Slashdot Mirror
Everyone Is A Hacker In Training
An anonymous reader writes "Michal Zalewski was recently interviewed by O'Reilly's Onlamp. During the interview, he stated a belief that hacking is a state of mind. From the article: 'I don't think that (good) hackers have any special, hardwired mental abilities or specific personality traits, and I do believe you can easily learn to think like a hacker, even when you come from a different background.'" The interview goes on to discuss the overall need for better security in protocols and communications.
This sounds absurd. A hacker isn't a mentality, it's a set of actions. I may think like a mass murderer, but until I do it, it doesn't mean much, does it?
MacroHard - Boning you in a big way! (TM)
Hacking is a state of mind, but not in the typical sense of the word hacker. This book defines hacker as one who delights in solving problems in interesting ways, and I think *that* is a state of mind more than breaking into someone else's machine.
People use hack like they use fuck.
So are you a black-hat or white-hat fucker?
Because neither the article nor the summary make it clear, Michal Zalewski is a Polish author and hacker who has a book named Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks published by No Starch Press and sold at your favorite bookstores.
O'Reilly has an online profile of Michal:
As an enlightened, modern parent, I try to be as involved as possible in the lives of my six children. I encourage them to join team sports. I attend their teen parties with them to ensure no drinking or alcohol is on the premises. I keep a fatherly eye on the CDs they listen to and the shows they watch, the company they keep and the books they read. You could say I'm a model parent. My children have never failed to make me proud, and I can say without the slightest embellishment that I have the finest family in the USA.
Two years ago, my wife Carol and I decided that our children's education would not be complete without some grounding in modern computers. To this end, we bought our children a brand new Compaq to learn with. The kids had a lot of fun using the handful of application programs we'd bought, such as Adobe's Photoshop and Microsoft's Word, and my wife and I were pleased that our gift was received so well. Our son Peter was most entranced by the device, and became quite a pro at surfing the net. When Peter began to spend whole days on the machine, I became concerned, but Carol advised me to calm down, and that it was only a passing phase. I was content to bow to her experience as a mother, until our youngest daughter, Cindy, charged into the living room one night to blurt out: "Peter is a computer hacker!"
As you can imagine, I was amazed. A computer hacker in my own house! I began to monitor my son's habits, to make certain that Cindy wasn't just telling stories, as she is prone to doing at times.
After a few days of investigation, and some research into computer hacking, I confronted Peter with the evidence. I'm afraid to say, this was the only time I have ever been truly disappointed in one of my children. We raised them to be honest and to have integrity, and Peter betrayed the principles we tried to encourage in him, when he refused point blank to admit to his activities. His denials continued for hours, and in the end, I was left with no choice but to ban him from using the computer until he is old enough to be responsible for his actions.
After going through this ordeal with my own family, I was left pondering how I could best help others in similar situations. I'd gained a lot of knowledge over those few days regarding hackers. It's only right that I provide that information to other parents, in the hope that they will be able to tell if their children are being drawn into the world of hacking. Perhaps other parents will be able to steer their sons back onto the straight and narrow before extreme measures need to be employed.
To this end, I have decided to publish the top ten signs that your son is a hacker. I advise any parents to read this list carefully and if their son matches the profile, they should take action. A smart parent will first try to reason with their son, before resorting to groundings, or even spanking. I pride myself that I have never had to spank a child, and I hope this guide will help other parents to put a halt to their son's misbehaviour before a spanking becomes necessary.
1. Has your son asked you to change ISPs?
Most American families use trusted and responsible Internet Service Providers, such as AOL. These providers have a strict "No Hacking" policy, and take careful measures to ensure that your internet experience is enjoyable, educational and above all legal. If your child is becoming a hacker, one of his first steps will be to request a change to a more hacker friendly provider.
I would advise all parents to refuse this request. One of the reasons your son is interested in switching providers is to get away from AOL's child safety filter. This filter is vital to any parent who wants his son to enjoy the internet without the endangering him through exposure to "adult" content. It is best to stick with the protection AOL provides, rather than using a home-based solution. If your son is becoming a hacker, he will be able to circumvent any home-based measures with surprising ease, using information gleaned from variou
Quoting from Wikipedia:-
"The Manifesto states that hackers choose to hack because it is a way for them to learn, because they are frustrated and bored in school. It also expresses the satori of a hacker realizing his potential in the realm of computers."
95% of all sigs are made up.
There is no skill involved in hitting things, just as there is no skill involved in running a "script". However even with a script and a punch you can still bring harm.
With training you can learn how and where to hit someone to inflict pain, debilitate them, or kill them. Just like anyone with an iota of programming knowledge can shutdown a server, destroy the data on it, or bring down entire networks.
Like martial arts, thankfully those that do know how to kill someone with their hands and those that do know how to do malicious things with a computer, do not do them. Anyone can write a virus, and knowing programming I know that you could make a very nasty virus to do very nasty things.
But that doesn't happen. Usually what happens is those who might know the tools of the trade or a few moves don't have the discipline. They lack the ability to know that "you can" is different than "you should".
However, there is no kung-fu quality of knowing how to "hack". There is a quality to knowing how a computer works, how they can be exploited, and how they can be repaired. It's the knowledge of computers that will get a person to a point in which they can contribute to the community, sometimes make money, and sometimes just get noticed.
Then there's the smeg-heads who are the l33tz0r hax0rts d00dz that ... don't get it.
Ignore the "p2p is theft" trolls, they're just uninformed
I agree that it's not always something specifically mental in that some people simply can do it and some simply can't (but some do have more natural talent). I disagree about personality traits.
I think good hackers tend to be obessive about what they hack - meaning that they eat, drink, and sleep the subject they are good at hacking at.
A lot of people these days tend to try to learn (too) many things and turn out to be more of a jack of all trades than an expert in a single subject (thinking of all those programmers who have to learn a new language everyother week) or simply can't concentrate on any one thing for longer than 5 minutes at a time.
This is my issue with college - many of which try to teach a wide variety of subject to a student that really only wants a specific degree (say in Math or Science related) - studies have shown that people tend to remember less than 15-20% of what they learned in school/college several years after attending so why force something that will only be forgotten later for lack of interest?
Genius - 1% inspiration, 99% perspiration. Morale: Prize Intensity over Extensity.
A genius that probably can't be replicated in everybody is a renaissance man who can excel in multiple non-related subjects - like Leonardo Davinci. But that still took some type of concentrated obsession.
From what I understand, a good "hacker" in the sense that he uses the word should probably be:
- Attentive to detail.
- Patient.
Finding bugs in software requires a lot of patience and attention to detail because often times you have to manipulate time and memory to get what you want..over and over and over again.
That said, FINDING bugs is tricky. Using or modifiying a POC off of bugtraq is not so hard.
I think hacking really is a thirst for knowledge. Since the advent of the internet search engine, anyone can now freely research a topic. Why should hacking be limited to computers?
It is easier for someone to become a bad hacker these days. I think what divides the good from the bad is the fear of being caught, perhaps the good hackers know that the log file is forever watching.
In the true sense of hacker, someone sitting in front of a computer all waking hours does not have to be producing anything of worth.
Why UNIX?
Hacking is an art.... You don't just wake up one morning calling yourself a hacker. It takes years upon years to even learn the necessary skills. And "hacker" is a word that other people call you after you have proven yourself knowledgible in certain areas.
Not everyone can have the title hacker, its a name that you earn because you are very good in your line of work, not because your a wannabee and want to be called a cool name. Of course they all start out as wannabees anyway, but many never go through with their quest for knowledge and understanding.
And for you media-freaks out there, hacker does not mean breaking into another person/business's computer unauthorized, that would be a cracker. The media has tainted the word into something unwanted and looked down upon when it really means something very good (who doesnt like the quest for knowledge?).
I can see what means, but as always, it comes out wrong.
I know for a fact there are (intelligent) people that no matter HOW hard they try, they cannot program - it is just literally impossible for them, they just cannot grasp the concept. Maybe this is to do with the way some people's mind works or not, I don't know, but it has something to do with it.
Now to the 'hacker' bit. Anybody that can/does understand programming/concept is only one step away from being a 'hacker' (not a _cracker_ !). It is the next step after learning the base, and 'hacking' is the logical next step to learn more.
But as I said, not everybody has the ability, willing or unwillingly.
I used to be a self-proclaimed hacker. Key word being 'used'.
I can't remember when it started, but the word 'hacker' has changed its meaning. It used to mean someone who 'thinks outsid eof the box' - solves problems in a new way. It used to mean someone who would improve things by writing their own code/making their own hardware. Crackers used to be people who would 'crack' security codes etc. to illegally gain access to a computer.
Somehow 'hacker' is now a synonym for cracker. I propose 'hacker' is rostored to its former glory and a new word is instated to mean cracker; 'h4x0r' or 'script kiddy (or 'skiddy' for short)'.
It would certainly make things simpler.
Care and Feeding of your Hacker
The following list is an attempt to cover some of the issues that will invariably come up when people without previous experience of the hacker community try to hire a hacker. This FAQ is intended for free distribution, and may be copied as desired. It is in an early revision. If you wish to modify the FAQ, or distribute it for publication, please contact the author. The author is seebs@plethora.net. The official distribution site (as of revision 0.05) is "http://www.plethora.net/~seebs/faqs/hacker.html".
DISCLAIMER: The author is a hacker. Bias is inevitable.
This document is copyright 1995, 1996, 1998, 1999 Peter Seebach. Unaltered distribution is permitted.
Revision 0.05 - Last modified September 28, 1999
Questions and Answers:
Section 0: Basic understanding.
0.0: Won't my hacker break into my computer and steal my trade secrets?
No. Hackers aren't, contrary to media reporting, the people who break into computers. Those are crackers. Hackers are people who enjoy playing with computers. Your hacker may occasionally circumvent security measures, but this is not malicious; she just does it when the security is in her way, or because she's curious.
0.1: Was it a good idea to hire a hacker?
It depends on the job. A hacker can be dramatically more effective than a non-hacker at a job, or dramatically less effective. Jobs where hackers are particularly good are:
* Systems administration
* Programming
* Design
Jobs where hackers are particularly bad are:
* Data entry
More generally, a job that requires fast and unexpected changes, significant skill, and is not very repetitive will be one a hacker will excel at. Repetitive, simple jobs are a waste of a good hacker, and will make your hacker bored and frustrated. No one works well bored and frustrated.
The good news is, if you get a hacker on something he particularly likes, you will frequently see performance on the order of five to ten times what a "normal" worker would produce. This is not consistent, and you shouldn't expect to see it all the time, but it will happen. This is most visible on particularly difficult tasks.
0.2: How should I manage my hacker?
The same way you herd cats. It can be a bit confusing; they're not like most other workers. Don't worry! Your hacker is likely to be willing to suggest answers to problems, if asked. Most hackers are nearly self-managing.
0.3: Wait, you just said "10 times", didn't you? You're not serious, right?
Actually, I said "ten times". And yes, I am serious; a hacker on a roll may be able to produce, in a period of a few months, something that a small development group (say, 7-8 people) would have a hard time getting together over a year. He also may not. Your mileage will vary.
IBM used to report that certain programmers might be as much as 100 times as productive as other workers, or more. This kind of thing happens.
0.4: I don't understand this at all. This is confusing. Is there a book on this?
Not yet. In the meantime, check out The New Hacker's Dictionary (references below; also known as "the jargon file"), in particular some of the appendices. The entire work is full of clarifications and details of how hackers think.
Section 1: Social issues
1.0: My hacker doesn't fit in well with our corporate society. She seems to do her work well, but she's not really making many friends.
This is common. Your hacker may not have found any people aro
What makes you think that because you did something first means your efforts were any more sincere, valid, or superior to the efforts of the mainstream?
We had candles before we had lightbulbs, but I see you've hopped on the Electricity Bandwagon with the rest of us. Tool.
(For a contrasting point of view, see Paul Graham's essay on Great Hackers.)
I'm inclined to agree that hacking is a state of mind. But it seems that only a certain kind of temperment is drawn to cultivate that state of mind. In practical terms, therefore, personality matters greatly.
From long observation, I would have to say that most people don't know -- and don't want to know -- how things work. In fact, many people have developed quite elaborate defenses against knowing, strange though it may seem to the hacker mind. These people will claim that they don't have time, or that it's risky, or that it's more cost-effective to pay someone else, or that they don't see why it all has to be so hard, et cetera. Hackers seem notably disinclined to raise such objections.
I'm not sure that hackers, as a group, are naturally drawn to rigor and formalism any more than the general population, but most of them seem at least willing to go there if the situation calls for it. Hackers might prefer to immediately start prying the covers off stuff, but if that doesn't work, the more committed ones tend to have no problem reading manuals, circuit diagrams, or assembler code if that's what it takes.
Hackers seem to be well represented by the Myers-Briggs INTJ and INTP personality types. On the other hand, this combination (introverted, intuitive, thinker) is rare in the general population. Most people wouldn't dream of taking the covers off a new piece of gear. To them, it would be far safer not to know than to risk voiding the warranty.
My point is that neither position is objectively more correct than the other. It's a question of what you subjectively value. So yes, I suppose that anyone could, in principle, learn to think like a hacker. After all, it's not like there's any secret to what's involved. And we live in a highly technological era, where it would seem to make excellent sense to cultivate that way of thinking. But I don't see it happening.
Parity: What to do when the weekend comes.
That's pretty much what Mr. Zalewski said. He specified that a hacker was a "skillful, passionate enthusiast" as opposed to someone who approached what they did as simply "just a job." Of course, he's speaking in the context of computers, but i doubt he'd be offended if that term was stretched into other areas of study/work. That's just my two cents.
(i didn't have a good referral link to put here, so i'll just leave this)
Even though he states that (good) hackers have any special, hardwired mental abilities, I disagree.
From the article: What I wanted to achieve is to show how to think creatively and see problems that go beyond textbook examples
This is exactly what I've always thought good hacking was all about - creative problem solving. I agree that good hackers go beyond a textbook or class work in order to solve problems, but I also think this is an ability that some have and others just don't. Good problem solvers can be found way beyond IT. It's the same as people that are considered good "handymen", for lack of a better term. Give them a problem, be it move some heavy furniture or fix something that's broken and they'll come up with a creative solution, even though it initially looked impossible to solve. I'll even bet that some hackers are considered good "handymen" around their neighborhood.
I've noticed for a while that the term "hacker" is generally considered a vague, legendary and elusive title which supposedly only a very few godlike souls are ever able to attain or become worthy of. ESR seems to have led the charge in perpetuating this pretentious tripe, but it is a belief which sadly a great many people seem to be afflicted with.
How do I define a hacker myself? Someone who:-
(a) Has sufficient knowledge of a particular system/topic (and although use of the term normally applies to computer related areas, it has been colloquially lent to other fields) that they are able to employ a degree of intuition when solving problems in said area.
(b) Performs said problem solving in an improvisatory, rather than formal, manner.
(c) Has a tendency to develop solutions to problems which involve surrealistic associations. By that I mean that their solutions will involve combining objects, ideas, or processes which would not ordinarily go together.
Contrary to the common belief, this doesn't require being a god, either. It generally doesn't require too much more than at least a basic level of intelligence and familiarity with the area in question. So given that, yes, pretty much anyone who has any level of proficiency in anything could call themselves a hacker if they wished to do so.
ESR's claim of, "you're not a hacker until somebody else calls you one," implies to me that *he* anyway is somebody who forms his self-perception on the basis of other people's assessments...a rather questionable idea, to my mind.
I knew a guy who was arrested and sentanced to jail for one month, and 3 years probation, because he hacked into the school's library stystem. Why did he do it? Because the library had a start screen where the user could only access the card catalog over the internet, nothing else.
That's in part how I got into computers. That was when Rad Shack came out with the Trash, TRS80. The library at my school had terminals hooked up to the mainframe for the county's schools. With it students could search for colleges based on different criteria and that's all they were supposed to be used for. But a few of us figured out how to get out of the search program and were able to explore the system. Then I met some students from other high schools that were doing the same and we were able to come up with a way to chat with each other. Between this and programming in Basic on the Trash80 made me decide to major in Computer Engineering in college, it was between CE and Marine Science/Biology. I would of loved it if I could have combined the two somehow though.
And what about all the script kiddies? The ones who have no brains but found a place to download some tool to hack with? What should be done with them? If a script kidde uses a tool a hacker programmed, and that script kidde causes damage, who is responsible? Should the hacker be arrested for releasing the tool?
If anyone it's the script kiddies the authorities need to crack down on.
In my opinion, a hacker is a derogatory term. They are people who have little respect for others rights.
Falling for the mass media's distortion of what a hacker is. With how reporters use the words "hack" and "hacker" I wonder how they would like it if people started calling them hacks, which back in the early 1900s writers and reporters were called. I tell you if you really want to know what a computer hacker is you need to read Steve Levy's Hackers: Heroes of the Computer Revolution
Here's an excert from an interview with Richard Stallman:
DB: Is this what might be meant by the phrase the "Hacker Ethic?"
RS: Somewhat. Indeed, the hacker ethic, I should explain first of all who hackers are. In 1971 when I joined the staff of the MIT Artificial Intelligence lab, all of us who helped develop the operating system software, we called ourselves hackers. We were not breaking any laws, at least not in doing the hacking we were paid to do. We were developing software and we were having fun. Hacking refers to the spirit of fun in which we were developing software. The hacker ethic refers to the feelings of right and wrong, to the ethical ideas this community of people had -- that knowledge should be shared with other people who can benefit from it, and that important resources should be utilized rather than wasted. Back in those days computers were quite scarce, and one thing about our computer was it would execute about a third-of-a-million instructions every second, and it would do so whether there was any need to do so or not. If no one used these instructions, they would be wasted. So to have an administrator say, "well you people can use a computer and all the rest of you can't," means that if none of those officially authorized people wanted to use the machine that second, it would go to waste. For many hours every morning it would mostly go to waste. So we decided that was a shame. Anyone should be able to use it who could make use of it, rather than just throwing it away. In general we did not tolerate bureaucratic obstructionism. We felt, "this computer is here, it was bought by the public, it is here to advance human knowledge and do whatever is constructive and useful." So we felt it was better to let anyone at all use it -- to learn about programming, or do any other kind of work other than commercial activity.
FalconShould there be a Law?