Security Through Isolation

May 21, 2013 at 9:54 am (One Comment)

They say no good deed goes unpunished. In internet hosting, that’s almost always the case. For the last fifteen years I’ve had servers that I’ve given friends accounts on. At first they were co-located machines I built by hand, then leased servers, and now cloud VMs. I hosted friends and family’s blogs, sites for activism causes that I or friends believed in. I’ve even had a web site of a well known Silicon Valley venture capitalist on there.

Unfortunately whenever you do that, especially whenever you hand out accounts or host web applications that people were once enthusiastic about but then moved on from, security is going to become a problem. A few months ago while doing maintenance on the machine I noticed that an account for someone had been logging in, except it shouldn’t have been, since I created the account while trying to troubleshoot a problem that we solved another way. But there it was, in the last login log. Digging into that directory I realized that the password had been simple (in the heat of troubleshooting you don’t always make the best decisions for security), and someone had brute forced the SSH login. The machine had been compromised and used as an IRC bot host. How very 1997.

Today I decided to migrate between cloud providers. While I could host all this stuff for free at HP Cloud, but I do some dangerous stuff in the context of my account, and it’s nice to have a stable VM elsewhere. It’s also nice to see what the competition are up to. I’d been hosting this VM at Rackspace ever since they bought my preferred VM provider, Slicehost, but while poking around pricing I realized I could cut my monthly bill in half if I migrated to Linode. I’ve always admired Linode’s geek-friendly control panel, ever since surveying the market while designing the beta versions of HP Cloud’s. I was also on an ancient Ubuntu 9 version at Rackspace, and this would be a good opportunity to upgrade the OS and software.

After copying all the home directories and web sites over, I did a last pass to pick up any straggler processes. These usually live in cron jobs, so that’s where I went looking. Lo and behold, an account I’d setup for a friends mom to host her business web site had been compromised at some point. Another bot. Joy.

Fortunately her web sites had long since been migrated off the server, so I was able to disable her account (and remove the stashed authorized_keys file with a bot installer in them) and a bunch of others I knew wouldn’t be used, but it really goes to show how vulnerable these machines can be. Who knows how they got her password. It might have been an easily crackable password, it might have been a web script compromise, it might have been an email exploit. More than a few of these usernames and passwords are sitting in mailboxes or in saved FTP connection files on easily crackable machines.

Two weeks ago I got an email from a former client. We built a pretty complex web site for her in 2003, lots of bells and whistles. It’s held up pretty well, but it hasn’t had any serious maintenance work in a lot of years. She’d gotten a call from the FBI, saying that data from her web site was circulating in Russia. Fortunately it was just an exported mailing list, not encrypted passwords or other secure data. In her case I think one of her employees had either an easily guessable password, or a trojan was installed on her computer that logged her keystrokes. How do you guard against the guardians? Nobody was thinking of two-factor authentication for small business web sites in 2003, but the next time I build one, I sure will be.

Sharing accounts on a machine, or having admin accounts into a web based system is an inherently insecure thing. The more keys there are to a lock, the more likely someone you don’t want to have one will get one. I created user accounts on our shared server because that’s how you did it, back in the day. Create a user account, setup a directory for the web site, add a database for them, and let them go. Now we have linux kernel exploits that let anyone with user level privileges become superusers. Adding random accounts to systems and handing out the passwords is an insane thing to do.

So the only hope we can have of having any kind of security is by shrinking the permissions scope down. When everyone has user accounts on a machine, that entire machine is vulnerable. When everybody has a small VM, only that VM is vulnerable (usually). Even better, give them a single-process Linux Container, like those managed by docker.io, and suddenly they don’t even necessarily need to manage dependencies anymore.

I’m sure docker has its own set of security issues, but hopefully we’re more cognizant of them now. Don’t create unnecessary user accounts. Use password protected SSH keys. Don’t re-use ssh keys. Keep your dependencies up to date. Watch the security mailing lists. It really starts to sound like something the hosting provider should be doing…

So I think there’s a real opportunity here for a trusted IaaS operator to create a generic Linux Containers As A Service offering. Push down one level from VM into Process. Bring your own docker image, buy a set amount of RAM (say, 128 meg for a big PHP or Python process) and bill by the minute. Route them inside of the machine through some kind of nginx or go based proxy, like CloudFoundry does, but a little less specialized. Something between CloudFoundry and an IaaS VM. Upgrades in CloudFoundry are a pain. If I could just shuffle a docker.io image around, that’d be way easier. Oh, and don’t sign up for too many hosted services. Each one of those you use is like another shared account, and the more you share your data with, the more likely it is it’ll be exposed. Build small, build focused.

So back to security. This is a plea to all those who have friends who’ve given them accounts on servers, or people who run servers and create accounts for friends. I know the complex password requirements are a pain at work or on bank web sites, but they’re really even more important in less maintained environments. Nobody’s watching that shared server, keeping it water tight is a shared responsibility. If someone creates an account for you, change the password immediately. They won’t remember to go delete it if you end up not using it, and if they set it to something simple, there’s a good chance someone will be able to brute force it. Don’t store passwords in plain text anywhere. Don’t email them to people, or have people email them to you. You’ll be happier in the long run if you don’t. Use best practices, and save us all some heartache.

Book Review: The Rapture of the Nerds by Cory Doctorow and Charles Stross

May 10, 2013 at 9:22 pm (No Comments)

The Rapture of the Nerds, Cover I hate to admit it, but The Rapture of the Nerds is a book I thought I wouldn’t like. It should have been a must read for me, but I waited quite a few months before picking up a copy. It’s by two of my favorite authors, Charles Stross, creator of the Laundry books and the excellent Accelerando, and Cory Doctorow, author of Little Brother and generally good guy. Cory’s even shown the good humor to let me bot-ify him, which is a project I need to get back to. I was just… worried.

It may just be my religious upbringing, but the title of Rapture of the Nerds carried a ton of baggage with it. When you couple the singularity, which has gotten beaten up a lot lately, with a religious concept like the rapture, from these specific authors, it seems like a recipe for some lets-make-fun-of-the-utopian-nerds riffing. That’s kind of in vogue these days, so it isn’t too much of a stretch to think you could make a novel out of it. Reading a whole novel of that really didn’t appeal to me, but it turns out the book isn’t about that.

While there’s undoubtedly a subtle undercurrent of it in The Rapture of the Nerds, what we really have is a tale of a luddite’s gonzo journey to the heart of the post-singularity, complete with mommy/daddy issues. You could call it Boy Meets Post-Singularity World, and that would probably be more accurate. There’s some gender morphing, militant deep south isolationist conservatism, hyper-intelligent ant farms, and bio-tech viruses. There are also a lot of scenes in courtrooms. All in all, par for the course for a world where technology makes anything that can be imagined happen.

The Rapture of the Nerds really reads like a looser Charles Stross novel. His space opera titles like Saturn’s Children are usually really tight, this one’s more loosey goosey like a Laundry novel, probably the result of bouncing back and forth with Cory. If Cory’s written much beyond-the-horizon sci-fi, I haven’t read it, so this novel seems more Strossian than Doctorowian to me. I think some of the flavor may have bled from or to The Apocalypse Codex, as well, given that novel’s bad guy. This book seems more brainstormed over lots of pints down at the pub than carefully planned.

There’s a lot of the third act of Accelerando here, or the first bits of The Quantum Theif, if that makes sense. A good chunk of the novel takes place in… well… cyberspace. There’s a love story, and a happy ending, both things I appreciate (I’m looking at you, Paolo Bacigalupi.). It’s a lot better than I was worried it would be, though it probably isn’t either of their best. There’s a post-singularity Lovecraftian dread throughout this book that Stross has really nailed with the Laundry novels. In this book it isn’t so much defeated as just… survived.

If this sounds like something you’d enjoy (and I’d certainly recommend it if you like gonzo post-singularity fiction), you can pick up a copy at the usual suspects.

HP Tech Con `13: The Magic Kingdom

May 9, 2013 at 3:33 pm (No Comments)

After I joined HP two and a half years ago I started to hear tales of a magical event. Tech Con, a technical conference for the top technologists in the company, showing off the best and brightest innovations of the year. Moonshot servers, 3D displays, that kind of thing. One guy on our team had gotten in on an honorable mention a few years before. Nobody ever went to present. Not from our small corner of HP, anyway. But we could always dream.

To get in to Tech Con you have to write up an innovation you created, and then compete against nearly two thousand other proposals for one of less than 150 poster slots. Out of those poster slots, fewer than 50 get speaking slots. To put this in perspective, HP has 320,000 employees, more than 70,000 technologists, less than 1,000 get to go to the conference and fewer than 50 get to stand up on stage and talk. HP Labs is always well represented, innovation is their lifeblood. HP Cloud… had never sent anyone.

Last year I started working on something pretty cool, so a logical step while applying for a patent was to submit the innovation to the conference. Fast forward a few months to late February. While sitting on the couch at the end of a long day, I was checking my email on my phone and a message popped up. It was an invitation to Tech Con. Even more mind boggling, after I re-read the email for the third time, I realized I’d been invited to speak. Queue the montage of presentation creation, practice, tweaking, throwing the entire presentation away, starting from scratch, practicing, tweaking, etc.

You can read about what other HP People higher in the company than me have to say about Tech Con: HP’s CTO Martin Fink highlighted it on the HP Next blog, and HP Fellow Charlie Bess has posted about it. For those who haven’t had a chance to go to an event like Tech Con, a big, technical company event, I’d like to give a brief rundown of what it’s like, since it can be a once in a career experience.

Tech Con this year was in Anaheim. The location is a closely guarded secret before the conference, because it’s chock-full of company trade secrets and unreleased products. We were at a hotel a few minutes from Disneyland, and HP had booked nearly the entire thing for the conference. There were a few vacationers, but pretty much everyone you saw was wearing the HP Tech Con lanyard. Even our room keys had the conference logo on them.

Tech Con is a conference where you work hard and play hard, in as compressed an amount of time as possible. We all flew in Sunday afternoon, and then had a reception and dinner that evening. Being a teleworker I don’t get to see HP at it’s most mind-bogglingly huge, but this conference went all out. HP logos on the walls, HP banners, even HP napkins. When you work in a little 350 person department in the cloud it’s easy to forget that the company makes paper, ink and printers of all kinds. (Not to mention servers, PCs, storage, networking, software, services…)

The conference is a mix of formal presentations and academic style poster sessions. During the poster sessions my co-authors from HP Cloud and I got to stand in front of our poster and talk to technologists and executives from all over HP, discussing how we could work together, explaining our product and getting some really great feedback. HP’s COO (and our boss’s boss’s boss’s boss) even dropped by our poster and talked with us for about 20 minutes. It was amazing to get that level of recognition, and I think I managed to not completely embarrass myself. Meg Whitman was on the poster hall floor, but unfortunately didn’t get to where we were. She did talk to all of us, though, which was great for those of us who aren’t from the bay area and don’t see her regularly.

There were two blocks of scheduled activities, the first an outing to the Queen Mary that I missed to spend more time with some fellow HP Cloud folks (though everyone I talked to said it was really fun), and second an activities slot with things like whale watching, art walks, and the Warner Brothers studio tour, which I went on.

The highlight of that tour might have been seeing a real Nerd Herder from the TV show Chuck, but we also got to see the main set for The Mentalist, which was really cool.

I gave my talk Wednesday morning to a nice, big crowd, had some great QA, and then talked to a bunch more people at our final poster session. It was great to hear from people who’d had 30 year careers at HP working on amazing products that they totally got our thing and thought we were on the right track. That’s the kind of affirmation that can only come from a smart, diverse group of people like those at Tech Con.

Tech Con is a highly confidential conference, and they take IP violations really seriously. I wanted to bring my poster home, since it was really pretty, and would go really well with my Whole Foods Market Milk poster. I had some people ask about the possibility on my behalf, but apparently after the last session they were going to lock the door, ship them all back to Palo Alto, show them for a few days, then cut them up, boil them in acid, burn them, and bury them in the desert. Oh well.

The conference wound down Wednesday afternoon, but I managed to walk over to Disneyland with one of my coworkers from HP Cloud to get souvenirs for the family, having a nice chat on the way. The highlight of the conference is really those times, getting to talk to people you work with, or people from other parts of HP that you never have contact with. I had conversations with people from Australia, the UK, Germany, India, China, Italy, Israel and Brazil. It was really, really cool.

Thoughts on Digitally Native Artisanal Artifacts

April 29, 2013 at 2:34 pm (No Comments)

Tucked away in a corner of a bustling storage depot in the halo of the San Francisco bay area is a metal shipping container. Nestled inside that container, surrounded by the furnishings and bric-a-brac of a contemporary urban life, is a small, silver figure. It is the only one of its kind in the world. It is the result of a nearly 20 year design process, distilled through three minds from a short collection of descriptive words. It is also the future.

A Little Backstory

It’s good to have friends who understand you. I like to try things. I like to pick up new technologies and roll them around, get a feel for their heft and texture. This often involves doing a project, but these projects can sometimes be a little weird. Finding good natured co-conspirators really helps.

For the last few years, Matt Sanders has been my target guinea pig. Matt is perfect, because we’ve diverged paths enough he doesn’t know everything I’m up to. However, we spent years in the trenches together, so I know him pretty well. If we saw each other all the time there might be an obligation tied to the things I come up with, and that would make it weird. Matt also happens to enjoy the artistic and technological, so I know the fundamental concept of the attempt will be appreciated.

In 2010, I got Matt a rap song for his birthday. DJ Brixx, a friend I met through an electronics comparison shopping project wrote and recorded it. Brixx lives in the Philippines, and once professed a desire to eat at the Cracker Barrel. He’s a crazy guy. You meet crazy people by trying to do crazy things and finding the people who are willing to go along for the ride.

Ideas

The rap song set a high bar, but sometime in 2011 I was driving up Loop 1 with Irma, and realized that I could top it by making the virtual real. I could create a small figure of one of his RPG characters. Years ago, starting in 1994, Matt and I spent a lot of time together in an Internet-based text-based role playing game called Ghostwheel. I’ve talked about it a couple of times before. In Ghostwheel you describe yourself, what your character looks like, and what it’s carrying. I had been looking into creating 3D models of the Dust Bunnies characters, and knew that there were freelance 3D modelers out there who were experienced at character design. Shapeways let you print things in metals, including a very nice sterling silver. So the pieces were there, I just needed to get it done.

Production

I ended up working with a 3D modeler named Bhaskar Rac. He had worked at a video games studio, and had a good feel for character design. We did a contract through oDesk, which handles payment and taxes and whatnot. I sent Bhaskar Matt’s character’s description, some photos of him for general reference, and some sample pictures of the things he had on his person.

After a few days of discussions about Fallout and thematic inspiration, Bhaskar sent back this sketch. A few days after that he followed up with a draft 3D model. I thought it was awesome, so we tweaked a few small details, and I uploaded it to Shapeways New York manufacturing facility.

Shapeways prints their sterling silver models in a three step process. First they print the model in wax using a high resolution 3D printer. Then they submerge the wax model in liquid plaster to make a mold. The wax is melted out and molten silver is poured in, resulting in the final piece. It produces a very high level detail, and is a process often used for jewelry. It also works really well for anything small you intend to last for a long, long time.

A few weeks later, this appeared in the mail:

Reflections

The little 2 inch high figure is now in transit with the rest of Matt’s stuff as he moves to San Francisco. The digital model exists, but no other physical traces grace the earth. There is only one. Unless Bhaskar sketched out something on paper, it’s the only physical manifestation of this entire project. That’s a pretty weird thing.

If Matt were to somehow lose the figure, if someone broke into his house or if there was a fire, or someone unleashed a bio-engineered virus that only ate silver, we could print another one. As part of the “gift” I sent him the 3D file, so if he wanted he could populate his house with tiny Matt figures in every size and color. He could open source it, upload it to Shapeways and let anyone print a tiny Matt figure for their Monopoly set. It’s a present that comes with it’s own infinite digital reconstruction blueprint.

But what if someone stole the digital one? What if it leaked out, and people liked it so much they started printing their own? How would that make Matt feel? How would it make me feel? Does he have “the original” even though there is no original? Is it a “first” like a blog comment? Is there still something unique about the one that arrived in his house packed in a tiny little box for his birthday in 2011? I think so, but it lives in a weird space.

Implications

I think this kind of gift, the present deeply rooted in the past, in a shared history and experience, but interpreted by skilled artisans into something new, is going to be the new normal. While hiring artists and 3D modelers is challenging now, there’s nothing stopping someone from creating Photoshop or Maya as a service. Perhaps Shapeways will even evolve in that direction. Supply the talent, ship the product.

We’re surrounded by mass market objects. Books, movies, furniture, even sometimes what we consider to be art. We collect it and we arrange it, but it isn’t truly unique. The hand blown glasses at Ikea say they’re made by hand and each is unique, but you’re buying them from Ikea, so the really weird ones probably get tossed in the recycling heap. Sometimes we may shop at craft fairs, but even crafters will reproduce an item if it sells. It’s hard to create things from scratch, and producing one-offs is expensive in a traditional model.

But now that the means of production are so cheap, and the training to use them is largely free and open, we can truly have unique things without spending a lot of money. We can create home movies that are beautiful, we can hire artists to create beautiful things just for us or the ones we care about.

It’s possible we’re just setting ourselves up for a backlash. The figure I made for Matt isn’t a Warhol, and while we both get it and enjoy it, I’m sure some would argue that we’d be better off with a good reproduction of something truly important instead of a meta-reference. But Warhols are meta-references, so maybe we’re just becoming hyper-personal with them. In the end that’s what we get to weigh. Is the quality of the work more important, or the personal connection you have to it?

Book Review: YOU by Austin Grossman

April 22, 2013 at 9:39 pm (No Comments)

Austin Grossman has a new novel out. It just hit last week, and it’s called YOU. YOU is like Ready Player One and Fight Club having a baby while making an Ultima game. If you’ve read both of those books (or watched the movie, in Fight Club’s case) and liked them, do not pass go, do not go to your cave and find your power animal, buy this book and read it.

YOU is a book about making computer games, about making the Ultimate Game, a game where you could be anyone and do anything and the world would still work, the story would still unfold completely naturally. Austin has worked as a writer and designer on some of my favorite games, including Deus Ex and Thief: Deadly Shadows. His experience in the games industry really shows, and you can see bits of real games peaking through the imaginary ones. There’s a section in the book about a demo at E3, and it sounds exactly like they’re playing Thief, scrambling over rooftops, firing flaming arrows at torches, evading the city watch. Austin’s latest game is Dishonored, which is sitting on my shelf, and has now risen much higher in the next-to-be-played list.

The story of YOU is told through a prodigal protagonist. Out of options, he returns to the game company his friends started after high school, after they all built a pair of RPGs together. He gets a job as an entry-level game designer, and proceeds to unravel a mystery about friendship and adolescence and being a nerd. The game shifts between its present day of 1997 and the 80′s years of high school, the story unfolding through flashbacks and dives into the games the company created.

If you read REAMDE and enjoyed the parts in the MMO, or if you enjoyed Daemon, or Ready Player One, or Tad William’s Otherland books, you’ll like this book. It’s obvious he’s writing from experience when he introduces a game, and while some of the details may be embellished from what was possible then, they play like we want to remember them.

The ending of this book doesn’t land as well as it could, it doesn’t leave you with a particularly warm sense of accomplishment, but it isn’t bad. The macguffin is resolved, but the mystery sort of peters out. This isn’t a book you read for the ending, though, it’s a book you read for the journey, for the time warp back into high school, into games on floppy discs and BBSes and a million possibilities inside the magical machine that no one over the age of 25 understands. As an ode to that bygone era, it is unmatched.

VallisMOO: A Game Designer Is You!

April 22, 2013 at 11:49 am (No Comments)

The world is a scarred shell of wind and sand and heat. Whoever had their finger on the button finally pressed it. There’s only one safe place left, a tiny, sheltered valley between two giant mountains. To the south is the ocean, to the north, the wasteland. A magical gate keeps the monsters out, and keeps the valley safe. We live well here, in our little sea side town or deep in the forest. We roam the grassy plains, dotted with bald hills. We hunt, and forage, and build. Sometimes we fight, because what’s worth fighting for more than the last good place on Earth?

YOU & Me

A couple of days ago I read a review of Austin Grossman‘s new book, YOU, by Cory Doctorow, and decided to buy a copy. Austin’s a game designer, and he’s worked on System Shock, Clive Barker’s Undying, Deus Ex, and Dishonored. He’s now an author, with his first book SOON I WILL BE INVINCIBLE, and now YOU. YOU is a book about a directionless 27 year old who gets a job at a game company started by some of his high school friends. While designing a new role playing game, he delves into the mystery of what happened to his friends and their dream of the ultimate game. A game where you could be and do anything, and the story would unfold before you naturally.

I haven’t finished YOU, but it’s been bringing up all kinds of memories. I got my first internet account in early 1994, dialing up through Real/Time Communications in Austin. R/T hosted a game, a text-based Zork-ish virtual world game called Ghostwheel, or GhostMOO. I’ve talked about GhostMOO before in my Pocket Worlds post, but I had forgotten an interesting chunk of GhostMOO history, and my own stab at multiplayer game design. My own dream of the Ultimate Game.

Ghost^2

In 1997 GhostMOO was on the decline. We’d had a big rush of users in 1995, but many of them had graduated from college, and user numbers were down. The two main drivers of the game, Quinn (lead programmer) and Razorhawk (content creator) were busy with other projects, and without strong direction, GhostMOO was stagnating.

A couple of GhostMOO programmers, including Matt Sanders (who I’d go on to start Polycot and then join HP Cloud with) and I decided we’d start a spin off. Quinn had been gracious enough to release the core of the game, the bits and pieces that made up combat and non-player characters and monsters, out into the open as the GhostCore, so we had a good place to start.

We were thinking of creating a Ghost^2 or Ghostwheel 2.0, if you will. Similar core concepts, but different execution. Ghostwheel was all over the place thematically, we had monsters cribbed from Princess Bride, Alien, a whole community of Dragons straight out of Pern, a quaint japanese island, basically whatever a programmer was really into, they built. Even the name was cribbed from Zelazny’s Chronicles of Amber. In retrospect what we had was a mashup, we were just ahead of our time. Ghost^2 was an attempt to wipe the slate clean, to start with a core concept and theme that would be internally consistent.

Like all groups starting with a blank sheet of paper, we wanted to create the Ultimate Game, and we had the audacity to think that we could create a better game than the ones that had come before. We wanted to create a game where if you wanted to play a blacksmith, you should be able to do that all day, role play with other people, and generally succeed and feel progress. If you wanted to fight monsters, great, but that wasn’t the only path. Years later the first Star Wars Galaxies game would do this in MMORPG form, only to be neutered and turned into more of a combat grind in an attempt to compete with WoW.

Terrain Zones

One of the really interesting things that Quinn built at GhostMOO was the Terrain Room. GhostMOO was a MOO, a text based game, kind of like a multi-player Zork. In a game like this as you walk around you’re presented with room descriptions, which include the objects in the room (furniture, people, monsters, etc) and the available exits. Like so:

The R/T Round Room
Eight walls for each point of the compass, each with an open doorway.  The
 floor is tiled with checkered perma-linoleum; little matching octagons.

                    N   
        NW        Lounge       NE
      Austin        |       Hot Tub             UP
             \      |     /                     Helipad-
               \        /                         Austin
    W              YOU             E              Jizo Island
 Library -----     ARE   ----- Infirmary          Ghostwheel Plain
                  HERE
               /   |    \                       DOWN
        SW   /     |      \    SE               Ground floor-
     Obsidian               Greenroom             Exit to Wasteland    
                   S                               Guest Chamber
            PX/General Store
The center desk is empty of all personnel.  Someone must be on an extended
 coffee break.  An electronic sign-in pad is bolted to the desk.  A monitor is
 bolted into the desk.  Nobody's sitting on the floor.  Alongside the east
 wall is a queer little potted tree, a tallish leafy husk with a, uh, snout?
Contents:
 Bulletin board                                             
Obvious exits include down (d, trapdoor) and Up (Helipad, u).

Each of these rooms is dug by a programmer from an existing room, like mining through the digital aether. That new room then has an exit back to the room you were in before. (Here’s a map of the main house and grounds of LambdaMOO, for comparison.) That style of design makes for very detailed, interesting areas, but the overall area tends to be small, because every room needs to be described individually.

Quinn created something called a Terrain Room, which lived inside a Terrain Zone. In a Terrain Zone you insert a little ASCII map, something like this:

        @qedit me.tmp
        # ############
        #    # #     #
        ###~~#~#~~~#~#
        #          # #
        ############ #
                     #
        ##############
        .

This map defines what kind of rooms there are and what the layout is. In this case the pound signs (#) may be walls, while the tildes (~) may be rivers, and the blank spaces grassy fields. With this lovely hack Quinn transformed the Zork style MOO into a player-perspective Rogue-like.

The cool feature of the Terrain Zone is that it only creates the rooms if they need to exist. In a MOO everything takes up memory space, and back in the mid 90′s memory wasn’t as plentiful as it is now. If you’re standing in a terrain room, the terrain zone can look at the rooms around you on the map, and tell you what’s there. ”To the north, east and west are open fields. To the south is a stone wall.” Those rooms don’t actually exist. Once you decide to walk north, the Terrain Zone creates that room, moves you into it, and destroys the room you were standing in before (unless you dropped something, or there’s some other reason for the room to still exist).

By operating like this you could create huge areas without actually digging and describing every room yourself, and the memory consumption would be a lot smaller. Your monsters and other non-player characters could also know about their “home” terrain type, so they wouldn’t stray from the grass or river. You could also let the player “travel north” and they would keep walking through rooms until they hit a room that was different than the type they were already in, or contained something unique.

In Ghost^2, we decided to use a Terrain Zone for our world, since it let us create an overall map that had consistent distances and spacing. I sketched the map out on a sheet of paper (above), and then started drawing it in a paint program on my Mac (below). I had a program that let me convert graphical images into ASCII art, so I was able to go from a map directly into the MOO. This is the last version of the Ghost^2 map, created in October of 1998:

The map is 1,000 pixels by 1,000 pixels, so our game would would be 1,000 rooms by 1,000 rooms. In the orange spots where there were towns we could dig out special rooms for houses and buildings, we could dig out special dungeons from the fields or forests. In this map light green is grassland, dark green is forest, gray-green is hills, blue is water, yellow is roads, and grey is rocky terrain. The outlines around large sections are edge types, like the edge of a forest, a beach or the base of a hill.

It was a really cool concept, and thinking about it still gets me excited. The idea of adventuring in that world, exploring the bustling cities, verdant fields, dark forests and dimly lit caves sounds like a lot of fun.

VallisMOO

Game design isn’t easy. It’s easy to dream about, but it’s hard in practice. I’m about 1/3rd of the way through YOU, and the main character’s starting to realize that he has to enumerate every kind of object in the world, in every state it has. We reached a similar place with Ghost^2, which eventually became VallisMOO when interest waned among the other developers. We decided not to create a sister-MOO to Ghostwheel and I kept working on my own, and that MOO became VallisMOO.

I appreciate the stamina exhibited by the Adams brothers, the team behind Dwarf Fortress. They’ve been working on that thing for years, but that level of dedication is really hard to maintain. I got to a place with VallisMOO where I needed to begin populating the combat system with weapons. I heard that Steve Jackson games was working on a Low-Tech book, due out “any day now”, and instead of forging ahead (ahem) and making do, I decided to wait till it came out, and use it for reference. That was 1998. GURPS Low-Tech finally shipped in 2002, and by then I was on to real paying projects and VallisMOO was only a memory.

Legacy

I went digging through my project archive and found a directory full of VallisMOO code and to-do lists and graphics. It even had some logs of conversations where I discussed the ideas for Ghost^2 with some friends, things I’d long forgotten.

I thought I’d share the design documents with the world, so I’ve uploaded them to github with a Creative Commons license. There are files of character types, races, locations, maps and all kinds of crazy things.

If you thought this post was interesting, and enjoy 90′s era game design, you’ll probably really like Austin Grossman‘s YOU. I finished it last night, and once I get a chance, I’ll write a more complete review.

Meditations on Sleep

April 5, 2013 at 4:11 pm (2 Comments)

How you sleep is a secret. You can’t tell from walking next to someone on the street if they can drift off in seconds while the lights are on and the TV’s blaring, or if they need a sealed cocoon of solitude kept at an exact temperature with no piercing noises or lights. Well, sleep doctors might. I’ll ask mine the next time I see him.

Based on the totally non-scientific notes I’ve taken from since I’ve started dealing with my sleep issues, I can say that a lot of people can’t sleep at night. Some people have full blown sleep apnea, and I really feel for them, but I think there are a lot more who just can’t shut down at night and drift off. Maybe ten thousand years ago we could have, but now that we’re in the big cities with the job stresses and the always-available entertainment and the ten thousand projects going at once, we’ve lost that ability.

My journey towards trying to get better sleep started when I moved out of my parents house after high school. I’d gotten a pretty good gig doing consulting development at Whole Foods, and had some money to spend. I figured that since I’d probably spend at least a third of my life in it, I went a little crazy, and bought this:

This is actually the short version of The Bed (note the capitalization), the first version had full height box springs. I’m 5′ 10″ and I felt like I needed a ladder to get into it. Our house in San Marcos at the time was a 800 square foot (if you measured the outside of the building) 2 bedroom. There was barely enough room in the biggest bedroom to walk around it. It was the most wonderful thing ever.

I’m one of those people whose brain refuses to shut down. Given normal everyday stresses, I will lay in bed, awake, till 3 or 4 in the morning before finally falling into a half-sleep. If there’s something urgent happening early, or I’m wearing something scratchy, or there’s a strange noise, or there’s too much light I might not sleep at all. I want to, by body likes to be in bed, but when I close my eyes it feels like someone hits fast-forward on the VCR in my brain and I can’t slow it down.

Acquiring The Bed was a great first step in solving some sleep problems. It was a Serta double-sided pillowtop, and I think it set me back $3,500. It was probably the best $3,500 I’ve ever spent, but even it wasn’t enough to guarantee sleep. I still have problems, and between the time I started writing this post and when I actually finished it, there were a lot of nights of no sleep.

So in the interests of helping out someone else who might share my problem, here are a few things I’ve tried, and some comments on them:

Environment

I like it dark and cold. The colder the better, really, but usually in the high 60′s. This can be expensive in Texas. If I were clever I’d have an in-room AC unit and only cool off the bedroom. White noise is good, but those tinny little white noise generators just don’t do it for me. I need base, I need rumble. The circulator fan in our AC unit is right next to the bedroom, and for years I slept about 4 feet away from it. Now I have a small air purifier next to the bed that I run on medium, which does a decent job.

For a while when our daughter was small and in the same room with us my wife wanted to have a night-light, which drove me up the wall. Fortunately now our daughter’s in her own room. The baby monitor we use throws off a really bright light, but some things you can’t avoid.

The Bed

Finding a really good bed can be hard. The market is designed so you can’t do real comparisons, and even with a 30 or 90 day money back guarantee, who wants to go to the trouble of returning a giant mattress? We bought The Bed at a dedicated furniture store, and paid a lot of money for it. We bought our second bed at Sears, and got it on a big sale. The first bed was great, the second bed isn’t great at all. You can’t compare list prices between stores, sales don’t really matter if they’ve just marked the cheap one up a bunch. Go to a reputable place, get some advice from friends, and lay on them for a while. I like really soft beds, they’re pretty hard to find. Don’t give up, you’ll be living with that thing for the next 10 years. Keep your purchase and warranty information. Scan it, take a picture with your iPhone, whatever. In 8 years when the springs start popping out the side, you might be able to get a new one free.

I’ve heard that foam beds are hard to… procreate on. I’ve never bought one, I don’t really know. I like giant, squishy but not too squishy pillowtops.

Having a good bed is a big deal, and having a good bed-frame can be important, too. Right now we have a barely-held-together craigslist bed frame, and probably need to trade it in for something more supportive and stable. If I feel like I’m on an incline or if there’s a weird aberration in the bed, that’ll keep me up. Like I said, a princess.

The Pillows

Having a good pillow is key. I like big squish-able down pillows, because I sleep on my stomach or side. IKEA has a great selection for cheap, so you can try them and not feel guilty. Buy extras.

Preparation

My sleep doctor’s advice is to keep the bedroom as the place you sleep, don’t watch TV there or play on your devices or read books. I’m not good at following advice, and pretty much do all of these things. If you’re having trouble, it could be something to try. Meditation and breathing exercises work for a lot of people, I haven’t had success with it. The force is not strong with this one.

Support

Having a partner who gets that you’re lying in bed going crazy every night is a big deal. For a lot of people sleep issues aren’t something that ebb and flow, every night is a battle. It can be really hard to be responsible for stuff early if you tossed and turned for hours the night before and only got 3-4 hours of unhappy sleep.

My wife has the ability to fall asleep anywhere. She’s fallen asleep during conversations with me, while playing games on her iPad, I think she could probably sleep standing up. I’m incredibly jealous of that ability.

Some couples who aren’t able to deal with sleep problems, especially snoring, sometimes sleep in separate bedrooms. I get that it’s a solution, but it seems kind of unfortunate. When we travel I find that we only really fight over the covers, so I always call downstairs and get an extra comforter sent up, and we use two on our bed at home. The bonus there is that hers has a warmer fill and mine is lighter, so we’re both happy with temperatures. This isn’t the TV sitcom ideal of mom and dad in the perfectly made bed straight out of the catalog, but it works for us.

I usually get my best sleep, almost lucid-dreaming style, after my wife’s gotten out of bed in the morning. That means that most of the time she takes care of the baby and gets the household going. That’s a big deal, and I really appreciate it.

Pharmacology

I was raised to hew to the rugged individualist ideal. Drugs are a crutch, you came out of the womb the way you should be, etc. Eventually my wife convinced me to talk to my general practitioner about it, and she prescribed be something called clonazepam. It’s a great little drug, and for the first time in forever, I felt normal. I’d just sort of drift off to sleep, no muscle twitching or anything. Alas, it’s habit forming, so it isn’t prescribed for long-term issues. Eventually when I started going to the sleep doctor he had me try zolpidem (you might know it as Ambien), it’s probably the most popular option and is available in a generic. It has a long half-life, though, and it made me feel groggy in the morning. Eszopiclone (Lunesta) gave me a weird aftertaste. Eventually we settled on zaleplon (aka Sonata) which has a much shorter half life and is lighter. My doctor says he uses it if he wakes up during the night and can’t go back to sleep. The only downside is for those days when your brain’s really going and you have a big presentation or early meeting, it’s pretty much useless.

Food

Food is a killer, and late night eating from sleep issues is a big reason why people gain weight. It’s really comforting to have a filling snack after laying in bed for 3 hours, your blood goes to your stomach, you get the itis, but it’s terrible for you. Late night eating is one of the things that concerned my doctor the most. I’m not sure if I have much advice here, except that we don’t eat things we don’t have. That leftover fried chicken isn’t lasting till morning, but if the chicken isn’t there, it doesn’t get eaten. I don’t drive to the store at 3am, I just go back to bed.

Vacations

That Bed is Broken. Like, literally.

Travelling can be tough when you can’t sleep, but often the increased activity can make it easier to fall asleep. Don’t forget your meds, like I did on my trip to PyCon. I felt like a zombie all weekend. If you don’t know about the hotel chain and have space, pack a pillow. Hilton’s pretty good at it, as are most boutique hotels. I always crank up the AC when I go to sleep, both for the noise and for the cold. I’m lucky enough to be able to afford nice hotels. When I was in Paris several years ago we booked the cheapest hotel we could find, and when we got to our room the bed was actually broken. I think we’ve stayed in a few places in Mexico where the beds were almost literally an exercise mat on top of concrete. Vacations are expensive, book a nice hotel if you can.

In Conclusion

If you have sleep issues, you’re not alone. There are sleep doctors, and some good options. There’s no magic bullet, though, so if your partner has sleep issues, give them a little slack and support them. It’s a tough thing to live with, and it can make living a normal life really hard.

If you have some tips or tricks, please share them in the comments. If there are a few, I’ll add them to this post, if there are a bunch I’ll do another one and link it from here.

Sweet dreams.

Post Script

This post originally had a different opening and title. I was curious how people would react to it, as I’m stretching myself more as a writer. I think the general reaction was ‘”That’s probably spam,” or “Good grief, I really don’t want to read that.” Whoever would have gotten the joke probably has, so I tweaked the intro to be more on point. In any case, here it is:

I’m a Little Princess

I’ve always known I was different. I know regular people. I see them all the time on TV and in movies. They talk about their normal lives, their simple problems that seem so solvable, and I just can’t relate. I wonder if they know how lucky they are, to be exactly who they need to be, to not be plagued by this.

I’m lucky too, I guess. I have a job that lets me work from home and pass for normal. My wife’s very understanding, probably more than a lot of women would be. I know other people share my secret. I read between the lines in their tweets, or see their living situations. I’ve seen doctors, and taken medications, and it helps a little.

When I finally moved out of my parents house, I made some bad decisions. I thought I could get a cheap fix, just some slapped together left over parts, but it was awful. Finally I had a run of good paychecks, and I went to the store and plopped down more money than I’d paid for anything but a computer or a car to buy the ultimate solution… this:

PyCon 2013: Three Days in the Valley

March 23, 2013 at 7:25 pm (No Comments)

Last weekend I was in Santa Clara for PyCon. Since then the story of the conference has been writ large in media outlets near and far, but you may not have heard anything about what the conference was really like. So here’s my view, as someone who had never been to PyCon before (with some thoughts on the controversy interspersed)…

HP Cloud was a sponsor and exhibitor this year at PyCon. I’m working on a new cloud service written in Python and will need developers at some point, so I traded manning the HP booth for a few hours for the trip. I’ve been to Lone Star Ruby a few times and two RailsConfs, but I’d never been to a Python event. Given Python’s reputation as a very friendly, open community, I wanted to get a feel for it it in person.

I’ve never been to the valley proper. I’ve been to San Francisco a couple of times, but never down to Palo Alto, Mountain View, Menlo Park, Sunnyvale, Santa Clara, Cupertino, San Jose, and surrounds. In tech, Silicon Valley inhabits a mythical place as the fount from which innovations flow. Books have been written about how special the place is. Barrels of digital ink have been spilled over the high cost of living, the startup life, and the bright lights up the 101 in the City.

I flew in late Thursday night after a crazy week attending and presenting at SXSW, and then getting robbed. On the approach vector into San Jose International the whole valley spreads out beneath you, tight, flat grid of civilization. It’s very Tron. After taking a taxi from the airport, the only thing that really struck me was that every building I saw over one story had the logo of a tech company I knew on it. I didn’t book travel in time to get into the convention center hotel, so I was in The Avatar, the overflow hotel. The Avatar is an 8 bit/robot themed hotel, but really it’s a refurbished 1950′s motor style Holiday Inn with some modern furniture. At check-in there was a lady in front of me with green hair and big black boots, and in my post-travel haze, surrounded by tin robots and chrome, I remember thinking that this must be where all the cypherpunks had gone.

In the morning light, Santa Clara looked a bit more like every tech town USA, though there was still that ineffable California sheen. I took the overcrowded bus over to the convention center, picked up my badge, and had a very nice breakfast. It was a standard eggs and bacon affair, but they were pretty liberal with the bacon. I think I saw a guy whose entire plate was bacon.

I picked up my conference bag from a guy wearing a Wreck it Ralph tech team shirt. Apparently Disney Animation was a sponsor this year. Next up was the keynote from Eben Upton, where they announced that everyone was getting a Raspberry Pi. There was a lot of cheering. He also said that originally they were hoping to make a device that booted straight into python, so if you wanted to do anything you’d need to learn to code, ala the C64 and BBC Microcomputer. The Pi in Raspberry Pi was originally for Python. They’re still working on that idea. The organizers also mentioned in the announcements about the Young Coder program they ran, with obligatory adorable pictures of kids peeking out from behind monitors.

The sessions were interesting, and since it seemed they were being recorded, I didn’t feel as much pressure to sit in every one that seemed cool. The Messaging at Scale at Instagram talk was really interesting, as was the Making DISQUS Realtime talk. It’s pretty incredible the traffic the DISQUS folks are pushing out of a half dozen physical boxes. Whenever you’re on a page with DISQUS comments and you see one slide into the live comments box, you’re talking to one of those half dozen machines. Crazy. They had some interesting traffic graphs from the week the new pope was announced.

After a few panels I decided to hit the trade show, which really surprised me. It’s a good time to be a Python programmer. The trade show at PyCon, a conference of only 2,500 attendees, was one of the best I’ve seen. I’d never seen a trade show with Facebook, Oracle, Google, redhat, eBay, Microsoft, Amazon, Twitter, Apple, Netflix, Firefox, Hulu and of course, HP Cloud, all in one place. We sponsored a happy hour the first day, and Heroku covered the second day with free sake. There was even raspberry pi(e).

Lunch was really well organized, with 7-8 two sided serving tables and acres of big round tables. The food was ok, nothing to write home about, but better than some conferences I’ve been to. Breakfast was really their forte, the second and third days we had really satisfying baja breakfast burritos.

One of the trade show vendors, Thumbtack, a company that offers custom local service quotes (and is an awful lot like a site we worked on at Polycot, 45fix), had a programming challenge they were handing out. I’m afraid to say that I burned more than a couple hours over the weekend working on it, and in the end I ended up with a fairly brute force approach that I wasn’t entirely satisfied with, but seemed to be the only straightforward way to solve it. The programming challenge pages are here, if you’d like to take a crack. The solution to the second page challenge ended up taking around 25 seconds on my Macbook Pro:

Donglegate

So let’s get into some controversy, shall we? The Python community is known as an open, welcoming community. Like any programming community there are plenty of hard core nerds who like to prove how smart they are, but Python was designed as a language that would be very consistent and easy to learn. There was an entire track on how to teach python, how to run meetups and events, and how to get more women coders into the community. PyCon has a code of conduct as well, something that attempts to directly address previous inappropriate activity in the programming community. The Python leadership and organizers want to be really welcoming, they want a good gender balance, they were even talking about how the conference attendance was 20% female. I think this number is probably skewed because it probably includes a lot of marketing folks who were only manning booths in the trade show, but they’re definitely trying.

There were at least 5 female programmer groups in the trade show: PyLadies, Women who Code, LadyCoders, CodeChix and The Ada Initiative. There was a charity auction for PyLadies, and the Ada Initiative even had a feminist hacker lounge in the trade show:

It was by far the most actively gender progressive conference I’ve ever been to, which makes the whole hullabaloo about dongles and forking so weird. There was a lot of justified outrage after the Golden Gate Ruby CouchDB talk. The Ruby community isn’t known for being as newbie friendly, and is generally a bit more rock star testosterone driven. PyCon tried to do a better job, and despite all their good efforts, the takeaway from most of the people who read about the event will be, “Won’t those nerds ever learn to treat women with respect.” That’s a shame, because they really tried. If you’re interested in diving into this rabbit hole, the Geek Feminism wiki has a good page about it.

I keep thinking that the gender equality thing that PyCon tries to promote is a lot like the friendliness of the community. It exists because we say it does, and the fact that there’s a conversation around it makes it real. If you’re sitting next to someone at a conference that talks a lot about friendliness, you’re more likely to be friendly and open yourself up and risk rejection. I had a lot of great, interesting conversations at PyCon over breakfast and lunch, including one with a young lady from Portland who had been to PyLadies and other female programmer meetups. She said what she really wanted wasn’t get togethers to talk about how being female in tech is weird, she wanted meetups where they sat down and actually wrote code. She said that if programming is a meritocracy, you should be able to prove yourself and grow by doing, which makes sense to me. Less dongle jokes, more ladies, more kids, more code. It’s a big tent.

Right after registration I was standing next to a group of people who had clustered together, and someone actually invited me over to join the conversation. I’ve never had that happen at a tech conference, ever. It turned out that none of the people in the group had ever been to PyCon before. It wasn’t a passed down openness based on previous experience, it was because we all knew PyCon was open, because they make a point of saying it. It’s right there on the conference web page: “Change the future – education, outreach, politeness, respect, tenacity and vision.”

I don’t have a good answer on how this whole thing should have played out. It’s a mess. It shouldn’t have been a mess. I hope the folks who organized PyCon aren’t taking it too personally. I don’t see that they could have done anything better than they did.

Booth Monkey Like Me

I went to PyCon, in part, to man the HP Cloud booth. The last time I manned a booth was at SXSW, where while covering for the Creative Commons folks during their session, Bruce Sterling walked up to me and asked why he should give his books away for free. I didn’t have a good answer.

This time was a little easier, the thing we’re battling the most with developer at HP Cloud is just awareness. Most people don’t know that HP has a public cloud offering, so I was happy to explain what we did and get some insights from real customers. Of course, the Spotify booth was opposite ours, and getting those insights can be a challenge when you’re competing with this:

Wrapping Up & Going Home

I never got to really see much of Silicon Valley. I didn’t get to hit the Apple Company Store or visit the garage or the HP offices in Palo Alto. Hopefully I’ll be able to go back soon.

There were some other really good talks at PyCon. I know I need to start using iterators and generators more. I may even take a poke around Python 3.3. On Sunday they had a job fair and poster sessions, which was really interesting to me, since I’ll be presenting a poster in a month and a half at an HP conference.

Recruiting was the activity of the conference. It seemed like everyone was looking for Python developers, and like Ruby was back in 2007, there just aren’t enough to go around.

Bag-O-Swag

When I flew out to Santa Clara I only had my laptop bag. Walking around the trade show I realized that I didn’t really need to bring extra t-shirts, nearly everyone was giving them away. I ended up carefully packing an entire bag of swag, including my hard-fought goodies from Thumbtack. Thankfully the San Jose airport’s bathrooms have child seats. HP had some nice swag this year, a pen-shaped screwdriver set. Someone even came up and gave me a compliment about it.

I decided to get some Python neckerchief wearing beanie snakes for the girls back home, which gave me a chance to take this picture. I have had it with these pythonic snakes on this pythonic plane!

Austin’s a big tech town, so it wasn’t a surprise that I ended up sitting next to a fellow PyCon attendee. In this case it was Chris Kucharski, the guy who runs the web team at Dimensional Fund Advisors. We had a great chat about Python, Austin, teams and technology. It was cool to find out that he hosts the Austin Learn Python Meetup at Dimensional’s offices. The more supporters in the community and the more new developers, the better. Maybe in a few years PyCon will be as diverse as we all want it to be.

Being Burgled

March 19, 2013 at 3:48 pm (One Comment)

I don’t ask for audience participation very often, but today I’d like you to do me a favor. The next time you’re home, walk around and take pictures of every room in your house with your cell phone. Pretend you’re documenting the place for when they make a movie of your life. Feel free to cast your favorite Hollywood stars as the main characters.

These photos will be really valuable if (or perhaps just when) someone kicks open your front door and steals your stuff. It doesn’t happen very often, but in our zip code it happened 541 times in 2011. There are about 35,000 residences in our zip code, which means about a 1 in 65 chance a given house will be broken into. Last Tuesday it happened to us, while I was presenting about Software Bot Platforms at SXSW Interactive.

While you’re taking pictures of everything, make sure you have photos of everything that’s worth over a hundred bucks or so, especially those TVs, PlayStations, Xboxes, and the like. I’d suggest you flip those things over and take pictures of the serial numbers, too. That information’s really hard to dig up once they’re gone.

Lets say someone does decide to break into your house and steal your stuff. Most burglaries happen through the front or back door, just kicking the thing in (or finding the key you left under the mat or rock). If you’re like most people, when you installed your front door you might have used the cheap screws and shallow deadbolt. If you don’t know, unscrew the screws. If they’re shorter than 3 inches, replace them with nice strong 3 or 3 1/2 inch screws from the hardware store. If you’re leaving the house, always lock the deadbolt. The handle latch can be pried open with a screwdriver, or kicked open with one swift kick. Most burglaries happen between 10am and 3pm, prime “I’m just going to leave for a few minutes” time. If you have a really cheap deadbolt, think about upgrading to a grade 1 or grade 2 deadbolt. If you’d really like to secure your front door, consider a metal reinforcing strip. They make them for french doors, too. If it takes more than a few minutes to get your door open, they’re probably going to leave. You can drive yourself crazy researching bump key resistant locks, but if you really want the best, you can spend quite a bit.

I’d guess the people who broke into our house were inside less than five minutes. They look for houses that are easy to get away from. We live on a corner two blocks from major north/south and east/west arteries. They’re probably going to hit your bedroom first, they’ll pull out the drawers in your night stands (looking for jewelry or guns or small electronics). Maybe like our break in, they’ll grab a random bag to store their loot. Maybe a bag with a lot of memories to you. After the break in you’ll marvel at the things they didn’t take, the jewelry box they didn’t find, the cameras or hard drives, but some things will still be gone, and inevitably they will be things you care about.

Then they’ll hit the living room. They’ll grab things that are easy to sell, like your TV, your Xbox and Playstation. They’ll clear out your collection of Xbox games. Later you’ll realize that while the TV and devices are replaceable, the save games sitting on that Xbox’s hard drive are not. The three playthroughs of Borderlands 1 and 2 you did with your wife, with all the awesome characters and loot? All gone. The hours you spent with your team in Mass Effect, and how you were a couple hours from the end, eagerly awaiting the last DLC? Gone. You’re probably not going to finish Assassin’s Creed 3 now, and thank goodness you never even started Skyrim.

Your daughter may point at the place the TV was and say “uh oh”. The first couple of times it’s cute, but it’s also painful. Just be glad she wasn’t there when they broke in. You’ll probably also spend some time wondering why they would bother to take her new pair of red sneakers. But then you’ll realize that the people who broke into your house might have kids too, and then you’ll just be sad for the world.

They’ll do really strange things, like take the Xbox from your living room but leave the power supply, and take the power supply for your other Xbox in your daughters room but leave the console. Of course, the power supplies are different, so you don’t even have one working Xbox anymore. It’s kind of senseless.

They’ll grab the work laptop off your desk in the office, making a giant mess in the process (as if your office wasn’t a mess enough already). But they’ll graciously pull your USB VPN key out of it, and drop it on the floor before they leave, which almost makes you think that this was a Jason Bourne-esque black bag job and they’ve installed keyloggers and microscopic cameras everywhere to infiltrate your work accounts. That would explain why they didn’t touch your wife’s laptop on the desk opposite. But now you’re just talking crazy.

When you get the call that someone broke into your house and took all your computers, you immediately think the worst, that everything is gone and in the hands of mafioso or triad hackers who intend to destroy you digitally as well. This is a good way to think, because it probably isn’t far from the mark, and certainly won’t be over the next decade.

In our case we were lucky. Irma’s personal laptop was covered by papers, so they didn’t grab it. My main work laptop was entirely encrypted, and my other work laptop didn’t have anything loaded on it. They didn’t get my Time Machine backup drive, from which they could have reconstructed my entire life. My laptop was with me, as were our iPads. They got an old phone we were using for audio streaming, and the old iPad we used as a white noise generator for our daughter, but those didn’t have anything special on them. They didn’t steal our network attached storage device, which would probably be a treasure trove to the wrong people. In the end, we were very lucky.

But this could just as easily happen to any of you, so please, do me a big favor…

Your To-Do List

1. Reinforce your doors. Always use your deadbolt when you leave the house. Both front and back doors. If you have a sliding glass door in the back, figure out a way to secure that thing. Don’t leave any of your windows unlocked. Don’t leave a spare key out in anything like an obvious place. Lock the door into your garage when you leave, garage door openers are easy to fake out and even manual ones are really easy to open.

2. Catalog all your stuff, it’ll make the insurance process easier, and you can do it in a half an hour with your iPhone. Serial numbers for anything that has them. Entire room shots. You never know what they’ll take. If you can, set a reminder to do it again in 6 months. Google Calendar is great for that. Back up those pictures on a PC or in the cloud. Make sure you have a passcode lock on your phone, those things are slipperier than a bucket full of eels. Same with your iPads or other personal electronic devices.

3. Make sure you back up your machines. We use CrashPlan. It’s money well spent. If you have a Mac and have a Time Machine backup (and you should), be sure to encrypt it (if it’s local) or hide the drive in an inconspicuous place (if it’s over a network). If you have a Mac, also turn on FileVault, so even if they get your computer, they can’t read the contents of your hard drive. Always require a password to wake from sleep or screen saver or login on boot. Pick a good password, something you don’t use anywhere else. Make sure someone else knows it, in case you get hit by a truck. If you have a PC, here’s an article that may help. If you have an Xbox and an Live Gold account, turn on Cloud Saves and use them.

4. Make sure Find My Device is turned on for all your iPhones, iPods, iPads, and Macs. You can wipe a machine remotely if it gets out of your hands and is still connected to wifi. Make sure you can login to iCloud and all your stuff is listed. One of my friends recommends Cerberus for Android.

5. You can secure your stuff a bit. If I’d had a cable lock on my TV, and they hadn’t been able to just lift it off the wall mount, it would probably still be here. There are also locks for your laptop, but that’s a pain if you like to be mobile. If your laptop lives on your desk, it might be worth it. Some larger TV wall mounts have holes for locks. If yours doesn’t, you might be able to thread a cable lock through it and make it harder to pull off the wall.

6. If you live near Austin and would like to fix up your security but don’t know how to do any of this stuff, are scared of screwdrivers, have a phobia of the hardware store, etc, let me know and we’ll get it done.

Ergo

In the next day or two we’ll pick up a new TV to replace the one from the living room. My daughter will be able to watch Sesame Street again. We’ll probably get another Xbox, and maybe another copy of Borderlands 2. I don’t think I’ll ever go back to Mass Effect. That save game was their world, I can’t re-create that. We’re probably going to install a camera in our entry way that watches the entry way and street, something that even keeps running when the power’s cut. Of course then there’s the back door, or a window. Your home isn’t a castle, it’s a barely held together shed with a bunch of memories and possessions inside that anyone with a reciprocating saw and 2 minutes of time could compromise. If someone wants your stuff, there isn’t much you can do to stop them, which in the end is the terrifying thing, because all we’d really like back is our peace of mind.

SXSW Interactive Talk March 12th

March 5, 2013 at 11:09 am (No Comments)

Next Tuesday, March 12th at 12:30 pm in Capitol ABC of the Sheraton Austin I’ll be speaking at SXSW Interactive. The title of the talk is AI Netizens: The Future of Agents Online, which is a great techno-cryptic title for what will essentially be: Where bots came from, what comes next for Siri and Google Now, and how we build an open source alternative.

I’ve added a page for the talk here, where I’ll be posting a video and the presentation slides after I give it.

See you there!