Space Rogue

I just finished reading an advanced copy of Thomas' book, and I liked it. Thomas, in telling his own story, also tells the story of the L0pht and the hacker scene in Boston, primarily during the 1990s. I thought I knew the story of the L0pht, and I did in broad outline. Thomas, as an early L0pht member with an insider's view, provides a much clearer exposition.

Thomas does this by writing about his own life. Growing up poor, he first joined the Army Reserves, then the US Army, planning on using the GI Bill to pay for college. When he begins attending college, he quickly learns two things: the GI Bill doesn't pay nearly enough to cover tuition, books, and living expenses, and that he finds most of the classes he is taking uninteresting with the exception of the CS course. He quickly finished the programming assignment, but continued using his terminal access on the school's timesharing system. After one semester, Thomas is out of school and working jobs in physical security in the Boston area.

Like many people, Thomas is fascinated with computers. He buys a Mac, then a modem, and begins hanging out on local BBS' (Bulletin Board Server). All through the 1980s, BBS was the means computer users used to exchange information, supplanted by the Internet by the late 90s. Through the BBS, Thomas becomes aware of physical meetups of other people like himself, and begins attending gatherings at Harvard Square and meeting the people he had only known by their handles.

Thomas gets invited to join the L0pht, a rented loft with work and storage places for each member. All the L0pht members have day jobs, and they pay for the rental of the loft largely by collecting discarded computers and reselling the working ones at a flea market. Even though the L0pht is best known for its 1998 Senate Testimony, they reached that stage by carefully working with reporters and journalists for years beforehand. The L0pht members become well-known as experts in security issues as well as advocates for improving security.

Thomas started, and ran, HackerNewsNetwork, once the L0pht had a reliable Internet connection. Not a fast connection at first: 56 kilobaud, then later twice that with an ISDN connection. It's easy to forget just how difficult it was to get a decent, always up, Internet connection in the 90s.

As Thomas tells his story, you learn about who he is: a trustworthy person who works very hard, writing and curating news for HNN as well as his day jobs, which were soon in the computer retail industry or as support for computing in local universities.

The L0pht members had been working without compensation, and wanted to get in on the tech boom of the 90s. Their exploration of possible partners, as described by Thomas, is interesting to say the least. When a company that wants to acquire the L0pht wanted a demonstration of penetration testing, their underhanded plans for the L0pht get revealed as part of the test. The L0pht finally chose to join @stake, an adventure that ended with the disintegration of the group.

While the L0pht provides the core of this book, you get Thomas' perspective of the goings on. Appendix B includes the transcript of the Senate testimony and reveals more about what the other members are interested in. I clearly got the sense that the L0pht lives up to their billing: a group of talented men interested in improving security, largely by publishing weaknesses and exploitable flaws in software.

Thomas avoids using the term 'hacker', as he includes a definition of hacking as criminal activity in the book. Yet his book clearly provides a view into the life of a hacker and his associates, one that is not criminal but instead public service at great cost to themselves.

You also learn how hard it is to get a job without a college degree. Thomas taught himself programming, Unix sysadmin, Mac support, networking, HTML, and video podcasting, evidence that people who don't get college degrees may do much better with self-learning. But HR departments don't see things that way.

I enjoyed reading this book, as it filled in lots of gaps in my knowledge. While I wrote an early book on Unix security, taught security through the 90s, I had little contact with the world of people who relied on handles to protect themselves from the litigious companies whose products ignored security and preferred using lawyers. Things changed after the dot-bomb, as exploits, instead of being published, started being sold to the highest bidder. Perhaps it was inevitable that the L0pht, as unpaid security researchers, would also vanish as a breed after 2001.