"Security Engineering" Is Now Online 103
An anonymous reader writes "Ross Anderson, author of 'Security Engineering', notifies in a message to comp.risks that he just got permission from Wiley to let anyone download the full content of his book for free. This is one of the best books on computer security and it is used as textbook in many University courses (I teach two of them)."
Slashdotted (Score:1, Insightful)
Why isn't there a tarball of all the PDFs?
Re:Password Changing (Score:4, Insightful)
The best thing to do is to change your password anytime there is a good chance that someone who should not know it does know it. That includes an employee leaving, evidence of an unauthorized access that could have been attained by having the password (possibly discovered by brute force or by other methods), theft of the business card you wrote it down on, etc. But it does not include the mere possibility that someone could guess it - changing the password has no real bearing on their chances of guessing correctly, unless it was something insanely simple before and changed to something reasonable.
Re:Backwards System (Score:5, Insightful)
I just don't get the 'cut the middleman' mentality. What exactly do you think the publishers aren't contributing that the authors could do themselves? Are you expecting authors to employ and manage editors, designers, printers, pr and marketing people, advertisers, a nation-wide system of sales reps, sales managers, shipping companies, and so on? Or are you suggesting that these roles aren't necessary? That's the same thing as saying that books should only be digital from here on out. The attitide that the authors should 'just get a loan' to fund these activities is hogwash since the only people who could get a loan of that magnitude for an unpublished manuscript are already established authors, and even then it would be iffy. Then people suggest that authors should just publish online and screw printed materials, but for most applications like textbooks that doesn't really work for the consumer--wouldn't you rather just have a book than having to print it out yourself, which could easily cost as much in ink and paper as a bound book would, while being more irritating? Also, e-book technology still sucks. Besides, the author would still need to employ the editing, pr, marketing & advertising people anyway, because if you don't know about a book, why would you buy it? The fact is, people happily pay for advertising because the return on investment is huge.
Wouldn't it be great if there was a company that had the capital to invest like a bank, but also the expertise to cull the few good manuscripts from the staggering pile of crappy ones, then print and market and distribute these works? Wait, that would be a publisher.
I acknowledge that in some specific cases self-publishing directly to the internet might be a good business plan. But to suggest that we abandon dead trees in most cases misunderstands the market. You said it yourself, "...if they don't get it into print, it can't be used in a classroom setting." Sure, good chunks of fat could be trimmed from the publishing world, but name one industry where this isn't true? I just think that the 'middle man' is necessary to the process.
Sorry, OP. I realize that most of my rant doesn't even apply to your main points. I just don't think the middle man is all that useless in most cases.
Can we change the roles a bit? (Score:3, Insightful)
For me, the "cut the middleman" mentality is because the middleman is not serving my interests nor the author's.
I cannot buy the books I want because the middleman owns the book and refuses to publish it anymore.
I cannot buy the book from the author because the author doesn't have the rights to sell it to me.
How about the middleman actually behave like a middleman?
Sell me anything I want to buy that you have purchased the rights to. Otherwise, get out of the way of my dealing directly with the author. Don't try to increase your profits by constructing an artificial choke-point between the producer and the purchaser.
Re:Two questions (Score:3, Insightful)
Re:Backwards System (Score:5, Insightful)
1) The ethical (not legal - the contracts settle that) question up until this point has been whether the publishing company has a right to restrict distribution through other channels. It's not a hard case to make on the publishers' side: Until recently, there was little reason to expect that free distribution would make print sales go up, and the data on that remain unclear. So, as a publisher, why wouldn't you want to resist other distribution models?
2) If I read TFA properly, it appears that the text being distributed is the text that was edited, copy edited, etc. by Wiley. As far as I'm concerned, that gives Wiley just as much moral claim to the work as the author. People underestimate the amount of time and effort that goes into the editing process. Writers, by and large, are not good writers. So why should they always retain copyrights?
Disclaimer: I've edited for a newspaper in the past, and I'm currently an editor for an undergraduate journal, so I'm pretty obviously biased against authors-above-all types. Mod appropriately.
You got it. Change the circumstances. (Score:4, Insightful)
#2. Change the login process to lock out the account for 15 minutes after 3 failed login attempts. That way, less random passwords can be used (and easily remembered). As long as there is a real person monitoring the logs and watching for attacks so that action can be taken.
#3. If it is something that can be cracked off-line (secret message), store the really long password on a USB key or something. Then put that key in your wallet (#1).
A single approach is NOT sufficient for every scenario.
Re:Can we change the roles a bit? (Score:2, Insightful)
Re:Password Changing (Score:3, Insightful)
5) Someone gets a copy of your password file (or SAM or wherever your hashed passwords are kept). If you change your passwords occasionally then they only have a limited time to run brute force methods against the file. Once you change your passwords you are safe again. Don't change your passwords and eventually they will own your entire organization. You won't even know it happened until it's too late. It's a less likely scenario these days but it is still a valid attack vector. Once that file gets out ONLY changing your passwords will help.
Re:Password Changing (Score:1, Insightful)
If someone physically steals my credit card, I will know very quickly. If someone steals the number, I will know soon. In both cases, I have a reasonable, known response.
If someone steals my password from my wallet, I might not ever know, and what is my reasonable, known response?
That's Some Nice Namecalling (Score:1, Insightful)
Look man, it's capitalism that drives the men to charge money for doing nothing. I'm not an idealist either way and enjoy many benefits from capitalism. It's just strange how much capitalism hurts academia. In intellectual property, publishing and copywriting everything. Literally everything.
Please argue with me next time instead of just calling names. Sheesh. Nope, not at all. Whatever gave you that idea? The drive for money (especially in a case like this) is one of the downfalls of capitalism. It's sad the author had to argue to get his book online. How many other authors must have the same ailments with a desire only to help people?! So that's where you learn to deal so smoothly with people you don't know?
Your friend in Linux but enemy in publishing,
eldavojohn