
Hack everything without fear - RX14
https://drewdevault.com/2018/03/17/Hack-everything-without-fear.html
======
mythas
Like most hard things in life the most honest advice anyone can give you is
stop worrying about getting stuck, embrace confusion and learn to love being
lost. If you can learn to not lose confidence when you’re in the wilderness
then you have learned how to learn. Unfortunately this is challenging to do.
It’s like telling someone the way to do a pull up is to do a pull-up. For self
motivated people this is all the coaching they need. For most however, they
need someone to hold their hand through all the steps.

~~~
alfonsodev
Actually, I was stuck for years, not being able to do a single pull-up, until
I found a youtube video that explained how to progress in pull ups[1] The way
was counterintuitive to me, so it would have never occurred to me.

The method consists in actually jumping, skipping the hardest part, then when
being on top with the head above the bar, you let your body fall as slowly as
you can. It turns out this works because in the eccentric phase your arm
muscles are more powerful, but you are still able to progress overall.

The advice I would give is, as you said, embrace confusion but pay attention
to where is your next mentor, the one that will show you that little trick or
that little piece of understanding that will get you progressing.

[1](spanish)[https://www.youtube.com/watch?v=tQxbnI3QFBE](https://www.youtube.com/watch?v=tQxbnI3QFBE)

~~~
52-6F-62
Another way is to work negatively. So in a sense you do a pull up by doing a
reverse pull up— that is you start at the top of the pull us and lower
yourself as slowly as possible (like in you’re method). Just rather than
pulling yourself up you just jump yourself or step up to the top. After so
many sessions of that you’ll be doing them without much difficulty.

I’ve found in learning the process can be similar. If I don’t understand
something I can only read so much and study so much. I have to get my hands
into it. I will pull down a codebase, run it, change it, break it, fix it, try
and emulate it from first principles and contrast that with my reading and
repeat. The best way I’ve found so far is to couple that with bottom up
learning— working and reworking the fundamentals as I capitulate and bounce
off the walls of reverse engineering and experimenting. I can’t confirm the
benefits of that for anybody else but it works for me and keeps me interested

~~~
__blockcipher__
Uh, isn’t that exactly what the parent comment just said? It sounded to me
like they were doing negatives.

~~~
52-6F-62
Not to me. But granted— they linked a video displaying supine form whereas I
assumed, without watching, they'd shown wide pronate. The latter form is
notoriously difficult and I felt like detailing further would be helpful.

The quickest example I could find (of pronate form) is this guy, (but he's
right):
[https://www.youtube.com/watch?v=yLXn2OtQmxo](https://www.youtube.com/watch?v=yLXn2OtQmxo)

Wanted to add, off topic but for interested parties of the digression, a good
resource— Scott.. from Boston? never checked. But he's pretty good:
[https://www.youtube.com/watch?v=MogM8PlV1NI](https://www.youtube.com/watch?v=MogM8PlV1NI)

------
randcraw
This used to called a “can do” attitude. Back then I think it meant you were
willing to roll up your sleeves and do the hard physical work needed to put
things right. Now that the world is more technical than mechanical, “can do”
requires delving into circuits and SLOC, hacking far less visible and more
complex entities. It's only when those circuits and apps are open that “can
do” has a hope of staying alive.

In the closed worlds of today's mobile infractructure (i.e. iOS and Droid
“walled gardens”), remaining “can do” is getting harder. If I could trade mine
in for a truly open smart phone, I'd do it in a heartbeat.

~~~
seba_dos1
I'm still using Nokia N900, which is pretty close. I've used Openmoko Neo
Freerunner pretty long, but unfortunately its performance was hard to stand
anymore. For development, I also have Samsung Galaxy S3, which was the last
one to have its baseband separated from the CPU. Replicant works there, so it
might be a good choice in this regard as well. Looking forward for Librem 5,
Neo900 or Pyra Phone now - whichever happens first. You need to make some
sacrifices (hopefully less and less as the time passes), but the choice is
there.

------
xstartup
Once I was interested in obscure code base because my motivation was to
discover smth which a few people would know about. But these days, I see
github repo with large number of contributors, who are smarter than me
(often), it's an instant motivation killer. I rarely checkout other's code
unless it's related to the problem I am solving.

~~~
John_KZ
I actually suffer from an extra problem. I no longer trust any program you can
download off the internet, except for trusted repositories (ie most of
canonical's ubuntu repos, debian etc). That has been a massive drag for me,
because I can't just download super convinient programs on my work computer.
It pretty much stalled my interest in (amateur/hobby) programming alongside
with stopping the use of pirated software, except in VMs, which are slow and
inconvenient enough to not bother running them very often.

~~~
QasimK
I'm almost at the same stage that you are. I think that as powerful as
traditional desktop operating systems have been, they are clearly less secure
than mobile operating systems which sandbox applications. People have
sensitive data on their devices, and it is simply far too easy to get harmful
malware on your machine. Whether from an external developer becoming
compromised, or actual malicious behaviour.

I still download popular 3rd-party programs (i.e. not in the OS repos),
especially if they are open-source (i.e. just GitHub), and there is evidence
of active maintenance with a significant number of contributors to the
project, or if it is from a reputable, popular real-life person.

I think it is a real shame. I should be able to download any program and know
that they aren't just going to be trawling through the files on my PC without
the OS at least asking me (and so on). It's a tricky balance between sandboxed
"useless" apps, and god-mode, but something that I feel desktop OS's need to
focus on if their platform is to survive.

------
2glasscups
"You don't know what you don't know until you go looking." Every good problem
solver starts with the drive to want to solve the problem. People's
motivations can vary from person to person, but these motivations are what
drive them forward to want to solve the problem. Success is always a natural
outcome of any problem solving technique used because even if the problem is
not solved per the requirements needed, the experience of failing is still in
many ways a success. The lessons learned from struggling and failing are
committed to memory and can be used on another future problem. "Instead of
looking for the answer, try to find a solution."

------
fouc
It's not a "how to" like I thought it was going to be. It's a "do it" with
some tips.

Where "do it" is go ahead and hack & submit a patch on that open source
project you rely on instead of working around it, get past that fear.

~~~
adamson
I've never really understood why this is hard for people, especially in the
era of Github where anyone and everyone can open an issue or pull request and
generally be taken seriously.

~~~
kovek
I've found it easy with python recently.

\- Go on github, find the repo

\- Fork the repo

\- git clone
[https://github.com/me/forked_repo](https://github.com/me/forked_repo)

\- cd into the repo, and 'git checkout -b me_myfix'

\- write your change

\- cd ..

\- 'pip uninstall forked_repo' so that you can work with your fork's clone
instead

\- Sometimes, if the repo has a setup.py, some symbolic linking needs to be
setup so we can easily do 'import forked_repo'

\- use 'import forked_repo'

\- later, you can do 'git push origin me_myfix' and submit a pull request from
Github.

I think there is a better way but I did not think about this problem much. It
would be nice if someone could outline how to go about this properly. And
there's almost no chance I could do this with another language since I am not
as comfortable with the building/packaging with other languages.

~~~
UncleEntity
Sometimes you don't even need to do a pull request if you have your fork on
the same platform.

A while back I needed py3k support in pybindgen so hacked it in and it
magically got merged into the main branch. Surprisingly, as is -- I guess I
can hack on the python good enough ;)

------
trevyn
“Do everything without fear” is also good advice. :-)

------
exikyut
I think this article is fundamentally very bad, for one specific reason.

\---

Me: "Hi! I just found a bug in your program. If you do A, B and C, X doesn't
work properly."

Maintainer: "Our test case covers A and B and works perfectly."

Me: "Yes, C is an edge-case your testcase didn't include, and which is what
breaks everything horribly. You know more about modifying your testcase than I
do, but I guarantee you that when you make the change, this will fail
consistently."

Maintainer: "You must provide us a new testcase."

Me: "I don't know how to do that."

Maintainer: "Our existing test cases work fine."

Me: [ Gives up before frustration turns to anger ]

This happened. [https://github.com/rg3/youtube-
dl/issues/7872](https://github.com/rg3/youtube-dl/issues/7872)

\--

Me (on a sadly now-defunct forum): "I think it would be awesome if we ported
my favorite application to this new OS"

Owner of application, unexpectedly: [ Long rant about the difficulty of
porting things and that my ideas are going to affect him personally ]

Me: [ Freaks out ]

Forum maintainers: [ Words of comfort ]

Sadly there are no copies of the post in the Web Archive (I just downloaded
the entire forum to check), but I remember the conversation well.

\--

New contributor: "Here's a patch to this program. It fixes this and that
problem."

Long-term maintainer: "We don't do things that way."

New contributor: "It'll improve performance and simplify the code."

Long-term maintainer: [ Blah blah blahblahblahblahblahblahblahblah(...) ]

New contributor: "...?!"

This is what came to mind when I thought about systemd.

\---

The thing the article is completely missing is the political element.

It exists, it's real, I wasn't warned I'd get bitten, and I have cognitive
issues and don't know how to resolve confrontation in some situations.

I generally avoid open source communities nowadays. My experiences discussing
closed-source software have consistently been less toxic!

~~~
JdeBP
What is actually in that GitHub issue does not match your story. For example,
what we can see there is you providing an example with the concrete
information all replaced with "(removed)", the other person asking for said
concrete information, and you replying that you don't know it, even though you
clearly did and removed it from your test case.

~~~
exikyut
I must admit that I did have second thoughts about posting this after I'd
properly typed it out. It sounded less pointed in my head.

You are technically right. The specific issue was that youtube-dl had a bug
downloading WAVs from soundcloud. The WAV in question was privately linked to
me, and it was the first WAV I'd ever encountered. It's not possible to search
for "has WAV" on soundcloud. I had no idea how to find one, and was unsure how
to go about uploading test media (eg if it would be taken down etc).

I'll admit that yeah there was some laziness and "just fix it" and
unimpressedness in there. I'm at fault to an extent.

