I do not hack sites I don't own or have permission to hack. This is what differentiates good hackers and bad hackers.
What I do is poke at something. Maybe I'll try changing an input or altering the environment slightly and see how that changes things. I'll keep doing this until a pattern merges. From trying different things I start forming a hypothesis of what is happening inside the black box. If I try something and the result does not fit in my hypothesis, I form a new hypothesis. At some point I usually get a clear understanding of what is happening in the black box without ever seeing what is in the black box.
I essentially look at the symptoms and narrow down what the cause would be.
This is a good use of trial and error. The goal is not to find the input which gives me the desired output. If I stopped the moment I got the desired output, I might think I have the solution but I don't. Case in point, I input 2 and 2 and get 4. My hypothesis is that the black box does addition. At this point my hypothesis is correct. However, if I poke further I might find that inputing 2 and 3 gives me 6. Now I see that it is not addition. New hypothesis is that it is multiplication.
Hacking is really empirical. Unless I try every possible input, I cannot be certain my hypothesis is correct. For example, I might input 1 to a function and it returns 43, I input 2 and get 47, I input 3 and get 53. After inputting the numbers from 1 to 20 I notice all the numbers are prime! My hypothesis is that the function is a prime number generator. However, if I input 41 I get 1763. This is not prime (43 * 41 = 1763). Turns out the function is Euler's formula for finding prime numbers, i.e. n^2 + n + 41. This has been proven to only produce prime numbers when n is less than 40.
Still hacking can be a good thing. Trail and error to find THE answer is never a good thing.
I see a lot of people solving problems as follows:
- Program or computer not functioning correctly.
- Change something.
- If program or computer not functioning correctly go to step 2.
- Problem solved.
Now maybe they did find the right solution but most often they don't. Later the problem will come back with different symptoms. If I purchased a program from you and you used this method to solve the problem, here is how I see this as a consumer of software:
My car is running slower than normal. I bring it to my mechanic and he does the following:
- He changes the spark plugs and charges me for that.
- Car is still running slow.
- He adjusts the valve on the carburetor and charges me for that.
- Car is still running slow.
- He rotates the tires and charges me for that.
- Car is still running slow.
- He changes all the fluids and charges me for that.
- Car is still running slow.
- Cars today have a lot of electronics, so he disconnects the battery for a week.
- All my programming, bluetooth, radio stations, clock, GPS, etc. are gone.
- The car is no longer running slow.
- Three months later the car is running slow again.
- My mechanic disconnects the battery for a week.
- All my programming, bluetooth, radio stations, clock, GPS, etc. are gone.
- My car is still running slow.
Would you pay for all the work the mechanic did? I think it is safe to say that NO ONE would put up with this. Some people might put up with it until step 12 then find a new mechanic. Others would put up with this until just step 2 or 4. Most of us would not pay for anything after step 2.
I've worked in industries where EVERYONE programs like this. There might be 4 or 5 different vendors and you really don't have any other choice. However, it just takes one guy to write quality software and everyone switches to that other guy. Trying to win back those customers means you have to make up for all the poor software issues PLUS give them some incentive to switch away from the guy who has always given them good software.
No comments:
Post a Comment