How To Spot A Psychopath

Minimalist Lego sulphur-crested cockatoos.

More.

Also - here’s every way two standard two by four bricks can be combined. It’s a sort of Lego mantra. And it won’t cost you a penny.

No wonder the seed disappears so fast.

(There were actually seven of them hanging around, but no more than five could cram in around the seed tray.)

The chap who’s doing DM Of The Rings, which I’ve linked to a couple of times recently, is really pumping ‘em out at the moment - one every day or so. The comics are just posts on his blog at the moment with no index, but the Next and Previous links will get you through.

Some other amusing art you may have overlooked:

Ursula Vernon’s Metal and Magic (How can so many fantasy artists take themselves so seriously?)

Mike Reed’s A Netizen’s Guide to Flame Warriors (I am several of these people)

Jorge Rivas and Dave Trischuk’s Under Power (which has been in placeholder-art mode for a while now, but which has lots of beautifully drawn ultra-violence waiting for those who read from the beginning)

Tim Kreider’s The Pain - When Will It End? (probably not James Lileks‘ favourite place)

This post’s title is, of course, a Tom the Dancing Bug reference.

Tom’s one of the Salon comics; if you’re not one of Salon’s uncountable multitudes of subscribers, remember that the magic-cookie URL to persuade the Salon site that you’ve already sat through their ad-of-the-day has for some time now been this.

You can’t just direct-link to the Salon comic image files any more, but the old ones are still live because Salon are not a bunch of link-breaking jackwads. Here’s an index page for those old TTDBs, including several editions of the always-good Comix.

The “Very Important letter. You require to read”/”Significant letter. You need to read.”/”Grand message. You should to read.”/”Weighty letter…” spam-flow looks to be a stayer. It’s moved on from TXHE (who have not, you’ll be startled to learn, found a trillion barrels of oil under Louisiana) to MXXR, “Matrixx Resource Holdings”.

The Stock Spam Effectiveness Monitor only looks at occasional examples from the cavalcade of pump-and-dumps, but there are several other places you can look if this area of human endeavour interests you.

Spamnation is another site that collects and talks about at least some of the non-stop torrent of penny stock spam; here’s what they have to say about MXXR. Apparently the spamming’s all a big surprise for some dude called Mike.

(It probably genuinely is a big surprise. Lame stock spam scams aren’t usually run by people who have anything to do with the small-volume, low-value penny stocks involved. Oh, and you keep getting these things because they really can work. For the scammers, obviously, not for you.)

Stock scams are also but one of the entertainingly many tracked and discussed by Quatloos!.

I regret to say that no Automatic Teller Machine Machine I have ever used, here in Australia, has given me the option to use the language Hmoob.

“Hmoob” sounded to me less like a language and more like a nonsense password (26 bits!), but it turns out that it’s actually a way of writing “Hmong“.

The reason why you can write “Hmong” that way, though, is quite interesting.

“Dungeons & Dragons: Wrath of the Dragon God“.

Yeah, you heard me.

The first D&D movie was hilariously awful, and this one’s still no Citizen Kane, but it works quite well if you do one vital thing.

Don’t think of it as an attempt to chronicle actual events that happened in an actual world.

Think of it, instead, as a fifteen-million-dollar depiction of an actual game of D&D, being played by actual gamers, and overseen by an actual Dungeon Master.

Now it all makes sense. Monsters that come from nowhere when they’re needed to hurry the players along, continuity errors, crappy dialogue, you name it.

That still wouldn’t be enough if the story had not a shred of wit or pace, but the script is actually not so bad. Stuff happens, there are a few good lines, the villains are aware that they’re the comic relief (comic actors make the best villains in action movies), and the big bad dragon’s not a bad special effect at all.

So if films featuring swords and dragons and people in olden tymes who all have great teeth appeal to you, get hold of D&D II by whatever means is acceptable to your conscience, and make some popcorn.

I’m finally shifting my password collection out of my previous ultra-secure unencrypted text file and into KeePass. KeePass is a mature open-source password storer which seems quite easy to use, and makes no doghouse-worthy security claims.

Plus, it’s nifty.

Here, KeePass is showing me that a line of identical characters may be a long password, but it’s not a good password.

You get this little dynamically-updating bits-of-entropy graph whenever you enter a password - for the KeePass “vault” itself, or for one of the sites/devices/whatever whose passwords you’re keeping safe in KeePass.

This is a really neat way of illustrating the idea of password complexity. It doesn’t take into account dictionary attacks, though, which in the modern world are not slowed down much by brilliant tricks l1k3 the u5e of 1337-sp34k. If your password is a dictionary word, then even if you obfuscate it with letter-to-number swaps, it’s probably still crackable in minutes, not weeks.

A string of three dictionary words with a few digits on the end, though, is reasonably secure…

…so what KeePass is telling me here (click the image to see the larger-filed original) is fair enough.

To avoid the dictionary-word trap, you can either do this sort of thing - a lot of dictionary words in a “passphrase”, or a few words and some numbers - or you can use one of those ludicrous more-or-less genuinely random “T\:;9+jrF:y4+@cf#6′w7z” or “Suy7JOvd” kinds of passwords.

Or you can make up nonsense words. That’s what I often do.

If you’re trying to crack a password and a dictionary lookup won’t help, the length of time it’ll take to guess is directly related to the amount of information entropy the password contains. Information entropy is, in brief, an objective measurement of the amount of information something contains.

“Suy7JOvd” is higly memorable, by the standards of true random passwords, but it has only 48 bits of entropy. It is, therefore, feasibly crackable by brute force on a single modern PC in a usefully short time.

“T\:;9+jrF:y4+@cf#6′w7z”, on the other hand, has 132 bits, which pushes it well into the “cubic kilometres of sci-fi nanotech” category. For all practical intents and purposes, a password like this one can’t be brute-forced. The only way you can hope to crack it (as opposed to just steal it from someone who knows it) is by exploiting some weakness in the cryptographic system being used (to hash the password, or to protect the data to which the password allows access).

Which is all very well, but even “Suy7JOvd” is pretty bloody hard to remember. “T\:;9+jrF:y4+@cf#6″w7z” is ridiculous. Everybody knows that people who’re given such passwords just write them down, usually on Post-It notes which they stick to their monitor. Or - if they’re especially devious, and very proud of their intelligence - they stick them to the underside of a desk drawer.

Steel door two feet thick, lock utterly unpickable and unforceable… key hidden under the doormat. (Or, if you prefer, trap-door in the floor.)

So - nonsense words.

“Slobodongoo” is a 48 bit password, appears in no dictionary, and is quite easy to remember.

“Grobbynolofroidicality” is 85 bits, which is quite enough for pretty much any purpose. And it’s also reasonably memorable, though I recommend you not wander around the office muttering something like that. It’s bad security practice to speak your password aloud, and it may also cause your coworkers to take action.

If you’re determined to go to 128-bit password strength, which is ample for every single purpose on the planet Earth (unless it’s important to you that God not be able to crack your password), then “Seglifromobulgradistalibilitegumentsic” manages it. Inserting capital letters and/or spaces can get the length down - “GorgoBrindyFerguBolishSkuziPlen” and “Mali Colu Snobo Limby Tij WoB” are each 128 bits, too. Punctuation can help a lot - “Eeble frong? Zoiby. Nyoj!” is 128 bits as well.

None of those are, I grant you, particularly easy to remember. But they’re easier than “j3JBRGjxYCllgW2s2xccLZB9ww”.

And you don’t need 128 bits, anyway. 70 or so will do just fine.

“Nerbolica grib” and “Ib? Galoomb!” are both 71.

(If you don’t have the kind of brain that comes up with nonsense words easily, or if you’re paranoid about some subconscious bias that’ll make the nonsense words you make up guessable, there are online nonsense-word - and nonsense-passage - generators that’ll do it for you. There’s also JabberWordy and NameStation, which make up nonsense-word domain names and sees if they’re registered - but you can of course use the words for something else. True Security-Mindset paranoids can make a sentence, each word of which is from a different generator!)

It’s not very hard to remember a few of these kinds of passwords. Look at all the people who can remember “Supercallifragilisticexpialidocious“, after all. That’s a 112-bit word right there - though it’s probably in lots of password cracking dictionary files, along with several spelling variations, and is therefore not actually very useful. But you get the idea.

Passphrases can be just as good. The only real problem with them is that they’re always significantly longer than an equally secure nonsense-word password, since dictionary attacks mean that a “70-bit” passphrase is not actually as secure as a 70-bit nonsense word, unless your nonsense word turns out to actually be a dictionary word in some language you don’t know.

Long passwords also, of course, take longer to type, especially since password boxes that sensibly display asterisks while you’re typing make it impossible to tell if you’ve made a typo until you hit return, get an error, and use some of your profanity allowance.

So go ahead and use passphrases, if you like.

Personally, I’m going to stick with the Flobadob-speak.

The other day, for no immediately obvious reason, there was a kookaburra sitting on our railing.

(A Laughing Kookaburra, by the way, not the less common and less cuddly Blue-Winged version.)

Birds, we get plenty of. Kookas, we don’t, because we don’t put out the right food.

There’s a house further up the street that always has a kooka or three sitting on the power lines outside. My Holmesian deductive skills lead me to believe that the people who live there feed the kookas.

That’s easy enough to do; just put out bits of meat and kookaburras, who are happy to eat pretty much anything that’s not a boring old plant, will gobble them up.

Kookas do not do well on a diet heavy in the steak-bits that humans like to feed them, but occasional meals of pretty much any live or dead animal go down nicely.

This one had decided to try our house out instead. It was a female, I think, on account of the lack of blue colouration on wings and tail.

Anyway, I first went out there to snap some shots of the bird with my old-ish 100-300mm. That wasn’t as successful as I’d hoped.

Oh, I took pictures of the bird just fine. But the minimum focus distance for the 100-300 is 1.5 metres, and I had some trouble getting that far away from this kookaburra. She seemed happy enough with the lens more or less clinking up against her beak.

It wasn’t really a normal bird-lens kind of situation.

So I switched to my cheap Phoenix macro.

Yeah, that’s better.

Many kookaburras have been hanging around people long enough that they’ll eat out of your hand.

It’s up to you to decide whether that’s a good idea.

I took a lot of pictures of this kooka, then figured I ought to say thank you with at least a bit of food. Nothing in the pantry really screamed “kookaburra food”, but there was some cat food with fish chunks, which looked like a decent bet.

It met with her approval.

I initially tried offering her a spoonful of it. I only just managed to get the spoon back.

Kookaburras aren’t really built to eat cat food, even the lumpy kind. So a significant amount of the fish ended up just messing up her beak. And the railing.

That was because kookas instinctively beat their food on hard objects, to make sure it’s dead. They do this with any food you give them, which means you’ll get sprayed with tiny bits of fish if you give them cat food.

Kookas also, like other birds, have a nictitating membrane, or “third eyelid”, which they deploy to protect their eyes when they’re doing something dramatic, like bashing their food.

The translucent membrane gives the bird a dead-eyed zombie look.

Cats have third eyelids too, but they at least have the decency to close their outer eyelids before they close the membrane, so you usually only see a bit of it retracting away as a sleepy cat opens its eyes. If you see a cat with its eye mostly open and the nictitating membrane clearly visible, then it is probably not a healthy cat.

The kookaburra hasn’t been back for another feed. I presume whatever they’re getting up the street is better.

Years ago, I used to hold a fancy-sounding rank in a very small publishing company. I was the Assistant Editor of Australian Commodore and Amiga Review (which later became just Australian Amiga Review), and Australian PC Review, and Australian Multimedia and Desktop Video.

Given that the editorial staff of those magazines consisted of (a) the editor and (b) me, my job title wasn’t actually that big of a deal. But working in a teeny-tiny publishing company certainly does acquaint you very firmly with the strange economics of the paper publishing industry.

People keep banging on about how much better Web publishing is than paper publishing because of immediacy and feedback and editability and lack of arbitrary article size limits and blah blah blah. All of that is true, but Web publishing would be worth doing even if it didn’t have any of those other advantages, especially compared with the magazine arm of paper publishing. That’s because magazine publishers usually destroy more than half of what they print.

No, seriously. They do.

An ordinary newsstand magazine, you see, is printed at great expense in a huge and impressive building somewhere and then distributed, at similarly great expense, to all of the newsstands. The idea is to put, on each newsstand, the exact number of magazines that people are actually going to want to buy from that venue.

Except, of course, you have very close to no idea how many magazines a given newsstand is actually going to sell.

Your distribution company will have a vague idea, and they may even be kind enough to tell you what that idea is. But sale numbers vary widely all the time, because people who definitely want the magazine every week/month/whatever will probably subscribe (more about that in a moment). So newsstand sales are, usually, unpredictable.

The worst-case scenario for a publisher is that a particular newsstand has plenty of visitors who’d like to buy your magazine, but you didn’t send enough there. Your mag sells out in the first day, and all subsequent customers get annoyed trying to find your product, then give up and, perhaps, forget about you altogether.

In order to avoid this, magazines make sure every newsstand receives an oversupply of magazines. Since you don’t know with very much accuracy how many magazines any newsstand’s going to need in any given month, though, you have to send them all a lot of magazines.

When I was involved in the business, this meant that if you sold more than half of the magazines you printed, a significant number of newsstands were likely to be running dry. I don’t know whether it’s gotten any better since. I doubt it.

Now, if you tell someone “if we’re selling more than 50% of our print run, it’s practically certain that we’re not selling as many as we could” then they’re likely to look at you and say “duh”. But if you go on to explain to them that this means you need to print 20% more magazines in order to raise your sales by 7%, they’ll probably back away slowly and try to find an exit.

Yet this is how the magazine publishing industry works.

Magazines that don’t get sold are, usually, pulped - though small publishers invariably end up with a garage full of back issues, because they can’t bear to destroy all of the old mags and they May Still Come In Handy.

Most old magazines are, of course, actually worth close to nothing. If you don’t sell ‘em in the month they were printed, you might as well make pinatas out of them.

(Every single magazine you print, though, counts towards your “circulation” figures. Remember that whenever you hear some mag or newspaper boasting about their circulation of 500,000 or whatever; unless they’ve got tons of subscribers, it’s likely that at least half of those mags or papers never make it into the hands of a reader.)

This is why publishers are so very very eager to sell subscriptions, and why subscriptions can, often, actually be a very good deal. If a publisher’s factored a 60% pulping rate into the price of their magazine, then they’re likely to be happy to deeply discount that price for subscribers in return for 12 (or whatever) guaranteed sales.

Subscribers also give a publisher some other ways of making money.

The income from a subscriber is front-loaded, you see. It arrives in a lump at the beginning of the subscription. But the outgoings are evenly spread over the period of the subscription, which is likely to be at least a year.

So if your publishing business is on the way up, a subscriber is a neat little tax dodge.

You get the income at the beginning and pay tax on it in that financial year, but the year after (when you’re presumably making more money, and thus likely to be paying more tax per dollar of income) you can still book your subscribers as liabilities.

One of the staple tricks in “creative accounting” is shifting income and outgoings around so that, as far as the tax man’s concerned, you’re making money whenever it’ll do the least harm and paying it out whenever it’ll give the most benefit. Magazine subscriptions practically force a publisher to do that.

Subscribers are also great if your publishing business is on the way out. You still get the money at the outset - which, if you’re teetering on the brink, is a very good thing. But then, if you decide to give up on the whole enterprise, you can just stiff your subscribers for however many issues remain outstanding. It’s a vanishing liability.

Publishing houses that retire a magazine but have a stable of others normally give their subscribers the chance to roll their remaining subs over into some other magazine. Or they may even - gasp! - offer a REFUND.

But when a small publisher folds, they can just take the (remaining) money and run, secure in the knowledge that there’s not likely to be a class action lawsuit from Disgruntled Subscribers To Very-Fluffy-Rabbit-Fancier Magazine Who Just Signed Up For A 48-Issue Sub, God Damn It.

And that, gentle reader, is exactly what the company I worked for did.

If we hadn’t, I doubt I would have ended up being stiffed, myself, for a mere four digits worth of wages.

I think a significant amount of the awfulness (warning: bad language, possibility of blinding reflections from Colin Mochrie’s head) of the advertising industry comes from the fact that it’s never made much sense.

Internet advertising is a great deal more quantifiable than TV, radio and print ads (which isn’t to say that Internet ads are very quantifiable; it’s just that before that everyone was really making up numbers). But just because you know the quantity doesn’t mean you have a clue about the quality.

Advertisers used to be billed according to some vague idea of how many people saw their ad, whether those people cared about it or not. Now advertisers can opt to pay only when someone clicks on an ad. And that’s opened up a whole new can of worms.

Take the Google ads on this site, for instance. I get paid when (or, more realistically, if) you click them. Google will be cross with me, though, if I tell you to click them. They would, in fact, prefer you not to click the ads if you have anything but the purest of motives.

Whenever anybody clicks on an ad when they are not actually interested in doing whatever it is that the advertiser wants them to do (usually, buy something), that’s click fraud. Maybe “fraudulent” clickers are doing it to make money for a site that they like (or, in the purest form of click fraud, a site they own), or maybe they’re doing it to hurt someone they don’t like.

Or both.

This issue becomes quite important when you consider how much money people spend for some pay-per-click ad campaigns.

Google’s AdWords system, for instance, lets advertisers bid for particular keywords. Basically, when a given keyword appears in a Google search or on a page that runs Google ads, then whoever’s bid the most for it gets their ad displayed. Lower bidders, if any, get their ads displayed lower in the list. You can bid any amount you like - I’m sure there are zillions of bottom-feeders who’ve bid a few cents for all kinds of popular keywords - but if there are a few higher bidders who haven’t hit their budget limit, your ad will never be seen.

Google’s Keyword Tool is free to use whether or not you’ve got any kind of Google account. It lets you pretend you’re interested in some keywords and see the estimated cost per click (CPC) for them.

Mesothelioma is a favourite of ambulance-chasing lawyers; as I write this, Google’s estimated CPC for that keyword alone is a hefty $US14.36. “Mesothelioma attorneys” was $US25.87.

“Debt consolidation” can be perfectly valid, but is often a big fat scam. “Debt consolidation chicago” was estimated at $US30.92 when I checked.

Oh, and name a scam, and it’ll carry a healthy price per click. “White powder gold”, for instance, is alleged to be a miraculous substance which is produced by no-kidding alchemy; it’s bid up to around the eight US dollar per click mark, as I write this.

Herbalife? At least a few bucks a click - heck, the misspelled “herballife” is $US3.73, perhaps reflecting the value to multilevel marketers of customers who aren’t too bright.

Ultrasonic pest repellers do not work. But the term “ultrasonic repeller” will still cost you around three bucks a click.

I was initially disappointed by the bids for terms relating to various bogus fuel saving gadgets (”water powered car” was only 52 cents). But then I found “gas pills“, which are as stupid as they sound and cost a not-too-shabby $US1.42.

When you can cost someone several dollars just by clicking an ad, it becomes tempting to do so. Just do a Google search for whatever you least like, see if the Sponsored Links include an ad for someone who’s trying to sell it to you, click the ad. Bing - money will now be moved from them to Google.

Better yet, find a page that has Google ads on it and is against whatever you least like, and click any ads on it that’re from people trying to say the opposite.

The Google ads on Theodore Gray’s Periodic Table Table site, for instance, are often weird quacky stuff. Look at a page for a toxic metal and you’ll often find an ad from someone eager to find it in your body with a bogus test and/or remove it from your body with a bogus treatment, and at the moment his hydrogen page seems to have attracted a lot of bogus hydrogen power ads. Google reserve the right to just not accept clicks that they consider to be fishy in some way, but there’s no way for them to tell whether someone clicking on a Creationist ad on a page about evolution is doing it out of genuine interest or not.

So, with just a click, you can cast your own vote against any advertiser. And if you only click one ad, and that ad wasn’t presented in a way that contravenes any of the ad network’s rules, then it’s singularly unlikely that your click could be told, in any way, from that of a perfectly genuine shopper.

When payments per click are in the single-digit cents, such a vote doesn’t matter much. When they’re in the double-digit dollars, it does.

I can’t wait to see how the next brilliant idea in advertising will go wrong.

(Incidentally, affiliate programs that only pay out when someone buys something avoid this problem. I could put flashing scrolling CLICK HERE!!!!!1! exhortations around my links to Photonlight.com or any one of Ron Toms‘ various and delectable sites, and all that would happen would be that they’d be somewhat taken aback. They don’t pay me a penny if the clicker doesn’t become a customer. My Aus PC Market sponsorship ads on Dan’s Data, though, are pay-per-click. So don’t go clickin’ on them like crazy just because you want me to be rich; all that’ll happen is that they’ll ignore your IP address and/or reduce the amount they pay per click. Donations, of course, are always welcome!)