The 3,000th visit to the No Tricks blog arrived on December 5th. This was as pleasant as it was unexpected, since just over a thousand people had ventured onto the blog by the end of summer. The thought of reaching even 2,000 visits by Christmas seemed to be relying on personal intervention by the jolly man in red.
The cumulative number of visits is plotted above. Linear trending indicates an average of just over 10 visits/day with the true average being just over 12. For the last four months the average has been 16 visits/day, while its up to 21 visits/day for the last two months. This is probably due to more regular posts being made in the second half of the year, and more exposure through other channels such as Twitter. A rate of 20 visits per day seems quite respectable for my efforts. But indeed, what is the effort?
The Burden of Blogging
I have made 22 posts this year so far, and expect to end up with around 30 by year end. A busy blog month for me means weekly posts, which is a modest rate compared to many casual bloggers. I am surprised how people can do so much blogging, in particular people who I surmise are near or over 40 (Chris Hoff comes to mind). In April the NYT ran an article on the 24 x 7 stress of keeping up appearances on the Web. I have eaten into a considerable amount of weekend family time getting posts out, notably to finish Counting Restricted Password Spaces. This post required an inordinate amount of mundane formatting and calculation. A satisfying post in the end, but ironically I felt that a follow-up post was required to show that the detailed counting methodology presented could be applied more generally. The ingeniously-named More on Counting Restricted Password Spaces was the product of another weekend hiding behind my laptop.
The time burden is not just writing your blog but reading those of others. To gain a sense of what was topical in security and risk blogging, I signed up to about 50 feeds via Google Reader. Such aggregators make it very easy to arrange for a tsunami of information to inundate your browser on a regular basis.
I read quite a few of the posts and scanned many more, creating my own tag cloud for arranging articles, posts and PDFs into categories, with the intention to mine them later. But I have been overwhelmed in the sense that my tag-to-post ratio is quite low. Too much time is spent on front-end processing rather than back-end writing. A blogger will be known by the quality of their output and not by the quality of their cached input.
Of Tools and Text
I have also gone through something of an Odyssey with tools to collect, calibrate, organise, represent and display information. In any survey of tooling through experimentation there is substantial waste and thrashing. Most of my information is stored in Treepad, which basically allows me to forget about the underlying directory structure on my hard disk. It is a great tool but poor on several key areas - which is a familiar pattern for most of the tools I committed to, including OneNote, Wikidpad, ConnectText and Evernote (sorry but I am not going to link those tools for you - get Hyperwords).
I also often organise ideas and references for a post in Freemind. This is yet another desktop tool to navigate information in to and out of, but for laying out post structure FreeMind is excellent. You can find the mindmap used to write Anonymity on the Edge in an interactive Flash format here.
I regularly commit the cardinal sin of editing posts long after they first appeared - if for no other reason than I am a terrible typist and proof-reader. Ominously, I recently discovered a site that produces Latex mathematics graphics for inclusion in blogs. There is a temptation to re-edit quite a few articles that were written using text-based math (yuck!) such as my post on the Birthday Paradox. Time well spent or a distraction from a new post?
On the Bottom of Things
Email is a wonderful thing for people whose role in life is to be on top of things. But not for me; my role is to be on the bottom of things. What I do takes long hours of studying and uninterruptible concentration. I try to learn certain areas of computer science exhaustively; then I try to digest that knowledge into a form that is accessible to people who don't have time for such study.
While I am no Knuth (who is or could be?) , in a small way I try to echo his conviction in my blog - being on the bottom of things as opposed to participation in the seething and amorphous exchange of information that defines being on top of things. I have to agree with Larry and Lou who say
Larry: Now I’m guessing you are a pretty traditional guy Lou. What’s your take on all this Internet technology?
Lou: Couldn’t support it more Larry. One of our big plays is to convince people that the place to be is “on top of things” rather than “at the bottom of things” – that is, to focus on the fleeting, not the foundational. It’s a win-win situation: people get to find a few cheap holidays and outsmart their doctor on something like the glycemic index, while we get mindshare that nothing is really relevant unless it arrives in your mailbox personally addressed to you as part of a competition.
Larry: Short term memory can be measured in mouse clicks.
Lou: Precisely. History becomes a hobby, not a lesson.
Knuth has opined that probably few people who buy his books actually really them fully. So perhaps I should not be overly disappointed that my long posts are not frequently visited - such as Quantum Computing, Zero Knowledge Proofs, and Anonymity. Being on the bottom of things is more a personal responsibility than a populatrity contest.
I had two surprise success posts which, together with the main blog page, account for about 50% of all page views. The blue below represents home page visits and the gray all other pages with less than 1% hits.
My first success (orange slice, 330 views or 7.27% of total) was a short post on the Entrust v5 PKI which links to a longish PDF explaining the product's architecture and key management functions. Certainly this is a "on the bottom of things" document. Most of the traffic comes from Wikipedia where I posted a link under the PKI topic. The lesson here was to leave links to well-visited sites that are right on your technical topic.
The second success - and the most popular post by far (green slice, 648 views or 13.61% of total) - addressed the question of whether AES-256 bit key too large? Most traffic comes directly from Google searches on AES, AES-256, or key lengths - perennial favourites to many crypto aficionados. Originally I had this material contained in a much longer post (too long) but I came to my senses and created 3 smaller articles (the other two being The Long Tail of Vulnerability for A5/1 and The Cold Boot Attack).
The lesson here is to make searchable titles visible to Google, dismembering longer posts as required. I just sliced out the PageRank details from this post and published it as stand-alone content at my new blog U2.
This liberating exercise has got me thinking about the notion of a Least Bloggable Unit.
Harvard and Bruce
Quite a few years ago now I read a book by the then dean of the Arts and Science Faculty of Harvard. He stated that the 3 goals of their undergraduate program were to
- Ensure students could construct a written argument
- Ensure students could construct a quantitative argument
- Receive exposure to another culture.
For me blogging is an open invitation to hone the skills of points 1 and 2 - mainly the former and the latter where applicable (I have point 3 covered after living away from Australia for almost 20 years). As I mentioned in Some Black Swans for IT Security, Bruce Schneier has mainly conquered the security world through written communication
The Black Swan aspect of Mr. Schneier is that he has achieved this status through excellent communication (and yes cunning publicity as well) rather than technical prowess. Of course he has technical prowess but that is rather common in security and cryptography. What is uncommon, or even uncanny, is the ability to explain security in terms that can be understood by non-specialists whether it be programmers, professionals, managers or executives. Bruce has literally written himself into the modern history books of security. He has shown, once again, that communication is king - the security explanation is mightier than the security deed.
Indeed the security explanation is mightier than the security deed. And blogging is the beginning of that process.