General Thomas Ewing, commander of the District of the Border, issued General Order No. 11 after Quantrill’s raid, which sent soldiers into four counties of western Missouri to impose order on the population and destroy the “bushwhacker” network (support for militant rebels, either for or against slavery).

Quantrill was known for surprise attacks, fraud, disregard for authority and targeting civilians. He led men like Jesse James on ruthless campaigns in Texas and “Bleeding” Kansas until Confederate forces had no choice but to try and detain him. He escaped arrest through corruption and sympathy. Eventually he was shot by Union special forces in 1865 while threatening to kill the President and died in hospital. I’ll post more details later this year.

First, in terms of disclosure, let me just get out of the way that I don’t prefer Android or iOS. They’re both too centrally managed for my taste. Call me a deviant hacking anti-communist if you must but I’m a fan of Linux on my handset, which is why I keep buying the awesome Nokia N9 and building/flashing it on my own.

Going to South Korea? Well pop a local South Korean telcom firmware on your N9 and look like a native with all those cool feature “defaults”. When you get home replace it with a Northern European vanilla firmware that’s as clean and clear as the icy waters of Trondheim. That’s the N9. Unlocked as unlocked can be, by default.

The closest thing on Android is the Cyanogenmod. A while ago I made a small business out of buying and reselling Android phones that wiped, replaced the firmware and opened up. It wasn’t for the money but rather for the liberation of the phones and their users (for comparison I also used to pull bicycles out of dumpsters, refurbish them and then leave them on the street to get more people riding). The Motorola Defy was my favorite to set free but even Cyanogenmod didn’t feel big and open enough compared to straight Linux.

At least Cyanogenmod exists. Liberating an Apple phone has been a sordid and messy game that has little upside other than showmanship and to refute Jobs. The Apple icon shifted from admitting to being a fan of stealing ideas to viciously threatening anyone who tried to “steal” his. It’s odd, especially when you consider that his highly-successful OSX is a BSD variant.

That being said, it wasn’t hard for me to predict that Android would eat Apple in the market. Earlier this year I mentioned “iOS struggles against Linux phones” but here’s what I said in October of 2010 when it looked clear that Google would rocket past Apple

iPhone losing OS fight

Today, here’s what TC says the real experts think.

The latest numbers are in: Android is on top, followed by iOS in a distant second.

This word comes from Gartner, a top research firm for these sorts of things. Overall, within the last quarter, Android outsold iOS devices nearly three to one while capturing 64% of the worldwide market share. Samsung was the top dog accounting for 90M handset sales.

There is no denying Android’s dominance anymore. There is no way even the most rabid Apple fanboy can deny that iOS is in second place now. Android is winning.

While so many others were talking about how iOS made them “feel” special the platform was just too proprietary to be a long-term bet. People may as well been telling me that the iSeries and OS400 were going to take over the world. Microsoft Windows and all that. Battle impact? Yes, of course. QSECOFR was a great thing. Long-term war victory? No.

The fact is that economics and politics in history indicate the majority of people eventually choose freedom over specific functionality. As much as some apologize for and say this or that “brilliant” dictatorship could have kept going (e.g. Mussolini made the trains run on time)…information likes to be free and Android at least allows for commodity hardware, which is far more free than iOS. And yes, RIP RIM.

Kirby Ferguson explains better than I ever have (or probably ever will) some of the dynamics behind why Android is winning…

Updated to add Aug 15, 2012: Even though Apple’s iOS lags in the market behind Android, Imperva reports that it is far more discussed by attackers (as reported in The Reg).

Updated to add Oct 25, 2015: Current phone Unix install base by version shows this blog wasn’t far off in its prediction of Android dominance.

A side consideration here is that China committed to a universal accessory standard for phones to tamper down landfill growth (e.g. charger upgrade because different connector). That would obviously sway them towards open because better for the environment. Now ask me why Tesla opened all their patents when China was looking for electric vehicle platforms (e.g. chargers) for the world’s largest fleets.

Three researchers at the École polytechnique fédérale de Lausanne (EPFL) — Pedro C. Pinto, Patrick Thiran, and Martin Vetterli — have published a paper called “Locating the Source of Diffusion in Large-Scale Networks” that echoes the principle I presented on six months ago at RSA USA 2012:

How can we localize the source of diffusion in a complex network? Due to the tremendous size of many real networks — such as the Internet or the human social graph — it is usually infeasible to observe the state of all nodes in a network. We show that it is fundamentally possible to estimate the location of the source from measurements collected by sparsely-placed observers. We present a strategy that is optimal for arbitrary trees, achieving maximum probability of correct localization.

Following a common model in nature and science, with a nod to epidemiology as I suggested in my presentation, the authors propose an algorithm for using a highly reduced set of nodes in order to calculate source. In other words we don’t need to wait for data from every single end-point (100% infection) to find the source of an attack.

Here is the slide from my presentation at RSA Conference USA 2012 “Message in a Bottle: Finding Hope in a Sea of Security Breach Data”

As I explained at RSA we can easily leverage the insight of Dr. John Snow’s map-based spatial analysis and algorithm (voronoi diagram) to find the source of attackers.

Measuring relationships (and the lack of relationships) creates clarity in finding sources. Steven Johnson, author of The Ghost Map, tells a colorful story of how it happened in the 1843 epidemic.

Back to the map itself and some fun math, Plus Magazine offers the following explanation of how a Voronoi Diagram/Thiessen Polygon can be used find influence of a specific point.

[Dr. Snow’s] next ingenious step was to represent the time it took to travel to the Broad Street pump on his map and to calculate who was most likely to use each water pump in the area. Snow drew a curve on the map that marked the points where the Broad Street pump was at equal walking distance from neighbouring water pumps. If you live inside this curve the Broad Street pump is your nearest source of water. Almost all the deaths marked on the map lay inside this curve and anecdotal evidence explained the few cases that did not.

Michael Friendly offers this animated version of the map, which ends with the bright blue lines of a Voroni Diagram.

Of course Snow’s work is a major and well-known influence in all areas of science. However, in my extensive research from 2008-2011 on breach data and source location, I did not find any prior presentation or publication that suggested using Snow’s approach to solve attack source location in network security. That was exactly my point in presenting it in early 2012 and trying to draw attention in the RSA audience to solutions we can build based on a study of risk characteristics, causes and influences (epidemiology).

For comparison, here is a figure from the CLEP paper that was just released, which shows an estimated attack source location based on nearby yet “sparse” observations:

You could read that map as red for the water pump and green for each person infected by contaminated water. They say they are focused on “inferring the original source of diffusion, given the infection data gathered at some of the nodes in the network”. That sounds like Dr. Snow.

Moreover, their paper actually references a modern cholera outbreak to illustrate their theory; a figure in the paper is of “infected nodes” among “associated water reservoirs” almost exactly like the methods pioneered by Dr. Snow.

With all the obvious similarities, however, they make no mention of my RSA presentation regarding investigation of security breaches and even more shocking is an absence of any reference to the legacy of Dr. Snow.

Please note I will give an updated version of my presentation at the end of this month at RSA China 2012. Here’s a highly abridged version of my presentation produced by the RSA Conference last February: