15 results back to index
Nothing to Hide: The False Tradeoff Between Privacy and Security by Daniel J. Solove
Albert Einstein, cloud computing, Columbine, hindsight bias, illegal immigration, invention of the telephone, Marshall McLuhan, national security letter, security theater, the medium is the message, traffic fines, urban planning
Ironically, the subway search program’s primary benefit was alleviating people’s fear (which was 44 The Danger of Deference probably too high), albeit in a deceptive manner (as the program did not add much in the way of security). The security expert Bruce Schneier calls such measures “security theater,” for they constitute an elaborate exercise in playacting to create the appearance of security. Schneier writes: Security theater refers to security measures that make people feel more secure without doing anything to actually improve their security. An example: the photo ID checks that have sprung up in office buildings. No-one has ever explained why verifying that someone has a photo ID provides any actual security, but it looks like security to have a uniformed guard-for-hire looking at ID cards.10 Is security theater legitimate? Calming public fear is certainly a good thing, but the problem is that security theater is a lie. I believe that most people would rather know the truth than feel better through deception.
Even if panic and fear might lead to overstating the gravity of the threat, we should at least ensure that the measures taken to promote security are sufficiently effective to justify the cost. Unfortunately, rarely do discussions about the sacrifice of civil liberties explain why security benefits can’t be achieved in other ways and why such a security measure is the best and most logical one to take. Little scrutiny is given to security measures. They are often just accepted as a given, no matter how ill-conceived or ineffective they might be. Security Theater Some ineffective security measures, such as the New York City subway search program, are largely symbolic. The subway searches are unlikely to catch or deter terrorists because they involve only a minuscule fraction of the millions of daily passengers. Terrorists can easily turn to other targets or attempt the bombing on another day or at another train station where searches aren’t taking place.
Heron & Betty L. Smith, Deaths: Preliminary Data for 2004, Nat’l Vital Stats. Rep., June 28, 2006, at 1, 30 tbl. 7 (2006), available at http://www.cdc.gov/nchs/data/nvsr/nvsr54/ nvsr54_19.pdf. 9. See Jeordan Legon, Survey: “Shark Summer” Bred Fear, Not Facts, CNN.com, Mar. 14, 2003, http://www.cnn.com/2003/TECH/science/03/13/shark. study/ (last visited Aug. 17, 2010). 10. Bruce Schneier, Beyond Security Theater, Schneier on Security, Nov. 13, 2009, http://www.schneier.com/blog/archives/2009/11/beyond_security.html (last visited Aug. 17, 2010). 5. Why Privacy Isn’t Merely an Individual Right 1. Smith v. City of Artesia, 772 P.2d 373, 376 (N.M. Ct. App. 1989). 2. Thomas I. Emerson, The System of Freedom of Expression 545, 549 (1970). 3. Charles Fried, Privacy, 77 Yale L.J. 475, 478 (1968); see also Beate Rössler, The Value of Privacy 117 (R.
Beautiful security by Andy Oram, John Viega
Albert Einstein, Amazon Web Services, business intelligence, business process, call centre, cloud computing, corporate governance, credit crunch, crowdsourcing, defense in depth, en.wikipedia.org, fault tolerance, Firefox, loose coupling, market design, Monroe Doctrine, new economy, Nicholas Carr, Nick Leeson, Norbert Wiener, optical character recognition, packet switching, performance metric, pirate software, Search for Extraterrestrial Intelligence, security theater, SETI@home, Silicon Valley, Skype, software as a service, statistical model, Steven Levy, The Wisdom of Crowds, Upton Sinclair, web application, web of trust, x509 certificate, zero day, Zimmermann PGP
Sabett 199 CONTENTS 13 14 15 16 Culture Balance Communication Doing the Right Thing 200 202 207 211 BEAUTIFUL LOG HANDLING by Anton Chuvakin 213 Logs in Security Laws and Standards Focus on Logs When Logs Are Invaluable Challenges with Logs Case Study: Behind a Trashed Server Future Logging Conclusions 213 214 215 216 218 221 223 INCIDENT DETECTION: FINDING THE OTHER 68% by Grant Geyer and Brian Dunphy 225 A Common Starting Point Improving Detection with Context Improving Perspective with Host Logging Summary 226 228 232 237 DOING REAL WORK WITHOUT REAL DATA by Peter Wayner 239 How Data Translucency Works A Real-Life Example Personal Data Stored As a Convenience Trade-offs Going Deeper References 240 243 244 244 245 246 CASTING SPELLS: PC SECURITY THEATER by Michael Wood and Fernando Francisco 247 Growing Attacks, Defenses in Retreat The Illusion Revealed Better Practices for Desktop Security Conclusion 248 252 257 258 CONTRIBUTORS 259 INDEX 269 CONTENTS ix Preface I F ONE BELIEVES THAT NEWS HEADLINES REVEAL TRENDS , THESE ARE INTERESTING times for computer security buffs. As Beautiful Security went to press, I read that a piece of software capable of turning on microphones and cameras and stealing data has been discovered on more than 1,200 computers in 103 countries, particularly in embassies and other sensitive government sites.
Nichols Chapter 4, The Underground Economy of Security Breaches, by Chenxi Wang Chapter 5, Beautiful Trade: Rethinking E-Commerce Security, by Ed Bellis Chapter 6, Securing Online Advertising: Rustlers and Sheriffs in the New Wild West, by Benjamin Edelman Chapter 7, The Evolution of PGP’s Web of Trust, by Phil Zimmermann and Jon Callas Chapter 8, Open Source Honeyclient: Proactive Detection of Client-Side Exploits, by Kathy Wang Chapter 9, Tomorrow’s Security Cogs and Levers, by Mark Curphey Chapter 10, Security by Design, by John McManus Chapter 11, Forcing Firms to Focus: Is Secure Software in Your Future?, by James Routh Chapter 12, Oh No, Here Come the Infosecurity Lawyers!, by Randy V. Sabett Chapter 13, Beautiful Log Handling, by Anton Chuvakin Chapter 14, Incident Detection: Finding the Other 68%, by Grant Geyer and Brian Dunphy Chapter 15, Doing Real Work Without Real Data, by Peter Wayner Chapter 16, Casting Spells: PC Security Theater, by Michael Wood and Fernando Francisco Conventions Used in This Book The following typographical conventions are used in this book: Italic Indicates new terms, URLs, filenames, and Unix utilities. Constant width Indicates the contents of computer files and generally anything found in programs. Using Code Examples This book is here to help you get your job done. In general, you may use the code in this book in your programs and documentation.
Calls Release of JetBlue Data Improper,” New York Times. February 21, 2004. Wald, Matthew L. “Randi A.J. v. Long Is. Surgi-Center, No. 2005-04976.” N.Y. App. Div, September 25, 2007. Wayner, Peter. Translucent Databases. Flyzone, 2003. http://www.wayner.org/books/td/. Zeller, Tom Jr. “U.S. Settles With Company on Leak of Consumers’ Data,” New York Times. January 27, 2006. 246 CHAPTER FIFTEEN CHAPTER SIXTEEN Casting Spells: PC Security Theater Michael Wood Fernando Francisco S TORM CLOUDS GATHER AND THERE IS UNREST IN THE LAND ; THIEVES WANDER the highway with impunity, monsters hide in every tree along the road, and wizards cast spells while handing travelers amulets for their protection. Believing in the power of the talismans, our hero strides forth, wrapped in his magical invincibility, confident he will be the master of any threat he encounters.
airport security, availability heuristic, Benoit Mandelbrot, Berlin Wall, Bernie Madoff, big-box store, Black Swan, Broken windows theory, Carmen Reinhart, Claude Shannon: information theory, Climategate, Climatic Research Unit, cognitive dissonance, collapse of Lehman Brothers, collateralized debt obligation, complexity theory, computer age, correlation does not imply causation, Credit Default Swap, credit default swaps / collateralized debt obligations, cuban missile crisis, Daniel Kahneman / Amos Tversky, diversification, Donald Trump, Edmond Halley, Edward Lorenz: Chaos theory, en.wikipedia.org, equity premium, Eugene Fama: efficient market hypothesis, everywhere but in the productivity statistics, fear of failure, Fellow of the Royal Society, Freestyle chess, fudge factor, George Akerlof, haute cuisine, Henri Poincaré, high batting average, housing crisis, income per capita, index fund, Internet Archive, invention of the printing press, invisible hand, Isaac Newton, James Watt: steam engine, John Nash: game theory, John von Neumann, Kenneth Rogoff, knowledge economy, locking in a profit, Loma Prieta earthquake, market bubble, Mikhail Gorbachev, Moneyball by Michael Lewis explains big data, Monroe Doctrine, mortgage debt, Nate Silver, new economy, Norbert Wiener, PageRank, pattern recognition, pets.com, prediction markets, Productivity paradox, random walk, Richard Thaler, Robert Shiller, Robert Shiller, Rodney Brooks, Ronald Reagan, Saturday Night Live, savings glut, security theater, short selling, Skype, statistical model, Steven Pinker, The Great Moderation, The Market for Lemons, the scientific method, The Signal and the Noise by Nate Silver, The Wisdom of Crowds, Thomas Kuhn: the structure of scientific revolutions, too big to fail, transaction costs, transfer pricing, University of East Anglia, Watson beat the top human players on Jeopardy!, wikimedia commons
It’s much easier to bust a sixteen-year-old kid for smoking a joint than to solve an auto theft or prevent a murder. Everybody likes to live in a cleaner, safer neighborhood. But it’s unclear whether the broken-windows theory is more than window dressing. Likewise, the ever more cumbersome requirements for commercial flights fall into the category of what the security expert Bruce Schneier calls “security theater”75—they are more for show than to actually deter terrorists. It’s by no means completely irrational to be worried about airport security; airplanes have been the subject of a large number of terror attacks in the past, and terrorism can have a copycat element.76 Yet even accounting for crashes that had nothing to do with terrorism, only about one passenger for every twenty-five million was killed on an American commercial airliner during the decade of the 2000s.77 Even if you fly twenty times per year, you are about twice as likely to be struck by lightning.
Kees Keizer, Siegwart Lindenberg, and Linda Steg, “The Spreading of Disorder,” Science, 322, 5908 (December 2008), pp. 1681–1685. http://www.sciencemag.org/content/322/5908/1681.abstract. 74. Bernard E. Harcourt and Jens Ludwig, “Broken Windows: New Evidence from New York City and a Five-City Social Experiment,” University of Chicago Law Review, 73 (2006). http://lawreview.uchicago.edu/sites/lawreview.uchicago.edu/files/uploads/73.1/73_1_Harcourt_Ludwig.pdf. 75. Bruce Schneier, “Beyond Security Theater,” Schneier on Security, November 13, 2009. http://www.schneier.com/blog/archives/2009/11/beyond_security.html. 76. Ibid., Kindle location 1035. 77. Nate Silver, “Crunching the Risk Numbers,” Wall Street Journal, January 8, 2010. http://Online.wsj.com/article/SB10001424052748703481004574646963713065116.html. 78. Russian Authorities: Terrorist Bombing at Moscow Airport Kills 35;” CNN Wire; January 24, 2011. http://articles.cnn.com/2011-01-24/world/russia.airport.explosion_1_suicide-bomber-moscow-police-moscow-during-rush-hour?
“Report of the Select Committee on Intelligence on Postwar Findings About Iraq’s WMD Programs and Links to Terrorism and How They Compare with Prewar Assessments;” U.S. Senate, 109th Congress, 2nd Session; September 8, 2006. http://intelligence.senate.gov/phaseiiaccuracy.pdf. 85. Martin Chulov and Helen Pidd, “Defector Admits to WMD Lies That Triggered Iraq War,” The Guardian, February 15, 2011. http://www.guardian.co.uk/world/2011/feb/15/defector-admits-wmd-lies-iraq-war. 86. Schneier, “Beyond Security Theater,” Kindle locations 1321–1322. 87. Harvey E. Lapan and Todd Sandler, “Terrorism and Signalling,” European Journal of Political Economy, 9, 3 (August 1993), pp. 383–397; 88. The 9/11 Commission Report, Kindle locations 9286–9287. 89. Michael A. Babyak, “What You See May Not Be What You Get: A Brief, Nontechnical Introduction to Overfitting in Regression-Type Models,” Psychosomatic Medicine, 66 (2004), pp. 411–.421; 2004. http://os1.amc.nl/mediawiki/images/Babyak_-_overfitting.pdf.
AltaVista, Ayatollah Khomeini, barriers to entry, bitcoin, Chelsea Manning, clean water, crowdsourcing, cuban missile crisis, data is the new oil, David Graeber, Debian, Edward Snowden, Filter Bubble, Firefox, GnuPG, Google Chrome, Google Glasses, informal economy, Jacob Appelbaum, Julian Assange, market bubble, market design, medical residency, meta analysis, meta-analysis, mutually assured destruction, prediction markets, price discrimination, randomized controlled trial, RFID, Robert Shiller, Ronald Reagan, security theater, Silicon Valley, Silicon Valley startup, Skype, smart meter, Steven Levy, Upton Sinclair, WikiLeaks, Y2K, Zimmermann PGP
” * * * The surveillance of Yasir Afifi appears to have started with an innocent question about why deodorant could not pass through an airport screening. On June 24, 2010, a user of the social networking website Reddit.com named “JayClay” posted a question: “So if my deodorant could be a bomb, why are you just chucking it in the bin?” His post generated hundreds of comments. Some Reddit users dubbed the deodorant ban “Security Theater.” Others talked about items they had smuggled onto planes—nail clippers, bamboo needles, razors, knives. One user suggested that bombing a mall would be a “softer target.” On June 25, a user named “Khaledthegypsy” weighed in: “bombing a mall seems so easy to do,” he wrote. “i mean all you really need is a bomb, a regular outfit so you arent the crazy guy in a trench coat trying to blow up a mall and a shopping bag. i mean if terrorism were actually a legitimate threat, think about how many fucking malls would have blown up already.”
Party”) RSA firm Rutgers University Rwanda Safari salting San Francisco Chronicle Satellite Sentinel Project Scheindlin, Shira Schley, Courtney Schmidt, Eric Schneier, Bruce Schneier on Security (Schneier) Schoenberg, Evan schools Schrems, Max Science Scoble, Robert SearchBug.com search engines. See also specific search engines auditing your data on search warrants Secret New York (Rives) secret police Secrets & Lies (Schneier) Secret Service security, privacy vs. Security Engineering (Anderson) security questions Security Theater September 11, 2001, attacks sexual orientation Shahzad, Faisal Shearson, Julia Shilkin, Rob Shiller, Benjamin Reed Shopping.com Shutova, Ekaterina Shutterfly Signal conference Silent Circle Silent Phone Silent Text Sinclair, Upton Singer-Vine, Jeremy Skyhook Skype Slobogin, Christopher smart card Smith, Stephen Smith, Will Snowden, Edward social networking sites. See also specific sites social network mapping social security numbers Soghoian, Christopher Soltani, Ashkan Sonic.net “sousveillance” South Africa Southern District of New York (federal court) Soviet Union spamgourmet.com spam messages SpiderOak Spokeo spoofing Sputnik spy satellites spyware Staas, David stalkers Standard Oil Company Staples Stasi state and local governments stealth wear Stecklow, Steve Steel, Emily Strauchs, John J.
23andMe, Albert Einstein, Alfred Russel Wallace, banking crisis, Barry Marshall: ulcers, Benoit Mandelbrot, Berlin Wall, biofilm, Black Swan, butterfly effect, Cass Sunstein, cloud computing, congestion charging, correlation does not imply causation, Daniel Kahneman / Amos Tversky, dark matter, data acquisition, David Brooks, delayed gratification, Emanuel Derman, epigenetics, Exxon Valdez, Flash crash, Flynn Effect, hive mind, impulse control, information retrieval, Isaac Newton, Jaron Lanier, John von Neumann, Kevin Kelly, mandelbrot fractal, market design, Mars Rover, Marshall McLuhan, microbiome, Murray Gell-Mann, Nicholas Carr, open economy, place-making, placebo effect, pre–internet, QWERTY keyboard, random walk, randomized controlled trial, rent control, Richard Feynman, Richard Feynman, Richard Feynman: Challenger O-ring, Richard Thaler, Schrödinger's Cat, security theater, Silicon Valley, stem cell, Steve Jobs, Steven Pinker, Stewart Brand, the scientific method, Thorstein Veblen, Turing complete, Turing machine, Walter Mischel, Whole Earth Catalog
Let’s dare to know—risks and responsibilities are chances to be taken, not avoided. Science Versus Theater Ross Anderson Professor of security engineering, University of Cambridge Computer Laboratory; researcher in the economics and psychology of information security Modern societies waste billions on protective measures whose real aim is to reassure rather than to reduce risk. Those of us who work in security engineering refer to this as “security theater,” and there are examples all around us. We’re searched going into buildings that no terrorist would attack. Social-network operators create the pretense of a small intimate group of “friends,” in order to inveigle users into disclosing personal information that can be sold to advertisers. The users get not privacy but privacy theater. Environmental policy is a third example: Cutting carbon emissions would cost lots of money and votes, so governments go for gesture policies that are highly visible though their effect is negligible.
., 242–45 Randall, Lisa, 192–93 randomness, 105–8 rational unconscious, 146–49 ratios, 186 Read, Leonard, 258 realism, naïve, 214 Reality Club, xxix recursive structure, 246–49 reductionism, 278 Rees, Martin, 1–2 regression, 235 ARISE and, 235–36 relationalism, 223 relativism, 223, 300 relativity, 25, 64, 72, 234, 297 religion, 5, 6, 114 creationism, 268–69 self-transcendence and, 212–13 supernatural beings in, 182–83 and thinking in time vs. outside of time, 222 repetition, in manufacture, 171 replicability, 373–75 Revkin, Andrew, 386–88 Ridley, Matt, 257–58 risk, 56–57, 68–71, 339 security theater and, 262 statistical thinking and, 260 risk aversion, 339 risk literacy, 259–61 Ritchie, Matthew, 237–39 Robertson, Pat, 10 Roman Empire, 128 root-cause analysis, 303–4 Rosen, Jay, 203–5 Rovelli, Carlo, 51–52 Rowan, David, 305–6 Rucker, Rudy, 103–4 Rushkoff, Douglas, 41–42 Russell, Bertrand, 123 Rwanda, 345 Saatchi, Charles, 307–8 safety, proving, 281 Saffo, Paul, 334–35 Sagan, Carl, 273, 282 Sakharov, Andrei, 88 Salcedo-Albarán, Eduardo, 345–48 Sampson, Scott D., 289–91 Sapolsky, Robert, 278–80 Sasselov, Dimitar, 13–14, 292–93 SAT tests, 47, 89 scale analysis, 184–87 scale transitions, 371–72 scaling laws, 162 Schank, Roger, 23–24 Schmidt, Eric, 305 schools, see education Schrödinger’s cat, 28 Schulz, Kathryn, 30–31 science, 192–93 discoveries in, 109–11, 240–41, 257 humanities and, 364–66 method of, 273–74 normal, 242–43, 244 pessimistic meta-induction from history of, 30–31 replicability in, 373–75 statistically significant difference and, 378–80 theater vs., 262–63 scientific concept, 19, 22 scientific lifestyle, 19–22 scientific proof, 51, 52 scuba divers, 40 seconds, 163 security engineering, 262 security in information-sharing, 75–76 Segre, Gino, 28–29 Sehgal, Tino, 119 Seife, Charles, 105–8 Sejnowski, Terrence, 162–64 self, 212 ARISE and, 235–36 consciousness, 217 Other and, 292–93 separateness of, 289–91 subselves and the modular mind, 129–31 transcendence of, 212–13 self-control, 46–48 self-model, 214 self-serving bias, 37–38, 40 Seligman, Martin, 92–93 Semelweiss, Ignaz, 36 senses, 43, 139–42 umwelt and, 143–45 sensory desktop, 135–38 September 11 attacks, 386 serendipity, 101–2 serotonin, 230 sexuality, 78 sexual selection, 228, 353–54 Shamir, Adi, 76 SHAs (shorthand abstractions), xxx, 228, 277, 395–97 graceful, 120–23 Shepherd, Jonathan, 274 Shermer, Michael, 157–59 shifting baseline syndrome, 90–91 Shirky, Clay, xxvii, 198, 338 signal detection theory, 389–93 Signal Detection Theory and Psychophysics (Green and Swets), 391 signals, 228 Simon, Herbert, 48 simplicity, 325–27 skeptical empiricism, 85 skepticism, 242, 243, 336 skydivers, 39 Smallberg, Gerald, 43–45 smell, sense of, 139–42, 143–44 Smith, Adam, 258 Smith, Barry C., 139–42 Smith, Hamilton, 166 Smith, Laurence C., 310–11 Smith, John Maynard, 96 Smolin, Lee, 221–24 social microbialism, 16 social networks, 82, 262, 266 social sciences, 273 Socrates, 340 software, 80, 246 Solomon Islands, 361 something for nothing, 84 specialness, see uniqueness and specialness Sperber, Dan, 180–83 spider bites, 68, 69, 70 spoon bending, 244 stability, 128 Standage, Tom, 281 stars, 7, 128, 301 statistically significant difference, 378–80 statistics, 260, 356 stem-cell research, 56, 69–70 stock market, 59, 60–61, 151, 339 Flash Crash and, 60–61 Pareto distributions and, 199, 200 Stodden, Victoria, 371–72 stomach ulcers, 240 Stone, Linda, 240–41 stress, 68, 70, 71 string theories, 113, 114, 299, 322 subselves and the modular mind, 129–31 success, failure and, 79–80 sun, 1, 7, 11, 164 distance between Earth and, 53–54 sunk-cost trap, 121 sunspots, 110 Superorganism, The (Hölldobler and Wilson), 196–97 superorganisms, 196 contingent, 196–97 supervenience, 276, 363–66 Susskind, Leonard, 297 Swets, John, 391 symbols and images, 152–53 synapses, 164 synesthesia, 136–37 systemic equilibrium, 237–39 Szathmáry, Eörs, 96 Taleb, Nassim, 315 TANSTAAFL (“There ain’t no such thing as a free lunch”), 84 Tapscott, Don, 250–53 taste, 140–42 tautologies, 355–56 Taylor, F.
HTML5 Cookbook by Christopher Schmitt, Kyle Simpson
If you disable autocomplete at the form level, you can re-enable it for an individual form field by setting autocomplete="on". While many security experts suggest applying autocomplete="off" to form fields that contain sensitive data, you should keep in mind that this is not a particularly effective security measure. Some browsers do not yet support autocomplete, and since so many tools exist to circumvent autocomplete="off"—tools that still auto-inject a user’s stored password—it’s often security theater or simply a false security measure. Those browsers that do not support autocomplete simply ignore the attribute altogether. For a browser support reference on autocomplete, see Table 3-11. Table 3-11. Browser support for the autocomplete attribute IE Firefox Chrome Safari Opera iOS Android Yes* 4+ Yes* Yes* 10.0+ Yes* Yes* Note In Table 3-11, “Yes” indicates that the browser has implemented autocomplete in a pre-HTML5, nonstandard way.
Culture & Empire: Digital Revolution by Pieter Hintjens
4chan, airport security, anti-communist, anti-pattern, barriers to entry, Bill Duvall, bitcoin, blockchain, business climate, business intelligence, business process, Chelsea Manning, clean water, congestion charging, Corn Laws, correlation does not imply causation, cryptocurrency, Debian, Edward Snowden, failed state, financial independence, Firefox, full text search, German hyperinflation, global village, GnuPG, Google Chrome, greed is good, Hernando de Soto, hiring and firing, informal economy, invisible hand, James Watt: steam engine, Jeff Rulifson, Julian Assange, Kickstarter, M-Pesa, mutually assured destruction, Naomi Klein, national security letter, new economy, New Urbanism, Occupy movement, offshore financial centre, packet switching, patent troll, peak oil, pre–internet, private military company, race to the bottom, rent-seeking, reserve currency, RFC: Request For Comment, Richard Feynman, Richard Feynman, Richard Stallman, Satoshi Nakamoto, security theater, Skype, slashdot, software patent, spectrum auction, Steve Crocker, Steve Jobs, Steven Pinker, Stuxnet, The Wealth of Nations by Adam Smith, The Wisdom of Crowds, trade route, transaction costs, union organizing, web application, WikiLeaks, Y2K, zero day, Zipf's Law
Sure, websites track us with cookies. Oh look, pretty pictures! We enjoy the attention. Most people are pretty lonely, and the idea that someone is watching isn't half as scary as the alternative -- that no one cares. This is why many people enjoy getting some spam. It may be junk, yet at least it's coming to us, personally. We calculate that it doesn't really matter. We tolerate the cameras and spying because we know it's security theater, and we're not really that dumb to take it seriously, even if we like to pretend we are. TV taught us that privacy is a bauble to be traded for a few drops of fame. Tell the world your most intimate details, and become a star for 15 seconds. Famous people don't have privacy. Why should the rest of us need it? The bogeyman will get us if we argue. This still works with many people, though fewer than before.
Fuller Memorandum by Stross, Charles
Any sufficiently advanced technology is indistinguishable from magic, Beeching cuts, British Empire, cognitive dissonance, complexity theory, congestion charging, dumpster diving, finite state, Firefox, HyperCard, invisible hand, land reform, linear programming, peak oil, security theater, sensible shoes, side project, telemarketer, Turing machine
It was easy enough to close down the cemetery--police roadblocks, reports about an illegal rave and graveyard vandalism, a handful of D-notices to gag the more annoying local reporters--but then they had to do something with the bodies. The feeders raised just about everything that wasn't totally dismembered and disarticulated. In the end, they had to bring in bulldozers and dig trenches. They identified some of the cultists--but not Jonquil the Sloane Ranger, or her boyfriend Julian. I don't think Brookwood will reopen for a long time. Brains has been given a good talking-to, and is being subjected to the Security Theater Special Variety Show for breaching about sixteen different regulations by installing beta software on an employee's personal phone. Reminding Oscar-Oscar that if he hadn't done so they'd have lost the Eater of Souls to a cultist infiltrator appears to be futile. Right now, everyone in Admin has joined in the world's biggest arse-kicking circle dance, except possibly for Angleton, who is shielding me from the worst of it.
4chan, barriers to entry, Berlin Wall, big-box store, cloud computing, collaborative economy, crowdsourcing, game design, Internet Archive, invention of movable type, inventory management, iterative process, Jason Scott: textfiles.com, job automation, late fees, mental accounting, packet switching, pattern recognition, pirate software, Ronald Reagan, security theater, sharing economy, side project, Silicon Valley, software patent, Steve Jobs, zero day
The guard asked Glover if the boots had steel toes, and Glover confirmed that they did. And then, without further inspection, the guard just waved him through. They hadn’t made him take off his boots. They hadn’t patted him down or asked him any difficult questions. He had set off the wand, and there were no consequences. At that moment, Glover realized that the wandings were performatory. This wasn’t security, but security theater, a pantomime intended to intimidate would-be thieves rather than catch actual smugglers. And the low-wage security guards who ran the daily showings were just as bored of them as everybody else. If Glover could somehow fit the compact discs inside of his boots, he could finally get them out on his own. But they wouldn’t fit. The discs were just a little bit too big. Still, the seed of the idea was planted, and over the next few months, as he patiently waited in line each day to leave the plant at the end of his shift, he gradually came to see it: belt buckles.
How to Speak Money: What the Money People Say--And What It Really Means by John Lanchester
asset allocation, Basel III, Bernie Madoff, Big bang: deregulation of the City of London, bitcoin, Black Swan, blood diamonds, Bretton Woods, BRICs, Capital in the Twenty-First Century by Thomas Piketty, Celtic Tiger, central bank independence, collapse of Lehman Brothers, collective bargaining, credit crunch, Credit Default Swap, crony capitalism, Dava Sobel, David Graeber, disintermediation, double entry bookkeeping, en.wikipedia.org, estate planning, financial innovation, Flash crash, forward guidance, Gini coefficient, global reserve currency, high net worth, High speed trading, hindsight bias, income inequality, inflation targeting, interest rate swap, Isaac Newton, Jaron Lanier, joint-stock company, joint-stock limited liability company, Kodak vs Instagram, liquidity trap, London Interbank Offered Rate, London Whale, loss aversion, margin call, McJob, means of production, microcredit, money: store of value / unit of account / medium of exchange, moral hazard, neoliberal agenda, New Urbanism, Nick Leeson, Nikolai Kondratiev, Nixon shock, Northern Rock, offshore financial centre, oil shock, open economy, paradox of thrift, Plutocrats, plutocrats, Ponzi scheme, purchasing power parity, pushing on a string, quantitative easing, random walk, rent-seeking, reserve currency, Richard Feynman, Richard Feynman, road to serfdom, Ronald Reagan, Satoshi Nakamoto, security theater, shareholder value, Silicon Valley, six sigma, South Sea Bubble, sovereign wealth fund, Steve Jobs, The Chicago School, The Wealth of Nations by Adam Smith, The Wisdom of Crowds, trickle-down economics, Washington Consensus, working poor, yield curve
Look at the example of flying. I’m completely terrified of flying—when I say “terrified,” I mean I can’t get on a plane unless I’m zonked on prescription tranquilizers. But even I can see that that’s an irrational fear, because contemporary commercial aviation is extraordinarily, uncannily safe. The experience of flying is so ghastly—the nasty airports, the multiple queueing, the intelligence-insulting security theater, the cattle-car in-flight conditions—that we tend to forget what an astonishing success the air industry has made of its safety record. Do we even notice? No, not really—what we notice are the crashes. Maybe the story of aid is a bit like that. If 16,438 children died today in a single disaster, it would dominate every news media outlet in the world for weeks. The fact that they aren’t dying isn’t news.
When to Rob a Bank: ...And 131 More Warped Suggestions and Well-Intended Rants by Steven D. Levitt, Stephen J. Dubner
Affordable Care Act / Obamacare, airport security, augmented reality, barriers to entry, Bernie Madoff, Black Swan, Broken windows theory, Captain Sullenberger Hudson, Daniel Kahneman / Amos Tversky, deliberate practice, feminist movement, food miles, George Akerlof, invisible hand, loss aversion, mental accounting, Netflix Prize, obamacare, oil shale / tar sands, peak oil, pre–internet, price anchoring, price discrimination, principal–agent problem, profit maximization, Richard Thaler, security theater, Ted Kaczynski, the built environment, The Chicago School, the High Line, Thorstein Veblen, transaction costs
After exploring all these issues, let’s figure out the truth, and let’s use it to guide public policy. And if Secretary LaHood has any interest in pursuing any of these avenues, I stand at the ready to offer whatever help that I can. Update: Secretary LaHood never did take me up on my offer to help. Security Overkill, Diaper-Changing Edition (SJD) I’ve been thinking a bit lately about security overkill. This includes not just the notion of “security theater,” but the many instances in which someone places a layer of security between me and my everyday activities with no apparent benefit. My bank, for instance, would surely argue that its many and various anti-fraud measures are valuable. But in truth, they are a) meant to protect the bank, not me; and b) cumbersome to the point of ridiculous. It’s gotten to where I can predict which credit-card charge will trigger the bank’s idiot algorithm and freeze my account because it didn’t like the zip code where I used the card.
Liars and Outliers: How Security Holds Society Together by Bruce Schneier
airport security, barriers to entry, Berlin Wall, Bernie Madoff, Bernie Sanders, Brian Krebs, Broken windows theory, carried interest, Cass Sunstein, Chelsea Manning, corporate governance, crack epidemic, credit crunch, crowdsourcing, cuban missile crisis, Daniel Kahneman / Amos Tversky, David Graeber, desegregation, don't be evil, Double Irish / Dutch Sandwich, Douglas Hofstadter, experimental economics, Fall of the Berlin Wall, financial deregulation, George Akerlof, hydraulic fracturing, impulse control, income inequality, invention of agriculture, invention of gunpowder, iterative process, Jean Tirole, John Nash: game theory, joint-stock company, Julian Assange, meta analysis, meta-analysis, microcredit, moral hazard, mutually assured destruction, Nate Silver, Network effects, Nick Leeson, offshore financial centre, patent troll, phenotype, pre–internet, principal–agent problem, prisoner's dilemma, profit maximization, profit motive, race to the bottom, Ralph Waldo Emerson, RAND corporation, rent-seeking, RFID, Richard Thaler, risk tolerance, Ronald Coase, security theater, shareholder value, slashdot, statistical model, Steven Pinker, Stuxnet, technological singularity, The Market for Lemons, The Nature of the Firm, The Spirit Level, The Wealth of Nations by Adam Smith, The Wisdom of Crowds, theory of mind, too big to fail, traffic fines, transaction costs, ultimatum game, UNCLOS, union organizing, Vernor Vinge, WikiLeaks, World Values Survey, Y2K
Horst Rittel and Melvin Webber (1973), “Dilemmas in a General Theory of Planning,” Policy Sciences, 4:155–69. E. Jeffrey Conklin (2006), Dialog Mapping: Building a Shared Understanding of Wicked Problems, John Wiley & Sons. ubiquity of data Charles Stross (2011), “Network Security in the Medium Term, 2061–2561 AD,” paper presented at USENIX Security. better off spending Bruce Schneier (2009), “Beyond Security Theater,” New Internationalist, 427:10–13. Yochai Benkler Yochai Benkler (2011), The Penguin and the Leviathan: How Cooperation Trumphs Over Self-Interest, Crown Business, 25–6. security is a process Bruce Schneier (2000), Secrets and Lies: Digital Security in a Networked World, John Wiley & Sons, 273, 395. Chapter 17 Trust in things Bart Nooteboom (2002), Trust: Forms, Foundations, Functions, Failures and Figures, Edward Elgar, 45.
Wireless by Stross, Charles
anthropic principle, back-to-the-land, Benoit Mandelbrot, Buckminster Fuller, Cepheid variable, cognitive dissonance, colonial exploitation, cosmic microwave background, epigenetics, finite state, Georg Cantor, gravity well, hive mind, jitney, Khyber Pass, Magellanic Cloud, mandelbrot fractal, peak oil, phenotype, Pluto: dwarf planet, security theater, sensible shoes, Turing machine
It’s not as if thinking about it is a crime: the problems start when an agent far gone in solipsism starts thinking they can do it for real. Or worse, when the Opposition raise their snouts.” “But I—” Pierce stopped, collected his thoughts, and continued. “I thought that never happened? That the self-policing thing was a, an adequate safeguard?” “Lad.” Kafka shook his head. “You clearly mean well. And self-policing does indeed work adequately most of the time. But don’t let the security theater at your graduation deceive you: there are failure modes. We set you a large number of surveillance assignments to muddy the water—palimpsests all, of course, we overwrite them once they deliver their reports so that future-you retains no memory of them—but you can’t watch yourself all the time. And there are administrative errors. You’re not only the best monitor of your own behavior, but the best-placed individual to know how best to corrupt you.
23andMe, 3D printing, additive manufacturing, Affordable Care Act / Obamacare, Airbnb, airport security, Albert Einstein, algorithmic trading, artificial general intelligence, augmented reality, autonomous vehicles, Baxter: Rethink Robotics, Bill Joy: nanobots, bitcoin, Black Swan, blockchain, borderless world, Brian Krebs, business process, butterfly effect, call centre, Chelsea Manning, cloud computing, cognitive dissonance, computer vision, connected car, corporate governance, crowdsourcing, cryptocurrency, data acquisition, data is the new oil, Dean Kamen, disintermediation, don't be evil, double helix, Downton Abbey, Edward Snowden, Elon Musk, Erik Brynjolfsson, Filter Bubble, Firefox, Flash crash, future of work, game design, Google Chrome, Google Earth, Google Glasses, Gordon Gekko, high net worth, High speed trading, hive mind, Howard Rheingold, hypertext link, illegal immigration, impulse control, industrial robot, Internet of things, Jaron Lanier, Jeff Bezos, job automation, John Harrison: Longitude, Jony Ive, Julian Assange, Kevin Kelly, Khan Academy, Kickstarter, knowledge worker, Kuwabatake Sanjuro: assassination market, Law of Accelerating Returns, Lean Startup, license plate recognition, litecoin, M-Pesa, Mark Zuckerberg, Marshall McLuhan, Menlo Park, mobile money, more computing power than Apollo, move fast and break things, Nate Silver, national security letter, natural language processing, obamacare, Occupy movement, Oculus Rift, offshore financial centre, optical character recognition, pattern recognition, personalized medicine, Peter H. Diamandis: Planetary Resources, Peter Thiel, pre–internet, RAND corporation, ransomware, Ray Kurzweil, refrigerator car, RFID, ride hailing / ride sharing, Rodney Brooks, Satoshi Nakamoto, Second Machine Age, security theater, self-driving car, shareholder value, Silicon Valley, Silicon Valley startup, Skype, smart cities, smart grid, smart meter, Snapchat, social graph, software as a service, speech recognition, stealth mode startup, Stephen Hawking, Steve Jobs, Steve Wozniak, strong AI, Stuxnet, supply-chain management, technological singularity, telepresence, telepresence robot, Tesla Model S, The Wisdom of Crowds, Tim Cook: Apple, trade route, uranium enrichment, Wall-E, Watson beat the top human players on Jeopardy!, Wave and Pay, We are Anonymous. We are Legion, web application, WikiLeaks, Y Combinator, zero day
The lack of innovation in government permeates not only our legislatures but the organs of our national security and law enforcement apparatus as well. In response to the creativity (albeit diabolical) demonstrated by the terrorists who carried out the 9/11 plot, the government spent billions of dollars and came up with such “innovations” as the Transportation Security Administration. Though frisking four-year-olds and little old ladies in wheelchairs makes for fine “security theater,” we’re going to have to significantly up our game if we hope to prevent future terrorist attacks. Given the pace of technological change, tomorrow’s security threats will not look like those of today—one of the reasons government is struggling mightily in the face of our common cyber insecurity. Of course this is not meant to suggest there is no innovation in government. It was government that brought us the Internet and space travel and served as the catalyst to finally decode the human genome.
The Better Angels of Our Nature: Why Violence Has Declined by Steven Pinker
1960s counterculture, affirmative action, Alan Turing: On Computable Numbers, with an Application to the Entscheidungsproblem, Albert Einstein, availability heuristic, Berlin Wall, Bonfire of the Vanities, British Empire, Broken windows theory, California gold rush, Cass Sunstein, citation needed, clean water, cognitive dissonance, colonial rule, Columbine, computer age, conceptual framework, correlation coefficient, correlation does not imply causation, crack epidemic, cuban missile crisis, Daniel Kahneman / Amos Tversky, David Brooks, delayed gratification, demographic transition, desegregation, Doomsday Clock, Douglas Hofstadter, Edward Glaeser, en.wikipedia.org, European colonialism, experimental subject, facts on the ground, failed state, first-past-the-post, Flynn Effect, food miles, Francis Fukuyama: the end of history, fudge factor, full employment, ghettoisation, Gini coefficient, global village, Henri Poincaré, impulse control, income inequality, informal economy, invention of the printing press, Isaac Newton, lake wobegon effect, libertarian paternalism, loss aversion, Marshall McLuhan, McMansion, means of production, mental accounting, meta analysis, meta-analysis, Mikhail Gorbachev, mutually assured destruction, open economy, Peace of Westphalia, Peter Singer: altruism, QWERTY keyboard, race to the bottom, Ralph Waldo Emerson, random walk, Republic of Letters, Richard Thaler, Ronald Reagan, Rosa Parks, Saturday Night Live, security theater, Skype, Slavoj Žižek, South China Sea, statistical model, stem cell, Steven Levy, Steven Pinker, The Bell Curve by Richard Herrnstein and Charles Murray, The Wealth of Nations by Adam Smith, theory of mind, transatlantic slave trade, transatlantic slave trade, Turing machine, ultimatum game, uranium enrichment, V2 rocket, Walter Mischel, WikiLeaks, women in the workforce
Experts proclaimed that terrorism made the United States “vulnerable” and “fragile,” and that it threatened to do away with the “ascendancy of the modern state,” “our way of life,” or “civilization itself.”179 In a 2005 essay in The Atlantic, for example, a former White House counterterrorism official confidently prophesied that by the tenth anniversary of the 9/11 attacks the American economy would be shut down by chronic bombings of casinos, subways, and shopping malls, the regular downing of commercial airliners by shoulder-launched missiles, and acts of cataclysmic sabotage at chemical plants.180 The massive bureaucracy of the Department of Homeland Security was created overnight to reassure the nation with such security theater as color-coded terrorist alerts, advisories to stock up on plastic sheeting and duct tape, obsessive checking of identification cards (despite fakes being so plentiful that George W. Bush’s own daughter was arrested for using one to order a margarita), the confiscation of nail clippers at airports, the girding of rural post offices with concrete barriers, and the designation of eighty thousand locations as “potential terrorist targets,” including Weeki Wachee Springs, a Florida tourist trap in which comely women dressed as mermaids swim around in large glass tanks.