I think one thing this community does really well, better than almost any
other community I've found, is training. It's amazing, in a way,
because this is a community of professional secret holders. And yet
everywhere you look, a hacker is putting their heart and soul into
iterating on lab exercises for their class in whatever sub-field they are
an expert in.
And giving training is hard. It's hard in the way consulting is hard, but
with even more social activity. On one hand: It's lucrative? But hour for
hour, you're probably better off financially by finding a new bug or doing
consulting work, or any number of other activities than building,
marketing, and running a training class.
When I left my last position, one of the first things I did was pay for and
take Amy Burnette's browser exploitation class. And that's paid off to this
day, really. And there's so many good classes, taught by all the
specialists in our various sub-niches.
It's spectacular that in this world of auto-didacts, we are gifted in the
quantity and quality of training available in our field in a way that is
basically unheard of in any other field.
Of course, there's a lot of things you can't learn from training, and I was
reflecting on this while sitting down and reading the labyrinthine
specifications of some huge protocol for one of my current projects. A lot
of the best bugs I've ever seen hackers find have been from doing exactly
that: They sit and hit page down on some extensively huge and boring
documentation with the steady, persistent rhythm of a neurodivergent
woodpecker pecking at a tree, each tap bringing them closer to the elusive
kernel of truth.
Like, I know people who have various protocol RFCs printed out for long
airplane rides. I've seen hackers read through a book on an operating
system design and then just circle an LPE in the book with a yellow
highlighter.
On the flip side, there are times when you dive headfirst into a colossal
specification, emerging as a veritable guru on an esoteric legacy mail
transfer mess like X.400. Yet, despite this newfound expertise, you find
yourself no more enlightened or advantaged than before, as if you've scaled
a mountain only to find the summit shrouded in the same thick fog that
cloaked its base.
Anyways, happy holidays everyone. Hopefully you had a year of worthy
discoveries.
-dave
Show replies by date