ME GO TOO FAR!

Me am play gods!

There’s a new Dresden Codak out! Strange and wonderful as usual.

Poking around in the archive (because reading one Dresden Codak is never enough) I came across the Caveman Science Fiction strip which remains one of the funniest things I’ve ever read. Go on, take a look.

My obsession with FreakAngels has finally broken my mind. How else can you explain this? I mean, I could be out there living an amazing life of action, adventure and fast women, but instead I sit in the dark customising a mediawiki installation and combing through webcomic panels for every last, insignificant, tiny detail. I’m clearly insane.

Image (S)Hack

At the very least you could have posted your manifesto in *text* guys.

(I would like to apologise in advance for this post – it’s full of ill informed ranting. This is nothing unusual of course, but in this case it’s pretty bad. Hey, why don’t you go and read some other, more sensible post instead? Please?)

Apparently overnight the image hosting site Image Shack has been hacked by a group of people calling themselves “the Anti-Sec movement”. They’ve replaced (presumably) tens of thousands of images hosted on the site with a manifesto opposing the “full disclosure” method of publicising security flaws, and threatening “through mayhem and […] destruction” to force the abandonment of the same.

Well.

On the one hand I have to agree with some of their points. Full disclosure does have its share of problems – the main one being that the black hat hackers and the software companies get the same information at the same time, starting a race to patch the issue before it can be exploited (a race that the black hats usually win). That said, I do have some issues with the Anti-Sec manifesto as it currently stands.

(Edit: As it turns out that’s actually wrong – full disclosure policies almost always have a delay built in so that the companies responsible are told first and get time to patch the hole before the black hats find out about it. So Anti-Sec are basically talking out of an orifice other than their mouths.)

The first is the problem of security through obfuscation. Anti-Sec seems to be suggesting that if you discover a security hole you should shut up and sit on it so that no one can exploit it. This would work fine if it could be guaranteed that you’re the only person who would ever find it. This is, of course, ridiculous. Someone else will discover the same exploit and they may not have the same, upstanding community attitude that you do. The sensible thing would be to report the flaw to the company responsible so they can patch it before the knowledge becomes public. Anti-Sec may well support this method, but their manifesto says nothing about it.

(Edit: Actually they’re actively opposing it.)

The second problem I have is with their methodology. Let me quote…

It is our goal that, through mayhem and the destruction of all exploitative and detrimental communities, companies and individuals, full-disclosure will be abandoned and the security industry will be forced to reform.

How do we plan to achieve this? Through the full and unrelenting, unmerciful elimination of all supporters of full-disclosure and the security industry in its present form. If you own a security blog, an exploit publication website or you distribute any exploits… “you are a target and you will be rm’d. Only a matter of time.”

This isn’t like before. This time everyone and everything is getting owned.

Right. Well, opening a debate is one thing. Opening a debate and then forcibly silencing everyone with a dissenting viewpoint is completely another. And when that forcible silencing is achieved via threats and “unrelenting, unmerciful elimination” it’s basically terrorism.

So, it’ll be interesting to see how this thing plays out. If indeed it does play out and Anti-Sec don’t just vanish into the digital woods they suddenly emerged from like so many other online ‘movements’.

They’ll like it in Seoul

Letting demonic forces loose in the capital of the UK for fun and profit

Ok, so I’ve been thinking (oh-oh) lately about the not terribly successful MMORPG Hellgate London.

For those unfamiliar with it (ie: just about everybody) it’s set in a future London after demons have taken over the Earth. You play as a member of resistance group fighting against the demons with both high power weaponry and magic, and taking shelter in the Underground (which was apparently constructed with demon resistant properties by a farsighted conspiracy of Freemasons).

The game didn’t garner much in the way of praise and the company that made it has now gone bust – although some servers are struggling on in South Korea (is there any game that doesn’t do well in South Korea?). Nonetheless I’ve always thought the basic concept was kind of cool (I am after all a devoted Londiniophile).

Anyway I was thinking about how some games (exploiting the various location technologies present in phones and other handhelds these days) are starting to take advantage of geolocation. And it struck me – how cool would a cut down version of Hellgate London be if you actually had to play it in London?!

Think about it. Your character is sent out to battle some Demons at Trafalgar Square. In order to complete the quest you actually have to physically go to Trafalgar Square. You then sit there outside the National Gallery, fighting demons on your handheld until the quest is complete. Afterwards, when your character needs to rest, trade and replenish supplies you have to physically go to an Underground station (or at least stand outside one – making people pay for train tickets to play the game seems a little harsh).

Now naturally this approach would have some problems. The market would be restricted to people actually in London (although you could probably set up games located in plenty of major cities), there’d be plenty of gamers who wouldn’t be interested in tramping around the streets when they could be sitting inside, sucking down doritos, and the National Gallery might not want hordes of nerds standing outside playing with their iPhones. But for those people who got involved it would be an extra level of immersion – superimposing the game world over the real world in a fairly unprecedented way.

So that’s my idea. I’m sure they’d like it in Seoul.

Goli Maar!

It’s from a film called “Donga”. Make of that what you will.

This (Goli Maar by Tollywood superstar Chiranjeevi) is ridiculous, but somehow I can’t seem to keep away.

Listened to without the video clip it stands up fairly well – it’s even (with its pounding beat, repetitive lyrics and seemingly random sound effects) a bit reminiscent of Sigue Sigue Sputnik.

That’s all I’ve got to say 🙂

Notebookery

As if I don’t have enough on my plate!

Despite the fact that I’ve got a bazillion things going on at the moment I’ve got myself tied up in this…

Notebookery

For those of you two lazy or disinterested to click the link it’s a project where a sturdy notebook (most probably a Moleskine) is going to be sent around the world to dozens of participants, each of who will fill in a few pages with whatever kind of creativity they feel like before sending it on to the next person. Sort of like an artistic chain letter, but (one presumes) without the threats or begging for money.

Each contribution will be scanned and sent off to the project website for documenting in case the worse happens and the notebook gets damaged or stolen or sent to Murmansk or something (nothing ever comes back from Murmansk). But if all goes well it will eventually make it back to the project headquarters where it may be auctioned off for charity (that part is still up in the air).

I jumped on board as soon as I heard about it, and already have all kinds of madness in mind.

So, if you’re interested hop on over to the website and get involved (unless you’re an American in which case you’ll need to wait until a new notebook relay starts, sorry!)

Close Bitnami banner
Bitnami