Redesigning the space sick bag

Oct. 25th, 2014 05:10 am
hatman: "Cultral Icon" (Image of a petri dish) (Cultural Icon)
[personal profile] hatman
I was at a talk by Col. Chris Hadfield when he mentioned a problem with space sick bags. He said that when you use a space sick bag, without the force of gravity to hold what's come up down, it has a tendency to bounce off the bottom of the bag and float back to the top. Not ideal.

I was thinking about that while trying to get back to sleep last night, and I realized that the solution might be to redesign the shape of the bag. If you were to indent the bottom of the bag (with, say, a v-shape), anything bouncing off it would be reflected not directly back at you but off to the side.



Of course, it could still ricochet off the side of the bag and come back to you. To discourage that, you'd want to taper the sides in. Make the bag more triangular.



Doing that, however, still has its disadvantages. Without gravity, up and down are arbitrary. A bag which tapers out from the top, considered upside-down, is a funnel. To prevent that, you'd want a shoulder at the top. Or, better yet, a tube going partway in. (You need a valve to close it off anyway, right? If you make that tube a little longer, you're fine.)



But then... a triangle with a notch cut out of the bottom seems familiar. And, come to think, having that notch be asymmetrical could have some advantages. And, really, why not have fun with it if you can?

I present to you what, to the best of my late-night figurings, is honestly the ideal shape for a space sick bag:



The Starfleet logo.

It'd cost a little more to manufacture, but it just might be worth it.

(I sent a copy of this, without the crude diagrams, to NASA. It'll be a couple of weeks before they can reply, but I'm interested to hear what they make of it.)

(no subject)

Oct. 24th, 2014 08:15 pm
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
[personal profile] synecdochic
Sarah, sitting and putting labels on the 150-odd vials of BPAL I decanted today: "You know, I don't think it was an unreasonable request."

Me, opening 200-some vials that I bought secondhand to sniff them and determine if I like them or not: "What?"

Sarah: "'One of these days I should find a perfume I can wear to work', I said. And here we are, somehow that having turned into 'try everything BPAL has ever made'..."

Me: ...Hello, have you MET ME? YOU KNEW IT WAS ON FIRE WHEN YOU LAID DOWN ON IT.

(She is so very tolerant of the fact that "....that escalated quickly" is my life motto.)

Kill the Moon

Oct. 24th, 2014 10:15 pm
purplecat: Texture by simpleandclean (LiveJournal) (Doctor Who)
[personal profile] purplecat
NB. Spoilers more or less from the start here.

There is a tendency in a lot of adventure fiction, which I have complained about before, to assume that the correct course of action is always to save the one life in front of you, even if it condemns millions you can not see to death. I don't deny that there are interesting debates to be had and stories to be told around this dilemma especially since it is often framed as the certainty of one death weighed against the possibility of many. However the answer "save the person in front of you" has become so trite and well-worn that I am mostly irritated by such stories. Unless a show is deliberately being "dark" or "realistic" then it will always balk at having the hero deliberately take an innocent life*.

It doesn't help that, as a bonus prize for saving the life in front of you, the millions always get saved as well. In fact the whole dilemma ends up in stories as a somewhat tired device to present some kind of moral choice to our protagonist. We the audience (once you've seen a few of these stories) know it's a trick question - everyone is going to be fine. The hero, particularly if its the Doctor will find another way. It should be noted that [personal profile] ed_rex interprets the message as specifically anti-abortion. That's not my reading of the story, in part (as a commenter on his blog pointed out) because abortion isn't such a hot-button issue in the UK, but mostly because it was presented much more as a conflict between the many and the one than between the mother and the child. However, it is an interesting reading of the story.

More under the cut )

In spite of my rant above I didn't dislike the story, but the central moment that needed to be good to make it worth watching just irritated me and so I'm ultimately rather `meh' about the whole thing.

*It occurs to me that this is one of the reasons Torchwood:Children of Earth produced such intense reactions (I mean, apart from Ianto, obv.). Jack's sacrifice of an innocent was entirely out of place and deeply shocking in what was, despite all its "adult" trappings, an escapist show.

Working

Oct. 24th, 2014 02:44 pm
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
[personal profile] synecdochic
Working working working. Decanting decanting decanting. The cooking tv shows I'm watching in the background are making me hungry.

Read more... )

(no subject)

Oct. 24th, 2014 01:48 pm
hatman: HatMan, my alter ego and face on the 'net (Default)
[personal profile] hatman
For all you knitters out there...

Fabulous Hooker shirt/hoodie. It only gets made if they get 50 orders within the next 5 days. I've chatted with at least one friend who would really enjoy it, and I think maybe some of you would, too?



(Image description: Hoodie printed with the phrase "I am a fabulous hooker" with a picture of a knitting hook stuck through a ball of yarn.)

(no subject)

Oct. 24th, 2014 03:47 am
hatman: HatMan, my alter ego and face on the 'net (Default)
[personal profile] hatman
Got my new sleep medication in the mail on Wed. Only took, what, 5 months?

It came just as I was about to go to sleep for the day. (I was in bed, but alone in the house. The dog heard someone at the door and barked. So I went down, got it, and put it away.) Opened the box the next day. The box was big enough to fit a couple dozen paperbacks. Inside were some instructions and paperwork. And a brochure with no text. Open it up, and a friendly man and woman take turns reading you the information. (Remember, almost all the patients who take this stuff are totally blind.) Oh, and one little pill bottle. Filling up the rest of the relatively cavernous box was a big sheet of oversized bubble wrap.

I read the printed instructions from the pharmacy. (They'd asked before mailing if I needed them in any special format - audio or braille or whatever.) On the sheet and again on the bottle, it said the medication must be stored at 77 F (25 C), but that it can be stored "briefly" at temperatures from 59 - 86 F (15 - 30 C). Also, it must be kept away from moisture. And light. Wow, this stuff is sensitive! Good thing I brought it in from the front stoop; it's been pretty rainy. But, oh no! It was overnight downstairs, where the temperature was well below 77! (Was I going to need to buy an incubator for the one little pill bottle?)

I called the manufacturer's hotline. "Oh, that. That just means you need to keep it at room temperature. Don't put it in the fridge or near any heat sources, and you should be fine."

*whew*

But also... huh? If that's what you mean, then put that on the label. What's with the scary specificity?

Then again, among the safe places to store it that she listed was "medicine cabinet." The instructions also clearly say not to keep it in the bathroom. (Most likely because of moisture.) I think I'll call back today, see if I can check with someone else...

Anyway, I've got an appointment with the sleep doctor next week to let her know I have the stuff and go over instructions. By then, my sleep schedule should be coming around towards normal. I'm going to have to hold my sleep schedule steady for weeks or more to give this stuff a fair try. (The friendly people in the brochure told me that it can, for some people, take weeks or even months before the stuff has any noticeable effect.) We'll see how it goes. But this could get rough. And exhausting.
ursamajor: people on the beach watching the ocean (Default)
[personal profile] ursamajor
post-tags: instagram, crosspost Five-spice cider pork belly. After commuting through a Nor'easter both ways, the scent of this as I walked through the door was heavenly.
ursamajor: people on the beach watching the ocean (Default)
[personal profile] ursamajor
post-tags: instagram, crosspost Unsurprisingly, sold out of everything bagels by the time I got here. Next time!

The opening menu for @bagelsaurus13.

Oct. 23rd, 2014 01:22 pm
ursamajor: people on the beach watching the ocean (Default)
[personal profile] ursamajor
post-tags: instagram, crosspost The opening menu for @bagelsaurus13.

Linux Container Security

Oct. 23rd, 2014 08:44 am
[personal profile] mjg59
First, read these slides. Done? Good.

Hypervisors present a smaller attack surface than containers. This is somewhat mitigated in containers by using seccomp, selinux and restricting capabilities in order to reduce the number of kernel entry points that untrusted code can touch, but even so there is simply a greater quantity of privileged code available to untrusted apps in a container environment when compared to a hypervisor environment[1].

Does this mean containers provide reduced security? That's an arguable point. In the event of a new kernel vulnerability, container-based deployments merely need to upgrade the kernel on the host and restart all the containers. Full VMs need to upgrade the kernel in each individual image, which takes longer and may be delayed due to the additional disruption. In the event of a flaw in some remotely accessible code running in your image, an attacker's ability to cause further damage may be restricted by the existing seccomp and capabilities configuration in a container. They may be able to escalate to a more privileged user in a full VM.

I'm not really compelled by either of these arguments. Both argue that the security of your container is improved, but in almost all cases exploiting these vulnerabilities would require that an attacker already be able to run arbitrary code in your container. Many container deployments are task-specific rather than running a full system, and in that case your attacker is already able to compromise pretty much everything within the container. The argument's stronger in the Virtual Private Server case, but there you're trading that off against losing some other security features - sure, you're deploying seccomp, but you can't use selinux inside your container, because the policy isn't per-namespace[2].

So that seems like kind of a wash - there's maybe marginal increases in practical security for certain kinds of deployment, and perhaps marginal decreases for others. We end up coming back to the attack surface, and it seems inevitable that that's always going to be larger in container environments. The question is, does it matter? If the larger attack surface still only results in one more vulnerability per thousand years, you probably don't care. The aim isn't to get containers to the same level of security as hypervisors, it's to get them close enough that the difference doesn't matter.

I don't think we're there yet. Searching the kernel for bugs triggered by Trinity shows plenty of cases where the kernel screws up from unprivileged input[3]. A sufficiently strong seccomp policy plus tight restrictions on the ability of a container to touch /proc, /sys and /dev helps a lot here, but it's not full coverage. The presentation I linked to at the top of this post suggests using the grsec patches - these will tend to mitigate several (but not all) kernel vulnerabilities, but there's tradeoffs in (a) ease of management (having to build your own kernels) and (b) performance (several of the grsec options reduce performance).

But this isn't intended as a complaint. Or, rather, it is, just not about security. I suspect containers can be made sufficiently secure that the attack surface size doesn't matter. But who's going to do that work? As mentioned, modern container deployment tools make use of a number of kernel security features. But there's been something of a dearth of contributions from the companies who sell container-based services. Meaningful work here would include things like:

  • Strong auditing and aggressive fuzzing of containers under realistic configurations
  • Support for meaningful nesting of Linux Security Modules in namespaces
  • Introspection of container state and (more difficult) the host OS itself in order to identify compromises

These aren't easy jobs, but they're important, and I'm hoping that the lack of obvious development in areas like this is merely a symptom of the youth of the technology rather than a lack of meaningful desire to make things better. But until things improve, it's going to be far too easy to write containers off as a "convenient, cheap, secure: choose two" tradeoff. That's not a winning strategy.

[1] Companies using hypervisors! Audit your qemu setup to ensure that you're not providing more emulated hardware than necessary to your guests. If you're using KVM, ensure that you're using sVirt (either selinux or apparmor backed) in order to restrict qemu's privileges.
[2] There's apparently some support for loading per-namespace Apparmor policies, but that means that the process is no longer confined by the sVirt policy
[3] To be fair, last time I ran Trinity under Docker under a VM, it ended up killing my host. Glass houses, etc.
ursamajor: people on the beach watching the ocean (Default)
[personal profile] ursamajor
post-tags: instagram, crosspost Decoding the Creative Process. Similar to deciding it. #ferranadria #scienceandcooking
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
[personal profile] synecdochic
Mondays, every week, let's celebrate ourselves, to start the week right. Tell me what you're proud of. Tell me what you accomplished last week, something -- at least one thing -- that you can turn around and point at and say: I did this. Me. It was tough, but I did it, and I did it well, and I am proud of it, and it makes me feel good to see what I accomplished. Could be anything -- something you made, something you did, something you got through. Just take a minute and celebrate yourself. Either here, or in your journal, but somewhere.

(And if you feel uncomfortable doing this in public, I've set this entry to screen any anonymous comments, so if you want privacy, comment anonymously and I won't unscreen it. Also: yes, by all means, cheer each other on when you see something you want to give props to!)

Credit card numbers

Oct. 19th, 2014 09:58 pm
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
[personal profile] synecdochic
As I believe I've mentioned here before, I have a pretty annoying case of dyscalculia. It mostly makes me transpose digits, confuse certain numbers (3 and 8, 2/5/9), and have difficulty with orders of magnitude. Since discovering that dyscalculia is a genuine honest thing (the schools I attended really should have picked it up, but it was too early for there to be much attention on the condition and we had a nasty case of Gifted Children Can't Have Learning Disabilities) I've learned a bunch of workarounds and coping techniques; I'm getting better at it not disrupting my life.

I also have a really shitty memory for numbers, except when I have a really good memory for them -- fucked if I can remember specific phone numbers for years and years, for instance, even ones I manually dial regularly instead of using the phone's address book, until all of a sudden, like with the flip of a switch, I'll remember it for years past when I'm actually using it regularly. Right after I moved out of my parents' house the first time, I was writing checks for a lot of my regular shopping, and I wrote my drivers' license number on the checks often enough that I found I'd memorized it -- and still remember it, 10 years after surrendering my NJ license for a MD one. (I don't know my MD one; I don't write checks that often anymore.) That kind of thing.

The big thing, though, is credit card numbers. I buy things online pretty often, and I don't ever let my browser or most websites save my CC#, so I type it pretty regularly. It usually takes me no more than a year or two to memorize a credit card number after something like a CC fraud/identity theft thing happens and I have to cancel the card and get a new one. I always struggle like hell for the first few months of a new card number (wanting to type in the old one and always misreading/mistyping the new one as the transpositions and digit confusions kick in), then have a little while of not remembering the number but not having trouble typing it with the card in front of me. Then I'll find that I'm remembering the expiration date and the CVV (confirmation code), along with a few sequences of the 16-digit card number, but I still need the card for confirmation. After a bit, though, it's like a switch flips in my head, and I never have to pick up the physical card again when I'm making online purchases. (Until the next time there's a data breach and I have to get a new card number, of course.)

I'm curious as to how common this is! Sarah says she's never memorized a credit card number in her life, whereas I currently have our main credit card # (last changed about 2 years ago) and the DW business card # (about three years old) memorized but not our backup card (which is about three or four years old, I think, but I type it in way less frequently).

So, a poll:

Open to: Registered Users, detailed results viewable to: Just the Poll Creator, participants: 264

For your current primary credit card:

I don't remember anything about it, no matter how long I have the number for.
19 (7.2%)

Eventually I will learn some parts of it (small sequences, CVV, expiration date) but I always go for the card anyway.
77 (29.3%)

Eventually I'll remember larger bits of it (whole segments but not all of the #, CVV and expiry, etc) but always doublecheck
46 (17.5%)

I'll remember it if you get me started but I don't rely on memory in case I get it wrong
8 (3.0%)

I will memorize number, expiry, and CVV eventually but I haven't had this card long enough yet
43 (16.3%)

I have number, expiry, and CVV memorized and don't need to pull out the card
66 (25.1%)

I don't have a credit card/I don't use it for online purchases
4 (1.5%)

If you do memorize credit card numbers, about how long does it take you?

Less than 6 months
63 (35.8%)

6 months to a year
46 (26.1%)

12 to 18 months (1-1.5 years)
36 (20.5%)

18 to 24 months (1.5-2 years)
17 (9.7%)

24 to 30 months (2-2.5 years)
4 (2.3%)

30-36 months (2.5-3 years)
2 (1.1%)

Longer than 3 years
8 (4.5%)

If you do memorize card numbers: do you deliberately try to, or does it just happen?

I deliberately try to memorize them as quickly as possible
9 (4.8%)

I try haphazardly but I don't sweat it
34 (18.3%)

It just happens
143 (76.9%)

I wish to complain about the options in this poll:

Yes
44 (100.0%)

NuWho Rewatch: Fathers' Day

Oct. 19th, 2014 09:30 pm
purplecat: Texture by simpleandclean (LiveJournal) (Doctor Who)
[personal profile] purplecat
I think most people consider Fathers' Day and Dalek to be the two best stories of this season. Fathers' Day notably pipped Dalek to the Hugo but I was a little concerned that on a second watch it would be too schmaltzy and the sentimentality would be too obviously manipulative.

It is very schmaltzy )

Where Fathers' Day clearly wins over Dalek, I suspect, is that it is dealing with a far more accessible situation. Most people have lost someone close to them, so the question of how you would feel and react if given the opportunity to save them, or meet them again, is much more directly relevant than the question posed in Dalek which is about how similar someone very powerful can become to their arch-nemesis. It's a much more human story and for all its blatant sentimentality I think it, at the end of the day, is a better piece of television as a result.
ursamajor: people on the beach watching the ocean (Default)
[personal profile] ursamajor
post-tags: instagram, crosspost First frost tonight; pumpkin from @wilsonfarm ready for a slow afternoon roast. (As the base for kaddo bourani!)

I offer him my lap,

Oct. 19th, 2014 03:44 pm
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
[personal profile] synecdochic
But he's more interested in standing there and yelling at me.

Read more... )
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
[personal profile] synecdochic
So I replaced them yesterday. Popular! She can't decide which to kill first.

Read more... )

Profile

denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)Denise

June 2013

S M T W T F S
      1
2345678
910 1112131415
16171819202122
23242526 272829
30      

Style Credit

Expand Cut Tags

No cut tags
Page generated Oct. 25th, 2014 02:32 pm
Powered by Dreamwidth Studios