So yes, I'm slightly biased here because the game is made by someone I know, and is set in a fictionalised version of a town two train stops away, and my daughter voices one of the characters (look out for small child of indeterminate gender Little Bilge)... but this is the most fun I've had playing a game in ages. It doesn't try to screw you for more money, it doesn't make you do stupid repetitive daily tasks, it doesn't rely on ninja reaction times. It's happy to just make you laugh and warm your heart. In times like we are going through now, that's more valuable than diamonds.
Honestly, guys, you know I wouldn't bullshit you about anything involving money, I'm from Yorkshire.
Go buy Yorkshire Gubbins. You won't regret it.
What I read
Ingested two David Wishart Corvinus mysteries, Trade Secrets (2016) and Foreign Bodies (2016) - Severn House having finally decided, it seems, to come down at some point to a price for their ebooks that is more or less comparable with mass market paperbacks rather than hardcover. These were pretty much the mixture as usual - combination of what seems to me pretty solid knowledge of what Rome and its Empire was like at the period, with upper-crust Roman sleuth cracking wise and somewhat anachronistic as the bodies pile up. There is probably a rule with extended series like this that if you haven't given up somewhere along the line, you will as a matter of habit pick up succeeding episodes as they come along.
Tremontaine Series 3, Episode 1. Interested to see where this is going to go.
Discovered by entire chance that there is an ebook of short stories about Rosemary Edghill's Bast, Failure of Moonlight: The Collected Bast Shorter Works (2012), which I had not known about and gulped down. This led me to a binge re-read of the 3 Bast mysteries - set in the world of contemporary Wicca/Paganism of the 1990s - :Speak Daggers to Her (1995), Book of Moons (1995) and The Bowl of Night (1996). I thought these held up pretty well, though possibly more for their evocation of a particular time, place and subculture, and Bast's own moral ambivalence, than for the mystery plots. In an essay appended to the shorter works she wonders if these will be what she is remembered for, eventually: she's written quite a lot in various genres under various names. I see that when I reread the space-opera trilogy Butterfly and Hellflower, written as eluki bes shahar, I felt it had rather lost its shiny. There were also, I think, some rather generic fantasy works and collaborations with Mercedes Lackey which have pretty much faded from memory, and I'm not sure I ever read any of her romances.
On the go
Only Sexual Forensics which got a bit back-burnered lately.
The next episode of Tremontaine Season 3. Maybe Ruthanne Emrys, Winter Tide, which I have heard good things about, and is at present very briefly a giveaway from Tor. Also, have received some more v srs books from An Academic Publisher for reviewing a proposal (when offered this, I specifically look for books which are hideously expensive destined for university library editions that I would not buy for myself).
In August, four US Senators introduced a bill designed to improve Internet of Things (IoT) security. The IoT Cybersecurity Improvement Act of 2017 is a modest piece of legislation. It doesn't regulate the IoT market. It doesn't single out any industries for particular attention, or force any companies to do anything. It doesn't even modify the liability laws for embedded software. Companies can continue to sell IoT devices with whatever lousy security they want.
What the bill does do is leverage the government's buying power to nudge the market: any IoT product that the government buys must meet minimum security standards. It requires vendors to ensure that devices can not only be patched, but are patched in an authenticated and timely manner; don't have unchangeable default passwords; and are free from known vulnerabilities. It's about as low a security bar as you can set, and that it will considerably improve security speaks volumes about the current state of IoT security. (Full disclosure: I helped draft some of the bill's security requirements.)
The bill would also modify the Computer Fraud and Abuse and the Digital Millennium Copyright Acts to allow security researchers to study the security of IoT devices purchased by the government. It's a far narrower exemption than our industry needs. But it's a good first step, which is probably the best thing you can say about this legislation.
However, it's unlikely this first step will even be taken. I am writing this column in August, and have no doubt that the bill will have gone nowhere by the time you read it in October or later. If hearings are held, they won't matter. The bill won't have been voted on by any committee, and it won't be on any legislative calendar. The odds of this bill becoming law are zero. And that's not just because of current politics -- I'd be equally pessimistic under the Obama administration.
But the situation is critical. The Internet is dangerous -- and the IoT gives it not just eyes and ears, but also hands and feet. Security vulnerabilities, exploits, and attacks that once affected only bits and bytes now affect flesh and blood.
Markets, as we've repeatedly learned over the past century, are terrible mechanisms for improving the safety of products and services. It was true for automobile, food, restaurant, airplane, fire, and financial-instrument safety. The reasons are complicated, but basically, sellers don't compete on safety features because buyers can't efficiently differentiate products based on safety considerations. The race-to-the-bottom mechanism that markets use to minimize prices also minimizes quality. Without government intervention, the IoT remains dangerously insecure.
The US government has no appetite for intervention, so we won't see serious safety and security regulations, a new federal agency, or better liability laws. We might have a better chance in the EU. Depending on how the General Data Protection Regulation on data privacy pans out, the EU might pass a similar security law in 5 years. No other country has a large enough market share to make a difference.
Sometimes we can opt out of the IoT, but that option is becoming increasingly rare. Last year, I tried and failed to purchase a new car without an Internet connection. In a few years, it's going to be nearly impossible to not be multiply connected to the IoT. And our biggest IoT security risks will stem not from devices we have a market relationship with, but from everyone else's cars, cameras, routers, drones, and so on.
We can try to shop our ideals and demand more security, but companies don't compete on IoT safety -- and we security experts aren't a large enough market force to make a difference.
We need a Plan B, although I'm not sure what that is. Comment if you have any ideas.
This essay previously appeared in the September/October issue of IEEE Security & Privacy.
A breath for Wednesday.
I got my scholarship report form done, and some composing, and wound down the thing I was going to wind down, and poked at the Cecilia's List database and website some more, and did a bunch of planning.
There is not enough sleep in the entire world. I could say this is partly due to a nutrtional change, or the weather, or the diminishing daylight, and that would all be true, but it's mostly due to the really obvious: staying up way too late, even though I know I don't sleep well in the mornings. Some of this was warranted, some of it was... not wrong timing, exactly, but after a run of late nights it feels odd and tricky to get back onto earlier ones again. Things feel really hard when I don't give the perishing meatsack enough sleep. A breath for snoring.
There is a Social Situation that is so concerning, I'm considering writing to Captain Awkward about it. I'm not going to go into the details here, but it involves in-person interactions and keepng myself and a friend safe. A breath for trusting my instincts. A breath for asking for help.
I am getting different messages from different places about my PhD requirements, and it is freaking me out. I suspect either I've been automagically added to the wrong mailing list, or there are some new requirements for PhD students as a result of a faculty merger thing which are not really on the radar yet for my supervisors; in any case, it's basically a case of Schrödinger's Research Paper, ie I don't know whether I have to write and present one. A breath for it's just one paper, not an entire PhD. A breath for calm down and find out which information is correct.
Frustrating paypal-related admin is frustrating, and blocking my access to (already paid-out) income from Patreon. The timing of this -- while my spouse is changing jobs and we have a gap in our income -- is... unfortunate. A breath for slow bureaucracy taking as long as it takes.
I didn't meet any of the composing competition deadlines this past weekend.
I caught the staying up too late and have made some progress toward shifting it, though the test wll be this evening when I have a rehearsal until 21.30 and don't get home until at least 22.30. A breath for feeling a bit better already.
I am trying a much-simplified morning routine: 7am wake/wash/dress, 8am breakfast, 9am walk/cycle/movement, 10am work until lunch (with wifi off, no less). That's... a long time for each of those things. But it also recognises that realistically, after I shower I hate getting dressed immediately and prefer to sit around in a towel and dressing gown until I'm quite a bit more dry and it isn't always appropriate for me to do that while eating breakfast. It recognises that on a bad jointcrap day, everything takes longer and I may need to either walk slowly, or abort the walk and do physio instead. It recognises that having exactly 17 minutes to eat my breakfast doesn't play well with my anxiety about getting things done. It recognises that afternoons are wiggly and appointment-ful. So far, this feels kinder than some of my previous routine attempts. We'll see. A breath for experimentation. A breath for noticing what I need and what I don't need.
I have e-mailed one of my supervisors to ask for clarification re: Schrödinger's Research Paper. A breath for seeking clarity. At the moment I'm not yet in trouble over this: a gold star for not letting it get that bad. Worst-case scenario looks like: I have to Do the Thing and Nobody Knew. So, I submit a topic by 1st November, make an extra trip to Aberdeen mid-December to present. This is not actually terrible in terms of how it interacts with my other deadlines and financial stuffs. A breath for perspective.
Someone made a donation to help get Cecilia's List up and running, which means that once the frustrating paypal-related admin stops being frustrating, there is money to spend on a proper domain name, and some adverts in things like Choir and Organ magazine. A breath for encouragement.
My maybe-bricked smartphone isn't. Another customer on the support forums gave me useful information about the magic button presses to get to recovery mode, wipe the data, and start over. Would that the actual tech support people had done so a week and a half ago; but a breath for all timing is right timing. I spent some time yesterday getting it set up again with my various preferred apps and aids, and will in due course give the borrowed Nokia 3310 back to the friend I borrowed it from. A breath for technology. A breath for easier connectivity on my own terms. A breath for not exacerbating jointcrap by pressing buttons to type.
I have realised it may be possible for me to get cheap-ish "spare" spectacles from one of the online places, and that extended-wear contact lenses are a thing, and a rather better one than they were last time I tried contact lenses around fifteen years ago. Given my current specs are held together with superglue and it's been over three years since my last eye test, it's time to do somethng about this, but I had been putting it off because of the expense, and then worrying my glasses might break. But now I can visit the optician, get my prescription, and order glasses online -- relatively cheaply -- and if my glasses break I will not be as badly off as I had feared. And if it looks like contacts are a thing, then I may only ever need the "spare" glasses. All this depends on my prescription (which may be too strong for the online glasses ordering, let alone the fancy shmancy contact lenses), but it no longer feels overwhelming and terrible. A breath for relief.
Composing! Phd-related: St Lawrence's Tears. Chapel choir commission. Some competitions for end of October: three I'd really like to enter, a further two I could enter. Of the first three, one is a Canadians-only one that I've done some of the groundwork for (for another competition, not entered); one is a set-text hymn tune (I can crank these out fairly reliably); one is Canadians-only and fairly prestgious, but also postal entry which can pose some practical challenges. Of the "could enter", one is a set-text carol which could be done hymn-style, and one is a carol which would be ideal for "Like Silver Lamps". There are things already-written I coudl put on Patreon, and I might opt for that this time, simply because I have so much other composing to do. None of these have to be done this week, but this week will be important in laying groundwork to get them done.
Cecilia's List: keep working on the database. E-mail some more composers to ask for catalogues of their sacred works (yes, eventually I'll just get them to fill out a form and it will be automagical, but for now it's all hand-picked). Write a press release, or pay someone to write one for me. Keep poking at the website.
Maintenance: book an appointment with the optician, and another with the dentist. Attempt some kind of catch up on filing and tidying.
Basically? Keep going with the daly routine I have now. Tomorrow I'm meeting someone mid-day-ish, so my walk gets replaced by a commute, but then there is somewhere quiet I can work. From Saturday to Wednesday, I'm away in Salisbury with ULCC. We're singing the services Monday-Wednesday. I'm intending to use the time as a sort of composing retreat, hiding away in my room (or a quiet corner of the cathedral) as much as possible in the morning and early afternoon, and doing more social stuff in the evenings. This will take a bit of negotiation with people who may have assumed I'll be treating it as more of a holiday, but I have a PLN on how to handle that.
I need to make sure I get enough laundry done to get me through, before I pack.
How are you?
What have you done? What are your quests? What is your favourite food? What is hard in your life? What is good? What is your PLN (or plan)?