Hacker News Books

Awesome, thanks! I haven't read enough Schneier to have picked up on that (really just Secrets and Lies).

I mostly read nonfiction and usually do it "marker and pencil in hand" so I try to read carefully and soak up new ideas. I commute by train and read about a midsized book/week that way (sometimes I sleep instead of reading, sometimes I do other stuff etc.). For the commute reading I usually pick things that aren't very meaty like popscience (the Ariely books on behavioral economics or Fooled by Randomness are good examples) or intro/overview type of books like Secrets and Lies.
Most fiction I read is SciFi, the occasional fantasy and some horror and thrillers/crime.

My reading is a bit odd since I tend to read 3-5 commute books at a time picking the one that I feel like each day.

At home I enjoy the occasional comic book (some superhero stuff but mostly things like Transmetropolitan, From Hell or Criminal) and grind out more meaty books, mostly mathematics or physics and work related stuff (programming, algorithms etc.). Basically anything that involves exercises or long/hard thinking. The pace is rather slow, I aim at one good non-programming related book per month and sprinkle in the work related stuff.

tl;dr I read a lot and enjoy it :D

Schneier talks about NAT and 2004 windows laptops (ie, with winxp). I actually asked Peter Gutmann during an IETF meeting around 2005, and he confirmed that nat had improved the situation around and win98/win2k/winxp windows machines and bot nets. If I recall right, the gist of it was that windows machines needed something, and while nat is wrong and bad, it "worked" in this aspect.

This is about as far from a server installed with ubuntu in 2012 that one can get. You are not going to find any such article by Schneier promoting default firewall installations. I suggest here to check out Secrets and Lies by Schneier, as it is rather clear that a firewall need to be configured against the specific threats one can identify. If you fail at identifying threats, the firewall is likely not be useful at all, or will simply work identical to NAT. At worst, it will give a sense of false security.

Oops, sorry, mixed up the titles. I meant to write PC where I wrote AC. If PC disavows AC, then I've failed to find the disavowal by looking up the pointers to AC in the index of PC. There's something nearer to a disavowal in "Secrets and Lies", but it still doesn't go further than (I paraphrase) "I focused on the algorithms, but actually other stuff matters more". (Both books mention that plenty of very bad systems have been built by people who read AC and thought they were therefore experts, but I don't think it's fair to blame that on AC.)

There's a reason why I put "arguably" in front of "definitive" :-). But the point is that what got Schneier famous was writing a big fat book, with lots of technical content, that a lot of people read and were impressed by. That may be less solid than writing a big book that deserves to impress everyone, but it's not at all the same thing as pure blogging bloviation.

(AC doesn't seem so very bad to me, aside from being out of date and being too much of an unassimilated algorithm-dump, but then I'm a generalist rather than a security professional.)

As most of you know, this guy's career is very interesting. Every few years he's stepped up to another level of thinking, a higher, more abstract viewpoint of the world. It's natural for people to learn and abstract, but he does so much of it.

Just look at his books:

* Applied Cryptography - The principles of cryptography and their applications, from a non-theory POV. Basically, "here are some tools".

* Practical Cryptography - Let's look a bit bigger picture. The issue is about how to do what you want and how to not screw it up. Let's look at how to do that.

* Secrets and Lies - Security isn't about crypto, we need to think about the whole of networking and infrastructure. Here's how to think about security more generally.

* Beyond Fear - Security is an innate part of how we think, but we need to understand how to actually think about it in the first place.

* Liars and Outliers - What is security? What does it do, why do we need it, and how does it work at the basic human level?

* Power.com (subject to change) - On the principles of security on the largest human network ever.

It just keeps getting bigger.

From his bio, I would reduce his mile long credentials to the following:

- wrote a best seller "applied cryptography"

- wrote "secrets and lies" (not a best seller)

- wrote "beyond fear"

- wrote "schneier on security"

- publishes a monthly newsletter

- chief security officer of bt.com

The rest of the bio:

http://www.schneier.com/about.html

...essentially amounts to what publications and others think of him as a result of what he has done (above) I'm guessing. What I would call "assumption of legitimacy".

"Described by The Economist"

"Described by Wired"

"Called by Fortune"

"Regularly quoted in the Media"

"Testified on security before Congress"

"Written op eds for major publications"

"crypto gram has 150,000 readers ..."

Now I don't know enough about security and haven't read any of his writings to independently know whether Schneier is an expert or not. And I'm also guessing that many of the media and others that give him credibility also don't know.

After I was quoted in major media everyone else came out of the woodwork and wanted info from me on what I know about. That of course doesn't mean I am not qualified. But it's really not that hard to get the ball rolling on being an expert once the ball is rolling.