Announcement

Collapse
No announcement yet.

Idea sharing, collaboration and making cool stuff

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Idea sharing, collaboration and making cool stuff

    Something I've noticed and have been pondering for a while that I'd like to get second opinions on.

    The Hacker community (casting a very wide net here) seems to run on ideas. Ideas are exchanged like some sort of social currency where people who flow ideas trade them in the form of How-to's, conference talks, books, whatever for other ideas. Those same ideas are also closely guarded until release and are never really seen publicaly.

    The idea that I've been pondering is the question of how many good ideas (vulns, neat hardware hacks, software designs, etc) never see the light of day because the idea creator does'nt have the skills or does'nt know anyone with the skills, to act on that idea. It just sits in a dusty corner and fades away. How many projects don't grow to thier full potential because of the limits of the original creator.

    I've noticed over the last couple years with my projects have moved away from stuff that I have done exclusivly to me becoming some sort of idea facilitator.

    I've had ideas for things and not had the ability to do them myself, but I was able to rally the right people to get them done. I've also noticed that I have been a wierd liason for things to develop further by bringing people working on something similar but in a different field together to grow things further.

    The end question I have to ask is, given the huge amount of talent on the forums here and elsewhere, at Defcon (meatspace) and elsewhere where geeks gather, can we facilitate more collaboration between people working on similar things. Often I've noticed people keep thier current projects 'under wraps' and are'nt very loath to ask for help. How can we change this so that people know who can help them or where to take an idea so that it can be acted upon by people better equiped?

    Wow, longer than I thought it would be.
    Never drink anything larger than your head!






  • #2
    Greed and pride may be the two biggest issues here.

    It can also be hard to trust people you don't know to not steal your ideas.

    Some people like publicity, and headlines, or at least credit for their ideas. Like any group, there are deceptive people, and people willing to take credit for other people's work.

    If there are no tools, or proof of concept creations, when a person comes forward with an idea, another may stand up and say, "Oh! I thought of that before. That is an old idea." However, having something conrete does two things. First, it provides an example of something people can touch, and second, if anyone claims to have thought of the idea before you, they lose credit for not finishing it, or being too slow, and maybe, can get asked how they did it, if the method of the presenter has not yet been disclosed.

    There was a program on NOVA about archimedes and how he had problems with other people stealing his work when he published complete proofs with a new theory, or production; others would claim they thought of that idea and had a proof from long before. He moved to provide resulting products without supporting work of the proof. Then he could ask if anyone had a proof, and if so to produce it. Then, he could later provide the proof, and anyone coming forward might have trouble claiming they had it solved before him. (The documentary even claimed that he would occasionally provide false conclusions on purpose, to see if anyone would claim those false conclusions as their own, so he could, "rat them out" with a proof to the contrary.)

    Pride through a sense of uneasiess in others benefiting from your own work? Greed in wanting to get all of the glory and status of being first? I think if you could find ways to deal with these, sharing-before-release might be easier.

    Comment


    • #3
      Originally posted by TheCotMan
      Greed and pride may be the two biggest issue here.
      I think it's a bit more than this. There are quite a few layers at defcon (or anywhere, for that matter). There are people I trust. There are people who are trusted by people I trust. There are people I trust not to do anything stupid with things that I tell them. There are people I trust to run right off and do as many stupid things as possible with things I tell them.

      Any of that group might be someone I hand ideas to, depending on the idea. Sometimes I keep things completely to myself, depending on the ramifications. There's also a skill level to consider. Something that interests the casual reader on Daily Dave is not necessarily the right topic for the local linux user's group.

      Mostly, though, I don't share much with almost anyone. The list of people I'd hand a working concept to is small, very small. It isn't to say that I find other people untrustworthy, as that there is more at stake than just trust. What's funny is that I've gotten older, the number of people I trust just gets smaller, not larger.

      Remember; the best kept secret is a secret known by one.

      Comment


      • #4
        Being informavores hackers make good meme spreaders... yay!
        45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
        45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
        [ redacted ]

        Comment


        • #5
          Originally posted by shrdlu
          ... Sometimes I keep things completely to myself, depending on the ramifications. There's also a skill level to consider. Something that interests the casual reader on Daily Dave is not necessarily the right topic for the local linux user's group.
          As reasons, this makes sense:
          Ethical worries on how the idea could cause harm
          But I don't agree wit this:
          Lack of venue for the scope of the idea

          I can understand non-disclosure due to the issue of ethical worries, but do not see how this can ultimately work. Given sufficient amounts of time, it would seem likely for someone else to think of it. All this does is to delay the release of the idea by someone else.

          I don't agree with the issue about lack of venue for discussion of an item, since nearly any specialization has a group of people willing, able, with desire to discuss it-- it is just a matter of finding them.

          However, both of these seem to have "time" as a critical element. In the first, time to delay release of the idea and in the second one the time (and maybe money, but time is money. ;-) to spend to find and visit a group for discussion of the idea.

          What do you think?

          Comment


          • #6
            I keep thinking back to the days when I first really got into this stuff, Back when the l0pht crew were still hanging out in a loft in Boston. I remember that there was a great cross section in some of the early hacker groups and they were able to collaborate and do some amazing work. I've noticed that since the dot-bomb days, there are fewer high profile hacker collectives. Is everyone gone corporate, or is it just not fiesable anymore.

            I don't know. After seeing some amazing drunken defcon releases because 2 people sat next to each other at the bar and started talking wants me to find more ways to encourage this rampant exchange of ideas.

            I definatly understand the trust thing and not wanting to share all your secrets, I'm guilty of it. But how do you get a community together in the first place to be comfortable with sharing ideas.

            I've been able to eek out a group through the CoWF and personal contact, and that's been great. It should be about the idea. I might end up being the nut on stage but give full credit where it's due. The idea gets matured and gets out, that's the goal.

            Whole reason for this was trying to figure out how to do it with the CoWF. We want people to collaborate, but not to run off with ideas or research or be 'hangers on'. I'm trying to foster an incuabator where there is a significant pool of talent, where you can ask for help, but not be public (i.e. on the NS or DC forums).

            On a more technical note, we're setting up forums for the CoWF and the logic I want to use is: There's a public side to the forums for all the usual crap. If you contribute a project/paper/something to the site/group you get access to a private set of forums, out of the public eye and can tap the group intelligence for help on fostering other projects and ideas.

            Is this a sound idea or am I doomed to fail?
            Never drink anything larger than your head!





            Comment


            • #7
              From what I have seen, a key element to successful collaboration in this space is geography. People that meet in person, and get to know each other think they can better judge a person. View of body language, and shared experiences give people ideas on how they each may or may not be reliable, truthful, trustworthy, intelligent and fun.

              How are groups formed?
              An energetic, social, outgoing and charasmatic person with or without specialized technical knowledge meets up with, or knows many people. They act as a catalyst, to bring people together, and can be trusted by each member to keep secrets well enough to hear ideas, and suggest different specialists speak together for mutual benefit.

              Two or more like minded people who went to school together, or have known each other for a while, start to hang out. Through discussions, new ideas emerge, and each may bring in their own friends to expand the group and introduce respective friends to each other.

              One person with a thirst for knowledge, "hacker mentality," and lots of resources buys a bunch of equipment, books and stuff, and invites people over to hang out and play with what they have. Word spreads about the ego-less giving nature of this person, and people that want to find out how things work, also visit, hang out, play and talk.

              A technical support group is formed, and many people join. Some of the brighter people start to hang out for pizza, or other stuff, and then start to spend time with each other outside of the normal support meetings.

              These groups seem to work best when ego is not a primary characteristic in members. Ego ruins free exchange of information. "Oh. I am leet. I know lots of stuff." (A lie, but now there is burden to maintain the lie, not share, or more importantly, NOT ASK QUESTIONS for fear of how that would show how "non-leet" they are.)

              These groups can work across distances if established in-person, but I've not seen much success with groups that are started in a virtual space without meeting in, "real life."

              Comment


              • #8
                Some really good points have been brought up already, so I'm going to stick to a few specific / personal observations.

                Originally posted by TheCotMan
                But I don't agree wit this:
                Lack of venue for the scope of the idea
                Look at it this way: not every idea is necessarily suitable for every audience. Part of that may be down to their skill level (not meant in an elitist sense, but people should be learning to crawl before trying to run); part of it may be down to where their interests lie.

                I can understand non-disclosure due to the issue of ethical worries, but do not see how this can ultimately work. Given sufficient amounts of time, it would seem likely for someone else to think of it. All this does is to delay the release of the idea by someone else.
                Agreed, but only to a point - this proposes infinite monkeys in front of infinite keyboards, essentially. It's the unknown amount of stuff that we *haven't* found (or, at least, that hasn't been released publicly) that makes it hard for me to accept that someone else will eventually discover the same thing.

                However, both of these seem to have "time" as a critical element. In the first, time to delay release of the idea and in the second one the time (and maybe money, but time is money. ;-) to spend to find and visit a group for discussion of the idea.
                And time, also, to develop the idea. Anyone presenting to this community with something that isn't completely thought out will get called on it, and in no short order.

                Originally posted by renderman
                I've noticed that since the dot-bomb days, there are fewer high profile hacker collectives. Is everyone gone corporate, or is it just not fiesable anymore.
                Personally, I think it's a combination of things. A lot of people realised that the rockstar attitude they'd developed in the '90s didn't count for squat once the economy knuckled under. Further, by being more public you attract more people, but it also attracts its share of hangers-on only there to try to bask in the limelight of the compentent folks; this drags the group as a whole down. Finally, the rise of scriptkiddy defacement clans put a bad taste in a lot of people's mouths for obvious collective work - no matter how detached from that world you might be, the minute people hear 'hacker' that's a subset of society you're going to be confused with. From what I can see, we're going back to a more localised model of interaction - sort of like how things were in the BBS days.

                I don't know. After seeing some amazing drunken defcon releases because 2 people sat next to each other at the bar and started talking wants me to find more ways to encourage this rampant exchange of ideas.
                Honestly... I don't know that there is any way you can get this sort of outcome if you try to make it happen.

                I definatly understand the trust thing and not wanting to share all your secrets, I'm guilty of it. But how do you get a community together in the first place to be comfortable with sharing ideas.
                Individuals within the community have to be comfortable with working with other individuals within that community. Obviously, this works better for smaller groups - it's easier to keep focus and less likely to fall prey to the 'too many cooks' syndrome seen in majorly open projects.

                Whole reason for this was trying to figure out how to do it with the CoWF. We want people to collaborate, but not to run off with ideas or research or be 'hangers on'. I'm trying to foster an incuabator where there is a significant pool of talent, where you can ask for help, but not be public (i.e. on the NS or DC forums).
                Honestly, it's nearly impossible to keep x number of people equally-focused on and committed to the same goal for very long. We've tried this here and found that the 'small groups' model worked best - people could go off and bang on something, then ask others not directly involved with it (who could be trusted to not go blabbing about it) questions and get feedback.

                If you contribute a project/paper/something to the site/group you get access to a private set of forums, out of the public eye and can tap the group intelligence for help on fostering other projects and ideas.

                Is this a sound idea or am I doomed to fail?
                It's a sound idea, but in practice it may turn out rather different than you're intending. A buck says that someone's going to get all butt-hurt that they don't have access to the private forum despite their super-ultra-mega-most-important-contribution-of-all (they coloured the icon in Cornflower Blue) to the project and be a whiny little bitch about it - and that's just one relatively small issue more or less endemic to any public or semi-public project. The question is how much of your time you want to invest in dealing with shit like that rather than dealing with actually moving things forward.

                Originally posted by thecotman
                From what I have seen, a key element to successful collaboration in this space is geography. People that meet in person, and get to know each other think they can better judge a person. View of body language, and shared experiences give people ideas on how they each may or may not be reliable, truthful, trustworthy, intelligent and fun.
                Yep. I've also noticed that projects (on the scale we're talking about) where people meet and focus on the project directly for a couple of hours every so often tend to succeed more often than ones hashed out via teh intarweb.

                How are groups formed?

                An energetic, social, outgoing and charasmatic person...

                Two or more like minded people...

                One person with a thirst for knowledge...

                A technical support group is formed...
                One other I'll add: the shot in the dark. Someone identifies a need for a such a group, and posts a flyer, starts a thread on a BBS, or finds some other way to advertise that everyone should get together for pizza at Joey's mom's house net Friday and talk about <insert project or interest here>. It's not so much that they necessarily know anyone else in the area, but are betting on the idea that there are more interested parties out there than just them.

                These groups seem to work best when ego is not a primary characteristic in members. Ego ruins free exchange of information.
                Emphasis mine, because this is one of the most fundamental things anyone starting or getting involved with a group needs to understand and take to heart. It's fine to be opinionated and have strong convictions, but if you can't set those aside when working with others then you're doing this for all the wrong reasons.

                One of the most intelligent things I ever heard about ego and hacking was this: "Wanting to be the most famous hacker is like being the tallest midget - no matter how unique and important you may think you are, you're still short."

                "Oh. I am leet. I know lots of stuff." (A lie, but now there is burden to maintain the lie, not share, or more importantly, NOT ASK QUESTIONS for fear of how that would show how "non-leet" they are.)
                One other thing that bugs the hell out of me but on the opposite side of the coin: people describing themselves as 'noobs'. The word has connotations (to my mind, at least) of suggesting that the person it describes is almost incapable of learning or going beyond their circumstances; in some cases, it even gets used as an excuse. Newflash: everyone has to start somewhere, but noobs stay noobs and never progress past that point. And a lot of the reason for that, IMHO, is that they buy into convenient labels like 'noob', 'leet', and the white/black hat nonsense, rather than concentrating on learning something useful.

                Comment


                • #9
                  This is the only part I feel compelled to address:

                  Originally posted by TheCotMan
                  But I don't agree wit this:
                  Lack of venue for the scope of the idea
                  Originally posted by skroo
                  Look at it this way: not every idea is necessarily suitable for every audience. Part of that may be down to their skill level (not meant in an elitist sense, but people should be learning to crawl before trying to run); part of it may be down to where their interests lie.
                  I accept it that there are inappropriate venues for specific content, just as I accept that there is a venue for every idea-- it's a matter of desire, opportunity, and ability to find an appropriate venue.

                  To me, "lack of venue," sounds like an excuse.

                  "Why didn't you ever release this?"
                  "I could not find a venue": (Sounds to me like-- choose one)
                  A) I did not want to search
                  B) I did not have the time to search
                  C) I don't know how to search

                  These just seem like lame excuses to try to use as valid excuses (not reasons) to not release a new idea.

                  To me, "I did not want to release the idea," is much more reasonable and sounds less like an excuse. At least for me, I can respect this more than a claim that there is no venue; this is a decision without attempt at excuse.

                  Comment


                  • #10
                    Originally posted by skroo
                    Honestly, it's nearly impossible to keep x number of people equally-focused on and committed to the same goal for very long. We've tried this here and found that the 'small groups' model worked best - people could go off and bang on something, then ask others not directly involved with it (who could be trusted to not go blabbing about it) questions and get feedback.
                    That seems to work well online/offline, wherever. Group A beats on a project, takes it back to the group at large, gets feedback, then goes back and beats on it further based on feedback. Sometimes having someone removed from the development cycle can give them perspective that the developer never saw (an environment I want to facilitate).


                    It's a sound idea, but in practice it may turn out rather different than you're intending. A buck says that someone's going to get all butt-hurt that they don't have access to the private forum despite their super-ultra-mega-most-important-contribution-of-all (they coloured the icon in Cornflower Blue) to the project and be a whiny little bitch about it - and that's just one relatively small issue more or less endemic to any public or semi-public project. The question is how much of your time you want to invest in dealing with shit like that rather than dealing with actually moving things forward.
                    I see that all the time at lockpicking101.com. There's an 'advanced' area that talks about stuff best not revealed publically (safe manipulation, high end security bypasses, good stuff for wanna-be thieves to know) but there's really not much in there, but there's always someone whining.

                    I'll have to poke at the reputation system and see if that can be used to mod up/down users to get a group concessus on thier 'trustworthyness'. I just want to have an area that one can ask "Does anyone know how to do XYZ?" and not have it end up in google.
                    Never drink anything larger than your head!





                    Comment


                    • #11
                      Originally posted by renderman
                      I'll have to poke at the reputation system and see if that can be used to mod up/down users to get a group concessus on thier 'trustworthyness'. I just want to have an area that one can ask "Does anyone know how to do XYZ?" and not have it end up in google.
                      Here's the crux of the matter. Unless you are part of a *VERY* small group, I don't trust you. Not for certain things. It's just the way it is. I've even met you IRL, I believe, and I am not saying you are not a trustworthy kind of guy. I *am* saying that there are some things that just don't get shared, and that's the way it is.

                      To give you a benchmark, I trust Simple Nomad. I also trust other people that I am fairly sure you've never heard of. I trust them in different ways, with different kinds of information. I trust Steve Christey. I don't necessarily trust Mitre. I don't know that a reputation system that attempts to automate those trust factors is going to be able to model the various levels of trust there, or to extrapolate out and provide me a reason to trust someone I don't know, or don't know well, no matter how many of the people I trust tell me that I should.

                      It's an interesting business, trust.

                      Comment


                      • #12
                        IMHO, trust is an evolving feeling. You can trust someone, and one day, see something that makes a little dent in that trust. Or a big dent.

                        The question is, can you trust yourself to conciously and objectively trust others? Difficult answer, to which most would say 'yeah sure' - but now take a look back, and think of the number of times your trust has been broken. If it hasn't happened to you yet, don't worry - it will. Has the trust in yourself to know how much you can trust others been affected?

                        To get back on the original topic, I believe another barrier is technology. Back in the days of l0pht, they used to have many excellent tutorials on modifying Motorola pagers to receive all capcodes, and other radio-related stuff. Nowadays, radio networks have gone digital, some at such high-speeds that it's no longer possible to decode them with a simple soundcard and some software.

                        Take TETRA, which is a 28.8kbps TDMA digital trunked system - you need dedicated DSPs and very deep knowledge of modulation schemes, complex math and algorithms to even get started. I'm not saying that yesterday's hacks were easy, but the technology itself was more accessible with limited resources. To touch a modern PCB, you need tools that cost many thousands of dollars.

                        Most hacking has now gone onto software, just like pretty much everything else. We live in a more and more virtual world, where a few know how to make the very complex hardware, where our software then runs on. Ask a recently graduated telecomms engineer to draw you the schematic of a receiver, and he'll draw a nice box with the letters 'R' and 'X' inside, and a neat Y at the top as the antenna. Sadly, with software it's very easy to take credit for other people's work - and so there isn't as much sharing.

                        Regards,

                        Mother
                        Keyboard not found. Press any key to continue.
                        Asshat thinks: "where's the any key?"

                        Comment


                        • #13
                          Originally posted by Mother
                          IMHO, trust is an evolving feeling. You can trust someone, and one day, see something that makes a little dent in that trust. Or a big dent.
                          Good point. But in the context of what we're talking about here:

                          The question is, can you trust yourself to conciously and objectively trust others? Difficult answer, to which most would say 'yeah sure' - but now take a look back, and think of the number of times your trust has been broken. If it hasn't happened to you yet, don't worry - it will. Has the trust in yourself to know how much you can trust others been affected?
                          Thing is, while I agree with the point you're making, it's important to distinguish between trust and reliance. It's possible to work with someone you don't have to trust, provided you can rely on them. Of course, that would dictate the roles and interaction you'd likely give to or have with them, but it's still possible to work with someone in the absence of trust. In some ways it makes things simpler since you've got an exact baseline to measure them against.

                          To get back on the original topic, I believe another barrier is technology. Back in the days of l0pht, they used to have many excellent tutorials on modifying Motorola pagers to receive all capcodes, and other radio-related stuff. Nowadays, radio networks have gone digital, some at such high-speeds that it's no longer possible to decode them with a simple soundcard and some software.
                          Yeah, but WRT to radio specifically there's still a LOT of analogue-only stuff out there. Having said that, while it is a shame to have lost stuff like the Radiophone archives, Brian Oblivion's stuff, and so on, there's another side to this: people should be (and are) moving on to look at the digital technologies rather than stagnating with what's already known.

                          Take TETRA, which is a 28.8kbps TDMA digital trunked system - you need dedicated DSPs and very deep knowledge of modulation schemes, complex math and algorithms to even get started. I'm not saying that yesterday's hacks were easy, but the technology itself was more accessible with limited resources. To touch a modern PCB, you need tools that cost many thousands of dollars.
                          Good point. However: how were things like Bellcore documents and equipment obtained in the past?

                          Most hacking has now gone onto software, just like pretty much everything else. We live in a more and more virtual world, where a few know how to make the very complex hardware, where our software then runs on. Ask a recently graduated telecomms engineer to draw you the schematic of a receiver, and he'll draw a nice box with the letters 'R' and 'X' inside, and a neat Y at the top as the antenna. Sadly, with software it's very easy to take credit for other people's work - and so there isn't as much sharing.
                          One thing I'm firmly convinced the Internet has done a great job of is cutting down critical thinking and reasoning skills in most people who use it heavily - as well as profligating a fair bit of social retardation. That's a rant for another thread, though...

                          Comment


                          • #14
                            Information should be free, credit to the author should be something you just write. Only idiots steal ideas without crediting the author. When you steal ideas AND credits the author, what does he have to whine about?

                            Semi-software hacking {
                            Idea of the moment: [probably illegal in most countries] SMS - Short Message Sniffing.
                            What prevent people from picking up your unencrypted SMS'es? Nothing but the software to do it. I do not have much Java experience (VERY simple), so if anyone could take the idea and do something to it, you're free to go!
                            If you could filter the sniffing to only pick up messages to your own phone number and a list of x people's numbers, it would be much better... }

                            Comment


                            • #15
                              Originally posted by GBHis
                              Information should be free, credit to the author should be something you just write. Only idiots steal ideas without crediting the author. When you steal ideas AND credits the author, what does he have to whine about?
                              I think that Larry Wall said this best:

                              Open source should be about giving away things voluntarily. When
                              you force someone to give you something, it's no longer giving, it's
                              stealing. Persons of leisurely moral growth often confuse giving with
                              taking. -- Larry Wall
                              Raw data is free. Make of it what you will. Information is something constructed from raw data, and people are free (or not) to do with it as they will. Credit to the author? Are you saying, then, that theft is okay, as long as you let the author know you took it?

                              I will also state that some *ideas* are worth more than others. Supplying a random thought or two about something that might be interesting, if you only knew how to do it, is not the same as providing information and guidance on some specific effort.

                              Really, this is far afield from what the OP was suggesting, in any case. I would say that I've seen collaboration between people grow out of casual meetings (at defcon, and other places), but that kind of spark just can't be manufactured.

                              L0pht (I use this only as an example, since it is one of the best known) was a happy meeting of like-minded folk, but they were collaborating *before* they got together. How can you make an environment that encourages collaboration? How do you separate out the people who are going to contribute from the people who are just there to take, and not to give?

                              Comment

                              Working...
                              X