667 lines
35 KiB
Plaintext
667 lines
35 KiB
Plaintext
|
Episode: 325
|
||
|
|
Title: HPR0325: RoundTable Ep 2: Is There such a thing as Ethical Hacking?
|
||
|
|
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0325/hpr0325.mp3
|
||
|
|
Transcribed: 2025-10-07 16:25:05
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
MUSIC
|
||
|
|
This is Hacker Public Radio, round table episode number two.
|
||
|
|
The topic today is, is there such a thing as ethical hacking or are we all just evil?
|
||
|
|
I've got three panelists on with me.
|
||
|
|
I've got 330 from LinuxCranx.info.
|
||
|
|
Hello.
|
||
|
|
I have Nick from the Open Source Musicians podcast.
|
||
|
|
I've got AJ from Linux Geekdom Podcast.
|
||
|
|
Hey there, guys.
|
||
|
|
Actually, I think, I mean, 330, I know you've been on HPR a couple of times.
|
||
|
|
Nick, is this your first HPR episode?
|
||
|
|
It is.
|
||
|
|
Cool.
|
||
|
|
And AJ, this is your first HPR episode.
|
||
|
|
Yes.
|
||
|
|
Great.
|
||
|
|
So, that's cool.
|
||
|
|
So, I guess, first, we should probably start by defining what exactly we are talking
|
||
|
|
about when we say hacking.
|
||
|
|
There's, I know, there's penetration of networks.
|
||
|
|
Let's see.
|
||
|
|
There's crackers.
|
||
|
|
Let's say, as far as I figure it, there's only two groups that ever call themselves hackers.
|
||
|
|
There are hackers who are people that sit down at a problem and pound on it until they find
|
||
|
|
a solution.
|
||
|
|
Yeah.
|
||
|
|
And then there are criminals, which do the exact same thing, but do it for a criminal
|
||
|
|
reason.
|
||
|
|
I believe they are called crackers and crackers.
|
||
|
|
A lot of them fit of hackers.
|
||
|
|
Yeah.
|
||
|
|
I just call them criminals.
|
||
|
|
They already have a name.
|
||
|
|
And yet, there is, but there is a concept of an ethical hacker.
|
||
|
|
Yeah.
|
||
|
|
Well, usually an ethical hacker is someone who does a criminal act, but for a good reason.
|
||
|
|
Like, people that did us child porn sites and things like that.
|
||
|
|
It's really, it's basically direct action.
|
||
|
|
It is absolutely illegal, but you're doing it for a higher reason.
|
||
|
|
And then there's people who work at different security companies that are basically glorified
|
||
|
|
beta testers, but are hacking networks, so it's to find loopholes, so it's to patch
|
||
|
|
stuff.
|
||
|
|
Right.
|
||
|
|
Yeah, yeah.
|
||
|
|
But that's usually their own internal network that they're hacking.
|
||
|
|
Usually, yeah, but not always.
|
||
|
|
Sometimes they're hired by outside companies to hack it, but it's still usually a sanctioned
|
||
|
|
network.
|
||
|
|
It's not like they're sitting out on the internet trying to break things.
|
||
|
|
Yeah.
|
||
|
|
They have written permission and all that good stuff.
|
||
|
|
Yeah.
|
||
|
|
And when I think of hacking, especially on the hardware side, you know, I think of making
|
||
|
|
something to what it's not meant for it.
|
||
|
|
Yeah.
|
||
|
|
And that can be a lot of fun.
|
||
|
|
Hardware hacking.
|
||
|
|
Yeah.
|
||
|
|
And that's a whole other dimension.
|
||
|
|
And strangely enough, there's a criminal element to that, too.
|
||
|
|
At least if you follow the letter of the law, because companies don't want you messing
|
||
|
|
with their intellectual property, which is kind of weird and ridiculous to me, but I guess
|
||
|
|
that's the question.
|
||
|
|
It kind of makes you wonder, though, it's you bought the hardware.
|
||
|
|
They're never really going to get it back.
|
||
|
|
Why would they go and care?
|
||
|
|
Say a lot of times they don't, unless there's a service attached to it, like a Tivo.
|
||
|
|
Tivo is a GPL V2 device.
|
||
|
|
By the GPL, you can do pretty much whatever you want with it as long as you don't restrict
|
||
|
|
anyone else from doing it.
|
||
|
|
But because there's a network service behind it, if you hack your Tivo and then put it
|
||
|
|
on the Tivo network of software and stuff, they can make your Tivo no longer work.
|
||
|
|
Well, and the thing was purely for the game consoles, too.
|
||
|
|
Okay.
|
||
|
|
Hack your game console.
|
||
|
|
You can no longer play online games, that's for sure.
|
||
|
|
So I mean, that is.
|
||
|
|
That's them definitely telling you that you're not allowed to do something with your hardware
|
||
|
|
that you purchased.
|
||
|
|
And if you do anything out of that they can detect that is out of the realms of their
|
||
|
|
intention, you don't get to play ball with them.
|
||
|
|
See, I think the whole hacking industry, you could say, is just whether it be software
|
||
|
|
or hardware, the whole thing really just depends on your motives behind it.
|
||
|
|
Like it was brought out earlier.
|
||
|
|
Like if you're trying to find, like they said, shut down the child porn sites.
|
||
|
|
I remember some guy in the, I'm trying to remember when, this fight, I don't remember
|
||
|
|
exactly, but he hacked the WPA security standard and he basically had found a hole by hacking
|
||
|
|
it.
|
||
|
|
But then he reported it so they fixed it and really saved a lot of people because that
|
||
|
|
could have opened up a really, really big hole in the entire Internet security.
|
||
|
|
Yeah, so the whole full disclosure kind of thing.
|
||
|
|
Yeah.
|
||
|
|
As long as you notify everyone after you've destroyed or found the problem with whatever
|
||
|
|
you're hacking on, then it's okay.
|
||
|
|
And I think there is hacking that's kind of harmless.
|
||
|
|
I've heard of people who have hacked targets internal network and started messing with
|
||
|
|
the lights, so it just goes on and off.
|
||
|
|
I mean, that's the kind of stuff that might they be like, what's going on?
|
||
|
|
But as long as they don't destroy stuff, feel like employee records and stuff or credit
|
||
|
|
card numbers, I mean, that can be kind of harmless, so I wouldn't say it's ethical, but
|
||
|
|
I wouldn't really say it's unethical.
|
||
|
|
You know what I would almost, I would argue that it was ethical because those people are
|
||
|
|
furthering their knowledge about something and you never know what they're going to go
|
||
|
|
on to do because they're starting out hacking targets, you know, internal lighting system.
|
||
|
|
Yeah.
|
||
|
|
To be safe.
|
||
|
|
But by turning the lights off and on though, you could actually, there are problems with
|
||
|
|
that.
|
||
|
|
Yeah.
|
||
|
|
People in safety hazards.
|
||
|
|
Yeah.
|
||
|
|
People inside the store could, you know, run into something, run into one of those shells
|
||
|
|
and cut themselves or something like that.
|
||
|
|
Yeah, or panic or something.
|
||
|
|
Or, yeah.
|
||
|
|
All right.
|
||
|
|
So it's unethical.
|
||
|
|
But I still think the spirit is ethical because you are furthering your knowledge.
|
||
|
|
I mean, I guess it's not ethical or unethical that I'm talking about.
|
||
|
|
It's just like being responsible, I guess.
|
||
|
|
Yeah.
|
||
|
|
Because, you know, I know how to change the traffic signal outside my house.
|
||
|
|
Am I going to do it?
|
||
|
|
It's probably not.
|
||
|
|
But the fact that I learned how to do it and know how that just works.
|
||
|
|
Exactly.
|
||
|
|
You know, there's nothing wrong with that.
|
||
|
|
Yeah.
|
||
|
|
There's nothing wrong with the knowledge and obtaining a knowledge is how you obtain
|
||
|
|
the knowledge and what you do with it later.
|
||
|
|
Information isn't inherently better good.
|
||
|
|
It's just information.
|
||
|
|
Yeah.
|
||
|
|
I know a lot of the stuff hackers use to be honest is the stuff.
|
||
|
|
The same information that a lot of networkers use when they're establishing a business network
|
||
|
|
say.
|
||
|
|
So, I mean, the same principles and information that go into that, it goes back to the whole
|
||
|
|
what are you doing with it?
|
||
|
|
Like you said, information is information.
|
||
|
|
It's what you make of it or what you do with it.
|
||
|
|
What about in cases where someone does find something big?
|
||
|
|
I know that I guess the one that I keep thinking of is Dan Kaminsky when he found this
|
||
|
|
DNS issue that he found over the summer, I guess.
|
||
|
|
Like there was this big hubbub about it and then there was a race to find out exactly
|
||
|
|
what the issue was and then he was going to present the findings at Black Hat or something
|
||
|
|
like or Defcon and, you know, it was this big deal and I mean, if he'd released this
|
||
|
|
information earlier, people say, oh, everyone could have exploited it and it would have been,
|
||
|
|
it would have been horrific.
|
||
|
|
When you find out this information, how do you, how do you choose to keep it to yourself
|
||
|
|
and if you're not Dan Kaminsky, how do you get it to the proper channel?
|
||
|
|
You know what I'm saying?
|
||
|
|
It is responsible disclosure.
|
||
|
|
But once you find that exploit, you go to the people who own that hardware who are in
|
||
|
|
charge of making sure it's secure and say, look, I found this and if they don't believe
|
||
|
|
you, you show them you found it and you say, you guys need to fix this and you don't
|
||
|
|
paste it all over the internet before it has been fixed.
|
||
|
|
What Dan did was went to all the people that make DNS serving software.
|
||
|
|
He got them all together.
|
||
|
|
I think it, Microsoft's campus and Redmond and went, you guys, this isn't a trick.
|
||
|
|
I actually know how this works.
|
||
|
|
Here's how it works.
|
||
|
|
He did a demonstration for him and he said, you have to fix this and it took him nine
|
||
|
|
months to even do anything about it.
|
||
|
|
Yeah, which is ridiculous, but it's also, I mean, how do you get that if you're not
|
||
|
|
Dan Kaminsky, you know, I guess you probably wouldn't have found the DNS hole if you weren't
|
||
|
|
Dan Kaminsky.
|
||
|
|
I mean, I'm just thinking, I mean, how does an average hacker who did find a big security
|
||
|
|
hole?
|
||
|
|
How would you call someone together?
|
||
|
|
I don't know how that works.
|
||
|
|
I guess you just shoot some emails off to the people who own it, huh?
|
||
|
|
Yeah.
|
||
|
|
And if, you know, if there are bug tracking systems reported as a bug, but hoping that those
|
||
|
|
bug tracking systems are much more effective than Windows bug tracking systems.
|
||
|
|
Yeah.
|
||
|
|
Really, the problem is, if you're the idea that people have of a hacker, you know, the
|
||
|
|
greasy-haired punk sitting in your mom's basement, you know, I have a coupler anymore, but
|
||
|
|
the war games type hacker, you're not going to get listened to.
|
||
|
|
And at that point, you have to try everything you can.
|
||
|
|
And then when no one listens to you, you just kind of have to release it to everyone.
|
||
|
|
Yeah.
|
||
|
|
It's kind of one of those things where if you go through the proper channels and try and
|
||
|
|
get things worked out, and nobody listens to you, and then you try again, and still nobody
|
||
|
|
listens to you, then it's one of those things you've done your part, then they're not going
|
||
|
|
to listen to you, then maybe they'll listen to the entire internet effort work.
|
||
|
|
Right.
|
||
|
|
Yeah.
|
||
|
|
Sometimes it almost seems like we're exposing like these weird little things that no one
|
||
|
|
wouldn't even know about if we didn't really, like, pound away at it.
|
||
|
|
Well, here's the thing.
|
||
|
|
Human beings aren't that clever.
|
||
|
|
People come up with the same exact idea independently of each other all the time.
|
||
|
|
That's why software patents and stuff like that exist.
|
||
|
|
Two people could have come up with the wheel at the exact same time.
|
||
|
|
Human beings aren't that clever.
|
||
|
|
So if you can think of it, someone else is going to.
|
||
|
|
The best thing you can do is hope to God that you're the first person that found it, and
|
||
|
|
that you can get it fixed before the next guy thinks of it.
|
||
|
|
You know, because the DNS flaw that Dan Cominsky found wasn't that brilliant.
|
||
|
|
He thought, hey, I wonder if this is giving out information in a linear fashion, and it
|
||
|
|
was.
|
||
|
|
And all you have to do is randomize the ports and then, hey, it breaks that whole flaw.
|
||
|
|
But anyone else could have thought of it.
|
||
|
|
If someone other than Dan Cominsky would have thought of it, we've all would be in a very
|
||
|
|
bad situation right now.
|
||
|
|
And so why aren't more hackers being payrolled by these big companies, I wonder?
|
||
|
|
Probably because the average hacker can find the small bugs, but it's the deeper, in-depth
|
||
|
|
holes that the big companies are going to be looking for, or the things that the average
|
||
|
|
hacker just, it's over their heads.
|
||
|
|
And the number of real elite hackers out there, I know personally, I've never really done
|
||
|
|
any hacking.
|
||
|
|
I'd love to learn how, but there's so much involved, but the number of real elite hackers
|
||
|
|
out there is just very, very small.
|
||
|
|
There's a lot of the average hackers and the better an average, but the real elite is
|
||
|
|
a very, very small group.
|
||
|
|
Yeah, but what is hacking then?
|
||
|
|
I mean, isn't it just basically obsessing over something?
|
||
|
|
That's true.
|
||
|
|
Yeah.
|
||
|
|
So I'm going to be someone who sits in front of videos all day and figures out how to
|
||
|
|
transcode and edit differently and stuff like that, I'm a video hacker.
|
||
|
|
Right.
|
||
|
|
Yeah.
|
||
|
|
I mean, you have people that are, you know, life hackers that sit there and obsess about
|
||
|
|
how they exist, you know, you have GTD nerds or hackers.
|
||
|
|
Right.
|
||
|
|
How do I do these four things and make myself a million times more productive?
|
||
|
|
It's all still hacking.
|
||
|
|
It's still the same mindset.
|
||
|
|
It's basically altering something from one form to another.
|
||
|
|
I guess it would be the best definition of hacking because you're taking something as
|
||
|
|
it is and changing it or modifying it in some way to serve a given purpose.
|
||
|
|
Right.
|
||
|
|
But I really do think it takes that obsessive mindset about it.
|
||
|
|
Oh, yeah.
|
||
|
|
And people who hack hardware, they know exactly where all the connections are and how they
|
||
|
|
work.
|
||
|
|
And that's how people learn to take a rig like a computer that most people would be able
|
||
|
|
to get extra formance out of and get so much more out of it just by tweaking a couple
|
||
|
|
of things.
|
||
|
|
They know how to, the inner workings work because they've looked at it and studied it
|
||
|
|
and done research on it and then maybe edited the speeds of things and maybe even tweaked
|
||
|
|
the hardware a little bit, something to make it work more efficiently than what it had
|
||
|
|
done before.
|
||
|
|
Yeah.
|
||
|
|
And I think that kind of sums up like the methodology of hacking to me.
|
||
|
|
I mean, you have to have the hard knowledge.
|
||
|
|
Like if you're going to do a hardware action, for instance, you probably need, like if
|
||
|
|
you're really going to do serious hardware hacking, you need like electrical engineering.
|
||
|
|
You need that understanding.
|
||
|
|
And just having the, by the book, understanding of it is only going to get you so far, it's
|
||
|
|
going to help you build a computer.
|
||
|
|
But then going deeper than that and like obsessing over something and saying, well, what if I
|
||
|
|
reroute this one connection over here or what if I overclock this by attaching this
|
||
|
|
wire?
|
||
|
|
You know, whatever.
|
||
|
|
That's the kind of, the obsession I think is what gets you into the really cool discoveries
|
||
|
|
I guess.
|
||
|
|
I was just going to bring it back to the why aren't companies paying people to do this.
|
||
|
|
There are companies that are paying a hardware hack or not hardware hackers, but criminal
|
||
|
|
hackers.
|
||
|
|
And it's organized crime, you know, the old, you know, what still exists of the Russian
|
||
|
|
mafia hires high school college kids in America that, you know, are that know about these
|
||
|
|
exploits and pay them to write software that any idiot can run.
|
||
|
|
And I mean, that's why all these, um, these botnets and stuff are around, you know, it's
|
||
|
|
not because, hey, wouldn't it be funny too?
|
||
|
|
It's, hey, I bet you I can make $100,000 in a week by selling this to the Russian mob.
|
||
|
|
So you're seeing all those spam comments I have on Unix porn from.ru email addresses aren't
|
||
|
|
really people who are fascinated by my site.
|
||
|
|
Sorry.
|
||
|
|
There is a way to make money in it, but it's the same way that people make money dealing
|
||
|
|
drugs and human trafficking.
|
||
|
|
It's all still extremely hardcore criminal elements of things.
|
||
|
|
I think the way you're talking people that are paying, but they're not people you want
|
||
|
|
to be involved with.
|
||
|
|
The way you're talking though, it makes it sound like the only kind of hacking is criminal
|
||
|
|
hacking.
|
||
|
|
No, no, I hack things all day.
|
||
|
|
I mean, I'm a very obsessive person else that they're in beat my head on something until
|
||
|
|
it finally cracks, but there are people that they use the hacker ethos, you know, the
|
||
|
|
obsession, and then really it's all exactly the same until the end point where they, instead
|
||
|
|
of going, oh crap, I need to tell people about this, they go, I'm going to shut up, and
|
||
|
|
I'm going to sell this.
|
||
|
|
Okay.
|
||
|
|
That's the point where it becomes evil hacking when you're not being responsible with knowledge
|
||
|
|
that you get.
|
||
|
|
Yeah, because I think that's when you cross that line.
|
||
|
|
You're screwing over other people essentially to make money instead of helping to fix
|
||
|
|
problems.
|
||
|
|
I mean, they're fairly say evil because evil has other things attached to it.
|
||
|
|
You're just being a douchebag.
|
||
|
|
Yeah, there we go.
|
||
|
|
I mean, you know, evil has some kind of religious tone to it, and there's multiple sides.
|
||
|
|
To them, they're not evil.
|
||
|
|
They are just trying to make a buck, but I think most people can identify a douchebag when
|
||
|
|
they see it.
|
||
|
|
Yeah.
|
||
|
|
You mean the pops collar?
|
||
|
|
It's the pop collar of hacking, yes.
|
||
|
|
What about the people, I don't know, like, at least like me, I'm not making any big
|
||
|
|
new discoveries.
|
||
|
|
You know, I'm not exposing any new ways, you know, transcoding a video or a big hole in
|
||
|
|
something, you know, but I still think of myself a bit of a hacker because I sit there
|
||
|
|
and obsess over, well, what if I do it this way or what if I do this or how do I set up
|
||
|
|
it?
|
||
|
|
Well, like you, 330, I mean, you spent, I don't know how long setting up that server
|
||
|
|
with the open-goo server on it and the iOS, you know, I mean, it took you a while.
|
||
|
|
I would consider that hacking, even though it's not like, it's not discovering anything
|
||
|
|
new.
|
||
|
|
Is that still hacking, do you think?
|
||
|
|
Well, yeah, not everyone writes the hottest new insert your favorite application here.
|
||
|
|
Yeah.
|
||
|
|
There are a lot of people that sit around hacking on code, and it's never going to be
|
||
|
|
amazing.
|
||
|
|
You know, people aren't going to clamor for it, no one's going to pay $10,000 a seat
|
||
|
|
for it.
|
||
|
|
But you put the same amount of effort into it, and it doesn't make it any less awesome
|
||
|
|
to you or any less hacking.
|
||
|
|
I don't think that you need other people's approval for it to be hacking or to be useful.
|
||
|
|
As long as you find it useful and you work your ass off on it, you hacked it.
|
||
|
|
You know what I mean?
|
||
|
|
That's like going up to someone with an iPhone and they say, yeah, I hacked my iPhone.
|
||
|
|
I mean, big deal you hacked it.
|
||
|
|
What you did was you downloaded like a little installer and you double-cooked on it and
|
||
|
|
it did it for you.
|
||
|
|
It jail-broke it.
|
||
|
|
It doesn't mean you hacked anything.
|
||
|
|
It just means you're a script kitty for your iPhone.
|
||
|
|
Yeah.
|
||
|
|
I mean, that's where the media's use of the term hacking has really screwed everything up.
|
||
|
|
And everybody comes back to this, you know, do we need a new word for it?
|
||
|
|
The media screwed it up, not us.
|
||
|
|
I don't know.
|
||
|
|
I consider, I guess I think of a hacker with a capital H and a hacker with a lower case
|
||
|
|
H.
|
||
|
|
And people like me or a lower case H and people like, I don't know, Dan Kaminsky or
|
||
|
|
a capital H or something like that.
|
||
|
|
Well, I just, I kind of think about it like punk rock.
|
||
|
|
All right.
|
||
|
|
You've got, you've got black flag, which is by far one of the greatest punk rock acts
|
||
|
|
ever to exist.
|
||
|
|
Sure.
|
||
|
|
And they are no more punk than the 15-year-old kid, you know, hanging out with his buddies
|
||
|
|
in the garage playing punk rock.
|
||
|
|
It's all punk rock.
|
||
|
|
Yeah, yeah.
|
||
|
|
I get it.
|
||
|
|
I can relate to that, actually.
|
||
|
|
I don't, I don't think that it really needs to have a hierarchy.
|
||
|
|
Right.
|
||
|
|
And people really want, are spending way too much time of their life classifying things.
|
||
|
|
They categorize, and they sub-categorize, and they sub-categorize, they sub-stop
|
||
|
|
waiting for that time and go hack something.
|
||
|
|
That is hacking, that's hacking categorization without those people, without those people
|
||
|
|
we would have nothing but just, you know, everything would be lumped in together.
|
||
|
|
I can't argue with that.
|
||
|
|
I can't argue with it.
|
||
|
|
Okay.
|
||
|
|
What about this?
|
||
|
|
What about companies, you know, getting back to the hardware stuff, because that's kind
|
||
|
|
of interesting to me.
|
||
|
|
What about these companies that are saying, you can't hack this?
|
||
|
|
I mean, is it unethical for them to say that we can't hack their hardware?
|
||
|
|
Oh, absolutely.
|
||
|
|
I mean, you think about it, they're basically saying, we're the only ones who can make progress
|
||
|
|
in the computer industry for a graphics card, a sound card, a motherboard, a hard drive,
|
||
|
|
anything.
|
||
|
|
I mean, they're basically trying to monopolize the industry by controlling the progress
|
||
|
|
based on how they make it, so that when the next great thing comes out, it wasn't released
|
||
|
|
by some guy who figured out a better way to do it, from Idaho and his basement.
|
||
|
|
It was figured out by a big company who can then really profit from it.
|
||
|
|
Let's say I don't think that a lot of companies are actually telling people you can't do
|
||
|
|
this.
|
||
|
|
You know, they tell you, go right ahead and have fun, but you'll void your warranty.
|
||
|
|
Or you'll break your device, little demo cases.
|
||
|
|
Like I said, there aren't many, but there are some, you know, without naming names, companies
|
||
|
|
like that tend to do that across the board of their entire product line, and actually
|
||
|
|
into other product lines that may converge with their product line.
|
||
|
|
There are a lot of companies out there that, when they release a firmware upgrade, they'll
|
||
|
|
add this great nice feature, but they've learned about this hack that a ton of people
|
||
|
|
have done to their device.
|
||
|
|
That firmware upgrade will try to disable your device completely if you've done that,
|
||
|
|
just because it no longer gives them complete control over what you're allowed to do with it.
|
||
|
|
Yeah, the thing I'm thinking of with that is like the Sony PSP.
|
||
|
|
You buy a brand new game and it reloads your firmware and all of a sudden you can't play,
|
||
|
|
what we'll call them home brew games, but really what they're trying to stop is software
|
||
|
|
piracy.
|
||
|
|
And you know, that really bugs me there to say, no, it would come up, as you are allowed
|
||
|
|
to legally make one copy of every game you are.
|
||
|
|
But if, you know, they disable any way that people come up with, you need to play that
|
||
|
|
legal backup.
|
||
|
|
But if there are, if the original source is encrypted, which I can't think of a game
|
||
|
|
that doesn't come unencrypted, except for maybe a world of goo at this point, maybe
|
||
|
|
some independent stuff, but all that is encrypted.
|
||
|
|
And due to the Digital Millennium Copyright Act, if you circumvent encryption, you don't
|
||
|
|
even have to break it.
|
||
|
|
If you can copy it in place with the encryption, you've still broken the idea of encryption
|
||
|
|
and you're still in violation.
|
||
|
|
No, you're not violating it if you don't script it.
|
||
|
|
That's being debated in court right now.
|
||
|
|
Really?
|
||
|
|
Yes.
|
||
|
|
Yeah.
|
||
|
|
Basically, the idea is that if you made a copy of a DVD as a full ISO file, for bit exactly
|
||
|
|
the same, what you've done is circumvent the idea of the encryption, the intent of the
|
||
|
|
encryption.
|
||
|
|
Yeah.
|
||
|
|
And we may, we as in people that actually don't want this kind of thing to happen, may
|
||
|
|
lose this fight and lose it hard.
|
||
|
|
Oh, that would be, then basically they're saying, if you lose your disc and you wanted to
|
||
|
|
make backups, you can't make backups, and if you lose your disc, you're out of luck,
|
||
|
|
you'll just have to go buy another one.
|
||
|
|
Well, they tell you to go buy a backup.
|
||
|
|
Why don't you have two copies of it?
|
||
|
|
Go buy two copies.
|
||
|
|
Oh, yeah.
|
||
|
|
Which, I'm taking the devil's advocate on that point.
|
||
|
|
I want everyone to know that I think that's bullshit, and I think that it's just unfathomable
|
||
|
|
how someone could actually think that, but playing devil's advocate, why don't you just
|
||
|
|
go buy two copies?
|
||
|
|
People that buy comic books that want a one to read and one to save forever, they go
|
||
|
|
buy two.
|
||
|
|
They don't make a copy of their comic book to read and then have the one that they bag
|
||
|
|
and board.
|
||
|
|
Yeah, but that's different.
|
||
|
|
DVDs aren't exactly something you're going to save forever as, unless it's like some
|
||
|
|
special collector set of Star Wars signed by George Lewis or something.
|
||
|
|
I mean, it's one of the things to these companies, it is.
|
||
|
|
A product is a product.
|
||
|
|
They don't care what format it's in.
|
||
|
|
It's like, it's like empty free.
|
||
|
|
If you download an empty free, that's DRM, you have no reason to want to back that up.
|
||
|
|
And you see, I think the, by the industry doing this and causing all this encryption on
|
||
|
|
data and saying, we don't want you to back it up or do this.
|
||
|
|
Basically, by trying to prevent piracy, they've increased it and things like the pirate
|
||
|
|
band.
|
||
|
|
It said this past year, they just got to over seven million users and that's not counting
|
||
|
|
all the people who don't sign up for it, but still get torrents from there.
|
||
|
|
You think about that?
|
||
|
|
These companies are saying, we don't want to lose money.
|
||
|
|
We don't want people stealing our data.
|
||
|
|
But if they were to keep it unencrypted and available to people, then they wouldn't
|
||
|
|
have as big a problem with this, because people would be like, okay, I buy a song and
|
||
|
|
I buy tunes.
|
||
|
|
I can put it on as many devices as I want.
|
||
|
|
But now it's like, you can put it on like just a couple of devices and if something happens
|
||
|
|
to your collection or those devices, you're screwed.
|
||
|
|
So here's a question.
|
||
|
|
Are the guys at the pirate bay hackers?
|
||
|
|
Yes, I would have to say it.
|
||
|
|
I would say yes as well, because they're getting around something, yeah, they're getting
|
||
|
|
around some of the problem, the roadblock.
|
||
|
|
To be honest, I think anyone who uses torrents is a hacker, but kind of like the lower case
|
||
|
|
H type hacker, not the...
|
||
|
|
Oh, you're categorizing again.
|
||
|
|
No, come on, not at this point.
|
||
|
|
Look, any mouth breather can use a torrent site.
|
||
|
|
It's not that hard.
|
||
|
|
Not a mouth breather, but yeah, most.
|
||
|
|
No, believe me, I spent several hours with a mouth breather a couple days ago and he was
|
||
|
|
torrenting.
|
||
|
|
All right.
|
||
|
|
I am talking lowest common denominator here and he could do it.
|
||
|
|
If you actually like listen to discussions with the guys from the pirate bay, they are
|
||
|
|
absolutely hackers.
|
||
|
|
It's a totally decentralized thing.
|
||
|
|
No one knows who did any of it.
|
||
|
|
They have like, they have this admin account that anyone that asks can get the password
|
||
|
|
to and you just make your change and walk away from it.
|
||
|
|
That's how it became the number one greatest store with no price on the internet.
|
||
|
|
Well, it's kind of like they've basically taken what Napster did and fixed all the mistakes.
|
||
|
|
Napster's mistake was just having a centralized location.
|
||
|
|
So basically you're saying they decentralized location, so what torrenting does and that
|
||
|
|
if you lose one person, you still got 100,000 to back it up.
|
||
|
|
Say, but it's not even the location that they decentralized.
|
||
|
|
There's no chain of command in their recent court case.
|
||
|
|
They kept going, who is the man on top?
|
||
|
|
Who's the admin?
|
||
|
|
And they went, everyone, there is none.
|
||
|
|
The courts can't get their heads around an idea that it may just be something that exists.
|
||
|
|
No one owns it.
|
||
|
|
It's just there.
|
||
|
|
And I think it's just out in cyberspace.
|
||
|
|
That's the biggest hack.
|
||
|
|
It has nothing to do with the software or enroading around laws or any of that.
|
||
|
|
They hacked the way people think.
|
||
|
|
That's the most important part of that is changing your hardware, your software, any of that.
|
||
|
|
Those are all in goals, but really hacking is about changing the way you think about something.
|
||
|
|
I'm going to say I'm impressed, these guys, yeah, it is just a thing that exists on
|
||
|
|
its own.
|
||
|
|
What's also really cool is, right now, they still need the pirate bait up as a tracker.
|
||
|
|
Well, they're working on ways for decentralized tracking.
|
||
|
|
So if their servers got blown up tomorrow, all those torrents are still available.
|
||
|
|
And it could just move anywhere in the world they wouldn't back.
|
||
|
|
So here's the really interesting thing is, and you'll have to go back into other HPR episodes
|
||
|
|
because I don't remember the name of the broadcaster, but the same broadcaster that put out all
|
||
|
|
the Beatles tracks a couple months ago on BitTorrent, they are actually using the software
|
||
|
|
that the guys from the pirate bait created to run their own tracker site instead of,
|
||
|
|
you know, like in the US, all the media companies put it up in streaming flash.
|
||
|
|
You go to CDS and you can watch pretty much whatever you want, but it's in flash and it's
|
||
|
|
only there for as long as it's there.
|
||
|
|
These guys are actually putting this out on BitTorrent and going, have at it.
|
||
|
|
I don't know if they have ads or anything in it, but if they do, you can sell the ad
|
||
|
|
as this ad will be seen forever because we're going to put this out here and people are
|
||
|
|
going to be able to share this thing.
|
||
|
|
So you're going to get between 10,000 and 600 million views.
|
||
|
|
I mean, that's a really smart way of doing it, and you're going to get that media out there
|
||
|
|
to anyone who would ever want to listen to that music because it's an old video.
|
||
|
|
Right.
|
||
|
|
You don't have to pay for it.
|
||
|
|
We'll say or watch that TV show, you know, because I think it's a national, like a
|
||
|
|
nationalized media thing, you know, it's kind of like a PBS in America.
|
||
|
|
Well, it's more like the BBC in England, where it's paid for through tax money or, you
|
||
|
|
know, some kind of TV license or something, for the benefit of everyone in that country.
|
||
|
|
So they've already made their money off of it.
|
||
|
|
The taxes were already collected.
|
||
|
|
It's just stuff now that's sitting around and they don't have like the BBC where they're
|
||
|
|
exporting it everywhere because not everyone speaks.
|
||
|
|
I think it was Swedish.
|
||
|
|
It might have been.
|
||
|
|
I thought it was Norway, but yeah, whatever.
|
||
|
|
They're just giving it away because there's no, they don't really have another revenue
|
||
|
|
source.
|
||
|
|
And they're not really interested in waiting for one to show up.
|
||
|
|
So why not just give people the thing they already paid for?
|
||
|
|
And I personally, I love the idea of the perpetual ads, like just going, we can guarantee
|
||
|
|
you that it'll get this many downloads because everything else did.
|
||
|
|
But after that, you could grow tenfold.
|
||
|
|
So you know, pay us for what we know you'll get and hopefully we can negotiate a little
|
||
|
|
bit more and you'll probably get a million times more than you ever paid for.
|
||
|
|
Yeah, well, it's a brilliant scheme, I think, and it's, you know, the whole open source
|
||
|
|
model in a way because you're just saying, here's, here's the information, take it whenever
|
||
|
|
you want it.
|
||
|
|
I mean, that's kind of, I don't know if that's open source or hacker ideal or whatever,
|
||
|
|
but it's the same idea, I think.
|
||
|
|
Well, I think it has real work with a hack.
|
||
|
|
The whole idea of free software and open source.
|
||
|
|
It was a hack.
|
||
|
|
It was a hack, and again, it was a hack of the way people thought of things, yeah, because
|
||
|
|
people were just trying to wrap their mind around.
|
||
|
|
Yeah, yeah.
|
||
|
|
Because I mean, people are still thinking in a lot of ways that open source was somehow
|
||
|
|
be piracy, but I think you're, you hit the nail right on the head with the idea that
|
||
|
|
open source is a hack because you think about programs like Microsoft's Office Suite and
|
||
|
|
then you think of things like openoffice.org where they do all the same things, whereas
|
||
|
|
one several hundred dollars, the other's free, obviously there's got to be some similarity
|
||
|
|
and code there.
|
||
|
|
So obviously, at some point, it's been a hack to get that code, maybe I'm doubting it
|
||
|
|
was illegal, but it was obviously someone hacked it so as to say, you know, I don't feel
|
||
|
|
like buying that.
|
||
|
|
I still want the feature and services.
|
||
|
|
They basically just said, hey, I'm going to write a program to do what I need it to do.
|
||
|
|
And then when they got it working, they put it out on the internet and now pretty much
|
||
|
|
everyone who uses Linux uses OpenOffice and they released a version for Windows.
|
||
|
|
So now openoffice is kind of a bad example there, but you know, that's how a lot of software
|
||
|
|
came about.
|
||
|
|
But OpenOffice started StarOffice, which is bought by Son later open source and then renamed
|
||
|
|
OpenOffice.
|
||
|
|
Yeah.
|
||
|
|
And really that again goes back to my point that people aren't clever, how many different
|
||
|
|
people had the idea of a word processor, which is basically some kind of markup language
|
||
|
|
that formats a page for printing.
|
||
|
|
I doubt Microsoft was the first one to have it.
|
||
|
|
I mean, you know, we can all sit around, you know, as soon as I said that everyone started
|
||
|
|
going, I could do it, you know, little XML here and there and it spits out a page the way
|
||
|
|
you put it on the screen, you know, and there are probably a million ways to do it.
|
||
|
|
So I'm sure that there are similar things between Office and OpenOffice.
|
||
|
|
They're probably functionally completely different and actually it's a good thing.
|
||
|
|
No one ever has the perfect idea.
|
||
|
|
They just have the idea that was good enough to make the damn thing work.
|
||
|
|
True.
|
||
|
|
And that's where people use the program and when reason open open source is still successful
|
||
|
|
because people go or people write a program, people use it and go, you know, I would really
|
||
|
|
like this feature, that feature in it.
|
||
|
|
And then people are like, hey, that's not a bad idea.
|
||
|
|
They integrate it, updates release, it's installed and boom, now you've got exactly what
|
||
|
|
you were looking for.
|
||
|
|
And then you have a hundred other people going, that feature is awesome, but you totally
|
||
|
|
did it wrong.
|
||
|
|
Exactly.
|
||
|
|
So that's why open source is so beautiful because you can customize it exactly the way
|
||
|
|
you are.
|
||
|
|
And at that point, they submit the patches for what they think it should be.
|
||
|
|
If they're not accepted, they can fork and have their own project do it the way they
|
||
|
|
envision it.
|
||
|
|
Okay.
|
||
|
|
So hacking so far is being judged ethical because it brings all of us free stuff, like
|
||
|
|
stuff that we don't want to pay for.
|
||
|
|
It reveals security problems and it possibly reveals advancements in like either hardware
|
||
|
|
or software progress or just kind of the way everyone thinks.
|
||
|
|
Hacking in itself is ethical, the act of learning something new by being obsessive and just
|
||
|
|
pounding your head at it, there's nothing unethical about that.
|
||
|
|
It's what you do with your end result and that's just like everything.
|
||
|
|
If you build a firework in your backyard, if you shoot it up in the air and it explodes,
|
||
|
|
it's a firework.
|
||
|
|
But if you pointed it at someone and it explodes and kills someone, you've made a grenade.
|
||
|
|
You've made a rocket explosive.
|
||
|
|
The same exact thing can do two separate things and one is ethical and one isn't.
|
||
|
|
It's how you use it and people use things a lot of times, not for reasons not designed
|
||
|
|
or not intended by the maker.
|
||
|
|
People will take something like say a knife that was designed to chop vegetables and use
|
||
|
|
it to murder someone.
|
||
|
|
Setting up a server in my own house and breaking in through SSH because of some vulnerability
|
||
|
|
and let's say I had an old Debian box and I could break the key because it was only 16
|
||
|
|
bit.
|
||
|
|
If I do it to myself, there's nothing wrong with it.
|
||
|
|
I agree.
|
||
|
|
But here's the question, because I agree with what is being said, but it sounds like
|
||
|
|
some of our quote ethical, yeah, it's ethical, unquote, it is based on our particular moral
|
||
|
|
basis.
|
||
|
|
So we're saying, well, it's ethical because it skirts taking advantage of people who can't
|
||
|
|
afford an office suite or it's showing these companies that they don't control their
|
||
|
|
own hardware or whatever.
|
||
|
|
You know, I mean, who decides whether this is a good thing or a bad thing?
|
||
|
|
Like, might a hardcore capitalist say, well, this free software stuff is, you know, basically
|
||
|
|
copying an idea from someone else and giving it away for free and that's bad or something
|
||
|
|
like that.
|
||
|
|
I mean, why are we saying it's ethical or was the question wrong anyway?
|
||
|
|
I know you just said, you know, you said someone's coming from the point of, okay, will this
|
||
|
|
make me money?
|
||
|
|
Well, I think the question should be, is will this benefit humanity?
|
||
|
|
To that back, take a look at it as a whole, you know, in a hundred years, will it matter
|
||
|
|
if that guy made money or if we did something that benefited everybody?
|
||
|
|
Right.
|
||
|
|
So I think that's more of a viewpoint as you're pointing from.
|
||
|
|
Okay, cool.
|
||
|
|
Well, thanks for being on Nick from Open Source Musician's Podcast.
|
||
|
|
Thanks for being on.
|
||
|
|
For having me.
|
||
|
|
No problem.
|
||
|
|
Thank you, AJ, from Linux Geekdom Podcast.
|
||
|
|
I love being here.
|
||
|
|
Thanks.
|
||
|
|
Yeah.
|
||
|
|
I mean, both of you, since this was your first HPR episode and anyone else listening, if
|
||
|
|
you ever want to contribute a hacker public radio episode, it is an open forum.
|
||
|
|
It's a community-based podcast.
|
||
|
|
All you have to do is email either me or Enigma or, you know, just get on the website,
|
||
|
|
hackerpublicradi.com and find the email link to submit a show.
|
||
|
|
And generally speaking, we're really happy to get them.
|
||
|
|
Thank you, 330, and you're from Tilt now, right?
|
||
|
|
Something kind of tacky.
|
||
|
|
What a free Linux helpline.
|
||
|
|
Free Linux helpline.
|
||
|
|
What's the site for that, by the way?
|
||
|
|
FreeLinux helpline.mit.
|
||
|
|
Okay.
|
||
|
|
FreeLinux helpline.net.
|
||
|
|
That's a really cool new podcast that helps people with Linux questions, and it can be a live
|
||
|
|
college, or even.
|
||
|
|
Yeah.
|
||
|
|
Cool.
|
||
|
|
All right.
|
||
|
|
So this has been the second round table for hacker public radio.
|
||
|
|
My name's Klatsyu, and thanks for listening.
|
||
|
|
Thank you for listening to hacker public radio.
|
||
|
|
HPR is sponsored by tarot.net.
|
||
|
|
So head on over to C-A-R-O dot N-E-T for all of us in need.
|
||
|
|
Thank you.
|