undefined | Better HN

0 pointsominous_prime11y ago0 comments

I understand where you're coming from, but the author is the one who put this out in public. Publishing a book like this sends a strong message of "I am an expert, take what is written here as fact".

Maybe the tone could have been a little softer, but this should not have been done privately. The criticism of the work needs to be just as public as the work itself, so that people who might have been misled have a chance to see why.

0 comments

stcredzero11y ago

Publishing a book like this sends a strong message of "I am an expert, take what is written here as fact".

And we, of the Internet age, should be shocked to learn this is no longer true! Eric Drexler once proposed that hypertext would save the world by allowing such peer review. Just what are we collectively missing when it comes to crypto?

bch11y ago

It could have been couched like responsible disclosure where The Author got a 1 week grace period and worked with tptacek on getting a responsible message out.

ominous_primeOP11y ago

While this is a valid course of action, I still feel it's up to an author to use due diligence in both researching the material, and seeking out expert advice before publishing.

mikeash11y ago

The point of responsible disclosure is that it limits the damage done to users of the system in question by reducing the window in which the flaw is known and the systems are unpatched.

That doesn't apply for a book. Keeping the critique private for a week doesn't help the readers at all. In fact it harms them by keeping incorrect information in play and uncorrected for longer. Perhaps it softens the blow to the author's ego, but that is not at all what "responsible disclosure" is about. Helping out misinformed readers takes precedence over the author.

bch11y ago

I agree with all your points. When I said treat this in a "responsible disclosure" method, I did really mean a grace period, for the authors sake[0]. Clearly the reasoning is not the same as a security issue, as you pointed out. I was trying to be a bit clever. My mistake.

That all said, I still think we can treat each other better. Honest question: was it necessary to destroy it in such detail? Was it necessary for the effort of attack on the "crypto box" front? It seemed personal.

[0] Contacting the author first doesn't necessarily preclude timely notice "this book is flawed" out to readers.

2 more replies

j / k navigate · click thread line to collapse

0 comments

stcredzero11y ago

Publishing a book like this sends a strong message of "I am an expert, take what is written here as fact".

bch11y ago

It could have been couched like responsible disclosure where The Author got a 1 week grace period and worked with tptacek on getting a responsible message out.

ominous_primeOP11y ago

While this is a valid course of action, I still feel it's up to an author to use due diligence in both researching the material, and seeking out expert advice before publishing.

mikeash11y ago

The point of responsible disclosure is that it limits the damage done to users of the system in question by reducing the window in which the flaw is known and the systems are unpatched.

bch11y ago

[0] Contacting the author first doesn't necessarily preclude timely notice "this book is flawed" out to readers.

2 more replies

j / k navigate · click thread line to collapse