Thursday, November 20, 2014

Nanowrimo Entry: Mystical Third Tweet [3/2]

A thousand monkeys at a thousand typewriters.

And then a monkey.

A thousand monkeys hammering out the great American novel.

And then a monkey.

A thousand monkeys looking up to take in the sight of monkey 1,001.

And then a monkey.

What is monkey? Where is monkey? Why monkey?


Monkey see. Monkey say.


Monkey howl. Monkey throw shit at monkeys.

Monkey all up in their motherfucking monkey faces.

One thousand dead monkeys.

And then a monkey.

Tuesday, September 23, 2014

Some thoughts on the Steam Store Update...

Steam updated the look and feel of the Store page, along with some fairly major revisions to how things work.

Some things to note:

1) A while ago, Steam altered the tabs on the front page. In terms of what was on sale, you used to see the new releases tab before anything else, then could dip into best sellers. At some point, they changed it so you'd see top sellers first. This used to grind my gears for a number of reasons, and it has been covered extensively elsewhere.

The way the tabs function has now changed again, so you default to "POPULAR new releases". To see what are presumably not high selling new games, you have to scroll to the bottom of the game tiles then click the "See all new releases" button. You're then taken to a feature-bare page of games, but at least you'll see new games which aren't AAA blockbuster pre-orders. As a final note, things like daily deals are currently way down the page.

This all seems like a really bad idea from a "Let me browse and purchase new games with zero fuss" point of view.

2) They really want you to see "curator" recommendations. They seem to be on every game page. These are people who post lots of comments about games on Steam pages. At time of writing, they're ranked like so:

"Right now, top curators are listed by the number of followers they have."

People interested in the Steam recommendations prior to the revamp tended to follow those who were known for their humorous "bag throw simulator" type missives, which is fine. However, now that these things are being pushed en masse across the Steam network whether you want them or not, it simply isn't good enough. If you want to add things to pages, you need to convince me that I want to see it on every single page. They do say that listing by number of followers may change at some point in the future, but in my humble opinion it absolutely has to and fast.

The bulk of the Steam recommendations I see right now are one line joke memes, and people trying to be witty. The result is a ton of "recommendations" which add nothing but clutter.

This game is on the frontpage of the site - look at the listed "review". Look at all of their listed reviews. What's the point of that? Other reviews from different curators: "This looks good but I haven't played it yet" and "this was shown at [videogame conference x]".

Do Steam allow people to recommend games they don't own? They sure do:

"Can I recommend games that aren’t in my Steam library?

Yes, you can recommend any game that is available via Steam."

I suppose the most important question here would be: why?

As a side note, you cannot currently disable the visibility of curators.

3) You can no longer see what friends are playing on the frontpage, or what they recently bought. Instead I'm overwhelmed by recommendations from strangers which I find little value in, or bizarre and broken suggestions from Steam as to what I should buy next. You know how if you click on something humorous on an Amazon page and your purchase recommendations go completely left-field? Imagine that but for videogame recommendations.

I'd rather trust visual suggestions of what may be good or bad based on immediate feedback from people I know than complete strangers.

Overall, I can't say I'm a fan of this rejig. I may well find some more things to add to the short list above, but for now let's see what Valve do with the feedback they're sure to be receiving...

Monday, September 22, 2014

Videogames: The Hacking Minigames Edition

Many moons ago I took part in an episode of Gamespot's Reality Check, on the subject of Watch_Dogs and videogame hacking. Out of that came a shorter segment based around good and bad examples of hacking in videogames. Fair warning: it mainly looks at the trend of turning hacking into minigames, instead of titles which are primarily all about hacking like Uplink.

A couple of games not mentioned up above were given a shout-out in a spinoff blog from way back when.

And yes, I really did sit there for an age trying - and failing - to figure out the hacking minigame in Alpha Protocol. Bonus points for mastering this on a PC with mouse and keyboard. The (rather distracting) mouse pointer which controls the right box often ends up moving outside the terminal screen, resulting in two eyeballs trying to track two boxes and an increasingly distant pointer crawling across a sea of flashing green letters and numbers.

The frequent reward for managing to not get a migraine in the first five seconds is the horribly imprecise mouse wobbling off the intended target just as you hit the button.

Last night I fired up an Alpha Protocol save from the first set of Saudi levels, had some fun with the email feature, the intel purchasing, the loadout screen and the comedy beard.

Ten minutes later I was standing in front of a failed hack attempt, flashing lights and guys firing machine guns from ten feet away and missing while I carefully considered which wall to bounce the mouse off for optimum destruction.

Back into the digital box you go...

Sunday, August 10, 2014

10 Years in Infosec: The Obligatory Blogpost

I didn't intend for the face to face meetup I had with the BBC to turn into some sort of  gonzo summing up of the last ten years of my life, but looking at it - with pictures of Batman and giraffes as you scroll down the page alongside tales of Chunkylover and the Nigerian Astronaut it's difficult not to feel that your life is pretty weird.

Ten years in infosec is nothing, really, given many people have done it for that length of time three times over or more. But when you thought you'd be getting paid money to make bad movies or paint pictures riffing on the best aspects of high renaissance art via comic book sensibilities, it feels a lot longer. I'm a "Veteran" now! I'm old! I might grow a beard!

I'm still pretty new to the infosec scene, but I think I earned my blogger Vet stripes thrashing it out with all those incredibly rich Adware companies of old at a time when hardly anyone else was, and in very public fashion I might add. I also managed to find a near endless stream of "really bad things" (TM) and shone a light on lots of terrible people and practices, which can only help people in the long run so I'm happy with that. I tell you what, that was probably more use to people than me making yet another bad film or a painting of some dudes with their weenies out.

I might still do the painting, whatever.

The one thing I have learned, above all else, is that there is no bigger challenge than sitting down and hammering out a non-stop wall of text spread out across ten years. Ten years! I never thought I'd be doing anything for ten years. I actually often feel like I could have written more blogs and entries and talked about more threats, but unfortunately I run out of hours like everybody else.

A moment of silence, please, for all those infosec bloggers down the years who either stopped or (in one sad case) went missing - writer fatigue and burnout is a very real problem, and when you're trying to hammer out new research info in a field where last week's news is as good as something that lumbered out of the Dark Ages, it's quite a problem.

Writing opinion pieces on anything is hard. Finding new threats and scams to write about on a daily basis, and trying to do it differently every time, and attempting to talk about things that others aren't already covering, is hard. When I look how many research pieces I've put together, more often than not based on something I found, analysed and then bashed into something approaching readable words it's quite the eye opener. I'm genuinely surprised how much I've done.

This isn't everything by a long shot, but as a random sample: 105 blog posts in 2007, 254 in 2008, 208 in 2009 via the old Spywareguide blog. Think about how many research posts someone can get out in one week - from what I see, it's usually about 2 or 3. One time I discovered and then wrote about 43 things in one month. Which is, by all accounts, completely insane. At the same time I was cranking out up to 30 or so posts a month - often on different threads of research - on my personal blog, for about six years. That personal blog finally died sometime in 2010 when I realised I was blog typing my way into an early grave with anything up to 50 posts a month. Whoops.

The words still keep coming, as I leave FaceTime and move to Sunbelt / GFI Software / ThreatTrack Security. As the blog kept changing and moving home, it's difficult to work out exactly how many pieces of research I put out but - and this is a rough guesstimate - around 283 blog posts on the Sunbelt / GFI blog between 2010 and 2012, then somewhere in the region of 100 posts for ThreatTrack between March and November of 2013.

In December, I moved over to Malwarebytes and just realised I have hit 100 posts in 9 months. I think that's pretty good!

All those words end up helping lots of people and steering them away from bad things. We also get to shut a lot of those bad things down and hand out digital hi-fives every now and then. That's good too.

The technical process for shaping those words is an ever changing sea of "what next?" Too many sentences and paragraphs, you lose your point. Not enough, people may assume what you're talking about doesn't matter. I have written long blogs, and will continue to do so when absolutely necessary but I do try to avoid where possible. I'm always looking to remove a sentence, a paragraph, will happily write 300 words then delete the lot if it looks like it isn't needed. I don't need to throw out thousands of words on something when I can get a perfectly functional entry out the door in half the time. 84 words! That's like four sentences! Awesome.

Of course, the reader doesn't need to care about the technical junk behind the crafting of the blog - though I will be giving a talk at a University on that very subject in December (oh my God, I am old!) - but it is something to think about.

Me, I'm thinking I'll hand myself a short pat on the back for having bludgeoned my way through 10 years of sleazy Adware vendors and an endless parade of scams, files and other shenanigans and come out the other side mostly intact and get right back to it.

Also that monster nudie painting is totally going on the wall above the TFT.

Thursday, July 31, 2014

Google+ updates policies, is still a fiasco

Hooray! Google have finally dropped their idiotic names policy on G+. Unfortunately it's a massive hack job and fails in almost every way imaginable.

I'd much rather be called "paperghost" than "Christopher Boyd" on G+. With that in mind, it should be a piece of cake to change it, right? The first problem is a total lack of clarity on the part of Google with regards how to change your details, what works and what doesn't.

A quick look at the Google posts on this one [edit - I had links but in keeping with the G+ tone they've fallen off and don't want to stick] and you'll see the first issue: people simply don't know what to click on to change the public facing name.  You'd think this rather basic info would be right there on the Google posts about this brave new world of customisation, but nope...nothing.

First port of call is trying to change the name in the custom url pop up, seeing as it's likely the first name related thing you'll have presented to you. Unfortunately, it doesn't work...All you can do is add letters and numbers to the name already in the system.

I eventually discovered that custom url fields are not the way to do it, and they won't be changing how those things operate for the foreseeable future.

Seriously, this is buried in blog comments.

I then worked out  - completely by accident - that you change the public facing name by clicking on it when on your profile. There's no onscreen indication that this field can be clicked on, there's nothing from Google giving you this info and looking in settings will only confound you. It's like the anti-mystery meat of web design.

Google then keeps warning you that you won't have the best experience if you go changing your details - no kidding!  - then presents you with screw up number 2:

You're still stuck with first name, last name boxes. As you might imagine, this isn't optimal if your pseudonym is one word long. The botch job workaround is to place a "." in the second box. Confusingly, one Google guy says this is a glitch and will be corrected, even though it says to do this on the official help pages. Also it hasn't been fixed yet.

An additional knock on effect is that the craven claws of G+ are so deeply embedded into all of your Google services that should you change it, that change is reflected across them all.

That's right, Google idiotic decision to cram this junk into all of their products means you'll now be receiving emails from "paperghost. " complete with the idiotic full stop at the end of the pseudonym.

Really? Really?

Get out of here.

Monday, July 14, 2014


Here's the blog about the cool thing I did.

Here's the analysis of that game I'd been meaning to write.

Here's the storify of the fifty tweets about that thing which pissed me off.

Here's the photoblog of the funniest taxi names I've seen in the Philippines.

Here's the alt take on the security conference I went to where I fell asleep during the keynote and missed all the talks.

Here's the one where I embed an instagram pic and describe in detail what I was doing that day.

Here's the one where I got back to writing music and posted up a bunch of my stuff for you to listen to.

Here's the post with all the old board games I found in the attic, including Key to the Kingdom, Ghost Castle and a magnetized Popeye chessboard something or other.

Here's the one where fuck this guy.

Here's the one where fuck that guy.

Here's the fad where I do a return to comics and complain about DC for six months.

Here's the post about Sontarans and strawberries.

Here's my movies of 2012....13.....14.....oops

Here's the one where I tell you I fixed all the missing Posterous images (I haven't).

Here's the one where I tell you I changed publishing platforms (I haven't).

Here's the one with the music I'm now listening to because all my bands went away.

Here's another videogame thing.

Here's the rage post about how utterly terrible ISPs in Manila are when it comes to setting up SIM based internet sticks.

Here's the then and now post about Uplay and how it still makes no sense to me whatever.

Here's the one about the woman who keeps singing in a nearby club with a repertoire of six songs, all of them consistently terrible.

Here's the blog about the upcoming trips I'm going on which I shall surely publish.

Here's the one about the awful "report people recording movies on their phone in the cinema for a reward" adverts, complete with stupid slide whistle sound effects.

Here's the one about the gaming laptop juggernaut that lasted six months then took six weeks to repair.

Here's a top ten list of things.

Here's the one where this post is a lot shorter.

I think that's me caught up now. I'll assume we're cool like Fonzy.

Friday, July 04, 2014

What I bought - and played - from the Steam Sale

The best of the best from the recent Steam Sale. I bought a lot of stuff, but I'm only mentioning things I've played since picking them up.

1) One Finger Death Punch

All you do is hit left or right. "All you do".

If you think your reflexes are up there with Neo then feel free to give this a shot. It's like Space Channel 5 with punching.

2) Doom 3 BFG Edition

You have to understand, playing this game all those years ago freaked me the hell out, even while running it on an underpowered Pentium 2 (or whatever it was). I never managed to get more than a few hours in before saying "nope" loudly and doing something else instead. Weirdly it feels like I'm cheating in the new edition due to being able to wave the torch and the gun around at the same time. I'm too fast. I should be more sluggish. Maybe that's just the Pentium 2 talking.

3) Ghost Control Inc.

Okay, a bit of a cheat here because I don't remember if I bought this in the sale or just prior to it starting. I don't really care, because it's fantastic. Remember the map screen from the old Ghostbusters game on the Atari 2600? Take that and mash it up with XCOM style ghost battles and you have a great little game. I mean, look at it:

4) Super Amazing Wagon Adventure

oh my god

5) Knights of Pen and Paper +1 Edition

There's meta, and there's this. If I have this right, you play regular people dressed as fantasy characters playing  tabletop RPG where they're attacked by fake real fake monsters. Or something. You also gain stat boost by pimping out the Dungeon Master's pad, and it has a TARDIS in it. How do you not own this game, basically.

6) One Way Heroics

Take Groundhog Day, the left-to-right chase mechanic of FTL and a chatty fairy. This is the game you'll end up with. If you're bored of endless yakking with characters in RPGs, you'll love this because it's a little bit like a solo Marathon (albeit with swords and the occasional monster). How far can you run?

With the exception of Doom, none of the above are AAA+ games. To be honest most of the big titles available right now look like they'll bore me to tears so these are a welcome addition to the ranks. I'd ask you what you bought and played, but I'd be amazed if there's anybody still out there.

Is this thing on