Category: books

How much work is writing a book?

There’s a great (long) post by Baron Schwartz, “What is it like to write a technical book?” by the lead author of “High Performance MySQL.” There’s a lot of great content about the process and all the but I wanted to respond to this one bit:

I can’t tell you how many times I asked people at O’Reilly to help me understand what would be involved in writing this book. (This is why I’m writing this for you now — in case no one will tell you, either). You would have thought these folks had never helped anyone write a book and had no idea themselves what it entailed. As a result, I had no way to know what was realistic, and of course the schedule was a death march. The deadlines slipped, and slipped and slipped. To November, then December, then February — and ultimately far beyond. Each time the editor told me he thought we were on track to make the schedule. Remember, I didn’t know whether to believe this or not. The amount of work involved shocked me time after time — I thought I saw the light at the end of the tunnel and then discovered it was much farther away than I thought.

I think this is somewhat unfair to the O’Reilly folks, and wanted to comment. Baron obviously put a huge amount of effort into the work, but O’Reilly has no way of knowing that will happen. They run a gamut in second editions from “update the references and commands to the latest revision of the software” to “complete re-write.” Both are legitimate ways to approach it. It could take three months, it could take a few years. O’Reilly can’t know in advance. (Our publisher has told me horror stories about books and what it’s taken to get them out.)

So O’Reilly probably figures that there’s a law of diminishing returns, and pushes an insane schedule as a way of forcing their authors to write what matters and ignore the rest.

So it’s not like a baby that’s gonna take 9 months.

Andrew and I opened the New School of Information Security with a quote from Mark Twain which I think is very relevant: “I didn’t have time to write you a short letter, so I wrote you a long one instead.”

We took our time to write a short book, and Jessica and Karen at Addison-Wesley were great. We went through 2 job changes, a cross-country move, and a whole lot of other stuff in the process. Because we were not technology specific, we had the luxury of time until about December 1st, when Jessica said “hey, if you guys want to be ready for RSA, we need to finish.” From there, it was a little crazy, although not so crazy that we couldn’t hit the deadlines. The biggest pain was our copy-edit. We’d taken the time to copy-edit, and there were too many changes to review them all. If we’d had more time, I would have pushed back and said “reject all, and do it again.”

So there’s no way a publisher can know how long a book will take a new set of authors, because a great deal of the work that Baron Schwartz and co-authors did was their choice.

Bush’s Law — Less Safe, Less Free

I’d like to review two recent books on the war on terror: “Bush’s Law: The Remaking of American Justice” by by Eric Lichtblau, and “Less Safe, Less Free: Why America Is Losing the War on Terror” by David Cole and Jules Lobel. Both are well written assaults on the way in which the Bush administration is conducting itself, although each takes a tact aligned with the author’s background and history. Lichtblau is a reporter, currently for the New York Times, and Cole and Lobel are law professors.

Bush’s Law is an extended view into some of the major stories that Lichtblau has covered. Included are the NSA’s warrant-less wiretapping, the SWIFT following of the money, and the Comey/Ashcroft hospital story. Even as someone who follows these stories fairly closely, I still learned quite a bit-some new, some not previously reported, and all better organized and more readable than in the newspaper. The theme that emerges from Bush’s Law is one of secrecy, and the conflict which a free society faces when repeatedly begged to `trust us’ by an administration which seems to not understand how its actions undermine trust.

The undermining of trust is also a major theme of Less Safe, Less Free. Before getting into the meat of the book, let me say that this is law professor writing at its best. It’s clear and compelling, and the notes are at the end. They lay out a strong case that the Bush administration’s concept of how to engage with the world is is at its core, preventative, rather than reactive. In theory, this seems like a great plan. In practice Cole and Lobel show how it inevitably undermines the concepts of justice on which our society is founded, as well as our reputation with the rest of the world. That is, it is not merely a practical failure, it was inevitably going to be a practical failure. Predictions are hard, especially about the future. Reasonable people may disagree on the reasonableness of a preventative action. The difficulty of reaching proof “beyond a reasonable doubt” about what would have happened undermines the legitimacy of claims about the future.

The essence of their argument is that prevention, be it preventative war, such as in Iraq, or preventative law enforcement, such as with the justice, always requires the showing of evidence. You can’t simply detain someone because they might in the future commit a crime. In a court, no single body acts as judge, jury and executioner. Each party gets their day in court, with an opportunity to examine the evidence against them. These things are impossible in the preventative paradigm. Not only are sources and methods secret (sometimes with good reason), but the evidence is often lacking. In the case of war, the court is that of public opinion in many places. They also show a plethora of historical cases where preventative war went horribly wrong, and relate preventative war to a set of regimes with which no reasonable person wants to be associated.

The core reason which we demand that justice be reactive, or, at its fastest, at the instant of a crime, is that we rightfully fear the powers we invest in our government. It is a mighty and fearsome machine which can crush anything in its path. When it is allowed to do so, we are all less safe, and less free.

Two asides: I paid for both books, and I love the endnote styling of page number, excerpt, note used in Bush’s Law.

More New School Reviews

Gary McGraw says buy it for the cover:

The New School of Information Security is a book worth buying for the cover alone. I know of no other computer security book with a Kandinski on the front. Even though I know Adam Shostack from way back (and never could have predicted that he would become a Microsoft guy), I saw his book at RSA, bought it for the cover, and only then discovered that he was the author! My plan was to give the book to a good friend who I know is a huge Kandinski fan. On the way to complete that errand, I had a chance to look though the book and now I need a copy of my own! If you’re a follower of the economics of security school (which Ross and Bruce Schneier have helped spearhead), you’ll like this book. (Gary McGraw)

while Ben Rothke says buy it for what’s in between:

The New School of Information Security is a ground-breaking text in that it attempts to remove the reader from the hype of information security, and enables the reader to focus on the realities of security. The fact that such a book needs to be written in 2008 shows the sorry state of information security.

Let’s hope The New School of Information Security is indeed a new start for information security. The book is practical and pragmatic, and one of the most important security books of the last few years. Those serious about information security should definitely read it, and encourage others to do the same.
(Ben Rothke’s review on Slashdot)

Thanks very much for the awesome review, Ben!

Generativity, Emergent Chaos and Adam Thierer

Jonathan Zittrain, a professor at Oxford, has a new book, “The Future of The Internet.” He’s adapted some of the ideas into a long and worthwhile essay, “Protecting the Internet Without Wrecking It.”

In that essay, he uses the term “generativity” to refer to a system which has what I would call ’emergent chaos.’ A generative system is one which is open enough that people do strange things on it, and new stuff emerges. There’s no need to get permission. In The New School, we talk about the difference between the internet, where anyone can run anything, and the old phone network, where only Ma Bell had any way to innovate. And never did.

In commenting on these ideas, Adam Thierer says some things I want to respond to:

I see no reason why we can’t have the best of both worlds–a world full of plenty of tethered appliances, but also plenty of generativity and openness. In a follow-up essay, I pointed out how Apple’s products create a particular problem for Zittrain’s thesis because even though they are “sterile and tethered,” there is no doubt that the company’s approach has produced some wonderful results.

And what’s wrong with this? Answer: Nothing! People are getting the choices and configurations they want. Older generations are simply not comfortable with the “general purpose” devices that tinker-happy gadgeteers like Zittrain and me prefer.

(From “another problem for the Zittrain thesis — old people!“)

So I’m all for choice in who gets what. At the same time, I think that
Thierer makes the mistake of thinking that generativity happens in a vacuum. I don’t think it does. I think that the more generative devices you have, the more chaos (both good and bad) emerges. If only a few hundred people have Chumbys, then no one is going to write the alarm clock my buddy Nathan wants.

On the other hand, if there are a million Chumbys then someone might.

I think anyone writing for a blog entitled “The Technology Liberation Front” would get this, but let me lay out it. If I’m thinking of creating a widget to connect an ipod to a stereo, then I have to pay for my R&D out of the sale price of each device. If I’m spend a million bucks on R&D, then if I sell a million units, I can add a buck to the price of each. If I sell 10, then I’m going to lose money.

Entrepreneurs know this. They learn to prefer larger markets. They gravitate to larger markets. And thus the larger markets develop an advantage, which is that people want to participate, there’s a talent pool available, there’s a greater opportunity to partner, more investors willing to invest, etc. It’s a virtuous circle. You can buy a wider variety of parts to customize a Scion or a Mini than you can with a Ferrari. There just aren’t enough Ferarris to support a broad ecosystem of innovation. (There may be a network of engineers who wouldn’t bother touching a lower end car.)

And so each “tethered” device may reduce generativity by reducing the chaotic froth which exists in the generative world. I’m not saying that such devices have no innovation. I have (and enjoy) an iphone. I’d love to be able to SMS people URLs or contacts. And maybe when we get the SDK, and the iPhone becomes generative, I’ll be able to.

Until then, generativity has existed in active conflict tension with the tethering. I think that generative and tethered systems can co-exist. But it’s not the “best of both worlds.”

Dan Solove's books free and online

Dan Solove has put his two current books, “The Future of Reputation” and “The Digital Person” online for free.

I’ve felt bad in not reviewing The Future of Reputation, because I really enjoyed it, and have been trying to figure out what to say. Solove does a great job of surveying reputation in its many forms, and offering up an interesting framework for making tradeoffs about how to manage some of the costs and benefits of being able to speak freely about people online.

Check them out!

Dan Geer: Economics and Strategies of Data Security

Speaking of books:

This book explores the dramatic shift from infrastructure protection to information protection, explaining why data security is critical to business today. It describes how implementing successful data security solutions across sophisticated global organizations requires a new data-centric, risk based and strategic approach, and defines the concepts and economics of a sound data security strategy.

Order “Economics and Strategies of Data Security” from the Verdasys website.