Bruce Schneier
Schneier on Security
A blog covering security and security technology.
« Physical Key Escrow | Main | Degree Plans of the Future »
July 14, 2011
My Next Book Title: Liars and Outliers
Thank you for all your comments and suggestions regarding my next book title. It will be:
Liars and Outliers:
How Security Holds Society Together
We're still deciding on a cover, but it won't be any of the five from the above link. Vaguely ominous crowd scenes are not what I want.
Posted on July 14, 2011 at 1:47 PM • 59 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Your Name Here • July 14, 2011 1:51 PM
Yeah, I always buy the books with the _overtly_ ominous crowd scenes.
Kelly • July 14, 2011 3:00 PM
Very nice that you picked the title I liked in the previous thread, and also apparently agreed with me that none of the 5 covers were suitable. :-D
Andy • July 14, 2011 3:08 PM
Very appropriate title, should fit well. I'll certainly be picking up a copy once it is available.
aikimark • July 14, 2011 4:09 PM
might I suggest a simple shot of a man shaking hands, but with his fingers crossed behind his back.
not los federales • July 14, 2011 5:45 PM
sounds like a great book! Be sure to have a chapter on perimeters!
magetoo • July 14, 2011 6:16 PM
Hey, it's the clever punny title after all!
Good luck with the cover. (Let us know if you need to have a Venn diagrams vs. Polish crime novel vote-off.)
Harry • July 14, 2011 8:31 PM
I like the title much better than the earlier proposed ones, and that you're not using one of the five covers.
Richard Steven Hack • July 14, 2011 8:54 PM
Sorry, gotta disagree. Don't like it.
The main title wouldn't mean anything to me at all at first glance other than maybe it has something to do with "bad people". The "outliers" term is not one people will recognize right away. The pun is clever, and might stimulate a casual browser to look more closely, however.
The subtitle at least shows it has some connection to the general concept of security, and security vis-a-vis society.
But then the premise that "security holds society together" is in my snap judgment a weak one (although not necessarily untrue in some sense.)
Off the top of my head the subtitle seems to indicate a stronger premise than I suspect you can prove.
Of course, presumably that's the case the book is going to try to make, so I'll withhold judgment until I read it.
Will you be discussing ways in which "security" - and the obsession with it - DAMAGES society? Since this has been a consistent theme with you, I would expect you would.
Neil in Chicago • July 14, 2011 9:46 PM
Excellent!
I had nothing better than the original possibilities, but none of them swung.
This is both clear and tantalizing to the layman. perfect
Richard Steven Hack • July 14, 2011 9:48 PM
Off-topic: 24,000 Pentagon files stolen in major cyber breach, official says
http://www.washingtonpost.com/blogs/...
What does this paragraph mean? Can anyone tell?
"“Our strategy’s overriding emphasis is on denying the benefit of an attack,” Lynn said Thursday. “Rather than rely on the threat of retaliation alone to deter attacks in cyberspace, we aim to change our adversaries’ incentives in a more fundamental way. If an attack will not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place.”
That last sentence just boggles my brain. What the hell does it even mean? HOW do you do that?
aikimark • July 14, 2011 9:57 PM
thanks for the +1, guys.
==========
If that is not to your liking, Bruce, you could show a person in a court setting taking an oath before testifying. His right hand is raised and his left hand, while on the Bible, has crossed fingers. The crossed fingers might be too subtle to pick up.
If you could get the copyrights for it, you could feature a montage of famous liars -- both real and literary/entertaining.
* Two of them might be SNL characters (Martin Short's lawyer character and Jon Lovitz's Tommy Flanagan character)
* Richard Nixon (I'm not a crook)
LandruBek • July 14, 2011 10:28 PM
I'm glad you steered clear of the word "minority" -- like it or not, the word has too many unintended connotations to suit the book. This title is snappy! Nice wordsmithing.
"I'm glad you steered clear of the word 'minority' -- like it or not, the word has too many unintended connotations to suit the book."
The phrases "honest majority" and "dishonest minority" are all over the manuscript, and I don't think I'll be deleting them.
PackagedBlue • July 14, 2011 10:59 PM
Best regards to the book.
Personally, my first reaction to the next book title, is grr, and yawn. We all get lied to so much that, what is another book on lies, when we all just want satisfaction.
All things aside, I'd like to see a blog article on the book, and its title, after many have read it.
I don't like the title much.. mainly because I couldn't find a German word for "outliers" that's not part of a truck. Anyone care to enlighten me about the meaning?
Paeniteo • July 15, 2011 2:51 AM
@Woo: "German word for "outliers""
Ausreißer --> http://de.wikipedia.org/wiki/Ausrei%C3%9Fer
SomeDude5 • July 15, 2011 3:44 AM
Like it. Especially the homeoteleuton in the main title and that you drop "moderen" from the subtitle.
AC2 • July 15, 2011 4:21 AM
OT...
Can anyone please suggest a good reference for securing a Windows 7 install (64 bit Home Premium particularly). This is for regular email, browse, MS Office, video use.
I have found the following but the first one seems a little too simplistic and the second one quite complex, seems more suited for an organisation with a group policy etc.
First one:
---------
http://bulletproof-windows.blogspot.com/
Second one:
------------
https://benchmarks.cisecurity.org/en-us/?route=downloads.multiform
MS Windows 7 Benchmarks -> CIS Windows 7 Benchmark v1.1.0. Which takes you to:
https://benchmarks.cisecurity.org/tools2/windows/CIS_Microsoft_Windows_7_Benchmark_v1.1.0.pdf
Roger • July 15, 2011 4:30 AM
@Richard Steven Hack:
"What does this paragraph mean? Can anyone tell?...That last sentence just boggles my brain. What the hell does it even mean?"
It's basic economic security. The opponent's desire to attack you is related to his expectation of the pay-off, which is a simple function of the various probabilities (or rather, his estimates of them) and costs / benefits. The formula is:
B = sR - (1-s)cP - A
where
B = profit from attack
s = probability of success
R = reward of success
c = probability of being caught, given failure
P = cost of failure (punishment)
A = cost of attack
Note that in general, the opponent may have a variety of attacks at his disposal, which give different values of s for different values of A. In that case, the defender needs to minimax: minimise the maximum of B across all attacks. (And *not*, as some people do, take the average; that would amount to assuming the opponent picks his attacks at random!)
The main objection to this approach is that it assumes an extremely rational opponent. However if we replace all the values with "likely believed values", it should be a rough estimator of whether an opponent is likely to consider a target attractive, uncertain or definitely unattractive.
"HOW do you do that?"
In abstract terms, to reduce an attack risk you can either:
* increase c, P, or A; or
* reduce s or R
Many security strategies can be identified in terms of one of these; e.g. the old saw, "tough on crime", consists of increasing P (because it's easy.) Many strategies involve trying to reduce s / increase A (which is usually linked.)
In this specific case, they are saying their strategy is to reduce R, which is one of the less common methods. (Of course because we are talking about perceived values, the criminals need to be aware of this!)
In concrete terms, how do we reduce the reward for a successful attack? There are lots of methods, and they depend on the specific threat. For example in safe-breaking, insurance companies may limit the total amount of cash you are allowed to keep in it, calculating this amount from their estimate of s.
For cryptovariables, it is achieved through cryptoperiods.
For web defacement, you might do it by running Tripwire and restoring altered content from a trusted or read-only source if it is triggered.
uk visa • July 15, 2011 6:14 AM
I like the title and subtitle; I hope the book is both critically proclaimed and commercially successful.
wiredog • July 15, 2011 6:29 AM
Vaguely ominous crowd scenes are not what I want.
Better stay away from the theaters showing HP7.2 then.
Dirk Praet • July 15, 2011 6:50 AM
@ Roger / RSH
I believe your explanation is way too complicated to be understood by Pentagon officials and incorporated into company policy. Chances are more likely that the quality of the mushrooms in their garden has been excellent lately.
@ AC2:
Define 'securing'.
For basic home use, talking mainly about drive-by, non-targeted malware: Firefox (w/ NoScript/Adblock) + AV of your choice + Malwarebytes, along with some basic research about what each of these programs do in order to impart knowledge of their use, will be sufficient for 99.9% of the threats out there. If you're worried about your computer being physically stolen, TrueCrypt is probably worth adding.
If you're talking about defending sensitive commercial information, or are already a target of people that may be looking to hack you, then you're going to need to get more involved. Although I would venture to guess that anyone in that position would not be running W7 Home...
Bruce: "The phrases "honest majority" and "dishonest minority" are all over the manuscript, and I don't think I'll be deleting them."
Nor should you, but the title, unlike the text of the book doesn't have time to explain terms. When using a term so loaded as 'minority' in a way few hear it used, well it takes more time than a title will let you get away with.
I like liars and outliers, it gives more of a breadth of what you mean by 'dis-honest minority' without having to explain it. Also, who can resist a good pun.
hmmm • July 15, 2011 10:08 AM
The word "outliers" always reminds me of the Six-sigma class my employer put many of us through several years ago...
Minitab, anyone?
MikeA • July 15, 2011 10:13 AM
@Roger:
In this specific case, they are saying their strategy is to reduce R, which is one of the less common methods. (Of course because we are talking about perceived values, the criminals need to be aware of this!)
This is what we seem to be doing with our home. The second-shabbiest in our neighborhood, with no vehicles made this millennium. A thief would have no problem getting in via the front-room windows, but can also see through those windows that is unlikely we have anything worth stealing.
38after • July 15, 2011 10:38 AM
@MikeA
So you are using the "stealth house" mode? Where the real house is actually in the basement, where all the good stuff is?
Maybe the Pentagon should use a method like this, since the attackers overlooked the Honeypots, and went for the real sugar.
And they can plant some "blow up in your face" rocket plans there, in hopes that the attackers will 86 themselves.
echowit • July 15, 2011 10:59 AM
@RSH: "... If an attack will not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place.”
"... HOW do you do that?"
Simple.
Determine, thru superior intelligence activities, what, when, where and how they are going to attack.
Minimize, thru superior defensive and COIN measures, their ability to execute the attack.
Ensure, thru robust design and execution of mitigation measures, that we will be unaffected by an attack if it should occur.
You know, pretty much what we've been doing so well since 9/11.
DaveInNorfolk • July 15, 2011 2:17 PM
I am glad you took the politically correct title. I read excerpts from the “The Dishonest Minority”. I started thinking about how profound the concept was. I thought about how the “squeaky wheels” steal our treasure; foster unnecessary rules, requirements, or laws against the majority. While the majority just wants to be left alone to live their lives. I could not wait to get this book. Now I find out my way of thinking might be offensive to some members society (like the minority). I may have drawn the wrong conclusion from what I was reading. If your new book is only a book about lying -- what’s the big deal? Anyone who reads the newspaper or follows politics understands the “ain’t it awful” concept of lying, “but no one can do anything it” model. This change in the packaging of your new book to make it more palatable to “those that may complain” may have just saved me time and money.
HJohn • July 15, 2011 2:23 PM
@Bruce Schneier: "The phrases "honest majority" and "dishonest minority" are all over the manuscript, and I don't think I'll be deleting them."
_______
You're right to keep it. Given the context, I think someone would have to be deliberately misinterpreting what you say to make a negative connotation out of it. (i.e., just a cheap shot to make you look bad undeservedly)
Vles • July 15, 2011 5:59 PM
Be the first book after atlas shrugged I'll buy. (in hard cover)
@ aikimark
You made me think of pink floyd's wish you were here. How about an extra stimulus and "set the handshake on fire"? Or would that be too (visually) unappealing/negative?
I like the title and subtitle. It fits. As for the explanation of "dishonest", maybe ought to include a printout of the post and comments that discussed it most on the website?
Richard Steven Hack • July 15, 2011 7:44 PM
Echowit: Exactly what I was wondering about.
Meanwhile, another General was once again saying the main point is the US should bomb anyone who tries, which is what they appear to really mean by "denying the benefit of the attack."
Here's the bottom line: You don't break into a safe which you know doesn't have enough cash in it to make it worthwhile. Either the target is valuable or it is not. So trying to "deny the benefit of the attack" is just nonsense.
If you're talking about people breaking into systems where there is no valuable data, then you're talking about "keeping out the 'riff-raff'", not competent, committed, well-informed attackers.
Roger's abstract theory is unlikely to be able to be successfully applied to an organization the size of the US government and the US infrastructure. In fact, it's impossible. Such an approach can only be applied to a point security object and then only imperfectly. Which makes the entire theory worthless, just like the notion that one can "defend US infrastructure against terrorists".
It's the same concept, and it's completely impossible.
aikimark • July 15, 2011 9:26 PM
@Vles
Maybe just the pants need to be on fire.
WYWH is one of my favorite albums. Thanks for reminding me of its songs.
Nick Coghlan • July 16, 2011 9:05 AM
I'm not completely sold on the pun in the main title - I really liked your "Madoff & Ghandi" explanation in the previous post and "Outlier" doesn't capture the spark of that kind of revolutionary spirit properly. How about "Liars and Liberators"? Alliterative and (I feel) captures that contrast between the negative and positive kinds of "dishonest minority" you're writing about.
I also agree with the above concern that the subtitle either overstates your thesis, or else is using a far broader definition of "security" than most people would accept as reasonable. A simple softening to "How Security Helps Hold Society Together" would keep it from triggering my automatic BS detector. Less important, but still worth considering, is whether you want to add another adjective to explicit exclude security theatre: "How Effective Security Helps Hold Society Together".
Abe • July 16, 2011 11:45 PM
@ Bruce
In my opinion, most people will think "Outliers" is a typo and you meant "Outliars". Do you actually mean "Outlier" which is defined here:
http://mathworld.wolfram.com/Outlier.html
"A convenient definition of outlier is a point which falls more than 1.5 times the interquartile range above the third quartile or below the first quartile."
If yes, "Liars" and "Outliers" is an unusual mashup.
Robbo the Wonder Spaniel • July 17, 2011 5:37 AM
Am I the only one here who gets annoyed at blog topic hijackers and grandstanders? come on guys, stick to the topic, if you have a hot tip for Bruce why not email him? He does read email ...
I've commented before that the basic problem of society imposing rules on individuals is also a problem in the evolution of life, on many levels: genes in a genome, individuals in a colony, cells in a multicellular organism, endosymbionts in a host and even fetus in a mother.
I'm currently reading "The Origins of Life" by John Maynard Smith and Eors Szathmary. This is a recurring theme in the book, but particularly in chapter 8 "Genetic Conflict". (There are also chapters on animal and human societies, but I haven't read those yet.)
Bruce, if you don't already have a section on genetics and evolution, this would be a good place to start. The book is quite thin, so it is a quick overview. I think this is a highly compressed and popularized version of a big academic tome by the same authors, so you'd find more detail there.
Sauronomics • July 18, 2011 6:44 AM
How about that scene from Soylent Green of the truck moving through the crowd, and picking them up with its front scoop?
Or that one from Bladerunner, where the last replicant to be retired, lets the dove fly free from his hand? On one hand, he's the menace to society who has just been removed from the scene, on the other hand he's just released a dove, a highly symbolic act relating to peace,sanctity, and whatnot, after rescuing the bladerunner from an otherwise inevitable death.
Encapsulation of both aspects of your book.
"I thought about how the 'squeaky wheels' steal our treasure; foster unnecessary rules, requirements, or laws against the majority. While the majority just wants to be left alone to live their lives. I could not wait to get this book."
I worry about the people who believe my book is going to somehow be a defense of a libertarian philosophy.
"I also agree with the above concern that the subtitle either overstates your thesis, or else is using a far broader definition of 'security' than most people would accept as reasonable. A simple softening to "How Security Helps Hold Society Together" would keep it from triggering my automatic BS detector."
It is a thesis of the book that security is necessary to hold a society of humans together. It's certainly not sufficient.
That said, I think the simpler title is better.
Marty • July 18, 2011 3:59 PM
I like the title, but I find it a little too similar to the title of a Malcolm Gladwell book titled "Outliers". If I just saw the title "Liars and Outliers", I might think it was an updated Gladwell book.
Andrew Krone • July 18, 2011 5:03 PM
It's a clever book title, and that's what it should be. Good Pick!
For a picture, maybe a "Programmable Logic Controller"?
Richard Steven Hack • July 18, 2011 10:46 PM
Bruce: "It is a thesis of the book that security is necessary to hold a society of humans together. It's certainly not sufficient."
Since you said "a society of humans", I'll have to agree.
If you'd said "a society of rational entities", I'd have to disagree. But since human society isn't rational, you're probably right.
But then it would be interesting once again to see if you treat the areas where security does NOT help to keep human society together. Given the current state of the world and the whole issue of over-reaction to terrorism I'd say that has as much or more relevance than the converse at this point in history.
aikimark • July 18, 2011 11:02 PM
@Bruce
If you can stand to turn a phrase, try
Honor Amongst Thieves
Richard Steven Hack • July 18, 2011 11:53 PM
Just saw the cover of your book in your post that appears to have disappeared from your site. :-)
I assume the red dots both inside and outside the rest of the gray dots represent the "outliers". That strikes me as a little too subtle for anyone who doesn't get the point of the title.
Also, do the rest of the gray dots represent the "liars"? :-) Given a population that lies to itself as a matter of course, I'd say that would be appropriate.
b_cassidy • July 19, 2011 1:50 AM
What holds society together: 1) laws, 2) ethics, 3) religion, and 4) security. Those with the most property can obtain the best hired hands, the fastest guns. The bigger picture is there are in the world many societies with their hired hands and the societies clash.
@ Bruce In this and at least one previous thread on your upcoming book some folks questioned your use of the word "liars" in a nonintuitive way. My guess is that when you use the term "liars" ssshhh... it's in a top secret code :-)
Andy • July 19, 2011 2:11 AM
@SIS, can you stop filter my internet connection, I was trying to sent the mech30 scramjet designs to Iran now I have to send the antimatter,neturon nukes.
Maybe the compressing tools to pirates, or china with the encryption breaking tool.
Fuck you
confused • July 24, 2011 4:47 PM
Permit me to suggest Milla Jovovich, with a gun in each hand, silhouetted against the sunset over the ruins of Las Vegas.
Thank you.
Rajesh • July 24, 2011 8:02 PM
The Sense of Insecurity has also made societies (religious, political, etc.).... Let's evaluate now how the modern security society will bring all the societies (majority/minority) together.
Artie • December 15, 2011 9:14 AM
I suggest that the "free galleys" should go to the people who would most benefit from reading it, the "liars and "Outliers". I'm anxious to read it
Sidney Karin • December 15, 2011 12:32 PM
I suggest that you give away copies of your new book to selected congresspersons/senators & their staff.
No use preaching to the quire.
Subscribe to comments on this entry
Post a comment
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.
|
| Subscribe |
Subscribe via Kindle |
| Blog Menu |
SearchPowered by DuckDuckGoBlog Home Page
Archives by Date2013 J F M A M J
Tags  |
| Latest Book |
more books by Bruce Schneier |
Comments