Security

Five good security reads

Check out a list of five security related books Chad Perrin has read in the past year that he thinks you should read, too.

Today marks the one-year anniversary of my first article in TechRepublic's IT Security Weblog. One year ago, on 17 July 2007, I wrote 5 steps to becoming the local security guru. This year, I have another five-item list for you — a list of security related books I have read that you should probably read, too.

Novels

The first part of the list is of novels I have read in the last year that have a strong IT security focus, are well written, and can teach the security interested IT professional something about security. If you haven't read them yet, they should definitely be on your reading list.

They're listed in the order I read them, which is conveniently also alphabetical order.

Cryptonomicon

This Neal Stephenson novel is a trifle unique in that it is actually two tales, each with its own plot, in one. The narrative switches between these tales regularly, one set during World War II, the other in the modern world. Specific modern technologies are often fictionalized (e.g. Finux, a thinly veiled reference to Linux, and Ordo, an encryption system that doesn't exist in the real world but very well could), while more general technologies (e.g. cryptographic technologies in general) are entirely real.

The story introduces the reader to concepts that, for most of us, may be new. It ends up being kind of accidentally educational in that respect, presenting ideas about cryptographic currencies, principles of cryptographic technology, and some of the history of modern computing and modern cryptography in forms easily digestible for the technically inclined reader. It even presents a rather unique demonstration of basic cryptographic principles in action in the form of the Solitaire cipher, a cryptographic system invented by Bruce Schneier specifically for Cryptonomicon that can be employed without a computer, via a normal deck of playing cards. It's not a trivial, toy cryptographic system, however: it is meant to be a form of strong cryptography and, in fact, when Cryptonomicon was published with the Solitaire cipher algorithm printed within its pages in the form of a Perl script, saving that script in a file on a computer in the US and emailing it to someone in another country would have violated US munitions export laws because it qualifies as "strong encryption".

Halting State

Probably the least directly educational of the three, this novel by Charles Stross is most interesting for its speculations on virtual currencies, virtual realities in meatspace, cyber-terrorism, and the social implications of all of the above. The primary characters are involved in the investigation of what starts out looking like the "robbery" of a virtual bank in a near-future MMORPG, but quickly spins out of control as they discover that all is not as it at first seems.

It is written primarily in the second person, reminiscent of old text based adventure games, which I found a little difficult to get into at first — especially with the switching between perspective characters in different chapters. It's an engrossing tale, with a well constructed plot, however.

Little Brother

Cory Doctorow set out to write this novel for "young adults" (i.e. teenagers), with an intentionally educational thread throughout. The main character, a high school student with a perhaps more than healthy interest in learning what others don't want him to know (and using that knowledge), is a hacker in the original sense who, written in the first person perspective, spends a fair bit of time explaining matters of IT security to the reader.

Little Brother is probably the best-written work of fiction that doubles as an educational text I have ever read, in part because it presents basic concepts within the context of the story and encourages the reader to pursue further knowledge on his or her own. If you read the entire novel and don't find yourself inspired to read more on the subjects and concepts presented, you may just not be cut out to be a technologist at all. It's the kind of book I wish I had in my hands when I was thirteen — but even now, about two decades older, it was a thoroughly enjoyable and inspiring read.

The plot surrounds the events following a terrorist attack on the Bay Bridge in San Francisco, in a future so near it was quite a while before I was sure it wasn't written to basically take place in the present. Politically, it looks like it may take place around 2011 some time, though it is flexible enough that it might believably take place any time in the next decade. The technologies are essentially the technologies we know today, with a few specific additions that could well arise in the next few years.

Like usual, Doctorow's challenges to the dominant paradigm go beyond the content of his fiction: this novel is not only available at bookstores and libraries, but also as a free download under the terms of a Creative Commons license. If you like reading full-length novels in digital file formats, you can get it there as a plain text, PDF, or HTML formatted file. I personally prefer having a physical book in my hands, so that's the form of the novel I read. For a more personal take on Little Brother, check out my brief review in my personal Weblog.

Related reading

The second part of the list is works that aren't novels — in one case, a book-length essay on the development of operating systems, and in the other a collection of short stories.

In the Beginning was the Command Line

People who enjoy Cryptonomicon may also want to read Stephenson's In the Beginning was the Command Line, a lengthy essay examining the history of operating systems. It was written in the late 1990s, and is a little dated now, but the lessons it conveys are no less valuable. While it doesn't directly address security, it does provide some insights into the design philosophies and necessities of operating systems, the collective mindset of their users, and other matters that provide a basis for understanding the security characteristics of systems incorporating various OSes and real-life end users. It has been published as a short book, but is also available for download as a Mac Stuffit or Zip compressed plain text file, free of charge. Among the rest of the works in this list, this is the only one I read for the first time before 17 July 2007. I have read it several times, however, the most recent being a few months ago. It's not only worth reading once — it's worth revisiting.

Overclocked: Stores of the Future Present

Doctorow's Overclocked: Stories of the Future Present is a collection of short stories by the author of Little Brother. Many of them, individually, seem tailor-made to challenge the comfortable preconceptions of the modern technologist, illustrating in science fiction prose the possible consequences of contemporary technology policy. Like Little Brother, and most if not all the rest of Doctorow's fiction, it is available as a free download as well as in dead-tree hardcopy editions.

Recommendations

If you're a technology enthusiast, and there's anything in the above list of works that you haven't read, you should rectify that oversight soon. They're all well written, informative, and often inspiring. Three of them are even available for free online, so the excuses for failing to read them lie somewhere between slim and none.

You probably shouldn't read Little Brother all in one sitting like I did, though, unless you just don't have anything else to do that day.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

Editor's Picks