Posts from 2017

Jun 21, 2017

Day 2: Walking Paris

The first city in my big rail trip has been Paris. I’ve been here before with family, but my memories were limited to a hawker at the Eiffel Tower and getting my shoelace stuck in an escalator at the Disneyland Paris train station.

Continue reading…

Jun 18, 2017

Day 1: Wakefield–London–Paris

Today is the first leg of my big rail trip. We’re taking two trains, the first from Wakefield (in Yorkshire) down to London and the second across to Paris.

Continue reading…

Jun 17, 2017

Paris–Amsterdam–Hannover–Berlin–Prague

In New Horizons last month I talked about submitting my dissertation and planning what came next. I’m excited and a little nervous to have settled my next steps (see upcoming posts), and I’m starting with two weeks travelling Europe by train.

Continue reading…

May 16, 2017

New horizons

I handed in my dissertation two weeks ago. There’s a few things to finish up but the major things I’ve wanted to deliver this year - a cryptanalysis report, an evolutionary computing experiment, my video processing dissertation - are all done. So from my perspective I’m pretty much done and awaiting Graduation come July!

The Masters year was exhausting and I’m a little burned out, so I’m hoping not to rush into anything. I’ve wanted to go travelling in Europe for a few years now but kept finding interesting internships instead. Now between University and what-comes-after I have a natural gap.

Continue reading…

May 15, 2017

Simulating miniature cities with Tilewater

Tilewater is a little sandbox game I’ve built in Rust. It’s a sandbox game, where you place roads and buildings and simulated people (sims) live out their lives in the world you’ve built.

Sims arrive by train, move into their houses, visit general stores for their groceries, visit saloons to drink and find work, and then work in factories. Play the video to see it in action:

Continue reading…

May 14, 2017

WannaCrypt and Government IT

WannaCrypt is the malware whose remarkable spread from mass emails to leaping across vulnerable SMB servers has led to major problems for many organisations in the last few days - in particular the NHS. Much has been written about its spread and MalwareTech’s heroic but accidental halting of its spread.

The British prime minister, Theresa May, and NHS Digital said they were not aware of any evidence that patient records had been compromised in the attack. May said: “This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected.”

This would seem to be true. WannaCrypt did not exfiltrate data from SMB shares, merely encrypting it. But this is only true because its motivation was extorting BitCoins. A more strategic attacker could have infiltrated at least as deeply, accessing systems that deal with highly-confidential patient data. This could be used for information, influence, or as a weapon.

Continue reading…

Apr 5, 2017

Prototyping an encrypted filesystem with FUSE

Today I’ve been at a mini-hackday in Liverpool, part of the National Conference for Learning and Teaching in Cyber Security. Day 1 has some cybersecurity competitions, and a team of 3 of us participated in the Software Development stream.

I’ve been to a lot of hackdays—between 16 and 20 I won prizes in at least six of them. I picked up a minimal-product/prototyping mindset, but it was hard to keep going afterwards. Over time my enthusiasm waned. The time limits, intensity and limited feedback hindered stretching my boundaries.

This competition seemed quite interesting because writing Cryptography-related software is hard. It’s hard to start off in the right direction, and easy to screw up later on. As such having professional feedback on an interesting day of work sounded great.

So, our task was to build encrypted local partitions. We had to build a system which stored encrypted keys on USB keys. Inserting such a USB key automatically prompted users to authenticate for a particular key. The encrypted volume was then to be used as a virtual drive.

Continue reading…

Mar 31, 2017

Brexit

On Tuesday night I tried to tweet some thoughts about Brexit:

Continue reading…

Mar 28, 2017

Designing a better home for writing, part 1

This blog experienced a lull from 2014-07-07 to 2017-02-27, some 966 days. A lot happened in that timespan - I went through a long period of therapy, spent awhile reverse-engineering Dig data from dead ESRI databases in an Archaeology department, and got into everything from Swing Dancing to Python.

What didn’t change was that the old design, well, sucked. I don’t mean that it was the worst thing ever, but it was underwhelming as a place to write. So I’m going to talk through the redesign process.

Continue reading…

Mar 14, 2017

Resuming writing

In the last month I’ve had two articles printed in the student newspaper, Nouse. Over the last year I've been collecting data on student union election candidates, and it was fantastic to pull the findings together.

Continue reading…

Mar 13, 2017

Security Risk Assessments of Semi-Autonomous Vehicles

I’m in my 4th year at York, the Masters year of my MEng Computer Science degree. This term I’ve taken the Topics in Privacy and Security (PSEC) module, which takes a wide technical swath through privacy and security issues. But the assessment is mostly focused on password cracking and doing a security risk assessment for automated road convoys.

We’re assessing how to bring an EU-funded project, SARTRE, to market. The concept, “Safe Road Trains for the Environment,” allows an equipped car to automatically follow ~6m behind a Lead Vehicle. You could sit back and watch a movie—er, do productive work.

SARTRE following drivers doing immersive non-driving tasks

Continue reading…

Mar 12, 2017

Cycle helmet saved my noggin

One of my favourite things about York is how bicyclable it is. I grew up in the countryside but somewhere decidedly not safe to cycle from, so it’s a very welcome change. Aside from a couple of minor things it’s worked fine for the last 5 years. On Friday (2017-03-10) I had a bit of an accident.

Continue reading…

Mar 7, 2017

YUSU elections put under the microscope: college and gender imbalances

Continue reading…

Mar 3, 2017

Recursive Enum expression trees in Rust

I mused about an implementation of expression trees in Rust two days ago. This is to build a Genetic Programming library in Rust - an biologically-inspired approach to finding robust solutions to difficult problems.

As discussed elsewhere I’ve become a keen fan of Rust. This language’s limited generics pose interesting problems for expressing and generating equations as described above.

There are two common ways to represent a tree datastructure:

Continue reading…

Mar 2, 2017

Introduction to Evolutionary Computing

I took an Evolutionary Computation course last semester, EVCO. This is a family of techniques where you simulate evolution to find good solutions to problems. Let’s watch an evolutionary process evolve vehicles that can get through a course:

I’d like to thank Dr Daniel Franks for a great course, enthusiastic teaching and many of the examples here.

Let’s say you want to learn an equation that approximates a function. This is a simple example - one of my evco examples evolves Snake players. We’ll use an evolutionary approach called Genetic Programming, which evolves trees representing expressions.

Continue reading…

Mar 1, 2017

Why we escape spaces against XSS

I’m in my Masters year at the moment, which means I have a lot fewer classes but a lot higher expectations in assignments. I’m also undertaking an MEng project (I’ll write about this sometime.) So I have a lot more unreserved time but a bit more work to do. I’ve been filling one day a week doing security and maintainance work on old ColdFusion web applications.

ColdFusion is an old web technology that Macromedia put out. It’s like you implementated of PHP in HTML tags. For I have been working with it - trying to secure a large number of small webapps built with it in years gone by.

There’s a bit of a problem with securing these legacy apps. They’re a mess, and ColdFusion is insecure by default. Let’s take some typical Ruby erb markup:

Continue reading…

Feb 28, 2017

Generating expression trees in Rust

I’ve been writing a lot of Rust. Since \@Taneb persuaded me to try it the language has grown phenomenally on me. I’ve always shied away from getting too attached to tools and focused more on systems but for the first time since my early Ruby days I’ve become a language fanboy.

While building my Genetic Programming library I needed a convenient way to represent and generate syntax trees. More than anything I wanted users to write a minimum of code. I used an interesting but problematic Recursive Enum approach that’s worth discussing.

enum Equation {
    Add(Box<Equation>, Box<Equation>), // l + r
    Sub(Box<Equation>, Box<Equation>), // l - r
    Mul(Box<Equation>, Box<Equation>), // l × r
    Div(Box<Equation>, Box<Equation>), // l ÷ r
    Float(f64), // n
}

This is a very neat representation of a syntax tree for basic mathematics. One can express math quite simply:

Continue reading…

Feb 27, 2017

Engineering as slowly as possible

I’ve become a fan of developing, “as slowly as possible.” It’s proven hard to crystallise what feelings this sums up, but I relate it to slow, logical, conscious System Two thinking.

The way you start a project indicates a lot about how it will progress. Something that gets a testsuite early on will probably keep one going; something that is essentially untested is hard to improve. This hill can be climbed over if one is lazy or very disciplined - but sustained effort to undo unforced mistakes is hard.

So making the right decisions at the right time is important. Ideally we should favour sustained velocity over quickly hacking something together and forgetting about it. We should have good craft in order to still move fast: building things well rather than just building them.

Continue reading…

Feb 18, 2017

Battle of the colleges: who’s got the BNOCs

Continue reading…