Photograph of a plate of uncooked sausages.
“Before cooking”by schlymay is licensed under CC BY-NC 2.0

I came at this 2018 book by surgeon Arnold van de Laar expecting a popular-nonfiction health treatise, but instead found something far more akin to Patrick Smith’s Cockpit Confidential, which I loved. As with Smith’s book, Under the Knife comes from the pen of a professional who loves his craft, eager to share favorite stories and observations with an audience of curious laypeople. I found the author’s enthusiasm infectious and I loved this book too, even as I squirmed through much of its often bluntly succinct descriptions of human bodies’ failure states and the operations required to repair them.

While acknowledging from the outset that mortality surrounds a surgeon’s work on all sides, Under the Knife ends up a celebration of the human machine’s resilience, its determination to stay alive in the most severe circumstances. Over the author’s recounting of his favorite historically significant surgeries, he frequently mentions the ancient dictum of healing per secundam, where the doctor mere cleans up any acute mess and then allows the body to knit itself back together, because that is what bodies do.

And in this context, van de Laar makes clear that part of the surgeon’s job involves creating wounds, not shying from using that word repeatedly to describe the incisions and dissections that a modern surgeon performs in order to target a problem that might lay many layers deep. The author really gets across the intuitive inversion at play here, so easy to overlook in the age of modern, sterile medicine. Not even two centuries ago, any penetrating wound to the gut, whether by bayonet or scalpel, was almost invariably fatal. This made abdominal surgery, where a single operation might require myriad intentional wounds, quite impossible until relatively recently.

I got the impression that the author relished modern medicine’s allowing him, personally, to explore the wonders of the human abdomen, and then talk to the stitched up patient about it afterwards. The stories that he brings the most enthusiasm to in Under the Knife involve the belly-guts, and he especially loves to imagine himself in the operating theaters, ancient and modern, that he describes. He has particular fun envisioning the emergency surgery upon Pope John Paul II after his shooting, with one head surgeon after another barging his way into the OR until there are no fewer than six hands holding up the pope’s bowels and rooting around behind them to trace and repair the path torn by the assassin’s bullet.

Other “celebrity surgeries”, where the author mixes adds his own experience and intuition to the available historical record, make up some of the book’s other high points. He observes how a throat-wound on JFK’s body, long a favorite of conspiracy theorists as an impossible bullet-hole, was probably an intentional tracheotomy wound introduced by the first surgeon who received the dying president, and then mis-reported in the ensuing chaos. He brings us to the private chambers of Louis XIV during the operation on his anal fistula, marveling at the surgeon’s practiced genius and the Sun King’s bravery. He clutches his head at the disastrous treatment of Queen Caroline’s umbilical hernia, where confused and bickering doctors overlooked clues that should have been obvious even to a surgeon of antiquity, leading to the patient’s miserable death.

There are stories of humbler surgeries too, ones that made the historical annals due to the practitioner’s innovation rather than the fame of the patient. Through these tales, van de Laar does give us a tour us through human internal anatomy, even if often in the context of things going wrong. With obvious admiration he describes the gastrointestinal tract as a single, unbroken tube that runs from mouth to butt, with various specialized structures along the way, and I don’t think I’d ever heard it so described before. I also loved learning about how many bodily failures trace have a root cause in internal mechanisms optimized for a life on all fours. Standing upright may have seemed like a good idea at the time, but now all of Lucy’s descendants have to live with varicose veins, slipped discs, and hernias.

For all that, I finished the book feeling both smarter about the body and grateful to live in the era of modern medicine. It can feel rewarding and necessary to read, now and again, one subject-matter expert’s testament on how things do tend to improve when viewed on the long arc of history.

Share or reply to this post on Twitter!

A photograph of a wooden dock over a little lake, surrounded by houses, boats, and palm trees.

Twenty years after accepting my first job as a software engineer, I’d like to try picking up some technical-writing work. If I find that it agrees with me, I might well consider refocusing my career into writing full-time, making software development an activity I’d continue to pursue for my own benefit only.

To this end, I have published a new portfolio highlighting some of my better technology-writing since the start of the century, from O’Reilly books I co-authored ages ago through reports I wrote just this year for IFTF. I have also given my résumé its most significant overhaul ever, streamlining and reformatting it to let my history as a writer stand out more.

A lot happened in the first half of 2019 to push me in this direction.

In March, I joined the What Cheer Writers Club here in Providence, offering me a local community and a quiet, shared work-space dedicated to writing — something I hadn’t really experienced since college. I have found myself heading to WCWC’s downtown offices whenever I want to write — and I’ve had a lot to write, this year! This has, of course, included my ongoing commitment to Fogknife — observant readers will note the addition of the club’s logo to this blog’s sidebar, acknowledging the role it has played in my recent blog-writing.

The club also saw me write the community report of IFTF’s accessibility-testing program, describing and delivering upon years of planning and effort by eight subject-matter experts and dozens of volunteer testers. I thought it would take me a month to accomplish, and budgeted as much — but with time to focus and a friendly environment, it required little more than a week from first word to final draft. I feel quite proud of this accomplishment, and prominently link to it from my new portfolio and updated résumé.

So all this has boosted my confidence as a writer, but one event tied to WCWC only coincidentally may have played the most catalystic role in suggesting that I might professionally identify as a writer as well. The very first day I settled down to write in the club’s library as a brand-new member, I received an email from a tech recruiter. A common enough occurence, this, except that instead of the usual enticement to sit in a cubicle on Route 128 and write Java for medical-device firmware or something, this one said that a tech-writing position had opened at a major corporation’s Boston office.

For the first time in years, I felt moved to respond to a recruiter’s email. I said that I’d like to know more about that opportunity, sure, but I also wanted to know how I wound up on a list of potential tech-writing candidates. “Sure, Josh,” came the reply, “send me your résumé and a good time to call.” I did, and heard nothing further. The next week, the same person mailed the same pitch, and I indicated that I remained interested. “Sorry, Justin, could you send that résumé again?” I did — and, predictably, the conversation petered out immediately.

But none of that bothered me! In fact, it got under my skin as a tingling itch, and it stayed there. I may have fallen between the floorboards of that distracted recruiter, but the implication inherent in their contacting me at all, mixed with my new club membership, encouraged me to think of new career directions for myself — just as my well-worn identity as an engineer starts to feel uncomfortably stale. So, months later, with that report done, with Narrascope done, and with a major client project shipped, I find myself turning back to the potential of tech writing.

I want to try it. Jeff Atwood listed tech writing as a sensible career shift for programmers who feel done with programming, and family and friends with whom I have discussed this have proven unanimously encouraging. And, again, I’ve been writing all this timeI’ve written books, for god’s sake. I have reason to believe that I practice more discipline and care in my writing today than I ever have before, and I like to think that shows in my output.

Programming is beautiful. I will continue to program weird stuff for the rest of my life. I am glad that I had comfortably paid decades to get really good at it! And, you know, maybe I’ll end up still doing that for a while longer anyway. (It was certainly the thing I wanted to do more of the last time I used this blog to pitch myself, some years ago.) But I began my career as a writer; my college degrees belong to a writer. I fell into programming by accident. I can no longer ignore the suspicion, borne by another benign accident, that the time has come for me to pack up everything I’ve learned from two decades of software adventuring and come back home at last.

Photograph of a statue at Chernobyl, depicting two grim-faced men in hazmat suits turning valves and operating other equipment.

“Chernobyl” by Fraser Lewry is licensed under CC BY-NC-SA 2.0

I followed a reference to Serhii Plokhy’s 2018 book Chernobyl: The History of a Nuclear Catastrophe from this New York Magazine article by Masha Gessen about the recent and much-lauded HBO miniseries on the same topic. Gessen takes issue with the show’s need to have its composite characters say aloud things that any real Soviet citizen of the day would never have given literal voice to, whether growling threats or wailing about consequences. This dialog may have helped clarify the situation to a Western audience in 2019, but the real people — Gessen writes — would have been extremely aware of the political weight they labored under, and far too inculcated (or simply resigned) to take any action that might resemble protest or even hesitancy against the state’s desires. Gessen holds up Plokhy’s book — more than the show’s producers’ own favorite, Svetlana Alexievich’s Voices from Chernobyl — as an accurate chronicle of the disaster, one focusing more on the whole Soviet state as culpable, rather than than any individual-scale failing.

I haven’t watched the show yet, but I have stood downwind from it via social media, and it has stirred a personal hunger to revisit the topic. Everything I knew about Chernobyl came filtered through school and mass-media channels easily available to an American pre-teen during the 1980s; I felt ready for an update. And in the book’s preface, Plokhy lays out his mission of gathering up all the materials available to him as of the late 2010s, interleaving and summarizing them into the most up-to-date chronology of the accident possible, and filtering it all through his own insight and expertise as a historian of both Ukraine and the Cold War.

I found Plokhy’s style rather dry; perhaps to Gessen’s satisfaction, he has little interest in setting descriptive “establishing shots”, let alone playing up any drama in his narrative. He doesn’t make it easy to visualize the power plant itself, even as he walks us through its chambers and stairwells, or swoops overhead in helicopters. But: I didn’t know any of this stuff at all. Beginning with the fact that Chernobyl wasn’t even in Russia, but in Ukraine, on the Belarus border! So maybe it’s not the most dynamic book available on the topic, but it’s the one that found its way into my hands, and it fit the bill for what I wanted. I’m glad I read it.

In his book, Plokhy draws a startling through-line from the April 1986 explosion of the Unit 4 reactor and the complete dissolution of the USSR only five years later. Because that time-span neatly covered my own adolescence, it feels like an eternity in my memory, the Soviet Union a world power strong as ever until one day it suddenly and inexplicably fell apart. Outside of Chernobyl itself, this book sets its point of view firmly and exclusively in the corridors of Soviet power between Moscow and Kiev, the capital of its Ukraine vassal-state. While he acknowledges that the rest of the world’s view towards the USSR shifted for the worse in response to the half-secretive, half-belligerent Soviet handling of the disaster on the world stage, Plokhy names the ever-present Ukrainian separatists as those who truly held the Soviet system accountable for making the accident possible, and who carried out the Union’s death sentence via their own declaration of independence — with a thoroughly bankrupt Moscow utterly unable to stop them.

Plokhy describes a USSR completely incapable of dealing with strategic realities, but whose people could draw on both grim determination and an enormous population to crystallize around a crisis. The Chernobyl disaster did not result in much immediate loss of human life, or ecological ruin beyond its immediate vicinity, in part because the Soviet Union threw everything they had at it once they acknowledged the situation. This included not just the entire national budget, but hundreds of thousands of “liquidators” bused in to clean and calm the buried, sputtering reactor. Each liquidator worked on-site for only a few seconds before receiving a lifetime’s dose of ionizing radiation — just long enough to dispose of one handful of rubble, and make way for the next one. Older folks among those who participated couldn’t help but compare the swarming effort and its staggering human cost to the Russian resistance to German invasion.

The author describes the final outcome as a bullet dodged for the world, even if it ended up literally shattering its nation. The worst-case scenarios did not occur. Through the frantic and utterly self-sacrificing actions of the Soviet people, the blown-out reactor core did not melt down and poison the water table, nor did it detonate and throw truly unimaginable levels of radiation up into the atmosphere — either of which might have had devastating effects to all of Europe and beyond. But to hear Plokhy describe it, nobody really knows what stopped it, or how big of a role dumb luck played.

Chernobyl acknowledges, in the end, its own point of view from 2018, witnessing a resurgence of autocratic regimes around the world — many of whom eye nuclear power as a way to generate lots of electricity (to say nothing of other mateirals) inexpensively, and showing no more interest in international cooperation than the Soviets did. As an American reader, I also felt very troubled by the descriptions of the Gorbachev-led government’s immediate response to the disaster, which reflexively and openly denied all the objective evidence visible to the whole world, preferring instead to rant about enemies foreign and domestic rather than addressing the crisis with any honesty or transparency. Plokhy closes the book on a note of shrugging hope that the world leaders of today will somehow acknowledge and address the spiraling nuclear issue, applying Chernobyl’s lessons before it — or something much worse — happens all over again.

And what a bitter taste that left me with.

This article was also posted to the “books” section of Indieweb.xyz.

Share or reply to this post on Twitter!

In my interactive fiction The Warbler’s Nest, which I wrote in 2010, a pivotal scene sees the main character having their attention drawn to an outlier amongst a field of tall plants. They approach cautiously, as the wind blows through the field, carrying strange noises and a sense of quietly escalating dread. When they finally reach the unusual stalk, they discover a bizarre animal crouched there — one whose appearance and behavior sets the tone of the rest of the work.

Here is a scene from Lars von Trier’s Antichrist, a film from 2009 which I had never watched until only last night. (Be warned that this clip contains a jump-scare and realistic animal gore.)

The absolutely uncanny similarity between the scene in the movie and the one in my game struck me immediately; it felt a little bit like watching a film adaptation of my own work! But of course, I knew the whole time that the movie predates my game by a year, so I considered it a delightful coincidence.

With a day to roll it around in my head, though, I begin to settle on the likelihood that I had watched this scene from Antichrist online while the film was new, months before starting my work on Warbler. Back then, after I saw it, I immediately put it out of mind, just as we all do with the thousands of other multimedia bits and bobs we encounter on the web during any year. But my brain found it sticky enough to index, and so popped it into deep-storage, wiring up reference-handles to it in the utterly ineffable ways that brains do.

And to it came to pass that when designing Warbler a year later, it happened to share enough key abstractions with this unsettling image of Willem Dafoe in the forest that my brain duly retrieved it from cold storage — enough that I could more or less adapt it wholesale into my work, but not so much that I had any conscious awareness of the fact! It absolutely felt like completely original invention on my part. Watching this clip today, underneath my own one-paragraph summary of the Warbler scene, I really can’t believe that any more.

I don’t feel any kind of negativity about this discovery. In fact, I feel quietly thrilled — how often does one get to perform this sort of critical archaeology on one’s own body of work, a decade after the fact? It reveals not just something about my own process but, I believe, the creative process in general: we are one and all remix-machines. With both our physical bodies and our creative oeuvres, we are what we eat.

And I really have to get back into watching more movies.

Note: Antichrist is a provocative horror movie containing lots of disturbing content, including but not limited to explicit sex and brutal violence. I liked it, but would not necessarily recommend it.

This article was also posted to the “writing” section of Indieweb.xyz, and to the intfiction.org forums.

4 reactionsShare or reply to this post on Twitter!

Every so often I find myself confronting someone with a penchant for springing pop-quizzes upon the person they’re talking to, despite lacking any real social-context authority to do so. A typical interaction with one of these conversational quizmasters might go something like this:

BOB: Hello, Alice! (Who, for the purposes of this example, is my colleague and peer, and not my teacher or superior officer or something!) I need your help plugging this transcendental inducer into this frobnard.

ALICE: Really? Let’s see that… Huh, Okay. Do you know what the three rules of safe transcendental induction are?

BOB: Sure.

ALICE: [Smiling archly] What are they?

BOB: [Suddenly caught flatfooted] Uhhh…?

(Admission: I assigned the speakers’ genders consciously here to avoid conflating the quizmaster with the mansplainer, a related but subtly discrete phenomenon.)

Alice, beyond being simply rude, has surprised Bob with a sudden intellectual task thrown into his hands. This completely blew away whatever mental frame he brought to this conversation. He’ll probably try to meet the challenge, just out of reflex, much as he’d automatically move to catch a ball that Alice unexpectedly lobbed at him.

The only two possible outcomes of at attempt to answer Alice’s latter question: either Bob stammers out a correct answer, making himself feel vaguely hazed and belittled by a peer; or he doesn’t, making himself feel called-out and foolish. Alice gets to feel superior, either way, and we can imagine that the unexpected opportunity to gleefully knock someone down a peg motivated her.

I therefore propose an alternate course of action to one facing this kind of uninvited quizzing: just sidestep it entirely by asking for the answer right away. Tamp down the impulse, expected by the quizmaster, to chase the bait, and keep your ego unbruised by tucking it away entirely.

So, in the case of the above drama, Bob would answer Alice’s challenge not with a deer-in-headlights stare as he desperately shifted mental gears in order to answer literally, but instead demurring to play the game at all. “Gosh, you know what, why don’t you tell me?” perhaps, with a self-effacing little shrug. Or, in the advanced case, if Bob suspects (or, indeed, knows from experience) that Alice is the sort of person to lead him into a trap for her amusement, he could simply have responded to her first question with a grinning “Nope!”

Taking this tack might involve an apparent profession of false ignorance, which may seem a little dishonest — not just to the quizmaster you face, but to yourself. However, I invite you to reconsider the question not according to its literal wording, but instead as couched in its true, unspoken framing: “What are the three laws of robotics?” becomes “Do you want to amuse me by reciting the answer to ‘What are the three laws of robotics’?” And to this, with a smile on your face, you can say: Why, no!

The effect remains the same: you rob the quizmaster of the satisfaction of watching you squirm, and they experience the lesser pleasure (from their point of view) of simply stating some fact at you. You, in the meantime, can enjoy the subtle relief of keeping your pride uninjured despite this ambush. (Getting want you initially wanted out of the conversation with this disagreeable person, and then gracefully ending it, remains an open problem, of course — but I have faith in the reader’s natural abilities here.)

This whole notion came to me by way of a recent Radiolab episode, when a guest asked long-time hosts Jad and Robert if they knew about a fairly basic scientific phenomenon. As a decade-plus listener of the show, I can guarantee that both hosts knew that topic quite well, and probably had based whole prior episodes around in the past — and yet, they both made professionally curious noises and begged the guest to explain the principle.

Now, they did that because it’s good radio, of course: let the guest do the talking! Just the same, I took notice of the deft sidestep, and it stuck with me. Some weeks later, thinking back on the last time an acquaintance pinned me with an unwanted quiz mid-conversation, the potential application of the same strategy struck me. Just a small thing, and I hope it helps someone — including, possibly, myself — the next time they’re put, with casual aggression, into an awkward spot.

This article was also posted to the “advice” section of Indieweb.xyz.

2 reactionsShare or reply to this post on Twitter!

A photograph of an 8 ball on a green felt pool table.

“Eight Ball”by MaryMakesDinner is licensed under CC BY-NC-SA 2.0

This year’s Layer 8 Conference in Providence came to my attention after my May post about my summer plans. As soon as I heard about it, I knew I had to clear a day for it. After more than twenty years as a professional software engineer, I feel quite ready to explore other paths, including specialization. Infosec has held a certain allure for me lately, and here was a one-day conference dedicated to the topic — more or less — a half-hour walk from my home.

I attended as an outsider to the community, and I learned so much. This article, then, mixes observed experiences particular to my day at the conference with more general knowledge I picked up and can’t resist describing for a larger audience.

My first discovery was that Layer 8 is itself about two particular topics within infosec:

Social engineering: tricking people to trust you, usually with the goal of accessing things or places otherwise locked away from you. I feel uneasy describing this, because when I put it that way it sounds akin to pick-up artistry or confidence scams — and probably for good reason! However, Layer 8’s speakers have made a legitimate career out of the practice, with corporations inviting them to try breaking into their secure facilities as a kind of penetration test. (“Physical pen test” being one term of art I heard a lot, in fact.)

Without exception, the stories I heard did not describe Hollywood-style crawling through air ducts, but instead just striding confidently down well-lit corridors, the intruder putting everyone at ease with a smile and a wink that they belong there — and listen, Jessica from the front desk sent me over here and said you could print out a visitor’s badge for me? Do you mind…? Oh, thank you, you’re a lifesaver. Where’s your server room? I’m supposed to meet Rahim there…

OSINT: open source intelligence, which seems kind of an awkward name since it has little to do with open-source software. Practicing OSINT means getting intel about some entity — be it person or corporation — by using both organized research tools and the myriad and utterly disorganized exposed surfaces and handles that protrude from every website and social-media presence, ready for grasping and pulling, like a thread, for anyone who knows what to look for.

Much of OSINT takes advantage of the fact that so much of the internet is built by teams working by the seat of their pants to ship features as fast as possible, delivering something that looks good on the surface, and to hell with the thumps in the closet and the lumps under the carpet — a topic of intimate and painful familiarity to me.

Besides “OSINT” itself, two new frequently used terms from Layer 8 that I’ve added to my own glossary:

Tailgating: a basic infiltration technique which, in its benign form, I have participated in countless times — and I would wager that you have as well. As the term implies, it simply and literally means following a someone with security clearance around, letting their trust envelop you and speed you on your own way like a cyclist riding in the draft of another.

The most typical tailgating action involves passing through a locked door for which one has no key by simply waiting for a key-possessor to approach, and then following them through. This strikes me as social engineering in a nutshell, really; in every such case I’ve encountered, the key-holder will hold the door open for a friendly-looking stranger who just happened to stroll around the corner at the same time. Nobody wants to be a jerk! (And even people who do like being jerks probably don’t want to put their day on hold just to challenge some stranger’s presence.) And that’s how it all starts.

Rubber Ducky: If your infiltration has proved successful enough to grant you physical access to an on-site computer, you can jam one of these specially prepared USB keys into it, and — in all likelihood — watch it crack open like a walnut under a series of automated attacks. The “ducky” identifies itself to the computer as a keyboard, you see, and it firehoses the poor machine with a script of every security exploit applicable to its OS and network environment, “typed in” at an inhuman speed.

I do not want to believe that this exists, because it does sound some something from a movie. But it’s a thing! With a brand name! You can buy one right now! And people use them all the time, apparently. I imagine it doesn’t come standard with a window that pops up to display [HACKING...] with a progress bar, but I would totally believe that some folks have modified their duckies to have exactly that anyway.

Anyway, I attended some talks. Here are four that I enjoyed especially:

Connecting Information via User Account Recovery and Filling in the Blanks. Noel Tautges, a high-school student, provided a wondrous example on how one can get private contact information on any modern internet user through a clever, multiple-pronged OSINT approach. Say that you want to get your target’s private phone number:

  1. After poking around and collecting valid usernames for your target on a variety of social media and other internet services, initiate a password-reset request on all of them. Collect all the “obscured” email and phone-number templates each provides for two-factor authentication (e.g. “We’ll send a text to ***-***-**89, OK?”), and then combine them to get as much of that number revealed as you can.

  2. Use what you know about your target’s geographical location, plus the published rules about how phone numbers are distributed in that area, to narrow down the possible space of unknown numbers. With luck, this can turn an unbounded list of a million numbers down to a thousand or so.

  3. Prepare an “address book” containing a thousand of so of your close personal friends, who all have oddly similar phone numbers. Upload that mother to a social network that you yourself have an account on, along with your target. Wait and see which ones turn into valid accounts — and then which one has your target’s avatar attached to it.

And now you have your target’s phone number, and you didn’t do anything other than use some APIs designed to do your target a favor.

Understanding the Web to Achieve Your OSINT Goals. A more novice-friendly and less ethically murky complement to Noel’s talk, this presentation by Micah Hoffman laid out an excellent overview of tools and techniques available to anyone curious about sniffing around the edges of a company’s online presence, looking underneath the veneer of rendered web pages to find all the other interesting less-public tidbits a typical public website leaves scattered around.

Micah, who founded the OSINTCurio.us project, didn’t describe any concept that I wasn’t already well-acquainted with as an autodidact web developer of 20 years: viewing page source, for example, or poking at JSON APIs. But I loved seeing them presented in the context of snoopy OSINT research tools instead of hammers to try swinging around when the damn web application stops working again.

View the page’s source code and look for commented-out code or links. Do they still work if you try manually visiting them? Try to bring up a website’s robots.txt file: can we visit those addresses by hand? Why doesn’t the website want web crawlers to index those pages? Any interesting inferences we can make from that? (In one amusing case, Micah showed one service’s live robots.txt that forbade the indexing of one particular user, whose page remained browsable to manual requests. Therein lay a tale!)

I can’t escape thinking that this talk, or some version of it, would be especially appropriate for kids! Children in particular should learn that the web is not only not magical, it’s not even television; they can look under the surface and see how it works, using tools they already own. They can explore the edges, look for seams, experiment, and — maybe — get inspired.

Everything Old is New Again. Presented by Snow, one of several infiltration experts present at Layer 8 with an affinity for both storytelling and going in public by a cinematic hackerly nom de guerre. Snow identifies herself on her Twitter profile as a “ConWoman”, and this talk drew on this identity, illustrating the direct lines of heritage between pre-digital confidence-scams and their modern descendants. We see the pigeon drop reborn as the Nigerian-perfected 419 attack today. Enterprising folks still practice one of the oldest con games in recorded history, pig in a poke, except with bogus Bitcoins rather than bricks sewn into a sack.

Snow acknowledged that an ever-popular target for trust-scams, then and now, is the elderly. The digital era has made some scams far more effective on their targets, especially older folks; one example is “the grandchild who wasn’t”, where a “long-lost relative” contacts a kindly oldster, seeming to know quite a lot about the family (there’s that OSINT again), and immediately leans on this happy new connection for a little financial help. Snow advises setting up, with one’s older relations, a technique that I wrote down as “Human 2FA”: have your honored elders agree to check in with you before forging new digital relationships with anyone who might come knocking.

Petitioners during the talk’s Q&A seemed more interested in Snow’s own experiences as professional trickster and infiltrator; I got the impression that she holds some celebrity status in the community, and she seemed happy to tell a few war stories. And this led quite neatly into the next talk I attended.

Transitive Trust. Tinker unspooled an amazing, energetic, and thoroughly entertaining monologue based on a “red-team” exploit he had related that same day in a long Twitter thread. Re-reading that thread now, I must admit, the story as a whole smells a bit fishy — especially given how Tinker overtly introduced himself to the room as a professional liar! However, I find every individual piece of the story quite believable, even if the whole thing doesn’t seem to hang together quite right, and it presented a clear and entirely credible take-home message about how trust is softest at the seams.

Tinker’s tale follows him as he makes his way from his target’s parking lot and, through a series of quantum trust-jumps, into its server room, rubber ducky at the ready. He begins with no infiltration tools other than a couple changes of clothes in his car. He wears the aspect of a construction manager to breeze past door-security, and then fishes around the hallways to gain the trust of a random office-dweller. Here he presents himself as a “sprinkler inspector” as a ruse to be shown around the building, openly taking pictures of its infrastructure (and its whiteboards, with everything written on them).

People want to follow the rules, and a successful social engineer will help their human obstacles in finding the shortest path to getting those rules followed — which, invariably, also allows the engineer to continue their work. In Tinker’s story, when a supervisor does confront him for snooping around in a secure area with no badge, he manipulates the situation to move his challenger from “You have no badge, and I’m going to eject you” to “You have no badge, so I’ll help you get a badge.” That puts everything in a state of rules-compliance that satisfies everyone, and is so much easier to accomplish for a building supervisor on a late Friday afternoon than forcing someone to leave the premises.

The talk’s title refers, specifically, to how an infiltrator’s earned trust sticks to them, and can snowball: If Alice trusts Bob (perhaps because she is his boss), and I earn Bob’s trust, then that makes it easier for me to have Alice trust me too — and now I can go everywhere Alice chooses to let me. In the end, the supervisor left Tinker with another authority able to print out badges, but neglected to say why he needed one. Tinker pounced on this oversight and identified himself as an IT contractor, here to “upgrade the servers”. And that was the end of that. As he summarized on Twitter, no single person that he interacted with failed at their job. Everyone diligently followed all the rules that applied to them. The failure lay in the false assumptions inherent in the handoff between each authority.

This talk ended with a flourish unlike anything I’d seen at a conference before. Instead of having a Q&A, Tinker invited Snow to approach the lectern and tell a story from her own career that he assured us was relevant. While she spoke, he faded to one corner of the room, pulled off his white shirt to reveal a black one, peeled off his wig of graying and sensibly mid-length hair that I had given no conscious thought about, and left the room without another word. Snow spoke calmly through all this, then led a round of applause when the door shut — and then finished her story. I myself caught only part of his transformation, as if a gorilla had strolled through a basketball game. I noticed what I did only when people around me started gasping. So… that happened.

A few scattered final notes about Layer 8 Conference in particular:

There were lots of women, among both speakers and audience. So long as we remain in an era where a technical (or technically adjacent) conference attracts a greater-than-dismal proportion of female attendees, I’ll continue making note of it when it happens. I’m not familiar enough with the security industry to know the gender balance of its own population, but seeing the relatively high ratio of women sitting all around me diring the morning welcome-address made me feel very good about attending Layer 8.

The “village” side-activites were varied and nice. Along with the ubiquitous hallway of swag-laden vendor tables, Layer 8 offered a number of “villages” in side rooms that ran day-long workshops and other activities, welcoming folks to drop in and out as desired. Mental Health Hackers had presence, offering a room with low lighting, peaceful music, and free massages. Those with still-restless fingers could visit a rolling lockpicking workshop run by TOOOL, who piled tables high with padlocks and supplied expert advice for a bit of recreational tumbler-popping.

Finally, one all-day event invited people to form ad-hoc teams and use OSINT strategies to find leads on actual Rhode Island missing-persons cases. According to the conference’s closing remarks, one team did verifiably find a very recent social-media post — containing a single emoji, but enough to read as an “I’m alive” ping — from one weeks-missing teenager.

Too much candy. Trivial but real: Multiple vendor-tables enticed vistors by offering candy, ranging from M&Ms to fancy chocolate bars with company-branded wrappers. Zero of them had anything that wasn’t candy and I would have been so thankful for a packet of peanuts or a granola bar or something with even a trace of protein content.

Will I attend Layer 8 next year? I honestly have no idea! I had a great time this year, and while I didn’t exactly emerge from the convention center with new life goals, I did get exposed to so much valuable new knowledge and perspective. My thanks to all its organizers and presenters for making it happen.

Recordings for many of this year’s Layer 8 talks are now on the conference’s YouTube channel. This article was also posted to the “Security” section of Indieweb.xyz.

33 reactionsShare or reply to this post on Twitter!

In a happy bit of open-web serendipity, news about two unrelated experiments involving RSS showed up Saturday in my RSS reader. (Of all places.) I found both interesting enough to bounce along to my own little audience, so do allow me to start with the more time-sensitive of them:

Giles Turnbull wants you to use RSS more. To that end, throughout June he runs an art project called Black and White RSS, where he posts one original monochrome photograph to a special RSS feed — and nowhere else. If you can suss out how to subscribe, you’ll wake up every morning (Eastern time) with another photograph shared with you solely on this obscure channel you took the trouble to hook into. It feels pretty nice.

The project’s page is of secondary but significant interest for listing one long-time blogger’s most up-to-date instructions, aimed at a newcomer, on how to subscribe to an RSS feed.

Meanwhile, Kicks Condor shared a video about Fraidycat, a work-in-progress RSS reader with a focus on providing and organizing links to new content, rather than taking the more typical strategy of scooping out the feed’s text content and presenting it in the RSS reader’s own clean and uniform style.

At least, I feel pretty sure that’s an accurate summary; the video adopts a rather oblique presentational style. But this reading aligns with Kicks’ essay celebrating the old web as a wild kaleidoscope — and how Google Reader, however beloved, drained all the color and style from it — so I feel pretty confident in my interpretation.

Fraidycat will also let you tweak the way that different feeds display themselves to you — letting you make links to new articles by less-frequent writers appear more prominently, for example. I’m definitely looking forward to Fraidycat’s public release. This looks fun to play with.


A related aside: Kicks Condor is also the creator and maintainer of indieweb.xyz, an interesting experiment in making something Reddit-like for the IndieWeb, driven entirely through Webmentions. I discovered it by way of Chris Aldrich’s instructions for participating in the IndieWeb Book Club, which I did indeed follow a couple of posts ago.

You may have noticed me participating more in the experiment by adding syndication links to indieweb.xyz at the bottom of recent Fogknife posts.I don’t know how long I’ll keep doing that, but for now I love seeing it work. It has helped remind me how much crackling potential I see in Webmentions as an open-web technology, and I feel impatient to start exploring it more.

This article was also posted to the “indieweb” section of Indieweb.xyz.

3 reactions

Photograph of a big, colorful chicken strutting along the edge of a parking lot, between grass and pavement.

“Burger King Chickens 4.JPG” by steve-stevens is licensed under CC BY-NC 2.0

Ryan Veeder has created some of my favorite interactive fiction work throughout the 2010s, starting from his 2011 IFComp winner Taco Fiction and continuing on from there. I discovered his ongoing oeuvre via the quiet and wistful Wrenlaw and the hectic optimization challenge Captain Verdeterre’s Plunder. His work espouses a unique sort of friendly and welcoming humility rarely found in video games of any variety, whether the nominal subject of the game is a desperate thief, a high-seas pirate (who is also a talking rat), or an everyday person wandering around some interesting landmark of Iowa City. These games use the text-adventure medium to offer surprising levels of shifting depth in unexpected places, such as the part in Taco Fiction where you can put the story of small-town intrigue on hold to flirt with an ice-cream-shop clerk and sample every flavor of dessert on display — each of which has its own voluminous responses to being smelled, tasted, or purchased, and none of which drive the plot forward, and all of which makes the game somehow unforgettable.

I could go on, but will instead defer to a more detailed examination of Ryan’s body of work (as of 2016) by Emily Short. Given my clear admiration for them, though, I was surprised to see that I’d never mentioned any of these games in Fogknife before today. On further thought, it stands to reason: I began this blog in earnest at the end of 2014, the first of my four years helming IFComp, and thus the after the point where I stopped playing IF with any regularity. (Working in the sausage factory, and all that.)

But I do manage to get a text adventure onto my plate from time to time, just the same. Two years ago I played, enjoyed, and wrote about John Baker’s all-but-forgotten John’s Fire Witch. And last summer, I had the pleasure to play Ryan Veeder’s Curse of the Garden Isle within days of its release. In the year since, I realized I’ve mentioned the game again and again in different contexts to friends and colleagues as a wonderfully accessible and rewarding example of modern parser-based interactive fiction, a real stand-out work. And yet, I have seen essentially no other mention of it online, not even within dedicated IF discussion spaces. Let me try to help rectify this, examining why I find it a quiet exemplar of the form.

Garden Isle’s player-character works at a geological museum on Kauai, the titular Hawaiian island. In this only-slightly Brady Bunch-ified version of reality, a regular part of your character’s job involves receiving packages from around the world, all from tourists convinced that a native rock they brought home as a souvenir triggered an island curse resulting in all manner of personal misfortune. So each one sends their purloined stone back to the museum, with an attached letter of apology, and a request that you-the-recipient please put the little piece of the island back. On the day the game takes place, the museum has received a healthy pile of these guilt-ridden parcels. To complete the game, then, you’ve got to use each visitor’s handwritten tale of woe for clues about the origin location of each respective rock, and drop them all more or less back into place.

Like a lot of Veeder’s best work, this becomes a game about exploring a space through the eyes of a person very familiar with every aspect of it, and yet with a knack for describing it in a visitor-friendly way. You cruise around the shoreline highway that circles the perimeter of the little round island — the game’s online-play page links to a live Google Map as a usable gameplay aid — visiting all its towns, parks, and other signifiant seeing-sights as you lay all the stones back to bed. (In a subtly nice stroke of design, the game begins with your driving to work, exposing you to a few of these potential stone-destinations before you encounter the stack of packages, and jump-starting the idea of what you should do next.)

Befitting its setting, the game has a very aloha-compatible pace: unhurried, unhassled. Taking the time to admire all the scenery, whether forest, fort, or gravesite, and mixing in a little bit of island history whenever the player shows deeper interest by requesting a closer look. And always stopping to let the ubiquitous feral chickens of Kauai cross the road. (You will meet a lot of these chickens, and learn about how they all got there. Make sure to look at the chickens.) And Ryan, for his part, confirms one’s suspicions about the game’s inspiration by writing himself in as one of the hapless but penitent tourists whom the player-character helps absolve. This character takes it all in stride, putting around the island for as long as the player needs, on a mission with stakes both as clearly visible and as calmly muted as the ancient volcanoes that the highways weave around.

I’ve been thinking about accessibility in games a lot lately, and in interactive fiction in particular. An IFTF program that I’ve led for the last year and a half is about to release a report about the state of accessibility in IF, with recommendations about its improvement. Curse of the Garden Isle came to mind several times while I wrote the report over the past month — not just for the high quality and welcoming attitude of the game’s own content, but for a very minor but still noteworthy facet of its in-browser presentation: the static text that appears around the main gameplay pane, linking permanently to helpful resources (including that Google map), and in particular the “text parser tips” displayed in the lower left margin. It’s just a short bullet-list of the most common parser IF commands, readable in a few seconds. But that’s the thing: I can’t think of another modern parser game with a browser-play mode that bothers to offer a tiny cheat-sheet like this, even though many might link to longer-winded “how to play IF” guides.

As I write this, for example, my own The Warbler’s Nest (of 2010 vintage) does offer a prominent “Help and Hints” link, but the result tells you nothing about how to play parser IF. Two more clicks from that page will lead an especially determined newbie to this quick-reference card that Andrew Plotkin and Leah Albaugh designed the same year I released that game. The card remains a great little resource, but wow, what a marathon to get to that information-dense PDF when one could do like Ryan did and just paint a bite-sized list of get-started prompts right on the game’s cover.

I pair this observation with a personal experience from earlier this year, when I opened a short talk about IFTF at a local technology meet-up with a group-playthrough of the first half-hour or so of Admiral Jota’s novice-friendly Lost Pig. The gathered players — almost all newcomers to parser-based gameplay — struggled quite a bit through the first few scenes, having absolutely nothing to grasp at when out of ideas for what that bare-naked text prompt might want from them. “Is there a vocabulary list?” one audience-member asked, quite reasonably, and I found myself feeling a little bit ashamed at the only answer. This moment must have sealed my admiration for Garden Isle’s dead-simple solution to this very predicament: list some verbs, the most basic ones, and tuck that list down in the corner from the very start. Just enough to vault new players over the strange hump of that typey-typey interface and into the unique back-and-forth rhythm of the text adventure, encouraging further discovery (including further reading of those more involved help materials) if they find it welcoming.

I stand convinced that all text games, parser games especially, should prominently and permanently display basic controls like Curse of the Garden Isle does — and the upcoming accessibility report will say as much.

This article was also posted to the “games” section of Indieweb.xyz.

11 reactionsShare or reply to this post on Twitter!

Book cover for 'Ruined by Design'.I read this book as part of the IndieWeb Book Club.

Many years ago, the student newspaper I worked at sent its staff photographers to a photojournalism conference. They came back spitting fire, displaying a mix of personal self-empowerment and suddenly withering contempt for the paper’s editorial staff, all of an intensity unique to young adults after their simultaneous discovery of and emancipation from a systemic injustice they had no idea they had labored under. Their declaration of independence made the photographers seem quite difficult to work with for the rest of my time at the paper. This came in part due to their youthfully aggressive stance, but also because we editors were used to treating them as tools — and unused to being told, when our desires conflicted with their judgment, to shove it. And that, of course, was the point.

And that is one point as well of Mike Monteiro’s Ruined by Design, a polemic screaming out from the author’s decades of work as the head of Mule Design in San Fransisco. This particular intersection of career and location has given him a unique ring-side seat to the shaping — he might say destruction — of modern culture by way of technology, and he looks out at all the designers laboring for their corporate masters to increase shareholder value by making the world worse. This short, angry book lays out the case for the calamitous societal pollution he sees his whole field as complicit with, and he rallies his fellow designers — defined, here, as just about anyone involved in the production of consumer technology, from Apple to Facebook to Volkswagen — to redefine their role and reorient their energy before things get any worse.

Monteiro insists that readers accept that design now plays a central role in shaping all human activity. The people that a designer works truly for, he writes, are not the companies who pay them — often growth-addicted and entirely self-serving, however well-intentioned they may have been at one time. (Uber began life as a clever way to connect drivers with some spare time to passengers needing a lift. Now it exists primarily to make Uber ever-larger, and crush anything or anyone in its way.) Instead, the book argues, a designer works for the people who will use the thing being designed. As such, a designer should work in the best interests of these people, and not for the corporations who stand to profit from it. If a designer’s employer asks them to use their skills to make something deceitful or harmful, that designer should refuse — exactly as a doctor should refuse a request to use their medical knowledge to harm someone.

Doctors, of course, take an oath to use their powers only for healing, and Monteiro makes the case that designers in today’s society need something like that too. They also need labor unions in order to better empower individual designers to make tough decisions that would otherwise put their livelihoods in danger. (Monteiro draws on his first-hand experience in San Fransisco to describe how VC-backed technology companies increasingly resemble company towns, providing everything to their employees — and thus making them stand to lose everything, should they ever refuse to carry out an unethical order.) The author goes so far as to suggest that designers should answer to a licensing board — an idea that, he admits, doesn’t have nearly as much current support within the field as the notion of a new labor collective. But Monteiro sees designers as weilding every bit as much power as airline pilots, or lawyers, or physicians. (Let alone motorists.) He feels it past time for that power’s responsible use to be checked by an independent agency.

I also appreciated Ruined by Design’s argument for diversity within design practices, and its naming a simple, one-action path to attain it: hire people from different backgrounds. More diverse backgrounds means more internal coverage of different life experiences brought into an organization, and this in turn means more horrible mistakes averted. He relates the story of how Dr. Frances Oldham Kelsey, one woman working among a sea of men, single-handedly refused to rubber-stamp the approval of thalidomide for use by pregnant women in the US — and thus prevented untold disaster. And as an anti-example, he looks across the street to Twitter today, which he perceives as launched and still operated primarily by white tech-bros who designed a system only around themselves. And thus, no clue about the harassment and abuse it invites, by design, to all users who didn’t resemble them.

I don’t think I’d before this read a description of the virtuous cycle that a proactive-hiring stance can bring to an office — especially once it gets over the hump of initial and perhaps awkward “diversity hires”, leading to a new reality of a suddenly wide-open field of candidates more willing to work there. Using gender as an example axis, Monteiro writes of his own company: “When women apply here, they see themselves reflected in who’s interviewing them, making this feel like a more welcoming place.” That strikes me as pleasantly bankable advice for any organization — whether the money-making enterprises this book has in mind, or the nonprofits that I tend to find around myself.

Ruined by Design has a sometimes strange and uncomfortable attitude towards its own narrative, feeling almost like it was written front-to-back, getting its thesis in-line as it went and not necessarily cleaning up after itself. I take this as intentional to some degree, but still felt distracted by a certain amount of flagellatory loathing towards his own generation of designers that the author engages in before the book really starts to state its case more convincingly. Reading with an open mind, I take the opening screeds that amount to we have ruined everything and should all just die and give the next batch a chance to do better as setting the table for the book’s subsequent arguments that today’s design leadership should put the work in to make room — just delivered in a state of initial shock and hopelessness before the book talks itself into a better mood.

Other oddities include the presence, in the center, of Monteiro’s contemporaneous essay “We build a broken internet, and now we need to burn it” — a very effective provocation when published by itself, but feeling rather at cross-purposes to this book’s core message of proactive improvement. I also read with some bemusement the author’s clear view that Facebook might still redeem itself by way of its designers, if they choose to exert their will from within the companhy — while Twitter, somehow, lay utterly beyond repair or even forgiveness. And yet, I did find compelling Monteiro’s argument that Twitter’s core business model has moved from its original intent of mass intercommunication to a company that makes money by prodding you to get into fights with chortling racists, thus disincentivizing the company from pushing them off the platorm. However jarring, I value this sort of blunt reminder why efforts like the IndieWeb remain important, and worth my own continuing time and attention in the years ahead.

3 reactionsShare or reply to this post on Twitter!

A three-panel Garfield strip. Panel one: Garfield, Jon, and another man gather around a sprouting plant. The man says 'Then, once the potato is dug up, it is sliced, deep-fried, and bagged. Voilà, you have your potato chip.' Panel two: Garfield wanders away. Panel three: Garfield lies down. End of strip.
An example “silent-Garfield” remix by Astrid Giese-Zimmer (original context here)

I began yesterday with an idle visit to a certain news website where an opinion writer quipped a comparison between some current item and Garfield Minus Garfield. And because I hadn’t commenced my day’s work yet, this meant that I could bend the entirety of my mental attention towards an unresolved mystery that has bothered me ever since that particular bit of comics-remix tomfoolery rode its own shooting star, a few years back.

I summed it up in a tweet, thus:

Delightfully, this within minutes had caught a double-digit amount of reactions from both friends and strangers, all of whom agreed with me that, yes, they all remembered something matching my description, and yes, it was funnier than Garfield Minus Garfield. As Leon Arnott so excellently summed it up, this dimly recalled work was basically the Threes to the other’s 2048: something amazing and original that became almost immediately eclipsed by an inferior clone, which then through some fluke managed to capture all the world’s love and attention — and leaving the fist thing’s tiny cadre of fans forever bitter at the injustice.

Expanding this a little: Garfield Minus Garfield turns the strip into nonsense, deriving its humor mainly by playing on life-long familiarity (for anyone born after 1970) with Garfield characters. Read with no cultural context, it merely depicts Garfield’s owner Jon as a gibbering lunatic, shouting at the walls of his empty home. Its untitled predecessor — let’s call it Garfield Can’t Talk — does better than this: it transforms Garfield’s greeting-card pabulum into the chronicle of a pathetic man who talks to his cat all day, and the cat responds only by staring back, or wandering off, or glancing wearily at the reader. Sometimes these staring silences stretch across multiple panels.

I would not make the case that Garfield Can’t Talk is a good comic strip; I wouldn’t want to read it daily, no more than I would its source material. But it did present the world with such a wonderful example of a purpose-built but elegant remix-filter: just cut this little bit out, and watch this comic strip about a snarky cat and his silly owner turn into that comic strip about an indifferent cat and his pathetic owner. When considered in this light, Garfield Minus Garfield feels like the creation of one who liked this a lot too, and thought that cutting out twice as much would make the result twice as funny, and thus missed the point entirely.

Anyway, I posted that tweet. And then a beautiful thing happened: so many of the people that it unexpectedly jolted on a Wednesday morning felt compelled to scour the web for evidence as to the forgotten project’s existence. Collectively, they did some excellent detective work, some of which you can see for yourself in the replies to my first tweet.

If I may summarize their findings: As best as anyone can tell, what I call Garfield Can’t Talk first appeared on the forums of Something Awful, a pre-Reddit cultural trash compactor responsible for a great deal of the infectious remix-catchphrasing of the early web. (Remember “All Your Base”?) It may have started to vector into the wider world by way of a now-defunct website called “Truth and Beauty Bombs”; this 2006 article by Eric Burns-White describes the phenomenon from a point of view contemporary with the game’s discovery, and points to an apparently lost-to-time thread elsewhere.

From these origins, other websites joined in on the fun, including this LiveJournal community (hollow with age, but with a few strips still clinging to its rusting skeleton), and these comics by Tailsteak. We can see how quickly folks started their own twists to the game, such as redrawing the strips from scratch in their own style, but otherwise remaining faithful to the originals. And Garfield Minus Garfield seems to have begun in that spirit: well, what if we erased even more, ha ha? And then, because nothing in life needs to make sense, that became the permutation that caught the world’s favor for a while.

Interestingly, the subtler humor of Garfield Can’t Talk looks like it gets independently rediscovered and re-implemented every so often in our fallen, post Garfield Minus Garfield world. See, for example, Realfield, which finds another in-between spot for the gag, replacing every appearance of Garfield with a more realistically drawn (and therefore always blank-faced) orange cat. See also Silent Garfield, which apparently re-posts a pared down Garfield strip as soon as the original appears on its own website, with a mechanical fervor that cares little for the humor value of the result.

So, that’s my report to the internet on this topic. I wasn’t imagining this older, funnier Garfield permutation, and neither were you. Some, indeed, keep its candle lit, more than a dozen years later, standing in the long shadow of Garfield Minus Garfield. This BoingBoing article re-discovered the joy of the original joke in 2014, describing it as something new. I see this as emblematic as anything that for long as Garfield continues, people will continue to rediscover and re-share this mutation of it.

I shall conclude by noting how my pal Joe misread me as casting shade on the more popular work. I do not mean to disparage Garfield Minus Garfield, or suggest that it does not deserve the attention and financial reward that it caught. I merely claim its utter inferiority to that which came before. Indeed, I can only find it on-brand for a late-aughts web project to have taken the sloppy beauty of a many-handed effort spread across multiple domains, and create fame and fortune for one artist through a slickly packaged effort that all but snuffed out any cultural awareness for its predecessor.

This article was also posted to the “comics” section of Indieweb.xyz.

7 reactionsShare or reply to this post on Twitter!


Previous post: Narrascope! and other stuff I’m doing this year