That’s the challenge: giving the public a formula they know and feel comfortable with, but making it different from anything they’ve seen or experienced before.

— Roberta Williams

Although Ken Williams left his office at Sierra On-Line for the last time on November 1, 1997, his wife Roberta Williams stayed on for another year, working on the eighth entry in her iconic King’s Quest series. King’s Quest: Mask of Eternity turned into the most protracted and tortured project of her long career.

Roberta had long since fallen into a pattern of alternating new King’s Quest games with other, original creations. Thus after Phantasmagoria shipped in the summer of 1995, it was time for her to begin to sculpt a King’s Quest VIII. Yet she was unusually slow to get going in earnest this time around; perhaps she was feeling some of the same sense of exhaustion that her husband was struggling with in a very different professional context. She tinkered with ideas for the better part of a year, during which the fateful acquisition of Sierra by CUC came to pass. By the time a team was finally assembled around her to make King’s Quest: Mask of Eternity in mid-1996, Sierra’s day-to-day operations were teetering on the cusp of enormous changes, not the least of which would be Ken Williams’s dramatically circumscribed authority. To further punctuate the sense of a new era in the offing, Mask of Eternity was to be the first King’s Quest game ever not to be made in Oakhurst, California; this one would come out of the new offices in Bellevue, Washington. Most members of the team assigned to it were new as well, with the most prominent exception being producer Mark Seibert, who had filled the same role on the hugely successful King’s Quest VII: The Princeless Bride and Phantasmagoria.

By this point, the lack of any subsequent point-and-click adventure games that had sold in similar numbers to Phantasmagoria, from Sierra or anyone else, was sufficient to raise concerns about the genre’s health in any thoughtful observer of the state of the industry. Roberta Williams apparently was such an observer, for it was she herself who decided to make Mask of Eternity different from all of the King’s Quest games that had come before, in order to better meet the desires of contemporary gamers as she understood them. Using Mark Seibert, who had played a lot more of the recent popular non-adventure games than she had, as something of a spirit guide to the new normal, she conceived a King’s Quest that would run in a real-time 3D engine, combining her usual focus on storytelling and puzzle-solving with some action elements. The broader goal would be to create a dynamic living world full of emergent potential, rather than another collection of set-piece puzzles linked together by semi-interactive conversations and non-interactive cutscenes. “We didn’t want to make it so you go here and solve a puzzle, then go there to solve a puzzle, then go to a puzzle somewhere else,” she told an early journalist on the scene. “What we really wanted to bring was that sense of going on an adventure, of going on a quest. It’s not just a word in the title. We want you to feel like you’re really doing it.”

Taken in the abstract, her understanding of what she needed to do in order to keep King’s Quest relevant wasn’t by any means completely misguided. Yet circumstances almost immediately began to militate against it cohering into a solid, playable game. SCI, the venerable adventure engine that had powered the last four King’s Quest games and Phantasmagoria, along with dozens of other products from Sierra, was totally unsuited for this one. To replace it, the team wound up borrowing a 3D engine that had been developed by Sierra’s subsidiary Dynamix with flight simulators in mind. They never were able to fully wrestle it into a form suitable for this application; the finished game remains a festival of jank, sporting walls that you can literally walk right through if you hit them just right.

Roberta Williams felt her own authority being gradually undermined as the new order at Sierra, now merely one part of the software arm of CUC, became a fact of life. In the past, she had enjoyed privileges that were granted to none of Sierra’s other designers — such were the benefits of sleeping with the boss, as she herself sometimes joked. She had worked from home most days, emailing her design documents to the people entrusted with implementing them and then supervising their labor only loosely from afar. But she now found that her ability to set her own working hours and location and even to make fundamental decisions about her own game was waning in tandem with her husband’s fading star. “Suddenly finding that she was expected to build another bestselling King’s Quest game, but that the developers didn’t really have to do what she said, was something Roberta had never had to face,” writes Ken in his memoir. “There were days when she would come home crying.”

In the last week of 1996, Blizzard Entertainment, that rising star of the CUC software arm, shipped Diablo to instant, smashing success. A decree came down from above to make Mask of Eternity more like Diablo, by adding extensive monster-killing and other CRPG-like elements to the design. Roberta Williams was utterly out of her depth. Increasingly, she felt like a third wheel on her own bicycle. And yet there was no other confident and empowered voice and vision to replace hers, just a babble of opinions — hers among them, of course — trying to arrive at some sort of consensus on every new question that came up. Whatever his other faults as an administrator and organizer, Ken Williams had never allowed this to happen. His rule had always been that there was one lead designer on each project, and that person called the shots. If the lead designer “wanted something done, whether the team agreed or not, it didn’t matter. It’s her game and her career on the line.” Now, though, this philosophy no longer held sway at Sierra, even as there was no coherent alternative one to take its place.

So, the Mask of Eternity team bumbled along with no clear ship date in sight, more a mob of wayward peasants than a well-honed army. In the meantime, there were more big changes at the corporate level: as we learned in the last article, the merger of CUC with HFS was announced in May of 1997. It was to be consummated that December, with the conjoined corporation taking the name of “Cendant,” from the Latin root that has given us the verb “to ascend” in English. The name was chosen by Walter Forbes, reflecting the conceit of a culture-vulture sophisticate in which he so loved to cloak himself. For his part, Henry Silverman of HFS, who was all about facts and figures and bottom lines, thought one name was as good as another, as long as his marketing people told him it would pass muster on Wall Street.

Well before the merger was completed, there were signs that this shotgun marriage of opposites was going to be a more challenging relationship than either had anticipated. Silverman ran a tight, focused ship, while Forbes’s board of directors and senior managers were, as Ken Williams had experienced firsthand, more inclined to discuss their golf handicaps than matters of vital interest to the company. “They were like children playing at business,” says one of Silverman’s top lieutenants of his counterparts from CUC. Growing concerned about the overall competence level and work ethic of Forbes himself, Silverman suggested to him in November of 1997, before the merger was even completed, that it might be best if he, Silverman, stayed on a little longer as CEO instead of turning over that position on January 1, 2000, as stipulated in the merger contract.

This was not music to Forbes’s ears. He had already been complaining for a while about Silverman’s high-handed style — about the way he was treating CUC as if it was being bought rather than being an equal partner in a merger — and he didn’t even deign to reply to this latest proof of his allegations. The relationship between the two executives grew so poisonous that Silverman hired a private detective to investigate rumors of womanizing and sexual harassment on Forbes’s part, hoping to find some leverage to use against him. Much to his disappointment, the detective failed to dig up enough actionable dirt.

Again, it should be remembered that all of this jockeying was taking place before the merger had even come off. Given the warning signs that were blinking red everywhere by November, one does wonder why Henry Silverman went through with the deal. The best answer anyone has come up with is that he was a creature of the stock market right down to his bones, and both companies’ stock prices had been sent soaring by the news of the merger. To call it off now would cause the stock to crater just as quickly.

So, the marriage was consummated on schedule, with Henry Silverman as the first CEO of the new Cendant Corporation. By virtue of his job title, he ought to have had access to every aspect of the former CUC’s operations and finances. Yet he ran into a baffling resistance from Forbes’s middle managers whenever he tried to dig beneath the surface. When he called on Forbes directly to intercede and get him the numbers he wanted, Forbes said blithely that he would prefer to preserve the “financial-reporting autonomy” of his half of the company. Silverman, whose temper could be volcanic, had to expend great effort to keep it under control now. He explained to his new chairman of the board, as clearly and calmly as he could, that that wasn’t how a merger worked. Forbes seemed to accept this. And yet at the end of February, more than two months after the merger had ostensibly been effected, Silverman still had no clear figures on his desk. His accountants were now telling him that, if these didn’t surface soon, they would be unable to make a legally mandated filing with the Securities and Exchange Commission. Silverman would have to be a far less perceptive businessman than he was not to smell a rat of considerable proportions.

On March 6, 1998, he dispatched his chief accounting officer Scott Forbes — no relation to Walter — from Cendant’s new headquarters in Manhattan to CUC’s old ones in Stamford, Connecticut. The accountant’s orders were to get the numbers he needed by any means necessary, even if it required getting Silverman himself to come onto the speakerphone and threaten somebody’s job. He met with E. Kirk Shelton, Walter Forbes’s right-hand man. Caving at last, Shelton sheepishly explained that there was a little problem — only a little one, mind you — with the former CUC’s books. Its actual revenues during its last year had come in about $165 million under the figures it had reported. While Scott Forbes was still shaking his head at this piece of news, wondering if he had heard correctly, Shelton rushed to add that the problem was easily fixable, by reporting equity from the merger as operating revenue. “We want you to help us figure out how to creatively do this,” said Shelton, as if committing accounting fraud was just another day at the office — which to him it was, as would soon become all too clear.

Henry Silverman was predictably livid when Scott Forbes told him what had just transpired in Connecticut. He tried to contact Walter Forbes, but learned that that gentleman of leisure was on vacation in Hawaii and wasn’t receiving calls. Walter did eventually deign to send an email in response to the CEO’s increasingly furious queries, saying that they would get together and sort everything out when he came home in a few weeks. Like Shelton, he seemed to believe that the discovery of a $165 million shortfall was no big deal — or else he had made a strategic decision to act as if it was.

Not realizing that he would soon be wishing that $165 million was the full extent of the discrepancy in CUC’s books, Silverman said nothing publicly, hoping this could all still be swept under the rug as the mere teething problems that always accompany big mergers, even as he privately vowed to be rid of Walter Forbes by hook or by crook. “I can’t have people working with me that lie to me!” he raged.

Rather belying his own attempt to treat CUC’s accounting irregularities as No Big Deal, Walter Forbes, upon his return from Hawaii, refused to meet with Silverman at the headquarters of the company that they supposedly ran together. Instead he insisted that Silverman and his closest lieutenants talk with him and his on neutral ground, in a Manhattan hotel suite. This meeting took place on April 1, which must have struck Silverman as an appropriate date, seeing how Forbes had fooled him into merging their companies. Brushing off all of Forbes’s efforts at preliminary light conversation, Silverman got straight to the point — or rather to the ultimatum. He was prepared, he said, to look for a way to keep CUC’s shortfall from becoming public and placing Forbes in serious legal jeopardy. He would do this not for Forbes’s sake — for Forbes, he made it clear, he had nothing but contempt — but for that of Cendant’s employees and shareholders. As a condition, though, Forbes, Skelton, and the rest of the old CUC inner circle would have to open their books to him at long last — full transparency across the board. Then they would need to leave the company, just as soon as the necessary severance contracts and press releases could be crafted. According to most reports of the meeting, Forbes and his people agreed to this.

Having vented his rage on these eminently deserving targets, Silverman left the hotel suite feeling cautiously optimistic. The shortfall was ugly, but it shouldn’t be enough to sink the business as a whole. And the upshot of the whole affair was that he would get Walter Forbes and rest of the CUC amateurs out of his hair once and for all. Silverman ordered his accountants to conduct a thorough audit of CUC’s books, to provide him at last with that which he had been seeking for so long, the same thing that Ken Williams had sought much more lackadaisically before him: a proper picture of what exactly CUC did, how it did it, and where its money was coming from and going to. He gave them two weeks.

The day of reckoning was April 15, 1998. Silverman might have suspected the worst when he saw that his own people had brought two mid-level CUC accountants with them, and insisted that they give the presentation, as if afraid of becoming collateral damage of the CEO’s temper. Their fear was thoroughly understandable. For what was revealed on that day was a tale of fraud on a scale literally unprecedented in the history of American business. Over the past three years alone, CUC had conjured out of thin air more than half a billion dollars in revenue that had never actually existed in the real world. To Walter Forbes, business had been a shell game. Now you see it, now you don’t.

CUC’s long tradition of financial malfeasance had apparently begun, as these things so often do, with dubious short-term measures that were intended merely to grease the wheels of the company’s legitimate operations as they passed from a slow-moving present to a doubtless supersonic future. Already before the end of the 1980s, CUC had taken to booking pledged membership fees — fees that would be realized only if the members in question didn’t cancel, which they frequently did — as guaranteed revenues at the start of each fiscal year. More and more such schemes came into play as Walter Forbes and his cronies fell further and further down the slippery slope of fraud. When a new fiscal year began, they would figure out how much money they needed to have made during the last one to slightly outperform Wall Street’s expectations, then fiddle with the books appropriately. Jerry Bowerman of Sierra, in other words, had been onto something when he pointed out to Ken Williams how weirdly consistent CUC’s revenue growth had been for years and years. “That’s categorically impossible,” he had said. “Does not happen.”

Except, that is, in the case of fraud. The scope of the malfeasance was breathtaking, permeating every layer of the company, as later described by the forensic accountant Ron Rimkus.

According to later testimony by the company and the SEC, CUC managers would analyze the difference between actual financial results and the estimates put out by Wall Street analysts at the end of each quarter. They would then target specific aspects of the business to adjust in order to inflate earnings. After determining the best areas to change, the managers would then instruct others in the company hierarchy to adjust the various accounts — thus creating a false income statement and balance sheet. Their methods included under-funding reserves, accelerating recognition of revenues, deferring expenses, and drawing money from a merger account to boost income. After lower-level managers made the accounting changes to the financials, the cycle would be completed by adjusting the top line of quarterly changes and, subsequently, making back-dated journal entries at the division level to get the general ledger to balance. CUC’s leadership was able to hide the irregularities through misrepresented accounting entries, often moving certain transactions off the books. For a company of this size to maintain two sets of books requires a widespread internal effort to produce the second set of books so the company can present a blend of truth and fiction to the auditor without getting caught.

Eventually, CUC started to run out of internal revenue streams to which it could apply its portfolio of tricks. It was at this point that Walter Forbes began aggressively buying up other companies, among them Sierra On-Line and Davidson and Associates. These transactions were always conducted in stocks, never cash. The fraud that followed depended on the concept of the “merger reserve,” meaning the cash profits and assets that the acquired company brought with it into the new relationship. CUC reported this reserve as operating income for the parent company. In order to keep the hamster wheel spinning, of course, CUC had to keep buying more companies with the funny money it had “earned” from its last round of acquisitions. Underneath his unruffled exterior, Walter Forbes had been paddling as furiously as a duck on a placid pond.

But there had to come an end point, when neither the internal shenanigans nor the acquisitions could could continue to paper over the discrepancy between the money CUC said it was making and the money it was really making. This limit point was looming by 1997. And this was what had set Walter Forbes down at a table with Henry Silverman, to negotiate a merger on a whole different scale from the acquisitions he had carried out to date. That said, it’s hard to identity what his real endgame in all of this actually was. He had to know that the fraud would come to light soon after the merger was consummated, and even he could hardly have been delusional enough to believe that Silverman would be willing and able to cover it up and let bygones be bygones. We can only conclude that chicanery had become such a way of life that the deal was worth it to him just to keep the wheel spinning for a few more months. When you get down to it, everything he and his people had done before negotiating the merger had been equally short-term. It was just a question of surviving and continuing to play the rich and successful businessman for today. Tomorrow could be dealt with when it came.

For once, even Henry Silverman was rendered speechless when he was told all of this about the man to whom he had shackled himself. After he picked his jaw up off the floor of his office, his analytical mind went to work. He knew right away that there could be no attempt to hide, minimize, or excuse this fraud; to do so would be to run the risk that the legal authorities would suspect that he and his people were also complicit in it in one way or another. The only way to save Cendant, and with it his own reputation, was to get out in front of the scandal before it broke on its own. He prepared a press release, to be sent out just after the markets closed on that very day. It spoke vaguely of “accounting irregularities” that had been perpetrated by “certain members of the former CUC management,” then announced matter-of-factly that the latter company’s earnings for 1997 would have to be adjusted — reduced, that is — by $165 million immediately, with more such adjustments very likely to come later. Having fired off this bombshell, Henry Silverman went home to get a good night’s sleep, knowing the storm that would break over his head when the next day’s trading began.

The tempest was as violent as he had anticipated, if not worse. Almost 110 million Cendant shares were traded that day, setting a Wall Street record. The stock price plunged from $36 to $19, reducing the company’s market cap by $14 billion. The first three shareholder lawsuits had already been filed before the trading day was over. In the weeks that followed, Cendant adjusted the figure of $165 million to $260 million in missing revenue for 1997 alone, with yet more years full of “irregularities” still craving investigation. Within six months, the stock price would be down to $9, the shareholder lawsuits numbering more than 70.

With characteristic brazenness, Walter Forbes contended that he had known nothing of the fraud committed on his watch — a claim of innocence that was, even if believed, as damning in its way as a confession, what with the degree of incompetence and negligence it would have to reveal. Nevertheless, forgetting what had been discussed in that Manhattan hotel suite on April 1, he fought to stay on as the current chairman of the board and the CEO in waiting of Cendant. He urged stonewalling opacity to the rest of the board as an alternative to Silverman’s strategy of transparency. The ruthless Wall Street money man thus found himself cast in the unwonted role of Cendant’s voice of conscience. “To urge me, as you seem to do, to not properly portray accurate information about our businesses,” wrote Silverman to Forbes in a letter (“I had difficulty looking at him” face to face, he admits), “appears to be of similar ilk to the conduct that brought us to this situation. I will not do that.”

Silverman didn’t manage to force Forbes out once and for all until July of 1998. When Forbes did leave, he took with him ten members of his board (good riddance, thought Silverman!) and a $47.5 million severance check. Whatever the long-term future held for Walter Forbes, he would have no problem continuing to enjoy his current lifestyle for the time being.

While Forbes was doing so, Henry Silverman rolled up his sleeves and set to work repairing the damage the disastrous merger had done to his own, legitimately profitable company. It was a daunting task, but it would prove not to be an impossible one. Hewing still to his strategy of powering through the heart of scandal so as to put it behind him as quickly as possible, Silverman agreed to shell out $2.83 billion in December of 1999 to settle the various shareholder lawsuits. The fact that Cendant, the name now associated with the biggest accounting scandal in American business history, was almost unknown to the American public in any other context, being hidden behind a welter of other brand names that they did know well, was an immeasurable aid to its survival; few consumers made any mental connection to the scandal when they booked a room at a Days Inn or rented a car from Avis. Indeed, most of those rental-car, hotel, and real-estate franchises which Cendant administered were still doing pretty darn well out there in the real world. For all of its difficulties, then, Cendant still had real money coming in, enough to offset the missing funny money of CUC over the long arc of time. It would survive and even expand its franchising reach well into the new millennium. In 2005, it voluntarily broke itself up into four separate companies to better service its increasingly diverse portfolio of brands. Henry Silverman, the first, last, and only CEO of Cendant, walked away from that culmination of fifteen years of work with a cool $250 million. Seen from this perspective, the CUC merger seemed like little more than a bump in the road.

As for Walter Forbes: the pace of criminal law for white-collar offenders like him is regrettably slow in the United States, but, in some cases at least, some form of justice is served in the end. After eight years of legal wrangling, he was convicted of conspiracy to defraud and two counts of submitting false reports to the Securities and Exchange Commission in October of 2006. (E. Kirk Shelton had been found guilty of a similar collection of charges a year earlier.) Forbes was sentenced to twelve years in prison and $3.28 billion in fines and restitution — fines which, needless to say, nobody expected him to ever be able to pay. By the time he was released from prison in July of 2018, the financial scandal that had made him and CUC infamous for a while had been all but forgotten, eclipsed by even bigger ones like the collapse of Enron and the machinations of Bernie Madoff. As far as I know, he is still alive today. If you asked the current 82-year-old Walter Forbes about his history, and if he happened to be in an honest mood when you did so, perhaps he would tell you that his halcyon decades as a jet-setting titan of industry were worth the twelve years of his life he had had to spend in prison to pay for them. He booked his revenue well ahead of his debt to society, just the way CUC always did it.

The infamous merger between CUC and HFS was actually a brilliant stroke of luck for the former Sierra On-line. For if that deal hadn’t gone through, CUC would almost certainly have crashed and burned at some point during late 1997 or early 1998, with no Henry Silverman to hand to clean up the mess. Blizzard Entertainment was doing so well by then that someone would probably have found a way to scoop it out of the wreckage, but Sierra, which could boast of no similar run of recent hits — Ken Williams’s parting gift to his old company of Half-Life wouldn’t be released until November of 1998 — might very well have been permanently buried under the rubble.

As it was, Silverman had no long-term interest in maintaining the software arm of Cendant. For him, games studios and publishers were a distraction from Cendant’s core business, to be unloaded as quickly as possible. To accomplish this, he replaced the rather clueless Chris McLeod — yet another legacy of Walter Forbes whom he couldn’t be rid of fast enough — with a well-respected games-industry executive named David Grenewetzki, whose last job had been with the publisher Accolade. While Blizzard was obviously doing just fine as it was, Grenewetzki’s brief when it came to Sierra and the rest of the software arm was to trim the fat, to finish and ship whatever was reasonably far along and worth the effort, and to cancel whatever was not, all in order to make this superfluous part of Cendant look as attractive as possible to potential buyers. If he did a good enough job that a buyer wanted to keep him on afterward, more power to him.

By this point, King’s Quest: Mask of Eternity had been dawdling along without any firm sense of direction for some eighteen months. Grenewetzki ordered Roberta Williams, Mark Siebert, and the rest of their unruly crew to kick it into gear and get the game done in time for Christmas, assigning them a new set of minders to settle their disputes and make sure they met their milestones. These were effective enough: the game shipped on November 24, 1998. Roberta Williams was largely missing in action during the last few months, choosing to join her husband on a vacation to France while the rest of the team was crunching.

Playing the game today puts me in mind of Douglas Adams’s description of an aye-aye lemur: “a very strange-looking creature that seems to have been assembled from bits of other animals.” Or perhaps the old joke about a camel being a horse that was designed by a committee is more apropos. Collaboration, feedback, and testing are of incalculable importance in any kind of game development, mind you; in fact, I would argue that one of the biggest problems with virtually all of Roberta Williams’s earlier games was that she didn’t engage in enough of these things. Yet a game also needs to have a firm sense of its own identity, which usually translates into having a decisive final arbiter in charge of it. Mask of Eternity all too clearly didn’t have that; neither Roberta nor anyone else was allowed to fill that role. In the absence of an empowered lead designer, Mask of Eternity became a game of bits, a collection of disparate parts that clash more often than they gel.

This strange-looking digital creature that was assembled from bits of other popular games sports the acrobatic challenges of Tomb Raider, the ultra-violent action of DOOM and Quake, the CRPG-lite trappings of Diablo, and even from time to time the puzzle-solving of a traditional King’s Quest, all of it implemented more or less badly. The floating camera is an especial pain, requiring constant fiddly adjustments that break up whatever sense of flow the rest of the game permits you to establish. The writing veers all over the place, from Roberta Williams’s trademark fairy-tale whimsy to adolescent gross-out humor that wouldn’t have felt out of place in Duke Nukem 3D. The dialog is delivered for some reason in a pseudo-Shakespearian diction, all “thee” and “thou” and “by your leave, milady,” read by dulcet-toned British voice actors who clearly have no idea what the characters they’re playing are on about and don’t much care. The game is very hard to connect with King’s Quest at all for long periods, until someone seems suddenly to remember the name on the box and throws in a few gratuitous references to King Graham’s earlier adventures or the history of Castle Daventry. I’m not the best person to wax outraged over all the ways that Mask of Eternity betrays its lineage, given that I’m the farthest thing from a hardcore fan of King’s Quest in general. Yet even I can see why so many gamers who are much more invested in the series than I am consider this, its final official entry prior to a brief-lived and almost equally underwhelming 2015 revival, such an insult to everything that came before.

As is the case with so many such Frankenstein’s monsters, it’s hard to figure out just whom Mask of Eternity was supposed to be for. The series’s usual pool of players — who tended to skew younger and to include more women and girls than was the norm even for the adventure genre in general — would be put off the first time they punched a monster in the face and saw its head fly off in a shower of blood and gore. And yet the demographic that enjoyed more violent and visceral games would be equally put off by the harsh reality that Mask of Eternity just wasn’t a very good action game long before they came across the first convoluted adventure-style puzzle to cement their indifference. You can’t be all things to all people — especially not with all-around execution as poor as this.

If anything, reviewers were kinder to the game than it deserved. Computer Gaming World magazine gave it four out of five stars, whilst admitting that it “required an open mind” and that “the old-school puzzles may frustrate newbies, while the veterans may be annoyed at the jumping and the combat.”^[1]Reviewer Thierry Nguyen seemed not to have played any game since the early 1980s. “If you wanted to pull a switch in an earlier game,” he wrote, “you probably would have typed, ‘push box,’ then ‘get on box,’ and finally ‘pull switch.’ Here, you have to literally push the box, jump on top of it, and look up to pull the switch.” What a revelation! The website GameSpot called it “enjoyable” but “occasionally maddening”: “Sierra should be applauded for trying something new, even if its reach somewhat exceeds its grasp.”

But gamers weren’t buying such prevarications, and didn’t buy many copies of Mask of Eternity. Its commercial failure killed the longest-running series in the adventure genre as dead as one of its pixelated goblins. It marked the final nail in the coffin as well of Roberta Williams’s tenure as the “Queen of Adventure Games.” She wouldn’t design another game for a quarter of a century. The times, they were a-changing.

Sierra’s decision to drop the Roman numeral from the eighth King’s Quest game is indicative of the confused, have-your-cake-and-eat-it-too quality of all of its messaging around Mask of Eternity. The logic was that the new generation of gamers Sierra was hoping to attract would be intimidated by its being the eighth game in a series, might even feel they shouldn’t bother with it if they hadn’t played the previous seven. But then, if you are so concerned about reaching these people, why call it a King’s Quest game at all? The only cachet that brand might have held for most of them was the negative cachet of the “kiddie games” their moms or sisters used to play.

Mask of Eternity’s hero Connor looks like he could break Sir Grahame or any of the other protagonists from the first seven King’s Quest games in two without straining his tree-trunk-sized arms.

This level — err, area — is Egyptian-themed. What does this have to do with King’s Quest? Beats me… but Stargate SG-1 was popular on television at the time. Got to tick those boxes…

“Oh, great, another jumping challenge! I love those, especially with these extra clunky controls!” said no player of Mask of Eternity ever.

Did you enjoy this article? If so, please think about pitching in to help me make many more like it. You can pledge any amount you like.

Sources: The books Not All Fairy Tales Have Happy Endings: The Rise and Fall of Sierra On-Line by Ken Williams, Financial Shenanigans: How to Detect Accounting Gimmicks & Fraud in Financial Reports by Howard Schilit, Stay Awhile and Listen, Book II: Heaven, Hell, and Secret Cow Levels by David L. Craddock, Gamers at Work: Stories Behind the Games People Play by Morgan Ramsay, and Last Chance to See by Douglas Adams and Mark Carwardine. Wired of November 1997; New York Times of May 27 1997, July 4 1998, July 5 1998, and June 16 2000; Wall Street Journal of July 29 1998; Fortune of November 1998; Next Generation of June 1997; Sierra’s customer magazine InterAction of Fall 1996, Holiday 1996, and Fall 1997; Computer Gaming World of April 1999.

Online sources include “How Sierra was Captured, Then Killed, by a Massive Accounting Fraud” by Duncan Fyfe at Vice, Ron Rimkus’s analysis of the CUC/Cendant debacle for the CFA Institute, “A Pathological Probe of a Pool of Pervasive Perversion” by Abraham J. Briloff of Baruch College, Forbes’s report of Walter Forbes’s sentencing, and the vintage GameSpot review of King’s Quest: Mask of Eternity.

I also made use of the materials held in the Sierra archive at the Strong Museum of Play.

Where to Get It: King’s Quest: Mask of Eternity is available as a digital purchase at GOG.com, packaged together with the more fondly remembered King’s Quest VII: The Princeless Bride.

In the sciences they call it the file drawer problem: studies that fail to achieve significance or reach the "wrong" conclusion end up hidden away, creating a distorted picture of reality. 

And so here's me rescuing something from the file drawer of banking procedure: a tale of two Americas, one bank branch, and $50,000 in cash.

A style magazine published an account of a large cash withdrawal that didn't match my understanding of banking reality. I burned several thousand dollars and a year investigating. I now doubt that account less, because I understand the context better.

Suppose you ask a bank to withdraw $50,000 in cash

There exist thousands of banks in the United States, each one independently operated with their own procedures, work forces, and circumstances. They are, broadly, similarly constrained by regulation, industry practice, culture, and perception of the threat environment. There is no such thing as a perfectly typical bank, banker, or banking client. But if we were to ignore the messiness of the real world, for the purpose of making a larger point, here is what is supposed to happen when a customer comes in and asks to withdraw $50,000.

A bank doesn’t expect its CEO or Head of Compliance to individually make decisions on every withdrawal. It has designed procedures to achieve the outcomes it (and its regulators, and other stakeholders) desire, and trained staff in how to implement those procedures. Those procedures happen to very explicitly contemplate this transaction.

The teller or personal banker, junior though they may be, is supposed to ascertain the identity of the customer, and ask themselves whether this is a typical transaction for this customer. Do they, perhaps, run a cash-heavy business which, every few weeks, takes out $50,000 to e.g. stock the ATM fleet they operate? If yes, either the staff knows that to be true personally, or this fact is noted on their account. (That note was written after the bank got extremely familiar with their cash management needs, for reasons.)

Very few customers routinely withdraw $50,000 in cash. We move to the next step on the flow chart. Here, the bank staff will begin to deploy some mix of truths, half-truths, and white lies.

One statement, which may be anywhere along that spectrum, is that the bank branch does not have $50,000 cash on hand. Across all bank branches in America, this is frequently actually, mathematically true. A true-ish variant of it is that the branch does actually have a bit more than $50,000 cash on hand. The branch needs it to service customers with routine cash needs, and the instant customer cannot be allowed to wipe out the bank’s on-hand cash reserves, because that will cause them to disappoint dozens or hundreds of customers between now and the rebalancing shipment of cash they will swiftly order. And then there is a false variant, where at some branches this is factually as operationally straightforward as exchanging a $20 bill for two rolls of quarters, but where the lie is institutionally excusable to save this customer from themselves.

Many people who have never withdrawn $50,000 in cash do not have great reasons for suddenly wanting to withdraw $50,000 in cash. It is quite likely they are being scammed or otherwise victimized. The bank, in consideration of its legal and ethical duties to its customer, would prefer to not facilitate this, even unknowingly. Over the universe of all people with this request, the bank knows, in its soul of corporate personhood, that it has actual knowledge of what is likely happening here.

And so, the staff will likely say that the bank has a rule, procedure, or request that the customer call them a day or two in advance of making large cash withdrawals. This will “allow us to get the cash together.” Now, in point of fact, there is a number that the branch manager could call to ask for an extraordinary shipment of physical currency, but this is mostly intended as a speedbump. Scams and other forms of exploitation rely on isolating the victim and pressuring them into making poor choices. Mandating a cooling-off period causes some scams to effervesce like dew in the morning sun.

Perhaps, as happens in many non-routine requests in banking, the customer will call in third-party professionals. Perhaps the customer, annoyed that the $50,000 they need to consummate a real estate transaction isn’t trivially on offer, might phone their real estate lawyer. This is music to the bank’s ears. Not every voice on a telephone is actually a lawyer, and not every member of the bar upholds its strict standards of professionalism and moral uprightness, but lawyers are so much easier to work with than civilians. And, should the matter be reviewed later, the bank will be able to document its reasonable reliance on representations made by a lawyer.

Fraudsters have frequently targeted real estate transactions in recent years. Banks are acutely aware of this; it’s covered extensively in their professional journals and in circulars from regulators. But banks, who have extensive experience with real estate deals, know that a few hiccups on closing are stressful for customers, but very rarely actually blow up transactions, certainly not like scams blow up bank customers.

The bank is unlikely to reach confidence, in this circumstance, in just a minute or two in the teller line. Many well-off people, with great relationships with their banks, with extensively paperworked transactions, will go through more than a half-hour of hoop jumping to get approval for anomalous transactions.

But suppose, for some reason, the calls do not happen and the extended due diligence is not performed. What is supposed to happen next? Well, typically at large money center banks (and here I cite both general industry knowledge and also sources familiar with banking procedure), the staff dealing directly with the customer will summon a second individual. Sometimes this is the branch manager, sometimes it is a peer. Sometimes the next action takes place verbally. Sometimes it happens in specifically built software which keeps an audit log of both staff signing off.

The bank invokes the Two Man Rule. (Yes, this has been renamed in many—but not all—formal documents recording procedural controls. Regulators have, generally, reviewed and approved those documents.)

If both individuals are satisfied that the anomalous transaction is not sufficiently hinky to refuse, it goes forward. This will generally require asking the customer about what they intend to do with $50,000 cash. Banks very rarely ask this question at $50 or $5,000.

Bankers, by law and custom, holistically review these situations. Elements considered include the account records, the experience of branch staff with this particular customer, and a host of context cues which the financial industry would prefer to dissimulate about.

If you are, for example, a lanky thirtysomething who waltzes into a branch in San Francisco and asks for a six figure wire to fund an investment, helpfully mentioning that you have the KYC/KYB information in a clear plastic folder, neither of the Two Men are likely to actually ask to read that folder. If you walk with a cane, if you speak with an accent, if you present as not really understanding the rituals you are engaged in, the bank and its staff will pay radically more attention to you, frequently not in ways you will enjoy.

Let us assume that a $50,000 withdrawal happens, through some pathway. It will have one more mechanical consequence. Very soon after the withdrawal, the bank will be obligated to file a Currency Transaction Report (CTR) with the Financial Crimes Enforcement Network (FinCEN), unless the customer has had a previously-approved status as someone who routinely needs to do this sort of thing, which almost no customers have. The CTR is a write-once read-probably-never document which mostly serves to get the customer’s banking information into a trivially searchable database for law enforcement.

And then what happens to the $50,000? Whatever the customer wants, really. If they want to put it in a shoebox and give it to a courier, it is, at that point, no longer the bank’s problem.

Style magazines sometimes publish hard-hitting journalism

In February 2024, the style publication The Cut published on its site, and concurrently in the print edition of New York Magazine, an article titled “The day I put $50,000 in a shoe box and handed it to a stranger I never thought I was the kind of person to fall for a scam.” It was written, in the first person, by a financial advice columnist who previously wrote for the New York Times business section.

The Cut and New York Magazine are owned by Vox Media, a private equity firm with material investments in advertising platforms (“We Create Premium Advertising Solutions”, “We Enable Media Companies To Build Modern Media Businesses”). Vox also publishes an eponymous website, notable for popularizing the term-of-art “explainer” and for publishing, about covid, analysis that aged more poorly than perhaps anything in the history of the written word. (It subsequently unpublished it.)

Many of Vox’s publications are good at what they do. The shoebox piece successfully achieved virality and follow-on coverage by several media orgs. A media critic could point to reasons why, such as the specificity and viscerality, the it-could-happen-to-anyone framing, and the complicated mix of schadenfreude, voyeurism, and self-protective reassurance which make so-called “true crime” explorations so explosively popular.

Vox Media sell ads with rate cards justified by the storied legacy of New York Magazine, which has won Pulitzers before, against articles of the caliber produced by The Cut. The print edition of the piece is immediately preceded by a fashion spread for “TOM FORD Halter-neck Jumpsuit and Black Stamped Croc Bar Belt, at tomford.com” A similar item, U0269-FAX1105, on the site bears the price tag $5,790, which is capitalism’s surest signal as to who it thinks is reading a publication.

For a quick vibe check on editorial standards of any publication, by their fruits shall you know them: just read the headlines. I checked them the morning of a presentation on this investigation, and they were “The high stakes of the group family vacation”, “George Clooney didn’t appreciate Biden criticizing his wife”, “The film exec distracted by her crushes at Cannes”, and “Madam Clairevoyant: Horoscopes for the week of June 9-15. Mars, planet of action, moves into steadfast Taurus. Time to knuckle down.”

Time to knuckle down… on hard-hitting journalism about banking procedures.

When I reached the bank, I told the guard I needed to make a large cash withdrawal and she sent me upstairs. Michael [a member of the scamming team] was on speakerphone in my pocket. I asked the teller for $50,000. The woman behind the thick glass window raised her eyebrows, disappeared into a back room, came back with a large metal box of $100 bills, and counted them out with a machine. Then she pushed the stacks of bills through the slot along with a sheet of paper warning me against scams. I thanked her and left. 

As the piece went quite viral on Twitter, a number of people reached out to me. One specific question asked was “Are high-value withdrawal rooms a thing?”, which I answered, somewhat confusedly, “I could believe that there is, somewhere among 76,000 bank branches in the United States, a room designed to make $50,000 withdrawals. But no, the standard branch layout has no such room designed or designated.” 

If a customer needs privacy, the branch has several rooms with doors, behind which banking business is routinely conducted. Those rooms are not fortresses. The branch is not a fortress. It's primarily a sales office for financial services that happens to handle some cash.

Then, I read the article, with a particular attention to the paragraph quoted above. I felt that several elements of this paragraph were inconsistent with the standard practice of banking.

I have an immense regard for journalism, generally, but the institution has been duped before. Stephen Glass comes to mind. One of the earliest bits of hard evidence against him was that he confabulated evocative details about the built reality of buildings he claimed to have visited. The shoebox piece contained much evocative detail, including some details I felt were, unbeknownst to almost all readers, likely to be checkable… and unlikely to have been checked.

Thus began an investigative journalism project, which ended up taking almost a year.

Reaching out to Vox Media

Having once worked for a Communications department, which very definitely does not endorse anything I say in this piece, I am aware of a social ritual of reporters and PR teams. You can send PR an email and ask them for a reply. By convention this is called a comment or a statement to pretend it is something vastly different in character than an excerpt from an email.

If one defects from this social ritual, many responsible professionals will conclude that one has something to hide. This is part of the reason why e.g. the largest banks in the world will swiftly answer questions asked by reporters working for, for example, a low-circulation weekly in Topeka, Kansas. This produces immense social utility, including by acting as an escalation pathway into the bank regarding, e.g., “Does the bank have a comment on why it is foreclosing on Ms. Mildred, who has shown this reporter a carefully maintained collection of checks that appear, to this reporter, to have been deposited?”

On February 22nd, 2024, I sent an email to Vox Media and asked for a comment. You don’t need to be bitten by a radioactive spider to do this. By custom, PR departments publish contact details widely, in part to avoid hostile journalists construing a lack of contact information as a refusal to comment.

There is, however, a performance of class that is helpful in getting PR departments to take you seriously. Mentioning that you are an avid Factorio player might not counsel an immediate reply to one’s questions. The following introduction is designed to compel one.

My name is Patrick McKenzie. I write a column titled Bits about Money, which frequently covers financial fraud and operational mechanics of banking infrastructure. I have previously appeared on Bloomberg and in the New York Times.

I read with interest the article about $50k in a shoebox, which was also published in the print edition of New York Magazine. I may reference it in future writing.

All claims in those paragraphs are true. Some people resent that one can assert authority simply because of implicit blessing of high-status institutions. I leave anyone to their aesthetic preferences, but will mention that this is a very important lesson for how halls of power in New York and Washington, D.C. work. 

When the New York Times attempts to commission a piece from you, they will say apologetically that they can’t pay that well for it, but almost nobody writes for the Times for the money. You are paid in a different coin. Flash it, John Wick style, at a PR department, and it immediately takes you seriously, or it is quickly brought to task by New York’s hidden-in-plain-sight subculture of character assassins.

My email to the press contact asked a few questions and avoided explicitly broaching the question I was most curious about: Did the editorial process understand this piece to be an exercise in… creative writing? This felt unlikely, but magazines publish a spectrum of artifacts. Some pieces are roman à clefs, some are pastiches, some are based in a true story, and some are the more traditional understanding of journalism. On the text of it, the piece reads like it is reporting a true event, but it is in a style magazine and does run next to a piece titled Tweencore (“What the 13-and-under set is shopping for.”) and, you know, one may be forgiven some doubts.

A spokesperson for New York Magazine replied with a statement for publication which removed all doubt about how it perceived this story.

The story was thoroughly fact-checked prior to publication, and as part of this process, we reviewed the writer's bank withdrawal, recordings of phone calls and text messages with their scammer, and their statement to the police.

Since I had publicly expressed doubt that there was any fact checking process, I corrected the record.

Published statements or comments routinely occur in the context of a larger conversation. This is rarely mentioned, and I am promoting this subtext to text. There may have been any combination of on the record, on background, or off the record statements between myself and Vox Media. The world may never know.

But generally speaking, careful titration of how much information passes between PR and reporters, including restrictions (which are closer to handshake agreements than contracts) on what can be used where and when, enables a brisk favor-swapping economy. That economy has failed to function recently in the tech industry, as I discussed previously with Kelsey Piper. (Kelsey works in a different part of the Vocis machinae.) 

When it does function, society gets the usual benefits of journalism, PR departments grumble a bit but play the game, the Bat Phone to mortgage servicing gets answered on the first ring, and advertisers sell their wares to willing customers to pay for it all.

Sources of doubt

So Vox Media’s statement through a spokesperson effectively definitively resolved my doubts about editorial processes… but this did not resolve my doubts about banking procedure. 

Fraud investigators, law enforcement, and journalists alike frequently start with intuition then backfill with objective facts. My intuitions were screaming.

The article does not actually name the bank or the bank branch, despite a scene unambiguously set within it, despite the centrality of its failure to the narrative, despite repeated identification of firms that were utterly uninvolved. The transaction does not proceed as what a bank expects to happen if someone asks for the entirety of their savings account in cash. Physical details provided for flavor purposes are very rare in the universe you live in.

The claimed fact checking process struck me as… other than robust, in worlds where parts of the article were not factually accurate.

For example, there are many ways to “review a bank withdrawal.” That review can involve five or more parties, and I’ve been on almost all ends of it at various times. Some “reviews” are low-friction but low-robustness, such as e.g. asking someone to see a screenshot of their mobile phone or a printout of a bank statement.

As I once told a colleague in an unrelated context: a printed bank statement is of limited probative value because it could be forged by a bright high school student.

The financial industry has a variety of ways to resolve this, depending on how much time and toil it wants to expend on the investigation. For example, you can call the financial institution which issued the statement in question, announce that you are in a room with their customer, and then ask their customer to ask them to read the financial institution’s copy of the statement into the open line. Many people I have told about this ritual assume that, due to security concerns, no bank will engage in it. Nope! This is extremely routine and will happen tens of thousands of times next Tuesday. It is obviously more trustworthy than a copy of the statement whose chain of custody includes a non-bank actor.

Anyhow, some years after cracking wise about bright high school students, I chanced upon an infelicity which happened to New York Magazine. It published that a Stuyvesant high school student had made $72 million trading stocks and was shortly to open a hedge fund.

This is obvious nonsense and would be detected within seconds of conversation by anyone professionally involved in hedge funds, but we have a ritual in our society which blesses some writers as being owed the benefit of the doubt when they publish obvious nonsense. If it ran in the pages of New York Magazine, and New York Magazine engaged its standard fact checking process by sending someone to Stuyvesant to review a bank statement, and that piece of paper said Chase at the top and an eight figure number at the bottom, then the clearly the story is defensible, right.

No! Of course not! New York Magazine got punked by a teenager. 

And so, reading New York Magazine’s newest written statement about thoroughly fact checking a bank withdrawal, I thought “After ten years memories fade. Vox is currently wearing New York Magazine as a skin-suit, so who knows if anyone involved in that fracas is still around. Perhaps current staff reviewed the newest issue’s most important transaction in an other-than-robust fashion.”

Texts from the scammer? Voice recordings? A statement to the police? All of these struck me as highly correlated rather than being independent evidence: all reliable if one trusts the writer, and all unreliable if one does not trust the writer.

Never having employed or encountered this writer myself, before she wrote things I believed to be improbable about banking procedure, I reflected on what I do trust. 

I trust the physical reality of the world. I trust that it is very difficult to corrupt the archives of societal institutions.

The physical reality of bank branches

Vanishingly few bank branches put teller windows on the second floor. Many people have not ever had reason to deeply consider this true fact about the world. Relatively few people have ever made real estate decisions about siting bank branches or sketched layouts for them.

By coincidence, my father has. And, as someone who listened attentively at the dinner table and on car rides as he geeked out with his eldest son about the relative merits of various corners in Chicago, when I read that there was a bank branch in New York City with thick glass on the second floor, I thought “If that unicorn exists, I can probably narrow it down to a single physical location.” 

New York City, ye capital of the world, ye center of global finance, ye city which never sleeps: poets say you contain stories beyond numbering, but bike messengers can count your bank branches. A few hundred. Done. A diligent person could walk into every last one. (Of course the public can just walk into bank branches. That is what they are for.)

I started by attempting to narrow the set, to save some shoe leather. One gets a free 90%+ reduction by narrowing it to one bank in particular. Bank regulators keenly track deposit share concentration (and, therefore, bank branch concentration) in major markets, and NYC, the majorest market, is gardened with an exactitude that makes the feng shui look effortless.

Who knows the bank? Well, Vox (by implication of their statement) must know the bank, and the writer certainly knows the bank, and perhaps one of these would give an on the record comment naming the bank.

The writer engages in freelance journalism, has a professional website which lists her email address, and swiftly answered a question from another writer, on the record.

Bank of America.

Now we are getting somewhere.

Bank of America will trivially give you a list of all Bank of America locations in Brooklyn, for many reasons, including “We would certainly hope you find our financial centers for your financial services needs. We didn’t build this branch footprint and lease out desirable locations for a half century and sweat the details about curb cuts for the sheer joy of it all.”

One can, if one is unusually punctilious, cross reference their list against public records.

One useful sort of public record is the Office of the Comptroller of the Currency’s weekly bulletin, which includes all bank branch closings for nationally chartered institutions in the United States. Why would one care about those bulletins? An investigation, conducted in February 2024, about branches open on October 31st, 2023, might otherwise miss some which closed in the interim. And so I told my research assistant to read a few months of bulletins. (He surprised me by saying there is a search engine these days. Well, this wire transfer compliance influencer learned a new trick in 2024.)

And so we had twenty two Bank of America branches in Brooklyn to look at.

I’m in Chicago, and flying to Brooklyn to spend three days walking into branches seems like an obviously irrational use of my time. So, in the finest tradition of publications assigning scutwork to junior employees, I sent Sammy to Brooklyn instead.

We excluded any buildings which physically didn’t have a second floor. We used sophisticated techniques taught in journalism school, like the fact you can press ten buttons on an iPhone and then someone at a bank in Brooklyn will immediately answer questions like “Does your branch have a second floor?”

We kept a detailed spreadsheet, in the expectation we might eventually have to show New York media outlets that we had done our homework. A timestamped call here, a Street View there, our search area narrowed precipitously.

The final round of investigation involved Sammy physically entering bank branches, walking to the second floor, and looking for physical details consistent with the story as published.

This is a long way to say: I am very confident indeed that the only place in the world the described bank transaction could possibly have taken place at is 1 Flatbush Avenue, at the teller window, on the second floor. Right here.

We took this photo in March 2024, only weeks after publication of the original article.

And then we entered a long, long holding pattern, trying to find one trusted institution to say that, as of earlier than February 2024, they understood the transaction to either a) definitely have taken place at 1 Flatbush Avenue or b) definitely not have taken place at 1 Flatbush Avenue.

In which we became acquainted with brisk walks across Brooklyn

If the incident took place in the physical world, then the geospatial reality of the world imposes some constraints on the narrative. The writer unambiguously locates their narrative in Brooklyn. But Brooklyn is large.

Could we narrow it down? Could we do that using only independent, trustworthy information?

I trust, for example, that the city of New York keeps mostly accurate records about who owns property. These are quite useful for e.g. facilitating the orderly operation of the country's largest real estate market. The records are publicly available through the Automated City Register Information System (ACRIS).

I learned two things from ACRIS in early 2024.

One was an address on a mortgage. That address is, factually, a thoroughly doable walk from 1 Flatbush Avenue.

The other: this outsider, trusting at face value representations made by a news publication about the socioeconomic status of the subject of a story, did not successfully predict other facts present on that mortgage.

Socioeconomic class, unfortunately, has a great deal of bearing on how a bank would choose to interact with an individual. This is particularly true as one approaches either end of the socioeconomic spectrum, away from the mass market that most people assume banks must be serving at all times. We have often discussed discontinuities in service at the lower end of the spectrum in Bits about Money. There exist… other discontinuities.

I realize that commenting on the socioeconomic status of a crime victim is uncouth, particularly in ways they might not choose to describe themselves. Class is unfortunately essential to understanding what actually happened at 1 Flatbush Avenue on October 31st, 2023. Permit me a brief recital of the source of my confusion.

This outsider perceived a through-line of the Cut piece as being that the writer made other-than-rational decisions about $50,000 because their financial life was on the line. Here are some select non-consecutive paragraphs reproduced verbatim, with bolding added to highlight statements this outsider apparently read incorrectly.

Calvin [a member of the scamming team] wanted to know how much money I currently had in my bank accounts. I told him that I had two — checking and savings — with a combined balance of a little over $80,000. As a freelancer in a volatile industry, I keep a sizable emergency fund, and I also set aside cash to pay my taxes at the end of the year, since they aren’t withheld from my paychecks.

I almost laughed. I told him I was quite sure that my husband, who works for an affordable- housing nonprofit and makes meticulous spreadsheets for our child-care expenses, was not a secret drug smuggler. “I believe you, but even so, your communications are probably under surveillance,” Calvin said. “You cannot talk to him about this.” I quickly deleted the text messages I had sent my husband a few minutes earlier. “These are sophisticated criminals with a lot of money at stake,” he continued. “You should assume you are in danger and being watched. You cannot take any chances.” 

Fifty thousand dollars is a lot of money. It took me years to save, stashing away a few thousand every time I got paid for a big project. Part of it was money I had received from my grandfather, an inheritance he took great pains to set up for his grandchildren before his death. Sometimes I imagine how I would have spent it if I had to get rid of it in a day. I could have paid for over a year’s worth of child care up front. I could have put it toward the master’s degree I’ve always wanted. I could have housed multiple families for months. Perhaps, inadvertently, I am; I occasionally wonder what the scammers did with it.

Because I had set it aside for emergencies and taxes, it was money I tried to pretend I didn’t have — it wasn’t for spending. Initially, I was afraid that I wouldn’t be able to afford my taxes this year, but then my accountant told me I could write off losses due to theft. So from a financial standpoint, I’ll survive, as long as I don’t have another emergency — a real one — anytime soon.

These statements, and others throughout the article, conjured a particular image for me. It was that the writer was upper middle class, dealt with a bit of financial anxiety common to many individuals in precarious or not-particularly-remunerative employment circumstances, and was abused by professional con artists in a calculated fashion to prey upon this financial insecurity.

When recounted these same statements, my friend Byrne Hobart, who has actually lived among this social milieu before, laughed knowingly and said “Ah, family money.”

I will now add three true statements to the above sketch, in the hopes that you understand this transaction the way that a Bank of America teller understood it.

The writer’s positive home equity, trivially available to the bank which wrote their mortgage, is well in excess of ten years of the median household income for New York City. The writer is the president of the family charitable foundation, which per its annual filings with the IRS has in the recent past held approximately $2 million in marketable securities. And the family estate in Connecticut (which the writer’s parents live at) was featured in the local paper, highlighting two hundred years of history.

Discovering these facts radically changed my impression of why, per the writer’s written communication with me, she was not asked for the purpose of a $50,000 withdrawal by any bank staff. It no longer looks like a surprising lapse in procedure, when someone attempted to empty their entire savings account and wasn’t even half-heartedly counseled about caution. It looks like trivial cash management of a well-off, presumptively sophisticated client, whose household, resources, and probable financial future were thoroughly known to the bank.

Would the bank prefer the teller to ask one more question in this circumstance? Perhaps. But it won’t lose sleep over the matter.

Bank of America was asked about this transaction by the New York Times: “‘We have extensive efforts to warn clients about avoiding scams,’ said a Bank of America spokesman, William P. Halldin, via email. The bank declined to comment further.” (The Times, citing policy, refused to confirm the bank branch it understood the transaction to have taken place at.)

And thus we return to our earlier question: can we find an institution which will divulge where this transaction was claimed to have taken place at? Vox Media, the writer, and the New York Times have all been asked, and we do not have an answer yet.

Enter the Financial Crimes Enforcement Network

Bank of America is one of the largest depository institutions in the world, and reliably files Currency Transaction Reports when someone moves $10,000 or more into, or out of, the bank in cash. I thought it would be extremely unlikely that FinCEN would cough one of these up to anyone who asked.

But a recent development in Freedom of Information Act jurisprudence gave me some hope: the FOIA now, per the Ninth Circuit, allows for “statistical aggregate data” to be FOIAed. And I thought there was some hope that FinCEN would, rather than showing me a very private Currency Transaction Report, answer a simple question about statistical aggregates.

So I filed a FOIA request, 2025-FINF-00126, asking for a statistical calculation to be done:

How many currency transaction reports were filed. In Brooklyn. For a withdrawal of between $48,000 and $52,000. On October 31st, 2023. Broken down by branch address.

FinCEN efficiently processed this FOIA request, returning a definitive answer in less than two weeks: hell no. It asserted the same argument rejected by the 9th Circuit, that responding would require creating a new record (the results of the SQL query) and therefore it had no obligation to do so. It also asserted a statutory exemption which very broadly applied to many records kept by FinCEN. On reading the statutes, I thought FinCEN likely had the right of them, even if it was unlikely to prevail on the statistical aggregate issue.

Drats. It was worth a shot.

New York’s Finest foil FOIL for a time

The statement from Vox Media claimed that the writer had filed a police report.

From the perspective of a fact-checker, police reports serve a useful tripwire function. Lying on one is a crime. It is not a particularly serious crime (a class A misdemeanor, which also covers “spilling a drink on someone” and “shoplifting a bottle of Tide”).

One is welcome to one’s guess as to how often New York prosecutors enforce this law, particularly against people in our social class. But it is a useful Schelling point for society: a news publication can gesture in the direction of a police report, and say “Well, everyone knows what a police report means”, and we all pretend that it means a police report necessarily contains no lies.

No police officer need disabuse journalists of their illusions here. Should a publication ever get put to the question, it will immediately pivot into “We didn’t say we agreed with or believed anything on the police report. We simply neutrally reported the demonstrable fact of the police report. Obviously we intended nothing else by bringing up a police report.”

But police reports remain useful even in a world where they sometimes contain lies, because they establish paper trails which are extremely difficult to retrospectively fudge.

I was most interested in two facts on the police report.

One was metadata: when was this report received? (It obviously reads a bit differently if the report was created in response to the fact-checker asking for it, right.) The other: did, prior to the publication of the story, the writer consistently cite 1 Flatbush Avenue, the only location in the physical universe the transaction could have taken place at, as the location the transaction took place at?

I tried to get that police report, by several methods. By June 2024, getting impatient, I was at the point of forcing enthusiastically encouraging the NYPD to follow the law and provide it to me.

Police reports, like many public records, are retrievable under the Freedom of Information Law, New York state’s legislation which mirrors the federal FOIA. The statutory deadlines are five business days to acknowledge a request, and then twenty business days (or such time reasonably required) to release the records or cite an exemption under the law for not disclosing them.

I filed FOIL-2024-056-16750 on June 26th, 2024. On the last possible day, the NYPD updated its timeline to successfully locate a police report: it would need until November. OK, fair enough. I was a bit busy myself, being involved in a house purchase and move, and my one paper copy of a style magazine was hanging out in a box in the basement while we repainted. Perhaps the New York Police Department, annual budget $5.8 billion, was likewise quite busy.

November came. November went.

Eventually, concerned that Santa would not deliver the Christmas present I most wanted, I began to press the NYPD for answers. I did this using a voice and mien which I call Dangerous Professional. Three messages, one phone call, no dice.

And so, in February 2025, after a full six months of waiting on the NYPD, I got out my call log and penned a FOIL appeal. After a brief recitation of the procedural history, that letter did a bit of calculated knife twisting:

This request was filed on June 26th, 2024, more than six months ago. It was originally assigned a Due Date of November 4th, more than two months ago, by the NYPD. Despite three attempts to request an update via the Contact the Agency form online and one telephone message, I have yet to receive any non-automated contact from the NYPD about this request.

The statutory timeframe for production of documents in response to a FOIL request is twenty business days from the acknowledgement of the request. The NYPD's failure to produce this document in more than 100 business days is, accordingly, a constructive denial of the request.

I hereby appeal the NYPD's denial, and require that it produce the documents described in the FOIL request or provide me with its reasoning under the statute why it cannot do so. 

An attorney for the NYPD wrote back, forecasting a response within the statutory timeframe (10 business days for an appeal). The substantive response said that the appeal was moot because… the Records Access Officer had, subsequent to my appeal, made a determination that the NYPD did indeed keep police reports and could indeed release them in response to FOIL requests.

Oh happy day.

The police report contains a statement recorded by the police made on October 31st, 2023. I have lightly rewritten police shorthand and corrected some inconsequential spelling mistakes:

Complainant/victim further states listed perpetrator stated complainant/victim needed to pay in order to avoid being arrested. Complainant/victim states she withdrew $50,000 in U.S. currency from Bank of America, located at 1 Flatbush Avenue, at 3:10 PM.

And there we have it: reliable chain of custody to a claim made about the physical world at a known time, within hours of the alleged incident. This transaction was alleged to have happened at 1 Flatbush Avenue. Months later, in writing of her memories of the day, the writer offered a seemingly inconsequential detail about going up stairs to visit a teller window.

That seemingly inconsequential detail is, if one has a very particular set of interests, and is willing to put an irrational amount of work in, independently verifiable. Of all the bank branches in all the towns in all the world, the only one where a Bank of America teller awaits Brooklyn socialites behind thick glass on the second floor is, indeed, 1 Flatbush Avenue.

This would be a very different piece if that police report, or any other documentation at a trusted institution, named e.g. 266 Broadway instead.  

As for the rest of the shoebox piece? I have no informed point of view on anything in a style magazine, except for the banking.

If you grew up in the PC scene during the 1980s or early 1990s, you know how painful it was to get hardware to work. And if you did not witness that (lucky you) here is how it went: every piece of hardware in your PC—say a sound card or a network card—had physical switches or jumpers in it. These switches configured the card’s I/O address space, interrupts, and DMA ports, and you had to be careful to select values that did not overlap with other cards.

But that wasn’t all. Once you had configured the physical switches, you had to tell the operating system and/or software which specific cards you had and how you had configured them. Remember SET BLASTER=A220 I5 D1 H5? This DOS environment variable told programs which specific Sound Blaster you had installed and which I/O settings you had selected via its jumpers.

Not really fun. It was common to have hardware conflicts that yielded random lock-ups, and thus ISA “Plug and Play”, or PnP for short, was born in the early 1990s—a protocol for the legacy ISA bus to enumerate its devices and to configure their settings via software. Fast-forward to today’s scene where we just attach devices to external USB connectors and things “magically work”.

But how? How does the kernel know which physical devices exist and how does it know which of the many device drivers it contains can handle each device? Enter the world of hardware discovery.

Hardware topology

When you learn about the Von Neumann architecture in school, you are typically told that there is a CPU, a chunk of memory, and… “I/O devices”. The CPU and memory portions are where all the focus is put and the I/O devices portion is always “left to the reader”. However, there is a lot of stuff happening in that nebulous cloud.

The first question that arises is: what’s in that I/O cloud? Well, take a look:

Whoa, that’s a lot of stuff, but we can classify the items in the “nebulous cloud of I/O devices” into two categories:

• The devices themselves, obviously.

• The busses that connect those devices to the CPU.

Both are important: you might have a fancy keyboard with extra keys that requires a special driver, and this keyboard might come in PS/2 and USB versions. The driver for the keyboard may be the same for each version, but the “glue” that attaches this keyboard to either bus is different, and the way the kernel can tell whether the keyboard is attached to one port or another also differs.

So how does the kernel know how to find hardware without tons of repeated code for every bus, you ask? It does so via its knowledge of the hardware topology. Just above, I showed you Windows’ view of this, but for the rest of this article, I’ll use the BSD internals (and NetBSD specifically) because that’s what I know best. Don’t let that put you off though: all kernels have to do something similar and the differences among them are likely not meaningful.

Here is a little snippet of the default NetBSD kernel configuration file for the amd64 platform. This snippet lays out the topology of serial ports in the PC and the busses in which they may appear:

pci*    at mainbus? bus ?
pcib*   at pci? dev ? function ?
puc*    at pci? dev ? function ?
com*    at puc? port ?

isa0    at mainbus?
isa0    at pcib?
com0    at isa? port 0x3f8 irq 4
com1    at isa? port 0x2f8 irq 3

acpi0   at mainbus0
com*    at acpi?

Daunting if you have never seen anything like this, I know, but let me translate this to a diagram:

Much clearer in picture form, right? What this chunk of configuration does is tell the kernel the places where the com driver can find serial ports. We have a chunk that says that com0 and com1 can appear on the ISA bus at specific I/O addresses and interrupts, and in turn that the ISA bus may be a directly-addressable physical bus (isa0 at mainbus?) and/or an ISA bus exposed via a PCI bridge (isa0 at pcib?). Then, we have additional entries telling us that the serial ports can also be configured via ACPI (com* at acpi?), and that the serial ports may exist on expansion cards (com* at puc?) providing communication ports via the PCI bus (puc* at pci?).

The problem is: the kernel configuration tells us what may exist, not what actually exists on a machine. In a sense, the configuration file “wires” the code of the device drivers like com so that they can find devices that appear under the isa, pci, or acpi busses. But the kernel must still, at runtime, check and see where the devices actually are. How does that happen?

Hardware auto-configuration

To answer the question of how the kernel discovers which hardware is present and where it is, let’s dissect NetBSD’s autoconf(9) manual page:

Autoconfiguration is the process of matching hardware devices with an appropriate device driver. In its most basic form, autoconfiguration consists of the recursive process of finding and attaching all devices on a bus, including other busses.

From this paragraph, we can extract the following: the kernel contains a collection of device drivers (like the com presented earlier). Device drivers are just code that knows how to interact with specific devices, but the “location” of these devices in the hardware topology may vary (the “bindings” to isa, puc, and acpi in the earlier example). Moving on:

The autoconfiguration framework supports direct configuration where the bus driver can determine the devices present. The autoconfiguration framework also supports indirect configuration where the drivers must probe the bus looking for the presence of a device. Direct configuration is preferred since it can find hardware regardless of the presence of proper drivers.

Direct and indirect configuration. Hmm. This sounds like the PnP story, and it kinda does. See, pay close attention to these two lines from the earlier snippet:

com0    at isa? port 0x3f8 irq 4
com1    at isa? port 0x2f8 irq 3

These are the BSD equivalent of the SET BLASTER=A220 I5 D1 H5 command for DOS I mentioned in the introduction: they tell the kernel which precise addresses and interrupts to use for the two standard PC serial ports if an ISA bus is present.

But what about com* at puc? and com* at acpi?? These lines are neat because they do not tell us, in advance, where to find the serial ports: we expect the kernel to discover those details at runtime so that we don’t have to recompile the kernel when the hardware changes. But even if these two look similar, they are quite different: the com* at puc? is an indirect configuration entry: the puc driver will have to probe the PCI bus for the presence of a communications card and, if one exists, tell the com driver that it can attach to it. On the other hand, the com* at acpi? entry is direct: the kernel will read the ACPI configuration (a static table) to know where the ports are and then use those details to configure the com driver.

Alright, so this raises another question. What is ACPI?

ACPI

ACPI, despite being declared with acpi0 at mainbus0 in a form similar to isa0 at mainbus?, is not a bus: ACPI does not physically connect devices to one another. To understand what ACPI does, we can start by realizing that it stands for Advanced Configuration and Power Interface and then, quoting the Wikipedia article:

Advanced Configuration and Power Interface (ACPI) is an open standard that operating systems can use to discover and configure computer hardware components, to perform power management (e.g. putting unused hardware components to sleep), auto configuration (e.g. Plug and Play and hot swapping), and status monitoring.

ACPI is about configuration, and the kernel uses the ACPI tables, present in any modern PC, to find where devices are. To illustrate how this works, let’s look at the com* at acpi? line. This line says that the serial port can be configured via ACPI if ACPI happens to have an entry for it. And you know, we can peek into the ACPI tables of a running machine to see what that might be:

# acpidump -dt | grep -A15 COM1
Device (COM1)
{
    Name (_HID, EisaId ("PNP0501") /* 16550A-compatible COM Serial Port */)  // _HID: Hardware ID
    Name (_UID, One)  // _UID: Unique ID
    Name (_CRS, ResourceTemplate ()  // _CRS: Current Resource Settings
    {
        IO (Decode16,
            0x03F8,             // Range Minimum
            0x03F8,             // Range Maximum
            0x01,               // Alignment
            0x08,               // Length
            )
        IRQNoFlags ()
            {4}
    })
}
# █

(Pro-tip: you can use acpidump to extract the Windows license key bound to your machine, if any. I’ve needed to do this in the past to install Windows in a VM after replacing the host OS with FreeBSD.)

Voila. The ACPI tables provided by the system tell us a similar story to what the explicit com0 at isa? entry did (and no surprise here because this is a legacy device): there is a serial port at base address 0x3f8 that uses interrupt 4. But also, this table tells us the hardware identifier for this entry: PNP0501. Grepping through the NetBSD kernel code base for this identifier, we land on the dev/acpi/com_acpi.c file:

static const struct device_compatible_entry compat_data[] = {
    // ...

    /* 16550A-compatible COM port */
    { .compat = "PNP0501", .value = COM_TYPE_NORMAL },

    // ...
};

(Another pro-tip: master ripgrep. Knowing how to find a needle in the haystack of a large code base will grant you super-powers among your coworkers. Being able to pinpoint where specifically to start an investigation based on a “random-looking” string is invaluable.)

Aha! This com_acpi.c file provides the necessary glue to direct the generic serial port com driver to the hardware via whatever the ACPI tables prescribe. From here, the kernel can proceed to attach the driver to the device and connect the dots between the user-space /dev/ttyS0 interface to the physical serial port.

Device Tree

In the world of embedded devices powered by SOCs—"System on a Chip", a term that describes single chips that provide all functions to build a computer, ranging from the CPU to sound and network cards—we don’t have ACPI tables. What we used to have instead was explicit code for every board/chip combination that knew how to address the hardware in each SOC. Linux used to be a mess of half-baked and abandoned forks, each supporting a different board without hopes of unification into mainline due to the lack of generic interfaces.

The Device Tree specification fixed this issue for the most part for architectures like aarch64. With Device Tree, each hardware or OS vendor provides a static table that describes the layout of a board’s hardware separately from the code of the kernel. Then, the kernel peeks into this table to know which devices exist and where they are in the machine layout, much like it does with ACPI.

A big difference with ACPI, however, is that the kernel cannot query the Device Tree from the hardware because… well, the Device Tree is external to the hardware. The kernel expects the Device Tree to “exist in memory” either because the kernel image embeds the Device Tree for the target board or because the boot loader loads the Device Tree from disk and passes it to the kernel.

Once the kernel has the Device Tree though, the hardware discovery process is similar to the one in ACPI: the kernel scans the Device Tree and looks for drivers that can attach to device nodes based on hardware identifiers. From the perspective of the kernel configuration, things look very similar between amd64 and aarch64. See this snippet from the generic kernel of the evbarm port:

armfdt0     at root
simplebus*  at fdt? pass 0
com*        at fdt? pass 4

This configuration snippet tells the aarch64 kernel that a com device may appear on fdt, which stands for “Flat Device Tree”. In turn, armfdt0 at root says that there is a specific driver named armfdt0 that provides access to the fdt loaded by the boot loader on an ARM machine.

We can inspect the Device Tree from the command line as the Device Tree is exposed via the same interface that OpenFirmware used due to its historical roots. For example, to fetch the portion of the Device Tree for the serial port on an aarch64 machine:

# ofctl serial1
[Caching 121 nodes and 781 properties]
clocks                  0000000e 00000000 ........ ........   ........
compatible              6272636d 2c62636d 32383335 2d617578   "brcm,bcm2835-aux
            0010:       2d756172 7400.... ........ ........   -uart"
interrupts              00000001 0000001d ........ ........   ........
name                    73657269 616c00.. ........ ........   "serial"
phandle                 0000004c ........ ........ ........   ...L
pinctrl-0               0000000f ........ ........ ........   ....
pinctrl-names           64656661 756c7400 ........ ........   default.
reg                     7e215040 00000040 ........ ........   ~!P@...@
status                  6f6b6179 00...... ........ ........   okay.
# █

A binary dump. OK, fine, we can intuit something out of this, but it isn’t particularly clear. The problem here is that we are looking at the binary encoding of the Device Tree (the DTB). But the DTB is built from a set of corresponding source files (one or more DTS files), and if we look at the common DTS for Broadcom 283x boards, we find the following more-readable content:

/ {
    aliases {
        /* ... */

        serial1 = "/soc/serial@7e215040";
    };

    soc {
        /* ... */

        serial@7e215040 {
            compatible = "brcm,bcm2835-aux-uart";
            reg = <0x7e215040 0x40>;
            interrupts = <0x01 0x1d>;
            clocks = <0x0e 0x00>;
            status = "okay";
            pinctrl-names = "default";
            pinctrl-0 = <0x0f>;
            phandle = <0x4c>;
        };
    };
};

The detail to highlight here is the brcm,bcm2835-aux-uart identifier. If we search for this in the code base with the ripgrep super-powers you gained earlier, we find the arch/arm/broadcom/bcm2835_com.c file, which contains:

static const struct device_compatible_entry compat_data[] = {
    { .compat = "brcm,bcm2835-aux-uart" },
    DEVICE_COMPAT_EOL
};

Once again: we found the glue that connects a generic com driver to a specific hardware device.

Loading DTBs at boot time

Let’s dig a bit further though. I mentioned earlier that the boot loader is responsible for loading the Device Tree into memory and passing it to the kernel. How is that done? Well, it really depends on the specific machine you are dealing with. In here, I’m just going to very briefly touch upon how the Raspberry Pi does it because that’s the specific non-PC hardware I have access to. And for this, I’ll take you through the investigative journey I took.

The specific problem I faced was that NetBSD was not able to discover the SPI bus even when I had enabled the right SPI driver in the kernel for my Raspberry Pi 3B. By that point, I was aware that DTBs existed and I suspected that something might be wrong with them, so my first instinct was to check and see what the DTB had to say about the SPI.

Digging through the FAT partition of the disk image I was using, I found the dtb/broadcom/bcm2837-rpi-3-b.dtb file—the DTB for my specific board. The way the Raspberry Pi boot loader finds this file is by looking for a file matching the board’s own name (bcm2837-rpi-3-b.dtb) in the location specified by the os_prefix configuration property in the config.txt placed at the root of the FAT partition.

Once I found that file and after learning about the dtc tool (the Device Tree Compiler) which transforms DTS files into DTBs and vice versa, I could decompile the DTS:

$ dtc -I dtb -O dts bcm2837-rpi-3-b.dtb -o bcm2837-rpi-3-b.dts
... various warnings ...
$ █

Then, peeking into the decompiled DTS file, I found:

spi@7e204000 {
    compatible = "brcm,bcm2835-spi";
    reg = <0x7e204000 0x200>;
    interrupts = <0x02 0x16>;
    clocks = <0x06 0x14>;
    #address-cells = <0x01>;
    #size-cells = <0x00>;
    status = "disabled";
    dmas = <0x0b 0x06 0x0b 0x07>;
    dma-names = "tx\0rx";
    phandle = <0x49>;
};

I verified that the SPI kernel driver recognized the brcm,bcm2835-spi identifier just as we did earlier on for the serial port. And it did match, so I was puzzled for a moment.

But then I noticed the innocuous status = "disabled" line. Aha! The SPI device was disabled by default. I modified that line with status = "okay" following what other entries in the DTS did, recompiled the DTS into the DTB:

$ dtc -I dts -O dtb bcm2837-rpi-3-b.dts -o bcm2837-rpi-3-b.dtb
... various warnings ...
$ █

… rebooted the board and… voila!

# dmesg | grep spi
[     1.000003] bcmspi0 at simplebus1: SPI
[     1.000003] bcmspi0: interrupting on icu irq 54
[     1.000003] spi0 at bcmspi0: SPI bus
# █

The kernel successfully attached the SPI driver and the SPI bus started working, which in turn led to a multi-hour debugging session to make the EndBASIC ST7735S driver work—but in the end it did.

Yes, there are nicer ways to do what I did here because the DTBs are provided by upstream and you should not be modifying them. What you should do instead is create a DTB overlay, which is a separate small DTB that “patches” the upstream DTB, and then tell the boot loader to process it via the dtoverlay stanza in the config.txt file. Details left to you, reader. Just beware that the Raspberry Pi boot loader is picky about file paths and the documentation is your friend here.

How do ACPI and Device Tree differ?

Based on everything I told you about here, ACPI and Device Tree look oddly similar—and that’s because they are! From the perspective of describing hardware to the kernel, the two technologies are equivalent, but they differ for historical reasons. ACPI has its roots in APM, a PC technology, whereas Device Tree is based on OpenFirmware, a technology that originated at Sun Microsystems for its SPARC machines and that was later used by Apple on their PowerPC-based Macs.

One difference between the two, though, is that ACPI does more than just describe hardware. ACPI provides a bunch of hardware-specific routines in a bytecode that the operating system can call into to manipulate the hardware. This is often maligned because ACPI introduces non-free and opaque blobs in the interaction between the operating system kernel and the hardware, but Matthew Garret has a great essay on why ACPI is necessary and why it is better than all other alternatives, possibly including Device Tree.

In any case, that’s all for today. I found this exercise of dealing with the Device Tree pretty fun and I thought I could share something interesting with you all. I intentionally omitted many details because the topic of hardware configuration is vast and tricky, but you can continue building your knowledge from the bits above and from the fabulous OSDev wiki.

Watch enthusiasts admire mechanical complexity, but when it comes to maximum durability, each moving part also represents a potential point of failure. Back when the very first digital watches emerged in the 1970s, the revolutionary timepieces were advertised as being “solid-state” to draw attention to the fact that they relied on no moving components. To […]

The post Introducing The RZE UTD-8000 Digital Watch In UltraHex Titanium appeared first on aBlogtoWatch.