technology

The Agony and Ecstacy of Mike Daisey

1
1 year ago
by zenith in

I was one of those people who were affected by This American Life Episode #454, Mike Daisey and the Apple Factory, adapted from his show, “The Agony and Ecstacy of Steve Jobs.” It was enough that it gave me mild pause over acquiring the new iPad3. If the device is made in slave-labor-like conditions, regardless what Apple says, do I really want to get one?

It turns out most of the report was fabricated. Listening to the Retraction this morning was heart wrenching. It’s always been clear This American Life holds itself to the highest journalistic standards. It’s one of the few places to go for interesting and non-biased stories across the spectrum. So when they ran Mike Daisey’s piece, they gave it a vetting but they gave him the benefit of the doubt. And he lied.

When Ira Glass calls Daisey out on his lies, the dead airspace tells more than ten thousand words of excuses.

Is it okay to tell a lie to get at a greater truth? No. It’s not. Daisey tarnished the reputation of TAL for his own greed and his own ego. He’s set back worker rights movements in China. He has set ground to dismiss all sorts of worker abuse stories — because, if this one was fabricated, all others must be, too. It’s unclear if there are any abuses at FOXCONN or, if there are, what Apple’s role in correcting them should be. It’s become a horrific muddle.

Ink spilled all weekend on this topic, so there are people better than I to pontificate on what fabricating journalism and passing it off as fact means. It’s all a massive disappointment. One thing for certain: some reputations have been destroyed and others severely tarnished for one big display of hubris.

(I’d like to several Atlantic pieces on this but the Atlantic seems to be down.)

CMS Updates and Adds

0
1 year ago
by zenith in ,

I added ~15 pages to the Nephilim FATE Conversion CMS on the site.  Most of these are cut and paste jobs although some are cut-and-paste-2-or-more-together jobs.  I’m pondering one of those fancy edit-right-in-the-page buttons for when I come through and clean things up.  All the links in the main index page and in the table of contents included on every page should be good.

What the system desperately needs is examples so duly noted I will need to add examples.  I also need to move major arcana and game seeds out of the blog stream and into the right place.  

WordPress isn’t really a great tool for this but it’s what I have.  Ultimately something like Drupal is better for a blog+CMS build out but I didn’t want to migrate all my crap into Drupal due to complete laziness.  I may be forced to over time.  

So!  If you ever want to publish a ton of gaming materials on your site for people to pick through and download AND you want to have a front page blog AND you’re cheap and wish to spend no money AND you are starting from scratch, Drupal is your best choice.

WordPress CMS Additions

0
1 year ago
by zenith in

I fell over last night so no long lists of Alchemical Formulae to round out Alchemy until tomorrow. This is a quick purely technology post.

I looked at adding a Wiki to the site to support static pages and then I looked at the WordPress CMS (content management system) add-ons. The WordPress CMS add-ons only make WP about half a CMS but, on the face of it, it’s an okay fit for me. My matrix of these systems is:

1. Single user site — blog + plugins.
2. Multi-user, no-external user editing site — CMS + plugins. Drupal is a great choice here.
3. Crown-sourcing site — Wiki.

Since I’m a single user, single author site where I want to host a big number of static pages with comments, themes, table of contents, etc. I decided to forgo the wiki and customize my site to the hilt with WP plugins. This is frought with peril because most of the mid-tier WP plugins are garbage. Sorting the garbage plugins from the good-but-not-a-good-fit plugins from “works!” is an investment. I ended up with:

- CMS Tree Page View

This plugin allows me to build my static pages as a tree from roots down to child pages. It supports arbitrary order and a drag-and-drop interface. Highly useful for organizing a large number of static pages into individual sites within a main site.

- Custom sidebars

My favorite find so far. Allows a site owner to design several sidebars for different portions of the site. A blog has blog sidebars (categories, archives, tags), a static section has a table of contents, another static section has a different set of links, etc. The sidebars are named, seperately configured, and added in the post. Super nice.

- Exclude Pages from Navigation

WordPress wants to add all pages to drop down menus. It wants to add child menus to child menus. This looks messy, especially if the site has custom sidebars with embedded navigation. This adds a checkbox to exclude pages from navigation.

- Search Everything

Forces WordPress to index all the static pages for search engines and the search box on the site. Normally it only indexes blog posts.

- Widget Entries

Very useful for custom sidebars. It provides a place to organize, edit, and create custom text widgets with a full page editor instead of the teeny editor provided in the add widget screen.

I would love to have breadcrumb navigation added to static pages, too, but so far all the breadcrumb plugins require hacking up theme templates and I’m not certain I want to do that.

So that’s where I am with being able to put up full game conversions on my site — among other things.  I might reach a point where I need to convert to Drupal but… not quite yet.

Wikis and PDFs

0
1 year ago
by zenith in

I am getting near to the end of my conversion and I will go back to posting normal stuff with the occasionally interesting Nephilim RPG seed on my blog, probably to the relief of most everyone.  I’ve been thinking about what to do with the conversion that all two of you are reading and decided to a four step process — so complex it is almost a flowchart:

1. Collect the posts and populate a wiki.  Add lots of other “game”  information to the wiki, like a huge list of summonings and descriptions of the Major Arcana and Secret Societies and game seeds and that stuff.

2. Bang around with the conversion for a while in a playtest setting.

3. Occasionally scrape some of the cooler stuff and post it on the front page on Mr. Blog.

4. Once happy with conversion, produce a PDF for download linked too off my blog.

I am on step 0.5a: dither about technology.

I spent the entire week looking for a good way to put together a WP + Wiki combination with the WP as the root and the wiki as pages of the site. The best I can find is to set up an independent Wiki build in a /wiki directory under root and theme the wiki to look as close to the CSS running on the blog as possible.

I did look at the WP/Wiki embedded solutions and only found two that came near to working: WP-Wiki and WordPress Wiki.  They were both underpowered, slow, and had a difficult time linking across pages with wiki tags.  Neither were more powerful than writing flat pages and hand-crafting the URLs.  Neither provided much in a way of good Wiki functionality.  Wordpress Wiki might be better with the paid-for version, but why would I shell out $35 when the internet is littered with Wiki software?

Bluehost offers me four possibilities of wiki software:

  • MediaWiki, the Great Standard
  • PmWiki
  • DokuWiki
  • WikkaWiki

I have a comparison chart of the different systems generated over here on wiki matrix.  It sort of feels like a push between DokuWiki and MediaWiki.  The biggest difference seems to be that DokuWiki uses file storage and MediaWiki uses the database.  My gut tells me I should simply use the ANSI Standard and not fret even though it isn’t mobile friendly, but MediaWiki has terrible support for commenting systems.  (Although this may cure my issues.) On the other hand, DokuWiki only has simple tables.  Decisions, decisions.

If my aim was to give a full encyclopedia fronted by a blog, it might be worth migrating to a full-blown CMS like, yah, Drupal, but that’s more power than I really need.  I need a blog, I need an easy way to generate static content, I need comments on the static content, and that’s about it.  The WP wiki plugins are terrible and the static page authoring tools are too wimpy, so I need a wiki that works but I don’t need a huge moving van.

I do wish the WP Wiki plugins were more usable because they would have my life much simpler.  I was stunningly unimpressed.  Sure, I got my themes, but they worked spectacularly poorly with WP-Wiki surprisingly better than the WordPress Wiki plugin.  The WordPress Wiki plugin didn’t seem to do wikilinks at all and the WP-Wiki didn’t know how to build subdirectories.  I may give them another shot, though, before I bite the bullet and stand up a second system.

So that’s where I’m going with this.  I’ll have a report once it is up and running.

RPGs as Data Driven Apps

0
2 years ago
by zenith in ,

I meant to work on this post earlier this week but my week got real busy and I lost my time to write up posts.

I spent some time thinking about how pen-and-paper RPGs are best represented in an electronic medium. I don’t mean writing a full game like Neverwinter Nights; I mean representing the actual experience of the books, rules and dice in an app format. I realized that RPGs are by their very nature data driven: the character sheet, the rule set, the world setting, and the information that goes with it. Because everything is created whole-cloth — even those settings based on established properties — the game must be communicated with information for it to go. This is different than a card game or a board game which require a very small amount of fixed information (what’s on a card, say, or a die roll moves you 5 spaces, or you need to play this token) and a large set of rules. An RPG requires a large amount of information and an arguable amount of rules.

The devil is in the details with the amount and control of the information surrounding an RPG. This lies at the heart of many rules and design-based conflicts: how much information is needed for a person to interact with the world, how is the information manipulated to model the world, and how is this information communicated and stored. In the past, games often required a HIGH amount of information to interact with a HIGH number of system rules to determine a HIGHLY DETAILED piece of data after running the system — a simulationist system. Today, we have a huge number of styles from a low data with small ruleset games (like Fiasco) to moderate sized amount of data/character and data/world with moderate sized rule sets (like FATE or Cortex) to high information games with high detail (like D&D4).

This is all run on data. The nice thing about data is that data is about all a computer understands. It can hold data, process rulesets on data, and present data-driven results at the end of processing. So for example we have a large piece of data model in a character sheet. A character sheet possess stats in some form (d8 Wits, 18 Strength, 3 dots in Hawt, etc). The world may also possess similar unified stats — an NPC, a known test, a quantified piece of the world. Passing the world stats and the character stats through a known resolution engine generates a known result, which may also be stored and used to modify other data.

This is all basic game writing 101 and absolutely nothing new, but it’s important to lay out the basics before figuring out how to make it go. A character sheet is simply a line from a data model that has a paper-based persistence model representing a shared contract between player and game world. What becomes more interesting is in building up databases of world information. Pulling up, for example, cult information for Trail of Cthulhu with lists of cults (pick one) and integrated NPC and evil book lists, perhaps be able to cross-reference this with information either found online (automatically populate a database with reference information that auto-loads inline) and information in published material. Work against perhaps web services of a master repository that hosts a bigger centralized database and… but this is starting to get off the device and into web servers and databases and LAMP stacks and generally wandering off the reservation. But this is the idea — RPGs are data driven applications and more data makes them better.

This is where my mind is starting to go for RPG-based apps. There’s more to it than that, though:

* Core Data for storage, persistence, data modelling and all the CRUD facilities (create, read, update, delete).
* Cocos2D engine for dice rolling, card playing, and visual representations of game mechanics.
* WebKit for integrating web resources and maybe a shared repository
* Quartz for drawing really nice character sheets, game sheets, NPC sheets, and to generate PDFs on the fly.
* UIKit with Cocos2D for front end data management screens.
* Network stack for cross-communication between devices, communication with back end web services.

I think it would be nice to be able to have a database of NPCs whose sheets render nicely on the screen and then with a click be able to summon up world information around the NPC — their horrible organization, say, or, GOD FORBID, a RELATIONSHIP MAP… Computers are really good at knitting all this data together into a palm of the hand player, GM and gaming community set of tools. It’s what they do.

These are where my thoughts are sort of going for apps, but I also have lots of thought about an iFiasco app too which hasn’t been fleshed out yet.

And Man… iPad based Smallville Relationship Maps with integrated character sheets. Just…. damn. Can it be done? OF COURSE.

iPad Game Programming

0
2 years ago
by zenith in

Friday I had a spirited conversation about what sort of widgets and toys I need to really make game-based iPad apps. I came up with a list that looked like:

  • Handle Playing Cards (backs, fronts, turn, flip over, etc.)
  • Handle Game Tokens (rotate, pass around with a gesture, etc)
  • Handle Dice (roll dice, move dice around, support pools)
  • Handle Game Play Surface (game boards, playing surface)

I sort of skuttled around the Internet for a while and found Cocos2D. I downloaded it, installed the Xcode 4 templates, built the library, and worked through the first two tutorials (of about 20). I have to say, other than my brain tried to fold itself into unnatural corners of space time trying to remember basic geometry* from High School — which I just blanked on — I was stunningly impressed with the library. If you’re following along with what I am doing, I encourage you to go look at the library and start thinking about the possibilities. Will it work for rendering screens for card games and board games and dice based games? As soon as I figure out how to get dice to roll without having to use Cocos3D (although I may have to) then yes, I can build up a library for making interactive games on the iPad.

Current plan is with my new knowledge of Cocoa Programming and the way it handles stuff is to expand into mastery of Cocos2D, persistence libraries (for saving game state), networking, and some Core Data for something I’ll talk about at length tomorrow — I had some deep thoughts over the weekend for how a certain kind of app should work and I’ll delve into it.

Meanwhile, as sort of a joke, I was trying to come up with a name for an LLC since these apps need a name of a company. In my throbbing brainmeats, the current forerunner is Naked Llama Games, LLC after my friend the poor, shaved llama who gave up its downy undercoat to be blended with cotton to make a sublime wool for those who really want to make very expensive hats. Sadly, my copy of Adobe Illustrator is insisting my license is no good despite having the CDs and the license, so for a logo I will have to use Inkscape. Not that there’s a single thing wrong with Inkscape.


* I am going to need to pick up some sort of geometry refresher. Perhaps wikipedia can help me out here.

iPad App Ideas!

3
2 years ago
by zenith in ,

Having finished reading Cocoa Programming by Daniel Steinberg and worked through all 27 (!) chapters with the hands-on projects, and now starting to delve heavily into specific topics (UIKit, CoreGraphics, Core Data and the network tools) I feel I have officially leveled up and gained a new feat: ability to craft small applications and possibly, eventually, try to get them through the Apple Doom Process.

I am looking for your ideas! I have some small ideas in mind but, after talking with many people, I know other people have other ideas about apps they would like to see! Now, the first few apps will be small, and free, so I am thinking things that I can wrap my arms around and come up with a plan and get done. Understand the first few apps will be a bit slow getting out the gate while I learn process.

How does one leave me an idea to discuss turning it into an actual piece of code?

1. Leave a comment on my blog.
2. Leave a comment on the blog on Livejournal.
3. Leave a comment for me on facebook.
4. Send me a direct message on twitter. (Name: multiplexer)
5. Email me at edresner@gmail.com.
6. Track me down in person. (GASP)

I will go back and forth about graphics and layout and user interaction — the stuff I don’t very well — and attempt to turn it into a real thing that runs — the stuff I do do well.

So! If you have something in mind or something you are envisioning, this is a head’s up that you should talk to me about your idea and I’ll try to figure out how hard it is and work to get it done!

And again, the first few are free to counterbalance my fumbling around a bit.

The Beauty of Objective-C?

0
2 years ago
by zenith in

This is a tech blurble.  If you’re not interested in tech blurbles, you can skip this one.  Sometimes it reaches peak blurble and it flows out over my blog and then the tide recedes for a while.

I really love Ruby.  Something about Ruby does it for me. I’m not clear what it is — the readability, the list comprehensions and lamda functions, the easy way to get things done, the Japanese language syntax to a long line of calls, the ability to shove an entire program into one super long line of code*, or what it is about it. I just enjoy programming in Ruby. It doesn’t fight me. It generally does what I want it to do. Plus yield! Oh yield, you crazy functional programming primitive you. Occasionally, in my Python code, I will write something in Ruby syntax (because it’s completely possible) and leave a comment like:


# Ruby-style list comprehensions FTW yo!

It’s childish.  But that’s what code comments are for — childish things.

My second favorite language is Python. It has the all powerful master of the universe ctypes class that makes it such THE tool for manipulating operating systems. All the power of C, none of the hassle of C! It goes best with Advanced Programming in the Unix Environment.  The two are like a fine peanut butter and jelly sandwich.

Toss in C and some assembler and I have a full toolkit to really cause some damage and occasionally write some code.

I have been filling my head with Objective-C for the last two weeks and working through Cocoa Programming from Pragmatic Bookshelf** to learn the beast. In general, I would call this a success, as given 10 minutes I can write a small program now, but I find the language clunky and cludgy the exact same way I find Java clunky and cludgy. I can’t tell if it’s just me. It might just be me.  I feel a bit like I have been driving a nice reliable sedan for a while in Python shape or Ruby shape (depending) and suddenly I’m in a Ford Pinto and any moment it can catch on fire. Essentially, it’s C mashed together with Smalltalk using wacky Simula bracket syntax and mixed up with a huge number of toolkits (legacy and not) to turn this mess into this big development platform for mobile. The wikipedia page does have a decent overview of the programming primitives for the wary.

It’s not so much that it’s like Simula. What is bothering me is the sheer amount of accounting. One needs to remember if the call is a class method or an instance method and call appropriately, remember argument names, mess with properties, set the memory model correctly for all said properties which may be different depending on the nature of the class (mutable, not mutable, copying, etc), remember to manage memory in dealloc() when the class is disposed, create models where the class is properly created and hangs around, manage different forms of class instantiation and other bookkeeping that gets between one and actually doing work. I am vaguely reminded why Java turned me off so badly — but worse.  Toss in that the book I am reading is married to beautiful code — can we eliminate ALL LOOPS and DECISIONS in this application to make it SUPER COMPACT? — and it’s headachy.

From my standpoint, there’s some major pros — one can theoretically consume C-based libraries and packages and even just give up and write the guts code in C — and some cons — getting used to the weird syntax, and having to do all this paperpushing to bring up an application — to working this way. Deep down it just feels slow.

I have this feeling people are going to get tired of working this way and do what they did with Java: make Java implement any other language, please any other language, on the JVM, then Java.  Just make the bad and hurting go away.  Python => JPython.  Ruby => JRuby.  Hell, one can do Grails stack on the JVM with groovy which pretends to be Java with Spring but is more a Ruby on Rails stack then anything else.  Clojure, last week’s toy of the week, is LISP — dear God, LISP!!!!! — implemented on the JVM!  LISP!  Did I mention LISP?

Meanwhile, I am merely whining about the incomprehensibility of Objective-C.  I am getting enough of the hang of it to read through stackoverflow articles which pushes me out of newbie and firmly into “can cause mayhem.”   And then past the language barriers, mastery of the data structures (NSDictionary, NSArray, etc).  And then — the world!

(I found an article on how to do list comprehensions on the NSArray class in Objc-C here.  It is possible.  Thank you magic Internet.)


* Which, arguably, I can do in C.
** I will post an in-depth review.

The Grognard Faces Down XCode

0
2 years ago
by zenith in

My favorite term these days is grognard. I am misusing it terribly, no doubt. But I like this word. It’s evocative. It’s more polite than neckbeard, but only slightly; grognard has a gutteral sound in the back of the throat that makes it a bit more worldly-sounding.

This leads into a technical discussion of sorts. I am trying to learn iPad programming (I will no doubt talk about it at length as I puzzle it out and get things working) and this means moving out of my rather enormous comfort zone and into somewhere new. I’m a UNIX grognard. I haven’t written any Linux kernel mode drivers* but if something needs to be done on Linux or a UNIX variant I’ve probably done it, boostrapped it, duct taped it, or otherwise shouted at it really super loudly.

When I cracked out the books I let loose a mocking laugh for lo, everything started with “NS” for “NeXTStep” and we all know where we are with NeXT. Yeah we know where we are — lost. I work in a text-mode universe** and all the sudden I had… tools… that generate… code… and do… things. And it all mocks me from its NeXTStep past!

I downloaded Xcode 4 and got it all set up and running and was instantly lost in a maze of twisty passages all alike. Swearing happened. So did the throwing of the book. Here I am in a very familiar universe of gcc and gdb and Unix-mode tools and a completely weird world of clicking and dragging and things that refactor code by somewhat magic and, uh, stuff.

I don’t… do… stuff.

I was weirded out.

Two days — two full days for someone who cut C on a mainframe — before popping up a window, creating some controls, generating a class, and having it display “Hello World.” Look! Something approximating success!

It’s kind of funny how things that are old are new again. NeXT. Smalltalk in its cunning disguise as “Objective-C.” Low-level C hacking. Hand-coding memory management. GCC tricks. Trying to fit a ton of code in a very small place. It is all wrapped in a little tiny happy graphical shell.

I have reached grognard.  And I have faced down XCode.  And I am fairly certain it has won.


* Yet.

** I am occasionally okay with Eclipse but even when working in Java I find it annoys me enough to go back to the text mode universe. The only non-nano/vim universe I have ever liked is TextMate for MacOSX. I am, in fact, writing this post in gedit on Ubuntu which is a half step above “putting HEX into memory.”

The Route to Nirvana

0
2 years ago
by zenith in

I don’t believe this has to be said but I have discovered that it has to be said:

If you are hosting a huge party for a whole bunch of random people, you should have your DJs mix up 80s pop music, preferably 80s top 40. Sure, playing the newest techno and trance out of Ibiza is hot and edgy and cyberpunky, and I openly admit I own some of said newest techno and trance from the clubs in Ibiza, but no one is going to dance. What is the point of having a dance floor when no one is going to dance to the throbbing techno? Geeks don’t pack Ecstasy and they don’t flop around to Gabriel and Dresden, but I guarantee they know the words to Bon Jovi songs. Everyone who owns Rock Band knows the words to Bon Jovi songs!

This is the Route to Nirvana. Even off Nevermind.

Come on, guys. This is the secret to the success of Glee. The hits of the 80s. And Queen. Some Bowie. It should be obvious.

I just had to get that off my chest. I thought it was clear to all and sundry but apparently it needs to be said.

RSA Conference

0
2 years ago
by zenith in

Hey all –

This is a Public Service Announcement that I am attending the RSA Conference out in San Francisco, CA from February 14th-18th and coming home the 19th. If you want to meet up because you a) haven’t seen me in 10+ years or b) you are curious what I actually look like, let me know and I can make arrangements!

On Wikileaks

0
2 years ago
by zenith in ,

I am torn on the latest dump from Wikileaks. On the one hand, the United States needs to be able to conduct its dealings on a world stage with the security standbys of “integrity, confidentiality and availability.” Diplomats need to be able to prove they are who they are, have confidential communications with other parties, and do so securely. This is basic security: they need to be able to have the dealings they need to have, no matter the content, without fear of unauthorized prying eyes. Otherwise, it is very difficult for people who have to have sensitive conversations as a routine part of their job to have these sensitive conversations. A government needs to work behind closed doors from time to time to function properly.

On the other hand, this is the same United States government that wants to read my email and see me naked if I want to fly to Detroit. I want to have sensitive conversations too.* I want to not have the government peer at my daughter’s body “for her own good.” I find my sympathy a bit limited. When I see heads of state complaining of feeling their privacy has been violated, I want to give them a Club Membership and a Beanie. It has a propeller. Welcome to the Club: it’s nice of over here.

We live in a data-centric world and, if data wants anything, it wants to be free. It’s like pollution: pour a little into a stream and the whole fish stock is contaminated. We generate so much data even on a daily basis as individual human beings that simply attempting to analyze it all or even record it is currently prohibitive.** Data is just noise, for the most part; a denial of service attack on our higher brain functions. To do anything with data, it has to be correlated and sifted and sorted. To get the right data across the right functions, the data has to be, above everything else, shared.

This is where the government is way behind the curve. Most of the three-letter agencies have been working in absolute silence for their entire existence. But now, data has to be shared to make any sense of it. There’s just too much data coming from too many points and it all needs to make sense. And going from a full confidentiality environement to one with availability of data is actually and honestly a hard problem. Data is going to get everywhere. It is going to leak. It is going to pour out the cracks. This is what data does.

Hard problems are hard.

The DoD immediately banned USB drives***. Lots of people started screaming and yelling about espionage or treason****. There’s a few hair shirts. From what I have seen — and I admit I haven’t sat down to read the cables, only the NYT summaries of the cables — there’s nothing really amazing or breathtaking in there. The Chinese Government attacked Google. People think Iran getting the Bomb is Bad. I have seen people yelling with hands clutched over their chests that it will end transparency in government — although this is staggeringly unlikely. The government is not particularly transparent to begin with; that’s the entire point.

So ANYWAY, To Sum Up, My feelings in Exciting Bullet Point Form:

* When journalists get juicy information they publish it. Where they get it doesn’t matter. As long as it’s verifiable, it gets published. That’s what journalists do. Or at least they did once upon a time. And not all foreign journalists are super nice to the People In Power.

* … and this is healthy, because Democratic Governments really and truly need an adversarial press to keep it honest. This is why we have enshrined the freedom of speech and the freedom of the press as some of our highest cultural ideals. The government needs to be exposed and of course a government will do anything they can to repress information that got out of their control. That is what governments do. These sort of things are good for governments. It’s like getting a flu shot. Sure, yeah, we’ll have a few months of retrenching but it might make some people think. It is the job of the people to keep their elected officials plausibly honest and it is the job of journalists to pour data into the heads of the people.

* And it is not like foreign countries are going to stop hosting systems with Wiki software. In fact, it’s kinda fun! Except for the DDOS parts; those are a little annoying.

* Meanwhile, the Federal Government is learning what lots of us in industry have learned: defending data while still making it usable and useful and safe is really freaking hard.***** What do I always say? Security is hard and encryption is slow. Yes, I absolutely believe that people who need AIC should get AIC while sharing data between two parties. Yes, I feel the State Department should be able to work in a confidential atmosphere. Yes, I feel this is important for the security of the United States. But see points A, B and C, above.

* There’s a balance to be struck between what the governments can do and what the people know. We need to rediscover that balance.

* Ta-da! Behold what the Slashdot crowd and security crowd has been yelling about for years: privacy is important. And not just for people in the public sector. For everyone. FBI back doors into ISPs and unauthorized wiretapping and tracking cookies and naked scanners and you name it. Privacy is important. It is. It really is.


* Sure, I can. I know how. It’s not that difficult but it is time consuming and nonstandard and key sharing/rotation is annoying.

** Although, dear God, who knows for how long. I can run a MySQL DB on my laptop and mine hundreds of gigs of data. I can buy a T from Best Buy. A T! And I made a fool out of myself in graduate school asking: “Why would you ever need a T of space?” Why indeed.

*** Yeah. Well, good luck with that. Physical security of teeny devices that can look like bananas or coke cans is a bit challenging. I hear the TSA has some new machines to search people for plastics, I guess. I would fill all the USB ports with rubber cement but I know that’s really not workable because it blows up service contracts.

**** Not sure how treason works with a foreign citizen living in a foreign country but whatever. We don’t let details get in the way of a good soundbyte.

***** I know this initiative has been going on for a while now, actually.

On the TSA

1
2 years ago
by zenith in ,

Security conferences are a little microcosms of the security industry mindset.  Everyone herds excitedly to the talks with the new, big, lurid hacks because offense is super sexy.  We all ooh and aah as someone with a Powerpoint deck demonstrates some explosive breach of known security.  Then the talk is over and immediately we’re herded to the vendor aisle where the vendors shlep an array of expensive pieces of hardware.  Seen the attack?  Now here’s the countermeasure!  It will only cost you $100,000 and several hundred man-hours to get up and working but you don’t want to be subject to that attack you just saw, did you?  The CTOs and CEOs, many with MBAs instead of engineering degrees, shake hands, watch demonstrations, take cards, promise to make calls because this hoopy new equipment will stop that very scary new attack because wow was that scary.  They have room in their budgets, they promise.

As a security professional, my brain isn’t wired right.  I love hot new attacks.  I find them fascinating.  I read about them obsessively. I should be working but no, I’m reading some new way to take out a database with a well crafted command.   But I’m also an engineer and I know that an offensive demonstration sells expensive, and somewhat dubious, defense hardware and defense is big business.  Yeah, you need a big heap of hardware these days to run a secure network, I’m not claiming you don’t, but I also know that the sexy new attack may also be mitigated, not with another $100,000 expenditure, but with a few hours of expert code review.  I have a dollop of doubt gleaned from many years of experience.

But that doesn’t stop the anxious CTO or CEO who has a mandate and, instead of doing threat modeling and risk analysis, wants to fix the problem quick with a new piece of hardware because wow that Powerpoint deck was pretty scary.  Everyone get to work!  Plug this in!  Make system changes!  So it goes.  It keeps us all employed.

Terrorism is a physical security problem that cannot be stopped at the gates of an airport.  If a terrorist has reached an airport, the terrorist has breached many layers of other security — real security and law enforcement.  It is far too late.  The system has failed.  At that point, only three things mitigate the attack: reinforced doors on airplanes, passengers who will not be cowed, and people who blow themselves up are generally not the sharpest tack in the pile.*  That’s it and those goals have been achieved.  Past that, putting money into police and emergency response would be useful.  It’s a crime and like any crime it’s essentially random; it’s an externality whose real risk probability is low.  If you have 300 million fliers and 1 terrorist, then you deal with the problem when it happens because searching for the real risk at the point of entry is futile.**

Logic and good engineering dictates we model for high probability risks when securing our systems and work to mitigate those risks. However, the Powerpoint deck for global terrorism offensive attacks is super hot: it shows buildings blown up and dead people in the streets and bodies and planes crashing into buildings.  It’s damn scary.  Worse, it makes the stakeholders unelectable if such a thing comes to pass.  Non-engineers sitting in elected or appointed office look at those Powerpoint decks and Get the Fear. They then walk out down the aisles of vendors afterward and they say: “I will take one of everything.”

The TSA is not a security organization.  They don’t serve any real security purpose.  Other people in other government organizations deal with the real work.  No way can people hired from ads off the back of pizza boxes and given 40 hours of web-based instruction know what to do if they encountered an actual terrorist.  That’s absolutely absurd.  The threat model shows the probability of an actual terrorist in an airport line instead of, say, just mailing the bomb, is infinitesimally low. It’s an acceptable risk to put non-security personnel in security positions.  It makes for a great government work project in a recession.    And wouldn’t a terrorist with an actual live bomb just blow himself up in one of those backscatter machines?

The TSA does serve a very important purpose to the Federal Government: Marketing.  They market security.  They have SIGNS.  And UNIFORMS.  They give people Very Meaningful Looks.  They stand around in airports with big machines that go bloop like great big advertisements full of warm fuzzy safety.  They market for elected leaders who want to show they are keeping us all safe.  They’re like the election time TV advertisements except with groping.  Go through the bloop machine!  Don’t you feel safer now?

Take off shoes, take off jackets, throw out liquids, get pat downs, go through scanners — none of it serves any actual purpose except to sell to a jittery public who feasts on capitalist marketing a feeling of security because real security is hard and doesn’t always succeed.  That’s the hard truth the public will not accept: we are unable to defend against all risks.  It’s not physically possible. But the Government will give you a pleasant illusion.  To sell warm fuzzy non-offensive security when faced with a real (if lame) attempt, the TSA must buy more machines that go bloop because someone in a suit watched a very scary Powerpoint deck indeed and some smiling vendor was standing with their card right outside the demonstration.  If they don’t install the machines that go bloop, what do they do?

Funny thing, the Government, under money pressures, now has to provide a strategic, risk-based assessment of their security countermeasures starting Real Soon Now.  The machines that go bloop and the new security measures must be in place before the risk-based models go in.  The TSA has not turned in any risk assessments of the new machines to the GAO to justify the purchases and they won’t because the risk of finding someone real with their current operation is so tiny and the risk of something going wrong with the machines is so much greater that the purchase can’t be justified.  But they don’t need risk assessments because, at the core, the mission isn’t security.

My stance on the TSA is well known.  I don’t like such obvious wastes of money, and I especially don’t like it with machines that go bloop and may or may not cause skin carcinoma.  Nate Silver has an interesting article on the hidden costs of extra airport security.  But next time you go through security, you should ask for a Coke with your grope — at least with a Coke, you get a Coke!

I have more stuff, about how security has a customer service and customer expectations model to it, about how the TSA needs to think of itself as a customer service organization first, about how the entire organization has to be rethunk, but this post has gone on long enough. The TSA is here to stay.  They provide too much CYA to lawmakers to ever disband.  But to save us all money, they should just pull the plugs on the machines and send us all through.  It will help with global warming, at least.  If they unplugged the machines, would you ever be able to tell?

Here’s the recruitment pizza box. You can find it a bunch of places.

Threat Level’s discusson on TSA training.  40 hours of web based instruction and 60 hours on the job!

Here’s the GAO report I cite.  I cannot find if their position has changed but as far as I can tell, no risk management study has been completed.


* If you think strapping a bomb to your nads is smart then I have some equipment I can sell you!

** The argument here is “but the attack is huge.”  Yes, that’s possible, but the point stands: if the terrorist gets on the plane there are bigger problems with the system.

A required iPad app

1
2 years ago
by zenith in

A quick interlude:

If you have an iPad, you will want to go to the store and download the new, free TED talk app. It’s an interface to the TED website ( www.ted.com ) but much more comfortable to view. TED talks are about really cool things given by really cool people. Want to learn something cool about science or tech or art in 20 minutes? Watch a TED talk.

My only complaint is the lack of a good search engine to find talks. Hopefully they’ll take feedback – it’s a common complaint – and get one into the app soon.

It shows off your iPad and it’s free. If you have an iPad, you should have the TED app.

Awesome Guitar Software is Awesome

0
2 years ago
by zenith in ,

I have two — two! — pieces of awesome software to showcase today for the iPad. Perhaps you thought the iPad was only good for watching Netflix streaming but now it is made of rock.

TabToolKit by Agile Partners

At first blush you may be all “buh?” But let me tell you the greatness of TabToolKit.

If you’ve played guitar for years… and years… and years… and years… you occasionally open up an old book or an old bag and there, lurking within, is a badly scratched out downloaded from an ASCII document from some repository tab of some guitar song or other you really wanted to learn but all you had was this tab that sort of told you where to put your fingers and not a hell of alot else. You struggled for a while and then gave up. TabToolKit:

1. Organizes your tabs. If anything else, it means no more printing them out, folding them up, or ripping them while trying to play awkwardly on the couch.
2. Displays them in a neat and easy way for practice — especially on an iPad with an easel stand.
3. Uses Guitar Pro tabs which have all the parts to a song, the sheet music, and the tabs so the music-saavy can actually look at notes and go “oh, that is way less difficult than I thought.”
4. Has metronomes, speed up, slow down, looping and repeat features for working on a particular practice.
5. Count in and play at any point in the song.
6. Drop voices in and out.
7. For those wondering how to play said power chords, it highlights where to hold the strings down on the fretboard.
8. And Guitar Pro tabs are extremely plentiful for free.

I love this piece of software. I absolutely love it. I recommend TabToolKit to anyone with a guitar — a beginner, someone looking to improve, someone wanting to carry their collection of tabs around conveniently, anyone. It is squee in a can. It’s iPhone/iPod/iPad — the iPad version is a native, full screen version.

Amplitube for iPad by IK Multimedia

I love the original Amplitube but getting my guitar jacked into my Macbook Pro was always a huge hassle — converter boxes that never worked, feedback noise, weird issues. I ended up with an actual guitar-to-usb cable that lost sound and had high latency but at least worked. Despite this, Amplitube is such a marvelous piece of software it justifies buying a Mac (a Windows version is now available) to complement one’s electric guitar. Who wouldn’t go through the trouble for all those stompboxes, amps and cabs in one place to model any sound, anywhere?

Now I have Amplitube for iPad. Sure it has far fewer stompboxes, amps and cabs then the big software load but what it has is more than enough to model up any sound for any purpose.

1. The iRig dongle works out of the packaging without any software or configuration. Plug guitar into iRig. Plug headphones into iRig. Plug iRig into iPad. Done.

2. Amplitube for iPad (iPhone, iPod) works right out of the box and comes with 12 presets, 11 stomps, 5 amps and 5 cabs for the full ($20) install of the software. The stomps and amps all have little knobs that turn by running a finger along the screen for custom settings. Settings can be saved.

3. The modeling sounds excellent. The latency is low. The feedback is non-existent.

4. Everything sounds better with the Delay pedal which does lock to a BPM. You, too, can sound like a bad Yes knock-off!

I have not played with pulling in my own track and putting effects over it on the fly but this is a supported feature.

It’s just full of squee. Instead of carrying around a Mac and a whole toolbox full of chords and gizmos to get it to work and then not able to get it out to a speaker or an amp all I need is my regular guitar cable, the iRig, headphones and/or output device and the iPad. It sounds fantastic.

For someone who just wants to sit and pick up a guitar and play, and have the guitar sound good through the headphones, this is a must-have. The iRig is $40. The software is either free (Amplitube FREE) with the option to add to it, or $20 for the full build. Everything, yes, is $80 but $80 is the cost of a single, good stompbox*.

So see? The iPad does do things other than just stream videos.

The alternative I recommend for the same price is TabToolKit and a Line6 PocketPOD, but the Amplitube has the visceral feeling of messing with gear where the PocketPOD is dialing to a setting. Not that I don’t love the POD, but I am more likely to have the iPad on me than the PocketPOD.

Go to Top