On Wednesday, a Russian antivirus firm announced that over 600,000 Macs were infected with the Flashback trojan, exploiting a Java vulnerability to create the first significant malware infection in OS X history.

If you’re running a botnet, the goal is to avoid detection for as long as possible. Flashback took an interesting approach to hiding itself — if one of several popular antivirus or monitoring tools is detected, it immediately deletes itself. Merely installing a utility like Avast, Clam Antivirus, Little Snitch or HTTP Scoop was enough to protect you, even if you didn’t keep them running.

Funny enough, major commercial antivirus utilities like Norton Antivirus, McAfee VirusScan, and F-Secure weren’t included in the blacklist. It seems the Flashback authors aren’t afraid of the effectiveness of those utilities or, maybe, the technical expertise of their customers.

From the threat description:

On execution, the malware checks if the following path exists in the system:

/Library/Little Snitch

/Developer/Applications/Xcode.app/Contents/MacOS/Xcode

/Applications/VirusBarrier X6.app

/Applications/iAntiVirus/iAntiVirus.app

/Applications/avast!.app

/Applications/ClamXav.app

/Applications/HTTPScoop.app

/Applications/Packet Peeper.app

If any of these are found, the malware will skip the rest of its routine and proceed to delete itself.

Note the presence of Xcode, Apple’s IDE for Mac and iOS development. To a virus author, the presence of development tools like Xcode is a perfect indicator of a tech-savvy user… the kind of person most likely to detect your work.

If you want to stay safe, or see if you were infected, Macworld has the best roundup.

I love when I’m crate-digging through the weird part of YouTube and stumble on something truly amazing, seen only by a handful of other people. Just now, I was looking for the redneck bar scene from 48 Hrs. and found this:

It’s the opening titles for 48 Hours of Hallucinatory Sex (originally “48 Horas de Sexo Alucinante“), a 1987 trash/sexploitation film from Brazil. (Don’t worry, the clip’s safe for work.)

Everything about this video is amazing, from the face-melting porno synth to the Amstrad-like scrolling fonts. (You can see the blinking cursor!) With the VHS warble, it sounds like an unreleased track straight off of DJ Shadow’s Endtroducing… I couldn’t find any information about the soundtrack online, but would love to hear more.

The sequel to a 1985 movie called 24 Hours of Explicit Sex, the plot of 48 Hours is totally meta: a sex psychologist sees the original film and hires the original cast and crew to make her own. It’s like the ’80s porno version of The Human Centipede 2: Full Sequence, where a psychopath is inspired to recreate the events of The Human Centipede using the real-life actors from the film.

The last time I stumbled on anything this funky, it was this scene from low-budget indie comedy Apple Pie from 1976, that ends with this insane 15-minute-long choreographed dance sequence set on the streets of 1970s NYC. And the music? An improvised funk jam by Hall & Oates.

This happens to me every time I go to NYC.

Over April Fool’s Day weekend, hundreds of independent game developers came together for What Would Molydeux?, a 48-hour gamejam celebrating the tweets of Peter Molydeux – the anonymous doppelgänger of Peter Molyneux, the legendary British game designer known for his grandiose visions for games as art.

For the last three years, @PeterMolydeux’s written hundreds of surreal game ideas on Twitter, satirizing the game industry and the high-minded aspirations of his real-world namesake. For example:

• Your loved one has turned into a snowman. Yet your body needs to be as hot as a oven on high heat to survive. What would you do?
• What if everyone in the world had an explosive telephone in their body? If you could find out their number you can detonate their phone?
• You are a small girl flying a talking kite. The kite seems to know about a upcoming major terrorist attack and floats towards clues.

Double Fine lead programmer Anna Kipnis was first to suggest a gamejam, in which each developer would build a game inspired by one of Molydeux’s tweets — in two days, start to finish. The idea spread quickly and, within days, local events were planned in more than 30 cities worldwide.

The end result: nearly 300 insane games of wildly varying quality from 900 participants, with more trickling in daily.

I’ve spent the last three days obsessively playing through dozens of these. So far, I’ve been an innocent man with psychopathic arms, a pigeon trying to save suicidal businessmen, a road manipulating emotional cars, and a bear that needs hugs to survive.

I’ve played games with unreliable narrators, games that hide the rules from you, games with emotional title screens, and games that use the pause button as a weapon.

It won’t be for everyone, and that’s totally okay. Indie games often won’t appeal to the Call of Duty crowd, just like most Taylor Swift fans won’t listen to Hüsker Dü. Good things happen when you stop worrying about what’s marketable, and just make something you believe in.Not every game works — they were made in 48 hours, after all — but it’s surprising how many do.

So much of what I love about the indie gaming scene is embodied in the MolyJam event. It’s daring, creative, silly, and not afraid to fail. More and more, I find myself drawn to this world, even though I’ve never made a game, and I think it all comes back to what I love about the web.

Rise of the Indie

Indie games are in the middle of a renaissance right now, a Cambrian explosion of creativity enabled by the internet. Digital distribution platforms including Steam and the App Store have lowered the barrier to entry for indies, while crowdfunding sites like Kickstarter have reduced the importance of traditional publishers for funding projects.

Combined with a litany of complaints about the mainstream gaming industry, from exploitative working hours to the lack of creative and financial control, talented game developers are increasingly choosing to strike out on their own.

It’s resulted in a cultural movement, with commercial blockbusters like Minecraft, Braid and Super Meat Boy coming from small teams of one or two people, with even smaller budgets.

In some ways, this is a return to form for the gaming industry. Many games from the 8-bit era were created by a single developer who handled all the code, art and sound.

As graphics and audio capabilities grew, so did the budgets and team size. Larger budgets meant more risk, which directly hampered experimentation. Like the film industry, the gaming industry’s seen its own shift towards sequels and licensed brands instead of innovative, original works. (All ten of last year’s best-selling games were sequels.)

The indie gaming movement is a direct challenge to the old way of doing things.

Finding the Niche

It seems like the web’s going through a similar cycle of growth, stagnation, and disintermediation.

Fortunately, web developers have never faced the same publishing and distribution middlemen that games, television, and film were forced to deal with. The only major gatekeepers now are the entrenched social networks.

It seems like the web’s losing some of its original experimental glow. There’s no shortage of people making awesome stuff online, but I can’t shake the feeling that much of the interesting creative coding is now happening elsewhere — mobile, gaming, physical computing. For new entrepreneurs, the landscape couldn’t be better. Lean startups composed of very small teams are bootstrapping or joining incubators like Y Combinator in lieu of traditional funding, allowing them more creative control while retaining greater ownership of their work.

But the ultimate goal of a startup is making money, not art. For me, the most exciting part of the indie gaming movement is that commerce still feels secondary to making something innovative, fun, and creatively interesting.

In the last few years, it seems like the web’s losing some of its original experimental glow as it’s matured. There’s no shortage of people making awesome stuff online, but I can’t shake the feeling that much of the interesting creative coding is now happening elsewhere — mobile, gaming, physical computing.

Part of this could be market forces; there could be less experimentation when lots of money is getting thrown around. Or maybe the web is just losing its appeal in a universe increasingly ruled by native apps.

Maybe, like the desktop metaphor, the web has served its purpose and it’s slowly being replaced by platforms that solve these problems more effectively. Bookmarks, location bars, URLs, extensions, and even the browser itself will be abstracted away, hidden from view for a better user experience, as most people flock to walled gardens on simplified tablets and mobile devices.

All of that may be true. But it feels like it’s set the stage for a new indie movement, focused on using the web as an expressive creative medium over a commercial one. The tools at our fingertips are incredible: WebGL, WebSockets, Node.js, browser geolocation, standardized audio and video, among many others. And it’s easier than ever to get your work in front of an audience who cares: the people who still love the quirky indie web and everything it stands for.

It won’t be for everyone, and that’s totally okay. Indie games often won’t appeal to the Call of Duty crowd, just like most Taylor Swift fans won’t listen to Hüsker Dü. Good things happen when you stop worrying about what’s marketable, and just make something you believe in.

We already have the tools, the distribution, and the audience. We even have our own gamejams; the tech world pioneered hack days for this kind of experimentation years ago.

Now we just need our own Peter Molydeux — someone with audacious, ridiculous ideas to inspire new vectors of awesomeness from the rest of us.

(Note: This was originally published in column on Wired.)

Spent the morning sightseeing in Google Maps 8-Bit, taking snapshots with my handy 1-Bit Camera.

(Click for larger size.)

I originally wrote this column over at Wired back on March 13 about my experience with patents at Yahoo, but forgot to republish it here on Waxy.org in my permanent archive.

This article received a bigger response, hands-down, than anything I’ve written for Wired so far, resting at the top of Techmeme for a full day, with widespread coverage from The Telegraph, The Verge, Fox News, and Business Insider. (That’s a good signal you’ve written something notable: when competing tech magazines start linking to your work.)

Almost two weeks later, I’m still angry but happy that the column ignited such a powerful discussion about the patent issue. I’m especially pleased that “weaponizing patents” is entering the lexicon; articles like these use the phrase without mentioning me at all. Awesome.

For two other perspectives on this issue, I enjoyed Mark Cuban’s linkbait take and Fred Wilson’s short, furious rant.

Anyway, if you hadn’t seen it, I hope you enjoy it.

While most of the tech world was partying at South by Southwest in Austin yesterday, Yahoo announced it was filing a lawsuit against Facebook for allegedly infringing on 10 patents from their 1,000+ patent warehouse.

I’m no fan of Facebook, but this is a deplorable move. It’s nothing less than extortion, expertly timed during the SEC-mandated quiet period before Facebook’s IPO. It’s an attack on invention and the hacker ethic.

In the interest of full disclosure, I have a small supporting role in this story. None of the patents I co-invented are cited in the Yahoo complaint, but a handful of applications I worked on with Yahoo were granted patents, weaponized now to use against people like me.

Here’s how the process worked, in my case:

In 2005, Yahoo acquired Upcoming.org, the collaborative events calendar I’d launched two years before.

Back then, the Web 1.0 behemoth seemed on the verge of turning things around. A series of smart moves — high-profile hires, the Oddpost and Flickr acquisitions, the launch of the Yahoo! Developer Network, and their Research Lab — was breathing new life into things. Two months after we were acquired, Del.icio.us and Webjay joined us in the Yahoo fold.

After we moved in, we were asked to file patents for anything and everything we’d invented while working on Upcoming.org. Every Yahoo employee was encouraged to participate in their “Patent Incentive Program,” with sizable bonuses issued to everyone who took the time to apply.

Now, I’ve always hated the idea of software patents. But Yahoo assured us that their patent portfolio was a precautionary measure, to defend against patent trolls and others who might try to attack Yahoo with their own holdings. It was a cold war, stockpiling patents instead of nuclear arms, and every company in the valley had a bunker full of them.

Against my better judgement, I sat in a conference room with my co-founders and a couple of patent attorneys and told them what we’d created. They took notes and created nonsensical documents that I still can’t make sense of. In all, I helped Yahoo file eight patent applications.

Years after I left I discovered to my dismay that four of them were granted by the U.S. Patent and Trade Office.

I thought I was giving them a shield, but turns out I gave them a missile with my name permanently engraved on it.

I was naive. Even if the original intention was truly defensive, a patent portfolio can easily change hands, and a company can even more easily change its mind. Since I left in 2007, Yahoo has had three CEOs and a board overhaul.

The scary part is that even the most innocuous patent can be used to crush another’s creativity. One of the patents I co-invented is so abstract, it could not only cover Facebook’s News Feed, but virtually any activity feed. It puts into very sharp focus the trouble with software patents: Purposefully vague wording invites broad interpretation.

In their complaint, Yahoo alleges that Facebook’s News Feed violates “Dynamic page generator,” a patent filed in 1997 by their former CTO related to the launch of My Yahoo, one of the first personalized websites. Every web application, from Twitter to Pinterest, could be said to violate this patent. This is chaos.

Software patents should be abolished, plain and simple. Software is already covered by copyright, making patent protection unnecessary.

Ask any programmer — developing software is as creative and unique as writing poetry.

Yahoo’s lawsuit against Facebook is an insult to the talented engineers who filed patents with the understanding they wouldn’t be used for evil. Betraying that trust won’t be forgotten, but I doubt it matters anymore. Nobody I know wants to work for a company like that.

I’m embarrassed by the patents I filed, but I’ve learned from my mistake. I’ll never file a software patent again, and I urge you to do the same.

For years, Yahoo was mostly harmless. Management foibles and executive shuffles only hurt shareholders and employee morale. But in the last few years, the company’s incompetence has begun to hurt the rest of us. First, with the wholesale destruction of internet history, and now by attacking younger, smarter companies.

Yahoo tried and failed, over and over again, to build a social network that people would love and use. Unable to innovate, Yahoo is falling back to the last resort of a desperate, dying company: litigation as a business model.

That it’s Yahoo makes it even sadder. The complaint isn’t really wrong when it asserts that: “For much of the technology upon which Facebook is based, Yahoo! got there first.”

But being first with something generic that would have been invented by someone (like the wheel) — as opposed to something few could have imagined (like the Segway) — is a big difference.

Ask any start-up CEO — execution is everything.

As the fictionalized Mark Zuckerberg says in The Social Network, “If you guys were the inventors of Facebook, you’d have invented Facebook.”