Like Tina Fey's "Bossypants" and Amy Poehler's "Yes Please", I feel really inspired by her success and seriously, I'm totally going to watch The Mindy Project soon!
Like Tina Fey's "Bossypants" and Amy Poehler's "Yes Please", I feel really inspired by her success and seriously, I'm totally going to watch The Mindy Project soon!
Second of the Spatterjay (sub-)series in Asher's Polity universe. Takes place about ten years after the end of the previous book. We do, again, follow several different viewpoint characters, on all sorts of moral sides of any situation that may happen in the book. Some are returning characters, some are new.
I'd definitely recommend starting with the first book in the series, but all in all an eminently readable book.
However, I cleave to my belief that Colin Is Best, and I would like to present to you two very different little bits of evidence that have been added to my Colin Is Awesome pile:
- My friend Andrew has been doing reviews and analysis of Colin's first season on the show, and in this piece he explains, in quite some detail, why one of the worst Who stories ever showcases exactly how brilliant Colin is in the role.
- Colin's incredibly robust reactions to the casting of Jodie Whittaker, even to the extent of retooling his own iconic regeneration line and becoming mildly impolite to a fellow former Doctor, has been a joy for me to behold. Colin has always been a Who fanboy, as well as a Doctor, and this response from him was just magnificent.
* for various demographic reasons, the cohort for whom Colin is Our Doctor is smaller than that for almost any other Doctor. If you want more on the maths of this, Andrew goes into it here.
Now we have to sort out her teeth...
Daughter has been really excellent recently, alternately cajoling me into doing self care ("come on mummy, lets go to the gym, it's good for both of us" "Lets take the doggies for a walk, clear our heads") and baking cakes for me to eat. She's getting REALLY good at baking.
Pretty much everything else is still stressful or infuriating or depressing, but I'm not dead. And tomorrow we go to That London for a couple of days to see the wimmins krikkit world cup final, so hopefully running away for a bit will help.
[Image of a Cassini spacecraft model inside a black gimbal structure comprised of three concentric rings, mounted on a plexiglass stand and sitting on the corner of a desk.]
Now that I'm back at work, I present another of my Rare Objects from Space History for #tbt. This is a model of the Cassini spacecraft, mounted in the centre of what I can only think to describe as a gimbal. The high gain antenna is pointed toward the bottom of the photo. The model was distributed to instrument teams to aid them with pointing design. It can be rotated around three axes within the gimbal. Each circle of rotation is marked in degrees, so that from a set of numbers indicating its orientation (eg "RA & dec"), an instrument engineer can work out which way the spacecraft is pointing.
I have no idea when it was originally given to our team but it predates me joining the Cassini project (ca 2006).
Enter the menfolk: Jeff, a drippy romantic who yearns for a woman to protect and idealise, the kind who'd probably burst into tears if the lady of his affection let rip a stank pizza-and-beer fart; Terry, an oily lothario convinced against all evidence that he can vanquish the hotties for his own personal harem; Van, the level-headed sociologist narrator increasingly filled with doubt and guilt as he is educated in the ways of Herland (their term).
The penny drops for Jeff and Van - "We were now well used to seeing women not as females, but as people; people of all sorts, doing every kind of work", but gross Terry playacts his education and manages to ruin it for everyone. What a tool.
Being "of its time", Herland is chock full of gender essentialism and tiresome references to savages (naturally the ladies of Herland are all white). Everything else is very sign me up - big up the vegetarian diet and garments of many pockets! I enjoyed this short book, though it did feel like it ended somewhat abruptly where a "ten years later" style epilogue could have answered some unfinished questions.
- Test rode an Onderwater tandem, which has the child stoker seat at front - Matthew loved it
- Second parents evening for Matthew's school, nice to see teachers again and get more idea of school plans
- Rainbow Sponsored Trike Ride - I ended up riding Matthew's bike as a balance bike since he didn't want to join in
- Blood tests: my calcium, parathyroid hormone and vitamin D levels are all normal, but keep taking the vitamin D for now
- We did HBA1C as well, which is average blood sugar levels, also fine - I'm at slight risk due to Type 2 diabetes in family and current weight)
- Picnic lunch and playdate with Kirsten/Andre/Judith/Colin and Lammas Land - lots of fun
- Shelford Feast - Matthew enjoyed all the stalls and mini steam train and bouncy castles, I helped out on the Rainbow stall
- Eye Test for Matthew this morning: doing great, patching is helping his eyes work well together, ordered new lenses for his current glasses, next appointment in October half term
- Work appointed one interim head, who only stayed 2 days, and are now appointing again
- The "implementation" phase of Organisational Change is officially complete and we all now in theory have new jobs - but almost no management so not much actual change at the moment
- Total resignations now at 4 (Patrick, James, Stephen, Andrew) with possibility of more to come
Plus assorted bike rides, visits to the park, dyeing hair purple again and so on - and lots of lego :)
Coming up in the near future:
- Collect Matthew's school uniform (I see the school's admin at Pre-School and she's kindly said she'll bring it along for me)
- Early start tomorrow for Rainbow Leavers Trip to Wandlebury
- Rainbow end of term staff party tomorrow evening: as part of the committee I'm involved in helping host it
- Rainbow leaving party on Friday morning - last day of pre-school!
- A week in the lake district starting on Saturday
- Test riding a Circe Helios tandem when we get back
- Folk Festival on Sunday 30th - possibly with Matthew, possibly without
- New Interim Head of IT Group starts (phased in) on 1st August (Hi Julian)
- A week in Devon with family from 4th August - staying at Wortham Manor
In between the two weeks away Matthew will have a week at Hania's - and then when we get back he's got three weeks of holiday club before granny and grandad come to visit the first week in September, and then school starts on the 11th.
I think I know why I'm exhausted :)
I seem to have got involved in organising Queer Code London. We have a breakfast meet in Central London on
Tuesday 1 August Tuesday 8 August, 7:30am-9am, and I’d love to see as many people there as possible.
The breakfast is free and includes vegetarian options, and the building is step-free accessible. You’ll need to join the Meetup group to see the location, but it's in Central London within a couple of minutes’ walk of a zone 1 station. Spaces are limited, so sign up ASAP.
No allies, please – this event is for queer coders only — but please pass this on as widely as you like.
One important thing to note here is that the TPM doesn't actually have any ability to directly interfere with the boot process. If you try to boot modified code on a system, the TPM will contain different measurements but boot will still succeed. What the TPM can do is refuse to hand over secrets unless the measurements are correct. This allows for configurations where your disk encryption key can be stored in the TPM and then handed over automatically if the measurements are unaltered. If anybody interferes with your boot process then the measurements will be different, the TPM will refuse to hand over the key, your disk will remain encrypted and whoever's trying to compromise your machine will be sad.
The problem here is that a lot of things can affect the measurements. Upgrading your bootloader or kernel will do so. At that point if you reboot your disk fails to unlock and you become unhappy. To get around this your update system needs to notice that a new component is about to be installed, generate the new expected hashes and re-seal the secret to the TPM using the new hashes. If there are several different points in the update where this can happen, this can quite easily go wrong. And if it goes wrong, you're back to being unhappy.
Is there a way to improve this? Surprisingly, the answer is "yes" and the people to thank are Microsoft. Appendix A of a basically entirely unrelated spec defines a mechanism for storing the UEFI Secure Boot policy and used keys in PCR 7 of the TPM. The idea here is that you trust your OS vendor (since otherwise they could just backdoor your system anyway), so anything signed by your OS vendor is acceptable. If someone tries to boot something signed by a different vendor then PCR 7 will be different. If someone disables secure boot, PCR 7 will be different. If you upgrade your bootloader or kernel, PCR 7 will be the same. This simplifies things significantly.
I've put together a (not well-tested) patchset for Shim that adds support for including Shim's measurements in PCR 7. In conjunction with appropriate firmware, it should then be straightforward to seal secrets to PCR 7 and not worry about things breaking over system updates. This makes tying things like disk encryption keys to the TPM much more reasonable.
However, there's still one pretty major problem, which is that the initramfs (ie, the component responsible for setting up the disk encryption in the first place) isn't signed and isn't included in PCR 7. An attacker can simply modify it to stash any TPM-backed secrets or mount the encrypted filesystem and then drop to a root prompt. This, uh, reduces the utility of the entire exercise.
The simplest solution to this that I've come up with depends on how Linux implements initramfs files. In its simplest form, an initramfs is just a cpio archive. In its slightly more complicated form, it's a compressed cpio archive. And in its peak form of evolution, it's a series of compressed cpio archives concatenated together. As the kernel reads each one in turn, it extracts it over the previous ones. That means that any files in the final archive will overwrite files of the same name in previous archives.
My proposal is to generate a small initramfs whose sole job is to get secrets from the TPM and stash them in the kernel keyring, and then measure an additional value into PCR 7 in order to ensure that the secrets can't be obtained again. Later disk encryption setup will then be able to set up dm-crypt using the secret already stored within the kernel. This small initramfs will be built into the signed kernel image, and the bootloader will be responsible for appending it to the end of any user-provided initramfs. This means that the TPM will only grant access to the secrets while trustworthy code is running - once the secret is in the kernel it will only be available for in-kernel use, and once PCR 7 has been modified the TPM won't give it to anyone else. A similar approach for some kernel command-line arguments (the kernel, module-init-tools and systemd all interpret the kernel command line left-to-right, with later arguments overriding earlier ones) would make it possible to ensure that certain kernel configuration options (such as the iommu) weren't overridable by an attacker.
There's obviously a few things that have to be done here (standardise how to embed such an initramfs in the kernel image, ensure that luks knows how to use the kernel keyring, teach all relevant bootloaders how to handle these images), but overall this should make it practical to use PCR 7 as a mechanism for supporting TPM-backed disk encryption secrets on Linux without introducing a hug support burden in the process.
 The patchset I've posted to add measured boot support to Grub use PCRs 8 and 9 to measure various components during the boot process, but other bootloaders may have different policies.
 This is because most Linux systems generate the initramfs locally rather than shipping it pre-built. It may also get rebuilt on various userspace updates, even if the kernel hasn't changed. Including it in PCR 7 would entirely break the fragility guarantees and defeat the point of all of this.
This week's featured article is for Le Raj in Epsom, a fancy joint that's earned a spot in the Good Curry Guide. The takeaway prices are a bit lower but you'll have to come and get it yourself, as they don't deliver.
New to RGL but certainly not new to me is the Soldier's Return, the third best pub in Ickenham. It's changed a little since I was drinking cheap lager there in the '90s - the tie's changed from Courage to Greene King, and they've apparently got rid of the (really quite manky) carpet. Also new is Karachi Cuisine in Norbury, a child-friendly Pakistani restaurant that does an interesting-sounding traditional breakfast on weekends. Try the chickpeas!
Finally, the Michelin-starred Dabbous in Fitzrovia has shut. Apparently the team will be opening a new (hopefully less noisy) restaurant next year.
My sister has always had really horribly terrible hay-fever, and childhood eczema, and dust allergies.
When my mother was pregnant with me, her hay-fever came back.
I've never had hay-fever, or indeed any allergy in my life.
We've always put the whole thing down to some sort of pregnancy / immune system weirdness. However....
I've been sneezing for the last four or five days, and feel otherwise fine. Bah! I guess it's caught up with me at last.
This is the, what, ninth? eighth? book in Stross's The Laundry Files and the wheels on the hand-basket are truly on their way out, along a radial trajectory.
This book sees the return of many faces from previous books, as we slowly see things unwind around Bob. I am trying real hard to not let anything slip here, you see, as I feel that approaching the book spoiler-free is the most, ah, enjoyable? way of reading it. Surprising at least.
Anyway, Laundry Files, if you've read some of them before, you know what to expect. If you haven't, might I humbly suggest that this is perhaps not the best starting point (although it may well work as an intro novel). We do a fair bit of POV shifting in this book, even if it's primarily a "Bob" book (we also follow Mo, Mhari and Cassie, as well as the occasional follow-the-baddies).
All in all, a gripping read. I shall blame technology (and not being completely done with the previous book in time for the release) for taking this abysmally long to finish off something that was released a whole 4 days ago.
I don't think I've read any of the fiction other than one novel that I bounced off. I've seen one of BDP:LF, and half of BDP-SF but couldn't tell you which episode was which. While I do think that Chuck Tingle deserves some Fan Writer kudos I'm not sure I want to rank him top in the category....
Oops. Am obviously a Bad Fan!
I imagine this is a manifestation of the downfall of LJ, but:
worth checking yourself (www.livejournal.com/manage/logins.bml ) if you ain't already deleted your account?
let me know, please, if I suddenly go spammy anywhere else...
This was not the book I was expecting (in a good way!) - the second half kept me gripped with its anxious, urgent, page-turning tension. If you're looking for a hefty period novel, meticulously researched but never too do-you-see?-y, this is a great book to get lost in.
This is the first book in the Sptterjay series, set in Asher's Polity world.
Time-wie, the Spatterjay books fall well after the rest of the series (bar, possibly, Transformation), but as the first two books takes place entirely (or almost entirely) on the planet of Spatterjay (see how the planet meshes with the name of the series...), it's not massively important exactly how it lines up timewise.
We follow a couple of different viewpoint characters. Ehrlin is a Hooper (that is, someone who's been infected by the leech virus, present in most (if not all) lifeforms on Spatterjay), who's been away from Spatterjay for a while, having adventures. Janer is employed by a sentient hornet hive, that he (some decades ago) spent two years indentured to, for killing one of its bodies at a football match. Sable Keech is a reif (basically a cyber-enhanced walking corpse), and ECS monitor. Sniper, a war drone. And Windcatcher, which I shall say nothing about. And a few more, who get walk-on POV roles.
Fundamentally, this is a story about loss and revenge. And how these things change, as time passes. I guess there's some talk about life and what immortality may mean for the human condition.
Again, this is a Polity book so it's kinda grimdark, in places.
This had the added advantage of providing Jo with a bijou snackette (once she figured out how to unwrap it) and, I very much hope, stopping expectant-mama-pigeon from waking me up at 4:30 every morning from now on.