Thursday, 28 September 2017

War of the Programming Languages

What's the best language for the web?

Is it Java, the Android OS platform's poster boy?

Is it C#, currently Microsoft's darling?

Is it PHP, Python or Ruby? JavaScript, even?

Your guess is as good as mine. Proponents of any language have, and are still, engaging in vigorous debate (I'm trying to be kind here) as to why their language of choice trumps all other languages. On the web, there are ongoing bitter flame wars between fans of Java and C#. C# vs VB. Python vs PHP. And then there's the whole Object-Oriented Programming vs Functional Programming debate. Open-source vs Proprietory. List goes on forever.

This ought to put to rest the myth that techies are ruled by cold, hard logic. Now, if these were some rabid non-techie fanboys screaming about how superior iOS is to Android, that would be infinitely more forgivable. But these are tech people. Why are techies behaving like children, or worse - laypeople?

Watch any of these debaters. They'll bring out all the flaws of other languages, compare it to the amazing awesomeness of their chosen language, and fanboys of all stripes will have a field day - or a hissy fit. And when that happens, I don't see seasoned professionals. I see a bunch of woefully insecure nerds trying to obtain validation in their choices. Heaping disdain on those who choose to do things differently. Scorn. Hostility, even.

To what end? Does this shit make you guys feel clever, or something? Do techies making choices different from yours, somehow threaten you? Has choice of a programming language or platform suddenly become some kind of religion?

There are no blanket solutions

I've repeated this often, because this bears repeating: There are no blanket solutions. Not in many industries, and certainly not in the web industry. As a developer, the greatest disservice you can do to yourself is to willfully and deliberately close your eyes to the possibilities that other platforms and languages bring to the table, and the power they add to your arsenal. There is no programming or scripting language in the world without flaws. Sure, it's good to know the ins and outs of your tools, especially the environments in which they thrive most. But, using it as a justification to use one language to the exclusion of all else, is an exercise in futility. Especially on the web.

At the end of the day, languages are merely tools. Use the correct tool for the correct occasion. Because, as with the Law of the Instrument, when you only know how to use a hammer, pretty soon everything starts looking like a nail. Don't be that kind of developer.

Everything is a nail.

Everyone has invested time, sweat and tears honing their craft. No one wants to feel like they wasted all that effort on learning to use tools that aren't relevant. But no matter how much we'd love to believe in a tech meritocracy where the most objectively superior platform should be dominant, the fact is that things aren't as cut-and-dry as all that.

Some languages, like JavaScript and PHP, came to prominence back then because there weren't many other options, and they've filled their respective niches so well that uprooting them at this point would be more trouble than they're worth. You can't possibly tell people that your chosen language is absolutely superior and expect them not to snigger. There is no absolutely superior language. No such animal exists. Superiority is completely context-dependant.

Also, bear in mind that at the heart of every programming language, is a philosophy. Certain languages enforce certain practices. Certain languages make it a point not to enforce a damn thing. The kind of person you are determines the kind of languages you gravitate towards. There is nothing wrong with any of that. You like what you like. Your choice is perfectly valid, and let nobody tell you different.

It doesn't matter what you know...

Here's another line I'm fond of repeating: It doesn't matter what you know. What matters is what you can do with what you know. It is not your choice of language which you should be obsessing over.

Take PHP, for example. PHP is the go-to whipping boy of nerds who consider themselves "proper" programmers. PHP to scripting languages, is what Donald Trump is to the Presidency of the United States of America. Want to look enlightened? Want to appear clever? Pick on PHP! It's the perfect target. Point out all its flaws, and bemoan the fact that it's even still in use today. Sure, PHP is a badly designed language. Sure, PHP does object orientation poorly. Sure, PHP is a hodge-podge of features that feel tacked on. And yep, PHP enforces bad programming practices through its laxness.

So what?

You know what uses PHP? Flickr, for one. Yahoo! is another. Wikipedia. Goddamn Facebook!

Yes, I know C#, Java and Python have done pretty well too, but this isn't about what others have done using those tools. It's about what you have done using your chosen tools. Using the language of your choice, what have you created that's even half the significance of Flickr, Yahoo!, Wikipedia and Facebook?

Drawing a blank? You've done nothing to champion your chosen language other than talk about it endlessly on the Internet? Hey, this is just a suggestion, but maybe, just maybe, it would be far more productive to STFU, roll up those sleeves and get cracking!

Time to work.

Bjarne Stroustrup said this in his book The C++ Programming Language, and I think it's particularly apt even today.
"There are only two kinds of languages: the ones people complain about and the ones nobody uses."

Or, how about, say, COBOL? What, you've never heard of it and therefore it must not be important? Junior, COBOL has been around since the 1960s, and at the time of this writing, it's still kicking ass in the banking industry. It does more in a day than you've probably ever done in your hipster kiddy-script writing life, and this is not hyperbole.

All I'm saying is, show some respect. The languages you love to rag on, have earned it.

Enough is enough

Dear developers, you're part of an honored tradition that harkens back to the days of Ada Lovelace and the first algorithm. Passion is fine and all, but this empty one-upmanship is beneath you. Stop arguing. Go forth and create.

guys.chillout();
T___T

Thursday, 21 September 2017

Web Tutorial: The Anti-CSRF Token

Today's web tutorial is security-based, and it's one of the most elementary things you should know about when developing web applications.

I will be demonstrating a very simple Cross Site Request Forgery (CSRF) attack, and detailing how to foil it. Most frameworks already include this protection, but I would not recommend relying exclusively upon this protection without at least a rudimentary understanding of how it works.

A CSRF occurs when one party outside of your web application's domain makes a request to your web application, mimicking all the necessary data needed for the request to be processed. If that sounded like gibberish to you, maybe the diagram below will help.

CSRF attack diagram


And if that still doesn't help, no sweat. I'll be walking you through an example.

Take this PHP code. I'm not going to explain every line because that's not the purpose of this tutorial. Basically, this code makes a request to tx.php to return some data.
index.php
<!DOCTYPE html>
<html>
    <head>
        <title>CSRF Test</title>
    </head>
    <body>
        <form method="POST" action="tx.php">
            Show transactions with:
            <select name="ddlTxWith">
                <option value="0">Sundar Pichai</option>
                <option value="1">Mark Zuckerberg</option>
                <option value="2">Steve Jobs</option>
            </select>
            <input type="submit" value="Go">
        </form>
    </body>
</html>


This is what you should see when your server runs it. Here, I'm assuming that the intended user is already logged in. You have a drop-down list with three big names, and clicking the "Go" button will reveal all the transactions you've had with the selected person.


Now, this code defines a multi-dimensional array, simulating some data from a database. It takes the value of the drop-down list submitted, and uses it to grab the required data.
tx.php
<?php
$TxWith = -1;
$TxObj = array();

$Tx = array();
$Tx[0][0] = array("Date"=>"20 May 2010", "Amount"=> 200, "Comments" => "10-course dinner");
$Tx[0][1] = array("Date"=>"5 July 2016", "Amount"=> 10500, "Comments" => "Website fees for Google domain");
$Tx[0][2] = array("Date"=>"18 June 2011", "Amount"=> 50, "Comments" => "Monthy Gmail fee");

$Tx[1][0] = array("Date"=>"10 July 2011", "Amount"=> 660, "Comments" => "Facebook ad registration");
$Tx[1][1] = array("Date"=>"10 September 2011", "Amount"=> 2, "Comments" => "Starbucks coffee");

$Tx[2][0] = array("Date"=>"10 June 2010", "Amount"=> 2500, "Comments" => "Apple design");
$Tx[2][1] = array("Date"=>"12 June 2012", "Amount"=> 1200, "Comments" => "iOS Seminar Booth");
$Tx[2][2] = array("Date"=>"5 August 2015", "Amount"=> 2000, "Comments" => "iPad");

if (isset($_POST["ddlTxWith"]))
{
        $TxWith = intval($_POST["ddlTxWith"]);
        $TxObj = $Tx[$TxWith];
}

?>

<!DOCTYPE html>
<html>
    <head>
        <title>CSRF Test</title>
    </head>
    <body>
        <?php
        if (sizeof($TxObj)>0)
        {
            for ($i = 0; $i< sizeof($TxObj); $i++)
            {
                echo "Date: " . $TxObj[$i]["Date"] . "<br />";
                echo "Amount:  $" . $TxObj[$i]["Amount"] . "<br />";
                echo "Comments: " . $TxObj[$i]["Comments"] . "<br />";
                echo "<br />";
            }
        }
        ?>
    </body>
</html>


So, for example, if you select "Steve Jobs" and click "Go", this is what you get. Yes, I know in the real world, Steve Jobs is not going to pay me $2000 for an iPad (besides, the dude is dead), but I can dream, right?


Here comes the attack!

Now, on a separate folder, which we'll call csrf_attack, let's create index.html. That's right, you don't even need sever-side code to do a CSRF. Scary, huh?
index.html
<!DOCTYPE html>
<html>
    <head>
        <title>CSRF Attack</title>
    </head>
    <body>

    </body>
</html>


OK, there's a blank HTML template right there. How do we know what variables to send? Well, assuming you had an account for that web application in csrf_test, you could view the source and get this...



That's just one way out of a multitude of rather more sophisticated (and automated) methods. I'm just using the most obvious way.

So after that, we use the code! Note that in the action parameter of the form tag, we've set it to submit the request to the site we're attacking. In this case, it's localhost/csrf_test/tx.php.
index.html
<!DOCTYPE html>
<html>
    <head>
        <title>CSRF Attack</title>
    </head>
    <body>
        <form method="POST" action="http://localhost/csrf_test/tx.php">
            <select name="ddlTxWith">
                <option value="0">Sundar Pichai</option>
                <option value="1">Mark Zuckerberg</option>
                <option value="2">Steve Jobs</option>
            </select>
            <input type="submit" value="Go">
        </form>

    </body>
</html>


Open this up in another browser. I'm using Chrome for csrf_test, so let's go with Firefox for csrf_attack.


Now click Go, and you have all the transactions with Sundar Pichai! That's data that you, as an attacker, have no right to. Viewing unauthorized data is damaging enough; imagine if your request actually involved editing, adding or deleting data. Or, if this page actually allowed a user to perform transactions, an attacker could use this to send money from the victim to himself.


Foiling the attack

The recommended way is to use an anti-CSRF token, one that the attacker cannot replicate. You could use a randomly-generated token... or you could use one that has already been provided by you, via PHP's session token.

So do this. It begins a PHP session. Ordinarily, you would already have this code, if the page handled user logins.
index.php
<?php
session_start();
?>


<!DOCTYPE html>
<html>
    <head>
        <title>CSRF Test</title>
    </head>
    <body>
        <form method="POST" action="tx.php">
            Show transactions with:
            <select name="ddlTxWith">
                <option value="0">Sundar Pichai</option>
                <option value="1">Mark Zuckerberg</option>
                <option value="2">Steve Jobs</option>
            </select>
            <input type="submit" value="Go">
        </form>
    </body>
</html>


Add this to the HTML portion. It's a hidden field, with the session id embedded. For extra security, we'll hash it with MD5 encryption.
index.php
<?php
session_start();
?>

<!DOCTYPE html>
<html>
    <head>
        <title>CSRF Test</title>
    </head>
    <body>
        <form method="POST" action="tx.php">
            Show transactions with:
            <select name="ddlTxWith">
                <option value="0">Sundar Pichai</option>
                <option value="1">Mark Zuckerberg</option>
                <option value="2">Steve Jobs</option>
            </select>
            <input type="submit" value="Go">
            <input type="hidden" name="hidCSRF" value="<?php echo md5(session_id()); ?>">
        </form>
    </body>
</html>


View your source. See that hidden field with "f7c6332b0ec5529210f7959a0d304521"in there? That's the MD5 hash of your unique session id.


Now, in tx.php, we'll start a session as well.
tx.php
<?php
session_start();

$TxWith = -1;
$TxObj = array();

$Tx = array();
$Tx[0][0] = array("Date"=>"20 May 2010", "Amount"=> 200, "Comments" => "10-course dinner");
$Tx[0][1] = array("Date"=>"5 July 2016", "Amount"=> 10500, "Comments" => "Website fees for Google domain");
$Tx[0][2] = array("Date"=>"18 June 2011", "Amount"=> 50, "Comments" => "Monthy Gmail fee");

$Tx[1][0] = array("Date"=>"10 July 2011", "Amount"=> 660, "Comments" => "Facebook ad registration");
$Tx[1][1] = array("Date"=>"10 September 2011", "Amount"=> 2, "Comments" => "Starbucks coffee");

$Tx[2][0] = array("Date"=>"10 June 2010", "Amount"=> 2500, "Comments" => "Apple design");
$Tx[2][1] = array("Date"=>"12 June 2012", "Amount"=> 1200, "Comments" => "iOS Seminar Booth");
$Tx[2][2] = array("Date"=>"5 August 2015", "Amount"=> 2000, "Comments" => "iPad");

if (isset($_POST["ddlTxWith"]))
{
        $TxWith = intval($_POST["ddlTxWith"]);
        $TxObj = $Tx[$TxWith];
}

?>

<!DOCTYPE html>
<html>
    <head>
        <title>CSRF Test</title>
    </head>
    <body>
        <?php
        if (sizeof($TxObj)>0)
        {
            for ($i = 0; $i< sizeof($TxObj); $i++)
            {
                echo "Date: " . $TxObj[$i]["Date"] . "<br />";
                echo "Amount:  $" . $TxObj[$i]["Amount"] . "<br />";
                echo "Comments: " . $TxObj[$i]["Comments"] . "<br />";
                echo "<br />";
            }
        }
        ?>
    </body>
</html>


And then we'll add an If conditional block to check if the MD5 hash of your current session id matches the one you sent in the form!
tx.php
<?php
session_start();

$TxWith = -1;
$TxObj = array();

$Tx = array();
$Tx[0][0] = array("Date"=>"20 May 2010", "Amount"=> 200, "Comments" => "10-course dinner");
$Tx[0][1] = array("Date"=>"5 July 2016", "Amount"=> 10500, "Comments" => "Website fees for Google domain");
$Tx[0][2] = array("Date"=>"18 June 2011", "Amount"=> 50, "Comments" => "Monthy Gmail fee");

$Tx[1][0] = array("Date"=>"10 July 2011", "Amount"=> 660, "Comments" => "Facebook ad registration");
$Tx[1][1] = array("Date"=>"10 September 2011", "Amount"=> 2, "Comments" => "Starbucks coffee");

$Tx[2][0] = array("Date"=>"10 June 2010", "Amount"=> 2500, "Comments" => "Apple design");
$Tx[2][1] = array("Date"=>"12 June 2012", "Amount"=> 1200, "Comments" => "iOS Seminar Booth");
$Tx[2][2] = array("Date"=>"5 August 2015", "Amount"=> 2000, "Comments" => "iPad");

if (isset($_POST["ddlTxWith"]))
{
    if (md5(session_id()) == $_POST["hidCSRF"])
    {

        $TxWith = intval($_POST["ddlTxWith"]);
        $TxObj = $Tx[$TxWith];
    }
    else
    {
        echo "You are not authorized to view this data.";
    }

}

?>

<!DOCTYPE html>
<html>
    <head>
        <title>CSRF Test</title>
    </head>
    <body>
        <?php
        if (sizeof($TxObj)>0)
        {
            for ($i = 0; $i< sizeof($TxObj); $i++)
            {
                echo "Date: " . $TxObj[$i]["Date"] . "<br />";
                echo "Amount:  $" . $TxObj[$i]["Amount"] . "<br />";
                echo "Comments: " . $TxObj[$i]["Comments"] . "<br />";
                echo "<br />";
            }
        }
        ?>
    </body>
</html>


Try your code again. See if you can still get all of the transactions with, say, Mark Zuckerberg? There should be no change to the results. It should all be transparent to the user.


Now let's attack again!

Let's grab the code and add it to your index.html. Yes, even the hidden field.
index.html
<!DOCTYPE html>
<html>
    <head>
        <title>CSRF Attack</title>
    </head>
    <body>
        <form method="POST" action="http://localhost/csrf_test/tx.php">
            <select name="ddlTxWith">
                <option value="0">Sundar Pichai</option>
                <option value="1">Mark Zuckerberg</option>
                <option value="2">Steve Jobs</option>
            </select>
            <input type="hidden" name="hidCSRF" value="f7c6332b0ec5529210f7959a0d304521">
            <input type="submit" value="Go">
        </form>

    </body>
</html>


Run it. Then try to get all transactions with Steve Jobs. Bingo! The attacker gets nothing, because tx.php's unique session id for the attacker did not match the one sent in the form!


What if the attacker could get hold of the actual session id that a user is currently using?

Good thinking!

But let's consider this - a useful session id needs to not yet have expired, which means the user in question must still be in an active session. The window to act is pretty small. If the attacker could get that, there would be no need to resort to a CSRF. He'd probably have a far more direct means of attack at his disposal.

So this method is fool-proof?

Nothing's ever 100% fool-proof. But, for that threat level, this is probably adequate.

That's all for today. Good Job(s)!
T___T

Sunday, 17 September 2017

The Problem With Streaming

In Singapore's educational system, "streaming" is the process by which students are sorted into different classes based on their academic results, with the more academically-inclined students put into more fast-paced classes (the "express" stream) while the others (the "normal" stream") take an extra year. This conceivably makes the teaching process more efficient, with the brighter students not being held back by the slower ones. The merits of this could be debated all day, and suffice to say, there are pros and cons to this approach.

This is probably just my opinion, but I've always felt that Singapore's educational system puts just a little too much emphasis on streaming. 

My recent stint at Singapore Polytechnic, studying for my third Diploma, gave me some pause around the second semester. The entire batch of students was divided into two classes, and we went through the first semester without much fuss. At the beginning of the second semester, we were sorted into different classes. Halfway through the second semester, the Course Administrator, for no apparent reason, took the trouble to pause the class I was in and inform us that this class was made up of those who had scored better during last semester's exams. She made it clear that this was meant as a compliment, that it was a good thing.

On my part, I had my reservations...

Apples and oranges.

Comparing apples and oranges

The other class, comprising of those who hadn't scored so well, was made up of network administrators, marketing managers and the like. Was I supposed to feel superior because I could apparently code better than people who hadn't written a single line of production code in years? With compliments like these, who needs insults?

Imagine for a moment that this is a swimming class and my class consists of penguins while the other class consists of rabbits. Of course the penguins will outswim the rabbits, the same way the rabbits are always going to outrun the penguins. How would a comparison like this be meaningful at all?


Academic results.

Academic results as a metric

So better academic results, according to the reasoning, meant that students who had scored better were faster learners and belonged in the same class, while those who had merely passed, needed to be in another class.

I understand that in the absence of all other data, academic results are the only thing that can be used to measure a student's capability. But consider this. Some people are undeniably better at writing code. Some are simply smarter. That's not elitist, just fact. Some, like me, have nothing better to do in their free time than write more code. And some are better at taking exams. Honestly, academic results tell you very little about a student's affinity for learning.


Same schedules.

Same timetable, same schedule

All said and done, this streaming exercise was pretty meaningless. Separating the "smarter" students from the others accomplished nothing because our classes started and ended at the same damn time. We all took our exams on the same damn day. "Slower" students weren't given an extra month to catch up, or something.

What's the point of separating faster students from slower students if we all have to stick to the same timetable anyway? It's like dividing a whole bunch of boxers by weight class, then telling them they still have to fight each other.

The dubious conclusion

I think this habit of streaming needs to be kept in check. It's getting ridiculous. Streaming has its merits, but it's all down to context. And in this case, the context was clearly missing.

Class dismissed,
T___T

Tuesday, 12 September 2017

Film Review: The Millennium Series (Part 3/3)

The Girl Who Kicked The Hornet's Nest is the final film in the trilogy, and making it is a thankless task. It's saddled with all the exposition made necessary by the novel and the events of the previous films (and their corresponding novels). Add the new plot twists in it, and it's a crammed affair.


The filmmakers try doggedly to tell a decent story, though this endeavor is doomed to failure from the start. It was bad enough in the novel, and it gets worse here.

The Premise

Lisbeth wakes up in the same hospital as her father. There's a smear campaign going on against her, and it's all due to The Section, who are backing her father and was behind all the misfortune that happened to her as a kid. They kill off her father to keep their secrets, but it's a losing battle as Mikael Blomkvist is determined to blow the lid off this great conspiracy. It all culminates in a big courtroom battle where the truth is brought to light and The Girl With The Dragon Tattoo is finally vindicated.


The Characters

Here, I've left out quite a few characters that appeared both in the novel and here, such as Birger Wadensjoo and Jonas Sandberg. Their contribution to the plot was too minor and to be honest, I didn't even notice them. The same could be said for Christer Malm and Elin Malikssen, but at least they're familiar faces, having been in the last two installments.

Noomi Rapace as Lisbeth Salander. What's left to say, honestly? If the last two installments haven't convinced you that Lisbeth Salander is a legitimate badass of a hacker, nothing in this film will do it. But this final film does show off more of her tender side, and Rapace carries that off quite handily.

Michael Nyqvist as Mikael Blomkvist. Nyqvist has a slightly reduced role here as much of his screen time is down to talking - investigation, negotiation and planning. He gets one action sequence where he has to fend off would-be assassins, and that's about it.

Lena Endre as Erika Berger. I was beginning to warm to her in the last movie, but in this one, she becomes, once again, some useless side character no one cares about. And I actually resent the amount of screen time she takes up! It's more the script's fault than the actress's, though.

Micke Spreitz as Ronald Neidermann. The scary big man does well here, killing and maiming his way across Sweden in order to escape the police. His final battle scene with Lisbeth is exquisite in its catharsis.

Anders Ahlbom as Peter Teleborian. Ahlbom delivers a solid showing as the creepy psychiatrist . He gets his comeuppance in court, and the payoff is every bit as satisfying onscreen as reading it in the novel.

Hans Alfredson as Evert Gullberg. Awesome, totally awesome. xxx plays him with a certain wistfulness wrapped in steel as he does what he deems necessary, sacrificing himself to protect the Section's secrets. I could be biased here. I mean, he is the dude who offed Zalachenko.

Lennart Hjulström as Fredrik Clinton. He's the puppet-master pulling the strings. Didn't do much for me, and the performance wasn't really memorable.

Aksel Morisse as Anders Jonasson. Had a good bedside manner like he did in the novel, but looked just a little too pretty. Other than that, well done. A likeable performance.

Georgi Staykov as Alexander Zalachenko. Still as smug and sinister. The actor made Zala getting shot in the head, one of the most satisfying scenes in the entire movie.

Johan Kylén as Jan Bublanski. Kylén labors through his performance dutifully, but his screen-time is limited to lots and lots of boring conversations.

Tanja Lorentzon as Sonia Modig. Sonia, too, is in this movie for no discernible reason other than to take over plot duties from characters that have been written out.

Magnus Krepper as Hans Faste. Nope, no use for him here. Not even as someone to dislike.

Niklas Hjulström as Richard Ekström. As the prosecutor in court, we see him go from unbearably smug and confident, to panic, to utright facepalm near the end. xxx makes him worth watching.

Annika Hallin as Annika Gianninni. The shot of her watching Lisbeth's rape on film was... decent, I guess. Only Michael Nyqvist did it much better. Other than that, she put up a really credible performance as the underestimated lawyer in the courtroom battle. Not as good as in the novel, but I'm keeping my expectations low.

Ralph Carlsson as Gunnar Bjorke. Got killed off, as in the novel. Not that I hated watching him, but it's a relief to move him off my mental stack.

Per Oscarsson as Holger Pamgren. His presence was more limited here than in the novel, but he served as a good anchor for Liseth Salander, reminding the audience that there are people that this woman has a soft spot for.

Tomas Köhler as Plague. Limited appearances aside, his presence in the film was all kinds of awesome. He shows up here and there, stealing evidence through his magic-like hackery and sneaking it to the right people.

Pelle Bolander as Sonny Nieminen. After getting his ass kicked in the last movie, he serves more as a plot device to finish off Ronald Neidermann.

Mirja Turestedt as Monica Figuerola. Firstly, she looks too much like Dolly Parton without the humongous boobs. Secondly, she doesn't look all that fit. That was her one defining point, that she's the one woman in the entire trilogy that can kick as much ass as Lisbeth. I sense a missed opportunity here.

Niklas Falk as Tomas Edklinth. Very little to do except drive the plot along and provide exposition. Maybe give viewers the sense that Mikael has friends in high places.

Michalis Koutsogiannakis as Dragan Armansky. The hawk-faced actor gets involved more heavily in the plot this time out, though mostly as a resource provider.

Sofia Ledarp as Malin Eriksson. Yawn. Seriously, why was she even included? Who did she offend?

Jacob Ericksson as Christer Malm. He gets a little more action here than poor Sofia Ledarp, who, after two movies, is still the walking talking equivalent of a potted plant.

The Mood

If you thought the previous film was draggy, this one gets worse as more characters and groups, with their own interests, are added into the mix. To be fair, the filmmakers truncated a large part of the extraneous details out, but even so, the film feels pretty bulky. A lot of this movie is indoor, with people talking in indoor voices. Moreso than the other two movies.

What I liked

Looks like they cut out the entire sequence of Mikael tying Neidermann up and leaving him for the cops. In the film, Neidermann plays possum by lying on the road and kills two cops who investigate. I actually found the version of events in the novel rather unnecessary, so this is a nice change.

Zalachenko's unbearably smug expression, right up to the point Gullberg pulls that gun on him. Excellent.

The scarily creepy grin on Lisbeth's face when she learns of her father's death. OMG, Noomi Rapace is superb.



This shot of Sonny Nieminen comforting the wife (or girlfriend?) of the treasurer whom Neidermann murdered. It's a very human touch and wasn't in the book. In the book, she's supposed to be dead.



Peter Teleborian trying to persuade Anders Jonasson to give up the file. Both actors pull this scene off magnificently - Anders Ahlbom acting smarmy and gravely condescending, and Morisse not giving an inch.

Mikael passes Anders Jonasson the blackberry, who in turn sneaks it directly to Lisbeth. In the novel, the process was a lot longer and more convoluted, and involved Mikael hiring somebody to place a wiFi transmitter in the next room. I like this change.

They made Peter Teleborian look really creepy. There's this scene where he interviews Lisbeth, and while Noomi Rapace is excellent as always the camerawork on Anders Ahlbom's face is truly unsettling.

This. This utterly awe-inducing shot of Lisbeth Salander in full goth getup appearing for her court date. Cue the music, because it is absolutely fucking awesome.


OMG, Plague is in the courthouse too?! I don't know if this happened in the novel too, but in any case, this speaks volumes about the depth of his friendship with Lisbeth. Plague is an antisocial introvert. It's been established that nothing short of a natural disaster will get him to leave home for more than a couple hours.



Nice cover. Book seems a little thin, though.



This sequence of Plague hacking Peter Teleborian's computer and recording his activity of accessing child porn. Full hacker glory!



The horrified look on the face of the judges' panel as they watch the video of Lisbeth getting raped. And the look on Ekström's face as he realizes that his case just got dealt a severe blow.

Instead of a new character (and actor) being introduced to take Peter Teleborian away, they just recycled Modig and Bublanski. Nicely done.

This very sweet montage of Lisbeth with Holger. We see her smile genuinely. Unlike most of the other times, it's not a smirk or a creepy grin.



The climatic showdown between Lisbeth and her half-brother in the abandoned building. All of it. It was truncated and not all the exciting bits in the novel were in there, but it served its purpose. You could even say they... nailed it. (hur hur)



What I didn't

Whoa! I thought Zalachenko had one foot amputated after Lisbeth set him on fire?


There's a lot of talking. I mean, like, a whole shitload of talking. Entire film seems to be panning from one conversation or meeting to the other.





It's my opinion that the producers tried to hard to cram all elements from the novel into the movie despite leaving out the plot points. Take Erika Berger's sideplot, for example. The entire thing was cut out, which is good. But bits and pieces of her getting harassed remain, though in the movie it's due to the machinations of The Section. What the hell for? As a shout-out to the novel?

Dammit, they cut out Curt Andersson and his heroic rescue of Mikael. Mikael still got rescued, but the film version feels a whole lot tamer.

Shit! They cut out the scene of Figuerola physically dominating Jonas Sandberg. I wanted to see that! And it would have been a simple thing to add in.

They replaced the judge with a female. This feels like change for the sake of change. One of the great things about this courtroom scene was that the judge was a male, and even from a man's perspective, he ruled in favor of Lisbeth.

Holger Palmgren doesn't appear in court. Double damn!

In the film's final scene, Mikael comes to visit Lisbeth in her apartment. But unlike the novel, she doesn't let him in. He leaves, and we cut to yet another shot of her smoking over the view of her apartment. Come on!

Conclusion

The finale feels like the train during rush hour - crammed with a lot of stuff with the viewer struggling to make sense of it all. Good luck if you're watching this one without having watched the other two. Though why anyone would do that, is beyond me. This is definitely a trilogy movie.

One saving grace, though. At least the tech thriller bits, though not as plentiful as I'd have liked, have been kept in. The entire story was supposed to revolve around this techno chick and her scary hacker abilities, but only the first movie did that in full. The plot kind of veered into political/crime/courtroom drama in this one.

My Rating

6 / 10


R.I.P Michael Nyqvist. You weren't The Girl With The Dragon Tattoo, but you were The Man Who Made It Worth Watching!
T___T

Sunday, 10 September 2017

Film Review: The Millennium Series (Part 2/3)

The second film in the trilogy, The Girl Who Played With Fire, bears the burden of exposition and foreshadowing of the third film. The running time is a little long, and it certainly doesn't stand on its own like the first film, not that I expected it to. There's plenty of action, but it's all drowned in what feels like endless dialogue.


The Premise

The Millennium have hired Dag Svenssen - unfortunately he and his wife are murdered while investigating a human trafficking ring. Lisbeth Salander is framed for their murders, and Mikael Blomkvist vows to clear her name.

The Characters

Some characters, such as George Bland, were included as a matter of completeness, and I really don't have anything to say about them.

Noomi Rapace as Lisbeth Salander. This film sees her kick a lot of physical ass - from torture scenes to hand-to-hand combat. Rapace carries it off like a pro, and you get the very real message that this woman is not to be fucked with. Interspersed with all that toughness are moments of tenderness. Rapace delivers those in superb fashion.

Michael Nyqvist as Mikael Blomkvist. Nyqvist outdoes himelf here with plenty of dialogue with the others, conveying his shrewdness, patience, and utter inability to just give up. I especially liked the scenes of him with Dag, and their easy camaraderie translates well on screen. So much so that when Mikael eventually finds Dag and Mia dead, his shock and grief are just about palpable.

Lena Endre as Erika Berger. As with the last film, pretty much window dressing with dialogue. Seeing her naked in the film hasn't changed my opinion. Though I like what she's done with the hair this time round. It seems less messy somehow.

Micke Spreitz as Ronald Neidermann. Stoic and lumbering in the role. Physically imposing. Adequate job. Though perhaps just a tad too stoic.

Georgi Staykov as Alexander Zalachenko. The sinister villain of the entire movie. I like what the makeup department did with him. It wasn't overdone, and they made him just deformed enough, but without venturing into Batman supervillain territory. The chilly way the actor talks, as if detached from the evil he's about to perpetrate, really comes through.

Peter Andersson as Nils Bjurman. Now instead of the suave and creepy dude, we see the scared-shitless side of him. The actor did a fine job.

Hans Christian Thulin as Dag Svenssen. Conveys the whole boyish, idealistic and enthusiastic vibe very well. You can see that he's really meant to represent a younger, more energetic version of Mikael.

Jennie Silfverhjelm as Mia Bergman. I get that she's supposed to be a very smart woman, but in the film, she kind of takes a back seat to Dag, even more than in the novel. The actress did whatever she could with such a limited role, I guess.

Yasmin Garbi as Miriam Wu. Yasmin Garbi is amazing. She portrays the naughty, saucy side of Lisbeth's on-and-off lover, her bossiness towards Lisbeth in bed, her sarcarsm towards the police, and her refusal to take any shit even from a giant like Ronald Neidermann; all to a tee. Excellent work.

Paolo Roberto as... Paolo Roberto. This is so utterly badass - the boxer plays himself. And barring that scene where he gets his ass totally kicked by Neidermann, I really enjoyed watchng him.

Johan Kylén as Jan Bublanski. Exacty like how I pictured him, especially with the Rabbi hat on. Seeing him on-screen with Michael Nyqvist was like magic. Pity the script was cut short as to their interactions, because they played off each other so well.

Donald Högberg as Jerker Holmberg. Non-descript in the role, which was much more than the role of Curt Andersson had - guy was completely cut out.

Tanja Lorentzon as Sonia Modig. For some reason, I just couldn't see her in this role. Entire scenes with her just felt weak. But physically, she looked the part. Tough when needed, but not ripped. Frail when supposed to be displaying vulnerability, etc.

Magnus Krepper as Hans Faste. They could have done a lot more with another actor. The character of Hans Faste is supposed to elicit severe dislike. The actor didn't do it for me.

Niklas Hjulström as Richard Ekström. They chose a suitably rat-faced specimen for this role, no disrespect to the actor, who did a fine job portraying Ekstrom's ego and control freak tendencies.

Pelle Bolander as Sonny Nieminen. The part where he gets tasered right in the crotch is just too precious. Kudos to the actor for portraying getting his ass kicked so well!

Thomas Lindblad as Magge Lundin. Another honorable mention. Didn't have much to do other than look like a brute and get his ass handed to him. But that was the best scene!

Anders Ahlbom as Peter Teleborian. Creepy dude. Outstanding job by xxxx. Look forward t seeing him in the final installment, where according to the novel, he'll feature even more prominently.

Annika Hallin as Annika Gianninni. There's more of her in this film, and we see her interact more with Mikael. Not as much as I would have liked, but if the film follows the novels somewhat faithfully, we'll see a lot more of her in the sequel.

Ralph Carlsson as Gunnar Bjorke. This guy was pretty memorable in the role. The understated look of worry and panic, from relaxed to shifty-eyed... near perfect.

Ola Wahlström as Per-Ǻke Sandström. Actor did a passable job there. He was supposed to elicit both disgust and pity, but the performance just felt a little... flat.

Per Oscarsson as Holger Palmgren. Not really what I pictured, but the actor's performance grew on me. He was somehow believable as the compassionate curmudgeon suffering from a stroke.

Tomas Köhler as Plague, though mostly from a web chat screen. Still, excellent work by Köhler. I could be biased here. I love Plague.

Olga Henrikson as Irina Hammujärvi . She appears right at the beginning in a gratuitous topless scene, being raped by Sandström. I'm not sure what purpose the actress served - she barely had any lines and her character's name was mentioned in passing for all of a few seconds.

Richard Barry as Jerry McMillan. We don't see much of the actor and his role is even more limited here than in the novel, but what a delightfully British accent.

Michalis Koutsogiannakis as Dragan Armansky. He gets a nice scene with Lisbeth, giving her a stern lecture, and that's about it.

Sofia Ledarp as Malin Eriksson, Jacob Ericksson as Christer Malm. As with the last movie, neither of them have much to do. They're basically just part of the scenery.

The Mood

The movie opens with the grim scene of a naked man raping a girl who's tied to a bedpost. The man's name is Per-Ǻke Sandström, as we later find out, and he's part of a human trafficking ring. From there, the atmosphere turns investigative as The Millennium takes in Dag Svenssen for a new project involving a slavery ring. Things heat up when Dag and Mia, and Bjurman are murdered, but things still move slowly as Jan Bublanski and hs team investigate. Lisbeth moves a whole lot faster once she finds out abut the murders (and her supposed role in them) and from then on there's more ass-kicking, interspersed with a lot of talking.

What I liked

A minor point, but I really dig the Green Lantern t-shirt the waiter in the background is wearing.



The scene where Mikael gives Dag a pro tip called the "lottery tricket" is pretty funny. It amused me in the novel and I'm glad they preserved it in film.


They cut out much of the irrelevant scenes involving Lisbeth studying her math equations, and just showed a couple minutes of her with George Bland. Works for me.

Seeing Nils Bjurman grovel when Lisbeth intimidates him, never gets old. Alas, by canon, he's slated to die in this film.

The sex scene between Miriam Wu and Lisbeth Salander doesn't run on too long. The nice thing about it is that our badass ultra-violent hacker looks like a doe-eyed small girl when Miriam makes a move on her. Also, the bikini tan lines on Noomi Rapace's body add some authencity to the fact that Lisbeth Salander had spent months living by the sea.

The scene between Palmer Holdgren and Lisbeth Salander when she visits him at the nursing home was just as good as I thought it would be. We see Lisbeth smile, and she didn't do that at all in the whole of the first movie. It's one of those moments that Noomi Rapace pulls off brilliantly.

I didn't expect to enjoy the scene where Miriam Wu gets interrogated by Hans Faste and Sonia Modig, quite so much. Though the slap Sonia gives Hans at the end felt a little abrupt, and weak.

Mikael reaping the results of the "Lottery Tricket". Handled it like a pro, and watching Gunnar Bjork's expression turn from anticipation to dread, was awesome.

The entire Sandström torture scene. I like the setting they chose for his home. The guitars just seemed oddly appropriate.


Lisbeth in scary Crowface. Enough said.


The initial fight between Ronald Neidermann and Miriam Wu when he kidnaps her. In the book, the resistance is over in a single round. Here in the film, he still beats her easily, but it's the instant reaction we see from Miriam Wu that impresses me. She doesn't hesitate a second and goes on the offensive an instant after dodging the initial blow. In an average woman without training, this would have been over much faster. But Miriam's reflex action strikes me as commendable attention to detail on the part of the filmmaker - she's, after all, a kickboxing practitioner.

Lisbeth kicking the arses of Sonny and Magge was just as sweet a scene as the novel suggested. Every important detail was faithfully reproduced - including Sonny getting tasered right in the crotch!


The seriously disturbed look on Mikael's face as he watches the recording of Bjurman raping Lisbeth. Michael Nyqvist nails it here.

What I didn't

The beginning scene seemed just a few seconds too long. I could have gone without seeing Per-Ǻke Sandström's white saggy ass bounce as he raped Irina on the bed.

When we get to Dag and Mia's bodies being found, it feels a little abrupt. Perhaps this is intentional, for maximum shock value. Or, more likely, they cut a big chunk of the novel out of the film and couldn't make the result seamless enough.

The entirety of the Bublanski investigation dragged on quite a bit for me, though I suppose it was necessary to the plot.

Dammit, no Curt Andersson?!

The fight between Paolo Roberto and Ronald Neidermann turned out to be a disappointment. Paolo was supposed to win this one, albeit with some help from Miriam Wu. Instead, Neidrmann kicks both their asses and leaves them for dead in a burning barn. What the hell warranted that deviation from the novel? I don't mind changes if the changes make sense, but this struck me as change for the sheer hell of it.

When Lisbeth raids Bjurman's cabin for clues, she wears gloves. Later on, she removes them and even smokes a cigarette. I don't get it - that just seems really sloppy to me. I thought the entire point was not to leave clues like fingerprints and cigarette ash behind?



Here, we see that she's got her gloves back on and even stubs her cigarette out on the ladder before putting it in her pocket. What the hell, Lisbeth? Why suddenly so careful? How about a little consistency here?!


Gratuitous shots of Lisbeth pensively smoking at the gorgeous view from her equally gorgeous home. It was cool the first couple times, but after a while, it got repetitive.


Lisbeth deactivates her security remotely for Mikael instead of Mikael figuring it out himself. Damn.

Zalachenko is supposed to have two fingers missing from his left hand. In the movie, both his hands seem fine.

In the novel, Ronald Neidermann runs from Lisbeth, consumed by superstitious fear as the half-sister he buried the night before appears bloodied and deranged before him, with a gun. In the film, he just runs around while she shoots at him, and only flees when Mikael drives up. This deprives the character of valuable nuance - while he's nigh indestructible, he feels irrational fear.

Conclusion

I loved the novel, but the film adaptation feels a bit weak, and left me underwhelmed. Sure, they left most of the good parts in, but some of the changes made feel unnecessary. The fact that this is part two of a trilogy may have something to do with it as well.

My Rating

6.5 / 10

Next

Taking a look at the final film in the trilogy!

Friday, 8 September 2017

Film Review: The Millennium Series (Part 1/3)

After reviewing The Millennium Series, I thought I'd continue the effort with a film review on the movies of the books. There are several differences from the novels, of course, as with most other film adaptations, but by and large, the portrayals of the characters are faithful to the original. The stories have been truncated in certain spots. Sometimes that's a good thing; sometimes, not so good.

Also, Michael Nyqvist passed away three months ago from cancer, at the ripe old age of 56. This seems like a fitting tribute to some of his finest work.

Warning - Graphic content and spoilers! Possibly NSFW.

There's occasional nudity in the movies, nothing too explicit, mind you... but there's also brutally unflinching depictions of rape and sexual coercion. And violence. Lots of it, particularly in the second movie. Not for the weak of stomach.

Also, I don't own any of the screenshots. These are just here for educational purposes.


The Girl With The Dragon Tattoo was released in 2009 as part of a trilogy. Pieces of the sequel are shown in this movie in flashback sequences, something I consider a really nice touch. The most graphic depictions of rape are in this movie, though the sequels certainly hold their own in this regard.

The Premise

As in the novel, Mikael Blomkvist is in trouble for defaming a businessman named Wennerström. Henrik Vanger hires Blomkvist to solve the mystery of his missing grand-niece Harriet. Lisbeth Salander, who was the private investigator and god-awesome computer hacker hired by Vanger to check out Mikael, joins forces with Mikael to solve this mystery.

The Characters

Noomi Rapace as Lisbeth Salander. We see her as sharp and kind of impatient at the beginning while delivering the report to Dragan and Dirch, but not overtly hostile. Definitely cold. And then there's another side to her as she fights like a cornered wolverine, and the cold competence in which she pulls off her revenge on Nils Bjurman. Rapace nails this character - especially in the dangerous, prickly don't-fuck-with-me aspects. You get the sense that this is a woman who has no qualms against hurting, or even killing, someone if she thinks that person deserves to be killed. That, in a nutshell, is Lisbeth Salander.

Michael Nyqvist as Mikael Blomkvist. Nyqvists's understated portrayal of Mikael Blomkvist stood out for me here. He didn't ham it up at every opportunity - no, he mostly stayed deadpan with a few facial tics to portray befuddlement, dismay, happiness and contrition, along with a whole host of other emotions. This is a guy who acts with his eyes, and it's amazing.

Lena Endre as Erika Berger. Could be just me, but I don't think Endre shone in this role. She had this perpetually worried and frazzled look, which simply didn't gel with the image I had mentally of Erika Berger as a cool professional.

Peter Andersson as Nils Bjurman. Bjurman is supposed to be both sleazy and creepy while appearing respectable. Andersson does a competent job of this, but the real icing on the cake are the scenes where Lisbeth exacts her revenge and he realizes he picked the wrong girl to fuck with.

Sven-Bertil Taube as Henrik Vanger. Taube delivers a believable portrayal of a man haunted by a decades-old mystery, and a tough old coot who refuses t die till he's done everything he could to solve it. Near the end, when Henrik is finally reunited with Harriet, it's a tearjerking performance from the man.

Ingvar Hirdwall as Dirch Frode. Fair. This isn't a very demanding role and all Hirdwall has to do is appear loyal, dedicated and competent.

Peter Haber as Martin Vanger. Haber's Martin Vanger comes off as mild-mannered and jovial, up to the point he reveals himself as a psycho killer. To be honest, this really didn't do it for me. Something was off. Somehow he didn't seem very scary.

Ewa Fröling as Harriet Vanger. Julia Sporre plays the young version in flashbacks. We don't see much of Fröling until the end, but her scene with Henrik is fantastic.

Marika Lagercrantz as Cecelia Vanger. The film attempts to show her in a suspicious light, but there's never enough attention on her at any time and it all kind of falls flat. Fun fact: she's the sister of David Lagercrantz, author of The Girl In The Spider's Web!

Annika Hallin as Annika Gianninni. We don't see much of her this film. It could be a result of me having read the books, but she comes off as compassionate and intelligent at the same time.

Tomas Köhler as Plague. We don't see much of him either. He's a one-scene wonder here. But if you've read the book, what we do see of him is awesome. It's like watching the legendary Kraken in its lair!

Michalis Koutsogiannakis as Dragan Armansky. We don't see much of him in this movie, though he plays a significant role in the novel. The actor looks like a hawk-eyed, intelligent individual, which I suppose helps in portraying the character.

Sofia Ledarp as Malin Eriksson. A very minor role here. She basically occupies space around The Millennium's office.

Jacob Ericksson as Christer Malm. Same as Malin Eriksson, though the deadpan, utterly straight-laced portrayal of the character is noteworthy.

The Mood

Milton Security. Clean and classy.



The Millennium office. Messy, but cosy.



Plague's home. A dark, dank mess. We get only glimpses of Plague here, and it eerily resembles viewing a monster in his lair. A hairy, bespectacled monster.



Martin Vanger's basement. Surprisingly clean and bright.



What I liked

At the opening credits, those shots of Lisbeth, in her hoodie and jeans, making her way to the office in various shots with different backgrounds, from the back. With the soundtrack playing, it's just very cool. (No, it's not because Rapace has a nice ass, perv)





The shots of Lisbeth doing her thing on the computer, with multiple windows and documents, is realistic enough. Nothing extremely fancy, but shots that suggest a certain competence without overkill, not like the overly CGI-ed shit they pull these days.



The movie has Mikael busy teaching his niece how to make meatballs, and when Dirch Frode calls, she picks up the call and holds the phone to her uncle's ear. It's not in the book, but it was pretty cute.


Milton Security's logo. It's just somehow very clean and fitting.


The scenes between Nils Bjurman and Lisbeth Salander - specifically his sexual harrassment, the rape, and her eventual revenge. It was hard to watch, but I have to admit it was very well done. Got the point across without belaboring or sensationalizing it. By that time, Lisbeth had been established as a badass, and having to watch this happened to her, resonated with me, the viewer.


The rape - everything, from the sudden escalation of violence, to Lisbeth limping home afterwards, to the calming cigarette, had me riveted.

The revenge - how Bjurman gets his comeuppance at the hands of Lisbeth is nothing short of awesome in the novel, but seeing it come to life on film is another thing altogether. Both actors do an amazing job. Lisbeth's clinical coldness, Bjurman's befuddlement followed by fear and agony - all of it positively emenates from the actors. And again, the film gets the most mileage out of the scene without lingering overlong.

Another of my favorite moments from the novel is nicely reproduced on screen. Mikael barges into Lisbeth's apartment after she's just had a one-night stand with Miriam Wu, and her expression is delicious to watch as he calmly produces breakfast and coffee.

In the book, Mikael's daughter gives him the inspiration to check the bible for clues. Here, it's Lisbeth herself who does it. Cuts another character out, making the entire production even leaner.

Near the end, when Lisbeth is watching Martin Vanger go up in flames, there's a nice flashback sequence that will play into the sequel of this movie.

The scene where Henrik is reunited with Harriet is actually pretty cool too. The actors playing Henrik and Harriet had only supporting parts, but boy did they wring every emotional note out of that few minutes of screen time.

In the novel, there was a long involved sequence where Lisbeth utilizes her hacker skills to bring Wennerström down. It was nice but a little anti-climatic. So I was pleasantly surprised when the film breezed through this one.

What I didn't

In the book, it's Mikael who broaches the idea of temporarily leaving The Millennium. In the movie, they try to make Janne look even more like a bad guy by having him bring it up. Seriously?

The fast-forward nature of Mikael's investigation. I get that it's really long and boring in the book, but they basically cut out almost everything.

Mikael's inspiration to check the bible for clues does not come from his daughter in the film. Damn. It would have been a nice touch.

Lisbeth seducing Mikael. I don't have a problem with the two of them having sex - I just think it happened way too fast in the film, and with no real buildup and no apparent reason. Even actors of the caliber of Nyqvist and Rapace couldn't make that realistic.

Martin Vanger sneak attacks Mikael from behind, which leads leads to the basement torture scene. I prefered the novel's version, where Mikael ends up in Martin's house and gets forced into the basment at gunpoint. It was somehow more sinister.

They left out the part where Lisbeth caught Mikael and Erika together at the end, which I felt was pretty important in defining their relationship.

Conclusion

It's a thrilling ride from start to end. The novel itself was pretty exciting but had a lot of boring and pedantic bits. They cut those out in the movie, sometimes over-zealously, and the result is a lean, mean whodunnit.

My Rating

8 / 10

Next

Coming up, the sequel to this movie, the movie of what was possibly my favorite novel in The Millennium Series. How will the film version measure up?