Monthly Archives: December 2008

Marksmen, on your marks!

The beginning of a Call of Duty 4 Search and Destroy game is essentially a race. When the game starts, experienced players all make a mad dash from the starting post, head for their preferred defensive or offensive positions, to dig in before the enemy can bring their guns to bear. From these choice spots, they engage the enemy within seconds, and despite moderately large maps which are a few hundred metres across, up to a third of the kills in a 3-5 minute game do take place in the first 15 seconds. Of course there is skill in figuring out what to do next (the top 1% of players distinguish themselves through adaptability and quick thinking), but the fact remains that the opening of an S&D match is critically important.

I have previously posted about “Neo-Tactics” – unintended side-effects of low-level game algorithms which create competitive advantage. Once a player seems to win without a visible justification this sort of effect causes a problem – it creates the perception of cheating. At a second level, actual cheats might deliberately manipulate their network infrastructure or game client to take advantage of the effect. Well I think I might have found a new one…

The screenshots below give a flavour of the sort of sneaky position that players might hope to be first to reach, affording a narrow but useful line of sight through multiple windows and doorways, crossing most of the map. NB: Seasoned COD4 players will laugh at my choice of so-called sneaky position, but I am a novice and I cannot hope to reach the ingenious hideouts they have discovered after years of play-testing.


Continue reading Marksmen, on your marks!

Andy Burnham and the decline of standards

There’s a short story by (I think) Stephen Leacock, which tells of declining standards. How an undergraduate, newly arrived at university, lived in awe of the sagacity of the professors, of the intelligence of the grad students, and the learning of those about to receive their degrees. By the time he was receiving his first degree, he and his class were merely of average competence. By the time his PhD was awarded there were few of his cohort with any real learning; and standards had slipped so much over time that when they made him a Professor he and his colleagues hardly knew anything at all!

Having now reached the point in my life when I’m older than half the British Cabinet, it’s perhaps no surprise to read that UK cabinet minister Andy Burnham (born when I was in the Lower Sixth), has come up with some ideas about regulating the Internet that I am deeply unimpressed with.

In a Telegraph interview he proposes that ISPs should be forced to provide censored access to the Internet with only child-friendly sites visible; that the industry should have new “take-down” targets for bad material (presumably shorter ones); that it should be easier to sue for defamation online; and that the web should be labelled with age-ratings the way that video games and films are. Of course he realises he can’t do this alone, so he’s going to ask President Obama to help out!

Unfortunately, Mr Burnham doesn’t know anything about the Internet and seems to be arguing by analogy, and with a childlike hope that merely wishing for something will make it come true.
Continue reading Andy Burnham and the decline of standards

Card fraud — what can one do?

People often ask me what can they do to prevent themselves from being victims of card fraud when they pay with their cards at shops or use them in ATMs (for on-line card fraud tips see e-victims.org, for example). My short answer is usually “not much, except checking your statements and reporting anomalies to the bank”. This post is the longer answer — little practical things, some a bit over the top, I admit — that cardholders can do to decrease the risk of falling victim to card fraud. (Some of these will only apply to UK issued cards, some to all smartcards, and the rest applies to all types of cards.)

Practical:

1. If you have a UK EMV card, ask the bank to send you a new card if it was issued before the first quarter of 2008. APACS has said that cards issued from January 2008 have an iCVV (‘integrated circuit card verification value‘) in the chip that isn’t the same as the one on the magnetic stripe (CVV1). This means that if the magstripe data was read off the chip (it’s there for fallback) and written onto a blank magstripe card, it shouldn’t — if iCVVs are indeed checked — work at ATMs anywhere. The bad news is that in February 2008 only two out of four newly minted cards that we tested had iCVV, though today your chances may be better.

A PIN entry device taped together

2. In places that you are able to pick up the PIN entry device (PED), do it (Sainsbury’s actually encourages this). Firstly, it may allow you to hide your PIN from the people behind you in the queue. Secondly, it allows you to give it a cursory inspection: if there is more than one wire coming out from the back, or the thing falls apart, you shouldn’t use it. (In the picture on the right you see a mounted PED at a high-street shop that is crudely taped together.) In addition, be suspicious of PEDs that are mounted in an irregular way such that you can’t move or comfortably use them; this may indicate that the merchant has a very good camera angle on the keypad, and if you move the PED, it may get out of focus. Of course, some stores mount their PEDs such that they can’t be moved, so you’ll have to use your judgment.

Continue reading Card fraud — what can one do?

Think of the children

Last week, the Times ran an article about a new website promising to be “Facebook for Kids”: School Together Now. According to the article, an ordinary mother of 3 got the idea for the site to allow parents to be more involved with their kids, and to give children aged 7-12 the benefits of social networking (Facebook, for example, limits membership to those older than 13). School Together Now is set to officially launch on the first of the year, but is already open for public registration and has been written up several times by the press.

We’ll leave the question of whether young children need a social network for sociologists and psychologists; there are difficult enough questions on how to design security for this vulnerable age group. Jonathan Anderson and I reviewed School Together Now and were disturbed with its lack of answers. The first thing we noticed was that logging in without entering any username or password provided full access via the account of the user “Amber Munt” (this works from the log-in box displayed after clicking “Children->Register/Login”). The next thing we noticed was the site’s About Us page, which states the goal of allowing advertisers to “Get themselves in front of their favourite customers (i.e. parents with deep pockets!)” Further investigation revealed a pattern of poor security choices driven by the desire for rapid commercialisation, which is inexcusable for a site specifically marketed at young children. Continue reading Think of the children