Hacker News new | past | comments | ask | show | jobs | submit login
Your cyberpunk games are dangerous (boingboing.net)
166 points by jgrahamc on May 10, 2015 | hide | past | favorite | 46 comments

It's at the bottom of the article, but I think it's worth noting that Jon Peterson does some impressive work for role playing game historical documentation. His book Playing at the World is a labor of love, giving not only a detailed history of the early days of wargames and tabletop rpgs, but a history of the science fiction and fantasy genres, a history of games in general, and how those lead to the creation of modern rpgs. He then wraps things up with a chapter on how tabletop gaming influenced the star of the video game industry.

The scope is huge, the book is giant, and he published it under his own imprint so that no one could tell him to cut things. I found the section on Kriegsspiel particularly interesting. Highly recommended if you're an enthusiast for the subject, otherwise you'd probably get very frustrated.

> The raid couldn’t have come at a worse time for Steve Jackson Games. Already in debt, the company depended heavily on new releases for cash flow, and the confiscation of the GURPS Cyberpunk manuscript would significantly delay the book’s release. On March 9, the company let go eight people from its staff of seventeen. Since the Secret Service did not immediately return the manuscript, the team frantically reconstructed it from earlier draft materials and hurried it into print.

The other moral the story: always keep an off-site backup.

As the guy they're talking about, I did keep an offsite backup. The GURPS Cyberpunk manuscript existed in three places -- my computer at home, my computer at work, and the Illuminati BBS.

They took all three. They also got my wife's in-progress Master's Thesis, and she had to restart from scratch because they refused to return even a copy.

I'm curious where the quote attributed to me was sourced from, as I don't remember saying that. However, since I regularly come across things in old backups that I had totally forgotten, both code and written text, it may be completely legit.

I'm kind of surprised the author didn't bother to contact me at all (I'm hardly difficult to find). We weren't awakened at gunpoint, for instance. That was Goggans. We were awakened by pounding on our apartment door at 6 AM.

Hi, I wrote the article. The long quote from you is sourced from a (pre-raid) article you wrote for Steve Jackson's house organ of the time "Roleplayer" #15; be happy to send you a scan if you're don't have one.

As for being woken up at gunpoint, that's sourced from a number of contemporary accounts, including a Mar 5 1990 comp.dcom.telecom post (reposted in Phrack #31) reading "The Mentor was awakened at 6:30am on Thursday (3/1/90) with the gun of a Secret Service agent pointed at his head."

I do apologize if it seems standoffish not to have dropped you a line while I was working on it - it's kind of my shtick that I work exclusively from documentary evidence of the era I'm writing about rather than from interviews today. No method is perfect, but the results tend to be pretty decent.

Like I said, it doesn't surprise me that I said that, I just didn't remember it.

But a random Usenet post from someone who undoubtedly wasn't there isn't a source, it is hearsay....

And how hard would it have been to look at the cover of Cyberpunk and spell my name right?

I hadn't noticed that your name is misspelled in the published version - sorry about that, I'll see if that can get fixed. It must have been spellchecked somewhere late in the editorial process.

And as for the gun in your face, obviously you know best what happened to you, I was just explaining why the article says what it says. I will not repeat the hearsay.

They had guns when they came in the door, but Goggans had said something to the effect of 'you'll never take me alive' on a BBS post, so they were a little more proactive in his case... :)

They did manage to correct your name in the story, fyi.

If the innocent material you have suddenly becomes subject to search-and-seizure by the Secret Service, off-site backup would likely be targeted as well. Keeping a copy might even be a felony even if it turns out the data was innocent (obstructing an investigation/operation etc).

I'm not sure how even ignorant law enforcement raids go from "maintaining additional copies" to "obstructing justice."

I just meant that if the Secret Service think you have some illegal material, like login/pws to a VPN for ATM machines -- then not handing over all copies is likely considered obstruction/non-compliance. Even if it turned out that those documents were not actually of the nature -- if the warrant/investigation was otherwise legal, one isn't allowed to simply "keep a backup".

Eg: http://www.wired.com/2015/01/barrett-brown-sentenced-5-years...

"The obstruction charge relates to an attempt by Brown and his mother to hide a laptop from authorities during a search of her home in March 2012. Brown’s mother was separately charged with obstruction and given six months probation."

At any rate, my point was that if you have a list of credit card numbers, and the Secret Service comes and asks for them. It is not ok to keep an off-site backup.

I'm not saying that the US government isn't behaving batshit crazy wrt hackers ever since around the Kevin Mitnick case, or that the current laws makes sense -- nor that the priorities makes sense -- just that "having an off-site backup" isn't a defence against a rouge state. Especially if you are a subject of that state.

Now I see your point.

However, I'd argue to a judge that I can't be "non-compliant" about surrendering all copies of illegal material until the court decides that the material is indeed illegal. Just because law enforcement wants to bring charges doesn't mean I'm actually guilty of anything yet.

It was far more difficult in the early 90s.

I imagine that even clumsy methods of doing so would have been cheaper than the turmoil that goes with having to fire half your staff.

We thought three copies in two separate locations was backup enough. All three of the computers (my home system, my work system, and the Illuminati BBS) were seized.

Hindsight = 20/20, eh?

> J. Eric Townsend reviewed a copy [of GURPS] for the early computer security zine RISKS

This looks like the review in question: http://catless.ncl.ac.uk/Risks/10.03.html#subj10.1

" he notes that “now it seems that anybody with any computer knowledge at all is suspect,"

seems like knowledge is what's being hammered on these days by propaganda. IIRC a kid was arrested for using DOS / a shell on his school computer (can't find the link, sorry)

I got yelled at by a teacher for this in the '90s. I used the command line to access things that weren't presented in the login shell's menu. Since the system had permissions which explicitly granted me the right to access other programs I didn't think anything of it... but he thought differently and accused me of hacking.

We had a similar outbreak of NETSEND at my high school. A couple of kids were suspended (for sending bad things) but the chorus of kids explaining how easy it was to send anonymous messages to the entire school caused them to actually secure the computers.

"Our cyberspace today has its share of problems, but it is no dystopia"

Really? What changed? The government at least got more proficient at using the Internet, I guess.

I had just copied this to paste here.

That someone is able to write such an article and at the very end wrap it up like this, today, after everything that the whole world knows for a fact, this scares me more than anything in the article.

Yeah, ultimately I think the Internet today is a lot more open and a lot more beneficial to liberal society than any network was in 1990. I understand why you gag at that, but, I can imagine much, much worse outcomes than we got.

"Role-playing games were dangerous: they warped fragile young minds, breaking down the barriers between the real and the imaginary. The irony is that it was the authorities, not the players, who couldn’t tell a game from reality."

... well said.

What is the quote again? "Do not expect a man to grasp it, when his continued employment depends on him not doing so".

I've read a couple of previous write-ups regarding the raid on Steve Jackson Games, but this one provided a number of details I don't remember the others having (though I could have just failed to remember them).

Sci-fi author Bruce Sterling's non-fiction book _The Hacker Crackdown_ covers the era pretty well, and is freely available. Sterling, after all, coined the very phrase "Information wants to be free."


per http://en.wikipedia.org/wiki/Information_wants_to_be_free the phrase is attributed to Stewart Brand "On the one hand information wants to be expensive, because it's so valuable. The right information in the right place just changes your life. On the other hand, information wants to be free, because the cost of getting it out is getting lower and lower all the time. So you have these two fighting against each other."

Huh. Looks like I've wrongly attributed that phrase for pretty much its entire lifetime!

I remember this from when it happened. The SJG raid and sun devil made me join the eff. At the time it looked like we needed help defending against the war on information.

Had no idea Legion of Doom were connected to GURPS. Good read.

LOD is even thanked in the book credits.

There are degrees of Black hat hacking. Let's not make the laws so serve most Americans don't even think about ways to penetrate a system?

While other countries, like Russia, and China--seem to encourage their citizens to become better black hat Hackers? Russian Hackers seem pretty efficient, and we can't touch them.

prosecutorial laws should be not so heavy handed. A Prosecuter should not be able to stack charge after charge against a black hat Hacker(like Arron Schwartz)--to the point where he commits suicide. Or, make Black Hat Hackers so angry with their government they turn their backs if asked to help? Crimes--even computer crimes are not black and white; neither should the punishment be one big blow in order to send a message.

When other countries become better Hackers than Americans and take over critical infrastructure; I picture some Gsometing government employee scouring Google trying to figure out exactly what the Russians and Chinese have done to our servers? Or worse, hiring some slick security outfit who claims they know how to fix the intrusion?

(No wonder Hackers keep Obama up at night? I don't think he was referring to American Hackers either?)

I am not sure which is more dangerous, the era in which the government did not understand the Internet, and accidentally lashed out in hysterical fear against non-threats, or the era in which the government does understand the Internet, and deliberately lashes out in hysterical fear against non-threats.

Or the era in which the government does understand the Internet, and deliberately attacks actual threats…getting caught in the crossfire is never fun, no matter how legitimate the battle. How many people died in the Battle of Britain from shells, shrapnel and planes falling on them? But of course, many more would have died had the RAF not fought the Luftwaffe.

Likewise, how many will suffer today in the crossfire between criminal gangs, extremist organisations and legitimate governments? How many would suffer if legitimate governments didn't fight?

>Likewise, how many will suffer today in the crossfire between criminal gangs, extremist organisations and legitimate governments? How many would suffer if legitimate governments didn't fight?

About as many, or even less.

Governments not using mass surveillance, and other forms of spying on their own citizens, implies the following benefits:

The money spent on mass surveillance is either spent elsewhere (so you merely need to find a more productive use of those untold billions to decide that the surveillance is not worth it) or not collected as taxes or tariffs to begin with.

The man hours spent constructing, maintaining and operating the apparatus of surveillance is spent elsewhere (this coincides with the benefit above, where the government takes engineering talent and uses it for more productive projects or increases the supply of engineering talent in the private market alongside a tax rebate).

The money & man hours spent by innocent people (read: people caught in 'crossfire') defending themselves from mass surveillance is free to be spent on more productive projects (whereas now it merely serves to lower the impact of the 'crossfire').

The chilling effect caused by mass surveillance ceases to exist (or is at least less in the world where people are unsure whether mass surveillance occurs vs. the world where they know it occurs for sure).

As for the detriments, I'm not sure how effective mass surveillance has been at achieving its stated goal - while I cant reliably reason about a world where mass surveillance never existed, I can say that the impact of domestic and international terrorism on the quality of life in US and Europe was not high prior to mass surveillance and that I see no good reason to believe it should have increased dramatically enough to justify both the resources spent and the loss of privacy (or even either of those separately) - but this is an argument that you need to make, I can't provide it for you.

I'm also not aware of any notable achievements of the mass surveillance programs, and although these may be classified, I doubt they exist since the US gov't still refuses fair trials to the alleged terrorists it imprisons, and if the surveillance projects had generated a significant amount of useful, incriminating evidence this would not be necessary (under the, imo, fair assumption that the reason they avoid trial is that the govt is incapable of proving guilt in many relevant).

Intelligence collection is not about security but about * control*, though security is a small subset of control.

The problem is that, as Gall's Law states, systems and organization eventually become counter productive: the NSA and the security industry generally are threats to individual and national security.

     <comment class="devils_advocate">
This seems like a mighty conspiracist view on the topic. There haven't been any inklings, covert or overt, that the recent actions taken by governments are for anything other than their stated goals.

How can you confidently say that this is about control and not security?

Have you ever managed an organization? Then you would understand why it is a fundamental need for those in control to have the maximum amount of information possible. It's impossible to govern an organization of you know nothing about it.

That you call it a conspiracy betrays your ignorance of this matter.

You just did an excellent job of not answering the literally one question I asked you. Could you do that, please?

"Cyberwarfare" cannot be analogized to traditional war. There is no analog to mutually assured destruction. There are no open battlefields; every system attacked has a private or government owner. Every dollar spent on attacks instead of patching vulnerabilities leaves everyone else vulnerable to those attacks.

Instead of analogies and aphorisms, let's talk about actual consequences to actual tactics.

Software vulnerabilities are now the most important vector for signals intelligence, so really the argument here is whether there's a purpose to conducting signals intelligence, and whether it outweighs the harm done by postponing fixes for bugs that NSA could otherwise report.

Before I would ever change sides in that argument, I would need to see definitive proof that vulnerabilities in software I use are better for me than having those vulnerabilities fixed.

Unlike nuclear weapons, there aren't a lot of rare resources required for discovering vulnerabilities, so the approaches that help with nuclear nonproliferation will not help with digital security. All one needs is to find vulnerabilities is smart people (and maybe a lot of computing resources to brute force fuzz a lot of software). There are a lot of smart people and fast computers out there, and the ones not in the US almost certainly outnumber those that are inside the US. It seems it would be much better to defend against them and disarm entirely rather than hope to stay ahead of them.

I'll admit up front that I don't have a clearance of any sort, and I don't work in intelligence. But as a citizen of the USA, that particular argument is really quite irrelevant. I don't want my systems used by IDF Unit 8200, The Equation Group (or whatever the NSA calls themselves) or PLA Unit 61398. The "important vector" is a wide open hole I want patched. All the NSA arguments are pretty irrelevant, except for signs for the rest of us to regard the NSA as a rogue agency.

On some authority, you're asking me to put myself in the position of an NSA leader. I'm not an NSA leader. Postponing the bug fixes hurts me, and the rest of the people like me. Fix them.

That's not really the choices available. The options aren't NSA reports bugs/uses them for intelligence collection, its NSA uses bugs for intelligence collection or they don't find bugs at all.

Its possible that the right answer is we should have a US agency finding bugs and getting them patched, but it certainly shouldn't be any of the intelligence agencies. That feels a little too like putting the military in charge of the police force.

Even in WW2, there are plenty of reasonable arguments about methods and whether they were necessary, proportionate, and effective. Look not to fighter command but bomber command: to what extent was widespread strategic bombing necessary and effective? Firebombings of Dresden and Tokyo?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact