Just how many Aliens games have there been, now? Answer: a shitload. Thirty eight! And this is just counting the official ones. How about the Starcraft series, which is Aliens with the serial numbers filed off, or Alien Swarm, which is basically "Top-down L4D, with aliens". Then there's the Warhammer 40,000 franchise, with its Space Marines and Tyranids. Then there's the Doom series, and the Quake series after it. The Halo series. The ten billion other variations on the same theme.

Yet another video game where space marines kill aliens does not seem to me like a rich, untapped vein of creative potential. That vein has been tapped, then mined out, then strip mined, then all the rock was dug out down to the mantle, which glares at us, a great red baleful eye, as if to dare humanity to produce one more game where the voiceless protagonist communicates with high command over a radio, after the rest of his team was wiped out.

This has been done before. Why is it being done again?]]> http://bbot.org/blog/archives/2012/02/02/the_state_of_the_reprap_field/ http://bbot.org/blog/archives/2012/02/02/the_state_of_the_reprap_field/ 2012-02-02T04:11:14-05:00 bbot important, Engineering I've been looking at RepRap derived 3D printers recently, and what I'm seeing is encouraging.

The basic idea of the RepRap project is to build a self REPlicating RAPid prototyping machine, in the vein of the von Neumann universal fabricator. This is, of course, very very hard to do; and the RepRap project is nowhere near achieving full closure, there are still a great many "vitamins", components needed for self replication that the printer can't make itself. (Exactly analogous to vitamins in the conventional sense: biomolecules required for life, which the body can't synthesize itself.)

I've been following RepRap for six years, and for the first five of those years, it hasn't been a very good bet.

A FDM 3D printer is exactly like a 2D inkjet printer, except with a Z axis, and with a hot glue gun instead of an ink printhead.

Those of you who are familiar with motion control hardware and plastics extrusion are currently feeling faint chills of foreboding, and indeed, this is a Hard Problem. The printer hot end needs to be able to extrude thousands of metres of filament without requiring maintenance, while still being made out of common materials, as well as being as light, (print speed is limited by how fast the printer can move the extruder around) and as cheap as possible. The X and Y axis have to be accurate, precise, and as cheap as possible. The print surface turns out to be another big problem: the RepRap machine can't use a heated build envelope, for power consumption reasons, (The plan is to eventually have 1 RepRap per 1 human person) so you need something that sticks very well to hot filament, but not at all to cold filament, and also doesn't require replacement after only being printed on six or seven times.

Subscribing to the RepRap blog for these last six years has been a front row seat to watching lots of very smart people beat their heads against a very hard problem. It's always been possible to make a RepRap, if you wanted to spend a great deal of money in return for a machine that was not enormously reliable.

It occurs to me that 3D printers have described a familiar arc of technological development, roughly paralleling that of general purpose computers. In The Beginning, there were commercial printers made by big names such as Stratasys, which resembled mainframe computers with their thrillingly large price tags, obligatory service contracts, price gouging on spare parts; and physically, being large steel boxes.

Then came the first few generations of RepRap, which were essentially the Altair 8800 to Stratasys' PDP-10. A 3D printer that fits on your desk, and doesn't cost $20,000! Wow! Amazing! Sure, you have to input programs by flipping toggles on the front panel, but it's a desktop computer. Would a mere mortal human want to buy one? Well, uh...

What we really need is an Apple 2.

I think I've found one. Well, one and a half.

The RepRapPro Huxley is a kit of the latest RepRap design, with the sixth generation electronics, the fancy new Bowden extruder, and really stellar print quality. The kit's $727, shipped, to North America. This is the easy option.

(Full disclosure: I'd buy the cheaper parts kit, without RP parts, since I live near Metrix Create Space, and could print them myself.)

Of course, I can't do anything the easy way.

The Quantum ORD bot (build log thread) is based on the Printrbot design, which has become thumpingly unpopular in the RepRap community for various boring reasons; and has been reverse-pirated as the Wallace model.

The problem with the mainstream RepRap model is that each axis has three components: the structural members, (Threaded rod) bearing surfaces, (Smooth steel drilling rod) and motion control elements. (Timing belt in the XY axes, more threaded rod in the Z axis) Since the structural members and the bearing surfaces are both static, you can just combine the two, and eliminate a lot of vitamins from the design.

So good so far. Except that the Printrbot is a bit of a toy: its design goal was to be as cheap as physically possible, which results in tradeoffs regarding frame stiffness, printing speed, build volume and mechanical reliability. (As Jamie Hyneman said, there is no free lunch with machines. Any money you save on mechanical quality, results in more time spent trying to keep the damn thing functional) Wallace is a better design, but it's barely a month old, and there are no commercial suppliers for it at all, and only one operational example of the design in the field.

Enter Makerslide.

(Ignore the ad copy on that page: Barton's a bit slow to update it. The Kickstarter's finished, you can buy it now, right now, at this very moment.)

Makerslide is just structural aluminum extrusion, as used in the venerable 5bears CNC mill, but with bearing surfaces molded into its surface. Which makes it a prime candidate to replace the drill rod in the Printrbot design, and get a vastly stiffer machine frame in the bargain; which also lets you scale up the build volume. With a R2C2 kit, it should be pretty easy to build a fast, reliable, FDM machine!

Oh wait, I don't have any money.]]> http://bbot.org/blog/archives/2012/01/28/happy_friday/ http://bbot.org/blog/archives/2012/01/28/happy_friday/ 2012-01-28T00:16:09-05:00 bbot Etc (Attention conservation notice: Whining.)

So I was re-reading "The End Of Men", because if there's anything an unemployed 23-year-old semi-electrician (for reference, my extremely unimpressive resume (source code)) likes hearing about more, it's "your entire gender is worthless and unemployable"; when I peeped this paragraph, yo:

Over the years, researchers have proposed different theories to explain the erosion of marriage in the lower classes: the rise of welfare, or the disappearance of work and thus of marriageable men. But Edin thinks the most compelling theory is that marriage has disappeared because women are setting the terms—and setting them too high for the men around them to reach. “I want that white-picket-fence dream,” one woman told Edin, and the men she knew just didn’t measure up, so she had become her own one-woman mother/father/nurturer/provider. The whole country’s future could look much as the present does for many lower-class African Americans: the mothers pull themselves up, but the men don’t follow. First-generation college-educated white women may join their black counterparts in a new kind of middle class, where marriage is increasingly rare.

As the traditional order has been upended, signs of the profound disruption have popped up in odd places. Japan is in a national panic over the rise of the “herbivores,” the cohort of young men who are rejecting the hard-drinking salaryman life of their fathers and are instead gardening, organizing dessert parties, acting cartoonishly feminine, and declining to have sex. The generational young-women counterparts are known in Japan as the “carnivores,” or sometimes the “hunters.”

American pop culture keeps producing endless variations on the omega male, who ranks even below the beta in the wolf pack. This often-unemployed, romantically challenged loser can show up as a perpetual adolescent (in Judd Apatow’s Knocked Up or The 40-Year-Old Virgin), or a charmless misanthrope (in Noah Baumbach’s Greenberg), or a happy couch potato (in a Bud Light commercial). He can be sweet, bitter, nostalgic, or cynical, but he cannot figure out how to be a man. “We call each other ‘man,’” says Ben Stiller’s character in Greenberg, “but it’s a joke. It’s like imitating other people.”

"Greenberg"? Never heard of it. Let's hit IMDb.

You know those fleeting, inelegant moments and transitory, almost Seinfeldian scenarios in our lives that, unlike on Seinfeld, we never really talk about, because they betray how clueless and insecure we all are? You know how we'll go to parties basically to see one person and find we're inept at opening up and socializing with anyone else? You know those pointless, roundabout stories we'll tell about something that happened that we thought was interesting or funny but we don't realize how boring or monotonous they are till we're halfway through them? What about the receiving end of that situation? Why are we so worried about hurting these painful storytellers' feelings when they're making us so uncomfortable having to feign interest or amusement for indefinite durations? You know those sexual experiences we never talk about even to our best friends because they were so painfully awkward and nakedly ungraceful? You know how when we're on drugs we only indulge occasionally and we find ourselves wording things in creative ways, feeling overconfident and impulsive while everyone else is viewing us as rather reckless? Roger and Florence know, all too painfully, awkwardly, uncomfortably, recklessly well.

Golly, that sounds like a laff riot. Hold on, lemme hit up Amazon to order this gem on DVD. Hell yeah I want next-day shipping! Gotta see this bad boy ASAP.]]> http://bbot.org/blog/archives/2012/01/14/fun_and_games_with_unix_pipes/ http://bbot.org/blog/archives/2012/01/14/fun_and_games_with_unix_pipes/ 2012-01-14T21:07:46-05:00 bbot important, Linux So Atomic's started a new thing. The first post is interesting, however, probably not in the way she intended.

It consists of an image thumbnail named tumblr_lxr0pclKpO1rn6clco1_500.gif, which links to the larger version, tumblr_lxr0pclKpO1rn6clco1_1280.gif. _500.gif is odd in several ways. For one, it's actually a JPEG, delivered with the image/jpeg mime-type. Secondly, it's huge, weighing in at 1,369 kilobytes... for a 500x346 pixel thumbnail. The original GIF is only 147 kilobytes, which makes the thumbnail nine and a half times larger than the full size file.

We've been down this road before. Let's take a look at the file.

exiftool -htmlFormat -v tumblr_lxr0pclKpO1rn6clco1_500.gif > report.html

If you look at that report, you'll see that the first 57,324 bytes are a perfectly normal quality 92 JPEG file, of an entirely sane size for a 500x346 image. And then there's 1,344,572 bytes of "unknown trailer", which starts with 0xffd9, the JPEG magic number. Let's do a quick bgrep...

bbot@neon:~$ bgrep ffd9 tumblr_lxr0pclKpO1rn6clco1_500.gif 
tumblr_lxr0pclKpO1rn6clco1_500.gif: 0000dfea
tumblr_lxr0pclKpO1rn6clco1_500.gif: 0001c111
tumblr_lxr0pclKpO1rn6clco1_500.gif: 0002a300
tumblr_lxr0pclKpO1rn6clco1_500.gif: 000385b0
tumblr_lxr0pclKpO1rn6clco1_500.gif: 0004690c
tumblr_lxr0pclKpO1rn6clco1_500.gif: 00054d19
tumblr_lxr0pclKpO1rn6clco1_500.gif: 0006318d
tumblr_lxr0pclKpO1rn6clco1_500.gif: 000716aa
tumblr_lxr0pclKpO1rn6clco1_500.gif: 0007fc70
tumblr_lxr0pclKpO1rn6clco1_500.gif: 0008e2fe
tumblr_lxr0pclKpO1rn6clco1_500.gif: 0009ca24
tumblr_lxr0pclKpO1rn6clco1_500.gif: 000ab212
tumblr_lxr0pclKpO1rn6clco1_500.gif: 000b9a00
tumblr_lxr0pclKpO1rn6clco1_500.gif: 000c8126
tumblr_lxr0pclKpO1rn6clco1_500.gif: 000d67b4
tumblr_lxr0pclKpO1rn6clco1_500.gif: 000e4d7a
tumblr_lxr0pclKpO1rn6clco1_500.gif: 000f3297
tumblr_lxr0pclKpO1rn6clco1_500.gif: 0010170b
tumblr_lxr0pclKpO1rn6clco1_500.gif: 0010fb18
tumblr_lxr0pclKpO1rn6clco1_500.gif: 0011de74
tumblr_lxr0pclKpO1rn6clco1_500.gif: 0012c124
tumblr_lxr0pclKpO1rn6clco1_500.gif: 0013a313
tumblr_lxr0pclKpO1rn6clco1_500.gif: 0014843a
tumblr_lxr0pclKpO1rn6clco1_500.gif: 00156426

Huh. 24 instances. 24 * 57 kilobytes = 1368, which is about how big our file is. How many frames are there in the original animation?

bbot@neon:~$ identify tumblr_lxr0pclKpO1rn6clco1_1280.gif | wc -l
24

Somehow, when producing the 500 pixel thumbnail, Tumblr managed to produce a thumbnail for each individual animation frame, then concatenated all of them.

Wow.

Whoops.

How did they do this? Well, I'm guessing it was a pipe.

One of ssh's many, many party tricks is providing a transparent unix pipe between two machines. Presumably Tumblr has a front-end machine that accepts uploads from users, scales it down with Imagemagick, then transfers it to Amazon S3. Here's a one-liner that replicates the bug:

$ convert -resize 500 input.gif jpg:- | ssh user@server.example.com "dd of=output.gif"

It's less obvious why this command is being executed. Additionally, while it replicates the bug, it doesn't produce the exact same file, it's about 141 kilobytes smaller.

One possible reason is that Imagemagick chokes on the original file, becoming extremely confused when you ask it to scale the overlay frames. Given this command, which should Just Work:

convert -resize 500 -layers optimize tumblr_lxr0pclKpO1rn6clco1_1280.gif 500.gif

Produces this:

Which is both extravagantly broken, and ten times larger than the original, larger in image dimensions, file. So Tumblr might have added a step in their asset pipeline to normalize certain GIF animations that Imagemagick chokes on.

(There might be a more graceful way to do this than converting it to a Motion PNG. If there is, tell me.)

convert input.gif mng:- | convert -resize 500 -layers optimize - output.gif

As you can see, this actually works, though the "thumbnail" is still twice the size of the original file.

Now, (putting ourselves in the shoes of the nameless sysadmin who was doing this) let's add the next step, where we actually upload the file to the remote server. Except that, whoops! We were hacking on the JPEG thumbnail code earlier, and we accidentally tell Imagemagick to send the image data as JPEG.

convert input.gif mng:- | convert -resize 500 - jpg:- | ssh user@server.example.com "dd of=output.gif"

And so, we end up with this ridiculous situation where the thumbnail is nine times bigger than the original file. I guess the moral of the story is to always check to make sure that something which is supposed to make files smaller, actually makes files smaller.

(Previously.)]]> http://bbot.org/blog/archives/2012/01/08/when_pretty_secure_isnt_secure_enough/ http://bbot.org/blog/archives/2012/01/08/when_pretty_secure_isnt_secure_enough/ 2012-01-08T14:58:11-05:00 bbot important, Linux "Richard Stallman Was Right All Along"

"As a member of the Walkman generation, I have made peace with the fact that I will require a hearing aid long before I die, and of course, it won't be a hearing aid, it will be a computer I put in my body," Doctorow explains, "So when I get into a car - a computer I put my body into - with my hearing aid - a computer I put inside my body - I want to know that these technologies are not designed to keep secrets from me, and to prevent me from terminating processes on them that work against my interests."

Something I've been thinking about off and on for the last seven years or so, is what the security model for an em would look like.

Background info, for non-transhumanists: "Em" is a short, pithy word coined by Robin Hanson to refer to a person running on a computer. The basic idea behind Whole Brain Emulation is to scan a human brain with an electron microscope, then make a model of all the scanned atoms, and run that model in a physics simulator, which will run all the chemical interactions between neurons like it was a physical brain. This model will have all the memories of the person that was scanned, but has all the advantages of software: functional immortality, easy copying, can be run millions of times faster than real time...

The problem arises when you start to think about what kind of computer you're going to run this simulation on. It must be completely, flawlessly, secure. It absolutely cannot be hacked, because once you lose control of that computer, that's the ballgame. A copy of your brain-state is you. It's got all your memories, knows all your passwords.

That's bad. It gets worse: a brain-state is software, it can't "die" in the organic sense of the word. You could torture it to death, over and over, for a thousand years; if you felt like it. "They populate the simulation spaces of its mind, exploring all the possible alternative endings to their life."

So it's pretty clear that the operating system for a em is going to have be very special indeed. Quebes isn't paranoid enough. OpenBSD isn't paranoid enough. seL4 isn't paranoid enough. You will need a degree of paranoia hitherto unseen outside of nuclear weapons safety protocols and space shuttle flight control systems. Multiple, concentric, airgapped systems. ASICs that refuse to export their contents. Physical safety interlocks. Power draw monitoring. (Here being used in a somewhat unusual way: monitoring the power draw of a secure processor to verify that it hasn't been compromised) Provably secure code. Self-destruct charges!

Some of the sting of "killing yourself rather than be captured by the enemy" is taken out by having a couple dozen copies as backup, however.

This is a bar set amazingly, impossibly high; and it goes absolutely without saying that no general-purpose commercial OS clears it. However, many of the freedom-destroying technologies cut both ways. The Xbox 360, which has been out for six years now, uses code signing to enforce a closed platform. Downside: no third-party software, at all. Upside: there has never been a virus on the 360. (apt-get uses a weak form of code signing, and to the best of my knowledge, has never distributed a virus either)

The Trusted Platform Module can be used to build a computer which you can only install Windows on, but can also be used by Linux to protect against certain attacks.

This blog post doesn't really have a point, I just wanted to talk about some stuff. Sorry.

I'm certainly not saying that there's some kind of tradeoff between open-source and security. That would just be utter, blithering nonsense. I guess if there's any point here that I'm flailing in the direction of, it's that there are certain dual-use technologies, which are in danger of being misused by people looking to make money at the expense of the users; also known as the Facebook strategy.]]> http://bbot.org/blog/archives/2011/11/21/unsubscribed/ http://bbot.org/blog/archives/2011/11/21/unsubscribed/ 2011-11-21T17:33:26-05:00 bbot Etc (Attention conservation notice: You'll note that this post, unlike the last six, isn't tagged "important." That's because it ain't.)

Things I've unsubscribed from recently:

• Ribbonfarm. Prime example that the Gell-Mann amnesia effect isn't just for newspapers. I wrote a refutation of another Ribbonfarm post eight months ago, where I concluded that he had no idea what he was talking about... but didn't unsubscribe from his blog. It took reading this post for me to realize, "Hey, wait, this guy's an idiot!" Also, he won't shut up about his book.
• Megatokyo. I realized that I had been reading Megatokyo since middle school, yet I couldn't tell you what the last year of plot was about, nor did I particularily care about any of the characters.
• Twenty sided. This one was kinda hard. About a month ago, Shamus started writing a series of autobiographical posts. I unsubscribed in disgust, (I didn't really want to read what was pretty much "bbot's childhood, yet worse") intending to pick it up again once he stopped. I checked back, saw that the autobiography series was over... and then noticed that almost all of the front page were daily posts about Shamus' video LP series.
  
  I don't really want to watch other people play video games I've already completed. What's even worse is that all of Shamus' high-level video games criticism work goes into his LP, now, which means no more traditional game reviews. Obviously some people enjoy them, since they get thousands of views. I just have better ways to spend half a hour a day.
  
  This is hard because a big chunk of my readership comes directly from Twenty sided, and this post will probably result in some unsubscriptions. But man, I just give no shits about his LP. None at all. If it was possible to just subscribe to his code projects, I would, but I can't, so I won't.
• Gunnerkrigg Court. Got tired of the stupid shit it kept saying about the philosophy of science, and AI. That, and the moronic error it made about the underwater dorms, (10 metres is not terribly deep, but if you spend 8 hours at depth, decompression is required before returning to the surface, or else you're in for the full spectrum of amusing neurological effects resulting from nitrogon fizzing out of your blood and shredding brain tissue) finally pushed me over the edge.
  
  I briefly flirted with the idea of doing a long-form post about the fundamental errors of thought underlying Gunnerkrigg Court, and I got a couple hundred words into it before I realized what a collosal waste of time this was. You would have to pay me money to get me to write about that crap. Haha, wait, hold on.
  
  (EDIT: Donation button removed, because I forgot that I don't have access to that paypal account right now, for various reasons.)
  
  Okay, here, you can pay me money to write about that crap. Donations will go towards a hamburger, and some of Burger King's awful, terrible coffee.

(From "Are Black Hole Starships Possible?", 2009)

It's not every day you learn that a one-attometre black hole would mass 673,000 tonnes, and radiate 129 petawatts of Hawking radiation. Some of that's in fairly harmless neutrinos, but the 15.7 gigaelectronvolt (GeV) gamma rays most decidedly ain't. (The gamma radiation coming off of a mass of Cobalt-60, (which is excitingly radioactive) by comparison, is a mere 1.33 MeV, 11,804 times less energetic. Attometre-gauge black holes pack a punch.)

The paper makes a pretty good case that using a microscopic black hole as a starship drive is at least physically possible, though there's a whole host of amusing practical problems that should be of any interest to the aspiring megaproject engineer with a couple state vector backups safely stored behind a kilometre of lead shielding.

Firstly is the problem of making them. Apparently Messrs. Crane and Westmoreland are the first people to seriously consider how to generate an artificial black hole, (!) and they conclude that the most practical method (!!) is "by firing a huge number of gamma rays from a spherically converging laser." (!!!)

One can easily imagine just how huge this would have to be, of course, since you're aiming to get the energy density of a couple cubic attometres high enough to spontaneously generate an object that masses 673,000 tonnes.

Once you've built your absolutely gigantic gamma ray laser array, and accompanying solar panel satellite well within the orbit of Mercury, you get to the fun part of calibrating the thing.

The best case scenario is that you generate a fairly large black hole, radiating at a sedate 130 petawatts or so. But if you don't get the power density high enough, then you might end up with a smaller black hole. The smaller the black hole, the more energy it radiates, and the faster it evaporates. At .9 attometres, it radiates 160 petawatts. At .6, 367 petawatts. At .3, 1527. At .16, 5519 petawatts and a lifetime measured in days! It's a short and steep slope to kaboomville. You can see here that a misaligned laser array is mostly a big machine for producing gigantic explosions.

The authors helpfully point out that if you're worried about the radiation flux affecting the Earth, you can just move evaporating black holes to the other side of the Sun. Which reminds me of a famous maxim: if you're using a star as radiation shielding, then you're having a fun time.

Then there's the problems of how to use something that mostly shines in the gamma ray spectrum as a propulsion device, and how to postpone the inevitable kaboom-date. You wouldn't think this would be a problem, since the popular conception of a black hole starts and ends with "it eats things", but take another look at that table. The attometre hole loses 1.43 kilograms a second to Hawking radiation. How are you going to cram 1.43 kilograms of mass into a point 2 attometres across?

The authors, who I absolutely cannot fault in the "imagination" or "audacity" departments, conclude that "this point must remain as a challenge for the future."

Well shit, let's do that again, but with a a different site. This time, though, I sent them an email first:

Hi, I'm Sam Bierwagen, a volunteer with the Archiveteam project. (http://archiveteam.org/) We make independent backups of sites of historical or cultural interest that, for whatever reason, (are being shut down by yahoo, like Geocities; or are being crippled by the host company, like Delicious) are at risk of disappearing. AO3 is dedicated to hosting copyright-infringing content, and depends on donations to keep operating; a combination that, in my experience, does not result in spectacular longevity.

Typically, we operate under extreme time pressure, which requires tactics that tend to generate some friction with operators that don't appreciate a dozen pageloads per second from our web spiders. Even extremely conservative spidering jobs can impact a site negatively, if done via an unusual API. (I downloaded all two million pages of everything2.com at the pace of one per second, which averaged out to three kilobytes per second, and took a full month; yet apparently was enough to crush their antiquated database backend.)

I've had enough legal threats to last me a lifetime, so I'm trying a softer approach this time. We're looking for database dumps, like the ones wikipedia publicly offers. (http://dumps.wikimedia.org/)

Have any?

I'll give them a week.

Wait a minute. What's that domain right there?

Oh boy. Glad to see my name has joined the hallowed company of "milf", "nude" and "gays" as "extremely stereotypical porn keywords."

Now, I didn't bother registering any other domains besides bbot.org. Why? Firstly, sour grapes.

I started using "bbot" way back in 2003, but I didn't get around to registering the domain until 2005, which was real late in the game for four (ha) letter domain names. (My advice to 16-year-olds: register that domain name you're thinking of. Don't wait. Do it now. If you don't have your own bank account, then go to a grocery store and pick up a prepaid debit card. If you're 12, do the same thing, but try not to use a regrettable name. If you're six months old, then do the same thing. Most people get by just using Facebook as their canonical internet presence, because most people are stupid. Facebook is a for-profit company, and you really don't want a for-profit company owning your name.)

This meant that I didn't even have the option of registering the other permutations of bbot.org. They're all taken.

Secondly, trying to register every single variation on a name is an exercise in futility. There's 280 top level domains. Are you going to register all of them?

Then there's typosquatting,where attackers register misspelled versions of your domain. How many possible misspellings are there? Then there's registering variations of your domain, or X-sucks.com, etc etc etc.

This is all a waste of time. Nobody types in domain names anymore, they just use google, or a bookmark, or the browser history. It's just a cynical money grab, siphoning money from large corporations that are still under the delusion that they can manage their brand on the global internet.

But I might have to register bbot.xxx.

That page loads 322 files. (Ugh) One of them is... different.

It would save 118kb? But wait, judging from the filename, that's a 40x40 avatar image!

Turns out, in total, it's one hundred and twenty one fucking kilobytes. Running it through PNGsquash takes it down to 3.54 kilobytes. The old file is thirty four times bigger. Just for shits and giggles, I popped it into gimp and saved it as an entirely uncompressed 32-bit BMP file. Here it is:

Double the size! Awful, terrible! It's now 6.3 kilobytes.

Now, not everyone can be as awesome as me, and use a 296 byte avatar image, but still, a 121 kilobyte 40x40 image file is a bit bloody much. Let's run it through pngchunks:

Chunk: Data Length 13 (max 2147483647), Type 1380206665 [IHDR]
  Critical, public, PNG 1.2 compliant, unsafe to copy
  IHDR Width: 40
  IHDR Height: 40
  IHDR Bitdepth: 8
  IHDR Colortype: 6
  IHDR Compression: 0
  IHDR Filter: 0
  IHDR Interlace: 0
  IHDR Compression algorithm is Deflate
  IHDR Filter method is type zero (None, Sub, Up, Average, Paeth)
  IHDR Interlacing is disabled
  Chunk CRC: -1929463699
Chunk: Data Length 106022 (max 2147483647), Type 1346585449 [iCCP]
  Ancillary, public, PNG 1.2 compliant, unsafe to copy
  ... Unknown chunk type
  Chunk CRC: -1377520713
Chunk: Data Length 6 (max 2147483647), Type 1145523042 [bKGD]
  Ancillary, public, PNG 1.2 compliant, unsafe to copy
  ... Unknown chunk type
  Chunk CRC: -113001601
Chunk: Data Length 9 (max 2147483647), Type 1935231088 [pHYs]
  Ancillary, public, PNG 1.2 compliant, safe to copy
  ... Unknown chunk type
  Chunk CRC: 1976496277
Chunk: Data Length 6991 (max 2147483647), Type 1951945850 [zTXt]
  Ancillary, public, PNG 1.2 compliant, safe to copy
  ... Unknown chunk type
  Chunk CRC: 1156069395
Chunk: Data Length 6313 (max 2147483647), Type 1951945850 [zTXt]
  Ancillary, public, PNG 1.2 compliant, safe to copy
  ... Unknown chunk type
  Chunk CRC: -331828581
Chunk: Data Length 52 (max 2147483647), Type 1951942004 [tEXt]
  Ancillary, public, PNG 1.2 compliant, safe to copy
  ... Unknown chunk type
  Chunk CRC: -1807344212
Chunk: Data Length 1491 (max 2147483647), Type 1951945850 [zTXt]
  Ancillary, public, PNG 1.2 compliant, safe to copy
  ... Unknown chunk type
  Chunk CRC: 1166967249
Chunk: Data Length 3325 (max 2147483647), Type 1413563465 [IDAT]
  Critical, public, PNG 1.2 compliant, unsafe to copy
  IDAT contains image data
  Chunk CRC: -384872633
Chunk: Data Length 37 (max 2147483647), Type 1951942004 [tEXt]
  Ancillary, public, PNG 1.2 compliant, safe to copy
  ... Unknown chunk type
  Chunk CRC: 437683276
Chunk: Data Length 37 (max 2147483647), Type 1951942004 [tEXt]
  Ancillary, public, PNG 1.2 compliant, safe to copy
  ... Unknown chunk type
  Chunk CRC: 1800092912
Chunk: Data Length 17 (max 2147483647), Type 1951942004 [tEXt]
  Ancillary, public, PNG 1.2 compliant, safe to copy
  ... Unknown chunk type
  Chunk CRC: 745887135
Chunk: Data Length 32 (max 2147483647), Type 1951942004 [tEXt]
  Ancillary, public, PNG 1.2 compliant, safe to copy
  ... Unknown chunk type
  Chunk CRC: -376046480
Chunk: Data Length 0 (max 2147483647), Type 1145980233 [IEND]
  Critical, public, PNG 1.2 compliant, unsafe to copy
  IEND contains no data
  Chunk CRC: -1371381630

As you would know if you had read the wikipedia article on PNG, (Neil also has a good overview of the format) it's one of the modern "container" types, with various types of chunks, most of them compressed with DEFLATE (which most people know as gzip). This is why compressing a PNG file does little to nothing: it's already compressed. PNGchunks just lists the chunks inside the container format.

As wikipedia will tell you, there's four critical chunks, IHDR, (header) PLTE, (palette) IDAT, (the actual image) and IEND. (image end) This image doesn't have a palette, since it's in full 24-bit RGB color. Here's IDAT, again:

Chunk: Data Length 3325 (max 2147483647), Type 1413563465 [IDAT]
  Critical, public, PNG 1.2 compliant, unsafe to copy
  IDAT contains image data
  Chunk CRC: -384872633

3,325 bytes. That makes sense.

Then there's 8 tEXt and zTXt fields. One contains EXIF metadata, one contains separate (?) IPTC XMP metadata. Then there's what is probably another copy of the image, in Adobe 8BIM format. These, combined, use up 14,970 bytes, four and a half times bigger than the image itself.

That's dumb. But it gets dumber. So far we've only accounted for 18,308 bytes of the file. But if we look at the chunk list again...

Chunk: Data Length 106022 (max 2147483647), Type 1346585449 [iCCP]
  Ancillary, public, PNG 1.2 compliant, unsafe to copy
  ... Unknown chunk type
  Chunk CRC: -1377520713

That, my friends, is a 106 kilobyte Kodak sRGB color profile for a 3 kilobyte image file. Gaze in awe.

This is not exactly an unknown problem. Google constantly harps on optimizing images, but Tumblr blindly reuses images that its users hand it. This makes me sad.