Byte Wars

Peter Wayner writes: "A friend of mine who works as a public defender knows a thing or two about selling fear to the jury filled with doubts. Several months before December 31st, 1999, he asked me if we should be worried about the Y2K disasters. My answer was: The machines crash every day. Why should it matter if it happens on December 31st?" This time around though, the fears are of a different nature and scope: Peter reviews below Edward Yourdon's latest book Byte Wars, one aimed at everyone concerned about online terrorism in the post-9/11 climate. Byte Wars: The Impact of September 11 on Information Technology author Edward Yourdon pages 300 publisher Prentice Hall rating 7 reviewer Peter Wayner ISBN 0130477257 summary Plainspoken but fear-centric advice for reducing the dangers of vandals or terrorists to online systems.

My friend who nodded as if this was the same game he played every day in the courtroom. If no one knew what was going to happen, the jury's instincts could be manipulated with a mixture of fear, sympathy and tribalism. Juries were always afraid of watching a good, relatively innocent man lose everything, he explained. Corporate executives were just as worried of the same thing happening to them.

The Y2K binge is long gone and the biggest effect on computers seems to be found in the bits representing the bank accounts of Y2K consultants. Gimmicks may fade but human nature and human fear remains the same. The destruction of the World Trade Center has given new life to the fear mongers who worry that someone may obliterate our electronic infrastructure. Edward Yourdon, the old school computer consultant who made plenty of noise about Y2K, is back with another book, Byte Wars: The Impact of September 11th on Information Technology .

When I say old school, I mean that he started programming and writing about programming in the mid 1970s and this shows in the way he spells ( "Obe Wan Kenobee") and talks about "paradigm shifts" instead of "memes." He comes from the age group that decided how much to spend on Y2K and he knows how to talk to the group that will control how much we spend on our fears of terrorism.

There is no mention of his record on Y2K on the book cover or the biography, but if you're interested, the net never forgets. The book does mention the scary days of December 1999 a bit in passing, but only to note that there was "very little awareness in the media" that some "small organizations did suffer moderate-to-severe Y2K problems." He also notes with some pride that many companies survived the turmoil after the World Trade Center attack because they made so many preparations for the turn of the millennium.

This time around Yourdon is blessed with a much more concrete threat and this both helps and hurts his cause. On one hand, no one can debate the power of airplanes as weapons in the same way we can still debate whether Y2K would make a difference to embedded controllers. On the other hand, it's not really clear what the latest attacks have to do with computer networks. He even notes that the DOD's computers were relatively unhurt by the destruction of the Pentagon. How many web sites or e-commerce sites can anyone knock out with a box cutter? One company I knew with offices on the 81st floor of the World Trade Center used a co-lo facility that survived. Their web site kept on pumping out hits even after their entire office turned to dust.

Yourdon dodges all of this by being politely vague and abstract. His chapter on risk management, for instance, counsels that we should find a "realistic assessment of risks" and weigh the probability against the danger. If we develop a process to deal with the risk, then we can ensure that the risks are shared between the stakeholders. Most of the chapter could have been written at any time about any risk , but he makes it all a bit more current by including a few references to kamikaze players who are shifting the paradigm.

Some of his advice gets so abstract that it's hard to know exactly what he is suggesting. He tells us to "examine the practical impact of increased security and decreased privacy." To him, that means warning people who rely upon the social freedom of "don't ask, don't tell" to realize that so much information about us will eventually be documented by the new security state. "Now is the time to think about such matters, not two or three years from now when you suddenly find that you can't get a job, or can't buy a house in a particular neighborhood." Should we rise up or acquiesce? Which side is he on? I'm still not sure. He does such a good job playing to everyone's fears.

Occasionally, he doles out some practical advice that is close to the needs of managers worried about the aftereffects of 9/11. We are told that terrorists may be posing as "ordinary employees" or even government employees who've "risen to high levels of trust and authority." He reminds us that "hardly anyone watches the programmers." Is some terrorist slipping in a buffer-overflow loophole? Or maybe just a crook? One of the most practical suggestions is that corporations should do more code reviews.

He's also hip to some of the latest intellectual fads. Emergent organisms like Napster can be useful and resilient. He's a big fan of empowering employees by cutting away bureaucracy so the organization can evolve some emergent intelligence. Of course, we must also be ready for more scrutiny from the security bureaucracy checking to ensure that the emergent organism isn't evolving buffer-overflow backdoors. This gets a bit confusing and he waves away much of conflict with abstract calls for balance.

In the end, Yourdon can't offer many answers because there aren't many answers to give. We had risks, terrorism, info warfare, bombs and whatnot before September 11th and we'll meet them again despite the security. Anarchists detonated a horse powered wagon filled with explosives in front of the NY Fed in the 1920s. Not much has really changed and the book ends up being a distilled version of the inchoate fears that haunt us.

The real challenge is determining how much fear we should have. Yourdon is far from the only person who automatically assumes that the attacks on New York mean more attention to cybersecurity. All of the major beltway consultants near Washington are gearing up with the new tools. The more I read the book, the more I began wondering why. Why do some kamikaze hijackers mean that the web needs to be locked down? Who really has time to worry about some al Queda l33t d00dz owning my site when so many people are dying true deaths that can't be fixed with backup tapes?

At the end of one of the chapters, Yourdon exhorts us to get our act together and secure our home computers. Our old, pre-9/11 computing style was equivalent to "living in a house with the doors and windows wide open", he says, something that was "a pleasant way to live if you were in a small town in the 1950s."

Ah, the 50s. He and everyone else should rent a copy of George Lucas's pre-Star Wars classic, "American Graffiti." In one scene, the teenagers cheerfully drop a cherry bomb down the school's toilet. In another, they destroy a police car by wrapping a chain around the rear axle. The laugh track blessed both events in the movie, but all of us know that they would bring out the SWAT teams today.

The movie managed to avoid much of the discussion about Eisenhower, Francis Gary Powers, the Russian H-Bomb, or any of the other fears rippling down our spines. The 50's seem so much more fun after editing out the fact that the Russians had (and still have) fusion bombs on the tips of missiles. No amount of frisking by airport security can keep them out of our airspace. Yet we survived and managed to laugh about kids trashing police cars.

Another solution is not to quiver and worry about Osama bin Hacker's script kiddies. We can redefine the terms of engagement in much the same way that the cops in the "American Graffiti" just laughed at those impish kids. Hacked web sites are easy to restore if you have adequate backups. Denial of service attacks from zombies on cable modems sound threatening, but they rarely last longer than Friday evening rush hour.

It's hard to argue with much of the plainspoken, largely abstract advice offered by Yourdon. All of it makes good sense. The harder problem is finding the right attitude to carry us through the night. This book is filled with worry for our future and awe of the unseen l33t d00dz hiding under the bed. There are bits of light and a stab at optimism near the end, but most of the book trades on the thoughts that will keep us up well past midnight.

Peter Wayner has two resilient books emerging this spring: Translucent Databases , an exploration of database security, and Disappearing Cryptography: Information Hiding, Steganography and Watermarks , the second edition devoted to hiding secret messages in plain sight. You can purchase Byte Wars from bn.com. Want to see your own review here? Just read the book review guidelines, then use Slashdot's handy submission form.

Hmm.

[MrFredBloggs]

"one aimed at everyone concerned about online terrorism in the post-9/11 climate"

"Hey, how are we going to flog this tedious book about computers?"

"Simple - put something about terrorists in it. Get me some clip art of a Arab looking guy with a gun or something."

Re:Hmm.

[sweet+reason]

"Hey, how are we going to flog this tedious book about computers?"

"Simple - put something about terrorists in it."

9/11 can tie into anything. soon after the event, as i turned to the food section of my daily paper, i thought "at least they won't tie this into 9/11". but there it was: an article on comfort food and fear of terrorism!

How to Think about Security

[Alien54]

as I saw yesterday on RFN, , Bruce Schneier has an interesting piece in the latest issue of CryptoGram has an interesting article entitled How to Think about Security"

This is very useful. Damn Useful.

here is part of the info from the RFN story:

Here is Bruce Schneier's five step process, in brief.

This five-step process works for any security measure, past, present, or future:

1. What problem does it solve?
2. How well does it solve the problem?
3. What new problems does it add?
4. What are the economic and social costs?
5. Given the above, is it worth the costs?

Take step one above, for example. Here is part of Schneier's comment on it:

Step one: What problem does the security measure solve? You'd think this would be an easy one, but so many security initiatives are presented without any clear statement of the problem. National ID cards are a purported solution without any clear problem. Increased net surveillance has been presented as a vital security requirement, but without any explanation as to why.

I love the insightful simplicity of the piece.

Re:How to Think about Security

[volsung]

Forget security measures. The process you describe should be applied to every proposed solution to just about any problem, regardless of whether it relates to security, technology, or politics.

Re:How to Think about Security

[Alien54]

The process you describe should be applied to every proposed solution to just about any problem, regardless of whether it relates to security, technology, or politics.

I am going to get this to the attention of my local congressman.

They need all the help they can get.

Y2K Problems

[wiredog]

I remember going to the Official Time Clock of the US Naval Observatory and seeing the time as "00:01 01/01/19100".

Re:Y2K Problems

[sweet+reason]

I remember going to the Official Time Clock of the US Naval Observatory

i went there a few years ago and found the clocks didn't work. the html was so badly broken that it was amazing the browser didn't crash. i sent them a message about that, and they replied that the site was "browser dependent". in a way -- netscape tolerated the errors enough to put up some clocks; other browsers did not.

i just went back. the site is different but still broken. for example:
<img SRC="/cgi-bin/nph-usnoclock.gif?zone=EST;ticks=11" ALT IMG SRC="/cgi-bin/gifclock.gif?zone=EST">

some of their img tags have alt text saying that you need netscape!

i don't understand how this site was made. there are html editors that make bad code, but that bad? but how could a human produce such nonsense by hand?

Y, C, et al

[rot26]

IIRC, Yourdon is something of an egomaniac.

I don't imagine that there are many subjects that he doesn't feel qualified to write a book about.

Re:Y, C, et al

[JThaddeus]

Sadly though, as the reviewer implies, Yourdan is the Oracle of Delphi to many PHBs who's computer education ended with dataflow diagrams and HIPO charts. Why? Because their '70s era college texts for IS consisted largely of books by or inspired by Yourdan; because Yourdan has gotten rich selling his snake oil; and because they fancy they'll get rich, too. You know the type of manager I mean--the same sort of IS dumbass that thinks you need Windows servers and that everyone should be running Outlook. Solution? You got me! Every place I've been with more than a couple of dozen employees has had a Yourdan disciple in management.

Re:Y, C, et al

[swillden]

Every place I've been with more than a couple of dozen employees has had a Yourdan disciple in management.

And every on-line forum I've visited has a bunch of posters who can't spell a word correctly even when it's right in front of their face.

The man's name is Yourdon.

Re:Y, C, et al

[swillden]

Hahahaha! Good one! Or (opps!), am I speaking to a disciple? Nah, I've glanced through a couple of his books in the bookstore, but that's about it.

And, BTW, since I'm feeling my typo-Nazi oats this morning, the word is spelled "oops" ;-)

Why-2k again?

[rdmiller3]

This review was very well done. I especially appreciated the link back to some of the author's previous (and now, dubious) work. Heh, heh, heh... Give that man a "5" for "funny"!

This author looks like the run-o'-the-mill fear-mongering sort that the media loves to trot out when they've got no real news to talk about. So why on earth are we hearing about him at all?

Hmmm.... Maybe I should start writing book reviews for Slashdot! "Review: Discourses of Epictetus, a rational look at the problems of today's world politics and our individual lives"... written only 1900 years ago!

-Rick

Re:Why-2k again?

[commonchaos]

This has got to be the best book review I have read in at least a year... Even my short attention span could not distract me from it. He hit the nail on the head when he talked about the "fear-mongering" that goes on.

Re:Why-2k again?

[YouAreFatMan]

I especially appreciated the link back to some of the author's previous (and now, dubious) work.

here's a choice article of his from the archive:

"You're treating your lawyers as a bureaucratic nuisance, think twice. Some will be as valuable as a building full of Cobol programmers when your company is hit with a year 2000 lawsuit."

These days, who would want either a building full of lawyers or cobol programmers?

Previously predicted...

[PHAEDRU5]

- The end of the American programmer
- The end of the world in Y2K

Previously retracted...

- The end of the American programmer
- The end of the world in Y2K

The stuff on structured analysis and project managemetn is useful. That's about it.

Re:Previously predicted...

[nicestepauthor]

I remember trying to use the Yourdon method on a project. We had to draw a hell of a lot of process diagrams that decomposed into lower and more detailed levels. Nobody did all the charts right, and when we were done with the charts nobody looked at them again. It was just a big time sink. We also spent a fortune on CASE tools to draw the damned things. My job was to convince everyone to use these tools and draw the diagrams.

Basically I'd say the guy has been wrong on everything he's ever written. If I was concerned about what terrorists might do to our IT infrastructure before I suppose I should be less concerned now.

Re:Previously predicted...

[roman_mir]

Idea: Let's get him to write books about all the Bad Things(tm) that could ever happen. If he is always wrong then we should see a decline of Bad Things(tm)!

sabotage through the internet is similar to

[Mr.+Asdf]

suicide bombers. anyone who puts in the effort can do it. the reason or planet generally survives this is because the vast majority of people are not this way. I personally am in a position such that with the click of a few buttons, or by rewriting one line of code i could cause tens of millions of dollars of damage to multiple production facilities around the world. i probably could even injure people if i got the timing right. but I could just as easily strap on some bombs and detonate myself on a crowded subway too. yet i'm fairly certain i'll never do these things. but surely someone out there will, and we'll just have to deal with it, like we always do.

Re:sabotage through the internet is similar to

[Liora]

I think you're absolutely right, and yet I also think I'm beginning to hate how cynical statements like that sound and how cynical I must have somehow become in agreeing with statements like that.

I would like to point out, however, that sabotage through the internet is very unlike a suicide bomber in that provided you are not caught, a would-be saboteur could feasibly sabotage again, and again, and again. Successful suicide bombers have but one shot to hurt people.

I am quite convinced that because of this, despite the new fear experienced by many post-9.11, suicide bombers are still the least of our immediate first-world worries.

Re:sabotage through the internet is similar to

[Stonehand]

Theoretically, internet sabotage could be more subtle. It's also less prominent in the minds of most civillians, I'd think, than the various sorts of non-subtle kamikaze attacks, much the same way "Gee, if I were a murderous suicidal microbiologist, I might be able to genetically engineer or choose a virulent airborne contagion with a decent incubation period, infect myself with it, and mingle in public places" is probably an unusual thought. 9/11 raised awareness of conventional kamikazes, but I wouldn't bet on that awareness having translated to other areas.

Raising awareness of the possibility is probably a reasonable thing to do, as long as it's a realistic view -- for instance, it would be preposterous to suggest that a systems cracker could directly launch from the US nuclear arsenal, given the air gaps and other precautions built into the system, nor are hostile programmer likely to be able to send satellites crashing down on the White House without access while designing the systems.

money grab

[jest3r]

Isn't this yet another example of someone trying to cash-in from 9/11?

I mean security has always been an issue. Perhaps 9/11 is a wake-up call but surely we don't need a book to tell us that.

Does he consider the /. effect cyberterrorism or free publicity?

Security as a Wicked Problem

[jfsather]

I don't know how many of you get Software Development magazine, but they had an interesting article on wicked problems in the latest issue. The quick definition from the article header is this:

When you're scrambling to complete a never-ending task and no one can decide what "done" means, it helps to know that there's a name for this situation--and it's not a four-letter word.

This is essentially what the problem is with developing security plans--you never really know when you are done. The other problem is that you never have one true answer. Sure a national ID card seems like a good idea, but is it the right answer to the right question? Anyway, you can find the article here: Wicked Problems.

Re:Security as a Wicked Problem

[Alien54]

After quickly looking at the article on "Wicked Problems" (damn good read, thanks for the Link) the basic problem I see that defines it are conflicting goals and purposes.

if you have a single goal, then most of the time, design and planning go well. When you have a conflict in agendas at any level, you will compromises.

Typical example: vehicle safety:

The maximum safe car likely resembles a tank. This is not incompatible with comfort because you could have a luxury interior.

Driving pleasure and exterior styling are more difficult.

Now meet a price point.

Selling the Luxury high performance tank will be relatively easy if price is no limit. Doing it under 20k (US) is maybe another story.

Open Doors?

Our old, pre-9/11 computing style was equivalent to "living in a house with the doors and windows wide open"

There is an OS called Doors? And Windows isn't Open, it is just broken, constantly.

The colo that survived?

[Chagrin]

• One company I knew with offices on the 81st floor of the World Trade Center used a co-lo facility that survived.

And what if the jet had crashed into that co-lo facility?

Re:The colo that survived?

[jonr]

And what if some company used co-lo facility located in WTC?
Can you say DUH?

Re:The colo that survived?

[Kintanon]

The WTC wasn't a big enough hulking piece of concrete for most co-los to house themselves in. Every big co-lo I know of is in the equivelant of an underground parking deck with 50+ feet of concrete above them. I doubt an airplane would do a whole lot to that.

Kintanon

Y2K played down too much

[coyote-san]

"Computers crash every day...."

Sure. But we weren't concerned about the average number of computers crashing, we were concerned about more computers crashing than normal. And these crashes being more difficult to fix than usual because so many people wrote their own (broken) date routines - there was no single point of failure. This could lead to cascade failures and it was not clear that any natural firebreaks existed to limit the damage.

The best analogy is probably the road net and accidents. You can usually handle a single big accident without a problem. Even two. But at some point you have so many accidents that the system can't cope. But even one really bad accident can shut down traffic citywide for hours, e.g., the torpedo spill at the intersection of I-25 and I-70 in Denver.

We saw this phenomenum in action after 9/11, when the air traffic system shut down, and later when there was the anthrax scare.

Was Y2K oversold? Of course, but the worst offenders were non-techies pushing their own questionable goods or techies trying to reach management too focused on a 6- or 12-month window.

Re:Y2K played down too much

[QuantumG]

I worked on date correction hardware in 1999. We were making a product that corrected the hardware real time clocks in PCs. Basically all of them were broken. Our sales people would go out and convince people that it was important. Our cards weren't expensive, and the firmware/drivers were tested better than anything I've ever worked on. There was basically two types of people: gimme and cynical. We supplied good support to the people who said gimme and sold a lot of cards. The cynical people would waste our time sitting through our demos, arguing about the impact. Eventually they ran out of time. We personally went to every single one of them after y2k and asked them how it had gone. The sales guys would tell me how fucked their systems were. Some experienced huge data losses which we really couldn't explain.

Compaq computers have an embedded processor which supplies the entire southbridge, ie, IBM PC compatibility. They offered to their customers a firmware upgrade that would make their computers y2k compliant. We found out about this after we had sold a lot of cards and people were coming back to us for refunds. Why we gave a refund because they had failed to do their homework I dont know. After y2k all their systems were fucked. Compaq's firmware didn't do the job.

In 2001 I got a call from this company saying they had about 400 cards left and they couldn't sell them (obviously). So I was hired to rewrite the firmware to make the card somewhat useful. Using the onboard real time clock we made a card that could lock a computer between certain times. Totally useless product in my opinion. They're on their 8th production run (or something, I dont talk to them anymore).

Call them what you will, but if all these technology startups had hired a sales force like the one I had the pleasure of working with in 1999 we might see a few less chapter 11s.

Re:Y2K played down too much

[david+duncan+scott]

Although I agree with the thrust of your comment, I don't think we did see this in the air-traffic control system -- it was shut down deliberately and not ungracefully. Nobody was left hanging in the air looking for clearance.

We did see this sort of thing in the 1977 NYC blackout, with multiple lightning strikes causing cascade failures. In that instance the system protected itself and could later be brought back online, so in a sense it was designed behaviour, but it didn't seem to be a lot of fun for people in NYC.

Good marketing

[moankey]

I remember back in college that was what marketing instructors would say religiously.
To sell you have two fundamental resources to use:
- utility
or
- emotion (fear and safety being the 2 best).

If you use any of the above 2 you will see all advertisements and call to actions are based on it.
In this instance fear.

Buffer Overflow or Backhoe?

[caudron]

Combating terrorism isn't about protecting against sophisticated attacks. It's about protecting against very cheap, very simple attacks that have wide-reaching effects. They are FAR more likely to backhoe a cable or bomb a server location than to try hacking into it.

Osama isn't employing hackers OR script kiddies, he's employing desert fighters whose expertise is real-world destruction.

Adding in safegaurds against buffer overflows may be a perfectly good idea, but it won't matter a whit to a terrorist bend on causing damage to the Internet.

Eh?

[MisterBlister]

People still read Edward Yourdon's books? Hasn't this sensationalist fear-monger been discredited enough? If I were him, I'd change my name and/or move to a non-industrial country in shame...

Re:Eh?

[Rogerborg]

Well said. Ed Yourdon was the credible, sensible, plain spoken champion of the Y2K hypefest. I'm not sure if he set out deliberately and cynically to use Y2K hype to scam his way into government circles, or whether he just got caught up in it and found himself having to escalate his predictions until he couldn't back out.

Let's get this straight: Ed Yourdon predicted that Y2K would be the end of the world. He changed his mind more often than his underwear, and he was always oh so careful never to predict specifics, but he gave vastly inflated credibility to all the doom mongers, and he assumed that any Y2K ready declaration not done by an independent auditor was a smokescreen. Every tiny report of a computer failure was turned into a "probable" indicator of coming failure. He turned absense of evidence into evidence of absense when it suited him, and vice versa.

The sad part was that he suckered a lot of gullible folks in. There's still people today eating through their Y2K stocks and weeping over their lost life savings, and a smaller number grubbing around on dirt farms and hand pumping water from wells who'll grit their teeth and tell you that they thank Ed for prompting them to move to a self-sufficient subsistence lifestyle. Oh yes, this is better than relying on all those fragile modern foibles like washing machines and shops. Grind. Oh yes. Grind, grind.

Don't get me wrong, those people were responsible for their own decisions, and Ed is not a bad man. But he was wrong about Y2K. He was major league wrong, and he stubbornly clung to his position that the dominoes would start falling any day now (yeah, there's that 1950's thinking again), all through 1998 and 1999, right up to December 1999. Only in the last couple of weeks did he do a complete U-turn and backpedal and dissemble like there was going to be a tomorrow, which rather makes me think that he genuinely did believe the delusional scenarios that he was pushing to government and to anyone else that would listen. And he did admit that he was wrong shortly into 2000, but it was "OK, I was wrong, BUT..." and then he was off on a completely new tack about how he had singlehandedly save the free world by fearmongering up to the rollover, and ensuring that nobody slacked off. All praise Saint Ed.

I don't blame Ed for the misery he caused, but I do blame him for being a stubborn old fool, and for creating his own little solipsistic dreamland where the world had to end, because Ed had said it would. When it failed, it was exactly like watching a religious cult falling apart when the leader absconds with the takings from the collection plate. There are still people on his Y2K discussion board claiming that there was a Y2K catastrophe, but we didn't notice because we'd all been drugged with chemtrails.

So sure, buy and read this book if you like, but understand that Ed lost the plot about five years ago, and that anything he writes now must be treated as science fiction. Good old fashioned plain speaking science fiction, but utterly, completely untrustworthy.

terrorism == loss of human life != hacking

[Dr.+Awktagon]

Okay, terrorism is targetting and attacking unarmed civilians in order to create fear and terror on a large scale. (ie, detonating a bomb in a crowded restaurant).

It doesn't have anything to do with hacking computers. The terms "online terrorism" and "cyberterrorism" are meaningless and maybe even insulting to victims of real terrorism.

Terrorism isn't a blanket term for everything that's disruptive and annoying. I don't feel "terror" if the internet is subverted by al Queda hackers, or the 14-year next door for that matter.

Let's not dilute the meaning of the word.. It's enough we have idiots creating phrases like "industrial terrorism".

We already have a word for breaking into computers: hacking (or, uh, cracking).

Re:terrorism == loss of human life != hacking

[geekoid]

"We already have a word for breaking into computers: hacking (or, uh, cracking)."
how about trespassing?

Re:terrorism == loss of human life != hacking

[cthugha]

It doesn't have anything to do with hacking computers. The terms "online terrorism" and "cyberterrorism" are meaningless and maybe even insulting to victims of real terrorism.

Not necessarily. One of the goals of terrorism (IMO) is to disrupt the ordinary function of society. Society works because people have a certain amount of faith in the institutions, both of government and of the private sector, that make it work. People trust the authorities to manage law enforcement because of the checks in balances that give them faith in that system, they put their money in banks in the belief it will stay there, they use money because they believe its value is appropriately assessed according to relevant economic criteria, etc.

Those are just a few examples, but many of them rely on computers as part of their fundamental infrastructure. Take away faith in that infrastructure (by demonstrating its weaknesses, cracking being the most effective way of doing this) and you take away faith in the institutions they support. Society will cease to function, the economy will tank, and anarchy and chaos will ensue (any civilization is only three meals away from revolution).

That seems like a pretty foreseeable terrorist goal to me, what about you?

Re:Y2k

[Tim+C]

Yes and no - there was also the fear that the system would crash, and crash, and crash... and so would the backup(s).

Multiple redunancy is useless if all the systems suffer from the same bug, that kicks in at the same time.

Cheers,

Tim

BINGO! New game idea for "Post-9/11"

[Geek+In+Training]

I'm sure many of you have played "Bullshit Bingo," AKA Buzzword Bingo, where you go to meetings and mark off words and phrases such as "Going Forward," "Core Business," "Changing Paradigms," etc.

How about a new one for playing in the car or reading the paper? Marking off stuff like cars that have fifteen american flags on them. Or reading some off the wall article that has sudden relevence because of the "Post-9/11 Era." Or discussing the way it is impacted by the "War on Terror."

Bonus points for stores that put "God Bless America!" signs up, not only in their windows but on that giant illuminated sign with the two golden arches on it.

Sorry to be overly cynnical; it's a nice thought... but it really seems to ringing hollow now. People have just gone on about their comporate business, even if they have "heightened insecurity" in their personal lives. This book probably has interesting info in it, but now everybody is marketing it with "a sense of urgency due to the new world we live in."

If I hear "In the wake of September 11th..." one more time, I'm gonna punch a broadcaster in the nose.

Now if you'll pardon me, in the wake of my bottled water and NutriGrain bar breakfast, I'm going to get a hot bowl of soup for lunch in downtown Cleveland.

Re:BINGO! New game idea for "Post-9/11"

[FurryFeet]

If I hear "In the wake of September 11th..." one more time, I'm gonna punch a broadcaster in the nose.

I agree. But in a two-three months the noise should be back to normal and peace will return.
And then it will be september, and the media will be full of "After one year of the tragedy...".
Damn.

Re:BINGO! New game idea for "Post-9/11"

[t_allardyce]

yep, the only way people are going to stop all of this "in the wake of september 11th" stuff is if something bigger happens. Personally i just don't think a massive electronic attack is going to cut it. Bin Laden wants everyone to know about his stunts, and lets face it, DoS'ing some servers and bringing a few routers down is just not going to get as much media attention as something more trendy like anthrax. What he could do, is use the EMP from a nuke to dissrupt something, that would be like killing 2 metophorical birds with one lump of plutonium

Re:BINGO! New game idea for "Post-9/11"

[geekoid]

points for someone driving a mitsubishi that has an american flag!

note:mitsubishi built the Zeros that attacked Pearl Harbor.

Re:BINGO! New game idea for "Post-9/11"

[Stonehand]

...or do something that affects a lot of people, like trying to gradually introduce numerous small errors into the electronic trading systems, or a DOS of emergency communications systems coincident with a real-world attack.

Or, for that matter, being able to plant stories on the wire services could be interesting.

Re:BINGO! New game idea for "Post-9/11"

It's about time someone said this...

Wake up!!! Smell the coffee - we've lost more people to car accidents since 9/11 than died in the blast. We haven't had a single follow on attack since. While we've supposedly been "coping" with 9/11, our government has been working to turn America into a police state where merely accessing a computer incorrectly can get you sentenced to death for "cyberterrorism" - as if such was comparable to killing people. Speaking of killing, what about the millions of children who have been dying in Africa - where's their tradgedy?

Oh wait, I'm sorry. I forgot - poor people don't matter. Bomb some third world country into oblivion, but don't dare fly a plane into a business or do something that would interrupt American corporate profit.

Seriously, folks, you need to deal with 9/11 and get over it. Bad things happen. Jesus saves. People in other countries face disasters like this on a daily basis; why is it that Americans seem to have such a hard time coping with this?. If 9/11 scares you, you need to make peace with your maker before you go bombing third world countries where the terrorists used to be.

If anything scares me, its that our government has been taking away our rights and no one seems to care. I thought more of Americans until after I saw the way they reacted to 9/11. A handful of buildings come down, and they are afraid .

And no, the world hasn't changed. Just your outlook.

Re:BINGO! New game idea for "Post-9/11"

[Geek+In+Training]

While you do make some good points, I find your overtones of "evil American corporate greed" a little disturbing; it's been intoned in a lot of european posts and opinions I've seen as of late.

Also we're not afraid, we have crazy newsmedia who feed of fear and perpetrate FUD (fear, uncertainty and doubt) onto the masses. And unfortunately, what makes it over the pond is that media reporting, which kind of sucks.

Come over and visit sometime, and you will find that many of us more educated americans decry outlandish corporate greed when it surfaces (but it is not yet as pervasive as it outwardly appears), and we are definitely not "afraid" of terrorists. We're a proud, strong country with a majority of good people (if not smart people), and besides, we've got a lot of cool landmarks with nifty gift shops...

;)

"Where were you in '62?"

[davie]

Nice review, but American Graffiti was set in 1962, not the 50's.

Re:"Where were you in '62?"

[Daniel+Dvorkin]

Well, culturally, 1962 was still the Fifties. "The Sixties" didn't really get rolling (outside San Francisco, anyway) until 1965 or so.

recipe for Yourdon book

[peter303]

% edit previous_book_file
> set OLD_DISASTER = "Y2K"
> set NEW_DISASTER = "9-11"
> from first_line to last_line replace $OLD_DISASTER with $NEW_DISASTER
> save to new_book_file
% iterate every three years

Re:recipe for Yourdon book

[BigJimSlade]

By this recipe, maybe Leonard Nimoy should also release a Post-9/11 follow-up to his best-selling book "Y2K Family Survival Guide: A Complete Action Manual for Your Y2K Lifeboat".

I thought we were talking about system engineering

[mekkab]

I'm sorry, I stumbled into the conversation late! But with all this talk about RMMM (risk management, mitigation, and monitoring) I was harkened back to my first seminar about Software Engineering and that Pressman book...

The only difference being that Pressman gives some examples.

And yes, it is a process, just like any other business/engineering process. Just let engineers run the world... we'll get it together!

Pardon me for asking, but ...

[T1girl]

Peter Wayner has two resilient books emerging this spring

I was wondering how a book that hasn't been published yet can be "resilient." Perhaps the cover is made of steel-reinforced concrete? Titanium? Galvanized rubber?

Search for "19102" on Google

[Animats]

Go search for "19102", and you'll find about 300,000 hits, of which about half are dates that should read 2002. There's still considerable software out there that's not Y2K compliant.

Re:Search for "19102" on Google

[TheRealFixer]

It's such a simple formula to fix all those 19102 clocks, too. For the Perl localtime function (which on my machines the year was coming up as 100), I simply had to do this on all my scripts: $year = $year + 2000 - 100;

Timothy, you ignorant slut

[PD]

By insinuating that the Y2K problem was a scam by consultants to make money by scaring everyone, you do the security and Y2K consultants a huge disservice. Y2K was a REAL problem, and the reason that absolutely nothing happened was because thousands of people did their jobs very very well to fix the problems before the deadlines.

Yourdon's one good book: "Death March"

[alispguru]

The reason "Death March" is a good book is that he wrote it by asking a bunch of his hacker-manager buddies about the nature of impossible-to-complete projects, and wrapped some text of his own around the results. This polling-the masses approach added a reality check that he clearly needs (vis. any of his other books that make predictions about the future - the ones that are uniformly wrong).

Yourdon on Y2K indeed

[itwerx]

I was a Y2K consultant back in the (not so distant) day. And while the problem was more real than most would have you believe, (trust me on this, I was involved in some of the high-impact areas like utility infrastructures and healthcare, it could have been pretty bad), I swear we had just as much hassle dealing with the PHB's who'd read his stuff as we did handling the real issues!
The guy is a rabble-rousing fear-monger!

Re:Yourdon on Y2K indeed

[dunstan]

The problem was that everybody thought that Y2K was an issue whose effects would only be noticed in Dec 1999 and Jan 2000. The first Y2K failure I heard of occured in about 1996 when a retailer was putting corned beef (the tinned stuff we have in GB, not the stuff in the US) into their stock control system. Tinned corned beef has a very long shelf life, and they couldn't put it into the system until the Y2K (aka century bug) had been fixed.

The acid test for most people was the first quarter of 1999 when budgets and cash flows for the financial year April 1999 - March 2000 were being worked out. Financial systems had to be fixed by then.

By December 1999, 95% of the Y2K faults would have either been fixed or have long since caused failure.

Now, 2038 on 32 bit systems ... that one will be interesting.

Dunstan

"Stock Issues" model

[Philbert+Desenex]

Basically, Schneier's 5-step plan is called the "Stock Issues" model for arguing a policy change.

Stock Issues has been around for a long time, which is not to say that Schneier is wrong in using it: to the contrary, he's correct. I wonder if he re-invented it, or if he knew about Stock Issues when writing that 5-step plan?

It's probably worthwhile to structure every "case" you hear for some change in the form of Stock Issues, even changes contrary to your own point of view. If you can figure out what the "case" for a change you don't like is missing, or where it's wrong, you can try to shoot down the change with that information.