h2g2 The Hitchhiker's Guide to the Galaxy: Earth Edition

simulpost, I agree with the theory of action above knolage.

-- DoctorMO --

I'm a little confused what you're trying to say. If you mean isn't telling people how things work against the ethic, no it's not. Maybe I'm as guilty of co-opting the term hacker as the media are but for me hacking is about disseminating and using knowledge, just like Engineering is.

If I've got my etimolegy right, then trying to get the knollege by brute force, is what it's all about, then if your spreding it about this is comunication and if you think it's a way of life, you might as well say that I'm a rider because I ride a bike, a liver because I live and a psysedoer because I'm like that. there not ways of life. were it's evolved that way may be an interesting point. but how can I class myself as a hacker when my understanding tells me I'm a hacker for 20% of my life and a sleeper for 40%?

-- DoctorMO --

I think you must have misread my post, for nowhere in it did I mention 'damage'. By 'break into a computer system' I mean 'gain unauthorised access to a computer system'. That is, obtaining priveleges on the system that you would not normally have access to.

The content of phrack and 2600 is all about obtaining such unauthorised priveleges on computer systems, that is 'breaking into computer systems'. And, they are described as hacker magazines.

So therefore it is acceptable to apply the word hacker to someone who obtains unauthorised priveleges on computer systems, i.e. someone who 'breaks into computer systems'.

I don't know how else I can put it, and I don't see why you can't understand that application of logic.

Hmm, I spelt privileges wrong all the way through that post. Please mentally replace the first 'e' with an 'i'.

I don't think brute force is part of the ethic, per se...

I'm not saying it's a _way_ of life but hacking is a quest for knowledge. For me that quest is life-long. I know some things that can be utilised in bad ways. But my code of ethics prevents me from doing bad things with it because I think that's wrong.

Ah you see I thought the quest for knollege was just what you called life, and how you got it was hacking or being a swat. thats one reason why I can not class myself, I do both. and many people do. as for ethics, this is an interesting relm, one of which I study as a social philosipher. is it a code of conduct or ethics?

-- DoctorMO --

computer hacker == someone who knows all about how computers work
That doesn't imply gaining unauthorised acces to a computer system.

The content of 2600 is not _all_ about obtaining unauthorised priveledges on computer systems. You also didn't answer whether you have read the magazine or not. Are you making assumptions about the content or do you actually know what it is?

2600 does have a slant towards security and circumvention but it's not about breaking into computer systems, it's about knowing how to make a computer system do something.

I've flicked through one once. Okay, so there were some philosophical type articles about free speech and what not. And comments on legal issues that might stop people from figuring out how to break into computer systems or software. But apart from that, it's the same type of hacker magazine as Phrack. Which is all about gaining unauthorised access to computer systems.

I think you have it backwards - you need to know about how computer systems work to figure out how to break into them.

It sounds to me like you've already formed an immutable opinion of hackers and you're justifying your position. You dismissively comment that "there were some philosophical type articles about free speech and what not" and that "apart from that, it's the same type of hacker magazine as Phrack". I haven't read Phrack so I can't judge it but it's those "philosophical type articles and what not" that are the important part of 2600. Did you read them or just skim over them?

Yes 2600 contains knowledge and educational-type articles. Yes much of that knowledge _can_ be used for "bad" purposes. That does not mean that it can _only_ be used for "bad" purposes. Does that make it wrong to distribute?

The definition of a hacker according to Berkeley is that you have knowledge - what you do with that knowledge is irrelevant to that definition.

I know a few system administrators - most of them read 2600 in their spare time because it gives them knowledge about securing their systems against attacks. An explanation of how the exploit is achieved is key to repairing it. If you asked them if they were a hacker they would probably say now - because of the stigma attached to the term. Ask them if they seek knowledge about the security of their computer systems and I bet they would say yes. I'm doing what I can to fight the stigma because it's based on misinformation and the actions of individuals who call themselves hackers but aren't.

I think you've made a bad assumption - that breaking into computer systems is a hacker's primary motivation for learning how computers work. That was / is certainly not my motivation for learning how computers work.

Typo: If you asked them if they were a hacker they would probably say _no_

I did not claim that it is 'wrong' to distribute the magazine. Nor did I say that breaking into computer systems is 'bad'. It almost seems like you are arguing about something completely different here.

Hacker magazines like Phrack tend to write from the perspective of attack, not defence. That is, they tend to write from the perspective of someone trying to break into a computer system, rather than someone trying to protect from such attacks. From that, I think it would be unreasonable to suggest that a hacker is primarily someone who tries to defend against such attacks. The style of such magazines implies that a hacker is someone who actively tries to break into computer systems.

That's all I'm saying. I'm not judging it right or wrong. Just trying to enlighten you as to why hacker is defined like that to everyone but a small minority.

I apologise - my "distributing" comment wasn't clear. I was not referring to distributing the magazine, I was referring to distributing the knowledge.

Many security mailing lists also write from the perspective of attack because that's the easiest way to see how the defense works. Well written articles address both attack and defense. Many of the articles on 2600 do address both.

People that think hackers break into systems usually think that because they are on the outside looking in. It's hard to judge a culture unless you've grown up with it or immersed yourself in it.

To get back to the original point I was making, you said:
Using the word 'hacker' to describe people who break into computer systems is a perfectly legitimate use of the word.

I disagree. Hackers and people who break into computer systems are two groups. Neither is a subgroup of the other. In a Venn Diagram you would have hackers and people who break into computer systems overlapping but neither completely within the other. Thus, it is not fair to describe people who break into computer systems as "hackers" because that's not necessarily true.

Ok, I can see what you're getting at with your Venn diagram thing. But if that is true, why aren't self-proclaimed 'hacker magazines' also including interesting articles on, say, artifical intelligence advances. Or low-level database algorithms. Or games programming. Or other similar topics.

All of these would seem to fit the definition of making a computer system do something using in-depth knowledge of that system. And indeed, articles such as those would satisfy the quest for (computer) knowledge.

But the majority of articles I see in hacker magazines are about methods of gaining unauthorised access to computer systems. It is then not surprising that the word hacker has come to be associated with such things?

I think what happened is someone at some point said "You can't do that, you can't learn that, you can't publish that." and it was taken as a challenge. When people feel repressed or denegrated, they fight back - sometimes it's subtle and sometimes it's not. Taking away the freedom to know something is a form of repression.

Nobody is going to try to quash your right to publish an artificial intelligence code snippet, nor a database algorithm, nor a snippet of game code. People have tried to quash your right to hyperlink to a computer program (DeCSS, specifically, which the MPAA claims is used for copying movies - anyone familiar with DVDs will tell you that decrypting a DVD doesn't assist you with copying it). 2600 recently fought a legal battle with Ford Motor Company over the domain name f**kgeneralmotors.com - they pointed the domain to www.ford.com so Ford sued. 2600 won, as I think they should have. The domain name is 2600's to point wherever they please and if Ford didn't like the redirect they should have just blocked their server from serving pages on that domain.

That's why I say the philosophy of hacking is more important than the mechanics in 2600. Most of the people who adopt the hacker ethic tend to be free thinkers - the freedom to know things and to choose right from wrong is very important to them - to us. If I could magically correct the usage of the word "hacker" right now, I would change it so that the media used the term "malicious security hacker".

If you want a good example of what I mean, the following is clipped from the 2600 store. It's very much tongue in cheek about the American Administration's current policies:

Orange Package (High Risk)
People like you have always been considered high risk. It's because you don't watch enough television and you read entirely too much. And when the authorities catch wind of the kind of material you like to read, you will be forever Orange in their eyes. You will get 103 individual back issues of 2600 (are you as surprised as we are that there are so many?) plus every issue that we put out in the future - assuming we still HAVE a future after poking fun at the Homeland Security system. We had a run on the HIGH RISK H2K2 badges so we don't have any of those to give you. But we will include a LOW RISK, GUARDED RISK, *and* ELEVATED RISK badge to make up for it. (Mathematically, low+guarded+elevated=high.)

This package is only available in the United States.

So basically what you are saying is that hackers are pissed off that their freedom (their right ..!) to know what is on someone else's private computer system has been taken away by people implementing security measures, so they try to get around such security measures?

That sounds totally ridiculous. It's like "information wants to be free" .. nonsense! I think what self-proclaimed 'hackers' need to learn is that they don't have a fundamental right to know everything about everything. Some things are just private, and they should respect that.

Then they get surprised that the media demonises them. Well, obviously. Freedom of information / repression of the ability to access such information is based on nothing more than common courtesy for others. If they can't respect other people's stuff, why should people respect them?

It's like that Randal Schwartz guy cracking passwords at Intel and then thinking it odd that they get the law on to him for such an intrusion. If he had respect for the computer space of others, he wouldn't have got himself into that mess.

(I know the password hashes in /etc/passwd used to be publically readable before password shadowing was introduced, but there is a huge difference between "cat /etc/passwd" and "crack /etc/passwd")

I think you got the wrong en of the stick, people want to repress people from knowing to much about how a computer works, it is a powerfull tool and dangerous even from people who know only a little. if you know how to work a computer in any way you want, people get paranoid because they can't trst anyone. so it then becomes the old state against the minorty hitch and people who were hackers become crackers just to see if they can do it, and to prove that the state isn't holding them back.

I can't crack nufin, and there is a very good reason, I don't want to. I don't care if someone has a secure server or that there security is the best yet. I'm more interested in how programs work, algorithems and media compresion. it means I have to do some pritty funky stuf with disassemblers, but I learn alot.

-- DoctorMO --

Who is repressing you ..?

"So basically what you are saying is that hackers are pissed off that their freedom (their right ..!) to know what is on someone else's private computer system has been taken away by people implementing security measures, so they try to get around such security measures?"

Yes, what you said does sound ridiculous. You're extrapolating incorrectly and you've put words in my mouth.

That's not what I'm saying at all. This isn't about freedom to know about other people's private computer systems - most hackers couldn't care less. Our freedom isn't being taken away by the people implementing the security measures; this isn't the freedom most hackers care about. This is about freedom of learning. This is about knowing about computers and the security measures themselves. I don't care about what's on someone else's computer. I care about making sure the things on my computer are safe. This is partly a reaction to the security through obscurity model that plagues software shops around the world. The idea that if a security flaw is kept quiet then it isn't a problem is completely bogus.

If the password database is crackable, wouldn't you want to know about it? And how about knowing how to protect your password database? Now what if someone restricted your right to test this security model for flaws? That is what the articles in 2600 are about. I don't care about your password! Do I care that your password is _secure_? Of course I do. I want passwords to be secure, so why should we have to believe the company that wrote the algorithm that the passwords are secure. The first step to fixing a problem is to know about it.

I have no idea what Schwartz's motives were. If he is a hacker, I have no doubt he'd be surprised that the law was brought into it - if he was doing it to prove it could be done and didn't really care about the passwords in the file, why would he be thinking about it? If he did it because he wanted the passwords, that's not hacking.

Nobody is currently repressing me. The American Government and big media are repressing the hacker community in many places, though. The DeCSS trial was a farce. The charges against Skylarov were a farce. Locking up Kevin Mitnick for five years was a farce. Now they're trying to prosecute the kid that wrote DeCSS. He was fifteen when he wrote DeCSS; now he's 18 and over the age of legal responsibility. He wrote the program so he could watch the DVDs HE owns on HIS Linux computer. And now he might go to jail for it. This is the kind of crap that hackers are fighting against.