Tuesday, October 31, 2006

Making of a good Ethical Hacker

This post contains a bunch of definitions of the term ‘hacker’, most having to do with technical adeptness and a delight in solving problems and overcoming limits. If you want to know how to become a hacker, though, only two are really relevant.

What is a Hacker ?
There is a community, a shared culture, of expert programmers and networking wizards that traces its history back through decades to the first time-sharing minicomputers and the earliest ARPAnet experiments. The members of this culture originated the term ‘hacker’. Hackers built the Internet. Hackers made the Unix operating system what it is today. Hackers run Usenet. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker.

The hacker mind-set is not confined to this software-hacker culture. There are people who apply the hacker attitude to other things, like electronics or music — actually, you can find it at the highest levels of any science or art. Software hackers recognize these kindred spirits elsewhere and may call them ‘hackers’ too — and some claim that the hacker nature is really independent of the particular medium the hacker works in. But in the rest of this document we will focus on the skills and attitudes of software hackers, and the traditions of the shared culture that originated the term ‘hacker’.

There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people ‘crackers’ and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker’ to describe crackers; this irritates real hackers no end.

The basic difference is this: hackers build things, crackers break them.

If you want to be a hacker, keep reading. If you want to be a cracker please dont continue with this blog

The Hacker Attitude

1. The world is full of fascinating problems waiting to be solved.
2. No problem should ever have to be solved twice.
3. Boredom and drudgery are evil.
4. Freedom is good.
5. Attitude is no substitute for competence.

Hackers solve problems and build things, and they believe in freedom and voluntary mutual help. To be accepted as a hacker, you have to behave as though you have this kind of attitude yourself. And to behave as though you have the attitude, you have to really believe the attitude.
But if you think of cultivating hacker attitudes as just a way to gain acceptance in the culture, you'll miss the point. Becoming the kind of person who believes these things is important for you — for helping you learn and keeping you motivated. As with all creative arts, the most effective way to become a master is to imitate the mind-set of masters — not just intellectually but emotionally as well.
Or, as the following modern Zen poem has it:

To follow the path: look to the master, follow the master, walk with the master, see through the master, become the master.
So, if you want to be a hacker, repeat the following things until you believe them:

1. The world is full of fascinating problems waiting to be solved.

Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The effort takes motivation. Successful athletes get their motivation from a kind of physical delight in making their bodies perform, in pushing themselves past their own physical limits. Similarly, to be a hacker you have to get a basic thrill from solving problems, sharpening your skills, and exercising your intelligence.

If you aren't the kind of person that feels this way naturally, you'll need to become one in order to make it as a hacker. Otherwise you'll find your hacking energy is sapped by distractions like sex, money, and social approval.

(You also have to develop a kind of faith in your own learning capacity — a belief that even though you may not know all of what you need to solve a problem, if you tackle just a piece of it and learn from that, you'll learn enough to solve the next piece — and so on, until you're done.)

2. No problem should ever have to be solved twice.

Creative brains are a valuable, limited resource. They shouldn't be wasted on re-inventing the wheel when there are so many fascinating new problems waiting out there.

To behave like a hacker, you have to believe that the thinking time of other hackers is precious — so much so that it's almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re-address old ones.

Note, however, that "No problem should ever have to be solved twice." does not imply that you have to consider all existing solutions sacred, or that there is only one right solution to any given problem. Often, we learn a lot about the problem that we didn't know before by studying the first cut at a solution. It's OK, and often necessary, to decide that we can do better. What's not OK is artificial technical, legal, or institutional barriers (like closed-source code) that prevent a good solution from being re-used and force people to re-invent wheels.

(You don't have to believe that you're obligated to give all your creative product away, though the hackers that do are the ones that get most respect from other hackers. It's consistent with hacker values to sell enough of it to keep you in food and rent and computers. It's fine to use your hacking skills to support a family or even get rich, as long as you don't forget your loyalty to your art and your fellow hackers while doing it.)

3. Boredom and drudgery are evil.

Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work, because when this happens it means they aren't doing what only they can do — solve new problems. This wastefulness hurts everybody. Therefore boredom and drudgery are not just unpleasant but actually evil.

To behave like a hacker, you have to believe this enough to want to automate away the boring bits as much as possible, not just for yourself but for everybody else (especially other hackers).

(There is one apparent exception to this. Hackers will sometimes do things that may seem repetitive or boring to an observer as a mind-clearing exercise, or in order to acquire a skill or have some particular kind of experience you can't have otherwise. But this is by choice — nobody who can think should ever be forced into a situation that bores them.)

4. Freedom is good.

Hackers are naturally anti-authoritarian. Anyone who can give you orders can stop you from solving whatever problem you're being fascinated by — and, given the way authoritarian minds work, will generally find some appallingly stupid reason to do so. So the authoritarian attitude has to be fought wherever you find it, lest it smother you and other hackers.

(This isn't the same as fighting all authority. Children need to be guided and criminals restrained. A hacker may agree to accept some kinds of authority in order to get something he wants more than the time he spends following orders. But that's a limited, conscious bargain; the kind of personal surrender authoritarians want is not on offer.)

Authoritarians thrive on censorship and secrecy. And they distrust voluntary cooperation and information-sharing — they only like ‘cooperation’ that they control. So to behave like a hacker, you have to develop an instinctive hostility to censorship, secrecy, and the use of force or deception to compel responsible adults. And you have to be willing to act on that belief.

5. Attitude is no substitute for competence.

To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won't make you a hacker, any more than it will make you a champion athlete or a rock star. Becoming a hacker will take intelligence, practice, dedication, and hard work.

Therefore, you have to learn to distrust attitude and respect competence of every kind. Hackers won't let posers waste their time, but they worship competence — especially competence at hacking, but competence at anything is valued. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best.

If you revere competence, you'll enjoy developing it in yourself — the hard work and dedication will become a kind of intense play rather than drudgery. That attitude is vital to becoming a hacker.

Monday, October 30, 2006

Expose Your Ignorance

"Tomorrow I need to look stupider and feel better about it. This staying quiet and trying to guess what's going on isn't working so well."
Jake Scruggs during the early days of his apprenticeship at Object Mentor

Context: The people who are paying you to be a software developer are depending on you to know what you're doing.

People need confidence that you can deliver, yet you are unfamiliar with the required technologies.

Solution:Show the people who are depending on you that delivering software is a learning process. Let them see you grow.

The need to appear competent is ingrained into the people of most industrialized societies. What's more, these societies are increasingly dependent on your competency as software creeps ever-deeper into our everyday lives. Yet because of your inexperience you have many zones of ignorance. You are in a bind. The people around you are under tremendous pressure to deliver software: your manager, your client, your colleagues, not to mention, you. You can see this need for confidence in people's eyes when they ask you how long feature X will take you to finish. There can be tremendous pressure to pacify these people, to reassure them that you know precisely what they want, how you're going to give it to them, and when.

A software craftsman builds her reputation through strong relationships with her clients and colleagues. Conceding to unspoken pressures and telling people what they want to hear is not a good way to build strong relationships with them. Tell them the truth. Let them know that you're starting to understand what they want and you're in the process of learning how to give it to them. If you reassure them, reassure them with your ability to learn, not by pretending to know something you don't. In this way, your reputation will be built upon your learning ability rather than what you already know.

The most obvious way to Expose Your Ignorance is to ask people questions. This is easier said than done, particularly when the person you're asking has assumed you understood what, in fact, you do not. Press on! Sure, you could protect your pride and take less direct routes to obtain the required knowledge, but remember that your road to journeyman will be reduced by taking the most direct route available. With practice and time, you will find that asking direct questions to the most knowledgeable people will become second-nature. While you are exposing your ingrained, you are also exposing them to your learning ability.

A not knowing stance

As a family therapist I was taught to throw off the notion that I had expert knowledge about other peoples' lives. To approach people with a "not knowing" stance. This is a hard pill to swallow, whether you're a newbie therapist or newbie programmer. Your instincts tell you to hide your ignorance, to feign expert knowledge, but this only stunts your growth and inhibits the work you are trying to accomplish. Taking this lesson with me from one career into another has served me well. I've actually grown attached to feeling ignorant on a daily basis, it lets me know I'm in the right place. I'm growing.

Get used to this learning process, this is craftsmanship. There are those who are uncomfortable with this process. Rather than becoming craftsmen, these people become experts, people who achieve expertise on one platform or in one domain and stick with it. Because of her narrow focus, an expert can deliver functionality into a specific context better than anyone. It is certainly important and inevitable for our industry to have experts, but that is not the goal of the apprentice.

Expertise is a byproduct of The Long Road, not the destination. Over the course of her journey, a craftsman will work with countless technologies and domains. If through necessity or interest, she Digs Deep and develops expertise in one or more of them, so much the better. This is to be expected, just as the woman training for a marathon develops stronger leg muscles. She's not training to have strong legs, she's training to run. Like the motivated developer who after working on a Python project for two years achieves a deep knowledge of Python, the marathon runner's strong leg muscles are a means, not an end.

The critical distinction between a craftsman and an expert is what happens after a sufficient level of expertise has been achieved. The expert will do everything she can to remain wedded to a single context, narrowing the scope of her learning, her practice, and her projects. (She can make a good money by doing this.) The craftsman has the courage and humility to set aside her expertise and pick up an unfamiliar technology or learn a new domain as she continues to Wear The White Belt.

Craftsmen could be considered experts at learning, identifying an area of ignorance and working to reduce it. Like bare patches in a garden, ignorance can be reduced by cultivating your seeds of knowledge. Water your seeds through experimentation, practice, and reading. You can choose to hide these bare patches from the light, embarrassed by their size, covering them with traps to keep your pride intact. Or you can choose to expose them, being honest with yourself and the people who are depending on you, and asking for help.

By the end of your apprenticeship, you will have in-depth knowledge into a few threads of technology. With these threads you will possess the ability to weave together robust software applications on a small number of platforms and domains. The master craftsman has the ability to weave a tapestry out of myriad threads. No doubt she will have her favorite threads, and her favorite combinations, but the number of threads will be high, allowing the master craftsman to adapt into a wide range of technological environments. This is where The Long Road will take you. By exposing and then Confronting Your Ignorance, you will spin the missing threads much more quickly than by faking it in order to appear competent.


Twitter Delicious Facebook Digg Stumbleupon Favorites More