To subscribe and have a chance to submit a post, all you have to do is go to https://alluri.ng and subscribe with the feed url on that page.

I wrote alluri.ng because reading feeds from blogs has been a much more enjoyable experience than using an algorithmic feed. If you need convincing of the merits, the ability to get an understanding of an author over many posts helps develop a more well rounded sense of what they are writing and the intention behind their words. Additionally, if you like an author, chances are that you will enjoy most of their posts rather than just the ones that are popular enough to get surfaced in an algorithmic feed.

The overall goal of this project isn’t to be big but rather a small community of individuals sharing blogs that they enjoy and that’s how I’ll judge the success of it. If you have any feedback or encounter any bugs, feel free to send it to [email protected].

Frostbite by Nicola Twilley

The refrigerator and freezer are among the most essential appliances in a modern kitchen, yet they are often the most taken for granted. In today’s world, most daily meals include foods that would be impossible to preserve and serve without this cooling technology. This work weaves together two fascinating narratives: the historical development of refrigeration technology and an exploration of the complex supply chains that deliver food to our modern refrigerators and freezers.

The United States already boasts an estimated 5.5 billion cubic feet of refrigerated space—a third polar region of sorts. This is an almost unimaginably large volume: the tallest mountain on Earth, Everest, occupies only roughly two-thirds that amount of space from base to peak

One Day by Gene Weingarten

This book offers a fascinating reminder that while most days may seem uneventful to most people, each day is deeply eventful for someone. The author’s premise is simple yet compelling: they randomly selected a single day and thoroughly investigated its events and their aftermath, even years later. For readers who often wonder about the long-term consequences of daily news headlines, this book provides a satisfying follow-up to those stories.

The Falcon Thief by Joshua Hammer

The protagonist of this book, obsessed with naturalist collecting from a different era, is led into a life of crime. Though reading like a novel, this true story follows the protagonist across continents as the author digs into the logistics and motivation behind this obscure crime.

Fat Leonard by Criag Whitlock

This exposé begins with small incidents and builds toward revealing systematic corruption by a contractor on a massive scale involving the U.S. Navy 7th Fleet. The resulting narrative implicates a broad spectrum of naval personnel in the scandal and exposes troubling cultural failures within the military’s procurement process. The account also provides insight into logistical operations in the U.S. Navy and how a culture of corruption arises and persists over time.

The Light Eaters by Zoe Schlanger

Although plant biomass massively outweighs human biomass, the view of plants as passive organisms has led to a disproportionate lack of attention. This wide ranging survey of recent plant research aims to correct this imbalance by exploring the sophisticated methods through which plants sense and react to their environment. The engaging analysis reveals the vast gaps in our understanding of plant life, challenging our assumptions about these complex organisms.

In the case of the arabidopsis, the way a plant notices that its sibling is beneath it is by sensing the quality of light reflected back. In other words, the sunlight passes through its own leaf, hits the sibling’s leaf beneath it, and bounces back up to hit the underside of its own leaf again. Somehow the information contained in that reflectance includes everything the plant’s photoreceptors need to decipher the other plant’s genetic relatedness.

Judgement at Toyko

While the Nuremberg trials are well known and commonly discussed as part of the reconciliation process after World War II, the parallel Tokyo trials are rarely mentioned despite having the same aim. The Tokyo trials’ proceedings reveal some of the most horrific conduct in the Asian theater of the war as evidence came to light. The court, composed of a coalition of international judges, faced considerable difficulties in both the day-to-day operation of the trials and the delivery of the final verdict. Though a challenging read, studying these trials offers a valuable insight into a different aspect of the postwar justice process.

• Use new techniques and technologies only when they make the application better.
• Strive to make an amazing application with fewer rather than more components.
• Don’t expect a user to know how you made an application in order to enjoy it.
• Gauge success by whether your user keeps using your application, not whether they think the application is “interesting”.
• Build and follow your tastes.

I like these because they aren’t absolutes but a good set of guidelines to help inform you and shape your direction. It’s a good set of bullet points that I will keep in mind when building new systems.

Varna is an AWS Lambda and a DynamoDB table that are meant to be quick to deploy and minimally invasive. The code is actually small enough that it can be reviewed by hand in a couple of hours. Varna uses Zappa to handle the bundling and deployment of Varna. This means that Varna can be deployed in under 5 minutes with very little changes to an existing AWS account.

Varna uses the CloudTrail logs that are written to an S3 bucket as the primary source of events. This means the only state that Varna maintains is a DynamoDB table of alerts that have been raised from triggering the rules. This means that Varna is cheap to run because it has minimal fixed costs.

Varna has several features that make it attractive for usage as an AWS account security tool. Varna uses signals from the S3 bucket where CloudTrail log files are being dropped to process log files as quickly as possible. This allows Varna to quickly process rules over new events as they happen and then deliver notifications to the administrator. Varna sends alerts via two methods, email or slack. In addition, Varna will deliver a periodic alert at a user defined interval to remind them about alerts they may have missed.

Varna also includes past search. This can frequently be used to shed light on what was happening around an event. Both the web interface and the command line script allow the administrator to run EQL queries over previous time windows. In the latest release, Varna can also be protected to only allow access by specific users via authentication.

Varna comes with a small suite of preexisting EQL analytics. These are meant to be tuned to an individual account and may not be suitable for any individual account. All of these are meant to be high signal alerts that indicate potentially dangerous actions that can be undertaken in an AWS account. Combined with the built in notification methods, this can be a quick means of detecting suspicious behavior for a cheap monthly cost while maintain rich customization.

You can check out Varna at github.com/endgameinc/varna

The Death and Life of the Great Lakes by Dan Egan

This was my top pick of the year, it’s a wonderful book by Dan Egan about the ecological history of the Great Lakes. It’s well told and remains clear but contains all the details you want to know about the story. The authors personal passion also plays into the story and it serves highlight the role that the lake plays on the communities that surround it.

When Einstein Walked with Gödel: Excursions to the Edge of Thought by Jim Holt

Not every essay in this book is going to make you set it down and think after you read it but quite a few will such that it takes a while to read this book. This book wanders all over the map but contains a number of scientific essays that drive insightful points home. This is such an excellently curated collection of essays that it’s a recommend read for almost any individual who has an interest in modern science.

Fentanyl, Inc.: How Rogue Chemists Are Creating the Deadliest Wave of the Opioid Epidemic by Ben Westhoff

Ben Westhoff is a gifted writer who has a talent for getting incredible sources to talk to him about the subject material and this book is no exception. The background is well covered and detailed while not becoming tedious. This is the best written history of both the drug crisis but also covered the very important aspects of how internet and shipping has changed the nature of the industry dramatically.

Exhalation by Ted Chiang

This book is an excellent collection of short science fiction stories. The stories are thoughtful stories and I’m reluctant to write more because I think they should be approached with no connotations. The book is very short and is an enjoyable afternoon read.

Full List of 2019 Books

• May We Suggest: Restaurant Menus and the Art of Persuasion
• Dreamland: The True Tale of America’s Opiate Epidemic
• The Black Swan
• The Trade: My Journey into the Labyrinth of Political Kidnapping
• Zeitoun - Dave Eggers
• Adam Smith: Father of Economics
• Who Gets What—and why
• Thinking in Systems: A Primer
• The Innovator’s Dilemma: When New Technologies Cause Great Firms to Fail
• The Grasshopper
• On Scandinavia: The almost nearly perfect people by Michael Booth
• The Feather Thief
• Prohibition: A Concise History
• The Death and Life of the Great Lakes
• When Einstein Walked with Gödel: Excursions to the Edge of Thought
• Big Dead Place: Inside the Strange and Menacing World of Antarctica
• An Economist Walks into a Brothel, and Other Unexpected Places to Understand Risk
• Randomistas: How Radical Researchers Are Changing Our World
• Extreme Makeover: A Novel by Dan Wells
• Stubborn Attachments: A Vision for a Society of Free, Prosperous, and Responsible Individuals
• Building Successful Online Communities: Evidence-Based Social Design
• The Dawn of Eurasia: On the Trail of the New World Order
• How Asia Works
• On Freedom by Cass Sunstein
• Opt Art: From Mathematical Optimization to Visual Design
• Fentanyl, Inc.: How Rogue Chemists Are Creating the Deadliest Wave of the Opioid Epidemic
• Open Borders: The Science and Ethics of Immigration
• The Fifth Season / The Obelisk Gate / The Stone Sky by N. K. Jemisin
• The Craft Sequence By Max Gladstone
• Axiomatic By Greg Egan
• Exhalation by Ted Chiang
• Broken Stars by Ted Liu

type test_record = {
  field1 : int;
  field2 : string;
  field3 : int option;
  field4 : string list;
}

Now we want to update an instance of this to set field1 to a new value. Here is the quick way to update a single field.

let update_one_thing (r : test_record) =
  let field1 = do_something_here r.field1 in
  { r with field1 }

I find this much easier to read and write than the other method. I don’t know why I don’t see this in more code so hopefully more people start to use it.

NOTE: This post was originally on a different blog but has been consolidated to this blog.

First off, let’s discuss why this list exists. It exists because in late 2016 I started keeping a detailed list of books that I wanted to read. This was one of the smartest things I have done in my life,because it greatly reduced the friction of picking up a book. I’ve always loved to read but would often finish a book and then not start another for weeks. This list enabled me to just keep reading without having to take a break to figure out a new book. It also greatly improved the quality of my reading, I was able to stockpile the best books when I found them and not have to worry about remebering the title months later. Now here is the list.

• Lords of Finance
• What Does It All Mean? by Thomas Nagel
• Justice by Michael Sandel
• The Life You Can Save by Peter Singer
• Outliers: The Story of Success
• When to Rob a Bank: …And 131 More Warped Suggestions and Well-Intended Rants
• The Devil in the White City
• Poorly Made in China
• The Checklist Manifesto: How to Get Things Right (3/18/17)
• Stiff: The Curious Lives of Human Cadavers by Mary Roach (3/25/17)
• The Attention Merchants: The Epic Scramble to Get Inside Our Heads
• Site Reliability Engineering by Google
• Grunt: The Curious Science of Humans at War by Mary Roach
• A History of the World in 6 Glasses
• The Idea Factory: Bell Labs and the Great Age of American Innovation
• The Victorian Internet by Tom Standage
• The Dictator’s Handbook (7/4/17)
• Ethics in the Real World by Peter Singer (7/7/14)
• At the Existentialist Café by Sarah Bakewell (8/5/17)
• Ego is enemy by Ryan Holiday (8/5/17)
• Genius At Play: The Curious Mind of John Horton Conway
• COD: A Biography of the Fish that Changed the World
• Days of Rage
• The Emperor of All Maladies: A Biography of Cancer
• The Complacent Class
• The Phoenix Project
• Hillbilly Elegy: A Memoir of a Family and Culture in Crisis
• Strangers in Their Own Land: Anger and Mourning on the American Right
• What’s the Matter with Kansas?: How Conservatives Won the Heart of America
• Evicted: Poverty and Profit in the Amer ican City
• $2.00 a Day: Living on Almost Nothing in America
• Secrets: A Memoir of Vietnam and the Pentagon Papers
• Narconomics by Tom Wainwright
• Zen and the art of motorcycle maintenance
• Superforecasting: The Art and Science of Prediction
• The Master Switch: The Rise and Fall of Information Empires

It totals up to 36 books read in 2017. This is disappointing because my goal for 2017 was a book a week. My goal for 2018 hasn’t changed and I’ve already knocked 2 books out of the way. My favorite title in this list is Lords of Finance which is a fascinating take on central banking. A close second was The Idea Factory which is a great history of Bell Labs. I think the one that I was most disappointed by was Zen and the Art of Motorcycle Maintenance which was almost unreadable. I think there are some valuable lessons in that book but at points it was a real slog to get though it.

Here is to a 2018 full of reading.

NOTE: This post was originally on a different blog but has been consolidated to this blog.

This past weekend, my friends and I won HackIllinois by hacking a car to work as a Mario Kart 64 controller. For the impatient, you can go watch a video of that right below.

We arrived at HackIllinois with a plan for the weekend entirely consisting of “hack cars.” To enable this, we brought with us an ODB2 cable, along with a Raspberry Pi with a PiCAN2 attached to read the car’s CAN bus data. Since 2005, all new cars must have an ODB port somewhere, usually under the steering wheel, which transmits a legally mandated minimal amount of information about what’s going on with the car, along with whatever else the manufacturer feels would be useful. It was relatively simple to use can-utils to simply view that diagnostic data as a hex dump, and via trial and error, we were even able to discern which parts of the hex corresponded to a few events with the car (windshield wipers, headlights, brakes, etc.) As a quick point of reference, below is a screenshot of the CAN bus dumps for a 2011 Crown Victoria (owned by our teammate Dan).

The main two tools we used were cansniffer and candump. Cansniffer enabled us to get a live view of the data while removing duplicate lines and stale data. Cansniffer helps humans read CAN bus traffic and look at relevent traffic. The above two screenshots are using cansniffer. Candump, when paired with filters, allowed us to get the relevent data in a machine friendly format that can be processed easily.

We actually took some time to decide on what to build. Some of our initial plans included tag, but with cars (the actual tagging mechanism would probably have been proximity, but we were open to ideas), some kind of machine learning, and pretty LED readouts, but over lunch Saturday, one of our team members jokingly suggested Mario Kart, but controlled by an actual car, and after a minute of laughter and a minute of concerned thought, it was generally realized that that was in fact a viable idea, and even kind of a cool one. The CR-V had slightly more available data, and as a result, we elected to use that as the controller itself.

The main flow of the data goes from the car though the CAN bus to the raspberry pi. This data is then sent over UDP using nc to the laptop that is hosting the emulator. On board the laptop, a python script processes the raw CAN data into useful information. This script is open source on github. This information is then used to emulate the keyboard which is used to control the emulator.

While there are actually slightly more than five controls on the real Nintendo 64 controller, we decided that most of those were probably unnecessary, although it should be less than challenging to modify our code to use those. This left us with the seemingly simple problem of translating that data into fake keypresses, at which point we’d simply have to edit the emulator control settings, and we’d be off.

Of course, like anything “seemingly simple” done at a hackathon, it was in reality anything but. Identifying the portions of the CAN bus data corresponding to our input was actually remarkably quick, but turning that into actual keypresses required some clever hacking.

The most stright forward thing to translate from physical controls to keypresses were the brakes and windshield wipers. It was a simple matter of finding a binary setting and looking for changes in it. The accelerator was also fairly stright forward but we had to find the data that corresponded to engine RPM rather than speed the car was moving at. The first odd one was the light’s control, which was supposed to activate the jump in Mario Kart. We found the value and hooked it up during the night time, however between that and when we went to test it next morning the value had changed. This prompted minor panic until we found the new values. We suspect that the value may change based on if the car believes the lights should be on, but we haven’t tested to confirm that yet.

The hardest control to change from the phyiscal car to the emulator was the steering wheel. The emulator only supported two button presses, one to go right and the other to go left. When the steering wheel however reported how far way from center it was. The first attempt was say if the wheel was left, the button for left would be held down and the same for the right side. This caused significant problems for the person driving becasue they would turn the wheel further but the charcter wouldn’t turn any faster.

We ended up solving the problem by not continously pushing the button down when turning. The further the wheel is turned to the left or right, the greater amount of time the button stays down and the further the car turns. This results in a very intuitive experience for the driver that results in control similar to driving an actual car.

Overall we had a lot of fun building this hack and more fun playing with it afterwards. Thanks for all the people who we met during the weekend who stopped by to check out the strange car in the parking lot. Thanks to the hackIllinois team who threw an excellent hackathon and we hope to see you next year. Now for an image of the laptop when it’s running.

NOTE: This post was originally on a different blog but has been consolidated to this blog.

Hackup is an 8 hour hackathon in Uppsala, Sweden that I participated in. I walked in with no team but soon decided to join up with an existing team that was debating using natural language processing. The main concept that we decided to build was a simple one page that would take a twitter handle and show the percentage of tweets that were positive or negative. The language of choice was Node.js.

Our first attempt at this was using manual training where we took the tweet corpus of Sentiment140 and build a training set for the IBM Watson natural language module. This turned out to have some downsides. One downside is the long training time. A test batch with 500 examples took over 20 minutes to train, in an 8 hour hackathon this was a significant amount of time. There is a limit of 10,000 examples for the training set as well. The final problem was that the accuracy was poor and tweets seemed randomly classified between positive or negative. We decided to use the IBM Alchemy API for sentiment analysis which had no training time and was fairly accurate.

One of the other difficulties was getting environmental variables to be set properly in IBM Watson. The main problem what that every time we deployed using git, the environmental variables would be reset to blank. As this was the method we were storing API keys for Twitter and Watson, this caused several problems. We didn’t find a solution for this, just fixed the environmental variables every time we deployed.

We did manage to finish building it and deployed it with almost two hours to spare. The code is up on github. A picture of the website is below.

NOTE: This post was originally on a different blog but has been consolidated to this blog.

The challenge stated with us replying to a classified ad. The reply email told us to come to the desk. After one of our team members went up to the CTF desk, they came back with metallic looking thing inside a baggy. It turned out to be the inside of a floppy disk that had been taken apart.

At this point, it was rather late at night and we had to scramble to a computer store in the pouring rain to attempt to buy a floppy, and a USB floppy reader. We were lucky that there was still one on a low shelf in the back of the store. Apparently people don’t buy many floppies. After this we broke open one of the blank floppies we had gotten and replaced the inside with the one provided by the CTF organizers.

We inserted it and tried to read it using USB reader, but we kept getting IO errors. We tried to read it three different times and ended up with rather large differences between the files every time. Even still, we were able to observe some things about the file. It had several valid file headers scattered though out but we were unable to use tools to retrieve any of them. The checksums for the sectors seemed to match, but we were unable to mount it. We bashed our head into the wall for a bit bit until we got a hint on twitter.

Once we opened it and just looked at the file, it became obvious what had happened. The image had been split in to pieces and the order had changed. It was split into 6 pieces (Thotcon 0x6?). It was at this point that the CTF organizers emailed us the original image used to make the disks due to the corruption in reading. We split it back up and methodically tried every combo, and got it to a state where files could be read after only a couple of attempts. We recovered a zip file off the disk and opened it, the image inside turned out to be corrupted. We had a moment of despair until we noticed that the image included QR code and that enough had been preserved to work due to error correction. This QR code turned out to be the flag and was instrumental in winning the CTF.