Reinventing Me

Thursday, December 16, 2010

The Leftover At The Bottom Of The Sink

It was always the same.

Loading the dishwasher was never a glamorous job, but it was something I'd learnt to make the most of. I felt something of a oneness with the dish brush, the handle filled with the vivid purple soap, dispensed through its all-too-worn brushes with a squeeze of the handle. I'd joked that I wanted a new one of these for Christmas. In a way, though, I'm not sure if I could handle that. This brush and I have been through a lot together. A lot of cups with all manner of clabber at the bottom of them; plates with remnants of food I can't even remember eating; cereal, stuck to the bottom of bowls with incredible resolve. They ought to stick those heat tiles on the space shuttle using soggy corn flakes. They'd never have any problems with them coming off, then.

The top shelf was always the easiest. First the cups, once, of course, they'd been retrieved. The ones that had been sipped out while watching TV, left on the coffee table; the ones on the bedside tables that had held our midnight sleepytime drinks; those which had inexplicably ended up in the other room and been forgotten about, sat there abandoned. There was surely some moral about what labor-saving devices had done to our society, here. That so few of us could completely fill a top shelf with soiled cups from one load to another? That seemed something like inordinate extravagance. I remember the "good" old days, only having one cup, one bowl, one plate. If they were clean, I ate. If they were soiled, that was a meal I missed. Nothing was more encouraging than hunger to make sure the chores got done.

The bottom shelf followed, by now, I was well into the swing of it. The plates, encrusted with the remains of the meals, got a cursory rinse and scrub with the brush before getting loaded in, then the various kitchen miscellany; the mixing bowls, the measuring containers, the smaller saucepans, the cheese grater, all jiggling and jostling for position between the tines of the lower rack. A small optimization exercise; it was surely possible to get them all in, get the entire sinkful done in one go. It just needed a bit of creative packing, that's all. This smaller container could go under this larger one; there, plenty of room. Next, the utensils, an easy enough job. Picking them up, meticulously yet subconsciously sorting them, putting the forks into this side of the basket, then the knives, then the spoons.

There it was again. As always, the same leftover in the bottom of the sink. The unidentifiable lid, seemingly always filthy. It must be part of the food processor, but I never knew where it belonged. I scrubbed it briefly with the brush, placed it in an empty slot on the top shelf, put the soap tablet in, closed the lid, and started the machine.

It was always the same. But perhaps this time, I would learn something new.

Unloading the dishwasher was never a glamorous job, but it was something I'd learnt to make the most of. The organizing, the putting away, the making the most of the space we had, all seemed to bring its own reward. The cups and glasses never seemed to fit back in the cupboard where they belonged; the plates balanced precariously; the storage containers were just squeezed in wherever space remained. One day I'll reorganize this cabinet. Not today. And last, but not least, the leftover. The curious lid. I took it and placed it next to the blender. Someone else would know how exactly it fit.

"It's very clean," the familiar voice uttered. "You do such a good job with that, every time."

"Thanks, love," I replied sheepishly. "I still don't know where it goes, though."

"Back in the sink. It's the plug to the waste disposal."

Zemanta helped me add links & pictures to this post. It can do it for you too.

Wednesday, November 24, 2010

Writing Workshop - Imagine 2018

This is a Treo 650 Smartphone from the OpenCli...

Image via Wikipedia

Josie over at Sleep is For the Weak put forward a set of writing prompts based on words found while walking around the city of Glasgow. I choose Imagine 2018 as an excuse to get, well, a teensy-weensy bit speculative.

"Dad, I wish you wouldn't insist on real-time." The acute barbs in the voice came across very clearly, even through the right-angled digital packets getting reassembled and decoded in the earpiece. "It's so twentieth century, ya know? And it means I just have to squeeze you between customers, so I'll have to hang up when the next one comes. It's just, like, so inconvenient."

I sighed deeply. "You know I can't stand voicemail tag. And with news like this, I figured it was worth a call, Sugarplum." I heard a grunt on the other end of the line. "I wish you had told me personally. It's a bit of a shock to find out your daughter is getting married through a status update." Already the grunt on the other end was turning into a rebuke. "Dad, don't call me that any more. Especially not any more. I don't want Squid to know that's what you call me. I am twenty-five, you know. Not some kid. And don't even start on that 'you'll always be my little girl' routine. Been there, done that. And as for the status update, well, that's how everyone else found out, too. You're not the lone stranger. That's the way these things are done these days, you old fart."

"What about S.P.? Can I still call you S.P.? So tell me about, erm, did I hear right? Squid? What kind of a name is that. Where's he from? What does he do for a living? How long have you known him?" I heard a bleep at the end of every question; my daughter was bookmarking my sentences again. I knew what was coming. "Well, number 1, what about it? Number 2, sure I guess. Number 3, yes. Number 4, well, that's his screen name, yes he's got a real name Dad before you ask but, well, I don't think that's relevant, he doesn't like it. Number 5, he's from Lincoln, or somewhere like that. Number 6, you're not going to like this, he's a social marketer. And number 7, we've logged about five hundred hours so far."

"He's a spammer?"

"I knew you'd respond like that. That's why I wasn't going to tell you. Social marketer, Dad. It's not the same any more. It's a good job, he makes good money, you couldn't even guess how well he does. And yes, just like you, he has a job that didn't exist when our parents were growing up. Just like everyone used to call you a code monkey or a computer junkie. I know you hated that. Don't you complain about what my generation does with their online presence. It's all stuff your generation invented, anyway." It was the same irrefutable "everyone does it" speech I'd heard over and over again. I wasn't going to encourage it any more than I had to. "Oh," I responded, obviously crestfallen.

"You don't sound very happy."

"Let me see. You're getting married to someone who's real name is 'irrelevant', who you're not sure exactly where he lives and you talk about how many hours you've 'logged'. To be honest, it doesn't sound like you're very happy. Aren't you going to have a proper wedding?"

"Hey, remember Mitzi? From school? She's married now, and they'd only logged fifteen hours. And, if by 'proper wedding' you mean inviting everyone to see it, well, there doesn't seem much point, does there? Oh don't worry Dad, we're going to have it done all legal, properly, and even get all that religious stuff dealt with. We've got a mutual follower who does the ceremonies all the time. He can telepresence us both onto screens next to each other, and he'll podcast the entire thing. Of course, we'll share the file with everyone, so there's no problem. You won't miss any of it."

"And then what? Is he moving there to be with you, or are you going out to Lincoln. Nebraska? There's probably more than one, you know." I had a funny feeling this was going to be a pointless question. "Is it Nebraska then? Oh no, neither of us is moving. He's got far too much concrete investments in his home town, he can't possibly just up and leave them. I think he's got a cat as well. Or a dog. No, it's a cat. He couldn't just move. And his Mom I think. That wouldn't be fair on the cat. And I couldn't possibly give up this job, after it took me so long to find it, could I? You wouldn't want me doing anything foolish. We've decided that as long as we both move each other up out of our nights and weekends lists and into our free call 24/7 groups, that's all we need. And no, before you ask, I'm not going to change my name, either. You can't even begin to imagine just how many online accounts I've got in this name. I don't see the point in changing them." "What about kids?" "DAD!" she yelled at me down the line, before the question was complete. "What do you think this is, the dark ages? We're getting married. It has absolutely nothing to do with whether we have kids or not. You can do one with or without the other, you know. We've never thought about it."

I couldn't stand it any more, I had to say my piece. "This isn't the way I saw things happening, S.P. I remember that evening, all those years ago, when I brought you and your mother home from the hospital. You know ever since then I've been thinking about this moment. And the moments to come, where you'd be there in your dress and I'd offer you my arm and walk you down the aisle to give you away. By the sound of things, that's not going to happen. You're going to be 'telepresent' and 'podcasted'. To someone who's idea of commitment is moving you to a list of names where he doesn't have to pay for telephone and video chat. I don't see what was wrong with the way things used to be. Where you'd meet someone, for real, in the flesh, go out for dinner and a movie several times, talk, get to know each other better, learn everything about each other, share everything, your entire lives, your complete existence, struggle together, bring up kids, and meet the challenges head on, at each other's side. This way you kids get together these days, it really doesn't sound like a happy ever after."

"You mean, like you and Mom?"

"Point taken." I said no more.

Why not go ahead and join in? Check the prompt page for instructions, and remember to add your link on Thursday.

Zemanta helped me add links & pictures to this post. It can do it for you too.

Thursday, November 18, 2010

Writing An Adaptation Is Tougher Than You Might Think

Image via Wikipedia

I recently got my hands on a video game for the Nintendo DS entitled Hotel Dusk: Room 215, for an extremely competitive pre-owned price at the nearest GameStop. It describes itself as an interactive novel, even going as far as getting you to hold the console just like a book and write notes in your detective's notebook using the stylus and touchscreen. One of the most pleasing things about the experience for me was to discover that, perhaps for the first time ever, the tag "interactive fiction" seemed appropriate. Hotel Dusk is not so much a video game with an underlying story, but more a novel that just happens to be presented on a handheld console. It is by no means perfect, but all too often the storytelling in video games is sorely lacking and seems very far down the priority list for the software development companies. In many cases, story is incidental, which is probably why video game titles typically make some pretty lousy movies. In this case, though, the gameplay is secondary to a competent story, certainly one that could stand up with some of the paperbacks you might pick up in an airport bookstore at least. At some point halfway through the novel - yes, I'm not even going to pretend it's actually a video game - I did in fact realize that it would make a good, old-fashioned, dead-tree book, with of course a few tweaks here and there. There are plenty of plot devices that only work within the concept of a video game, and in a book would make no sense, but they would be relatively small cosmetic changes to suit the medium. I began to wonder whether perhaps that had been done by CING, the Japanese development company who produced Hotel Dusk and a couple of other similar titles. Sadly, CING filed for bankruptcy a few months ago, and so it's quite unclear exactly what the status is of their intellectual properties. (If anyone out there does know if there is a written version, I'd appreciate finding out about it). In theory, the story must have already been written during the design phases for the Nintendo version. Would it be difficult to flesh it out into a novel?

This month, while it seems everyone else with writing aspirations has taken leave of their senses and given NaNoWriMo a go, I've been investigating writing at my own pace; looking into suitable tools and software, experimenting with a few exercises, and trying out a few sites. I've been participating in sprints, trying to get as many words down on paper, and even tried a bit of flash fiction, a six minute story or two. Today it occurred to me that the prologue to Hotel Dusk is a video cutscene that takes perhaps about six minutes to run through, and I began to wonder again about a paperback adaptation. In brief, here's what happens in that first six minutes.

Firstly we see the skyline of New York on December 24, 1976. A phone rings in the police department and Detective Kyle Hyde answers it, surprised to hear from someone called 'Bradley'. Next, we see Hyde on the docks, pointing a gun at a character whose back is turned to us. Hyde fires, and Bradley falls into the river, yelling the name "Mila" as he falls. Hyde wakes up from his flashback. It is now apparently three years later. Next, we see a shot of early morning in Los Angeles. An authoritative gentleman named Ed answers the phone and takes an order. he asks his secretary Rachel to get a hold of Hyde; we see Hyde get a beep on his pager and throw it down in the car seat next to him. A slide tells us it's now 4pm in Nevada, where Hyde pulls into a gas station, returns the call using a payphone, and gets some grief from his boss before being told he has a job, to pick up a package and an order sheet at a place called Hotel Dusk. Hyde gets back on the road, passing a young girl in a white dress walking along the roadside. Once he arrives at the hotel, Hyde gives us some exposition as how he quit the New York Police Department and moved out west, and is a door-to-door salesman for an outfit called Red Crown, but occasionally his boss gives him some quiet jobs on the side, while he looks for his missing partner, who apparently he believes isn't dead after all. The hotel door lies in front of him, and a click starts the game (or novel) for real.

There it is, the first six minutes of the title. One thing should be clear; what appears above is not what you would want to read in a book. This would by no means be sufficient for a written treatment. I could have gone into more detail, explained every shot, every camera angle, and every detail that appeared on the screen, but it still would not constitute written storytelling. The fact is, even though something like Hotel Dusk tells a story, it does so with other mechanisms than just words. Furthermore, even if you try to substitute the images, the sound effects, or the music with words, what you have is not a particularly palatable story. (What you have is a description of a video game). At this point, I am desperately trying to avoid using the horrible word "multimedia" - media is, after all, already plural - but there are several key areas where the storytelling medium makes an enormous difference. We should not be surprised. We might expect a good movie to be two hours long, but the book that it was based on might take ten hours to read in actual reading time, perhaps spread over a few weeks' bedtime reading. A good video game may occupy us for as much as forty hours (personally, if a video game doesn't absorb me for as much as that, I feel somewhat cheated by the purchase, and if it goes on for much longer, I simply don't feel like it's worth the effort). Adapting one of these forms to another is not a simple job. This is why screenwriters have to work so hard adapting books into movies. The changes (or omissions) that were made in the Lord Of The Rings movies, for instance, were not done lightly, but reflected tradeoffs between what the different media allow. It's also typically why adaptations to and from video games are always a bit fraught, simply because there is very seldom as much effort gone into the adaptation. Rather cynically, slapping the movie artwork onto the game cover will typically sell the game, no matter what its quality. Even when there's already a good story to work with, as with Hotel Dusk, writing a book version would be non-trivial.

Let's consider what we would need to do to that "just the facts" description to turn it into a suitable book prologue. That skyline shot of New York needs to somehow be conveyed into words. We have to paint that picture, verbally only. We need to describe the sights, the sounds, the smells; what the weather is like on that day. Do we have to be accurate here? Will some know-it-all go and look up what the weather actually was that Christmas Eve? There are obvious ways we could communicate it was Christmas; perhaps we need to add a Santa character in the street. We similarly have to do the same with the police department, somehow transition our focus to the individual building, get us inside, describe Kyle Hyde, his desk, his co-workers, his surroundings, whether he smokes, a few touches here and there to convince us it is 1976. We have to explain the tone of Hyde's voice; we have to decide what our point-of-view is for this scene. Are we narrating in Hyde's first-person perspective, or from a narrator's viewpoint? We have to be especially careful here; it is quite convenient for a video game to show cutscenes from a third person perspective but the actual user interaction is first person. In a book, it might not be particularly comfortable if we flip between the two. We have all the scene setup work to do again at the docks, another character to describe, events, emotions. This is a relatively short yet dramatic scene in the flashback, and presumably we'll be revisiting it several more times in the story to follow. Then again, somehow, we have to get us to Nevada, and indicate three years have passed, presumably draw attention to some changes in Hyde's character or looks, some other way to indicate the passage of time, then communicate the details about his employer in Los Angeles. Do we even explicitly write that scene in the book? Won't that be awkward, if we intend to write the exposition in first person? (Or will we have some sort of Blade Runner "director's cut" to handle this?).

That's a lot of questions to answer for what ends up being a very tiny bit of the story - the 'trailer' for what is to come - and some of those decisions will radically impact the rest of the book were you to actually go ahead and do so. It's all too tempting for a writer to believe that adapting existing material might be a shortcut. Indeed there may be some elements such as plot for which a pre-existing work may make significant contributions. However, the actual craft of writing still needs to be done; the description, the communication, the physical effort of getting the words down, but above all doing so in such a way that entertains and enthralls the reader. I am still intent on doing my prologue exercise at some time, but I am quite sure it will be considerably more effort than the six minutes it runs for.

Zemanta helped me add links & pictures to this email. It can do it for you too.

Monday, November 15, 2010

Writing Workshop - Red

Image via Wikipedia

Josie over at Sleep is For the Weak put forward a set of writing prompts based on movie titles - I'm choosing Red as my prompt.

I paused for breath, and kidded myself that the air was getting thinner. It really wasn't that hard of a climb, and the altitude could not possibly be that great, but the side of the hill was steep and the first snowfall of the winter was making it treacherous underfoot. As I rounded the corner onto the final climb of the trail, I look across at the skylift that had been out of operation now for the past six weeks. Anyone who wanted to get to the top of the hill would have to come up the same way I was struggling with. I wondered how many people would try it at this time of year; there were certainly no others to be seen. Not so long ago, there would be people milling in all directions here, but at that moment it seemed I was the only human being for miles around. My fingers and toes were growing numb, the cold was beginning to make its way through the rest of the layers that swaddled me from head to toe. I stamped my feet to dispel some of the numbness, exaggeratedly clapped my hands, and took a slow, deep breath, exhaling, seeing my spirit floating in the air in front of me, until a cutting wind bit across my face, blew the breath away, and started one of the skylift chairs swinging. The creak of the swinging chair broke the silence; in the stillness I heard the sounds of birds who had elected to stay through the winter, scared out of their hiding places by the sound of dislodged snow. A tiny piece of bare metal showed through, painted red.

The natural bridge loomed above me, somewhat intimidating. I still had the most difficult part of the climb to go; the steepest part of the rocks, the most difficult place to find a footing, and a tight squeeze through the crevice between the stone walls. A long time ago, this was the only way up here. There were no steps carved into the rock back then; no cast-iron railings along the side of the path which admittedly still required a significant amount of fitness on the climbers' part. The sight at the top was seen by precious few, but it was not long after those first explorers described what they saw that a way was found to open up that vista to all. I would guess it was the description of the sky bridge colors in the fall that motivated them to create the other way up, so everyone, from the smallest of children to the frail and elderly could take in the view, provided they could overcome any fear of heights they might have. In September and October it was at its most spectacular, all golden yellows and oranges and reds. Yes, the reds.

I had made it to the top, and stood precariously near the edge, next to a tree stripped bare of its leaves. Last time I was here, this tree was aflame. Now it stood here, seemingly lifeless, symbolic of everything that had passed in the two months since the last visit. Two months to the day, apparently. I had not even realized that until this moment. Just two months before, the outlook was incredibly different; breathtaking, vivacious; everything now was sullen in comparison. I trudged onward, more and more dispirited. I paused at that branch. Do you remember the one? Of course you do; it struck us both that day how red that leaf was, the leaf that wouldn't keep quiet and insisted you took its picture? That photograph made the perfect last shot in the photo album, didn't it? No, that's right. The last but one shot. But there was no red leaf there any longer. Anything red on this hillside has long gone. The little red car is not in the parking lot at the foot of the hill; I remember how enthusiastically we had agreed on the color at the rental desk. That little red car, or that little red leaf, or that little hint of red in our cheeks; they simply weren't there any more.

The experience was meant to be cathartic. I had planned to come up here and see that tree, that branch; look down on that parking lot, that skylift, stand where we stood, and bury the past once and for all. Things had indeed changed, just as surely as time had passed. The red that was there was long gone, and seeing this would surely purge those scarlet memories? I must admit, it was hardly the greatest of ideas. The color had indeed disappeared; the first snow had injected some additional finality into the picture, but it was far from final. The tree on the top of the bridge knew all this, and had known it year in, year out. It only seemed to be lifeless; a mere charade, just enough to get it through the darkest of moments. It would survive, awaiting for the return of the warmth, when it would stretch, imperceptibly, absorb every caress of the sun's rays, thrive once more through a spring and summer, and, when the fall colors returned, it would be red once more. Underneath that mantle of snow and ice, the certain processes of life were continuing; underneath the layers protecting me from the cold, a heart was still beating, a heart that knew that not only would it heal with time, but somehow would once again experience joy. At that moment, I knew I would experience the red again, and next winter, it would not fade.

Why not go ahead and join in? Check the prompt page for instructions, and remember to add your link on Thursday.

Zemanta helped me add links & pictures to this email. It can do it for you too.

Thursday, October 28, 2010

California Fall Color

Moving somewhere new can be difficult. A lot of difficulties are obvious; learning to navigate in a new town; getting used to what times the stores shut in a small town compared to a big city; doing what you can to feel "at home."

Other things creep up on you, and are harder to deal with.

Fall has always been my favorite season. The cooling temperatures, the wind blowing, but above all... changing colors. It's been somewhat difficult to find fall hasn't really started yet here, and it's almost November. Leaves that change aren't indigenous to this state; you have to look in yards and subdivisions. Even so, "fall" is usually confined to a week in December; the briefest glimpse of color, until a gust of wind heralds winter and takes them away. My birthday falls in autumn; and all I wanted this year was those colors to come. Today I took a walk and got treated to some. I hope you enjoy them, too.

See and download the full gallery on posterous

Saturday, October 23, 2010

Na. No. Wri. Mo. No. No. No. No! #nanowrimo

240/365 National Novel Writing Month begins

Image by owlbookdreams via Flickr

In about a week from now, an enormous number of otherwise sane adults will take leave of their senses and begin acting like a bunch of six-year-olds.

No, I'm not talking about Hallowe'en. I'm talking about National Novel Writing Month. All of a sudden, these folks will commit November to putting 50,000 words down on some sort of paper, without editing, in order to be able to say straight out that they are a "writer" and have completed a "novel". There's a perverse logic to dedicating a whole, specific month to the cause. There's brotherhood, and solidarity. Everyone is advised to find themselves a writing buddy, and go out and tell their friends and families exactly what they're doing. The idea is, if you now drop the ball, the embarrassment of not being able to follow-through on something you committed to would be so much, it keeps you going through this 1667 words per day marathon. Oh, that's including Thanksgiving. And Election Day. And National Men make Dinner Day. And Cook Something Bold And Pungent Day. No excuses. In effect, for a month they'll force themselves back into doing Composition homework, just like they were back in school. Family, relationships, presumably work and sleep, might have to get put on the backburner. Understandably, people's opinions vary on the effectiveness of #NaNoWriMo, as to whether it is indeed the right way to get a novel out of someone. Let's face it, everybody has a book inside of them, and for some of us, perhaps inside is where it should stay.

Ironically, there's been an account on Twitter that was intended to do some warm-up work for the November crunch which actually convinced me that #NaNoWriMo was something I really didn't need to be trying. @NaNoWordSprints has been offering timed writing sessions of 15, 20, 30, or occasionally more minutes on several evenings. The idea is, against the clock, get down as many words as you can. It's helped me on a couple of evenings to get over writer's block when I've been trying to get a blog post down, and it's taught me that the actual quantity of words needed to get through NaNo is something that I can reasonably achieve. The quality is questionable, of course, but isn't that the point? But, more importantly, what the sprints have shown me is, if I put my mind to it, it really doesn't matter whether it's November or not. If it's something I want to do, I will be able to get the words out, without a problem. Of course, writing a novel is something I have managed to go through four decades of my life without actually doing so far. If I really, truly, wanted to have a go, I am quite competent and have sufficient self-control to make sure I do it, without any exterior force or artificial time limit pushing it out of me.

In a momentary lapse of reason, I signed up for #NaNoWriMo. It happened just like any other Internet fad, to be honest. A friend gave it a shot last year - a successful shot, it turns out - and this year I heard about it and thought, "Why not?" What of course I didn't do before clicking on that tempting sign-up button was think about a more important question. Why? I don't think I have to necessarily put out 50,000 words of my unedited ramblings in order to be called a "writer", any more than I would have to record a win at Talladega to be called a "driver". I write, therefore, I am a writer. (I drive too, and I'm lousy at that). Whether it's good or bad, or fact or fiction, a novel, a blog, or a grocery list, it's still writing. I don't have a Pinocchio complex - it's not like I sit around all day wishing that I could be a "real writer", while at the same time am worried about whether anyone will laugh at my efforts. It wouldn't have to be a novel, either, if I wanted to write. I tried @6minutestory as well, which is completely the opposite proposition. Take a visual or verbal prompt, write as much as you can in six minutes, and then walk away. I've only given this a try once, mainly because I'm a horrific typist, but I wasn't too displeased with the result. There's a lot of good flash fiction out there, and some writers who are exceptionally skilled in the art of getting short stories written quickly. There seem to be plenty of online publications that are after all kinds of short stories; if I wanted to write one of those, again, it's up to me to just go right ahead.

It doesn't matter what kind of writing it is. Novels, short stories, even blog posts. The only thing that is preventing me from achieving any of them, is me; not whether I have signed up to some site or not. So now, right now, I'm actively chickening out. #NaNoWriMo? No, no, no, no.

Fourteen Hints To Keep Your Password Safe

Image via Wikipedia

It happened all very suddenly a couple of days ago. I was working away when my phone vibrated in my pocket; just a couple of buzzes, an incoming e-mail. It could wait until I was no longer in the middle of composing a thought; nothing is that urgent, surely. Then two more. And two more. And two more. By this time, I was distracted enough and continued to count; all in all, a dozen of so e-mails had arrived. No doubt they would all be spam, sent to me by some annoying robot out there; or newsletters, of which I've lost count to how many I've signed up for; or drops from mailing lists, same as the above; or a flurry of recently-approved comments on a blog post I've been following for months and can no longer remember. More than likely, though, it was spam. I've been getting quite a lot of that from my sister's e-mail account recently, and, joking aside from her that her concern for her older brother's health needn't extend to sending me deals on little purple pills, they've been getting annoying. I mention them, she denies all knowledge, and concludes that what I'm saying is, in fact, impossible. She doesn't even get to use her computer that much, she doesn't have a virus on it, so how could anyone be getting mails from her?

Enough was enough, I had to check the incoming mails, and discovered they were all bounces from the "Mail Delivery Subsystem", seemingly, mis-addressed mails that were sent from my account. I looked a little closer and discovered a pattern, I even recognized some of the addresses as typos I had entered at the computer several times before; accounts of friends that were no longer active. The body of the mail was, as expected, spam; some ridiculous so-called "deals" on consumer electronics. The embarrassing thing was, these mails had apparently been sent from my e-mail account. I logged on to the computer to check, and, sure enough, a copy of that mail had been sent to everyone in my address book, from my e-mail account, and was in my Sent Items folder. It was as if someone had logged right into Gmail and done it on my behalf. Sure enough, they had. At the bottom of Gmail there's a link that lets you verify details of connections. It confirmed that an address in China had logged onto my account a few minutes earlier - which meant, they knew my password. I quickly changed the password, maintaining a clear head to at least do that much. After that, I began to worry. Had I used that password anywhere else? What of my personal information was compromised? Could the attacker have done more damage during their visit than send out a few annoying e-mails - which I'm sure have impressed the heck out of my family, friends, lawyer, employer, butcher, baker and candlestick maker?

Here's the kicker. I pride myself on not being a fool. I must admit, when studies come out that say a huge percentage of people's passwords out there are vulnerable to simple guesses, I puff my chest out a bit because I'm not one of those. I do a lot of this for a living. I'm perfectly aware of the risks. And, sadly. I'm also extremely imperfectly human, and I cut a few corners here and there. Purely for convenience, you understand. For freedom's sake, for my personal enjoyment - surely, there's no need to be paranoid all the time, is there? If you live every moment in fear, that's hardly living at all! But I had to face it. A password that I thought was safe was compromised. My e-mail password, as well, which, let's face it, is pretty much the keys to the kingdom. Anyone could browse through my inbox and sent items; they could determine other places I had accounts and submit "forgotten password" requests. Perish the thought, they may already be in those places; maybe I used the password somewhere else? Maybe that's where they stole it from? And, embarrassingly, I honestly didn't know how much damage they were capable of. What I did know though is one of the addresses the spam mail was sent to was Posterous, which meant the spam mail was already posted onto my blog, and it would even be announced on Twitter.

I began to simmer down for a little bit. The address in China was probably just one of many that wasn't necessarily after my personal secrets. What they wanted was the ability to push out their spam mails, and perhaps harvest a few more candidates from my address book to continue their routines of password-guessing. They must have guessed my password, which surprised me. Or perhaps they'd seen it somewhere, which worried me. Having an account which they could robotically abuse to send mail through was the gold they were after; however, a human hacker would, most likely, have wanted to be more malicious. I could be comfortable for a moment. I'd stopped the problem, and realized that I really needed to rethink my password strategy. I thought I was secure; but I wasn't. I'm not naive; after all; but what I have been is complacent. Here's a list of hints about passwords we all ought to know, but perhaps a reminder is worth having. And, they're a reminder to myself, because I've been guilty of most of these, which meant I got caught by this latest eye-opener.

Your password shouldn't be a word. Of course not, and there's a simple reason for this. Depending on how you count them, there are only about 175,000 different words in English, and it's not that hard for a computer program (or an organized cracking effort) to try them all. However, even quite recent research has shown not many people take this advice consistently. In fact, there are still accounts out there whose password is, yes you guessed it, "password".
Mixed case, numbers, and "special characters". This has been common advice for a long time now, and most people think throwing a few of these into their password is enough, especially since most websites now either recommend or insist on it. Of course, it's not much of a stretch. If our happy hackers can run through all the English words, there's not much stopping them making the obvious substitutions and trying those, too. "P@55w0rd" really isn't that much more secure, after all.
Why not a pass phrase? If you're partial to verse 11 of Coleridge's The Rime Of The Ancient Mariner, why not make that your password? And if the site has a maximum length of password, you may want to ask why - the most secure passwords should be irreversibly 'hashed' into a code that doesn't care how long what you originally typed was. (If your site has a small limit, you may wish to ask them why).
Don't fill out those "security" questions. These are, without a doubt, the biggest sucker trap ever invented. You don't know your password? Well, that's OK, what was the color of your first car, again? Suddenly, all security disappears in favor of something that is ridiculously easy to guess. If you're a celebrity, those security questions may even be answered on Wikipedia. Type something in these fields that has nothing to do with the question, and is just as cryptic as a password; if possible, put complete junk in these fields and look for an alternate means of password recovery.
Never use the same password twice. Seriously, never. It only takes one of the sites to be broken into, and you can be sure any leaked password will be tried in other places too. Perish the thought if the password you were using in that fun game in some Internet backwater is exactly the one you use for your bank account. This is the place where most people wimp out and claim that's "too much effort". It's not, providing you have a suitable "password keeper" program that stores all your passwords, securely. You just need a master password to access them. Done correctly, if you only access sites from one computer, you never even have to see or type the passwords stored. (Of course, mentioning a password keeper program reminds me, it goes without saying - don't ever write your password down anywhere!).
Never "remember your password on this computer". Again, this is rank laziness so you don't have to enter it next time. The problem is, there's often multiple ways of doing this, such as a checkbox on the web page or the password store built into your web browser, and you can't possibly know how secure these methods are. Of course, if anyone gets a hold of your computer, they're not secure at all. I once bought a computer from a pawn shop and was amazed at what was still on it. This one is also particularly important if you have a smart phone that has remembered passwords. What happens if you lose it?
Honor and respect corporate policies. There's a reason why your employer wants you, for instance, to change your password every 30 days, and it can't be the same as the last four you used. Nor should you abuse that and change it four times in a row to reset it back to the same as it was...
Don't do obviously stupid things, particularly with your phone. "Just send a text to your bank and get your balance instantly". Right. That sounds secure... until you lose your phone...
Put a password on your screensaver or phone keyboard lock, as well. It should stop people getting anywhere should you lose physical access to the device, and every little bit helps. Of course, don't rely on only this!
Don't rely on the other guy. It doesn't matter who they are; even the biggest companies have made security foul-face-up-books in the past. And I really don't care what operating system or type of computer you use; that just tells me you are refusing to accept responsibility for your own security as well. I could quite easily have been upset with Google for letting someone several thousand miles away log into my e-mail account at the same time I was already logged in, but that was my fault.
Check out the sites you use for possible security loopholes. For instance, if they can send you an e-mail to retrieve a lost password, then they are storing your password somewhere, which is evidently a security risk. A lot of sites - particularly message boards - got their software from precisely the same place, and any security loopholes have likely already been exploited.
Don't confuse awareness with competence. A site that suggests you use "letters, numbers and special characters" on the login page might not necessarily be more competent, simply because they're iterating common advice.
Password policies shouldn't be a secret. If a company won't tell you exactly what they do with your password, that's about as effective as keeping a magic trick a secret. it's only magic, while you don't know how it's done. Once you know, the illusion is shattered. And remember, the sort of attackers who are after your password are precisely the kind of guys who can get jobs working on the code for these places.
Don't underestimate the bad guys. Password-stealing is big business, and the players in this arena are exceptionally, exceptionally smart. Don't get arrogant and assume you won't fall foul of them... because that's precisely how you will get caught out. Don't contradict any of these points, even if you think "Oh but number X doesn't apply because..." - are you sure?

One extra point I'd like to throw in. The security landscape is always changing. Not so long ago the computing power to try all the words in a dictionary would have been prohibitive. New attacks, new attackers, are coming up all the time. We were watching Catch Me If You Can this weekend, an excellent movie based on a true story of check fraud and confidence tricks. Yes, check technology has changed a lot since the sixties, when the movie took place, and so many of the loopholes are no longer possible - indeed, the perpetrator invented some of the security systems that banks use today. However, human nature hasn't changed at all; social engineering is still the most effective means of getting by security. The last time I needed to get through a door I didn't have access to, I told the secretary that "she looked different. Is that a new hairdo? Wow, it really suits you!" and she let me straight in. Flattery just might get you anywhere.

Zemanta helped me add links & pictures to this email. It can do it for you too.

Thursday, December 16, 2010

Wednesday, November 24, 2010

Thursday, November 18, 2010

Monday, November 15, 2010

Thursday, October 28, 2010

Saturday, October 23, 2010

Friday, October 22, 2010