Observations

by Lucas Nicodemus

Founder of TShock for Terraria.
Writer of a new knowledge system.

Read this first

Responsibility

You don’t have to ask permission to take responsibility.

Ed Catmull

Continue reading →


What if they’re lying?

It’s healthcare season in Congress again, and this time it’s the Graham-Cassidy version of “destroy all healthcare, Senate edition.” It’s got a lot of features that people don’t like, as with all prior versions. That’s not the point of this post, though.

Here’s the thing. For Republicans in Congress, the best posture on Obamacare is firmly against it. Except there’s a problem. CBO scores in past repeal efforts have shown a dramatic hike in the uninsured rate and premiums. Worse, these hits seem to land mostly in Republican-controlled districts. In too many cases, senators in particular often represent an electorate that is both against and dependent on the Affordable Care Act simultaneously.

This puts them in a huge bind. Not a single person in Congress wants to be responsible for millions of their constituents losing health care, because that means they get voted out. And if they

Continue reading →


It’s okay to buy a $1,000 iPhone.

iphonex_face_recognition_beach.jpg

In private, when discussing the latest iPhone, I’ve frequently said that $1,000 is the price barrier at which a new iPhone doesn’t make sense to me. I was wrong. It’s actually really okay, and I think it’s probably one of Apple’s most reasonably priced devices1.

It all comes down to how much people use the iPhone. A conservative estimate is 80 minutes a day, if we assume that an unlock probably equals about a minute of device use, and go on the 80 unlocks a day figure reported last year. In reality, this number is a lot higher for a large percentage of people – the people that buy battery cases and seemingly always have dead phones. Those people are why iPhone X has a 2-hour battery life improvement over the 7, incidentally. Apple doesn’t make product changes for the 1% – they make them for much larger percentages of people. The upper cap is probably on the likes of 4-5 hours of

Continue reading →


What happened to Pryaxis Jump?

Well, basically:

  1. It served its purpose in my life. I helped teach a lot of students a lot of information security principles.
  2. It made enough money to make supporting it a problem, but not enough to make supporting it worthwhile. It was a serious platform for a few key users, but not serious enough that I could justify continuing to offer support.
  3. It was built for a very segmented market. The cross section of high domain knowledge with high security knowledge was too small to enable a viable long term market to help #2.

I think CyberPatriot is a great operation, and I think it does a lot to encourage STEM at an early age. I think it does a reasonable job at teaching information security principles to students. I don’t think it’s accurate in the real world in a lot of ways, but it’s a great exercise. Jump served a role, but with more accessible score engines, its role is less

Continue reading →


A four hundred mile road

It’s like this: You’re driving down a four hundred mile road, cruising along at highway speeds. Everything is fine, when suddenly two engine cylinders go out.

The check engine light comes on. You know you need to stop and see if you can figure out what’s wrong. You pull over. You look under the hood, but you can’t spot anything. Confused, you try to start the engine again. Nothing. Dead. Not starting. You’re still three hundred fifty miles away from a town.

You remember passing a gas station a few miles back. You start walking. All the cars around you are flying by at highway speeds, like you were, but now you’re walking back, trying to figure out what to do.

You get to the gas station. You call a tow truck, but realize it’s going to take ages to arrive and cost $350 you don’t have. You buy an OBD-2 diagnostic tool so you can figure out what’s wrong with your car.

You walk back to

Continue reading →


A very in-depth look at Day One 2.0

I’ve been a fan of Day One for quite some time, and Day One 2.0 just came out. It’s a great update, worth every penny, but it lacks some polish that I’ve come to expect from Bloom, given how well the last version was in the last two years that I’ve used it.

The update really nails some key features. Importing from Day One Classic is a snap — the import process on iOS and Mac is fluid and fast, and it requires no extra interaction for people who are already on Day One Sync. A common pitfall that most import tools run into is duplication — running two imports generally duplicates all data that the first one did, but Day One intelligently only syncs data that is missing on the server. This means that the ideal upgrade workflow is just installing Day One and importing the entire database on all devices. Any entries that somehow weren’t synced properly will sync, and anything that already

Continue reading →


Email, screenshots, and trust

Recently, the Half-Life community has fallen victim to screenshot based email spoofing. A conversation is usually posted via screenshot, usually with something blurred out, showing a random community member exchanging words with someone important. Almost always1, these emails provide something akin to confirmation of the existence of a god.

21tvGHT.png

 How to spoof email

If you want to spoof an email from Gabe Newell, you have a couple different options.

  1. You could photoshop it. Email exchanges are always posted as screenshots, so just photoshopping text is trivial. Since you’re going to blur out your email address anyway (it’s a big secret), you have plausible deniability if anyone ever questions why the screenshot has photo editing EXIF data, or why it has compression artifacts, or why it looks fake. It was just a side effect of editing out my precious email address, and/or name!

  2. You could

Continue reading →


CyberPatriot 8 Round 1 Score Analysis

For the past several years1, I’ve analyzed CyberPatriot2 competition rounds using a Pryaxis product called The Magi.

This report covers the data The Magi collected during CyberPatriot 8 Round 1, during the entirety of the competition window.

After the competition window closes, CyberPatriot modifies scores to account for penalties, alternative score dates, and extenuating circumstances that warrant score modifications. Because this round had no Cisco/Networking scores, the scores compared here are free reveal how the CyberPatriot operations center alters scores from images after the competition closes.

 Removed Scores

CPOC’s3 released official score PDFs tell an interesting story about five teams.

One team, 08-2587, was listed as “Score Under Review,” and no score was provided. Their team was flagged as having multiple copies of the same image open but had a fairly “average” score of

Continue reading →


Pryaxis Jump

Over the last few years, I’ve been back and forth with ideas on how to improve training cyber defense best practices. No real world simulation platform is accurate1 or robust enough23 for more than basic use. As the popularity of competitions like CyberPatriot4 and National CCDC5 increases, tooling for simulating these environments has stagnated. I needed a way6 to build and train using advanced cyber defense scenarios, so I got a friend or two7, and together, we built Pryaxis Jump.

Jump allows someone with knowledge8 about information security, like a CyberPatriot coach or mentor, to marry training with real-time evaluation and results. For the longest time, competitors were trained prior to competitions with tutorials and given dense copies of benchmarks to memorize. Many times, they were “thrown off the deep end,” having been told to somehow secure systems with no guidance on what

Continue reading →


Just Ephemeral Enough

From GOODROOT, via Medium, on the permanent nature of social networks:

Things are different now. In our over-connected existence we have lost the ability to create a blank slate. When, previously, you could separate yourself from past lives and — through reflection and distance — achieve emotional growth and maturity, you are now inhibited by the confines of socially networked relationships. It has been ten years since I graduated the dregs of High School cliques and hierarchies, yet returning from socially ambiguous anonymity to the sun-exposed magnifying glass of social networks has sent me spiralling into strange old thoughts, beliefs, and desires.

I stopped using “Facebook proper” a fairly long time ago1. I rarely check News Feed, and while I occasionally post things to Timeline, I use Facebook as a record more than I do anything else – a permanent log of notable life events that

Continue reading →