I think something I would have included that I thought about later is being curiosity driven. It's more personal, but I've found a lot of what I've really enjoyed (and where I've learned the most) has been from allowing myself to go down random rabbit holes to play with different things.
There's some risk to this if you never go deep enough, but I think the benefits are worth it.
I think there's also something to PG's essay about liking debugging specifically too.
I hope your article helps create the same effect on an unknowing high schooler. Thanks for putting it out there!
http://www.catb.org/~esr/faqs/hacker-howto.html#nerd_connect...
I once told my boss about one such idea I had, that I thought would be beneficial to the rest of my collegues. He told me, "Go to the principal, and word your idea so it sounds like it's his idea, and I'm sure he'll give you the go-ahead for it." I told him straight up, that, "Nah, then I'll rather keep it to myself."
Well, I guess you actually found databases instead of scraping sites. The OSINT community does that too.
Edit: readability
If you can land a job like those at PARC or Bell Labs, then yes, "carreer hacking" is certainly possible. Considering how many IT professionals there are now and how few there were back then, I'd say those kinds of jobs are even more scarce now than they used to be.
It's not impossible, but it's not a realistic expectation.
> If you’re devoting a third of it to something completely unrelated to your passion
A programming job is likely to be as far from any kind of hacking passion as any other, with the added disadvantage of possibly poisoning the well, so to speak.
It's a big difference between sating your own curiosity in a hackeresque way, learning about what interests you, programming whatever the heck you like, and working professionally with software development.
If there's a programming job with no specs, no customer demands, no deadlines, no legacy maintenance, no market pressure, no platform preferences or language requirements, please let me know, would you? :)
Start anywhere, any programming tutorial, or any arduino project recipe. Get immersed and always figure out how the stuff really works. You are most likely smart enough to do it.
If employment is an issue, well, what you learned from the above should take you at least halfway to a job and probably make your career better.
Aw, alright - the sword bit is fictitious but the rest is true. Contact with a deity can confer status.
Edit: spelling
Donald Knuth was giving a presentation to celebrate someones birthday by debugging his old FORTRAN code. He was having trouble giving it since his PDF of his presentation was autoforwarding using Adobe Acrobat. I figured out that Preview would avoid this outcome. I think this is the largest contribution I will have to Computer Science.
I spotted the bug in 30 seconds.
It was then I realized that even at the top of our profession, everyone is still human beings with their own sets of strengths and weaknesses, and I have just as much potential as anyone else.
I've seen Knuth give other (more recent) talks out of slides like that one (https://cs.stanford.edu/~knuth/karp80.pdf) where each PDF page is a possibly different size and he wants it displayed full screen individually, but don't recall that problem from other times… so the impact of your contribution may extend beyond that one talk!
"A thing may happen and be a total lie; another thing may not happen and be truer than the truth." -- Tim O'Brien, The Things They Carried
Possibly more of a British English usage; I'd appreciate somebody with better formal language knowledge giving a less shallow insight.
My version on how to become a hacker. It's just another reference point.
Step 1: Go to http://www.catb.org/esr/faqs/hacker-howto.html
Step 1b (bonus): read Hacker News (it actually helped, it also really distracted, the latter part is why it's labeled as bonus)
Step 2: Complete Binary and Malware Analysis at the Vrije Universiteit
Step 3: Complete Computer and Network Security at the Vrije Universiteit
Step 4: Complete Hardware Security at the Vrije Universiteit
Step 4b (bonus, I mean, you're there now anyway): Complete Kernel Programming at the Vrije Universiteit
Step 5: Go to https://hackthebox.eu, hack at least 1 easy, 1 medium, 1 hard and -- for good measure -- 1 insane box
Congratulations, you are now a hacker in every sense of the word:
1. You broke into computer systems.
2. You needed to be curious in order to do it.
This took me 8 months, personally (60 hours per week). I found it a lot of fun. It could take you a lot less time or more time.
-----
I'm assuming you already know how to program, if you don't then get the following prerequisite knowledge.
Step 1: do CS50 in order to learn programming and learn how to learn programming languages. What I've seen in students is that the first 6 weeks are experienced as more difficult than the last 6 weeks (hint: it's because you start off with C). So don't get discouraged. If this is not you and it is the other way around, I've seen that too (though, I've seen it less. It depends on the default mode of thinking that a person uses).
Step 2: do https://www.nand2tetris.org/ to understand computer systems and get some assembly under your belt.
Step 3: if you feel like this road is too rigid, do a project that you're interested in here. Get it out of your system now, because the above mentioned stuff took me 10 months, personally. Create a computer graphics engine with OpenGL and Java. Yes, you could do C++ but that's complicating things for now. If you really want to though, go ahead, C++ is a fine choice if you're burning with passion.
These 3 steps probably take between 4 to 8 months. Some people with a hacker mindset could do this within 2 months, or 1 month even (email me if you did!). Some people that have other stuff going on in their lives will do this in 8+ months. It's all fine.
> Congratulations, you are now a hacker in every sense of the word:
> 1. You broke into computer systems.
> 2. You needed to be curious in order to do it.
There are multiple ways to get to 2. This is one of them. There are multiple ways to get to 1. This is one of them.
I simply leave it in the middle as to who gets to decide what the definition of a hacker is. I simply took both definitions that I know to be defined by hackers themselves (point 2) and the media/general public (point 1).
Subverting computer systems to let it do other things that you want is very very much a part of the definition of 2. Which is how breaking into computer systems and following your technical curiosity can overlap.
But I would totally agree with you that we'd live in a sad world if my path was the only way in which people became hackers.
Also note that Hacker News is on there as a bonus and if it wasn't as distracting as it is, then I'd put it there as mandatory. HN stimulates purely the curiosity part of hacking.
Is it for folks who are focused on going below the application layer (working on OS/Kernal etc) or just general. I find my MacOS to be such a comfortable system to hack and wonder if I actually need to move to Linux natively to get more involved in projects below the application layer.
I've enjoyed learning hacking skills by configuring GNU/Linux partially guided by an excellent MIT course by MacOS users (freely available at https://missing.csail.mit.edu/). On MacOS you can get a lot out of customizing your shell, text editor, terminal multiplexer, etc. with dotfiles. But I prefer a more completely free (libre/open) operating system because it doesn't stop there, I've patched and compiled my own custom window manager as well, and my entire operating system has the level of hackability that I love in the terminal. I guess all of the software I've mentioned is not below the application layer but above other applications (except for the most part the text editor).
>Step 3: Complete Computer and Network Security at the Vrije Universiteit
>Step 4: Complete Hardware Security at the Vrije Universiteit
Can you share the resources i.e. Books, Videos etc used in the above courses? Might be a good starting point for those who want to delve into the subjects.
I know it's the COVID season(s) but other than that: these courses cost 1200 euro's for non-EU students, I think. I'm relatively sure about the price (range: 1000 - 1500 euro's). I'm not sure if they allow contract students from the US.
Let me think about this for a bit.
A hacker is defined as someone who's curious about technology. If you have this knowledge and apply your curiosity to understanding more of it, especially on how systems shouldn't behave but somehow do, then you're a hacker. An example of this type of hacking is creating Tetris in the game of life.
If you break into a computer system (legal or illegal), you're a hacker.
This knowledge helps you to both goals. It helps towards the broadest definition of what being a hacker is, no matter which person you talk to. There is of course the requirement that you're curious as well. But IMO if you're capable of successfully passing this, then you are curious and when given free reign, it'll be applied and you'll learn even more about computer systems.
It's not the only way, but it's one way of doing it. It's not the best way either, but it does answer the question: I want to become a hacker? How? Well, follow this path, tick off every box, notice the change within you and your thinking and voila. You're a hacker.
Obviosly, this is simply my opinion. Feel free to disagree. But I do view that it is that simple. Bear in mind that this path takes at least 2 years if you don't know how to program. So it's much easier said than done. It took me 8 years to get to this point (I studied a lot of other things).
Given that explanation, is there something you don't get? It's a genuine question.
Check out your local subreddits, find links to invites and start forming relationships with people you may never meet. Because more often than not, these are the people that will introduce you to concepts, jobs and cool shit you'd never find out on HN, Reddit or blogs.
I think a lot of the complexity of modern software development is powers that be, entrenching their powerful positions by layering more and more complexity, so that no team of a dozen people can ever hope to compete.
There is no attempt to re-factor our current way of doing things to reduce the complexity 10x. We're stuck with multiple OSes, multiple languages, multiple tools for each language, a plethora of frameworks that do the same thing but slightly differently and none of them do anything uniquely excellent, they're different for historical reasons, not pragmatic.
Half the web developer jobs are a matter of manually solving SQL <-> user interface problem, specific to a business domain.
Why we don't sit down and create protocols/specs for each business domain that span across SQL, UI, security and permissions levels so that each bank doesn't have to hire a team of IT people to do the same thing slightly differently is beyond me - I can only guess it is because nobody in government understands how computers work.
We're seeing some reduction in complexity with cloud providers, but it is of the worst kind - it is consolidation combined with vendor lock-in, proprietary software and pay-as-you-go pricing, yikes!
"(a good example book for this currently is Designing Data Intensive Applications)."
I got this book recently and was planning to read it soon, does he thinks the tools and techniques mentioned in the book are a waste of time, or the opposite?
Hope most HN readers are not coming here looking for new system breaches or vulnerabilities.
And, maybe not coincidentally, I agree with everything in that post.
There are more self-described hackers that do good and creative things, and not just related to computer security than the malicious types. Fun fact, the "maker" movement was a branded version of the "hackerspace" movement for people. Any time you hear about a Maker they're also a Hacker just kind of a subset of them.
Source: I'm senior staff of DEFCON, the largest hacker conference on the planet.
Other comments have mentioned "cracker" in relation to invading systems. Before computers we had "safe-crackers".
I was super into reverse engineering and loved the challenge. It seemed at some point "cracker" moved away from someone who can break software protections through reversing to someone who uses tooling to break into systems, without understanding how computers work. I still prefer "cracker" as someone who can reverse and break software protections.
Also, Thanks for helping out with Defcon! Been there a couple times and plan to go again. At the next live con i'm down to meet and talk about hacker lore!
If it's nothing to do with software or hardware security, then it's not hacking.
And yes, this site is itself woefully misnamed.
https://www.google.com/amp/s/www.newyorker.com/tech/annals-o...
Did you think this resource was about the infiltration profession?
(I bring it up because too many people see hacking as glamorous when it often is not, except for the payoff at the end)
Like anything, it's usually the payoff that is exciting and glamorous. I know the old hacker mantra: 'boredom and drudgery are evil' hence why we automate everything, but I don't think the mantra holds true for most hackers. The best hackers know that programming essentially works against you when you do it, because there's no instant gratification. You have to constantly bang your head against the wall (even because of simple syntax mistakes that make you feel like a n00b all over again).
The payoff is always fantastic though. Whitehat or blackhat, knowing that all that hard work and grunt pays off is a wonderful feeling. I tend to veer towards whitehat stuff though because of the old saying: 'If you can't do the time, don't do the crime'.
PS: Found 0day on Paypal when I was 12 in the early '00s, never got paid or recognized for it :(
PS: Congratulations? How is this relevant, gate-keeping aside?
Sure, if you mean the creativity, bending the rules of what's possible, general interest in discovery... that's traits people have in the first place before being called hackers. But that's not the only way.
There's a strong "if you can't figure it out on your own you're too stupid to help" vibe to it, while the rest of the dev world has actually made some decent strides toward valuing inclusion and education.
So, even though it sounds obvious : the number one priority is meeting other people, sharing information. Social skills are sooo important if you're not an absolute genius...
From the ESR article linked: “The basic difference is this: hackers build things, crackers break them.”
A true hacker asks a lot of questions. Lots and lots of questions. The longer you hack, the more obscure, interesting, and fascinating the questions become.
In fact, a key part of becoming a hacker is figuring out the right questions to ask. You learn to do so by asking the wrong questions. As you gain experience, revisiting old questions can lead to beautiful solutions.
Another important aspect of being a hacker is sharing knowledge! Hacking is about learning. A lot of what I learned is from reading what others have wrote. Also by failing and experimenting.
When I was a kid, I did ask my friends "how do i become a hacker" and "how do I hack". I'm glad I did, because I've been enjoying the journey ever since.
But I do tend to call people out on this when people stifle curiosity with these type of claims. Knowing myself, I know that 10 years ago I might've taken your advice to heart as I didn't know any better. I know that I've done this in other areas of my life and it has had a negative impact.
So I am here to produce a counter voice loudly proclaiming that one should be very sceptical about taking your opinion to heart.
Some people claim God exists. And I therefore should live quite differently than I am right now. I require extraordinary evidence.
Some people claim that you can't become a hacker if you need to ask it. I require extraordinary evidence.
In spirit of my sentiment, I'm going to give you a counterexample. I'm the counterexample.
Step 1: Go to http://www.catb.org/esr/faqs/hacker-howto.html
Step 2: Complete Binary and Malware Analysis at the Vrije Universiteit
Step 3: Complete Computer and Network Security at the Vrije Universiteit
Step 4: Complete Hardware Security at the Vrije Universiteit
Step 4b (bonus, I mean, you're there now anyway): Complete Kernel Programming at the Vrije Universiteit
Step 5: Go to https://hackthebox.eu, hack at least 1 easy, 1 medium, 1 hard and -- for good measure -- 1 insane box
Congratulations, you are now a hacker in every sense of the word:
1. You broke into computer systems.
2. You needed to be curious in order to do it.
If you think this is my whole path then that's not true. This is simply the happy path that I uncovered. It's not optimal, but it works. It might not work for everyone, but I'm sure it will work for more people than just me.
I am now a hacker. And I'm sure there are more counter examples stemming from the VUSec group that started hacking real machines after that.
That's my evidence. I don't expect that you have enough evidence as your position is much tougher and I wouldn't even know how to begin on starting an argument that does. My point simply is: please be a bit careful about the accuracy of your statements if it implies negative consequences. Inconvenient truths are fine, but simply opinions without any backing that leads to something negative really feels disheartening to read.
Note: I didn't downvote. I don't think you had any ill intentions. And you do provide your actual view in a succinct manner (something I could learn from O:) ). And that's what discussion is all about, albeit a bit rough at times, perhaps.
Just curious, theoretically speaking, what are some evidences that would be 'extraordinary enough' for you to believe? For sake of argument, let's assume we're talking about the Judeo-Christian god as described in the standard Bible.
