_______________________________________________________________________________________________________________
EMAIL 3 - FROM DAVID
_______________________________________________________________________________________________________________

I appreciate your well-considered answer.  This looks like the start of
an interesting debate.

> Now I must say that I'm not a perfect stereotype of a hacker (or if you'd
> rather call it cracker), I have just been arguing with a large group of so
> called hackers about the real philosophy of hacking. So here goes...

I'd like to carefully separate the ideas of hacking and cracking.  Hacking
involves neat tricks with a computer that do not injure other people (using
injure in a fairly broad sense).  For example, figuring out the RoboWar
password system is an excellent example of hacking.  Disabling copy protection
on a game but not distributing the game is another example of hacking.

Cracking begins when you distribute the game or when you break into
somebody else's computer.  We don't have proof that these activities are
bad, but I'd like to hear you defend that they are not bad.  Do you agree
that there is a distinction?

> Firstly, I'll cover the current idea's of others, including the mentor:
> Hacking is meant to be a fight for freedom of information, the idea is that
> all information currently controlled should not be regulated by governments
> and large organisations. These hackers, I think, are fighting for freedom
> of all information, they want no hidden knowledge.

You make two very different statements here.  One is that information should
not be controlled by governments.  The second is that there should be
no hidden knowledge.  Do you mean one, the other, or both?  For example,
1984 is a classic example of a government controlling information.  On the
other hand, when my doctor won't tell you the results of my AIDS test is
an example of hidden knowledge.

> But these people have a problem, firstly they assume they are fighting a
> conspiracy, I think they are not. Secondly, they don't consider the
> distinction between personal info and public info. My guess is that they
> are using the noble sounding words to pass of the simple enjoyment and high
> they get from hacking.

I think you are suggesting here that you just support the first statement.
Can you define public info more precisely?

> But your question is more specific:
> >Specifically:  do you believe your right to satisfy your curiosity is
> >more important than the right of others to their own privacy?  Do you agree
> >this question is at the heart of justifying cracking, or do you believe
> >for some reason it is irrelevant?

> I'm not sure you question is the centre of hacker justification, you see
> the idea of rights is one developed by society for the purpose of a moral
> base, and to make life livable for everyone. Now we are talking about a
> right of information, and a right of privacy. Now the problem I have with
> 'rights' is that it implies ethics and morality... I have a hard time with
> this :) What I'm trying to do is have an philosophy that doesn't rely upon
> ethics, but instead implies them.

It's an admirable goal to create such a philosophy.  However, I contend that
the question of rights is fairly fundamental and this is where the definitions
of hacking vs. cracking are critical.  Hacking is an act of joy for the
hacker which doesn't impact others.  Cracking starts to affect others, so
the rights of each party become important.

The question could be put a different way.  It's difficult to formulate
philosophy because there are so few (if any) known truths.  Would you accept
the Golden Rule as a fundamental underpining of philosophies you'd like to
develop?  If so, I would suggest it has implications on the privacy vs.
curiosity question.

Save these transcripts.  You might want to put a more complete discussion
on your web page when we've reached firmer conclusions or a total impasse.

Happy hacking!

David

_______________________________________________________________________________________________________________
EMAIL 4 - FROM LUCAS
_______________________________________________________________________________________________________________
>I appreciate your well-considered answer.  This looks like the start of
>an interesting debate.

Yeah, this is going to be fun! :) But why did you start assuming I'd be unreasonable? Have you talked to other less-levely-minded hackers/crackers?

>> Now I must say that I'm not a perfect stereotype of a hacker (or if you'd
>> rather call it cracker), I have just been arguing with a large group of so
>> called hackers about the real philosophy of hacking. So here goes...
>
>I'd like to carefully separate the ideas of hacking and cracking.  Hacking
>involves neat tricks with a computer that do not injure other people (using
>injure in a fairly broad sense).  For example, figuring out the RoboWar
>password system is an excellent example of hacking.  Disabling copy protection
>on a game but not distributing the game is another example of hacking.

I once tried to do the same thing, but kept on hacking trouble with the boundaries. If you say 

>Disabling copy protection
>on a game but not distributing the game is another example of hacking.

Then whats the difference if you show a freind?

I'd say that it is cracking, you are getting something for nothing and damaging a person's income. Well this is not stricktly true, you may have not normally botherd to buy the program anyway. So where's the line? And more exactly if that's hacking, what's cracking? Would cracking be the distrebution as you suggest? - that's pirating by deffinition. The other one you say is when you break into another computer.If you mean only this then is it to do with the breaking of public data? 

The only distinct way to clasify the two, I found, is to say cracking is breaking the law, hacking isn't. Now with this solution you let the greay area's of the law become the grey area's of hacking/cracking. It's a solution, but still is not perfect.

>Cracking begins when you distribute the game or when you break into
>somebody else's computer.  We don't have proof that these activities are
>bad, but I'd like to hear you defend that they are not bad.  Do you agree
>that there is a distinction?

oooo, there's that word: 'bad'. :)

What damage is done if I find out the admin password for AOL? 

Secondly, you are verging on the definintion of the word bad, do you mean that if it hurts someone else it's bad? or just if it breaks the law?

>> Firstly, I'll cover the current idea's of others, including the mentor:
>> Hacking is meant to be a fight for freedom of information, the idea is that
>> all information currently controlled should not be regulated by governments
>> and large organisations. These hackers, I think, are fighting for freedom
>> of all information, they want no hidden knowledge.
>
>You make two very different statements here.  One is that information should
>not be controlled by governments.  The second is that there should be
>no hidden knowledge.  Do you mean one, the other, or both?  For example,
>1984 is a classic example of a government controlling information.  On the
>other hand, when my doctor won't tell you the results of my AIDS test is
>an example of hidden knowledge.

That's partially what I find anoying about many other hacker ethics, they never mention anything other than info held by governments and by large companies.

>> But these people have a problem, firstly they assume they are fighting a
>> conspiracy, I think they are not. Secondly, they don't consider the
>> distinction between personal info and public info. My guess is that they
>> are using the noble sounding words to pass of the simple enjoyment and high
>> they get from hacking.
>
>I think you are suggesting here that you just support the first statement.
>Can you define public info more precisely?

I went on in the email about the right's of information, data is as private as it's direct effect. So the unltimate private data is data that has no direct effect on anyone else, bar youself. the ultimate publi8c data is info that directly effects evryone.

>> I'm not sure you question is the centre of hacker justification, you see
>> the idea of rights is one developed by society for the purpose of a moral
>> base, and to make life livable for everyone. Now we are talking about a
>> right of information, and a right of privacy. Now the problem I have with
>> 'rights' is that it implies ethics and morality... I have a hard time with
>> this :) What I'm trying to do is have an philosophy that doesn't rely upon
>> ethics, but instead implies them.
>
>It's an admirable goal to create such a philosophy.  However, I contend that
>the question of rights is fairly fundamental and this is where the definitions
>of hacking vs. cracking are critical.  Hacking is an act of joy for the
>hacker which doesn't impact others.  Cracking starts to affect others, so
>the rights of each party become important.

You are right, if we are going to talk about the ethics, then we must assume rights.

>The question could be put a different way.  It's difficult to formulate
>philosophy because there are so few (if any) known truths.  Would you accept
>the Golden Rule as a fundamental underpining of philosophies you'd like to
>develop?  If so, I would suggest it has implications on the privacy vs.
>curiosity question.

hehe, I'm currently mid-discussion with a PHD philosophy student at Edinburgh, talking about truth :)

But information is not truth, it is a possibility.

btw - what exactly do you mean by 'the Golden Rule'?

>Save these transcripts.  You might want to put a more complete discussion
>on your web page when we've reached firmer conclusions or a total impasse.

We'll get some where! But I'm thinking of simply putting up my discussions on the net as they happen. But I'm definitly keeping them.

>Happy hacking!

hehe.

_______________________________________________________________________________________________________________
EMAIL 5 - FROM DAVID
_______________________________________________________________________________________________________________
> Yeah, this is going to be fun! :) But why did you start assuming I'd be
> unreasonable? Have you talked to other less-levely-minded hackers/crackers?

At MIT there was a tendency to flame and become dogmatic when emotionally
charged issues were discussed.

> >Disabling copy protection
> >on a game but not distributing the game is another example of hacking.
> 
> Then whats the difference if you show a freind?

Be careful what you mean by "show a friend."  If you invite the friend over
to your place, you're not distributing the game.  If you post the game to
the network, it's a different story.  An idealist might claim he's just 
letting people see what he's done, but realistically you are pirating the
software.  Again, whether piracy is ok is a question in itself, but I'd
claim that disabling copy protection as an intellectual exercise is
different than facilitating piracy.

> I'd say that it is cracking, you are getting something for nothing and
> damaging a person's income. Well this is not stricktly true, you may have
> not normally botherd to buy the program anyway. So where's the line? And

"not bothered to buy the program anyway" is the classic lame argument
for piracy.  Why is it right to play a pirated game if you weren't
really interested in playing the game, but wrong if you were
interested?  

> more exactly if that's hacking, what's cracking? Would cracking be the
> distrebution as you suggest? - that's pirating by deffinition. The other
> one you say is when you break into another computer.If you mean only this
> then is it to do with the breaking of public data?
> 
> The only distinct way to clasify the two, I found, is to say cracking is
> breaking the law, hacking isn't. Now with this solution you let the greay
> area's of the law become the grey area's of hacking/cracking. It's a
> solution, but still is not perfect.

The law is a dangerous force to bring into play here.  Law is written mostly
by people who don't understand computers.  Let's see if we can work a bit
harder to distinguish hacking and cracking without such a cruch.

Some activities are clearly hacking, some cracking, and some in a difficult
gray area in between.  Both activities involve certain intellectual
exercises and have a certain joy.  I propose to distinguish the two by
defining cracking as the set of activities that an enlightened society
would not want it's members performing.  

This sets the stage for examining specific actions across the spectrum and
seeing which ones fit the definition of cracking.  Would you accept the
definition and steer this discussion toward categorizing activities?
I hope the definition isn't emotionally charging the issue--if you consider
yourself a cracker, you'll probably resent this definition.  I presume you
consider some activities undesirable, though, so I'd like you to call yourself
a hacker and help explore the boundary of cracking.

> btw - what exactly do you mean by 'the Golden Rule'?

Golden rule:  do unto others as you would have them do unto you.  It's at
the root of most systems of ethics I'd want to see.

David

_______________________________________________________________________________________________________________
EMAIL 6 - FROM LUCAS
_______________________________________________________________________________________________________________
>> I'd say that it is cracking, you are getting something for nothing and
>> damaging a person's income. Well this is not stricktly true, you may have
>> not normally botherd to buy the program anyway. So where's the line? And
>
>"not bothered to buy the program anyway" is the classic lame argument
>for piracy.  Why is it right to play a pirated game if you weren't
>really interested in playing the game, but wrong if you were
>interested?  

I didn't mean games and the like. What I meant is getting things like photoshop, there is no way I could afford it. But I beleave that the definition for distribution of hacked programs, serial number etc, is called warez. This again is different from hacking and cracking. Warez is basically pirating, the only difference is that warez is pirating over the internet.

>Some activities are clearly hacking, some cracking, and some in a difficult
>gray area in between.  Both activities involve certain intellectual
>exercises and have a certain joy.  I propose to distinguish the two by
>defining cracking as the set of activities that an enlightened society
>would not want it's members performing.  
>
>This sets the stage for examining specific actions across the spectrum and
>seeing which ones fit the definition of cracking.  Would you accept the
>definition and steer this discussion toward categorizing activities?

Sure. Lets go. I'm still not quite sure on where you draw the line between warez/pirating and cracking.  You are taking hacking as an intelectual excercise, cracking as the same excercise when it damages someone else.

>I hope the definition isn't emotionally charging the issue--if you consider
>yourself a cracker, you'll probably resent this definition.  I presume you
>consider some activities undesirable, though, so I'd like you to call yourself
>a hacker and help explore the boundary of cracking.

I generally refer to myself as a hacker, but don't worry about emotionally charged issues when talking to me, I don't get worked by a few characters on a computer screen :)

But I'm ment to be supporting hacking. I guess that what this is going to boil down to is: why have I got that tutorial on my web page. The reason it's up there is not as a piece of warez, It is genuanly for learning.

All for now...
David,

_______________________________________________________________________________________________________________
EMAIL 7 - FROM DAVID
_______________________________________________________________________________________________________________

Lucas,

I apologize for the delay responding to the last message; I've been pretty
busy.  My simulation just reported an error after 130,000 test vectors so
now I have time to reply while rerunning it to the point of failure.

>>Some activities are clearly hacking, some cracking, and some in a difficult
>>gray area in between.  Both activities involve certain intellectual
>>exercises and have a certain joy.  I propose to distinguish the two by
>>defining cracking as the set of activities that an enlightened society
>>would not want it's members performing.
>>
>>This sets the stage for examining specific actions across the spectrum and
>>seeing which ones fit the definition of cracking.  Would you accept the
>>definition and steer this discussion toward categorizing activities?

>Sure. Lets go. I'm still not quite sure on where you draw the line between
>warez/pirating and cracking.  You are taking hacking as an intelectual
>excercise, cracking as the same excercise when it damages someone else.

Let's return to focus the debate with this definition in mind.  I like your
distinction of a third category (warez/pirating) separate from cracking, so
we'll remove those actions from the hacking/cracking debate.


>         Assuming that we call cracking, unethical/evil hacking, then there
> is no way crackers can be defended. Hacking on the other hand, with
> different motives, can be. If we say that it is for curiosity and the
> search fro knowledge/experience, then we again end up with you question,
> does the right for knowledge justify the intrusion?

As mentioned above, let's try to categorize actions as hacking.  I take it
that you propose defining hacking as actions which don't break into or edit
personal information, damage a system, mean harm, or do harm.

> Hackers don't break into personal information and edit it.
> Hackers don't damage a system.
> Hackers don't mean harm and don't do harm.
> So how can you argue against them?

"Don't do harm" is a dangerous term to use; I think by definition our
enlightened society wouldn't disagree with actions which don't do harm.
Therefore, we need to look carefully at particular actions and see the
consequences.  "Don't mean harm" is a worthless platitude.  Releasing
the Internet worm wasn't done with the intention of harm, but it's certainly
not an action society would want.

Let's look at your first two points.  Not damaging a system seems important.
What do you mean by "don't break into personal information and edit it?"
Do you mean "don't break into personal information" in which case editing it
is obviously impossible, or do you mean that viewing personal information
is hacking, but that editing the information is cracking.

> If you say that there is a right fro information to be with-held, then does
> that mean no one else can access it (even if they don't read it, or if they
> do then nothing happens as a result). IS that wrong in any way? and Does
> anyone have a right against that? I think not. I think that those who are
> cleaver enough to get through a system should not be stopped, all hackers I
> know have left a message saying where the weakness lies, so are they not
> making your data safe? If you do have a right to with-hold data then surely
> a hacker in breaking into the system, not looking at the info, and
> improving is actually helping you?

Let's take an analogy.  Many freshmen at MIT learn to pick locks.  They
could hone their skills by picking the lock of your dorm room, slipping
a note through the door saying that there's a weakness in your lock, and
then closing the door.  Aside from the issue of accidentally damaging the
lock while picking it (perfect lock pickers and perfect hackers would never
cause accidental damage, but real ones like you and I make occasional
mistakes), is having your room broken into really helping you preserve
your privacy?

> But then we get to crackers, they change information, they blackmail, they
> destroy. But what can you do about it? There will always be a cleaver, but
> suspect minded person. No I think it is better to release information about
> hacking, for two reasons, 1) it is a fantastically rewarding practice. 2)
> It improves security.

There's an important distinction between distributing information about 
actions which could be considered cracking and actually carrying out the
actions described in the information.  The current hot example is SATAN.
Distributing SATAN seems like a noble service.  It allows system administrators
to find and correct the weaknesses in their own system.  Running SATAN on
another person's system is a separate question.  Would you consider that
hacking or cracking?

> But I don't believe that writing viruses and the like is worth it. That has
> no constructive purpose. But seven then I might argue. The virus written by
> the Word programmer was not evil in any way. (did you hear about it? a
> macro written virus) So I would with-hold my judgment on any case until I
> know exactly what happens, and what he motive was.

Let's also look at viruses in a bit more detail.  We need a working definition;
I propose to call a virus any program that attempts to replicate itself
across all machines it can without permission of the machine owner.  Viruses
can further be divided into kinds which intentionally cause damage and those
which do not intentionally cause damage.  Many in the second category
accidentally cause damage (at least system crashes) because they are buggy.

Writing a virus without releasing it is dangerous but I'd be hard pressed
to show it does damage.  Is releasing a virus hacking or cracking?  Does it
matter whether the virus intentionally causes damage (you'd seem to indicate
this is a factor for the Word virus)?  Does it matter whether the virus
tends to impact owners of software produced by wealthy corporations more
than computer users who don't own such software?

I've posed a bunch of questions here and waited through 98,200 test vectors.
I look forward to your answers.

David

_______________________________________________________________________________________________________________
EMAIL 8 - FROM LUCAS
_______________________________________________________________________________________________________________

>"Don't do harm" is a dangerous term to use; I think by definition our
>enlightened society wouldn't disagree with actions which don't do harm.
>Therefore, we need to look carefully at particular actions and see the
>consequences.  "Don't mean harm" is a worthless platitude.  Releasing
>the Internet worm wasn't done with the intention of harm, but it's certainly
>not an action society would want.

I think that nayone with the knowledge to write a worm, or break ito a system can useually tell what the chances are of accidental damage occuring. So someone who makes and releases a worm is perposefully damaging the net, and they know it.

>Let's look at your first two points.  Not damaging a system seems important.
>What do you mean by "don't break into personal information and edit it?"
>Do you mean "don't break into personal information" in which case editing it
>is obviously impossible, or do you mean that viewing personal information
>is hacking, but that editing the information is cracking.

more or less. If we take the def of cracking to be motie aswell as action then yes, the editing of the info is cracking. So the mentality of a cracker is 'fuck everyone else'. I know a few people who sometimes behave so.

>> If you say that there is a right fro information to be with-held, then does
>> that mean no one else can access it (even if they don't read it, or if they
>> do then nothing happens as a result). IS that wrong in any way? and Does
>> anyone have a right against that? I think not. I think that those who are
>> cleaver enough to get through a system should not be stopped, all hackers I
>> know have left a message saying where the weakness lies, so are they not
>> making your data safe? If you do have a right to with-hold data then surely
>> a hacker in breaking into the system, not looking at the info, and
>> improving is actually helping you?
>
>Let's take an analogy.  Many freshmen at MIT learn to pick locks.  They
>could hone their skills by picking the lock of your dorm room, slipping
>a note through the door saying that there's a weakness in your lock, and
>then closing the door.  Aside from the issue of accidentally damaging the
>lock while picking it (perfect lock pickers and perfect hackers would never
>cause accidental damage, but real ones like you and I make occasional
>mistakes), is having your room broken into really helping you preserve
>your privacy?

here's the diferences: 1) you can't change a lock to get rid of the weakness without replacing it. So it is of no help. Where on a computer system it's often something easily changed. 2) You are mixing up the feeling of personal safty and computer safty. When someone breaks into my room I feel scared, when someone breaks into a network I'm running I think, yikes, but it's not uncomfortable in the same way.

>> But then we get to crackers, they change information, they blackmail, they
>> destroy. But what can you do about it? There will always be a cleaver, but
>> suspect minded person. No I think it is better to release information about
>> hacking, for two reasons, 1) it is a fantastically rewarding practice. 2)
>> It improves security.
>
>There's an important distinction between distributing information about 
>actions which could be considered cracking and actually carrying out the
>actions described in the information.  The current hot example is SATAN.
>Distributing SATAN seems like a noble service.  It allows system administrators
>to find and correct the weaknesses in their own system.  Running SATAN on
>another person's system is a separate question.  Would you consider that
>hacking or cracking?

That very much depeneds on the motives, I've never used satan, so I'd say when I get holld of it, it's hacking. I'm playing with the system. If I were to deside to go into your area on the net and change it to mes up your web area, that would be a crack.

>Let's also look at viruses in a bit more detail.  We need a working definition;
>I propose to call a virus any program that attempts to replicate itself
>across all machines it can without permission of the machine owner.  Viruses
>can further be divided into kinds which intentionally cause damage and those
>which do not intentionally cause damage.  Many in the second category
>accidentally cause damage (at least system crashes) because they are buggy.
>
>Writing a virus without releasing it is dangerous but I'd be hard pressed
>to show it does damage.  Is releasing a virus hacking or cracking?  Does it
>matter whether the virus intentionally causes damage (you'd seem to indicate
>this is a factor for the Word virus)?  Does it matter whether the virus
>tends to impact owners of software produced by wealthy corporations more
>than computer users who don't own such software?

releasing a virus is niether hacking nor cracking. If I were to edit an already existing virus to update it with the perpose being to infect someones computer, wether it did damages or not, would be a crack. Necause I'm not stuid enough to think that no bug's would exist and that it would do no damage. If I were to update a virus to figure out how they work, no other reason then the alteration of the virus would be a hack. The only difference with a virus that damages is that it's worse.