Sniffen Packets

With a name like Sniffen, it's got to smell good.

Juvenalia: Upright

I’m trying out some of the practices of Marie Kondō. It’s not all fitting perfectly into my life, but it is helping me get through piles of accumulated “someday I’ll need.” That was so congested that I could find nothing in it, review nothing—well, we’ve been making progress. 95% of it has left the house. Yay. And the 5% that I’m really glad to find have turned up. From that, anything I can digitize I am digitizing.

One delight is a memory of a theatre class at nerd camp from 1991. I remember none of the surnames of the people involved here. The lead was Noah, RJ was probably an advisor, and I think I played Peter the daffy psychic. But the poem stuck with me for the last 27 years, and perhaps someone else will find it by looking for this text:

The Upright Man stands straight and proud
He knows his mind and speaks out loud
His iron will, not tarnished or stained
But iron rusted the day it rained
His noble thoughts fall on deaf ears
Again he speaks, though no one hears.
Confronted by indifference, he knocks on other doors
And should a soul be listening, it draws back and ignores
He preaches words of honesty, of bravery, and fire
But finds himself a cast-away upon a sea of ire
Yet once again he shouts and screams, as angry storm clouds grow
Then lies there, bloody, broken, tamed, the Upright Man layed low
The man now lies beneath our feet
Trodden on, trampled, and finally beat
His iron soul a leaded weight
That sank him in a sea of hate
Rusted to his very core
The Upright Man, upright no more

You can have a nicely typeset copy of Upright in PDF or LaTeX, or the partial scan. And if you were involved, get in touch!

art

Mental Models

A big part of my job is listening to others’ ideas, asking good questions, and helping them to focus on the parts that will most benefit from more work. Sometimes that’s the strongest parts, which will escape whatever concrete frame first held them. Sometimes that’s the weakest parts, which are holding back an otherwise good idea. Either way, I rarely have as much time as I’d like to think through these ideas. Ideally, I’d reconstruct the proposal from scratch. Then I’d be able to talk not only about the results, but about the process of getting there. But how often is there time for that? As Rickover1 is said to have said, a manager doesn’t necessarily need the math to do the work, but he’d better be able to tell whether his staff have done the math.

If I have to give a quick answer, I can reach in two directions. First, I can look at a store of knowledge of previous attempts to answer the same question. For example, the papers from an introductory systems course in most computer science programs should be a good start. A few decades of lab notebooks kept with an intent to make new and different mistakes can make a big contribution.

Alternately, I can look at a store of approaches. One name for such a catalog of approaches to problems is mental models. This list, inspired by a talk by Charlie Munger, was shown to me by Chris Degni. He carries it around as part of an explicit practice: when shown a new problem, try some of the stable of models. Especially try some that you haven’t looked at lately, to stay fresh.

But that list doesn’t have some of the approaches I find most valuable. I notice it does have some great approaches. Many of them have the significant virtue that they are easy to learn. It’s pretty easy to hear about Confirmation Bias, the second element on the list, and then to look for it in your work. You’ll find plenty, and that’s it’s own reward. But the approaches I most value are sort of ornery. It’s not always obvious how to apply them to a situation. They reward this diligence with nearly universal applicability. Here they are:

  • Shannon information theory, particularly the idea of channel capacity. Nothing’s as wonderful for finding the flaws in a computer system vendor’s sales pitch as some estimates of the channel capacity needed to make it work at scale.

  • Noether’s Theorem, and its consequences: energy and momentum are conserved, and so are lots of other things. Sometimes it’s helpful to look for what’s conserved in a system—where are the continuous symmetries, where are dissipations into entropy—but very often it’s enough to remember some basic conservation laws, and to look for claims that the system will violate those.

  • Thermodynamics: You can’t win, you can’t break even, you can’t even quit the game. Systems that claim to be able to do this—particularly to avoid all interactions that will have a particular result, while sustaining other interactions—have a lot of explaining to do.

  • Gaussian surfaces: This is an idea from basic electromagnetism. For many systems, we care about the flux of a vector field. This is often even true for discrete systems, like distributed computer systems (say, for information leakage, or for defining principals). We can then draw the surface in whatever way makes it easy for us to do the rest of our work. We don’t have to feel constrained by tightness to the implementing system.

  • Retrograde analysis: I learned this together with cryptographic protocol analysis. It’s common for a programmer to think about a protocol in a forwards direction: at each step, what happens next? That’s absolutely the right model for a programmer working on that protocol endpoint, who has to ensure that the right thing happens next. But as someone building a system relying on a protocol, it’s much more common that we’ve experienced one side of a protocol, and now want to be sure of what must have happened elsewhere in the world.

    Why else do we use cryptographic protocols in distributed systems, than to know what happened elsewhere, given some assumptions? This idea of proofs at the end of the interaction about what must or must not have happened before hand, given assumptions about regular behavior by others, unlocks new ways of understanding all distributed systems.

  • If you pave it, you know it’s flat. What do we do with malware-infected computers? Wipe the drives. If the malware even might have changed state elsewhere? Trash them; computers are cheap relative to the costs of keeping malware with you. The same applies elsewhere: calloc(2) has quite reasonable costs compared to Heartbleed.

    Related ideas include written records not changing, and the desirability of having written the history books.

  • Lots more about systems engineering, including Kerckhoff’s Law—nothing as complex as a system can stay secret; we can only keep short strings secret—and hierarchical control, including the application of Gaussian surfaces to system definitions.

I could write an entire post on each of these, and perhaps I will. In the meantime, I’m happy to answer questions, to accept nominations for new members of my list, and to expand in person.


  1. Missing cite. Did Feynman tell this story?

science

A review of "Elite: Dangerous"

Debra Doyle and James MacDonald, the authors of The Price of the Stars, once wrote in the preface to The Stars Asunder that his first drafts read like Checklists In Space: docking procedures, shiphandling, details basically nobody cares about. Nobody wants to read about that, and certainly nobody wants to play that. Turns out: some of us do want that! Elite gives me the Checklists In Space I want, and therefore feels like being Becca Metadi, Han Solo, or Pham Nuwen. The story isn’t set, but there are enough sandbox pieces that you can put together goals and story.

This is the game that persuaded me to buy a Rift. After I put my kids to bed, I can go fly a starship. Last night, I played for just a couple hours. Here’s an example of one night’s play. I’m in Upsilon Aquarii, a star system of no particular significance. But it’s near this other star system that has a damned inconvenient station, Smeaton Orbital. People from Upsilon Aquarii will pay a fortune to get to Smeaton Orbital… but only if they trust you won’t get bored and ditch them half way. So I’m trying to earn enough rep with the factions here in UA that I can start getting passenger contracts to Smeaton. All that’s to afford a fast enough ship to go explore the other side of the galaxy, about 20 million credits.

There’s a civil war brewing in this system, so a lot of the missions are about killing this or breaking that. Go figure. I take two missions from the local democratic government to reduce the local pirate population. Each says “go kill 4 pirates.” I slip up reading, and one of them is for the local pirate group, but in the next system over. Oh well. So I head to the system’s entry point, where starships jumping in will land. I don’t want anything with them, but pirates will wait here to pounce… so I’ll wait for the pirates. It takes about an hour for four relevant pirates to drift in, and I take them all out. In the mean time I’ve racked up a dozen or so kills on other pirates, and apparently this system starts to get a reputation for being unhealthy for piracy. Great.

I hop next door to the other system I’m supposed to clear out. Hey, first thing I see a relevant icon on my radar. I check it out. It’s three relevant pirates, all together, all flying the biggest, baddest ships in the game. Um. This mission just got Seriously Not Worth It. But… what the hey. I wait for them to warm up their FTL drives, and let two jump out. Then I blast the third… and watch him blink FTL. Oh well, maybe I scratched his paint. I go find some more of these pirates, whack two. Two to go. Hey, here’s a third in a secondhand navy Gunship. Can I take that in my ship? Five minutes later: no, no I cannot. I’m dead. I pay my Pilot’s Federation insurance deductible and am issued a new ship just like the one I lost. And, um, a new life. Let’s not look too closely at how that happens, but it’s a great mechanic as an alternative to starting from roguelike scratch. I fly back out and find the same guy. This time I’ve learned a bit, I fly better, and I almost get him before he cracks the windshield on my ship. My air leaks out, and I have five minutes of air in my helmet. All power to engines, boost away from there, and hit FTL… with no front window, just my helmet between me and whatever’s out there. Best part, that window’s where my HUD is projected. HUD’s where you get the best view of speed and distance to a target. So I’m flying semi-blind, on instruments, to the nearest station, in a terrible rush. I make it with 45 seconds to spare. They fix my shield and sell me a bigger air tank for my next mistake. I find some more pirates, whack them, and collect my bounties.

My next mission to curry favor is to check out a mob base on a nearby planet. I survey the planet from low orbit, pick a couple likely looking spots, do some low passes, land at one, drive out in a rover. Hey, it is mob-operated… so there are bounties on the security drones! I whack those, grab everything not nailed down, take it back… wrong mob-operated base. I do it again–different place, different terrain, basically same drone AI. That one’s right, I get paid.

Now I own a Vulture heavy combat ship, a Diamondback Explorer fitted for long range, solo, deep space exploration—jumping more than 40ly per hop—and a Type-6 transporter set up as a passenger ship. I’m out on that exploration trip now, near the Trifid Nebula. When I get back, I expect I’ll switch the Type-6 over for collecting rare materials and play with the component engineering system, see if I can get a ship fit for P2P combat.

gaming

Joyful coffee on the road

I like coffee. I like coffee more than most people in Boston. I like coffee a lot more than most people out in the world. When I travel for more than a couple days, it makes the trip better to have some good coffee along.

In 2018 so far, I’ve been to Munich, Krakow, Zurich, and Frankfurt. While every restaurant and bar in each of them had a reasonably maintained super-automatic espresso machine, none of them had easily available good (“third wave”) coffee. But I’ve been well supplied–my recent improvements to my travel coffee kit are really working out. I’d like to share with you what’s working for me. And I mean that literally: if we’re traveling together, or if we find ourselves at the same conference, come try a cup.

What’s important about good coffee? It should taste good. Very good coffee tastes like drinking liquid gold and the memories of a childhood Christmas. That takes practice, great materials, and some luck. Acceptable coffee tastes dark and sweet with a bright tang, like dried fruit. It wants neither milk nor sugar. To get this result, we need to watch several factors:

  • coffee origin
  • coffee roast
  • coffee age
  • coffee mass
  • grind: total surface area
  • grind: variance in volume (“fines” and “boulders”)
  • grind age
  • equipment cleanliness
  • water purity
  • water temperature
  • extraction pressure
  • extraction duration

That’s a lot! But we only need to watch a couple at a time. With the right tools, we can do a reasonably acceptable job. Moreover, we can accept that we’re doing this in a hotel room while jet-lagged, and cut ourselves some slack. On this most recent trip I forgot a thermometer, so was measuring water temperature by estimating heat loss over time. At that point there’s no need to be fussy about mass or timing. Several of the results were good; one was not so great. I think I rushed and used water too hot.

Start with decent coffee

There is an amazing bounty of wonderful coffee available for very reasonable prices in 2018. Go try lots of things and see what you like. Blue Bottle will sell you a single-origin subscription, and if you live in any American city there’s a local roaster in the hipster district, next door to the microbrewery. There are only a few things that really matter:

  1. The coffee must be freshly roasted. Hours don’t matter, but days do. After two weeks, you’ll lose some great flavors. After four, you’ve lost most of them.
  2. The coffee must not be too roasted. You should still be able to taste a regional difference. If you can’t tell, after six months of practice, whether this is from Ethiopia, Sumatra, or Colombia, it’s been burnt. Trader Joe’s burns most of their coffees. Their “ultra-light” roast, Caffe Lys, is a medium roast that’s quite acceptable, and $7/lb. No “tears of lys” included, they swear. Their “Joe” is surprisingly good. Most of their other coffees are ash.

I happen to really like East African coffee, but I’m happy to enjoy almost anything. This trip I’m traveling with a Colombian single-origin from Counter Culture, in its ordinary roll-top bag. I stick it in a ziploc mostly so it doesn’t pick up the flavor of my laundry or my toiletry kit.

If you’d like an amazing start, try Counter Culture’s “Hologram” blend. It’s reasonably priced, can be brewed well as espresso, drip, whatever, and when you nail it you will know. This is the coffee that showed me how wonderful coffee can be.

Ready it for brewing

You have to grind coffee freshly. Once it’s ground, it loses its flavor within a few hours. Some people claim to be able to taste minutes of delay. Maybe–luckily not me. That means you want to grind only the right amount.

Get a small scale and a Porlex Mini grinder. The Porlex has a number of advantages. First, it fits inside a travel mug. Second, it is machined with obsessive care; it produces very reliable results, and doesn’t get out of calibration from being in checked baggage.

porlex on small scale

Weigh out 15g of coffee. You’re later going to adjust this as you decide you like your coffee stronger or weaker. If you lose your scale, 15g of peaberry beans is just to the top of the internal dividers in the Porlex top. Now grind your coffee:

porlex mini grinder

It’s only about 200 strokes to a grind about as coarse as table salt. Stop and check after ten strokes, and adjust. Incidentally, this is a much kinder device for your office-mates than an electric grinder, and not much slower. With a little Stockholm syndrome, you can even decide you like the ritual of hand-grinding. Now you can put the coffee into your Aeropress:

aeropress set up inverted

Water

Properly brewing coffee requires water at between 200 °F and 205 °F. How can that be, you say, when a percolator works at 212 °F? Well, part of the answer is that it produces percolated coffee. That’s why it tastes that way. Part of the answer is that the coffee itself was at room temperature until steam or water hit it, and is rarely over 180 °F even after five minutes of percolation. Similar story for large batches of drip coffee.

Therefore, we’re going to heat our water to hotter than 205 °F, and let it cool back down a bit with a little time and a little pouring distance. We have to compromise on boiling: we’d like a little extra sanitation, we don’t want to lose the oxygen dissolved in the water, and much of the time we’re at altitude where boiling density sanitize quickly anyway–but does lose the dissolved gasses.

Many hotels have a way to heat water: a kettle in Europe, a little coffee-maker in the US. I’m always suspicious of cleanliness on these, so I travel with a tiny folding kettle:

folding mini kettle

It’s body is silicone and steel, and it runs on 110–240V. You just need an appropriate adapter for the local plugs:

electric cord with European adapter end

A word about plugs and hot water: this kettle’s going to pull something like a kilowatt. Unlike an immersion heater, the kettle has room for some safety circuits. If you boil it dry, it probably won’t try to kill you. But: think about the current handling capacity of whatever you’re plugging into. If a European outlet is recessed in a hexagonal slot, or an American outlet can’t fit a wide prong, that’s not an accident. That’s an electrician trying to keep you from burning the building down. And wear pants and shoes. We drink coffee for stimulation, but boiling water on bare skin is a little too stimulating. Also remove computers, phones, and other electrical equipment from the area where you’re working.

The kettle will bring the water to local boiling. Anywhere above 3000’, that’s already brewing temperature. Pour it right in. Below 3000’, stick a thermometer into the kettle and wait for it to hit 205 °F.

If you’re someplace with sulfurous water, like Florida, it can be worth it to use bottled water for your coffee. Some people will tell you to do it everywhere, but I don’t see the need. Can you taste it? Yes, of course. Does it overpower the coffee? No. And if you’re traveling, it’s hard to stay properly hydrated on bottled water alone.

Putting it all together

Now you want to put the water and coffee together in your aeropress. There are a lot of ways to do this. To keep things neater, and to keep finer control on extraction duration (i.e., to keep water leaking out from changing the math) I brew “inverted”: the plunger is on the bottom, with a brewing cylinder above that.

For some good starting tips, you can use the “Aeropress Timer” app for your phone. It even has a Watch app for the egregiously over-provisioned. The basic steps are simple:

  1. The ground coffee has been resting for a moment in the aeropress, which is assembled so the floor of the brewing chamber is at the “1” mark on the side.
  2. Pour in water to reach just under the “2” mark. This should be about 50g. Stir vigorously. This water is to be pulled into the coffee grinds by osmosis, pushing out CO2. Stale coffee won’t have CO2 in its voids, just air, but for fresh coffee it matters–otherwise the CO2 bubbles keep water from getting in, we don’t get wet oxides, and we get really weak coffee.
  3. Wait about 30s.
  4. Pour in water to reach to the “4” mark. This should be more than twice the water you used before. Stir for ten seconds.
  5. Wait about 60s. While you wait, put a paper filter in the cap. Paper is important; metal filters don’t get clean enough without soap you won’t bring, and they don’t absorb some parts of coffee that are apparently quite bad for your heart. A French press once in a while won’t kill you, but use paper or cotton filters by habit.
  6. Cap, lock the cap, flip onto your cup, and press. Pressing should take about 15-25s.
  7. Finish the press with a good firm squeeze, compressing the grounds into a puck.
  8. Eject the puck into the trash. Wash all the parts in the hotel bathroom sink. If you keep them clean now, they’ll be clean later. If you let oil accumulate, they’ll taste nasty until you get them home.

Now you can add water from the kettle directly to the cup to meet the volume and dilution you want, cap the mug, and drink. Enjoy.

Oh, one more piece of equipment: I bring a cheap Copco travel mug:

plastic travel mug

It’s indestructible, cleans well, doesn’t leach anything particular into the coffee, and has a locking lid. That’s saved some laundry and at least one computer.

Equipment list

Defense in Breadth

An important thing about layers, about defense in depth, is that you can’t even begin to attack one mechanism until you’ve defeated its predecessors. DANE + TLS doesn’t give you layers. If I can subvert your DNSSEC, I can endorse a fresh TLS key, and win. If I can subvert your TLS, I win.

This is defense in breadth, a strategy known mostly for its close association with defeat.

(Thanks to Joshua Guttman for the observations that gave rise to this post.)

security