A flying start

Oct. 23rd, 2016 11:44 am
[syndicated profile] chris_boyle_feed

Posted by Chris Boyle

If you've spoken to me this year you'll know I'm suddenly very into flight simulation. Here's some enthusiastic rambling about why, and some recommendations.

Flight simulation seems to occupy this weird position between game, training tool, and something akin to model railway building for people fascinated by particular aircraft and locations. When I first tried it I had what I think might be quite a common experience among people who decide it's not for them: learned enough to reliably take off, fly around a bit and (usually) land; flew a few exciting-looking aircraft around a few familiar places; considered moving on to longer, properly planned flights; decided that sounded very boring and lonely; gave up.

So what's changed? Broadly two things: realism and structure.

ViperJet on approach to Dublin over the water at sunset

For realism I have to thank X-Plane, a friend who first gave me an old copy of version 9, and the community creating add-ons for it, both free and paid. What that adds up to is that I can fly almost any aircraft I've heard of, with the cockpit, systems, flight dynamics, airports and other scenery all giving me as much detail as I could ever want, from entering the cockpit to leaving it at the destination. I can go to my local airport, a carrier, or an oil rig, on the windiest summer day or the coldest, foggiest night; I can fly a microlight, the world's largest plane, a nice light jet, or just a typical student's first aircraft, and everything looks believable. I can fly the Space Shuttle from the top of the atmosphere to wheels stopped, or a rocket-plane on Mars, or a helicopter. OK, I can attempt those last few. They're hard. Oh, and I can do all of that on Linux natively, and only hit one major bug (missing runway, no big deal, right?)

How have things improved in terms of structure? Well, compared to a typical game, X-Plane itself still doesn't provide any goals or achievements (except, strangely, on mobile) and the AI aircraft behaviour and ATC communication do not meet the high standards set by the rest of the environment, at least in v10 (v11 will improve things a bit in November). Enter VATSIM, or as Emma-Ben has called it, MMORPGATC. Having actual humans piloting other aircraft around you and, on a good day, providing voice ATC at all levels from ground to enroute and back again does wonders for immersion. And no off-topic chat! A definite plus considering the toxic atmosphere of most other multiplayer environments. It's a reason to fly in places I otherwise wouldn't, an incentive not to abandon a flight, and a considerable sense of achievement when I complete one having done most of what a real-world pilot (or two) would have done during that time. Apparently I've done that 32 times now, plus a couple of crashes mercifully excluded from those stats. (Tip: the CRJ-200's automatic thrust reverser deployment and an abortive premature lift-off do not play well, especially if you don't notice promptly.)

Liverpool Ground - sometimes we even have multiple aircraft!

I've also started training as a VATSIM controller, notionally at Liverpool, but I'm allowed to provide Ground at any UK airport except Heathrow. Controlling stats aren't public but I'm at nearly 40 hours across 6 airports including Manchester and Stansted. Next is Tower training; the training web app is (still) cheerily informing me that I'm at the head of the relevant queue.

Also possibly next: real world flying? It's certainly not cheap, and I've never liked travelling enough to consider doing it professionally, but nonetheless I'm very tempted.

PA-28 at Oxford, door open

Dear Festividder

Oct. 23rd, 2016 12:19 pm
such_heights: eliza and alexander gazing at each other (h: eliza/alexander)
[personal profile] such_heights

(omg yay \o/)

Fixing the IoT isn't going to be easy

Oct. 21st, 2016 11:35 pm
[personal profile] mjg59
A large part of the internet became inaccessible today after a botnet made up of IP cameras and digital video recorders was used to DoS a major DNS provider. This highlighted a bunch of things including how maybe having all your DNS handled by a single provider is not the best of plans, but in the long run there's no real amount of diversification that can fix this - malicious actors have control of a sufficiently large number of hosts that they could easily take out multiple providers simultaneously.

To fix this properly we need to get rid of the compromised systems. The question is how. Many of these devices are sold by resellers who have no resources to handle any kind of recall. The manufacturer may not have any kind of legal presence in many of the countries where their products are sold. There's no way anybody can compel a recall, and even if they could it probably wouldn't help. If I've paid a contractor to install a security camera in my office, and if I get a notification that my camera is being used to take down Twitter, what do I do? Pay someone to come and take the camera down again, wait for a fixed one and pay to get that put up? That's probably not going to happen. As long as the device carries on working, many users are going to ignore any voluntary request.

We're left with more aggressive remedies. If ISPs threaten to cut off customers who host compromised devices, we might get somewhere. But, inevitably, a number of small businesses and unskilled users will get cut off. Probably a large number. The economic damage is still going to be significant. And it doesn't necessarily help that much - if the US were to compel ISPs to do this, but nobody else did, public outcry would be massive, the botnet would not be much smaller and the attacks would continue. Do we start cutting off countries that fail to police their internet?

Ok, so maybe we just chalk this one up as a loss and have everyone build out enough infrastructure that we're able to withstand attacks from this botnet and take steps to ensure that nobody is ever able to build a bigger one. To do that, we'd need to ensure that all IoT devices are secure, all the time. So, uh, how do we do that?

These devices had trivial vulnerabilities in the form of hardcoded passwords and open telnet. It wouldn't take terribly strong skills to identify this at import time and block a shipment, so the "obvious" answer is to set up forces in customs who do a security analysis of each device. We'll ignore the fact that this would be a pretty huge set of people to keep up with the sheer quantity of crap being developed and skip straight to the explanation for why this wouldn't work.

Yeah, sure, this vulnerability was obvious. But what about the product from a well-known vendor that included a debug app listening on a high numbered UDP port that accepted a packet of the form "BackdoorPacketCmdLine_Req" and then executed the rest of the payload as root? A portscan's not going to show that up[1]. Finding this kind of thing involves pulling the device apart, dumping the firmware and reverse engineering the binaries. It typically takes me about a day to do that. Amazon has over 30,000 listings that match "IP camera" right now, so you're going to need 99 more of me and a year just to examine the cameras. And that's assuming nobody ships any new ones.

Even that's insufficient. Ok, with luck we've identified all the cases where the vendor has left an explicit backdoor in the code[2]. But these devices are still running software that's going to be full of bugs and which is almost certainly still vulnerable to at least half a dozen buffer overflows[3]. Who's going to audit that? All it takes is one attacker to find one flaw in one popular device line, and that's another botnet built.

If we can't stop the vulnerabilities getting into people's homes in the first place, can we at least fix them afterwards? From an economic perspective, demanding that vendors ship security updates whenever a vulnerability is discovered no matter how old the device is is just not going to work. Many of these vendors are small enough that it'd be more cost effective for them to simply fold the company and reopen under a new name than it would be to put the engineering work into fixing a decade old codebase. And how does this actually help? So far the attackers building these networks haven't been terribly competent. The first thing a competent attacker would do would be to silently disable the firmware update mechanism.

We can't easily fix the already broken devices, we can't easily stop more broken devices from being shipped and we can't easily guarantee that we can fix future devices that end up broken. The only solution I see working at all is to require ISPs to cut people off, and that's going to involve a great deal of pain. The harsh reality is that this is almost certainly just the tip of the iceberg, and things are going to get much worse before they get any better.

Right. I'm off to portscan another smart socket.

[1] UDP connection refused messages are typically ratelimited to one per second, so it'll take almost a day to do a full UDP portscan, and even then you have no idea what the service actually does.

[2] It's worth noting that this is usually leftover test or debug code, not an overtly malicious act. Vendors should have processes in place to ensure that this isn't left in release builds, but ha well.

[3] My vacuum cleaner crashes if I send certain malformed HTTP requests to the local API endpoint, which isn't a good sign
azurelunatic: Prayer to the Bastard from Lois McMaster Bujold's Paladin of Souls (Default)
[personal profile] azurelunatic
Monday was a quiet day. I had dinner with Purple. It was unremarkable, other than the way I was a little sneezy.

A little sneezy turned into explosively sneezy and then my sinuses were an impassable wall of woe. I got approximately three hours sleep, out of 7+ horizontal.

Tuesday was not a great day. I realized that I should not be driving anywhere. I also had a care package to send, a package to pick up, and building plumbing problems. I made the best of it, and walked to the post office to grab a shipping box.

On the way there, the sleep department in Oakland called me to let me know that they saw that I had an appointment in SSF, did I want to take that appointment in Oakland too? I wasn't near the computer, so I had no idea; I wasn't expecting the call, and I had three hours of sleep. I had no idea, and very little vocabulary to put things together. I informed them to email me.

I sent a care package of old tech off to my Gentle Caller. The great thing about flat rate boxes is, it's the same price to send a small box with three bits of old electronics as it is to send that same box with three bits of old electronics, two plastic bracelets with a plastic recorder and a plastic maraca each, a baggie of glitter, and a handful of dark chocolate.

And that was only Tuesday. )

Royal families: a comparison

Oct. 16th, 2016 03:16 pm
gerald_duck: (pineapple)
[personal profile] gerald_duck
Thailand: tourists are being warned not to be even slightly critical of or disrespectful towards the royal family. Maximum penalty for lese majeste is fifteen years in prison.

UK: Frankie Boyle tells that joke about Her Majesty. There is a modicum of discontent. The BBC Trust clears him of misconduct while acknowledging the joke was sexist and ageist. People decide he's a mean-spirited little scrote and move on.

I rather like the fact that a key aspect of our national identity is that, when symbols of our identity are defamed, we tut and put the kettle on.

(I also like the fact it will one day be legal to voice the opinion that King Charles III should STFU about homeopathy.)

Social activities are like buses

Oct. 16th, 2016 01:59 am
gerald_duck: (lonely)
[personal profile] gerald_duck
I'm under medical advice (hmm… I should actually blog about life in general) to try to pace myself smoothly, doing similar amounts of stuff every day.

Of course, this means I'll actually end up with a fortnight of unremitting social life, followed abruptly by five days of nothing.


Ah well, at least I'm getting plenty of rest. /-8


Oct. 15th, 2016 08:15 pm
gerald_duck: (loadsaducks)
[personal profile] gerald_duck
This is something I think I've noticed. No doubt, were I a sociologist or a psychologist I'd be conducting some kind of detailed study for a peer-reviewed journal, but I'm not so instead this is a largely speculative blog entry.

What are your feelings on chalk and cheese? Though there are lots of potential scales for rating one's preference between them, increasingly, I'm finding it useful to group people into five approximate viewpoints:
  • ChalkWhat we need is someone wit h every time, without exception; no cheese ever
  • Chalk whenever possible, as much as possible; cheese only when necessary, as little as possible
  • A balance between chalk and cheese
  • Cheese whenever possible, as much as possible; chalk only when necessary, as little as possible
  • Cheese every time, without exception; no chalk ever

If people are in the middle three groups, it feels like it ought to be possible to reach a consensus, or at least a compromise. It's possible to explain to a chalk-lover why more cheese is needed or vice-versa. And even if they're not convinced, they may be willing to tolerate a little less chalk and more cheese than they consider ideal for the sake of peace and harmony.

And, importantly, the people in the second and fourth groups are not extremists. Labelling them as such doesn't help anybody.

But what about the people in the two outlying groups? I'm beginning to feel that there are three different ways people might end up there, which need handling differently.

The first is that people are outright extremists. For whatever reason, they have uncompromising views. I'm not sure a lot can be done about them, certainly not without challenging the preconceptions upon which those views are built.

The second is people who adopt the extreme position insincerely as a negotiating gambit. Anybody who feels there's too much chalk in the world might proclaim the cheese-at-all-costs stance to try and counter that. To some extent, politics rewards people who over-state their cases, though it's also easy to become cynical about the more blatant flip-flopping one sees when, for example, a politician moves from being a competitor for the party leadership to one's chosen candidate to run the country.

The third is more interesting, and contentious: people's views become more extreme when they feel threatened. Importantly, there is a once-bitten-twice-shy effect: their extremism does not immediately subside once the perceived threat is gone.

If I'm right, it follows that it's important to engage with groups that feel threatened as quickly and constructively as possible. The longer we procrastinate, the more extreme they will have become and the harder the situation is to deal with. Once people are jittery, the only options I can see are to let them calm down slowly and gradually (this can take generations rather than days) or at least briefly super-accommodate their views: "OK, we can see you're worried. We're abolishing cheese, and we promise you can have a veto on its re-introduction." Giving people that space could leave them willing to accept cheese sooner… provided everybody else can tolerate the lack of cheese in the meantime.

Looked at through this lens, I'm deeply worried by how many festering extremist positions we have in the world right now. There are a lot of grievances we ought to have dealt with while the going was good.

People have been comparing a certain funny-looking American demagogue in 2016 with a certain funny-looking German demagogue in 1932. They're not wrong, but that's not the whole story. I'm more concerned that the global political landscape is beginning to resemble 1910. There are too many frightened people.

Let there be green light

Oct. 15th, 2016 05:39 pm
gerald_duck: (quack)
[personal profile] gerald_duck
I've always hated compact fluorescent with a passion.

I have a CF in my hall light, because I often leave it on when I'm out to give a semblence of occupancy to the house. I have "bulbzilla" in the study: a magnificent beast equivalent to over 300W of incandescence. But beyond that I've held out and continued to use incandescent.

I've mantained that, while my hatred of CF is enduring, I didn't intend to keep using incandescent indefinitely. I was waiting for LEDs to get cheap and good enough.

That's now happened. My landing light is a £4 LED bulb I picked up experimentally from Tesco. It's bright, it doesn't flicker, it's a good colour temperature and the spectrum is easily adequate for that purpose. I've not yet tried looking at a board game or fine art or similar under that light, but I have high hopes.

Meanwhile, Tesco's own-brand CF bulbs are now reduced to clear. The future is upon us!

This gives me renewed hope for some of my other predictions relating to green technology, which I'm still waiting for: waste sorting robots which mean we can get rid of recycling bins, and electric cars which are quick, cheap, comfortable and have good range.

Oh, and maybe a source of renewable energy which is less offensive to the eye than wind farms. Lots more solar, perhaps?

Meanwhile, I've realised I want some outdoor electricity. While I'm at it, I'm getting a 32A Commando socket installed for a rainy day. (It's IP44.) In theory, this means I'll be able to try out electric cars when the time comes…

Of evil and dichotomies

Oct. 14th, 2016 09:46 pm
gerald_duck: (Dubya)
[personal profile] gerald_duck
"I avoid talking about politics in these sessions", I said to my counsellor, "but put it this way: there are two main candidates in the US Presidential election and… I have a strong preference between them".

We giggled knowingly.

I'm not actually a huge fan of Hillary. A lot of the allegations against her are unfounded or overblown, and most people who've been in public life as long as she has will have some skeletons in the closet, albeit perhaps not quite that many. Compared with the alternative, however, oh! the alternative!

Mathew recently posted an essay on how to vote, and I needn't repeat it as I agree with his conclusions and at least 95% of his reasoning. Right now, in this specific US Presidential election, voting for someone other than Hillary looks very unwise.

But while this makes solid pragmatic sense, many people seem averse on principle. By my understanding, a succinct expression of the most common objection is the one attributed to Ezra Taft Benson: "If you vote for the lesser of two evils you are still voting for evil and you will be judged for it. You should always vote for the best possible candidate, whether they have a chance of winning or not, and then, even if the worst possible candidate wins, the Lord will bless our country more because more people were willing to stand up for what is right."

Now, Ezra Taft Benson — if he even said it at all — was a Mormon minister as well as a politician; that quotation has a theological dimension; set aside the theology for a moment.

When I stop to think about it properly, what on earth does "the lesser of two evils" really mean? While we can compare two independent evils and say that, for example, putting clingfilm over a toilet bowl is less evil than electrocuting Norway, if we are faced with a strict dichotomy, an either-or decision, is it possible for both choices to be evil? Unpalatable, sure, but actually evil?

In any situation, there has to be a correct course of action, which is not evil. Maybe options will be nicely divided. Maybe the choice will come down to authenticity, being true to oneself. But there's a right choice. (See also, my thoughts on fractal morality from a couple of years ago.)

OK, so take the phrase colloquially: it speaks to the notion of acting through pragmatism rather than ideology. If deciding whether to support the less unpleasant of two options, or to abstain, there's a lot to be said against either: if we support the unpleasant option, we support, strengthen and condone it; if we do not, we increase the risk that the horrific option will win.

So: shying away from the notion of voting for Trump, the options are to vote for Hillary or not. And that's the true dichotomy in this mess. For myself, I'm pretty clear that if I had a vote I'd cast it for Hillary: on this occasion, I feel it's important to let pragmatism win out.

If nothing else, I'm not wanting to sound melodramatic, but Trump seems so bad there might not even be any USA left to elect his successor.

Now I return to theology. For the benefit of those who want to skip it, I'll put it in this box:

This feels like one of those issues where it's possible to ask "What would Jesus do?" and, scripturally, come up with either answer.

On the side of principle, it's worth noting that the Beatitudes say "Blessed are those who hunger and thirst for righteousness" — you do "the right thing" and trust that everything will turn out OK as a result. Also, if I support some cause out of pragmatism and you thereby think the cause is just, have I not sinned against my siblings and wounded their conscience when it was weak?

On the side of pragmatism, Jesus spoke at length against the Pharisees: sitting in an ivory tower, built of principles, letting bad things happen which one might have averted, looks a lot like what He was speaking against. Doing the easy thing, the one we can congratulate ourselves for in our own hearts, might be an error.

One could easily be misled in either direction. I feel that, for a Christian, actively seeking out God's will in the matter — or, at the very least, seeking out those who speak of His will with wisdom and authority — is the only option.

In other news, those "Cthulhu for President: why vote for the lesser of two evils?" bumper stickers… don't seem quite so hilarious this time round. /-8

A modern dichotomy

Oct. 14th, 2016 09:31 pm
gerald_duck: (ohai)
[personal profile] gerald_duck
It has often been observed that the distinction between a terrorist and a freedom fighter is subjective, controversial and paper-thin.

I am beginning to feel that the same is true of the distinction between an echo chamber and a safe-space.

More directly, I'm beginning to suspect that whether or not we agree that some group should be given space to converse amongst themselves free from competing points of view is determined pretty directly by whether or not we agree with the group. Having decided that, we apply our choice of language and ideological principle to justify our choice.

Maybe, just maybe, it's possible to build some empathy between the LGBT+ community and Trump supporters, here?
kaberett: a patch of sunlight on the carpet, shaped like a slightly wonky heart (light hearted)
[personal profile] kaberett
Forward Arena are a tiny queer theatre company whose Kickstarter I'd been totally unaware of, but it turns out I love what they do so much that I went to see their two plays a combined total of five times -- Callisto and Children & Animals once each with [personal profile] sebastienne and [personal profile] shortcipher, then Callisto once with [personal profile] sebastienne, [personal profile] shortcipher and [personal profile] me_and once he'd joined us, and then Callisto and Children & Animals once more with [personal profile] me_and on the final day of the Fringe, after E-B & C had departed.

Callisto is on at the Arcola Theatre, London, next week only, in expanded form -- I'm going to see it on Friday, and there are till tickets available. Come squee with me, if appropriately located?

Callisto was described, in the Kickstarter blurb, as:

"I don't believe the word love has ever meant the same thing twice."

London, 1680: Arabella Hunt is the star of La Callisto, and one half of the first recorded gay marriage in UK history.

Worcester, 1936: Alan Turing pays one final visit to Isobel Morcom, the mother of his lost first love.

San Fernando Valley, 1979: Tammy Frazer lands in Callisto Studios searching for the love of her life.

The Moon, 2223: Lorn is building a paradise to sleep in but Cal is determined to keep him awake.

Callisto: A Queer Epic circles around a constellation of four queer stories scattered across time and space, spanning the historical and the fictional plus everything in between, reframing past narratives and sculpting future worlds, unravelling closed ways of thinking and straight ways of seeing.

... and I love (loved! loved loved loved) it so much. It was brilliantly written, and brilliantly staged, and brilliantly costumed, and I love it.

Read more... )