Not all of the icons are from Visual Studio – some of them are from Fam Fam Fam’s Silk icon set (the same icons I use pretty much everywhere in Enano), which is under the Creative Commons Attribution license (can’t remember which version). But if you use TinyMCE without a custom icon set, beware – your software includes some non-free components.

As for Enano, we’re going to look at putting together a Tango and/or Fam Fam Fam icon set and contributing it back upstream to TinyMCE. We don’t think it’s right that Microsoft’s restrictively-licensed intellectual property be included with free software like Enano. Lots of open source CMSes and blog software might be affected by this, so if you maintain any software that uses TinyMCE, be on the lookout for an update with more freely-licensed icons.

MoxieCode CTO Johan Sörlin noted in his e-mail:

What they say in the Image Library specific to the Office icons we use:

Action icons are used to represent commands in the menu structure. These are most often action verbs, but sometimes are nouns (objects or tools) with actions associated with them, such as Hide or Show. As part of a visual language, the following images (or any part of the images) should be used consistent with, although not necessarily identical to, the usage described below

This is what they say about the Image Library in general in their eula.txt:

Image Library. You may copy and distribute images and animations in the Image Library as described in the software documentation. You may also modify that content. If you modify the content, it must be for use that is consistent with the permitted use of the unmodified content.

Third Party Distribution. You may permit distributors of your programs to copy and distribute the Distributable Code as part of those programs.

Neal also noted to me their use of Firebug Lite and jQuery without documentation of their licenses (BSD and MIT respectively) – including license headers in the source code. This isn’t as serious because they can legally be relicensed, but it does raise some questions.

Update: Firebug Lite is just a bunch of prototypes and it’s about 5 lines of code, so either it’s WTFPL/public domain or Joe Hewitt’s off his nut, the latter of which I seriously doubt. jQuery of course is still MIT, but the TinyMCE folks don’t modify it so they redistribute it with its license unmodified. They have also left the headers in the source code, although you won’t see that unless you download the source archive. Perhaps you should include a 3rd party license list in the About dialog, MoxieCode?

You have my sincerest apologies for the neglect I’ve shown you. For the first time in three years I have failed to update you at the minimum rate of one post per month. I only hope I can make it up to you through this post.

So yeah. I started college (RIT; TS;WRM explanation). Fun indeed. Passed the first round of Computer Science House induction formalities, and on track to make it through fall evals. In other words, I’ve developed a high enthusiasm for the floor where I live, because of the highly social, usually low-pressure atmosphere. And having upperclassmen you can bug by endlessly asking which professors are best rocks.

College so far, fun. Classes are pretty easy, writing papers sucks just as much as I anticipated it would, and I can feel the freshman 15 excitedly gurgling in my gut. I get to wake up at 6AM to register for all my winter quarter classes this coming Wednesday. That should be a blast.

So let’s get down to business: the college necessities. You know, the things you have to buy to replace stuff that just can’t go to college. We’ll start with the monitors.

I loved my ViewSonic A90. Always did. One of the highest-quality CRT monitors I’d ever used anywhere, and it proudly sat on my desk for nearly 2 years (or 3? I forget). Unfortunately CRTs don’t fit too well in a dorm. I had the budget planned out for desperate times such as this, so when the time came it was pretty much a no-brainer: LCDs for the win. I settled on the ASUS VH226H, or rather, two of them. They sport a 1920×1080 resolution per screen, giving me a generous 3840×1080 desktop. The picture is gorgeous as is the 2ms response time, and they quite comfortably handled the 5-hour trip up to Rochester along with the rest of the clan despite my lack of adequate packing material.

Up here I’ve got Nighthawk containing Bigmomma’s 1.1TB RAID5 array, Charlie for desktop stuff, and Scribus as my laptop. I’ve had the chance to learn some really cool stuff, like joining my home and dorm networks transparently using OpenVPN and what life is like on frighteningly fast Internet. Let’s just say the Enano demo should be a tad bit faster. Lord knows what I’ll do when I have to shell out $100 a month for Internet access 1/5 the speed of this in three and a half years – or what I’ll do over the summers. Maybe I should look at getting all my web stuff split off?

Audio has also seen an upgrade here at RIT. I noticed that a lot of people on CSH were using M-Audio’s AV40 studio monitor speakers, and now I can see why. I found a pair for myself – refurbished, $120 – and don’t know how I ever survived without hearing the 16KHz+ range. My music is crystal clear in every respect now. I can’t imagine why M-Audio discontinued these. They’re brilliant sounding monitors with more than adequate power (though you can make them distort if you turn any one thing up too loud) and they complement Logitech’s X-540 sub in a very elegant way. I’m still using the Pioneer amp for the rear channel, now connected to two of my X-540 satellites, as the cheap speakers I got from Goodwill randomly burned out completely. My whole system is quite unportable, but I plan to tote the AV40s along home with me for Thanksgiving along with Scribus and my 320GB USB hard disk with a 1:1 copy of ~/Music.

What’s also nice is the fact that I live down in “the L”, the short hallway section past a 90-degree turn on CSH. The acoustics are perfect for playing loud music at night, and I only have neighbors on one side of me. It’s about 1AM right now and one can probably hear my music three doors down, but nobody cares because everyone’s still up.

Speaking of music, I discovered Marilyn Manson tonight. Recommendations from friends got me to listen to The Golden Age of Grotesque and Mechanical Animals, and I have to say they’re both extremely listenable. I like it: metal/industrial with a touch of electronic is really one of the genres where I feel at home, and that’s exactly what Manson is.

One has to question the sustainability of this practice of purchasing things. I’m pleased to announce that thanks to my good friend Nicholas Byfleet, who has been a companion of mine since roughly 7th grade, I now have a job as a sysadmin and web software engineer with his company, Byfleet LLC. I’m really looking forward to the job, because I’ve been told that I offer a unique skill set to the company and my Linux experience has helped him out with the occasional MySQL crash and Apache configuration typo.

So yeah, so far things have been good. I don’t know when I’ll get around to finishing up Enano 1.1.7… there are a few things that really should be changed before the next release (a Windows specific bug with the wikitext parser and proper server side comment pagination come to mind) and I need to get around to coding them. It’s mostly polished up, there’s just those few annoying to-do items, you know? Patches welcome as always.

NOTE: This guide works on BT3, not BT4. BT4 uses Casper, which means I can’t use it on my USB hard disk (I already have Ubuntu installed.)

In my case, this involved a couple of extra steps. First you want to make sure BT3 is installed on your USB device and booting properly; don’t worry about making two partitions, just make one that is FAT32. For the record, I decided to go with FAT32 for my drive because it works with literally any operating system out there, and because all live Linux distributions can boot from it.

Boot BT3 and identify which drive is yours; for me, this was sdb1. Create your changes file:

cd /mnt/sdb1/BT3
dd if=/dev/zero of=changes.img bs=8M count=128

Note that I used a 8×128 = 1024MB image file here. That’s big (I’m on a 320GB hard disk here) and you might not have that kind of space. Adjust the “count” parameter accordingly. Now format the image:

mkfs.ext3 -F changes.img
tune2fs -c 0 -i 0 changes.img

Finally you need to mount it and create the “changes” directory on it. This is the non-obvious step that causes aufs to fail if it’s omitted; it took a fair amount of reverse engineering for me to actually figure this out.

mkdir mnt
mount -t ext3 -o loop changes.img mnt
mkdir -p mnt/changes
umount mnt
rm -rf mnt

The last step is to edit your GRUB or SYSLINUX configuration file and add “changes=BT3/changes.img” to the end of each “append” line (for SYSLINUX) or “kernel” line (for GRUB). There you should have it – a fully writeable BackTrack 3 installation on your USB device, without having to reformat. Of course, you’ll want to reboot to test your changes.

This drive has presented a fun side project for me: cram as many OSes onto one disk as possible. It’s going quite well so far: I have successfully installed Fedora 11, Ubuntu 9.04 (live only), Knoppix 5.3, Arch 2009.1, and BackTrack 3 all on the same partition (with some Fedora files on an ext3 partition to let me use a huge 8GB overlay). These parallel installations can be tricky because you have to do all of them manually, but they are a cool challenge – especially when you can plug a drive into any random computer and see a menu letting you choose from 5 OSes.

The biggest result of “Re: ImageShack” was the comments I saw, both on my own post and elsewhere. There were some pretty damn good arguments but the view I like the most came from a comment by SyrioForel on reddit:

I think he and some other people missed the point that these are black hat hackers whose sole goal here is to prevent script kiddies from finding out their “secret” exploits. There is no other motivation.

This accusation of selfishness makes perfect sense: they have some exploit that works pretty well, and they want to keep using it for life, so they hate full disclosure. *NIXEDBLOG 3.0 points out that this is a pretty blatant violation of the Hacker Ethic, specifically the part about complete and total access to computers.

The more I read about this group, the more I lose respect for them. They’re really a bunch of script kiddies that know how to advertise strategically. That’s it. I had, admittedly, a bit of respect when they hacked ImageShack, but now I’ve pretty much lost that in light of seeing what their true motives probably are. The same goes for pretty much any hacker group: they’re still just a bunch of script kiddies who fap at the thought of pwning someone’s box.

Here I digress.

I’m in Rehoboth Beach, Delaware right now, on a vacation with my immediate family plus two of my dad’s brothers and their families. Been here since Saturday. I don’t feel like horking down more saltwater taffy so I’m blogging.

Getting Wi-Fi was fun. I installed DD-WRT x86 on Xombie, which was decommissioned as outlined in my welcome post for Charles Manson, in order to allow me to take my Linksys WRT54GL on the trip with me. I’m glad I did, because the Wi-Fi signals around this rental house are pretty weak. Most houses around here are rental houses, so they don’t have Internet access, much less Wi-Fi routers. Luckily I found a couple networks including one that seems to be a legitimately public free hotspot.

The magic of DD-WRT is in the abilities it gives to a single wireless chip. Apparently the firmware for the Broadcom chip in the WRT54GL is fully open source, so DD-WRT has allowed me to configure the router as a client for the hotspot network and as a master for two others – one secured for me, and one (with an SSID of “No Strings Attached”) unsecured for other folks on the street as well as others in my rental house. It works wonderfully because the dual antennas on there easily pick up a signal my laptop and iPod couldn’t dream of using and turn it in to a rather reliable solution for casual Internet access.

The house is really cool too. I’m not staying with my immediate family – they had to separate me from the other four because each of our two rental houses only permitted 8 occupants. So I’m staying with my uncle Doug, his family, his mom, and his wife’s mom and sister, while the rest of my family bunks in another (much farther inland) house with my uncle Jeff and his family. It works out great because I get to share a room with only one other person (my 16-year-old cousin Tim) and the house itself is positively beautiful. It’s old, meaning hardwood floors, solid wooden doors, and an attic not unlike that of the house where I grew up. It is apparently owned by someone, and not just by a real estate agency, which is good because it has kept its old-time charm. It’s even located in a crazy valuable spot: about 300 feet from the boardwalk.

Much to my delight and surprise, I also walked in to find a vintage piano in here, painted in a bright robin’s egg blue to match the rest of the living room, that is surprisingly not only in tune but also possessing a very intricate sound. Being a somewhat adventurous pianist, I’ve gotten a bit of enjoyment out of it. It is missing a couple of keys but I fixed their middle F# and am exploring possibilities for giving some love to D2 for which the hammer is broken off. It looks to be a fun week, as long as the weather holds up.

Anti-sec. We’re a movement dedicated to the eradication of full-disclosure. We wanted to give everyone an image of what we’re all about.

OK then, let’s hear it. For the record, I respect all opinions. I read your messag– errm, image in full the first time I saw it.

Full-disclosure is the disclosure of exploits publicly – anywhere. The security industry uses full-disclosure to profit and develop scare-tactics to convince people into buying their firewalls, anti-virus software, and auditing services.

In some cases, that can be completely true. Firewalls, anti-virus software, and auditing services can only do so much. For instance, a lot of exploits on web applications are based on different types of malformed HTTP requests. I’ve studied these a lot. That’s why I have automatic systems in projects like Enano to filter out common types of attacks. I completely acknowledge that it’s not perfect, and I wouldn’t be surprised if there’s a huge hole sitting under my nose. All I can do is design my project with security in mind and carefully consider security when I’m coding each component.

That said, I don’t consider “IE6 is outdated and insecure – you should upgrade!” to be a scare tactic. Maybe “Protect your web infrastructure with Acme, Inc. Heuristic HTTP Firewalls” could fall within that scope if it’s marketed as the only way to keep your website from getting hacked. But that’s advertising. I don’t necessarily agree with that kind of marketing either, but they are trying to sell their product. I share the view that ads like that market to idiots who think they can put a black box in between their router and web server and be unhackable, but I guess I’m just too white-hat to say that they deserve to be destroyed. I feel like I have the same discriminatory and sometimes hateful attitude towards n00bs sometimes, but that is not an excuse to do anything illegal.

Meanwhile, script kiddies copy and paste these exploits and compile them, ready to strike any and all vulnerable servers they can get a hold of. If whitehats were truly about security this stuff would not be published, not even exploits with silly edits to make them slightly unusable.

Script kiddies are a part of life. They’re also part of the security ecosystem, whether you like it or not. I hate them too. Fact is, there’s a concept called BORE – Break Once, Run Everywhere – that says that if one person publishes an exploit, it will propagate everywhere in time. I haven’t written any live exploits for this Enano security vulnerability whose patching was the reason for 1.0.6, but someone could easily look at the regular expression and figure out what was being filtered out and write an exploit. Boom, goes on milw0rm, exploit in the wild and I can’t do a damn thing about it. If there’s a hole, there will be an exploit somewhere. And open source software has no way to really avoid full disclosure because of version control and diffs.

If we didn’t have script kiddies, people would have no inclination to apply updates, and when someone did decide to pull off an elaborate hackfest, it would be mayhem. Instead, full disclosure means ImageShack contained your attack enough that they were able to restore everything from backups with no particularly heavy repercussions.

Full disclosure is inevitable. The whole reason full disclosure policies are put into place is because every vulnerability will get leaked at one point or another, so best to just publish it and get it over with, so that others can understand the vulnerability and avoid similar problems within their own code. Full disclosure is a driving force behind the growth of the security and software industry because people learning from each other is the most productive way for a group as a whole to become better. And because full disclosure is an inherent part of open source software as mentioned above, if you are against full disclosure, you are also against open source software. Open source software that you’re probably using to pull off your hackfest. I dare you to hack my blog with only closed source tools. In fact, I’ll make a bet. If you do that and e-mail me with a detailed explanation of how you did it, I’ll replace this blog with whatever non-pornographic “pwn3d” page you want.

As an added bonus, if publication wasn’t enough, these exploits are mirrored and distributed widely across the Internet with a nice little advertisement embedded in them for the crew or website which first exposed the vulnerability to the public.

It’s about money. While the world is difficult to change, and money will certainly continue to be a very important in the eyes of many, our battle is that of the removal of full-disclosure for the purpose of making it harder for the security industry to exploit its consequences.

What’s wrong with giving credit where credit is due? What’s the problem with a little self-promotion? What’s the problem with being competitive?

For what it’s worth, I don’t make a dime when someone visits my blog or any of my other sites. I pay $10 a year for the domain, and I host it all myself. But I’ll still credit myself if I ever post an exploit, because it helps me to build a reputation. I’m a kid that just graduated high school and am looking to make a name for myself in the security industry so that I can get a good job and make a living. How am I supposed to do that if I don’t get any credit for my work? It pays to put “Discovered X vulnerability in Acme, Inc. Foo Application (CVE-2009-1234)” on a résumé.

It is our goal that, through mayhem and the destruction of all exploitive and detrimental communities, companies, and individuals, full-disclosure will be abandoned and the security industry will be forced to reform.

How do we plan to achieve this? Through the full and unrelenting, unmerciful elimination of all supporters of full-disclosure and the security industry in its present form. If you own a security blog, an exploit publication website or you distribute any exploits… “you are a target and you will be rm’d. Only a matter of time.” This isn’t like before. This time everyone and everything is getting owned.

Signed: The Anti-sec Movement

Try me.

I just wrote my argument on why full disclosure is good for the industry. Counter it, and you’ll get your message pushed across further. Or, you can just hack my blog to death using your tools that were authored around the very principle you are rejecting, and I’ll just shell into my server and take down your “pwn3d” page and restore a backup, and you won’t get anywhere.

Bring it on, I dare you.

Such is the namesake for my brand new desktop computer. Well, with a few adjustments. My new desktop is undoubtedly a she, and her DNS name is simply “charlie.”

Before I jump into my usual round of essay scribbling on why this computer is so awesome and why I need it, here are the specs you’re dying to see:

• AMD Phenom II X4 940 Black Edition – 4 cores, 3.0GHz
• Gigabyte GA-M790X-UD4P motherboard – Sockets AM2, AM2+, AM3 supported, max. RAM 16GB @ 1333MHz
• 4GB OCZ Gold PC2 6400 DDR2 SDRAM (upgrade to 8GB planned)
• XFX NVidia GeForce GTX 260, 896MB
• PC Power & Cooling Silencer S61EPS 610 power supply
• Western Digital 320GB SATA 3Gb/s hard disk – OEM
• Lian Li PC-K7B case
• DVD burner from Nighthawk

I’m really just getting my feet wet in terms of the stuff I can do with this thing. I didn’t realize for a long time how much I was missing by not having SSE2, AMD-V, and multiple cores. It’s certainly a blessing to have all this and more in such a quiet (albeit relatively large) box.

The benefits of having a computer this powerful are already becoming apparent. When it does crash and X resets (due to this bug), I’m back at my desktop in 10 seconds instead of 30. I can also use Windows 7 and Mac OS X when I have to – both as minimally as possible, Windows for reprogramming Yubikeys (more on those in a minute) and OS X for managing my iPod because iTunes on Windows sucks, and because certain Enano things tend to break under Apple’s OS.

Accompanying this transition is the decommissioning of two computers, Xombie and Capsaicin. Neither was used for very much: Xombie did a poor job at managing torrents and my webcam, and Capsaicin did a somewhat reliable job at running IRC (I’m regularly on 4 networks). Nighthawk has taken over the duties of both, and she continues to be Enano’s Mercurial master as well as the home of all my music (which I can’t stand to not have access to from multiple OSes). Basically Nighthawk is acquiring more duties as she transitions from being the constantly-experimented-with computer to more of a server. I really don’t need Xombie or Capsaicin anymore with the power Nighthawk has and the easy virtualization available to me on Charlie.

We’re looking at some eventual serious overclocking potential on Charlie. Once I’m able to afford a good cooler, I want to try and push her up to 3.7 or even 4GHz. There’ve been some suspicious results with Linpack though – it indicates possible instability under the High load test, 4 threads, and all my settings at stock. Oh yeah, and the CPU peaked at 62C. I’m debating whether it’s necessary to RMA some parts and try a different CPU of the same model, or blame it on the motherboard and RMA that. Either way I’d be without a solid computer for a week or so, which would suck.

Still I am very excited at the potential this thing has. She serves Enano pages in 0.03s and I have Compiz on CRAZY high settings with no signs of stuttering or lag whatsoever. Pretty much everything real-world that I’ve thrown at her, she’s handled with no sweat whatsoever. Hopefully I’ll be at least up with the times for a couple years, eh?

Oh yeah, the Yubikeys. (Published the post without this section, forgot I planned to add it.) Yubico sent me five Yubikey IIs as a thank-you for supporting their device in Enano. The new version, which has a little bit of a learning curve compared to the old, is very useful to me as I see this high degree of security (a 32 character password) now being available to things that don’t support Yubikey (or only support it commercially), like Windows, OS X, and a number of websites I visit. At the same time I retain the OTP functionality for things that support it, like most of my servers and Enano websites. The keys are more solid too – I could run over one of these things with a semi truck if I wanted to. They say they’re also designed to survive a dunk in the swimming pool but I don’t think I’ll try that one. Wonder if that also means they’re tamper-resistant like the IronKey, too. Either way, I’ll be looking into figuring out if there’s anything special that can be added to the Enano Yubikey plugin to make it more friendly to version 2.0 of this very economical, very innovative security device.

Of course there are bugs. One of my favorites is caused by the way their reverse proxy works: the IP that shows up is one of Google’s own, registering as “Unavailable” in the IP history table (presumably because Google internal IPs are probably stripped from IP logs) but shows up as “This computer is using IP address 74.125.114.147.”

(Why, you ask, am I allowing my real IPv4 IP to show? Answer: because your computer already knows it – the server running this blog is on the same IP )

Nowhere does the IPv6 address I used to access my Gmail account show up in the history. Of course this means that if you want to hack a Gmail account, this is a great way to do it: your IP history is never recorded, and apparently your IPv6 IP never reaches any Google servers that log requests in a very traceable form.

Oh good, you say. More privacy! Not necessarily. Every single website out there should be logging your IP address. All my servers do, as do 99% of other sites. It’s needed for forensic purposes. If all requests are logged, and an intrusion is detected, one can trace the intrusion back to its source and contact relevant authorities. This is an important thing for someone to be able to do. In my opinion, Gmail is well within ethical guidelines regarding IP logging, because its logs are made available to the owner of the account.

If I could speculate for a minute here, let me deliver my suspicions: I think Google is cheating with their IPv6 support. They probably have a rack of servers with IPv6 access that simply reverse proxy up to their IPv4 production systems which provide the actual service. If that’s the case, they should be able to just whitelist the reverse proxy’s IP in the trusted X-Forwarded-For list and perhaps alter a few database tables to support IPv6 addresses (a maximum of 39 characters) instead of just IPv4 (max. 15) and perhaps some regular expression checks against IPs.

Anyways, Google needs to get this fixed. It could make it very difficult to trace an intrusion into a Gmail account, something their new IP address logging feature was designed to expose.

We got back to Ed’s place and I remembered that when I was over there on Saturday I promised him I’d give Monster a shot. He’s an addict; I’m an interested follower, especially being a geek (plus it was Geek Pride Day). Mind you, I’ve never had an energy drink before. Ed and I also have severe ADHD. That’s a fun combination.

He was happy to tell me how it made him “more mellow”, which I could believe because he tends to not be a very wild person and I know he drinks 1-2 cans of the stuff every day. So I had a can of the orange flavor, Khaos. It took me about an hour to drink through it; I wasn’t that thirsty, and I had to get used to the flavor. Ed was pretty surprised it took me a full hour to get through it.

Though *extremely* sweet, it had only 34g of sugar in the whole 16oz can. WTF? There was a lot of fruit juice in there, and as much as I would doubt that anything actually natural would be in something like that, it seems to actually be there. Right alongside the ginseng and bat pee, but yeah, it’s there.

So, yeah. I never got any sort of energy buzz at all. By the time I finished driving Gina home (finding out the hard way that the exit we needed was northbound only, and thus going waaaaaay out of my way) I was extremely tired. Alert, yes, but physically weary.

Conclusion: I’m gonna stay away from energy drinks. Dunno if it’s ADHD or the high-octane brain syndrome or what, but they do just about the opposite of what they say on the tin for me. Plus, they’re… errm, pretty bad for you.

Oh yeah. After dinner I couldn’t make it any longer and crashed, to the point that I don’t even know how the lights in my bedroom got turned off. Here I am, writing this after suddenly awaking at 10:15PM.

I’m going to start off by saying I waited as long as possible. I had two schools that were my top choices: RIT and the University of Advancing Technology. The former is in Rochester, NY; the latter, Tempe, AZ. Having been raised in Cleveland, I jumped at the thought of going to college in the Valley of the Sun. Why, you ask, am I talking about UAT, if I picked RIT? Here’s the story.

On March 27, I applied for UAT’s Ray Kurzweil scholarship. That was the $9,000 I needed in order to put UAT into my family’s budget range. (Like just about everyone, I lost a few bucks to Wall St. last fall.) Their info sheet said to expect a decision about a month after you apply.

On April 14, I e-mailed UAT and let them know that in order to make sure I got a spot in the university of my choice, I was going to make a decision on the 20th. I already had enough in grants and scholarships from RIT to go there. If UAT gave me the Ray Kurzweil, it was UAT; if they didn’t, it was RIT.

April 20 came. I hadn’t heard from Arizona. I was busy with my 70-hour week at school as the sound guy for our musical, so I waited a day. And another. And another. Finally, Thursday night came and I told my dad I had made my decision: RIT.

I think that’s where my parents really wanted me. I came home from school the next day to find a large, bright orange stack of RIT stuff on my desk and a note saying “the RIT admissions deposit has been made.” Over the next week or so, I signed a few papers and got my housing contract in.

Fast forward to today, Cinco de Mayo. 8PM sharp (5PM in Tempe, meaning right at their closing time) the phone rings. It’s the head of UAT’s admissions department, asking urgently to speak with Dan. Congratulations to me, not only did I get the Kurzweil, they pulled it from the graduate scholarship pool because they liked my essay so much. (It was over 4 times the required length, a) because Enano can’t be described in 400 words, and b) as you probably can tell I’m a very verbose writer; this post is currently over 500 words.) Of course, I couldn’t make it work.

As flattered as I was, I couldn’t help but feel a little bit heartless about the whole thing. They waited too long, and I gave them a 4 day grace period. I had a gut feeling I was going to earn the Kurzweil, but that was a risk I could not afford to take. If I hadn’t enrolled in RIT by May 1, I would lose my spot and, had UAT not given me the Kurzweil, I’d be going to a state school or (worse) Defiance College, which has done some creepy things to say the least. (To not offend the folks at Defiance, I won’t get any more specific than that.)

So, I’m going to Rochester. There’s no Chipotle there – yes, I will be writing Steve Ells – and everything has metal roofs. But there are business minors at RIT. And tunnels. And Gracie’s Dining Hall (best damn college food I ever had, couldn’t help but select “unlimited meals” before my parents could force me to click something else), a pathetic excuse for college food far outweighed by the newly built Chipotle. And, come this fall, someone else in my high school class will be going there – a considerable feat considering the fact that my class size is 27.

And yes, my torrent activity will stay at home. I can only promise, RIT, that I won’t break your TOU.

Moore’s Law is a powerful thing, is it not?