Saturday, October 26, 2013

Hacker: You keep using that word...

So. Tell me about hackers. If you're like most people, you think of them as enemies who have malicious intent to get into a computer system (possibly yours, probably that of someone richer and more powerful than you). Maybe you think they're greasy-haired, goth louts who are spending too much time in front of a computer screen (such poetry!). These hackers want to exploit your system for personal gain, and you will be the victim.
criminal computer hacker
Basically this guy
Then there are people who say that "hacking" is getting into someone's Facebook account (because they forgot to log out) and posting a status that says "I am so gay lol lol lol lol ;) " If you think this is hacking, you're probably twelve. I'm sorry; I thought you knew. 
computer kid such a hacker
This is you. Sorry.
It's not exactly surprising that most people think of hacking as something dangerous and hackers as something to be feared; there is no shortage of evidence that malicious infiltration fo a system can cause extensive damage. There's James Jefferey ("Pablo Escobar"), who stole patient data from the British Pregnancy Advisory Service. Then we have the Melissa virus, created by David L. Smith ("Kwyjibo"), which crashed email systems in the late 90s. The 414s illegally accessed information from high-security banks and laboratories. And let's not forget LulzSec's 2011 attack on Sony, which compromised confidential user information. The list goes on and on.

These are clearly Bad Things. What would your mother say if she knew you were breaking into other people's property and stealing their stuff? It wouldn't be good. So why can't we just say that hackers are bad and be done with it?

Because that's not the end of the story.

The hackers described are what's generally known as "black hat" hackers, or hackers that "violat[e] computer or Internet security maliciously or for illegal personal gain" [source]. Where there are black hats, though, there must be white hats. White hat hackers are security experts hired to find flaws in the security systems in place around websites or computer networks. The word "hired" here is important: you know this hacker will be getting into your stuff and you've explicitly given them permission to do so. Otherwise it's technically still illegal. White-hat hacking has been such a valuable tool to security systems that you can now become a Certified Ethical Hacker and make hacking your profession. 
certified ethical hacker CEH white hat hacking
See how professional Philippe looks?
White-hat hackers have been in the news a fair amount recently. A few months ago, Charlie Miller and Chris Valasek exposed to Toyota and Ford ways that their cars could be hijacked with a laptop
... they devised ways to force a Toyota Prius to brake suddenly at 80 miles an hour, jerk its steering wheel, or accelerate the engine. They also ... can disable the brakes of a Ford Escape traveling at very slow speeds, so that the car keeps moving no matter how hard the driver presses the pedal.
The team actually released the code [article, not the code itself, sorry] for this project at this year's DefCon, an annual hacking conference held in Las Vegas. 

More recently, a different team has helped expose vulnerabilities on Wall Street that could allow someone to force a market to crash. 

So now we have good hackers and bad hackers. Dichotomy makes things easy, right? Except there's a whole spectrum between. Grey hat hackers, as you might expect, fall somewhere in between black and white hats. A good example of a grey hat hacker is someone who casually tries to break into websites (without permission), but then contacts the owners saying, "Hey, you have a security vulnerability here and here. If you want, I could fix it for you..." and probably adding in, "...for a price." This is weird on an ethical scale. On the one hand, they still broke in illegally and are basically ransoming knowledge; on the other, they chose not to exploit your website and are offering to help. 

I'd also like to propose that there are shades of grey; not all grey hats are the same color (make a Fifty Shades reference here and I swear I'll block you from this blog). That guy up there? Probably a fairly light shade of gray. A little lighter if he fixes things for free, a little darker if he charges a fee (unintentional rhymes happen). 

Then you have groups like Anonymous.
Anonymous protest sign
You've seen them before.
Anonymous, a group of internet ne'er-do-wells with very loose organization and no real leadership, span the entire range of the grey spectrum. They don't do things legally. Ever. (At least not online. Peaceful protests in person are perfectly safe. Unintentional alliteration happens, too). And a lot of what they do -- like bringing down or defacing websites -- falls solidly in the Bad Things category of pastimes. Still, though, I can't bring myself to label them as black hats. Throughout everything they've done, and they've done a lot, they seem to have their weird, twisted, lulz-soaked hearts in the right place. They've helped expose Chinese hackers who worked against the US. They brought down child pornography websites and made user information publicly available. Anonymous is a group of weird people who do bad things for (generally) good reasons. 

So where does that leave us? Is a hacker someone who crashes your website and steals your information? A professional you hire to protect yourself? An internet junkie with ambition and too much time on their hands? 

Yes.

A hacker is all of these things. The word can mean just about anything, and that makes it completely useless. We wouldn't need terms like "black hat," "white hat," and "hactivist," (which is a stupid word. Please please please don't actually say that) if the term "hacker" had any meaning on its own. So next time someone starts getting all smart and starts talking about "hackers" as if they were all the same entity, go ahead and tell them 
Inigo Montoya you keep using that word

Sunday, October 13, 2013

The free software movement: E-hippies who want to save the world

Let's say you go to a garage sale and buy a chair.


wooden chair
What a nice chair.
It's a nice chair and everything, but after a while you realize you have too many chairs. But you have this massive dog who likes his food bowl up high. So you do the natural thing and turn the chair into a dog bowl holder.

repurposed chair dog food bowls
You're welcome, Rover.
But then you're moving to a new city and you really can't be bothered to bring the chair-slash-bowl-holder. So you sell it at your own garage sale. The person who buys it doesn't have a dog but likes to garden. So they tweak your design a bit and now have a nifty flower pot holder.

repurposed chair flower pot garden
Bear with me: yes, you're still reading a CS blog.
And everyone's happy, right? You go about your merry way and everyone who sees the chair tells you how clever you are and it feels pretty great.

Now let's say you buy some fancy program. It does almost everything you want it to, but it needs one or two more features to be perfect. No matter; you're a CS superhero and those features really wouldn't be that hard to implement, so you do your hacky magic and have the ideal software. You send it to some friends who all say you're very clever, and you feel all warm and fuzzy inside.

Until the cops show up at your door asking you about copyright infringement.

This is where owning software is different from owning anything else. Even if you buy it and have it and it's "yours," you don't own it. You don't have complete freedom. And that seems a little messed up: we live in a culture where "once you buy something, you own it" is pretty much policy (stereotypical American, right? "YOU CAIN' TELL ME WHAT TO DO WITH MAH PROPERTAY").

That's where the free software movement comes in.

The free software movement, which was officially founded by Richard Stallman in the eighties with the launch of the GNU project) isn't about making sure you never have to pay for software ever again (though I feel like we're definitely tending that way as a society, and as a broke college student I'm totally okay with this). Instead, the movement promotes four "essential" freedoms for users:
(0) freedom to run the program,
(1) freedom to study and change the program in source code form,
(2) freedom to redistribute exact copies, and
(3) freedom to distribute modified versions.
You'll notice that none of that says "users should be free from having to spend money for a collection of ones and zeroes"; when you see "free software," it's free as in speech, not necessarily free as in beer. Sorry.

Stallman himself has terrible-quality webcam videos explaining the philosophy behind free software: (CS celebrity alert!)



At the heart of the free software movement is the idea of copyleft, a "general method for making a program (or other work) free, and requiring all modified and extended versions of the program to be free as well."
To copyleft a program, we first state that it is copyrighted; then we add distribution terms, which are a legal instrument that gives everyone the rights to use, modify, and redistribute the program's code, or any program derived from it, but only if the distribution terms are unchanged. Thus, the code and the freedoms become legally inseparable.
Proprietary software developers use copyright to take away the users' freedom; we use copyright to guarantee their freedom. That's why we reverse the name, changing “copyright” into “copyleft.”
Copyleft is a way of using of the copyright on the program. It doesn't mean abandoning the copyright; in fact, doing so would make copyleft impossible. The “left” in “copyleft” is not a reference to the verb “to leave”—only to the direction which is the inverse of “right”.
You can (and should!!) read about copyleft here and here, and there's also a whole series of pages about the underlying philosophy of the free software movement.

The origins of the free software movement and copyleft are described in the documentary Revolution OS, which is much more than "a documentary about Linux." And it's freely distributed (because, really, it would be weird if it wasn't), so you have no excuse not to watch it if you haven't already. You can torrent it here or watch the whole thing on YouTube here.

Revolution OS movie poster linux penguin
Really, this should be required viewing to pass 46A
Free software has done a lot for us. Apache's web services are community-developed and free to use, and they host more than 60% of all web pages whose servers we know. OpenOffice and LibreOffice are free replacements for Microsoft's Office Suite. Adblock Plus makes the Internet a less annoying place. I use Notepad++ and GCC to write and compile my C code. I've used Anki to study. I think you get the idea. The free software movement has contributed to some fantastic code out there, and since projects have an entire community behind them, they continue to evolve and create a more diverse and robust collection of software.

So stop hogging all your code to yourself. You're not helping anyone. You jerk.

Saturday, October 5, 2013

Agile: All the cool kids are doing it

I have a friend, and you probably do too, who decides that once they decide they like something, it's absolutely critical that I like it too.

"This is really great!"

"No, really, you should check it out!"

"I really think you'd like it."

Okay. Yes, I probably would like Game of Thrones. It sounds like the kind of thing I'd enjoy. But since you tell me this every time I see you, I have lost all interest. Done. Over. Don't bring it up again. Please.

This is basically how I feel about Agile development. It really does sound great: for the uninitiated, Agile is a type of software development strategy that focuses on iterative development and client feedback. But those are buzzwords, and buzzwords don't mean anything. In English: the idea of Agile development is that you do things one piece at a time. Pick one specific part to work on during this period (called a sprint) and set a deadline for it. Make sure it works, make sure the customer likes it. Tackle another piece of the puzzle. The important thing here is that you have a working piece of software at the end of each sprint; it just gets fancier and gains more features as time goes on [source]. Clients help shape the development, so if your client suddenly changes their mind about a feature, they'll be letting you know during development and not when you hand them the finished product (no one wants to hear "thanks for that thing you made me, but I actually needed it to do this").

agile flow chart graph method
Agile in pictures. Thanks, Wikipedia


There are many development methodologies that fall under the Agile umbrella, but the most popular is the Scrum framework. (It's a stupid word, I know. It sounds disgusting. It sounds like scum. Let's be adults about this.) Scrum (not scum) focuses on daily face-to-face meetings with all team members, discussing plans and progress. Tasks are kept in a prioritized list based on each task's importance, difficulty, and required time. They're typically formatted as "user stories": As a <user type> I want to <do some action> so that <desired result> [Thanks Wikipedia]. No one gets left in the dark about progress, and things get done. (That entire paragraph, really, is thanks to the Wikipedia Scrum page. Check it out. It's honestly the clearest description you'll find of Scrum techniques.)

The other thing with Agile development is that everyone uses it. Everyone. In 2000, about 1% of companies used Agile. It really wasn't a thing that people did. Now? 60-80% of software developers use Agile tactics. Huge names, too: IBM has a page about Agile development and Cisco has been Agile since at least 2011 [PDF]. And it's not just software: universities, militaries, and even car manufacturers are integrating scrum techniques into their workplaces. Even NASA was Agile-ish for their Ensemble project.

So what's my issue with Agile? Really, it's just that everyone is talking about Agile. Everyone loves Agile. Agile this, Agile that, Scrum Scrum Scrum. And it gets old. It sounds like buzzwords and marketing and company Kool-Aid. And it's really off-putting to be told by everyone ever how great Agile is and how much I'll love it. I'm having Game of Thrones Syndrome with Agile. Keep telling me how much I'll love it and I swear to you I'll never take it seriously.

Watch, first job at a tech company and I end up a diehard Agile fan. Don't you dare tell me you told me so.