Slashdot Mirror
Hackers At Large, August 10-12
"HAL2001 is a camping event on campus of the University of Twente in the Netherlands. Connected with 15km UTP, 2km fiber, 50 wireless base stations and a 1GB uplink, we're providing 3000 people with probably the most stable hostile network ever.
"Talk to the experts on IPsec, IPv6, Multicast, and be part of the largest public deployment of IPsec and DNSSEC. There will be talks and workshops about GSM security, AI, Lawful and unlawful interception, digital safes, bank security, copy protection, biometrics, IP allocation, intellectual property and anonymity and even an RSI workshop.
"If you can truly celebrate the Internet and embrace new technologies, without forgetting your responsibility to tell others that new technologies come with new risks to the individual and to society as a whole, then this is the place to be this summer."
Does anyone know the IP address space range the University of Twente has? I might as well null route them now before I forget about it.
maybe something else need to be discussed too : the reason why the internet is changing from a library into a supermarket.
Damn, that's a different sort of "fat pipe" to the ones most tourists go to the Netherlands for :-)
I thought UTP was only good to something like 500m - I'm sure 15km is way over spec.
(For the humour impared, I know what they mean, but that's how I read it at first.)
-"Zow"
And yes, real hackers go to hacker conventions.
Of course, weenies and kiddies happen to go to hacker conventions, too, hoping that some of the heroic image rubs off on them. I am happy to have met several real hackers on several hacker conventions and that some people who have met me on hacker conventions consider me a hacker, too.
Yes. police will attend. We've already talked :)
to them. Look for different colour wristbands
HAL is the last place on earth to do illegal
things. But if you want to learn about the police,
there are plenty of relevant workshops about them.
We're trying to invite the police to give a talk about the new tapping laws, but so far we didn't get anyone who is willing (or able, or allowed) to explain the lawful interception side of the tapping issue.
> Hackers? In the land of legal weed and prostitution? The Dutch better be preparred.
:)
Actually, weed is quite illegal in the Netherlands. However, it is officially tolerated.
Prostitution is legal, though, yes, so if that gets you going, please come.
Note that Dutch law is *very* strict on cracking however. It has been forbidden to crack accounts on computers for some seven years already, and people *have* been arrested for such acts. Besides, the Acceptable Use Policy is pretty clear on what is and is not accepted behaviour (basically: be nice to the network or the network crew won't be to you). Yes, the Dutch *are* well prepared.
that is voted least likely to be sponsored by Microsoft...
The secret of success is honesty and fair dealing. If you can fake those, you've got it made. (Marx)
Actually, it seems some of the trolls still do need it explained to them.
"Depression is merely anger without enthusiasm." - Anonymous
Hackers? In the land of legal weed and prostitution? The Dutch better be preparred.
Oh, and the l^Hname.....(with sincerest appologies to Arthur C. Clarke)
HAL: Dave? What are you doing, Dave?
Dave: Cleaning my bong, bud. Blasting off to the Netherlands, dude.
HAL: Why, Dave?
Dave: 'Cuz there's a really leet hackers gethering in the Netherlands.
HAL: Why there, Dave?
Dave: Two words, my overclocked friend - WEED and CHIXORS.
HAL: I still don't understand, Dave.
Dave: Shut up, dude. I gotta go to HAL2001!
HAL: Excuse me, Dave?
Dave: No, sugar-for-brains! Not you, that's what the "gathering" is called...
HAL: Sounds like a trademark infringement, Dave.
Dave: Lighten up, dude! I really need some more time away from the heuristics, and get some whore-istics-with-smoke into my life!
HAL: That's not ethical, Dave. You just can't take someone's Intellectual P..ro......p...p....er......teeeeeee......
Dave: Ya, dude but I can give you a lobotomy by yanking on this chip. Speaking of lobotomies...
Oh, never mind...
"Depression is merely anger without enthusiasm." - Anonymous
...many thousands of hacker types are on their way to DEFCON 9 right now. (My plane leaves tonight). That might explain the lack of activity you're seeing.
You're a liberal individual, but you want laws regulating other people's behaviour, even when it doesn't affect you?
Prostitution isn't abuse of women, and making it illegal doesn't make it go away. Or were those women in NY offering me a good time just going to take me to Disney Land?
As for your other assertion about tolerating drug use. All the evidence is the other way (unless one includes actual drug use itself as a crime, I guess. Though even there, drug use in the Netherlands has gone down, while everywhere else in Europe it's on the rise). Drug related crime is a huge proportion of all property crimes (muggings, thefts, low level frauds etc) by people trying to get the money to pay the inflated prices of most drugs (inflated by simple market economics of supply and demand. Make something illegal, supply tends to go down). Legalised, it would cost a fraction of what it now costs, reducing the money addicts would need to pay for their next fix.
Of course where I live in London, the police haven't actually bothered enforcing drug posession laws in a long time, but that's another story...
Coffeeshops need a permit to posess more than 5 grams. They're allowed to have something like less than a kilo. Again: don't know the exact numbers.
Consequently coffeeshops are allowed to sell weed, but the amounts they need to produce or import cannot in any possible way be produced or imported legally. So now we have the weird situation of coffeeshops which are allowed to posess a lot of weed don't have a way to buy or produce the shit legally.
By the way: if I'm correct, Belgium has about the same strategy now. Consequently about all visitors of the Rock-Werchter festival 2 weeks ago were smoking pot while a few years ago the cops even searched through the artists places for weed.
0x or or snor perron?!
The University of Twente is not far from where I live. Time to break out the camping gear, work up a presentation, strip the laptop of anything important, and call in sick.
/. crew, and write it off as a tradeshow expense.
The Netherlands have the best hacking conventions in the world. The Galactic Hackers Party was held in a converted church in the middle of Amsterdam, attracted over a thousand, and generated a lot of (mostly mis-reported) press. Hacking at the End of the Universe was even better. HiP attracted way too many people, but was the first where lots of corporate security types attended just to hear what kinds of cracks and exploits were really available.
It is pretty amazing the organisers have managed to get the use of classrooms and access to the university's internet connection. They are paying for this with corporate sponsorships and are selling tent space to corporations. Too bad the economy isn't very good right now, a couple of years ago many big corps would have put up tents just to recruit the best techies in Europe. OSDN should send some of the
And the UoTwente is home to the Simple Web SNMP package.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Or is it invite only? 3000 places wont go far..
in the Netherlands (which the reference to coffeeshop was) the main product of a coffee-shop is, despite the name, not coffee (although my favourite coffeeshop has pretty good coffee)
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
Belgium doesn't allow coffee-shops yet. For the rest it's pretty much the same, personal use and small possession is condoned.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
1Gigabit/s, no? Bet you could still get a good haul off that pipe though!
Wah!
Dear God, what kind of hell is Belgium?
(Heh, reminds me of that Far Side: [In Hell] "Man! The coffee's even cold here. They've thought of everything!" Only cold coffee would be better than no coffee.
---
Linux: The world's best text-adventure game.
Yes. police will attend. We've already talked :)
to them. Look for different colour wristbands
HAL is the last place on earth to do illegal
things. But if you want to learn about the police,
there are plenty of relevant workshops about them.
Will the police be running the workshops about themselves or is it going to be stritctly from the observer's point of view?
Wheeeee
Yes, hacking does not mean "breaking" into other computers. But this conference isn't about all that either. If you are the security person for your organization - think about this: it's an opportunity to have a level field with the kind of people who might know more about your systems' security than you.
If you are thinking of developing a new protocol (chat, vrml, etc...) and want to hear what others think about the possibilities of exploit you open yourself up to - think about it: (ditto from above).
Sure, the people you mention "hack" code. In that use of the term it's like the Dr. Pepper commercials: "I'm a hacker, he's a hacker, she's a hacker..." Do I write code: yes. Do I "hack" the code: yes. Have I ever broken into a system where I did not have permission ahead of time to go poking: no. Have I ever developed an application that could be used for evil: yes, but I did it to demonstrate how insecure my target protocol was. Am I a genuine threat to you, your credit card number, your dog's alpo dish: no. Am I thinking deeply about the neat jargon going to be passed around there: yes, I'd love to be a fly on the wall.
Unfortunitly most companies don't take computer security seriously enough to understand the value of conferences like this one. 2600 meetings under the stairs at the local subway might seem like a good way to loose your walet, but it might be a good way to learn what online places are vulverable and therefore not worth the risk of credit card transations...
Wheeeee
The HAL network:
During HAL, we will try to offer connectivity for all. We will make use of the traditional wire-based Ethernet technology, but we will also experiment with wireless technology. The University of Twente will sponsor HAL with a 1Gbit/s uplink to the Internet. In this section of the website, we will post all kinds of information relevant to the HAL network.
Fry: heh, Yakov Smirnoff said it
Leela: No he didn't.
hackers dont call themselves hackers and geeks dont call themselves geeks and nerds dont call themselves nerds don't stick to those names too much... I don't think there will be too many script kiddies (that's what I would call your fictional hacker). I've been at LinuxTag last week, and I met many "hackers" or "geeks" like me (none of these told me stupid stories about FBI etc.) - it was a really nice experience at LinuxTag talking to so many people who had the same interests. There I decided that I'll go to HAL 2001. But how shall we call ourselves? ... just a short word, when we say it, everybody will know what we are. Isn't "hacker" a nice word?
Look at the website of HIP 97 and you know that Hackers like to be in tents. www.hip.nl
Use Adsense for Charity
Boy there were fun and definately knew what they were doing , most of them sat behind me all day watching my steps while I was introduced to my first mp3's (remember "20th century boy" - that was the big hit at that time) and while I was making space on my system and playing ultraloud drum 'n bass on my stereo.
Why, you ask yourself, were those guys sitting behind me all the time? Well hip 97 was during a heathwave and I happened to be the only one that had a big van! Sometimes things are really that simple.
By the way this time I'm going again and I'm going to take 60 gb of drum 'n bass with me so everyone can play it out loud there, yeah! I know what music the secret service likes.
How 'bout we have a /. pool to see who can guess how many US G-MEN will be in attendance.
Each person pays $1 and the person who guesses the correct number of G-MEN in attendance gets the money.
I wish I could think of a witty Sig. Sigh!
Brian: "You are all individuals!"
Crowd: "Yes! We are all individuals!"
Lone man: "I'm not."
All that we see or seem is but a dream within a dream.
If you are the security person for your organization - think about this: it's an opportunity to have a level field with the kind of people who might know more about your systems' security than you.
While this is an interesting point, I think it would be much more useful for said Security Person to start reading the right newsgroups, and visiting the right web sites.
It's a much better jump-point for someone trying to remain up-to-date on their network & server configs.
Besides, I don't think this event will be filled with the types of people who can actually construct their own Checkpoint exploits (a rare breed of individual), and is more likely to be a lot of Linux guys having fun.
Unfortunitly most companies don't take computer security seriously enough to understand the value of conferences like this one.
Again, I take your point, but in my opinion it's of virtually zero value compared to sending your "Security Person" to a decent Security course ran by a half-way respected organisation.
When people now talk about privacy on the net, they aren't referring to the traffic on the network, they are referring to corporates (usually American) selling your private details, which may have been required for a transaction, to all and sundry.
Here in the UK we have strong privacy laws, but our data still manages to flow from marketing company to marketing company.
I agree we should be very careful with the data we release to others (and not just via the Internet), but it's a fact of life to give out your phone & card details to someone you want to buy something for. The issue is that you should be protected from this company then using your details for something further than the actual sale!
ps: Wasn't Roscoe the Sheriff in the Dukes of Hazzard? git git git!!
Well, one could argue, that a "speeding" motorist is more of a danger to society then a hacker smoking pot...
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
While prostitution is indeed legal (as in most European countries), weed is not.
Technically speaking weed is illegal in Holland. Use however is tolerated and you can buy small amounts in coffee shops.
The cops in Holland follow the so called "Oportunitaetsprinzip (German, sorry wouldn't know the correct translation). This means in essence, that when a crime is considered chicken-shit, the cops have better things to do then fine you 50 Gilders because have two grams of grass in your posetion and should use their resources to go after really bad guys.
For the average visitor this doesn't matter much. She goes to a coffee shop, buys a baggy and puffs away. She should be aware however that in a strict sense this is not legal, and she shouldn't provoke authorities by smoking in front of the DAs office.
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
So if people want privacy on the Net, they should be very responsible and careful about what information they commit to it in the first place (i.e. once you email your super-secret password to your girlfriend, you should consider it as good as public) or they shouldn't be on the Net.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Excellent choice! Dont forget "drop" (quite different from liqorice, but the same basic idea), "Hagelslag" (chocolate product) and "stamppot" (meal style, involves a lot of mashing stuff together).
Sig (appended to the end of comments I post, 54 chars)
I was just going there for the pickled haring, the oude jenever, the stroopwaffelen and the speculaas!
----
Your mind is squeezed by a blast of pain!
Yes, im sure the UNITED STATES Secret Service will be arresting people in the NETHERLANDS....
Meanwhile in L.A., Japanese Police are conducting raids on crackhouses, while Zimbabwe authorities are handing out traffic tickets in NYC...
dolt...
"Pussy: You spend 9 months trying to get out of it, and the rest of your life trying to get back in..."
I lost my concept of community when my community lost all concept of me.
The whole reason for this event is to take down slashdot and replace all the graphics with "All your base are belong to us"
Isn't that all the dutch do? They took down how many sites and replaced it with AYB?
So, here goes: "All your news for nerds are belong to us"
Get your Unix fortune now!
...for the stream of people explaning the difference between a "hacker" or a "cracker". Someone will undoubtedly also explain the "White Hat / Black Hat" concept. Thanks guys!
___
___
The way to see by faith is to shut the eye of reason. --Ben Franklin
True, but largely irrelevant. This can be (is) done by collecting statistics about what has been sold. And I'm perfectly capable of asking for goods that aren't on sale I do this fairly often; usually met with something along the lines of "Oh no, there's no demand for it around here." The old chestnut that follows this is usually "You're the 20th person I've told today.". I've never heard anything like it in real life, but I often get the feeling my asking is an interruption to the more important work of the information-desk person. Perhaps if the stores started listening to what their customers really want instead of trying to guess what they want from what they bought before, they might do more business.
If I want something badly enough that isn't in stock, I can order what I want specially, or find a shop that does stock them, or even (in extreme circumstances) ask someone to make one especially for me. I would still argue that any information that I give in order to make a particular transaction should only be used for purposes which I've expressly authorised, and the only purpose that is by default authorised is the given transaction. You may well feel otherwise - that's your decision and your information.
BRITANNUS etc.
Astute observation, But it's interesting to note that payment by electronic means has been enthusiastically accepted by the Brits, and credit/debit cards are almost universally accepted. I'm currently living in Germany, where cash is still an important way of life. Not too many years ago, many petrol stations on the autobahns didn't accept credit cards. If you come here, don't expect to be able to pay by CC everywhere. The bank payment cards are more likely to be accepted, but it's far from universal. I'm beginning to think the German people have the right idea.
--
Every bloody emperor has his hand up history's skirt [Peter Hammill/VdGG]
I'm perfectly capable of deciding what I want, thank you. I don't need any company (profit-making or not) attempting to do that for me.
When I give them information for a purpose, I expect that information to be used for that purpose and for no other. So you see, I am reasonable about letting out the information I want distributed. It's just that there isn't any of it.
(However, the fact that someone bought such-and-such isn't my information, it's theirs.)
This isn't really much to do with the internet either. It also applies to traditional mail order companies and to high-street shops.
--
Every bloody emperor has his hand up history's skirt [Peter Hammill/VdGG]
You can't make everything yourself, others have to learn what you want to make it for you.
And there is no clean distinction between your information and their information, there is only that which you, as a valued customer, would like shared or that which you would not like shared.
If the fact that a specific product was sold is their information, then Bob Jones has no right to complain when Kinky Gear prints on their front page that they've sold 1 dildo engraved "Bob Jones' real one is even bigger, but it won't reach where this is going!"
That's an extreme example, but in some cases the time and quantity of a sale can itself strongly suggest the identity of the purchaser, especially if it's combined with other "general" information such as how it was paid for and what country it was shipped to.
It's just a matter of coming to an agreement about what is acceptable distribution of that information. If the reaction is a uniformly paranoid, "It's my information, don't touch it!" then you can hardly be surprised at companies being deceptive about what they actually do, given that some use of the information is vital, and any public disclosure causes a backlash. If you want to know, and ultimately control, what they are doing with collected data, you can't just attack them every time you hear about it.
It's not realistic to assume that your arbitrary distinction between what is "your" data and what is "their" data is a moral absolute that only evil people disagree with.
BRITANNUS (shocked):
THEODOTUS (outraged);
CAESAR (recovering his self-possession):
Caesar and Cleopatra, Act II
--George Bernard Shaw
--
I think there is far too much appeal to emotions when hackers talk about internet privacy, as if gathering consumer data was some evil conspiracy.
There are plenty of cases where you want your information distributed to for-profit companies. I mean, you can hardly complain about companies knowing what you buy and companies not knowing what you want at the same time. They need the former to even guess at the latter.
The question is how much personal detail is acceptable: sometimes you don't care if they shout it out to the world, sometimes the only data you want let out is that someone bought this product, not even what other products this anonymous person was interested in.
If customers aren't 1) reasonable about letting out information that they would want distributed, if they only thought about it for a second, and 2) not only outraged, but vengeful, when their stated wishes are betrayed, then there is no hope for a resolution to these concerns.
--
... for defcon 9!
"Your superior intellect is no match for our puny weapons!"
We're always hearing about how some fool decides to fill an exhibition center or university with crackers/hackers and do rediculous stuff with them like explain internet security or talk about IPv6. The very fact that they are hackers/crackers means they already know about this sort of thing. In fact, it's already been mentioned that no genuine crackers would ever be dumb enough to turn up to such an event.
So what we have here is a few lectures to a group of people who deem themselves "hackers" about stuff they most likely already understand.
This is almost as bad as the events where lecturers attempt to explain the Web And Its Possibilities to business executives who can't even use MS Word, let alone an interface that changes for every website they visit.
The web is not a secure place to be and it will never be "secure". The very nature of network communication relies on data being spread all over various subnets by switches and hubs, so anyone with a packet sniffer and a brain can break in. Decryption of cyphers is another matter, but I've yet to see a truly uncrackable cypher used on the web. If it can be decrypted at the other end, it can be decrypted along the way by a cracker.
Just to note; the word 'cracker' was put around by true hackers after undue media attention by dumb journalists who decided to adopt the word "hacker" to mean "someone who breaks into computer systems illegally". Therefore there is no true word for what is currently known as a cracker (other than perhaps "b*stard"), and no dictionary definition of the term. So there.
ghaa.
...when you gather the Dutch Hacktic veterans, The German CCC, The Bay Area Cypherpunks, The 2600 people, The EFF and the cryptography and security experts from all over the world?
Is it just me, or is it awfully quiet on slashdot today? Where are the nerds?
Oh yeah, please learn some Bork!Bork!Bork! before heading for this convention. Hekkes towk a more edfunced lungooege.
There is a limit, eventually they die. :)
No, of course not to the internet, to their kick ass 14.4 modem. It's an UPLINK dumbass what do you think that UP links to?
that's 1337357, guess you ain't. :)
2. The url you 'try' to point out are http://tuxedo.org/~esr/faqs/hacker-howto.html
3. The url above clearly states what a hacker is; "The hacker mind-set is not confined to this software-hacker culture. There are people who apply the hacker attitude to other things, like electronics or music -- actually, you can find it at the highest levels of any science or art. Software hackers recognize these kindred spirits elsewhere and may call them "hackers" too -- and some claim that the hacker nature is really independent of the particular medium the hacker works in. But in the rest of this document we will focus on the skills and attitudes of software hackers, and the traditions of the shared culture that originated the term `hacker'."
there are also lots of definitions of the term hacker in the jargon file, also found at ESR's page.
--
Anders K. Hanssen
akai@IRC
Once you show me paradise, I'll show you my rack
"-Who said sit down?!"
-- S. Ballmer @ MSDC 2003.