I was not aware he was ill. Always sad to hear people that are taken by cancer.
I didn't know Kevin, but am friends with Tsutomu Shimomura who worked with authorities to get him arrested. Tsutomu worked with me a bit when I was at Sun trying to get a cryptographically secure subsystem into the base system specification. It was fun to listen to his side of this story.
The 80's was a really weird time for computer enthusiasts, and it was the period of time when what was then considered the "hacker" community schismed into what today we might call "white hat" vs "black hat" hackers.
As a person who considered themselves to be part of that community I was personally offended by how the story of Kevin painted everyone who thought of themselves as a "hacker" as a criminal. It made for good story telling to make these folks "pirate" or perhaps more accurately "privateer" types in their swashbuckling ways of sticking it to the man. People would say, "Exposing security holes is like solving puzzles (which is fun) and important because if I don't do it, well somebody 'bad' will." And while I'm here, why not make it hurt for them a little bit to incentivize them to fix this problem quickly!"
I didn't disagree with the importance of pointing out security problems, but the flamboyant way it was done scared the crap out of people who were both clueless and in a position to do stupid things. As a result we got the CFAA and the DMCA which are both some of the most ridiculous pieces of legislation after the so called "patriot" act.
The damage that did to curious people growing up lost the US a significant fraction of their upcoming "innovation" talent. While not diminishing the folks who leaned in to the illegality of it.
> I was not aware he was ill. Always sad to hear people that are taken by cancer.
It was pancreatic cancer, which is the deadliest cancer. It kills very quickly and as far as I know, it's impossible to cure.
It killed my mom: 3 months between diagnosis and death. She didn't want treatment because it couldn't save her; it would only postpone the inevitable and she didn't want to spend the rest of her days in hospitals.
It took my dad last year, diagnosis in April, gone by mid-June. It was so aggressive he chose "medical assistance in death" (MAID), because he didn't want to be in hospitals all-the-time. He had half-completed the process, then had a stroke on June 4th, where he was then admitted to hospital. The stroke cause aphasia, so he couldn't communicate very well (speech was very disjointed, but he could understand everyone) - they brough in a speech pathologist, after a couple weeks they we able to confirm that he still wanted 'MAID', so - I had to make the decision as to when. (And - I agreed, spending time in hospitals, fighting the inevitable was antithetic to his whole personality)
Cleared by 2nd round of medical professionals to make the MAID decision on a Wednesday, so - we scheduled for Friday - he passed away naturally Thursday morning.
Note that it really depends on the type of the pancreatic cancer. While pancreatic adenocarcinomas are some of the worst cancers out there (overall 5y survival of 8%), others like pancreatic neuroendocrine tumours have a fairly good prognosis. Famously, Steve Jobs sought alternative medicine solutions to the latter, which was probably misguided.
I come from a long line of clinical/medical folks in my family - and me on the tech side of medicine...
That said the following is me talking out my ass, but I have followed a very few number of pancreatic cases - jobs being one... and there is one anecdotal that I would hope people closer to such cases can chime into ; how much wine did these people drink (jobs was a prolific wine drinker)
Im wondering if sulfates from wine are a major player.
Jobs famously didn't drink much alcohol; he was way more into exotic fruit juices and such. Where did you get the idea he did? And what's with the oddly narrow "must be the sulfates, in wine specifically". Why not tannins? Polyphenols? Organic acids? We already know alcohol contributes to a variety of cancers...what compelling evidence is there that sulfate need be involved?
Tannins (and sulfates) are found in all sorts of food. But it's way easier to take the intellectual shortcut and say "it's probably X", instead of "it's probably really complicated and there are a number of factors involved". Some people want simple answers, no matter how complicated the problem is, or how wrong the answer is.
> Im wondering if sulfates from wine are a major player.
I work in healthcare in one of the wine capitals of the world, Napa County, CA.
We do not have a higher rate of pancreatic cancer than anywhere else. It is average. If sulfates from wine were a factor, it is quite likely that we would have seen a higher rate of pancreatic cancer here.
If they were a major player it wouldn’t be so subtle, it would be an industry wide problem. Alcohol causes pancreatic cancer for sure, but sulfites specifically? I’d beed a lot of evidence to believe that.
Sure, but that shouldnt preclude looking into it...
As you stated "*I need a lot of evidence*" - which is exactly what I am asking for. "Moar evidance"
And sulfates may not be the right metric...
So if we can fully identify dietary commonalities of pancreatic cancer patients, then we can get a little farther down this path to understanding...
What would be the most amazing use of "AI" would be to have a biological model of a pure human body (as far as nutrients and blah blah are concerned) - then cycle through feeding that biology various substances and seeing how it propogates through the system)
There are a lot of conspiracy theories about AIDS, and in the case like the death of Steve Jobs I guess this sort of rumor is bolstered by the fact that a lot of people hid their diagnosis due to stigma. Jobs was famously very focused on image. But I think most of that stigma was gone by 2010.
The stigma is most definitely not gone with the exception of the gay community, and maybe younger folks. If Jobs had AIDS and hid it, it wouldn't be a shock, but I think it would be a contributing factor to disinformation as most people believe the pancreatic cancer happened on its own and was exacerbated by his alternate treatments.
Well the other thing is, if he got a positive test in 2006, he'd be on anti-retrovirals and wouldn't have died of it. He had money and access to good doctors. It's rare for someone like him to die of AIDS complications.
A friend of mine survived it, I wouldn't wish pancreatic cancer on even my enemies. That stuff is tough. I do the Purple Stride with her every year to celebrate her battle.
RIP Kevin, hearing your stories and the movie Hackers was a huge inspiration in me getting into what we do.
A friend of mine who is a surgeon originally was learning to become a pancreatic cancer surgeon. She changed to GI because the mortality rate was just so high and so fast that it was extremely heartbreaking and depressing.
I'm sorry to hear about your mom. It's not impossible to cure, but it's very uncommon. I think that if it is caught early, only 10% of people eventually become disease-free.
Markoff and Shimomura received $750,000 for their book rights and $650,000 for the film rights. The most sensational parts in the book or the movie had absolutely nothing to do with the truth.
Sharknado is closer to reality than Track Down. The cringest part is Tsutomu's fictional gf.
Take Down (the movie) was fantastic fiction, and even showed Mitnick as convicted before he even was.
However my cringiest take away from the book was Simomura's detailing of what he was eating which seemed to have so many mentions that at times I thought it was a healthy eating dialogue.
Pro-tip: CFAA only applies if you cross state lines between you and the server. Otherwise, state laws applies and there are/were some states that never passed any 'anti-hacking' laws.
Pro-er tip: if you are in the US and access a computer over any kind of service provider network (Internet, leased line, etc.) you should operate on the assumption your traffic is crossing state lines and the CFAA applies to your activities.
Tools like traceroute cannot show you where your traffic is physically being sent because: there may be no geographic information in the router reverse DNS records, that information might not be accurate if it is present, and layer 3 tools cannot show you the underlying layer 1/2 path (which might be wildly different than the layer 3 hops would suggest.)
Spot on. More simply, no matter the technical underpinnings, the case will be made in court that because your service provider (and probably the carriers it's connected to) have infrastructure across state lines at all, your traffic could have crossed state lines, and the court will be asked to assume it did. And they probably will.
You can make a reverse DNS record (or any DNS record, for that matter,) say anything at all. There isn't a National Committee for the Verification of DNS Updates checking this stuff out and demanding in-person inspections and notarized affidavits swearing that 100% of all information in the DNS is accurate and means whatever the end-user might infer it to mean.
For instance, part of the tracroute from my house to Google looks like this:
6 be-33112-cs01.doraville.ga.ibone.comcast.net (96.110.43.81) 19.602 ms
7 be-33142-cs04.doraville.ga.ibone.comcast.net (96.110.43.93) 22.738 ms
8 be-302-cr13.56marietta.ga.ibone.comcast.net (96.110.39.49) 23.202 ms
You can see these hostnames are obviously meant to encode some geographic data -- strictly for the convenience of the provider, it doesn't mean anything else -- but you, as the user, cannot tell from these records that these routers are actually where you think they are, based on the host names.
Another issue is the server you're communicating with might take a completely different path to get back to you, and you'd have no real way of knowing that.
rDNS information is provided by the owner of the IP address, not the owner of the domain. More generally there are spoofing and poisoning attacks against DNS.
Absolutely not. Any computer connected to the internet, even behind a firewall / NAT / etc. is considered to be involved in interstate or foreign commerce and thus a "protected computer" subject to 18 USC 1030. It's not your actions that make it a protected computer. 1030(e)(2)
> but the flamboyant way it was done scared the crap out of people who were both clueless and in a position to do stupid things. As a result we got the CFAA and the DMCA which are both some of the most ridiculous pieces of legislation after the so called "patriot" act.
> The damage that did to curious people growing up lost the US a significant fraction of their upcoming "innovation" talent.
The causal leap from flamboyant hackers to the DMCA/CFAA, and then to damaging the US's innovation talent feels... speculative.
> The causal leap from flamboyant hackers to the DMCA/CFAA
That isn't much of a leap. The penalties aren't rooted in the actual damages, because for most of this kind of curiosity-based intrusion, there isn't any real damage and the damage imputed to them is the cost of cleaning up after the vulnerability, which the "victim" ought to have paid regardless. Getting trolled by some kid isn't what costs you money, implementing a vulnerability that allows some kid to troll you is.
The reason the penalties are high is because of that embarrassment. Some major institution that ought to have done better gets pwned by some pranksters and they lose face. So they want to throw the book at the guy to deter anyone else, not from maliciously causing them undue harm, but from making a fool of them in public.
But blaming the youth for bragging about it is blaming the victim. The perpetrators are the institutions that abuse the law, and the process of creating the law, to severely punish not evildoers but the child who points out that the emperor has no clothes.
> and then to damaging the US's innovation talent
These are the laws they use to charge the likes of Aaron Swartz, are they not?
It'll make more sense when you realize that promoting the competence of American corporations is, in and of itself, an explicit policy goal of the American government.
If they wanted to promote competence then the damages would be applied to the corporation for implementing the vulnerability, not on the attacker for exposing it. This way, corporations are given a shield for being incompetent and can place the blame and damages upon an individual that brings them to light.
The hacks had to be flamboyant. If the hacks weren’t embarrassing the “adults” in suits would deny the hairy person in a t-shirt knew what they were talking about.
This even happens when there is not nearly as much status difference between the two.
I was once tasked to work with TPM 2.0 provisioning in an embedded position. They specifically chose me and pulled me from another team because of my skills in cryptography (I wrote Monocypher). Fast forward a couple weeks, I notice that the way the provisioning was specified, it would allow us to provision a fake TPM without noticing. My team lead didn’t believe me.
Sometimes later we had an actual provisioning procedure in place, and what do you know, it worked to completion even with a fake (software) TPM and a real certificate from the manufacturer. Because, well… we just didn’t compare the relevant public keys. My team lead was still sceptical.
I had to mention the issue in a meeting with some higher-ups and the security guy to be allowed to fix the problem. I believe this goes a bit deeper than a status game. I think it’s downright magical thinking: this hope that ignoring problems (especially vague threats like security vulnerabilities), could make the problem actually disappear.
Definitely some of that. but in Kevin's day it was most likely a team of IBM blue suits, white shirts, and red ties vs. Kevin in whatever he found to wear.
Having been around for the long haul and meet Kevin a few times, I'm sad to hear of his passing. Yet, his white hat influence will live on.
I completely agree. There was a time when hacker did not mean criminal. That was the time during which Kevin was active. It was also the time during which I was active, not that that matters right now. But there was a rapid shift from computers being something you could explore to if you're exploring that then you are a bad person. And I also agree that trying to scare policy makers isn't necessarily going to work because they don't understand what they're scared of. Curiosity is no longer rewarded in general in our society.
Those of you who don't think what Kevin did was important, there seem to be a lot of people discussing him, aren't there?
> The damage that did to curious people growing up lost the US a significant fraction of their upcoming "innovation" talent. While not diminishing the folks who leaned in to the illegality of it.
It is very difficult to see how that is the case when pretty much every functioning nation has substantially similar laws.
Nobody really cared in the scene about the DMCA until the FBI started taking people offline. Even then? It stopped nobody, people just got more security aware.
As a result we got the CFAA and the DMCA which are both some of the most ridiculous pieces of legislation after the so called "patriot" act. The damage that did to curious people growing up lost the US a significant fraction of their upcoming "innovation" talent. While not diminishing the folks who leaned in to the illegality of it.
I was escorted out of my job as a shipping clerk in 1999 for creating an entry in an NT 4.0 group with my name in it to impress the IT Admin so I could get a job in the computer department.
I really enjoyed the book Takedown, about Shimomura's pursuit of Mitnick - I must have read it three or four times. I always wondered what happened to Shimomura, since he just seemed to drop out of sight after that book came out.
Shimomura was an egotistical asshole at the time. However, he was younger then and can hopefully acknowledge he was still learning about himself and wasn’t all-wise yet.
I hope Shimomura can realize that Mitnick made him a better version of himself, both personally and professionally.
I've known him since the time of the events in his book, and can confirm. He was (and still is) an insufferable jerk. Not only does he self aggrandize himself in his book and web site, he pointlessly denigrates and takes down and insults the intelligence of his own colleagues in order to make himself look better (but the net effect was the opposite that he intended). And his book was a work of fiction. Nobody in their right mind would still want to work with him, especially after what happened with his LED company. I know somebody who made the mistake of working with him, and the costly lawsuits and recriminations between them have been dragging on for years, but Tsutomu's clearly the one who was at fault.
His ego came through a bit in the book, but honestly that's a fairly common trait for young guys. I am also quite aware that the book only presents one side of the story and that Mitnick had quite a different perspective. I'm sure the truth lies somewhere in the middle. My enjoyment of the book was much more about the process they used to track him down, and the detailed description of them building tools to aid in the process, rather than the people involved.
"A bit"? You think so? At the time, Tsutomu was enough of an adult to know not to be such an asshole, but that didn't stop him one bit.
Fuck the "boys will be boys" defense, and the people who still try to defend reprehensible behavior (and ultimately their own) by trotting out that old sexist canard.
I’m not defending the behavior, just saying that it didn’t detract from the parts of the book that I enjoyed.
I did find the inclusion of so many details of his romantic life a bit odd. It’s not that they were graphic or anything, there was just a lot of it and it didn’t have anything to do with the subject of the book.
Meh. It 'ain't braggin' if it's true. Worked with Tsutomo on some projects. Dude has an extremely keen analytical mind. Mitnick on the other hand had an excellent grasp of human intellectual frailty. I was always surprised people expected Tsutomo to be some amazingly empathetic mensch and Mitnick to be some uber mentat wizzard.
Each was quite good within their speciality, and kinda crappy in the other's. And that's totally okay.
He started at company called Neofocal which had some really cool LED products. He also has had some health issues of his own to deal with. I last talked with him about 5 years ago in 2018.
I didn't know Kevin, but am friends with Tsutomu Shimomura who worked with authorities to get him arrested. Tsutomu worked with me a bit when I was at Sun trying to get a cryptographically secure subsystem into the base system specification. It was fun to listen to his side of this story.
The 80's was a really weird time for computer enthusiasts, and it was the period of time when what was then considered the "hacker" community schismed into what today we might call "white hat" vs "black hat" hackers.
As a person who considered themselves to be part of that community I was personally offended by how the story of Kevin painted everyone who thought of themselves as a "hacker" as a criminal. It made for good story telling to make these folks "pirate" or perhaps more accurately "privateer" types in their swashbuckling ways of sticking it to the man. People would say, "Exposing security holes is like solving puzzles (which is fun) and important because if I don't do it, well somebody 'bad' will." And while I'm here, why not make it hurt for them a little bit to incentivize them to fix this problem quickly!"
I didn't disagree with the importance of pointing out security problems, but the flamboyant way it was done scared the crap out of people who were both clueless and in a position to do stupid things. As a result we got the CFAA and the DMCA which are both some of the most ridiculous pieces of legislation after the so called "patriot" act.
The damage that did to curious people growing up lost the US a significant fraction of their upcoming "innovation" talent. While not diminishing the folks who leaned in to the illegality of it.