Nicole Perlroth (2021)

A hugely detailed and deeply researched history of the market for “zero-day: exploits, the faults and technologies underlying computer viruses and ransomware. It’s a hugely complicated and technical field which Perlroth does an amazing job of making accessible to a non-technical audience. (I should probably say here that I teach computer security.)

Most of the book is a real page-turner, deeply embedded with the government agencies, companies, and hackers who compose the zero-day market. It’s scathing of the US’ trying to play both sides of the street, developing and buying zero-days in order to collect intelligence while weakening the security of ordinary users in the process by not informing the software developers of the problems they’ve found. They clearly knew this was dangerous, and even developed a doctrine for us: “NOBUS”, bugs that “no-one but us” would be smart enough to find or develop. This idea goes wrong spectacularly, as other nations realise how cheaply they too can have cyberweapons programmes: ironically they’re encouraged by the deployment of the Stuxnet virus to damage the Iranian nuclear programme. The leaks of the NSA’s zero-day stockpile by the Shadow Brokers – an event that’s somewhat under-explored – and their later use in hacks against US elections, are payback for hubris.

Perlroth is scathing of the Trump presidency’s neglect of cybersecurity and unwillingness to sanction Russia for known attacks – in part because it might cast doubt on Trump’s legitimacy as an elected president, but also seemingly from willful blindness and a mistrust of the professionals (including the military) tasked with protecting US networks. She was writing during the pandemic and before Trump conceded the 2020 election (to the extent that he ever did), and so if anything she understated the impacts of disinformation spreading.

The conclusions are a little breathless, but well-intentioned and technically appropriate, if a little US-centric – and in fairness the US has at least attempted to set up a more transparent approach to managing cyberweapons, even though the approach is drastically compromised by the desire to keep intelligence-gathering capabilities. Cybersecurity is an area where offence and defence are closely intertwined, and there’s a strong argument that the costs to society of the former mandate a focus on the latter. We need to accept that many cyberweapons that are used (or leaked) can be reverse-engineered and re-used against their original developers with little real up-front financial investment.

There’s some editing. including a repeated mis-use of “affect” rather than “effect”, and a really disastrous throw-away reference to the book Dune, the description of which is almost entirely wrong: surely an editor should have picked that up?

4/5. Finished Sunday 21 January, 2024.

(Originally published on Goodreads.)

Ha-Joon Chang (2022)

A book that combines food with economics? Not really.

I’m torn by this book. I enjoyed the food parts, especially the author’s anecdotes about his move to the UK from Korea, and how he’s observed the UK’s food scene change from incredibly insular and conservative to amazingly open and dynamic over the course of a couple of decades. It’s a change I also lived through and remember well.

I also enjoyed the economics. Chang is an eclectic collector of economic theories – all the more surprising because he’s an academic. He has an appropriate degree of scepticism for ideology and single explanation of complex questions, which is refreshing. He skewers some of the common myths, such as the “explanation” that poor countreis stay poor because their people don’t work hard enough, ingoring the massive structural factors in play. He’s equally scathing about the other “explanation” about the free-trade roots of the successes of the US and UK economies, given that they were actually massively protectionist during their main periods of growth. And he makes several policy suggestions for modern economies.

But…. as a book, I don’t think it works at all. The conceit of explaining economics through food remains just that: a conceit that’s not really threaded through the narrative in a meaningful way. The links are often just too tenuous. To give one example, a chapter that leads with anchovies ends up talking about natural-resource extraction economics using the example of bird guano – well, birds eat anchovies, so… Most of the chapters are basically diviided between food and economics with an often desperate attempt to tie them together. The economics is accessible, and a writer who can do that probably doesn’t need a gimmick to structure his work.

3/5. Finished Saturday 20 January, 2024.

(Originally published on Goodreads.)