The future of security

From Bruce Schneier’s “Security in Ten Years” (Crypto-Gram: 15 December 2007):

Bruce Schneier: … The nature of the attacks will be different: the targets, tactics and results. Security is both a trade-off and an arms race, a balance between attacker and defender, and changes in technology upset that balance. Technology might make one particular tactic more effective, or one particular security technology cheaper and more ubiquitous. Or a new emergent application might become a favored target.

By 2017, people and organizations won’t be buying computers and connectivity the way they are today. The world will be dominated by telcos, large ISPs and systems integration companies, and computing will look a lot like a utility. Companies will be selling services, not products: email services, application services, entertainment services. We’re starting to see this trend today, and it’s going to take off in the next 10 years. Where this affects security is that by 2017, people and organizations won’t have a lot of control over their security. Everything will be handled at the ISPs and in the backbone. The free-wheeling days of general-use PCs will be largely over. Think of the iPhone model: You get what Apple decides to give you, and if you try to hack your phone, they can disable it remotely. We techie geeks won’t like it, but it’s the future. The Internet is all about commerce, and commerce won’t survive any other way.

Marcus Ranum: … Another trend I see getting worse is government IT know-how. At the rate outsourcing has been brain-draining the federal workforce, by 2017 there won’t be a single government employee who knows how to do anything with a computer except run PowerPoint and Web surf. Joking aside, the result is that the government’s critical infrastructure will be almost entirely managed from the outside. The strategic implications of such a shift have scared me for a long time; it amounts to a loss of control over data, resources and communications.

Bruce Schneier: … I’m reminded of the post-9/11 anti-terrorist hysteria — we’ve confused security with control, and instead of building systems for real security, we’re building systems of control. Think of ID checks everywhere, the no-fly list, warrantless eavesdropping, broad surveillance, data mining, and all the systems to check up on scuba divers, private pilots, peace activists and other groups of people. These give us negligible security, but put a whole lot of control in the government’s hands.

That’s the problem with any system that relies on control: Once you figure out how to hack the control system, you’re pretty much golden. So instead of a zillion pesky worms, by 2017 we’re going to see fewer but worse super worms that sail past our defenses.

The future of security Read More »

My new book – Google Apps Deciphered – is out!

I’m really proud to announce that my 5th book is now out & available for purchase: Google Apps Deciphered: Compute in the Cloud to Streamline Your Desktop. My other books include:

(I’ve also contributed to two others: Ubuntu Hacks: Tips & Tools for Exploring, Using, and Tuning Linux and Microsoft Vista for IT Security Professionals.)

Google Apps Deciphered is a guide to setting up Google Apps, migrating to it, customizing it, and using it to improve productivity, communications, and collaboration. I walk you through each leading component of Google Apps individually, and then show my readers exactly how to make them work together for you on the Web or by integrating them with your favorite desktop apps. I provide practical insights on Google Apps programs for email, calendaring, contacts, wikis, word processing, spreadsheets, presentations, video, and even Google’s new web browser Chrome. My aim was to collect together and present tips and tricks I’ve gained by using and setting up Google Apps for clients, family, and friends.

Here’s the table of contents:

  • 1: Choosing an Edition of Google Apps
  • 2: Setting Up Google Apps
  • 3: Migrating Email to Google Apps
  • 4: Migrating Contacts to Google Apps
  • 5: Migrating Calendars to Google Apps
  • 6: Managing Google Apps Services
  • 7: Setting Up Gmail
  • 8: Things to Know About Using Gmail
  • 9: Integrating Gmail with Other Software and Services
  • 10: Integrating Google Contacts with Other Software and Services
  • 11: Setting Up Google Calendar
  • 12: Things to Know About Using Google Calendar
  • 13: Integrating Google Calendar with Other Software and Services
  • 14: Things to Know About Using Google Docs
  • 15: Integrating Google Docs with Other Software and Services
  • 16: Setting Up Google Sites
  • 17: Things to Know About Using Google Sites
  • 18: Things to Know About Using Google Talk
  • 19: Things to Know About Using Start Page
  • 20: Things to Know About Using Message Security and Recovery
  • 21: Things to Know About Using Google Video
  • Appendix A: Backing Up Google Apps
  • Appendix B: Dealing with Multiple Accounts
  • Appendix C: Google Chrome: A Browser Built for Cloud Computing

If you want to know more about Google Apps and how to use it, then I know you’ll enjoy and learn from Google Apps Deciphered. You can read about and buy the book at Amazon (http://www.amazon.com/Google-Apps-Deciphered-Compute-Streamline/dp/0137004702) for $26.39. If you have any questions or comments, don’t hesitate to contact me at scott at granneman dot com.

My new book – Google Apps Deciphered – is out! Read More »

A single medium, with a single search engine, & a single info source

From Nicholas Carr’s “All hail the information triumvirate!” (Rough Type: 22 January 2009):

Today, another year having passed, I did the searches [on Google] again. And guess what:

World War II: #1
Israel: #1
George Washington: #1
Genome: #1
Agriculture: #1
Herman Melville: #1
Internet: #1
Magna Carta: #1
Evolution: #1
Epilepsy: #1

Yes, it’s a clean sweep for Wikipedia.

The first thing to be said is: Congratulations, Wikipedians. You rule. Seriously, it’s a remarkable achievement. Who would have thought that a rag-tag band of anonymous volunteers could achieve what amounts to hegemony over the results of the most popular search engine, at least when it comes to searches for common topics.

The next thing to be said is: what we seem to have here is evidence of a fundamental failure of the Web as an information-delivery service. Three things have happened, in a blink of history’s eye: (1) a single medium, the Web, has come to dominate the storage and supply of information, (2) a single search engine, Google, has come to dominate the navigation of that medium, and (3) a single information source, Wikipedia, has come to dominate the results served up by that search engine. Even if you adore the Web, Google, and Wikipedia – and I admit there’s much to adore – you have to wonder if the transformation of the Net from a radically heterogeneous information source to a radically homogeneous one is a good thing. Is culture best served by an information triumvirate?

It’s hard to imagine that Wikipedia articles are actually the very best source of information for all of the many thousands of topics on which they now appear as the top Google search result. What’s much more likely is that the Web, through its links, and Google, through its search algorithms, have inadvertently set into motion a very strong feedback loop that amplifies popularity and, in the end, leads us all, lemminglike, down the same well-trod path – the path of least resistance. You might call this the triumph of the wisdom of the crowd. I would suggest that it would be more accurately described as the triumph of the wisdom of the mob. The former sounds benign; the latter, less so.

A single medium, with a single search engine, & a single info source Read More »

Old botnets dead; new botnets coming

From Joel Hruska’s “Meet Son of Storm, Srizbi 2.0: next-gen botnets come online” (Ars Technica: 15 January 2009):

First the good news: SecureWorks reports that Storm is dead, Bobax/Kraken is moribund, and both Srizbi and Rustock were heavily damaged by the McColo takedown; Srizbi is now all but silent, while Rustock remains viable. That’s three significant botnets taken out and one damaged in a single year; cue (genuine) applause.

The bad news kicks in further down the page with a fresh list of botnets what need to be watched. Rustock and Mega-D (also known as Ozdok) are still alive and kicking, while newcomers Xarvester and Waledac could cause serious problems in 2009. Xarvester, according to Marshal may be an updated form of Srizbi; the two share a number of common features, including:

* HTTP command and control over nonstandard ports
* Encrypted template files contain several files needed for spamming
* Bots don’t need to do their own DNS lookups to send spam
* Config files have similar format and data
* Uploads Minidump crash file

Old botnets dead; new botnets coming Read More »

A definition of cloud computing

From Darryl K. Taft’s “Predictions for the Cloud in 2009” (eWeek: 29 December 2008):

[Peter] Coffee, who is now director of platform research at Salesforce.com, said, “I’m currently using a simple reference model for what a ‘cloud computing’ initiative should try to provide. I’m borrowing from the famous Zero-One-Infinity rule, canonically defined in The Jargon File…”

He continued, “It seems to me that a serious effort at delivering cloud benefits pursues the following ideals—perhaps never quite reaching them, but clearly having them as goals within theoretical possibility: Zero—On-premise[s] infrastructure, acquisition cost, adoption cost and support cost. One—Coherent software environment—not a ‘stack’ of multiple products from different providers. This avoids the chaos of uncoordinated release cycles or deferred upgrades. Infinity—Scalability in response to changing need, integratability/interoperability with legacy assets and other services, and customizability/programmability from data, through logic, up into the user interface without compromising robust multitenancy.”

A definition of cloud computing Read More »

Social networks can be used to manipulate affinity groups

From Ronald A. Cass’ “Madoff Exploited the Jews” (The Wall Street Journal: 18 December 2008):

Steven Spielberg. Elie Wiesel. Mort Zuckerman. Frank Lautenberg. Yeshiva University. As I read the list of people and enterprises reportedly bilked to the tune of $50 billion by Bernard Madoff, I recalled a childhood in which my father received bad news by asking first, “Was it a Jew?” My father coupled sensitivity to anti-Semitism with special sympathy for other Jews. In contrast, Mr. Madoff, it seems, targeted other Jews, drawing them in at least in some measure because of a shared faith.

The Madoff tale is striking in part because it is like stealing from family. Yet frauds that prey on people who share bonds of religion or ethnicity, who travel in the same circles, are quite common. Two years ago the Securities and Exchange Commission issued a warning about “affinity fraud.” The SEC ticked off a series of examples of schemes that were directed at members of a community: Armenian-Americans, Baptist Church members, Jehovah’s Witnesses, African-American church groups, Korean-Americans. In each case, the perpetrator relied on the fact that being from the same community provided a reason to trust the sales pitch, to believe it was plausible that someone from the same background would give you a deal that, if offered by someone without such ties, would sound too good to be true.

The sense of common heritage, of community, also makes it less seemly to ask hard questions. Pressing a fellow parishioner or club member for hard information is like demanding receipts from your aunt — it just doesn’t feel right. Hucksters know that, they play on it, and they count on our trust to make their confidence games work.

The level of affinity and of trust may be especially high among Jews. The Holocaust and generations of anti-Semitic laws and practices around the world made reliance on other Jews, and care for them, a survival instinct. As a result, Jews are often an easy target both for fund-raising appeals and fraud. But affinity plays a role in many groups, making members more trusting of appeals within the group.

Social networks can be used to manipulate affinity groups Read More »

Real-life superheroes

From John Harlow’s “Amateur crimefighters are surging in the US” (The Times: 28 December 2008):

There are, according to the recently launched World Superhero Registry, more than 200 men and a few women who are willing to dress up as comic book heroes and patrol the urban streets in search of, if not super-villains, then pickpockets and bullies.

They may look wacky, but the superhero community was born in the embers of the 9/11 terrorist attacks when ordinary people wanted to do something short of enlisting. They were boosted by a glut of Hollywood superhero movies.

In recent weeks, prompted by heady buzz words such as “active citizenry” during the Barack Obama campaign, the pace of enrolment has speeded up. Up to 20 new “Reals”, as they call themselves, have materialised in the past month.

The Real rules are simple. They must stand for unambiguous and unsponsored good. They must create their own Spandex and rubber costumes without infringing Marvel or DC Comics copyrights, but match them with exotic names – Green Scorpion in Arizona, Terrifica in New York, Mr Xtreme in San Diego and Mr Silent in Indianapolis.

They must shun guns or knives to avoid being arrested as vigilantes, even if their nemeses may be armed. Their best weapon is not muscle but the internet – an essential tool in their war on crime is a homepage stating the message of doom for super-villains.

[Citizen] Prime patrols some of the most dangerous streets in Phoenix but, like most Reals, is reluctant to speak about the villains he has dispatched with a blow from his martial arts-honed forearm. He does admit helping a motorist change a flat tyre.

Real-life superheroes Read More »

DIY genetic engineering

From Marcus Wohlsen’s “Amateurs are trying genetic engineering at home” (AP: 25 December 2008):

Now, tinkerers are working at home with the basic building blocks of life itself.

Using homemade lab equipment and the wealth of scientific knowledge available online, these hobbyists are trying to create new life forms through genetic engineering — a field long dominated by Ph.D.s toiling in university and corporate laboratories.

In her San Francisco dining room lab, for example, 31-year-old computer programmer Meredith L. Patterson is trying to develop genetically altered yogurt bacteria that will glow green to signal the presence of melamine, the chemical that turned Chinese-made baby formula and pet food deadly.

Many of these amateurs may have studied biology in college but have no advanced degrees and are not earning a living in the biotechnology field. Some proudly call themselves “biohackers” — innovators who push technological boundaries and put the spread of knowledge before profits.

In Cambridge, Mass., a group called DIYbio is setting up a community lab where the public could use chemicals and lab equipment, including a used freezer, scored for free off Craigslist, that drops to 80 degrees below zero, the temperature needed to keep many kinds of bacteria alive.

Patterson, the computer programmer, wants to insert the gene for fluorescence into yogurt bacteria, applying techniques developed in the 1970s.

She learned about genetic engineering by reading scientific papers and getting tips from online forums. She ordered jellyfish DNA for a green fluorescent protein from a biological supply company for less than $100. And she built her own lab equipment, including a gel electrophoresis chamber, or DNA analyzer, which she constructed for less than $25, versus more than $200 for a low-end off-the-shelf model.

DIY genetic engineering Read More »

A one-way ticket to crazyville

Tanguma's The Children of the World Dream of P...
Image by rsgranne via Flickr
Tanguma's The Children of the World Dream of P...
Image by rsgranne via Flickr
Tanguma's The Children of the World Dream of P...
Image by rsgranne via Flickr

From Dave Alan’s “Interview with Alex Christopher” (Leading Edge Research Group: 1 June 1996):

Legend: DA [Dave Alan, Host] AC: [Alex Christopher] C: [Caller]

(Note: according to former British Intelligence agent Dr. John Coleman, the London-based Wicca Mason lodges are one-third of the overall global conspiracy. The other two thirds are the Black Nobility banking families who claim direct descent from the early Roman emperors, and also the Maltese Jesuits or the Jesuit – Knights of Malta network. All three networks each have 13 representatives within the Bilderberg organization, which is a cover for the Bavarian Illuminati, suggestive that Bavaria itself has orchestrated a “marriage of convenience” between these three formerly competitive global control groups. – Branton)

AC: All right. The information, primarily, that is in “Pandora’s Box” covers how the major corporations, railroad and banking concerns in this country were set up through a ‘trust’ that was originally known as the Virginia Company… The deal was that everything would remain under English control, or subservient to it, and that brings us right up to today, because we are still looking at everything falling under that ‘trust’ system going back to the Crown of England. It is mind boggling to think that everyone in this country has been led to believe that the people in the United States had won independence from England, when in fact they never did.

AC: The capstone, or the dedication stone, for the Denver airport has a Masonic symbol on it. A whole group of us went out to the airport to see some friends off and see this capstone, which also has a time capsule imbedded inside it. It sits at the south eastern side of the terminal which, by the way, is called “The Great Hall”, which is what Masons refer to as their meeting hall. And, on this thing it mentions “the New World Airport Commission”. …

AC: It has a Masonic symbol on it, and it also has very unusual geometric designs. It depicts an arm rising up out of it that curves at a 45 degree angle. It also has a thing that looks like a keypad on it. This capstone structure is made of carved granite and stainless steel, and it is very fancy.. This little keypad area at the end of the arm has an out-of-place unfinished wooden block sitting on it. The gentleman that was with me on the first trip out to the airport has since died. They say he committed suicide, but everything else tells me that this is not possible. No one can double-tie a catheter behind his own neck and strangle himself. I just don’t think that is possible. But, his name was Phil Schneider, and he started blowing the whistle on all this stuff going on in the underground bases that he had helped build for years and years. He worked on the underground bases at Area 51 and Dulce, New Mexico, as well as several other places. Schneider told me that this keypad-looking area looked like a form of techno-geometry that is “alien-oriented”, and that it had something to do with a “directional system”, whatever that meant, that functioned as a homing beacon to bring ships right into the “Great Hall”.

(Note: … Remember even through the Bilderbergers consist of a “marriage of convenience” between Londonese Wicca Masons, Basilian Black Nobility and Roman Maltese Jesuits… the supreme controllers of the Bildeberger cult itself are the secret black Gnostic cults of Bavaria whose ‘Cult of the Serpent’ — or Illuminati — can be traced back to Egypt and ultimately to Babylon itself. These Rockefeller-Nazi projects reportedly continued through at least 1975 during which period many thousands more “underground Nazis” were brought into America from Europe and also, if we are to believe some reports, from the secret German “New Berlin” base under the mountains of Neu Schwabenland, Antarctica that was established during World War II via Nazi-occupied South Africa. Is Neu Schwabenland the REAL power behind the joint Bavarian-Alien New World Order Agenda? …)

AC: … It took myself and two other people over eight months to figure out all the symbology that is embodied in these murals. It turned out that some of these are ‘trigger’ pictures, containing symbology designed to trigger altered personalities of people that have been groomed in MKULTRA type programs for specific tasks that they have been trained to do in terms of something connected with Satanic rituals and mind control. I had one woman that called me out of the blue one night, and she was really disturbed about some information. She told me many different things that later turned out to be known MKULTRA triggers. Also, almost every aspect of these murals contains symbols relating back to secret societies. When you get the overall view of what they are talking about in these things, it is very very scary. It goes back to the Bio-diversity Treaty, getting rid of specific races of people, taking over the world and mind control.

AC: Well, the gentleman that I was dealing with, Phil Schneider, said that during the last year of construction they were connecting the underground airport system to the deep underground base. He told me that there was at least an eight-level deep underground base there, and that there was a 4.5 square mile underground city and an 88.5 square-mile base underneath the airport.

DA: You were telling me that there are huge concrete corridors with sprinklers all along the ceiling. What are these sprinkler heads doing in a concrete bunker, pray tell? (Presumably concrete will not ‘burn’ if there is a potential fire, so is it possible that something other than ‘water’ is meant to be expelled from these sprinklers which are located “all along” the ceiling? – Branton)

AC: I think a lot of the people saw things that disturbed them so much that they would not talk about it. I know several people who worked on the project that managed to find their way down into the depths, probably close to the deep underground base, and saw things that scared them so badly they won’t talk about it. I interviewed a few of the former employees on these construction crews that worked out there on these buildings that ended up buried, and they are afraid to talk. They say that everybody is real nervous about it, and they decided to tell some of the secrets that they knew, but they don’t want anybody to know who they are. So, I can tell you that it is a very unusual and spooky type of place, and if you are a sensitive person you get nauseated as soon as you enter the perimeter of the airport. Especially when you go down underground. You become very nauseated a nervous. There is also so much electromagnetic flux in the area that if you get out on the open ground around the airport, you will ‘buzz’.

AC: If Phil is right, and all this hooks up to the deep underground base that he was offered the plans to build back in 1979, and that what this other man TOLD me in private [is] that there is a lot of human SLAVE LABOR in these deep underground bases being used by these aliens, and that a lot of this slave labor is children. HE SAID that when the children reach the point that they are unable to work any more, they are slaughtered on the spot and consumed.

DA: Consumed by who?

AC: Aliens. Again, this is not from me, but from a man that gave his life to get this information out. He worked down there for close to 20 years, and he knew everything that was going on.

DA: Hmmm. Who do these aliens eat?

AC: They specifically like young human children, that haven’t been contaminated like adults. Well, there is a gentleman out giving a lot of information from a source he gets it from, and he says that there is an incredible number of children snatched in this country.

DA: Over 200,000 each year.

AC: And that these children are the main entree for dinner.

AC: Yes. From some information that has been put out by a group or team that also works in these underground bases that is trying to get information out to people that love this country, THERE IS A WAR THAT IS GOING ON UNDER OUT FEET, AND ABOVE OUR HEADS, that the public doesn’t know anything about, and its between these ALIEN forces and the HUMANS that are trying to fight them.

DA: What other types have you seen?

AC: The ones that I have seen are the big-eyed Greys and the Reptilians.

DA: What do these Reptilians look like?

AC: There are three different types.

AC: … Anyway, they were both totally flipped out. I finally got them calmed down enough to let me go home. I went home and went to bed. The next thing I know, I woke up and there is this ‘thing’ standing over my bed. He had wrap-around yellow eyes with snake pupils, and pointed ears and a grin that wrapped around his head. He had a silvery suit on, and this scared the living daylights out of me. I threw the covers over my head and started screaming….I mean, here is this thing with a Cheshire-cat grin and these funky glowing eyes…this is too much. I have seen that kind of being on more than one occasion.

DA: What else can you say about it?

AC: Well, he had a hooked nose and he was [humanoid] looking, other than the eyes, and had kind of grayish skin. Later on in 1991, I was working in a building in a large city, and I had taken a break about 6:00, and the next thing I knew it was 10:30 at night, and I thought I had taken a short break. I started remembering that I was taken aboard a ship, through four floors of an office building, and through a roof. There on the ship is were I encountered ‘GERMANS’ AND ‘AMERICANS’ WORKING TOGETHER, and also the GREY ALIENS, and then we were taken to some other kind of facility and there I saw the REPTILIANS again … the one’s I call the “baby Godzilla’s”, that have the short teeth and yellow slanted eyes, and who look like a VELOCI-RAPTOR, kind of.

DA: So, why would these people pick on you?

AC: Well, I found one common denominator in the abduction, and it keeps on being repeated over and over again. I deal with lots of people who have been abducted, and the one common denominator seems to be the blood line, and its the blood line that goes back to ancient Indian or Native American blood lines.

AC: Well, at that facility I saw the almond-eyed Greys, but the thing that sticks in my mind are the beings that look like reptiles, or the veloci-raptors. They are the cruelest beings you could ever imagine, and they even smell hideous. There were a couple of very unusual areas down there where I was taken which looked like cold storage lockers, where these things were in hibernation tubes, and that is about all I remember, other than seeing some black helicopters and little round-wing disk type aircraft

In the book “Cosmic Conflict”, the author talks about the ancient city that was uncovered by the Germans before World War II, and tells about their effort to revive some frozen humans they found in this underground city, and that the true humans couldn’t be revived, but the ones that could be revived were in fact reptilians in disguise, and the reptilians have the capability to do shape-shifting and create a [laser] holographic image so when you look at them you see a human, but under that there is no human there. … Allegedly the reptilians re-animated and killed the Soviet scientists and through some type of psychic osmosis drained their minds and assimilated their memories and features through a molecular shape-shifting type process. … The alien ‘impostors’ then called for backup and more scientists came out and were ‘replaced’, and these eventually returned to Russia and began to infiltrate the Communist government.

AC: These people that have done all this research and are part of the underground government are telling that the humans on this planet have been at war with these reptilian aliens for thousands of years. At one point, things got so hot on the planet, like it is now, aliens took on this holographic image and infiltrated the human race in order to take it over and undermine it, just like this New World Order is doing right now. They’re saying that the same thing happened to civilization on Earth before, and that the humans before actually had the capability for interplanetary travel, and that it was so bad here with the reptilians that they had to leave… What they are also saying is that these beings that are human-looking that are visiting our planet, at this time, trying to inform people what is going on, and guide them, are actually OUR ANCESTORS THAT ESCAPED FROM EARTH before, when it was under reptilian domination.

AC: I went to South Florida a couple of weeks ago and interviewed a man who had done research for 30 years, and oddly enough, he tapped into some of the same information I had, in that our government has had round-winged, saucer-type technology, high mach speed aircraft since the 1920’s, and that in 1952 they had over 500 of these aircraft hidden in secret bases. Now, if they had that in 1952, considering that military technology grows by 44 years for every year that goes by, what do you imagine they have now, 44 years later, after technology has advanced the equivalent of 1,936 years?

AC: He claims to be one of the ones who jumped overboard off the Eldridge when it went into hyperspace during the Philadelphia Experiment. He actually traveled forward in time, and asked the people that he encountered there what happened in his future. At that time, he was given the information about the New World Order and that Denver was the location for the NWO Western Sector, and that Atlanta was supposed to be the control center for the Eastern Sector. Can it be that the fact that the Olympics is supposed to be in Atlanta is part of a scenario?

A one-way ticket to crazyville Read More »

Social networking and “friendship”

From danah boyd’s “Friends, Friendsters, and MySpace Top 8: Writing Community Into Being on Social Network Sites” (First Monday: December 2006)

John’s reference to “gateway Friends” concerns a specific technological affordance unique to Friendster. Because the company felt it would make the site more intimate, Friendster limits users from surfing to Profiles beyond four degrees (Friends of Friends of Friends of Friends). When people login, they can see how many Profiles are “in their network” where the network is defined by the four degrees. For users seeking to meet new people, growing this number matters. For those who wanted it to be intimate, keeping the number smaller was more important. In either case, the number of people in one’s network was perceived as directly related to the number of friends one had.

“I am happy with the number of friends I have. I can access over 26,000 profiles, which is enough for me!” — Abby

The number of Friends one has definitely affects the size of one’s network but connecting to Collectors plays a much more significant role. Because these “gateway friends” (a.k.a. social network hubs) have lots of Friends who are not connected to each other, they expand the network pretty rapidly. Thus, connecting to Collectors or connecting to people who connect to Collectors opens you up to a large network rather quickly.

While Collectors could be anyone interested in amassing many Friends, fake Profiles were developed to aid in this process. These Fakesters included characters, celebrities, objects, icons, institutions, and ideas. For example, Homer Simpson had a Profile alongside Jesus and Brown University. By connecting people with shared interests or affiliations, Fakesters supported networking between like-minded individuals. Because play and connecting were primary incentives for many Fakesters, they welcomed any and all Friends. Likewise, people who wanted access to more people connected to Fakesters. Fakesters helped centralize the network and two Fakesters — Burning Man and Ali G — reached mass popularity with over 10,000 Friends each before the Web site’s creators put an end to their collecting and deleted both accounts. This began the deletion of all Fakesters in what was eventually termed the Fakester Genocide [8].

While Friendster was irritated by fake Profiles, MySpace embraced this practice. One of MySpace’s early strategies was to provide a place for everyone who was rejected from Friendster or who didn’t want to be on a dating site [9]. Bands who had been kicked off of Friendster were some of the earliest MySpace users. Over time, movie stars, politicians, porn divas, comedians, and other celebrities joined the fray. Often, the person behind these Profiles was not the celebrity but a manager. Corporations began creating Profiles for their products and brands. While Friendster eventually began allowing such fake Profiles for a fee, MySpace never charged people for their commercial uses.

Investigating Friendship in LiveJournal, Kate Raynes-Goldie and Fono (2005) found that there was tremendous inconsistency in why people Friended others. They primarily found that Friendship stood for: content, offline facilitator, online community, trust, courtesy, declaration, or nothing. When I asked participants about their practices on Friendster and MySpace, I found very similar incentives. The most common reasons for Friendship that I heard from users [11] were:

1. Actual friends
2. Acquaintances, family members, colleagues
3. It would be socially inappropriate to say no because you know them
4. Having lots of Friends makes you look popular
5. It’s a way of indicating that you are a fan (of that person, band, product, etc.)
6. Your list of Friends reveals who you are
7. Their Profile is cool so being Friends makes you look cool
8. Collecting Friends lets you see more people (Friendster)
9. It’s the only way to see a private Profile (MySpace)
10. Being Friends lets you see someone’s bulletins and their Friends-only blog posts (MySpace)
11. You want them to see your bulletins, private Profile, private blog (MySpace)
12. You can use your Friends list to find someone later
13. It’s easier to say yes than no

These incentives account for a variety of different connections. While the first three reasons all concern people that you know, the rest can explain why people connect to a lot of people that they do not know. Most reveal how technical affordances affect people’s incentives to connect.

Raynes-Goldie and Fono (2005) also found that there is a great deal of social anxiety and drama provoked by Friending in LiveJournal (LJ). In LJ, Friendship does not require reciprocity. Anyone can list anyone else as a Friend; this articulation is public but there is no notification. The value of Friendship on LJ is deeply connected to the privacy settings and subscription processes. The norm on LJ is to read others’ entries through a “Friends page.” This page is an aggregation of all of an individual’s Friends’ posts. When someone posts an LJ entry, they have a choice as to whether the post should be public, private, Friends-only, or available to subgroups of Friends. In this way, it is necessary to be someone’s Friend to have access to Friends-only posts. To locate how the multiple and conflicting views of Friendship cause tremendous conflict and misunderstanding on LJ, Raynes-Goldie and Fono speak of “hyperfriending.” This process is quite similar to what takes place on other social network sites, but there are some differences. Because Friends-only posts are commonplace, not being someone’s Friend is a huge limitation to information access. Furthermore, because reciprocity is not structurally required, there’s a much greater social weight to recognizing someone’s Friendship and reciprocating intentionally. On MySpace and Friendster, there is little to lose by being loose with Friendship and more to gain; the perception is that there is much more to lose on LJ.

While users can scroll through their list of Friends, not all Friends are displayed on the participant’s Profile. Most social network sites display Friends in the order in which their account was created or their last login date. By implementing a “Top 8” feature, MySpace changed the social dynamics around the ordering of Friends. Initially, “Top 8” allowed users to select eight Friends to display on their Profile. More recently, that feature was changed to “Top Friends” as users have more options in how many people they could list [12]. Many users will only list people that they know and celebrities that they admire in their Top Friends, often as a way to both demarcate their identity and signal meaningful relationships with others.

There are many advantages to the Top Friends feature. It allows people to show connections that really say something about who they are. It also serves as a bookmark to the people that matter. By choosing to list the people who one visits the most frequently, simply going to one’s Profile provides a set of valuable links.

“As a kid, you used your birthday party guest list as leverage on the playground. ‘If you let me play I’ll invite you to my birthday party.’ Then, as you grew up and got your own phone, it was all about someone being on your speed dial. Well today it’s the MySpace Top 8. It’s the new dangling carrot for gaining superficial acceptance. Taking someone off your Top 8 is your new passive aggressive power play when someone pisses you off.” — Nadine

There are a handful of social norms that pervade Top 8 culture. Often, the person in the upper left (“1st” position) is a significant other, dear friend, or close family member. Reciprocity is another salient component of Top Friends dynamics. If Susan lists Mary on her Top 8, she expects Mary to reciprocate. To acknowledge this, Mary adds a Comment to Susan’s page saying, “Thanx for puttin me on ur Top 8! I put you on mine 2.” By publicly acknowledging this addition, Mary is making certain Susan’s viewers recognize Mary’s status on Susan’s list. Of course, just being in someone’s list is not always enough. As Samantha explains, “Friends get into fights because they’re not 1st on someone’s Top 8, or somebody else is before them.” While some people are ecstatic to be added, there are many more that are frustrated because they are removed or simply not listed.

The Top Friends feature requires participants to actively signal their relationship with others. Such a system makes it difficult to be vague about who matters the most, although some tried by explaining on their bulletins what theme they are using to choose their Top 8 this week: “my Sagittarius friends,” “my basketball team,” and “people whose initials are BR.” Still others relied on fake Profiles for their Top 8.

The networked nature of impressions does not only affect the viewer — this is how newcomers decided what to present in the first place. When people first joined Friendster, they took cues from the people who invited them. Three specific subcultures dominated the early adopters — bloggers, attendees of the Burning Man [14] festival, and gay men mostly living in New York. If the invitee was a Burner, their Profile would probably be filled with references to the event with images full of half-naked, costumed people running around the desert. As such, newcomers would get the impression that it was a site for Burners and they would create a Profile that displayed that facet of their identity. In decided who to invite, newcomers would perpetuate the framing by only inviting people who are part of the Burning Man subculture.

Interestingly, because of this process, Burners believed that the site was for Burners, gay men thought it was a gay dating site, and bloggers were ecstatic to have a geek socializing tool. The reason each group got this impression had to do with the way in which context was created on these systems. Rather than having the context dictated by the environment itself, context emerged through Friends networks. As a result, being socialized into Friendster meant connected to Friends that reinforced the contextual information of early adopters.

The growth of MySpace followed a similar curve. One of the key early adopter groups were hipsters living in the Silverlake neighborhood of Los Angeles. They were passionate about indie rock music and many were musicians, promoters, club goers, etc. As MySpace took hold, long before any press was covering the site, MySpace took off amongst 20/30-something urban socializers, musicians, and teenagers. The latter group may not appear obvious, but teenagers are some of the most active music consumers — they follow music culture avidly, even when they are unable to see the bands play live due to age restrictions. As the site grew, the teenagers and 20/30-somethings pretty much left each other alone, although bands bridged these groups. It was not until the site was sold to News Corp. for US$580 million in the summer of 2005 that the press began covering the phenomenon. The massive press helped it grow larger, penetrating those three demographics more deeply but also attracting new populations, namely adults who are interested in teenagers (parents, teachers, pedophiles, marketers).

When context is defined by whom one Friends, and addressing multiple audiences simultaneously complicates all relationships, people must make hard choices. Joshua Meyrowitz (1985) highlights this problem in reference to television. In the early 1960s, Stokely Carmichael regularly addressed segregated black and white audiences about the values of Black Power. Depending on his audience, he used very different rhetorical styles. As his popularity grew, he began to attract media attention and was invited to speak on TV and radio. Unfortunately, this was more of a curse than a blessing because the audiences he would reach through these mediums included both black and white communities. With no way to reconcile the two different rhetorical styles, he had to choose. In choosing to maintain his roots in front of white listeners, Carmichael permanently alienated white society from the messages of Black Power.

Notes

10. Friendster originally limited users to 150 Friends. It is no accident that they chose 150, as this is the “Dunbar number.” In his research on gossip and grooming, Robin Dunbar argues that there is a cognitive limit to the number of relations that one can maintain. People can only keep gossip with 150 people at any given time (Dunbar, 1998). By capping Friends at 150, Friendster either misunderstood Dunbar or did not realize that their users were actually connecting to friends from the past with whom they are not currently engaging.

12. Eight was the maximum number of Friends that the system initially let people have. Some users figured out how to hack the system to display more Friends; there are entire bulletin boards dedicated to teaching others how to hack this. Consistently, upping the limit was the number one request that the company received. In the spring of 2006, MySpace launched an ad campaign for X-Men. In return for Friending X-Men, users were given the option to have 12, 16, 20, or 24 Friends in their Top Friends section. Millions of users did exactly that. In late June, this feature was introduced to everyone, regardless of Friending X-Men. While eight is no longer the limit, people move between calling it Top 8 or Top Friends. I will use both terms interchangeably, even when the number of Friends might be greater than eight.

Social networking and “friendship” Read More »

Many layers of cloud computing, or just one?

From Nicholas Carr’s “Further musings on the network effect and the cloud” (Rough Type: 27 October 2008):

I think O’Reilly did a nice job of identifying the different layers of the cloud computing business – infrastructure, development platform, applications – and I think he’s right that they’ll have different economic and competitive characteristics. One thing we don’t know yet, though, is whether those layers will in the long run exist as separate industry sectors or whether they’ll collapse into a single supply model. In other words, will the infrastructure suppliers also come to dominate the supply of apps? Google and Microsoft are obviously trying to play across all three layers, while Amazon so far seems content to focus on the infrastructure business and Salesforce is expanding from the apps layer to the development platform layer. The degree to which the layers remain, or don’t remain, discrete business sectors will play a huge role in determining the ultimate shape, economics, and degree of consolidation in cloud computing.

Let me end on a speculative note: There’s one layer in the cloud that O’Reilly failed to mention, and that layer is actually on top of the application layer. It’s what I’ll call the device layer – encompassing all the various appliances people will use to tap the cloud – and it may ultimately come to be the most interesting layer. A hundred years ago, when Tesla, Westinghouse, Insull, and others were building the cloud of that time – the electric grid – companies viewed the effort in terms of the inputs to their business: in particular, the power they needed to run the machines that produced the goods they sold. But the real revolutionary aspect of the electric grid was not the way it changed business inputs – though that was indeed dramatic – but the way it changed business outputs. After the grid was built, we saw an avalanche of new products outfitted with electric cords, many of which were inconceivable before the grid’s arrival. The real fortunes were made by those companies that thought most creatively about the devices that consumers would plug into the grid. Today, we’re already seeing hints of the device layer – of the cloud as output rather than input. Look at the way, for instance, that the little old iPod has shaped the digital music cloud.

Many layers of cloud computing, or just one? Read More »

Problems with airport security

From Jeffrey Goldberg’s “The Things He Carried” (The Atlantic: November 2008):

Because the TSA’s security regimen seems to be mainly thing-based—most of its 44,500 airport officers are assigned to truffle through carry-on bags for things like guns, bombs, three-ounce tubes of anthrax, Crest toothpaste, nail clippers, Snapple, and so on—I focused my efforts on bringing bad things through security in many different airports, primarily my home airport, Washington’s Reagan National, the one situated approximately 17 feet from the Pentagon, but also in Los Angeles, New York, Miami, Chicago, and at the Wilkes-Barre/Scranton International Airport (which is where I came closest to arousing at least a modest level of suspicion, receiving a symbolic pat-down—all frisks that avoid the sensitive regions are by definition symbolic—and one question about the presence of a Leatherman Multi-Tool in my pocket; said Leatherman was confiscated and is now, I hope, living with the loving family of a TSA employee). And because I have a fair amount of experience reporting on terrorists, and because terrorist groups produce large quantities of branded knickknacks, I’ve amassed an inspiring collection of al-Qaeda T-shirts, Islamic Jihad flags, Hezbollah videotapes, and inflatable Yasir Arafat dolls (really). All these things I’ve carried with me through airports across the country. I’ve also carried, at various times: pocketknives, matches from hotels in Beirut and Peshawar, dust masks, lengths of rope, cigarette lighters, nail clippers, eight-ounce tubes of toothpaste (in my front pocket), bottles of Fiji Water (which is foreign), and, of course, box cutters. I was selected for secondary screening four times—out of dozens of passages through security checkpoints—during this extended experiment. At one screening, I was relieved of a pair of nail clippers; during another, a can of shaving cream.

During one secondary inspection, at O’Hare International Airport in Chicago, I was wearing under my shirt a spectacular, only-in-America device called a “Beerbelly,” a neoprene sling that holds a polyurethane bladder and drinking tube. The Beerbelly, designed originally to sneak alcohol—up to 80 ounces—into football games, can quite obviously be used to sneak up to 80 ounces of liquid through airport security. (The company that manufactures the Beerbelly also makes something called a “Winerack,” a bra that holds up to 25 ounces of booze and is recommended, according to the company’s Web site, for PTA meetings.) My Beerbelly, which fit comfortably over my beer belly, contained two cans’ worth of Bud Light at the time of the inspection. It went undetected. The eight-ounce bottle of water in my carry-on bag, however, was seized by the federal government.

Schnei­er and I walked to the security checkpoint. “Counter­terrorism in the airport is a show designed to make people feel better,” he said. “Only two things have made flying safer: the reinforcement of cockpit doors, and the fact that passengers know now to resist hijackers.” This assumes, of course, that al-Qaeda will target airplanes for hijacking, or target aviation at all. “We defend against what the terrorists did last week,” Schnei­er said. He believes that the country would be just as safe as it is today if airport security were rolled back to pre-9/11 levels. “Spend the rest of your money on intelligence, investigations, and emergency response.”

We took our shoes off and placed our laptops in bins. Schnei­er took from his bag a 12-ounce container labeled “saline solution.”

“It’s allowed,” he said. Medical supplies, such as saline solution for contact-lens cleaning, don’t fall under the TSA’s three-ounce rule.

“What’s allowed?” I asked. “Saline solution, or bottles labeled saline solution?”

“Bottles labeled saline solution. They won’t check what’s in it, trust me.”

They did not check. As we gathered our belongings, Schnei­er held up the bottle and said to the nearest security officer, “This is okay, right?” “Yep,” the officer said. “Just have to put it in the tray.”

“Maybe if you lit it on fire, he’d pay attention,” I said, risking arrest for making a joke at airport security. (Later, Schnei­er would carry two bottles labeled saline solution—24 ounces in total—through security. An officer asked him why he needed two bottles. “Two eyes,” he said. He was allowed to keep the bottles.)

We were in the clear. But what did we prove?

“We proved that the ID triangle is hopeless,” Schneier said.

The ID triangle: before a passenger boards a commercial flight, he interacts with his airline or the government three times—when he purchases his ticket; when he passes through airport security; and finally at the gate, when he presents his boarding pass to an airline agent. It is at the first point of contact, when the ticket is purchased, that a passenger’s name is checked against the government’s no-fly list. It is not checked again, and for this reason, Schnei­er argued, the process is merely another form of security theater.

“The goal is to make sure that this ID triangle represents one person,” he explained. “Here’s how you get around it. Let’s assume you’re a terrorist and you believe your name is on the watch list.” It’s easy for a terrorist to check whether the government has cottoned on to his existence, Schnei­er said; he simply has to submit his name online to the new, privately run CLEAR program, which is meant to fast-pass approved travelers through security. If the terrorist is rejected, then he knows he’s on the watch list.

To slip through the only check against the no-fly list, the terrorist uses a stolen credit card to buy a ticket under a fake name. “Then you print a fake boarding pass with your real name on it and go to the airport. You give your real ID, and the fake boarding pass with your real name on it, to security. They’re checking the documents against each other. They’re not checking your name against the no-fly list—that was done on the airline’s computers. Once you’re through security, you rip up the fake boarding pass, and use the real boarding pass that has the name from the stolen credit card. Then you board the plane, because they’re not checking your name against your ID at boarding.”

What if you don’t know how to steal a credit card?

“Then you’re a stupid terrorist and the government will catch you,” he said.

What if you don’t know how to download a PDF of an actual boarding pass and alter it on a home computer?

“Then you’re a stupid terrorist and the government will catch you.”

I couldn’t believe that what Schneier was saying was true—in the national debate over the no-fly list, it is seldom, if ever, mentioned that the no-fly list doesn’t work. “It’s true,” he said. “The gap blows the whole system out of the water.”

Problems with airport security Read More »

Business models for software

From Brian D’s “The benefits of a monthly recurring revenue model in tough economic times” (37 Signals: 18 December 2008):

At 37signals we sell our web-based products using the monthly subscription model. We also give people a 30-day free trial up front before we bill them for their first month.

We think this model works best all the time, but we believe it works especially well in tough times. When times get tough people obviously look to spend less, but understanding how they spend less has a lot to do with which business models work better than others.

There are lots of business models for software. Here are a few of the most popular:

* Freeware
* Freeware, ad supported
* One-off pay up front, get upgrades free
* One-off pay up front, pay for upgrades
* Subscription (recurring annual)
* Subscription (recurring monthly)

Business models for software Read More »

Bruce Schneier on wholesale, constant surveillance

From Stephen J. Dubner’s interview with Bruce Schneier in “Bruce Schneier Blazes Through Your Questions” (The New York Times: 4 December 2007):

There’s a huge difference between nosy neighbors and cameras. Cameras are everywhere. Cameras are always on. Cameras have perfect memory. It’s not the surveillance we’ve been used to; it’s wholesale surveillance. I wrote about this here, and said this: “Wholesale surveillance is a whole new world. It’s not ‘follow that car,’ it’s ‘follow every car.’ The National Security Agency can eavesdrop on every phone call, looking for patterns of communication or keywords that might indicate a conversation between terrorists. Many airports collect the license plates of every car in their parking lots, and can use that database to locate suspicious or abandoned cars. Several cities have stationary or car-mounted license-plate scanners that keep records of every car that passes, and save that data for later analysis.

“More and more, we leave a trail of electronic footprints as we go through our daily lives. We used to walk into a bookstore, browse, and buy a book with cash. Now we visit Amazon, and all of our browsing and purchases are recorded. We used to throw a quarter in a toll booth; now EZ Pass records the date and time our car passed through the booth. Data about us are collected when we make a phone call, send an e-mail message, make a purchase with our credit card, or visit a Web site.”

What’s happening is that we are all effectively under constant surveillance. No one is looking at the data most of the time, but we can all be watched in the past, present, and future. And while mining this data is mostly useless for finding terrorists (I wrote about that here), it’s very useful in controlling a population.

Bruce Schneier on wholesale, constant surveillance Read More »

Those who know how to fix know how to destroy as well

From Stephen J. Dubner’s interview with Bruce Schneier in “Bruce Schneier Blazes Through Your Questions” (The New York Times: 4 December 2007):

This is true in many aspects of our society. Here’s what I said in my book, Secrets and Lies (page 389): “As technology becomes more complicated, society’s experts become more specialized. And in almost every area, those with the expertise to build society’s infrastructure also have the expertise to destroy it. Ask any doctor how to poison someone untraceably, and he can tell you. Ask someone who works in aircraft maintenance how to drop a 747 out of the sky without getting caught, and he’ll know. Now ask any Internet security professional how to take down the Internet, permanently. I’ve heard about half a dozen different ways, and I know I haven’t exhausted the possibilities.”

Those who know how to fix know how to destroy as well Read More »

Bruce Schneier on security & crime economics

From Stephen J. Dubner’s interview with Bruce Schneier in “Bruce Schneier Blazes Through Your Questions” (The New York Times: 4 December 2007):

Basically, you’re asking if crime pays. Most of the time, it doesn’t, and the problem is the different risk characteristics. If I make a computer security mistake — in a book, for a consulting client, at BT — it’s a mistake. It might be expensive, but I learn from it and move on. As a criminal, a mistake likely means jail time — time I can’t spend earning my criminal living. For this reason, it’s hard to improve as a criminal. And this is why there are more criminal masterminds in the movies than in real life.

Crime has been part of our society since our species invented society, and it’s not going away anytime soon. The real question is, “Why is there so much crime and hacking on the Internet, and why isn’t anyone doing anything about it?”

The answer is in the economics of Internet vulnerabilities and attacks: the organizations that are in the position to mitigate the risks aren’t responsible for the risks. This is an externality, and if you want to fix the problem you need to address it. In this essay (more here), I recommend liabilities; companies need to be liable for the effects of their software flaws. A related problem is that the Internet security market is a lemon’s market (discussed here), but there are strategies for dealing with that, too.

Bruce Schneier on security & crime economics Read More »

Bruce Schneier on identity theft

From Stephen J. Dubner’s interview with Bruce Schneier in “Bruce Schneier Blazes Through Your Questions” (The New York Times: 4 December 2007):

Identity theft is a problem for two reasons. One, personal identifying information is incredibly easy to get; and two, personal identifying information is incredibly easy to use. Most of our security measures have tried to solve the first problem. Instead, we need to solve the second problem. As long as it’s easy to impersonate someone if you have his data, this sort of fraud will continue to be a major problem.

The basic answer is to stop relying on authenticating the person, and instead authenticate the transaction. Credit cards are a good example of this. Credit card companies spend almost no effort authenticating the person — hardly anyone checks your signature, and you can use your card over the phone, where they can’t even check if you’re holding the card — and spend all their effort authenticating the transaction.

Bruce Schneier on identity theft Read More »

Preserve links after a website move with mod_rewrite

My blog was at http://www.granneman.com/blog, but I then moved it, after several years of living at its old address, to http://blog.granneman.com. I wanted to preserve all my links, however, so that someone going to http://www.granneman.com/blog/2008/04/20/after-a-stroke-he-can-write-but-cant-read/ would instead end up at http://blog.granneman.com/2008/04/20/after-a-stroke-he-can-write-but-cant-read/.

To do this, I edited the .htaccess file in http://www.granneman.com/blog to read as follows (For =LT=, substitute a < , and for =GT=, substitute a >):

=LT=IfModule mod_rewrite.c=GT=
RewriteEngine On 
RewriteCond %{HTTP_HOST} ^granneman.com$ 
RewriteRule ^(.*)$ http://blog.granneman.com/$1 [R=301,L] 
RewriteCond %{HTTP_HOST} ^www.granneman.com$ 
RewriteRule ^(.*)$ http://blog.granneman.com/$1 [R=301,L]
=LT=/IfModule=GT=

Works perfectly.

Preserve links after a website move with mod_rewrite Read More »

How it feels to drown, get decapitated, get electrocuted, and more

From Anna Gosline’s “Death special: How does it feel to die?” (New Scientist: 13 October 2007):

Death comes in many guises, but one way or another it is usually a lack of oxygen to the brain that delivers the coup de grâce. Whether as a result of a heart attack, drowning or suffocation, for example, people ultimately die because their neurons are deprived of oxygen, leading to cessation of electrical activity in the brain – the modern definition of biological death.

If the flow of freshly oxygenated blood to the brain is stopped, through whatever mechanism, people tend to have about 10 seconds before losing consciousness. They may take many more minutes to die, though, with the exact mode of death affecting the subtleties of the final experience.

Drowning

Typically, when a victim realises that they cannot keep their head above water they tend to panic, leading to the classic “surface struggle”. They gasp for air at the surface and hold their breath as they bob beneath, says Tipton. Struggling to breathe, they can’t call for help. Their bodies are upright, arms weakly grasping, as if trying to climb a non-existent ladder from the sea. Studies with New York lifeguards in the 1950s and 1960s found that this stage lasts just 20 to 60 seconds.

When victims eventually submerge, they hold their breath for as long as possible, typically 30 to 90 seconds. After that, they inhale some water, splutter, cough and inhale more. Water in the lungs blocks gas exchange in delicate tissues, while inhaling water also triggers the airway to seal shut – a reflex called a laryngospasm. “There is a feeling of tearing and a burning sensation in the chest as water goes down into the airway. Then that sort of slips into a feeling of calmness and tranquility,” says Tipton, describing reports from survivors.

That calmness represents the beginnings of the loss of consciousness from oxygen deprivation, which eventually results in the heart stopping and brain death.

Heart attack

The most common symptom is, of course, chest pain: a tightness, pressure or squeezing, often described as an “elephant on my chest”, which may be lasting or come and go. This is the heart muscle struggling and dying from oxygen deprivation. Pain can radiate to the jaw, throat, back, belly and arms. Other signs and symptoms include shortness of breath, nausea and cold sweats.

Most victims delay before seeking assistance, waiting an average of 2 to 6 hours. Women are the worst, probably because they are more likely to experience less well-known symptoms, such as breathlessness, back or jaw pain, or nausea, says JoAnn Manson, an epidemiologist at Harvard Medical School.

Even small heart attacks can play havoc with the electrical impulses that control heart muscle contraction, effectively stopping it. In about 10 seconds the person loses consciousness, and minutes later they are dead.

Bleeding to death

People can bleed to death in seconds if the aorta, the major blood vessel leading from the heart, is completely severed, for example, after a severe fall or car accident.

Death could creep up much more slowly if a smaller vein or artery is nicked – even taking hours. Such victims would experience several stages of haemorrhagic shock. The average adult has 5 litres of blood. Losses of around 750 millilitres generally cause few symptoms. Anyone losing 1.5 litres – either through an external wound or internal bleeding – feels weak, thirsty and anxious, and would be breathing fast. By 2 litres, people experience dizziness, confusion and then eventual unconsciousness.

Fire

Long the fate of witches and heretics, burning to death is torture. Hot smoke and flames singe eyebrows and hair and burn the throat and airways, making it hard to breathe. Burns inflict immediate and intense pain through stimulation of the nociceptors – the pain nerves in the skin. To make matters worse, burns also trigger a rapid inflammatory response, which boosts sensitivity to pain in the injured tissues and surrounding areas.

Most people who die in fires do not in fact die from burns. The most common cause of death is inhaling toxic gases – carbon monoxide, carbon dioxide and even hydrogen cyanide – together with the suffocating lack of oxygen. One study of fire deaths in Norway from 1996 found that almost 75 per cent of the 286 people autopsied had died from carbon monoxide poisoning.

Depending on the size of the fire and how close you are to it, concentrations of carbon monoxide could start to cause headache and drowsiness in minutes, eventually leading to unconsciousness. According to the US National Fire Protection Association, 40 per cent of the victims of fatal home fires are knocked out by fumes before they can even wake up.

Decaptitation

Beheading, if somewhat gruesome, can be one of the quickest and least painful ways to die – so long as the executioner is skilled, his blade sharp, and the condemned sits still.

Quick it may be, but consciousness is nevertheless believed to continue after the spinal chord is severed. A study in rats in 1991 found that it takes 2.7 seconds for the brain to consume the oxygen from the blood in the head; the equivalent figure for humans has been calculated at 7 seconds.

It took the axeman three attempts to sever the head of Mary Queen of Scots in 1587. He had to finish the job with a knife.

Decades earlier in 1541, Margaret Pole, the Countess of Salisbury, was executed at the Tower of London. She was dragged to the block, but refused to lay her head down. The inexperienced axe man made a gash in her shoulder rather than her neck. According to some reports, she leapt from the block and was chased by the executioner, who struck 11 times before she died.

Electrocution

In accidental electrocutions, usually involving low, household current, the most common cause of death is arrhythmia, stopping the heart dead. Unconsciousness ensues after the standard 10 seconds, says Richard Trohman, a cardiologist at Rush University in Chicago. One study of electrocution deaths in Montreal, Canada found that 92 per cent had probably died from arrhythmia.

Higher currents can produce nearly immediate unconsciousness.

Fall from a height

A high fall is certainly among the speediest ways to die: terminal velocity (no pun intended) is about 200 kilometres per hour, achieved from a height of about 145 metres or more. A study of deadly falls in Hamburg, Germany, found that 75 per cent of victims died in the first few seconds or minutes after landing.

The exact cause of death varies, depending on the landing surface and the person’s posture. People are especially unlikely to arrive at the hospital alive if they land on their head – more common for shorter (under 10 metres) and higher (over 25 metres) falls. A 1981 analysis of 100 suicidal jumps from the Golden Gate Bridge in San Francisco – height: 75 metres, velocity on impact with the water: 120 kilometres per hour – found numerous causes of instantaneous death including massive lung bruising, collapsed lungs, exploded hearts or damage to major blood vessels and lungs through broken ribs.

Survivors of great falls often report the sensation of time slowing down. The natural reaction is to struggle to maintain a feet-first landing, resulting in fractures to the leg bones, lower spinal column and life-threatening broken pelvises. The impact travelling up through the body can also burst the aorta and heart chambers. Yet this is probably still the safest way to land, despite the force being concentrated in a small area: the feet and legs form a “crumple zone” which provides some protection to the major internal organs.

Some experienced climbers or skydivers who have survived a fall report feeling focused, alert and driven to ensure they landed in the best way possible: relaxed, legs bent and, where possible, ready to roll.

Hanging

Suicides and old-fashioned “short drop” executions cause death by strangulation; the rope puts pressure on the windpipe and the arteries to the brain. This can cause unconsciousness in 10 seconds, but it takes longer if the noose is incorrectly sited. Witnesses of public hangings often reported victims “dancing” in pain at the end of the rope, struggling violently as they asphyxiated. Death only ensues after many minutes, as shown by the numerous people being resuscitated after being cut down – even after 15 minutes.

When public executions were outlawed in Britain in 1868, hangmen looked for a less performance-oriented approach. They eventually adopted the “long-drop” method, using a lengthier rope so the victim reached a speed that broke their necks. It had to be tailored to the victim’s weight, however, as too great a force could rip the head clean off, a professionally embarrassing outcome for the hangman.

Despite the public boasting of several prominent executioners in late 19th-century Britain, a 1992 analysis of the remains of 34 prisoners found that in only about half of cases was the cause of death wholly or partly due to spinal trauma. Just one-fifth showed the classic “hangman’s fracture” between the second and third cervical vertebrae. The others died in part from asphyxiation.

Lethal injection

Read full article
Continue reading page |1 |2 |3 |4

Michael Spence, an anthropologist at the University of Western Ontario in London, Canada, has found similar results in US victims. He concluded, however, that even if asphyxiation played a role, the trauma of the drop would have rapidly rendered all of them unconscious. “What the hangmen were looking for was quick cessation of activity,” he says. “And they knew enough about their craft to ensure that happened. The thing they feared most was decapitation.”
Lethal injection

US-government approved, but is it really painless?

Lethal injection was designed in Oklahoma in 1977 as a humane alternative to the electric chair. The state medical examiner and chair of anaesthesiology settled on a series of three drug injections. First comes the anaesthetic thiopental to speed away any feelings of pain, followed by a paralytic agent called pancuronium to stop breathing. Finally potassium chloride is injected, which stops the heart almost instantly.

Each drug is supposed to be administered in a lethal dose, a redundancy to ensure speedy and humane death. However, eyewitnesses have reported inmates convulsing, heaving and attempting to sit up during the procedure, suggesting the cocktail is not always completely effective.

Explosive decompression

In real life there has been just one fatal space depressurisation accident. This occurred on the Russian Soyuz-11 mission in 1971, when a seal leaked upon re-entry into the Earth’s atmosphere; upon landing all three flight crew were found dead from asphyxiation.

Most of our knowledge of depressurisation comes from animal experiments and the experiences of pilots in accidents at very high altitudes. When the external air pressure suddenly drops, the air in the lungs expands, tearing the fragile gas exchange tissues. This is especially damaging if the victim neglects to exhale prior to decompression or tries to hold their breath. Oxygen begins to escape from the blood and lungs.

Experiments on dogs in the 1950s showed that 30 to 40 seconds after the pressure drops, their bodies began to swell as the water in tissues vaporised, though the tight seal of their skin prevented them from “bursting”. The heart rate rises initially, then plummets. Bubbles of water vapour form in the blood and travel through the circulatory system, obstructing blood flow. After about a minute, blood effectively stops circulating.

Human survivors of rapid decompression accidents include pilots whose planes lost pressure, or in one case a NASA technician who accidentally depressurised his flight suit inside a vacuum chamber. They often report an initial pain, like being hit in the chest, and may remember feeling air escape from their lungs and the inability to inhale. Time to the loss of consciousness was generally less than 15 seconds.

How it feels to drown, get decapitated, get electrocuted, and more Read More »

How the Storm botnet defeats anti-virus programs

From Lisa Vaas’ “Storm Worm Botnet Lobotomizing Anti-Virus Programs” (eWeek: 24 October 2007):

According to an Oct. 22 posting by Sophos analyst Richard Cohen, the Storm botnet – Sophos calls it Dorf, and its also known as Ecard malware – is dropping files that call a routine that gets Windows to tell it every time a new process is started. The malware checks the process file name against an internal list and kills the ones that match – sometimes. But Storm has taken a new twist: It now would rather leave processes running and just patch entry points of loading processes that might pose a threat to it. Then, when processes such as anti-virus programs run, they simply return a value of 0.

The strategy means that users wont be alarmed by their anti-virus software not running. Even more ominously, the technique is designed to fool NAC (network access control) systems, which bar insecure clients from registering on a network by checking to see whether a client is running anti-virus software and whether its patched.

Its the latest evidence of why Storm is “the scariest and most substantial threat” security researchers have ever seen, he said. Storm is patient, its resilient, its adaptive in that it can defeat anti-virus products in multiple ways (programmatically, it changes its signature every 30 minutes), its invisible because it comes with a rootkit built in and hides at the kernel level, and its clever enough to change every few weeks.

Hence the hush-hush nature of research around Storm. Corman said he can tell us that its now accurately pegged at 6 million, but he cant tell us who came up with the figure, or how. Besides retribution, Storms ability to morph means that those who know how to watch it are jealously guarding their techniques. “None of the researchers wanted me to say anything about it,” Corman said. “They’re afraid of retaliation. They fear that if we disclose their unique means of finding information on Storm,” the botnet herder will change tactics yet again and the window into Storm will slam shut.

How the Storm botnet defeats anti-virus programs Read More »