Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Book Review: Liars and Outliers

samzenpus posted more than 2 years ago | from the read-all-about-it dept.

Book Reviews 68

First time accepted submitter benrothke writes "It is said that the song Wipe Out launched a generation of drummers. In the world of information security, the classic Applied Cryptography: Protocols, Algorithms, and Source Code in C by Bruce Schneier may have been the book that launched a generation of new cryptographers. Schneier's latest work of art is Liars and Outliers: Enabling the Trust that Society Needs to Thrive. For those that are looking for a follow-up to Applied Cryptography, this it is not. In fact, it is hard to classify this as an information security title and in fact the book is marked for the current affairs/sociology section. Whatever section this book ultimately falls in, the reader will find that Schneier is one of the most original thinkers around." Keep reading for the rest of Ben's review.In Applied Cryptography Schneier dealt with the pristine world of mathematical cryptography where aspects of pure mathematics could be demonstrably proven. For example, non-repudiation is absolutely provable.

In Liars and Outliers, Schneier moves from the pristine world of mathematics into the muddy world of human trust. Non-repudiation is no longer an absolute in a world where a Windows kernel can be compromised and end-users can be victims of social engineering.

The book addresses the fundamental question of how does society function when you cant trust everyone. Schneier notes that nothing in society works without trust. Its the foundation of communities, commerce, democracy, in truth — everything. And Schneier deals extensively with social and moral pressures that effect trust.

Liars and Outliers is very similar to books by Umberto Eco, that have a Renaissance feel to them; bringing myriad and diverse topics together. Schneier does this here and intertwines topics such as game theory, evolution, surveillance, existentialism and much more. Schneier's brilliance is that he is able to connect seemingly disparate dots around information security and society, and show how they are in truth tightly coupled.

In the book, Schneier makes note of those that don't follow the rules. He calls these people defectors, and these are the liars and outliers of the book. The book notes that everything is a trade-off, and these defectors are the ones that try to break the rules.

An overall theme of the book, in which Schneier touches and references sociology, psychology, economics, criminology, anthropology, game theory and much more, is that society can't function without trust. He writes that in our complex interconnect and global society, that we need a lot of trust.

Schneier makes frequent reference to Dunbar's number, which he first references in chapter 2. Dunbars number was first proposed by British anthropologist Robin Dunbar and is a theoretical cognitive limit to the number of people with whom one can maintain stable social relationships. It is generally in the area of 150. So when someone sees a person with 3,000 Facebook friends, something is clearly amiss.

In chapter 9 on institutional pressures, Schneier takes a very broad look at threats facing society today. One of the biggest perceived threats we have today is terrorism, and the book astutely notes that we can never ensure perfect security against terrorism.

If Schneier had his way, the TSA budget would be measured in the millions, not billions of dollars. He incisively observes that all the talk of terrorism as an existential threat to society is utter nonsense. As long as terrorism is rare enough (which it is), and most people survive (which they do), society will survive. He writes that while that observation is true, it is not politically viable for our leaders to come out and say that.

While the book is heavy on the people focus, Schneier also acknowledges that sometimes and for some people, the incentives to commit crimes are worth the risk. To deal with those, that is where security technologies come into play.

An interesting observation made in chapter 10 around technology is that sometimes the technological changes have absolutely nothing to do with the societal dilemma being secured. For example, he notes that between the ubiquity of keyboards and the tendency for teachers to focus on standardized tests, cursive is no longer being taught that much in schools. The result is that signatures are more likely to be either printed text is an illegible scrawl; making them easier to forge; which in turns creates new security risks.

In the book Schneier makes scores of astute observations on how society functions around security. He notes in chapter 16 that we are currently in a period of history where technology is changing faster than it ever has. The worry is that if technology changes too fast, the attackers will be able to innovate so much faster than society can that the imbalance become even greater; with failures that negatively affect society.

In many of the examples in the book, Schneier paints a dark picture given the advantage that the attackers and defectors have. But he also notes that we are in a period of history where the ability for large-scale cooperation is greater than it has ever been before. On that topic, he refers to the book The Penguin and the Leviathan: How Cooperation Triumphs over Self-Interest by Yochai Benkler where he writes that the Internet can and has enabled cooperation on a scale never before seen. And that politics, backed by science, is ready to embrace this new cooperation.

On the lighter side, in chapter 17, Schneier notes that Mussolini didn't make the trains run on time; he just made it illegal to complain about them.

Schneier notes at the end of the book that its lesson isn't that defectors will inevitably ruin everything for everyone. Rather that we as a society need to manage societal pressure to ensure that they don't.

Liars and Outliers is an absolutely fascinating and groundbreaking book. In this election year where the candidates attempt to make sweeping simplistic promises to fix complex problems, Schneier simply answers that in our complex society, there are no simple answers.

In Applied Cryptography Bruce Schneier demonstrated he was quite the smart guy. In Liars and Outliers, he shows he is even smarter than most of us first thought.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Liars and Outliers: Enabling the Trust that Society Needs to Thrive from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cancel ×

68 comments

Sorry! There are no comments related to the filter you selected.

Not Quite Ben's First Rodeo (5, Informative)

eldavojohn (898314) | more than 2 years ago | (#39130095)

First time accepted submitter benrothke writes

Nahh, he just switched from brothke to benrothke. He's been reviewing as far back as 2008 [slashdot.org] with a review of The Tangled Web [slashdot.org] not even a month ago. Maybe he forgot his password?

Haters gonna hate [slashdot.org] on book reviews (including me) but keep 'em coming, brothski!

Re:Not Quite Ben's First Rodeo (4, Insightful)

PopeRatzo (965947) | more than 2 years ago | (#39131625)

Haters gonna hate on book reviews (including me) but keep 'em coming, brothski!

It's pretty good, as short reviews of books on technical subjects go. As someone who has analyzed texts my entire professional career, he has clearly reviewed books before, his user name aside.

I do enjoy the book reviews here on Slashdot. I've gotten some pretty good reads and reference books.

I'd like to see more reviews by lots of different people. Reviews of things besides books, too. I think there are a lot of Slashdot readers who have interesting and informative perspectives. RogueyWon's game reviews, for example, are as good as any I've found on the Internet.

Re:Not Quite Ben's First Rodeo (0)

Anonymous Coward | more than 2 years ago | (#39140769)

I'll take your word for it. I couldn't get past this gem: "In fact, it is hard to classify this as an information security title and in fact the book is marked for the current affairs/sociology section."

Re:Not Quite Ben's First Rodeo (1)

Anonymous Coward | more than 2 years ago | (#39132065)

Not so much a "reviewer" as a "talent scout" ... if you only write positive reviews, you're in the business of promoting books you think deserve it. On the whole that seems like a better occupation than writing screeds that pan some hapless author who probably already knows he should try another line of work.

Re:Not Quite Ben's First Rodeo (0)

Anonymous Coward | more than 2 years ago | (#39135325)

Well, here is a 1 star review he did write ; https://365.rsaconference.com/blogs/securityreading/2010/06/14/fair-use-plagiarism-and-the-world-s-no-1-hacker-book

Re:Not Quite Ben's First Rodeo (0)

Anonymous Coward | more than 2 years ago | (#39135671)

here is a 1 star review he did: http://www.amazon.com/Certified-Information-Systems-Certification-Preparation/dp/1742443168/ref=cm_cr-mr-title

Re:Not Quite Ben's First Rodeo (0)

Anonymous Coward | more than 2 years ago | (#39135731)

and another 1-star review he did: http://www.amazon.com/Security-Policy-Cookbook-Guide-Professionals/dp/098427152X/ref=cm_cr-mr-title

Re:Not Quite Ben's First Rodeo (0)

Anonymous Coward | more than 2 years ago | (#39136571)

and another 1 star review:

http://www.amazon.com/How-Become-Worlds-No-Hacker/dp/0982609108/ref=cm_cr-mr-title

Re:Not Quite Ben's First Rodeo (0)

Anonymous Coward | more than 2 years ago | (#39137363)

and another 1 star review:

http://www.amazon.com/Certified-Information-Security-Certification-Preparation/dp/174244301X/ref=cm_cr-mr-title

Re:Not Quite Ben's First Rodeo (0)

Anonymous Coward | more than 2 years ago | (#39137947)

and another 1 star review:

http://www.amazon.com/Certified-Information-Professional-Certification-Preparation/dp/1742441394/ref=cm_cr-mr-title

sure that there are more, jsut check...so your theory...well.......

Re:Not Quite Ben's First Rodeo (0)

Anonymous Coward | more than 2 years ago | (#39133037)

So what? not sure the point, trivia?

Trust works in most societies (-1, Troll)

Chrisq (894406) | more than 2 years ago | (#39130227)

Trust works in most societies, but we need to make exceptions when Islam is involved. This perverted religion teaches deceptions, lies and murder. Thats why so many converts who have previously been trustworthy become terrorists.

Re:Trust works in most societies (0)

Anonymous Coward | more than 2 years ago | (#39130257)

Wow, way to seque. You should tell us how you really feel.

Re:Trust works in most societies (1)

SirGarlon (845873) | more than 2 years ago | (#39130293)

Please do not feed this troll

Re:Trust works in most societies (0)

vlm (69642) | more than 2 years ago | (#39130391)

perverted religion teaches deceptions, lies and murder

Yeah, that really narrows it down to ... all religions (except Buddhism). Oh wait I see you mentioned one by name in the first line. Sry.

Re:Trust works in most societies (1)

Anonymous Coward | more than 2 years ago | (#39130415)

Nonsense, trust is always limited, and is not particularly bounded by societal lines. I trust my own family to a certain extent (less that absolutely), close friends to a lesser extent, acquaintances to an even less extent, strangers of my religion to a different extent, strangers of my own profession yet another way, strangers from my hometown or ethnicity in a different way, etc. Other people will trust these groups in a different way than I do, etc.

Re:Trust works in most societies (0)

Anonymous Coward | more than 2 years ago | (#39130423)

Actually all of the Abrahamic religions teach deceptions, lies, and murder.

Technically Christianity doesn't, but in practice it does. I have yet to meet a christian that follows the words of Christ.

Re:Trust works in most societies (0)

Anonymous Coward | more than 2 years ago | (#39130537)

I'm sorry to hear that. Perhaps you should pay more attention? I have met many. They are good people. I have also met many who claim to follow it in word but in actions they dont.

Re:Trust works in most societies (1)

LoyalOpposition (168041) | more than 2 years ago | (#39130981)

Actually all of the Abrahamic religions teach deceptions, lies, and murder.

Are you saying that they teach about them? As in...they tell about people who told lies? Or are you saying that they teach their followers to do them? The reason I ask is that in Judaism the first question you are asked in the afterlife at judgement is, "were you honest in your business dealings?" In that respect honesty could be said to be one of the most important tenets of Judaism. Similarly in Christianity Jesus admonishes its adherents to be completely truthful, as in not being more truthful when swearing an oath.

~Loyal

Re:Trust works in most societies (1)

Chrisq (894406) | more than 2 years ago | (#39134407)

Actually all of the Abrahamic religions teach deceptions, lies, and murder.

Are you saying that they teach about them? As in...they tell about people who told lies? Or are you saying that they teach their followers to do them? The reason I ask is that in Judaism the first question you are asked in the afterlife at judgement is, "were you honest in your business dealings?" In that respect honesty could be said to be one of the most important tenets of Judaism. Similarly in Christianity Jesus admonishes its adherents to be completely truthful, as in not being more truthful when swearing an oath.

~Loyal

It is only Islam that teaches followers to lie and to be fair it is in the Hadith rather than the Qur'an.

Re:Trust works in most societies (1)

MikeBabcock (65886) | more than 2 years ago | (#39137845)

Christianity is the following of the teachings of Christ. However, being a Christian simply means a belief or faith in those teachings, not one's ability to follow them.

As the old story goes, our church may be full of hypocrites, but there's always room for one more.

Parsing Error (4, Funny)

JeanCroix (99825) | more than 2 years ago | (#39130259)

The result is that signatures are more likely to be either printed text is an illegible scrawl; making them easier to forge; which in turns creates new security risks.

A couple related sentences seem to have collided here...

Re:Parsing Error (0)

Anonymous Coward | more than 2 years ago | (#39130437)

I think this is just a typo, meant to be: "either printed text or an illegible scrawl"

Re:Parsing Error (2)

JeanCroix (99825) | more than 2 years ago | (#39131101)

That was my best guess too. It should probably read: "The result is that signatures are more likely to be either printed text or illegible scrawls, making them easier to forge; which in turn creates new security risks."

Re:Parsing Error (0)

Anonymous Coward | more than 2 years ago | (#39133181)

I understood what he meant :)

Re:Parsing Error (1)

jumbomojo (1290828) | more than 2 years ago | (#39136577)

This may seem pedantry, but the last sentence in the fourth paragraph is problematic for this nitpicker-in-chief: "And Schneier deals extensively with social and moral pressures that effect trust." Does he really mean "affect," in the sense of "influence" or "alter", or does he really mean "effect," in the sense of "create" or "cause to happen"? I'm guessing the former, but I'll just have to buy the book.

Defectors aren't all bad (5, Insightful)

roeguard (1113267) | more than 2 years ago | (#39130307)

While Trust definitely lowers the cost of transactions between people/entities, I think that having a small amount of defectors is actually beneficial on a macro level. Without a couple people willing to take advantage of process flaws, it would be very easy for society to become stagnant and complacent.

Doesn't mean we shouldn't crush those defectors to dust when we find them, though.

Re:Defectors aren't all bad (1)

plover (150551) | more than 2 years ago | (#39130545)

You just described the plot of "The Invention of Lying", a clever Ricky Gervais movie about a society where trust is 100%, and he discovers he can abuse this by lying.

Re:Defectors aren't all bad (2)

lightknight (213164) | more than 2 years ago | (#39132767)

Which is precisely the problem.

How do you protect yourself from liars? Do you begin lying yourself? The short term advantages of one-skilled liar can be so detrimental to others, that by the time the long-term disadvantages of lying catch up, everyone else has converted to lying to keep themselves alive.

As principled as you may imagine yourself to be, duress, like most forms of torture, can force a more pragmatic approach.

A recent study with machines, posted on reddit, showed that when they were forced to compete for scarce resources, and allowed to evolve, lying would appear. There is, however, a cut-off for this behavior; a population / group allows for not more than a percentage of lying to take place, or the population will collapse (or something to that effect).

{cough!} Goldman! {cough!} (0)

Anonymous Coward | more than 2 years ago | (#39135679)

"How do you protect yourself from liars? Do you begin lying yourself? The short term advantages of one-skilled liar can be so detrimental to others, that by the time the long-term disadvantages of lying catch up, everyone else has converted to lying to keep themselves alive."

you just summed up the entire US (& probably global) financial system in one elegantly succinct sentence - well done, sir (/madam)!

Re:Defectors aren't all bad (1)

jc42 (318812) | more than 2 years ago | (#39153735)

How do you protect yourself from liars? Do you begin lying yourself?

Actually, this has been dealt with by the game theory folks. It has also been tested in Real Life by contests pitting implementations of various strategies in games that pairs strategies against each other, and rewards/punishes them depending on various payoff functions. The most popular have been Repeated Prisoner's Dilemma games, in which the PD payoff matrix is used, and "players" are allowed to remember what each opponent did in previous encounters.

The simplest strategy that consistently wins against most other strategies is called Tit for Tat, and amounts to: Cooperate with an opponent in the first encounter, and subsequently do whatever they did to you the last time. This tends to produce crowds of cooperators that repeatedly get the payoff of mutual cooperation; occasional defectors are instantly excluded, so they only get the defection payoff once from each opponent. But if a defector wises up and starts cooperating, it is quickly accepted and becomes part of the cooperative society.

An interesting aspect of this is that people have had a lot of trouble finding a strategy that beats TfT in the long run. It's also interesting that it only requires remembering one bit of information about each participant (plus their ID as the lookup key of course). So it can be implemented in RL by critters with fairly low intelligence and memory. Some biologists have had fun applying this result to observations of social species' behavior.

Douglas Hofstadter has written extensively about these games.

Re:Defectors aren't all bad (2)

Ly4 (2353328) | more than 2 years ago | (#39133239)

Read the book - this is exactly one of Schneier's points.

It's even covered in the available-on-the-web Chapter 1 [schneier.com] .

Re:Defectors aren't all bad (0)

Anonymous Coward | more than 2 years ago | (#39139099)

I think many of these people who post would rather comment than read a book....history shows.

First Post! (1)

Anonymous Coward | more than 2 years ago | (#39130345)

Nah. I am a liar.

If I am the last to claim FP, does that make me an outlier?

Re:First Post! (0)

Anonymous Coward | more than 2 years ago | (#39130379)

This. The original author doesn't know what an outlier means.

Re:First Post! (1)

ISoldat53 (977164) | more than 2 years ago | (#39130389)

You say you are a liar. I don't believe you.

Dunbar and his number (2)

vlm (69642) | more than 2 years ago | (#39130363)

Dunbar gets made fun of sometimes because of the whole correlation/causation thing. Its just as sensible that social size and neocortex size depend on food pressure.

There are also the weird equivalents of the squared/cubed law

Also primate behavior is pretty boring compared to human, so Dunbar gets made fun of because of what amounts to FTE full time equivalent accounting. Surely the relationship I have with my cube neighbor is not exactly the same as yours, resulting in a larger or smaller chunk of the brain necessary to process... So 150 average full time equivalents, but someone really shallow might do the mentioned 3000 FB friends because each, on average, is only 1/20th of an average relationship. This is actually a well known FB problem, for example I don't do the 1/20th of a real relationship thing, so I found FB incredibly annoying, I don't give a F about some kid I sat next to in study hall 20 years ago, so I deleted my account from all the friendspam. A social media network 2.0 thingy that understands that would be interesting... G+ and its circle sliders is pretty close.

Re:Dunbar and his number (1)

MagusSlurpy (592575) | more than 2 years ago | (#39134669)

My understanding is that this is exactly what FB has been trying to accomplish with their Top Stories/whatever crap they keep doing in each new update. Even though someone has 3000 friends, only the forty or so that person interacts with show up in the feed.

Of course, that's what pisses a lot off us off about FB - we are already control freaks, and if we don't want to hear about a person, we just block them. My 92-year-old great aunt through marriage is on my FB friends list, and even though I never comment on any of her posts, I still like seeing them as she has such a different perspective than I. But since I never comment, FB thinks I'm not interested, and never shows me anything from her.

Meanwhile, I just ignore the hundred friend requests from people in my HS class that I just don't give a rat's ass about, manually doing the work for that millions-of-dollars-algorithm.

The first thing that should be taught in any and every programming class is that whenever you change something in a UI, you should give users the option to disable that change.

Slower not faster (5, Insightful)

vlm (69642) | more than 2 years ago | (#39130459)

In the book Schneier makes scores of astute observations on how society functions around security. He notes in chapter 16 that we are currently in a period of history where technology is changing faster than it ever has. The worry is that if technology changes too fast, the attackers will be able to innovate so much faster than society can

Historically haven't attackers always innovated slower at least on the net? I was on the net for years before the invention of spam around '93 or so. Most "attacks" seem to be the same old social con artist crimes, or finding dumb coding mistakes... but for those in the biz, those dumb mistakes are defined as dumb, not insightful. A buffer overflow is freaking magic to a noob, but to a guy who knows C its a parlor trick.

Technologically enhanced stupidity on the victim side seems to be a bigger issue than technologically enhanced criminality on the attacker side.

In 20 years on the net, I've seen the victims get stupider, but I haven't seen the attackers get smarter or dumber. You'd think the same demographic pressure would apply to each, but...

Re:Slower not faster (2, Insightful)

Anonymous Coward | more than 2 years ago | (#39130617)

You're looking at it from the wrong perspective. "Attackers", manipulators, and conmen have always and will always be trying the best schemes they can find. When they find one to be profitable, they don't NEED to move on until the scheme has been foiled and its chances of success drop to the point where it's more profitable to move on to a new scheme than to continue entertaining an existing, [semi-]successful one.

Find an easy way to make money, and you will find the place swarming with conmen, abusers, attackers, manipulators, and their ilk. This thing surges until the bubble bursts or gets regulated into oblivion. This doesn't kill the bug, it just moves it to a new home. When one of the bugs discovers there's an easy way to make a buck somewhere else, expect the infestation to grow until it's noticeable by you, annoying to you, and finally, unavoidable to you.

Re:Slower not faster (1)

Anonymous Coward | more than 2 years ago | (#39131591)

actually, attackers generally innovate faster than society or "good guys" do. that's the whole reason that zero-day vulnerabilities occur before the security loopholes are patched. plus, if you don't think attackers are getting smarter, you haven't been paying attention (e.g., Stuxnet, Anonymous eavesdropping on FBI conversations, etc.).

Re:Slower not faster (2)

Jafafa Hots (580169) | more than 2 years ago | (#39133481)

Also it depends on how you define smart.

If you can still reliably get what you want by using a phone, calling and saying "Hey, this is Andy in the Widget Dept., what was today's password again?" then it's not very smart to invest a lot of time and money into developing an unproven way of doing the same thing.

Re:Slower not faster (2)

plover (150551) | more than 2 years ago | (#39132511)

Look at OWASP and SANS. Every entry in their databases indicates someone who got smarter and figured out a new hole to exploit. And their databases are growing as attackers learn more and exploit more.

And yes, coders are still making mistakes that others have made. They have failed to learn, and that's what OWASP is trying to prevent. But there are certainly new attacks coming out. Why? Because as systems grow in complexity, unforeseen interactions between the components create vulnerabilities. And there's a background floor of people willing to enable internal attacks via social engineering.

And don't forget that as long as old attacks continue to work, attackers are often too busy exploiting the successful attacks to bother researching new ones.

What I'd conclude instead is that complexity enables attacks, the rate of attacks would follow that of the rate of increase in complexity. Since complexity seems to be on the increase, I would expect to see attacks on the increase.

Re:Slower not faster (2)

Ly4 (2353328) | more than 2 years ago | (#39133305)

Schneier covers your point on the increasing rate of attack possibilities. You can see some hint of the discussion in the last diagram on this page of figures [schneier.com] .

Re:Slower not faster (1)

ozmanjusri (601766) | more than 2 years ago | (#39133331)

Every entry in their databases indicates someone who got smarter and figured out a new hole to exploit.

Moving to a different hole in a colander is not the same as getting smarter.

Trust requires accountability (3, Funny)

Anonymous Coward | more than 2 years ago | (#39130581)

Common Law America used to have quite a bit more social trust. And people used to live with more integrity.

Of course, we had better social enforcement. Rude curs would be shunned as "no-account trash", or dueled if they continued to deliberately give offense.

Being free, any citizen was allowed to reject the law and opt not to be held accountable to it. Of course, they were also not protected by the law either, and if these "outlaws" began encroaching against society (robbing stages, kidnapping and the like) they had only the protections of natural law (kill or be killed, the law of the wild) to protect them. Society's members were free to contribute to a large bounty and hunt them down like rabbits.

It's these social costs for giving offenses that prevented everyone from doing that. While I can't agree with the puritanical basis in whole, most of those social costs have now been removed from our society. With the penalties gone, acting out and giving offense has become prevalent. And trust correspondingly takes a hit when we no longer concern ourselves with whether we've transgressed against another person, and merely worry about whether we've transgressed against the State and are liable for punishment by it.

Re:Trust requires accountability (1)

Mr. Slippery (47854) | more than 2 years ago | (#39140969)

Being free, any citizen was allowed to reject the law and opt not to be held accountable to it.

I'm sorry, when exactly was this? You seem to have mistaken mythology for history...

Outliers (1)

eyenot (102141) | more than 2 years ago | (#39130693)

This sounds like a cross between Kevin Mitnick's "The Art of Deception" and Malcolm Gladwell's ("The Tipping Point") "The Outliers". Probably should take an interest in any of these if you take an interest in any of them.

Re:Outliers (0)

Anonymous Coward | more than 2 years ago | (#39130775)

It seems to be that and much more....book is all over the place.

GoogleDitch? Chrome only future for Flash on Linux (-1)

Anonymous Coward | more than 2 years ago | (#39130951)

Penguins Planning to dump google 100%? Might want to read this.

Chrome only future for Flash on Linux

I could try to highlight that a million ways, it still doesn't fully kick in the ramifications.

Adobe has announced that in future, the Flash Player for Linux will only be available through Google as part of the Google Chrome browser and not as a standalone download. The shipped plugin will also only support Chrome's plugin API. The changes will take effect after the release of Flash Player 11.2 later this year.

(From H-Online)
http://www.h-online.com/open/news/item/Chrome-only-future-for-Flash-on-Linux-1440104.html [h-online.com]

10/10 review (0)

Anonymous Coward | more than 2 years ago | (#39130961)

Stopped reading right there. What good is a reviewer who fails to review?

Re:10/10 review (0)

Anonymous Coward | more than 2 years ago | (#39131521)

what is your point? he thinks it is a good book.

all the reviews on amazon are all 5 stars.

Re:10/10 review (0)

Anonymous Coward | more than 2 years ago | (#39131999)

Why did you write your comment?. This is an outstanding book.

You want people to review crap?

Glad you asked. (0)

Anonymous Coward | more than 2 years ago | (#39135039)

You don't understand what a review is for, do you? If I'm going to the trouble of reading a review I expect to read what the reviewer thinks about the book; what its strong and weak points are. If the book is crap, I expect to hear about it. This saves me the time of actually having to read the book myself. So yes, good reviews of crap books are at least as useful as good reviews of good books. The investment of reading the review saves me wasting my time with a crap book.

This guy only writes "10/10" reviews. That makes him an advertising agency in disguise, a naive and uncritical reviewer at worst. He doesn't have my trust that he'll tell me when a book is crap. I cannot trust his judgement as all I know is that if he wrote the review it'll have a ten out of ten rating, not whether the book is good. As such, his reviews are all bad, and I can't discern from them whether the book is good or not, whether the investment to buy and read it will be worth my money and time. Thus, reading his reviews is a guaranteed waste of time; it actually costs me for all the review is "free".

All I can reliably get from this particular review is "Bruce Schneier" wrote it. That guy's a big name, read some of his work before, generally has interesting ideas and presents them well. I don't need a review to tell me that as I've read from the original. If I then see the reviewer is uncritical (and he is, well-known and self-admitted), it's really just a heads up "Bruce Schneier wrote another book." End of message. The rest is just noise. And so we're back to the first two paragraphs: Uncritical reviewers are useless.

And to himself as well. He'd do better getting a publisher to pay him for writing blurbs.

Re:Glad you asked. (1)

fbjon (692006) | more than 2 years ago | (#39137041)

Perhaps the book reviewer couldn't find any weak points that were noteworthy enough compared to the strong points? If you want a broader and more objective review, you have to look for book meta-reviews.

Remember the Morrisons in _Scientific American_? (1)

Max Hyre (1974) | more than 2 years ago | (#39138943)

Decades ago, before SA became dumbed down, Philip and Phylis Morrison [wikipedia.org] reviewed books for them. They'd (IIRC) do three or four each month, and with one exception they never got below a very good rating. I always assumed that was because there were way too many good books to make it worth while wasting ink on mediocre or bad ones. The reviews themselves were usually worth reading for their own sake—I learned a lot from them.

I guarantee you they were in no sense cheerleaders or shills. They just knew how to make good use of their time.

The one book with a bad review? The Bell Curve [wikipedia.org] , a pseudo-scientific screed trying to justify racism. The Morrisons devoted that month to the single review, showing why it was such a disaster. (For detailed coverage of what's wrong with it, see Steven Jay Gould's [wikipedia.org] The Mismeasure of Man [wikipedia.org] .)

Robert Putnam's Study (0)

Anonymous Coward | more than 2 years ago | (#39130967)

On how ethinic diversity reduces trust--does Schneier refer to that?

Re:Robert Putnam's Study (0)

Anonymous Coward | more than 2 years ago | (#39131841)

do u have a link to that study?

Re:Robert Putnam's Study (1)

slew (2918) | more than 2 years ago | (#39132329)

Here you go http://www.utoronto.ca/ethnicstudies/Putnam.pdf [utoronto.ca]

Is this racist dribble? Dunno, maybe.

Basically Mr Putnam advances a theory about a postulated metric of social capital and how much you claim that you trust your neighbor and how much that socally isolates you. The data is mostly extrapolated from aggregate data and the author even admits that many of the speculations do not follow from data that passes statistical significance as he makes the leap from corellating trust with aggregate neighborhood ethnic diversity.

Mr Putnam's earlier work was called "Bowling Alone" which essentially claimed (without the racist overtones), that this so called social capital has declined since the 1950's and blamed technology for that (just like many other sociologists prior to him). I guess blaming technology wasn't controversial enough, he had to blame ethnic diversity now.

Perhaps Mr Putnam should have just blamed reduced "social capital" on drug use, divorce rate, reduction in family size, reduction in prevalence of nearly extended family, dispersion of extended families to chase job opportunities. All seems like those are all just as likely to fit exactly the same data...

I haven't read Mr Schneier's new book yet, but hopefully he didn't stoop to this level.

Re:Robert Putnam's Study (1)

oldmac31310 (1845668) | more than 2 years ago | (#39140343)

The word is drivel. Common mistake on /. for some reason.

Cost of mistrust (1)

oldhack (1037484) | more than 2 years ago | (#39131987)

If you've worked in security, it don't take long to realize how expensive the task is and how limited is its efficacy despite expending much effort. Stepping back a bit, you come to appreciate the enormous cost of mistrust.

This is my observation having spent some time in IT security of financial firms, and I wouldn't be surprised if those with experience in other security arena (physical, law enforcement, etc.) come to make similar observation.

In the end, increasing the general level of trust in the whole of society might just be the best way to improve security, perhaps even if only the material cost is accounted for. Of course, increased level of trust in general would have whole host of other benefits as well.

So, anyway, I'm not surprised Schneier wrote a book on this topic. I'll have to have a look.

Not unrelated (2)

fermion (181285) | more than 2 years ago | (#39132517)

I read the first part of Applied Cryptography for a job I did several years ago. I was not in security, but did need to know something about it work with the codebase. Later I read beyond fear. It was a technical book, but it was an important book for people making security decisions, which is all of us. Security is not just about making a website using SLL or not responding to strange emails, or locking the door. It is about not getting so afraid that you make silly mistakes or disproportionate sacrifices. This is especially true when security is very costly, and can impact profits and deficits. I wonder how many firms have gone bankrupt because they did not manage security expenditures due to fear.

I have not read Lies and Outliers, expect for the excerpt online, but I have followed the writing on the blog. It seems to me that this is another book that promotes and explains rational security. Really that was all that Applied Cryptography did. Explain what to do with the tools and knowledge we had. Most security systems are merely only façades. Door locks are not that hard to disable. Checks are not all that hard to forge. They exist to put a layer of ritual between others and our secrets, and it is beneficial for most of us to respect those rituals. What is left, then, is what to do with the those that do not respect ritual, or, even more dangerous, appear to respect the ritual but really are just abusing the rituals to maximize personal returns at the expense of the community.

The end, as always, is an efficient security that does not cause more trouble than it is worth. I think of all the alarms that used to go off every time a car was approached. Of course alarms did not really stop car theft. Most people just ignored them. Modern methods that do not destroy the civil tone of society tends to be more productive.

Follow-up to Applied Cryptography?This it is not! (1)

MikeTheGreat (34142) | more than 2 years ago | (#39138773)

I love Yoda's book reviews!

  For those that are looking for a follow-up to Applied Cryptography, this it is not

(On a more serious note - this is an great review of a really interesting book - thanks for posting it! :) )

we're all defectors (1)

RJBeery (956252) | more than 2 years ago | (#39139907)

I don't like the idea that either you're a defector, or trustworthy. It's really a matter of degree, which is determined by our ethics AND our current situation. Have you ever parked at a meter without plugging it, "hoping" that you'd not get caught? How is that different from stealing from society in other, larger ways, such as robbing a bank (beyond severity of the betrayal)?

It's all a matter of degree (1)

Max Hyre (1974) | more than 2 years ago | (#39140315)

Ever heard the expression ``a difference of degree large enough to become a difference in kind''? Certainly there are similarities between shorting a parking meter and robbing a bank, but.... To suggest that the two are not different, except in severity, is to miss the point. Some actions are bad enough that they are warrant a stint in the penitentiary, others only a $25 fine. To pretend otherwise is to fall into the ``zero-tolerance'' trap. Remember the high-school student who was expelled because she'd left a butter knife in the back of her car (after a picnic?)? That's where zero-tolerance gets you, and it's not a good place for society.

Re:It's all a matter of degree (0)

Anonymous Coward | more than 2 years ago | (#39167673)

not sure what your comment has to do with the book review....care 2 vlarify?

Re:It's all a matter of degree (1)

Max Hyre (1974) | more than 2 years ago | (#39173621)

My comment was in reply to RJBeery [slashdot.org] , who asks

Have you ever parked at a meter without plugging it, "hoping" that you'd not get caught? How is that different from stealing from society in other, larger ways, such as robbing a bank (beyond severity of the betrayal)?

It seemed germane to me—how society deals with defectors is an important part of the whole.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>