Bruce wrote this book in 2003 as a response to 9/11 and how it lead to changes in security practices in the U.S. He criticizes many of the security measures taken as “security theater” that makes it look like something is being done without actually accomplishing anything useful. His criticisms probably are nothing terribly new to people 2013 when many people have come to similar conclusions, but what I think is more important in this book is that he attempts to lay out a way of thinking about security that is rational. Security can never be 100% in a world of human beings, and security always entails trade-offs that make it a cost-benefit decision. As an example, you would never hire an armed guard to protect your empty bottles for getting the 10 cent deposit back. That just doesn’t make sense. Bruce lays out a 5 point analysis you can do with any security plan that asks questions about what you are trying to protect, what are the costs of the protection, will the proposed solution actually work, etc. It is a good analysis and worth a read if you want to learn how to think intelligently about security.
Beyond Fear: Thinking Sensibly about Security in an Uncertain World by Bruce Schneier My rating: 5 of 5 stars Bruce wrote this book in 2003 as a response to 9/11 and how it lead to changes in security practices in the U.S. He criticizes many of the security measures taken as “security theater” that makes …View full post
The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography by Simon Singh My rating: 5 of 5 stars This book is a very good review of the history on encryption and explains the basic principles involved. It is a lot like David Kahn’s The Code Breakers, but is available for a …View full post
The Dream Machine: J.C.R. Licklider and the Revolution That Made Computing Personal by M. Mitchell Waldrop My rating: 5 of 5 stars Having just read Katie Hafner’s Where Wizard’s Stay Up Late I was ready to tackle this book, which is both deeper and more ambitious. Where Hafner’s book was purely about the origin of …View full post
Where Wizards Stay Up Late: The Origins Of The Internet by Katie Hafner My rating: 5 of 5 stars This is a classic book that sat on my shelf for a while and I just decided to pick it up and read. It was very rewarding. It tells the story of how the Internet came …View full post
So I am at my LUG meeting the other night listening to a spirited discussion, which is pretty normal for us. We have a lot of very opinionated people there, and there is never a lack of discussion. The trick is getting a word in edgewise, and normally three people are all talking at once …View full post
This book is a very good review of the history on encryption and explains the basic principles involved. It is a lot like David Kahn’s The Code Breakers, but is available for a good deal less. Beginning with Herodotus and some secrecy measures from The Persian Wars, it then moves forward with Arab scholars, medieval developments, and right up to asymmetric public key encryption used today. Highly recommended for anyone who wants to get an overview of what the issues are, but is not looking to dive into the mathematics.
Having just read Katie Hafner’s Where Wizard’s Stay Up Late I was ready to tackle this book, which is both deeper and more ambitious. Where Hafner’s book was purely about the origin of the Internet, Waldrop is taking on the whole idea of personal computing. Licklider thus provides the focus for this book, for while he played a crucial role in promoting networking, his true aim was always what he termed a symbiotic partnership between humans and computers, and for him networking was just a necessary step to getting there. That is one of the reasons Licklider provided crucial support to Doug Engelbart, for instance. And even when Licklider was out of the picture (during the heyday of Xerox PARC, for instance) Waldrop keeps his focus on the development of the personal computer. If you like this kind of history and want to know just who did what in those early days, this book is indispensable.
This is a classic book that sat on my shelf for a while and I just decided to pick it up and read. It was very rewarding. It tells the story of how the Internet came to be, and opens with one of the pioneers explaining that he wants to kill the myth that the Internet was designed to withstand a nuclear war. It wasn’t, and most of the people involved never thought about it (though Paul Baran did, apparently). But the way it happened is fascinating, and people who pulled this off were some of the best and brightest of technology. I recommend it highly.
So I am at my LUG meeting the other night listening to a spirited discussion, which is pretty normal for us. We have a lot of very opinionated people there, and there is never a lack of discussion. The trick is getting a word in edgewise, and normally three people are all talking at once trying to grab the floor. In this case, it got to piracy, the music industry, bit torrent, etc. One person tried to make the argument that bit torrent promotes piracy and is harming the industry, and seemed genuinely surprised that no one in the room agreed with him. But we all agreed that the music business had changed irrevocably, and that there would never again be a group as big as The Beatles. But why is that? I tend to think a necessary precondition for anyone getting that big is that they would first have to be that good, and in my own curmudgeonly way I don’t think any of the current acts are that good. Now, if you like to discuss the current music scene and the music business, I always recommend you read The Lefsetz Letter, by Bob Lefsetz. He is constantly explaining that the music world is different now, that you can’t just go into the studio, cut an album, and let the riches roll in.
I think the new music business is about the relationship the artist has with the fans. And it does not rely on mass media in any way. One of the things the Internet has done is kill broadcasting, and bring us instead narrowcasting. By this I mean that instead of attracting a mass audience, you go after a niche audience that wants what you offer. And to get that audience you need to work on your relationships. A very eloquent explanation is given by Amanda Palmer in her TED talk. She frames the question beautifully by saying that the industry is focused on how to make people pay for music, while she focuses on how to let people pay for music. Notice how the language changes when you do this, and what it implies. When you talk about making people pay you are using the language of force, the language you use with enemies, the language on conflict and confrontation. Is it any wonder the industry is imploding? Any business that treats its customers like the enemy does not have a long future in front of it. But if you follow Amanda Palmer and talk about letting people help you, this is the language of trust, of mutual respect.
This has implications beyond the obvious one of treating your customers better. Amanda Palmer recorded an album on a traditional music label, sold 25,000 copies, and was considered a failure. Then she left the label, started a kickstarter campaign to fund her next recording project, and raised $1.2 million. From whom? About 25,000 fans. In other words, she has a hard-core audience of about 25,000 who love what she does and will support it. For record labels, that is not enough. And for certain rock stars with a sense of entitlement that is not enough since they want mansions and expensive sports cars. But it seems to be enough for someone who just wants to make an honest living. This is the niche audience you get in an environment of narrowcasting, not the mass audience we used to get from broadcasting.
I see this in my own music tastes. There are a half-down artists from whom I will buy any product they put out, and I bet you haven’t heard of them. They are not mass artists. One of them, Jonatha Brooke, just did a campaign on PledgeMusic to raise the money for her next album, and I was happy to make my own pledge on return for a CD when it is done and updates and photos while it is being done. And you can be sure I will buy a ticket to her show any time she is in town. That is not to say I don’t enjoy music from some of the “big” acts. About 7 years ago I bought tickets for The Who. What I got was 2 tickets the cost over $100 each, and was so far from the stage that I had trouble even seeing the JumboTron. When Jonatha comes to town, she will play a local club that seats about 400 max, the tickets will cost about $25, and I will be maybe 20′ away from her. And she will stay after the show to sell and sign CDs and talk to her fans. It is artists like this that I support with my money, because I feel some relationship with them. But by the same token, if they didn’t make enough money to keep going, these artists with stop doing what they do. So my feeling is that I support you, and you give me something I want. Amanda Palmer puts her music out on the Internet without DRM, But she asks people to pay her for it, and they do.
I think this is something we can learn from in the Free Software community. If you focus on getting something for nothing, that is not sustainable as a model. Not only do developers have to eat, I think they need to know that people value their work and are willing to support it. And I think that can happen with small-scale applications, and in the age of narrowcasting that is viable, but only if the support is there. All too many people are looking for something free of charge, and get outraged when they can’t get it. This showed up recently when Google decided to end the Google Reader. This free-of-charge application was cancelled because the market was not large enough to make it viable. And that explanation does make sense. Google is one of the world’s largest corporations, and they operate at a very large scale. They simply cannot afford to put resources into small projects. I have heard that the usage for Reader was in the neighborhood of 10-20 million. A petition to keep it gathered 150,000 signatures. And while those may sound like large numbers, for Google they are tiny. They need 100 million to make it worth their while.
But, for a smaller developer, a market of 1-2 million might be plenty. Imagine this developer could provide a “cloud” service, similar to what Google offered, that would cost $2 per month. That would be $24 per year, and form 1 million customers it be $24 million. That is quite enough to run a good RSS Reader service, and it is completely sustainable. The service would have sufficient predictable income to maintain and develop the product. And they could develop a community of users who are passionate about the product. And the same reasoning would apply to downloadable software, even “free software”, if you use that term like I do, to denote software that gives you the Four Freedoms the Free Software Foundation has published. But the key is to understand that you need to support software that you rely on. If you only want “free-of-charge” software, you will probably pay for it with your your personal information or by watching ads. And you will be at the mercy of companies that will drop the product any time it suits them. I think you will find that this rarely happens in the free software community as long as a project has a passionate community that supports it, the way Amanda Palmer’s fans support her.
So what software are you passionate about? And how do you support it?
Listen to the audio version of this post on Hacker Public Radio< !
In November 2011 I made the claim here, and on my blog, that by the end of 2012 Apple and Android wold have essentially equal market shares. And the 4th Q 2012 numbers show that I was correct. I doubt there are any wonderful prizes for this, but there it is.
My prediction was based on one simple observation: At the time I made this prediction, the relative market shares of iOS and Android in the tablet market had tracked, with the right lag, the market shares in the smartphone market. So I looked ta how long it took for Android to achieve parity in the smartphone market and predicted it would do similarly in the tablet market. And there is no reason to think this won’t continue. The point of rough parity in the smartphone market came in November 2010, and since then Android’s share has only grown, to the point that the world-wide share of Android is now around 4x that of iOS. So I expect a firm lead to develop by the end of 2013, and by the end of 2014 total dominance for Android.
<a href=”http://www.goodreads.com/book/show/5273962-the-daemon-the-gnu-and-the-penguin” style=”float: left; padding-right: 20px”><img alt=”The Daemon, the Gnu, and the Penguin” border=”0″ src=”http://d.gr-assets.com/books/1348132467m/5273962.jpg” /></a><a href=”http://www.goodreads.com/book/show/5273962-the-daemon-the-gnu-and-the-penguin”>The Daemon, the Gnu, and the Penguin</a> by <a href=”http://www.goodreads.com/author/show/328650.Peter_H_Salus”>Peter H. Salus</a><br/>
My rating: <a href=”http://www.goodreads.com/review/show/514861960″>4 of 5 stars</a><br /><br />
I give this a high rating because it does what it sets out to do very well.Peter Salus was involved in the history of Unix and Linux, which makes him a good guide to that history. He presents it in a straightforward and spare style, so don’t expect a gripping page turner. But if you want to have good accurate data on who did what and when, this book will deliver. Also, it is a relatively quick read because of his spare style.
<a href=”http://www.goodreads.com/review/list/7609801-kevin-o-brien”>View all my reviews</a>
I recently had an exchange online with someone I tend to like, and it was about self-driving cars. My correspondent said that he would never, under any circumstances, get into a self-driven car. In fact, he seemed to think that self-driven cars would lead to carnage on the roads. My own opinion is that human driven cars have already led to a very demonstrable carnage, and that in all likelihood computers would do a better job. As you might imagine, this impressed my correspondent not the least. When I observed that his opbjections were irrational, he said I shouild choose my words more carefully, but that he would overlook the insult this time.
Possibly that is a bad way to phrase my objection, but it is also, in the strict sense of the term, the precisely proper word to use. What I was saying is that his view had no basis in data or facts, and was purely an emotional response. We all have those, and I’m not claiming any superiority on that ground. But when the Enlightenment philosophers talked of reason it was in contrast to religion and superstition, and really did mean thinking in terms of data, facts, and logical thinking. It is my own view that this type of thinking has the major reponsibility for the progress the human race has made in science and technology over the last few centuries. And it is also my view that this type of thinking is being attacked severely in these days.
The hallmark of rational thinking is that it starts from a basis in observed facts, but always keeps a willingness to revise the conclusion if new facts come to light. If that seems reasonable to you, good. Now think of how the worst insult you can pin on a politician is flip-flopping. The great 20th century economist John Maynard Keynes was accused of this and responded “When my information changes, I alter my conclusions. What do you do, sir?” That is how a rational person thinks. There are people who attack science for being of no use because occasionally scientists change thier minds about what is going on. But that is an uninformed (to be most charitable about it) view. Science is a process of deriving the best possible explanations for the data we have, but always ready to discard them in favor of other explanations when new data comes in. That may bother people who insist on iron-clad certainty in everything, but in fact it does work. If it didn’t work you wouldn’t be reading this. (Did you ever notice the irony of television commentators attacking scientists? You might think the plans for television were found in the Bible/Koran/etc.)
One of the biggest obstacles to clear, rational thinking is what is termed confirmation bias. This is the tendency of people to see the evidence that supports their view, while simultaneously ignoring any evidence that does not support their view. This why the only studies that are given credibility are what we call “double-blind” studies. An example is a drug trial. We know there is a tednency for people to get better because they believe they are being given a new drug. In addition, we know that just being shown attention helps. So we take great care (in a good study) to divide the sample into two groups, with one group getting the great new drug, and the other group getting something that looks exactly like it, but has no active ingredient. It may be a sugar pill, or a solution of saline liquid being injected, just so long as the patient cannot tell which group they are in. But the bias can also be on the experimenter side. If a team of doctors has devoted years to developing a new drug, they will naturally have some investment in wanting it to succeed. And that can lead to seeing results that are not there, or even in “suggesting” in sub-conscious ways to the patient that they are getting the drug or not. So none of those doctors can be a part of it either. Clinicians are recruited who only know that they have two groups, A & B, and have no idea which is which. This is the classic double-blind study: neither the patient nor the experimenter has any idea who is getting the drug and who isn’t.
The reason we need to be this careful is that people are, by and large, irrational. People will be afraid of flying in an airplane but think nothing of getting into a car and driving, even though every bit of data says that driving is far more dangerous. People are far more afraid of sharks than they are of the food they eat, though more people die every year from food poisoning than are ever killed by sharks. And we all suffer from a massive case of the Lake Wobegone effect, in that we all tend to think we are above average, even though by definition roughly half of us are below average on any given characteristic. We just are not good judges of our own capabilities in most cases.
But the worst case is the person who is absolutely certain, no matter what he is certain of. Certainty is great enemy of rationality. Years ago, Jacob Bronowski filmed a series called The Ascent Of Man. In one scene, he stood in a puddle outside at Auschwitz and talked about people who had certainty, and said “I beg of you to consider the possiblity that you may be wrong.” This is the hallmark of a rational person, this is the standard by which every scientist is judged. If you know anyone who can say “This is what I think, but I might be wrong,” you will have found the rarest kind of person, and you should cultivate their aquaintance. This type of wisdom is all too rare. And if you ever find a politician who says that, please vote for them, no matter what their party affiliation. They are worth infinitely more than a hundred of the kind that never have changed their minds about anything.
The KDE project has released its Manifesto. Since this is my desktop of choice, I thought I should mention it. It is very good:
The KDE Manifesto
We are a community of technologists, designers, writers and advocates who work to ensure freedom for all people through our software.
Because of this work we have come to value:
Open Governance to ensure engagement in our leadership and decision processes;
Free Software to ensure the result of our work is available to all people;
Inclusivity to ensure that people of all origins are welcome to join us and participate;
Innovation to ensure that new ideas constantly emerge to better serve people;
Common Ownership to ensure that we stay united;
End-User Focus to ensure our work is useful to all people.
That is, in pursuit of our goal, we have found these items essential to define and stay true to ourselves.
The reason things like this matter is that free software is about a lot more than just selling a bunch of software and having an IPO to get rich. It is about our values and empowering people to use software to make their lives better.
I thought I would share my own impressions of Penguicon 2012, which was held at the Dearborn Hyatt in Dearborn, Michigan, USA, on April 27-29, 2012. This is a rather unusual event, combining as it does both a Science Fiction convention and a Linux Fest. There are many examples of each of these, of course, on their own, but this is the only one I know of that combines both in one event. I have been going to this event for a number of years, and I have been a speaker for the last 4 years. So this is an event that means something to me. In what follows, I will mention what I did at Penguicon, but of course no other person would have followed this precise path. Every time slot probably had a dozen alternatives for what you could do, but that is part of the charm of these big conventions and conferences; you know you are at a good one when you feel that you are constantly having to choose between two good alternatives. My own choices leaned more towards the Linux/Technology side of things, even though I am a Science Fiction fan (hence my domain name), but I did manage to take in a few SF panels as well. The Guests of Honor this year included John Scalzi, perhaps best known as the author of The Old Man’s War, who was the SF Author GOH, and Jim Gettys, famous for diagnosing the problem of buffer bloat, who was the Tech GOH.
The con starts on Friday afternoon, so I took off work early and got there in time to hear my friend Ryan Kather give a talk on JuJu Charms. I didn’t know a lot about this technology, other than seeing a lot of posts by Jorge Castro that mentioned his work, but it was nice to get a simple, clear overview. And what I learned was that they are basically scripts for installing and standing up software platforms in the cloud. since my new job involves some of that it may come in useful. Then I gave my own talk, on Linux Directory Structure. It was well-received, and the room was fairly full, so I felt good about that. And the thing I liked best was that by giving my talk right at the beginning I could then relax and enjoy the rest of the con. Following my talk I joined the Ubuntu Michigan LoCo Release Party for 12.04, which had just been released the day before. Then it was time for dinner, and joined a group of people that included James Hice, Craig Maloney, JoDee Baker, and Rick Harding, among others. I had known the others before this but it was my first time meeting Rick Harding, who is a developer for Canonical and as I recall works on Launchpad. Rick and Craig also do a podcast together called the LoCoCast (http://www.lococast.net). And that concluded my Friday at Penguicon.
Saturday was a full day of activity, and my day started with a talk by Bruce Schneier called Security and Trust. It was based on his latest book, Liars and Outliers, which I bought for my Nook but haven’t gotten to yet (I’m still working on Peter Diamandis’ book Abundance). Bruce talked about the balance between the trust we show every day in various social institutions and the way that trust can be abused. Bruce did a small amount of Game Theory in his analysis, but in short trust can only be abused if there is trust to begin with, and too much abuse and we all stop trusting. So there is a natural balance. After his talk I got my copy of Schneier on Security signed. Then I hit the Dealer’s Room and picked up a few Steampunk books. This gave way to a session on the Beagle Board, led by Jason Kridner. The Beagle Board is a great platform for hobbyists to experiment with, and runs Linux. Then I went to a panel on Libraries and Librarians in the Information Age, with Janea Schimmel and Jeff Beeler. I then attended the Heinlein panel, led by Eric Raymond and Jim Gettys, which ended up being an hour of geeks talking tech all over the place, with occasional nods back to Heinlein.
I then attend JoDee Baker’s talk on Citizen Science, which talked about some of the ways each of us can contribute to science even if we are not trained scientists. Of course, JoDee teaches Physics, so she in fact is a trained scientist, and I would guess from her talk a pretty good teacher ass well. I know I enjoyed her presentation. Then Craig Maloney did a presentation on the recently released Ubuntu 12.04 that focused on the changes that had occurred and where it was at the 12.04 mark. 12.04 being a Long-Term Support release, the focus was naturally on stability and performance, rather than introducing new features, and I decided during Craig’s talk that I would install it on one of my machines and give it a workout.
After all of this Saturday activity I needed sustenance, and Catherine Devlin and I went to the food court at the mall across the street and found some decent looking Middle Eastern food. For those who don’t live in this area, there is a very large Arabic and Middle Eastern community in Southeast Michigan, and the heart of it is in Dearborn, where the con was held. Catherine is well-known in the Python community, and is someone I run into at pretty much every Linux event I attend. She most recently ran a workshop at Indiana LinuxFest called Python for Women (and Their Friends) which I think I mentioned in my report from ILF. After dinner, I went back for a talk on IPv6 Software, by Michael Mol. And by that time it had been a long day, so I went home.
Sunday began with a talk on Sustainable Engineering in Developing Economies by Kristy Currier. One of the key problems addressed was obtaining drinkable water, which is the key problem for many people in the world. The ideal technologies are ones that are inexpensive and can be maintained easily on the spot, and Kristy showed us some of that. Then I went to a panel called The Past Through Digital Audio, put on by members of the Science Fiction Oral History Association. We heard recorded talks and interviews with Isaac Asimov, Arthur C. Clarke, Lester Del Rey, and others. SFOHA is doing two things it would appear, the first being to digitize audio recordings made on tape many years ago, and the second being to go to conventions currently and add to their wealth of material. This sounded exciting, so I have joined the group, and plan to do some digitizing since I have done some of that already and have it all set up right now anyway. I think this is something that SF fans should be helping.
I then joined a BOF session on Raspberry Pi, which was somewhat subdued because no one there actually had one yet. Then it was off to hear Ruth Suehle speak on The Pop Culture Guide to Open Source. Ruth made the point that open software and open culture are very related. I first heard Ruth speak at Ohio LinuxFest last September, so I knew she would give a good talk, and I was not disappointed. I got to chat briefly with her and Spot Callaway of the Fedora project. Then I went to hear Michael Mol one last time on IPv6 For the Home. For anyone who is interested, Michael pointed out that you can get IPv6 connections right now through Hurricane Electric (http://www.he.net), but what may be even more interesting is that they offer training materials and free certification for being an IPv6 expert. Well worth checking out. I ended my Penguicon 2012 experience with the closing ceremonies, where I learned that my friend Chris Krieger seems to be getting more involved with Penguicon. He has run the LAN room the last few years, but it looks like he is stepping up even more. Chris is a talented Linux and Security guy who has presented at my LUG, the Washtenaw Linux Users Group, for the last couple of years and just gave us a proposal to do it again this coming September.
So, I hope some of you may have found this interesting. If you are in the area of Southeast Michigan this is an event well worth taking in. It happens each year around the end of April or beginning of May, and I am already looking forward to 2013
Listen to the audio version of this post on Hacker Public Radio!