Writing

Eight years on

By · Published
anniversary notebook reflection

Today is the eighth birthday of this notebook.

Following the convention I have established each January, this is a brief reflective post before the year proper begins. Brief in the sense of being shorter than my technical content; substantive enough to mark the moment.

Eight years

The discipline continues. Eight years of weekly writing has produced something so habitual that I no longer think about whether to continue; the question is what to write each week, not whether to write at all.

The specific markers as of year-end:

Roughly 350 posts across all categories. The cumulative archive is searchable; each post links to relevant predecessors; the cumulative body forms a connected record of the past eight years of defensive computing as I have observed it.

A correspondence network of perhaps fifty individuals with whom I exchange email regularly, plus many more with whom I have had specific exchanges. Several have become friends; specific collaborative projects have come from the relationships.

A discipline of calibration that has, slowly, produced better forecasting than I had at the start. The annual predictions-and-scoring exercise is now a rhythm; the cumulative archive of predictions across years is genuinely useful for self-knowledge.

A platform for engagement with the field. Conferences, speaking engagements, professional relationships, occasional consulting requests — all are facilitated by the public writing.

What is changing this year

The year ahead has substantial career transition embedded in it. The Royal Botanic Garden Edinburgh consulting engagement is wrapping up through January. After that, a brief Vodafone contract is in place for February through April. After that, a substantive new role that I will write about properly when it is settled.

The cumulative effect on this notebook is bounded. Different operational contexts produce different specific writing material; the underlying discipline does not change with role transitions. The cumulative trajectory continues regardless of specific employment.

For 2006 themes I expect to develop:

  • Continued tracking of the commercial-cybercrime infrastructure and what it produces.
  • The Microsoft Vista trajectory and whether the structural improvements continue.
  • The mobile-platform threat category, which continues to develop slowly.
  • The boundary between commercial software and malware — the Sony BMG aftermath continues.
  • Continued reading discipline — Phrack, Bugtraq, source code, specific papers.
  • More writing for the consulting and operational audiences I will be working with.

What is the same

The weekly cadence. The British English. The internal links. The calibrated humility discipline. The willingness to be wrong publicly and explain it.

The quiet enjoyment of starting the year at the keyboard with a fresh notebook page open and a kettle on. The discipline that has, after eight years, become habit.

A request to readers

If you have been corresponding with me, thank you. If you have not, consider doing so. The conversations have been the year's best surprise, every year. The technical questions are useful; the operational stories are useful; the disagreements are particularly useful. Even short notes about specific posts that landed (or did not) help me calibrate.

The address is on the page. The signal-to-noise ratio of the inbox is good; I read everything that arrives.

What I want to do this year

Five specific things, marked as predictions to score at year-end:

Continue the weekly cadence. 95% probability. The discipline is now habit.

Settle into the new role productively. 80% probability. Specific role-transition friction is foreseeable; the cumulative trajectory should be positive.

Attend at least four conferences. 80% probability. The investment continues to be worthwhile.

Speak at at least one conference. 70% probability. Annual pattern continues.

Write a substantial piece on internal segmentation. 55% probability. I have been promising this for years; this should be the year.

A small note on operational rhythm

The past several years have been operationally busy. 2003 was the SQL Slammer / Blaster / Sobig year. 2004 was the MyDoom / Sasser year. 2005 was the year of the data-breach disclosure regime, the Sony rootkit, and the WMF zero-day. The expectation that 2006 will be similarly busy is reasonable.

I have been pacing myself for sustained operational work over years rather than for sprints between incidents. The burnout discipline continues to apply. Sustainable productivity over years matters more than peak productivity in any specific month.

For anyone reading this who is in the field: take care of yourselves through the year. The work matters; the people doing it matter more.

A reflection on eight years

When I started in 1998 I described the notebook as a discipline for forcing myself to finish thoughts I would otherwise leave half-formed. Eight years later, that purpose continues to be served.

The additional purposes the notebook has acquired — building community, contributing to public discussion, providing reference material for my own thinking, supporting professional trajectory — are emergent. None was planned; all are valuable.

For anyone considering starting a similar discipline: the value compounds in ways that are not obvious at the start. The first year produces some immediate benefit; the cumulative value over many years is substantial in ways that are hard to predict in advance.

The specific cadence matters less than the consistency. Weekly works for me; other operators might find biweekly or monthly more sustainable. The discipline is the thing.

Truly closing

Eight years on. Nine years from when I started a Slackware box that became the foundation of all this work. Eleven years out of school. The trajectory continues; the discipline continues; the community continues.

Thank you for reading. Happy 2006. See you next week.

Back to all writing