A few week’s ago I was thinking about baseball. That is a really odd thing for me to think about, because I generally don’t care for baseball. It’s not my favorite sport. It’s not even my 3rd favorite sport. I prefer football, specifically the NFL. But I saw a commercial for a new baseball game for the XBox 360 and Playstation consoles, and a thought occurred to me: Wouldn’t it be fun to write a baseball simulator?

I thought about that because I thought it would be software I could actually write. In my head, I thought of a baseball simulator as something largely non-graphical, more akin to the business software I build everyday than the fancy graphical applications I buy for entertainment. My thought was that you wouldn’t need to model players in 3D with lots of complex motion-capture graphics, or write tons of low-level shader graphics effects. You could more or less program a really sophisticated spreadsheet application. And I thought to myself, “Hey, that’s something I could do in my spare time, because I do something similar everyday.”

But then the lazy gene in me (which all good programmers have, I think) said, “I bet someone has already done that.”

So I started hunting around on the internet for a baseball simulator.

Sidebar: A long time ago there was a football game called Front Page Sports Football Pro ‘96, and it was the king daddy of football simulators. FBPRO ‘96 was the deepest and best sports simulator I’d ever encountered. It allowed users to create their own leagues, players, plays, playbooks and strategies. It allowed users to form online leagues and pit their skills against each other. It had a lively and proactive user base that provided all sorts of 3rd party tools and add-ons. And it tracked a lot more statistics than Madden does. It was the most engrossing sports game ever.

Then the company pushed a bug-ridden release out the door too soon and the game died. Since that day I’ve been waiting for a sports sim to capture my attention like FBPRO ‘96. Finally, that has happened. Only it’s not a football sim, it’s Out Of The Park Baseball 2007.

OOTPB just released their 2007 version, so it was perfect timing on my part to find them on the web. The website for OOTPB looked very good, and they had a download for a 20+ day free trial, so I decided to try the game out.

At first, since OOTPB is basically a huge simulator with very little graphical detail, the volume of menus and options seemed daunting. I was a bit concerned initially that I wouldn’t be able to penetrate the learning curve of the game. But the interface to the game is not only sleek as silk, with very sharp, smooth graphics, but it’s intuitive as well.

Information in OOTPB is grouped logically. There’s a main page for team managers that gives you hyperlink access to just about every major interest point of your team, from roster setups to schedules and minor league teams. There’s also a really cool feature: Bookmarks. You can bookmark any screen in OOTPB. By doing so, the screen gets an “F” key (like F9) associated with it. This is a fantastic feature for newbies like myself, who find an interesting screen while browsing around and might not be certain how to return to that screen. Bookmark it for easy access, until you become familiar with the program and learn how to get there through normal means.

There’s also a couple of navigational arrows in the upper left corner of the screen, so you can go back and forward through screens you’ve visited. Navigation in OOTPB is almost like web surfing with a browser, which should be intuitive to just about any human being who hasn’t been living on an island with Nell.

Of course, OOTPB does come with a couple small drawbacks. For one, because it’s a small company they don’t have the licensing power to be officially licensed by Major League Baseball. So the default installation of OOTPB 2007 doesn’t come with accurate MLB rosters. But this is where the community kicks in: the users of OOTPB have compiled the rosters and rated the players. The downloads for these rosters can be found on the community pages for the website. I found a particularly good 2007 roster that I was able to import into the game that had nearly all the major league players on the correct teams, with the correct team names, colors, and logos. Then I was able to find another group of downloads from a fellow who goes by the moniker “Gambo”, that allowed for accurate player photos. In minutes I was able to create a replica of the real Major Leagues, complete with minor league teams and players.

All of this was, however, just setup. I still wasn’t a baseball fan, but still just a computer programmer looking at someone’s implementation of a sports sim.

And then I played the game.

I have to give kudos here to the people who designed this game. They obviously love baseball and that passion shows in the game itself. Playing OOTPB is one of the most fun and addictive gaming experiences I’ve enjoyed since Everquest showed me what it was like to slay a dragon with 40 other guildmates.

There’s no fancy graphics when you play a game in OOTPB. What there is, is a diamond with small player photos and statistics on the screen.

But this is everything you need. The game provides a very fun play-by-play, and you can control every action on the field on every pitch. Want to put on the hit-and-run? Want to have your speedy player attempt to steal a base? Want to pitch around your opponent’s home run king? You can do it all. This is where the strategy of baseball comes alive. It’s the element of the game that I’ve been missing out on all these years.

In addition to the game play there’s also all of the other management stuff you can do, which is equally addicting. There’s minor league teams to manage, players to scout (and you get a scouting staff, each with his own spin on what’s important to look for in a player). You can make trades with other teams; try and drop payroll and add studs for rebuilding, or overpay to try and win now. It’s all there, just as you would imagine it would be. Free agency, drafting, waivers, disabled lists, it goes on and on.

Two weeks ago I would have considered myself a novice when it came to anything involving baseball. I also would have said I wasn’t a fan of baseball, and you can take that sport if you like, and I’ll take football instead. But OOTPB is the best damn sports sim I’ve ever laid eyes on. It’s a rock solid game built by people who love baseball. It’s taught me an incredible amount about the sport in a very short time. I’m having a blast managing the Mariners and molding the team to my own image of what it should be.

What I love most about OOTPB is that it’s converted me into a baseball fan. I find myself talking baseball with a coworker now, where before I just didn’t care. I actually find myself listening and paying attention to the baseball highlights on Sportscenter. OOTPB opened my mind up to the wonderful possibilities of baseball strategy. And I think that’s really cool. Because strategy has always been one of the reasons I’ve loved football so much. I love offensive gameplans and seeing how guys like Mike Holmgren think. But baseball has it’s strategy too, and at least in OOTPB is just as fun and addicting as football.

If you are a fan of sports sims at all you owe it to yourself to download the trial for OOTPB and give it a shot. It’s one helluva game.

Download it here: http://www.ootpbaseball.net/

When I was an undergraduate student at the University of Idaho, I took a 400/500 level network security class from Deb Frinke. Deb was a great instructor; I’d had her before for Object Oriented Design, so I knew what her style was like and I really enjoyed her lecture ability (even though listening to anyone lecture is absolutely the worst way for me to learn).

The network security class was interesting because it opened my eyes to the world of risk management. What I learned from Deb was that basically no computer is secure, even if it’s not hooked up to a network, because as long as it contains data that can be used to compromise a system somewhere else, or a person, then it’s never really “secure”. Sensitive data is a risk. And security is about risk management. It’s a balancing act between exposing sensitive data and intruding on the user experience. You can add layers of security to a system, but each one of those layers compromises the user experience. And users are, after all, the whole reason the “system” exists in the first place. Add too many layers and users will become fed up, even to the point of actively bypassing your security measures.

At the time I took Deb’s class, wireless technology was just getting started. We spent a healthy amount of time debating the merits and risk of wireless technology since it involved sending data over the air, which was much more susceptible to interception than a wire protocol. Now look at us here in 2007: Wireless is everywhere. It is a truly ubiquitous technology, risk be damned. But I think if you ask most users they’ll tell you: they love wireless. They love being able to take their technology with them wherever they go, and do all sorts of things, like buy books off Amazon.com while taking a carpool to work, or pay their bills online while waiting in line at Starbucks.

Because of Deb, I always think about her class whenever I engage in any computer related transactions that involve sensitive data. I’m particularly wary of web sites where the developers don’t seem to know what they’re doing about security; where the designers throw up roadblocks just because they want to give naive users the illusion of security. I tend to avoid making transactions from web sites that look like they were designed by novice webmasters, because if they don’t have command of HTML then they probably have less command over security principles and concepts.

Thus, it was with much shock and horror when my coworkers showed me the website that they use for online banking.

Now, I don’t want to knock a small, hometown bank. Hometown banks are important to a lot of people. The bank in question, Potlatch Federal Credit Union, actually has some pretty creative radio advertisements that focus strongly on the fact that they are a hometown bank. That said, the following image should worry a lot of people:

What do you see? I see a big frickin’ keyboard on the screen.

Let’s think about what makes a password secure. For starters, complexity helps make a password secure, because the more complex a password is the less chance you have of a hacker breaking it with a simple dictionary attack. Then we have length. The longer a password is (for instance, a passphrase ) the less likely a hacker is to be able to break it with a brute force attack.

But the single most important component of a secure password is the fact that nobody knows it but you.

However, if you were to login to Potlatch’s website, you don’t get to type your password. You have to use a mouse and click the keyboard on the screen - on the BIG FAT SCREEN WHERE ANYONE CAN SEE IT!

It’s possible that the developers of Potlatch’s website elected to put a copy of the keyboard on the screen to deter customers from doing online banking while at work, or in other public places, or on their Blackberry, or wherever it might actually be convenient. I mean, with a keyboard on the screen the only place you’ll be safe to do your online banking will be in the privacy of your own home, with the doors locked, and the curtains closed.

Of course, it’s not all bad (well, maybe). There is a three-step authentication process on Potlatch’s website.

The first step involves entering your username along with Image Verification. Image Verification is typically used to ensure a human is entering data, as opposed to web scripts. I’ve never seen it on a login page before simply because username + password is the accepted way of authenticating a user. Username + Image Verification doesn’t really authenticate anything, it just adds a layer to the illusion of security. At this point Potlatch’s website has your username and thinks you are human, but nothing has been authenticated yet.

The second step involves entering the answer to a secret phrase. Most websites use this method as a way of partially authenticating a user when they can’t remember their password, so a new password can be sent to them. But not Potlatch. They use it to … authenticate you. Apparently. In lieu of a password, they use your favorite cartoon character, or your favorite pet’s name, or something easy for people who know you to guess.

Then you reach step 3, where you get to enter your actual password on a big, incredibly visible keyboard displayed prominently on your screen, where anyone within 20 feet can see you clicking away sequentially at your password characters. Image verification is used again on this page because apparently between the time you entered your username at step 1, answered a silly question at step 2, and entered your password at step 3, you might have changed form from a human being into a malicious web script.

The whole process makes one feel like a parent on a long road trip with small children.

“Are we there yet?”

All of this brings me back to this point: Just because a lot of websites seem secure doesn’t mean that they all are. The people who developed Amazon.com are not the same people who developed the website for your hometown bank.

You don’t have to be paranoid to be happy on the web, or in a wireless world. But you do have to be mindful.