There was a girl found shot but then she wasn't but it turned out to be her twin, except then also she had tiger bites on her, so of course they figured it was the tiger of this rap star (played by the guy from Outkast), but DNA proved it wasn't, so then Big Boi says the girl was part of an exotic animal smuggling ring and takes Stabler to them posing as a customs official who wants to become corrupt, and he steals some hair and it was THAT TIGER, but then Big Boi gets eaten by hyenas (which we know because a CSI said "check out that hyena vomit" and his chain was in it) so then Stabler goes back to the smugglers and tries to become better friends and sees a lady with a weird vest and the bad guys say "everyone is always picturing her naked, they don't stop to think about whether she's smuggling turtle eggs", which proves how ingenious (aka evil) they are.

SO the bad guys keep feeling out Stabler as a fake customs agent and they want him to help smuggle a VERY RARE GIBBON, and he does but they get suspicious and shoot him, but he's okay and they set up a sting at the airport where the gibbon is being brought into the country via a basketball, and they catch the bad guys in the act of selling it to an asian guy and the bad guys say "gentleman, there are now only SIXTEEN of these gibbons left in the wild, hahaha."

But then the cops arrive and everyone runs over rooftops and almost falls down, except it turns out one of the two bad guys was an undercover cop all along and the other smuggler is JUST THE TIP OF THE ANIMAL SMUGGLING ICEBERG!

whew

so that's how it ended

Yes, the MPAA may hunt you down (like so many gibbons) if you illegally download the episode. But are you really prepared to depend on NBC's rerun-scheduling caprice when it comes to something so obviously awesome?

Seriously: a poker tournament?! I can only assume that the people responsible for that decision will one day look back upon it and be as deeply ashamed as if they had written a getaway chase set on razor scooters, or a part for a villainous master-blogger, or an Aston Martin with an advanced camouflage system based on hypercolor t-shirt technology. Topicality is not the Bond series' strong suit. Also, as evil character tics go, having an inhaler is pretty lame — particularly if it isn't used to kill anybody.

The new movie avoided those sorts of problems, instead opting for the more commonly accepted practice of just having lots of enormous plot holes. Why are the villains eschewing petrotyranny in favor of a plot to extract a somewhat higher profit margin on municipal water in Bolivia (the dastards!)? Why was that exploding hotel built out of hydrogen, again?

But all this is well within acceptable action movie tolerances, and Daniel Craig is pretty awesome. Also: I liked the title, dammit! I must reluctantly conclude that those who disagree are just mean.

Gears of War 2 has been acquired, partly on the strength of this New Yorker profile of its lead designer, sent to me by my coworker Brian (be sure to also check out this comments-section exchange between the author and a critic, which Jason pointed out to me). It's shaping up to be the biggest Xbox release of the holiday season. If you'd like to come find me on XBL, my gamertag is Club Loser. Let me assure you: I'm quite bad.

I realize it's curmudgeonly of me, but I can't help but be dismayed by this generation's videogame franchises. Back in my day (*stretches, pats belly*) our shooters stuck to paper-thin premises that were patently ludicrous and profoundly derivative, but which provided plenty of room for awesome non-sequiturs. There's, uh, a portal to hell on Mars? And things are coming through it? Sure, let's go with that — Aliens was pretty awesome, right? Or hey, maybe there's an intergalactic tournament where kidnapped fighters from all over the galaxy are brought and forced to fight for some reason? It was cool when it happened to Bruce Lee, and he didn't even have a rocket launcher.

These days, things are a bit more homogenous and overengineered. The two biggest shooter franchises for Xbox are Halo and Gears of War. In one of them, superhumans on a distant planet are locked in a pitched battle against vaguely reptilian alien hordes driven by a crazed prophetic religion. In the other, superhumans on a distant planet are locked in a pitched battle against vaguely insectoid alien hordes who seem to feel it's not polite to discuss religion in a social or battlefield setting.

All of this is fine. The resulting movies and novelizations are irritating in principle, but also fine so long as you avoid watching or reading them — people like making money, after all. What's very, very irritating, though, is the compulsory delusion among the fanboy set which maintains that the settings and plots for these games are anything other than incredibly awful, derivative, sub-fanfic-level dreck, utterly unworthy of respect or serious consideration. Instead I end up reading gaming press pieces which assume that I know or care what the Pillar of Autumn is, or which include quotes from the games' creators that say things like "we think there's a lot more to explore in the Halo universe". Sure! Of course! Who wouldn't want to see what wonders await us in a fictional world that includes ideas as original as lasers and machineguns and jeeps (oh, the jeeps!). Also there's a bunch of stuff stolen from Larry Niven, but with fewer words.

I suppose I should just avoid those articles. But I need to know about the comparative deadliness of the next rocket launcher iteration! Or which add-on maps I'm going to be forced to buy! Or the next initiative that will try (and fail) to make teenagers on Xbox Live a bit less racist and homophobic.

None of this actually diminishes my excitement at the prospect of brutalizing strangers' avatars from the comfort of my home. There's skill involved, the gameplay is well-tuned, and it's thrilling to win. I just wish there were fewer pretentious narrative trappings surrounding the experience — or, if we really can't pare things down to a minimal core of deadliness, that the narrative filigrees could be made with a sense of good humor rather than just the idiot earnestness of the hack-who-doesn't-know-it.

Also: to put all this into perspective, I spent yesterday playing laser tag.

Second, he does a much better job of getting to the heart of what I was trying to express: that a surprisingly large amount of data visualizations are both correct and question-begging. The choices made by the creator will inevitably influence which conclusions are drawn. That isn't to malign the idea of graphs and charts and maps — at their best they are arguments that contain all component data, and whose accuracy can be easily checked. But they're still arguments.

Perhaps all this stuff has been said before and better by Tufte, but those books are expensive, dammit.

But this got me thinking about the circumstances under which these sorts of projects can work. Here's my stab at it. These sorts of national greatness problems need:

• ... to be primarily an engineering problem.
• ... to not contain the words "... and be economically viable".
• ... to have been solved at a smaller scale, or to seem solvable on the basis of some compelling math.
• ... to not be about finding a solution to a biological problem, unless that problem can be solved by wiping out a non-microscopic organism.
• ... to be undertaken out of concern that another country might get a leg up on us if we don't succeed.

Obviously this is based on a small set of data points. Basically: we've built the atom bomb, gone to the moon, dug a big canal, built a bunch of roads, and run a number of impressive (and impressively expensive) science experiments. We almost certainly could wipe out malaria (almost did!), or develop cellulosic ethanol/Jimmy Carter's "synthetic oil", but we either don't really want to or think it might be a waste of money. And we definitely haven't cured cancer or AIDS, despite trying pretty hard.

There've been more than forty State of the Union speeches since Kennedy said we were moonward-bound, so I'm sure I'm missing at least that many calls for ambitious national initiatives. But this is the basic lay of the land, I think: you've got to pick something that seems genuinely urgent, and which is hard but not too hard. It's simple when you put it that way.

As you might imagine, I'm rooting for China to announce that they're building a space elevator.

In particular, Dave's point about the new material is well-taken. After the precision pop machinery of Bring It Back, the new album left me disappointed. But live — faced with singing, emoting human beings — the relatively nuanced piano compositions of Re-arrange Us are ultimately more gratifying, if less immediately, dizzyingly dopamine-pumping¹. Dave's absolutely right when he says that this is a band that's still getting better.

Which isn't to say that they aren't already really good. This was the first time I've managed to see MoS, and I was surprised by how closely the live arrangements matched those on their records — I'd just sort of assumed that the magic of overdubs played a big role in the albums' appeal. Not so. Their high-register stuff doesn't hit as reliably as it does on the records, but then you wouldn't expect it to. In general their records seem to be a fair representation of the noises they make live.

One thing Dave said that I will quibble with: I really liked their version of "Something". Sure, it sounded out of place in the set. But in a good way — it sounded casual. I may be wrong — maybe they've toiled over that cover — but the impression conveyed was that you could take pretty much any classic song, feed it into the MoS machine and have it come out harmonized and singable and keyboarded-up. It makes you think that everything they touch turns to pop (not to say the Beatles aren't pop, but you know what I mean). It allowed me separate their sound from their songwriting, which made their musicianship seem all the more impressive.

But like I said, you shouldn't listen to me: I'm just a hopeless fanboy.

¹To be fair, the poppier numbers weren't helped by the fact that the sound at the Cat, while perfectly good and perfectly audible, was turned down to a relatively humane level — comfortable, sure, but there really should've been no escape from that keyboard tone.

Snark aside, this really is a pretty impressive accomplishment for a journalist. Brian Krebs' reporting led directly to a major spam colocation facility getting knocked offline by its upstream bandwidth providers. The result is reportedly a staggering 75% overnight drop in net-wide spam. That won't last, of course, but it's still awfully impressive. (Incidentally, this isn't the first time that the Post has caused trouble for botnet operators.)

Not to diminish Krebs' accomplishment, but the ease with which this was done — a civilian making some phone calls, basically — also hints at the lameness of our law enforcement agencies' online efforts. This was a U.S. company that was plainly harboring illegal activity. Krebs spoke to some security researchers who let him know about it, then he called the folks providing the malefactors' network connections. Those providers said "wow! you're right!" and pulled the plug. It took time, initiative, and cleverness (the threat of Krebs' bully pulpit helped, no doubt), but it didn't take any warrants or indictments.

Meanwhile, the people nominally charged with prosecuting these sorts of crimes are — what? Posing as sexy teens in chatrooms? Fretting about cyberterrorism? It was, admittedly, the Army, not law enforcement, that published the recent asinine report examining Twitter's capacity for supporting terrorists' activities. Still, that mindset seems to be pervasive: people just don't get very excited about going after online criminals who steal money and productivity. Instead electronic crime needs to be blown up into an existential threat — it's about terrorists! Or hostile foreign governments! Or sexual predators! What it really is is a waste of time and money.

And, you know, fine. There's an element of truth to this, and it's certainly a nice thought. But also true: visualizing information by using a linear red/blue scale is about the worst way possible to make data legible to the human eye. First: our vision is logarithmic. When a photographer drags out his "50% gray" card for measuring lighting, it's actually 18% gray. Judging by the triangular key in the corner of Vanderbei's image, he's just taking the percentage of vote totals and translating it flatly to 8 bit color — a 100% Republican district gets an RGB 24-bit value of (255,0,0).

The colors themselves are also a problem. As I'm sure you all remember keenly from this post I wrote in 2006, perceptual image codecs spend more bits on brightness than on color because the color-sensing cones in your eyes have a much lousier dynamic range than the light-sensing rods. We're worse at distinguishing between levels of color than between levels of brightness. And since the percentage of the vote in any given spot on the map should always sum to 100, with negligible green (third party) contributions, the brightness will be relatively uniform (although admittedly not quite due to the perceptual differences between colors — monitor calibration and colorspace begin to enter the picture at this point, and things get just as hideously complex as you might imagine).

(I'll add, somewhat tentatively, that my recollection from college is that the green cone is the most sensitive of the three types in your retina, making red/blue coding about the least distinguishable color continuum possible. The situation's complicated by your rods' preferential sensitivity to blue wavelengths, though, and the ratio of work done by rods and cones varies with ambient brightness. So I'll resist the temptation to make strong claims on this score.)

So what does this all mean? Depending on how you look at it, not much. It's not as if Vanderbei has done anything wrong. It's just that the choices he made will tend to produce a map that, at a glance, implies homogeneity. If, on the other hand, we pull out the red channel, desaturate the blue channel and maximize the contrast of the resulting image (in effect normalizing the values to the full possible dynamic range), we get something very different-looking — but still perfectly accurate, and still non-logarithmic (with the caveat that it gives third-party votes to the Dems). Click the image for a full-sized, easier-to-see version.

Yglesias's point that this isn't a huge change between cycles still stands, of course, but the shifts are considerably easier to see this way (and easier still on that cool New York Times map that ran on their front page after the election).

It's also easy to see that there really are very Republican and very Democratic sections of the country. I don't want to overstate my case — obviously this conclusion can be drawn from the color map, too. Still, using a whole bunch of linearly-defined purple pixels is a clever way to latch onto a media cliche, but not necessarily the best way to visualize information. Things are more black and white than they may seem, and certainly less purple.

For example: this is awesome; this is even awesomer. These, though? The best thing you can say for these designs is that the implied alternate history in which all US Presidents were zombies is kind of a funny idea.

That sensation has more to do with how much stuff it feels like I've been doing. Some of it was about the election, but an embarrassing amount was Halloween-related. I enjoy that holiday to an extent that can only be described as idiotic, and I probably took on a bit too much this year. Still, the smoke chillers and corpsed skeleton are now safely stored for next year's installment — an undefined project that I currently find incredibly daunting, and yet already know will have to involve animatronics.

But for now: a return to routine. A wait for the inauguration. Early bedtimes!

First, though, some photos. I managed to take exactly none during the Halloween party, but a bunch of other people did — you can find 'em here, if you haven't already. And here's a shot of me and Emily:

I have to cherish whatever opportunities I can find to be the one in this relationship called "doctor".

More topical: last night's celebration on U Street. Wherever you were when you heard the news last night, I hope there was as much joy on hand as there was in DC.

I'm not as worried. As Julian notes, Angela had a hard time getting people on the phone at all, to say nothing of actually speaking to them. It's hard to imagine an individual doing more damage to democracy this way than they could through more traditional means like printing up some misleading flyers or saying awfully cleverly awful things to people approaching their polling places.

I suppose you could argue that the anonymity of the phone might make the tactic more appealing. But remember: the campaign running the system will have a record of which volunteer called whom. Depending on the system, they may even keep recordings. Judging by the manic zeal with which I saw the chairperson of the Ashburn Obama office encouraged volunteers to find a recording of a fraudulent area robocall, I suspect that any villainous phonebankers would be caught pretty quickly.

I think that hobbyists capable of using technology to amplify their malfeasance remain the larger threat — it's pretty easy to write a script that spreads orders of magnitude more misinformation per hour than a human being can. Which brings me, finally, to the thinly-veiled reason for this post: to link again to my recipe for robocalling. It's just as easy now as it was two years ago — if anything, it's probably cheaper.

One thing I will add, though: Thanks to Tim, I recently had a chance to chat with Chris Soghoian and, over beers outside at Townhouse, we found ourselves describing nearly identical blueprints for voter suppression (Chris's was better in that his involved shady Russian ISPs — more bandwidth and more villainous menace than my podunk coffeeshop scenario/stolen wifi scenario). If the two of us both came up with the same plan, it's a safe bet that some other geeks have, too. It seems likely that at least a few of them will have a go at it.

I'm not sure what to do about this, exactly. Resisting the urge to relax restrictions on institutional calls to mobile phones is probably a good start — not that it'll stop crooks, but it will make the idea of getting a campaign-related call on your mobile a bit more discordant and surprising. It also seems like we could probably spend some government dollars every four years on a DTV-transition-style ad campaign hyping a unified federal election information website. And it might not be a bad idea to provide some Nudge-inspired opt-out election reminders via phone or email on election day. "Check this form on your tax return if you would prefer not to be reminded to vote on election day" — that sort of thing.

Whatever we do, it'll be more a question of education than enforcement: catching malefactors is probably hopeless. People like this will continue to exist, and their powers will continue to grow. But if a voter is given two conflicting sources of information, hopefully they'll at least be confused enough to seek a third.

INCIDENTALLY: Julian's article about online dirty tricks offers a number of interesting possibilities. I'll just add that the Kaminsky DNS bug would have been a totally awesome way of executing BOE-website-spoofing scams. I can't find any up-to-date numbers on the deployment of the patch, but at this point it's got to be complete enough that such an attack would be a very low-percentage play.

Via @binarybits

If you have any trouble submitting, viewing or rating, drop me an email or leave a comment here.

UPDATE: Whoops — I had the wrong URL. Sorry about that, the link's now fixed.

I realize I've never made good on my promise to explain how I would build a secure Flash music player. Partly I forgot; partly it's just that it's an impossible problem, and proposing incremental improvements to the situation isn't very satisfying.

But look, you can at least half-ass it. Right now if someone gets a hold of the MP3 URL the jig is up — they can repost it anywhere else and help themselves to your bandwidth. You can improve on this situation, at least, by serving a dynamic playlist filled with URLs that are only good for the current user. Either throw each URL away after one use (admittedly problematic for repeating a song without additional trips to the playlist server); or, better yet, find the song by hashing its unique identifier together with the user's IP and user agent (again, in the dynamic playlist generation script). You don't have to move any files around, you just have to write a script that looks up the requested hash in the database and then pipes out the MP3 from its secret location. There's no need for encryption, even. Season with additional querystring parameters and column indices to taste.

"But Tom!" you cry, "Can't an enterprising jerk like yourself then write a script that reverse-engineers this process and automatically creates URLs that are compatible with their use agent/IP combination?" Well, yes — although the salting algorithm (and song identifier, potentially) will remain secret, so you're going to need a rainbow table, which usually costs money. But also no, because you made a note in your database when the browser talked to the playlist server. So strangers can't come in — they have to have at least asked for that playlist first.

Of course, if they went after the MP3 they would done so have, anyway. So yes, securing the file against individuals is still hopeless — I hope I never implied otherwise. But at least reposting or emailing the link won't get them anywhere.

The downside to all of this is that you're going to have to stop using a big dumb CDN. But look, it's just not that hard to stand up a dead-simple EC2 LAMP instance to serve your playlist creation script and pipe stuff out of S3. Elasticfox, people.

Oh, and one other thing: for god's sake, ban jackasses like me the first time you see a naked curl user-agent string. I never remember that -A flag until I absolutely have to.