Sniffen Packets

With a name like Sniffen, it's got to smell good.

Mental Models

A big part of my job is listening to others’ ideas, asking good questions, and helping them to focus on the parts that will most benefit from more work. Sometimes that’s the strongest parts, which will escape whatever concrete frame first held them. Sometimes that’s the weakest parts, which are holding back an otherwise good idea. Either way, I rarely have as much time as I’d like to think through these ideas. Ideally, I’d reconstruct the proposal from scratch. Then I’d be able to talk not only about the results, but about the process of getting there. But how often is there time for that? As Rickover1 is said to have said, a manager doesn’t necessarily need the math to do the work, but he’d better be able to tell whether his staff have done the math.

If I have to give a quick answer, I can reach in two directions. First, I can look at a store of knowledge of previous attempts to answer the same question. For example, the papers from an introductory systems course in most computer science programs should be a good start. A few decades of lab notebooks kept with an intent to make new and different mistakes can make a big contribution.

Alternately, I can look at a store of approaches. One name for such a catalog of approaches to problems is mental models. This list, inspired by a talk by Charlie Munger, was shown to me by Chris Degni. He carries it around as part of an explicit practice: when shown a new problem, try some of the stable of models. Especially try some that you haven’t looked at lately, to stay fresh.

But that list doesn’t have some of the approaches I find most valuable. I notice it does have some great approaches. Many of them have the significant virtue that they are easy to learn. It’s pretty easy to hear about Confirmation Bias, the second element on the list, and then to look for it in your work. You’ll find plenty, and that’s it’s own reward. But the approaches I most value are sort of ornery. It’s not always obvious how to apply them to a situation. They reward this diligence with nearly universal applicability. Here they are:

  • Shannon information theory, particularly the idea of channel capacity. Nothing’s as wonderful for finding the flaws in a computer system vendor’s sales pitch as some estimates of the channel capacity needed to make it work at scale.

  • Noether’s Theorem, and its consequences: energy and momentum are conserved, and so are lots of other things. Sometimes it’s helpful to look for what’s conserved in a system—where are the continuous symmetries, where are dissipations into entropy—but very often it’s enough to remember some basic conservation laws, and to look for claims that the system will violate those.

  • Thermodynamics: You can’t win, you can’t break even, you can’t even quit the game. Systems that claim to be able to do this—particularly to avoid all interactions that will have a particular result, while sustaining other interactions—have a lot of explaining to do.

  • Gaussian surfaces: This is an idea from basic electromagnetism. For many systems, we care about the flux of a vector field. This is often even true for discrete systems, like distributed computer systems (say, for information leakage, or for defining principals). We can then draw the surface in whatever way makes it easy for us to do the rest of our work. We don’t have to feel constrained by tightness to the implementing system.

  • Retrograde analysis: I learned this together with cryptographic protocol analysis. It’s common for a programmer to think about a protocol in a forwards direction: at each step, what happens next? That’s absolutely the right model for a programmer working on that protocol endpoint, who has to ensure that the right thing happens next. But as someone building a system relying on a protocol, it’s much more common that we’ve experienced one side of a protocol, and now want to be sure of what must have happened elsewhere in the world.

    Why else do we use cryptographic protocols in distributed systems, than to know what happened elsewhere, given some assumptions? This idea of proofs at the end of the interaction about what must or must not have happened before hand, given assumptions about regular behavior by others, unlocks new ways of understanding all distributed systems.

  • If you pave it, you know it’s flat. What do we do with malware-infected computers? Wipe the drives. If the malware even might have changed state elsewhere? Trash them; computers are cheap relative to the costs of keeping malware with you. The same applies elsewhere: calloc(2) has quite reasonable costs compared to Heartbleed.

    Related ideas include written records not changing, and the desirability of having written the history books.

  • Lots more about systems engineering, including Kerckhoff’s Law—nothing as complex as a system can stay secret; we can only keep short strings secret—and hierarchical control, including the application of Gaussian surfaces to system definitions.

I could write an entire post on each of these, and perhaps I will. In the meantime, I’m happy to answer questions, to accept nominations for new members of my list, and to expand in person.

  1. Missing cite. Did Feynman tell this story?


A review of "Elite: Dangerous"

James MacDonald, the author of The Price of the Stars, once wrote that his first drafts read like Checklists In Space: docking procedures, shiphandling, details basically nobody cares about. Nobody wants to read about that, and certainly nobody wants to play that. Turns out: some of us do want that! Elite gives me the Checklists In Space I want, and therefore feels like being Becca Metadi, Han Solo, or Pham Nuwen. The story isn’t set, but there are enough sandbox pieces that you can put together goals and story.

This is the game that persuaded me to buy a Rift. After I put my kids to bed, I can go fly a starship. Last night, I played for just a couple hours. Here’s an example of one night’s play. I’m in Upsilon Aquarii, a star system of no particular significance. But it’s near this other star system that has a damned inconvenient station, Smeaton Orbital. People from Upsilon Aquarii will pay a fortune to get to Smeaton Orbital… but only if they trust you won’t get bored and ditch them half way. So I’m trying to earn enough rep with the factions here in UA that I can start getting passenger contracts to Smeaton. All that’s to afford a fast enough ship to go explore the other side of the galaxy, about 20 million credits.

There’s a civil war brewing in this system, so a lot of the missions are about killing this or breaking that. Go figure. I take two missions from the local democratic government to reduce the local pirate population. Each says “go kill 4 pirates.” I slip up reading, and one of them is for the local pirate group, but in the next system over. Oh well. So I head to the system’s entry point, where starships jumping in will land. I don’t want anything with them, but pirates will wait here to pounce… so I’ll wait for the pirates. It takes about an hour for four relevant pirates to drift in, and I take them all out. In the mean time I’ve racked up a dozen or so kills on other pirates, and apparently this system starts to get a reputation for being unhealthy for piracy. Great.

I hop next door to the other system I’m supposed to clear out. Hey, first thing I see a relevant icon on my radar. I check it out. It’s three relevant pirates, all together, all flying the biggest, baddest ships in the game. Um. This mission just got Seriously Not Worth It. But… what the hey. I wait for them to warm up their FTL drives, and let two jump out. Then I blast the third… and watch him blink FTL. Oh well, maybe I scratched his paint. I go find some more of these pirates, whack two. Two to go. Hey, here’s a third in a secondhand navy Gunship. Can I take that in my ship? Five minutes later: no, no I cannot. I’m dead. I pay my Pilot’s Federation insurance deductible and am issued a new ship just like the one I lost. And, um, a new life. Let’s not look too closely at how that happens, but it’s a great mechanic as an alternative to starting from roguelike scratch. I fly back out and find the same guy. This time I’ve learned a bit, I fly better, and I almost get him before he cracks the windshield on my ship. My air leaks out, and I have five minutes of air in my helmet. All power to engines, boost away from there, and hit FTL… with no front window, just my helmet between me and whatever’s out there. Best part, that window’s where my HUD is projected. HUD’s where you get the best view of speed and distance to a target. So I’m flying semi-blind, on instruments, to the nearest station, in a terrible rush. I make it with 45 seconds to spare. They fix my shield and sell me a bigger air tank for my next mistake. I find some more pirates, whack them, and collect my bounties.

My next mission to curry favor is to check out a mob base on a nearby planet. I survey the planet from low orbit, pick a couple likely looking spots, do some low passes, land at one, drive out in a rover. Hey, it is mob-operated… so there are bounties on the security drones! I whack those, grab everything not nailed down, take it back… wrong mob-operated base. I do it again–different place, different terrain, basically same drone AI. That one’s right, I get paid.

Now I own a Vulture heavy combat ship, a Diamondback Explorer fitted for long range, solo, deep space exploration—jumping more than 40ly per hop—and a Type-6 transporter set up as a passenger ship. I’m out on that exploration trip now, near the Trifid Nebula. When I get back, I expect I’ll switch the Type-6 over for collecting rare materials and play with the component engineering system, see if I can get a ship fit for P2P combat.


Joyful coffee on the road

I like coffee. I like coffee more than most people in Boston. I like coffee a lot more than most people out in the world. When I travel for more than a couple days, it makes the trip better to have some good coffee along.

In 2018 so far, I’ve been to Munich, Krakow, Zurich, and Frankfurt. While every restaurant and bar in each of them had a reasonably maintained super-automatic espresso machine, none of them had easily available good (“third wave”) coffee. But I’ve been well supplied–my recent improvements to my travel coffee kit are really working out. I’d like to share with you what’s working for me. And I mean that literally: if we’re traveling together, or if we find ourselves at the same conference, come try a cup.

What’s important about good coffee? It should taste good. Very good coffee tastes like drinking liquid gold and the memories of a childhood Christmas. That takes practice, great materials, and some luck. Acceptable coffee tastes dark and sweet with a bright tang, like dried fruit. It wants neither milk nor sugar. To get this result, we need to watch several factors:

  • coffee origin
  • coffee roast
  • coffee age
  • coffee mass
  • grind: total surface area
  • grind: variance in volume (“fines” and “boulders”)
  • grind age
  • equipment cleanliness
  • water purity
  • water temperature
  • extraction pressure
  • extraction duration

That’s a lot! But we only need to watch a couple at a time. With the right tools, we can do a reasonably acceptable job. Moreover, we can accept that we’re doing this in a hotel room while jet-lagged, and cut ourselves some slack. On this most recent trip I forgot a thermometer, so was measuring water temperature by estimating heat loss over time. At that point there’s no need to be fussy about mass or timing. Several of the results were good; one was not so great. I think I rushed and used water too hot.

Start with decent coffee

There is an amazing bounty of wonderful coffee available for very reasonable prices in 2018. Go try lots of things and see what you like. Blue Bottle will sell you a single-origin subscription, and if you live in any American city there’s a local roaster in the hipster district, next door to the microbrewery. There are only a few things that really matter:

  1. The coffee must be freshly roasted. Hours don’t matter, but days do. After two weeks, you’ll lose some great flavors. After four, you’ve lost most of them.
  2. The coffee must not be too roasted. You should still be able to taste a regional difference. If you can’t tell, after six months of practice, whether this is from Ethiopia, Sumatra, or Colombia, it’s been burnt. Trader Joe’s burns most of their coffees. Their “ultra-light” roast, Caffe Lys, is a medium roast that’s quite acceptable, and $7/lb. No “tears of lys” included, they swear. Their “Joe” is surprisingly good. Most of their other coffees are ash.

I happen to really like East African coffee, but I’m happy to enjoy almost anything. This trip I’m traveling with a Colombian single-origin from Counter Culture, in its ordinary roll-top bag. I stick it in a ziploc mostly so it doesn’t pick up the flavor of my laundry or my toiletry kit.

If you’d like an amazing start, try Counter Culture’s “Hologram” blend. It’s reasonably priced, can be brewed well as espresso, drip, whatever, and when you nail it you will know. This is the coffee that showed me how wonderful coffee can be.

Ready it for brewing

You have to grind coffee freshly. Once it’s ground, it loses its flavor within a few hours. Some people claim to be able to taste minutes of delay. Maybe–luckily not me. That means you want to grind only the right amount.

Get a small scale and a Porlex Mini grinder. The Porlex has a number of advantages. First, it fits inside a travel mug. Second, it is machined with obsessive care; it produces very reliable results, and doesn’t get out of calibration from being in checked baggage.

porlex on small scale

Weigh out 15g of coffee. You’re later going to adjust this as you decide you like your coffee stronger or weaker. If you lose your scale, 15g of peaberry beans is just to the top of the internal dividers in the Porlex top. Now grind your coffee:

porlex mini grinder

It’s only about 200 strokes to a grind about as coarse as table salt. Stop and check after ten strokes, and adjust. Incidentally, this is a much kinder device for your office-mates than an electric grinder, and not much slower. With a little Stockholm syndrome, you can even decide you like the ritual of hand-grinding. Now you can put the coffee into your Aeropress:

aeropress set up inverted


Properly brewing coffee requires water at between 200 °F and 205 °F. How can that be, you say, when a percolator works at 212 °F? Well, part of the answer is that it produces percolated coffee. That’s why it tastes that way. Part of the answer is that the coffee itself was at room temperature until steam or water hit it, and is rarely over 180 °F even after five minutes of percolation. Similar story for large batches of drip coffee.

Therefore, we’re going to heat our water to hotter than 205 °F, and let it cool back down a bit with a little time and a little pouring distance. We have to compromise on boiling: we’d like a little extra sanitation, we don’t want to lose the oxygen dissolved in the water, and much of the time we’re at altitude where boiling density sanitize quickly anyway–but does lose the dissolved gasses.

Many hotels have a way to heat water: a kettle in Europe, a little coffee-maker in the US. I’m always suspicious of cleanliness on these, so I travel with a tiny folding kettle:

folding mini kettle

It’s body is silicone and steel, and it runs on 110–240V. You just need an appropriate adapter for the local plugs:

electric cord with European adapter end

A word about plugs and hot water: this kettle’s going to pull something like a kilowatt. Unlike an immersion heater, the kettle has room for some safety circuits. If you boil it dry, it probably won’t try to kill you. But: think about the current handling capacity of whatever you’re plugging into. If a European outlet is recessed in a hexagonal slot, or an American outlet can’t fit a wide prong, that’s not an accident. That’s an electrician trying to keep you from burning the building down. And wear pants and shoes. We drink coffee for stimulation, but boiling water on bare skin is a little too stimulating. Also remove computers, phones, and other electrical equipment from the area where you’re working.

The kettle will bring the water to local boiling. Anywhere above 3000’, that’s already brewing temperature. Pour it right in. Below 3000’, stick a thermometer into the kettle and wait for it to hit 205 °F.

If you’re someplace with sulfurous water, like Florida, it can be worth it to use bottled water for your coffee. Some people will tell you to do it everywhere, but I don’t see the need. Can you taste it? Yes, of course. Does it overpower the coffee? No. And if you’re traveling, it’s hard to stay properly hydrated on bottled water alone.

Putting it all together

Now you want to put the water and coffee together in your aeropress. There are a lot of ways to do this. To keep things neater, and to keep finer control on extraction duration (i.e., to keep water leaking out from changing the math) I brew “inverted”: the plunger is on the bottom, with a brewing cylinder above that.

For some good starting tips, you can use the “Aeropress Timer” app for your phone. It even has a Watch app for the egregiously over-provisioned. The basic steps are simple:

  1. The ground coffee has been resting for a moment in the aeropress, which is assembled so the floor of the brewing chamber is at the “1” mark on the side.
  2. Pour in water to reach just under the “2” mark. This should be about 50g. Stir vigorously. This water is to be pulled into the coffee grinds by osmosis, pushing out CO2. Stale coffee won’t have CO2 in its voids, just air, but for fresh coffee it matters–otherwise the CO2 bubbles keep water from getting in, we don’t get wet oxides, and we get really weak coffee.
  3. Wait about 30s.
  4. Pour in water to reach to the “4” mark. This should be more than twice the water you used before. Stir for ten seconds.
  5. Wait about 60s. While you wait, put a paper filter in the cap. Paper is important; metal filters don’t get clean enough without soap you won’t bring, and they don’t absorb some parts of coffee that are apparently quite bad for your heart. A French press once in a while won’t kill you, but use paper or cotton filters by habit.
  6. Cap, lock the cap, flip onto your cup, and press. Pressing should take about 15-25s.
  7. Finish the press with a good firm squeeze, compressing the grounds into a puck.
  8. Eject the puck into the trash. Wash all the parts in the hotel bathroom sink. If you keep them clean now, they’ll be clean later. If you let oil accumulate, they’ll taste nasty until you get them home.

Now you can add water from the kettle directly to the cup to meet the volume and dilution you want, cap the mug, and drink. Enjoy.

Oh, one more piece of equipment: I bring a cheap Copco travel mug:

plastic travel mug

It’s indestructible, cleans well, doesn’t leach anything particular into the coffee, and has a locking lid. That’s saved some laundry and at least one computer.

Equipment list

Defense in Breadth

An important thing about layers, about defense in depth, is that you can’t even begin to attack one mechanism until you’ve defeated its predecessors. DANE + TLS doesn’t give you layers. If I can subvert your DNSSEC, I can endorse a fresh TLS key, and win. If I can subvert your TLS, I win.

This is defense in breadth, a strategy known mostly for its close association with defeat.

(Thanks to Joshua Guttman for the observations that gave rise to this post.)


Why People Still Support Trump

Clive Crook at Bloomberg View writes that the large majority of Trump supporters are good citizens with intelligible and legitimate opinions. He then offers the following as examples of these legitimate opinions. I’m dubious. Let’s check:

I’m a liberal on immigration – but it isn’t racism to favor tighter controls if you believe that high immigration lowers American wages.

I wonder what a liberal believes on immigration. I believe we should have open borders and free movement of labor, goods, and capital between the nations of the civilized West, certainly including all of North America and Europe, Brazil, India, Japan, Korea. I bet Crook doesn’t believe that, but something else he calls liberal or progressive. I say it is racist to favor tighter controls for that reason, because to act on that reason, that belief, is inherently racist. Most American wages go to white people. Most non-Americans are not white. Americans are the global 3%; our 20th-percentile income citizens are still much richer than most humans elsewhere, and those elsewhere are still humans. What reason could we have to help our relatively poor in West Virginia over the billions who are much poorer elsewhere?

Two reasons are clear, and others may be obscure to me: (1) we have an approach to help the people in West Virginia, while we can’t figure out how to get sufficient help past the warlords to the citizens of Somalia, North Korea, and similar, or (2) racism and nationalism, entwined. The first is a delicate systems-based argument that I don’t believe could be articulated by the people Crook describes—so even if it’s true, it’s not an intelligible motivation.

That leaves it as unintelligible or racist, and so it can’t be an intelligible, legitimate opinion.

It sure isn’t racism to believe that the laws on immigration should be enforced, and that “sanctuary cities” violate that impeccably liberal principle.

I think this is an appeal to Law and Order. Similarly, then, it wouldn’t have been racism to believe that the laws on fugitive slaves should be enforced, and that “sanctuary cities” violate that same principle?

Again, either there’s some unintelligible line here or no, that’s not a legitimate opinion. Laws past a certain threshold shock the conscience and demand that moral citizens oppose them. The current application of immigration laws by INS exceed that threshold.

We celebrate the underground railroad and condemn the Northern moderates who endorsed Dred Scott; our grandchildren will do similarly to those moderates on our current immigration problems.

It isn’t racist to say that many of the Charlottesville counter-protesters came looking for a fight.

Yes, it is—when that’s all you say. If you say that all the people with torches and clubs on either side came looking for a fight, I think that’s probably about right—and you can see from photographs that that’s most of one side and some of (most of one element of) the other. Buzzfeed has a nice story quoted here in the LA Times:

Conflict would start much the same as it has at other alt-right rallies: two people, one from each side, screaming, goading each other into throwing the first punch.

It is absolutely the case that some of the counter-protestors were looking for a fight and seeking an opportunity for violence. They’ve publicly advocated punching Nazis to deter future Nazi speech, and we should take them at their word. But to report just that is not credibly an innocent statement; it masks out enough context to be untrue, and racist, in effect.

Back to Crook:

Casting Trump supporters as fearful of change is risible – he was hardly the status quo candidate.

This statement hides the ball: all reactionary populist candidates, including Trump, explain to their electorate that the painful changes they’re experiencing—in this can’t shifting labor and capital markets meaning you can’t get a job and you can’t sell your house or treat it as a savings account, and your children can’t get good jobs—are changes from a golden past. Yes, an important element of Trump’s supporters fear change. They want to reverse that change. This requires deviation from the status quo, Clinton/Obama/Clinton progressivism, which is blamed in this cosmogeny for the death of that golden era.

And I cannot see what principle of political economy makes it stupid to be a fiscal conservative if you live in West Virginia.

I’m delighted to read, “I cannot see,” in the midst of instructions not to depict your opponents arguments as illegible. Mark one point for the petard and we continue: of course fiscal conservatism at the Federal level is an intelligible and defensible position. But as West Virginians, is that right? West Virginia has been the victim of extractive New York policies for two centuries. We, the rich coastals, owe it an enormous debt. There, that’s the principle of political economy that makes it foolish to advocate fiscal conservatism from West Virginia.

At least, if you’re going to advocate it, you need to get something appropriate in return—say, a reputation for fair dealing and honest service of political ideas that you can use to make major policy changes.

Of the five positions cited, none of them describe a position I understand as both intelligible and legitimate. Everywhere I can understand a clear argument, it’s for a position that’s not only mistaken—I hold plenty of mistaken positions!—but for positions that were advocated, tried, understood, and abandoned as toxic decades ago. And where I can’t understand a clear argument, I take them—as I do for unintelligible leftist arguments—as cover for ideas not welcome in polite company.