Schneier on Security
A blog covering security and security technology.
« Feeling vs. Reality of Security in Sparrows |
| Investigative Report on "Buckshot Yankee" »
December 14, 2011
Liars and Outliers Galleys
My publisher is printing galley copies of Liars and Outliers. If anyone out there has a legitimate reason to get one, like writing book reviews for a newspaper, magazine, popular blog, etc., send me an e-mail and I'll forward your request to Wiley's PR department. I think they'll be ready in a week or so, although it might be after the new year.
Additionally, I'm going to get 10 to 20 copies that I'd like to give away to readers of this blog. I'm not sure how to do it, though. Offering copies to "the first N people who leave a comment" would discriminate based on time zone. Giving copies away randomly to commenters seems, well, too easy. The person in charge of PR at Wiley wants me to give copies away randomly to people who "like" me on Facebook or tweet about me to their friends, or do some other sort of fake distributed marketing thing, but I'm not going to do that.
So to start, I've decided to give away a free galley copy of Liars and Outliers to the person who can come up with the best way to give away free galley copies of Liars and Outliers. Leave your suggestions in comments.
Posted on December 14, 2011 at 11:00 PM
• 633 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
How about giving them to the people who can come up with the best haikus/poems about trust or security?
Winner who comes up with the best way to give away free copies of the book gets a free copy of the book?
That's easy: the best way to give away free copies of the book is to hold a contest where you give away free copies of the book.
I'll mail you a box with another box inside of it with a prepaid mailing slip. All you have to do is put the book in and seal it. You could do it for the first N boxes to arrive. Possible downsides include receiving a ton of empty boxes.
Some sort of quickie movie plot threat contest? Say, you give the first, stupidest threat you can think of and give galley copies to those who can make it sound as scary as possible? Or, you give a foiled stupid attack, and the copies go to those who detail the most egregious yet realistic overreaction on the part of the security apparatus?
What about giving away copies to 10-20 (whatever you decide) people who comment on this entry. But instead of the time-based priority order that you don't like (for good reason), have priority order be determined by the number of blog entries of yours they've commented on in the past, say, two years?
So they would need to express interest on this blog entry but also have been a regular reader and commenter in the past.
I'm not affiliated with them, but you might want to a look at this mechanism for managing giveaways...
How about sitting on them for a while, and then giving them away for insightful comments?
The problem shouldn't be how to send the copies to Alice and Bob, but to prevent that jerk Charlie from reading one of them!
How about winners are the ones who give the most compelling reason they should get the book?
Winners are the ones who can socially engineer your publisher into sending them a book.
Since as you say in the book the society is based on trust, you should trust any commenter who honestly says that they are the best person to receive the book.
And in my completely and unbiased honest judgment, that person would be me.
Just give them to the top N posters on your blog.
Perhaps give copies to a mix of people who have already reviewed your books / blogged / linked to your blog / tweeted about you / in some other readily-identifiable way shown that they're interested in what you talk about.
Reserve a couple of copies for people who have sent you interesting squid stories.
The best way to give away Liars and Outliers is.... to ask for 2011's biggest Liar and biggest Outlier.
My biggest Liar for 2011 is Arnold Schwarzenegger.
My biggest Outlier for 2011 is Virtual Payment systems (google wallet etc).
Have a security story contest.
People will send in stories how security made a difference in their lives.
Have categories like:
- In-depth analysis.
- Incredibly clever tricks.
- Bypassing security (must be a new story!)
Top few entries in each category win.
Give them, and publicly say so, to the CIOs of companies who have "experienced" the biggest security breaches in the last year...
Make a XOR of each letter (ASCII) of user name. Give books to those that yield highest number (byte). E.g. for "Josip Medved" total score would be 0x54 (based on 0x 4A 6F 73 69 70 20 4D 65 64 76 65 64).
My suggestion is to give them to the first N people who post their name, address, DOB, and SSN (or similar number) on this blog so that the book gets into the hands of those who really could use it.
But on a more serious note I think that giving away books to readers of this blog is a poor idea. Lots of people including myself chose to post anonymously and honestly I'm not willing to give up my anonymity just to get a free book.
Have people write a 250 word summary or what the book is about, what value the reader (purchaser) should expect to get and what interests you are likely to have if you are to find the book interesting.
Give notice on your blog of when you will post the challenge details.
Give only 24 hrs for responses.
PS: Tell them that encrypting their responses will not earn them extra points ;)
random numbers, when 48(72?) hours has passed generate 20 random numbers from 1 to the number of comments.
allocate books to the authors of those comments
The 10 to 20 best squid stories?
I'm with Daniel. Doing a comment-based system kind of defeats anonymity.
By the way, if you'd like to send me all of the books I can give you $500,000 because my brother just happens to be a Nigerian prince.
Just send them to:
404 Not Found Street
Given the content of your book, you could try:
"Give an example of the time you were an outlier in a social circmstance. An anecdote, or incident when you gained an advantage based on playing with preconceived socital norms. The ones that I like the most, get a book."
To boot, you also get a few very interesting anecdotes, dealing with social engineering, etc. Something that would also be of great interest to your audience.
As much as I think we're a deserving lot, can you PLEASE give them to the senior people in the DHS and TSA?
Give a copy to an active member of the military cryptologic community (hint, hint....nudge, nudge)...
How about simply the first 20 people to say please?
How about just donating copies to some colleges and universities with information security degrees? Staff could read and potentially recommend to other staff/students.
I believe some simple but interesting security-related quiz would serve.
Hard enough it would take more than a couple of days to collect enough solutions, to avoid time-zone discrimination, but simple enough for normal people to solve.
I don't think you can do much better than giving them at random. Either your choice method depends on the people, or it doesn't (in which case it's "arbitrary" at most). So let's suppose it depends. It could still be random: for a given way of testing people, you get a score, affecting the probability that each get the book. There are deterministic scoring systems (probability 1 to the best scores, 0 to the rest) and uniform ones (1/N for each, no test), and the gray area in between.
I don't see what non-uniform scoring system would be "fair". You could test users about the number of comments on this blog; but do you want to reward the person that are comfortable with expressing their opinion, instead of, say, long-time readers that don't post comments? You test security knowledge, but isn't your book also (mostly?) directed to non-security-specialists?
So all the proposed scoring systems so far seem unfair. That's not a proof, but fairness is a characteristic of uniform randomness, in some sense. The fairest way to choose is not to choose.
Of course, you may wish to optimize something else than fairness.
Please personally sign them and give them to the 10-20 best requests for personalization that you get
That one with the boxes is a nice idea. Just ask everyone to send you the postage in $ and you will have an enriching experience :-)
You will also have good statistical values about the locations of your hardcore fans ;-)
You can start by giving one to me, then you have one less to worry about :)
How about get people to send you postcards from where they live. Pick 20 random ones from that. They are people who care enough about your work to make the effort to physically send something.
Yes, that means the anonymous posters can't play but it's just a suggestion after all.
Was going to come up with a great idea, but reading the ones above made my head buzz. Will go back to lurking now.
No, wait, it came back to me.
Soem kind of "Know your subject" test. Ask people to quote you on a subject. Give 24 hours for, say, a good quote from Schneier on "toys" or "cake" or something else mundane.
People who know you and your work, should be able to dredge something up in that time. And you don't exclude lurkers like me that never post here.
Of course, judging would be necessarily subjective. But I think it could be fun. You seem to enjoy being misquoted in other contexts...
Ask people to submit suggestions of places where the book could be left as a 'calling card' that would demonstrate the circumvention of poorly designed or implemented security measures.
How about giving them to libraries in and outside of the US. You would probably want more than 20 copies for this though ;-)
That way you can reach the largest audience possible (except for giving the eBook away for free;-)) and even perhaps reach people that you would not have reached otherwise.
Those wanting a free galley copy of Liars and Outliers should write a short book review about this new book, blindly (i.e. without reading it). You choose the "reviewers" you liked the most.
I think that you should have a small penetration contest... You could nest encrypted zip files inside of each other, each layer with a password. The person to get the deepest wins. This would suffer from people sharing answers and techniques, but it is a thought.
The first 20 people to post an entry longer (and more informative) than one of Clive's?
(failing that, the first 20 people to spell-check and re-post one :-)
The first 20 people to donate a squid-themed Christmas present to a local charity?
Have a Limerick contest - about squids!
Frankly, as long as you give one of them to me, I don't really care what happens to the other 19.
Mallory would like one...but then, he'll probably find some devious method to get one anyway.
The last ten comments, finishing now! Please.
Give one to the first person who quotes you in a book.
Wow, so many suggestions already. I say put a PDF file in torrent, that will be giving away it to many people fast! :)
It's fairly obvious.
Give one to Clive Robinson and let him decide on the other 19 recipients.
The first N to socially engineer a copy from your publisher, getting Wiley to send to someone in a government who they have fooled Wiley into thinking are a journalist or school board?
(People might engineer you into thinking they get credit for sending to someone obvious, but that's fair game.)
I said N, because I want you to leave a few of copies ring-fenced for the first M to send you a solution to a message you post in Solitaire cipher!
Many of your fans and followers are into actual technical details of cryptography, and a signed copy of the book from you congratulating them on bruting or breaking the cipher will be worth more than anything in the world.
And if you like this, I don't want to get a copy of the book for this, I want to *win* a copy of the book :)
Oh, as an afterthought, ring-fence two of the Solitaire books for the first school or collage students who succeed. That's the publicity win, and its a really great way to get younger nerds on-board.
How about the first verse of the song "Liar" by Queen? That's from 1974 :-)
I have sinned dear Father Father I have sinned
Try and help me Father
Won't you let me in? Liar
Nobody believes me Liar
Why don't they leave me alone?
Sire I have stolen stolen many times
Raised my voice in anger
When I know I never should
Liar oh everybody deceives me
Liar why don't you leave me alone
I just hope you haven't quoted that song somewhere in the book. Couldn't grep it since I don't have it (yet). There are also songs for "Outlier" but they're not by bands as prominent as Queen (were).
Hold a contest for the most successfully carried out Movie-Plot Threat. The book will give the winner something to read while serving life sentence.
I propose that you give away your book in the form of a "chain letter" sent to hacker spaces. You can start on the West Coast with these:
418 E. Commonwealth, Unit #1
Fullerton, CA 92832
1015 S Main St
Los Angeles, CA, 90015
We will then read it and pass it on by mail or at our next gathering.
Award them to the [1-20],000,000th visitors to this blog. Announce it to that person in an eye-catching way, such as an animated gif.
You can always spend time to design 19 security challenges, either of similar complexity, or graded, so people can earn their free book by solving it. Actually this can be used by the PR of Wiley to generate more hype about the book, but this would require setting up significantly hard challenge that would be able to survive at least an week under the pressure of the highly knowledgeable crowd around here
The best way to give away a free copy is to make it open source.
uhm... wait... that won't work, we can already see the text...
No, sorry, can't help.
Ask blog readers to write in six words or less why they should get a copy. This encourages pithiness and makes it easy for you to scan entries.
The first 10 people that show up at your work and grab a copy off your desk.
I'll refrain from suggesting "house" instead of "work".
Announce that at the last minute the NSA and TSA have insisted that certain major redactions are required in several chapters of your book, making the whole enterprise now of rather tenuous value to you and the target audience, your community. You appeal to the crowd, making a plea for all interested parties, especially those in influential government positions, to write letters to the agency heads and the Assistant Attorney General head of DOJ's National Security Division, calling for the attack dogs to be kept at bay on this particular book. You ask to be copied on all such correspondences. You then pick from the "best" letters, for your free book give-aways: 6 for most apparently compelling arguments, 6 for spookiest approach, 6 for least useful attempts to help, and 2 drawn at random.
I have two suggestions:
1) you have blogged previously asking for help/suggestions on various aspects of the book. Give the books to those people that have provided the most thought-provoking / surprising / helpful comments
2) don't give them away; auction them and use the proceeds for a charity of your choice
Tis the holiday season; lots of folks are traveling. Give a copy to the person who trolls TSA the best.
We should totally have a Bruce Schneier fact contest and the winners will be picked by The Schneier of course.
Suggestion for the book giveaway:
Collect emailed entries up to Christmas Day. Hash each entrant's email address using Skein HMAC (and a secret password). On New Years Day, reveal your secret password, and the 10-20 lowest-value hashes (i.e. the first 10-20 in a numerical sort).
Make your own Security Theater demotivational poster contest - you or a panel of judges decide which ones are the best. Easy to do for the people who want the book, and just have a submission deadline that's a couple of days wide.
Don't just give them away... make people trick, cheat and socially engineer them away from you. If nobody succeeds, you can honor the best attempts with a copy.
Alternatively, giving them to university libraries outside the US would be nice. This would also increase your "fan base".
1) Let aspiring receivees enter their address.
2) Select the 20 people so that the distance between each receivee is maximized.
3) Get publisher to accept postage fees.
Bonus: this scheme provides you with information about the geographical distribution of your readers.
+1 for Security Theater demotivational poster
You could do a security puzzle for us to solve - ie layout a situation, and ask us how we would break security.
Josip Medved, what about Cyrillic or unicode characters :)
You could give the book away to the people who come up with the best movie plot threats directly involving the book.
write your solution for giving the books for free (for example use the fibonacci numbers to select from the list of the senders) down and crypt it as a crypto contest and then use the decrypted solution to choose your winners of a free copy.
CONGRATULATIONS! You are the 1672 visitor, click here to claim your free copy of Liars and Outliers!
Randomly selected newsletter subscribers but more or less geographicaly equally distributed.
+1 Sorted Skein HMAC hashes, but you might end up beard-deep in mails from book1@... book2@... ; )
Alternatively +1 for Postcards, totally non-traceable to online identities!
I think you should give away a copy to the person who can come up with the best way to give away free galley copies of Liars and Outliers, which is not giving away a copy to the person who can come up with the (next) best way of giving away a copy.
(A meta-attack on incompletely-specified rules, plus a little flattery. Is that the sort of thing that Schneier might find amusing? Only time will tell....:-)
Post an encrypted message that gives instructions for how to apply for one of the copies. As I have only just completed the Royal Holloway cryptography module I am probably ruling myself out by making this suggestion.
An alternative would be to go with Louie's earlier suggestion, supply the first copy to Louie and then the second copy to me, thereby reducing your problem to the '18-book giveaway conundrum' instead of the 20-book version! Good luck with it.
Put all the copies in a box marked "Bomb" then leave it at an airport. That way the book will end up in the hands of the people that could most benefit from it.
That's fairly easy.
As many already suggested, the easiest way is to have a contest. The kind of contest, depends on how much time you want to lose "grading" the answers (from a simple "find the hidden intell" to a "please write an essay describing the most ridiculous security theatre situation you can imagine").
As timezone is a factor, you'd have to make a coordinated announcement on the contest rules.
To spice things up, you could hide the contest's URL inside a simple crypto challenge, very much like Britain's GCHQ latest recruitment ad (http://www.canyoucrackit.co.uk/).
It seems reasonable compromise to make a random giveaway among people posting comments. Unless you like somebody's specific comment, which can be awarded with the special copy.
My top five contest ideas:
First 2^4 people to identify collisions in the Skein hash function
Best 20 new submissions to the "Bruce Schneier Facts" website
First 15 people who send photos of themselves posing with their Bruce Schneier action figure
First 13 people to add their names to an encrypted file on Bruce's computer
Best 8 joke submissions that feature squids (to be selected on a Friday, of course).
Give one to my friends, but let me know who, so that I can borrow it. This boils down to finding the super nodes in a social graph, and handing out copies to them.
I had an idea but there's no point posting, MS wins:
"Give them, and publicly say so, to the CIOs of companies who have experienced the biggest security breaches in the last year..."
Give them to the people who have written the most (or most interesting) comments on your blog so far.
Ask what extra Good Thing each person would do if they received a free copy of your book. Something that they wouldn't otherwise have done.
I would give $10 to the next homeless person I encounter.
The subtitle of the book "How security holds society together" is (afaiu) a compact summary of the central theme of the book.
I suggest the copies away to people who submit single sentences that show examples of this principle.
One such example might be "Good fences make good neighbors".
You could then pick the 19 (20 if you include the one above) sentences and use them for making some more marketing material, driving the message of your book.
A variation of this idea might be using reader submitted pictures (but this would discriminate against the graphically challenged).
Leave the books in public spaces like park seats or subway carriages with a flysheet asking people to read and then pass on in a similar manner, with comments back to Bruce
I just think you're lying when you say that you're going to give away free copies.
To be fair, disperse the book evenly around the globe. One book for one reader in the given timezone. There are plenty of readers and some in remote locations that are interesting in your book.
Give them away to some school/uni's spread across the world that teach security.
What about giving them to those who suggest relevant arguments for this blog?
Here's an idea for a contest worthy of the Liars and Outliers concept:
To enter, you make a video of yourself telling the most outrageous truthful story you can think of (or make one up if you wish to bluff). Videos are uploaded to YouTube and tagged as part of the Liars and Outliers contest.
People are then instructed to vote on the video they think is the "most outrageous truthful story". In other words, if your story is so outrageous that it seems like a lie, people won't vote for it. So the challenge is to strike the right balance between being preposterous and entertaining, but believable, in order to get votes. The ability to tell the story with a straight face will of course be a factor in how people perceive the video.
The videos with the most votes after some period of time win.
It completely depends on your priorities. Thus if you want to spread them geographically, collect entries and maximize the sum of distances. If you want to preach to the converted, make some kind of contest who knows the most on /says the friendliest things about you/...
I deem the latter approach especially useless if your objectve is to provide knowledge.
If you are striving for fairness, which is implied by you considering timezones, you should collect entries for a time a multiple of the circulation time of the sun (probably spanning some days to allow for different holidays to pass) and draw the 20 lucky winners uniform at random from that list. Beforehand you should spend some effort to root out double entries, which is a hard or probably impossible considering sock puppets.
How about giving them to public libraries in cities that are in regions most under cyber threat!
Hash entrants' names with an algorithm you do not divulge until after the draw. Sort hashes, give copies to the first N.
Clearly qualitative methods of choosing are too time consuming. So you must rely on a method that objectively (randomly) chooses some recipients from this list.
Randomly select 20 integers in the range 1- etc.
Dull but quick ...
How about giving away the books to the first 20 people that legally change their name to "Bruce Schneier"? There might be some arguements over royalties, but you could just run another competition to sort those out...
Send copies to the people who send you the nicest christmas cards (ie soft padded cards, with hallmark rhymes and tunes playing when you open them)!
Spray the pages lightly in nitromethane (model aircraft fuel), then leave copies lying around in airports. This seems to meet all the requirements of getting publicity for the book, teaching airport security people about security and risk management, and adding a little excitement to the life of anyone who tries to take it through security.
Give copies to the people who write the best impression of a Bruce Schneier blog post.
This achieves the publisher's goal (free distributed "social media marketing"), but in a more thoughtful and engaging way: their readers learn something about security, and there's a Scheier-brand "I already wrote about this" link to one of your blog posts where they can learn more about you. In addition to being a more meaningful version of "Like us on Facebook!" it's also got a much better sense of humor.
You've linked to one of these before, but I'm having trouble finding the link.
Leave a box of them on the trunk of a car and come back later.
This is an easy one. You will distribute them slowly during the next 6 months for readers who in your opinion deserve it from good commentary / opinions / remarks about your various blog entries.
Maybe this will also improve the already high quality of the comments we see on schneier.com/blog/ :)
Make a contest:
Contenders shall post the passwords they are using in the comments. The 20 people with the safest passwords (respectively the passwords hardest to crack) win a copy of your new book.
Tweet 20 crypto/security related questions once per hour. Give them to the first to solve the puzzle.
Maybe a little mathy:
I think you should collect the names of your posters (either this item, for all posts this year, or across all posts), rank the first letter of their names (some only leave one name, so use only the first name) then distribute one book at random to someone with a name that starts with the most popular letter, a second to the next highest ranked, and so on, until the free book supply is exhausted.
I would suggest you to give the free copy to person who will write the longest comment or wrote the idea which is most technically difficult. The person who will be able to spend so much time just to get your book for free would be probably the one who will enjoy it at most.
This is interesting:
I don't want to compete with Alistair McDonald so please give him a book!!!!
The best way to give away a free galley copy of this book will be: zip it and put it via trojan horse onto the desktop. ;)
I like Mv’s idea, but it could be seen as open to accusations of favouritism. How about writing 10-20 security related question (stuff that’s covered in the book, or maybe stuff you covered in this blog) and set your blogging engine to post them at set times (to mitigate the time zone issue) over a few weeks (in the run up to the launch). First correct answer wins a book.
Best fake decryption of some part of the book interpreted as the ciphertext of a grille cipher.
Random is easiest (for you) and arguably fairest. No need for any new registration though; just select 20 email addresses from your Crypto-Gram distribution at random.
A couple of my ideas have already been posted (so I won't repeat them again).
But, to please your publisher the people you give to (or the method of choosing or giving) needs to be able to generate chatter about the book, preferable in circles out side of this blog / forum / community.
you may have to give 2 copies to some - one to generate the interest and one as the prize (to keep) depending on the method of interest gneration.
If the idea to generate interest also highlights a security issue the Bonus points (I.e. drop-lifting the book causing a knee jerk security reaction).
Goes without saying that Clive of course gets a copy.
1 copy to the least procteced Facebook peep that shares the competion rules from their profile.
1 copy to the twitter post that manages to get the largest retweet.
(and to even out the numbers again) 1 to the linkdin / other social site user that promotes the competion hence book and Bruce widest (socially speaking - the geography is becoming a moot point in the web social world)
Implemement a '+1' or 'I agree' feature for blog comments. Choose a selection of intelligent recent articles (no shortage). Whoever's comments get most popular support get the books.
(Goal here is to reward those who contribute and are most deserving based on their ability to appreciate the content. Side effect is to drive up the value of your site through quality comments.)
Give books to those who will find significant technical inaccuracies in your posts/essays on this blog.
We've already seen $2.56 for bugs in TeX, $500 for bugs in google chrome . Might try this approach for the blogs as well.
Give them to the outliers -- the first twenty people who email you proof that they attended an Occupy event.
Perhaps you ever wanted a collection with nice postcards from all over the world. Then you can award copies to the guys who sent you the nicest cards.
On the other hand, how about a puzzle. And the winner gets a free copy. I like puzzles. It should be about some security-stuff
Offer the prize to whoever can come up with one of the top 20 Facebook posts on your wall that hashes to the lowest numerical value with Skein?
It is simple to compute merit based rankings based on such inputs as length of subscription, posting history, quality of posts (based on number of replies etc) and other useful variables. Select the top 10-20 as required.
The implementation is left as an exercise for the reader.
How about if I beg. I have already pre-ordered a copy but a galley would be great.
How about deciding a real start time and an end time, post the hash of the start time and the plain text of the end time, then begin accepting requests. After the end time, anything received before the real start time gets dropped, and then pick from the remaining requests?
Could I suggest the LibraryThing Early Reviewers program for a few copies? They algorithmically match recipients based on interest (indicated by their selecting the book during a monthly round of reviews) and similarity of existing library, so you're likely to get some reviews that are both useful and knowledgeable about the subject.
Why not UNrob a bookstore?
Kick in the door, drop in, guns held high and yell "hands up, grab a book NOW NOW NOW!!!"
or something similar? A right blinder I think.
Give them to the individuals with the most outrageous TSA story !
Of course I am fond of my privacy, but I still would like to get a copy of your new book.
So, what I did is, I wrote a Perl script that generated two large prime numbers p and q, multiplied those to find n, calculated phi, e and d.
I translated my name and address into ASCII codes, converted those numbers into binary numbers, build blocks of 128 bits which I converted back to decimal numbers.
Then I did the magic step c ≡ p^e (mod n) on those numbers and I got lots of large numbers.
If you can decrypt those (I actually can send you a copy, but it would spoil the comment if I pasted them here), you can send me a copy of your book...;-)
I would have liked to do something with 2,3 or blowfish, for this exercise, but I already spent hours on this simple RSA implementation...;-)
Put the copies behind some sort of security, and give them to those who can successfully defeat the security and steal them.
You could give copies away to those who point out the security implications of dubious social media marketing such as that proposed by your publisher :)
How about giving one to each person that collects, say, 50 signatures from his constituency on a letter to their representative/MP, pressing them to read the book, and who will send it to them on your behalf?
(just giving them away to readers of your blog is pointless - we'll all order it anyway!)
How about giving them to the people with the most embarrassing TSA story? I was traveling on the road with my family over Thanksgiving. Since we were driving 20 hours with my children I packed my pistol in my luggage. It has a safety lock on it and is inside a cover. Once we get to the destination, my wife Molly, being the safety conscious person she is hides my clip in an inside pocket of my backpack so as to separate the ammo from the gun. She does not tell me this. Upon arrival back home I put away the pistol. A few days later I'm on my way out to Miami when the security check is just taking longer and longer. Five security personnel end up huddled around the monitor. And I'm rolling my eyes at the whole thing and joking with the person behind me that I must have left a bottle of water in there.
Three of the guys escort me over to a holding area and start giving me twenty questions. They take the bag over to a table and wipe it all down. And I still don't have a CLUE why they are so upset. Some person finally opens up the backpack and pulls out a full 45 caliber clip with hollow points loaded in it. I groan as I clearly now recognize it as mine but STILL don't know for sure why it is in there. After about an hour of additional questioning I'm allowed to go. But I'm relatively sure I'm on some TSA 'special attention' list. So maybe since I'm on that list I could also be on the list to get a copy of the book. I can mail you my backpack and you can hide it in there.
Send an email to the top 10-20 cyber criminals informing them that they've won a free copy of your new book, and when they come to pick them up, arrest them.
This is _hard_. I first thought maybe analyse your web server logs to extract a set of the most frequent readers - something like cat access* | cut -d' ' -f1 | sort |uniq| wc -l, but then you would find yourself giving it away to a robot.
The best I can come up with is to make a random selection from commenter's names from the last month. The result might be to give it away to someone who doesn't want it or might not benefit from it, but any method that can select a deserving recipient is likely to take far more effort than you really want to put in.
So just grab a few commenter's names and pull one out of hat.
Outsource it to Readers' Digest.
You know "You have been randomly selected ..."
To the person who submits the best list of 'security related' English words that can be generated from the letters of the book's title.
Once again my ears have gone pink on reading the comments on one of Bruce's blog pages and I thank those people for their kindly suggestions.
However, having read all the comments above (so far) a thought occurs,
A little while ago the school my son goes to set an Acrostic competition and the best got sent forward for consideration to a national competition to be published. And my son was lucky enough to be published, so now has set himself a target in life to be published again in some way ;)
So how about an acrostic competittion relating to either Bruce or Security but with a slight difference to make it more chalenging?
Now the normal rules for an acrostic is the first letter of each first word on each line of the poem should when read from top to bottom spell a word that relates in some way to the subject of the poem.
Now to make it more chalenging, how about a double acrostic where the first letter of the first word and the last letter of the last word on each line is used, BUT... instead of words, Bruce hashes the words on the front covers and back covers of the book. The hashes are then converted by some recognisable method to letters which are then used for the first and last letters on the lines, and each poem should be atleast ten lines long.
People then Email them to Bruce who posts them for people to vote for.
A contest that satisfies readers and the publisher: Upload pages, cover art, etc. to Flickr and Facebook. Hide messages or instructions in the metadata or in the image itself. Disperse clues between both sites. Then it'll be relatively easy to go through the correct answers, and take the top 10 or 20.
Let the octopus (squid?) choose (like during the last the world soccer championships).
I suggest that you could think back to any posts that helped you create the book and select members from that group for receiving a copy.
This solution tries to reward people for their helpful involvement in the greater work and also encourages insightful discussions on the blog in future.
I'm in favour of the xor method.
Alistair Ä McDonald
(need to be specific here, that initial character is 0xC4)
Ask readers to nominate the persons they think contribute most to the community of readers of this blog, and award books to the top 10-20.
Following the theme of the "Chuck Norris jokes" (see https://www.google.com/#q=Chuck+Norris+jokes ), I propose you award the books to the commenters who come up with the best "Bruce Schneier jokes". Examples:
Bruce Schneier once visited the TSA Headquarters, only to find the building completely deserted. All the employees heard he was coming and called in sick.
Whenever Bruce Schneier travels, he carries two vials hidden in his beard. The first vial contains lemon juice that turns yellow when there's a security threat, and the second contains water that turns red when the threat is real.
Bruce Willis, Bruce Almighty and Bruce Schneier were traveling together on a plane when suddenly a man dressed in a robe lept to his feet, pulled out a grenade and shouted "Allahu Akbar!" Bruce Willis said, 'Stand back while I kill this terrorist." Bruce Almighty said, "Wait, I will turn his heart to good." Bruce Schneier simply pushed the call button and when the flight attendant came, he asked for more popcorn.
Don't give them to the believers, but to the unbelievers.
Ask people to nominate a colleague or friend to get the book. Then starting at the second (or nth) most popular nominee either take the next twenty or use a random interval. One this gets people to think of others, chosing the second or nth negates automatically generated responses (you know if you are top you will not get a copy). Chosing an interval is purely up to Bruce and how wide he wants to spread the net.
You can give them to those people whose answer to "Why would you like to have this book?" you like the most.
Post one particular interesting quote, dilemma, idea, etc used in your book that can spark some sort of debate. Let people post their views, arguments for/against whatever it is...the most interesting or insightful responses get a copy of the book.
Not only will it offer a bit of a peek into the book, but it will generate more chatter and excitement about the book as well as getting a few copies out there. People with the interesting responses who receive the book will probably also be some of the best people to talk it up and spread the word about it as well.
You should follow the same paradigm as a security checkpoint.
The only strategy for selecting people to be checked or to receive a book that can't be gamed, is to give the books away at random (and one to me :)
Calculate the SHA1 of the book. Closest guess wins (wrapping around at 0)
Put up a website with an insoluble challenge. Copies to people who send solutions. Specifically, copies to the 20 who did the most work after making whatever tiny error let them come up with a solution in the first place.
Select a random hash and keep it private.
For all people who have left comments on your website throughout the year, and have provided a valid e-mail address, hash their private data.
The person whose private data hashes to be closest to your random selection wins.
I'm your number one fan in Northern Ireland, that's a good enough reason, e-mail me for my address. Thanks, Brian
visit Amazon, look up your other books' reviews and give them to the people whose reviews were marked most helpful.
i am Prince Duncan of frascati, my have many villagers who need learning of lies, send all books to me and greatness will endow you.
I would give a copy to the people who help you to write your new book, and to the top 5 people who post comments about blogs.
I am sure there are some good ideas in the previous posts for you to reflect on. Good luck!
Give them to the commenters who gave the most links or wrote the biggest comments in your squid posts.
If you're going to give away copies to readers of this blog, I think there's something to say for giving them out to those who consistently provide insightful, enlighting and humorous comments.
My nominees are Clive Robinson, Nick P, RobertT, Brandioch Conner, BF Skinner, Doug Coulter and Davi Ottenheimer.
I propose an interactive contest based on the main idea of the book, like you said "I will model the fundamental trade-off of societal security -- individual self-interest vs. societal group interest -- as a group prisoner's dilemma problem".
An example follows:
People sign up for the contest
They are randomly divided into groups of 20
Each one of them has to answer the question:"Do you want a copy of the book right away?" with Yes or No
If only one of the group answers Yes, he takes the book
In other cases people with Yes are disqualified and people with No go to the next round
And it goes like this until (somehow) you have 20...
I know it needs more work in order to get to exactly 20, but I hope you get the idea...
I just think Tomputer is lying when he says "I just think you're lying when you say that you're going to give away free copies".
Alternate reality games are fun
You already have the e-mail addresses for everyone on the distribution list for your monthly newsletter CRYPTO-GRAM
. Just randomly select the persons that win a copy of your new book from that list.
I support the university libraries idea, it will give the largest number of people the greatest opportunity to read your book without giving it away for free.
I would auction them on eBay and give the proceeds to your favorite charity. It will allow the people who support you and are enthusiastic about your book to support you in a somewhat orderly fashion and it will allow you to "give back" to the community in a subtle way. It also requires some courage on your part in allowing the market to dictate the books value.
First, thanks for your enduring efforts to talk about the true nature of topics, this makes you a valuable source of information.
And secondly, that you are multidisciplinary about you approach to the analyzing topics, including the human side of things.
And now a suggested approach:
Solution should require some effort from contestants, and as stated in other posts, should not be game-able, and should not be uniquely solvable by the proposer, and lastly, does not require much of your time and will bring a general value to the world at large... with these requirements, I suggest the following:
Contestants pick a topic that is lacking attention in the media. Each contestant is to describe this topic and why it is important, and how to bring visibility (limit to 200 words).
Then let your blog readers vote on the importance of the topics posted, the clarity of description, and suggested the approach to bring visibility to this topic.
1. You get to see what people are thinking about, maybe something you have not as of yet.
2. Your readers to the heavy lifting of reading and voting.
3. You are inspiring contestants to think, and clearly communicate in a digestible format.
4. The winners are selected automatically based on actions, not luck, or chance, or time zone.
5. You will have a chance to see and blog about entrants if you desire.
And you should offer the sign the book, so it can be a keepsake for the next generations....
How about a free copy to anyone who hacks your blog :)
Crypto-puzzles are always good. Put out 10 to 20 of them.
For half of the books to give away, I think you should have Wiley assign you a "book fairy" to accompany you (for a while) around RSA. As you break into conversations, or are approached by people, or even if someone asks you a really good question during a talk, you can then have the "book fairy" reward them with a free book. The "book fairy" should be dressed in a security-appropriate fairy costume.
For the rest, I suggest variety of approaches, onsie-twosie:
- Appease Wiley, and give one away based on twitter RTs or Facebook Likes
- Have a poetry/haiku contest, as was suggested above, for one
- Cook up a survey that supports one of your research interests, randomly giving a book away to one respondent
- Provide one as a door prize for the academic workshops you've been supporting (economics or human behavior)
Publish an S/MIME and PGP signature. Accept entries sent as encrypted e-mail from a mobile device. With iOS 5, my sister and I trade encrypted e-mail from her iPod Touch and my iPhone 4 daily.
Sent from my iPhone
Simply give a copy to the last 19 people whose comments you replied to on your blog, in reverse chronological order. Presumably, if you replied, that indicates they made a contribution of some value to the debate around your posts.
This may be too obvious, but why not hide a URL inside a cryptogram. the first # people to get to the site, win a book.
To keep winners from sharing the link, you may just keep the puzzle online and have the session issue a certificate to get you into the "winners circle".
Give them all to TSA agents for mandatory reading
uh! oh. . .POPULAR blog. . .never mind
Put newsletter subscribers into a pool; select randomly and email to see if desire copy of book. You could also give on to the oldest subscriber (as in when), the newest subscriber, then randomly.
I prefer anonymity, thus no ID for a blog post. Rewarding blog activity merely rewards a fraction of your readers and while it acts as a reward, it does not "spread the word" to the unenlightened.
Of course, you could always send a copy to the top 20 world leaders :) Not that they would read it, but hope springeth eternal.
Well you don't explicitly mention how much time you want to spend weeding through contest entries but I'm going to guess it's less than 80 hours. How about an animated GIF/LOLcats/Demotivational poster/limerick contest? Those ought to be fairly easy to judge quickly.
How about 'write in 100 words your views on risk vs compliance'...i'll start....Compliance is a byproduct of effective Risk Management ;)
If you have 10 books, you could give one book away each day at noon (your time) to the most insightful or interesting commenter who posted a comment on schneier.com since the last book was given away. You could be the sole judge of comment quality and only allow one win per person.
This allows all time zones to compete over a period of 10 days and encourages people to contribute quality content (thus improving the website).
>"give copies away randomly"
Do you mean random as in random or pseudorandom?
Interesting that many believe to receive a book you still have to work for it i.e. through puzzles or competitions (doing) or be a valued contributor or frequent reader (being)...
How about this:
Give away n copies based on the best n stories describing how someone else deserves a copy. Examples might be best security teacher, best secuity researcher, or best security practitioner I know.
Bruce, you're a logical person but for this task, try to leave logic out of the equation. So why not choose the winner or winners for that matter, based on something completely illogical. Just pick up a few based on nothing, but because you just feel like it.
Bruce, create a new blog category so that your readers can share comments on examples of global trust in every day lives and why we use it/trust it.
No new ideas here.
Hashes sounds nice but should turn out to be random, and random is too obvious aka boring.
CIO's is a very good idea, but how to define who get's a copy?
An auction towards a charity is im my opinion the obvious choice, but how to combine it with the ideas expressed in the book is the problem.
I therefore suggest that your readers should nominate CIO's (gov allowed) who in their opinion is in need to read it. With this list you ask for donations to a charity of your choice connected with names on the list. Those on the list who created the highest amount in donations to that charity get a free book. Some people on the list might make high donations for someone else, so that they don't get associated with the giveaway. It should create a nice big sum for charity.
It's not that I don't want one; I'm just completely capable of buying one myself.
Find the second receiver of a free copy (the first am i if you follow my suggestion :-) ) in a knockout competion ( single-elimination tournament) in which a single "match" is between two candidates. This two candidates have to come to an agreement about who is the "winner" that reaches the next round (or receives the free copy) in any manner they want. If they do not come to an agreement, draw lots.
Alternatively appoint any other game to decide the single matches.
Every candidate has to provide an (throw-away) email address in the comments to be informed about the match partner and to communicate with that partner. The winner of the tournament may suggest the next receiver of a free copy and the succeeding too, until all 19 copies are out.
Give them away by posing a problem, those that solve it get a copy of the book.
Along similar lines to the recent GCHQ challenge.
I think the 'prize' should go to the person who can suggest/code the best method of suggesting the best method of selecting a winner.
This flat comment system just doesn't do us justice!
OK, this isn't an Idea, but a vote for an Idea. AG's idea of most interesting examples of real-life events that demonstrates principles of the book as described here. That'll generate a ton of interesting data for the readership and might even give you a few ideas.
What about another security theater contest? This one would be restricted to local law enforcement only (let the federal agencies sit this one out).
Donate $100 bucks to a Schneiner provided non-profit organization and receive a copy of the book....
Give away a free copy for the best bogus report based purely on the title of the book.
I say just send a copy to the next 20 people that appear on the major News networks spouting BS about security. They are the ones that need it.
I already have a signed book from you but it pines for company. The whining from my book shelf is hacking me (and my other books) off. Please, please help.
BTW, if God wanted to do InfoSec he would hire you.
What about giving them randomly, proportionally to the number of people who subscribed to cryptogram the same year you did? You could add additional weights to earlier years, if you wanted.
Listen to the PR person at Wiley. It builds real interest in the book - and your newsletter / blog. Unfortunately, most of the alternatives do not do that.
I believe the book should be "earned" and not "won" by the reader. So, maybe post a challenging IT Security question or maybe an encrypted message, and the winner gets the book.
I would suggest going back over the last 2-3 years and randomly pick 20 people from that list. That way there is no one just entering to get a free book.
I would not use a metric like 'the top 20 posters' because some people only post to relevant topics while others just like to espouse their opinions.
Give them to the first 20 readers of your blog who can prove they work for the TSA. In case of ties, preference goes to upper executives.
Those who seriously need this book will find out ways to get it and read it. Anything that is good is never free anyways.
You need to give them to those pin head Managers/Leaders/CTO's who don't understand our concerns about security vulnerabilities that we find out in products around us everyday. So lets just have a nomination context and lets nominate 20 most Pin Heads in today's world around us and give them those books. They need it the most.
The best way to give away the books it's reading all the comments of the last two or three months in your blog or remember the most importants, and send it as a christmas gift to the 10 or 20 who add value in their comments or made some funny contribution. Nobody is going to be more glad to receive your book than your readers.
If your comment section had up-/down-votes like Reddit, you could give the books to the highest-rated comments as judged by the readers after some set period. (Indeed, this could be done on Reddit or a similar site.)
Just follow your instincts and your heart.
If it were me I'd take bribes. In might seem similar to an auction, but brides are better! You can still say it was free, you don't have declare income for taxes and of course the best part (dramatic pause). The person who wants the book has to figure out a way to bribe you over the internet. I admit I have not done the research on this, maybe paypal already has a secure escrow for bribing.
I like the Haiku idea, here's a quick one:
Bruce enlightens people
Liars and Outliers
Couldn't fit a season there and I'm not 100% of the correct way to count syllables in english (not my native language and it's been a long time since I studied grammar).
A more obscure one (this time with the season baked in):
Liars and Outliers
Even squid have these
Soon sun will triumph
Make it fun, give them to people who write the best answer to "Why the poster above should get the the book ?" :)))
(every poster should also introduce himself shortly - optional for more fun xD)
I sugest a three trier strategy:
First, leav some copies in several Bars around the city. As it is known from other cases, this gets reviews and recommondations in a very fast and easy way.
Second, sneak some copies into some of major bookstore. It will start discussions and goes very well with the theme of the book.
Lastly, send a batch to Clive Robinson. He knows the right liars and outliars that deserve a copy.
Think commercial: give it to people with the most twitter followers and who tweet about security topics.
You should give copies away based on the nice people that take the time to send you links to useful articles!
An idea from Good Will Hunting, go to a local college/university that has a security program or a security conference and post a security question or cryptography algorithm on a blackboard or notice board. Something only real security geeks would get. The person who gets it gets the book and a push in the right direction.
Given: 1) Copies will already be provided to "the press" through other channels, and 2) The computer security world will already be all over this without any additional fanfare on your part, I suggest that you give the limited number (20 or so?) of these copies to the first 20 people who are NOT computer security types, but who rather request them based on the book's broader psycho-social implications. I think that's the market that will require a little extra effort. Or, you could give copies to the first people who can stump you with arcane security trivia.
Once started it's hard to stop thinking about haiku, so here's one more
Snow turns red, breath stops
secret is out, notice
Liars and outliers
The top commenters (i.e. most frequent) on the last N posts?
Why I'd like a free galley copy of Liars and Outliers, by Steven Orr
I'd like a copy because of a number of factors. I very much admire the work that Bruce has done, not only in the math side of developing crypto algorithms, but also in the side that targets The Great Unwashed. TGW are the people who desperately needed to have the concept explained in words, that confiscating fingernail clippers to get on a plane doesn't actually make you safer. The definition of the average IQ is 100, so that means that about half the population is lower than that. It doesn't mean they can't learn; it just means they need a bit more help to master new concepts. It's like Eskimos having 150 words for the different kinds of snow. If you don't have the word for something then you don't realize that you might even have the concept.
I feel elevated when I read Bruce's books. I did work for the DoD for a while in the area of crypto, I use GPG, and I feel that I would get more out of reading the book than most people.
I could go buy the book, but I have to say that I'm watching my pennies very carefully these days. I've been working for a year, but before that I was out for two.
In addition, I was sued in Federal Court a few years ago for speaking out in public about practices in my community that caused highly increased concentrations of social services. Social services are an important part of every community, but in our case, we ended up as the epicenter for servicing a 23 town region. Social service recipients are usually thought of as people who are down on their luck, hungry, unwed mothers, battered women, the mentally handicapped, etc... But it also includes murderers, rapists, arsonists, drug addicts and dealers. We were inundated with the latter category.
What was the point of the above story of the law suit? (Great question. I have a tendency to ramble.) At the time, they subpoenaed a huge pile of email from me (which I refused to turn over, BTW), but at that time I had not yet started to use GPG. In retrospect, I really wish that I had kept encrypted messages in my sent-mail folder so that they would have demanded that I decrypt them. Because I did not have such encrypted messages, I lost the ability to tell them that I did not have the ability to decrypt.
Anyway, I diverge. But! I'd really enjoy the read. :-)
You should encrypt an electronic copy of it so that whoever decrypts it gets it...
There are many people who contribute to this blog with insightful comments, making it worth my while to read the comments in addition to the post itself. I cannot say that about many other blogs.
Top commenter's should be recognized, so I propose that half of the books be given to commenter's who have contributed with many comments or people who consistently provided insightful comments. This is based on your subjective view of this blog.
The other half should just go to random people commenting on a post where you say that you are giving away books. (Give everyone a chance and drum up interest for your book.)
Suggestion: when you send a galley copy, write the word "beta" next to the title.
Give away the copies to the first n people that solve a (not-too-hard) puzzle. Or something along those lines. You could have n puzzles for n people, etc.
Gpx bcpvu b dszquphsbqiz dibmmfohf?
10-20? how many people do you think will be reviewing the book? They should get the galleys first. Then what about people you want to review the book? Send one to Jon Stewart at the Daily Show for instance. At this point I would guess you would ideally have two or three left at most. Keep one for yourself, send one as a publicity stunt say to the eventual Republican nominee for president or a TSA director. Finally if you are in the enviable position of having one or two left... What about a charity? I'm sure some firefighters some where would love ta raffle such a thing off.
Use a polling tool like ideascale.com to solicit two or three security related topics - for example:
1. Where did you expend the most effort pertaining to security defenses in 2011;
2. What are the top security-related threats that you will focus on in 2012;
3. Share your top security-related story of 2011 (similar to longreads.com);
The tool would allow for the schneier.com community to vote up the top answers to the top of the stack. This would provide your visitors with a fantastic reading list that has been crowdsourced by your audience (and potentially influenced by you - if you choose).
2012 is the centennary of Alan Turing's birth. How about giving away 20 copies to people who can best describe how the world be different had he not been born, or how the world would be different had he lived to be 100?
Generate a sha256sum of some file you like, and then give galley copies to those who guess the longest substring of the sha256sum.
Give galley copies to those who can identify the best under-covered areas of security (i.e. threats or mitigation techniques not written about by others). Crowdsource your next book idea.
Run a contest requiring an essay of up to, say, 200 words that describes a fictitious but believable breakdown in a societal trust system, from local to global, and its equally fictitious but entertainingly disastrous results.
Use an online polling system to generate a top 50 from your readers, and then you select your favourite 19.
You should give them to people who will hand knit socks for you. Wait, I've already done that. So, obviously, the first copy goes to me then. Problem solved.
I suppose leaving them in sparkly packages around Boston is out?
Well, do you have to "give" them away? Why not sell them on Ebay with as a signed copy personally addressed to the winners!
Or maybe setup a virtual GeoCaching or similar type of treasure hunt?
Or maybe the best security-related cartoon? (Newly made not just pulling from xkcd.)
Or recruit other blogs, etc. to use them as giveaways on their sites - thus saving you from coming up with ideas and making them do the work!
haiku about the subject of the book works for me
Yes, there will be subjectivity in determining the winner.
Problem: Since so many post pseudo-anonymously, determining the true submitter might be an issue.
Trying to relate to the theme of the book and how we relate to books themselves, here's my entry:
Give the book away to the people who give the best examples of earning your trust with a quote from a book which is personally meaningful to them (thereby demonstrating some aspect of their character). If you also relate to the quote, then perhaps you can trust that person.
As an example, my self-serving and rather circular entry for that competition would be:
"Today's problems require new thinking. When we think about trust, our natural inclination is to think about personal relationships." - taken slightly out of context from the blurbs on Amazon.com of a forthcoming masterpiece - so perhaps you should not trust me, since I rearranged the words!
I feel bad for you, Bruce, having to read all these suggestions.
There's no "good" way of handing these out because, frankly, there's no really "bad" way of handing them out either. Whatever system you come up with can be gamed and if you try to make it impossible to game you'll just end up working really hard for no noticeable benefit.
I say post an email address, randomly select 20 unique mailing addresses emailed to that address, send out the copies. Your choice for whether multiple people from the same address can apply.
If you do actually want to do some work then in addition to a mailing address have each person also choose N whole numbers. Give books to the lowest 20 unique numbers. (N should be from 1 to 3 inclusive, depending on number of expected responses.)
I assume you want to do this fairly quickly. I would randomly pick from winners or runners-up in a few of your earlier contests such as best movie plot threats or TSA logos. (No sadly I'm not in that group.) It would add one more incentive for your future contests at least for those who assume your next book will be worth winning. ;-)
MAC these blog comments with a secret key and sort the results into order. The first few are the winners.
Clive should definitely get one - he writes more words on your website than you do.
I like David Allen's hash substring guess suggestion.
You should hide copies of the books and give out the locations in code. The first person who cracks the code and gets to the book is the winner of that copy.
1. Best description of Skein in the form of a children's book.
2. Give a copy to the first 19 people to write comments that have md5 collisions with excerpts from your prior books.
3. Best security puppet theater.
4. Best tounge-in-cheek promotion. (Poster, meme based, video, one liner, etc.)
You need to open do a contest where people come up with a cryptographic means to generate ciphertext that most closely resembles the name of the book "Liars and Outliers".
I second Archlight's suggestion: send them to various hackerspaces. The effect of each copy would be multiplied by ten.
I'll make it simple for you. Send the book to
478 Cherry Ave
Fredericton NB, Canada
After I read it, I will donate it to the library.
Bruce - right back at ya. You choose.
I propose that the best way to distribute the copies is for you to choose. It's your book, and you can use whatever means you'd like.
Asking for your readership to choose a selection process is novel, but is somewhat like Time Magazine nominating "the protester" as person of the year. While novel, it's a cop out.
Get Dan Brown to do a davinci code sequel using your book as a basis.
Simple! Distribute the copies to the contributors who offer you the largest bribe...oh, wait!
What I generally do with my books is, keep a pile in the basement, occassions do pop-up to hand out a book one at a time
That gives me a happy moment, as well as a memory for the receipent, and the book surely gets read and passed around
By solving simple cryptographic puzzles in which the answer to each puzzle provides part of the code which has to be entered into a form, or better yet emailed to you. Answers to the puzzles will be accepted for one week, the entries received which are correct are then entered into random drawing.
Post a security / encryption related puzzle. Try to create a puzzle that relates to the content of your new book. Have people email their answers to a mailbox by a given deadline. Randomly select book recipients from the pool of correct answers.
This will be fun for participants and will also stand a pretty good chance of getting the books to a deserving audience.
The obvious answer seems to be to post encrypted instructions on how to pick up the book, and give them to the first 20 people to figure out how to do it. But if this is too obvious, how about asking for the best security limerick or joke? Most of the posts so far have been way too serious. And then you get to use the jokes later when you do your talk on the book.
How about simply giving away copies to random academic libraries? Alternatively, how about giving them away to those who come up with the best stories related to one of the topics that you wrote about in your blogs?
Real easy, pick up the first 1000 comments, use a good random number generator and pick 20 winners.
Write "No tools inside" on the cover, paint it pink, and then see how many people are still interested.
Do a pwn-to-own contest - the first person to remotely reboot your book wins it... oh, wait, that doesn't work.
Don't give any copies away, but say that you did (liar).
Then, give copies to the first N people to call you on it (outliers).
You could ask people to submit posts for your blog, and then give copies to the N people you publish. That would both get rid of your books and get some interesting perspectives on the blog. Although it would require alot of leg work on your part in reading the posts and picking the winners.
Security Theater Scavenger Hunt
Award books to the people to come up with the most security theater examples using a maximum of three government agency web sites of their choice.
How about picking the person commenting above who seems like they need most to read the damn book :-)
Give them to folks with a .edu email address. I think most people who follow you can afford to buy the book and so picking students would be simple and effective.
Why worry? No task is too small or too big for us. Outsource this task to India...!!
To give away copies of the book, I would devise a contest with a Unique Auction Bid where each entrant privately submits a positive integer (1, 2, 3, etc). The winners of the contest are the 10 individuals to submit the smallest numbers that were unique; in other words, find the contestants who submitted numbers not submitted by anyone else, and pick the 10 smallest numbers as winners.
USB sticks - randomly left in parking lots - with two files:
1) a "click_me_to_win.exe" file; and
2) a "readme.txt" file.
The executable requires a form to be filled out with name, email, etc., then phones home and disqualifies the user.
"readme" contains the real info on collecting your prize.
Victory for the RTFM crowd.
Hold a poetry contest. Requirements:
100 words or less
Its subject is the same as your book
It has at least some hidden or encrypted information on it.
It has at least 1 squid reference.
While most of the comments above are certainly inventive and probably deserve much more contemplation that mine, I'm in favor of distributing galleys to those who work in the information and physical security spaces who would benefit the most from it - especially those who do blog.
Instead of a contest or random allocation - very deliberately allocate your 20 copies to those charged with fixing high-profile security disasters (credit card data leaks, etc...).
If you're able to gift copies to those who have been called in to fix, say, a major retail credit-card information leak, Wiley PR may be able to extract some very valuable endorsements. Something like, "We're here cleaning up this mess, if our predecessors had followed Bruce's guidance this wouldn't have happened" or "Bruce is not just a pundit, but directly advises those working to clean up the biggest messes..."
Give a copy of your book the person that writes the closest matching abstract without actually having read the book yet.
Ask readers/posters to post the most insightful examples of how we give up security freely in today's society. And how people lie about security (they say it's more secure when it's really not and in fact, usually scarily not).
I think the best way would be to compile the top commenters (by volume) on the Friday squid posts for the last year, then send books to the top 20.
Should be pretty straightforward to write a script that parses this out.
OK, how about sending copies in this fashion:
1600 Pennsylvania Ave.
Washington, DC 20500
10 Downing Street
London SW1A 2AA
until you pick the 20 most influential world leaders. They probably need it more than most of the people here...
Run an all-pay auction for them.
Um, by best you meant most revenue enhancing, right?
I would suggest creating a Scavenger Hunt that focuses on content published on your blog or previous books.
As wacky Pinky and the Brain style plans for world domination are a love of mine, I say give them out to the best such expressed plans.
should send free copy to ANY CIO who has experienced a security Breach in the last 6 months!!!!!
Give it to people that have never used a credit card on line and don't want to start by buying your book!
You could give them to people who provide topic ideas for your *next* book.
DiegoB, there's something kind of funny about DOSing Bruce Schneier with empty boxes.
If Bruce picks that method, I'm totally going to forge the sender of my packet^H^H^Hages with people I know, in hopes that if some do get through, my odds of getting a book back increase a little.
I also like Fred P's poetry contest idea.
My other idea is to pick the people with the most outrageous ideas for giving away free copies. Not silly ideas like "hand"-delivered by an elephant, but actual ideas that can work, without any kind of pachyderm, be it African or Asian. Unless you're volunteering your own elephant for use in the giveaway.
Give a free copy to the first comments to suggest questions or sources you didn't address in the book, but wish you did.
Give it away to whomever comes up with the best lie.
My father was the pope and my mother worked in a traveling show until she was recruited by MI5 as a target decoy for the queen's public appearances. This worked out so well that she secretly became the queen after QEII stood too close to a Harrier Jump Jet during an RAF demonstration back in the 70's. But of course, I can't talk about any of this.
Wow! 250 comments in 10 hours. You are going to sell a ton of books.
I wouldn't recommend another contest. The whole "What's the best terrorist plot" thing you did a couple of April 1's ago was pretty scary. I still use it as the definitive cost of a completely effective and novel plot == one signed book (~$50).
While I'm not an anonymous coward, at least on this blog, using past postings would discriminate against them.
I think the only viable approach is the one you're using here. "Best response gets a book". You don't even have to give away a book if the responses to some post aren't that interesting. Just post an entry once a week listing the best N responses from the previous week and send them a book. If it leads to more thoughtful responses, that's great for the blog.
Greetings from Mexico!!
You can do an array of riddles that reveals hints, the answer of that hint will bring out the next riddle, and so on… until you consider is fair enough to win the book.
The topic of the last riddle can be about how to submit the answers… so you can ensure you will get no spam on your inbox. ;)
Give them up the the top 10 most frequent posters since the book was announced. That shows more than passing interest in your blog, and I would not mind if someone else got one because they posted more often than me.
Get John S. Pistole to sign a copy. Auction the signed copy and give the proceeds to the EFF.
Give away another copy to whoever can figure out how to get John S Pistole to sign the previously mentioned copy.
A cryptographic treasure hunt!
Bravo for not doing the facebook twitter thing.
Assuming your goal in giving away these 10-20 books is viral marketing, you might want to focus on influencers.
You could, for example, look for people near you (e.g. friends of friends) in your social network of choice (LinkedIn, Twitter, Facebook, G+), sort by people who have a lot of followers/readers and get retweeted/shared at high rates, make sure they are widely dispersed (not all friends of each other), then give them the books.
And, I hate to say this because it seems unfair, but you might want to limit to US only, primarily to minimize shipping costs and maximize sales impact.
Have a short story contest where you'd have to write about the security implications of storing food in a refrigerator, or some other mundane activity where you'd like to keep some people out but give other people access.
There might be a way to appease your publisher and still touch into social media. Think about introducing a security related contest like many other people have suggested above, but instead it the medium in which to run it should be say tweets, limiting the # of characters (this also limits your contest a bit but you may a few interesting/humorous/creative results)
I do think your impact on a more social media aware audience is meaningful, it reaches a demographic (my own 18-35) more easily influenced than entrenched parties that are more resistant to change. It will help shape the discussion in the future and builds a base of individuals with a better understanding of security related topics, and specifically since it targets more general audience, which this books is looking to reach, you'll get a wider amount of readers from different backgrounds hitting a contest in the social media realm. I think its certainly a better suggestion than just "liking" you.
Give a few as awards for additional contests and for the rest take everyone who has commented this year to the blog, weight them 1-10 based on number of comments and pick randomly.
Give the free books to people who are interested in making good use of it to help make our cyberspace safer.
How about a simple riddle? Not a huge crypto deal, but a simple riddle that takes more common sense to figure out than it does mathmatical & analytical skill. You could drop a few clues on your site in locations that are so obvious no one will ever find them. This kind of fits with the whole "The truth is right in front of us if we just choose to see it" mantra.
Give them to the top 0.1%. Nobody loves them.
How about giving away a copy of your book to people who post your book cover on Social Media and most people like it and post comments. This would bring up interest in your book and also increase awareness of Security Issues.
How about giving away a copy of your book to people who post your book cover on Social Media and most people like it and post comments. This would bring up interest in your book and also increase awareness of Security Issues.
How about the old pick a number from 1-10? Allow a few days to receive entries and instead of 1-10 maybe 1 -1,000,000? just need to come up with a easy way to enter the data so it's programmatically summarized. KISS right? Simple and stupid works best.
Give to those that submit the tastiest squid recipes. Then I'll have a decent chance at getting one.
I agree with many of the other people--despite many suggestions, there aren't much more "fair" ways of distributing it than random. I'd say to have a window for entries--say 2 days or so--and randomly choose winners from the people who respond within that timeframe.
Create a chronological list of all the posts to your blogs over the years, number them sequentially, then pick the first 10 or 20 entries that are prime numbers. If you can't contact a winner, then select the next prime number in the series to replace that winner, and so on.
Just let me choose for you and quit worrying about it!
Here are some suggestions (you might combine them):
1. Donate the available books to some schools of your choice. Probably the best way to ensure they get read as much as possible.
2. Sign them, then auction them on Ebay. Donate the profits to an organization of your choice (school, OpenSSL etc.)
3. Use them as extra incentive for the security conferences you're attending (i.e. one signed book for the best question from the audience).
A copy to Clive ... but with the condition he has to write a review. I think we'd all enjoy reading that, and it could be published (Amazon, dead-tree press etc.)
Send another copy to Ross Anderson, and ask him to set his security engineering class to writing critical reviews which also suggest the next areas of research based on Liars and Outliers. Publish these (like Ross' paper on crowdsourcing the UK national lottery).
Repeat for other interesting groups: NSA, TSA, Stanford U., Harvard U., Chaos Computer Club, IBM Research, Microsoft Research, Royal Holloway London. But remember they have to promise to publish the reviews and the suggestions for next steps.
Disclaimer: I've already got a copy on pre-order from Amazon so (kudos aside) I don't actually need another one.
3 Words..... Wet T-Shirt Contest!!!
Give away some copies to people who emailed you tips that you liked and blogged about.
Give away other copies to people who do something online to promote your book - I see a few suggestions along those lines above.
(Forgive me for not reading all the other comments, but I wanted to give you my unvarnished thoughts)...
Hmmm... Not necessarily everyone who reads the blog would be a good candidate to get a copy of the book - because some simply don't have the time or more detailed interest to read it... You want to give out the book to people who will read it, not to those who will just put it on the shelf unopened. Your winners should ideally share what they have read across their organizations or circles of associates, even if they are not writing formal reviews.
This suggests that you should award books to people who actually ask for them (not a random drawing from everyone who reads the blog) and will commit to sharing their experience reading it with others! You probably also want them to let others read their copy too - since what you and your publisher really want to generate is more "buzz" about the book - that this will accomplish.
A random selection of people who have asked for it is probably pretty fair, otherwise you'll get people writing in claiming that they're hugely influential in some context - without any way to verify any such claims.
"Why would you like a copy of the book"?
"Who will you plan to share your experience reading it with"?
"How fast can you read it and share it with others"?
O.K. - the last one's more of a joke - but you get the idea!
By the way, I'd love a copy of the book, will share my experience reading it with everyone I know (including my cat), and will read it quickly and share it with anyone who would like to read it too! -:)
md5 the book. md5 the comments. sort alphabetically. 20 or so closest comments to the book's md5 wins.
I think the only logical way to give away free copies of your book is to give it to TSA screeners while you travel. Then, when you come back through the airport, ask them what they thought.
@k: I bet he finds an actual collision :-P
Hand them out to people in the first of the fibonacci series...
How would you send a book to commenters of this blog if many of them intend to remain anonymous? BTW nice way to build an email list of security concerned people
We have to deserve this honor, for example, Bruce can submit an exercise and the best of us win. We will demonstrate our big interest in the crypto domain.
I think you should give a copy to everyone named Bruce.
Take a spin off Bitcoin mining: Salt and hash the comment, if it beats the difficulty you set, send them a book. Increase the difficulty at some predetermined rate as you move down the list of comments.
Warning: This could cause extreme spamming of the comments...
First 20 developers that create games which involve flinging the books at politicians. ;-)
This is the best approach ... and it involves liars, and outliers, and maths (from Bruce's past). Perfect!
-People enter by submitting two numbers, each from 0 to 1, each to a maximum of 5 decimal places.
-Bruce lies :-) because he's not interested in both numbers, so he'll ignore one - leaving just one number per person, but he won't tell you which one he;s going to delete.
-He will then calculate the average of all the remaining submissions, and take 75% of that
- The 10-20 people who are closest to that number will win the book.
This creates an outlier effect, because everyone knows they need to be near the '75% of average' so they are trying to guess others' entries and be even lower than that, whcih in turn pushes the average even lower.
Slightly more complex than previous replies, but I think mathematically interesting. IMHO.
Start a project on kickstarter to produce a book on computer security for kids, or somethign else that is fun and useful and that you would be excellent at. Give away a copy of your current book to each person who pledges 100 dollars or more. If you are feeling generous, give everything over a certain amount to Change Congress. That should get some google fu.
A challenge? Create a security related problem, set a date a couple of weeks in the future, and reward the most creative/most interesting solutions to the problem posed.
I think you should send the book to whomever really wants one and who is willing to donate the actual book cost to charity - as it is nearly Christmas.
I would really like a signed copy of the book please and will donate to charity the cost of the book (e.g. Wounded Warriors Project or Salvation Army).
How about we admit to the security failures we've had a part in, and you pick the best (worst) 10 or 20?
Give it to people that work probono (IT services) helping charities or similar entities.
Both GoodReads and LibraryThing have programs for distributing ARCs (and even copies of the published book) to readers who are then expected to provide a review. These are avid readers who are committed to interacting on those sites.
So, if your goal is to obtain feedback from "regular folks," those are by far the best options. Subsequent posting of the "contest" via social media would ensure word got out.
The advantage to using these two social media channels is that those who participate are from a broad spectrum of lifestyles and careers. The one thing they have in common is a love of books and of sharing what they read with others.
The best way is write down the names all ones who made a suggestion or maybe just the numbers.
Give the list to a 4-6 year old child.
Ask them to pick out however many you want to give away.
You won't get any more random than that.
Give them to people who post under the best screen names-- names the accurately depict our current, political, socio-economic and "security" culture.
Starting with me, of course.
Hi Bruce, it's Chris Carhart here, the new Digitial Publishing Coordinator for Wiley up in New York city. Sorry to ping you through your blog, but I've only been here a month and the IT guys are having a hard time setting up my access. I'm trying to schedule the French translation of Liars/Outliars here with our near-shore team up in Montreal and I need to get a digital copy ASAP to get them moving on this. Email me at the above. As you know, the holiday period is approaching and timelines are tight - need to maximise the reach for the Christmas period. Being the security conscious guy you are, you can call me on my NY number*: 1-900 123456
- Chris (not)
* backup premium rate scam answering machine
If the book is to live up to its name, you need to give the copies to liars and outliers. Which means you should ignore what you said about the distribution and keep all the books yourself.
Place the books in a suitcase and abandon it on a street corner. I suppose Boston would be the best place to do that.
Hey, it´s cryptogram, how about a little cryptographical puzzle? not so hard, not so easy, a little above a codifier ring.
My best regards to all readers and merry christhmas and happy new year.
Judging by the number of comments in just a few short hours, any subjective method will be a logistical challenge. So, that is what I am suggesting.
Of all the ideas and comments (and there are some good ones), Steven W. Orr's impassioned plea for a free copy stands out. Not because of his economic plight, but because it gives us a glimpse at the perspective of someone who reads Bruce Schneier's books and it begs the question; "Who really does read this stuff?" Let's face it, the target demographic for Liars and Outliers is not those who understand how to implement a tweakable block cipher.
Here is my suggestion:
Let people give you examples of the perspectives of your readers.
Then, to mitigate the logistical nightmare, give books to the first submissions, or the best submissions until you get bored, or a random sampling of submissions. Then post the submissions so that we (your readers) can see where we fit.
This solution gives you complete control (well... it might feel like control). It gives your readers a glimpse of each other. And it gives the publisher fodder for the first few pages of your next book.
Most importantly, it gives me (and to be fair, Steven W. Orr) an advance copy of the book. (I can buy one when it comes out, I just don't want to wait).
drop them from a helicopter
A quick search of the comments so far lead me to understand that no one has bribed you with beer. I have 4 delicious Winter holiday beers all bottled and ready to be shipped.
Create a "secure" web page and give a copy to the first person that hacks it, with a specific start time...hackers generally don't care about time zones and you can get a start on your next book.
What about this. Of all the people named as subscribers to your newsletter, use a simple random number generator based on clock timing pulses to pick each name out of the database, storing the order in which each name was picked. So it would go (1) Jones, (2) Allen, (3) Wurz, (4) ... etc for example.
Then, having stored all these original names' orders, do the same thing again from the original database list, but with a different number order, but this time without having to store the order, just check to see whether a name and number in this iteration are the same as in the saved list.
E.G. Second order :(1) Smith, (2) Davis, (3) Stein, ...
If they are, then decrement the counter by one from 20, remove that name from the pool and continue until the counter reaches zero.
Statistically, you are very unlikely to pick out the same name at the same position each time, although this will eventually happen, thereby providing you with your list of twenty people who have been touched by the hand of providence.
What's your favorite related charity? Offer copies to people who make a contribution of at least .
Why don't you give it to the people who had the most valuable comments when you were soliciting feedback on your choice of title for the book?
In the spirit of The DailyWTF, and as mentioned above, collect anecdotes from people on this blog who already "get it," but have something valuable that you can add to a speaking tour for the book. This makes it easier to promote the book and encourages folks to come and hear unique twists no one would know unless they read thousands of comments per week. Submitters could post anonymously, but would need to leave a valid e-mail by which you could contact them further, even if the mail drop was hotmail/GMail.
The contestants write stories, songs or poems or anything like it about security.
Here's some non-random selection methods:
You publish a random quote from the book. The best guess about the context wins one.
You publish a random quote from the book. The funniest guess about the context wins one.
The best story about (legitimately) bypassing some security measure wins one.
This could be about how you got in your apartment after locking yourself out, getting that transfer through that your bank blocked for no reason, how you bypassed your own computer firewall after forgetting your password, etc...
The best suggested security measure for whatever wins one.
It could be your method of locking your bike (I have three locks and always locks both wheels to the frame and the whole thing to something that can't be moved), a way to keep your computer safe, how to transport a billion dollars, how to do this contest without revealing the identities of the contestants and yet getting the books to them, etc...
The best song wins one.
The best fictional security story wins one.
It can be strange, funny, clever, anything else or all of it at once. Considering the average reader here, I guess it'll end up being a Sci-Fi story.
The best suggestion for how to socially engineer you to get a copy wins one.
The best motiviation for why one need the book wins one.
This can be anything, such as for school work or if you're aspiring to be the next Bruce Schneier.
The best description of how one will use the book wins one.
Teaching the CEO about security?
The best description of how to randomly select a winner gets one.
The person who makes the best suggestion for who needs a copy wins one.
The TSA? Sony CEO's? Somebody else that were involved with failed security? The best motivation wins.
The funniest story about how the staff involved in a security breach must have thought wins one.
"Red alert? Meh, we get those all the time, it's nothing. There hasn't been any explosions yet."
You pick one story that you really like. Pick any way you want, as long as it's not just randomly. Maybe one that made you laugh or one that's really interesting.
So, that's 13 non-random suggestions. A very fine prime number, although many people irrationally fear it, as if it was the cause of many insecurities itself. :)
Now, here's 7 random methods - another very fine prime number - that you can use:
First of all, you select +20 entries, obviously, for the ones where an entry is selected randomly from the contestants.
This guy picks one: www.geekologie.com/2011/12/skills-lizard-playing-ant-crusher-on-sma.php
Just make an app with a list of entries (flies can represent entries), and get him to pick one.
A squid picks one by the same method (also touching one entry on a touch screen).
Generate a hash tree at random, the type where one hash matches many entries (just generate random bits).
The first email adress among the subscribers of your news letter that match it wins one. If there's no response, try another address. If no email matches or nobody responds, you generate a new hash tree at random.
Put one in a locked box, put it in a public place. It could say "Bruce Schneier's latest book inside, first person to open this box gets it" on it.
The box should have the strangest locking mechanism you can find. Make sure plain brute force is too hard to be worth it.
Print them all on pieces of paper (only the good entries). Put them on the floor in some large place. Throw a rubber ball in there, the entry it stays on or stays closest too wins one.
Assign random numbers to all entries, make sure there's no collisions. Ask a stranger to say some random number. If the number doesn't correspond to that of any entry, try again. The entry who's number is selected wins.
And of course, the best suggestion for how to do it randomly is used. The person who is selected that way wins.
Post an online contest for it; Make sense of a 16x10 grid of 8-bit hexadecimal numbers to figure out a password, and then develop virtual machine to execute code that would lead to the final page; and see who can clock the shortest time it takes to solve it with a Google search. (GCHQ did!)
How about "freeing" your copies instantly by using and registering them via BookCrossing (http://www.bookcrossing.com/)?
So you could leave them one by one simply at some places you visit and distribution does not require you anymore to select people.
Further doing that you might reach people who are interested, but would have not come across your work the "usual" way.
Send Bruce a number by a time that Bruce specifies (gives every time zone a chance to participate). Bruce will hash that number with an algorithm and salt that he will reveal (to enable verification) after the deadline. The resulting hashes will be sorted, and the highest n will receive a book.
It's sort of like the lottery, but with cryptography! :)
Create 20 disposable email addresses related to the book in some way.
Drop 20 clues (timed to not discriminate for timezone).
First mail at each e-mail address wins.
By the way, you never mentioned if they were physical copies or e-books. I assume physical but...
To promote your book, why not have whoever can promote it in some significant (non-fb/twitter) way receive a copy? Use a coupon code and whoever could refer a certain number of people to preordering the book receive a book for free?
I would love a copy!!! I have been following the blog for a long time now, and would be intrigued to see if the book can aid my thesis research.
Your book is about trust - Give the galleys to those who best demonstrate that they trust YOU.
Step 1. Publish a paypal "pay" link and a "transfer amount" - say $1024. First 20 who "transfer" you $1024 get a book, but everyone who submits payment gets their money refunded - except no guarantees. If money is "transferred" but nothing is "sold", paypal has no transaction fee.
Step 2. Next day, if books are still available, drop "transfer amount" by factor of two to $512. Continue until books are gone.
Oh, and step 0: consult a lawyer. And talk about it with Paypal ahead of time.
By starting with a fairly high "transfer amount" (not "price") you should keep the number of transactions small enough that this wouldn't be a lot of effort on your part, and the whole process would give you something interesting to write about. Maybe generate some "buzz".
Best way is to give it to those that deeply appreciate it. You could start with me. Cheers
Have we done a "Security Theater/Theatre" recently? Those are always fun and a great way to do a contest. Otherwise, a "guess which number I'm thinking about" with 10-20 numbers in a given range would be a fun test in brute force (obviously this would require some limiting factor on submitters or a single brute forcer would get all 10-20 copies).
I liked the postcard idea. Pick a date that you have to receive them by and then choose the pictures you like best from the cards that you've received.
Set up a random number generator. Take the output, convert to the nearest GPS coordinates. Set up an air-drop, post the date and time of the "delivery"... then we can fight over it when it lands :)
First "X" people to convince the legitimate winners that there was a prnting error and the books need to be returned and would later be exchanged?
I liked the postcard idea. Pick a date that you have to receive them by and then choose the pictures you like best from the cards that you've received.
(BTW, my first attempt to post resulted in:
Your comment submission failed for the following reason:
Publish failed: Renaming tempfile '/htdocs/www/blog/archives/2011/12/liars_and_outli_1.html.new' failed: Renaming '/htdocs/www/blog/archives/2011/12/liars_and_outli_1.html.new' to '/htdocs/www/blog/archives/2011/12/liars_and_outli_1.html' failed: No such file or directory )
I hope this hasnt already been posted but how about Crypto Challenges? :)
FEATS OF STRENGTH!
Dec 23 is right around the corner.
an essay contest. have entries of no more than x number of words written over a topic in the information security field, something current and nothing can be used/referenced from anything you have already written. this way those who enter can still write over anything relevant, yet still writing entirely in their own words.
winner is the one who best demonstrates their idea of what happened and a solution across.
I don't have any fancy schmancy ideas here...I know you'd give everyone a free copy if you could.
I propose giving it to the reader whose organization has the most skewed view of security and who needs it the most.
I'm a DOD contractor - I win hands down. This book will be mandatory reading for my entire team.
Have someone stand outside the White House gate and hand copies to the White House staffers as they enter.
Give the copies to small-town libraries so that more than 20 people can read them.
I like the time-zone distribution - it seems easy enough to do. A short script should give the winners. Contests are too time-consuming. 24 copies is not much of a stretch.
But which reader from each time-zone? Qualifiers should be subscribers to crypto-gram - that seems obvious.
Earliest cryptogram or blog subscriber from that time-zone?
Facebook member likes you?
Crypto community members - maybe.
First, 10th or 24th (or last if less than 10 or 24 from a single time zone, which seems not likely).
As for me, I'm putting it on my Amazon wish list.
Capture everyone's email address, hash them with Skein, and sort the results numerically. Those with the lowest hash values get the copies.
Send the following email to everyone who subscribes to CRYPTO-GRAM:
If I gave you a free galley copy of my new book, Liars and Outliers, would you read it within 30 days and complete a 1-page questionnaire?
Choose randomly among those who respond in the affirmative.
Have people take pictures of poorly implemented security measures within their vicinity.
You can give a copy to my little girl - so she can give it to me as a Christmas gift ;)
Give them to Professors who teach information security topics.
I think the best way would be to only give a free book to the the people who don't post the best way to give away free books.
Give a copy to the N folk that turn in the most artistic drawing of paper currency in the amount that would have otherwise been required to actually buy the book.
You would then have some real-life artwork that would be suitable for framing.
I'd suggest you give them to the people who can
a) tell the biggest, yet statistically probable lie
b) tell the most statistically improbable truth.
I like the "liars/outliers" themes suggested by some, MythBusters style take somethign that on the outside seems probable, but when you look at it, really is just the statistical outlier and isn't really all that likely ("Probable" or "Plausible" in MythBuster-ese)!
Good luck finding worthy people to give copies to, I'll buy one either way! (One HECK of a response to this one too!)
on a serious note, i think you shud giv away first few copies to your readers across the world based upon the different regions they belong, so that u get unbiased feedback from all regions of world
Use two methods: GeoCache + Random
Place half the books around country (or world) and publish their geocached locations hidden within the security puzzles of your choice. Anonymous readers get a chance at retrieving a book without ever posting. Requires both skill and luck.
Randomly give the other half to non-anonymous commenters to this blog. Interested, but possibly non-expert readers, get a chance at winning just by "showing up".
CML should win!
Your book is about trust - Give the galleys to those who best demonstrate that they trust YOU.
Step 1. Publish a paypal "pay" link and a "transfer amount" - say $1024. First 20 who "transfer" you $1024 get a book, but everyone who submits payment gets their money refunded - except no guarantees. If money is "transferred" but nothing is "sold", paypal has no transaction fee.
Step 2. Next day, if books are still available, drop "transfer amount" by factor of two to $512. Continue until books are gone.
Oh, and step 0: consult a lawyer. And talk about it with Paypal ahead of time.
By starting with a fairly high "transfer amount" (not "price") you should keep the number of transactions small enough that this wouldn't be a lot of effort on your part, and the whole process would give you something interesting to write about. Maybe generate some "buzz".
Your best 2 options are:
1. Just pick a random comment here - there are so many already sifting through them's going to be a nightmare.
2. Have a quiz/poll/one-question kind of multiple choice related to security/trust/etc. and give copies away to a random person who gets it right. You could do a question or two a day or something, so that system would work for all X copies you'll be giving away.
PS - I love that you're not doing the Facebook/Twitter thing... it would be a little too ironic to award people for using such 'insecure' and anti-privacy systems like those for a security book.
Set up an Internet Scavenger Hunt.
At the end there would be a form to post your name and email address where you could get mailing information to send the book to.
I like both WDS and Greg's responses...
WDS's involved picking the best suggestions from all the blog posts about the book. I suggest taking the same set but picking at random. All of the blog posts about the book (previous to this one) and then randomly pick a comment.
Another alternative (inspired by Greg's idea) is to use something similar to panopticlick.eff.org/ and give it to people with the most identifying browser characteristics.
I suggest RFC3797:
This idea is that you publicly announce a future source of entropy, determine and enumerate the candidate pool, and specify the algorithm for applying the entropy to choose the candidates. It will be completely random and verifiably above board.
If you want your selectees to have particular qualities (i.e. have written a book review before), you just need to select for that quality beforehand when developing your candidate pool.
1) Auction with the price as a donation to EEF. Winners are not highest bidder, but randomly selected from the pool of entries with the chance to win proportional to your bid price, and you pay the price you bid if you win.
2) People post a note about the book on Twitter, Facebook, G+, etc. They submit the URL for the post, which must be public. A parser could make sure the book name appears in visible text, and randomly selects winning entries using http://www.fourmilab.ch/hotbits as the random data source.
P. S. I also like the pictures of poor security idea, and the skein hash idea. Tweak on the hash choose N hash schemes [N=number of copies], one winner per scheme. Tweak on the 3 words: 4 words: Wet Squid T-Shirt Contest [pedagogically: is that 4 or 5 words?]
Next time you fly, put them in your checked luggage. On each book, put a stickie note on it that says "Thank you for being an important part of security theater! Enjoy this free book!"
Random selection from those who subscribe to your CRYPTO-GRAM newsletter.
Good try at getting my address Mr. Schneier, but you are going to have to do better than a book give away.
If you want to show favoritism towards those who comment on your blog, then use the number of blog entries as a criteria.
If you want to give the book to people who READ your newsletter (as opposed to receiving it), and are interested in the book, then pick randomly from those who reply to a blog directly related to giving away the book (like this one).
Or you can pick randomly from those who receive your newsletter.
Or you can give them to your favorite bloggers.
Congrats, and good luck.
The best way to give away free galley copies of Liars and Outliars is to hold a contest where you ask for the person who can come up with the best way to give away free galley copies of Liars and Outliers and choose the answer which suggests this and refers to itself. ;-)
Give them to the people who have the most books. I've got about 1500, although I suppose you're taking my word there. Have people send you pictures of their bookshelves.
Thanks for not asking for "likes" or "tweets." I always find that shameless and tasteless (almost as much so as Facebook and Twitter themselves).
Regarding the books; Drexel University has one of the first really high quality Information Security majors in the country. We recently hired a grad of the program, and he's been outstanding and had a reasonably developed security mindset from when he started.
I say up the # of books a tad, and donate a whole set to Drexel's current InfoSec class. If that's too much $$, make them Kindle books, I'm sure they could work with that.
PS: I'll pay 20 bucks for it personally.
I'm not a loyal enough reader to merit a free copy, so even if I win, please give it to someone else.
I do enjoy your site, but I assume by now you have a set of enthusiastic and helpful commenters who have enhanced your thinking on security. You probably already know who they are, or could come up with a reasonable set of names based on their prior contributions. This is the group that would appreciate and deserve free copies.
While this isn't exactly a way to give away copies, you may want to consider trying to get your book "banned." That would do more to insure brisk sales than anything else...
Create a cryptographic hash function based off a well-known existing one. Tell everyone what the original hash function was. The first 10-20 people who can submit a string whose hash begins with as much of a substring of DEADBEEF as possible win the book copies.
Every day put 100 random strings through the hash function, and publish the inputs/outputs.
Run this contest for a couple of weeks.
At the end of it, give out the books.
Clearly some people will just win randomly, like their input string will hash to DEA0F7. But others will figure out how you've modified the hash function and modify theirs similarly, and thus be able to do a brute force "attack" on it, generating strings that hash to DEADBE5G. Those people will pretty much be guaranteed to win a copy of the book.
Also, the person who comes up with the most creative excuse about how they have a string that hashes to DEADBEEF but can't prove it wins a copy of the book for being a good liar.
Give the book to the people that can guess the number of times you have written the word "terrorism" in the book. Those first 20 who can come close, gets a copy.
How to give a challenging task to be solved. First n who provide a solution will get the book.
Free Galley Contest Entry: 10 to 20 days of Lairs and Outliers
The fairest way to distribute these priceless artifacts, to infosec enthusiasts, who would truly appreciate them; select the single best comments for 10 to 20 blog posts which is on topic and progresses understanding through concise creativity and profound understanding.
As an author, food critic, renaissance musician, you would obviously be the best judge, or panel of security nerds.
1.- A person who is author of a security-blog and maintains it regularly.
2.- Has read 2 books of Bruces (picture w/ the book as evidence).
3.- Has written at least 1 comment in the blog of Bruce per month for the last 3 months.
4.- Receives the Cryptogram in his email inbox.
Well obviously the best way to give one away is mail one to an address that happens to be mine. :D
I am glad you decided against a Facebook giveaway, not only Facebook is a privacy abusing company, it also encourages people to put out their personal details on the Internet as if it was nothing to worry about, not to mention that some of us do not have an account.
Regarding the give away, my idea would be to get people to post one security tip on your blog with the understanding that if chosen, it can be reposted by you on your next book, this way everyone gets something for something, including you.
Each person wishing to stand a chance sends in their best home-made cupcake or brownie. The 20 tastiest win their creators a book, and Mr Schneier finds it's about March before he needs to buy anything cake-like again.
Give a copy away to people who are able to "acquire" a digital copy before publication date ;)
Yes, I'm aware of the irony.
Set up a sign up sheet on the internet protected only with security standards from the year 1999 or some clever security loophole. the first folks to hack in and sign up win one of the nine or nineteen books. I'm looking forward to contrasting this book with Fukuyama's Trust.
You should give one to whoever makes a curt analysis of all these suggestions.
As for me, not to worry, Eve can get me one.
Hopefully this hasn't been mentioned before, just too many comments to read! How about giving out the copies to the top 20 people that have subscribed to your newsletter the longest?
Reward the19 shortest plausible explanations of why they deserve a free copy. Set a cut-off date, sort by size and read down until you are happy with 19 submissions. Delete the rest. Done like dinner.
Idea submission: Hold an auction (ebay?) with all proceeds going to the EFF or your other favorite digital freedom fighters.
This is obvious; you need the best product placement of your book in either a security movie plot or in a proposed piece of security theatre:
Jenny had not long joined the kindergartern protection group; set up in the wake of the self engineered flu virus scare, the group was able to reach any location in the 48 continguous states within 20 minutes; they carried with them a self replicating machine detector; 10 tonnes of heavy weapons and a copy each of "Liars and Outliers"; Jenny reached for hers now. This mission would not be easy. The nursery teacher they were going to arrest had been a member of the "Occupy" movement before they had been crushed in '22; had spent years in a camp withut any proof of having reformed and would be well versed in the arts of deception. She couldn't understand how such a person could end up in charge of the most vulnerable children. Maybe Schneier would give her a hint; a year of their basic training had been spent studying it, but she still found new things in the text every time she opened it.
P.S. My entry is in for both possible competitions.
P.P.S. If you read through to this comment you are my hero; even if you don't give me the book :-)
I recommend you give them to those who comment regularly and add meaning to the conversation here.
I post every year or so, but I do read the comments. You've got several devoted commentators who deserve it, and even I can figure out who some of the would be.
When I've had copies of my books to "give away", I've done it only under certain circumstances:
1. Talks on specifics. It is good to reward people who actually *bother* to come to see you discuss a technical issue of interest. I've done it for OS kernel and datacenter issues.
2. Students who do work in the field. Now, I know students don't rate high on the marketer's list, but students can rarely afford such a book. It cultivates a loyal following.
3. A few times, I've had someone submit code that is really great. And they got a book and a thank you.
Congratulations on your latest book.
Ask readers for a title of your next book?
It would be good to give away books to those comments you have enjoyed or found useful over the last year ?
My proposal for how to give way and ecopy of draft copies of your new book is to use MerlinEZ (I will give you a code to download a free copy) to encrypt it.
MerlinEZ requires a CryptoFile, which is any type of file. MerlinEZ will automatically choose what part of that file (up to about 1Mb) to use as an encryption key.
Then you notify the recipients of where the CryptoFile is by placing it on a web site of your choice where there is no link to it.
Then contact each and recipient tell them the URL which will download the file (a picture a sound file, a spreadsheet, ...) and save it.
The last step is for them to download the free MerlinReader decryption program to decrypt the encrypted book draft using the downloaded CryptoFile.
To send people the link to get MerlinReader go to:
Please may I have a signed copy of your new book? Thank you.
Now just tell everyone you gave me a copy (or not) because I asked nicely. Then, sell as many as you can and give away as many as you want however YOU want to! That's it. You don't need our help. It is interesting to see all the comments though isn't it!
Now, the question is if Bruce is actually going to read all these comments, or if he'll pick a winner from the first 100 or so in the hopes that the best ideas are near the top...where nobody had time to think.
Step 1: Ask anyone who is interested in a free copy to email you (or, perhaps, submit via CGI form) their full name and mailing address.
Step 2: Generate a cryptographic digest of their name / address information.
Step 3: Perform some sort of operation on the digest, such as reversing it, slicing it and re-combining it, etc. (Save it as a unique key for the name / address record.)
Step 4: After all entries are received, ASCII-order the unique key (modified digests). First ten in the list get a free book.
The contest should be won by the first person to offer to buy you a beer the next time they see you.
Bruce, the next time I see you, I'd like to buy you a beer.
Perhaps you could save them for the first N people who sign a message to you with your private key. At least that way you could ensure that a few people at a couple of English speaking governments' security services read a book on how to do security properly.
Ask people what they expect from the book. Use the best ideas for your next book and award these people :-)
Random draw from Emails on your mailing list? And then use Michael's idea, they have to Email you back with your private key :)
Send it to a house judiciary committee. They are *really* good at coming to intelligent conclusions with no delays.
This is my idea: Make a little game with all the books that you are giving away. Put a small table on the first blank page of the book, so it has Name + City/State/Country + Relationship to the next person.
Now, give the books to 10 random people to read it. They should put their data and then pass it to someone whom they "trust", but not necessarily they "know" (this shor instruction should be also on the book). After, say, the 10th reader, he/she should send it back to the editor. You, when you receive the books back, could see how the people trust each other in real life, even to recommend reading a book they would probably not take it in the bookstore....
I recommend figuring out a way to get the addresses from anyone who wants to participate and then include everyone.
Everyone registers their email address in an online document (use throwaway ones!).
You grab the first x based on random sorting (matching the number of books to distribute).
Those people get sent books (email for phone number, someone then speaks and gets address).
Those people get the book, sign it and add location and date, read it then find the next willing recipient in the online doc and send it to them.
That way, the books get to travel the world and we spread the love. We can also track which books get to where.
Yes, some finer detail is missing but that's the gist of it :)
I'll be buying one from the place where you get the best kickback btw :)
Send the book to the person who can find the largest amount of security flaws in your website!
Has anything else received as many comments as this? Maybe the copies could be distributed thus ...
5 one-time commenters chosen at random.
5 likely supporters whose opinions you respect
5 likely dissenters whose opinions you respect
I think you should give away copies of your book to the people who can best humorously comment on your photo on this blog.
You know, the one where you are trying to impersonate Fozzie bear.
Do something cool and challenging like the recent GCHQ challenge.
First 19 people to solve the puzzle win a copy of the book. Give 10 days to solve the puzzle.
This may be a duplicate as I gave up reading about 1/2 way through. Obviously the offer of a free copy is a massive incentive.
There are a few participants in this blog's comments who regularly post insightful useful entries. You know who they are. I suggest you just pick the people who's comments you look forward to reading and send them a copy.
Let people guess how long it is (pages and/or words and/or characters) and give it to the X closes guesses.
Or let people guess how thick the book is or how much it weighs.
Use a random draw from readers with a valid .edu address.
Want to give away 10 books
Hash the email address of anyone requesting a book. Compare the resulting digest to a hash of something from the book. The closest matches get the book.
As a variant on the Security Theatre poster idea, ask for submissions for a Security Theatre (or similarly themed) T-shirt design for your loyal readers.
Reward the best designs with galley copies of your book, reward the rest of us (and keep the publicists happy) by submitting the best design(s) to Threadless.com to make and sell the T-Shirts.
If DefCon, 2600 and Black Hat can all have cool shirts, so can we. Heck, I'd buy one for each of my Dev staff.
Liar detection is hard to automate, so I suggest picking outliers. Send books to the people who have posted the most number of comments on your blog, but have NOT posted in THIS comment thread. It should be a fairly easy query to write.
Obviously this excludes me on both criteria, so if you take this suggestion you get a bonus paradox!
Put out a call for "the best way to give out a free galley copy of Liars and Outliers." Discard the most common responses and take only the really ludicrous responses. (The outlier responses, if you will.)
To that end: give away free galley copies to individuals who post to YouTube videos demonstrating how far they can throw Marshmallow Peeps shaped into little squids.
| ~~~~ : ~~~~ | Books are good!
| ~~~~ : ~~~~ | I'd like one of yours.
| ~~~~ : ~~~~ | Please.
| ~~~~ : ~~~~ | Thankyou.
| ~~~~ : ~~~~ |
Use a scheme that requires geocaching to find a copy. If you are the first one at the site, you must leave a book of similar type and value. Each person who finds the site(s) takes a book and leaves one.
Give the books away to those subscribed to your Cryptogram mailing list the longest. Reward loyalty. Chances are these people have bought all or most of your books, etc.
Since I published some books myself, self-publish via CreateSpace to be more precise, I couldn’t help, but to response to your call for suggestions.
I found that from all the books I gave away, only a fraction was read and appreciated. Actually, after some time I felt that my intention could be misinterpreted as a pathetic strive for some publicity.
In your situation, I would ask the readers of your Crypto-Gram, if, and then why, they find the subject of your book interesting. From the received replies I would draw randomly and every copy of the book I would sign. In the wording I would try to include some specifics from that particular reader’s submission.
At this year’s ending, I would like to thank you for sharing with us your knowledge during the last year and for all the issues of your Crypto-Gram, which are very much appreciated.
Wishing you all the best in 2012,
How about sending them to your relatives :)
1) Let 'n' be the number of copies you want to give away;
2) Let 'L' be the number of received messages;
3) Merge all the received messages in one file;
4) From the file in step 3, create 'n' files with a text message 'n' appended to each one;
5) Let X[n] = MD5(file(n));
6) Let Y[n] be the 2 leftmost hexadecimal digits of X[n];
7) Send copy n to the message Y[n] mod L;
Give the book the those who need it most, by having a "Trust Issues" contest.
The contest: Contestants submit a
Give the book the those who need it most, by having a "Trust Issues" contest.
The contest: Contestants submit a less than 200 word description of a security violation they personally experienced.
(the open brace ate the end of my previous entry.)
Give a galley copy to the first person to prove they've already hacked the DB of Wiley and obtained an electronic copy of the book.
How about awarding copies of your book to the longest continuous subscribers to Cryptogram?
Meh... too much work. I'll just go out an buy a damn copy.
"Now, the question is if Bruce is actually going to read all these comments, or if he'll pick a winner from the first 100 or so in the hopes that the best ideas are near the top...where nobody had time to think."
I read your comment.
"The best way to give away free galley copies of Liars and Outliars is to hold a contest where you ask for the person who can come up with the best way to give away free galley copies of Liars and Outliers...."
The problem is that only gives away one copy. I can't think of a good way to make it recursive.
There was always the rumor that my professors graded papers by throwing them down the stairs. The ones that landed at the bottom got an A (having more momentum by being heavier, you know), on the first stair a B, and so on. Perhaps something similar would work for you. ;-)
"Just give them to the top N posters on your blog."
There are a bunch of variants of this idea, some with the added complication of sorting for people who make interesting and useful comments.
It's worth thinking about.
"Idea submission: Hold an auction (ebay?) with all proceeds going to the EFF or your other favorite digital freedom fighters."
I've thought about this, too. If I do it, it will be for two or three copies -- not for all 20. Choosing people solely based on willingness to pay doesn't seem ideal.
"As much as I think we're a deserving lot, can you PLEASE give them to the senior people in the DHS and TSA?"
Tempting idea, but these are galley copies. If I were to give copies of the book to senior government officials, I would wait the month and a half and give them final copies.
Seems to me the giveaway should be to whoever can fabricate the most outrageous reason for being chosen - both a liar and an outlier.
"Yes, that means the anonymous posters can't play but it's just a suggestion after all."
All solutions must involve those getting a book sending me their mailing addresses.
"I just think you're lying when you say that you're going to give away free copies."
Honestly, it's not worth the trouble to lie about it.
Wiley has earmarked 20 copies of the galley for the specific purposes of giving to blog readers. This is in addition to the copies of the book that will be sent to book reviewers. (And the galleys only have limited value; after the book is published people are going to want that one.)
"Give copies to the people who write the best impression of a Bruce Schneier blog post."
"Ask readers to nominate the persons they think contribute most to the community of readers of this blog, and award books to the top 10-20."
I like this. It's a way to award the book to upstanding members of this community without me having to go through the work of choosing them.
"visit Amazon, look up your other books' reviews and give them to the people whose reviews were marked most helpful."
Wiley already does that; that's not the point of these books.
"You already have the e-mail addresses for everyone on the distribution list for your monthly newsletter CRYPTO-GRAM. Just randomly select the persons that win a copy of your new book from that list."
There two problems with the use the Crypto-Gram mailing list solutions. One, it leaves out people who read me on this blog and not in e-mail. And two, I don't know whether a Crypto-Gram subscriber actually reads my newsletter. It might go into a spam trap, it might be a dead e-mail box, etc.
"You should give copies away based on the nice people that take the time to send you links to useful articles!"
Definitely a good idea.
"I feel bad for you, Bruce, having to read all these suggestions."
It's more fun than you think.
Yay, Schneier responses!
Here's some more additions to my previous suggestions (in case not all the ones I posted before was good enough):
The best description of the most insane security system (by any means) that worked wins a copy.
The best description of the most crazy just-for-fun not-actually-intended-to-be-used security system that actually worked wins one.
The first people to respond to Schneier's responses wins one. Oh, that type of selection were already ruled out? Huh, too bad for me. ;)
The best description of the most elaborate home-made security system wins one. (Has to be funny in some way.)
"Don't give any copies away, but say that you did (liar). Then, give copies to the first N people to call you on it (outliers)."
That's very meta.
Suggestion on how to pick recipients:
The goal seems to be to raise the bar by requiring opt-in style participation, but still require minimal work (e.g. not reading hundreds of limericks, unsolicited blurbs, jokes, etc. and judging them on merit).
I have had success in similar enterprises running a simple lottery:
a) create a disposable gmail account, e.g. firstname.lastname@example.org
b) over a 24-hour period, would be recipients email an N-digit random number (as subject), blank body, to that account
c) after 24 hours, enable filter to route "late" messages to trash
d) generate a winning number by preferred method; start winners list with top N of those who guessed that number
e) if you don't have enough winners, generate a second random winning number; repeat until winners list is full.
This method does require a disposable account, but with the anectodal side benefit that you can examine the distribution of guesses (very modal in my experience).
"Bravo for not doing the facebook twitter thing."
It's so tacky.
Slight improvement: in lieu of blank body in email, have people submit their desired mailing address for their copy.
That way, you have the addresses of winners on hand as you pick them.
"Give to those that submit the tastiest squid recipes. Then I'll have a decent chance at getting one."
What recipe do you have?
"drop them from a helicopter"
As god is my witness, I thought books could fly.
"Why don't you give it to the people who had the most valuable comments when you were soliciting feedback on your choice of title for the book?"
This is my favorite so far. It requires me to go back and read the 2-3 threads where we talked about titles, but that's not too much work.
"I liked the postcard idea. Pick a date that you have to receive them by and then choose the pictures you like best from the cards that you've received."
It is kind of a nice idea.
Or how about I ask readers to send me "three box tops," specifying nothing further about the nature of the box tops. Most interesting sets of box tops win.
Coming up with a way of deciding who came up with the best way of deciding how to determine whose way of deciding is best, is easy. Simply hold a contest to determine whose way of deciding who came up with the best way of deciding what is the best way to determine who came up with the best way to determine the best way of distributing the galleys, is best.
Repeat as often as there are galleys to be distributed.
That's a really interesting suggestion.
"Give the book to the people that can guess the number of times you have written the word 'terrorism' in the book. Those first 20 who can come close, gets a copy."
That's not bad. I could make the contest more complicated, by asking people to guess the prevalence of several different words: terrorism, outliers, trust, reputation, and squid.
"How about sending them to your relatives :)"
I think they'd prefer a real book rather than a pre-publication galley.
A contest to bring to light security issues distinct from but growing with modern technology would be better, I think. E.g., how to verify the identity of a supposed authority or individual, or how to avoid eavesdroppers and having your letters read.
These concepts permeate into every level of society, even if you've never seen a computer, though much more so if you have. Short Schneier-like posts could bring attention and perspective to modern manifestations that are not well known.
Not only does this generate relevant content for your website, but the contest and the content both help to engage the broader community, especially in the time leading up to and shortly after the book publication.
Place them in a locked room and publish the address.
"The best description of the most crazy just-for-fun not-actually-intended-to-be-used security system that actually worked wins one."
I don't know if I want to encourage Rube Goldberg-like security.
Two thoughts on the contest:
==  ==
Ask for people to write a convincing (##-word or less) essay/paragraph on whether they are a Liar or an Outlier.
I look forward to reading all of the "I'm a liar" entries to see how far people take them, and all the "I'm an outlier" entries to spot the liars that are just too accustomed to lying to admit that they are liars. :D
==  ==
Something to do with shared risk of a group - allow people to leave a comment saying "I want to be part of The Book Group ##", and if the number of people that have left a comment to be in Book Group 1 exceeds the number of books, then that group DOES NOT get the books. So, anyone that leaves a comment after you can sabotage the group. Whichever group comes closest to the number of books that you have left once you've donated some to the EFF or TSA or whatever is the winning group. This does have the risk of having too many groups being exactly the right number, but it also adds an element of group trust, and how easy it is to break it. Shared risk and all that. :D
"I don't know if I want to encourage Rube Goldberg-like security."
Well, the intention is that it would be obvious that it wasn't serious. Nobody would mimic that for real-life purposes except those that couldn't tell a goldfish from a shark even if their life depended on it.
I'd pick people that would agree to pass the book on after they have read it so there is some generalized reciprocity. If just 4.74 people pay it forward, perhaps even Kevin Bacon could learn about the relationship between security, trust, and society.
Another: The best description of the most hilarious exploit of a security system wins a copy.
I think the give away should be based on writing Haiku about Liars and Outliars
The burdensome few
Deficient lacking morals
I would say hand them out to people who get selected for additional screening by the TSA. You won't find a more devoted fan base anywhere I would imagine...
I think you should slip the books into the luggage of unsuspecting strangers at the airport.
It's fun, amusing, and a little bit subversive. I don't know if it would qualify you as an outlier but it might earn the book a little extra street cred when people find out/you get arrested... wait were these supposed to be reasonable ideas?
How about having people write their idea for the first line of the book and the one that is closest to the real thing plus your favorites each get a copy of the book.
There are lots of interesting ideas that involve randomness here... whichever one you choose, if you end up needing randomness I think you should use the TRNG at random.org to give their educational side a bit of exposure and to have fun using real randomness from the Actual Universe.
In the end, you're going to have to find a method you can feel good about having done, which probably involves your assessment of the community here and your relationships with the individual contributors (which, sadly, rules me out since I generally have time only to consume information, not add value here.). If you end up with more than 20 candidates, use random.org and write about it. :-)
BTW, so long as I have this comment form going, thanks for all of the excellent signal you add to the web. You improve the signal to noise ratio out here immensely.
The best descriptions of how to get tanks with live squids in them into the offices of CEO's with extensive experience of security breaches wins one.
Obviously you're an outlier if you try, and you're probably also a liar if you succed. Because seriously, who's gonna go ahead and let you put a tank with a squid in their bosses' office? (Unless you could convince them it's really hilarious enough.)
Bonus points for a squid that trained to squirt water on the CEO when he arrives.
Have people submit anagrams based on the title of the book, or your name, or something else of your choosing. Pick the entries you like most, for whatever reason. And share the submitted anagrams with us. That would be fun, and a little cryptic. Just a thought.
Well this is a popular thread! I think you should give them to the commenters who have, in the last year, given you the most inspiration while writing the book.
"Ask readers to nominate the persons they think contribute most to the community of readers of this blog, and award books to the top 10-20."
Problem is that it doesn't work for people like me who use a different name on every comment.
give them to a trusted resource, who can then distribute them for you...or you could just scan it and torrent it ala kevin smiths latest movie
Yet another: The best nigerian spam imitations wins. :)
I think that it would be best to give any free books to people who are definitely likely to read it. Most people hardly ever read books and giving a great book to someone who doesn't read it is like throwing pearls before swine.
So I suggest that free books be given to people who write a short passage about their thoughts on the subject matter so that they can really prove that they are interested in the topic and therefore likely to read and appreciate the book.
Send a copy to WBUR radio's OnPoint program.
Set up an electronic prediction market in which bloggers try to predict which bloggers will get books (allowing people to vote for up to 10 bloggers).
Give books to the 10 most highly voted for bloggers and the other 10 to the voters who made the best predictions.
After reading some and seeing the vast number of suggestions already given, it is clear that this offer is a substantial motivator. With all the submissions that come from a submission based process, it is reasonable to hand the decision process over to a properly motivated society/group of people. it is also desirable to have the results of the process further security in the most sensible way. Because sensible security is to protect the freest evolution of society, have the books go towards the best suggestions and/or implementations in this direction. Thus the entries need to be valued in how well they dynamically fulfill the balance of protection against destruction of created value while still enabling future creation of value (such as the arising of new leadership ) in any given living context. Let various groups of volunteers set up the website interfaces or other means to enable the participation of entry makers and decision makers ... the way they set up and run such interfaces can also be considered as entries for prize. The various groups can also evaluate each other in this regard. Then it can be interesting to see what kind of a consensus or divergence of evaluations arise... The groups that start with the book bonus motivation may well find sufficient intrinsic meaning in their endeavors to want to extend them beyond solving the gift distribution issue. The solutions may be become generic group distributive evaluation systems with a broad realm of application beyond security issues. They could be open source licensed or given as freeware. And the one who thought of all this should get one book for this initial thread. Thank you, it will be well treasured. By the way, it could be that you, Bruce, will win one of the books for your writing the book. And for you to receive your book in this fashion could indeed be of a special and ironic meaning to you.
Gonzo nailed it: "I think the only logical way to give away free copies of your book is to give it to TSA screeners while you travel. Then, when you come back through the airport, ask them what they thought."
This is the lazy man's approach. If you want to be sure it gets read, ask to speak to a TSA supervisor and then give the supervisor the book.
Better yet: ask the supervisor at the departing airport to autograph it and then give it to the checkpoint supervisor at your destination airport.
Bruce expressed interest in auctioning a few copies, so I re-iterate my "proportional bid auction" idea so that copies don't just goes the person with the means to pay the most.
1) Auction with the price as a donation to EEF. Winners are not highest bidder, but randomly selected from the pool of entries with the chance to win proportional to your bid price, and you pay the price you bid if you win. Some copies will cost a lot and some will go inexpensively.
[Or this: I figure each copy is about 300 pages and there about 20 galley proofs available to give away. By the time this thread tapers off I'll bet there will be about 6000 comments. I'm sure it is no coincidence the math works out equal. Send each commenter one page.]
They will offer copies to their membership & you can put whatever constraints on the give-away you want - most often it's to require at least a brief review.
Ask for small proof of motivation/interest, and distribute based on age (20 youngest persons), as for younger persons that could be greater inspiration to think and act in future. That could actually inspire their career.
Of course that would disqualify myself :)
The only problem would be verifying actual age, so some kind of physical book transfer should take place.
Well, after all these clever and funny comments, is there still a book to give?
Anyway what if for sure - as ever - is that you make me think a lot (at dawn, french time!). And what I've (almost:) understood of what could bring your book to security questions in society gives great expectations and promises of others dawn+ thinking... Thanks
Give the galley copies to the people who in your opinion have contributed the most to the public knowledge and understanding of practical security (other than yourself of course!).
Award them to people who generate the most
referrals to a book web site, legitimately or,
preferably, by helping pitch your book to someone
who's just been duped into hitting your book's
web site. Bonus copies for anybody who manages
to hijack pharma phishers or any bot army-mounted
I just want to say I have really enjoyed your monthly cryptograms for the last 8 years... ever since you were the guest speaker in the computer security class I was taking at the University of Minnesota. I commonly forward on the monthly email to family and friends as I think everyone should be informed on the issues you present.
I also have enjoyed reading Secrets and Lies and Schneier on Security... so how about a buy two get one free deal?
We pick a GUID between 00...00 and FF...FF and the one that comes closest to your GUID gets the copy.
The person that has supplied you with the most news articles this year gets the copy.
Is this contest true?
I am a liar.
Provide one chapter and ask for comments/feedback. Based on the best, you can pick the winners.
Randomly select a time of day. Monitor the timestamp of incoming comments for a pre-announced period (say, a week), and award books to the N people whose comment arrives closest to the magic timestamp.
Complete the following in 150 words or less:
Liars and Outliers should be banned because ....
The best 19 answers win a copy.
Oh ... and pleeeease can I have one? Thank you.
I think BF Skinner and Clive deserve a book automatically...
NB: you could chose between comments following human nature criterias: (most) honest, deviant, humoristic, frontal, using shifts, luxuruous, etc
Wishing a great success to your efforts for the book. Make this book to have full preview available in http://books.google.com
Going along the lines of Philip Mullarkey, I'd suggest just giving them to public libraries. If you give them to 10-20 people on this blog, 10-20 people profit. Donate them to libraries, everybody wins.
Since the title is "Liars and outliars", how about asking for astonishing lies your readers have manged to get away with? The lies you enjoy the most could be awarded with a copy of the book.
I have a few nice ones myself and I'd bet there is a veritable gold mine of funny and breathtaking lies among your readers that would be highly entertaining (which is a great part of why I'd want you to choose my idea).
This would also introduce an element of trust since you would have to believe your readers sincerity in their tales. And you'd have a blast picking the winners!
How about trying something like this:
Create a little more complex problem. Ask each participant to provide a random number (single digit). Pick the first correct 100 (or more) entries entered before a specific deadline. Add all random numbers and use that to select the winner.
Publish this competition ... and expect the link to spread.
Distribute a copy each to one individual from every country - this way, you will cover the globe.
Step 0: Give a copy to me, as I suggest the following:
Step 1: Give a copy to the person who finds the best solution among all the comments
Step 2: Give a copy to the person with the best solution
Step 3: Give other copies away according to best solution
The issue I have with CML’s idea is that it does tend to discriminate against those who do not have $1024 available.
Personally, I’d suggest a copy goes to someone who is prepared to read it soon and publish an informed, balanced and informative review of it for the rest of us in 500 words or less. And I would rather it went to that someone than to me.
"What recipe do you have?"
Spicy Jamaica style Squid baked inside a loaf of bread.
It sounds a bit weird but tasts rather nice and depending how you make it (in a tin or cottage loaf style) the crust can be highly ornamental and makes a sufficient difference that even conventional "turf" munchers will try the "surf".
My suggestion is this: 1. first of all make sure that the winners will read your book, because else it's just a waste of money ! This could for example be done by asking who would like to win and then asking for something in return, a review of the book or feedback on which chapter is the best or something like that.
2. It would properly be smartest to ensure a degree of geographical spread amoungst the winners by asking about homecountry at the same time.
Send a copy to the CEO's/TCO's of 20 of the biggest IT/Internet companies like Google, Microsoft, Twitter, Facebook and so on with an alternate cover: YOU HAVE BEEN WARNED.
That way, if they fuck up my online safety, my personal data or privacy, they can be sued on grounds of gross negligence.
Make a difficult contest on a subject that you have at heart, but whose difficulty would not attrack entries without a significant bounty, like those books with dedicaces.
I now detail an example, an underhanded contest, like http://underhanded.xcott.com/ but with social interactions replacing the C language.
Each entry of this context should describe a particular mechanism to establish trust between two parties, in a precise setting in the real world. In apparence, it should be evident to the public and the expert that this mechanism cannot be abused, is fool proof, and is as simple as possible. With an invisible weakness that may be used to abuse it, explained at end of entry.
Example of entry: http://www.schneier.com/blog/archives/2011/07/...
Give the 19 books to best entries. Extra points for the entries that seem to respect the principles detailed in your book, and for those not involving computers.
I am not sure that this is the type of difficult contest that you have at heart, you may have a different contest in mind.
Rory: "Give to those that submit the tastiest squid recipes. Then I'll have a decent chance at getting one."
I think Rory won.
Use a gag like "Don't let your (business) partner/boss/bank manager see you with a copy of this book!"
It easy - give me a copy and I shall tell all my pers, colleagues,friends and anyone else who will listen, what a great guy you are and how great the book is and why the NEED TO BUY it.
Really, your books deserve reaching a wider audience than the people reading this blog.
Hence I would suggest the following: bookcrossing !
Ie. identify places where people gather who you hope would read your books (conferences, universities, maybe places where decision makers meet to discuss trust and security), and just leave a few books here and there.
Whether or not you want to encourage people to allow you to trace who reads these bookcrossed copies (see bookcrossing.com) is an open question. People would have to think twice about the privacy implications, which is per-se an interesting question.
The point of galley copies is to spread the interest for the book before publication. So you want it to end up with 'opinion leaders' before the first print edition.
The best way to achieve that may be by letting people hand it personally to an 'opinion leader'. Their argument for which 'opinion leader' they think is most important *and* needs to read this the most (could be someone who talks out of his ass on the subject) gives you a good selection criterium, as well as giving some people and excuse to visit an 'opinion leader'.
You have 20 copies, that means you can do this 10 times (1 copy for winner, one for 'opinion leader')
Given how much you trust the winners, you can send them two copies, or the second copy only after they've given evidence of handing the first copy over to the opinion leader.
If you want to increase reader participation even further, let the readers decide on the winners.
I myself will be happy to buy the book and support your work.
The idea @CML is interesting. But there are some interesting risks: If everyone who responded in this thread participates and sends $1024. Bruce won't have to sell his book if he turns out to be the 'Dishonest Minority'. :D Nah, he wouldn't do that, would he?
I like two things: (both suggested by others)
- Pick someone based on they comments the title-suggestion threads, which guarantees at least some level of interest.
- Then ask them to write a short review.
The benefit is that it partly serves the purpose of galley copies.
Then hold a poll to select the best review. Give that one (or the best x) a final copy when it gets released.
with book copies I can bribe other guards to release prince duncan of Frascati in return he will gratefully embelish you with greatness.
First, skip my copy, because my method requires that these be given out in pairs.
Assign a four digit number to each of twenty books.
Commenters post their four digit guess. When the sum or difference of two commenters matches a book's number, two books are given out. The commenters may exchange email addresses or other identity information as their choice.
Whatever you do with the 20 copies, people in this blog will most probably read your book (either print/digital copies), so why not seek within population outside your blog. While not easy, there are ways: post an advertisement asking for people to proof read your book for comments (might need to use an alias and don't provide much info about the book...)
Congrats on your new book, looking forward to read into it.
Hey, give them to bookcrossing.com when you finished the book.
Send me a copy, let me read/review and, and I can then make a determination on whether or not it even warrants a giveaway. If it does warrant a giveaway, I'd suggest you pick 10 numbers between 1 and 1000, establish a deadline, and the 10 people who pick the exact, or closest number, to those 10 numbers by the deadline get copies of the book.
Wow ! Many people seems to want a copy of Liars and Outliers. Good luck just to read all the comments. Here is my suggestion : take your 20 best friends, those who are not in the security business and give them a copy. Before doing so, although, save some from your children. If it's your most ambitious book, it's the one you may would like them to keep.
PS : don't worry, I'll buy it anyway ;-)
Apply a small perturbation of your choice to each comment. Take a hash. Sort. Done :-)
I don't really want a free copy of the book, since then Bruce wouldn't get the royalty he so much deserves when I purchase it in mid-February.
Give it to the first people who can decipher a message that uses a book code (page/paragraph/word) that uses your previous books as the keys.
You could create a simple, or not, cryptogram and then the first N people get a copy.
give it to the first 10 - 20 people who have never commented on your blog before to stir up their interest
This is a little similar to another comment higher up on the comments roll, but host an Ask Me Anything thread on Reddit and send books to some of the highest upvoted questioners.
See Neil Degrasse Tyson's great example:
The 92 St Y in NYC has a great lecture series. Malcolm Gladwell, Paul Krugman, etc.
I'll had out free copies in the lobby at the next security related lecture.
A lot of influential people attend. Perhaps you could speak there and sign copies of your book afterwards.
I dislike CML's idea. It's really more a test of your trust of Paypal than your trust of Bruce. If Bruce reneges, Paypal can give back the money. If Bruce is honest, Paypal can somehow find a way not to give back the money or charge fees.
Personally, Paypal has not earned my trust.
Pre-emptive response: They also haven't demonstrated enough fear of negative publicity for me to take "negative publicity" as an argument in favor of trusting them anyhow.
Why don't you simply choose using the alphabetical order of your reader names?
I have just proven to be a liar. Now I hope to be an outlier winning the giveaway. :)
I have no great idea. I am just anxious for your new book. You really do not need the PR. Anyone who has attended any level of Information Assurance or crypto course has read your books.
Can we send a book to you for signing?
This is a really interesting idea.
People who know my writing are already primed to buy the book. I'm much more interested in getting the book in the hands of people who have never heard of me and would otherwise never read my book.
Don't give them away for free, sign and number them and auction them on eBay with the proceeds to your favorite charity.
Spam people to complete a fake phishing form and whoever gives you their details send them a book because they could do with it....
You could give away them to people who are actively doing something related to security and/or cryptography as a hobby (may or may not be doing it professionally as well). By hobby I mean doing something that they don't receive significant income from.
I.e. doing free cryptography lectures for students, writing articles on security, etc.
Most of such people have preordered your book or will buy anyway, but not everyone. Some of them may be from backwards countries where it's difficult to buy anything via internet. Some of them may find the price too high compared to their earnings in their countries, and so on.
Applicants somehow should of course prove they are who they say they are.
P.S. I meant "teaching others on concepts of security and/or cryptography without getting real money from that";
You should put them in ten locations as geocaches -- with links to the coordinates and/or clues that are behind poorly-secured websites. Only the liars and outliars should be able to find them! :)
I wonder whether distribution of these copies could be used in a substantive test of the book's thesis. So, let's say that most people who visit this blog (or get Cryptogram, as I do) believe that it is in society's best interests for as many people as possible to read and understand the thesis of this book. Yet, visitors would also like to be a recipient of a (presumably signed) galley copy from one Bruce Schneier. Combine Sur's idea. Let visitors to the blog suggest opinion leaders. Through crowdsourcing, you should be able to get a very credible list. However, once the list is finalized, you agree to *double* the number of copies someone can show (with some credibility) that the list has been biased by one or more ("dishonest minority") persons who would simply like to have a copy for themselves (whether or not they can enhance the book's reception). In other words, if Sur's list of "opinion leaders" includes a person who managed to manipulate themselves onto the list (perhaps via a shill) despite *not actually being* an opinion leader, then your book's thesis will have been given support. And it would be great guerilla marketing, when you think about it...
Just an idea. :-) Good luck, Bruce!
How about a Baconian Cipher, posted after 24 hours of notice (so no timezone discrimination), with books going to the first X people who decode the message and respond via private message.
Most readers here can easily afford buying the book or find it in a local library sometime after it's out. But there are people can get neither. So I'd give the books to readers from third world countries. Should the demand exceed the offer - random draw to rescue.
Of course we are potentially getting here to US export embargo issues :(
PS: If my suggestion happens to be the winning one, I'll donate my copy too and buy one from Amazon (most likely in e-book format).
simple.. don't give them away just for the sake of giving them out.. we need people to support security - there must be some form of charitable or security education cause out there.. or maybe a university that teaches info security -- have the people interested in a free copy make a donation to a security foundation or educational institution.. then they're eligible to get a copy.. or simply have people buy the book at a pre-sale cost or some amount, donate the proceeds and send the individual a slip for their tax return, hence only the charity makes something and there is no profit or loss per se..
Give them to me. I'll distribute them.
"But on a more serious note I think that giving away books to readers of this blog is a poor idea. Lots of people including myself chose to post anonymously and honestly I'm not willing to give up my anonymity just to get a free book. "
Why does that make giving away copies of the book to blog readers a bad idea? I understand why it's a bad idea for you to request a copy of the book. But there's no other reasonable way for me to give a physical book to someone other than through the mail, and that requires a mailing address. It doesn't feel right to penalize every blog reader just because some blog readers value their anonymity more than the book.
Request people to submit cover(s) for new editions of the book. Submitters pass all the rights to you.
How about the first N people that can social engineer a chapter out of your book from the publisher (or you)?
I'm liking @Jur's idea. But who's a good opinion leader that would both read it and comment on it. On one hand I'd love to give one to Senator Patty Murray, but I doubt she'd read it or write about it (good or bad.)
Off hand, I'd suggest: Stephen Frye, Orson Scott Card, Wil Wheaton, Daniel Henninger (WSJ's Wonder Land), Gregg Easterbrook (Sonicboom, TMQ), Steven D. Levitt (Freakonomics), . . .
I think they all exhibit the useful confluence of informed curiosity and desire to write at large.
Give away copies to people who will translate the book into other languages for free.
December 14, 2011 at 11:00 PM
"I'm going to get 10 to 20 copies that I'd like to give away to readers of this blog. I'm not sure how to do it, though.
So to start, I've decided to give away a free galley copy of Liars and Outliers to the person who can come up with the best way to give away free galley copies of Liars and Outliers."
December 16, 2011 9:13 AM
"I'm much more interested in getting the book in the hands of people who have never heard of me and would otherwise never read my book."
However readers of this blog cannot possibly have never heard of you: are you lying to us?
A devoted and grateful reader since years.
Generate 20 unique token strings like JYs!7@!fWx3rL0eR
Then use a php preload or similar to randomly inject them as a comment that will appear to be from a reader. The comment won't actually be stored in your blog, and if they hit refresh, they lost their chance. If they DO notice the token, they can articulate what it might be used for, in a REAL reader comment , like this one, and you will contact them for their mailing address. Thanks, Bruce.
Cool way to collect user data :-)
Seriously, get one of your readers to develop an iPhone and Android app so I can follow your blog on my smartphone.
How about providing a plaintext message that must be encrypted using page number - line number -word number using one of your previous books as the key?
The method is easy to understand, so it makes if fair for your less experienced readers. But it still requires a bit of dedicaton and work to build the cyphertext.
First X users to send a correct cyphertext wins a galley copy.
I suggest that you give away a free copy to people who send you responses to your blog posts that cause your to think: "Hey, that's a good idea!" or "I hadn't thought about that point!"
I suggest an additional SECURITY THEATER CONTEST
Contest on EUROPEAN ECONOMIC WAR
Hey Bruce, do you actually the whole comments to find out if someone gets with an efficient way to dispatch these couple of copies ? ;-)
PS : my thought is : go worldwide. Dispatch across countries. No more than one person from the same country. Different cultures, different feedback, eventually.
Have us guess how many times the word "trust" appears in the book. (or word-fragment, in the case of "trustworthy")
It's pseudorandom, but possible to make reasonable guesses with a bit of thought.
I think it would be a nice balance between random ("fair") and completely subjective ("unfair").
You could even mix the two, by taking the closest 100 for 20 books, and select 20 randomly from those 100. This would hopefully also solve the problem that might arise if 25 people make identical guess for the exact correct value, and you only have 20 copies.
I say use bookcrossing to circulate the books to people who wouldn't normally read it.
Dear Mr. Schneier,
I have a suggestion which I expect will appeal to your mathematical/logical side. You are probably familiar with the so-called Unexpected Hanging Paradox. Here is the Wikipedia description:
A judge tells a condemned prisoner that he will be hanged at noon on one weekday in the following week but that the execution will be a surprise to the prisoner. He will not know the day of the hanging until the executioner knocks on his cell door at noon that day.
Having reflected on his sentence, the prisoner draws the conclusion that he will escape from the hanging. His reasoning is in several parts. He begins by concluding that the "surprise hanging" can't be on Friday, as if he hasn't been hanged by Thursday, there is only one day left - and so it won't be a surprise if he's hanged on Friday. Since the judge's sentence stipulated that the hanging would be a surprise to him, he concludes it cannot occur on Friday.
He then reasons that the surprise hanging cannot be on Thursday either, because Friday has already been eliminated and if he hasn't been hanged by Wednesday night, the hanging must occur on Thursday, making a Thursday hanging not a surprise either. By similar reasoning he concludes that the hanging can also not occur on Wednesday, Tuesday or Monday. Joyfully he retires to his cell confident that the hanging will not occur at all.
The next week, the executioner knocks on the prisoner's door at noon on Wednesday — which, despite all the above, was an utter surprise to him. Everything the judge said came true.
Similarly, it would be amusing to set up your selection system for book recipients as follows: Each user would select some other user (not himself) who he thinks would be LEAST likely to receive a book. The 20 users who receive the most such nominations (the "losers") would in fact get a book. One might object that it would be the 20 users who contributed least who would receive books, but I think that is unlikely to happen: since every person who posts on this site wants a book, people will purposely not select people who they actually think shouldn't get books, precisely because if everyone did so, than the people who voted for the losers will actually be less likely than the losers to receive a book. A similar situation occurred in my college Literature class: the professor announced that we would all vote on which project was the best, and whichever project won would get 50 extra credit points. It was pretty apparent to everyone which project was best, but people were reluctant to vote for them, because the voters knew that if they all voted for the best project, they themselves would have no chance of receiving the bonus points. As a result, a more mediocre project won. The strategy I outlined above works in the opposite way; voters have an incentive to select the most insightful commenters, precisely because they think that those people are the ones least likely to win and rob the voters of a shot at winning. Of course, by explaining the method, I just ruined any chance of it working, since now everyone would realize that the voting process was actually selecting the best commenters and vote for someone else...
PS. Would you consider signing the books you send out?
I don't need one. I will buy it through regular channels, as I do not have the time to really appreciate it at the moment. But I will have it some time next year.
(500 replies already. Hope somebody we'll be able to read mine)
How to give them up depends on what goal you want to achieve:
1) to be fair among you readers: let them sign for it (until the day it will be published) and then do random selection.
2) to advertise: let readers send you a link to their blog/facebook/etc post, that mentions publishing of this book. And select whichever pleases you most or has most number of readers/followers.
Use a clue based "snipe hunt" to find a Wonka style "golden ticket" for the book. Many years ago they used a similar scheme once for a role playing game of a prize of a silver statue buried somewhere. Of course in this case you'd need 20 differing locations to hide the "tickets" instead of one.
I didn't read all the comments (I'm way late to the game), but since you travel all the time, how about a multi-geographic scavenger hunt? Maybe geo-tagging or similar? Hope all is well with you - we met in San Antonio a while back when I was Pres/ISSA/Austin. I'm offshore Africa in the energy sector (lots of targets) these days. cd...
answer google interview questions correctly
you know your most valued commenters.
(I may suggest it, because this is my 1st comment on your site;-)
For your free book thingy:
this_one_gets_a_book = fingerprint(e-mail) mod magic_number == 0
If you choose you magic number right, there might no be a book left after you iterated over the news list.
!st 20 people who can send in photos of them with a TSA agent.
Holy cow, this coffee needs to be stronger.
1st 20 people who send in photos of themselves and a TSA agent.
If charity is the goal, you should do a money gouge auction:
It would work like this:
Alert media outlets and the charity PR person.
Open bidding on Autographed Copy Number 1,
Rules read and acknowledged to bid,
and name a selected [world scope?] charity as posted:
Let bidding proceed.
The top two bids must both pay in each separate auction,
but only the top bid gets a signed book.
[The Other gets an ALSO BID CERTIFICATE.]
You wil likely be surprised at the final value of bragging rights,
if you do a PR posting of the two top bidders for charity.
When that auction ends, repeat the loop,
until the amounts offered drop under, say $200 each, as final bid,
or you run out of books.
You get money for your charity,
provide shared publicity for charity and books and donors,
you alert new demographics to your books, and leverage publicity.
That would leverage each book for the most good in return.
If crypto security awareness is your goal,
the best computer based
quick cryptographic techniques
not now in the published inventory.
Lottery based on the IP address?
How about the first 20 subscribers of your crypto-gram newsletter. Ask the owner of that mail box to reply in "n" hours.. So you can check whether the email is a valid one or not (if not skip to the next).
Unfortunately I am not in this group.
Have a nice 2012 with a lot of joy and health.
Pipe the output from an infinite number of monkeys bashing at keyboards through an address validator, and send the books to the first 20 valid addresses world-wide.
Of course, this has several relevant features - you would first assess the randomness of the algorithm and the security of its implementation, and then we would all seek to compromise the system so as to increase our individual chances of getting one of the books...
And the flash-monkeying would also help to draw attention to the plight of monkeys in probabilistic captivity... Schrodinger's cat has been getting all the charitable donations... :)
As every cat owner knows, Schrodinger's cat has three states; alive, dead and bloody furious.
Give away to the commenter who provides their secure password:)
My friend Milton F. once told me there is no such thing as a free ... You could auction the books. There are a lot of clever auctions. As for me, my time costs are high enough to just buy a copy when the book becomes available. Regards, to all.
Randomly assign sequential numbers to every commenter. Have some else (who doesn't know which number was assigned to whom) select 20 numbers between 1 and N.
The commenters get a book.
If you want, I'll select the numbers for you and you can eliminate me from the selection process. That way the selection is fair since I select randomly AND you assign the numbers randomly, which should assure fairness.
I also like the charity auction aspects. Take a few and give them to people in the community who would auction the book for improvement to their charity; one person to consider might be Johnny Long.
I think a strong candidate would be the first lurker to admit he's a lurker (no longer)!
The easy answer, of course, is to give them to the people you most trust....
A better method is to give them to the people who's names, when ROT13'd, are the most amusing to attempt to pronounce.
There are nice blogs out there that have monthly challenges. For example on http://www.bunniestudios.com/ there is the "Name that ware": A photo of some obscure tech is posted and you have to guess what it is.
Having one of your books as a price would be really nice and get you some more attention!
Post a few paragraphs from the new book and give a free copy to the person with the most cogent comments about the subject of those paragraphs.
Wow...a lot of ideas posted...
Here's one more, hopefully this gets into the good idea pile.
Let you dog pick.
first allow/provide an avenue for subscribed members to express interest in receiving a copy of the Book over period long enough to cover all times zones. Secondly, randomly select 20 people From this group. That's as fair as it gets.
Give the copy to an intern, with strict instructions to only give the copy to you.
Whoever can find the intern and convince them to give up the book (through social engineering or otherwise) gets the book.
In the tradition of the WKRP reference above, select the best jokes that incorporate both some aspect of the book and some lines from a classic sitcom.
This might be biased towards those of us who have wasted too much time watching tv, but I don't see a problem with that :-).
Send out an email setting forth a time span over which requests for a copy of your book will be accepted. All such requests will then go into an electronic hat from which the winners will be drawn.
No time issues, no fake marketing, no complaints about not being given a chance... what's not to like?
Another one, and IIRC this one has NOT been posted yet (and Schneier has said he wants it to be about security and be useful for promoting security):
First the participants have to identify real but not well known security risks.
It can be just about anything, from something in everyday life to something obscure or an insecure "security practice" that some company is doing. Airport security, car security, cosmetics security, whatever. The more people it affects the better, in general, but it does not necessarily have to affect the whole world.
Explain the risk.
What can it cause? Is it something like bad car brakes or instable constructions that is dangerous by itself? Or is it something exploitable like insecure ATMs or corporate policies that can be abused? And how ca it be abused?
Suggest a fix.
Not just a quick fix, but the most the most complete fix you can think of, including pointing out potential errors in the reasoning about security that could have caused the insecurity, and explain how to change the thinking about it. Every single detail that you can find should be included, and the insecurity should be completely gone if your suggestion is applied.
The best ones win. And their contributions can easily be used to promote security, and could get people interested in the book.
Contributions that are relevant to the theme of the book, contributions that are interesting to average Joe, etc, could be prioritized.
Note that the contributions must be easy to read and not obvious.
Crap, I got the tag wrong. Can a moderator fix my b-tag?
Give them to the people with the worst comments.
Thanks mr unknown moderator who fixed the tags in my comment. :)
Randomly pick a number from, say 0 to 255, then give away copies to the book based on a checksum (mapped 0 to 255) calculated from the e-mail addresses of people who enter the contest (checksum algorithm of your choosing, of course).
1) Pick one randome person who commented above, get them to pick the next, etc. until you get all 20
2) Get everyone who wants a free copy to send you a single cent. Get them to also enclose a guess of how many cents you will receive in total. The 20 closest guesses to the actual number of cents received win the book. (Keep the money or donate to charity. (But it's really only nearly free then.)
3) If you are worried about timezones then pick the first person to post from each timezone or country, state, etc.
Bruce, for the namesake of the book, group all the suggestions and pick the best 'outliers'.
Either all suggestions will be so weird that the not-so-weird will stand out; or the few but best weird ones will stand out.
Donate them to ISSA chapters and let them raffle them off.
Give the books to the first n people that find out how to get to the following MD5 value: 8eba785cfa9c44746c54d57c544bc18b
Don't tell anyone how you're distributing it - that's the most secure & non-controversial way to go about it...
Contest: Write 5 bulletpoint items in an easy enough language for the average person to implement so as to ameliorate their security.
- Use a changing password for various sites:
- Explanation on how practically to do it.
- Don't keep your credit card with it's PIN.
List should include practices people are unaware of so the second bullet point on my list is not really good. Another rule could be to explain in laymen's terms the risk associated with not implementing these rules.
The 20 best how to's voted by the community get the book.
I guess a german translation is already planned? If not, drop me a line.
"Distribute a copy each to one individual from every country - this way, you will cover the globe"
I like this one. I live in Uruguay, South America :-)
You could give them away to the people who post the N best ideas on how to give them away.
Turn it into a "security through obscurity" experiment - leave them scattered around a table or two in a public place, and observe how long it takes before they're all gone.
Random is the fairest way and the easiest way to do that is from people who have shown enough interest to comment.
How about sending a copy to whoever makes up the best spoofed publishing industry or reviewer credentials?
Donate a copy to select university libraries (JMU would be a good start) and notify their IT security department to encourage students to check it out and read it. You would get more eyes that way instead of one person hording the book in their private collection.
Donate a copy to select university libraries (JMU would be a good start) and notify their IT security department to encourage students to check it out and read it. You would get more eyes that way instead of one person hording the book in their private collection. And mail them Prioritu Mail from the Post Office :)
Pick, say five persons on the blog, and let them each pick four other bloggers to recieve the book. Then distribute the book only to the best four lists (out of five) .
Hi Bruce -- I sent you a long list of errata and questions re: your first edition of Applied Cryptography shortly after it was published (and shortly after I had finished grad school studying under Hellman and Diffie -- everything still fresh in my mind at that time!).
I'd be interested to read and respond to the galley of your new book if you'd find that helpful. Maybe that is a way to distribute galley copies -- to people who have provided a significant amount of feedback to your prior books?
I propose that you hold a colouring contest.
I have taken the opportunity to have a likeness of Bruce rendered as an outline portrait, see the following link:
The top N people who do the best job colouring in Bruce (in whatever medium they choose), and possibly photoediting him into a humorous tableau, should win a copy of the new book.
After the contest is over, the entries could be displayed in a gallery for all to enjoy. I feel that this gives everyone a chance to participate, not just those who are technically gifted or who are familiar with the fields of security or cryptography.
I have discovered a truly remarkable answer, which this margin is too small to contain
Hmmm... Liars and Outliers, a galley copy, and we have to trust that there will be a selection of a selection algorithm/method?
Anycase, I'd advice on sending Galley copies to the Universities involved the most in "Trust" research, as I've found they are the people that don't know about you, and where I see the least amount of understanding about the real world trust and security problems.
Yours wishing for a galley copy, but rather wanting his local universities to get them.
I think you should give out copies to the first twenty people who DON'T tweet about your book or "like" you on Facebook. Since I don't even HAVE a Facebook account, I think I should be one of the first. I even promise to share it with people here at the office.
Thanks in advance! :-)
Why not be nostalgic with your distribution criteria. I've always been a fan of eenie meenie miny mo.
First, let me state that I'd really like a *signed* copy of the book.
Second, let's look at your dilemma. You want to give away 20 copies of your book. You do not want to do this randomly (either through social media, pick the Nth poster etcetera).
That means that out of a potential set of people who would like to receive your book (assuming that is one of your criteria too, you'd like to give a copy to someone actually interested in reading it) you want to apply filtering criteria.
As you can already see by the entries, this potential set is already large, as there will be people reading this blog not bothering to respond with an entry for whatever reason.
This means that out of fairness, you want to apply a filter yielding close to 20 results, yet not be biased against any individual in particular.
I do not think that is possible.
That means you have to reduce the potential interest set by other means. If it cannot be random (take all candidates, pick the one with no Bs or Ss in his or her name etc.), this means a contest of some sort.
There are a number of possibilities:
1- the contestants would have to produce something.
(a) the something could be the solution to a puzzle. I.e. only one correct answer, no bias in verification.
(b) the something could be something like an essay.
1a has the potential to yield more than 20 winners. 1b has a bias, it involves work, and it puts people who do not speak a language that you understand at a disadvantage.
2- the contestants would have to perform a series of somethings (a la Hercules)
Well, the disadvantages of that one go without saying.
I'd say that your premises and criteria for distribution, if I captured those correctly, prevent a solution without bias. Even if you could come up with a puzzle that is so hard it would be solved by only 20 people already interested in the subject matter, you probably could have selected those 20 from the blog commenters already.
But maybe the question posed is more readily answered on the Freakonomics blog?
- email a copy to the host of the public radio show Forum on KQED.org (http://www.kqed.org/radio/), get a National Public Radio (NPR) interview on the show, and give copies to the callers who call in to ask you questions.
- get an interview at the Commonweath Club (http://www.commonwealthclub.org/) and give your copies to the host and folks in the audience who ask questions.
- appear at City Arts and Lectures (http://cityarts.net/) and give your copies to the host and folks in the audience who ask questions.
How about a Bruce Schneier Look-a-like contest?
Rather than randomly choose anyone who has commented on the blog, why not choose randomly from a subset of commenters who offered a security topic/news story on Fridays. Since you leave it up to the community to discuss security topics during the week that you haven't addressed after your squid blogs, I think this could be a nice way to reward those who enhance this community by bringing up topics per your request! It might not be very easy to filter out Friday comments this way(perhaps if they include a URL?).
Run a fake competition that purports to give away a prize based upon some metric and where the price for entry into that competition is the surrender of their email address or other private information.
Randomly choose people from different countries who have commented here. I'm from Pakistan :)
since you cannot choose a good way, choose all of them :
for 20 copies you want to release :
- do a crypto contest for the first
- a random choice for the second
- a "first to comment" choice for the third
- a "best funny comment" choice for the fourth
- and a "best idea" choice for the last :-) !
now that you have this many comments, choose the first 10 prime numbered posts and give the book accordingly.
New idea: Movie trailer style video!
Preferably with that classic deep voice (voice modifier software are OK), lots of action (or at least promises about lots of action :), some cool/funny/interesting excerpts from it (since we don't have the book, make some quotes up), "can he possibly overcome the challenge of outdoing himself yet again?", etc...
The best 20 videos wins. It can be decided by voting. Obviously, this can get the interest of plenty of otherwise uninterested people so that they'll read the book.
you should send the first prints to libraries (in europe also). thus a lot more of people will have access to the book (especially some that maybe are starting in the field, like me, and don't have the means to buy all the needed books). good luck! lucian, romania
What about one for the guy who sent you the "in the dog house" Iomega Zip Disks password removal steps in 1998 :-)
How did I get here? Who is this Bruce Schneier fellow? Why does my email keep getting hacked? Why isn't "password123" a good password?
Book? What book? Okay I'll read a book. Where is this book?
Give it to the person who is the first to defeat the DRM from the electronic version and make it available to everyone for free :)
I'd like to suggest an idea.
Why not look for
a hidden message from a
neophyte cryptographer who
thinks he's clever?
All you need to do is gaze at it for awhile.
Better yet, use a simple bot to filter
out superfluous text until
only the message remains and will be
known to all.
Take all of the email addresses that subscribe to your newsletter/blots/facebook etc. Hash each one using skein. Sort. First 15 hash entries get a book.
The best way: give away a free galley copy of Liars and Outliers to the person who can come up with the worst way to give away free galley copies of Liars and Outliers...(me... me...)
How about a contest where the best lie regarding IT security wins?
Give the free copies to the people you most want to criticize through the book. That is, give them to the people you most want to hear what you have to say.
Give them all to me ... I'll take care of it.
I suggest that I start a discussion with other users about how to best give away the books, in which the first item will be to suggest starting a new list to suggest how to do it, and so on ad infinitum. Since I could go about doing this programmatically and always be the first to post, and since this is obviously the best suggestion, I would win all the books, unless you have an infinite supply.
Alternatively, figure out the person who has the smallest Schneier number (like the Erdos number or the Kevin Bacon number) based on factors outside of this blog, thus negating the actual comment providing whatever suggestion. Perhaps you could use LinkedIn... oh wait, you wouldn't have an account there since they're password requirements are so lax. Well good luck with this one.
send a galley copy to the most unlikely professional, i.e. me. As a forester now engaged in business development i deal with broad range of issues, including security. How on earth could i be interested in IT security and cryptography? because this affects everything we do, especially noticable after a trip thru various customs agencies in new zealand and usa.
you can ask a question about an issue in the book or use a cryptographic riddle
auction the copies and give a charitable donations.
A free book would be nice, but I have a good job and I can afford the price of a book. I look at the younger generation as our future and the most needy people who would benefit from a free book would be those cash poor computer science majors in college slaving away at their PCs learning all the new technologies.
Looks like I'm about 100 comments late.
As the book is about trust you should give them away to people whom you do not trust - politicians and senior government figures mainly I would guess.
20 would be nowhere near enough though.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.