Software

Just because you can, doesn’t mean you should

Python lets programmers redefine initializers at runtime. Don’t do that.

Screen Shot 2017-05-19 at 19.07.53

The C preprocessor lets programmers redefine “true”. Don’t do that.

Screen Shot 2017-05-19 at 17.11.35

Swift lets programmers use very foolish variable names. This may be the lesser sin, but still, don’t do that.

Screen Shot 2017-05-19 at 17.07.26

Given python has a reputation for relatively defect-free code, it’s remarkable how few guards it has for enforcing good code — no type safety, no access modifiers, only enforced indentation.

Standard
Software

Executable images

Twenty years ago, back in 1997, there was an urban legend that some images contained viruses.

“Absurd!” thought the teenage me, “Images are just data, they can’t do anything!”

Well, I was wrong. In 2004, researchers found a bug in a Microsoft JPEG library which allowed a well-crafted .jpg to totally compromise a computer — file system, arbitrary code, administrator access, everything. Obviously that particular bug has now been fixed, but it did make me realise quite how badly broken things can be.

Despite all the tools that help us software engineers solve problems, reduce our bug count, secure our software, and develop things faster, we still don’t seem to have this as our mindset. We have professional groups, but membership of them is not needed for jobs. Automated tests exist, but knowledge of them is limited and use even more limited (for example, I wish I could say I had professional experience of them since university, but no such luck). We don’t have anything like a medical licence (or even just the hippocratic oath), there is nothing to stop people practicing code without a licence the way people are prevented from practicing law without a licence.

And now, we’re making a world where A.I. replaces humans. Automation is fine, nothing wrong with it… but if you assume the computer is either always right or that the errors are purely random, you will be blind to problems this causes.

Hackers.

I can’t say that I have “a hacker mentality”, but mainly because the phrase means completely different things to different people, so I will say this: I see loopholes everywhere, systems that can be exploited by malevolent or selfish people, not just accidentally by those who can’t follow instructions.

How many people, I wonder, travel on fake rail tickets or bus passes that came out of their home printers? How many, when faced with a self-service checkout, will tell the terminal that their expensive fancy foreign cheese is actually loose onions?

This sort of thing is dealt with at the moment by humans — it was a human who realised it was odd that one particular gentleman kept buying onions, given the store had run out some time ago, for instance — but the more humans fall out of the loop, the easier it is to exploit machines.

This brings me to QR codes. QR codes are somewhat stupid, in that they are just some text encoded in a way that a computer can read easily, with some error-correction codes so it can survive a bit of dirt or a bad reflection. This is stupid, partly because it really hasn’t taken long to make A.I. which can read text from photos just fine (making the codes redundant), but mainly because humans can’t read the codes (making them dangerous).

Dangerous? Well, just as with URL-shorteners, you may find yourself looking at a shock site rather than the promised content… but that’s not really the big problem.

If you can, try to scan this QR code. No goats, lemons, or tubs, I assure you (and if you don’t know what those three words have in common, you may want to retain your innocence), but please do scan this code:

Executable QR code

What does it do for you? I’m curious.

If you don’t have a QR code scanner, I’ll tell you what it says:

data:text/html;,alert("Your QR code scanner is hackable")

That is literally what it says, because a QR code is just text that’s easy for a computer to read. This is a data URI, which contains some JavaScript, which opens an alert message. If you want, copy it into the address bar of your browser, just as if it were a website — press return or “go” or whatever works on your system.

It’s an executable image. Nothing nefarious, just proof of concept.

What does that mean for the world? Well, what do people do with QR codes? Well, not people, people don’t use them… what do businesses do with QR codes? Mine is a harmless example, but what happens if UK Limited Company Number 10542519 makes a QR code from their name… and it shows up in the vision system of a computer that, owing to our profession’s move-fast-and-break-things attitude, naïvely trusts input without anyone having considered that could be a bad thing?

Some social networks know (and complain) if I try to use a profile photo that doesn’t have a face in it. If that’s a general-purpose computer vision system, it may well also recognises QR codes (because QR codes are easy to recognise, and because “more features!” is a business plan). If your business can’t resist a Bobby Drop Tables username, it won’t be in business for very long — but the same may happen to Bobby Drop Table faces, if you’re not careful.

Governments are all over the place when it comes to security, just like the private sector. What happens if a wanted criminal wears a face mask that is the QR code version of Bobby Drop Tables?

Robert'); DROP TABLE criminals;--

And suddenly, no more criminal record? Well, not in that jurisdiction anyway.

Standard
Science, Technology

Railgun notes

Force on the projectile of a railgun:
F = B·I·l
B: Magnetic field
I: Current
l: Length of armature

Current = Voltage / Resistance

Resistivity of seawater:
ρ = 2.00×10^−1 (Ω·m) (because = (Ω/m-length)*(cross-sectional area))

Let cavity be 1cm square, consider section 1cm long:

Volume: 1 millilitre
mass (m): ~1 gram = 1e-3 kg
Cross-section: 1e-4 m^2
Armature length (l): 1e-2 m
Resistance: ((2.00×10^−1 Ω·m)*0.1m)/(0.01m^2) = 20 Ω
∴ current (I) = Voltage (V) / 20 Ω

Rare earth magnets can be 1 tesla without much difficulty. Assume that here.

F = 1 T · (V/20 Ω) · (1e-2 m)

Target velocity: 11.2 km/s = Escape velocity = 11200 m/s
v = at = 11200 m/s
∴ a = (11200 m/s) / t
s = 1/2 · a · t^2
∴ s = 1/2 · ( (11200 m/s) / t ) · t^2
= 1/2 · (11200 m/s) · t
or: t = s / (1/2 · (11200 m/s))
F = ma = (1e-3 kg) · a
∴ a = F / (1e-3 kg)
∴ t = (11200 m/s) / (F / (1e-3 kg))
= (11200 m/s) · (1e-3 kg) / F
∴ s = 1/2 · (11200 m/s) · (11200 m/s) · (1e-3 kg) / F
∴ s = 1/2 · (11200 m/s) · (11200 m/s) · (1e-3 kg) / ( 1 T · (V/20 Ω) · (1e-2 m) )

Say V = 250 volts:
∴ s = 1/2 · (11200 m/s) · (11200 m/s) · (1e-3 kg) / ( 1 T · (250V/20 Ω) · (1e-2 m) ) = ~501760 meters

Say V = 25,000 volts:
∴ s = 1/2 · (11200 m/s) · (11200 m/s) · (1e-3 kg) / ( 1 T · (25000V/20 Ω) · (1e-2 m) ) = ~5017.6 meters

Liquid mercury instead of seawater:
Resistivity: 961 nΩ·m = 0.961e-6 Ω·m
Resistance: 9.6e-6 Ω
Density: 13.56 times water
F = 1 T · (V/9.6e-6 Ω) · (1e-2 m)
s = 1/2 · (11200 m/s) · (11200 m/s) · (13.56e-3 kg) / ( 1 T · (V/9.6e-6 Ω) · (1e-2 m) )
@250 volts: s = 3.266 meters
@25kV: s = 32.66 millimeters

Power (DC): P = IV where I = V/R,
R = 9.6e-6 Ω
@250 volts: I = 250 / R = 250 V / 9.6e-6 Ω = 2.604e7 amperes
∴ P = 6.51 gigawatts
@25kV: I = 25000 / R = 25000 / 9.6e-6 Ω = 2.604e9 amperes
∴ P = 65.1 terawatts

Duration between rails:
From t = s / (1/2 · (11200 m/s))
@250 volts:
t = 3.266 meters / (1/2 · (11200 m/s)) = 5.8321×10^-4 seconds
@25kV:
t = 32.66 millimeters / (1/2 · (11200 m/s)) = 5.8321×10^-6 seconds

Electrical energy usage:
E = P · t
@250 volts:
E = 6.51 gigawatts · 5.8321×10^-4 seconds = 3.797×10^6 joules
@25kV:
E = 65.1 terawatts · 5.8321×10^-6 seconds = 3.797×10^8 joules
(For reference, 1 litre of aviation turbine fuel is around 3.5e7 joules)

Standard
SciFi, Video

Megastructures

Megastructures are big. Really big. You just won’t believe how vastly, hugely, mind-bogglingly big they are. I mean, you may think you live in a big city, but that’s just peanuts to even the smallest megastructure.

Three of the more famous megastructures:

  • A Halo installation: 10,000 km by 318 km (¹)
  • A Culture Orbital: 3,000,000 km by 12,000 km
  • Larry Niven’s Ringworld: 299,200,000 km by 1,600,000 km (²)

Oh, and the Sun for scale. It’s at the end of the video, the small white dot in the middle of the Ringword’s… er… ring. Radius 695,700 km.

Rendered with https://threejs.org/editor/

¹ Do not put a big ring this close to the ground. If you do, the heavy stuff of the ring will pull on the big deep water between land, making the water go very high and over everything, and everyone will have a bad day and not go into space ever.

² A Dyson sphere is the same size, but fully encloses the star instead of just encircling it

Standard
Uncategorized

The passage of time

The last US presidential election was just over four years ago. I was buying a home.

Since then, my father died. I had one brief girlfriend and now have a long-term partner.

My partner is a traveller, and with her I have been to Paris, Berlin, Amsterdam, Belfast, Budapest and Barcelona; the British Peak- and Lake Districts, to the Rutland Water Nature Reserve, to and around the Norfolk Coast AONB and the Norfolk Broads, to Oxford, to York, (and I have shown her the South Coast where I grew up, Portsmouth, Chichester, Arundel, Brighton, and the Queen Elizabeth Country Park); in Kenya to Nairobi and to Hells Gate National Park; in California to San Francisco, Asilomar, along Route 1, Sacramento, the Sequoia, Sierra and Yosemite national parks, to Fort Bragg’s “Glass Beach”, to Lakes Berryessa and Tahoe; and because of her but not with her I have been to Rotterdam, Berlin (again), Hannover, Frankfurt, Zürich, Heidelberg, Köln, and Luxembourg.

I lost a friend because of Brexit, and somehow then managed to become an international dog minder. I’ve looked after six fluff-faces in three countries over the last four and a half months.

The post-Brexit months have taken me from (Duolingo level) zero to 20 in Esperanto, seen me write a short story and add a few tens of thousands of words to my novel.

The election (and Brexit) gave me despair, but writing down all the things that have gone well has given me hope. Yes, I know I’m privileged. I sympathise, and in the cases of religious and sexual minorities I empathise, but I really don’t know what to do to help those in need any more.

Standard
Politics

EU

One of my memories growing up was the news of John Major vowing to veto every piece of EU legislation in retaliation for the BSE trade restrictions: http://articles.latimes.com/1996-06-22/news/mn-17472_1_european-union

It wasn’t very effective.

My father told me it had failed because it meant the UK was vetoing everything that the UK wanted to do as a member of the EU while also failing to prevent other member states from agreeing with each other to do things that only the UK stood in the way of.

What happens if we leave? Well, we don’t get so many chances to tell the EU decision makers what we want the EU to do while also failing to prevent other member states from agreeing with each other to do whatever they want.

Stay in? Well, a veto can be used more effectively that it was. Vetoing everything is just throwing a temper tantrum no more effective than holding your breath until you go purple — they know you’ll give in without them having to do anything. Vetoing just the stuff you don’t like? That can work.

We can’t just order the EU around like it’s one of our colonies. We can send our representatives there to negotiate our interests on our behalf (and we do), but the difference between a negotiator and a dictator is that negotiators can agree to bear costs — money, changes to the law, to keep troops away from certain places or in other places, and presumably just about anything else.

Claiming the EU “dictates” the laws of the UK is deceptive; we ask our people to negotiate the details of what the entire EU will do. We ask. Our people.

And if the result of that negotiation really sucks, we can say no in a multitude of ways — and I don’t just mean “Non”, “Nein” and so forth. We have vetoes. And we choose the specifics of the laws the negotiations asked for, giving us the power to frustrate the spirit of an agreement while keeping to its letter. And ultimately, we can invoke the same powers that a “leave” vote would invoke.

Of course, some of those ways of saying “no” are rubbish (just ask Major!) but that’s true for much of life: if your boss asks you to go to a conference in Qatar, you could say “No, I quit!” and look for another job, or you could say “I’m openly gay and they have anti-gay laws. Find someone else.”

Brexit? Well, it looks more like a teenager yelling “I hate you!” and slamming the door on their parents than a new graduate moving out of the family home for their first job — strong feelings, no appreciation for the benefits they have enjoyed nor the costs others have borne, and a plan for the future so vague it can only be described as “speculative”.

Standard