Hacker News new | comments | show | ask | jobs | submit login

You're being downvoted, but I agree that a greater amount of tact would have been warranted. Phrases like "I am not making this up", "argh!" and "huh?" add nothing to the review, but only serve to make it more personal, and I say this as a guy who also has very little tact.



There has been a cultural shift in recent years. None of tptacek's observations are adhominem. But there is now an expectation that one tone down the description of one's own reaction. I suspect this is often a conflict between the expectations of the children of helicopter parents and my generation. (1)

Sorry, but I have a right to an emotional reaction to your content and a right to describe it, especially if the reaction is grounded in objective technical reality. I suspect that younger people have this idea that online descriptions of emotional reactions are fictional and purposely crafted for effect -- mostly having to do with emotional aggression. It's true that sometimes "passion" over a subject is used as a pretext for such aggression. That doesn't mean that it's always true, however. In some cases, it's honesty.

That said, "arrrgh" reactions in a technical discipline often indicate a frustrating failure of outreach, education, or communication. I learned things from reading tptacek's review. Maybe he could supervise the ghost-writing of his own undoubtedly excellent book?

(1) - I was riding the bus and this young man had his sneakers tied to the back of his backpack, the soles of which he was pressing into my chest. I tried discretely hinting to him by pressing back, but he was oblivious, so I brought this to his attention.

I was amazed that his first priority wasn't to apologize or help me out, rather it was that I recognize that he didn't mean any harm. Be correct first, then worry about your own ego second.


I would argue that it's not as simple as

> I have a right to an emotional reaction to your content and a right to describe it, especially if the reaction is grounded in objective technical reality

... because while you have rights, being a person who participates in a civilized society means you also have responsibilities, and one of those responsibilities is to interact with people in ways that are appropriate to the situation.

And "appropriate to the situation" changes depending on the nature of the situation. The less serious the situation, the less appropriate a volcanic reaction becomes. Nobody's going to disapprove of you if you start screaming at an airline pilot who you see snorting coke on his way to the plane. But lots of people will disapprove of you if you lay down the same reaction on some poor kid behind the counter at McDonald's because he forgot your French fries.

In the case of this review, I would say tptacek's tone is appropriate, because security is Serious Business (as we should all know, especially after last week); getting it wrong can result in people getting robbed or even killed. So if you're going to put yourself forward as a teacher of crypto, and you're teaching people things that aren't true, you're doing real damage and should be glad a good yelling-at is the worst punishment you have to suffer. But that doesn't mean that the same tone would be appropriate if taken with the kid on the bus, because "annoyingly oblivious" is a long chalk from "could get people killed."


I never said what my tone was on the bus -- it was blunt and matter of fact. My observation was about the young man's reaction. I take exception to your post, as it suggests I said something I didn't.


My point was more about the way you leapt from tptacek's review of the crypto book to the incident on the bus, which implies that they're comparable situations, when really they're not. Not all cluelessness is equal.

> I take exception to your post

I demand satisfaction! Pistols at dawn, my good fellow! Pistols at dawn!


My point was more about the way you leapt from tptacek's review of the crypto book to the incident on the bus, which implies that they're comparable situations, when really they're not.

Ugh. My point in the previous comment -- for the second time -- is not that I'm not comparing the situations. I'm comparing the reactions. Not all cluelessness is equal, and for the second time I never said that! However, oversensitivity to criticism due to a prioritization of feelings/ego generalizes nicely across both situations.

I demand satisfaction! Pistols at dawn, my good fellow! Pistols at dawn!

I only take challenges from people with basic literacy and reading comprehension. Your comments only demonstrate the former, my good fellow. (Or, if this is the 2nd iteration of a deliberate troll through the subtle placing of words in another's mouth, I'll merely comment that I'd be a bit surprised if someone actually thinks this is clever, and note that this would disqualify a challenger though insufficient intellectual integrity.)


You're spot on with the cultural shift.

To me, complaints about tone are for critiques that contain phrases like "fucking idiot" and "worthless waste of space" and other such direct insults or attacks.

If something legitimately makes you stop and stare with your mouth hanging open, it is OK to say "this statement made me stop and stare with my mouth hanging open." Phrases like "I am not making this up" are reasonable shortcuts to expressing that sentiment.

Could Mr. Ptacek's review have been worded more kindly? Of course. Do I care? Not at all. It was nice enough. It concentrated on technical flaws rather than personal attacks. It was informative and useful. The tone was just fine.


> If something legitimately makes you stop and stare with your mouth hanging open, it is OK to say "this statement made me stop and stare with my mouth hanging open."

It's okay if you are writing a story about your personal reactions.

It's irrelevant if you are writing a serious critique, which should be about the content, not about your emotional response to it (assuming it is a critique of an informative work -- obviously, if you are critiquing something as a work of art intended to inspire emotional responses, writing about your response as some relevance.)

It's possible to blend the first kind of story with the second kind of critique, but you have to recognize the different roles of each, do it deliberately, and be exceptionally skilled (the set of people who can do this and produce something worth reading is a proper subset of the intersection of the sets of those who can write entertaining personal stories and those who can write valuable straight critiques.)

That being said, tptacek's review seems pretty focussed on substantive critique with very minimal emotional distractions, so while I disagree with the categorical defense of the individual statements at issue as being appropriate to a straight critique of an informative work, I also think that the charge that the tone was inappropriate and a barrier to reading is overblown considering the fairly minimal level at which distracting emotional descriptions are present in the review.


Sure, it's irrelevant. It adds some color, but it's unnecessary. But who cares? The complaints are not "this writing could be tighter, it wastes words on unnecessary side notes." They are, "oh my god you're hurting this poor fellow's self esteem with your tone!"

It's ironic that these critiques of this review are much dumber than the review's critiques of the book, and implicitly hold a fairly off-the-cuff internet comment to far higher standards than a published book that purports to give important and useful advice about cryptography.

Could this review be better? Sure. But who cares?


Out of curiosity, how could it have been better?


There isn't a whole lot. I think removing some of the emotional language would help. I prefer my technical articles to be a "just the facts, ma'am" and make an effort to write that way myself. I think it could also have benefitted from some additional explanation of the right way, beyond just pointing out the wrong way. For example, I would love to have seen a brief explanation of why hash functions aren't MACs, and why MAC-then-encrypt is the wrong way to do things. I already have a basic familiarity with that (at least partially from some of your previous comments), but I'm sure your explanation would at the very least help cement the ideas in my mind, and probably teach me something new.

That said, I want to point out that I think your review was excellent and it's the kind of thing I love coming across. It many ways, it reminds me of the heyday of Usenet. It's great content and it doesn't need to be better. To the extent that it can be better, it's because nearly any work can be made better with additional effort.


Personally I like the emotional language, because it lets someone slightly less familiar with the field get a sense of how bad each thing is.

A purely "just the facts" version might need a "how bad on a scale of 1-10" or something to get the same information across, and would be less readable.


This is a profound signalling problem. The people who should be most concerned that their data could "have a widespread failure of referential integrity" are sometimes the first to have their eyes glaze over at hearing about it.


That's pretty much a TL;DR of what I was saying in the post you responded to (note the last paragraph).


"I suspect this is often a conflict between the expectations of the children of helicopter parents and my generation."

At 49, I see the exact opposite. Members of my generation tended to exhibit more tact and decorum. The urge to dress like a hobo, swear all the time, and flame everyone in sight is a classic overcompensation for years of helicopter parenting which forbade all of these things.

"In some cases, it's honesty."

In others, it's honesty used as a pretext for acting out.


In others, it's honesty used as a pretext for acting out.

Note I also make this observation.

Also note that I am specifically pointing out reactions to criticism. The other changes in decorum have been noted by previous generations since at least the 1800s. Waltzing was once a lascivious corrosive to society's morals.

Also: we are likely less than 4 years apart in age. I could do with more decorum, as I've been learning over the past 4 years.


I hear you. At the beginning of my career, I always used to be the most offensive person in the room - and I could afford to be, because nobody cared what I thought. Nowadays there are always five people in the room who are more offensive than me, but that won't stop them from complaining if the big bad ogre (me) hurts their feelings. Kids nowadays. ;)


Amost all aggressive reactions are partly contrived and controlled, even if they're occasioned by genuine emotion in the actor. You can see this from the fact that you very rarely see someone give a strongly hostile or contemptuous emotional reaction to their boss or someone else whose reaction they fear. Somehow the guys who just have strong feelings, or just have to tell it like it is, manage to tell it in a much more circumspect manner, or not at all, when letting fly would have unpleasant consequences for them rather than whoever they're going at.


Almost all aggressive reactions are partly contrived and controlled, even if they're occasioned by genuine emotion in the actor. You can see this from the fact that you very rarely see someone give a strongly hostile or contemptuous emotional reaction to their boss or someone else whose reaction they fear.

This is presuming that such fear is always the input to a conscious decision. That doesn't fit my observations of human nature. Power relationships always have some bearing on the nature of an interaction, so what you're saying is comparable to telling an aquatic species that they're wet.

Also, going by what you say, you should have more respect for those who tell truth to power, or tell their more famous/more highly regarded colleagues the plain truth. Perhaps tptacek should be more humble because he's more famous, but if it comes to the choice of him being frustrated by widespread crypto cluelessness or by a desire to dominate others, I think the former makes far more sense.


Merely upvoting isn't enough. Online bullies are cowards at heart, and it's good to be reminded of that, so thanks.


Regarding the shoes: making it clear to you that he did not mean any harm is a way of apologizing and defusing a potentially explosive situation. I hesitate to read too much into it.

Regarding tptacek, I suspect that if he had sent this to the author, or posted it as a formal review, I suspect he would have toned down the description of his reactions. I'm not sure where this review came from, but my impression is that he did not think of it as a published review that the author would see. Certainly doing such would be advisable, as people are more receptive to criticism that way.

Perhaps I am wrong regarding how tptacek would have responded had he known the review would be, essentially, published. But I know I phrase things differently in such situations.


making it clear to you that he did not mean any harm is a way of apologizing

A better way of apologizing is actually apologizing. The young man's reaction was more like exasperation that I should have been put out.

My impression is that the comment was/is a comment on social media. My comment was written in that context.


I don't know, I have problems with these things. I never know who's wrong, should the author not take it personally, or should the reviewer be tactful? I guess both.

Why hurt someone when you can avoid it?


I have a personal problem with ASN.1, and with authenticate- then- obliviously- decrypt. I don't know the author of this book at all and reject the implication that the review had a personalized tone.

Having said that: had I written the "review" as an actual "review", and not as an oversized HN comment that I had to make a Gist out of to get it onto the site, I would have written it more carefully.


I'm not saying the review was personal, it's pretty clear that you're only talking about the facts. It's just that there are phrases that have a lower "hurt-to-information" numerator with the same denominator.


I disagree: the exact turns-of-phrase that can sting also include important signalling, to other readers, of the relative importance of different points, in a way that's hard to do otherwise in prose. (In person, vocal tone and face/body language would convey these same shades of emphasis.)

As long as criticism doesn't cross the "bright lines" of ad hominem or gratuitous ridicule, as a third party reader, I much prefer the targets toughen up, rather than the critics soften their language. And there are way more third-party readers than critics or their targets.


Personally, I feel the difference is in the writing style for the medium. For instance, while a critic might remark on how 'this is such a poor recommendation that it should inspire outrage in a security-conscious developer', someone writing a comment on the Internet may use 'this makes me feel like screaming'. The language is less 'refined' and seemingly more direct though it's really saying the same (appropriate for the medium).

My hypothesis is that people expect text that has no obvious signs of being an Internet comment to use the more 'serious' language and this case (an Internet comment that is a bit longer than usual) is being classified wrongly as a result.


Yes, I think this is something that his happening here. It's at least partially my fault, because once I had to pull the review into Gist, it was easy to post it on Twitter too, and so it took on a life I hadn't anticipated for it.


I don't think you're at fault for anything. There's nothing inappropriate in your review.

It's ridiculous to simultaneously say that a piece of writing devoid of context is being classified in a certain way and to say that it contains that's inappropriate for that classification.

The mere presence of phrases like "I am not making this up" tells you that this piece is not intended to be too serious. To say that it's intended seriously but contains non-serious language is a flat-out contradiction.

It could make sense if it was published in some context, like a serious blog or a news site or something, which implied seriousness. But it's a naked text file on the internet. It doesn't have to take a serious tone.


I agree. Sometimes, the frustration also builds up if someone is witnessing a trend of nonsense, and he reads yet another thing following that trend, which triggers the writing of a rant.

That said, it's funny that most these rants aren't ad hominem, unlike some of the "formatted" vitriol which attacks you without really seeming to do so.

Someone should watch EEVBLOG on Youtube, Dave Jones does reviews and teardowns of electronics.

There was a rant over PICKit3 where he voiced his frustrations with the new device (that wasn't better than the old one, and took out nice features, replaced things that worked perfectly with things that were sort of dumb) which triggered Microchip to answer with a funny video their own.

Your tale about the boy ... Arrrghh ! I don't want to go off topic, but man, I think nothing gets diluted more than values each year.. Well, except shares of a startup once VC's get in.


Or as my 4th grade teacher used to say "Don't be sorry, be right".


Your comment actually made me read the review since it seemed really bad... but after reading it I'm just not seeing the problem.

The "I am not making this up" thing came in the context of recommending ASN.1 for instance. If that were a chess match commentary, this is where the scorekeeper would have put a "??" after the move to note the shock.

And note what tptacek's comment was not: It wasn't a bunch of personal attacks, or swearing. Some of the commentary was "more than professional", to be sure, but that's exactly the kind of commentary you should hope to get in highly-demanding, highly-selective fields.

You want to know what a perfect book review would look like in the Navy's nuclear propulsion program? It would be this: "No deficiencies noted."


I don't think either jacquesmattheij or me said this was really bad, he just said that the tone could be better and I agree. I think people are reading things into our comments.

I agree that it wasn't especially bad, it could just be worded a bit better to spare feelings.


"I am not making this up" is a succinct way to say "this was a really stupid string for the book to contain".

Tptacek could have chosen to say that differently, but it does add value as written. I have no idea what ASN.1 is; simply telling me that the book contains that string doesn't mean anything to me. Telling me that it was a stupid thing to say doesn't teach me about ASN.1 or crypto, but it does teach me about the book.


Sure, but there's a difference between "this book is really bad, it contains errors and wrong advice, I would advise against it and avoid it" and "goddamn this is literally the stupidest book that has ever been written". They convey the same amount of information, but the author's feelings are not hurt equally.


This book doesn't come within an astronomical unit of being the worst book on cryptography I've read; _Applied Cryptography_ is far worse. Which is why I didn't write anything like "goddamn this is literally the stupidest book that has ever been written".


Sorry, I have a habit of not clarifying enough. I'm not saying you said that, I'm just pointing out that one can say the same thing more innocuously if one is a bit more dry/factual.


Being totally dry/factual could mean that people don't read it and goes all TL;DR.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: