Liars and Outliers
I got Liars and Outliers signed, for cheap, direct from Bruce Schneier on the condition that I write a review of it. He sold 100 of them this way as a pretty clever way to stir up some publicity. It also worked as a motivator for me to actually write about it.
The basic gist of it is that while I enjoyed the book, it felt like he was preaching to the choir. I didn’t find very much new information (though size-weight misperception was new to me and seems pretty interesting), and my guess would be the type of person that’s likely to pick up this book and read it is in the same boat. There are countless people who absolutely need to understand the concepts it contains, but I’m unconvinced they are a likely audience.
I have to admit that I sort of hated the logistical aspects of this printing. There was an abundance of tables that largely seemed unnecessary, the top and bottom margins seemed to vary without a whole lot of rhyme or reason, and all of the notes were endnotes. Why would anyone publish a book with all of the interesting side bits shoved to the end (along with this one, see Before the Lights Go Out)? Have these publishers never read anything by Mary Roach? Footnotes that are interspersed throughout the work rather than being relegated to 37 pages at the back a) are going to actually be read, and b) exponentially increase the quality of the work. I’m sorry, but keeping two bookmarks and constantly flipping back and forth just isn’t worthwhile when I’m actively reading, and as a result I’m missing out on context and content. From briefly talking to Maggie Koerth-Baker about this, it seems that it’s something on the publisher or printer or other non-author end, but seriously, for research-based writing footnotes are leaps and bounds above endnotes.
Anyway, back to the content, Schneier does an excellent job of presenting the research, but he almost comes off timid. There seems to be a reluctance to really call out those making unrealistic and/or harmful security tradeoffs. Yes, many of the decisions can be rationalized and explained, but they are still bad tradeoffs. In his more informal writing, Schneier is blunt about security theater and all that it entails, and I felt like that bluntness was sorely lacking in much of this book.
As someone who is familiar with a lot of the research in this area, I have to believe I am not the target audience, no matter how much I may have wanted to be. I think that’s probably my mistake in expecting something far more in depth, but the reality is that the audience for that level of research is considerably smaller than the audience for which it feels like this book was written. For someone ignorant to the field looking for an overview introduction to security in all its forms, I don’t know of a better book.