Eleven years ago, I went to Las Vegas with my oldest friend, Zoë-o. I think we were at Cesar’s palace, which was a hotel that I didn’t typically seek out–I was more of a Mandalay Bay kinda girl–it’s more modern & those beautiful gold windows, but a little too pricey for me in my twenties. In fact, I hadn’t ever even stayed at Mandalay until I went to a bachelorette party in 2019 at which time I was pregnant with Leo. Let me tell you how much fun it is to be in Vegas pregnant:
(when-not (pregnant? gina) all-the-fun).
But I digress as I reminisce. Zoë and I were at one of the bars there at Cesar’s. All of a sudden a bunch, and I mean like 50-100 young, nerdy-looking (meant as a compliment of course) dudes walk into this tiny bar. We were the only girls there, but nonetheless, not a single one came to talk to us for the first thirty minutes or so. I can’t remember exactly how we were introduced to, what was his name? D-raid (i think?) and Moxie was another. Very nice & polite young men, with whom we spent quite a bit of time solving complex, critical thinking riddles–not my typical activity on, well, any night in vegas, but i actually did enjoy it a lot. Something about burning a rope and another about turning on a light switch that you can’t reach…
About thirty more minutes go by when suddenly, all these super made-up women wearing clothing that left little to the imagination came into the bar also–so much for being the only girls… I finally asked what was going on in Vegas this week. D-raid told me that they were there for a Hacker conference and the women were there for–i’m sorry, this is just how I remember it with no validation of truth–a Hooker conference. Zoe & I were in Vegas in time to be swarmed by Hackers & Hookers. Only in Las Vegas!
All this to say that while I was talking to D-raid, i obviously inquired why there would be a conference for Hackers. Aren’t hackers bad? What are they trying to hack?
He explained that it was their job–their profession was hacking, and he explained that’s it’s important to have genuine, moral professionals hack into systems and then notify the system owner of how the breach was performed so that a similar malicious breach can be prevented–it all went over my naive & unfocused head as my intention at the time was just to get free drinks.
Nonetheless (for both the naivety & the booze), I remember a lot of the details of this night–i think it may have actually been impactful on me. He mentioned that at the keynote that day, they’d brought in an ATM. The speaker, on stage, hacked into it such that it started shooting out cash.
How did he do that? How does any hacker break into a system–whether it’s secure or not?
When it comes to the specifics, I have no clue how to hack into a moderately or even poorly secured database or server, but suddenly, I think I have an understanding of how such a breach could happen.
Any database that is purely string-based would probably be easiest with a string’d function given to a form input. But what about something a little more robust.
If all the authorization & ‘security’ is on the client side with the server simply returning what the client has authorized itself to receive from the server, well, that’d probably not be that difficult either: the key is literally handed to you. This would be like going into a bank and saying “I would like $10MM from account X” Bank might say “Are you Gina? Is this your account?” You say, “Yes, am Gina and I confirm that it is my account.” Bank says, “Great! Here’s $10MM. Enjoy your day!”
Ok, let’s step it up. Now, let’s say there is a site where the server does do the authorization. It’s a little trickier, but if it’s not well done with a segregation of server & client & thus interfaces as well as probably some dependency inversion, i do believe that this would not only be possible as well, but probably not all that difficult–again I could totally be wrong!
Things that most people don’t realize are what a website is, what a server is, who is serving data, what information the server is taking, where their data is being stored, wtf a cookie is–who cares; who doesn’t like cookies?!
It’s actually really scary. Most people do not know how the entire world around them works. I guess this has always been true in some sense, but some of the things I’ve learned in the past months are, in a way, terrifying.
Software runs our lives, and yet the majority know absolutely nothing (and I mean nothing) about the products that our lives literally depend on. Perhaps when choosing software enabled products, the ISP is a good principle of life–don’t depend on things you don’t need! Yes, say that to all the FB, Pintrest, & instagram addicts.
My point is, we live on the internet and yet have no idea how it works. We give all of our information to servers & databases with no idea how they are going to use it. We generously accept the use of cookies with no idea what kind of cookies we’re getting. And just to be very clear, I’m in this group!
I know how it works now, so can use a little more judgement, but until what? 3-4 months ago, i too had no idea what HTTP was and that the browser didn’t actually do anything other than deliver static files. You mean, things are coming to me and I’m not actually going somewhere? Why do we say “go”? “Go to google.” Why not say it as it is “Request from Google.” “Request from Facebook”. Why do we go there?
It’s a lot of knowledge to have learned in a short time, and it’s scary. I mean as a chemical engineer, i knew that I knew things that many people do not know, and in that instance, it actually made me feel proud and accomplished–it never once scared or concerned me.
I feel proud & accomplished with what I know now too, but there’s an odd sense of responsibility & concern that have tagged along with this knowledge like well placed cookies. You could argue that, “Well people go on living just fine without knowing anything about atoms and Newtonian physics, so why is this any different?”. First of all and for the record, when you do know how the natural sciences work, there are some tasks in life that are in fact easier, but that’s not my point.
The difference is that people didn’t write the code for atom characteristics or how they bond or what atoms make a molecule. There are laws that govern the natural sciences that humans did not implement–nature did, and in our study of nature, we learned the laws that are literally impossible to break, at least in our own relative environment.
This is not the case with software. In software all the rules are written by people (notice the “are” not the “were”), and thus it is up to people to follow these rules.
Whenever you drive your car, you are trusting that everyone else on the road is following the laws and thus the risk is low–further, the benefit of driving outweighs the risk. We trust that everyone is following the rules, not because they are rules, but because there are police and even citizens helping to enforce those rules.
Who enforces software? If no one knows how it works, who is making sure that it works?
For the record, I’m not suggesting that we need the government to get involved and write the laws about things they know next to nothing about. Are there communities that govern themselves?
Rex:
Rex matured overnight. Today, he put his head back in the bath when it came time to dump water on his head, then he shared a toy with Leo to play with, then he came right to the dinner table with no objections, and ate his dinner–even the green beans! He earned 5 happy blocks within a matter of an hour.
Leo:
First of all, tonight at dinner, Leo brought a toy screwdriver, which he’d previously been using for “fixing” as Rex would say, to the table and proceeded to use it as a terrible fork. On the third attempt at a blueberry, however, it worked giving him the expectation that it should work. I don’t know if I’ve ever seen this kid so frustrated as when the dull-tipped plastic screwdriver did not work on picking up the chicken & green beans or even another blueberry that wasn’t so lucky.
At bedtime, he touched both my ears and said “eeaaawww”
