Building Geese Games

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

I got into a general life slump recently, and so to try and cheer myself up more, I’ve taken up building fun projects. I joined this industry because I wanted to build things, but I found that I got so carried away with organising coding events for others, I’d not made time for myself. I started ‘Geese Games’ last year, but I only really got as far as designing a colour scheme and general layout. I got a bit intimidated by the quiz functionality, so sheepishly put it to one side. This meant that the design was already in place though, and that I couldn’t get caught up in fussing over design too much. So I figured this would be a good starting point!.

Why geese? I really like geese, and I wanted something super silly, so that I’d not end up taking it too seriously. So I intentionally made a slightly ridiculous design and picked out some pretty odd types of geese, and got stuck in. It got a bit intense; at one point I got such tech tunnel vision that I accidentally put one goose type in as ‘Great White Frontend Goose’, went around telling people that there really was such a thing as a ‘great white frontend goose and then later realised I’d actually just made a typo. Little bit awkward… But it has been good intense, and I’ve had so much fun with this project! Building it has made me pretty happy.

My friend Beverley highlights an important fact about learning to develop your skills as a software engineer: that it’s only fun if you make it fun. Side-projects, whether useful or silly, are an opportunity to expand your horizons from the comfort of your own home.

Quantum Computing and Cryptography

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Quantum computing is a new way of computing — one that could allow humankind to perform computations that are simply impossible using today’s computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today. And it allows us to easily factor large numbers, something that would…

A moderately-simple explanation of why symmetric cryptography is probably (or can probably be made, where it’s not) safe from our future quantum computer overlords, but asymmetric (split-key) cryptography probably isn’t. On the journey of developing the theory of computation, are we passing through within our lifetimes the short-but-inevitable bubble during which split-key cryptography is computationally viable? If so, what will our post-split-key cryptographic future look like? Interesting to think about.

Five-Eyes Intelligence Services Choose Surveillance Over Security

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

The Five Eyes — the intelligence consortium of the rich English-speaking countries (the US, Canada, the UK, Australia, and New Zealand) — have issued a “Statement of Principles on Access to Evidence and Encryption” where they claim their needs for surveillance outweigh everyone’s needs for security and privacy. …the increasing use and sophistication of certain…

How many times must security professionals point out that there’s no such thing as a secure backdoor before governments actually listen? If you make a weakness in cryptography to make it easier for the “good guys” – your spies and law enforcement – then either (a) a foreign or enemy power will find the backdoor too, making everybody less-secure than before, or (b) people will use different cryptographic systems: ones which seem less-likely to have been backdoored.

Solving the information black hole is a challenging and important problem of our time. But backdoors surely aren’t the best solution, right?

Nazi spies awarded fake medals after war by their MI5 controller

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Two fascist spies were awarded fake Nazi medals after the end of the second world war by an MI5 officer who penetrated their secret network, a newly published book on wartime espionage has revealed.

Copies of German bronze honours for non-combat gallantry were commissioned from the Royal Mint and presented at a covert ceremony in January 1946 to both British citizens by Eric Roberts, a former bank clerk who spent years impersonating a Gestapo officer.

I love this. It’s the obvious end to the Double Cross system: giving the unwitting double agents you’ve turned fake medals “from” their own country so that they’re still in the dark about the fact that their handler isn’t on their side!

What Cyber-War Will Look Like

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

When prompted to think about the way hackers will shape the future of great power war, we are wont to imagine grand catastrophes: F-35s grounded by onboard computer failures, Aegis BMD systems failing to launch seconds before Chinese missiles arrive, looks of shock at Space Command as American surveillance satellites start careening towards the Earth–stuff like that. This is the sort of thing that fills the opening chapters of Peter Singer and August Cole’s Ghost Fleet. [1] The catastrophes I always imagine, however, are a bit different than this. The hacking campaigns I envision would be low-key, localized, and fairly low-tech. A cyber-ops campaign does not need to disable key weapon systems to devastate the other side’s war effort. It will be enough to increase the fear and friction enemy leaders face to tip the balance of victory and defeat. Singer and company are not wrong to draw inspiration from technological change; nor are they wrong to attempt to imagine operations with few historical precedents. But that isn’t my style. When asked to ponder the shape of cyber-war, my impulse is to look first at the kind of thing hackers are doing today and ask how these tactics might be applied in a time of war.

Mark Cancian thinks like I do.

In a report Cancian wrote for the Center for Strategic and International Studies on how great powers adapt to tactical and strategic surprise, Cancian sketched out twelve “vignettes” of potential technological or strategic shocks to make his abstract points a bit more concrete. Here is how Cancian imagines an “asymmetric cyber-attack” launched by the PRC against the United States Military:

 The U.S. secretary of defense had wondered this past week when the other shoe would drop.  Finally, it had, though the U.S. military would be unable to respond effectively for a while.

The scope and detail of the attack, not to mention its sheer audacity, had earned the grudging respect of the secretary. Years of worry about a possible Chinese “Assassin’s Mace”-a silver bullet super-weapon capable of disabling key parts of the American military-turned out to be focused on the wrong thing.

The cyber attacks varied. Sailors stationed at the 7th Fleet’ s homeport in Japan awoke one day to find their financial accounts, and those of their dependents, empty. Checking, savings, retirement funds: simply gone. The Marines based on Okinawa were under virtual siege by the populace, whose simmering resentment at their presence had boiled over after a YouTube video posted under the account of a Marine stationed there had gone viral. The video featured a dozen Marines drunkenly gang-raping two teenaged Okinawan girls. The video was vivid, the girls’ cries heart-wrenching the cheers of Marines sickening And all of it fake. The National Security Agency’s initial analysis of the video had uncovered digital fingerprints showing that it was a computer-assisted lie, and could prove that the Marine’s account under which it had been posted was hacked. But the damage had been done.

There was the commanding officer of Edwards Air Force Base whose Internet browser history had been posted on the squadron’s Facebook page. His command turned on him as a pervert; his weak protestations that he had not visited most of the posted links could not counter his admission that he had, in fact, trafficked some of them. Lies mixed with the truth. Soldiers at Fort Sill were at each other’s throats thanks to a series of text messages that allegedly unearthed an adultery ring on base.

The variations elsewhere were endless. Marines suddenly owed hundreds of thousands of dollars on credit lines they had never opened; sailors received death threats on their Twitter feeds; spouses and female service members had private pictures of themselves plastered across the Internet; older service members received notifications about cancerous conditions discovered in their latest physical.

Leadership was not exempt. Under the hashtag # PACOMMUSTGO a dozen women allegedly described harassment by the commander of Pacific command. Editorial writers demanded that, under the administration’s “zero tolerance” policy, he step aside while Congress held hearings.

There was not an American service member or dependent whose life had not been digitally turned upside down. In response, the secretary had declared “an operational pause,” directing units to stand down until things were sorted out.

Then, China had made its move, flooding the South China Sea with its conventional forces, enforcing a sea and air identification zone there, and blockading Taiwan. But the secretary could only respond weakly with a few air patrols and diversions of ships already at sea. Word was coming in through back channels that the Taiwanese government, suddenly stripped of its most ardent defender, was already considering capitulation.[2]

How is that for a cyber-attack?

Dot-dash-diss: The gentleman hacker’s 1903 lulz

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

A century ago, one of the world’s first hackers used Morse code insults to disrupt a public demo of Marconi’s wireless telegraph

Nevil Maskelyne – doing it for the lulz?

LATE one June afternoon in 1903 a hush fell across an expectant audience in the Royal Institution’s celebrated lecture theatre in London. Before the crowd, the physicist John Ambrose Fleming was adjusting arcane apparatus as he prepared to demonstrate an emerging technological wonder: a long-range wireless communication system developed by his boss, the Italian radio pioneer Guglielmo Marconi. The aim was to showcase publicly for the first time that Morse code messages could be sent wirelessly over long distances. Around 300 miles away, Marconi was preparing to send a signal to London from a clifftop station in Poldhu, Cornwall, UK.

Yet before the demonstration could begin, the apparatus in the lecture theatre began to tap out a message. At first, it spelled out just one word repeated over and over. Then it changed into a facetious poem accusing Marconi of “diddling the public”. Their demonstration had been hacked – and this was more than 100 years before the mischief playing out on the internet today. Who was the Royal Institution hacker? How did the cheeky messages get there? And why?

An early example of hacking and a great metaphor for what would later become hacker-culture, found in the history of the wireless telegraph.

This Colorful New Font Is Made Entirely of Brand Logos

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Brand New Roman font sampler

If you’re completely, irrevocably head-over-heels for brands, we finally have just the typeface for you.

Creatives at digital agency Hello Velocity have developed Brand New Roman, a font comprised of 76 corporate brand logos. The Idiocracy-style project is partly parody, but you can actually download the font and use it—and artists have already been playing around with it, too.

Lukas Bentel, partner and creative director at Hello Velocity, tells Muse that the driving idea behind Brand New Roman was simple: “This stage of capitalism is pretty weird. Seems like a good time to spoof it!”

Thoughts on Reflex 2.0

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

So Reflex are now designing the 2.0 version of the camera they’ve so far yet to ship version 1.0 of – or even find manufacturing partners for. Add to this the nonsense of trying to build a set of primes, film processor and scanner without securing any more funding and I’m increasingly leaning towards this…

What Monogamous Couples Can Learn From Polyamorous Relationships, According to Experts

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Polyamory — having more than one consensual sexual or emotional relationship at once — has in recent years emerged on television, mainstream dating sites like OkCupid and even in research. And experts who have studied these kinds of consensual non-monogomous relationships, say they have unique strengths that anyone can learn from.

Consensual non-monogamy can include polyamory, swinging and other forms of open relationships, according to Terri Conley, an associate professor of psychology at the University of Michigan who has studied consensual non-monogamy. While there aren’t comprehensive statistics about how many people in America have polyamorous relationships, a 2016 study published in the Journal of Sex & Marital Therapy found that one in five people in the U.S. engage in some form of consensual non-monogamy throughout their lives.

But these relationships can still be shrouded in stigma. And people in polyamorous relationships often keep them a secret from friends and family.

Really interesting to see quite how-widespread the media appeal is growing of looking at polyamory as more than just a curiosity or something titillating. I’ve long argued that the things that one must learn for a successful polyamorous relationship are lessons that have great value even for people who prefer monogamous ones (I’ve even recommended some of my favourite “how-to” polyamory books to folks seeking to improve their monogamous relationships!), so it pleases me to see a major publication like Time take the same slant.

Swiss startup Energy Vault is stacking concrete blocks to store energy — Quartz

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

https://www.youtube.com/watch?v=mmrwdTGZxGk

Thanks to the modern electric grid, you have access to electricity whenever you want. But the grid only works when electricity is generated in the same amounts as it is consumed. That said, it’s impossible to get the balance right all the time. So operators make grids more flexible by adding ways to store excess electricity for when production drops or consumption rises.

About 96% of the world’s energy-storage capacity comes in the form of one technology: pumped hydro. Whenever generation exceeds demand, the excess electricity is used to pump water up a dam. When demand exceeds generation, that water is allowed to fall—thanks to gravity—and the potential energy turns turbines to produce electricity.

But pumped-hydro storage requires particular geographies, with access to water and to reservoirs at different altitudes. It’s the reason that about three-quarters of all pumped hydro storage has been built in only 10 countries. The trouble is the world needs to add a lot more energy storage, if we are to continue to add the intermittent solar and wind power necessary to cut our dependence on fossil fuels.

A startup called Energy Vault thinks it has a viable alternative to pumped-hydro: Instead of using water and dams, the startup uses concrete blocks and cranes. It has been operating in stealth mode until today (Aug. 18), when its existence will be announced at Kent Presents, an ideas festival in Connecticut.

Oxford IndieWebCamp is go!

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Save the dates folks!

On Saturday 22nd September and Sunday 23rd September we will be having the first ever Oxford IndieWebCamp!

It is a free event, but I would ask that you register on Eventbrite, so I can get an idea of numbers.

IndieWebCamp is a weekend gathering of web creators building & sharing their own websites to advance the independent web and empower ourselves and others to take control of our online identities and data.

It is open to all skill levels, from people who want to get started with a web site, through to experienced developers wanting to tackle a specific personal project.

I gave a little presentation about the Indieweb at JS Oxford earlier this year if you want to know more.

Huge thanks to our sponsors for the event, Haybrook IT and White October.

I couldn’t be more excited about this! I really hope that I’m able to attend!

Before You Turn On Two-Factor Authentication

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Many online accounts allow you to supplement your password with a second form of identification, which can prevent some prevalent attacks. The second factors you can use to identify yourself include authenticator apps on your phone, which generate codes that change every 30 seconds, and security keys, small pieces of hardware similar in size and shape to USB drives. Since innovations that can actually improve the security of your online accounts are rare, there has been a great deal of well-deserved enthusiasm for two-factor authentication (as well as for password managers, which make it easy to use a different random password for every one of your online accounts.) These are technologies more people should be using.

However, in trying to persuade users to adopt second factors, advocates sometimes forget to disclose that all security measures have trade-offs . As second factors reduce the risk of some attacks, they also introduce new risks. One risk is that you could be locked out of your account when you lose your second factor, which may be when you need it the most. Another is that if you expect second factors to protect you from those attacks that they can not prevent, you may become more vulnerable to the those attacks.

Before you require a second factor to login to your accounts, you should understand the risks, have a recovery plan for when you lose your second factor(s), and know the tricks attackers may use to defeat two-factor authentication.

A well-examined exploration of some of the risks of employing two-factor authentication in your everyday life. I maintain that it’s still highly-worthwhile and everybody should do so, but it’s important that you know what you need to do in the event that you can’t access your two-factor device (and, ideally, have a backup solution in place): personally, I prefer TOTP (i.e. app-based) 2FA and I share my generation keys between my mobile device, my password safe (I’ll write a blog post about why this is controversial but why I think it’s a good idea anyway!), and in a console application I wrote (because selfdogfooding etc.).

Battle of the Bulge: Why We’re So Fascinated by Superhero Codpieces

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

There’s a YouTube video from 2014 simply titled “Batman Suit-up Compilation.” As that description suggests, the 106-second clip, which has received approximately 1.86 million views, is a highlight reel of different times in Batman movies in which the Caped Crusader dons his Batsuit.

It’s a fairly innocuous video, but it’s generated more than 550 comments. And the first responder basically sums up the discussion that continues down the rest of the page: “Was there any point of showing Batman’s ass? Furthermore, why were Bats and Robin wearing codpieces? ”