when you woke up at a little past 7 or 8 and the kitties were no longer bothering you because she woke up early to feed them and do other stuff and you went back to sleep for some time, only casually noting to yourself the time was getting close to when the roomba would go off— then, it becomes about 9 past 10 and you rouse and get coffee and downstairs there she is busy doing whatever she does that makes you love her so much and you think, man, i could care less about global warming or the slow demise of the middle class and the continuing imperson-ance of technology in our lives and bombing in boston and how long it takes for me to run a distance and she is so pretty in that sun today.
The Most Photographed Barn in America
We drove 22 miles into the country around Farmington. There were meadows and apple orchards. White fences trailed through the rolling fields. Soon the signs started appearing. THE MOST PHOTOGRAPHED BARN IN AMERICA. We counted five signs before we reached the site. There were 40 cars and a tour bus in the makeshift lot. We walked along a cowpath to the slightly elevated spot set aside for viewing and photographing. All the people had cameras; some had tripods, telephoto lenses, filter kits. A man in a booth sold postcards and slides — pictures of the barn taken from the elevated spot. We stood near a grove of trees and watched the photographers. Murray maintained a prolonged silence, occasionally scrawling some notes in a little book.
“No one sees the barn,” he said finally.
A long silence followed.
“Once you’ve seen the signs about the barn, it becomes impossible to see the barn.”
He fell silent once more. People with cameras left the elevated site, replaced by others.
We’re not here to capture an image, we’re here to maintain one. Every photograph reinforces the aura. Can you feel it, Jack? An accumulation of nameless energies.”
There was an extended silence. The man in the booth sold postcards and slides.
“Being here is a kind of spiritual surrender. We see only what the others see. The thousands who were here in the past, those who will come in the future. We’ve agreed to be part of a collective perception. It literally colors our vision. A religious experience in a way, like all tourism.”
Another silence ensued.
“They are taking pictures of taking pictures,” he said.
He did not speak for a while. We listened to the incessant clicking of shutter release buttons, the rustling crank of levers that advanced the film.
“What was the barn like before it was photographed?” he said. “What did it look like, how was it different from the other barns, how was it similar to other barns? We can’t answer these questions because we’ve read the signs, seen the people snapping the pictures. We can’t get outside the aura. We’re part of the aura. We’re here. We’re now.”
We drove 22 miles into the country around Farmington. There were meadows and apple orchards. White fences trailed through the rolling fields. Soon the signs started appearing. THE MOST PHOTOGRAPHED BARN IN AMERICA. We counted five signs before we reached the site. There were 40 cars and a tour bus in the makeshift lot. We walked along a cowpath to the slightly elevated spot set aside for viewing and photographing. All the people had cameras; some had tripods, telephoto lenses, filter kits. A man in a booth sold postcards and slides — pictures of the barn taken from the elevated spot. We stood near a grove of trees and watched the photographers. Murray maintained a prolonged silence, occasionally scrawling some notes in a little book.
“No one sees the barn,” he said finally.
A long silence followed.
“Once you’ve seen the signs about the barn, it becomes impossible to see the barn.”
He fell silent once more. People with cameras left the elevated site, replaced by others.
We’re not here to capture an image, we’re here to maintain one. Every photograph reinforces the aura. Can you feel it, Jack? An accumulation of nameless energies.”
There was an extended silence. The man in the booth sold postcards and slides.
“Being here is a kind of spiritual surrender. We see only what the others see. The thousands who were here in the past, those who will come in the future. We’ve agreed to be part of a collective perception. It literally colors our vision. A religious experience in a way, like all tourism.”
Another silence ensued.
“They are taking pictures of taking pictures,” he said.
He did not speak for a while. We listened to the incessant clicking of shutter release buttons, the rustling crank of levers that advanced the film.
“What was the barn like before it was photographed?” he said. “What did it look like, how was it different from the other barns, how was it similar to other barns? We can’t answer these questions because we’ve read the signs, seen the people snapping the pictures. We can’t get outside the aura. We’re part of the aura. We’re here. We’re now.”
imagine that what you did today was perfect
and so maybe i should explain myself a little bit. there was, to my recollection, an urge to be a writer of some sort, an urge to spend my life creating strings of words which others might enjoy stringing together in their heads. there was, to my recollection, an abandonment of this urge. this is the most photographed barn in america.
how life works, when it is ok
Work stops at sunset. Darkness falls over the building site. The sky is filled with stars. “There is the blueprint,” they say.
on effing sisyphus:
So I’ve been working on a game for a little over 3 or 4 months ( of which some of you may have seen glimpses of on twitter ) provisionally titled ‘Go Sisyphus Go’ and it is based upon my particularly fallible interpretation of the myth of the ancient Greek king Sispyphus who, among other notable acts, was condemned to rolling a rock up a mountain forever.
link to the game for those who don’t feel like reading too much
And so I’d like to share this rather alpha version of the game with you, since I believe you can all give me some pretty valuable feedback on what I’m trying to do before I start heading towards final development of the game.
Because I’m currently the only tester of the game, it is by default very hard. You really have to mash the keyboard to get ole Sisyphus trucking up the mountain, and that is pretty much because I’ve gotten really good at the game and I end up having to test its limits. I’ve changed some settings for this release to make it easier to try out, but I apoligize if it still seems pretty hard.
There’s a few quirks and bugs I’ll note here:
-layout on interstitial screens doesn’t always look awesome or even usable at all
-every so often the big bug I’m trying to squash shows up. This will probably happen to you ( see screenshot attached ). I’m working on it. If it happens to you, refresh the browser. ( definitely still in alpha … )
-physics and character animation are just not finished at the moment. If Sisyphus looks jumpy and stands on things that are not ground, that is not your or Sisyphus’ fault, but instead mine.
-copy on interstitial screens in part for placement only, part finished. comments welcome.
-you’ll see some debug messages and such in the upper right hand corner. They kind of help me in development but they might look weird to you.
-whatever you all find
So, if you find yourself wanting to try out the game and provide feedback, I would be quite happy — regardless of your experience with it. Let me know with any bugs, suggestions, screenshots, or fundamental existential issues of your own. Not sure I can fix everything, but I’m most usually happy to listen. And for those of you with the acumen to have made it this far through such an email, here is the link to the alpha testing site once again:
a brief account of things I don’t understand
a: laptop dies, laptop lives
there was once a laptop i had, a Dell of some sort, Inspiron, i think. maybe the 4400 model. it was an ok laptop. i did a bit of hacking and installed OSX on it. for a brief time, i used it even as my development machine as a freelancer. unfortunately, however, one Friday night a cat named ‘Larry’ decided to spill my beer on it. Larry has been forgiven and the computer still ran okay, but after that the wireless never worked, even after replacing the wireless card a couple of times. The battery was also null, so I had a laptop that needed to be plugged in at all times and also didn’t have wireless- it needed an ethernet connection. It might as well have been a desktop computer.
Fast forward 1 year, and I buy the laptop of my dreams, one of those black iBooks. Wonderful computing. I couldn’t describe accurately, ever, what that machine taught me and what I learned while using it. The Dell hack is gathering dust in the closet.
Now 2 years later. It is a hot night in June. I go to bed as normal, leaving the black iBook playing some music. When I wake, the laptop is dead. There is water seeping from it and there is no apparent source of water. I look at the ceiling. I look at my desk. Where the water came from will be one of a few things I will forever ponder until my death. If my cat could speak I would ask him about what happened, but that is not possible. The laptop is utterly ruined.
The ensuing evening. I come home and want a laptop to work with. The machine of my dreams is fried to the core. And so I poke in the closet and pull out the Dell to see if it boots. It boots faster than my dream machine and everything works - even the wireless connection.
I’m not sure why the wireless functionality returned to that laptop. There are no empirical data to point to other than the fact that at one point the wireless stopped working after a cat spilled beer on it, and 2 or 3 years later, the wireless began functioning after another laptop had died.
A small part of me thinks that there is a ghost of some sort whom inhabits the computers I interact with, a ghost with all kinds of powers that I do not understand who kind of messes with me but always makes sure I’ll be okay. The other part of me, it just doesn’t know what the fuck is going on, what this world is, what anything.
b: id disappears, bus card appears
for the longest time, I didn’t have a metro transit bus card. it was mostly because I was lazy, but because of that I always had to have 2.25 in cash to ride the bus- it was a mess to always be sure you had that kind of cash when you needed to ride the bus.
and so about 4 months ago I finally got the metro transit card and it was so awesome. instead of getting on the bus and trying to shove two crumply dollar bills into the hopper along with a quarter, you just put the card next to the thing and it beeped and you were just another grownup riding the bus downtown.
I loved that, I had about 40 dollars stored on the card and I micromanaged that shit so I would never go through the experience of trying to put my card next to the thing and having it make a bad beep. One night, however, it disappeared. I scoured my apartment on several nights in search of it, and never found the card. The search party resigned shortly thereafter.
monday, memorial day and I’m kind of drunk going over to Joe’s. There’s grilling going on, and I think I took a lot of sun while drinking more. Later we go inside and smoke some weed, and by the time I leave I am not quite fit to ride a bike, though this fact is lost on me.
on the way home I fall a few times and injure myself in various ways. there are moments of that ride that are unclear, but i do not remember discovering my bus card.
in the morning, I am very hungover and it is 8 and i need to go to work. I don’t have any 1 dollar bills, only 5’s and 20’s, no way to pay 2.25, but sitting on my desk is my bus card, un-vanished from nowhere. I take it and getting on the bus it beeps and has 37.75 on it and when I get to work I’m quite the ninja, as normal.
The only problem is that my id has now disappeared, vanished to wherever my bus card had been resting. This re-enforces my personal conviction that I don’t know shit.
On average, it is better to have my bus card rather than my id. I’d love to have my id back, but I’m not sure what I’ll end up trading for it.
c: not finished, but something about the photo of maran’s grandpa. maybe she can write about it.
Another bountiful morel harvest (from my yard) this spring!
If your life isn’t guided by your morels, then something something ( bad pun with morals vs. morels )
(Source: existentialquantifier)
making a leaderboard
I’ve thought about security and cryptography and flash before, enough to think I could create some crazy new encryption scheme that would disallow the decryption of media files you want to protect( .swf, .jpg, .mov, .mp3, etc.. ).
Fortunately, a very wise friend of mine did his best to discourage me from getting into the whole deal, and so I never got around to not having the genius to do that.
Lately, however, a game I’ve been working on has me thinking again about the subject in a more mature manner. The game has levels, the amount of time it took to complete a level, scores- a bunch of stats I want to share with a server and store in a database.
Easy enough, right? Just sending text around the internet until you remember that most flash games you’ve ever had, if you look at the leaderboard there’s a bunch of bunk results.
And so how do people score 1 gatrillion points in some online game? Well, hacking, mostly, and not having anything better to do, but I’ll step over that issue. So, how do we prevent this? It turns out that the answer is more complicated than I ever would have thought.
The basic setup is this:
client-> has a .swf file playing in a browser
client->communicates with server
server->processes response, stores in database or whatever app logic
server->sends response to client
And the problem at its basic level is that if a person takes to studying your application and its communication with the server, they will find out the method signatures of your server side code, just by analyzing the requests your client side application makes, and be able to spoof them with whatever tool they have handy.
For example ( but simplified ) maybe you have a .php script on your server named processScore.php:
<?php
$userid = $_GET[‘userid’];
$score = $_GET[‘score’];
$insert = “INSERT INTO results ( userid, score) VALUES ( ‘$userid’,’$score )”; // or some query
//data logic
?>
In your application, you’d call the URL ‘http://whatever.com/processScore.php?userid=12&score=1000, and doing so would update the results table on your server’s database. Unfortunately, or fortunately ( depending on how you look at it ), with the right tools, your client is capable of seeing not only this request being made, but also your server’s response to it. So if they wanted to change their score to 8 billion, they could just type the following URL into the browser: http://whatever.com/processScore.php?userid=1337&score=8000000000 and that would be that.
If you’re using POST variables they’ll do something a little different, but with the same result. Either way, the world will know what methods you are calling, and what kind of variables you typically send to them, and with that knowledge they can try and haxxor their way into your stuffs.
It took me a while to understand this concept completely. At first, I thought- well, I’ll just encrypt my .swf with a private key of some sort, and any client->server communication would need that key to do anything. Unfortunately, there is no amount of obfuscation I can do on a .swf file ( or, in terms of using Javascript the source is all there anyway! ) that can restrict others from reading a private key of mine. Relying on a security like that would be obscurity.
And so I didn’t really know what to do until I came upon a post about just this subject from 2008 or so, the suggestion was a little involved, but it boiled down to the idea of leaving important application logic only to be calculated by the server. Anything you don’t want hacked should not be determined by what the client could possibly input- and you should consider that a possibility in any variables you accept from the client.
The more detailed suggestion I mentioned earlier is that upon any requested change of the application state (say, we want to update our score to a million ), the client requests a key from the server regarding that change. The server creates an md5 or some shit of that change and stores information about that whole exchange in the database, and tells the client- “Hey, if you want to change this thing, you’ll need this key to do it”. On the request side, a client would need to send this key to change anything.
This here is already one level of security abstraction past my well-being, but I think it makes sense in general. but it does get deeper. This little key system we’ve set up might not be as secure as we’d hope. Since the key you send back to the client will be viewable by the client and all, well, they can use that key.
So why the hell are we using a key in the first place?? THE KEY IS THERE, AND THEY CAN USE IT IF YOU SEND IT TO THEM!. All very true.
What I ended up doing was based on the key system, but, as I stated before, any important application logic is done by the server rather than the client. In this way, we can take any client data and sanitize it before committing it to mysql memory.
One example of how this is implemented is in how I measure how fast a level was completed. In this example, I take as a given the client’s reporting of their level time ( denoted by $_POST[‘time_taken’] ), and use the key system to verify the sanity of those results before going forward.
function levelUp() {
$requestHash=[‘requestHash’];
$purportedTime = $_POST[‘level_time’];
//check if there are any requests that have been made to be made?
$requestQuery = mysql_query( “SELECT * FROM requests WHERE hash=’$requestHash’” );
if( $requestQueury ) {
//if you even have that hash, let us sanitize
//lets say we have a row
$row = $requestQuery( mysql_fetch_assoc)[0];
//and a time when it was initially made
$startTime = $row[‘startTime’];
//calculate the time that the server think it all took
$now = getTime()[0];
$serverElapsed = $now-$startTime;
//compare the time elapsed on the server with the time on the client
$difference = abs( $serverElapsed - $purportedTime );
//if the difference in not expected
if( $difference > 10 ) {
echo “maybe haxxors?”;
}
}
}
So, it seems like while this method might restrict people who would try and say it took them less time than it actually did from doing so, given that they don’t lie in differences of more than 10 seconds. If they want to hack this shit and improve their scores by in small margins, well- here is the front door, and you are welcome.
Other application states are more difficult to send. It is ( somewhat ) easy for the server to detect whether the time you spent on a game level is close enough to the time your client sent, but to store other user interactions in a database might require more logic on the backend. If the application tells you it’s average speed, your server logic may want to first, check if that average is sane ( as compared to other entered values ) and second, check if that average is sane ( as compared with your previous averages ).
But even doing the previous two steps so would not guarantee full security. In the previous example, a hacker could start submitting results for an average score, but slowly over time increase the value they submit. In that way, they could escape the detection of of an average score fraud detector, and slowly raise their average speed to unsafe limits. to which I would say et tu or something.
All along I feel like I’m missing a step here. How to design applications that communicate with the server, in a secure way, when the source for your application is ready for download or decompilation? Is there any private key system for this? Am I doing something wrong? Is there a better way to be secure, because this is getting rather obscure.
I’m just trying to make a fucking leaderboard. What am I missing?
miko is almost always right
“Well, we no longer have a day. Or even a broadcast news morning/evening headline cycle. We wanted up-to-the-minute information sharing, and we got it, and the casualty is that we now have no time to do proper and thorough verification before sending that information out. News reporting isn’t even history’s first draft any more - Tweets are, and Facebook posts, and satellite uplinks with no identification of people or places, and fuzzy recountings relayed three or four times from people on the ground, emotionally scrambled, and their commanders, and those commanders’ commanders, and the people responsible for telling us. There’s going to be some noise in this signal, and it does take time, and knowledge, and sense, to sort it out. We never got perfect news reporting - the available information always changes as time goes by - and we have even less perfect reporting now, because we’re getting a lot of information raw, unvetted, unsorted, unconsidered, unclear.”
miko
a note to me i found, written a couple months ago
//this is the worst peice of code i’ve ever written
//NO CONDOLENCES!!!
//if( _mountainPoints.length < 100 )
// return;
// dear self: solve problems in the code rather than trying to avoid them
// by solving less simple problems
the periphery and the rest at the same time
i woke around 4 this morning and smoked a cigarette,
drank some water and looked at my computer.
why awake? went back to bed and had some dreams.
my younger brother fell off a 15m cliff in the first dream,
and then I was jogging in a new golf course with an
old coworker when we came upon my cousin whom
i congratulated for making his wife with child
and woke up again. still only 5:23 and the cat is starting
to get clever in his desire for food. step on the bladder,
lick my nose with nasty breath, lick my eyes, purr as
if he loves me, back to sleep and now my youngest brother
has jumped off the same cliff, and they’re both un-harmed.
i jump too, but more safely and survive the whole dream.
7:00 now on monday and I shower. the drain is clogged bit so
there’s about an inch of water in the tub when I get in. my nose is also
clogged and i blow it and then theres a bunch of boogers in my shower
water i’m standing in and i’m not really all than happy with that
but i can stand away from my old boogers and still get the main
thrust of water from the shower head without touching them. I clean myself
and end up actually shaving and i look at that mug of mine
in the mirror and i’m like, holy shit, whatever visage i see in the
mirror is kindof a person going off to work today and why did my younger
brother fall off the cliff in my dream, what happened to dave and yui
and paul and what happened after I fell too besides waking
up and taking a shower
and so after dressing, walking down the three flights of stairs to the bus
i began to feel a bit light-headed and how am i going to work today
in this condition, whatever, go down the stairs.
have a cigarette 30 meters from the bus stop because i don’t want them to have to inhale that.
the bus comes and i’m ready for the week.
and this monday i’ve chosen the right bus because all the cute girls
with no rings on their left hands are boarding today, i’m not sure why.
usually its only one or two of them but today there’s over 10 and i don’t know which one to think about.
on 28th st. another 2 cute girls get on and i’m not sure what’s going on.
then a larger man chooses the seat next to me and I kind of squish up so i don’t bump into him.
his phone starts going off and he announces to the bus that, oh, his alarm finally went off, and it’s time to get up!
and looks around the bus for smirks, but he’s not done yet.
time to wake up! he exclaims to all of us, and when no one responds he exclaims louder, time to wake up!
You may think you’re riding the 4 to work, but you have not woken up yet and you won’t make it to work until you stop dreaming.
I couldn’t see him in my periphery, but I could tell he was looking around for supporting nods
and i made eye contact and he asked me why everyone was still sleeping.
I told him i didn’t want to yet awake from the dream, that I don’t ever want to do so,
and he seemed to understand me and didn’t really bother the rest of the bus from there on out.
after this gentleman’s questioning, i was generally confused
for some of the bus ride about whether i was dreaming or really alive and all those rabbit-holes
that have so torn-apart my intellect since i first learned to pray,
and it wasn’t until i finally drank some coffee that i began to feel better
about whatever it was i was was worrying about and just get some work done.
