A title this would be, had I the originality.

Itinerary 2.

2009-10-29T00:14:47Z

I'll be returning to the US on the 11th/12.

London (LGW) to Charlotte (CLT) 11/12/09 11:35 am - 3:50 pm US Airways 733
Charlotte (CLT) to Austin (AUS) 11/12/09 6:25 pm - 8:38 pm US Airways 2621 Operated By: US AIRWAYS EXPRESS-MESA AIRLINES
Austin (AUS) to Charlotte (CLT) 02/04/10 11:30 am - 2:58 pm US Airways 2640 Operated By: US AIRWAYS EXPRESS-MESA AIRLINES
Charlotte (CLT) to London (LGW) 02/04/10 6:15 pm - 7:10 am US Airways 732

Mean time before failure, in series.

2009-10-23T19:18:58Z

If you have a bunch of lights in series, and you know the mean time before failure (MTBF) per lightbulb, how do you calculate your overall MTBF? Or, same question, but substituting "lifetime" for "MTBF"?

I suspect it's not as simple as "each bulb has a 1 in 10,000 chance of failing in any hour, I have 100 bulbs, thus my MTBF is 100 hours", since the failure graph isn't linear, it's bathtub shaped.

An experiment in time travel: I need your help!

2009-10-17T16:44:37Z

This post will be written retroactively at some point (once I get enough comments!), and will be written in the future, so that as many of the comments as possible make sense.

So please comment creatively!

I can see it going several ways ways: people building upon each other's posts (which might shoehorn me), or competing with different topics (which might make the initial post harder to write), or they could do something I don't expect, or they could just not comment at all...

In the UK again, phone just got stolen.

2009-09-23T16:02:59Z

Phone had all my passwords from everything. If you've ever given me access to anything, please revoke it and change your passwords to be secure.

Admittedly, the passwords were encrypted, but there's no telling whether the reader of the encrypted files makes a temp version that's undeletable when it read them. I *think* it takes steps against that, but never tested. So just be safe.

Some days are good... some are less so.

2009-09-17T05:41:13Z

Well, woke up to find a note through my door saying we were overdue for a bill we'd already paid, had to go to my landlord to sort that out.

While I was there, I learnt it'll be at least another week before they fix our dishwasher.

Which is annoying, since it's the 16th and I'm going back to the UK on the 22nd - not looking forward to it, and stressed trying to get everything done by then. I told 'em I'd not pay full rent if it wasn't in by the end of the month, because two months to replace a dishwasher is just silly.

Then when I got to work, someone else's bug meant one of the products we sell was broken so I had to spend three hours tracking down and fixing the bug and another two hours finding everyone who'd bought the broken product and fixing it for them.

While I was tackling that, one of my friends needed help with his server where we'd moved the domain name to a new server but not copied any of the stuff over... so I fixed that.

Then my wife rang and said she was gonna cook something nice for me tonight! Whee! :D

Then I could finally get working, and found that what I'd been working on for the last three days was in fact impossible.

Meanwhile my wife was panicking because our house was flooding because next door's sink was leaking. It was obvious as soon as she said it that there was no meal waiting for me when I got home.

Then before I could go home early and help my wife, the server died because one of it's partitions was full, inconveniencing about 4000 people, so I had to fix that.

When I got home I found that our big closet filled with cardboard boxes of stuff was all soaked, so that meant hours of manual labour to move everything out of there so the engineers can get in and fix it tomorrow... assuming they're faster at that than they are at fixing dishwashers.

Through all that, my knee has been hurting badly. I'm gonna have to get a doc to look at that when I get to the UK.

As a reward, I decided we would order out pizza, only to find the local pizza delivery place closed just before we ordered.

Day wasn't a total loss, though. I cooked us pizza and didn't burn it. Yay.

John Romero seems a pretty nice guy.

2009-09-16T07:11:08Z

John Romero is probably the biggest Name in the gaming industry. Sure, amongst my circle of friends, Richard Gariott is bigger, but John Romero has household name status, and there's prettymuch no other game designer that can say that.

In person he's a nice guy. Quiet, unassuming, and friendly, he's far from the raging demon reputation that precedes him. He seems happy to listen to others speak... or that could just be that Dr Cat gives few people the option of speaking ;P But yeah, even when speaking, he never pushed himself forward in any of the conversations I saw, never grabbed the limelight.

Dr Cat knew him because they worked together in Origin, in the pre-Doom days - Romero gave Cat a collection of all the games he'd made when he arrived, and inherited Cat's computer and printer when he left, including the melted rubber rat stuck to the printer.

I met him, and a few other names, at a game night organised by Steve Meretzky in Austin that Cat took me to. Was a nice crowd. We were there so that Cat could talk with a guy named James Ernest, who you may well know from Cheapass Games. He demoed a game that Cat and he are considering working on together someday, and Cat in turn demoed the Furcadia iPhone client.

Met a few other people, none of who's names I can remember: I'll ask Cat tomorrow, and edit this.

Mandelson's 2-warnings insanity

2009-09-10T21:42:20Z

Please sign this petition to stop the 2-warnings silliness. It's the one the ORG are recommending.
http://38degrees.org.uk/page/s/mandelsonweb

What's the difference between romance, erotica, and porn?

2009-09-08T20:52:59Z

Someone on the nano forums asked this question. Here's my effort to answer it.

Soap opera: a romantic polygon is formed. Hijinks ensue. Huge amounts of time is spent on showing just how stressed everyone becomes by the situation. Nobody ever actually gets together and has sex: at best they might have a kiss, but it will be interrupted by someone else bursting in. The core conceit is that everyone is emotionally incompetent. Genitals don't exist. Partners know eachother, and have a love-hate love-triangle going on.

Romance: focuses on emotions, feelings, misunderstandings and affections, often abnormal (the love of a master for a servant, etc). Kisses are ardent, frenzied and passionate, and can communicate much about the mental states of the kissers. Sex just sort of fades to black. Lots of heavy breathing and gasping and "Oh Tarquin!" The core conceit is that people who love eachother will fight that love tooth and nail, rather than just say "hey, wanna get married and screw like bunnies? - because that would be a crappy story. Genitals don't exist. Partners know and have strong feelings for eachother, and will ultimately get married, if one of them doesn't die first.

Bodice ripper: A romance where they don't fade to black during the sex. Kisses are hot and bothered and lead on to sex, which is almost always rape, but then the woman decides she loves him and it's OK: kinda like animé rape porn. In bodice rippers the rape is... sort of consensual. I mean, she wants sex, but she doesn't. She totally leads him on, but oh no, can't possibly admit to wanting sex. And then he finally caves and ravishes her, and it's great sex and that makes it somehow all OK in the end. It's the essential conceit for a bodiceripper. Genitals are elided ("he entered her") or referred to primly ("his manhood thrust deep into her resisting warmth.") Partners know and have strong feelings for eachother, but probably aren't willing to admit it to themselves, at least until they get thoroughly raped.

Erotica: focuses on physical sensations, touch, actions, and lusts, often abnormal (the lust of a master for a bound, whipped, lard-smeared, blue-painted submissive, etc). Kisses are barely mentioned except as an entrée to the main course, but you do get to know what the people think about the sex, and maybe about eachother. The core conceit is that everyone is awesome at sex. Sex is almost always consenting: rape doesn't often happen. Genitals can sometimes be purple-prosed ("his jade staff pierced her yoni") or medical (his penis entered her vagina") but nowadays they are tending towards more porny terms. Partners generally like eachother, but may not be permanent partners, nor be planning to be.

Porn: mechanical. Tab A verbs adverbilly into the adjectival slots B, C, and the abnormal D: less concentration on sensation than erotica, more description of what's going on. You may not get any description of what's in their heads at all. Often includes thick slatherings of the author's fetishes. The core conceit is that most people have sex all the time, at the drop of a hat, and think about little else. Rape is considered an extreme act, and is generally sadistic where it happens: victims don't suddenly decide they like it. Genitals are four letters long: "his cock rammed her cunt". Partners may know eachother, but bay also be casual acquaintances who care nothing for eachother, or even anonymous.

Japanese perve porn: bizarrely, this is considered really hardcore, even though it's got basically the same premise/conceit as the bodiceripper. Girl meets guy, surprise buttsex, girl decides she likes it. Differences: girl may not know or like guy; guy may be a tentacle demon; girl may be multiple girls; girl may have a magic transformation sequence; girl may be raped to death, so long as she orgasms first; girl may be in a wheelchair and go on a killing rampage. Genitals have japanese names, or are tentacles. Partners may know eachothers' species.

As a rule of thumb, where you are on the scale from soap opera to perv-porn seems to be mostly determined by 1) how much time you spent not talking about sex; 2) whether the focus is more on the emotional, mental, or physical ; 3) how vanilla the sex is.

Obviously there're grey areas, and you can grab elements of each, though tentacle demon romance is probably a niche market at best.

Do atheists exist?

2009-09-03T17:40:34Z

There seems to be a common strawman attack (or a confusion?) that there exist people who claim that gods logically cannot exist. People who don't call themselves "atheists" claim this is what "atheism" means.

I've never met anyone who claimed this. I do not believe these people exist. Whether people call themselves Atheists or Agnostics, they prettymuch agree that they don't believe in a god, but don't feel they can disprove such things exist, either.

Many feel that an omnicognizant, omnipotent, loving god is logically inconsistent with existence, cleanly disproving the typical idea of the Christian god: but that's it.

If there's really someone out there who feels gods are a logical impossibility, please do stand forward, and if possible, answer the question: "how would the universe differ if a deity exists?"

(which is the flipside of my current favourite question for theists: "Your god seems to have made the universe so it runs itself pretty well: it's a gorgeous engine. If your god took a few days, or even years of vacation from running the universe, how would the observable world be different?")

Hell of a day.

2009-07-26T05:36:04Z

Went to the IGDA picnic at Richard "Lord British" Gariott's castle ranch today. Shook hands with him, the Fat Man, Mike McShaffrey(who did U8/9), most of the DomainOfHeroes.com crowd, and many, many others. And I ate far, far, FAR too much SaltLick bbq.

RG is currently suing his recent employers NCSoft for $24M, touring the country to give talks on his recent trip to space and preparing for another trip to space where he'll... get this... skydive down from space.

Tomorrow I prepare to drive 2000 miles back up to Wisconsin with Heidi, to pack up Her stuff and truck it all back down here.

CANADA! Day 1.

2009-07-03T19:55:18Z

I woke for the last time in my flat, my phone waking me after just two hours of sleep. I went one more time through my checklist: rubbish and recycling was out, a note was stuck to the letterbox to ask people not to stick newspapers through the letterbox, and so on.

I carted the stuff down to the car I'd rented the day before, stuck my phone to a window, set it to guide me with the TomTom, and started out.

First minor mishap was a couple of hundred yards from the house: the phone fell off and under my seat. Not a worry, I could reach it by opening the driver's door and kneeling on the road to get it. I stuck it more firmly, drove on, and a few hours later was at the airport, cursing my stand-in spectacles from three prescriptions ago, which I was using instead of the broken specs that were little more than a couple of lenses in my pocket.

Arriving at the airport, the fuel light glimmering at me balefully, I realised that I had no clue where to drop the car off. I drove into a carpark and looked at my phone. Nevermind, I knew they weren't due to open for a few minutes anyway. I quickly discovered that the numbers on the sim card for directory enquiries no longer worked. Neither did 192. I rang the emergency handset-lost number instead, apologised profusely and asked if they could give me the directory enquiries number. They did, I rang it, and soon I had an address, but no postcode. I waited 'til they'd be open, called, and got a postcode. Keyed it in, and it took me to a junction with no buildings in sight. I rang for directions, followed them, and finally got there after a few minutes, the car running on air and wishes.

Half an hour late for check-in, but half an hour early for last call, I arrived at check-in, answered the questions, and they weighed the bags. One I knew was overweight, but what I hadn't planned for was that the carry-ons had to be a total weight of 10kg - I'd read it as 10kg each. The lady was lovely though, suggested I move 2kg from one bag to another, and checked me in as having only one overweight, even though it was clearly not the case. Yay!

The check-in security was sufficiently painful that I asked them where I should go to register a compliment, which caused much mirth. I went to the customer service desk with them shouting out their gate number and names after me, and happily registered the compliment: I'd been scared of this like nothing else :)

The flight was uneventful, and I arrived in Toronto airport, and disembarked. I made my way through the cursory checks: purpose of visit? Tourism. OK, go on through.

I did, and walked to the coffee shop where I ordered their largest mocha, forgetting for a moment what continent I was in. Armed with a bucket of mocha and cream and chocolate stuff, I sat down and reached for my phone to text Auora and tell her I was here. The phone... was missing.

I wandered to information desk to ask for lost property, and was directed to the office which would only open at 1pm, about five hours later. Hrm. A bit more questioning and I found a desk of people from the airline who radio'd through to the cabin crew who said they couldn't find it. I sat down and went through my stuff: bingo, it had slipped into the hidden inside pocket of my bag, somehow.

Embarrassed, I thanked them, and wandered off, wondering how I could text them given my poor hardworking phone/TomTom was flat. Fortunately, I saw Heidi and her Mom, just arrived, with Nemo and Heaven's Cat. Hugs, and tales of delays and confusions, were passed around, and then we went for another mocha: I opted to forego mine this time.

We drove to the hotel and planned what to do. There was still a fair bit of day left, so we decided to see if we could get the license today and book a wedding for tomorrow. We couldn't get in touch with Ghost Tiger, since I had his number on my phone, and my 240 volt charger didn't work on the 110v US mains. But we felt he probably wouldn't be interested in seeing us filling out a preliminary form anyhow.

We checked online, found the address, and drove to a tube station (called a "subway", though they don't give out breadish deli goodness), passing "Random Street" (the inhabitants of which, I'm sure, very rarely received their mail). We found the town hall, and made our way to the door... only to be blocked by a picketline.

In Toronto, the workers were striking over... something. Some cuts or other. They were letting people through slowly, a couple at a time. We let them know we were from out of state (point being, we didn't vote for their mayor, and couldn't), and were let through in a minute or two.

But the cash machine inside didn't accept my card. Oh noes. fortunately, we had just enough to pay for the license. A few minutes and a monetary confusion later, we had the license in our paws, and made our way upstairs (accompanied by a guard: the building was under lockdown because of the protesters) to the registry office to make an appointment.

The receptionist greeted us cheerily: it was getting on for the end of the day, so she had that "yay, I'm about to get home!" look about her.

She said the officiant had already left for the day, so weddings for today couldn't be booked. With the strikes, they were booked up for daaays. We gave her hopeful looks, explaining that an earlier marriage would let us get home sooner, and we had thousands of miles to go, and the hotel was expensive, and... and she took pity on us: she could schedule a later wedding the next day. She thought about that a moment, then said that, since she was qualified as an emergency officiant, she could do the wedding herself... if we had the money.

We didn't. I just had my card. So she rang her boss, explained our situation to him, said she knew she was meant to take cash only but could she make an exception... and he said to go ahead and take it by card rather than cash.

I was a little worried: we'd not been able to get in touch with Ghost Tiger. Even if we had, it'd take him about half an hour or more to get here, and they would close soon. We thought about it, and decided, given the risk of not being able to get in at all tomorrow with the picketing, we'd do it while we could.

Five minutes later, I left the building a husband, and the picketers cheered us, and cheered again when we asked for a good pizza place for a post-wedding meal, arguing amongst themselves about where the best place was. They called over to the security guys, and eventually a consensus was reached about where we should go for pizza.

Pizza was nommy, and we returned to the hotel room, surfing the free wifi for a bit. Leilani, my new sister in law, was asking if we were having wild monkeysex. I replied that perhaps we might, in the morning, once her mom got out of our bed. This made all three of them laugh, which was good.

The hotel had a pool and hot-tub, so we went there to wind down, and I tried out my prescription goggles. They worked great with a little tweaking, except they steamed up quickly (anyone know how to stop this?)

There was a bunch of kids in the pool, who were in Toronto to learn English. "Eh!" they cried as they leapt into the waters. We swam, and soaked in the hot tub, and sat outside in the darkness of a small patio in our wet bathing costumes and eachother's arms, looking up at the stars. The night air was warm but not humid: we dried quickly.

I was a little unimpressed by the fabled snow of Canada, having met not one polar bear, seal, or Inuit, nor having bought any petrol ("gas", I remind myself) from any igloos. But while unimpressed, I could not find itself to be disappointed.

We returned to our room, curled up, and slept the sleep of the jetlagged and hardworking and married.

I AM MARRIED!

2009-06-25T05:05:32Z

No, WE are married :)
More later.
Please don't phone/txt about it though, it costs crazy money in Canada.

Photos here:
http://www.facebook.com/home.php?ref=home#/album.php?aid=100404&id=574621894

More later.
So tired.

And they're off!

2009-06-23T11:06:42Z

It's getting close!

http://dewimorgan.livejournal.com/41687.html has our plans for the trip.
I'll try to take pics and stuff of the wedding, and stick 'em up here and My FaceBook.

We'll be meeting GT there too! Whee!

Plurals

2009-06-04T03:31:44Z

In English, there's no good way to autopluralise just by looking at the last letter.

For example, given Dwarf, Calf, Half, Roof, Loaf, you'd maybe think it safe to say "-f" -> "-ves".
Even (because of Knife, Life) "-fe" -> "-ves".

But Woof, Oaf, Proof, Roof..

Canny programmers know that the right way is to store a conversion list: Oaf -> Oafs, Loaf -> Loaves.

But Staff -> ???
Clearly as a stick, Staff -> Stave, or sometimes Staffs.
And as a body of employees, Staff -> Staff.

As always, there is no easy out, and the only way to make it all work is a syntactic understanding of the language.

Which is what makes the spellchecker in Google wave so amazing... if it lives up to the demo.

Solipsistic musings.

2009-05-30T21:12:13Z

Solipsism is the philosophical theory that the only thing you can be confident in knowing is that you exist, in some form, by some definition of "exist". "I think, therefore I am."

Of course, soon as you start thinking about that, you get the Matrix problem: how do you know anything else exists? Specifically, anything about the external world (including your own body)? This includes other minds you encounter - they might not exist either. How can you tell if everything else is just an illusion or simulation?

Even the past - what you were doing or thinking before you came to this article - may just be an imposed set of pseudomemories. It is possible that you are currently in a simulation called "Someone_reads_article_on_sylopsism.exe". You didn't exist before the article, and will not exist afterwards.

And that is the question: how DO you tell? It's the old "can't disprove a negative" thing.

At some point, we expect to be able to create sentient entities embedded in an artificial reality. Whether this is people's minds, scanned in some way, or wholly new sentiences, does not matter. The only thing that matters (for this argument) is that they are capable of understanding solipsism, and establishing that in the absence of external input, they have no way of distinguishing their simulation from reality. This understanding, I shall call "sentience" for the sake of this conversation, though any "true" sentience, any ability to pass a Turing test, is entirely optional. Understanding of solipsism is all that's needed.

Once we have such a virtual, solipsism-aware sentience, and we have copied that sentience once so that there are two copies running, then we'll then have very good confidence that our own existence (whether shared by a large number of minds, or restricted only to you, dear reader) is virtual and emulated.

WHY?

Well, the number of real-life (non-virtual, non-emulated) versions of you that can be running at any one time is either one (you are alive somewhere), or zero (you are dead, or were never given physical existence in the first place).

The number of virtual copies of you that could be running could also be zero, and, because we've proved that sentiences can be virtualised and copied, it could also be one, or any finite number.

Once we have a copyable sentience, the Singularity will be around the corner. If you're alive for the first, odds are you'll be alive long enough to be scanned into the Singularity. Every sentient mind that gets included into the Singularity will have its last non-Singularity moments emulated and replayed infinitely: analysed, reanalysed, replayed with variations. The various themes in your life (your love of cats, your dyslexia, your queasiness at the colour beige) may or may not be those various externally imposed tweaks and variations. New sentiences will run "what if" scenarios to see what they'd have been like if they were alive then.

In short, there will be at most one and only one instance of you that is real, and countless billions that are fake: copies who don't know they're copies. The odds of you being "The One", the real person who just happened to be born right in the generations that will see the start of the Singularity, are negligible.

The conclusion is clear.

You are a copy.

At this point, religious people may be thinking: "I have a soul: a virtual me cannot have a soul: thus, I am The One."

You may have had spiritual, religious or supernatural experiences that could not, you feel, believably be emulated by a simulation that was feeding directly into your brain, even though the prosaic reality could be. To me, emulation seems a more likely explanation for these experiences! People with religious experiences report feelings of 'goodness' or 'evil' but we have no sensors for these: this would not be a problem for a simulation which would be feeding these feelings direct into your virtualised mind.

However, it may be that you are convinced by some experience or other that you are in the Real World. I can't argue with that. But I found it interesting how closely my navel-gazing conclusions below matched those of religious people.

Solipsism is useless. Sure, you can prove beyond reasonable doubt that you are a copy, but that tells you nothing about the simulation itself. If your virtual world is an atom-perfect simulation, or just a close-enough approximation, or even a deviation from reality, there is no way to tell.

The most "lightweight" way to engineer such a simulation is to skip everything below the part of the brain that converts sensations into icons, and just feed in the icons. You move to a microscope, push a slide into it, look in, and focus. Your brain is fed a series of icons indicating the success or otherwise of these steps, and some others that are drawn to your attention just because random noise is good: the eyepiece is warm, the lab assistant was using the scope before you. Anything you investigate will be focused on, and provided for you. Where the simulation doesn't know the results to provide, it can search it: the simulation can run as slow as needs be.

Dreams work this way. They "fill in the gaps" so that you just don't notice any inconsistencies. When you walk down a street in a dream, turn round, and walk back... are the paving slabs the same? Would you notice if they were different? You notice a cracked one *and the memory forms in your head* of having seen it when you were walking the other way. You might have, but it's entirely possible it's just dream déjà vu.

So, for solipsism to be useful, it needs to tell us something about our virtual environment. We can, at least, establish whether the simulators give a damn: whether they are proactively benign, or passive.

A proactively benign entity would feel that a simulated person ("sim") who had discovered it was a sim beyond reasonable doubt, should not remain trapped in the simulation. If you feel that the idea of being trapped in a simulation would horrify you (if it DOES horrify you that you ARE trapped in one) then odds are, if you've read this far, then you know that you are not in a simulation made by a proactively benign entity, which means you are not the one running the sim. You can doublecheck this by trying to say any keyphrase, or do any key action, that you would put into a simulation of yourself to allow yourself to end the simulation.

To make it easier: Decide, now and forever, what your "backdoor" will be, if you ever place yourself in simulation. Needs to be something that would be applicable your entire life, or as much of it as possible. Reciting certain words. Whatever. I know what mine will be: telnetting to a specific IP address that doesn't currently exist, and logging in with a specific username and password that would never work on that IP.

Then try them, now.

OK. You're still reading. In that case you are either in a simulation run by someone who doesn't give two hoots whether you work it out or not; or you are not in a simulation. Odds are, one of your (real-world-your, or a simulation thereof) competitors is running this sim to establish something about you. If that's the case, then it's in your interest to do something un-you: preferably, do sufficient random things that in order to copy you and run an instance of every possible random thing, they would need to get more processing power than exists in the universe. Rolling a ten-sided dice every week for two years to decide what to do on Friday night would work, choosing between ten NEW options each week (there are ~10^79 atoms in the observable universe).

If you still remain after that, then you are probably not in a simulation intended to map you in that way. Either that, or they're running you on some kinda quantum computer that could solve for all of those in parallel. Think of a better test against that?

But in that case, you are in an uncaring simulation, which may contain a huge number of us, even all of humanity, lumped in here uncaring like cells in a petri dish. That seems to be the case.

What to do, then? We have proven that the simulator doesn't care about our individual actions. They will terminate the simulation and wash out the petri dish once they get the results they want, or it becomes clear they won't get them, or they get bored.

We've all become Deists. What should we do?

Personally, I intend to live life as if it were not a simulation. There's no point changing my life just because it happens to be virtual, at least until a way of communicating with the person running the simulator is found. I can't know if the other people in the simulation with me are sentient or just icons being fed to me, but it makes sense to assume they are being as thoroughly simulated as I am, and so it behooves me to treat them as real people and to strive to make their lives nicer.

It's the logical thing to do in the absence of other evidence.

The worst trope of all.

2009-05-29T07:41:29Z

The Hero sets out, in the footsteps of his Mentor, tracking him, and ultimately finding him. they have time for a brief chat, then the master dies. Whether in a noble act of self-sacrifice, or a terrible act of betrayal, it doesn't matter, so long as he's dead.

Don't ever, EVER write this story.

This is the most overdone, tedious, dismal, banal trope in the history of histories. It's been done. It's been overdone. It's gone past tradition, past archetype, past tedium, to become nothing more than a raw, anguished shriek from the throat of every reader, every time a Hero finds their mentor.

And the shriek is "HOW LONG WILL YOU LET HIM LIVE, YOU USELESS EXCUSE FOR AN AUTHOR?"

Heros: stop and think for a moment! Why is the mentor hiding from you? Because he knows your writer is a two-bit useless lazy good-for-nothing who'll take the easy way out, and he doesn't want to be killed by such a worthless author!

In only one book has the Hero ever been reunited with a mentor, after a quest to find him, and the mentor has NOT died. In the Lord of the Rings, this happened twice, when Frodo met Bilbo, and again when they re-met Gandalf. LotR did FAKE this trope in Gendalf's fight with the Balrog, though. And yet, of all the many, many things that people copy from LotR, they do not copy this one thing: the knowledge that mentors do not need to be killed between one and two thirds of the way through the book.

But no: repeatedly, writers who are otherwise respectable, repeatedly mete out the same, sad, dreary, fated doom to their mentors. Because they can't see any way of getting the person with wisdom and knowledge out of the picture other than to kill them. "Oh, but the death motivates the hero in a far more personal way than merely saving the world and the love interest and his best friend and..." Crap. Utter crap. Please, stop writing this drivel.

And the sad thing is, it's not just the BAD writers that do this. Even the very best are sucked in by the allure of killing the wise man. It's weird: they put great effort into making their characters more three dimensional than this. Stop making them get themselves killed just because they managed to meet up finally. You're not inspiring emotion, or sympathy for your hero: you're inspiring disappointment, even disgust that you'd ruin an otherwise good story with such tripe.

Like "1984", the "Hero's Journey" was not intended as an instruction manual.

You know what I'd really, REALLY like to see? A book where the Hero catches up with his mentor, and they continue the rest of their journey together, facing dangers and trials together: first with the mentor leading, then side by side, shoulder to shoulder. Finally, if you really, really must have your "crowning glory" moment, and you feel your readers are boarish enough to be unsatisfied with a successfully completed quest and a newfound maturity and equality, then fine, your stupid mentor may show himself less able in some small way, and pass on the mantle. Not because he's DEAD, but because he's PROUD, and the adventure is over.

[What inspired this rant? Fallout 3 (game), Neal Stephenson' Anathem (novel).]

Gissa job!

2009-05-18T17:15:18Z

It's that time of life again! I had an enjoyable yearlong busman's holiday from my jobhunting, working for ABI. But I've pretty much worked myself out of a job now: the last of the projects I was hired to help them finish should be polished off by the end of the week, and it's time to dig out the old job harpoon and set sail again.

Timing couldn't have been better, really. I've got about a month before I go to the US and get married, which gives me a bit of time to get some feelers out, hopefully go to an interview or two, and generally get back into the hunt.

It also means I'm completely open to offers from anywhere in the world - if people in the US are willing to hire me and help with the visa, I'm happy to go there!

Of course, it's also terrifying in an OMG-how-will-I-support-my-new-wife kind of a way, but that just adds to the excitement :)

Social stickiness and the elder game.

2009-05-12T19:27:19Z

Read an interesting post over at the aptly named Elder Game, about a brave attempt by City of Heroes to add user created content to a grind-based MMO.

People commented that the outcome (exploit quests galore) was natural: people don't like the grind, the grind is stupid. Making exploit quests to get around the grind is just common sense!

And the commenters are right: MMORPGs don't have to be about achievement. Which is why the original post said "No achievement-oriented MMORPG has ever had user-created quests before."

Social text mucks, and social graphical MMOs, have relied heavily on user-created content for decades. Furcadia wouldn't still be going strong and growing after a dozen years if it weren't for the fact that user created content is core to the game. SecondLife wouldn't be nearly as popular either.

But... I'm wrong to say that they don't have to be about achievement. When you remove the grind, two other things take over: socialising and creativity. In both of those, the game is only fun if there's achievement.

Socialising achievement is where you wanna become a god, an admin, a higher-up, a beekin, a wizard. You want to become one of the "known names" of the game. If you play for socialising, then when you become as well-known as you can become, you have mastered the game at that point: you "won". I never thought of myself as playing games that way, but then I noticed that there's a huge cooling in my interest in a community once I start getting public acclaim. For example, in the DarkBasic forums, one of the last posts I remember readong was "Hooray for DewiMorgan!"

Creativity achievement is similar: you want to achieve mastery at the creative avenues the system offers. This is the truly "sticky" one, because stuff that takes genuine skill can take a long time to master: art, programming. But again, I notice my interest levels plummet once people start looking to me as an authority in the creativity the game offers. If I'm the "go-to guy", then I've prettymuch scraped the game of all the interest it can give, so it's time to move on.

Social games beat the churn by offering social events (contests, festivals, etc) and by introducing better and better content creation tools. But these can never be offered in high enough quantities to make them truly sticky.

So what's left is friends. The longer you've had your friends in a social game, the stickier it is for you... until those friends leave, which they eventually will. So a successful social game should encourage people to do two contradictory things at the same time: find new friends by mingling with new people; and form deeply entrenched cliques with their old friends.

Furcadia does both rather well: and better, it slides from one end of the scale to the other as time goes on. Initially, when you are a new user, you wander the public maps and meet lots of new people. Then you find a group of people you like and tend to settle in that area. Then the group encysts itself: it starts hanging out in a private dream (or in rare cases a specific part of a public map), and it becomes a fullblown insular clique.

If someone leaves a clique, or a clique dissolves, then it becomes very hard to reattach to another clique: much harder than a new person would find it. Why? Fighting the cliquey exclusion of others? The feeling of having to go back to the beginning of a game? I'm not sure, but it's a definite issue.

For example, if I were fired from the Buggehunters (a rather wonderful group of testers in Furc), I'd have essentially no reason to revisit the game. I'd probably drift away. Or would I go back to what I used to love about the game, the things I miss? I don't know.

Our governments snoop on us. How can we fix that?

2009-05-03T23:14:02Z

Every nation surveils their citizens on the net. So do ISPs. So do criminal organisations. But I repeat myself.

They do this because they can. Because we let them.

And by "let", I don't mean we give them permission: I mean we make it possible for them to do so. The US has proven that merely legislating against snooping will just mean they do it secretly.

The answer is to use no plaintext in your internet communications.This is currently very hard for the average user, and it needs to be tackled a few ways:

By the users: use TOR for any browsing that requires security. This makes browsing slower, but is considerably more secure. This will never be the default, though, and almost all people will remain insecure if this is the only fix.

By the hosts: use HTTPS for every single page. You can redirect any user coming to the HTTP version of your site to the HTTPS version. HTTPS is free, unsnoopable, end-to-end encryption. You don't need a separate IP for each one: just use Server Name Indication.

Also, opt out of phorm. It's easy: email website-exclusion@webwise.com with your domains and ask that they be removed. Remember to specify "*.example.com" instead of "www.example.com" so that all your subdomains are signed out.

By the standards people: browsers need the ability to ask a site "do you support an HTTPS layer with the same URL structure? If so, I'll autoconvert any http links to your site to https".

By the the browsers: In addition to the above, HTTP-only pages with forms on need to be a red-addressbar thing. Yes, this means most of the web becomes red, because most pages have a search box. GOOD. If you don't want your website to show up red, then get off your lazy asses people, and install SSL! It's a five minute job! It's STUPID that browsers will mark a site with an expired cert as red, but not one that has no cert at all. That "open padlock" icon for insecure pages? That's no use at all. Nobody even notices that.

The above doesn't address email, which is considerably MORE broken, and only clientside fixes seem reasonable there: but people veer away from end-to-end email encryption because they don't know if their recipient can support it. Would be nice if mail clients could autoquery MTAs with "Do you support end-to-end encryption?" before sending the email.

Email's a harder problem. With web browsing, it's just a single connection between a client and a trusted-with-the-plaintext server. With email, it's a connection between two clients (which may be mobile or not always on), via a chain of any number of untrusted servers. If you could trust your local server, that'd make it easier: that could then serve the email on demand to the recipient. But nobody can trust ISPs anymore, which means that the key negotiation has to be between two clients which aren't connected at the same time, so can't have any round-trip comms to see who supports what.

Repo Hell

2009-04-25T16:15:24Z

Anyone know of a good, up-to-date YUM repository for Centos, with Mysql 5.1 and matching versions of PHP 5.2 and Apache 2.2?

One of the big problems with Linux is the repositories.

You have a choice.

1) You can stick with the known-stable repositories provided with your centos or redhat distro, which use versions of the software released while Noah was still trying to get planning permission for an ark. They are, typically, YEARS out of date. This is the default, so most people use this, which is why most servers are a pushover, securitywise, and is why it has taken so long to kill off PHP 4.

2) You can use the "plus" versions. These use software released shortly after the dove/olivebranch episode. A little better, but only by about 40 days or so.

3) You can use unofficial repositories with no real guarantee other than trust that they aren't rootkitted up to the eyeballs, or that they will ever be updated.

4) You can compile it yourself. This will break all dependencies in yum, which means you will have to do this forever in the future, every time you want to update something, and you will no longer have the security of automatic updates.

The problem gets worse when you have three tied but disparate products (mysql, php, apache) that must be compiled AGAINST eachother, so you can't just download an upgrade for one, you have to upgrade (or recompile) all of them at once.

That means if a critical security vulnerability is found in one of them, you have to wait until all three products are updated on your repository before you can upgrade. Which could take years in official repositories, so the unofficial ones are the only way to go. Time was, there was a good one called "utterramblings" - but that's dead now, he admin's not posted any updates or blogposts in more than a year (since he got married, apparently), so I'm on a hunt for a new one.

NatWest card readers - what's the deal?

2009-04-21T01:12:04Z

How hackable are they?

NatWest has been sending out free card readers, which it requires you to have in order to do certain online banking things. Online shopping is unaffected (for the moment, though the device has currently-unused buttons...), but some stuff when you're logged into the back needs it.

This device first asks for your card's PIN. If you key it in correctly, it continues with the rest of the authentication process. If you get it wrong three times, it locks your card.

Point 1: The device is not tied to any one card. In fact, it's not even tied to NatWest cards, apparently, and will check the PIN of any chip-and-pin card. The FAQ says: "Can I use someone else's Card-Reader, even one from another bank or building society? Yes, but of course you can only use your own bank card and PIN. We recommend you only use a Card-Reader from a source you trust."

Point 2: The device is not plugged into anything, so is not connected to anywhere that it could be reading the pin from, other than the card currently plugged into it.

Conclusion: a hash of the PIN is stored on the card. Odds are this is not given to the reader, but rather a a boolean "pass-fail function" is provided by the card, where the card checks a given PIN against its hash and returns a boolean. That's how I'd do it. If you gave out the hash, people would crack that externally, after all.

Point 3: The device pulls almost no current, and is powered from a watch battery that will last for years. From the FAQ: "Why is the Card-Reader battery operated rather than solar powered? Unfortunately, a solar panel wouldn’t give the Card-Reader enough power." and "How long will the batteries last? The batteries should normally last five to seven years [...] you can either replace the batteries (2 X CR2032) or order a new Card-Reader from us." So two watch batteries can store enough "power", and the total power of a solar panel over 5 to 7 years would be insufficient? Something doesn't add up.

Conclusion: What batteries can do that the power cells can't, is provide a high-power surge on demand. Why would an LCD/chip-reading device need a high power surge? To write to an EEPROM: the chip, both to block it, and to write the number of failed tries to it. You couldn't store the number of failed devices in the device, since you could just take the batteries out and it'd forget; or plug the card into another device and get two more free tries. Write operations would be rare: only when you got your PIN wrong. So the batteries would last a long time.

Point 4: The FAQ says: "To unlock your card, simply visit any of our cash machines. Select 'PIN Services' then the 'PIN Unlock' option."

Conclusion: NatWest cash machines contain a writer that can unlock the chips (possibly by writing a new pin into it). No idea how this works, but I presume they prompt you for your PIN and compare it to a bank-stored version, rather than the inaccessible one on the locked card, and if it matches, then write that PIN into the card. I might be wrong - maybe the card continues to validate pin attempts once locked, but in that case: 1) Any bank's cash machine would work, just like any of these readers work to read the pin in the first place, and 2) it'd be really insecure.

Further conclusion: I see two potential vulnerabilities.
1: prevent the surge from hitting the chip, and you prevent it getting locked (or possibly prevent the counter from getting incremented: for security, that really has to be stored on the card). So you get infinite tries... or at least, up to 9999 of them, which is all you need.

2: odds are you can write the same "unlock" stuff to the card that the ATMs write. You'd think there'd be some kind of hash encoded by a bank's private key, that you'd also need to know... but I can't think of a way that wouldn't also work if you just generated your own keys. Of course, writing your own PIN to a card is only useful if there are devices out there that will accept a changed PIN. But both Chip&Pin and cash machines call your bank to verify - if the PIN has been changed, maybe they'd catch that at this point? That is, the process may (should) be:

connect to remote server;

authenticate remotely;

give cash.

That's how *I* would do it, anyway! Never, EVER trust the clientside!

3: The downside of that is (and this has already been found and exploited) that the machine needs to send your authentication information to the bank, and to the card. And at least one of those two channels are not encrypted. The one to the card, if I remember right. [Edit: yup. But read on for why I don't see this as a vulnerability, TBH.] Even if it were, a hacker with access to the reader hardware can just clip a magstripe reader inside, and record the keypresses from the keypad. Write the magstripe to another card with a killed chip, and Bob's your fairly close relative. Once all shops require chip and pin, though, and broken chips require authentication over the phone to the bank, then this stops being a realistic threat.

Misc notes: I have two readers, and on both the menu has options for: "Contrast", "English/Polski", "Counter" (currently reads "-----" - number of times used maybe?), and "Software ver 0875.11". There are two as-yet-unused buttons, "Identify" and "Sign".

Identify provides a "SecureCode" when you key in your PIN. Looks like it's a challenge key. Doing it twice gives two different "securecode"s: "2375 0947", "2548 8055".
Respond provides a challenge-response response. You enter your PIN, then a number from the NatWest site, then it gives you a "securecode" response (6 to 8 digits).
Sign lets you provide a numeric reference code, an amount (up to nnnnnnnnn.nn) and again it gives you the 6-8 digit "securecode".

Marriage Itinerary

2009-02-27T01:37:30Z

OK, we've set a date!
Ish, sorta.

Here's the itinerary for the wedding and activities this coming June/July, as best we have it for now. I'll update this post if/when anything changes.

Outward flight:

~~Depart London Heathrow Terminal 3, 24th June, 08:30~~

~~Arrive Toronto, Pearson Int'l (YYZ) Terminal 1, 24th June, 11:35~~

Return flight (or might fly direct back from US, depends) (updated):

Depart Toronto, Pearson Int'l (YYZ) Terminal 1, 14th July ~~18:30~~18:15, last check-in cut-off 17:15

Arrive London Heathrow (LHR) Terminal 3, 15th July, 06:25

We'll meet up in the airport, at the coffee shop on the far left of the terminal by the canadian arrivals, opposite door A on the pdf map.

Marriage will happen at some point within the 3 days after getting to Canada. We'll be staying at the Carlingview Airport Inn.

It'll be a registry office deal: we go in, we lay down some Canadian dollars, they tie the knot. Nothing fancy, but odds are we'll go out for a good meal afterwards.

Confirmed attendees:

~~Nemo: witness.~~

~~Heaven's Cat: witness.~~

~~Heidi's mom: getaway driver.~~

~~Ghost Tiger: fluffy tiger.~~

~~Possible others:~~

~~Al: best man?~~

~~Sue: immoral support?~~

And anyone who wants to get there, really :) Anyone's welcome, but it's no big thing.

Note to family: Money permitting, we'll try to throw a more "proper" do once we get to the UK. But if you want to be there at the "real" wedding in Canada, let me know and I'll sort out plane fares and rooms and stuff for ya!

All done in the first day apart form meeting GT! Gonna do that one tomorrow, then we'll maybe check out Niagara falls because we're SO WAY AHEAD of schedule.

Then to the border, where I shall try to cross.
At roughly this time, we shall probably also go to Niagara falls.

Then maybe to Chicago to drop off some paperwork at the British Consulate so we can start getting Heidi her indefinite leave to remain in the UK.

Then to Wyoming, Minnesota to drop off Heidi's mom.

Then maybe to Mall of America.

Then maybe on to La Crosse, Wisconsin to pick up stuff from Heidi's.

Then all the way back to Pittsburgh, Pennsylvania for Anthrocon, from the 2nd to 5th of July.

Then down to Austin, Texas to see DEP, of Furcadia fame, and all my friends from Furc who can make it, and if I can get in touch, Jon, an old colleague of mine. Maybe see the people from Domain of Heroes, too: they're based in the same area.

Then back to La Crosse, WI, visiting the Mall of America if we haven't already, and picking up the paperwork from Chicago if we dropped it off (because they can't mail it, apparently, and it takes days for them to do it).

Then most likely flying back direct from the US because I'm too lazy to go back to Canada, but we'll see whether I can get into the states first.

Happy to give people lifts to/from Anthrocon: odds are we'll be renting a car, so will have a spare couple seats. Since I can't guarantee that I'll get into the country, having someone else who can drive and able to share the job with Heidi would be cool. Not sure how/if the insurance would cover that, though, if she picked you up on the way.

At Anthrocon, we've arranged to roomshare with DEP (of Furcadia fame), so can't roomshare, I'm afraid.

[Note to self: we're badge numbers 930 and 931]

If you want to see us longer than just a quick "hi" and a meal, Anthrocon is definitely a much better place to meet up with us than Canada. And hey, it'll be my birthday on the 3rd, so you can buy me a drink!

Or if you're one of our friends in the UK, it's probably going to be a lot more fun (and cheaper!) for you to wait 'til we get back here, than spend the plane fare just to see us walk into a registry office, plonk down some money, and sign stuff.

An OpenID is an account!

2009-02-01T21:48:29Z

OpenID is a great system which means you can log into lots of sites, but only reveal any personally identifying information to one central, trusted (by the user) server.

A chap named Simon Willson wrote a blog post saying "An OpenId is not an account!" and many people are pointing to this to support some rather poor arguments.

Mostly, his confusion seems to be based around a misunderstanding of what an "account" is. He believes it has something to do with trust, and reputation. An account is nothing to do with trust, but is required for reputation.

What is an account? It's an identity token (username, OpenID identity), usually protected by an authentication system (password, fingerprint scanner, OpenID token).

So an OpenID account, like any other identity token, is a valid account. Any further data is something specific to your application. You can also require a display name, email address, mailing address, copy of the birth certificate, and so on... but none of that is necessary to create an account, or to validate the user. And none of that significantly affects your trust about who is at the keyboard. Biometrics might, but that's about it.

Any reputation or trust associated with the identity token (account) typically comes from the behaviour of that that account, rather from the data that is stored with it, or who is using it.

Willson makes a point, reasonable on the face of it, that not all OpenID servers can be trusted to validate that their users are unique. Except that as he himself points out, BugMeNot does the same thing for usernames/passwords, and users can share passwords, and hackers can guess them, so you simply don't have that guarantee with any account! If you believe you do, and work to that premise, then you are fooling yourself, and risking your site.

After [signing in with OpenID] you might still want them to pick a username (especially if you are integrating OpenID in to an existing account system) and you’ll almost certainly want them to jump through the e-mail and/or CAPTCHA steps.

"Almost certainly"? Why? Why destroy the whole point of OpenID? That ID token is the only identity information you need. It doesn't matter if one person or a billion are using it: you are dealing with the identity token, not with the person or people. You do not need personally identifying information from any of the people, in order to perform transactions with that token.

But the idea that it's "easy" to bolt in an OpenID server is his biggest problem there, I think. It requires the accepting software to have several core changes, in order to do it right. See, in Drupal 6, there's a plugin that lets you log in using OpenID. Except, it doesn't work.

When I login as someone like, say, dewimorgan.livejournal.com, it correctly sends me off to livejournal to confirm that I want LJ to confirm I'm me (and offering to do so silently in future if I wish). But when it comes back to the Drupal site, it crashes into that belief that an OpenID is not an account.

* The username contains an illegal character.
* You must enter an e-mail address.
* OpenID registration failed for the reasons listed. You may register now, or if you already have an account you can log in now and add your OpenID under "My Account"

Drupal is asking for two pieces of personal information that the OpenID provider did not provide: a display name with no "funny characters", and an email address. This is because it believes that an OpenID is not an account... but an OpenID plus email address and display name ARE an account?

WHY?

Perhaps some sites might have a legitimate need to restrict the characters used in usernames to a subset of 7-bit ascii. But I can't think what the purpose of such a site might be, other than discrimination against people with unusual names like Gérard, Luís, Tom/Mary...

Perhaps some sites might have a legitimate need to know the email address of anyone who comments on a blog post. But I can't think what the purpose of such a site might be, other than spamming.

How, then, SHOULD Drupal have handled this?

1) Email addresses are personal information, and you, dear webmaster, do not have a right to them. You will of course require them for certain services that involve sending an email, but creating an account is not one of those. So requiring an email address to log in if the user has connected with OpenID is stupid, and violates the privacy protections that OpenID offers.

1a) If spammers using fake OpenID servers are a problem, either blacklist those servers, or whitelist trusted OpenID servers where users are not required to validate themselves either by CAPTCHA or email.

2) Even where the OpenID server does not provide a display name, it is trivial to convert an openid into a mostly-reasonable display name.

dewimorgan.livejournal.com -> dewimorgan (leftmost element of the URL other than "www", if any.)

www.dewimorgan.com -> dewimorgan2 (as above, but append a number because dewimorgan is already taken).

www.thudgame.com/?user=piötr -> thudgame (yeah, I never said it was perfect).

3) Allow people to edit their display names, at least at first login using an OpenID, because the above system is imperfect.

ORG wins moar.

2009-01-03T12:07:28Z

The ORG (which you really should join, damnitt! They need another 500 subscribers by last December!) continues to raise awareness of how crap our country is about personal data.

http://www.openrightsgroup.org/dataloss/ is their new survey, which shows how likely you are to have had your data lost in the 28 most recent reported data leaks. I'm low-risk, it appears... or rather, I'm low risk, of the ones that have been reported.

In other news, I've been too happy to post for some time - sorry peeps :) Blame my Heidi!

Are metal detectors evil?

2008-11-08T18:28:34Z

People seem to hate people with metal detectors. Archaeologists loathe them with a particularly deep hatred. Why?

But people don't seem to hate archaeologists. Why not?

Seems to me the only difference is that one probably has a degree in archaeology, and the other might have a degree in something.

Digging up stuff and carting it off to museums is what archaeologists are famous for. It was only through international agreement by governments and other non-archaeologists in 2005 that we've finally started, after centuries of archaeological desecration, to repatriate some remains... but only if they're not still "of scientific interest" to archaeologists.

So, archaeologists: you are people in glass houses, throwing Elgin marbles and bones.

Archaeology is a living subject. Graffiti, removals, changes, improper cleaning efforts, and secondary reuse of stonework made today, all instantly become part of the site's history. This history does not belong just to archaeologists, it belongs to the people, as a whole.

Who has more right to a site? Who will do more damage?

You, with the degree in archaeology from the respected university, interested in the papers you might publish, the collections you might give it to, the labels you might put on it, the respect you will gain from your peers, and the grants you might get? But only interested in the pieces you're interested in, from the times you're interested in, and to the exclusion of anyone else who might be interested in other aspects, like pollen counts in the earth you mix up and discard, clay structures in the potsherds you mark as "useless", and so on. But at least you'd put the interesting bits in a museum, and the boring bits in a box in storage somewhere, right?

Or the tribesman, who's predecessors you would dig up, but he would rather leave buried, who reuses stones from his predecessor's temple to shore up his shack, who forges the metal artefact into a knife, and who sells the spearhead he finds to feed his family, along with all the potsherds?

Or the person who wants to build a mall or nuclear reactor or car park there, and has a bit of paper saying they own the site?

Or someone with a metal detector who spends years researching a location and then only affects the top metre? Don't they have just as much right to be interested in the past and their predecessors, and indeed in any possible profits they can get therefrom, as you or the tribesman? Is there actual data showing the relative "damage" they do, compared to the benefits oftheir finds? Is there data comparing this alleged damage to the damage done by builders and engineers? Or is the archaeological muck-slinging purely based on bias rather than facts?

Or someone in a hundred years time, with nanotechnology so that he can study sites in situ, truly "in context", without affecting the layers of earth above them. As a nano-archaeologist, their task is to interpret the site with an eye to its entire history, from the footprint they left themselves in the rubble of the mall, to the oldest element, including the laying of the sediments and what they reveal about weather and pollen in the intervening years. Except... they can't, because you got there first with your earthmoving equipment and winches, and all that's under the mall is scrambled earth, spilt diesel, and an archaeologist's trowel.

From all I've seen, archaeologists, both today and in the past, are just metal detector fans with a feeling of entitlement, a scorn of potsherds, bigger grants, better instruments, and earthmoving equipment.

[Disclaimer: I've never owned or used a metal detector, not know anyone who has. These are my moral beliefs, but I may be talking out of my rear, and would not be upset to have it handed to me on a plate in this issue. I'd *love* to know that archaeologists had the moral high ground, but that's just not been my experience in reality.]