3/29/08

Hackers and Their Hats

White, Gray, Black: obviously this is more nuanced than usual media coverage of, well, anything. It gives us the possibility of at least a middle ground between good and evil. As if reality were anything like the 1s and 0s of a computer world. As in all cases, perspective is vital here.

Let's put a white hacker example here, which I'll contrast in a bit.

This past week, I was able to demonstrate a security flaw in a new (to me) computer system. I did it at work, and even showed the developer of the software directly what had happened. This circumvented all the security measures put in place in this system. Exploiting this oversight, someone could execute "arbitrary code" on the system. This means that the person could do whatever they wanted. Literally. Delete, corrupt data, render the system useless, install "spyware," etc.

By the end of the week, this hole was fixed and, while I haven't had a lot of time to play with the program, I am confident that the problem was resolved and a non-authorized user would not be able to exploit the system with that particular method. My example is mundane and, as I see it, common.

I do not claim the title "hacker," nor is what I did a hack. Primarily because what I showed was so damn easy, but secondarily, as I do not want to announce myself as "committed to transgressing the boundaries established by a combination of corporate practice and convention" (Logie 32). I, actually, was nervous about discussing this in case I were to get in trouble. As of this date, I have not.

But let's give that kind of action a "White Hack" name.

Now, consider you are on the other side of the table; you are the established coder who just, in front of a client, had a security exploit demonstrated in 4 mouse clicks. By the client's "Technical Writer," none-the-less. What color hat am I wearing now? Gray, I guess. What if I had published that same exploit in 2600: The Hacker's Quarterly? Surely black.

But, the trouble is, I'm not wearing any hat, actually, in my opinion. My hair would even be more messed up if I did. I did what I thought was morally correct with that particular information. I am not a X at hacker. I'm a person, damnit. "I am vast. I contain multitudes," etc.

Assigning hat colors to hackers is inaccurate at best, and slanderous at worst.

What I am willing to call myself is, essentially, lazy about things I do not want to do.

In a book referenced by Logie, "The Hacker Ethic," Himanen contrasts the hacker ethic with the Protestant work ethic and emphasizes the nature of work as play. Playing hard, yes, but essentially play because it is mixed with passion. A "hacker," in Himanen's text, as well as in the "hacker" culture at large, is defined more generally than computers. A previous version of the Jargon File (referenced by
Himanen) indicates carpenter hackers (current is Astronomy Hackers) (and the hacker ethic). How can one be a gray hat carpentry hacker? Do black hat carpenters passionately build gallows and guillotines?

They build what they want to. Just as I code what I want to. They're intellectually stimulated by it.

Things are morally neutral, however they may enable a transfer of power. In this case, it can mean that another person's perspective is lost, especially in a morally vague place such as copyright infringement. "No single raindrop believes it is to blame for the flood."



Re-reading that, it feels like a cop-out there. I really don't have an answer to that toolmaker philosophy problem. In short. I don't know.

Short response regarding the quote appearing on pg 109, "I move a Roman Legion of Walls Street Lawyers[...]": Did anyone else think that the Wall Street lawyers were more like a phalanx while the hackers of the world were more like maniple system? Sorry, too much History of Rome podcast...

Note: A more dramatic, and much more fun version of the "white" hacker is in place in the movie "Sneakers." I heartily recommend it. A bad version thereof is the movie "Hackers," which I have attempted to purge from my memory.

No comments: