Slashdot Mirror

← Back to Stories (view on slashdot.org)

Freakonomics Q&A With Bruce Schneier

Posted by kdawson on from the thinking-like-an-economist dept.

Samrobb writes "In grand Slashdot tradition, the Freakonomics blog solicited reader questions for a Q&A session with Bruce Schneier. The blog host writes that Mr. Schneier's answers '...are extraordinarily interesting, providing mandatory reading for anyone who uses a computer. He also plainly thinks like an economist: search below for "crime pays" to see his sober assessment of why it's better to earn a living as a security expert than as a computer criminal.'" The interview covers pretty much the whole range of issues Schneier has written about, and he provides links to more detailed writings on many of the questions.

5 of 147 comments (clear)

  1. His comments on terror and cameras were by WillAffleckUW · · Score: 5, Interesting

    I found his comments on terrorism - A. Refuse to be terrorized - and cameras to be fairly well thought out.

    We choose how we live.

    We can live in fear and magnify risks that are, in reality, very minimal, or we can realize they're minimal and stop worrying about them.

    I'd rather live free from fear.

    And the answers about passwords were fairly good. When I was a regional security officer, I came up with similar concepts, based on the real threats that actually existed. When on a public site, with low real risk (e.g. public web, no linked account) it's better to have a common (but hard) password, and save more secure passwords for sites where you have real financial risk instead.

    --
    -- Tigger warning: This post may contain tiggers! --
  2. Freakonomics Q&A with Jonathan Coulton by FleaPlus · · Score: 3, Interesting
    I don't think this was mentioned on slashdot, but since this is quasi-related I thought I'd mention that a couple weeks ago Freakonomics also had a Q&A with Jonathan Coulton, a really awesome (IMHO) singer-songwriter who releases many of his songs under a Creative Commons license and whose music often has a rather geeky tilt. He also got quite a bit of attention recently for writing the song "Still Alive" which plays at the end of Portal. Here's a few neat quotes from the interview:

    Q: Do you think having music available for free will make releasing some of it on a traditional album more difficult? Also, why aren't more of your songs available on Yahoo Music Engine or iTunes?

    A: It's always hard to figure out the actual numbers on this, but I definitely get the feeling that having a more open attitude with MP3s has contributed to my ability to actually make a living. More and more, people don't like to buy things that they haven't heard first, which makes perfect sense when you think about it. This is why they have listening stations in record stores (er, I mean, when they used to have record stores). And because I depend so heavily on word of mouth marketing, it's extremely important that it's as easy as possible to hear my stuff. Again, it comes down to the extremely low cost that comes with digital content -- it's okay if only a small percentage of listeners buy, as long as the number of listeners is very high. That can only happen if you let people listen. ...

    Q: When you wrote "Still Alive" for Portal did you have any idea how well the synergy would be with the game? I don't think that there has every been ending credits in any media that has matched the love that people have for the end of Portal. Have you been asked to work on any other video game music since the release of Portal?

    A: One of the reasons I agreed to do it was that I understood the character so well -- it was one of those things where I looked at what they had created and it made absolute sense to me. We didn't know all the details of how we were going to finish the game, but I really could sort of feel how it was supposed to end up. Of course I'm thrilled with the reception, and it's been much larger and more positive than I could have imagined. There's nothing else in the works at the moment, but I'm definitely open to doing more things like that if it's the right project. ...

    Q: When will Valve release a video game that is also a full musical comedy?

    A: Yes please. That would be a great deal of fun to do, whether or not it was any fun to play. I'll put you in touch with Gabe and you can insist that he make it happen.
  3. strange answer on wireless by SEAL · · Score: 3, Interesting

    Q: Is there any benefit to password protecting your home Wifi network? I have IT friends that say the only real benefit is that multiple users can slow down the connection, but they state that there is no security reason. Is this correct?

    A: I run an open wireless network at home. There's no password, and there's no encryption. Honestly, I think it's just polite. Why should I care if someone on the block steals wireless access from me? When my wireless router broke last month, I used a neighbor's access until I replaced it. That answer is so bad it almost sounds like sarcasm. Given how easy it is to sniff sensitive data from an unencrypted wireless network, I can't imagine Bruce would allow it unless he segments his network or wires up his own PC.
    1. Re:strange answer on wireless by someone300 · · Score: 5, Interesting

      I personally use an open wireless network. I trust my open wireless network as much as I trust my ISP and unsecure wired network, and all sensitive data that I throw around internally is securely encrypted or otherwise done through a secure tunnel. If I need to put a password I care about into a HTTP site, and I want to minimize risk, I just use my proxy, which is directly and securely* wired into the switch. Generally, if you have a large wired network, you need to make the assumption that any piece of cable not in a secure room could be spliced and packets logged.

      Of course, considering a large amount of web traffic is HTTP when it should be HTTPS, and certain operating systems expose services onto the network which they probably shouldnt, it's probably a bit irresponsible to suggest that home users leave their stuff unencrypted. Personally, the reason I run an open AP is because open APs have helped me in the past. There's a form of QoS to stop people abusing and give priority to certain computers on my network.

      * Considering it's a house, 'secure' means it's in a locked cupboard ;)

  4. His Password Comment by OldSoldier · · Score: 3, Interesting

    I choose the same password for all low-security applications. There are [also?] several Web sites where I pay for access, and I have the same password for all of them. Has there been any survey of how various systems store passwords? Schneier's policy above is very similar to mine, and I was surprised recently when my Sprint password, which I thought was "secure" was plainly visible to the customer service clerk at my local Sprint store!

    Specifically I do not care how my low-security passwords are stored. But for my high security passwords, I would like them all to be stored in a unix-like way, namely only cyphertext is stored and it's impossible for anyone to know what that password is. Sure they may be able to change it on my behalf, but can they tell what it is? No!

    I've had this concern for quite a while now and I'm surprised that I haven't found a security certified label that addresses this concern. Sure there are other labels like http://www.truste.org/ or "Verisign Secured", but where's there one that tells me my user-password is stored in a "unix-like" manner?