h2g2 The Hitchhiker's Guide to the Galaxy: Earth Edition

Disassembling most programs is against the terms of the contract you "sign" when you use the software for the first time. That makes it borderline illegal. EULAs have never been tested in court.

Should you have a right to disassemble software you've purchased to see how it works?

Personally I don't break into servers or anything like that.

Now if I've purchased a cable modem and it doesn't work with my firewall / router, why is there a problem with me hacking it to see if I can get it working? Why can't I hack my cell phone to fix a software glitch that's rendered it inoperable instead of paying the manufacturer $50 to fix it? I'm perfectly willing to accept a broken phone as a consequence.

So if I succeed is there any reason I should not be able to tell other people how I achieved these things? "If you do x to your cable modem, you can change the configuration." If you can change the configuration of your cable modem, it's possible to do all sorts of nasty things to it that will interfere with other people's service. Does that mean nobody should know how to change a cable modem's configuration unless they work for a relevant support company?

Do you see more clearly where I'm coming from now? I don't want the freedom to look at private information - I want the freedom to find out if it's _possible_ to look at private information. Then maybe I can help fix the problem.

this is exactly the attitude behind a lot of linux development. taking email as an example, when people sent text email, the standard programs were fine.

when they started saying "read the attachment" which was either .doc or .xls, then you had to have stuff so you could see the content.

as (in this case microsoft) decided to make the format not only hidden, but a moving target as well, the only way to keep up is to crack the code, so you can see what the format is, and then write something to read the format.

this is often technically illegal.

it gets even worse when you start talking about hardware. taking winmodems as the worst example, they pin non-disclosure aggreements on developers, because they are all basically using the same hardware in slightly different ways, make half of it into software to make it cheap, and then only provide drivers for windows. this means again that you have to disassemble the code to figure out how to use the hardware that you legally own.

this is often blatantly illegal, but is almost never prosecuted.

an example from security can be seen in one of the linux magazines a few months ago. they included detailed instructions on how to use various hacking tools (password detectors, port scanners, packet sniffers, and other similar software) and included the software on their cd. however their was no way they could adequetly cover the methods of protection against these tools without giving you these tools to see if you had implimented that protection right.

parts of the british and american government want to ban these tools outright, which would result in no change for the cracker, but would seriously disadvantage the hacker and system administrator who have to keep their systems safe.

This is interesting, what you are saying now seems to coincide with the common definition of 'hacker' that I was pointing out earlier.

"Now what if someone restricted your right to test this security model for flaws ... this is about knowing about computers and the security measures themselves ..."

- which is exactly what a was talking about earlier; the common definition of a hacker is someone who tries to gain unauthorised privileges on computer systems. To do that requires knowledge of the computers' security measures.

Whether you are 'testing' the security model or executing a real-world attack on it, doesn't matter. If you do such a thing, you are a hacker.

Your definition of whether Schwartz is a hacker or not seems bizarre. If he wanted the passwords then he isn't a hacker, but if he didn't want the passwords then he is? The whole point of running crack on a password file is to try to discern the passwords from the hashes. The fact that he carried out an action that breaks a security measure on the computer (converting hashes to plain test passwords) defines him as a hacker.

"Now if I've purchased a cable modem and it doesn't work with my firewall / router, why is there a problem with me hacking it to see if I can get it working? .. etc .."

You're misjudging me again. I am not talking about 'right' or 'wrong' here. Just the definition of the word.

A 'hacker', as defined by everyone but a handful of geeks who have unsuccessfully attempted to overgeneralise the word, refers to someone who attempts to break security measures on computer systems. To put it in other words; gain unauthorised access to them or on them, or escalate the privileges normally assigned to them to something higher. The verb 'to hack' is the process of doing this.

Also, I would define a 'cracker' as someone who disassembles and patches software in order to remove serial number or other protections. Unless one is referring to software, in which case a 'crack' is the program that does such a thing. As a special case, a 'password cracker' is a program that systematically attempts to determine plain text passwords from their encrypted counterparts.

Ah I see, so what does this make me? an engeneer? I neither get into computer systems or take or modify software in any way to make it more accesable, yet I'd still like to know how certain things are done, so much is hidden, so big buisness can charge you money for it. If you were charged 10p every time you used the word hello, would you starts saying d'day mate? or inventing somthing better?

I say yes.

-- DoctorMO --

"the common definition of a hacker is someone who tries to gain unauthorised priveleges on computer systems. To do that requires knowledge of the computers' security measures."

First of all, you're mixing up cause and effect. Cause: I want to know how this security model works. Effect: I have to see what is allowable or not allowable by the security model. Second of all, hacking isn't just about computer security. You can hack a piece of computer hardware to make it behave how you want it to (and not necessarily how the designer intended) without security systems ever being involved. Hacking is not exclusively about security. Why is this so difficult to accept? Security is a convenient example in most cases because it is one of the most common forms of hacking but it is most definitely not exclusive. People have hacked the Dreamcast game platform into a Linux based web server - people have hacked Commodore 64s and Apple IIs into Internet capable machines. Somebody hacked an iMac into a 21" monitor.

"The whole point of running crack on a password file is to try to discern the passwords from the hashes ... (converting hashes to plain test [sic] passwords)..."

The whole idea of a hash is that you can't unhash. A hash is a one way function. You can't convert hashes to plain text passwords, you would have to convert the plain text to a hash and compare the two. The difference is symantic but it makes it look like you don't know that much about what we're discussing.

"I am not talking about 'right' or 'wrong' here."

I'm not necessarily talking about right or wrong either, I'm trying to illustrate the difference between your definition of hacking and the Berkeley definition of hacking. Reprogramming a cable modem doesn't actually require you to break a security measure. By your definition, changing the cable modem's configuration is then not hacking. What I'm saying is you're trying to apply a definition of "hacker" that is far too narrow. Look at that Berkeley document, if you haven't. Berkeley is where the term originated.

"...by everyone but a handful of geeks who have unsuccessfully attempted to overgeneralise the word..."

This "handful of geeks" came up with the term. They never did anything to try to overgeneralise it, they are attempting to correct the overly specific misapplication of the term that's so common. Just because a lot of people believe something doesn't mean it's right. Everyone knew the world was flat, a few hundred years ago...

"First of all, you're mixing up cause and effect."

I don't think I implied a cause and effect as such - the two statements imply each other.

"Second of all, hacking isn't just about computer security. [...] Somebody hacked an iMac into a 21" monitor."

I disagree with your usages of the word 'hack' there. Too general again. Similar examples in the same vein might include, "I hacked that pile of bricks and mortar into a house" or "he hacked that box of nails and that battery into a bomb" or "she hacked that ball of wool into a knitted jumper." That just doesn't fit in with common usage of the word.

"... The difference is symantic [sic] but it makes it look like you don't know that much about what we're discussing."

You are being overly pedantic about the hashing thing. A password cracker does indeed convert password hashes into plain text passwords. You put the hashes in, and hopefully, within time, get plain text passwords out. I did not elaborate on the method, but I am well aware that it applies the hash function to many different plain text inputs (the order of which is usually chosen statistically using dictionary files, letter frequency probabilities and suchlike) until it finds a hash that matches.

"I'm not necessarily talking about right or wrong either, I'm trying to illustrate the difference between your definition of hacking and the Berkeley definition of hacking."

It is not just my definition of hacking. It is the popular definition of hacking as used by most people, never mind what some guys at Berkeley think.

"Just because a lot of people believe something doesn't mean it's right. Everyone knew the world was flat, a few hundred years ago..."

Your example is misplaced. The context here is language. Meaning of words is defined by common consensus. If the majority of people think that a word has a certain definition, then it is 'right'. I have no qualms with your jargonish use of the word 'hack' with those who also consider that jargon to be a reasonable usage.

It's just that when you complain about the majority of people having the definition of the word incorrect, it seems to me there is something fundamentally wrong with your reasoning there. Try to focus on what most people already understand by the word, not your cliquey definition .. and it will all make sense.

According to the original definition of a hacker, hacking a ball of wool into a knitted jumper would be fine, so long as the jumper was exactly what was intended and the execution was brilliant. Performing such an act would make you a wool or knitting hacker. Using the term hacker on its own implies computer hacker, since those are the people who most commonly call themselves hackers.

I don't care about what other people think a hacker is - I choose to use the word as it was originally defined. I also go out of my way to educate people about where the word came from and why I think their usage of the term to describe computer criminals is wrong. We have a word for that. "Criminal".

A knitting hacker ..!

Even under the common definition of the word 'hacker', I agree with you that it is not equivalent to 'computer criminal'. Some hackers may be computer criminals - but only if the breach of security they are carrying out is unlawful.

, wow you guys agree, now I agree about the haking a ball of wool, but like he says, only if the ball was the intended shape and design at which point, knowing about how to change it would make you a hacker, but scince the whole point of wool is to knit it into another shape this rather drains the point somewhat.

-- DoctorMO --

Well I don't think we disagreed on much in the end ..

It was definitely slight disagreement but I think we've agreed to disagree on that point.

I can't even see that, I've reread, and it looks like you both have come in a bit. but agree on most of it. just the buisness about lanuage get everybody biggled. is it turnip or sweed, or is one a flavour of the other?

-- DoctorMO --

Not sure about that one (though I should be, my dad is a greengrocer!)
Is one of them smaller or something?

Sweed? Never heard of it. Maybe we don't call them that in Canada...

"just the buisness about lanuage get everybody biggled". of course it does.

but the problem is not about if you use the term "rose", or it's latin equivalent. the better example is the way that people talk about rocketry, and what the thrust out the back pushes against.

by the common understanding of the term, rockets wouldn't work in space, because there is no air for them to push against. if you want to talk about rockets, you learn the correct meanings so as to know what you are talking about.

just because a bunch of journalists have popularised the term to be as misunderstood as the rocketry example is irrelevent.

when you step into the detailed realms of the internet, it is like walking into the rocketry club. if you don't understand the correct terminology, you will be tollerated for a while, educated as to the correct meaning of the term, and if you still won't use it correctly, asked to go somewhere else where you are free to use the term as you want to, but will have no influence on the technology.

this is fundamental linguistics people, so do try and know the background when you quote something.

The problem with your position is that the Internet is a much wider environment than a rocket club would be. The Internet is changing our society - I don't know anybody my age that hasn't been on the Internet. I know very few who don't have at least one instant messaging account. My parents don't use instant messaging very much. Personally I would rather give up my phone than my ICQ access.

At one time the Internet may have been as you describe but it is not anymore - there are far more "average" people online now than "rocketeers", for good or ill.

none of my sisters go on the net, niether do any of my cousins, they may try but education I fear has let them down.

Start Trek never used the term rocket for the enterprise

As for the average person (livs in the middle of the adlantic, eats a mixture of bread and rice and has sex every 4.5 days) is about as much usefull as it is relervent. what you mean is 'socity' and the 'social groups'.

-- DoctorMO --

Is that really the common understanding of how a rocket works? I'm surprised ..

I don't think H2G2 is representative of the population at large - far too y.

H2G2, might be classed (if your were going to try) as more readable.

-- DoctorMO --