Terminally Incoherent

How would I describe this movie in one sentence? Let’s see. Maybe “Groundhog Day on Crack”? Hmmm… No that’s not it. In fact it’s not even close. The movie does bring up similar questions about time, chance, cause and effect and one man’s destiny and power to change it with small, seemingly insignificant action so I guess I’m bound to compare the two.

In both movies for example the protagonist loops around in time re-living the same events multiple times, and is allowed to experiment with cause and effect. But instead of a jaded and unpleasant weatherman, the hero of this movie is Lola, an attractive young girl with flaming red hair, and an attitude. Unlike Phil Connors (who found love because of the loop) she seems to loop out of love for her boyfriend. The setup is simple. Manni (Lola’s guy) gets in trouble with the local mafia, and must come up with $100k in less than 20 minutes or he will likely be killed. To save her man, Lola will have to come up with the cash, and quick.

We see Lola run through the city 3 times. Each time her path is almost exactly the same, but small variations inevitably sneak into the picture. On one run she bumps into someone, on the second she passes them by, and on the third they never meet and etc.. These small changes end up being significant because they allow Lola to gain pr lose precious seconds and each successive one can and will influence all the other ones that follow it.

We never find out why exactly is she looping around in time like this. I mean, you can figure out that it’s love and determination that pushes her forward. But we never learn why or how this happened to her and not someone else. Lola herself is largely unaware of this fact. She does not know she is looping back in time, however for some reason she does seem to retain some memory from previous runs. For example during her first loop Manni teaches her how to take the safety off a pistol. On the second run, she takes the safety off herself as if remembering it. This sets up a slightly different tone than the Groundhog Day.

There was a sort of logic to that movie - Bill Murray’s character knew that he is going to loop around each day, and retained all his memories. He could plan ahead, and through observation he could slowly gain a sort of omnipotence and exert more and more control over his fate. Lola doesn’t have that luxury. For her, each run is a first, there is never any guarantee that she will get another chance. Despite that Lola seems wiser, and more apt at exploiting using her environment during each subsequent loop.

Phil Connors broke out of the time look using logic, planning, and powers of observation. He could break down his day, plan his activities, and set everything up for success. Lola only has 20 minutes, and she is in a mad rush each time. Her world is one of raw emotion ruled not by logic but rather than fate, chance and destiny. In a way this story reminded me about this quote from Paulo Coelho’s Alchemist:

When you really want something to happen, the whole universe conspires so that your wish comes true.

Lola’s universe comes alive and indeed conspires to make her succeed. Unlike the cunning weatherman from Groundhog Day, Lola has little control over her situation. There are many variables that she can’t influence, and luck and chance play a big role in each loop. She has no other choice but to trust her luck and like Coelho’s protagonist hope that it will direct her steps toward the goal. When she ignores this magical conspiracy it becomes an obstacle. She trips, she falls, she is late or to early. Only when she starts noticing the events around her, and takes her cues from them she is able to make real progress. Phil Connors had to take his destiny in his own hands, and be the agent of change. Lola on the other hand, must let go and let her heart guide her to succeed. The agent of change is fate, and she is but a pawn with a mission. To succeed she must allow the universe to propel her towards the solution; she must put everything on the line and hope that the wheel of fortune will swing her way. Otherwise she is doomed.

Should you watch this movie? I think you should. I enjoyed it, and I think you will too. It is fun, entertaining a little bit campy and it will definitely keep you at the edge of your seat. Fair warning though - this movie has subtitles. The action takes place in Berlin I believe, and all the actors speak German. This didn’t bother me. In fact, the streets, cars and the architecture looked oddly familiar. I was never in Germany but I lived half of my life in Poland and it seems that the crappy cars, and run down buildings, and shitty supermarkets in both countries are oddly similar. I also remember using those funky phones that take plastic phone cards instead of change. So for me this was not only and entertaining flick but also a trip down the memory lane.

Get it, watch it, let me know what you think.

Here is a prediction: in the next few years traditional POP+SMTP email setup will become virtually extinct. I’m basing this on several factors. For one, no one actually remembers what these things are anymore. My students think that POP is what southerners call carbonated drinks (it’s soda here btw) and that SMTP is a made up acronym that I coined on the spot just to have more buzzwords to test them on. But that’s just one of the factors.

Factor number two, possibly the more important one is that providing users with a SMTP access is becoming less and less practical with every day. Port 25 is pretty much universally blocked across the board. Almost no company or public institution leaves it open these days. Many ISP’s do the same thing for their residential clients, insisting that they use their designated SMTP server or nothing at all. Of course if you go to the trouble of blocking outbound traffic on 25 you might as well also block 587 (which is designated as the official authenticated SMTP port and is the second most common port used for the protocol). Most corporate firewalls are usually set up to block all outbound traffic except port 80 and 22 (and sometimes 110 for email). The idea is that clever people will be able to get around the restrictions with SSH tunneling while the sheep can suffer in the name of combating spam and internet worms. Which, btw is something that I generally approve. I’m all for locking down firewalls, and protecting lusers from their own stupidity by not letting them do anything.

I’m merely making an observation here. Every day our society becomes more mobile with proliferation of wifi networks, 3G and other wire free technologies. Laptop sales are skyrocketing, and overshadowing desktop sales. Most of my students never actually owned a desktop. Most of my co-workers do not have desktop computers at their homes. Casual users buy laptops. Desktops are now primarily built for the business sector and high end gaming crowd. But while people are getting more mobile, the SMTP gets less useful. Let me illustrate this by example.

Let’s say a big company hires a promising young man named Bob. Bob is issued a company laptop since he will be expected to sometimes work from home. Since Bob is an idiot as far as the IT department is concerned his email was set up for himwith company’s POP and SMTP information ahead of time and he was trained to use it. As expected his email works perfectly when he is sitting in his cubicle, however when he takes the laptop home trying to finish an important project a disaster strikes. He can receive email but he cannot send because his ISP is blocking Port 25. So he spends 4 hours on the phone with his IT department trying to explain to them that his “Microsoft is giving him an error when he tries to send an email”. Then he spends another 4 hours on the phone with his ISP trying to configure his Outlook to use their SMTP server.

Finally he is able to send his super important email at 4am in the morning, catches 2 hours of sleep and he is back in his cubicle at 8am only to realize his email is not working again. It turns out his ISP’s SMTP server doesn’t relay emails from outside of their network. And even if it did, his company is blocking Port 25 anyway allowing only their own SMTP server to send emails out. The IT folks play rock-paper-scissors to see who gets to deal with Bob-the-Retard this time. The loser, makes a cheat sheet for Bob with each step explained in minutiae detail and accompanied by screen shots and then staples it to Bob’s head so that he doesn’t misplace or eat it.

Of course this story repeats itself whenever Bob visits a new place. Soon enough he has a cheat sheet for work, his apartment, his girlfriends house, his favorite coffee shop, the local park, the hotel he stayed at, a conference hall in Boston, and etc… Each time Bob moves his laptop from one location to another, he is required to first find out what SMTP server he can use there and then reconfigure his Outlook.

A lot of companies and institutions which employ many Bob’s get quickly fed up with this sort of thing. So what do they do? They migrate to webmail solutions. Exchange for example has a rich webmail client which looks almost exactly like Outlook and can be used by Bob’s when they work outside of the office. Other, more courageous folks make a leap of faith and migrate their email and calendaring to Google Apps or Zimbra.

ISP’s on the other hand don’t even tell their customers about their POP+SMTP offerings. They provide them with a webmail client instead. Those determined enough can find POP (or IMAP) and SMTP info buried deep in their online help documents.

Public SMTP’s will eventually get phased out and locked behind firewalls. ISP’s no longer promote them as it is. How many users will complain if they simply hide the SMTP server from them and request that they use webmail instead? Right now they may alienate a sizable chunk of their customer base but the majority won’t even notice. In 5 years the only people who will complain will be bunch of us geeks. And no one ever listens to us. We are almost never the target demographic for anything - we are the outliers which skew up the statistical analysis.

Do you like to roll a lot of dice when you play RPG games? This is not really an invitation to discuss the Big Model or the GNS Theory. You can discuss them but be aware that my attitude and personal opinion of these schools of thought consists of a single word: “Meh…” I looked at the GNS stuff and I find myself smack dab in the middle of the 3 distinct player groups. I’m equal part narrativist, part simulationist and part gamist which I think breaks the system. I think Ron Edward’s theory is really well thought out and really boring at the same time. I don’t dismiss it as useless though. Some of the indie games it influenced look interesting. I never played any of these newfangled narrativist things so I can’t really say how they would work.

I grew up playing RPG games the traditional way - the GM was God Incarnate, each player controlled a single character and had no creative input on the game world. That’s what I know, and anything else seems weird and a bit scary to me. When I was growing up the big divide between players had to do with dice.

Our flame wars had to do with whether or not do you roll dice and how often. I think it was around the time when White Wolf coined the word “storytelling” to indicate the GM’ing style of their World of Darkness line and we took it and run with it. Our regular GM was a firm believer in Storytelling with capital S as the ultimate way to run his games. He was also a big fan of Amber Diceless. Whatever system we were playing was therefore “amberized” by which I mean “made diceless”.

I told this story to a buddy from a gaming group I joined much later, and he seemed perplexed. “How do you play without dice?” he asked. I didn’t know how to answer this question. You just do. You declare that you want to jump over the ravine, the GM looks at your character sheet and makes a judgment call based on how well you described the action.

“I jump over the ravine” is probably a fail unless your character is a circus acrobat or an Olympic medalist in the long jump.

“I take a long running start, and when I’m in the air I stretch my hands out in front of me to catch the ledge if I’m falling short” is probably a success unless you are a short legged dwarf wearing a plate armor and a backpack full of bricks.

My friend shook his head in disbelief and murmured something about railroading and lack of random chance. He was appalled that my former GM could simply not allow certain actions to be taken. When I played with that that guy though, I didn’t care. We had fun, and were more interested in participating in the cool, fast paced stories he devised for us. Were we railroaded? Perhaps, but it didn’t really matter. I guess that could be tagged as narrativist style of play - I don’t know.

The dice-loving buddy of mine, and me were talking about this while driving to play a Ice Spacemaster GURPS campaign with copious amount of dice rolling, and looking up rules in one of the 8 GURPS rulebooks the GM owned and had sitting on the table at all times. There was nothing wrong with this style of play either. And I enjoyed it just as much as the amberized games in the past.

What I liked about the diceless sessopms was their free wheeling, fast paced gameplay. Without complex rules to slow us down we could usually close a complete chapter of a longer campaign in a single evening. And by that I mean get a quest, get implicated in a major political intrigue, get arrested, escape from jail, expose the evil plot, defeat the bad guys, clear our names and claim our rewards. All in one evening - sometimes two. In my experience this sort of thing is almost never possible with a dice-heavy gaming - combat alone bogs everything down and always takes forever. What I like about this kind of games however is their unpredictability. There is something exciting about dice based combat situations when you know you character’s life depends on whether or not you can make the next roll.

My ideal environment probably lies somewhere in the middle. Stuff like social interaction, spot checks, intimidation and etc are best done diceless. Randome encounter tables are definitely out. Simple physical actions or simplistic combat can be done diceless but the important, risky, difficult and exciting actions are probably best left to chance to get your adrenaline pumping.

My brother on the other hand caught the Amber bug, and refuses to play anything where the dice are involved. The aforementioned gaming buddy never understood the diceless concept and probably never will. Which I guess is fine.

Which camp do you find yourself in? Do you like diceless Amber like game play? Do you like lot’s of dice rolling and rules lawyering? Or are you somewhere in the middle like me? Or perhaps you can rephrase my discussion in terms of Big Model and GNS and shed some new light on this? I’m familiar with the theory but I never really pondered it long enough to apply it to my own gaming patterns.

Did you ever go on a Wikipedia click rampage? It usually happens when you look something up, then you click on a link in that article, then on a link in the linked article and etc. 2 hours later you find yourself reading an article that has absolutely nothing to do with what you started with and no relevance to anything useful whatsoever. But it’s interesting. That happened to me recently when I stumbled onto a description of a rare, hereditary disease which gave me an idea for a story. Here are some notes I jotted down on the subject.

The Setup

A guy suffering from fatal familial insomnia sets out to unravel a mystery from his past before he succumbs to the disease. Fatal familial insomnia is an incurable genetic disorder which affects ones sleep patterns. From wikipedia:

The age of onset is variable, ranging from 30 to 60, with an average of 50. However the disease tends to prominently occur in later years, primarily following child birth. Death usually occurs between 7 to 36 months from onset. The presentation of the disease varies considerably from person to person, even among patients from within the same family.

The disease has four stages, taking 7 to 18 months to run its course:

1. The patient suffers increasing insomnia, resulting in panic attacks and phobias. This stage lasts for about four months.
2. Hallucinations and panic attacks become noticeable, continuing for about five months.
3. Complete inability to sleep is followed by rapid loss of weight. This lasts for about three months.
4. Dementia, turning unresponsive or mute over the course of six months. This is the final progression of the disease, and the patient will subsequently die.

The story would follow the character as his condition worsens during the span of 10-18 months. It would start near the onset of the disease, at which point the hero would start his quest facing sleepless nights, bouts of paranoia, odd phobias and eventually hallucinations. At this point the story could take an oneiric slant blending flashbacks from the past, fictional dream like events and reality. Our character would be slowly loosing the ability to distinguish between past, present reality and hallucination slipping into sort of a waking dream. However the increasingly complex hallucinations would also help to bring him closer to his goal - often representing repressed memories, and revealing new pieces of the puzzle.

The Mystery

This is the area that needs the most work. I really have no concrete ideas here, but I’d want it to be deeply personal, and somewhat disturbing. Our character could for example be adopted, and he sets out to find his biological parents. He has no records, no last name and no information about them. But since the fatal familial insomnia is very rare genetic disease found only in around 28 families worldwide this sort of narrows down his search. After few duds he finds a promising lead. Unfortunately something happened to the family and the trail ends abruptly and our hero is forced to look inward trying to reconstruct his childhood memories basing on old documents, visits to familiar locations, and items from his past.

I don’t really have much more at the moment. Obviously this is the big hook that can make or break the whole narrative. I’d like it to be something dark, sinister and unsettling but I can’t think of anything that would fit here. Can you?

Themes

The story would start grounded in reality and then slowly slip towards abstraction. So initially we would explore how insomnia affects our characters personal relationships with his wife/girlfriend, family and friends as well as how it affects his work. Having issues adjusting our hero would set out on an inwards journey of self discovery while his close ones rally around him trying to cope with his condition. Onset of paranoia and irrational phobias would put a severe strain on his closest family - his personal quest conflicting with their attempts to help him.

So we would see the secondary characters try to cope with inevitable death, and their close one growing more distant, disturbed and detached from reality every day. Some would sever the relationship being unable to cope, some would try to interfere in his pointless quest causing conflict. Only our heroes true friends/soul mates would stay till the end.

On the flip side we have this sort of existentialist notion of subjective perception of the world. Our hero at some point looses the ability to distinguish between rational and irrational thought, reality and hallucination. But what is reality? Is my reality the same as your reality? The only way we can figure out what is normal is by negotiation - if we both see a pink elephant, then it must be real. But then again, how would I know I’m not negotiating my reality with yet another hallucination? Perhaps you see the elephant, because your really don’t exist.

How do we assert what is real and what is not when our frame of reference is lost? Our character would be struggling wight these kinds of issues. Which events were real? Which were imagined? Which memories are real, and which ones are fake? And does it really matter in the end?

Conclusion

When I read the description of this disease, this outline just sort of jumped at me. I think there is something here. It would take some skill to actually turn this into a worthwhile story, and it would require careful mixing and rationing out the ideas and themes outlined above. I believe that the concept is rather interesting though. Do you agree? Or is this totally stupid?

Terminal Insomnia by Łukasz Grzegorz Maciak is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License. Based on a work at www.terminally-incoherent.com.

Not so long ago my university’s email got blacklisted by Comcast and Microsoft due to large amounts of spam streaming from our network. This lovely email explains the details of the situation:

To Our Campus Community-

Information Technology has received several reports from users that email sent from mail.montclair.edu accounts to Hotmail.com, MSN.com, and Comcast.net email addresses are being returned as non-deliverable.

Upon further investigation we have determined that Hotmail and MSN (both owned by parent Microsoft Corp.) as well as Comcast have put the montclair.edu email domain on a “blacklist’ for alleged spam activity and are temporarily refusing to accept mail from our campus server.

Information Technology has contacted all three ISPs to request that our domain be removed from their blacklists. As of this writing, only Comcast has responded to our request and removed us from their blacklist.

How did this happen?

Last week there was an email “phishing” scam circulating that asked users to respond with their email account name (NetID) and password. A handful of users contacted IT to say that they had mistakenly responded to that phishing scam and provided their NetID and password. It is likely that other users may have done something similar but have not yet contacted IT.

Even just a few compromised mail.montclair.edu accounts can be used by spammers to send thousands of spam messages from our domain. We believe it was exactly this scenario that landed us on the Hotmail, MSN, and Comcast blacklists.

Note: If you responded to the phishing scam last week please change your NetID password immediately by going to the NetID account form at https://netid.montclair.edu

As a reminder: Montclair State’s Division of Information Technology will *never* under any circumstances ask you to provide your password, social security number, or other personal information via email. Any email you receive asking for such information, regardless of the alleged source, should be considered fraudulent and deleted immediately.

We apologize for any inconvenience this situation has caused, and will update this list as soon as we get confirmation of our removal from the Hotmail and MSN blacklists.

It seems that the issue was resolved quite swiftly the same day actually. Here is the follow up email:

To Our Campus Community-

This is an update to my previous email regarding blocked email delivery to Hotmail.com and MSN.com accounts.

As of 6am this morning, Friday August 8th, Microsoft Corp has lifted the anti-spam block for mail.montclair.edu and is now accepting mail from our domain. Any messages that you had attempted to send to Hotmail or MSN address that were returned as non-deliverable will need to be re-sent.

Again, we apologize for any inconvenience this temporary block may have caused. We hope that through continued diligence by our user community to avoid phishing scams, and some additional configuration of our outbound mail gateway we can prevent further blacklisting incidents in the future.

Then it happened again:

To Our User Community-

Information Technology was alerted late last night (Sunday August 17th) that Hotmail.com and by affiliation MSN.com have again placed the mail.montclair.edu domain on their blacklist for alleged spam activity.

We have contacted Microsoft and they have indicated that the blacklisting will be lifted tomorrow, August 19th at Noon. Until then,
any mail sent to hotmail.com or msn.com addresses will bounce back as non-deliverable.

It is unfortunate that Hotmail/MSN has taken this action without any pro-active notification to the University and without any detail as to what conditions caused us to be blacklisted.

In the coming weeks Information Technology will be reviewing our anti-spam policies and the configuration of our outbound email gateways in an effort to minimize these arbitrary blacklisting incidents by Hotmail and other major ISP’s.

Being blacklisted once is bad enough. Being blacklisted twice indicates that OIT didn’t learn anything from the first incident, and failed to take any preventative actions. I don’t think we can dump this on users alone. After all, every organization, and corporate entity out there has a number of computer illiterate staff members who are likely to fall pray to phishing. And yet they somehow manage to steer clear from these blacklists. User education is important, but it is hard to teach people who hardly ever use email about email security.

This is not a user problem - this is an institutional issue. I personally believe that OIT (MSU’s IT branch) could have prevented this from happening by immediately taking couple of preventative steps and tightening their security policies after the first incident. The following three questions are the key to understanding what went wrong here:

1. How do Phishers and Spammers obtain valid MSU emails?
2. How do we prevent compromised account from sending massive amounts of email?
3. How do we identify compromised accounts and disable them before they become a liability?

The first question is trivial. The answer is located on the OIT page itself, and if you ask a random computer science student hanging out in the CS Department area he/she will probably be able to show you how to poll university systems for emails, and brag about their perl/python script which can pull thousands emails according to some rules or self imposed requirements (ie. stealth, speed etc..) from anywhere in the world, and without any authentication. Yeah, we all wrote those. I think most of us give up trying to alert the OIT about this around the sophomore year and just learn to accept it. I never gave my script to anyone, and deleted the email addresses I collected from my hard drive. I could have sold them to spammers - and so could other students. How many of them did? That’s a good question. Besides, I’m pretty sure that if we figured it out quite a few spammers figured it out as well by now.

The other two questions are there for OIT. I don’t know the answers. I suspect that the first one is probably “we don’t”. There is storage quota but I believe there is no email volume quota on student accounts which is both a good thing and a bad thing. It is a good thing, because quota’s suck. It is a bad thing because a compromised account can really spew out large amounts of crap before someone notices anything. I trust that someone is watching over these things. At least I hope that there is a monitoring script somewhere that sends out an email to the sysadmin saying something among the lines of: “BTW, you might want to know that this one student just sent 10 million emails yesterday”. But alas, I do not know whether we have it or not. I can just hope we do.

I believe there is a policy for disabling compromised accounts but I don’t know whether there is a process. And if there is, it is obviously not efficient enough if we get blacklisted this easily. My solution would be to look at question #1 REALLY closely, because that is the big one. Fix that, then revise the process, and perhaps introduce some generous quota and more aggressive monitoring.

There is not much I can help with from the institutional part though. I don’t really have a say in these matters. I can however help with the user education, ~30 students at a time. And this is what I will do. The coming semester I will try to put more emphasis on Phishing, Pharming, online scams and social engineering in general. That will be my input into fixing this issue. OIT has to do the rest.