I just got back from Notacon in Cleveland this weekend, and it has me thinking about the word ‘hacker’ quite a bit. (I’d like to claim the title for myself, but I don’t really think that I have the technical acumen– though I try)
I’ve been reading the third edition of O’Reilly’s ‘Practical Unix & Internet Security’, and I was pissed off by how glibly they dismiss the term hacker. Their gloss: “Today the confusion over the term hacker has largely been resolved. While some computer professionals continue to call themselves hackers, most don’t. In the mind of the public, the word hacker has been firmly defined as a person exceptionally talented with computers who often misuses that skill. Use of the term by members of the news media, law enforcement, and the entertainment industry has only served to reinforce this definition.” (Introduction to Chapter 1)
This is far too glib, and far too dismissive, I think. Despite the common, non-technical use of the word, hacker is a useful term, and meaningfully describes a set of people (especially the group of people who describe themselves as hackers).
On the other hand, the definition in the Jargon File and elsewhere (within the culture) is overly rosy. (At some level, I think the definition in the Jargon File is more prescriptive than descriptive– it doesn’t accurately capture the grammar of the word. This may be intentional, or it may just be that the sense of the word has evolved). This definition is just too general, as well.
Coming up with an accurate definition of the h-word isn’t easy. But I think you can describe what makes the hacker community different, and special.
Hacker culture is, above all, inclusive, bounded by angsty high school kids on one side, and white hat infosec professionals on the other. As a very general characterization, I think most hackers tend to be libertarian idealists (if that isn’t redundant) or anarchists in their twenties or thirties.
I think it’s fair to say that hackers define themselves to some extent by contrast with the great mass of IT professionals. One type of IT professionals is money-minded, bordering on venal, and I think it’s fair to say that most of these people work for big business maintaining SQL Server or some other shitty software. (I suspect that much of the anti-hacker antipathy comes from this quarter) Furthermore, there are many principled coders working in industry; here we run up against the distinction between open source people and hackers.
Most venal IT people do it because they figured out that they can make money doing it; hackers and open source people do it out of love. I think the difference between the open source segment and hackers is one of priorities: open source people worked on projects on their own time in college, but many of their projects languish once they hit the world of work. Open source people are at pains (and good enough) to cherry pick work that they approve of at a moral level. Hackers, by contrast, work to pay the bills while they work on their own projects.
These distinctions also have ramifications for OS choice. Hackers are (almost exclusively) Linux people, as are many open source folk. Venal IT people are frequently dismissive of Linux (fuckers), though this may change with IBM and big business’ embrace of Linux. My impression is that open source people respect OS X and use it, whereas hackers are less inclined to use it. This may also be a function of money.
Hackers are frequently interested in (or at least conversant in) security, and problems of security have important ramifications for the hacker ethos. Hackers run up against many of the problems encountered by scrupulous serious-minded people in other technical fields, but security has ethical ramifications that hackers, by and large, choose to ignore.
A contrast is furnished by Eric Meyer’s talk at Notacon. The proper implementation of CSS and responsible security implementation have run up against institutional and commercial barriers. Meyer talked about how impartial public shaming proved to be a fairly effective way of getting companies to do a better job of implementing CSS. At some level, this is what 2600 and others attempt to do, but they ignore the ethical problems of such an approach.
Hackers have a unique problem. It seems irresponsible not to tell companies about their security holes, but direct reporting of problems is seldom practicable. Nobody wants to hear that the security set-up they rolled (or worse, paid for) is complete bullshit, for one, and implementation runs up against problems of organizational hierarchy, even if the tech people would like to fix their problems.
On the other hand, it seems irresponsible for 2600 to swing wide the door to security exploits by publishing sensitive information. Such public shaming could provide the impetus for a company to set its house in order, but implementation takes time and energy. The 2600/hacker way of doing things is either irresponsible or naive.
At the same time, though, industry has been seriously derelict in selling companies snake oil ’security solutions’, and not educating the public more about security.
The problem is made even more vexing by the success of the internet, I think. It was different when the internet was a glorified research experiment, and not a driving force of commerce. Exposing flaws in an academic setting is completely different than threatening someone’s livelihood.
It would be different if enforcement and legislation were able to keep pace with technical innovation, or be somewhat more forward-thinking. (This might improve if less energy was expended on RIAA/MPAA bullshit) As it is now, the laws that get made are really shitty (anyone remember the DMCA?) and the people who get busted are either immature or undeserving of prosecution. Maybe this will change in the future, but it will be a long time coming. This all leaves hackers in something of a quandary.
Whatever the solution, acting naive isn’t helping anything. Hopefully the culture will evolve and become less simplistic as people in the culture get older– hopefully without losing the inclusiveness towards angsty high school kids.