And the Navy says, "Oh, no you don't!"

And the American public says, "Stupid Navy! How could speedboats blow up a Navy destroyer? You're seriously overhyping this thing, probably playing it up for political reasons or propaganda."

And the American public never remembers the USS Cole. Al Qaeda has already successfully demonstrated that a speedboat can sink an American Navy guided missile destroy and kill American sailors.

Fortunately, the Navy keeps on protecting America anyway.

“If anything characterizes the 21st century, it’s our inability to restrain ourselves for the benefit of other people,” said James Katz, director of the Center for Mobile Communication Studies at Rutgers University. “The cellphone talker thinks his rights go above that of people around him, and the jammer thinks his are the more important rights.”

The problem with this analysis of rights is that it omits the necessary complement of responsibility. Both rights are equally valid -- the talker and the one who wishes for quiet. (The jammer doesn't actually have the right to jam, but let's assume he's not really jamming, and just wishing he could enjoy a quieter subway ride home from Foggy Bottom.)

Every exercise of a right should include a careful examination of associated responsibility. Might you upset someone nearby if you engage in a long phone call? The government cannot mandate this, but for society to work, you need to consider it.

That's what I say. And if I felt like typing more, I'd write up a fringe-case analysis of the situation. Maybe later.

I studied online, with some Flash practice tests and various PDFs and Google searches. You can only transmit unidentified messages to remote control aircraft or to space stations. Remember that!

Anyway, to celebrate, I'm going to drag April to the nearest ham store (about half an hour away) one of these evenings to get a VHF/UHF radio. For our emergency preparedness, see.

(Don't tell her about the giant antenna I plan to build!)

Gimme one month, and I'll have passed the upgrade test for General, and maybe another month to Extra. Then I'll be able to broadcast to the moon!

You hit Ctrl+C and copy something important. Get sidetracked, and copy something else. Ooooh... Lost that first thing? Gone forever? Hours of work?

Okay, you're a monkey for not pasting it immediately. But that happens sometimes, to all of us.

If you have installed Clipdiary, a FREE tool that stores your clip history, no problem! It just sits in your tooltray, on the bottom right of your screen.

You can delete individual entries from the database, set a database size limit, purge the whole thing, toggle it on and off... It's perfect. An absolutely great tool that everyone should have.

It's already installed on my machine. So I really hope it's not actually a mind-control tool that will turn me into a zombie.

Jim Hill Media

Why did Disney's America fail? What might the Tarzan musical have been like? Why is Disney So So SO happy about High School Musical 2's great success? (That last one was amazing -- eye-opening, really. Disney is so much more than what I generally think of.)

So go. Read. Now.

Steganography in Games

The article talks about hiding messages in the moves of a game. Like so:

"Oh, ho! He's moving that piece, eh? Means he's about to kill the Prime Minister of Malaysia."

Baseball is a more practical application, I think, where the secret communication contained within the game is actually part of the game, too. The whole pitcher-umpire-manager-kid-out-in-the-field-who-sees-angles thing.

"Did he just scratch his forehead? Or was he telling us to walk this next guy?"

If I had any idea how to play backgammon, I could probably insert some witty remark about people who play backgammon and how they could be telling each other to kick their opponents at strategic points during the game. That would certainly please Backgammon Masters, the company that is sponsoring this post. They run a site that hosts backgammon tournaments and allows players to chat with each other (and maybe cheat!). I don't actually know if you can cheat that way in backgammon.

In fact, I know nothing about backgammon other than that I used to actually think it was called that because it was always on the back of a checker board. (Seriously!)

Anyway, the whole topic just makes me remember that reporter who forged all those stories about eBay and steganography, back in the day. You must read the following:

Pure hype about Jack Kelley's stories

USA Today apologizing for the big faker

Great stuff.

So it shouldn't surprise me that last night I had an idea for a story of my own, to be set in Disneyland: just a decade after the neutron carpet bombing of America. Or maybe to be cruel, Japan again. By China? That would transport the story to Tokyo Disneyland. Where people still love Mickey Mouse without a trace of irony.

What would the park be like after ten years of no maintenance? If kids could string some power to it, what would they make of the place? What would they think of the world outside, if that were all they knew?

Just an idea.

Though I still wake up happy each morning that I no longer do SEO, I watch the industry from a distance and was interested to see that Submitawebsite.com has chosen to use paid links to promote their own site. This very post is a sponsored post, and I'm supposed to link to them with the following text:

link popularity

Of course, the best links are contextual, everyone says -- meaning they should be used in a sentence, like you learned in Elementary school:

Websites sell more product when they rank better in search engines as a result of link building.

Nobody really knows whether Google actually can (or does) look at the immediate surrounding text, or if it's just a function of what other text is in the document. And the result is vulnerable to gaming either way -- you can just use a machine-generated page with thesaurus entries surrounding your target phrase, maybe mingled in with garbled phrases culled from the Guttenberg project.

But actually getting humans to write all your content can be cost-effective and actually-effective, through sponsored links.

But I'm still glad I don't do it from the agency side anymore. Now, picking up a few extra bucks to help me on the path to my Wii... That's a different story altogether!

Virtually my entire life is recorded in Gmail, but it's okay because the authentication uses SSL!

SSL will save us all!

Except... not. It actually took me a few days, the first time, but now I could plug a computer into your network and read all your SSL traffic in matter of minutes. If I can get upstream of you, it's even easier.

When you go to your bank, your browser sees my SSL certificate, not the bank's. You accept it, and communicate with me. I take everything you say and relay it on to the bank, and say back to you whatever the bank said to me. You never know the difference, and I know your password and username.

It takes a handful of programs, but most of them are already compiled in the Backtrack 2 Live CD. The few days it took me were spent learning how to modify the Live CD and tracking down the software I needed to do the last few steps. Here's the quick rundown:

====================

1. ARP cache poisoning -- tricks your computer into using mine as its router, which I don't even need to do if I can get upstream of you (which is better for me, because a smart person could detect this little cache poisoning with a traceroute command)

2. Fragrouter -- sets my machine up to act as a router, relaying your information through me on to its intended destination

3. Webmitm -- creates a fake SSL certificate and presents it to your browser when you try to go to a real SSL-secured site (this is the other major weakness of this implementation -- I only can configure one cert, and you'll see it with a popup warning, so if you carefully read those warnings, you'll be alerted here) (but, realistically, who reads those warnings?)

4. Wireshark -- the new version of Ethereal, this grabs all the traffic that passes through my computer (which, of course, includes all your traffic now, which is still encrypted, but now it's encrypted with MY ssl certificate)

5. SSLdump -- decrypts all of your secure traffic with my ssl certificate, sucker.

====================

I'd like to improve this attack by writing a modification of webmitm that allows me to configure or have automatically generated multiple fake certificates and present them based on the destination URL. So when you go to Google, you'll see my fake Google cert. Go to your bank and see my fake bank cert. Odds of you ever realizing what's happening = fairly small. (Where you = average yokel, not the undoubtedly brilliant and web-savvy readers of my blog.)

So, next time you're having a friendly argument with some coworkers about how weak SSL is and whether it's purely theoretical or could actually, practically be broken, you don't have to do all this work -- just point them to my blog. Because I'm compulsively ridiculous about things like this.

(From this article.)

Why would Microsoft ever say such a thing? Have they finally turned honest and noble?

No!

Recent reports have shown that XP still outsells Vista. MS makes less money on XP. It's suddenly in MS's best interest to slander XP. So that's what we get.

I hate it. Manipulative marketing makes me mad. (What a sentence!) And if you think that little 'slip' was anything other than very well calculated marketing, you're a fool.

I just want to highlight a few interesting points that struck me.

It is generally assumed that the laws of physics are the same for all observers... These are the sort of core assumptions atheists make. If such basic ideas are called "acts of faith," then almost everything we know must be said to be based on of faith, and the term loses its meaning.

I don't think that makes the term lose its meaning. The very idea that we can know anything requires a certain level of faith. That we exist, that there is continuity in time. That people continue exist even if they leave the room. That my memories actually happened, and weren't just implanted moments ago in my mind. All of these terribly important assumptions are simply assumptions; we have to either accept them or go mad. That's faith, and it doesn't damage our ability to learn and know.

Further, science is based upon verifiability. I can trust the word of a scientist because I can verify his claims. Religions OTOH, rely on the fallacy of appeal to authority, and their claims cannot be independently verified.

Religions ought not appeal to authority, exactly, in the sense of appealing to the authority of a priest or other earthly interpretor of God.

James 1:5 -- "If any of you lack wisdom, let him ask of God, that giveth to all men liberally, and upbraideth not; and it shall be given him."

Moroni 10:4 -- "And when ye shall receive these things, I would exhort you that ye would ask God, the Eternal Father, in the name of Christ, if these things are not true; and if ye shall ask with a sincere heart, with real intent, having faith in Christ, he will manifest the truth of it unto you, by the power of the Holy Ghost."

Religion asks you to find out for yourself. Faith based simply on authority -- my parents said so, my priest said so -- isn't the end point.

One fundamental difference between science and religion is that scientific text is constantly updated whereas holy scripture remains constant. Historically many scientists' conjectures have been inaccurate but when there is sufficient evidence to reject them, scientists cease to advocate them. In contrast, the religious community refuse to change any holy text under any circumstances.

...Many of the criticisms of religion stem from the underlying belief that religion is false. Unchangingness is sometimes absolutely the right thing to do, when you're right.(Sometimes even when you're right, the right thing to do is change. But that probably has more to do with relationships than absolute truth.)

Anyway, that's enough for now. Just had to respond somewhere less crazy than a Digg comment thread.

A role-playing game is the same thing. It's just some people sitting around in a room. But add on the mutually accepted layer, and it becomes a party of adventurers exploring an ancient tomb.

A group of people playing an Alternate Reality game exploits the same basic idea -- a 'normal' task becomes much more exciting when it's suddenly part of an interesting, broader story. Coming up with the broader story is one part of the problem. Coming up the normal tasks is the other, because I don't think normal activities are really fun enough.

So I was thinking... Paintball! Now, this post is sponsored by Ultimate Paintball, a paintball company who sells things like guns and helmets (and the key link for this sponsorship: paintball mask). But paintball would be a fun thing to tie in to an ARG.

You're thinking, "no, that would be lame -- it's already a game, and could only exist as a subgame." (Okay, you're not really thinking that, but you would be if you were thinking about this the same way I am.) It has its own rules and its own layers of abstraction from base reality.

But remember that James Bond movie where they were doing the military exercise, and that was when somebody decided to really infiltrate the base? Paintball as its own game would be fun, and then it offers tremendous potential for clever story hooks.

Maybe while the players are paintballing, another objective comes up. You have to find a secret message, from somebody who's not playing the game, and it's in the enemy camp. The rules of the real paintball game make that a risky thing to do. But the rules of the ARG require you to do it.

It's that blending of rules that makes things tricky. From a design standpoint, the biggest deal is I have to be sure not to force players into bending any legal framework. If that secret message is inside a diamond store, you can't break in at night to get it. If police think you look suspicious leaving that brown, paper-wrapped package under the park bench, you're in trouble.

So artificial social constructs that offer their own set of rules that we CAN break are ideal. The world of paintball has many rules that you don't want to break, but can in the ARG without reaping too-serious consequences.

I'll be on the lookout for other things like this that would work, too.