Internet Explorer，智能鎖 - CS50播客，第4集。 (Internet Explorer, Smart Locks - CS50 Podcast, Ep. 4)

字幕列表影片播放

[MUSIC PLAYING]
ANNOUNCER: This is CS50.
DAVID MALAN: Hello world.
This is the CS50 Podcast, episode 4, zero indexed.
My name is David Malan.
And I'm here with CS50's own Colton Ogden.
COLTON OGDEN: David, I'm curious what the first browser that you ever used
was.
DAVID MALAN: It was probably like Netscape 1.0 or something.
COLTON OGDEN: Netscape Navigator?
DAVID MALAN: Maybe, or even one of its predecessors,
one of the very first prototypes of a browser.
But it was old school for sure.
COLTON OGDEN: This would have been on a Windows computer.
DAVID MALAN: Gosh, probably.
Well, I started off life using Macs, and then I
switched I think in college to using PCs and windows.
And then, eventually, I think after a few years of teaching CS50
did I switch back to Mac.
So--
COLTON OGDEN: I think the meme is that there are
a lot of browsers that have come out.
There are a lot of popular browsers these days--
Chrome, Firefox, Opera, Edge.
On that list is not a particular browser of quite a bit of infamy,
that browser being Internet Explorer.
DAVID MALAN: Yeah, that one proved the bane
of most developers' existence for some time
because it was just so non-compliant when it came to certain standards.
And Microsoft really did its own thing with various interpretations
of the HTML and/or CSS specs.
I remember even we had struggled with that for some of our own web apps.
Like you'd get it working on Firefox.
You'd get it working on Chrome.
You'd get it working on Opera.
But, damn it, it doesn't actually work as you expect
in IE, especially IE6, version 6.
COLTON OGDEN: Indeed.
I mean, we used to even use BrowserStack internally, which is a website that you
can test on multiple--
you can sort of look in a browser and see
it working on multiple actual browsers.
DAVID MALAN: Yeah, no, and that was in large part because of that,
especially if a lot of us develop here on Macs.
And so it wasn't really easy to run Internet Explorer, let alone
any Windows-based browser.
But, yeah, we had some third-party help with that, which was handy.
COLTON OGDEN: Yeah, and IE6 was the particular offender because they did
have IE7.
They did have IE8.
And, from what I remember, they improved on some of the noncompliance
that IE6 sort of bore at the time.
But what's funny is this week, in doing some research for the podcast,
I came across an article--
a blog post, rather, by Chris Zacharias.
DAVID MALAN: Yeah, no this was wonderful--
"Conspiracy to Kill Internet Explorer 6."
COLTON OGDEN: Indeed.
He is a former YouTube employee.
And this is back in 2009-ish.
And, back then, I mean YouTube was huge.
You know, it started around 2005, 2006, but 2009 was really
when it started to kick off.
DAVID MALAN: Yeah, and I think, as the story goes,
they had just been YouTube acquired by Google.
And they were in the process of being integrated into Google's
own software-based workflows.
But enough of the developers on the YouTube team
were just completely fed up it seemed with having
to support IE6, which was still a non-trivial percentage of their user
base.
And I think, understandably, YouTube and presumably in turn Google
didn't want to deprecate support for IE6 because there's
a lot of employees at companies whose systems are pretty locked down.
There's teachers in schools whose computers are pretty locked down.
So there's a lot of users out there who can't just follow your instructions
to update to another browser.
They need like the IT department to actually do it for them.
So I was an understandable business concern.
But, as I understand it, the developers wanted nothing to do anymore with IE6.
And so they started sneaking into YouTube's own code base
a little banner advert essentially urging
IE6 users to upgrade to any number of suggested other browsers.
And they gave some direct links.
COLTON OGDEN: Yeah, no, it was pretty crazy.
And one of the stories that Chris even talked about in his blog
is empty source tags in images would just
load whatever the document root was.
And this would have the effect of essentially recursively loading,
similar to an iframe, all of the server's contents.
DAVID MALAN: Yeah, and that was just one of the bugs
I think that kept tripping them up.
COLTON OGDEN: And that one had the--
from what I remember reading, it actually
could cause blue screens of death on Windows machines.
DAVID MALAN: Yeah, no, I believe it.
And I'm amazed that bugs like that persist.
And, even if they do eventually get fixed though,
if you have a lot of systems out there that are not 100% up to date,
then you're stuck dealing with these kinds of issues.
But what was funny, I thought, about the blog post disclosure years later,
after which they couldn't really get all that into trouble,
presumably, was how, coincidentally, the Google Docs team had recently
started advertising a similar message on top of Google Documents,
which of course was already owned by Google.
And that too was encouraging users to upgrade
to a newer version of a browser.
So they kind of snuck in under the radar there, but, even when it was detected,
it sounds like there was some internal tensions with the lawyers,
with the managers.
But, in the end, it kind of worked out OK.
But it's kind of a fascinating--
I think, if you take a step back at it, it's
kind of a fascinating risk for any company.
Unless you are constantly auditing your own lines of code,
or you have really a robust process in place,
it's possible for one or a few developers
to slip something past the others, for better or for worse.
Now this seemed to work out for the best in the end.
In fact, I think you noted IE's usage plummeted actually,
coincidentally or causally, after this particular change because YouTube
was so popular.
But you could imagine some adversarial employees
using this power of the ability to change their code base for more
evil purposes, if you will.
COLTON OGDEN: Yeah, and, on that note, I can certainly
understand why companies, especially as large as Google or Facebook,
want to instate these code review processes and ensure that this doesn't
happen and to make sure there are no sort
of committing back doors to production, directly to production, so to speak.
DAVID MALAN: Yeah, absolutely.
We just spoke recently about a new feature
that you can use on sites like GitHub where
you can have the notion of code ownership
so that, if a colleague changes a particular file or a line of code
really that you or I wrote, we can actually
have the whole pipeline notify us before that change to code is approved.
But it seems like the YouTube team here benefited from a bit of superpowers
when it came to who could actually push code,
probably some changing processes because it's not that easy presumably
to integrate an acquisition like YouTube into Google.
So they had this window of opportunity where they were actually
able to do something very developer friendly, but not necessarily
managerial or lawyerly friendly.
COLTON OGDEN: Indeed, I like to think it turned out well in the end.
DAVID MALAN: It did.
In fact, no one really worries about IE6 anymore,
let alone IE, which has now been replaced by Edge.
And even Edge now is based in part on the same core processor
that essentially Chrome itself is.
So things are starting to converge perhaps, which is interesting.
COLTON OGDEN: Indeed.
And I mean even modern browsers aren't immune to sort
of some of the issues that plague--
I guess any software at large, you know, every piece of software
is susceptible to issues.
In particular, this week, Firefox had a major issue over the weekend.
DAVID MALAN: Yeah, I heard that someone didn't
renew their certificate, so to speak.
COLTON OGDEN: Indeed.
So Firefox ships with a certificate that sort of basically
verifies that the add-ons that are installed onto the browser
are verified by Mozilla as being legitimate and not malicious.
And it turns out that they forgot to renew that certificate over the weekend
or by the weekend's arrival.
And, therefore, all Firefox users sort of over time,
because it doesn't happen immediately, but, within about a 24-hour period, all
of their add-ons were no longer functioning.
DAVID MALAN: I know.
And that's a pretty big deal because the people are
relying on add-ons or extensions or plug-ins,
however you want to think about them.
To have all of your features stop working
is not that exciting or not that good.
And I should concede that this is a not uncommon problem.
At least, I like to think I'm in good company
here because I have, for instance, been guilty of not renewing
some of our certificates in time.
In fact, this happened just a few months ago
where one of our certificates for CS50's website, so similar in spirit
in that these things too have an expiration date just like code signing
certificates can, I had set a reminder to actually renew this certificate.
And I thought we had migrated all of our certificates
to an auto-renewal process on Amazon's cloud platform.
And so I literally kept ignoring, ignoring, ignoring the email reminders
that I was being sent because I thought we had automated it all.
But, nope, it turns out that one certificate was not
yet configured to auto-renew.
And so, at the stroke of midnight or whatever it was,
the darn thing stopped working.
We and some of our students noticed.
And, thankfully, it only took a few minutes to fix,
but it turns out that constant email reminders and a Google Calendar
reminder is not sufficient, at least when I'm in charge of the certificates.
COLTON OGDEN: Yeah, no, problems like that are somewhat easy to solve.
Unfortunately, Firefox had some problems because their certificates
were actually deployed with the browser itself.
They had to remote deploy a new certificate
through their sort of system called--
what's the series called?
I think it's called series, actually.
I don't think I wrote it down here.
But the system is called Normandy.
And they have a system that allows them to actually
remote deploy the new certificates.
Or, actually, well, it lets them perform research studies.
Studies was the name of it.
They have a tool called Studies, which allows them
to remote deploy and remote test sort of behavior in folks' browsers.
And this allowed them to ship a new certificate, which
they signed because this is actually technically an add-on, this feature.
They signed this with a new certificate that they then
shipped with this feature.
DAVID MALAN: I see.
COLTON OGDEN: Yeah, but it's interesting that, somewhere in the process,
there's presumably someone who had set a reminder that didn't quite go off
or didn't quite get noticed.
So it happens to the best of us, perhaps.
DAVID MALAN: Yeah, thankfully, Mozilla, in their blog where they sort of break
down this process, a-la how Facebook recently broke down
how their passwords were stored in plain text, they outlined sort of the ways
that they got this right, I guess, in fixing the problem,
but they also did disclose the issues that they faced
and ways that they would approach making sure that it doesn't happen again.
COLTON OGDEN: Yeah, no it was really, to their credit,
a nice post-mortem online, so to speak, which is worth reading.
If you go to hacks.mozilla.org, you can find it under the May 2019 listings.
DAVID MALAN: Indeed.
We don't really use Chromebooks here at CS50,
but we have some of them lying around.
We've seen some folks using them, but Chromebooks
have up to this point, up until fairly recently,
been a fairly limited operating system in as much
as they're essentially Chrome on a computer.
COLTON OGDEN: Yeah, dedicated.
So it's meant to be used really only in cloud.
There isn't any client-side software or at least the appearance
thereof, even though there actually is, even
though it supports Google Docs and Gmail and Google Calendar
and some other apps too that can be used offline.
But, of course, you can't actually send and receive
mail and other such notifications if you're actually offline.
So it's kind of a product that's a little ahead of its time.
I mean, honestly, I do think it's kind of inevitable that we'll
see more of this once you have omnipresent internet access,
both on the ground and in the sky and elsewhere on Earth, so to speak.
But what's interesting is that underneath the hood
is an underlying Linux-based operating system that traditionally hasn't really
been exposed.
It really is meant to be more of an appliance of sorts,
an internet appliance.
But now I gather that you'll actually be able to run Linux on these things
so much more easily than in the past, which is great for power users who
want access to pretty cheap hardware, but, nonetheless,
with the ability to do something with Linux on it.
DAVID MALAN: Indeed.
Yeah, now folks will be able to actually fire up a terminal
and interact with a Linux kernel.
And it is actually called Termina.
It runs on a VM.
But the Linux kernel is actually directly interfaced
with Chrome OS itself.
And, in this case, therefore, you can pull up graphical applications
and use them directly on Chrome OS like you would use on a Gnome or the like.
COLTON OGDEN: Yeah, and, to come back to price too, what's
been compelling historically about Chromebooks
is that you can get a decent computer for like $100, $200.
And that's really compelling.
In fact, there's some school districts, certainly in the US and presumably
abroad, that actually have their students use Chromebooks
because it's so much more of an economical approach
to equipping kids with hardware for the classroom.
Of course, the catch is-- and we've encountered this with some
of our students out in more rural areas--
they are sometimes allowed by their schools to take the laptops home,
but they can't actually use them very much
because, if they don't have internet access and, therefore, Wi-Fi at home,
it's not all that useful a device except for, of course, purely offline access.
But letting people actually use it for multiple purposes now I think
is pretty compelling, especially given those price points.
DAVID MALAN: Indeed, and, to your point, I
mean I think it is pretty inevitable that we do have internet, even
commoditized like utilities maybe eventually in the future just given
how essential it is to modern life.
But I can see, prior to maybe the last couple of years,
it's not guaranteed that you'll always have internet access everywhere you go
and that it'll be quality internet access.
But, for those folks out there who are trying to learn more about computing,
learn more about Linux, I mean it's a great device, kind of device.
And there's a bunch of different versions
made by bunches of different companies.
It's a great device to kind of hack on and sort of just
play around and learn the ropes.
Back in the day, when I was growing up, I
used to use actual little tower computers because there weren't really
laptops in as great supply, let alone at those price points.
They were much more expensive, but it's a great device
to just learn and play on I would say.
COLTON OGDEN: I think I've seen one of those desktops lying around somewhere.
DAVID MALAN: Yeah, we still have them in the corner somewhere for parts.
COLTON OGDEN: Well, awfully coincidentally, though,
Microsoft, it turns out, for Windows 10, they're
going to be shipping a full Linux kernel with their Linux subsystem,
Windows' subsystem for Linux.
DAVID MALAN: Yeah, you know, Microsoft, to their credit,
has really gotten a lot more accommodating of Linux-type usage,
previously with Windows 10, the earlier incarnation of it,
just being able to run Bash, a so-called shell program,
so that you have a much better command prompt than the actual software called
historically Command Prompt, which, in yesteryear, was an actual DOS prompt--
so terribly limited.
I mean my god.
In like Windows XP and I think even later,
you couldn't even copy-paste in the program very easily by default.
And this is in stark contrast to like any X Window interface on Linux
or Unix or Solaris or even on macOS.
So they just really didn't adapt for this.
And, frankly, given just how powerful it is
to have a command-line interface on a Mac or a PC or a Linux Box,
it just seemed very silly to sort of expect
users to go to third-party utilities and not
to optimize for what a lot of power users and certainly developers
might want.
COLTON OGDEN: Indeed, it is kind of a barrier, especially when
so much documentation online too for developers
is catered towards Linus environments.
DAVID MALAN: Yeah.
COLTON OGDEN: To their credit, to your point,
they just announced the Windows Terminal, actually,
which is an upgraded terminal.
So it won't be replacing the Command Prompt.
For legacy purposes, they want to ensure a backwards compatibility
for so much software that relies on it, but they
will be releasing this as a separate application that folks can download.
And it actually looks quite pretty.
It looks really nice.
DAVID MALAN: And, hopefully, it'll improve the performance too
for people, which is compelling as well.
COLTON OGDEN: Indeed.
Yeah, it's nice to see sort of this, I guess, all these companies
embracing Linux and really sort of bringing their computers
to a more usable I guess, end point.
DAVID MALAN: I guess so.
Though, I feel like we're going to invite some religious debate there
if we claim it's more usable, but I do agree.
COLTON OGDEN: For developers, I should say for I
guess in a development environment.
DAVID MALAN: Yeah, absolutely.
I think there's great power that comes with the command line
and just making it more user friendly.
And there's decades of experience and expertise
when it comes to all of these shell-based systems that
might as well, I think, make it easier for people to use them still.
COLTON OGDEN: Indeed.
Have you heard of a KeePass?
DAVID MALAN: I maybe had, but I really heard about it
in the context of what I think you're about to tell us about.
COLTON OGDEN: Yeah, so KeePass in an open-source password manager.
And they are hosted at keepass.info, which
an interesting choice for a domain name.
DAVID MALAN: Oh, yeah.
It sounds legit.
COLTON OGDEN: Well, it turns out that keepass.info is legit,
but keepass.com is not legit.
DAVID MALAN: Yeah, I gather keepass.com, the illegit site,
actually has had and maybe still has some malware built into it.
So it's malicious software that you are duped into installing.
And yet, the site, I actually pulled it up before the podcast today.
It actually looked pretty legit.
And, if you search for just KeePass, K-E-E-P-A-S-S, and hit Enter,
thankfully, the first hit is indeed the legit one, keepass.info.
But I think, for my browser, third or fourth among the search
results on Google was keepass.com, which is the illegitimate site.
So you can't even use Google search results necessarily
as a compelling signal as to which one is the official one when
they're so close together, frankly.
COLTON OGDEN: Yeah, it's kind of alarming.
And there's a point here about I guess the responsibility of,
as a developer, as a company, making sure
that you purchase the right domains for your application to reach the most
users without giving room to nefarious actors to I guess kind of trick users
into thinking that they're you.
DAVID MALAN: Yeah, no, this is a tricky one
because often there's squatters, people who
have bought domain names in anticipation of other people wanting them.
And I can only guess that keepass.com was
taken when the authors of the software decided to get keepass.info.
But, honestly, there's so many TLDs or Top-Level Domains now, hundreds,
you certainly can't afford, most people, to get all of them-- so keepass.com,
keepass.org, keepass.net, and the like--
just to kind of protect yourself.
And even then you're vulnerable to typographical errors, even
malicious ones.
We, for instance, in a class I used to teach
used to talk all the time about bankofthewest.com,
which is the legitimate website for a bank out west in the United States.
But someone very cleverly years ago bought bankofthe V-V-E-S-T .com, which,
in a small font, looks like Bank of the West--
I can't even pronounce it now-- because two Vs together, of course,
look like a W.
And, honestly, at that point, especially if that one
happens to bubble up in search results for whatever reasons,
is even harder to spot as well.
So this is kind of a fundamental challenge, I think,
when it comes to distinguishing legitimacy on the web.
COLTON OGDEN: I feel like I've seen this too with like the Russian alphabet has
a Y, but it's actually an "oo."
It's an "oo" character.
DAVID MALAN: Yeah.
COLTON OGDEN: And I feel like I've seen this in URLs.
Like you can actually get tricked if the URL has
that character in the place of a Y, like yahoo.com with that character.
It's actually not technically the same character.
It's an Unicode character.
DAVID MALAN: No, and, thanks to Unicode, there's
so many variants that there's actually other characters that
look quite like the typical English alphabet that
might trick folks like you and me.
And I used to advise students that, all right,
if you're not sure what the address of the URL, at least
rely on your search engine.
So search for the name of your bank, or search for the name of this product,
KeePass in this case, and see what bubbles up.
And, granted, the first hit is indeed the legitimate one,
but you could imagine, if keepass.com gets talked about enough, and somehow
the owners of that site sort of game the system in enough ways
that their result bubbles up above the legitimate one,
you could trick users even then.
So, frankly, at this point, I'm wondering how do you avoid this.
You kind of want to maybe start poking around in various articles,
maybe in tech blogs or tech websites, and see what some legitimate authors
are recommending people do.
And, hopefully, they haven't been duped.
And, if you see the same URL appearing again and again on websites that you
do trust, various news outlets or blogging sites, then
at least that's one additional signal you can take into account.
But then I dare say you as the human are reinventing
what Google calls page rank where you're sort of analyzing in your mind
the number of people that are all recommending this particular URL.
And so with high probability it must be legit.
I mean, frankly, that's what the search engine is supposed to do,
but, clearly, those results can be gamed,
as we're seeing here on my own browser.
COLTON OGDEN: I don't know if Google does already,
but having some sort of flag for a malicious website
such that it shows up very blatantly with maybe some red div or some red tag
somewhere that says this site is reportedly nefarious.
DAVID MALAN: Yeah, they do do that sometimes.
And I don't know in this case.
Is keepass.com intentionally being malicious,
or was it compromised such that it's now distributing malware
because someone got into it?
COLTON OGDEN: Well, it turns out that there are a lot of other similar sites
recently within the last 10 months that look very identical to this website.
DAVID MALAN: Oh, interesting.
COLTON OGDEN: 7-Zip, BlueStacks, UNetbootin, and GIMP,
which is a very popular image editor, Snapseed, and a bunch of others--
10 months this has been going on.
It's a pattern that the--
actually, this was originally revealed in the form of a tweet by berkcgoksel.
And they show this and reference the other web pages.
DAVID MALAN: Interesting.
Now there is a solution in the SSL world where
you have a security certificate for your website
that, if you pay for an expensive enough one,
browsers will actually show you a verified signal
with an additional padlock or check mark in the browser's URL
bar indicating that this belongs to Bank of the West comma Inc
based in Seattle, Washington or wherever they happen to be or California.
And that's an additional signal, and they do charge more for it
to do the additional verification.
But, of course, all it takes then is for an adversary with a few dollars
to spend to actually buy one of these same legitimate ones
somehow and still trick users into clicking it.
So it's a real problem of trust, which is sort of omnipresent on the web
and ever more so with examples like this.
COLTON OGDEN: And ever present in our podcasts.
DAVID MALAN: Indeed, and even in the real world.
In fact, you came across an article recently,
if we might transition to the physical world, where
some tenants in an apartment building were
upset that the owner of the building had installed
not physical key-based locks, but rather digital locks that required
an app in order to unlock your door.
Now, at first glance, I think this sounds fantastic.
I mean it's kind of cool.
It's trendy.
You can unlock the door from your phone.
Maybe there's food being delivered, and you
won't have to go all the way downstairs to let them in.
So there's a lot of like compelling use cases for this,
but this is also a potential invasion of privacy
because now the owner of the building knows exactly who is coming
and when and what time of day and how frequently or how infrequently,
not unlike a hotel.
But, in this case, these are people's homes
that they're paying for or renting.
And, therefore, it's a little more worrisome that someone can effectively
then track all of their movements.
COLTON OGDEN: Yeah, and funny too, KeePass, we talk about digital keys.
And now we're talking about physical keys.
The main issue with this is definitely that it's
putting the power into the people that are leasing the building,
like an unjust amount of power.
And, thankfully, the court decided that it was in the favor of the tenants.
The tenants actually won a settlement.
They ended up suing the landlords for invasion of privacy
and other difficulties related to this whole process,
one of them being, for example, one of the tenants was actually 93 years old
and couldn't leave their own room because they were locked in.
And they couldn't figure out how to use the app, which
would have been circumvented had they had just a basic physical key to open
their door with.
DAVID MALAN: Yeah, absolutely.
And I think, I mean, even if just your phone dies because it's out
of battery-- you don't have it with you--
I mean, there's other reasons where this would be annoying.
Now, to be fair, that could happen with physical keys as well.
So I'm inclined to say that maybe the happy medium is
to have both, physical key as well as the digital key.
But the catch is physical keys have been insecure for years.
Locks can certainly be picked, more so physically perhaps than digitally,
especially if you have some software-based defenses in place,
much like iPhones and Androids do these days.
And, of course, there's probably a whole lot of locks
out there such that, when a tenant moves, and someone else moves in,
the old tenant may very well have copies of those original keys
because a lot of landlords probably don't
bother spending the money to change the locks every time someone new moves in.
So it kind of goes both ways.
It's arguably more secure in some ways, but it's less secure in others.
But it's hands down more invasive because your movements
are being tracked.
Now, then again, you can imagine CCTVs and just
security cameras also violating that same tenant,
but, again, this seems like an interesting tension
when it comes to sort of convenience and user experience
and also privacy and security I'd say.
COLTON OGDEN: Yeah, and, at least with a CCTV,
the onus is on the landlord to actually spend all that time looking
at the video if they want.
I mean, I guess they could use sensors probably to programmatically figure out
when people go in and out of a place.
DAVID MALAN: But software can do this a lot quickly, you know?
You could have a little alert saying ho, ho, ho.
Look who came home really late last night.
COLTON OGDEN: Yeah, no, it's a magnifier, the technology.
DAVID MALAN: Yeah, I think that's a good way of putting it.
And it'll be interesting to see how this plays out because, in this case,
the situation was indeed settled.
So there's not necessarily new case law around it,
but it would be interesting to see how this evolves over time
and how it just becomes more economical and more compelling
security-wise to track, as a side effect, users'
movements in this way in the interests of having software-based security
instead.
COLTON OGDEN: Still on the note of physical keys too, one of the things
that I recently learned, which was pretty fascinating,
is just how easy it is, even given an image of a key,
just to create a duplicate of it because they're standardized.
DAVID MALAN: Yeah, no, and that's true even of those car clickers, right?
Supposedly, if you walk around like the Disney World parking
lot with your own personal key clicker, and you walk far enough,
eventually, you might very well unlock someone else's car
because the address space isn't necessarily that large.
And that's absolutely true for physical keys.
They just rely on probability that no two people
are going to have the same two keys.
COLTON OGDEN: Yeah, it's pretty alarming.
When humans are motivated, they'll find a way to get into just about anything.
DAVID MALAN: Yeah, at that point, though,
it's probably easier just to break a window
than to walk up and down the aisles of Disney World
and get caught on any number of cameras.
So there are some I think downward pressures on these actual risks,
but it's a trade-off, right?
It's going to probably cost more time or more money or more metal
to actually make these things more secure.
COLTON OGDEN: That's true.
We talk about so many things that are kind of depressing, negative,
but it's fun occasionally to maybe shine a brighter
spotlight on some of the more positive, fun things going on.
And you actually brought this to my attention.
They released a 30th anniversary edition of Hitchhiker's Guide
to the Galaxy, which is a game that you remember playing years back.
DAVID MALAN: Yeah, and it's probably my favorite book by Douglas Adams,
Hitchhiker's Guide to the Galaxy.
I've read it a few times.
And I'll admit I've started reading it more times
than I've actually finished reading it, but I do really enjoy it.
And, years ago, growing up, there was a company
called Infocom that made a text-based adventure
game around Hitchhiker's Guide to the Galaxy
where there is no GUI, no Graphical User Interface.
It's all text.
And so the first line in the game is essentially
a statement along the lines of you wake up, and it's dark.
And you have to start typing commands like look around or turn on lights--
sorry, spoiler, 30 years later though--
in order to figure out where you are and what you can do next.
And it was a really rich game textually because the authors would
describe what it is you're seeing.
And so it kind of puts into your mind's eye
what the scene is without actually having to see anything.
And, in fact, fast forward to decades later when
the Hitchhiker's Guide to the Galaxy movie came out, like probably 10 years
plus ago now, it really did not look anything like the book looked
and the game looked like in my own head, which was an interesting contrast.
But it was such fun.
And, indeed, last weekend I sort of escaped
into the virtual world of this game, thanks
to the simulator that's now online.
Frankly, one of the downsides of playing it
on an online simulator now 30 years later
is that they've added to it some images, which is nice.
It's sort of static images, akin to what you'd see every few pages
in a nice black and white printed book.
But it also kind of spoils the imagination that I had.
And so I didn't click around enough, but I'm
hoping there's a button with which to turn that off so you can just
play the purely text-based version.
COLTON OGDEN: Yeah, you'd probably even get that probably
as a terminal program.
DAVID MALAN: Probably, if I dug a little deeper.
And I will admit I got as far as lying in the mud in front of the bulldozer
where Arthur Dent's house is about to be knocked down.
That's not really a spoiler.
That happens like in the first few pages of the book,
but then I got distracted or fell asleep or bored or something.
So I'm going to have to try to come back to it this weekend
and see how far I get.
COLTON OGDEN: It is pretty cool.
And it sort of reminds me of the podcast where we talked about those Infocom
games coming out.
I'm guessing they're related.
They probably are.
DAVID MALAN: Yeah.
Well, and you mentioned another release of a game
from yesteryear that you really liked had come out.
COLTON OGDEN: Yeah, I mean, the old and the new, we've talked about this.
So, with the old, this is an older game.
It's 30 years old.
But Minecraft is a very famous game, very popular.
It was really huge, especially in the early 2010s.
But it's approaching its 10-year anniversary.
And they just released Classic Minecraft free to play in the web browser.
DAVID MALAN: Oh, interesting.
Yeah, I never really got into that, but it's
been big and gotten bigger I think in recent years.
COLTON OGDEN: Yeah, no, I mean, I would say it probably
reached its peak in maybe 2015, 2016, but, even to this day,
it's still pretty popular.
It's not Fortnite popular.
That's the new-- that's the new hotness.
And even that I would imagine is probably
going to be out-competed at some point in the near future.
I think it's just the inevitability of games.
They come out.
People play them.
They get so enraptured by them.
And then the next big game comes out, and everyone just sort of jumps
ship, more or less.
DAVID MALAN: Absolutely.
But I do have a fondness.
Granted, I grew up with these older games,
albeit not Minecraft in this case, where it's just kind of fun
to play these older 8-bit games or even black and white games for which you
have such fond memories.
And even though, admittedly, they don't necessarily hold my interest as much
anymore, I mean they really were wonderfully done
and were cutting edge at the time.
And I think they really do speak to the fact that some of the best games
really are about story or about puzzles and about challenges
and not necessarily about like 3D-rendered graphics and all
that, which is certainly nice and immersive and all the more compelling.
But you can have all of that, but not have a good game, nonetheless.
So that's not what's perhaps core to some of the best games from yesteryear.
COLTON OGDEN: Yeah, when I played Minecraft in virtual reality,
I was terrified.
[LAUGHTER]
DAVID MALAN: The blocks almost got you?
COLTON OGDEN: There was a cave in the distance.
And I've never been more scared to go and do anything.
And that's a testament to how powerful VR is.
And I can't wait to see--
I can't wait to get 3D movement with like those treadmill devices and VR
altogether.
DAVID MALAN: Yeah, that will be amazing.
COLTON OGDEN: That is going to be-- that is going to be cutting edge.
DAVID MALAN: Gaming of the future I do think
will be all the more immersive and escapist for sure.
COLTON OGDEN: Yeah, we've got to get some of that.
So takeaways then for today's episode, what would you recommend?
DAVID MALAN: Play Hitchhiker's Guide to the Galaxy.
If you Google this and type in emulator, you
can find the anniversary edition on the BBC's website, the British Broadcasting
Company, which has the simulator.
You might have to create--
actually, you do have to create an account on their website
if you want to be able to save your progress because I very
quickly realized, wow, you die constantly in the text-based adventure
by taking too long or by typing the wrong command.
So definitely go ahead and do that.
COLTON OGDEN: And play Minecraft.
DAVID MALAN: And play Minecraft.
So I think the takeaways there are, despite all of these dangers
and threats in the world to your privacy and security and the like,
there is plenty of ways to escape it, including this weekend.
COLTON OGDEN: And I guess, when trying to download software,
be mindful of the domains.
You know, find out for sure, if you're not 100% sure what product you're
downloading or buying, that you're at the right place for it
because it's so easy now, especially to your point of all these TLDs
that are now available.
Someone could easily trick you into thinking that you're
going to photoshop.info or what not.
And you're not getting Photoshop.
You're getting malware installed on your computer.
DAVID MALAN: Yeah, absolutely.
Do own photoshop.info?
Is that what's happening here?
COLTON OGDEN: I cannot confirm or deny.
[LAUGHTER]
DAVID MALAN: Well, maybe google Photoshop in order
to download Photoshop.
COLTON OGDEN: But, yeah, I think that's probably a huge thing.
DAVID MALAN: Awesome.
Well, thanks so much to everyone for tuning in.
And, by all means, chime in online if you'd
like to suggest some topics for future episodes.
We'd love to chat about those as well.
COLTON OGDEN: Indeed.
This is the CS50 Podcast, episode 4, zero indexed.
DAVID MALAN: Take care.
COLTON OGDEN: Bye bye.