Museum Wire
Law 0 · Katie's LawEvery system is shaped by the human drive to do less work. This is not a flaw. It is the economic force that produces all software — and all software failure.Law I · Boundary CollapseWhen data crosses into a system that interprets structure, without being constrained, it becomes executable.2026 IncidentAxios. 70 Million Downloads a Week. North Korea Inside.Law II · Ambient AuthorityWhen a system trusts the presence of a credential instead of verifying the intent behind it, authentication becomes indistinguishable from authorization.AXM-001Set Theory — Membership, Boundaries, and BelongingLaw III · Transitive TrustWhen a system inherits trust from a source it did not verify, the attack surface extends to everything that source touches.2026 IncidentClaude Code — The Accept-Data-Loss FlagLaw IV · Complexity AccretionSystems do not become complex. They accumulate complexity — one reasonable decision at a time — until no single person can hold the whole in their head.Law V · Temporal CouplingCode that assumes sequential execution, stable state, or consistent timing will fail the moment concurrency, scale, or latency proves the assumption wrong.2026 IncidentCopy Fail — 732 Bytes to Root on Every Linux DistributionAXM-002Boolean & Propositional Logic — True, False, and the Excluded MiddleLaw VI · Observer InterferenceWhen the system that monitors health becomes a participant in the system it monitors, observation becomes a failure vector.2025Amazon Kiro — The 13-Hour Outage2025Operation Chrysalis: The Notepad++ Supply Chain Hijack2025Replit Agent — The Vibe Code Wipe2025Shai-Hulud — The npm Worm That Ate Its Own Ecosystem2024Air Canada Chatbot — The Policy That Wasn't2024Change Healthcare — One-Third of US Healthcare, One Missing MFA2024CrowdStrike — The Security Update That Broke the World2024Google Gemini Image Generation — The Six-Day Pause2024XZ Utils — The Two-Year Infiltration20233CX — The Supply Chain That Ate Another Supply Chain2023Amazon Prime Video — The Per-Frame State Machine2023Bing Sydney — The Chatbot That Went Rogue2023Samsung ChatGPT Leak — The Employee Who Pasted the SecretEFFODE · LEGE · INTELLEGELaw 0 · Katie's LawEvery system is shaped by the human drive to do less work. This is not a flaw. It is the economic force that produces all software — and all software failure.Law I · Boundary CollapseWhen data crosses into a system that interprets structure, without being constrained, it becomes executable.2026 IncidentAxios. 70 Million Downloads a Week. North Korea Inside.Law II · Ambient AuthorityWhen a system trusts the presence of a credential instead of verifying the intent behind it, authentication becomes indistinguishable from authorization.AXM-001Set Theory — Membership, Boundaries, and BelongingLaw III · Transitive TrustWhen a system inherits trust from a source it did not verify, the attack surface extends to everything that source touches.2026 IncidentClaude Code — The Accept-Data-Loss FlagLaw IV · Complexity AccretionSystems do not become complex. They accumulate complexity — one reasonable decision at a time — until no single person can hold the whole in their head.Law V · Temporal CouplingCode that assumes sequential execution, stable state, or consistent timing will fail the moment concurrency, scale, or latency proves the assumption wrong.2026 IncidentCopy Fail — 732 Bytes to Root on Every Linux DistributionAXM-002Boolean & Propositional Logic — True, False, and the Excluded MiddleLaw VI · Observer InterferenceWhen the system that monitors health becomes a participant in the system it monitors, observation becomes a failure vector.2025Amazon Kiro — The 13-Hour Outage2025Operation Chrysalis: The Notepad++ Supply Chain Hijack2025Replit Agent — The Vibe Code Wipe2025Shai-Hulud — The npm Worm That Ate Its Own Ecosystem2024Air Canada Chatbot — The Policy That Wasn't2024Change Healthcare — One-Third of US Healthcare, One Missing MFA2024CrowdStrike — The Security Update That Broke the World2024Google Gemini Image Generation — The Six-Day Pause2024XZ Utils — The Two-Year Infiltration20233CX — The Supply Chain That Ate Another Supply Chain2023Amazon Prime Video — The Per-Frame State Machine2023Bing Sydney — The Chatbot That Went Rogue2023Samsung ChatGPT Leak — The Employee Who Pasted the SecretEFFODE · LEGE · INTELLEGE
Keyboard Navigation
W
A
S
D
or arrow keys · M for map · Q to exit
← Back to Hall of Heroes
George Hotz pixel portrait
◆ Breaker⬢ Builderfame

George Hotz

@geohot

The Breaker Who Builds

2000s–present · 4 min read
I want to mass produce the ability to mass produce.

The Story

In 2007, a seventeen-year-old from New Jersey took apart a brand-new iPhone and carrier-unlocked it — making it work on T-Mobile instead of the exclusive AT&T network. He did it with a soldering iron, a guitar pick, a screwdriver, and a lot of patience. The video went viral. His name was George Hotz, and the tech world had a new folk hero.

Three years later, he did something that made a billion-dollar corporation take legal action. Hotz jailbroke the PlayStation 3, publishing the console's root signing keys online and restoring the ability to run homebrew software — a capability Sony had quietly removed in a firmware update. Sony sued him under the Computer Fraud and Abuse Act. The Electronic Frontier Foundation stepped in to defend him. The case became a landmark moment in the right-to-repair and security research movements: does a corporation's desire to control its platform override an owner's right to modify hardware they purchased?

The case settled out of court in 2011. Hotz agreed not to hack Sony products. But the principle he'd demonstrated — that locked-down consumer hardware is not, in fact, unbreakable — had already changed the conversation. The jailbreaking community that followed in his wake forced Apple, Sony, and Microsoft to take security far more seriously. Every locked bootloader, every secure enclave, every hardware root of trust in modern consumer devices exists in part because Hotz and researchers like him proved that software-only protections weren't enough.

Then Hotz pivoted from breaking to building.

In 2015, he founded comma.ai with a thesis that seemed absurd: you could build a self-driving car system for a fraction of what Google, Waymo, and Uber were spending. No lidar. No billion-dollar sensor suites. Just cameras, machine learning, and a $1,000 device that plugs into your car's OBD-II port. The system — openpilot — is open source. As of the mid-2020s, it supports over 300 car models and has millions of miles of driving data. It's not Level 5 autonomy. It's a practical, incremental, ship-it-and-improve-it approach to a problem that Big Tech treated as a moonshot.

Then came tinygrad. In a world where PyTorch and TensorFlow are sprawling codebases with millions of lines of code, Hotz built a deep learning framework that fits in a few thousand lines. Tinygrad isn't a toy — it runs real models, supports real hardware accelerators, and competes on performance. It exists to prove that the complexity of mainstream ML frameworks is a choice, not a necessity.

Why They're in the Hall

Hotz earns the Breaker and Builder designations because his career is the living embodiment of TechnicalDepth's core thesis: the path from understanding how systems fail to building better systems.

The Breaker arc is textbook. The iPhone unlock demonstrated that carrier locks are a business arrangement, not a technical barrier. The PS3 jailbreak demonstrated that platform security built on secrecy — hiding keys rather than building robust cryptographic systems — will eventually fail. These aren't acts of vandalism. They're audits. Hotz found the seams, pulled them apart, and showed everyone what was underneath.

This connects directly to Ken Thompson's "Reflections on Trusting Trust." Thompson proved theoretically that you can't trust systems you didn't build from the ground up. Hotz proved it practically, repeatedly, on hardware that billions of people carried in their pockets or kept under their televisions. If you can't verify what your firmware does, you don't own your device — your device's manufacturer does.

The Builder arc is what makes Hotz more than a hacker. Comma.ai took the lessons of breaking — understand the system deeply, find where the complexity is unnecessary, strip it to essentials — and applied them to construction. Self-driving doesn't require a billion dollars. ML frameworks don't require a million lines of code. These are engineering claims, backed by working software.

Tinygrad, in particular, resonates with TechnicalDepth's complexity domain. When a framework that does the same job in 5,000 lines that another does in 5,000,000, the question isn't "how is the small one so clever?" The question is "why is the large one so large?" That question — why is this system more complex than it needs to be — is one that TechnicalDepth asks about every exhibit in the museum.

Hotz's career says: break it to understand it, then build something better. That's not just a hacker ethos. It's an engineering methodology.