surprisingly, I don’t consider myself a jerk

Some people really don’t like it when I talk about the tech behind mp3-sharing/discovery websites like Muxtape or the Hype Machine. I can’t say I’m incredibly surprised that Anthony from the HM feels this way. He’s built a successful and useful website which I assume makes him at least a little money, and naturally he’s going to feel a little put-upon by those who assert, as I do, that the present moral and legal norms (to say nothing of the laws) that help form his site’s unique niche are incoherent and probably untenable. I do sincerely appreciate Anthony’s willingness to engage with me via the thoughtful comments he’s left.

But I was bummed to see Rich, who I know personally (at least a little) and who I really like and respect, express disappointment over my posting this stuff. So let me try to answer the questions that both of these guys posed. Anthony asked why I write those sorts of posts; Rich asked, basically, if I thought I could do any better, and if not why I feel entitled to tear down other people’s work. I think I’ll try to answer the question of my motivation here, and then talk about the technical issues in a separate post.

There are four reasons that I can think of that motivate me to write these music service dissections.

First: although I like attention as much as the next guy, I mostly write here for my own benefit. I’m not just saying that; the numbers bear me out. Google Analytics says that yesterday I got about 140 visitors — and that was with a link from the website of a national publication (don’t worry; it wasn’t about this stuff).

There’s also the fact that, believe it or not, I did take to heart the criticism that came from my original Hype Machine post. Rich is right: the things I pointed out about Muxtape are totally obvious to anyone who knows web technologies. But I still didn’t discuss them in any detail. I didn’t talk about how to use Firebug or what a Flash player’s HTML looks like or how to URL-decode the parameters I discussed. I didn’t hand out any scripts or instructions. I tried to convey the information in an interesting way, but one that wouldn’t be directly useful except by people who could’ve easily figured it out on their own.

Did I hit that mark? Well, with a quantity of readers in the very low three figures, most of whom aren’t technical, I don’t think it matters very much. If I thought I was about to bring ruin upon Muxtape I’d pull the post. Believe me, I’m not: his immediate considerations are going to involve scaling his infrastructure and finding a source of revenue to pay his S3 bill that doesn’t attract lawsuits. I’d say he’s got a pretty good shot. But what I write won’t matter one way or another to that site’s future.

Second: let’s get this out of the way — sure, of course there’s an element of egotism. I hope it’s a small factor, but it would be dishonest of me to pretend it doesn’t affect me. I like figuring stuff out and passing myself off as a l33t t3ch d00d. This doesn’t really apply to the Muxtape case, since everything was so dead-simple — I just thought putting PLEASE_DONT_STEAL_MUSIC in the filename was funny enough to be worth relating. But when I wrote the HM post, yeah, I was pretty excited to have decompiled a SWF and gotten an implementation of RC4 encryption working in Perl and later Javascript (and not the one that was packaged with the SWF, because I’m scared of ActionScript). I thought it was a cool hack, and that led me to triumphantly post more details than I probably should have. For what it’s worth I quickly ended up editing the post to take out some specific details, and I never published the bookmarklet I wrote based on the work.

Third: the web’s importance to our lives increases every day. I think it’s worthwhile to talk about how these technologies work, both to share knowledge among those who might do something with it and to help those who aren’t technicians have a better sense of how their new world fits together. I don’t think it’s healthy to expect that most people will be content to treat the web as a magical brochure that only a privileged priest class possesses the secret knowledge to manipulate. Besides, I find the problems faced by these sites interesting for the same reasons son1 expressed, and I enjoy talking through them. They’ve led me to think a lot about how I would solve them, which I will hopefully discuss in a useful way in the future.

Fourth — and here’s where the interesting part of this post actually starts, I think: I don’t consider the current state of music sharing sites anything more than a temporary step in the music industry’s inevitable evolution. The point I want to make by all this is that the present state of affairs does not constitute a complete solution; we’re not done yet.

I don’t want to discount the well-made interface of Muxtape or the excellent aggregation and social features of the Hype Machine. They are both impressive sites and their creators deserve all the recognition they’ve received and more. But although these things add value, the essential underlying reason for these sites’ popularity is that they give music away for free.

Free, but not too free, that is. The digital music sharing problem was solved suddenly and completely about a decade ago, but that solution made the record companies understandably unhappy. They scrambled to put the genie back in the bottle and had some success. Now these new music-sharing sites are gingerly stepping back into the light, providing music in a way that’s pretty clearly still illegal under the existing legal regime — is anybody cutting checks to ASCAP or BMI? — but which the recording industry will tolerate because of the sites’ limited scope or promotional power or influence among elites or simply because they haven’t yet noticed them. If a site becomes too convenient or powerful it will no doubt get sued into oblivion or yoked with a crippling licensing agreement, and users will be out of luck until another plucky startup creeps under the radar and into the daylight.

I have very little patience for this ridiculous dance. The music industry is in its senescence, and that’s fine. It used to be that they’d provide an advance, which let a band afford to make an album from which they would receive no money but on the strength of which they could tour. This system worked well enough but came at the price of massively distorting effects upon the way our society consumes music, from “convenience charges” to pay-for-play to the goddamn Spice Girls movie, all of which were inevitable as the majors formed a cartel and began to impose rents on the industry.

But these days it’s cheap enough to record an album without an advance — believe me, I know, as Charles, Spencer and Aaron have been thundering away in the apartment’s hallway for a couple of weeks now. Bands still aren’t going to receive much money for the music they record, but they can presumably still earn a living on merch and touring. They’ll treat their studio output the way they treat making flyers or putting together press kits: as a loss leader.

That’s how I see it shaking out, anyway. It would be nice if the new order made artists richer, but I don’t see it happening — the median artist may do better, but the aggregate industry will probably wind up smaller. And I think the death of the majors would be a sufficiently positive development that it’s worth encouraging on its own merits.

Whatever’s going to happen, I think we should get on with it. At the moment a lot of media companies are adapting to the digital age by giving away content to users through their browsers, but making it really inconvenient for them to use it any other way. I think that strategy is incoherent — it’s just not compatible with how digital technologies work. Pointing that out is why I wrote these posts, and why I developed that full-text RSS tool. If making your customers’ lives less convenient is your business plan, you need to think a little harder. Or find another line of work.

Of course I don’t mean to accuse Anthony of the Hype Machine or Justin of Muxtape of making people’s lives harder. They’re doing just the opposite! But the regime under which they’re working is ridiculous. Right now they serve at the pleasure of companies who think that making a digital copy is the same as theft, who make consumers’ lives worse, who don’t represent their artists’ interests well and who accomplish it all via a copyright system that is both laughably outdated and a poster child for regulatory capture. This has all started to change, but now we need to finish the process.

So look. I’ve gone on and on here. I don’t pretend I’m going to personally have anything to do with the continued decline of the record companies, mostly for the reasons outlined in point one, but also because I’m not even trying: I’m not releasing any tools to help do it, I’m just describing their viability. But somebody else will come along and do it — maybe a $30 networked DVD player from China, or a custom iPhone application, or whatever. The envelope that HM and Muxtape have pushed will continue to be incrementally advanced, even as those contributing to the effort will repeatedly decide that no, their tool was the logical stopping point and any further efforts are an outrage.

But we are not at a stopping point, and efforts to imply that we’ve solved problems that are basically unsolvable amount to artifice — even if done so as to make worthwhile functionality legally possible. This is a point I feel strongly about and consider to be worth sharing, and that’s why I wrote those posts — and this one.

Muxtape unraveled

I’ve seen a lot of attention paid to Muxtape over the past few days, and I agree: it’s nice! I think a lot of the romanticism that people attach to the mixtape format is silly, and that removing portability from the equation makes it a lot less useful. But Muxtape is clean and built around an attractively simple idea.

I will say, though, that it does even less than usual to prevent the files it stores from being downloaded. If you fire up Firebug after you start a song playing, it’s easy enough to find the Flash player, which is being passed a set of parameters that look like this:


If you pull out the file parameter and decode it, it looks like this:

Yes, really. I’ve changed enough of the URL to make it invalid, but still: asking is probably not going to be enough.

I’ll admit that this is a hard problem to solve. Unless you’re prepared to undertake a major software development project whereby you decrypt your data client-side and send raw PCM to the sound card — and trust me, you’re probably not — you’re going to be stuck using Adobe Flash to play music in-browser. And if that’s the case, you’re pretty much stuck using a command that amounts to:


This is not very secure — Flash needs to get that URL from somewhere, and if the user can figure it out they can download the file as easily as Flash can. All you can do at THAT point is hiding the name of the file by changing it so quickly that a user’s browser can be bothered to figure it out, but the user herself cannot (this is what iMeem and MySpace do). You’ll probably also insert some hoops that Flash has to jump through to prove its Flash-iness, all of which can be easily faked but which will at least discourage casual downloading.

But the guy running Muxtape has screwed himself out of these measures by using Amazon S3 to store his files, which is handy and cheap but can’t implement a system for changing filenames rapidly, or employ HTTP user agent filtering, or check for tokens, or really do any other server-side cleverness. So the only option he has left is simply asking people not to download. Which I admire, because all of these countermeasures, even the encryption, can be defeated. But I doubt the record companies are going to be as sanguine about it.

But who knows! Maybe he’ll be able to figure out some sort of promotional detente the way the Hype Machine folks have. I hope so. But right now it will be pretty easy for someone to write a Greasemonkey script to allow direct downloading, or for music bloggers looking for free storage to hotlink the site to death.

The Project for an Organo-American Century

Matthew Yglesias says that our nation is blind to the looming robot threat. But then, he would say that, wouldn’t he? After all, his corporate paymasters are quite keen on the idea of an outbreak of hostilities between the U.S. and a nationless mechanized fighting force. I’m sure in some labyrinthine GE facility they’re working on robots at one end of the hall and the weapons to destroy them at the other, with representatives from the accounting department gleefully shuffling between the two. Think it sounds far-fetched? You do know who owns Consolidated Robotics, don’t you?

Of course, the news will be good for Mr. Yglesias closer to home, too: the Sino-American War he poo-poos will only increase demand for trenchant English-speaking foreign policy analysis on one side of the ocean, as the Chinese prefer their news written in their own language (quelle provinciale!). A war with the machines, on the other hand, would afford multitudes of perfect electrical minds programmed with English character sets and keen to know thy enemy by consuming our media at a breakneck pace.

Yes, launching America into a fight with the machines would provide quite a windfall for the ascendant pundit. Sadly, this media self-interest is nothing new. The press has tirelessly beaten the robo-war drum over the past few years — and the rhythm has approached a crescendo as of late. Google Trends tells the tale:


Aside from those few innocent days in 2004 when America fell in love with Will Smith’s I, Robot, the picture is clear: the media has consistently hyped the robot menace in a manner completely out of proportion to its significance for the average American.

A typical middle class family doesn’t feel threatened by the improving fortunes of robots. The basic generosity of the American spirit rightly acknowledges that a rising tide lifts all boats (well, alright, not boats propelled through the air by shining discs of electrostatic plasma, which hum softly as their masters rain laser death upon the landscape below — but those boats can lift themselves, so the upshot is the same). No, Americans are more concerned about being able to pay for their kids to go to college, and saving for retirement, and making the mortgage payment that just shot up — and, crucially, being able to do those things while constantly being robbed by pirates.

But, as is all too typical, the pirate menace that dominates the nightmares of the nation’s breadwinners is going unacknowledged by our warmongering village elites. You see it’s just not that glamorous to talk seriously about the roots of piracy, or to build the sorts of institutions that can stop its spread in a meaningful way. No, it’s much easier to craft a self-flattering narrative about plucky humans standing up to gleaming mechanical terrors. Frankly, I expected more of Matt.

Dorkbot DC: Arduino, Meet Fonera

Whew! Well, I presented last night at Dorkbot and it seemed to go pretty well. Thanks to Gareth, Alberto and everyone else who makes Dorkbot possible. Alberto was particularly helpful and encouraging, and I greatly appreciate it.

As promised I’ve got an audio recording of the talk to share, as well as a PDF of my slides and some Arduino and Ruby code. I haven’t yet taken any really good photos of my project, but once I do I’ll add some links to them here.

For those just wandering in: I spoke about using a router with a custom firmware as a way of adding wireless internet access (and more!) to your Arduino project. In particular I used the Fonera router, which is especially ubiquitous and cheap. Once you’ve got a custom firmware loaded you can use a simple serial link to make the router speak to your Arduino and relay whatever internet goodness you might like. I used this functionality to create an ambient display that talks to the WMATA website via wifi and uses a couple of needle gauges and LEDs to tell me when the next bus and train will be arriving at the stops nearest my apartment.

Dorkbot DC: Arduino, Meet Fonera
Audio (MP3/64kbps, 11M)

Slides (PDF, 10M)

bus_o_meter.pde (Arduino code, 3.2k)

wmatarideguide.rb (Ruby class, 1.6k)

The rest of the project code is available inside the slides. You can find some useful hyperlinks in there, too, as well as my email address.

UPDATE: The original version of the Arduino project code uploaded here contained a number of critical bugs. I’ve replaced it with a more complete version, but it should still be considered a work in progress.

one night only!

Dorkbot! Tonight! Come see me talk! Or don’t, and download a podcast of it! If I remember to buy batteries!


the war is over

Ben Franklin is frequently quoted as having said “Beer is proof that God loves us and wants us to be happy.” Let’s extend a bit further the use of consumer goods as a tool for fathoming the inscrutable motives of the omnipotent: the cable company DVR is proof that Comcast hates you.

Charles and I have had a lot of audiovisual excitement over the past few months; the Comcast DVR was a low point. You might think that the “last” and “exit” buttons would each behave in a consistent manner regardless whether you’re in the “On Demand” or “Settings” menus, but you’d be wrong. You might think that a device aimed at people who’ve just blown a lot of money on a fancy new TV wouldn’t employ a bargain basement upconverter that leaves everything rife with MPEG artifacts, but you’d be wrong. You might think that you wouldn’t have to look at advertisements every time you try to search a schedule of shows you’ve already paid for, but — wait, how naive are you?

A few weeks ago Jason let me know that Woot was offering a great deal on refurbished Tivo HDs and I jumped on it. Yesterday Comcast sent a guy over to install the requisite cable card, and I’ve been happily BOOPing and BABOOPing since. Man, is it great. Yeah, it’s a little more sluggish than the DirecTivo we used to have. But it’s comforting just the same. And, crucially, I no longer feel like a malevolent machine intelligence is sitting under my TV, whiling away its endless sentence in Ikea prison by subjecting me to subtle psychological torture. THERE ARE FOUR (front panel) LIGHTS!


I followed a link from Yglesias to The Democratic Strategist and christ but that’s an ugly header graphic. If I may, let me re-direct your attention to this post that I wrote in 2006. For god’s sake, people: PNG and GIF for high-contrast graphics; JPEG for photos.

Puerto Rico, exhaustively

There are, of course, many tragic aspects of neocolonialism, from economic distortions to the perversion of native culture to the fundamental outrage of diminishing a people’s capacity for self-determination. But it’s great for tourists.

And this was Emily’s and my guiding concern as we made for Puerto Rico. Mike D had suggested it as a cheap and easy Caribbean destination, and it didn’t disappoint. No passports, no garishly-colored money, and, for any place a tourist is likely to venture, no need to speak a language other than ‘merican. Better yet, a reliable supply of cruise ship passengers allows you to avoid feeling like the most pathetic person in a given room.

We started off in San Juan, which bills itself somewhat hilariously as “the city that outgrew its walls”. Well, it did outgrow them, but the tourist trade hasn’t. Sightseers seem to stay within the impressive and picturesque boundaries of Old San Juan, and we were no exceptions. It’s got forts; it’s got beautiful ocean views; it’s got scores of stray cats. It also seems to have a lot of young people who came for the aforementioned attractions and stayed for the heroin.

Wandering through the forts is thrilling for any red-blooded Pirates! enthusiast, our hotel was very nice and we had a great time staring at the ocean and surreptitiously listening to spring breakers’ conversations in bars. But truthfully, one night in San Juan was enough for me. Vieques beckoned.

For most of the twentieth century Vieques was used by the Navy for munitions storage and as a practice spot for blowing things up. In 1993 they accidentally killed somebody, and that was pretty much the end of that. The Navy wound up surrendering almost all of the land they held to the Puerto Rican government and the National Park Service. The Navy’s departure wiped out the island’s economy but opened up new travel possibilities, which are just now being developed. The result is an English-speaking island with reasonable prices, pristine beaches and a tourism industry that makes things comfortable but hasn’t yet become grotesquely large.

Getting there was pretty fun in its own right. We flew in a tiny Cessna belonging to the recently reopened M&N Aviation (thanks for the understanding, FAA! you dudes are alright). Our pilot showed up about ten minutes before departure time, and, not bothering to waste time asking for our names or IDs, quickly loaded us onto the plane. Within moments we were in the air, watching San Juan recede beneath us.

our trusty pilot

leaving San Juan

Puerto Rico by air

Fifteen scenic minutes later we approached Vieques:

approaching vieques

And things went downhill from there. Here, have a look at this webpage. See “Carlos Jeep Rental”? If you had to guess based on this listing, what island would you say that business is located on? Maybe I just don’t understand how these things work, but at the time I made the booking the “Vieques” directly across from their phone number seemed somewhat suggestive.

Actually, though, they’re located on Culebra, and their jeeps are tragically non-amphibious. They were very nice about refunding my non-refundable deposit, though, and soon we were riding in a public car toward our hotel, feeling only mild panic about finding another Jeep to rent.

The hotel was the second part of the trip that I had been responsible for booking, and naturally I screwed it up pretty badly, too. But look at the cheery colors! Thrill to the friendly lady on the phone! Most of all, note the wifi. This is a principle I learned while traveling in Europe: if a place has wifi, it can’t be that bad.

Sadly, that rule of thumb is no longer valid. Our hostess remained friendly, but the actual room was fairly bunkerlike, with no windows, a pervasive mildew odor and an awful mattress wrapped in unremovable plastic. Adding insult to injury, you could only get wifi reception outdoors. We stayed one night, but that was all we cared to take. In the morning I went to see the manager and debated the implications of the guest house’s cancellation policy with a level of conciliation usually only reached when one or more of the parties has “pluripotentiary” in their title (although I don’t think it prevented a looming Ragnarok between them and my credit card company).

Then we headed up the hill. On the advice of the TGH hostess and the lady in the bodega across the street we had walked to the Sea Gate Hotel the day before, where the owner Penny had kindly rented us one of the jeeps usually reserved for her own guests. Before meeting with Penny her assistant, Irma, generously volunteered to show us around the grounds. The SeaGate is beautiful, and when we found ourselves needing a new room we were thrilled to find that they had one available. It’s situated on top of a hill, right by the fort, in a rolling sort of garden filled with palm trees, lizards, horses, chickens, dogs and cats (all of them friendly, except for the lizards who are merely indifferent). There’s a three-floored building with less than a dozen rooms and suites, and a few cottages scattered around. You can see the ocean on the horizon from most of the rooms over a tangled expanse of vegetation. It’s really, really beautiful. And it was a better deal than our previous room.

Things picked up from there. The beaches are so beautiful that there’s not much point in my describing them. Rambling over the island’s dirt roads in a rickety jeep is enormously fun, and thanks to the Navy’s abandoned bunkers, it’s also entertainingly creepy:


wandering past one of the big ones

the view from inside

Remember that made-for-TV movie I can’t find on IMDB where a bunch of washed-up supermodels went to an island and there had been military experimentation and the government had left it infested with mutagen-filled sea urchins and vines and stuff and one by one everybody got stung and started turning into hideous were-[tropical wildlife]s? No? Alright, then how about Lost, you uncultured neanderthal? Heard about Lost? It’s the one that’s like Party of Five but on an island and sometimes with guns. Right, you know the one. What I’m trying to say is that if you were thinking of planning a theme vacation based around either of these properties, Vieques would be a good choice.

So: beaches, rotting military installations, fauna — what else? Well, one week ago the Nabob wrote this:

I actively allowed someone to cheat off my final exam for that oceanography class. Now, he’s a magician.

There’s one part of Vieques where that unique skillset — questionable oceanographic bona fides and supernatural showmanship — is in high demand: the biobay.

Mosquito Bay is a wide, shallow pool of water surrounded by Red Mangrove trees. It’s also home to what we were told is the world’s highest concentration of pyrodinium bahamense, a tiny creature that emits light when disturbed.

It’s pretty amazing. You don’t notice the effect as you kayak toward the middle of the bay. At first it seems like you’re just unused to seeing the bubbles pulled down by your paddle through the clear Caribbean water. But then you dip your hand in and wave it around, and the bubbles persist regardless of how long you keep it submerged. Soon you reach to the center of the bay and the effect becomes truly undeniable. Any movement causes the water to emanate a surprisingly bright blue glow. Hop out of your kayak and your waving limbs will be surrounded with an unearthly aura. Move your arm just under the water’s surface and it will trail millions of dots of blue phosphor; it’s as if you were watching your own slow-motion pyrotechnic dissolution. Stick your head under the water and when you come up you’ll be momentarily peppered with tiny stars that disappear in the air. It’s stunning, and an experience I’d recommend to anyone. It’s also pretty hard to photograph, but this is a decent attempt at faking it.

Eventually Sunday rolled around. It began to rain; our new, less laid-back airline yelled at us for showing up ten minutes before departure time (give someone a second engine and suddenly they think they’re a big shot, apparently). We discovered we were covered with sunburn and mosquito bites. It was time to get the hell home. But we had had a fantastic time. Puerto Rico in general and Vieques in particular are beautiful, filled with friendly people and are surprisingly accessible, both in terms of cost and travel. You should think about going.

I will issue one caveat, though: we weren’t blown away by the food. Don’t get me wrong, it’s good, and I’m sure it can be great. We did have a really delicious meal at the Bravo Beach Hotel, and were perhaps not as adventurous about patronizing the alluring food carts that dotted the island as we could’ve been. But the island’s basic culinary philosophy boils down to lots of plantains and as many land animals as can be mustered, particularly pork. That’s all cooked on top of a sofrito base or breaded and fried. It’s not bad, but it is kind of heavy and monotonous, and the lack of delicious sea creatures was disappointing. And on Vieques the situation is even more dire, since the island seems to have no agriculture of its own and so any less-than-top-end restaurants will lean heavily on frozen and canned ingredients.

But this is a small complaint. It’s easy to find great sandwiches, mofongo is delicious, and we had some of the best coffee I can remember in San Juan. The omnipresent national beer, Medalla, is also pretty great. It’s just an American-style light lager, but it’s tasty and comes in ten ounce increments — this is ideal, as it turns out that it’s only the last two ounces of beer in a given can that are responsible for getting you drunk. So you can sit on the beach consuming can after golden, ten-ounce can without suffering any incapacitation.

Of course the island is also filled with rum punch and pina colada opportunities, if that’s your thing (the former: sort of; the latter: not so much, thanks to childhood memories of its vile Slurpee incarnation). I am sorry to report, however, that the San Juan bar we patronized was unable to fulfill requests for Buttery Nipples and Sexes on the Beach, much to the dismay of the loud girls who surrounded us.

Oh yeah! Photos. Here’s the complete set:


Super Smash Bros. Brawl was waiting for me when I got home on Sunday thanks to a years-old, barely-remembered gift card from my mom (thanks, mom!). Wanna play? My friend number is 0645-5578-9044.

In other Wii news, it looks like the homebrew scene is heating up a bit. First, there was this:

At the CCC these guys presented a significant advance. The Wii can emulate the Gamecube console that preceded it. And software tools for running homebrew applications on the Gamecube are, as you might expect, better developed than those for the Wii. Those tools can run on the Wii, but only in Gamecube mode, which locks programs out of the console’s enticing new features — things like Wiimote control and network connectivity. These guys found a way to scan the device’s ordinarily-protected memory space from Gamecube mode and plucked some encryption keys from it. Using those keys they can create discs that the Wii thinks are Wii games, which consequently have complete access to the console’s hardware resources. Neat, huh?

But more immediately relevant to home users is the so-called “Twilight Hack”, which debuted in February. The Zelda game for the Wii is called The Twilight Princess and it contains that perennial favorite, a buffer overflow vulnerability.

Think of it like this: a computer’s memory is filled with a very long list of things it has to do, and it proceeds through these steps in order. Some of these instructions tell it to jump to other places in the list, some of them tell it to manipulate different parts of the list, and some of them tell it to run comparisons on the list and do different things depending on the result. In simple systems the memory is allocated as needed, which can result in a chunk of data like an image sitting next to a chunk of code that will actually be fed to the processor. As you might imagine, maintaining the boundaries between these regions is important.

But it’s easy to screw up and forget to do it when loading a file’s contents into memory, particularly on a platform like a console. Hey, why bother checking, say, a save game? If it’s only your code that’s writing the file, and it checks the content’s length when it writes it, why check again when you read it? You trust your file-writing code, and where the hell else are save files going to be coming from?

The answer, of course, is hackers. In this case they took a save file and discovered that when it’s loaded there’s no check on the length of the text string that names Link’s horse. So you write a super-long string and when it’s loaded into memory it not only writes into the memory set aside for the horse name, but also into the memory after it. You fill that up with what’s called a no-op sled — a long list of instructions saying “no operation; do nothing, go to the next step”, at the end of which you put some code that gives you control of the system in one way or another. When, during the normal execution of the game, the processor reads a legitimate instruction telling it to jump somewhere into that no-op-filled region and start executing instructions it will slide allllll the way down the sled and then run your system-pwning code. The sled lets you avoid needing to know precisely where the processor is going to begin reading, improving your odds of getting your code executed.

This, incidentally, is also the technique used to “softmod” an Xbox. There are three different Xbox games that don’t properly check their savegames. That’s an easy point of entry for a file with a custom payload. The game will have already passed all the security checks built into the system, meaning that any code you can introduce into memory will be treated as part of the game itself — and frequently this will be enough to let you tear down any lingering security for good.

Initially the Twilight Hack required a special (though commercially available) Gamecube SD card adapter, but it’s now been improved to the point where you can use the Wii’s built-in SD reader, allowing user-created code to be booted from the card slot in the console’s front:

So far it looks like Linux, emulators and a homebrew version of Tetris are available. That’s pretty much par for the course when a new system is opened up: those first two are huge piles of useful code that are freely available, requiring work to adapt but not any original design. Small games like Tetris are also pretty common, serving as necessary learning exercises for probing how the console’s various hardware functions operate.

But will there be a proliferation of other software? I’m doubtful. The homebrew scenes for the Dreamcast and Gamecube are cool but haven’t yielded any killer apps. The Xbox scene has been more successful, but largely because of the console’s beefy specs, onboard hard drive and widely-pirated software development kit. If I had to bet I’d say that continued refinement of WiiLinux and the emulators can be expected, and that there may be a few apps showcasing Johnny Lee’s neat Wii demos. Maybe there’ll be an underpowered media player, too, and a few lousy games. But that will be about it.

Except, of course, for one other application: piracy. The binary game dumps are out there, and we can now run arbitrary code. I haven’t looked for a writeup yet, but I can guarantee you that someone out there is using Twilight Princess to load pirated games from their Wii’s SD card slot.