People will tell you that there are some things in the world you just can't teach. Carolyn Meinel would probably be among the first to disagree. She has set about the task of teaching a skill she feels will be increasingly important in the years to come -- hacking. This mother of four, horse-trainer, and sometimes professor at the University of New Mexico produces The Happy Hacker, a mailing list devoted to bringing would-be hackers into the fold. Its methods, simple; its results, startling. Through an up-beat, up-tempo style, littered with "You Can Go to Jail for This" warnings, Mrs. Meinel makes it not only fun, but also easy to learn basic hacking skills. Carolyn recently took the time to have a little talk with verbosity about her endeavors, past, present, and future.
verbosity: Okay, your background differs from a lot of the hacker stereotypes we see today. Can you tell us a little about yourself and how you got into hacking?
Carolyn Meinel: My first husband, H. Keith Henson, is a dynamite hacker with a gonzo sense of humor. When we got married in 1967, I was an Earth Mother type, content to bake bread, sew, garden and raise children and chickens. But one day in June 1971, Keith abruptly bundled me off to a University of Arizona summer class in Fortran programming. I was hooked.v: What inspired you to start The Happy Hacker? What do you hope to accomplish as a result of it?
CM: All sorts of guys were begging me, "Teach me how to hack." I'm an industrial engineer (MS, U of Arizona, 1983). I believe in efficiency. Instead of teaching all these guys one-on-one, I figured I'd set up a production line. Also, a bunch of elite hackers joined the list so they can show off how brainy they are. So they end up doing most of the work. I'm learning more than I teach.v: Have you gained any negative feedback from your work? Any hackers getting incensed? Any attempted hacks on your person?
CM: Yeah. Hacker war-time. Here's a sample flame from a guy styling himself "se7en": "You're claiming membership in a community you have contributed nothing to, and are raping for information for your own financial gain. You resort to blatant theft of material and ideas from others so you can further your financial agenda."v: You're a strong advocate of responsible hacking. What would you define as responsible in the world of hacking?
What really bugs se7en and others like him is that I'm sharing hacking information with anyone who wants to learn. I'm showing people that hacking is actually easy to do. And they're afraid I'll someday make money on a book about hacking. Tough.
I had to move The Happy Hacker list twice after it got hacked. Most system administrators chicken out in the face of even mild hacker attacks. But now we are being hosted by Cibola Communications in El Paso as a public service. Cibola sysadmin Patrick Rutledge and the head sysadmin at the University of Texas at El Paso, Gerard Cochrane Jr., are now holding the hack attacks at bay. Actually, so far the hack attacks have been pretty lame. So that tells me none of the truly elite hackers are excessively ticked off at The Happy Hacker list.
CM: Anything short of accidentally setting off World War III.v: What advice would you give a young pup, ready to break into the world of bona fide hacking?
Seriously, you can hack without breaking the law and without harming anyone. Even the hairiest hacks such as breaking into the superuser account of a computer or making it crash can be OK if the owner of the computer has consented to the experiment. In fact, sometimes several hackers make an agreement try to break into each other's computers. It's the most exhilarating game on the planet!
Bottom line: follow the Golden Rule. It worked in Jesus' day. It still works today.
CM: Get a college degree in either math, computer science, electrical engineering or industrial engineering. These all give you the theoretical foundations you need to reach the stratosphere of the hacker world. Also, spend every extra cent you have on computer manuals.v: Do you feel that there's been a bastardization of the term "hacker" in recent years? Is it becoming too synonymous with "warez puppy" in many people's eyes?
Gerard Cochrane, Jr., is a great example. He's a graduate student in computer science and owns $40,000 worth of manuals. He has several secret hacker identities, each one more elite than the last. "Kewl d00d" uneducated hackers are totally left in the dust when they try to attack his University of Texas at El Paso (UTEP) computers. In fact, sometimes people who try to hack UTEP suffer mysterious problems...
Jerry adds, "A quest for knowledge is the biggest need. Hackers explore possibilities and are not bound by traditions...we always wonder how can it be done. We tend to self teach subjects not covered in traditional schooling. I would say hackers are the Electronic Scholars of this day and age."
Now Patrick Rutledge has a slightly different perspective. He doesn't have a college degree (yet). But Patrick tells me "I think the best hackers are uneducated but curious 12-year-olds with their older brother's Commodore 64's and that is no joke, they are probably the only people on the net who truly scare me. You don't need a PhD to hack a system, actually SOME PhD's are the most clueless people I know anyways, but maybe they are just as scary. No offense if you know/are/see any PhD's ;)"
The important thing to remember is that it is much harder to defend a computer than to attack it. If you can get a job as a sysadmin, you can have all the fun of hacking but do it as the good guy. And you'll know you are vastly better than the "code kiddies" who go to places like the Scriptors of Doom website to pick up programs (e.g. Perl scripts) to use to break into people's computers. You'll be vastly better because every day you'll be checking out all the websites and e-mail lists where hackers pass out these "exploit programs." You'll be the one figuring out ways to keep these programs from hacking your computers.
But the guys who are atttacking you will mostly be ordinary back-alley hackers who barely know how to run a program, much less patch a computer so it resists an exploit program.
CM: I'm even more worried about the confusion of us old-fashioned harmless hackers with criminals who enjoy "cracking" into the computer of someone who doesn't consent to the attack. These crackers often do serious damage before they leave. The hacker code of ethics -- yes, it does exist -- says you should never harm anyone else's computer.v: In recent months, the media has been giving increased coverage to hackers and their deeds? How do you feel about the way the media has been treating hackers? How about the hacks on government web sites?
I'm also bothered by people who ascribe almost supernatural talents to hackers. Like the Superman episode in which Jimmy complains that a hacker blew up his TV. OK, it was meant as a joke. But does the average Superman viewer know that it is impossible for someone to use a computer to blow up his or her TV?
CM: The media should get a life. Sheesh, they make such a big deal over this stuff, like it takes an act of supreme genius to steal credit card numbers or hack a Web site.v: As a hacker, how secure would you feel in ordering products via the Internet with your credit card? Is the technology approaching hack-proof, or is there still a long ways to go?
On the other hand, putting pornography up on a government Web site was pretty childish. If I were to hack a Web site, it would be to play out a harmless practical joke on a good friend. Oh, oh, I can see all my friends rushing out to secure their Web sites...
CM: I've had my credit card abused. Big deal. Two teenagers used it to buy computer games and subscribe all their friends to Prodigy. I protested the charges and got them removed.v: What would you say is the "best" (or most impressive) hack you've ever been made aware of?
You are more likely to get your credit card misused by buying something from a telephone solicitor than through some sort of computer attack. In fact, that was how those teens got my credit card number. They pretended to represent my ISP.
So, yes, we still have a long way to go on credit card security. But compared to all the other ways to commit credit card fraud, the Internet is still in the noise level.
CM: It was back before most of today's hackers were even born. In 1968 a group of computer scientists at the University of Illinois at Urbana-Champaign got funding from the Advanced Research Projects Agency to set up the first nationwide computer network: Plato. It was four CDC 6400s ganged together. Attached to them were 1024 dumb vector graphics terminals with touch-sensitive screens.v: Hollywood has also become interested in the hacker over the past decade, dating as far back as War Games. Do you feel that their portrayal has been a positive thing for the hacking community? Do you have any personal favorite hacking movies?
Plato hosted the first flight simulation programs in history. We could fly MIGs, Phantoms, F-104s, X-15s, Sopwith Camels -- you name it. Anyhow, these simulators were all tied into this air fight game. We'd buzz around shooting each other down and bombing each other's airports. We also could hurl insults at each other via text messages displayed at the bottom of the screen. I remember making too tight a turn in my Phantom while trying to evade an air-to-air missile. The screen went blank to simulate me blacking out. Then the message cam up: "You just pulled 47 g's on that turn. You now look more like a pizza than a human being as you slowly flutter to Earth."
Of course this was just too good to resist. One day in 1974 (I think) some guys programmed in the Starship Enterprise. They came bombing in from outer space, shot everybody down and then vanished.
CM: I adore Sneakers (1994 release). The writer/producer, Larry Lasker, is really into this stuff. Basing a plot on what would happen if someone were to discover a polynomial-time-bounded algorithm for factoring numbers is beyond cool. The car chases and murders were pretty good, too. And the sex scenes. OK, just kidding there. Sneakers has no sex scenes and minimal violence. It's a great movie to show to children, yet is deep enough to entrance even a jaded, ancient hacker like me.v: Where do you see the Internet five years from now?
CM: I can hardly wait for China Online and a billion clueless newbies posting to Usenet. Hackers from Uzbekhistan and Madagascar ping flooding each other off IRC. Spam from Mongolia. Kewl.v: Where do you see yourself five years from now? Any upcoming projects you'd like to talk about?
CM: I want to improve my wool-spinning and bread-baking skills. Maybe some of my four daughters will have produced grandchildren by then. I figure around age two or three is a good time to start them on hacking.v: What's the typical daily routine for Carolyn Meinel?
- 6:00 AM -- feed horses
- 6:30 AM -- read e-mail
- 7:00 AM -- do something to make money
- 7:15 AM -- wow, I wonder if it will work! I get on my shell account and try out a new way to forge headers on e-mail
- 8:00 AM -- try again to do something that makes money
- 8:15 AM -- rush over to Scriptors of Doom website to check out the latest HP exploit code. Regret that no one will give me permission to try to crack their HP box.
- 9:00 AM -- try again to make money
- 9:15 AM -- e-mail
- 4:00 PM -- start bread
- 10:00 PM -- get Happy Hacker Digest out
- 10:15 PM -- beddy-bye
- 3:00 AM -- wake up. Gosh, did someone send me exciting e-mail in the middle of the night? Rush to computer. Wow, look at this:
From: Don Whiteside
This URL is most fun when you add something to it. Namely:
I rush to the Web and enter an URL. I desperately stifle my laughter. Don't want to wake up the family! Don't want them to discover I'm sneaking in wee hours time on the computer again!v: If you could let the world know any one thing about you, what would it be?
Also, Evisance University (formerly) had back issues of The Guide to (Mostly) Harmless Hacking. You can subscribe to our e-mail list by mailing email@example.com with the message "subscribe hh".
We'd like to thank Carolyn for the awesome interview! Be sure to check out the Guide to (Mostly) Harmless Hacking archives (or here), get on the discussion group, or join up on the list today; it's well worth your time. Who knows? Maybe you have that hacker ethos buried deep inside...
The interview was conducted via e-mail by Jess Morrissette
and may not reproduced without the expressed
consent of verbosity
(and a big enough Xerox machine to fit your monitor into).