Carolyn P. Meinel Hall of Shame
Media Whoring
[My comments are in brackets. No portion of this article has
been left out.]
Carolyn Meinel -- Hack 101
People will tell you that there are some things in the world you
just can't teach. Carolyn Meinel would probably be among the first to
disagree. She has set about the task of teaching a skill she feels
will be increasingly important in the years to come -- hacking. This
mother of four, horse-trainer, and sometimes professor at the
University of New Mexico produces The Happy Hacker, a mailing list
devoted to bringing would-be hackers into the fold. Its methods,
simple; its results, startling. Through an up-beat, up-tempo style,
littered with "You Can Go to Jail for This" warnings, Mrs. Meinel
makes it not only fun, but also easy to learn basic hacking skills.
Carolyn recently took the time to have a little talk with verbosity
about her endeavors, past, present, and future.
verbosity: Okay, your background differs from a lot of the hacker
stereotypes we see today. Can you tell us a little about yourself and
how you got into hacking?
Carolyn Meinel: My first husband, H. Keith Henson, is a dynamite
hacker with a gonzo sense of humor. When we got married in 1967, I
was an Earth Mother type, content to bake bread, sew, garden and
raise children and chickens. But one day in June 1971, Keith
abruptly bundled me off to a University of Arizona summer class in
Fortran programming. I was hooked.
v: What inspired you to start The Happy Hacker? What do you hope to
accomplish as a result of it?
CM: All sorts of guys were begging me, "Teach me how to hack."
I'm an industrial engineer (MS, U of Arizona, 1983). I believe in
efficiency. Instead of teaching all these guys one-on-one, I
figured I'd set up a production line. Also, a bunch of elite
hackers joined the list so they can show off how brainy they are.
So they end up doing most of the work. I'm learning more than I
teach.
v: Have you gained any negative feedback from your work? Any hackers
getting incensed? Any attempted hacks on your person?
CM: Yeah. Hacker war-time. Here's a sample flame from a guy
styling himself "se7en": "You're claiming membership in a community
you have contributed nothing to, and are raping for information for
your own financial gain. You resort to blatant theft of material
and ideas from others so you can further your financial agenda."
The Happy Hacker What really bugs se7en and others like him is
that I'm sharing hacking information with anyone who wants to
learn. I'm showing people that hacking is actually easy to do. And
they're afraid I'll someday make money on a book about hacking.
Tough.
[What really bugs him (and me) is that you are teaching these kids
incorrectly. Your guides are full of contradictions and incorrect
statements.]
I had to move The Happy Hacker list twice after it got hacked.
Most system administrators chicken out in the face of even mild
hacker attacks. But now we are being hosted by Cibola
Communications in El Paso as a public service. Cibola sysadmin
Patrick Rutledge and the head sysadmin at the University of Texas
at El Paso, Gerard Cochrane Jr., are now holding the hack attacks
at bay. Actually, so far the hack attacks have been pretty lame. So
that tells me none of the truly elite hackers are excessively
ticked off at The Happy Hacker list.
[She says this after being hacked over a dozen times on five different
providers.]
v: You're a strong advocate of responsible hacking. What would you
define as responsible in the world of hacking?
CM: Anything short of accidentally setting off World War III.
Seriously, you can hack without breaking the law and without
harming anyone. Even the hairiest hacks such as breaking into the
superuser account of a computer or making it crash can be OK if the
owner of the computer has consented to the experiment. In fact,
sometimes several hackers make an agreement try to break into each
other's computers. It's the most exhilarating game on the planet!
[Yet she maintains that it was her idea of "king of the hill" or
"hacker wargames".]
Bottom line: follow the Golden Rule. It worked in Jesus' day.
It still works today.
v: What advice would you give a young pup, ready to break into the
world of bona fide hacking?
CM: Get a college degree in either math, computer science,
electrical engineering or industrial engineering. These all give
you the theoretical foundations you need to reach the stratosphere
of the hacker world. Also, spend every extra cent you have on
computer manuals.
Gerard Cochrane, Jr., is a great example. He's a graduate
student in computer science and owns $40,000 worth of manuals. He
has several secret hacker identities, each one more elite than the
last. "Kewl d00d" uneducated hackers are totally left in the dust
when they try to attack his University of Texas at El Paso (UTEP)
computers. In fact, sometimes people who try to hack UTEP suffer
mysterious problems...
Jerry adds, "A quest for knowledge is the biggest need.
Hackers explore possibilities and are not bound by traditions...we
always wonder how can it be done. We tend to self teach subjects
not covered in traditional schooling. I would say hackers are the
Electronic Scholars of this day and age."
Now Patrick Rutledge has a slightly different perspective. He
doesn't have a college degree (yet). But Patrick tells me "I think
the best hackers are uneducated but curious 12-year-olds with their
older brother's Commodore 64's and that is no joke, they are
probably the only people on the net who truly scare me. You don't
need a PhD to hack a system, actually SOME PhD's are the most
clueless people I know anyways, but maybe they are just as scary.
No offense if you know/are/see any PhD's ;)"
The important thing to remember is that it is much harder to
defend a computer than to attack it. If you can get a job as a
sysadmin, you can have all the fun of hacking but do it as the good
guy. And you'll know you are vastly better than the "code kiddies"
who go to places like the Scriptors of Doom website to pick up
programs (e.g. Perl scripts) to use to break into people's
computers. You'll be vastly better because every day you'll be
checking out all the websites and e-mail lists where hackers pass
out these "exploit programs." You'll be the one figuring out ways
to keep these programs from hacking your computers.
But the guys who are atttacking you will mostly be ordinary
back-alley hackers who barely know how to run a program, much less
patch a computer so it resists an exploit program.
v: Do you feel that there's been a bastardization of the term "hacker"
in recent years? Is it becoming too synonymous with "warez puppy" in
many people's eyes?
Quote CM: I'm even more worried about the confusion of us
old-fashioned harmless hackers with criminals who enjoy "cracking"
into the computer of someone who doesn't consent to the attack.
These crackers often do serious damage before they leave. The
hacker code of ethics -- yes, it does exist -- says you should
never harm anyone else's computer.
I'm also bothered by people who ascribe almost supernatural
talents to hackers. Like the Superman episode in which Jimmy
complains that a hacker blew up his TV. OK, it was meant as a joke.
But does the average Superman viewer know that it is impossible for
someone to use a computer to blow up his or her TV?
v: In recent months, the media has been giving increased coverage to
hackers and their deeds? How do you feel about the way the media has
been treating hackers? How about the hacks on government web sites?
CM: The media should get a life. Sheesh, they make such a big
deal over this stuff, like it takes an act of supreme genius to
steal credit card numbers or hack a Web site.
On the other hand, putting pornography up on a government Web
site was pretty childish. If I were to hack a Web site, it would be
to play out a harmless practical joke on a good friend. Oh, oh, I
can see all my friends rushing out to secure their Web sites...
v: As a hacker, how secure would you feel in ordering products via the
Internet with your credit card? Is the technology approaching
hack-proof, or is there still a long ways to go?
CM: I've had my credit card abused. Big deal. Two teenagers used
it to buy computer games and subscribe all their friends to
Prodigy. I protested the charges and got them removed.
You are more likely to get your credit card misused by buying
something from a telephone solicitor than through some sort of
computer attack. In fact, that was how those teens got my credit
card number. They pretended to represent my ISP.
So, yes, we still have a long way to go on credit card
security. But compared to all the other ways to commit credit card
fraud, the Internet is still in the noise level.
v: What would you say is the "best" (or most impressive) hack you've
ever been made aware of?
CM: It was back before most of today's hackers were even born.
In 1968 a group of computer scientists at the University of
Illinois at Urbana-Champaign got funding from the Advanced Research
Projects Agency to set up the first nationwide computer network:
Plato. It was four CDC 6400s ganged together. Attached to them were
1024 dumb vector graphics terminals with touch-sensitive screens.
Plato hosted the first flight simulation programs in history.
We could fly MIGs, Phantoms, F-104s, X-15s, Sopwith Camels -- you
name it. Anyhow, these simulators were all tied into this air fight
game. We'd buzz around shooting each other down and bombing each
other's airports. We also could hurl insults at each other via text
messages displayed at the bottom of the screen. I remember making
too tight a turn in my Phantom while trying to evade an air-to-air
missile. The screen went blank to simulate me blacking out. Then
the message cam up: "You just pulled 47 g's on that turn. You now
look more like a pizza than a human being as you slowly flutter to
Earth."
Of course this was just too good to resist. One day in 1974 (I
think) some guys programmed in the Starship Enterprise. They came
bombing in from outer space, shot everybody down and then vanished.
v: Hollywood has also become interested in the hacker over the past
decade, dating as far back as War Games. Do you feel that their
portrayal has been a positive thing for the hacking community? Do you
have any personal favorite hacking movies?
CM: I adore Sneakers (1994 release). The writer/producer, Larry
Lasker, is really into this stuff. Basing a plot on what would
happen if someone were to discover a polynomial-time-bounded
algorithm for factoring numbers is beyond cool. The car chases and
murders were pretty good, too. And the sex scenes. OK, just kidding
there. Sneakers has no sex scenes and minimal violence. It's a
great movie to show to children, yet is deep enough to entrance
even a jaded, ancient hacker like me.
Quote v: Where do you see the Internet five years from now?
CM: I can hardly wait for China Online and a billion clueless
newbies posting to Usenet. Hackers from Uzbekhistan and Madagascar
ping flooding each other off IRC. Spam from Mongolia. Kewl.
v: Where do you see yourself five years from now? Any upcoming
projects you'd like to talk about?
CM: I want to improve my wool-spinning and bread-baking skills.
Maybe some of my four daughters will have produced grandchildren by
then. I figure around age two or three is a good time to start them
on hacking.
v: What's the typical daily routine for Carolyn Meinel?
CM:
* 6:00 AM -- feed horses
* 6:30 AM -- read e-mail
* 7:00 AM -- do something to make money
* 7:15 AM -- wow, I wonder if it will work! I get on my shell
account and try out a new way to forge headers on e-mail
* 8:00 AM -- try again to do something that makes money
* 8:15 AM -- rush over to Scriptors of Doom website to check out the
latest HP exploit code. Regret that no one will give me permission
to try to crack their HP box.
* 9:00 AM -- try again to make money
* 9:15 AM -- e-mail
...
* 4:00 PM -- start bread
...
* 10:00 PM -- get Happy Hacker Digest out
* 10:15 PM -- beddy-bye
* 3:00 AM -- wake up. Gosh, did someone send me exciting e-mail in
the middle of the night? Rush to computer. Wow, look at this:
[Consistancy Alert! Above she condems those people who rush to sites
for the latest script that someone else wrote. Yet she does it
at 8:15 every morning.]
From: Don Whiteside
This URL is most fun when you add something to it. Namely:
http://web-proto.ua.com/cgi-bin/sfx/http://your.url.here
Some suggestions:
http://web-proto.ua.com/cgi-bin/sfx/http://www.duke.org
http://web-proto.ua.com/cgi-bin/sfx/http://www.microsoft.com
http://web-proto.ua.com/cgi-bin/sfx/http://www.apple.com
I rush to the Web and enter an URL. I desperately stifle my
laughter. Don't want to wake up the family! Don't want them to
discover I'm sneaking in wee hours time on the computer again!
v: If you could let the world know any one thing about you, what would
it be?
CM: Forty-two.
Also, Evisance University has back issues of The Guide to
(Mostly) Harmless Hacking. You can subscribe to our e-mail list by
mailing hacker@techbroker.com with the message "subscribe."
We'd like to thank Carolyn for the awesome interview! Be sure to
check out her Guide to (Mostly) Harmless Hacking archives here and
here, get on the discussion group, or join up on the list today; it's
well worth your time. Who knows? Maybe you have that hacker ethos
buried deep inside...
_________________________________________________________________
