Eric S. Raymond Harold Willison _________________________________________________________ Guide to (mostly) Harmless Hacking Vol. 6 Real Hackers No. 1: Eric S. Raymond _________________________________________________________ "Hackers built the Internet. Hackers made the UNIX operating system what it is today. Hackers run Usenet. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker... "There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people `crackers' and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word `hacker' to describe crackers; this irritates real hackers no end. "The basic difference is this: hackers build things, crackers break them... Hackerdom's most revered demigods are people who have written large, capable programs that met a widespread need and given them away, so that now everyone uses them. "If you want to be a hacker, keep reading. If you want to be a cracker, go read the alt.2600 newsgroup and get ready to do five to ten in the slammer after finding out you aren't as smart as you think you are. And that's all I'm going to say about crackers." -- Eric S. Raymond, http://locke.ccil.org/~esr/faqs/hacker-howto.html Who are the real hackers? Who are the people we can admire and model our lives upon? The Real Hackers series of these Guides introduces these people. We start with Eric S. Raymond. He is well known in the hacker world. He epitomizes all that a real hacker should be. He has wide ranging programming experience: C, LISP, Pascal, APL, FORTRAN, Forth, Perl, and Python; and is proficient in assembly language for the Z80, 80x86, and 680xx CPUs. He also knows French, Spanish and Italian. Raymond is one of the core developers of Linux, and a major force in the ongoing evolution of the EMACS Lisp language. He maintains fetchmail, a freeware utility for retrieving and forwarding mail from POP2/POP3/IMAP mailservers. But Raymond is perhaps most famous among real hackers as the man who maintains the hacker jargon file. You can read it at http://www.ccil.org/jargon. He also maintains numerous other well-regarded FAQ and HOWTO documents, including the "Java-On-Linux HOWTO," the "Linux Distributions HOWTO," the "PC-Clone UNIX Hardware Buyer's Guide," the "So You Want To Be A UNIX Wizard? FAQ" (aka The Loginataka), and the "How To Become A Hacker FAQ" -- see http://locke.ccil.org/~esr/faqs/hacker-howto.html (quoted above). Raymond also founded and runs the Chester County InterLink. This is a 501(c)3 nonprofit organization that gives free InterNet access to the residents of Chester County, Pennsylvania. At last count, it had over two thousand users and was gaining about fifty a week. Raymond also has written the funniest hacker humor ever: "Unix Wars," which builds upon the really, really ancient hacker humor article, "DEC Wars." You may read it at http://www.devnull.net/docs/unixwars.html. Raymond is the author of many books. They include "The New Hackers Dictionary," now in its 3rd edition (MIT Press 1996, ISBN 0-262-68092-0), and "Learning GNU Emacs," (2nd edition, O'Reilly Associates, ISBN 0-937175-84-6). He was the principal researcher and author of "Portable C and UNIX Systems Programming," (Prentice-Hall ISBN 0-13-686494-5) (the name "J. E. Lapin" appearing on the cover was a corporate fiction). The advent of the September 1996 third edition of "Portable C..." led to interviews with Raymond in Wired magazine (August 1996) and People magazine (October 1996). You can order Raymond's books from http://www.amazon.com. "Wait, wait!" you say. "I'm on hacker IRC channels and hacker mail lists all the time and I have never heard of Raymond! Why, he doesn't even have a kewl handle like Mauve Knight or Ei8ht or DisordeR. Sheesh, Raymond isn't even a member of some 31337 gang with a name like K-rad Doomsters of the Apocalypse." Welcome to the world of real hackers. As Raymond points out in his "How To Become A Hacker FAQ," there are two kinds of hackers: real hackers who aspire to learn and create, and the phonies who think crashing or breaking into a computer proves they are geniuses. Guess which kind you usually meet at 2600 meetings, on IRC channels with names like #hack, on news groups such as alt.2600 and alt.hacker, and mail lists with names like DC-stuff and HH-Chat? That is not to say that every single person you will meet there is a lamer and a poser. But few real hackers will put up with the flames, criminal mentality and ignorance of the majority of folks you encounter there. Where do you meet real hackers like Raymond? You might encounter a few of them at the annual Def Con or Hope on Planet Earth conferences. (Raymond, however, asserts this is "not likely.") You will, however, find real hackers by the hundreds at the Usenix conferences (see http://www.usenix.org/events/), or by the thousands in the free software movement. ********************************************************* Newbie note: How can you get involved in the free software movement and get to know the hacker demigods? For starters, try GNU. GNU stands for "Gnu's Not UN-IX." The GNU project is an international effort that is being run by the Free Software Foundation. See http://www.gnu.org for more information. Are you wondering, "Gnu's Not UN-IX? Whaddaya mean?" Be warned, real hackers have a twisted sense of humor. GNU is a recursive acronym. When the mere thought of a recursive acronym can throw you into gales of laughter, you will know you are turning into a real hacker. ********************************************************* "The free software movement?" you ask. "How come no one ever, ever talks about coding operating system kernels or new scripting languages on alt.2600 or dc-stuff?" Yup, you guessed it, it's because the majority of those folks just want to f*** things up. Real hackers aspire to create software. Not just exploit code for f***ing up computers. But to create serious, big time software. The free software movement is where Raymond and his friends -- folks such as Linus Torvalds (the fellow who launched and ran the Linux project that created the operating system most widely used by hackers) and Larry Wall (creator of Perl, one of the top two programming languages used by hackers) work together. Much of the software these hacker demigods write is copylefted. A copyleft is -- yes, you are right, a copyleft is another example of twisted hacker humor. But basically a copyleft says you have the right to reuse copylefted code in your own software, and even sell it, and make money on it, with only one condition. You must make the source code to your software available for anyone else who may wish to use it in writing their own software. Want to hang out with the hacker demigods? Have you learned to program pretty well yet? If so, you may discover a warm welcome from the GNU folks and others in the free software movement. How did Raymond become one of the tribal elders of the hacker world? It all started, he remembers, in 1968 when he was only 11. "My father worked for Sperry Univac. On days off he would take me in to play with the 1108. It was worth about $8 million -- in 1968 dollars!" Raymond remembers it being a gigantic computer housed in an air-conditioned room. Back then it was a major feat for anyone to get their hands on a computer. Back then they were primitive, expensive and fragile. Raymond remembers reading the ACM journal in 1974 and dreaming about how wonderful it would be if he could ever get his hands on that new operating system they were creating -- Unix. While in high school he did manage to get access -- via teletype -- to a TTY (a verrry primitive terminal) at Ursinus College (located in Phoenixville, Pennsylvania). With that TTY he was able to use the Dartmouth Time-Sharing System computer. But it was mostly just good for playing games. Raymond began college as a math and philosophy major. But in 1976 he got his hands on an account with a DEC PDP-10 -- and a connection to ARPAnet, the early form of today's Internet. "I was seduced by the computing side." Raymond soon switched to computer science. While on ARPAnet, visiting a computer at MIT, Raymond discovered the Hacker Jargon File. Raymond was hooked. He decided he would become a hacker. A real hacker. In 1983 Raymond printed out the jargon file, bound it as a book, titled it "Understanding Your Hacker," and presented it to his boss. His boss loved it. Back in 1983, few people were afraid of those who called themselves hackers. Back then people were aware that hackers were odd and brilliant characters. But that was before crowds of vandals and criminals started claiming they, too, were hackers. Journalists, at a loss as to what to call that new breed of digital gang bangers, started calling them hackers, too. Meanwhile, Raymond came to the realization that he not only had a talent for programming -- he could write texts really well, too. In 1987 he updated "DEC Wars" to create the immortal "Unix Wars," which will finally see print for the first time in Carolyn Meinel's "Happy Hacker" book (American Eagle Publications, in press, due out in late Feb. 1998). In 1990 Raymond decided to spend a weekend updating the Hacker Jargon File. When Monday morning rolled around, he had quadrupled the size of the file. He contacted the folks who maintained it, who were delighted to let him take it over. Not long afterward, he published it as "The New Hacker's Dictionary." So what is Raymond doing today? "I do most of my programming in C," he tells us, "but I still think in Lisp." He works "the odd consulting job, technical reviews of books for publishers like O'Reilly." Adds Raymond, laughing, "They know I know where all the bodies are buried." Where does Raymond see the hacker culture going? "It used to be hard to acculturate, hard to find the hacker community. But now it's expanding tremendously, thanks to the Linux phenomenon. Linux really made a difference. Now we have a common goal, and a universal platform for people's software projects. Perl has had a similar effect, providing us with a cross-platform tool kit." Raymond sees some hope even in the fast-growing, yet incredibly destructive "cracker" scene (crackers are people who break into computers). "People in the cracker community play awhile, then eventually the bright ones end up coming over to the free software culture. Many of them write to me." Raymond says he has communicated with many people who have gone through a digital vandal stage, only to eventually wake up and realize they wanted to feel good about themselves by making the world a better place. So, how many future hacker demigods are reading this Guide? Maybe quite a few. May the Source Code be with you if you should choose to quest for hacker fame the Raymond way! _______________________________________________________________________ Where are those back issues of GTMHHs and Happy Hacker Digests? Check out the official Happy Hacker Web page at http://www.happyhacker.org. Us Happy Hacker folks are against computer crime. We support good, old-fashioned hacking of the kind that led to the creation of the Internet and a new era of freedom of information. So please don't email us about any crimes you may have committed. We won't be impressed. We might even call the cops on you! To subscribe to Happy Hacker and receive the Guides to (mostly) Harmless Hacking, please email hacker@techbroker.com with message "subscribe happy-hacker" in the body of your message. Copyright 1997 Carolyn P. Meinel . These Guides to (mostly) Harmless Hacking are, in the spirit of copyleft, free for anyone to forward, post, print out and even make into books to sell -- just so long as you keep this info attached to this Guide so your readers know where to go to get free GTMHHs. ____________________________________________________________________________ _________________________________________________________ Guide to (mostly) Harmless Hacking Vol. 6 Real Hackers No. 2: Harold Willison _________________________________________________________ Harold Willison (Fatal Error) is famous within the hacker scene nowadays for two things. He doesn't have a computer science degree. He gained his education for the most part from the hacker culture. With this street education, however, he has become the senior network engineer for the AGIS Internet backbone. This is an enterprise valued at over $1 billion. Since taking over as head engineer with AGIS, he has fixed security weaknesses that allowed attackers to shut parts or all of AGIS down four times in 1997. In addition, when Willison took over, spammers had been plaguing AGIS. He since has tracked down and kicked off so many spammers that AGIS is now one of the most spam-free Internet backbones. Willison is also famed because, like all true hackers, he donates his services to good causes. Last October, he helped a small Internet service provider, Succeed.net, fight off a group of persistent attackers who were intent on driving Bronc Buster (http://www.showdown.org) off the Internet. Then this March he pitched in with logging software to help Rt66 Internet fight off a barrage of attacks focused on shutting down the Happy Hacker web site (http://www.happyhacker.org). Willison has pioneered a path that many hackers could follow. However, it's a path that calls for hard work and a burning desire. Willison began hacking in 1979. Back then he was a 12-year-old Detroit kid playing with the keypad of his phone. In 1983 he got his first computer -- a Timex Sinclair which used a tape recorder instead of a disk drive to hold programs. With it he began teaching himself the Basic programming language. That year his cousin got a Commodore 64 computer with a 300 baud modem. Later that year Willison built his own IBM PC. He was to go on to build hundreds of low-cost computers for his friends. Willison and his cousin parlayed this primitive equipment into a hacker group and, through the bulletin boards of the 80's, began sharing knowledge with hackers around the US. They also joined the 2600 club (nowadays reachable at http://www.2600.org). Willison's own local hacker group grew, and began holding meetings at a local pizza parlor. His group included many young women -- as unusual then as it is today. As Willison puts it, "I used my computer to meet girls." It was at those pizza nights that he met the woman he would later marry. (They now are the parents of four.) Willison soon made a name for himself by writing text files on how to generate valid calling card numbers and by pirating voice mail systems for his friends. He blue boxed long distance calls and found his way around Telenet, an early network that had six-digit addresses for its hosts. (The far larger Internet uses twelve-digit addresses.) In August 1985, a visit from an FBI agent sidetracked Willison's hacker career. Willison had just turned 18, so he knew he could now get in serious trouble. During this visit the agent asked Willison if he knew what a PIN register was. Willison knew all too well that meant the FBI had been recording the destinations of phone calls made from his home. The agent pulled out a 30 page printout. "In the month of February 1995, you made 3200 calls to this MCI 800 number. Why?" Willison pointed out to the agent that it is legal to call 800 numbers. Willison wouldn't tell the agent what he did after getting on that 800 number, however. The agent then pointed to one number, 40 digits long. "Can you tell me what you were doing with that number?" Willison burst out laughing. "That's 'Mary Had a Little Lamb,' sir." The agent let Willison know that they were close to getting enough on him to make a bust. The two worked out a deal. The next day Willison enlisted in the US Army. Willison was able to turn his Army stint to his advantage. He went to electronics school at Ft. Jackson and became a multi-channel radio operator with the Patriot missile defense batteries. He also discovered ARPAnet. ARPAnet was the US military network that was eventually to evolve into today's Internet. Life was slow in the Patriot batteries. Willison recalls he typically "spent all day on ARPAnet... When you ran into people on ARPAnet, they were mostly people who shouldn't be there." That was back when few people would abuse their ARPAnet access. The military tolerated hackers because they often contributed free software and technical assistance. For example, within the first year of ARPAnet (1969), hackers had already been the first to invent email. After the Army, Willison settled into eight years of work as a computer programmer at a Detroit Mazda factory. On the side he ran a bulletin board. Eventually he was running 64 phone lines of access for hundreds of paying customers. Ultimately he even provided them with Internet access. The Internet was to be what killed Willison's bulletin board. While working a full-time job, it was too hard to compete with the other Internet access providers that sprung up around 1994-5. Around then Willison made an extremely bad decision. He used his hacking talents to make some big, quick bucks. He figured it would be a one-time stunt. Then he went back to his usual life of harmless hacking. In 1995 Mazda offered voluntary layoffs with a benefit of 18 months at 80% pay. Willison jumped at the opportunity. He enrolled in the electronics school at the National Institute of Technology. But 1996 was the year his past caught up with him. One of his partners in the computer fraud scheme got a prison sentence. Willison got off with probation. That year Willison parlayed his recent education and hacker skills into two simultaneous full-time jobs. One was at Ameritech, the Michigan baby bell phone company. The other was at the recently created AGIS Internet backbone company. At both companies he was only able to get entry level jobs giving tech support, as he puts it, to people would "couldn't remember their passwords." After a short time on the exhausting schedule of these two full-time jobs, his AGIS supervisor, even though he knew of Willison's troubles with the law, promoted him to a network engineer position. Willison quit the Ameritech job, and began devoting himself solely to understanding AGIS and its many challenges. 1997 was to be a challenging year, indeed. Twice that spring massive email bombings filled up the disks on the AGIS mail servers, crashing them. In April someone posted a password for an AGIS router on a hacker news group The mystery attacker claimed the password was "spamforall." Rumor has it that password was genuine. The problem was that the young, growing and hungry AGIS had signed contracts with Cyber Promotions, Inc., at the time the biggest spammer in the world; with Nancynet; and with several other spammers. The attacks were retaliation for AGIS serving these companies. Willison knew AGIS had problems that he could solve. However, as a junior network engineer without an engineering degree, he didn't have the clout to persuade management to take the drastic security measures he knew they needed. June 4, 1997, was the day the AGIS Internet mail gateway backbone was taken out by -- whom? The attacker announced on a Usenet post "Today I wiped AGISGATE and all of AGIS's name servers. I will only stop until[sic] AGIS changes their policies... This means getting rid of all of their spammers -- most importantly Cyber Promotions." This was not good for Willison. Someone was assaulting AGIS -- and the company and FBI suspected an insider was committing the attacks. To be exact, Willison, given his past, worried he would become one of the suspects. With a wife and two toddlers to care for at the time, the prospect had to be frightening. Willison was fighting not just to prove he could solve the hacker problem -- he was fighting for his reputation.. Then someone gained access to every router on the AGIS network. The attacker changed the configuration files to take the routers out of service. This blacked out the Internet to a million people, in some locations for over a day. Fortunately Willison was able to use his years of hacker skills to trace the attacks to the source of origin. He also persuaded his bosses that he was capable of doing what was necessary to set up the new AGIS network. Willison designed new hardware and set up s-key, a one-time password system, to secure the AGIS routers. He also built AGIS's Usenet distribution system, both the hardware and software. Willison was rewarded with promotion to senior network engineer -- and stock in the fast growing company. And -- he achieved all this while still on probation. Now that he had real power in the company, Willison's next goal was to rid AGIS of spammers. This was not an easy task. AGIS had to fight a lawsuit brought by Cyber Promotions that briefly got a court order to force AGIS to give them service. However, by December 1997, Willison could say "Now we probably have the least spam of any backbone." In early October 1997, Willison responded to a request from Carolyn Meinel to help Succeed.net, a small ISP in Yuba City, California. Succeed.net was under assault by a group of hackers who wanted to drive Bronc Buster (now at http://www.showdown.org) off the Internet. The owner of that ISP, Robert Lavelock, refused to cave in to the attackers' demands and kick Bronc Buster off. Instead, he fought them. Willison helped them close their security holes and set up a logging system to help the FBI catch Bronc's assailants. For details on this war, which lasted three weeks, see the GTMHH on "Hacker Wars" at http://www.happyhacker.org. This March, when Rt66 Internet came under attack by hundreds of computer criminals trying to shut down the Happy Hacker network, Willison pitched in again with logger/sniffer software. Today Willison likes to say, "I help create the Internet. I realize that everything I do affects a million customers." With newborn twin baby daughters, the end of probation, the achievement of ridding AGIS of spammers and computer criminals, and his role of white hat hacker riding to the rescue of the victims of computer crime, he has a lot of joy in his life. And the world is certainly a better place because of his work. _______________________________________________________________________ Where are those back issues of GTMHHs and Happy Hacker Digests? Check out the official Happy Hacker Web page at http://www.happyhacker.org. Us Happy Hacker folks are against computer crime. We support good, old-fashioned hacking of the kind that led to the creation of the Internet and a new era of freedom of information. So please don't email us about any crimes you may have committed. We won't be impressed. We might even call the cops on you! To subscribe to Happy Hacker and receive the Guides to (mostly) Harmless Hacking, please email hacker@techbroker.com with message "subscribe happy-hacker" in the body of your message. Copyright 1998 Carolyn P. Meinel . These Guides to (mostly) Harmless Hacking are, in the spirit of copyleft, free for anyone to forward, post, and print out -- just so long as you keep this info attached to this Guide so your readers know where to go to get free GTMHHs. _______________________________________________________________________