Generations five and six: The Microserfs and the free/libre and open

Gisle Hannemyr (1997, 1998) introduces the idea that the methods and ethics of hacking are capable of generating software superior to that produced by the rigidly Taylorist methods of specialisation and standardisation that were commonplace in software engineering at the time. This positive perspective may seem surprising, given that Hannemyr is a Norwegian computer security officer.

3.1.5.1 Black hat / White hat

However, many ‘compsec’ or ‘infosec’ professionals consider themselves hackers, albeit ‘ethical’ ones, and hacker conferences or ‘cons’ such as the NZ Kiwicon or

break the law) and ‘white hat’ (ethical hackers or computer security professionals) participants, not to mention all the shades of ‘grey hat’ in between. The Kiwicon Wikipedia entry, which appears to have been written by involved parties (in that it is in the style of the text on the Kiwicon website – see Figure 1), gives a good account of the general atmosphere at a hacker con:

Kiwicon provides a venue for hackers and computer security professionals as well as other interested parties to get together and share knowledge, war stories and to consume a startling amount of beer. In the spirits of DEF CON and Ruxcon, Kiwicon intends to bring together the best and brightest from academia, the computer security industry, the hacker underground, those who manage critical infrastructure and law enforcement.

(‘Kiwicon: Wikipedia’)

Figure 2: The Kiwicon 2K7 website homepage5

This diversity of attendance was apparent at the conference, with the maxim of ‘knowing your enemy’ (and even having a beer with them) being strikingly apt.

The distinction between black hat and white hat or ethical hackers, and the proportions of each at hacker cons was something one of the Kiwicon attendees, the CEO of Securus Global (an Australian/global computer security company), made comment on (‘Securus Global’). When asked whether he classed the work he and his colleagues did as hacking, he replied:

The “hacking” (ie; testing websites and access points for clients) is just a small part of what we do. We perform a raft of other activities whose goal is to help secure our client’s environments […] Do we call the hacking part “hacking” ….yeah….it is what it is and our clients are happy to call the “tests” hacking / pen [penetration] tests. They want to know what hackers could do to them but we try to shut down these paths before they potentially impact our clients.

(Drazic 2007a)

In relation to this, and in response to a question regarding the distinction between hacker and cracker, and the media’s role in negatively defining the term ‘hacker’ for the general public, he also made it clear that he felt the media pathologisation of the term ‘tainted’ all Kiwicon attendees and hackers in general with suspicions and negative connotations, whether they deserved them or not:

It’s tough with the media sometimes because they like to sensationalise it. They would love to think and certainly like to allude to events like Kiwicon being full of rogue hackers. While some in attendance may fit that bill, most are not… just because you know IT well and can perform this work, there seems to be a grey cloud above those people.

(Drazic 2007a)

media’s role in this, with one of the organisers of Kiwicon also characterising media coverage of hacking as ‘sensationalistic’ (Metlstorm 2007a).

Returning to Hannemyr’s argument, he compares ‘hacker’ and ‘non-hacker’ software, for example, the Linux OS vs. MS Windows, summarising that:

…[s]oftware constructed by hackers seems to favour such properties as flexibility, tailorability, modularity and open-endedness to facilitate on- going experimentation. Software originating in the mainstream is characterised by the promise of control, completeness and immutability. (Hannemyr 1997)

These characteristics reflect the differing production environments, citing the benefits of an “agoristic, integrated and holistic attitude” as opposed to a “proprietary, fragmented and reductionist” one (ibid.). The Linux OS and the GNU project are cited as examples of the programming success the hacking approach can achieve, and he concludes that it should be considered, at the very least, as a complementary approach to Taylorism.

The concept of hacking as a work ethic had been previously touched upon by Turkle (1995), and Raymond (1999), and was extended in Himanen’s (2001) The Hacker Ethic: A Radical Approach to the Philosophy of Business. None of these texts are worthy of further examination due to their excessively lyrical, subjective or glancing perspectives on hacking. Hannemyr’s articles are also of limited current relevance, as feedback on this matter sought from various software engineering professionals indicates that their workplaces currently practise systems of production that incorporate exactly the hybridity that Hannemyr is suggesting. This merely recognises that Hannemyr’s texts are perhaps somewhat dated (an inescapable reality in a rapidly evolving and relatively young industry) or idealistic, but far from invalid.

Indeed, Hannemyr’s texts hint at the fifth and sixth generations of hacker identified by Jordan and Taylor (2004) – the Microserfs and the free/libre and open source software (FLOSS) movement. Microserfs may be broadly understood as hackers/computer programmers who have been co-opted by computer programming corporations such as Microsoft, thus ‘selling out’ on the hacker ethics of anti- bureaucracy, anti-authority and informational freedom. Presumably, ethical hackers or computer security professionals are also partially characterised by this category, although one suspects (from those spoken to) that this descriptor would not likely be well received.

Conversely, those involved in the FLOSS movement are hackers who have stayed true to these ethics, and instantiated them in the dispersed and collaborative production of free and/or open source software. Richard Stallman, the GNU Project and operating system (OS) and the associated GNU General Product Licence (GPL); the Free Software Foundation; Linus Torvalds, the Linux project, and particularly the Linux distribution Ubuntu OS, which now has an estimated user base of over 12 million (Kerner 2010); all are prominent examples and embodiments of the FLOSS movement and ethos. (The FLOSS movement is a fascinating evolutionary offshoot of hacking, and is worthy of much research in its own right, but will be dealt with only briefly here.)

Hannemyr effectively pits these two generations against one another in terms of both work ethic and productivity. As previously argued, the distributed, collaborative work ethic of the FLOSS movement (or of hacking as Hannemyr sees it) has also been co-opted to some extent by the corporate programming world, but there is no doubt that the informational freedom ethics of the two generations are well and truly in direct contrast. The four freedoms of the free software definition are as follows:

Freedom 0: The freedom to run the program for any purpose,

Freedom 1: The freedom to study how the program works, and change it to make it do what you wish,

Freedom 2: The freedom to redistribute copies so you can help your neighbor,

Freedom 3: The freedom to improve the program, and release your improvements (and modified versions in general) to the public, so that the whole community benefits.

(‘The Free Software Definition’)

These clearly run in direct contravention to the proprietary ethos underpinning corporations such as Microsoft and Apple. The open source philosophy shares many of the same principles, although free software purists often look down upon open source as a development methodology as opposed to a social movement. “For the Open Source movement, non-free software is a suboptimal solution. For the Free Software movement, non-free software is a social problem and free software is the solution” (‘Why “Free Software” is better than “Open Source”’). Nevertheless, both are anathema to proprietary, bureaucratically and hierarchically organised software development or ‘Microserfdom’.

Hannemyr’s texts also recognise the media’s (by now well-established) role in hacking’s gradual popular and legal criminalisation, and the contested nature of the terminology, with the author taking hacking as a set of ethics and open, anti- hierarchical labour methods, best embodied by Jordan and Taylor’s sixth generation, the FLOSS movement.

3.1.6 Tim Jordan and Paul Taylor: A summarisation and extension of