work at computer companies. If it wasn't for those who would discover and address the flaws in the infrastructure of our increasingly critical(and simultaneously fragile and surprisingly resilient) technological lifestyle, the computer industry's accountants could honestly claim it would be much less expensive for customers to crash(making them more likely to upgrade anyway!) then for the company to build security/stability into their code.
There are some, of course, who criticize the willingness of hackers to release vulnerability information publically, primarily because the information can then be used (and abused) by the cracker set. There are two responses to this:
1) Software companies have a miserable record responding to anything but crisis. If I close my eyes and imagine a half million people like me(only much more experienced in whatever field they're specialized in), I completely understand. Regardless, it bothers me to know that, from what I've seen, security/stability patches are almost never issued unless there is an active exploit being used. It is a common theme for example code to be released with the disclaimer "I sent this to Microsoft a month ago and they never responded." I personally discovered a reasonably troublesome flaw in the Windows 9x TCP/IP stack [doxpara.com]--the most I've ever gotten back from Microsoft is a third hand message through a PR Flack that--you guessed it--"This is hardly ever a problem." And, of course--no fix.
I'd like to say YMMV(Your Mileage May Vary), but I doubt it. As for my second response...
2) I'll take some kid playing around with his first script long before I want to be attacked by either a competitor or (shudder) a hostile foreign government. Competing corporations(*ahem* I'll avoid getting Gibsonian for this one post) and hostile governments are quite unlikely to divulge their discoveries regarding infrastructural weaknesses, but the Hacker Ethic demands that Hackers do. Furthermore, it assigns significant prestige to those who not only describe flaws but provide effective solutions to them as well. It is these solutions that are the "carrot" delivered to server administrators in an honest attempt to strengthen the stability/security of the overall infrastructure, while the crackers of the world essentially form a constant, low-level "stick" that reminds administrators of the damage a full-scale, corporate or military infrastructure attack can levy.
Mandating security by governmental fiat is essentially ineffective, though there is no small irony as to the inititals of the Internal Security Service such a mandate would create. (For those who don't know, ISS is one of the more respected groups of security professionals.)
The continual, open dialog of hackers, however, is responsible for the fact that we actually do have a pretty extensive Certificate Authority architecture backing online Credit Card Transactions. Without hackers raising the red flag, businesses would have ignored the risk so as to increase online purchasing at lower initial investments, media would have ignored the faults so as to not upset the advertisers, and government would have stayed out of the way so as to not lose any votes from Big Business. (Granted, it's likely the Hackers got so much press in the mid-90's because preventing people from feeling secure inputting CC#'s online benefited certain uberconglomerate interests that weren't ready to go online just yet and had a large stake in people actually *gasp* going to a store/mall. But the same guys who spoke about what you shouldn't do online also emphasized the SSL solution to transactional privacy, thus training millions of people to look for the lock before sending in their card #. That the SSL system is actually reasonably air-tight considering its ambition is genuinely impressive.)
I have, of course, spoken of only one subset of hackers--the network security gurus that I worship and hope to one day be among. Each of the many flavors--and yes, they all blend together in one form or another--of hackers bring something to the table that, yes, is of significant social import.
It'll be interesting when the sociologists turn around and start analyzing the scene in earnest...
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Re:Access to information (Score:4)
I always thought that was something of a dychotomy. On one side, the hacker mindset is that all computer systems should be wide open. On the other hand, the hacker mistrusts organizations and governments.
That part of the hacker ethic is certainly showing its age today. In the early days there was less need for mistrust. Governments and organizations were, in those days, largely ignorant of hackers. Security on computer systems was less of a concern when the only ones who might be interested in the systems, how they worked, and what was stored on them were other hackers.
The ignorance worked both ways though - as the book indicates, the hacker pioneers themselves, immersed as they were in the deep structures of their beloved systems, were often ignorant of the interest that governments and organizations might indeed have. It just never occurred to most of them that security might be an issue. At least at first.
And so, the hacker maxim has to be revised: I think it should read, "the level of information you are allowed to get is proportional to the skill you display".
Maybe. In a way that's always been the case. When the skills in question are those used in gaining access to information, the level of information you are allowed to get is indeed proportional to the skill you display.
Sure, there are ignorant lusers with alarmingly high levels of access to information. But whose fault is that? They wouldn't have that kind of access if someone (someone who knows their sh1t) didn't give it to them. When ignorant people are granted access to computer systems there are two options. The easy one is to just give it to them without explaination and let them muddle through. This is a bad move in the short term, as they're still ignorant and now they have the power to damage things. The better way is to educate them. It's not as easy in the short term, but it pays off over time.
read Ch. 1,2 online (Score:3)
If information should be free, then ... (Score:1)
Re:Hackers Part Deux? (Score:1)
Re:Access to information (Score:1)
I agree with you to a degree, but the impression I got from the book (it is a fantastic read) was that the hackers use of their skills was simply to prove they could. show off as it where, break into a system because it was there. it was never to gain access to sensitive information or to discover secrets. it would appear that the government isn't simply out to display their skills but to use them in a possiably covert manner. Hackers wish to show off an learn.
But that's just my reading of the situation.
Peter Deutsch? (Score:1)
Re:Access to information (Score:1)
The problem I have with this is that people don't appreciate something that is given to them as much as they appreciate something they have to (l)earn with their own blood, sweat, and tears. Moreover, if people are spoonfed knowledge early, they'll always expect it. They won't gain critical thinking skills or the ability to learn the solution to their problems on their own. All they'll know how to do is go to #linux and say "Can someone please help me do this?"
Not so great a book... (Score:1)
Re:Think man, think (Score:1)
Re:Peter Deutsch? (Score:1)
--------------------------
Your Favorite OS Sucks.
^D
Re: Hackers (Score:1)
Give a copy to a budding young coder. (Score:1)
Back before I dropped out of high school (not to worry, I've got my diploma now thanks to night classes on the side), I lobbied hard for the Windows loving, Gates worshiping computer department head to include the book as part of the curriculum, instead of the book "Hard Drive" which focuses on Gates and Microsoft, rather than the industry as a whole. Sadly, my pleas fell on deaf ears. I really do believe it should be required reading material for anyone even beginning to get on the road to hackerdom.
I know *I* learned a lot from it.
Re:Access to information (Score:1)
"The Transparent Society" by David Brin.
The main question addressed in it is, how much of a right do I have to other people's personal info? How much of a right do they have to mine?
Brin proposes that 'viewing rights' should be as symmetric as possible, and as open as can be agreed upon (i.e., most people probably don't want you reading their personal email). The additional condition goes something like this: the more power you're given, the more people should be able to keep an eye on you. Records, bookkeeping, etc. of the government should be open to everyone, easily. Internal records of corporations should be available to every employee. Etc. Basically, accountability to other people is proportional to your power to affect their lives.
Re:Hackers Part Deux? (Score:1)
Anyone else interested? Email me: rings888@yahooANTISPAM.com
Hacker ethics and RMS' 1983 biography (Score:2)
I should probably also note that RMS recently published his 1983 biography on his home page [gnu.org]. It's somewhat related to the chapter on him in the book since it was written just the year before the book was published, and, I think, just before the idea of GNU came into light.
Re:excellent book (Score:1)
yep, I agree. I also liked that bittersweet (yes, Spock, that's "an emotion", probably off-topic) scene where one of 'em went to Cape Canavaral and watched the shuttle take off, and he was awed by the magnitude of the accomplishment, especially considering how totally lame NASA and the government are, especially considering how not lame how all the hackers were but how lame their accomplishments were, accomplishments like "Eliza == AI".
So, it's gratifying that finally, with Linux and the open and free software movements, we are seeing the hackers' Space Shuttle start to lift off.