All about freezing to death

Ice mask, C.T. Madigan / photograph by Frank Hurley
Creative Commons License photo credit: State Library of New South Wales collection

From Peter Stark’s “As Freezing Persons Recollect the Snow–First Chill–Then Stupor–Then the Letting Go” (Outside: January 1997):

There is no precise core temperature at which the human body perishes from cold. At Dachau’s cold-water immersion baths, Nazi doctors calculated death to arrive at around 77 degrees Fahrenheit. The lowest recorded core temperature in a surviving adult is 60.8 degrees. For a child it’s lower: In 1994, a two-year-old girl in Saskatchewan wandered out of her house into a minus-40 night. She was found near her doorstep the next morning, limbs frozen solid, her core temperature 57 degrees. She lived.

The cold remains a mystery, more prone to fell men than women, more lethal to the thin and well muscled than to those with avoirdupois, and least forgiving to the arrogant and the unaware.

Were you a Norwegian fisherman or Inuit hunter, both of whom frequently work gloveless in the cold, your chilled hands would open their surface capillaries periodically to allow surges of warm blood to pass into them and maintain their flexibility. This phenomenon, known as the hunter’s response, can elevate a 35-degree skin temperature to 50 degrees within seven or eight minutes.

Other human adaptations to the cold are more mysterious. Tibetan Buddhist monks can raise the skin temperature of their hands and feet by 15 degrees through meditation. Australian aborigines, who once slept on the ground, unclothed, on near-freezing nights, would slip into a light hypothermic state, suppressing shivering until the rising sun rewarmed them.

The exertion that warmed you on the way uphill now works against you: Your exercise-dilated capillaries carry the excess heat of your core to your skin, and your wet clothing dispels it rapidly into the night. The lack of insulating fat over your muscles allows the cold to creep that much closer to your warm blood.

Your temperature begins to plummet. Within 17 minutes it reaches the normal 98.6. Then it slips below.

At 97 degrees, hunched over in your slow search, the muscles along your neck and shoulders tighten in what’s known as pre-shivering muscle tone. Sensors have signaled the temperature control center in your hypothalamus, which in turn has ordered the constriction of the entire web of surface capillaries. Your hands and feet begin to ache with cold.

At 95, you’ve entered the zone of mild hypothermia. You’re now trembling violently as your body attains its maximum shivering response, an involuntary condition in which your muscles contract rapidly to generate additional body heat.

And after this long stop, the skiing itself has become more difficult. By the time you push off downhill, your muscles have cooled and tightened so dramatically that they no longer contract easily, and once contracted, they won’t relax. You’re locked into an ungainly, spread-armed, weak-kneed snowplow.

As you sink back into the snow, shaken, your heat begins to drain away at an alarming rate, your head alone accounting for 50 percent of the loss. The pain of the cold soon pierces your ears so sharply that you root about in the snow until you find your hat and mash it back onto your head.

But even that little activity has been exhausting. You know you should find your glove as well, and yet you’re becoming too weary to feel any urgency. You decide to have a short rest before going on.

An hour passes. at one point, a stray thought says you should start being scared, but fear is a concept that floats somewhere beyond your immediate reach, like that numb hand lying naked in the snow. You’ve slid into the temperature range at which cold renders the enzymes in your brain less efficient. With every one-degree drop in body temperature below 95, your cerebral metabolic rate falls off by 3 to 5 percent. When your core temperature reaches 93, amnesia nibbles at your consciousness.

In the minus-35-degree air, your core temperature falls about one degree every 30 to 40 minutes, your body heat leaching out into the soft, enveloping snow. Apathy at 91 degrees. Stupor at 90.

You’ve now crossed the boundary into profound hypothermia. By the time your core temperature has fallen to 88 degrees, your body has abandoned the urge to warm itself by shivering. Your blood is thickening like crankcase oil in a cold engine. Your oxygen consumption, a measure of your metabolic rate, has fallen by more than a quarter. Your kidneys, however, work overtime to process the fluid overload that occurred when the blood vessels in your extremities constricted and squeezed fluids toward your center. You feel a powerful urge to urinate, the only thing you feel at all.

By 87 degrees you’ve lost the ability to recognize a familiar face, should one suddenly appear from the woods.

At 86 degrees, your heart, its electrical impulses hampered by chilled nerve tissues, becomes arrhythmic. It now pumps less than two-thirds the normal amount of blood. The lack of oxygen and the slowing metabolism of your brain, meanwhile, begin to trigger visual and auditory hallucinations.

At 85 degrees, those freezing to death, in a strange, anguished paroxysm, often rip off their clothes. This phenomenon, known as paradoxical undressing, is common enough that urban hypothermia victims are sometimes initially diagnosed as victims of sexual assault. Though researchers are uncertain of the cause, the most logical explanation is that shortly before loss of consciousness, the constricted blood vessels near the body’s surface suddenly dilate and produce a sensation of extreme heat against the skin.

There’s an adage about hypothermia: “You aren’t dead until you’re warm and dead.”

At about 6:00 the next morning, his friends, having discovered the stalled Jeep, find him, still huddled inches from the buried log, his gloveless hand shoved into his armpit. The flesh of his limbs is waxy and stiff as old putty, his pulse nonexistent, his pupils unresponsive to light. Dead.

But those who understand cold know that even as it deadens, it offers perverse salvation. Heat is a presence: the rapid vibrating of molecules. Cold is an absence: the damping of the vibrations. At absolute zero, minus 459.67 degrees Fahrenheit, molecular motion ceases altogether. It is this slowing that converts gases to liquids, liquids to solids, and renders solids harder. It slows bacterial growth and chemical reactions. In the human body, cold shuts down metabolism. The lungs take in less oxygen, the heart pumps less blood. Under normal temperatures, this would produce brain damage. But the chilled brain, having slowed its own metabolism, needs far less oxygen-rich blood and can, under the right circumstances, survive intact.

Setting her ear to his chest, one of his rescuers listens intently. Seconds pass. Then, faintly, she hears a tiny sound–a single thump, so slight that it might be the sound of her own blood. She presses her ear harder to the cold flesh. Another faint thump, then another.

The slowing that accompanies freezing is, in its way, so beneficial that it is even induced at times. Cardiologists today often use deep chilling to slow a patient’s metabolism in preparation for heart or brain surgery. In this state of near suspension, the patient’s blood flows slowly, his heart rarely beats–or in the case of those on heart-lung machines, doesn’t beat at all; death seems near. But carefully monitored, a patient can remain in this cold stasis, undamaged, for hours.

In fact, many hypothermia victims die each year in the process of being rescued. In “rewarming shock,” the constricted capillaries reopen almost all at once, causing a sudden drop in blood pressure. The slightest movement can send a victim’s heart muscle into wild spasms of ventricular fibrillation. In 1980, 16 shipwrecked Danish fishermen were hauled to safety after an hour and a half in the frigid North Sea. They then walked across the deck of the rescue ship, stepped below for a hot drink, and dropped dead, all 16 of them.

The doctor rapidly issues orders to his staff: intravenous administration of warm saline, the bag first heated in the microwave to 110 degrees. Elevating the core temperature of an average-size male one degree requires adding about 60 kilocalories of heat. A kilocalorie is the amount of heat needed to raise the temperature of one liter of water one degree Celsius. Since a quart of hot soup at 140 degrees offers about 30 kilocalories, the patient curled on the table would need to consume 40 quarts of chicken broth to push his core temperature up to normal. Even the warm saline, infused directly into his blood, will add only 30 kilocalories.

Ideally, the doctor would have access to a cardiopulmonary bypass machine, with which he could pump out the victim’s blood, rewarm and oxygenate it, and pump it back in again, safely raising the core temperature as much as one degree every three minutes. But such machines are rarely available outside major urban hospitals.

You’d nod if you could. But you can’t move. All you can feel is throbbing discomfort everywhere. Glancing down to where the pain is most biting, you notice blisters filled with clear fluid dotting your fingers, once gloveless in the snow. During the long, cold hours the tissue froze and ice crystals formed in the tiny spaces between your cells, sucking water from them, blocking the blood supply. You stare at them absently.

“I think they’ll be fine,” a voice from overhead says. “The damage looks superficial. We expect that the blisters will break in a week or so, and the tissue should revive after that.”

If not, you know that your fingers will eventually turn black, the color of bloodless, dead tissue. And then they will be amputated.

You’ve seen that in the infinite reaches of the universe, heat is as glorious and ephemeral as the light of the stars. Heat exists only where matter exists, where particles can vibrate and jump. In the infinite winter of space, heat is tiny; it is the cold that is huge.

All about freezing to death Read More »

Stolen credit card data is cheaper than ever in the Underground

From Brian Krebs’ “Glut of Stolen Banking Data Trims Profits for Thieves” (The Washington Post: 15 April 2009):

A massive glut in the number of credit and debit cards stolen in data breaches at financial institutions last year has flooded criminal underground markets that trade in this material, driving prices for the illicit goods to the lowest levels seen in years, experts have found.

For a glimpse of just how many financial records were lost to hackers last year, consider the stats released this week by Verizon Business. The company said it responded to at least 90 confirmed data breaches last year involving roughly 285 million consumer records, a number that exceeded the combined total number of breached records from cases the company investigated from 2004 to 2007. Breaches at banks and financial institutions were responsible for 93 percent of all such records compromised last year, Verizon found.

As a result, the stolen identities and credit and debit cards for sale in the underground markets is outpacing demand for the product, said Bryan Sartin, director of investigative response at Verizon Business.

Verizon found that profit margins associated with selling stolen credit card data have dropped from $10 to $16 per record in mid-2007 to less than $0.50 per record today.

According to a study released last week by Symantec Corp., the price for each card can be sold for as low as 6 cents when they are purchased in bulk.

Lawrence Baldwin, a security consultant in Alpharetta, Ga., has been working with several financial institutions to help infiltrate illegal card-checking services. Baldwin estimates that at least 25,000 credit and debit cards are checked each day at three separate illegal card-checking Web sites he is monitoring. That translates to about 800,000 cards per month or nearly 10 million cards each year.

Baldwin said the checker sites take advantage of authentication weaknesses in the card processing system that allow merchants to conduct so-called “pre-authorization requests,” which merchants use to place a temporary charge on the account to make sure that the cardholder has sufficient funds to pay for the promised goods or services.

Pre-authorization requests are quite common. When a waiter at a restaurant swipes a customer’s card and brings the receipt to the table so the customer can add a tip, for example, that initial charge is essentially a pre-authorization.

With these card-checking services, however, in most cases the charge initiated by the pre-authorization check is never consummated. As a result, unless a consumer is monitoring their accounts online in real-time, they may never notice a pre-authorization initiated by a card-checking site against their card number, because that query won’t show up as a charge on the customer’s monthly statement.

The crooks have designed their card-checking sites so that each check is submitted into the card processing network using a legitimate, hijacked merchant account number combined with a completely unrelated merchant name, Baldwin discovered.

One of the many innocent companies caught up in one of these card-checking services is Wild Birds Unlimited, a franchise pet store outside of Buffalo, N.Y. Baldwin said a fraudulent card-checking service is running pre-authorization requests using Wild Bird’s store name and phone number in combination with another merchant’s ID number.

Danielle Pecoraro, the store’s manager, said the bogus charges started in January 2008. Since then, she said, her store has received an average of three to four phone calls each day from people who had never shopped there, wondering why small, $1-$10 charges from her store were showing up on their monthly statements. Some of the charges were for as little as 24 cents, and a few were for as much as $1,900.

Stolen credit card data is cheaper than ever in the Underground Read More »

80% of all spam from botnets

From Jacqui Cheng’s “Report: botnets sent over 80% of all June spam” (Ars Technica: 29 June 2009):

A new report (PDF) from Symantec’s MessageLabs says that more than 80 percent of all spam sent today comes from botnets, despite several recent shut-downs.

According to MessageLabs’ June report, spam accounted for 90.4 percent of all e-mail sent in the month of June—this was roughly unchanged since May. Botnets, however, sent about 83.2 percent of that spam, with the largest spam-wielding botnet being Cutwail. Cutwail is described as “one of the largest and most active botnets” and has doubled its size and output per bot since March of this year. As a result, it is now responsible for 45 percent of all spam, with others like Mega-D, Xarvester, Donbot, Grum, and Rustock making up much of the difference

80% of all spam from botnets Read More »

The light bulb con job

From Bruce Schneier’s “The Psychology of Con Men” (Crypto-Gram: 15 November 2008):

Great story: “My all-time favourite [short con] only makes the con artist a few dollars every time he does it, but I absolutely love it. These guys used to go door-to-door in the 1970s selling lightbulbs and they would offer to replace every single lightbulb in your house, so all your old lightbulbs would be replaced with a brand new lightbulb, and it would cost you, say $5, so a fraction of the cost of what new lightbulbs would cost. So the man comes in, he replaces each lightbulb, every single one in the house, and does it, you can check, and they all work, and then he takes all the lightbulbs that he’s just taken from the person’s house, goes next door and then sells them the same lightbulbs again. So it’s really just moving lightbulbs from one house to another and charging people a fee to do it.”

http://www.abc.net.au/rn/lawreport/stories/2008/2376933.htm

The light bulb con job Read More »

Storm made $7000 each day from spam

From Bruce Schneier’s “The Economics of Spam” (Crypto-Gram: 15 November 2008):

Researchers infiltrated the Storm worm and monitored its doings.

“After 26 days, and almost 350 million e-mail messages, only 28 sales resulted — a conversion rate of well under 0.00001%. Of these, all but one were for male-enhancement products and the average purchase price was close to $100. Taken together, these conversions would have resulted in revenues of $2,731.88 — a bit over $100 a day for the measurement period or $140 per day for periods when the campaign was active. However, our study interposed on only a small fraction of the overall Storm network — we estimate roughly 1.5 percent based on the fraction of worker bots we proxy. Thus, the total daily revenue attributable to Storm’s pharmacy campaign is likely closer to $7000 (or $9500 during periods of campaign activity). By the same logic, we estimate that Storm self-propagation campaigns can produce between 3500 and 8500 new bots per day.

“Under the assumption that our measurements are representative over time (an admittedly dangerous assumption when dealing with such small samples), we can extrapolate that, were it sent continuously at the same rate, Storm-generated pharmaceutical spam would produce roughly 3.5 million dollars of revenue in a year. This number could be even higher if spam-advertised pharmacies experience repeat business. A bit less than “millions of dollars every day,” but certainly a healthy enterprise.”

Storm made $7000 each day from spam Read More »

Quanta Crypto: cool but useless

From Bruce Schneier’s “Quantum Cryptography” (Crypto-Gram: 15 November 2008):

Quantum cryptography is back in the news, and the basic idea is still unbelievably cool, in theory, and nearly useless in real life.

The idea behind quantum crypto is that two people communicating using a quantum channel can be absolutely sure no one is eavesdropping. Heisenberg’s uncertainty principle requires anyone measuring a quantum system to disturb it, and that disturbance alerts legitimate users as to the eavesdropper’s presence. No disturbance, no eavesdropper — period.

While I like the science of quantum cryptography — my undergraduate degree was in physics — I don’t see any commercial value in it. I don’t believe it solves any security problem that needs solving. I don’t believe that it’s worth paying for, and I can’t imagine anyone but a few technophiles buying and deploying it. Systems that use it don’t magically become unbreakable, because the quantum part doesn’t address the weak points of the system.

Security is a chain; it’s as strong as the weakest link. Mathematical cryptography, as bad as it sometimes is, is the strongest link in most security chains. Our symmetric and public-key algorithms are pretty good, even though they’re not based on much rigorous mathematical theory. The real problems are elsewhere: computer security, network security, user interface and so on.

Cryptography is the one area of security that we can get right. We already have good encryption algorithms, good authentication algorithms and good key-agreement protocols.

Quanta Crypto: cool but useless Read More »

Famous “Laws” of Business & Technology

These come from a variety of sources; just Google the law to find out more about it.

Parkinson’s Law

“Work expands so as to fill the time available for its completion.”

Source: Cyril Northcote Parkinson in The Economist (1955)

The Peter Principle

“In a hierarchy every employee tends to rise to his level of incompetence.”

Source: Dr. Laurence J. Peter and Raymond Hull in The Peter Principle (1968)

The Dilbert Principle

“Leadership is nature’s way of removing morons from the productive flow.”

Source: Scott Adams’ Dilbert (February 5, 1995)

Hofstadter’s Law

“It always takes longer than you expect, even when you take into account Hofstadter’s Law.”

Source: Douglas Hofstadter’s Gödel, Escher, Bach: An Eternal Golden Braid (1979)

Amara’s Law

“We tend to overestimate the effect of a technology in the short run and underestimate the effect in the long run.”

Source: Roy Amara.

Brooks’ Law

Adding manpower to a late software project makes it later.

Source: Fred Brooks’ The Mythical Man-Month (1975)

Clarke’s 3 Laws

  1. First law: When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is very probably wrong.
  2. Second law: The only way of discovering the limits of the possible is to venture a little way past them into the impossible.
  3. Third law: Any sufficiently advanced technology is indistinguishable from magic.

Source: Arthur C. Clarke’s “Hazards of Prophecy: The Failure of Imagination” in Profiles of the Future (1962)

Conway’s Law

“Any piece of software reflects the organizational structure that produced it.”

Source: Melvin Conway (1968)

Gall’s Law

“A complex system that works is invariably found to have evolved from a simple system that worked. The inverse proposition also appears to be true: A complex system designed from scratch never works and cannot be made to work.”

Source: John Gall’s Systemantics: How Systems Really Work and How They Fail (1978)

Godwin’s Law

“As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one.”

Source: Mike Godwin (1990)

Hanlon’s Razor

“Never attribute to malice that which can be adequately explained by stupidity.”

Herblock’s Law

“If it’s good, they’ll stop making it.”

Source: Herbert Lawrence Block

Kranzberg’s 6 Laws of Technology

  1. Technology is neither good nor bad; nor is it neutral.
  2. Invention is the mother of necessity.
  3. Technology comes in packages, big and small.
  4. Although technology might be a prime element in many public issues, nontechnical factors take precedence in technology-policy decisions.
  5. All history is relevant, but the history of technology is the most relevant.
  6. Technology is a very human activity – and so is the history of technology.

Source: Melvin Kranzberg’s “Kranzberg’s Laws” Technology and Culture, Vol. 27, No. 3 (1986): 544-560

Linus’s Law

“Given enough eyeballs, all bugs are shallow.”

Source: Linus Torvalds

Schneier’s Law

“Any person can invent a security system so clever that she or he can’t think of how to break it.”

Source: Cory Doctorow’s “Microsoft Research DRM talk” (17 June 2004)

Sturgeon’s Revelation

“90 percent of everything is crap.”

Source: Theodore Sturgeon (1951)

Wirth’s Law

“Software is getting slower more rapidly than hardware becomes faster.”

Source: Niklaus Wirth (1995)

Zawinski’s Law

“Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can.”

Source: Jamie Zawinski

Granneman’s Law of Operating System Usage

“To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it. ”

Source: Scott Granneman’s “Linux vs. Windows Viruses” in SecurityFocus (10 February 2003)

Famous “Laws” of Business & Technology Read More »

What it takes to get people to comply with security policies

From Bruce Schneier’s “Second SHB Workshop Liveblogging (5)” (Schneier on Security: 11 June 2009):

Angela Sasse, University College London …, has been working on usable security for over a dozen years. As part of a project called “Trust Economics,” she looked at whether people comply with security policies and why they either do or do not. She found that there is a limit to the amount of effort people will make to comply — this is less actual cost and more perceived cost. Strict and simple policies will be complied with more than permissive but complex policies. Compliance detection, and reward or punishment, also affect compliance. People justify noncompliance by “frequently made excuses.”

What it takes to get people to comply with security policies Read More »

Small charges on your credit card – why?

Too Much Credit
Creative Commons License photo credit: Andres Rueda

From Brian Kreb’s “An Odyssey of Fraud” (The Washington Post: 17 June 2009):

Andy Kordopatis is the proprietor of Odyssey Bar, a modest watering hole in Pocatello, Idaho, a few blocks away from Idaho State University. Most of his customers pay for their drinks with cash, but about three times a day he receives a phone call from someone he’s never served — in most cases someone who’s never even been to Idaho — asking why their credit or debit card has been charged a small amount by his establishment.

Kordopatis says he can usually tell what’s coming next when the caller immediately asks to speak with the manager or owner.

“That’s when I start telling them that I know why they’re calling, and about the Russian hackers who are using my business,” Kordopatis said.

The Odyssey Bar is but one of dozens of small establishments throughout the United States seemingly picked at random by organized cyber criminals to serve as unwitting pawns in a high-stakes game of chess against the U.S. financial system. This daily pattern of phone calls and complaints has been going on for more than a year now. Kordopatis said he has talked to the company that processes his bar’s credit card payments about fixing the problem, but says they can’t do anything because he hasn’t actually lost any money from the scam.

The Odyssey Bar’s merchant account is being abused by online services that cyber thieves built to help other crooks check the balances and limits on stolen credit and debit card account numbers.

Small charges on your credit card – why? Read More »

Outline for an Unpublished Linux Textbook

Back in 2004 or so, I was asked to write an outline for a college textbook that would be used in courses on Linux. I happily complied, producing the outline you can see on my website. The editor on the project loved the outline & showed it several professors to get their reactions, which were uniformly positive, with one prof reporting back that (& I’m paraphrasing here) “It was like this author read my mind, as this is exactly the book I’d like to use in my course!” Sadly, the book was never written, because the editor’s boss didn’t like the fact that I didn’t have a PhD in Computer Science. I thought that to be a silly reason then, & I think it’s a silly reason to reject the book now.

However, their loss is your gain. Here’s the outline for the book. Yes, it’s sadly outdated. Yes, it focuses quite a bit on SUSE, but that was what the publisher wanted. Yes, Linux has come a LONG way since I wrote this outline. But I still think it’s a damn good job, and you may find it interesting for historical reasons. So, enjoy!

Outline for an Unpublished Linux Textbook Read More »

Mine fires that burn for 400 years

Centralia - Where there's smoke..
Creative Commons License photo credit: C. Young Photography

From Joshua Foer’s “Giant Burning Holes of the World” (Boing Boing: 16 June 2009):

… these sorts of mine fires can stay lit for a very long time. One burned in the city of Zwickau, Germany from 1476 to 1860. Another coal fire in Germany, at a place called Brennender Berg (Burning Mountain), has been smoking continually since 1688!

Mine fires that burn for 400 years Read More »

7 tools of propaganda

From Roger Ebert’s “The O’Reilly Procedure” (Roger Ebert’s Journal: 14 June 2009):

The seven propaganda devices include:

  • Name calling — giving something a bad label to make the audience reject it without examining the evidence;
  • Glittering generalities — the opposite of name calling;
  • Card stacking — the selective use of facts and half-truths;
  • Bandwagon — appeals to the desire, common to most of us, to follow the crowd;
  • Plain folks — an attempt to convince an audience that they, and their ideas, are “of the people”;
  • Transfer — carries over the authority, sanction and prestige of something we respect or dispute to something the speaker would want us to accept; and
  • Testimonials — involving a respected (or disrespected) person endorsing or rejecting an idea or person.

7 tools of propaganda Read More »

How to deal with the fact that users can’t learn much about security

From Bruce Schneier’s “Second SHB Workshop Liveblogging (4)” (Schneier on Security: 11 June 2009):

Diana Smetters, Palo Alto Research Center …, started with these premises: you can teach users, but you can’t teach them very much, so you’d better carefully design systems so that you 1) minimize what they have to learn, 2) make it easier for them to learn it, and 3) maximize the benefit from what they learn. Too often, security is at odds with getting the job done. “As long as configuration errors (false alarms) are common, any technology that requires users to observe security indicators and react to them will fail as attacks can simply masquerade as errors, and users will rationally ignore them.” She recommends meeting the user halfway by building new security models that actually fit the users’ needs.

How to deal with the fact that users can’t learn much about security Read More »

Could Green Dam lead to the largest botnet in history?

Green_Damn_site_blocked.jpg

From Rob Cottingham’s “From blocking to botnet: Censorship isn’t the only problem with China’s new Internet blocking software” (Social Signal: 10 June 2009):

Any blocking software needs to update itself from time to time: at the very least to freshen its database of forbidden content, and more than likely to fix bugs, add features and improve performance. (Most anti-virus software does this.)

If all the software does is to refresh the list of banned sites, that limits the potential for abuse. But if the software is loading new executable code onto the computer, suddenly there’s the potential for something a lot bigger.

Say you’re a high-ranking official in the Chinese military. And let’s say you have some responsibility for the state’s capacity to wage so-called cyber warfare: digital assaults on an enemy’s technological infrastructure.

It strikes you: there’s a single backdoor into more that 40 million Chinese computers, capable of installing… well, nearly anything you want.

What if you used that backdoor, not just to update blocking software, but to create something else?

Say, the biggest botnet in history?

Still, a botnet 40 million strong (plus the installed base already in place in Chinese schools and other institutions) at the beck and call of the military is potentially a formidable weapon. Even if the Chinese government has no intention today of using Green Dam for anything other than blocking pornography, the temptation to repurpose it for military purposes may prove to be overwhelming.

Could Green Dam lead to the largest botnet in history? Read More »

Green Dam is easily exploitable

Green_Damn_site_blocked.jpg

From Scott Wolchok, Randy Yao, and J. Alex Halderman’s “Analysis of the Green Dam Censorware System” (The University of Michigan: 11 June 2009):

We have discovered remotely-exploitable vulnerabilities in Green Dam, the censorship software reportedly mandated by the Chinese government. Any web site a Green Dam user visits can take control of the PC.

According to press reports, China will soon require all PCs sold in the country to include Green Dam. This software monitors web sites visited and other activity on the computer and blocks adult content as well as politically sensitive material.

We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.

We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities. Correcting these problems will require extensive changes to the software and careful retesting. In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.

Green Dam is easily exploitable Read More »

The limitations of Windows 7 on netbooks

From Farhad Manjoo’s “I, for One, Welcome Our New Android Overlords” (Slate: 5 June 2008):

Microsoft promises that Windows 7 will be able to run on netbooks, but it has announced a risky strategy to squeeze profits from these machines. The company plans to cripple the cheapest versions of the new OS in order to encourage PC makers to pay for premium editions. If you buy a netbook that comes with the low-priced Windows 7 Starter Edition, you won’t be able to change your screen’s background or window colors, you won’t be able to play DVDs, you can’t connect it to another monitor, and you won’t see many of the user-interface advances found in other versions. If you’d like more flexibility, you’ll need to upgrade to a more expensive version of Windows—which will, of course, defeat the purpose of your cheap PC. (Microsoft had originally planned to limit Starter Edition even further—you wouldn’t be able to run more than three programs at a time. It removed that limitation after howls of protest.)

The limitations of Windows 7 on netbooks Read More »

Meeting expectations, no matter how silly, in design

From Operator No. 9’s “That decorating touch” (Interactive Week: 24 April 2000): 100:

Intel AnyPoint Wireless:

Dan Sweeney, general manager of Intel’s Home Networking division, says that when the company showed consumer focus groups the AnyPoint Wireless home networking system …, people became very confused, because there wasn’t a visible antenna. The desktop version of the wireless adapter — about the size of a deck of cards — has an antenna hidden inside it. ‘They looked at it and said, “That’s not a radio!”‘ Sweeney says. So Intel’s industrial designers added a tiny little plastic tip on top of the unit that is supposed to resemble an antenna. It actually looks — and I’m sure this was not intended by the designers — kind of like the type of hat klansmen or maybe religious leaders — bishops? vicars? — wear. Then again, maybe I just need to get out more often.

Meeting expectations, no matter how silly, in design Read More »

The Uncanny Valley, art forgery, & love

Apply new wax to old wood
Creative Commons License photo credit: hans s

From Errol Morris’ “Bamboozling Ourselves (Part 2)” (The New York Times: 28 May 2009):

[Errol Morris:] The Uncanny Valley is a concept developed by the Japanese robot scientist Masahiro Mori. It concerns the design of humanoid robots. Mori’s theory is relatively simple. We tend to reject robots that look too much like people. Slight discrepancies and incongruities between what we look like and what they look like disturb us. The closer a robot resembles a human, the more critical we become, the more sensitive to slight discrepancies, variations, imperfections. However, if we go far enough away from the humanoid, then we much more readily accept the robot as being like us. This accounts for the success of so many movie robots — from R2-D2 to WALL-E. They act like humans but they don’t look like humans. There is a region of acceptability — the peaks around The Uncanny Valley, the zone of acceptability that includes completely human and sort of human but not too human. The existence of The Uncanny Valley also suggests that we are programmed by natural selection to scrutinize the behavior and appearance of others. Survival no doubt depends on such an innate ability.

EDWARD DOLNICK: [The art forger Van Meegeren] wants to avoid it. So his big challenge is he wants to paint a picture that other people are going to take as Vermeer, because Vermeer is a brand name, because Vermeer is going to bring him lots of money, if he can get away with it, but he can’t paint a Vermeer. He doesn’t have that skill. So how is he going to paint a picture that doesn’t look like a Vermeer, but that people are going to say, “Oh! It’s a Vermeer?” How’s he going to pull it off? It’s a tough challenge. Now here’s the point of The Uncanny Valley: as your imitation gets closer and closer to the real thing, people think, “Good, good, good!” — but then when it’s very close, when it’s within 1 percent or something, instead of focusing on the 99 percent that is done well, they focus on the 1 percent that you’re missing, and you’re in trouble. Big trouble.

Van Meegeren is trapped in the valley. If he tries for the close copy, an almost exact copy, he’s going to fall short. He’s going to look silly. So what he does instead is rely on the blanks in Vermeer’s career, because hardly anything is known about him; he’s like Shakespeare in that regard. He’ll take advantage of those blanks by inventing a whole new era in Vermeer’s career. No one knows what he was up to all this time. He’ll throw in some Vermeer touches, including a signature, so that people who look at it will be led to think, “Yes, this is a Vermeer.”

Van Meegeren was sometimes careful, other times astonishingly reckless. He could have passed certain tests. What was peculiar, and what was quite startling to me, is that it turned out that nobody ever did any scientific test on Van Meegeren, even the stuff that was available in his day, until after he confessed. And to this day, people hardly ever test pictures, even multi-million dollar ones. And I was so surprised by that that I kept asking, over and over again: why? Why would that be? Before you buy a house, you have someone go through it for termites and the rest. How could it be that when you’re going to lay out $10 million for a painting, you don’t test it beforehand? And the answer is that you don’t test it because, at the point of being about to buy it, you’re in love! You’ve found something. It’s going to be the high mark of your collection; it’s going to be the making of you as a collector. You finally found this great thing. It’s available, and you want it. You want it to be real. You don’t want to have someone let you down by telling you that the painting isn’t what you think it is. It’s like being newly in love. Everything is candlelight and wine. Nobody hires a private detective at that point. It’s only years down the road when things have gone wrong that you say, “What was I thinking? What’s going on here?” The collector and the forger are in cahoots. The forger wants the collector to snap it up, and the collector wants it to be real. You are on the same side. You think that it would be a game of chess or something, you against him. “Has he got the paint right?” “Has he got the canvas?” You’re going to make this checkmark and that checkmark to see if the painting measures up. But instead, both sides are rooting for this thing to be real. If it is real, then you’ve got a masterpiece. If it’s not real, then today is just like yesterday. You’re back where you started, still on the prowl.

The Uncanny Valley, art forgery, & love Read More »

Taxi driver party lines

8th Ave .....Midtown Manhattan
Creative Commons License photo credit: 708718

From Annie Karni’s “Gabbing Taxi Drivers Talking on ‘Party Lines’” (The New York Sun: 11 January 2007):

It’s not just wives at home or relatives overseas that keep taxi drivers tied up on their cellular phones during work shifts. Many cabbies say that when they are chatting on duty, it’s often with their cab driver colleagues on group party lines. Taxi drivers say they use conference calls to discuss directions and find out about congested routes to avoid. They come to depend on one another as first responders, reacting faster even than police to calls from drivers in distress. Some drivers say they participate in group prayers on a party line.

It is during this morning routine, waiting for the first shuttle flights to arrive from Washington and Boston, where many friendships between cabbies are forged and cell phone numbers are exchanged, Mr. Sverdlov said. Once drivers have each other’s numbers, they can use push-to-talk technology to call large groups all at once.

Mr. Sverdlov said he conferences with up to 10 cabbies at a time to discuss “traffic, what’s going on, this and that, and where do cops stay.” He estimated that every month, he logs about 20,000 talking minutes on his cell phone.

While civilian drivers are allowed to use hands-free devices to talk on cell phones while behind the wheel, the Taxi & Limousine Commission imposed a total cell phone ban for taxi drivers on duty in 1999. In 2006, the Taxi & Limousine Commission issued 1,049 summonses for phone use while on duty, up by almost 69% from the 621 summonses it issued the previous year. Drivers caught chatting while driving are fined $200 and receive two-point penalties on their licenses.

Drivers originally from countries like Israel, China, and America, who are few and far between, say they rarely chat on the phone with other cab drivers because of the language barrier. For many South Asians and Russian drivers, however, conference calls that are prohibited by the Taxi & Limousine Commission are mainstays of cabby life.

Taxi driver party lines Read More »

David Foster Wallace on rock, the rise of mass media, & the generation gap

From Larry McCaffery’s “Conversation with David Foster Wallace” (Dalkey Archive Press at the University of Illinois: Summer 1993):

Rock music itself bores me, usually. The phenomenon of rock interests me, though, because its birth was part of the rise of popular media, which completely changed the ways the U.S. was unified and split. The mass media unified the country geographically for pretty much the first time. Rock helped change the fundamental splits in the U.S. from geographical splits to generational ones. Very few people I talk to understand what “generation gap” ‘s implications really were. Kids loved rock partly because their parents didn’t, and obversely. In a mass mediated nation, it’s no longer North vs. South. It’s under-thirty vs. over thirty. I don’t think you can understand the sixties and Vietnam and love ins and LSD and the whole era of patricidal rebellion that helped inspire early postmodern fiction’s whole “We’re-going-to-trash-your-Beaver Cleaver-plasticized-G.O.P.-image-of-life-in-America” attitude without understanding rock ‘n roll. Because rock was and is all about busting loose, exceeding limits, and limits are usually set by parents, ancestors, older authorities.

David Foster Wallace on rock, the rise of mass media, & the generation gap Read More »