the stories

The stories have arrived! Some of them, anyway. You can read the first three entries here (sorry for the earlier access restriction, it’s now publicly available). If you’ve got a moment, go give ‘em a read. I’m very pleased to already have three contributions — I think there’ll another one or two, at least, that trickle in later.

If you have any trouble submitting, viewing or rating, drop me an email or leave a comment here.

UPDATE: Whoops — I had the wrong URL. Sorry about that, the link’s now fixed.

still not good enough

Another day, another music-sharing flash widget that uses RC4 to encrypt its MP3 URLs but keeps the key in the SWF.

I realize I’ve never made good on my promise to explain how I would build a secure Flash music player. Partly I forgot; partly it’s just that it’s an impossible problem, and proposing incremental improvements to the situation isn’t very satisfying.

But look, you can at least half-ass it. Right now if someone gets a hold of the MP3 URL the jig is up — they can repost it anywhere else and help themselves to your bandwidth. You can improve on this situation, at least, by serving a dynamic playlist filled with URLs that are only good for the current user. Either throw each URL away after one use (admittedly problematic for repeating a song without additional trips to the playlist server); or, better yet, find the song by hashing its unique identifier together with the user’s IP and user agent (again, in the dynamic playlist generation script). You don’t have to move any files around, you just have to write a script that looks up the requested hash in the database and then pipes out the MP3 from its secret location. There’s no need for encryption, even. Season with additional querystring parameters and column indices to taste.

“But Tom!” you cry, “Can’t an enterprising jerk like yourself then write a script that reverse-engineers this process and automatically creates URLs that are compatible with their use agent/IP combination?” Well, yes — although the salting algorithm (and song identifier, potentially) will remain secret, so you’re going to need a rainbow table, which usually costs money. But also no, because you made a note in your database when the browser talked to the playlist server. So strangers can’t come in — they have to have at least asked for that playlist first.

Of course, if they went after the MP3 they would done so have, anyway. So yes, securing the file against individuals is still hopeless — I hope I never implied otherwise. But at least reposting or emailing the link won’t get them anywhere.

The downside to all of this is that you’re going to have to stop using a big dumb CDN. But look, it’s just not that hard to stand up a dead-simple EC2 LAMP instance to serve your playlist creation script and pipe stuff out of S3. Elasticfox, people.

Oh, and one other thing: for god’s sake, ban jackasses like me the first time you see a naked curl user-agent string. I never remember that -A flag until I absolutely have to.

and in other Halloween news…

As I mentioned, work has begun — last night Becks, Ficke, Emily and I found ourselves standing in my garage, drinking beer, discussing the best way to make realistic bloody handprints (given aqueous paint and a hydrophobic surface), and finishing the process of corpsing a skeleton.

Tonight we’re going to begin moving stuff over to the house. If you’d like to participate, please shoot me an email. There are a lot of fun things to do, from engineering the fog chiller to carving pumpkins (we have at least 8 more to carve, thanks in part to a generous donation from the Ben Charitable Trust (for pumpkins)).

Also: if, for some reason, you weren’t on the evite, you almost certainly should be. My method for assembling names was comically incomplete: I typed each letter of the alphabet into GMail’s “To:” box, then took the auto-completed addresses that seemed appropriate. It’s already become clear that this led to some embarrassing omissions. If you’re one of them, I apologize. Email me (thomas.j.lee at that big email providing domain owned by Google) and we’ll set things right.

Halloween: today’s the day!

But not really! I’ve been vague about the scary story contest deadline from the start, saying it was today but not specifying a time. This was by design: obviously some of us might wind up scrambling to finish. I’m no exception, I’m afraid — Halloween party prep has begun in earnest, consuming a lot of the weekend. Although I’m almost done with my story, I’m not there quite yet.

If, on the other hand, you are a responsible person who can meet deadlines, then my hat is off to you. Go submit it! Just visit halloween.manifestdensity.net — it’s a simple little drupal site I stood up on Saturday morning. I realize it probably seems like overkill, but this struck me as the best way to keep things anonymous. Just register for an account. You’ll then be able to submit your story and to view and vote on other people’s stories. Even if you’re not writing anything, I’d still encourage you to head over there and create an account so that you can help rate stories. It should only take a second.

Those of you who are fighting the good fight and powering through your tales’ conclusions: I’m grateful, and looking forward to reading your stuff. Let’s shoot for the end of tomorrow night, okay? That means that ideally everyone who’s planning to participate will have submitted some text by Wednesday morning.

ok, weird

I apologize; I’m totally fascinated by this Ashley Todd business. I can’t stop.

The latest development appears to be her claim that she was in some sort of psychogenic fugue state when she scratched the B in her face:

Unfortunately I am unable to speculate as to the veracity of such a claim; the DSM-IV doesn’t say anything one way or the other about sufferers’ tendency to send out Twitters containing pre-fugue exposition.

College Republicans

My professional journalist friends are professionally obligated to, well, be professional. Although this precept serves them and their readers well nearly all of the time, I think it will prevent them from analyzing the Ashley Todd affair with the thoroughness it deserves. So, unencumbered as I am by such considerations, let me try to clarify the lesson that should be drawn from all this: College Republicans are the fucking scum of the earth.

I say this not to insult Republicans in general. I disagree with members of the GOP about a lot of things, but recognize that nearly all of them are perfectly good, reasonable people. But in my experience, folks who become involved in the party’s machinery at a young age seem to be intensely despicable at a much higher rate than their more mature fellow travelers. I was hesitant to be skeptical of Todd’s account, at first — skepticism is not generally an appropriate way to respond to the claims of a victim of violent crime. But if the picture was sort of suspicious, Todd’s campus affiliations left me feeling even more dubious about her story.

College is a time for quixotic idealism. That’s not to say that young people can’t earnestly hold conservative beliefs, of course. But if a person is passionately pro-life or nutty for Nozick, he or she is, at that age, much more likely to become involved in an advocacy organization that tries to further those ends directly — it’s easy to find such organizations on a college campus, after all. Normal people get involved in politics by first caring about an issue, then realizing that the best way to achieve their ends is to organize their efforts under the umbrella of a larger party. That doesn’t happen all at once, though.

Who opts to instead immediately begin working for a demographically unpopular political party, where your chief activities will involve writing little-noticed op-eds and arranging speaking honoraria for recently disgraced administration officials? Often, the answer seems to be those with a Machiavellian enthusiasm for reaching the levers of power. These are not good people.

Why don’t I think the same criticism thing applies to the young Democrats? Well, to an extent I’m sure it does. But I think it’s probably easier to be a starry-eyed College Democrat. You can participate in various organizational efforts motivated by an idealistic conception of participatory democracy — registering new voters, that sort of thing. There will be a lot more of you, too, making participation more appealing to the sorts of people who want to get laid rather than the sorts of people who want to screw others — you’ll be surrounded by more normal people, in other words. You’ll also probably have less funding per capita and, by virtue of your numbers, more internal tension and examination, making it harder to twist inward into a tight little coven of aspiring conspirators.

But of course I’m speculating here. Besides, there’s no reason to get defensive; hijinks like those of Todd and Francisco Nava speak for themselves. Maybe the College Democrats are every bit as despicable as their Republican counterparts. But if they are, then they seem to at least be a bit more competent about it. Give them credit for that. There are few things more pathetic than a liar who’s not yet adept at her craft. Someone who tries to inflame racial tensions to further her political ends is one of those things, though.

UPDATE: Tim writes to remind me that not all College Republicans are horrible people. Well, alright. I overstated things a bit. But my point remains: fewer young people are attracted to the organization than to its Democratic equivalent, and to some extent they come for different reasons. Some of those reasons are not healthy.

A few others things. First, credit where due: much of the conservative blogosphere has from the start approached this story in a restrained and thoughtful manner. Second, those saying that Todd’s refusal of medical attention was a clue to the hoax are wrong — I’ve refused police offers of medical attention after getting hit by a car (twice, in fact). If something bad has happened to you and you’re pretty sure you’re okay, sometimes you just want to go home (if you haven’t got health insurance and are unsure who’d be footing the bill, this goes double). Third, Todd seems to now be alleging a history of mental health problems. Depending on how this claim turns out, my feelings about the hoax may become very muddy indeed. The territory where “couldn’t help it” begins is murky, and, from a practical standpoint, not necessarily coextensive with “should be excused”.

your TV shouldn’t be yelling at you

If you’re anything like me you really don’t appreciate the games that your television service providers play with you. It would be nice, for instance, if Comcast didn’t compress its programming to within an inch of its life. It’s a lousy way to treat your customers.

But even more grating is various broadcasters’ habit of jacking the volume way, WAY UP whenever a program goes to commercial. For a while I dismissed this as the sort of paranoid anti-corporate rambling that I enjoy indulging in but only sort of believe. But at this point the effect really can’t be denied: if I’m watching a live broadcast I almost always have to turn down the volume when it breaks for commercial.

It sure would be nice if we could make them stop these hijinks, and in fact there’s some proposed legislation that aims to do exactly that. As you might expect, the guys over at the Tech Liberation Front think it’s outrageous that anyone would try such a thing — markets(!), etc. Most recently they’ve been quoting AV columnist Ken Pohlmann, who has a similar perspective but has different motivations: he’s worried about Congress accidentally messing with his audio quality. And he thinks there are easier solutions, anyway:

At the broadcast and distribution end, as part of the ATSC standard, Dolby Digital has built-in loudness-normalization parameters. Using these protocols, any receiving decoder will recognize the metadata and adjust the sound to proper levels. All Dolby audio signals are controlled by these parameters; when used properly, they ensure consistent levels across one channel and between many channels. True, some engineers and producers aren’t setting the metadata properly, but that’s a simple matter of education and experience.

It’s sweet that he thinks this is just a big misunderstanding — a few audio engineers who are tryin’ awful hard, but still learning their craft. My perspective is a bit more cynical. Anyway here’s Adam Thierer, the author of the TLF posts:

As I pointed out in my essay on this, the thought of FCC bureaucrats sitting around squandering their time and taxpayer money on this nonsense is really appalling, and I can’t wait to see the reams of paperwork they would spit out when they have to open an proceeding about how “excessively noisy or strident” ads will be defined, measured, and then penalized.

I remain unconvinced by these arguments. The CALM Act (PDF) doesn’t specify what the penalty for violation of its admittedly vaguely-worded volume requirements would be — presumably that and other details would be up to the FCC to decide. So it’s hard to say how good this specific regulatory proposal would turn out to be.

But even if this specific attempt ultimately falls short, there’s nothing incoherent or impossible about the basic idea of telling broadcasters not to blast their ads at us. Nobody is saying that enforcement has to be undertaken at great government expense, or that such a regulation would have to apply to anything other than commercial messages. All you’d have to do is say that channels may only broadcast commercials at a volume X% greater than the average volume of their noncommercial programming (as the CALM Act basically does), and that citizens who receive programming that is consistently in violation of that regulation are entitled to collect civil damages not to exceed $Y per documented instance. There: no need for government monitoring; no interference with the audio fidelity of non-ads; no incentive for “gotcha!” enforcement of single technical mistakes; but a credible threat of class-action suits that would almost certainly dissuade broadcasters from playing these petty games with their customers.

It’s not rocket science, and it’s not unreasonable. I understand that TLF’s knee-jerk response is to oppose any regulation whatsoever, especially if it’s coming from the FCC. But Thierer’s favored solution — having everyone buy audio-normalizing hardware — seems considerably more ridiculous to me than asking the FCC to say “knock it off!”

it’s this obscure little radio show

Megan doesn’t care for Matt Taibbi’s takedown of Byron York, in which Taibbi makes it sound like York has no idea what he’s talking about with respect to the financial crisis.

Naturally, I have no idea about any of this stuff other than feeling vaguely hostile toward Byron York. Still, I was a little uncomfortable when I first read that exchange: Taibbi’s scolding about credit default swaps came at a time when a lot of other people on the internet were also suddenly speaking knowledgeably about the financial meltdown and the rarified financial instruments to blame for it. That wave of spontaneous expertise seemed to occur suspiciously shortly after the air date of an episode of This American Life that discussed the crisis and CDSes in particular.

Which is not to say that TAL is wrong; I listened to that episode, too, and it seemed excellent! But it’s been both amusing and off-putting to see so many people brazenly parroting the same single News Source White People Like. I have no idea if this criticism actually applies to Taibbi, but the conversation between him and York certainly made it sound like it could.

UPDATE: Since Megan kindly linked back to me, I should probably add that while I can’t be sure that my speculation about Taibbi’s argument is correct, it’s very clear that York’s pathetic line about Freddie and Fannie is a regurgitated conservative talking point — a particularly lame, objectionable and well-debunked one at that. It seems likely that both sides of that conversation were blindly reciting other people’s arguments.

today’s spooky story

In comments, Ben suggests August Heat as a good scary story. I’m glad he did — it’s excellent (and a very quick read). Go have a look.

Only four story-writing days left! Hopefully you all aren’t as desperately behind as I am.