May 16, 2017

New horizons

I handed in my dissertation two weeks ago. There’s a few things to finish up but the major things I’ve wanted to deliver this year - a cryptanalysis report, an evolutionary computing experiment, my video processing dissertation - are all done. So from my perspective I’m pretty much done and awaiting Graduation come July!

The Masters year was exhausting and I’m a little burned out, so I’m hoping not to rush into anything. I’ve wanted to go travelling in Europe for a few years now but kept finding interesting internships instead. Now between University and what-comes-after I have a natural gap.

Continue reading…

May 15, 2017

Tilewater, a miniature city builder.

Tilewater is a little sandbox game I’ve built in Rust. It’s a sandbox game, where you place roads and buildings and simulated people (sims) live out their lives in the world you’ve built.

Sims arrive by train, move into their houses, visit general stores for their groceries, visit saloons to drink and find work, and then work in factories. Play the video to see it in action:

Continue reading…

May 14, 2017

WannaCrypt and Government IT

WannaCrypt is the malware whose remarkable spread from mass emails to leaping across vulnerable SMB servers has led to major problems for many organisations in the last few days - in particular the NHS. Much has been written about its spread and MalwareTech’s heroic but accidental halting of its spread.

The British prime minister, Theresa May, and NHS Digital said they were not aware of any evidence that patient records had been compromised in the attack. May said: “This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected.”

This would seem to be true. WannaCrypt did not exfiltrate data from SMB shares, merely encrypting it. But this is only true because its motivation was extorting BitCoins. A more strategic attacker could have infiltrated at least as deeply, accessing systems that deal with highly-confidential patient data. This could be used for information, influence, or as a weapon.

Continue reading…

Apr 5, 2017

Building an encrypted virtual drive with FUSE.

Today I’ve been at a mini-hackday in Liverpool, part of the National Conference for Learning and Teaching in Cyber Security. Day 1 has some cybersecurity competitions, and a team of 3 of us participated in the Software Development stream.

I’ve been to a lot of hackdays—between 16 and 20 I won prizes in at least six of them. I picked up a minimal-product/prototyping mindset, but it was hard to keep going afterwards. Over time my enthusiasm waned. The time limits, intensity and limited feedback hindered stretching my boundaries.

This competition seemed quite interesting because writing Cryptography-related software is hard. It’s hard to start off in the right direction, and easy to screw up later on. As such having professional feedback on an interesting day of work sounded great.

So, our task was to build encrypted local partitions. We had to build a system which stored encrypted keys on USB keys. Inserting such a USB key automatically prompted users to authenticate for a particular key. The encrypted volume was then to be used as a virtual drive.

Continue reading…

Mar 31, 2017


On Tuesday night I tried to tweet some thoughts about Brexit:

Continue reading…

Mar 28, 2017

Designing a better home for writing, part 1.

This blog experienced a lull from 2014-07-07 to 2017-02-27, some 966 days. A lot happened in that timespan - I went through a long period of therapy, spent awhile reverse-engineering Dig data from dead ESRI databases in an Archaeology department, and got into everything from Swing Dancing to Python.

What didn’t change was that the old design, well, sucked. I don’t mean that it was the worst thing ever, but it was underwhelming as a place to write. So I’m going to talk through the redesign process.

Continue reading…

Mar 14, 2017

I've been published!

In the last month I’ve had two articles printed in the student newspaper, Nouse. Over the last year I've been collecting data on student union election candidates, and it was fantastic to pull the findings together.

Continue reading…

Mar 13, 2017

Security Risk Assessments of Semi-Autonomous Vehicles

I’m in my 4th year at York, the Masters year of my MEng Computer Science degree. This term I’ve taken the Topics in Privacy and Security (PSEC) module, which takes a wide technical swath through privacy and security issues. But the assessment is mostly focused on password cracking and doing a security risk assessment for automated road convoys.

We’re assessing how to bring an EU-funded project, SARTRE, to market. The concept, “Safe Road Trains for the Environment,” allows an equipped car to automatically follow ~6m behind a Lead Vehicle. You could sit back and watch a movie—er, do productive work.

SARTRE following drivers doing immersive non-driving tasks

Continue reading…

Mar 12, 2017

Glad I was wearing a cycle helmet

One of my favourite things about York is how bicyclable it is. I grew up in the countryside but somewhere decidedly not safe to cycle from, so it’s a very welcome change. Aside from a couple of minor things it’s worked fine for the last 5 years. On Friday (2017-03-10) I had a bit of an accident.

Continue reading…

Mar 3, 2017

Recursive Enum expression trees in Rust

I mused about an implementation of expression trees in Rust two days ago. This is to build a Genetic Programming library in Rust - an biologically-inspired approach to finding robust solutions to difficult problems.

As discussed elsewhere I’ve become a keen fan of Rust. This language’s limited generics pose interesting problems for expressing and generating equations as described above.

There are two common ways to represent a tree datastructure:

Continue reading…

Mar 2, 2017

Introduction to Evolutionary Computing

I took an Evolutionary Computation course last semester, EVCO. This is a family of techniques where you simulate evolution to find good solutions to problems. Let’s watch an evolutionary process evolve vehicles that can get through a course:

I’d like to thank Dr Daniel Franks for a great course, enthusiastic teaching and many of the examples here.

Let’s say you want to learn an equation that approximates a function. This is a simple example - one of my evco examples evolves Snake players. We’ll use an evolutionary approach called Genetic Programming, which evolves trees representing expressions.

Continue reading…

Mar 1, 2017

Securing legacy ColdFusion or: Why escape spaces against XSS?

I’m in my Masters year at the moment, which means I have a lot fewer classes but a lot higher expectations in assignments. I’m also undertaking an MEng project (I’ll write about this sometime.) So I have a lot more unreserved time but a bit more work to do. I’ve been filling one day a week doing security and maintainance work on old ColdFusion web applications.

ColdFusion is an old web technology that Macromedia put out. It’s like you implementated of PHP in HTML tags. For I have been working with it - trying to secure a large number of small webapps built with it in years gone by.

There’s a bit of a problem with securing these legacy apps. They’re a mess, and ColdFusion is insecure by default. Let’s take some typical Ruby erb markup:

Continue reading…

Feb 28, 2017

Generating expression trees in Rust

I’ve been writing a lot of Rust. Since \@Taneb persuaded me to try it the language has grown phenomenally on me. I’ve always shied away from getting too attached to tools and focused more on systems but for the first time since my early Ruby days I’ve become a language fanboy.

While building my Genetic Programming library I needed a convenient way to represent and generate syntax trees. More than anything I wanted users to write a minimum of code. I used an interesting but problematic Recursive Enum approach that’s worth discussing.

enum Equation {
    Add(Box<Equation>, Box<Equation>), // l + r
    Sub(Box<Equation>, Box<Equation>), // l - r
    Mul(Box<Equation>, Box<Equation>), // l × r
    Div(Box<Equation>, Box<Equation>), // l ÷ r
    Float(f64), // n

This is a very neat representation of a syntax tree for basic mathematics. One can express math quite simply:

Continue reading…

Feb 27, 2017

Engineering as slowly as possible

I’ve become a fan of developing, “as slowly as possible.” It’s proven hard to crystallise what feelings this sums up, but I relate it to slow, logical, conscious System Two thinking.

The way you start a project indicates a lot about how it will progress. Something that gets a testsuite early on will probably keep one going; something that is essentially untested is hard to improve. This hill can be climbed over if one is lazy or very disciplined - but sustained effort to undo unforced mistakes is hard.

So making the right decisions at the right time is important. Ideally we should favour sustained velocity over quickly hacking something together and forgetting about it. We should have good craft in order to still move fast: building things well rather than just building them.

Continue reading…

Jul 7, 2014

UoYBus: bus times for the University of York

Since November I’ve been quietly running UoYBus, a live bus times webapp focused on the particular whims of the #4 and #44 bus routes serving University of York. Today I released a big improvement.

Continue reading…

Feb 24, 2014

You can't unsell Hospital Records

The Telegraph reported today that hospital records from 1997-2010 have been sold to insurance companies. They appear to be referring to HSCIC’s Hospital Episode Statistics, a database of NHS hospital records.

Continue reading…

Oct 29, 2013

Going back to College

It’s been a while since my last post. After living in London for a few months and working out of Shoreditch Works, I chose to head back to York with the new academic year - rather a tough choice given my other, international option.

Continue reading…

Apr 1, 2013

How probable are 3 consecutive birthdays?

Have you ever wondered what the likelihood is of having three consecutive birthdays in a row? It’s a fun excursion from the classical statisical brain teaser on the birthday problem.

Continue reading…

Mar 29, 2013

Steady state community

Amazon’s purchase of Goodreads, a social reading community, has reminded me of the difference between building a community and building a business. Goodreads definitely could be a value add for Amazon and the Kindle, yet unless they treat it with a light touch it could become far more of a Goodkindlereads.

Continue reading…

Feb 11, 2013

A first look at Quantum Computers

The computer in front of you is pretty powerful, but it can’t factor a 600-digit number before Earth gets cooked by the Sun. No supercomputer humanity does or could build could do that either, so it seemed a sure bet to base the security of some encryption schemes on factoring being (exponentially) hard.

Continue reading…

Feb 7, 2013

Train Data Revisited

I mentioned Network Rail’s feeds briefly last time but hadn’t yet looked into them much. Thanks to Samuel Littley for letting me know a bit more about them. Sign up and your access will be activated within an hour or so. Given that mine was granted at 3am GMT I suspect it’s automated.

Continue reading…

Jan 26, 2013

Trains and East Coast positioning data

Back in 2011 I built TrainTrackr, a rapidly-built iOS app that worked together with a web interface to track train journeys. It seemed a brilliant way to tracing delays to trains and getting accurate data on their speeds along the route.

Continue reading…

Dec 19, 2012

Remian: a modern virtual machine

Anyone who follows me on Twitter has probably read that I’m building a virtual machine of my own, named Remian. I’ve reached v0.1.1 and an initial release, so now is the perfect time to talk about why you should try it.

Continue reading…

Nov 14, 2012

Two weeks with Go: an initial review

As someone who grew up with scripting languages, C and it’s closer brethren always felt incredibly backward. The result of all their decades of history seems to be that obscure compiler flags and awkward syntax are an affectation of the entire community. I don’t care for it, much as I like how fast the code can execute.

Continue reading…

Nov 1, 2012

Building services with iMessage

Earlier this year, David Kendal and I discovered you can fairly easily send and receive iMessages using Ruby. The key is to interact with OS X’s Messages app, more specifically it’s AppleScript bindings. We built and released iREPL, a Scheme programming environment that you can use on your iPhone/iPad without having to jailbreak. I’ve been using it for months when I fancied hacking some Lisp.

Continue reading…

May 1, 2012

On efficiently pairing socks

Anyone who has done an appreciable amount of laundry has probably noticed the time commonly taken matching up socks of different styles and colours.

My efforts to optimise the process have led me to the curious practice of un-matching: making pairs of socks so as to deliberately not be a matching pair. It’s much faster, much simpler to compute and yet because there is a process behind it you have a defence against allegations of laziness.

Continue reading…

Apr 13, 2012


A couple of months ago, whilst playing with Messages Beta for Mac, it occured to me that it’d be a lot of fun to programmatically send messages. After I built a basic, insecure Ruby Shell for iMessage, David Kendal decided to rebuild it and switch to Scheme - for which a secure sandboxed version existed in the form of Heist.

Continue reading…

Aug 29, 2011

Development Sparks

When we encounter a problem as developers, there’s usually 3 ways to solve it. There’s the hacky way with its attendant long-term maintainance costs. There’s a way which works without too much trouble. And there’s the spark of genius that solves all the troubles with the minimum of effort.

Continue reading…