I posted the text below on Dave Farber’s Interesting People list and am now blogging it here. The specific subject of the thread was an article in the Boston Globe about Harvard Business School (HBS) rejecting 119 applicants because they viewed their admission status before they were suposed to: “Harvard rejects 119 accused of hacking” By Robert Weisman, Globe Staff  |  March 8, 2005. Farber particularly liked the starred paragraph, which was pointed out to me by Peggy Weil, a Harvard graduate who is an adjunct professor at USC; she heard it from one of her students. If it’s not obvious what this post has to do with Internet business risk management, I can explain further.

Tim Finan’s message is the first I’ve seen in this thread that referred to the original meaning of the word hacker: someone who enjoys stretching the capabilities of a system and solving hard problems.

It’s true that many people who pick up scripts and use them to attack systems (script kiddies) and others who do nothing but try to break systems (crackers) and others who systematically exploit system weaknesses for financial gain (organized crime) may call themselves hackers, but they’re flattering themselves.

Eric Raymond’s article about “The Hacker Milieu as Gift Culture” makes clear the difference.

Real hackers have given us Unix and Emacs and the Macintosh and apache and BSD and Linux and sendmail and numerous other high quality gifts, because that’s what they enjoy and that’s how they build their reputations.

Given the results, it’s useful to distinguish between real hackers (whom I’d think Harvard Business School would want to encourage, considering their activities benefit the economy) and crackers.

******* Also, as an admissions consultant noted in the original article:

"Kreisberg said some applicants may had inadvertently tried to access the files, without realizing they were looking for confidential information, after they were e-mailed directions from other students who had copied them from the BusinessWeek message board."

If that actually happened, some of the applicants may have simply thought they were participating in the gift culture when they and Harvard Business School (HBS) were actually victims of a rogue patch, resulting in reputation damage to them and HBS of the sort described in Eric Raymond’s paper.

Maybe HBS should spend a bit more resources increasing value offered to students by getting up to speed on present-day online culture rather than pursuing cost-cutting too far by outsourcing critical functions such as applications to a company that failed to keep them secure. The former might result in better improvements to the bottom line.

-jsq