top of page

Not a Hacker!

#TIL that Kali Linux ( was not named after the Hindu goddess Kali. This was actually a great disappointment to me, as I had always assumed it was named by a “1337 h4x0r” ( as a metaphor for hacking.

The Wikipedia article claims that the name Kali is derived from “Kernel Auditing Linux”, rather than from the name of the Hindu goddess, but the links provided do not appear to support this assertion, and I did not find any source that does. The “best” source I found was straight from the horse’s mouth (ie, from the Kali website:, and simply says:

Kali Linux - what’s in a name?
Hindu Goddess of time and change? Philippine martial art? Cool word in Swahili? None of the above. “Kali” is simply the name we came up with for our new distribution. Why change the name in the first place? With all these significant changes in our distribution, we felt that we needed to convey this in the project name. “BackTrack 6” didn’t do justice to our efforts in the past year, and wouldn’t convey our new message to our users. What’s the new message? We’ll let you find out for yourself.

Now, that doesn’t say the name did NOT ultimately come from “Kernel Auditing Linux”, but the Wikipedia article did not provide what I would consider sufficient evidence for the assertion, so I will discount it unless I can provide additional evidence.

This is just another illustration of the need to check sources and dig at least a little into any “fact” being presented to you, particularly in an age where “research” often appears to be defined as “I searched online and found a random post making a claim”. It’s very important to dig into sources – obviously, you can’t check everything, but it’s always useful (and interesting) to dig at least a little.

Wikipedia is a good example. I love it, and use it quite a lot, but you need to be careful. Overall, it’s quite good (so long as you are careful) for non-controversial topics, and there are a lot of dedicated people contributing their time, effort, and expertise to maintaining and improving the platform. That said, you need to be careful to check references, particularly for things which seem plausible, or which “everyone knows”, as they are exactly the sorts of things that can slip by without sufficient evidence.

As an example, take the phrase I used above: “straight from the horse’s mouth”. Wiktionary ( defines it as an idiomatic term meaning “from the source”, and provides a reference ( which describes the term, refers to it being used in June 1896, and defines it. This is probably enough research for a term like this, but I dug a bit deeper, to try and learn a bit about the origin of the term... and of course it gets (a bit) more complicated.

Checking another source (, I found several suggested origins for the phrase (though the meaning appears stable enough – no pun intended). Most of the notes refer to the practice of examining a horse’s teeth to estimate it’s age, and seem to date the phrase to the 1920’s or 1930’s. Interesting, but it seemed a bit odd that the references were all later than the one identified by Wiktionary.

I dug a bit more, and found another site (, which referred to a horse-racing quote from 1861 and suggests that the origin is that the horse is the best possible source of information about the horse. This source is skeptical about the other suggested origin, since the age of a horse might be relevant to horse buying, but anyone betting on horse races would already know the horse’s age.

Depending on the importance/relevance of the point, the available time and other factors, the next step would be to try and locate the original sources (assuming they are available online). In this case, there is no need, but it is useful to note that the age of a source is relevant, since you can have multiple “sources” which all take their information from a single, earlier source.

If, however, you are dealing with something controversial, you need to be vastly more careful, as you will need to deal with deliberate deception in addition to simple mistakes, laziness, or lack of time to research thoroughly. The more controversial the topic, the worse it can be. Wikipedia certainly tries very hard, but it is still vital to be careful, and check into any sources quoted – some are quite good, while others... well, not so much. (For some interesting insight, look into the edit histories on Wikipedia – a lot of fascinating rabbit-holes there...)

At any rate, I was talking about Kali Linux, whatever the actual source of the name was. For users of Windows or Mac, any discussion of Linux distributions (often referred to as “distros”) may seem odd. I have previously mentioned Linux (, but haven’t really commented much about the complexity of the Linux ecosystem. While this may be a topic for future comment, suffice it to say that there are a number of distinct operating systems based on Linux (, and there is a great diagram ( which gives a bit of a feel for how complex things can get.

Kali Linux ( was designed mainly as a “penetration testing” distribution, which means that it includes as standard many tools and features which are useful for penetration testers. Both the name of the project and the “Base OS” (ie, the Operating System platform on which the project is built) has changed over the years. According to the Kali Linux website (, the first version was known as “Whoppix” (“WhiteHat Knoppix”), after the OS (Operating System) on which it was based. Then, in 2004, it was renamed “BackTrack” and migrated to Slackware Live as the Base OS, then renamed again to Kali Linux in 2013, after shifting to Debian as the Base OS.

All of this means that the platform is actively maintained, stable, and optimized for penetration testers (ie, for security practitioners who focus on identifying system vulnerabilities so they can be addressed). And, while not originally intended to be the “standard” OS for day to day work, it is quite capable of being used in that capacity, and a number of people do so. For my own part, I plan to run it from a VM (Virtual Machine) and use it to learn a bit more about penetration testing.

I think it would have been better if it had actually been named after the Hindu goddess, but with a nod to Hugh Laurie and the great philosopher Jagger (, you can’t always get what you want.



bottom of page