The Agony and Ecstacy of Mike Daisey

I was one of those people who were affected by This American Life Episode #454, Mike Daisey and the Apple Factory, adapted from his show, “The Agony and Ecstacy of Steve Jobs.” It was enough that it gave me mild pause over acquiring the new iPad3. If the device is made in slave-labor-like conditions, regardless what Apple says, do I really want to get one?

It turns out most of the report was fabricated. Listening to the Retraction this morning was heart wrenching. It’s always been clear This American Life holds itself to the highest journalistic standards. It’s one of the few places to go for interesting and non-biased stories across the spectrum. So when they ran Mike Daisey’s piece, they gave it a vetting but they gave him the benefit of the doubt. And he lied.

When Ira Glass calls Daisey out on his lies, the dead airspace tells more than ten thousand words of excuses.

Is it okay to tell a lie to get at a greater truth? No. It’s not. Daisey tarnished the reputation of TAL for his own greed and his own ego. He’s set back worker rights movements in China. He has set ground to dismiss all sorts of worker abuse stories — because, if this one was fabricated, all others must be, too. It’s unclear if there are any abuses at FOXCONN or, if there are, what Apple’s role in correcting them should be. It’s become a horrific muddle.

Ink spilled all weekend on this topic, so there are people better than I to pontificate on what fabricating journalism and passing it off as fact means. It’s all a massive disappointment. One thing for certain: some reputations have been destroyed and others severely tarnished for one big display of hubris.

(I’d like to several Atlantic pieces on this but the Atlantic seems to be down.)

CMS Updates and Adds

I added ~15 pages to the Nephilim FATE Conversion CMS on the site.  Most of these are cut and paste jobs although some are cut-and-paste-2-or-more-together jobs.  I’m pondering one of those fancy edit-right-in-the-page buttons for when I come through and clean things up.  All the links in the main index page and in the table of contents included on every page should be good.

What the system desperately needs is examples so duly noted I will need to add examples.  I also need to move major arcana and game seeds out of the blog stream and into the right place.  

WordPress isn’t really a great tool for this but it’s what I have.  Ultimately something like Drupal is better for a blog+CMS build out but I didn’t want to migrate all my crap into Drupal due to complete laziness.  I may be forced to over time.  

So!  If you ever want to publish a ton of gaming materials on your site for people to pick through and download AND you want to have a front page blog AND you’re cheap and wish to spend no money AND you are starting from scratch, Drupal is your best choice.

WordPress CMS Additions

I fell over last night so no long lists of Alchemical Formulae to round out Alchemy until tomorrow. This is a quick purely technology post.

I looked at adding a Wiki to the site to support static pages and then I looked at the WordPress CMS (content management system) add-ons. The WordPress CMS add-ons only make WP about half a CMS but, on the face of it, it’s an okay fit for me. My matrix of these systems is:

1. Single user site — blog + plugins.
2. Multi-user, no-external user editing site — CMS + plugins. Drupal is a great choice here.
3. Crown-sourcing site — Wiki.

Since I’m a single user, single author site where I want to host a big number of static pages with comments, themes, table of contents, etc. I decided to forgo the wiki and customize my site to the hilt with WP plugins. This is frought with peril because most of the mid-tier WP plugins are garbage. Sorting the garbage plugins from the good-but-not-a-good-fit plugins from “works!” is an investment. I ended up with:

– CMS Tree Page View

This plugin allows me to build my static pages as a tree from roots down to child pages. It supports arbitrary order and a drag-and-drop interface. Highly useful for organizing a large number of static pages into individual sites within a main site.

– Custom sidebars

My favorite find so far. Allows a site owner to design several sidebars for different portions of the site. A blog has blog sidebars (categories, archives, tags), a static section has a table of contents, another static section has a different set of links, etc. The sidebars are named, seperately configured, and added in the post. Super nice.

– Exclude Pages from Navigation

WordPress wants to add all pages to drop down menus. It wants to add child menus to child menus. This looks messy, especially if the site has custom sidebars with embedded navigation. This adds a checkbox to exclude pages from navigation.

– Search Everything

Forces WordPress to index all the static pages for search engines and the search box on the site. Normally it only indexes blog posts.

– Widget Entries

Very useful for custom sidebars. It provides a place to organize, edit, and create custom text widgets with a full page editor instead of the teeny editor provided in the add widget screen.

I would love to have breadcrumb navigation added to static pages, too, but so far all the breadcrumb plugins require hacking up theme templates and I’m not certain I want to do that.

So that’s where I am with being able to put up full game conversions on my site — among other things.  I might reach a point where I need to convert to Drupal but… not quite yet.

Wikis and PDFs

I am getting near to the end of my conversion and I will go back to posting normal stuff with the occasionally interesting Nephilim RPG seed on my blog, probably to the relief of most everyone.  I’ve been thinking about what to do with the conversion that all two of you are reading and decided to a four step process — so complex it is almost a flowchart:

1. Collect the posts and populate a wiki.  Add lots of other “game”  information to the wiki, like a huge list of summonings and descriptions of the Major Arcana and Secret Societies and game seeds and that stuff.

2. Bang around with the conversion for a while in a playtest setting.

3. Occasionally scrape some of the cooler stuff and post it on the front page on Mr. Blog.

4. Once happy with conversion, produce a PDF for download linked too off my blog.

I am on step 0.5a: dither about technology.

I spent the entire week looking for a good way to put together a WP + Wiki combination with the WP as the root and the wiki as pages of the site. The best I can find is to set up an independent Wiki build in a /wiki directory under root and theme the wiki to look as close to the CSS running on the blog as possible.

I did look at the WP/Wiki embedded solutions and only found two that came near to working: WP-Wiki and WordPress Wiki.  They were both underpowered, slow, and had a difficult time linking across pages with wiki tags.  Neither were more powerful than writing flat pages and hand-crafting the URLs.  Neither provided much in a way of good Wiki functionality.  Wordpress Wiki might be better with the paid-for version, but why would I shell out $35 when the internet is littered with Wiki software?

Bluehost offers me four possibilities of wiki software:

  • MediaWiki, the Great Standard
  • PmWiki
  • DokuWiki
  • WikkaWiki

I have a comparison chart of the different systems generated over here on wiki matrix.  It sort of feels like a push between DokuWiki and MediaWiki.  The biggest difference seems to be that DokuWiki uses file storage and MediaWiki uses the database.  My gut tells me I should simply use the ANSI Standard and not fret even though it isn’t mobile friendly, but MediaWiki has terrible support for commenting systems.  (Although this may cure my issues.) On the other hand, DokuWiki only has simple tables.  Decisions, decisions.

If my aim was to give a full encyclopedia fronted by a blog, it might be worth migrating to a full-blown CMS like, yah, Drupal, but that’s more power than I really need.  I need a blog, I need an easy way to generate static content, I need comments on the static content, and that’s about it.  The WP wiki plugins are terrible and the static page authoring tools are too wimpy, so I need a wiki that works but I don’t need a huge moving van.

I do wish the WP Wiki plugins were more usable because they would have my life much simpler.  I was stunningly unimpressed.  Sure, I got my themes, but they worked spectacularly poorly with WP-Wiki surprisingly better than the WordPress Wiki plugin.  The WordPress Wiki plugin didn’t seem to do wikilinks at all and the WP-Wiki didn’t know how to build subdirectories.  I may give them another shot, though, before I bite the bullet and stand up a second system.

So that’s where I’m going with this.  I’ll have a report once it is up and running.

RPGs as Data Driven Apps

I meant to work on this post earlier this week but my week got real busy and I lost my time to write up posts.

I spent some time thinking about how pen-and-paper RPGs are best represented in an electronic medium. I don’t mean writing a full game like Neverwinter Nights; I mean representing the actual experience of the books, rules and dice in an app format. I realized that RPGs are by their very nature data driven: the character sheet, the rule set, the world setting, and the information that goes with it. Because everything is created whole-cloth — even those settings based on established properties — the game must be communicated with information for it to go. This is different than a card game or a board game which require a very small amount of fixed information (what’s on a card, say, or a die roll moves you 5 spaces, or you need to play this token) and a large set of rules. An RPG requires a large amount of information and an arguable amount of rules.

The devil is in the details with the amount and control of the information surrounding an RPG. This lies at the heart of many rules and design-based conflicts: how much information is needed for a person to interact with the world, how is the information manipulated to model the world, and how is this information communicated and stored. In the past, games often required a HIGH amount of information to interact with a HIGH number of system rules to determine a HIGHLY DETAILED piece of data after running the system — a simulationist system. Today, we have a huge number of styles from a low data with small ruleset games (like Fiasco) to moderate sized amount of data/character and data/world with moderate sized rule sets (like FATE or Cortex) to high information games with high detail (like D&D4).

This is all run on data. The nice thing about data is that data is about all a computer understands. It can hold data, process rulesets on data, and present data-driven results at the end of processing. So for example we have a large piece of data model in a character sheet. A character sheet possess stats in some form (d8 Wits, 18 Strength, 3 dots in Hawt, etc). The world may also possess similar unified stats — an NPC, a known test, a quantified piece of the world. Passing the world stats and the character stats through a known resolution engine generates a known result, which may also be stored and used to modify other data.

This is all basic game writing 101 and absolutely nothing new, but it’s important to lay out the basics before figuring out how to make it go. A character sheet is simply a line from a data model that has a paper-based persistence model representing a shared contract between player and game world. What becomes more interesting is in building up databases of world information. Pulling up, for example, cult information for Trail of Cthulhu with lists of cults (pick one) and integrated NPC and evil book lists, perhaps be able to cross-reference this with information either found online (automatically populate a database with reference information that auto-loads inline) and information in published material. Work against perhaps web services of a master repository that hosts a bigger centralized database and… but this is starting to get off the device and into web servers and databases and LAMP stacks and generally wandering off the reservation. But this is the idea — RPGs are data driven applications and more data makes them better.

This is where my mind is starting to go for RPG-based apps. There’s more to it than that, though:

* Core Data for storage, persistence, data modelling and all the CRUD facilities (create, read, update, delete).
* Cocos2D engine for dice rolling, card playing, and visual representations of game mechanics.
* WebKit for integrating web resources and maybe a shared repository
* Quartz for drawing really nice character sheets, game sheets, NPC sheets, and to generate PDFs on the fly.
* UIKit with Cocos2D for front end data management screens.
* Network stack for cross-communication between devices, communication with back end web services.

I think it would be nice to be able to have a database of NPCs whose sheets render nicely on the screen and then with a click be able to summon up world information around the NPC — their horrible organization, say, or, GOD FORBID, a RELATIONSHIP MAP… Computers are really good at knitting all this data together into a palm of the hand player, GM and gaming community set of tools. It’s what they do.

These are where my thoughts are sort of going for apps, but I also have lots of thought about an iFiasco app too which hasn’t been fleshed out yet.

And Man… iPad based Smallville Relationship Maps with integrated character sheets. Just…. damn. Can it be done? OF COURSE.

The Grognard Faces Down XCode

My favorite term these days is grognard. I am misusing it terribly, no doubt. But I like this word. It’s evocative. It’s more polite than neckbeard, but only slightly; grognard has a gutteral sound in the back of the throat that makes it a bit more worldly-sounding.

This leads into a technical discussion of sorts. I am trying to learn iPad programming (I will no doubt talk about it at length as I puzzle it out and get things working) and this means moving out of my rather enormous comfort zone and into somewhere new. I’m a UNIX grognard. I haven’t written any Linux kernel mode drivers* but if something needs to be done on Linux or a UNIX variant I’ve probably done it, boostrapped it, duct taped it, or otherwise shouted at it really super loudly.

When I cracked out the books I let loose a mocking laugh for lo, everything started with “NS” for “NeXTStep” and we all know where we are with NeXT. Yeah we know where we are — lost. I work in a text-mode universe** and all the sudden I had… tools… that generate… code… and do… things. And it all mocks me from its NeXTStep past!

I downloaded Xcode 4 and got it all set up and running and was instantly lost in a maze of twisty passages all alike. Swearing happened. So did the throwing of the book. Here I am in a very familiar universe of gcc and gdb and Unix-mode tools and a completely weird world of clicking and dragging and things that refactor code by somewhat magic and, uh, stuff.

I don’t… do… stuff.

I was weirded out.

Two days — two full days for someone who cut C on a mainframe — before popping up a window, creating some controls, generating a class, and having it display “Hello World.” Look! Something approximating success!

It’s kind of funny how things that are old are new again. NeXT. Smalltalk in its cunning disguise as “Objective-C.” Low-level C hacking. Hand-coding memory management. GCC tricks. Trying to fit a ton of code in a very small place. It is all wrapped in a little tiny happy graphical shell.

I have reached grognard.  And I have faced down XCode.  And I am fairly certain it has won.


* Yet.

** I am occasionally okay with Eclipse but even when working in Java I find it annoys me enough to go back to the text mode universe. The only non-nano/vim universe I have ever liked is TextMate for MacOSX. I am, in fact, writing this post in gedit on Ubuntu which is a half step above “putting HEX into memory.”

On the TSA

Security conferences are a little microcosms of the security industry mindset.  Everyone herds excitedly to the talks with the new, big, lurid hacks because offense is super sexy.  We all ooh and aah as someone with a Powerpoint deck demonstrates some explosive breach of known security.  Then the talk is over and immediately we’re herded to the vendor aisle where the vendors shlep an array of expensive pieces of hardware.  Seen the attack?  Now here’s the countermeasure!  It will only cost you $100,000 and several hundred man-hours to get up and working but you don’t want to be subject to that attack you just saw, did you?  The CTOs and CEOs, many with MBAs instead of engineering degrees, shake hands, watch demonstrations, take cards, promise to make calls because this hoopy new equipment will stop that very scary new attack because wow was that scary.  They have room in their budgets, they promise.

As a security professional, my brain isn’t wired right.  I love hot new attacks.  I find them fascinating.  I read about them obsessively. I should be working but no, I’m reading some new way to take out a database with a well crafted command.   But I’m also an engineer and I know that an offensive demonstration sells expensive, and somewhat dubious, defense hardware and defense is big business.  Yeah, you need a big heap of hardware these days to run a secure network, I’m not claiming you don’t, but I also know that the sexy new attack may also be mitigated, not with another $100,000 expenditure, but with a few hours of expert code review.  I have a dollop of doubt gleaned from many years of experience.

But that doesn’t stop the anxious CTO or CEO who has a mandate and, instead of doing threat modeling and risk analysis, wants to fix the problem quick with a new piece of hardware because wow that Powerpoint deck was pretty scary.  Everyone get to work!  Plug this in!  Make system changes!  So it goes.  It keeps us all employed.

Terrorism is a physical security problem that cannot be stopped at the gates of an airport.  If a terrorist has reached an airport, the terrorist has breached many layers of other security — real security and law enforcement.  It is far too late.  The system has failed.  At that point, only three things mitigate the attack: reinforced doors on airplanes, passengers who will not be cowed, and people who blow themselves up are generally not the sharpest tack in the pile.*  That’s it and those goals have been achieved.  Past that, putting money into police and emergency response would be useful.  It’s a crime and like any crime it’s essentially random; it’s an externality whose real risk probability is low.  If you have 300 million fliers and 1 terrorist, then you deal with the problem when it happens because searching for the real risk at the point of entry is futile.**

Logic and good engineering dictates we model for high probability risks when securing our systems and work to mitigate those risks. However, the Powerpoint deck for global terrorism offensive attacks is super hot: it shows buildings blown up and dead people in the streets and bodies and planes crashing into buildings.  It’s damn scary.  Worse, it makes the stakeholders unelectable if such a thing comes to pass.  Non-engineers sitting in elected or appointed office look at those Powerpoint decks and Get the Fear. They then walk out down the aisles of vendors afterward and they say: “I will take one of everything.”

The TSA is not a security organization.  They don’t serve any real security purpose.  Other people in other government organizations deal with the real work.  No way can people hired from ads off the back of pizza boxes and given 40 hours of web-based instruction know what to do if they encountered an actual terrorist.  That’s absolutely absurd.  The threat model shows the probability of an actual terrorist in an airport line instead of, say, just mailing the bomb, is infinitesimally low. It’s an acceptable risk to put non-security personnel in security positions.  It makes for a great government work project in a recession.    And wouldn’t a terrorist with an actual live bomb just blow himself up in one of those backscatter machines?

The TSA does serve a very important purpose to the Federal Government: Marketing.  They market security.  They have SIGNS.  And UNIFORMS.  They give people Very Meaningful Looks.  They stand around in airports with big machines that go bloop like great big advertisements full of warm fuzzy safety.  They market for elected leaders who want to show they are keeping us all safe.  They’re like the election time TV advertisements except with groping.  Go through the bloop machine!  Don’t you feel safer now?

Take off shoes, take off jackets, throw out liquids, get pat downs, go through scanners — none of it serves any actual purpose except to sell to a jittery public who feasts on capitalist marketing a feeling of security because real security is hard and doesn’t always succeed.  That’s the hard truth the public will not accept: we are unable to defend against all risks.  It’s not physically possible. But the Government will give you a pleasant illusion.  To sell warm fuzzy non-offensive security when faced with a real (if lame) attempt, the TSA must buy more machines that go bloop because someone in a suit watched a very scary Powerpoint deck indeed and some smiling vendor was standing with their card right outside the demonstration.  If they don’t install the machines that go bloop, what do they do?

Funny thing, the Government, under money pressures, now has to provide a strategic, risk-based assessment of their security countermeasures starting Real Soon Now.  The machines that go bloop and the new security measures must be in place before the risk-based models go in.  The TSA has not turned in any risk assessments of the new machines to the GAO to justify the purchases and they won’t because the risk of finding someone real with their current operation is so tiny and the risk of something going wrong with the machines is so much greater that the purchase can’t be justified.  But they don’t need risk assessments because, at the core, the mission isn’t security.

My stance on the TSA is well known.  I don’t like such obvious wastes of money, and I especially don’t like it with machines that go bloop and may or may not cause skin carcinoma.  Nate Silver has an interesting article on the hidden costs of extra airport security.  But next time you go through security, you should ask for a Coke with your grope — at least with a Coke, you get a Coke!

I have more stuff, about how security has a customer service and customer expectations model to it, about how the TSA needs to think of itself as a customer service organization first, about how the entire organization has to be rethunk, but this post has gone on long enough. The TSA is here to stay.  They provide too much CYA to lawmakers to ever disband.  But to save us all money, they should just pull the plugs on the machines and send us all through.  It will help with global warming, at least.  If they unplugged the machines, would you ever be able to tell?

Here’s the recruitment pizza box. You can find it a bunch of places.

Threat Level’s discusson on TSA training.  40 hours of web based instruction and 60 hours on the job!

Here’s the GAO report I cite.  I cannot find if their position has changed but as far as I can tell, no risk management study has been completed.


* If you think strapping a bomb to your nads is smart then I have some equipment I can sell you!

** The argument here is “but the attack is huge.”  Yes, that’s possible, but the point stands: if the terrorist gets on the plane there are bigger problems with the system.

A required iPad app

A quick interlude:

If you have an iPad, you will want to go to the store and download the new, free TED talk app. It’s an interface to the TED website ( www.ted.com ) but much more comfortable to view. TED talks are about really cool things given by really cool people. Want to learn something cool about science or tech or art in 20 minutes? Watch a TED talk.

My only complaint is the lack of a good search engine to find talks. Hopefully they’ll take feedback – it’s a common complaint – and get one into the app soon.

It shows off your iPad and it’s free. If you have an iPad, you should have the TED app.

Wikileaks

I know this is a little stale (2 whole days!) but I have some quick thoughts on the whole Wikileaks thing:

1. The documents posted aren’t the Pentagon Papers. They contain nothing people didn’t already know. They say the War in Afghanistan is going badly and was never funded well. No news there.

2. Regardless, these were classified documents and leaking classified documents to unclassified sources is bad. Yet, it was a matter of time. If anyone has been following the Top Secret America series on the Washington Post, you know the Intelligence Community in DC has almost 900,000 people. Holy Jumping Jesus, it’s a government jobs program! And all of those people have been cleared. That’s an awful lot of Trust with a capital-T. If 99% of the people involved are honest and 1% of those people feed information to places like Wikileaks, that’s still 900 people — most of them contractors.*

According to Threat Level, the Pentagon claims it has someone but I would be shocked — SHOCKED — if that was the only person leaking to wikileaks. By a long shot.

3. Why is everyone breathlessly surprised at the rise of rogue media?  Hell, if spammers and phishers can put up renegade sites, run them for a few hours, tear them down, and bring them up somewhere else, why are we so surprised someone with a hard drive can move a PHP wiki?

Really? Surprise? Hosting sites abound — many nicely outside the US jurisdiction. How hard is it to find a DNS server, a LAMP stack, and SCP to upload files? Wikileaks cannot be stopped or killed — and certainly not by some angry words and a shaking finger. If you can hide your millions offshore, you can certainly run a website.

It’s point #3 that gets me — the shock and surprise. I want to Vanna White and say, “The Internet — Let Me Show You It.” What did people think was going to happen when mass communications met guerrilla disclosure and guerrilla journalistic tactics?  Or did we all believe we were going to hold hands and watch FOX News together, forever?


* As a professional security weenie, I have a hard time believing in a mere 1% of dishonesty in contractors.

Extra Bonus Post!

1. I found a nice program called Calorie Tracker for the Droid (free) that backs to a massive database of restaurants and foods. It also has barcode search via the camera, tracking across all sorts of metrics (carbs, fat intake, etc), graphing, etc. My experience with trying to find out what is wrong with my diet is mostly one of data collection. Whatever it is, I’ll find it and stop eating it. Or at least find things I shouldn’t be eating in general and stop doing that.

2. I fell asleep watching this older documentary on the Dark Ages from the History Channel last night. Yay Netflix streaming to device that… I shouldn’t be in bed with but I was trying to stay up and failing. It occurs to me two interesting facts:

A. These documentaries are myopic. They completely leave out the existence of Constantinople and the Eastern Roman Empire. No mention is ever made that they tried to recover Rome through several invasions via southern Italy. All of Eastern and South-Eastern Europe simply disappears off the map. Leo the Great! The General Basiliscus! Zeno vs. the Ostragoths!

Oh… nevermind. No one gives luv to Constantinople.

B. If one wants to know what would happen in the case of a Zombie Invasion, study the Fall of Rome. Seriously! A decadent Empire is felled by invaders who take over the cities and force the few survivors to scrabble through the ruins to scratch out survival. Any moment a barbarian may appear and take people out with an axe (or a zombie virus). They never stop coming! To survive, the survivors collect next to the ruins of technological marvels they could never hope to replicate and strip them for parts. Aqueducts fail. Roads crumble. Bits of civilization holds out — the Roman Governor of Gaul held out for a breathtaking 70 years — before the barbarians (zombies) took out the last bit of existence.

I was so excited by the parallels last night I fell asleep. But don’t duplicate my example. Read a book! Or Wikipedia! The perfect blueprint for a Zombie Invasion — right from history!