But this got me thinking about the circumstances under which these sorts of projects can work. Here's my stab at it. These sorts of national greatness problems need:

• ... to be primarily an engineering problem.
• ... to not contain the words "... and be economically viable".
• ... to have been solved at a smaller scale, or to seem solvable on the basis of some compelling math.
• ... to not be about finding a solution to a biological problem, unless that problem can be solved by wiping out a non-microscopic organism.
• ... to be undertaken out of concern that another country might get a leg up on us if we don't succeed.

Obviously this is based on a small set of data points. Basically: we've built the atom bomb, gone to the moon, dug a big canal, built a bunch of roads, and run a number of impressive (and impressively expensive) science experiments. We almost certainly could wipe out malaria (almost did!), or develop cellulosic ethanol/Jimmy Carter's "synthetic oil", but we either don't really want to or think it might be a waste of money. And we definitely haven't cured cancer or AIDS, despite trying pretty hard.

There've been more than forty State of the Union speeches since Kennedy said we were moonward-bound, so I'm sure I'm missing at least that many calls for ambitious national initiatives. But this is the basic lay of the land, I think: you've got to pick something that seems genuinely urgent, and which is hard but not too hard. It's simple when you put it that way.

As you might imagine, I'm rooting for China to announce that they're building a space elevator.

In particular, Dave's point about the new material is well-taken. After the precision pop machinery of Bring It Back, the new album left me disappointed. But live — faced with singing, emoting human beings — the relatively nuanced piano compositions of Re-arrange Us are ultimately more gratifying, if less immediately, dizzyingly dopamine-pumping¹. Dave's absolutely right when he says that this is a band that's still getting better.

Which isn't to say that they aren't already really good. This was the first time I've managed to see MoS, and I was surprised by how closely the live arrangements matched those on their records — I'd just sort of assumed that the magic of overdubs played a big role in the albums' appeal. Not so. Their high-register stuff doesn't hit as reliably as it does on the records, but then you wouldn't expect it to. In general their records seem to be a fair representation of the noises they make live.

One thing Dave said that I will quibble with: I really liked their version of "Something". Sure, it sounded out of place in the set. But in a good way — it sounded casual. I may be wrong — maybe they've toiled over that cover — but the impression conveyed was that you could take pretty much any classic song, feed it into the MoS machine and have it come out harmonized and singable and keyboarded-up. It makes you think that everything they touch turns to pop (not to say the Beatles aren't pop, but you know what I mean). It allowed me separate their sound from their songwriting, which made their musicianship seem all the more impressive.

But like I said, you shouldn't listen to me: I'm just a hopeless fanboy.

¹To be fair, the poppier numbers weren't helped by the fact that the sound at the Cat, while perfectly good and perfectly audible, was turned down to a relatively humane level — comfortable, sure, but there really should've been no escape from that keyboard tone.

Snark aside, this really is a pretty impressive accomplishment for a journalist. Brian Krebs' reporting led directly to a major spam colocation facility getting knocked offline by its upstream bandwidth providers. The result is reportedly a staggering 75% overnight drop in net-wide spam. That won't last, of course, but it's still awfully impressive. (Incidentally, this isn't the first time that the Post has caused trouble for botnet operators.)

Not to diminish Krebs' accomplishment, but the ease with which this was done — a civilian making some phone calls, basically — also hints at the lameness of our law enforcement agencies' online efforts. This was a U.S. company that was plainly harboring illegal activity. Krebs spoke to some security researchers who let him know about it, then he called the folks providing the malefactors' network connections. Those providers said "wow! you're right!" and pulled the plug. It took time, initiative, and cleverness (the threat of Krebs' bully pulpit helped, no doubt), but it didn't take any warrants or indictments.

Meanwhile, the people nominally charged with prosecuting these sorts of crimes are — what? Posing as sexy teens in chatrooms? Fretting about cyberterrorism? It was, admittedly, the Army, not law enforcement, that published the recent asinine report examining Twitter's capacity for supporting terrorists' activities. Still, that mindset seems to be pervasive: people just don't get very excited about going after online criminals who steal money and productivity. Instead electronic crime needs to be blown up into an existential threat — it's about terrorists! Or hostile foreign governments! Or sexual predators! What it really is is a waste of time and money.

For example: this is awesome; this is even awesomer. These, though? The best thing you can say for these designs is that the implied alternate history in which all US Presidents were zombies is kind of a funny idea.

That sensation has more to do with how much stuff it feels like I've been doing. Some of it was about the election, but an embarrassing amount was Halloween-related. I enjoy that holiday to an extent that can only be described as idiotic, and I probably took on a bit too much this year. Still, the smoke chillers and corpsed skeleton are now safely stored for next year's installment — an undefined project that I currently find incredibly daunting, and yet already know will have to involve animatronics.

But for now: a return to routine. A wait for the inauguration. Early bedtimes!

First, though, some photos. I managed to take exactly none during the Halloween party, but a bunch of other people did — you can find 'em here, if you haven't already. And here's a shot of me and Emily:

I have to cherish whatever opportunities I can find to be the one in this relationship called "doctor".

More topical: last night's celebration on U Street. Wherever you were when you heard the news last night, I hope there was as much joy on hand as there was in DC.

I'm not as worried. As Julian notes, Angela had a hard time getting people on the phone at all, to say nothing of actually speaking to them. It's hard to imagine an individual doing more damage to democracy this way than they could through more traditional means like printing up some misleading flyers or saying awfully cleverly awful things to people approaching their polling places.

I suppose you could argue that the anonymity of the phone might make the tactic more appealing. But remember: the campaign running the system will have a record of which volunteer called whom. Depending on the system, they may even keep recordings. Judging by the manic zeal with which I saw the chairperson of the Ashburn Obama office encouraged volunteers to find a recording of a fraudulent area robocall, I suspect that any villainous phonebankers would be caught pretty quickly.

I think that hobbyists capable of using technology to amplify their malfeasance remain the larger threat — it's pretty easy to write a script that spreads orders of magnitude more misinformation per hour than a human being can. Which brings me, finally, to the thinly-veiled reason for this post: to link again to my recipe for robocalling. It's just as easy now as it was two years ago — if anything, it's probably cheaper.

One thing I will add, though: Thanks to Tim, I recently had a chance to chat with Chris Soghoian and, over beers outside at Townhouse, we found ourselves describing nearly identical blueprints for voter suppression (Chris's was better in that his involved shady Russian ISPs — more bandwidth and more villainous menace than my podunk coffeeshop scenario/stolen wifi scenario). If the two of us both came up with the same plan, it's a safe bet that some other geeks have, too. It seems likely that at least a few of them will have a go at it.

I'm not sure what to do about this, exactly. Resisting the urge to relax restrictions on institutional calls to mobile phones is probably a good start — not that it'll stop crooks, but it will make the idea of getting a campaign-related call on your mobile a bit more discordant and surprising. It also seems like we could probably spend some government dollars every four years on a DTV-transition-style ad campaign hyping a unified federal election information website. And it might not be a bad idea to provide some Nudge-inspired opt-out election reminders via phone or email on election day. "Check this form on your tax return if you would prefer not to be reminded to vote on election day" — that sort of thing.

Whatever we do, it'll be more a question of education than enforcement: catching malefactors is probably hopeless. People like this will continue to exist, and their powers will continue to grow. But if a voter is given two conflicting sources of information, hopefully they'll at least be confused enough to seek a third.

INCIDENTALLY: Julian's article about online dirty tricks offers a number of interesting possibilities. I'll just add that the Kaminsky DNS bug would have been a totally awesome way of executing BOE-website-spoofing scams. I can't find any up-to-date numbers on the deployment of the patch, but at this point it's got to be complete enough that such an attack would be a very low-percentage play.

Via @binarybits

If you have any trouble submitting, viewing or rating, drop me an email or leave a comment here.

UPDATE: Whoops — I had the wrong URL. Sorry about that, the link's now fixed.

I realize I've never made good on my promise to explain how I would build a secure Flash music player. Partly I forgot; partly it's just that it's an impossible problem, and proposing incremental improvements to the situation isn't very satisfying.

But look, you can at least half-ass it. Right now if someone gets a hold of the MP3 URL the jig is up — they can repost it anywhere else and help themselves to your bandwidth. You can improve on this situation, at least, by serving a dynamic playlist filled with URLs that are only good for the current user. Either throw each URL away after one use (admittedly problematic for repeating a song without additional trips to the playlist server); or, better yet, find the song by hashing its unique identifier together with the user's IP and user agent (again, in the dynamic playlist generation script). You don't have to move any files around, you just have to write a script that looks up the requested hash in the database and then pipes out the MP3 from its secret location. There's no need for encryption, even. Season with additional querystring parameters and column indices to taste.

"But Tom!" you cry, "Can't an enterprising jerk like yourself then write a script that reverse-engineers this process and automatically creates URLs that are compatible with their use agent/IP combination?" Well, yes — although the salting algorithm (and song identifier, potentially) will remain secret, so you're going to need a rainbow table, which usually costs money. But also no, because you made a note in your database when the browser talked to the playlist server. So strangers can't come in — they have to have at least asked for that playlist first.

Of course, if they went after the MP3 they would done so have, anyway. So yes, securing the file against individuals is still hopeless — I hope I never implied otherwise. But at least reposting or emailing the link won't get them anywhere.

The downside to all of this is that you're going to have to stop using a big dumb CDN. But look, it's just not that hard to stand up a dead-simple EC2 LAMP instance to serve your playlist creation script and pipe stuff out of S3. Elasticfox, people.

Oh, and one other thing: for god's sake, ban jackasses like me the first time you see a naked curl user-agent string. I never remember that -A flag until I absolutely have to.

Tonight we're going to begin moving stuff over to the house. If you'd like to participate, please shoot me an email. There are a lot of fun things to do, from engineering the fog chiller to carving pumpkins (we have at least 8 more to carve, thanks in part to a generous donation from the Ben Charitable Trust (for pumpkins)).

Also: if, for some reason, you weren't on the evite, you almost certainly should be. My method for assembling names was comically incomplete: I typed each letter of the alphabet into GMail's "To:" box, then took the auto-completed addresses that seemed appropriate. It's already become clear that this led to some embarrassing omissions. If you're one of them, I apologize. Email me (thomas.j.lee at that big email providing domain owned by Google) and we'll set things right.

If, on the other hand, you are a responsible person who can meet deadlines, then my hat is off to you. Go submit it! Just visit halloween.manifestdensity.net — it's a simple little drupal site I stood up on Saturday morning. I realize it probably seems like overkill, but this struck me as the best way to keep things anonymous. Just register for an account. You'll then be able to submit your story and to view and vote on other people's stories. Even if you're not writing anything, I'd still encourage you to head over there and create an account so that you can help rate stories. It should only take a second.

Those of you who are fighting the good fight and powering through your tales' conclusions: I'm grateful, and looking forward to reading your stuff. Let's shoot for the end of tomorrow night, okay? That means that ideally everyone who's planning to participate will have submitted some text by Wednesday morning.