Blog / musings
Aug 2018 – Music
Hooverphonic are a band I've known about for years and I have a couple of their albums on my iPod. I found myself trawling youtube the other day looking for something to do with house DIY of all things but randomly stumbled on a concert Hooverphonic filmed at the
hall back in 2012 and uploaded to YouTube. In English it's the Queen Elizabeth hall located in Antwerp in Belgium (logical really, given the band hail from that part of the world). The concert is unusual because it featured a full sized orchestra... along with a proper film crew and so if you're a fan, the result is pretty good. Virtually all the concert is on YouTube split into separate vid's.
2-Wicky sung by the enigmatic
was a bit of a treat to discover. There is something that reminds me of John Barrys work in the sound, sort of bond like, while Noémie seems to command the stage with an elegance way beyond her years.
Aug 2018 – Precision Grouping
As a younger man, my dad enjoyed around 2 years of training as a “sharp shooter” in the army – which in modern parlance might be described as sniper training. I have no recollection of what rifles he used, nor of the specifics of his training – but I know he was good. I do have a vivid memory of the two of us visiting air shooting galleries at funfairs when I was a kid and him teaching me how to improve my chance of winning the fluffy toy. A few years after the loss of my dad, I got a strong urge to explore sports air shooting a little further.
I found a suitable club and after a few phone calls and following a safety induction course, became a probationary member. While on probation, experienced members vet you while you shoot on the range, assessing both your safe handling skills and the way you behave. That's the time you can make genuine mistakes but where other more experienced people can step in both to correct and educate. I count myself very lucky because the club turned out to be really exceptional, catering for all the important air shooting disciplines and attracting a friendly group of people from very different walks of life. Originally, my intention was to train myself within a supervised club environment over the course of a year to learn to properly and instinctively handle air guns safely. After that, I planned to swap to clay shooting with shot guns. But as sometimes happens with long term plans, I found the discipline and engineering involved so interesting and challenging that 5 years later on I still haven’t moved on.
UK legal limits for the muzzle energy of air guns is cut and dry - for a small air pistol the limit is 6 foot/lbs and for a longer air rifle, 12 foot/lbs. The foot/pound measurement captures both the speed at which the projectile flies as well as its weight (often measured in grams or more commonly grains). In order to keep within UK legal limits, a typical .22 pellet (15.89 grains) must travel at less than 583.1 feet per second (FPS) when shot from a long rifle, while a lighter .177 pellet (8.44 grains) can fly at 800.1 FPS. So what does that actually mean... well, by any standard UK air rifles are really very low power devices. You could easily throw a brick with more energy, while a crossbow will deliver 10 to 20 times the amount of energy. But, any tool, regardless of it being a car or a kitchen knife can cause irreparable harm if handled irresponsibly. Air guns are no different in that regard.
For the responsible air rifle user, tools capable of accurately measuring muzzle speed are always in the back pack. For an engineer, tools capable of measuring energy over time, help identify 'drift' (which will directly impact accuracy). The same engineer might observe changes in performance linked to changes in temperature, or might find the point at which air pressure in the rifle reservoir tapers off but which results in a muzzle energy peak. Other tools might provide a way of judging how well pellets group at a target by accurately detecting points of impact without having to use card sheets – and off course there are other interesting possibilities.
With roughly 5 years shooting experience under my belt, the potential for electronics to provide useful tools has been clear from day one and so an old friend and I have been hashing out some ideas on paper as to what sort of useful tools we might build. Early days yet, but keep an eye on my web site
for more details.
Aug 2018: Social Media
These days I find myself wondering about the cons of social media rather more than the pros. So much so that I am now actively considering ditching the whole lot.
I use Faceache a fair bit and for two main reasons. I want to keep in touch with family and friends resident in other countries. Conversations with the immediacy that faceache brings just wouldn’t be possible any other way. The second reason is because I can talk engineering with other like minded hobbyists. But I've always felt that Social Media networks have a shelf life (something the recently tumbling share price of the Zuckerberg empire supports) but more and more I also find myself weighing up its importance within my life and without just sitting there glued to a constantly changing and updating news feed page packed full of adverts... which brings to mind a meme I recently spotted (ironically) on facebook (see below)...
Twitter isn't much better, often feeling more like an echo chamber... or a sometimes rather unpleasant group think amplifier. Brevity isn’t always a good thing, as Twitter with wearying regularity demonstrates.
I understand that every time you use one of these services you are effectively trading personal exposure... but these days the personal cost is ramping up with misguided advertising, politically motivated targeting, censorship of ideas, misuse of your data (without any say) - and all in the face of authorities powerless to call anyone to account.
Still pondering, as I would very much miss chatting with friends in far away places
July 2018: Password Protection
While reading another software engineers comments about passwords a few weeks ago, I got to thinking about my own personal password policy and why (at least to my knowledge) I've never had any problems.
Yes I realise that's a dangerous claim... by definition who can ever be 100% sure they've never had a problem with a cracked account. I have accounts with dozens of internets giants - and unfortunately I know at least two who have been successfully hit in the past resulting in me (and millions like me) being advised to change our passwords... (I wonder how many folks out there simply ignored that suggestion anyway?)
So what do I do to avoid running into problems with these pesky things.
Well, it all starts with a mindset best described as... don't trust anyone with your data.
Don't use 3
parties to manage your credentials
So many of these so called secure services have been opened up to attack (even big players like LastPass have been hacked) and the fact that they apply across so many different platforms probably increases their vulnerability to the umpteen vectors an attacker can use. SQL injection is a good example - because attacks using this technique really shouldn't ever work, given SQL has provided parameterised stored procedures for decades... and yet so many web sites inexplicably choose not to use them. I use the same line of reasoning when it comes to the cloud. I understand the advantage of posting data on a remote server, because it makes it available everywhere... but it also makes it available to anyone in the company hosting the box and you’re assuming that whoever coded the front end knows about things like parameterised stored procedures.
It’s a little like leaving the car keys for your brand new Tesla with valet parking... probably safe, but check the milometer.
Use a desktop tool to manage your passwords
I use a desktop tool to manage all my passwords – and which has a reasonable (but not unbreakable) level of symmetric encryption built in (256 AES). The particular
I choose had versions for MS desktop, Android and Apple – and all of them can be synchronised. The UI is a bit basic, but sufficient to store fixed fields (like usernames and passwords) and can also cope with detailed notes - useful if you're applying for and installing SSL certification on different web servers.
That password manager has one password in order to open it – but on my desktop, the manager is actually stored inside a 2nd level defence – namely a fully encrypted volume of data that must be mounted with its own password in order to gain access. I use the excellent open source
software – and the volume it produces becomes my first line of defence against some 17 year old house thief who simply breaks into my house and steals an entire machine. Two passwords get me into the desktop and thereafter every single password I use for any online service is complex - see next point.
Use complex passwords for every account
Years ago I wrote a simple piece of software to generate random combinations of letters and numbers within specific limits (length etc). I use this to generate every single password I ever make. The fact that all of these passwords are stored in a manager, inside an encrypted volume, means that I only have to remember a pair of passwords to get access to anything I want.
Don’t use browser password managers
As otherwise that 17 year old house thief we mentioned earlier might find himself having a really good day.
Backup your password managment system
The encrypted volume I use to hold anything remotely sensitive is backed up in four different places - one of which is completely off site. I have daily backups, twice weekly backups and a monthly backup.
Keep the software up to date
An independent analysis of VeraCrypt revealed a number of security flaws in version 1.19, which were corrected in version 1.20 and 1.21 - demonstrating why it is important to keep this kind of foundation software up to date. Keep in mind that the scrutiny open source software endures is a really very good thing from your point of view. Other smart folks are finding those weaknesses... and fixing them. Make sure you take full advantage of their hard work.
My system isn't perfect. There are some weaknesses - but these are relatively localised - and better still, the systems I have in place work for me. My discipline copes well with the burden this adds - and so I'm used to having to take two steps before I can log into my electricity supplier for example. You need to find what works for you, but with a clear understanding of what the worst case could be... you know, that moment your face turns white, you break into a sweat and say out loud, "oh no".