#a week later to be thinking about the moral arithmetic that everyone is going through? | Explore Tumblr posts and blogs

notbecauseofvictories · 4 years ago

Note

Hello, what did you think of Baru Cormorant? I've been pondering about picking it up so it'd be nice to hear whether you enjoyed it

I’m actually struggling to describe what I liked about Baru Cormorant. There was no question in my mind, almost from the first chapter, how good it was---the slow start as an imperial power invades Baru’s home, transforming her family, her world, and what she sees as a future. (Baru chooses to go to the official imperial school, believing that she must learn the ways of empire in order to save her home; only later does she realize this is a poisoned cup.) And it only got better, from the sharply drawn character portraits of a hundred different individuals caught up in the empire’s games, including Baru herself, whose fatal flaw is that she forgets the chess pieces are also people. Add in a mid-act reversal of fortune, the late in the book plot twist, to the genuinely energizing finale, and what you have is something shocking, imo a masterwork.

I mean, one of the reasons that I’ve read so much over the last 3 months is because I’ve given myself permission to stop reading when I don’t like a book, or drop a series if uninterested in it. Baru Coromorant is the first series that I immediately went out and bought the 2nd book, reserving the 3rd through my local library. I loved it. I loved it.

(I’d also say that the second book, while less straightforward than the first in terms of plot, did a lot to expand the scope of the world and introduce a complex interplay of philosophy and varied cultures---while playing with some concepts about the more academic side of colonial violence.)

But what I really liked about Baru Coromorant was the horror and the suffering of it, and that makes it harder to discuss. Because this isn’t like some of the other books I’ve read recently, the monstrosity isn’t individual---the empire of Masquerade is genteel, and reasonable, and doesn’t hate or wish anyone ill. It’s just also a colonial empire, a vast machine churning out every kind of oppression, including violence, and silence, and death. It forces hard choices, and dismisses them in the same breath, offering explanation and excuse when you side with it. It doesn’t care for anything except itself and its own immortality.

It’s...uncomfortable, to be thrilled by plotwist because it is an unflinching choice by the author, an upping of the narrative stakes, yet simultaneously shows the naked power and inhumanity of a fictional empire. It doesn’t sit right to have characters interact with each other, each of them advocating for (1) eugenics, (2) White Man’s Burden-style benevolence, or (3) naked self-interest, and think oh wow this is a great book.

And I do think the series is good. It had me glued to my computer screen for 12 hours as I tore through 1000 pages of politics, economic tensions bleeding into politics, and various kinds of violent sacrifice on the altar of an uncaring empire. But I’m not sure how to resolve the tension between how much I liked its honesty, and what that might say about me. Or maybe it’s a mark of real quality, that a novel about being complicit in atrocities makes you complicit in them as well.

#from the bookshelf #I liked it so much it was so good the whole thing was phenomenal and bowled me over #but also I'm not sure you're supposed to be so delighted when #[SPOILER SPOILER SPOILER SPOILER]#or it turns out that there are [SPOILER SPOILER SPOILER SPOILERS]#which honestly is why I feel so strongly about the series #to have me feel this much ambivalence?#a week later to be thinking about the moral arithmetic that everyone is going through?#that has to be good #Anonymous

176 notes · View notes

ineffably-effable · 5 years ago

Text

Come up and see me (make me smile)

Mesopotamia, 3004 BC

Summary: Mesopotamia, 3004 BC.

1690 words

AN: Couldn’t get this scene out of my head, it continues the role-reversal au started in Come up and see me (make me smile)

Thanks again to @mia-ugly for being being an amazing beta reader.

(read on ao3)

Crowley was in a horrible mood. He had spent the better part of the week arguing with his superiors, and all he had to show for it was a splitting headache and a reputation as a bleeding-heart humanitarian.

So, instead of wasting his breath, Crowley had chosen to channel his rage into protecting the eight measly lives he was permitted to save. This was the reason he was standing in the hot sun, in the midst of the crowd that had turned out to watch wild animals being wrangled by three absurdly unqualified men. A few feet from Crowley, he overheard a woman sniping to her husband, “It’s a miracle those idiots haven’t been mauled to death", and was sorely tempted to tell her just how right she was.

It was only a short while later, right when he was contemplating the morality of letting Shem get kicked by a giraffe, that Crowley felt a tap on his shoulder and turned (the wrong way first, sneaky bastard ) to see a familiar salt-and-pepper haired demon grinning cheerfully at his side.

“Crowley! I thought it was you! Those flaming locks of yours are quite distinctive,” he babbled excitedly, charming in a way that softened Crowley’s bad mood considerably.

“Hello, Aziraphale.” he said, trying very hard not to smile.

“I don’t suppose you know what all this is about?” Aziraphale asked. “Did upstairs request some sort of nautical menagerie?”

Crowley smirked.

“I’m sure I have no idea what you mean.”

“Please. I could sense the divine energy holding that thing together from a mile away.”

“I’d hardly be a decent angel if I went around divulging divine plans to my occult foe,” Crowley teased.

“Oh, don’t be so… prejudiced.”

“Prejudiced?”

“It means narrow-minded, discriminatory.” Azirphale informed him, smugly.

“I know what it m-”

“So what’s going on?” Aziraphale interrupted. “Why would you build it so far inland? Are you expecting a flood?”

“A flood?” (Crowley, who was painfully aware of how high his voice had just pitched, determinedly ignored Aziraphale’s raised eyebrow and sidelong glance.) “Of course not- why would you- I mean- that would be an awful lot of rain- and the area is in a drought so- you know what- don’t you dare laugh at me!”

“ My dear, you’re very fetching when you’re flustered.”

(Fetching.)

Crowley had a horrible suspicion his face had turned as red as his hair.

(He thinks you’re f-)

“For the love of- demon, please go pester someone else.”

“Where would be the fun in that?” he replied cheekily, glancing from the boat to the surrounding crowds. His expression sobered.

“I hope you’ll forgive me asking, but that doesn’t seem like a very large boat,” he pursed his lips, “especially not with all those animals.” He turned to look at Crowley. “How many humans are you planning to squeeze in there?”

Crowley could feel his bad mood returning with a vengeance.

“All in all? Eight.” Crowley tried to keep his voice level.

“Eight? ” Aziraphale repeated, in the dry tone of someone who had heard perfectly well the first time, but would prefer a different answer.

“Eight.” Crowley confirmed.

“ She’s going to drown everybody else ?”

“The other continents will be excluded, and most of this one, it’s really just the space enclosed by the two great rivers,” Crowley said flatly, repeating almost verbatim the answer he’d received from Gabriel. Aziraphale had gone pale.

“That’s- hundreds of settlements, thousands of people…” he trailed off as a group of children ran past them, giggling. He stared at Crowley with a horrified expression on his face.

Crowley nodded miserably.

“Oh Crowley.” The unexpected sympathy in the demon’s voice felt like a gut-punch. Aziraphale reached out - perhaps to squeeze Crowley’s shoulder - but retracted his hand guiltily, when the angel flinched away from the offered comfort.

“It’s not like they asked me for my opinion. They didn’t even have the decency to tell me in person.” Crowley grit his teeth. “Gabriel sent a memo .”

“Crowley…”

“Oh, and get this, after it’s done, She’s going to promise not to do it again by refracting light through the leftover water in the atmosphere. Isn’t that nice? ” His tone was scathing now, he felt hot tears pooling in his eyes but he didn’t care. He was about to continue, really lay into some of the idiotic notions Gabriel had used to explain the affair, when he felt a tentative hand resting on his arm.

“I think,” Aziraphale said slowly - as if he were talking Crowley down from a cliff’s edge - “that you’re upset, and you need to choose your words very carefully.”

Crowley waved off the demon’s concern.

“We’re allowed to have doubts, as long as we’re good soldiers and follow orders. It’s only questioning Her outright that leads to trouble.”

“Is that so?” Aziraphale said, face blank. Crowley couldn’t look at him.

Instead they both watched the chaos together, silently observing as one of the unicorns escaped the containment area and made a break for it.

Crowley wondered if the ineffable plan anticipated the extinction of that species, or if it was just dumb luck.

“What if there were another boat?” Aziraphale asked out of nowhere.

Crowley scoffed.

“We’re in the middle of the desert. Who else would be building another boat?”

Aziraphale, who had been staring at Crowley expectantly, stayed silent.

Crowley frowned.

“You can’t.”

“Can’t miracle anything too big, no,” the demon mused. “Won’t be enough space for everyone obviously, but might do for a score of children, maybe even some adults.” He had a distant expression on his face, as though he were doing the arithmetic right then and there.

“Aziraphale. It’s out of the question.”

“Your opinion has been duly noted.”

“What if you get caught ?” Crowley asked, voice strained.

Aziraphale laughed bitterly, “I don’t see your lot down here getting their hands dirty,“ he said snidely. “A storm seems like an exceptionally passive aggresive method of genocide.”

Crowley would have agreed with that point, if he weren’t trying to talk the demon out of getting himself smote or worse.

“What about your lot? You think they’ll look favourably on an act of compassion?!”

“Compassion? I’m a demon, dear boy, thwarting the will of heaven is literally in the job description.” He smiled reassuringly at Crowley. “If they’re truly sinners we’ll get them in the end, and if they’re not, well at least we’ll have a chance at tempting them.” He shrugged. “Hell, I can even bring some teenagers on board, stock the boat with some fermented juice, that’ll guarantee some licentiousness.”

Crowley could feel a headache coming on.

“Why are you telling me this?”

Aziraphale’s brow furrowed in confusion.

“I thought it might make you feel better?” he said, sounding very much like he thought it was obvious. “Surely you can’t want children to die?”

“I- that’s- not the point. God’s plans are ineff- oh, don’t smirk at me - so what am I supposed to do, just look the other way?”

“When the time comes you’ll be on the ark,” the demon said, matter-of-factly, “It gives you plausible deniability - even an angel can’t be everywhere at once.”

“You’ve really thought this through.” It could work, Crowley was shocked to find himself thinking.

“You needn’t sound so surprised.” Aziraphale replied, insulted.

Crowley laughed.

“To be fair, this is a bit of a leap from accidentally abetting original sin. I need a second to adjust.”

“You’re awfully snippy for an angel, dear.”

“Oh, shut up.”

“That reminds me, how did giving away your sword work out for you?“

Crowley bit his lip.

(When he’d been asked outright by the Almighty - Where is the sword I gave you, Crowliel - he’d caved immediately. Shame-faced he’d admitted what he’d done to protect the humans and, in lieu of punishment, he received the ethereal equivalent of having his hair ruffled. He had been sent on his way with the warm feeling of being hugged, and the sound of her gentle laughter warm in his chest.)

“Crowley?”

“Oh… I got the feeling She was amused by it,” he said, embarrassed.

“She must have a soft spot for you,” Aziraphale said, in a tone that was difficult to read. He looked away. “How long is the flood meant to last anyway?”

“Once the storm starts? Forty days and forty nights.”

“Hmm. Heaven does like their nice tidy numbers don’t they.” Crowley wasn’t sure how to respond to that. Aziraphale gave him an apologetic smile. “I should probably get going. Heavenly plans to thwart, no rest for the wicked and so on.”

“Ah, yes,” Crowley responded, dumbly. A little surprised (but definitely not hurt) by the abrupt transition. He wasn’t sure why he wanted to delay the demon’s departure, but when Aziraphale turned to leave, Crowley found himself speaking up.

“Maybe I’ll see you around afterwards then?” he asked.

Aziraphale’s yellow eyes lit up. Suddenly nervous, Crowley back-pedaled, “I’ll have to er- try and salvage all those souls you’ve damned.”

Aziraphale studied his face, giving Crowley a scrutinizing look that slowly morphed into a bemused expression.

“You’re welcome to give it your best shot, angel,” he replied with a grin.

Before Crowley could snark back the demon had vanished.

It was funny, Crowley thought, that the demon had been the one to come up with a way to save people. That he could even be bothered to try.

(“Be funny if we both got it wrong eh? If I did the bad thing and you did the good one?” )

Above him the sky was growing dark with approaching storm clouds. The first drops of rain had started to fall and a sharp, loud, crack of thunder rang out.

Crowley cringed.

On second thought, it wasn’t very funny at all.

#good omens #good omens fic #inefffable husbands #ineffable husbands fic #demon!aziraphale #angel!crowley #role reversal au #my writing

12 notes · View notes

ryanssecurityengineering · 5 years ago

Text

Week 7 Notes and Reflection

REFLECTION

Unfortunately I ran out of battery and lost the lectures notes for the second lecture. I had to reconstruct them using the class notes, Richard’s “slides” and what I remember. I’ll especially have to research more about Public Key Infrastructure later, it seems interesting!

Interesting lecture, I like how we found a mistake on the exam! I also liked the way Richard described Man in the middle attacks in Diffie-Hellman. There were lots of “homework” activities so I should do those!

I thought it was pretty insane you can write to memory using %n in printf! I wonder what the designers of printf were thinking?! They were like “o ye lets scan in some stuff using our printing function!!”

The extended lectures were cool - I found it weird that pressing that Command + S key on a Mac gives you root. There are so many interesting practical things with security... bug bounties, CTFs that you don’t really see in other areas of computing such as AI.

NOTES

Mid Term Exam

Question 5 Solution - Can’t brute force it by hand. The answer is F - type I /Type II error tradeoff.

Question 10 - The answer is D - easy to factorise a 64 bit number. Even 512 bit modulus is crackable. However even RSA is wrong for some reason.... All wrong!!

Proof of liveness - Like a replay attack, challenge response. Proof that there is someone there.

Richard expects you to go to all the lectures. Should have known Sun Tzu!

Diffie-Hellman - How do you set that shared secret up?

5^3^7 is the same as 5^7^3. Power raising is associative.

R -> 78125 -> S S-> 125 -> R

We don’t know R or S private key. Only the number they raised (5). Very difficult to solve the discrete log problem, to go backward to the private key.

When both sides receive their key, they both raise the value by their private key. Both becomes the same.

Forward Secrecy - protects the future messages.

Syria Castle - Defence in depth. The castle fell when the sieiging people forged a letter telling the castle people to surrender. Didn’t fall due to the defence of the castle.

CYBER LITERACY - VULNERABILITIES

A vulnerability is a weakness, and an exploit something that takes advantage of that.

Bug - software mistake. Sometimes bugs become vulnerability.

Types

Memory corruption - somehow the bad guy can change something in memory to allow the program to be under the control of the bad guy.

Buffer overflow

Stack and heap - FIFO temporary info about the functions are on the stack. Heap for allocated memory - dynamic memory allocation.

How functions are called in C - when control switches to another function, the function is frozen. Temporary info such as registers stored on stack. COMP1521 stuff.

Integer overflow - If you keep adding, it will go negative. This can cause it to maybe pass some tests.

Format String - Like Bird flu - Everyone has written buffer overflow bad code in the old days! Then people started patching it. Apparently they are coming back. C has crazy way of printing stuff using printf(). In the old days when you wanted to print hello world had to use printf(”%s\n”, “Hello World”). However no ever did that. Everyone just writes printf(”Hello World\n”). However someone might write name <- get user name. Then you want to print the name you write printf(name). E.g. my name is “%s Richard Buckland”. It will try and look lower down in the stack and print that out as the argument. %s will print out the contents of the stack until a null character. You can use %x to print out the next byte and print out hexadecimal versions of the stack. Printf(”%x %x %x %x”). Shows entire contents of stack. Could have passwords, return addresses. %n WRITES TO MEMORY. You can do arbitrary writes to memory.

Swiss Cheese - holes might line up! Holes overlapping and poke finger through. These sort of bugs are like that! Get lucky.

Stack Canary? Research that.

Shell Code - if you attacking a system, how nice it would be to get a private shell to come up and do whatever you want? Write some machine code that calls OS functions that makes shell pop up. This code is shell code. Put shell code into a buffer and run it.

Nop sleds - You can use buffer overflows to jump back to your buffer to run programs. However sometimes don’t know where in memory where the code is placed. Nice to have a bit of wiggle room. Just put lots of NOP operations - it will be like a slide into your code. Looking for NOP sleds - malware scanners. However whole lots of way to write NOP sleds without NOP.

If you find vulnerabilities, into will go into the National Vulnerability Database and CVN (Common Vulnerabilities and Exposures) and CNA (CVE Naming Authority).

Responsible disclosure - If you find a vulnerability, tell the vendor then CERT(eg CERT Australia). or you can sell it to the bad guys!

OWASP Top 10 list should know for top 10 vulnerabilities. Essentially the same every year!

BUG PUZZLES - Check slides

Example 1 - Integer overflow for the length. Get_user_length is UNSIGNED, but length is signed. Lots of implicit conversions between sign and unsigned. Then read will read the overflowed length value since read() takes in an unsigned length value, which might be bigger than 1024.

Example 2-�� Optimistic indenting

ASSETS

Security is to protect your assets. Sometimes we protect the wrong assets. Cold war - I wonder if the world will be here tomorrow? The most important asset is to protect mankind.

Door bell on the car - If you placed that in the car it went ding dong in his house. $5 car alarm first step into brilliance. What are you going to do when the ding dong happens? Might run down there and get killed!! The real asset is the window of the car, not the money! Leave the window open! Got wallet stolen, but got AIDS. Easy to protect the wrong thing.

At the uni’s security review was all machines. Uni assets are students, reputation, user data, staff. The trick is, what you should do is the assets - what are you trying to protect? Ask people - junior, senior people. Review the list of assets every year/month. Real weakness is something you don’t see - blind spot. Try and find the things you haven’t seen.

Strategies for Identifying the Assets

Regularly surveying the values of people of the involved in what you are protecting. Multiple pairs of eyes is a good asset.

Develop a sensible plan - well designed to tease this information out of them. Humans are generally poor at regurgitating everything they know, however they are generally very good critics.

Periodically revise current list of assets. Don't set and forget. Values and assets of an organisation can drift.

Examples

Team America

Richard's wallet vs Richard with AIDS

Car doorbell

Leave windows open?

Share registry - no more paper trails, everything is recorded electronically. Land title database was privatised. What are the risks?

Coke formula

Parliament - a collection of people that hold particular importance together.

Valuing the Assets - Defining what is important

Categorising types of assets

Tangible Assets: Those that are easily given a value

A gold chain valued at some relatively static amount

The jewellery in a jewellery store.

Intangible Assets: These cannot be easily and objectively be valued

Company secrets

Availability of services

Employee Morale & Security

Customer information

* Monetary + psychological/emotional costs

* Difficult <> Don't do

Examples:

Company secret - what is at stake?

QOS Guarantees

Strategies for assigning values to assets

Survey what many people think

no single person or group should be solely evaluating the assets&semi;

Examples of the information that should be gathered are as follows:

"How much money would you lose where this data center to go down for 24 hours?".

"How much will you lose if your company is disconnected to the internet for 3 hours?".

Examples

In assessing the value of a park

Picasso

Diffie-Hellman - Only provides confidentiality and integrity? Does not provide authentication.

Web of Trust (PgP) - Research this

Public Key Infrastructure (PKI)

SSL/TLS

Read Bruce Schneier's paper https://www.schneier.com/academic/paperfiles/paper-pki.pdf

passports (links photo with name, certified by office)

x509 certificates (links public key with domain (and maybe some other info))

padlock in your browser

look at some certs

CAs, root certificates, RAs, pay money to browser manufacturer??!! (check out your web browser)

conflicts of interest

most google search pages on SSL written by vendors

it was the blockchain of the 2000s

self signed, domain verification, organisational verification, extended verification. (ha!)

what if anything are the risks of self-signed?

safety vs identity

the green bar

session keys - the TLS handshake (4 keys)

why use session keys rather than using RSA for all?

wildcards

3 main certificate authorities: Symantec, Comodo, GoDaddy

homework : find examples of (serious) fraudulant certificates being issued

Certificates don’t protect against gooooogle.com

TLS handshake example

BUG BOUNTIES (From notes, I lost mine)

Crowd-Sourced Bug Bounty Websites

Public: Hackerone, bugcrowd

Private: Synack

Often have criteria of whats in/out of scope, as well as what kind of bugs they won’t accept. For example websites that they don’t want you touch

Tips

Learn web apps

Usea a wide scope → bigger net = more bugs

Look for software updates, or assets that have recently changed

Look for publicly disclosed reports → Can see prior bugs that have been found/exposed. If a bug has occurred once, theres a chance it will occur again

Pentesting (From notes, I lost mine)

Fuzzing

Automate process - a program that continually adds input

Some fuzzers are aware of input structure, and some even are away of program structure

Fuzzers aren't precise, but can test a large amount of inputs

Fuzzing software - afl (the way to go apparently)

Mutation strategies - bit flips, byte flips, arithmetic, havoc (combination

Use fuzzing to test your own software

Homework: Do the fuzzing tutorial

0 notes