The Treasury Department has warned U.S. publishers that their editors are not allowed to alter the text of any books they're reprinting from "disfavored nations" -- such as Iran, Libya, or Cuba. That means that yes, they're allowed to print books that came from those countries, but they cannot fix typos, edit text, or even add pictures and captions. The punishment for breaking the law? A half-million-dollar fine and up to 10 years in jail. As the New York Times reports today:

Nahid Mozaffari, a scholar and editor specializing in literature from Iran, called the implications staggering. "A story, a poem, an article on history, archaeology, linguistics, engineering, physics, mathematics, or any other area of knowledge cannot be translated, and even if submitted in English, cannot be edited in the U.S.," she said.

"This means that the publication of the PEN Anthology of Contemporary Persian Literature that I have been editing for the last three years," she said, "would constitute aiding and abetting the enemy."

Apparently these laws have genuinely begun to affect scientific discourse:

These days, journals published by the engineering institute reject manuscripts from Iran that need extensive editing and run a disclaimer with those they accept, said Michael R. Lightner, the institute vice president responsible for publications. "It tells readers," he said, "that the article did not get the final polish we would like."

Man, the guys at Benrik have created some sheerly hilarious stuff. I posted below about their World Mood Chart, but then I started looking around the rest of their site -- and I found The World's Longest Poem.

Go there, enter your own line of up to 60 characters, and it will automatically be added to the poem. It's already 8,662 lines long (I dumped the text into an Excel spreadsheet to find out), though that includes a place in the middle with the line "yeti, dodo, chocolate muffins all dead but where's the care" repeated 172 times in a row, which is either a bug in the program or a contributor making some truly opaque literary statement.

Here's the text leading up to my contribution; the last line is mine:

You've got to stay at the YMCA!
unbornchikkenvoicesin my head?
And then I ran. Faster than any had thought possible.
and it all smelt like chicken
then father wispers, "Go to hell."
but Reader, I was already gone.

Years ago, I got the idea for an Internet Mood Ring. I thought it'd be fun to write a little application that would sit in the corner of your screen, showing you two small buttons. They would mimic the color range of a mood ring -- they'd glow black for a "bad" mood, then gradually lighten through reds and oranges and greens until they glowed blue for a "good" mood. The first button represented your mood; you'd click on it to bring up a slider, and slide it to represent the right color. The other button would represent the average of all the other moods of all the other users of the application. That way you could watch as the world's mood shifted and changed during the day -- and you could also, in a quick glance, compare your mood to that of the world at large.

I actually wondered if this wouldn't produce some really weird Heisenbergian feedback effects; if you looked at the buttons and realized you were feeling better than the rest of the world, would that make you feel better still, causing you to dial your personal mood higher, thus causing the overall mood of the world to improve? And if everyone in a better-than-average mood did the same thing, wouldn't that have a distortion effect on the world's mood -- bringing it higher? Or would the same thing happen in reverse: Maybe the people who realized they were lower than average would get even more depressed, dial themselves lower, and thus drag the average back down.

Anyway, I was too lazy to do anything about this. But I was pleased to find out the fine folks at Benrik had roughly the same idea -- and they actually pulled it off! Go to the World Mood Chart, input your mood, and it'll generate chart showing you how the mood of the world has gone up and down that month.

The chart above is for February. Clearly, something happened on Feb. 7 that just totally harshed the world's mellow, because the mood dropped to somewhere between "Mad As Hell" and "Deeply Depressed". Any idea as to what went on that day that could have shifted the mood of the entire planet?

(Thanks to Plastic Bag for this one!)

Go to World66 and click on a list of all the countries you've visited. Then it'll generate map of the world showing where you've been in red. It's an interesting experiment in geopolitics, because if forces you to realize how big the world is and how little of it you've seen -- if you're like me, that is. My map mostly-white map is above.

There's an extremely cool test over at the BBC's web site, where they play you video clips of 20 people smiling and you try to guess which ones are fake. Apparently, most people are bad at this, possibly because society would pretty much implode if we were knew just how miserable most of us are most of the time. I got only 13 out of 20 right.

In case you're wondering how to spot a fake smile, the BBC has some suggestions -- based on analyzing the physiology of smiles:

Fake smiles can be performed at will, because the brain signals that create them come from the conscious part of the brain and prompt the zygomaticus major muscles in the cheeks to contract. These are the muscles that pull the corners of the mouth outwards.

Genuine smiles, on the other hand, are generated by the unconscious brain, so are automatic. When people feel pleasure, signals pass through the part of the brain that processes emotion. As well as making the mouth muscles move, the muscles that raise the cheeks – the orbicularis oculi and the pars orbitalis – also contract, making the eyes crease up, and the eyebrows dip slightly.

Lines around the eyes do sometimes appear in intense fake smiles, and the cheeks may bunch up, making it look as if the eyes are contracting and the smile is genuine. But there are a few key signs that distinguish these smiles from real ones. For example, when a smile is genuine, the eye cover fold - the fleshy part of the eye between the eyebrow and the eyelid - moves downwards and the end of the eyebrows dip slightly.

This reminds me of my nearby McDonald's, which I frequent way too often for my own good. About two months ago some manager put up a sign saying "If we don't smile while we serve you, tell us and you'll get a free hash browns or small fries with your next meal!" Beneath that it reads something even more sick, like "Go ahead -- we love it when you catch us!" The first time I saw it I thought, christ, that can't be real; that has to be some particularly subtle form of culture jamming. But it's real, and were I to actually take the managers up on their offer, I could basically feed myself entirely for free off the sadness of McDonald's employees, because in the last month I swear to god I haven't seen a single cashier flash a smile once. Not even, dare I say, a fake one.

Slate just published my latest video-game colum: "Lost in Translation: Why Japanese gamers love avenging Pearl Harbor." It's about Medal of Honor: Rising Sun, one of the first war games to put you in the shoes American marines as they attack Japan in revenge for Pearl Harbor. The thing is, when Electronic Arts released the game in Japan, game reviewers loved it -- even though the game requires that they repeatedly kill their virtual fathers and grandfathers, in a war that is still a rather touchy subject.

I try to explain the game's popularity in Tokyo. You can read the piece online, but here's a taste of my argument:

This leads to a surprising facet of game psychology: Really hard-core gamers often look past the cultural "content" of a game. They're mostly worried about a more prosaic concern, which is whether the game is fun. The geopolitics of a game melt away as players, like philosophers musing on their favorite platonic solid, ponder gameplay in the abstract.

We're accustomed to thinking that a piece of entertainment is nothing but its cultural content. A movie or TV show is just what you see on the screen. But a game is also about play, and play is invisible. That's why outsiders are often puzzled by the success of games that would appear to be nothing but screamingly offensive content. They can't see the play. Sure, you've got raw guts flying around — but for the player, part of the joy is in messing with physics (even if that happens to be bullets and shoulder-launched grenades) or with strategy (even if that's figuring out how to starve a village).

One of the interesting cultural problems of the Internet is that most fonts aren't created to display more than one or two languages. If you visit foreign-language sites, you'll notice that you're always having to download "language packs" so that your browser can display the words correctly, with all the characters unique to the country's language.

Victor Gaultney, a font designer, decided to tackle this problem by creating the Gentium typeface. His mission, as he describes it, is:

Gentium is a Unicode typeface that contains Roman, Greek and Cyrillic characters, including many characters seldom seen in even the most ambitious typefaces. Far from being a luxury, these characters are needed to write many of the over 6,000 languages thought to exist in the world.

He's not quite there yet; Gentium only covers the Roman, Greek and Cyrillic scripts, which are historically pretty closely linked and thus typologically similar. It'll be a while before he starts including the script for minor dialects spoken primarily in Ulan Bator. But nonetheless, the project is fascinating because it highlights an interesting point: That fonts are political, or at very least, have political implications. There's a great interview with Gaultney on his site, in which he talks about how a font can affect global discourse:

Gentium has managed to break down some of the barriers between people. There used to be a wide gulf between the greater publishing, academic and multilingual communities. Publishers would hesitate to do work in unusual languages because the available fonts were so poor. Academics had to do their own thing because the industry did not support their needs. Multilingual publishing has often been a constant struggle with incompatible solutions of varying quality. Now everyone can use the same font — and get excellent quality, readable, attractive text.

What's particularly cool is that he's made Gentium free for download; you can get a copy of it here.

(Thanks to Snarkmarket for this one!)

Oh man. There are only two guys aboard the International Space Station, and on Monday they will be going on a space walk simultaneously. So the Station -- a leaky Edsel in bad need of servicing -- will be screaming through the howling aether on autopilot, while these poor saps bounce around outside and pray to god nothing breaks.

This sounds completely deranged to me, but apparently the Russians talked NASA into it. According to today's New York Times:

At first, some NASA officials were uneasy about leaving the station unmanned for spacewalks, but Russia said the walk to be done this week was necessary to maintain some outside scientific experiments and to examine the exterior of the station. Russian officials also noted that they had made 50 spacewalks from their previous space station, Mir, with no one left inside.

I have to admit, I'm impressed. They did 50 spacewalks while Mir -- which was basically an empty can of Lysol with retrorockets -- flew unmanned? Say whatever you want about Russia, but their scientists have nerves of steel. How the hell did the U.S. win the cold war, anyway?

For decades, the military has been trying to figure out ways to keep soldiers awake and alert in the field -- for days at a time. Back in the 60s, that meant some pretty hair-raising experiments with everything from bennies to LSD.

These days, the military is looking to the private sector to find out if anyone is developing a high-octane version of No-Doze. It's no wonder they're putting out feelers; after all, we civilians are buying an increasingly large number of performance-enhancing pills, herbs, and "smart drinks". Many of these are total snake oil, as the New Yorker ably reported last week, but it hasn't stopped the supplement industry from booming. Indeed, one could note the gorgeous symmetry of these trends: Outside of 22-year-old Ohio soldiers frantically dodging shrapnel-mines in Iraq, the main group of Americans who are trying to stay alert for 72 hours nonstop are crazed Gen-X yuppies gulping ginseng energy-tablets by the fistful. Be all you can be!

But je digresse. The whole reason I'm writing this by-now-rambling entry is to point you to an interesting call for submissions from the Defense Sciences Office. They're looking for new drugs or technologies in their "Metabolic Dominance" program, the goal of which is thus:

The Defense Sciences Office is interested in proposals to develop innovative science and technology capable of affording superior physiological qualities to the warfighter. The vision for the Metabolic Dominance Program is to develop novel strategies that exploit and control the mechanisms of energy production, metabolism, and utilization during short periods of deployment requiring unprecedented levels of physical demand. The ultimate goal is to enable superior physical and physiological performance by controlling energy metabolism on demand. An example is continuous peak physical performance and cognitive function for 3 to 5 days, 24 hours per day, without the need for calories. Continuous exertion over numerous days is currently limited by: 1) the ability to transport and ingest adequate calories and/or effectively access stored calories (e.g., adipose, glycogen); 2) available training time; extended training periods are required to adapt muscle and mitochondria to meet intense physical loads; and 3) the ability of physiological systems to rapidly recover after extended, repeated bouts of physical exertion.

Squint a bit, and that almost reads like the text on the back of a workout pamphlet from the New York Sports Club.

Unless you've spent the last couple of years on the moon, you know that Google is now the world's most important research tool. Students use it to research their papers, jilted lovers use it to stalk their exes -- and journalists use it for just about everything.

That latter class may be a bit of problem, if you believe Lionel Beeher. He wrote a hilarious rant on the MediaBistro site pointing out that journalists have begun to cite Google results as evidence of a subject's importance. The more hits something comes up with, the more culturally significant it must be, right? Beeher cites hilarious examples of this journalistic logic:

Take the February 2 issue of The New Yorker, for example, which features not just one but two examples of reportorial Googling to gauge a story subject's popularity. First, TV critic Nancy Franklin cites Google in her article "L.A. Love" for, of all things, comparing the relative popularity of naked men and women. "A Google search for 'naked men'," she writes, "yields about six hundred thousand results; 'naked women' yields more than a million." Ergo, the female body must be more desirous than the male's. Case closed. Why? Well, because Google said so.

Franklin's colleague Michael Specter couldn't disagree. After all, he relies on a similar gambit in his story "Miracle in a Bottle" to gauge the popularity of the diet drug Zantrex. "If you type 'Zantrex' into Google," he writes, "more than a hundred thousand citations will appear." Though he preceded the sentence with evidence and statistics of the drug's increased use, Specter seemed worried that in this dot-com age, Internet-savvy readers would be left unconvinced without hard search-engine evidence. Scientific studies as proof? Eh. Web searches? Now you've convinced me.

During the dot-com boom, software engineers became celebrities, fêted by the press. Back in 400 B.C., another class of technicians rose to rock-star prominence: Catapult engineers. Catapults were the WMDs of the preChristian era, revolutionizing war by allowing armies to destroy city walls -- and lob the flu-infected severed heads of vanquished foes back into their loved one's front yards. Nice.

Anyway, Serafina Cuomo, of the Imperial College London's Center for the History of Science, recently wrote a paper for Science called "The Sinews of War: Ancient Catapults", which be the coolest title of any academic paper ever. The official term for catapult science is "belopoietics" -- with poietike meaning "making of", and belos meaning "projectile or projectile-throwing device". Apparently, the big scientific breakthrough was when early scientists realized that all parts of the catapult were proportional to the torsion springs. Once they figured that out, they had some pretty badass stuff on their hands -- as an excellent story in National Geographic News reports:

The fearsome machines terrorized battlefields and sieges until the proliferation of gunpowder. Their power was impressive and terrifying. Roman catapults could hurl 60-pound (27-kilogram) boulders some 500 feet (150 meters). Archimedes' machines were said to have been able to throw stones three times as heavy.

(Thanks to SciTech Daily for this one!)

We could have seen this one coming a mile away. The British company Link 77 has been having much success with Natachata, a chatbot it created that can talk dirty via SMS. People are, quite unsurprisingly, willing to pay per message for steamy chat while locked in boring day-long sales meetings.

Mark Ward of the BBC has a story about it today, with a funny example of a piece of chat:

barry says: "Hello how are you"
Julia says: "Hello, barry"
barry says: "Are you a virgin"
Julia says: "As far as you're concerned, barry, I always will be"

What's particularly interesting is that the inventors have grokked some of the Turing peculiarities of SMS -- i.e. the stuff a 'bot has to do to seem human in that medium. Like the popular Alice or Eliza 'bots, Natachata pulls its responses from an enormous 100,000-strong library of contextualized responses, and can "remember" a few basic facts like the name of who it's talking to. But the fun part is that once it generates an appropriate response, it "turns it into text slang" and "adds spelling mistakes" -- crucial aspects of seeming "real" in SMS-speak. "It even adds a random delay to the return message because, if they were fired back too quickly, people would guess that they were computer-generated," the BBC notes.

(Thanks to Techdirt Wireless News for this one!)

J.P. Brown is an archaeological conservator at the Field Museum in Chicago. But in his spare time, he builds some of the most dementedly advanced robots you've ever seen, using Lego Mindstorms. That robot above? It can solve a Rubik's Cube puzzle. If you check out his site, you can see Brown's complex descriptions of the engineering difficulties he faced -- not the least of which was creating Lego robot grips strong enough to manipulate the cube. He's also posted mindblowing videos of the robot in action.

Briefly, the software sends a message to the top RCX asking it to present one face of the cube to the video camera. The computer captures a frame from the video camera, and scans a 50x50 pixel area of each color patch to find the median red, green and blue (RGB) color values for each color patch on the face. The RGB values are converted to CIE X Y y coordinates, and then the CIE values are trigonometrically compared to the calibration values to find the closest match. The computer then asks the robot to show it the next face, and the process is repeated until all the faces have been scanned.

Consider the awesome circularity of this thing: A toy that can solve a toy. I'm in love.

This reminds me of why Lego may be the best toy ever to teach math, engineering, and logic. Any kid that plays with Lego has to confront the challenges of calculating how to add up multiple tiny shapes into a bigger one, usually with interesting questions of geometric symmetry thrown in, and the engineering demands of making a structure stable enough to be played with. And when you add in the Mindstorms programming language, you've basically got something that is essentially a complete curriculum in way-kewl geekitude.

Even before Mindstorms came along with an official coding language, Lego had many connections to the programming mentality. Brown himself has a superb nerd sense of humor, as I found when surfing his FAQ and discovered he'd written a description of his work like in NQC, one of the most popular Lego Mindstorms programming languages:

#define boredom_threshold 1
#define client_lag 35
#define work OUT_A
#define alive true
int meeting_lag;
task main()
    {
    while( alive ) {
        crisis_level = Random( meeting_lag );
        Wait( boredom_threshold + crisis_level );
        On(work);
        do {
            Wait( Random( meeting_lag ) );
            --crisis_level;
            } while( crisis_level > 0 );
        Off( work );
        }
    }

I was going over to Salon to read an article, and since I don't have a subscription, I had to click on an ad and view it. What popped up was an extremely nifty Flash ad by General Electric: A string of water bubbles that you can "play" to produce notes on a violin. (There's a screenshot of it above.) I messed around with it for a few minutes and soon was able to play quite complex melodies. And I thought, damn, now this is what more online ads ought to be doing -- producing fun, engaging, quick-hit interactive experiences. It's a superb little bit of work: Part ad, part game, part instrument.

Go try it out! Hint: To play individual notes, sweep up from below to touch the bubble you want. By the way, going to view the ad will also put money in Salon's pockets, so you will be supporting independent journalism by playing music. How often do you get to do that?

Apparently there's a new theory that says the universe will end with a totally outta-control explosion. Scientists are calling it "The Big Rip", and it's based on theories that the universe has "phantom energy" in it that helps explain why the universe is expanding.

There's a great story on it in today's New York Times, which explains our doom. Billions of years from now, apparently, phantom energy will be pushing the galaxies apart so quickly they'll be near the speed of light -- and the sky will go dark. The acceleration will demolish the galaxies:

About 900 million years later, about 60 million years before the end, our own Milky Way galaxy will be torn apart. Three months before the rip, the solar system will fly apart. The Earth will explode when there is half an hour left on the cosmic clock.

The last item on Dr. Caldwell's doomsday agenda is the dissolution of atoms, 10-19, a tenth of a billionth of a billionth of a second before the Big Rip ends everything.

"After the rip is like before the Big Bang," Dr. Caldwell said. "General relativity says: "The end. Time can't evolve."

The best part of the story is where the physicists basically admit that yeah, given how incredibly weird phantom energy is, it probably allows for things like antigravity and wormhole-based time machines. Antigravity and time machines, people. God DAMN do I love modern physics.

The Times's web site gets bonus points for the driest copywriting on the planet: Attached to the news story is an "Interactive Graphic" illustrating "A New View of Doomday".

By now, you've probably heard about the guy who put his mobile phone number -- 867-5309 -- up for sale on Ebay. Since that's the number made famous by the Tommy Tutone hit song, it has been receiving massive bids: When I last checked in, it was going for $80,700. When I blogged about this a few days ago, I noted that customers do not actually own their phone numbers, and suspected that the phone company might step in and say, "hold it, we ought to get any cash for the sale here."

Whaddya know. In an interview with Newsday, Verizon said such sales aren't allowed:

But there's a question of whether the number can even be transferred to the winner once the auction ends Feb. 22. Verizon says there's no question: It can't. Individuals do not have ownership of the numbers given to them, a Verizon spokesman said.

... and sure enough, if you check the item itself, it's been taken down.

(Thanks to Boing Boing for this one!)

Some people like to buy knickknacks on Ebay. Some people like to buy a lot of knickknacks on Ebay. And some people function like the black holes of knickknackery, acquiring so many metric tons of ceramic gnomes and "glass art" that their homes develop their own fields of gravity and exert a small but measurable pull on the moon.

This guy's mother falls into the third camp. So he went onto the Something Awful forums and posted a handful of pictures that function as a horrified tour of his mother's house, complete with hilarious captions. The snapshot above is from his mother's living room, where she keeps her paperweight collection. But my personal favorite is the murky picture of her bedroom, which is crammed full to the ceiling with Fedex boxes. The caption:

And here's my mom's bedroom. You were probably expecting a bed or something. It's there, somewhere underneath all those boxes. My mom decided storing this stuff is more important that having a place to sleep. So where does my mom sleep? Remember that 2/3rds of a couch back in the living room? Yep, every night. No I don't know what's in any of these boxes either. Most of them are from eBay and have never been opened, just put straight on the pile.

(Thanks to Rob for this one!)

This is wonderfully demented: Steve, a programmer with Sim Slice, has released Slice City -- a version of Sim City which is played inside The Sims. As Boing Boing notes, "that means that your simulated people can simulate being the mayor of a simulated city."

Wired News wrote a piece about it:

Just like in The Sims, attention to detail breeds success and reward, while inattention breeds disaster.

"The Sims must routinely refurbish the buildings to keep the citizens happy, or just let them deteriorate and force the citizens to become unhappy and move away," says Alvey. "Happy citizens go to work and pay taxes, which the Sims collect as revenue. The higher the profits, the more attractive the city becomes, so more citizens will move into it."

Worlds within worlds within worlds. I love how Slice City riffs off the old science-fiction conceit, in which a scientist peers into a microscope and discovers a tiny civilization at atomic size. Then the camera zooms waaaaaay out and -- whoa! -- you see that the scientist is himself part of an atomic-scale civilization being peered at by another, huger scientist, who is himself being peered at in turn by another ... and so on, and so on.

Recursion is one of the neatest and freakiest intellectual concepts there is.

(Thanks to Boing Boing for this one!)

Astronomers have just discovered that at the heart of the burned-out star "BPM 37093", there is a diamond that weighs 10 billion trillion trillion carats. That's one followed by 34 zeros. As the Sacramento Bee reports:

The heart of that burned-out star with the no-nonsense name is a sparkling diamond that weighs a staggering 10 billion trillion trillion carats. That's one followed by 34 zeros.

The hunk of celestial bling is an estimated 2,500 miles across, said Travis Metcalfe, of the Harvard-Smithsonian Center for Astrophysics.

The "Dream Income" blog is devoted to archiving spam. Actually, the posts are nothing more than the header to the spam, then the message text -- as if the spam itself were writing the blog.

It's quite hilarious to look at, partly because it looks like a real blog, written by a real person. And that reminds us of the most salient fact about spam, which is that quite apart from it being a huge annoyance, it's also the world's largest and most successful Turing Test ever: A mass communication by robotized life forms desperately attempting to pose as human.

More significantly, the blog rocks because it is keeping an archive of spam. That's actually a rather valuable service. Because who saves spam? Hell, I'm one of the few freaks that actually regularly reads his spam, just because I'm interested in it; but not even I save copies of them. The end result is that this no central "Library of Spam"; this enormous cultural explosion of hucksterism is not really being recorded anywhere, and in a purely academic sense, that's sad. It's the same way many pieces of pop culture were treated. Public libraries didn't save copies of comic books, penny dreadfuls, or pop CDs either, and so much of that incredibly rich history is hard to find too.

(Thanks to Jonathan Korman for this one!)

As you may know, "number portability" has arrived for mobile phones -- so that you can transfer a number from one phone to another. This has created an interesting side effect: People with particularly cool phone numbers are putting them up for sale to the highest bidder.

On Ebay today, someone is auctioning their mobile number "867-5309" -- which was, of course, made hummably famous by the Tommy TuTone hit "Jenny (867-5309)". It's available in the 212 area code. When I last checked in, the bids had hit $56,000. Holy moses.

What's particularly interesting is the attitude of the seller towards the number, as witnessed by the way she or he describes the "item":

**I currently am the owner of 212-867-5309. I will transfer the number to the highest bidder.

**Number portability has allowed me to put this up for sale.

The thing is, nobody owns their phone number. It's a piece of identifying data the phone carriers temporarily give to you, but they could revoke it at any point in time. Check your mobile-phone contract if you don't believe me. (Actually, you're carrying lots of things you don't own. That bank card in your pocket? It's the property of the bank, merely on loan to you while you have an account with them.)

But the point is, people believe that they own these things -- so they treat them like property even if they aren't. In the case of mobile numbers, this is likely to lead to some quite interesting culture clashes. What's going to happen when mobile-number auctioning becomes a really big thing? Will Verizon and Cingular and Sprint and all the other carriers suddenly go, "whoa, hold a second, we should be getting the money for these sales"? Or will they consider it a sort of unavoidable usage culture that is basically free advertising for the coolness of mobile phones? It's much like the fights that have cropped up in the world of online games like Ultima Online or Everquest, where the players began treating their virtual swords, castles and characters as a form of property, and selling them on Ebay -- utterly without the consent of the companies.

** UPDATE: As I suspected, Verizon has yanked this auction -- you can read my blog posting about it here.

Yikes. Over at Boing Boing, a guy sent in a picture of a handheld electronic game that a friend of his brought back from Taiwan about six months after 9/11. It's called "Laden vs. USA," and a closeup photo of it is here. No word on what the point of the game is, but a quick Google search indicates that this game has actually been manufactured several times -- on this blog, there's a photo of a slightly differently-shaped handheld unit that's also called "Laden vs. USA". (And another, clearer shot of the game pictured above is here.)

It's a pretty bleak specimen, but in a strictly academic sense, this is an interesting example of the trend towards using games as a form of political commentary. In this case, however, I suspect the motivation is just good old-fashioned profiteering. It's unlikely that the game has any political content specific to Al Qaeda or the USA. On the contrary, it's probably just some entrepreneur who bought a few truckloads of a generic war-like "shoot the soldiers" game; there are hundreds of these things produced every year by electronics sweatshops in Asia. Then they printed some labels to "rebrand" the generic game with a purported bin Laden theme, slapped 'em on the units, and sold them.

Not that this excuses the creepiness of the game, but it makes it rather unlikely that it has anything to do with actual terrorist networks.

A while ago I wrote about bluejacking, a fun way of using Bluetooth to zap a message onto the screen of any nearby Bluetooth-enabled mobile phone. But now there's a new technique that's much nastier: Bluesnarfing. Bluesnarfing is a technique for wirelessly reaching inside a Bluetooth phone and stealing any contact information stored in it.

It was discovered by a security officer in the UK who was testing the security of some Bluetooth handsets. As ZDnet reports:

Laurie said he discovered the problem when he was asked to test how safe Bluetooth devices actually were. "Before we deploy any new technology for clients or our own staff, one of my duties is to investigate that technology and ensure it is secure. Actually rolling your sleeves up and looking at it, not just taking the manufacturers' claims at face value. When I did that, I found that it is not secure," he said.

According to Laurie, he can initiate a bluesnarfing attack from his laptop after making a modification to its Bluetooth settings: "It is a standard Bluetooth-enabled laptop and the only special bit is the software I am using in the Bluetooth stack. I have a modified the Bluetooth stack and that enables me to perform this attack," he said.

Bluesnarfing has huge potential for abuse because it leave no trace and victims will be unaware that their details have been stolen: "If your phone is in your pocket, you will be completely unaware," he said.

This is an interesting gloss on the posting I wrote yesterday about cracking a system to try and examine its security, or lack thereof. In this case, a security official tried to invade a system -- and in doing so, usefully exposed a problematic vulnerability.

I just noticed this now -- over at Boing Boing, Cory Doctorow wrote an incredibly nice comment on my piece about virus writers! He goes on to offer a interesting critique of the piece based on a particular issue it raises: Whether computer code is protected as free speech. As Cory wrote:

Clive touches on, and dismisses the free-speech arguments for publishing malware code (interestingly, he does so without any quotes from legal scholars and impact litigators who work on First Amendment issues, and so ends up eliding the nuance in the argument and presenting a somewhat blunted picture of the issue) and only lightly touches on the far more important notion of legitimate security research.

If, as Schneier says, "Any person can create a security system so clever s/he can't think of a way to defeat it," then the only experimental methodology for evaluating the relative security of a system is publishing its details and inviting proof of its flaws -- proof readily embodied in malware.

Codebreakers and worm-writers are the only mechanism we know about for reliably strengthening systems, and the idea that they should refrain from publishing their research in order to keep us safe is fundamentally flawed, since it depends on the idea that malicious people will never be clever enough to independently reproduce their techniques, and that the public is better served by remaining ignorant of the potential risks in the systems they've bought than by being exposed to the evidence of the rampant flaws in those systems.

This notion falls flat when considered in light of the real world. If a developer was building condos whose doors could all be unlocked with an unbent paper-clip, this line of reasoning demands that the person(s) who discover this should keep mum about it, in the hopes that no bad guy ever catches on. In the real world, the best answer is usually to scream about this to high heaven, so that the bad developer can't silence you and cover his ass, and so that his customers can get their locks fixed.

This is an excellent debate. But I don't think my article dismisses the free-speech argument. Indeed, quite the opposite -- it explicitly states that code is a form of speech. As I wrote ...

... in most countries, writing viruses is not illegal. Indeed, in the United States some legal scholars argue that it is protected as free speech. Software is a type of language, and writing a program is akin to writing a recipe for beef stew. It is merely a bunch of instructions for the computer to follow, in the same way that a recipe is a set of instructions for a cook to follow.

Cory's quite right that I didn't actually quote any legal scholars or free-speech experts in the piece, though I certainly have interviewed plenty of them on this issue (including, back when I was writing about the DeCSS trial, the insanely brilliant Dave Touretzky).

I think Cory may be confusing my discussion of the ethics of virus writing with the right to compose malware. My article points out that the ethics of virus-writing are considered, by many, to be somewhat suspect. That doesn't dismiss the point about the free-speech argument for writing computer code. Quite clearly, code is a form of speech -- and for the record I would be very, very glad to see it thusly protected! (Not the least because, while being myself only a very crappy and very occasional programmer of the lamest computer languages in existence, I find programming a superbly intellectual endeavour.)

But just because one has a right to do something does not mean it's ethical to do it. (And vice versa -- there are, sadly, plenty of people in jail for things that were against the law but were not even vaguely unethical, including much civil disobedience.) Rights and ethics are very different things. What my article was in part trying to explore were the complex ethics of virus writing.

As Cory pointed out, one can also make a good ethical case in favor of virus writing. I, too, pointed out the argument:

Indeed, a number of them say they are making the world a better place, because they openly expose the weaknesses of computer systems. When Philet0ast3r or Mario or Mathieson finishes a new virus, they say, they will immediately e-mail a copy of it to antivirus companies. That way, they explained, the companies can program their software to recognize and delete the virus should some script kiddie ever release it into the wild. This is further proof that they mean no harm with their hobby, as Mathieson pointed out. On the contrary, he said, their virus-writing strengthens the ''immune system'' of the Internet.

Having said that, it is true that I presented the devil's-advocate side: That widely publishing your virus code can fall into an ethical grey area. That's because viruses behave in ways rather different from other types of code. Cory quotes Schneider to point out a well-known security fact: That one good way to improve the security of a computer system is for smart outsiders to examine it carefully and discover its weaknesses. That's why open-source code like Linux is so stable; tens of thousands of smart geeks have looked at the code and immediately publicized any weaknesses they find. That's also why smart goverment agencies and companies hire tiger teams to try and break into their own systems. It's a great way to probe your own vulnerabilities.

Viruses and worms are a bit different, though, I think. Attempting a series of hack-attacks on a particular system to try and uncover its weaknesses is a stable, controlled experiment. You can run the experiment in such a way that you don't actually hurt anyone. But when viruses and worms are released, they're inherently uncontrolled. They interact with thousands of unknown computer systems with unknown configurations; there's simply no way to fully predict what's going to happen. They might be harmless. Or they might screw up the 911 system in a city, as Slammer did. There are plenty of ways to test a system with a single hack attack. You can prove that backdoor exists by invading it on a single machine; no harm done. But there is no way to definitively prove a virus would spread the way you think it would without releasing it -- and that's an inherently chaotic endeavor.

Yet I still don't think one should be prohibited from writing worm and virus code -- because as Cory says, the code can be a good way to show, on paper, that a vulnerability exists that ought to be patched. The grey area is: How to publish the findings? If you put the full code to your worm up online, you can be pretty certain someone will release it. And though publishing may indeed be your legal right, in this context, it's also an ethical decision. Are there other ways to inform the world about a worm-related vulnerability you've discovered? Publish only the most relevant parts of the code? That might not be a bad idea, since script kiddies won't be able to write the rest of the code necessary to get the worm up and running; a smart security official, however, could look at those few lines of worm code and immediately grok the vulnerability they need to patch.

The counterargument would be that "software companies drag their heels -- nobody would ever really fix a vulnerability until they've had it literally slammed in their faces. You have show the full worm code -- hell, it probably has to be released in the wild -- before they'll really take it seriously." Fair enough. The vulnerability that the Slammer worm exploited had been known for months; people only got serious about patching it once they'd seen how much damage a worm could do. And, once again, one ought indeed to have the free-speech right to publish a worm. But I don't think exculpates you from the ethical aspects of the debate. Rights are clean and simple; ethics are super-messy.

Since Cory opened his posting about my article with an incredibly nice compliment about my writing, I'm going to close with one about his: Readers! If you are still with me here, DO NOT WALK but RUN to the nearest bookstore and get a copy of Cory's latest novel, Eastern Standard Tribe. He is easily one of the most talented science fiction writers I've ever encountered, and my shelves are groaning with the stuff. (His last novel Down and Out in the Magic Kingdom fried my noodle and inspired a zillion interesting conversations about the future of the reputation economy.) Go. Now!

Hmmm. Movable Type is acting up and not letting me rebuild my site. I'm not sure why, so I'm testing with a test posting here!

I bet you did not know that Feb. 5 was the first-ever "International Robot's Day".

Actually, neither did I. In fact, probably the only people who knew about it were the Euroweenie artists who stitched together a bunch of global events into this cyborgian celebration. But, since I like robots and have a couple of them myself -- in fact, my Roomba is currently slaving away at cleaning the living room as I type -- I heartily approve.

Brendan Dawes, an insanely brilliant programmer, has created Cinema Redux -- an application that produces a massive poster composed of tiny snapshots of each scene in a film. In essence, he produces a huge image that lets you "see" the entire film in one eyeful. He wrote a really nice description of the aesthetic purpose of his project, so here it is in his own words:

The end result is a kind of unique fingerprint for that film. A sort of movie DNA showing the colour hues as well as the rhythm of the editing process. Compare Serpico to The Conversation. You can see there's far more edits in Lumet's classic compared to the more gentle slower pace of Coppola's Conversation. This is also down to the editing style of Walter Murch who prefers to only make cuts when absolutely necessary.

That picture above is a small chunk of the poster of Alfred Hithcock's Vertigo. You can see more examples of the images here, and even buy a poster of one of them.

(Thanks to the J-Walk blog for finding this one!)

Check out the Acme Labelmaker, which lets you create your own sticky-tape-style labels to slap all over your web site.

(Thanks to the J-Walk blog for this one!)

As I've written before, we now live in the Turing age. Every time we open our email boxes, we're forced to conduct dozens of Turing tests, trying to quickly figure out which of the pieces of email are from real humans, and which were sent by spambots.

This battle has now claimed its first linguistic casualty. It occurred to me yesterday that you can no longer send an email to anyone with the sole word "hello" in the message header.

Why? Because the email recipient is almost certain to throw out your email before reading it. And why would they do that? Because the MyDoom virus has been flooding our inboxes with endless copies of itself, half of which say merely "hi" or "hello" in the message field. I personally have been getting between 20 and 60 copies of MyDoom every day for the last two weeks. So as I go through my email every day, numbly disposing of the 70 to 80 per cent of which is spam (and I get about 300 messages a day), I'm almost certain to throw out anything with "hi" or "hello".

The other day, I got an email from a friend saying, hey, did you get the email I sent you last week? And I hadn't. I didn't remember reading anything from him. He insisted he'd sent me an email, so I asked him, hey, just out of interest, what did you put in the message line? Oh, I said "hello," he replied.

Heh. That's the problem. These days, saying "hello" and "hi" instantly and definitively marks you as a spambot. I, and most other people on the Net, will immediately delete your mail and won't even waste the microsecond necessary to glance over to see which email address the email has come from.

So here's a tip for anyone who's trying to email me. If you want to appear human-like, put a human-like message header on your email. And that means you can't say just "hello" or "hi," because that no longer qualifies as a human-like message.

I blogged a few days ago about Georgia outlawing the use of the world "evolution" in their high-school biology classes. Georgia officials rather shamefacedly backtracked a couple of days later and reinstated the word, which is cool. But over at Culture Raven, my friend Erik points out an interesting nuance that's often ignored in the polarized evolution/creationism debate: That even amongst the ranks of scientists, there's still substantial debate about evolution. Steve Fuller argues this in his book Kuhn vs. Popper: The Struggle for the Soul of Science, which Erik parses thusly:

Physicians, entomologists, zoologists, and biologists seem predisposed to rejecting Darwinism. They work with these complicated, juicy, goofy, living entities whose personality, animation and complexity just don't seem reducible to stochastic processes like mutation and natural selection ...

Lots of real smart-type folks have shied away from full-on Darwinism and have tried to prove that complex "organic forms," be they societies or species, establish their own "pattern of development against external environmental pressures."

For years, scientists have pondered the mystery of how carrier pigeons navigate back home. Do they have special inner-ear navigational systems? Do they sense the magnetic fields of the earth? Do they perform some complex on-the-fly calculus using the position of sun?

Nope. Turns out they just follow the roads, like everyone else. A bunch of scientists at Oxford university in London attached teensy GPS trackers to pigeons and found the birds flew quite precisely along the lines of major highways. As professor Tim Guildford told the Telegraph:

"In short, it looks like it is mentally easier for a bird to fly down a road and then turn right. They are just making their journey as simple as possible".

His team carried out dozens of tests with pigeons in Oxfordshire, releasing them between 10 and 20 miles from their lofts, each with a tiny GPS tracking device attached to their backs. Matching their routes, they found most flew straight down the A34 Oxford bypass.

"It was almost comical watching one group of birds that we released near a major A road. They followed the road to the first junction where they all turned right, and a couple of junctions on, they all turned left".

This Sunday, the New York Times Magazine ran a feature I wrote on the world of virus-writers. The story is on their site but you have to pay to see it, so I've put the entire text below for free archiving:

The Virus Underground
Philet0ast3r, Second Part to Hell, Vorgon and guys like them around the world spend their Saturday nights writing fiendishly contagious computer viruses and worms. Are they artists, pranksters or techo-saboteurs?

By Clive Thompson

This is how easy it has become.

Mario stubs out his cigarette and sits down at the desk in his bedroom. He pops into his laptop the CD of Iron Maiden's ''Number of the Beast,'' his latest favorite album. ''I really like it,'' he says. ''My girlfriend bought it for me.'' He gestures to the 15-year-old girl with straight dark hair lounging on his neatly made bed, and she throws back a shy smile. Mario, 16, is a secondary-school student in a small town in the foothills of southern Austria. (He didn't want me to use his last name.) His shiny shoulder-length hair covers half his face and his sleepy green eyes, making him look like a very young, languid Mick Jagger. On his wall he has an enormous poster of Anna Kournikova -- which, he admits sheepishly, his girlfriend is not thrilled about. Downstairs, his mother is cleaning up after dinner. She isn't thrilled these days, either. But what bothers her isn't Mario's poster. It's his hobby.

When Mario is bored -- and out here in the countryside, surrounded by soaring snowcapped mountains and little else, he's bored a lot -- he likes to sit at his laptop and create computer viruses and worms. Online, he goes by the name Second Part to Hell, and he has written more than 150 examples of what computer experts call ''malware'': tiny programs that exist solely to self-replicate, infecting computers hooked up to the Internet. Sometimes these programs cause damage, and sometimes they don't. Mario says he prefers to create viruses that don't intentionally wreck data, because simple destruction is too easy. ''Anyone can rewrite a hard drive with one or two lines of code,'' he says. ''It makes no sense. It's really lame.'' Besides which, it's mean, he says, and he likes to be friendly.

But still -- just to see if he could do it -- a year ago he created a rather dangerous tool: a program that autogenerates viruses. It's called a Batch Trojan Generator, and anyone can download it freely from Mario's Web site. With a few simple mouse clicks, you can use the tool to create your own malicious "Trojan horse." Like its ancient namesake, a Trojan virus arrives in someone's e-mail looking like a gift, a JPEG picture or a video, for example, but actually bearing dangerous cargo.

Mario starts up the tool to show me how it works. A little box appears on his laptop screen, politely asking me to name my Trojan. I call it the "Clive" virus. Then it asks me what I'd like the virus to do. Shall the Trojan Horse format drive C:? Yes, I click. Shall the Trojan Horse overwrite every file? Yes. It asks me if I'd like to have the virus activate the next time the computer is restarted, and I say yes again.

Then it's done. The generator spits out the virus onto Mario's hard drive, a tiny 3k file. Mario's generator also displays a stern notice warning that spreading your creation is illegal. The generator, he says, is just for educational purposes, a way to help curious programmers learn how Trojans work.

But of course I could ignore that advice. I could give this virus an enticing name, like "britney--spears--wedding--clip.mpeg," to fool people into thinking it's a video. If I were to e-mail it to a victim, and if he clicked on it -- and didn't have up-to-date antivirus software, which many people don't -- then disaster would strike his computer. The virus would activate. It would quietly reach into the victim's Microsoft Windows operating system and insert new commands telling the computer to erase its own hard drive. The next time the victim started up his computer, the machine would find those new commands, assume they were part of the normal Windows operating system and guilelessly follow them. Poof: everything on his hard drive would vanish -- e-mail, pictures, documents, games.

I've never contemplated writing a virus before. Even if I had, I wouldn't have known how to do it. But thanks to a teenager in Austria, it took me less than a minute to master the art.

Mario drags the virus over to the trash bin on his computer's desktop and discards it. "I don't think we should touch that," he says hastily.

COMPUTER EXPERTS CALLED 2003 "THE YEAR OF THE WORM." For 12 months, digital infections swarmed across the Internet with the intensity of a biblical plague. It began in January, when the Slammer worm infected nearly 75,000 servers in 10 minutes, clogging Bank of America's A.T.M. network and causing sporadic flight delays. In the summer, the Blaster worm struck, spreading by exploiting a flaw in Windows; it carried taunting messages directed at Bill Gates, infected hundreds of thousands of computers and tried to use them to bombard a Microsoft Web site with data. Then in August, a worm called Sobig.F exploded with even more force, spreading via e-mail that it generated by stealing addresses from victims' computers. It propagated so rapidly that at one point, one out of every 17 e-mail messages traveling through the Internet was a copy of Sobig.F. The computer-security firm mi2g estimated that the worldwide cost of these attacks in 2003, including clean-up and lost productivity, was at least $82 billion (though such estimates have been criticized for being inflated).

The pace of contagion seems to be escalating. When the Mydoom.A e-mail virus struck in late January, it spread even faster than Sobig.F; at its peak, experts estimated, one out of every five e-mail messages was a copy of Mydoom.A. It also carried a nasty payload: it reprogrammed victim computers to attack the Web site of SCO, a software firm vilified by geeks in the "open source" software community.

You might assume that the blame -- and the legal repercussions -- for the destruction would land directly at the feet of people like Mario. But as the police around the globe have cracked down on cybercrime in the past few years, virus writers have become more cautious, or at least more crafty. These days, many elite writers do not spread their works at all. Instead, they "publish" them, posting their code on Web sites, often with detailed descriptions of how the program works. Essentially, they leave their viruses lying around for anyone to use.

Invariably, someone does. The people who release the viruses are often anonymous mischief-makers, or "script kiddies." That's a derisive term for aspiring young hackers, usually teenagers or curious college students, who don't yet have the skill to program computers but like to pretend they do. They download the viruses, claim to have written them themselves and then set them free in an attempt to assume the role of a fearsome digital menace. Script kiddies often have only a dim idea of how the code works and little concern for how a digital plague can rage out of control.

Our modern virus epidemic is thus born of a symbiotic relationship between the people smart enough to write a virus and the people dumb enough -- or malicious enough -- to spread it. Without these two groups of people, many viruses would never see the light of day. Script kiddies, for example, were responsible for some of the damage the Blaster worm caused. The original version of Blaster, which struck on Aug. 11, was clearly written by a skilled programmer (who is still unknown and at large). Three days later, a second version of Blaster circulated online, infecting an estimated 7,000 computers. This time the F.B.I. tracked the release to Jeffrey Lee Parson, an 18-year-old in Minnesota who had found, slightly altered and re-released the Blaster code, prosecutors claim. Parson may have been seeking notoriety, or he may have had no clue how much damage the worm could cause: he did nothing to hide his identity and even included a reference to his personal Web site in the code. (He was arrested and charged with intentionally causing damage to computers; when his trial begins, probably this spring, he faces up to 10 years in jail.) A few weeks later, a similar scene unfolded: another variant of Blaster was found in the wild. This time it was traced to a college student in Romania who had also left obvious clues to his identity in the code.

This development worries security experts, because it means that virus-writing is no longer exclusively a high-skill profession. By so freely sharing their work, the elite virus writers have made it easy for almost anyone to wreak havoc online. When the damage occurs, as it inevitably does, the original authors just shrug. We may have created the monster, they'll say, but we didn't set it loose. This dodge infuriates security professionals and the police, who say it is legally precise but morally corrupt. "When they publish a virus online, they know someone's going to release it," says Eugene Spafford, a computer-science professor and security expert at Purdue University. Like a collection of young Dr. Frankensteins, the virus writers are increasingly creating forces they cannot control -- and for which they explicitly refuse to take responsibility.

"WHERE'S THE BEER?" Philet0ast3r wondered.

An hour earlier, he had dispatched three friends to pick up another case, but they were nowhere in sight. He looked out over the controlled chaos of his tiny one-bedroom apartment in small-town Bavaria. (Most of the virus writers I visited live in Europe; there have been very few active in the United States since 9/11, because of fears of prosecution.) Philet0ast3r's party was crammed with 20 friends who were blasting the punk band Deftones, playing cards, smoking furiously and arguing about politics. It was a Saturday night. Three girls sat on the floor, rolling another girl's hair into thick dreadlocks, the hairstyle of choice among the crowd. Philet0ast3r himself -- a 21-year-old with a small silver hoop piercing his lower lip -- wears his brown hair in thick dreads. (Philet0ast3r is an online handle; he didn't want me to use his name.)

Philet0ast3r's friends finally arrived with a fresh case of ale, and his blue eyes lit up. He flicked open a bottle using the edge of his cigarette lighter and toasted the others. A tall blond friend in a jacket festooned with anti-Nike logos put his arm around Philet0ast3r and beamed.

"This guy," he proclaimed, "is the best at Visual Basic."

In the virus underground, that's love. Visual Basic is a computer language popular among malware authors for its simplicity; Philet0ast3r has used it to create several of the two dozen viruses he's written. From this tiny tourist town, he works as an assistant in a home for the mentally disabled and in his spare time runs an international virus-writers' group called the "Ready Rangers Liberation Front." He founded the group three years ago with a few bored high-school friends in his even tinier hometown nearby. I met him, like everyone profiled in this article, online, first e-mailing him, then chatting in an Internet Relay Chat channel where virus writers meet and trade tips and war stories.

Philet0ast3r got interested in malware the same way most virus authors do: his own computer was hit by a virus. He wanted to know how it worked and began hunting down virus-writers' Web sites. He discovered years' worth of viruses online, all easily downloadable, as well as primers full of coding tricks. He spent long evenings hanging out in online chat rooms, asking questions, and soon began writing his own worms.

One might assume Philet0ast3r would favor destructive viruses, given the fact that his apartment is decorated top-to-bottom with anticorporate stickers. But Philet0ast3r's viruses, like those of many malware writers, are often surprisingly mild things carrying goofy payloads. One worm does nothing but display a picture of a raised middle finger on your computer screen, then sheepishly apologize for the gesture. ("Hey, this is not meant to you! I just wanted to show my payload.") Another one he is currently developing will install two artificial intelligence chat-agents on your computer; they appear in a pop-up window, talking to each other nervously about whether your antivirus software is going to catch and delete them. Philet0ast3r said he was also working on something sneakier: a "keylogger." It's a Trojan virus that monitors every keystroke its victim types -- including passwords and confidential e-mail messages -- then secretly mails out copies to whoever planted the virus. Anyone who spreads this Trojan would be able to quickly harvest huge amounts of sensitive personal information.

Technically, "viruses" and "worms" are slightly different things. When a virus arrives on your computer, it disguises itself. It might look like an OutKast song ("hey--ya.mp3"), but if you look more closely, you'll see it has an unusual suffix, like "hey--ya.mp3.exe." That's because it isn't an MP3 file at all. It's a tiny program, and when you click on it, it will reprogram parts of your computer to do something new, like display a message. A virus cannot kick-start itself; a human needs to be fooled into clicking on it. This turns virus writers into armchair psychologists, always hunting for new tricks to dupe someone into activating a virus. ("All virus-spreading," one virus writer said caustically, "is based on the idiotic behavior of the users.")

Worms, in contrast, usually do not require any human intervention to spread. That means they can travel at the breakneck pace of computers themselves. Unlike a virus, a worm generally does not alter or destroy data on a computer. Its danger lies in its speed: when a worm multiplies, it often generates enough traffic to brown out Internet servers, like air-conditioners bringing down the power grid on a hot summer day. The most popular worms today are "mass mailers," which attack a victim's computer, swipe the addresses out of Microsoft Outlook (the world's most common e-mail program) and send a copy of the worm to everyone in the victim's address book. These days, the distinction between worm and virus is breaking down. A worm will carry a virus with it, dropping it onto the victim's hard drive to do its work, then e-mailing itself off to a new target.

The most ferocious threats today are "network worms," which exploit a particular flaw in a software product (often one by Microsoft). The author of Slammer, for example, noticed a flaw in Microsoft's SQL Server, an online database commonly used by businesses and governments. The Slammer worm would find an unprotected SQL server, then would fire bursts of information at it, flooding the server's data "buffer," like a cup filled to the brim with water. Once its buffer was full, the server could be tricked into sending out thousands of new copies of the worm to other servers. Normally, a server should not allow an outside agent to control it that way, but Microsoft had neglected to defend against such an attack. Using that flaw, Slammer flooded the Internet with 55 million blasts of data per second and in only 10 minutes colonized almost all vulnerable machines. The attacks slowed the 911 system in Bellevue, Wash., a Seattle suburb, to such a degree that operators had to resort to a manual method of tracking calls.

Philet0ast3r said he isn't interested in producing a network worm, but he said it wouldn't be hard if he wanted to do it. He would scour the Web sites where computer-security professionals report any new software vulnerabilities they discover. Often, these security white papers will explain the flaw in such detail that they practically provide a road map on how to write a worm that exploits it. "Then I would use it," he concluded. "It's that simple."

Computer-science experts have a phrase for that type of fast-spreading epidemic: "a Warhol worm," in honor of Andy Warhol's prediction that everyone would be famous for 15 minutes. "In computer terms, 15 minutes is a really long time," says Nicholas Weaver, a researcher at the International Computer Science Institute in Berkeley, who coined the Warhol term. "The worm moves faster than humans can respond." He suspects that even more damaging worms are on the way. All a worm writer needs to do is find a significant new flaw in a Microsoft product, then write some code that exploits it. Even Microsoft admits that there are flaws the company doesn't yet know about.

Virus writers are especially hostile toward Microsoft, the perennial whipping boy of the geek world. From their (somewhat self-serving) point of view, Microsoft is to blame for the worm epidemic, because the company frequently leaves flaws in its products that allow malware to spread. Microsoft markets its products to less expert computer users, cultivating precisely the sort of gullible victims who click on disguised virus attachments. But it is Microsoft's success that really makes it such an attractive target: since more than 90 percent of desktop computers run Windows, worm writers target Microsoft in order to hit the largest possible number of victims. (By relying so exclusively on Microsoft products, virus authors say, we have created a digital monoculture, a dangerous thinning of the Internet's gene pool.)

Microsoft officials disagree that their programs are poor quality, of course. And it is also possible that their products are targeted because it has become cool to do so. "There's sort of a natural tendency to go after the biggest dog," says Phil Reitinger, senior security strategist for Microsoft. Reitinger says that the company is working to make its products more secure. But Microsoft is now so angry that it has launched a counterattack. Last fall, Microsoft set up a $5 million fund to pay for information leading to the capture of writers who target Windows machines. So far, the company has announced $250,000 bounties for the creators of Blaster, Sobig.F and Mydoom.B.

THE MOTIVATIONS OF THE TOP VIRUS WRITERS can often seem paradoxical. They spend hours dreaming up new strategies to infect computers, then hours more bringing them to reality. Yet when they're done, most of them say they have little interest in turning their creations free. (In fact, 99 percent of all malware never successfully spreads in the wild, either because it expressly wasn't designed to do so or because the author was inept and misprogrammed his virus.) Though Philet0ast3r is proud of his keylogger, he said he does not intend to release it into the wild. His reason is partly one of self-protection; he wouldn't want the police to trace it back to him. But he also said he does not ethically believe in damaging someone else's computer.

So why write a worm, if you're not going to spread it?

For the sheer intellectual challenge, Philet0ast3r replied, the fun of producing something "really cool." For the top worm writers, the goal is to make something that's brand-new, never seen before. Replicating an existing virus is "lame," the worst of all possible insults. A truly innovative worm, Philet0ast3r said, "is like art." To allow his malware to travel swiftly online, the virus writer must keep its code short and efficient, like a poet elegantly packing as much creativity as possible into the tight format of a sonnet. "One condition of art," he noted, "is doing good things with less."

When he gets stuck on a particularly thorny problem, Philet0ast3r will sometimes call for help from other members of the Ready Rangers Liberation Front (which includes Mario). Another friend in another country, whom Philet0ast3r has never actually met, is helping him complete his keylogger by writing a few crucial bits of code that will hide the tool from its victim's view. When they're done, they'll publish their invention in their group's zine, a semiannual anthology of the members' best work.

The virus scene is oddly gentlemanly, almost like the amateur scientist societies of Victorian Britain, where colleagues presented papers in an attempt to win that most elusive of social currencies: street cred. In fact, I didn't meet anyone who gloated about his own talent until I met Benny. He is a member of 29A, a super-elite cadre within the virus underground, a handful of coders around the world whose malware is so innovative that even antivirus experts grudgingly admit they're impressed. Based in the Czech Republic, Benny, clean-cut and wide-eyed, has been writing viruses for five years, making him a veteran in the field at age 21. "The main thing that I'm most proud of, and that no one else can say, is that I always come up with a new idea," he said, ushering me into a bedroom so neat that it looked as if he'd stacked his magazines using a ruler and level. "Each worm shows something different, something new that hadn't been done before by anyone."

Benny -- that's his handle, not his real name -- is most famous for having written a virus that infected Windows 2000 two weeks before Windows 2000 was released. He'd met a Microsoft employee months earlier who boasted that the new operating system would be "more secure than ever"; Benny wrote (but says he didn't release) the virus specifically to humiliate the company. "Microsoft," he said with a laugh, "wasn't enthusiastic." He also wrote Leviathan, the first virus to use "multithreading," a technique that makes the computer execute several commands at once, like a juggler handling multiple balls. It greatly speeds up the pace at which viruses can spread. Benny published that invention in his group's zine, and now many of the most virulent bugs have adopted the technique, including last summer's infamous Sobig.F.

For a virus author, a successful worm brings the sort of fame that a particularly daring piece of graffiti used to produce: the author's name, automatically replicating itself in cyberspace. When antivirus companies post on their Web sites a new "alert" warning of a fresh menace, the thrill for the author is like getting a great book review: something to crow about and e-mail around to your friends. Writing malware, as one author e-mailed me, is like creating artificial life. A virus, he wrote, is "a humble little creature with only the intention to avoid extinction and survive."

Quite apart from the intellectual fun of programming, though, the virus scene is attractive partly because it's very social. When Philet0ast3r drops by a virus-writers chat channel late at night after work, the conversation is as likely to be about music, politics or girls as the latest in worm technology. "They're not talking about viruses -- they're talking about relationships or ordering pizza," says Sarah Gordon, a senior research fellow at Symantec, an antivirus company, who is one of the only researchers in the world who has interviewed hundreds of virus writers about their motivations. Very occasionally, malware authors even meet up face to face for a party; Philet0ast3r once took a road trip for a beer-addled weekend of coding, and when I visited Mario, we met up with another Austrian virus writer and discussed code for hours at a bar.

The virus community attracts a lot of smart but alienated young men, libertarian types who are often flummoxed by the social nuances of life. While the virus scene isn't dominated by those characters, it certainly has its share -- and they are often the ones with a genuine chip on their shoulder.

"I am a social reject," admitted Vorgon (as he called himself), a virus writer in Toronto with whom I exchanged messages one night in an online chat channel. He studied computer science in college but couldn't find a computer job after sending out 400 resumes. With "no friends, not much family" and no girlfriend for years, he became depressed. He attempted suicide, he said, by walking out one frigid winter night into a nearby forest for five hours with no jacket on. But then he got into the virus-writing scene and found a community. "I met a lot of cool people who were interested in what I did," he wrote. "They made me feel good again." He called his first virus FirstBorn to celebrate his new identity. Later, he saw that one of his worms had been written up as an alert on an antivirus site, and it thrilled him. "Kinda like when I got my first girlfriend," he wrote. "I was god for a couple days." He began work on another worm, trying to recapture the feeling. "I spent three months working on it just so I could have those couple of days of godliness."

Vorgon is still angry about life. His next worm, he wrote, will try to specifically target the people who wouldn't hire him. It will have a "spidering" engine that crawls Web-page links, trying to find likely e-mail addresses for human-resource managers, "like careers@microsoft.com, for example." Then it will send them a fake resume infected with the worm. (He hasn't yet decided on a payload, and he hasn't ruled out a destructive one.) "This is a revenge worm," he explained -- for "not hiring me, and hiring some loser that is not even half the programmer I am."

MANY PEOPLE MIGHT WONDER why virus writers aren't simply rounded up and arrested for producing their creations. But in most countries, writing viruses is not illegal. Indeed, in the United States some legal scholars argue that it is protected as free speech. Software is a type of language, and writing a program is akin to writing a recipe for beef stew. It is merely a bunch of instructions for the computer to follow, in the same way that a recipe is a set of instructions for a cook to follow. A virus or worm becomes illegal only when it is activated -- when someone sends it to a victim and starts it spreading in the wild, and it does measurable damage to computer systems. The top malware authors are acutely aware of this distinction. Most every virus-writer Web site includes a disclaimer stating that it exists purely for educational purposes, and that if a visitor downloads a virus to spread, the responsibility is entirely the visitor's. Benny's main virus-writing computer at home has no Internet connection at all; he has walled it off like an airlocked biological-weapons lab, so that nothing can escape, even by accident.

Virus writers argue that they shouldn't be held accountable for other people's actions. They are merely pursuing an interest in writing self-replicating computer code. "I'm not responsible for people who do silly things and distribute them among their friends," Benny said defiantly. "I'm not responsible for those. What I like to do is programming, and I like to show it to people -- who may then do something with it." A young woman who goes by the handle Gigabyte told me in an online chat room that if the authorities wanted to arrest her and other virus writers, then "they should arrest the creators of guns as well."

One of the youngest virus writers I visited was Stephen Mathieson, a 16-year-old in Detroit whose screen name is Kefi. He also belongs to Philet0ast3r's Ready Rangers Liberation Front. A year ago, Mathieson became annoyed when he found members of another virus-writers group called Catfish-VX plagiarizing his code. So he wrote Evion, a worm specifically designed to taunt the Catfish guys. He put it up on his Web site for everyone to see. Like most of Mathieson's work, the worm had no destructive intent. It merely popped up a few cocky messages, including: Catfish--VX are lamers. This virus was constructed for them to steal.

Someone did in fact steal it, because pretty soon Mathieson heard reports of it being spotted in the wild. To this day, he does not know who circulated Evion. But he suspects it was probably a random troublemaker, a script kiddie who swiped it from his site. "The kids," he said, shaking his head, "just cut and paste."

Quite aside from the strangeness of listening to a 16-year-old complain about "the kids," Mathieson's rhetoric glosses over a charged ethical and legal debate. It is tempting to wonder if the leading malware authors are lying -- whether they do in fact circulate their worms on the sly, obsessed with a desire to see whether they will really work. While security officials say that may occasionally happen, they also say the top virus writers are quite likely telling the truth. "If you're writing important virus code, you're probably well trained," says David Perry, global director of education for Trend Micro, an antivirus company. "You know a number of tricks to write good code, but you don't want to go to prison. You have an income and stuff. It takes someone unaware of the consequences to release a virus."

But worm authors are hardly absolved of blame. By putting their code freely on the Web, virus writers essentially dangle temptation in front of every disgruntled teenager who goes online looking for a way to rebel. A cynic might say that malware authors rely on clueless script kiddies the same way that a drug dealer uses 13-year-olds to carry illegal goods -- passing the liability off to a hapless mule.

"You've got several levels here," says Marc Rogers, a former police officer who now researches computer forensics at Purdue University. "You've got the guys who write it, and they know they shouldn't release it because it's illegal. So they put it out there knowing that some script kiddie who wants to feel like a big shot in the virus underground will put it out. They know these neophytes will jump on it. So they're grinning ear to ear, because their baby, their creation, is out there. But they didn't officially release it, so they don't get in trouble." He says he thinks that the original authors are just as blameworthy as the spreaders.

Sarah Gordon of Symantec also says the authors are ethically naive. "If you're going to say it's an artistic statement, there are more responsible ways to be artistic than to create code that costs people millions," she says. Critics like Reitinger, the Microsoft security chief, are even harsher. "To me, it's online arson," he says. "Launching a virus is no different from burning down a building. There are people who would never toss a Molotov cocktail into a warehouse, but they wouldn't think for a second about launching a virus."

What makes this issue particularly fuzzy is the nature of computer code. It skews the traditional intellectual question about studying dangerous topics. Academics who research nuclear-fission techniques, for example, worry that their research could help a terrorist make a weapon. Many publish their findings anyway, believing that the mere knowledge of how fission works won't help Al Qaeda get access to uranium or rocket parts.

But computer code is a different type of knowledge. The code for a virus is itself the weapon. You could read it in the same way you read a book, to help educate yourself about malware. Or you could set it running, turning it instantly into an active agent. Computer code blurs the line between speech and act. "It's like taking a gun and sticking bullets in it and sitting it on the counter and saying, 'Hey, free gun!"' Rogers says.

Some academics have pondered whether virus authors could be charged under conspiracy laws. Creating a virus, they theorize, might be considered a form of abetting a crime by providing materials. Ken Dunham, the head of "malicious code intelligence" for iDefense, a computer security company, notes that there are certainly many examples of virus authors assisting newcomers. He has been in chat rooms, he says, "where I can see people saying, 'How can I find vulnerable hosts?' And another guy says, 'Oh, go here, you can use this tool.' They're helping each other out."

There are virus writers who appreciate these complexities. But they are certain that the viruses they write count as protected speech. They insist they have a right to explore their interests. Indeed, a number of them say they are making the world a better place, because they openly expose the weaknesses of computer systems. When Philet0ast3r or Mario or Mathieson finishes a new virus, they say, they will immediately e-mail a copy of it to antivirus