11.20.2009

The Pathology of a Viral Video

YouTube is force of nature. It is a law of Physics all to itself, and it is unstoppable. It is an open medium with which people share their thoughts and ideas in the form of badly-produced, low-quality videos. It is free, and it is easy to use. It has become the preferred method of comedic outlet in the digital era, and it created this thing called the Viral Video. The viral video has its roots in the Internet Meme. A meme is something, usually a word or phrase, that has no inherent value or comedy other than the fact that it has been arbitrarily applied all over the Internet to a certain situation. A good example is "fail". Nobody knows the exact source of this meme, but when someone does something stupid, a label of "FAIL" gets applied. If it is utterly stupid, that person gets an "EPIC FAIL". Now, these things only mean what they do because of the amount of people using them, and that's a testament to the power of the Internet, and the vast numbers of people using it.

The Viral Video is the Web 2.0 version of a meme. Take the Rick Roll. A musician by the name of Rick Astley made a music video once. It was horrendous. At some point in time, that video was used in a prank where a seemingly innocuous link on the Interwebs brought you not to your intended destination, but to a Rick Astley music video. Shorty thereafter, the RickRoll was canonized in the Interwebs  lexicon of Funny Things That Only People Who Are On YouTube For At Least 2 Hours A Day Find Funny. Rickrolling became an Internet sensation, and only a select few people actually know who Rick Astley even is. Look it up on Youtube. If you dare.

The example I want to focus on today is viral on a much smaller scale, but it happened so quickly and so decisively,  and it disappeared just as fast, that it's a great example of how Viral Videos do their thing.

So, there's this show that used to be really popular with the angsty teens. It was called 'The OC', and those who remember the fad know how indescribably terrifying the specter of watching that abomination was, and how all your guy friends who started watching were obviously either doing it for their girlfriends, or subtly coming out of the closet.

Well, here's the last scene of the 2nd season.



Got that?

Good.

Now here's Andy Samberg's take on it from SNL.



That's comedy gold, friends.

Now, in a pre-youtube world, that would be the end. We would all have a laugh, and walk away. But nooooooo, this little juicy nibblet of comedy had an appointment with destiny, and it was about to smash in the office door with impunity.

People started doing parodies of the parody. It started innocently enough, with people adding the idea to video game scenes, like this one.



It then got applied to other famous youtube videos. Like this one.



And then, dear readers, things only went downhill. Or, I should say, things threw themselves off a sheer cliff into the neverending abyss of the pop culture comedic hell that is the YouTube population en masse. In rapid fire, here's some of the main offenders.







There's so much more, and a simple Youtube search will uncover startling amounts of these videos, all starting from one finale of a season of the OC. They definitely didn't have this in mind when filming that.

So, here's my favorite. I laughed out loud. At work. Very awkward.




Oh, and I forgot about this one. Very similar to the original SNL version.



pwned by the Astley. If you didn't see that coming from at least a few miles out, you haven't been spending enough time on YouTube.

Some would say you should keep it that way.

11.18.2009

Identity Theft Madness


Identity Theft in The Matrix

There is nothing I hate more than being lied to.

Ok, that's not really true, but using 'hate' in the first sentence really makes the blood boil, doesn't it?

Good. Now that your blood is at a slow simmer, I can explain to you from whence this hatred comes. I was watching the television last night, enjoying the feeling of my brains rotting from the inside out, when a commercial came on that grabbed my attention. If I could find a video of it, I would post it. For now, you'll have to take my word for it, because I don't remember the company's name.

A lonely man is buying something over the Interwebs and he whips out the ol' credit card to pay. He types the numbers into the appropriate field and hits Enter. Cut to a squalid slum in a desert in some country in Africa (Nigeria, I think), where a dirty, poor-looking man is staring intently at a LED-backlit, super-awesome computer connected to the Internet, waiting for something to happen. All of a sudden, credit card numbers appear in bold font, one number at a time, and he smiles smiles of joy and pleasure as he quickly prints out the numbers and hands it off to an emaciated little boy, also smiling like he was just given double rice rations by the Nigerian government. The boy runs along the dirty city market streets, where chickens squawk and burly men rip off the destitute horde with impunity, until he reached a small shack where the purchased items are stored. The man in charge takes the slip of paper with the card number, smiling like his 4th wife just gave birth to a boy, and packs up the item for the lonely man. Cut to an ominous warning about identity theft, and how it will happen to you unless you buy our product..

Now, I know that commercials lie. I mean, marketing is just a word for that blurry area between lie and truth that businesses pour money into and cultivate to capitalize on the almost-lie that compels people to purchase their products. But sometimes the line of falsehood is crossed, and when it happens in a subject that I am somewhat educated in, it drives me nuts.

Let's go over some factual knowledge. This is how eCommerce functions these days.

The basic rule of ID security on the Interwebs is that the last person to see credit card numbers in unencrypted clear text is you. Once you finish entering data and submit it, assuming you're using a legit eCommerce service (more on that later), the relevant data is encrypted using a cryptography algorithm. The common algorithms used today are all variants of RSA (Rivest, Shamir, Aldeman, the people who wrote it) and are typically encased in a protocol called TLS (Transport Layer Security, the successor to the ever-popular SSL [Secure Socket Layer]) that uses RSA encryption with 1024 or 2048-bit keys.

Now, for some cryptography 101 (5 in binary). Plaintext is encrypted through the use of keys. Keys both encrypt and decrypt data by using whatever algorithm you choose to apply the key to the data. There are two ways to increase security in a data transfer. You can make the algorithm stronger and less vulnerable to computational flaws and vulnerabilities, or you can simply make the key longer and thus harder to guess. This is where the terminology can get confusing.

Saying an algorithm has 12 bits of security is very different than saying the algorithm has a 12-bit key, and people tend to get confused. When I say that an algorithm has 12 bits of security, I'm saying that there has been a proven method to break the algorithm and find a key with 11 bits of complexity. So the effective security is 12 bits. When I say the key is 12 bits, I'm saying that the key itself is 12 bits long. Just for perspective, 12 bits (11111111111) means that there are  4096 possibilities for the key.

If you want to know how complex the RSA algorithm is (the original one written in the 70's) just take a gander here and hope your brain doesn't explode. I'm going to discuss the details of that. The relevant point is that the algorithm uses keys that are 1024 or 2048 bits in length. That means that there are 22048 or 1024 possibilities that the key could be. Just for some perspective once again, IP addresses are 32-bits. There are 4,294,967,296 possibilities there. The number is bigger than anyone can imagine, and binary represents it in 2048 digits (Any internet calculator in which you type in 2^2048 will return 'Infinity'. So, unless someone comes up with an efficient way to break RSA as it stands today (Hint: Nobody has), if you transfer data over the Interwebs with TLS, nobody will know your credit card numbers.

So, how do companies use this? Enter Public Key Cryptography. Also developed in the 70's, PKC revolutionized the way messages were ciphered and deciphered, and is the standard operating procedure of all eCommerce and other data sensitive services on the Interwebs. An analogy widely used is that of a mail slot. I own a locked mailbox with a slot. People know where the box is and where the slot is to deliver mail, but only I have the key that unlocks the box to get access to the mail. The mail slot is the public key, and my unique access to the mailbox is the private key. The keys are related in that they both are relevant to the mailbox, and this is reflected mathematically in practice. There has to be a trust system that guarantees the keys are related, just as the post office is responsible for relating mailboxes to keys. When I drop my mail in the mailbox, I want to know that the private key to that mailbox is only owned by the one person that belongs to the mailbox. This is accomplished using the PKI (Public Key Infrastructure). It is a system that sets up companies to distribute certificates that guarantee relationships between private and public keys on the Internet. The biggest company these days in Verisign.

Oh, and all this, all this complex infrastructure and cryptography, is symbolized in your browser by one letter. Normally, in your URL, you'll see http://blabla.bla. If you're using TLS, and therefore RSA and PKI, you'll see https://blabla.bla. The s stands for secure, and you know you're dealing with a legit and secure website.

So, how does this all go down in real life?

When you buy a product from amazon.com, this is what happens to your information. If you'll notice the address bar on the page that asks you for your credit card information,

it has changed to https. This means that any data entered into this paged will be encrypted with a public key given to Amazon by a certification company (VeriSign is this case) that tells my computer to trust that encrypted communication between me and amazon will be only readable by amazon. Since you purchased a product from amazon, you are authorizing them to draft payment from your account. If you don't Amazon to keep your information safe, then you shouldn't ever spend with anything other than cash from now on. And then get some professional help, because you are a hopeless paranoid. Anytime you swipe your card, you are giving some business your numbers. They don't steal those numbers because it is in their best interests not to. If you ever find unauthorized transactions on your statement, banks are very lenient about cancelling those charges, and re-issuing a card if needed. And if Amazon ever steals your credit card information, the entire company would face huge lawsuits and litigation and would not come out profiting from the venture.

The other, potentially more vulnerable, method of purchase is through third-party portals like Ebay. Things are a little different there. They use Paypal. What paypal does is manage both sides of the transaction through their own TLS certificates, and this way the seller never sees any payment information. Paypal drafts the account and pays the seller, so the only security vulnerability is PayPal's trustworthiness. Being that their entire business model hinges on that one attribute, I wouldn't worry about them too much.

So, basically, it's just as safe, if not safer, to shop online than to shop in a store. Nobody in Nigeria is reading your numbers and smiling like a moron.

Oh, and the whole pitch of Identity Theft? Ya, you can't get that from a credit card number. Unless you can access bank records that match credit accounts to SS numbers, and then match SS numbers to whatever else you need, your "Identity" is safe. Nobody is going to be walking around with your Passport and ID pretending to be you. The only possible theft here is from your bank account.

I guess that says a lot about what people perceive as their identity, and that's sad.

11.16.2009

Google Brings the Chutzpah

I write a lot about Google. They're an interesting phenomena whose true agenda and nature is constantly fluctuating between good, bad, evil, righteous, and various other complex moral states. Sometimes, one word sums it all up, and fits so well that you wonder why you hadn't thought of this earlier. That word is Chutzpah. From Wikipedia (or "The Ultimate and Omniscient Source of Universal Knowledge and Stuff"):

In Hebrew, chutzpah is used indignantly, to describe someone who has over-stepped the boundaries of accepted behavior with no shame. But in Yiddish and Englishchutzpah has developed ambivalent and even positive connotations. Chutzpah can be used to express admiration for non-conformist but gutsy audacity. Leo Rosten in The Joys of Yiddish defines chutzpah as "gall, brazen nerve, effrontery, incredible 'guts,' presumption plus arrogance such as no other word and no other language can do justice to." In this sense, chutzpah expresses both strong disapproval and a grudging admiration.

Or, for the reading impaired:




On that note, I would like to announce that Google has deemed me worthy of giving me a developer preview of their new collaborative content platform called Google Wave. It's really hard to put the idea into words and give it proper identification, but in their own words: Google Wave is what email would look like if it was invented today. Meaning, Email was modeled off the snail mail system, in which you wrote a letter, and the recipient received that letter and now owned it. Wave does away with that silly notion and innovates the way we look at cloud collaboration. Put simply, when you write a message to somebody, he can see you typing the message at the same time as you. Both sender and recipient own the content, and both edit it along the relationships formed by normal mail contact information.

Like I said, it's hard to explain. A more robust definition can be found in the 2-hour long presentation given by Google Product managers a while back. Or there's an abridged version for fakers. Regardless, this post is not about Wave. Well, sort of. Let me explain.

After I got my invite (and danced the dance of joy and happiness), I opened up IE (no choice; it was a work laptop) and I opened up Google Wave. I was then hit with a splash screen that blew my face off (very messy). It was the most chutzpah I've seen on the Interwebs in a long time, and it may signal the start of a new era in the browser wars.

IE is not supported by Google Wave.

Ok, read that again.

Are you still with me?

I'm not.

You do realize how unbelievably mind-shattering this is, right? You don't just release a product that isn't supported under IE (Just to be clear - it does run in IE if you install the Google Chrome Frame Activex control that may or may not break IE. But the point still holds. IE out of the box does not work with Wave). It's like releasing a car that doesn't drive on interstates. Or a music player that doesn't play mp3 files. It doesn't make sense, it's audacious, it's arrogant, it's brazen, it's non-conforming, and it's straight up Chutzpah.

It's also the stuff that revolutions are made of.

The age of IE (Internet Exploder, Internet Exploiter, take your pick) is coming to a close. Years of chipping away by browsers like Opera, Chrome, and most importantly and successfully, Mozilla Firefox, are finally bringing the industry to a point where things like can happen. Google Wave is going to change the way we collaborate in the Interwebs (many are calling it the harbinger of Web 3.0), and IE has been left out of the party. It's a blatant act of war, and one that's been a long time coming.

This may all be sensationalist thinking, as the restriction may be a quirk of the developer preview, but hey, the sensationalist way is typically the fun way, and I will indulge.

Don't worry, as soon as I get some more time with Wave, I'll let you know not if it rocks my world, but how much it rocks my world.