Greed and pride may be the two biggest issues here.

It can also be hard to trust people you don't know to not steal your ideas.

Some people like publicity, and headlines, or at least credit for their ideas. Like any group, there are deceptive people, and people willing to take credit for other people's work.

If there are no tools, or proof of concept creations, when a person comes forward with an idea, another may stand up and say, "Oh! I thought of that before. That is an old idea." However, having something conrete does two things. First, it provides an example of something people can touch, and second, if anyone claims to have thought of the idea before you, they lose credit for not finishing it, or being too slow, and maybe, can get asked how they did it, if the method of the presenter has not yet been disclosed.

There was a program on NOVA about archimedes and how he had problems with other people stealing his work when he published complete proofs with a new theory, or production; others would claim they thought of that idea and had a proof from long before. He moved to provide resulting products without supporting work of the proof. Then he could ask if anyone had a proof, and if so to produce it. Then, he could later provide the proof, and anyone coming forward might have trouble claiming they had it solved before him. (The documentary even claimed that he would occasionally provide false conclusions on purpose, to see if anyone would claim those false conclusions as their own, so he could, "rat them out" with a proof to the contrary.)

Pride through a sense of uneasiess in others benefiting from your own work? Greed in wanting to get all of the glory and status of being first? I think if you could find ways to deal with these, sharing-before-release might be easier.

I think it's a bit more than this. There are quite a few layers at defcon (or anywhere, for that matter). There are people I trust. There are people who are trusted by people I trust. There are people I trust not to do anything stupid with things that I tell them. There are people I trust to run right off and do as many stupid things as possible with things I tell them.

Any of that group might be someone I hand ideas to, depending on the idea. Sometimes I keep things completely to myself, depending on the ramifications. There's also a skill level to consider. Something that interests the casual reader on Daily Dave is not necessarily the right topic for the local linux user's group.

Mostly, though, I don't share much with almost anyone. The list of people I'd hand a working concept to is small, very small. It isn't to say that I find other people untrustworthy, as that there is more at stake than just trust. What's funny is that I've gotten older, the number of people I trust just gets smaller, not larger.

Remember; the best kept secret is a secret known by one.

Being informavores hackers make good meme spreaders... yay!

As reasons, this makes sense:
Ethical worries on how the idea could cause harm
But I don't agree wit this:
Lack of venue for the scope of the idea

I can understand non-disclosure due to the issue of ethical worries, but do not see how this can ultimately work. Given sufficient amounts of time, it would seem likely for someone else to think of it. All this does is to delay the release of the idea by someone else.

I don't agree with the issue about lack of venue for discussion of an item, since nearly any specialization has a group of people willing, able, with desire to discuss it-- it is just a matter of finding them.

However, both of these seem to have "time" as a critical element. In the first, time to delay release of the idea and in the second one the time (and maybe money, but time is money. ;-) to spend to find and visit a group for discussion of the idea.

What do you think?

I keep thinking back to the days when I first really got into this stuff, Back when the l0pht crew were still hanging out in a loft in Boston. I remember that there was a great cross section in some of the early hacker groups and they were able to collaborate and do some amazing work. I've noticed that since the dot-bomb days, there are fewer high profile hacker collectives. Is everyone gone corporate, or is it just not fiesable anymore.

I don't know. After seeing some amazing drunken defcon releases because 2 people sat next to each other at the bar and started talking wants me to find more ways to encourage this rampant exchange of ideas.

I definatly understand the trust thing and not wanting to share all your secrets, I'm guilty of it. But how do you get a community together in the first place to be comfortable with sharing ideas.

I've been able to eek out a group through the CoWF and personal contact, and that's been great. It should be about the idea. I might end up being the nut on stage but give full credit where it's due. The idea gets matured and gets out, that's the goal.

Whole reason for this was trying to figure out how to do it with the CoWF. We want people to collaborate, but not to run off with ideas or research or be 'hangers on'. I'm trying to foster an incuabator where there is a significant pool of talent, where you can ask for help, but not be public (i.e. on the NS or DC forums).

On a more technical note, we're setting up forums for the CoWF and the logic I want to use is: There's a public side to the forums for all the usual crap. If you contribute a project/paper/something to the site/group you get access to a private set of forums, out of the public eye and can tap the group intelligence for help on fostering other projects and ideas.

Is this a sound idea or am I doomed to fail?

From what I have seen, a key element to successful collaboration in this space is geography. People that meet in person, and get to know each other think they can better judge a person. View of body language, and shared experiences give people ideas on how they each may or may not be reliable, truthful, trustworthy, intelligent and fun.

How are groups formed?
An energetic, social, outgoing and charasmatic person with or without specialized technical knowledge meets up with, or knows many people. They act as a catalyst, to bring people together, and can be trusted by each member to keep secrets well enough to hear ideas, and suggest different specialists speak together for mutual benefit.

Two or more like minded people who went to school together, or have known each other for a while, start to hang out. Through discussions, new ideas emerge, and each may bring in their own friends to expand the group and introduce respective friends to each other.

One person with a thirst for knowledge, "hacker mentality," and lots of resources buys a bunch of equipment, books and stuff, and invites people over to hang out and play with what they have. Word spreads about the ego-less giving nature of this person, and people that want to find out how things work, also visit, hang out, play and talk.

A technical support group is formed, and many people join. Some of the brighter people start to hang out for pizza, or other stuff, and then start to spend time with each other outside of the normal support meetings.

These groups seem to work best when ego is not a primary characteristic in members. Ego ruins free exchange of information. "Oh. I am leet. I know lots of stuff." (A lie, but now there is burden to maintain the lie, not share, or more importantly, NOT ASK QUESTIONS for fear of how that would show how "non-leet" they are.)

These groups can work across distances if established in-person, but I've not seen much success with groups that are started in a virtual space without meeting in, "real life."

Some really good points have been brought up already, so I'm going to stick to a few specific / personal observations.

Look at it this way: not every idea is necessarily suitable for every audience. Part of that may be down to their skill level (not meant in an elitist sense, but people should be learning to crawl before trying to run); part of it may be down to where their interests lie.

Agreed, but only to a point - this proposes infinite monkeys in front of infinite keyboards, essentially. It's the unknown amount of stuff that we *haven't* found (or, at least, that hasn't been released publicly) that makes it hard for me to accept that someone else will eventually discover the same thing.

And time, also, to develop the idea. Anyone presenting to this community with something that isn't completely thought out will get called on it, and in no short order.

Personally, I think it's a combination of things. A lot of people realised that the rockstar attitude they'd developed in the '90s didn't count for squat once the economy knuckled under. Further, by being more public you attract more people, but it also attracts its share of hangers-on only there to try to bask in the limelight of the compentent folks; this drags the group as a whole down. Finally, the rise of scriptkiddy defacement clans put a bad taste in a lot of people's mouths for obvious collective work - no matter how detached from that world you might be, the minute people hear 'hacker' that's a subset of society you're going to be confused with. From what I can see, we're going back to a more localised model of interaction - sort of like how things were in the BBS days.

Honestly... I don't know that there is any way you can get this sort of outcome if you try to make it happen.

Individuals within the community have to be comfortable with working with other individuals within that community. Obviously, this works better for smaller groups - it's easier to keep focus and less likely to fall prey to the 'too many cooks' syndrome seen in majorly open projects.

Honestly, it's nearly impossible to keep x number of people equally-focused on and committed to the same goal for very long. We've tried this here and found that the 'small groups' model worked best - people could go off and bang on something, then ask others not directly involved with it (who could be trusted to not go blabbing about it) questions and get feedback.

It's a sound idea, but in practice it may turn out rather different than you're intending. A buck says that someone's going to get all butt-hurt that they don't have access to the private forum despite their super-ultra-mega-most-important-contribution-of-all (they coloured the icon in Cornflower Blue) to the project and be a whiny little bitch about it - and that's just one relatively small issue more or less endemic to any public or semi-public project. The question is how much of your time you want to invest in dealing with shit like that rather than dealing with actually moving things forward.

Yep. I've also noticed that projects (on the scale we're talking about) where people meet and focus on the project directly for a couple of hours every so often tend to succeed more often than ones hashed out via teh intarweb.

One other I'll add: the shot in the dark. Someone identifies a need for a such a group, and posts a flyer, starts a thread on a BBS, or finds some other way to advertise that everyone should get together for pizza at Joey's mom's house net Friday and talk about <insert project or interest here>. It's not so much that they necessarily know anyone else in the area, but are betting on the idea that there are more interested parties out there than just them.

Emphasis mine, because this is one of the most fundamental things anyone starting or getting involved with a group needs to understand and take to heart. It's fine to be opinionated and have strong convictions, but if you can't set those aside when working with others then you're doing this for all the wrong reasons.

One of the most intelligent things I ever heard about ego and hacking was this: "Wanting to be the most famous hacker is like being the tallest midget - no matter how unique and important you may think you are, you're still short."

One other thing that bugs the hell out of me but on the opposite side of the coin: people describing themselves as 'noobs'. The word has connotations (to my mind, at least) of suggesting that the person it describes is almost incapable of learning or going beyond their circumstances; in some cases, it even gets used as an excuse. Newflash: everyone has to start somewhere, but noobs stay noobs and never progress past that point. And a lot of the reason for that, IMHO, is that they buy into convenient labels like 'noob', 'leet', and the white/black hat nonsense, rather than concentrating on learning something useful.

This is the only part I feel compelled to address:

I accept it that there are inappropriate venues for specific content, just as I accept that there is a venue for every idea-- it's a matter of desire, opportunity, and ability to find an appropriate venue.

To me, "lack of venue," sounds like an excuse.

"Why didn't you ever release this?"
"I could not find a venue": (Sounds to me like-- choose one)
A) I did not want to search
B) I did not have the time to search
C) I don't know how to search

These just seem like lame excuses to try to use as valid excuses (not reasons) to not release a new idea.

To me, "I did not want to release the idea," is much more reasonable and sounds less like an excuse. At least for me, I can respect this more than a claim that there is no venue; this is a decision without attempt at excuse.

That seems to work well online/offline, wherever. Group A beats on a project, takes it back to the group at large, gets feedback, then goes back and beats on it further based on feedback. Sometimes having someone removed from the development cycle can give them perspective that the developer never saw (an environment I want to facilitate).


I see that all the time at lockpicking101.com. There's an 'advanced' area that talks about stuff best not revealed publically (safe manipulation, high end security bypasses, good stuff for wanna-be thieves to know) but there's really not much in there, but there's always someone whining.

I'll have to poke at the reputation system and see if that can be used to mod up/down users to get a group concessus on thier 'trustworthyness'. I just want to have an area that one can ask "Does anyone know how to do XYZ?" and not have it end up in google.

Here's the crux of the matter. Unless you are part of a *VERY* small group, I don't trust you. Not for certain things. It's just the way it is. I've even met you IRL, I believe, and I am not saying you are not a trustworthy kind of guy. I *am* saying that there are some things that just don't get shared, and that's the way it is.

To give you a benchmark, I trust Simple Nomad. I also trust other people that I am fairly sure you've never heard of. I trust them in different ways, with different kinds of information. I trust Steve Christey. I don't necessarily trust Mitre. I don't know that a reputation system that attempts to automate those trust factors is going to be able to model the various levels of trust there, or to extrapolate out and provide me a reason to trust someone I don't know, or don't know well, no matter how many of the people I trust tell me that I should.

It's an interesting business, trust.

IMHO, trust is an evolving feeling. You can trust someone, and one day, see something that makes a little dent in that trust. Or a big dent.

The question is, can you trust yourself to conciously and objectively trust others? Difficult answer, to which most would say 'yeah sure' - but now take a look back, and think of the number of times your trust has been broken. If it hasn't happened to you yet, don't worry - it will. Has the trust in yourself to know how much you can trust others been affected?

To get back on the original topic, I believe another barrier is technology. Back in the days of l0pht, they used to have many excellent tutorials on modifying Motorola pagers to receive all capcodes, and other radio-related stuff. Nowadays, radio networks have gone digital, some at such high-speeds that it's no longer possible to decode them with a simple soundcard and some software.

Take TETRA, which is a 28.8kbps TDMA digital trunked system - you need dedicated DSPs and very deep knowledge of modulation schemes, complex math and algorithms to even get started. I'm not saying that yesterday's hacks were easy, but the technology itself was more accessible with limited resources. To touch a modern PCB, you need tools that cost many thousands of dollars.

Most hacking has now gone onto software, just like pretty much everything else. We live in a more and more virtual world, where a few know how to make the very complex hardware, where our software then runs on. Ask a recently graduated telecomms engineer to draw you the schematic of a receiver, and he'll draw a nice box with the letters 'R' and 'X' inside, and a neat Y at the top as the antenna. Sadly, with software it's very easy to take credit for other people's work - and so there isn't as much sharing.

Regards,

Mother

Good point. But in the context of what we're talking about here:

Thing is, while I agree with the point you're making, it's important to distinguish between trust and reliance. It's possible to work with someone you don't have to trust, provided you can rely on them. Of course, that would dictate the roles and interaction you'd likely give to or have with them, but it's still possible to work with someone in the absence of trust. In some ways it makes things simpler since you've got an exact baseline to measure them against.

Yeah, but WRT to radio specifically there's still a LOT of analogue-only stuff out there. Having said that, while it is a shame to have lost stuff like the Radiophone archives, Brian Oblivion's stuff, and so on, there's another side to this: people should be (and are) moving on to look at the digital technologies rather than stagnating with what's already known.

Good point. However: how were things like Bellcore documents and equipment obtained in the past?

One thing I'm firmly convinced the Internet has done a great job of is cutting down critical thinking and reasoning skills in most people who use it heavily - as well as profligating a fair bit of social retardation. That's a rant for another thread, though...

Information should be free, credit to the author should be something you just write. Only idiots steal ideas without crediting the author. When you steal ideas AND credits the author, what does he have to whine about?

Semi-software hacking {
Idea of the moment: [probably illegal in most countries] SMS - Short Message Sniffing.
What prevent people from picking up your unencrypted SMS'es? Nothing but the software to do it. I do not have much Java experience (VERY simple), so if anyone could take the idea and do something to it, you're free to go!
If you could filter the sniffing to only pick up messages to your own phone number and a list of x people's numbers, it would be much better... }

I think that Larry Wall said this best:

Raw data is free. Make of it what you will. Information is something constructed from raw data, and people are free (or not) to do with it as they will. Credit to the author? Are you saying, then, that theft is okay, as long as you let the author know you took it?

I will also state that some *ideas* are worth more than others. Supplying a random thought or two about something that might be interesting, if you only knew how to do it, is not the same as providing information and guidance on some specific effort.

Really, this is far afield from what the OP was suggesting, in any case. I would say that I've seen collaboration between people grow out of casual meetings (at defcon, and other places), but that kind of spark just can't be manufactured.

L0pht (I use this only as an example, since it is one of the best known) was a happy meeting of like-minded folk, but they were collaborating *before* they got together. How can you make an environment that encourages collaboration? How do you separate out the people who are going to contribute from the people who are just there to take, and not to give?