If there’s one flavor of reporting I find more irritating than innumerate science “journalism”, it’s got to be the cybersecurity beat. This morning NPR was the offender.

I should admit up front that I automatically assume that anyone employing the prefix “cyber” is an idiot, and this unfortunately means that I’m inclined toward skepticism even when listening to actual experts in the field. But this NPR piece is symptomatic of a undeniably idiotic tendency to lump together every governmental system that takes electricity, then assume that summarizing the first twenty minutes of Transformers and asking “WHAT IF?!” qualifies you as some sort of digital Cassandra.

The piece starts out by discussing Russian vandals’ successful efforts to screw with the Georgian government’s website — something that can be plausibly done by a disaffected teenager — then jumps rapidly to “monkey[ing] with GPS” which involves, you know, satellites, or at least skill at building, concealing and fortifying radio transmitters; and, if anything other than a braindead denial of service, would also require the discovery of a novel attack on the system’s design. These things are much harder than checking to see if the recently-launched website of a small ex-Soviet country is running slightly outdated software that someone else has written an exploit for.

Of course, the U.S. military is planning its own cyberattacks. Pentagon cyberwarriors have detailed plans to take down power, telecommunication and transportation systems just about anywhere.

There is just one problem: What if the other side strikes first? In cyberwar scenarios, pre-emptive attacks are favored, and effective retaliation can be difficult.

“We have extremely good cyberoffensive capabilities and almost nothing in the way of cyberdefense,” Clarke says.

WHAT DOES THIS MEAN? Disrupting the operation of a website is very different from disrupting the operation of the internet, which is very different from interfering with military communication systems, which is very different from interfering with military battlefield communication systems, which is very different from being susceptible to the interception of digital communications. But all of these things are just jammed together, mindlessly.

What kinds of electronic attack are possible? To what extent are our defense systems susceptible to them — in particular, are those systems at all tangled up with the internet? If not, what economic consequences could plausibly be inflicted on our country by disruption of the internet, and how do they compare to the historical example of, say, a blockade? If an online attack originates from overseas, what countermeasures are available? And do we have a protocol in place with the major backbone operators to implement them?

None of these questions are asked or answered. Blah blah blah cyber. That’s it, over and over. This is a multi-part series, so perhaps future installments will resolve this problem. But so far NPR’s approach is just to quote a bunch of people in the cyberwar pontification business making ominous intonations about our need to take cyberwar more seriously (i.e. spend more money on people like themselves).

Then there’s this:

For a country whose economy operates largely in cyberspace and whose military pioneered Net-centric warfare, this is a serious failing.

This author pretty clearly has no idea what Net-centric warfare is supposed to mean — it’s just used a nice lexical break from those relentless “cyber”s. Here, have a CRS report. Yeesh.

If you ask me, there are two excellent reasons for learning how to surf. When you’re young, it seems to be a great way to achieve a lifestyle focused on taking drugs and having sex. And when you’re older, the sport is a surefire wellspring for pretentious mystical ruminations, as memorably/disastrously demonstrated by John From Cincinnati*.

Well, I’m not young any more, but I’m also not yet good enough at surfing to bore you about it properly. Emily and I finished our Costa Rican vacation in Dominical, a town only recently connected to the rest of the country by reliable highways, and still tucked behind an intimidatingly industrial plane of geometrically-arranged oil palms. It’s everything you could want from a surf town: if there ever was an authentic local culture to feel liberal guilt about, it was washed away years ago by the slacker tide. Every restaurant is simultaneously a tourist trap and a locals’ hangout. Every shop seems both dangerous and sleepy. Everyone is always at the beach; everyone is always hanging out; everyone is beautiful, tanned and weather-beaten. They all look like surfers, because they are.

We stayed a kilometer up the beach, at a place called Roca Verde, which has a reputation for hosting a particularly noteworthy and raucous disco every Saturday night. We missed it; for us, the place mostly made an impression as being comfortable, stocked with good food, and run by a scrupulously honest and helpful owner named Frank. He’s the one whom we asked to book us a surf lesson — this was the one thing I came to Costa Rica really wanting to do, and it was the reason we had come to Dominical. Frank left a bunch of voicemails for his preferred surf instructor, but never managed to connect with him. Finally, he reached out to a different guy, a local by the name of Jose Obando. “To be honest, this might be better for you,” Frank said. “Jose’s probably the best surfer on the beach.”

Well, I’m sure he says that to all the clueless tourists. But Jose was certainly an impressive surfer, and a very good teacher. Emily and I managed to each get up on our first try! The rest of the lesson went well, too — well enough that I asked if we could take another lesson the following morning, before leaving town. I wanted to ride a real wave.

Jose said okay, so we met him the next day and drove to Dominicalito, a beach just up the road with smaller waves. As I said, our first lesson was on “whitewater” — waves that had already broken — and they weren’t much to worry about. But further out the swells at Dominical’s main beach are pretty big (the guidebooks insist: don’t surf while stoned), so it made sense to head to a less ambitious location.

It was still pretty tough. The first day of surfing — two hours of surfing, really — had left us beaten up. Emily and I both got sunburns despite conscientiously-applied SPF 30. We’d picked up some nasty board rash, too — proper technique involves a lot of time spent arching your back and placing your torso’s weight on the bottom of your ribcage. For me, this translated into a bruised rib (exacerbated by my stupid tendency to flop onto my board like a wet sack of meat), which is still a minor nuisance three weeks later. And besides the injuries, surfing is hard work, particularly when you don’t know what you’re doing and are therefore not doing it gracefully, and even more so when you’re responsible for managing an incredibly large (though incredibly stable!) surfboard.

By the hour mark of our second lesson Emily and I had both successfully caught several waves, albeit with helpful launching pushes from Jose. But my ass was dragging. Getting back beyond the break was a chore. Waves crashed over me, pushing me back, forcing me to roll with my board, only to be caught by the next wave, wasting energy, slowing down. My ribs burned whenever I lifted my head off the board, preventing me from paddling efficiently to where I needed to go. I still had a helpfully buoyant surfboard attached to me with an ankle leash, in water only slightly over my head. But I was swimming in the ocean, clearly near exhaustion, and there were moments when it started to get a little frightening.

We called it a day a few minutes shy of our lesson’s planned two hours. Our board rashes had begun to produce spots of blood; worse, the backs of Emily’s legs had been completely devastated by the sun — her reward for staying on the board and paddling like she was supposed to. I’m glad to have done the second lesson, and I want to do more. But I left it utterly beaten up and exhausted.

So you should dismiss the pretensions to surfing lyricism that you’re about to catch me spouting. My intermittently-ecstatic surfing experience was punctuated by a lot of exhaustion, pain and gulps of seawater. But I can definitely see why the surfer-cowboy-poets like it. The way Jose could pick developing waves out of the mass of water beyond the break; or point out riptides by sight; or know when to paddle hard to steal the wave’s energy; all that stuff mystifies and fascinates me. It’s somewhere between tracking a deer and doing a Fourier transform, and I sort of doubt it can be taught except by making someone’s unconscious neural machinery stare at an undulating plane of water for hours on end, bobbing contentedly and not thinking of much of anything at all.  And that sounds alright to me, too.

So yes, surfing. I think this could be a pretty good sport for an old guy.

* I miss Deadwood

It was kind of super fun.

This will interest nobody, but I need to complain (and perhaps spare others some fruitless googling): the iPhone version of Safari seems to be broken when using AJAX in offline caching in HTML5 applications.

“Why would you want to use AJAX in an offline app?” you ask, and it’s a good question. Well, I’m trying to make an HTML5 interface to the office door-opening thingy, because the native iPhone version, being a non-App Store offering, will be expiring soon in an irritating way (insert entirely different anti-Apple rant here).

Users will, of course, need network access to open the door. But I don’t see any particular reason to make users download the 300-some-K of assets necessary to make a proper jQTouch iPhone app work every time they need to get into the office (or change their settings) — particularly since I’m using a little onSuccess wav file (just for fun). So I set about using some offline caching to keep all that material decidedly on the iPhone, and not subject to the whims of Safari’s caching policy.

This works fine until it’s time to issue the request to open the door. The cache manifest file, which allows you to specify which items will be stored offline, allows for a whitelisted “NETWORK” section that will never be subject to the cache. Typically, you add your AJAX endpoint(s) to that section. Except in this case that AJAX request is made to a different domain than the one where the application lives (and when the application is being served from an offline cache who knows where it *thinks* it lives?), utilizing the now years-old-but-still-awfully-clever JSONP to escape the same-domain restrictions of a vanilla AJAX request.

This all works fine, according to other people. But not for me. My application’s endpoint uses SSL in order to protect users’ door-opening credentials, and that seems to make the difference. It just. doesn’t. work. If you change the cache manifest, prompting the app to be reloaded, everything will work fine. Once. When you reload the app, pulling from the offline cache, the AJAX request produces a momentary activity indicator in the status bar, but there’s no response. (No error, either! Thanks a bunch, Apple and/or jQuery.)

I’ve tried updating jQuery. I’ve tried whitelisting “*”. I’ve tried whitelisting the http version of the endpoint, and just the path portion of the endpoint, and the full domain name of the endpoint (SSL and not). No dice.

Here’s the relevant code, for anyone feeling particularly curious/masochistic. I’ve tried a lot of variations on it — at this point I’m pretty sure that this aspect of iPhone Safari circa OS 3.1.2* is just broken. Ah well. No caching isn’t the end of the world, but it is kind of annoying.

* Gotta keep that tethering

Oh right: back from Georgia, only sort of jetlagged, back up to speed shortly. It was great! But let me share one useful lesson learned on my trip: guys, when flying, wear a jacket.

I wore a jacket on my way out; on my way back, I opted for a frumpier but more practical fleece. The difference in how I was treated by the airline staff was astounding. No offered upgrades to business class on the trip back; in fact, they wouldn’t even let me hang up my garment bag — not because there wasn’t space, but because I was flying coach. This was not a problem on the way out.

On the other hand, I’m not going to back down from the idea that wearing dress shoes for 36 hours of travel is a terrible idea. “Hip but important internet guy”: I think that’s the sweet spot I want.