Saturday, March 31, 2012

Cybercrime and Espionage, by John Pirc and Will Gragido

Cybercrime and Espionage: An Analysis of Subversive Multivector Threats, by John Pirc and Will Gragido

If there is one word to describe this book it would be "thorough." It begins with a discussion of the philosophy of crime itself ("Criminal behavior is neither new nor is it something to be taken lightly."), moves into a description of the various forms of defense, and lists the players on both sides of the network defense battle before starting to discuss cybercrime in earnest. The title isn't exactly misleading, but there is certainly more background subject matter than I'd expected.

There is an especially good description of the silos of security; the expected network, desktop, and server defenses but also badge readers, cameras, motion sensors, and the people that guard and maintain all the above. Along the way there are several asides describing actual cases of security breaches, such as Bradley Manning leaking Army secrets to WikiLeaks and Robert Hanssen selling intelligence to the Soviets. I would have preferred sidebars that were more on topic with actual hacker exploits and cyber threats but the point that the weakest point of any secure installation is usually the humans maintaining it is very well taken.

For a book with such attention to detail, the publisher did the authors a huge disservice with the amateur nature of the included pictures and graphics. Many are blurry to the point of being unreadable, even simple organizational charts. It would be a great irony if this was a result of the source material being hacked, but sadly I expect this is simply shoddy page setting and inconsistent editing.

This review sounds a bit negative, but that isn't my intent. This is a very worthwhile book and I walked away with a much clearer picture of the current security landscape. Gene Roddenberry would be saddened with the concept that "technological progress and advancement do not blot the darker aspects of humanity," but the evidence presented is quite convincing. Cybercrime and Espionage is a solid introduction to the ever changing threats we face in our modern world.

First Sentence:
The Roman statesman Marcus Tullius Cicero (b. 106 B.C.-d. 43 B.C.) when speaking on the nature of criminality, once said that "The enemy is within the gates; it is with our own luxury, our own folly, our own criminality that we have to contend."

Saturday, March 10, 2012

Naked Lunch, by William S. Burroughs

Naked Lunch, by William S. Burroughs

This was picked for our book club because of its common description as one of the most important classic novels of the twentieth century. After reading it, I can only assume the importance is due to the obscenity trials and censorship issues it spawned that forced a closer examination of our right to free speech rather than the novel itself. Naked Lunch is the delusional raving of a drug-fueled homosexual, with graphic descriptions of sadistic pedophilia and wild hallucinations. There isn’t much of a linear plot, as evidenced by Burroughs himself when he said that he intended for the chapters to be read in any order. It reads like the world’s worst Mad Lib which afterwards was randomly scrambled. “The nostalgia fit is on me boys and will out willy silly . . . boys walk down the carny midway eating pink spun sugar . . . goose each other at the peep show . . . jack off in the Ferris wheel . . . throw sperm at the moon rising red and smoky over the foundries across the river. A Nigra hangs from a cottonwood in front of The Old Court House . . . whimpering women catch his sperm in vaginal teeth . . .”

This book is a classic in the same way that Pollock’s paintings are: unique, random, and meaningless but holding great appeal for professors and critics. I know I sound like that old man at the end of the block shaking his fist at the world while yelling, “Get off my lawn!” but as far as I can tell Naked Lunch has no redeeming value whatsoever. Dull and non-nonsensical, this is a truly awful book.

First Sentence:
I can feel the heat closing in, feel them out there making their moves, setting up their devil doll stool pigeons, crooning over my spoon and dropper I throw away at Washington Square Station, vault a turnstile and two flights down the iron stairs, catch an uptown A train . . . Young, good looking, crew cut, Ivy League, advertising exec type fruit holds the door back for me.

Monday, March 05, 2012

The Lean Startup, by Eric Ries

The Lean Startup: How Today’s Entrepreneurs Use Continuous Innovation to Create Radically Successful Businesses, by Eric Ries

I found The Lean Startup to be an easy and fun read. Taking on many of the same topics as the Poppendieck’s Implementing Lean Software Development but from more of a corporate or management perspective, Ries does an excellent job of describing exactly how one would go about setting up a new company with the ability to quickly innovate and become successful. The key is the Build-Measure-Learn feedback loop and reducing the time it takes a group to completely cycle through this process. Ries believes that you shouldn’t build anything without the ability to measure its success; in the agile software world this is very similar to well-defined acceptance criteria. Measuring is not only the normal quality metrics such as test coverage, but (and probably more important) customer acceptance. Having feedback from actual customers that your company is actually building the right thing is invaluable, and if you discover you aren’t going in the right direction, learn from this knowledge and pivot your behaviors.

The sections on choosing the proper metrics and tests to measure a product were by far the best part of the book. Ries calls traditional numbers used to judge products “vanity metrics:” total customers, gross revenue, and the like. Instead, metrics should be “actionable, accessible, and auditable.” Actionable means there must be a clear cause and effect for the data; if the numbers don’t reach a desired threshold it must be obvious what the next steps are. If web site hits suddenly increase, is it because of a better product or a PR campaign? If you can’t answer the question, you have a vanity metric rather than an actionable metric. Accessible means the reports are easily understood and provide a common frame of reference for everyone involved. Is a web site hit a successful login from a unique IP within a 24-hour period, or simply any request to the server? Auditable means the metric data is both black-and-white testable and easily available. If a test shows that a project should be killed, you don’t want the losers to challenge the veracity of the metric.

As with most agile processes, the ability to change is key. “As a movement, the Lean Startup must avoid doctrines and rigid ideology.” Other than the Lean doctrine itself, of course! The discussions here are quite broad; this is a book of ideas much more than a simple template to follow for success. That isn’t meant as a knock on the book, but that The Lean Startup should be only the first of many places a budding entrepreneur should begin a quest for success.

First Sentence:
Building a startup is an exercise in institution building; thus, it necessarily involves management.

Search This Blog