If you’ve not seen it yet, there’s a meme going around saying DEFCON is cancelled. It seemed to be purely a good fun troll, but it’s been gaining in popularity over the last couple of weeks.
Then this morning I found what appears to be the official meme manifesto, and it made me wince a bit. Kind of like something good that’s slightly turned.
Let me try to explain.
First, I think the piece is trying to do multiple things at the same time.
I think it’s trying to be funny, which it is.
It’s trying to troll some noobs, which it does.
And finally, it’s trying to say some serious things about the industry, which is where I think it lands squarely in the Uncanny Valley.
The Uncanny Valley is where something like a CG character is almost perfect but is off just enough to cause alarm (see Tom Hanks above). And, importantly, if it were less perfect—in a movie the character would be more cartoony, and in a piece of satire it would be more obviously so—it would be accepted without issue. But because it sits right on the line it causes unease. And that’s precisely the sensation I got.
A few points from the text:
This one is a clear attack on those who think it’s immature to pursue true research and disclose vulnerabilities, and I absolutely agree with the point. There are nuances of course, but in general this is not something that the community benefits by giving up.
This is also a solid and deeply cutting point, saying that too many professional types have lost the curiosity and true hacker nature.
This one is a bit ‘on the nose’, but entertaining.
The next two sections are where I started feeling the Spidey Sense go off. On the national security topic I get the point of opposing blind trust in the government, but I worry it’s hinting at the position that anything under the guise of NATSEC is bad. That’s unhelpful.
Then it talks about privacy, and makes fun of the notion that nothing should be considered private. This is a hard one because I agree with the straw man that they’re knocking over, which is the “if you’ve got nothing to hide” argument. 100% agree.
But I also think privacy is going away, and that it is inevitable. This is because of the future of technology, data exchange, society, etc.—not because christian republicans are awesome, and ‘Merica. They’re two separate forces. I oppose one, and I believe the other to be inevitable. The piece conflates these two in an overly simplistic way.
Then we get this vibe as well. It’s actually all throughout the piece, but it’s most pronounced here.
Unsupervised Learning — Security, Tech, and AI in 10 minutes…
Get a weekly breakdown of what's happening in security and tech—and why it matters.
The “professional” bashing is the weakest part of the piece, and it’s what produced the Uncanny Valley feel for me.
It’s basically taking real, solid points, making them well and in a funny way, and then at the same time bashing hackers and/or wannabes who are transitioning to being professionals.
This is non-binary.
There are many hackers who become security professionals
There are many non-hackers who pretend to be hackers and then become security professionals
There are many non-hackers who don’t pretend to be hackers and become security professionals
There are many noobs who are neither, and who are trying to become one or both
I don’t get the professional hate, or the conflation of complex topics. It’s not useful.
National security is a thing, and it needs good security people to help.
You can’t blindly trust the government, because ‘Merica.
You can’t give up privacy because some Republican told you you’re a criminal if you don’t.
It’s ok to be a wild hacker in your younger years and then become a professional later in life.
Becoming a professional doesn’t have to mean compromising your values.
If these are in conflict for you it’s because you see the world too simplistically. The world is messy, and it requires nuanced and constant re-evalutation to navigate practicality while remaining true to core principals you believe in.
I wish things were as simple as this manifesto makes them out to be. It was easier for me when they were. But that’s the Fox News approach. It’s compartmentalizing everything into neat boxes so that you know who’s a real hacker, who’s a sell-out, that the government is bad, etc.
I get it. It’s clean. But reality isn’t clean. And true hackers figure out how to be good, in a dirty world, as a professional.
I agree with 90% of what’s being said here, and trolling noobs should never go out of style, but we shouldn’t pretend that the world is simple, because it isn’t.