Survival of the Fittest

As a vegan, I get a fair amount of weird shit when this particular lifestyle choice of mine comes up in conversation. I’m in two minds about that: on the one hand, it’s a choice of mine, and not exactly a common choice, so I understand that people have difficulty with it. On the other hand, most arguments against veganism betray ignorance, and my tolerance for stupid isn’t very high these days1.

One of those arguments that gets thrown up once in a while, probably because it sounds catchy, is “but it’s survival of the fittest!”.

Well, no, it’s not. By using that argument, you betray ignorance of what survival of the fittest means.

Read the rest of this entry »

  1. Note that I don’t mean a lack of intelligence when I use the term stupid, I rather specifically mean a lack of knowledge combined with a lack of will for acquiring it. []

Raph Koster: Are virtual worlds over?

It’s funny how these things go. A few days after my bringing up again how virtual worlds and social networking sites are essentially the same thing, Raph Koster writes a blog post entitled Are virtual worlds over?

There’s a ton in that article I agree with, and some I disagree with. Let’s briefly start with how he defines what a virtual world is:

  • a simulation of places: placeness is intrinsic (and herein lie the things that many Second Life advocates argue for, such as academic uses involving 3d visualization, or artistic expression that requires 3d)
  • users represented by avatars: pseudonymity is intrinsic (such as anything involving identity exploration, artificial roles, and wish fulfillment)
  • synchronous user interaction: synchronous interaction and strong ties are intrinsic (team activities, real-time problem-solving, real-time social activities)

Read the rest of this entry »

Games, Virtual Worlds and the Internet

First, watch this: it’s Jesse Schell speaking at DICE about the future of gaming.

The funny part to me is that I’ve been there before, at Joost of all places.

Read the rest of this entry »

Android Activity Lifecycle

This article is part 4 of 4 in the series Android Development

It saddens me to say this, but Android’s Activity Lifecycle is broken by design.

It saddens me, because I enjoy developing for Android, and would like to be able to only say good things about it. But that doesn’t mean there aren’t bad sides either. Read on if any of this is of interest to you.

Read the rest of this entry »

MD5 in Password-Based Encryption

First, a word of warning: I am no cryptography expert. But I’ve read a lot about cryptography, written a few implementations of cryptographic algorithms, and am not generally confused by cryptographic terminology.

People like myself seem to be an oddly rare breed. Most programmers I meet seem to think of cryptography as magic dust one sprinkles on a problem, and then — poof — security happens. Worse than those are programmers that read up on cryptography without understanding basic concepts.

I had a run-in with one such person the other day, who discussed concerns about using MD5 over SHA1 in an implementation of password-based encryption. The person was obviously aware that MD5 is vulnerable to collisions1. I raised the point that the implementation had weaknesses that are much, much easier to exploit than any weakness in a cryptographic hash function, which makes worrying about the hash function used rather pointless2.

In this post, I’d like to explain how exactly cryptographic hash functions are used in password-based encryption, and why the strength of the hash function does not matter all that much.

Read the rest of this entry »

  1. Incidentally, so is SHA1. []
  2. To be precise, the implementation makes phishing so simple that you might as well scrap it if you’re trying to protect Joe User. If you’re trying to protect an average computer geek, it’ll probably be good enough. []