Iron Man 2 in a Nutshell

I tried to avoid seeing this movie, really I did. Alas, in the end my own human weaknesses undid me; I was invited to it by a cute girl (and her boyfriend) and we all know the rest.

Iron Man 2 is a very Marvel Superheroes story–by which I mean bland, predictable, non-threatening, conservative, and more or less badly writte. The story goes something like this:

WARNING! Plot spoilers below!

Anton Vanko: I can teach you to make an arc reactor out of snow and empty vodka bottles.
Ivan Vanko: Cool. (He FEEDS his BIRD)
(Anton Vanko DIES)
Ivan Vanko: Nooooooooooooooo!! Do not want!
(He FEEDS his BIRD again)
Tony Stark: Yo! You love me, I love me, let’s party!
Tony Stark’s Medical Gizmo: LOL surprise buttsecks. You are dying of palladium poisoning!
Tony Stark: Oh, crap.
Science Consultant: Wait, what? Palladium is an inert metal, like gold and platinum. It isn’t tox–
Jon Favreau: STFU.
Gwyneth Paltrow: I look like crap in this movie. Plus, I’m boring. And I have the charisma of a dead fish. What happened to my career? I used to do cool, quirky movies like Sliding Doors and Shakespeare in Love.
Tony Stark: I will make you CEO of my company.
Gwyneth Paltrow: Okay.
Tony Stark: I like Scarlett Johansson.
Garry Shandling: Give us the Iron Man suit.
Tony Stark: No.
Garry Shandling: Yes.
Tony Stark: No. I created world peace!
Audience: Wait, what? You’re just one guy. You mean to tell me that people who aren’t afraid of an aircraft carrier are afraid of just one guy?
Jon Favreau: STFU.
Tony Stark: I hate Justin Hammer.
Justin Hammer: I hate Tony Stark. Plus, I’m lame.
Tony Stark: I like car races.
Ivan Venko: I like car races.
Tony Stark: Give me the suitcase!
Gwyneth Paltrow: No!
Tony Stark: Hit him with the car again! Break his legs!
Ivan Venko: You will not break my legs.
Tony Stark: Hit him with the car again! Pulverize his pelvis!
Ivan Venko: You will not pulverize my pelvis.
Tony Stark: Hit him with the car again! Break his back!
Ivan Venko: You will not break my back.
Tony Stark: Wait, what? Why?
Ivan Venko: Because this movie has PG rating.
Hit-Girl: My movie Kick Ass has an R rating. By this point in MY movie, I’ve killed more people than Mr. Blonde in Reservoir Dogs, and I’m, like, eight years old or something.
Jon Favreau: STFU.
Tony Stark: Give me the suitcase!
Gwyneth Paltrow: No!
Tony Stark: Give me the suitcase!
Gwyneth Paltrow: Okay.
(Tony Stark takes the SUITCASE, which unfolds and unfolds and unfolds into an IRON MAN SUIT)
Dr. Seuss: You TOTALLY stole that effect from my Star-Bellied Sneetches machine.
Tony Stark: Now I will kick your ass.
(Tony Stark FAILS to kick Ivan Venko’s ASS)
Tony Stark: Nice try. If you would have rerouted the turboencabulator through the main deflector dish, you would totally have pwn3d me.
Ivan Venko: Hello! My name is Ivan Montoyavich. Your father killed my father. Prepare to die.
Tony Stark: Did not.
Ivan Venko: Did so.
Tony Stark: Nuh-uh.
Ivan Venko: Uh-huh.
(The dialog WEDGES for a while, like a last-minute rewrite done by a summer intern in CRAYON)
Tony Stark: This dialog sucks. I’m out of here.
Justin Hammer: I will give you a bird if you give me Iron Man suits.
Ivan Venko: I will give you Iron Man suits.
Ivan Venko: I will not give you Iron Man suits.
Justin Hammer: Wait, what?
Ivan Venko: I will give you killer robots.
Justin Hammer: Okay.
Tony Stark: Is this party jamming or what?
Gwyneth Paltrow: No.
Tony Stark: Is this party jamming or what?
Don Cheadle: No.
Tony Stark: Is this party jamming or what?
Scarlett Johansson: No.
Samuel L. Jackson: Stop eating donuts.
Tony Stark: Okay.
Samuel L. Jackson: Join my team.
Tony Stark: No.
Samuel L. Jackson: Scarlett Johansson is hot. Join my team.
Tony Stark: Her costume needs more cleavage. No.
Scarlett Johansson: This is a PG movie.
Tony Stark: Crap.
Samuel L. Jackson: You need me.
Tony Stark: Do not.
Samuel L. Jackson: Do so.
Tony Stark: Do not.
(The dialog WEDGES again)
Samuel L. Jackson: This dialog sucks. I’m out of here.
Howard Stark: I totally knew fifty years ago that you’d get blown up in the Middle East, end up with shrapnel in your heart, and then surgically implant an arc reactor in yourself. I have the secret to stop you from dying of palladium poisoning.
Tony Stark: Cool.
Howard Stark: Also, I’m Walt Disney.
Tony Stark: Wait, what?
Howard Stark: Anton Vanko helped me invent the arc reactor. I kicked him out of the country because he wanted to make money.
Audience: Wait, what? Aren’t you, like, a bajillionaire industrialist?
Howard Stark:
Tony Stark: Tell me the secret so I don’t die.
Howard Stark: No. I’ll just put a bunch of hidden clues in this big model train set. I sure hope nobody throws it away.
Tony Stark: I brought you strawberries!
Gwyneth Paltrow: I hate strawberries.
Scarlett Johansson: See me radiate an air of mystery and cunning, like Adam Sandler radiates fart jokes?
Tony Stark: Awkwardly, with bad comedic timing?
Scarlett Johansson:
Scarlett Johansson: Yes.
Tony Stark: I don’t like your paperweight.
Gwyneth Paltrow: I like my paperweight.
(The dialog WEDGES again.)
Gwyneth Paltrow: This dialog sucks. I’m out of here.
Scarlett Johansson: This dialog sucks. I’m out of here.
Tony Stark: Hey, look! An old model train set!
(Tony Stark cuts his HOUSE in half with a PARTICLE ACCELERATOR)
Computer Voice: You just created a new element.
Audience: *facepalm*
Science Consultant: Compound. Not element. Compound.
Tony Stark: I just cut my house in half with a particle accelerator. I can call it what I want, four-eyes!
Michael Bay: I want to cut a house in half with a particle accelerator! And then make it EXPLODE!
Megan Fox: You are SO lame. Who do I have to blow to get off of the cast of Transformers 3?
Justin Hammer: Give me killer robots.
Ivan Venko: No.
Justin Hammer: Give me back my bird.
(He TAKES Ivan Venko’s BIRD and his PILLOWS and his SHOES)
Ivan Venko: I’m going to enjoy watching you die, Mr. Hammer.
Justin Hammer: I’m not going to die. PG movie, remember?
Ivan Venko: Crap.
Justin Hammer: Love me, love me.
Crowd of people: You are SO lame.
Justin Hammer: I have killer robots!
Crowd of people: Cool.
Tony Stark: ‘Sup.
Don Cheadle: Yo.
(The KILLER ROBOTS go crazy. They shoot BOMBS and ROCKETS and stuff. Nobody DIES.)
Justin Hammer: I totally didn’t see that coming.
Audience: We totally did.
Scarlett Johansson: Driver, take me to Justin Hammer’s place. I will get undressed in the back of the car.
Scarlett Johansson: You can’t see my tits. This is a PG movie.
Driver: Crap.
Scarlett Johansson: Too bad. They’re magnificent.
The Internet: We know.
(Scarlett Johansson KICKS a bunch of people’s ASSES. Since this is a PG movie, they all live.)
Scarlett Johansson: Hey Tony, there’s another killer robot chasing you.
Obi-Wan Kenobi: That’s no killer robot, it’s a space station!
Ivan Venko: I will kill you now.
Tony Stark: Nuh-uh.
Don Cheadle Nuh-uh.
(Tony Stark and Don Cheadle HIGH-FIVE and knock Ivan Venko over)
Ivan Venko: I will blow up myself and all the killer robots and I will kill you and Gwyneth Paltrow and thousands of other people.
Tony Stark: Nuh-uh. This is a PG movie.
Ivan Venko: Oh, cra–
Gwyneth Paltrow: I don’t like being CEO.
Tony Stark: Let us have a romantic moment full of bad chemistry and awkward dialog, like Padme and Anakin in that one Star Wars movie.
Gwyneth Paltrow: Okay.
Gwyneth Paltrow: This sucks. I’m calling my agent. I need to get out of this movie.
Tony Stark: Too late. Movie’s over.
Gwyneth Paltrow:
Tony Stark: How do you think I feel? I’m a womanizer who never gets laid and a killing machine who never kills anyone.
Don Cheadle: That was the worst romantic interlude I’ve seen since that one Star Wars movie. I’m out of here.
Audience: So are we.

OUCH! SunTrust’s Web site is PWN3d!

I know some of my regular readers have accounts with SunTrust bank. If you do, and you recently received an email telling you that your account records need to be updated, and you clicked on any link in that email, change your account password IMMEDIATELY. It is not necessary for you to have typed in your account username and password at the prompt; the attack can lift the SunTrust cookies from your browser.

You see, SunTrust left a security hole in their Web server; this security hole allows an attacker to use what’s called a “cross site scripting” attack to take control of the pages you see when you browse to SunTrust URLs.

I have confirmed this security hole exists, and have created a quick demo to show how it works. If you click on this link:

Clicky here
[EDIT:] Within 5 minutes of my making this post, LiveJournal’s servers flagged the link as a cross-site scripting link and disabled it. Nicely done! Kudos to the LJ team for making their software aware of hostile links. If you want to try out my demo of the vulnerability, copy into your browser:

you will be taken to the Web site, a legitimate SunTrust Web page.

[UPDATE]: As of Wednesday afternoon, SunTrust’s IT people have fixed the XSS hole.

But wait! What do you see? If the security hole still exists when you visit this URL, you’ll see a red Web page reading “The cross-site scripting vulnerability at IS STILL ACTIVE”. What’s going on?

What’s going on is that can be fooled just by manipulating the URL into loading content from anywhere on the Web, overwriting whatever is supposed to be there. No, I don’t have access to the SunTrust servers directly, and neither does the attacker. What I CAN do is create a Web page with anything I want, and then create a link that causes my Web page to load at in place of what is supposed to be there. And, if I wanted to, I could also read SunTrust cookies stored in your browser as well, presumably including login cookies if you have ticked the “remember me” checkbox on SunTrust’s login page.

In English, that means you can not trust anything you see displayed at, even if you are 100% positive that the URL of your browser is in fact It is trivial to create malicious links that change the content displayed at, as I haveshown in my example. This security hole is currently being used in a “phishing” attack that shows you what looks like a perfectly legitimate login page at, but is in fact a page under the control of the hacker on a hacked Web server in Australia.

Technical details under the cut hacked by GHoST61

Last week, I was on a Web forum where someone taked about his Web site being defaced. He’d been running an insecure install of phpNUKE without keeping on top of security patches, and his site was taken down and replaced with a page reading “Hacked by GHoST61” and a picture of the first president of Turkey.

I did some investigating, and discovered that GHoST61 is a prolific Turkish hacker who defaces Web pages in a very characteristic way; he or she replaces the home page with the message “Hacked by GHoST61” and sometimes a picture of the Turkish president, sometimes a missive against the Iraqui war, and sometimes a combination of both.

GHoST61 generally strikes me as being more of a script kiddie than a serious, knowledgable hacker. A Google search for the phrase “Hacked by Goost61” currently turns up about 30,000 results, the majority of which look like sites running old, outdated, insecure installs of phpNUKE, Drupal, ZenCart, osCommerce, or other server apps with known security holes. The attacks are probably automated, with point-n-drool tools that search for known vulnerabilities in popular Web application and content management packages.

In other words, GHoST61, whoever he or she is, mostly goes after low-hanging fruit.


Just because it’s what I do, I started wading through the Google results and checking to see where the hacked sites were hosted. And I found something of a surprise.

I checked several results, and found the majority of them were living on a single ISP, (which does Web hosting under the names iX Web Hosting and

Curious, I kept digging, choosing random Google results to examine (in case the order of the Google results were determined by time, and the hacker just happened to be searching in IP space belonging to recently). What I discovered was that the majority of hacked sites all across Google’s results, by a large margin, were hosted in the same place.

The next thing I thought was that it could be simply a question of the ISP’s size. After all, if the Web sites that had been defaced were spread out evenly across many ISPs, and one ISP hosted a million sites whereas another ISP hosted only ten thousand sites, I’d expect to see more hacked sites hosted on the larger ISP, right?

But this didn’t hold water, either. The ISP advertises that it hosts about 500,000 sites. Much larger Web hosting companies such as Peer 1 hosted a far smaller number of hacked sites.

So I started counting. I grabbed a bunch of Google results at random, looked to see who was hosting them, and recorded the results. Here’s what I found (number of hacked sites on the vertical axis, Web hosting company on the horizontal axis):

It seems to me that has a problem here. While GHoST61 will hack vulnerable Web sites with security holes no matter where they’re hosted, there is a very, very large cluster of hacked sites living on servers.

This may indicate that doesn’t enforce good security practices, or that is slow to respond to hack attacks. Or it may indicate a more systemic problem at, such as some sort of server-level vulnerability that allows easy penetration of many of their Web sites.

Whatever the problem, it definitely appears that has some sort of issue here.

Some thoughts on transhumanism and race cars

Back in the days when I worked prepress for a living, one of the jobs I worked on was a magazine called Vinage Motorsport magazine. It appears the quality of their design has gone downhill from those days, if the ugly layout of their Web site is any indication, but I digress.

Anyway, one of the issues of Vintage Motorsport I worked on was dedicated to a race car driver named Jim Hall and a race car production house called Chaparral Cars.

Chaparral was kind of the Scaled Composites of the auto-racing world, turning out radical, weird-looking vehicles that resembled nothing else on the race track. I’ve never been much into sports in general and I particularly detest automobile racing, but the story of Chaparral Cars is really interesting nonetheless.

This is actually a post about transhumanism, not race cars. Bear with me, I’m getting there.

Jim Hall and Chaparral Cars competed in an old, now-defunct racing circuit called the Can-Am Challenge Cup. The Can-Am series was quite different from other race car series, such as the Formula 1 series, in that it had a no-holds-barred, “anything goes” approach to race car designs.

Cars entered in Can-Am races had to have four wheels, the wheels couldn’t be totally exposed, they had to have two seats, and they had to bedriven by an internal combustion, reciprocating engine–no jets or rockets.

Other than that, anything went. There were no limitations on the size of the engines or the cars, the technology used by the cars, or pretty much anything else. If it had two seats and an internal combustion engine, and met basic safety requirements, it was legal.

Which I think is pretty interesting.

Back in the mid-60s, when the Can-Am first started, the state of the art in race cars wasn’t particularly advanced. Little was known about aerodynamics, and many of the design elements we now take for granted in race cars (high spoilers, for example) didn’t exist.

The Can-Am was a playground for radical new automotive designs, and the Chaparral team went nuts. They were among the first car designers to include elements for aerodynamics; the Chaparral 2E was the first car to introduce a high spoiler and a nose designed for aerodynamic downthrust, both of which are now standard parts of nearly every race car in the world.

The problem with race cars isn’t necessarily in raw horsepower, so much as it is in getting that power onto the ground. Cars vaguely resemble airplane wings, and they generate lift as they move. The faster they go, the more lift there is; the more lift, the less force holds the wheels to the ground; the less force holds the wheels to the ground, the more the wheels tend to spin out and the car ends up all over the road. It does no good to have a 700 HP engine if the wheels are just spinning when you step on the gas.

The Chaparral designs all aimed not to improve horsepower but to make the cars stick to the road better. After the success with adding wings and dams to help guide airflow and keep the car stuck to the road, the design team got more and more radical (and weirder and weirder); later cars featured moveable wings bolted right to the axle rather than to the car’s body, which would tilt up to increase downward thrust when the car was cornering and tilt down to decrease drag on straightaways.

These cars look pretty ordinary to modern eyes, but back in the day, they were radical–nothing else like them existed. The designs succeeded very well. Rather too well, really.

In the late 1960s, the Can-Am body started to turn away from its “everything goes” philosophy, and outlawed the use of moving aerodynamic structures and the use of wings affixed directly to the rear axles rather than the car’s body.

Chaparral rose to the challenge with the 2J, which had no wings or spoilers at all and is arguably one of the weirdest race cars ever built:

You’ll probably notice the weird jet-engine-looking thing sticking out the ass end of this car. What you’re seeing is a pair of powerful fans powered by a snowmobile engine. The fans suck air from under the car, creating a suction so powerful that when they’re going at full blast, the car can actually stick to the ceiling.

Needless to say, the car didn’t need wings or spoilers or other tricksy features. It could corner so fast the driver’s head tended to get whacked up against the roll bar on the inside of the cockpit. It set a record at the Chaparral test track that’s never been broken.

In fact, it was so successful that Formula 1 designers took note, and applied the same concept to a Formula-1 car, the BT46B:

And then something predictable happened. Rather than competing on innovation and engineering, other race teams complained to the various racing bodies about these designs. The BT46B raced once (and won handily) before being outlawed by the FIA. On the Can-Am side of the circuit, the other drivers–apparently forgetting the entire point of the Can-Am circuit– complained that if the Chaparral 2J design wasn’t outlawed, Chaparral would dominate the series and nobody else would be able to compete. The Can-Am body outlawed the 2J design shortly thereafter.

And in my opinion, racing got a whole less interesting.

But all that is just the prequel. It isn’t what I really wanted to talk about.

What I actually came her to talk about is the Olympics.

The Olympics is this sporting thing that’s supposed to be all about testing the limits of human athletic achievement, or something like that. Every two years, the world’s most accomplished athletes gather together to compete in sports like running, swimming, swapping votes for figure skating, bribe-taking, ping-pong, and sweeping ice with a broom. (There’s also the competition to see how fast a bunch of world-class athletes can go through a pile of 50,000 condoms, but they don’t award medals for that, apparently.)

Human society, technology, and culture change, and the Olympics strives to change with it. That’s why athletes no longer compete naked, the games are open to professional athletes, the sacrifices to the god Zeus have been phased out and replaced with burnt offerings to the gods of Marketing and Branding, and sports like Tae Kwon Do, Vollyball, Piss Into a Cup, and the popular Prove You’re Really a Woman have been added to the roster.

In 2008, the International Olympic Committee showed there were limits to how far it would go, when it took time off from accepting bribes from host cities to rule that amputee Oscar Pistorius could not compete in the Games on the grounds that having no legs gave him a clear advantage over his less-advantaged fellow athletes.

I’ve talked a couple of times before about how I feel about the intersection of ability, disability, transhumanism, and body modification, but never directly in the context of sports before.

I’ve been thinking quite a bit lately about the old Can-Am races. Before they disintegrated into cries of “We aren’t as clever as our opponents; someone make rules against their cleverness!” they were a very interesting playground for motor sports, the one place in all of racing where people could really explore the question “How fast can be make a race car go, anyway, if we really put our heads to it?”

Nominally “disabled” athlete Aimee Mullins, who mentions in her brilliant TED talk that a friend of hers said “that’s not fair!” when confronted with Ms. Mullins’ interchangeable legs, discusses some of the issues around turning a disadvantage into an advantage. I’d like to take that idea and run with it.

What would happen if someone were to do to the Olympics what the Can-Am did to motor sports?

The way I picture it is something like this: Wheels are not allowed. Assistive power devices are not allowed; all the energy used by an athlete must be generated by his or her own body, and powered by his or her own muscles. Other than that, anything goes.

A runner wants to run the 250-meter dash on six-foot carbon-fiber stilts with springs built in? Have at it! Another runner comes up with an implant that superoxygenates her blood? Sounds good to me! Let’s see what the human body is really capable of, when we start pushing the design limits.

As it stands right now, new world records are usually set by fractions of a second. The old world record for the 100-yard dash is 9.0 seconds? Pish-posh! Let’s see if we can cut that down to 7.2. As long as you do it with human muscle power, sans boosters or wheels, it’s all good.

When I first mentioned this idea to zaiah, her concern was that athletes competing in such a game might do things like use steroids or remove their limbs to replace them with upgrades, and she was worried about the damage that otherwise healthy people might do to themselves competing this way.

Which, to be honest, I don’t see as a problem.

Professional NFL football players, who tend to be quite wealthy and arguably have access to some of the world’s best health care, have a nominal life expectancy of between 52 and 55 years. Playing football, in a literal way, cuts 20 years off their life span. Yet we as a society, and the players themselves, see this as perfectly acceptable.

Football and hockey players live with the long-term effects of repeated concussions, which lead to high rates of dementia later in life. Pro boxers even get their very own form of brain damage.

I think it’s interesting that we, as a society, find these consequences of professional competition hardly worth a second thought. There are risks in any sport; people make choices that can have negative consequences all the time, and not just in the arena of sports.

The advantage that I see to something like a Can-Am of Olympic sports, though, is that the playground of technology that such an event represents can and probably would have significant benefits for people who aren’t athletes. Technologies, drugs, and implants that might make better athletes, might also have applications in everything from reconstructive joint surgery to treating angina. The shape, and fuel economy, of your car can probably trace its roots back to some of the Chaparral design experiments.

Besides, a 7-second hundred yards would be pretty cool. And it would blur, even more, the fuzzy and sometimes arbitrary definitions of “normal” and “disabled.”

One could reasonably that the American lifestyle, with its high-fructose corn syrup, largely sedentary jobs, poor indoor air quality, and abhorrence of exercise, is an experiment in producing the most pessimal possible physical conditioning. Wouldn’t it be interesting to see what could happen if we applied the same principles to the most optimal?

The wolf in the back yard

This weekend, some friends decided to host a party. These particular friends have a pet timber wolf, and wanted some place to keep her during the party, so zaiah volunteered to wolf-sit for the weekend.

Wolves are big. Bigger than I thought. This wolf, Raksha, is also such a sweetheart, and curled up at my feet while I worked on the computer. Some days, I feel like I’m just an expensive suit and a volcano lair away from being a supervillain.

Clicky for more!