Ask HN: Mental Health for Hackers?

24 点作者 WallyFunk大约 3 年前

We live in interesting times as hackers. The Internet has empowered us like never before and everything these days is unprecedented and very powerful if used correctly and wielded correctly. `With great power comes great responsibility`.But I've been thinking lately, with everything so polarized, and all the different factions warring against each other, and the organized chaos we live in, and the caffeinated hyper connected world we live in: it can wear us down if you don't disengage from it often, or try and tame our information diet we are all accustomed to.Every day I chow down on so much documentation, security vulns, looking at code looking for defects (and there are plenty of defects to find!) and I realized everything is broken in some way. Hacking or more precisely infosec for me is the art of exploitation. `How can I use this to my advantage?`.But at any given moment I could go full blackhat and pull off serious damage if I wanted to, but I'm an ethical hacker, so although the temptation is there, I don't proceed further and either 1) report it or 2) sell my exploit legitimately to an 0day broker 3) write a huge blogpost embarrassing the vendors(s) when option 1 or 2 doesn't work.But all this is disheartening. Roughly ~90% of what I do is hobbyist projects I work on in my free time, and the rest is bug fixing, patching, reporting, etc It's the extra 10% of 'brokenness' that pisses me off. We like to think we can have nice things, but infosec is a dumpster fire, a raging mess we find ourselves in because people are getting away with it (look at the ransomware scene now, it's booming).All this takes a toll on mental health. I could choose to ignore it, but there it is, the elephant in the room. People, companies, vendors, core infrastructure like hospitals, fuel pipelines; all getting pwned left right and center. And that's just ransomware. Cybercrime in general increases exponentially each year and it's getting worse. I try to help, writing tutorials on how to do defense in depth, zero trust manuals, best practice tutorials etc but it's still getting worse.Are there any tips on good self-care tactics I can use to disengage from all this and not think about it too hard? Any mental health 'hacks' to approach a broken world? Ways to approach the rising amount of cybercrime news and shit-storms I encounter everyday?

11 条评论

dogman144大约 3 年前

Two things have worked for me:- rationalizing leads to increased personal agency: you now know enough about a topic to know how things actually work, vs. how the abstraction talks about it working. You've jumped over the abstraction wall, and that's a good thing - you're playing with the real deck of cards now. Would you rather be blissfully unaware and have your world ended by one of these security events, or be aware and take meaningful risk controls to protect yourself and your relevant loved ones. I will say with technical knowledge I have, buying older, less connected cars and doing a little bit of emergency prepping suddenly doesn't seem at all insane. Pre-UKR war, I pulled out cash from ATMs in the event NotPetya 2.0 was unleashed. It sounds nuts except for the fact that NotPetya shut down Maersk and iirc FedEx.- align incentives: tech is a business. tech is a business. tech is a business. in the most cyncical but still accurate evaluation, it is run by MBAs/Lawyers/product owners/ex-founders who joined the dark side and leverage idealistic "for the love of the tech" types like yourself to build great products... which is not always great tech. find places to work at that have the maximum incentive to take security seriously, and the security profession suddenly will suck less. parts of government, cryptocurrency exchanges, ICS firms like Dragos, places like that.

ravenstine大约 3 年前

I'm not sure I have any tips, but I can absolutely relate. Maybe I will think of something as the White Claw I'm having on my cross-country flight kicks in.It is nice to know I'm not the only one who is driven crazy by the onslaught of bad practices that result in both vulnerabilities and bad user experience overall. Some seem totally blind to it or accept it as is. Even if you find flaws, businesses are little interested in keeping them from frequently popping up. There's too much money flowing for anyone to care. It reminds me of the old days of Wall Street in a way.My only bit of advice would be to consider how much you are willing to tolerate on the job and to otherwise disengage from worthless brain input in all areas of life. There's a certain amount you will never change, so you might as well be happy in the process. Now that you are aware of how broken things are, don't invite those broken things into your life. Only pay peripheral attention to the news. When it's appropriate, inform people of how bad the situation is, but set it aside when their eyes inevitably glaze over. Accept that you've done your part and that you deserve better than pessimism and depression. Realize that despite the worst things about tech, the world will move on and you'll always have enjoyment and serenity absent tech or even employment.

hnthrowaway0315大约 3 年前

Not a hacker, not even a good programmer, but I can relate from another perspective.I have been working as a BI developer->Data Engineer for a few medium size modern corporations. Modern in the sense of FAANG-like. Each company gives me the feeling that the data infrastructure is siloed and unhealthy.When business grows, different business units drill deeper into the data domain. Each business unit quickly develops its own shadow ETL which works to certain extend but without proper structure or any data governance. Once business grows to certain size, it is mandatory for business leaders to realize that such siloed and unprofessional data practices should stop and data requirements should be consolidated to a central data team that consists of data engineers and maybe a couple of BA or a PM who mediates the engineers and the business stakeholders.Sadly in none of the corporations I worked for I found this transformation happened. Some prefer to keep data siloed and people are getting used to it. Some tried to transform to a central data team but it failed to maintain expectation of all business stakeholders so each business unit keeps its data unit around, for convenience. These situations create more headcounts, more costs, more bad practices and more frustration.

Mountain_Skies大约 3 年前

Security cannot be perfect and it's unfortunately that there's often an expectation for it to be. Even if perfect security cannot be achieved, there is value in creating obstacles. Sometimes the obstacles might not be enough and an attack ends up inflicting damage. Sometimes they'll reduce the damage, sometimes they'll give you time to erect better protections or move the protected assets. Have realistic expectations for what is possible and expect that sometimes others will not recognize this value.You are not an island. You cannot make perfect walls on your own. Others will sometimes falter. You will sometimes falter. Some attacks will be successful. Sometimes you will get undeserved blame. Understand the reality of all of this and decide if you can handle that or not. You can't change the behavior of the entire world but you can help keep at least one corner of it safer than it would be without your efforts.Much of this might sound like platitudes but for your mental health, realize that even if you're only having a small positive impact, it's still just that, a positive impact. If that's not enough, then perhaps there are other areas that are better suited to your gifts and needs.

lnwlebjel大约 3 年前

> `How can I use this to my advantage?`Align your skills/hobby interests with the work you get paid to do. These are very valuable skills that you have. Perhaps disconnect from the info-shit storm for a while, but look for work with a company you believe in (or start one). I think it would be way more lucrative in the long run than going full black hat.Try to get to a place with a small group of people who you enjoy working with, and you want to impress or learn from, or both. If they are good, they'll help you stay on the white-hat side of things, and you'll find it all much more enjoyable. In the right company, you could find this.I imagine it would be gratifying work as well, to fix some of the brokenness - it seems you know this already, and finding likeminded people would help you feel like you're making a difference.Best of luck.

sinac大约 3 年前

People who truly care are few and far between in the grand scheme of things. You care and that is something wonderful. Don’t lose that. You seem to be one of the good ones.Seems like part of the challenge you face is that you have a ‘values’ conflict with how the majority of the world operates. You call it the 10% brokenness which may translate to a value of competence or responsibility or something else, but it’s worth figuring it out. You want to figure it out because knowing this will help you reflect on each work day and answer the questions of: ‘did I live a day in accordance with my value’ ‘did I do things that contributed to strengthening that value’ ‘did I increase the impact of this value on the world around me’.If you feel bad about the broken world it helps to be very cognizant daily about what is in your circle of control and what isn’t. Most grand frustration comes from trying to control something that is outside of our circle of control today. If you combine these two things, you may find a life’s calling where you try to over time increase what is in your circle of control related to correcting this 10% brokenness.Three things to remember:1) You are not alone in this feeling. Others of us see it too. 2) Your frustration is actually the physical manifestation of a call to action…you just need a different action. Right now it seems like the action is thinking more about this which isn’t a helpful loop for you. How can you channel this? 3) Focus on the current situation, not the long dark decline of all the things. Thinking too far out can psyche put any human. A huge part of what they call perseverance is actually presenceAdditional tactical things that help:1) Find collaborators and employers who share this value you have. Having that is huge for daily well being. Find people that believe what you believe and are willing to work toward that2) Read Rest by Alex Pang and implement the active rests he describes to get your mind to switch off of this values conflict. Ironically, it will make you better at your craft.

moviewise大约 3 年前

For mental health self-care, I sincerely recommend watching uplifting comedies and immersing yourself in laughter (movie therapy):<a href="https://moviewise.substack.com/p/the-meaning-of-life" rel="nofollow">https://moviewise.substack.com/p/the-meaning-of-life</a>

high_byte大约 3 年前

does selling 0days make you focus on these issues more frequently? legitimately in the legal sense but perhaps it bothers you morally? that it's contributing the exact things that bother you, such as ransomware.I did infosec for years and felt similarly, knowing infosec I avoided using social media and even cloud services and such. to the point it's beyond bothersome. finally I let go of infosec and went to do other things, but that's just me because I wanted to build something rather than break.

paulcole大约 3 年前

You’re a person not a hacker. Go see a therapist.

r0b05大约 3 年前

Would a digital therapist (AI chatbot) be useful for anyone feeling the same?

oraoraoraoraora大约 3 年前

As for the brokeness, have you tried bug bounty programs?