

How to Learn Hacking - nvr82
http://www.catb.org/esr/faqs/hacking-howto.html

======
hagmonk
I can't see myself recommending this guide to anyone. A few things stand out:

\- the invitation to "go away" if you confuse ESR's definition of hacking with
the definition the general public uses.

\- the suggestion that hacking is something for those with above-average
talent for programming. Perhaps you should keep reading if you count yourself
as above average?

\- the proposal of a system for learning how to hack that is apparently so
robust that it is self-evident. No examples need be brought in to support this
proposal, nor does it need to defend itself from alternative systems.

\- it is suggested that hacking is the only way for software architects to
train their design sense. Ok, sure.

The biggest problem I have is that the vast majority of ESR's suggestions are
really good ones. I agree with plenty of things he's saying. I just wish, like
many open source products, it was packaged in a more digestible fashion, so I
could recommend it to less experienced friends.

~~~
navait
I think this guide has a good place for children who are interested in
computers and get in trouble for messing with their schools network. Many of
these kids will have absorbed media which does not really understand the
diffrence between being a software engineer and breaking into computers. They
may not know about the FOSS/unix world. I think giving this to them would do
them a lot of good.

My main problem with it is that ESR is unable to differentiate between being a
good programmer and being ESR.

Really what we need is a guide written by a prominent member of the FOSS
community who can show budding programmers what's out there in modern
FOSS(this was written in 1996) without couching it in language designed to
sate the author's ego.

~~~
Delmania
"My main problem with it is that ESR is unable to differentiate between being
a good programmer and being ESR."

This line really identifies what my issue with ESR is. I've skimmed over his
writings, and he definitely mixes the skill of being a hacker with his own
beliefs about what that person should think and how that person should act.
That theme definitely runs in his blog - the technical aspects of are great,
but there's definitely a lot of humble bragging going on as well as most of
the commentors being nothing more than an echo chamber.

------
FLUX-YOU
In case readers were interested in security:

[http://data.langly.fr/blackhat](http://data.langly.fr/blackhat)

~~~
fabulist
This guide is very hand-wavey. Tor alone is a poor operational security
strategy; using nikto and unix-privesc-check does not a hacker make.

This may be a decent place to begin one's inquiry, but don't let it end here
too.

Here are some talks I recommend:

Tricks for Defeating SSL in Practice - Moxie Marlinspike

[https://www.youtube.com/watch?v=MFol6IMbZ7Y](https://www.youtube.com/watch?v=MFol6IMbZ7Y)

OPSEC: Because Jail is for wuftpd - thegrugq

[https://www.youtube.com/watch?v=9XaYdCdwiWU](https://www.youtube.com/watch?v=9XaYdCdwiWU)

------
harry8
This is from the man who wrote a "how to sex" no really, it's here if your
eyes can stand it.

[http://www.catb.org/esr/writings/sextips/bedplay.html](http://www.catb.org/esr/writings/sextips/bedplay.html)

~~~
eanplatter
He also wrote The Cathedral and the Bazaar if I'm not mistaken. If that can
balance it all out.

~~~
simi_
> catb.org

It took me a while to get why the site's named that way, too.

~~~
cosarara97
Why is the site named that way?

~~~
simi_
Catb - cathedral and bazaar :)

Unless I am embarassingly wrong.

------
stillsut
When _not_ open-source is okay:

Basically hardware. Say you're trying to create scientific image proc for an
an off-the-shelf smartphone. The following review of the 40MP android nokia
shows the debate. [http://www.cnet.com/news/the-secret-behind-
nokias-41-megapix...](http://www.cnet.com/news/the-secret-behind-
nokias-41-megapixel-camera-phone/)

The key point takeaway for me is how you create cheap consumer level
electronics with a research team behind it. (Hint - Nokia's investment in R&D
depends on them expecting to get lots customers)

Con: There is contention that this order of magnitude increase in pixels is
not useful to image quality. And proprietary algo's on embdeded hardware in
the camera module (7px "sampling" -> 1px "stored") is not available.

Pro: In some cases, there is contention that this innovative smartphone camera
increases signal to noise ratio, so maybe we live with the black-box of the
hardware to get better images downstream. And if "gimmicks" like this huge
camera sensor sell units, we can expect more cheaply available units for mass
deployment of the hardware/software. -> Thus for hacking we're riding the wave
of mass adoption of what we're once esoteric technologies - high-end digital
image sensors.

------
_tb
hacking is a style of programming, hacking is being a cool start up guy,
hacking is being a computer wizard, hacking is X, hacking isn't Y.

why some people keep trying to use the word hacking for what they do no matter
what, it's because it sounds cool?

~~~
bottled_poe
In particular, hacking seems to be about doing things that are not by-the-
book. So...how can it be learned?

------
gtop
[http://paulbuchheit.blogspot.ca/2009/10/applied-
philosophy-a...](http://paulbuchheit.blogspot.ca/2009/10/applied-philosophy-
aka-hacking.html)

This is good too by Paul Buchheit.

------
Goldenromeo
How to become a Hacker

[http://www.catb.org/~esr/faqs/hacker-
howto.html](http://www.catb.org/~esr/faqs/hacker-howto.html)

~~~
Goldenromeo
Same guy but content is different

------
notastartup
so how are people coming up with zero-day vulnerabilities all the time? How
are these people able to find a way to inject code in pdf or word
documentation year after year? Is software forever vulnerable, even ones
written by huge number of engineers?

~~~
rifung
I imagine having a huge number of engineers actually increases the chances
that software is vulnerable. This is because bugs often arise when different
people are making different assumptions about what some code does or doesn't
do.

It always makes me uneasy when I have to go and make modifications to other
people's code, especially in the workplace where you usually don't have the
luxury of time to fully understand the code base.

------
hartator
> If you think “hacking” has anything to do with computer crime or security
> breaking and came here to learn that, you can go away now. There's nothing
> for you here.

This. I don't think the author realizes that the reality out there is complex.
You can "hack" for "good" or for "bad". Open-source is about not putting a
moral judgment about what you want to achieve.

