Shostack + Friends Blog


Books Worth Your Time (Q4)

Just what the title says...


  • The Huawei and Snowden Questions, by Olav Lysne is a deep dive into what happens when an untrusted vendor builds your trusted computing base, and more importantly, why a great many of the "obvious" ways to address those risks are subject to easy work-arounds. This is unhappy news for Huawei, but more importantly, as cyber is now treated as a "fifth domain" and there are no norms of conflict, bad news for technology in general. It's bad news for the makers of important technology, who are now subject to attacks by nation states. It's bad news for people and businesses who rely on technology, who are going to be subject to seeing their tax software hacked to distribute malware, as happened in Ukraine and led to NotPetya. It's bad news for people who want to be able to control their computer, because these attacks are leading vendors to lock down even their traditional operating systems, as Jonathan Zittrain predicted in his 2008 book, The Future of the Internet--And How to Stop It.
  • Cult of the Dead Cow, Joseph Menn. A very solid look at the early days of the hacking scene. I had not thought about how different the "make money in cyber" world is from when I got started, reading textfiles. To me, it's always been normal to think about the ethical implications of what we do and how we do it in cyber and in privacy. A good deal of that is because of the world which the cDc helped to build. I'll probably have a fuller review, but this is worth your time and consideration.


  • Taming the Sun, by Varun Sivaram is a big sweeping overview of "Innovations to Harnass Solar Energy and Power the Planet." It's generally quite good and covers technology, finance, regulation, and sets the scene very nicely. Sometimes degenerates into academic literature review, for example in discussion of perovskite photovoltaics.
  • Endurance by Scott Kelly is a great autobiography, and a great story of the space program. Full of fascinating little details like no one was willing to suggest the "twin study" until he did.
  • The White Box Essays, Jeremy Holcomb. How to design games. If you're a game designer, or thinking of publishing a game, you need to read this book. If you want to see how to write a concise instruction manual for a complex project, you should read this book. My Longer review.
  • Meeples Together, Christopher Allen & Shannon Appelcline. The first analysis of cooperative game mechanics. I think that cooperation is incredibly important in making games with a purpose (aka serious games, teaching games.). Having a book that collects the games, summarizes them, and draws lessons from them is an important step forward for the genre, and thus for us as game designers. They also have a blog.
  • Report on the Investigation in the 2016 Presidential Election, Robert Mueller. If you haven't read this, you might be confused as to why someone can say "no collusion." (It's because collusion is not a legal term, and so Mueller and his team do not attempt to reach a conclusion.). Reminder, here are the 34 people and three companies indicted as a result of the investigation, including the President's National Security Advisor and Campaign Chairman.


  • A Memory Called Empire, Arkady Martine. Interesting hard SF about an ambassador from a culture that has memory recording devices.
  • Space Opera, Catherynne M. Valente. Tremendously fun Douglas Adams style romp of the Galatic Eurovision contest.