Sound and Fury

I ordered (and expensed) a very large book entitled "Security Engineering" last week. Bruce Schneier strongly endorses it, and its table of contents looked promising, so I convinced my employer to buy it for me.

It came yesterday. It's huge. It's a little over 1000 pages (and not all filler, like some overly-large technical books, though the bibliography runs for around 100 pages), which isn't unreasonable, but it's like three inches thick. The paper must be fairly thick.

Anyway. It seems like a well-written book with a very solid, methodical approach to a very complex topic. I can't really say more at this point, as I'm on page 17 (though the front matter runs for 40 pages).

Chapter 2, "Usability and Psychology" begins with a quote:

Humans are incapable of securely storing high-quality cryptographic keys, and they have unacceptable speed and accuracy when performing cryptographic operations. (They are also large, expensive to maintain, difficult to manage, and they pollute the environment. It is astonishing that these devices continue to be manufactured and deployed. But they are sufficiently pervasive that we must design our protocols around their limitations.) - Kaufmann, Perlman, and Speciner

I love that quote. I'm considering printing it out and posting it in the UI design team's area of the building.

This is why I shrug when the price of gasoline goes up here. Sure, it has an indirect affect on many things, including the price of food. But in terms of direct financial impact, it's pretty minimal.

For a change in the price of gas to matter to your personal budget, you need to drive a car. Already, you're doing ok. You have a car. You're not starving, and you probably have a place to live - food and shelter are more important than driving, so if you're starving, you take the bus. Heck, a lot of people simply take the bus anyway. Or bike. Or walk. You don't really need to drive.

But you need to eat. Increasing food prices are dangerous. Sure, 90% or more of Americans will shrug, pay a bit more, and cut some luxury expense (here I use the term luxury very loosely - shoes could be a luxury).

But 2.5 billion people live on less than $2 a day. When $1 only buys a kilo of broken rice, those people are starving.

Meanwhile, I filled my tank this morning. The gas was 10% ethanol, which comes (though a complex and inefficient process) from corn. My car ate more grain today than 37% of the world population will.

The series of articles is fascinating, covering the professional and social mobile space.

I like the distinction between "nomad", "astronaut" and "hermit crab". It's useful. In brief, an astronaut brings everything, including the kitchen sink with him. He travels, but does not depend on his environment. The hermit crab is a middle-ground - he brings certain essentials (probably what he can fit in a backpack or messenger bag). The nomad, in his most extreme form, doesn't carry water in the desert, because he knows where to find it - Blackberry, no laptop.

Some of the sociological musings are interesting as well, particularly the concern over the erosion of weak ties. Others cover old ground predictably.

As someone who is about three years too old to have grown up with pervasive text messaging and the social culture that it engenders, it's a fascinating topic, because I have friends on both ends of the spectrum, and the difference in interaction styles makes life difficult at times.

Someone posted a Craigslist add to the effect that a certain house near Medford, OR had been abandoned by its owner, and that all the stuff in the house was free for the taking.

Apparently several dozen people responded to the ad, and began carting away everything that wasn't nailed down.

I really wonder what crime the author of the post will be charged with, if he's eventually caught. Fraud? Inducement to theft? I'm sure there was some law broken here, but what is not immediately obvious.

And I wonder how long it will be before this becomes a common means of exacting vengeance.

Or someone else's.

Apparently the wireless monitoring and control system is entirely unsecured. So the device can be monitored, reprogrammed and made to shock the patient's heart with off the shelf equipment and some custom hackery.

Obviously, no one is actually going to do this. I hope. Though the first comment on the Schneier blog post was, "Doesn't Dick Cheney have one of these things?"

Security is important. It's essential to reliability. It should be considered when designing devices like this. Otherwise, you end up with some fool with a Pringles can and a laptop assassinating the vice president of the United States.

That would be embarrassing.