Alexey Smirnov's blog

Aidan Chopra. Google SketchUp® 7 For Dummies®. For Dummies, 2009.
41 Amazon ratings!

Even though Sketchup is quite an intuitive tool to use the book is a means to summarize the knowledge. For Dummies is a great series and this book is no exception.

Part 1 of the book describes what Sketchup is for. It is written for people who have not heard of Sketchup and therefore I decided to skip it.

Part 2 is called Modelling in Sketchup and it starts with explaining how to build a house. I like Dummies series because it is very practically oriented. I did not have to read how to draw a box or a circle, the stuff that most people will manage to learn on their own.

Modeling buildings is what I am interested in. The author of this book also thinks that this is an interesting topic. However, Sketchup can do a whole lot of other things – furniture, cars, trees, you name it. However, a building is a perfect example to demonstrate how to use various Sketchup tools. Indeed, a building has a roof, walls, and staircase. Each component has its tricks.

I think Sketchup is a great program because it has lots of tools. A saying goes Sharpen your tools. I think that Skethcup is on the front edge of innovation in graphic tools. For example, a Push/Pull tool can cut windows and doors in a wall, build a triangular roof, and finalize a staircase. Such a multi-purpose tool but still it is quite intuitive when you start to use it. Another tool called Follow Me combines the functionality of 2-3 tools in traditional CAD frameworks. It allows to extend an arbitrary shape along an arbitrary curve, thus making it possible to build a vase, a sphere, or a staircase.

Here are examples of what I could create immediately after reading the book. These complex shapes take only a couple of clicks to build with Sketchup tools.

Chapter 8 describes how to use photographs to facilitate creating of building models. An indispensable stuff if you want to model your very own house. Within hours from taking the book in your hands you will have a draft 3D model of your beloved mansion!

In Part 3 the author describes additional unexpected capabilities of Sketchup. It turns out that it supports multiple styles. Even though Sketchup offers non-photorealistic rendering (NPR) only, still there are lots of options from wireframe, to shaded faces, to NPR. Btw., it is possible to obtain a photograph-quality imaging from Sketchup using plugins (written in Ruby) and 3rd party tools.

Using Google Earth inside Sketchup makes it possible to geo-locate your building and watch it under various lighting conditions – at sunrise, at noon, or at glorious sunset. The building will cast appropriate shadows so you can decide where you want to plant your garden.

Chapter 10 describes how to browse buildings as in first-person game. You can even climb the stairs and walk round the corners smoothly.

In the remaining two parts the book describes how to share your model with the community as well as what the community has to offer. There are lots of cool tutorials out there. One of the great resources are the YouTube videos that the author of the book Aidan Chopra shot as compliment to the book. They are available here. Each video is quite short. Obviously, when I discovered the book I watched the videos first and then began reading the book. Overall, it a very enjoyable learning experience!

Beautiful security, 1st edition. By Andy Oram and John Viega. OReilly Media Inc, 2009.

I have read another security book which a notable security expert John Viega has co-edited (the previous one is The Myths of Security). This book offers a comprehensive analysis of the today’s security, its problems and offers ideas for improvement. A number of people have contributed toward this book which makes it a lot of fun to read. Each chapter is written in its special style. This book is a potpurri of security topics.

In Chapter 1 the book mentions a number of reasons why security is so difficult to adopt in modern software lifecycle. The reasons are: learned helplessness, naivete, confirmation traps, and functional fixation. Examples are probided for each problem. It turns out that Microsoft has messed up a great deal with its network authentication protocols trying to preserve backward compatibility. As a result, an improved version of the network protocol was still carrying the features of the previous weaker version and the improvement was therefore nullified. Another great example was when a company which was undergoing security audit has successfuly exploited vulnerabilities in the scanner that the auditor was using. This way they were able to demonstrate that the auditor was not competent enough to audit their organization.

Chapter 2 is dedicated to the wireless networks. The books describes how easy it is now to earn money through faked wireless networks in public areas such as airports. Also wireless networks are very dangerous in corporate world because employees tend to use their personal unprotected wireless-enabled devices to access the intranet which opens lots of possibilities to road warriors. Shocking stuff which makes you think why are we still using wireless.

Chapter 4 sheds light on the underground security economy. This includes prices typically offered for producers of malware and owners of botnets. It is so detailed that it makes me wonder how the author got all this information himself.

Chapter 5 raises a well know problem of using credit cards in the Internet and the dangers of privacy breaches. A new scheme for Internet commerce is proposed. Its corner stone is the idea of using virtual or one-time credit card numbers. This idea has already been implemented in few banks but many users are either unaware of it or don’t consider it a threat big enough to sustain the overhead that it imposes (need to log in to the banking site to generate one-time number every time you make a purchase on the Internet). Obviously, one the biggest challenges that the community needs to address is removing this overhead.

Chapter 6 deals with online advertising. I never thought that it is such a battlefield for both white hats and bad guys! Everybody has heard of click fraud when advertising agency is the victim. What is surprising is that there are lots of malicious advertising agencies which employ a number of forms cheating, for example placing ads on top of each other with different z-values or displaying your ad only few seconds and then replacing it with another ad (indeed, your agreement probably does not mention how long the ad will stay visible because you think that it is as long as the user stays on the page) and so on. Then the book mentions several forms of online advertising: pay per view, per click, and per transaction (the last one means that the user has to buy something before advertiser pays to the agency). Even the most secure form pay per transaction is vulnerable to realistic attacks when a gang of malicious buyers buys things only to return them immediately to the shop! I could never imaging that this was possible but the book claims that the number of buying gangs is growing.

Chapter 7 – great overview of history of PGP and web of trust (I am running out of space to go into greater detail).

Chapter 8 – honeyclient. The book claims that client exploits are more dangerous than server-side because it takes longer to fix the former. Honeyclient was an academic idea which has grown into a useful product! It employs a number of virtual machines running unprotected Windows and visits various suspicious sites. When a change in the state of OS is detected (registry, file system) an alert is triggered.

Chapter 9 – new ideas for security industry. Mentions the need for better cooperation using social networking.

Chapter 10 explains how to integrate security into developing practices. Every stage of the process needs to incorporate security. A common mistake is to address only one stage, for example development and then expect overall improvement – not necessarily the case. Microsoft spent its 2 billion dollars not only running a source code analyzer on Windows but rather re-engineering the whole development cycle.

All right, lets skip a few chapters…

Chapter 13 explains the importance of logging and provides one real-life example of how an FTP server was hijacked. I was surprised to find out that many large organizations are still using FTP servers with a world-writable incoming directory. This opens them to bad guys who use such servers as illegal file shares. Only thorough logging can detect such uses. How do we sift through millions of log records?

Chapter 14 claims that the detection rate of modern IDS is only 32%. What a shocking number! This is due to limitation of signature-based approaches. A better idea is to use behavior-based methods which requires taking context into account to separate false negatives and false positives. For example, if a mail server makes 100 outgoing connections is it an indication of its being owned? Is it sending spam as a zombie? If yes, we need to stop the server immediately. If no, stopping it could disrupt the functioning of a large enterprise. What are normal activities of a mail server, a file server, etc? Machine learning algorithms are becoming useful.

Chapter 15 presents a new framework for secure databases. However, it is not based on encrypting tables using DBMS facilities. Instead, the data translucency approach stores encrypted versions of sensitive data such as user names. The key is generated from user name and password which makes it possible to identify the data belonging to a particular user. But the database still operates on the encrypted data.

Finally, Chapter 16 describes a framework for desktop security based on machine learning, snapshotting, and fast reboots. I recall that several years ago this idea was published in a paper from Stanford University researchers (Armando Fox).

As I am trying educate myself in the area of web technology I have read a book called Adding Ajax which title is self-explanatory. It is interesting that this book has only 4 reviews on Amazon, that’s the total number of reviews people have written, not book’s rating. This means that this book did not receive proper attention. However, I think it is a very interesting book even nowadays despite the fact that it was written in 2007.

Its author Shelly Powers is an active contributor to HTML5 standard, her blog is here. The book describes a number of ways in which Ajax changes the traditional state of the web. However, to start with the author describes what you need to do to prepare yourself for Ajax. I especially like the Start Clean section in which Shelly claims that the default CSS values are not necessarily good. For example, link underlining in a-tag is not always a good idea. I have heard this concept of starting from a clean sheet a number of times, so it is probably a good idea to zero out the default CSS values which I never did.

Also in the first chapter the author introduces the notion of Progressive enhancement, a web development methodology. Basically it says that the web site should work in various environments, even in the simplest. The idea is to make sure that your web site is still accessible on various devices after adding new features to it. The author stresses the concept of accessibility throughout the book. Indeed, web is an open platform for everybody – people in developing world, people with disabilities, etc.

Then there is a chapter on various web frameworks. The author explains the tradeoffs associated with using them. Obviously, a web framework often includes features you don’t need and that increases the loading time of your page, an important issue for people with slower connections. Among the frameworks, Prototype offers the best value. Its goal is to provide a cross-browser layer while staying quite minimal in size.

In Chapter 4 the book describes interactive effects that Ajax allows to add, for example instant previews, fade ins and outs, etc. Then it describes the widgets that Ajax allows one to use: accordion, tabs, overlays. After that, the book deals with more complex issues such as in-place editing and live validation which requires interacting with a server. Besides home-grown solutions that book mentions a variety of web frameworks and tools, for example JotForm – a nice framework for building forms and putting them on your web site. This is the kind of tool I need. I want to place a feedback form on my web site to make it possible for the visitors to drop me a line without having to write me an e-mail but this was always a low priority task and I never made it happen. JotForm will make my life a lot easier.

A special chapter is dedicated to advanced effects such as using Ajax with SVG. Finally, the author explains how to build mashups using web APIs. In this chapter the author explains the tradeoffs of using client-side and server-side mashups and explains how to implement a mashup in a non-scripting environment. Despite the fact that this is a book on Ajax the case in which Javascript is disabled is also dealt with. The reason is that many people prefer to browse unfamiliar sites without Javascript, the author claims.

Despite all its gorgeous content the book has drawbacks. The main disadvantage is that it is a bit hackish in nature. For example, there are well defined Javascript design patterns which the book does not mention. Instead, it offers its solutions as functions or snippets of code that the web developers are supposed to paste wherever appropriate. If next editions of the book are to appear it needs to take an object-oriented approach to all the beauty that it has developed.

Last but not least, this is the post number 300 in my blog! An important milestone has been reached! This is the day I have been thinking of for a long time, I was trying to imagine what would I write as a post number 300. I guess a review of a book on web design is a topic worth discussing in such an important post, it conveys a symbolic meaning! Joke.

I have read very useful book on design patters: Ross Harmes; Dustin Diaz Pro JavaScript™ Design Patterns. During daily life programmers use pattern very often without realizing this. But taking a systematic approach toward design patterns definitely helps organize your knowledge.

The book starts with an overview of JavaScript. Even though it is an object-oriented language with many useful features it is quite different from a traditional object-oriented language such as C++. For example there are no built-in mechanisms of inheritance or interfacing, thus for the sake of convenience one needs to emulate those. The book describes several types of Javascript inheritance, in particular the traditional and prototypical inheritance. The former type is most similar to traditional C++ inheritance. However, the programmer has to invoke the constructor of the superclass manually in the derived class. In the latter type of inheritance the programmers define the prototype member variable of a class which is a structure describing the functions and variables the class has. When the class is instantitated the prototype of the superclass is assigned to its prototype, thus the derived class obtains all the features of the superclass.

There is no built-in mechanism of private variables in JavaScript. However, it is possible to emulate it using closures. The introduction is concluded with a brief overview of chaining, a mechanism that allows to modify properties of many DOM elements simultaneously. This notaion is used in popular libraries, for example in jQuery.

After this brief introduction the book explains many design patters in a unified fashion. Each subsequent chapter consists of a description of a pattern, one or many real life examples, and discussion of its benefits and drawbacks. The following patterns are described:

• Singleton - this pattern is used when only one instance of object is necessary, for example in case of page-specific code. Another example is branching to support incompatible browsers. A real life example is creating XHR object.
• Factory is used to implement various kinds of managers. Imagine a complex object that consists of a number of other objects. This pattern is useful if the type of each component is known only at run-time, it makes it easy to replace the parts.
• Bridge - decouples abstraction from its implementation so that they may vary independently.
• Composite - implements a tree-like data structure.
• Facade. This is a convenience method. One usage example is a class that accounts for differences among various browsers.
• Adapter - wrap an existing interface into a new one.
• Decorator - it is possible to use it as class decorator to extend exisitng functionality as well as function decorator, for example to implement a profiler.
• Flyweight allows one to optimize the memory consumption of a class. The idea is to separate the class into intrinsic and extrinsic states. An example is implementation of a tooltip.
• Proxy - two types of proxies exist: remote proxy facilitates access to a remote object, whereas virtual proxy allows to delay the instantiation of a complex object. This gives an impression of big speedup.
• Observer - publish/subscribe architecture. Example implementation: animation.
• Command implements an action which is separated from the object that invokes it. It is possible to use the action with a button or with a menu item.
• Chain of responsibility – allows to implement requests that are passed down a chain of hierachical objects.

I have read another book in the series of New Chronology. This one deals with the history of Russia of XIII century. According to the traditional history Mongols conquered it and imposed a severe tax. However, the authors claim that Russia and Mongols was the same country which population included people living permanently at one location as well as nomads or Tatars.

If Russia and Mongolia was the same country and there was no fighting between them then it was quite a powerful empire because its area exceeded today’s Russia. Thus, it could threaten Europe and even conquer it which the authors claim was indeed the case.

The authors analyze the state seal of Tzar Ivan Grozny. It mentions several areas, for example Perm and Vyatka. However, in XVI century when the State Seal was used these towns simply did not exist yet! What a contradiction in the modern history which was obviously distorted. According to it, Perm and Vyatka at their present locations were only founded in XVII century as small wooden towns. On the State Seal of Ivan IV these towns are depicted as big castles that were conquered with a big effort. Therefore, the State Seal mentions totally different Perm and Vyatka as we understand them nowadays. The authors say that those cities were in fact strongholds of Western Europe. In other words, Romanovs’ historians reflected the map of Europe around a vertical axes going through Moscow to make it seem as if their predecessors were fighting long wars with Siberians. Needless to say, Siberia was not populated during those times at all, stone castles never existed there.

The locations of other cities were also moved when Romanovs’ deposed earlier Russian-Mongol kings. The authors claim that earlier Empire was the center of civilization which owned and connected Europe with Asia using the Silk Way.

Authors make an interesting observation. In Europe only very noble people had silk cloths. In Russia every soldier had a silk shirt. In both cases its purpose was to protect the human from insects as silk is known to repel them.

Russia-Mongolia got enormously rich because of their conquests and trade taxes that they imposed. For example, a 15-20% silver tax was widely used in Russian markets. Europeans brought their big silver coins called talers and received local currency kopeika which was much smaller. Only local currency was allowed in Russia.

This model actually correlates very well with Russian mentality. If you think of Russians as slaves who worked from dawn to dusk to pay the huge Mongolian tax then how would you explain the traditional Russian laziness which is so widespread in Russian fairytales? It is known that Russian people were spending half of their lives lying on their warm stoves. This is because there always was a stable source of income which was the silver tax they received from Europeans.

But after a while Europeans got tired of the ever increasing taxes that Russians demanded and staged a coup to replace Russian-Mongol king with pro-Western Romanovs. This theory looks very plausible.

To summarize, another great history book which sheds light on Russia-Europe relations and explains Russian mentality. It explains lots of historical mysteries as well. The history demystified.

I have read book titled CSS Cookbook which was published in 2006. Even though it is not the neweset book on web technology it is still a very valuable resource. After reading the book I realized that CSS is simple but powerful technology.

Many HTML elements have properties associated with them, for example color, font size, alignment, etc. And so what? It turns out that changing the default values of these properties in a creative fashion allows one to achieve amazing results.

The book is not just a list of those properties but also a degisner’s guide. For example, when describing lists the book explains how to build HTML menus using them. It is possible to use the list in a horizontal orientation, not just vertical. You can see this menu on top of this page. I realized that it is possible to make your web site beautiful with recepies from this book and that it is very simple.

There are many advanved technologies that professional web designers are using, for example Flash. You need to spend lots of time and buy software if you want to develop with Flash. However, I think that CSS can also give interesting results but you can use it just in a text editor. Therefore, CSS gives you better ROI for the time you spend learning this technology.

I was always trying to answer the following question: is it worth spending your time on adding style to your website or plain HTML is just fine? In other words, does improved look and feel attract additional visitors to your web site or please you in any other way? Why do we need to spend time decorating tables and lists when we can spend time in other ways, for example improving search visibility of your web site?

Once I saw a TV program when a menu of a dinner in an exclusive club of 19th century was compared to those dinners in modern exclusive clubs. The results were that a couple of centuries ago people had many more dishes and the dinner was decorated in many other ways. Nowdays peolpe just want to have a quick lunch even at the most exclusive clubs.

Therefore, I think that adding style to your website is like going to gorgeous 19th century when people were spending lots of time on decorating their buildings, their cloths, etc. It is obvious that nowdays people tend to build similar houses all over the planet, whereas earlier each house was a piece of art.

Another comparison is possible. In earlier days Internet was quite an empty place. But the beautiful technology such as CSS is like renaissance in art. We are still admiring its unmatched legacy – the works of Leonardo da Vinci and other great painters.

After watching the performance of Idiot in Espoo theater and concluding that actors do not understand the great Russian writer Dostoevsky I decided to try to explain how I understand Dostoevsky myself. To start with, I think that Espoo theater has done a great job because they at least tried to interpret Dostoevsky even though I think that their interpretation was not correct. With the following explanation I would only like to deepen their interest in studying our culture and Dostoevsky in particular. Basically, they need to read other works that Dostoevsky has written even though they are probably not translated into Finnish.

Dostoevsky is one of the most controversial writers in Russian literature. The following saying of Annensky characterizes him:

Read Dostoevsky. Love Dostoevsky if you can, if you cannot – curse him, but READ and only him if possible.

I got to know Dostoevsky not through his books but through a movie Idiot by Bortko which I saw in 2004 or 2005. At that time my interpretation of Idiot was also limited to the relationship between Myshkin and Nastasya Filipovna. Such a love story with a tragic end. But after reading other works of Dostoevsky, in particular his diary I think there is a deeper interpretation of Idiot.

Dostoevsky saw a deep division between noble Russians and ordinary people. These were opposite classes of our society in the end of 19th century. They were not able to tolerate each other, thus Dostoevsky was predicting revolution long before it happened in 1917. Of course, he blamed noble people for their betrayal of traditional Russian values in favor of modern European values. This has occurred because in the 19th century it became obvious that Russia was far behind Europe in its industrial development. Noble Russians did not want to identify themselves as such because Russian became a synonym of barbarian.

But Dostoevsky was saying that traditional Russian values were good. Those were the values of kindness, love to every human, Christianity. According to Dostoevsky, only ordinary Russian people possessed those qualities because educated Russians were trying to follow Europeans in every aspect of life and despised everything that looked like Russian.

The main point of Dostoevsky Idiot is that there were noble Russians who also admired traditional Russian values which in this case is Prince Myshkin. This is very unusual and controversial, this is why nobody likes him. If you read the complete version of Idiot, not the abbreviated one that was sold in the theater before the performance you will see lots of Idiot’s monologues in which he shares his values. With relation to people he says that everybody is worth forgiveness. During the performance Idiot often talks to Jesus Christ. But Dostoevsky did not mean that. Idiot doesn’t admire Jesus, he probably does not know all this theological stuff because he is an idiot. But he admires every ordinary human, a fallen woman for example, every sinner. He is the bearer of Christian values even though he cannot explain this.

The actor who plays Prince Myshkin should show that he represents Jesus during this performance. He should convey this message to the audience but do not show the image of Christ! Make the audience think of Idiot’s role in this drama. This actor will succeed only if the audience becomes convinced that he is Christ.

With relation to Europe Prince Myshkin says that Russia will surprise Europe. But not with aggression which there was a lot in this performance, but again with love to every human. He thinks of Russia as a more Christian country than Europe. Russian people who have adopted European views do not have those good qualities such as mercy and ability to forgive.

To summarize, the Epanchin family is visually very respectable. They are Europeans in the best sense of this word, very noble people. They would not shout at each other as they did during this performance. They do not drink vodka or smoke. They are very polite. But they despise traditional Russian values. And here comes Idiot, the true bearer of traditional Russian values and Christian values. He brings the joy with him, the universal love to human beings. He is ready to forgive everybody despite that he is a Prince. He behaves like ordinary people – he is joyful and sincere. And this is why Epanchin family hates him. He reminds them of traditional Russian life that they have betrayed.

Information in English: Fomenko, Nosovsky. New chronology.

This is an amazing book that sheds light on the true Russian history. Its main idea is that the official Russian history was created when Romanov dynasty came to power. As usual, it presents its predecessors as total barbarians and claims that they are the only legitimate rulers of the empire. The authors claim that the official history is totally wrong.

Why should one trust the authors of the book who describe such an unusual version of Russian history? To start with, the authors are world-known mathematicians who at least have common sense and posses logical skills. Second, the Soviet history of Russia taught us an important lesson when all the Romanovs’ history was denied and Tzars were described as barbarians. Therefore, Romanovs could have done the same. Finally, the authors unveil lots of contradictions between the official Romanov history and the artifacts of that period, for example widespread usage of arabic languages and muslim worships in Russia.

The authors give one example which explains why we should challenge the official state of history of any country. There was an exhibition of golden artifacts whose age was estimated as more than 2,000 years. The exhibition was held in one of the most respected Russian museums so it is likely that many professionals have evaluated the items on display.

When the authors visited the exhibition they spotted a message. They asked the organizers which language it is written in. The answer was that that is an old forgotten language. But the authors looked carefully at it and realized that it was written in Russian as it was in 17th century! The message was describing the owner of the item. Therefore, an item presumably 2,000 years old was only 400 years old! Would not that change the history of the whole period that the artifact belongs to? Is it reasonable to suspect now that the events of that period were taking place not 2,000 years ago but only 400 years ago?

The book starts with analyzing a well-known Dark Period of Russian history. The authors reconstruct the heritage tree of those Tzars and conclude that Dmitri was a legitimate Tzar and that Romanovs were not legitimate.

Then the authors analyze what happened after Romanovs got to power. There were a number of peasant uprisings. But never ever in Russian history were peasants that well organized to pose a threat to Tzar. In 1917 those were soldiers that suffered a number of defeats in WW1, not peasants. The authors conclude that those guys were soliders as well, but they belonged to a different country that Romanovs were trying to destroy. That other country was Mongolia, the authors claim that before Romanovs become Tzars this was a united Russia-Mongolia country with a capital in Astrahan, nowdays a city in delta of Volga river.

The books describes an enormous amount of work that the authors did with artifacts many of which had arabic messages. Romanov history simply ignores all those artifacts! Indeed, according to the official history Russian Orthodox Christianity was the only religion and Cyrillic was the only language.

The authors claim that Muslim religion as well as Arabic language was one of the state languages in Russia until 17th century. One explanation of this phenomenon is that Russia and Turks were friendly countries, not bloody enemies as Romanov history tries to persuade.

The amazing results that authors achieved using just common sense and logic have changed my attitude toward various kinds of Russian history exhibitions. From now on I will look carefully at every artifact and try to recognize Arabic text in them which I am sure I have seen a lot. It just never ocurred to me that the official history was so misleading.

I am very impressed with this book even if what is says is not totally true. I do believe that a large percentage of what the authors claim is true. This is a book that will change your perception of the official history of Russia as well as many other countries.

John Viega. The Myths of Security: What the Computer Security Industry Doesn’t Want You to Know O’Reilly Media, 2009.

This is a great book for either security specialist or a general computer user. For the former the book gives lots of criticism for the awful state of today’s security, for the latter the book identifies traps which users are likely to fall into and provides help in avoiding them. The book’s biggest achievement is the breadth with which it considers various aspects of security: from anti-virus programs to secure shopping to secure hardware platforms and identifies possible improvements.

The book consists of many small chapters but the gloabl picture is easily visible. Based on his experience as a leading industry security expert, the author makes a proposal on how to improve the state of security. This is call for action for everybody who wants to avoid global security crisis.

The book starts with mentioning Randy Pausch – a professor who was smashing VCRs because of their bad user interfaces. According to the author, most of what security companies have to offer is worth smashing as well. The author says that security companies are responsible for security being treated as inevitable evil that would slow down your computer and print out lots of false alarms.

He explains in greater detail how an anti-virus works. The companies spend most of their time analysing virus samples and writing signatures. This is a tedious process and the value of this intellectual property is rather minimal. The author calls for better cooperation among security companies. Each company has its own signature format. On the Web everybody is using XML to facilitate interoperability. Why cannot the companies agree on a similar signature format?

The author analyses an opposite method of protection which is behavior-based methods. They do not work in the current environment because of false positives. For example, if a program writes garbage to disk it is possible that it decrypts something. Viruses and media players do this alike, their behavior is the same. The author proposes a solution to this problem. In order to decrease the rate of false positives each program needs to get signed. A signature is verified in a repository of good programs. The problem is that users are not cooperating in creating such directories of programs that are verified. If such directories existed then behavior-based anti-virus suite would not raise an alarm for any trusted application.

Therefore, the author believes that the solution to our problems is in a collaborative approach to security or an approach that involves a trusted authority. One real example of a successful implementation of this idea is SiteAdvisor – a program that runs as a plugin in Firefox and checks every web site a user visits against a database of good/bad sites. The rating of a web site depends on analysis that security experts performed earlier but I guess it is possible to use crowed intelligence as well.

Are the companies spending their money wisely? The economics of security is another issue that the author analyses. His conclusion is that 1 billion dollars that Microsoft spent on imrpoving the security of Vista operating system are spent wrongly. One reason is that the author says security training of developers is not worth spending money on because people will forget everything in a couple of months. Instead, give money to the specialized security audit companies whose employees are doing security work for living. Even though their rates are quite high and reach as much as 75 cents per line of code it would cost less than 1 billion to audit Windows.

Finally, the author challenges the state of security in our society. For example, everybody is very concerned with identity theft. But there are so many interesting documents ending up in your garbage that any potential attacker would rather look into your garbage can than attempt to get into your computer.

The state of secure Web is also challenged. The author claims that man-in-the middle attacks are efficient. He says that people are ignoring expired SSL certificates or those issued by a dubious authority. The author calls for a mutual authentication when not only you know that you are talking to a legitimate web site but the site knows who it is talking to as well.

The author blames academia for re-inventing things that industry has been using for a while. He calls for better cooperation between industry and academia.

This book reminds me of a security book of Ross Anderson. However, this book is much more ciritcal and focused on identifying the vulnerabilities and proposing how to fix them. Despite its criticism the book is written with a great wish for a better state of security.

The book begins with an intriguing story of a girl who found a cellphone that was forgotten in a cab and later refused to return it to the owner. It happened in New York in May 2006 and was reported widely on the Internet as well as in New York Times. Surprisingly, I have not noticed this story even though I was living on Long Island at that time. Moreover the house in which I rented a room was receiving New York Times every morning.

Anyway, that story demonstrates the power of Internet crowd. They are powerful enough to change the course of action of government. A mere 10 years ago such things were impossible.

The book is full of such examples. In other chapters it describes the story of Wikipedia and its unsuccessful predecessor Nupedia, the story of Linux, multiple political riots, as well as unusual cases from American life. Thus it is possible to think of this book as a series of case studies. But the author goes beyond that. Being an NYU professor, the author find out what made such things possible.

He discusses multiple historic examples, for example how McCallum have thought of an org chart when he was working at New York & Erie Railroad. Another example is the invention of the printing press. Before that, the books were copied by hand. No matter how many people were doing that the literacy did not spread. It was impossible to teach people to write using book copying. What was needed was a vast increase in the number of books being read – and only after that people began trying to reproduce what they were reading themselves. The invention of printing press increased the literacy significantly.

The author studied the distribution of number of contributions to Wikipedia. It turned out that most people did very few short contributions. For example, many people attempted to start an article but were not competent enough to write the whole thing. Thus they left after writing only an introduction. But such small contributions when accumulated build a solid encyclopedia.

IRC was mentioned as one of the most convenient means of communication but it is probably the hackers’ paradise. But the author mentions an Internet company Meetup almost in every chapter. I have checked out this website. In Helsinki there are fewer than 5 groups with as many as 100 members. Well, Meetup did not take off everywhere in the world. The author describes other companies that his students have developed.

Well written, with lots of examples, thought provoking, this book will entertain IT professionals and non-computer people alike. The book greatly benefits from the fact that the author is a professor and teacher as the clarity and structure of the text is of very high quality. To me it is an invaluable historical evidence of present day changes which people will keep analyzing for a long time.