I was sent a link by a friend of mine who is working with me and a bunch of other people on a project that we hope will do some great stuff for a lot of people. Someone basically referenced a sub project of what we’re working on, and then applied it very inappropriately to a hacker space in Kansas City, known as the Cowtown Computer Congress ( Chaos Computer Club pun intended ).
Article Link: http://www.stltoday.com/stltoday/news/stories.nsf/stlouiscitycounty/story/B761E8B034D3D0D18625767C000D6B4B?OpenDocument
Well, I figure I have a post to make as a result…
I’m not going to get too deep into any of the stuff we’re doing, because to be blunt we’re not ready to let that cat out of the bag just yet… we’re still beating it and throwing catnip in with it.
But, let’s examine some choice quotes from the commentary on this article and respond to them.
SomeoneKnows November 30, 2009 12:58AM CST
> Despite the name, the group isn’t composed of hackers in the traditional, computer virus sense.
Ha! I’ve heard that before, do some research – Google “hackerspace Warzone project”.
“research” is sometimes another term for just enough knowledge to be harmful.
There is a strain of hacker spaces that have begun developing the Warzone. It began with Kansas City’s CCCKC, Chicago’s Pumping Station-One, and Washington DC’s HackDC. From a cyber security professional’s perspective it makes sense, but with the wrong person practicing these skills it can be devastating.
The Warzone isn’t 100% public knowledge yet… largely because it hasn’t been fully built yet. The underlying technology it will be existing on top of is only just being rolled out in development stages now. I know, I’m the point of contact for the NYC Resistor node. The architecture of the network it will exist on is designed around a trust network. The idea is that we allow “anyone” onto the network, but only in a controlled environment where there is a minimum defined level of accountability. The idea is to ensure that anyone who does decide to do something very much unethical will be found and dealt with as expediently as possible. Research will be done in the area of information security because it is beneficial to our economy and our governments to ensure the stability and general resiliency of our communication, automation, power, and lord knows what else networks. It’s actually quite vital in pretty much every area of industry, and very much an integral stage in the development cycle of many soft and hard projects. We’re developing a safe and responsible environment in which to engage in testing and research that is necessary and very interesting to us.
The commenter’s concerns are not without merit, but the purpose of this project is very specifically outlined to satisfy those concerns in the best way possible. Many very talented people from all over the world have put many hours into ensuring that the policies chosen are the most appropriate. We’re still solidifying them and will be so for some time, but you can be absolutely certain that we are not taking any part of this project lightly. Too little knowledge is a dangerous thing.
I noticed comments by people wanting to use the Arch Reactor hacker space to mentor teenagers. Trying to include teenagers can get complicated. Personally, I feel open access to tools for cyber hacking, learning how to steal passwords, and other mischief can be inappropriate at that age. Even university students get caught up trying to make a name for themselves. The incident at Defcon in 2008 “Anatomy of a Subway Hack” http://news.cnet.com/8301-1009_3-10012612-83.html became a situation that could have landed these MIT students in federal prison. I was a founding member of CCCKC but these are reasons I chose to leave the group. I don’t want to be labeled a cyber hacker by association.
Information Security is not a field devoted entirely to the development and research of offensive technologies. While that is an important part of the audit process that has become a very lucrative area of the field, it is by no means the most important facet of it either. Secure development methodology and awareness of risk management in design is a fundamental necessity in the arsenal of any engineer. As much as ensuring the safe and legal operation of amateur radio devices is a part of the design process for wireless devices. Many parts of science and engineering can fail catastrophically, as well as succeed catastrophically. Sometimes the best of intentions can have the most dire of consequences, and that’s where I find it is important to educate younger software and hardware engineers in the importance of responsible coding practices.
When I was a kid the local fire department used to go to schools and demonstrate ways in which a small shed could easily catch fire and become very dangerous for the occupant. It wasn’t intended to teach children how to torch homes. It was intended to remind children that fire is dangerous, and that being cautious in our daily routines and with dangerous utilities such as our stove tops is important. Demonstrating security issues as we lay down an introductory foundation for applications is an important part of the education pedagogy, so is explaining very careful what the consequences of an attack are. Where right and wrong are, and giving some background information on what the real damages are to people in the event of a security breach.
Not talking with your kids about sex, and drugs has been proven to be a bad idea. Not talking to your young engineers about some of the shadier sides of science, is also a bad idea. Especially for young engineers in fact. You are already dealing with highly analytical people with a tunnel vision approach to design. You need to help them develop their social awareness, and an idea of how important it is for them to know where the lines are they shouldn’t cross. A lot of engineers discover those lines the hard way.
Before leaving, I was trying to get a program started that I called “Students Left Behind” to help teenagers whose schools abandoned their robotics programs. Often these students don’t have a mentor who can help them with new technologies. I didn’t want to expose them to this atmosphere.
Arch Reactor can do better, try looking to hacker spaces like NYC Resistor as a role model with a maker centric approach. It is inspiring to see the successful outgrowth of MakerBot Industries from the NYC Resistor hacker space. I had a chance to visit with Mitch Altman from the Noisebridge hacker space a few months ago. One thing he said was each space takes on a personality of its own. Here’s to wishing Arch Reactor the best as you grow into your own personality.
It’s odd you mention the work with younger people, NYC Resistor has had a great deal of trouble involving itself in events with younger folks due to our countries absurd liability issues. We need SEVERE TORT reform. It’s hindering us in a great many areas we could do a lot of good in. That being said some of our individual members and other organizations they are involved in are doing great stuff. Donate robots and lego mind storms to toys for tots folks =P.
NYC Resistor is working with Noisebridge and PS:One on the Warzone project, as well as many other spaces internationally.
www.MakeKC.org – Art and Technology in Kansas City
I founded Make:NYC with Ryan O’horo ( and later Eric Moore and “phar” ) I see where a lot of this is coming from. There is a considerable concern about some aspects of the culture of the infosec community at large. I think its important that these communities can meet and adopt the best from each other though.