All that is wrong with the world…

December 11, 2009

When Whedon failed

Filed under: Entertainment — Tags: , , , , , , — allthatiswrong @ 10:10 pm

Dollhouse has been an interesting experience. Originally it was cause for great excitement. Joss Whedon, the master behind such hallmarks as Buffy, Angel and Firefly had a new show coming, with many of the Whedonverse regulars! Unfortunately, the delivered show didn’t live up to the hype at all. It was in fact, a great letdown.

It may have made sense to wait a while as many shows had poor first seasons until they got settled, however Dollhouse has shown no signs of improving. It’s second season is quite a bit better than the first, but ultimately it is still just as bland and empty as the first. I also wonder how far that excuse can apply to Whedon’s shows, with Angel, Firefly having excellent first seasons, and Buffy being decent enough. It actually took me a while to get into Firefly being such a radical departure from the Buffyverse, but once I did the characters, stories dialog was top notch.

So, what is the problem with Dollhouse as a show? Well, where to start? It has none of the smooth wit or dialog Whedon is famous for. When characters speak it is always very brief and efficient, as though they are in a hurry. It is understandable that the dolls lack a personality, but why do the normal people? Is it all part of a larger plot plan to show that everyone is a doll?

It has (so far) none of the clever examination of moral and world issues so prevalent in his other works. The setup for the shows is a rich opportunity to examine what it means to be an individual and the importance of identity, corporations growing out of control, questions of the soul etc…, None of these are examined. It is sometimes hinted at, and Echo’s development is perhaps hinting towards such a plot, but so far nothing. The entire first season entirely squandered this opportunity, and the second season has so far only been dropping hints. In effect, 2 seasons over 2 years have failed to have any meaningful examination. No wonder it was canceled.

Then, there are the main characters. Many problem have an issue with Eliza’s acting. Personally, I think she plays a blank doll fine, and while her acting in her various guises is far from great, it is passable. It certainly would not be enough to bring the whole show down. What about the other characters? Again, the acting is nothing special, which isn’t a problem. Enver Gjokaj is one of the better actors on the show. His portrayal in the last episode (2×05) of Topher was perfect, with it being a perfect impression.The problem, is with the characters. They are bland and uninteresting, and morally suspect without any kind of reasoning or explanation given.

In all of Joss Whedon’s other TV shows, there is a common theme for people fighting for something. We had Buffy fighting against the forces of hell to save the world, Angel fighting for his humanity, and the crew of the Firefly fighting against a totalitarian government. This theme is absent in Dollhouse. Instead, we have a large apparently very evil corporation screwing around with peoples lives and personalities for profit. Indeed, it seems to be implied through that Rossum wins regardless, which invokes a feeling of ‘why even bother?’. The only character who was fighting against them was bland and uninteresting, and ended up working for them.

In the first season, we had Agent Ballard explaining why the Dollhouse was evil in every episode, while displaying a disturbing obsession with Echo that was never quite explained. For reasons that don’t quite make sense and appear to be forgotten, he now works for the Dollhouse, suddenly being convinced he is doing the right thing. With Senator Perrin revealed to be a doll, there is no one actually fighting the Dollhouse.

Boyd is obviously a moral character and has a lot of concern for the people in the Dollhouse despite obvious moral qualms about his work. An apparently meaningful relationship with echo in season 1 was abandoned in season 2. Why show these characters and their moral concerns if you are not going to expand on them. All we see is these people voluntarily working for an evil corporation without offering any justification. This makes it hard to sympathize with or like these characters, when we instinctively feel we should be rooting for them to be taken down.

One of the more annoying things about the show is the fact that everyone is turning out to be a doll. Dr. Saunders turned out to be a doll, which was interesting given that she was a member of staff. Then Lubov turned out to be a doll, which seemed like an interesting twist. Then Mellie was revealed to be a doll, which is exactly when it stopped being clever. After the last episode revealing that the Senator was a doll, it became an annoying plot device that makes it hard to be invested in the story. I won’t be surprised if any more major characters turn out to be dolls.

Another point that I found annoying, although it applies to a lesser extent to all of Joss’ shows, is a negative male portrayal. The males on Joss’s shows always seem to embody negative sterotypes to directly contrast the strong female characters, instead of just having ‘normal’ male characters. Topher seems particular annoying because he appears to be a clich├ęd lonely brilliant nerd. Much like Andrew. We then had Ballard with an unexplained obsession, one of the handlers being a rapist, the Dollhouse directors being willing to sell Sierra into sexual servitude for profit and Dominic trying to murder Echo. The only decent character seem to be Boyd who is still quite questionable. By contrast the females are all strong and independent, and work hard to do the morally right thing such as DeWitt restoring Serra so she would not have to be a slave, and Caroline being an activist before she was a doll.

One last small thing that has been bugging me with the show, and with other movies or shows with similar concepts such as Avatar, is why a persons consciousness must be transferred. Surely however that technology would work by reading the brain, it would make a copy? What would necessitate that the original be erased? It’s a minor point, but it seems that it is avoided for the sole purpose of the problems such a plot point would cause. If it is obvious to me, then it is probably obvious to others, so why not explain it away in the show?

Some people might say that Dollhouse was canceled just as it was getting good, and I am not sure that is true. The show has certainly improved, however I don’t think it has improved to a point that warrants renewal. The characters are still bland, there has not been any strong overall story or development, the stand alone episodes are weak….the audience has nothing to connect with. The show may have had potential, but they had two years to figure things out and correct their mistake. If they didn’t learn by now, then it is a fairly safe bet they may never have.

It was an interesting ride though. I wonder if the series will continue on in comic form ala Joss’ other works. I can understand many people watching the show being fan’s of Joss and wanting to see where the show went. What I don’t get is the blind loyalty some of these whedonites seemed to display, aggressively defending what is basically a bad show. Even if the show were good overall, when they defend obviously bad writing or dialog, it seems to be nothing more than fanaticism born out of some sort of twisted loyalty.

Something that this Penny Arcade strip captured perfectly:

While Dollhouse was ultimately disappointing, I look forward to Joss’ next project, and hope that he may return to his original winning formula.

It seems I spoke too soon. I wrote this post before watching episodes 2×07 and 2×08, which seemed to contradict many of my problems with the show. The later episodes have definitely been interesting, although the story would have worked much better as a season/show arc rather than a conclusion to the canceled series. I have to say I was quite disappointed with the attic being a matrix ripoff and Victor and Sierra having a love that transcends self. Still, it is entertaining enough and I wonder how the show will end in January.

December 8, 2009

Google DNS and others

Filed under: Tech — Tags: , , , , — allthatiswrong @ 6:06 pm

There has been a lot of reaction lately to Google offering public DNS servers for use. More than you might expect considering OpenDNS has been available for years, but then this is Google we are talking about. Google has a primary server at and as a secondary.

The performance seems to be sufficient, and may well be better than many ISPs own DNS servers. Combined with an increasing number of ISPs breaking the DNS standard to try and maximize profit, and ISP’s still vulnerable to the kaminksy bug, this seems like it can only be a good thing.

Indeed, it mostly is a good thing. Especially for Germans, where internet censorship is implemented with DNS blacklists. Having many people use a publicly available DNS service “because it’s faster” or for some other innocent reason will give a little bit of additional protection to those who feel they need to use alternative DNS services to get around archaic censorship laws.

It is important to clear up one misconception though. I have seen many comments from people that seem to think if their ISP is untrustworthy, that using Google’s DNS servers will somehow circumvent your ISP. This is not entirely true. In most cases, your ISP won’t probably care. If they do though, there is nothing stopping them from snooping your outgoing DNS traffic, and perhaps even modifying or redirecting it.

What is interesting is how this compares to existing public DNS servers. The founder of OpenDNS has some thoughts on Google’s DNS server here. I have avoided using OpenDNS in the past because of their tendency to break the DNS standard. This is purely selfish behaviour, and it should not be accepted by anyone whether from free DNS providers or ISPs. Even if there are no problems with application compatibility as such, it’s just annoying to get ads instead of an error page.

I am well aware this behavior can be changed if you sign up and configure the service, however I have never felt the desire to do so. A DNS server should just work, without the need for extra configuration(from the users point of view). For that reason, I have been using the Level 3 DNS servers for the last few years. They are in the range of, and being the DNS servers of a tier-1 ISP, they are blindingly fast. The difference between using the Level 3 DNS servers, and those of Google or OpenDNS, is that the Google and OpenDNS servers are explicitly public and for use by anyone.

It is also interesting to wonder just why Google is offering public DNS servers. They have promised to erase IP records every 24 hours, which means they will still keep a list of domains resolved. I can’t help but wonder how Google will use this information to improve their search products, and if it were elementary why other search providers have not done this in the past. With IP records being erased a day after use and not being tied to Google accounts, privacy or security concerns do not seem to be a valid argument against using Google’s DNS servers.

At the moment having explicitly public, widely available, fast standards compliant DNS servers that don’t require registration can only be considered a good thing.

December 2, 2009

Keyloggers and virtual keyboards/keypads are not secure

Filed under: Security, Tech — Tags: , , , , , , — allthatiswrong @ 2:20 pm

There seems to be a common misconception that online keyboards or keypads are a useful tool in defeating keyloggers. This is only true in the case where the online keyboard is randomized or a one time password is used, which unfortunately is the exception rather than the rule. I am not aware of other people discussing this, so here goes.

Most modern software keyloggers will not only records keystrokes, but will also records the mouse coordinates each time a mouse is clicked. This is exactly why an online keyboard does nothing to negate a keylogger unless it is randomized. If I see a mouseclick at x60,y60, and subsequent mouseclicks at x48,y60 and x52, y60, then I can likely workout which keys were clicked.

The keylogger will record the site that was visited, and since the authentication page is necessarily open to anybody it allows for an attacker to workout the distance between virtual keys and the starting location of the virtual keyboard. Those mouse coordinates above can now be translated to mean that the ‘u’ key was clicked first, followed by the ‘q’ and ‘e’ keys.

Some people believe that using the windows or another virtual keyboard program is secure and will protect against keyloggers. If anything, this is worse, as the attacker does not even have to use the mouse coordinates to work out which keys were pressed. Virtual keyboard programs tend to send the same WM_KEYUP and WM_KEYDOWN events when a key is clicked, which sends the same signals as if a hardware key is pressed.

At present, relying on virtual keyboards or keypads for an extra layer of security is useless, unless they are randomized. The only way to be sure is to ensure your system is clean, by following good practices or perhaps using a virtual machine if you wish to be extra cautious.

Unfortunately most banks or secure services can’t be bothered to implement a proper system. Several of the largest banks through Australia, the USA and Europe that I have experience only have a simple text password field. This is less secure since it is directly vulnerable to keyloggers. The banks that do tend to have some sort of online keypad tend not have it randomized in any way, making it vulnerable to the attack described above. This is worse than a simple text field due to instilling a false sense of security. It is only a few banks, generally the smaller ones that actually implemented a one time password or randomized keypad.

I’m not sure why the sites trying to make a secure authentication system are not aware of this, or perhaps they simply don’t care. Perhaps like so many others, they feel that giving an illusion of security is sufficient. Customers are already protected from fraud by most laws, so it would seem the incentive to provide to increase security would favour the banks rather than customers. Which means that apparently they are not being hurt enough by fraud(despite it being one of the largest growing attacks against bank customers), which is interesting.