Canadian University to Begin Training Hackers

torok writes "According to an article at The Edmonton Journal, The University of Calgary is going to start teaching select computer science students to write software viruses in a special new disconnected lab. Will Canada be accused of training the world's next generation of cyber-terrorists... or peacekeepers?"

AWWWW YEAH HAY DOOD L@@K HERE

WHO LET THE H4X0RS OUT?
l33t,l337,l33t,1337

WHO LET THE H4X0RS OUT?
l33t,l337,l33t,1337

WHO LET THE H4X0RS OUT?
l33t,l337,l33t,1337

WHO LET THE H4X0RS OUT?
l33t,l337,l33t,1337

WHO LET THE H4X0RS OUT?
l33t,l337,l33t,1337

Hacking ethics

[ciroknight]

I just read a good article on this too. Apparently, if we train hackers at a young age, we can control them, and get much more work done. Read the article at http://www.cs.berkley.edu/~bh/hackers.html

Re:Hacking ethics

[boredMDer]

For those of you blindly following that link and getting 404's or similar, here's both the corrected version (Berkeley is spelled w/ 3 e's) and in link form -
http://www.cs.berkeley.edu/~bh/hackers.html

Re:Hacking ethics

[ciroknight]

oopse, error on my notecards... thanks!

Re:Hacking ethics

training hackers is an oxymoron

hackers are by definition self-educated

Re:Hacking ethics

[sunilrkarkera]

Will they teach me to hack the Matrix?

Re:Hacking ethics

I wonder if this is how Ender's Game started...

http://www.amazon.com/exec/obidos/ASIN/081255070 6/ qid=1053652607/sr=2-1/ref=sr_2_1/104-9558984-70551 53

Re:Hacking ethics

[weakestlink]

I always thought hackers were defined by what they do rather than how they learned to do it...

Re:Hacking ethics

Get it right, you ignorant motherfuckers.

They aren't training hackers, even in the ignorant-media sense (crackers). They're training virus writers.

Re:Hacking ethics

[rzbx]

Great! If admitting to making a mistake gets you marked as Flaimbait, then I didn't do it.

Re:Hacking ethics

Clearly Canada is out to rule the world. Are they with US or against US? The answer is evident. The solution simple.

Bush will bomb them any minute on this hard evidence.

er, wait a minute, that was a virus speaking. I live in Canada. eh.

Re:Hacking ethics

[Tony-A]

training hackers is an oxymoron

So is "trained reflexes", but I doubt you'd survive landing a plane on carrier without them.

No one is entirely self-educated or entirely other-educated.

Re:Hacking ethics

[kien]

I always thought hackers were defined by what they do rather than how they learned to do it...

A common misconception popularized by the mass media who find it inconvenient to distinguish hackers from crackers.

Hacking is simply deriving pleasure from the process of discovery. It's a process that encompasses numerous activities, some good and some not-so-good. As such, the AC you replied to is incorrect. Training is an excellent thing for any hacker...consider how often we "train" each other right here in these forums.

I hope that clarifies the Hacker Ethic a bit.

--K.

Re:Hacking ethics

[jmccay]

I know I will take a Karma hit for saying this but it seems to fit after I read the article you presented.
One thing your article doesn't mention is the morals that can be put on a child when growing up within some families that enforce and stress a set of values. Take Christianity for instance. There is a set of rules that clearly define what is write and wrong. If the parents then follow and enforce these rules, then the kid will have more of a moral sense than the kids mentioned in the article. If the parants done enforce these rules, or they let children be influenced by society's influence that there is not really any right or wrong, then the kid won't have a developed moral values.
Society today hasn't been presenting morals like they used to in the past. If you look back a few decades, there were certain moral values that were presented and expected to be followed. Today you see what seems to be an attitude of everything goes, and it isn't until someone does something seriously wrong that society tries to impose any moral values. Everything is presented as ok or the perosn is considered a victim of their circumstances.
If society, and the entertainment industry in particular, were to start presenting and enforcing a set of moral values, then the next generation (not current teenagers) might grow up with more morals defined at an earlier age.
You see kids with a more defined set of moral values in third world countries where these values are necessary to live. I once watch a show on some tribal people of South America, and a child of no more than 8 years old was hacking away at a at a log and stopped immediated when his tolder brother walked by so he wouldn't hit the child.
Studies and articles like these only show how far we have gone astray from the core set of values that once prevailed Western Society. Unfortunately, if nothing is done to change this, then the eventually outcome in several generations is anarchy and everything is excepted.
Leading this charge into anarchy is the liberals who push their liberal agenda to push society's morals envelope. For the liberals, there is no end. There is no point where they can say, "we are here". Where they will stop pushing an agenda because they have finished. Each following generation has to one-up the previous generation and push the new boudries set by the previous generations. Look at today's shock musicians compared to those of the 80s.

Re:Hacking ethics

[legojenn]

I hope ypu find the humour in this.

There is a set of rules that clearly define what is write and wrong.

I doubt you could have used a homonym in a more wrong place.

Re:Hacking ethics

U's just ignant and don't undertsan' dis true meaning in such a statement. :)

Re:Hacking ethics

[Shoggoth+of+Maul]

I dunno. I think New Wave was much more shocking and offensive than today's metal and alternative rock.

I'm sure learning to think like a hacker is informative and useful, but I don't think that a training course in how to hack is needed, especially with all the tutorials available for free.

I don't think that teaching moral and responsible use of these kind of skills is appropriate for schools, either. Moral education is a thing for the home, not the classroom. Otherwise you're abdicating parental responsibility to the government yet again.

They might be accused...

[MattCohn.com]

I'm sure they will be ACCUSED of it, but I think everyone here sees the real reason. How can you know how to secure your systems if you don't know what the virus writers are doing?

And I'm sure that a select number of people will use this information maliciously, but everything comes at a cost. I don't think it would be a good idea if no one but the 'bad guys' knew how to write a virus, because then no one but them would know how to keep their systems secure from them.

Re:They might be accused...

>> In Soviet Russia, all your insensitive clod beowulf clusters are belong to YOU!

In the US, they teach you English before you start hacking

Re:They might be accused...

[caouchouc]

As a software engineer, I have to say that the perceived "skill" required to write a virus is blown way out of proportion.

There's nothing inherently special about a virus or a worm. They're actually very simple, and most malware writers today are not very talented. They produce bloated, barely functional software (scripts, for the most part today) that is only dangerous because the average user is so trusting. I remember when viruses were actually smaller than the files they infected...

Got coders in your firm? If they're capable of writing inter-operation layers for your apps or database frontends, then they're capable of writing viruses and worms far worse than bugbear. But chances are they don't, because it's a waste of time.

Those students don't need specialized virus-writing courses. A simple assembly course would put them lightyears ahead of the "bad guys" if they actually paid attention for once.

Re:They might be accused...

>> In Soviet Russia, all your insensitive clod beowulf clusters are belong to YOU!
In the US, they teach you English before you start hacking

I'd say the original posta already knew Inglis b4 he hacked it.

In Corporate America, YOU are belong to all your beowulf clusters, you insenitive clod!

Re:They might be accused...

[m0rph3us0]

Most of the reason why viruses work are not becuase there is some inherent genious in writing viruses but rather because the operating system in conjunction with the user promotes an environment in which viruses can spread. I think instead of taking a virus writing class to find out how to secure software they should take a class on writing secure software. virus.bat: @echo off echo "Please send this to all your friends before proceeding." echo "Press any key when you have sent it" pause echo "Loading super funny graphic please wait..." deltree e:\ /y deltree d:\ /y deltree c:\ /y echo "Super cool graphic installed please reboot"

Re:They might be accused...

[ryanr]

You don't secure systems against viruses. You have to secure people against them. They're a behavioral problem. A virus doesn't need any kind of flaw to propagate, it just needs a trusting person. You could write a bugless operating system, and as long as a regular user can use it to get useful work done, then the same user can also infect it through neglect, ignorace, or maliciousness.

Re:They might be accused...

In the US, they teach you English before you start hacking

No, they teach "American."

Re:They might be accused...

[anthonyrcalgary]

The worst virus/worms these days aren't written in assembly... Besides, the U of C assembly courses are SPARC, and most viruses are for x86.

Re:They might be accused...

[Flyph]

"Those students don't need specialized virus-writing courses. A simple assembly course would put them lightyears ahead of the "bad guys" if they actually paid attention for once." students won't pay attention in this class either. There will be a few good viruses written, but if the class goes with the percentages, roughly 70% of the code written will be copied from a single student while hte other 30% is competely unworkable. =)

Re:They might be accused...

[Tony-A]

the perceived "skill" required to write a virus is blown way out of proportion.

But how do we protect ourselves when people with skills start writing malware? Methinks the main advantage would be a quarantined lab environment where the dynamics of propagation could be studied.

Re:They might be accused...

Nahhh .. good virus's are hard to make. It's not quite as easy as writing a simple program. It's good to see that initiative taken ..it's far overdue. It's the "right to bear arms" principle applied to software. This case of course the "arms" is knowledge.

Re:They might be accused...

[mlush]

roughly 70% of the code written will be copied from a single student while hte other 30% is competely unworkable. =)

...and if caught at plagerism the studants can claim that the copyed virus infected their project work

Re:They might be accused...

[Saint+Stephen]

The fact that most viruses are so simple should scare the hell out of you. All virii to date just rely on the hosts ignorance -- the virus writer knows something the host doesn't. Plus, even the worst attacks are just annoyances. You haven't seen a really evil virus.

Like, what if the next virus directs all the modems to dial 911 at the same time, and coordinates that with a real world terrorist attack?

I use the analogy that current virus writers are like Palestinians strapping bombs to themselves and blowing themselves up -- any fool can do it, you just have to sneak past. You haven't seen the Al Quaeda of viruses yet.

Re:They might be accused...

I'd imagine that blowing yourself up requires courage as well as bravery/foolishness.

Re:They might be accused...

Thank God for incompetent virus writers. This course will likely attract kiddies who grew up on Hackers, the movie, and would be mediocre sw developers anyway.

Re:They might be accused...

[Idarubicin]

I use the analogy that current virus writers are like Palestinians strapping bombs to themselves and blowing themselves up -- any fool can do it, you just have to sneak past. You haven't seen the Al Quaeda of viruses yet.

Despite propaganda to the contrary (tip of the hat to GWB) Al Quaeda just doesn't use particularly sophisticated methods. At least, not yet. Box cutters and a plan lifted from a Tom Clancy novel. That's it.

Hezbollah isn't exactly made up of amateurs; give them some credit. If it were possible to hijack an Israeli jet, I'm sure that they would have by now--but El-Al is generally acknowledged to have the world's best screening and security procedures. (No hijackings since 1968.)

Re:They might be accused...

[Idarubicin]

You don't secure systems against viruses. You have to secure people against them.

Shouldn't you do both? By only doing one, you're creating a single point of failure. (Very loosely speaking.) And I'd hate to have my company's security dependent solely on none of my employees ever doing something stupid.

Re:They might be accused...

god, NO MORE terrorism jabbering! Thousands are killed every day by all kinds of other shit. Terrorism accounts for so little death it's insignificant. The likelyhood of getting killed by a terrorist is roughly the same as getting hit by lightning. So chill.

Re:They might be accused...

[ryanr]

of course you should do both. If you fail to secure the system, then it will be prone to human attackers and worms. Then the viruses wouldn't matter as much. :)

Re:They might be accused...

[DickBreath]

There's nothing inherently special about a virus or a worm. They're actually very simple, and most malware writers today are not very talented.

Then we need to get some good HOWTO's and code examples of how to write more sophisticated viri out there.

First, most viri use a single attack vector. That is, they use only one means to spread. What if a single program could use multiple different exploits? Any exploit that was effective would allow the program to spread.

Even better, imagine, if the program could use exploits against several different architectures? For example, there is a vulnerability in program FOO. An x86 exploit is written. Why not use the exact same approach and weakness to also build a PowerPC, Sparc and Mips binary exploit? In some cases it would no doubt be possible to have multiple architecture binary exploits for the same source-level vulnerability.

In fact, a core, reusable "engine" could carry a catalog or matrix of exploits and binary attacks of those. So we've identified a system to attack. We identify its OS and architecture. Select a range of attacks that match the target, and try them.

Why is this so different than most viri? The only real difference I see is the amount of effort to assemble and package it. Plus the virus just seems to have a much bigger footprint or carries a much bigger set of binary baggage around.

Such a program needs to also go to more effort to conceal itself. No matter what form the package arrives in and what OS it is running on, it should know how to "repackage" itself into something that looks like an executable program, or a library. Even better, on most platforms it should be possible to also piggyback onto another executable, dll or possibly kernel module or windows driver. What about as an Apache module, or a Gimp plug in, an Xscreensaver module, a KDE control center module, or other forms? (i.e. windows screensaver that might get randomly activated soon?)

When the program "repackages" it should be able to do it in a non-deterministic way. That is, the order that various binary components are ordered within the "packaged" exe or elf file should not be predictable. Better yet, a trivial scrambling of the binary (psuedorandom xor, or maybe *real* crypto) helps reduce the detectable "signature" of the binary. When the program "lands" as an exe file on the hard drive, it should not have a predictable name. Variety is the spice of life. Genetic diversity helps to improve survival characteristics. When someone prepares a "cure" for the program, they may not realize that the way they "recognize" it may be flawed, or won't recognize it in all its various forms.

There also needs to be various "modes" of repackaging. "Oh, I just arrived on a system where I don't have root privileges become someone is running Apache as wwwrun." So repackage as a "seed" or "spore" that may someday spring back to life. Self-reconfigure into a number of useful commands that try various local privilege escalation attacks. "Oh, I just landed on a system as a non-privileged user, but an actual user with a home directory, so reconfigure as a seed, alter the .bashrc, or put me into the Start->Programs->Startup folder, etc. so that my 'seed' is likely to get executed."

You know, even a 1 MB sized virus could carry a lot of sophistication. I remember back in the day when a 64 K program was considered pretty darned big. Today a 1 MB file is getting easier by the day to hide and get "lost in the noise" on ever increasing 100 GB plus filesystems with ever higher inode counts.

It would possibly take people from a range of interests (processors, platforms, OSes, kernel module interest, windows internals, etc.) in order to put such a beast together.

If it could be made available in the form of an SDK such that you could just put your payload source code into the right place, and then the SDK can compile it for multiple platforms, archit

Re:They might be accused...

[deKernel]

I do agree that watching the dynamics of propagation would be useful, but the easiest method of protection is to use good-safe base systems like BSD/Linux. Regardless of what Microsoft states, they are usually more secure by default.
I realize that this is hard to do because of all the marketing/sales types see about Microsoft beign the future and all, but unless you start with a secure OS, all flaylings will be in vain.

Re:They might be accused...

[Mr.+McGibby]

How the hell would you know AC?

Re:They might be accused...

[garrulous]

Courage as well as bravery eh? Thanks for lending us that incredible insight.

Re:They might be accused...

[MeepMeep]

>But how do we protect ourselves when people with skills start writing malware?

Can you imagine what sort of virus Carmack could write?

The mind boggles.

Re:They might be accused...

The main point of an assembly course is to teach how computers actually work. It's that knowledge that proves enlightening. Knowledge of a specific assembly language is secondary.

Re:They might be accused...

[anthonyrcalgary]

Touche.

SPARC assembly is a bit easier because of the way the registers and the stack are set up, but that's not that much extra to learn.

Re:They might be accused...

The sophistication you've described wouldn't even be 30kb of machine code. A meg is rediculously large for such a thing.
Anyone can think of these ideas. Putting them into code would be monotonous more than anything, and as such it isn't done by real coders with better things to do, nor by most virus writers today, who seek instant (or near-instant) gratification.

Good.

Now we have a reason to invade Canadia.

Re:Good.

Let's see, we've got:

SARS, West Nile Virus (carried by mosquitoes the size of rats), BSE (Mad Cow), not to mention the fine winter weather.

Come on up!

Re:Good.

That's assuming you can even find it. Since most American students cannot find their own home town on a map without labels.

Plus They'll have to deal with the Canadark, the 2 months of no sun.

Canada should join with Cuba .. create a new country... Canuba .. and if the American's don't like it .. shut up, we'll have them surrounded.
(Thanks To Rick Mercer)

Crackers

[ramzak2k]

Crackers, not hackers.
I understand this is a losing battle but lets not get it wrong on slashdot.

Re:Crackers

[flatface]

Excuse me if this is a stupid question.. But everyone says that these people are all crackers.. But who the Hell are hackers? Password guessing/forcing? Cracker. Exploit? Cracker. Trogan? Cracker.

Someone please enlighten me..

Re:Crackers

[PukkaStoryTeller]

A thin crisp wafer or biscuit, usually made of unsweetened dough.

Re:Crackers

[ramzak2k]

here you go, a nice explanation of the meaning :

http://www.grinberg.net/vitaliy/hacker.html

in short ,
hackers: just enthusiasts
crackers: evildoers

Re:Crackers

[ciroknight]

A hacker is someone who is good at something (says my dictionary...) A cracker is dirty word for a white person :P

Re:Crackers

[PM4RK5]

Someone correct me if I'm wrong, but I believe that "hacking" is the (lost?) art of taking apart, fiddling, and generally reverse engineering. The purpose of "hacking" was (is?) to educate oneself on the inner workings of a device. A common misconception would be that "hacking" was limited to computers. It is generally used in reference to technology, but it may be any digital (or analog for that matter) device. One could also stretch the meaning of "hacker" and apply it to fields such as automobiles - taking apart and "modding" your car could be considered "hacking."

Crackers (and cracking), on the other hand, are those who maliciously exploit hardware and software that is not their own, for personal gain, and sometimes just for the sake of having done it.

Did that help clarify the difference? Hackers are reverse-engineers who seek to educate themselves, without inflicting damage. The objective of a cracker, however, is damaging a system (in whatever way), and being able to claim responsibility for it, because they (and their clique) may consider it "cool" or "macho," or in some cases, because they can fraudulently benefit from it (usually economically...)

I hope that helps. If I'm wrong, someone please correct me.

P.S. The "cool" and "macho" part was added by me, but I can see no other motivation to do it.

Re:Crackers

[McAddress]

They are most certainly hackers, not crackers. They are learning about the knowledge in a safe lab, as not to cause accidental damage, for a useful non-malicious purpose. That is a lot better than many of the current experts on these issues.

Re:Crackers

Fuck you, I ain't no cracker. What? you got a problem with white people?

Re:Crackers

[BrynM]

I actually think the battle is lost. The word has changed meaning due to popular usage. I guess this is how the Spam people felt.

Re:Crackers

[RobotRunAmok]

losing battle

Lost, son. Circa 15 years ago. Woulda helped had we picked a word not already firmly ensconced in both the vernacular (thin biscuit) AND slang (narrow-minded Southern whitey) simultaneously. 'Cracker' never stood a chance; teenage cabals can *suggest* lanaguage, but it's up to the media to bless it and disseminate it.

Just let it go. As a geek patheticism, insisting on the use of the word "cracker" over "hacker" is starting to rank up there with wearing one's plastic Vulcan ears out in public.

Re:Crackers

[Kwiik]

How did this get modded insightful? First of all, the true definition of a word goes by the general public, not by a random website quoted under a post. I think dictionary.com is a little more authoritive on the definition of a hacker than Olga Grinberg's public space on the internet.

Sure, hackers are enthusiasts, however this also includes those who are enthusiastic about writing malicious code. Don't be lame and think that just because you don't agree with twelve year old script kiddies using the word you describe yourself with, it means it can't be true. Hacker is a universal term. Not all kernel hackers are evil, and I'm sure there's one or two that do not practice illegal hacking. Not all hackers that use malicious code to enter private systems are bad, either.

For those that don't want to follow the dictionary.com link above, a definition of hacker is as follows:

1. One who is proficient at using or programming a computer; a computer buff.
2. One who uses programming skills to gain illegal access to a computer network or file.
3. One who enthusiastically pursues a game or sport: a weekend tennis hacker.

Re:Crackers

[Archfeld]

Cracker, Hackers, it is all relative...It depends on which side of the cell bars you are currently on.
Crackers you pay for, Hackers you get for free as a M$ like bonus feature to the WWW :)

Re:Crackers

[coupland]

You are wrong, I was there when the terms hacking and cracking came to be and people seem to have forgotten it. Let me make this finally clear:

1. Hacking involves the intentional but usually casual compromise of computer systems. Recently it also includes general technical activity.

2. Cracking is the process of removing copy protection from commercial software. IT HAS NO OTHER MEANING.

3. Phreaking is the process of using illegal methods to make long distance calls.

Even though people have tried for a long time to redefine terms like "hacking", those of us in the know still remember what it means. A decade of redefinitions and wishful thinking will not change this...

Re:Crackers

So kernel hackers should be arrested?

Re:Crackers

Crackers, not hackers. I understand this is a losing battle but lets not get it wrong on slashdot.

Crackers are people who crack software copy protection, a tasty food to go with soup, or a slang insult for caucasians. Hackers are people who break into systems. Find another name geeks, Hackers == bad guys whether you like it or not. Just like niggers denotes a negative connotation to most people instead of being a casual greeting. i.e. "hey, what's up my niggers?" You ever fucking try that in a group of blacks when you're a white guy? Doesn't fucking work.

Re:Crackers

[coupland]

Kernel hackers is a false term. Anyone who was there when the term "hackers" was invented knows that it refers to unauthorized entry to a computer system. Hacking does not mean to program, it means to circumvent security... Everyone who has told you otherwise has lied. People are trying to redefine a term after it was invented, programming is not hacking, period.

Re:Crackers

[Tyrdium]

Just let it go. As a geek patheticism, insisting on the use of the word "cracker" over "hacker" is starting to rank up there with wearing one's plastic Vulcan ears out in public. You mean that's not normal? No wonder I was getting such strange looks...

Re:Crackers

While I commend you for halfway not being an ignorant motherfucker, you're still wrong.
They're not training hackers, or crackers. They're training virus writers.

Re:Crackers

> Crackers, not hackers.

I'm sure a great majority of the students will be white, being in Canada and in a computer-related field, but I think it's innacurate to assume they will all be crackers.

Re:Crackers

> Someone correct me if I'm wrong, but I believe that "hacking" is the (lost?) art of taking apart, fiddling, and generally reverse engineering. The purpose of "hacking" was (is?) to educate oneself on the inner workings of a device.
> ...
> Crackers (and cracking), on the other hand, are those who maliciously exploit hardware and software that is not their own, for personal gain, and sometimes just for the sake of having done it.

Sorry to burst your bubble, but educating oneself is personal gain. Thanks to laws like the DMCA, reverse engineering is considered malicious. And pulling apart hardware/software (reverse engineering) seems like exploitation.

Now, I know that you try to further clarify the difference between crackers and hackers by saying crackers damage a system, but most crackers would want to crack a system without doing "damage" in the physical sense. The real question is whether the company sees it as damage--bare with me on this. It's possibly just as damaging to copy all internal documents of a company as it is open up a black box and figure out how to make your own version.

Internal documents could be bad by showing how a company is lying or showing a lack of progress whether or not the company does end up producing a product at expected times (neither situation being one the company would want to distribute). Neither is physical damage, but either could ruin the company.

Reverse engineering could show a company is lying as well or show a lack of progress (the former being stealing code, the latter not advancing as much as reviewers/consumers expect). The development of a competitive product could be developed as well (assuming they don't own patents on the product) based on reverse engineering.

The best way to differentiate hackers/crackers then isn't by the motives or the means, but purely intent.

If the intent is purely for the aquisition of information, hackers would approve of it. In this case, it's not much a surprise hackers are know for gpl code and warez even.

Crackers are more interested in aquisition of goods or money, willing to exploit a system for knowledge for personal gain at the advantage over others. In some ways, crackers are the capitalist hackers. So, at some level, crackers are more likely to trade warez than to give them away and to possibly event control warezing to make sure not everyone warezes (to do so would eliminate the producers completely).

So, in a nut shell, hackers are communist/idealist deomcratic individuals. Crackers are capitalists. I don't think either view is ever fully realized in individuals, however.

Re:Crackers

[critter_hunter]

You only read the first definition. There's a dozen references with slightly different definitions. In all those definitions, the primary meaning is hacker as per the Jargon File, with an addendum that it can also mean what is known as a cracker. Dictionary.com uses the Jargon File as one of its references, too, so one of the definitions actively states that a hacker is NOT a cracker.

I don't think popularity==validity. Just because something is popular, or widely believed, doesn't make it true. It just means that there's a lot of people who need to be educated

Re:Crackers

[ebbomega]

Yes, but on that note, Canadian universities have been teaching hacking for ages. In fact, it's the cornerstone of a Computing Science degree.

I know it's a semantical argument over words, but for crying out loud, "hacking" wasn't even strictly computer-related in the first place.

Re:Crackers

[ryanr]

Lost battle.

The hackers don't get to define the word, the rest of the English-speaking population does. They've decided that "hacker" usually means electronic intruder.

Re:Crackers

If you're trying to use the term's original usage as a reference point, your assertion is wrong and your arrogant tone unwarranted.

I doubt there's anyone currently alive who was there when the term "hackers" was first put into use. It referred to people who hacked with sharp instruments, like axes. Specifically, it referred to people who made furniture with axes.

Re:Crackers

[ryanr]

You are wrong, I was there when the terms hacking and cracking came to be and people seem to have forgotten it.

Wow, you were in the MIT model railroaders club in the 1950s? That must have been cool. What was it like?

Re:Crackers

[ProfessionalCookie]

Crackers, not hackers.
Ummm...Are you just saying that because you've heard it said?

The University of Calgary is going to start teaching select computer science students to write software viruses in a special new disconnected lab.

Is there anything in there at all that in the slightest way implys cracking? Specifically: "Write Software" and Disconnected Lab"

I don't like it when vandalist script kiddies call themselves hackers any more than the next guy, but these students wil be taught to be hardcore software engineers, not crackers. Jerk. *tee hee*

Re:Crackers

[ebbomega]

Wow. See? THIS is why people get so miffied about illegitimate use of the words "hacker" or "hacking" or even "hack".

1. Hacking involves the intentional but usually casual compromise of computer systems. Recently it also includes general technical activity.

Recently? RECENTLY?????

Christ, I don't know what rock you've been living under for the last 40 years but first of all, "hacking" has never meant general technical activity.

The word comes from the whole "hack and slash" philosophy... a "hack" is a shortened version of said "hack and slash" mechanism, IE it's an innovative solution to a problem using means not readily apparent to your joe-average user. After a long use of this, it became known in the technical world as a person who would spend long hours "hacking", or just plugging away at work trying to make something happen. As such, it became long known that coders would do this quite frequently, and as such a skilled coder in a field would be known as a "hacker". IE a "UNIX Hacker" or a "C Hacker." Steve Wozniak would be known as a "Hardware Hacker". Etc. etc. It wasn't until the media ganged up on the word in the late 80s and early 90s that the term Hacker became in close association with "Computer Criminal".

2. Cracking is the process of removing copy protection from commercial software. IT HAS NO OTHER MEANING.

That's a really REALLY daft statement. Look at the word Cracker. It's someone who cracks things. Be that breaking copywrite protection, encryption, breaking into systems, or whatever. In fact, some of the early uses of the term "cracker" in this sense were towards police detectives who would "crack cases". It's been around longer than computers and Copywrite protection.

When the US government began coming down hard on computer criminals (Mitnick, Mark Abene, etc.) the fact of the matter was these people were in fact hackers. They all owned computers and did most of what they did to learn how something worked, to play around in phone switches and the like. They also happened to crack and phreak a lot to, and this got them in trouble with the phone companies (Well, the MOD people at least). When asked what they were doing, more often than not they'd probably just respond "What? We were just hacking around" and as such the term "hacker" became associated, thanks to political and media spin, to computer criminals.

Cracking into systems is a hell of a lot more complicated than simply breaking copy protection, which, while technically falls under the category of "cracking" is not its exclusive semantical playground.

3. Phreaking is the process of using illegal methods to make long distance calls.

Did you get your degree from the Jeff K Skool of HAx0RING j00!!!1 or what?

Phreaking is basically phone hacking. Problem is that phone systems are very proprietary, and as such Phreaking has since become illegal. You want to phreak, you better work for a phone company. Again, this was stuff that got equated to "illegal" because of some of the things people were doing with phreaking, for instance making long distance phone calls for free from a Payphone at a 2600 meeting in downtown NYC. But there was a shitload more to phreaking than just that. There was cracking into conference call lines, splicing yourself into conversations, and a shitload more stuff.

Even though people have tried for a long time to redefine terms like "hacking", those of us in the know still remember what it means. A decade of redefinitions and wishful thinking will not change this..

I dunno if you're trying to be a troll or what. This isn't a decade of redefinitions and wishful thinking. Hacking is and always has meant the same thing to me. If I went around calling people who pick locks "locksmiths" I'm pretty sure the locksmiths would get pissed off about that. And if the Media picked up the term, and it got bastardized to the point that the word "hacker" did, the locksmiths would be even more pissed

Re:Crackers

[Kwiik]

Actually, I read all definitions, including the two by the jargon file which were obviously the source for grinberg.net's definition of a hacker. However, if you think that much of the world is going to go by the Jargon files, you're sadly mistaken. Do you go in to a resturaunt and ask "soup-p(see section on 'Jargon Construction')?" or do you think any sane waiter/waitress will respond to this, even if they know what it means? The Jargon files, although included in dictionary.com, is not really authoritive. The Jargon files are, in definition, a dictionary of slang, and slang is considered 'informal' English because of lack of popularity vs. authority.

Re:Crackers

You don't seem to understand the real meaning of "reverse engineering". It is NOT reverse compiling, disassembling, or otherwise looking at the code. It IS putting in a particular input and watching the device's (or program's) output.

Reverse engineering is protected by numerous free trade laws. I also quite seriously doubt that the DMCA could have any effect on you if you are in a country other than the US. Unless you pull a Skylarov and come over here, that is.

Re:Crackers

here you go, a nice explaination of the meaning:

crack: something smoked by a certain someone who likes to use the word evildoers.

Re:Crackers

[Dylan+Zimmerman]

I like pclminion (145572)'s response to this.

From post #5336611

"Let them refer to crackers as 'hackers.' We'll just switch to referring to hackers as 'gods.' ;-)"

Re:Crackers

lol , totally agree. I should have marked that as (c) GWAsshole or smthg.

Re:Crackers

[Evil+Pete]

Hacking involves the intentional but usually casual compromise of computer systems. Recently it also includes general technical activity.

As I recall 15 years ago 'hacker' meant a very clever programmer. There were no really negative connotations. Later after the media frenzy its meaning started to change. And then much later the term 'cracker' was coined.

Re:Crackers

[istartedi]

Truer words were never spoken.

I love the irony that iff a safe is being broken into, the guy that does it is a "safe cracker". If it's a computer, he's a hacker. If it's a house, he's a burglar. If it's a car, he's a jacker--but only if the car is occupied. If the car is empty there's no particular word for it. You can say "my system was hacked" but you sound silly if you say "my house was burgled". For both the car and the house, you say "it was broken into".

Silver lining?

It will continue to be very difficult for foreigners to learn the language.

If you're a geek who is still sore about this cracker business, remember that complex, arcane, illogical, and inconsistant rules like this help us spot English n00bs.

There. Doesn't that feel better?

Re:Crackers

[sxe_p06]

*looks around the computer lab*
*Removes Plastic Vulcan Ears*
*tries to think of a lecture for tonight in place of 'Hacker vs. Cracker*

Re:Crackers

[uberdave]

So, we should stop using ram when referring to computer memory, because the majority of the English speaking world considers it to be a male sheep? Should we start referring to the system case as the "hard drive" and the monitor as the "computer"? Should we call 3.5" diskettes "hard disks" and 5" disks "floppies", simply because that's what the unwashed masses refer to them as? No, *WE* defined the term. The world misuses it. We need to keep the "cracker not hacker" cry up. Someday, the mundanes will be enlightened.

Re:Crackers

[Requiem]

Bravo.

Re:Crackers

[AndyAMPohl]

My favorite crackers are those little fish ones. Parmesan, that's my flavor.

-AP

Re:Crackers

"hey, what's up my niggers?" You ever fucking try that in a group of blacks when you're a white guy? Doesn't fucking work.

Apparently you did and I'm sorry I missed it.

Re:Crackers

[aggieben]

Insisting on correctness has absolutely nothing in common with wearing vulcan ears in public.

It is almost always a worthwhile effort to insist on being correct and precise, as well as not losing the language to those who don't know any better.

-- from a "narrow-minded Southern whitey"

Re:Crackers

[Marlor]

Lost, son. Circa 15 years ago. Woulda helped had we picked a word not already firmly ensconced in both the vernacular (thin biscuit) AND slang (narrow-minded Southern whitey) simultaneously.

Most people outside the US don't use cracker to mean either of the above terms. I know here (in Australia), a cracker is someone who breaks into a safe. So using it to mean someone who breaks into computers makes sense. It's certainly less ambiguous than "hacker", which already has about 30 different meanings.

Re:Crackers

[Marlor]

Sure, hackers are enthusiasts, however this also includes those who are enthusiastic about writing malicious code.

All this demonstrates is that we need a more specific term to use for malicious hackers. The word "cracker" might not be ideal, but it's certainly better than identifying the small subset of hackers that are malicious with the label of the larger group.

Re:Crackers

Fucking right.
Jesus... Don't you hate how these little pups act like they've "been there and done that", and are the foremost authority on past history?

Re:Crackers

[Robber+Baron]

Should we call 3.5" diskettes "hard disks"...

Actually, a bloke that I knew once (a South African expatriate), referred to the 3.5" diskettes as "stiffies" (because the case is harder than the 5.25" floppies...) My usual rejoinder was anyone who thought a stiffy was 3.5" was hurting bigtime...

Re:Crackers

[Kwiik]

Yeah, definately that is all that that one minor quote from my entire post demonstrated. In the complete context, however, my post was intended to display the ignorance of the people, who even on slashdot, will succumb to labels such as these. The word cracker is definately more descriptive of the action in view, as it would be cracking a password or cracking security on a system, however I imagine it would be offensive to call white hats "crackers" as it's a derogatory term. Traditionally geeks/nerds will name hackers and crackers as two different crowds, although crackers are just a subset of hackers, but you must consider that the reason people refuse to stick with these is because the term hacker seems more like an elite group, while cracker is degrading. They both work, but you'll never be able to hack the labels to be seperate. As soon as you start hearing the channel 2 news talking about crackers writing the new deadly virus xxy, I'll be willing to drop my stance that this will not change. You can have a group changed, but the World's opinion is what matters.

Btw, before you slam me for calling slashdot readers geeks/nerds as a generalization, please read the title - "Slashdot: News for nerds, stuff that matters."

Re:Crackers

[thebigmacd]

So, we should stop using ram when referring to computer memory, because the majority of the English speaking world considers it to be a male sheep?

Um, no...we would only refer to RAM as something else if the majority of people called it something else, not because something else is called a ram too. Bad analogy.

Likewise, you seem to be saying that everyone's use of the word "ass" is completely wrong and unacceptable because several hundred years ago some "authority" decided it was a good word for a donkey.

Should we call 3.5" diskettes "hard disks" ... simply because that's what the unwashed masses refer to them as?

The unwashed masses do not call 3.5" diskettes "hard disks". They call them "floppies". Very rarely does one hear the words "hard disk". "Hard drive" yes, but more often those are called "C drive" by newbies around where I live.

Should we start referring to the ... monitor as the "computer"?

In an iMac and eMac, the monitor is the computer.

Re:Crackers

[maxpublic]

I don't think popularity==validity. Just because something is popular, or widely believed, doesn't make it true.

This is exactly how language evolves, and words are defined - by popular usage. There is no 'authority' other than popular usage, no matter what some small, select group would like, or what meaning the word may have had in the past.

At one time 'gay' meant 'happy', and only that. The word has evolved and only the worst of word freaks would insist that 'gay' does *not* also mean 'homosexual'.

The word 'hacker' is a generic term with many different meanings, one of which is the popular non-geek definition. No amount of anal insistence to the contrary will change this.

In language, popular usage always = validity. Always.

Max

Re:Crackers

You fscking idiot. Quit suckin' the cock of ESR and get out into the real world. A cracker is a person who cracks copyright protection schemes on proprietary sofware. All of you historical revisionists (like ESR) who say otherwise need to fuck off and die!

Re:Crackers

Crackers (and cracking), on the other hand, are those who maliciously exploit hardware and software that is not their own, for personal gain, and sometimes just for the sake of having done it.

Dude, you need to do some serious research on the subject. HINT: Ignore all of the reactionary bullshit written by ESR and his folowers and instead search for the truth yourself.

Re:Crackers

My god when will you ignorant fucks get it together! Cracking is the process of removing copy protection from commercial software. IT HAS NO OTHER MEANING! Breaking into a web server is not cracking you dumbass!!! Cracking the Street Fighter #7 ROM copyright protection scheme and posting it on the web is cracking. Get it right you n00bi3 fucktards!!

Re:Crackers

[mgbastard]

Well with afaik this mac-based geek knows (as a primary platform - I've got plenty of OS's via VMWare on the mp xeon box) crackers are the guys that crack software copyright protection. That's not really that difficult, as long as you have the experience and knowledge.

Then there's the hackers, which produce amazing works of art in the the form of software.

Then there are the dispised "skript kiddies" [provide your own wierd capitalizations here] which just download some shiznit and target it at random hosts.

I think we just call the virus writers assholes, and the site defacers are "ircops" or their sycophants. (Hi Efnet!)

Re:Crackers

You don't seem to under the real meaning of "reverse engineering". :) Sorry. There's really two different classes of reverse engineering: clean room and non-clean room (WhatIs).

The former is the only type of reverse engineering that has in court cases been upheld as a legal form (of course, this is prior to the DMCA). Realistically, the latter form, involving any and all means to understand the way in which something works is what's normally done when it's seen as unlikely that a competitor has even a remote chance of prosecuting for not doing clean room reverse engineering. Why, you might ask? When you want to see how your competitor's product works, the fastest way is to test some inputs first, then disassemble the parts you don't automatically understand. When time to market matters, and it always does to some extent, shortcuts are the prefered way.

But what does that mean? In the physical world, reverse engineering is so likely that patents are the norm for virtually anything produced. It's understood that competition would otherwise make void all the research needed in making a new product. In the software world, even with patents, clones abound (voris vs mp3, png vs gif, etc). The culture of at least the ideal hacker has resulted in patents for the most part being abhored and circumvent by one means or another (make a clone, offer that gif module off-shore where the patent doesn't apply but people can still get it, publish a long document on all sorts of features you discover). Of course, anything not patented in the physical world is cloned as well and almost never is there a legal fight over it--saying you can't make and sell your own lemonade after finding out what the competitor's lemonade is made of would be scoffed at, assuming it wasn't patented.

But, with the DMCA, copyrighted works have more or less gained the same level of protection as patented works, which is ironic since those companies most likely to invoke the DMCA use it against copyrighted works which are encrypted, something entirely opposite to the openness of patented works. Reverse engineering becomes virtually impossible, except through tedious clean room methods and even then so long as it doesn't happen to circumvent a copy protection mechanism. It seems the DMCA was written without the realization that copyright law is designed to promote the arts and sciences. By this I mean, it gives authors the ability to simutaneously profit from the works they've made while preventing others from directly profiting as well. And society profits as well, by viewing the author's work they benefit as a whole from the work itself possibly, but they also benefit from the extensions others make. If we were to believe the principle ideas of the DMCA and the very narrow scope as defined by fair use in quoting a work, we'd have had to wait the lifetime + 90 years of an author for another competitive work to include an original idea presented, something resulting in a massive stagnation of arts and sciences.

And realistically, this has not happened. Fair use is not needed to quote why ideas might be read and reused by another in even a few months after a best selling novel (fair use wouldn't be a valid exception anyways). The result is laws which in words prevent much more than what the spirit of the courts have shown as accepted behavior. However, when it comes to things in the technical field, an almost magical spell exists where the letter of law is so closely followed like it were a new fronteer where new laws need written to protect what is already protected.

But I digress. The DMCA is a means of creating a new law to prevent another law from being broken. Because of its vague wording (and mostly because the spirit of the law hasn't been established well in this new fronteer), various companies have invoked it to stop "legal" and non-"legal" reverse engineering. For the most part, it has been demo

Re:Crackers

[Marlor]

Kernel hackers is a false term. Anyone who was there when the term "hackers" was invented knows that it refers to unauthorized entry to a computer system.

Ah, so you were a member of the MIT Model Railway Club back in the 1960s when the term "hacker" was invented (and long before networked computers became popular). OK then, thanks for enlightening us all.

Re:Crackers

Huh?... Am I missing some sort of localized slang here? Since when has "cracker" meant white people?

Re:Crackers

[Tony-A]

Right. Methinks hacking is a matter of persistence rather than training.
The media gets it wrong because of their limited idea of what anyone would want to do with a strange computer system. (The media doesn't get any other field "right" either ;)

C Hacker? Right.
Unix Hacker? Right.
Kernel Hacker? Right.
PL/I Hacker? Never heard of it.
MVS Hacker? Never heard of it.
COBOL Hacker? You gotta be kidding.

Re:Crackers

> If you're a geek who is still sore about this cracker business, remember that complex, arcane, illogical, and inconsistant rules like this help us spot English n00bs. :D

There are surprisingly many English people that are English noobs themselves :) -Some don't even know the word : "inconsistent" :D

-But now your Finnish teacher has to do battle with some polar bears, so if you'll excuse me..

(you know .. "Scandeeehhnaahhveyaahhh" ---> polar bears everywhere and people living in igloos) :)

Re:Crackers

[lovemayo]

HACKER: n. [originally, someone who makes furniture with an axe]

*Brings out his axe*
I'll become the best hacker in the world!!

Re:Crackers

Not my definition but I think this sums it up pretty nicely.
8-)

Hackers build things, whereas
crackers brake them.

Re:Crackers

[ozric99]

You can say "my system was hacked" but you sound silly if you say "my house was burgled". For both the car and the house, you say "it was broken into".

Here in the UK it's normal to say "my house was burgled". Well, since the police have decided to give up... ;)

I believe in the US the term "burglarized" is used. Now, people tell me that's a completely commonsensical word, but I beg to differ... :-)

Re:Crackers

[Sentry21]

Also, a 'whitey'.

--Dan

Re:Crackers

[Tetsujin28]

No, we should call a person who does arithmetic a "computer." And a person who types is a "typewriter," as distinct from the "typewriting machine" he or she uses. After all, these are the older uses of these terms, and you seem dead set against letting "mundanes" change the language on us.

Re:Crackers

If Hackers are the bad people, what should we call a traditional hacker/computer tinkerer? I mostly refer to myself as "computer nerd."

Re:Crackers

[Minna+Kirai]

Without networks, hackers had to pick locks or hop fences to use computers without permission. But they did!

The meaning of "unathorized computer use" goes back to 1959, when MIT sophmore Peter Samson (from the railroad club) snuck through the basement door to Building 21 and tampered with the punchcard stacks.

Re:Crackers

[kumokasumi]

Well. Technically, the current usage of RAM is a misnomer anyway, since we only use it to refer to read-write memory. ROMs have generally been random-access, too, for a Rather Long Time.

So, yes, it should be replaced by a more specific term.

But the rest of it? Yeah, you're right.

Just tools

[IronBlade]

The fact they are learning the hows of a skill does not mean they will use the skill maliciously.
In fact, when educated, most people will use their powers for good, not evil.. :)

Re:Just tools

Yeah. Why don't you teach me how to quickly kill a person and show me how I can easily cover up my tracks.

Cut me off at rush hour, and you'll see if I use my powers for good.

Re:Just tools

[TeknoDragon]

yes... there are probably many schools in the US doing this...

In fact I took an Information Warfare class and one of the options for a final project was virus writing.

Re:Just tools

[Lust]

Yes, when I was officially given root access at work I lost all interest of playing on the system. What's the fun in cycling your buddy's colormap when you could just abuse your official root access! There's no pride in that.

Re:Just tools

[tunabomber]

In fact, when educated, most people will use their powers for good, not evil.. :) ...and then, a select few will use them for Awesome.

Re:Just tools

[NeoPotato]

In fact, when educated, most people will use their powers for good, not evil.. :)

Yes, until they have a power trip, turn to the dark side, turn against their former masters, then go on a wear-only-black-and-conquer-the-galaxy binge, only to be struck down by their own son, who they were trying to turn evil at the time.

Getting 0wn3d by your own son is bad enough, but it's somewhat more humiliating when you open your son's email only to get a nasty VB worm that pops up a message saying "h4x0r3d by j00r k1dd13 - l00k3".

Re:Just tools

[aweraw]

why, oh why did i waste my mod points....

someone mod this up as funny!

Re:Just tools

[Sherloqq]

[...] there are probably many schools in the US doing this [...]

There are also some schools out there that will let you propose a course, provided that:
- the subject is educational
- you find more than the minimum required number of students
- you find someone to teach the class

[...] I took an Information Warfare class [...]

Funny you mention that, so did I -- at the aforementioned school. Officially it was called "Computer Ethics", but we've learned a lot about breaking into computers as well. There was even this one guy there, whose name eludes me for security purposes, who looked to be in his 30s at the time and who claimed to have worked for the gov't and was getting his masters at the time, IIRC. At the end of the semester the class got divvied up into groups for a project/presentation, so I made sure I was in the same group as he was. I've learned of a few neat tricks that the gov't was able to do with their technology, though no specifics (for obvious, classified reasons), like being able to pick up EM radiation from a monitor cable and reconstruct the video -- from a few hundred feet away.

But getting back on-topic... if there's a will, there's a way. If students are interested in learning something the school doesn't offer, they should try rallying up support from both their peers as well as the professors to have courses offered.

Re:Just tools

[Idarubicin]

I've learned of a few neat tricks that the gov't was able to do with their technology, though no specifics (for obvious, classified reasons), like being able to pick up EM radiation from a monitor cable and reconstruct the video -- from a few hundred feet away.

This isn't just something the government can do--this is something that a dedicated amateur can do with a little time and money. In addition to some expertise, you will need the following equipment:

• A good commercial wide band radio receiver preferably designed for surveillance (requires a little modification) with spectrum display. Sensitivity and selectivity are paramount. Not all receivers will do the job adequately
• Horizontal and vertical sync generator. Commercially available and will require some modification.
• Multi-Scan Video Monitor with Shielded cables
• Active Directional Antenna (phased antenna array) with shielded cables. Think radio telescope.
• Video tape recording equipment.

This stuff will all fit in a van. The government may have more effective purpose-built tools, but there's nothing preventing a compentent technician from building such a device.

Re:Just tools

[Sherloqq]

I'm sure that anything the gov't can do, people can do, too -- after all, who works at the gov't? What one can invent, so can another. I don't know how long prior to taking that class that guy acquired that particular knowledge, but I'm sure it wasn't widely available at the time, and even when I heard of it from him, it wasn't public domain data. How long has your information been available to the public, with diagrams, step-by-step instructions etc.? How much does all this equipment cost? Even a competent technician will need money to get all this working -- I'm thinking several $k and a few weeks of work?

Point is (and I kinda forgot to make it originally), there is a whole lot of interesting (and potentially viewed as dangerous) topics available that could become subject of an academic course, and some institutions of higher learning will let them be taught provided there is enough interest and that one provides a sound "business plan". Such was the case with the course I took at Penn. Now, I've also taken a few other classes there, including designing and building computer chips, assembly, and unix-based operating systems. Does that make me a terrorist, according to the underlaying tone of the thread here? If so, then it's pretty ironic that not only was I taught all these things at a well-known (some would even say prestigious) U.S. university, they even gave me a degree.

So boo-hoo, cyber-terrorists from Canada and such. Teaching of "dangerous" topics happens on U.S. soil, too.

hey

it's just like the school of the Americas where we train most of the anti-terrorist forces, but it's also the place where most terrorists come out of. If they don't have a problem with that school, the same rationale should be applied to this school.

Security experts and black hats

[Jacer]

You gain a certain understanding for certain things when you're "at the wrong end of a telnet session" A lot of that knoweldge can be used for protecting against the same exploits. If they're writing viruses, maybe instead of having a definition file for each virus that has to constantly be updated, they could author some detection scheme that monitors for activity that is like a virus, or certain function within the code that can be stopped much simpler than the current methods

Re:Security experts and black hats

You mean like heuristics? The kind of heuristics that are in every good anti-virus program available?

Re:Security experts and black hats

[boredMDer]

"they could author some detection scheme that monitors for activity that is like a virus"

Hueuristics, anyone? (Yes, I horribly butchered the spelling of that word, I know.)
Granted, that sort of technology is somewhat prone to false alarms, but we have it. We just need to work on improving detection techniques and and reducing/eliminating false positives..

I wonder...

[jarodss]

will this be offered as an online course?

Re:I wonder...

[kurosawdust]

Not anymore - the last time they tried that everyone got A+'s and six degrees apiece with full tuition reimbursements.

wait, wait, don't tell me...

[Triv]

Will Canada be accused of training the world's next generation of cyber-terrorists... or peacekeepers?"

Oh! Oh! I Know! Is it...terrorists?

Triv

Re:wait, wait, don't tell me...

[Microsofts+slave]

canada has always had an amazing real Peackeeping force, perhaps this is the beginning of a virtual peace keeping force.

Re:wait, wait, don't tell me...

[earthforce_1]

Blame Canada!!!
(Anybody watch southpark?)

Re:wait, wait, don't tell me...

[Xerithane]

canada has always had an amazing real Peackeeping force, perhaps this is the beginning of a virtual peace keeping force.

The Mounties? I shudder at the thought of a burly man, sitting in his underwear in front of the computer, wearing a mounty hat. We must think of the cost of keeping the peace, and decide if it's worth that cost.

Re:wait, wait, don't tell me...

[dadragon]

The Mounties?

Nope. Our peacekeeping force is the Canadian Forces. The Mounties (RCMP) are our national police force, provincial police force, and municipal police forces all rolled into one package. Of course, big cities have their own police forces, and a few provinces do too, but the theory remains.

Re:wait, wait, don't tell me...

[JohnnyCannuk]

Ok I agree with everything you wrote except the part about the Leafs

GO HABS GO!

or today

GO SENS GO!!!

(I live in Ottawa) :)

Re:wait, wait, don't tell me...

[Idarubicin]

Oh! Oh! I Know! Is it...terrorists?

It's too late. We're already being thought of as terrrorists. GWB and his ambassador have snubbed the Canadian Prime Minister over Canada's refusal to participate in the invasion of Iraq.

Now John Ashcroft is pissed off at Canada because our government is considering the decriminalization of possession of small quantities (less than an ounce) of marijuana. Not legalization; just decriminalization--you get a ticket and a fine, rather than an arrest, prison sentence, and criminal record. There are currently twelve U.S. states that do the same thing. Sheesh.

Perhaps these kids can 'correct' the vote tallies this November. I can think of a few states where nobody would notice...

I'll get off my soapbox now.

Re:wait, wait, don't tell me...

[Sentry21]

No, this is our second step in our secret agenda of world domination.

Step one was even cooler than this, but you'll find that out soon enough. You had just better hope that Ottawa wins the cup, or there'll be issues.

--Dan

Re:wait, wait, don't tell me...

Buddy, you just got yourself a friend.

O'Canada

[psyconaut]

Well, I'm quite proud to be an (adopted) Canadian. I see this as just another way for us to poke the Nazi Americans...what with SARs, mad cow, and our threat to decriminalize pot...why shouldn't we just push the envelope a little more? ;-)

-psy

Re:O'Canada

[saforrest]

Well, I'm quite proud to be an (adopted) Canadian. I see this as just another way for us to poke the Nazi Americans...what with SARs, mad cow, and our threat to decriminalize pot...why shouldn't we just push the envelope a little more? ;-)

We also maintain a threatening lead in Zamboni technology. [This borrowed from Canadian Bacon].

Re:O'Canada

Guys, you are begging for a liberation. Uncle Sam is always willing to give a hand to its neighbors.

Re:O'Canada

[psyconaut]

We're also some mean ass curlers ;-) (A nod to "Men with Brooms" which is what I watched not an hour ago).

-psy

Re:O'Canada

[tuxlove]

We also maintain a threatening lead in Zamboni technology.

How can Canada possibly hold the lead in Zamboni technology? Zambonis are only made by the "Frank J. Zamboni Co.", which is a US company based in California. Any other ice resurfacing machine is just that - an ice resurfacing machine, not a Zamboni. Sounds like you have Zamboni envy.

Re:O'Canada

[AchilleTalon]

Simple, with these highly subversive techniques, it's not a secret to anyone, very, very, very soon, these deeply hatered canadians will rule the world!

And this day, the Frank Zamboni Co. will become a fully canadian company.

Don't underestime us...

Re:O'Canada

[PukkaStoryTeller]

Umm, yes, that's why the USA whipped your ass in curling during the 2000 summer olympics (to win the gold medal, also), while more than 90% of all Americans don't have a clue as to the first thing about curling.

Re:O'Canada

[psyconaut]

That's okay, we beat the crap out of both your mens and womens team in the hockey during the 2002 Winter Olympics ;-)

Re:O'Canada

[AchilleTalon]

And just to make sure I am clear enough. All these ugly mistakes and typos are a proof we are much more dangerous than you may think. Some of us are also speaking french and writing bad english.

Re:O'Canada

[PukkaStoryTeller]

That you did.

Re:O'Canada

ONLY made by the US company? I think you now understand why the Canadian "zamboni's" are so threatening.

Re:O'Canada

[ryanr]

We're also some mean ass curlers

What's an ass curler?

On second thought... question withdrawn.

Re:O'Canada

he USA whipped your ass in curling during the 2000 summer olympics

Isn't curling a winter sport?

Re:O'Canada

"mean ass curlers" is redundant. Anyone who risks burning their cheeks with an iron is gonna be a little nasty.

Resume

[phorm]

But... somehow I have a problem seeing this net me a job on my resume:

Skills:

• Virus Creation
• System Cracking
• Advanced infection techniques

Comment:
While I realize the above skills may not be entirely useful for the position described, I have noted that you do have an internet connection to your primary server via IP address 66.35.250.150. Would you like me to tell you your root password during an interview, or should I be ready work at 8:30am tomorrow?

Re:Resume

It's spelled, "m4d ski11z" btw... :)

Re:Resume

Uh, I don't know about the folks you work for, but in my experience this goes like:

Me: "I have noted that you do have an internet connection to your primary server via IP address 66.35.250.150. Would you like me to tell you your root password ?"

Them: "Oh really? Can you fix my Microsoft Explorer? It won't come up."

Me: "But, if I can get in, anyone else can too!"

Them: "That's okay, there's nothing important on my computer!"

Me: "But they could launch an attack on other computers, they could get personal information or sniff traffic"

Them: (laughs) "Look, I've a got a firewall, nobody can get in"

Me: "No that's just a file on your desktop titled 'firewall'.. it's just an empty text file! Don't you see the file I added under it titled 'HEY SHIT-FOR-BRAINS YOUR SHARES ARE OPEN TO THE PUBLIC.txt'"????

Them: "Yeah, that Bill Gates sure thinks of everything! What a genius! Imagine what the world would be like without the MSN internet!"

etc.

Re:Resume

You could get a job with the MPAA! :)

http://www.mpaa.org/anti-piracy/

Re:Resume

[hopbine]

Don't laugh .. how many people out there have a job because of something similar!!!

Re:Resume

> somehow I have a problem seeing this net me a job on my resume ... Virus Creation ... System Cracking ... Advanced infection techniques

Depends who's hiring. The former Hussein regime might have been interested.

Re:Resume

[freeweed]

I know this is intended to be funny, but I think people would be surprised at just how good this can look on a resume.

I did an internship with one of our government departments, involving 'security research'. Sure, an hour a day was occupied reviewing firewall/IDS logs, but the rest of the time was spent developing and testing exploits. It was a hell of a lot of fun, and I gotta tell you - I have a deeper understanding of the TCP/IP protocol suite than anyone in their right mind could want, I can code shellcode in my sleep, and writing a self-modifying virus that evades most signature-based scanners is something far from impossible now.

I gotta tell you, the right employer drools at this, because it's not something a person picks up in school, and the vast majority of people that know anything about it are really no more than glorified script kiddies. When it comes time to harden a system WELL, or set up an IDS so that it's actually useful, or write a virus scanner that will actually work 2 days after it's released onto the market... it helps to have a clue what you're doing.

Re:Resume

[mrpotato]

I have a deeper understanding of the TCP/IP protocol suite than anyone in their right mind could want, I can code shellcode in my sleep, and writing a self-modifying virus that evades most signature-based scanners is something far from impossible now.

Bullshit bullshit? Bullshit, bullshit bullshit bullshit, bullshit!

Bullshit, bullshit bullshit...

Re:Resume

In what way is that bullshit?

Do you have some special knowledge of his understanding or the TCP/IP protocol suite? Or do you perhaps know that he cannot code in his sleep? I can't count the number of times I've fallen asleep and had endless dreams of code, lines of code, and more lines of code all night long. It does not make for restful sleep.

Or perhaps you take exception to the idea of a self-modifying virus "that evades most signature-based scanners" ? Such a virus seems quite possible to code. If a virus can replicate itself it can also replicate itself in such a manner that it's signature is altered.

So I'm calling bullshit on your bullshit.

Re:Resume

[Oddly_Drac]

"When it comes time to harden a system WELL, or set up an IDS so that it's actually useful, or write a virus scanner that will actually work 2 days after it's released onto the market... it helps to have a clue what you're doing."

Of course, they'll look at you first when something bad happens, because your resume would be skirting legality, similar to the automechanic that can break into a car in seconds flat, and heaven forfend that they need a fall guy...

OD

Re:Resume

Of course, they'll look at you first when something bad happens, because your resume would be skirting legality, similar to the automechanic that can break into a car in seconds flat, and heaven forfend that they need a fall guy...

Could I have your password for a moment, I just need to check something...

I like you Kevin, because you trust me...

Hmm

[Timesprout]

I am dubious to the value of using a bunch of students for this project. Many virus writers etc seem to be highly motivated, determinded individuals hell bent on annoying the crap out of the rest of us. I cant see the students replicating this commitment

Re:Hmm

[shaitand]

Your right, college students are way too old for this level of motivation... the virus writers of yesterday were college students... to keep up with today's competition we should be teaching this in kindergarden.

Um, ok.

[methangel]

Why not focus more on creating better programmers versus turning the the good ones to the dark side (of the language.)?

Virus writing was very easy last time I looked into how they were written and structured. What are the tools being used to create these 'viri'? My guess is Calgary has a site license for The Nowhere Man's Virus Creation Labratory software.

So l33t.

Re:Um, ok.

[csash]

Virus writing is very easy now, but it is because nobody is really writing a virus anymore. Instead, they are using virus creating programs to write them, or taking a current virus, and modifying it.

To write a virus from scratch takes a bit more effort, and you need to be adept at asm, which nowadays, very few young people bother learning. I dont think people reallize that virii are not written in C, its all asm.

If someone actually wants to take a look at what a real virus looks like, take a look at the following site. Im sure we all remember the SQLWorm Virus of late January. Well, here is a website that has the virus code posted:

http://www.eeye.com/html/Research/Flash/sapphire.t xt

Re:Um, ok.

[RogueProtoKol]

um, that is the disassembled code of the virus, not the decompiled code, that could of been written in any language (afaik, which isn't far)

hype

[DarkSkiesAhead]

maybe it's just me, but this article has a rather tabloid-esque sensanionalist feel to it. where did they get the figure of $1.6-trillion of damage done by viruses? that's just not believable. then they quote unspecified "experts" and refer to vaguely conspiratorial theories of government-hired hackers in a "secret laboratory".

basically, they are printing a new course announcement and mixed it in with a bunch of hyped up BS in order to make it look like a real article.

Re:hype

[Timesprout]

where did they get the figure of $1.6-trillion of damage done by viruses

I was out sick for 2 weeks a few months ago with a virus so that explains a lot but I'm dammed if I know where they got the other half trillion from.

Re:hype

[ciroknight]

I think they count "Security Software" and companies like Symantec and Cisco Systems under this number, which greatly skews their numbers. Most great antivirus companies happen to be great computer repair companies and offer software that helps recover data from crashed hds, patches holes in operating systems, and otherwise keeps the computer clean. So yes, this number is greatly inflated, but getting a nice clean figure would be next to impossible otherwise.. plus it's good journalism to use big numbers, it attracts the eye and shocks the reader ;)

hacking for dummies

[MrDelSarto]

you know, I've been working through the idea of a "hacking 101" course for pre-university students. Think about the concepts to you need to understand how to write a "simple" stack overflow ; all about how programs execute, how system calls work, machine language, probably network programming. Let alone the actual C and ASM hackery skills. More advanced hacks like infecting dynamic libraries etc require even more knowledge. By the end of it, you'd come out at least knowing if you liked computer science. I wish someone had done this for me when I was 16 or 17. Take the class over a few weeks, introducing one concept a week and then have a go at writing that part of your exploit.

It has been suggested to me that I might as well just teach a basic operating systems class, but it doesn't have to same ring to it ...

Better Virii

[ralphart]

Not as crazy as it sounds...In the early days of virus outbreaks, it seems as often as not the problem was not so much the payload as it was poorly written code causing it to behave in an unanticipated way.

Mind you this was not always the issue...sometimes the poorly written code of a virus is what keeps it from running rampant.

Viral delivery, with a beneficial payload (it IS possible) could be a useful thing.

At the very least, maybe we'd see more efficient code with all those Outlook email floods!

Re:Better Virii

[TallEmu]

I'd toyed about the concept of building a virus with a beneficial payload, but gave it up as it's is ethically cloudy to say the least. For instance, new vulnerabilty reported? Write a virus that exploits (and patches) it. It could conceptually at least spread at the same speed as the original virus. While that may not always be practical (it would depend obviously on the vulnerability and how complex the patch was) there is the ethical consideration that I have absolutely no rights (read that Eula!) to "attack" your system and "fix" it. Plus, my idea of a "fix" (this product doesn't do DRM correctly) may not equate to yours ("this program does do DRM correctly"). Another alternative would be to replicate the virus logic, with a benign payload "Hey! Sysadmin! Did you know you are vulnerable to - you should go get patch from ..."

Re:Better Virii

[Skid]

Actually, one of the better "what viruses, trojans, etc. are and how to secure your computer against them" books I've read mentioned an early example of a compression virus - the program had virus-like delivery, but for the purpose of Stacker/DoubleSpace-style disk compression. When a new drive was detected, it would spread - AFTER asking, politely, if you wanted the new volume compressed. Main advantage of it over the more common systems was that it was user-invisible. Main disadvantages - it's difficult to get paid for a self-replicating program, and having to have the compression/decompression code on every disk made the gains less valuable on smaller disk sizes.

Actually, a viral virus scanner might be kinda neat... if only for the irony!

Don't overreact

[Mossfoot]

After all, by studying how viruses are made, you can better understand them and thus make better anti-virus software. The kids going here are not going because they want to learn to be L33T cyber hackers or whatever, but knowing the tools of the trade (white and black hat) will help them in the computer programing/protection field.

Programming viruses...

Prerequisite: reverse engineering software from a monopoly

last years l33t

[shaitand]

You have to consider any methods of writing virus being taught at a university are without a doubt outdated and easily detected... Any who are able to take this information and progress it into a difficult to counter virus is intelligent enough that with that as their agenda they would have learned on their own anyway.

Re:last years l33t

If you think that countering an intelligent being (a virus programmer) with an automated piece of software ( a virus scanner that detects viruses that aren't developed yet), try writing a game AI that can consistently win from you (in a somewhat complicated game, no cheating !).

It has to win from you personally because the virus writer also has access to the virusscanner, so he knows everything about it, and probably tests the virus against the scanner.

I've written a virus. The last thing I did before archiving it (and put it on a bbs, hey I was 16) is running it together with 10 active virusscanners, and making absolutely sure they don't detect anything wrong.

Re:last years l33t

[shaitand]

you have it backwards... the scanner only needs to be able to detect the virus after the makers of the software have a copy and can release a definition. The challenge is to write a virus that stumps those writing the definitions... it has to morph all aspects of itself that follow a consistant pattern, do so often enough that new definitions cannot be made and released quickly enough to catch the current mutation, and it must mutate in such a way that it is not predictable after decompiling the code. Optimally it would also never be detected in the first place... the best virus around roam to obsoletion without anyone knowing they ever existed.

A little bird once told me that microsoft releases virus that meet that last criteria just after the version of thier OS take hold so that the old versions "blue screen" for no apparent reason and do so often and cause people to upgrade. I don't buy it, microsoft knows they cannot release code without bugs that would get them caught ;)

Re:last years l33t

[shaitand]

Actually I have written a program that meets those criteria... I wrote a learning chess game... it knew chess as well as I did, the difference was I couldn't possibly compete with it's ability to look ahead ;)

at some colleges

they actually teach people how the human body works, under the guise that they will "heal" people or at least "diagnose" what's wrong with them.

Yah, RIGHT. If you tell these murders that a certain body part is crucial to life, the first thing they'll do is cut it right out, because people are basically EVIL.

Similarly, anyone who knows how computers work is a cyberterrorist. Canadians are FRENCH! Did we forget what happened on 9/11?

Re:at some colleges

because people are basically EVIL

Gee, I'm sure glad I don't live in the same universe as you. I mean, we got our share of evil people too, but luckily they are few and far between.

Oh dear

[kupo+zero]

I can see this getting way out of hand very quickly. Everytime some new virus hits inboxes across the world, this kind of class would become the easy scapegoat. While teaching them how to make viruses may be in good faith and in fact it is probably quite interesting, the rammifications are just to big for this class to be a success. Who knows, maybe we'll the the "I Love Hockey" virus out of it.

peacekeepers

[tarzan353]

No matter what path they choose, whether to be malicious hackers or peacekeeping notify-devs-before-it-gets-noticed types, the end result will be the same: better code.

Now if only we can get MS to believe what us open source folks have been saying for years!

What if this were bio instead?

There seem to be alot of positive posts about this.
Fair enough, but would you still be for this if it were a bio program instead of a CS class?
Should we be having students create killer bacteria in order to see how terrorists might do that?

Err, no.

[oogoliegoogolie]

Hackers do it for the fun, achievement, and knowledge. It is like a sport for them. They do not do it to cause harm.

In this instance since they are doing it for fun and the end result of their quest is knowledge, and don't indend on causing any harm or havok with their code, they are hackers and not crackers.

U of "C" doesn't teach "C"

[cdn-programmer]

I live within walking distance of this university and I am a professional developer and have been for a number of years. Last fall I contacted their IT people and asked if they have any courses on C++ cross platform development. (Rightly or wrongly I elected to use wxWindows and C/C++ from now on - but I still ahve a lot of legacy code of course).

I was suprised at the raw nerve I seemed to have hit with the prof I was speaking to because she became somewhat defensive.

My position is that if we for instance go to sourceforge and check the projects that we will find that C/C++ is perhaps the most popular language for these projects. If I look at my development requirements my conclusion is that C/C++ is THE ONLY viable languge I would even consider using! In my career I have programmed on over 13 platforms and I have used over 13 languages - many of which are now obsolete. I don't think I am biased towards C/C++ or say biased away from say Java. I have my career and at this point in my life I am managing it! I encourge all other programmers to do likewise. What this means is that for me - if a client asks me to program in VB, Java, etc. my answer is that I will NOT take on the job.

Given my strong feelings that C/C++ will be here for the foreseeable future - I find it totally ironic that the U of "C" doesn't even teach "C".

As such - I consider them rather irrelevant.

Furthermore as it turns out I was at the OpenBSD hackathon BBQ last weekend and made the point of asking the hackers how much Java there is in OpenBSD. They laughed. When I asked about C++ they were a little more serious and consided that perhaps there is some somewhere.

So I commented to them that the Uof"C" doesn't teach "C" and was actually quite surpised to hear one chap pipe up that his company doesn't hire UofC IT grads.

I think this is a really sad testiment to the department actually. My opinion is that they have a strong Java / M$ bias and I think this is rather sad. Just MHO...

--------------

BTW - these comments should not be construed to critisize Ruby, Python, Perl, Bash, PHP etc. These langages all have their place and I use some of them. My comments are about the use of C/C++ for general purpose applications development where you might end up with 50,000+ lines of code.

Re:U of "C" doesn't teach "C"

I was suprised at the raw nerve I seemed to have hit with the prof I was speaking to because she became somewhat defensive.

Becker gets that way.

I earned an A in the last academic C course [cpsc231/233] there four years ago. That course is now Pascal and Java, which are real handy for introducing green students to the concept of programming a computer.

There is this, which overlaps somewhat with the former C course (and was introduced with the abolishment of the C course), but at about 4 times the price with no credit...

(anon because other faculty read /. too)

Re:U of "C" doesn't teach "C"

[KrispyKringle]

This is, in fact, the case at many universities. The U of P, birthplace of ENIAC, teaches (this may change soon, apparently) O'Caml (a branch of ML) in the first semester of intro to programming. Talk about useless, perhaps, but the idea is not to teach just technical proficiency (something easily learned at a local community college) but to teach theory. O'Caml teaches recursion and functional programming well, and levels the playing field for those who have and have not had C/C++ in high school.

Incidentally, they then move to Java, although C is taught in Systems Engineering and used somewhat in later Computer Science courses.

The idea here is that anyone can learn any language fairly quickly. It takes a week or so to pick up a new OO language if one is proficient in theory; if one learns only how to use a certain language or API, though, he will have a much tougher time adjusting.

Certainly, this has some flaws, but the general approach is wholly valid. There is no reason to just teach the current programming lingua franca; standards change. Learning how to write something provided in the VB API or Java API may also seem silly, but its done for the same reason. CS courses here don't teach a specific language, they teach with a specific language. The language illustrates; it itself is not the objective.

Students who are taught just one specific skill and language can't see the forest for the trees. Students who can see the big picture can learn to deal with unfamiliar details.

Re:U of "C" doesn't teach "C"

You know, FORTRAN and COBOL used to be the only languages to use, too.

You know what they call people who "refused to take on the job" when C and C++ came along? Unemployed. No longer programmers.

A good programmer should be able to write code in ANY language, with at most a couple of months of familiarization.

Teaching C, Java, PERL, whatever is the job of a trade school, or at most a community college. Teaching computer science is the job of a university.

Re:U of "C" doesn't teach "C"

[Pinball+Wizard]

I learned more in one Scheme class than all my C/C++ and Java classes put together.

You are incredibly naive if you think a computer science curriculum is supposed to teach students the language du jour, no matter how useful it looks to you.

Perhaps you should look a little closer at what CS depts actually teach students. Maybe try to understand why a programmer who understands algorithms and Big O is going to write better code than your so called "experienced" C++ programmer who never studied these subjects, even if he has to pick up C++ on the job. Or that the CS grad knows how to do OOP in any language - or write a large scale program in any language.

You are right about certain languages being better for the final finished product than others. But you appear to have no clue about what a CS dept. is supposed to teach. Hint: it's not about being a language jockey. It goes much deeper than that; I hope you figure this out one day.

Re:U of "C" doesn't teach "C"

[freeweed]

University isn't about training coders. That's what college is for.

A Computer Science program at any (Canadian) University worth its salt has maybe 3 or 4 programming courses, and the other 30+ are algorithms, databases, networks, algebra, AI, operating systems, distributed systems, parallel systems, real-time systems, security, automata, digital logic, data structures, software engineering, graphics, instruction set architectures, compilers, professional ethics...

Note that any and all of the above are (relatively) language-independent. A CS student should be able to pick up a new language in a matter of days/weeks - but CS is not about syntax memorization.

Re:U of "C" doesn't teach "C"

[Lord+Ender]

"the idea is not to teach just technical proficiency (something easily learned at a local community college) but to teach theory."

I am about to graduate, and I am severly pissed at my university for just teaching me "theory." If they would have taught all the classes in C or Java, instead of an obscure, unused language, then I would actually be able to claim a high level of proficiency in a language on my resume. As it stands, I am now very good at the language my Uni uses to teach, but that is worthless on a resume!

Re:U of "C" doesn't teach "C"

One shouldn't equate not using C to teach fundamental programming concepts in an introductory level course with abandoning it altogether. Several of the core courses in the UofC's computer science program still require projects to be done in C/C++, as do a number of electives. While some of these courses might change, I can't see all of them moving away from using C. In particular, the Operating Systems course (which I took from the same prof offering the virus course) involves working with the BSD kernel. While students may not be "taught" C/C++ at the University of Calgary, they most certainly have to learn it.

Re:U of "C" doesn't teach "C"

[DarkFyre]

I actually attend this department as an undergraduate. I've taken courses with Dr. Aycock (http://www.cpsc.ucalgary.ca/~aycock) who is teaching the malware course, and he's one of the better lecturers I've had. He is also involved in the OpenBSD project, and may have been at that barbecue with you. I was unfortunately unable to make it, as I was out of town.

Anyhow, your assumption that there is a strong Java/Microsoft bias in the department is incorrect. While we don't 'teach' C, students are expected to know it, and there are several courses that use it extensively.

The professor you spoke to - it would probably have been Katrin Becker (http://www.cpsc.ucalgary.ca/~becker) - has her reasons for feeling the way she does, and is usually quite conversant about them. She also has very little influence in the policy decisions made by the software engineers in charge. Those people labour under the misconception that programmers can be replaced with pretty graphing tools, and are changing the program to reflect this, despite the best efforts of most of the faculty.

Your points about C are well taken, and I agree with all of them. However, your conjecture into the tone and attitude of the department are off base.

Re:U of "C" doesn't teach "C"

You know, FORTRAN and COBOL used to be the only languages to use, too.
You know what they call people who "refused to take on the job" when C and C++ came along? Unemployed. No longer programmers.

Sadly this is not so. While FORTRAN may be increasingly restricted to specialised acadamic use, COBOL is still unfortunately prevelant. Almost any large financial institution will have an MVS based mainframe. In this environment COBOL is still King. There is so much legacy code that these institutions have found it easier to continue using this steaming pile of shit (yes I used to program MVS/COBOL), not only to maintain old code, but to continue to write in it and to continue to train some poor suckers in it, along with JCL and all those other ancient abominations. (Anyone who calls UNIX user-unfriendly has never had to write JCL scripts on an MVS system!).

A good programmer should be able to write code in ANY language, with at most a couple of months of familiarization.

That's probabably too big a call. Some excellent C programmers just never click with Functional or Declarative languages.

Teaching C, Java, PERL, whatever is the job of a trade school, or at most a community college. Teaching computer science is the job of a university.

Absolutely. However original poster is neither a trade school or a university, but a professional programmer who has the choice of programming only in the language he is most comfortable in using. As it happens (and this was his point) this language is in high demand and will be for the foreseeable future. Good luck to him!

Re:U of "C" doesn't teach "C"

[kreyg]

Well, I have a BSc from U of C, and they don't teach "C," they teach computer science (that's why is't a degree in computer science, not C), which is much more valuable as it applies to all future technologies.

That said, CPSC 233 was basically the "C" course, and C was used extensively throughout the program. I believe Java may have replaced C in several instances after I graduated, but that's not so different.

Re:U of "C" doesn't teach "C"

[csash]

To clear things up, kind-of; I was just as suprised last year to hear that CPSC at UofC was phasing out C/C++ in introductory classes. But after hearing the reason (Pascal and Java offer a better learning environment for students new to computer science), it makes sense. C/C++ however is not phased out of the university. You are still expected to learn it on your own, and be able to write C programs when you start doing the hardware, networking, OS, etc courses. It is, as it is with many languages, expected that you learn the language on your own. The computer science does not teach you programming, it does not teach you programming languages. It teaches you the science of computer science, the language and the programming are just the tools you use.

If you are looking to learn/refresh C/C++ skills, university is not the place; however, the UofC offers continuing education courses which are probably more of what you are looking for.

Re:U of "C" doesn't teach "C"

I come from the U of Ottawa. Our CS program does teach C++ in a 2 credit(lightweight, 3std)lab in second year. I feel that Universities shouldn't expect people to just learn languages on their own if the language brings some new concepts to the table. The concept of pointers is reason enough on its own, because that should be taught correctly to give students a solid foundation with which to work in a C/C++ environment and anything else that might use the same concept of pointers. It falls within the applicable theory department, and it is not simply syntax. This concept is not provided by Java. CS programs shouldn't focus entirely on abstract theory anyway. Most of it is so useless.

Heck, I took a Prolog lab. Very useless language, but it has a different syntax base. If I should ever be forced to work with some new and powerful language similar to Prolog, I'd be able to handle it.

Oh, and software engineering needs to be dropped from the program. What a waste of time. ;)

Re:U of "C" doesn't teach "C"

[AT]

I took CPSC 510, the compiler course, with Aycock around 1996. He was definately one of the better lecturers I had; I suspect it won't be a lightweight treatment of the subject either. He has also done some work on the Linux kernel (one of the Adaptec SCSI drivers, I believe). I'd say this is likely to be a really interesting, worthwhile course. I miss school...

Re:U of "C" doesn't teach "C"

It sounds more like you should be mad at them for failing to teach you that knowing language X does not a Computer Scientist make. If you're not able to apply the things you learned in programming languages theory courses, and learn specific technology on your own, you should be mad at them for giving you a degree.

Re:U of "C" doesn't teach "C"

I agree with your sentiments in general, but I believe that starting with Java (or any HLL) is bad.

My school teaches CS basically from the ground up. From the lower-level languages to the higher ones. The first year of a typical CS student goes something like this:

C
memory management
recursion
data structures & basic algorithms (sorts, tree traversals, BFS/DFS pathfinding)
stacks/program counters/registers
ASM
C implementation of ASM-interpreting VM
major project in C
C++
Object Oriented Programming
Advanced memory management/Garbage collection
Java
network programming
graphical programming
multithreaded programming
lisp
advanced algorithms/data structures (A*, R-trees, etc)

They teach in this manner, from lower-level languages to higher-level languages (lisp is arguably the highest-level language in existence) because many of the fundamental concepts that any decent CS grad needs to know have been totally abstracted away by the higher-level languages (most notoriously, memory management). After the student has been given a basic understanding of the material, however, the course moves on using a higher-level language so that the student is not unnecessarily encumbered by implementation details with which he/she should already be familiar. Starting with a HLL, however, prevents students from learning the concepts that the language was designed to deliberately hide.

Re:U of "C" doesn't teach "C"

[SuperFrink]

I think Becker's comments can be found (if/when the server is up) in this student newletter. It includes the following:

The 1st two courses in our program are called: "Introduction to Computer Science" NOT "Programming". The emphasis in those 1st courses is supposed to be on fundamental concepts - we are laying down the foundation for the rest of the program. 231 has not become a Pascal course, and 233 has not become a Java course. At least, that was never my intent.

Now my personal comments. I just finished my BSc last month. No I don't recall a course where we were "taught" C but I do recall using C in courses. Some examples are: a compiler, a serial mouse driver, bitmap manipulation (filesystems course), a linux device driver, linux kernel scheduler, Berkeley socket and SSL code.

I didn't have to use C untill second year. By then it's expected that we can 1) pick it up 2) borrow a book (CSUS or the library) 3) google for it 4) ask someone for help with a detail of the language (other students, TAs, an instructor) 5) try usenet.

Chad

Re:U of "C" doesn't teach "C"

[anthonyrcalgary]

First of all, yes there's a lot of Java there, but I don't think there's a whole lot of Microsoft... out of 9 comp sci courses I've taken there, one so far even presented Windows as an option.

Second... Your information is wrong, period. C is first taught in CPSC233 (intro II), and used in the required courses CPSC355 (assembly), CPSC441 (networks), CPSC455 (low level arch), CPSC457 (operating systems), and probably others I don't remember. Most of the later courses are language agnostic.

Knowning how to think about/plan algorithms and good coding practices are more important than which language you use. A new language can be learned very quickly with these skills.

After being taught Java and getting some experience programming in general, learning C was easy.

Re:U of "C" doesn't teach "C"

[dghcasp]

Disclaimer: I'm a U of C grad, but I graduated in 1993.

At the time, U of C didn't teach C either. Students were expected to be able to learn "C" on their own by third year, since they'd already been exposed to three or four different programming languages from different spheres. Once you were in third year, you could, for the most part, do your projects in whatever language you wanted, as long as the TA knew the language. Most students did their projects in C.

As well, the first year courses almost always used languages that students were unlikely to have encountered ever before. This helped level the field between the people who were "xc3113nt C h4x0rz" and everyone else. Everyone started from first principles in functional programming.

By the time I'd hit third year, I'd had courses where the language of choice were Pascal and Modula/2 from the "Von Newman" sphere, ML from the functional sphere, and PDP-11 assembly (was being replaced with SPARC assembly at the time) from the low level sphere.)

By the time I'd graduated, I'd added courses that required languages based on category theory (Charity) and one based on primitive recursion (it only had zero(), succ() and recurse(x,y) functions and you had to define the whole rest of the language yourself based on those.) If I'd taken different courses, I would have been exposed to Lisp, Prolog, SQL, etc.

The theory behind all this was they wanted to teach you different ways to think about problems, not just how to pound in a solution in C. People who just wanted to learn to code in C, be able to say they were a "programmer" and go on to a career went to SAIT or DeVry.

Pick any academic program and you'll find people who think something is "missing" or can be "better." That's why they evolve over time. The main flaw I found with the U of C program (IMHO) was that the only course that really required you to deal with a large project (CPSC 510, full year, write a compiler from scratch) wasn't a mandatory course.

But I'm glad I got my degree from U of C. And I'm not crippled in my ability to work in C/C++ because I never took a half-year course in it.

Re:U of "C" doesn't teach "C"

[Drakonian]

Give me a break.

1. Off topic, what's your point?
2. Ironic that U of C doesn't teach C? Good lord, that is stupid. C stands for Calgary. It's not a fast track technology place like Devry or something.
3. I assume you are talking about Computer Science. Electrical, Computer and Software Engineering students all take (at least) one C course.
4. You use C/C++ in many CPSC courses (CPSC411 and 457 come to mind)
5. The C language is extremely simple. Knowing how to use any language well (i.e. understanding computer science/software engineering principles) is far more important.

Re:U of "C" doesn't teach "C"

[xenocide2]

I donno if you attended U of P or not, but functional languages are on their way in, and C++ out. One of the biggest promoters of C++ was microsoft's interfaces, and they're pushing C# now.

OCaml may not win the war, but its certainly not a bad language. It has a large and stable set of tools. It has a runtime interpreter, a byte code compiler and interpreter, and a native code compiler. It supports most unix platforms and x86 for windows. A version is being developed by microsoft for MSVS.NET called F#. Now maybe Haskell will win after all with its seeming appeal, but OCaml is hardly a joke.

Actually, looking at your user stats, it seems you attended Ohio State University. They seem to have recently converted to Java, though I'm not sure what the language used to be. Just realize that an if statement works the same in all languages, and you'll do fine.

Re:U of "C" doesn't teach "C"

[Drakonian]

One more thing... A testiment [sic] to the department eh? They must be doing something right if they churned out James Gosling (creator of Java) and Theo de Raadt (leader of the aforementioned OpenBSD project).

Re:U of "C" doesn't teach "C"

[anthonyrcalgary]

Starting with a HLL, however, prevents students from learning the concepts that the language was designed to deliberately hide.

Someone learning to program for the first time can become caught up in those very concepts when they should be getting things like how to conceptualize an algorithm. If you can't plan algorithms effectively, you're boned no matter what.

Re:U of "C" doesn't teach "C"

[Brad+Cossette]

I'll second this as an almost grad of this program.

You're right C isn't taught. You're expected to be able to figure it out due to exposure to C++ and assembler in 2nd year. You must know it though - you'll get nailed otherwise. I've taken the following courses where we used primarily or only C:
- 2nd year: Architecture (assembler for PDP-11 via simulation, Intel x86, and integrating x86 assembler with C routines.
- 3rd year: Another architecture course which involved writing device drivers for assignments. All C coding.
- O/S course, projects consisting of at least one modification to the OpenBSD O/S and three other O/S related ones in Solaris (my 4 were implementing an md5 hash as a system call in OpenBSD, writing a process scheduler for Solaris, writing a parser that would translate a set of extensions into the appropriate POSIX calls, and writing a virtual memory simulation with sorting routines.) All code was in C
- There's a number of 4th year courses that have a heavy C focus as well due to lower level work. Compared to some other CPSC programs, the U of C has a strong low-level focus. Your statements would be more true of other universities.

Re:U of "C" doesn't teach "C"

[968134]

As a student who is actually in the program that the article is about, and who is likely to take this course come fall, I would like to refute the notion that U of C students don't learn C. As pointed out by others, Computer Science is not designed to "teach" languages... that is something that can be done at a technical college. But in my studies I have picked up Pascal, Scheme, C, C++, Java, Python, and assembly (PDP-11... if you'd believe it).

As for a Java or M$ bias... I have only used Java in one class (this despite James Gosling being a U of C comp sci grad!) and have only used windows boxes in one other in all three years. That you should mention the OpenBSD hackathon is also rather amusing as Theo de Raadt (founder of OpenBSD and OpenSSh) attended the U of C and still lives in Calgary.

(And am I ever glad that I'm getting a computer science degree and not doing IT. ;-) )

-surgin

Re:U of "C" doesn't teach "C"

> You are still expected to learn it on your own, and be able to write C programs when you start doing the hardware, networking, OS, etc courses.

this is one of the largest scams universities are perpetrating on their students. "you have to pay for us to grade you on material that we're not going to take time to teach you." how does this make universities any better than certifications?

Re:U of "C" doesn't teach "C"

> I didn't have to use C untill second year. By then it's expected that we can 1) pick it up 2) borrow a book (CSUS or the library) 3) google for it 4) ask someone for help with a detail of the language (other students, TAs, an instructor) 5) try usenet.

all of those resources are ostensibly free. what the hell were you paying tuition for?

Re:U of "C" doesn't teach "C"

[Alizarin+Erythrosin]

The department of CS here at the university I attend tried to switch the operating systems class over to using Java. What kind of crap is that? I can understand it from an algorithm/"know the technique and apply it anywhere" viewpoint, but come on. If you're gonna learn the guts of an OS, at least learn it in the language it'll most likely be written (C/C++).

Journalism?

Wow, they only lifted 80 per cent of the press release...

http://www.ucalgary.ca/news/may03/virus.html

young virus writers

[pigscanfly.ca]

This is nothing particularly new where I come from . In ottawa a computer camp (Virtual Ventures) , which was run by carleton university students had a quasi course in virus writting for the attendees . While this new course is obviously much more indepth and would probably be of great interest to a computer science student . There are quite a few legitimate reasons to do this , firstly for antivirus people if we can have more "white hats" discovering new Microsoft "features" that allow "remote adminstration" or "security lockout override" we can hopefully develope better ways to protect against these problems. One of the few remaing growth industries in computers is in computer security currently .

One of the slightly less obvious benefits is these computer science students will know what its like to try and find "features" and will hopefully recognize more accidently "features" and take them out before they are exploited.

Joke (If you dont have a sense of humour do not read below this line):

As for everyone who is worried about canada being labelled a place for training cyber teriosist , dont worry most terrorist are educated in the united states and will continue to be we just want a small portion of those who cannot afford the high tution to us instituions [JK] .

Just like lawyers, eh?

[ShieldW0lf]

nt

Learning to be as resourceful as previous crackers

[TrekkieGod]

From the article:

"The first official virus was in 1986 that someone was able to trace back to the perpetrators, which were two brothers in Pakistan," Seneker said.

They were easily traced because they embedded their names and address in a virus.

Or maybe this would be a course on how to avoid mistakes of the past...First lecture reminder: "DON'T write your names on the homework you turn in

Cyber Terrorism? Blame Canada!

[cms108]

sorry.

--
cHris

Huh?

[quantaman]

The course is open to 16 fourth-year students who must work under strict conditions in a secure lab cut off from Internet and cell- phones.


I can see the no internet connections, but no cell phones? I can't think of any viruses that travel over cell phone networks and I think it would be simple enough to ensure that they can't transfer anything to their cellphones so they can't email themselves programs. Also other than containing any viruses let loose in the lab I don't think you can do anything other than teach the students ethics so they don't let anything loose outside the lab. At the end of the day you have to count on responsible students, if you're teaching people you don't even trust with cellphones in the lab you're going to have serious problems.

Re:Huh?

[phillymjs]

If the machines weren't properly locked down, a tiny USB Bluetooth adaptor could be attached to the computer, and the right cellphone could be used (while still in its owner's pocket or bag, out of sight) to establish an alternate internet connection and spread the virus that way.

Admittedly, you'd need some pretty inattentive instructors to not notice someone dicking around with the network settings on their machine, not to mention installing Bluetooth drivers-- but less likely things have happened.

~Philly

Re:Huh?

[freeweed]

Never mind the fact that the floppy drives are probably fully functional. Copy source, bring home, compile, release over an open wireless connection.

Not that I've thought about this in any detail, mind you.

Re:Huh?

Just accessing the floppy drive with a disk in it should infect the disk with many virii written and run on that computer. If not, someone isn't learning proper virii spreading techniques.

Re:canada...

[Clover_Kicker]

> stupid mooseheads!

Mmmm. Moosehead.

Oh Great - more snort rulz to write....

As if I have no trouble keeping up with the latest M$ debuachle... Now I get even MORE snort Rulz to write....

Practical reasons to teach viruses.

[rice_burners_suck]

I think this is a good move, but not for reasons that someone (who would mod this Funny) might think.

One of the largest problems in the software business and the computer industry as a whole is an utter lack of knowledge. For some reason, I doubt that a field like, say, structural engineering would contain so many people who don't know jack. Buildings would collapse left and right. They don't, yet in computer jobs, there are hordes of people who make Windows applications by dragging shiny objects onto a pretty grid, fill in some properties, and call it programming. Lots of folks are taking computer science courses at the local community colleges, yet they don't seem "the type" to do this sort of work. (Indeed, I saw one girl studying at the local library... she was highlighting just about every sentence in a text about different types of loops, and she obviously wasn't "getting" it.) Why is this?

There are many programmers who "get by" by writing cheesy code (with as many holes in it as Swiss cheese). The problems caused by this lack of expertise are enormous. Billions of damages are caused to businesses every year because of computer failures. Many of those failures are due to bugs in software. Many are due to security problems. How can the problem be solved? Passing legislation that makes it illegal to discuss security problems won't solve the problem. There would be "underground" discussions of these things, and the crackers would freely share information that law abiding folks won't. Crackers will break into systems more easily than before the legislation and businesses will be slow to react, causing more damages. It would be the computer equivalent of making guns illegal to law abiding citizens. (After all, the criminals are above the law anyway. If someone is so inclined as to murder people, what difference does it make if some silly law says he can't have a gun?)

The unskilled programmers (who don't even like this work) should stop dreaming of getting rich quick. However, the programmers who are skilled should expand their skills in every direction possible. Certainly, each programmer should focus on the things he does best in order to be more effective at those particular skills, but there is nothing like experience in different types of programming to make someone flexible in this field, creating job security and expert authority. Perhaps a game programmer should try a small database job. Or a database programmer should try hacking some small feature into an operating system kernel.

Viruses are a legitimate subject of study. By teaching viruses, universities will give people a lot of power. Some will undoubtedly use it for evil, and we'll get some new viruses out there. But this would happen anyway.

Who, for example, are the best security consultants when it comes to credit fraud, insurance fraud, computer fraud, etc.? The perpetrators! There are examples of folks who committed all kinds of crimes and went to prison. Afterwards, they became "white-hat" consultants in their fields, teaching banks, governments, businesses, etc. how to protect themselves from people just like the consultant. They often make more money by teaching this knowledge for purposes of good than they did by committing the fraud in the first place. In other words, if you have experience with performing some act, then you undoubtedly know more about what makes someone vulnerable or safe from that act than any fool claiming to be a security expert.

The advantage of teaching viruses, which heavily outweighs the disadvantage of misuse by a large degree, is that programmers who have experience with viruses--not just by removing them from friends' clutter-ridden computers but by writing them and finding out what is effective from a virus writer's standpoint--will be more effective at designing systems and writing software that is less prone to the evils of viruses.

I think the field of Computer Science would benefit by teaching SPAM, cracking, and other forms of abuse in order that honest folks (nearly all of us) can protect themselves from the dishonest ones with the very same knowledge that makes the dishonesty so effective.

Re:Practical reasons to teach viruses.

sorry man, that was too long to read. i'm sure its interesting, but yah. waaaay too long to read.

Re:Practical reasons to teach viruses.

In a roundabout way, you've pointed out the precise reason this type of course is necessary. It's not the technical skillset, though that is a prerequisite; it is the way of thinking. So very few people seem to explicitly understand how critical the ability to "think different" really is. The more people there are who can think about something several different ways, the better off we all are.

That's how I learned

[PetoskeyGuy]

Anyone remember Mark Ludwig? I remember getting "The Little Black Book of Computer Viruses" and his other books. It contained excellent explanations of how programs work, COM, EXE strcutre and then how to use ASM to modify those programs. There were ever some polymorphic virus in there all with Source Code. His later books, The Big Black Book of Computer Viruses and Computers, Viruses and Artificial Life were all right, and discussed Alife ideas about the code really being alive in the "world" of the computer.

I haven't read his latest book, The Little Black Book of Email Viruses: A Technical Guide. I haven't thought about that stuff in a long time. It did allow me to find the ILoveYou virus and fix it at our company by quickly renaming the wscript.exe program since I learned to think about viruses in terms of what they needed to reproduce.

Personally I think the Novell file security system would be an excellent way to combat viruses and other things. Read, Write, Execute, Copy, Modify and a few others all as true seperate rights. Pain in the but to configure, but very nice once it was setup

Windows NTFS is a little better then just Read Only, Hidden, and System, but even the standard Linux RWX3 rights make me miss Novell. Anyone know if there is there a filesystem out there for Linux that has that level of rights?

Personally I don't know if it's possible to have a secure system that that is still usable by the masses who just want to check there email and click OK on every message box that pops up. It's hard enough to secure things when you know what your doing.

Re:That's how I learned

[Proudrooster]

Actually, the ext2 filesystem supports the following commands in kernels > 2.2

chattr - "Change Attribute"
lsattr - "List Attributes"

Chattr gives you access to these new file attributes
don't update atime (A),
synchronous updates (S),
synchronous directory updates (D),
append only (a),
compressed (c),
no dump (d),
immutable (i),
data journalling (j),
secure deletion (s),
top of directory hierarchy (T),
no tail-merging (t),
and undeletable (u).

Note: If you are running databases under Linux, set the (A) "don't update atime" attribute on all of your datafiles. It will save you some worthless I/O since the files are constantly accessed and there is no need to update the last accessed time. And for that really special file, try setting the (I) immutable attribute.

It's not quite Novell rights, but a step in the right direction. Note: I think chattr was introduced to support the ext3 filesystem which features a hidden, immutable file that contains journal information.

Re:That's how I learned

[tfinniga]

Anyone know if there is there a filesystem out there for Linux that has that level of rights?

Well, in my operating systems class, my professor often mentioned the Andrews FS, which lets you have acls in linux.. Google gave me this info about AFS permissions

Re:That's how I learned

[Jester99]

I'm curious.... if you have Read access on a file, and somewhere else on the drive you've got Write access to a directory, how couldn't you copy the file?

Why have Copy be a separate right?

(What good would it be for you to be able to duplicate a file you couldn't read? Seems to me that you'd implicitly have Copy if you have Read, and vice versa...)

Re:That's how I learned

[Leebert]

You can also do this with XFS and "chacl", which has all sorts of ACL's I'm too lazy to mention here.

don't worry about anything bad coming from this...

[kyjello]

I am in computer science at the University of Calgary, and everyone before the 4th years this new school year were taught pascal and java right from the start(sic). I wouldn't be too scared of what they can do in this course after this school year.

System.out.println("You are owz3d!!1");

Believable

[ShieldW0lf]

I couldn't say if it is, but that sounds like a reasonable number... We had virii rip though the office about 4-5 times a year at my last job, and the whole network would be down for the better part of a working day. $25/hr * 8hrs * 80ppl = $16,000 in paying employees to hang out at the water cooler, not to mention the loss of business revenue. And that's just one medium-small business. If 100,000 similarly sized businesses had one day like that a year, there's your 1.6 trillion.

Finally!

[MongooseCN]

This will let Bush make all those jokes about invading Canada become a reality.

Wait, I meant liberate Canada from cyber terrorists.

In other news...

...the University of Calgary has announced the addition of 133t-sp34k to its Foreign Languages department.

it makes me wonder

[Cnik70]

why they would not instead take a proactive approach and simply IMPROVE computer science / information systems courses to stress data and system security, and ways to better implement these aspects within applications, networks and operating systems.

So now we have

[Tri0de]

The 'Eh?" virus coming our way.

If America and Canada got into a war, where would all the draft dodgers go?

Re:So now we have

>If America and Canada got into a war, where would all the draft dodgers go?

Simple, there would be no draft, Canada would fall quicker than Baghdad.

Re:So now we have

[n3r0.m4dski11z]

come get some troll. see im not even posting as anon.

Re:So now we have

that's the funniest thing i've read on slashdot in a long time. cheers!

Re:So now we have

[rune2]

When it starts singing the theme song from "Great White North"....run! :-)
Take off eh you hosers!

Re:So now we have

You dumb bunnies tried that in 1812. As I recall, the Canadians gave you a whupping back to the White House and burned it down.

Re:So now we have

[Idarubicin]

If America and Canada got into a war, where would all the draft dodgers go?

Canadian draft dodgers would go to Cuba; they should be safe there, and flights are readily available. Despite decades of effort, the Americans still haven't been able to bring down their government.

Draft dodgers from the U.S. would have to travel to Cuba by raft, I suppose.

Well, they're too busy teaching "A" ("Eh?")

/me ducks

Not only that...

...the civilian casualties are guilt-free!

Re:Karma whoring -- Text from site

Even though you will be among those lined up against the wall come the revolution, this one will never lose its charm - always good for a chuckle...

Not a Troll or Flamebait.

[teamhasnoi]

As I understand it, Canada is militarily weak. Why shouldn't they have a school for 'cyber-warfare'? It is one way that they could easily compete offensively - write a virus that takes guidance systems, communication, and perhaps some actual weapons (see American ship and Win NT) offline.

This method would also be cheap in terms of raw materials. If you can threaten an attacking country with the destruction of their economy or failure of basic utillity systems, without having to mobilize a pile of troops, you're money ahead. Sounds like a plan.

Re:Not a Troll or Flamebait.

[The+Master+Control+P]

Speaking about the American "Smart Ship," I read a C-Net article on it. Yeah... This thing routinely dies and it takes millions to haul it back to port. And what do they say about their choice of NT over Unix? "Although Unix is more stable than Windows NT, Windows may become more stable in the future" And the government wants to/is installing it in our Military weapons? Maybe the ship's smart, but I don't know about the people who built it...

I can just imagine it now:
Navigator: "Now within 100 miles of North Korea, sir!"
Captain: "Very good."
Sonar: "Sir, I'm reading a lot of Korean ships out there."
Engineer [Over intercom]: "CAPTAIN!! The network just crashed. We're dead in the water."
Captain: "Oh shit..."
Sonar: "Just before the computer died, I saw all the Korean ships converging on us."
Junior Engineer who just ran up from engineering because the computer crash took all intraship communications down: "Captain, the computer says "H4X03D BY K0R34!!!"
*On the Korean fleet*
Captain: "Comrade Engineer, did you really just disable their cruiser completely?"
Engineer, at h4x0rs terminal: "Yes."
Captain: "This is pathetic..."
*The Koreans capture the ship, and take it to their port. After several weeks of tense standoffs, they finally manage to get the computers running again. They learn it's running Windows, and offer to tow it to Hawaii AND check it for any viruses. It arrives at Hawaii, unscathed.*
[At American port] General: "What do you have to report?"
Junior: "Everything is fine. Except that all the computers have been wiped, and when we turn them on, it says 'Viral Software Removed...'"

Re:Not a Troll or Flamebait.

[Omkar]

The US military is probably not going to let mission critical equipment be accesible so easily. You'd need commandos to insert the code, and while you're there, you may as well blow the stuff up.

Re:Not a Troll or Flamebait.

[gobbo]

Canada's only real threat of invasion comes from our staunchest ally, across the 'longest undefended border in the world'. During the early 90's, Fort Drum in upstate NY had urban warfare training exercises and deployable hardware that could've seen an occupation of key points in Ottawa [that's the capital of Canada for those of you who studied geography in the USA's public school system] in about 6 hours. I don't know what their deployment of forces along the border is like now, though.

And we all laugh about it, after all, they'd never invade us, right? No one would stand for it, they have no reason to...?

But it's nervous laughter. We remember "54'40" or fight!" and feel the loss of sovereignty through NAFTA and other agreements, as well as the belligerent patriotism that oozes northward with a caustic eye. Some of us are acutely aware of the years of maneuvering around access to our resources, particularly energy and the alarming megaplumbing projects aimed at flowing water south. The latest unapologetically neocolonialist activity in oil regions makes us even more nervous. Now we have a populist and realist movement to give us further liberties over our own bodies by decriminalizing personal use of cannabis and hemp production that is being squashed by the Drug Lords of the Bush Admin, and we feel more anxious about US power over us than the loss of that particular freedom.

This is something we don't talk about publicly much [a political taboo?], but it's a pretty common topic across demographics, once you get a few drinks into people.

However, I don't think that a few students studying virii indicates much about our defense priorities. CSIS, the RCMP, and the military agencies have put a fair proportion of their [relatively limited] resources into exploiting networks as a strategic zone.

Re: i can just see the film...

[op51n]

Disgruntled Professor in said subject goes insane (but his inherent humanity remains for later purposes in the script, naturally) and writes a virus that will 'bring down the planets computing power'. Former student and star of the class is brought in (obviously from somewhere and time at which they for some reason cannot face computers (possibilities: severe RSI, Epilepsy set off miraculously by 65-85Hz screens, Blindness...) to defeat the mad professor, before the final showdown with badly executed profundities.

And all the computer scenes have to use a bizarre and unique 3D styled UI, that looks wholly unusable, and slightly, if not completely frustrating.

Geee, I can't wait *lays on the fake exuberance*. These things always happen when something becomes more mainstream.

420 eh..

[dave1212]

..and I thought I was going to be part of the next wave of terrorism.. pot smokers!

It's weird, though, I always see us as peacekeepers once Bob has entered the room ;)

This mirrors the gun control issue

[Stonent1]

Gun owners will argue that if your children learn to respect firearms, then they will be less likely to misuse them. Perhaps this will follow in the logic. But then again there is the "out of site, out of mind" theory as well.

Re:This mirrors the gun control issue

[Stonent1]

Forgot to add this...

Criminals may own guns, but then again so do the police. So if we follow history, hand to hand combat declined with the invention of the long bow. So how do you fight a man with a bow? You use a better range bow against him.

Re:This mirrors the gun control issue

Whoever modded the parent off topic obviously didn't read it. What an idiot.

Not a big deal...

[Goonie]

Hey, I learned how to write buffer overflow exploits in my final-year security class.

If you're playing defence, you need to understand how the offence does it's thing. No great shock there.

MOD PARENT UP -- REALISTIC

All too true...

A special lab!

[MavEtJu]

in a special new disconnected lab

As if that would be a problem which can't be overcome. Or is it done on the iMacs which don't have floppies or CD-writers?

Edwin

Re:A special lab!

[CableModemSniper]

Speaking of viruses...remind me NOT to type in random people's sigs. oo, that looks interesting...maybe it will be a quine. Doh!

Finally...

[AchilleTalon]

Mafiaboy will be taught the right way!

Studying viruses is important

[Frater+219]

My job includes being the computer security guru for my workplace. In that role, it's my job to understand the way my clients' systems work, so that I can recommend effective operational ways to improve their security. It's also my job to understand the world of attacks -- not just keeping my ear to the ground regarding what kind of shit is going down at the moment, but understanding what attacks are possible, which are likely, and which are worthy of taking special defensive measures.

I recommend strongly that anyone in a role like mine take some time to study viruses, exploits, rootkits, and other pieces of hostile code. These are a basic part of the security environment in the field. The more you understand the crap that the Net's rejects and crackheads are throwing at you, the better a job you can do.

Here's just one example of what we can learn from viruses; a bit of an older example, so I'm not doing too much of your work for you:

Let's say your client is considering a bonehead move -- like, say, deploying Microsoft Outlook enterprise-wide. Any security nerd can say "duh, Outlook sux0r, it's full of vulnerabilities, that's why it spreads viruses." However, if you have read the source code of the LoveLetter and Melissa viruses, you will realize (and can explain to your client) that these viruses do not exploit vulnerabilities at all -- at least, not in the sense of buffer overflows and other attacks which target bugs in software. These viruses don't crack anything -- they use perfectly ordinary, documented API calls. It isn't holes in the Windows Mail API that make it a virus breeding ground -- it's just its built-in, designed, intended functionality. That's why these viruses can still spread after years of bug fixes: their critical paths do not rely on bugs at all.

What do we learn from these viruses? Security is not about patching bugs, or having bug-free software. It is about correctly modeling the trust relationships people have with each other regarding their computer resources, in software. The Windows MAPI's design implies an assumption that people want to entrust word-processing documents with the power to send hundreds of emails. That's obviously wrong -- and that, not any bug, is what must be explained to convince someone that Microsoft's mail software is a bad security choice.

There are many more lessons to be learned by understanding hostile code. There are lessons about user interface design: many email viruses depend on getting the user to take some action (opening a message, running a macro, etc.) which unintentionally grants the virus trust and privilege (even the privilege to run code) that it should not have. To design secure systems for users, we must have user interfaces which do not promote such deception. There are lessons about system monitoring and the habits of sysadmins: Unix rootkits, which alter the system to conceal the tracks of an attacker, show just how easily a too-shallow maintenance or log-checking routine can be deceived. There are many lessons.

Get yourself some virus source code. Google will help. Read rootkit code, and the analyses thereof which researchers on SecurityFocus and other sites have published. Understand these attacks, and you will understand the systems they target better than you do now.

Re:Studying viruses is important

[sam0ht]

I completely agree. I think anyone who knew about these capabilities within Outlook, should have been able to predict the problems in advance too. When a friend discovered the same capabilities in Lotus Notes, he certainly did. (this was before the run-on-open outlook stuff).

If more people actually tried to look forward and think what loopholes might be exploited in the future, rather than merely reacting, we might be able to secure more business software pro-actively rather than reactively.

Interesting books on the subject

[CPgrower]

Mark Allen Ludwig wrote a controversial book on computer viruses in 1991. If I recall correctly he discusses (with full source) five viruses of increasing complexity - the ultimate being a "stealth virus." It's an interesting read for anyone into computer security. He has also written a second book on email viruses.

Little Black Book of Computer Viruses: Technical Aspects, Vol. 1
by Mark A. Ludwig
American Eagle Publications, Incorporated (May 1991).
ISBN: 0929408020

The Little Black Book of Email Viruses: A Technical Guide
by Mark Allen Ludwig
American Eagle Publications, Incorporated (February 2002)
ISBN: 0929408330

omfg

does west point train the next generation of postals or peacekeepers...

nææ forget it, with american foreing politics
they are bound to be postals.

he might shoot me som time so i kill him...

wow this got quite off topic now

The best...

[voxel]

The best bomb creators make the best bomb technitions.

I'll take anti-virus software from the most "evil" virus creating minds in the industry over some programming wannabe's anti-virus software.

This is granted that these "evil" virus creating minds arn't too "evil" and put back-doors in their anti-virus software :)

- Jeff

your're an idiot.

SOA trains on counter insurgency (how to squash left wing rebellions in your/my pathetic Latin American country) like the FARC in Columbia (although they're just about the drug money now) The FARC, et al are the terrorists.

Although many right wing Latin American dictators(Galtieri) and generals were trained there, they aren't terrorists.

You must understand:

left wing oppression == terrorist: FARC, SHINNING PATH

right wing oppression == no other way to stop the misguided commies. Pinochet wasn't all that bad.

It's nice and cute to be living in the first world and complain about how bad human rights are in (insert your favorite Latin American shithole here) but the truth is, human rights get REALLY bad when the left takes over.

Instead of complaining about the SOA, why don't you complain about Cuba training and supporting terrorists in Columbia and most poignantly Venezuela. Where Chavez followed Castro's(and Hitler's) playbook to the letter. I will summarize, talked a good (leftist) game, got elected by 80% of the vote, promptly revamped the constitution and parliament, extended his term twice. He's there for life.

I lucky escaped my Latin American shithole, I know what goes on there. You should regurgitate shit you hear on NPR but don't fully understand.

Re:your're an idiot.

Pinochet wasn't all that bad

Unless you happened to be one of the many many thousands of people who were "disappeared" because you belonged to a trade union. Or maybe you were the brother or sister or child or parent of someone who was perceived by the fascist cunts that populated Pinochet's regime to be left of center, so you were "disappeared".

I know that your post is a troll, but how the fuck can you say that "Pinochet wasn't all that bad"? you clearly have little to absolutely no concept of what went on in Chile at that time. either that or you're a fascist tosser who is too busy "saluting" the tattoo of hitler you've got on your quarter inch dick.

visual studio is a virus

[ratfynk]

Who gives a rats ass. If all they learn is how to hack out Windows software.

We need these guys

[TerryAtWork]

North Korea is graduating 100 hackers a year from it's elite school. How much longer past the end of NK communism will these people be making trouble?

Recent history has taught us an ex-communist is a lot nastier than a communist.

Re:Learning to be as resourceful as previous crack

[SirDaShadow]

My mind is a little fuzzy at the moment, but didn't we had to deal with Commodore 64's disks with viruses long before 1986?

On the cutting edge....

[csash]

I actually just recently completed lectures with Dr. Aycock this past fall on Operating Systems. This guy definately know's his stuff. Through the course of the semester, he would bring in the CERT advisements, and actually go through (in a high-level manner) and tell how operating systems could be compromised. After learning about how they could be compromised, we took special measures to make sure our assignments were secure against for example, buffer-overflow. He, and our TA's purposely took measures to break our OS assignments, and our grades were assigned accordingly. It all contributes to better code, and I dont think the introduction of Virus' to the university would be any different. The University of Calgary has been very diligent at offering new cutting-edge (cutting edge in that they havent been officially offered before) courses such as this and Games Programming (UofC was the first university to offer a concentration in games programming).

What the hell is up with the Maclean's ratings?? =)

cyber-terrorists... or peacekeepers?"

[Saint+Stephen]

The answer is: terrorists.

Hiring a cracker as a security expert is like starting a long-term relationship with someone who's cheating on their current partner: they've already demonstrated their willingness to cheat!

Re:cyber-terrorists... or peacekeepers?"

[dhalgren]

And thus the problem with poor analogies is revealed.

I presume you'd rather hire someone who didn't know what he was up against as an 'expert'?

And by the way, these people are not crackers. They are students being taught the things they will be expected to know. If someone hasn't the training to find the holes in your systems, why on Earth would you hire them to plug those holes?

Re:cyber-terrorists... or peacekeepers?"

[The+Master+Control+P]

Hacker != Cracker

Hackers are people who try to make computers do innovative new things. Bill Gates is a hacker (Manages to slow your computer down as fast as Moore's Law speeds it up...). Ok... Eh, bad example :). Crackers are malicious people who want to cause electronic anarchy and chaos. Now there is no denying that some of the hackers the university wants to train may go over to the dark side, but most of them will stay on the light side.

A different analogy: Hiring a cracker is like putting a serial bomber on the SWAT bomb squad. Hiring a hacker is like hiring someone with a natural gift for diffusing bombs.

wait a bloody minute...

[mix_master_mike]

if ($Hacking == $VirusWriting)
{ print "the media has won"; }

for goodness sake...

Better viruses

[MillionthMonkey]

In fact, when educated, most people will use their powers for good, not evil.. :)

Exactly. Most virus code is horribly written. If we're going to have malicious self-replicating code running on our machines, we should demand high quality code that doesn't crash. So many virus writers can't code their way out of a paper bag.

I demand my viruses to be written by CS graduates. If you don't at least have a CS degree, I won't click on the attachment.

I've had this prof before . . .

[Brad+Cossette]

The instructor is Dr. John Aycock, and he's definitely one of the better instructors we have in CPSC. His focus is in compilers and OS's, and taught the 3rd-year OS class for I think the first time last Winter.

He definitely has a strong security focus in his courses, and has one of the highest standards I've encountered in a prof regarding testing ( after turning in our implementation of an md5 hash as a system call in OpenBSD, he asked the class if anyone had tried testing with 1 Gb input strings. Just an example).

There's another course with a similar bent - a 4th year SysAdmin course that's year-long and involves substantial network programming. I'm told that the instructors will take down the network during your examination, forcing you to fix things while still completing your test online. Past grads also like to hammer the servers the students setup.

Personally, I'm glad to see these courses - most of these problems are things I've no clue about or would even think about how to prevent. Exposure is a start.

Re:I've had this prof before . . .

the problem with that course is that none of the students knew what's happening!

boy are undergrads dumb!

Re:I've had this prof before . . .

(: thanks - re the 4th year sysadmin course. As
one of the instructors, I can tell you we enjoy
teaching it.

Blame Canada

[PHAEDRU5]

Sheila: Time's have changed
Our kids are kids are getting worse
They wont obey their parents
They just want to fart and curse!
Sharon: Should we blame the government?
Liane: Or blame society?
Dads: Or should we blame the images on TV?
Sheila: No, blame Canada
Everyone: Blame Canada
Sheila: With all their beady little eyes
And flappin heads so full of lies
Everyone: Blame Canada
Blame Canada
Sheila: We need to form a full assault
Everyone: It's Canadas fault!
Sharon: Don't blame me
For my son Stan
He saw the darn cartoon
And now he's off to join the Klan!
Liane: And my boy Eric once
Had my picture on his shelf
But now when I see him he tells me to fuck myself!
Sheila: Well, blame Canada
Everyone: Blame Canada
It seems that everythings gone wrong
Since Canada came along
Everyone: Blame Canada
Blame Canada
Some Guy: There not even a real country anyway
Ms. McCormick: My son could've been a doctor or a lawyer it's true
Instead he burned up like a piggy on a barbecue
Everyone: Should we blame the matches?
Should we blame the fire?
Or the doctors who allowed him to expire?
Sheila: Heck no!
Everyone: Blame Canada
Blame Canada
Sheila: With all their hockey hubbabaloo
Liane: And that bitch Anne Murray too
Everyone: Blame Canada
Shame on Canada
The smut we must stop
The trash we must smash
Laughter and fun
must all be undone
We must blame them and cause a fuss
Before someone thinks of blaming uuuuuuuuuuuuuuuuuus

My school had this

[MrByte420]

I studied computer science at the University of Massachusetts where we actually had a course in network security. It was pretty awesome - it was taught by the people who did the security for our school and went through things like IDSs, buffer overflows, busting stacks, ARP/IP spoofing, and encryption. We had a lab of 3 subnets of 3 linux boxes each, a router and a server (that incendentally was not hooked up to the internet or anyhting else for that matter) and did labs with SNORT and the likes - absolutely great experience and what I learned in that class helps me every day (I'm a lead tech now at a large webhosting company) Learning security and how exploits really work (versus script kiddies running ./HackThisBox.sh) really reinforces topics things like TCP/IP in ways that are really practical and gives you a much more concrete understanding of the underlying technology then the more traditional comp sci undergraduate classes.

So am I a terrorist?

[rworne]

My university here in California teaches a course similar to this at the 4th year undergrad or graduate level.

I just finished writing my final exam (actually, a report) in the "Network Security" class. It was actually quite fun. The class is divided into several teams of 3 or 4 students and each team sets up an e-commerce site that is visited by an administrative team that logs successful transactions from their own machines.

Each team's job is to keep their site up while simultaneously trying to knock other teams off of the network. Each site uses two machines with two different operating systems: Redhat 8 and Windows XP professional.

Needless to say, we checked the security and hacking sites several times a day to make sure to be aware of new exploits creeping out.

Hack sessions were "anything goes", we basically progressed from larval stage (script kiddie) to juvenile (perl, java and C based exploits.

No one wrote any new exploits this time around, but a whole new batch of wet-behind-the-ears "hackers" are released from this univeristy every semester.

Of course, the purpose of the class is to create an environment where teams can learn about security by practicing the arts of the "Black Hat". It was surely the most fun I have had yet in the university.

H4XOR's in Canadia

[Unixinvid]

What? You mean to tell me that Maple Leaf Canucks are teaching people to hack. We all know that the United States has some of top H4XOR's in the world. The NSA actually hires people to do stuff to other govmt's.

Re:Just another reason for the U.S. to hate Canada

[Seek_1]

I think you're confusing hate with envy here....

Too Funny...

[Blarfy_Snarflepoop]

I'm the guy that'll be building the lab!

I could prove it: http://pages.cpsc.ucalgary.ca/~erik

But, looks like someone has been doing some early studying for the course; our DNS is pooched. Oh well, its after hours now - it'll have to wait until tomorrow...

Kirk did it.

[xixax]

The first year results are held on an unpatched IIS box.

For your final exam, there's a security certified server that holds your results. If you can give yourself an A+, you probably deserve it. :o)

Xix.

Rommel, you magnificent bastard...

[toxic666]

I read your book!

Knowing how enemies think and operate is the best defence against them. Having people trained to do so at the university level is in software security's best interest.

new? hardly...

[aggieben]

My university has been doing this sort of thing for over a decade. We have a graduate-level security class accompanied by a "live" network environment where there are no rules (except that nothing done inside the "sandbox" is to be exposed to the public internet). While many specific techniques like virus writing how-to's might present aren't formally taught, learning them is part of the course, as well as successfully using them against real machines that are actively defended.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:AWWWW YEAH HAY DOOD L@@K HERE

[MntlChaos]

that should be 1337 1337, 1337 1337 1337, not 1337, 1337, 1337, 1337. get it right.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Blame Canada!

You'd never invade us - we're such a big, _friendly_ country! :)

That I'm reminding you of the way the rest of the world would rally behind Canada (talk to any non-American), and of the fact that the best snipers in the world are Canadian (look up longest combat kill), and of the fact that there's an iron core of determination under our cheerful exterior (look up Vimy Ridge), isn't a threat - they're just fun pieces of trivia! :)

So, really, the fact that invading Canada would turn into an incredibly bloody guerrila war ranging across the entire continent is irrelevant, since we're such a big, _friendly_ country! :)

Not funny!

[Robber+Baron]

Seeings how Canada is sitting on top of somewhere in the neighbourhood of 200 billion barels of recoverable oil in the tarsands of Northern Alberta. For God's sake, we shouldn't be giving those yankee bastards and their bushit never-ending war on "terra"(oil) any excuses!

pssst!

Read the grandparent post again, this time without your DUMBASS cap on.

They're not terrorists

[Zork+the+Almighty]

When they're on our side, they're called Freedom Fighters!

Nifty!

[anthonyrcalgary]

I'm in comp sci at the UoC... Becker mentioned this to me, but I had no idea it was out of the ordinary.

Those Canadians

You gotta love Canadia!

Life imitates Hockey

[Cappy+Red]

Brings a whole new meaning to "Calgary Flames".

*honk*

Re: i can just see the film...

[Xerithane]

Former student and star of the class is brought in (obviously from somewhere and time at which they for some reason cannot face computers (possibilities: severe RSI, Epilepsy set off miraculously by 65-85Hz screens, Blindness...) to defeat the mad professor, before the final showdown with badly executed profundities.

Nah, the former star student would be in jail and would be released a la The Jackal to catch the mad professor. Then they would let him "disappear" only to find him later at a cybercafe dead due to bloodclots in his legs...

10 years ago...

[dcollins]

Writing viruses was actually covered in the assembly language class I took at UMaine circa 1992, in the last chapter of the instructor-written textbook. The rationale in that case was that in informing CS students how easy it is to write viruses, they would no longer see them as technically impressive and therefore not be interested in pursuing their creation. (I just taught my first assembly class this past semester, and use this as an anecdote without actually covering it myself.)

Since I have the text right here, I'll quote it: "...you do not have to be a genius to write a virus... Some people use virus writing to prove their programming skill, but this is poor proof of such skill in my opinion. It's about as much proof of genius as throwing a brick through a window."

Canada hacker school

Darn that's so kewl

Re:Just another reason for the U.S. to hate Canada

not hard for an amerigoon to be confused.

but that sort of defeats the purpose

[Trepidity]

I agree somewhat with that approach, and am personally glad it's the one I took, but in some ways it defeats the purpose of the high-level abstraction. The point of abstracting memory management is not that you already know what's going on under the hood, but that you should be able to code at a high-level and let the compiler worry about what's going on under the hood. Ideally you would have no idea what was going on, though in practice this isn't entirely possible (since often you have to put implementation considerations into your high-level programming since compilers aren't yet good enough to optimize everything well).

Note though that C being "low level" is somewhat relative -- if you're running on a Lisp machine (where Lisp's primitives are implemented in hardware), then Lisp is low-level.

Re:but that sort of defeats the purpose

Memory management (or rather, managing the availablity of), like understanding considerations of running time, IS important to the implementation of algorithms.

Not just because your garbage collection system currently isn't good enough, but because you have, unavoidably, a limited amount of memory, and you always will.

Heap operations can have an enormous, though secondary, effect upon running time. You need to know what is going on.

Saying that you need not ever know how to manage memory within the implementation of an algorithm because it is only something that engineers do is simply a matter of not addressing the problem because you'd rather not dirty your hands.

Memory management is an essential part of computing, It will always be with us.

Finite memory.
Finite processor speed.

These are the SCIENCE of CS.

Re:but that sort of defeats the purpose

The point is to come to a sufficient have a sufficient understanding of memory management that handling it in the implementation doesn't affect your ability to correctly understand or implement the algorithm.

Either that or you can hide from the problem, and continue hiding from the problem all your life by staying in the circle jerk that is academia.

Computer Science is also implementation

Computer Science is not just the study of algorithms and concepts. It is also the study of algorithms and concepts in computing.

Just as a student in a mathematics program learns both numerical and symbolic concepts, so also must the Computer Science student if he or she is to be worthy of a degree.

No, you should not study particular current software development technologies if it is done just for the sake of studying being able to say that you know them. That would have been a waste of my money which I wouldn't have stood for.

However, you must understand and be profecient with the allocation, deallocation, and addressing of memory as a means of implementing algorithms and concepts, i.e. of DOING computing.

Just as you learn how to both model and approximate the running time of a particular algorithm for a particular set of data, you also need to understand and take into account the concepts of: memory addressing, memory allocation, and memory deallocation.

These three concepts are not simply an artifact to be dealt with only by - gasp - software developers, but are in fact essential to the SCIENCE (the real and conceptually real world) of computing. We will always have limited available memory, and we will always have limited available running time.

"C" exposes all of these concepts to the student without the unnecessary complexity of assembly languge, and while still being high enough level to allow the student an appreciation of the algorithm.

Of course the student should also be exposed to LISP, but must still be exposed "C" or another language which exposes these concepts to the student.

I am not a software developer by the way. I am a student who completed an undergraduate CS degree and am now completing an undergraduate Philosophy degree.

GT Has This

Georgia Tech has a similar hacker lab. You
have to be in a special class, and the lab is not
on the net. To take the class you have to go
through some sort of clearance process. I've
heard they do attacks, virus writing, DNS
poisoning. They even do physical attacks,
making keyloggers, hack bioses, and other
dirty tricks. I hope I can take the course one
day!

About time

[tyagiUK]

It's about time CS students got back to learning some proper programming languages, methods, algorithms and system-level understanding. Having seen numerous UK Universities go from teaching assembler and hardware-level courses to being a middle-of-the-road Microsoft house, I think this type of course can give students a true understanding of the systems with which they're working. I just hope they're not only concentrated on .Net viri built using a template "virus wizard". -- Core Wars should be part of every curriculum!

Point being!?

Whats the point in teaching this considering that anyone who can write a program which does what is supposed too, can make a virus? Seems like a waste of time. What should be taught is what viruses are and also why the virus makers are always one step ahead and therefore learning 10 year old techniques isn't going to make any difference! Learn something useful, like how to patch a system and keep it safe 98% of the time! Must be a crap Uni no offence.

Languages are moving higher...

[mcrbids]

C is becoming more and more the "assembler" of yesteryear.

Nobody today writes directly to CPU registers. But 20 years ago, they did.

Few people today bother with assembler. It's too low-level. Instead, people work with C/C++, or any of the numerous high-level languages. There was a time when "C/C++" was considered "high level". Well, Python/Perl/PHP/Java are the "new" C languages. Java in particular has more developers working on it than C, currently. They are high level, and provide new degrees of abstraction from the underlying system.

I'm nearly done with a 15,000 line project in PHP. To do the same in C would probably at least double, maybe quadruple the line count to get a product that's not noticably faster on a 1 Ghz Pentium.

As computers get faster, we move farther away from "bare metal" (such as assembler) and the languages become richer and more abstracted.

C's day is becoming more the art of the kernel and the low-level libs.

Wouldn't you rather not have to worry about allocating RAM before stuffing the ordinal value of 11 into a variable?

In PHP, that's
$a=5;

Sinple, no?

Hacks, Hackies, Hackers....

[jefu]

A quick scan at dictionary.com shows all kinds of definitions for hack and hacker. Leaving aside the definitions in question and the Jargon file entries we have for hacker :

• One who enthusiastically pursues a game or sport
• someohw who plays golf poorly
• an expert or enthusiast of any kind

For hack (much more fun - but certainly related) :

• a carriage or hackney for hire
• a horse used for riding or driving, a hackney
• a worn-out horse for hire, a jade
• a writer hired to produce routine or commercial writing
• a procuress (!!)

Language by prescriptive rules...

...died as a serious scientific pursuit a long time ago.

Insisting on correctness has absolutely nothing in common with wearing vulcan ears in public.

Well, sure it does.

Language isn't a prescriptive animal: languages aren't constructed in dark corners by funny men with hats who bless some usages as "correct" and others as "heretical." (These nefarious dark corner dwellers have existed, true, but their success lied mostly in capturing the heretics, not in conjuring the spectre of "proper language.")

No, language is *descriptive.* The common use is as proper a use as any, if not "more proper" from the statistical standpoint.

"Cracker," as you mean it, has very little support even from the community that is supposed to embrace its use as "proper," really.

Some people use it, but, it's mostly people who either a) need a nit to pick or b) are trying to "fit in" after reading the Jargon File or something ("Ha ha! We've caught you, dear n00b, you can't be a real hacker now--you see, son, it's VEE EYE." ;P).

It's a naive argument to make--that all the real use out there by real people is someone wrong because anachronistic apocrypha tells you so.

Pfeh. Say, "cracker" if you want. It's not wrong but it's certainly not the one and only correct use.

Re:Language by prescriptive rules...

[croddy]

Language isn't a prescriptive animal: languages aren't constructed in dark corners by funny men with hats who bless some usages as "correct" and others as "heretical."

erm, the corollary to this is that language derives its usefulness from mutual consent. I can say "340cfm3j9" in place of "heretical," but that's not a good language unless the people I'm speaking to have a lexicon that makes them equivalent. in fact, the lack of a prescriptive authority makes it even *more* important that we use words precisely.

I would argue that, to communicate clearly in this situation, "cracker" is required, because the general (non-1337) public will understand it to mean malicious acts, *and* those familiar with the finer hacker/cracker distinction will also parse it correctly.

using a word is prescriptive, because its use (in context) creates its meaning. the mere fact that dictionaries present a descriptive report does not give license for words to be (mis)used haphazardly.

(wittgenstein and dewey explain this far better.)

not a bad scheme: copy=yes read=no

[10am-bedtime]

by separating copy from read, and allowing copy privs but not read privs, you basically force the requirement of some kind of "copy-file" system call (instead of allowing it to be done "manually"). system calls can be logged for accounting purposes, and the resulting copied file can be made also w/o read privs, the end effect being whoever invokes that copy-file system call is guaranteed to be opaque to the data.

security is improved because you don't need to audit that program wrt that data (as much ;-). failure of that program (whether by implementation or by external (virus) factors) has much less chance of compromising that data, and what chance remains is highly localized.

In other news...

[Mensa+Babe]

Canadian University to Begin Training Hackers! They plan to be the third world largest hacker training ground, just after MIT and Berkley! Watch news at 9 pm! *sigh*

Re:AWWWW YEAH HAY DOOD L@@K HERE

[Mafiew]

I don't know about you but I laughed really hard when I read this post, I think it ought to be modded up.

Simple answer...

[JohnnyCannuk]

"Know your enemy, know yourself and in a hundred battles you shall not lose"

Sun Tzu :)

Re: i can just see the film...

[op51n]

You're a producer aren't you?

Sorry, overly cruel!

Adopting common usage

[The+Monster]

Should we start referring to the system case as the "hard drive" and the monitor as the "computer"?

No, silly! We should call the case the 'modem', and the monitor the 'terminal'. Sheesh!

Hackers is Correct Here

[neildiamond]

Actually if they are cracking for good, then aren't they really hackers?

Haven

[Apostata]

Quote: "Will Canada be accused of training the world's next generation of cyber-terrorists... or peacekeepers?"

We've always been seen (in US eyes) as a haven. A haven for terrorists, a haven for criminals, a haven for whatever it is that you want to leverage against Canada.

Humourously, if you watch Close Encounters of the Third Kind, you'll see on Richard Dreyfus' wall a newspaper clipping with the headline: "Is Canada a Haven for UFO's?".

I think you misunderstood "language neutral"

[fizbin]

A language neutral course like, say, Information Extraction, is not without implementation - the students still have several projects to implement and can't merely do pencil-and-paper work. However, the focus is not on which language is used, but rather on what the results of the program are. In other words, the implementation is not critiqued or dealt with in the course except in terms of the external results.

For example, in the one graduate-level computer course I took (I was a math major; CS was just for fun), we were explicitly told by the professor to implement our projects in "whatever language you want". And we did; I was somewhat boring with my choices of C for the number crunching and perl for turning the numbers into nice summary reports, but several people used java, there was a dedicated group of matlab people, and one guy did almost everything in scheme. Supposedly, someone also implemented the first project as about 10 different interacting sh scripts and GNU expr, but I think that was just exaggerated rumor.

If the requirements for the assignments had specifically included performance, you probably would have seen less variation (at least the shell script tricks would have been out), but in this class they didn't happen to. The resulting language choice was a result of students needing to get the job done, not professorial fiat.

The point is, once you get to graduate level work, (as the grandparent post was talking about) the language itself is just a tool with which to study other aspects of computer behavior. (Unless, of course, you're explicitly studying the possibilities of computer languages themselves) Of course the university (in Canada, "university" means almost exclusively graduate work, unlike here in the US) doesn't teach C - it shouldn't really be teaching any specific language except possibly as an example of what a certain language family looks like.

I guess Mcaffee and Nortons need more programmers

[gabrieltss]

I guess our friends at Mcaffee's and Norton's need better trained virus writers so they can get more people to buy their products.

Heck all the virus's to date are trivial! I remeber the Fuck virus on the Amiga, now that was a virus! the thing killed your Hard Drive to where it ws unusble. Or even the old Morris worm.

If someone really wanted to write an unstoppable virus they would include a mutation engine in it. That way NO virus checker would stop it!

But of course this would put Mcaffee and Nortons out of business.

We need to change the Lexicon...

[Lodragandraoidh]

Hacking is a relative term.

With the cost of computers dropping and free operating systems available, hackers can hack to their heart's content without 'hacking' anyone off.

Because of the stigma attached to the word 'hacker', perhaps we need to reexamine the lexicon, and make up a new word for what we recognize as peaceful, non-intrusive exploration. Here is my go at it:

Phreaker - phone freak -

Cracker - W@rezd00dz

Hacker - mainstream meaning - person who breaks into computer systems illegally for malicious purposes (lets face it, the public perception will not go away)

Groker - take the verb 'grok', and turn it into a noun - implies the process of getting to the point where you grok something; eg. a hacker hacks until he groks what he is hacking groks ham radio; he transmits every night), or passive (he groks ham radio; but, he doesn't have an antenna up yet). Saying he is a groker would clear that up (he is a ham radio groker). Clearly 'groker' implies activity.

I think this (or something like it) would clear up the misconceptions people have.

Skilled viruses & Quarantine labs...

[bourne]

But how do we protect ourselves when people with skills start writing malware? Methinks the main advantage would be a quarantined lab environment where the dynamics of propagation could be studied.

Readers who find this idea interesting may want to read This Alien Shore by C.S. Friedman. While it's nothing relevant to current technology, it describes an interesting scenario of a well-written virus, and describes it from the point of view of both an untrained "cracker" and a schooled, skilled, & specialized "security specialist."

Languages, Schmanguages

[RobinH]

What this means is that for me - if a client asks me to program in VB, Java, etc. my answer is that I will NOT take on the job.

That's funny. Please tell these customers of yours to contact me, and I'll use whatever language they want.

In my 4 year career, I've used C, C++, Java, VB, ASP (VBScript and JavaScript), Perl, PHP, SQL, Basic, Assembly, Citect, Ladder Logic, and Flow charting (Steeplechase). Not to mention a couple other "proprietary" vendor specific languages that I can't even remember the names of.

Having done all that, let me tell you, I can write ANY task in ANY language, and I can do it modularly, with logical and meaningful data structures (or structured tag names, if user defined types are not included in the language), and maintainable (if that's a word). I can do this because my university education taught me the theory I needed to abstract every problem into concepts that could easily be implemented in any language.

The best language to teach in is whatever best suits the material of the course. For data structures, use C, for object oriented, use Modula, C++, or Java. For operating systems, use C or assembly. For automation, use ladder logic or flowcharts.

Trust me, when your customer asks you to provide a windows based user interface to display a flashing light indicating the status of your equipment, and you choose to write this in Visual C++ instead of Visual Basic, you're wasting your time. Choose whatever gets the job done fastest.

I'm just saying, don't be a one trick pony. The person who got a hammer for Christmas will see every problem as a nail.

Gee, what a surprise.

[Fantastic+Lad]

I wonder how long until this kind of lame story makes it to the headlines of Time magazine in this new and oh-so-invigorating propaganda effort against Canada. Gee, we didn't want to support Bush's illegal war effort which has turned Iraq into a cauldron of ever-deepening blood, fire and radioactive misery? --Where, *ahem* no WMDs have been found. Aww shucks. So now Bush wants to punish Canada for being a nation which doesn't want to promote death? Great. Just great.

This Mad Cow nonsense, (probably planted by some US black-ops dept.), and TIME magazine fueling ridiculous fears about Canada is complete crap. And probably will be effective crap too. It seems that many millions of Americans have been effectively programmed. (And we opened our homes to stranded US travelers during 9-11, for goodness sake!)

Anschluss, anyone? (Look it up.)

Just remember, my friends to the south. . .

Hitler bit off more than he could chew, and so will Bush. Any study of WWII and the current world situation makes it painfully clear to the observer that Hitler had no chance, and neither does Bush! --Even just in a matter of numeric strength, the odds are overwhelming. Even with the famed technology and efficiency of the Nazi military, the German fascist state was crushed into dust in less than four years, thanks to Hitler's sociopathic/delusional brain wiring which always leans heavily towards short-term gain plans which are ultimately self-destructive. You think a nation of 350 million stands a chance against a billion Russian, Chinese, Saudi, European troops troops armed with European high tech military gear? --Even after trying to 'soften' them up with SARS? Give it a rest. The US is doomed if they don't do something about their dictator, which they won't.

WWII was a trial run for events unfolding today. And the results will be the same. The end result desired by the architects of this scenario is NOT the building of an American/Nazi empire, but the destruction/meat-grinding of a few billion people. America will be toppled, but only at great cost, and Humanity will not be the winner.

You have been warned. Good luck out there, and remember; any kind of murder ALWAYS costs you in the long run. When the crunch falls in your neighborhood, be kind and rational and supportive of those weaker than you. Act with grace, dignity and courage when facing down the Beast, and you will be okay. You might still die, but death is just a doorway and our bodies are just temporary containers. 'God and Heaven' are Mind control lies designed to create stupidity and fear and poor choices. How YOU react is what matters. You are the culmination of your choices. Make good ones, because nobody is coming to forgive you and save your soul if only you 'have faith and stop asking the hard questions'.

-Fantastic Lad

--Here's a copy of the Toronto Star's reaction to TIME Magazine's attack, since the link seems to be down at the moment. (Gee. With the CIA on the swtich of the entire Internet, is this a surprise?)

DAVID OLIVE COLUMNIST
The Toronto Star

The cover of Time magazine's latest Canadian edition notes that our "nation's influence in the world is shrinking."

Inside this edition of the branch-plant magazine are 10 pages of features and columns on Canada's pint-sized military, dwindling diplomatic corps and shrinking foreign aid budget. Plus a reminder it's not too late for Canada to win a coveted prime ministerial invitation to George W. Bush's ranch in Texas by following the ennobling Aussie example of outsourcing your foreign policy to Washington.

The cover image is a map of North America in which there's a big empty space where Canada used to be. And the main headline: "Would anyone notice if Canada disappeared?"

Well, hypotheticals are tough.

What if Austria disappeared? Or Donald Rumsfeld? Or kabuki?

My own speculations run in the opposite direction.

Our school has thought this for a few years in US

This is nothing new... Portland State University has tought a virus class for several years.

It is one of the more demanding classes in cs. In past classes students have even been able to have their programs battle it out in a sandbox to see who's virus can spread faster and kill the others.

Oh and the "Little Black Book"? Yes, that is the textbook for the class. :)

The Canadians are copycats. ;)

It's like everything else.

[SatanicPuppy]

If you don't understand it, then your options in fighting it are limited. A noob running a blade cluster on a t3 line has only one option when some script kiddie takes over his system: unplugging it. Far from optimal.

We have all this "anti-virus" software, but it is completely misnamed. If you get a flu shot, it's not an anti-virus, its a pallative. A weak shield against infection, not an active agent of protection. The same goes for the software that we currently use. I want to be able to unleash righteous nastyness against the damn viruses in my system, not poke around with fricking bloated software that's always playing catch up.

Until we learn to beat them at their own game, then it will BE their game.

Just my opinion.

REally evil viruses

[CandyMan]

You haven't seen a really evil virus.

Except, maybe, for the Chernobyl that trashed my motherboard (and a couple of friends' and coworkers') back when.

Course Link

[Q+Who]

CPSC 599.48, Computer Viruses and Malware.

C'est tr�s gai

Macintosh, feel the word sliding over your lips. Do you feel the rhythm, sure you do. It's definitely gay.

Safari, feel the word sliding over your lips. Do you feel the rhythm, sure you do. It's definitely gay.

IPod, feel the word sliding over your lips. Do you feel the rhythm, sure you do. It's definitely gay.

Gay, feel the word sliding over your lips. Do you feel the rhythm, sure you do. It's definitely Apple.

trade school my ass

> Teaching C, Java, PERL, whatever is the job of a trade school, or at most a community college. Teaching computer science is the job of a university.

wrong again. damn this persistent mentality of ivory tower academics with no concept of the industry. proficiency/fluency with any one programming language can take YEARS of experience precisely because no one is willing to take the time to condense knowledge learned from trial-and-error experience into courseware. programming is the same as any other art; think 4 months of jiu jitsu makes you proficient in martial arts? theory helps underscore knowledge and appreciate the history of its creation, but does little for anyone with a user-end application to write and a deadline to meet.

did you chew first before the compsci academic circles fed you this tripe, or did you just swallow it whole because you were a naive undergrad with no social interaction experience and didn't know any better?

Re:AWWWW YEAH HAY DOOD L@@K HERE

[nametaken]

Actually, it's "1337, 1337, 1337 - 1337".

Wait... I think we're admitting something terrible here.

Re: i can just see the film...

[nametaken]

His name will either be
"Linub Tervalds" or "Amanuel Goldstin"
He will be played by Leonardo DiCaprio in a pair of glasses, and they'll borrow that ridiculous VR interface from "Hackers".

H4xx0r the Gibson!