Emergent Chaos

On January 30th, 1649, Charles I was beheaded for treason. He refused to enter a defense, asserting that as monarch, he was the law, and no court could try him. That same defense is raised today by Milošević, Hussien and other tyrants.

The story of how John Cooke built his arguments against that claim is told in entertaining and accessible depth in “The Tyrannicide Brief” by Geoffrey Robertson.

As his website says, “Geoffrey Robertson QC has been counsel in many landmark cases in constitutional, criminal and media law in the courts of Britain and the commonwealth and he makes frequent appearances in the Privy Council and the European Court of Human Rights.” So he knows what he’s talking about, and he knows how to tell an engaging story.

The principle that no one is above the law is an important one. So today raise a glass and remember John Cooke.

You should go read The Lost Books of the Odyssey. You’ll be glad you did.

I wrote this review in April of 2008, and failed to post it. Part of my reason is that I have little patience for, and less to say about most experimental fiction. I am in this somewhat like a luddite, unwilling to tolerate experiments which ought to have been kept confined to a laboratory. And so, knowing that this book won a prize worried me greatly, but for reasons which I’ll get to in a moment, I persevered, and I’m glad that I did.

The “lost books” consist of very short stories, usually of a few pages or so. The context, is of course, the Odyssey, and the actions of its heros and villians.

It falls into that class of writing which is simply a delight to read. The stories are beautifully crafted, surprising and casting new lights on old stories.

The richness and character of the writing is exceptional and engaging, all the more so for the origin and nature of the work. As Zachary Mason explains in the introduction, “The Lost Books of the Odyssey” were in fact lost and recovered, in a feat perhaps nearly as impressive for its cryptanalytic acumen as for its literary importance.

It is entirely worth reading, and since I first read it, it has been winning substantial literary prizes, and the New York Times calls it “dazzling.”

Finally, I should mention that Zachary and I were roommates at Miss Hall’s School for Precocious Youth in Arkham, Mass. I would like to offer my most sincere apologies for anything he remembers.

[Updated, fixed a spelling error]

I’m a big fan of the book “Back of the Napkin” which is all about using pictures to help with problem solving. Yesterday, I was introduced to a related concept “visual notetaking” where you use images to support other notes you are taking during a meeting. I’m at a two day workshop and we have a professional notetaker who is using this. It really makes the notes much more powerful and useful then just text. Imagine having notes with visual cues to (including but not limited to network diagrams) help you remember what happened. I’m sitting here looking at the posters, the notetaker made in real time with our discussions and it’s amazing how much more useful they are.

I just finished reading RSnake’s new book Detecting Malice and I can say without a doubt that it is one of the best technical books I have ever read. Furthermore, I can tell you that it is, without a doubt, the best web security book I have ever had the pleasure to read. Imagine a book that is as engaging as RSnake’s or Jeremiah’s blog, but even more so.
This is not a book on how to build secure websites, there are plenty of those already. This is a book for security practitioners who get to deal with the site after it’s been built and deployed. It is full of great advice and information about not just how to detect attacks, but also how to distinguish between human attackers, regular users, bots and spiders.
This book should be on the purchase list of every security geek and if Rob hadn’t graciously given me a copy, I’d have already sent him my $40. Send him your money and make him a rich man.

I’ve been remiss in not posting a review of Tetraktys, by Ari Juels. Short review: It’s better written and has better cryptographers than the ones in any Dan Brown novel, but that’s really damning it with faint praise, which it doesn’t deserve.

It’s a highly readable first novel by Ari Juels, who is Chief Scientist at RSA Labs. The story is about a cryptographer who discovers an ancient plot involving a secret conspiracy. The ending is a little Stephenson-esque, insofar as it’s abrupt, but I got the feeling that that was authorial intent, not accident.

I enjoyed it, but since I don’t review a lot of fiction, I’m a bit unsure what to say about it. Is it better than Cryptonomicon? It depends how you weigh value per word. I was jolted into writing a short review by the new FTC rules, because I both bought a copy and was given one. I read the one I bought when Ari launched the book at RSA last year, and after I’d read it (but months ago) his publisher sent me a copy. Oh, and Ari’s employer has bought me dinner, but not in the last year. Finally, the link to the book is a non-affiliate link as far as I know. But given the complex messiness of Amazon linkage mechanisms, I’m actually unsure.

Since I haven’t read the copy I was given, and I already had a copy, was I really given anything?

As regular readers know, I regularly disclose such things and have since I started this blog. But as this example shows, putting long and complex rules in place will never cover the messy and emergent chaos which is the world in all its glory.

Anyway, you should buy a copy and read Tetrktys.

I had fun recording Beyond the Perimiter Episode 48 and 49 with Amrit.

I think Amrit asked some of the broadest, most complex questions I’ve been asked, and it was hard to keep the episodes short.

Go have a listen!

John Viega recently published a new book: The Myths of Security: What the Computer Security Industry Doesn’t Want You to Know.
It’s a great read, especially if you are new to or are interested in the security industry as a whole. However, even if you are a long term security veteran, you will find it enjoyable.
The book is a series of essays addressing a range of topics from “The Cloud” to the state of the AV industry and everything in between. The essays aren’t long, but they are very thorough. This makes it easy to pick up the book become engaged and learn something quickly.
My only complaint is that the essays around privacy and anonymity. They weren’t nearly as deep as I was either hoping nor on par with the rest of the book. Despite this, the book is excellent and well worth reading. I highly encourage you to pick up a copy.

In case you haven’t heard about it, there is a brouhaha about Amazon un-selling copies of two Orwell books, 1984 and Animal Farm. There has been much hand-wringing, particularly since it’s deliciously amusing that that it’s Orwell.

The root cause of the issue is that the version of the Orwell novels available on the Kindle weren’t authorized editions. When contacted by the owners of Orwell’s copyrights, they deleted the books and refunded customers’ money.

All things considered, Amazon did something approximating a right thing in this matter. They didn’t have the right to sell the novels, and so they pulled the novels from the store and customers, and gave the customers a refund. About the only thing they could have done righter was to give something to the people who thought they had the books. The best thing to give them would have been authorized copies of the books, but store credit would be nice, too.

You can find a New York Times article on it, as well as a CNET article, as well as a Tech Dirt article that brings up the very good point that deleting the books was very likely against the Kindle terms of service, which is why Amazon likely should offer those people something.

Among all the handwringing, there are a number of stupid people — or perhaps people who should just know better — who somehow mutter dark things about how this serves people right for getting a device that has DRM in it. (As if they’ve never owned a DVD.)

Some of these people who should know better might think that I’m somehow in favor of DRM, so let me say that I am not. I am against DRM. I am also against nuclear war, swine flu, totalitarian governments, and bad service in restaurants. I’m also against one or two other things. None of them had anything to do with this little contretemps.

The issue is caused not by DRM, but by cloud computing. The problem is that Amazon has a cloud service in which Kindle customers can keep their e-books on Amazon’s shelf, and shuffle them around to any Kindle-enable device they have (like a Kindle proper, or an iPhone running the Kindle app). Customers can even delete a book from their Kindle and get it back from the cloud at a later date.

The event is that Amazon removed the book from the cloud, not that it had DRM in it. If you are concerned by this, you should be concerned by the cloud service. The cloud service enabled Amazon to respond to a legal challenge by removing customers’ data from the cloud. They didn’t need DRM to do it. In contrast, if iTunes store or the Sony e-book store had improperly sold a book, they wouldn’t be able to revoke it because they don’t have a cloud service as part of the store. (eMusic, incidentally, regularly adds and removes music from their store with the waxing and waning of desire to sell it.)

This is why we need to look at it for what it is, a failure in a business model and in the cloud service. Interestingly, the newly-formed Cloud Security Alliance predicts similar issues in which outside parties cause a cloud provider to shaft its customers. Not bad.

Their prescience is a bit limited because the proposed solution to this problem is to encrypt the cloud data with some fancy key management. That wouldn’t work here for the same reason that DRM isn’t an issue. If I know you have a resource, it doesn’t matter if magic fairies protect it, if I can delete it. It’s still good advice, it just wouldn’t have worked here.

What’s needed is some sort of legal protection for the customers, not technical protection. There are many potential warts here. If the owners of Orwell’s copyrights do not desire any ebooks of his works, it’s hard for Amazon to go buy legal copies for their customers (which would have been the most right thing to do). And it’s hard to argue that the seller shouldn’t do everything in their power to undo a sale they shouldn’t have made.

The correct way to deal with this is through some sort of contract arrangement to protect the customer. (The Cloud Security Alliance is prescient on this, as well.) That contract should be the Terms Of Service between the cloud provider and its customers. As TechDirt pointed out, this was likely a breach of Amazon’s TOS. They’re not supposed to delete books. They said they wouldn’t. Because of this, they owe something to their customers who were on the losing end of this breach of contract beyond the refund. I think ten bucks store credit is fine, myself.

They really need to do something, however, because without doing something, then someday someone will violate their TOS with Amazon and defend it with this breach of the TOS.

However, if you want to cluck your tongue, it should not be about buying goods with DRM, it should be about goods stored in the cloud. Everyone who offers cloud services ought to be clarifying now what they will do to protect their customers against lawsuits from outside parties. It can be crypto or contracts, it doesn’t matter, it just needs to work. This may be the first major cloud-based customer service failure, but it won’t be the last.

As I’ve said before, all non-trivial privacy warnings are mocked and then come true.

Sixty years ago today, George Orwell published 1984. He unfortunately failed to include a note that the book was intended as a warning, not a manual.

Today, in England, there are an unknown number of surveillance cameras, including many around Orwell’s house, despite the fact that they don’t reduce crime. People can be detained for 28 days without charge, there are “anti-social behavior orders,” which allow a civil court to impose behavioral restrictions on children as young as 10 based on low somewhat relaxed standards of evidence.

Being modern, the UK has outsourced most of its torture to other less reputable nations like Syria and the United States.

Photo: MI5

If you like books, if you like to read, you need a copy of Anne Fadiman’s “Ex Libris: Confessions of a Common Reader.” You especially need to read it if you care an iota about identity management, because the major themes in her essays are not only about books, but about identity. (In case you’re wondering, yes, she’s the daughter of Clifton and Annalee.)

The first major theme is about mixing books in a relationship. She opens Ex Libris with:

A few months ago, my husband and I decided to mix our books together. We had known each other for ten years, lived together for six, been married for five….

Sharing a bed and future was child’s play compared to sharing my copy of The Complete Poems of W. B. Yeats, from which I had once read “Under Ben Bulben” aloud while standing at Yeats’s grace in Drumcliff churchyard, or George’s copy of T. S. Eliot’s Selected Poems, given to him in the ninth grade by his best friend, Rob Farnsworth, who inscribed it “Best Wishes from Gerry Cheevers….”

George is a lumper. I am a splitter. His books commingled democratically, united under the all-inclusive flag of Literature…. Mine were balkanized by nationality and subject matter….

If you are charmed, you must by this book. I’ve omitted some of the funniest lines. If you doubt me, check Amazon as these pages are included in their peek inside.

The other important theme in her book is the difference between people who think that books are objects and people who think that books are information. People who think that books are objects shudder at the thought of writing in them, dogearing page corners, etc. I’m sure you can guess where George and Anne lie.

I am especially amused by this because I, too, have had the problem of co-mingling libraries. I’ve been divorced, and dividing the library was a horror. The horror; nothing else was that hard. It was such a horror that I flipped from being someone who views books as objects to one who views them as information.

Books can be replaced. Really. I’ve done it. The archaeologists of future civilizations will not sigh in a lament because they’re missing the one issue of National Geographic or Cook’s Illustrated that you threw out. Truly. Trust me on that.

My last spouse, however, is someone who firmly believes that books are objects. I understand some of this. She collects antique children’s books. I have a first edition of The Hunting of the Snark (a possession that I can blame Ms. Fadiman’s father for, with Martin Gardner as an accessory before, during, and after the fact). Yet that admission also proves that I’m not that sort of person. My present condition of loving information rather than objects is some sort of Laingian adaptation, I suppose. I understand books just the way that Thomas Mendip understands names.

She lusts after a Kindle. Not Ms. Fadiman, my spouse. It’s something I find amusing, because I’m inclined to get her one because the savings in floor space alone amortizes its value out in the first month. In California, floor space is a valuable asset if you’re a bibliophile. She is someone who screams, “Nooooooooooo!” if I suggest that we get rid of a crap novel we agree is crap and yet she is willing to convert from paper you own to bits on loan. Even if our house is Alexandria, future generations would thank their ancestors for the culling if they only knew, of course, which they couldn’t. Nonetheless, she desires a Kindle.

Worse, a friend brought one into work today, and I’d like one, too. I’ve downloaded the Kindle app to my iPod. The problem that remains is the problem I complained about in Identity Manglement last fall. What account should we buy the books under?

An elegant part of the Kindle is that if you have more than one, they sync their books, and even the bookmarks. If you have the iPod app, that syncs, too. It’s brilliant.

I have friends who are already a multi-Kindle household. The system works well, but you can’t have two accounts pointing to one Kindle if you want to share books. There are ways, I am told, to work around this limitation, but I don’t want to work around it. I don’t want to soak the books in a digital solvent that removes the stickiness. I just want to be able to read a book she bought, as if it were a — you know, book.

When it came to music, I had the foresight to create an account that we collectively buy music with. Emusic and iTunes both under the one identity. The community property we own can distribute itself over our laptops and iPods.

But we’ve been buying books from Amazon for ages, each of us. There’s no real problem with taking that email address and giving it the Kindles, but I don’t want to. I want Amazon to understand that there are households where after a lot of thought, after years of agonizing, the books have been merged. They should do that for Kindles, too.

It’s easy enough to do. Please do it. I wonder what Anne Fadiman would do.