Archive for the 'Books' Category


Starfish and the Spider

Based on a recommendation from Gunnar, I read The Starfish and the Spider by Ori Brafman and Rod Beckstrom. I spent all but the last couple chapters wishing that I were not reading it, but in the end it was worth it.

For most of the book, the core message is, “Look! Decentralized organizations that work!” Spiders die, starfish regenerate. Based on the reaction of the few intrigued people I talked to about the book, I’m sure this is a revelation to many, but since I’ve been interested in decentralized organizations since, oh, forever, this observation alone isn’t all that compelling. Certainly not enough to build an entire book around. They provide decent examples — the Apaches, Alcoholics Anonymous, Wikipedia (of course), Burning Man, P2P filesharing — but not a terribly nuanced examination of why decentralization works, or in what scenarios it can be successfully applied, or where it doesn’t work well.

Or so I thought. As I explained the book to my mother (one of the aforementioned intrigued people) I realized that they had provided an interesting analysis of factors that help decentralized organizations succeed in the face of increasingly centralized opposition. When facing a decentralized threat, whether it’s file sharing, terrorist cells, or botnets, one would do well to pay attention to the failures of centralized models. Becoming more centralized tends not to work.

I was surprised to find no mention of Dee Hock, Visa, and chaordic organizations, but that might stretch beyond the narrow confines of the authors’ intent.

In the final chapters, Brafman and Beckstrom at least begin to explore what I had hoped would be the meat of the book: merging decentralized organizational models with centralized ones. Or rather, using decentralized structures within a centralized organization. As with the rest of the book, there’s a rapid-fire series of examples, and a longer exploration of how this plays out in one company (GM). These are just a couple chapters in a short, easily read book, so I’m still a little disappointed by the depth of the analysis. But if you’ve got yourself a bus ride, you could do worse than to spend a little of that time in the last third of this book. If you are completely puzzed by the very idea of decentralized organizations, then you should definitely read it.

Now I’m working my way through the rest of Gunnar’s recommendations.


So I don’t have a masterpiece nearby

It took me a few days to notice that Tim tagged me. I am supposed to “Pick up your nearest book and go to page 123. Find the fifth sentence, and post on your blog the next three sentences. Acknowledge who tagged you, and then tag five more people.”

There are two books equidistant from my chair — and as it turns out, the same would be true were I at home or work: the second edition of Ross Anderson’s classic Security Engineering, and Adam Shostack and Andrew Stewart’s The New School of Information Security. I’ll choose the latter because it isn’t so damn big and doesn’t hurt my arm so much to pick it up.

Most children who go missing do so in custody disputes and are taken by someone they know and trust. The advice to “never talk to strangers” doesn’t address the main cause of children going missing, and it puts them at risk when they become lost. In 2005, 11-year-old Brennan Hawkins got lost in the Utah mountains.

I don’t want to leave the next sentence off because it’s a good point: “For four days, he avoided searchers because he was afraid to talk to strangers.”

Shostack’s book announcement gives a good overview of the book, and Gary McGraw’s recent interview with him on the Silver Bullet Security Podcast should give you a better idea of where they’re coming from.

I’m not going tag five more people. Just cuz.

Books, Gaming, Security, Virtual Worlds

Exploiting Online Games

I have been eyeing Gary McGraw and Greg Hoglund’s new book, Exploiting Online Games, for a while now, probably since before it was published. Seems like a no-brainer considering my recent tinkering. But I haven’t bought the book, partly because I’m buying nothing new, partly because I’ve got a stack of other books to get through.

McGraw’s recent appearance on Phil Windley’s Technometria podcast has really got me itching to get this book. Not only do they discuss why criminal abuse of online games has been on the rise in recent years (there is so much money to be had!), but explains why one might care even if games hold no interest:

If you look at online games, they have architectures which are very similar to the ones everybody’s all excited about, with SOA, and Web 2.0, and Software as a Service, where you have sort of a fat client model connected to a central server. And the security lessons that we have to take from online games are *huge*. It turns out that the kinds of attacks, the kinds of problems, the kinds of mistakes that developers make, and the kinds of exploits that those can lead to are already present in the online game world, and so we can get a real peek into the future as far as SOA and Web 2.0 systems go now.

Books, Personal

Legal Lit Crit

In the five years between graduating from high school and starting college, I spent a great deal of time immersed in literary theory and criticism. How else was I going to spend all those late nights drinking coffee in dark, smoky coffee houses? Once at college and on my way toward a French degree, I continued to read and work deeply in lit crit. But it began to wear on me. A couple years in, by the time I reached a point where coursework had us diving headfirst into literary theory instead of just dipping our toes, by the time when it became the focus of the program, I had had enough. It had all become just so much BS.

Still is.

Sometimes, though, sometimes, it’s fun to read something like this: “Harry Potter and the Unforgivable Curses: Norm-formation, Inconsistency, and the Rule of Law in the Wizarding World.”

Books, Open Source, RIA

More on RIAs and a Silverlight book

With all my talk about Flex and AIR the other day, I’m surprised no one pinged me — hard — about other RIA options. Like OpenLaszlo, Silverlight, or even JavaFX.

Admittedly, I am curious about OpenLaszlo, especially since they started compiling both to Ajax and Flash. But I’ve never given them a fair shake. I’m not sure why, except a sneaking suspicion that they wouldn’t be around for long. That hasn’t proven to be the case thus, although we haven’t yet seen the shake-out from the open-sourcing of the Flex SDK yet. But again, that could just be me being unfair.

I’m waiting to see what happens with JavaFX. The client-side Java experience has been improving in recent years, and I expect JavaFX to help quite a bit. Once I sort out just what the hell it is. :) There’s a lot that fits under the JavaFX umbrella. I think the consumer JRE will quietly make people’s Java experience better, and I do have high hopes for JavaFX Script making client GUI development easier. But they’re nervous high hopes, like it won’t take long for the bottom to fall out.

cover of Silverlight bookSilverlight… Again, haven’t given a fair shake because I don’t develop in a Microsoft environment. The runtime may eventually become ubiquitous on Windows, but … well, I’ll just wait this one out and see. It’s like Mono: I’d like to look closer at it but just plain don’t have the time and am not motivated to make the time right now.

That said, I have every intention of reading a new e-book on Silverlight 1.1. O’Reilly’s “short cut” on LINQ was a great introduction, giving me a good feel for what can be done with LINQ. I hope the Silverlight book do be the same.

Books, Design, Open Source

Blender Book

There’s a Blender book! It’s published by No Starch, no less. Good people.

I haven’t done much with Blender, but I’ve been slowly moving toward doing so — more on that later, hopefully — so I am excited to see the book.

Blender is professional grade open source 3D content creation software. Perhaps you’ve seen Elephant’s Dream? Done with Blender. (Haven’t seen it? Do.) And the mark of professional grade software? A steep learning curve. :-) I doubt very much that I’ll ever have reason to become expert, but should I myself thrashing around in Blender not knowing what the heck I’m doing, the book will be welcome.

Books, Personal

What I’m Reading

One of the things I liked most about being a student was all the required reading. I usually picked my classes based largely on their reading lists. But it’s not like I have any shortage even when I’m not in school. This is what’s in my reading queue right now, keeping me busy:

  • Tutorial and spec for Scala. At this point, this is mostly so I can work with the lift framework, but I am very interested in Scala, too, as a language.
  • I’ll be reading the Erlang book shortly after it’s published in July.
  • Java Concurrency in Practice. I’m almost afraid to dive into this in much detail, but I really do need to understand concurrency better. With multi-core machines becoming the norm, concurrency is going to be important. This is half of why I want to learn Erlang and most of what still interests me in Java. First, though, I need to review the relevant sections in Thinking in Java.
  • Java Generics and Collections. Because it’s just incumbent on me to understand these as well as I can. The book has come highly recommended.
  • Kiara‘s book. She’s made changes to the manuscript and I need to get caught up.
  • The Myths of Innovation, Scott Berkun‘s latest book. I very much enjoyed his book on project management so this was pretty much a no-brainer.
  • The Ruby Way. I certainly need to know Ruby better
  • Several papers from Burton Group, mostly around the topics of software development methodologies and digital identity.
  • Security Metrics. Gunnar recommended this, and I figure: hey, security? Metrics? I’m on board.
  • Cross-Site Scripting Attacks, a long-awaited book from the likes of Jeremiah Grossman and RSnake.
  • Speaking of Faith. I love the radio show and have been looking forward to the book. I’m listenting to this on CD, which you might think I’m doing because I like Krista Tippett’s voice, but the real reason is that the printed book wasn’t available at the library.
  • Kim Stanley Robinson’s trilogy on global climate change.
  • Ray Kurzweil, The Singularity is Near. Al Essa‘s been bringing this one up a lot lately and I thought it was about time I read it.
  • Garth Nix’s Keys to the Kingdom series. Have I mentioned before that I’m a sucker for pre-teen fiction? No? Oh. I think it’s because I never read it when I was a pre-teen.

Books, Programming

Erlang book coming

In a conversation on the Agile Toolkit Podcast, Dave Thomas mentioned that the Pragmatic Programmers are publishing a book on Erlang. I’m fairly certain he said it was due this summer but I can’t be bothered to check, sorry.

This is good news! The next month or so are really busy for me, working on a couple presentations and a side project or two, and after that I’ll be digging into Scala in a big way, but then I do want to look into Erlang. Why? Concurrency. It just plain fascinates me. I also happen to believe that it will be increasingly important in the coming years, especially with multi-core systems turning up on everyone’s desk or lap. But mostly I’m just interested. Java Concurrency in Practice is staring at me from the bookshelf, I should probably crack that open.

Ah, so little time…

Update: the book has been released in beta.