Dan Q

Category: Personal

My first thoughts on Outside.

This self-post was originally posted to /r/outside. See more things from Dan's Reddit account.

I’ve been playing for a little while now, and here’s my thoughts so far:

  • I love the open world aspects of the game; I’ve never played anything where there’s been quite so much freedom (especially when you’re just starting out). It’s taken a while to get used to the areas which are only accessible at certain times of day, though, like some of the shops. Also: the quest-givers who seem to give me the most money seem to want me to complete missions during the same hours that the shops are open, so I have to choose one or the other – what’s with that?
  • Sometimes I feel like I’m stuck, but I’ve discovered that if you try enough things, eventually something will work. If you go around picking everything up, it’ll probably be useful at some point (but be careful because the NPC guards will stop you “stealing” things!), and you can sometimes get great results by using combinations of things (for example, I tried imbibing a potion of drunkenness and then wearing a traffic cone the other day, and I’m pretty sure it gave me an invisibility buff: no matter how much I sang, everybody ignored me!). Inventory management is a bit of a pain, but picking up a rucksack has really helped.
  • Not so impressed with the NPCs. I’ve learned that the best approach to getting information and quests is to talk to everybody, but most of the people I talk to don’t want to say anything, or just repeat the same few phrases over and over (“Go away,” “Stop bothering me,” etc.). I’ve tried offering things for trade, but most of them aren’t interested in my traffic cone or my crayons or my rucksack: I’m honestly not sure what most of them are for!
  • Anyway: I know that some of you must have been down this quest track, too – I’ve seen you wandering around wearing your traffic cones and carrying your rucksacks. So I’ll jump ahead a bit and save from spoiling it… Here’s where I’m stuck: I’m in the padded room in the hospital, and I can’t get past the boss of the doctors. I tried eating the crayons, to see if they’d give me strength (one of the NPCs here suggested it), but it doesn’t work. The doctors are a seriously creepy monster, by the way – they keep talking about you having “delusions” or something – but I’m sure there’s a way to get back to the main quest track. Any tips?

Repost posted at UTC on .

No comments

Counterfeit Monkey

Earlier this year, I played Emily Short‘s new game, Counterfeit Monkey, and I’m pleased to say that it’s one of the best pieces of interactive fiction I’ve played in years. I’d highly recommend that you give it a go.

Counterfeit Monkey
Counterfeit Monkey is one of the best interactive fiction games I’ve played in years. And not just because I love puns.

What makes Counterfeit Monkey so great? Well, as you’d expect from an Emily Short game (think Bee, which I reviewed last year, Galatea, and Glass), it paints an engaging and compelling world which feels “bigger” than the fragments of it that you’re seeing: a real living environment in which you’re just another part of the story. The island of Anglophone Atlantis and the characters in it feel very real, and it’s easy to empathise with what’s going on (and the flexibility you have in your actions helps you to engage with what you’re doing). But that’s not what’s most-special about it.

A game of Counterfeit Monkey, underway.
I’m in a bar, presumably in need of a pint of apple. Apple? That’s not what I mean! Where’s my P-Remover when I need one…

What’s most-special about this remarkable game is the primary puzzle mechanic, and how expertly (not to mention seamlessly and completely) it’s been incorporated into the play experience. Over the course of the game, you’ll find yourself equipped with a number of remarkable tools that change the nature of game objects by adding, removing, changing, re-arranging or restoring their letters, or combining their names with the names of other objects: sort of a “Scrabble® set for real life”.

Brought your pet abroad? Consider linguistic realignment therapy. Even a domesticated cat can give birth to chatons. (A public service announcement by the Bureau of Orthography)
Wise words from the Bureau of Orthography.

You start the game in possession of a full-alphabet letter-remover, which lets you remove a particular letter from any word – so you can, for example, change a pine into a pin by “e-removing” it, or you can change a caper into a cape by “r-removing” it (you could go on and “c-remove” it into an ape if only your starting toolset hadn’t been factory-limited to prevent the creation of animate objects).

Dental Consonants Ltd. - what we can't do isn't worth doing. Absolutely no palatials or labials, guaranteed.
Poster for Dental Consonants Ltd. Get your consonants here!

This mechanic, coupled with a doubtless monumental amount of effort on Emily’s part, makes Counterfeit Monkey have perhaps the largest collection of potential carryable objects of any interactive fiction game ever written. Towards the end of the game, when your toolset is larger, there feels like an infinite number of possible linguistic permutations for your copious inventory… and repeatedly, I found that no matter what I thought of, the author had thought of it first and written a full and complete description of the result (and yes, I did try running almost everything I’d picked up, and several things I’d created, through the almost-useless “Ümlaut Punch”, once I’d found it).

Atlantida
Atlantida, nominal ruler of Anglophone Atlantis.

I can’t say too much more without spoiling one of the best pieces of interactive fiction I’ve ever played. If you’ve never played a text-based adventure before, and want a gentler introduction, you might like to go try something more conventional (but still great) like Photopia (very short, very gentle: my review) or Blue Lacuna (massive, reasonably gentle: my review) first. But if you’re ready for the awesome that is Counterfeit Monkey, then here’s what you need to do:

How to play Counterfeit Monkey

  1. Install a Glulx interpreter.
    I recommend Gargoyle, which provides beautiful font rendering and supports loads of formats. Note that Gargoyle’s UNDO command will not work in Counterfeit Monkey, for technical reasons (but this shouldn’t matter much so long as you SAVE at regular intervals).
    Download for Windows, for Mac, or for other systems.
  1. Download Counterfeit Monkey
    Get Counterfeit Monkey‘s “story file” and open it using your Glulx interpreter (e.g. Gargoyle).
    Download it here.

(alternatively, you can use experimental technology to play the game in your web browser: it’ll take a long time to load, though, and you’ll be missing some of the fun optional features, so I wouldn’t recommend it over the “proper” approach above)

× × × ×

Article posted at UTC on .

6 comments

Note #25842

Yesterday’s jaunt with wasn’t QUITE my fill of comedy. So tonight, I’m off to the in Angel for their open mic night.

Note posted at UTC on .

No comments

Note #25844

After a wonderful night of comedy with , I’m back in the office (in the building that caught fire), now powered by a huge generator.

Note posted at UTC on .

No comments

Note #25846

Decamped to a number of venues around East London. The team I’ve been working with and I are in the basement of a nearby cafe!

Note posted at UTC on .

No comments

Note #25848

Still no power at following yesterday’s fire. Just waiting for more people to arrive so we can work out where we’re working today.

Note posted at UTC on .

No comments

Note #25850

Expected a gimmick. Expected it to be about the food. But it’s not. It’s about so much more than that. Would eat here again.

Note posted at UTC on .

No comments

Note #25852

Just came out of Dans Le Noir, the restaurant where you eat mystery food in the dark, and… OMG.

Note posted at UTC on .

No comments

Note #25854

Visiting in London when… Building caught fire! Heaps of smoke, two pumps. Been evacuated.

Note posted at UTC on .

No comments

Phone Security == Computer Security

The explosion of smartphone ownership over the last decade has put powerful multi-function computers into the pockets of almost half of us. But despite the fact that the average smartphone contains at least as much personally-identifiable information as its owner keeps on their home computer (or in dead-tree form) at their house – and is significantly more-prone to opportunistic theft – many users put significantly less effort into protecting their mobile’s data than they do the data they keep at home.

Nokia E7, showing lock screen.
Too late, little Nokia E7: I’ve got physical access to you now.

I have friends who religiously protect their laptops and pendrives with TrueCrypt, axCrypt, or similar, but still carry around an unencrypted mobile phone. What we’re talking about here is a device that contains all of the contact details for you and everybody you know, as well as potentially copies of all of your emails and text messages, call histories, magic cookies for social networks and other services, saved passwords, your browsing history (some people would say that’s the most-incriminating thing on their phone!), authentication apps, photos, videos… more than enough information for an attacker to pursue a highly-targeted identity theft or phishing attack.

Pattern lock configuration on an Android mobile phone.
Android pattern lock: no encryption, significantly less-random than an equivalent-length PIN, and easily broken by a determined attacker.

“Pattern lock” is popular because it’s fast and convenient. It might be good enough to stop your kids from using your phone without your permission (unless they’re smart enough to do some reverse smudge engineering: looking for the smear-marks made by your fingers as you unlock the device; and let’s face it, they probably are), but it doesn’t stand up to much more than that. Furthermore, gesture unlock solutions dramatically reduce the number of permutations, because you can’t repeat a digit: so much so, that you can easily perform a rainbow table attack on the SHA1 hash to reverse-engineer somebody’s gesture. Even if Android applied a per-device psuedorandom salt to the gesture pattern (they don’t, so you can download a prefab table), it doesn’t take long to generate an SHA1 lookup of just 895,824 codes (maybe Android should have listened to Coda Hale’s advice and used BCrypt, or else something better still).

iPhone showing the PIN lock screen.
An encrypted iPhone can be configured to resist brute-force attacks by wiping the phone after repeated failures, which replaces one security fault (brute-force weakness) with another (a denial of service attack that’s so easy that your friends can do it by accident).

These attacks, though (and the iPhone isn’t bulletproof, either), are all rather academic, because they are trumped by the universal rule that once an attacker has physical access to your device, it is compromised. This is fundamentally the way in which mobile security should be considered to be equivalent to computer security. All of the characteristics distinct to mobile devices (portability, ubiquity, processing power, etc.) are weaknesses, and that’s why smartphones deserve at least as much protection as desktop computers protecting the same data. Mobile-specific features like “remote wipe” are worth having, but can’t be relied upon alone – a wily attacker could easily keep your phone in a lead box or otherwise disable its connectivity features until it’s cracked.

A finger swipes-to-unlock a Samsung mobile phone.
The bottom line: if the attacker gets hold of your phone, you’re only as safe as your encryption.

The only answer is to encrypt your device (with a good password). Having to tap in a PIN or password may be less-convenient than just “swipe to unlock”, but it gives you a system that will resist even the most-thorough efforts to break it, given physical access (last year’s iPhone 4 vulnerability notwithstanding).

It’s still not perfect – especially here in the UK, where the RIPA can be used (and has been used) to force key surrender. What we really need is meaningful, usable “whole system” mobile encryption with plausible deniability. But so long as you’re only afraid of identity thieves and phishing scammers, and not being forced to give up your password by law or under duress, then it’s “good enough”.

Of course, it’s only any use if it’s enabled before your phone gets stolen! Like backups, security is one of those things that everybody should make a habit of thinking about. Go encrypt your smartphone; it’s remarkably easy –

Article posted at UTC on .

2 comments

TIL that the Malaysian government is one of few who HAVEN’T asked Google to censor satellite photos of sensitive areas, because they feel that to do so would make it MORE obvious where the sensitive areas are!

This link was originally posted to /r/todayilearned. See more things from Dan's Reddit account.

The original link was: http://web.archive.org/web/20070509182328/http://www.nst.com.my/Current_News/nst/Wednesday/National/20070328080627/Article/local1_html

MALAYSIA will not ask Google Earth to blur images of the country’s military facilities to avoid terrorist attacks. Defence Minister Datuk Seri Najib Razak said doing so would indirectly pin-point their location anyway.

“The difference in, or lack of, pixelation of images of the military facilities compared to the surrounding areas will make it easy for visual identification.” In his written reply to Datuk Dr James Dawos Mamit (BN-Mambong), Najib said the images were provided worldwide commercially.

Repost posted at UTC on .

No comments