From e761801e2f2644bd92953d49ce75812dbbc48f52 Mon Sep 17 00:00:00 2001 From: imnotjames Date: Sun, 27 Oct 2024 20:10:41 +0000 Subject: [PATCH] =?UTF-8?q?Deploying=20to=20gh-pages=20from=20@=20imnotjam?= =?UTF-8?q?es/imnotjames.github.io@da051e890162b0cf8b26a95bd2f1294bee62cab?= =?UTF-8?q?1=20=F0=9F=9A=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- on-my-mind/2024-04-02/index.html | 2 +- on-my-mind/2024-10-27/index.html | 163 ++++++++++++++++++ on-my-mind/index.html | 49 +++++- .../on-my-mind/2024-04-02/page-data.json | 2 +- .../on-my-mind/2024-10-27/page-data.json | 1 + page-data/on-my-mind/page-data.json | 2 +- resume.pdf | Bin 75037 -> 75037 bytes 7 files changed, 215 insertions(+), 4 deletions(-) create mode 100644 on-my-mind/2024-10-27/index.html create mode 100644 page-data/on-my-mind/2024-10-27/page-data.json diff --git a/on-my-mind/2024-04-02/index.html b/on-my-mind/2024-04-02/index.html index 4a2f005..9fab3b7 100644 --- a/on-my-mind/2024-04-02/index.html +++ b/on-my-mind/2024-04-02/index.html @@ -136,7 +136,7 @@

Some real spy stuff, right?


Arstechnica has a more detailed write up, and Lasse Collin has some stuff about it on their site - but they’re currently on vacation and won’t be able -to do much until they get back.


+to do much until they get back.


Thoughts on 2024/10/27 | DEFINITIVELY NOT JAMES

Definitively Not( James )

2024/10/27

+ +


+

There’s a fantastic set of essays by Cedric Chin about becoming a +data driven business. It starts off on a really inspiring +essay dissecting Goodhart’s law. Most of the essays are focused +around Amazon and often reference the book that Cedric had helped with: +“Working Backwards” by Colin Bryar and Bill Carr.


+

For those that don’t know it, Goodhart’s law is:


+
+

When a measure becomes a target, it ceases to be a good measure.


+
+

Every measure is a proxy for what you actually want — and is always an +imperfect proxy for it. Even when you’re using a tape measure you’re not +quite getting what you want - an exact measurement of a distance. Instead, +you’re getting something that’s “close enough” in precision to the real +deal that it works fine.


+

In another essay, Cedric summarized a paper by David Manheim and Scott Garrabrant +that breaks down Goodhart’s law into four “flavors”: regressive, extremal, +causal, and adversarial. This is reflected in Donald Wheeler’s take on Goodhart’s +law from Understanding Variation:


+
+

When people are pressured to meet a target value there are three ways they can proceed:


+
    +
  1. They can work to improve the system
    2. +
  2. They can distort the system
    3. +
  3. Or they can distort the data
    4. +
+
+

To me, this is a fantastic way to frame Goodhart’s law. Instead of it being a +problem declared out into the ether it’s something that can be solutioned against. +The solutions would be to make it more difficult to distort the data or the system - +or you can make it easier to improve the system.


+

Wheeler notes that this can be seen between the Voice of the Customer - the +expectations - and the Voice of the Process - what can be done in the real world. +Focusing entirely on the Voice of the Customer without understanding the +Voice of the Process leads to gaming the measurements, inadvertently or not.


+

The essay series goes into depth on how Amazon has approached this problem - via their +Weekly Business Review (WBR). The goal of the WBR is to provide flexibility to make +the various systems work for them and also to drop measurements that aren’t useful. +It promotes iteration and learning, synchronizing leadership rather than promoting +blindly following numbers.


+

Proxy measures will always allow for some form of gaming the system. At the same time, +you can’t run a business without these kinds of proxy measures. Goodhart’s law isn’t wrong - +but instead of approaching it by choosing to avoid measuring, we instead need +to find solutions to prevent it.


+

The problem isn’t having targets - it’s failing to reconcile those +targets with the real world.


+ + \ No newline at end of file diff --git a/on-my-mind/index.html b/on-my-mind/index.html index 7d501be..d1e9a88 100644 --- a/on-my-mind/index.html +++ b/on-my-mind/index.html @@ -101,7 +101,54 @@ .hLRxDg .gatsby-highlight pre{margin-bottom:0;}/*!sc*/ .hLRxDg p:first-child img:first-child{float:right;max-width:40%;margin-left:16px;}/*!sc*/ data-styled.g23[id="thought__ThoughtBody-sc-en1bdp-3"]{content:"hLRxDg,"}/*!sc*/ -What's On My Mind.. | DEFINITIVELY NOT JAMES

Definitively Not( James )

2024/04/02

giphy


+What's On My Mind.. | DEFINITIVELY NOT JAMES

Definitively Not( James )

2024/10/27

+ +


+

There’s a fantastic set of essays by Cedric Chin about becoming a +data driven business. It starts off on a really inspiring +essay dissecting Goodhart’s law. Most of the essays are focused +around Amazon and often reference the book that Cedric had helped with: +“Working Backwards” by Colin Bryar and Bill Carr.


+

For those that don’t know it, Goodhart’s law is:


+
+

When a measure becomes a target, it ceases to be a good measure.


+
+

Every measure is a proxy for what you actually want — and is always an +imperfect proxy for it. Even when you’re using a tape measure you’re not +quite getting what you want - an exact measurement of a distance. Instead, +you’re getting something that’s “close enough” in precision to the real +deal that it works fine.


+

In another essay, Cedric summarized a paper by David Manheim and Scott Garrabrant +that breaks down Goodhart’s law into four “flavors”: regressive, extremal, +causal, and adversarial. This is reflected in Donald Wheeler’s take on Goodhart’s +law from Understanding Variation:


+
+

When people are pressured to meet a target value there are three ways they can proceed:


+
    +
  1. They can work to improve the system
    2. +
  2. They can distort the system
    3. +
  3. Or they can distort the data
    4. +
+
+

To me, this is a fantastic way to frame Goodhart’s law. Instead of it being a +problem declared out into the ether it’s something that can be solutioned against. +The solutions would be to make it more difficult to distort the data or the system - +or you can make it easier to improve the system.


+

Wheeler notes that this can be seen between the Voice of the Customer - the +expectations - and the Voice of the Process - what can be done in the real world. +Focusing entirely on the Voice of the Customer without understanding the +Voice of the Process leads to gaming the measurements, inadvertently or not.


+

The essay series goes into depth on how Amazon has approached this problem - via their +Weekly Business Review (WBR). The goal of the WBR is to provide flexibility to make +the various systems work for them and also to drop measurements that aren’t useful. +It promotes iteration and learning, synchronizing leadership rather than promoting +blindly following numbers.


+

Proxy measures will always allow for some form of gaming the system. At the same time, +you can’t run a business without these kinds of proxy measures. Goodhart’s law isn’t wrong - +but instead of approaching it by choosing to avoid measuring, we instead need +to find solutions to prevent it.


+

The problem isn’t having targets - it’s failing to reconcile those +targets with the real world.


2024/04/02

giphy


The whole xz thing is mind boggling.


The story starts two years ago. Lasse Collin is the sole developer maintaining xz as a hobby. xz is a linux utility used widely - nearly every installation of linux has it. diff --git a/page-data/on-my-mind/2024-04-02/page-data.json b/page-data/on-my-mind/2024-04-02/page-data.json index caf7ef3..9421b5b 100644 --- a/page-data/on-my-mind/2024-04-02/page-data.json +++ b/page-data/on-my-mind/2024-04-02/page-data.json @@ -1 +1 @@ -{"componentChunkName":"component---src-templates-on-my-mind-thought-js","path":"/on-my-mind/2024-04-02/","result":{"data":{"site":{"siteMetadata":{"title":"DEFINITIVELY NOT JAMES","author":"James Ward"}},"thought":{"id":"d162715b-0125-5d0f-ad1d-63df3a4ef2fe","html":"

\"giphy\"

\n

The whole xz thing is mind boggling.

\n

The story starts two years ago. Lasse Collin is the sole developer maintaining xz\nas a hobby. xz is a linux utility used widely - nearly every installation of linux has it.\nCollin was delighted to start receiving help from JiaT75 - someone named Jia Tan.\nTan kept fixing bugs, opening pull requests, and generally being helpful. Eventually,\nCollin had granted Tan access to commit directly to the repository. They were a trusted\nhelper, after all! Tan then took responsibility of managing releases, helping with various\nsecurity websites interactions with the project, and made life easier for Collin.

\n

This year, Tan helped usher in version 5.6.0 and 5.6.1 of xz. Tan dutifully continued\nto be helpful and encouraged various linux distribution maintainers to include these new\nversions - they had security fixes, of course! Some did, some didn’t. Reviewing the code,\nit was unclear if the security fixes were major enough to warrant updating. This version\nended up in “testing” versions of Debian, Redhat, and Kali linux - but these are large distributions\nused on millions of computers.

\n

By chance, Andre Freund - a linux developer over at Microsoft - became frustrated that their SSH\nclient was taking 500ms longer to connect that day. It wasn’t clear to them why all of a sudden\neverything was half a second slower, and sure: it wasn’t the end of the world by any means but it\nwas ANNOYING. So they dug. They found something that was surprising.

\n

Unfortunately, Jia Tan was not who they claimed to be. Tan was not just a helpful contributor.\nTan was an agent of a nation state with a very specific goal - infiltration. They used their position\nto hide code inside of xz that could be used to execute arbitrary malicious payloads - and then used\ntheir role as security contact to prevent folks from finding it. Version 5.6.0 and 5.6.1 of xz included\nthis code. Nobody noticed - that is, until Andre Freund.

\n

If Andre hadn’t decided to inspect an annoyance this backdoor would have been everywhere. Every bank,\nevery government, most every cell phone. This was all caught because someone didn’t want to wait half a\nsecond longer.

\n

The Lasse Collin is currently suggesting to use an old version that doesn’t have ANY of Jia Tan’s code in it - 5.3.1.

\n

Some real spy stuff, right?

\n

Arstechnica has a more detailed write up, and Lasse Collin has some stuff\nabout it on their site - but they’re currently on vacation and won’t be able\nto do much until they get back.

","excerpt":"The whole thing is mind boggling. The story starts two years ago. Lasse Collin is the sole developer maintaining \nas a hobby. is a linux…","fields":{"slug":"/2024-04-02"},"frontmatter":{"date":"2024/04/02"}},"previous":{"id":"b67a2074-ffe0-5dab-8bc7-bf2ded3be892","fields":{"slug":"/2021-10-27"},"frontmatter":{"date":"2021/10/27"}},"next":null},"pageContext":{"slug":"/2024-04-02","previous":"/2021-10-27","next":null}},"staticQueryHashes":["63159454"],"slicesMap":{}} \ No newline at end of file +{"componentChunkName":"component---src-templates-on-my-mind-thought-js","path":"/on-my-mind/2024-04-02/","result":{"data":{"site":{"siteMetadata":{"title":"DEFINITIVELY NOT JAMES","author":"James Ward"}},"thought":{"id":"d162715b-0125-5d0f-ad1d-63df3a4ef2fe","html":"

\"giphy\"

\n

The whole xz thing is mind boggling.

\n

The story starts two years ago. Lasse Collin is the sole developer maintaining xz\nas a hobby. xz is a linux utility used widely - nearly every installation of linux has it.\nCollin was delighted to start receiving help from JiaT75 - someone named Jia Tan.\nTan kept fixing bugs, opening pull requests, and generally being helpful. Eventually,\nCollin had granted Tan access to commit directly to the repository. They were a trusted\nhelper, after all! Tan then took responsibility of managing releases, helping with various\nsecurity websites interactions with the project, and made life easier for Collin.

\n

This year, Tan helped usher in version 5.6.0 and 5.6.1 of xz. Tan dutifully continued\nto be helpful and encouraged various linux distribution maintainers to include these new\nversions - they had security fixes, of course! Some did, some didn’t. Reviewing the code,\nit was unclear if the security fixes were major enough to warrant updating. This version\nended up in “testing” versions of Debian, Redhat, and Kali linux - but these are large distributions\nused on millions of computers.

\n

By chance, Andre Freund - a linux developer over at Microsoft - became frustrated that their SSH\nclient was taking 500ms longer to connect that day. It wasn’t clear to them why all of a sudden\neverything was half a second slower, and sure: it wasn’t the end of the world by any means but it\nwas ANNOYING. So they dug. They found something that was surprising.

\n

Unfortunately, Jia Tan was not who they claimed to be. Tan was not just a helpful contributor.\nTan was an agent of a nation state with a very specific goal - infiltration. They used their position\nto hide code inside of xz that could be used to execute arbitrary malicious payloads - and then used\ntheir role as security contact to prevent folks from finding it. Version 5.6.0 and 5.6.1 of xz included\nthis code. Nobody noticed - that is, until Andre Freund.

\n

If Andre hadn’t decided to inspect an annoyance this backdoor would have been everywhere. Every bank,\nevery government, most every cell phone. This was all caught because someone didn’t want to wait half a\nsecond longer.

\n

The Lasse Collin is currently suggesting to use an old version that doesn’t have ANY of Jia Tan’s code in it - 5.3.1.

\n

Some real spy stuff, right?

\n

Arstechnica has a more detailed write up, and Lasse Collin has some stuff\nabout it on their site - but they’re currently on vacation and won’t be able\nto do much until they get back.

","excerpt":"The whole thing is mind boggling. The story starts two years ago. Lasse Collin is the sole developer maintaining \nas a hobby. is a linux…","fields":{"slug":"/2024-04-02"},"frontmatter":{"date":"2024/04/02"}},"previous":{"id":"b67a2074-ffe0-5dab-8bc7-bf2ded3be892","fields":{"slug":"/2021-10-27"},"frontmatter":{"date":"2021/10/27"}},"next":{"id":"bd4c2bb5-7946-5621-9608-95f70ecd72da","fields":{"slug":"/2024-10-27"},"frontmatter":{"date":"2024/10/27"}}},"pageContext":{"slug":"/2024-04-02","previous":"/2021-10-27","next":"/2024-10-27"}},"staticQueryHashes":["63159454"],"slicesMap":{}} \ No newline at end of file diff --git a/page-data/on-my-mind/2024-10-27/page-data.json b/page-data/on-my-mind/2024-10-27/page-data.json new file mode 100644 index 0000000..617b637 --- /dev/null +++ b/page-data/on-my-mind/2024-10-27/page-data.json @@ -0,0 +1 @@ +{"componentChunkName":"component---src-templates-on-my-mind-thought-js","path":"/on-my-mind/2024-10-27/","result":{"data":{"site":{"siteMetadata":{"title":"DEFINITIVELY NOT JAMES","author":"James Ward"}},"thought":{"id":"bd4c2bb5-7946-5621-9608-95f70ecd72da","html":"

\n \n

\n

There’s a fantastic set of essays by Cedric Chin about becoming a\ndata driven business. It starts off on a really inspiring\nessay dissecting Goodhart’s law. Most of the essays are focused\naround Amazon and often reference the book that Cedric had helped with:\n“Working Backwards” by Colin Bryar and Bill Carr.

\n

For those that don’t know it, Goodhart’s law is:

\n
\n

When a measure becomes a target, it ceases to be a good measure.

\n
\n

Every measure is a proxy for what you actually want — and is always an\nimperfect proxy for it. Even when you’re using a tape measure you’re not\nquite getting what you want - an exact measurement of a distance. Instead,\nyou’re getting something that’s “close enough” in precision to the real\ndeal that it works fine.

\n

In another essay, Cedric summarized a paper by David Manheim and Scott Garrabrant\nthat breaks down Goodhart’s law into four “flavors”: regressive, extremal,\ncausal, and adversarial. This is reflected in Donald Wheeler’s take on Goodhart’s\nlaw from Understanding Variation:

\n
\n

When people are pressured to meet a target value there are three ways they can proceed:

\n
    \n
  1. They can work to improve the system
    2. \n
  2. They can distort the system
    3. \n
  3. Or they can distort the data
    4. \n
\n
\n

To me, this is a fantastic way to frame Goodhart’s law. Instead of it being a\nproblem declared out into the ether it’s something that can be solutioned against.\nThe solutions would be to make it more difficult to distort the data or the system -\nor you can make it easier to improve the system.

\n

Wheeler notes that this can be seen between the Voice of the Customer - the\nexpectations - and the Voice of the Process - what can be done in the real world.\nFocusing entirely on the Voice of the Customer without understanding the\nVoice of the Process leads to gaming the measurements, inadvertently or not.

\n

The essay series goes into depth on how Amazon has approached this problem - via their\nWeekly Business Review (WBR). The goal of the WBR is to provide flexibility to make\nthe various systems work for them and also to drop measurements that aren’t useful.\nIt promotes iteration and learning, synchronizing leadership rather than promoting\nblindly following numbers.

\n

Proxy measures will always allow for some form of gaming the system. At the same time,\nyou can’t run a business without these kinds of proxy measures. Goodhart’s law isn’t wrong -\nbut instead of approaching it by choosing to avoid measuring, we instead need\nto find solutions to prevent it.

\n

The problem isn’t having targets - it’s failing to reconcile those\ntargets with the real world.

","excerpt":"There’s a fantastic set of essays by Cedric Chin about becoming a\ndata driven business. It starts off on a really inspiring\nessay…","fields":{"slug":"/2024-10-27"},"frontmatter":{"date":"2024/10/27"}},"previous":{"id":"d162715b-0125-5d0f-ad1d-63df3a4ef2fe","fields":{"slug":"/2024-04-02"},"frontmatter":{"date":"2024/04/02"}},"next":null},"pageContext":{"slug":"/2024-10-27","previous":"/2024-04-02","next":null}},"staticQueryHashes":["63159454"],"slicesMap":{}} \ No newline at end of file diff --git a/page-data/on-my-mind/page-data.json b/page-data/on-my-mind/page-data.json index f6e65ff..d71ae03 100644 --- a/page-data/on-my-mind/page-data.json +++ b/page-data/on-my-mind/page-data.json @@ -1 +1 @@ -{"componentChunkName":"component---src-pages-on-my-mind-js","path":"/on-my-mind/","result":{"data":{"site":{"siteMetadata":{"title":"DEFINITIVELY NOT JAMES"}},"thoughts":{"edges":[{"node":{"html":"

\"giphy\"

\n

The whole xz thing is mind boggling.

\n

The story starts two years ago. Lasse Collin is the sole developer maintaining xz\nas a hobby. xz is a linux utility used widely - nearly every installation of linux has it.\nCollin was delighted to start receiving help from JiaT75 - someone named Jia Tan.\nTan kept fixing bugs, opening pull requests, and generally being helpful. Eventually,\nCollin had granted Tan access to commit directly to the repository. They were a trusted\nhelper, after all! Tan then took responsibility of managing releases, helping with various\nsecurity websites interactions with the project, and made life easier for Collin.

\n

This year, Tan helped usher in version 5.6.0 and 5.6.1 of xz. Tan dutifully continued\nto be helpful and encouraged various linux distribution maintainers to include these new\nversions - they had security fixes, of course! Some did, some didn’t. Reviewing the code,\nit was unclear if the security fixes were major enough to warrant updating. This version\nended up in “testing” versions of Debian, Redhat, and Kali linux - but these are large distributions\nused on millions of computers.

\n

By chance, Andre Freund - a linux developer over at Microsoft - became frustrated that their SSH\nclient was taking 500ms longer to connect that day. It wasn’t clear to them why all of a sudden\neverything was half a second slower, and sure: it wasn’t the end of the world by any means but it\nwas ANNOYING. So they dug. They found something that was surprising.

\n

Unfortunately, Jia Tan was not who they claimed to be. Tan was not just a helpful contributor.\nTan was an agent of a nation state with a very specific goal - infiltration. They used their position\nto hide code inside of xz that could be used to execute arbitrary malicious payloads - and then used\ntheir role as security contact to prevent folks from finding it. Version 5.6.0 and 5.6.1 of xz included\nthis code. Nobody noticed - that is, until Andre Freund.

\n

If Andre hadn’t decided to inspect an annoyance this backdoor would have been everywhere. Every bank,\nevery government, most every cell phone. This was all caught because someone didn’t want to wait half a\nsecond longer.

\n

The Lasse Collin is currently suggesting to use an old version that doesn’t have ANY of Jia Tan’s code in it - 5.3.1.

\n

Some real spy stuff, right?

\n

Arstechnica has a more detailed write up, and Lasse Collin has some stuff\nabout it on their site - but they’re currently on vacation and won’t be able\nto do much until they get back.

","fields":{"slug":"/2024-04-02"},"frontmatter":{"date":"2024/04/02","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"giphy\"

\n

Sometimes communication is difficult because you’re trying to express incredibly complex ideas using a complex tool such as language. The English language is ever-evolving and with over 500,000 words in Wiktionary the amount of choice available to you can be overwhelming. Beyond that, the many complex ways it can be combined and misused to form prose adds yet another layer.

\n

However, it doesn’t have to be that way! There are constructed languages (“conlang”) which have much fewer words and are much simpler to understand.

\n

Esperanto is one such language, and with a little over 16,000 words you have to take the complex ideas down to simplify them so that they can be expressed in simpla terms. It’s the most widely spoken constructed language, and was designed with the hopes that the grammar could be komprenita within an hour.

\n

While Esperanto is simple, we can always aim for a simpler crafted language. Klingon is one such language - a language designed for the Klingon people, a race of Suv from the planet Klingon. With at most 4,000 words, the language is heavily skewed towards battle because they are the antagonistic and combative folk in the television show Star Trek - so those are the words they use! Most of their time is spent on the che’ron. The culture of the Klingons are reflected in their language and the restrictions within.

\n

How simple can a language be, while still including the capability of expressing complex ideas? Meet Toki Pona. This language, literally meaning “the language of good”, consists of just 125 words and a relatively simple grammar - taking about 30 hours to be a strong toki of the language. But how does that pali? Toki Pona was designed around a small nanpa of simple near-universal concepts, with more complex concepts achieved through combining them. For example, there’s no words for “friend” or “enemy”, but “jan pona” (person + good) and “jan ike” (person + bad) could stand in for those ijo. Toki wile li pali sina pona, pona jan li pali pana ale. If you’re interested in the language of Toki Pona, there’s a wonderful cheat sheet.

\n\n

https://news.ycombinator.com/item?id=22689959

","fields":{"slug":"/2021-10-27"},"frontmatter":{"date":"2021/10/27","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

A 2015 study explored an interesting phenomenon: People that use\nweb search tools to find data conflate information they find online with their\nown knowledge. This lead to increased self-assessed knowledge and even in\nunknown domains or areas of study - even when trying to answer something,\nsearching, and getting zero results.

\n

Part of this is because learning, knowledge, and memory are closely related.\nThe process by which we shift memories from “short term” to “long term” memory is\nreferred to as consolidation. This process is when we’re most susceptible to\nhaving our memories “rewritten” natrually, as described by Daniella Schiller.\nIt’s possible that search engines have become ubiquitous in our lives\nas a transactive memory partner - we receive information and then quickly\nre-remember the information as being our own.

\n

This isn’t new to the internet, though. Memory and knowledge is not\nexact - mistaking outsourced knowledge for internal knowledge also\nhappens when part of integrated social environments. In a 1995 study,\ncockpit crews often conflated knowledge from another member as their own\nknowledge once it had been communicated to them.

\n

If you’d like to subject yourself similarily to the study & conflate internet information\nwith your own knowledge: Why are there jokers in a deck of cards?

","fields":{"slug":"/2021-09-16"},"frontmatter":{"date":"2021/09/16","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Wardialing is an information reconnaissance technique to find phone numbers of interest within a\nlist. Dial up every number in an area code and listen for modems, fax machines, or bulletin board systems.\nPhone numbers can have a wide variety of systems behind them, but aside from phone books\nthere’s no record of what these might be. Part of that is because the only way to know.. is to call.

\n

Valtteri Lehtinen called nearly 60,000 numbers in Finland to understand the telephone network better.\nThis was done via a VoIP trunk to make simple calls over GSM - cellular connections. Once a call\nwas connected, they recorded 60 seconds of audio for classification then hung up. They tried to\nfocus on only public numbers and ignored any premium numbers that would have run out their calling\ncredits too quickly.

\n

Over the course of 40 days they found that only 3% of calls were answered, and only 70% were interesting.\nThere were only 74 unique and interesting responses. These ranged from machines, faxes,\nand systems for presenting information to callers.

\n

One was a message with the following:

\n
Welcome to the end of the world.\nThere is still some hope left.\nIf you want to be rescued then press 1.\nIf you want to join the zombie army then press 2.\nChoose something quickly, we don't have all day.\n...\nYou have chosen to be a zombie and join the zombie army.\nPlease wait patiently to be bitten.\nPlease do not call again.\nThank you for calling.
","fields":{"slug":"/2021-09-02"},"frontmatter":{"date":"2021/09/02","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n
\n

She knows, now, absolutely, hearing the white noise that is London, that Damien’s theory of jet lag is\ncorrect: that her mortal soul is leagues behind her, being reeled in on some ghostly umbilical down\nthe vanished wake of the plane that brought her here, hundreds of thousands of feet above the Atlantic.\nSouls can’t move that quickly, and are left behind, and must be awaited, upon arrival, like lost luggage

\n

— Pattern Recognition by William Gibson

\n
\n

Jet Lag - as the name might imply - is relatively new for humans. Propeller-driven craft or trains\noften were much slower and didn’t travel as far over between timezones to cause it. Jet-driven airplanes\ntravel such great distances that our circadian rhythm is frequently disrupted - causing disorientation\nand stress.

\n

Traveling west is usually considered to be an easier shift than east. This is because most humans circadian\nclock has an endogenous period that’s slightly greater than 24 hours, and it’s easier to expand that window\nthan to shrink it. In most cases, the 6-9 hour shift East causes the most problems.

\n

There’s lots of “cures” for jet lag but in most it boils down to timing and sleep schedules.\nPush to go to bed at a reasonable bedtime in the target timezone. Time your flight to avoid\nlight when leaving and find light on arrival.

\n

Sometimes, though, you just have to wait for your soul to catch up with your body.

","fields":{"slug":"/2021-09-01"},"frontmatter":{"date":"2021/09/01","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Kanji is exceptionally confusing to me. When looking at the word 森林浴 - “shinrin yoku”,\nI wanted to learn a bit more about these three words that make up the compound word.

\n

To start with, though, let’s look at another word: 木 - “ki”, or in english “tree”.\nIt’s 4 strokes and is a grade 1 / JLPTN4. It’s taught in grade 1 of Japanese schools\nand is part of the Japanese Language Proficiency Test N4. This one’s pretty simple!

\n

So, then 林… 木木, right? This is “hayashi”, and could somewhat be translated to a\nsmall grove or woods. Think a bunch of bushes, a few trees on their own. 8 strokes,\nstill grade 1, but JLPTN3.

\n

森 … okay, so we have THREE 木 now. This is “mori”, translated to a small forest\nor a large wooded area. Imagine a denser greenery - perhaps harder to traverse.\n12 strokes, again grade 1 and JLPTN3.

\n

Put all this together and we have 森林 - “shinrin”. A big forest, like a mountain\ncovered in foliage. If you’re thinking a forest in English, that’s what we’ve got here.\nLots of 木.

\n

浴 is yoku. 10 strokes, Grade 4, and JLPTN2. This one’s a bit tougher.\nIt’s a combination of 氵 (one of the water radicals) and 谷 (“tani”, or valley).

\n

Put it all together and you have 森林浴, a peaceful walk to bask in the forest.

","fields":{"slug":"/2021-08-31"},"frontmatter":{"date":"2021/08/31","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

An article was posted last month about the the dangers of autofill in password managers.\nThe thought is that if there’s Cross Site Scripting (“XSS”) on the page you’re logging in and\nthe password manager helpfully automatically fills in the password you’ll lose your password.

\n

The point attempted by the article is not XSS on the authentication page\nbut instead anywhere. The idea is that you create a fake form that looks like a\nsimple login page, the password manager fills in the credentials and then\ndeletes the form after shipping the credentials off.

\n

So - you get the advantage of a much lower level of effort credential\ncollection approach. This is usually for the security / ease of use tradeoff.\nGot it, though, let’s disable autofill globally - that solves the problem,\nright?

\n

Well.. no. If you have an XSS vulnerability even without a password manager\nit’s already game over - you’ll be losing that password. Change the URL via the\nhistory API to be the correct URL, throw the fake login page out, collect the credential\nthe user types in.

\n

While it’s safer to disable autofill the question brought up is “will people use it?”\nIf the ease of use gets folks to use different passwords between services.. it’s\na security win in my book even if these new vectors are opened.

","fields":{"slug":"/2021-08-24"},"frontmatter":{"date":"2021/08/24","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The Russian Multipurpose Laboratory module “Nauka” docked with the International Space Station\nat 9:29AM Eastern on July 29th. It had an 8 day journey to get to the station.\nNauka is a docking port, a spacewalk airlock, and a whole science facility - the biggest room\nin the International Space Station yet at 13 meters long and a diameter of 4.25 meters.\nNauka launched from Kazakhstan after 14 years of delays.

\n

Celebrations were had after the docking procedure was successful.

\n

3 hours later at 12:59PM Eastern the ISS was passing over Indonesia. Nauka’s autopilot\nwoke up and decided that it was time to take thrust control and leave. Unfortunately, Nauka was\nstill firmly attached to the station. This is not ideal for the crew within the station.

\n

The module started firing its thrusters to position the module for firing its main thruster.\nOutside of radio control from Moscow’s Mission Control, it was unknown that Nauka was firing\nits thrusters. Only once the ISS started to shift orientation from these thrusters did NASA\ndetect it - but within minutes the Flight Director in Houston started attempts to\ncounteract the spin.

\n

At the same time, the station’s automated systems began to note the deviation from norm\nand took action to counter the spin via thrusters on the Russian half of the station.\nHouston Mission Control instructed astronauts to close hatches and windows - preparing\nfor the worst. The ISS was designed to handle this kind of torque - but it was a maneuver\nfar outside normal mission parameters.

\n

44 minutes of thruster action rotated the station one and a half turns about its long-axis.\nBy the time the station entered back into Russian radio contact the thruster had exhausted\nits fuel and was dormant. Moscow Mission Control directed the flight control back to the\nISS from Nauka and sent instructions for the station’s thrusters to return the ISS to\na more desirable orientation.

\n

Work continued as normal after the disaster had been averted.

","fields":{"slug":"/2021-08-11"},"frontmatter":{"date":"2021/08/11","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n
\n

I can open your eyes\nTake you wonder by wonder\nOver sideways and under\nOn a magic carpet ride

\n
\n

How magical is that magic carpet ride, though?

\n

We see prince Ali and Jasmine leave Agrabah on a magic carpet ride.\nJasmine asks if it’s safe and then Aladdin just starts singing.\nOff to a shakey start, but they leave Agrabah, climb 15,000 feet above\nthe clouds. On a few occasions they are thrown off the carpet\nbut it catches them. You know. Safe. 60 seconds later they’re at\nwhat looks like the Great Sphinx of Giza. 15 seconds later they\nare at what looks like the Parthenon in Athens.

\n

The distance from the Sphinx in Giza to the Parthenon in Athens\nis 615 miles across the Mediterranean Sea. To travel this in 15\nseconds that magic carpet ride would be traveling in excess of\n150,000 miles per hour - or roughly Mach 195. This puts them in\nthe same league as a faster than average meteor. Meteors heat up\nboth from air friction as well as the compression of air in front\nof them, and thus it would be safe to believe the magic carpet\nride would have burst into flames as it travels across the sea.

\n

Assuming they decelerate over the course of 3 seconds (perhaps\nwhen Aladdin is saying there’s time to spare) they would have\nexperienced 2200 times the force of gravity. If Aladdin is\naround 120lbs normally (he’s a street rat, after all), his body\nwould have felt like it weighed ~280,000lbs. For reference,\na blue whale is 290,000lbs.

\n

So, per Jasmine’s question, “Is It Safe?”, most certainly not.\nIf it weren’t for the fact that it’s “magic” I wouldn’t trust\nprince Ali with anyone’s safety on that thing.

","fields":{"slug":"/2021-07-29"},"frontmatter":{"date":"2021/07/29","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Fortran added conditional ternary expressions to the language\na few days back. Yes, the language developed in the 1950s.\nIt’s still seeing stable releases every few years, and will continue to\ninto the future. However, Fortan 2018 is far different from the\nlanguage described in the 1956 “Fortran Programmer’s Reference Manual”.

","fields":{"slug":"/2021-07-02"},"frontmatter":{"date":"2021/07/02","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

President Biden signed an Executive Order to improve the\nNation’s Cybersecurity posture. This is a pretty big deal\nbecause it signals to every organization across the\ngovernment that they need to divert funding to implement\nthis order.

\n

This Executive Order covers a pretty wide variety of tasks,\nbut a few things specifically stand out to me:

\n
    \n
  • incorporation of NIST guidelines and standards as part of a playbook
    • \n
  • enforcement of Multi-Factor Authentication everywhere in government
    • \n
  • additional expectations of a Software Bill of Materials
    • \n
  • required movement towards a Zero Trust architecture
    • \n
\n

The NIST guidelines are not that “out there” all things considered.\nHowever, there’s a number of which that most government agencies don’t\nseem to follow. Suggestions against Password expiration and arbitrary\npassword composition rules are high up on that list. Government\nsites also often make it difficult ot use password managers which\nis discouraged by the NIST rules. NIST has a really handy\nFAQ if you’d like the short version.

\n

Multi-factor Authentication is pretty clear in NIST to not\nbe SMS and not be email. This is to be adopted by agencies\nwithin 180 days of the order - and if they can’t adopt it within\nthat time frame they must explain why not every 60 days to\nDHS / CISA / etc. Hopefully, most organizations will choose\nexisting solutions like login.gov to implement this.

\n

Software Bill of Materials is less clear as to what\nit’s really requiring. The executive order does not\ndefine this, but does set in place the requirement\nthat a definition must be published within 60 days\nby the Secretary of Commerce.

\n

Zero-Trust architecture is where there will be a huge\namount of work to be done. This is designing systems in\na way that encourages defense with both public and private\ninteractions of systems. Expect that there’s a potential\nthreat actor that’s breached your network. With that in\nmind, you can’t give full access to just anyone and everything.\nInstead, you have to clearly define access and privileges,\nenforcing controls on who gets what and why.

\n

I’m excited to see an executive order that takes cyber security\nseriously. Thanks to Beau Woods for tipping me off\nabout this, I hadn’t even heard of it!

","fields":{"slug":"/2021-06-16"},"frontmatter":{"date":"2021/06/16","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Fastly had a bit of an incident on June 8th which you might’ve seen.\nThe outage lasted around one hour, but it meant that loads of sites that rely\non their CDN were impacted.

\n

Fastly uses a fork of Varnish 2 that they maintain internally - a general\nHTTP Cache. This is core to a lot of how they do business, but isn’t the only\npiece of software they employ. However, they do give customers access to VCL,\na domain specific programming language to influence the behavior of their caching\nsolution.

\n

Best guess is that someone had included a configuration value that created VCL\nwith undefined behavior which caused the shared infrastructure to crash\nor otherwise stop serving as expected. This is all a guess, of course, because\nthey’re being relatively hush-hush about the exact details of the problem.\n(Makes sense because we don’t really need to know & it’s ~24 hours since\nthe actual problem.)

\n

They did provide a very great blog post and short post-mortem about the\nincident right away, though. For such a large company, that’s quite\nimpressive.

\n

Let’s just hope they don’t have to do that too often.

","fields":{"slug":"/2021-06-09"},"frontmatter":{"date":"2021/06/09","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The playdate is an amazingly interesting exercise in\nthe right marketing, the right UX, the right device, and the right time.

\n

It’s an amazingly whimsical but simple device with\na black and white screen, an itty bitty processor,\nsome buttons, a directional pad, and a crank. Yes, a\ncrank on the side as part of the game input.

\n

This was made with folks over at Teenage Engineering,\nwho are also amazingly good at marketing & UX. I’ve\nhad so much fun with the pocket operators (here’s a video someone else made, not me!) and\nalways want to buy their other devices..

\n

None of these devices are exactly special from a technical sense but it\nis from how it makes you feel. I think that’s what matters.

","fields":{"slug":"/2021-06-08"},"frontmatter":{"date":"2021/06/08","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

I read a wonderful blog post about the opening lines\nof novels and their importance. This is very true! There’s a lot\nto be said of the impact you can have in that first sentence.\nThis applies not just to books - you have a miniscule amount\nof time to leave a good impression and bring people in.

\n

However, there’s quite a bit also to be said about not starting\nwith that opening sentence. You don’t need to get it right\nfirst thing. A terrible book with an amazing initial line\nis just a book that everyone will read and hate.

\n

If you can iterate, you can eventually get that amazing sentence\nthat gets everyone to pick up what you’re selling.

\n

John Swartzwelder, a writer for the simpsons,\ngives advice on the subject:

\n
\n

I do have a trick that makes things easier for me. Since writing\nis very hard and rewriting is comparatively easy and rather fun,\nI always write my scripts all the way through as fast as I can,\nthe first day, if possible, putting in crap jokes and pattern dialogue—\n“Homer, I don’t want you to do that.” “Then I won’t do it.”\nThen the next day, when I get up, the script’s been written.\nIt’s lousy, but it’s a script. The hard part is done. It’s like a\ncrappy little elf has snuck into my office and badly done all my\nwork for me, and then left with a tip of his crappy hat.\nAll I have to do from that point on is fix it. So I’ve taken\na very hard job, writing, and turned it into an easy one,\nrewriting, overnight. I advise all writers to do their\nscripts and other writing this way.

\n

And be sure to send me a small royalty every time you do it.

\n
\n

This, of course, applies beyond just script writing. Software, products,\nwhatever it may be - often, the biggest roadblock you will have is\nthat initial impetus to get things rolling. Once you have something\nit’s much easier to make smaller improvements.

\n

With that in mind, go forth and embrace the crappy little elf that\nbuilds the v0.1 of whatever you’re making. Then, show them\nhow much better you can make it.

","fields":{"slug":"/2021-06-07"},"frontmatter":{"date":"2021/06/07","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

For some reason, any time you see someone in a movie go into space\nwithout a space suit you invariably see them explode, freeze, or\nsomehow boil. None of this is true, but it’s not like the vacuum\nof space is really all that hospitable.

\n

There’s a neat blog post from 2013 that backs me up on this, but\nfor the most part: going out in to space without a space suit\nis inadvisable, just for different reasons. There’s the issue of\nradiation, vacuum, and a distinct lack of oxygen.

\n

Within a few seconds, you’d feel slightly warm, not cold, in space.\nSure, space is cold but there’s very little transfer of temperature.\nThis is because there’s no matter in space to transfer heat via conduction\nor convection. Instead, all you’ve got is thermal radiation.\nThis means either heat will be being radiating to you slowly from\nthe sun or heat will be radiating off of you slowly. You won’t\nbecome a popsicle.

\n

The vacuum of space is dangerous, but not in the same way that you\nwhere people pop like a balloon. Instead, you’ll see some tissue\nswelling from water vapor under the skin, with some pretty gnarly\nbruises. However, this can also end up causing gas bubbles to form\nwithin the bloodstream which can be incredibly deadly.\nAnother issue is that the decompression will cause the air in\nlungs to expand to an extent that could be incredibly dangerous.\nSo, Pro-Tip: Before taking a space walk without a space suit,\nexhale as much as you can.

\n

The vacuum of space means a lack of matter, though. Oxygen\nis matter. Often times, humans need oxygen to survive. This is\nwhere we come into our third problem: you can’t breathe in space,\nand worse, because of the vacuum the lungs actually will REMOVE\noxygen from the blood stream. In under 30 seconds, you will\nstart getting deoxygenated blood to the brain, and it’s lights\nout. Suffice it to say, it’s downhill from there.

\n

So, short version? Don’t go into space without a pressure suit\nand a steady supply of oxygen.

","fields":{"slug":"/2021-06-04"},"frontmatter":{"date":"2021/06/04","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Amazon is starting its acquisition of MGM for a whole lotta cash.\nThis is a bid to try to buy the defeat of Netflix via Amazon Prime streaming\nservices. James Bond, the Addams Family, Stargate, The Lord of the Rings,

\n

There’s a famous anti-trust case, US vs Paramount, which put an end\nto the Hollywood studio system. In the old system we had The Big Five studios -\nwhich included MGM - and they had a 90% ownership over the film market.

\n

The studios had actors that had exclusive contracts, they made films that they owned\nexclusive rights to, and would only release them in theaters owned by the studio.\nThe studios owned the entire vertical and it prevented smaller studios from\nbreaking into the market. They couldn’t get actors. They couldn’t get\ntheir pictures up on screens.

\n

This is all very similar now to the big VOD streaming companies. But hey,\nthere’s legal precedent to prevent history from repeating itself, right?\nWell.. not exactly. On August 7th, 2020, the DOJ reversed the decision\nand added a termination period to the decree. This was heavily opposed by\nindependent movie theater owners. By the time Amazon acquires MGM this\nwill be completely reversed and Amazon will continue to burninate the\ncountryside, gobbling up as much as possible. All it takes is for Amazon\nto buy AMC.

\n

Now we’ll have a new Big Five: Netflix, Youtube, Amazon, Hulu, and Dinsey+ take up 85%\nof the streaming market. Art for Art’s sake, right?

","fields":{"slug":"/2021-05-26"},"frontmatter":{"date":"2021/05/26","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Getting DOOM to run on devices is a bit of a past-time to some folks.\nA recent product hunt offering has a DOOM captcha available.

\n

DOOM can run on a fridge, a pregnancy test, or a printer.\nThis is partially because DOOM was written run on Intel 8086 PCs with limited\nto know graphics processing abilities. Compared to current computing\npower, it requires a miniscule amount of technical capabilities to\nrun - at least compared to software like modern web browsers.

\n

Much of this has to do with how the internals of DOOM works!\nIf you’d like to learn more about that, there’s always the\nGame Engine Black Book on DOOM!

\n

Then you can figure out how to run DOOM in DOOM.

","fields":{"slug":"/2021-05-25"},"frontmatter":{"date":"2021/05/25","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

There are a lot of birds! There’s a recent global abundance study of birds\nwhich puts the estimate of birds at around 50 billion individual birds\nin the world. This is across roughly 9700 different species!

\n

From big birds to little birds, they’re all amazing.

\n

I think the Northern Mockingbird is interesting in particular, though.\nThey’re known to be highly intelligent. If you are just a passerby in their\nnesting area, they’ll usually leave you alone. However, they can recognize\nindividual humans! If you’re commonly near them they’ll remember you and\nhave been known to try to scare you away. They’ll even remember if you’ve\npreviously threatened or attacked them.

","fields":{"slug":"/2021-05-21"},"frontmatter":{"date":"2021/05/21","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Microsoft is retiring Internet Explorer June 15, 2022.

\n
\n

If you’re a web developer working on a modern website or app, we know you’ve\nbeen waiting for this day for a long time. Internet Explorer has increasingly\nbeen difficult to support side-by-side with modern browsers. With this change,\nenterprises and consumers will be able to limit their use of Internet Explorer\nto only those legacy sites that absolutely need it.

\n
\n

They even have a feature to nag people to stop using IE for your site!

","fields":{"slug":"/2021-05-19"},"frontmatter":{"date":"2021/05/19","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

SQLite is a self-contained, high-reliability, and very very fast SQL database engine.\nIt’s known as the most widely deployed database engine in the world. It’s\nabsolutely the most deployed database engine off-world, too.

\n

There’s a really cool blog post about hosting SQLite online, with a virtual\nfile system that uses range requests to cut down on fetches. In this way, you can\nread from a database of nearly any size and query it efficiently! With a properly\nwritten query you can do instant lookups against gigabyte+ SQLite tables.

\n

If you mix this with trigram indexing you can do a lot of Full-Text search needs\nvia an S3 bucket and the web! While it won’t have nearly as many features\nthis could potentially replace quite a lot of the features Algolia provides.

\n

Would I suggest replacing a mission-critical log aggregation and query for\na top-100 tech company? Nope. Is it good enough for smaller use-cases?\nYou betcha it is.

","fields":{"slug":"/2021-05-18"},"frontmatter":{"date":"2021/05/18","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Sometimes new technology and transit goes haywire, as seen earlier this morning when\na reboot caused turnstiles to lock up and prevent entry. In most cases the turnstiles are\nsupposed to fail open. However, it seems an oversight was made during the engineering process\nwhich caused them to fail closed.

\n

New technology isn’t always terrible, though! One thing MTA has been working on has been\nimproving the signals they use for maintaining traings. Over the past five years the MTA\nhas been replacing the existing infrastructure with newer digitized versions.\nSome of these signals were a century old. Because of this, trains can safely increase speeds!

\n

If you take the R line in the city, for instance, trains have sped up 15mph all the way\nto 50MPH in some areas! Even dangerous areas like near the Brooklyn-Bridge/City Hall station\nthey were able to increase speeds because of this.

\n

Some of this has also allowed for new kinds of data to be recorded. Many of these points help\nwith logistics and planning for maintenance work and train routes. However, others\nenable things like the really cool live MTA map that shows where trains are in\nreal time along the routes!

","fields":{"slug":"/2021-05-17"},"frontmatter":{"date":"2021/05/17","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Yoko Taro is an incredibly talented video game director and writer. Games that he’s worked\non include Drakengard, SINoALICE, Nier, and Nier: Automata. He’s pushed video games in\nextreme ways that create beautiful experiences. There’s a level of polish and finesse\nexhibited. Platinum Games published a post about the music in Nier Automata that\nI found really interesting.

\n

The music is all over the place in really amazing and interesting ways. One thing which\nmakes it interesting is the vocals are often a mix of languages, between old Gaelic,\nFrench, Japanese, and English. This means no matter what you speak it is slightly foreign\nand like it’s from another time and place.

\n

In Nier: Automata parts of the game are “Hacking” sections. At these points the game’s\nmusic switches over to an “8-bit” version which is much lower fidelity and sounds\nreminiscent of older video games instead of the orchestra of the normal soundtrack.

\n

However, not all pieces of their score for NieR: Automata received an 8-bit track -\nfor the amount of music they have it was nearly untenable. Part of this has to do\nwith some of the systems they had around mixing different tracks together.\nThey instead developed a system that automatically created the chiptune music from\nthe traditional orchestral score.

\n

This was done by bucketing 48 tones across 4 octaves out of the score, distoring\nthem aggressively, removing anything that was below a specific level to make the\noutput clearer, and applying it back over the original song.

\n

You can see how it worked in practice on their Youtube channel.

","fields":{"slug":"/2021-05-12"},"frontmatter":{"date":"2021/05/12","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The Seagaia Ocean Dome was a really, really big pool.

\n

Well, it was more than a relaly big pool:\nIt was 6 times the size of an olympic pool, had 12,000 square meters of simulated beach,\nand was filled with more than 3.5 million gallons of water kept at 82F year round.\nIn the case of bad weather they had the world’s largest retractable roof to keep\neverything going year round.

\n

The Ocean dome was opened in 1993 and demolished in 2017 after multiple bankruptcies\nand related hotel closures.

\n

It wasn’t that bad of a waterpark, all things considered!

","fields":{"slug":"/2021-05-10"},"frontmatter":{"date":"2021/05/10","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Cloudflare has a really interesting blog post about branch prediction and the\ncost of if jumps in code. If it’s C, I’m unsure why you’d have non-macro debug if\nblocks peppered throughout your code, but sometimes it could make sense.

\n

The blog post investigates branch prediciton and how the [Branch Target Buffer][2]\naffects performance. The TLDR is that once you go above the L1 instruction cache\nyou will find some cost, but in general the cost of an if statement that’s never\ntaken is little to nothing, and the cost of always-taken branches may be an\nissue.

","fields":{"slug":"/2021-05-07"},"frontmatter":{"date":"2021/05/07","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

A paper submitted to ACM in 2019 reviewed the privacy implications of\naccelerometer data as of that time.

\n

Behavior tracking can go beyond the traditional step counter people think\nof when it comes to behavioral analysis. Eating, drinking, and smoking,\ncan be determined from wrist-mounted accelerometers. Further, gait can be inferred\nand level of intoxication can be interpreted. This can also give a guess\non how heavy of a load a person is carrying.

\n

Taking all of this a bit further, you can even determine what is being said or\nwritten via these devices. Determining specifc spoken “hotwords” could be done\nvia accelerometer alone. It’s also possible to figure out what someone has typed\non their phone’s virtual keyboard without actually having access to the keyboard\nthrough only the movements of the phone.

\n

Inference beyond this can be done to get fuzzier understanding of who someone is\nwithout actually know who they are. Someone’s physical activity and timing can\ninfer someone’s socioeconomic status, openness, and extraversion. It can be used\nto understand someone’s mood, their relationships with others, and overall stress\nlevels. It can also be used to determine age and gender based on gait, movement\nparameters, and activity.

\n

The short version, though? We really need to enforce the privacy related to\nwearable devices. It’s an imperative for our safety.

","fields":{"slug":"/2021-05-06"},"frontmatter":{"date":"2021/05/06","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Microgravity always looks really fun. It’s all fun and games until someone\ngets hurt, right?

\n

In space and in micro-gravity we lose the constant of gravity to prevent\nitems from moving in a specific direction. If you let go of a wrench while\nyou’re moving it, it falls to the ground and friction stops its movement\non Earth. In space, that wrench will continue in the direction you let\ngo of it and bonk someone in the head.

\n

This is when you’d need to do a little surgery to suture up your mistake.\nSurgery in space is going to be even more difficult because of a number of\nreasons.

\n

Without gravity, we don’t have blood being pushed downwards. Instead, blood\npools in the center of your body. If this happened on Earth, it would mean\nyou have too much blood! So your body will try to remove liquid, thus lowering\nyour blood volume significantly. This brings your standard blood volume\nin space to a pretty low level already. If you add a wrench to the head,\nthough, you lose even more blood, putting you at a critical level quickly.

\n

Wound healing in microgravity is also an unknown - we’ve done almost no research\non how wounds will heal in space. It’s likely that there will be trouble because\nof the lack of gravity pushing downwards. This is made worse by the fact that your\nimmune system will be heavily suppressed and poorly prepared to fight off infections\nfrom being in the microgravity. Bacteria grows in even more interesting ways -\ninstead of growing in two-dimensions because gravity holds it down, it\ncan grow in 3 dimensions.

\n

Without gravity, water will be held together not by gravity, but instead by surface\ntension. Surface tension will cause the blood to pool together, obscuring the\nview of surgeons. You’ll need to constantly be clearing the field of view,\nbut given weightlessness and possible bacteria infections it’s difficult to\ndecide what to do with that excess. That’s also an unknown.

\n

Suffice it to say - we probably aren’t prepared for this yet.

","fields":{"slug":"/2021-05-04"},"frontmatter":{"date":"2021/05/04","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Observance of Shabbat seems to be very tricky to accomplish in our modern\nage of technical advancement. There’s a number of ways this is approached,\nsuch as the shabbat mode in a few different devices, or other means.

\n

Elevators have a shabbat mode. They will often pick up from the 1st floor, go to\nthe top floor, and then stop on every floor. That way, you don’t operate the\nelectric device and thus can properly observe.

\n

Ovens often will have a shabbat mode, too. Some you set a cook time and desired\ntemperature and then it’ll randomly turn on at some point in the near future,\ncompletely out of your control. Sort of. Others will keep the oven\ncontinuously running at a specific low temperature all day. As long as you\narne’t creating new “fire” then maybe it’s fine?

\n

There’s the eruv wires that mark a territory as “private”. This means during\nShabbat you can carry objects within these designated areas. One such eruv\nencircles all of Manhattan. All of it. Every week it’s inspected\nand a status report is given on twitter.

\n

But hey, don’t trust me on this. Ask Rabbi instead.

","fields":{"slug":"/2021-05-03"},"frontmatter":{"date":"2021/05/03","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Influenza has more or less disappeared, according to Scientific American.\nWhere we’d normally be seeing 35,000+ deaths from the flu in the US?\nWe’re now seeing only around 600 or so. The WHO has also noted this as well\nin their vaccine recommendation, and in their influenza tracking operations.

\n

What’s more is that because there’s so few virus particles circulating\nthere’s a lower chance for mutation. This means the vaccine will be even\nmore effective than it would be.

\n

Hopefully this doesn’t mean we’ll lose some immunity we’d normally have\nfrom it and end up with an influenza strain that is much more difficult\nto manage.

","fields":{"slug":"/2021-04-30"},"frontmatter":{"date":"2021/04/30","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The North American X-15 was an aircraft that was ahead of its time in the 1960s.\nBuilt by North American Aviation and Reaction Motors, its first flight was\nJune 8th, 1959. There were only 3 ever produced, but they helped push aeronautics\nfurther than ever before.

\n

The X-15 could not launch under its own power. Instead, it was lifted by a modified\nBoeing B-52 Stratofortress and released before it would fire off on its own power.\nThe X-15 would reach speeds of 4,520 miles per hour at an altitude of 19.34 miles.\nThis is the highest speed ever recorded by a crewed, powered aircraft to this day.

\n

Every pilot that took flight in the X-15 took their own lives in their hands.\nThe ejection seat had never been tested, or used, but would only work at up to\n2700 miles per hour. The pilots also wore pressure suits, and both the pressure\nsuit and the cockpit would be pressurized with nitrogen gas before flight.\nFortunately, all pilots of the X-15 made it out of the program relatively\nunscathed.

\n

Looking at the X-15, you do have to wonder: who in their right mind would step into that thing?

","fields":{"slug":"/2021-04-29"},"frontmatter":{"date":"2021/04/29","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

For some reason, Pokemon cards - first edition - are going for insane prices.\nFolks are spending millions of dollars on them. Part of this\nis because the sale of first edition cards like a Charizard have sold\nfor over $200,000 USD. People are investing in Pokemon cards\ninstead of property.

\n

However, because of this, we’re seeing an increase in fraudulent cards.\nThe most public of which is a $375,000 USD box that ended up counterfeit.\nThis isn’t a new trend - art forgery has been documented even two thousand\nyears ago - where Roman sculptors produced copies of Greek sculptures.\nHowever, at the time, it was very likely known by the art buyers\nof the time that these were not genuine pieces.

\n

In 1496, Michelangelo sculpted a work of art - a sleeping cupid.\nThrough acid washing techniques, the piece was artificially aged\nand sold to a cardinal - who learned that it was not a true antique.\nHowever, being so impressed by Michelangelo’s talent, he let the young\nartist keep the money he was paid. It was still placed with other\ntrue antiques, and was thus passed off as if it were one.

\n

It leads me to think about Phillip K Dick’s “The Man in the High Castle”.\nIn it, we have Frank Frink who makes and ages Colt Pistols as well as\nother memorabilia. Does it matter more that they are actual Colt Pistols\nfrom the civil war? Or that people that are collecting them can say that\nthey are? It’s all in the “historicity”.

\n
\n

Getting up, he hurried into his study, returned at once with two cigarette\nlighters which he set down on the coffee table. “Look at these. Look the same,\ndon’t they? Well, listen. One has historicity in it.” He grinned at her.\n“Pick them up. Go ahead. One’s worth, oh, maybe forty or fifty thousand dollars\non the collectors’ market.” The girl gingerly picked up the two lighters\nand examined them. “Don’t you feel it?” he kidded her. “The historicity?”

\n

She said, “What is ‘historicity’?”

\n

“When a thing has history in it. Listen. One of those two Zippo lighters\nwas in Franklin D. Roosevelt’s pocket when he was assassinated. And one\nwasn’t. One has historicity, a hell of a lot of it. As much as any object\never had. And one has nothing. Can you feel it?” He nudged her. “You can’t.\nYou can’t tell which is which. There’s no ‘mystical plasmic presence,’ no\n‘aura’ around it.”

\n
\n

How much does it matter if the Shiny Charizard in Mint 9 condition\nis a forgery without true historicity if nobody could tell?

","fields":{"slug":"/2021-04-28"},"frontmatter":{"date":"2021/04/28","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

A few studies published in the Proceedings of the National Academy of Sciences\npurport that we have biases towards class from even a few seconds of speech.

\n

This is concerning but not unheard of. There’s subjective standards in the English\nlanguage which people bias as being a perceived higher social class. It changes\nhow we consider others. Another followup study examines how this may affect\nhiring managers’ assessment of qualifications.

\n

However, the research is even more interesting because it shows that pronounciation\ncues in speech gives a more accurate assessment as to someone’s social status\nthan the content.

","fields":{"slug":"/2021-04-27"},"frontmatter":{"date":"2021/04/27","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Google Cloud is terrifying to some people because of Google’s policy of axeing products\nall around.

\n

Steve Yegge penned an interesting blog post about their experiences with Google\ndeprecation both from inside google and outside google. In their case, they ran into\nsome of the same deprecation issues outside as they saw culturally on the inside.\nComparing it to AWS, there is a pretty stark difference in the deprecation policy\nof old technology that isn’t actively being developed on.

\n

Deprecation isn’t the only oddity. Quota increases can be weird, too - AWS asked me\nto get my quota upped why and I wrote something, I don’t think they read it, and then\nthey upped it. With Google, it was faster than AWS but I did have to talk to someone\non the phone in sales. It felt weird. Perhaps it’s a way to increase touch points\nand push people to use more at GCP?

\n

Google has gone on record saying that they’ll end the GCP projects if they don’t\noutclass Azure or AWS or the like. That’s a tall order, and would require a much heavier\nmarketing and engineering push than I’ve been seeing. They set the deadline to 2023,\nso I’m sure we’ll see Google Cloud shutting down before 2025.

\n

Who knows, though, I’ve heard rumors of folks dog-fooding Google Cloud internally.\nIf Google Cloud could sign a deal as big as Google onto their cloud, I’m sure they’d\nquickly outrank AWS, right?

","fields":{"slug":"/2021-04-26"},"frontmatter":{"date":"2021/04/26","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

There’s a Unicode proposal for Textile Care instructions. This adds 40\nnew characters which represent instructions on how to wash your clothes.\nThese are from ISO3758, which is the same as other international\nstandards that can be used.

\n

Much of this is based on work by GINETEX, an association for textile care\nlabels in Europe, South America, Africa, and Asia. They’ve been working\non care labels since the late 60s & pushing for regulation since the 70s.\nIf a nation is part of GINETEX, they mandate that the washing care instructions\nfollow correct use.

\n

Unfortunately, many of the GINETEX symbols are trademarked, thus can’t be used\nfreely in many European countries as part of the ISO3758 standard. This is\npartly because GINETEX wants to mandate the correct use of these symbols.

\n

But, seriously, how do I wash my coat?

","fields":{"slug":"/2021-04-22"},"frontmatter":{"date":"2021/04/22","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

University of Minnesota published a paper about vulnerabilities being\nintroduced to open source by malicious actors contributing commits. They did\nthis by intentionally introducing bad code via merge requests to the Linux\nkernel, leading to vulnerabilities. Some of the 190 commits have\neven landed in stable branches.

\n

Ethically, this is an\nunacceptable behavior for experimentation, and has been reported to the UMN\nInstitutional Review Board on these cases. Ethics complaints have also been\nfiled to IEEE to have the publication revoked, but it’s unlikely that it will\nbe. They’ve also been banned, as a University, from contributing to the\nLinux kernel, as well as from communicating through many Linux kernel mailing\nlists.

\n

Their experiments prove that humans are fallible. Good job, folks.

\n

*plonk*

","fields":{"slug":"/2021-04-21"},"frontmatter":{"date":"2021/04/21","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Someone called out allowing disposable email as a security concern today.

\n

I disagree. Disposable email is just another term for… email. Any email\nservice that you can sign up to. Just that some are easier to sign up to than\nothers.

\n

These lighter-weight sign up email services are important for people that are\nprivacy conscious and want to control how they are interacted with more readily.

\n

What about gmail? Okay, I sign up once with example@gmail.com - then the next day\nI sign up with e.xample@gmail.com - then e.x.a.mple@gmail.com - then example+1@gmail.com

\n

“Disposable” email services are not the issue, here. I don’t care if you use\na service that is “disposable” or “real” or not. I can use any address @my-domain\nand it will all work.

\n

Does that mean I run a disposable email service and I should be blocked?

","fields":{"slug":"/2021-04-16"},"frontmatter":{"date":"2021/04/16","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

John Wilander, principal engineer on Intelligent Tracking Prevention in Safari,\nopened an issue on the WICG FLoC github pointing out how FLoC can be used\nto create cross-site tracking. What this would mean is that the purported\nprivacy benefits of FLoC would be moot. In fact, it would make it easier\nto track a user.

\n
\n

To take this to the crowd metaphor: Before the pandemic and some time back,\nI attended a Mew concert, a Ghost concert, Disney on Ice, and a Def Leppard\nconcert. At each of those events I was part of a large crowd. But I bet you\nI was the only one to attend all four.

\n
\n

Indeed, de-anonymizing users is a huge problem.\n99% of Americans can be identified by 15 demographic attributes.\nAs part of this research, they created a tool using just three\ndata points - ZIP code, gender, and birth date - which has an 83% chance\nof identification.

\n

We aren’t as anonymous as we’d like to think because we’re all wonderful and special\nlittle snowflakes.

","fields":{"slug":"/2021-04-15"},"frontmatter":{"date":"2021/04/15","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

On November 18th, 2008, Heide Stefanyshyn-Piper looked out into the blue of\nthe ocean from 250 miles away. Above it. She kicked off for her third EVA for\nmission STS-126. She was out there with fellow astronaut Stephen Bowen\nto fix the rotation assembly that allows the solar arrays to follow the sun.\nIt had failed and was not operating optimally. The solution that the\nthose ground control folks came up with? Go out there with some grease\nand some wipes to clean it up and grease it up. No sweat.

\n

Looking into her airlock bag with these advanced tools she sees something\nvery concerning. “I think we had a grease gun explode in the large bag.\nThere’s grease in the bag.”

\n

She heard Steve Bown observe dryly over her headset, “Ah. it must have been\nthe pressure changes.” Putting that MIT engineering degree to work.

\n

The flight controllers peered through her helmet camera uplink and calmly\nassessed the situation, with suggestions. She grabbed a dry wipe and did her\nbest to clean up the grease. The EVA suit’s not known for being dextrous,\nthough, and one movement too exxagerated knocked the bag. It tumbled away,\noff on its own. Out of reach.

\n

“Oh, great. We have a lost tool, uh, I guess one of my crew lock bags was not\ntransferred and it’s loose.”

\n

This is how one more piece of space debris ended up in orbit. There are\nmore than 23,000 pieces of debris larger than 10cm in orbit. This number\ngrows every day. Even something as small as Heide’s tool bag can be identified\nand seen from the ground.

\n

Space debris becomes more and more of a concern as we look outwards from our\nown planet. This is a problem known as Kessler syndrom. The thought is\nthat a time could come where there’s such a density of space debris that\nwe avoiding collision would be impossible. Even in the early 2000s we found\nevidence of small debris embedding itself in shuttle windows.

\n

An impact with a piece of space debris is on average a collision with the\nrelative difference in velocity of 10-15km/s. This is 10x the speed of even\nthe fastest bullets. At that speed, even a bolt no bigger than your thumb will\ntear through steel like paper.

\n

There’s many projects to track and visualize space debris, but what do we\ndo to make this better?

\n

One approach is to stop putting things in higher orbits. Low earth orbit has\na small amount of atmosphere which causes drag on items. This means that,\nwithout assistance, items in low earth orbit will leave orbit and return\nto earth. This is great because it puts a much shorter time limit on debris:\nyears instead of millenia. This is why Starlink is considered less of a\nnegative impact on space debris.

\n

However, that still leaves thousands of tons of space junk in higher orbit.\nSome of these will take many, many lifetimes before they would deorbit on their\nown - perhaps longer. Actively removing these takes ingenuity. Science\nfiction has looked into this active removal via movies and comics.

\n

In reality, it’s more likely that we’ll use ground-based or sattelite-based\nLaser Brooms to control and deorbit smaller debris (1cm-10cm in size).\nThis works by targeting a piece of debris and firing a high-power laser to heat\none side of the debris to produce thrust. This would make the orbit unstable,\nquickening the eventual deorbit.

\n

Oh, and Heide’s toolbag. It was in a low orbit on its own around Earth until\nit lost enough velocity to return on August 3, 2009. It was vaporized\nduring reentry.

","fields":{"slug":"/2021-04-14"},"frontmatter":{"date":"2021/04/14","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Another Google product is being put out to pasture. In particular,\n“Google Play Movies & TV”. Previously available content will be on\nYoutube on Smart TVs. The Android app has already been\nrebranded to Google TV (not to be confused with Google TV).\nThis continues Google’s tradition of killing products.

\n

Google Play Music was taken out a few months back, with Youtube\nMusic being the replacement. This was such a difficult transition\nthat I started paying for Spotify for my parents to use.

\n

To understand why this is (I am not a Xoogler and I am sure SOMEONE\nhere would have a clearer picture to this) it helps to understand\npromotions at Google! Promotions at higher levels have criteria\naround impact to the organization and business. A project that\ncreates a big splash will get people promoted. This attracts people\nto those projects.

\n

On the other hand, maintenance does not lead well to impact. This\nmeans that projects that aren’t shiny and new will bleed members\nfrom their teams. Maintenance work is a dead end because in most\ncases, if you do your job right then nobody knows you’ve done\nanything at all.

\n

It’s totally understandable when you reframe it like this.\nBut nobody has to like it.

","fields":{"slug":"/2021-04-13"},"frontmatter":{"date":"2021/04/13","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Yet another great step for cryptocurrency enthusiasts, there’s now an\nimplementation of std::unique_ptr backed by crytpo NFTs! Exciting.\nWhat does that mean in practice?

\n

The std::unique_ptr in C++ is a smart pointer that manages another\nobject via a pointer (a reference to a memory address). What it does that\nmakes it “smart” is that it disposes of the object when the pointer goes out of\nscope. This is most often done using the delete operator, but can also be\nsupplied by the developer.

\n

This NFT pointer implementation has the same semantics and usability of a\ntraditional smart pointer, but also is on the Ethereum blockchain, making it\nsuperior.

\n
\n

As we all know, adding blockchain to a problem automatically\nmakes it simple, transparent, and cryptographically secure.

\n
\n

The difference in performance between the two is negligible\nin the grand scheme of things, with std::unique_ptr running in\n0.005 seconds, followed quickly behind by nft_ptr at 3 minutes per call.

\n

I applaud Zhuowei Zhang’s efforts to bring crytocurrency to more widespread\nappeal. For more information, check out their whitepaper.

","fields":{"slug":"/2021-04-12"},"frontmatter":{"date":"2021/04/12","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Amazon employees in Bessemer, Alabama voted against unionizing their\nworkplace. There’s a lot that could be said about this - whether there was\nsome form of interference in the vote, or if it’s good or bad for the\nemployees.

\n

If you take a look at Bessemer compared to other cities, it’s not\npositive. Manufacturing jobs dried up, unemployment rose, and crime increased.\nIt was voted Alabama’s Worst City to Live in by 24/7 Wall Street.\nThe Amazon jobs are huge - given that AMZN is employing some 30% of the city.\nFor that city, at least short term, Amazon can be a great power for good.\nLong term, who knows.

\n

As interesting as arguing about unions may be - let’s instead look at another\naspect of Amazon and how they interact with their workforce.

\n

In particular, the Fulfillment Center (FC) Ambassador Program.

\n

The FC Ambassador Program is a way for fulfillment center employees can spend\none day a week tweeting about how great their job is at the warehouse.\nThey are trained to follow scripts, and don’t get much out of doing this\naside from an amazon gift card and one limited paid day off\n(with an expiration of 3 weeks). This ends up with great tweets such as\nthe following.

\n
\n

Did you know that Amazon pays warehouse workers 30% more than other\nretailers? I feel proud to work for Amazon – they’ve taken good\ncare of me. Much better than some of my previous employers.

\n
\n

— Shaye – Amazon FC Ambassador 📦 (@AmazonFCShaye)\nAugust 21, 2018

\n

They’re often the “kiss asses” of the departments. Who can blame, them,\nthough? Getting out of loading and unloading trucks for 10 hours and all\nyou have to do is write some tweets? I’d be tempted, too.

\n

We continue to slowly tread towards the Amazon dystopia we never wanted.

","fields":{"slug":"/2021-04-09"},"frontmatter":{"date":"2021/04/09","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

We’re moving away from fossil fuels in our day to day transit as electric\nvehicles are becoming more viable for our transportation needs. However,\npushing people to use bicycles more would be far more helpful than\npushing for a transition to electric vehicles.

\n

Electric Vehicles are far from carbon neutral. They’re better than\ncombustion engine vehicles, of course, but the production and manufacturing of\nthe batteries and chassis still produces a large amount of emissions.\nThe generation of electricity to charge these electric vehicles is also\nnot carbon-zero.

\n

Pushing for bicycles works in urban cities. Especially those with milder\nclimates. However, most articles gloss over rural areas with more extreme\nclimates. It’s one thing to try to trudge around New York City when it’s a\nhumid 95F / 35C day. It’s uncomfortable and you might end up a little sweaty.\nIt’s an entirely different story to bike the 35 miles from Frisco, Texas into\ndowntown Dallas during the 115F / 46C summer. It’s downright dangerous.

\n

Bicycling is great if it’s an option - but it own’t be for everyone. While\nelectric vehicles aren’t entirely carbon zero, they’re better than many\nalternatives while being feasible “replacements”.

\n

But if you’re in a city and can bike somewhere? Do that. It’s healthier, too.

","fields":{"slug":"/2021-04-08"},"frontmatter":{"date":"2021/04/08","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Dungeons and Dragons, is first and foremost, a collaborative storytelling game.\nSure, there might be lots of numbers and mechanics to support these stories.\nWithout those, there’s a whole lot of chaos. At the end of the day, though,\nall of the rules can be blurred or broken.

\n

That’s why the Dungeon Master is always looked upon as a supreme being of\ngrand benevolence. It’s also why there’s one rule that has withstood the test\nof time: The Rule… of Cool.

\n

It’s one of the first things you often get told when you ask a seasoned\nstoryteller for DnD for advice. The Rule of Cool is simple, really. If it’s\ncool? Why not let it play out? Of course, cool is subjective.

\n

Here’s the deal: You’re playing with friends. You want your friends to all\nfeel like they are the most amazing people. (Spoiler: They are.) So the\nRule of Cool can be used as a fantastic reward to those wonderful players.

\n

My favorite rule of cool I’d been part of was when an Orc fighter, Human Druid,\nan Elven Cleric, and a Gnome Barbarian were in dire straits. They’d been a\nBig Bad Evil Wizard for an hour - and had nearly taken them down. Right\nas they were going to strike the final blow, the wizard had opened a magical\nportal (Dimension Door) towards their friend and compatriot, the Elven Cleric.

\n

He’d knocked them unconcious with a magic weapon attack, and the cleric\nwas barely holding onto their mortal coil. None of the three had enough time\nto get over the difficult terrain to the Big Bad to save their friend. A\nfriend that they’d gotten close with over months. Someone they cared about.\nIn less than 6 seconds they knew it would be the end.

\n

Except… what if… So the Orc player stared straight at our DM and declared\ntheir next action. “I’m going to do a fastball special.” They were declaring\nthat they’d PICK UP the Gnome and throw them as hard as they could at the\nBig Bad.

\n

The DM’s eyebrow raised as they opened up their rulebook, looked a bit, and\nclosed it. We all knew there was nothing in there about this. It’s just not\npart of the rules. We all knew what the answer would be.\n“I don’t think you can throw them quite that far. That’s 90 feet.” We were\nall a little slack jawed. Our DM had always followed the rules to a T… up\nuntil now.

\n

Our druid’s eyes light up. “GUST OF WIND! I HAVE A TURN. GUST OF WIND.”

\n

With a bit of contemplation, the DM sighed. “Alright.” Pointing at the Orc,\n“You roll strength.” Pointing at the Druid, “You roll wisdom”.\nPointing at the Gnome, “You roll for an attack.”

\n

Strength, 19, plus 4. “You see her muscles ripple, and our Gnomish friend\nfeels like there is an incredibly springboard under his feet. Before he has\neven a moment to think through how awful this plan is, he’s rocketed into the\nair.”

\n

Wisdom, 16, plus 3. “Druidic energy starts to emenate visibly from the staff,\nand all of you can hear a howling of wind through the trees picking up.\nWhile soaring through the air, the Gnome accelerates even faster - the wind\nscreaming by their ears.”

\n

Attack roll, natural 20. The gnome barbarian stares at the die, worried that\nit might change if they don’t keep a close eye on it. “The wizard’s eyes go\nwide, as he starts to utter an incantation - but not fast enough. You feel a\nCRUNCH as you slam into his chest, axes flying from a mix of momentum and\nyour rage. Your vision is blood red. You can hear your own pulse pounding in\nyour ears. Uhh.. you have brutal critical, don’t you. He’s only got..”

\n

The DM looked up quietly from behind their cardboard DM screen, they stole\nMatt Mercer’s line, with a giant grin growing across their face.\n“How do you want to do this?” We broke a lot of rules - but we all felt like\nheroes.

","fields":{"slug":"/2021-04-07"},"frontmatter":{"date":"2021/04/07","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Disney World is a monumental effort to make it the Most Magical place on Earth.\nMuch of this is attributed to the extreme amounts of engineering that have\ngone into manufacturing the magic.

\n

I think the Utilidor is the best example of this.

\n

Whenever you’re at Disney World, you’re technically on the rooftop of the\nMagic Kingdom. A portmanteau of Utility and Corridor, the Utilidor is the\ntrue “first floor” of the theme park. In most places in Florida, you dig a\nfew feet down? You hit water. Building underground is thus mostly a\ndangerous and difficult proposition. Thus, most of the Magic Kingdom is\nabout 100ft above sea level.

\n

The Utilidor is used for logistics in the park. Getting anything from point\nA to point B magically can be done via the tunnel systems.

\n

Employees (referred to as “Cast Members” per corporate mandate) travel between\nlocations using the Utilidor. This allows them to navigate quickly using\nelectric vehicles & get in the correct locations quickly for their work.\nThe Utilidor also houses a number of services for employees - such as\ncafeterias, banking services, hair salons, and more.

\n

What I think is the most interesting, however, is the automated vacuum waste\ncollection within the Utilidor. The utilidor has pneumatic tubes to quickly\nwhisk away any and all trash away from the park - to where it can be\ndisposed of or recycled. This helps the custodial staff keep the park as\nclean as it is - by taking all the trash and dumping it somewhere else.

\n

There are “Backstage” tours of Walt Disney World that show off the utilidor\namong other ways that the magic is preserved at the theme park. Even if\nsome of the illusion can be dispelled, though, it’s still real magic if you\nbelieve in it.

","fields":{"slug":"/2021-04-06"},"frontmatter":{"date":"2021/04/06","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The Supreme Court has come to a decision on the Google v Oracle case\nregarding Google’s usage of the Java SE API in Android’s Android Runtime,\nas well as Dalvik VM before it. This has been ongoing since August 2010.

\n

TLDR: It’s fair use, the declaring code is very small and is not\nimplementation, but instead a general organization. As such, it’s fair use.

\n

Let’s read a couple excerpts!

\n

The most succinct description of how this is fair use:

\n
\n

Google copied these lines not because of their creativity or beauty but\nbecause they would allow programmers to bring their skills to a new\nsmartphone computing environment.

\n
\n

But does this mean that programs in general are not copyrightable?\nThe following decides that’s not the case:

\n
\n

As part of an interface, the copied lines are inherently\nbound together with uncopyrightable ideas (the overall organization of\nthe API) and the creation of new creative expression (the code inde-\npendently written by Google). Unlike many other computer programs,\nthe value of the copied lines is in significant part derived from the in-\nvestment of users (here computer programmers) who have learned the\nAPI’s system. Given these differences, application of fair use here is\nunlikely to undermine the general copyright protection that Congress\nprovided for computer programs

\n
\n

How much of the code is considered copied:

\n
\n

If one considers the declaring code in isolation, the quan-\ntitative amount of what Google copied was large. Google\ncopied the declaring code for 37 packages of the Sun Java\nAPI, totaling approximately 11,500 lines of code. Those\nlines of code amount to virtually all the declaring code\nneeded to call up hundreds of different tasks. On the other\nhand, if one considers the entire set of software material in\nthe Sun Java API, the quantitative amount copied was\nsmall. The total set of Sun Java API computer code, includ-\ning implementing code, amounted to 2.86 million lines, of\nwhich the copied 11,500 lines were only 0.4 percent

\n
\n

However, my favorite part of the entire decision is that they retell one of\nthe world’s shortest short stories:

\n
\n

When he awoke, the dinosaur was still there.

\n
","fields":{"slug":"/2021-04-05"},"frontmatter":{"date":"2021/04/05","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

There’s a really neat stack overflow post about the\nAmiga OS Kickstart image. They ask why the image included during the\nbootstrapping sequence of the Amiga computers - known as “Kickstart” - was so\nugly. The image showed up and instructed the user to insert the Kickstart\nfloppy so the computer could start.

\n

The short version is that they were severely resource constrained. A bitmap\npayload would have been around 4KiB, but vector art data for the Kickstart\nimage weighed in at only 412 bytes. This was very important when they only\nhad 8KiB of space to work with for the pre-boot ROM.

\n

The vector art data is as follows:

\n
FF 01 23 0B 3A 0B 3A 21 71 21 71 0B 7D 0B 88 16 88 5E 7F 5E 7F 38 40 38\n3E 36 35 36 34 38 2D 38 2D 41 23 48 23 0B FE 02 25 45 FF 01 21 48 21 0A\n7E 0A 8A 16 8A 5F 56 5F 56 64 52 6C 4E 71 4A 74 44 7D 3C 81 3C 8C 0A 8C\n0A 6D 09 6D 09 51 0D 4B 14 45 15 41 19 3A 1E 37 21 36 21 36 1E 38 1A 3A\n16 41 15 45 0E 4B 0A 51 0A 6C 0B 6D 0B 8B 28 8B 28 76 30 76 34 72 34 5F\n32 5C 32 52 41 45 41 39 3E 37 3B 37 3E 3A 3E 41 3D 42 36 42 33 3F 2A 46\n1E 4C 12 55 12 54 1E 4B 1A 4A 17 47 1A 49 1E 4A 21 48 FF 01 32 3D 34 36\n3C 37 3D 3A 3D 41 36 41 32 3D FF 01 33 5C 33 52 42 45 42 39 7D 39 7D 5E\n34 5E 33 5A FF 01 3C 0B 6F 0B 6F 20 3C 20 3C 0B FF 01 60 0E 6B 0E 6B 1C\n60 1C 60 0E FE 03 3E 1F FF 01 62 0F 69 0F 69 1B 62 1B 62 0F FE 02 63 1A\nFF 01 2F 39 32 39 32 3B 2F 3F 2F 39 FF 01 29 8B 29 77 30 77 35 72 35 69\n39 6B 41 6B 41 6D 45 72 49 72 49 74 43 7D 3B 80 3B 8B 29 8B FF 01 35 5F\n35 64 3A 61 35 5F FF 01 39 62 35 64 35 5F 4A 5F 40 69 3F 69 41 67 3C 62\n39 62 FF 01 4E 5F 55 5F 55 64 51 6C 4E 70 49 71 46 71 43 6D 43 6A 4E 5F\nFF 01 44 6A 44 6D 46 70 48 70 4C 6F 4D 6C 49 69 44 6A FF 01 36 68 3E 6A\n40 67 3C 63 39 63 36 65 36 68 FF 01 7E 0B 89 16 89 5E FE 01 22 0B FE 01\n3B 0B FE 01 61 0F FE 01 6A 1B FE 01 70 0F FE 01 7E 5E FE 01 4B 60 FE 01\n2E 39 FF FF
\n

The way it was interpreted followed pretty simple rules:

\n
\n
    \n
  1. Read two bytes at a time.
    2. \n
  2. If both bytes are FF, end the program.
    3. \n
  3. If the first byte is FF and the second byte is not, start drawing a polyline with the color index given in the second byte. Treat any subsequent two bytes as x,y coordinates belonging to that polyline except if the first byte is FF (see rules 2 and 3) or FE (see rule 4), which is where you stop drawing the line.
    4. \n
  4. If the first byte is FE, flood fill an area using the color index given in the second byte, starting from the point whose coordinates are given in the next two bytes.
    5. \n
\n
\n

Sheryl Knowles, the first Amiga artist, noted that there were no real\ntools on the Amiga to make many of these images aside from when they\neventually wrote Graphicraft. At that point, using graphicraft she\nheld the floppy in her left hand and painstakingly created the drawing with\nher right hand.

\n
\n

The drawing was limited in size and in the number of pixels that could be\nused, by the programming requirements of the time. All of which should\nexplain why it’s a bad drawing. But it was deemed a sufficient icon.

\n
\n

Which is very true! Even if it’s ugly, it’s clear what it’s supposed to be.\nIt’s not supposed to be high art - it’s supposed to be an icon you see for a\ncouple seconds at most.

","fields":{"slug":"/2021-04-02"},"frontmatter":{"date":"2021/04/02","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Today, running 5KM took a lot out of me. This can be squarely blamed\non a more sedentary lifestyle than is ideal. This doesn’t mean I can’t.\nWe’re all Born to Run in our own ways. Some hypotheses even suggest that\nwe should take that pretty literally.

\n

For example, look at the Rarámuri peoples - 5KM might feel like a lot,\nbut they’re known to long-distance running. Extremely long-distance running.\nUp to 320KM in one session, often over the course of multiple days. That isn’t\neven on flat surfaces, either. It’s through canyon and brush, with rather\nsignificant elevation changes and rough terrain.

\n

What’s more, the Rarámuri also have competitive aspects to their running,\nsuch as the game Rarajipari - a game of kicking and chasing a ball. Even\ncasual games will go on for several miles. However, after some serious\nall-night partying they will do equally serious matches which go on for thirty\nto fourty miles.

\n

While much of that can seem extreme, it’s led many to lean into the\nEndurance running hypothesis - that certain human characteristics can be\nexplained by our need to run extended distances. Sure, it’s just a hypothesis,\nand there’s definitely some areas where it falters - but it’s interesting\nnonetheless.

\n

For example - we have shorter toes than other primates. For grasping, this\nmakes us greatly inferior. We lost overall strength and gripping capabilities.\nWith such short toes, how am I supposed to hang from the monkey bars with just\nmy toes? However, shorter toes mean less mechanical work is needed to support\nweight. Less exertion is put on the joints, and we can support 75% of our body\nweight on just our toes. In running, this is incredibly important - as we often\nwill end up landing on our toes - and those longer toes would cause injuries.

\n

What does it all mean, though? Well, you might not run 300KM in a single go\ntoday - but I’m sure 5KM is a good start on it.

","fields":{"slug":"/2021-04-01"},"frontmatter":{"date":"2021/04/01","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

;l;;gmlxzssaw

","fields":{"slug":"/2021-03-30"},"frontmatter":{"date":"2021/03/30","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The Suez canal is clear again.

\n

Hackernews was suggesting a wide array of possible solutions.

\n

You can vibrate the sand with the right resonance to “liquefy” the sand\nallowing for easier passage - similar to concrete.

\n

You can use heavy-lift helicopters to unload the shipping containers\nto.. somewhere. An empty shipping container is 4 tons. A fully-loaded\ncontainer is 33.5 tons. The Mi-26 is the largest and most powerful\nhelicopter to go into serial production and it can only lift 14.5 tons.\nThis would be roughly 60-240 minutes per container to offload, assuming\nthe helicopters don’t have failures. At a 20k ton load that puts us at\n175 days, give or take to unload the ship.

\n

You could cut through the ship - it’s been done before. It’d be a huge\nloss for ths shipping company, though. It’d also take many months, and\nwould likely destroy all of the cargo.

\n

You could do what they do with beached whales - just blow it up. Evaporate\nit with an ICBM. Let’s ignore various nuclear arms treaties and ecological\nissues involved. LGM-118 Peacekeeper is armed with a 300 kiloton\nW87 warhead. Unfortunately, the Ever Given is just too big. It would not\nbe completely destroyed as the fireball is only 320 meters and various\nleftover scrap metal would be all over the place. Upgrading to something\nthat would make the UN sweat a little, though, and we could probably\ncreate a big enough crater to allow for U-turns.

\n

My favorite, though… is to just explode a medium sized nuke under the ship.\nThen another. Then another. Just keep exploding nukes until it’s sailing\noff into the cosmos. We’d have accomplished Project Orion.\nOpen up the Suez canal and ship goods to Mars in one fell swoop!

\n

In the end, the Suez canal was cleared by high tide, dredging the canal,\nand a bunch of tug boats. Keep it Simple.

","fields":{"slug":"/2021-03-29"},"frontmatter":{"date":"2021/03/29","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

While Ireland’s Gaeilge is the national and official language of the Republic of Ireland,\nmany regions of Ireland speak a dialect of English: Hiberno-English, or Irish English.\nEven within this dialect there’s a number of differences regionally, which have developed\nover hundreds of years.

\n

English has been pushing out Gaeilge in Ireland for centuries. Originally brought\nto Ireland in the 12th century via the Norman Invasion, the Tudor conquest\nled to English speaking immigrants flooding Ireland, and a general suppresion of\nthe Irish language. More recently, only 4% of surveyed Irish speakers\nspeak Gaelige in their daily life. Otherwise, English is the predominant language\nof the land.

\n

While the English attempted suppress anything other than the traditional\nEnglish at the time, there’s been a number of differences that have grown to\nmake Irish English unique across the gamut - grammar, vocabulary, and phonetics,\nMuch of this is holdover from Gaelige, which makes it doubly interesting.

\n

One particularly interesting grammatical difference is that “yes” and “no” are\nfar less frequently used. For example, “You speak with an Irish dialect?” would\nbe responded with “I do” instead of “Yes”. Much of this is due to\nthe Irish language lacking “yes” or “no” as vocabulary. Instead,\nthe verb is negated and responded with.

\n

Hiberno-English pulls a number of words from Gaeilge as loan-words, as well\nas some that are merely derived from the national language. “Sláinte!” is\none that you might hear in a pub, meaning “(To your) Health!” And if you’re\nnervous, you might “fooster” - to fidget - derived from the Gaeilge word\n“Fústar”. In other cases, Hiberno-English has vocabulary that is less\nclearly historied - such as when you’ve really broken something? It’s\n“banjaxed”.

\n

The phonology of Hiberno-English is probably what differs the most between\nthe regions. I’ll be frank - I’m not a phonetics expert, and every paper\nI’ve read on this really goes all out on that. A few examples, however,\nare words like “kite” that to American ears would sound like “koyt”,\n“mouth” which would be closer to “meh-ooth” or “maith”, and\n“about” would be close to “a boat”.

\n

Now don’t be a lúdramán, and give céad míle fáilte when yer with the Irish, will you?\nThey do be thinking yer an eejit if ya talk like this, yeah?

","fields":{"slug":"/2021-03-19"},"frontmatter":{"date":"2021/03/19","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Thank you for subscribing to Cat Facts.

\n

Cats recognize our voices but don’t care.

\n

Cats get separation anxiety but handle that by peeing on all of your stuff.

\n

Cats don’t mind if someone’s mean to you.

\n

It’s not that they’re awful in any way - it’s just their nature.

\n

<To cancel Daily Cat Facts, reply ‘STOP’>

","fields":{"slug":"/2021-03-18"},"frontmatter":{"date":"2021/03/18","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Last year Gregg Tavares posted about Github’s permission model,\nfrustrated with how it blindly grants the ability to request data from users\nto anyone that asks for the permissions. Yesterday it was trending on\nHackernews. I think from a privacy standpoint it’s an interesting read.\nSomething they touched on, however, gave me that weird gut feeling…

\n
\n

Let’s imagine your bank let you sign in to 3rd party services in a similar\nmanner. How many people would click through on “Let ACME corp act on your\nbehalf on your Citibank Account”. I think most people would be super scared\nof permissions like that. Instead they’d want very specific permission\nlike, only permission to deposit money, or only permission to read the\nbalance, or only permission to read transactions, etc…

\n
\n

Oh, you sweet summer child. Oh, no, no, no. It’s much worse when it comes\nto banking.

\n

Enter Plaid.

\n

You might know Plaid because their Visa acquisiton was recently blocked.

\n

Plaid operates as an “in-between” for their customers to allow end-users\nto sign into banks - surfacing information about account numbers,\nrouting numbers, current balance, recent transactions, and other related\nbanking information.

\n

Cool, right?

\n

Well, let’s pull apart how that works. Let’s take Venmo as an example.\nVenmo embeds Plaid’s SDK. A user will want to link their bank account to\nVenmo. The SDK interacts with and then Plaid performs a\nMan in the Middle attack on the end-user. Within an app (not the bank’s)\napp, Plaid’s embeddable code will simulate a fake bank login, collect\ncredentials - including many 2FA - and then falsify a login as if they were\nan end user. At this point they scrape all data they can get access to,\nstoring it all in their servers. This is how their customers, like Venmo,\nwould be able to verify you own your account and can peek at your account\nbalance to verify you have funds to pay for that\npizza / rent / drugs / fantasy football.

\n

Plaid’s codebase itself has a distinct issue, too. The underlying code for\ntheir scrapers are thousands upon thousands of Python files that connect\ntogether like spaghetti. Updates get patched in at random, so following\nsecurity practices is attempted but… it’s a moving target.

\n

As far as permissioning - it’s nonexistent. Plaid gives every single one of\ntheir customers full access to the accounts of users that authenticated.\nWith Venmo - account verification? Sure! Account balance? Uh.. weird, but\nokay. Loan status? Credit card statements? Transactions unrelated to Venmo?\nIdentity documentation? Initiate transfers? Uhh.. Why?! For anyone?!!

\n

Is this legal? Well, maybe. That doesn’t stop\nbanks from suing Plaid. This is also not great for consumers because it\nopens up new vectors for threat actors to gain access to accounts and could\nvoid agreements banks have with their customers around fraud.

\n

Lots of financial services apps like Mint also work in this way.

\n

Don’t worry, though, at least we can use alternatives. Like, I’ve heard of\n“Yodlee” to do this, right? Oh…

\n

At the end of the day, services like Plaid provide features that users want.

\n

Do I think plaid is a security nightmare? Yes.

\n

Can I think of a reasonable alternative for their features? No.

","fields":{"slug":"/2021-03-17"},"frontmatter":{"date":"2021/03/17","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Docker announced a Series B raise of $23M today - which is definitely impressive\nfor a company focused around Open-Source, right? Well, maybe. In 2015, Docker\nhad announced a $95M Series D raise of funding at a $1B valuation. Best\nguess was a reset after Mirantis acquired part of the company?

\n

What’s Docker the software? Let’s start with the basics.

\n

Containers. Containers are effectively packaging to create a running process\nwith encapsulation features applied to keep it isolated from when\nrunning on a host computer. Containers as a concept have been around for\ndecades - older examples would be OpenVZ.

\n

Containers are helpful for developing software because they provide portability,\nreproducibility, and isolation. Portability helps you run your app anywhere -\nirregardless of the system you’re running on. Isolation is so that state in\nthe host and state in other Containers won’t impact your app.

\n

This is different from virtual machines that have full virtualization.\nContainers will often utilize OS virtualization & isolation features to\nshare multiple containers safely in one OS - instead of a full VM where the\nOS is duplicated.

\n

That leads to Docker the Software. Docker the software brings container\ntooling, an abstraction layer wrapping multiple Virtualization APIs, and a\nDomain Specific Language for Container Filesystems.

\n

Docker’s “images” include everything needed to start a container - the code or\nbinary, runtimes, dependencies, and any other filesystem objects required.\nDocker images and containers are supported by most of the big cloud providers -\nAMZN AWS, GOOG Cloud, MSFT Azure, Heroku, Glitch, and others. The same docker\nimage can be run across all of them.

\n

But what does Docker Inc do? Docker, Inc primarily develops Docker Hub and\nDocker Desktop at this point in time. Per their blog post about their\nplans for the funding it seems like they’re focusing on improving dev\nexperience, tooling around security, and API development.

\n

I’ve got high hopes for the company into the 2020s. Here’s hoping that this\ntime investor interests are more closely aligned with the direction of the\ncompany. If not, I’m sure we’ll see Docker repeat the past decade again.

","fields":{"slug":"/2021-03-16"},"frontmatter":{"date":"2021/03/16","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Security.txt made the rounds again on HackerNews. It’s a format,\nsimilar to robots.txt for making it clearer how to submit security\nissues to an organization.

\n

In theory, this is great! It’s noted by the DHS as a helpful way for\nresearchers to communicate their findings. At one point, it was required\nfor agencies to have it, but was removed from that draft. Because it’s at a\nnormalized location, it can be found by scraping sites like SHODAN and\nDisclose.io.

\n

In practice, however, some members of the cyber security community find it\nto leads to a poor signal-to-noise ratio.

\n

Some entrepeneurial members of the cybersecurity community will grab the\ndomain lists with security.txt files, fetch the email, run burpsuite or\nmetasploit to get some low effort security issues, and dump it all into\nexcel. For extra credit, then do a mail-merge. Minimal effort, and if\nyou get answers back you ask for a bug bounty.

\n

I don’t think that security.txt on its own will cause this, though. It’s\njust as easy to search for Vulnerability Disclosure Policies and use those as\ninputs for automated security testing. It takes a bit more manual work, but\neven with that you end up with odd security reports now and then.

\n

All of this is to explain how we ended up with the security report for a site\nthat shared the same first two letters of ours instead.

","fields":{"slug":"/2021-03-15"},"frontmatter":{"date":"2021/03/15","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The UK is in talks to depart from using GDPR. This likely means\none of two outcomes - neither of which are positive.

\n

Option A - come up with their own privacy laws. This is iffy and is the path\nthe USA is currently on. You end up with multiple laws that may by chance hit\nsimilar beats but may conflict and make it more difficult to be compliant. In\nthis world, many companies will just ignore the privacy laws in the hopes that\nthey won’t be caught - or that the legal jurisdiction they’re in makes it\ndifficult to litigate.

\n

Option B - roll back everything. This is bad for privacy, consumers, and\ncitizens of the UK but good for businesses. As such, this is the likely path\nforward, given other recent actions taken by parliament.

\n

If we continue to split up privacy laws, I’ve got a bad feeling about the\nfuture of the internet. I could foresee a future where it’s no longer open\nacross country borders and becomes insular within each jurisdiction, sharing\nstamped out by bureaucracy.

","fields":{"slug":"/2021-03-12"},"frontmatter":{"date":"2021/03/12","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Amen Brother by The Winstons is a B-side of The Winston’s 1969 single\n“Color Him Father”. The A-side song - “Color Him Father” - won a Grammy Award\nfor Best R&B song in 1970 - but the B-side… the B-side has been heard by\nso many more people. Not in its entirety, mind you, but in the seven second\ndrum solo from 1 minute and 26 seconds to 1 minute and 33 seconds.

\n

This is the “Amen Break”.

\n

The drum solo, performed by Greg Coleman, was initially just meant to fill time.\nIt caught the attention of DJs almost two decades later in the hip-hop scene.\nThey found that if you slowed it down from 135BPM to about 90BPM it became the\nperfect canvas for laid back rappers to create on.

\n

Unfortunately, Coleman was unlikely to have become aware of the impact he had\non the world. George Coleman died in 2006, homeless and destitute. However,\nhis drum solo is immortal and has shaped modern music as we know it.

\n

There’s thousands upon thousands of songs that use the Amen Break, but I’ll\nleave you with a few I’m fond of.

\n","fields":{"slug":"/2021-03-11"},"frontmatter":{"date":"2021/03/11","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Oh no! OVH had a small datacenter fire which affected their SBG datacenter.\nThis is not that uncommon of a problem for a datacenter. That’s why you should\nalways have a Disaster Recovery Plan if your data is invaluable - beyond\nreliance on fire suppression systems.

\n

Fire suppression in datacenters pose an interesting problem. When you have\nso many things that can’t get wet and are incredibly expensive to replace\nyou can’t use sprinklers, and any residue could be heavily damaging\nto the equipment as well.

\n

Bromotrifluoromethane, or Halon, was developed in the 1950s as a\ngaseous fire suppression agent for use with valuable materials - such\nas computers and telecommunications systems. In the mid-90s we stopped\nusing Halon because it is incredibly damaging to the ozone layer and\ncontributes considerably towards global warming. However much damage\nit causes to the planet, it’s relatively safe for humans. While Halon\nmay cause dizziness and tingling in the extremities at the low amounts\nit may be effective at, it is relatively safe to be used in close\nquarters. This is why even now the FAA reccommends it for aircraft!

\n

HFC-227ea is another gaseous fire suppression agent used in data centers.\nGenerally, this is safe for humans at up to 9% concentration, which is the\nmaximum most fire suppression systems would use. It doesn’t deplete the ozone\nlayer but does contribute to climate change in other ways. At incredibly high\nheat, however, it does decompose into hydrogen fluoride - which can cause\nblindness and creates hydrofluoric acid on contact with moisture.

\n

Most fire suppression systems have an alarm before they go off and may\nbe manually prevented. If you’re interested, there’s a simulation video\nvideo which has some obnoxious music but is otherwise accurate. I’ve been part\nof this before in a data center, and it’s not a fun time. I was not inside when\nthe fire suppression activated, thankfully!

\n

Of course, not much of this matters once the datacenter gets to the point\nSGB2 just did. Don’t worry, though! That data center is still\ngreen across the board according to its status page!

","fields":{"slug":"/2021-03-10"},"frontmatter":{"date":"2021/03/10","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Last week I wrote about an American English dialect. Regional dialects are\nincredibly common! Another well known regional dialect is the dialect from\nOsaka, Japan and the surrounding regions - commonly known as the\nKansai dialect, western Japanese, or “Kansai-ben”.

\n

Kansai-ben is usually characterized as being a bit harsher to the ears but\nmore melodic. All of Kansai dialect has an acestor in the Kinai dialect,\nand was considered the national dialect of Japan while Kyoto was the capital.\nHowever, once the capital moved to Edo - now Tokyo - the dialect of that\nregion took hold on the country, now commonly known as Tokyo dialect or\nStandard Japanese. However, using the Kansai dialect is often\na source of pride to people from Kansai, with many being rather attached\nto it.

\n

Kansai-ben used to be the stereotypical villain but now it’s more commonly\nassociated with boisterous personalities in Japanese pop-culture. Because of\nthe shared regional origins, the Kansai-ben is often associated with a\nManzai comedy. Manzai is a type of traditional Japanese stand-up comedy\nbased around a funny man (Tsukommi) and a straight man (Boke) - but more often\nthan not they’ll be speaking with a Kansai dialect.

\n

There are grammatical differences, different words, and a few other differences\nbetween Kansai dialect and Tokyo dialect. The difference I think that’s\nthe most interesting is one that is often more difficult for English speakers:\nPitch Accent. This is one of the quickest ways that non-Kansai dialect\nspeakers will identity Kansa dialect speakers.

\n

I’m not an expert in pitch accent - far from it. If you’re interested in\nlearning more about Pitch Accent, Dogen has a wonderful 10 minute video\nbut the trick to Standard Japanese intonation is to\njust say it flat. Right?

\n

Now it’s time for me to butcher an example. Let’s take “Japan” - ni-ho-n.\nIt has 3 mora - which isn’t quite a syllable but.. close enough. For Tokyo\ndialect, this starts out low pitch, raises, the lowers again. This is called\nthe nakadaka (中高) pattern. For Kansai dialect, though, we start the pitch\nhigh, then are low for rest of the word - known as the atamadaka (頭高) pattern.

\n

Of course, the most important thing you need to know when about Kansai-ben when\nvisiting Osaka?

\n

When asked:\n「儲かりまっかぁ?」 (Mokari makka?)

\n

Respond with:\n「ぼちぼちでんなぁー。たこ焼きとビールが必要や。」 (Bochi bochi, denna. Takoyaki to biru ga hitsuyoya.)

","fields":{"slug":"/2021-03-09"},"frontmatter":{"date":"2021/03/09","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

I read a really interesting medium post by Piotr Migdal about\nprocrastination. In particular, it reframes the issue of procratination\nfrom being a productivity problem into what else it could be: an\nemotional management problem.

\n

Timothy Pychyl writes about this in Psychology Today summarizing a few\nstudies. We’re conditioned to not enjoy bad outcomes and often that is\nexhibited by enacting our emotion-coping mechanisms - fight, flight, or freeze.\nAnxious about something? Easy. Just don’t do it. Procrastination and\ngiving up a bit of self control is a form of mood repair.

\n

There’s a bit of truth in there and it’s something good to introspect about.\nFight, flight, or freeze has been a part of our instinctual responses for a\nlong time. It served us very well in the past and can today as well. Flat out\nrejecting this and fighting it as a time management issue may be burying other\nproblems and exacerbating it long term. Some theories point at one cause of\ndepression being another outlet of the freeze response - a biological\ndefense mechanism to trauma perceived by our autonomic nervous system.

\n

Introspection on how you’re feeling the next time you feel that need to get\naway from it all (by cleaning or watching netflix) might be more effective than\ntomato timers or to-do lists.

","fields":{"slug":"/2021-03-08"},"frontmatter":{"date":"2021/03/08","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Google made a statement a few days ago that they’re\nnot building new ways to track individuals across the web for targeted ads.

\n

The optimist in me wants to say that they heard the message from\nconsumers that it’s not wanted, and that targeted ads just aren’t\nmaking the money that they used to. People are wisening up\nand don’t click ads. Or people are intentionally sending bad data.

\n

The realist in me says they have something else, like FLoC, that they’ve\nshown works. Something even more privacy-invasive. Something that locks\ncompetitors out. Something that is more predatory.

\n

I’m sure I have nothing to worry about. Google won’t be evil.

","fields":{"slug":"/2021-03-05"},"frontmatter":{"date":"2021/03/05","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The Cephalopod - squid, octopus, nautilus, and cuttlefish - are both adorable\nand incredibly intelligent. Within the first hour of their life, they\nstart foraging and camoflauging.

\n

Recent studies have shown that they also possess the capacity for\nexerting self control. This is commonly known as the\nStanford marshmallow experiment, a study on delayed gratification.

\n

This does bring into question animal intelligence and conciousness.\nUrbanization means people spend less time with other animals. We interact\nwith a smaller variety of animals and thus can see much less varied expressions\nof intelligence from them.

\n

Dr. David Scheel raised a Day Octopus in his home, documenting the\nexperience. The Scheel family named her Heidi. Heidi was able to show\nrecognition of faces, solved puzzles, and built relationships with members\nof the Scheel family. Of this, Scheel noted:

\n
\n

I am less intrigued by the differences and more interested in our\nsimilarities. What kind of a connection is possible with an animal that has\nthree hearts and blue blood running through its veins? It’s been a privilege\nto have a relationship with such a strange and wonderful creature.

\n
\n

It could be that we aren’t smart enough to judge how smart animals are.\nThe Octopus followed a different evolutionary path than we did. As such, the\nexpressions of intelligence they have could just be poorly understood by us.\nJust because we excel in a larger number of areas on average doesn’t mean that\nsome animals can do better than some people in specific tasks.

\n

From Slashdot:

\n
\n

Back in the 1980s, Yosemite National Park was having a serious problem\nwith bears: They would wander into campgrounds and break into the garbage\nbins.

\n

This put both bears and people at risk. So the Park Service started\ninstalling armored garbage cans that were tricky to open — you had to\nswing a latch, align two bits of handle, that sort of thing.

\n

But it turns out it’s actually quite tricky to get the design of these cans\njust right. Make it too complex and people can’t get them open to put away\ntheir garbage in the first place.

\n

Said one park ranger, “There is considerable overlap between the intelligence\nof the smartest bears and the dumbest tourists.”

\n
\n

Perhaps the entire marshmallow test is flawed. It purports that cuttlefish\nshow intelligence normally seen in toddlers. Maybe cuttlefish are just able to\nshow intelligence in one aspect that is similar to toddlers. Or maybe\ncuttlefish aren’t that smart - maybe babies are just stupid.

","fields":{"slug":"/2021-03-04"},"frontmatter":{"date":"2021/03/04","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The “far right” social media platform, Gab, was\nbreached sometime last month and had public messages, private messages\nand password hashes leaked on March 1st.

\n

Let’s ignore the… uh… unprofessional (to put it lightly) statement the\nfounder made and how they responded to this event in general. It’s not worth\nunpacking all of that. It really isn’t. I promise you.

\n

Instead, let’s chat about how this happened. It’s pretty simple.

\n

The site in question had a commit from the Gab CTO which migrated a\nspecific SQL query away from the library abstraction SQL and into raw SQL -\nthe query language used to interact more directly with their database.\nThis is often done because a custom SQL query can often be used to greatly\nimprove performance.

\n

However…

\n

As part of this, they used string interpolation do craft the query. String\ninterpolation is kinda like saying VARIABLE_U is james and I want to\ninterpolate that into SELECT * FROM user WHERE username = '$VARIABLE_U' so\nthat I end up with the final string of SELECT * FROM WHERE username = 'james'.

\n

Simple, right?

\n

This way of crafting SQL can fail because of what is known as\nSQL Injection. In our example, what if VARIABLE_U was coming from an\ninput field on a website? In that case, a user could type whatever they wanted\ninto that field.

\n

If a user was to type in ' OR 'a' = 'a, the final string would then look\nsomething like SELECT * FROM user WHERE username = '' OR 'a' = 'a'.\nInstead of limiting to a single username value, we’d instead retrieve any\nusers.

\n

This can be elaborated on to do even more - such as with\nBlind SQL Injection techniques.

\n

How should they instead of handled this? By using the library to “bind”\nparameters. Ruby on Rails supports this in the function used by the\nchange that caused the breach.

\n

In our example, we could instead write the query as\nSELECT * FROM user WHERE username = ? and then tell the library to bind\nVARIABLE_U to the first numbered parameter. No string interpolation would\nbe performed, and with most databases the query would be sent over completely\nseparate from the bound parameters!

\n

This should have been caught in code review. I mean.. if they do code\nreview, right?

","fields":{"slug":"/2021-03-03"},"frontmatter":{"date":"2021/03/03","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Regional Dialects are something of an interesting topic for me. It’s not just\nan indicator of your originating geography but also the cultural upbringing\nyou had. Over the next few weeks I’ll be picking out a few different\nlanguage dialects to both learn about and write about.

\n

To start with, a dialect that’s near and dear to me: Appalachian English,\nalso known as Smoky Mountain English or Southern Mountain English. This is\nthe dialect that’s most often attributed to the inland Southern United States\nand has many features of 18th-century colonial English. I’d often encounter\nthis dialect with my family in Kentucky, Tennessee, and West Viriginia.

\n

Some of the words I’ve picked up over time that I can think of:

\n
    \n
  • afeared - to be afraid
    • \n
  • buggy - a shopping cart
    • \n
  • britches - pants
    • \n
  • crick - this may be either a stiffness of joints in the body or a creek
    • \n
  • fixin - this can also be a few things - either to say something is soon to\nhappen, or a portion of food
    • \n
  • holler - the steep valley between two hills, because you can “holler”\nacross to the other side
    • \n
  • plumb - completely
    • \n
  • reckon - suppose
    • \n
  • skifting - a dusting, usually of snow on the ground
    • \n
  • sody-pop - carbonated beverages
    • \n
  • spell - either a duration of time or the state of being lightheaded
    • \n
  • yonder - somewhere distant, away from where we are currently
    • \n
\n

Appalachian English has many other archaic phrases, words, and prefixes.
\nMost of the above fall into that - either from older English words like\nbreetches or the a- (such as afeared or a-haunted) prefix which comes\nfrom Early Middle English. right can also be used with adjectives and\nadverbs such as right fine or right quick.

\n

Southern drawl is also an important aspect of this dialect. Sourthern Drawl -\nconsidered different from the Southern twang - is a common\npattern in how the vowels are prolonged making the speech sound slower.\nTo many, this leads to the incorrect assumption that\nan individual with a drawl is uneducated or dim-witted.\nPart of this is from a lack of exposure to Southern accents - people that\ndon’t hear it can immediately hear the other-ness. However, even people that\ngrow up with the accent are told that a Southern accent is “wrong” via\npop-culture and media. How many celebrities speak with a Southern drawl?

\n

Dialects like this might sound strange to people that aren’t part of them.\nHowever, to those that are within that dialect outsiders without it sound\nforeign. To quote my cousins in regards to my differing dialect,\n“Yew talk real funny! Y’all spake all fast-like. Yer a yankee from up\nyonder, aintcha?”

","fields":{"slug":"/2021-03-02"},"frontmatter":{"date":"2021/03/02","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Social engineering is one of the most difficult attack vectors to detect. It’s\nalso one of the oldest technqiues in the espionage handbook. Most of the time\nin this day and age it’s implemented as spear-phishing or in other ways via\nemail. That’s when you aren’t dealing with highly motivated nation-state\nactors where money and time becomes less of a problem.

\n

Let’s think like a threat actor for a moment. Who’s going to look the most\nthreatening to an employee? The other, of course. Someone outside the company.\nThat’s why spear-phishing can be so successful - you purport to be someone\ntrusted. Someone that’s a part of the company. However, that leaves tech in\nthe way. That makes it easier to detect, right?

\n

So then.. let’s pivot. How can we become someone trustworthy? Well… What\nif we only needed to fool one employee - someone that wouldn’t expect it -\nand use that to get a foot-hold? How about.. HR. HR gets a candidate. On\npaper, they’re perfect. They came from top schools, they know your stack,\nthe teams that interview them are gung-ho, their references are all gushing\nabout how amazing this individual is. And that’s exactly how we get someone\non the inside.

\n

Sound too outlandish? It has happened many times - even in recent years.\nAlexey Karetnikov had joined Microsoft as a QA engineer in 2010.\nIt was purported that he was there to capture intelligence for the Russian\nintelligence agencies. He was on the sloppier side and was tracked by the\nUS intelligence agencies as soon as he set foot in the US. He was deported\nover charges of immigration violations.

\n

The current FBI Director, Christopher Wray, spoke about this as well.\nIn 2020, the Boston FBI field office arrested a researcher that was smuggling\nvials of biological research back to the Chinese government.

\n

When someone’s as motivated as these folks are and have the backing of a\nnation state nearly anything is possible. These are just the cases we hear\nabout, too. Jack Barsky is a more famous example of someone that had\nbeen a spy for the KGB in New York City for 10 years.

\n

In espionage, reality is often more outlandish than even fiction.

","fields":{"slug":"/2021-03-01"},"frontmatter":{"date":"2021/03/01","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

There are people that claim they can tell you where water is via a dowsing rod.\nWater finding. Water witching. Water Divination. I’m gonna spoil it for you:\nit’s hogwash.

\n

Dowsing has been a pseudoscience employed since the 1500s, and it was\njust as useless then as it is now. Traditionally the way it works is that\nyou take a forked twig, hold it in front of you, and it’ll make small\nmovements towards what you’re trying to find.

\n

The small movements are said to be magnetic ion something something by\ndivinators. Those small movements are known as the Ideomotor phenomenon.\nIt’s where a mental image or a thought bring on a reflexive muscular action\noutside of conscious knowledge. It’s the same effect that you’ll see with\nother “precognition-lite” techniques like Ouija boards, automatic writing, and\nfacilitated communication. (Sorry if I’ve dunked on your preferred\npseudoscience, happy for you to tell me how I’m wrong.)

\n

It’s been tested again and again and show that it’s a whole bunch of baloney.\nWhile the 1990 study by Hans-Dieter Betz concludes that it works,\nbut statistical analysis by J. T. Enright in 1995 finds that\nout of 500 dowsers even the best of the best were about only 0.4% better than\nrandom chance which could be easily attributed to statistical fluctuation.\nThat’s the most POSITIVE study I can find on it; there’s countless others that\ncall out dowsing as completely fake. Algeria 1943, New Zealand 1948, Britain\n1959, the British Ministry of Defense did one in 1971 - the list goes on and\nevery single one of them show this as a complete farce.

\n

Even today, water dowsing is employed by ten out of the twelve\nwater companies in the UK. Dowsing is considered “tried-and-tested” methods\nof finding water by these companies, if\nTwitter is to be believed.\nReally.

\n

The ADE 651 and GT200 are modern versions of the dowsing rod being sold\nin military applications as late as 2011 and have been found just as effective\nas previous dowsing rods. Read: They’re as good as random chance because\nthat’s all it is. They say they can track drugs, bombs, ivory, and who knows\nwhat else. What’s even more amazing is they’re purported to be powered by the\nuser’s static electricity and they have programmable cards that you have to pay\nextra for because of.. electrostatic magnetic ion … It’s a huge fake and by\n2010 companies of both swindled people out of millions and millions of dollars.\nThis includes the governments of the USA, United Kingdom,\nIraq, Lebanon, Thailand, and Mexico.

\n

The creators of these devices are currently being litigated so thoroughly that\nthey’ll need a dowsing rod to find themselves out of the mess they’re in.

\n

Thing is - if you have other sensory cues, you use your mind, and with the\nobserver expectancy cognitive bias - dowsing really works! At least, it works\nabout as well as me going out into that same field and rolling a D20.

","fields":{"slug":"/2021-02-26"},"frontmatter":{"date":"2021/02/26","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

In the before times, two titans battled out a war in North America - a bitter\nande drawn out war that waged on for decades.

\n

Eventually, the Video Home System overcame the Betamax cassette.\nHome Video consumption became a norm. The Videocassette Recorder was\nfeared by the television industry and heralded by consumers.\nA new way to consume movies and television was born with the VHS.

\n

There was one issue with translating theatrical movies to the small screen:\nHome televisions were 4:3 aspect ratio. This meant that the the screens had\na width of 1.33 times the height unlike the new Cinemascope and other\nWidescreen formats for theatrical releases that became popular after 1960.

\n

Two techniques are available to make the widescreen theatrical releases\nfit on a smaller screen. There’s always letterboxing - which adds black bars\nabove and below the screen. Another technique is Pan and Scan - where\nthe image is translated to better show off the points of interest in the\ncinematography, shaping the film to match the 4:3 through cropping or other\ntechniques. This would be done by an editor and could drastically change\nthe tone of a scene if done poorly. This is why many criticize and refuse\nto release a pan and scan version.

\n

The kind of film that would do well in the “home cinema” also differed\nfrom what would do well in the theater.

\n

In the the theater there is less need to keep the audience’s attention -\nthey were stuck there in the building. At home, you have distractions so a\ndifferent kind of movie can prosper. Comedy movies like Mallrats,\nThe Big Lebowski, and Office Space did ABYSMALLY in the theater but\nfound their footing once they were released on VHS. Some of this is\nattributed to the fact that they can be enjoyed more recreationally and\nsporadically than many other movies that require direct attention.

\n

The Horror film genre The Thing, The Abyss, and “slasher” movies like\nHalloween did extraorgdinarily well on VHS. This could because.. what’s\nscarier than when the monster is.. inside your own house? On the small screen\nit’s harder to see what’s going on but sometimes that adds to the fear.. plus,\nyou can’t see the zipper so easily on the scary demon monster.

\n

There’s also some films that wouldn’t be as popular today if it weren’t for\nhome video - such as Labyrinth, Blade Runner,\nor Big Trouble in Little China. These three did not do well in the box\noffice but sold well on home video. A good thing, too - they’re all fantastic\nfilms and it’s a good thing they weren’t forgotten.

\n

VHS may be gone - the last VCR was produced in 2016 - but it’s\nstill in our collective pop-culture memory. You get the same gritty effects\nused all over videos online - giving a bit of realism that it’s a “found”\ntape. There’s even an anthology Horror series called V/H/S which uses the\nthe look of VHS tapes to hide all of the imperfections of CGI to great effect.

\n

Myself? I just remember the joy of being able to watch Star Wars\nin the warmth of my pajamas on Saturday while eating some cereal.

","fields":{"slug":"/2021-02-25"},"frontmatter":{"date":"2021/02/25","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Having not gone to any conferences, conventions, or the like for a while\na quora post caught my eye being shared in discord.

\n

A ways back I’d have collected all the swag I could. Heck, I only wore shirts\nthat were swag because they were free. It was great because I wouldn’t have\nto pay for them and they were decently high quality!

\n

Now a days, I don’t really want that stuff. The last conference I went to I even\nwon a new computer monitor (thanks, I guess, Asus?) which I promptly gave\nto a friend because I already have a monitor and didn’t want to bring it back\non a train.

\n

Getting swag can be exciting - except for when I have 10 venmo hoodies, 4 Wayfair\nhoodies, 2 jackets that are branded elsewhere, and now more socks than I know what\nto do with. It’s just not much of a marketing channel for me anymore.

\n

I say that - but then came the time when I spoke with the Pokemon Company.\nThey give out nice shirts that were exclusive, high quality, and from a brand that\nI have an affinity for.

\n

So, exclusive, high quality, and engaging brands. They don’t really even\nneed to market to me, but do. So why is it that companies spend billions\non low quality garbage to give out at conferences? Do we need more\ntiny and useless thumb drives, pop-sockets, or totes? (They shouldn’t.)

\n

For companies giving out swag to employees there’s now entire companies devoted\nto creating these - like SwagUp. This is a little more interesting as\nan employee but…

\n

I’d rather just get snacks, experiences, or other things that I can\nconsume rather than more things that’ll probably end up in a landfill.

","fields":{"slug":"/2021-02-24"},"frontmatter":{"date":"2021/02/24","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The ongoing pandemic has led to everyone feeling a little disconnected\nfrom one-another. It’s no surprise that we crave human interaction\nwhen we can’t see one another! However, Zoom just feels too… meeting-ish.\nCommunities don’t really form around Zoom. I think that’s why folks are\nturning to more “video game”-like aspects to break the physical distances\nbetween us.

\n

When we’re meeting in person, we’re usually limited by physics. This is\nsomething we’re really used to. You can only have so many people in a room,\nyou can’t really hear folks outside of a short distance away, and you know\nwhen someone is talking to you because they are usually giving you their\nattention.

\n

So - simulating those physical limitations has been seen in a few products\n(games? tools? communication devices?) that’ve been dropping. I’d first\nseen something like this at the Recurse Center - they have Virtual RC & it’s\nreally neat! It’s like being in the RC space but you’re represented by just\na little avatar version of your face. I think there’s a few other ways that\nthis can work - and products show that’s the case as well.

\n

Skittish is one of these - and I saw it on the front page of Hacker\nNews. You get an avatar that’s a Raccoon or an Owl or a snake - and you\nhang out in a virtual space, watch videos together, all that. It’s neat,\nbut definitely limited in what it can do.

\n

Gather.town is a bit older, and if I remember correctly had Pokemon\nsprites to begin with, way back. A few college students tossed it together\nand put it up online & it grew like wildfire.

\n

To go a bit more realistic, there’s Hub by Mozilla. This is available\nvia VR and feels much more video-gamey than the others. You can easily modify\nthe space you’re in and customize it together with other people. I’ve seen\na number of other examples like this - the closest being Rec Room.

\n

There’s still Second Life and Second Life has been around.. forever.\nThing is… Second Life gets weird. Real weird. Let’s not think about that\ntoo much.

\n

I think there’s always a want for Human connection, though. It doesn’t even\nhave to be instant. Sometimes you just want to listen to some chilled out\nmusic and write letters to people via a deer postman.\nKind Words (lo fi chill beats to write to) gives you that experience.\nKind Words is about writing nice letters and reading nice letters from other\npeople. It makes you feel much better inside than many other interactions.

\n

To be honest? I think we need less Zoom and we need more Kind Words\nin the world.

","fields":{"slug":"/2021-02-23"},"frontmatter":{"date":"2021/02/23","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

There were two posts on the front page of Hacker News yesterday -\nChoose Boring Technology and Choose Exciting Technology.\nBoth make are great points and are compelling on their own, but they’re\ncompletely at odds with one another.

\n

Boring Technology gives examples like PHP, Postgres, Java, and all other\nsorts of technology that’s been around for a while and is.. well.. not as\nnew and shiny. Battle-tested technology. Things that everyone on the team\nknows. The argument for boring technology is generally that you won’t\nget anything that surprises you.

\n

Exciting Technology is … uh.. okay, so bear with me: the examples given\nare Cassandra (at least 12 years old), MongoDB (>11 years),\nClojure (>14 years), and NodeJS (..let’s not touch that). For the sake of\nsimplicity, let’s say Exciting Technology is technology that an\nengineer is less familiar with and as such cannot for certain say\nthat it will solve the issues they currently have - but there are\nsome shiny new features that they really like!

\n

Let’s … not talk touch on my personal experiences with Cassandra, Mongo,\nand the like. Let’s not touch on the issues that seemed to be the case\nat Etsy’s SRE & maintenance of servers. Let’s not even touch on all the\nfighting going on in the HN comments.

\n

Instead, I think it’s interesting to talk about the kinds of people\nthat do this because I don’t think that either of these articles will\nchange people’s minds.

\n

Managing Humans by Michael Lopp is a book that’s not just about\nmanaging humans. In it he writes about engineering culture, different\npersonalities you might find, and communication skills. Things that are\nsometimes considered tangential to management (but are very important!)

\n

The chapter “Stables and Volatiles” details two archetypes that you’ll\ncommonly see within engineering cultures.

\n

Stables are engineers that happily work within a set of confines - even\nappreciating these confines such as direction and deadlines. They assess\nrisk, carefully mitigate failure, and aim for predictable outcomes.

\n

Volatiles will show up, stomp on everything that exists, and leave a trail\nof disruption in their wake. However, when they build.. they sure build a LOT.\nIn some cases, what they make will be novel and would not have occurred\notherwise.

\n

Stables and Volatiles are at odds with one another. They do not get along\non everything but a team with both can be incredibly successful - even if\nthere’s a bit of conflict along the way. Volatiles become stables,\nand sometime stables become volatiles, and neither is really good or bad.\nThey just are.

\n

These archetypes are applicable to the argument about boring versus exciting\ntechnology. Stables will more likely than not choose the familiar.\nVolatiles will sometimes choose the foreign. Neither is right or wrong -\nat least not intrinsically. Instead, it’s gotta be a balance and you’ve\ngot to use the right tool for the right job.

\n

If you lean too far towards boring technology nothing will be pushed forward.\nIf you lean too far towards the exciting you’ll end up with a backend written\nin Little using a home-grown database written in Haskell. That..\ndoes sound pretty exciting, though, doesn’t it?

","fields":{"slug":"/2021-02-22"},"frontmatter":{"date":"2021/02/22","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

There’s a nifty new Electron alternative called Tauri which purports\nto be more memory efficient than Electron! Competition is awesome!

\n

Tauri is written in Rust and utilizes a webview instead of bundling\nthe entire Chrome browser within it.

\n

Using a webview isn’t a particularly new idea - DeskGap, Electrino,\nNeutralino, and others. On Linux, this works pretty okay! You get a\nwebkit rendering engine (of an unknown version). On MacOS you get\nthe Safari flavor of webkit. On Windows 7 you often get IE11 which..\nyikes. Then on earlier Windows 10 you get the old non-Webkit Edge,\nnewer versions mostly get Webkit Edge. It’s.. a little all over.

\n

The big thing that Electron brings is that you know exactly what version\nof Webkit you’re building against and can cut down on the pain you\nfeel when testing.

\n

The other thing is that Electron has a lot of batteries already included\nand while Tauri has a lot of features in the works - they just aren’t\nthere yet! However, the roadmap looks great and who knows -\nmaybe it’d really hit that right balance between performance\nand features without having to write a native app version.

\n

I dunno, though, I feel that Electron being resource hungry isn’t the\nend of the world. For the most part, you can cut down on memory in\nElectron in the same way you would a standard web app on Chrome -\nthrough profiling and optimization.

","fields":{"slug":"/2021-02-20"},"frontmatter":{"date":"2021/02/20","time":"00:00 UTC","title":null}}},{"node":{"html":"

\n \n

\n

The Perseverance rover confirmed a successful touchdown yesterday,\nFebruary 19th at ~3:55PM EST. The mission is one of the most ambitious\nwe’ve sent to the red planet - but not just because of the rover\n(which, itself, is the most complex and featured rover we’ve sent).

\n

The EDL (Entry, Descent, and Landing) platform was also for more advanced\nthan any other we’d sent - with the descent into the Martian atmosphere\nbeing yet another part of the experiment. The ablative heat shielding\ncovered the bottom of the capsule - with a type of plating covering it\nwhich upon heating would vaporize and be carried away from the\nPerseverance capsule.

\n

The Perseverance also carried 661lbs of tungsten weights. However, just\nbecause they’re dead weight doesn’t mean they won’t serve a purpose.

\n

Two 165 pound blocks of tungsten kept Perseverance in a stable and balanced\nspin on its journey from Earth. This prevented any one side of the capsule\nfrom getting too hot. These are jettisoned 900 miles or so above Mars as\nthey’d no longer be needed. Waste not, though. These two tungsten blocks\nwill slam into the surface of Mars at 9,000 mph or so and is\npart of a very vital experiment. The InSight lander has a\nseismometer and even at 2000 miles away it’ll be listening for Perseverance\nknocking with these tungsten payloads.

\n

Removing those two tungsten blocks is an important part of the entry phase\nbecause while balance is required during the journey, the entry requires\ndebalancing. Because one side of the capsule is heavier than the other\nthe entry angle will be at 16°. This leads to a slight amount of lift\nexperienced by the craft, allowing the descent to be controlled via\nRCS (Reaction Control System) powered rotation - rotate left to\ncause the lift to push you one way, right to push the other, and go left\nand right consistently to burn off speed. This is all autonomous!

\n

There’s also six 55lb tungsten masses that ensure landing is aligned.\nThese are jettisoned right before firing the parachute and are used to\nensure that the radar will be oriented in the correct direction. While\nthe RCS was fired roughly 2,256 times during atmosphere entry, at this point\nthey aren’t a whole lot of use. These tungsten blocks are jettisoned two at\na time, and will cause the craft to roll into the exact orientation needed\nfor the rest of the descent.

\n

Haven’t heard yet if InSight heard Perseverance’s hello to start a welcome\nparty, but all of this was fantastically interesting to me and I’m always\nsurprised at how much NASA can achieve.

\n

Wanna watch it? They streamed the landing on twitch!\nWhat an amazing future we live in.

","fields":{"slug":"/2021-02-19"},"frontmatter":{"date":"2021/02/19","time":"00:00 UTC","title":null}}},{"node":{"html":"

\n \n

\n

In 2019, the World Health Organization recognized burnout as an occupational phenomenon in the ICD-11.\nHowever, a relatively new article by HBR about burnout points at studies that show the pandemic has\nbeen causing burnout to run rampant since early 2020. “Knowledge workers” are now mostly working remotely -\nlooking at Zoom, for example, they went from 10 million to 200 million active users effectively overnight.

\n

To clarify: Burnout is really just another term for chronic stress causing emotional, mental, and even physical damage.

\n

Lots of companies just look at it as a personal problem. Get better at self-care, do some yoga, use those new-fangled\nmeditation apps. Those might help soothe some of the pains caused by chronic stress, but they don’t get to the\nactual causes of it.

\n

A 2012 Study by Christina Maslach, Michael Leither and Susan Jackson point at the causes\nof burnout to be more organizational than personal. The top cause? Unsustainable workload. Also in there\nis the lack of a supportive community.

\n

If you take a look over the NBER’s working paper on the impact of COVID-19 - what do you see?\nRemote workers on average work 10% more during all of this. People also have more shorter meetings than ever\nbefore. You end up with a heavier workload and sparser, shorter action-oriented meetings - without the same\naffordances given to social interactions unrelated to the work at hand.

\n

The HBR article I’d linked above did a survey of 1500 workers - and found that nearly 90% said that their\nwork life was getting worse, more than half said their work was becoming more demanding, and half felt that\nthey couldn’t maintain a strong connection with their friends.

\n

This isn’t really a new phenomenon, either. Some CEOs of public companies have been pushing for 80\nhours a week of work, Uber’s employees were effectively not sleeping,\nAmazon worked people to exhaustion on Easter Sunday and Thanksgiving weekend, and if you\nwant to hear me go off about even my personal experience, just ask me about Venmo’s practices.\nThe superbowl “war room” that literally means being in the office for 24 hours without sleep is\njust the tip of that iceberg.

\n

Really, though - what I’m trying to say is that burnout is very real, very scary, and it’s gotta get\naddressed sometime. I don’t think that time is now, but it’s gotta be soon.

\n

Maybe the 5 hour work day could become the norm. I doubt it though.

","fields":{"slug":"/2021-02-18"},"frontmatter":{"date":"2021/02/18","time":"00:00 UTC","title":null}}},{"node":{"html":"

\n \n

\n

Having lived in Texas for a few years I know a number of Texans right now that\nhave not had power for nearly 48 hours with freezing causing a real terrible\nsituation.

\n

Much of this is caused because Texas has an isolated power grid with 3\ninterconnects to other states and 3 to Mexico - through what is known as ERCOT.\nERCOT was founded in 1970 and covers most of Texas. Much of this was fueled by\na secessionist attitude many Texas lawmakers take, as well as a want to avoid\nfederal regulations. A push to deregulate even more was in the late 90s and\nmuch of ERCOT is powered by an aging and neglected coal and natural gas\ninfrastructure.

\n

I’ve seen a number of talking points saying that this is all because renewable\nenergy such as wind and solar are failing Texas - which isn’t the case.\nNot only do modern wind turbines handle ice and snow through\nsome neat mechanisms, most of the 80% power deficit has to do with the\n[natural gas, coal, and nuclear losing capacity][23. Natural gas pipelines froze, coal\ncouldn’t be shipped, and nuclear plants did not have the abilities to\nprevent the cooling water reservoirs from potentially freezing.

\n

This all ends up hurting the citizens of Texas - where rolling power outages\nturning into several day outages as ERCOT scrambles to make up for the\nshortages. Folks are cold, hungry, and don’t have water.

\n

It’s a bad situation.

","fields":{"slug":"/2021-02-17"},"frontmatter":{"date":"2021/02/17","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Have you ever wanted to make an interface for a program, but\nrealized web just isn’t for you? Don’t want to delve into\nthe madness and incantations needed to utilize new curses?

\n

There’s a new blog post by Will McGugan about his Python library Rich,\nused to create beautiful CLIs. The blog post details some basic\ncreation of dashboards using the various APIs available through Rich.\nHaving written a few things with ncurses, I can safely say that this\nis a much more pleasant experience.

\n

But what about folks over in javascript land? Heck, while I love\nPython I also adore Javascript.

\n

Check out blessed, blessed-contrib, and react-blessed. Blessed is a\nJavascript library to create CLIs, but you’ll notice that the react API\nit has is really game changing. Using a special blessed renderer in React\nyou can create CLI interfaces with the same paradigms as any React 16\napplication. Combine that with the contrib package and you can have real\ntime terminal dashboards that show graphs, maps, spark lines, markdown,\nand even picture rendering.

\n

It’s one thing to show off your cool new graphical web app. It’s another\nentirely to show off your 100% hacker terminal app.

","fields":{"slug":"/2021-02-16"},"frontmatter":{"date":"2021/02/16","time":"00:00 UTC","title":null}}},{"node":{"html":"

\n \n

\n

In Javascript, functions always have variadic arguments. This leads to\nsome performance hits because there always has to be an adapter when\nusing a JIT compilation. The adapter required creating a new frame\nin-between the caller and callee frames.\nCreating a frame is super costly.

\n

On the v8 development website a new blog entry was posted which details\nhow this process works and what they’ve done to dramatically improve\nfunction calls by optimizing this javascript feature.

\n

How’d they solve it? They work through the arguments array backwards\nso they don’t really need to know how many arguments are in the stack,\nbut they can assume that there’s at least the enough arguments to\nsatisfy the parameter count - even if the arguments are undefined.\nThis allows for cutting up the formal parameters and the extra variadic\narguments to pass them to the callee frame in a way that doesn’t require\nextra lookups or an extra frame that will calculate it all.

\n

No more overhead! Super fast!

","fields":{"slug":"/2021-02-15"},"frontmatter":{"date":"2021/02/15","time":"00:00 UTC","title":null}}},{"node":{"html":"

\n \n

\n

There’s something about the fact that I’m taking an at-home class for cooking\nfrom a world-renowned french cuisine Chef that’s feeling like got an\nuncomfortable “rich people things” vibe to it.

\n

It makes me think about a New Yorker article about the “Joylessness of Cooking”.\nIn theory, I love to cook. It’s a way of peering through time and culture to see\nhow different people live and have lived.

\n

Those of us that still have stable incomes can often find far more ingredients\nthan ever before. In New York City there’s Chef Collective seeing even better\nstock because many restaurants have shuttered or are generally seeing fewer\ncustomers. Some restaurants, like Xi’an Famous Foods, have even pivoted to\nselling “kits” instead of doing delivery because their foods don’t work well\nwith delivery.

\n

The article points out a book - How to Cook a Wolf by MFK Fisher. The book\nthrough dealing with shortages and difficulties that existed when cooking during\nWorld War 2. I am so grateful that my life is in a place where the feeling\nof hunger is a choice rather than a fact of life. I picked up a copy of the\nbook. I’m really looking forward to reading it.

\n

In theory, I love to cook. In practice, I’ve been cooking far too often to\ntruly enjoy it. I have always had an extreme respect for my mother and father.\nWe cooked food at home every single day while I was growing up - sometimes\nout of necessity. We didn’t do fast food, and we very rarely ate at\nrestaurants or had takeout. They followed through with that to make sure\nthere was food on the table & dealt with getting children to eat that food.

\n

I really do love cooking - just.. in theory. In practice, I can’t wait to\nmake it an exciting optional activity like this cooking class I’m taking.\nI’ve registered to the wait list for the vaccine and boy am I looking forward\nto that.

","fields":{"slug":"/2021-02-11"},"frontmatter":{"date":"2021/02/11","time":"00:00 UTC","title":null}}}]}},"pageContext":{}},"staticQueryHashes":["63159454"],"slicesMap":{}} \ No newline at end of file +{"componentChunkName":"component---src-pages-on-my-mind-js","path":"/on-my-mind/","result":{"data":{"site":{"siteMetadata":{"title":"DEFINITIVELY NOT JAMES"}},"thoughts":{"edges":[{"node":{"html":"

\n \n

\n

There’s a fantastic set of essays by Cedric Chin about becoming a\ndata driven business. It starts off on a really inspiring\nessay dissecting Goodhart’s law. Most of the essays are focused\naround Amazon and often reference the book that Cedric had helped with:\n“Working Backwards” by Colin Bryar and Bill Carr.

\n

For those that don’t know it, Goodhart’s law is:

\n
\n

When a measure becomes a target, it ceases to be a good measure.

\n
\n

Every measure is a proxy for what you actually want — and is always an\nimperfect proxy for it. Even when you’re using a tape measure you’re not\nquite getting what you want - an exact measurement of a distance. Instead,\nyou’re getting something that’s “close enough” in precision to the real\ndeal that it works fine.

\n

In another essay, Cedric summarized a paper by David Manheim and Scott Garrabrant\nthat breaks down Goodhart’s law into four “flavors”: regressive, extremal,\ncausal, and adversarial. This is reflected in Donald Wheeler’s take on Goodhart’s\nlaw from Understanding Variation:

\n
\n

When people are pressured to meet a target value there are three ways they can proceed:

\n
    \n
  1. They can work to improve the system
    2. \n
  2. They can distort the system
    3. \n
  3. Or they can distort the data
    4. \n
\n
\n

To me, this is a fantastic way to frame Goodhart’s law. Instead of it being a\nproblem declared out into the ether it’s something that can be solutioned against.\nThe solutions would be to make it more difficult to distort the data or the system -\nor you can make it easier to improve the system.

\n

Wheeler notes that this can be seen between the Voice of the Customer - the\nexpectations - and the Voice of the Process - what can be done in the real world.\nFocusing entirely on the Voice of the Customer without understanding the\nVoice of the Process leads to gaming the measurements, inadvertently or not.

\n

The essay series goes into depth on how Amazon has approached this problem - via their\nWeekly Business Review (WBR). The goal of the WBR is to provide flexibility to make\nthe various systems work for them and also to drop measurements that aren’t useful.\nIt promotes iteration and learning, synchronizing leadership rather than promoting\nblindly following numbers.

\n

Proxy measures will always allow for some form of gaming the system. At the same time,\nyou can’t run a business without these kinds of proxy measures. Goodhart’s law isn’t wrong -\nbut instead of approaching it by choosing to avoid measuring, we instead need\nto find solutions to prevent it.

\n

The problem isn’t having targets - it’s failing to reconcile those\ntargets with the real world.

","fields":{"slug":"/2024-10-27"},"frontmatter":{"date":"2024/10/27","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"giphy\"

\n

The whole xz thing is mind boggling.

\n

The story starts two years ago. Lasse Collin is the sole developer maintaining xz\nas a hobby. xz is a linux utility used widely - nearly every installation of linux has it.\nCollin was delighted to start receiving help from JiaT75 - someone named Jia Tan.\nTan kept fixing bugs, opening pull requests, and generally being helpful. Eventually,\nCollin had granted Tan access to commit directly to the repository. They were a trusted\nhelper, after all! Tan then took responsibility of managing releases, helping with various\nsecurity websites interactions with the project, and made life easier for Collin.

\n

This year, Tan helped usher in version 5.6.0 and 5.6.1 of xz. Tan dutifully continued\nto be helpful and encouraged various linux distribution maintainers to include these new\nversions - they had security fixes, of course! Some did, some didn’t. Reviewing the code,\nit was unclear if the security fixes were major enough to warrant updating. This version\nended up in “testing” versions of Debian, Redhat, and Kali linux - but these are large distributions\nused on millions of computers.

\n

By chance, Andre Freund - a linux developer over at Microsoft - became frustrated that their SSH\nclient was taking 500ms longer to connect that day. It wasn’t clear to them why all of a sudden\neverything was half a second slower, and sure: it wasn’t the end of the world by any means but it\nwas ANNOYING. So they dug. They found something that was surprising.

\n

Unfortunately, Jia Tan was not who they claimed to be. Tan was not just a helpful contributor.\nTan was an agent of a nation state with a very specific goal - infiltration. They used their position\nto hide code inside of xz that could be used to execute arbitrary malicious payloads - and then used\ntheir role as security contact to prevent folks from finding it. Version 5.6.0 and 5.6.1 of xz included\nthis code. Nobody noticed - that is, until Andre Freund.

\n

If Andre hadn’t decided to inspect an annoyance this backdoor would have been everywhere. Every bank,\nevery government, most every cell phone. This was all caught because someone didn’t want to wait half a\nsecond longer.

\n

The Lasse Collin is currently suggesting to use an old version that doesn’t have ANY of Jia Tan’s code in it - 5.3.1.

\n

Some real spy stuff, right?

\n

Arstechnica has a more detailed write up, and Lasse Collin has some stuff\nabout it on their site - but they’re currently on vacation and won’t be able\nto do much until they get back.

","fields":{"slug":"/2024-04-02"},"frontmatter":{"date":"2024/04/02","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"giphy\"

\n

Sometimes communication is difficult because you’re trying to express incredibly complex ideas using a complex tool such as language. The English language is ever-evolving and with over 500,000 words in Wiktionary the amount of choice available to you can be overwhelming. Beyond that, the many complex ways it can be combined and misused to form prose adds yet another layer.

\n

However, it doesn’t have to be that way! There are constructed languages (“conlang”) which have much fewer words and are much simpler to understand.

\n

Esperanto is one such language, and with a little over 16,000 words you have to take the complex ideas down to simplify them so that they can be expressed in simpla terms. It’s the most widely spoken constructed language, and was designed with the hopes that the grammar could be komprenita within an hour.

\n

While Esperanto is simple, we can always aim for a simpler crafted language. Klingon is one such language - a language designed for the Klingon people, a race of Suv from the planet Klingon. With at most 4,000 words, the language is heavily skewed towards battle because they are the antagonistic and combative folk in the television show Star Trek - so those are the words they use! Most of their time is spent on the che’ron. The culture of the Klingons are reflected in their language and the restrictions within.

\n

How simple can a language be, while still including the capability of expressing complex ideas? Meet Toki Pona. This language, literally meaning “the language of good”, consists of just 125 words and a relatively simple grammar - taking about 30 hours to be a strong toki of the language. But how does that pali? Toki Pona was designed around a small nanpa of simple near-universal concepts, with more complex concepts achieved through combining them. For example, there’s no words for “friend” or “enemy”, but “jan pona” (person + good) and “jan ike” (person + bad) could stand in for those ijo. Toki wile li pali sina pona, pona jan li pali pana ale. If you’re interested in the language of Toki Pona, there’s a wonderful cheat sheet.

\n\n

https://news.ycombinator.com/item?id=22689959

","fields":{"slug":"/2021-10-27"},"frontmatter":{"date":"2021/10/27","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

A 2015 study explored an interesting phenomenon: People that use\nweb search tools to find data conflate information they find online with their\nown knowledge. This lead to increased self-assessed knowledge and even in\nunknown domains or areas of study - even when trying to answer something,\nsearching, and getting zero results.

\n

Part of this is because learning, knowledge, and memory are closely related.\nThe process by which we shift memories from “short term” to “long term” memory is\nreferred to as consolidation. This process is when we’re most susceptible to\nhaving our memories “rewritten” natrually, as described by Daniella Schiller.\nIt’s possible that search engines have become ubiquitous in our lives\nas a transactive memory partner - we receive information and then quickly\nre-remember the information as being our own.

\n

This isn’t new to the internet, though. Memory and knowledge is not\nexact - mistaking outsourced knowledge for internal knowledge also\nhappens when part of integrated social environments. In a 1995 study,\ncockpit crews often conflated knowledge from another member as their own\nknowledge once it had been communicated to them.

\n

If you’d like to subject yourself similarily to the study & conflate internet information\nwith your own knowledge: Why are there jokers in a deck of cards?

","fields":{"slug":"/2021-09-16"},"frontmatter":{"date":"2021/09/16","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Wardialing is an information reconnaissance technique to find phone numbers of interest within a\nlist. Dial up every number in an area code and listen for modems, fax machines, or bulletin board systems.\nPhone numbers can have a wide variety of systems behind them, but aside from phone books\nthere’s no record of what these might be. Part of that is because the only way to know.. is to call.

\n

Valtteri Lehtinen called nearly 60,000 numbers in Finland to understand the telephone network better.\nThis was done via a VoIP trunk to make simple calls over GSM - cellular connections. Once a call\nwas connected, they recorded 60 seconds of audio for classification then hung up. They tried to\nfocus on only public numbers and ignored any premium numbers that would have run out their calling\ncredits too quickly.

\n

Over the course of 40 days they found that only 3% of calls were answered, and only 70% were interesting.\nThere were only 74 unique and interesting responses. These ranged from machines, faxes,\nand systems for presenting information to callers.

\n

One was a message with the following:

\n
Welcome to the end of the world.\nThere is still some hope left.\nIf you want to be rescued then press 1.\nIf you want to join the zombie army then press 2.\nChoose something quickly, we don't have all day.\n...\nYou have chosen to be a zombie and join the zombie army.\nPlease wait patiently to be bitten.\nPlease do not call again.\nThank you for calling.
","fields":{"slug":"/2021-09-02"},"frontmatter":{"date":"2021/09/02","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n
\n

She knows, now, absolutely, hearing the white noise that is London, that Damien’s theory of jet lag is\ncorrect: that her mortal soul is leagues behind her, being reeled in on some ghostly umbilical down\nthe vanished wake of the plane that brought her here, hundreds of thousands of feet above the Atlantic.\nSouls can’t move that quickly, and are left behind, and must be awaited, upon arrival, like lost luggage

\n

— Pattern Recognition by William Gibson

\n
\n

Jet Lag - as the name might imply - is relatively new for humans. Propeller-driven craft or trains\noften were much slower and didn’t travel as far over between timezones to cause it. Jet-driven airplanes\ntravel such great distances that our circadian rhythm is frequently disrupted - causing disorientation\nand stress.

\n

Traveling west is usually considered to be an easier shift than east. This is because most humans circadian\nclock has an endogenous period that’s slightly greater than 24 hours, and it’s easier to expand that window\nthan to shrink it. In most cases, the 6-9 hour shift East causes the most problems.

\n

There’s lots of “cures” for jet lag but in most it boils down to timing and sleep schedules.\nPush to go to bed at a reasonable bedtime in the target timezone. Time your flight to avoid\nlight when leaving and find light on arrival.

\n

Sometimes, though, you just have to wait for your soul to catch up with your body.

","fields":{"slug":"/2021-09-01"},"frontmatter":{"date":"2021/09/01","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Kanji is exceptionally confusing to me. When looking at the word 森林浴 - “shinrin yoku”,\nI wanted to learn a bit more about these three words that make up the compound word.

\n

To start with, though, let’s look at another word: 木 - “ki”, or in english “tree”.\nIt’s 4 strokes and is a grade 1 / JLPTN4. It’s taught in grade 1 of Japanese schools\nand is part of the Japanese Language Proficiency Test N4. This one’s pretty simple!

\n

So, then 林… 木木, right? This is “hayashi”, and could somewhat be translated to a\nsmall grove or woods. Think a bunch of bushes, a few trees on their own. 8 strokes,\nstill grade 1, but JLPTN3.

\n

森 … okay, so we have THREE 木 now. This is “mori”, translated to a small forest\nor a large wooded area. Imagine a denser greenery - perhaps harder to traverse.\n12 strokes, again grade 1 and JLPTN3.

\n

Put all this together and we have 森林 - “shinrin”. A big forest, like a mountain\ncovered in foliage. If you’re thinking a forest in English, that’s what we’ve got here.\nLots of 木.

\n

浴 is yoku. 10 strokes, Grade 4, and JLPTN2. This one’s a bit tougher.\nIt’s a combination of 氵 (one of the water radicals) and 谷 (“tani”, or valley).

\n

Put it all together and you have 森林浴, a peaceful walk to bask in the forest.

","fields":{"slug":"/2021-08-31"},"frontmatter":{"date":"2021/08/31","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

An article was posted last month about the the dangers of autofill in password managers.\nThe thought is that if there’s Cross Site Scripting (“XSS”) on the page you’re logging in and\nthe password manager helpfully automatically fills in the password you’ll lose your password.

\n

The point attempted by the article is not XSS on the authentication page\nbut instead anywhere. The idea is that you create a fake form that looks like a\nsimple login page, the password manager fills in the credentials and then\ndeletes the form after shipping the credentials off.

\n

So - you get the advantage of a much lower level of effort credential\ncollection approach. This is usually for the security / ease of use tradeoff.\nGot it, though, let’s disable autofill globally - that solves the problem,\nright?

\n

Well.. no. If you have an XSS vulnerability even without a password manager\nit’s already game over - you’ll be losing that password. Change the URL via the\nhistory API to be the correct URL, throw the fake login page out, collect the credential\nthe user types in.

\n

While it’s safer to disable autofill the question brought up is “will people use it?”\nIf the ease of use gets folks to use different passwords between services.. it’s\na security win in my book even if these new vectors are opened.

","fields":{"slug":"/2021-08-24"},"frontmatter":{"date":"2021/08/24","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The Russian Multipurpose Laboratory module “Nauka” docked with the International Space Station\nat 9:29AM Eastern on July 29th. It had an 8 day journey to get to the station.\nNauka is a docking port, a spacewalk airlock, and a whole science facility - the biggest room\nin the International Space Station yet at 13 meters long and a diameter of 4.25 meters.\nNauka launched from Kazakhstan after 14 years of delays.

\n

Celebrations were had after the docking procedure was successful.

\n

3 hours later at 12:59PM Eastern the ISS was passing over Indonesia. Nauka’s autopilot\nwoke up and decided that it was time to take thrust control and leave. Unfortunately, Nauka was\nstill firmly attached to the station. This is not ideal for the crew within the station.

\n

The module started firing its thrusters to position the module for firing its main thruster.\nOutside of radio control from Moscow’s Mission Control, it was unknown that Nauka was firing\nits thrusters. Only once the ISS started to shift orientation from these thrusters did NASA\ndetect it - but within minutes the Flight Director in Houston started attempts to\ncounteract the spin.

\n

At the same time, the station’s automated systems began to note the deviation from norm\nand took action to counter the spin via thrusters on the Russian half of the station.\nHouston Mission Control instructed astronauts to close hatches and windows - preparing\nfor the worst. The ISS was designed to handle this kind of torque - but it was a maneuver\nfar outside normal mission parameters.

\n

44 minutes of thruster action rotated the station one and a half turns about its long-axis.\nBy the time the station entered back into Russian radio contact the thruster had exhausted\nits fuel and was dormant. Moscow Mission Control directed the flight control back to the\nISS from Nauka and sent instructions for the station’s thrusters to return the ISS to\na more desirable orientation.

\n

Work continued as normal after the disaster had been averted.

","fields":{"slug":"/2021-08-11"},"frontmatter":{"date":"2021/08/11","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n
\n

I can open your eyes\nTake you wonder by wonder\nOver sideways and under\nOn a magic carpet ride

\n
\n

How magical is that magic carpet ride, though?

\n

We see prince Ali and Jasmine leave Agrabah on a magic carpet ride.\nJasmine asks if it’s safe and then Aladdin just starts singing.\nOff to a shakey start, but they leave Agrabah, climb 15,000 feet above\nthe clouds. On a few occasions they are thrown off the carpet\nbut it catches them. You know. Safe. 60 seconds later they’re at\nwhat looks like the Great Sphinx of Giza. 15 seconds later they\nare at what looks like the Parthenon in Athens.

\n

The distance from the Sphinx in Giza to the Parthenon in Athens\nis 615 miles across the Mediterranean Sea. To travel this in 15\nseconds that magic carpet ride would be traveling in excess of\n150,000 miles per hour - or roughly Mach 195. This puts them in\nthe same league as a faster than average meteor. Meteors heat up\nboth from air friction as well as the compression of air in front\nof them, and thus it would be safe to believe the magic carpet\nride would have burst into flames as it travels across the sea.

\n

Assuming they decelerate over the course of 3 seconds (perhaps\nwhen Aladdin is saying there’s time to spare) they would have\nexperienced 2200 times the force of gravity. If Aladdin is\naround 120lbs normally (he’s a street rat, after all), his body\nwould have felt like it weighed ~280,000lbs. For reference,\na blue whale is 290,000lbs.

\n

So, per Jasmine’s question, “Is It Safe?”, most certainly not.\nIf it weren’t for the fact that it’s “magic” I wouldn’t trust\nprince Ali with anyone’s safety on that thing.

","fields":{"slug":"/2021-07-29"},"frontmatter":{"date":"2021/07/29","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Fortran added conditional ternary expressions to the language\na few days back. Yes, the language developed in the 1950s.\nIt’s still seeing stable releases every few years, and will continue to\ninto the future. However, Fortan 2018 is far different from the\nlanguage described in the 1956 “Fortran Programmer’s Reference Manual”.

","fields":{"slug":"/2021-07-02"},"frontmatter":{"date":"2021/07/02","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

President Biden signed an Executive Order to improve the\nNation’s Cybersecurity posture. This is a pretty big deal\nbecause it signals to every organization across the\ngovernment that they need to divert funding to implement\nthis order.

\n

This Executive Order covers a pretty wide variety of tasks,\nbut a few things specifically stand out to me:

\n
    \n
  • incorporation of NIST guidelines and standards as part of a playbook
    • \n
  • enforcement of Multi-Factor Authentication everywhere in government
    • \n
  • additional expectations of a Software Bill of Materials
    • \n
  • required movement towards a Zero Trust architecture
    • \n
\n

The NIST guidelines are not that “out there” all things considered.\nHowever, there’s a number of which that most government agencies don’t\nseem to follow. Suggestions against Password expiration and arbitrary\npassword composition rules are high up on that list. Government\nsites also often make it difficult ot use password managers which\nis discouraged by the NIST rules. NIST has a really handy\nFAQ if you’d like the short version.

\n

Multi-factor Authentication is pretty clear in NIST to not\nbe SMS and not be email. This is to be adopted by agencies\nwithin 180 days of the order - and if they can’t adopt it within\nthat time frame they must explain why not every 60 days to\nDHS / CISA / etc. Hopefully, most organizations will choose\nexisting solutions like login.gov to implement this.

\n

Software Bill of Materials is less clear as to what\nit’s really requiring. The executive order does not\ndefine this, but does set in place the requirement\nthat a definition must be published within 60 days\nby the Secretary of Commerce.

\n

Zero-Trust architecture is where there will be a huge\namount of work to be done. This is designing systems in\na way that encourages defense with both public and private\ninteractions of systems. Expect that there’s a potential\nthreat actor that’s breached your network. With that in\nmind, you can’t give full access to just anyone and everything.\nInstead, you have to clearly define access and privileges,\nenforcing controls on who gets what and why.

\n

I’m excited to see an executive order that takes cyber security\nseriously. Thanks to Beau Woods for tipping me off\nabout this, I hadn’t even heard of it!

","fields":{"slug":"/2021-06-16"},"frontmatter":{"date":"2021/06/16","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Fastly had a bit of an incident on June 8th which you might’ve seen.\nThe outage lasted around one hour, but it meant that loads of sites that rely\non their CDN were impacted.

\n

Fastly uses a fork of Varnish 2 that they maintain internally - a general\nHTTP Cache. This is core to a lot of how they do business, but isn’t the only\npiece of software they employ. However, they do give customers access to VCL,\na domain specific programming language to influence the behavior of their caching\nsolution.

\n

Best guess is that someone had included a configuration value that created VCL\nwith undefined behavior which caused the shared infrastructure to crash\nor otherwise stop serving as expected. This is all a guess, of course, because\nthey’re being relatively hush-hush about the exact details of the problem.\n(Makes sense because we don’t really need to know & it’s ~24 hours since\nthe actual problem.)

\n

They did provide a very great blog post and short post-mortem about the\nincident right away, though. For such a large company, that’s quite\nimpressive.

\n

Let’s just hope they don’t have to do that too often.

","fields":{"slug":"/2021-06-09"},"frontmatter":{"date":"2021/06/09","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The playdate is an amazingly interesting exercise in\nthe right marketing, the right UX, the right device, and the right time.

\n

It’s an amazingly whimsical but simple device with\na black and white screen, an itty bitty processor,\nsome buttons, a directional pad, and a crank. Yes, a\ncrank on the side as part of the game input.

\n

This was made with folks over at Teenage Engineering,\nwho are also amazingly good at marketing & UX. I’ve\nhad so much fun with the pocket operators (here’s a video someone else made, not me!) and\nalways want to buy their other devices..

\n

None of these devices are exactly special from a technical sense but it\nis from how it makes you feel. I think that’s what matters.

","fields":{"slug":"/2021-06-08"},"frontmatter":{"date":"2021/06/08","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

I read a wonderful blog post about the opening lines\nof novels and their importance. This is very true! There’s a lot\nto be said of the impact you can have in that first sentence.\nThis applies not just to books - you have a miniscule amount\nof time to leave a good impression and bring people in.

\n

However, there’s quite a bit also to be said about not starting\nwith that opening sentence. You don’t need to get it right\nfirst thing. A terrible book with an amazing initial line\nis just a book that everyone will read and hate.

\n

If you can iterate, you can eventually get that amazing sentence\nthat gets everyone to pick up what you’re selling.

\n

John Swartzwelder, a writer for the simpsons,\ngives advice on the subject:

\n
\n

I do have a trick that makes things easier for me. Since writing\nis very hard and rewriting is comparatively easy and rather fun,\nI always write my scripts all the way through as fast as I can,\nthe first day, if possible, putting in crap jokes and pattern dialogue—\n“Homer, I don’t want you to do that.” “Then I won’t do it.”\nThen the next day, when I get up, the script’s been written.\nIt’s lousy, but it’s a script. The hard part is done. It’s like a\ncrappy little elf has snuck into my office and badly done all my\nwork for me, and then left with a tip of his crappy hat.\nAll I have to do from that point on is fix it. So I’ve taken\na very hard job, writing, and turned it into an easy one,\nrewriting, overnight. I advise all writers to do their\nscripts and other writing this way.

\n

And be sure to send me a small royalty every time you do it.

\n
\n

This, of course, applies beyond just script writing. Software, products,\nwhatever it may be - often, the biggest roadblock you will have is\nthat initial impetus to get things rolling. Once you have something\nit’s much easier to make smaller improvements.

\n

With that in mind, go forth and embrace the crappy little elf that\nbuilds the v0.1 of whatever you’re making. Then, show them\nhow much better you can make it.

","fields":{"slug":"/2021-06-07"},"frontmatter":{"date":"2021/06/07","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

For some reason, any time you see someone in a movie go into space\nwithout a space suit you invariably see them explode, freeze, or\nsomehow boil. None of this is true, but it’s not like the vacuum\nof space is really all that hospitable.

\n

There’s a neat blog post from 2013 that backs me up on this, but\nfor the most part: going out in to space without a space suit\nis inadvisable, just for different reasons. There’s the issue of\nradiation, vacuum, and a distinct lack of oxygen.

\n

Within a few seconds, you’d feel slightly warm, not cold, in space.\nSure, space is cold but there’s very little transfer of temperature.\nThis is because there’s no matter in space to transfer heat via conduction\nor convection. Instead, all you’ve got is thermal radiation.\nThis means either heat will be being radiating to you slowly from\nthe sun or heat will be radiating off of you slowly. You won’t\nbecome a popsicle.

\n

The vacuum of space is dangerous, but not in the same way that you\nwhere people pop like a balloon. Instead, you’ll see some tissue\nswelling from water vapor under the skin, with some pretty gnarly\nbruises. However, this can also end up causing gas bubbles to form\nwithin the bloodstream which can be incredibly deadly.\nAnother issue is that the decompression will cause the air in\nlungs to expand to an extent that could be incredibly dangerous.\nSo, Pro-Tip: Before taking a space walk without a space suit,\nexhale as much as you can.

\n

The vacuum of space means a lack of matter, though. Oxygen\nis matter. Often times, humans need oxygen to survive. This is\nwhere we come into our third problem: you can’t breathe in space,\nand worse, because of the vacuum the lungs actually will REMOVE\noxygen from the blood stream. In under 30 seconds, you will\nstart getting deoxygenated blood to the brain, and it’s lights\nout. Suffice it to say, it’s downhill from there.

\n

So, short version? Don’t go into space without a pressure suit\nand a steady supply of oxygen.

","fields":{"slug":"/2021-06-04"},"frontmatter":{"date":"2021/06/04","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Amazon is starting its acquisition of MGM for a whole lotta cash.\nThis is a bid to try to buy the defeat of Netflix via Amazon Prime streaming\nservices. James Bond, the Addams Family, Stargate, The Lord of the Rings,

\n

There’s a famous anti-trust case, US vs Paramount, which put an end\nto the Hollywood studio system. In the old system we had The Big Five studios -\nwhich included MGM - and they had a 90% ownership over the film market.

\n

The studios had actors that had exclusive contracts, they made films that they owned\nexclusive rights to, and would only release them in theaters owned by the studio.\nThe studios owned the entire vertical and it prevented smaller studios from\nbreaking into the market. They couldn’t get actors. They couldn’t get\ntheir pictures up on screens.

\n

This is all very similar now to the big VOD streaming companies. But hey,\nthere’s legal precedent to prevent history from repeating itself, right?\nWell.. not exactly. On August 7th, 2020, the DOJ reversed the decision\nand added a termination period to the decree. This was heavily opposed by\nindependent movie theater owners. By the time Amazon acquires MGM this\nwill be completely reversed and Amazon will continue to burninate the\ncountryside, gobbling up as much as possible. All it takes is for Amazon\nto buy AMC.

\n

Now we’ll have a new Big Five: Netflix, Youtube, Amazon, Hulu, and Dinsey+ take up 85%\nof the streaming market. Art for Art’s sake, right?

","fields":{"slug":"/2021-05-26"},"frontmatter":{"date":"2021/05/26","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Getting DOOM to run on devices is a bit of a past-time to some folks.\nA recent product hunt offering has a DOOM captcha available.

\n

DOOM can run on a fridge, a pregnancy test, or a printer.\nThis is partially because DOOM was written run on Intel 8086 PCs with limited\nto know graphics processing abilities. Compared to current computing\npower, it requires a miniscule amount of technical capabilities to\nrun - at least compared to software like modern web browsers.

\n

Much of this has to do with how the internals of DOOM works!\nIf you’d like to learn more about that, there’s always the\nGame Engine Black Book on DOOM!

\n

Then you can figure out how to run DOOM in DOOM.

","fields":{"slug":"/2021-05-25"},"frontmatter":{"date":"2021/05/25","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

There are a lot of birds! There’s a recent global abundance study of birds\nwhich puts the estimate of birds at around 50 billion individual birds\nin the world. This is across roughly 9700 different species!

\n

From big birds to little birds, they’re all amazing.

\n

I think the Northern Mockingbird is interesting in particular, though.\nThey’re known to be highly intelligent. If you are just a passerby in their\nnesting area, they’ll usually leave you alone. However, they can recognize\nindividual humans! If you’re commonly near them they’ll remember you and\nhave been known to try to scare you away. They’ll even remember if you’ve\npreviously threatened or attacked them.

","fields":{"slug":"/2021-05-21"},"frontmatter":{"date":"2021/05/21","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Microsoft is retiring Internet Explorer June 15, 2022.

\n
\n

If you’re a web developer working on a modern website or app, we know you’ve\nbeen waiting for this day for a long time. Internet Explorer has increasingly\nbeen difficult to support side-by-side with modern browsers. With this change,\nenterprises and consumers will be able to limit their use of Internet Explorer\nto only those legacy sites that absolutely need it.

\n
\n

They even have a feature to nag people to stop using IE for your site!

","fields":{"slug":"/2021-05-19"},"frontmatter":{"date":"2021/05/19","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

SQLite is a self-contained, high-reliability, and very very fast SQL database engine.\nIt’s known as the most widely deployed database engine in the world. It’s\nabsolutely the most deployed database engine off-world, too.

\n

There’s a really cool blog post about hosting SQLite online, with a virtual\nfile system that uses range requests to cut down on fetches. In this way, you can\nread from a database of nearly any size and query it efficiently! With a properly\nwritten query you can do instant lookups against gigabyte+ SQLite tables.

\n

If you mix this with trigram indexing you can do a lot of Full-Text search needs\nvia an S3 bucket and the web! While it won’t have nearly as many features\nthis could potentially replace quite a lot of the features Algolia provides.

\n

Would I suggest replacing a mission-critical log aggregation and query for\na top-100 tech company? Nope. Is it good enough for smaller use-cases?\nYou betcha it is.

","fields":{"slug":"/2021-05-18"},"frontmatter":{"date":"2021/05/18","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Sometimes new technology and transit goes haywire, as seen earlier this morning when\na reboot caused turnstiles to lock up and prevent entry. In most cases the turnstiles are\nsupposed to fail open. However, it seems an oversight was made during the engineering process\nwhich caused them to fail closed.

\n

New technology isn’t always terrible, though! One thing MTA has been working on has been\nimproving the signals they use for maintaining traings. Over the past five years the MTA\nhas been replacing the existing infrastructure with newer digitized versions.\nSome of these signals were a century old. Because of this, trains can safely increase speeds!

\n

If you take the R line in the city, for instance, trains have sped up 15mph all the way\nto 50MPH in some areas! Even dangerous areas like near the Brooklyn-Bridge/City Hall station\nthey were able to increase speeds because of this.

\n

Some of this has also allowed for new kinds of data to be recorded. Many of these points help\nwith logistics and planning for maintenance work and train routes. However, others\nenable things like the really cool live MTA map that shows where trains are in\nreal time along the routes!

","fields":{"slug":"/2021-05-17"},"frontmatter":{"date":"2021/05/17","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Yoko Taro is an incredibly talented video game director and writer. Games that he’s worked\non include Drakengard, SINoALICE, Nier, and Nier: Automata. He’s pushed video games in\nextreme ways that create beautiful experiences. There’s a level of polish and finesse\nexhibited. Platinum Games published a post about the music in Nier Automata that\nI found really interesting.

\n

The music is all over the place in really amazing and interesting ways. One thing which\nmakes it interesting is the vocals are often a mix of languages, between old Gaelic,\nFrench, Japanese, and English. This means no matter what you speak it is slightly foreign\nand like it’s from another time and place.

\n

In Nier: Automata parts of the game are “Hacking” sections. At these points the game’s\nmusic switches over to an “8-bit” version which is much lower fidelity and sounds\nreminiscent of older video games instead of the orchestra of the normal soundtrack.

\n

However, not all pieces of their score for NieR: Automata received an 8-bit track -\nfor the amount of music they have it was nearly untenable. Part of this has to do\nwith some of the systems they had around mixing different tracks together.\nThey instead developed a system that automatically created the chiptune music from\nthe traditional orchestral score.

\n

This was done by bucketing 48 tones across 4 octaves out of the score, distoring\nthem aggressively, removing anything that was below a specific level to make the\noutput clearer, and applying it back over the original song.

\n

You can see how it worked in practice on their Youtube channel.

","fields":{"slug":"/2021-05-12"},"frontmatter":{"date":"2021/05/12","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The Seagaia Ocean Dome was a really, really big pool.

\n

Well, it was more than a relaly big pool:\nIt was 6 times the size of an olympic pool, had 12,000 square meters of simulated beach,\nand was filled with more than 3.5 million gallons of water kept at 82F year round.\nIn the case of bad weather they had the world’s largest retractable roof to keep\neverything going year round.

\n

The Ocean dome was opened in 1993 and demolished in 2017 after multiple bankruptcies\nand related hotel closures.

\n

It wasn’t that bad of a waterpark, all things considered!

","fields":{"slug":"/2021-05-10"},"frontmatter":{"date":"2021/05/10","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Cloudflare has a really interesting blog post about branch prediction and the\ncost of if jumps in code. If it’s C, I’m unsure why you’d have non-macro debug if\nblocks peppered throughout your code, but sometimes it could make sense.

\n

The blog post investigates branch prediciton and how the [Branch Target Buffer][2]\naffects performance. The TLDR is that once you go above the L1 instruction cache\nyou will find some cost, but in general the cost of an if statement that’s never\ntaken is little to nothing, and the cost of always-taken branches may be an\nissue.

","fields":{"slug":"/2021-05-07"},"frontmatter":{"date":"2021/05/07","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

A paper submitted to ACM in 2019 reviewed the privacy implications of\naccelerometer data as of that time.

\n

Behavior tracking can go beyond the traditional step counter people think\nof when it comes to behavioral analysis. Eating, drinking, and smoking,\ncan be determined from wrist-mounted accelerometers. Further, gait can be inferred\nand level of intoxication can be interpreted. This can also give a guess\non how heavy of a load a person is carrying.

\n

Taking all of this a bit further, you can even determine what is being said or\nwritten via these devices. Determining specifc spoken “hotwords” could be done\nvia accelerometer alone. It’s also possible to figure out what someone has typed\non their phone’s virtual keyboard without actually having access to the keyboard\nthrough only the movements of the phone.

\n

Inference beyond this can be done to get fuzzier understanding of who someone is\nwithout actually know who they are. Someone’s physical activity and timing can\ninfer someone’s socioeconomic status, openness, and extraversion. It can be used\nto understand someone’s mood, their relationships with others, and overall stress\nlevels. It can also be used to determine age and gender based on gait, movement\nparameters, and activity.

\n

The short version, though? We really need to enforce the privacy related to\nwearable devices. It’s an imperative for our safety.

","fields":{"slug":"/2021-05-06"},"frontmatter":{"date":"2021/05/06","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Microgravity always looks really fun. It’s all fun and games until someone\ngets hurt, right?

\n

In space and in micro-gravity we lose the constant of gravity to prevent\nitems from moving in a specific direction. If you let go of a wrench while\nyou’re moving it, it falls to the ground and friction stops its movement\non Earth. In space, that wrench will continue in the direction you let\ngo of it and bonk someone in the head.

\n

This is when you’d need to do a little surgery to suture up your mistake.\nSurgery in space is going to be even more difficult because of a number of\nreasons.

\n

Without gravity, we don’t have blood being pushed downwards. Instead, blood\npools in the center of your body. If this happened on Earth, it would mean\nyou have too much blood! So your body will try to remove liquid, thus lowering\nyour blood volume significantly. This brings your standard blood volume\nin space to a pretty low level already. If you add a wrench to the head,\nthough, you lose even more blood, putting you at a critical level quickly.

\n

Wound healing in microgravity is also an unknown - we’ve done almost no research\non how wounds will heal in space. It’s likely that there will be trouble because\nof the lack of gravity pushing downwards. This is made worse by the fact that your\nimmune system will be heavily suppressed and poorly prepared to fight off infections\nfrom being in the microgravity. Bacteria grows in even more interesting ways -\ninstead of growing in two-dimensions because gravity holds it down, it\ncan grow in 3 dimensions.

\n

Without gravity, water will be held together not by gravity, but instead by surface\ntension. Surface tension will cause the blood to pool together, obscuring the\nview of surgeons. You’ll need to constantly be clearing the field of view,\nbut given weightlessness and possible bacteria infections it’s difficult to\ndecide what to do with that excess. That’s also an unknown.

\n

Suffice it to say - we probably aren’t prepared for this yet.

","fields":{"slug":"/2021-05-04"},"frontmatter":{"date":"2021/05/04","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Observance of Shabbat seems to be very tricky to accomplish in our modern\nage of technical advancement. There’s a number of ways this is approached,\nsuch as the shabbat mode in a few different devices, or other means.

\n

Elevators have a shabbat mode. They will often pick up from the 1st floor, go to\nthe top floor, and then stop on every floor. That way, you don’t operate the\nelectric device and thus can properly observe.

\n

Ovens often will have a shabbat mode, too. Some you set a cook time and desired\ntemperature and then it’ll randomly turn on at some point in the near future,\ncompletely out of your control. Sort of. Others will keep the oven\ncontinuously running at a specific low temperature all day. As long as you\narne’t creating new “fire” then maybe it’s fine?

\n

There’s the eruv wires that mark a territory as “private”. This means during\nShabbat you can carry objects within these designated areas. One such eruv\nencircles all of Manhattan. All of it. Every week it’s inspected\nand a status report is given on twitter.

\n

But hey, don’t trust me on this. Ask Rabbi instead.

","fields":{"slug":"/2021-05-03"},"frontmatter":{"date":"2021/05/03","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Influenza has more or less disappeared, according to Scientific American.\nWhere we’d normally be seeing 35,000+ deaths from the flu in the US?\nWe’re now seeing only around 600 or so. The WHO has also noted this as well\nin their vaccine recommendation, and in their influenza tracking operations.

\n

What’s more is that because there’s so few virus particles circulating\nthere’s a lower chance for mutation. This means the vaccine will be even\nmore effective than it would be.

\n

Hopefully this doesn’t mean we’ll lose some immunity we’d normally have\nfrom it and end up with an influenza strain that is much more difficult\nto manage.

","fields":{"slug":"/2021-04-30"},"frontmatter":{"date":"2021/04/30","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The North American X-15 was an aircraft that was ahead of its time in the 1960s.\nBuilt by North American Aviation and Reaction Motors, its first flight was\nJune 8th, 1959. There were only 3 ever produced, but they helped push aeronautics\nfurther than ever before.

\n

The X-15 could not launch under its own power. Instead, it was lifted by a modified\nBoeing B-52 Stratofortress and released before it would fire off on its own power.\nThe X-15 would reach speeds of 4,520 miles per hour at an altitude of 19.34 miles.\nThis is the highest speed ever recorded by a crewed, powered aircraft to this day.

\n

Every pilot that took flight in the X-15 took their own lives in their hands.\nThe ejection seat had never been tested, or used, but would only work at up to\n2700 miles per hour. The pilots also wore pressure suits, and both the pressure\nsuit and the cockpit would be pressurized with nitrogen gas before flight.\nFortunately, all pilots of the X-15 made it out of the program relatively\nunscathed.

\n

Looking at the X-15, you do have to wonder: who in their right mind would step into that thing?

","fields":{"slug":"/2021-04-29"},"frontmatter":{"date":"2021/04/29","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

For some reason, Pokemon cards - first edition - are going for insane prices.\nFolks are spending millions of dollars on them. Part of this\nis because the sale of first edition cards like a Charizard have sold\nfor over $200,000 USD. People are investing in Pokemon cards\ninstead of property.

\n

However, because of this, we’re seeing an increase in fraudulent cards.\nThe most public of which is a $375,000 USD box that ended up counterfeit.\nThis isn’t a new trend - art forgery has been documented even two thousand\nyears ago - where Roman sculptors produced copies of Greek sculptures.\nHowever, at the time, it was very likely known by the art buyers\nof the time that these were not genuine pieces.

\n

In 1496, Michelangelo sculpted a work of art - a sleeping cupid.\nThrough acid washing techniques, the piece was artificially aged\nand sold to a cardinal - who learned that it was not a true antique.\nHowever, being so impressed by Michelangelo’s talent, he let the young\nartist keep the money he was paid. It was still placed with other\ntrue antiques, and was thus passed off as if it were one.

\n

It leads me to think about Phillip K Dick’s “The Man in the High Castle”.\nIn it, we have Frank Frink who makes and ages Colt Pistols as well as\nother memorabilia. Does it matter more that they are actual Colt Pistols\nfrom the civil war? Or that people that are collecting them can say that\nthey are? It’s all in the “historicity”.

\n
\n

Getting up, he hurried into his study, returned at once with two cigarette\nlighters which he set down on the coffee table. “Look at these. Look the same,\ndon’t they? Well, listen. One has historicity in it.” He grinned at her.\n“Pick them up. Go ahead. One’s worth, oh, maybe forty or fifty thousand dollars\non the collectors’ market.” The girl gingerly picked up the two lighters\nand examined them. “Don’t you feel it?” he kidded her. “The historicity?”

\n

She said, “What is ‘historicity’?”

\n

“When a thing has history in it. Listen. One of those two Zippo lighters\nwas in Franklin D. Roosevelt’s pocket when he was assassinated. And one\nwasn’t. One has historicity, a hell of a lot of it. As much as any object\never had. And one has nothing. Can you feel it?” He nudged her. “You can’t.\nYou can’t tell which is which. There’s no ‘mystical plasmic presence,’ no\n‘aura’ around it.”

\n
\n

How much does it matter if the Shiny Charizard in Mint 9 condition\nis a forgery without true historicity if nobody could tell?

","fields":{"slug":"/2021-04-28"},"frontmatter":{"date":"2021/04/28","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

A few studies published in the Proceedings of the National Academy of Sciences\npurport that we have biases towards class from even a few seconds of speech.

\n

This is concerning but not unheard of. There’s subjective standards in the English\nlanguage which people bias as being a perceived higher social class. It changes\nhow we consider others. Another followup study examines how this may affect\nhiring managers’ assessment of qualifications.

\n

However, the research is even more interesting because it shows that pronounciation\ncues in speech gives a more accurate assessment as to someone’s social status\nthan the content.

","fields":{"slug":"/2021-04-27"},"frontmatter":{"date":"2021/04/27","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Google Cloud is terrifying to some people because of Google’s policy of axeing products\nall around.

\n

Steve Yegge penned an interesting blog post about their experiences with Google\ndeprecation both from inside google and outside google. In their case, they ran into\nsome of the same deprecation issues outside as they saw culturally on the inside.\nComparing it to AWS, there is a pretty stark difference in the deprecation policy\nof old technology that isn’t actively being developed on.

\n

Deprecation isn’t the only oddity. Quota increases can be weird, too - AWS asked me\nto get my quota upped why and I wrote something, I don’t think they read it, and then\nthey upped it. With Google, it was faster than AWS but I did have to talk to someone\non the phone in sales. It felt weird. Perhaps it’s a way to increase touch points\nand push people to use more at GCP?

\n

Google has gone on record saying that they’ll end the GCP projects if they don’t\noutclass Azure or AWS or the like. That’s a tall order, and would require a much heavier\nmarketing and engineering push than I’ve been seeing. They set the deadline to 2023,\nso I’m sure we’ll see Google Cloud shutting down before 2025.

\n

Who knows, though, I’ve heard rumors of folks dog-fooding Google Cloud internally.\nIf Google Cloud could sign a deal as big as Google onto their cloud, I’m sure they’d\nquickly outrank AWS, right?

","fields":{"slug":"/2021-04-26"},"frontmatter":{"date":"2021/04/26","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

There’s a Unicode proposal for Textile Care instructions. This adds 40\nnew characters which represent instructions on how to wash your clothes.\nThese are from ISO3758, which is the same as other international\nstandards that can be used.

\n

Much of this is based on work by GINETEX, an association for textile care\nlabels in Europe, South America, Africa, and Asia. They’ve been working\non care labels since the late 60s & pushing for regulation since the 70s.\nIf a nation is part of GINETEX, they mandate that the washing care instructions\nfollow correct use.

\n

Unfortunately, many of the GINETEX symbols are trademarked, thus can’t be used\nfreely in many European countries as part of the ISO3758 standard. This is\npartly because GINETEX wants to mandate the correct use of these symbols.

\n

But, seriously, how do I wash my coat?

","fields":{"slug":"/2021-04-22"},"frontmatter":{"date":"2021/04/22","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

University of Minnesota published a paper about vulnerabilities being\nintroduced to open source by malicious actors contributing commits. They did\nthis by intentionally introducing bad code via merge requests to the Linux\nkernel, leading to vulnerabilities. Some of the 190 commits have\neven landed in stable branches.

\n

Ethically, this is an\nunacceptable behavior for experimentation, and has been reported to the UMN\nInstitutional Review Board on these cases. Ethics complaints have also been\nfiled to IEEE to have the publication revoked, but it’s unlikely that it will\nbe. They’ve also been banned, as a University, from contributing to the\nLinux kernel, as well as from communicating through many Linux kernel mailing\nlists.

\n

Their experiments prove that humans are fallible. Good job, folks.

\n

*plonk*

","fields":{"slug":"/2021-04-21"},"frontmatter":{"date":"2021/04/21","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Someone called out allowing disposable email as a security concern today.

\n

I disagree. Disposable email is just another term for… email. Any email\nservice that you can sign up to. Just that some are easier to sign up to than\nothers.

\n

These lighter-weight sign up email services are important for people that are\nprivacy conscious and want to control how they are interacted with more readily.

\n

What about gmail? Okay, I sign up once with example@gmail.com - then the next day\nI sign up with e.xample@gmail.com - then e.x.a.mple@gmail.com - then example+1@gmail.com

\n

“Disposable” email services are not the issue, here. I don’t care if you use\na service that is “disposable” or “real” or not. I can use any address @my-domain\nand it will all work.

\n

Does that mean I run a disposable email service and I should be blocked?

","fields":{"slug":"/2021-04-16"},"frontmatter":{"date":"2021/04/16","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

John Wilander, principal engineer on Intelligent Tracking Prevention in Safari,\nopened an issue on the WICG FLoC github pointing out how FLoC can be used\nto create cross-site tracking. What this would mean is that the purported\nprivacy benefits of FLoC would be moot. In fact, it would make it easier\nto track a user.

\n
\n

To take this to the crowd metaphor: Before the pandemic and some time back,\nI attended a Mew concert, a Ghost concert, Disney on Ice, and a Def Leppard\nconcert. At each of those events I was part of a large crowd. But I bet you\nI was the only one to attend all four.

\n
\n

Indeed, de-anonymizing users is a huge problem.\n99% of Americans can be identified by 15 demographic attributes.\nAs part of this research, they created a tool using just three\ndata points - ZIP code, gender, and birth date - which has an 83% chance\nof identification.

\n

We aren’t as anonymous as we’d like to think because we’re all wonderful and special\nlittle snowflakes.

","fields":{"slug":"/2021-04-15"},"frontmatter":{"date":"2021/04/15","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

On November 18th, 2008, Heide Stefanyshyn-Piper looked out into the blue of\nthe ocean from 250 miles away. Above it. She kicked off for her third EVA for\nmission STS-126. She was out there with fellow astronaut Stephen Bowen\nto fix the rotation assembly that allows the solar arrays to follow the sun.\nIt had failed and was not operating optimally. The solution that the\nthose ground control folks came up with? Go out there with some grease\nand some wipes to clean it up and grease it up. No sweat.

\n

Looking into her airlock bag with these advanced tools she sees something\nvery concerning. “I think we had a grease gun explode in the large bag.\nThere’s grease in the bag.”

\n

She heard Steve Bown observe dryly over her headset, “Ah. it must have been\nthe pressure changes.” Putting that MIT engineering degree to work.

\n

The flight controllers peered through her helmet camera uplink and calmly\nassessed the situation, with suggestions. She grabbed a dry wipe and did her\nbest to clean up the grease. The EVA suit’s not known for being dextrous,\nthough, and one movement too exxagerated knocked the bag. It tumbled away,\noff on its own. Out of reach.

\n

“Oh, great. We have a lost tool, uh, I guess one of my crew lock bags was not\ntransferred and it’s loose.”

\n

This is how one more piece of space debris ended up in orbit. There are\nmore than 23,000 pieces of debris larger than 10cm in orbit. This number\ngrows every day. Even something as small as Heide’s tool bag can be identified\nand seen from the ground.

\n

Space debris becomes more and more of a concern as we look outwards from our\nown planet. This is a problem known as Kessler syndrom. The thought is\nthat a time could come where there’s such a density of space debris that\nwe avoiding collision would be impossible. Even in the early 2000s we found\nevidence of small debris embedding itself in shuttle windows.

\n

An impact with a piece of space debris is on average a collision with the\nrelative difference in velocity of 10-15km/s. This is 10x the speed of even\nthe fastest bullets. At that speed, even a bolt no bigger than your thumb will\ntear through steel like paper.

\n

There’s many projects to track and visualize space debris, but what do we\ndo to make this better?

\n

One approach is to stop putting things in higher orbits. Low earth orbit has\na small amount of atmosphere which causes drag on items. This means that,\nwithout assistance, items in low earth orbit will leave orbit and return\nto earth. This is great because it puts a much shorter time limit on debris:\nyears instead of millenia. This is why Starlink is considered less of a\nnegative impact on space debris.

\n

However, that still leaves thousands of tons of space junk in higher orbit.\nSome of these will take many, many lifetimes before they would deorbit on their\nown - perhaps longer. Actively removing these takes ingenuity. Science\nfiction has looked into this active removal via movies and comics.

\n

In reality, it’s more likely that we’ll use ground-based or sattelite-based\nLaser Brooms to control and deorbit smaller debris (1cm-10cm in size).\nThis works by targeting a piece of debris and firing a high-power laser to heat\none side of the debris to produce thrust. This would make the orbit unstable,\nquickening the eventual deorbit.

\n

Oh, and Heide’s toolbag. It was in a low orbit on its own around Earth until\nit lost enough velocity to return on August 3, 2009. It was vaporized\nduring reentry.

","fields":{"slug":"/2021-04-14"},"frontmatter":{"date":"2021/04/14","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Another Google product is being put out to pasture. In particular,\n“Google Play Movies & TV”. Previously available content will be on\nYoutube on Smart TVs. The Android app has already been\nrebranded to Google TV (not to be confused with Google TV).\nThis continues Google’s tradition of killing products.

\n

Google Play Music was taken out a few months back, with Youtube\nMusic being the replacement. This was such a difficult transition\nthat I started paying for Spotify for my parents to use.

\n

To understand why this is (I am not a Xoogler and I am sure SOMEONE\nhere would have a clearer picture to this) it helps to understand\npromotions at Google! Promotions at higher levels have criteria\naround impact to the organization and business. A project that\ncreates a big splash will get people promoted. This attracts people\nto those projects.

\n

On the other hand, maintenance does not lead well to impact. This\nmeans that projects that aren’t shiny and new will bleed members\nfrom their teams. Maintenance work is a dead end because in most\ncases, if you do your job right then nobody knows you’ve done\nanything at all.

\n

It’s totally understandable when you reframe it like this.\nBut nobody has to like it.

","fields":{"slug":"/2021-04-13"},"frontmatter":{"date":"2021/04/13","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Yet another great step for cryptocurrency enthusiasts, there’s now an\nimplementation of std::unique_ptr backed by crytpo NFTs! Exciting.\nWhat does that mean in practice?

\n

The std::unique_ptr in C++ is a smart pointer that manages another\nobject via a pointer (a reference to a memory address). What it does that\nmakes it “smart” is that it disposes of the object when the pointer goes out of\nscope. This is most often done using the delete operator, but can also be\nsupplied by the developer.

\n

This NFT pointer implementation has the same semantics and usability of a\ntraditional smart pointer, but also is on the Ethereum blockchain, making it\nsuperior.

\n
\n

As we all know, adding blockchain to a problem automatically\nmakes it simple, transparent, and cryptographically secure.

\n
\n

The difference in performance between the two is negligible\nin the grand scheme of things, with std::unique_ptr running in\n0.005 seconds, followed quickly behind by nft_ptr at 3 minutes per call.

\n

I applaud Zhuowei Zhang’s efforts to bring crytocurrency to more widespread\nappeal. For more information, check out their whitepaper.

","fields":{"slug":"/2021-04-12"},"frontmatter":{"date":"2021/04/12","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Amazon employees in Bessemer, Alabama voted against unionizing their\nworkplace. There’s a lot that could be said about this - whether there was\nsome form of interference in the vote, or if it’s good or bad for the\nemployees.

\n

If you take a look at Bessemer compared to other cities, it’s not\npositive. Manufacturing jobs dried up, unemployment rose, and crime increased.\nIt was voted Alabama’s Worst City to Live in by 24/7 Wall Street.\nThe Amazon jobs are huge - given that AMZN is employing some 30% of the city.\nFor that city, at least short term, Amazon can be a great power for good.\nLong term, who knows.

\n

As interesting as arguing about unions may be - let’s instead look at another\naspect of Amazon and how they interact with their workforce.

\n

In particular, the Fulfillment Center (FC) Ambassador Program.

\n

The FC Ambassador Program is a way for fulfillment center employees can spend\none day a week tweeting about how great their job is at the warehouse.\nThey are trained to follow scripts, and don’t get much out of doing this\naside from an amazon gift card and one limited paid day off\n(with an expiration of 3 weeks). This ends up with great tweets such as\nthe following.

\n
\n

Did you know that Amazon pays warehouse workers 30% more than other\nretailers? I feel proud to work for Amazon – they’ve taken good\ncare of me. Much better than some of my previous employers.

\n
\n

— Shaye – Amazon FC Ambassador 📦 (@AmazonFCShaye)\nAugust 21, 2018

\n

They’re often the “kiss asses” of the departments. Who can blame, them,\nthough? Getting out of loading and unloading trucks for 10 hours and all\nyou have to do is write some tweets? I’d be tempted, too.

\n

We continue to slowly tread towards the Amazon dystopia we never wanted.

","fields":{"slug":"/2021-04-09"},"frontmatter":{"date":"2021/04/09","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

We’re moving away from fossil fuels in our day to day transit as electric\nvehicles are becoming more viable for our transportation needs. However,\npushing people to use bicycles more would be far more helpful than\npushing for a transition to electric vehicles.

\n

Electric Vehicles are far from carbon neutral. They’re better than\ncombustion engine vehicles, of course, but the production and manufacturing of\nthe batteries and chassis still produces a large amount of emissions.\nThe generation of electricity to charge these electric vehicles is also\nnot carbon-zero.

\n

Pushing for bicycles works in urban cities. Especially those with milder\nclimates. However, most articles gloss over rural areas with more extreme\nclimates. It’s one thing to try to trudge around New York City when it’s a\nhumid 95F / 35C day. It’s uncomfortable and you might end up a little sweaty.\nIt’s an entirely different story to bike the 35 miles from Frisco, Texas into\ndowntown Dallas during the 115F / 46C summer. It’s downright dangerous.

\n

Bicycling is great if it’s an option - but it own’t be for everyone. While\nelectric vehicles aren’t entirely carbon zero, they’re better than many\nalternatives while being feasible “replacements”.

\n

But if you’re in a city and can bike somewhere? Do that. It’s healthier, too.

","fields":{"slug":"/2021-04-08"},"frontmatter":{"date":"2021/04/08","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Dungeons and Dragons, is first and foremost, a collaborative storytelling game.\nSure, there might be lots of numbers and mechanics to support these stories.\nWithout those, there’s a whole lot of chaos. At the end of the day, though,\nall of the rules can be blurred or broken.

\n

That’s why the Dungeon Master is always looked upon as a supreme being of\ngrand benevolence. It’s also why there’s one rule that has withstood the test\nof time: The Rule… of Cool.

\n

It’s one of the first things you often get told when you ask a seasoned\nstoryteller for DnD for advice. The Rule of Cool is simple, really. If it’s\ncool? Why not let it play out? Of course, cool is subjective.

\n

Here’s the deal: You’re playing with friends. You want your friends to all\nfeel like they are the most amazing people. (Spoiler: They are.) So the\nRule of Cool can be used as a fantastic reward to those wonderful players.

\n

My favorite rule of cool I’d been part of was when an Orc fighter, Human Druid,\nan Elven Cleric, and a Gnome Barbarian were in dire straits. They’d been a\nBig Bad Evil Wizard for an hour - and had nearly taken them down. Right\nas they were going to strike the final blow, the wizard had opened a magical\nportal (Dimension Door) towards their friend and compatriot, the Elven Cleric.

\n

He’d knocked them unconcious with a magic weapon attack, and the cleric\nwas barely holding onto their mortal coil. None of the three had enough time\nto get over the difficult terrain to the Big Bad to save their friend. A\nfriend that they’d gotten close with over months. Someone they cared about.\nIn less than 6 seconds they knew it would be the end.

\n

Except… what if… So the Orc player stared straight at our DM and declared\ntheir next action. “I’m going to do a fastball special.” They were declaring\nthat they’d PICK UP the Gnome and throw them as hard as they could at the\nBig Bad.

\n

The DM’s eyebrow raised as they opened up their rulebook, looked a bit, and\nclosed it. We all knew there was nothing in there about this. It’s just not\npart of the rules. We all knew what the answer would be.\n“I don’t think you can throw them quite that far. That’s 90 feet.” We were\nall a little slack jawed. Our DM had always followed the rules to a T… up\nuntil now.

\n

Our druid’s eyes light up. “GUST OF WIND! I HAVE A TURN. GUST OF WIND.”

\n

With a bit of contemplation, the DM sighed. “Alright.” Pointing at the Orc,\n“You roll strength.” Pointing at the Druid, “You roll wisdom”.\nPointing at the Gnome, “You roll for an attack.”

\n

Strength, 19, plus 4. “You see her muscles ripple, and our Gnomish friend\nfeels like there is an incredibly springboard under his feet. Before he has\neven a moment to think through how awful this plan is, he’s rocketed into the\nair.”

\n

Wisdom, 16, plus 3. “Druidic energy starts to emenate visibly from the staff,\nand all of you can hear a howling of wind through the trees picking up.\nWhile soaring through the air, the Gnome accelerates even faster - the wind\nscreaming by their ears.”

\n

Attack roll, natural 20. The gnome barbarian stares at the die, worried that\nit might change if they don’t keep a close eye on it. “The wizard’s eyes go\nwide, as he starts to utter an incantation - but not fast enough. You feel a\nCRUNCH as you slam into his chest, axes flying from a mix of momentum and\nyour rage. Your vision is blood red. You can hear your own pulse pounding in\nyour ears. Uhh.. you have brutal critical, don’t you. He’s only got..”

\n

The DM looked up quietly from behind their cardboard DM screen, they stole\nMatt Mercer’s line, with a giant grin growing across their face.\n“How do you want to do this?” We broke a lot of rules - but we all felt like\nheroes.

","fields":{"slug":"/2021-04-07"},"frontmatter":{"date":"2021/04/07","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Disney World is a monumental effort to make it the Most Magical place on Earth.\nMuch of this is attributed to the extreme amounts of engineering that have\ngone into manufacturing the magic.

\n

I think the Utilidor is the best example of this.

\n

Whenever you’re at Disney World, you’re technically on the rooftop of the\nMagic Kingdom. A portmanteau of Utility and Corridor, the Utilidor is the\ntrue “first floor” of the theme park. In most places in Florida, you dig a\nfew feet down? You hit water. Building underground is thus mostly a\ndangerous and difficult proposition. Thus, most of the Magic Kingdom is\nabout 100ft above sea level.

\n

The Utilidor is used for logistics in the park. Getting anything from point\nA to point B magically can be done via the tunnel systems.

\n

Employees (referred to as “Cast Members” per corporate mandate) travel between\nlocations using the Utilidor. This allows them to navigate quickly using\nelectric vehicles & get in the correct locations quickly for their work.\nThe Utilidor also houses a number of services for employees - such as\ncafeterias, banking services, hair salons, and more.

\n

What I think is the most interesting, however, is the automated vacuum waste\ncollection within the Utilidor. The utilidor has pneumatic tubes to quickly\nwhisk away any and all trash away from the park - to where it can be\ndisposed of or recycled. This helps the custodial staff keep the park as\nclean as it is - by taking all the trash and dumping it somewhere else.

\n

There are “Backstage” tours of Walt Disney World that show off the utilidor\namong other ways that the magic is preserved at the theme park. Even if\nsome of the illusion can be dispelled, though, it’s still real magic if you\nbelieve in it.

","fields":{"slug":"/2021-04-06"},"frontmatter":{"date":"2021/04/06","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The Supreme Court has come to a decision on the Google v Oracle case\nregarding Google’s usage of the Java SE API in Android’s Android Runtime,\nas well as Dalvik VM before it. This has been ongoing since August 2010.

\n

TLDR: It’s fair use, the declaring code is very small and is not\nimplementation, but instead a general organization. As such, it’s fair use.

\n

Let’s read a couple excerpts!

\n

The most succinct description of how this is fair use:

\n
\n

Google copied these lines not because of their creativity or beauty but\nbecause they would allow programmers to bring their skills to a new\nsmartphone computing environment.

\n
\n

But does this mean that programs in general are not copyrightable?\nThe following decides that’s not the case:

\n
\n

As part of an interface, the copied lines are inherently\nbound together with uncopyrightable ideas (the overall organization of\nthe API) and the creation of new creative expression (the code inde-\npendently written by Google). Unlike many other computer programs,\nthe value of the copied lines is in significant part derived from the in-\nvestment of users (here computer programmers) who have learned the\nAPI’s system. Given these differences, application of fair use here is\nunlikely to undermine the general copyright protection that Congress\nprovided for computer programs

\n
\n

How much of the code is considered copied:

\n
\n

If one considers the declaring code in isolation, the quan-\ntitative amount of what Google copied was large. Google\ncopied the declaring code for 37 packages of the Sun Java\nAPI, totaling approximately 11,500 lines of code. Those\nlines of code amount to virtually all the declaring code\nneeded to call up hundreds of different tasks. On the other\nhand, if one considers the entire set of software material in\nthe Sun Java API, the quantitative amount copied was\nsmall. The total set of Sun Java API computer code, includ-\ning implementing code, amounted to 2.86 million lines, of\nwhich the copied 11,500 lines were only 0.4 percent

\n
\n

However, my favorite part of the entire decision is that they retell one of\nthe world’s shortest short stories:

\n
\n

When he awoke, the dinosaur was still there.

\n
","fields":{"slug":"/2021-04-05"},"frontmatter":{"date":"2021/04/05","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

There’s a really neat stack overflow post about the\nAmiga OS Kickstart image. They ask why the image included during the\nbootstrapping sequence of the Amiga computers - known as “Kickstart” - was so\nugly. The image showed up and instructed the user to insert the Kickstart\nfloppy so the computer could start.

\n

The short version is that they were severely resource constrained. A bitmap\npayload would have been around 4KiB, but vector art data for the Kickstart\nimage weighed in at only 412 bytes. This was very important when they only\nhad 8KiB of space to work with for the pre-boot ROM.

\n

The vector art data is as follows:

\n
FF 01 23 0B 3A 0B 3A 21 71 21 71 0B 7D 0B 88 16 88 5E 7F 5E 7F 38 40 38\n3E 36 35 36 34 38 2D 38 2D 41 23 48 23 0B FE 02 25 45 FF 01 21 48 21 0A\n7E 0A 8A 16 8A 5F 56 5F 56 64 52 6C 4E 71 4A 74 44 7D 3C 81 3C 8C 0A 8C\n0A 6D 09 6D 09 51 0D 4B 14 45 15 41 19 3A 1E 37 21 36 21 36 1E 38 1A 3A\n16 41 15 45 0E 4B 0A 51 0A 6C 0B 6D 0B 8B 28 8B 28 76 30 76 34 72 34 5F\n32 5C 32 52 41 45 41 39 3E 37 3B 37 3E 3A 3E 41 3D 42 36 42 33 3F 2A 46\n1E 4C 12 55 12 54 1E 4B 1A 4A 17 47 1A 49 1E 4A 21 48 FF 01 32 3D 34 36\n3C 37 3D 3A 3D 41 36 41 32 3D FF 01 33 5C 33 52 42 45 42 39 7D 39 7D 5E\n34 5E 33 5A FF 01 3C 0B 6F 0B 6F 20 3C 20 3C 0B FF 01 60 0E 6B 0E 6B 1C\n60 1C 60 0E FE 03 3E 1F FF 01 62 0F 69 0F 69 1B 62 1B 62 0F FE 02 63 1A\nFF 01 2F 39 32 39 32 3B 2F 3F 2F 39 FF 01 29 8B 29 77 30 77 35 72 35 69\n39 6B 41 6B 41 6D 45 72 49 72 49 74 43 7D 3B 80 3B 8B 29 8B FF 01 35 5F\n35 64 3A 61 35 5F FF 01 39 62 35 64 35 5F 4A 5F 40 69 3F 69 41 67 3C 62\n39 62 FF 01 4E 5F 55 5F 55 64 51 6C 4E 70 49 71 46 71 43 6D 43 6A 4E 5F\nFF 01 44 6A 44 6D 46 70 48 70 4C 6F 4D 6C 49 69 44 6A FF 01 36 68 3E 6A\n40 67 3C 63 39 63 36 65 36 68 FF 01 7E 0B 89 16 89 5E FE 01 22 0B FE 01\n3B 0B FE 01 61 0F FE 01 6A 1B FE 01 70 0F FE 01 7E 5E FE 01 4B 60 FE 01\n2E 39 FF FF
\n

The way it was interpreted followed pretty simple rules:

\n
\n
    \n
  1. Read two bytes at a time.
    2. \n
  2. If both bytes are FF, end the program.
    3. \n
  3. If the first byte is FF and the second byte is not, start drawing a polyline with the color index given in the second byte. Treat any subsequent two bytes as x,y coordinates belonging to that polyline except if the first byte is FF (see rules 2 and 3) or FE (see rule 4), which is where you stop drawing the line.
    4. \n
  4. If the first byte is FE, flood fill an area using the color index given in the second byte, starting from the point whose coordinates are given in the next two bytes.
    5. \n
\n
\n

Sheryl Knowles, the first Amiga artist, noted that there were no real\ntools on the Amiga to make many of these images aside from when they\neventually wrote Graphicraft. At that point, using graphicraft she\nheld the floppy in her left hand and painstakingly created the drawing with\nher right hand.

\n
\n

The drawing was limited in size and in the number of pixels that could be\nused, by the programming requirements of the time. All of which should\nexplain why it’s a bad drawing. But it was deemed a sufficient icon.

\n
\n

Which is very true! Even if it’s ugly, it’s clear what it’s supposed to be.\nIt’s not supposed to be high art - it’s supposed to be an icon you see for a\ncouple seconds at most.

","fields":{"slug":"/2021-04-02"},"frontmatter":{"date":"2021/04/02","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Today, running 5KM took a lot out of me. This can be squarely blamed\non a more sedentary lifestyle than is ideal. This doesn’t mean I can’t.\nWe’re all Born to Run in our own ways. Some hypotheses even suggest that\nwe should take that pretty literally.

\n

For example, look at the Rarámuri peoples - 5KM might feel like a lot,\nbut they’re known to long-distance running. Extremely long-distance running.\nUp to 320KM in one session, often over the course of multiple days. That isn’t\neven on flat surfaces, either. It’s through canyon and brush, with rather\nsignificant elevation changes and rough terrain.

\n

What’s more, the Rarámuri also have competitive aspects to their running,\nsuch as the game Rarajipari - a game of kicking and chasing a ball. Even\ncasual games will go on for several miles. However, after some serious\nall-night partying they will do equally serious matches which go on for thirty\nto fourty miles.

\n

While much of that can seem extreme, it’s led many to lean into the\nEndurance running hypothesis - that certain human characteristics can be\nexplained by our need to run extended distances. Sure, it’s just a hypothesis,\nand there’s definitely some areas where it falters - but it’s interesting\nnonetheless.

\n

For example - we have shorter toes than other primates. For grasping, this\nmakes us greatly inferior. We lost overall strength and gripping capabilities.\nWith such short toes, how am I supposed to hang from the monkey bars with just\nmy toes? However, shorter toes mean less mechanical work is needed to support\nweight. Less exertion is put on the joints, and we can support 75% of our body\nweight on just our toes. In running, this is incredibly important - as we often\nwill end up landing on our toes - and those longer toes would cause injuries.

\n

What does it all mean, though? Well, you might not run 300KM in a single go\ntoday - but I’m sure 5KM is a good start on it.

","fields":{"slug":"/2021-04-01"},"frontmatter":{"date":"2021/04/01","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

;l;;gmlxzssaw

","fields":{"slug":"/2021-03-30"},"frontmatter":{"date":"2021/03/30","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The Suez canal is clear again.

\n

Hackernews was suggesting a wide array of possible solutions.

\n

You can vibrate the sand with the right resonance to “liquefy” the sand\nallowing for easier passage - similar to concrete.

\n

You can use heavy-lift helicopters to unload the shipping containers\nto.. somewhere. An empty shipping container is 4 tons. A fully-loaded\ncontainer is 33.5 tons. The Mi-26 is the largest and most powerful\nhelicopter to go into serial production and it can only lift 14.5 tons.\nThis would be roughly 60-240 minutes per container to offload, assuming\nthe helicopters don’t have failures. At a 20k ton load that puts us at\n175 days, give or take to unload the ship.

\n

You could cut through the ship - it’s been done before. It’d be a huge\nloss for ths shipping company, though. It’d also take many months, and\nwould likely destroy all of the cargo.

\n

You could do what they do with beached whales - just blow it up. Evaporate\nit with an ICBM. Let’s ignore various nuclear arms treaties and ecological\nissues involved. LGM-118 Peacekeeper is armed with a 300 kiloton\nW87 warhead. Unfortunately, the Ever Given is just too big. It would not\nbe completely destroyed as the fireball is only 320 meters and various\nleftover scrap metal would be all over the place. Upgrading to something\nthat would make the UN sweat a little, though, and we could probably\ncreate a big enough crater to allow for U-turns.

\n

My favorite, though… is to just explode a medium sized nuke under the ship.\nThen another. Then another. Just keep exploding nukes until it’s sailing\noff into the cosmos. We’d have accomplished Project Orion.\nOpen up the Suez canal and ship goods to Mars in one fell swoop!

\n

In the end, the Suez canal was cleared by high tide, dredging the canal,\nand a bunch of tug boats. Keep it Simple.

","fields":{"slug":"/2021-03-29"},"frontmatter":{"date":"2021/03/29","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

While Ireland’s Gaeilge is the national and official language of the Republic of Ireland,\nmany regions of Ireland speak a dialect of English: Hiberno-English, or Irish English.\nEven within this dialect there’s a number of differences regionally, which have developed\nover hundreds of years.

\n

English has been pushing out Gaeilge in Ireland for centuries. Originally brought\nto Ireland in the 12th century via the Norman Invasion, the Tudor conquest\nled to English speaking immigrants flooding Ireland, and a general suppresion of\nthe Irish language. More recently, only 4% of surveyed Irish speakers\nspeak Gaelige in their daily life. Otherwise, English is the predominant language\nof the land.

\n

While the English attempted suppress anything other than the traditional\nEnglish at the time, there’s been a number of differences that have grown to\nmake Irish English unique across the gamut - grammar, vocabulary, and phonetics,\nMuch of this is holdover from Gaelige, which makes it doubly interesting.

\n

One particularly interesting grammatical difference is that “yes” and “no” are\nfar less frequently used. For example, “You speak with an Irish dialect?” would\nbe responded with “I do” instead of “Yes”. Much of this is due to\nthe Irish language lacking “yes” or “no” as vocabulary. Instead,\nthe verb is negated and responded with.

\n

Hiberno-English pulls a number of words from Gaeilge as loan-words, as well\nas some that are merely derived from the national language. “Sláinte!” is\none that you might hear in a pub, meaning “(To your) Health!” And if you’re\nnervous, you might “fooster” - to fidget - derived from the Gaeilge word\n“Fústar”. In other cases, Hiberno-English has vocabulary that is less\nclearly historied - such as when you’ve really broken something? It’s\n“banjaxed”.

\n

The phonology of Hiberno-English is probably what differs the most between\nthe regions. I’ll be frank - I’m not a phonetics expert, and every paper\nI’ve read on this really goes all out on that. A few examples, however,\nare words like “kite” that to American ears would sound like “koyt”,\n“mouth” which would be closer to “meh-ooth” or “maith”, and\n“about” would be close to “a boat”.

\n

Now don’t be a lúdramán, and give céad míle fáilte when yer with the Irish, will you?\nThey do be thinking yer an eejit if ya talk like this, yeah?

","fields":{"slug":"/2021-03-19"},"frontmatter":{"date":"2021/03/19","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Thank you for subscribing to Cat Facts.

\n

Cats recognize our voices but don’t care.

\n

Cats get separation anxiety but handle that by peeing on all of your stuff.

\n

Cats don’t mind if someone’s mean to you.

\n

It’s not that they’re awful in any way - it’s just their nature.

\n

<To cancel Daily Cat Facts, reply ‘STOP’>

","fields":{"slug":"/2021-03-18"},"frontmatter":{"date":"2021/03/18","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Last year Gregg Tavares posted about Github’s permission model,\nfrustrated with how it blindly grants the ability to request data from users\nto anyone that asks for the permissions. Yesterday it was trending on\nHackernews. I think from a privacy standpoint it’s an interesting read.\nSomething they touched on, however, gave me that weird gut feeling…

\n
\n

Let’s imagine your bank let you sign in to 3rd party services in a similar\nmanner. How many people would click through on “Let ACME corp act on your\nbehalf on your Citibank Account”. I think most people would be super scared\nof permissions like that. Instead they’d want very specific permission\nlike, only permission to deposit money, or only permission to read the\nbalance, or only permission to read transactions, etc…

\n
\n

Oh, you sweet summer child. Oh, no, no, no. It’s much worse when it comes\nto banking.

\n

Enter Plaid.

\n

You might know Plaid because their Visa acquisiton was recently blocked.

\n

Plaid operates as an “in-between” for their customers to allow end-users\nto sign into banks - surfacing information about account numbers,\nrouting numbers, current balance, recent transactions, and other related\nbanking information.

\n

Cool, right?

\n

Well, let’s pull apart how that works. Let’s take Venmo as an example.\nVenmo embeds Plaid’s SDK. A user will want to link their bank account to\nVenmo. The SDK interacts with and then Plaid performs a\nMan in the Middle attack on the end-user. Within an app (not the bank’s)\napp, Plaid’s embeddable code will simulate a fake bank login, collect\ncredentials - including many 2FA - and then falsify a login as if they were\nan end user. At this point they scrape all data they can get access to,\nstoring it all in their servers. This is how their customers, like Venmo,\nwould be able to verify you own your account and can peek at your account\nbalance to verify you have funds to pay for that\npizza / rent / drugs / fantasy football.

\n

Plaid’s codebase itself has a distinct issue, too. The underlying code for\ntheir scrapers are thousands upon thousands of Python files that connect\ntogether like spaghetti. Updates get patched in at random, so following\nsecurity practices is attempted but… it’s a moving target.

\n

As far as permissioning - it’s nonexistent. Plaid gives every single one of\ntheir customers full access to the accounts of users that authenticated.\nWith Venmo - account verification? Sure! Account balance? Uh.. weird, but\nokay. Loan status? Credit card statements? Transactions unrelated to Venmo?\nIdentity documentation? Initiate transfers? Uhh.. Why?! For anyone?!!

\n

Is this legal? Well, maybe. That doesn’t stop\nbanks from suing Plaid. This is also not great for consumers because it\nopens up new vectors for threat actors to gain access to accounts and could\nvoid agreements banks have with their customers around fraud.

\n

Lots of financial services apps like Mint also work in this way.

\n

Don’t worry, though, at least we can use alternatives. Like, I’ve heard of\n“Yodlee” to do this, right? Oh…

\n

At the end of the day, services like Plaid provide features that users want.

\n

Do I think plaid is a security nightmare? Yes.

\n

Can I think of a reasonable alternative for their features? No.

","fields":{"slug":"/2021-03-17"},"frontmatter":{"date":"2021/03/17","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Docker announced a Series B raise of $23M today - which is definitely impressive\nfor a company focused around Open-Source, right? Well, maybe. In 2015, Docker\nhad announced a $95M Series D raise of funding at a $1B valuation. Best\nguess was a reset after Mirantis acquired part of the company?

\n

What’s Docker the software? Let’s start with the basics.

\n

Containers. Containers are effectively packaging to create a running process\nwith encapsulation features applied to keep it isolated from when\nrunning on a host computer. Containers as a concept have been around for\ndecades - older examples would be OpenVZ.

\n

Containers are helpful for developing software because they provide portability,\nreproducibility, and isolation. Portability helps you run your app anywhere -\nirregardless of the system you’re running on. Isolation is so that state in\nthe host and state in other Containers won’t impact your app.

\n

This is different from virtual machines that have full virtualization.\nContainers will often utilize OS virtualization & isolation features to\nshare multiple containers safely in one OS - instead of a full VM where the\nOS is duplicated.

\n

That leads to Docker the Software. Docker the software brings container\ntooling, an abstraction layer wrapping multiple Virtualization APIs, and a\nDomain Specific Language for Container Filesystems.

\n

Docker’s “images” include everything needed to start a container - the code or\nbinary, runtimes, dependencies, and any other filesystem objects required.\nDocker images and containers are supported by most of the big cloud providers -\nAMZN AWS, GOOG Cloud, MSFT Azure, Heroku, Glitch, and others. The same docker\nimage can be run across all of them.

\n

But what does Docker Inc do? Docker, Inc primarily develops Docker Hub and\nDocker Desktop at this point in time. Per their blog post about their\nplans for the funding it seems like they’re focusing on improving dev\nexperience, tooling around security, and API development.

\n

I’ve got high hopes for the company into the 2020s. Here’s hoping that this\ntime investor interests are more closely aligned with the direction of the\ncompany. If not, I’m sure we’ll see Docker repeat the past decade again.

","fields":{"slug":"/2021-03-16"},"frontmatter":{"date":"2021/03/16","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Security.txt made the rounds again on HackerNews. It’s a format,\nsimilar to robots.txt for making it clearer how to submit security\nissues to an organization.

\n

In theory, this is great! It’s noted by the DHS as a helpful way for\nresearchers to communicate their findings. At one point, it was required\nfor agencies to have it, but was removed from that draft. Because it’s at a\nnormalized location, it can be found by scraping sites like SHODAN and\nDisclose.io.

\n

In practice, however, some members of the cyber security community find it\nto leads to a poor signal-to-noise ratio.

\n

Some entrepeneurial members of the cybersecurity community will grab the\ndomain lists with security.txt files, fetch the email, run burpsuite or\nmetasploit to get some low effort security issues, and dump it all into\nexcel. For extra credit, then do a mail-merge. Minimal effort, and if\nyou get answers back you ask for a bug bounty.

\n

I don’t think that security.txt on its own will cause this, though. It’s\njust as easy to search for Vulnerability Disclosure Policies and use those as\ninputs for automated security testing. It takes a bit more manual work, but\neven with that you end up with odd security reports now and then.

\n

All of this is to explain how we ended up with the security report for a site\nthat shared the same first two letters of ours instead.

","fields":{"slug":"/2021-03-15"},"frontmatter":{"date":"2021/03/15","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The UK is in talks to depart from using GDPR. This likely means\none of two outcomes - neither of which are positive.

\n

Option A - come up with their own privacy laws. This is iffy and is the path\nthe USA is currently on. You end up with multiple laws that may by chance hit\nsimilar beats but may conflict and make it more difficult to be compliant. In\nthis world, many companies will just ignore the privacy laws in the hopes that\nthey won’t be caught - or that the legal jurisdiction they’re in makes it\ndifficult to litigate.

\n

Option B - roll back everything. This is bad for privacy, consumers, and\ncitizens of the UK but good for businesses. As such, this is the likely path\nforward, given other recent actions taken by parliament.

\n

If we continue to split up privacy laws, I’ve got a bad feeling about the\nfuture of the internet. I could foresee a future where it’s no longer open\nacross country borders and becomes insular within each jurisdiction, sharing\nstamped out by bureaucracy.

","fields":{"slug":"/2021-03-12"},"frontmatter":{"date":"2021/03/12","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Amen Brother by The Winstons is a B-side of The Winston’s 1969 single\n“Color Him Father”. The A-side song - “Color Him Father” - won a Grammy Award\nfor Best R&B song in 1970 - but the B-side… the B-side has been heard by\nso many more people. Not in its entirety, mind you, but in the seven second\ndrum solo from 1 minute and 26 seconds to 1 minute and 33 seconds.

\n

This is the “Amen Break”.

\n

The drum solo, performed by Greg Coleman, was initially just meant to fill time.\nIt caught the attention of DJs almost two decades later in the hip-hop scene.\nThey found that if you slowed it down from 135BPM to about 90BPM it became the\nperfect canvas for laid back rappers to create on.

\n

Unfortunately, Coleman was unlikely to have become aware of the impact he had\non the world. George Coleman died in 2006, homeless and destitute. However,\nhis drum solo is immortal and has shaped modern music as we know it.

\n

There’s thousands upon thousands of songs that use the Amen Break, but I’ll\nleave you with a few I’m fond of.

\n","fields":{"slug":"/2021-03-11"},"frontmatter":{"date":"2021/03/11","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Oh no! OVH had a small datacenter fire which affected their SBG datacenter.\nThis is not that uncommon of a problem for a datacenter. That’s why you should\nalways have a Disaster Recovery Plan if your data is invaluable - beyond\nreliance on fire suppression systems.

\n

Fire suppression in datacenters pose an interesting problem. When you have\nso many things that can’t get wet and are incredibly expensive to replace\nyou can’t use sprinklers, and any residue could be heavily damaging\nto the equipment as well.

\n

Bromotrifluoromethane, or Halon, was developed in the 1950s as a\ngaseous fire suppression agent for use with valuable materials - such\nas computers and telecommunications systems. In the mid-90s we stopped\nusing Halon because it is incredibly damaging to the ozone layer and\ncontributes considerably towards global warming. However much damage\nit causes to the planet, it’s relatively safe for humans. While Halon\nmay cause dizziness and tingling in the extremities at the low amounts\nit may be effective at, it is relatively safe to be used in close\nquarters. This is why even now the FAA reccommends it for aircraft!

\n

HFC-227ea is another gaseous fire suppression agent used in data centers.\nGenerally, this is safe for humans at up to 9% concentration, which is the\nmaximum most fire suppression systems would use. It doesn’t deplete the ozone\nlayer but does contribute to climate change in other ways. At incredibly high\nheat, however, it does decompose into hydrogen fluoride - which can cause\nblindness and creates hydrofluoric acid on contact with moisture.

\n

Most fire suppression systems have an alarm before they go off and may\nbe manually prevented. If you’re interested, there’s a simulation video\nvideo which has some obnoxious music but is otherwise accurate. I’ve been part\nof this before in a data center, and it’s not a fun time. I was not inside when\nthe fire suppression activated, thankfully!

\n

Of course, not much of this matters once the datacenter gets to the point\nSGB2 just did. Don’t worry, though! That data center is still\ngreen across the board according to its status page!

","fields":{"slug":"/2021-03-10"},"frontmatter":{"date":"2021/03/10","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Last week I wrote about an American English dialect. Regional dialects are\nincredibly common! Another well known regional dialect is the dialect from\nOsaka, Japan and the surrounding regions - commonly known as the\nKansai dialect, western Japanese, or “Kansai-ben”.

\n

Kansai-ben is usually characterized as being a bit harsher to the ears but\nmore melodic. All of Kansai dialect has an acestor in the Kinai dialect,\nand was considered the national dialect of Japan while Kyoto was the capital.\nHowever, once the capital moved to Edo - now Tokyo - the dialect of that\nregion took hold on the country, now commonly known as Tokyo dialect or\nStandard Japanese. However, using the Kansai dialect is often\na source of pride to people from Kansai, with many being rather attached\nto it.

\n

Kansai-ben used to be the stereotypical villain but now it’s more commonly\nassociated with boisterous personalities in Japanese pop-culture. Because of\nthe shared regional origins, the Kansai-ben is often associated with a\nManzai comedy. Manzai is a type of traditional Japanese stand-up comedy\nbased around a funny man (Tsukommi) and a straight man (Boke) - but more often\nthan not they’ll be speaking with a Kansai dialect.

\n

There are grammatical differences, different words, and a few other differences\nbetween Kansai dialect and Tokyo dialect. The difference I think that’s\nthe most interesting is one that is often more difficult for English speakers:\nPitch Accent. This is one of the quickest ways that non-Kansai dialect\nspeakers will identity Kansa dialect speakers.

\n

I’m not an expert in pitch accent - far from it. If you’re interested in\nlearning more about Pitch Accent, Dogen has a wonderful 10 minute video\nbut the trick to Standard Japanese intonation is to\njust say it flat. Right?

\n

Now it’s time for me to butcher an example. Let’s take “Japan” - ni-ho-n.\nIt has 3 mora - which isn’t quite a syllable but.. close enough. For Tokyo\ndialect, this starts out low pitch, raises, the lowers again. This is called\nthe nakadaka (中高) pattern. For Kansai dialect, though, we start the pitch\nhigh, then are low for rest of the word - known as the atamadaka (頭高) pattern.

\n

Of course, the most important thing you need to know when about Kansai-ben when\nvisiting Osaka?

\n

When asked:\n「儲かりまっかぁ?」 (Mokari makka?)

\n

Respond with:\n「ぼちぼちでんなぁー。たこ焼きとビールが必要や。」 (Bochi bochi, denna. Takoyaki to biru ga hitsuyoya.)

","fields":{"slug":"/2021-03-09"},"frontmatter":{"date":"2021/03/09","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

I read a really interesting medium post by Piotr Migdal about\nprocrastination. In particular, it reframes the issue of procratination\nfrom being a productivity problem into what else it could be: an\nemotional management problem.

\n

Timothy Pychyl writes about this in Psychology Today summarizing a few\nstudies. We’re conditioned to not enjoy bad outcomes and often that is\nexhibited by enacting our emotion-coping mechanisms - fight, flight, or freeze.\nAnxious about something? Easy. Just don’t do it. Procrastination and\ngiving up a bit of self control is a form of mood repair.

\n

There’s a bit of truth in there and it’s something good to introspect about.\nFight, flight, or freeze has been a part of our instinctual responses for a\nlong time. It served us very well in the past and can today as well. Flat out\nrejecting this and fighting it as a time management issue may be burying other\nproblems and exacerbating it long term. Some theories point at one cause of\ndepression being another outlet of the freeze response - a biological\ndefense mechanism to trauma perceived by our autonomic nervous system.

\n

Introspection on how you’re feeling the next time you feel that need to get\naway from it all (by cleaning or watching netflix) might be more effective than\ntomato timers or to-do lists.

","fields":{"slug":"/2021-03-08"},"frontmatter":{"date":"2021/03/08","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Google made a statement a few days ago that they’re\nnot building new ways to track individuals across the web for targeted ads.

\n

The optimist in me wants to say that they heard the message from\nconsumers that it’s not wanted, and that targeted ads just aren’t\nmaking the money that they used to. People are wisening up\nand don’t click ads. Or people are intentionally sending bad data.

\n

The realist in me says they have something else, like FLoC, that they’ve\nshown works. Something even more privacy-invasive. Something that locks\ncompetitors out. Something that is more predatory.

\n

I’m sure I have nothing to worry about. Google won’t be evil.

","fields":{"slug":"/2021-03-05"},"frontmatter":{"date":"2021/03/05","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The Cephalopod - squid, octopus, nautilus, and cuttlefish - are both adorable\nand incredibly intelligent. Within the first hour of their life, they\nstart foraging and camoflauging.

\n

Recent studies have shown that they also possess the capacity for\nexerting self control. This is commonly known as the\nStanford marshmallow experiment, a study on delayed gratification.

\n

This does bring into question animal intelligence and conciousness.\nUrbanization means people spend less time with other animals. We interact\nwith a smaller variety of animals and thus can see much less varied expressions\nof intelligence from them.

\n

Dr. David Scheel raised a Day Octopus in his home, documenting the\nexperience. The Scheel family named her Heidi. Heidi was able to show\nrecognition of faces, solved puzzles, and built relationships with members\nof the Scheel family. Of this, Scheel noted:

\n
\n

I am less intrigued by the differences and more interested in our\nsimilarities. What kind of a connection is possible with an animal that has\nthree hearts and blue blood running through its veins? It’s been a privilege\nto have a relationship with such a strange and wonderful creature.

\n
\n

It could be that we aren’t smart enough to judge how smart animals are.\nThe Octopus followed a different evolutionary path than we did. As such, the\nexpressions of intelligence they have could just be poorly understood by us.\nJust because we excel in a larger number of areas on average doesn’t mean that\nsome animals can do better than some people in specific tasks.

\n

From Slashdot:

\n
\n

Back in the 1980s, Yosemite National Park was having a serious problem\nwith bears: They would wander into campgrounds and break into the garbage\nbins.

\n

This put both bears and people at risk. So the Park Service started\ninstalling armored garbage cans that were tricky to open — you had to\nswing a latch, align two bits of handle, that sort of thing.

\n

But it turns out it’s actually quite tricky to get the design of these cans\njust right. Make it too complex and people can’t get them open to put away\ntheir garbage in the first place.

\n

Said one park ranger, “There is considerable overlap between the intelligence\nof the smartest bears and the dumbest tourists.”

\n
\n

Perhaps the entire marshmallow test is flawed. It purports that cuttlefish\nshow intelligence normally seen in toddlers. Maybe cuttlefish are just able to\nshow intelligence in one aspect that is similar to toddlers. Or maybe\ncuttlefish aren’t that smart - maybe babies are just stupid.

","fields":{"slug":"/2021-03-04"},"frontmatter":{"date":"2021/03/04","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The “far right” social media platform, Gab, was\nbreached sometime last month and had public messages, private messages\nand password hashes leaked on March 1st.

\n

Let’s ignore the… uh… unprofessional (to put it lightly) statement the\nfounder made and how they responded to this event in general. It’s not worth\nunpacking all of that. It really isn’t. I promise you.

\n

Instead, let’s chat about how this happened. It’s pretty simple.

\n

The site in question had a commit from the Gab CTO which migrated a\nspecific SQL query away from the library abstraction SQL and into raw SQL -\nthe query language used to interact more directly with their database.\nThis is often done because a custom SQL query can often be used to greatly\nimprove performance.

\n

However…

\n

As part of this, they used string interpolation do craft the query. String\ninterpolation is kinda like saying VARIABLE_U is james and I want to\ninterpolate that into SELECT * FROM user WHERE username = '$VARIABLE_U' so\nthat I end up with the final string of SELECT * FROM WHERE username = 'james'.

\n

Simple, right?

\n

This way of crafting SQL can fail because of what is known as\nSQL Injection. In our example, what if VARIABLE_U was coming from an\ninput field on a website? In that case, a user could type whatever they wanted\ninto that field.

\n

If a user was to type in ' OR 'a' = 'a, the final string would then look\nsomething like SELECT * FROM user WHERE username = '' OR 'a' = 'a'.\nInstead of limiting to a single username value, we’d instead retrieve any\nusers.

\n

This can be elaborated on to do even more - such as with\nBlind SQL Injection techniques.

\n

How should they instead of handled this? By using the library to “bind”\nparameters. Ruby on Rails supports this in the function used by the\nchange that caused the breach.

\n

In our example, we could instead write the query as\nSELECT * FROM user WHERE username = ? and then tell the library to bind\nVARIABLE_U to the first numbered parameter. No string interpolation would\nbe performed, and with most databases the query would be sent over completely\nseparate from the bound parameters!

\n

This should have been caught in code review. I mean.. if they do code\nreview, right?

","fields":{"slug":"/2021-03-03"},"frontmatter":{"date":"2021/03/03","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Regional Dialects are something of an interesting topic for me. It’s not just\nan indicator of your originating geography but also the cultural upbringing\nyou had. Over the next few weeks I’ll be picking out a few different\nlanguage dialects to both learn about and write about.

\n

To start with, a dialect that’s near and dear to me: Appalachian English,\nalso known as Smoky Mountain English or Southern Mountain English. This is\nthe dialect that’s most often attributed to the inland Southern United States\nand has many features of 18th-century colonial English. I’d often encounter\nthis dialect with my family in Kentucky, Tennessee, and West Viriginia.

\n

Some of the words I’ve picked up over time that I can think of:

\n
    \n
  • afeared - to be afraid
    • \n
  • buggy - a shopping cart
    • \n
  • britches - pants
    • \n
  • crick - this may be either a stiffness of joints in the body or a creek
    • \n
  • fixin - this can also be a few things - either to say something is soon to\nhappen, or a portion of food
    • \n
  • holler - the steep valley between two hills, because you can “holler”\nacross to the other side
    • \n
  • plumb - completely
    • \n
  • reckon - suppose
    • \n
  • skifting - a dusting, usually of snow on the ground
    • \n
  • sody-pop - carbonated beverages
    • \n
  • spell - either a duration of time or the state of being lightheaded
    • \n
  • yonder - somewhere distant, away from where we are currently
    • \n
\n

Appalachian English has many other archaic phrases, words, and prefixes.
\nMost of the above fall into that - either from older English words like\nbreetches or the a- (such as afeared or a-haunted) prefix which comes\nfrom Early Middle English. right can also be used with adjectives and\nadverbs such as right fine or right quick.

\n

Southern drawl is also an important aspect of this dialect. Sourthern Drawl -\nconsidered different from the Southern twang - is a common\npattern in how the vowels are prolonged making the speech sound slower.\nTo many, this leads to the incorrect assumption that\nan individual with a drawl is uneducated or dim-witted.\nPart of this is from a lack of exposure to Southern accents - people that\ndon’t hear it can immediately hear the other-ness. However, even people that\ngrow up with the accent are told that a Southern accent is “wrong” via\npop-culture and media. How many celebrities speak with a Southern drawl?

\n

Dialects like this might sound strange to people that aren’t part of them.\nHowever, to those that are within that dialect outsiders without it sound\nforeign. To quote my cousins in regards to my differing dialect,\n“Yew talk real funny! Y’all spake all fast-like. Yer a yankee from up\nyonder, aintcha?”

","fields":{"slug":"/2021-03-02"},"frontmatter":{"date":"2021/03/02","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Social engineering is one of the most difficult attack vectors to detect. It’s\nalso one of the oldest technqiues in the espionage handbook. Most of the time\nin this day and age it’s implemented as spear-phishing or in other ways via\nemail. That’s when you aren’t dealing with highly motivated nation-state\nactors where money and time becomes less of a problem.

\n

Let’s think like a threat actor for a moment. Who’s going to look the most\nthreatening to an employee? The other, of course. Someone outside the company.\nThat’s why spear-phishing can be so successful - you purport to be someone\ntrusted. Someone that’s a part of the company. However, that leaves tech in\nthe way. That makes it easier to detect, right?

\n

So then.. let’s pivot. How can we become someone trustworthy? Well… What\nif we only needed to fool one employee - someone that wouldn’t expect it -\nand use that to get a foot-hold? How about.. HR. HR gets a candidate. On\npaper, they’re perfect. They came from top schools, they know your stack,\nthe teams that interview them are gung-ho, their references are all gushing\nabout how amazing this individual is. And that’s exactly how we get someone\non the inside.

\n

Sound too outlandish? It has happened many times - even in recent years.\nAlexey Karetnikov had joined Microsoft as a QA engineer in 2010.\nIt was purported that he was there to capture intelligence for the Russian\nintelligence agencies. He was on the sloppier side and was tracked by the\nUS intelligence agencies as soon as he set foot in the US. He was deported\nover charges of immigration violations.

\n

The current FBI Director, Christopher Wray, spoke about this as well.\nIn 2020, the Boston FBI field office arrested a researcher that was smuggling\nvials of biological research back to the Chinese government.

\n

When someone’s as motivated as these folks are and have the backing of a\nnation state nearly anything is possible. These are just the cases we hear\nabout, too. Jack Barsky is a more famous example of someone that had\nbeen a spy for the KGB in New York City for 10 years.

\n

In espionage, reality is often more outlandish than even fiction.

","fields":{"slug":"/2021-03-01"},"frontmatter":{"date":"2021/03/01","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

There are people that claim they can tell you where water is via a dowsing rod.\nWater finding. Water witching. Water Divination. I’m gonna spoil it for you:\nit’s hogwash.

\n

Dowsing has been a pseudoscience employed since the 1500s, and it was\njust as useless then as it is now. Traditionally the way it works is that\nyou take a forked twig, hold it in front of you, and it’ll make small\nmovements towards what you’re trying to find.

\n

The small movements are said to be magnetic ion something something by\ndivinators. Those small movements are known as the Ideomotor phenomenon.\nIt’s where a mental image or a thought bring on a reflexive muscular action\noutside of conscious knowledge. It’s the same effect that you’ll see with\nother “precognition-lite” techniques like Ouija boards, automatic writing, and\nfacilitated communication. (Sorry if I’ve dunked on your preferred\npseudoscience, happy for you to tell me how I’m wrong.)

\n

It’s been tested again and again and show that it’s a whole bunch of baloney.\nWhile the 1990 study by Hans-Dieter Betz concludes that it works,\nbut statistical analysis by J. T. Enright in 1995 finds that\nout of 500 dowsers even the best of the best were about only 0.4% better than\nrandom chance which could be easily attributed to statistical fluctuation.\nThat’s the most POSITIVE study I can find on it; there’s countless others that\ncall out dowsing as completely fake. Algeria 1943, New Zealand 1948, Britain\n1959, the British Ministry of Defense did one in 1971 - the list goes on and\nevery single one of them show this as a complete farce.

\n

Even today, water dowsing is employed by ten out of the twelve\nwater companies in the UK. Dowsing is considered “tried-and-tested” methods\nof finding water by these companies, if\nTwitter is to be believed.\nReally.

\n

The ADE 651 and GT200 are modern versions of the dowsing rod being sold\nin military applications as late as 2011 and have been found just as effective\nas previous dowsing rods. Read: They’re as good as random chance because\nthat’s all it is. They say they can track drugs, bombs, ivory, and who knows\nwhat else. What’s even more amazing is they’re purported to be powered by the\nuser’s static electricity and they have programmable cards that you have to pay\nextra for because of.. electrostatic magnetic ion … It’s a huge fake and by\n2010 companies of both swindled people out of millions and millions of dollars.\nThis includes the governments of the USA, United Kingdom,\nIraq, Lebanon, Thailand, and Mexico.

\n

The creators of these devices are currently being litigated so thoroughly that\nthey’ll need a dowsing rod to find themselves out of the mess they’re in.

\n

Thing is - if you have other sensory cues, you use your mind, and with the\nobserver expectancy cognitive bias - dowsing really works! At least, it works\nabout as well as me going out into that same field and rolling a D20.

","fields":{"slug":"/2021-02-26"},"frontmatter":{"date":"2021/02/26","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

In the before times, two titans battled out a war in North America - a bitter\nande drawn out war that waged on for decades.

\n

Eventually, the Video Home System overcame the Betamax cassette.\nHome Video consumption became a norm. The Videocassette Recorder was\nfeared by the television industry and heralded by consumers.\nA new way to consume movies and television was born with the VHS.

\n

There was one issue with translating theatrical movies to the small screen:\nHome televisions were 4:3 aspect ratio. This meant that the the screens had\na width of 1.33 times the height unlike the new Cinemascope and other\nWidescreen formats for theatrical releases that became popular after 1960.

\n

Two techniques are available to make the widescreen theatrical releases\nfit on a smaller screen. There’s always letterboxing - which adds black bars\nabove and below the screen. Another technique is Pan and Scan - where\nthe image is translated to better show off the points of interest in the\ncinematography, shaping the film to match the 4:3 through cropping or other\ntechniques. This would be done by an editor and could drastically change\nthe tone of a scene if done poorly. This is why many criticize and refuse\nto release a pan and scan version.

\n

The kind of film that would do well in the “home cinema” also differed\nfrom what would do well in the theater.

\n

In the the theater there is less need to keep the audience’s attention -\nthey were stuck there in the building. At home, you have distractions so a\ndifferent kind of movie can prosper. Comedy movies like Mallrats,\nThe Big Lebowski, and Office Space did ABYSMALLY in the theater but\nfound their footing once they were released on VHS. Some of this is\nattributed to the fact that they can be enjoyed more recreationally and\nsporadically than many other movies that require direct attention.

\n

The Horror film genre The Thing, The Abyss, and “slasher” movies like\nHalloween did extraorgdinarily well on VHS. This could because.. what’s\nscarier than when the monster is.. inside your own house? On the small screen\nit’s harder to see what’s going on but sometimes that adds to the fear.. plus,\nyou can’t see the zipper so easily on the scary demon monster.

\n

There’s also some films that wouldn’t be as popular today if it weren’t for\nhome video - such as Labyrinth, Blade Runner,\nor Big Trouble in Little China. These three did not do well in the box\noffice but sold well on home video. A good thing, too - they’re all fantastic\nfilms and it’s a good thing they weren’t forgotten.

\n

VHS may be gone - the last VCR was produced in 2016 - but it’s\nstill in our collective pop-culture memory. You get the same gritty effects\nused all over videos online - giving a bit of realism that it’s a “found”\ntape. There’s even an anthology Horror series called V/H/S which uses the\nthe look of VHS tapes to hide all of the imperfections of CGI to great effect.

\n

Myself? I just remember the joy of being able to watch Star Wars\nin the warmth of my pajamas on Saturday while eating some cereal.

","fields":{"slug":"/2021-02-25"},"frontmatter":{"date":"2021/02/25","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Having not gone to any conferences, conventions, or the like for a while\na quora post caught my eye being shared in discord.

\n

A ways back I’d have collected all the swag I could. Heck, I only wore shirts\nthat were swag because they were free. It was great because I wouldn’t have\nto pay for them and they were decently high quality!

\n

Now a days, I don’t really want that stuff. The last conference I went to I even\nwon a new computer monitor (thanks, I guess, Asus?) which I promptly gave\nto a friend because I already have a monitor and didn’t want to bring it back\non a train.

\n

Getting swag can be exciting - except for when I have 10 venmo hoodies, 4 Wayfair\nhoodies, 2 jackets that are branded elsewhere, and now more socks than I know what\nto do with. It’s just not much of a marketing channel for me anymore.

\n

I say that - but then came the time when I spoke with the Pokemon Company.\nThey give out nice shirts that were exclusive, high quality, and from a brand that\nI have an affinity for.

\n

So, exclusive, high quality, and engaging brands. They don’t really even\nneed to market to me, but do. So why is it that companies spend billions\non low quality garbage to give out at conferences? Do we need more\ntiny and useless thumb drives, pop-sockets, or totes? (They shouldn’t.)

\n

For companies giving out swag to employees there’s now entire companies devoted\nto creating these - like SwagUp. This is a little more interesting as\nan employee but…

\n

I’d rather just get snacks, experiences, or other things that I can\nconsume rather than more things that’ll probably end up in a landfill.

","fields":{"slug":"/2021-02-24"},"frontmatter":{"date":"2021/02/24","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

The ongoing pandemic has led to everyone feeling a little disconnected\nfrom one-another. It’s no surprise that we crave human interaction\nwhen we can’t see one another! However, Zoom just feels too… meeting-ish.\nCommunities don’t really form around Zoom. I think that’s why folks are\nturning to more “video game”-like aspects to break the physical distances\nbetween us.

\n

When we’re meeting in person, we’re usually limited by physics. This is\nsomething we’re really used to. You can only have so many people in a room,\nyou can’t really hear folks outside of a short distance away, and you know\nwhen someone is talking to you because they are usually giving you their\nattention.

\n

So - simulating those physical limitations has been seen in a few products\n(games? tools? communication devices?) that’ve been dropping. I’d first\nseen something like this at the Recurse Center - they have Virtual RC & it’s\nreally neat! It’s like being in the RC space but you’re represented by just\na little avatar version of your face. I think there’s a few other ways that\nthis can work - and products show that’s the case as well.

\n

Skittish is one of these - and I saw it on the front page of Hacker\nNews. You get an avatar that’s a Raccoon or an Owl or a snake - and you\nhang out in a virtual space, watch videos together, all that. It’s neat,\nbut definitely limited in what it can do.

\n

Gather.town is a bit older, and if I remember correctly had Pokemon\nsprites to begin with, way back. A few college students tossed it together\nand put it up online & it grew like wildfire.

\n

To go a bit more realistic, there’s Hub by Mozilla. This is available\nvia VR and feels much more video-gamey than the others. You can easily modify\nthe space you’re in and customize it together with other people. I’ve seen\na number of other examples like this - the closest being Rec Room.

\n

There’s still Second Life and Second Life has been around.. forever.\nThing is… Second Life gets weird. Real weird. Let’s not think about that\ntoo much.

\n

I think there’s always a want for Human connection, though. It doesn’t even\nhave to be instant. Sometimes you just want to listen to some chilled out\nmusic and write letters to people via a deer postman.\nKind Words (lo fi chill beats to write to) gives you that experience.\nKind Words is about writing nice letters and reading nice letters from other\npeople. It makes you feel much better inside than many other interactions.

\n

To be honest? I think we need less Zoom and we need more Kind Words\nin the world.

","fields":{"slug":"/2021-02-23"},"frontmatter":{"date":"2021/02/23","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

There were two posts on the front page of Hacker News yesterday -\nChoose Boring Technology and Choose Exciting Technology.\nBoth make are great points and are compelling on their own, but they’re\ncompletely at odds with one another.

\n

Boring Technology gives examples like PHP, Postgres, Java, and all other\nsorts of technology that’s been around for a while and is.. well.. not as\nnew and shiny. Battle-tested technology. Things that everyone on the team\nknows. The argument for boring technology is generally that you won’t\nget anything that surprises you.

\n

Exciting Technology is … uh.. okay, so bear with me: the examples given\nare Cassandra (at least 12 years old), MongoDB (>11 years),\nClojure (>14 years), and NodeJS (..let’s not touch that). For the sake of\nsimplicity, let’s say Exciting Technology is technology that an\nengineer is less familiar with and as such cannot for certain say\nthat it will solve the issues they currently have - but there are\nsome shiny new features that they really like!

\n

Let’s … not talk touch on my personal experiences with Cassandra, Mongo,\nand the like. Let’s not touch on the issues that seemed to be the case\nat Etsy’s SRE & maintenance of servers. Let’s not even touch on all the\nfighting going on in the HN comments.

\n

Instead, I think it’s interesting to talk about the kinds of people\nthat do this because I don’t think that either of these articles will\nchange people’s minds.

\n

Managing Humans by Michael Lopp is a book that’s not just about\nmanaging humans. In it he writes about engineering culture, different\npersonalities you might find, and communication skills. Things that are\nsometimes considered tangential to management (but are very important!)

\n

The chapter “Stables and Volatiles” details two archetypes that you’ll\ncommonly see within engineering cultures.

\n

Stables are engineers that happily work within a set of confines - even\nappreciating these confines such as direction and deadlines. They assess\nrisk, carefully mitigate failure, and aim for predictable outcomes.

\n

Volatiles will show up, stomp on everything that exists, and leave a trail\nof disruption in their wake. However, when they build.. they sure build a LOT.\nIn some cases, what they make will be novel and would not have occurred\notherwise.

\n

Stables and Volatiles are at odds with one another. They do not get along\non everything but a team with both can be incredibly successful - even if\nthere’s a bit of conflict along the way. Volatiles become stables,\nand sometime stables become volatiles, and neither is really good or bad.\nThey just are.

\n

These archetypes are applicable to the argument about boring versus exciting\ntechnology. Stables will more likely than not choose the familiar.\nVolatiles will sometimes choose the foreign. Neither is right or wrong -\nat least not intrinsically. Instead, it’s gotta be a balance and you’ve\ngot to use the right tool for the right job.

\n

If you lean too far towards boring technology nothing will be pushed forward.\nIf you lean too far towards the exciting you’ll end up with a backend written\nin Little using a home-grown database written in Haskell. That..\ndoes sound pretty exciting, though, doesn’t it?

","fields":{"slug":"/2021-02-22"},"frontmatter":{"date":"2021/02/22","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

There’s a nifty new Electron alternative called Tauri which purports\nto be more memory efficient than Electron! Competition is awesome!

\n

Tauri is written in Rust and utilizes a webview instead of bundling\nthe entire Chrome browser within it.

\n

Using a webview isn’t a particularly new idea - DeskGap, Electrino,\nNeutralino, and others. On Linux, this works pretty okay! You get a\nwebkit rendering engine (of an unknown version). On MacOS you get\nthe Safari flavor of webkit. On Windows 7 you often get IE11 which..\nyikes. Then on earlier Windows 10 you get the old non-Webkit Edge,\nnewer versions mostly get Webkit Edge. It’s.. a little all over.

\n

The big thing that Electron brings is that you know exactly what version\nof Webkit you’re building against and can cut down on the pain you\nfeel when testing.

\n

The other thing is that Electron has a lot of batteries already included\nand while Tauri has a lot of features in the works - they just aren’t\nthere yet! However, the roadmap looks great and who knows -\nmaybe it’d really hit that right balance between performance\nand features without having to write a native app version.

\n

I dunno, though, I feel that Electron being resource hungry isn’t the\nend of the world. For the most part, you can cut down on memory in\nElectron in the same way you would a standard web app on Chrome -\nthrough profiling and optimization.

","fields":{"slug":"/2021-02-20"},"frontmatter":{"date":"2021/02/20","time":"00:00 UTC","title":null}}},{"node":{"html":"

\n \n

\n

The Perseverance rover confirmed a successful touchdown yesterday,\nFebruary 19th at ~3:55PM EST. The mission is one of the most ambitious\nwe’ve sent to the red planet - but not just because of the rover\n(which, itself, is the most complex and featured rover we’ve sent).

\n

The EDL (Entry, Descent, and Landing) platform was also for more advanced\nthan any other we’d sent - with the descent into the Martian atmosphere\nbeing yet another part of the experiment. The ablative heat shielding\ncovered the bottom of the capsule - with a type of plating covering it\nwhich upon heating would vaporize and be carried away from the\nPerseverance capsule.

\n

The Perseverance also carried 661lbs of tungsten weights. However, just\nbecause they’re dead weight doesn’t mean they won’t serve a purpose.

\n

Two 165 pound blocks of tungsten kept Perseverance in a stable and balanced\nspin on its journey from Earth. This prevented any one side of the capsule\nfrom getting too hot. These are jettisoned 900 miles or so above Mars as\nthey’d no longer be needed. Waste not, though. These two tungsten blocks\nwill slam into the surface of Mars at 9,000 mph or so and is\npart of a very vital experiment. The InSight lander has a\nseismometer and even at 2000 miles away it’ll be listening for Perseverance\nknocking with these tungsten payloads.

\n

Removing those two tungsten blocks is an important part of the entry phase\nbecause while balance is required during the journey, the entry requires\ndebalancing. Because one side of the capsule is heavier than the other\nthe entry angle will be at 16°. This leads to a slight amount of lift\nexperienced by the craft, allowing the descent to be controlled via\nRCS (Reaction Control System) powered rotation - rotate left to\ncause the lift to push you one way, right to push the other, and go left\nand right consistently to burn off speed. This is all autonomous!

\n

There’s also six 55lb tungsten masses that ensure landing is aligned.\nThese are jettisoned right before firing the parachute and are used to\nensure that the radar will be oriented in the correct direction. While\nthe RCS was fired roughly 2,256 times during atmosphere entry, at this point\nthey aren’t a whole lot of use. These tungsten blocks are jettisoned two at\na time, and will cause the craft to roll into the exact orientation needed\nfor the rest of the descent.

\n

Haven’t heard yet if InSight heard Perseverance’s hello to start a welcome\nparty, but all of this was fantastically interesting to me and I’m always\nsurprised at how much NASA can achieve.

\n

Wanna watch it? They streamed the landing on twitch!\nWhat an amazing future we live in.

","fields":{"slug":"/2021-02-19"},"frontmatter":{"date":"2021/02/19","time":"00:00 UTC","title":null}}},{"node":{"html":"

\n \n

\n

In 2019, the World Health Organization recognized burnout as an occupational phenomenon in the ICD-11.\nHowever, a relatively new article by HBR about burnout points at studies that show the pandemic has\nbeen causing burnout to run rampant since early 2020. “Knowledge workers” are now mostly working remotely -\nlooking at Zoom, for example, they went from 10 million to 200 million active users effectively overnight.

\n

To clarify: Burnout is really just another term for chronic stress causing emotional, mental, and even physical damage.

\n

Lots of companies just look at it as a personal problem. Get better at self-care, do some yoga, use those new-fangled\nmeditation apps. Those might help soothe some of the pains caused by chronic stress, but they don’t get to the\nactual causes of it.

\n

A 2012 Study by Christina Maslach, Michael Leither and Susan Jackson point at the causes\nof burnout to be more organizational than personal. The top cause? Unsustainable workload. Also in there\nis the lack of a supportive community.

\n

If you take a look over the NBER’s working paper on the impact of COVID-19 - what do you see?\nRemote workers on average work 10% more during all of this. People also have more shorter meetings than ever\nbefore. You end up with a heavier workload and sparser, shorter action-oriented meetings - without the same\naffordances given to social interactions unrelated to the work at hand.

\n

The HBR article I’d linked above did a survey of 1500 workers - and found that nearly 90% said that their\nwork life was getting worse, more than half said their work was becoming more demanding, and half felt that\nthey couldn’t maintain a strong connection with their friends.

\n

This isn’t really a new phenomenon, either. Some CEOs of public companies have been pushing for 80\nhours a week of work, Uber’s employees were effectively not sleeping,\nAmazon worked people to exhaustion on Easter Sunday and Thanksgiving weekend, and if you\nwant to hear me go off about even my personal experience, just ask me about Venmo’s practices.\nThe superbowl “war room” that literally means being in the office for 24 hours without sleep is\njust the tip of that iceberg.

\n

Really, though - what I’m trying to say is that burnout is very real, very scary, and it’s gotta get\naddressed sometime. I don’t think that time is now, but it’s gotta be soon.

\n

Maybe the 5 hour work day could become the norm. I doubt it though.

","fields":{"slug":"/2021-02-18"},"frontmatter":{"date":"2021/02/18","time":"00:00 UTC","title":null}}},{"node":{"html":"

\n \n

\n

Having lived in Texas for a few years I know a number of Texans right now that\nhave not had power for nearly 48 hours with freezing causing a real terrible\nsituation.

\n

Much of this is caused because Texas has an isolated power grid with 3\ninterconnects to other states and 3 to Mexico - through what is known as ERCOT.\nERCOT was founded in 1970 and covers most of Texas. Much of this was fueled by\na secessionist attitude many Texas lawmakers take, as well as a want to avoid\nfederal regulations. A push to deregulate even more was in the late 90s and\nmuch of ERCOT is powered by an aging and neglected coal and natural gas\ninfrastructure.

\n

I’ve seen a number of talking points saying that this is all because renewable\nenergy such as wind and solar are failing Texas - which isn’t the case.\nNot only do modern wind turbines handle ice and snow through\nsome neat mechanisms, most of the 80% power deficit has to do with the\n[natural gas, coal, and nuclear losing capacity][23. Natural gas pipelines froze, coal\ncouldn’t be shipped, and nuclear plants did not have the abilities to\nprevent the cooling water reservoirs from potentially freezing.

\n

This all ends up hurting the citizens of Texas - where rolling power outages\nturning into several day outages as ERCOT scrambles to make up for the\nshortages. Folks are cold, hungry, and don’t have water.

\n

It’s a bad situation.

","fields":{"slug":"/2021-02-17"},"frontmatter":{"date":"2021/02/17","time":"00:00 UTC","title":null}}},{"node":{"html":"

\"\"

\n

Have you ever wanted to make an interface for a program, but\nrealized web just isn’t for you? Don’t want to delve into\nthe madness and incantations needed to utilize new curses?

\n

There’s a new blog post by Will McGugan about his Python library Rich,\nused to create beautiful CLIs. The blog post details some basic\ncreation of dashboards using the various APIs available through Rich.\nHaving written a few things with ncurses, I can safely say that this\nis a much more pleasant experience.

\n

But what about folks over in javascript land? Heck, while I love\nPython I also adore Javascript.

\n

Check out blessed, blessed-contrib, and react-blessed. Blessed is a\nJavascript library to create CLIs, but you’ll notice that the react API\nit has is really game changing. Using a special blessed renderer in React\nyou can create CLI interfaces with the same paradigms as any React 16\napplication. Combine that with the contrib package and you can have real\ntime terminal dashboards that show graphs, maps, spark lines, markdown,\nand even picture rendering.

\n

It’s one thing to show off your cool new graphical web app. It’s another\nentirely to show off your 100% hacker terminal app.

","fields":{"slug":"/2021-02-16"},"frontmatter":{"date":"2021/02/16","time":"00:00 UTC","title":null}}},{"node":{"html":"

\n \n

\n

In Javascript, functions always have variadic arguments. This leads to\nsome performance hits because there always has to be an adapter when\nusing a JIT compilation. The adapter required creating a new frame\nin-between the caller and callee frames.\nCreating a frame is super costly.

\n

On the v8 development website a new blog entry was posted which details\nhow this process works and what they’ve done to dramatically improve\nfunction calls by optimizing this javascript feature.

\n

How’d they solve it? They work through the arguments array backwards\nso they don’t really need to know how many arguments are in the stack,\nbut they can assume that there’s at least the enough arguments to\nsatisfy the parameter count - even if the arguments are undefined.\nThis allows for cutting up the formal parameters and the extra variadic\narguments to pass them to the callee frame in a way that doesn’t require\nextra lookups or an extra frame that will calculate it all.

\n

No more overhead! Super fast!

","fields":{"slug":"/2021-02-15"},"frontmatter":{"date":"2021/02/15","time":"00:00 UTC","title":null}}},{"node":{"html":"

\n \n

\n

There’s something about the fact that I’m taking an at-home class for cooking\nfrom a world-renowned french cuisine Chef that’s feeling like got an\nuncomfortable “rich people things” vibe to it.

\n

It makes me think about a New Yorker article about the “Joylessness of Cooking”.\nIn theory, I love to cook. It’s a way of peering through time and culture to see\nhow different people live and have lived.

\n

Those of us that still have stable incomes can often find far more ingredients\nthan ever before. In New York City there’s Chef Collective seeing even better\nstock because many restaurants have shuttered or are generally seeing fewer\ncustomers. Some restaurants, like Xi’an Famous Foods, have even pivoted to\nselling “kits” instead of doing delivery because their foods don’t work well\nwith delivery.

\n

The article points out a book - How to Cook a Wolf by MFK Fisher. The book\nthrough dealing with shortages and difficulties that existed when cooking during\nWorld War 2. I am so grateful that my life is in a place where the feeling\nof hunger is a choice rather than a fact of life. I picked up a copy of the\nbook. I’m really looking forward to reading it.

\n

In theory, I love to cook. In practice, I’ve been cooking far too often to\ntruly enjoy it. I have always had an extreme respect for my mother and father.\nWe cooked food at home every single day while I was growing up - sometimes\nout of necessity. We didn’t do fast food, and we very rarely ate at\nrestaurants or had takeout. They followed through with that to make sure\nthere was food on the table & dealt with getting children to eat that food.

\n

I really do love cooking - just.. in theory. In practice, I can’t wait to\nmake it an exciting optional activity like this cooking class I’m taking.\nI’ve registered to the wait list for the vaccine and boy am I looking forward\nto that.

","fields":{"slug":"/2021-02-11"},"frontmatter":{"date":"2021/02/11","time":"00:00 UTC","title":null}}}]}},"pageContext":{}},"staticQueryHashes":["63159454"],"slicesMap":{}} \ No newline at end of file diff --git a/resume.pdf b/resume.pdf index aa8b8b34b5271203e156d9341b3f3aaf73163dd4..b18ccb970494ef457a52fe77608bdc846c8e6750 100644 GIT binary patch delta 5954 zcmZvg32aoy8OP-ZHZJhqnr2rKQd8Dx6XFoVn|XI?j;IO3Hni9**c`UO2R7dI0mcUg zvoQgKu>s>hgewr6BLH1jupEi8LjGEG?7cDOfKKAsJT<7M!D#zQ^ z9NfxLaUdsCF)VzRQ;&BFRMh5HDu#nU=GG%zpe7h#8-iF^s-kmN2F@0$xG}2|nG01+ z5A8)tk&3TES(@RcO`0^kth%(OxN^9GMQ!O=IXgo!Eu5WQub4LUIrXS2R&ip^uQ5=f zVq;zwZc*c#d3DH`uVPVtrD8GsCO?FN5;eg@?-m#3b05Tm)Tm=_xVucnka?MyP_AO` zyfFGn(1-M`UaTT>{!+zqabbQ4O=Y5OLP0vR7wC#*pk+Y=S}N4;f-w51X;VQC`YKiY zt|07VEJm}fj)&#V8h4< zb|jU|%|fJ6#p%*a+=-})W0ID1WRzv#?;#cI%EFi&QWG3%97IZOG9Fz#O>uS9E)L;W zv&e_Vg^EMb@&+uaQSo|t7^iDhJW-K@J=J7&MHnr4DwHK*jGsf|mV^~<;BQM7D6WNP zDvJ|b9Ik9sJRPZFvT&J-HQ`N|wp_)JBD6Gglt*@=yQyY9}tO;w}igDVb)gjWDiGQ?eR5_A-JoK^(g^bgdZSnb2V>Sod3 z4ziY)VO6tFVLC=_OUI|nGw@Zj4{rU;A&km8>M!8!RT^eDWMTR$UjoC@+#ud>7>nAK z8iqDj;PHA5&5aR-dHAF;4~JK4n9&r$w^0pmH${YN){3aYIZmy}Q#gaKxf;n7>}aN- zjjx-V@Sn9Ba$b2D!M0&IymB1QKda&9$_Os4(J+5i1nzShZqT=r>fOvsMQw|ra1V!C z$`x)xTfJK`4D_!qR1A*c(cSoBorV+9Y_UV{L@!|KdJXS9n~itdG(6mzi;fK%*0e5B zn2k?cn-tST`I#8t! zlZLhHB53K<23KehJu8zjwr!kZ=?Jwo;dZBnkJ=(g+oB<~K7tvWH4$oEITp9qkJBtO zW_lTIWwB|Jkhj6aSsH5BhPfD6??Xa+7<0Cg!R^^NMc?1Hle1mq@Wu%AZgO~I9o9p` zw2o~2;fO|?uUKsB#Lgzz+sWh3h+@0=x^p4krP}42=uZzfHZ@_`4zhN01jne>jm;sf z+@`_VG9QmpXCKZRPy1~oKH4${Z*NwS)YYPxF4lE5iIsb&D-Wl3YAD^Bi|Nm6xVAOo zb7GG&<{+VNJgT~j6qn(>?tJLGG?$FD(L)Zt*_-5Y?Bp&i9x=BmoQ6%;J1Vx8v+x6sPfWEtW zBKX-$KKOgL;1qpN^kyTa&xeuwb7>q0i}tU;r+pee*CBe zW5j9k$dOaxWd75UGR-k!rjygwpMYpT_2%MoKlSF}$)hX8S^LJ(DwW5s7F;+ z_J0~VqFBm?yHxB+syL-?OL7dI(wo?+mh_INWCSgw@5wR6Q4TmpJGXJZLxhM^KCNU zlGNLDWYJvNB-fIBwaIN;Qe=~QTT*0`dRy|-7K>bx;*iUBtQ6FqN{l)r(3Xs(6DVj) zMmj>7q}L&3j^wLD${Z;RhkSKnvlu?O0EnY>j`W-fM4ecHgE5zUbtEY+$#x_uF3EN! zDK6RUN>W@(#*Me`A)V+ObY&5w+jY=-*8jLGY4J#lCynYESbD}^=+Q7QOR`476lH*oDW3xc$4T(Eu!%=#sqXI7T-A&!kHwT3E@l< zPW-0g7~!~neuSS%lIe!lbuJKPLMV%$V@4dO;`pt=xDd{yd<561NxX0_gmWn$!8^w9 z=A+(YE~5(qJ0BQLj~)ugBrv#07~LC+&Ij<~g~TY2UjS?na1wx+034GD#024}NxWP^ zIBFsli!5T%lzdl^VRT;zV9LeB!uwbxf=n=u8Bz`cXUveM!Vq&Hv5EZjk%fdMCJ@Ffj;AgM{FY=jJ%C1C3Lttp(Jz6B z(T^6BF9k{jrI;lxa)Bu(UH+IYL`#HXf?L#KygdS3%w|X#2>2ybG26k%LV&PVx`8o) zEG99F31+eTpf$MG9Fc`YEhbpT=-qc*2#~C%pGsOU2k`koqF(|NqX*t=mjfk&TFjB0 z71&~qv>pVum?P~>SBREC#stV1-SD5iLf2(!C%Oh^4g^XBtC)l^y7r1H-6W6bd=)O8M$~@_y7U*MMyn|d9>3H$ePQP)|-CKH1(4$op$LGNX z8Y%X@VAQ;sl*|PgDTJ+81EVDpa-Fi_M8eBg34HNtxxgYlUBB<~?rV$dlmx}%iv=br zCKZb$BusLFNqYC*tBuK5lZFXOQV0vL5$oc;=K_{oVj~w%If~uuYVgG8jHZNQQn5%% zVkH*{<*}^9$5)d^3xZN8z7Kjr-yz2YG3k{kMMV<)-b8$78y7Pnk&+95a_OnY#gma@ hQr{w}@6Z`TV@?n3o@+#7k%h!cZs;f9yY|b4{{t4MyjB1J delta 5847 zcmZXXdvF!i9mgk&hL^huc-NMW12?rJMhNWL_u3G|VXT2r$(tl3A&?Nry-C232MOU4 zfk+4h$d^ZWr3tTqU;%js0tTVls-rTawnJ^F{A1gxQkZeHj#c|RVXW&tnarHo-#NSY z^ZoAc?00wnTMz7i>w&HFlQdH^n5}!7HA&MZ(tqNpsdK7JXO^re3qCRPDP7aeAC{bM zlhY-pp({O0(mdQruay`>Sq2R{KF+8`e~}zxfNcn3L8**QnaL8f@m6Ln?v}|&%i50y z8o$Vzr7$xwC1q4uRcZCYictniT9eR}oh<1Z`m<|Mxm3n4b1EcVM_n}XV4xripPi6nOvDr>VfK6t`}fM&Fh7J_8FFVKo#CRgaK2>Nc)PF;PiM=L ztzky#WUMNhhTmt(c%x_*{+T7Cw><$V#Wp@om(fxjl1u}4iVHBErg9dX#FQKvV@pyc z%|KzvC9KYq@r#A2lIfs&VV7j-7`Z4*vNRMgDnWBD2Vzx8IMp&5vGikK?~=ieC6KMN zB+JH$(yTbkFWfPSDGAAC$%vmXV|`gju{EDD4qYvX_+=yT_~Pe~Tp*)qaVjp+cyn

2yvzCIdPM@ZE}Mu6bg>)Dicqy! z#?aLKYpnXndi5nC3BjJ~SGrs^P~b{!vp5C9EKOMLsT6D#I9c z`!WeuKNq2TqEvn9<&Tw@hZ(P4XI7*EzJc(5sq zFYDwOhV)l{j$rF>9BrC}Hk!FjGd*<*3RZ>jD;htf@n0=e&rQIxWnfxJ5zRc3R}&kK2pUyh*{# z9du(l_#*!7)wajs&W=Ky+ZKoXooSL|;ONd`%;`{|?h50Zt$blg>l9qwm5f%zVPsbt z{(MZqqOMHjY*TQfD~!jX&{ky232gT?*gF(l+?|GZIu(rFlL?K+nmu93HF0~-WyJ1^ z!|}aoXxdKh?aP#01Nr;vhcVh|AMCr0HMpog+qT=X0oIFUR%?V_|!+7A>1jHYrC*ZN;lC9$}$I2AT z^)QdG5 zS05evJ&($+zs##-=gC)pinV9QMwp%$G?=h}*bQB%61!mtRbn>;c1G-mz|M%>@UxE^ zf@B15Ab3WFac*ox*XT&FNN0&bQ;Ys_o$yToUnhK1z}E@i6!7V-CTRNcvG>f#fGMEU z#~?!6i)q9;Yr z5iGWd(Gke$RWRrX;-A7Ej=Ih{Y4Q9r{&I;C9GDPvCY5#q)EI z9s+mCL(f9O#Q-w<$3!%jpgh58mu&L{RC;|4dP0xT%WjZqf&!O(W11krB?(OXUc>1B zKhWuw_ga6z);z*ynxA_J+aqkIMH{Ypbnh9(#!a%9X@U%jWttXrc%*}Af)I}jVS*5k z3t@r~j|*Yn3#l$e_od?*-Yw%k);zua0BUBA7q8ta1~01-At{NQ&K07PxOq9c9f+Hk1*>^LF(EBU2QT}&9FZ%r!+An6(?ZFB zN)Ps^j3ya;R&bhU6r)dsEd%N#Q?Q!8L4r)kO_GH%SJiPmmY9%~Bm>j0sum9-X89n8 zb|PW(vd|wUx0;^#+72QM4Ac|{#3 zyfBguK5OB-D{4SUO3vN#nmW$nltMNVH%`7rINVDi4H?fW_MM9`o z63V;-gd}7<;^+(Qht+uRTI_Hhag37i^q?B>gw5vKc>hcQcLrnggd8Ll{8XW9UDBWn zK}f22S|~uT$o6Y!+=l3Bh;Q)z0e=M)YX2b;g;6AS4yM9PK@+;AKGrk2+llMpDJgJ`E%8 ZOQuBcxj}i)y%)Y6b>^OV_r~)J{s*@Dp|$`3