Hacking/cracking on or from Nyx: Briefly: Please don't. Nyx is unique in the world. Most free public access networks are clamped into menu systems that do not give you the freedom and the power of Nyx's shell system and access to the Internet. (See "philosphy" of Nyx) Hacking and cracking of Nyx or hacking/cracking of other systems from Nyx threaten Nyx's very existence. In fact, most of the limits currently in place on Nyx were required because of the abuse of hackers/crackers. (See "history" of Nyx.) If you believe that the existence of a a public access network like Nyx is worthwhile please cooperate with us. Nyx uses some security features and will probably add others. The purpose of these security features for the sole purpose of protecting the freedoms we currently have. Thus there are two types of security in place on Nyx: (1) measures to keep everyone happy so that Nyx doesn't get shut down; and (2) measures to protect the electronic society so that it doesn't get destroyed. Nyx certainly not a tightly secured system and cracking it for sport is not much of a challenge, but could threatened Nyx's very existence. If you enjoy the thrill of the chase yoou won't find that either, since the Nyx administrators are all volunteers, they are unlikely to have the time to spend chasing you. As far as doing things on Nyx, you are free to do whatever others can. Please don't try to break into root -- there's almost NOTHING on here that you can't get to as a normal user (most of the system is readable). What is protected is stuff to keep the system running smoothly and other people's accounts with their private files (which you shouldn't be nosing around in anyway -- it's THEIR stuff -- and there's usually not much of it). Not to mention that if, as root, you make a typo.... In particular: - Do NOT run "find / ....." -- it really kills performance - Do NOT leave processes behind that read named pipe (fifo) files - Do NOT run password cracking programs; they too eat cpu like mad - Do NOT store huge amounts of files -- all users share a small partition, hence 100K (yes K!) is the requested maximum. If you need more TEMPORARILY, use /nyx/tmp. - Don't be obnoxious. Don't create more than one account, don't publish this address as "how to reach hacker XXX", don't send people annoying mail, don't upload pirated software... indeed, you should behave like a really nice user so you don't get noticed. Note that when the admins see phony logins they will shut them off; and when they see evidence of hacking in an account, they will shut it off too. This is nothing personal, they are just protecting the system. Killing Nyx would make thousands of users unhappy. A couple further notes from Andrew Burt, Nyx's Founder: "hacker" vs. "cracker": Frankly, anyone who breaks in to a system and causes even the most minimal amount of trouble, that person is a "vandal", or a "selfish moron" A real hacker would never cause trouble. But seriously, I use the term "cracker" for someone who uses somebody else's program or instructions to gain access they aren't supposed to have -- in other words, to me, a cracker doesn't invent new knowledge, they just use knowledge someone else invented. I have no respect for anyone who breaks in using a hole they didn't invent themselves. Whereas to me a "hacker" creates, for the sake of the knowledge itself, not with the intent to use it for gain or joyriding. On the other hand, many people might disagree with my personal usage, or want to be called hackers even if they're merely crackers, so I've addressed this document to "hackers/crackers". Of course, many hackers (by the above definition) do nothing related to system security; clearly, I'm not addressing this to them. While we're talking about it, let me elaborate my views on hacking. As I'm typing this in, I can think of the following reasons why you'd want to be a hacker, i.e., the "standard" defense of hacking (feel free to suggest others): 1) To learn about the underlying systems; 2) To help sys admin's find security holes; 3) It's fun and entertaining. Let me tell you my views on these "justifications", so you know where I stand. Re #1. In the "old" days, I agree, about the only way to learn was to find source code, which was often locked away. For the most part, today this is not so: BSD code, GNU code, other net code, is all of the highest quality and publicly available. Not to mention that there are an untold number of experts out there who will answer questions just for the asking. I suppose some systems are still closed -- say VMS. But who really gives a hoot about VMS? Unix is where the action is... :-) I truly believe in freedom of information; what I like about Unix is that it IS free information already, no need for hacking! Ergo, no need for hacking reason #1. For #2, this is almost always pure horse-puckey. First, how often do hackers even tell the sys admin's about the holes? But second, regardless of telling or not, and far more importantly, nearly all the time this is a pure fallacy. It is like cutting a hole in someone's roof to break in to their house, then saying "oh boy, did I ever do you a favor showing you how insecure your house is!". My point is this: The only people likely to break in using such holes are the ones who justify it this way. If hackers didn't use the hole, nobody at al would be, so closing the hole is a waste of effort. See my point? Think about this one. Sure, there will always be holes, but some are so unlikely to be used, one has to draw the line somewhere and say "it's not worth fixing". I refuse to armor plate my roof just because it MIGHT be a way in. In a perfect world, which is what we should strive for, and act like by default, we would all trust one another, so need no security. I'd like to see computing have that trust, so that we don't need to fix every piddly potential security hole. It just wastes time better spent IMPROVING things. Please consider this. #3. Ok, sure, we all know it is. I see this as the only "true" justification for cracking. As such, it needs to live by the same guidelines that other fun things live by -- namely, not to bother anyone else. I think this is the crux of most laws -- don't make somebody else do or even *think* something they wouldn't have otherwise willingly done/thought. To do so is to impose YOUR will on someone else, which is -- without any doubt -- morally wrong. Now, there are some cases where this is done "for the common good", e.g., taxes, condemnation of property, etc. Ok, so life isn't perfect. But, this type of force should never be involved when the only benefit is *entertainment*. Taxes are a necessary evil; hacking is not. Thus, I am firmly opposed to any hacking that in ANY way makes any other user do or think something they wouldn't have otherwise done willingly. This includes invading someone else's privacy. There is absolutely no justification for an invasion of privacy relating to hacking. This includes, yes, reading sys admins mail to see if they're "on to" a hacker. If you're that worried about it, DON'T DO IT. Even if you're just curious and not worried -- that's back to square one, imposing on someone for your personal enjoyment, a social no-no. Humans need privacy -- it's a fact. It is repugnant to be so selfish that you feel you're better than this moral law. You're less than human if you're that selfish. Lastly, another reason I am opposed to hacking on Nyx is the potential for (accidental or intentional) harm. I don't care how good you are, or how careful, an accidental "rm *" is a damn nuisance and possibly irreversibly destructive (e.g., for files not backed up yet). Back to my prior point: it makes me do something I wouldn't have done otherwise (waste time restore files, for example). So just "Don't Do It".