Mastodawn

We need to have a talk, and I’m having a really hard time having it with my awesome hacker friends, because everyone is super duper emotionally invested and is deeply hurt by it.

I hope you all aren’t - because it involves all of us and it’s important. It’s not about any of y’all individually or your hard community work.

The talk is about how to make all of our cybersecurity conferences and events and meetups more accessible and conformable for young hackers because I’mreallysosorry, we’ve somehow become Old, and the stuff that we are ingrained with as “hacker culture” like movies, music, and memes all were created before they were born - and they may or may not have any emotional attachment or enjoyment of them at all.

That’s the conversation we need to have and that we are all responsible for and I swear it’s not aimed at any conference or person because we are all in this filter bubble of watching the Matrix and listening to Prodigy and remembering the hamster dance and all of that stuff while awesome was like a quarter century ago.

Part of building a community is thinking about including everyone and their culture under a mantle of good ethics and goals. So we really, really need to start having a chat about when we lean on the 90s hacker aesthetic and memories to the exclusion of people under 30. I had a wake up call hearing some students complaining about it.

12 Freya it/its𒀭𒈹𒍠𒊩 Sep 3, 2023

@hacks4pancakes we think there's a certain detachment from modern media (modern being, like, the kind of shit we were supposed to grow up with, being 24) in hacker circles, because like.... it got, like, even more horribly capitalist and bleh? Like, maybe we're looking in the wrong places, but there's not really that.... that *particular* hacker vibe in a lot of places... fuck, we're 24 and we feel old.

Arquinsiel Teknogrot Sep 3, 2023

@12 @hacks4pancakes An interesting thing I saw recently was someone having played the HBS Shadowrun PC games, liking the vibe, and asking if there was a hack made for the Cyberpunk RED RPG system to add elves and magic etc. Just really rammed it home that even in the niche interest circles the default assumptions have shifted since I was a babby trying to do something silly.

wenestvedt Sep 3, 2023

@hacks4pancakes Good point, and it applies to many other communities, specialities, and fandoms, too.

@wenestvedt I think so. I’m really worried now. It’s been keeping me up. And my pals work harder than me on events and they’re too tied to them to see this as anything but offensive…

Abivia Sep 4, 2023

@hacks4pancakes @wenestvedt Just to carbon date myself, my first hacks were done on rotary phones. I think I can say with some confidence that if organizers don't adapt, the world will route around them and new iterations will form in their place. It's happened many a time before, and it will happen again.

Frank Barton Sep 22, 2023

@abivia @hacks4pancakes @wenestvedt Hey - i still have a functional rotary phone at home... connected even

The_Turtle_Moves Sep 3, 2023

@wenestvedt @hacks4pancakes I just got to the bit in The Expanse books where they're like "we're 60, and all our OPA revolutionary buddies are old, and we haven't recruited anybody new in 30 years".
Same thing with the USPS, commercial pilots, etc etc.
On the other hand, us millennials are waiting for Boomers to retire and stop occupying all the moderately senior positions where you just sit and stall everything out for a decade.

The_Turtle_Moves Sep 3, 2023

@wenestvedt @hacks4pancakes This dynamic is pretty universal, one of two paths:
1) creative destruction, where the old institutions built by the old for the old eventually get destructively replaced by new institutions built by the young for the young.
2) old institutions see their demise coming and change themselves, typically pissing off everyone who has been enjoying them for decades.
You also see it a lot in churches. The overall institution keeps going (for better or worse).

Natanael ⚠️Sep 4, 2023

@The_Turtle_Moves @wenestvedt @hacks4pancakes IMHO society has given up on teaching the young / newcomers how to enter into a role in a new field, ensuring knowledge transfer. Not sure if I'm overestimating how much it was done in the past (or how well it worked), but stuff like genuine apprenticeships seems to have been much more common decades ago. Today you're expected to find your own role and learn with minimal guidance.

Ted Dunning Sep 4, 2023

Nah... we've been crap at that outside of a few specialized occupations for a very, very long time.

I can't think of much any revolutionary tech that got this right in the last 50 years. And the ones that had it moderately working in the 50 years before then (mostly academic physics and biology) kind of destroyed the positive dynamics.

So you are dead on in identifying the lack, but there hasn't really been a golden age for this.

@Natanael_L @The_Turtle_Moves @wenestvedt @hacks4pancakes

The_Turtle_Moves Sep 4, 2023

@ted_dunning @Natanael_L @wenestvedt @hacks4pancakes
There's always been lots of supposed mechanisms to get newbies inculcated, and, they've all ACTUALLY always relied on people who want to learn miraculously getting paired with people who want to mentor. All the other pairings go ahead, but fall somewhere on the spectrum of pointless to abusive, and the best you can hope for is a mediocre outcome.
That's been true for apprenticeships in the middle ages through unpaid internships in the present.

Ted Dunning Sep 4, 2023

Yep.

The miracle part is what needs a better implementation.

@The_Turtle_Moves @Natanael_L @wenestvedt @hacks4pancakes

The_Turtle_Moves Sep 4, 2023

@wenestvedt @hacks4pancakes I think really the only way to improve on these two kind of destructive, adversarial, evolutions is to reduce the cycle time and do more frequent small changes. That said, change for the sake of change is also bad?
There's organisms, I wish I could remember an example, that kind of identify when their environment is funky and increase their rate of mutation so that they evolve faster when necessary, but stagnate comfortably when possible.

Len Whitten Sep 4, 2023

@The_Turtle_Moves @wenestvedt @hacks4pancakes I'm mid-boomer (70). I've been coding since 1969 (punch cards, 1 line each). Retired @ 64 but still create websites & home automation. So I'm not dead yet, but every single professional I interact with is younger by 20-30 yrs (Gen X). It's not Boomers in your way, it's Gen X. And we only have money because we saved for 50 yrs. You will stand in the way of Gen Z, and have more money when you retire in 20-30 yrs (enjoy the journey; it goes by fast).

Dale Worthington Sep 5, 2023

@The_Turtle_Moves @wenestvedt @hacks4pancakes
As late as the 80s, I worked in a steel mill, where I had to wait for a 61 year old to either retire, or die, so I could work on the day shift.
Same old, same old.
Only thing new under the sun, is the date.

Shecky - Third Wheel Sep 3, 2023

@wenestvedt @hacks4pancakes I know the train and model train communities have this same issue.

CautionWIP (he/him) 🏳️‍🌈🇨🇦🕎Sep 4, 2023

@wenestvedt @hacks4pancakes Omg yes. It’s precisely why so much of SF literary fandom has been getting older & older on average every year. Pushback against changing styles and new ways of expressing a love of the genre (video-games, cosplay, etc..) - plus a certain amount of white make privilege and bias - turned away legions of young fans who wanted to join in back in the ‘90s & aughts. Legions who ended up heavily influencing the change in comic & media conventions into wildly inclusive and culturally iconic events that include SF authors & fans **as well as** every other even vaguely related medium and their supporters. Meanwhile local literary conventions who keep inviting the same authors to talk about the same things and maybe loosen up enough to include a couple of panels on cosplay and/or anime are folding for lack of attendance.

pfriedma Sep 3, 2023

@hacks4pancakes
>> A quarter century ago
Excuse me, while I go listen to Underworld and turn to dust.

This post is great - I, for the life of me, couldn't tell you what 'hacker culture' looks like to someone under 30 (and that's a gap I should close), but I hope it's multicultural and super queer.

@pfriedma so maybe we should make our community spaces more multicultural and queer!

pfriedma Sep 3, 2023

@hacks4pancakes
Yes! And somewhat relatedly, step aside and guide.
Something I've been personally intentional about (and think is a generally good idea) is recasting my own role as a mentor and enabler. IMHO, once you get to a certain point of influence and privilege, your role should be to secure doors open, and smooth the paths for the younger generation to take the lead - remove the roadblocks and gatekeeping we experienced.
Yeah, sometimes that means you get leap-frogged. Sometimes the way they'll do things isn't the way you would. That's ok. So often, what was the younger generation, becomes the old one and shuts the doors they opened behind them.
My goal in this point of my life is to use the tools I've acquired to tear down as many barriers as I can so that the young, passionate generation, with more energy than I, can do their thing.

Tindra Sep 4, 2023

@pfriedma @hacks4pancakes I once had a leader who made a point of, when it came time to show his seniors what he’s been up to lately, had the people who were the ones actually doing the work brief their projects. He didn’t need more face time with his boss, but those juniors benefited from the sponsorship he provided (and the mentorship and guidance in preparing for that meeting)

And that’s something that stuck with me. There’s times when I need to be out front. But outside those times? Take every opportunity to develop those coming behind me.

littlerachyb Sep 4, 2023

@pfriedma @hacks4pancakes I'm not in hacker culture what so ever, but this here toot seems universal and certainly keys into something I've been feeling about my role in my own industry recently

Sean Sep 4, 2023

@pfriedma @hacks4pancakes Since this was an event, maybe you can directly reach out to attendees for feedback? As personally as possible, so it isn’t just ignored. Ideally, this might lead you to groups or individuals you could consult when designing the next conference. Which should straight up be a paid gig. Title it “hack our conference.”

Dan 🌈Sep 3, 2023

@hacks4pancakes
Sign me up for queer multiculturalism. Is there a newsletter? Can we go clubbing together? :D
@pfriedma

Julia Rez Sep 3, 2023

@hacks4pancakes @pfriedma

If my experience of CCCamp23 is a guide, it is Queer AF by default. Awesomely, gleefully, flags-and-cat-ears-and-sharks so.

Gord Sep 4, 2023

@pfriedma @hacks4pancakes I'm really lucky to have had exposure to it through my younger friends. Its definitely way more queer than what I grew up in and its a great thing. Its definitely more welcoming of a space than what I had of some crusty old farts in IRC channels 20+ years ago in some instances. In 90s parlance, I'd be called an aging hipster trying to keep up with the young'uns, but they're so much fun and don't tease too much when you need to take your ibuprofen after they've made you walk for 3 hours. They also have a heck of a lot to teach, not just technical, but on life.

Greg Bell Sep 4, 2023

@pfriedma @hacks4pancakes dubnobass in the dark is tonic for seismic existential reverberations

Sarah Miller Sep 3, 2023

@hacks4pancakes this is important. I see it in other spaces too. I think part of the fix is to invite the next generation to the planning table in ways they can actually do so. Then actually listen to them and incorporate their ideas.

The ways that people engage and volunteer have changed. I'm watching some organizations die because they won't change.

"Hi, please consider volunteering a shit ton of hours in addition to raising your family, building your career, trying to buy a house, etc." isn't the answer. Meaningful bite size chunks is.

I struggle with this as a professor too. I'm old. I know I'm old. I know they know I'm old. And now I'm rambling. But it's a problem that does need fixing.

Bob Davidson Sep 3, 2023

@scba @hacks4pancakes

all of this but the hampster dance

Garrett Wollman Sep 3, 2023

@scba @hacks4pancakes This is a big problem in the SF community as well, which has largely bifurcated into huge, for-profit, IP-driven cons and still-rather-large volunteer-run cons, and the people who run the latter are pulled in seventeen different directions simultaneously (it must be accessible! and safe! and hybrid! and welcoming! and affordable! and have child care! and have printed program guides! and no problematic guests or sponsors!) and still we ask, "why is fandom greying?"

steve Sep 3, 2023

@scba @hacks4pancakes Having just turned that corner from being a junior member of my organization to a more senior person. I can sort of see where they come from.
"Hey, we want you to invest a bunch of time in this project to transform our company. It will be a growth experience."
"So I will have final say in the outcome?"
"No, we are totally going to put someone above you to second guess your decisions and say they were all tried before with terrible results."

Sarah Miller Sep 3, 2023

@strap @hacks4pancakes and the danger in this attitude is vast. Nearly every after-action I've written or read related to a worst case scenario involved a junior person being ignored when they pointed out a fatal flaw. And then the org, or worse, the community, pays a horrible price.

Siderea, Sibylla Bostoniensis Sep 3, 2023

Which reminds me. Decades ago, my local SCA branch adopted a doctrine and carved it into its governing documents: whoever is in charge of an event has absolute authority over how it is run. The branch president has one and only one remedy if they feel an event organizer has done sufficiently wrong: they can fire the event organizer and take over running the event. If you volunteer to run an event for that group, and the group approves you proposal and authorizes your event, you get to run it however you see fit.

They're celebrating their 50th anniversary next week. It's still a going concern. And I recognize less than half of the names of the people getting things done, which means it's new blood.

Most people don't think things like organizational rules about the limits of power have anything to do with what they think of as recruitment but they'd be wrong. What they think of as recruitment is often retention, & disposition of power shapes retention.

@scba @hacks4pancakes

Sarah Miller Sep 3, 2023

@siderea @strap @hacks4pancakes thissss!

William Sep 3, 2023

@siderea @strap @scba @hacks4pancakes
Empowerment is everything. My organization is attempting to grow but haemorrhaging the best people because a pack of elderly Gen X want to run it as their personal fiefdom with no accountability or delegation, using business practices that were kind of stale in 2003 when they were first getting into real roles.

Siderea, Sibylla Bostoniensis Sep 4, 2023

It really is. I know a lot of people cringe when they hear the word empowerment - hell, *I* cringe when I hear the word empowerment - because it has a bad rep as a mealy-mouthed buzzword HR types and other responsibility-shifting, blame-placing authorities use when they are lying to subordinates.

But empowerment - the real thing, giving people actual power - really IS everything.

@strap @scba @hacks4pancakes

Shecky - Third Wheel Sep 3, 2023

@scba @hacks4pancakes part of that problem is wanting experienced people helping to plan especially with conference planning experience.
We need organizers that will take in yo mentor and listen to the ideas.

Sarah Miller Sep 3, 2023

@siliconshecky @hacks4pancakes yes! I got caught in the crossfire of an OSINT CTF that was a great idea, well executed, but didn't benefit from having someone with experience to share "things to plan for". Which would probably have included warning someone (me) that some of my public info was part of the CTF. Caused me great consternation for a few hours while I figured out wtf was going on. Then I thought it was funny. Then I volunteered to provide them a little guidance.

Darrin West Sep 3, 2023

@hacks4pancakes It is not movies, music, memes specifically that help reinforce community. It’s “inside jokes”/knowledge and respect measured by the time spect to adopt that. In some groups you have special handshakes, code words, etc. Young people are going to come with more modern versions of that “culture”. Old folks need to keep up. And invite those few young extroverts to sit on the “entertainment committee“, and give them two votes. And be brave. Learn to love anime.

Garth Kidd Sep 3, 2023

@obviousdwest @hacks4pancakes the #PyConAU organisers tend their culture with care, including documenting many of the community’s inside jokes so everyone can feel they’re inside https://2023.pycon.org.au/about/culture/

It’s not a comprehensive list, but it doesn’t need to be. The convenors reinforce the culture on stage each morning, and pretty much everyone follows suit.

The Culture of PyCon AU—PyCon AU 2023

RAK Sep 4, 2023

@obviousdwest @hacks4pancakes: Last time I tried watching an anime, it was Initial D and there was all sorts of unnecessarily sexually creepy stuff in there that put me well off.

@hacks4pancakes I have experienced that kind of disconnect often with my apprentices and young graduates at work. They don't seem to have any particular attachment to 'hacker culture', and are generally more integrated in their peer groups than me or my ex-teen hacker friends were at their age. It feels like hacking (often specifically penetration testing) is more of a career choice than a lifestyle. No judgement, and of course everyone is different - this is just a trend I have seen in the last 10 or so of mentoring junior colleagues in security

Nire Bryce Sep 3, 2023

@luigirenna @hacks4pancakes not in the industry, but from the outside it seems like some of that is probably that with ubiquitous surveillance it's harder to commit the sort of minor not-really-crimes that get the skillset for pentesting, these days.

@NireBryce @hacks4pancakes on the other hand, there are plenty of platforms where people can learn on crafted VMs. Things like hackthebox.eu offer gamified experience linked to learning track. I reckon getting started has never been so easy

@luigirenna @NireBryce little bit of both. Lots of structured training,icy less opportunity to think outside the box. And it shows.

Nire Bryce Sep 3, 2023

@hacks4pancakes @luigirenna

that feels like every industry right now though...

I don't think it's a bad thing, but a lot of places aren't acknowledging it and that's leading to a lot of friction everywhere

Nire Bryce Sep 3, 2023

@luigirenna yeah, it's that too I suppose -- you don't need to necessarily be surrounded by mentors in the culture anymore, online or off

William Sep 3, 2023

@luigirenna @hacks4pancakes yes. In 1995 you could do infosec inside NSA or you could be an outlaw cipherpunk. There was no middle-ground of infosec as acceptable commercial activity: if you wanted to do pentesting or cryptography or advocate for privacy against Clipper, you were literally working in opposition to the US federal government.

Now it's just a specific technical career and you don't need to have oppositional defiance disorder to succeed ;) so the culture necessarily changes.

William Sep 4, 2023

@luigirenna @hacks4pancakes
Infosec & crypto went from anti-establishment borderline-criminality for deeply moral actions, to Finance Establishment. Look how Zimmerman was treated vs cryptocurrency scam bros boosting their Ponzi value via Sotheby's.

Straight/square kids can say "I want to infosec" with no fear or countercultural aspect. Most young infosec people are not outsiders anymore, with the exception of its spectacular queerness. Is that a hangover from The Matrix?

cakepop demon hunter Sep 3, 2023

@hacks4pancakes thanks for this reminder.
one way i have approached this when interacting with the youths is just let them take the lead. being curious about what they are into and letting them be excited about it without shitting on it because it isnt prodigy or matrix or whatever. finding delight in the evolution of culture and the common touchpoints we do have. let being old be just a different kind of geek instead of trying to be the tower wizard, arbiter of “true hacker culture”

Sam Grubb Sep 3, 2023

@hacks4pancakes this really important for getting them interested in security long term too. I’ve had so many new comers burn out when they figure out it’s more spreadsheets then raves.

official_verified

@hacks4pancakes Yes, and the military references too. I never get any of them.

12 Freya it/its𒀭𒈹𒍠𒊩 Sep 3, 2023

@Em0nM4stodon @hacks4pancakes oh? what kinds of military references? We don't see a lot of those in the spaces we hang out in, or if we do, we don't recognise them as military

Jay Thoden van Velzen ☁️🛡️

@12 @Em0nM4stodon @hacks4pancakes kill chain, attack surface, threat actor, threat landscape, breach of perimeter, layered defense, attack path, red/blue team, cyber-anything, ...

12 Freya it/its𒀭𒈹𒍠𒊩 Sep 3, 2023

@jaythvv @Em0nM4stodon @hacks4pancakes cyber anything we'll agree with you on, that shit's just fucking stupid and makes you sound like a US senator from 1996 who wouldn't know a bitty box wintel machine from a proper bit of big iron if it bit them on the ass.

malte Sep 4, 2023

@12 @Em0nM4stodon @hacks4pancakes opsec, infosec, psyop, sigint, red/blue team, dmz, etc.pp.