Son Of Sun Tzu

To content | To menu | To search

Wednesday 30 November 2016

Notes from "What Happens When A Game About Hacking Meets The Hacker Mindset?"

Thank you to everyone who braved the cold and made it to my presentation at DC4420.

A description of the presentation can be found here; and details about DC4420 can be found here.

A few notes from slides that I probably flew right past during the live talk:

The PDF of Chris Sumner's presentation from HackFest Canada is... around somewhere, I'll check with Chris and update this blog post.

Jayson Street's presentation on global hacker culture and hacker history can be watched here.

J4vv4d's blog post that I grabbed a couple of quotes from is here.

Tanya Snook's article is here.

The presentation by Fraser and I from DevSecCon is here, and I may or may not have generated enough intestinal fortitude to watch that by the time you're reading this.

If you want to ruin your enjoyment of media, go to

You really should be watching Scorpion.

The concept of Neo Tactics comes from Mike Bond's "Boom! Headshot!" research paper, the paper is here, and a PDF of the presentation is here.

The manual for the First Earth Battalion is here.

And, er, that's it - which probably wasn't the information you were after. It's been suggested I give the presentation elsewhere, so if I put more work into it I'll put in some links to the YouTube players who provide good examples of hacks, and other references in the talk.

And if anyone can help me understand XBox360 game save file formats, or help me track down a copy of Raven's Cry, please respond in the comments...

Saturday 26 November 2016

Tuesday's forthcoming DC4420 presentation - What Happens When A Video Game About Hacking Meets The “Hacker Mindset”?

With the very recent release of WATCH_DOGS 2 it’s timely to look back at the original WATCH_DOGS video game. Set in a fictionalised Chicago, in WATCH_DOGS you play as a “brilliant hacker” who uses his hacking skills to manipulate ctOS, the “Central Operating System” that runs the city. The game was similarly forward looking in its design, combining an open world single player mode with an “always on” feature, meaning the player’s game could be surreptitiously invaded at any time by an online rival.

But for a game that should be saturated with an understanding of hacking, what happens when it meets players with the “hacker mindset”? This talk will take you, Inception like, through the different levels of a player’s understanding of the game, and how they can use that understanding to gain a disproportionate advantage during gameplay.

( Please note, originally this talk was entitled “What Can WatchDogs Teach Us About Cyber Security?” but the presenter realised that there wasn’t that much to learn; also after fighting and losing against Linux display drivers at the October meeting the presenter will be bringing at least two different presenting platforms to the meeting and is currently watching several Overhead Projectors on eBay. )

More talk description is here , venue details are here.

Monday 21 November 2016

How to replace sux functionality on Arch Linux

( Apologies, this is just search engine fodder. )

If you're someone else who mourns at the demise of "sux" then note that this solution works, for me, on Arch Linux:

In /etc/pam.d/su, to forward xauth keys between users when calling su, add

session  optional

and then a simple "su <username>" from the logged-in user to the user you want to run the X program works.

Full credit to for this.

Saturday 1 October 2016

Technical Notes from my DC4420 presentation in September 2016

On Tuesday 27th September I presented on my home computer setup at the DC4420 meeting. This setup has taken me some time to establish, has been through many iterations, and features a considerable number of monitors and KVMs - and so I hoped I could serve as an example, or as a warning, to others.

The presentation was well received, with the friendly audience showing joy, concern, enthusiasm, and despair.

While I like the practice of writing up blog posts of talks my preferred method of delivery owes more to my very, very shallow knowledge of the PechaKucha style of presenting... and less pretentiously, a lot of watching the PBS Idea Channel, and so doesn't really suit this written medium.

So rather than try and write up the whole thing, below I've listed a summary of the technical advice, and technical issues, that I've discovered along the way. For the full version, maybe you just had to be there.

KVM notes:

Aten CS533: This is the Bluetooth KVM I use, also called the Aten Tap. The IOGear GKMB01 appears to be the same thing. It supports two bluetooth devices. Do note that sending commands to it requires using the Alt key combined with F1 to F6, and that can't be changed, which might clash with other keyboard shortcuts you've got. For unknown reasons this device didn't work for me when I plugged it in front of the Avocent Switchview listed below, but does when I use it in front of the Raritan.

Aten Masterview CS-9138: This is the 8 port KVM I currently use. It has a small choice of HotKeys, and thankfully doesn't have a buzzer. For unknown reasons the keyboard indicator lights don't work when I'm working through this, but bear in mind it's "behind" an Avocent KVM, and at least one USB to PS2 adapter... I think. so that's probably why.

Avocent Switchview 4SVPU20 MM2: This is the 4 port KVM I now use, I have two. It takes USB or PS2 input along with VGA, but doesn't need the VGA port to be used to work. This device has a relatively massive choice of HotKeys, and using the command "<HotKey> <HotKey> <B>" you can completely disable the buzzer... the KVM won't make a sound unless it's powercycled. It has independent KVM, USB hub, and audio allocation - so you can move the audio to a different system without moving the other functionality at the same time. Also the audio ports have no "direction" and are just physical connections, so by putting the audio ports of two of these KVMs in line, and connecting audio inputs to one and audio outputs to the other, I can direct any of four inputs to any of four outputs.

Belkin F5U119-E: Unlike some of the cheaper USB to PS2 adapters I've used, this adapter tends to work with everything I connect it to.

Belkin Omniview F1DS104U: the original 4 port KVM I used. Bear in mind it will beep when you change screens using hotkeys, and doesn't like being chained. Also the firmware upgrade to make it silent is difficult to find, requires a bespoke cable, and doesn't work.

Belkin PRO2 OmniView 8-Port KVM Switch F1DA108T: The original 8 port KVM I used. It will beep when you change to a different device, and removing the speaker ( known as a "speakerectomy" ) appears to cause electrical problems. Also it has male VGA ports, which is quite unusual.

HP ChromeBook 11: this uses a SlimPort connection for video output and for power simultaneously. If a SlimPort to VGA, or SlimPort to HDMI, adaptor is used, this device will drain its battery even if the power supply is plugged in.

Raritan SW4-USB-Combo: This is the other type of 4 port KVM I now use. As well as independent KVM, USB hub, and audio - as per the Avocent above - it has a small choice of HotKeys, and "<HotKey> <HotKey> <S>" turns off the buzzer for most functions, but it'll still beep if you make an error.

Sivitec Black 8 Way SURGE Protected 5m Extension Lead Switched NEON 8 Gang: this is the only 8 socket gangplug I've found with a cable longer than 2 metres.

Other notes:

Monitors: if you have the money, and the time to look up the different options, do buy monitors with the best capability, i.e. VGA input, DVI input, HDMI input, an audio jack, a VESA mount, and with the configuration buttons located somewhere accessible.

Peripheral Sharers: The USB peripheral sharers I found that were "too clever" were the StarTech 4-to-1 USB 2.0 Peripheral Switch, the Kensington ShareCentral5 K33901EU, and the Aten US421A.

Synergy: I'm still suitably suspicious of this software, but at least one person came up after the presentation and explained that they found it reliable and useful. If it looks like what you need do check out .

Window Managers: The Tiling Window Manager I use, with flexible mapping of virtual screens to physical screens, is Xmonad. If you want to look at alternatives then try i3, dwm, or spectrwm.

Xorg: It's a very high level summary of what I've done, but to get X working on four independent screens my configuration was built using the following incantation: run the command "nvidia-xconfig –enable-all-gpus –separate-x-screens", your xorg.conf file should only have a single “screen” section, and use the line Option “BaseMosaic” “on”

Thank you to the audience for getting into the spirit of the presentation, and if you've any questions do ask them in the comments below.

Friday 10 June 2016

How To Turn Wargamers Into Red Teamers, and Red Teamers Into The Actual Enemy

Earlier "today" ( Thursday 9th June ) I had the pleasure of listening to a free "Red Teaming 101 Webinar" by Mark Mateski of the Red Team Journal. ( The next event is on the 7th of July, and is listed here: ) This was an enjoyable high-level webex seminar about the idea of red teaming in general, very much on the "contrarian perspective" being a useful and under-used tool by organisations, and a quick run through of the overall concepts.

This inspired me to finally get down this idea that I've been ruminating on for a while. This piece is a drastically modified version of the article "Serious Wargames Needs Serious 'scout team' Wargamers" that appeared in issue 289 of The Nugget, "The Journal of Wargames Developments". Wargames Developments is a "loose association of like-minded wargamers dedicated to the continued development of wargames of any type whatsoever".

That original piece was in reply to Tim Price's piece in the previous issue: "Red Teaming, Black Games and Failure in our Wargames", lamenting the lack of diversity in professional wargaming meaning that the play of the "red team" was unhelpful. However I was inspired to modify my article, and publish it in a wider context, due to the Red Team Journal blog post "Operational Code Analysis for the Real-World Red Team, Part I" ( ). When announcing that piece via Twiiter, the author Mark Mateski quoted his article "Know thy enemy? Good luck with that! ( Yes, I'm exaggerating, but only a bit. )".

In the article Mark enumerates a very useful list of 37 questions to ask yourself, or your on-hand experts, about the opponent you are modelling in order to create a model of their "operational code", the operational code being that opponents way of working, of thinking, of fighting. That way you can simulate that operational code within your red team exercise, and effectively emulate the opposition.

Which brings us back to the original article by Tim Price. In this article Tim highlighted the lack of an effective opposition within the serious games he'd been involved with, where the people playing the opponent clearly were thinking and acting in the usual way for their standing, culture, and the situation - which considering that this was a military simulation was usually in a similar way to the organisation they were attacking. While it might win the game this approach isn't very useful when trying to understand the enemy, which is the point of playing the wargame / simulation in the first place. Tim Price pointed to the use of experienced amateur wargamers as a solution to this, players who've spent a great deal of time looking for winning strategies outside of the "rules", players who have little regard for any artificial constraints to victory.

However I put forward that Tim is correct only up to a point, and considering his experience this wasn't a decision I made lightly. Partly serious wargamers are ideally suited to this situation, people who are used to adversarial situations and everything that goes with them, from the importance of a reserve force to the necessity and value of logistics. Those serious wargamers are who you want, as Tim said, "they are programmed to seek winning strategies" However I think Tim omitted an equally valuable characteristic of the right kind of wargamer, which the members of Wargames Developments brings to mind... the wargamers needed must be more interested in understanding the game, they must be most interested in solving the puzzle the game represents, than in winning the game. For those wargamers representing the opponent, for those wargamers playing the red team, their overall aim needs to be to determine how to win this kind of game, rather than winning this particular incidence of it. They need to be a true OPFOR, the aim is not to win this game but to win all games against this opponent, and ideally to understand how this particular type of game can be won.

Now I'm only on the periphery of serious gaming, it's one of the career options I'm currently considering, but I was initially astounded that imitating the opponent isn't seen as best practice, and a diverse set of players and experts seen as a way to achieve that. To me it seems obviously non-sensical that putting forward the imitation of the enemy as the main pre-requisite is seen as some kind of underground or iconoclastic point of view. But then, taking a step back to consider the situation for a moment, there has been a similar discussion going on for some time in my field, the world of Penetration Testing. Penetration Testers are hired to attack a company's systems to look for security vulnerabilities, with the aim of illustrating and describing those security vulnerabilities before they're exploited by genuine attackers. However it's becoming increasingly clear that penetration testers tend to illustrate the security issues that penetration testers would exploit, those issues that are more intriguing to investigate or more exciting to describe, whereas a criminal hacker will pick on easy targets to make money; the opponents penetration testers are meant to be representing don't have time to play with puzzles, they are not looking for stories to tell - they have a job to do and money to make.

( If you're interested, this slide deck from a recent presentation at the RSA Conference is a good summary of the arguments: )

So if Serious Gaming doesn't get this, and neither does Penetration Testing... neither industry being notably short of smart people... does anyone have what I believe is the right point of view? In my experience the best example came from one of my other interests, American Football. To over-simplify there are two sets of players on a team: Offense - who play when you have the ball, and Defense - who play when the opponents have the ball. Team rosters are huge, partly due to how common injuries are in the game, therefore there are definitely "starters" on Offense and Defense, backed up by "second string" and "third string" players. Due to the wide variety of styles of play in the sport, the starters need to practice against the specific playing style of the opponent they'll face that week, and this is where the "scout team" comes in. The scout team consists of the second and third string players on your team imitating the style and plays of that week's upcoming opponent, for the benefit of the starters. As well as their ability to play the sport overall, scout team players are graded on their ability to imitate opponents, and this is what serious gaming needs.

I should stress, this is where players willing to be a "scout team" are required, rather than those with knowledge of all possible opponents or combat environments. And it is these "scout team" players that serious games need. They need open-minded wargamers who are more interested in winning the game than winning the battle the game represents, understanding the difference between the two is crucial.

Overall, it is those rare players capable of and willing to emulate an opponent that serious wargaming needs to make up a "scout team", which to me is taking the profession much more seriously that merely winning or losing whatever battle is being played. So while my angle was different to Tim Price's, my conclusion was the same... serious wargames need serious hobby wargamers.

Back to Mark Mateski's piece on operational code. As I say, there's a comprehensive set of questions in that article, but after that Mark appears to hit something of a block. He suggests a couple of techniques for helping the red team work under that operational code, but these are quite general and designed to suit every situation.

Sticking to the imagined scenario of my original piece, looking at serious games, expected to be an exercise of a few days, and military in nature and therefore directly confrontational, I see two useful ways to turn the answers from Mark's 37 questions directly into something a red team can use:

Firstly - "trait cards". Each of Mark Mateski's questions should elicit several statements on the operational code of the opponent that the red team is looking to emulate, anything from "use deception whenever possible" to "prefer indirect over direct fire" or "sacrifice soldiers rather than ground" and so on. Eachanswer to those 37 questions should be distilled into a trait and written on a card, and assigned a number of points by the red team in conjunction with the experts being used to provide information on the operational code of the opponent. Whenever the red team carries out an action during the engagement, and I'm thinking of a wargame with something of a turn-based structure when actions are put forward by player teams and resolved by a combination of the wargame's system and its umpires, the red team can play appropriate trait cards in order to score points. Therefore the more successfully the red team emulates the opponent by following the cards, the more points they'll score.

This is a version of the idea from roleplaying games of "XP", or experience points, that I referred to in my original tweet displayed above. Expereince points are awarded by the person running the game, usually a GamesMaster ( GM ), in return for completing objectives, but most importantly in this context, they are also awarded for successful roleplaying, for a player acting in the same way that the character they are playing as would act. These trait cards would formalise that role-play aspect, and enable to red teamers to judge what kind of action they should take to emulate the opponent.

Secondly - a CARVER matrix based on the perceived operational code of the opponent. A CARVER matrix, to quote directly from Wikipedia, "was developed by the United States special operations forces during the Vietnam War. CARVER is an acronym that stands for Criticality, Accessibility, Recuperability, Vulnerability, Effect and Recognizability and is a system to identify and rank specific targets so that attack resources can be efficiently used. CARVER was developed in WWII by the OSS for the French field agents as a simple, uniformly and somewhat quantifiable means of selecting targets for possible interdiction. CARVER can be used from an offensive (what to attack) or defensive (what to protect) perspective." This matrix could show the value, to the red team, of destroying different assets being operated by the blue team. Therefore the red team can now prioritise goals through the CARVER matrix, and choose which actions to use to reach those goals through which trait cards they can play.

This method is relatively simple, and stops the red team trying to win the game... it's now intuitive for them to act with a single objective in mind: accumulating points. This gives the red team a method to turn the answers to Mateski's 37 questions into actions, and gives the blue team in the wargame a version of the opponent that is in some way following the real world opponent's operational code.

As with all attempts at gamifying a process in order to improve adherence to it, there will be a gap between the actual operational code of the opponent and how that is portrayed by the red team in the wargame. Turning a vague statement that the enemy will employ deception whenever possible depending on available time and resources into a card stating "employ deception in an attack, score five points" means assigning complex decisions a value on a linear scale, but I think what you would lose in complexity you gain in focus.

And if the trait card points or CARVER matrix turn out to be wildly incorrect, to the extent that the red team aren't emulating the opponent in the wargame, then just change the values. Red teamers, especially the leaders, and especially if they have ready access to experts on how the opponent being emulated thinks, should be able to spot when the numerical model has too great a gap from the perceived operational code of the opponent, or the actual operational code of the opponent, to be useful; and therefore they will modified the scoring on the cards and in the matrix.

Unfortunately I've yet to have an opportunity to practice this idea, but I see this as the way to turn the perception of an operational code into an actionable set of ideas that a red team can use during an exercise, and therefore this will effectively guide the red team into achieving their true aim: emulating the opponent. Also it gives wargamers, acting as a red team, a way to naturally and intuitively play a wargame in a way that is of use to the blue team, while naturally and intuitively using their desire to win.

And one last thought, considering the expected competitive nature of red teamers... have two red teams in play, neither knows the constituents or deliberations of the other team, just what actions they've taken and how many points they've scored.

Tuesday 17 May 2016

"although it's unpleasant, you do want to have nay saying voices involved in any sort of decision that you make"

As a former penetration tester, and sporadic wargamer, I am completely sold on the "red team" concept. For those of you not familiar with the area, I'd describe it as "having someone or something with an adversarial mindset examine your nascent idea or project or hypothesis for flaws from the point of view of sentient opposition, and also to extrapolate the second and third order effects from the implementation of that idea". I am still surprised at how rare this point of view is, although I realise that I might be preaching to the converted.

I'm still working on having the kind of reputation where you can now quote me to your managers and get the resource for the Red Team Department you want to set up... but if I can't help, how about Professor David Dunning? David Dunning is "Professor of Psychology at Cornell University. As an experimental social psychologist, Dr. Dunning is a fellow of both the American Psychological Society and the American Psychological Association. " His full details are here: , he's most well known for his work on the Dunning-Krueger Effect. I had the pleasure recently of listening to him being interviewed for the "You're Not So Smart" podcast, this was episode 72: - it's well worth your time, and these are a couple of particularly useful quotes:

"There are some helpful points that psychology suggests in order to avoid overconfidence that leads you over the cliff, if you will. The first is that, although it's unpleasant, you do want to have nay saying voices involved in any sort of decision that you make. That is, you want someone to play devil's advocate. Basically to poke holes in what the group or the institution might be thinking about what it wants to do. The reason for that is, having a devil's advocate can help the organization spot when it's being overconfident. Or, sometimes just improve the decision that the institution’s going to do. So you want that."

"Having a devil’s advocate is unpleasant ... but what it does do is it does insulate you against unknown incompetence. And you just know that it’s going to show up sooner or later, you just don’t know where. So you might as well just have these policies that help you address the problems that you can’t anticipatewhen they finally rear up and try to bite you."

Episode 72 was a re-broadcast of episode 36, and these quotes are taken from the transcript of episode 36 of the "You Are Not So Smart: A Celebration of Self Delusion" podcast with some minor editing for clarity. The transcript is here:

Monday 2 May 2016

Books I have read recently that you should read too.

Of course I was planning to go into slightly more depth for each one, but then they sat in a "to do" pile for several months:

Can't Be Arsed: 101 Things Not To Do Before You Die - Richard Wilson; the description from the inside flap tells you all you need to know: "who cares about swimming with dolphins, walking the Great Wall of China or bungee jumping in New Zealand, when there's an armchair to sit in and windows to stare out of?"

Horrorstor - Grady Hendrix: I never really read horror before, and it's not a genre I usually like... but this was a particularly well written book. You will never look at IKEA in the same way again.

In the Land of Invented Languages: Adventures in Linguistic Creativity, Madness, and Genius - Arika Okrent - this tackles some intriguing issues around language, i.e. the Sapir-Whorf Hypothesis, while also taking a tour with the kind of people who try to establish their own language. If you're intrigued rather than bemused by Esperanto and Emojis, this is the book for you. ( Warning, contains no emojis, but do see the chapters on Blisssymbols )

Moonwalking with Einstein: The Art and Science of Remembering Everything - Joshua Foer; a well written and entertaining summary of the author's journey to competing in the US Memory Championships. Some interesting points about memory are made, especially so now we're offloading so much of our own memory to smart devices; and I realise it's a cliché, but he meets some genuinely interesting characters along the way.

The Great Casino Heist - Richard Marcus; if you're interested in some of the technical detail behind committing fraud against casinos, but also want an entertaining read, this is recommended. Particularly interesting in that the techniques are relatively simple, and obvious in retrospect, it all comes down to execution, practice and confidence... and the kind of people capable of all three.

V for Vendetta, and The Watchmen, both by Alan Moore - I haven't read comics since reading 2000 AD many years ago, but I really enjoyed these. Maybe my reading skills have been blunted by all the interactive entertainment I now have access to, but sometimes I struggle to get into a book late at night - graphic novels might be an intermediate step where some of the imagination required is done for me right there on the page.

Why legal firms should consider moving to the Cloud.

A few days ago @munin highlighted a critical issue with Office365 and SAML assertions, and suggested that this is why high-stakes data shouldn't be in the Cloud. The tweets are here:

Credit for discovery of the vulnerability goes to Ioannis Kakavas and Klemen Bratec, their write-up is cross-posted on their blogs:

In response to this issue being disclosed @munin asserted that this is why "high-stakes data" shouldn't be in the Cloud.

Now I see where @munin is coming from, I was, and to some point still am, a fan of on-premises data storage rather than it being out there on the Internet somewhere. However information security is so difficult, the required protective infrastructure is so expensive, and skilled people are so hard to find, that using Cloud services in order to obtain the required infrastructure and skills is the way to go. There are many, many reasons, but I think these are the big ones:

1 Law firms are notoriously reticent to spend on information security, and arguably it's not economically viable for them to obtain security of the level used on Office 365. I state this from personal experience, not just the fallout from the recent Mossack Fonseca breach. Thankfully this was recently discussed on the invaluable Risky Business podcast, episode 407 - - head 35 minutes in if you're short of time, but otherwise the whole podcast is worth listening to. Anyway, HD Moore stated:

"if you look into legal services ... any industry where you've got a lot of high paid professionals that are not IT, the IT aspects of the security side of the business generally gets neglected; they just don't value the IT people, the security people, as much as they should. So that's one of the reasons you see a lot of wide open law firms..." ( edited slightly for clarity )

2 Munin's statement that "Because diversity in setups prevents large-scale attacks from working" is wrong. Theoretically this is incorrect, diverse but equally poor or out-dated setups, through the prevalence of easy to use tools such as MetaSploit, or the almost universal success of repeatable tactics such as phishing, mean that diversity is not of use here. Practically I think the sheer number of successful attacks, and the results from published Breach Investigation Reports, show that either through the large number of attackers, the low security of targets, or both, mean that facing new infrastructure isn't slowing anyone down. This is mainly due to the right skills being hard to find. Again, the timing of Risky Business was fortunate, as Space Rogue ( Chris Thomas, Strategist for Tenable Network Security ) said later on in that episode: "it comes down to people ... security people are hard to come by, they cost a fortune, and if you want decent security you need someone who knows what they're doing".

3 This disclosure was rewarded because of Microsoft's bug bounty programme... I assert that it's far less likely for a law firm to run such a programme.

4 Using this specific issue as an example, it was fixed in seven hours, I can't imagine a Law Firm's IT department being capable of achieving anything near to that.

Overall, if putting high-stakes data in the Cloud isn't the "best way" it is the "least worst". Wanting to keep to high-stakes data out of the Cloud is understandable, but particularly in the case of law firms, it's a little like saying its safer to keep your life savings under your mattress rather than in a bank: yes, you're not part of a big and attractive target, but your security is going to be much, much worse.

Footnote - of course, you need the right Cloud service... as pointed out on Risky Business 407, Mossack Fonseca are selling their own secure cloud document service:

Saturday 9 April 2016

Do the Seahawks need a good offensive line?

There's been a lot of consternation over the apparent lack of talent on the Seahawks Offensive Line. For example this article states it "may just be the worst position group in the entire NFL".

But, as squeaky as their playoff games were, the Seattle Seahawks were one score away from taking their Divisional playoff game into overtime, and did go 10-6 for the season; whereas the offensive lines I hear the most compliments about are the Browns and the Cowboys, who went 3-13 and 4-12 respectively.

So, do offensive lines matter? It's interesting to compare the 32 NFL team's successes against the quality of their offensive line and see if there's a match. I'm taking the quality of the offensive lines in the 2015 season from Pro Football Focus's rankings at the end of the season here: ; and my analysis... well, my quick look at some stats... is inspired by Shell Kapadia's article on ESPN: .

So, comparing offensive line rank to the most important statistic first, did the team make the playoffs or not?

Rank Team Playoffs?
1 Dallas Cowboys yes
2 Carolina Panthers yes
3 New Orleans Saints yes
4 Atlanta Falcons yes
5 Cleveland Browns yes
6 Oakland Raiders yes
7 Green Bay Packers yes
8 Cincinnati Bengals yes
9 Buffalo Bills yes
10 Pittsburgh Steelers yes
11 Washington Redskins yes
12 Philadelphia Eagles yes
13 Baltimore Ravens yes
14 Minnesota Vikings yes
15 Indianapolis Colts yes
16 Chicago Bears yes
17 Arizona Cardinals yes
18 Houston Texans yes
19 Jacksonville Jaguars yes
20 New York Giants yes
20 Denver Broncos yes
22 Kansas City Chiefs yes
23 Tampa Bay Buccaneers yes
24 Detroit Lions yes
25 New England Patriots yes
26 New York Jets yes
27 San Francisco 49ers yes
28 St Louis Rams yes
29 Tennessee Titans yes
30 Seattle Seahawks yes
31 Miami Dolphins yes
32 San Diego Chargers yes

So, apart from showing that tables are hard.... there is a pretty even spread of playoff teams across all levels of offensive line play quality.

How about teams versus wins? The X axis below is decreasing in offensive line rank from left to right, so you'd expect a general trend of wins to go down from left to right...


Same again, I see no trend by wins.

But how about a more realistic rating of how good a team is than wins, FootballOutsiders' offensive DVOA ranking? Lower numbers are a higher rank.


Again, all over the place.

Originally I planned some kind of scatter graph with team or helmet logos, but that's not something I can put together in a reasonable amount of time. So while it's something I've thrown together using online resources, and arguably some of the the axis should have been the other way around... I think the complete lack of any trend shows something. Especially as the offensive line is about half of one side of the team, and key to every play, I think the results are a little surprising; maybe of all the positions for the offensive line their team play is more important that a collection of individual statistics?

And maybe, in relation to the Seahawks, it shows that a philosophy of having an Offensive Line that is just good enough, rather than exemplary, especially considering the apparent lack of talent at the position, is the way to go?

Monday 21 March 2016

Prototype 2

You've somehow stumbled across this blog post because you want to know if Prototype 2 is worth playing. I played it on the Xbox360 and really enjoyed it.

This summary of the game pretty much tells you what you'll be doing:

"Tear your way through the quarantined streets of Manhattan, crushing tanks and ripping apart horrific mutants, with awesome super-mutant powers of your own. You are Sgt James Heller, a soldier and grieving husband, taking down everyone responsible for the murder of your family, and have your revenge!"

If you're wondering whether to spend the £16 or so on Xbox Live to download it, or pick up a second hand copy from somewhere like CEX for £4 the game will suit you if you want:

  • An offline game, no connectivity is required, there's no multi-player options. I think some of the "RADNet" functionality will have gone away if you're offline or buying this game so late that it's been removed from Xbox Live servers, but all you'll be missing are some side quests that mainly involve running across rooftops or throwing barrels into incinerators.
  • A game where you don't have to think that hard... as you can see from the summary above, contrary to my last game, Remember Me, in this case you're definitely in the "I'm a gruff male, and I need to avenge the loss of someone or something by killing everything in range" zone.
  • Hilariously over the top and indiscriminate combat - it would have been interesting to have a penalty for injuring or killing the citizens you're apparently there to protect, but due to the auto-aiming combat system and area effect of the weapons you'll obtain you'll find yourself shredding anything that gets in-between you and your target... whether you want to or not. At the start of the game those civilians will be bystanders you try to avoid, by one hour in they're just wandering health packs.
  • A game that isn't that difficult. I think I'm of about average ability for a video game player, and this game was only slightly challenging on Normal level.

In order to play it you will need:

  • At least 20 hours of time according to, I'm sure I took longer, maybe 30 or 40.
  • No squick about blood or tendrils, there is a lot of cutting people apart in this game, or literally pulling them to pieces; and you obtain information from adversaries by literally consuming and absorbing them.
  • An acceptance of "game logic", you can evade helicopters chasing you by running around a corner and switching to a different identity, you gain powers by collecting things because that's what happens in video games, there are boss fights because there are always boss fights.
  • No extra cash, the DLC is all essentially optional as far as I could tell.

Saturday 12 March 2016

Does the Samsung EDD-S20HWE mobile phone dock work with a Samsung Galaxy Mega's MHL output over cables that claim to carry MHL, even the decent cables from StarTech that have 11 pins rather than 5?


Sunday 28 February 2016

"The Deactivation of the American Worker"

"The Deactivation of the American Worker - From factories to cubicles to open offices to Slack channels" , a very well put article on the rise of "the new feudalism" in the workplace, and the changing nature of work, can be found here.

For readers with time: it's about a ten minute read, and is a nice summary of what seems to be the current state of play.

For cyber security readers: this emphasises how important IDAM is, with so many more employees being mainly online, and defined and controlled by their access to online resources, getting IDAM right becomes increasingly important when you need to hire or fire people rapidly without error.

For "time poor" people who just want a quick hit and struggled to skim this far down the post: the article uses the word "perma-terror", which is a great kentucky word.

I wrote another blog

Well actually, I didn't, it just feels like it.

This really hit home - ; it's a quick coffee break sized read, and if this covers your views on procrastination or commitment: "This is the fear that I suspect might be the most toxic fear of all:What about my freedom? What if I want to do something else later? What if I change my mind?" then you'll enjoy it, you might even get that wonderful "how did you get into my head?!?!" feeling.

I haven't felt quite like this for a while, the last time was reading Daniel Miessler's blogs on Free Will, I think is the one that really made me envious that a half-formed idea from my head was put so well, and so succinctly.

And yes, I know, but trackbacks, how do they work?

Monday 4 January 2016

Florence Mussolini

I like memes.

In a Facebook thread a little while ago a FOAF suggested quotes attributed to Florence Nightingale, but which were actually by Benito Mussolini. This was amusing, but it turns out the alternative works much better...





Thursday 31 December 2015

Not A Good Day To Die Hard

"A Good Day To Die Hard" is the fifth instalment in the Die Hard series of films, an engaging set of action packed movies, so should you watch this one?

TL;DR - no, don't watch this film.

If you're after a good film - it just isn't. There's no real suspense, the characters aren't engaging, the actors are capable of much better performances, and the interesting twist isn't enough to save it... and for an action film, the action is disappointing.Check out IMDB and Rotten Tomatoes for similar but more comprehensive reviews.

If you're after a mindless action film - don't watch this, the actions sequences are somehow boring... there's armoured personnel carriers barrelling through the streets of Moscow, there's helicopters on fire, and I didn't care. Maybe it needs a large screen and surround sound, but the dramatic events just didn't engage me, and there's a lot of "but that wouldn't happen", "why is that character doing that?", "why has there been no police response at all", and "maybe we should just fast forward through this bit".

If you're after a "good bad" film - I will blog more about these in future, as myself and a few friends are fans of "so bad they're good" films... but this film isn't in that class, it isn't that kind of bad; it's just perplexing and confusing.

The only reason to watch this film for me - so I could watch the "Everything Wrong With" episode afterwards -

Monday 21 December 2015

Remember Me

You've somehow stumbled across this blog post because you want to know if Remember Me is worth playing. I played it on the Xbox360 and really enjoyed it.

If you want a spoilerific summary there's this, or keep this in mind as something to watch after you've completed the game:

Otherwise there's a nice summary of reviews at Wikipedia: ; or the description on the XboX website is: "Break into people’s minds and steal memories" ...

Neo-Paris. 2084. Personal memories can now be digitised, bought, sold and traded. The last remnants of privacy and intimacy have been swept away in what appears to be a logical progression of the explosive growth of social networks at the beginning of the 21st century. The citizens themselves have accepted this surveillance society in exchange for the comfort only smart technology can provide. This memory economy gives immense power over society to just a handful of people.

Remember Me™ is a 3rd person action adventure where players take on the role of Nilin, a former elite memory hunter with the ability to break into people’s minds and steal or even alter their memories.

If you're wondering whether to spend the £19.99 on Xbox to download it... bear in mind that the game will suit you if you want:

  • An offline game, no connectivity is required, there's no multi-player options.
  • A different kind of protagonist and therefore a different drive for the story. It's enjoyable to have the reason behind your actions in the game be something different from "I'm a gruff male, and I need to avenge the loss of someone or something by killing everything in range".
  • Scenery that looks good. Even on my Xbox360 I sometimes just stopped to look around.
  • A relaxing time - apart from some difficult fights, a lot of time you are progressing through what is essentially an interactive movie. While there is a lot of leaping around to do, it just involves directing the main character, Nilin, to the correct location and pressing the jump button, rather than having any specific aiming or timing requirements for the leap; so it's engaging rather than taxing.

In order to play it you will need:

  • About 8 to 16 hours of time according to reviews on line, most notably this site . I'm an averagely skilled player, and while the game doesn't tell me how long I played it for, I'm pretty sure it was over 16 hours.
  • Some suspension of disbelief, the AI can be ropey and predictable, the "hit people to regain health" idea doesn't survive scrutiny... but it's just a game, to me the world was so well built I found it easy to go with the flow rather than be thrown out of the game by a "fridge moment".
  • Patience for some of the boss fights. I mostly found them challenging rather than insurmountable, although a couple were in the "I'll try again tomorrow" class; and there's plenty of advice online on how to defeat particular opponents.
  • No extra cash, the DLC is all essentially optional as far as I could tell.

Sunday 13 December 2015

The Message podcast

The best description of this podcast is from its website on

The Message is a new podcast following the weekly reports and interviews from Nicky Tomalin, who is covering the decoding of a message from outer space received 70 years ago. Over the course of 8 episodes we get an inside ear on how a top team of cryptologists attempt to decipher, decode, and understand the alien message.

Each week she’ll bring you the latest chapter, so it’s important to listen in starting with Episode 1.

The Message is a co-production between Panoply and GE Podcast Theater, unlocking the secrets of healing with sound technology.

I'd be surprised if it's not quite different to what you usually listen to, whoever you are, so it's recommended if you want a break - my subscriptions are mostly around information security, with the occasional Radio 4 comedy and sports podcast thrown in, and quite a lot of Nerdist interviews... this was definitely a change of pace.

To listen to them all you'll need just under two hours and probably a mild suspension of disbelief as I'm not sure about some of the science on radio and audio and biology; but I'd be interested to hear thoughts from anyone knowledgeable in that area.

I loved it, I found it really gripping and interesting, especially in a "what would I do in that situation?" kind of way, which to me is always the sign of an involving drama. It's very much whatever the podcast equivalent is to a "page turner", so maybe save it for a long flight or similar where you need to lose two hours all in one go ...

Tuesday 10 March 2015

Premier billet

Je suis le premier billet. Modifiez moi.

page 2 of 2 -