
Ask HN: Why are hackers today so insecure? - jdimov
Reading through HN&#x27;s headlines it is hard not to notice that most discussion is generated around countless &quot;threats&quot;. The government, the NSA, piracy, patent trolls, banks, other countries&#x27; governments, big corporations, etc., etc., etc. This is not what one would expect from a creative community. A hacker is supposedly someone who is enlightened about the power of their own creativity. If you are focused on creating something, none of these &quot;threats&quot; would matter. So what&#x27;s the reason for attributing so much power to these external &quot;forces&quot;, none of which have ANY intrinsic power beyond what you give them?
======
onion2k
The very creativity you mention is what gives hackers the insight to
understand the potential, and in some cases very real, impact of these threats
to openness, freedom and equality. In the case of government, the NSA, even
piracy to an extent, we can foresee a world where we are far less free to
pursue the creative endeavours we love as the information currently gathered
is used to stop 'terrorists', 'dissenters' and 'troublemakers'. As for patent
trolls, banks and big corporations - they _already_ stop people doing things
that they enjoy by (ab)using 'rights management', lobbying and the courts to
curtail our freedom to do things like reverse engineering, coding, and
sharing. What you believe is a strange and impossible imaginary Dystopian
scifi future, we see as something that, without careful opposition, could
become a truly terrifying reality.

Besides, hacking isn't just "making stuff". We can hack politics.

~~~
entendre
You cannot hack politics. The problem is the people.

------
Aqueous
It's the libertarian mindset. It is more hyper-vigilant and suspicious than
the liberal mindset. You'll find that left-leaning people and right-leaning
people have, at a very basic level, a different philosophy about other people.
Left-leaning people are more trusting, right-leaning people are more
suspicious. Left-leaning people want to help people out a little bit in a
systematic way, right-leaning people want everyone to be self-reliant.

There's something to be said for both views though. The problem is that
everyone is right. You can't trust everyone but you have to trust someone.
Terrorism is not the end of the world but it isn't a non-problem either. You
can't let everyone sit around all day and not work but you also can't let them
starve while working to death for low wages, either, or die of an illness they
can't afford to treat.

I think the fundamental lie of adversarial democracy is that we can't both be
right at the same time. We are all a little bit right, but none of us can see
that because we get hung up on relatively minor differences.

~~~
Doctor_Fegg
Some of us are left-leaning hackers, thanks!

~~~
lukifer
Some of us are left-leaning libertarians [1]; equally suspicious of the the
concentrated power of the state and the concentrated power of private capital
and corporations.

Just because you're paranoid, it doesn't mean they aren't out to get you.
(Curiously, the reverse is also true, and I suspect that's what OP is reacting
to.)

[1]
[https://www.youtube.com/watch?v=a1rK4PsP0zY](https://www.youtube.com/watch?v=a1rK4PsP0zY)

~~~
VLM
"concentrated power of private capital and corporations."

I'm in your boat, you can't have a free market if one side has all the goods
and all the power. "Let them eat cake" is a better recipe for a revolution
than for a free and prosperous market.

WRT revolution, observing an epic fail and discussing it doesn't include
supporting or enjoying it.

------
ryanthejuggler
One example: Secure Boot (a.k.a. Restricted Boot). Personally, I'd love to
have a screamin' Arch Linux install running Gnome Shell on top of the latest
Microsoft Surface hardware. But I can't do that, can I? Why not?

The simple answer is because Microsoft disallows you from modifying hardware
that you own. This is a very real power. I personally do not have the
capability to produce my own hardware.

The more complicated answer is that the big guns (Microsoft, Google, Apple,
etc) have manipulated the government into allowing them these powers. So now
we don't just have a technological problem, but a social problem. When we have
an entire society of people running to the store asking them to put the glossy
digital handcuffs on them, we encourage that kind of behavior. We make it
economically viable for a corporation to oppress a large number of people.
Circling back to my original point, this makes it difficult or impossible for
someone to hack on a new hardware platform that's been locked down.

Imagine if there were a ban on the color green. Artists would be completely
deprived of a large part of their pallette, and their art would suffer for it.
Tivoized hardware hurts hackers in exactly the same way.

This is the first example that came to mind, there are definitely plenty of
others. Basically it boils down to societal problems that manifest themselves
as technology.

~~~
wmgries
Why can't you just disable Secure Boot from the UEFI?
[http://www.microsoft.com/surface/en-us/support/warranty-
serv...](http://www.microsoft.com/surface/en-us/support/warranty-service-and-
recovery/how-to-use-the-bios-uefi)

~~~
forgottenpass
Because the link you provided is for Surface PRO, and specific to the x86
offering.

From:
[http://en.wikipedia.org/wiki/Windows_8#Secure_boot](http://en.wikipedia.org/wiki/Windows_8#Secure_boot)

 _Microsoft 's certification requirements eventually revealed that UEFI
firmware on x86 systems must allow users to re-configure or turn off secure
boot, but that this must not be possible on ARM-based systems (Windows RT)._

------
sp332
They charge hackers with crimes and lock them up. How can that threat not
matter? Jacob Appelbaum has been detained 12 times at US airports and he still
finds it stressful. _The mental environment that this creates for traveling is
intense. Nothing is assured, nothing is secure, and nothing provides escape._
[http://boingboing.net/2011/01/12/wikileaks-
volunteer-1.html](http://boingboing.net/2011/01/12/wikileaks-volunteer-1.html)

------
bmelton
I like the question, and I hope to hear more insightful answers than mine,
which is more of a nit-pick than an actual answer.

Government and NSA actually _have_ power. They have it because we gave it to
them. They have power because they have drones, tanks, guns, and armies of
people willing to use them at their command. Refusing to recognize the
authority of a government, even one you aren't a citizen of, even one whose
borders you aren't within, seems naive at best.

If the US government decides, tomorrow, to kill you, that isn't a threat that
you can shrug off... or at least, not one that you can shrug off and expect to
live a long life.

Sure, perhaps government intervention won't interfere with my creation of
something, but in many cases, that isn't even necessarily true. In order to
succeed as a business, I have to obey the laws, or be subject to its
retaliation. I can't ignore paying taxes, or obtaining appropriate license, or
cease and desisting when the FDA tells me to, etc. Pretending that it doesn't
exist isn't really an option.

------
tvanantwerp
Whatever you think of him, I think Julian Assange answers this question quite
well in the introduction to Cypherpunks:

"The platonic nature of the internet, ideas and information flows, is debased
by its physical origins. Its foundations are fiber optic cable lines
stretching across the ocean floors, satellites spinning above our heads,
computer servers housed in buildings in cities from New York to Nairobi. Like
the soldier who slew Archimedes with a mere sword, so too could an armed
militia take control of the peak development of Western civilization, our
platonic realm.

"The new world of the internet, abstracted from the old world of brute atoms,
longed for independence. But states and their friends moved to control our new
world -- by controlling its physical underpinnings. The state, like an army
around an oil well, or a customs agent extracting bribes at the border, would
soon learn to leverage its control of physical space to gain control over our
platonic realm. It would prevent the independence we had dreamed of, and then,
squatting on fiber optic lines and around satellite ground stations, it would
go on to mass intercept the information flow of our new world -- its very
essence even as every human, economic, and political relationship embraced it.
The state would leech into the veins and arteries of our new societies,
gobbling up every relationship expressed or communicated, every web page read,
every message sent and every thought googled, and then store this knowledge,
billions of interceptions a day, undreamed of power, in vast top secret
warehouses, forever. It would go on to mine and mine again this treasure, the
collective private intellectual output of humanity, with ever more
sophisticated search and pattern finding algorithms, enriching the treasure
and maximizing the power imbalance between interceptors and the world of
interceptees. And then the state would reflect what it had learned back into
the physical world, to start wars, to target drones, to manipulate UN
committees and trade deals, and to do favors for its vast connected network of
industries, insiders and cronies."

[http://cryptome.org/2012/12/assange-crypto-
arms.htm](http://cryptome.org/2012/12/assange-crypto-arms.htm)

------
jiggy2011
These things do have intrinsic power, they don't go away just because you
ignore them.

------
frou_dh
A large portion of the userbase is likely more tech news junkie than hacker.
Everyone knows about this site - it's not an elite clubhouse.

------
computer
> If you are focused on creating something, none of these "threats" would
> matter.

I suspect many of those who care about such things care about creating a
better society, a better world.

------
nickthemagicman
Being creative in a society that values conformity is itself a place of
insecurity.

------
jbrooksuk
I personally feel threatened by the community. It's almost cut throat.

~~~
collyw
Can you explain why?

~~~
jbrooksuk
Essentially, for me, it boils down to not being able to keep up. Unless you
know every new toolset, you're almost redundant. You stand little chance of
being hired by a successful startup or the next Google/Dropbox. It's as if new
toolsets are being produced to actually slow the majority of people down.

------
IvyMike
> So what's the reason for attributing so much power to these external
> "forces", none of which have ANY intrinsic power beyond what you give them?

I don't understand what this is supposed to mean. Some of those "forces" which
you condescendingly put in quotes have _actual armed forces_ behind them.

When your adversary is a foreign government, they have very real power that
had absolutely nothing to do with your consent.

------
Glide
Except that they do have power even if you ignore them. I don't think anyone
can argue that environment is not vital to a persons's development. The
government, NSA, piracy, patent trolls, etc. all happen to be a part of the
environment that we're in. In fact, many other things happen to be a part of
that environment and have a more direct impact on children and their
development.

One example would be something like this:
[http://articles.latimes.com/2013/nov/11/entertainment/la-
et-...](http://articles.latimes.com/2013/nov/11/entertainment/la-et-ct-piracy-
education-20131111) . I'm neither condoning or accepting of piracy in this
statement, I'm only stating that the MPAA is a part of the environment and it
affecting education.

Then we can take a look at some of the "cultural" (I am lacking in words at
this moment) factors that are in government when watching some of Lawrence
Lessig's talks about removing the influence of money from government. Because
of that influence of money corporations can influence legislation which can
fundamentally change the rules that the market abides by.

An example of this would be reverse engineering. Without which, I might add,
the computing market would look dramatically different today. Or does no one
still remember the thing with DVD players? I know I had to pony up in order to
play Blu-Ray(R or TM) on my computer.

Those kinds of headlines one _should_ expect from a community. A community
should seek to protect itself and inform its members of threats both real and
imagined. If I don't see any articles about threats in the future I'm going to
think I'm in some kind of dystopia and they've managed to infiltrate HN.

------
eliteraspberrie
I agree with your premise that those powers have very little power beyond what
is surrendered to them. For example, creativity has almost solved the problem
of dragnet surveillance, through inventions such as public key cryptography,
anonymous remailers, onion routing, and so on. (Although one must opt in to
those solutions at the moment.)

However, the asymmetrical advantage of creativity vanishes in the case of
targeted power. A creative individual doesn't stand a chance against the
smallest application of power -- brute force wins over intellect. This is an
open problem, that perhaps doesn't have any solutions.

My understanding is that most "threats" you mentioned are using the tactic of
isolating individuals from the aggregate, because it is then that power is an
advantage. Hence, endpoint hacking has taken the place of cracking ciphers,
with metadata/social network analysis being a means to this end.

Just as important as creativity is a positive outlook. There are still
discoveries and inventions to be made. Hackers should not get discouraged,
stay optimistic, and get to work.

------
forgottenpass
Other people have already made better critiques of your post. I find it to be
a hollow assertion based on multiple inaccurate assumptions, but I want to
focus narrowly on one point that I don't think anyone else has addressed yet.

 _So what 's the reason for attributing so much power to these external
"forces", none of which have ANY intrinsic power beyond what you give them?_

You seem to be playing fast and loose with the distinction between "you"
meaning me as an individual and "you" meaning a society that includes myself.

I, personally, don't necessarily give the NSA any power. Unless you're saying
that apathy in a democracy does give them power. But therein lies the switch
from individual to collective "you".

If I alone dedicated my entire life to removing their intrinsic power, I still
wouldn't be able to remove it's power. Snowden threw away his life to try and
remove the power behind the NSA. He was uniquely positioned to challenge their
power and only managed to get egg on their face and start public discourse.

Societal things like this necessitate discussion, because that's the only way
the power drawn from a large number of people can work to counter that power
acting towards it's natural incentives.

Or are you going to argue that because I am able to to completely withdraw
from society and live in a cabin in the woods I'm opting into the power
exerted by governments and corporations? By that logic my continued decisions
not to commit suicide are approval of whatever government rule happens to be
the status quo. Rhetorical power of death aside, I do find that to be both
quite true and utterly irrelevant to a conversation on the type of world I'd
like to live in beyond the barest of bare minimums.

------
MartinCron
In your list of things that hackers are insecure about you forgot women and
their white knights coming in to ruin their precious traditionally male space
with their inclusive pronouns and draconian prohibition on immature dick jokes
in professional settings.

If something is helpful to women in tech, it has to be harmful to men, right?

------
bananacurve
I suppose a fair amount can be attributed to the fluorescent tan. Little
sunlight or fresh air. I found it hard to switch to the office lifestyle and
frequently go for walks even in bad weather for relief. I think hackers that
make physical things are happier in general due purely to the physicality.

------
nswanberg
This essay answers the question amazingly well:
[http://paulgraham.com/gba.html](http://paulgraham.com/gba.html)

What is sad here is not that those subjects are discussed but the sometimes
fearful and shrill tone in which they are discussed. Sadder still is that
there are a lot of comments on HN that seem just as afraid of hacks like
Soylent or Bitcoin or AirBnb.

------
gopher1
Why does discussing news stories about threats make us insecure? Why do
threats not matter if we're creating something (and for that matter even if
you don't create things)? Why should creative communities not discuss threats?
If we give these threats the power they have, should we not discuss them?

You're making a lot of assumptions here...

------
badman_ting
A rather tendentious question. You may choose to ignore it, but those forces
have power nonetheless. You may not be interested in them, but they are
interested in you. Marking it down to "insecurity" is just bizarre

------
jol
With power comes responsibility, you should choose what to hack and why :)

------
joslin01
What a stupid paragraph to read through. No seriously, what a stupid paragraph
to read through.

> Reading through HN's headlines it is hard not to notice that most discussion
> is generated around countless "threats".

Why did you put quotes around threats? You seem to imply that the NSA, piracy,
patent trolls, banks, other countries' governments [and how they integrate
with ours], and big corporations do not warrant our awareness. In fact, you
don't even believe they are threats apparently by your continued use of
quotation marks.

> A hacker is supposedly someone who is enlightened about the power of their
> own creativity. If you are focused on creating something, none of these
> "threats" would matter.

Where did you discover the following rules? (a) a hacker is an enlightened
creator (b) when focused on creative pursuits, threats do not matter

Could you prove them for me? If not, then why do you use them as reasonable
premises for your concluding argument? In fact, you might have an easier time
arguing that a creator is more highly aware of threat because they don't want
to see everything they worked for go to waste. Programmers naturally become
skeptics; not because they want to get down on people but because they
immediately look for the holes in the logic. Because, um, it's our job!! Are
you surprised when you meet a compassionate nurse? How about a sly politician?
No? Then maybe you're starting to get it. The lens we see through the world
through is different than the nurses's, and so we have our own stance on say,
the NSA, or Obama's re-election, or congress shutting down, or any other human
event that takes place. It makes sense that we would use this community to
talk about that outlook amongst other fellow craftsmen who have the same kinda
lens.

Some, not all, care what's happening around us. We're not this fantastical
creative hacker secluded from society. The idea that we are, coupled with the
idea that we shouldn't be concerned with threats, is insulting. It puts us in
a box and gives rise to the "us vs them" attitude. Whether you idolize us or
demonize us, you miss the underlying fact that we're humans too.

>So what's the reason for attributing so much power to these external
"forces", none of which have ANY intrinsic power beyond what you give them?

Now for the grand-daddy of stupidity. Apparently the NSA and any other big
world power is just an external force that doesn't have any intrinsic power
besides what we give it! I forgot!

You're not stupid enough to believe this, I know this. You're just saying it
to give greater power to your already weak argument that hackers are insecure.
This is a very intelligent, progressive, and open-minded community. We
regularly debate things in a way congress wishes it did. You have the audacity
to put us in a box, call us insecure, stamp a cute label "enlightened hacker",
and question why we should ever be concerned about politics. Get the hell out
of here with that nonsense. I'll say it again: we're humans too. We're allowed
to have other interests besides programming (though at times I wish my boss
knew that!).

~~~
nswanberg
I agree with most of what you are saying but since you wrote "we" and "us" I
would have preferred that you would have written the comment in a way that
does not scream "We are insecure!"

------
dear
That is because all these threats are trying to kill creativity.

------
bananacurve
I like how this post is being flagged by insecure hackers.

------
realag
It's better than all of the bitcoin crap.

------
entendre
I used to go tour Williamsburg as a child. I used to love the shot towers and
the tricorns and the proximity to the beach. I used to love the ferrier and
the the legislators and the town harlot. I had been to jamestown and I had
been to my own family's homestead which predated Williamsburg and their
delicious recreation of a duck potpie. I respected Jamestown and I like to
think even as a child I knew the recreation for what it was, the type of
people who'd be there and yes, I too, would rather be wearing a uniform and
protecting ponies on assiteague but creative anachronism at jamestown pays
better because more people want to visit pocohontas than get yelled at for
swimming with horses.

I guess my point is hackers are like ren faire workers these days. the
problems are and have always been people not who works for them.

