Log in

WTF? Phoenix BIOS and USB Keyboards

Quick question for those of you still stuck in the computer industry, before I go on to tonight's "real" journal entry:

One of the things that dragged us out for most of an hour setting up this rebuild of my computer is that the keyboard kept crapping out on us as soon as the BIOS settings posted and the boot sector started to load. Drove us friggin' nuts for most of an hour. Then, buried two menus down, we found out that there's a setting for whether or not to allow USB keyboards to connect to this computer ... and it defaults to OFF.

I can see why you'd want that setting to exist, for things like kiosks and so forth where you don't want J. Random Hacker to walk up with his own keyboard, plug it in, and take over the machine. Although unless you set a boot password, that setting won't solve that problem, because it doesn't take effect until after the BIOS setup menu is offered, and you can turn it off from there. But if it is necessary, then for the love of God and all that's holy, why in the world would that setting default to disallowing the world's most common keyboards, instead of the setting that 999 out of a thousand people who buy their product would need?

Also, if there's a good reason for this and I just can't think of it, then at the very least (considering how critical a problem it is if you lose the keyboard when you're not expecting it), there ought to be some kind of dashboard indicator on the front screen of the setup menu to indicate things like whether or not a boot password is set and whether or not keyboards are allowed to connect to this machine. Because that was mind-bogglingly counter-intuitive.


Almost Back in the Saddle

People got hammered by the other day's storms, and hammered hard ... to the north, south, east, and west of me here in St. John, Missouri. Here? I think we may have gotten an inch of rain over the whole couple of days. Every storm cell dissipated or split before passing over us. But that was a pretty massive storm system, one with more electrical activity on its fringes than I've seen in many years.

Which is why I'm typing this on a half-set up almost entirely new computer.

During some of the most impressive cloud-to-cloud lightning displays, I was logged into City of Villains. Everything is multiply redundantly protected, including a full-time UPS with state of the art power conditioning that I got back when I (mistakenly) thought that the apartment's crappy wiring was what was killing every component I put into a previous computer. So I thought nothing of it. Then I heard a tremendous crash from directly overhead, and the screen scrambled itself like I've never seen a Windows PC do before. And over the next couple of days it got less and less reliable, until it crashed and would not come up again. Motherboard fried, power supply questionable, memory questionable, processor probably fried as well. I'm left to speculate, since nothing else in the apartment behaved oddly and the power monitor built into the UPS never so much as hiccoughed, that it was induced current.

Quick scientific explanation: cloud-to-cloud lightning happens because huge negative and positive charges build up until they arc. When a storm system with such huge charges in it passes over you in a straight line, that traveling energy potential can result inducing an opposite negative charge on one end of a wire and a positive charge on the other end of it ... which, naturally, settles itself by flowing along the wire, to the tune of millions of volts with next to no amps. The thing is, I'm not used to induced current during thunderstorms being a problem on any cable less than a few dozen yards long, usually only on unshielded cables that are hundreds of yards long. I wouldn't have bet that anything in a PC was far apart enough for induced current to be a problem. But I'm at a loss as to what else about a cloud-to-cloud lightning strike 20,000 feet above my head could have fried that much of my electronics. Which reinforces my long-held superstitious belief, one I've found to be widely held among people who've worked with electronics, that lightning is a malevolent and semi-sentient force that does whatever the heck it wants, and the laws of physics be damned.

Unfortunately, the cheapest way to do this was to also replace the case and power supply, and the new power supply is about twice as loud as my old one, which is driving me bats. I may be able to get long with moving it under the desk once alienne and I are done getting the hard disks properly untangled from repeated crashes, Windows reinstalled fully because it wouldn't boot after this many hardware changes at once, and all of my software reinstalled and reconfigured. Until then, things are kind of a mess and I can barely stand to work next to the thing. If I can't get some space (and therefore noise filtering) between me and the new case, I may have to get some decent headphones and wear them whenever I'm sitting near it.



Free (As in Beer) is Just Another Word: I don't know if you saw this when it went around about a week ago, but I know a lot of people were scratching their heads or yukking it up about this headline: "Free Software? You Can't Just Give It Away," London Times, February 21st. On the face of it, it's pretty funny: customs officials impounded a pile of Firefox CDs as pirated software. When they contacted the Mozilla Foundation, the General Public License copyright holders, to notify them that pirate copies of their software had been found, they at first refused to believe that anybody would give blanket permission to make copies of their software and sell the CDs. But it gets even funnier-seeming after that: when they did get it, they insisted that that was illegal. What? Their explanation was incomplete and made no sense, and boiled down to, "You can't possibly expect us to have a copy of the license terms to every piece of software out there so we can check which copies are legal and which aren't."

What makes that an incomplete answer is that their answer points to the fact that software is just about the only commercial item or service in this world in which each individual product has its own licensing terms. Virtually everything else has standardized terms of use, via a body of law called the Uniform Commercial Code. The Uniform Commercial Code spells out what the customer can and can't do with the product, and what the seller is and isn't allowed to do, and to what extent the product has to live up to its sales hype, and what the minimum remedies the seller has to offer are in the event of a defective product. Way, way back in the early 1980s, the then-infant software industry lobbied hard for and got an exemption to the Uniform Commercial Code, and parts of that exemption (such as the ability to enforce click-through and shrink-wrap licenses, and the ability to disclaim incidental damages) had to be litigated all the way up to the Supreme Court. The UCC exists specifically so that every customer doesn't have to read a 10 page contract to know what's legal and what's not for every product they own, and so that manufacturers can't screw people over by burying disclaimers in the fine print. I lobbied against the UCC exemption at the time. It's a shame I lost. Companies would be writing a lot more reliable and a lot more secure software, at a bare minimum, if they were liable for incidental damages.

Republicans Just Never Learn, Do They? Another of the classic sins of the Nixon administration is back: politically motivated IRS audits. A lot of the evidence that resulted in Tom DeLay's indictment was found by a non-partison, non-profit "good government" watchdog group called Texans for Public Justice. To punish them for revealing the truth about DeLay's various schemes, the Republicans in Congress lied to the IRS and then pressured them to follow up on the lies, in order to get the group audited. They were cleared, of course. DeLay probably won't be so lucky. See R. Jeffrey Smith, "Texas Nonprofit Is Cleared After GOP-Prompted Audit," Washington Post, Feb 27th (registration required).

I Wonder What's the Story on These? Somebody on LiveJournal, I think it might have been in the polyamory community which I skim once in a very rare while, included a link to these odd little scans: "Edwardian Poly Postcards." Hand-tinted hundred-year-old or more photographic postcards that seem to show a perfectly cheerful, happy, V relationship, two girls and a guy. Or else I'm misreading the artwork? Anyway, I'm naggingly curious as to what the original story behind these was.

Sometimes The Onion Gets it Just Right: Dead-on perfect political humor this week: "Democrats Vow Not to Give Up Hopelessness."

Edited: Forgot to include the article link the 3rd story. Sorry this went up so late; I queued it, but the queuing software didn't work this time for some reason.
Towards the end of my computer network engineering career, when it became unavoidably obvious even to me that my final manager at The Conspiracy was looking for any excuse to fire me, I spent about a year trying to manage some kind of internal transfer out from under him, to almost anywhere else in The Conspiracy. But one opening in particular came along that seemed, to me at the time, to be perfect for me. Some of you who read what I wrote over the last three days are probably wondering why I don't do just that for a living, now. The work is very important, it's obviously still interesting to me, there are companies who have real money to pay for expertise in this area, and I'm at the very least better than 99% of the people who do it for a living, if I do say so myself. The Conspiracy had just created a new department inside their Security division, and was looking for a manager of internal information security. I applied for the job, and I thought that the interview went swimmingly. But then, I always think that.

I didn't get the job. (Obviously, or I probably wouldn't be retired now.) I knew I had no guarantee of an answer, but I asked the guy who interviewed me why not me? His answer seemed bogus and cowardly to me at the time. In hindsight, though, I wonder if his boss was right. You see, both the director of computer security and the vice president over him agreed that of the two internal candidates that passed the initial interview, I was obviously the better qualified. Unlike the other applicant, I knew the subject backwards and forwards, inside and out. There was also no question that I was highly self-motivated, willing to work hard, and indisputably loyal ... to the Conspiracy. But the guy who would have been my boss's boss vetoed me, and here's what I'm told that he said, as best as I can remember it word for word: "Some day, I'll have to take whoever has this job with me into a meeting of the Board of Directors and other senior management. And if Brad gets the job, I'll have no idea in advance what he's going to say."

Consider, for example, one of the incidents from my job in LAN/WAN engineering that was brought up in my involuntary-exit interview. The sales rep for a company that I won't shame by name (but you've heard of them) had wrangled an interview with my boss, the manager of all internal support operations, to sell him a network monitoring tool. The particular sales pitch for this tool was that the same tool, using the same reporting protocols, could run on everything we had: both flavors of mainframe, both flavors of minicomputer, all three LAN file server operating systems, and all three of our desktop operating systems. It would then compile uniform up-time statistics, and do unified alert reporting via either LAN or mainframe console. In particular, he was pitching this as a solution to our existing problem that the company had 24x7 mainframe operator staff, but wouldn't staff LAN administration 24x7; with this tool, LAN outages would show up on the mainframe operators' consoles. He brought with him a lengthy favorable review of his product that had appeared in a glossy industry news weekly which, again, I won't shame by name (but I guarantee you've heard of them).

By the time the sales rep left, my boss was 100% sold on this idea. So he brought me in, and rather than tell me this, he asked me if I'd ever heard of the product and if so, what I thought of it. I told him that I knew it well, that we'd used an earlier version of it at one of my previous employers ... and that it was an unreliable heap of garbage. I told him that it was flatly incompatible with our LAN protocols, that contrary to what they said it was incompatible with one of our two more important LAN operating systems and that the support for the even more important one was brand new and still in beta test. I also told him that at our previous company, which was even bigger than The Conspiracy, we had exactly zero luck getting their tech support to fix any of the mission-critical bugs we reported to them. I also pointed out to him that in order to work, he'd need to get the mainframe components of it installed, and I knew for a fact that since we had no meaningful test bed for that install, the managers who would have had to sign off on it were never going to even put it into test, let alone go live with it. He told me that the salesman said otherwise; I responded that of course he'd say that, he's paid via commissions. He showed me the news article. I told him that that particular rag will print any vendor's press release as a review, complete and unedited, with no testing of their own, so I wasn't terribly surprised that the review agreed with the salesman. And only after I'd said all of that did he tell me that he'd already put in the order for the software, and that getting it working on our test-bed system was now my job.

I told him that they paid him to make these decisions, not me, and I understood that. I told him that if anybody could make it work, it would be me, and I'd give it my flat level best attempt ... but that I made no guarantees, because I had no idea how I was going to get it to work around the known incompatibilities, and that I was going to be completely dependent on him to get the approvals from upper management to install the mainframe components. Which he never did. Nor, as I predicted, did the vendor fix any of the glaring bugs in the beta test part of their product; to my vast disgust, their network monitoring component, the thing that was supposed to track network reliability, was the single least reliable thing on our network. And that's where the project stood when I was fired on trumped-up charges, and one of the things that was brought up in my exit interview was that my boss suspected me of sabotaging an important company project, of intentionally sabotaging the network monitoring software he'd bought in order to make myself look smart and him look dumb.

If I were in charge of Internet security for a Fortune 500 company, I can already see how it would go. Some software vendor like Microsoft or SAP or Symantec or even Apple would be in there with some multi-gazillion dollar proprietary investment in their products that they wanted us to make, in order to protect our network from hackers. I would point out that even if their software and hardware solution worked as advertised, it would do exactly nothing to solve any of our more serious problems, that the money would be better spent on hiring smarter people and training the people we have better so that they don't fall for every phishing scam, social engineering attempt, and emailed trojan horse that came down the pipe, and bring in infected stuff from home to bypass anything we had put in place to block infections. I would call the current industry fad Flavor of the Month in network security solutions the Emperor's New Clothes, and compare investing in it to re-arranging the deck chairs on the Titanic.

And soon as I walked out of that meeting, the other senior managers would start chattering about who in the heck did I think I was, disagreeing with every glossy business and popular technology rag like BusinessWeek and Computerworld and Wired? The salesman/consultant seemed much more likable and seemed to know his stuff much more than I did; look how much the salesman/consultant, after all, understands business better (dresses and talks exactly like the other senior managers do) and is obviously much more up to date on the technology than I am (parrots back the same stuff they read in magazines). It would go unsaid, but also be true, that the consultant and/or salesman would be some golfing buddy of the CEO, or member of his club, or relative who needs the money, or some such thing. It would also be pointed out that it's more important to reassure the shareholders that we're doing what we should be, by doing what everybody else is doing, than it is to actually solve the problems, that there's no particular advantage in being right when everybody else is wrong. And in not much more than two years, tops, I would have been encouraged to pursue other interests.
According to the latest statistics I've seen, since the last major revision to the virus construction toolkits, every day the gangster botnets infect or re-infect a quarter of a million computers per day, and their operators use that computer power to send about two billion spams per month. And that's above and beyond any of the other, more poorly tracked organized criminal activities that a supercomputer that size can and are being used for. Whatever it is that we're doing, it's obviously not working.

We used to think that we knew what to do about this. Don't open any attachments to emails from people you don't know. Stay away from obviously dangerous web pages. Don't run downloaded or emailed software without running it through a virus checker. And if your computer has an always-on Internet connection, use a firewall. And get the heck off of Internet Explorer, and maybe Windows itself, and get onto Firefox and maybe MacOS or Linux. Well, guess what? Emails don't have to have attachments to connect you to a botnet. Modern botnet AIs are learning to do much better jobs of simulating plausible emails, anyway; we're not far from one that can pass the Turing Test for a couple of paragraphs, anyway. Parts of the operating system that don't seem to have anything to do with file downloads have turned out to have the same stupid security vulnerability; two have shown up just in the last year in the parts of the Windows operating system that render graphics on the screen. And firewalls and virus scanners are software written by programmers no smarter or more careful than the operating system programmers themselves; adding them to your system is almost as likely to add vulnerabilities to your system as to block them. Besides, by the time your virus checker even has a patch to detect a new incoming botnet attack, the botnet's already infected tens of thousands of computers. Those infected computers will soon, if they don't already, know how to defend themselves by preventing your anti-virus software from operating correctly, thanks in no small part to Sony's accidental publicizing of a way to bypass the virus checker on all current Windows operating systems. (I will point out, in passing, that Sony's hack didn't even require any executable programs of any kind, so far as the PC user knew; it was built into what were falsely sold as plain old-fashioned audio CDs.)

Firefox, MacOS, and Linux all have just as many instances of the same stupid "buffer overflow attack" software vulnerability; the only reason you don't see as many viruses and trojan horses taking advantage of them is that botnet authors are currently too lazy to target them. And there are so many machines without virus checkers and firewalls that the same laziness provides some temporary security to their users. If you have to use Windows and Internet Explorer, and sooner or later nearly all of us do, you can try to keep them up to date with the latest anti-hacker patches. Good luck downloading those patches, though. Any Windows computer that doesn't have all of the current patches, and I mean all of them through the day they're installed, will not survive uninfected long enough to finish downloading the first patch. Not might not, any more; the gangster botnets have enough network bandwidth and processor time to throw at the problem that it is now will not. You can use a currently trusted machine to download those patches, burn them to CD, and install them before plugging the new computer in. If you have a trusted machine. And the download process isn't currently hosting some known-to-hackers vulnerability. And you can figure out how to off-line install all of the Windows service packs, which hardly anybody can. None of these solutions will worth squat for very much longer, though, although in the short run they're better than nothing. Nor will they do anything to actually stop the problem. They might help you, but they won't do anything to stop the gangsters from finding millions of other, less technically savvy people whose computers to attack, including your boss and your parents and your kids.

Trusted Computing, the latest scam from the software companies, is never going to be adopted and wouldn't work even if it were. It'll never be adopted because the companies pushing for it all have a history of acting in bad faith, of using any innovation they promote first and foremost to lock customers into expensive mandatory annual upgrades to software that can only be bought from them as a monopoly provider, and only incidentally after that constraint is met to provide any actual benefit to the customer. (Consider, for example, Microsoft's refusal to provide free security upgrades to pirated copies of or upgrades to their operating system. Or that in Windows Vista, they're only going to "trust" video drivers for cards from the miniority of companies that have a business relationship with Microsoft. And, of course, Trusted Computing is technologically and financially incompatible with Open Source software, and isn't that just convenient for Microsoft.) And even if it would work, it depends on your ability to trust the sender of the software to be who they say they are and uninfected themselves, which is irrational to believe in a world where software installation CDs have shown up with viruses pre-installed, both accidentally and on purpose, and in a world where US law enforcement lobbies hard to prevent any encryption scheme they can't crack but the gangsters have more powerful encryption-cracking supercomputers than the feds do.

But, look. Phones can be used for many of the same crimes. We don't solve that problem by requiring all telephones to have, oh, I don't know, voice stress recognition software and keyword recognition so they can prevent confidence scammers from talking on the phone. The stock exchanges are used for fraudulent insider trading almost every day. We don't solve this problem by requiring all stock trades to go through a Trusted Authority who digitally signs each trade order after verifying that no insider information or other scams were involved. Organized crime has inserted itself into capitalist markets for as long as there have been capitalist markets. In the earliest days of western industrial capitalism, from around 1880 to 1970, gangster abuse of the markets was almost one of the defining characteristics of western capitalism, just as it is now in Russia at the same stage of economic and political development that we were then. We didn't bring the problem down to the point where ordinary people can feel reasonable confidence in the marketplace by adding layers of technological complication that were, themselves, only going to create less transparency and therefore more opportunities for gangsters to insert themselves into the transaction process. How did we solve it? By going after the money.

For example, every day statistical analysts at the US Securities and Exchange Commission use their secretive methods (and I'd bet money that not all of them are 100% legal) to spot illegal insider trading and other abuses of the market that previously were the province of the Mafia. They then take a couple of weeks to build 100% rock-solid guaranteed-win cases against as many of them as they can. Fortunately, that's enough that they can let the others slide without attracting much attention to the fact that they do so. They then confront the criminals with the evidence, and offer a plea deal. They hardly ever bother to put them in jail, because the terms of the plea deal are sufficient to discourage the crime. What's more important to them than putting felons in jail? Guaranteeing that it appears that no felon ever gets to keep the money. They calculate exactly how much money you earned from the crime, and they demand that you pay back every penny of it, or at the very least every penny you have that they can find. If they can figure out who the victims were, they return the money; if they can't or if the victimization was too widespread and diffuse to refund the money, they funnel the money back into their own pockets to fund further enforcement. It's a model that works.

So I take heart in the fact that we have a few examples that this technique can be used against cyberpunks in the organized crime world, now. Just last month, one of the botnet managers was sentenced to cough up the estimated $58,000 that he earned. Unfortunately, the track record is mixed, so far. When they caught practically the only higher-level gangster they've convicted so far, to my vast disgust they let him keep at least 80% of his criminal earnings. What's more, none of the governmental agencies, either here in the USA or in the rest of the world, are making sufficient use of the resources available to them. It has apparently not yet penetrated their consciousness, their consensus, that they're no longer up against individual mal-adjusted teenagers, that the individual mal-adjusted teenagers are now subcontractors in vast networks run by international mafiosi.

If they made it a priority, they'd find that tracking the individual mafiosi and their earnings is easier than you might expect. With other mobster crime waves, the tips that broke the mobs' backs came from neighbors, from ex-members, from bankers and accountants, and even more importantly to our current example, from angry victims and relatives or friends of victims who refused to lay down and shut up. The classic gumshoe of 1940s and 1950s hard-boiled fiction and film noir is a stock character specifically because when the mafiosi weren't being sufficiently fought by the government, private citizens put up their own money, collectively through their insurance companies, collectively through citizens' groups, and individually from well-off people who'd had enough of that garbage, to hire non-governmental, civilian investigators to build the cases and drop them in ready-to-prosecute bundles into the cops' and the district attorneys' laps, and then into the reporters' hands where the government was too corrupt or too weak or too inept to do the job.

In the cyberpunk present, that niche is best being filled at the moment by The Spamhaus Project. Yes, the mobsters are wealthy. Yes, that wealth enables them to hire some pretty competent hackers, and a huge network of script kiddie foot soldiers to do the boring, easy parts for them and to take the fall as necessary. But there are more honest, angry citizens than there are gangsters, and may the Gods so grant that it always remain so (as, it must be said, it nearly always has been). And some of those honest, angry citizens have just as many technical skills as the mercenaries that work for the gangsters, and put in more hours with more determination than any paid sociopath ever will. Consequently, they've found out that it's actually not very hard to follow the money trail all the way to Mister Big in each of these operations. They've pooled their volunteer efforts and maintain a two-level Register Of Known Spam Operators. The ROKSO 200 list gives the actual, real names of the gangster bosses of the operations responsible for 80% of the cybercrime on the Internet. And on the off chance that the police lack the resources, skill, determination, or honesty to track them down even given their real names like back in the bad old days of gangster capitalism, they maintain a subset of that list. The ROKSO Top Ten gangster bosses are singled out for the most determined tracking. For nearly all of them, The Spamhaus Project has put together a dossier that's already good enough to go straight to indictment. Some of them are so thoroughly counter-hacked that the volunteers have put together prosecution-ready cases, with photographs, known aliases, Internet packet traces, financial accounting information, and home and work and hideout addresses. Unsurprisingly, mobster bosses want to live in places where their ill-gotten wealth lets them live comfortably; nearly all of them live in countries where the laws are in place to let those cases go to grand juries or the local equivalent this month, if the governmental willpower existed. If it doesn't, well, that's what we're supposed to have a free press for. Keep rolling them up, and prioritizing sucking the money out of them, 10 at at time, and in less time than it took to break the mafia's back we could have our Internet back.

(P.S. If you want to keep track of this, the best coverage right now is coming out of SpamDailyNews.com, which I just set up so that you can also add to your LiveJournal friends page by subscribing to spamdailynews.)
The technology that's making it possible for Russian, Australian, and American mobsters to make huge money through hacker crimes is the bot-net. The first generation of this was called the "zombie PC" problem. In this older problem, a spammed trojan horse, Active-X web-based virus, or phished or spammed web page with known Windows security loopholes would sneakily install software onto your PC that would run at all times. Periodically it would check in with some central control point to collect tasks to perform: spam to send out, lists of other network addresses to try to hack, password dictionaries to reverse-lookup, fake web pages to temporarily host, or whatever. This was bad enough, but the Internet service provider (ISP) industry thought that the problem was manageable. In theory, Microsoft and other software vendors would plug the holes that were being used to brainwash the zombie PCs. Then the ISPs' various security departments could identify the few remaining zombies and shut down those customers' Internet access until they called it, got instructions from the ISP on how to patch their PCs, and then the problem would be solved.

This approach has failed miserably. The first reason why it failed is that it vastly under-estimated the number of security vulnerabilities in a modern computer; unless there are radical and invasive changes in the way the whole software industry runs, we will not see the last security vulnerability patched in our lifetimes. They also falsely believed that those security vulnerabilities were restricted to a relatively tiny number of points of failure; that if they could educate customers out of a relatively tiny list of high-risk behaviors, that the problem would be contained. You were probably told this yourself, as recently as in the last few months, including by me. It turns out to not be even vaguely true. The industry also failed to realize just how many desktop computers there are out there that are never, ever patched, and will therefore always be permanently vulnerable to automatic hijacking. But the most terrifying aspect of the problem is that having grossly underestimated the potential size of the problem, the potential number of zombies and the ease with which new zombies could be created, they also failed to scale up, in their heads, what the problem was going to look like as the number of zombie PCs increased.

We should have all seen this coming, because what organized crime has done is copy the model of one of the most famous and successful Internet projects of all time: SETI@home Classic. Started in 1994, by the time they ran out of funding for that phase of the project and shut it down last year they had over 5,000,000 personal computers on the Internet doing calculations for them, part time, on a processor-time-available basis (that is to say, whenever those people's computers weren't being run at 100% capacity). SETI@home Classic, like its current successor BOINC, collects parts of the job to be run from a central task distributor, runs on its own until its done, and then reports the results back. Why do this? Because five million 1 to 2 gigahertz Celeron, Pentium, and AMD chips, each of which has anywhere from a quarter-gigabyte to several gigabytes of RAM at its disposal, is a mind-boggling amount of computer power.

Well, what several organized crime gangs have realized is that if you're not especially picky about how you ask for permission to install something like BOINC, and given all the vulnerabilities in a modern PC, building a network the size of SETI@home is now pretty trivial. That kid in Oklahoma who was in the Washington Post story I linked to yesterday? He's just a short-term workaround for a part of the process that's only just barely not finished being automated, I'd guess from the network architecture involved. He earns his $80,000/year share of the gangsters' profits by checking in every day to see if there are any code changes or software patches to his zombie-creator software that he needs to install before running it again. There's no good reason why that network architecture needs him, any more; there's decreasingly any reason why the zombie botnets aren't big enough to do their own self-maintenance. The only remaining technical infrastructure issue is how to distribute the information. Right now, it uses human intervention by way of chat rooms, but everybody on both sides of the game knows that the actual software authors are working on adding peer-to-peer file-sharing network algorithms. Once that happens, guys like 0x80 are out of a job. The crime boss's tech staff will collect the latest software from their programmers, hand it to anybody to run on any PC anywhere in the world for a couple of minutes like some cheap disposable laptop from a car outside some public or unsecured WiFi hotspot, and once it finds any member of its own botnet, they'll spread it among themselves in less time than it takes 0x80 to do it. Once they get that part of the software debugged, you can pretty much give up on your technical solutions, unless you've got your own 5-million-or-more PC botnet to track them with.

What's more, we've only begun to see what can be done with a 5,000,000 node gangster botnet. The gangsters themselves are apparently constrained by their own limited imaginations. So far, all they've thought to do with them are:
  • Spam and Pop-Ups: The ISPs have gotten fast enough at shutting down larger spam servers that the vast majority of the spam on the Internet these days is coming out of zombie botnets. Some of that spam goes to semi-legitimate businesses, or at least businesses that are legal at the point at which the money is collected, like pr0n, online gambling, money laundering, and sale of prescription drugs without a license. Quite a bit of it, though, is aimed at tricking you into visiting web pages where the mere display of that web page is enough to take advantages of known security holes in the browser or the operating system to infect your machine with the zombie software itself. That is to say, there's no direct money in that spam, it's just about botnets propagating themselves.
  • Child Pr0nography: Some of that spam isn't to things that are legal, though, and some of the biggest bucks are in delivery of online pr0n that's illegal just about no matter where you're from, such as bestiality pr0n, rape pr0n, and kiddie pr0n. The botnets take care of every part of the operation, from running the servers' current temporary locations to spamming the advertising to running the payment authorizations. And under current US law, if your PC is part of that botnet, prosecutors don't have to prove that you intended it or even knew about it to lock you up for years, then make you register as a known sexual predator and registered child-sex offender for the rest of your mortal life. The only thing keeping thousands of Americans out of jail for this is a combination of prosecutorial discretion and limited law enforcement resources (and skill) for finding botnet PCs. Sleep well. Oh, and speaking of pr0n, don't forget how common the Peeping Tom fetish is, and consider that nearly every botnet construction kit automatically includes code to randomly grab snapshots from any connnected web-cam, even if you thought it was turned off, and collect them centrally. You might not want to leave yours plugged in when you're not using it and fully dressed. Fortunately, at the moment doing potential-pr0n-detection on the resulting images is labor intensive. But given sufficient computer power, it needn't be, and see below as to why that's not going to be much of an obstacle soon for the gangsters.
  • Denial-of-Service Extortion: If it weren't for the difficulty in collecting the extortion money, this one would be even more common; fortunately, actually collecting on this scam and getting away with it is much harder than the scam itself. Nonetheless, the botnets all include, in their basic code, the software to have every zombie on the botnet try to access the same Internet address at the same time, or even to run staggered, varied attacks over a longer time. The net result of this is to knock any address on the Internet out of service for a couple of hours or more. Could they use this to, oh, for example, shut down the parts of the credit card authorization system that connect to each other over the Internet down for 8 hours on the day after Thanksgiving? Absolutely. And one of these days, somebody who's bored, ready to cash out, and therefore willing to sacrifice his botnet to do so, will do so on a lark. Fortunately, as with virtually all blackmail schemes, it's often harder than you'd think to pick a victim who'll pay you and then not get bagged by the cops in the process of collecting it.
  • Bank Account Password Theft: All the virus construction toolkits these days include off-the-shelf software that waits for you to visit any of the web sites that the botnet told it to watch for, record the next hundred or so characters you type on your keyboard, and then forward those keystrokes to someone who can then use your PayPal account or Amazon account or credit card number, or create checks by phone or over the Internet, to order merchandise or transfer money. Hardly anybody uses it now, though, at least not for more than trivial amounts, because at the moment, the cops have toughened up world-wide to the point where you get nailed at the point where you collect the money or the merchandise. Or if not world-wide, certainly in any place that gangsters would be willing to live. I offer this example as a way of pointing out to you that even though next to nothing useful has been done on the technological end, the problem is being kept to very manageable levels by going after it at the money-collection end.
  • Stock Market Fraud: This one's the hot one, especially in the smaller and international exchanges. The easiest one of these consists of merely spamming out a lot of bogus stock tips, touting some stock you own that's currently worthless as "the next big thing;" wait for enough morons to buy it that they drive the price up, then sell yours. It's called "pump and dump." But bigger botnets enable the most breathtaking versions we've ever seen of an equally old, previously small-time scam: the newsletter scam.
I always adored the newsletter scam; I think it may be my all-time favorite version of the Long Con, the extended-duration confidence scam. It used to work like this. Buy a mailing list of, say, 4000 potential investors. Now print up 2000 copies each of the best-looking investment newsletter you can provide. Fill up the newsletter with perfectly legitimate wire-service stories, perfectly legitimate company press releases, and the same tired cliché "investment strategies" that every newsletter since the dawn of the industry has included. The relevant part is the front page above-the-fold headline. Pick a stock at random. Half of the newsletters predict, based on (non-existent) insider reports, that the stock will go up over the next 30 days. Half of them predict the opposite. Whichever one was wrong, throw that half of the mailing list away. Repeat two more times. Now you have a list of 500 people who know, from experience, that you can reliably predict stock price movements. Send them a 4th newsletter, saying that based on insider reports, on such and such a day, such and such a stock will rise fast. The day before, buy the stock. Once the price peaks, not only dump the stock, but short-sell it, since you know that the stock will tank once the news of the scam breaks, and double your money on the way down. Cash out fast and run. Now imagine running the newsletter scam via spam? To tens of millions of people at a time? In a world where not all of the global exchanges have the real-time detection software that the NYSE (and belatedly NASDAQ) uses to detect this scam, on exchanges where you don't have to risk blowing up a rare and valuable brokerage license to play?

But even this represents a failure of imagination. NASA uses less supercomputer power than that to run signal processing on every radio telescope in the world, looking for decodable signals. The NSA uses much, much less supercomputer power than that to decrypt enemy radio and cellphone signals. Given a plausibly large botnet, there isn't an encrypted communication or computer system in the world right now that these gangsters don't have the power to crack, not even the military ones. Oh, sure, we keep expanding key lengths, thinking that's going to buy us time. But what happens when the botnets branch out to every other device on the planet with a CPU chip and a communications interface, like your cellphone? And even when I worry about this, what I really worry about is that I'm having my own failure of imagination. The fact of the matter is that it's only been in the last year or two that computer scientists have begun to crack the generalized scheduling problem. I saw a videotaped college lecture by one of the chief engineers at Google, who was showing off the capabilities of the scheduler that distributes Gmail work, Google searches, web crawling, and so forth. Yes, it seemed very nice, but kind of boring; parallel processing has been around for decades. Then he explained that the algorithm used to divide the tasks up among available processors and network interfaces wasn't hand tuned to each task, that they have a generalized software algorithm that will analyze any well-written computer program and massively parallelize it, no matter what the program was intended to do. My jaw dropped. As recently as two years ago, I would have told you that was true-AI territory, a capability that was still decades out. The fact of the matter is that it is only just barely now possible to do things with zombie botnets that none of us have imagined. But it will be organized crime gangs that imagine it first, and do it; they're the ones who stand to make huge amounts of money doing it.

(This is running way, way too long. Tomorrow: Why what you're doing now almost certainly isn't working as well as some of you think, why it won't work at all pretty soon, what little you could be doing to buy yourself some time, why that won't work for very long, and what I think the world needs to be doing about this.)
There's some really good, if incomplete, coverage in this weekend's Washington Post of the real reason why there's at least one new Windows virus detected in the wild every day. For a pretty good set of human stories, and some pretty good minimally technical explanations, see Brian Krebs, "Invasion of the Computer Snatchers," Washington Post, Sunday ,February 19th, 2006, page W10. (Registration, aggravatingly, required.) Wired News has been providing good coverage of this over about the last six months, and I've picked up some extra bits from Slashdot and from various computer security industry publication articles, websites, and technical webcasts, and I may be able to lend a little bit of perspective from my own years on both sides of the game.

I had somebody ask me just the other day what possesses hackers to go to the trouble of releasing a new virus every day. What could possibly be motivating them to do that much work? Well, the question starts off as somewhat naive. There actually isn't that much work involved. Virus writing, like a lot of computer applications development these days, doesn't actually involve a whole lot of programming. There are graphical interface enabled, point and click toolboxes that get updated at least as often as any of the proprietary anti-virus software packages. They don't use the same Concurrent Version Systems software that the Open Source movement (and most corporations) use to enable multiple people to edit a computer program at the same time, if only because at the current state of the art in CVSes that'd provide a central source that'd be easy for the anti-virus companies and law enforcement to target. But the virus development toolkits are coded in the same programming language, and have enough common ancestry to their code, that any code fragment posted to a chat room has been compiled into all of them within 48 to 72 hours. The net result is that as soon as any of the end users in the virus industry finds a new exploit, they code a module for it and add it to the toolkits. Anybody who hangs around the right online chat rooms, or who even checks in every day or two, can upgrade his virus with the latest technology and re-launch it however often he needs to, and no more computer programming expertise is required than to set up a simple report in Microsoft Access, or to sort and add up a table of numbers in Microsoft Excel. (Hence the dismissive nickname the end users get from the few real programmers, a nickname that goes back to the earliest days of the industry: script kiddies.)

But what's the incentive that keeps the toolkit creators working on their products, and that drives the script kiddies to spend as much time updating their viruses as they do downloading pr0n? Big damned money. Organized crime money. How much money? One of the more notorious gangsters in the industry just bought himself a gold medal in the Winter Olympics, outright, for cash, to go with his fleet of Lamborghini sports cars. That guy in Boston who whacked his wife and kid, then fled to England thinking he'd get away with it? Guess what he did for a living? And cops in Brazil rolled up one operation that stole at least $4,600,000 by way of computer viruses. Most of them were teenagers. And those are just this weekend's news stories on the cyber-gangster front. The only reason you don't see big-ticket crimes like the one in Brazil more often isn't that it's difficult. On the contrary, the toolkits include software to steal that kind of money as a built-in feature. It's just that most of the adults in the business know that if you steal that kind of money all at once, it attracts attention. No, street-level cyberpunks like the kid in Oklahoma who was featured in the WaPo article are the norm. He works about 15 to 20 minutes a day, which is all the time it takes him to earn about $6,800 a month for his contribution on behalf of organized crime, or, to add that up for you, about $80k US per year, tax free. He's a 21 year old high school dropout.

(He's also dead meat. Oh, not literally, but his criminal career is over. The reporter screwed up, and inadequately protected the guy's identity. When I last checked Slashdot, only a couple of hours after the story broke, they had his location narrowed down to about two blocks. Presumably by the time some of you read this, his identity will be in the hands of law enforcement. This will do you absolutely no good, any more than busting J. Random Lawyer as a dealer for splitting a kilo of cocaine with his partners will put a dent in the only slightly larger organized drug dealing industry.)

Where in the heck is the money coming from to pay script kiddies $80 large a year, pay even bigger slices to the guys who manage the virus construction toolkit projects, and still make the kind of money it takes for the gangsters at the top to live like Donald Trump and still pay for an Olympic training regimen out of their pocket change while only working at it a couple of months a year? Well, you see, the reason this isn't obvious to some of you is that you're still thinking of a virus as an annoying piece of software that crashes your computer at random. Viruses aren't about individual computers any more. They're about bigger, faster, more massively parallel super-computers than the US Department of Energy uses to simulate nuclear weapons tests. We're talking about technology that NASA contractors developed for the Search for Extra-Terrestrial Intelligence, combined with technology that Google uses make it possible for them to cheaply and instantly search every page on the Internet for millions of users per day. And they get to use it for next to free, without any government regulation, subject to no taxes or laws, for any criminal enterprise that can be furthered by infinite computer power.

(Next: At least fifteen to twenty of you, I'm guessing, work for the mobs and don't know it, distributing child pornography, robbing banks, selling fake prescription drugs to seniors, and running at least two types of big-money stock market scams that have the potential to dwarf WorldCom. The things you think you're doing to keep from helping them probably aren't working, because they're based on several year out of date mental models of how this stuff works. Even if you are managing to stay out of the rackets, you might not be in a couple of weeks, but don't feel isolated: the professionals are in the same bind. You can't get out of the rackets; you can only get out of the rackets temporarily. You haven't even gotten paid for your work, but if anybody actually goes to jail for it, it's more likely to be you than the gangsters running the operations, because law enforcement and the computer security industry are approaching this from the wrong angle, and show no signs of smartening up. And the mobs have only just begun to scratch the surface of what this technology can do.)
When I'm away from the computer, as often as not I've got Digitally Imported's Deep House channel on in the background, or less often but still pretty often their Ambient, Chillout, or Goa-Psy Trance channels. But more to the point, when I'm walking away from the machine, in the same gesture where I turn the sound up a bit so I can hear it in the rest of the apartment, I throw the browser over to a web page that I call the Eye of Shub-Internet. I've mentioned this before. Its real name is WebCollage, and what it does is use the Google API to find out what the most recent picture search is, use the "I'm Feeling Lucky" option to grab a likely image, and composite it on top of the current image, which updates on their web page every 60 seconds. You can set your browser to it, and every 60 seconds see a sample of what images people are searching the Internet for right now. (Shub-Internet, for those of you who don't go far enough back to get the joke, is the Lovecraft-pastiche god of the Internet.)

I do this in part for the sheer entertainment. It also serves some of the same purpose for me that a fish tank serves in a public place, it provides something apparently living and moving unpredictably that requires little or no maintenance or intervention on my part. But I also do this because once in a rare while I get a gift from Shub-Internet, something that I would never have even thought to have searched for on the Internet, and there it is. Which is why, after I glanced up and saw the logo at the right, I had to get up off the couch and go see. I'm glad I did.

I absolutely dare you to shop there. I'm afraid I mostly won't be; most of the stuff they have wouldn't look good on a guy my size. But you're not all my size, which means that some of you could get away with wearing, for example, the best darned going-out-dancing pants I've seen in years, or any of their other Carnaby Row era fashions. Think you couldn't get away with it? Then you don't know the history of the current tiki revival. Genesis P-Orridge got sick of hipsters copying his style, so he deliberately dug out of antiquity the music and clothing that hipsters looked down on the most, that they thought was the most retro and disgusting. But since he can't wear anything without being confident in it, and since trend watchers keep an eye on guys like him, it wasn't a whole year later before the whole retro-tiki fad was everywhere. Someone once criticized me for caring about fashion, because they thought fashion was oppressive. And it is. And I don't care about fashion. I care about style, which is about designing your own look and wearing it with pride and confidence and in total comfort with yourself, without looking around you to see what the sheep are wearing this year. And to my eye, Fancy Pants has the makings of some really unique style statements.


Acme Heart Maker

I'll keep this brief, out of deference to those of you who're following kukla_tko42's request to those of you who have actual lives to stay off of the Internet today. Behold, I give the few of you who haven't seen it yet a link to the ultimate Valentine's Day toy, the Acme Heart Maker. It'll put any two four-letter lines onto a virtual candy heart for you, in most of the usual colors. (By the way, undocumented feature: If you can't read it because it chose the wrong color for the text, try again. Text color is random between pink, red, and purple.) If nothing else, it's fun to look at the most recent ones that other people have made.

Alas, they're just slightly too big for LiveJournal icons. But then, it boggles my mind that there is a Windows PC out there anywhere that doesn't have IrfanView on it, which resizes images instantly, well, and at the touch of a button. And if it's not good enough for you and you don't want to spring for Photoshop (and can stand the somewhat awkward user interface), there's always GIMP. I used GIMP to crop these, which I'll probably keep around for a while and which you are, of course, welcome to copy:

P.S. FYI, Mr. Bradley, Virtue server, mercenaries/poison mastermind, level 40. 248 hours.


Sorry it took me so long to get around to saying this. It's not reluctance on my part, it's that every time I've been ready to tackle this subject, something has crawled ahead of it in the priority queue. I did answer some questions about this in other people's journals, but the rest of you really need to hear this too:

Sorry, Keith Olbermann, but this time you actually don't know what you're talking about. The NSA "domestic spying scandal" that he's been beating on the Administration like a drum about for a week and a half now, and that you all have been hearing about, to the extent that we've been told the truth about it (and I'll come back to that in a minute), is being forced by the limitations of our technology, important to the country's safety, older than the actual phone system, and so far as we can tell, 100% legal. Yes, each of those is somewhat fuzzily defined, but the net effect is that what George Bush is saying about the program is technically correct, and that, not the fact that the Republicans control all three branches of government, is why you see so little movement on the subject. (If the Republicans had it in their power to squash a scandal as big as some people think this one is, you'd never have heard of Jack Abramoff.)

Older than the Phone System? I got saved from having to do a crapload of typing by PBS Online columnist Robert X. Cringely (a pseudonym), who wrote the best history of this program that I've seen yet, in his column about two weeks ago entitled "Hitler on Line One." The fact of the matter is that, especially in war time (and how much non-war time have we had?), going all the way back to the first trans-Atlantic telegraph cable, the US has been spying on all communications between the US and countries that we're in some kind of conflict with.

Legal as Church on Sunday? OK, here's the deal. The Fourth Amendment to the US Constitution protects American citizens in their "persons, houses, papers, and effects, against unreasonable searches and seizures." So far as I know, no court decision in this country's history has ever granted any constitutional protection to foreigners overseas. Americans at home, yes. Americans overseas, mostly. Foreigners here, sometimes. Foreigners over there? Nope. So the legal theory that every Presidential administration in more than half a century has depended upon is that as long as it's legal to listen in on one end of the conversation, the rest just comes with it. And that's without even testing the Bush administration's mostly-irrelevant legal theory that the right to spy on foreigners and their agents is an inherent part of any War Powers authorization.

Important to the Country's Safety? Well, here's how this all started. We invaded Afghanistan. Remember that? And one of our lucky successes was that when we invaded Kandahar, the Taliban's home city, we lucked into one of the intelligence finds that spies only dream of: an al Qaeda boss's laptop computer, hard disk intact. Including phone lists. Which gave them a list of al Qaeda agents, both in the US and abroad, to spy upon. So if this were still the 1940s, it would be trivially easy to spy on those people, and I think it should be painfully obvious why we would need to do that. Which brings us to the real heart of the matter, the dangerous and ugly (but probably borderline legal) part:

Technically Necessary? A while back, Bush said that whenever the government performs a wiretap, they get a warrant. This seems, so far as we can tell, to be true. The catch is that we almost never tap wires any more. Why not? Because there seldom are any wires that it would do any good to tap. We're past the days where you could count on an unencrypted, uncompressed analog phone signal traveling along the same line every time. We can't even count on comprehensible radio signals coming out of cell phones. This is especially true since more and more of the country is moving to the (European) GSM cell phone standard, something the NSA and the FBI fought tooth and nail. Why? The encryption's automatic and too good for or spies to crack in any reasonable amount of time. So these aren't wire taps we're talking about here. They're communications intercepts. (And they say that Bill Clinton was good at parsing language.)

Which brings up the ugly part of this, which may or may not be legal, depending on whether they're telling the truth about what they did with it not. You see, especially when it comes to cell phones, the only way for the government to tap them is to log directly into the phone switch and filter out the voice part of the call after it's been decrypted by the switch. Worse, since cell phones move around, you need to be able to do this to every phone switch used by their cellular phone carrier. And if they have multiple phone carriers, you need to tap them all ... at the switch. How do you do that? Well, here's the part that's all of our fault, and yet none of ours, let alone theirs. The law "requires" the phone companies to have upgraded their switches by now to let law enforcement log in remotely, request a tap on a single phone number, and have the switch give it to them. Privacy advocates have been all over this idea like white on rice because if they have their own logon IDs, there'd be no way to tell if they were using them or not. (Or so the privacy advocates say.) The phone companies have been dragging their feet, risking legal sanctions, because it would cost a fortune to implement, and the government isn't offering to pay for it. For both reasons and maybe even more, if the NSA needs to tap the phones of al Qaeda spies on digital cell phones, they only have one way to do it: tap the whole switch. From inside the switch. With the technicians' master passwords. Which gives them unlimited access to every call on the switch. For every switch they do this to. At which point, there is no way at all to prove what they've done with it; they could very easily tap every call that goes through each switch.

What they've said, the few times they've come close to admitting this is that they're not paying any attention to the calls except for the ones between the USA and overseas phone numbers associated with enemy nations or terrorist groups. And if they're telling the truth about that, then history suggests that it was perfectly legal and entirely the kind of thing that the NSA has been doing for a living for longer than any of us have known there was a National Security Agency. And the only catch is that we have to take their word for that. On the other hand, how good was this government at keeping the Iraqi reconstruction corruption scandals secret? Or Abu Grhaib? How good was the Reagan administration at keeping Iran-Contra a secret? All it would take is one disaffected employee to go public, and contrary to what you'd expect, the NSA has had plenty of disaffected whiste-blowers. So yep, I think they're telling the truth this time. Which means that the left, and various other paranoids, really are in the wrong this time.

Too Freaking Cool: Automated Tikis

kukla_tko42, who sells sewing machines that will do automatic embroidery, sent me the electronic pamphlet for a new software CD from Oklahoma Embroidery Supply and Design: "Tiki Lounge #1," asking what I thought of it and if I'd want a shirt with one of these designs on it. I'm blown away; whoever does their artwork "gets" tiki the way very few commercial illustrators seem to.

Each of those illustrations is actually a roughly 3" x 3" embroidery design that compatible machines will sew directly onto just about anything you can imagine. See also "Trade Winds," "Tropical Beauty 1," and especially "Tropical Beauty 2," any one of which'd also be cool for people who wanted to subtly tiki-fy clothing or hats or patches or insignia or accessories. There's a couple of cool things under "Hot! Hot! Hot! 1," too.

The way she's explained it to me is that in addition to being good, state of the art, do everything but serge sewing machines, these machines can take any design from these companies, or anything you design on your home computer, and embroider it onto just about any fabric. They can even scale it up or down pretty far either way. Not even vaguely cheap (which is why they offer financing), but man what an amazing thing to be able to do whenever you want.


A year and a half ago I wrote an article in which I praised Wikipedia as our best hope for an eventual long-term, lasting end to the Culture Wars. Whatever other value it has (or doesn't have), I said at the time that the most important thing it brings to the table is its core concept of Neutral Point of View, and I still feel that way. To summarize, NPOV starts with an encouragement to "Edit Boldly" -- if you have an opinion about something in a Wikipedia article, edit it all you want. However, the community on Wikipedia have agreed upon certain self-enforcing terms. If anybody, whether from among your opponents or some neutral bystander, thinks that what you wrote is inflammatory, intended to stir up hatred, then the next Wikipedian to see your edit will simply press two buttons and revert the article to what it looked like before. Similarly, if you deface something that your opponents wrote and others think that what they wrote was perfectly calm and rational, your deletion or vandalism will also be reverted.

This occasionally leads to what are called "edit wars" and "revert wars," where two or more people get into a fight by constantly reverting the article to their preferred text. But if you do that too many times, the article gets automatically locked until a 3rd party mediator steps in. What happens more often, though, is that somebody notices the edit war, looks at both sides' versions, and writes their own version that tries to be fair to both sides. Eventually pretty much every article on Wikipedia converges towards a version that tells the agreed-upon facts, and then tells everybody's side of the rest of the subject, in the fairest and calmest possible way for each side. It works because of massive peer pressure, and because eventually even the most bitter partisan usually feels sheepish after repeatedly deleting what even they would have to admit are fair and neutral statements and getting equally repeatedly slapped down for it.

Unsurprisingly, at least some politicians and political operatives don't "get" this. I say "unsurprisingly" because you usually don't make it very far in that line of work unless you truly are a True Believer. If you don't think that you've fairly considered both sides of the argument, looked at all of the facts, and come to the conclusion that your own side is 100% in the right and the opposition party 100% in the wrong, you probably won't be able to sustain the energy, the enthusiasm, to stay in there and stand up for your side. Very few people have what it takes to give both sides the benefit of the doubt and yet still have the stamina and determination to work for their side. I bring this up and say that they don't "get" it because a minor news story is probably going to break wide-open, and be this week's scandal of the week, at least on the Internet. See the Lowell (Massachusetts) Sun, "Rewriting history under the dome," and the Associated Press, "Meehan staff are said to admit rewriting data." In summary, US Congressional and US Senate staffers have been caught repeatedly vandalizing Wikipedia, from their offices, on the taxpayer's dime.

At the center of the controversy is the one politician who's admitted to ordering his staff to vandalize Wikipedia, Massachusetts Democratic Representative Martin Meehan. When he found out there was a biography article on him at Wikipedia, he ordered a staff member to replace it in its entirety with a piece of his own campaign literature, his own thoroughly one-sided campaign biography. It of course got reverted. When his staff checked back months later and found that it had been reverted, they simply deleted the parts of it that they didn't like, specifically the fact that he'd reneged on his original "term limits" campaign promise to only serve 8 years. This kicked off an edit war. When the volunteer administrators stepped in, one of them thought to pull the server logs to see what other articles had been edited from the same IP address, which turns out to be a shared IP address for everybody on the other side of the House of Representatives' firewall, and they were shocked: dozens, maybe hundreds of web pages vandalized or defaced in some way or other. So they slapped a temporary ban on all Wikipedia editing from within the US House of Representatives. It didn't stick, because the other administrators eventually concluded that bans on multiple addresses because of misbehavior of some of them violate Wikipedia policy. But during the argument over this, another admin pulled the server logs for all edits originating from the block of addresses associated with the US Senate, and found a similar (if not quite as egregious) history of bad-faith edits. You can see the combined summary on Wikipedia itself at the (temporary?) "Congressional Staffer Edits" page. Because of this, there's a community-wide argument over whether or not Wikipedia needs a separate, specific policy for edits originating from within the US Congress.

From a technical side, I actually think this is going to be pretty easily dealt with. In fact, existing software and existing moderation policies have already dealt with it pretty well. The only thing potentially long-term interesting about this is whether or not people who are not only truly fanatic about getting their way on Wikipedia but who are also getting paid to do so, who can do so on the company (or taxpayer) dime, can wear down the volunteers and software that support NPoV. Frankly, I doubt it, and I'll tell you why. One of the things that will almost certainly happen in the next day, or certainly by the end of the week, is that they'll slap a rule onto the server like the one they already have for America Online, which (like the House of Representatives) uses shared IP addresses for all users: they'll block anonymous edits. That way, the next time someone like Marty Meehan orders or even just lets his staffers try to whitewash his record or smear his opponents on Wikipedia, there'll be an indisputable audit trail of who did it. Which I can pretty much guarantee you will become an issue in their re-election campaign. Would you really want to be running for re-election while your opponent and the press are credibly accusing you, every day, of using taxpayer money to attempt to rewrite history?


Apple = Evil

Apple used to be like Google, committed to doing no evil. Going all the way back to the original 1984 Superbowl ad for the Macintosh, Apple was a company that differentiated itself from its competitors, especially from IBM and Microsoft, for its commitment to personal empowerment. Not only were Macintoshes as different from Windows boxen as, well, to cite another of their commercials that fewer people saw, as the telephone was from the telegraph, but the reason that they insisted that was important was that the Macintosh was a box that put you in charge, not some overpaid expert, not some faceless Information Technology priesthood, not even them.

Long before Seattle caught up with them in terms of usability, you could see this going the hell out the window when, starting with around System 7, they started obscuring the internals of the operating system. It used to be trivially easy to fix a Macintosh on the rare occasions when something broke, because every piece of the operating system was self-contained, clearly named, and extensively documented. Starting around the early 1990s, they started doing the same crap that Microsoft has always done of naming bits of the operating system with weirdly random incomprehensible short strings of letters and digits, and then spreading them all over the System Folder so that the odds were you couldn't just remove one, or change one, without breaking the dozen other things that you didn't know where to look for them, just like Windows is with DLL files. And, indeed, they've even managed to make it worse since then. I had occasion a few months ago to try to help a friend with MacOS X try to debug some problems with his Internet connection, and even the parts of the operating system that were supposed to be user-operated were muddy, unclearly labeled, and undocumented, with important operating system options that I know for a god damned fact that that Mach brand UNIX kernel underneath it supported carefully walled off and hidden. Apple has far surpassed Microsoft in the evil that is, "You'll use your computer the way we tell you to, Boy."

And that, the gods help us, was before they became a music industry shill. Because after spending time in company of such monstrous evils as Sony's music marketing division, the people who brought you the infamous Sony rootkit, Apple's standards for what is and isn't acceptable behavior have descended all the way to moral leprosy. Witness the ongoing malevolent evil that is the way that they managed the Quicktime codec.

Every few months, whether it produces any actual improvement in the product or not, Apple releases a new version of the Quicktime compressor/decompressor for video and music files. Every time they do, it breaks everything out there other than their own software for displaying *.mov files, forcing you to either go without any video that's in Quicktime format that was produced in the last few months, or download the latest free Quicktime Player. And I have come to dread the popup message that warns me that the movie I'm trying to watch requires a newer version of the free Quicktime Player, do I want to download it now, more and more every time, because every single one of the last three times I've been backed into doing so, they've managed to top themselves in the Pure Evil market. At this point, they've even managed to outpace Real Networks in the Pure Evil rankings, and I refused to do business with them ever again.

Starting several patches ago, Apple made it so far as I can tell impossible to install Quicktime Player and its codecs without also installing iTunes, and iTunes is the single worst-behaved piece of software that I've had on my computer in years. Patch before before last, or maybe the one before that, it acquired the default behavior of adding another piece of software to the Taskbar that would run continuously, sucking memory and cycles, specifically to keep any other music player like Winamp from launching automatically. If you set Winamp to be your default music player, iTunes would not only ignore your preferences and make itself your default music player, but they installed a virus on your computer (well, I consider it a virus) to change it back to them every time you changed it manually. And until you figured out how to disable that piece of software, it would launch itself again every time the computer rebooted, even if you manually killed it. I eventually figured out how to defeat that, right before Apple put a preference setting in to turn that behavior off. They put it in an obscure piece of software, not in the Quicktime preferences themselves or in iTunes, but at least they had it in there, right?

Last patch, they moved it yet again, to an even harder place to spot. Even knowing it was probably in there, it took me over an hour to figure out where they'd moved the off-switch for that obnoxious piece of malware to keep it from Trojan Horsing my music settings. No, by the gods, if you want to be so selfish as to not let them spy on every MP3 on your computer, they are going to make you work for it, every couple of weeks for the rest of your life. And I had mostly, reluctantly and grumblingly but mostly, reconciled myself to this, only to find out this morning that with yesterday's semi-mandatory Quicktime download, they managed to "improve" on it. Not only had they moved the preference setting to stop that Trojan taskbar program from launching yet again, but they ignore their own preference settings to hijack every media format to their player, and they hijacked my Firefox settings. If I go to Quicktime Player and check the preferences, I see that I have, in fact, specified that they are only to use their player and plug-in for Apple's own proprietary formats, that is to say, only for the things that they're the only one to support. Then this morning, I click on an MP3 link (the one in this morning's Something Positive) and instead of opening Winamp, it opens the Quicktime Plug-In. So I check, and sure as heck, contrary to the preferences I'd set in their own program it has set Quicktime Player, iTunes, and/or Quicktime Plug-In to be the default player for every music and video and graphics format on my PC. It's going to take me at least half an hour just to reset it, maybe more. And based on my experience the last time they came up with a Pure Evil upgrade, I'd just about bet good money that they've installed something on this computer in yet another obscure place, the gods forbid but probably knowing them a hidden rootkit or something, to change it back.

I'll no longer open or click on *.ram or *.rm3 or any other Real Media extension because Real Networks pulled crap like this once. I won't do business with someone who hijacks my machine, against my stated wishes, for the purposes of violating my privacy by sending themselves over the Internet a record of every song I listen to and every video link I click on on the Internet, for them to do whatever they want with, without even telling me about it, even if they only do it once. So now Apple has done this to me four times now in a row. It being Apple, like a dope I put up with it, in part because I felt like I had no choice but also probably out of some vestigial respect I once had for them from back in the mid to late 1980s when I remember them so fondly. But this shit has got to stop. If I can't figure out how to un-fuck-up my computer quickly, and if it doesn't stay un-fucked-up this time, I'm yanking the whole damned thing out by the roots if I have to reformat my hard disk to do it, and at that point, you can stop sending me links to anything in *.mov format. Because when your media player software manages to surpass both Real Networks and Windows Media Player in Pure Evil, you've managed to impress me.


Has the Webcomics Fad Jumped the Shark?

It seems like every day, somebody sends me a link to yet another webcomic. 99% of the banner ads on webcomic sites are for yet more new webcomics. They're proliferating at an incredible rate. There are now more daily-updated webcomics than there used to be webcomics, and more irregularly updated webcomics than there used to be web pages. I just checked, and I have 42 of them bookmarked myself. That's how many tabs open every day when I middle-click the Comics tab on my bookmarks toolbar.

So it has occurred to me to wonder if this isn't the peak of a fad? Back when only a handful of people were doing it, it was easy to feel special. If you managed to crank out a daily webcomic, you could count on finding an audience. You could count on daily ego-boo. Now, it's almost as common as blogging. It seems to me that that means that a lot of people who are doing it now, who are telling stories that would have captured attention a year ago, are going to have a hard time finding an audience. And unlike daily blogging, producing a daily webcomic is hard work, at least for most cartoonists. How many of them will keep doing it if the pool of ego-boo keeps getting drawn down to lower and lower levels? Some, absolutely. But I'm thinking maybe half to a third as many as are doing it now. If so, then one could argue that Clint Hollingsworth and Aeire, to name two people who used to be seriously famous for their daily or near-daily webcomics, got out when the getting was good, at the top of the game.

I'm wondering if I have an inkling as to what might be the next big thing for creative people on the web? What got me thinking about this was that I've become rather fond of an approximately-bimonthly updated web page called Tiki Bar TV. Roughly every two weeks, Johnny Johnny, Dr. Tiki, and Lala star in a short video, around three minutes, about a guy who's turned his apartment into a free tiki bar. What made me think to compare it to the webcomics is that there are passing similarities between the way the three characters relate to each other and the early storylines involving Torg, Riff, and Zoe in Sluggy Freelance, which is one of the grand-daddies of the webcomics fad.

So you've got sites like JibJab proving that anybody who's a halfway decent filker not only can you take news photos and clip art, and crank out hysterically funny animated short features in Flash, you can actually get world-famous for it. The soft-porn world colonized Flash animation ages ago; I'm actually kind of surprised that more people aren't using it for storytelling. And scattered among all the one-shot machinma, there are sites like Red vs Blue cranking out 30 some episodes a year of a series. And what was one of Apple's big announcements this week at MacWorld Expo, but an even simpler, and much cheaper piece of software for editing videos, iMovie HD 6, part of the $79 iLife package -- just the thing for filling up those hot-selling video iPods, perfect for running on the new twice-as-fast Intel Macintoshes. And now that 20 million Americans and 36 million non-Americans have broadband Internet access at home, it doesn't have to take any longer to view a 60 second weekly "web cartoon" than it used to take to read Kevin and Kell.

I've got a very good friend who owns more costumes than your average regional repertoire theater, 20 or 30 actors and want-to-be actors who are willing to work for free or cheap in her phone list, a life that's sneaking up on being as "interesting" (and potential story-filling) as mine, post-graduate level knowledge of fairy tales, and substantial experience writing and directing theater. I can't shake the suspicion that we need to raise money to buy this girl a newer Mac, a digital camcorder, and some off-site storage so she can adequately empty and light one room of the condo she's in as a soundstage. Because if anybody I know could keep people on the edge of their seats for a monthly or twice-monthly short video fix, it's her. And it'd make an excellent ongoing promo for her theater troupe, too. But whether or not she drops her vague plan to create a web comic and jumps into Internet semi-pro video, I suspect that some time in the next year or two all the Cool Kids will be doing it.
I pay at least some attention to what's going on in academic economics. I'm able to do this because I lucked into having an extraordinarily good high school economics teacher ... which is doubly extraordinary considering that even back then, hardly any high schools were still including a course in economics in their civics or social studies program or whatever they called it. Having had a good grounding in the fundamentals, and having spent the 20-some years since then reading up on the field, I find that I've been equipped with a very useful tool. It's a tool that helps me tackle one of the first questions that any child starts out asking: "Why do we?" It's a question most people stop asking, unfortunately. They figure out, to their lasting disappointment, that the adults in their life don't know why. Worse, they usually find this out when the adults in their lives give them answers to that question ... that turn out to be wrong. So, unfortunately, most people have "learned" that it's impossible to actually know why we do things a certain way. I'm just oblivious enough and self-centered enough that it never occurred to me to learn that lesson. Sure, the adults in my life almost never knew the answers to my question, and sure, a lot of the answers they did give me turned out to be wrong. To me, that was never a reflection on the question, but on the answerer. So yes, when I found out how useful a tool a good grounding in economics can be, I latched onto it with the same fervor that some of you have for other tools, like Dremel rotary tools or Gerber multi-tools or Kline brand electricians' pliers (to pick some of my other favorites).

But there's a famous saying that says, "If the only tool you have is a hammer, every problem looks like a nail." And unfortunately it's true that, by extension, if you're an academic economist who hasn't studied enough other disciplines, you assume that all problems are economic problems, and that the mathematical toolset of modern economics can "hammer" every "nail." Which is why, for all that I love Slate.com, their "Everyday Economics" column often makes me want to pound my head against the desk. Both Steven Landsburg, who used to write the column, and this new guy, Tim Harford, seem to actually know their stuff on economics. But both of them have written columns in which they applied current economic theory to real world problems, found out that everybody but the economists are doing it "wrong," that even some of the economists are doing it "wrong" (and feeling guilty because their own science tells them what they're doing is stupid, so they can't explain why they're doing what they're doing), and come to the dismal conclusion that everyone is stupid. For example, let me tackle Harford's column from last Thursday, "The Great Xbox Shortage of 2005."

Let's start by outlining the facts from which he's reasoning, all of which I stipulate seem to be accurately reported. Right now there are a lot of people who desperately (and to my mind, incomprehensibly) want to buy a Microsoft Xbox 360, this year's hottest new video game console. Some Christmases, retailers and manufacturers get surprised by unexpectedly high Christmas-season demand for some toy, but this isn't one of those situations. Both Microsoft and the retailers have known for months now that there was going to be huge demand for the Xbox 360. So why didn't Microsoft build enough of them? Because, as Harford correctly points out, demand is cyclical. This month, they need cubic butt-loads of them. Next month, demand will drop substantially, because it'll be too late to get the kids one for Christmas. By May, when they finally work through the backlog of orders, demand will drop like a brick out of the sky; not all the way to zero, but to a relatively tiny fraction of this month's demand. They didn't finalize the design in time to warehouse tons and tons of them. And if they had set up an assembly line big enough to meet the December demand, by June they would have been stuck with the fixed-overhead costs of a factory too big for the demand, and downsizing the heck out of their workforce. So for solid economic and practical reasons, some of you who desperately (and I still scratch my head over this part, but whatever) want an Xbox 360 are going to have a hard time finding one any time in the next couple of months ... at list price, anyway. So far, Harford and I agree.

But it's that last part, "at list price," that has got him convinced that everybody in the world except academic economists are morons. Economics teaches us that the only "fair" way to allocate a scarce resource is to let the market drive up the price. That way, the people who produce the best products have the maximum amount of money to use to create more product, and more to invent more innovative products. And, as Harford points out, thanks to the modern Internet economy, we know with uncanny precision what an Xbox 360 for December delivery is worth. Some of the people who lucked into them and are willing to wait until May to actually play on one (or who just snapped them up as investments) have been selling theirs on eBay, where (he says, and I'll take his word for it because I don't care) prices have converged very closely on a price of right around $700. So people who bought Xbox 360s at $300 are turning around and flipping them to customers who are quite happy to pay $700, and pocketing the $400. That kind of thing drives academic economists totally bug-fuck nuts, because for the life of them they can't think of any reason why those scalpers should have that $400. Why shouldn't Microsoft get that $400? Why not price the Xbox 360 at $700 right out the door, or even at $600 to be conservative, and then cut the price in January, and then cut the price again to the current $300 when the demand drops to the level of supply?

The reason that Harford, like pretty much all academic economists, can't answer this question is not because Microsoft's marketing department are stupid, nor because the toy stores are stupid, nor because the customers are stupid. No, in this case, it's because it is, if anybody, the economists are stupid. Because their spreadsheet models work so well for so many problems, it has never occurred to them to look up from them and realize that there might be more than one tool in the toolbox. And in this case, the correct tool for the job is storytelling. Human beings do not, by default, understand the world through numbers. In fact, we're remarkably ill equipped to do so. The human nervous system can't perceive much beyond two digit accuracy at best, and to the human mind, quantities above one thousand are effectively infinite. No, the default human tool for understanding the environment is the story. We tell each other stories, and well tell ourselves stories. That's how we know what happened, and that's how we hammer out an agreement as to why, and it is from that "why" that we tackle questions like, "So what should we do about it?"

So yes, if Microsoft were to price Xboxes the way farmers price grain and oil traders price oil (in both cases quite successfully, may I add), at say "$600 for December 2005 delivery, $450 for January delivery, $300 for March delivery," there is no doubt that Microsoft would maximize their return on investment. But instead of imagining yourself as a customer, or as an economist, imagine that you were a journalist who had to write a series of news stories about this hot new product. What would the ledes be? December: "Microsoft debuts new gaming system, priced at $600. Is any gaming system worth triple the current price of competing systems?" Yes, there would be people extravagant enough to pay that, obviously, because they're doing so now. January: "Microsoft slashes Xbox 360 prices 25%, citing declining demand. Analysts say that the move was predicted." March: "Today, Microsoft further slashed prices on the Xbox 360. Their gaming console, which debuted last year, has dropped in popularity to the point where Microsoft is now selling them for below the cost to manufacture them, hoping to make up the price difference by selling software."

Now, as an economist, I could make a case why those are reasonable decisions. As a journalist, I could make a case as to why those ledes are perfectly fair and accurate ways to describe, in plain English, the reasoning behind those perfectly rational economic decisions. Any newspaper covering the story would, in fact, be reasonably expected to include at least one quote from a university economist explaining that this is how efficient economies work, and from Microsoft explaining that the price cut was always planned and that no, this doesn't mean that there's anything wrong with the product. But the problem is that a price is more than a number. It's more than just a measurement. It's more than a supply/demand calculation. It's a statement. It's one more sentence in an ongoing story. When you quote an asking price, you are saying, "This is what I think I should be paid for this product." And if a product "is" (now) worth $600 or $600 or $700, and "is" worth $300 or less six months from now, then the story of that value is clear and unambiguous: either the product was over-valued at the beginning of that story, or it "lost" half or more of its value in a couple of months. And no amount of math, and no vast storehouse of successful examples of that math working to best allocate scarce resources, can make that story go away. And that, my friends, is why Microsoft is willing to let those scalpers pocket their $400, why they are in essence allowing a certain number of people who're willing to wait until May to play their Xbox 360 games if it means that the machine in May is "free," paid for by the profit of the sale on their lucky December machines: because if they didn't, they'd have to explain to customers and to shareholders and to market analysts where the missing $300 or $400 in value "went."

(P.S. Apologies of a sort for taking the weekend off. It was busy and I was sleepy.)


Firefox 1.5

I saw on Slashdot.com that version 1.5 of Firefox has semi-officially been released. I went ahead and installed it, and have been fiddling with it a bit. The good news is that they're not kidding when they say that it renders pages a lot faster. There are also some kind-of nice user interface tweaks, mostly subtle stuff. Automatic detection, notification, and installation of updates is faster and better designed, too.

The bad news is that so far, installing it broke several things for me. Nothing critical to me, I don't really resent having downloaded it. But several extensions I use haven't been upgraded for 1.5 yet. (One of them, Favorites Converter (Export), probably won't be, because the author hasn't touched it in almost a year. Fortunately, the one change I needed to make to it, so I can keep opening my Firefox bookmarks from the XP start menu, was a trivial hack and more-or-less documented on the Mozilla web page for the extension.) The one that might be a deal-breaker for many of you is that Flash says it's working, but it's not, at least not on my machine. I'm suspecting something to do with the new-and-improved built-in pop-up blocking software, maybe a bad interaction with the Adblocker extension. I'll fiddle with it some more.

You'll definitely want it. But I wouldn't rush to install it this week. Give it until next week, to let third-party developers who've been too lazy get all their extensions and plug-ins updated if nothing else.

Edit: On a whim, I disabled AdBlocker. Yep, that was it. Dilemma, that.


Pure Pwnage, "World of Warcraft is a Feeling"

Have you seen this yet? From an online gaming parody site called Pure Pwnage, a romantic teen-ballad music video, about half machinma and half acted, called "World of Warcraft is a Feeling."

This thing has got to be just about the easiest thing to make fun of in the history of online gaming. That is, presumably, the point. It's this very tender-sounding love story about two young kids, I'm guessing somewhere around age 12 or 13, who fall in love with each other through their World of Warcraft characters. And if you don't think that pre-teen online romance via an MMPORG is inherently funny, the icing on the cake is that the musical and production values, and for that matter the artistic and musical stylings, are an absolutely dead-on homage to the endless music videos by similar-aged manufactured pop stars/starlets on the Disney Channel. And if all of that isn't enough to tickle your funny bone, hearing standard gamer jargon text chat speak sung as if it were tender romantic dialog will almost certainly crack you up.

That is, it will crack you up if you can maintain enough distance from the characters (the real life ones played by the actors, not the WoW characters) to be almost completely devoid of empathy. It seems to me that if you've got even a twinge of empathy in you, you'll probably still laugh. (I did. I have, in fact, every time I've seen it, at least 2 or 3 times now.) But if you've got any empathy, if you remember how abso-freaking-lutely mind-bogglingly achingly crippling a first crush can be, it's hard to feel entirely good about yourself while you're laughing at them. (Give the teen actors credit. They obeyed the first law of comedy, which is that the characters in a comedy must seem to have no idea that what they're going through is funny.)

Sure puppy love is pathetic and silly and funny and sad, and trivially easy to make fun of. And sure, our society takes an inherently dim view of people "so pathetic" that they act as if the people on the other side of the screen are actually people, and relentlessly mocks the idea that you might form any kind of human or emotional or personal relationship with someone other than in person. Yuck, yuck. Ow.

Which is not to say that the video isn't funny. (Wry grin.)

Yeah! In Your Face!

A couple of y'all have been after me to get out of the pink collar ghetto and get a "real blog," my own web page with a copy of TypePad or Moveable Type or whatever, so I could get some more respect.

I call your attention to a TypePad blogger called Torrez, who just posted something called "Save as Draft" about a week ago. He's bemoaning the fact that so many of the bloggers he follows who used to have "real" blogs are moving to LiveJournal. And he admits that he's not maintaining his "real" blog as often as he used to, either. Why? Performance anxiety. Since his "real" blog doesn't have variable security levels, he feels like everything he posts has to be a completely proofread and genuinely insightful essay. He feels like "real" blogs have become a terrible environment to just post personal thoughts, or rough drafts of ideas.

If you read the whole article, and the replies to it, what you'll see is a whole lot of people, most of whom are embarrassed to be seen using a website whose majority users are teenage girls, but who've come to one inescapable conclusion: no matter how you slice it, neither Moveable Type nor TypePad supports as broad a feature set as LiveJournal does, nor do they facilitate ongoing conversation or give and take of ideas as well as LiveJournal does. Which is why more and more of them are switching. And, oddly enough, that's the same reason why I resisted moving away from LiveJournal in the first place.

So to those of you who've been after me for a year now to get out of the pink collar ghetto? Three words: In! Your! Face!


We're Not Going to Be Using a Lot More Renewable Energy. Various forms of renewable energy have been trying to get our attention ever since Saudi Arabia and Egypt used economic sanctions to punish the US for aiding Israel back in the early 1970s. Smart people, driven people, have been working on these problems for more than thirty years now. An awful lot of that research and development has been heavily subsidized by various governments, and spin-offs from the space program and from the dot-com bubble have been used to advance all of them. And the reason you don't see more of them, the reason you don't see businesses rushing to use them even with oil at $67 a barrel, is not because the oil companies are conspiring against renewable energy. After all, there are other corporations just as powerful and wealthy as the oil companies are, these days. If Microsoft thought it could save money by using renewable energy at its Seattle campus, do you really think that Shell could stop them? No, the reason you don't see more of this is because none of them, none of them, make sense economically, not if your meaningful measurement is cents per kilowatt hour. That is not to say that these systems don't make sense for some people who are willing to pay more cents per kilowatt hour for other reasons. For example, the most common reason is because the electrical grid doesn't reach where you are, or you have personal or political reasons not to want or to trust the power grid. Here's what the advocates of renewable energy don't tell you.

Solar: Photovoltaic cells are basically silicon chips, usually made using the gallium arsenide process. That is to say, they're made using the same technology and the same raw materials that your computer's CPU chip is made from, and with a similar but simpler process. Once you put the chip, or more commonly an awfully big array of chips, in direct sunlight, the electrical power is free from then on. What could possibly cost? Well, here's the deal: the electricity that comes out of that array is in a mostly useless form. The voltage varies from around 12 to 17 volts, and the amperage varies from zero (darkness) up to, well, whatever the maximum output of your array is, which depends on how many cells you have in your array. To turn that wildly variable and unreliable (but theoretically free) power into useful power, you need several components to sit between the sun and your appliances. First, you need a very sophisticated battery charger, an elaborate piece of electronics that monitors the voltage on both sides of it, and charges your battery bank when power is available on the sun side and needed on the building side. Then you need a battery bank big enough to carry you between peak solar input times. Then, to keep from wasting electricity in the DC to AC conversion process, you need as many 12V DC appliances as possible. And since no matter how much you're willing to pay, that won't be all of them, you need a whopping big DC to AC inverter to convert the output of your 12V (ish) DC battery bank to 120V AC (or 240V if you're in Europe). And finally, unless you want your battery bank to be so huge that it can carry you not from ordinary peak to peak, but through the worst possible dips in solar input, you then still need some kind of backup power source for when you go too long between intervals of full sun on your solar cells. And by the way, that almost always means some non-renewable source, like the municipal power grid where available or a gasoline or diesel generator where it's not.

Until very recently, some of those components were hand-built or kit-built one at a time, at maximum possible expense. But there's been enough solar energy research lately that you can now buy compact boxes, from German and Japanese engineering firms like Mitsubishi and Siemens, that handle the battery charging, conditioning of the DC output to an even 12V, and switching on your backup power source when the battery bank drops too low anyway. Prices on these boxes are, in fact, steadily dropping, so that's no longer the primary obstacle. Inverters are already consumer products, prices dropped on them ages ago. And yes, as silicon chip manufacturing technology has steadily improved, the cost of the solar cell arrays themselves have dropped steadily. So you can now install all of these components for cheaper than ever before, and they're all reasonably durable. Once you get them installed, you're in like Flynn, right? Free power from now on? Wrong. You forgot the battery bank. A pile of deep-cycle lead-acid cells big enough to run your whole house for a day, or worse for several days, is a huge investment. And as anybody who owns an automobile ought to know off hand, batteries don't last forever, especially not in an application where they're repeatedly charged and then nearly fully discharged. The real dirty little secret of solar power is that the recurring cost of replacing your battery bank as it wears out is more than the cost of buying the same energy from a normal utility company.

Now, there is movement on this front, and not just because everybody and his dog now knows that we desperately need better, cheaper, more power-dense battery technology that can withstand deep discharging. We need that technology for a lot of reasons, because we have a lot of things that want to run on batteries, from cell phones up to city buses. But despite working on that technology like dogs ever since the dawn of the practical laptop computer around 1990, scientists and engineers just haven't gotten there yet. In terms of price/performance, for big applications where weight isn't the primary constraint, where the primary constraint is cost, there's still no beating the lead/acid cell. So no, the real reason that there is some progress on the solar energy front is because of a technology called reverse metering. In a reverse metering system, you build a normal solar power system but with little or nothing in the way of batteries. Instead, you take advantage of the fact that the times when your solar cell array is producing maximum power are, by lucky coincidence, the times when the power grid most desperately needs power to drive factories and air conditioners and such. And what's more, because that's the variable part of the daily power cycle on the grid, it's the part that's provided by burning fossil fuels, because fossil fuel generators turn on and off a lot more safely than nuclear power plants do. Then, at night when the power is cheaper, you buy the same power back from the utility company's nuclear power plants. In essence, you use the entire rest of the power grid as a battery.

The technology is there; the higher end Mitsubishi solar power converter systems (and a few other brands) support reverse metering. The law lagged behind; I think there are still states where the utilities still aren't required to buy power from consumers at the consumer's discretion. Because the law lagged behind, adoption rates are low. In the relatively near-term future, the right combination of law, corporate acceptance, consumer acceptance, and technological availability may arrive to make solar a bigger part of our business and household energy usage. But even when that happens, it will barely dent the demand for oil, because reverse metering is actually a step backwards in seriously reducing the demand for oil. Reverse metering is a hack to get around the fact that batteries with dense enough power storage and long enough life aren't available. That hack slightly reduces demand for such batteries. In the absence of such batteries, purely electric vehicles don't work. You're not going to be powering your car, or your kids' school bus, or a jumbo jet with solar power any time soon. If you are, it's because you're willing to pay more for energy from the sun than from oil, not less. And we use a lot more fossil fuels on transportation than we do on production of electricity.

Wind: Wind has all of the same problems that solar has: the power supply isn't constant, so you still need that huge honking battery pack to provide power when the wind isn't blowing. But it has one other problem that makes reverse metering of wind power even more problematic than with solar: unlike solar, in most places wind output is at its lowest at the peak of the afternoon when demand is highest. But wait, it gets even worse. A wind power generator requires lightweight blades. Those blades have to be made from very expensive metal alloys, which have something in common: they all require huge amounts of electricity to refine. And those blades don't last forever. And at that, they last longer than the expensive array of moving parts that allow those blades to rotate freely both around the hub and around the base to keep facing into the wind, and the complicated array of moving parts that convert that rotation into electricity, and those parts also require significant amounts of electricity to manufacture. You also go through a lot of portable energy (and that means fossil fuel) transporting maintenance crews and parts out to the wind generators constantly, first to install them and then to replace worn out moving parts.

The dirty little secret of the wind power movement is that if you audit the lifetime power inputs and outputs of even the best wind generators on the planet today, over its lifetime a wind power generator uses more electricity than it produces. There are investors who think that they can beat this problem. But they've soaked up a lot of engineering genius and a lot of government subsidies in an awful lot of countries without making any substantial progress on this problem. At this point, we might get practical fusion power before we get wind-powered generators that actually produce more energy than they consume.

Biodiesel and Ethanol: Ah, finally, portable hydrocarbon fuel, something we can burn in cars and buses. We take carbon dioxide and nitrogen from the air, use biological processes to combine them with water from the sky and the ground, and we get carbohydrates. We cook and/or distill the carbohydrates to get alcohol or (in essence) cooking oil. We then burn the alcohol or cooking oil in our cars. It's all natural!

Except it's not. Large scale agriculture, the kind of agricultural density it would take to replace all those barrels of oil, hasn't gotten its nitrogen from the local air, or its water entirely from the local water table and local rainfall, for over 40 years. They get the nitrogen fertilizers, and even more importantly the huge supply of weed killers needed to make mechanical harvesting possible, from oil. They deliver those fertilizers and weed killers to the farm, and pump the irrigation water to many farms, using oil. And then when you have to process the soybeans into biodiesel or distill the corn mash into ethanol, that involves a lot of heat, that comes from oil. Audit after audit has shown that while biodiesel comes closer than ethanol does (the last I heard), both of them use more oil per kilowatt hour or horsepower generated, than they save. The dirty little secret of the renewable fuels movement is that it's mostly an "astroturf" movement, not grass roots; most of the so-called "demand" for it is ginned up by organizations that are funded by the big grain processing and soybean processing companies, in an attempt to rip off the rest of us for more federal subsidies to expand factory farming.

In conclusion, while solar power with reverse metering whenever it becomes universally available and a standard part of every home's energy system, and when every home in America has a solar cell roof facing south instead of tiles, has the potential to reduce the part of America's fossil fuel use that goes to electricity generation, that's not the biggest part of what oil is used for. And besides, that day won't get here before oil exploration and refinery construction catch up with demand. And even if you don't believe that those things will happen, that day still won't get here in time to have any effect, even a tiny one, on the gasoline price hikes predicted for the next 14 months or so. Nor will wind power bail us out, because the technology of wind power turns out to be, like meals in a pill and cheap passenger space flight, one of those things that looked possible back in the 1950s but turned out to be harder and more expensive than they looked. Nor will agri-fuels make any difference, because they are an agribusiness hoax; they have no net effect on the consumption of fossil fuels.


Cool HTML Tricks for LiveJournalers

I'm less in the mood to pontificate on opinions than to offer tutorials, so let me pass along a couple of tips that will make your life easier, and make LiveJournal cooler, whether you're writing your own journal entries or replies.

HTML Basics, Reviewed: Read more...Collapse )

A Few Useful Special Characters: If you use your word processor and "insert special character" to put non-standard, non-keyboard characters into your post, then if you use Macintosh it will look wrong on Windows, and if you use Windows it will look wrong on Macintosh, and depending on the font who knows what it'll do going to or from Linux. The official way to solve this is to use "escape sequences," abbreviations starting with an ampersand and ending with a semicolon, that simpilfy down to a single character. Since less than and greater than are taken, they have to be escaped, too: < and > respectively. ¢ is the US "cents" sign. € is the European currency sign. I'm snobbish about the accented e, so I use é all the time. © for the copyright symbol, ™ for the trademark symbol, and even more so ° for the degree symbol are ones that I use all the time, too. If I can't remember one, I use this reference here, which I have bookmarked.

Better Linking to Amazon.com: I love to link to books in Amazon.com. So do lots of you. But there's something you don't know: you only need part of the Amazon.com address for the book. Not only is it easier to edit, it works better, too. You see ... well, you don't see. Let's start with an example. If I go look up Sven Kirsten's The Book of Tiki on Amazon.com, here's the web page address it shows me ... this time:
Now, here's the part that isn't obvious. The first part of any Amazon address is the code for an item lookup. Then there's the item number, their catalog number. (For books, it's the ISBN. For everything else, it's arbitrary.) Everything after the item number is specific to you, the customer, and this time that you looked something up. So the real Amazon.com URL for The Book of Tiki is this: http://www.amazon.com/exec/obidos/tg/detail/-/382286417X. This works for movies, music, every item on Amazon. So if you wanted to link to The Book of Tiki in your reply, you'd type: <i><a href="http://www.amazon.com/exec/obidos/tg/detail/-/382286417X">The Book of Tiki</a></i>. Except, of course, that you wouldn't type that address in, if you were sane. You'd type <i><a href=", paste the first third or so of the Amazon.com web page address in, and finish with ">The Book of Tiki</a></i>.

Permanent, Registration-Free Linking to the New York Times: You didn't know you could do this, did you? First, copy the web page address of the story up to and including the ".html" part of the name. For example, today's article about the latest approval poll numbers for the President and Congress is at http://www.nytimes.com/2005/06/17/politics/17poll.html. If you link to that in your journal, though, two things will happen: people will have to register with the New York Times to read it, and in about a week to two weeks the link will stop working altogether. Well, there turns out to be a way around both of these problems. The Times has a contract with a web-based service called RSS Userland that says that their users don't have to register and don't have articles expire, and there's a web page here that will look up one of their story links and translate it to the address for the RSS Userland version of the same article. It comes out much longer, sort of the opposite of the Amazon.com hack above, but the resulting link is much more useful. In the example above, it comes out as http://www.nytimes.com/2005/06/17/politics/17poll.html?ex=1276660800&en=b349dca163f44ab9&ei=5090&partner=rssuserland&emc=rss. If you link to that address instead of the above one, it's permanent and registration-free.



My sleep schedule has gone completely random again, I think due to under-stimulation. It's leaving me a little mentally scattered. (I was delighted to spend a couple of days helping a couple of my friends by mowing their lawn and vacuuming their carpets, so they could get other things done. If you've got any household chores that can be outsourced and it's worth coming to get me, do so. You don't even have to feed me; I just need time with other people and something to do.) Because I'm having a little trouble concentrating, tonight's column is less than half done, and I'm out of energy to work on it. So, you know the drill: you get Quicktakes. Looking over the list, I guess tonight's is the "science and engineering" edition.

professor Moriarity is prohibited from reading this: Sam Hughes, "Mundicide: How to Destroy the Earth." I'm not crazy about showing it to codeb6, either.
"This is not a guide for wusses whose aim is merely to wipe out humanity. I (Sam Hughes) can in no way guarantee the complete extinction of the human race via any of these methods, real or imaginary. Humanity is wily and resourceful, and many of the methods outlined below will take many years to even become available, let alone implement, by which time mankind may well have spread to other planets; indeed, other star systems. If total human genocide is your ultimate goal, you are reading the wrong document. There are far more efficient ways of doing this, many which are available and feasible RIGHT NOW. Nor is this a guide for those wanting to annihilate everything from single-celled life upwards, render Earth uninhabitable or simply conquer it. These are trivial goals in comparison.

This is a guide for those who do not want the Earth to be there anymore."

Ten step-by-step scientifically feasible plans for completely destroying an inhabited planet, complete with an analysis of what scientific or engineering breakthroughs would be required, when the author thinks we will have the necessary technology, and how long after that the destruction will take. All you mad_scientists need to not go getting any ideas from this! (grin)

William Holmes, "System Changes Hog Waste Into Clean Water." (AP via Yahoo! News, 5/20/05.) Suffering Christ. This is too good to be true. On the off chance that some of you didn't know, one of the huge environmental disasters caused by factory farming is the proliferation of mind-numbingly awful waste lagoons. Which is just a fancy way of saying that there are buildings dotted around the landscape from which automated sprinkler systems hose tens of thousands of gallons of pig shit, chicken shit, and cow shit, but especially pig shit, into giant man-made lakes. Indefinitely. In theory, eventually bacteria will eat the toxins and the solid wastes will settle and the environment will take care of this problem on its own. In practice, um, no. Pig farms were never pleasant neighbors, even before factory farming. Trust me, I know. Taylor University was periodically downwind of Pigland, the largest pork farm in northern Indiana. And that was before factory farming got really concentrated, before the giant waste lagoons, back when it was just hundreds of pigs half the size of my car crapping straight into the mud.

So now there's this new system by a guy named Dan Lloyd in North Carolina. It purifies pig shit into drinking water and odorless compost in six hours, and he claims that it costs 40% less to operate than an old fashioned wastewater lagoon! Now this is what environmentalism looks like at its absolute best. When this guy's system gets final approval and patents and whatnot, it'll be available at a reasonable fee to every hog farm in America. But most of them will resist investing in it. Why? Because they've already got wastewater lagoons. If 9/10ths of them invest in the Dan Lloyd system and the other 10th instead cut their prices and invest money in buying out their competitors, that 1/10th will end up owning the other 9/10th, and nobody will use the new system. So nobody will even try. But if the government mandates it, then everybody will grumble, and everybody will invest in the new system on the last possible date, after every conceivable court challenge -- and suddenly the whole industry will be saving 40% on waste handling costs.

Home Reserve furniture: God, I adore this stuff. Somebody on my friends list linked to this ages ago, I forget for sure who, but I'm extremely grateful. I can't afford new furniture now; heck, I can't afford my rent, I haven't even been able to afford to go to the new Star Wars movie. But if/when I ever get money, this stuff pushes my buttons. For one thing, it looks like comfortable, practical furniture. For another, the prices really can't be beat, $299 buys a full-sized couch. On top of that, that price includes your choice of 63 different fabrics and patterns, no extra charge for most of them. (Right now I'd be leaning towards the Kid Glove Loden Microfibre.) Even better, you can buy an entire replacement set of fabrics, for when you change your mind, for half the price of a new couch, and change it yourself in seconds.

But the best part, the part that really hooks me in, is the absolutely ingenious design. From manufacturing to shipping to the home assembly process to the under-seat storage to the quick and simple system for changing or cleaning fabrics, there just isn't anything about these that doesn't delight the engineer in me. Don't believe me? Take a brief look at their assembly instruction page. There's a flash animation at the top that shows one of their chairs coming together step by step. Isn't that beautiful?

By the way, there's a relatively new version of Semagic out, the software I use to compose these entries. From version 1.5.0 on, editing is now a breeze. If you wish you could include some of the links and other tricks I do here and don't want to screw around with HTML the way I used to, this is the LiveJournal tool for you. It now toggles easily between HTML and WYSIWYG views. So I type away as if it were an ordinary word processor, using the usual keyboard equivalents for bold, italic, and underline. If I want to insert a link to someone on my friends list or friends-of list, I just pop down the menu of all of them. To insert a link to another web page, I just highlight the text of the link and type ctrl-M, and get a pop-up window into which I can paste the URL and change any link settings I want. On the very rare occasions where I want to manually tweak the HTML, like using HTML character entities for accented letters or adjusting the spacing on a block quote or a bulleted list or add "align=right" to an image tag, I flip over to the HTML view, type maybe a few characters, then switch it back to WYSIWYG and go back to effortlessly writing. If you're using Windows and you've been putting off installing an external LiveJournal client, this is probably a good time to do so.

Some PC Related Questions for My Audience

I hope you all won't mind if I take a break from Deep Thoughts (grin) to ask y'all some PC-related questions? I've been out of the business for a lot of years, and since then they've found whole new ways to screw me up.

Here's the biggest one. I had to install the latest version of iTunes to view the Serenity movie trailer in full screen. Ever since then, no matter what I do, it starts a Quicktime application in my toolbar every time I restart the machine. And every time that application runs, even though I have iTunes set to only be the default application for Quicktime movies, it hijacks all my mp3, m3u, and whatever else audio to start up in iTunes. Which, in addition to running slower than Winamp, uses one heck of a lot more RAM and system resources than Winamp. It keeps doing this despite the fact that I have nothing in my Startup directory, and nothing Quicktime or iTunes or iPod related still left turned on in my Services control panel. Worse, it keeps doing this despite the fact that I do have Winamp User Agent running at all times just to prevent this kind of bullshit, and it somehow defeats Winamp User Agent's efforts to keep control of mp3 and m3u files and streams for itself. The only way to get it back to Winamp is to manually quit that damned Quicktime applet, manually start Winamp, and run one mp3 or m3u, at which point Winamp User Agent wakes up and steals its control back.

This is exactly the kind of crap that's why I won't have RealPlayer or any of its bastard offspring on my PC any more. Real Networks pulled this kind of shit once. They eventually apologized and promised never to do it again. But they did so only after their stock went into the toilet because people like me were fleeing in droves and the industry press was endorsing boycotts. And since they had promised the first time that they wouldn't do anything like that, what good is their word to me? Now Apple is pulling this shit. I'd rather not yank Quicktime completely off the machine if only because damn it, the exclusive deal that Apple has with several studios means that most movie trailers on the Internet are in Quicktime format. But I'm getting close to that point, if I can't figure out how to defeat this damned piece of unkillable suspected spyware that Apple installed on my Windows box.

The next question is kind of a "freecycle" thing. Do any of my in-town friends have an old audio card laying around in a drawer that they'll never use again? The motherboard audio on this PC hasn't worked in years. The last time I had it in the shop, they "solved" the problem by giving me one of their trash-can video cards, an ancient and crappy ESS1969. Now, while it's unmistakeably not worth my spending money on it, I have a minor use for a free piece of software called Ventrilo. Anybody got a card that's compatible with it that they won't miss sitting around in a drawer somewhere?

The final question is about IP phone service. I need to save some money, so I'm probably going to ditch the cell phone and switch to some voice-over-IP phone service. I've already priced Vonage, and I gather that Charter Pipeline offers phone service in my area. Does anybody here have any experience with either? And since Charter won't put pricing info on their web page, if you've used (or are using) Charter phone service, what do they charge for the lowest level of phone service?


System Outages and Pink Collar Ghettos

For the benefit of those of you who don't check your LiveJournal account at least once a day, LiveJournal just went though a slightly over 24 hour complete system outage, and parts of it are still being brought back up. Basically, despite fully redundant power supplies, the collocation facility that hosts their servers lost all power, and it would appear that bringing things back up was made more complicated by the fact that they're in the middle of a conversion from one database package to another. There'll be more details about it later; right now they're not that important.

Because LiveJournal.com is one of the busiest sites on the Internet, it became a minor news story. eWeek used it as an excuse to grind one of their favorite axes, namely that free Internet services are doomed, all doomed, and will never amount to anything. But pretty much everybody else, including sources as diverse from each other as Slashdot and Something Positive, spun the story in a way that took me completely by surprise: total contempt for LiveJournal's customers. What's more, the majority of Slashdot's membership expressed their contempt in the exact same way that Randy Milholland did, namely, by stereotyping all LiveJournal users as bubble-headed teenage girls. I guess that adult male writers like me, and arkhamrefugee, and theferrett don't exist in their world. No, that's not fair -- what's really going on is that they see us as aberrations, as unusual exceptions. No, it is 100% clear to half of the Internet, apparently, that other than a few people, what LiveJournal is really for is for teenage girls to obsess about their mundane high school lives.

brad Fitz got some nice smackdown in on the snobs at Slashdot, though, reminding them deep in the comments on that story that for all that their site is famous for the Slashdot effect, a tendency of Slashdot users to flash-mob web sites and crash them if they weren't set up to handle that much simultaneous traffic, it's never been Slashdot that's ever brought LiveJournal to its knees, but at least once it was the other way around when something he wrote on the front page of LiveJournal.com linked to Slashdot and the resulting rush of traffic nearly crashed Slashdot itself. Slashdot may be big and influential, but in terms of sheer number of users and influence on the Internet, Brad Fitz has a much bigger e-penis than "Cowboy Neal" does.

You know, alienne has been after me for months to get my journal off of LiveJournal. Her argument wasn't technical, it was social (for all that she's the one who introduced me to LiveJournal in the first place). She keeps telling me that I'll never be taken seriously as a writer as long as I'm on LiveJournal. And until today, I had no idea what she meant, let alone that she might be right. But you know, there's something I say about corporations that may be true of Internet subcultures as well. What I've been saying for a long time is that no matter how big a company gets, and no matter what companies it merges with, and no matter what other jobs or industries it branches out into, the company's "core DNA," by which I mean its corporate culture and norms, is set by the first industry that it was in. Well, one of the things that people were saying over and over again in that Slashdot article was to stop calling LiveJournal a blog site. To the snobby purists, LiveJournal isn't a blog site. Never mind that it has hundreds of thousands of people using it to blog. Since (in their opinion) it started out as a diary site, that's what it's going to be forever in their minds. And keeping a diary and reporting breathlessly on your daily life is seen as a pre-teenage girl's activity. And like all activities engaged in by more women than men, it is therefore by definition contemptible.

God, I hate that kind of crap. I may not be doctrinaire enough to make some feminists happy, but I'm sick and tired enough of seeing "pink collar ghettos" to be reminded why I think of myself as a feminist. Let me give you an unrelated by clearer example. As my ex-wife found out, from the 1950s through the 1980s, being a Technical Writer was an almost all-male profession. Technical Writers were by and large middle aged male engineers who'd been trained in technical writing so that they could maintain project and software documentation. As a job that was traditionally held by moderately successful male engineers, it was semi-high status, and paid very well. But then over the course of the 1980s, more and more college English departments offered courses and specialization programs in Corporate Communications, graduating fresh young college graduates who were ready-made professional Technical Writers. But college English departments are a largely female preserve, so an awful lot of the 1980s crop of technical writers were female. And not coincidentally, over the course of that decade, despite the fact that standards were rising and demand was rising, wages fell in the technical writing field. Why? Because it was no longer a high status job. And what made it low status? It was a job done by young women. It had stopped being thought of as a white collar job and had become a "pink collar" job, one with all of the prestige of a clerk-typist or a secretary (both of which were also higher-prestige jobs back when they were all-male jobs, oddly enough).

And now I find that in the eyes of much of the male world, I'm doing my writing in a pink collar ghetto, and am therefore contemptible. Who knew?

Office Space Was a Documentary

I have an odd relationship with the movie Office Space, odder than most people's.

When the movie first came out, I ignored it. Modern screwball comedies mostly don't work for me. I'm not all that fond of Mike Judge's work. I'd seen the original series of cartoons that it was based on, the ones about the character of Milton and his humiliation at the hands of his manager, and I'd mostly hated them. And what's more, I don't go to see a lot of movies, probably not more than four to six per year, so I actually need a reason to go see a particular movie, and I just didn't have one for this one. So it came, and went, and I didn't think twice about it. Eventually it came out on DVD, and hick0ry was all over me to watch it, but my reasons still held, so I kept blowing him off. Then I found myself working at a place where all of the front-line supervisors, and most of the employees, were huge huge huge fans of Office Space, and kept making inside jokes from it. So out of self-defense, and because I can't stand not getting a joke, I grudgingly borrowed a DVD copy and watched it. And was promptly blown away, far more than even the most enthusiastic fan among you. You see, I recognized it. Not Milton's story, not the lead character's exact story, but I recognized every other detail in that movie.

If you have seen Office Space, you may have thought of it as being a lot like Dilbert. A lot of the early Dilbert strips were based largely on Scott Adams' experiences at (if memory serves) Pacific Bell, but a lot of it came from conversations with friends, then emails from fans, and so Dilbert became basically the generic awful-office cartoon, with little bits of this and that from awful companies all over the country and around the world. You know, like you thought Office Space was. Ah, but you're wrong. That's an actual company. I know. They wanted me to work there. No, I know what you're thinking, and I'm not delusional, and I'm not projecting my own issues on to the canvas of the movie. There are just too many of the details that line up. I wish I could tell you the name of the company, but there's no way I'm going to remember it, and at this late a date I probably can't even find it with a Google search. You see, there were a lot of companies in that particular business niche at the time, and after I got fired from MasterCard, there were about a dozen of them that were desperate to hire me. All of them offered to pay my relocation, and offered me a 50% salary increase over my already fairly impressive $48k/yr salary from MasterCard. Only one of them was from Austin, Texas, though, and the urban landscape in that movie is unmistakable to anyone who's seen even pictures of the real Austin, Texas. (If one needs more proof, let me point out that Mike Judge is from Texas; the only place he would know that would have that particular job would have been in Austin, the "technology capital of Texas.")

I turned them down flat. For one thing, I was in the middle of a complicated and mildly risky real-estate deal that would have been seriously jeopardized if I left St. Louis. But with that kind of money, I could have had a lawyer look after that, and the recruiters reminded me of this on a regular basis. How regular? Two and three times a day, most weekdays. You see, they all had a job that they very desperately needed filled. It was the same job every time. I knew that job. I knew how to do it, I knew I could do it, I knew people who'd had similar jobs. That last part's the catch: I knew too much about the job to fall for their seductive offers. I'm glad I didn't, too. They were offering me "Peter Gibbons' job," and I knew long before the movie Office Space came out just how awful that job is.

Peter Gibbons, the character played by Ron Livingston in Office Space, was a software quality analyst for a consulting firm in Austin, Texas, that was heavily involved in Y2K conversions. And, just as the recruiter for the actual company told me, their original client list had been largely in the banking and savings & loan business, and through referrals from past clients they were making big, big money doing Y2K conversions for banks and S&Ls.

What is a software quality analyst? Only the worst job in North America. I'd rather work fast food. You see, it's like this. Systems analysts and business managers design software. The programmer teams write it and (to an extent) debug it. The resulting product consists of at least a hundred, and often as many as several thousand, pages of what looks like especially cryptic modern poetry. The job of the SQA department is to read, by hand, all thousand of those pages, every single line of it. In most places, they don't even let you read it on screen; for obscure industry reasons, it must be read and marked up on paper printout. The Software Quality Analyst is not looking for bugs in the software. He is not verifying whether or not it will work. He is verifying that it is formatted according to company guidelines. The variable names must follow the company's data dictionary standards for how to name variables. The lines of code must be indented to standard company indentation rules. The spaces around the various operators must be there, or not be there, even though the spacing has no effect, according to the company's standard for when there should be spaces and when there shouldn't be. In computer programs, "comments" are notes in more-or-less plain English that are embedded in the code, saved along with it, to provide helpful hints to the next programmer to work on this program as to what was done, and how, and why. They don't have an effect on the way the program runs. The software quality analyst's job is not to make sure that those comments are correct, only to make sure that there are comments everywhere that the company standard says that there must be comments and that they are formatted the way they're supposed to be. It is, as I say, quite possibly the worst job in North America, and I say that even after having read this year's list of the worst jobs in science. Because they must have at least some understanding of what the code says and what properly formatted code looks like, it must be done by someone with a bachelor's degree in computer science. But the job amounts to proofreading gibberish. It has always paid about 50% more than any job in computer science that has comparable education and experience requirements ... and still, hardly anybody lasts a whole year in it.

And the worst part of this was that they were calling me about this during the exact time that the movie Office Space was set ... in 1999! When I asked those recruiters what the company was going to have me be doing after December 31st, they said, to a man, "We're a successful and growing consulting firm, we'll have plenty of work." They were lying. They knew it. They hoped I didn't know it, but I'm not that dumb. I knew that as each and every one of those Y2K projects was completed, most of each project team was going to be laid off. The "lucky" few would be transferred to projects that were running late (in blatant violation of Brooks' Law: "Adding personnel to a late software project makes it later.") But by the beginning of January, every single person at every single one of those firms who'd been working on Y2K conversion was going to be unemployed. And that is why everybody in Office Space is obsessed about when the layoffs are going to begin, and in what order.

You thought this was a generic office? Why did you think that? You have to have noticed, you must have noticed if you ever went anywhere near a restaurant in 1999, that the character of Joanna (Jennifer Aniston) was working at TGI Friday's? That wasn't a generic "experience marketing" bar and grill, that was a particular one: exact same uniforms (with the exact same obsession with buttons and gewgaws and other "flair" that was supposed to conceal the fact that your waitperson was exhausted from a long week of hard work and convince you that they were having fun), decor only modified enough to make it possible to get film cameras in and around the characters conveniently -- for crying out loud, same red and white striped awnings! So if you noticed that the restaurant business in the movie wasn't just any generic chain restaurant but one particular one, did it occur to you to wonder if the office job in question might not be just any generic office job? Well, it wasn't. It was, in fact, one particular office job at one particular firm, and one I count myself very, very lucky to have not been caught in.

Postscript, added later: A TPS Report, by the way, is almost certainly a Time and Productivity System report. All consulting firm employees, even the salaried ones who technically don't have to use a time card, have to report what project each 15 minutes of their day should be reported to. Back in the early 1980s when Project Management software first became available, someone came up with the idea of modifying those forms so that people would also report what phase of each project each 15 minutes was spent on; that way the software could track how many man-hours had been spent on that phase and could thereby attempt to predict how close to being done that phase of the project was by comparing reported man-hours so far to forecasted man-hours until completion. Then as various productivity improvement fads swept through the system, most notably Total Quality Management, the word "productivity" got hung on everything, especially every report. Management cares a lot about TPS Reports because they determine how the client gets billed for a project in progress. Bottom level managers like Bill Lundburg care a great deal about even finicky little details like using the right updated version of the cover sheet for the TPS Report because having them all be identical makes it quicker for him to copy the cover sheet details into his own email or TPS data entry screen so that he doesn't have to actually read your report to make his report to upper management. Does this mean that real jerks like Bill Lundburg don't also take advantage of minor screwups to reassert their authority over people they feel inferior to, say, people with more up-to-date degrees, by making them feel stupid? Oh, no, you betcha that they do that.

And for those of you who've never used any of the HP LaserJet printers that an LCD display in addition to warning lights, "PC LOD LTR" means that the Paper Cartridge is either empty, or loaded with legal-size paper, so for this print job to go through you need to LOaD LeTteR sized paper.
I'm staying over at some friends' house and their internet connection is having problems with both latency and bandwidth, so I don't have the patience to write anything lengthy (or do any replying to earlier conversations) tonight. Those of you who've been with me a long time know what that means: QuickTakes.

Independent RTS Game of the Year: Slashdot had a link to an article on GameTunnel.com - their list of the top ten indepently programmed computer games of 2004. Only one of them was a classic real-time strategy game, a fairly new (November) release called I of the Enemy by Enemy Technology. I'm glad I saw this link, because just from the first three missions of the free demo I'm getting the feeling of the same depth of acting and storytelling we got in Starcraft (and, to my taste, not in Starcraft's comparatively mediocre sequel). I'm going to agree so far with GameTunnel.com's reviewer: the voice work so far is just amazing.

I see I'm not the only one who thinks so. Also courtesy of Slashdot, I was referred to GamePro.com's list of the 20 worst things to happen to the entire computer gaming industry in 2004, and the god-awful nightmarish train wreck that Sony made out of Star Wars: Galaxies made #11 on the list. In fact, from GamePro's news coverage, they managed to make it worse in ways even I hadn't heard of, and GamePro claims that you can see the result on the servers: no population to speak of, and player-run shops emtpy of both customers and merchandise. SWG is turning out to be the final proof of Richard Bartle's contention that the real problem with MMPORGs is not the companies, but the players -- because almost every change that happened to that game was something that a big bunch of players lobbied for, and that Sony ordered, over the objections of the game's original designers and the game's original fan base. (You watch: they'll probably do the same things to World of Warcraft over the next six months, too. Unless Blizzard shows unusually strong will, it'll become a victim of its own marketing success.)

"Forget it, Jake. It's Chinatown." I've been meaning to link to this article in the context of a bigger article on the evils of kleptocracy, but since that article's nowhere near done, let me point you to this interersting short retrospective that was in Yahoo News back on December 10th: "'Chinatown' Makers Recall How Classic Made." For the occasion of the 30th anniversary of the film, several of the cast and crew gave a panel discussion in Hollywood on the subject of how such an amazingly different and just generally amazing classic film managed to get through the studio system. (For reasons intuitively obvious to the most casual observer, the director Roman Polanski was not present.) The short answer is that it wasn't easy, that everybody at Paramount hated the movie, period, and only let it go through in the award-winning form it did because at the time, director Roman Polanski and lead actor Jack Nicholson had enough status and enough clout to get their own way. But for me, the most interesting point was one I've always wondered about, and it turns out my guess was right. In a very real sense, Chinatown isn't fiction. Screenwriter Robert Towne said that the four main plot points of the movie: corrupt housing developments, the water wars in the LA basin, incest among the rich and powerful, and the then-systemic police corruption in Chinatown, were all based on real events he had learned about while working as a reporter in mob-controlled Los Angeles in the late 1940s and early 1950s. I thought it might be. It's not an accident that nearly all of the best film noir and hard-boiled detective fiction is written by either ex-detectives like Dashiell Hammett or ex-reporters like Towne or Carl Hiassen. Unless you've had inside, behind the scenes access to what a genuinely corrupt city is really like, a real nightmare town, you just can't make this stuff up.

Speaking of corrupt cities, though. Thanks to the Arch City Chronicle web site for calling this to my attention: there's a new and absolutely amazing article on the east-side St. Louis strip-club industry, concentrating heavily on its organized crime heyday before the casinos went in back when I was a semi-regular in the 1980s. It was called "Fantasies Made Fresh" by Scott Eden and it appeared in, of all places, the latest issue of a British literature and news analysis magazine, basically a New Yorker immitator, called MaisssonNeuve. The absolute last place I ever expected to see the best analysis of organized crime and political corruption in Brooklyn IL and Washington Park IL was in a British magazine, but by the gods, there it is. (Unfortunately, it cuts off before it gets to the end.) I've been wanting to see something like this for a long time, because like anybody who reads the news obsessively, I've known for a long time that what the east side of St. Louis has in common with eastern mountain Kentucky, and with northern rural Louisiana, and with just about every single one of the poorest places on the planet, is that while there is actually no shortage of money, including charitable giving and federal and state anti-poverty grants, going into those places, the problem is that just about every single penny of it is stolen by corrupt city officials, with almost no objection from the locals who seem to always think that either there's nothing that can be done about it, or that eventually it'll be their turn.

I'm not going to say that there's no corruption in richer, more successful places, regions, cities, countries. What I am going to say is that those places still have two things that totally corrupt places like LA in the 1940s and Hazard in the 1980s and metro-east St. Louis now don't have. First of all, in the successful places, corrupt political officials and their victims share a sense that it's morally wrong to steal. And perhaps not unrelated, to go back to a subject I wrote about when I first started this journal and Enron was in the news ("Kipling on Enron" and "C. Wright Mills (1959) on Enron, and What Kipling Has to Do With It, and What It Has to Do With Me"), they knew that there's a limit to how much you can steal before you kill the goose that lays the golden eggs.

Mailinator Down

Mailinator.com is down until at least the beginning of the year. The status page that says this is, I'm afraid, all that's left of the site at the moment. In hindsight, it was knocked out by a perfectly obvious design flaw.

Mailinator, for those of you who weren't around when I plugged it before and haven't stumbled across it on your own, is/was a website designed to make it trivially easy to create and use disposable email addresses, all paid for through web advertising. It required no registration, no funky setup, no preferences -- no password at all, either. You could just tell anyone in the world to send your email to (anything)@mailinator.com, and Mailinator would accept it. You could then go to Mailinator, enter the (anything) in the field on the front page, and see what mail had been sent to that address. So could anybody else, but they'd have to guess what you used for an email address; nonetheless, it made sense only to use it for things that you didn't care if somebody read it over your shoulder. An hour or two later, the whole thing would disappear: mail, email address, and all. What good is that? Well, it was designed almost specifically for registering for snoopy nosy web pages that insist that you register, and give them a valid email address to which they can send a confirmation code, before you can read anything. I, in fact, found out that it was down because the next journal entry will include links to such a site, the Washington Post (which has a particularly obnoxious registration process and uses non-standard cookies that are incompatible with the Linux/KDE Konqueror web browser, by the way). I was going to recommend that those of you who didn't have online registration with the WaPo could set up one using disposable email addresses on Mailinator.

In hindsight, though, it's obvious why Mailinator went down, and it didn't take any kind of conspiracy theory involving anti-privacy advocates or aggressive advertisers. No, one of the primary uses of Mailinator was for times when you wanted to register to use a web page but didn't trust them not to send a ton of spam, and/or sell the email address to spammers. What that means is that thousands and thousands of email addresses on mailinator.com almost certainly ended up on the email address lists of every major spam delivery service on the planet. The result, again obvious in hindsight, is that despite upstream spam filtering Mailinator's bandwidth bill went through the roof, as the spam that made it through the upstream filters rose exponentially with every new Mailinator user. So it got to the point where they had to take it down, or their bandwidth bills would have eaten them out of house and home. They claim it will be back some time during or after the first week of 2005. Presumably this will involve even more aggressive upstream spam filtering.


Diversion: Computer Games

There are good days, and there are bad days. This was one of the bad days, where I missed almost the entire day because I spent it in bed semi-comatose and half-dead. So rather than tackle anything philosophical or political, this is a good time to change the subject and talk some about computer games.

Samorost: This is a cute little diversion I found through a passing mention in the blog BoingBoing a little while ago. It's completely free, web based, requires Flash, best on a screen that's at least 1024x768. If you're very good at these kinds of games, where the way to advance the movie is to find the right place to click to trigger the next action, you'll probably blow through this in about 15 minutes. I'm not so great at such games, it took me about an hour. But it was an hour well spent, and a day or two later I played through it again just to enjoy the goofy flow of its storyline and its beautiful, lavish, silly artwork.

Neocron 2: Beyond the Dome of York: I'm going to try to not bore you with endless boring details about this game, because I know from 30 years in science fiction fandom that there's nothing in the world more boring than hearing about somebody else's gaming character. But I just had a characteristically jarring moment. Super-fast backstory sum-up: It's centuries after an ecosystem-wrecking nuclear war. Three generations ago one iron-age tribe dug up the Ceres Disks, a kind of CD-ROM archive with reader left behind by 21st century Americans to give advice on how to jump-start civilization after a dark age. They used that information to build two giant mega-cities; the older one used a giant but thin steel dome to keep out toxic environment (Dome of York), the younger one used a new kind of force field (Neocron). Within those cities, following the advice from the Ceres Disks that stock-funded mega-corporations are the most efficient way to allocate resources and manpower, each tribe reorganized as a corporation: City Admin to provde the police and banking, Diamond Real Estate apartment management, ProtoPharma the medical industry, Tangent Technologies weapons and armor, and so on. During Neocron 1, the "corporation" I joined was the Tsunami Syndicate, who took three abandoned sectors on the outskirts of the industrial area and turned them into an "entertainment" district. That was our specialty, the "entertainment" industry: pornography, prostitution, liquor, and gambling, with a side business in blackmail.

During the time period between Neocron 1 and Neocron 2, there was a war between the two cities; Neocron won by hacking a neutron bomb that was going to be aimed at them from the Dome so that it went off inside the Dome, killing everybody except a few dozen soldiers in the field, collapsing the dome, and wrecking quite a few of the buildings closest to the blast. City Admin celebrated their victory by sending their now surplus army into Pepper Park and Tech Haven to root out the gangsters, political dissidents, and outlaw hackers, and we all had to retreat to the dead wrecked city up north, the Dome of York. And to cement their victory, the Reeza Administration's goon army used thermite to destroy the interiors of the Tsunami Syndicates pleasure palaces. We're now told that they're now being rebuilt and will eventually be run by some puppet corporation of City Admin called the Red Pepper Group. As I've mentioned before, this affected me in an unexpectedly visceral way. I spent a lot of time in Pepper Park sector 3, the sector closest to the Industrial Area, running guns, and commuting to the Twister Club at the top of sector 2 to run dance events related to my illicit strip-club-themed (Live365.com) radio station. I've written about this before, but a lot of you are new.

Now, here's the new part, the part that hit me in an odd place. The other day, I snuck "The Infamous Brad" back into Neocron City, infiltrating through the one unguarded gate, through the Outzone slums, and in no farther than Pepper Park sector 3. (If I'd gone any further, I would have run into a small army of City Admin hired goons and cyborg CopBots who would have blown my rump to kingdom come.) But there I was, right in my old neighborhood ... which is now a dump, the storefronts empty and boarded up, a haven for desert smugglers who come in and out the way I did. But I knew a rumor that we had taken over the old abandoned City Mercs "secret base" hidden under Bum Asylum, the homeless shelter in PP3. And I knew from before the secret trick to getting into that empty cellar. So I snuck in to see what we were up to in our tiny little remaining spot underneath the worst part of Pepper Park, we who used to be its kings. And once I got into it, I had this pleasant shock. Oh, I thought, this is where the old Twister Club fixtures ended up! The Reeza Administration goons only think they closed down all of our bars! So I sat down where I could watch the replicant cage dancers and had a Powerbooze Gold for old time's sake. And it felt oddly right, like I had fulfilled one part of a promise to myself. They'd burned my old places of employment, evicted me from my apartments, seized all of my property ... but they couldn't keep me out for good! I was back, if only temporarily and occasionally and not very far in, but back nonetheless. It occurred to me that no higher level than I am (I ended up having to reroll the character and am only about halfway to effective combat rank), I could have some fun with a remote piloted vehicle kicking around the (NPC) City Admin goons who're guarding the inner doors to the old Pussy Club, one of my old bases of operation. I'll bet I can stand just on the guarded interior edge of our hidden sanctuary, fly a model MR-1000 drone with a rocket-propelled grenade launcher up to the Pussy Club lobby, and bob and weave while smacking those guards around. Worst case I'm wrong, I lose an MR-1000 and have to retreat into the bar until the heat is off. But it'll be another step in my revenge.

Reakktor is unlikely to let us win; the odds that Lioon Reeza's dictatorial City Administration will be toppled and the Tsunami Syndicate will ever again rule Pepper Park are astronomically low. But oddly, I find that I don't care; symbolic vengence is enough for me. And it was with that that I realized who I've become, in game, and who the Tsunami Syndicate now are. We're the first generation Cubanero refugees, the exiled Battista gangster regime after Castro. Suddenly we're not all about making money and having good times, suddenly we're awfully chummy with the drug gangs we used to fight, suddenly any political opposition group looks good to us, even the religious fanatics we also used to ignore when we could and fight when we couldn't, and suddenly we're a lot deeper into gun-running, assassination plans, and long-odds commando raids. Wow, this is a side I never expected to fight for! It's a very odd feeling.

Sid Meier's Pirates: Oh, my god. My favorite computer game of all time has finally been updated and reissued! I don't have $50 for it right now. I'd hate to find myself scraping for pennies to pay the cellphone and internet bills three months from now and have everything shut off because I blew $50 on a computer game right now. And when I'm still paralyzed by panic attacks and not getting done what I need to to have a shot at long-term survival is not the time for me to get another computer game addiction; if any of you are tempted to buy this for me, wait until I at least have the doctor's visits and the lawyer's arrangements taken care of, as a reward. But oh, my god how I want this.

The original Pirates! Gold was a nearly perfect reconstruction of the classic movie pirates like the Sea Wolf, with that amazing eye for historical detail that Sid Meier always brings to his games, and I spent many happy hours playing it at the old Brad Davidian Compound. Now it's been updated to be compatible with a modern operating system, and all of the graphics rendered in 3D with full stereo sound, even better than the translation from Civilization to Civilizaton II, as cool as that was. The sea battles involve ships that are more differentiated from each other and include more ammo choices (chain shot! yay!). The land battle game, for beseiging cities, is much better than before and looks gorgeous. And they've added one delightfully silly, fun looking minigame. Before, one of the optional objectives was to romance and marry the daughter of a colonial governor, hopefully a wealthy and powerful governor, hopefully a beautiful daughter. All you had to do was impress the right governor with your military prowess under his country's letter of marque, and flatter him when appropriate. If you won a beautiful bride with powerful royal connections, you gained prestige throughout the Caribbean and a helpful source of rumors. Well, now the whole thing is rendered, like the rest of the game, in Shrek-like computer graphics, and there's a new dimension to it: hers. You also have to win her support for the marriage, which you do by flirting while dancing at a formal ball. You watch her, the other dancers, and occasional cues that appear on the floor to know which steps to take, at what points you can impress the ladies by flourishing in a courtly manner. The demo film footage on the web site looks amazing.

I'll hold off until I get it as a present or figure out how I can afford it, but it's a foregone conclusion that sooner or later I will have this game!

Giving up on Linux

OK, I give up on Linux. I hate saying it, because I love Linux:

  • I doubt that I will find any calendar software package to replace KOrganizer; every calendar package I've ever used under Windows sucked in some way or other.

  • I doubt that I will ever find a desktop slideshow utility as fast, convenient, and configurable as feh.

  • I doubt that I will ever find a popup blocker as effective as the one in Konqueror.

  • I doubt that I will ever find an email package as safe from viruses as KMail.

  • I doubt that I will find a toolbar weather applet as useful as KWeather that isn't spyware or popup equipped.

  • Even more, I'm really going to miss on-the-fly spelling checking in every application.

A big chunk of the rest of what I've gotten used to under Linux will come with me, of course. I'll probably eventually get around to converting most of what I'm doing to FireFox. Linux taught me to love Gaim. Linux taught me that I could, in fact, do what little bitmapped graphics manipulation I need to do in GIMP. Linux taught me to love OpenOffice.org, especially OpenOffice.org Draw.

But I give up, because the Linux community isn't ever going to solve one problem, flatly can't do it: hardware drivers.

Three months ago, I bought a cheap digital camera. I checked online; people have been trying to make that camera compatible with Linux for a year now, no real progress to report. I bought another specialized digital camera a month ago for cheap, one that only requires that your PC be compatible with USB memory sticks: no luck, I can't get USB storage devices to work with Linux. I'm told it can be done, but apparently not by me. And now two weeks ago, a routine upgrade broke my graphics driver. Again, I gather that this can be fixed ... just not by me. I've been down since.

What do these three failures all have in common?

  1. Hardware drivers require that the hardware vendor release the details of how to connect to the device. Hardware manufacturers drag their feet about this, for fear that that info will somehow help their competitors, for all that I don't see how.

  2. In the absence of detailed hardware interface specifications, the hardware interface has to be reverse engineered ... which can take years, and only happens at all if there happen to be a sufficiently large number of the world's best software hackers who want to run the device under Linux.

  3. Changing drivers on your computer isn't something you do every day. Which means that if you're competent to fix them at all, you've got no incentive to make configuring them easy. You're only going to do it a couple of times a year, so rather than write a GUI that anybody can use to check or fix their driver settings, you just fire up vi or emacs and edit the configuration file.
XFree86, the graphics layer that sits between the Linux kernel and all graphical applications, kicks my ass. Its configuration file format is obscure, refers to modules I don't even know where to find, and is poorly documented. Voluminously, but poorly, as in even with keyword searches and Google and grep, I can't find out how to change certain settings and get predictable results. Worse, any failure fails to a completely inoperable state. For the love of God and all that's holy, ever since 1989 Windows has had Safe Mode, where the graphics driver gives up and fails back to 4-bit VGA graphics, which will run on anything under the sun. Why doesn't XFree86? Because anybody capable of programming it to do so doesn't need it to.

CompUSA has 120GB 7200rpm hard disks on sale for $79. I'm thinking I'll pick one up before the sale runs out and reinstall WinXP on one, then use my Knoppix CD one last time to mount both drives, so I can copy everything I need off of my e2fs-formatted Linux partition on the current 30GB drive. I'll probably partition off about 15 or 20 gigabytes of that drive for a future Linux partition, so I can change my mind gracefully. But as soon as I get time to do so, I give up on Linux.


What Can This Strange Device Be?

So what's the alternative to every large office having an Information Technology (I.T.) Priesthood? In most offices, your department pays for the PCs, but you don't get to pick them out, the I.T. Priesthood does that, whenever they have a free moment. They don't get delivered to you, they get delivered to the I.T. Priesthood. They wait as long as they want, then they set up "your" PC with the applications and settings that they think you need. Then they lock it down tight, so that you can't even change the desktop background color, and at their leisure they deliver it and set it up. If they do it wrong, tough luck. Put in a trouble ticket, and they'll get around to you whenever they have a free minute, which is to say, whenever nobody above you in the corporate hierarchy and nobody they like better than you wants anything, however trivial. And when something serious and widespread breaks, you call a help desk with a recorded message that tells you less than you already know, because you're down where the symptoms are actually appearing, and they're only guessing.

Does it have to be this way? It wasn't this way at MasterCard between the years of 1989 and 1995. We did things differently. And because we did things differently, we got things done a heck of a lot faster. Because we did things differently, MasterCard's employees were a lot more productive than they otherwise would have been. And most importantly, because we did things differently, we saved MasterCard literally a million bucks or so. We were able to do this because an absolutely brilliant manager, one of the best I've ever worked for, wanted to do things differently. So when he hired me away from Wave Technologies Training, in our very first meeting, he laid out some ideas for how to do I.T. differently. We were instantly sympatico, singing from the same hymnal. I improved on his design, which delighted him. He told me to run with it, and backed me up when managers above him and on his level questioned the wisdom of this ... and we were so effective and efficient we rocked people's worlds. Here's what we did differently.

First of all, we made a lot of smart, cheap, effective hardware and LAN decisions, made possible because the Macintosh was so far ahead of the PC back then. That"s where most of the savings in cash came from.Collapse )

What we knew that the I.T. Priesthood never seems to understand is that in every department or work area, there's at least one employee who thinks that these things are as cool as we do. That person often is a former PC support tech, who doesn't want to work in that field any more. In other cases, it's somebody who's had one at home for years and studied everything about it, but just doesn't have the Bachelor's degree and the MCSE it would take to get our job. At worst, it's someone who doesn't know much more than how to operate one, but really wants to know more. We also knew that when a PC first acts screwy, or whenever people can't figure out how to do something they know that the machine can do, most of them don't reflexively pick up the phone and call the help desk. Frankly, of course they don't - 9 times out of 10, the help desk will put them on hold and then condescend to them like they were retarded preschoolers for not knowing this stuff. No, what they do by reflex is ask the person who sits nearest to them who's "really good with these things."

We called those people our Super Users. In every department where we helped them buy Macintoshes (or PCs, later, when we supported PCs), we went out of our way to reassure the manager in that department that these were his PCs, not ours. We then asked around the work group, or just paid attention when we were setting them up to see who jumped in to watch and/or help. We then enrolled those people in an email mailing list, and made it a matter of prestige for your department to have a Super User. Two or three times a year, we'd bring the Super Users in during their lunch hour and feed them lunch. (We had a budget for catering, a small one. It was meant to be used to feed us when emergencies kept us working all evening or dragged us in on weekends. We used it to feed the Super Users instead, because with them up and running, we had fewer such emergencies.) While they were eating lunch, we'd do a show and tell of what we were bringing in new for the next couple of months, and what was available for their bosses to purchase to add to their desktop computers. In between luncheons, whenever a tech would notice that we were getting a lot of support calls that all had the same answer, the tech would email all the other techs what the problem was and what the fix was ... and that email also went to the Super Users.

We also offered a free course to every new desktop computer user, took two days. I wrote it. It was good work, if I do say so myself. It taught them the difference between a document in memory and a document on hard disk, the importance of backing documents up to floppy and the server, how to copy and paste, how to use the word processor, spreadsheet basics, how to use email, how to use the terminal server, how to use the file server, and just as importantly what customization settings there were, and we flatly encouraged them to tweak the heck out of the desktop settings. (We made sure the Super Users knew how to reset them if they got too weird and confused even themselves. It was easy enough. It's even easier now, frankly, on all operating systems, where nearly every dialog has a "reset" or "default" button.) And nearly all of our users found that by organizing their folders the way they wanted, or their desktop the way they wanted, or their menus however they wanted, they became phenomenally more productive. What's more, they found out that they controlled the machine. Customizing each machine taught them that the machine had to obey them, that they could make each machine distinctly their own, that they didn't need anybody's "permission" to use their machine. This did wonders for their comfort level, reduced job stress, made them hate the machines so much less, even when they failed, and made them so much more cooperative with us when we came to fix it, and so much more attentive when it did something weird that we might need to ask them about later. That's my kind of "ownership society!"

Viruses and trojans? Well, I admit, this was easier on the Macintosh; if we were doing this today I'd go Linux for the same reason. But we made sure that every PC had a good freeware virus scanner on it, and made sure that the Super Users knew what to do if it went off and reminded them as needed how to update it. A few of the Super Users weren't comfortable with it, so they'd pass the upgrade or the fix off to us, but every one that didn't do so was one fewer tech support call for us.

How many support people did we need? For about 600 seats, we had three people and a manager. But here's the cool part: none of us three were actually full time support techs. I spent about 70% of my time on LAN/WAN engineering issues. Another guy spent close to 100% of his time developing custom FoxBase Pro applications for various departments. (And was a huge hero inside the company. Departments were required to send jobs to the mainframe systems programming department first. The typical quote was $200,000 and 18 months to two years' lead time. Then they'd call us. We'd give them a full-function system that would run in another window on the same machine they used for mainframe applications, only we'd deliver it for only the cash it cost for hardware if they needed another server, and typically have a usable minimum version of the system up in a month or two at most, maybe adding features for another couple of months.) We had one woman who preferred to be out with the end users rather than working on independent projects, so she was probably on the phone about 85% of the time. So if you add it up, we supported about 600 full-time users at all levels of experience at a cost of maybe 1.2 Full Time Equivalent's worth of support personnel and some nice boxed lunches.

I've done this at two jobs, my two most successful PC jobs. We'd done something similar (if less formally organized and less ambitious) in the Documentation and Training Division of McDonnell Douglas Federal Systems the year that I worked there. Both times, the result was lower costs, lower downtime, fewer support staff needed, less overtime, and higher user productivity. But in 1995, just as I was getting pushed out of MasterCard, the I.T. Priesthood was striking back. They'd managed to convince management that their way was cheaper (it wasn't) and safer (it wasn't). I left before they got their way all the way implemented ... and was glad not to be around to watch the company pay the price. And that the we sweated blood all the way through the PC/Mainframe Wars to overthrow the I.T. Priesthood, only to see our creation taken away from us and handed over to the I.T. Priesthood that had disdained our machines as "toys," is third from the top on the long list of reasons why I would rather eat red-hot ground glass than work in computers ever again.

The Priests of the Temple of Syrinx

Unless you're in your mid 40s or later, you can't understand just how much some of us hated IBM back in the day, back when basically everything that was computerized ran on an IBM mainframe. You can probably imagine some of it, because most of you have at least once fired up a telnet window or some other kind of "terminal emulator" to connect to some 80 column by 24 (or 25) row text-only software application, probably at work. You hated it, probably, but you didn't hate it anywhere near as much as we did. And not just because you have a mouse and your choice of fonts and your choice of color schemes, but because you can't really quite imagine one part of the bad old days: absolutely no part of it was under your control. Even as far back as things have slipped, if you weren't in the working world prior to 1983, you really don't know how bad it could have been, or how bad it could be some day again.

The thing that was so evil about the Mainframe Priesthood, the computer department or division at any company, was that in order to get some part of your job done, you had to depend on what they were willing to design and build for you. And no matter how hard they tried, they couldn't really understand just what you needed, because they knew next to nothing about your actual job, work flow, or requirements. In theory, there was an advanced technique called "systems analysis" by which trained "experts" would figure out just what you needed and communicate this to the designers and programmers in their language, via arcane (and frequently ignored) documents called "system specifications." But this never worked. It took you weeks of doing it full time to learn to really do your job, and over a year to get good at it. The systems analyst has a couple of hours to interview you. Even the best of them is not going to learn your job before writing the spec, let alone do it first, let alone do it for as long as you have first. Nobody has that long to wait. But trust me, you can't be taught to be a systems analyst in any less time. What's more, the systems analyst isn't a computer programmer. He probably used to be, or if not he probably also took courses in computer programming, but he doesn't have the recent experience to know what the programmers can or can't deliver. So he ends up writing a specification that does you no good, and does the programmers no good, so the programmers figure out what parts of it they can, implement what they feel like, and you take it or leave it, only without the leave it option since management will make you take it.

And the worst part of this is that it takes about two years to get anything done, and costs tens or hundreds of thousands of dollars even for a small project, and that money comes out of your department's budget. So you give up raises and furniture and office equipment and better tools and so forth in order to be insulted by programmers and wait two years in order to get software that doesn't actually solve your problems. Absolutely nothing I have written so far has been an exaggeration. Ask anyone. This isn't "six miles in the snow barefoot, uphill both ways." This is how it really was.

Then came the Apple // with Visicalc and Electric Pencil. Then IBM endorsed the design by making a better version, the IBM PC with Lotus 1-2-3 and WordPerfect. But leave Electric Pencil and WordPerfect out of the equation for now, because they were just single-purpose writing and editing tools. What was revolutionary about Visicalc and Lotus 1-2-3 was that any reasonably bright high school graduate could lay out screens that looked like whatever they wanted them to, that did the math for them however they wanted it done. Once Lotus 1-2-3 came along, they could also hide flat-file databases off one edge of the screen and use the screen designs, elegantly simple database lookup functions, and very simple, recordable macros to build fully functional databases. With a (then) $2600 IBM PC and a $500 (or pirated) copy of Lotus 1-2-3, you could do jobs for yourself in a week that it would take the Mainframe Priesthood two years to do, not least of which because most of that two years would be spent on two jobs you didn't have to deal with. You don't have to figure out what you want and how to explain it to a COBOL programmer. And you don't have to worry about what your program is going to do to other people's programs, because it runs on your machine and never touches theirs. Then a couple of years later Bill Atkinson at Apple came up with HyperCard, and eventually years after that Microsoft built about 3/4 of its functionality into Access with VBScript, and at that point the brakes were off. Anybody with a high school diploma and one or two continuing education courses could replace the entire Information Technology (I.T., as they were now called) priesthood and never have to deal with them again.

We fought a war over that, the PC Wars. Corporate IT departments fought the introduction of desktop computers tooth and nail, to the very end when client/server and then web-based applications finally made the slide of the PC into even the most PC-phobic company inevitable. And the evil was defeated, if not for all time, then for our time. Or so we told ourselves.

Except that the evil never actually went away. And at every company that I know of, within five years of the PC rollout, it was the same mainframe priests who now controlled the PCs. They managed to persuade senior management at every large company on the planet that user support was costing them too much, and it was costing so much because users had too much control over their machines. So step by step, inch by inch, they've taken increasingly absolute control over the PC on your desk at work. And while they haven't taken Excel away from you (yet), God forbid you should try to do anything for your self. No, once again we're creeping back to the nightmare that I fought against in the trenches for a slantwise decade plus, where the PC becomes an over-expensive locked down dumb terminal to the mainframe server, where all of the applications live on the server and run on the network, and the only reason you have Microsoft Windows XP or even Linux installed on your desktop is so that the workload of rendering the fonts and drawing the window borders and handling the keystrokes and mouse clicks in the text editing fields on the application screens can run on your side of the network cable.

It seems intuitively obvious to nearly everybody that it has to be this way, just as it seemed intuitively obvious that the way to make sure another 9/11 happened was to add one more layer of bureaucratic management between the various executive branch federal agencies and the President. My boss at work, who never says anything political and apparently used to support Bush, was eavesdropping on a conversation about this, and said snidely, "I thought we had someone who's job it was to be the person who coordinated the efforts of the FBI and the CIA and all of them. Oh yeah, I forgot, he's a doofus." What he said raises an interesting question, one I'd never thought of explicitly in so many words - what the heck does Tom Ridge do all day, and why isn't whatever it is George Bush's job? Is there a Department of Homeland Security only so Bush can continue to take long vacations? But no, that's just snide. We have a centralized one-person-controlled Cabinet-level Department of Homeland Security because (a) the voters stood up and screamed in unison, "DO SOMETHING!" and (b) it's intuitively obvious to everybody that the only way to get a large group of people to work together is to appoint one single person to control all of them.

But when I got a chance to help design a PC tech support department, it didn't work that way, and we worked technical and budgetary miracles. This is already getting to be too long, so I'll wrap up for now. Should I tell that story next, or save it for some other time?

P.S. I got two nice things done on the PC at home last night. First of all, I managed to get the boot sector problems fixed, so I'm back and running normally, or normally enough. (I could stand to do some more fine-tuning of my Lilo settings and could stand to weed some more un-wanted stuff out of /etc/init.d. And I'm still no closer to figuring out how to get usb_storage.o to insmod, but that can wait like the rest of it.) And secondly, I found an absolutely excellent Live365 Halloween station, which I'd like to plug because it's very, very good, with an absolutely amazing selection: