Book review: Daemon

A couple of weeks ago I got an interesting email out of the blue. My correspondent, Leinad Zeraus, wrote to say he has written a novel that Dæmon News readers might be interested in, and would I care to review the book? He included a short capsule of the plot, roughly the same as the back-cover blurb. I was intrigued, but so far I've not found most techno-thrillers all that interesting. Most pivot around some relatively trivial point the author somehow thinks is a big idea, and the actual writing is often not that great.

I'm happy to say this book suffers from neither of these failings; Zeraus' writing is refreshingly good. I read mysteries and history recreationally, and Zeraus has accomplished a feat I've not seen to date in a novel written by a technologist: he creates characters I care about. He also manages to come up with a couple of quotes worth keeping at hand, a sign of a truly good author. My favorite, which was immediately added to the quip database in Bugzilla at work:

Her new boss was an undead automaton from Hell, true, but no job was perfect.

Zeraus patiently develops several related characters that I came to like and loathe while keeping up the pace of the story. We learn who these characters are as the story unfolds, without any of the long biographical asides that seem to plague many techno thrillers. The author treats these characters in a very even-handed manner, offering their fears and motivations without forcing judgement on the characters. This is first rate story telling, especially for a first novel.

The technology is also first rate, plausible and predictable, timed in the very near future. The technologies he brings to bear in the novel are tools that are being developed right now to spam us and control our lives in ways we can only begin to fathom. Zeraus presents these technologies in a way that is understandable and frightening, though my greater fear is that the same toys will be employed against us daily by a far less organized but no less insidious onslaught of amoral marketeers and vendors.

I read this novel only a week after having finished Michael Crichton's Prey, so I was already in the "Frankenstein creates monster which then proceeds to eat him" headspace, where this novel is firmly planted. I enjoyed the story and I actually agree with the observations on society and technology espoused by the main protagonist in the story, Matthew Sobol, who ironically is dead when the story begins. If Bill Joy had been a game designer rather than just the author of an oddly popular text editor, he might actually be Sobol.

I don't agree with Sobol's proposed "solution" to the problem, but it does make for page-turning reading. The success and drive of the cast of misfits recruited by Sobol is somewhat incredulous. We call people misfits because they just don't fit anywhere, they can't or won't take direction, are unable to work towards goals regardless of the goals or the rewards offered, and are just too likely to act randomly to count on. Zeraus presents this crew as outsiders who have been mis-typed as misfits by society, but I don't buy the idea of society being redeemed by this cast of hooligans.

Now if we could just combine Zeraus' technical insight with Crichton's ability to understand the limitless lack of foresight in humanity, and especially with the priests of the technology religion, we'd have the perfect techno-thriller. Right now, we have Daemon available to us, and it is a fine, entertaining read.

Death (blessed relief!) and Taxes

Last night as I walked in the house, my daughter was watching President Clinton shilling for a proposed tax on "energy company" profits here in California. We watched Mr. ex-President explain all the glowing things this tax was going to do for us, including freeing us from the need for foreign oil, and my smart daughter asked if I was going to vote for this proposition. Hmmm.

Aside from being a great teaching opportunity, and from being proud that my 10-year-old actually took an interest in something in the world other than dolls or video games, it was a great opportunity to review whether this proposition was worthwhile or not. I'm not opposed to whacking the cretins that run the "energy" companies in the USA, hoarding billions of dollars of assets that should be returned to the people somehow, but does this proposition actually do any of that?

This happened just before dinner, so I only had a few minutes to explain to Bailey why I think this proposition, like every other tax proposition on the crowded California ballot, is a bad idea. We got out the voter information bulletin we received in the mail a week ago and I showed her the page where the pros and cons of this proposition were outlined in gory detail. She didn't understand a few of the words, so it was a vocabulary building lesson as well. When we got done, she was unable to make up her mind, and understood the process of getting both sides of the story a little better.

So how do I feel about Prop 87, and Prop 86, the "Tax the Smokers 'til they Quit" tax, and the other taxes on the ballot? Fine, so long as they don't establish yet another state beauracry full of handle-hangers or give my hard-earned dollars away to yet another special interest. Guess what? Both of these propositions are full of corporate hand-outs, new state offices of wasting tax dollars, and questionable grant funds with no performance targets.

No thanks.

School (in)security

A few days ago, a colleague accused me of being a "computer security expert" in a group of people. He was a little surprised when I bristled at that description, and less than amused when I described the average "computer security expert" as a charlatans, as he thought he was paying me a compliment.

I explained to him that most "computer security experts" in my experience know little about computers and nothing about security, but rather have just attended classes and tested their way to certifications designed to boost their resume but not their job performance. The ensuing discussion about what "secure" really means took an immediate turn away from computers.

A few weeks ago my daughter's school sent her home with a packet of fund-raising materials. She was to around to my friends and colleagues (since her friends parents all got the same packet from their kids) and sell holiday wrapping paper, chocolates, etc. to raise funds for the school. The children were baited with various prize rewards based on their sales volume. She picked up nearly $500 in sales in two afternoons, and had roughly $300 in cash in her envelope on the appointed day to return the orders to the school.

Rounding down to $100 per student for arguments sake, consider this: the school has more than 900 students. Is their security system adequate to protect $90,000 in cash?

My colleague reacted strongly to this statement, he has two children in the same school. He had not considered the ramifications of collecting large amounts of money in an insecure location with a large group of children, especially his children, and was surprised I had. That's when I got to pull the punch line: there is no such thing as computer security, there is simply security as it applies to computing.

No amount of training in computing techniques, code walkthroughs, design methodologies, or security APIs is ever going to make you a security expert. Security isn't even about the technology, it is about how a system interfaces to the world around it and how these interfaces might be abused by miscreants.

In actual fact, I've spent too much of my life implementing and later designing computer systems to really be effective as a "computer security expert." The real experts are the (former) miscreants now working on the side of angels; those who have the ability and mindset to probe the weaknesses in a system and then report them to the originators so they can fix the system, rather than exploiting these weaknesses for their own amusement or personal profit. I am awed by these geniuses.

That said, I'll probably still pull the "computer security expert" card when I visit with the school Principal to discuss his endangering the life of my child.