Saturday, March 09, 2013

We do not understand the world in which we live

It is always this way, on the micro and the macro. I didn't understand high school until college. I didn't understand medical school until I was halfway through. I was deep into the corporation before I recognized my surroundings.

Did hunter-gatherers understand their context? 

Three links that tell us we don't understand ours (all via DeLong):

  • The Singularity in Our Past Light-Cone 11/2010. " ... An implacable drive on the part of those networks to expand, to entrain more and more of the world within their own sphere? ... the radical novely and strangeness of these assemblages, which are not even intelligent, as we experience intelligence, yet ceaselessly calculating ..."
  • Twentieth Century Economic History - DeLong: "... What do modern people do? Increasingly, they push forward the corpus of technological and scientific knowledge. They educate each other. They doctor each other. ... They provide other services for each other to take advantage of the benefits of specialization. And they engage in complicated symbolic interactions that have the emergent effect of distributing status and power and coordinating the seven-billion person division of labor of today’s economy...
  • Algorithmic Rape Jokes in the Library of Babel | Quiet Babylon: " ... The Kindle store is awash in books confusingly similar to bestsellers... Icon’s books are created by a patented system... products that generate unique text with simple thesaurus rewriting tools called content spinners... Amazon ‘stocks’ more than 500,000 items from Solid Gold Bomb. These things only barely exist. They are print on demand designs... Talk about crapjects and strange shaper subcultures still gives the whole threat a kind of artisanal feel. The true scale of object spam will be much greater..."

In our work, our hive like human world, we seek those who know and do. Some hide themselves, some advertise. Some are specialists, some are generalists, a few are omni-talented. A very few are powerful, a few are powerless, most are in-betweeners. All are enmeshed in systems of symbiosis and parasitism, all embedded in the "novel assemblage".

This world seems strange to me.

It will seem quaint to whatever thinks in 2113.

Friday, March 08, 2013

What's so bad about a bit of torture?

"... The Guardian newspaper unveiled the results of a year-long investigation purporting to show that U.S. military advisers, with the knowledge and support of many senior officials, including former Secretary of Defense Donald Rumsfeld and disgraced Gen. David Petraeus, oversaw a vast program of torture inside Iraqi prisons..

..Col. James Steele and Col. James H Coffman, ran a high-level secret program inside Iraqi prisons to extract information from alleged insurgents and Al Qaeda terrorists...." (10 Years After the Invasion of Iraq, a World of Hurt )

I run into Republicans on occasion. There's my beloved Uncle D for one, and there are some at work and in my Facebook feed.

I run into them, but we don't discuss politics. Similarly I don't consume any GOP media; neither Murdoch's nor talk radio nor right wing blogs. So what I know of Republican thinking is filtered by the NYT, NPR, Ezra Klein, Paul Krugman and the rest of my 400 feeds.

Except for app.net. That's the one place where I get to correspond with intellectual Republicans. It was there that some of us worked through a discussion on the role of torture in modern warfare. During our conversation, I was challenged to defend my scorn for the Bush/Cheney/Rumsfeld (BCR) torture program. I was surprised -- it's been a long time since I've had to think about why the BCR program was a terrible idea.

It's good to have surprises like that, and good to use this blog to think through my position, starting with a contrary "pro-torture" perspective of my own. (I'm not trying to represent my correspondent's position, I'd likely distort it unfairly.)

My pro-torture argument has nothing to do with whether torture is effective or not. That's a red herring; for the sake of argument let us assume that a skilled torturer always breaks any resistance and hears whatever the victim believes to be true.

Instead I, playing the role of Dick Cheney, will argue that torture isn't so bad. After all, we Americans routinely kill combatants and civilians in our many wars, not to mention our domestic execution chambers. We, more than most nations, sentence vast numbers of citizens to particularly nasty prisons.

Those are nasty fates. Given the choice, many of us might opt instead for a bit of sensory deprivation, flogging, waterboarding, electric shocks, and thumbscrews.

So then why should we be particularly averse to torture? If torture is no worse than routine warfare, shouldn't we retroactively pardon the torturers we imprisoned after World War II? Should we apologize to North Korea and North Vietnam for the mean names we called them; and discard our meager loyalty to the Geneva Conventions once and for all?

These are strong arguments, but history tells me they are misguided. There's a reason that torture was slowly removed from the legal code, and that 'cruel and unusual punishment' was a part of the English Bill of Rights in 1689.

One reason is that people who inflict torment on prisoners, who are by definition helpless, are changed by their experience. Some are repelled by the work, but some are attracted to it. The historical record tells us the practice spreads quickly, from special circumstances to general circumstances. From a few isolated rooms to a vast network of American supported Iraqi torture chambers. From the battlefield to Homeland Defense, and from Homeland Defense to the Ultra-security prison, from the Ultra-security prison to the routine prison, from the prison to the streets ...

Torture, history suggests, is habit forming. If humans were machines we might be able to manage torture as readily as we manage prison sentences. We're not though. Our culture fares badly when we make torture acceptable.

Our military knew that in 2005.

We should remember that now.

See also

Gordon's Notes

Others

Sunday, March 03, 2013

Does Edge Gel reduce the lifespan of disposable razors?

I tried searching on this, but couldn't find anything - even in shaveblog.com. So, for what it's worth, here's one article.

I've used Edge Gel for some time. During that time it seemed my disposable razor lifespan was reduced, but I didn't make the connection. Recently they increased the 'Aloe' component and my razor lifespan dropped down to a few days; I assume the shorter lifespan is related to the Aloe.

Then I found using plain soap (not too elegant :-), or cleaning the gunky gel from the razor with a toothpick, significantly increased razor lifespan.

Edge is made by Energizer Holdings, who also sell Schick and Wilkinson razors. So they don't have much incentive to increase razor lifespan. I suspect most customers don't care either way, but it will be interesting to see if I get any comments on this blog post. (I expect Gel's SEO operatives to bury it pretty deeply though :-).

For my part I'm going to go back to a brush and Williams Mug Shaving Soap. They seemed to be disappearing years ago, but I gather they're fashionable now. I expect that will save me enough to buy a coffee or two, and cut my waste output a bit.

PS. Researching this topic led me to a Wirecutter article on The Best Razors. I don't have the patience to do the Merkur thing, and I'm too cheap for the Gillette ProGlide, so I think I'll stick with the cheap Bic dual blades.

The canid domestication of homo sapiens brutalis

Eight years ago, I wondered if European Distemper killed the Native American dog and added a footnote on an old personal hypothesis ...

Humans and dogs have coexisted for a long time, it is extremely likely that we have altered each other's evolution (symbiotes and parasites always alter each other's genome). ... I thought I'd blogged on my wild speculation that it was the domestication of dogs that allowed humans to develop technology and agriculture (geeks and women can domesticate dogs and use a powerful and loyal ally to defend themselves against thuggish alphas) -- but I can't find that ...

 Happily, others have been pursuing this thought ....

We Didn’t Domesticate Dogs. They Domesticated Us Brian Hare and Vanessa Woods

...With this new ability, these protodogs were worth knowing. People who had dogs during a hunt would likely have had an advantage over those who didn't. Even today, tribes in Nicaragua depend on dogs to detect prey. Moose hunters in alpine regions bring home 56 percent more prey when they are accompanied by dogs. In the Congo, hunters believe they would starve without their dogs.

Dogs would also have served as a warning system, barking at hostile strangers from neighboring tribes. They could have defended their humans from predators.

And finally, though this is not a pleasant thought, when times were tough, dogs could have served as an emergency food supply. Thousands of years before refrigeration and with no crops to store, hunter-gatherers had no food reserves until the domestication of dogs. In tough times, dogs that were the least efficient hunters might have been sacrificed to save the group or the best hunting dogs. Once humans realized the usefulness of keeping dogs as an emergency food supply, it was not a huge jump to realize plants could be used in a similar way.

So, far from a benign human adopting a wolf puppy, it is more likely that a population of wolves adopted us. As the advantages of dog ownership became clear, we were as strongly affected by our relationship with them as they have been by their relationship with us....

The primary predators of humans, of course, are other humans. Women's need for protection against men is particularly acute. So which gender would be most interested in, and capable of, the domestication of a strong and loyal ally? What changes would a dog's presence make to a society and a species, and who would lose most when agriculture made dogs less useful?

What Evernote reminded me about my Cloud services - and my 2013 security policies

Evernote was hacked, and they mandated a global password reset.

It's not surprising Evernote was hacked. As Schneier wrote a few days ago about waterhole and precision phishing ...

Schneier on Security: Phishing Has Gotten Very Good

... Against a sufficiently skilled, funded, and motivated adversary, no network is secure. Period. Attack is much easier than defense, and the reason we've been doing so well for so long is that most attackers are content to attack the most insecure networks and leave the rest alone.

... If the attacker wants you specifically ...  relative security is irrelevant. What matters is whether or not your security is better than the attackers' skill. And so often it's not.

Schneier quotes former NSA Information Assurance Director Brian Snow: "... your cyber systems continue to function and serve you not due to the expertise of your security staff but solely due to the sufferance of your opponents".

It's likely some of Evernote's 50 million customers are of interest to major opponents, so it's not surprising their defenses were inadequate [1].

I don't make much use of Evernote, but I did a password reset anyway. Which is when I discovered ...

  • I was still using my non-robust 'evaluation period' password with Evernote. [2]
  • I was using said weak pw with test data that included photographs of the children's passports and my old PalmOS notes
  • I never purged my Evernote account when I decided not to use them (I went with Simplenote/Notational Velocity instead.)
Wow, by my standards that's quite a fail. When Cue.app failed a recent evaluation, I deleted my test data immediately. In the case of Evernote I may yet sign with them, so after I reset my password to something robust I merely deleted my old data [3]. 
 
All of which has led me to update my now laughably quaint 2010 lessons learned and security risks summary. Here's my current list. It's far from perfect; I'd like to say I avoid all services that use 'security questions' and high-risk reset procedures, but then I'd use nothing.
  1. If data is in the Cloud, and you do not personally hold the only encryption keys, it is 2/3 public. Treat it that way.
  2. Clean up your services. If you aren't using a Cloud service delete the account or your data.
  3. Obviously, don't reuse important credentials, use a password manager (ex: 1Password [4])
  4. Use Google two factor for your most critical Google credentials, even thought it has an longstanding egregiously stupid security hole and it's still a PITA to use.
  5. Use iOS for mobile and OS X Mountain Lion for desktop.
  6. On OS X desktop do not use Oracle Java plugin or runtime, Flash or Acrobat.
  7. On OS X desktop run as a non-admin user and enter your admin password with caution.
  8. Buy OS X software through the App Store unless you have exceptional trust in the vendor.
  9. Don't use OAUTH or OpenID on sites you really care about. For one thing, a password change doesn't repudiate OAUTH credentials on most sites. For another, it introduces too much complexity and side-effects and it's too hard to remember which OAUTH provider goes with which OAUTH service.
  10. Do not rely on encryption solutions that auto-open on login. (ex: iOS screen trivial bypass bug). I use encrypted disk images with no keychain pw storage on OS X desktop for my most critical data and I use 1Password on my iOS devices in addition to a (currently hackable) screen lock code.
  11. If something is really, really, secret, don't put it on a computer and especially don't put it on a networked computer. (I don't personally have anything that secret.) 
  12. Whether you're on the Net or on your own machine, remember Gordon's Five Levels of Information Affection [5] and manage accordingly:
Yeah, civilians can't do this stuff. I tell normal folk to use iOS and iCloud and treat everything they have as Public data. If they want something to be secret, don't put it on a computer.
 
 - fn -

[1] Among which antiviral software is worse than a snowball in Hell. At least the snowball will be transiently drinkable.

[2] An easy to remember and easy to break pw that I use for things I don't care about.

[3] The web UI doesn't support 'delete all notes', but if you create an empty notebook you can delete all non-empty notebooks, and associated notes, one at a time. Then empty trash. Of course the data will likely exist in Evernote backups for some time, possibly to be pillaged post-bankruptcy. Tags are not deleted.

[4] Note, however, the unanticipated consequences of strong security in cases of death, disability or disappearance

[5] aka Five tiers of data love, from Google's two factor authentication and why you need four OpenID accounts.

I: You want it? Take it.
II: I'd rather you didn't.
III: Help!! Help!!
IV: I'll fight you for it.
V: Kreegah bundolo! Kill!!

See also

ADN.NET: To get beyond social app.net needs to make parting painless

I love app.net as it is now, but nothing is forever. App.net is a specialized taste, and it needs to grow to survive.

That growth might come from its current social network features (ex: my stream and its RSS feed), but it would be good to have other growth options. Current work includes competitors to messaging, chat rooms, Google Reader Shares, and file and photo sharing.

I'm hoping several of these efforts will catch on, but first people like me need to use them and talk about them. (Like me, but with more fans :-). Problem is, we're a wary bunch. We hate losing our content.

That suggests a first principal for ADN beyond-social. Painless exits.

That's hard to do for anything non-trivial. Of all my Cloud services, only my Simplenote/Notational Velocity data is truly free. If Simplenote expired tomorrow, all of my content would remain on my hard drive and I could move it readily to Dropbox for sharing. It wouldn't be as good as what I have now, but I could keep going.

Beyond Simplenote things get harder. The next tier of freedom is probably Domain transfer, static web page hosting, and perhaps Wordpress migration. After that maybe moving Contacts and Calendars, perhaps moving email (but not archives) ... 

Yeah, Data Lock is ubiquitous.

So maybe it's time to try something different.

Why are some simple things still hard to discover online?

My Delta flight left from San Francisco International Airport (SFO) terminal 3, but Google told me a Lids store was in Terminal 1. I was looking for Lids  because #1 child wanted a USC cap, and since USC is hundreds of miles south of SFO a cap store seemed my best option.

So, I wondered, how much extra time did I need to get from Terminal 3 to Terminal 1? Was it conceivable that I'd have to exit security?

This official statement seemed pretty clear:

SFO - San Francisco International Airport - frequently asked questions

AirTrain, SFO's fully automated people mover, provides a convenient way to transfer terminals. AirTrain operates on two lines: the Red Line, which connects all terminals, terminal garages and the BART Station; and the Blue Line, which connects all terminals, terminal garages and the BART Station with the Rental Car Center. AirTrain operates 24 hours every day.

Please note that all of SFO's terminals are connected, and passengers may also transfer terminals by walking.

Yeah, pretty clear, until, looking back, you realize it doesn't say you can transfer terminals without passing through security.

In fact SFO terminals don't connect behind security. Indeed, United and Delta both have gates in Terminal 1 and you still need to exit security to pass between them.

Sprinting between gates I thought of a friend who died doing an airport sprint. So I slowed down a bit. I made my flight; an attendant met me at the checkpoint looking for her last arrival.

Oh, and there's no Lids Store in Terminal 1. Not any more. Thanks Google.

So why was it so hard to discover that SFO doesn't currently have useful connections between domestic terminals? That's the interesting bit of this post. Had I asked anyone who actually used the terminal I'd have gotten the right answer immediately, but this kind of common knowledge wasn't known to Google.

Some important questions are still hard to discover online. It would be interesting to catalog these "edge questions" and ask what they have in common.

Which is better for work travel: An 11" MacBook Air or a (maxi) iPad with Logitech keyboard?

I have just returned from a conference where I ran R and Python code on my 11" MacBook Air. It did the job well; Mountain Lion's Full Screen and Mission Control features add real value to this small screen lightweight laptop.

So for this trip the Air was a great device. For most trips though, a full sized iPad with a Logitech keyboard case would be a better work option. 

Curiously, this has nothing to do with the touchscreen; it's about other hardware and iOS design decisions. The iPad's advantages include:

  • iOS is a fairly good Exchange/ActiveSync client . OS X is not.
  • Many iOS apps work in offline mode, OS X apps expect a network connection.
  • iOS multitasking is constrained. In OS X many apps may simultaneously jump on a network connection, sucking bandwidth and power alike. (Heck, backup may start!)
  • iOS is, in general, less demanding of a network connection.
  • iOS and the iPad are designed from the 'ground up' to use less power. That's why an iPad can last for hours, receive a power boost from a mere Morphie Juice Pack, and charge off a meager USB connection. Even the best laptops, like my Air, can't do this.
  • The iPad can be purchased with an LTE chip, the MacBook cannot.
  • iOS bandwidth consumption is harder to track than it should be, but it's easier than tracking OS X bandwidth use.

Travel is characterized by limited power and limited bandwidth. The AIr is a lovely laptop, but compared to the iPad it's built for a world of ample power and bandwidth. Today, even excluding the touch interface, the Max iPad is a better traveling device for most use cases.

Apple could make the choice harder though. They could make a future version of OS X a much better bandwidth consumer, and they could provide an option to throttle multitasking. The iPad would still have a large power advantage, but this make for a great OS X upgrade.

See also:

American Healthcare: only the little people pay list

In healthcare, only the uninsured pay list price. They actually pay the crazy amounts that show up on their healthcare bills. Other payers, like insurance companies, pay a steeply discounted amount. Sometimes 70% off.

Pretty outrageous eh?

It's not new though. That's how it worked when I was a country doc in the early 90s and it was old and outrageous then. Now it's getting more attention; but it's not new. The weird thing is that this 'secret' has been in plain view for decades.

That's not the end of the story though. At least when I was in practice, we couldn't do a cash discount. The insurance price was based on list, and if we lowered list the insurance payments would fall. Indeed, our 'customary' charge rating would also fall, and in the bizarro world of healthcare finance what insurers were willing to pay us depended in part on our past charges.

Back then we wrote off many cash charges, but times have changed. For one thing, the Bush GOP made it much harder for regular folk to declare bankruptcy and escape healthcare debt.

So now that this story is getting traction, I wonder if Americans are ready to learn about how Evaluation and Management CPT codes (E&M Coding) destroyed primary care. Hint: "What gets measured gets done" doesn't mean "what is good gets done".

Many Americans still think we have a great healthcare system. It's probably not our only mass delusion.

Wednesday, February 27, 2013

Michael Church's model of the corporate worker - a short critique

Michael Church makes me look like a corporate fan. In a recent post he focused on startup culture ...

Gervais / MacLeod 4: a world without Losers? | Michael O.Church

…. This is a continuation of last week’s analysis of various work cultures and the patterns of degeneracy. I’ve analyzed hierarchies that form in organizational cultures and the relationship between ascendancy and bad behavior (in particular, psychopathy).

… In these small, agile companies, does the MacLeod classification apply? Or has this dysfunctional and unfair arrangement been rendered obsolete? If so, then how? If not, then who are the Sociopaths, Clueless, and Losers? I’ll answer that. Today, I’m going to focus on the sociology of VC-istan, perhaps the first truly postmodern corporate body...

Short version -- he likes VC-istan even less than he likes conventional corporations. (Warning - he writes long form. Feel free to skip to the end.)

Church, and Gervais and MacLeod as well, model a corporation as made up of 3 groups of people (my preferred label is at the end)

  • Sociopaths [4]: Power-seeking amoral individuals who care nothing for the fate of others. They rule. (Rulers)
  • Losers: Balance-seeking moral individuals who know the rules of the game and work within them. (Workers)
  • Clueless: Low to middle status individuals who believe they owe the corporation their loyalty and that it will protect them. (Faithful)

Church sometimes adds a fourth, the technocrat. This is a more or less good version of the sociopath, seeking power but also benefits for the masses and society.

The theory has a certain appeal. Even if it's not a perfect match for the corporations I've lived in for 19 years, it's a good match for the Cults I used to visit in the 80s. [1]. They invariably featured Clueless believers at the base, and Sociopaths at the top. That matches Church's description of VC-istan.

Corporations feel more complex though. I'm not sure I've ever met the "Sociopath" Church describes [3], and I've known some wealthy executives and entrepreneurs. The ruling class I've known is usually a mixture of Church's "technocrat" and "sociopath"; with more of the former than the latter. It is true that belief in the 'goodness' of the corporation is pretty rare in the executive class, but even there I've seen (naive) exceptions.

My biggest split from Church however is that he treats Corporations as the sum of their people.  I think the complex modern publicly traded corporation is an emergent entity in its own right - more than the sum of its people (see below). It's a mindless entity to be sure, but it wants to live and grow as intensely as the average ant colony. It resists Church's 'Doom of the Clueless' [5], even if It isn't aware that it's resisting.

That said, Church's model has the advantage of parsimony, and it does explain a lot about middle manager life.

 - fn -

[1] It was a hobby of my early years. Cults loved me for some reason, I must have looked like a great candidate then.

[2] Even if it's only contributing to the "health" of some abstract Good represented by a "functioning" market.

[3] Ok, maybe the people who make a living downsizing divisions or managing major purges. They are hard people.

[4] I think Church is wrong about the etymology of psychopath/sociopath btw. It all got horribly mangled when Americans and Brits used the same two words in precisely opposite ways.

[5] Which is a bit like this Technology Review article.

See also:

Saturday, February 23, 2013

The Mac World needs an app that will toggle Java availability

Java on the Mac is malware by design. It bypasses the entire security infrastructure of OS X. It's worse than Flash, and Flash is plenty bad.

There aren't many apps that really need it, and most of those have solid Mac alternatives. (Sorry Minecraft fans.)

The problem is corporations. They use VPN products that require Java. (Way to go corporate America -- mandate use of a security product that dramatically reduces network security. Alas, this is so typical.)

So many of us can't go entirely Java free until that problem is fixed.

So we need an app.

An app that disables or enables Java just when we need it. (Ok, Minecraft fans, just for gaming purposes.). An app that only Admin users can run because it needs Root privileges.

Maybe it changes privileges on the Java executable. Maybe it renames it. Whatever, it makes it NOT work, OR work, in a way that Admin users control for an entire machine.

Ideally Apple will provide this, but they might not. Apple, correctly, wants Java on Mac dead.

This would make a great utility. $20 bucks? No problem. I don't see any reason why it couldn't meet Apple's App Store requirements.

Money maker.

Do it.

Sunday, February 17, 2013

Pay to Play: Facebook and the attention economy.

Facebook has made some interesting attention economy moves over the past few months.

Last November they created a new feed [1] called "Pages Feed". It seems to be a chronological list of Pages I'm "connected to" [2]. It's somewhat hidden; I'm sure most users will never see it.

Since then [7] Facebook has changed the algorithm for what appears in my "News Feed" [3]. If I sort chronologically ("Most Recent") [4], I see it includes all the "Page Feed" posts, but if I use the default "Top Stories" ranking many Page Feed posts disappear down the screen. Some are still near the top, but some are so far down I'll never see them.

These two changes are related. Unless Page owners pay up [8], their subscribers may not see Page Posts ...

Promoted Posts | Facebook Help Center

... Promoted posts appear higher in news feed, so there's a better chance your audience will see them...

It's not clear if user interactions with a Page post (like, comment, share) still change the ranking of future posts from the same source ...

Posting works the same way it did before. When you share a post it gets delivered to the audience you specify.

If someone you shared with didn't notice your post it's likely because they:

... Didn't scroll down to where your post appeared in their news feed...

My internal lawyer looks at this and thinks "It all depends what you mean by the word works". The Post does get "delivered", it just won't be "seen".

My hunch is that, for the moment, Page engagement still matters. That is, if you interact with a Page post (Like, Comment, Share) you will see similar posts  in the future. If you don't interact however, you'll only see them if the Page Owner pays or if you are the .1% who will notice the Pages Feed.

From my perspective, this is a dual bummer. As a Page subscriber If I didn't want to see Page posts, I'd unsubscribe. Facebook's ranking algorithm is simply an annoyance -- not to mention I prefer the deprecated "Most Recent" sort order. As a Page owner this means my sports teams, clubs and groups are missing news they care about -- like a change in practice schedule.

From a business perspective, assuming interactions still affect sort order, Facebook can win two ways. If Page owners pay then Facebook gets money for placement, if consumers interact more then Facebook learns more about customer interests.

On the other hand this change makes Facebook less useful for its customers. It opens up opportunities for Google if they could, you know, stop shooting their tentacles off. [6]

 - fn -

[1] Facebook, for me, is the commercialization of RSS pub/sub post/feed technology. There are three active feeds - Pages (new), News (Page Owner and Profile activity), and Unnamed Right Side -- Profile detailed Page/Profile activity sorted chronologically.  Incidentally, Pages still have RSS feeds, and Profiles used to have them but that was removed 1-2 years ago.

[2] Subscribed to Via the "Like" action.

[3] Page and Profile feeds I subscribed too via "Like".

[4] This is increasingly hard to do. Facebook will periodically revert sort order to their algorithm-generated "Top Stories". I'm not sure "Most Recent" even exists in the mobile app any more. I expect Facebook to remove it altogether.

[6] Google Reader is (again) rumored to be facing imminent execution. If Google had embraced standards-based pub/sub for G+ instead of killing off RSS (and Reader Shares) the world would be a different today.

[7] In theory the Promoted Page option dates back to Oct 2012. In practice it's been quite subtle until recently, and I think the algorithm changes are newer.  Facebook has figured out how to make big changes in an incremental fashion.

[8] Not all my Pages show the same rates. For my sons' hockey team a promotion $5, for our inline skating club it's $15.

Inherit the Cloud: Who gets your Google Docs when you die?

In the old days digital inheritance was simple.

Say I died in 1999. (BTW, I don't expect to this for decades). Back then my computer was owned by me and it would have passed to my estate [2]. Where the computer goes, so goes its drive and data [1] including tax returns, photos videos,, Financial records, password stores and so on. [3]

Those were the good old days. In 2013 we know that DRM'd media, like software, dies with its owner ...

... this piece of prose from Apple’s legal department says this about apps:

You may not rent, lease, lend, sell, transfer, redistribute, or sublicense the Licensed Application and, if you sell your Mac Computer or iOS Device to a third party, you must remove the Licensed Application from the Mac Computer or iOS Device before doing so.

I’ve scoured Apple’s iTunes Store Terms and Conditions documentation and I haven’t found verbiage specific to movies, music, audiobooks, and e-books, but I’m assuming these same restrictions apply to those media flavors. Given that, Apple seems to be well within its rights to say that when you expire, so too does your purchased media....

So what about the Cloud? What happens when all of the family records and documents and passwords and photos are stored in Dropbox or Google Drive or iCloud? Can Facebook records be downloaded by the estate? Do access rights go through probate?

Wikipedia has a short article ... (emphases mine) ...

... Gmail[1] and Hotmail[2] allow the email accounts of the deceased to be accessed, provided certain requirements are met. Yahoo! Mail will not provide access, citing the No Right of Survivorship and Non-Transferability clause in the Yahoo! terms of service...

... Facebook's policy on death is to turn the deceased user's profile into a memorial...  no one is able to log into the account in the future...

 American states are starting to make laws with a focus on Facebook ...

 Who Has The Right To Our Facebook Accounts Once We Die? : All Tech Considered : NPR

Now, lawmakers in at least two states — Nebraska and Oregon — are considering legislation that would require social networks like Facebook to grant loved ones access to the accounts of family members who have died.

Oklahoma passed a similar law in 2010.

"We have automatically vested in the administrator of an estate the power to act on the behalf of a deceased individual and access these accounts," Ryan Kiesel, a former Democratic legislator who wrote Oklahoma's law, tells Morning Edition host David Greene. "That's not something they have to go to court for. They have that power, just as they have the power to pay debts, to distribute property according to a statute or according to a will. One of their powers in Oklahoma now is to be able to access these online accounts."

Yes, Oklahoma is a technology leader. Surprised me. [4]

Dropbox is clear that content is owned by the account owner, but I couldn't find any references to estate access. Google had nothing on Google Drive, but they do provide access to Gmail. On iCloud I found nothing at all.

This is going to get sorted out, but for the next few years it would be unwise to store important records or your 1Password credential repository solely in the Cloud.

[1] The software is licensed to an individual though, and, technically, is not inherited. That's precedent for the bigger problem.
[2] In fact it's family property, but I'm simplifying. 
[3] Back then we didn't encrypt hard drives or backups btw. 
[4] I'm going to ask my MN state representative to have a look at this post.

Update 4/19/2014: Google has added “Inactive Account Manager” settings to Google.com/settings. It’s under the Data Tools menu currently. You can choose up to 10 trusted people who will be notified when primary account is inactive for at least 3 months - you can set range to 18 months. You have to specify a phone number that will be used to notify the recipient, so there’s a risk that number will not work when needed.

I set this up on my primary account. When i first configured it I was able to specify what went with my account, but afterwords I couldn’t see those choices. I think that’s a bug or a missing feature.

See also:

Saturday, February 16, 2013

Preparing for the inevitable - Google Docs for the "Not available" letter

Yes, it happens. We die. Short of death, we can be lost in the wilderness, imprisoned by whackos, captured by space aliens, comatose, or gone.

This has always been inconvenient for those left behind, but in the digital age it's a particularly inconvenient. We don't use biometric authentication yet, but user names, passwords and the locations of things are bad enough. (Imagine when we do biometrics...). 

So how does one communicate this key information 'from the other side'? What method is most likely to work? Where should the information be stored and how should it be shared?

After playing around with a few options I've settled on a basic Google Doc that is shared with my wife [2], my brother, our executor, and several relatives and friends. We all use Google, and I assume access to a shared document will survive my demise. As a document of course it's simple to print a paper or PDF version that can go with our will. The paper version will include the URL of the shared Google Doc and directions on how to access it -- the paper version is a backup. This isn't a legally binding document but it's advisory so it's good to know the "source of truth" and it's handy to be able to see all prior versions and edits over time.

As a shared document it's somewhat private, but potentially public. It won't hold any truly confidential information.

Since it's a Google Doc there will be a synchronized copy on my Google Drive; a copy whose name, at least, is Spotlight indexed. The information is fairly robust -- anything that would take out all copies of the documents for all users would probably make my estate irrelevant.

Lastly, but not leastly [1], it's easy for me to edit. So I can put together an outline and gradually fill in the bits as I think of them. Odds are I'll get thirty years to work on it.

But you never know.

Here's the current outline, I'm sure it will expand.

  • Metadata: Title, author, last revised.
  • About: Describes use, includes URL on Google.[3]
  • Passwords and Combinations: Where my 1Password archive is and how to get to it -- including the location of a backup copy of the global password (paper). Where I keep the simple household combinations.
  • Backups: Where my backups are (office and home) in case of need.
  • Money: Where the money is. This is most important if both Emily and I are taken out by an errant meteoroid.
  • Domains: I own about a dozen domain names. Some are worth money, some provide access to digital content the kids might want.
  • Photo archive: How to get the family pictures.
  • Media archive: Probably not a top priority, but no reason the tunes should go.
  • Kateva: Dogs don't get into wills, but executors look for advice on canine provisions. I suppose I'll say something about the gerbil too.
  • What goes to which kid: This is the dangerous part. Who gets the Family domain? Who gets the wedding ring? (Ok, the last one is easy, we have only 1 daughter.) It is something I need to do though.
  • Dispensing of "John Gordon" (not my TrueName) - including the blogs.

[1] That really should be a word.

[2] Once it's setup I'll make her 'owner' and I'll keep edit privileges. Helps with survivorship. She can do the same for me of course.

[3] Almost impossible to type. Since the data isn't super-secure I used Google's URL shortening service to create something one could read off a paper version and type in a browser.

See also:

Update:

As I worked on this my outline grew. I also realized, with mild horror, that if the server were lost or destroyed my estate would need the passwords to my encrypted offsite backups. "Best" security practices are hell on an Estate. For example -- Google two factor. What if my phone is gone too?!

Tuesday, February 12, 2013

Hints that your heart needs checking - in memory of Jim Levin

Nobody's perfect. The Jim Levin I knew was pretty good though. Smart, kind, wise, generous, honest. A family man. He had a lot of talent, and he used it to make the world better.

Jim was 54 when he died suddenly, apparently of a heart attack.

Heart attacks in relatively young people are notoriously lethal. Sometimes the first symptom is death. A soft plaque sheers off, and a major vessel is suddenly obstructed. Smaller vessels may be fine, so there's been no slow development of backup "collateral" circulation. A healthy conduction system propagates bad signals. The heart fibrillates. 

There's a good chance Jim had no warning symptoms, or at least nothing meaningful. If he'd had symptoms though, he'd have been worked up. Chances are the problem would have been fixed.

So, because it's the only meaningful thing I've thought of to mark this loss, this post is an informal review of the warning symptoms of heart disease.

I'll start with the set of symptoms that the American Heart Association describes as the Warning Signs of a Heart Attack [1]...

  • Chest discomfort. Most heart attacks involve discomfort in the center of the chest that lasts more than a few minutes, or that goes away and comes back. It can feel like uncomfortable pressure, squeezing, fullness or pain.
  • Discomfort in other areas of the upper body. Symptoms can include pain or discomfort in one or both arms, the back, neck, jaw or stomach.
  • Shortness of breath with or without chest discomfort.
  • Other signs may include breaking out in a cold sweat, nausea or lightheadedness.

The American Heart Association (AHA) recommends calling 911 -- "Don't wait more than five minutes"

I think you can see the problem here. I was very short of breath at the end of my swim sprint yesterday. I've been lightheaded or nauseous several times in my life (flu, etc) -- and I'm don't think any of them were heart disease. Taken out of context these symptoms aren't terribly specific. [4]

The AHA doesn't want to get more specific because they'd rather err on the side of over-diagnosis than under-diagnosis - and because they're writing for a wide audience.  I think they can do a bit better for this blog's audience though [3]. So here's a bit of context:

  • If these things occur together it's more likely to be heart disease. So shortness of breath AND "cold sweat" [2] AND jaw discomfort all together means more than one of them by itself.
  • It's one thing to feel short of breath when you're a healthy person running a 5 mile race, another if you are short of breath doing stuff that is normally easy (like watching TV).
  • If symptoms like "arm discomfort" and " nausea" come on with exercise and get better with rest -- that's ominous. (Exercise means the heart needs more oxygen, so it can expose an underlying problem.)
  • If your parents died of heart disease in their 40s and your LDL cholesterol is 250 and you smoke and you're male ... Ok. You get the point. Most of us have some heart disease by age 50, but some people have a lot. Weird pains at rest may not mean too much in a low risk 30 yo woman but in a "high risk" person they might be bad news.

In some cases, such as a man in his 50s with chest pains on exercise that get better with rest, the likelihood of serious heart disease is so high there's not much point in doing studies like an exercise stress test - nobody would be convinced by a negative result. [3]

Now you know some things to watch for. In memory of Jim.

See also:

[1] Technically this is the crummy way our body tells us that the heart is malfunctioning - most often due to lack of oxygen delivery with or without muscle damage (muscle damage = "heart attack").  It doesn't have proper pain receptors because there wasn't any point to it during the past billion years of cardiac evolution. There was no bypass surgery in the paleolithic.

The symptoms may also go completely away by themselves -- which doesn't mean the problem is gone.

[2] Autonomic nervous system freaking out.

[3] There are big debates about how doctors should investigate for ischemic heart disease, but that's way beyond the scope of this post.

[4] Really what we all want is a low cost highly predictive test we can do on everyone aged 50 that will tell us how bad their heart disease is. Or a set of cheap screening tests that we can put together with a risk factor profile to decide how should be imaged even if they have no symptoms at all.