American websites improved due to European privacy laws

An interesting side-effect to the introduction of the GDPR, the latest EU privacy law, was that (for Europeans at least) several American websites improved.

Instead of a dazzling and confusing cornucopia of banners and clickables, the sites of USA Today and NPR refocused on their stated goal, i.e. journalism.

See here for two examples:


Would you not much rather read the European versions of these sites than the American ones?

The one site that seems confused is Google:

This seems like a link to an article in the LA Times about that same publication suing the city of Los Angeles, but if I click that link, I get a message saying “our website is currently unavailable in most European countries.”

The LA Times has chosen that rather than making a version of its website that does not heavily infringe upon the privacy of its visitors, it will simply show nothing to Europeans.

This is the same Google that for some bizarre reason wants to fine-tune every aspect of my ‘search experience’, to the point that my search results are never the same as anybody else’s results for the same search phrase. Yet they are unable to filter out websites that refuse to show me relevant content.

Privacy audits and GDPR observations

The introduction of the European privacy act known as GDPR seems to have caused a flurry of work in the web development business, but oddly and unfortunately enough I seem to have been immune to this development.

So I decided that I would go through the process of improving one of my own websites, just for practice, and see what I could learn from that. Here is what I found.

So the GDPR is a law from 2016 that builds on earlier attempts by the European Union to anchor privacy as a basic human right for all its citizens. It is an extension, in a way, of the EU’s attempts to turn itself into a vast, wasteful, undemocratic political entity that enormously exceeds its initial scope. Initially the EU was to be an economic union that dealt with things like standardising on electric outlets and shoe sizes.

What the GDPR added to earlier legislation was a bite. From now on, offenders could be hit with significant fines.

Proponents of the GDPR like to claim that the law is based on the principle of privacy-by-design, meaning you need to structure your systems and services in such a way that people’s private lives remain private, and that if you want more from them, you need to get explicit and freely given permission. Let us see how that pans out, shall we?

In the past few months, unless you have been living under a rock, you have been flooded with privacy related messages. These tended to take one of two forms:

  1. The weak: “Please, please, please, please, please let us keep spamming you. We are begging you.”
  2. The strong: “Here is what will happen. You will give us permission to sell all your personal data to the highest bidder, or we will stop our relationship here.”

If the service needs you more than you need it, you would have gotten the former request. But if you need the service more than they need you, let us say the Googles and Facebooks of this world, they get to dictate the terms under which they use your personal data. That doesn’t sound like privacy-by-design to me, that’s just plain old neo-liberalism and greed at work.

So that is what the GDPR is, but for the proprietors of websites it is much more important to know how to comply. The catch-all case for GDPR compliance is, as you have seen, express and explicit consent. A website owner needs to identify all his uses of personal data, explain to a visitor what those uses mean, and then ask permission for those uses.

Luckily there are a number of exceptions where the rights of the proprietors would be unnecessarily burdened if they had to ask for permission. One such exception is a technical necessity: a website would not work if your user had the option of saying no. For example, in order for a web shop to work, you have to be able to ask the visitor for billing and shipping information.

Another exception is freedom of speech. If you are writing an article about someone, you don’t have to ask them for permission before you publish the article.

Keeping data around for legal obligations is a third exception.

The above nicely lays out how you perform a privacy audit. You make three lists:

  1. Which personal data do you process?
  2. For each of these data, which use do you make of them?
  3. For each of these uses, what are your grounds for having them?

Apart from this audit, there are other things you need to do that are beyond the scope of this posting. For example, you also need to determine if you export personal data to foreign countries. (For example, if you are in the Netherlands, do you have Facebook buttons on your website? These buttons collect personal data and Facebook is an American company.) And you also need to determine for each item how long you are going to keep it, and so on.

The meanings of several terms seem obvious at first sight until you are going to perform your audit and then they become vague and confusing.

Personal data are data that can be used to identify a natural person. The logical conclusion might be that nothing then is personal data, because on the internet nobody knows you are a dog. That would make the law toothless and so judges have been using a much roomier definition in which anything that comes close to identifying you can be personal data: names, e-mail addresses, IP addresses and so on. Look out especially for combinations of data. You might argue successfully that an IP address by itself is not personal data, but IP addresses are rarely processed in isolation.

There is a special class of data that gets extra protection, things like gender, age, sexual orientation and so on.

Processing refers to anytime you touch personal data. Collecting contact information is processing personal data. Storing contact information is processing personal data. Sending this information to your e-mail address is processing personal data.

In other words, both ‘personal data’ and ‘process’ are pretty broadly defined.

The website I have been auditing, and for which I have subsequently written a privacy statement, is a Wordpress-based website. Not everything that goes for Wordpress will apply to your website, but I believe several of the lessons I learned could be relevant to any website.

I have identified five elements of a Wordpress website that come into play. If I missed any, please note them in the comments.

  • Wordpress core
  • Plug-ins
  • Themes
  • Widgets
  • Embedded content
  • Hosting

Wordpress core is the base package that you get when you download and install Wordpress on a webserver. If all you used Wordpress for is publish pages and blog posts containing nothing but plain text, you would still be processing personal data.

Plug-ins are pieces of additional functionality created to plug into the Wordpress API (programming interface).

Themes determine the look rather than the functionality of your website.

Widgets are small, very specific pieces of additional functionality that run on top of Wordpress rather than hooking into it.

Embedded content is content hosted somewhere else, but mixed up with your own content. Lots of website owners will for example use the widget to quote tweets in their articles.

A web host is something your Wordpress site runs on top of, and web hosts can collect personal data too. For example, many classic web servers are set up to log every visit by storing the IP address of the visitor, the page they requested and the time of the visit.

There is a strong overlap between plug-ins, themes, widgets and embedded content, to the point where there really is not even that much difference under the hood between a plug-in and a template. The differences are mainly conceptual. For an audit, however, it is useful to treat these as different parts of your website, because your admin interface will typically present these four elements differently.

I spent about 23 hours auditing a fairly simple Wordpress website. In that time I also wrote my privacy policy. That is pretty insanely large amount of time, if you ask me.

Now for me this is business and those are 23 hours well spent, time that will pay itself back in future projects. But what if you wanted a place on the web for your digital soap box, a place for your rantings and ravings? What if I told you that before you set all that up, you were legally required to spend three whole days figuring out in how many (often inadvertent) ways you were going to violate your visitors’ privacy?

What is more, you are exposed to the same multi-million dollar fines as large, wealthy organisations are. So far I don’t now of a country ogrish enough to impose million dollar fines on private bloggers, but hey ho, these are strange times.

Would you still go ahead with that website?

So the GDPR is a huge impediment to free speech, and not only that, but it limits the speech of smaller, weaker parties such as private bloggers far more than it does the speech of large corporations. The GDPR is certainly annoying to the latter, but ultimately acceptable.

But there are caveats to that conclusion.

Breaches of privacy are in itself also huge impediments to free speech. If you are afraid to speak because you are afraid someone will come after you, you may be scared in staying silent.

(The thing is though, will the GDPR make much of a difference here? I do not expect the GDPR to make any meaningful difference to the practice of doxing for example. Twitter is as a processor under no obligation to halt the practice, and the doxers themselves can claim a free speech exemption.)

Also, this is a new law and things need some time to settle in. Wordpress has just released a version of its software that comes with a built-in privacy statement and for which it has already performed the privacy audit part of Wordpress Core for you. If you install no other themes, plugins and widgets, you are almost good to go. (You need to add some info about how you are going to secure your site, how long you are going to keep certain data and so on.)

So there is some hope there.

One man, 50 Bic pens

(An Experiment and a Fantastically Boring Tale.)

In 2011 I bought 50 pens in an attempt to stem the constant trickle of pen disappearances.

Like matching socks, ballpoint pens have this obscure, almost life-like ability to get lost just when you need them, and this seemed to be a good reason to buy way more pens than one man could chew on.

Last week I took a fresh pen from the box, because all the others had disappeared, and it would barely write. Dried up. I tried another from the box. Dried up. And so on.

I counted the dried-up pens I had left: 22.

So the result of this experiment is that a man can live on 28 pens before he must replenish.

A couple of caveats:

  • I regularly get pens from congresses and what have you, so the disappearance rate is probably higher than 30 pens over the lifetime of one Bic.
  • The period between when I bought my Fantastic Fifty and today neatly straddles the divide between when people needed a pen multiple times a day and when people did most of their stuff online or on their phones. In other words, my pen replacement rate has presumably slowed down.

Now for the good news: according to this selection of life hacks, you can bring a ballpoint back to life by using it to ‘write’ on rubber (for example, the sole of a shoe), and I can happily say, this works.

See also:

  • How long can you use a Bic before it runs out of ink?
  • At its introduction in the 1950s, the pen shown here was called the Atomic Pen, but as the Cold War wore on and the lure of a nuclear age quickly dissipated, Bic changed the name to Cristal. The hole in the cap was introduced in 1991 to prevent a user from choking after accidentally swallowing the cap. (NotASource)

Making complex PHP arrays viewable

When you want to study the contents of PHP arrays, for example when you ask the API of your favourite PHP CMS a question and it returns an array in which the answer is somehow hidden, you can use PHP functions like print_r and var_dump to display the array in a way that makes it easy to study.

Let’s say you define the following array:

$foods = array('plants' => array('fruits', 'vegetables'), 'animals' => 'meat', 'mixed' => array('pies' => 'pies'));

then running print_r($foods) will give you the following result:

    [plants] => Array
            [0] => fruits
            [1] => vegetables
    [animals] => meat
    [mixed] => Array
            [pies] => pies

This improves the readibility quite a bit, because the linebreaks, indentation and added information (brackets for keys, “Array” to indicate the type) all help you to visually parse the array.

When you have large arrays to study however, the usefulness of print_r or var_dump diminishes rapidly. It can get quite tricky to remember the indentation level of an array that spans more than a few screens.

This is where tools like Krumo come in; they will present (within a web page) an array or object (or any value really) within a collapsible format. Only when you click on a top element will it fold out to display its contents.

I needed something like Krumo, but since the latter clocks in at about 100 kilobytes, Krumo itself can become quite complex to work with if you want more than the basics. (Don’t worry if you were thinking about using Krumo, it is still unsurpassed at simply showing objects and arrays.)

Below, I present you what I came up with.

Read the rest of this entry »

Zakelijke bankrekeningen vergelijken in 2016 [NL/Dutch]

In 2011 betaalde je 7 tot 9 maal méér voor een zakelijke rekening dan voor een particuliere rekening.

Die verschillen zijn sterk teruggelopen – althans, als je een kleine, dienstverlenende ondernemer bent van het kaliber vertaler of adviseur. Zelfs dan betaal je nog steeds minimaal 2 tot 3 maal zoveel voor je zakelijke rekening dan voor je privérekening.

Het verschil wordt de laatste jaren gemaakt door bankrekeningen die speciaal op ondernemers met een kleine paymentservicesbehoefte zijn gericht. Hieronder een overzicht:

– Oogluikend privérekening (24 € p.j.)
Knab Zakelijk (60 € p.j.)
ASN Zakelijk (72 € p.j.)
Regiobank ZZP Rekening (75 € p.j.)
SNS ZZP (90 € p.j.)

Bij de vier zakelijke rekeningen zijn de eerste 1.000 reguliere transacties (het doen en ontvangen van overschrijvingen en het doen van PIN- en IDEAL-betalingen) gratis. Daarnaast ontvang je er een beetje creditrente, met uitzondering van (op dit moment) Regiobank.

Een winkelier daarentegen die wil dat zijn zakelijke bank alle paymentservices voor zijn rekening neemt, dus ook het storten van contant geld, het ontvangen van IDEAL-betalingen op zijn webwinkel en het ontvangen van automatische incasso, heeft weinig keus. Er zijn drie banken met uitgebreide opties, algemeen bekend:

ING Zakelijk
Rabobank Zakelijke Rekening

De vaste abonnementskosten hiervan beginnen rond de 120 euro per jaar. Daarnaast betaal je een klein bedrag per transactie.

Ten slotte heb je nog wat tussenvormen:

Regiobank MKB Rekening
SNS Zakenrekening
Triodos Internet Zakelijk
Van Lanschot Zakelijk

Hiervan is nuttig te weten dat de Regiobank- en SNS-rekeningen vrijwel dezelfde abonnementskosten hebben als hun ZZP-varianten (Regiobank is overigens net als ASN Bank een dochter van SNS), maar dat je daarnaast per transactie betaalt.

De Van Lanschot-rekening wordt niet prominent op hun website getoond. Ik vermoed dat deze vermogensbeheerder met name een zakelijke rekening aanbiedt, zodat hun klanten niet twee verschillende banken hoeven aan te houden. Hun jaarabonnement (rekening, bankpas en online bankieren) is dan ook het duurste van allemaal.

De vreemde eend in de bijt is daarmee Triodos: je betaalt hetzelfde tarief als de banken voor retailers terwijl je er een ZZP-rekening voor terugkrijgt. Misschien dat als iemand van Triodos dit leest, ze het me kunnen uitleggen.

In het bovenstaande heb ik waar ik prijzen heb genoemd, gekeken naar pakketten waarbij minimaal een bankrekening, een bankpas en online bankieren zijn inbegrepen. Bij de meeste banken kun je ook niet minder afnemen.

Kijk niet alleen naar de abonnementskosten

Wat mij bij mijn onderzoekje vooral opviel, is dat zakelijke rekeningen complexe producten zijn die niet makkelijk één op één te zijn te vergelijken. Dat is mede waarom ik niet overal de abonnementskosten noem. Als je een bankbehoefte hebt die ingewikkelder is dan het ontvangen en doen van hooguit enkele honderden overschrijvingen per jaar, dan ga je rekeningen al gauw vergelijken op het aanbod van overige diensten en de daarbij horende kosten.

Kijk dus niet alleen naar de prijs van een rekening, maar ook naar de omvang van het pakket. Producten die sommige banken goedkoop en andere banken duur of zelfs helemaal niet leveren, zijn: extra bankpassen, advies, transacties, automatisch overschrijven, zakelijk sparen, incasso, acceptgiro, gegevensexport voor je boekhoudpakket enzovoort.

Er is momenteel niemand die een goede vergelijking biedt tussen de verschillende diensten die een bank bij zijn zakelijke rekening aanbiedt. Vorig jaar vergeleek MoneyView de voorwaarden van zakelijke rekeningen, maar de resultaten zijn alleen in een heel summiere samenvatting te zien voordat je tegen de paywall opbotst. Hun document Criteria Product Rating Voorwaarden Betalingsverkeer is echter nuttig leesvoer voor wie wil zien waar je bij de keuze van een bank allemaal op kunt letten.

Mijn onderzoek werd bemoeilijkt doordat banken niet vermelden welke diensten ze niet aanbieden. Daardoor is het lastig uit te vinden of een dienst ontbreekt. ASN Bank en Knab zeggen bijvoorbeeld niets over periodieke overboekingen. Betekent dit dat ze die niet aanbieden? Of dat ze ze wel aanbieden, maar niet vermelden? Misschien vermelden ze ze wel, maar kan ik ze niet vinden, omdat ik de verkeerde zoektermen gebruik?

De zakelijke rekeningen heb ik vergeleken met het zakelijk gebruik van een (eventueel tweede) particuliere rekening. Deze heb ik Oogluikend Privérekening genoemd, omdat de banken weliswaar het zakelijk gebruik van privérekeningen verbieden, maar sommige banken het oogluikend lijken toe te staan.

Overduidelijk lokkertjes als starterspakketten heb ik uit mijn vergelijking weggelaten.

Wat nu als je eerst aan een goedkope rekening genoeg hebt, maar later meer payment services nodig hebt? Moet je dan overstappen? Knab wijst erop dat je aanvullende payment services bij derden kunt inkopen. Aangezien ik daar helemaal geen verstand van heb (ik voldoe zelf met gemak aan de ZZP-definitie), laat ik het aan anderen over daar iets over te zeggen. De naam Mollie hoor ik regelmatig voorbijkomen; via deze PSP kun je in elk geval online betalingen ontvangen.

De toekomst

Het landschap voor zakelijk bankieren zag er vijf jaar geleden heel anders uit. Vijftien jaar geleden was het wéér anders. Ik begon in 2000 voor mezelf, en toen kon je nog een gratis rekening bij de Postbank krijgen en waren de ING-rekeningen daarentegen (voor mijn gevoel althans) peperduur.

Het enige wat je daaruit over de toekomst kunt concluderen is dat die er heel anders kan uitzien. Dat kan een reden zijn om een bank met een uitgebreid dienstenpakket uit te kiezen of om juist om de zoveel tijd je bankierbehoefte opnieuw vast te stellen en tegen het aanbod van die tijd te houden.

Disclosure: als je zoals ik regelmatig voor reclame- en internetbureaus werkt, ligt er wel eens een bank op je bordje. Ik heb echter aan zoveel verschillende bankensites gewerkt, dat ik me niet kan voorstellen in dit artikel een bank al dan niet bewust te hebben bevoordeeld.

Meet the golden banana of discord


You know this graph, you have seen it before. It is a graph displaying a distribution.

If you squint, it resembles a golden banana.

In the text adventure world they hold yearly competitions. In fact, the largest of them, IFComp, is currently underway, and the way it works is that everybody who wants to can be a judge. You’re supposed to play a game for up to two hours, give it a score between 1 and 10 and move on to the next.

At the end the scores are tallied and the game with the highest average wins. Often, the way the scores are distributed per game is more or less according to a normal distribution. A game that gets mostly sixes will also get some 5s and 7s, almost no 4s and 8s and only rarely scores outside that range.

Other games work differently. Players either love them or hate them and the result is that scores will be distributed not around their averages, but along the edges. Being of a certain bent of mind, the text adventure community has embraced this occurrence and named an award after the shape and, I believe, the colour of the way these graphs were originally presented – the Golden Banana of Discord. The prize (a stuffed plush banana) has been awarded since the year 2000 and is actually given to the winner of the IFComp entry with the highest standard deviation—the distribution of scores doesn’t have to be banana shaped.

I have taken to calling every banana-shaped distribution The Golden Banana of Discord, because I believe the name serves its purpose well and deserves recognition outside the text adventure community.

I said that you know this distribution. Remember the last time you looked for hotel or restaurant reviews online? Check out a bunch of them and you will start seeing golden bananas all over the place. Had a pleasant evening? Here’s and 8, sir. Hair in your soup or your waitress didn’t smile at you? A 2! Giving low marks on online review sites is often the only way a patron can regain some control over their ruined evening, regardless of whether the restaurant is otherwise well liked or universally despised—in the latter case the owners have a dozen fake e-mail addresses which they use to write glowing reviews about their own restaurant.

Last year's Golden Banana winner, SPY INTRIGUE, with its none-EU-approved banana shape among two games with beautifully normally distributed scores. Source: IFComp.

Last year’s Golden Banana winner, SPY INTRIGUE, with its none-EU-approved banana shape among two games with beautifully normally distributed scores. Source: IFComp.

Completely useless overview of mobile phone brands in the Netherlands, May 2016

An obscure need to know led me to create the following overview of mobile phone brands in the Netherlands. Since I got relatively little use out of it, I figured I’d share it here. Maybe it will find some use after all.

Caveat: I didn’t need a very precise list, so please don’t use this is as the basis for your hostile take-over or master’s paper.

By way of summary introduction (TL/DR: TL/DR) I will note that there are four-and-a-half network operators in the Netherlands who all have their own brands of mobile phone providers. T-Mobile (German), KPN (Dutch), Vodafone (British) and Tele2 (Swedish) have their own network. The half-network provider is Liberty Global plc, who do own their own frequency, but need to cooperate with Vodafone to make it work. (Things got too technical for me after this.)

Then there is a whole raft of companies and brands that provide mobile telephony and that use the networks of others. I did some quick Googling but found no indication that the network quality is any less if your company has to rent their access.

The list is not complete by any stretch; it is simply based on brands that sounded familiar to me. As it turns out, all the companies large enough to own a slice of the network spectrum sounded familiar to me, so at least there’s that.

T-Mobile brands:
– T-Mobile
– Ben
[- own network]

KPN brands:
– Simyo
– Telfort
– Hi
[- own netwerk]

Vodafone brands:
– Vodafone
– Blyk
– Hollandse Nieuwe
– Sizz
[- former brand: Libertel]
[- also owns the Belcompany chain of mobile phone shops]
[- own network]

Tele2 AB brands:
– Tele2
[- since 2015 own 4G network]

Liberty Global plc brands:
– Ziggo
[- formerly UPC]
[- uses the Vodafone network]
[- has a 4G license]

Youfone brands:
– Youfone
[- owned by the same people that own NL Energie]
[- uses the KPN network]

Simpel brands:
– Simpel
[- founded by former T-Mobile employees]
[- uses the T-mobile network]

Note that I assigned nationalities to various companies, but the global trend is to have different headquarters depending on where the legal, financial, fiscal and labour environments are the most profitable. If a large company waves a national flag these days, you must start from the assumption that this is a branding exercise, not a heart-felt statement of loyalty.

Romerhuis, Venlo

I was born in one of the oldest surviving houses in Venlo, the Romerhuis, which also happens to be the first house in the oldest street of the city, the Jodenstraat.

The Romerhuis was built around 1490 in late Gothic style. By the 20th century the building had lost lots of its charm. The step gable had been removed, white gunk had been smeared on the front and the sides, and windows and doors had been changed.


In 1939 city architect Jules Kayser started the two-year restoration of the building, and then the war happened. Allied troops kept trying to bomb the bridges over the river Meuse, but missed time and again. All the buildings around Romer House were flattened and the building itself took severe damage.

The allied managed to destroy most of Venlo, including many historical buildings, but they had to leave the destruction of the bridges to retreating Nazis.


In 1950 the house was restored again, and this time the restoration took.


More photos, see here.

(Photos: Rijksdienst voor het Cultureel Erfgoed, CC-BY-SA; Rijksdienst voor het Cultureel Erfgoed, CC-BY-SA; Branko Collin, CC-BY-SA; respectively.)

Game guide: playing Bruce Lee II on the Commodore 64

In 2015 Jonas Hultén released his Commodore 64 port of the MS Windows game Bruce Lee II, which itself was a public domain sequel to the Commodore 64 original Bruce Lee (and which was visually very similar to the original 8-bit style).

If you want to play his game—and you should, because it’s really good!—you can download it for free and play it both on the original computer or on a Commodore 64 emulator such as VICE.

This sequel follows the game play of the original version from 1984 faithfully—with a number of important deviations.

1. It’s harder.
2. No points.
3. A lot more extra lives (called Falls in the game).


The reason you can easily get extra lives is presumably because it is also very easy to lose them.

Is it wise to play the original first? I’d say yes, but that is because I liked version I a lot. It could be that you find the original too easy and that this would turn you off from the sequel. Note that Bruce Lee II is also very easy for a lot of its levels and to me that is part of the charm of the franchise—you get to properly explore stuff.

Part of the fun of the game is to figure out how everything works, but I decided to give those that are stuck in the first levels a leg up.

The best response to the previous paragraph is to stop reading here, because you know what follows, right? Spoilers! I will keep those to a minimum, though. I will explain the basic features of the game below and I cannot do that without spoiling some of the game for you. I will do this largely by discussing the first screen, meaning you still have dozens of screens to explore for yourself.

Is this a worthwhile trade-off? You have to decide for yourself.

Note that if you want to see more spoilers, you can find longplays on YouTube that show you how the entire game is played. These are important teaching tools for when you get stuck.

Bruce Lee II is a platform game in which you play the eponymous hero. Each room is a separate level where you need to locate and reach the exit, meaning there is no scrolling. Some rooms are reused. Some exits only open through actions taken in other rooms. Your goal is to play through all the rooms and destroy the wizard and in doing so free the princess.


The first room, shown here, is simultaneously the first, sixth and twelfth level. As you can see, there are three exits (all to the right), with the exit for the first level closed by a door and that of the sixth and twelfth level currently unreachable.

Your character can duck, climb, run, jump, punch and kick. Duck: joystick down. Climb: joystick up or down when on a climbable surface, like a ladder or a vine. Run: joystick left or right. Jump: joystick left+up, up, right+up. Punch: fire. Kick: left+fire and right+fire.

There are three recurring items in the game that trigger a reward:

– Small lanterns.
– Big lanterns.
– Horizontal bars.


When you clear a certain amount of small lanterns on a level, doors will open. Here is my first spoiler: if you clear both small lanterns in the first screen, you will unlock the door to the right.

There is no specific order in which you need to clear lanterns, but each exit requires that a specific amount of lanterns are cleared. Sometimes lanterns reveal an exit that allows you to enter another part of the same room.

Big lanterns give you an extra life, one for each lantern. Generally they are located near where you need them most, sometimes they are located after that point (in which case they help you replenish).

Horizontal bars need to be jumped into: doing so will activate a hitherto hidden feature. My second spoiler: if you jump towards the horizontal bar in room one, a ladder will appear that allows you to get onto the top platform of this screen. Horizontal bars can only be reached using an upwards jump.

Sometimes horizontal bars and small lanterns activate doors and other features in other rooms.

The game has active and passive security to stop you from progressing. Active security are the guards who try and attack you. These are largely inconsequential, because they are easy to avoid, but a guard may shove you into a passive security feature such as a spike pit, which may lead to instant death. The solution is to not stand still for long in areas where there are guards.

In a departure from the previous game, guards won’t follow you onto platforms. They may however start on platforms. A simple method to ensure you’re left alone by the guards is to make your way to the lowest platform you can reach, let the guards follow you there and then climb back up. Even something as simple as dangling from a ladder may make you unreachable to a guard. Bruce Lee doesn’t tire and can jump from any height without hurting himself.

Guards die after a few punches or kicks and will respawn after a while. Speaking of guards and respawing: sometimes you will respawn in exactly the spot where the guards tend to hang out. This can be … unpleasant. The trick is to move away immediately upon respawning. Even though you are stronger than the guards, you will still die if you get enough hits.

I won’t say much about passive security, but you should know that there are a few traps that respond to your presence but that do not adapt their response to your actions.

Vines, ladders and grates can be climbed. You will learn to recognize the patterns that make these things (they are not meant to be hidden per se). There is no rhyme nor reason to what is a background, a wall or a ladder.

Backgrounds sometimes turn out to be platforms. This is enough of a departure from the first game that I will allow myself a third spoiler: the trees in the first room can be stepped upon from the ladder that will appear if you jump into the horizontal bar in that same room. The other ‘hidden’ platforms you will have to find yourself by jumping onto everything you come across. I wish you lots of falls.


There are three levels that I am not sure I should warn you about, but I am going to anyway.

1. There is a level where a ladder is revealed by jumping around in the space where the ladder is hidden. I think this may be a bug (there are other bugs on that screen). You can recognize the area because it is one of the few dead ends in the game. Just explore everything.

2. There is a level that everybody calls difficult. I can tell you that it is doable. I will admit though that I studied a longplay on Youtube a couple of times before I beat it. Today this level hardly makes a dent in my falls (lives).

3. There is a level that not everybody calls difficult, but that in my case proved almost impossible. When I checked the longplays on Youtube, I noticed that players could do things on that level that I could not. So there’s that. I played (and finished) the game on a certain system with a certain emulator using certain settings; it may be that you come across problems that nobody else has encountered. Peeking at a walkthrough or using a cheat may then be the only way to finish the game. (But I managed to finish that level without cheats.)

Where is my flying car? A couple of quick observations

The phrase ‘flying car’ used to be (and perhaps still is) shorthand for ‘the future’. As long as we don’t have the flying car that a nebulous ‘they’ promised us, the future is not now. Never mind that in this day and age even people fleeing a war-torn Syria carry around more computing power then it took to get people to the moon, the idea of having enough technology seems forever outside our grasp.

These days flying cars are also a go-to topic for the average lazy journalist—there’s nothing like an article that you can write as you type.

Articles about flying cars in the MSM (main stream media) tend to follow a certain pattern. They look at current efforts of building flying cars—which remarkably all look a lot like regular, non-flying cars. If you’re lucky these articles also discuss past efforts, so that you get some historical perspective—for instance, the perspective that people have been designing, prototyping and dismissing flying cars for almost a century. And these articles often close with some made-up theory about how flying cars would lead to mayhem in the sky, followed by conjecture that this may be why we don’t have flying cars yet.

One of my larger objections to this trope is teleological in nature. I contend that we already have flying cars. They were invented in 1903 by two American brothers called Wright and have since taken the world by storm.

It turns out that if you put it like that, a whole lot of people will say: “but that’s not a flying car, that’s an airplane!” So what makes something a flying car? The image we have of flying cars is something straight out of the Jetsons or Back to the Future. It needs to be a vehicle. It needs to land and take off pretty much anywhere you like. It needs to be compact enough to park it near your house and comfortable enough to use for commuting or shopping. And it needs to have two more things, which I will discuss in a second. What it doesn’t need is to look like a car or to have wheels.

Even if you bring these extra limitations into the definition of flying cars, you still have the problem that this vehicle already exists. It’s called a helicopter. You have also introduced a problem for the lazy journalists, because this stricter definition of ‘flying car’ no longer includes any of the flying cars currently under development. The Pal-V’s and Terrafugias require dedicated airstrips to land and take off, so unless you live on an airport, they are not flying cars.

These modern flying cars are basically roadworthy aircraft. They look like cars (at least the bottom half) because when they are on the road, they are cars. What they are designed to solve is the problem that you aren’t allowed to land a helicopter just anywhere. They are 10% technological innovation and 90% legal work-around.

The way land-bound cars are advertised it would seem that their main purpose is personal freedom, especially freedom from roads full of other cars. Obviously if you own a car you realize that this is just a fantasy. If you use your car for commuting, you get used to being stuck in traffic for a considerable chunk of your life. But maybe flying cars could provide a solution? So that’s the final limitation that separates conventional aircraft from flying cars.

So what makes a flying car again?

  • It is a vehicle.
  • That is capable of taking off and landing where and when its operator desires.
  • Compact.
  • Comfortable.
  • That is allowed to take off and land where and when its operator desires.
  • Freedom?

Interestingly the very idea of what a flying car is also contributes to make it so that we don’t have them. The final two defining features are after all legal and psychological/sociological in nature, and such problems can be tricky to solve. (I wrote something other than ‘tricky to solve’, but I’ll leave the anti-technocratic rant for some other time.)