The Switchboard is Under Enemy Control

The other day a security bulletin was published and patches released for a vulnerability in DNS — essentially the switchboard protocol of the Internet. This is an interesting case because the exact details of the vulnerability have not yet been released (but are scheduled to be in about a month or so). There’s an article with more detail here, and a little applet to check whether or not you are vulnerable here.

This exploit comes with the potential to do a lot of harm, because only the DNS server needs to be compromised (and can be done so remotely). In essence, it could be the ultimate man-in-the-middle attack, enticing thousands of ordinary users to cough up their personal details without so much as a glimmer of anything suspicious going on. This is undoubtedly the reason why extraordinary measures were taken to allow vendors to simultaneously patch the exploit and try to minimize its impact.

For me, there are a number of concerns here. First, naturally, is the security of my personal Internet usage:

  • Is my machine safe? (Well, it’s completely patched up now, which is supposedly good enough.)
  • Is my upstream Internet connection safe? A bit of Internet research reveals that the Tomato router software I’m running is apparently only vulnerable to DNS queries occurring on the LAN (br0). I took this opportunity to patch to the latest build of Tomato, just in case, although a new one with an updated version of dnsmasq is expected shortly.I assume that my ISP will also get their act together and patch in a timely fashion. If not, I’ll be on the phone with them.

Next up are concerns about the hosting for my personal and business sites. Depending on how a hosting business is run, there may be some additional obstacles that need to be negotiated to get things patched up. For example, Windows virtualization environments may need to have specific patches created for them, because they can’t use the normal Windows Update system. Right now, this front is “in progress.”

(One good thing that came out of this is that my paranoia finally pushed me into fixing the self-signed certificate for my business site, and properly installing it on my home machine. Properly-validated SSL connections should not be vulnerable to any shenanigans that may result from the DNS vulnerability.)

Bear Market

Welcome to the bear market. I still occasionally kick myself for not staying in until Dow 14K, but as of late I feel better and better about selling out awhile back. I know that "market timing" is considered to be hocus-pocus but in this case I feel that I was better off with my money out of the market than letting it ride.

Until things show signs of turning around, I’m just going to quietly sit and let my automatic investments continue to accumulate, and not worry too much about day-to-day fluctuations.

Noel Gallagher Sudden Expertism*

Oasis frontman links videogames to knife violence:

"If kids are sitting up all night smoking super skunk [cannabis] and they come so desensitised to crime because they’re playing these videogames, it’s really, really scary."

* "sudden expertism" being a bit of Ticket lingo describing people who insist that they are an authority on any subject you care to bring up.

1-9

We bought Ticket to Ride on XBLA the other day, and Sandy has pretty much owned me in our (decidedly non-combative) matches. I was 0-9 before I eked out a victory last night. I feel like I have a pretty decent grasp on appropriate strategy for the game (card and route selection), but it never quite gels into consistently good performances. Sometimes I will have pretty poor luck drawing train cards — there have also been one or two times where Sandy has been saved towards the end of the game by drawing destination tickets for routes that she’s already built out (aka free points).

The Gawker Media Style Guide

Succinct, and hilarious. It actually applies to pretty much all Web-exclusive content, unfortunately.

Sprinkle in useless metaphors and orthogonal pop-cultural references.

This is pretty much why I don’t really like Bill Simmons’ writing very much — it feels like he’s just following a recipe for writing, and useless metaphors and/or movie references are his punchline setups.

Catching Up on the Backlog: Phoenix Wright

When I haven’t been playing GTA IV, I’ve been trying to whack another game off of my backlog — the original Phoenix Wright: Ace Attorney. I finished it today, having played the series somewhat out of order — 2, 3, 4 (aka Apollo Justice), then finally the first game.

While having played the series out-of-order probably didn’t do wonders for my recognition of recurring characters in the series, it did give me some interesting insights into the release mindset of the games in the US and abroad. The first game (PW1, for short) was originally released on the GBA in Japan, way back in 2001, and didn’t make its way Stateside until 2005, when the game was ported to the Nintendo DS. An additional case was also added to the DS version, and made use of the touch screen and microphone on the hardware. PW2 and PW3 were also originally GBA games, but didn’t have any DS-specific features or cases (other than basic touch screen and voice recognition features) added to them for their DS releases.

Since my first experience with the series was with PW2, I didn’t realize that there is a considerable increase in difficulty compared to the original release of PW1. In hindsight, the original cases in PW1 are really easy compared to PW2 and PW3 — characters frequently all but point out evidence for you, and the number of items that can be presented in court is much lower than in the later games. The only times I got stuck in the original PW1 cases were in the evidence-gathering phases, where the trigger conditions for moving the plot forward are sometimes unclear.

Capcom must have realized this, and the DS-specific case in PW1 seems like an attempt to make the difficulty jump between PW1 and PW2 easier to handle. The (lengthy) added case involves much more evidence than the original cases, more "trick" sections (where the "obvious" answers are the wrong one, and careful thought is required), and more complicated dialogue sections (where different dialogue sub-trees are revealed based on player choices). There are also more frequent usage of character profiles (which were made presentable in PW2 and PW3) during the trial. These are all significant changes to gameplay in the later games, and the player isn’t specifically "trained" to deal with these in PW2 and PW3, so it seems that the bonus case was used as a way to introduce these concepts to players before the release of the subsequent games.


After I finished the game, I checked online and found some information about the upcoming game Miles Edgeworth: Perfect Prosecutor, a new part of the Phoenix Wright series. There are some videos on GameTrailers for the game, which make it out to be a bit more of a traditional point-and-click adventure (Sierra, LucasArts, etc.) than, for lack of a better term, "static picture adventure" (like Myst). I think this is a pretty good move on their part — a mouse adventure game interface translates well to the DS, and, from a technical perspective, going to that format will probably allow them to create more eye-catching visuals. Plus, after several games’ worth of Myst-like adventures, it’s a good idea to change the gameplay up a little bit — I definitely appreciated how Apollo Justice broke up the traditional gameplay a bit with more DS-oriented minigames and even goofy stuff like the "MASON System."

A US release for the game hasn’t been announced, but my guess is that we will see this it released here. Capcom’s ROI on the original Phoenix Wright "visual novel" engine has to be ridiculously high. (Wikipedia links to a Next Generation article noting that the series has sold 2.8 million units. I assume that the "11 titles" part is due to re-releases and/or localized versions, but still — that’s a lot of coin.) I can only assume that they will be using the Miles Edgeworth engine for additional titles (amortizing the cost of engine development), and with that in mind, it makes sense to try and release the games as widely as possible.

Tooth and Nail

I’ve had some not-so-smooth experiences with rebates lately, which are reinforcing my habit of actually keeping information about rebate submission and checking up on them when I invariably don’t receive them.

First of all, my cell phone recycling rebate didn’t come within the allotted amount of time. I called Sprint, who told me that I needed to call the (separate) company that ran the program. I called them, and they claimed that I needed to specially request a rebate check since I was no longer a customer — in spite of the fact that the rebate flyer, in no uncertain terms, said that I didn’t need to do anything special if I was no longer a customer. Ridiculous. On top of that, they told me to expect a check "in 4-8 weeks," which, if I were a cartoon character, would have precipitated steam coming out of my ears. Fortunately for my blood pressure, the rebate actually came within two weeks, and was quickly deposited before any further mischief could take place.

Second, as an owner of the now-orphaned HD-DVD add-on for the 360, I was entitled to a $50 Best Buy gift card, which, again, was alleged to have been sent without any action necessary on my part. I called them this morning to investigate the whereabouts of my gift card, and, on my first attempt, was redirected to a recorded message repeating the details of the program (which was linked earlier in this paragraph). After the recording played, it disconnected me, and I had to call back (and endure another 10 minute wait on hold) to talk to a human being who might actually be able to help me. I stressed that I already knew the details of the program, and that no action was, in theory, necessary on my part, but that their infallible system had somehow neglected to throw some crumbs my way. This got me another 10 minute wait, followed by a conversation with an extremely helpful representative (not being sarcastic), who noted that the gift card had never been sent, because "it says you needed to verify your address." As in the case with the Sprint rebate, I was initially informed that, because they already had my information on file through their rewards program, that no action was needed from me to receive the gift card. I am now expecting the gift card "within 4 weeks."

I have started setting up Outlook appointments for myself to check up on rebate-related matters — it’s ridiculous that I need to go to these lengths, and I suspect that there may be grounds for lawsuits out there (particularly since similar shenanigans are easy profit), but unless rebate administrators shape up their act, I’d rather be paranoid than never get the rebate that is rightfully mine.

Oh, bonus rebate-related insanity: Fry’s no longer gives you a rebate form with your receipt — instead, they make you go to a web site and print it out yourself! This is such a ridiculous penny-pinching maneuver — they should be ashamed of themselves.

The Grind

I am currently playing the crap out of Grand Theft Auto IV. To get this out of the way immediately — it is not a 10/10 game, it isn’t perfect. It isn’t even close. That said, the middle third of the game is pretty excellent, and the game every now and then does something quite technically impressive (before doing something stupid and immersion-breaking). The dialogue is generally well-written, even if some of the plot elements are rather cliché.

My current goal is to try and get as many of the achievements as possible. The "game progress" percentage reported in-game is a bit misleading — I saw that it was around ~60%, so I figured that I would try to get 100% completion in the game (which is a 100 point achievement in and of itself). After a bit of reading online, I discovered that in order to get 100% completion, you need to grind through some really sub-standard, time-consuming content in the game.

  • You have to win 20 race missions. There are only about 10 tracks, so you’re guaranteed to run duplicates. Each race takes about 5-6 minutes to run, so you’re going to kill a couple of hours on this one. The race AI for your opponents is pretty dumb — what usually winds up happening is that I’ll wind up lapping three or four cars that are stuck, ramming each other at low speeds and never making any progress.

    Also, you can’t shoot your opponents (if they die, you lose the race), and you can’t even do things like race a police car or garbage truck. The bottom line is that the racing missions are not very fun.

  • There are something like 30 "most wanted" missions, 20 "vigilante" missions, and 9 "assassin" missions.

    Don’t let the names fool you — they’re all essentially the same thing. Drive to waypoint, engage and destroy all targets. You would think that the "assassin" missions might involve some kind of Hitman-style gameplay, but they do not.

    Oh, and you need to have a police car to start the "most wanted" and "vigilante" missions — just another meaningless hassle on the road to full completion.

  • There are two completely different sets of "steal car" missions — one for your friend Brucie, and then one for his friend Stevie. You need to steal 10 cars for Brucie, and 30 for Stevie. To make matters worse, the cars ordered by text message from Stevie don’t show up on your map — you just get a description of where they are, and a small picture. You are supposed to hunt them down by driving around the neighborhood and figuring out where it is based on landmarks — needless to say, I just used GameFAQs.

    I optimized my gameplay for getting Stevie’s cars such that each mission took between 5 and 7 minutes (to get to the car, return it to his garage, and then go to my safehouse and sleep to trigger the next text message). I don’t remember how long Brucie’s cars took to get, but overall, let’s say there was probably 4 to 5 hours spent on these missions combined.

    (One side benefit to doing Stevie’s missions is that you can pile up a ridiculous amount of cash doing so, and thereby get the "Half Million" achievement as well. I totaled up the possible reward money for his cars and it comes up to about $400,000.)

  • There are, I believe, 50 unique stunt jumps to perform. I haven’t started on these so I’m not sure how long it will take — my guess is that it will take less time than some of the other grindy stuff, because there’s no setup for these. You can just take your best car out somewhere and jump it.
  • There are no less than 200 "flying rats" scattered around the map that need to be exterminated. Fortunately, they are anchored and don’t move, but still…that’s a lot of pigeons. This is what I’ve started working on — I printed out a list of them and am checking them off one-by-one as they are taken care of.

These sorts of activities really highlight the typical one-note mission design in the game — there simply isn’t much to do apart from shooting things, driving things, and "exploration."

Why am I doing this, you ask? I think there’s a combination of a feeling of commitment for having already gotten ~60-70% progress, plus a desire to simply play through everything now and never have to play it again.

This is not the first time that I’ve played games just to get them over with. There was a phase, after I graduated college, sent off résumés for jobs and was essentially just waiting for the phone to ring. I occupied myself by playing Neo-Geo games on an emulator. I played pretty much any game I could find, including really execrable or unremarkable ones like Cyber Lip, Burning Fight, Legend of Success Joe, and Mutation Nation. (I also played the good Neo-Geo games, don’t worry.) With the benefits of emulation (namely, unlimited "money" for continues), there wasn’t much challenge in many of these games, but I still felt compelled to play them, even the awful ones, just so I would never have to play them ever again. Sounds strange, but it made sense to me.

I feel like that is my current mindset with regards to finishing GTA4 — I want to do everything that can reasonably be accomplished, just so I never have to put the disc in the drive ever again. Whether the creators would consider that a good or bad thing, I don’t know.

The NBA Donaghy scandal grows…

Read this TrueHoop blog entry, which is an interview with a professional NBA gambler. The Tim Donaghy scandal has gotten pretty interesting over the last couple of days, with public allegations of game-fixing (including the playoffs) coming from the "rogue referee" camp. The timing of this, during the NBA Finals, is, naturally, very embarrassing to the NBA. It’s a very difficult situation for them to handle — if the series goes long, say, the full seven games, it will provide another week and a half of damaging media coverage, plus skepticism about the length of the series being the fault of the officiating. Their best hope, in terms of squashing the story quickly, may be to drop the restitution demand on Donaghy (in return for some sort of retraction), and to hope for a short Finals.

The article also brings up the idea of sabermetrics being used as a tool to "beat the odds" in sports betting. This is not such a far-fetched idea — the oddsmakers aren’t really trying to predict the winners of each game, but rather the handicap that will produce as even a betting spread as possible, to maximize the bookie’s take. Sabermetrics, as an aid to sports betting, would be used to find an edge where the odds set are influenced by "inefficient" or human factors — strong public favor for one team, misleading statistics or hot streaks, etc. — and I could believe that there is likely some exploitable edge there.

I find it interesting that Voulgaris’s NBA betting focuses mainly on the points over-under, and that his analysis (at least according to the article) seems heavily weighted towards defensive matchups and offensive efficiency (in terms of possessions). My guess, not having looked into basketball statistical analysis, is that the overall effect of team defense on total score is more predictable than the effects of star players (who may drastically outperform their averages) on the outcome of a game.

InstallShield Wastes My Valuable Time (Which I Could Be Using To Play a Game)

I’ve had to use InstallShield to create installers a couple of times. These were fairly unpleasant experiences — while InstallShield is indeed a pretty flexible tool, it also takes a lot of work to get anything accomplished. Their habit of releasing new versions of the package every year (and completely abandoning the previous versions) makes yearly sports game updates look benign in comparison, and the pricing is pretty outrageous. The company was purchased by Macrovision, and has been renamed under the execrable banner of Acresso Software. I bet somebody got paid a lot of money to come up with that terrible name — probably the same people that came up with Accenture or other word-vomit.

(By the way, a quick look at their home page is all you need to reinforce the idea that InstallShield is all about squeezing every last dollar out of you. "Entitlement Relationship Management"? "Enterprise Software Compliance"? A picture of some smiling d-bag in a suit behind two rows of computer monitors? Bleagh. Oh, and their corporate rebranding has resulted in a web site with broken download links — try downloading updates for InstallShield 5, and have fun!)

As it so happens, yesterday I was trying to install a value edition copy of Heroes of Might and Magic IV Complete (in German, no less). The autorun program on the CD allows you to launch the installers for all three products on the disc. However, when I clicked to launch an installer, nothing would happen. The Task Manager revealed that setup.exe was running, but didn’t appear to be doing anything — it was hung up. Attaching a debugger to the process revealed that it was deadlocked — not good. (I couldn’t tell what function it was deadlocked in, unfortunately…I didn’t have the debugger set up to use the Windows symbol server.) Checking the properties for setup.exe revealed that it was an installer produced by version 5 of InstallShield.

I spent some time searching online for InstallShield problems, and discovered that older InstallShield versions have problems (lots and lots of problems) when running under Windows XP Service Pack 2. Note that this was divined from user postings, not any sort of official acknowledgment from InstallShieldAcresso. Also, one of those posts states that at least one of those problems is caused by an uninitialized variable in InstallShield — awesome. Very confidence-inspiring. InstallShield’s own updater page even skips over the version that built the installer I was having problems with (InstallShield 5), for some reason — it’s like they don’t even want to acknowledge that it ever existed.

Unfortunately, most of the user threads I linked either didn’t have any resolution, or suggested things that didn’t work for me (turning off the NMIndexingService, for example — it wasn’t even running on my machine). However, one suggestion that did work for me was to install the game by booting into safe mode. Yuck.

Just to make sure that all of the relevant details get picked up by search engines, if you are running an InstallShield installer (setup.exe) under Windows XP service pack 2 or higher, and it hangs or gets stuck, run the installer after booting into safe mode and it should work. This definitely applies to InstallShield 5 installers, and possibly later versions. I haven’t tried uninstalling the game yet, but I imagine that the same remedy will be required for uninstalling it.

Now, after spending two hours figuring this out, I might actually be able to play the game! Yeehaw.