BKLRSOTL.RVW   20120104

“Liars and Outliers: Enabling the Trust that Society Needs to Thrive”,
Bruce Schneier, 2012, 978-1-118-14330-8, U$24.95/C$29.95
%A   Bruce Schneier www.Schneier.com
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2012
%G   978-1-118-14330-8 1-118-14330-2
%I   John Wiley & Sons, Inc.
%O   U$24.95/C$29.95 416-236-4433 fax: 416-236-4448 www.wiley.com
%O  http://www.amazon.com/exec/obidos/ASIN/1118143302/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/1118143302/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1118143302/robsladesin03-20
%O   Audience n+ Tech 2 Writing 3 (see revfaq.htm for explanation)
%P   365 p.
%T   “Liars and Outliers: Enabling the Trust that Society Needs to
Thrive”

Chapter one is what would ordinarily constitute an introduction or preface to the book.  Schneier states that the book is about trust: the trust that we need to operate as a society.  In these terms, trust is the confidence we can have that other people will reliably behave in certain ways, and not in others.  In any group, there is a desire in having people cooperate and act in the interest of all the members of the group.  In all individuals, there is a possibility that they will defect and act against the interests of the group, either for their own competing interest, or simply in opposition to the group.  (The author notes that defection is not always negative: positive social change is generally driven by defectors.)  Actually, the text may be more about social engineering, because Schneier does a very comprehensive job of exploring how confident we can be about trust, and they ways we can increase (and sometimes inadvertantly decrease) that reliability.

Part I explores the background of trust, in both the hard and soft sciences.  Chapter two looks at biology and game theory for the basics.  Chapter three will be familiar to those who have studied sociobiology, or other evolutionary perspectives on behaviour.  A historical view of sociology and scaling makes up chapter four.  Chapter five returns to game theory to examine conflict and societal dilemmas.

Schneier says that part II develops a model of trust.  This may not be evident at a cursory reading: the model consists of moral pressures, reputational pressures, institutional pressures, and security systems, and the author is very careful to explain each part in chapters seven through ten: so careful that it is sometimes hard to follow the structure of the arguments.

Part III applies the model to the real world, examining competing interests, organizations, corporations, and institutions.  The relative utility of the four parts of the model is analyzed in respect to different scales (sizes and complexities) of society.  The author also notes, in a number of places, that distrust, and therefore excessive institutional pressures or security systems, is very expensive for individuals and society as a whole.

Part IV reviews the ways societal pressures fail, with particular emphasis on technology, and information technology.  Schneier discusses situations where carelessly chosen institutional pressures can create the opposite of the effect intended.

The author lists, and proposes, a number of additional models.  There are Ostrom’s rules for managing commons (a model for self-regulating societies), Dunbar’s numbers, and other existing structures.  But Schneier has also created a categorization of reasons for defection, a new set of security control types, a set of principles for designing effective societal pressures, and an array of the relation between these control types and his trust model.  Not all of them are perfect.  His list of control types has gaps and ambiguities (but then, so does the existing military/governmental catalogue).  In his figure of the feedback loops in societal pressures, it is difficult to find a distinction between “side effects” and “unintended consequences.”  However, despite minor problems, all of these paradigms can be useful in reviewing both the human factors in security systems, and in public policy.

Schneier writes as well as he always does, and his research is extensive.  In part one, possibly too extensive.  A great many studies and results are mentioned, but few are examined in any depth.  This does not help the central thrust of the book.  After all, eventually Schneier wants to talk about the technology of trust, what works, and what doesn’t.  In laying the basic foundation, the question of the far historical origin of altruism may be of academic philosophical interest, but that does not necessarily translate into an
understanding of current moral mechanisms.  It may be that God intended us to be altruistic, and therefore gave us an ethical code to shape our behaviour.  Or, it may be that random mutation produced entities that acted altruistically and more of them survived than did others, so the population created expectations and laws to encourage that behaviour, and God to explain and enforce it.  But trying to explore which of those (and many other variant) options might be right only muddies the understanding of what options actually help us form a secure society today.

Schneier has, as with “Beyond Fear” (cf. BKBYNDFR.RVW) and “Secrets and Lies” (cf. BKSECLIE.RVW), not only made a useful addition to the security literature, but created something of value to those involved with public policy, and a fascinating philosophical tome for the general public.  Security professionals can use a number of the models to assess controls in security systems, with a view to what will work, what won’t (and what areas are just too expensive to protect).  Public policy will benefit from examination of which formal structures are likely to have a desired effect.  (As I am finishing this review the debate over SOPA and PIPA is going on: measures unlikely to protect intellectual property in any meaningful way, and guaranteed to have enormous adverse effects.)  And Schneier has brought together a wealth of ideas and research in the fields of trust and society, with his usual clarity and readability.

copyright, Robert M. Slade   2011     BKLRSOTL.RVW   20120104

C’mon, fess up.  Who did the discovery protocol for Windows Universal Plug and Play?

Was it supposed to work for USB?

Windows has always been annoying in regard to USB.  I’ve had it “forget” mice and jump drives (sometimes never to accept them again on that port).  I’ve had a port “locked” by an Adobe picture manager (which I hadn’t realized Adobe was installing while I was trying to upgrade Reader to get rid of the latest round of vulnerabilities) so that it never recognized my camera again on *any* USB port, and insisted that every jump drive I attached was a camera.  Windows has never been willing to specifically identify any USB port even if it reports a problem.

Recently our printer (yes, a Winprinter with a USB connection: these days, can you find any other type?) has been flaky.  Not the printer itself: it’s fine.  And, yes, I did install the correct Win 7 driver, thank you very much.  Not that either Microsoft nor HP were very helpful about that.  The computer started out just fine, for a few months.  Then it started not recognizing that it had a printer.  Then it started seeing that it had something connected, but couldn’t tell what it was.  And sometimes it would cycle between these states constantly, while I was working.  (I’d hear a rising double beep as it realized it had a printer, or a falling double beep as it lost it, or couldn’t recognize it.  It got so bad that I’ve had to turn the speaker volume down given the near constant clamour of beeps.)  We tried different things: rebooting, changing to another user, power cycling the printer, power cycling the printer and waiting a while before we turned it on, turning the printer on first, not turning the printer off when once it had successfully accepted a print job.  Sometimes they worked, sometimes they didn’t.  Recently it’s gotten a lot worse.

(And, yes, I did Google it.  And AltaVistaed it  Never found anything helpful.  Even when I added profanity, as I suspected would be the case with someone who had gotten as frustrated with it as I was.)

So, at Gloria’s suggestion, today I hauled the computer out of its nook and swapped the printer to another USB port.

She was right: after I changed it the queue printed.

I lost the keyboard, monitor (twice), mouse (twice).  Eventually got them back. And then the computer crashed.  I lost some bookmarks I had collected this morning, and some outbound email: don’t know what or how much.  As far as I can tell I still have access to other devices, but I got a report that the Passport drive has a problem and I’m currently running a check on it.

But the printer is still printing.  So far.

I could really get to hate Microsoft.  Very easily …

A few more places to find books.

Bookyards – unfortunately, these seem to be limited to what you could find on Gutenberg, and they are in PDF.

Mobipocket – at least these are in .mobi format.

Baen – they’ve done a lot of their back catalogue.

Bookmonk – interesting site, graphical links, for those who choose books by cover.

Smashwords – new publications, many free.

A new study notes that “scholarly” academic journals are forcing the people who want to publish in them (the journals) to add useless citations to the published articles.  OK, this may sound like more academic infighting.  (Q: Why are academic fights so bitter? A: Because the stakes are so small.)  But it actually has some fairly important implications.  These journals are, in many eyes, the elite of the publishing world.  These articles are peer-reviewed, which means they are tested by other experts before they are even published.  Therefore, many assume that if you see it in one of these journals, it’s so.

(The system isn’t pefect.  Ralph Merkle couldn’t get his paper on asymmetric encryption published because a reviewer felt it “wasn’t interesting.”  The greatest advance in crypto in 4,000 years and it wasn’t interesting?)

These are, of course, the same journals that are lobbying to have their monopoly business protected by the “Research Works Act,” among other things.  (The “Resarch Works Act” is a whole different kettle of anti-[open access|public domain|open source] intellectual property irrationality.)

I was, initially, a bit surprised by the study on forced citations.  After all, these are, supposedly, the guardians of truth.  Yes, OK, that’s naive.  I’ve published in magazines myself.  Not the refereed journals, perhaps: I’m not important enough for that.  But I’ve been asked for articles by many periodicals.  They’ve had all kinds of demands.  The one that I find most consistently annoying is that I provide graphics and images.  I’m a resarcher, not a designer: I don’t do graphics.  But, I recall one time that I was asked to do an article on a subject dear to my heart.  Because I felt strongly about it, I put a lot of work into it.  I was even willing to give them some graphics.  And, in the end, they rejected it.

Not enough quotes from vendors.

This is, of course, the same motivation as the forced citations.  In any periodical, you make money by selling advertising.  In trade rags, the ease of selling advertsing to vendors is determined by how much space you’ve given them in the supposed editorial content.  In the academic journals, the advertising rates are determined by the number of citations to articles you’ve previously published.  Hence, in both cases, the companies with the advertising budgets get to determine what actually gets published.

(As long as we’ve here, I have one more story, somewhat loosely related to publishing, citation, open access, and intellectual property.  On another occasion, I was asked to do a major article cluster on the history of computer viruses.  This topic is very dear to my heart, and I put in lots of time, lots of work, and even lots of graphics.  This group of articles got turned down as well.  The reason given in that case was that they had used a Web-based plagiarism detector on the stuff, and found that it was probably based on materials already on the net.  Well, of course it was.  I wrote most of the stuff on that topic that is already on the Web …)

Today a Conservative Canadian Senator made a rather bizarre suggestion about giving convicted murderers a rope, and allowing them to hang themselves.  (No, I’m not kidding.  But he later retracted the statement.)

But, never let it be said that we couldn’t look at ideas, regardless of how they come.  Moral repugnance aside, is this a good idea?  Probably not.

Would it save money?  Only if the murderer felt really, really sorry.  And, isn’t that what we wanted out of the justice system in the first place?  So, we might have saved money and wasted a life.

Then again, what if the convicted person was not guilty?  I would think that an innocent person, unjustly convicted, would be a prime candidate for suicide.  So then we have a monetary saving at the cost of an innocent life.

And, for those who really don’t feel bad about killing people, they might welcome the option of getting out of a life sentence.  So we may be reducing the deterrent effect if we implement the rope idea.

If we’ve got a real psychopath, is it really a good idea to give him a rope, or poison, or a knife, or a gun, or anything particularly dangerous?  It isn’t too hard to start to imagine scenarios where he/she/it could do some real damage, even within the prison.

Maybe we should chip in and buy the Senator a copy of Schneier’s “Liars and Outliers.”

BKZERODY.RVW   20111213

“Zero Day”, David Baldacci, 2011, 978-1-4555-0414-5, U$29.99/C$32.99
%A   David Baldacci www.DavidBaldacci.com
%C   237 Park Ave, New York, NY   10017
%D   2011
%G   978-1-4555-0414-5 0446573019
%I   Hachette Book Group
%O   U$29.99/C$32.99
%O   Audience n- Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   643 p.
%T   “Zero Day”

At one time, in information security terminology, “zero day” meant a measure of difficulty or vulnerability.  That meaning has been largely destroyed by overexposure in the media.  Today it simply means “we want to scare you.”

To top it all off, here is this book by David Baldacci.  As a common-or-garden thriller it is OK.  But it has nothing to do with computers.  Nothing to do with information security.  Zip.  Zero (you should pardon the expression).  Zilch.  Nada.  Null.  None.  Nugatory.  Not a sausage.  The titular phrase isn’t even used anywhere in the book.  It seems to have been used as a title simply to say “we want you to think this is really, really scary.”

copyright, Robert M. Slade   2011     BKZERODY.RVW   20111213

A vendor speaking at a conference (is there any other kind of presentation at conferences these days?) has made a call for a new standard for information security awareness training.

” … the way to do this is via a new infosecurity standard that solely focuses on training and awareness and is delivered in the work environment”

Now, I’m all for security awareness.  I’m all for more security awareness.  I’m all for better security awareness.  I’m all for infosec departments to actually TRY security awareness (since they say often say, “well, if it was gonna have worked, it woulda worked by now” and never try it).

But, come on.  A new “standard”?

As the man^[1] said, the wonderful thing about computer “standards” is that there are so many to choose from.

What are we going to certify?  Users?  “Sorry, you have been found to be too stupid to use a computer at work.  You are hereby issued this non-jailbroken iPad.”

No, undoubtedly he thinks we are going to “certify” the awareness materials themselves.  Good luck with that.

I’ve been a teacher for a lot of years.  I’ve also been a book reviewer for a lot of years.  And I’ve published books.  Trust me on this: a variant of Gresham’s Law is very active in the textbook and educational materials field.  Bad textbooks drive out good.  As a matter of fact, it’s even closer to Gresham: money drives out good textbooks and materials.  Publishers know there is a lot of money to be made in textbooks and training materials.  Publishers with a lot of money are going to use that money to advertise, create “exclusive” contracts, and otherwise ensure that they have the biggest share of the market.  The easiest way to do that is to publish as many titles as you can, as cheaply as you can.  “Cheaply” means you use contract writers, who can turn out 2-300 pages on anything, whether they know about it or not.

So, do you really think that, if someone starts making noise about a security awareness standard, the publishers won’t make absolutely certain that they’ve got control of the certification process?  That if someone comes up with an independent standard that they can withstand the financial pressures that large publishers can bring to bear?  That if someone creates an independent cert, and firmly holds to principles and standards, that the publishers won’t just create a competing cert, and advertise it much more than the independent cert can ever hope to?

After all, none of us can possibly think of any lousy security product with a lot of money behind it that can command a larger market share than a good, but independent, product, now can we?

[1] Well, maybe it was Andrew Tanenbaum, but maybe it was Grace Hopper.  Or Patricia Seybold.  Or Ken Olsen.

Recently I was discussing the use of technology in education, when an odd (to me) question came up.  It was about the use of ebooks.  That wasn’t really high on my radar on the tech-in-ed landscape.  When I started (good grief, more than 30 years ago) the use of computers for textbooks was a vague, blue-sky idea that a guy named Vannevar Bush had once talked about.  (Actually, he was talking about a desk, rather than a book.)

Recently, of course, there has been a lot of discussion about ebooks.  School boards have been looking into cost savings.  Major tech corporations and publishing conglomerates are getting on the bandwagon.  So, her interest was natural.

Specifically, she wanted to know:

> Perhaps you talk to me a bit about why (from a non-environmental
> standpoint) it’s important for students to use digital e-books?
> Is there a learning curve when it comes to learning from an ebook
> rather than a textbook? Is there a shorter attention span?
> What about eye strain?
> How would this effect the structure of learning?

This I could do, having been given a Kindle for Christmas this year.  I have just finished doing my first review for the series, using an ebook on the device.  Definite tradeoffs: it was easier to grab quotes, much harder to make notes, easier to search, and a right royal pain to try and flip back and forth to check notes, index, etc.  Also a complete pain to check references in other works.

In terms of education, and using study materials in school, it was easier to grab quotes — which would make copying and plagiarism easy and very tempting.  That’s a bad thing.  It is much harder to make notes, and makes study, or writing your own paper, more difficult.  Again, given that the purpose of many assignments is to get students to practice creating their own writing, this is a bad thing.

On the other hand, it’s easier to search, and that’s good for studying.

But it’s a right royal pain to try and flip back and forth to check notes (most books don’t have footnotes any longer, they are no endnotes–at the back of the book), the index, appendices, and other material in the book.  It is also a complete pain to check references in other works — definitely bad for studying and learning.

In terms of it being “important” for students to use ebooks: as a former public school teacher I don’t think it is.  The only reasons would be cost, and getting up to date materials.  Frankly, the quality of almost all school texts is absolutely appalling, so having the latest version of tripe isn’t all that important.  So, that just leaves cost.

There is a learning curve to using an e-reader, but a fairly small one.  No, I take that back.  Actual reading isn’t that hard, but you do have to learn something about filing, arranging, and accessing material on the device, particularly in a school/learning situation.

The small screen size is a bit annoying, although you generally can increase the font size.  (The book I just finished reviewing was in PDF, and the options for font size for that are very much less.)  Generally I didn’t find much eye strain, although I’m used to reading small print, but in low light it was pretty awful.

In terms of learning structure, there could be some advantages.  As a teacher, I could create notes and send them to the devices of all the students: it would help that they could not say they didn’t have the assignment 

You can, of course, just buy books from Amazon.  It’s pretty easy: you choose the book, arrange payment, click on a link to send it to your Kindle, and, next time your Kindle is connected to a wireless network you choose “Sync & Check for Items” from the menu on the home page, and they get loaded onto your machine.

But, let’s suppose you are, like me, cheap.

Well, Amazon is still a source.  You can search on “public domain,” for example.  (Type in “public ” and Amazon will helpfully suggest something like “public domain books for kindle free.”)  That will get a list of books, most of which will be available free of charge.  (Most of them probably started life in Project Gutenberg.  We’ll get there later.)  You can even do it while your Kindle is connected via wireless, in the “Shop in Kindle Store” option on the home page menu.  Some of the books that come up will be books about the public domain, and those you’ll probably have to pay for.  Also, some of the books, even in the public domain, bear a charge, although it’s probably fairly modest.  You will have to wade through them until you come up with something you want to read.  (You will also have to wade through a whole bunch of titles in German.)

Now, these public domain books tend to be old.  There are definitely classics to be found: Austen, Dickens, Wilde, Twain, and many, many others.  If you want more recent titles, there are other searches you can do.

Try searching on “0.00“  That is the price you will see if the book truly is free of charge.  You’ll still see some of the public domain books, but you will also see some more modern titles.  (For some reason, lots of romances.)  Amazon seems to mess with searches for “0.00″ especially if you add limits, like “0.00 science fiction”  You will only get a very few titles.  (The day I tried it, one was a science fiction magazine.  The description even said that this subscription was always free for Kindle users.  When I tried to subscribe, it asked for a credit card for “recurring charges.”)

But, there are many, many other sources.

As previously noted, there is Project Gutenberg.  This is the Grandfather of all free online book sources, started by Michael Hart.  There are over 20,000 titles in the catalogue, with more being added all the time.  They used to just be text, but they now come in half a dozen formats.  For Kindle, you’ll want .MOBI.  (I’ve also mentioned the formats Kindle will handle.)  Most of these titles appear elsewhere, including ManyBooks, which provides the texts in even more formats.

There is also a Website called Kindle Review.  They have suggestions about where to get free books (although they mostly seem to sell Kindles).  They have suggestions about books free at Amazon, particularly ones that are only available for a short time.  You have to search for some entries, and the site is not easy to navigate, but I found this Amazon listing of limited time offers to be quite useful.  They aren’t all free, but a fair number are.  (Remember, on Amazon, that in the upper right of the page you can sort, and one of the options is by price, lowest to highest.)

A few random observations along the way:

The Kindle has rebooted spontaneously a couple of times since I got it, and sometimes it refuses to connect to wireless unless it gets rebooted.  Since the device is so simple, I would have thought that this shouldn’t be a major process, but it seems to take about two minutes to do a reboot.

One of the times that it wouldn’t connect, and I rebooted it, it scared the liver out of me.  It seemed to be at the end of it’s boot process, came up with the home page–except that it said I had zero items on the device.  At that point I had loaded about 50 books onto it, and sorted them into half a dozen collections, none of which were in evidence.  Shortly after that it did decide that my stuff was there, but you shouldn’t scare old people like me in that way.  It could have major medical consequences.  For my pants, if nothing else.  (When I finally tried out the USB connection to the computer, the first thing I did was back up the whole thing.)

Logging on to hotspots with redirection is still inconsistent.  Sometimes it has no problem at all; other times I go from “Shop in Kindle Store” to “Sync & Check for Items” to the browser, and a couple of times around before I get a chance to a) pick a network to which to connect, and b) a chance to reload whatever page the browser was on before, which finally prompts the redirect and login.

Amazon doesn’t like “selling” you the same book more than once, even if it is free.  (It will offer to reload the book for you, though, in case you’ve lost itor accidentally deleted it.)  If you send books via email, though, it will quite happily load the book twice, and give you two entries for it.

Even before I was given a Kindle, I was vaguely interested.  I use my local library a lot, and review and annotate stuff on their new system.  Recently the library has been pushing the fact that ebooks are available for borrowing.  In fact, they had a meeting about e-readers (which, worse luck, I was unable to attend), and even have some e-readers as loaners.

So, when I got the Kindle, the library site was one of my first stops.

It was not an unqualified success.

First of all, my local library has no ebooks for loan.  The actual ebooks seem to be loaned by the BC Libraries system.  I say “seem to,” because the actual ebooks, and the system for controlling them, seems to be run by an American outfit called OverDrive.  This becomes important once you start looking for titles and ebooks.  There is Kindle compatible material, but none of it is available in Canada.  (Which seems very odd when the site is supposed to be about the “BC” libraries.)

There are a very large number of ePUB format titles.  There are even some that appear to be free for the taking.  I tried one, converted it to .MOBI, and it seemed to work OK.

For the actual loan books, I placed a hold.  The hold came in.  I read the directions on the “Check Out Assistance” link.  I installed Adobe Digital Editions (ver. 1.7.2.1131) (even though I am, as a security specialist, really uncomfortable with Adobe products) in order to be able to return the item.  I “downloaded” the item to Adobe Digital Editions.  It now appears in my “library” on Adobe Digital Editions.  However, the way to “return” the item required help from a library tech, and it definitely is not intuitively obvious.  Oh, and it definitely won’t convert to Kindle format.

I guess I have to go to other sources.

BKZERDAY.RVW   20111109

“Zero Day”, Mark Russinovich, 2011, 978-0-312-61246-7, U$24.99/C$28.99
%A Mark Russinovich www.zerodaythebook.com markrussinovich@hotmail.com
%C   175 Fifth Ave., New York, NY   10010
%D   2011
%G   978-0-312-61246-7 0-312-61246-X
%I   St. Martin’s Press/Thomas Dunne Books
%O   U$24.99/C$28.99 212-674-5151 fax 800-288-2131
%O   josephrinaldi@stmartins.com christopherahearn@stmartins.com
%O  http://www.amazon.com/exec/obidos/ASIN/031261246X/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/031261246X/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/031261246X/robsladesin03-20
http://www.amazon.com/gp/mpd/permalink/m3CQBX46DOK0AK/ref=ent_fb_link
%O   Audience n Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   328 p.
%T   “Zero Day”

Mark Russinovich has definitely made his name, in technical terms, with Winternals and Sysinternals.  There is no question that he knows the insides of computers.

What is less certain is whether he knows how to write about it within the strictures of a work of fiction.  The descriptions of digital forensics and computer operation in this work are just as confusing, to the technically knowledgeable, as those we regularly deride from technopeasant authors.  “[T]he first thing Jeff noted was that he couldn’t detect any data on the hard disk.”  (Emphasis in the book.)  Jeff then goes on to find some, and notes that there are “bits and pieces of the original operating system.”  Now there is a considerable difference between not finding any data, and having a damaged filesystem, and Russinovich knows this perfectly well.  Our man Jeff is a digital forensics hacker of the first water, and wouldn’t give a fig if he couldn’t see “the standard C: drive icon.”

Generally, you would think that the reason a technically competent person would write a novel about cyberwar would be in order to inject a little reality into things.  Well, reality seems to be in short supply in this book.

First of all, this is the classic geek daydream of being the ultimate ‘leet hacker in the world.  The Lone Hacker.  Hiyo SysInfo, away!  He has all the tools, and all that smarts, about all aspects of technology.  Sorry, just not possible any more.  This lone hacker image is unrealistic, and the more so because it is not necessary.  There are established groups in the malware community (among others), and these would be working together on a problem of this magnitude.  (Interestingly, these are generally informal groups, not the government/industry structures which the book both derides and relies upon.)

Next, all the female geeks (and there are a lot) are “hot.”  ‘Nuff said.

The “big, bad, new” virus is another staple of the fictional realms which does not exist in reality.  Viruses can be built to reproduce rapidly.  In that case, they get noticed quickly.  Or, they may be created to spread slowly and carefully, in which case they can take a while to be detected, but they also take a long time to get into place.

Anti-malware companies don’t necessarily rely on honeypots (which are usually there to collect information on actual intruders), but they do have bait machines that sit and wait to be infected (by worms) or emulate the activity of users who are willing to click on any link or open any file (for viruses).  Malware can be designed to fail to operate (or even delete itself) under certain conditions, and those conditions could include certain indications of a test environment.  However, the ability to actively avoid machines that might be collecting malware samples would be akin to a form of digital mental telepathy.

Rootkits, as described in the novel, are no different than the stealth technology that viruses have been using for decades.  There are always ways of detecting stealth, and rootkits, and, generally speaking, as soon as you suspect that one might be in operation you start to have ideas about how to find it.

A backup is a copy of data.  When it is restored, it is copied back onto the computer, but there is no need for the backup copy to be destroyed by that process.  Therefore, if a system-restored-from-backup crashes, nothing is lost but time.  You still have the backup, and can try again (this time with more care).  In fact, the first time you have any indication that the system might be corrupted enough to crash, you would probably try to recover the files with an alternate operating system.  (But, yes, I can see how that might not occur to someone who works for Microsoft.)  After all, the most important thing you’ve got on your system is the data, and the data can usually be read on any system, and with a wide variety of programs.  (Data files from a SQL Server database could be retrieved not only with other SQL programs, but with pretty much any relational database.)

Some aspects are realistic.  The precautions taken in communications, with throwaway email addresses and out-of-band messaging, are the type that would be used in those situations.  There is a lot of real technology described in the book.  (Although I was slightly bemused by the preference for CDs for data and file storage: that seems a bit quaint now that everyone is using USB drives.)  The need, in this type of work, for a level of focus that precludes all other distractions, and the boredom of trying step after step and possibility after possibility are real.  The neglect of security and the attendant false confidence that one is immune to attack are all too real.  But in a number of the technical areas the descriptions are careless enough to be completely misleading to those not intimately familiar with the technology and the information security field.  Which is just as bad as not knowing what you are talking about in the first place.

Other forms of technology should have had a little research.  Yes, flying an airliner across an ocean is boring.  That’s why the software designers behind the interface on said airliners have the computer keep asking the pilots to check things: keeps the pilots from zoning out.  I don’t know how quickly you can “reboot” the full control system in an airplane, but the last one I was on that did it took about fifteen minutes to even get the lights back on.  I doubt that would be fast enough to do (twice) in order to pull a plane out of a dive.  And if you are in a high-G curve to try and keep the plane out of the water, a sudden cessation of G-forces would mean that a) the plane had stalled (again) (very unlikely), or b) the wings had come off.  Neither of which would be a good thing.  (And, yes, the Spanair computer that was tracking technical problems at the time was infected with a virus, but, no, that had nothing to do with the crash.)

Russinovich’s writing is much the same as that of many mid-level thriller writers.  His plotting is OK, although the attempt to heighten tension, towards the end, by having “one darn thing after another” happen is a style that is overused, and isn’t very compelling in this instance.  On the down side, his characters are all pretty much the same, and through much of the book the narrative flow is extremely disjointed.

Overall, this is a reasonable, though unexceptional, thriller.  He was fortunate in being able to get Bill Gates and Howard Schmidt to write blurbs for it, but that still doesn’t make it any more realistic than the mass of cyberthrillers now coming on the market.

copyright, Robert M. Slade   2011     BKZERDAY.RVW   20111109

Having been given a Kindle, what does one do with it?

Unless you have a Kindle Keyboard (a different model, with a keyboard about the size of that for a slide phone or Blackberry across the bottom of the screen), as noted, the virtual keyboard is a pain, so you aren’t going to do much writing.  That leaves reading.

First of all, then, you have to get some books to read.  You can copy them onto the Kindle, from your computer, with the USB cable.  I’ve done that now, and it works quite well.  Plug it into the computer, wait for the computer to read the device driver, and it shows up simply as a USB drive.  You can put files into the “My Documents” folder, and they show up on the device.  (You can also copy any or all of the “books” on the Kindle onto your computer, as backup.  Oddly, most ebooks seem to have four files associated with them, once you start reading them.)  I’m a bit loath to do the cable connection randomly just now, since, also as noted, plugging into a USB port on a computer starts charging, and, even though it’s a lithium polymer battery, I’d just as soon give it a few full cycles before I start messing with battery memory.

You can use the wireless connection in two different ways.  You can “shop” at the Amazon store.  Or, you can find your own files and ebooks, and email them to your Kindle.  When you set up, the device is assigned an email address.  You can find this under the “Settings” entry of the menu from the home page.  Find an ebook that you want, and send the file, as an attachment, to that address.  The next time the Kindle is attached to the net, you can sync, and that file will be downloaded to your device.  (If it doesn’t show up on the home page, it may be under the “Archived Items” section.  For some reason, some files seem to go there, possibly if the download isn’t complete.)

When I did some testing of the email-to-Kindle function, it generally worked well.  However, in my early tests, about half of the text files, and about a third of the .PDFs, didn’t come through.  I tested sending multiple files (four, all text) as attachments in a single message.  Two of them came through, and the other two never did.

So, you can just get any ebooks, right?  Well, not quite.  The Kindle seems to be fairly limited in this regard.  You can get ebooks from Amazon, of course.  These are indicated by an .AZW extension.  In terms of the ebook standards, you can also get and read .MOBI files.  (.MOBI and .AZW are apparently the same format, except that .AZW are locked by Amazon.  You can get some utilities to unlock and convert them, but I haven’t done a lot of testing with that yet.)  The Kindle can handle text files, but, of course, they don’t have any formatting.  Kindle says it can handle HTML, and that is partially true.  You can send an HTML file, and it will come through.  But it doesn’t render: you simply see the text of the file, HTML code and all.

Kindle says it can handle .PDF, although it also says this is experimental or beta.  It doesn’t support links within a .PDF, but it does support extracting text from a PDF (as long as it really is text, and not an image), which I found handy, and just a little surprising.  It does not, of course, handle locked or password protected files.

And it does not handle .ePUB format, which is a real nuisance.

If you want to use a Kindle, you have to get books onto it.  It does come with a USB cable, and you can load books from your computer.  I haven’t tried that yet, because the USB cable also charges the battery, and, in the interests of battery life, I’ve wanted to let the battery pretty much completely discharge before I charged it up again.  I’ll let you know how that works later.  (This also gets into the issue of ebook formats, and I’ll get into that later, too.)

Right off the top, probably the quickest and easiest way to get books onto your Kindle is if you can connect to the Internet via Wi-Fi.  As previously noted, if you have a private network and know the password, it can be a pain to enter, but you are in.  If you are in a Wi-Fi hotspot, things can get a bit trickier.

You can try and “Shop in Kindle Store.”  You can “Sync & Check for Items.”  (Both of those are on the “home” page menu.)  Maybe it will work.  Maybe it won’t.  Neither of them like hotspots that do redirection.  Many times they will simply tell you that the function requires a network connection.  (Sometimes the Kindle will tell you that the function requires a network connection, but you will also see indications that books are actually being downloaded.  It’s hard to tell for sure whether you are connected and can actually do anything.)
The Kindle 4 (my version) has a Web browser, which you can get to via the home page menu, under the “Experimental” entry.  It definitely is experimental.  It will not open links, if those links are set to open in new frames, tabs, or windows.  (It tells you that it can’t open the link because it doesn’t support multiple windows, rather than just opening it anyway.)  If the hotspot does redirection, the browser might go to the redirected page if you ask it to connect to a site, or reload a page.  On the other hand, sometimes you will try to fire up the browser in order to connect at a hotspot, and the Kindle will tell you that it can’t open the browser because you don’t have a net connection.  Helpful, that.

(The Kindle seems to ship with the wireless enabled and on.  I tend to turn it off, when I’m not actually downloading or “shopping,” in order to a) save battery, and b) keep from radiating all over the place.  I don’t know how many people will know that they can turn it off from the home page menu.

What I have is a Kindle 4.  I assume the “4″ stands for some level of the software.  Having done my initial exploration, I vaguely remembered having seen that it was a model D01100.  (Eventually I found that reference again: it was buried in the appendix to the “Kindle User’s Guide.”  I assume it’s less important than the Kindle 4 part.)

When you start out, the Kindle wants you to go through a registration process.  Being in a place with a Wi-Fi network, I did.  (This version of Kindle doesn’t have a keyboard.  It does have a virtual keyboard, which is usable, but difficult.  Entering a 26 character hex password was a bit of a pain.)  I have had an account with Amazon, so, when it asked if I wanted to use one or create one, I guessed at my old username and password.  It did seem to work; at least it let me start working on the Kindle, but somehow it didn’t pick up my “Registered User:” name.  At some point something must have figured out who I was, because the “Send-to-Kindle” email address (I’ll get back to that) did have my name in it.

On the first screen you see after the registration process (I later learned it was the “home” screen) there was an entry for a “Kindle User’s Guide,” and I believe it was the entry highlighted.  Being a “read the manual” type person, I read it.  It starts out by saying that it’s short and informative and can be read in 10 minutes.  Hah!

It starts out with charging the battery.  This would seem to make sense, except that a) like most battery-powered devices these days it comes charged, and b) if it wasn’t charged, you couldn’t read the manual, now could you?  It then shows you the physical layout and buttons.  Including the power button.  The power button is not intuitively obvious on first glance: one of the people who gave it to me had to show me where it was.

The Kindle has a “5-way controller.”  This should be familiar to most people who have a cell phone that still has buttons: a centre “select/enter” key, surrounded by left, right, up, and down arrow keys.  The user guide mentions that you can get around menus and text with it.  It doesn’t mention that the left and right keys have context sensitive functions that are not immediately obvious.  The Guide did mention that, when a book is highlighted, using the left key brings up an offer to delete the item.  However, it mentions a lot of other stuff, and I missed that.  (Fortunately, I did not encounter this until I had learned that the “Back” key acts as a combination of “last page visited” and “Esc.”

There is a menu button.  It is context sensitive, and will bring up, or dismiss, menus appropriate to the screen you are in.  There are lots of different menus.  It is not obvious which menu will bring up a function you may want.  This is also a good place to mention that one thing that I believe I can state, without fear of contradiction, is a major error in the design of the Kindle user interface.  There is no rollover.  Menus are limited in length, as are entries in the “home” page or your “collections” of ebooks.  Actual pages in an ebook can be much longer.  Menus tend to have the “active” item fairly near the middle.  (After a while you begin the realize that the most important and useful functions are going to be near the middle, not the top, of a menu.)  Pages always start from top left.  In either case, there is no rollover: no return off the top of a page or menu to the bottom, or off the bottom to the top.  There is no wraparound going off the right side of the page to come back in on the left, or vice versa.  (There is one exception to this” the virtual keyboard.  It doesn’t wrap top to bottom, but it does wrap side to side.)

One other problem related to the menus: the time, battery power, and Wi-Fi indicator only show when you have a menu open.  You can’t even tell the time on the home page unless you bring up a menu.  (Interestingly, when I got mine, the time was set for a time zone either four or sixteen hours later than the one I’m in.)

The User’s Guide takes a lot longer than 10 minutes to read.  It does contain a lot of information, but a great deal of it will not make much sense until you have explored the device a bit.  So you are going to have to read it at least twice.  And probably keep it around for reference.

The Girls, who have been having a grand time in recent years finding interesting high tech goodies that I never even knew existed, got me a Kindle for Christmas.  So, of course, I’m going to review the Kindle.

I had been putting off the idea of getting one for myself.  I do a lot of reading, but that’s primarily because I do a lot of reviewing, and for that you need the ability to make notes, and transfer said notes back to the computer for writing up.  So far, I haven’t seen an awful lot that convinces me the e-readers are there yet.

But, I do have to say that, right off the top, the idea of having 60 books (so far) in something that is lighter than a paperback definitely has its attractions.  So far I’ve been able to load the Bible, some tech articles, my own security dictionary, a dozen Sherlock Holmes stories, Don Quixote (both of which I have read), The Divine Comedy, War and Piece (both of which I intend to read–sometime), a fair amount of poetry, and an egalley for Bruce Schneier’s latest (sent along by his publicist).

Unfortunately, all this fun exploring has me somewhat behind in news and email, so I’ll have to start putting together my observations of the Kindle, itself, a bit later.