My son’s school had a day this week called “Festival of Numbers”, a day where they invited the geeky parents and anyone else to come teach fun hands-on classes about science, math, engineering, or computer concepts. There were GPS treasure hunts along with classes on origami and code-breaking, probabilities in poker, bubble blowing, calculus, and gravity. The kids from grades 3-8 could sign up for whatever classes they liked throughout the day. It was an amazing event!
I proposed teaching “Computer Hacking 101” which would be a hands-on tour of Unix (in this case Mac OS X) with a little bit of Python thrown in at the end. The school officials reacted with mild dismay to the word “hacking” and I think the issue was kicked up to the district level. I hadn’t realized that popular opinion, even in Silicon Valley, equates hacking with criminals. So, they changed the class’s title to Command Line Secrets along with a kind of silly description about “robo cops and techno spies”. This made me laugh in that it was a weird endorsement of state violence (spies, cops) while rejecting individual power to learn skills and wield knowledge. Well, of course I went ahead and taught the same things I had been planning to teach.
The class was about 30 middle school students. A core of them seemed to be there because they heard from my 6th grade Python student that I was a decent teacher. We opened the class with the IT guy from the district logging them all in from a central computer under the same temporary login that let them access Terminal. As he did this, I read out the points of the Hacker Ethic and explained why I think it’s important for us to be able to tinker with the guts of the computer and of the Internet and the servers where we keep our information.
1. Access to computers—and anything which might teach you something about the way the world works—should be unlimited and total. Always yield to the Hands-on Imperative!
2. All information should be free.
3. Mistrust authority—promote decentralization.
4. Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race or position.
5. You can create art and beauty on a computer.
6. Computers can change your life for the better.
Of course it’s the Festival of Numbers not the Festival of Subversion, but cultural background is important!
I explained that knowing how to mess around with Unix or Linux was useful because tons of Internet servers use it. We went through a few basic commands like ls, pwd, and cd to understand the idea of moving around in directories and knowing “where you are”. Most of the kids didn’t catch on to this too well, but they managed. It’s really best to teach this kind of class with an extra helper for every 5-10 students, to get them all on the same page.
Then I asked who would like to see the super secret master password file for the computer. There were some actual screams of delight and disbelief. EVERYONE WOULD! What a surprise. We cd-ed into /etc and typed “more passwd”. I didn’t dwell on this too much, but told them to google it to understand all the bits of /etc/passwd, and said that the passwords won’t actually show, even if you have root, but you might be able to see the encrypted passwords in another file. A tall girl raised her hand. “So… um… how do you understand that encryption? How do you know how to encrypt things?”
We didn’t go into that. Instead I moved on to some more commands like touch and mkdir to make a file and a directory. Then they were getting a bit restless. Many people had moved ahead on the handout and there were more shrieks from around the room as people had typed ps -x or top and were stuck with lines of green text scrolling by in a Matrix-like way! There was another bit on the handout that explained to try control-C, control-D, q, quit, escape, and so on to get unstuck, but it was information I repeated many times over the next two hours!
At that point I was peppered with questions and some kids demonstrated to others that in Mac OS X you can type “say I like farts” and the Mac computer synthesized voice will say it out loud. Hilarity ensued. I let that go for a few minutes (laughing) and then the “say” chorus mostly stopped. Another kid in the back of the room raised his hand. “Ms. Henry how could I see someone’s IP address?” Other kids wanted to know what an IP address was so I gave an extremely condensed explanation that it was a number that shows at what point you’re connecting to the net. We moved on to the “Nifty Network Tools” bit of my handout, and tried: whoami, who, hostname, whois, ping, dig, ifconfig, and traceroute. It was impossible to keep the whole class together and still move as fast as I wanted to. But I did show whoever was paying attention how to do an nslookup on baidu.com, then traceroute to it, which is fun because you can see that it goes to China and that the time lag keeps increasing.
A couple of kids asked how they could get to Terminal to experiment with all these things when the computer lab at school locks them out of it. I recommended they ask teachers with computers in the classroom if they can experiment there, since those computers aren’t under central control. When they asked further if there was some way they could hypothetically get around the lockout in the computer lab I asked the IT guy if they had Terminal and a browser on a USB drive and ran it from there, if that would work. He wasn’t sure!
At some point in response to all their “how to get around school policy” questions I recommended they propose what they wanted to the school and see how they could get it, maybe through a computer club, or a promise of good behavior and to report any serious security holes immediately to a teacher or to the IT staff. And also, that they agree with their friends to try and hack each others’ accounts, then do harmless pranks — not anything malicious or mean. For “password cracking” questions I steered the conversation towards the importance of picking good passwords, but I did mention dictionary attacks, keylogging, and man in the middle attacks as well as simple social engineering or shoulder surfing.
It was a fascinating experience, I loved the kinds of questions they asked, and really wonder what they’ll do with the information! It seems to me too that I should teach an identical class for their teachers and parents, to demystify the subject and let them know the landscape.
What would you teach to middle school kids in a Hacking 101 class?