Randall September 22, 2012 1:25 AM

Ha, it is good, and it got me to buy a copy of L&O. But everyone knows you “don’t even engage in conspicuous displays of physical prowess to intimidate other people I encounter” because Bruce Schneier Facts already did that for you.

Carlo Graziani September 22, 2012 9:00 AM

Remarkable. If he’s right, you’ve performed a service for Crime Science analogous to that performed by Clausewitz for War — provide an intellectual framework and set of organizing principles bringing coherence and intelligibility to a field that was previously only partially and hazily understood.

Out of curiosity, is this serendipity, or did you set out to reform the intellectual bases of Crime Science?

-B September 22, 2012 10:27 AM

Donated my copy of the IT managers of FAA with the proviso that each share it with another manager when they were done with it (with an emphasis to “trade up” through the organization).

With luck, some old and new dogs will learn a few new tricks.

Bruce Schneier September 23, 2012 6:50 PM

“Out of curiosity, is this serendipity, or did you set out to reform the intellectual bases of Crime Science?”

I had no idea there was a discipline known as Crime Science.

Bruce Schneier September 23, 2012 6:52 PM

“How can we trust these reviews?”

I know you’re making joke, but it’s a really important question about the Internet. In this case, we look at the website and make trust assessments based on both how the website looks and the URL.

Clive Robinson September 24, 2012 5:20 AM

@ Bruce,

… but it’s a really important question about the Internet.

Yes it is and it is a very real problem because,

In this case, we look at the website and make trust assessments based on both how the website looks and the URL

Web sites are easily copied and URL’s have been relativly easy to fake/spoof/etc, and there are a whole load of other tricks, so these are actually not in any way reliable for anything other than giving you a warm cosy feeling. Which is exactly what cheaters, triksters and other con artists try to make you feel just before they steal the shirt of your back.

The “old human” ways of establishing trust were faily trivial compared to today, but even back then in a village of just a few dozen people, how well did you realy know your neighbours even if you had known them since either one of you was born?

Sadly we appear to have adopted the worst form of trust model “hierarchical” in one way or another and it clearly does not work reliably if at all.

That is if you consider that the majority of people have no intention of cheating others (initialy) the hierarchical model does not stop them going bad, and it does not stop people from cheating if that is their aim initialy.

Personaly I don’t trust the Internet let alone specific web sites sufficiently to carry out any financial transaction across it, nor do I respond to “Webvertising”. Yes I might miss out on bargins etc but so what?

The one time I did try a transaction across the Internet as an experiment I was ripped off by a major online book retailer with a globe spanning reputation. Ok it was the price of a few books etc, and I used a disposable account so my downside liability was controled, but the fact they chose to rip me off means that as far as I’m concerned even “Globe Spanning Reputation” is a coin of no worth (and I’m not the only person to have come to this conclusion with the retailer concerned).

Very clearly “past performance” is not an indicator of “future performance” so reputation is not something a consumer can bank on reliably, nor can the various back end payment systems be trusted in any real way, even when it appears the legislation local to you requires this.

As was once noted it is “buyer beware” and in some respects this has even been codified in law in some jurisdictions, so I gues the real question is not “how can we establish trust?” but “how come we don’t get ripped off more often?”

Perhaps if we can find what makes and keeps people honest we will be able to reach towards a workable system, because as hundreds of years of trying to punish the dishonest has so far failed to stop them, I guess we can assume punishment it is at best a partial deterent.

Natanael September 25, 2012 5:44 PM

Just got my copy of the book today. Will start reading tomorrow, the review will be posted on my blog when I’m done (I guess it will take about a week for me in total to read it and write a review that ain’t crap :).

Wael September 26, 2012 3:08 AM

Got my book today as
well 🙂 20 pages through…
I guess Bruce trusted that I will keep my end
Of the deal 😉 (I will)

Roost3r October 31, 2012 7:20 PM

Cyber security and end users can much be analogues to Plato’s allegory of the cave. You hope to teach awareness and “break their chains speaking truth” dragging them kicking and screaming trying to better the good of all.
Nonetheless, you are guilted by the blind attempting the endeavor…

Who is to judge what is “truth or shadow”?

Perhaps the vernacular does not yet exist.

A must read for non-kool-aid drinkers!!!

Thanks Bruce I hope you made it back North from Clearwater safely!!!


Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.