GenCon: RattleBones review

No relationship to Rattle Battle.

Angelica’s friend Aurelia introduced us to RattleBones. It’s a game in a genre that would be called “dice builder” if that wasn’t already a different thing. You literally build dice in this one, as you pop sides out with a little plastic prong, then add new sides in.

RattleBones board
RattleBones board

See how the dice have little colored circles in them?

RattleBones, close up
RattleBones, close up

The idea is you add new facets to the dice, then when those facets come up, that power triggers.

Good game for kids since being a dice game you have a pretty good change of winning no matter what you do. Looking forward to what other game styles will come out of that mechanic.

GenCon: Village + Inn review

We did a session playthrough of Village with the Inn expansion.


While the inn adds a lot of new mechanics, it also makes the game feel really arbitrary. I can see it being popular with people who want to add some randomness to it, but I think I prefer it without.

Angelica was interested in the sea expansion though, seeing as traveling is her favorite part of the game.

GenCon: The library featuring Galaxy Trucker review

The GenCon library was probably our best use of tickets of the entire con. Giant collection where we checked out some stuff we were considering (Abyss) and played some stuff just for plain fun, including Robo Rally and Galaxy Trucker

GenCon library, playing Galaxy Trucker at that moment
GenCon library, playing Galaxy Trucker at that moment

CGE’s Trucker, if you don’t know it, is a cute ship tile “drafting” game with a mini low-interaction adventure afterwards. Good game when you’re running on 4 hours of sleep and have an hour to kill.

GenCon Library: Spyrium review

Another pleasant time passer: a worker placement mini called Spyrium that I totally missed hearing about when it came out. Thank you to Andarel for introducing me to it and playing the game through with me.


Really similar conceptually to Sail To India in the sense of being a mini game with cards as board that uses workers in a clever way, and a constant rushed feeling of always being on the edge of running out of time.

GenCon: Portal draft review

Cryptozoic was previewing a draft of their Portal board game.

It’s not a lot like the video game (on purpose) and a bit more like a competitive version of the little informative cartoons that came with the game.

Portal board game, from Cryptozoic
Portal board game, from Cryptozoic
The entire game board is constantly moving towards the right as pieces fall into the incinerator, so the players are constantly trying to move left while keeping their cake alive.

The gameplay wasn’t super deep yet, and in particular the GlaDOS contribution was minimal at the moment (purely decorative), but at the same time I can 100% guarantee I will buy it since, well, Portal.

Good lunchtime-at-work game as well, seems to run ~30 mins assuming people play aggressively.

GenCon: Russian Roulette review

Cute GenCon preview game: Russian Roulette (new name pending).

Premise is you aim a gun at your head, then push your luck to see how many cards you flip. The bluffing aspect is that you’re allowed to remove one card that might be a bullet (cheating) or might be an empty chamber.

Here’s a very excited man demoing it:

Russian Roulette at GenCon
Russian Roulette at GenCon

It was fun if not overly complex. If you like the party/social bluffs, you certainly could do worse, and while I usually hate push your luck games, this one was alright.

Old Photo

Old photo: Angelica at Wonder Con 2013


Dropbox keeps syncing old photos at a rate of a few a day for some reason, this one just got added.

DEFCON day 4

hello mccarran airport. you sure have a lot of “free wi-fi hotspots” now that DEFCON is done. let’s do the last of these talk things before I crash out.

tired of your automated website hacking tool dying out cause it can’t make sense of javascript and flash? some guy wrote one that runs on top of a full browser and then works by visual elements. unfortunately, the source is not release ready and kinda suffering from pre-beta syndrome, but it’s a cool start.

software radio scanning is going from “esoteric hardware hack” thing to “$20 USB dongle + gui” thing. the low end kits are $19 on amazon, have freeware Linux apps associated, and will do things like locate military aircraft by their signals, or listen to federal agents on radio. or hypothetically tap cellphones which you shouldn’t do cause it’d be illegal.

having said that, a separate talk was about using recording walkie-talkie frequencies used by federal agents, then checking how often they screw up and forget to use crypto. fun facts:

  • it’s very difficult to check if you successfully turned on crypto on must radios
  • most agencies change keys about once a week
  • most agencies get it wrong and send plaintext about 5% of the time
  • most plaintext conversations begin with “ok, I turned on encrypted mode, fill me in”
  • even encrypted, the radios send a header that lets you triangulate agents in the field (some military use this protocol too)
  • the only agency to never screw up was the postal service

(there literally are 3 cops blocking my gate at the airport right now. gonna try to get one of those blurry bigfoot photos of them and practice my daffy duck “i got my rights” routine)

bruce schneier did his annual TSA minute if hate and also would like you to know, again, that quantum computing will not be the end of all crypto as we know it, it will be the end of a few algorithms in public key crypto. he also thinks you should go eat at crappy casinos where you’ll get better deals on food (it subsidizes gambling there as they need customers)

(got a photo of the cops)

(cops against window, my gate to left of them. looks like they want to talk to someone arriving on the flight)

ok, basically done with this bitch other than wanting to see how it pans out with the cops. here’s some shout outs while i’m waiting:

  • shout out to the couple who would not shut the fuck up during dan kaminsky’s talk. people of scant social skills + alcohol is a dangerous mix
  • shout out to people putting the phrase “dan kaminsky” in their shout outs so that his google alert thing fires and he gets excited briefly
  • shout out to the apples given out by one vendor for being the only sort of healthy-ish thing within 2 miles of the rio
  • shout out to the arid heat, drying out eyeballs and whatnot
  • shout out to this being the first DEFCON where the wifi is safer than cell towers

(flight arrived. cops walked away with some dude who was saying “i was just worried that it might become a dangerous situation”, and are talking to a second dude. looks like they’re just having to act as playground monitors for these two. my life goes back to ennui and two grown men forced to stop fighting and play nice)

and that’s pretty much it. let’s see if i can post this before boarding real quick

oh! wait! one more thing I remembered from cory doctorow’s talk: to make sure he can securely compute from a public device, he wants a three-button secret key command installed in hardware in every machine that will give him a secret encrypted shell. that’s right, his secret method to maximize his freedom is to get a personal rootkit on every machine in the world. he didn’t explain why his own personal laptop shouldn’t have the same rootkit on it, but i’m sure he’s got a really clear and rational explanation.

DECON day 3

if you missed last night’s parties, it was large groups of guys standing around in expensive hotel suites, drinking from red cups, and telling each other how much money they have. i unfortunately couldn’t make it as i had to go play some pokémans in my hotel room and txt angelica.

anyways: the talks.

DEFCON decided to balance the NSA keynote with a “fuck the NSA” panel today. speakers were 2 ACLU lawyers, an NSA historian, and an NSA programmer (retired). during it we learned

  • that the NSA is absolutely keeping a dossier on every american
  • that the NSA does not intercept communications of citizens because the legal definition of interception requires a human to look at the data. if it’s just stored forever, that would be fine
  • that the new Utah facility for storing things stores ~200 exobytes of data (i hope i wrote that down right)
  • that cory doctorow felt the need to clearly say “hello, i am cory doctorow, the writer” when asking his question of the panel

speaking of, cory doctorow gave his talk. he managed to go 11 minutes before calling for civil war, for those competing in that pool.

let me for a moment here slow down the flow of text. i want you to really savor the meat of his talk. ok, shake your brain off, do some mental pickled ginger, clear your mind. ready? ok, the cory doctorow talk:

whereas we currently have a system in some countries that filters the internet, cory deduces that it’s just a matter of time until the US government places ear implants in americans that will prevent them from hearing anti-american voices.

let that sink in. simple A -> B there. ok, we’re continuing.

this means that there must be a trustable way to make sure you’re running the OS you think you’re running.

ok. so A -> B -> C now. iran filters internet -> american anti-dissident implants -> need for trustable computing.

he proposes solving this need with chips in the computer that can sign everything in a secure way, which, like Descartes’ proof of trustable senses arising from the seed of “i think therefore i am”, arises from the sees of the chip and leads to a perfectly trustable computer free from government and corporate intrusion.

now, the philosophy student might point out that Descartes proof actually fell apart midway and he had to bring in “Oh, and God exists and he would never create a world that would lead us wrong” to help himself out, and then later commits a trivial logical fallacy as he gets stuck even with a benevolent God at his side. however sadly i am not a philosophy student and didn’t point it out.

not to spend like half of this post just shitting on that stupid talk, but it really shows (besides the lunacy of trustable computing arising from a tamper proof chip, like somehow the “trusting trust” paper never happened) how a generation of libertarian coders cannot get past the notion that a computer is somehow a part of their body, vs a tool. a computer and general computing is not the end in it’s own right, it’s a step on the road to improving society in some way.

charmingly, the next talk was a showcase of the exact opposite. a hardware / bios hacker decided as an experiment to create a tool that might be used by China (his words) to completely transparently hijack a machine without the owner ever knowing. the scenario he proposes goes as follows

  • all hardware of a certain type, say a network card, is made in China
  • the hardware is flashed with his code by a government operative
  • the code is a rootkit that runs on device boot
  • flashes the bios of the motherboard
  • installs an alternative bios loader graphically disguised as your bios
  • then proceeds to operate invisibly on your machine completely hidden out of sight.

his proof of concept ran behind windows while stealing all HTTP traffic in first demo, then in second actually booted a remote image of windows with a chinese flag wallpaper in a second demo.

i’ll repeat that. a trojan’ed hardware card caused the computer, on boot, to load windows from a remote server and run it like it’s right there. pretty spiffy.

what else was up… some kid found that Las Vegas airport had all their private documents, including access passwords and hardware designs for the flight systems, available in a public CMS and indexed by google. if you heard the rumor that he was arrested, that’s just rumors fyi. he’s fine, talk went as normal.

tangent: this was a skybox talk so it wasn’t described other than the name of the talk.  i only attended it cause it was called “Grepping the Gropers” and thought it’d be about some new uses of grep. oh well.

and finally, the dan kaminsky show happened as well. 5 problems he tries to solve in his hour:
1 – timing attacks. just make everything ran a few microseconds slower to fix that. ok dan.
2 – virtual machines don’t have access to /dev/random because they lack hardware, and so fall back to /dev/urandom and create broken ssh keys. his solution is to create a new /dev/random that’s based on the virtual machine being allowed to poll different things in the parent computer that have clocks and then run the offset noise through a von neumann “transition finder”, then run that through a hash as it goes. he’s got sample code ready. not mathematically perfect, but in practice it would have saved a lot of ssh keys. pretty cool.
3 – php makes it way too hard to do structured queries. his solution is to have a library that replaces “SELECT * WHERE a=^^a” with a structured query that knows ^^a is $a. code ready, and probably going to be ignored by everyone unless php puts it into the default examples page. oh, he did have a zinger here: “An IDE is a tool that moves copy paste from the Edit menu to the File menu”. cute.
4 – how to check if your government is blocking a website? create a minesweeper javascript that pulls favicons remotely. ok dan.
5 – and last, how to make IP scanners run faster? create a stateless scanner that shits SYNs to everyone, then forgets about them until it gets an ACK back. does 80k IPs per second, and has a full SQLite backend. pretty cool. one bug is that google servers are custom and stateless as well, leading to the two applications having the server version of stoner talks with each other. “hello?” “dude what?” “who are you?” “i know” “what?”. etc.

tangent, i just checked my notes and loaded up the doctorow talk to double check if i got the details right, but apparently the only notes i took during that one was the word “huarglblargl”. i guess i’ll trust my memory.

oh. wait. just remembered one more thing that pissed me off in his talk: doctorow did a bit about how computerized leg replacements cost $525,000, and then explained that that will not create a divide between rich and poor because people would simply not own houses in order to buy the expensive legs. ok cory.