?

Log in

We Blog a Web Log
 
[Most Recent Entries] [Calendar View] [Friends]

Below are the 20 most recent journal entries recorded in PuppyKhan's LiveJournal:

[ << Previous 20 ]
Saturday, March 15th, 2014
3:49 am
True Strike Weapons in 3rd Edition, Revisited
So I haven't posted here in years, think I'll get back into it with some gaming stuff.

I've been reading over the rules for making and enhancing magic items for a D&D 3rd edition game I'm playing and came across the idea of adding True Strike to my bow, realizing that making it a use-activated spell effect is a more effective method than the spell trigger effect used on a Bow of True Arrows for only about 2-3 times the cost. Going from once every 2 rounds to every arrow seemed too good to be true so I searched the game boards for commentary on game balance et al. Oh boy did I find a shitstorm of angry nerds spewing the most ridiculous and poorly thought out tirades about it. It seemed to me that most of it was overreacting to what could be a valid point of needing better game balance.


So I went through as many of the forum threads as I could bear, rechecking the rules along the way, and collected a few thoughts and observations:

- Bow of True Arrows only costs 4,000gp as a +1 weapon with a 1st level spell effect. (Should be 3,125gp per item creation rules)

- Bow of True Arrows uses a spell trigger for game balance, limiting the wielder to 1 attack per 2 rounds when using the True Strike effect, same as casting the spell. In practice, this is very balanced since giving up an entire round of attacks is not worth the near guaranteed single hit except for rare circumstances. (I play a character with a True Strike spell that can typically hit most encountered monsters more than once every 2 rounds without using the spell)

- Use-activated spell effect costs 2.67 times more than a spell trigger so should offer some additional benefit.

- Most online discussions of True Strike weapons claim it is overpowered but all seem to ignore 2 details in the rules:
1) That use-activated is not the same as continuous so it is appropriate for instantaneous spells like True Strike.
2) A spell effect is a dissimilar ability than a weapon bonus so costs an extra 1.5 times more than typically quoted.
This negates most rules based arguments against allowing this item.

- Use-activated would effectively make the weapon half of a +20 enhancement bonus (to attack, but not to damage) so could be unbalanced in a non epic level game, however it is priced.

- RAW (Rules As Written) would allow a +20 to hit for every attack with the weapon for a mere 3,000gp (just under triple the cost of the once per 2 rounds effect in a Bow of True Arrows) so clearly should be allowed somehow.

- True Strike weapon is not a +20 weapon as it does not add to damage, nor does it overcome any damage reduction. So costing it as a +20 bonus weapon is unreasonable, and even at half, +10, is still overpriced.

- True Strike still allows a miss chance while other 1st level spell effects, such as Burning Hands or Magic Missile, guarantee hit and damage at no excessive cost when crafting magic items nor requiring a second round to use. So is not over powered at all when judging by effect rather than the numerical method of delivery.

- There are many other use-activated weapon bonuses of unlimited use that mimic 1st level spells that go far beyond the +1 enhancements they replace, such as flaming damage, which offer their effect of more than +1 damage on every hit.

- A Bow of Magic Missiles, right out of the D&D cartoon and using a quintessential D&D spell effect, would be far more unbalanced with guaranteed multiple hits per round with no need for ammunition at the same cost as a Bow of True Arrows, or little more than double the cost for maximum 5 guaranteed hits per round and still getting a move action to boot.

- These are all legit spells, enhancements, and abilities in the game that should be allowed in some manner.


After collecting these thoughts, I see that it is unbalance but only to a limited amount. I also realized that most of the balancing suggestions I've found were ridiculous so I put together how I would balance this ability as a DM. Here is a collection of possible balancing compromises:

- Balance through cost: Use-activated could be considered a Quickened spell effect making it a 5th level spell thus costing +75,000gp (Actually, the lesser value gets the multiplier so the weapon enhancements would all cost x 1.5, and the spell effect would cost 50,000gp. Up til the value of the weapon enhancements is greater anyways, enhancements above the 50,000gp value would no longer need the 1.5 multiplier as the spell effect would then be the lower, with the 1.5x cost already covered.)

- Balance through limiting effect: Make the actual benefit on a weapon be only +10 per arrow instead of the full +20.

- Balance through divided effect: Make the benefit on a weapon be spread out across the two rounds the spell would normally take up. So the user could have +20 on one attack per 2 rounds, without needing the standard action activating the spell trigger so could still make normal attacks otherwise, or have +10 on 1 attack per round, or have +5 on 2 attacks per round. Either allow full flexibility (+1 here, +7 there, etc until +20 is used up for those two rounds) or force limited choices of equal spread (+20 once per 2 rounds, or +10 once per round, or +10 divided by # of attacks per round on all attacks for those 2 rounds) which reset every second round.

- Balance through requirements: Making it a weapon ability costing a +2 bonus increases the cost and difficulty to make, and further limits all other weapon enhancements. As a stated weapon ability with an enhancement cost, this restricts the ability to make it as a spell effect. A +2 is the equivalent of burst effects as it does a similar benefit to attack as energy effects do to damage. This would make a use activated version of a Bow of True Arrows cost 18,000gp and be the equivalent of a +3 weapon so further enhancements would cost 14,000gp and up.

- Balance through limiting use, v1: Make it a standard attack action to use. This would limit the user to 1 attack per round when using the effect regardless of attack bonus, though should also grant the ability to any attacks made, including attacks of opportunity.

- Balance through limiting use, v2: Use-activated should still offer a better effect than spell trigger, but make it less than every attack. It only effects 1 attack in a round, either first attack made or first chosen attack so could be used on last one when doing multiple attacks. This means it can be used 1/round regardless of # of attacks, doubling the benefit of the 1/(2 rounds) spell trigger version at nearly triple the cost.


In conclusion, I actually find two of these to be the most optimal.

The "Balance through limiting use, v2" is my favorite as as a player since it keeps the costs low but limits its usefulness while still making it worthwhile to have since the benefit above the spell trigger version is it does not hinder attacks at all.

Though overall, the "Balance through requirements" option seems to be the most well rounded game balancing compromise that I would go with as a DM for a game I was running. It fits nicely into the rules, allowing the full benefit, but has a scalable limiting cost. If another DM disagrees, s/he could easily increase the enhancement cost (some weapon abilities cost as much as a +4 bonus) to classify it as a more powerful and more costly ability while keeping the same basic compromise to allow it for unlimited use.

After all this, I think I'd prefer to craft a Bow of Magic Missiles now...

Current Mood: thoughtful
Thursday, December 8th, 2011
5:57 pm
1111 Levels of Computer Mastery
0 - My coffee cup holder is broken
1 - Ooh, a power button
10 - Solitaire forever!
11 - I blog therefor I am
100 - iMarketing says I'm a teckie
101 - 20 GOTO 10
110 - Custom game levels w/secret weapons stash
111 - Pwning n00bz
1000 - Look into my website and despair
1001 - My animation doodles shame blockbuster CGI
1010 - Home datacenter rivals my company's
1011 - Inventing new algorithms to do it was just easier
1100 - Built a mini replica case for my Cray 1 emulator
1101 - Boredom led to a new OS, from Assembler
1110 - Quantum neural node processors are simple
1111 - There is no spoon

Current Mood: contemplative
Sunday, November 13th, 2011
12:32 am
Veterans


Current Mood: grateful
Friday, October 14th, 2011
1:32 am
Thursday, September 15th, 2011
9:27 pm
Politics of Selfishness
Today I was posed with an interesting political paradox.

I was asked to sign a petition to forgive student loans in place of tax breaks. It would immediately help those in debt and only those in debt, and at first glance sounds like a typical Liberal 'help those in need' kind of action and specifically speaks to helping people get an education.

Now I am all for such Liberal ideals as helping those in need of help, and encouraging education including anything which makes education more affordable and thus more widely available. I also like to think things through to consider the short and long term consequences, not just succumb to hype. A more logical analysis reveals quite the opposite effect of not encouraging education in any way, and a more 'give a man a fish' rather than 'teach a man to fish' approach to financial assistance which only encourages bad financial habits and can ultimately help trap a person into needing more assistance in the future. Furthermore, it would actually punish those, even poorer people in the same financial straights, who are responsible enough to manage their money well and pay off their debts. So people who are just as poor and in need of help, possibly in even worse financial shape because they paid their debts, will be excluded from this form of government assistance. Not a very Liberal solution after all. In fact, this sounds more like a typical Republican style back door tax break for an exclusive group of supporters commonly seen in corporate tax codes. A straight up tax cut would more fairly distribute the assistance among all those in need of it, whether they have paid off a recent loan yet or not, and better fit the 'teach a man to fish' approach of directly rewarding hard earned income. This approach only exists because forgiveness has better marketing (a.k.a. rhetoric, a.k.a. B.S.) than changing tax rates.

So I find myself ideologically opposed to this petition and was ready dismiss it entirely when another thought occurred to me. I have outstanding student loans. So there is the paradox. This would directly benefit me, personally, and I could sure use that money right now. I am exactly in the middle financially where I get none of the benefits of being in financial need, and get no access to the juicy write offs of being just a little bit richer. Being a white middle class male, just about every form of aid assumes I am part of the in crowd with no need to get any form of assistance because I should already somehow be benefiting from my male-whiteness. The truth is I had to work my ass off for every little thing I have right now. Every connection I have, I made myself. I paid for my own education. I have been working in some capacity or other since I was 15. I am successful today because of a combination of hard work and intelligence and, yes, a little bit of luck here and there.

What I did get was opportunity, and I support the Liberal ideal of sharing the same opportunity with everyone.

Some people take the opportunities given to them, whether by race, government assistance, or acceptance in some form or another, then selfishly want to deny those same opportunities to anyone else. I despise seeing people promote political agendas for purely selfish reasons regardless of where across the spectrum they lie. (pun intended) First, second, even fifth, sixth or seventh generation immigrants wanting to deny rights to other immigrants. Millionaire owners of corporations surviving on government subsidies and tax loopholes trying to block tax breaks and welfare to the poor. Mothers opposing the first Gulf War to prevent their sons, volunteers, from getting hurt with no ideology against war, or even against that particular war. Police campaigning for increase penalty for harming them, yet impunity for them harming anyone else. Educated people calling for cuts to education, enjoying a higher salary based on their education while demanding teachers take pay cuts.

Such politics of selfishness does not benefit our society in any way and elitism is very anti-American... ideologically if not in practice.

But here's the kicker. Believing in a 'share and share alike' philosophy does work both ways. I want to share what I have with others, but others should be willing to share what they have with me. I do not support the Communist approach of taking what I want away from someone else - that is the extreme of selfishness. But I do want my slice of the pie. Poor get lower taxes. Rich get tax loopholes, and really lower taxes when you consider actual income sources. I, and everyone else here in the middle class squeeze, deserve a tax break as well. I find myself straddling a fine line between demanding fair play and being down right selfish.

So the choice I am faced with is do I ignore this petition which I am opposed to on principle, or do I support it because it would benefit me directly?

I decided to not sign the petition. I deserve a break and poorer people need the break, this is just not the right way to do it.

Current Mood: contemplative
Friday, June 17th, 2011
6:34 pm
Image Search Hits and Misses
Google has recently thrown its hat into the relatively young field of "Content Based Image Retrieval," or CBIR, (aka "Query By Image [and Video] Content" or QBIC), which you can now access through their image search. I've had the chance to give it a spin, and compare it to several other CBIR search engines which I have examined over the past several months.

For those unfamiliar with the concept, the point is to submit an image in place of a text query and the search engine attempts to run a comparison of the query image to other images.

First it must be mentioned that the overall state of the art is quite primitive. A common test I find useful is a picture of a horse in a field. A typical result would be other images of a similar looking field, often with something in the same position as the horse, but rarely another horse and never the same horse. While this is far more advanced than entering a text query and getting a list of images for which someone had to manually set keywords for, it does a poor job of matching anything other than the overall color saturation.

With the poor state of the overall field as context, then Google's new image search can be considered a best of breed. It works as well as or better than any other CBIR search engine I have tried. (FYI, I've tried all I could find as I researched the possibility of delving into the field myself including research projects by IBM and MIT)

As for practical uses, it is still very limited technology with very limited uses. For now it is more a novelty, enough to wet the consumer's appetite for more advancements in the field. From the research I have looked into, don't expect major breakthroughs, just incremental steps with diminishing returns. Though with a corporate giant putting its funding and intellectual power behind it, that forecast could change.

I ran several images through Google's image search to see how it works and found it had its hits and misses.

On the up side, the user interface is great. The average user may not even notice the subtle differences from Google's tried and true standard minimalist interface. You drag and drop an image you want to use for a query. You can drag it from a website or a local folder. Nice. No fumbling with typing URLs or browsing local folders to upload.

The results were somewhat interesting. You get exact matches, and similar matches. The similar matches are the same blurry color matching algorithms found on most other CBIR systems producing no useful results. For example, my sister in law in traditional Mongolian garb gets such results as Kim Kardashian on the red carpet, an image of her husband got Halloween costumes and maternity clothes, the commonalities being model placement and coloring. But the exact matching is extremely useful. I dropped in some images from my website and got a list of plagiarizing websites using my images.

Google also makes a feeble attempt at identifying content to augment the search with text. About 1 in 20 images I tried got a text description and not always accurate. This is perhaps the area which shows any potential for a breakthrough. But for now, you are best off to type in your own text to supplement the image to search for best results. Where a picture of a ger (or yurt) with a red-orange door gets images of farm equipment and firetrucks, typing "ger" next to the image changes nothing, but typing "yurt" produces a half dozen similar images, though not nearly as many as just either text without an image to match. That means if you know how to describe the image, you are better off with the more familiar text based query, a major point on the down side.

Overall this is a good effort which makes for a small step forward in the CBIR field with a potential for more improvement. While the ability to search for plagiarized images is useful, the ability to find similar content is severely lacking. That is a limitation of the entire field so Google should be commended for their effort even if it won't be replacing the current text query based search model any time in the foreseeable future.

Current Mood: complacent
Tuesday, May 3rd, 2011
5:18 pm
US Releases Photo of Osama Bin Laden's Body


(Inspired by The Onion) Today the US has released photographic evidence of Osama Bin Laden's death and burial. The Obama administration insisted that as a Muslim, Osama Bin Laden's body be handled according to strict Islamic tradition. The only problem is that no one on board the USS Carl Vinson was familiar with Islamic burial traditions so they asked for assistance. Researchers at the Pentagon painstakingly went through all evidence of how Islamic militants such as Osama Bin Laden handled the burials of foreign combatants and followed the customs they established.

An anonymous military official was quoted off the record as saying, "We followed western burial traditions with Saddam Hussein, but that only offended our enemies. Despite Osama Bin Laden being a mass murderer, we were more concerned with offering an olive branch to Al Qaeda by using their own traditions for respectfully handling the dead. While this display may seem gruesome to American eyes, it is in fact how Muslims handle the burial of US soldiers. We felt it appropriate to offer the same level of respect to our enemies as they offer to us."

US officials expect a detente to result from their show of respect for Islamic tradition even when it involves someone who dedicated his life to murdering innocent people and instigating wars. Early unconfirmed reports state that one Al Qaeda IED expert in Afghanistan blew up his own terrorist cell in solidarity and radical clerics around the Middle East are starting to oppose the burning of US flags.

The leader of Al Qaeda was killed as US Navy SEALs stormed the compound of Bin Laden's gay lover Abu Ahmad al Kuwaiti, with whom Bin Laden has been living as domestic partners for the past several years in relative luxury while his followers starved in nearby caves. A member of the Navy SEAL Team 6, recently renamed "The Justice League", is believed to have stated, "He [Bin Laden] may have died a coward hiding behind a woman, but he was buried as a Muslim."

Shortly after the funeral ceremony, former US President George W. Bush released this statement: "I knew they would finally find those WMDs, folks. This is why I invaded Iraq in the first place!" Former New York City mayor Rudy Giuliani intends to run for mayor of Abbottabad citing his past experience with silencing concerned citizens during a crisis.

Current Mood: mischievous
Monday, April 25th, 2011
9:15 pm
Python Goodies
I found myself doing maintenance on a Python application I wrote not too long ago, and think I should post some of the useful tidbits I came up with. These are all for Python 2.6, and some of which have definitely been changed in version 3.0 so do your own testing if you make use of any of these.
See the GoodiesCollapse )
Friday, April 1st, 2011
2:35 am
Maybe We Should Ban All Abortions
I think it’s time I reverse my position on abortion. Maybe we should ban all abortions.

What if we set aside the moral implications surrounding abortion rights and try a little thought experiment: What if the anti choice extremists win? Would it be so bad?

OK, so a few rape victims will get stuck with an extra unwanted pregnancy here and there. They are just accusers and not really victims, so not much different than the careless teen who should have waited for marriage, but without sex education did not know what she should have not been doing, according to the winning anti choice movement. And some women can die because of treatments being barred from them, and other minor issues stemming from women not staying home watching kids where they belong, but what about the long term affects?

First, let’s consider who has more abortions. Do the religious extremists have abortions? No. They are opposed and would never do anything they tell others not to do. Maybe an extra marital affair or two will get exposed more easily, but the ensuing scandal and the takedown of some more right wing politicians would be a good thing for society as a whole. As these people also are the ones who often deny various forms of science which disagrees with some outdated book, they ignore things such as evidence that overpopulation is damaging to things like the environment, climate, etc and can wipe out the surface of the earth, so they keep on breeding minions of their kind.

Now people that do have abortions are people who believe that abortion is a woman's choice. By banning abortions, we will force these open minded people to have more kids. These kids will of course be raised by someone who believes in liberty and freedoms such as choice and other generally liberal views.

This would also mean that there will be an explosion of unwanted or orphaned children in need of homes. So many that people of all views will need to relax their standards of who can adopt such kids, even allowing gay couples as they may be the only ones without too many kids at some point. Yes, banning abortion would lead to religious groups forced to accept gay marriage.

We could also change the law so that being born in the US does not automatically make someone a citizen. This will mean that the US can birth and raise millions of children at taxpayer expense, then deport them to anywhere else where they can take the American knowhow and put it to work at some competing country to help their economy overtake ours. Hey, in a country without our labor laws, they can take a lower salary and more easily steal an American job through outsourcing which they never would be able to take if they stayed in the US, and avoid paying the US taxes they would have payed if they would have stayed in the US.

But this is a single thought experiment. Without the citizenship tangent, this means that with an abortion ban, liberals will quickly outbreed conservatives within a generation. After two or three generations, the effect will multiply. We will go from having an even left-right split in this country today, to having a near unanimous progressive-liberal America within 50 years.

So banning abortion is for the benefit of society.

This is, of course, open to interpretation. Religious zealots can interpret this as a case of the ends justify the means, pro choice activists can interpret this as a case of pragmatism, and those who know me well can interpret this as an April Fool's joke.

Current Mood: devious
Saturday, February 26th, 2011
9:19 pm
Motorola Atrix 4G MB860 Review


This phone is the latest and greatest offering from Motorola and AT&T and I got my hands on one from preordering the moment I got the announcement email. I’ve had about a week now to go through most of the features and think this needs a good, bad, and ugly approach to give a fair understanding of the phone.


The Good

First off, this phone does live up to most of the hype. It is feature packed and buying it based on advertised features will not leave you disappointed. The Atrix comes with Android 2.2.1, (aka Froyo) a dual core 1 GHz processor and gobs of storage. It has about 10GB built in just in the media partition separate from the space for installed apps. It does not come with an extra SD card, but you don’t need it, and the options to include one would be either smaller than the on board RAM or severely increasing the price so not a bad call. It also comes with Bluetooth version 2.1 which is a feature almost, but not quite, universal and always overlooked but important for the security in that version of the standard. It includes the near universal quad band for GSM, and in a positive trend includes several 3G bands. Hopefully that hints at future universal phones for 3G the same as you can get for 2G nowadays.

The Atrix really needs to be considered a media phone more than a smart phone as that is where it really shines. It has HD quality video recording and playback at 720p, 30fps, and you can play your videos on a digital TV through an HDMI port – HDMI cable included. The app turns the phone into a remote control for an interface vaguely reminiscent of a PS3 for browsing and playing any media. Don’t forget the decent 5 megapixel camera with flash, and lets you turn off the shutter sound effect. When it comes to being a media phone, the Atrix delivers on its promises.

It runs smooth and fast. Being one to occasionally introduce phones to the sidewalk abruptly, I also got the Otterbox case which is so well engineered it distracted me from the phone for a few minutes. I did not get the media dock, but the idea of having host mode USB ports is something high tech users having been wanting for Android phones for a while. The other great feature is a fingerprint reader to unlock the phone so you don’t have to give away your password to someone shoulder surfing in public places, and it makes one hand use easier.

Full specs can be found here: http://developer.motorola.com/products/atrix-mb860/


The Bad

Unfortunately, even the gem known as the Atrix has issues. For some you can blame AT&T, Motorola, or Android in general but no matter how you point the finger, the phone has the shortcomings.

When you first try to turn on the phone you find yourself locked out until you create and log into a Motoblur account. It stores this information locally so if you take the SIM card out, you can still log in and use the device offline. But once you put a SIM card in, you need to log in to Motorola again before you can use the phone. Motoblur also takes control over your accounts including email. Anyone with a private or company IMAP server will find a surprise when they cannot send email. AT&T offers their own SMTP server but the Motoblur accounts app overrides a login setting so it does not work. I’ve spent a few days with tech support on this without result. Motoblur seems to be one of the biggest disasters on this phone. I’m not even sure exactly what the point of it is other than an attempt at mimicking Google’s cloud computing features.

As a media phone or for social networking the cloud concept is fine, but as a PDA or smart phone, privacy and security are issues and this phone forces you to give away your data all over the place. By default, all personal data you enter on the phone is broadcast over the network to another company’s database. There are some tedious steps you can follow to keep your contacts private, but there is no local calendar with this phone. You have to put your personal data on their cloud server or not use it at all, the user is not given a choice.

There are also a few minor issues worth mentioning. Being on the AT&T network, they lock out the ability to load your own applications and force you to only use what is available on the Google market. Some people may like giving up freedom to get security but avoiding the politics, the real issue here is money. AT&T charges extra for tethering despite already paying extra for the bandwidth and the apps to do it without telling the carrier are only available outside the Google market. There is a root hack already available so this is probably not an issue for those who really care, but I haven’t tried it. Personally, I find the internet and browser on the phone enough to not need tethering as much, but double charging for the same network use stays in the bad column none the less. The fingerprint reader is a bit glitchy, it stopped working for half a day but then came back on and worked fine afterwards. And would it have killed them to include earphones? I tried a set I had from another Motorola phone and they don’t fit right. So it does not come with the built in FM radio some of their other phones have, as a media phone, earphones should have came in the box. The camera application really needs a flash control too.

As much as I like the hard case, when I put on the belt clip it reminded me of my old Qualcomm from 15 years ago. You would think in all this time and with the success of the RAZR, phones would be a little less bulky. Without the case it basically looks like an iPhone. Almost all Android phones look like an iPhone, there is no choice for the consumer anymore. Some people may like that style, but personally I hated the iPhone and the iPhoneness of this is really annoying. Bigger screen is great for watching movies, but this is a phone first, and a large and clumsy one at that. Using this phone makes me miss my old Ming A1200.


The Ugly

Petty issues aside, there are still a few big problems with this phone.

There are two docking station options for this phone. They are separate and expensive. While the smaller media dock seems useful, the big advertising point is the laptop. Well, it’s not a laptop, it’s a $600 dumb terminal for your phone. Seriously, that is just downright terrible. Even at the $200 preorder price I already found it overpriced and worthless. I used to want all my devices in one since seeing Earth Final Conflict, but giving up my regular laptop for a phone interface at twice the cost and half the features is ridiculous. Expect either the price or the entire concept to be dropped like a hot potato. Why? The price of the dumb terminal is the same price as the phone. If it drops to under $100, I’ll reconsider, reluctantly.

But this is a media phone first which brings me back to the main failing which is in the media features. The HDMI interface turns the phone into a media server. So after trying one video and one song, I tried going to YouTube and see if I can play an online video directly to the TV. Nada. The phone is limited to the one app for playing stored files only. Considering the proliferation of streaming media available and especially if you are interested in legally viewing paid or restricted content, such as the included Blockbuster app which is currently saying try back in a few days, this needs to be fixed. Without it, the Atrix is no better than a $10 thumb drive.

Current Mood: contemplative
Friday, February 25th, 2011
11:18 pm
Android Security
Android devices are a focal point of private and personally identifiable information, and for security vulnerabilities to that private information. Users typically keep a treasure trove of private information on their Android devices and are little aware of how that information is being handled or exploited. As privacy is paramount to security on a personal level, anything which compromises privacy is a security threat which must be addressed.

Fortunately and unlike other platforms, Android lets the user see what an app is capable of doing, though you cannot manage them directly and most users gloss over this important tool. Many features have legitimate uses but leak personal information. There are a few areas where security on Android can fail without special handling by the user.

1. Contacts

By default, Android has extremely poor personal security. All of your personal information such as contacts are set to be sent to Google by default. This leaves you depending on 3 very unreliable things from a security standpoint. First, that your network connection is not being eavesdropped on. Second, that Google's does not get hacked and that you get informed if they do. Third, that Google's handling of all your private information is entirely in line with your personal security needs. Ironically, trusting a data mining company like Google is not a blatant security hole, but even the best of intentions can get compromised down the road such as with RIM opening up their secure servers to oversight in the Middle East.

You should setup you contacts securely by keeping them entirely offline, but that takes some quick initial steps. First setup your gmail account for accessing the market. Then go into account settings and disable synching with gmail. AFTER synching is disabled, then do an offline contact import. Put your contacts into vcard (.vcf) format. Most contact managers can export to comma separated format (.csv) then you can get a converter such as http://homepage.mac.com/phrogz/CSV2vCard_v2.html (There are others, but note this page is self contained and can be downloaded and run offline.) The resulting vcf file may need some extra quotes and blank lines removed. The vcf file can be placed on the sdcard and imported from the Android phone's contact manager directly. You can also regularly export you contacts to a vcf file and copy to a secure location as a backup. Perhaps not as convenient, but this provides the same benefits as the gmail cloud setup without the gaping security holes.




2. Applications

Android apps can leave you vulnerable as most apps request access to security permissions they do not need for normal operation. Permissions are not changeable by the user, its all or none and only established at install time. At runtime, you are given no indication what the app is doing behind the scenes. You can view each app’s permissions after it is installed which is especially important for preinstalled apps. Choose your apps carefully instead of blindly downloading anything which is interesting. Free apps often require network access to download advertisements, but if they need a combination of access to your phone profile or contacts or GPS in addition to network access, then they are likely sending your personal information to a third party. Many apps duplicate functionality found with your internet access, if they require access to personal information then the benefit does not outweigh the cost and only serve the function of weakening your security.

Also keep in mind that exiting an app does not automatically remove it from memory and stop its running. Android takes the garbage collection (a la Java programming) approach to closing apps which means you tell the device you are done with it and it marks it as available to remove from running memory, but may not do so until the space is needed for another running app. The Task Manager can tell you what is still loaded in memory allows you to end the process for apps you want to fully stop.

3. Tracking

Carrier tracking is unavoidable, it is a byproduct of the cell phone concept. The cell phone company will always be able to very accurately trace your location at any given time, and anyone with access to the carrier (ie Police with a warrant) can always get that information for anytime your phone has been turned on.

However, this location information can also be provided to apps via the phone's programming interface. Fortunately you can disable the setting under Location and Security. Uncheck "Use wireless networks." Disable GPS whenever and where ever possible. The GPS not only drains the battery quickly, it also provides tracking information about you to other parties. Some application such as Maps work with or without it. Leave it disabled whenever you do not explicitly need it, and stop any other apps while it is on. Unfortunately you cannot grant or deny access on a per application basis so while the GPS is enabled, services and widgets, as well as apps which are still not removed from memory after you exit them, can grab your location info while you use it. The leak can be mitigated by limiting the use of GPS, limiting the use of apps while the GPS is enabled, and disabling it the moment it is no longer needed. The same policy can be followed for "use wireless networks" should the need arise.

Bluetooth is a relatively secure system but does have some vulnerabilities. At its most secure implementation, it can still be used for tracking by nearby third parties. If you do not use it, always keep it turned off. If you are using it, the headset or car interface is probably more vulnerable than your phone. Script kiddies (Attackers using off the shelf software and hardware) can eavesdrop from up to a mile away. To minimize risk, use Bluetooth 2.1 or later for the extra encryption, only pair your devices in secure locations, (with shielding if possible such as a basement) be alert to any unexpected pairing attempts or the need to again pair your devices you thought already paired as these are evidence of a hacking attempt, and consider a secure headset if you can find one. "Discoverable" should always be disabled, except for the brief time when you need it to intentionally pair with another device.

Conclusion

While Google may not have violated its "Don't be evil" directive with Android, it is far from a secure device. The overall security perspective of an Android device seems to be more about maintaining corporate control over the device than about protecting the user's personal information. This is part of a disturbing trend in consumer electronics for companies to interfere with and maintain control over a device long after the consumer has purchased it and taken it home. From Sony to Apple to now Google, ownership of a device is being exploited as a means for a corporate entity to maintain control over your private information and activities. You must be vigilant in protecting yourself as assuming the device will do it for you is not effective.

Current Mood: thoughtful
Sunday, February 13th, 2011
10:46 pm
Progress and Regress in Smart Phones
I've been using cell phones and PDAs long enough to watch them evolve for nearly two decades and simply cannot comprehend what cell phone companies nowadays are thinking.

There are many remarkable changes over the years, some of which were wildly popular design concepts and others subtle to the non techie but constitute breakthrough technology. Ignoring the hype, and avoiding the tedium of tech speak, leaves only two substantially noteworthy milestones.

#1 The StarTac. Back in the days when cell phones were bigger than your land line house phone, Motorola came out with a tiny little clamshell device which worked great, and folded up and fit in your pocket to be smaller than the average wallet and barely larger than a beeper. This revolutionized the cell phone into being something small and convenient rather than a bulky toolbelt accessory. They later repeated this success worldwide with the Razr and the Ming a1200.

#2 The Palm Pilot. Before a Blackberry wet from being a oneway pager to a twoway pager, Palm was defining what it means to have a PDA. It was a portable computer which did everything you could need to have portable. By the Palm Pro, they had wireless access and email and web browsing were added on. You could install any application you want and had as much control over your PDA as your computer.

That's it. There has been no real major milestones in the handheld arena which compares with either of these. There are other well known changes but they did not improver the user experience in any significant way. In fact, many of the subsequent events did as much harm as good to the end user, and merely covered their tracks with some clever marketing.

So what went wrong? While it would be easy to dismiss the problems as corporate greed, and probably be right in doing so, it would be more useful to point out the failings of seemingly significant steps.

The biggest problem is the dumbing down of the concept of a smart phone. You would think that in a high tech race this concept should be expanding but the reality is the opposite. The concept of what is a smart phone keeps getting watered down. This happens in two ways. First, every company wants to have a piece of the market so they slap the smart phone label on whatever it is they have to offer. Blackberries have been using that marketing since they could do email. Microsoft was kind enough to bring the blue screen of death to the cell phone in an otherwise modest attempt. But what really takes the cake is the iPhone.

And the iPhone brings me to the second problem in dumbing down the smart phone. It's us, the consumers. Smart phones were originally for power users. If you were an IT or business professional that needed constant access to your office on the go, basically a mobile office in your hand, then you got a smart phone. But that's not what the iPhone is for, the iPhone is for people who eat up marketing and want the flashy gadgets they have no serious need for. The iPhone sold because it was Apple, not because of the features because it really lacked some basic features of other smart phones. You could get email ad play games and browse the web, but most dumb phones can do that too. You could not install any application you wanted, only what Apple tells you you can have - that's the way cell phone companies manage their dumb phones. You can't handle your office files at all. Actually, other than the variety of games, the iPhone does very little that your average $50 dumb phone can't do. And if it's games you want, the PSP has better games and won't waste your cell phone battery in the process. (What's worse, is now Apple wants you to replace your fully powered laptop for a locked down and nearly useless iPad. Why in hell would I waste $500+ on that when my $200 netbook does EVERYTHING an iPad can do and more but without the restrictions?) Having an iPhone myself, I can say the one thing I like about it is that its got style, even in the user interface. But that's really about it. I can't wait to replace it with a better phone.

Now what is a better phone than a iPhone? My gut reaction, and years of commercials, tells me it's an Android phone. So I check out Android and find it two steps forward and one step back. They bring back some of the features that make it feel like it is really a PDA. I can put my own files on it, and use it as I see fit, regardless if Apple or Google or my carrier wants to allow it or not. Not bad. But then I look around at the phones being offered and only see one choice. It doesn't matter if you call it a Droid (Talk about marketing, even Lucas is making money money on cell phones now) or Milestone or Hero or what have you, notice a distinct lack of variety? Maybe you didn't but I am sick of every Android out there looking like an iPhone clone. If I want a big powerful machine with bigger screen, I have a netbook. I want a smart phone. Android brings back the smart and loses the phone. Really? WTF? And the its so customizable that carrier can make a custom version that disables some of the feature which make the Android worthwhile in the first place.

Some power users, really a cross of the traditional people who need the more powerful features and those who just like to play with gadgets, have a thriving subculture of opening up features on secured phones. Terms like unlocking, rooting, and jailbraking may have different or even negative connotations, but are a result of the fact that the end user has purchased a product they now own and can use as they see fit. First sale doctrine applies, despite any EULA making claims for which there is no legal standing to back up.

Then of course is the cell phone carriers. I said mentioning corporate greed wouldn't be useful, but it is significant. Why are cell phones locked down at all? Security? If you believe that then you didn't happen to notice who's security, because it is not the user's, it the carrier's security. They are securing their revenue stream. Subsidized phones save you money up front and lose you money on the contract. That's not news, but it is the justification for locking down the phone. From the carrier's perspective, it's not your phone, it is theirs, and only a means for you to access their network. That may be a fine concept for a dumb phone, but a smart phone is a significant tool to manage your life: your email, your business, your media, your social activity - its your assistant and the carrier is maintaining control. Sounds pretty dumb doesn't it? Well, not dumb for the carrier.

There is also the radio spectrum mess. The variation of incompatible technologies is staggering for such a developed market. Phones at one point settled down into two camps: CDMA and GSM. CDMA being more secure from eavesdropping, but GSM being more versatile. Eventually GSM phones came out supporting all four different radio bands used worldwide and with an unlocked phone, you can travel the world and always get access to local service rather than getting ripped on international roaming by picking up a SIM card for the local carrier. Then came 3g and the incompatibilities have just multiplied.

So the current selection of phones on the market basically offer the user no choice or control and generally lack some of the most significant advances in smart phones. I hope some company realizes that there is a real void in the market which they could fill. It could be that their market research says that people only want what they are already selling, but knowing a bit about business makes me think otherwise. Big companies are risk adverse, they will only invest on a sure thing so they make clones of what already exists. It usually takes entrepreneurship to make drastic changes. Unless one of the big carriers looks at their history and realizes some choices lacking today were their biggest success stories at one time and tries to revive them.

I would also hope that users would actually take advantage of any new innovations or resurgence of old good ideas... if they have any money left after buying into the current ripoff schemes.

What would I consider progress? The phone would have to be a fully featured smart phone with full PDA features. Email and web are ubiquitous but how about being able to edit and manage documents? Something as simple as file system access and a basic text editor will do. Note the file system access, that is important in many ways. You can manage your own documents, media, ad applications without needing proprietary software or marketplaces. The software may be nice, but a PDA should be accessible from your computer through a USB or SD card reader alone. The carrier's control should end at the point you access their network. You pay for your usage, fare is fare, but using 1k of data for MMS or web browsing or from a games server access or from email or from web browsing through a tethered computer is still just 1k of data and does not warrant the carrier billing or restricting you on how you use that 1k. Phones should be secured from anyone else accessing their contents - including the carrier which currently has back doors in devices like an iPhone to delete or run programs without the owner's permission. Unlocked from the carrier is not enough, the network technology should be modular and interchangeable. This last one is a biggie and currently not even considered by manufacturers. If you can get a SIM card to decide which carrier to use, you can also have a SIM card program tell the phone which wireless technology to use. OK, maybe it would take an actual add on chip, but this is already modular and would just need a standard interface rather than being hard wired. Not a big leap. Lastly, but most important, the phone needs to offer the consumer a choice. Different users have different needs and desires. There currently is no real choice in smart phones today, just marketing teams trying to out hype each other's lookalikes. That last one is the easiest to change, and the first company to step up will have my business.

Current Mood: pessimistic
Saturday, January 15th, 2011
1:12 am
Targeting Republicans
So if some liberal put a bullseye on Mike Rogers for trying to renew the most deplorable disgrace to the Constitution known as the Enabling Acts... ummm, I mean... (un)PATRIOT Act, and then some wacko goes on a shooting spree trying to assassinate him and any nearby random bystanders, just what do you think the right wing zealots would do? Do you really think Palin would give another speech about how her going onto the Weasel propaganda network and telling people to shoot Gabrielle Giffords has nothing to do with someone actually shooting Gabrielle Giffords? Do you honestly believe they would NOT throw Constitutional rights to the wind and go on a witch hunt? Seriously?

Time for extremists to stop and reflect on what their politics of hate is really accomplishing.

Current Mood: contemplative
Saturday, September 25th, 2010
7:32 pm
Dualboot my Netbook Compaq Mini 110c
I got a Compaq Mini 110c 1105dx a little while back at a really great price (like half the price for comparable specs elsewhere) and decided I wanted to have a dual boot Windows/Linux setup.

First I tried sticking with the Windows 7 that came preloaded. That lasted about 1 day. Despite the hype there is little difference between Vista and 7, especially look up the "winsxs" folder nightmare if you want to know my main gripe against it - I've seen brand new systems hosed because of it. And this makes me more annoyed at the BestBuy Dweeb squad insisting on making some mysterious changes I explicitly told them not to then refusing to give me the restore disks. Well, that all got wiped.

I started with a bit of preplanning. I needed a partition large enough to run Windows XP no matter how much crap I load on there in the future, 50gb sounded reasonable, a partition to run Linux which can be pretty minimal but I went with 23gb to be safe, and the remainder of the drive as a large data partition for them to share - 150+gb. I decided only 1 Linux distro, and not to multihome more than 1 distro. I thought that was enough planning...

First I loaded Windows. For any Windows/Linux always start with Windows, installing Linux plays nicely with existing Windows installs. Installing Windows does NOT play nicely with anything.

I had some issues right from the get go. The Mini has some cutting edge hardware which is not supported from an XP boot disk. Namely the SATA controller. If the boot disk cannot see the hard drive, your install is in trouble. I did some searching on the Intel site and found some XP drivers for an older model ICH7/MDH SATA AHCI controller. The Mini actually has like a #9 or 11, but it turns out the #7 drivers work just fine. I first tried one of those tools which bundle new drivers into a new install iso and tried that disk but it never worked right. Fortunately, I have a USB floppy drive lying around. (An old Dell laptop module with a secondary USB port so you could use the floppy and CD at the same time - shame the cd didn't have it also or it would have saved me from buying an external CD burner) I put the drivers on a floppy and when starting the XP install, you can tell it to get extra drivers from a floppy. Worked great. Needed to update, and get some wireless drivers via a wired network, but the install went smooth at that point.

Linux was not so easy. First I chose CentOS. (Choosing your Linux flavor/distro can be a pain, I did not choose wisely...) CentOS is a recompilation of RHEL that gets used at work so I wanted to stay with what is familiar. RHEL is so popular with businesses because there is no cutting edge software in it. All the cutting edge stuff gets tested in a generation or two of Fedora Linux before being put into RHEL. Then the CentOS guys need some time to rebrand and customize the RHEL code before releasing their versions. So CentOS is always a few steps behind on new technology, and the Mini was using new technology. But I tried it anyway.

CentOS tries to use the kitchen sink approach so its like 5 CDs but they miss the most basic package for any Linux install: GCC. Seriously. First I had to use a backdoor trick of getting another driver for the SATA on a floppy the same as with XP. Actually I put both a Linux driver, and the XP driver with a Linux wrapper on the same floppy so I'm not sure which one worked, but CentOS could finally see the hard drives. Then once I installed it, NO NETWORK DRIVERS WORKED! I kid you not, not even the wired ethernet driver. I found the necessary packages and downloaded them to my data drive with Windows and rebooted to CentOS. Thats when I discovered that CentOS (and RHEL) cannot read NTFS file systems. I did not feel like resizing and formatting it as FAT32 so I just burned the stuff onto CDs. (I have rewritable ones so I wasn't wasting anything.) That's when I discovered that I could not use the drivers because there was no compiler, no GCC! I tried downloading complete packages, and tracing dependencies for a few days before I finally gave up on CentOS. Its nice, its well supported, it just does not run on my Mini 110c.

FYI - that was CentOS 5.4, I haven't tried 5.5 and don't care to. If an OS gives me that many headaches, its not worth using. I want an alternative to Windows, not a knockoff. And I will never waste my time on Gentoo ever - it had to have been the most obnoxious distro I ever tried. The other thing I disliked about CentOS is it used an LVM file system by default which is a nightmare if you ever try to do a disk recovery. I never want to see LVM again.

Another funny side note, I tried the 100mb tiny little PuppyLinux live cd and it works great. I considered using that, but wanted something a bit more robust as a permanent OS.

So I tried Ubuntu 10.04. I've worked with both the server and workstation before so figured it was worth a try. It had its own headaches but ultimately works.

On the install, none of the automated options could properly place the Ubuntu over the CentOS so I needed to go with the manual options. Deleted the CentOS partition. Created a 2gb Swap partition at the end of the drive. (The laptop has 1gb but can support a 2gb upgrade, so planning ahead.) Created a mount point for the existing Boot partition. Did not format it as I was paranoid of a failure, in retrospect I should have to delete old useless configs. Then installed Ubuntu on the remaining space.

It reads the hard drive no problem. It connects to the wired ethernet no problem. It mounts the NTFS data drive no problem. Only the wireless and the GRUB boot menu gave me grief, but I was installed and online so it was workable to solve it.

Broadcomm has a wireless driver for Linux available with Ubuntu but NOT in place by default. The first time you log in, it gives you a popup window to install it but if you wait, the popup will not return. The driver trouble manifests itself by crashing at boot time intermittently. The key is that if you keep trying to boot, it will eventually come back up! With or without recovery mode. The solution is posted on Ubuntu's website:

https://wiki.ubuntu.com/HardwareSupport/Machines/Netbooks#HP%20Mini%20110%20/%20Compaq%20Mini%20100c/110c

Basically, you have to install the STA driver package "bcmwl-kernel-source" and it works fine. Recovery mode not needed.

Grub2 turns out to be a real pain compared to the original Grub. Some idiot decided a single editable config file should be replaced with half a dozen scripts. The documentation is here:

https://help.ubuntu.com/community/Grub2

It tells you to install a non default package called "startupmanager" which gives you a GUI to change the default OS and timeout. The scripts automatically decide to list OS options and I decided it wasn't worth my time to delete the old useless CentOS ones the tools automatically populate, and rewrite over any manual config changes you make. I get a list of 7 options and only 2 or 3 of them I actually need or want. Grub1 was better for this.

Looking online, there seems to be a lot of grief with people trying to do what I did so I figured a blog post was in order to show that it can be done and how.

Current Mood: accomplished
Tuesday, August 3rd, 2010
11:34 pm
I hate Jersey drivers
I hate Jersey drivers.

OK, that's not true. Most drivers in NJ have excellent road etiquette. But NJ has a pervasive minority of really bad drivers who consistently do the same stupid things, and almost every time I'm on a NJ highway there is at least one.

Today there were two of the more annoying ones. First was the typical idiot who passes me at about 90 mph only to get in front of me and slow down to 2/3s the speed I was going. Then when I change lanes and continue at my existing speed, the nutcase gets road rage and starts trying to pass me again. By this point there is too much traffic, so he spends about 5-10 miles trying and failing to pass anyone.

On the way back there was some incident where someone in the left lane had to stop and pull over suddenly. I've seen this happen a few months back and this was almost an exact replay. Most people did a reasonable reaction of slowing down or changing lanes away from the car in trouble. But sure enough, there was one moron who didn't understand why everyone in all three lanes slowed down simultaneously, and just barreled through weaving all over the place trying to cause an accident - almost did with a motorcycle.

Its not like Staten Island drivers are so much better. Its like there are no stop signs. And if one more idiot decides making a left turn through oncoming traffic, namely in front of oncoming me! Of course, the last two times this happened it was an SUV with Jersey plates...

I just hate bad drivers.

Current Mood: pissed off
Monday, June 28th, 2010
10:16 pm
Where are the Global Warming doubters now?
Every time the thermometer drops 1 degree below average, the Global Warming doubters come out in droves with some silly rant as if one single temperature somehow proves or disproves a trend. So where are they now when its nearly 20 degrees above average? Where were they when there was a major storm every 2 weeks all winter long? Where were they when it was 65 degrees in January? Where are they now when it's 98 degrees?

Current Mood: surprised
Monday, May 31st, 2010
10:35 pm
My Weekend
Sitting on the balcony at the edge of the beach, watching the full sunrise over the Atlantic from the rainbow colored haze, to the first slice of red-orange light over the water, to the migrating birds in full V formation at barely wavecrest level cutting across the yellow-orange reflection of the sun's orb having just cleared the horizon... that was my weekend.

Current Mood: relaxed
Tuesday, February 24th, 2009
8:41 pm
Tsagaan Sar: When is Mongolian Lunar New Year?
Sar shiniin mend hurgeye!
(Happy New Year!)

Tsagaan Sar (White Moon) is the name of the Mongolian lunar New Year. There is some confusion as to when Tsagaan Sar is this and almost every year. First, one must dispel the notion that Mongolians use the same calendar as the Chinese. This is false. They are very similar, especially in concept, but not calculated identically. Mongolians follow a lunar calendar on a 12 animal cycle with the new year starting on a new moon to mark the beginning of spring. It is when the new year begins where the differences are most apparent.

The Mongolian calendar is calculated based on “Togs Buyant” astrology typically under the guidance of the large Buddhist monasteries. A project co-organized between the Mongolian Government and the Gandan Tegchenling Monastery in 2002 defined the lunar calendar from the year 1027 to 2106 to put an end to the periodic confusion over the date of Tsagaan Sar. In 2009, the beginning of the year of the Ox is February 25th.

Tsagaan Sar falls on the same lunar cycle as Losar, the Tibetan new year, as they are calculated nearly the same. About 50% of the time, Tsagaan Sar and Losar fall on a different month than Chinese New Year. This is the case this year. Attempting to change either Losar or Tsagaan Sar to match Chinese New Year has become a very intense political issue. Some Tibetan groups are promoting the idea to not celebrate Losar at all this year in protest over the deaths during the 2008 protests in Tibet.
Tuesday, January 6th, 2009
5:11 pm
Some pics of rescued animals still needing homes
This is the remaining dog:



These are some of the cats:



12:34 pm
Yossarian, and a dozen other cats and dogs


About a week ago I did what can be characterized as an animal rescue. My aunt passed away (the same one who I got Dusty from) leaving behind 7 dogs, 6 puppies, and countless cats. Literally, no one was able to count them - estimates were over 40 originally. The pound picked up the dogs right away and were able to adopt out some of them, and most recently picked up 8 cats (most others ran off by that point, some died) leaving the pound with 4 dogs and 8 cats they did not think could be adopted out easy and wanted to put all 12 to sleep. So I loaded up the van with carriers I borrowed from friends and drove 1,000 miles to Nashville, TN to pick up all 12 of them. Despite all the warnings from the pound and my aunt's neighbors, the pets were friendly and well trained making the return trip remarkably uneventful, and I still have a clean van. I kept Yossarian here, and left the remainder in Cat's care at the farm in Maryland.

2 dogs and one other cat have been adopted so far, leaving 8 pets still in need of a home.

Current Mood: exhausted
[ << Previous 20 ]
My Website   About LiveJournal.com