No Agenda - Greatest Rantcast EVAR!

No Agenda, a podcast by Adam Curry and the Headcrank John Dvorak, has increased in listenership from 10,000 to 25,000 since I last wrote about it.

If you want to check out the show, you should listen to number 28, which you can easily get on iTunes. The guys are in rare form and it's an almost two-hour rant about everything. At about 24:30 into the show, they go off about jails and Wesley Snipes and taxes and "Hollywood Bitches" and such, and it's hilarious.

Have fun.

P.S., I have applied for a trademark on "Rantcast", so you can't use it in any conversations. Oh wait, I just Googled it, and tons of people have used it before. Shit.

Also - if you listen to the end, Adam Curry explains the entire business model of podcasting for you. Even better - he mentions that Cali Lewis of Geekbrief.tv has viewership numbers that are typically 2 million a month, with spikes up to 20 million!

And Adam also explains how back in the day, maybe 3,000 people at a time were watching MTV. Now it's double that. Heh.

Buy Nano-Plasm Soft Cover
© 2005-2008 Stephen Clarke-Willson, Ph.D. - All Rights Reserved.

Data is code

John C. Dvorak recently asked how it is that a simple data file like a Microsoft BMP image can cause an attacker to take control of a Windows computer?

The answer is simple - there is no such thing as data without something to interpret it.

In the case of a BMP file there is a header that precedes the data and which describes how many rows and columns are in the image, how many colors, and a little bit extra information that tells the computer how the file is laid out in memory (the stride).

The header is interpreted by a program and therein lies the trouble. If there is an error in the program that interprets the header, then it is every bit as easy to inject code via a buffer overrun with a BMP file as it is to clobber an input field in a web form.

The situation is considerably more complicated for JPEG images, which expand as they are decompressed. The avenues for error are greatly enhanced because of the complexity of the JPEG algorithm.

But even for a simple BMP file there is plenty of room to screw up the code. For instance, one can easily imagine a poorly formed header that describes an image that is smaller than the actual image data. In this case, it is possible that the program that reads theBMP will not allocate enough storage and the extra data will cause a buffer overrun. It's that simple.

So while the BMP format is very simple, actually writing a robust program to ensure zero errors is not as simple, and in the days before security became paramount, such programs would be common. If the program was given bad data it would probably crash. But these days, attackers give such programs very carefully contrived data that screws around with the memory layout of the program that is interpreting the BMP file, thus avoiding a crash but still causing unplanned behavior.

So there you go - that's how a BMP file can be exploited by an attacker.

It's so simple it's really kind of frightening, because interpreting most other file formats is enormously more complicated, and the number of possible errors is just frickin' huge.

Buy Nano-Plasm Soft Cover
© 2005-2008 Stephen Clarke-Willson, Ph.D. - All Rights Reserved.


Katie Couric GraphJam finally posted

I guess they are processing these things by hand.

Anyway, click and vote, and I might get moved to the main page!

see more funny graphs

Buy Nano-Plasm Soft Cover
© 2005-2008 Stephen Clarke-Willson, Ph.D. - All Rights Reserved.


The best defense

How much is my credit card number worth on the black market? - By Jacob Leibenluft - Slate Magazine:

"The demand for very basic credit card information appears to be shrinking—in large part because those data are often not very valuable. Credit card companies foot most of the bill when your card number is pilfered: By law, a consumer is liable for only $50 when a stolen card is used, and most companies waive even that. As a result, the companies have stepped up their efforts to cut down on fraud, reducing the potential benefit from accessing a stolen card number. As opposed to bank accounts, for instance, it is far more difficult to use credit cards to quickly (and anonymously) take out cash before an account is shut off."
Capitalism FTW! (*) You can pass all the laws you want against credit card fraud but to really fix the problem the credit card companies have had to develop serious defensive mechanisms to cut down on the value of a stolen card - and they are succeeding. Sometimes, supposedly, the best defense is a good offense. But most of the time, perhaps all of the time, the best defense is simply a really good defense.


* FTW - for the win!

Nano-Plasm, A Novel
Buy it at LuLu.com
© 2005, 2006, 2007, 2008 Stephen Clarke-Willson - All Rights Reserved.


Teaching Video Games - Ed Magnin

Teaching about Video Games - Ed Magnin

The link is to an article by Ed Magnin, who I have known for 18 years or so. He programmed Caesar's Palace and Prince of Persia for the Gameboy way back in the day at Virgin.

© 2008 Stephen Clarke-Willson, Ph.D. - All Rights Reserved.


A summary of The Lame List

The Lame List is a list of networking errors that (apparently) a number of early Windows applications would make.

I have summarized the list below, with some details omitted:

Inexcusably lame.
Dog lame.
Mired in a sweaty mass of lameness.
Nauseatingly lame.
Lame. Lame. Lame. Lame. Lame.
Violently lame.
Uncontrollably lame.
Totally lame.
Intensely lame.
In all my years of observing lameness, I have seldom seen something this lame.
Thrashing in a sea of lameness.
Universally lame.
Pushing the lameness envelope.
Glaringly lame.
Profoundly lame.
Floundering in an endless desert of lameness.
Suffocating in self lameness.
Perilously teetering on the edge of a vast chasm of lameness.
Mind bogglingly lame.
Inconceivably lame.
Festering in a pool of lameness.
Self abusively lame.
Words fail to express such all-consuming lameness.
Grossly lame.
Exceeds the bounds of earthly lameness.
Criminally lame.
Sinking in a morass of lameness.
Stooping to unspeakable depths of lameness.
Seeping lameness from every crack and crevice.


Screwed by iTunes and Fox!

Since I disclosed my trick of figuring out who was going to win American Idol, the iTunes store has been altered to only present the current American Idols on a special page - I can't get at the popularity chart anymore!

Still, David Cook is going to win, and except for him, it's more or less a crapshoot as to who will get voted out any particular week.


© 2008 Stephen Clarke-Willson, Ph.D. - All Rights Reserved.



Larger Prey Are Targets of Phishing - New York Times:

"The tactic of aiming at the rich and powerful with an online scam is referred to by computer security experts as whaling."
Whaling! That's hilarious! And smart of these phishing people. Why waste your time going after little fish when you can snag big fish just as easily?

(This scam is coming from China or Taiwan apparently.)

© 2008 Stephen Clarke-Willson, Ph.D. - All Rights Reserved.


Do red light cameras work too well?

Do red light cameras work too well? - Crime & courts- msnbc.com:

"Last week, Dallas officials reviewed the numbers and decided that a quarter of the cameras they had installed to catch motorists running red lights were too effective. So they shut them down.

They are not alone. Faced with data showing that drivers pay attention to cameras at intersections — resulting in fewer ticketable violations and ever-shrinking revenue from fines — municipalities across the country are reconsidering red light cameras, which often work too well."



TiVo predicts Idol losers

TiVo predicts losers:

Entertainment blog TMZ reports that TiVo has hit on sure way to predict who's going to win -- and who's going to lose -- the biggest contest in the land. Yes, I'm talking about "American Idol."

TiVo anonymously monitors usage statistics in a pool of 20,00 of its users. The company can tell when viewers replay an "Idol" contestants' songs, and when viewers skip over it. Replaying, obviously, is a good sign. If people are fast-forwarding through your songs, you're going home.

TMZ says TiVo has predicted the "Idol" loser for four weeks straight. And tonight, TMZ says, TiVo's method predict that 24-year-old Syesha Mercado is going home.

Well, that came out wrong - it was Michael Johns who was blind-sided by the vote. But I think this corroborates my hypothesis that except for David Cook, the overall vote is very close each week.

© 2008 Stephen Clarke-Willson, Ph.D. - All Rights Reserved.

People who watch Katie Couric read the news

I like Katie Couric but things aren't going so well for her right now.

I made a GraphJam chart of her situation. I mailed it in. I received an acknowledgment. And then nothing.

Click the small picture below to see the proper graph:

Katie Couric intersection with the news by Stephen Clarke-Willson

© 2008 Stephen Clarke-Willson, Ph.D. - All Rights Reserved.


American Idol - iTunes Popularity

So, I've got my own system for predicting how American Idol will end up, which consists of checking iTunes to see how our Idols are doing.

David Cook is still number one in popularity with Billie Jean.

Next up is David Archuleta with Angels.

And in third is Jason Castro with Hallelujah.

David Archuleta is in fourth with Imagine.

Michael Johns, who was just voted out, sadly, is fifth with It's all Wrong but It's all Right.

Brooke White is sixth with Let It Be, which I think is fantastic.

David Cook's popularity is significantly higher than the others, so as long has he is consistent he will win. If you can be as popular as Michael Johns and still get voted out then I think we can assume that most of the votes are pretty close and this is a very competitive season.

I've bought the following Idol performances from iTunes, and here I've ranked them according to how much I like them:

Let It Be
You're the Voice (David Archuleta)
God Bless the USA (Kristy Lee Cook)
You're so Vain (Brooke White)

© 2008 Stephen Clarke-Willson, Ph.D. - All Rights Reserved.


Talking Avatar Demo

Talking Avatar Demo


Try this one that I made

This is pretty fun! Click on the big blue button at the top of the screen to run the demo. Be sure to move your mouse around as the character tracks the mouse position on the screen. Put the mouse on their nose to make them look cross eyed. Also, check out the dog - he's actually the creepiest thing on the site.

© 2008 Stephen Clarke-Willson, Ph.D. - All Rights Reserved.


Windows can do anything - even be a source of musical instrumentation

Post 9/11

I took this picture of LAX less than a month after 9/11/2001. LAX in generally was very quiet and the roadways within LAX were virtually deserted. It was quite creepy and I was afraid to take the picture 'cause everyone was looking at everyone else as a potential terrorist.

© 2008 Stephen Clarke-Willson, Ph.D. - All Rights Reserved.
Posted by Picasa


Cind-E Ship

Wall*E is coming soon from Pixar.

Before Wall*E was Cind-E, which stands for "Computer Intelligence, Non-Determinstic-Experimental", and was the name of a game project I undertook after leaving Virgin Interactive.

Cind-E is a robotic ship with a mind of her own.

I'm not an artist, but in 1997 I made a crude sketch of how I though the ship could look:

Stephen's drawing of the Cind-E Ship

(Click image for bigger view.)

In 2002 (I think), Wes Griswold made a beautiful 3D rendering:

Wes Griswold's CGI rendering of the Cind-E ship

(Click image for bigger view.)

I spent a lot of money trying to get this project off the ground as a game, and when things fell through, I made this T-Shirt:

500K and all I have to show for it is this lousy T-Shirt?

It was actually more like $600K but I thought that using a round number was funnier. When I would run into successful game makers while wearing the shirt they would laugh. When I would run into struggling game makers they would get a pained look on their face.

To be fair, I have more to show than a T-Shirt, although most of it is internalized as hard lessons learned. But I also learned to do PC graphics and drive Alias Poweranimator and do a lot of other things. And I still have the movie screenplay which I shop around once in awhile.

© 2008 Stephen Clarke-Willson, Ph.D. - All Rights Reserved.


Nano-Plasm Tech: Spirographs

One of the themes in my book Nano-Plasm is the use of spirographs to visualize the otherwise impossible to see workings of a set of nanotechnology machines.

Here's a Java applet the lets you make spirographs (you can only see half of your spirograph because of the way Blogger formats my page):

Created by Anu Garg.

© 2008 Stephen Clarke-Willson, Ph.D. - All Rights Reserved.