When you hear someone say "I’m a hacker", you immediately check your wallet and move back from that that person. I am proud to say that I am a hacker… the original meaning of course. The original meaning of a hacker was someone who explores the full capabilities of a system, usually to integrate new hardware or software to a system. A hacker would try to circumvent a limitation or create a new application of an existing technology to solve a problem. Hackers in this vein do things like put Linux on a Nintendo DS.

The current version of term hacker is a person who intrudes other peoples’ systems, usually for bad intent. Although familiar with what current hackers do, I have no interest in that form of hacking, and I don’t tolerate any sort of intrusion.

The current climate at my client, and really most large enterprises these days are one of security. The problem is that it is easier to restrict everyone than to have a reasonable policy for application software development team members. It’s a form of "security by obscurity". An extremely restrictive policy on software downloading and the internet makes things easier for the security team, but it makes the job that application development team members do an order of magnitude harder.

My Example:
I wrote a simple Java based application for my client. This application was only to be used by our team. I quickly completed the application on my machine, but I quickly found 2 problems. The USB ports must use approved drives, and I have no way of installing any software. I had to borrow a "clean" USB drive from a team member to move files from my machine to my client’s machine. I simply don’t get the idea of sending a USB drive to a security team for verification. Once verified, anyone can use the "clean" drive for any purpose. It doesn’t make you secure, but I digress.
The database I used was not on the "approved" list. Our team has its own space, but we have no control over it. We cannot install any software on "our" drive. If I wanted to use an approved database, I would have to submit a request to the database team, and justification for use. A non-hacker would just chalk this up to hitting the corporate wall, but a hacker takes this as a challenge. Instead of fighting a losing 3 month battle to get the database team to write and support for me a 3 table database for 5 – 7 people, I decided to try a different tack; I reworked the application to use an embedded database. The embedded database will work, but only if it is in a central location. That means I need to rework my application a second time. Fortunately, my application development team can use the shared drive. I now have an application that accesses an embedded database, and I don’t have to fight any battles! I go to a team member to beta the application, and it is apparent, that he doesn’t have the current JRE. Our team uses Java 1.4.2, so there aren’t any new JREs on his machine. For you non-java types, a JDK is used to develop applications, and JRE allows users to just run Java applications. It is highly unusual to have Java developers, even ones using older versions of Java for development, to NOT have the latest version of the JRE. This means either I would have to request that latest JRE be added to my team’s machines, and of course give justification and paperwork, or I can recompile my application in the old version. I now need to check to see if all of my Java team members have a JDK or JRE on their machine.

The simple solution would be to download the 3 megabyte JRE, but no one, not even highly qualified developers are allowed to anything on their machine. I have tried to put the JRE on the shared drive, but there are some registry settings (We are using Windows) that need to be set, and I don’t want to go there.

The point of this story is not to whine about enterprise policies. I follow the rules that are in place. The point is that hackers are undeterred by limitations, real or imaginary. Hackers will find a solution to problem. I am a hacker.