Terminally Incoherent

I said this before, and I’ll say it again - I can’t stand Hollywood movies about hackers or hacking. I just can’t deal with that shit. The classic Hackers is possibly the single notable exception to this rule. And that’s because this movie is actually a clever satire - it takes the popular culture image of a hacker, and the average Joes concept of what hacking is, turns it up to 11 and then ads a dash or realistic jargon, or real references here and there. It is a ruthless caricature poking fun at the hipster image of a hacker existing in the media and the so called “hacker culture” perpetuated by script kiddies who think they are 1337. I have no clue whether or not this satirical layer was added intentionally, or whether it simply emerged because later Hollywood productions tried to imitate it. In ether case the sheer badness of the film caused an integer overflow and as a result it became good again. And I guess it’s all that matters.

Of course a if you manage miss the joke completely you can still enjoy the movie as a campy, off-beat fun ride. Everyone wins. End result is a cult classic loved by computer professionals and clueless people alike - often for very different reasons. Few others have ever accomplished anything similar. In most cases any attempt to portray “hacking” on the silver screen ends up in a massive load of epic fail. As an example I give you a scene from the movie Swordfish:

Can anyone explain to me what is going on in here? Cause to me it kinda looks like this guy is playing some sort of 3d puzzle game. He is typing on the keyboard like a madman, cursing, jumping around and etc… In the meantime his (obligatory) multiple screen rig is showing some funky animation depicting cubes of shimmering code falling into place, scrolling text and lots of blinking lights. It’s silly!

Most Hollywood movies depict hacking this way. Some sort of abstract, incomprehensible activity that apparently involves a lot of frantic typing without using a space bar. But it doesn’t need to be this way. Here is a hacking scene from the matrix. Watch closely on what shows up on Trinity’s monitor:

Did you catch it? You can clearly see the characteristic output of Nmap (a very popular port scanning tool), and then exploits the very real, but also very old ssh vulnerability to take control of the remote system. This depiction was so realistic, that the British Computer Society felt compelled to release a joint statement at the time, urging movie goers not to attempt to emulate it.

To a lay person both scenes would look equally incomprehensible and cryptic right? In both cases we see characters type stuff on the keyboards, and see some scrolling commands and text output that is really not essential to the story. The Hollywood produces usually assume that since an average person doesn’t know the first thing about hacking they might as well make the activity visually pleasing.

The thing is that people do know how hacking looks like. Anyone who uses their computer for more than browsing Myspace and chatting on AIM knows that what you see in the Swordfish scene (or the scenes from the Hackers movie for that matter) are totally fictitious. Unless you are a lumberjack and live in a log cabin in a middle of a forest with no electricity you probably know a programmer, sysadmin, or an IT guy of some sort. Or at the very least you may know that computer whiz kid from the neighborhood who fixes your laptop whenever you infect it with to much spyware.

There is a certain way computer interfaces look, and there is a certain flow to a typical computer operation. I think that most movie goers these days realize that “hacking” into a computer system involves activities such as running programs, typing in commands, and for example looking stuff up on the internet. Most people realize that this whole “typing really fast, to control some 3d animation on the screen” thing is incredibly silly. In fact I have seen it parodied, joked about and made fun of in mainstream media well outside the usual geek circles.

So why does Hollywood insist on insulting our intelligence this way? Why do they show us shiny animation assuming that we wouldn’t understand what was going on in the first place. Some people will probably argue that showing “real hacking” would be irresponsible. I would naturally laugh, and explain the concept of full disclosure to these people. Think about this logically:

1. No one says that Hollywood needs to show new, cutting edge zero day vulnerabilities
2. Besides, a zero day vulnerabilities would be old news long before the official move premiere
3. Including an old vulnerability in a blockbuster movie would possibly make people nervous and force them to finally patch their systems - so it would be a benefit for everyone
4. No one says you need to show a step by step tutorial - what Matrix did was perfect - they made up a script with a made up name, and then stated it is exploiting the ssh crc32 vulnerability

Showing just glimpses of real exploits, or inessential bits of code is not irresponsible, or dangerous. It is no more dangerous than showing your average episode of Myth Busters on TV. After all, Myth Busters use real physics and chemistry principles to make things blow up like every week. You know - the stuff you could look up in your high school physics/chemistry book - they use that stuff. How is using basic, common knowledge computer science and computer security principles to do privilege elevation or remote exploits any different?

All I’m asking is this: if your movie revolves around hackers, hacking, security exploits or programming, please, please, please hire a technology consultant and for god’s sake listen to him. Ask him to write down a list of technical jargon terms the characters should know, and pointers on their usage. Have him write sample lines the characters could say while hacking/programming. Have him work with the post-production team to create appropriate visuals. That’s it! One guy, few hours of work. Whatever you will need to pay this dude is probably insignificant to the amount of money you spend for the CGI, pyrotechnics and the stunt work.

Seriously, if you know nothing about computers why do you think you can write and/or direct a good movie about hackers and/or programmers? When you are making a movie about police men, soldiers, firemen, lawyers or salesmen you probably bring in a specialist who explains to you and the actors how the things are done in his profession, makes sure you use an appropriate lingo, and don’t make huge blunders. No one seems to be doing that for computer related stuff though. It seems that it is easier to just make stuff up instead.

On of my users tried to explain a bug to me today. Apparently the results on the search page would not sorting properly. Or they were sorting but not by date but by half or a quarter of the date. Or at all. Or they would sort correctly, but sometimes they didn’t and only half sort them. Needless to say, I was thoroughly confused and since this was not one of those “just read the error message to me” issues, I decided to visit the desk of the person who was complaining.

When I got there, I got a small demonstration. “Watch this!” she said, as if she was going to do some trick and I got scared for a second that she will do something that we could not have predicted, and inadvertently crash the whole application due to some hidden bug. You know the type of the bugs - the ones that are completely missed in code review, overlooked in testing and only come out when a user starts clicking buttons you didn’t even put into the design somehow. Fortunately she just typed a query into a search form, and tried to sort the results by date. Then she triumphantly pointed at the screen: “See! That’s what I mean”.

She was right. The results were indeed getting sorted according to the date column, but the algorithm was wrong. Instead of sorting by date, the table was sorted alphabetically/numerically with the obvious results. So I went back to my desk to figure out what went wrong.

The sorting was done by the Tablesorter Plugin so I assumed that the algorithm was right started digging in our code first. I soon figured out what was causing the issue: blank date values!

It’s simple, to avoid clutter missing dates are simply not displayed. So a table will look a bit like this:

<tr><td>05/25/08</td> <!-- snip --> </tr>
<tr><td>08/01/08</td> <!-- snip --> </tr>
<tr><td></td>         <!-- snip --> </tr>
<tr><td>12/11/07</td> <!-- snip --> </tr>
<tr><td>11/10/07</td> <!-- snip --> </tr>

If there are not blank cells in the column, tablesorter script correctly recognizes it as a date column. If it sees blank cells, it reverts back to a text sorting algorithm. Since only some queries would produce blank cells like that, this issue went unnoticed for quite a while. I guess we trusted tablesorter to do the identification thing properly.

The fix was trivial - force the tablesorter to treat date columns as date columns no matter what they contained. You pretty much have to specify the data type for each column:

  $(document).ready(function() 
  { 
    $("#myTable").tablesorter(
    {
       headers:
       {  
         0 : { sorter: "shortDate"  },
         1 : { sorter: "shortDate"  },
         2 : { sorter: "shortDate"  },
         6 : { sorter: "shortDate"  },
         13 : { sorter: "shortDate"  },
         14 : { sorter: "shortDate"  },
         16 : { sorter: "shortDate"  },
         17 : { sorter: "shortDate"  },
         19 : { sorter: "shortDate"  }
       }, 
       widthFixed: true,
       widgets: ['zebra']
    }); 
  });

Btw, guess how I knew that I needed to use the “shortDate” keyword? Because I looked at the tablesorter.js code naturally. Initially I tried “date” but of course that did not work. Next I stared at the online documentation for 20 minutes before I decided it was pointless, so I just downloaded un-minified version of the script, and scanned through it looking for parsers and their names.

Tablesorter is a great plugin, but it really could use more in-depth documentation. While I was digging around in the code, I decided to write down the names of all the parsers for future reference. Here they are:

• text
• integer
• currency
• floating
• ipAddress
• url
• isoDate
• percent
• usLongDate
• shortDate
• time

The auto detection in the script works pretty well most of the time. It can however fail for simple reasons such as blank lines. I’m surprised that the list above was nowhere to be found on the page. Oh well… It’s here if you need it.

New game in the spirit of Name That Movie or TV Show cycle I’ve been doing here. This one is a bit different and possibly more difficult. Or it could be easier. I don’t know.

This version of the game may appeal to slightly different crowd. Instead of identifying movies, I’m asking you to identify video games in the picture below. And instead of random screenshots, I’m actually using the box covers. Naturally since each video game box has the name of the game printed on it, and usually a signature, distinct art I’m adding some Gaussian blur to each of them. I tried to make them fuzzy enough to conceal telltale details (and the title of course) but clear enough to allow you to recognize the box by shape, color and composition.

I tested it on my brother and he immediately identified 5 boxes correctly, 2 incorrectly and had no clue as to the rest. So hopefully this won’t be solved by the first commenter.

Something tells me I’m making it to easy, but we’ll see. Let me know whether you like this new variation on the game. I will probably continue making “Name that Movie” panels in the future, but this could be another fun distraction.

Apparently there is something to be said about short blog posts. Allegedly I tend to get long winded sometimes and my posts can run a tad verbose sometimes. I usually tell people to STFU and go read Steve Yegge if they want to see verbose. I’m short, concise and to the point compared to him. But I figured that I’ll try some of that short blog post thing that people seem to be enjoying in other parts of the web. So I’m making a post about a silly little windows command. This is so that I don’t forget it about it next time I need it.

Have you ever needed a file of specific size to test something but you didn’t care what that file was? You know, just a space holder or a space filler kind of a thing? This is what you need to do to create one on Windows XP:

fsutil file createnew file.ext 10000

Naturally file.ext is the desired name of the file you want to create, and the numeric argument is the desired size in bytes. Note that fsutil creates a sparse file which means that this operation will be blindingly fast. For example it took about 3 seconds to create a 10GB file on my elderly windows machine.

Useful trick. I sometimes use it to see how a given app will act when it encounters a file of certain size. To accomplish the same thing in linux you apparently need to do something like:

dd if=/dev/zero of=my-file bs=1 count=0 seek=10G

I messed around with it, and the bs and count are important so don’t just skip them. The seek attribute specifies the desired size of your file, and here you can use human readable units (like 10Gb in the example).

So if you ever need a file of a specific size to test something, here is how you make one. How is that for a short post? What do you mean 350 words is not short? Ah, go to hell then. I tried. Next post will be verbose again.

In the past I argued that PC Gaming is far from being dead but the more I think about it the more I start believing that I was wrong. I don’t want PC gaming to be dead - I have been a PC gamer most of my life, and all my favorite games are PC titles.

1. Upgrade Treadmill - It is getting progressively harder to keep up with the new hardware. Few years I was shopping around for a new video card and a I was looking up specs online, comparing prices on neweg and doing all kinds of research and I could not figure out what to buy. I ended up asking a friend who builds and sells tricked out gaming rigs (you know, water cooling, binged out cases and the works) for advice/ And I consider myself a knowledgeable computer professional. A Shamus wrote about this some time ago and it is getting progressively worse. At this point for example my brother doesn’t even bother reading the system requirements on the box because he knows he won’t understand them. He just asks me to investigate whether or not a given title will run on his machine before he buys it. Average customer won’t “upgrade” his video card - he will wait and buy a new computer when the time comes and hope that it will expect it to come with a video card that is able to play the newest games out there. Unfortunately this is not the case. A computer illiterate friend of mine bought a brand new, very expensive Dell which was advertised as a top of the line gaming machine. Few months later he bought Crisis and was disappointed and outraged that his brand spanking new gaming rig could barely run that game on medium settings. This is the sad reality which causes people to jump ship and buy a console. When you buy an xbox360 game you are guaranteed it is going to run on your xbox360.
2. DirectX 10 - in addition to upgrading hardware, you are also forced to upgrade your OS. As far as I can tell, no one wants to run Vista these days. All my coworkers who recently bought new computers absolutely hate it, and keep telling me how happy they are our company is not migrating to that infernal system. But guess what? If you want the new shiny game to run on your PC, you may just have to switch to the big V and take the 80% performance penalty that comes with it.
3. Stable Development Environment - I’m going to link to Shamus once again because he explains it better than I ever could. Console developers can rely on a stable environment that never changes. They can optimize their code, polish their engines to perfection and squeeze every last bit of juice out of the hardware. PC game developers on the other hand tend to be stuck in a runt, always chasing the latest and greatest rendering/shading/mapping technology. Consoles simply offer friendlier developer environment and one where you can accurately test the game play experience you are delivering to the player. No wonder many development studios shift their focus towards consoles more and more
4. Price - a $600 buys you a PS3, including software, a blue ray player, controllers and etc - in other words a complete gaming system. Or if you are a PC gamer you can spend that $600 on a new video card alone. I don’t like this, but you can do the math and see where this is going.
5. DRM - most PC games these days ship with a draconian DRM, online activation, installation limits and hidden rootkits. Not only do you have to jump through hoops to get them installed and activated - they can also damage your CD/DVD drives, or make your system unstable and vulnerable to attacks. Console games have none of the above.
6. Fewer and Fewer Exclusive PC Titles - at the moment, the only games that actually require you to own a computer are the popular MMO’s. Almost everything else gets released on at least one of the nex gen consoles almost simultaneously with the PC title or soon afterwards. Interestingly enough many of the MMO’s are not exclusive to the Windows platform. For example WoW will happily run on a Mac.
7. More and More Exclusive Console Titles - this trend started long ago, and is becoming more and more prominent. A lot of popular games never get a PC version.
8. Console to PC ports done as an afterthought - those console games that do get a PC release, often get a poorly done direct port, complete with a cobbled interface designed for a controller rather than a mouse, and wonky controls and many artifacts of the console-centric design. In most cases you are better off playing the original rather than torture yourself with the PC version.
9. Demographic Shift towards Consoles - most people around my age and younger these days own a next get console. Some own both the xbox360 and PS3. Most people own a Wii in addition to their primary gaming console. Conversely few of these people actually own an up to date PC gaming rig. Some do, but most either have an older machine that won’t play newest titles anymore, or a lightweight laptop that has enough powa to run WoW but not much else. Younger people seem to eschew desktops altogether, and shop for computers that are most battery efficient, and have good ratio of size/weight and comfortable keyboard layout rather than checking the specs on the video card. You can see this trend when you go to a local Wallmart (or other high volume retail chain) for example. One close to me has a single wire rack in the corner of the gaming isle where you can find PC games. And you’ll be lucky to find anything other than WoW and it’s expansions there. Occasionally there are few boxes of new hot releases but most of the time it’s mostly the same old MMO’s, 1 or 2 WW2 shooters, and few RTS games which have “Age of” in the name. Each console on the other hand has it’s own isle full of games. Consoles are the mainstream market now.

These trends are scaring me. I don’t want PC gaming to die, but the facts above do not suggest a rosy future for the PC as a game platform. Unless something changes, consoles will take over and the number of original PC releases will dwindle. It made me think though - the imminent death of PC gaming may mean hard times for Windows monopoly.

Let’s face it, gamers make up a very large chunk of Windows user base. The biggest source of income for Microsoft is naturally the business sector. I don’t see them being pushed out of there any time soon. The home desktop market however is huge chunk of change for them, and loosing it could mean trouble for the high and mighty MS. Home market consists of three types of people:

1. Clueless users who don’t know any better
2. Gamers who elect to run Windows as a gaming platform
3. People who would love to switch but are locked in
4. People who simply prefer windows

Group #4 consists of MS fanboys, Visual Basic developers, or simply loyal customers who might have tried other alternatives but prefer to use windows for some reason. These people are stuck in their ways and will likely use Windows until the day they die.

Group #3 includes people who are locked into the OS because the software they use for their hobby/creative work is not available on other platforms and there are no good alternatives. Many of them might be open to an alternative OS if they can figure out a way to take their favorite software with them or find an alternative. Since projects such as Wine and Cedega are continuously getting better, and emulation is getting easier, and open source community is rolling out new projects to replace proprietary software every day the number of the people in this group is bound to fluctuate and fall over time.

Group #1 is the most flexible one. A clueless user is usually bound to windows because that’s the OS which came with their computer. They generally rely on relatives, friends or co-workers for tech support and generally don’t know how to use anything other than a browser. They’d be equally confused using Windows, Apple or Ubuntu so you can swap their OS at any time. I mean, if your user doesn’t know the most basing stuff like navigating the file system, copying files or changing basic display settings will it really be a big shock to move them to another platform? They still won’t know how to do these basic things, no? So what is the difference?

As long as they can still get to MySpace and Facebook they will be fine. In fact, a lot of members of this group actually buy Apple laptops these days and use them without realizing they use a different OS. In fact, I recently talked to someone who was convinced that everything looked so different on his new MacBook because it shipped with Vista. This is a market that can dwindle down to zero provided that there is enough computer savvy people out there willing to switch their clueless friends and relatives to a non-windows platform.

Then there are gamers, whose primary reason for using Windows is that it is currently a major gaming platform. What happens to this group when the PC Game market fades away into oblivion? There will be some reshuffling. Some gamers will decide to stick with windows and move to group #4. Others won’t know any better and will move to group #1. Some will remain stuck and will end up in group #3. The rest may jump ship.

Note that each gamer jumping ship may potentially pull several friends and relatives from group #1 with him. Why? Many gamers are computer savvy enough to provide free tech support to their close ones when needed. Enough gamers switching away from windows may whisk away a huge chunk of group #1 sales from Microsoft. This in turn may create a critical mass of Apple and Linux users forcing major software and hardware companies to acknowledge these platforms and make their products available for them. Thus members of group #3 may after a while find themselves unstuck. Perhaps the death of PC Gaming will be a first step towards a better world - one in which no software company has almost complete market monopoly.

Again, this is wishful thinking - sort of best case scenario if you will. Still, being a gaming platform is a major selling point for Windows. Apple marketing has already cornered the “all fun and no fuss, entertainment platform” market. Windows is already viewed as a primary work related OS by many people. If the PC games go away Apple may actually have a chance to crave out a nice chunk the household computer market for themselves. And where Macs go, Linux will follow since both OS’s are of the Unix’y kind.