Thursday, December 02, 2010

Soundtrack Preview for Tron: Legacy

So, so very excited for this movie!

Flynn Lives!

Sunday, July 25, 2010

Post-Gazette Video on iD Tech Camps

As some of you might already know, I spent the last month and a half working at the CMU location for iD Tech Camps.  This past week was my last week working there, and during the week a reporter from the Pittsburgh Post-Gazette stopped by, doing a story on "non-traditional" summer camps in western Pennsylvania (the story appears in today's paper, starting in a sidebar on the front page).

The reporter also shot some video of the camp!



Unfortunately, the class I was teaching that week was in a different lab, so you won't see any of me there.  But the camp director gets plenty of face-time!

And yes, I was (more or less) dressed as a pirate that day too...

Tuesday, June 15, 2010

Hacked!

Oh well isn't that cute... someone hacked my webcomic!


Of course, I'm not exactly clueless when it comes to these things, so after verifying the extent of the damage, I did some digging through the logs.

Ready for a laugh?

"K4Rel," the Iranian "L337 H4x0r!" who defaced my site is a complete poseur!

The actual break-in was done on Monday by someone in Jakarta, Indonesia.  They found a way in, uploaded a backdoor for themselves (the quite useful "b374k" php script), and changed the (hashed) passwords for the admin section. Once finished, it appears this individual passed off (or let's be honest, probably sold) the admin passwords to a second person.

The second guy actually was from Iran.  But he was only able to add a new "comic" to the database, as you can see above, and wasn't able to touch anything else on the site.  Heck, he barely even did that - the internal page id had incremented by two, which means he effed it up the first time and had to try again!  Laaame.

For the technically curious:  the original Indonesian hacker used classic SQL injection.  SomeryC, the extremely lightweight comic-oriented CMS I use for Directionless, was doing nothing to sanitize the page number in the URLs.  This allowed him to edit the hashed passwords for the admin section.  From there, he used the comic uploader to install the backdoor script, and after that appears to have left the server alone, after passing it off to the Iranian "hacker" (and for him, I use the term very loosely indeed...)

Over the last few hours, I've restored Directionless to normal.  Will helped me with some of the PHP, so the site should no longer respond to bogus input.  Additionally, I have put the entire admin section between an additional level of security with htaccess, and of course, changed all the passwords. DirectionlessComic.com should be secure now, at least from this type of attack.

Monday, May 31, 2010

Inside Facebook "Like" Spam

Update 6-1-10:  Looks like Download Squad caught the story now too.  They're calling it "likejacking." Cute. According to them, security experts have confirmed that this is simply an annoyance, and there appears to be no real security threat at this time.
----------

Be careful what you "Like" on Facebook - there's a new exploit someone out there has discovered, and it seems like people are falling for it in droves!

A couple hours ago, I was taking a look at my Facebook news feed, when I noticed some of the usual silliness:

[So-and-so] likes "LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE."

Eh, seemed like it could be funny, and I was bored.  So I clicked on it.  This brought me to an external website, with an empty white page with black text reading "Click here to continue".


Hovering over the text didn't show any destination URL in the address bar.  Naturally, I was suspicious, but since Macs are immune to most viruses, I clicked to see what would happen.

Nothing happened.  Or so it seemed, until my brother informed me that I now liked this page...

At this point, I felt a little silly, but also curious as to what was going on here...  how had the site made me Like something without clicking on a Facebook "Like" button?  And who was running these things anyway?

Well, I did some digging...

From the HTML of the "Continue" pages, it was fairly clear how the trick was working.  The words were just plain text - not even a link.  However, the pages also contained an HTML "IFRAME" which was used to embed the on-Facebook page that is used to confirm a "Like".  This page element was rendered invisible, and positioned underneath the page's text.  Any clicks on the words would pass though them, and into the actual "yes, I want to like this" button on Facebook.  Clever.

The particular bit of spam I fell for was hosted on a Blogspot blog, but there were quite a few other popular ones, such as The Prom Dress That Got This Girl Suspended From School!  That one was hosted on thedatesafe.com/promdress.  When I went to the top-level, I found folders for several other similarly-set-up scams...  as well as a running tally page, at thedatesafe.com/stats.htm

Whoever runs this server has since locked it down, so you can't see these pages anymore.  But I was sure to take screenshots...


Cute.  This particular shot was taken around 11:50 pm on Sunday May 30th.  The one with over 130,000 "likers" is the prom dress one.  Six minutes later, the number had grown by another 6,000.  Facebook admins finally got wise and started blocking the page shortly after midnight.

I found similar scams spread across a number of domains:
  • Several Blogspot blogs, including girlownedbypolicelike.blogspot.com
  • thedatesafe.com - probably the main site, since that's where the stats page was located.  WHOIS information (a public registry of who owns what websites) was anonymized on this one.
  • mprosperstats.info - this one did have valid WHOIS info, but I won't post it here, since it's unclear whether the owner of this site is involved, or just an innocent victim who had their website taken over by spammers.  It would hardly be the first time.

I suppose it's possible that these are separate spammers, unrelated except in the method they use.  But I think they're all connected.  Facebook recently gained a feature that lets you "hover" the mouse over a link on the site to get some brief info on it - for example, if you hover over someone's name, you get their picture, and a list of some friends you have in common.

Hovering over these spam links also gives some info, including a picture... the same picture, across pretty much every one I have seen...


So uh.... anyone know this face?

Sunday, May 16, 2010

ConFICK!

The Enemy Within - Magazine - The Atlantic

Utterly fascinating (albeit long...) article on the history of the infamous "Conficker" worm. I had never realized just how sophisticated - and let's be honest, clever - it was/is.

Spoiler:  The worm is still out there, lying dormant in a massive botnet estimated at over 6.5 million computers in size.  And security researchers aren't entirely sure they can ever truly eradicate or contain it...

Thursday, May 13, 2010

Portal for Free! (Until May 24)

Steam is now finally available on Mac OS X, and clearly I'll post my impressions on it here in due time.  However, Valve did something else pretty exciting, coinciding with the Mac release...



Portal is an amazing game, and this is the perfect time to check it out if you haven't gotten a chance to yet. This also serves as a great bit of advertising for the upcoming Portal 2, due out late this year.

As a side note - love the trailer too.  Like the earlier teaser for Portal itself, the stylized, graphic animation perfectly captures the game's wicked sense of humor.

Wednesday, May 12, 2010

My iPhone Goes For a Swim


Ok, so this happened several weeks ago, but I wanted to see how things actually played out before writing this post.

I was getting ready to do some laundry while carrying on a conversation with my mother.  Start the water, soap goes in, shirts, pants - pretty automatic.  I finished the conversation, finished loading, and went upstairs.  I made it as far as my second-floor bedroom.

"Oh FUCK!"

I think you can see where this is going...  I essentially flew down the stairs, continuing the stream of expletives, whipped open the cover of the washing machine, and fished the expensive trinket out of the pocket of my jeans.

Now, for those of you without extensive experience with the havoc created by computerized electronics and moisture, I'll recap:  There's something of a "standard procedure" for giving your prized device a fighting chance in this situation:

  1. DO NOT TURN IT ON! No, seriously. Don't check if it works. Turn it off if it's already on.  Electricity can't short circuit if it isn't flowing.
  2. Take out the battery!  Again, can't have a short circuit if you don't have any power.
  3. Open the thing up as much as you can.  If possible, and you are skilled enough, partially take it apart.  Dry it out thoroughly before doing anything else.  The common suggestion for cell phones is a bed of dry rice, left in the sun for a day or two.
  4. Clean the insides if you can.  Once the moisture is gone, corrosion from minerals left behind is your biggest worry.  Be meticulous, but gentle.  A cotton swab with rubbing alcohol works well.
  5. Pray.
Back to my situation, I had a soaked-through iPhone 3GS in my hands.  It had only been underwater for maybe 60 seconds, but that's more than enough time for the water to work its way through.  It wasn't fully "off" - just in its usual "suspend" mode, but I didn't want to risk waking it up to properly turn it off.  And with a sealed-in battery, (grrrr...) I couldn't remove power quickly.

As my fellow geeks would probably expect, my immediate instinct was to rush to my computer, fumble around for my set of Very Small Screwdrivers (what, you don't have one?) and head straight to iFixit.com's tear-down instructions for the iPhone 3G/3Gs.  (I eventually had to look at several of their other guides for more detailed instructions on certain parts, but seriously, I can't plug iFixit enough!)  Thankfully, I happened to have the required suction cup sitting around, so I was able to frantically open the phone.  One the major pieces were disassembled, I put them in their rice-y rehab center.


To help with the drying process, I augmented the powers of Uncle Ben with one of the 150-watt lamps I use for my video work...

I also put some saran-wrap over the dish that held the rice and iPhone parts.  This would create a bit of a "greenhouse effect," increasing the drying heat inside.  I also hoped it would let me see the progress of the drying, as the evaporating water condensed on the inside of the plastic. And condense it did...



I let it sit there for about 12 hours, changing the plastic whenever it got noticeably wet. Ideally, you should give a phone as much time as you possibly can, since you really want it to be bone dry.  Of course, like anyone, I was impatient.  Luckily, I was comfortable enough with tiny devices like phones, PDA's and laptops, that I was o.k. with taking the iPhone apart almost completely.  That really helps the drying process, but your mileage may vary if you're less experienced with this sort of thing.

In any case, once I finally sat down that night to clean and re-assemble the thing, I didn't know what to expect. Most everything inside looked ok, except for one slightly scorched-looking area on the main logic board (See picture to the right).  I still haven't found solid confirmation on what this is online, but at this point my assumption is that it's a surface-mounted Wi-Fi antenna.

Well, the water sensors were also all tripped, but well... y'know.

After a good cleaning, I nervously reassembled the phone, not sure of what was going to happen. After popping the case back together and twirling home the final two screws, I held the power button, and waited...



Not too bad, all things considered. There was a very noticeable light blotchiness across the screen (as well as some faint diagonal lines that don't come out well in photos), but I had read reports of that elsewhere online. Consensus was that it's trapped residual moisture between the LCD and the glass, and that it dissipates over time. The real annoying bit was the Wi-Fi - it wasn't unreliable, it didn't have trouble locating networks - it simply wasn't there.  Wouldn't even read as a function the phone had.  AT&T's 3G network is pretty fast, but it's still not Wi-Fi fast, and the cellular connection also puts a much higher drain on the battery.

The next day, the Wi-Fi was still M.I.A., but the blotchiness had definitely improved.


It continued to get better as the week wore on.  By two weeks, both the blotches and the diagonal streaks were gone.  The phone looked almost good-as-new, except it couldn't do Wi-Fi.  My dad called it my "iPod un-Touch".  I resigned myself to this being my situation for the foreseeable future. Liquid damage instantly voids the iPhone warranty (standard practice for cell phones) and Apple would charge me $200 to replace it out-of-warranty. Not a bad deal, all things considered, but I don't have a whole lot of discretionary income at the moment, so not something I can take advantage of.  Besides, other than the Wi-Fi, the phone works.  Quite well.  So that's that.

But hold on just a second...

Fast-forward to last week. I had periodically been doing a full shutoff-reboot of the phone, just to see if that would do anything. Some websites had reported seeing lost wireless functionality return after doing this, but it never did anything for me.

Except, this time, it did!

So now my formerly-aquatic iPhone even has WiFi back. Well... kind of.  The range is really limited, and kind of unpredictable (making me more confidant the "scorched" part was, in fact, the antenna). But hey, if I'm sitting 5 feet from the router, it stays pretty reliable!  ;-)

So there you have it. A testament to Apple's engineering team... or my ineptitude. Take your pick.

Monday, March 08, 2010

Valve Announces Steam For Mac OS X

(Image blatantly taken from the WIRED story)

Awesome. Some reading material:



Valve Software has announced that next month they will be releasing a Mac client for their popular online video game store and community portal, Steam. With this, comes the news that they have also ported their substantial catalog of games, as well as the Source engine running most of them (as well as a fair number of other 3rd-party games)

There's plenty of info in the two links above, but here's a few takeaways:
  • All Source-powered Valve games you've already bought will carry over to either platform - no need to re-buy anything!  (Valve is also encouraging other developers who sell their games on Steam to do the same)
  • Games that use the relatively-new "Steam Cloud" services will be able to sync game settings, save files an the like across platforms.
  • Full multiplayer compatibility.
  • All future Valve games (starting with Portal 2, which looks great) will be simultaneous releases on Windows, OS X, and Xbox 360. (still no love for the PS3)
This ought to make things rather interesting.  Back in early 2005, I got a Mac as an early high school graduation gift. It made a lot of sense - I was going to film school in the fall, and I needed a laptop for college. Obviously, that machine needed to be something that I could run Final Cut Pro on.  I had been a gamer all through high school, even attending QuakeCon the previous year. But if I wanted to keep playing Counter-Strike at Syracuse, I would need to lug up my old self-built PC tower.

However, the specs of my new PowerBook were tantalizing. Admittedly, the 1.67Ghz PowerPC G4 wasn't anything to write home about.  The weaknesses of the PPC had become so severe that Apple would announce their big Intel switch later that very year.  But the hard drive and (upgraded) RAM were respectable, the screen was gorgeous, and the ATI Radeon 9700M graphics card really caught my eye.

It was a generation behind the current cutting edge... but this was a laptop.  And it had as much video memory as my desktop GPU!  I tested a couple games that did have Mac versions (Quake 3 and the demo for Unreal Tournament 4) and they ran pretty well, for a laptop.  Keep in mind, back then very few laptops actually had decent GPU's, unless you were talking about Alienware.  But even lower-end Macs always had dedicated graphics cards, simply because they needed the graphical horsepower to run the Aqua GUI smoothly, especially on anemic G4 chips. It was a real shame I couldn't just fire up some Half-Life on this shiny new machine...

Of course, a few years later a fortuitous run-in with Applecare would net me an even shiner new Intel-based MacBook Pro. It had even better hardware than my now-ancient PC tower, so I wasted little time in installing XP on a Boot Camp partition, and being only a reboot away from gaming bliss.  Of course, the rebooting does get to be annoying...  I'm looking forward to April!

This is also pretty fascinating from a game-industry standpoint.  There are now two major long-time PC developers (Blizzard and Valve) dedicated to simultaneous PC/Mac releases. (id Software fell off that wagon with Doom 3 and Quake 4, but looks to be coming back with Rage? We'll see.) And the Source engine - quite popular among both developers and mod teams - can now, presumably, seamlessly target either DirectX or OpenGL.

Interesting. Very interesting.

Sunday, February 28, 2010

Canada's Olympic Win... and Pittsburgh

I'll be honest, I've never really followed hockey.  But even I was drawn to the drama of this showdown between the U.S.A. and our "neighbors to the north."  This wasn't just about a game, or a medal.  This was flat out national pride on the line!

However, I found the fallout in my digital circle of friends rather amusing.  I live in Pittsburgh, and while Americans are mighty proud... Sidney Crosby is a Penguin.  In a town famous (infamous?) for fanatical devotion to its sports teams, this made for some interesting facebook-reading post-game:

(click the image to view large enough to actually read!)

Saturday, February 13, 2010

Video Games Live!


Today (the 12th) was my birthday! Yay!

As part of the celebrations, my brother (with some help from my girlfriend) brought me to Video Games Live:  Bonus Round, here in Pittsburgh. This is their second show here with the Pittsburgh Symphony Orchestra.

This show has been touring since 2005, and plenty has already been said about it. Suffice to say: it's a really fun evening, and I'm really happy to see video game music, and game music composers, getting this kind of wider recognition. I wasn't able to make it the first time they had a show here, so I can only comment on this performance. A few highlights...

  • The performances were generally excellent. The orchestra was great, the conductor was really into it, and the host really knew how to engage the crowd. (The only real letdown was the violin soloist for the Bioshock segment. The introduction to Rapture is a pretty unforgiving theme, and it didn't really seem to be his night)
  • It being Valentine's Day on sunday, they opened with a poem: "Roses are #FF0000, Violets are #0000FF.  All of my base are belong to you." Not the most original spin on that old meme, but it still got a nice laugh from the crowd.
  • They had two audience members come up and play Frogger. (I'm pretty sure it was the Atari 2600 version.) Time limit was 2 minutes, 30 seconds. Neither one got past the first level.  Come oooon...  haha
  • Flute Link!  I had somehow missed it when she first appeared at Otakon a couple years ago, but Laura Intravia is a very talented flutist, and also a cosplayer. Combining the two, she became Internet-famous, and is now touring with VGL! Score! (The video below is from the Sãu Paulo show last October)



  • Anthony Daniels (better known as the guy who plays C-3PO) was there! He's an adjunct professor at CMU's Entertainment Technology Center, and came to the show. When the host learned of this, he wasted no time in directing everyone's attention to it. Cue thunderous applause and spontaneous standing O. That alone made the night.
  • The host made a sideways jab at the Tony Hawk series for making too many sequels. "But it's ok.  I can say it - I wrote the music for the first one.  But I stopped after that..."
  • They had a Guitar Hero contest before the show, where whoever did the best would be invited up on-stage to play it live later in the show. The same guy won who did it at last year's show!  And he doesn't even live in Pittsburgh! To be fair, he was damn good at Guitar Hero...
All in all, it was definitely a great experience, and I hope to go again!

Wednesday, February 10, 2010

The Latest Electronic Privacy Risk: Copy Machines???

Something you'd never really think about, but apparently traded-in or sold office copiers actually represent a pretty huge privacy / identity theft risk: 
http://cbs5.com/video/?id=61266@kpix.dayport.com

Some of the information here is just crazy.  I mean, yes, clearly the machine needs to store cached digital versions of documents in order to fax them, email them, or even just offer a "print 20 more of that last thing I did" button.  But why in the world would the copier ever need to store 25,000 cached documents???

Easy fix?  The drives should be wiped before the machine is resold or returned.  (and if there isn't already a way to do that from the menus, there should be.)  That's the same standard operating procedure a company should be using for computers.  And let's face it, everything is a computer these days.

Sunday, February 07, 2010

Beautiful Google Ad



I actually spotted a Flash ad for this video on my webcomic several days ago, and word is that Google is going to be playing it during the Superbowl.

Simple, honest, emotional...  now that is how you do advertising.

Sunday, January 17, 2010

Books!

I like reading.  Always have.

During college I found I didn't spend as much time reading for pleasure as I used to.  I read plenty for my classes, but I definitely "fell behind on my reading."  With a newfound surplus of free time, I started picking up a couple books I'd been meaning to read last summer, like William Gibson's Neuromancer, and the fascinating (at least to me) Masters of Doom, as well as having Christine steer me towards Microserfs, and the english translation of the original Battle Royale.  But this was still only a handful of books over the last six months or so.

Now, between Christmas presents, and one fateful trip to the Half Price Books in Robinson, I've amassed the following mini-mountain in the last few weeks...



In case you're keeping score:

Methinks I have some reading to do...  :-)