Developing Good Work Habits

Writing, like any kind of work, requires a certain amount of discipline. However, unlike many sorts of work, pounding away at the keyboard is only helpful when you have ideas to get onto paper (digital in most cases today, but the idea is the same as writing in the past). In order to become more productive, you must develop good work habits. Part of the task is to base your work habits on the kind of writing you do, your personality, and the requirement to get a certain amount of work done in a given time. It’s also important to consider your work environment.

I normally work a 12 to 14 hour work day, but I don’t spend all that time at the keyboard. My work day is split into one hour segments with 15 minute breaks. The day always begins with chores and breakfast for me. After all, everyone has to eat. During my first segment, I’ll answer e-mail, and then it’s usually time to take a break. I get some cleaning done or get the wood stove ready for the evening fire. The point is to get out of the office for 15 minutes so that I can rest, but also remain productive.

During the second segment I normally write as much text as I can. Sometimes this means pressing pretty hard in order to get the task done, but you need words on paper to move forward. Last week’s post mentioned some ways in which I get the job done. This segment usually goes by so fast that it seems as if I’m just starting when my timer goes off. Yes, I use a timer on my computer to keep a routine in place. Pacing yourself is important. At the end of the second segment it’s usually time to check the chickens and get any eggs they’ve laid. A walk outside is nice too. Sometimes I play Frisbee with the dogs or do some cleaning or even just enjoy some sunshine while I read the newspaper.

The third segment sees me editing the text I’ve written during the second segment and augmenting it. I usually end up with half again the number of pages that I had at the end of the second segment. The point is that the book has advanced, but that the text is also in better shape by the end of the third segment.

Depending on how everything has gone, I can sometimes fit in a fourth segment that I use to research new book material. I write ideas for the current chapter directly into the remaining blank spots so that I can start working on them immediately after lunch.

Lunch is an hour long. Afterward, I check on the animals again, check out the orchards and gardens as needed, and generally get things cleaned up. You’ll notice I do a lot of little cleaning segments during the day. For me, it’s better than trying to clean the entire house all in one fell swoop. Plus, I like a clean environment in which to work, some people actually do work better in clutter. There isn’t any right or wrong to the question of environment, just what works for you.

The rest of the day goes pretty much like the first part of the day went. I’ll have a robust writing segment after lunch, followed by an editing segment, followed by a research segment. It may seem mundane and potentially quite boring, but it’s an efficient way for me to work. Of course, you have to come up with your own routine—whatever seems to work for you. Keep trying different ways to approaching your writing until you come up with an approach that’s both efficient and rewarding. Yes, I’m quite tired by the end of the day, but I also feel quite happy with what I’ve gotten done. Let me know your ideas on writing workflow at


Is Security Research Always Useful?

Anyone involved in the computer industry likely spends some amount of time reading about the latest security issues in books such as Security for Web Developers. Administrators and developers probably spend more time than many people, but no one can possibly read all the security research available today. There are so many researchers looking for so many bugs in so many places and in so many different ways that even if someone had the time and inclination to read every security article produced, it would be impossible. You’d need to be the speediest reader on the planet (and then some) to even think about scratching the surface. So, you must contemplate the usefulness of all that research—whether it’s actually useful or simply a method for some people to get their name on a piece of paper.

Some of the attacks require physical access to the system. In some cases, you must actually take the system apart to access components in order to perform the security trick. Unless you or your organization is in the habit of allowing perfect strangers physical access to your systems, which might include taking them apart, you must wonder whether the security issue is even worth worrying about. You need to ask why someone would take the time to document a security issue that’s nearly impossible to see, much less perform in a real world environment. More importantly, the moment you see that a security issue requires physical access to the device, you can probably stop reading.

You also find attacks that require special equipment to perform. The article, How encryption keys could be stolen by your lunch, discusses one such attack. In fact, the article contains a picture of the special equipment that you must build to perpetrate the attack. It places said equipment into a piece of pita bread, which adds a fanciful twist to something that is already quite odd and pretty much unworkable given that you must be within 50 cm (19.6 in) from the device you want to attack (assuming that the RF transmission conditions are perfect). Except for the interesting attack vector (using a piece of pita bread), you really have to question why anyone would ever perpetrate this attack given that social engineering and a wealth of other attacks require no special equipment, are highly successful, and work from a much longer distance.

Another example of incredibly weird security research is found in the article, When the good guys are wielding the lasers. I have to admit it’s interesting in a James Bond sort of way, but we’re talking about lasers mounted on drones. This attack at least has the advantage of distance (1 km or 0.6 mi). However, you have to wonder just how the laser was able to get a line of sight with the attack object, a printer in this case. If a device is critical enough that someone separates it from the Internet, it’s also quite likely that the device won’t be sitting in front of a window where someone can use a laser to access it.

A few research pieces become more reasonable by discussing outlandish sorts of hacks that could potentially happen after an initial break-in. The hack discussed in Design flaw in Intel chips opens door to rootkits is one of these sorts of hacks. You can’t perpetrate the hack until after breaking into the system some other way, but the break-in has serious consequences once it occurs. Even so, most hackers won’t take the time because they already have everything needed—the hack is overkill.

The articles that help most provide a shot of reality into the decidedly conspiracy-oriented world of security. For example, Evil conspiracy? Nope, everyday cyber insecurity, discusses a series of events that everyone initially thought pointed to a major cyber attack. It turns out that the events occurred at the same time by coincidence. The article author thoughtfully points out some of the reasons that the conspiracy theories seemed a bit out of place at the outset anyway.

It also helps to know the true sources of potential security issues. For example, the articles, In the security world, the good guys aren’t always good and 5 reasons why newer hires are the company’s biggest data security risk, point out the sources you really do need to consider when creating a security plan. These are the sorts of articles that should attract your attention because they describe a security issue that you really should think about. Likewise, reading articles such as, Software developers aren’t implementing encryption correctly and 4 fatal problems with PKI help you understand why your security measures may not always work as well as anticipated.

The point is that you encounter a lot of information out there that doesn’t help you make your system any more secure. It may be interesting if you have the time to read it, but the tactics truly aren’t practical and no hacker is going to use them. Critical thinking skills are your best asset when building your security knowledge. Let me know about your take on security research at