HipHopHacker's comments

> I see employment relationships mostly the same way

Apparently they did not.

At the end of the day, the people working at the company are the ones who are doing the work, and who have control of the means of production. The ex-admin's bosses probably thought they were the important ones, and that this worker was a replacable cog, but they found out the hard way that this was not the case.

I worked at a Fortune 100 investment bank where this happened. Everyone knew layoffs were coming. One week after layoffs came, a digital "bomb" went off wrecking many servers. So security went through, trying to find evidence (nothing incriminating from what I heard, although they had a strong suspect) and also looking for more bombs. They missed out on finding and defusing one, because another one went off a month later.

The view from the pinnacle, people counting the dividends on the checks that they inherited is that they're the job creators, and everyone else is dispensable. This company just found out that is not the case.

> For a long time, I've wondered what would finally be the Securitypocalypse, the thing that finally caused our industry as a whole to take security seriously.

Nothing. If the economic system revolves around capital's valorization of itself, security is a distraction from that. I have to spend five seconds typing my password in every time I sit at my desk? I can't just easily e-mail this executable file to my co-worker and have them run it? My desktop is locked down by the desktop admins to prevent me being able to do this, and many other things? Every implementation of security costs money for the personnel to do it and possibly the product cost. Plus any lost productivity it might cause (15 seconds to type in a password each time one sits at their desk, compounded).

Donn Parker wrote one of the first books on computer security in 1976, Crime by Computer. The opening words are as apt for corporate security now as it was then. The #1 fear for the corporate manager are the employees of that company. They are the ones with the greatest control over the means of production, so to speak, even more than the managers themselves who are de jure in charge, but are de facto one step away from actual control. Look at how much access someone like Snowden had at Booz Allen.

Obviously, if all products have wide open holes, script kiddies will be able to get control. Some minimal security will always be done to stop this sort of thing. On the other hand, one (or better yet, several) dedicated people who want to get past some security arrangement can almost always get in. Even if the firewall is supposedly impenetrable, the wifi or the building security or the social engineering credulity of employees or something will be there. There will be some weak link in the chain. Especially for a company that needs to make a profit.

The real security is that semi-intelligent, persistent agents that seek to access and control systems without authorization are lacking. Things depend on the conditions that cause this to rise or diminish. Because once it rises, there is little that can be done. I forget who said that the czar's Russian Okhrana was one of the largest, most extensive security forces that existed. That meant little when Russia began collapsing in 1916 though - all it meant was that they were even more aware that virtually everyone in the country was becoming the czar's enemy.

Securitypocalypse events due result in business and government putting more focus on security for a while, but time moves on, and attention drifts back to the main focus. These things go in waves, and total security is never something of the highest priority.

I may have written that article...mine was published in 1994 ( http://mail.blockyourid.com/~gbpprorg/2600/2600_11-2_Page_18... ). Another one had been printed in 1989, and then another in 1988. I mentioned that Radio Shack had the scanners in my article, but suggested people look around for better bargains.

The 800 MHz radio shack scanners at the time had some kind of daughterboard that blocked scanning cellular frequencies, but there were instructions on the Internet of how to get in there with your soldering gun and dike it out, and get access to that bandwidth. I later learned from a Radio Shack manager the undocumented key punch sequence that bypassed the daughterboard, so you could scan cellular without going through all that trouble.

I've known Eric since the 1980's, from not long after he started the magazine (in 1984, hence his handle). One thing I always liked about respected about him is he did things on his own terms.

2600 really is a startup in some ways. It started in 1984 around the time of the decline of TAP, and from 1984 to 1986 was mimeographed. Finally by 1987 Eric could put together a magazine with a real cover. Then in the early-mid 1990s I began seeing it appearing at Barnes and Noble.

He did it on his terms, bootstrapped, counting pennies, along with the contributions of collaborators and writers of course. It grew and grew to where he didn't have to scribble down every dollar he spent in a notepad any more.

A lot of people here have the idea to find another programmer, build a prototype, maybe try to get exponential growth and then go find an angel with a whole pitch to the angel. Then to VC, and then some point the investors look how to make their investment liquid which means you either go public or get bought by a public company. Eric made exactly the magazine he wanted, did what he wanted, and just did it year after year as word spread and until he could have a nice little business, doing exactly what he wanted to do. To me it's more of a success stories than many of the B2B/SAAS golden parachutes I see. You're going to live a few decades and die, who wants to spend it pounding out code for Microsoft, or Oracle, or pleading with VC's to be the lead in your SAAS series A?

Why the elite hacker scene has pretty much disappeared is something I have thought about over the past decade as well. I know many people from the groups he mentioned in the beginning - mostly the American ones, but also some European, Australian etc. ones as well.

Ultimately success is what killed it off I'd say. I recognize some HN names as people who were actively, or at least peripherally involved in the scene, hanging out on EFnet's +hack and then #hack etc. Many of these people went into dot-coms and startups from the mid-1990s on. Some sold their companies for billions of dollars, many got tens of millions of VC dollars, or stock options, or buyout dollars, or whatnot. As someone mentioned in the thread for this post, Mudge became a program manager at DARPA - some people went into the security field, and thrived.

Aside from the financial/career success of the dot-com boom, the growth of the Internet helped kill it off as well. Prior to the Internet, a very technical working class kid would take his Commodore 64 hooked up to the family TV, plug it into his POTS phone line with his 300 (then 1200, then 2400...) baud modem, and call a Bulletin Board Service, which inevitably was a Commodore 64 or Apple ][ belonging to another technical teenager, whose class background might be slightly tonier as he often had a dedicated phone line in his room.

So what kind of social structures evolve when the kind of kids who gather on 4chan today get together on this network of Commodore 64's that are fairly independent of everyone else? One thing is for sure, to take a page from this fellow's essay, all of the rules and structures that make up American society with its class structures and relations, large international military and police force and so forth go out the window. If the kids want access to a Cray, they're going to get access to a Cray. They don't care if it's used for some secret DoD research project, or some Goldman Sachs number crunching. These were the days when your local Bell switch might be on a dialup, when a tone-generating blue box could seize hold of the telephone company's in-band signalling.

So some of this fits into what the essay writer says. We had our own communication network, a kind of 4chan'ish network of Commodores and Apple ]['s in teenage boys bedrooms across America. We controlled it. When the Internet came, we shifted to that, but our communication network became controlled by DARPA, then the NSF, then a variety of corporations, which were then whittled down to a handful - AT&T, Verizon, Centurylink, Sprint, Comcast, Time-Warner and several more. The network became corporatized, firewalled, censored, monitored, spammed and spam-resisted etc. Under the threat of spam, attorney generals and corporate control tightening, Usenet effectively disappeared. The disappearance of Usenet is tied to the disappearance of the hacker scene. The same forces which killed Usenet are the forces which killed the scene. Understand why Usenet died and you understand why the scene died.

The carrot is what killed it, not the stick. In 1990 Operation Sundevil happened, the MoD guys were arrested etc. Repression didn't really kill things, it just made people a little more careful. Maybe the arrested guys would quit, but everyone else just started buying early cell phones and such to hack outside their house.

The Internet killed it. It swallowed up the need for a network of BBS's in boy's bedrooms. It swallowed its own Usenet via monopolization, shady corporations doing spam, attorney generals and such. It also started a dot-com boom and then social boom and now mobile/cloud boom. A teenage boy can publish a traction-getting app or website for next to nothing in a way that could never have happened back then. Some of the scene people from the 1980s and 1990s are very, very wealthy Tesla-owning retired founder dudes nowadays.