Yup. I realized I was researching, in pretty serious detail, a list of about a dozen topics that started with:
I wonder, now that I write this, if the scope’s too huge for me to ever start on a book, and I should just write a draft and figure out the science later by having people in those fields read and laugh at it.
It’s a doozy, though. I’m totally jazzed.
Some of this is going to be US-centric.
Relative powerlessness to do anything about all other items on this list
Global warming (expandable!)
Iraq War
I’m a citizen of a country that tortures people and makes them disappear
We’re all “good Germans” (see above two, several from below)
Erosion of civil rights (see: war on drugs, war on terror)
Non-global warming environmental issues
We’re not going to get onto clean energy sources before we can’t use dirty ones/there aren’t dirty ones left so the last two humans face off with clubs over a preserved bottle of Penzoil in a couple decades.
Media consolidation and lack of discussion of topics on this list
Corruption
Politicization/Evangelism of military
Politicization of other government services (TSA)
Quality of educational system (particularly race/class discrimination)
Societal inability to find reasonable compromises (see: war on drugs, erosion of civil rights, also: health care/copyright laws)
Wealth concentration
… and so on
I don’t know, looking that over, none of it seems particularly unreasonable to be anxious about.
My story about (beeeeep) in (beeeeeeeeeeeeeeeeeeep), written at Clarion West, honed through the fine crit skills of my comrades, sold to Asimov’s. Details to follow, but this is my first sale to Asimov’s — my first sale to any of the esteemed digests. I’m super happy. Especially since I read and love Asimov’s.
I know the Wii’s success was a surprise to almost everyone in the development industry (especially those who allocate money to projects), but I thought by this point, we’d be seeing some quality games come out for it. And I read some comments this week about how it was a novelty – people bought it, played Wii Sports, and it started gathering dust immediately. I compared it to my much-traveled DS over the last six months on Game Rankings…
For the DS:
1 90+ game (Phantom Hourglass)
5 80-89 games (counts the two Pokemon versions)
8 70-79 games
For the Wii:
2 90+ games (Resident Evil 4, Metroid Prime 3)
0 80-89 games
9 70-79 games
And then compare that to the Xbox 360 (which I don’t have)
2 90+ games
16 80-89 games
I don’t even know how many 70-79 games
And again, I know the development pipeline for the Xbox 360 has the advantage of that huge lead time and all. But when do we start getting some decent games for the Wii? I don’t think anyone knows how this will play out — but I’m really curious to see what happens when I run that query again in six months.
I made my first presidential campaign contribution of the cycle, and I never would have expected it when this thing started up. As any reader of HLWT knows, I’m greatly upset about the erosion of constitutional rights, and lately, particularly by the failure of Obama or Clinton, who are in the Senate, to do anything, or take a leadership position on any of that, or Iraq, or anything… so obviously, Dodd’s “restore the Constitution” platform’s appealing, but I didn’t care enough.
Anyway, I watched this latest bill with dismay, unable to understand why you’d want to give blanket immunity to people who violated (at least) the privacy of their customers, and almost certainly their civil rights. That no one did anything to stop it made me wonder why I even cared about this stuff.
And today, Dodd threw a big wrench into the process, and at the very least, he’s prepared to pay a price for his opposition to this horrible legislation… and I realized that I need to support that. So I did.
During Clarion, every week I turned in my story in a sweat, freaked out, anxious, exhausted from the week’s effort, wondering if I’d gone mad, if it was any good, if I’d made any progress at all. I would, seriously, turn in, sit down quietly somewhere for a couple minutes to calm down, and then take a shower, or go for a walk, or fall asleep.
I wrote harder, in an exertion sense, then I’d ever before. And here’s the thing that’s come to me: you don’t stop writing that hard. The things I learned don’t make it easy to crank out a story. They made it harder. In some cases, far harder — putting the visceral and the emotional in my stories is still a huge struggle, for instance, and it puts the fear into me again, and when I don’t pull it off I want to bang my head against a wall.
Looking back, I’m not sure why that’s a surprise. I didn’t expect that in week four, Kelly would say “and surprise, here’s the secret to turning out consistently great short stories — drink a cup of green tea quickly five minutes before you sit down! There it is, everyone! Don’t spread it around, because you’d only be helping your competition.”
And yet it’s hard to grasp: to write stories I liked as much as the ones I produced in those six weeks, I have to work just as hard as I worked then. The difficulty setting on the treadmill only goes up.
Unless you write some flash fiction, right Gary?
DirecTV called. They were eager to let me know about all kinds of exciting offers — but they couldn’t, so I should contact them and take myself off their do-not-call list.
The nerdy computer guy, to the girl he likes defeats ~24 opponents:
“Woah, okay, well, I’m never going to mess with you.”
“Never?”
“Well, maybe in a controlled environment.”
— from DOA
I have a blind spot for horrible, horrible movies like this. I loved, just for one example, the American Ninja movies. Anyway, DOA… um, pretty much stupid throughout, but it’s surprisingly well-shot and frequently funny, a lot of gratuitous shots of the four “high-powered female martial artists” and the fight scenes are sometimes good. It’s a two star movie I liked far beyond its value.
The problem with the fight scenes generally is there’s a lot of fakery and wire work and the leads aren’t convincing. One of the things about watching, say, Michelle Yeoh in Crouching Tiger, Hidden Dragon that’s so awesome is that she moves so beautifully normally, and if you’ve seen her fight (say, in Supercop), you might suspect she can almost fly anyway. There’s really only a few people in the movie who look like they could be actual fighters, much less carry an actual fight scene, and that makes it pretty boring.
A ramble.
All credit cards numbers have to meet a certain check (mod-10) in order be be valid. I just wrote a little checker to make sure of this, but 10% of all randomly generated 16-digit numbers will pass a mod-10 check (funny how that works out, huh). I’ll probably find out I messed up.
Okay, so there are 16 digits in a credit card, 10 possibilities per, so 10^16 possible numbers. But if only 10% are valid, and you can know that in advance, a list of all possible, valid credit card numbers would contain 10^15. That’s a petabyte of storage, and would cost you a fair (but not astronomical) amount of money to put together. Back when I started working on credit cards and fraud stuff, it was essentially impractical for someone operating on their own to pull that off.
The actual number, though, isn’t even 10^15. It’s much, much smaller, because the first digit or two are card identifiers, then you’ve got four digits of your card identify the issuing bank and whatnot. So the first six digits aren’t actually random at all, and that dramatically contains the number space you’re working with. It’s a whole ANSI standard and everything.
So it’s actually…. 4*some limited number I could work out if I had enough time*10^10. Now we’re getting down to something you can pretty easily stash.
Anyway, there are two things I’m going to gloss over: encryption and hashing. Encryption, you use a key to take a piece of text and turn it into something you can bring back using the same key. In hashing, you put a chunk of whatever through a mathematical function and out the back end comes some crazy number. You can’t derive the original from that number, even knowing the function. (standard caveats apply)
This is used for all kinds of cool stuff, like signatures for files. If I publish an document along with the hash you can verify, and as long as I use a decent method, it’s essentially impossible for someone else to modify that document and get the same hash number to come out the end.
But let’s say you get a list of hashed passwords. You know that all passwords are eight letters long, lowercase. You can generate all 8^26 possibilities, run that same mathematical function on them, and then compare the results to what you have. Tada! You have everyone’s password.
Which is a great argument for long, complicated passwords (I’ve ranted about that before, though) — you should make your password as complicated as you can at every place that requires one.
I know you won’t. It’s okay.
Ah, so anyway, here’s the thing — what if, for whatever reason, someone uses your credit card number for verification purposes? And they store… a hash to do the compare with?
Unless they’re doing something called salting (and the attacker doesn’t figure that out), you’re toast. Same attack: the guy with the huge list of valid numbers can go through and say “for each of these potentially valid numbers, run them through a function and go see if there are any matches in this list I’ve got here.”
Whirr…. running that hash function on 10^15 (or whatever the actual number turns out to be) takes a while, but not as long as you might think, and then… tada! All the credit card numbers.
And after you’ve got those, it’s open season.
Now, this is still a pretty tough attack to make, and it’s almost certain that if an attacker can get that far, there will be more lucrative means of getting card numbers. And it’s also true that an attacker sophisticated enough to make this attack is almost certainly going to have many, many more lucrative targets that aren’t as secure.
But I kept thinking about this today: how many companies can look up your payment or account history based on your credit card number? Either they’re storing the number unencrypted to do lookups, they’re doing something clever, or… they’re using hashes. And if they’re using hashes, it might be clever, or pretty much as good as plaintext.
If you’re a customer of the companies I’ve worked at, you will be happy to know that they’ve all been clever.
If you’ve worked at a large company, where all kinds of ridiculous and bizarre decisions get made, decisions that are indefensible almost at once, how unlikely does it seem that there’s someone out there doing this?
(where “international” seems to means “mostly Korean and Japanese”).
When I was w/o car there for a while, I had to get some ingredients for my mom’s birthday dinner, so I hiked down to the market a couple blocks (it’s about a 10m walk) to buy my stuff. It was initially disorienting, because it’s not laid out in standard grocery store form, and doesn’t have nearly the same stuff: the meat selection, for instance, wildly, wildly different from your local Kroger-owned store.
But that’s not what I’m ranting about. I was shocked at how cheap everything I needed was. I understand the pricing’s going to be different, but on items that you can buy at QFC or Safeway compared to the same item, the difference was astonishing.
For instance: I found an item that sells at my normal grocery store for $3.59 for $.99. That’s not a joke. It wasn’t on sale or anything. No matter how you figure it, it means that the nationally supplied grocery chain’s profit on that item was at least $2.60 — and I’ve paid that $3.59 before. That’s crazy! Noodles! Fish sauce! The list went on and on, and the only thing I saw that was comparably priced was bean sprouts.
This is likely not news to anyone, and I’ve bored you already. But it’s the why that fascinates me.
I thought of a couple ways to look at this, but it keeps derailing.
Say that the normal grocery store knows that people who shop there have no idea how much to pay for fish sauce, so they do some market testing and find that if they put it out at $5, they sell to their normal client base and lose the people willing to go to the international market, for a total profit of $tons.
But then why doesn’t the international market sell it for, say, $4 instead of $1? Why hasn’t that price gap collapsed? Is there a different market force operating between this market and the other international ones?
Even if you figure that the international market is pricing at, say, cost + markup, it’s hard to believe that they haven’t walked up the street to where the other two grocery stores are to take a look at their pricing.
I feel compelled to go take some economics classes.