Has anyone written up the l33t hax0r implications of the Petraeus Report? I've been patiently waiting for someone take up the gauntlet ever since the general included this line in his prepared statement before congress:

Finally, in recognition of the fact that this war is not only being fought on the ground in Iraq but also in cyberspace, [my recommendations to the Join Chiefs note] the need to contest the enemy’s growing use of that important medium to spread extremism.

I first heard this on the radio, and it seemed a little weird to me. Not because I doubt the existence of insurgent-run websites filled with flash video of roadside bombs, LOLcatted stills from A Mighty Heart and comment threads filled with "INSURGENCY FTW!!", "ANBAR SUX0Rz" and unflattering analogizing of Sunni Islam to the Playstation 3. I'm sure those sites are out there. I can even believe that they serve a significant recruiting function for people who do genuinely bad, genuinely non-virtual things.

But it was a bit odd to hear a military commander say that, in addition to the attention we're paying to people getting shot and blown up, we also need to spend more time dicking around on the internet, presumably countering the nasty internet trouble made by our enemies. For one thing, suppressing online content does not have a particularly storied history. Given that, it seems like the intelligence value of these sites would probably outweigh the utility to be gained by shutting them down. DMCAing the Mahdi Army's MySpace page would just shut down a marginal source of propaganda. Why bother? It'd be far better to just quietly keep an eye on their top 8 (who is this shady "CamGirl69" character, anyway?).

For another thing, I have a hard time believing that the issue requires more attention. As far as I can tell there's no shortage of government funds for boondoggles aimed at preventing Kim Jong-Il from interfering with Americans' Facebook feeds. I trust that there are already people paying close attention to these issues.

But who knows? The internet refuses to tell me anything, so I'm left to wonder why General Petraeus thought that cyber-warfare deserved relatively prominent billing. You've failed me yet again, mainstream media! Was there some analysis of this initiative that I missed, or did the entire punditocracy inexplicably decide that there were more important aspects of Petraeuspalooza for them to attend to?

In response to my last post a much-better-informed little birdy sent me a transcript of a Homeland Security Committee hearing about online Islamic extremism. It was an interesting read, and I may say something else about it later. But for now, here's the part that was most immediately striking:

In an effort to raise its visibility and recruit new members... an Iraqi insurgent group held a website design contest open to anyone in the world with an Internet connection. And what was the prize given to the winner of that contest? The opportunity to launch a rocket attack against American forces in Iraq with just the click of the mouse from the winner's computer.

It's inhuman and morally outrageous, yes. But man, that's a pretty good idea for an online contest. If you could just tone down the evil you might really have something there.

Two other things occurred to me about that bird-supplied testimony before the Senate, so I'll share them quickly and then return to hi-tech frivolity. Apologies in advance for seeming to presume that I know things about terrorism; clearly, I don't. I do know things about the internet, though.

And that's the first thing that struck me: how typically internetty it all is. The networks as described in Michael Doran's testimony sound very much like other illicit online networks.

At any given moment in any given language, only a limited number of sites post original material produced directly by terrorist organizations or by religious authorities to whom the organizations have pledged loyalty. The majority of terrorist websites in operation are either mirrored versions of these existing sites or simply bulletin boards that disseminate material that originated on the websites under the direct control of the terrorist organizations.

...

Well, these are websites that are controlled by people who are known to each other and they will post authoritative information on the website and then it will be disseminated out by loyalists all across the Internet.

On these bulletin boards — these are bulletin boards where they're password protected — certain individuals, their user names will become known as authoritative individuals.

I'll give you an example. There was this American Johnson who was kidnapped in Saudi Arabia and killed. Within hours of his kidnapping, his wallet with his ID appeared — a photo of it — appeared on this website.

So from an event like that, you can then conclude that that website is directly connected to the kidnappers and it's an authoritative website.

Then an individual on that website, whenever an al Qaeda-related event would take place would tell you, if you want to see our statement about that event, go to the following address and then you go to that address. Once it's out there and authenticated, then it just spreads like wildfire.

If you haven't, go read Jeff Howe's excellent "The Shadow Internet" over at Wired. It describes the surprisingly centralized system that powers nearly all online piracy. There's a collection of "topsites" operating as a darknet — one that's known and accessible only to trusted individuals. Release groups compete within the topsites to see who can provide the best software fastest. From there the releases trickle into increasingly public places on the net: private bittorrent trackers, usenet, and finally public P2P networks. The same sort of tiered content distribution system seems to underpin terrorist website economy.

They're similar in other ways, too:

Yesterday I read Brian Doherty claiming that Radiohead's pay-what-you-want scheme for their new album would undercut piracy and thought "Not so fast!" In my experience folks will upload any content that's even marginally relevant to a site. I've certainly seem freely-available content redistributed through pirate channels before.

But in this case he may actually be right. Oink doesn't have it, although I suppose that makes some sense given that downloading an album from Oink comes at a cost (users have to maintain an upload/download ratio to keep their access to the site). But Isohunt hasn't got In Rainbows either. Huh.

UPDATE: Rich pointed out in comments that the band's preselling the downloads, but that nobody's actually got the files yet. That makes sense, and I feel dumb for not realizing that was how the whole thing was supposed to work. So: torrents in t-minus eight days!

"Alright, here it is: we take a normal, by-the-numbers sitcom. I mean, totally unremarkable in every way."

"Okay."

"Maybe we make it single-camera and don't have a laugh track and play some OK Go in the background, because we want people to think we think that we're hip and unconventional. But really we're as completely ordinary as we can possibly be at this moment in time."

"I'm tracking you so far."

"Alright, here's the twist: some of our cast is wearing caveman makeup. Well? What would you say to that?"

Stunned silence slowly turns into an overwhelming wave of applause. Cheers erupt, cigars are lit, backs are clapped, and a burlap sack emblazoned with a cartoon dollar sign is handed to the presenter. Curtain.

I am pleased to announce that I've recently upgraded my shaving technology. Before this I was using a red Mach3 Turbo that my mother gave to me, which worked well enough. Prior to that I was using a Mach3, which was indistinguishable from its successor except for a lack of redness and failure to incorporate the word "turbo" into its name. Also, it seemed slower.

But I'm now the proud owner of a Gillette Fusion PHANTOM, the most advanced piece of face-grooming technology yet wrought by man. It contains a motor, a microchip, and, at last count, SIX blades. From the name I infer that it also possesses some sort of Active Stealth technology.

As astounding as this all is, it's true that the PHANTOM is an evolutionary product as much as a revolutionary one. The motor, for instance, is not new: the Gillette M3 POWER was the first razor to leverage the key "let's make the user's hand shake" insight. But that was the rare technology for which I was not keen to become an early adopter.

And yes, I know what you're thinking. You're going to send me a link to this Onion article. Ha-ha. Very funny, you goddamn Luddite. If it was up to people like you we'd still be scraping our faces with oyster shells, squatting in the mud and waiting for the day when hyperintelligent bees conquer the earth. No thank you.

If you want to escape the prison of your anti-scientific prejudices, I highly recommend that you visit the educational website that Gillette has established. There you can explore the futuristic lab where Gillette razorologists continue to probe the furthest reaches of beard physics. Your virtual guide will be the brilliant and surprisingly slutty Dr. Cassandra. Her come-ons become more intense with each click of the mouse, as Gillette's computers note your continued attention and furiously recalculate the likelihood that you can be fooled into buying a razor on the off chance that doing so will lead to sexual intercourse with a Flash animation.

Things really get crazy once you enter the Holosphere. I won't say anything more, except to encourage you to exercise caution: as with any holo-technology, there is always a small but real chance of cowboys, Nazis and/or literary villains escaping from the simulation and running amok.

I'll leave you with this sample of the high-quality educational resource that awaits you. Who are you to resist?

This version of "I Feel It All" from an appearance on KCRW isn't all that different from the album version, yet somehow manages to be significantly better. But then, I always think that when someone picks up a song's tempo slightly relative to its studio version. This version sounds a little more raw, reverbed and bassy, too, probably due to how it was recorded. In short, it fools me in all kinds of obvious but enjoyable ways. My deterministic nervous system gives it a predictable thumbs up.

Feist – I Feel It All (KCRW)

Ryan, in a manner deeply unbecoming an economist, is questioning the need for continued human progress:

I remember when men would shave with tools, real tools, that doubled as farm implements or at least good kitchen cutlery. And when we wanted a bracing splash of aftershave, well, that’s what the tumbler of scotch was for. All right, so I don’t remember that, but I do remember when the two blade disposable you got in your freshman welcome pack was sufficient to hold things down until that study abroad trip junior year when you first tried growing a beard. Rust builds character, my friends.

I'm sure this sentiment is heartfelt. But I can't help but note that both Ryan and certain other razor traditionalists can plausibly be described as Aryan Supermen. I'm sure it's very convenient to have the sort of blond, wispy facial hair that can be removed with gentle abrasion from, say, a disposable plastic dish scrubber. And I don't mean to disparage my own more problematic stubble — men like Kriston and myself find rough facial hair useful in a variety of situations, e.g. igniting a strike-anywhere match and using it, with cupped palms, to light a hand-rolled cigarette as we stare flintily at the loneliness of the great Western range. From horseback.

It's just that taming that sort of beard — some might call it the sort of beard that tamed America — requires more decisive, even violent measures. That's all.

Speaking of beards, here's a shot I took this morning before shaving:

As you can see, it still sucks. But I'm happy to say that this is only about five days' growth — reaching this point took much less time and involved much less discomfort than doing so has in the past. Like everything else in this increasingly globalized world, my beard's crappiness remains constant, but its cost is plummeting.

(Take that, Avent.)

Matt weighs in on DIY fruit harvesting:

Kay Steiger, who went on the apple-picking trip Sara (pictured above, at the orchard) organized last weekend and that I attended under the time-honored principle "go apple-picking when your girlfriend tells you to," retorts that apple picking's not inefficient, it's "a form of entertainment." This would be a lot more convincing were agricultural labor entertaining. In reality, these are the jobs Americans won't do.

But while Matt (and, one suspects, professional apple pickers) thinks it's silly to pay to perform this sort of labor — even if just with time — he's guilty of doing the same thing. Sure, he's a professional pundit now. But for a long time Matt belonged to the class of folks offering electronic ruminations for free — a practice that leaves a lot of professional writers scratching their heads. It's still not unusual to read a curmudgeonly journalist complaining about these damn kids writing without compensation. And while Matt may have done it as an investment in his future, not everyone does.

But writing and gardening are both at least conceivable as leisure activities. An even more astounding example of the reach of this phenomenon comes from Penny Arcade, via Quantum of a Wantum.

There are a bunch of people in their basements playing Flight Simulator, and a bunch of people in their basements pretending to be air traffic controllers, running an application that simulates a radarscope. All wearing USB headsets, they are connected to a big network called VATSIM where they talk to each other and simulate realistic air traffic procedures as accurately as possible.

It's strange but true! These people labor over hour-long preflight checklists, pore over FAA manuals and file flight plans before launching their virtual jumbo jets into the virtual sky and then sitting patiently as autopilot sends them across the virtual Atlantic. They create imaginary airlines and imaginary regulatory agencies. It sounds incredibly tedious to me, but I'm sure they genuinely love it.

Of course, crowdsourced air traffic control is probably a somewhat less practical idea than user-generated fruit harvests. But it's not hard to conceive of situations where that sort of energy and enthusiasm for tedium could be harnessed. And it's undeniable that a lot of people are expending considerable effort online creating genuine wealth without direct compensation. Some of this is being harnessed and even occasionally rewarded — open source software's sponsorship by big businesses like IBM and Novell is a good example. And various ventures are now trying to capitalize on the potential of crowdsourcing and UGC, with varying levels of success. But in many more cases it seems to be enough for authors to simply be allowed to create — so long as they continue to receive a sort of involuntary patronage from their regular employers.

In the past you could prove your mettle and gain entry to an industry via skillful amateur efforts, freely offered. The internet now makes it possible for those amateur efforts to actually compete with the industry they're emulating. One can't help but wonder if it's a race to the bottom: do your real job less efficiently to free up time for your fake job. Meanwhile, your willingness to do your fake job for free reduces the compensation available for doing that sort of work, making it harder to actually become a professional. The first movers will be fine, but eventually their fields will be bled dry.

But this is a pretty depressing perspective, and not at all in keeping with my general internet triumphalism. Explanations why I'm wrong will be welcomed with open arms.

OH YEAH! I nearly forgot: I wrote about related issues in somewhat rosier terms a while ago.

1. Fix my mom's plane problems
   She forgot her passport and missed her flight to Amsterdam. After many calls to Orbitz, the next available flight toward which her fare can be applied appears to be on Saturday. And costs $4000.
2. Migrate a friend's Typepad blog
   After several tries, it appears that Typepad has a serious bug that prevents it from exporting more than 100 megs' worth of archives. Ticket opened.
3. Complete an Apple rebate
   They swapped in a new ipod for the older-generation ipod that Emily & I ordered under their promo deal, assuring us via email that it would still be eligible. Their online rebate form disagrees.

To hell with this. I'm going to play video games.

Can you guess what it is? Winner gets to not be subjected to it. And no fair guessing if I've already told you.

Matt and Ezra are discussing pragmatic justifications for progressive taxation, aka WEALTH TRANSFER OMG. Will Wilkinson breaks things down here, and his reading seems about right to me: Matt and Ezra are gunning for maximizing well-being rather than cosmic justice. Will's probably also right about it not being a very good idea to make this argument to the public.

But this struck me as wrong, or at least unfair:

But surely Matt understands that the inability of utilitarianism to acknowledge principled constraints on the way people may use one another is the main reason why most moral philosophers believe utilitarianism to be false. Perhaps Matt thinks these philosophers confused. But if so, then they share their confusion with most Americans, who also don’t believe utility maximization is a good justification for the appropriation of their property.

Sure, hardline utilitarianism is unappealing. But I doubt that Ezra or Matt actually believe in it. Rule utilitarianism works just fine, and lets us simultaneously accommodate the public's intuition that A) they should be able to go under anesthesia without having their organs harvested and B) there's a fuzzily-defined and slight but real inverse relationship between wealth and property rights — i.e. it's okay to take a few extra hot sauce packets from Taco Bell for later use. And isn't accordance with intuition what the validity of a philosophical system is all about?

Of course, this standpoint is still pretty paternalistic. To which I can only respond: meh.

There are many like it, but this one is mine. More to come.

And speaking of completely unoriginal contributions to the internet: I'm really liking Ruby so far.

...according to his blog. Here's the website for the series, which displays the cast of ethnically diverse characters that will be featured.

I don't see how this could possibly end badly.

It is possible to see this silhouetted figure rotating in both directions. Charles got it right away; yesterday I finally managed to as well. It seems extremely unlikely that the neuroscience claims attached to the demo mean anything. Still, it's a pretty neat optical illusion.

But I'm left wondering: did they really have to give the figure nipples?

Megan is pondering an interesting question. Apparently some contrarians have begun trying to convince her that the carbon cost of transporting non-local food is so high that the metabolic energy she expends by biking to work may come at a larger carbon cost than just taking a cab. That is, a distantly-grown apple takes so much energy to grow, produce and deliver that we'd be better off burning fossil fuels rather than expending human effort.

Two things. First, as Megan points out, gasoline has to be transported, too. Second, not too long ago Drake Bennet pointed out some good reasons for wondering whether local food is actually environmentally friendly: it doesn't take too many trips to the farmer's market in a mostly-empty car for the tomato you just bought there to represent more energy use than the one shipped across an ocean in a massive container ship, then packed into a fully-loaded diesel semi.

But I'm still curious about how the energy use breaks down. Some figures arrived at via quick googling:

• One gallon of gas contains 121 MJ of energy, or 28,920 kilocalories (1 dietary calorie = 1 kilocalorie)
• A 175 lb bicyclist traveling at 15 mph expends about 34 calories per mile
• The highest average fuel economy in US history was 26.2 mpg. Depressingly, this occurred in 1987, according to Wikipedia.
• Fight with Quicksilver's calculator functions a little and you get... let's see here... *whirring noises*... 1103.81 kilocalories per mile of travel by car.

So bicycling is 32.4 times more efficient, in terms of pure energy use, than driving an average car (from 1987). Making energy by growing and harvesting food certainly takes a lot more energy than making it by pumping oil out of the ground and putting it through a fractionating column. But 32 times more per unit of produced energy? Well, maybe.

At any rate, the difference in locally- versus distantly-grown food seems unlikely to be the deciding factor. The real question is whether, carbon-wise, you should be making that bike ride at all, regardless of where your groceries began their journey. I can easily imagine a tomato requiring 32 times more energy to grow, harvest and deliver than it provides in food energy.

But who knows? It's all very confusing, and the concerned individual taking deliberate action to save the environment through carefully researched lifestyle changes seems to me to be embarking on such a crapshoot that they'll be very lucky if, when all is said and done, they've managed to even offset the carbon cost incurred by their EnergyStar LCD monitor's daily display of Treehugger.

OR: What Ezra said.

There's a new version of the Hy/pe Mac/hine! Cool. The mp3 blog aggregator's gotten a new coat of paint and a different flash player. It looks pretty nice, although I'm not entirely sure what substantive changes have been made. Nevertheless, it's at least much more t-shirt-compatible.

I decided to celebrate the occasion by digging into the workings of the site a bit more. Hype/m provides a lot of music but is understandably hesitant to provide direct downloads lest they be busted by The Man. But how do you go about providing an mp3 for listening but not for saving? It's as fundamentally unsolvable as any other DRM problem — more so, given the relatively open technologies that the site uses.

Still, they do their best. For instance, only requests from known web browsers are allowed — try to use a command-line tool like wget or curl to fetch content and you'll get an ACCESS DENIED message. But it's easy to fake user agent strings (or just to do the dirty work within your browser). Consequently, this isn't the only security that the site employs.

Let's have a look at the anatomy of playing a song on hypem:

1. You click the play button next to a track.
2. An AJAX request is sent that looks something like this:
   

   http://hypem.com/inc/serve_nowplaying.php?id=401678_1

   The part in bold is an identifier that's unique to the song you requested.
3. Some HTML is sent back and placed in the portion of the page where the play button used to live. It looks like this:
   

   <object class="play" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,0,0" width="36" height="18">
      <param name="movie" value="http://hypem.com/h2p.swf?autoplay=true&url=N2NjZGZkYTJkMjc0ZTZmNGY3OTVmNmQ0Mzg4MTEzYTVjMTgyM2NhY2ZmYzI2ZTAyMzE2MGIwMDY1NjJmOTA5MTJlMzE1ODA5MzYyYzBjODJiYjdjODBhNGI0ZDIwODkyMDRhNTQ3M2U4OWQwOGE2Mjk5YjQ1MWRjMjk1ZjFkNTlmYmIyZWIwZmU5YThlMDU1">
      <param name="wmode" value="transparent">
      <param name="quality" value="high">
      <embed src="http://hypem.com/h2p.swf?autoplay=true&url=N2NjZGZkYTJkMjc0ZTZmNGY3OTVmNmQ0Mzg4MTEzYTVjMTgyM2NhY2ZmYzI2ZTAyMzE2MGIwMDY1NjJmOTA5MTJlMzE1ODA5MzYyYzBjODJiYjdjODBhNGI0ZDIwODkyMDRhNTQ3M2U4OWQwOGE2Mjk5YjQ1MWRjMjk1ZjFkNTlmYmIyZWIwZmU5YThlMDU1" quality="high" wmode="transparent" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" width="36" height="18"></embed>
   </object>

   This code tells the browser to load an Adobe Flash object called h2p.swf and pass it parameters telling it A) to start playing immediately (autoplay=1) and B) where to find the mp3 that it should play. This is accomplished via a mysterious url parameter, which I've highlighted in bold in the HTML above.
4. Using the LiveHTTPHeaders plugin for Firefox, we can see that the flash video then requests a file named something like:

   http://hypem.com/serve/f/509/401678/f48c7f07a821a8fc528842d0bd8d3029.mp3

   That's straightforward enough. But how does it get that long URL from the even-longer url querystring parameter that's passed to the Flash movie?

To find out, we've got to take a look inside the seemingly black box of the flash movie. Fortunately there's a great tool that lets us do that: Flare, which is free, cross-platform, and will happily extract the ActionScript from a Flash movie. I grabbed the h2p.swf file and passed it to Flare. Here's the interesting part of what I got back:

this.m = new mp(this, com.meychi.ascrypt.RC4.decrypt(com.meychi.ascrypt.Base64.decode(_root.url), 'abcdef1234567890'));

Hello there... looks an awful lot like a decryption routine... and something that looks suspiciously like a decryption key! This line takes the aforementioned url querystring parameter, Base64-decodes it, then passes it to an RC4 decryption routine along with the decryption key abcdef1234567890 (not the actual key). This turns the url parameter into a usable URL, which the flash player then fetches.

The meychi.ascrypt library's website is offline, but a little digging into its code (also returned by Flare) shows that, unlike most RC4 decryption libraries, it expects to receive a string of hexadecimal bytes which it first converts into a string of chars before applying the RC4 decryption algorithm. The need for this extra step had me scratching my head for a while, but eventually I figured out what was going on and cobbled together the following script to replicate the functionality. It's in Perl, since I couldn't find any RC4 routines in Ruby.

#!/usr/bin/perl

use MIME::Base64;
use Crypt::RC4;

# hype mac/hine's secret encryption cipher... shhh!
$passphrase = 'abcdef1234567890';

if($src = <>)
{
        # decode the URL-safe parameter from base64
        $unencoded_src = decode_base64($src);

        # convert decoded input from hexadecimal bytes to a string of chars
        $charred_ciphertext = '';
        while(length($unencoded_src)>0)
        {
                $char = substr($unencoded_src, 0, 2);
                $charred_ciphertext .= chr(hex($char));
                $unencoded_src = substr($unencoded_src,2);
        }

        # decrypt with RC4 algorithm
        print RC4($passphrase,$charred_ciphertext);
}

Pipe the url querystring parameter to that script and it'll spit out the URL of the actual file. Paste that into your browser and you'll be redirected to the file's actual location — your browser will begin downloading it quite happily.

Of course, this is all kind of a huge pain in the ass. It's much easier to follow the link to the blog where hype/m first found the mp3 and keep your fingers crossed that the original link is still alive. But! If you could just find Javascript libraries for Base64 encoding and RC4 decryption you could make a bookmarklet or Greasemonkey script that automatically adds a direct download link to every hype/m entry. Hmmmmm.

Anyway, I should probably finish by saying that none of this should be taken as an indictment of the hype/m programmers' skills. The Hype Ma/chine is a truly impressive piece of software, and the countermeasures its creators have implemented to prevent direct downloading are pretty much everything I can think of doing. The problem is simply that allowing a user to hear content but not store it is an impossible task. And keeping secrets hidden in Flash — which is the only appropriate technology for this application — is similarly impossible, making whatever obfuscation they employ relatively easy to unravel.

The only improvement I can think to make would be to rotate encryption keys by serving a variety of different player SWFs, and invalidating an mp3's URL as soon as an incorrect key is used (I assume that the URLs produced by my script are temporary redirects that rotate fairly frequently and can be expired as necessary). This way a user couldn't cycle through the known keys. As far as I know, decompiling an SWF is not something that can be accomplished in Javascript.

But it probably could be done within a full-on Firefox plugin. And given browsers' enthusiasm for caching Flash (and Javascript's ability to easily differentiate SWFs with different names), the above proposal might not be a viable approach at all. Really, there's no way to completely secure this system. "Good enough" is all that one can reasonably hope for, and I think they've already achieved that.

Cross-posted at EchoDitto Labs

I was sitting in a not-that-eventful software development event this afternoon when I got a phone call from an unknown number. I expected this — my mom was scheduled to have some surgery tomorrow and the hospital's patient-wrangler was due to call and tell me where we needed to be and when.

But no! It was MPD on the line, wanting to confirm my identity and address and then informing me that Charles' and my apartment had been broken into. I think I said something off-color like "oh jeez!" and set off on my bike.

Apparently some jerk had pulled up in a plausible-looking van from a HVAC company. I guess he had tried to pry open the front door, since some of the trim had been removed and the police found a prybar in a backpack in the garbage can. But that didn't work. So he set up some not-that-official-looking cones and a ladder and used them to climb through a window.

The same thing happened to our neighbor Paul about a year ago. Fortunately, our neighbor Katie was home and kept an eye on the guy. She eventually decided that he looked shady enough to merit a call to the cops, who nabbed the guy as he was coming out. In his possession at the time: an iBook charger, a jar full of change and our beloved Nintendo Wii (no Wiimotes, though).

The cops took statements, dusted for prints, had me do a walkthrough and even gave us back our things. Throughout it all the officers and detective were friendly, professional, thorough and, in one case, kind of foxy.

Better yet, my mom's operation has been rescheduled. So I'm currently sitting on my couch in the sun, home from work, sipping coffee and getting ready to take care of some coding that I thought I was going to have to sprint to finish. Getting robbed is great!

ALSO: Amanda tells me that she asked Travis Morrison my let's-say-one-eighth-joking question about his preferred Javascript library during her interview with him. Awesome. This has turned into a pretty good day.

A question: why doesn't anyone put wind turbines on top of skyscrapers? Mythbusters just informed me that gusts at that height can reach 90 mph. Selling the produced electricity back to the grid might be problematic in a lot of places, but one imagines the energy could be used for the building's heating and cooling plant. And it'd surely be a great marketing investment for a company looking to burnish its eco-credentials.

On the other hand, I imagine that "GIANT SPINNING BLADES" may be the sort of architectural feature about which zoning laws have something to say.

Yglesias prompted me to read David Brooks' column on Mike Huckabee. America America aw shucks apparently-not-diabolical. Fine. But what's this?

[Huckabee] tells audiences that the only soap his family could afford was the rough Lava soap, and that he was in college before he realized showering didn’t have to hurt. "There are people paying $150 for an exfoliation," he jokes. "I could just hand them a bar of Lava soap."

He's right about one thing: Lava soap is pretty rough. My dad often had some of their products around the house for cleaning grease off of his hands, and it was definitely not something you'd use without noticing. But that's because it's supposed to be that way — it's got little bits of pumice mixed in.

Anyway what's this bullshit about it being cheap? Lava is a highly specialized utility soap, and one would expect it to command a premium. Clearly, this calls for some internet research. I compared prices for Lava versus Irish Spring — a nice, middle-of-the-road soap used by right-thinking Americans such as myself. A NOTE ON METHODOLOGICAL RIGOR: Lava is mostly sold as single bars. On the web, Irish Spring tends to be sold in 3-packs, so I've divided its prices by the number of bars. Surely a hardscrabble, cost-conscious family like the Huckabees would've bought in bulk.

The best price I could find for Lava was on Amazon — if you buy the 48-pack you can get it for $0.89/bar. But that's still more expensive than retail amounts of Irish Spring, and the package is suspiciously green. If you're really looking for budget soap you can do considerably better than that. Or you could simply pass horse urine through straw and mix with lard. You do slaughter your own pigs, don't you?

So what can we conclude from all of this? I think there are two possibilities. Either Mike Huckabee is a compulsive liar and therefore completely unfit for office; or the Huckabee family has some sort of hereditary economic disability. The latter could perhaps account for his otherwise inexplicable enthusiasm for raising taxes sometimes, slightly. Either way, it's important that he be exposed for the confused old man and/or transparent fraud that he is. Has anything been done with the word "Huckster" yet?

This is the most obviously despicable campaign trail behavior since John Kerry's 2004 cheesesteak pandering. I expect the next Youtube debate to feature AT LEAST one soap-related question.

Have a VCast-capable Verizon phone? Like the idea of using your phone as a modem for your computer, but wary of dropping $59 every month for the privilege? Here are instructions that detail how to use a $15/mo. VCast plan instead. Via Hack A Day.

Gaze upon this and contemplate what you have done to our once-beautiful world.

Astoundingly, this is not the worst LOLfense I've seen. It's just the worst one that I can bear to subject you to.

If you're at all interested in the latest developments in the battle between Comcast and Bittorrent users or, even more perversely, want to know what I think about the matter, head over to The Technology Liberation Front. The TLF folks have been doing a fine job on the issue (as usual), and I've been spending my Comcast-related energies in their comment section. Head over there and fight with me about the DOCSIS cablemodem standard, why don't you?

I'm down in Charlottesville for a couple of days, helping my mom get around as she gets some more surgery on her arm (it never quite healed properly from her motorcycle accident 15 months ago). There are a bunch of restaurants and bars that I used to frequent as an undergrad just a short walk from the hospital, and the nurses assured me that hanging around the waiting room would gain me nothing except, perhaps, a deadly staph infection. So I wandered up to the Corner, had lunch at Bodo's (now with official Jewish approval — he's matrilinear & everything!) and then wandered over to Plan 9 music, where I've been sipping coffee and having very little luck using the free wireless.

This provides a handy excuse for why I haven't yet completed my timesheet, but it also means that I just lost an entire batch of meticulously-tagged Halloween photos when the upload died partway through. This brings me to the putative reason for this post: there's got to be something better than the OS X Flickr Uploadr, right? The goddamn thing has a single failure mode: catastrophic. I appreciate simplicity, but I kind of expected Flickr to take some of the savings it enjoys from vowel-related cost-cutting and reinvest it in software development.

Mom's surgery went well. The radial nerves in her arm had to be moved, which is a bit worrisome and resulted in more post-surgical weakness than the doctors would have liked. But she's not in too much pain, and she says she can already feel that her arm is better-aligned than it was. Everyone's optimistic that with work, patience and perhaps another procedure she'll recover her full dexterity.

This is no great revelation, but: hospitals are depressing. Everyone is just so helpless. The medical staff perform a strange pantomime of patient-empowerment, offering treatment options as if they'll be met with thoughtful consideration rather than endlessly rephrased versions of "what do you think we should do?" You're at the mercy of fate, the insurance company and your own ignorance.

It's worse when you watch it happening to someone whom you arrogantly identify as less-equipped to make informed decisions. Although they do so gently and respectfully, the nurses' approach toward their uneducated, unhealthy and generally unlucky patients resembles nothing so much as that of an adult who unexpectedly finds himself babysitting the lost child of lawyers. They're very deferent, but their respectfulness comes from protocol, manners and professional fear rather than, y'know, respect. It's hard not to wonder what these exchanges accomplish.

Of course, a paternalist with even a little self-awareness (a title to which I aspire) can't look at this interplay for very long without realizing that he's just as enmeshed in it as any of the people around him — it's just that he has the problem of being an insufferable snob, too.

So I tried to put aside my pretensions and abjectly surrender myself to the situation. I stopped judging the wheelchair-bound smokers in front of the building. I watched Wheel of Fortune with interest. I listened to a sweatsuited manchild complaining to his elderly mother that the hospital firewall didn't allow him to check Britney Spears' MySpace page for news of her new album. I listened, identified, despaired.

Then I resumed doing what the doctors told me until I could return to a place where it's easier to forget about free will.

Right, Halloween: it's already happened, as far as I'm concerned. I'm exhausted, haven't been to the gym in ages, and have a ton of work to finish. I intend to nod approvingly as Charles hands out the massive quantities of candy that he bought, but my holiday celebrations occurred last Saturday. I think I'm even skipping out on a fun-sounding bar outing.

But last weekend was pretty great. Here's a shot of me as Dr. Doom, looking disoriented:

And here's a shot of me fighting Galactus.

A few things learned during the costume construction process:

1. I think Dr. Doom probably makes his own outfits. If you find yourself in possession of a lot of green fabric, an enthusiasm for diabolical technology and little to no sewing skill, a Doomesque cape and tunic combo is a not-unlikely result.
2. Dr. Doom's enthusiasm for goblets is born of necessity: it's really hard to hold onto a beverage while wearing gauntlets. Cupping your drink from beneath is really the only viable strategy. The fact that it looks good when paired with a menacing glower is just a happy coincidence.
3. Negative ion generators are a nice idea, but they're also likely to stop working pretty quickly. And you need to think seriously about electrical isolation if you want to build up any kind of charge — ancient sneakers spraypainted silver (and paired with a cape that occasionally drags) are not the best way to keep voltage from leaking into the ground. I managed to give a few people pinprick shocks before the whole thing stopped working, but it mostly served to gently electrocute my right foot. Overall, it was a bit of a disappointment (although thankfully not a very expensive one).
   
   But I got some late advice from Dan Rutter of DansData.com, which may be useful for aspiring Dooms:

   You might like to try buying one of those "shocking" lighters or pens that're all over eBay and joke shops these days; they're basically just a little Tesla coil inside, I think, and it ought to be quite easy to hack one into a shock-glove.
   
   (A friend of mine made a rather higher powered version of the same thing years ago, and installed it in a small project box with external contacts, a button, and a label that said "DO NOT PRESS". Needless to say, people picked it up, and pressed the button, and sometimes then smashed themselves in the face with the box. :-)

   Sounds promising. Next year: Electro?

At any rate, here are the rest of my photos from the evening. As you might notice, there are kind of a lot of shots of a jack o'lantern sitting in front of a smoke machine's output hose. That's because this is totally awesome and should enthrall the lot of you the way it does me. Some people will tell you that on Saturday night I could often be found stumbling around the shrubs, fiddling with the smoke machine. More responsible accounts of the evening will reflect the fact that A) it takes a lot of work to maintain an optimally foggy environment for the enjoyment of all and B) it's pretty hard to navigate a garden while wearing a cape and cardboard armor regardless of how many beers you've just consumed.

Torrentfreak says that Day Watch is the number one DVD rip on the internet. Weird! Not so much because it reflects non-US internet use (there's a reason LiveJournal is still around, after all), but because Emily and I downloaded an English-subtitled version back in August that sure looked like a DVD rip. What gives?

While I'm mentioning potential Hallomedia (and before my chance completely slips by), give this track a listen — it's the best of a well-intentioned but mostly-awful Halloween mashup compilation:

Cheekyboy – Halloween with Morrissey

Kyle is actually spending Halloween with Morrissey. This is the next best thing.