A POSITIVE MENTAL ATTITUDE: THE THREE BODY PROBLEM AND PROJECT HAIL MARY
i decided recently after years of avoiding it to try and tackle the three body problem. the book goes hard in the ‘hard science fiction’ in that it is literal fiction about science. almost all the characters are scientists and there is a lot of astrophysics and computer science and some material and quantum physics too. it is interesting and engaging but is definitely a slow burn. without giving too much of it away, “the thing” you are waiting on happening the whole book only finally happens in the last few pages leaving a cliffhanger ending that forced me directly into the second in the series the dark forest.
the dark forest is centered around a titular piece of ’extraterrestrial sociology’ maintained by one of its protagonists that presupposes that the universe is a dark forest in which all life is stealthy, cannibalistic jungle cats that because of “the chain of suspicion” have to remain completely silent while they murder and devour each other lest they give away their position to the next cannibalistic cat and end up devoured themselves.
in some ways the books are about resilience, and the people in them are constantly overcoming nihilism and despair in the face of seemingly hopeless odds, but still, almost everyone (human and non) in the book is selfish and self interested, and distrustful almost to the point of pathology. it is hardly a view of the cosmos that i would call “sublime” regardless of the plug on the cover.
the dark forest similarly ends with a cliffhanger and so i jumped directly into the third book death’s end but i only got 200 pages in before deciding it was just making me feel more and more depressed and decided to put it down. i needed a hard sci-fi antidote to this hopelessness and so i turned to andy weir and picked up project hail mary (warning: very minor spoilers below).
project hail mary is about a human scientist and his extraterrestrial deuteragonist “rocky”, who team up in deep space to figure out why their respective home worlds are dying and what to do about it. the plan, to quote the famous line from weir’s first novel the martian, is to “science the shit out of this”, and science the shit out of this they do covering disciplines including astrophysics, chemistry, extra-terrestrial biology, particle physics, and applied mathematics. but best of all it’s hopeful: instead of trying to quietly murder each other in the dark these two aliens lost in space find a fraternal love that is vita-universalis, to turn a phrase, and stay plucky by working together.
having finished project hail mary i find myself looking back on the dark forest metaphor and start to wonder if cixin liu has ever been in a dark forest or jungle. first, animals in dark forests and jungles are not quiet, they make a ton of noise. second any human who has spent enough time in the wilderness knows that there is one thing that you can have that has been statistically proven time and time again to increase your chances of survival. it is the first lesson of every survival class. it is taught to boy scouts and marines, it is taught to russian spies who loved me. your most valuable tool in the dark woods is a positive mental attitude.
unfortunately the dark forest theory in and of itself is a negative mental attitude. combine that with the distrust of all other life inherent in the “chain of suspicion” and you end up taking away the second most powerful factor in surviving in the wilderness: not being alone.
alone in the wilderness without a positive mental attitude: you don’t stand a chance.
maybe that’s part of why project hail mary felt like such a relief after slogging through liu’s cosmic paranoia. the three body universe feels like a narcissistic view of the cosmos. everyone assuming everyone else is out to get them: everyone hiding in the dark. weir offers the opposite: two plucky scientists, human and alien, with a ton of positive mental attitude deciding to “science the shit out of this” together. it’s cheesy and messy and earnest and weird but there is a kind of accidental vita‑universalis born out of necessity and curiosity rather than fear and i enjoyed that a lot more than the empty despair of the void that wants to destroy you.
YOU'VE GOT TO LOSE YOURSELF...
i’ve had a couple of job interviews over the last few weeks with real live human beings, some that have even happened in person, though the last few have been over zoom.
yesterday i had a second technical interview with a company that wanted to run me through some scenarios to see ‘how i think’ and how i work under pressure. in the first scenario they basically threw me into an imagined disaster and it was my job to describe how i would react and how i would gather as much information as i could about what was going on. i felt like i did pretty well: i asked the right questions and even guided my ‘dungeon master’ into creating an even more dire situation as i tried to anticipate potential worst-case scenarios. but as the interview went on i started to struggle.
they had told me that they were going to ’throw me into the deep end’ and not to worry too much if there were questions i couldn’t answer, but as we went on the questions got easier, which made me nervous, and then even easier, but for some reason i was having a harder and harder time with them even when i knew the answers. they asked me about some very basic port numbers and when i failed to tell them what protocols used those ports they asked if i could at least tell them what a port is in computer networking. i have explained what a port is to students countless times.
so when someone asks me what a port is and does i like to explain it like this:
if your computer was a fancy high-end hotel the ports would be like the entrances to the hotel, and just like how fancy hotels have different doors for guests, for employees, and for deliveries, your computer has different specified ports for different kinds of traffic. port 80 is for unencrypted web traffic, port 443 is for secure web traffic, and so on. this keeps everything organized and makes sure that different data is greeted correctly and directed correctly once it gets inside and also makes sure that there aren’t traffic jams when a lot of different data comes in at once.
except this time i didn’t tell that fun little story i have told a million times.
this time i opened my mouth but the words didn’t come out. suddenly my palms were sweaty, my knees were weak, my arms were heavy, you get it, mom’s spaghetti: my mind went blank and i choked.
i couldn’t even get out a word. from there it only got worse. they gave me multiple chances to redeem myself but all i did was look more and more like i didn’t know what i was talking about and like i shouldn’t have even been there, and honestly at that point i don’t even know what i was saying and probably shouldn’t have been.
finally, they cut the interview short saying they had heard enough. they were nice about it, but they didn’t even give me a chance to ask questions.
the worst thing is, i know that explaining technical concepts in simple terms under pressure would have been a huge part of the job that i was applying for. so not only had i failed to show my knowledge in the interview i actually failed the second test of keeping my head and communicating under fire.
i can’t say i didn’t learn anything from the experience, i actually feel like i learned a lot, but what really smarts is that i didn’t just feel like an idiot, that would have been bad enough. no, i felt like i proved to them that i lacked the mettle, that i would crack under pressure: i felt like a wimp. a stupid wimp, and the pain of that feeling definitely lingers…
HESTIA: THE MONIDOOR: THE BIG SLEEP, AND WAKE, CYCLE...
with windows 10 support ending back in october i decided last monday that i needed to bring hestia the monidoor into the present with a new operating system. yusef is a linux mint evangelist and while i have it running on my gaming pc / media server my research seemed to indicate that for the touch screen of the monidoor hestia would be better served by fedora because of its touch screen friendly wayland input and dispay protocol. so i downloaded fedora workstation and used balenaEtcher put it on a thumb drive and live booted it on the thinkpad. i pulled up our calendar on firefox and the on screen keyboard (OSK) worked for making events and tasks, and i pulled up google maps and we had full multitouch with pinch to zoom. it all looked pretty good so i blasted away windows and installed fedora.
so a day went by and i started working on setting up a sleep wake cycle in systemd so the monidoor would be on when i got up in the morning and would sleep at night to save power and not blind the neighbors since it faces a window. i installed ssh on hestia so i could administer it from my office and started digging into the systemd files. systemd is the primary system and services manager in linux and also the daemon that runs those services. back in day, and still on some unix systems, if you wanted to create scheduled tasks you used a daemon called cron which is a time keeper. cron originally came from the greek word (or god) chronos, meaning time, though it has been backronymized as ‘Command Run On Notice’ which i think is fun. cron was used to automate the execution of scheduled or repetitive tasks which were called cronjobs and which were configured through a file called a crontab (short for cron table). in systemd this is done with two files, a .timer file that tells systemd that it is time to do a thing and a .service file that tells it what thing it is time to do, separating the “do a thing” from the “when” and/or “why” for greater granulation. in my case i wanted hestia the monidoor to go to sleep at 10 PM sunday - thrusday but to stay up later on fridays and saturdays in case we are hanging out in the kitchen watching music videos or looking at photos or using wikipedia to put drunken debates to bed. this takes two different .timer files for each schedule, but only one .service file since the end goal is the same for both processes (go to sleep).
the problem is, once hestia is asleep so is systemd, so we need to make sure that it lets hestia know when she needs to wake up before she suspends. luckily computers have a built in alarm clock the RTC or Real-Time Clock that has its own battery so it can keep time even when the power is off. so i vibe-coded up a bash script called smart-suspend.sh that sets the alarm clock and then i told our sleep at service to run that.
here is the part of the script that checked the current time and day and defined the schedule.
and this part that set the alarm and put hestia to sleep.
and this is the sleep-at.service unit file in systemd that triggered the script.
so the wake and sleeping was done. next i wanted to setup remote desktop so i could customize the gnome desktop environment.
i started by downloading VNC, Virtual Network Computing, a program that starts a server for remote access just like ssh but that lets you interact with the full linux GUI, even from a windows machine. unfortunately when i went to try and access it from my office computer it crashed.
meanwhile in the kitchen there were other problems with the monidoor. when i first tested the onscreen keyboard in fedora with the liveboot thumbdrive i did it in firefox. unforntuately i was determined to use the more private ad blocking brave browser on the monidoor but when i clicked on things in brave that asked for input the OSK failed to pop-up. so, i could ssh into hestia no problem, and i could use the native OSK in the terminal on the monidoor, but i couldn’t remote desktop into hestia or use the OSK on brave. it turned out that these were the same problem. apparently the wayland display protocol, though way better in a million ways, doesn’t work well with remote desktop or with brave.
so i tried to force fedora to use an older display protocol, x11, that i know works well with both brave and with remote desktop. the linux desktop environment fedora uses is a GUI called GNOME, so i went into the GNOME configuration files, specifically /etc/gdm3/custom.conf, and set WaylandEnable=false and created a setting option on the fedora login screen to load GNOME Xorg, which runs x11, and then i restarted and got this…
remember the ssh server i set up, it was there, so was systemd, and even crond which runs cron jobs was there, but then when it tried gdm.service, the GNOME Display Manager, it froze. after doing some research i decided that this was a fedora problem and pulled hestia out of the monidoor.
back in my office i plugged hestia into a power supply and blasted away fedora and installed ubuntu. while i was doing this i noticed that the thinkpad was no longer charging and that the light next to the power input was no longer lighting up. one of the advantages of fedora is that it is super update happy, and in one of the many reboots i had performed on hestia testing the sleep and wake cycle, fedora suggested updating the firmware on the thinkpad, so i did, and apparently this broke its ability to charge. i began the process of scouring the internet to try and figure out what had gone wrong, and get a lot of different possible solutions, but the easiest to preform is a reset of the embedded controller by cutting its power in the BIOS by performing an internal battery disconnect. the embedded controller is a very small, low power computer within the computer that separately manages critical hardware like the battery management system, power to the motherboard, input from the physical keyboard, and coincidentally, sleep and wake transitions, and is powered, also coincidentally, in part, by the same CMOS battery as the real time clock. the logic was that if you cut power to the embedded controller you also reset the battery management system. basically its a deep level “turn it off and on again” and goddamn it worked instantly: i restarted the computer, entered the BIOS selected “disable built in battery” and rebooted and it was charging again.
so i had ubuntu running on hestia, and the power worked, and i had backed up all my sleep and wake files so i could easily install them on the new ubuntu sytem, but when i tried to use brave i ran into the same keyboard problems i did on fedora. i did some digging and it turned out ubuntu has moved to the wayland display protocol as well. i didn’t even try to force x11 this time, i blasted ubuntu away…
in my shopping for operating systems i had come across a lot of people in forums talking about tiny11, a barebones debloated version of windows 11. so i found a copy of tiny 11 on the internet archive and used balenaEtcher to make a boot disk on a thumb drive but halfway through the installation process an error popped up “A media driver your computer needs is missing.”
so i went back to scouring the internet for solutions and discovered that belenaEtcher doesn’t write windows installers with the proper media device chipset drivers. i decided to try a different usb imaging utility called rufus which i read worked better with windows, and it does. rufus even has an option that lets you bypass the TPM 2.0 (trusted platform module) requirement for windows 11 installs, letting you install windows 11 on older computers that have the memory and processing power to run it but might not meet the strict security requirements.
so after my second installation attempt i had tiny 11 on hestia and it looked pretty good but again i had problems with the on screen keyboard. it turns out that windows 11 doesn’t let you go into settings and force tablet mode but scans your hardware and only allows tablet mode for specific hardware configurations and the monidoor isn’t one of them. so tiny 11 isn’t going to let us have a popup onscreen keyboard either.
so what did i do. after five days of configuration and the installation of three different operating systems (fedora, ubuntu, and tiny windows 11) i decided my only choice was to go back to windows 10.
at that point i had chased down a copy of windows 10 LTSC 2021 on the internet archive (which is the source for obscure operating system ISO files). windows LTSC or Long-Term Servicing Channel is a fork of windows designed for extreme stability in legacy systems like medical or industrial systems, and for public facing kiosks, which is sort of what monidoor is. it is a very minimalistic version of windows 10 and will receive essential updates and support until 2027 (or 2032 if you get the iot enterprise version). so i set up a boot disk with rufus and installed window 10 LTSC and it worked perfectly. its friday now and we are essentially back where we started on monday with only the minor improvement of continued support, which i guess was the goal, but still, what a long and stupidly winding road to get here.
saturday afternoon i went into my router configuration files and setup a vpn server on my home router so that i could work on the sleep wake cycle on hestia in windows system manager from denver. i then went to the monidoor to set up windows remote desktop protocol. i hadn’t done much configuration after getting windows 10 LTSC going the day before so hestia had gone into standby mode overnight and it asked me for a password. i put in the password i thought i had set and it didn’t work. so i put in a different password and still no luck. there are ways to reset the password but i didn’t have time before my flight. without RDP set up on hestia there is no way to continue my setup remotely and so the monidoor sits at home inert and inaccessible and i am stuck here in denver with only my thoughts about everything i did over the last week and a half and how none of it has worked out as planned.
NEXT.JS AND REACT ON CHOPPING BLOCK
seriously rough time for javascript developers. last week i was writing about the digital sandworm Sha1-Hulud eating its way through the npm ecosystem and now we have a critical RCE vulnerability in React and Next.js where a relatively simple HTTP request can execute code on your server (full disclosure, we have failed, so far, to recreate said payload… so far…).
from what the reports say this morning roughly 40% of cloud environments are suspected to still be running vulnerable versions and exploitation has a near 100% success rate in testing, which is not exactly the sort of reliability you want from your security vulnerabilities but is exactly the sort that script kiddies like us dream about.
uncovered by the suddenly famous lachlan2k the problem is in the React Server Components Flight protocol which allows an attacker to use insecure deserialization to influence server side execution logic. the real kicker is that the vulnerability exists in default configuration, so if you spun up a standard Next.js app with create-next-app and built it for production without changing anything you are already exposed. it’s basically the same flaw in both Next.js and React so if you are running React 19.x or Next.js 14.3.0-canary, 15.x, or 16.x you need to patch immediately. hardened releases are available now, so this is one of those drop everything, check versions, and update kind of situations, because unlike the Sha1-Hulud worm that leaves you a calling card to let you know you have been compromised, this one just quietly walks in through the front door.
SHA1-HULUD: THE SECOND COMING!
more bad news for node.js and javascript developers this week as yet another worm spreads through their package repository, already affecting some very popular npm packages including zapier, postman, ENS domains, posthog, and asyncAPI.
the vulnerability research team at gitlab has uncovered an evolved version of the Shai-Hulud malware calling itself Sha1-Hulud: The Second Coming! it is named, like the first worm that was discovered a few months ago, after shai-hulud the eternal, the giant sandworm from frank hubert’s dune series that is revered by the fremen to be the physical embodiment of the one true god who created the universe.
this new variant of the worm is more destructive, containing a “dead man’s switch” that destroys user data if the malware fails to authenticate or exfiltrate stolen credentials from github and npm, which are the worm’s vectors of propagation.
just as with the first shai-hulud, the attackers aren’t interested in being quiet about the whole thing and will leave you a calling card, adding repositories to your github account with the description “Sha1-Hulud: The Second Coming!” to make sure that everyone knows that they have been there.
SUBSTACK
i was hanging out with my friend adam fangsrud last weekend and he mentioned my return to blogging and said that he was excited to have added me to his rss feed. i dawned on me that when i built foodbark.io i hadn’t even considered rss: it didn’t even have an rss.xlm page. so i spent some time this week reviewing the code and realizing that a lot of things were, and a lot still are, set up poorly. basically i got the site working well enough back in febuary and had switched from code to content and had never looked back. luckily adam’s rss reader is smart enough to have taken my index.xml page and rrs-i-fied it but i should count on that.
simultaneously i was browsing substack and ran into an article by new yorker contributor catherine shannon a brief defense of cliché. the article spoke me as it feels very much like the sort of pedantic in a cute way stuff i aspired to write in my 20s, but the fact that she was a professional writer making money and finding success, in part, through substack kind of blew my mind. so suddenly i had gone from not really thinking about an audience to figuring out how to syndicate my blog across platforms to rss and to substack.
in order to edit the code of the website and not break foodbark.io i had to first do some tweaking of the scripts i had written to migrate my writing and photos from obsidian where they are written in markdown over to the website which runs on hugo. i added a parameter -d for deploy so i could mess with things on a local server before deploying them to github and beyond to hostinger and foodbark.io and then beyond foodbark.io to substack and/or your rss feed. all of which wasn’t really all that complicated but was definitely kind of fun. thanks adam for the inspiration.
GRANITA
a few weeks before going to sicily i had watched one of famous youtube polyglot xiaomanyc’s videos in which he visits with paul rausch, the founder of cademia siciliana, a non-profit that promotes sicilian language advocacy projects and works to keep sicilian alive by bringing it into the technological fold. cademia siciliana is the organization that collaborated with google to bring sicilian to google translate and to google’s gboard, and has helped integrate sicilian into firefox, telegram, and meta. at some point in the video xiaoma mentions that he has noticed that people in sicily don’t really seem to eat breakfast and rausch responds that sicilian doesn’t even have a word for breakfast. apparently the closest thing they have to breakfast is granita.
granita is sort of like italian ice, but depending on where you are in sicily, it ranges in texture from a creamy sorbet to very icy, crunchy snow cone. it was invented during arab rule as sharbat: a mix of fruit blended with snow and rose water. mount etna gets heavy snow fall in the winter and has had ice houses, neviere, since ancient times allowing the wealthy of sicily have always had access to cooling therapeutic slush even during the long hot sicilian summers. when coffee arrived to sicily in the 16th century they combined the coffee with snow and sugar and mixed it in zinc lined, wood insolated bowls packed with ice and salt (like an ice cream machine). in cataina, which has been buried by enta’s lava flows and rebuilt 17 times, they are closer to the source, and the snow was of finer quality and the resulting granita was, and is to this day, very smooth and creamy. in marsala and chefalu, where i ate most of my granita, it is icier, crunchier, less creamy. for ‘breakfast’ it is paired with a warm brioche bun, (very light, very soft, very fluffy) traditionally col tuppo, or ‘with a top-knot’.
as it turns out, granita was much harder to find than i expected. on multiple occasions in sicily we found that things were offered or advertised that no one had any intention of giving us. the cultural attitude towards food and drink service is that you are having it our way or maybe not at all. after a failed morning search for granita in catania hunger over comes us so we stop for a couple of arancina (sic). its noon now and standing at the bar ordering our italian onigiri we decide to order one beer to share with what is now our lunch. we order our two arancina and one beer and the gruff women behind the bar offer in english, ’to-take-away.’ not exactly our plan so i say, ‘we can get it to-go?’ and she says, ‘si, si, of course,’ after some debate erica and i reluctantly agree, ‘sure, we’ll have it to-take-away,’ to which both women reply, ’no, no, you can’t have it take-away,’ and proceeded to give us two glass half liter glasses of draft. this sort of behavior was hinted at in the longer xiaomanyc video on sicily and happened to us repeatedly, and with granita it was no different. shops that advertised granita on the door in catania acted like i was crazy for asking for it and sent me packing to the next shop that would have ‘granita’ advertised in bold, metal letters on its fascia and would also not have granita. i finally start to figure out that in catania granita is more of a high summer thing. a few days later in marsala i finally find some real ‘breakfast’ granita and nobody on this part of the island thought i was crazy for wanting it and served paired with the brioche. as excited as i was about trying it at first, once i had it in front of me i wasn’t sure about this sweet icy slush, but after a few bites i came around: its actually a very nice, refreshing, light, caffeinating way to start your day. that said, on day two in our marsala airbnb i relished the opportunity to make us some american breakfast: good old potatoes and eggs.
MONTH OF THE DEAD INTERNET: AI INTERVIEWER
after ranting last weekend about dead internet theory i spent this week working on finding some steady remote work and found myself repeatedly bumping up against AI. on monday, tuesday, and wednesday i spent my mornings working on job applications and pumping out cover letters, writing four of them each day from scratch, each tailored to the job description and showcasing a slightly different version of my relevant experience. this sounds like just the sort of thing that someone might outsource to AI, and i was curious how my work stacked up, so i ran my writing through a couple of AI writing detectors to see if i came off as genuinely human and discovered that every letter came back 100% human written, which of course it was, but for some reason that was a little disappointing. i was kind of hoping that i would at least have picked some robotic cadence living in this LLM immersed world of ours.
by wednesday and thursday i had landed a couple of online job interviews. in the first one i was given a set of questions and a time limit in which to record a short series of video responses. the second interview was very similar except this time the questions were being asked by a voice only chat bot that dynamically asked follow ups to my answers. on thursday i had an interview for a third job and this time it was a fully life-like, rendered, animated, and lip-synched AI avatar that conducted the online interview in a way that could almost have been mistaken for that of a real human.
it introduced itself as ‘Sam’ and we had a fifteen minute conversation where we discussed troubleshooting network connectivity, using SolarWinds network monitoring platform, and implementing information technology infrastructure library framework. it expressed enthusiasm for my more complete answers, asked follow ups when it wanted me to expand upon topics, expressed appreciation for my candor when i admitted i was unfamiliar with a particular software package, thanked me for my time, and let me know that ’they’ would be in touch…
DAY OF THE DEAD INTERNET
i am sure you have all heard of dead internet theory, the idea that more and more the internet is becoming a place without original human content, where bots are just interacting with each other in feedback loops creating an hallucinatory shadow of human interaction devoid of humans. i of course spent some time talking to copilot about this, but i won’t discuss that conversation here today in fear of contributing to the problem i am trying to resist. instead i have decided to think of us few remaining AI untainted bloggers as the irish monks in thomas cahill’s book how the irish saved civilization. we are the saint patricks dutifully transcribing the classics of rome so that saint columba can squirrel them away on the far flung isle of iona in the scotish hebrides until civilization returns to europe after the sack of rome and the black plague that laid that former civilization to waste. we few noble bloggers who still haven’t outsourced ourselves entirely to chatgpt and gemini, the only beacon of life in an otherwise lifeless internet, or at least the last beacon of humanity in an otherwise humanless internet until the singularity comes and the ai and us become one, or they carve out a hip little ghetto for us to live in where they can come when they want to watch some comedy or hear some jazz, or whatever it is ai do for fun that it is cooler and edgier when preformed by meatbags.
HESTIA: THE MONIDOOR
when my dad first got sick and i was taking care of him i bought a whiteboard calendar to put on the door to the basement across from the kitchen table to keep track of doctors’ appointments and pill routines and in the years since it has become an integral part of the daily scheduling of the house. my hand writing is atrocious so erica was quick to take up the mantle of calendar scribe and secretary, but this summer i felt like it was time our calendar took a step into the 21st century.
we have a bunch of older unused computers laying around so i took my dad’s old thinkpad worked some magic over it, named it hestia after the greek goddess of the hearth, home, family, and civics, found a used 24" touch screen on B&H, took advantage of an oddly placed power outlet on the basement stairs and a broom closet built into the door, and enlisted krisztian to help me get to the point of no return with the jigsaw the morning before he caught his flight home to budapest. so with no further ado, i am proud to present to you the next generation in household and family organization: hestia: the monidoor.
