"I'll be out for lunch with Mr Granger for a while. If anyone calls, don't pass them on through my cellular. Take a message and say I will call afterwards."

"Have a nice meal, Mr Thompson"

"See you later then, Janet"

I wait for a few minutes, busying myself at my desk, and then sneak into his office. His cheap Seiko Transparency virtual rig is neatly hung up in the corner. Mr Thompson may only be the owner of a small metallurgic firm, but he has a vice: he wants to watch the news in VR, just like the big boys. I carefully don the gloves and headset, and give the command sequence.


I fly in towards the shining center of the Market, a huge brilliance floating in an almost empty space. Rays of stock market indices, updated credit ratings, business news and other information flow in and out at a frantic tempo. Surrounding the center the virtual offices of various interfacers and organizations float like a small asteroid belt. Whoever designed the virtual sometime in the ancient past of the Concordat must have had fun and enjoyed the esthetics of business. I locate the UII office and beam towards it - time for some business.


The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes, little bits of data. It's all just electrons.
Mobile phones have become extremely common in the trade blocks; traditional stationary phones have gradually become mere add-ons to the computers that instead use the below-ground networks.

Mobile phones can be traced. If the phone number is known, it is possible to use the cellular phone network to find out which base station the phone is currently closest to. This of course requires access to the network, something usually only the net provider, police and intelligence agencies should have.

If the phone is known to be in the vicinity, its emissions can be traced (satellite phones are especially easy to detect, thanks to their higher power). An emission tracer can give the rough direction to sending phones, and using triangulation the location can be exactly determined. Things get much easier if the phone is actively sending, but even the normal emissions are enough to detect. Of course, it is much trickier to find an individual phone in the midst of many others.

Even worse, in some telesystems it is possible to use the phones to listen in even when they are not in use. The only way to detect it is by checking their emissions or noticing that the batteries are running low too quickly.

To keep ahead of tracking, many Concordat members have adopted the "disposable phone" trick: use a phone only once, then discard it (Malaysian Bell makes a living from this practice). You need plenty of cheap phones, but you'll be very hard to trace. Another trick is to use hacked phones ("debugged phones"), making the network think they are someone else's phone.

One great hack developed by Vondrak & Co is the cellphone computer: a small virus is inserted into the microprocessor of a cellphone, and while the phone is idle it acts as a node in a distributed computing network, doing parts of a larger calculation. By spreading infected phones Vondrak and other infohackers have gained a huge, distributed system of significant computing power. Currently the "cell collective" is mainly used for some large-scale gardening and crypto-testing, but information hiding has also been considered. It could of course also be used to disrupt the local net.


Am Heimcomputer sitz' ich hier
Und programmiert die Zukunft mir
Computers in 2015 are everywhere: from the small ubis, cheap palm-sized computers used in many offices, wearables (worn in the clothes) and laptops over personal computers to global computer networks and supercomputing centers. Still, most people treat them as magic boxes and only learn how to use the software they need, becoming completely dependent on the wizardry of software companies and experts.

In the past chips doubled their power every 18 months or so, the famous Moore's Law. Not anymore. Around 2010, the rate of development began to level off, the old semiconductors couldn't be developed much further due to physical constraints. Intel, Motorola and the other manufacturers sought a solution, and heavily sponsored research into nanotechnology among other things - something they do not speak loudly about right now. For the moment it looks like hardware isn't becoming better quickly, and people who need a lot of power instead have to rely on parallel computers with lots of processors. But the pressure for more computing power is great, and the computer industry would dearly like to have something like nanocomputers (one of the few places where nanotechnology is actively advocated is of course Silicon Valley; the large manufacturers do not comment openly on it, but plenty of individuals do).

Software has developed, at least on the surface. User interfaces have finally becoming useable, programs can be combined in flexible ways, agents help the user and practical software exists for just about any area. Underneath it is often the same old mess: bloatware hiding its inefficiency by using a lot of computing power, with hidden bugs and glitches, expensive to maintain and develop - exactly what certain software companies like. But there exists powerful software too, including some systems in development that may, if they are given enough resources, create true artificial intelligence. The trick is getting out of the hardware bottleneck.

Most computers are used with the old keyboard-mouse combination, but voice interfaces are becoming popular. Virtual reality rigs, ranging from simple headsets to full-body suits with tactile feedback, are popular although seldom for serious work.

Computer Capacity

There is a bandwidth-hunger in our nation.
Carl Bildt
A computer cannot run everything; even if memory, bandwidth and processing power are high in 2015 they are finite. They can game-wise be lumped together into a single trait, Capacity.

When checking how much a computer can run, compare the Capacity of the computer with the requirements of the program; if it is higher the program will run well in the background with other programs, if they are equal the program will take up most of the capacity and if the computer's Capacity is smaller than the program's requirements it will simply not run, or run extremely slowly and inefficiently. Of course, running a lot of smaller programs might also load down a computer; as a rule of thumb, five programs of one level is equivalent to one program on the next level.

Rough Capacities
Calculator, embedded chip Terrible
Ubicomp Poor
Personal computer Mediocre
Laptop Mediocre
Wearable Mediocre
VR player Fair (specialized for only VR applications)
Workstation Fair
Mainframe Great
Supercomputer Enhanced or more
Quite often people extend their computer capacity, of course.

Connecting several computers allows program load to be distributed, but a demanding program still requires at least one computer large enough to manage it, or being reconfigured to run on a multiprocessor system (A Computer Programming roll with a difficulty equal to the program's requirements). For example, a wearable connected to a laptop might run two Mediocre programs and ten Poor programs, but not a Fair program unless it is rewritten a bit.

Rough Requirements
Text encoding/decoding Terrible
Image processing Poor
Market transactions Poor
Remembrance agent Poor
Search agent Poor
Realtime speech encoding Mediocre
Translation Mediocre
Smarts Mediocre-Fair-Great (depending on the software)
Realtime image encryption Fair
Virtual reality Fair
Information server Poor-Superb (depending on load and storage requirements; a webserver is Poor, a exabyte multimedia database Superb)
Realtime video forgery Good-Great (depending on scene complexity)
Word processing Terrible (just editing) to Mediocre (realtime grammar checking)
Computer Games Terrible (Pac-man) -Poor (Quake) - Mediocre (Doom XI) - Fair (full VR games) - Great (multiuser VR server)
Simulation Mediocre (simple physics) - Fair (fluid dynamics)- Good (social modeling)-Superb (quantum modeling)

Human Capacity

In the information age it is seldom the computer that is the real bottleneck, the human user is the problem. Humans have trouble dealing with the speed and information barrage of modern systems, even with the help of agents and super-friendly user interfaces.

Mind determines how much attention the character can split; this can be augmented with Attention Training. As a rule of thumb, a person can use as many programs at once as she has levels in Mind minus one:

Terrible -
Poor 1
Mediocre 2
Fair 3
Good 4
Great 5
Superb 6
For example, a person with Fair Mind might have capacity to handle running a translation program, a search agent and a communication channel at the same time, but will get confused if a simulation program starts up too.

Of course, some programs are more demanding than others; the above table assumes the programs mostly passively supply information, not actively tries to draw attention.


Like all true revolutions, the Information Revolution is a revolution of power. Miniaturized technologies miniaturize institutions. In time, the microchip will destroy the nation-state. It will give small groups and even individuals the capacity to employ violence in ways that could overturn governments and destroy large organizations.
Lord William Rees-Mogg and James Dale Davidson
Computers embedded in the clothes: cool, convenient, discreet. In the InfoWar, wearables are practically the uniform of the TU since they allow direct access to the Net and various useful devices. Which of course makes them dangerous; while most people think wearable computers are a slight bit too nerdy or too much infoglut, the authorities are on the watch for suspicious people packing too much computer power.

The computer itself is usually quite small, and placed inside one of the interfaces. The most popular models in the TU use Body Area Networks (BANs) to communicate through high-frequency signals through the body which means there is no need for wires, new devices are just added to the network as they are worn (BANs are not approved for commercial versions due to fears of electromagnetic fields, but upgrades can easily be bought on the Market or among hobbyists). This also allows a secure information channel between people by holding hands.

Information is displayed using either a screen worn on the wrist (cumbersome but can be hidden beneath clothing), display glasses (more conspicuous but always present) or contact lenses (hard to get, but very unobtrusive). There is also mediated reality displays: opaque glasses with built in cameras, the image is projected on the inside after digital processing. This enables light amplification and protection, image manipulation, information overlays and riding, among other things. Some use earphones with their wearables, allowing sound signals. There are also a few tactile interfaces, which are useful for very quick responses like signaling the position of attacks from behind.

Information is entered either through a small keyboard (wrist mounted or a one-hand chord keyboard), voice, gesture (through a dataglove), gaze control or EEG signals. Keyboards are good for text entry, but are hard to hide and require at least one hand. Voice commands are popular since the mike can be hidden and they don't require any hands, but obviously people notice that you whisper to yourself. Gestures can be recognized by sewing fiber optics into the clothing; inconspicuous when not in use. Gaze control involves having an IR scanner tracking the eye; very hard to detect if the scanner is hidden in glasses. This can be used to point at certain objects or direct cameras. EEG signals are the most subtle input; sensors on the head register brainwaves, and execute commands depending on what the user thinks. The recognition is fairly crude, but with training it is possible to give certain quick commands or let the wearable take action based on mental states.

Many wearables have sensors of various kinds: cameras, sometimes with low-light, infrared or telescope capabilities. Monitors for body functions and implants are popular in the TU, as well as GPS navigation systems, laser scanners to get a good 3D model of the surroundings and various radio systems. '

Most commercial wearables communicate through the wireless nets just like cellular phones, but there are also satelite-linked wearables or radio links.

Wearable Computing FAQ

Wearable computers at MIT

"And when the Feds do come for you, make sure that your entire life is on your computer. Rip up the papers after you scan them in. Your all-electronic life cannot be penetrated - especially if you get a case of the forgets. 'Oops, I forgot my password. Oops! I forgot my encryption key. Oops! I forgot my name.'"
Phrack Magazine

C3I Systems

The TU aren't the only one's who exploit wearables and flexible networks. C3I systems (Command, Control, Communications and Intelligence) have developed quite a bit since the turn of the century. In 2015 soldiers, SWAT teams, some police forces and firefighters are equipped with C3I wearables (usually called teamware) that allows their superiors to keep track of them and what they are doing, give commands or advice and generally coordinate the situation. Teamware systems send location, images, speech, body state and weapon status to a command console (usually in a vehicle a bit away) where the information is presented to the command crew. In some systems it is also possible to share information between the team members, for example marking their positions in augmented reality to prevent friendly fire accidents.

Teamware is extremely useful in some situations, where the team can be coordinated invisibly from the command console and outside information can be fed to them (like the location of people viewed through drones, alarms etc). The impression is almost telepathic when it works as best. But it can also cause confusion, especially if the commander cannot handle the complexity of the situation. Jamming can disrupt the teamware, and if the enemy manages to get access to the system it can become a misinformation danger; hence teamware is usually strongly encrypted and built to be tamper-proof. Radio emissions are unfortunately hard to hide, and radio detectors can signal the stealthy approach of a teamware team in advance.

DARPA Smart Modules Program

Agents, Experts and Smarts

People have been trying to create intelligent programs since the '50s. But now they are getting somewhere. The software is improving in leaps and bounds; it is still quite stupid, but the trend is exponential and some people fully expect near human level AI within a few years, maybe even less.

There are three main paradigms for creating smart software ("smarts"), not necessarily incompatible but very different. One is to base it on neural networks, teaching the programs to do what they need to do by feeding them examples or having them learn online. The results are robust and flexible, but unpredictable (not unlike gardened software). Another approach is to create expert systems, able to make deductions from rules fed into them by experts on the field of interest (such as neurology or identification of weapons). Experts tend to be very narrow. The third method involves using "common sense databases", databases of everyday information that can be used by the agent to decide what is a reasonable course of action etc. What has really made this approach lift off in recent years is the accumulation of a critical mass of information on the Internet, organized by various search engines but accessible to the smarts.

It is on the net the new smart software is mostly found. Search agents can find information for the user, compiling it into a readable form. Broker agents can make deals with other agents, buying and selling goods or information. Actor software behaves in lifelike ways in the virtual realities, remembrance agents remind about relevant facts and helper agents try to help users in their home systems. Most agents make a lot of mistakes in the beginning, but can be trained to become very efficient helpers. Unfortunately most people don't bother, so relatively few use the agents to their full capacity. They can act as the extended ears, eyes, memory and hands of the user.

Smart programs tend to have problems with coming up with new solutions. It is not that they cannot produce anything new, quite the opposite (there have been plenty of art exhibitions of computer generated art), but they so far lack the ability of selecting what solutions fit reality without human help. Since most AI programs doesn't know much about the real world their solutions and answers might be utterly bizarre or unusable; they often appear to lack common sense (a classic example was the Hyundai designer program that came up with a great car but didn't include any doors -- nobody had told it humans had to get in or out of the car).

A tremendous amount of research is currently being directed towards giving the programs common sense knowledge, so that they can interact with the real world and not just their own abstract information nets. As this work progress (as well as the self-development of various learning agents) the intelligence of the software is gradually increasing month by month.

Some agents have learning abilities, slowly learning through examples and experience. Most of the simple programs just adapt to the user to make the interaction work smoothly; advanced programs add new facts to their knowledge databases and can even learn new skills. These programs should in principle be given experience points to spend over time. Even more interesting are the distributed learning systems, that rely on Net-databases where each copy of the program adds its experience; even when not using your agent it gets slightly better due to the experience of all other users.

Smart software is alien, even if this alienness is often hidden behind friendly or even humanoid user interfaces. They live in a world of information totally unlike human experience and do not share many of the basic assumptions of humans. AI programs might not have a sense of self-preservation (which billions of years of relentless evolution has hammered into human genes), or even the concept of a distinct self.

At the same time the software is developing quickly. Many inside the Concordat expect that the next technology scare will appear shortly when people start to realize just how swiftly software is getting smarter: at present the agents inside your computer are idiot savants, but what happens when they start to exhibit real thinking? Beside the usual frankensteinian fear, there is also a real danger in what runaway AI might do: what happens when the programs start to write programs better than themselves?


Rules-wise, expert systems, watchers and many agents are usually just bundles of skills with some additional programming from the user (rules like "If somebody posts about this subject, trace the sender and mail the results to me"). A search agent consists of just its Information Gathering skill, a broker agent has a Trade skill and an expert system deals with some kind of knowledge such as biochemistry or electronics.

It is easier to program Very Hard or Hard abstract skills than concrete Easy skills; the more specialized an area of knowledge is, the easier it is to encode it. This is why there are plenty of programs that can do advanced mathematical calculations but few that can analyze media.

Some programs exhibit more independence, and also possess mental attributes such as Intellect, Mind, Confidence and Charisma.

At present even the most advanced AI systems have Poor Intellect and Mind, or less. In narrow areas they can work quite well, but they usually lack the common sense knowledge that connects thinking with the real world. An agent trying to make its owner happy might erase files with contents it expects the owner to dislike; an expert system designing a program might not take the possibility of human error into account, so any mistake will crash the program unless the expert had been specifically told to make it more robust.

Confidence reflects the self-knowledge of the agent; a high Confidence means that the agent can estimate its own abilities, making it possible to determine what problems it can deal with and where it has to give up. Agents with low Confidence just act, and can easily get trapped in infinite loops or too hard problems.

The best acting software manages to achieve Mediocre Charisma. Humans are easily fooled into "forgiving" strange behavior and lapses of acting, especially when hidden behind a human-like interface, which makes it possible to make agents that work socially at least for a while. In the long run software tends to reveal its limits in conversations, but it can still be quite entertaining.

Example Software

Hugin and Munin

A popular software package for wearables and personal computers by Sinus Software. Hugin is a search agent that gathers information on the net for the user. When the user requests information about something Hugin goes off to gather pointers to it. It can also regularly look for information that interests the user, such as references to himself or activity in certain fields. Munin is a remembrance agent that discreetly brings up references to related documents while the user is working or reading something; it can remind of similar documents viewed in the past, searches made by Hugin or information in the user's database. Price: 50 IOU

Information Gathering: Fair

Mr, Mrs and Jr. Info

A common and popular set of search agents for Microsoft users; they integrate perfectly with all Microsoft software but are incompatible with everything else. They appear as icons of cute bears that can be used for search for information in one's own databases, on the net or in various Microsoft-owned encyclopedias. They can respond to simple queries such as "Who was Jack London?". Mr/Mrs (the gender can be switched by the user) is the main search agent, Jr. is a simplified variant for children that teaches how to use the software. Extremely user- friendly, but not very powerful. Price: 20 IOU

Information Gathering: Mediocre
Teaching (only Jr): Poor
Basic Education: Fair


A search agent from InfoDesign that uses a distributed database gathered by other copies of the program. As users use the agents, they collect net information into the database, gradually becoming better and better at finding information. Price: 70 IOU

Information Gathering: Fair (getting better all the time)


Oracle's bestselling information management system, mainly used in large companies and organizations. Century combines database management with information retrieval, search agents and organizer agents. The server manages almost all information in the whole organization. This makes it possible not only for the users to request information from the server and give it fairly complex orders, but also to support administration, security and monitoring. Price: 4,000 IOU

Information gathering: Good
Int, Mind: Terrible
Con: Mediocre


An advanced finance expert system from CogniSoft and Ensworth & Barnes. The system can analyse the stock market, give investment advice and monitor the portfolio of the owner. Various versions come with extensions to handle different markets, local laws and investment approaches. Price: 400 IOU

Financial Analysis: Poor
Economics: Terrible
Law: Terrible


A mathematics expert system from Wolfram Research. Gauss includes both support for mathematical work (visualization, symbolic solving, organizing formulas etc) and a "virtual mathematician" able to come up with proofs and solutions to problems. Price: 90 IOU

Mathematics: Fair (various add-on modules for specific fields can reach Good or Great)

Golem III

A learning agent by CogniSoft, able to adapt to the needs of the user. At the start it comes with some limited search abilities. However, it can be instructed to do certain tasks, and gradually learns from them. It can be combined with other software for various purposes such as solving problems or integrate programs with each other. Much less skilled than most specialized software and fairly cumbersome to instruct, but among infohackers regarded as the most promising commercial AI so far. Price: 300 IOU, Dev

Information Gathering: Terrible
Int, Mind: Poor
Confidence: Terrible


A huge knowledge database distributed across the Net, organized by the KnowNet academic consortium. The database can be freely accessed through queries from agents, and can also learn new facts as the participating research groups download them into it. Experiments are underway with self-learning databases that gather information through the Web, but so far the problems of interpreting such information and separating fact from misinformation have been too hard. Other knowledge databases exist, such as the proprietary Encyclopedia Britannica Database, the Microsoft Library or Riverstone Access; subscribers gain access to their information. The Alexandria group is developing a Concordat knowledge database. Price: KnowNet is free, commercial databases cost 5-100 IOU per month depending on subject, full Alexandria access: 10 IOU per month.


A cracking agent developed by Deus Ex Machina V2.0. It is essentially a virtual cracker, able to explore and attempt to break into a system while running on some remote computer (this way the real cracker does not need to get close to the target system; once Baal is in it sets up a pre-defined trapdoor and vanishes from the system). It has access to the usual suite of auditing programs and cracker tools, but isn't that clever in its general approach. Baal works best against easy targets like personal computers; it can even work in parallel against many computers at once. Price: rarely sold on the Market after the defection of Deus Ex Machina V2.0, but the price is usually 100 IOU or more. Illegal.

Computer Use: Mediocre
Computer Programming: Mediocre
Intellect: Terrible
Confidence: Fair


There is a big market for translation programs. Most are fairly simple and loose a lot in the translation, but advanced systems can do an impressive job with text (especially in limited areas, such as the specialized EU administrative translation systems that handle bureaucratese well). A special case is lip reading programs, that try to translate video into words. Some programs run on wearables, providing simultaneous translation and phonetic cues for speaking back; UTrans from Sentinel Software even manages optical character recognition in realtime from wearable cameras. Price: 50-2,000 IOU

Language: Mediocre to Good (specialized programs gain a positive modifier in their area)


A trade agent common in the Concordat for trade on the Market. They are used to look for good prices and set up trades for their owners, for example to look for the cheapest sales offer on feedstock from a credible group, or seek out offers from agents buying in their owner's field. They have icons looking like small furry blue monsters, an old case of Interfacer in-joking. Price: 10 IOUs from Icon Developments

Evaluation: Mediocre

Intelligence amplification software

By 'augmenting man's intellect' we mean increasing the capability of a man to approach a complex problem situation, gain comprehension to suit his particular needs, and to derive solutions to problems. ... We refer to a way of life in an integrated domain where hunches, cut-and-try, intangibles, and the human 'feel for the situation' usefully coexist with powerful concepts, streamlined terminology and notation, sophisticated methods and high-powered electronic aids.
Douglas Engelbart, 1963
There is a variety of software that amplifies the intelligence or abilities of the user. The programs are usually not smart themselves, but give support, act as extended cognition or do various tasks for the user in a way that can (when used well) practically amplify effective intelligence.

Remembrance Agents (RA)

Programs that remind the user of something similar to the current situation. Simple RAs look at what the user is currently writing or reading, and discreetly posts a list of the most similar files in the user's personal database (or other databases they are linked to). This can for example remind of past email discussions, relevant scientific papers or similar texts. More advanced agents try to figure out relevant information.


Watchers are small programs set to watch a piece of information or the time, and when something pre-determined happens (such as somebody changing it) they will perform a set action (such as notifying the user). This is useful for reminder notes ("Meeting in ten minutes!"), keeping track of important documents ("They have changed the EU rules again!") or protection ("This user tried to change the password file"). Combined with other software they can act as an extended prospective memory.

Organizers ("virtual bosses", "slavedrivers")

Time management and organization software keeping track of what needs to be done, when and by who. Simple organizers are merely software calendars, while more advanced models include project management, meeting planning and scheduling. Some advanced models try to learn the work patterns of the user, compares it to the various projects underway and tries to optimize performance by suggesting what to do.


Simulation is a powerful tool, allowing the user to examine different scenarios. There exists many different kinds of general simulators for all kinds of areas: hydrodynamics, electrical circuits, social dynamics, mechanics, nanotechnology, markets, ecology, you name it. Most are huge programs requiring a lot of computing power and expertise in the field to run. However, some TU members have found that certain simulators can be used together with other software to really enhance their abilities. One example is using a small physics simulation to calculate exactly how to do certain feats, and then using feedback/training from a tactile bodysuit to learn it. Some simulators can also act as estimators, given known data they can estimate probabilities and amounts for the user (e.g. given some information about a car they can estimate its maximum and likely speed).

Teamware, CSCW

Software to help a group act together. Includes software for virtual conferences and note-taking, tools to work on the same project online at the same time or keeping track of each other. Very common in many applications.

Decision algorithms and support

Supports rational decision-making. The user can model the situation and possible options, and the program allows him to study the consequences of them given known probabilities and effects. The program can select the best options, given certain criteria such as maximizing reward or minimizing some risks.

Perception Demons

Programs that use sensors connected to a computer to detect certain things. Most common are face recognition programs, that place virtual tags on people with their names or alerts the owner when a certain person appears (combined with access to the C-CIA database of anti-Concordat people, this can be quite useful). C-CIA also produces an anti-following demon that tries to warn for stalkers. The demon has an adjustable paranoia setting - the problem is that at high paranoia the amount of false alarms are too high, at a low setting it might miss a good stalker.


A personality simulator or surrogate; imitates the normal actions and speech of a person. Mainly used in virtuals or as jokes, but sometimes useful for simple tasks, as a (bad) secretary or to run in a virtual mock-up fed into surveillance systems. One interesting application is to simulate a person in order to predict his actions.

Expert systems

An expert system is a program that can answer questions in a limited area, such as identifying tropical diseases, estimating market risks or design turbines.


Scientists created life
a long time ago
Ain't made made of flesh'n blood
Conway made it so

Creatures they are living there
Speaker'n screen gets them here
They're not alive we hope and pray
But what is life? Is all they say
Max M, Cyberworld
The gardeners are a special breed of programmers - half theoretical biologist, half computer scientist. Using evolutionary algorithms they breed new programs, programs designed by evolution rather than human planning. The benefit is that these programs sometimes are able to solve problems that are unclearly stated or very hard to figure out a solution to. They also tend to become flexible and resilient to damage, almost like living beings. The downside is that the programs are utterly incomprehensible and often somewhat inefficient, but quite often it is worth it. They are also limited to what can be expressed using fitness criteria, making them useful for things like robot controllers (fitness is defined as the ability to move around safely), information search programs (finding useful information) and computer viruses (infiltrating new systems without being discovered), but not things like word processors or simulators.

In practice it is as much an art as a science of breeding programs, and the gardeners keep many of their tricks to themselves. The main problem isn't making the computer (usually called a "petri dish"; gardeners are as fond of massively parallel computers as the nanohackers) breed new programs, but to test them to make sure the most fit survive and become the parents of the next generation. Everything hinges on designing the right fitness criteria to make the programs evolve towards to something useful instead of just digital garbage. The gardeners love to debate tournament strategies, the benefits and drawbacks of spatiality, the Dunbar-Koza code, co-evolution and ecological trapdoors - the tricks that can make a difference between a brittle program that only works in the lab and something that can thrive in the real world.

One interesting form of gardening is jungle gardening: allowing programs to evolve on their own, without trying to guide them into a certain direction. The gardeners set up a "jungle", a virtual universe with suitable rules, and let programs compete and evolve inside it. The result is an ecosystem of programs adapted to their world. The gardener then tries to discover useful tricks or abilities that have emerged, just as scientists in the past tried to discover uses for new animals and plants. Sometimes it is possible to find new and completely unexpected possibilities, such as kinine or the Buckry jumper (an efficient way of network process migration, the original success of Hang Ten Pro), but it is time- and intelligence-consuming work.

Many argue that while gardening is often quite useful, it is too dangerous to do for programs able to live freely on the net. There has already been some incidents, and it is known that there is at least one evolution-designed computer virus. The gardeners usually keep their petri dishes isolated and running the programs in virtual machines, preventing them from surviving outside until they are deliberately converted, but many still worry about the potential danger. But the TU needs the programs and their flexibility, and is usually willing to take the risks.

The Hitch-Hiker's Guide to Evolutionary Computation (FAQ for


The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn't stake my life on it.
Cracking a computer system does not as much depend on hacking skills as research, patience and creativity. A lot of people believe cracking systems is just sitting down in front of the computer, making some magic keystrokes and then the cracker has instant access to everything. Another idea, spread by popular virtuals, suggest that it involves futuristic dogfights in virtual reality against sentry programs and ice software. The truth is that it is more like sifting through the rules of a big bureaucracy looking for loopholes. Still, the fictions serve to provide the cracker mystique, and distracts many users from taking the easy steps to make their own accounts safe - no matter how paranoid and efficient the Sysop is, if the executives chose easily guessed passwords or accidentally leave their terminals open and unattended during long lunch breaks the system is insecure.

Cracking isn't magic. It cannot get into a system that is off-line (unless somebody obliges the cracker by carrying software into it or connecting it to some communications channel). While the cracker might be able to get into a system he or she cannot immediately make sense of what is in it (not to mention the problems if the system is in a foreign language). By getting access the cracker can get the system to do all sorts of nifty things like listening through computer microphones, looking from workstation webcams, access files and programs and control connected equipment, but in a modern building there is a lot that is not connected to the computer system (like the security system, elevators or locks). And of course, a cracker cannot easily get into a computer that uses an unknown operating system or command language; being nonstandard is sometimes an advantage but don't rely on it.

Catapults and grappling hooks: The tools and techniques of information warfare

Getting into a system usually have three phases: investigating the system, gaining a toe-hold inside, and gaining total access.


The first step is to learn about the system, who owns it, what the Sysop is like and likely ways in. A lot of information can be gained simply by doing a quick lookup on the organizational structure and activities (is it centralized or decentralized? does it seem to rely on agent programs? are there departments where the security may be especially weak or strong?). Information can also be gained on the net through simple scanning programs to estimate the size and structure of subnetworks, firewalls, operating systems and services available.

Even more information can be gained from the cracker grapewine (at least in the case of larger, more well known systems), including who the Sysop is, the security measures and if somebody has managed to get into the system earlier. More direct approaches involve the use of scanning or security testing software that automatically look for many common security weaknesses, and physical examination by checking out the offices of the organization owning the system (looking at the garbage, post it notes at workplaces and bureaucratic procedures can give a lot away).

During the investigation phase, it is important to avoid drawing attention to one's activities. Some systems automatically detect the use of scanning programs and alert the Sysop (who may or may not react), and investigating offices can of course lead to getting caught on surveillance cameras or by security guards. If the Sysop or security department notices somebody is checking out the system they will tighten security measures.

If the investigation succeeds, the cracker will know enough about the system and its weaknesses to plan a way to get into it.

Gaining a toe-hold

The first step is to get at least some access, so that the cracker can work on the system from inside.

Sometimes this is as easy as to exploit a well-known but unfixed security weakness - a lot of people who are not experts simply don't know or care enough to block them. A chilling number of people never get around to change their original main password. This is especially bad among personal computers at home (and if they are linked to corporate networks - bingo!) and when system management is run by management rather than computer people.

In many cases it is possible to make likely guesses of passwords based on personnel information (personal webpages give a lot away!). In organizations forcing the users to use strong passwords (with lots of keystrokes and unusual characters) it is far too common for some people to write them down. If the post-it tags can be found everything is easy. It is also possible to monitor the typing through a window or in extreme cases by a gnatbot (a classic Brinist trick).

It is also quite possible to trick people into revealing passwords, lending keycards or even helping out with getting into the system by the use of "social engineering": appearing like a legit computer maintenance firm doing some testing ("Excuse me sir, could you just type this in and read me what the computer says? We need to see that the firewall code is active now."), a rushed courier needing to deliver an important package ("But I need to have Mr Reitzman's personal signature!"), a lost trainee or anything else. It takes a certain skill of acting, chutzpah and subterfuge, but is extremely powerful.

Another way of getting into the system is through trojan programs that the unknowing user runs that actually leak information. They range from public domain games copied from friends to apparently official software (where the shrink-wrapped package has been invisibly opened, the software subtly changed, and then everything re-closed and put into the next shipment to the organization). One way is to insert viruses that spread from certain programs to other, or new orders for agent programs. There are monitoring systems against this, but they are often unreliable and produce false alarms, which means that more insecure systems often have them turned off or running out-of-date checks.

Bugging of the building, wiretaps or even TEMPEST monitoring of hardware is possible, but requires some security hardware and often the ability to be in the vicinity. This is in the high end of the spectrum of cracking, available mainly to well-equipped agencies.

The ultimate access is to physically crack the hardware, possibly replacing components with bugs, tampering with electronic checks or running brute force cracking software on off-line equipment. Crude but impossible to beat.

A good security policy with users following it can make this phase extremely hard. Fortunately for the cracker few follow it perfectly; the reasonable measures taken by the Sysop is felt like ridiculous rules-mongering by the users, and they will chafe under the demands and often find their own ways of getting back, opening new security holes.

Becoming root

The final step after gaining a toe-hold is to increase the access privileges of the account the cracker has got into (preferably to the highest level), create a new, secret account for the cracker and hide the traces. This is important unless the cracker just wants to read the employee bulletin board or play around with J. Random Luser's account, and have the Sysop discover the intrusion after a while.

Gaining access takes more work, but is helped by the inside access. Often it can be done using methods similar to the ones used for gaining a toe-hold. At the same time it is fairly precarious, the cracker cannot protect his access against the Sysop. Once root access has been reached, the odds are even. The one holding physical access to the hardware has the final trump, but good crackers do their outmost to leave everything looking normal and unchanged - it is better to have a safe trapdoor than to risk all the work in an overt conflict.

There are monitoring programs keeping track of user activities inside some systems, intended to not just check for intrusion but also frivolous or non-authorized use (some organizations are far more paranoid about their employees than outsiders). During the ascent to root status they are a new danger (beside observation by users or Sysop), and often the climb has to be done very carefully or using accounts that don't arouse suspicion when they use nonstandard software or activate error signals.

Finally, everything becomes many orders of magnitude easier if the cracker has the help of an insider. The insider can supply accurate information, security procedures, passwords, often physical access. The price for this help may vary tremendously.

Cracking Equipment

Most cracking programs are one-of-a-kind, written by the crackers themselves and too specific to be usable elsewhere. The software that can be found on the net is usually legit security software that can be used to both strengthen and crack security, as well as some standardized software snippets that tend to recur.

Network auditing toolkits

Software toolkits that try to locate and report network security vulnerabilities. Typically, they scan a range of addresses and report available information on the systems and their properties. They are quite good at finding the easy vulnerabilities a sensible Sysop should have plugged. A classic example of a NAT is the SATAN series of programs, now long since obsolete but replaced with modern programs like Lucifer V3.2, NiTi, Elastica and SINAT.

Some systems have programs running that detect scans by NATs and report them.

Host-based static auditing tools

These tools are intended to be run by Sysop-s to check the security of their systems from the inside, but of course provide a lot of good information to a cracker who has a toe-hold. They discover permission problems in files, bad passwords, agents with too free agendas, use of restricted programs (like the tools themselves), various standard security leaks and signs of past intrusions. Examples involve Nokia Anomaly Detector, RONAT, Panopticon, DrSrg and others.


A program that monitors and logs network data. If the cracker has access to the intranet it becomes much easier to listen in and perhaps even snatch name - password pairs if the network is not encrypted. Even on the outside of the intranet sniffers can be useful, when people connect to it or when looking at what net resources people access. The currently most common on-net sniffer is FifthColumn, written by some unknown Chinese hacker.


Snooper programs are essentially taps into user terminals, allowing the owner to see what is written on the keyboard, displayed on the screen or stored in memory. They have to be installed somehow (through a trojan horse program, hacking from the inside of the system or by physical access), but can provide invaluable information.

Hiring crackers

Despite the popular image, the best crackers are not loners living in messy rooms strewn with circuit cards, moldy pizza-cartons and incomprehensible manuals, but well-trained security teams exploiting all available technology to get access. Some of them are legit security firms acting as "tiger teams" to check system security, others are run by government agencies (industrial espionage is having a renaissance as never before) or semi-legal independent contractors ("digital mercenaries").

Intrusion teams are expensive (if they can be hired), and most will carefully check out offers. They have no interest in risking their necks, even if they usually have quite clever lawyers exploiting all the complex legal loopholes of the computer world.

The lone crackers living for their art, are a rare breed and usually rather erratic. On the other hand, they are much more willing to take risks and attack systems for free, but usually only if there is a good challenge involved. This makes them somewhat tricky to use for practical matters such as getting a certain file, unless they can be bribed with something they truly desire (like very advanced hardware, information about the really high-status systems or a chance to boost their egos).

For the system of cracking, see the Research & Development section.


The computer programmer is a creator of universes for which he alone is responsible. Universes of virtually unlimited complexity can be created in the form of computer programs.
Joseph Weizenbaum
Virtual reality became a true mass market product in 2003 when Nintendo began to market its new headset together with a huge online interactive world, CaLand. Combining consumer VR through headsets and clip-on body trackers with network games was a great success, and quickly gained many imitators. In 2005 virtual reality games out-sold traditional games, and VR headsets were in common use. In 2015 the virtual industry has become a major part of the entertainment world, some of the master designers or virtual actors are superstars and VR companies earn billions. It can be used for other things like teleconferencing and visualization, but entertainment is the main use of VR.

Asia is the major market for virtuals. The virtual developers of Beijing, Xi'an and Taipei pour out virtuals running in huge central mainframes or distributed over the net, with themes from sugary Japanese fairy tales over interactive soap operas to surreal sex-death-apocalypse nightmares. Some virtuals are singlepoint (the user experiences the world as if he or she was the only outside person there), but most are multipoint. Some allow small groups or teams to interact, some are able to handle tens of thousands of subscribers at once. The nationalist soap epic "Land of the Grand Dragon" involved at its height over 300,000 simultaneous users distributed over 18 local mainframes linked by a high bandwidth net; in China the virtual corporations are one of the most profitable parts of the economy.

Virtuals are less popular in Europe and America, but still fairly common as cheap entertainment. Most virtuals have to adhere to some standard codes of sex and violence, but since it is trivial to access a virtual running in Thailand or on Haiti (if you can stand a slight lag) this is not much of a barrier for those seeking thrills.

The standard headset is quite cheap and involves a visor and headphones. To this movement sensors are clipped onto the clothes or sewn into them (for higher resolution). More high-quality equipment for professional users or fanatics involve ergonomic datagloves with touch feedback, lightweight projection systems or camera tracking of movements. There are also special full-body harnesses for the die-hards that want 100% contact.

Tracking On the Net

One - You lock the target
Two - You bait the line
Three - You slowly spread the net
And four - You catch the man
Front 242, Headhunter V 3 0
Tracing down who sent a certain message on the net can be tricky. Headers can be forged, but once sent through the net a mail will be marked with what servers it has passed through, making a backwards tracing possible. However, this can be circumvented by either sending through some anonymization server (which removes all references to the originator or previous path) or from an anonymous account such as a public Internet terminal. Similarly, net packets can be sent through routes through special servers that make them hard to trace online (they seem to be originating, if somebody managed to "triangulate" them, from a server in north America, but in reality they are sent from Beijing and "bounced" through a server back to Shanghai). Of course, all these tricks will slow down transfer a lot.

However, it is possible to do devious things to track people through the net. The most common is receipt packets: a net packet is sent to the person to be tracked, containing a request for automatic reception confirmation; the destination system will send back a receipt of receiving it to the sender, who now knows where it went. This can of course be prevented by instructing one's computer to not send back receipts. But there are also trojan messages, messages that contain hidden instructions that cause the user to send out information that can be used for tracking. This works quite well against unwary users, but more experienced or paranoid people disable "active" messages that can do things like this. Even more subtle means involve sending messages that suggests actions (like looking at a certain web page) that can be used to track - the user who want to remain 100% anonymous better use re-routing software for all communications, to make even the most trivial web request untraceable.