Paranoid Penguin - Book Review: <emphasis>Islands in the Clickstream</emphasis>
Why do we hack? Of all the things a person can spend time on, why obsess over the myriad details involved in getting a C program to compile cleanly, a network application to communicate properly or a Web application to withstand SQL-injection attacks? Why do these things matter?
Richard Thieme, hacker sage, journalist, business and government consultant, humanist and former Episcopalian priest, has some ideas why, and he provides 336 pages worth of credible responses to this and many other important questions in his unique book Islands in the Clickstream (Syngress Publishing, 2004).
This is the sort of book you may not realize you want or need until you know it exists. That's true of a lot of things, many of them trivial (shrimp-flavored crackers and brass collar-stays come to mind), but there's nothing trivial about Islands in the Clickstream. Based on Thieme's on-line column of the same name, Islands in the Clickstream is about “the impact of computer technology on organizations, society, and one's own self.”
If you think that sounds like a big topic, you're right. This book is composed of columns spanning the better part of a decade, and Richard still has a long way to go before exhausting his chosen subject.
Actually, though, that's a little like saying “that chap Stephen Hawking is on a roll; I hope he doesn't get bored.” Because the picture Richard Thieme is trying to paint is that of the human condition itself, which nowadays happens to be inextricably entwined with technology. Each new “Islands in the Clickstream” essay he writes adds clarity here or expands onto fresh canvas there, but the painting never can be completed, even if it were possible for one person to paint the whole thing.
Disclosure: Mick Was Already a Fan
Because I'm all about full disclosure, and because I think saying so might make me look cool anyhow, I need to tell you I go way back with Richard Thieme. Before I became a network security enforcer, I was a musician, and when still in music school, I had the privilege of serving as a paid singer for the Reverend Richard Thieme at St. Paul's Episcopalian Church in Milwaukee, Wisconsin. Yes, I was a professional choirboy. Think that's funny, punk?
Anyhow, one of the best parts of that job was hearing Richard's sermons. Each Sunday, Reverend Thieme would deliver a deep, frequently quirky and always mind-bending monologue on what it all means. This was seldom the expected dose of “this is what the Bible tells us life means.” No, even back then, Richard was addressing questions like “we're all connected spiritually, but technology and the media also connect us, in ever more tangible ways; how does that change the nature of our spiritual connectedness?” That's not a quote—I wish my memory were that good—but it's the type of thing he'd talk about.
Well, imagine my surprise, almost a decade later, when I learned that one of my fellow presenters at the Root Fest 2 hackers' convention was that very same Richard Thieme. And, aside from the radical change in venue, he really hadn't changed that much. He was still working on life's more subtle yet compelling questions; the miner had merely switched mountains. I've been a big fan of his columns and speeches ever since, and I am proud to be acquainted with him personally.
Rather than simply being arranged chronologically, the essays in Islands in the Clickstream are distributed across the following chapters:
Introduction: This Is the Way the Internet Works
Computer-Mediated Living: The Digital Filter
Doing Business Digitally
Hacking and the Passion for Knowledge
Mostly True Predictions
The Psychology of Digital Life: Identity and Destiny
The Dark Side of the Moon and Beyond
Technology Gets Personal
This is as good a way to organize Thieme's essays as any. Following Richard's suggestion, however, I've been reading them more or less at random. Although certainly there are common themes and even common observations between essays, there's no narrative per se demanding sequential reading, even within a given chapter, let alone between chapters. A single essay, whether five pages in length or one and one-half, is a completely self-contained Richard Thieme reading experience.
In this respect, and I hope Richard doesn't clobber me for saying so, Islands in the Clickstream is ideal bathroom reading.
So that's what the book is about and how it's organized. But what does it contain?
As readers of my Paranoid Penguin column might predict, some of my favorite bits are in Chapter 4, Hacking and the Passion for Knowledge. Here's a wonderfully representative snippet from the essay “Knowledge, Obsession, Daring” (December 26, 1998):
At a recent hacker con, I was struck—again—by the fact that hacker culture is the space in which everyone will live in the next century. Hacking is not about breaking into locked rooms. Hacking is about mapping, then exploring; or perhaps exploring, then mapping. Hacking is a mandate from evolving technologies to enter a play space characterized by limitless vistas. Properly understood, hacking in its essence is a kind of spiritual quest.
Hacking is not just hard work. It is playfulness at its very best.
Personally, I find it extremely refreshing to read such a concise and insightful redux of the hacker ethos. I get a very good feeling knowing that this sort of insight is being preached not only to the choir, so to speak, but to audiences that include business people, law enforcement officers and representatives of the federal government. Now, more than ever, the world needs hackers to continue exploring and creating, and it furthermore needs to know that that's what hackers do.
Thieme's insight goes far beyond understanding hacker culture, however. He also understands our day jobs, and better still, how they relate to larger societal issues. Consider this passage from “Lest We Forget” (November 23, 2001):
Computer security is a good metaphor for societal security because computer networks are holographic images of societies, a piece of the whole that contains the whole in symbolic form. Perimeter defense of electronic networks, we have learned, only goes so far. It's the nature of networks to subvert boundaries because networks interpenetrate one another in indeterminate ways. Nodes can belong to any of several networks the way a subway station can be a stop on any of several lines. One consequence of this is that insiders cause the great majority of security incidents, which is also a way of saying that “insiders” and “outsiders” are difficult to distinguish in a networked world. Through the use of keystroke loggers, telephone recorders, and surveillance cameras, “insiders” in electronic networks are constantly watched. Now that the United States has been attacked from the inside with its own infrastructure, there is pressure to do the same on a societal level.
I find it remarkable that Thieme sees not only subtle truths and non-instinctive fine points (and if you think his point about “inside” vs. “outside” is totally obvious, think about how rare it still is for people to take internal security very seriously), he finds common threads between these truths and fine points, and then relates them to larger truths. It's a little like having a friend who not only finds your lost car keys, but also accurately describes correlations between short-term memory loss and work-related stress, and ends up suggesting ways in which the national rates of heart disease and career dissatisfaction might both be lowered.
I don't mean to sound facetious (though, I am having a little fun here). My point is that although Richard Thieme is fascinated by hackers, network security, espionage, UFO encounters, intellectual property and many other geeky topics, what he's really trying to figure out is how all that relates to the larger human truths about who we are, why we do what we do and how our perceived and constructed realities relate to “real” reality.
As I stated earlier, a book about the hacker ethos, reality constructs and humankind's place in the universe may not be the first thing that comes to mind when you think of computer books worth purchasing. But on the other hand, that very well may be because it's never occurred to you that there was such a book. Islands in the Clickstream is one, probably the only one, and it may provide some crucial things you haven't been looking for but should have been.
Mick Bauer, CISSP, is Linux Journal's security editor and an IS security consultant in Minneapolis, Minnesota. He's the author of Building Secure Servers With Linux (O'Reilly & Associates, 2002).