(no subject)

Followup to my Facebook fiasco - I have now got back in by giving it Jessica's phone number. Somehow that is valid confirmation that I am me, while actually valid photo ID went completely ignored for three days. Well played, Facebook. (I then immediately deleted the phone number from my account because fuck you Facebook I don't want a phone number on my account, let alone someone else's phone number!)

(no subject)

That's pretty messed up - a few days ago Facebook decided to accuse me of not being a real person, and challenged me to identify 5 friends from randomly selected pictures. That would be easier if half the pictures weren't indistinguishable baby pictures, and if Facebook hadn't aggressively encouraged me to 'friend' everyone I've ever met in the slightest capacity many of whom I have no idea what they look like today since I last saw them 20 years ago, but I managed to barely defeat the challenge, and regained access to the account.

24 hours later it decides to accuse me of not being real again, and this time it wants a phone number to confirm that I'm a person. So I give it a phone number. "We're going to send a text now, okay?" Well, no, that phone number can't receive a text, and I don't have one that does. "In that case just scan and send us some government-issued photo ID!"

What the hell? This isn't a high-security dealy like a bank account, it's Facebook, and there wasn't any valid reason for the accusation in the first place - the only reasons I can conceive of for this happening are either that I have a funny name that has matched some new no-fake-names algorithm, or someone has decided to report my account as a fake and Facebook just arbitrarily takes someone's word about such things a second time even after the accusee has jumped through hoops to show the accusation to be false less than a day earlier.

But it's worse than that, because Facebook has become such a ubiquitous thing that many sites have a "log in using Facebook" button - so Facebook deciding to randomly cut you off from your account isn't just cutting you off from their service, they're cutting you off from an unknown number of other services too.

And it's worse than that too, because the remedy "send us photo ID", which I'm willing and able to do because they do say "obscure any parts that aren't relevant", and I have a scanner and am okay with Photoshop (what the hell would my mother in law do with this situation?) ... this remedy isn't actually processed in a timely manner, so even if you're willing and able to jump through hoops you're still cut off from whatever accounts you use Facebook to log in to for an arbitrary amount of time.

Yet another reason why I wish "log in using Facebook" buttons were replaced with "log in using singlepassword.com", a hypothetical nonexistent service for which you would create an account as anonymous as you like and use it to log in to any other accounts.

(no subject)

A product that should exist; robot simulator. With several environments and components as plugins so they can be easily added, with everything based on things that actually exist - so you could build a virtual robot, for example, made of an arduino board or a raspberry pi, say, with moisture sensors or GPS or cameras or LEDs or lasers or motors or arm-controllers or touch-screens or whatever, attached to whatever pins of the boards, plus batteries or solar panels or etc. then you can program it in a virtual arduino/pi programming environment, and see how it operates in a given context.

  1. Prototype a concept without having to buy parts or solder anything.
  2. It would be a fun game to make fake robots fight each other or solve problems. It could be better TV than "Robot Wars" because there wouldn't be any safety limitations! (You could apply price or weight limits for different robot classes.)
  3. Get your prototype actually built since the virtual one is essentially assembled from real parts.
There was a game kind of like this years ago, but the programming part was a very limited pseudo-language of drag-and-drop instructions, and the available components were also very limited (there was no GPS or triangulation facility, nor any sort of 'out' signals, only passive 'receive' signals, geared entirely to fighting robots in a very limited arena, rather than solving problems).

I realize it seems like an insanely complicated thing, but there's already basically all the physics simulation that's the hard part, making realistically inaccurate sensors is mostly trivial by comparison (though doing things like lasers flickering at an invisibly high frequency coupled with light sensors or large volumes of flowing water could be tough - it wouldn't be that hard to simulate adequately but it would be hard to simulate in real-time. But for non-human-controlled robots that's fine, you could simulate it slow overnight and play it back real-time the next morning to see what happens.)

It seems like if such a product existed it would likely lead to vastly faster development of all sorts of useful automation. A lot of people like to solve problems or make cool things, but we can't all afford the hardware to experiment.

(no subject)

I am surprised. I was predicting that some time in the last few weeks there would have been a lot of noisy news about poor sales figures over the Black Friday and Cyber Monday time, but I haven't seen a one. I was planning to be grumbling "maybe your sales figures wouldn't be rubbish if you were having actual worthwhile deals!"

Maybe they successfully sold a lot of things despite all the deals being pretty pathetic this year, in which case I suppose we can expect every future Black Friday to consist of ads saying "it's Black Friday! Buy something at its usual price or even more!" And people queuing up overnight to do so just out of a sense of tradition.

(no subject)

Recently, there's been a fair bit of noise about Rick Santorum saying "We will never have the elite smart people on our side". It got me thinking about what could possibly be the justification for saying something like that, given that it seems pretty risky to call your target audience relatively stupid right to their faces. The only thing I could come up with is kind of silly, and is not a serious suggestion at all, but if it were the goal then it would be completely brilliant; that idea is that it's a fantastic piece of misdirection, a kind of mental sleight of hand, designed to get people who think of themselves as smart to unthinkingly buy into the idea that there are two "sides", and thus perpetuate the reign of Kang and Kodos. (Against this argument must be raised the point that nearly everyone already bought that idea, hook, line and sinker, so there would be absolutely no need to sneakily subconsciously re-endorse it. So instead we can fall back on "never attribute to malice what can be attributed to incompetence.")

(no subject)

The junk undermining SSL/https makes me angry. For people who don't make websites, here is a quick explanation; https means your connection with a website is both encrypted and verified to be the real site. The encryption is a good and desirable thing. The verification is achieved through third party "root certifiers", and costs an unjust amount of money every month (given that the act of weakly verifying that you are who you claim is something done once, and renewing is something done without human intervention, a cost of say $50 once and maybe $5 per year would be reasonable). There exist organizations that verify who you are better, and issue SSL certificates at no cost, but they're not in the "approved list" so browsers won't recognize those certificates.

Now the thing that makes this annoying is that when the browser doesn't recognize a certificate's verifier, you get giant alert boxes swearing that the offered certificate is made of toxic slime and will eat your face off given the chance, making it seem like the website in question is less secure than a website that doesn't even try to be secure (ie. you don't get any alerts about face-eating when you go to any site without https). So while you technically can just have the encryption without the verification, using a self-signed certificate, no users would visit your site because their browser makes it sound like a terrible scary disaster waiting to happen.

Now to some extent this does make sense - it's plausible that, with an unverified certificate, someone can intercept your conversation with a server by pretending to be the server, to you, and pretending to be you, to the server, and thus steal all the data. This is known as a man in the middle attack. It's prevented by root certificate verification. The prevalence of this kind of attack is approximately zero attacks in every thousand, so the mandatory verifying is very helpful for preventing those zero attacks.

Without encryption at all, you can just passively 'sniff' traffic to steal passwords - this is maybe five attacks in every thousand, which could be prevented with encryption, which would be a lot more prevalent if you didn't have to do the damn verifying. So that's five attacks in every thousand that aren't prevented because of the additional security price hurdle that prevents websites from bothering with encryption. This is why I am annoyed by it.

Most of the other 995 out of a thousand attacks involve installing trojans on people's computers and stealing their passwords right from their keyboard or browser. None of the security measures discussed help with that. So basically, SSL certificates ask that you pay money every month to prevent zero attacks, to make your website more secure, while still being vulnerable to the vast majority of attacks. SSL is the internet's TSA.

(no subject)

Today I came up with the silliest idea for an income tax loophole. For it to make sense, you first have to know that gambling winnings are taxable as income, and gambling losses are only deductable as an offset against gambling winnings (except the stock market, where you can deduct all losses for years, because that's gambling for politicians and lobbyists, and those guys don't like to pay taxes, everyone else loves it.)

Here's how you can exploit this as a tax loophole.

Step 1: Have your employer pay you minimum wage plus a limited number of gambling opportunities at odds which average out to winning the rest of your wage. (eg. if you're paid $20 an hour and minimum wage is $10 an hour, your new wage is $10 an hour plus an option of 20 opportunities to gamble $1 against $2 with 50:50 odds.) So now half of your income is legitimately "gambling winnings" and can be declared as such.

Step 2: Open shops at which you can 'gamble' for all the things you would normally buy. 10 cents for a one in twenty chance of winning a loaf of bread, a loaf which normally costs $2. Now your "gambling losses" are more than half your income, though your "gambling winnings" are also increased by the same amount when you win the bread since you also have to declare non-cash prizes, leading to...

Step 3: The gambleshops also sell all prize items for ten percent of their normal-shop price, limit one item per customer (lifetime). Thus we establish that the tax-declared 'value' of your 'prize' loaf of bread is just 20 cents, since that's what you can buy it for.

Bringing it all together, now you work for an hour and earn $10 regular income, gamble 20 times and now have $20 (on average, made up of your initial $10 plus $20 gambling winnings and $10 gambling expenses/losses). Now you gamble for bread 100 times, winning 5 loaves, costing you $10 ($10 gambling losses, and $1 in gambling winnings of 'prizes'). Your running totals for the taxes are now $10 regular income, $21 gambling winnings, and a deductible $20 of gambling losses, totaling $11 of taxable income, versus the normal-world $20 you'd be taxed on for that same practical result.

Essentially, the idea is that through making everything "gambling" you can make everything you "win" instead of buying tax-deductible. Note that this only works if you're also paid in "gambling winnings", because the "losses" wouldn't be deductible otherwise, and also only works if you establish the "value" of what you "win" as lower than its normal cost, because otherwise your additional prize-winnings will be equal to your losses and cancel them out.

I would love to see the court case that would result when the IRS cries "fraud" if someone actually set up a town that worked on this basis. Presumably the argument would be about the "value" of the prizes, but what is the true value of a loaf of bread prize? If that was the argument then, worst case, you could still end up tax-deducting the difference between what you pay for a loaf of bread and what a loaf of bread costs the store wholesale. I'd be really interested to find out what the true and proper value of intangible goods is in the eyes of a court too - if you were to win rental of a house that has never been rented for money, what was that prize's cash value according to the IRS?

(no subject)

I've just made a little one-week-game-jam game available on Kongregate. The Tell-Tale Heart. The jam theme was classic literature.

The other part of this post is to help other people integrating Kongregate stuff into a Unity game, because all the documentation for doing that is completely terrible and lots of it is outdated. The best one I found does a bunch of stuff nobody wants to do (dealing with Kongregate payments and inventories) and didn't deal with stats or properly deal with late-login, but it was still the most helpful one. So here's my Unity C# code, helpfully documented, for dealing with Kongregate stats (for badges) and login properly and ignoring payments and inventories! Unity Kongregate API object. Hopefully this will get google-ranked above most of the unhelpful stuff after a while!

delicious horrible-looking lentil mulch

It's lazy recipe time! I call this one "delicious horrible-looking lentil mulch". It was created as a soy-free available-in-America analogue to one of my old convenient meals "beanfeast mince and tatties".

  • One tin of black olives
  • A couple of cups of mushrooms
  • An onion
  • Some olive oil
  • A stock cube
  • A half cup of red lentils
  • Two tins of new potatoes
  • Some spices. I used a serrano pepper, a teaspoon of paprika, a teaspoon of turmeric, and a sprinkle of dried cilantro
  • A teaspoon of cornstarch.
  1. Finely chop the olives, mushrooms and onion. I used the food-processor slicing blade because this is a lazy recipe. A regular food-processor blade doesn't do it though, I tried that last time, mushrooms just bounce around wildly.
  2. Splash a little olive oil on the bottom of a saucepan, and heat it up. Dump all the sliced stuff in and stir it around for a few minutes.
  3. Add about a cup and a half of hot water, and the stock cube. Stir it around. (I guess you could use a cup and a half of cartoned stock here instead to be even lazier)
  4. Add the lentils and spices, stir it around again. Let it simmer for a couple of minutes.
  5. Add the tinned potatoes. Simmer for a couple more minutes.
  6. Mix the cornstarch with a small splash of cold water (just enough for it to become runny, it doesn't take much), then pour it in and quickly stir it.
  7. Simmer for about another 10-12 minutes, until the lentils are soft.
  8. Serve in a bowl with optional salt and/or delicious hot sauce.


Since most Kinect games are fitness/rhythm games, where the 'gameplay' involves doing what the screen tells you to do, when it tells you to do it, perhaps instead of "you are the controller", Microsoft should have gone with the slogan "you are the controlled".