Opinion: Getting “Beyond Fear”: A Security Expert’s Prescription for A Safer World

My review of Bruce Scheier’s new book Getting “Beyond Fear”: A Security Expert’s Prescription for A Safer World is now online at Security Pipeline.

I must admit, I had a difficult time with this one. I’ve reviewed other security books, including one by Bruce before, but those are usually “insider” books on the hard tech aspects of security (see “Perspectives on Computer Security” and Under Lock and Key”, Dr. Dobbs Journal). But Bruce took a different tact with this book – he wanted to talk to ordinary people about how they could deal with security. And he expressed to me privately that he was frustrated with how difficult it was to reach that audience.

And I could see why he had a problem. The marketing of security books is very masculine, very secret agent man, but opening it up Bruce wrote a very readable book about fear and security. Since secret agents and hackers are thought not to feel fear, this doesn’t mesh.

Ironically, the audience I thought Bruce spoke best to inside the covers was women! Women are often neglected in discussions of security, because it is commonly viewed (even by women editors) that this subject is too “manly” and too “technical” to attract their attention.

But here we are, reading about security patdowns that seem like groping sessions and women terrorists from Chechnya blowing up airplanes. How women can be excluded from consideration or from the responsibility of informing themselves about security is beyond me – yet the publishing bias persists.

I originally tried to place a longer piece discussing security and the role of women in our society in more mainstream press, simply because the tech audience is decidely male. I hoped to reach the women and girls currently undergoing the humiliations of an overworked and underfinanced security grid. But after a lot of those cited rejections, I finally gave up and placed it (suitably modified) with an editor I know in a solidly male tech publication. I’m grateful to Mitch Wagner of Security Pipelines for allowing me to discuss Bruce’s book in the context of recent security debacles. I only hope that the guys reading it will pick up a copy for their wives, mothers, and girlfriends, and encourage them to read it because a woman said so. Because despite what the mainstream press editors will tell you, women still need to know how to evaluate security before it becomes a danger to them and others.

Programming Jobs Lose Luster – Live Free or Die

The NYTimes today discusses why bright engineering students are leaving the major to move to business even if they love science. It’s the jobs, stupid (to paraphrase James Carville). “U.S. graduates probably shouldn’t think of computer programming or chemical engineering as long-term careers” since “The erosion of ”deep code” and other technology jobs in the next decade is creating a high-stakes game of musical chairs for geeks, Silicon Valley recruiters say”. Sounds pretty gloomy.

Where do we go from here? If you are totally committed to a technology career (because you’ve already got your degree or career in it, or you have it as a calling), you’ve got to think smarter. As William Jolitz said last week in his article Misplaced Software Priorities in Cnet:
” We are in danger of losing out in the best and most interesting part of the software market. I’m referring to the development of high-level components such as user interfaces. These deserve our attention because they increase the value of what we can do with technology. Instead, we’re continually re-creating the same low-level infrastructure.”

The big win here would be to kick software innovation into high gear by clearing the decks to focus the innovation segment on the “race to the top” (as Thomas Friedman of The New York Times has put it). People with big dollars then can take big risks for big opportunities.”

So as the motto goes, “Live free or die”.

Fun Friday: You are a Fluke of the Universe, But Everyone Can Google It Now

The Internet as memory is a very peculiar wraith. Entire swaths of human history are virtually absent from the search pages, while recent people, places and things thrive in overabundance. Irrelevent items, like what someone wrote on a long-dead VAX system 20 years ago suddenly pop up in a name search, as if someone found some old backup tar tapes and actually offloaded the bits into the archival dustbin. Noxious potions, irrelevencies, lies and deceits abound unopposed, because this memory is so disorganized that few can find every relevent link – much less correct the errors masquerading as facts. And even small trite embarrassing episodes from the past can suddenly appear on your Google dossier – sometimes funny, and sometimes tragic.

Stephanie Rosenbloom of the New York Times prefers to laugh – but with a purpose. Her article discussing an unflattering picture that always seems to pop up whenever her name is searched is actually illustrative of the ubiquitous and uncontrolled grasp of random bits and pieces of our lives. “If it’s damaging but it’s accurate, it’s not actionable” said John Palfrey of the Berkman Center for Internet & Society at Harvard Law School. “What if it’s extraordinarily ugly?” she asked. “Extraordinarily ugly probably doesn’t get it there – with information that’s put on the Internet, you pretty much have to assume it will be around forever” he responded. Even if you’re unhappy, you’re probably out of luck.

But what about nasty and vicious things? Rosenbloom relates the recent headache of Cecilia Barnes, who’s ex-boyfriend decided to get back at her by posting nude photos, her work phone number, and her email address on Yahoo. Apparently, Yahoo hasn’t responded to demands it be taken down. A lawsuit is pending (and Yahoo isn’t talking).

Ms. Rosenbloom talks of possible solutions, from paying listing services to gaming Google. But the fact of the matter is, the more current and open you keep your information, the better you will appear.

The Robots of Silicon Valley

There’s been such a nice response to the Bots video by Ben Jolitz and Rebecca Jolitz (see Fun Friday: How Many Robots Can You Name?). Some folks just like watching a little movie about robots made by two kids who love them. Others saw it as just one of the ways GenY’s can actualize their interests in an increasingly anti-science and anti-creative world. And finally, most folks recognized some robot or toy from their childhood or profession – we had a lot of NASA viewers who loved the “Mars with retractable lever arm” scene (hint why funny – did the little Mars rover have a lever arm?).

So in rereading East Coast, West Coast: Where Will We See the Future of “Robot Valley by Dr. Pete Markiewicz, where he argues (correctly) that a Hollywood styled “Matrix” is misleading to real robotics work, which relies on realtime systems programming and operation, I found his east coast argument well-honed, but missing the “big picture”, in both realtime design (and yes, we have a bit of that experience over the years) and current media trends.

Fortunately, realtime programming, board design, and minimalism in operating systems is still alive and kicking. Ben Jolitz is currently on the robotics team at his local high school, is knowledgeable in programming and systems, and has participated in a number of competitions. His younger sister Rebecca Jolitz has become accomplished in media production, and also has a serious science and astronomy interest. Finally, they both avail themselves of talks and information that abound here in Silicon Valley and from NASA. There are tremendous resources available to those who ask.

Pioneers are always few. Believe me – I know, given my involvement in doing the first open source Berkeley Unix operating system for the masses. When we started out at Berkeley so many years ago working on an X86 version *no one* believed in Unix except as an expensive customized solution, especially Intel. It is very different nowadays, isn’t it?

The fascination with massive multiplayer gaming and the Internet with the masses today stems from it becoming a mature market – it is no longer an emerging one. So look to the GenY’s of tomorrow – the ones who go to the talks and enter science fairs and even (yes, even) create stories and movies about robots as they dream of tomorrow. Like rare roses in a field of weeds, you might find them hard to spot, but they are definitely there. You just have to look harder, and believe.

Search Engine Quirks and Search Engine Jerks

Everyone talks about hot search engine companies, and the next big thing in search (currently locality, with video emerging). But how many search engines are trolling the web, gleaning bits and pieces of the Internet corpus collosseum, and how do they differ in the process by which they search?

Check out Byte Online for the latest Lynne Jolitz article Search Engine Quirks and Search Engine Jerks. Join me today as I give you the “inside the datacenter” view of different search engines, what they like and don’t like, and how to tell the difference between a bona fide Google bot and a bad bot. See you there.

Muse, Sing the Tale of the Reconstructed Scrolls

In the midst of lots of work, a lovely article by David Keys and Nicholas Pyke of the Independent about bits and pieces of papyrus found in an ancient Egyptian garbage dump, reconstructed using a variety of satellite scanning and search technologies.

“The papyrus fragments were discovered in historic dumps outside the Graeco-Egyptian town of Oxyrhynchus (“city of the sharp-nosed fish”) in central Egypt at the end of the 19th century. Running to 400,000 fragments, stored in 800 boxes at Oxford’s Sackler Library, it is the biggest hoard of classical manuscripts in the world.” And it took a tremendous amount of work to scan and reconstruct.

So the ancients threw away Sophocles, Euripides, and Hesiod like we throw away bodice rippers and serial killer novels. Or maybe the Hellenes would have preferred what we read now – and were stuck with “And the helmets are shaking their purple-dyed crests, and for the wearers of breast-plates the weavers are striking up the wise shuttle’s songs, that wakes up those who are asleep.”

First Outsource the Tech, than the Surgeons, than the Patients

Saritha Rai of the NY Times chats about how India, Singapore, and so forth are becoming low-cost surgery centers for global patients – including Americans. It’s just too costly here for most folks. And it’s the same doctors you’d see here, because most of them trained here in America. It’s just the surgery center is a, ahh, bit remote.

I don’t know if anyone has noticed, but this trend impacts the development and deployment of new techologies in health care significantly. Up until recently, the telemedicine craze has dealt with providing medical resources to poor areas more effectively, like an Indian reservation (common example). But the problem is there is no relationship with the doctors doing remote diagnostics, there is no high bandwidth connectivity, and there is no technical maintanance at the remote end. In other words, there are far too many other factors to make this work in practice at this time. William Jolitz spoke to this vexing dilemma in TeleMedicine Journal in the mid-90’s.

But if patients are “outsourcing themselves” as Rai describes, telemedicine becomes very practical. The high speed lines exist, the monies to maintain the technologies at either end exist, and they could use telemedicine as a diagnostic / relationship building tool before the patient flies to India (or Singapore or whereever) for actual treatment.

I think this will be a real trend here. And it completely changes the orientation of the healthcare technology industry from records to communications!

And How Many Blogs Can a Blogger Blog if a Blog Could Log Words?

Tom Foremski of SiliconValleyWatcher is one of my favorite “inside SV” reads. Tom pays attention to the action ignored by PR flacks and marketing spinners – the stuff that really makes a difference at the beginning, not the end of the product or deal. Tom addresses the hard nut of credibility – or the lack of such – in Internet postings, blogs, and news items. “We just have to remember that building a media brand is a long process. The New York Times was not built in ten years,” Tom reports Shelby Bonnie, CEO of News.com telling him last summer.

But separating the good from the bad is going to be difficult. “Growing numbers of media professionals within the blogosphere raises the bar for all because the competition for reader attention will be that much fiercer and editorial standards will be that much higher. Building a personal blogging brand and cultivating a key readership within such an increasingly noisy media landscape will become increasingly difficult for individuals.” So how do we tell who’s better?

So I responded to Tom (who posted my reply) as follows, and it depends largely on those search engines: “Actually, the credibility of bloggers, commentators, shills, and journalists may simply be based by the reader on where in the google popularity hierarchy that person appears. In other words, if you don’t have a high google ranking on the first or second page, no one will read you no matter how fair and balanced you are. In an era where people live by “googling”, media “brand building” takes on an entirely new meaning. Perhaps this is why an IDG exec recently said google was a media company, and hence a competitor.

Why You Can’t Buy SpamQuiz!

I was puzzled recently when a friend couldn’t get his email through to me. We have our own spam filter we called SpamQuiz which nicely takes care of Nigerian pleas and lottery solicitations. SpamQuiz is not a product – it’s a project we did at TeleMuse Networks testing ISP correctness and email management. However, when I mentioned it on a special interest group email as part of our email changes a few months back, I found by the next day people were trying to piggy-back on our fame by “creating” a product called SpamQuiz for sale. Sigh. The world is full of crooks, isn’t it?

So just for the record – don’t buy SpamQuiz thinking that’s what Lynne Jolitz, open source pioneer and co-inventor of 386BSD – the First Open Source BSD Unix Operating System, SiliconTCP and Massive Video Production (MMP) created and uses, because it’s not from us! And it’s not a product for sale because 1) we’re not in the spam business and 2) we’re not crooks. We just build cool technology. If you’re a researcher or want to try it out for fun, I may help you – but that’s not a product.

But back to my friend. Since he wasn’t a crook, why was he getting trapped by SpamQuiz? Well, since the point of SpamQuiz is to catch nonconforming ISP’s and their bad emails, it was likely that his ISP had some small issue that could be cleared up. It couldn’t be all bad, could it? Or maybe not. So we traced the email. It’s a wonder he get anything through anybody because his ISP looks like Spam Central.

Things I Hate About the Net

Seana Mulcahy in today’s MediaPost talked about “Things I Hate on the Net”. Now, she’s not a techgal – she a marketing / branding babe – so among her listed items the usual litany of email scams, popups / popunders, spyware, broken / dead links, site registration, poor integration (what else is new), audio surprises (you know, those suddenly singing or talking little bursts when you’re on a conference call – it’s happened to me), and click-happy sites. Most of these are products of bad site design that are easily remedied – fire the marketing department and get a good designer. But some of these are tech-derived marketing inventions (surprise!) intended to exploit weaknesses and loopholes in our crazy-quilt Internet. We wouldn’t see much of the latter right now if a fundamental issue was resolved. And it’s actually a business mindset, not just a marketing or tech mindset.

So, “What do I hate about the net?” Simple – you can’t evolve anything new or tune something to get around problems, because everyone bets on failure and wants to exploit it for their own private purposes. I hear this all the time from technologists, inventors, and businessmen. “Take no risks”. And it’s betting on failure that spawns all these customer plagues today that Seana so loathes.