GTMHH - Volume 6: Real Hackers

Eric S. Raymond

Harold Willison

_________________________________________________________

Guide to (mostly) Harmless Hacking

Vol. 6 Real Hackers

No. 1: Eric S. Raymond
_________________________________________________________

"Hackers built the Internet. Hackers made the UNIX operating system what
it is today. Hackers run Usenet. Hackers make the World Wide Web work. If
you are part of this culture, if you have contributed to it and other
people in it know who you are and call you a hacker, you're a hacker...
"There is another group of people who loudly call themselves hackers, but
aren't. These are people (mainly adolescent males) who get a kick out of
breaking into computers and phreaking the phone system. Real hackers call
these people `crackers' and want nothing to do with them. Real hackers
mostly think crackers are lazy, irresponsible, and not very bright, and
object that being able to break security doesn't make you a hacker any more
than being able to hotwire cars makes you an automotive engineer.
Unfortunately, many journalists and writers have been fooled into using the
word `hacker' to describe crackers; this irritates real hackers no end.
"The basic difference is this:
hackers build things, crackers break them...

Hackerdom's most revered demigods are people who have written large,
capable programs that met a widespread need and given them away, so that now
everyone uses them.

"If you want to be a hacker, keep reading. If you want to be a cracker, go
read the alt.2600 newsgroup and get ready to do five to ten in the slammer
after finding out you aren't as smart as you think you are. And that's all
I'm going to say about crackers." -- Eric S. Raymond,

http://locke.ccil.org/~esr/faqs/hacker-howto.html

Who are the real hackers? Who are the people we can admire and model our
lives upon? The Real Hackers series of these Guides introduces these people.

We start with Eric S. Raymond. He is well known in the hacker world. He
epitomizes all that a real hacker should be. He has wide ranging
programming experience: C, LISP, Pascal, APL, FORTRAN, Forth, Perl, and
Python; and is proficient in assembly language for the Z80, 80x86, and 680xx
CPUs. He also knows French, Spanish and Italian.
Raymond is one of the core developers of Linux, and a major force in the
ongoing evolution of the EMACS Lisp language. He maintains fetchmail, a
freeware utility for retrieving and forwarding mail from POP2/POP3/IMAP
mailservers.

But Raymond is perhaps most famous among real hackers as the man who
maintains the hacker jargon file. You can read it at
http://www.ccil.org/jargon.

He also maintains numerous other well-regarded FAQ and HOWTO documents,
including the "Java-On-Linux HOWTO," the "Linux Distributions HOWTO," the
"PC-Clone UNIX Hardware Buyer's Guide," the "So You Want To Be A UNIX
Wizard? FAQ" (aka The Loginataka), and the "How To Become A Hacker FAQ" --
see http://locke.ccil.org/~esr/faqs/hacker-howto.html (quoted above).
Raymond also founded and runs the Chester County InterLink. This is a
501(c)3 nonprofit organization that gives free InterNet access to the
residents of Chester County, Pennsylvania. At last count, it had over two
thousand users and was gaining about fifty a week.

Raymond also has written the funniest hacker humor ever: "Unix Wars,"
which builds upon the really, really ancient hacker humor article, "DEC
Wars." You may read it at http://www.devnull.net/docs/unixwars.html.

Raymond is the author of many books. They include "The New Hackers
Dictionary," now in its 3rd edition (MIT Press 1996, ISBN 0-262-68092-0),
and "Learning GNU Emacs," (2nd edition, O'Reilly Associates, ISBN
0-937175-84-6). He was the principal researcher and author of "Portable C
and UNIX Systems Programming," (Prentice-Hall ISBN 0-13-686494-5) (the name
"J. E. Lapin" appearing on the cover was a corporate fiction). The advent of
the September 1996 third edition of "Portable C..." led to interviews with
Raymond in Wired magazine (August 1996) and People magazine (October 1996).
You can order Raymond's books from http://www.amazon.com.

"Wait, wait!" you say. "I'm on hacker IRC channels and hacker mail lists
all the time and I have never heard of Raymond! Why, he doesn't even have a
kewl handle like Mauve Knight or Ei8ht or DisordeR. Sheesh, Raymond isn't
even a member of some 31337 gang with a name like K-rad Doomsters of the
Apocalypse."
Welcome to the world of real hackers. As Raymond points out in his "How To
Become A Hacker FAQ," there are two kinds of hackers: real hackers who
aspire to learn and create, and the phonies who think crashing or breaking
into a computer proves they are geniuses.

Guess which kind you usually meet at 2600 meetings, on IRC channels with
names like #hack, on news groups such as alt.2600 and alt.hacker, and mail
lists with names like DC-stuff and HH-Chat? That is not to say that every
single person you will meet there is a lamer and a poser. But few real
hackers will put up with the flames, criminal mentality and ignorance of the
majority of folks you encounter there.

Where do you meet real hackers like Raymond? You might encounter a few of
them at the annual Def Con or Hope on Planet Earth conferences. (Raymond,
however, asserts this is "not likely.") You will, however, find real hackers
by the hundreds at the Usenix conferences
(see http://www.usenix.org/events/), or by the thousands in the free
software movement.

*********************************************************
Newbie note: How can you get involved in the free software movement and get
to know the hacker demigods? For starters, try GNU. GNU stands for "Gnu's
Not UN-IX." The GNU project is an international effort that is being run by
the Free Software Foundation. See http://www.gnu.org for more information.
Are you wondering, "Gnu's Not UN-IX? Whaddaya mean?" Be warned, real hackers
have a twisted sense of humor. GNU is a recursive acronym. When the mere
thought of a recursive acronym can throw you into gales of laughter, you
will know you are turning into a real hacker.
*********************************************************

"The free software movement?" you ask. "How come no one ever, ever talks
about coding operating system kernels or new scripting languages on
alt.2600 or dc-stuff?" Yup, you guessed it, it's because the majority of
those folks just want to f*** things up. Real hackers aspire to create
software. Not just exploit code for f***ing up computers. But to create
serious, big time software.

The free software movement is where Raymond and his friends -- folks such
as Linus Torvalds (the fellow who launched and ran the Linux project that
created the operating system most widely used by hackers) and Larry Wall
(creator of Perl, one of the top two programming languages used by hackers)
work together.

Much of the software these hacker demigods write is copylefted. A copyleft
is -- yes, you are right, a copyleft is another example of twisted hacker
humor. But basically a copyleft says you have the right to reuse copylefted
code in your own software, and even sell it, and make money on it, with
only one condition. You must make the source code to your software
available for anyone else who may wish to use it in writing their own
software.

Want to hang out with the hacker demigods? Have you learned to program
pretty well yet? If so, you may discover a warm welcome from the GNU folks
and others in the free software movement.

How did Raymond become one of the tribal elders of the hacker world? It
all started, he remembers, in 1968 when he was only 11. "My father worked
for Sperry Univac. On days off he would take me in to play with the 1108.
It was worth about $8 million -- in 1968 dollars!" Raymond remembers it
being a
gigantic computer housed in an air-conditioned room.

Back then it was a major feat for anyone to get their hands on a computer.
Back then they were primitive, expensive and fragile. Raymond remembers
reading the ACM journal in 1974 and dreaming about how wonderful it would
be if he could ever get his hands on that new operating system they were
creating -- Unix. While in high school he did manage to get access -- via
teletype -- to a TTY (a verrry primitive terminal) at Ursinus College
(located in Phoenixville, Pennsylvania). With that TTY he was able to use
the Dartmouth Time-Sharing System computer. But it was mostly just good for
playing games.

Raymond began college as a math and philosophy major. But in 1976 he got
his hands on an account with a DEC PDP-10 -- and a connection to ARPAnet,
the early form of today's Internet. "I was seduced by the computing side."
Raymond soon switched to computer science.

While on ARPAnet, visiting a computer at MIT, Raymond discovered the
Hacker Jargon File. Raymond was hooked. He decided he would become a
hacker. A real hacker.

In 1983 Raymond printed out the jargon file, bound it as a book, titled it
"Understanding Your Hacker," and presented it to his boss. His boss loved it.

Back in 1983, few people were afraid of those who called themselves
hackers. Back then people were aware that hackers were odd and brilliant
characters. But that was before crowds of vandals and criminals started
claiming they, too, were hackers. Journalists, at a loss as to what to call
that new breed of digital gang bangers, started calling them hackers, too.

Meanwhile, Raymond came to the realization that he not only had a talent
for programming -- he could write texts really well, too. In 1987 he
updated "DEC Wars" to create the immortal "Unix Wars," which will finally
see print for the first time in Carolyn Meinel's "Happy Hacker" book
(American Eagle Publications, in press, due out in late Feb. 1998).

In 1990 Raymond decided to spend a weekend updating the Hacker
Jargon File. When Monday morning rolled around, he had quadrupled the size
of the file. He contacted the folks who maintained it, who were delighted to
let him take it over. Not long afterward, he published it as "The New
Hacker's Dictionary."

So what is Raymond doing today? "I do most of my programming in C," he
tells us, "but I still think in Lisp." He works "the odd consulting job,
technical reviews of books for publishers like O'Reilly." Adds Raymond,
laughing, "They know I know where all the bodies are buried."

Where does Raymond see the hacker culture going? "It used to be hard to
acculturate, hard to find the hacker community. But now it's expanding
tremendously, thanks to the Linux phenomenon. Linux really made a
difference. Now we have a common goal, and a universal platform for people's
software projects. Perl has had a similar effect, providing us with a
cross-platform tool kit."

Raymond sees some hope even in the fast-growing, yet incredibly
destructive "cracker" scene (crackers are people who break into computers).
"People in the cracker community play awhile, then eventually the bright
ones end up coming over to the free software culture. Many of them write
to me." Raymond says he has communicated with many people who have gone
through a digital vandal stage, only to eventually wake up and realize they
wanted to feel good about themselves by making the world a better place.

So, how many future hacker demigods are reading this Guide? Maybe quite a
few. May the Source Code be with you if you should choose to quest for
hacker fame the Raymond way!
_______________________________________________________________________
Where are those back issues of GTMHHs and Happy Hacker Digests? Check out
the official Happy Hacker Web page at http://www.happyhacker.org.
Us Happy Hacker folks are against computer crime. We support good,
old-fashioned hacking of the kind that led to the creation of the Internet
and a new era of freedom of information. So please don't email us about any
crimes you may have committed. We won't be impressed. We might even call the
cops on you!
To subscribe to Happy Hacker and receive the Guides to (mostly) Harmless
Hacking, please email hacker@techbroker.com with message "subscribe
happy-hacker" in the body of your message.
Copyright 1997 Carolyn P. Meinel <cmeinel@techbroker.com>. These Guides to
(mostly) Harmless Hacking are, in the spirit of copyleft, free for anyone to
forward, post, print out and even make into books to sell -- just so long as
you keep this info attached to this Guide so your readers know where to go
to get free GTMHHs.
____________________________________________________________________________

_________________________________________________________

Guide to (mostly) Harmless Hacking

Vol. 6 Real Hackers

No. 2: Harold Willison
_________________________________________________________

        Harold Willison (Fatal Error) is famous within the hacker scene nowadays
for two things.  

        He doesn't have a computer science degree.  He gained his education for the
most part from the hacker culture.  With this street education, however, he
has become the senior network engineer for the AGIS Internet backbone.  This
is an enterprise valued at over $1 billion.  Since taking over as head
engineer with AGIS, he has fixed security weaknesses that allowed attackers
to shut parts or all of AGIS down four times in 1997. In addition, when
Willison took over, spammers had been plaguing AGIS. He since has tracked
down and kicked off so many spammers that AGIS is now one of the most
spam-free Internet backbones.

        Willison is also famed because, like all true hackers, he donates his
services to good causes.  Last October, he helped a small Internet service
provider, Succeed.net, fight off a group of persistent attackers who were
intent on driving Bronc Buster (http://www.showdown.org) off the Internet.
Then this March he pitched in with logging software to help Rt66 Internet
fight off a barrage of attacks focused on shutting down the Happy Hacker web
site (http://www.happyhacker.org).

        Willison has pioneered a path that many hackers could follow.  However,
it's a path that calls for hard work and a burning desire.

        Willison began hacking in 1979.  Back then he was a 12-year-old Detroit kid
playing with the keypad of his phone.  In 1983 he got his first computer --
a Timex Sinclair which used a tape recorder instead of a disk drive to hold
programs.  With it he began teaching himself the Basic programming language.
That year his cousin got a Commodore 64 computer with a 300 baud modem.
Later that year Willison built his own IBM PC. He was to go on to build
hundreds of low-cost computers for his friends.

        Willison and his cousin parlayed this primitive equipment into a hacker
group and, through the bulletin boards of the 80's, began sharing knowledge
with hackers around the US.  They also joined the 2600 club (nowadays
reachable at http://www.2600.org).

        Willison's own local hacker group grew, and began holding meetings at a
local pizza parlor.  His group included many young women -- as unusual then
as it is today.  As Willison puts it, "I used my computer to meet girls." It
was at those pizza nights that he met the woman he would later marry.  (They
now are the parents of four.)

        Willison soon made a name for himself by writing text files on how to
generate valid calling card numbers and by pirating voice mail systems for
his friends.  He blue boxed long distance calls and found his way around
Telenet, an early network that had six-digit addresses for its hosts.  (The
far larger Internet uses twelve-digit addresses.) 

        In August 1985, a visit from an FBI agent sidetracked Willison's hacker
career.  Willison had just turned 18, so he knew he could now get in serious
trouble.  During this visit the agent asked Willison if he knew what a PIN
register was. Willison knew all too well that meant the FBI had been
recording the destinations of phone calls made from his home.

        The agent pulled out a 30 page printout.  "In the month of February 1995,
you made 3200 calls to this MCI 800 number.  Why?"

        Willison pointed out to the agent that it is legal to call 800 numbers.
Willison wouldn't tell the agent what he did after getting on that 800
number, however. 

        The agent then pointed to one number, 40 digits long.  "Can you tell me
what you were doing with that number?"

        Willison burst out laughing.  "That's 'Mary Had a Little Lamb,' sir."

        The agent let Willison know that they were close to getting enough on him
to make a bust.  The two worked out a deal.  The next day Willison enlisted
in the US Army.

        Willison was able to turn his Army stint to his advantage.  He went  to
electronics school at Ft. Jackson and became a multi-channel radio operator
with the Patriot missile defense batteries.  

        He also discovered ARPAnet.

        ARPAnet was the US military network that was eventually to evolve  into
today's Internet.  Life was slow in the Patriot batteries.  Willison recalls
he typically "spent all day on ARPAnet... When you ran into people on
ARPAnet, they were mostly people who shouldn't be there."  

        That was back when few people would abuse their ARPAnet access.  The
military tolerated hackers because they often contributed free software and
technical assistance.  For example, within the first year of ARPAnet (1969),
hackers had already been the first to invent email.

        After the Army, Willison settled into eight years of work as a computer
programmer at a Detroit Mazda factory.  On the side he ran a bulletin board.
Eventually he was running 64 phone lines of access for hundreds of paying
customers.  Ultimately he even provided them with Internet access.

        The Internet was to be what killed Willison's bulletin board.  While
working a full-time job, it was too hard to compete with the other Internet
access providers that sprung up around 1994-5. 

        Around then Willison made an extremely bad decision.  He used his hacking
talents to make some big, quick bucks.  He figured it would be a one-time
stunt.  Then he went back to his usual life of harmless hacking.

        In 1995 Mazda offered voluntary layoffs with a benefit of 18 months at 80%
pay.  Willison jumped at the opportunity.  He enrolled in the electronics
school at the National Institute of Technology.

        But 1996 was the year his past caught up with him.  One of his partners in
the computer fraud scheme got a prison sentence.  Willison got off  with
probation.

        That year Willison parlayed his recent education and hacker skills into two
simultaneous full-time jobs.  One was at Ameritech, the Michigan baby bell
phone company.  The other was at the recently created AGIS Internet backbone
company.  At both companies he was only able to get entry level jobs giving
tech support, as he puts it, to people would "couldn't remember their
passwords."

        After a short time on the exhausting schedule of these two full-time jobs,
his AGIS supervisor, even though he knew of Willison's troubles with the
law, promoted him to a network engineer position.  Willison quit the
Ameritech job, and began devoting himself solely to understanding AGIS and
its many challenges.
        
        1997 was to be a challenging year, indeed.  Twice that spring massive email
bombings filled up the disks on the AGIS mail servers, crashing them.  In
April someone posted a password for an AGIS router on a hacker news group
The mystery attacker claimed the password was "spamforall."  Rumor has it
that password was genuine.

        The problem was that the young, growing and hungry AGIS had signed
contracts with Cyber Promotions, Inc., at the time the biggest spammer in
the world; with Nancynet; and with several other spammers.  The attacks were
retaliation for AGIS serving these companies.

        Willison knew AGIS had problems that he could solve.  However, as a  junior
network engineer without an engineering degree, he didn't have the clout to
persuade management to take the drastic security measures he knew they needed. 

        June 4, 1997, was the day the AGIS Internet mail gateway backbone was taken
out by -- whom?  The attacker announced on a Usenet post "Today I  wiped
AGISGATE and all of AGIS's name servers.  I will only stop until[sic] AGIS
changes their policies...  This means getting rid of all of their spammers
-- most importantly Cyber Promotions."

        This was not good for Willison.  Someone was assaulting AGIS -- and the
company and FBI suspected an insider was committing the attacks.  To be
exact, Willison, given his past, worried he would become one of the suspects.   

        With a wife and two toddlers to care for at the time, the prospect had to
be frightening.  Willison was fighting not just to prove he could solve the
hacker problem -- he was fighting for his reputation..

        Then someone gained access to every router on the AGIS network.  The
attacker changed the configuration files to take the routers out of service.
This blacked out the Internet to a million people, in some locations for
over a day.

        Fortunately Willison was able to use his years of hacker skills to trace
the attacks to the source of origin.  He also persuaded his bosses that he
was capable of doing what was necessary to set up the new AGIS network.
Willison designed new hardware and set  up s-key, a one-time password
system, to secure the AGIS routers.  He also built AGIS's Usenet
distribution system, both the hardware and software.

        Willison was rewarded with promotion to senior network engineer -- and
stock in the fast growing company.  And -- he achieved all this while still
on probation.
        
        Now that he had real power in the company, Willison's next goal was to rid
AGIS of spammers.  This was not an easy task.  AGIS had to fight a lawsuit
brought by Cyber Promotions that briefly got a court order to force AGIS to
give them service.  However, by December 1997, Willison could say  "Now we
probably have the least spam  of any backbone."

        In early October 1997, Willison responded to a request from Carolyn Meinel
to help Succeed.net, a small ISP in Yuba City, California.  Succeed.net was
under assault by a group of hackers who wanted to drive Bronc Buster (now at
http://www.showdown.org) off the Internet.  The owner of that ISP, Robert
Lavelock, refused to cave in to the attackers' demands and kick Bronc Buster
off.  Instead, he fought them.  Willison helped them close their security
holes and set up a logging system to help the FBI catch Bronc's assailants.
For details on this war, which lasted three weeks, see the GTMHH on "Hacker
Wars" at http://www.happyhacker.org.

        This March, when Rt66 Internet came under attack by hundreds of computer
criminals trying to shut down the Happy Hacker network, Willison pitched in
again with logger/sniffer software.

        Today Willison likes to say, "I help create the Internet.  I realize that
everything I do affects a million customers."  With newborn twin baby
daughters, the end of probation, the achievement of ridding AGIS of spammers
and computer criminals, and his role of white hat hacker riding to the
rescue of the victims of computer crime, he has a lot of joy in  his life.
And the world is certainly a better place because of his work.
_______________________________________________________________________
Where are those back issues of GTMHHs and Happy Hacker Digests? Check out
the official Happy Hacker Web page at http://www.happyhacker.org. Us Happy
Hacker folks are against computer crime. We support good, old-fashioned
hacking of the kind that led to the creation of the Internet and a new era
of freedom of information. So please don't email us about any crimes you may
have committed. We won't be impressed. We might even call the cops on you!
To subscribe to Happy Hacker and receive the Guides to (mostly) Harmless
Hacking, please email hacker@techbroker.com with message "subscribe
happy-hacker" in the body of your message.  Copyright 1998 Carolyn P. Meinel
<cmeinel@techbroker.com>. These Guides to (mostly) Harmless Hacking are, in
the spirit of copyleft, free for anyone to forward, post, and print out --
just so long as you keep this info attached to this Guide so your readers
know where to go to get free GTMHHs.
_______________________________________________________________________