Companies like InfinaDeck make the headlines in tech news from time to time, normally following the release of a shiny new machine that adds physical phenomena (such as haptics or walking) to existing VR experiences. This approach is great, and likely the direction that VR experiences are headed in the future, but mainly because users of the technology don't have existing infrastructure that can be adapted for VR.
But what if you do already have a £12 million set of actuators? The Galactica ride at Alton Towers is a virtual reality roller coaster, where riders traverse the 2,700ft track whilst wearing VR headsets. This results in a roller coaster that's unlike any other. The ride is themed as a spaceship flight which uses wormholes (totally not modelled as stargates) to visit several different planets millions of light years away.
I really enjoyed my trip on Galactica, but it did highlight some amusing problems that arise when you take the VR to the physical simulator, instead of the other way around. Samsung VR headsets, for instance, were not designed to offer the buttery smooth response times that are required when the headset itself (as opposed to the in-game camera) is moving at 75km/h. Similar problems arise with the headset straps, which struggle to keep the goggles in place when users hit 3.5g during the ride's loops and turns.
Still, these are necessary evils when fitting a roller coaster with VR, without designing an entirely new bespoke (and therefore hella expensive) system from scratch. But even with better technology in the headsets, the on-rails nature of the roller coaster really limits the type of experiences you can create with it.
What I would be interested to see done, is a VR coaster experience designed around fear. The singular most terrifying experience I've had in VR was when I hacked Mirror's Edge to use the Oculus Rift. During a mission I mistimed a jump and fell off the side of a skyscraper. On the way down, with the ground rushing up to meet me, and the wind whistling by my ears, I felt something akin to true fear. The whole concept of the roller coasters centres around this type of experience (and exploiting these kinds of fears), so here's to hoping that one day we get a ride that targets specific fears, like the fear of falling.
(as an aside, am I the only one who found it really weird having wind blowing in my face whilst I was ostensibly in space?)
07/02/2018
Capture the Flag: A Primer
Note: this article was written in June 2017
It's true that cyber security related courses and certifications are becoming more popular. But it will take a long time to build and develop a workforce of the size that is needed, both globally and in the UK. For less experienced employers the broadness of the field and lack of universal certifications can make it difficult to get what they want. That these certifications are practical in nature undoubtedly increases their appeal to organisations, but very few of them reflect the adversarial nature of the security game in reality. Static questions, like those you'll find on the CIISP exam, won't adapt and fight back. A real attacker will.
So with a number of years before the industry slows its growth and begins to mature, and a disconnect between the nature of certifications and reality, what's the best way for employers to fill the security related positions they have now?
Perhaps better thought of as competitive security, challenges require a combination of problem solving and technical prowess to solve. Competitions vary from groups attacking and defending infrastructure to individuals solving small puzzles. Any topic is fair game: cryptography, forensics and reverse engineering are favourites, but it's not unknown to see participants tackling phishing emails or physical locks. Knowing how to use the industry standard tools required to solve these problems is a valuable skill in itself. Hands-on experience cements good practice - you can be told WEP secured networks are bad, but breaking one in 5 minutes with Aircrack really drives it home.
CTFs thrive because they focus on the thrill of solving problems, which means that there's plenty of discussion about solutions. This environment fosters learning and collaboration, with newcomers being encouraged to grow rather than being put off due to inexperience. And it's easy to forget that while these skills are obviously applicable to a career in cyber security, knowing how the bad guys get in is beneficial for developers, managers, and other IT roles as well.
In this way, the downtime between competition rounds acts like an informal interview process - sponsors are able to see how candidates work and highlight their own offerings, while students are given the opportunity to ask questions about life in the industry. It represents a low-cost, high-impact way to engage with students who may miss schemes buried in the usual deluge of marketing material given to soon-to-be graduates.
On the international stage, the Atlantic Council runs a yearly cyber security policy competition - Cyber 9/12. Taking place in Geneva, Washington, and Sydney, it simulates the day after a cyber crisis. Participants are given a briefing from which they must develop policy options that are judged by a panel of diplomats, industry practitioners, and military personnel. The real-world application is clear - this year's scenario depicted ransomware attacks on hospitals and public transport a month before the NHS and Deutsche Bahn fell victim to the Wannacry attack.
For companies, being part of CTF events (either alone or in collaboration) presents a golden opportunity for recruitment, PR, and outreach. Active involvement in hands-on cyber security events can also sharpen your own technicians' skills, drawing on their experiences to craft devious challenges. And for students? It's certainly more exciting than the traditional interview process.
A lack of skills
For a number of years technology firms have been complaining about facing problems hiring enough security staff. The Financial Times reports a similar story - on average cyber security jobs are harder to fill than other roles, something which is only going to get worse as demand for experts grows faster than supply. According to industry association ISC squared two thirds of UK companies do not have enough information security personnel to meet their needs, with the global shortfall in cyber security experts predicted to rise to over 1.8 million by 2022 . As events like the recent WannaCry attack continue to raise the profile of cyber security in the public consciousness, an increasing number of businesses are going to find themselves facing a problem without a solution.It's true that cyber security related courses and certifications are becoming more popular. But it will take a long time to build and develop a workforce of the size that is needed, both globally and in the UK. For less experienced employers the broadness of the field and lack of universal certifications can make it difficult to get what they want. That these certifications are practical in nature undoubtedly increases their appeal to organisations, but very few of them reflect the adversarial nature of the security game in reality. Static questions, like those you'll find on the CIISP exam, won't adapt and fight back. A real attacker will.
So with a number of years before the industry slows its growth and begins to mature, and a disconnect between the nature of certifications and reality, what's the best way for employers to fill the security related positions they have now?
Introducing Capture the Flag
Penetration testing, offensive security, ethical hacking - all terms you've doubtless heard before. Capture the Flag (CTF) may not be, but it takes the above and moves away from a production setting while adding a competitive spin. The CTF scene has taken off in the UK over the past few years: across the country hundreds of students regularly get together to take part in cyber security themed competitions, with Cyber Security Challenge UK (CSCUK) coordinating the majority of the nation's events. The online community is even larger; international events take place every week, open to both teams and individuals (see ctftime.org).Perhaps better thought of as competitive security, challenges require a combination of problem solving and technical prowess to solve. Competitions vary from groups attacking and defending infrastructure to individuals solving small puzzles. Any topic is fair game: cryptography, forensics and reverse engineering are favourites, but it's not unknown to see participants tackling phishing emails or physical locks. Knowing how to use the industry standard tools required to solve these problems is a valuable skill in itself. Hands-on experience cements good practice - you can be told WEP secured networks are bad, but breaking one in 5 minutes with Aircrack really drives it home.
CTFs thrive because they focus on the thrill of solving problems, which means that there's plenty of discussion about solutions. This environment fosters learning and collaboration, with newcomers being encouraged to grow rather than being put off due to inexperience. And it's easy to forget that while these skills are obviously applicable to a career in cyber security, knowing how the bad guys get in is beneficial for developers, managers, and other IT roles as well.
The New Infosec Interview
CTFs represent a unique opportunity for employers to directly connect with the best and the brightest when it comes to cyber security skills. As the introduction to this article suggests, the benefits of competitive security are not limited to those competing. Many companies are already waking up to the opportunity; CSCUK alone has 35 sponsors and 41 affiliates. Because participants attend events out of a passion for computer security, many are actively looking for jobs or internships and are only too happy to be approached by employers looking for talent.In this way, the downtime between competition rounds acts like an informal interview process - sponsors are able to see how candidates work and highlight their own offerings, while students are given the opportunity to ask questions about life in the industry. It represents a low-cost, high-impact way to engage with students who may miss schemes buried in the usual deluge of marketing material given to soon-to-be graduates.
Beyond Technical Skills
One would be forgiven for thinking that CTFs are focused solely on technical knowledge. While there are rewards for the most technically adept, competition organisers are looking for more than just hard skills. Students advancing to the CSCUK Face to Face (F2F) events must show maturity and leadership. These events have a dress code and the atmosphere is more of professionals at work than hooded teenagers staring at screens in their bedrooms.On the international stage, the Atlantic Council runs a yearly cyber security policy competition - Cyber 9/12. Taking place in Geneva, Washington, and Sydney, it simulates the day after a cyber crisis. Participants are given a briefing from which they must develop policy options that are judged by a panel of diplomats, industry practitioners, and military personnel. The real-world application is clear - this year's scenario depicted ransomware attacks on hospitals and public transport a month before the NHS and Deutsche Bahn fell victim to the Wannacry attack.
In Summary
All indications point to the continued growth of the competitive security scene. Students are seeing cyber security as an increasingly accessible and fulfilling career path. Changes to the national curriculum also promise to engage upcoming generations with computing.For companies, being part of CTF events (either alone or in collaboration) presents a golden opportunity for recruitment, PR, and outreach. Active involvement in hands-on cyber security events can also sharpen your own technicians' skills, drawing on their experiences to craft devious challenges. And for students? It's certainly more exciting than the traditional interview process.
CTF Events: Where to Get Started
- CSCUK Face to Face: Taking place four times a year, F2F events pit the best players from CSCUK's online games against fiendish scenarios devised by cyber security organisations. Those impressing the judges are invited onto a prestigious yearly `Masterclass' event, and are open to anyone 16 or over not currently employed in a cyber security role. See cybersecuritychallenge.org.uk/competitions for more information on all CSCUK events.
- CyberCenturion: For younger competitors CSCUK run the CyberCenturion program for teams aged 12-18. The battle lasts for three rounds, culminating in a national final.
- CyberGames: Aimed at schools, CyberGames is a one day event run by CSCUK similar to the face to face competitions mentioned above. In addition to engaging pupils it also offers resources and training to teachers.
- Inter-ACE: Students at any of the 13 universities identified as Academic Centres of Excellence in Cyber Security Research can enter this yearly event at the University of Cambridge. The university also runs the Cambridge to Cambridge contest in collaboration with MIT. See https://inter-ace.org and http://cambridge2cambridge.csail.mit.edu.
- Cyber 9/12: For those wanting a less technical focus the Atlantic Council runs Cyber 9/12, a two day event hosted at the Geneva Centre for Security Policy. Participants must develop policy solutions and pitch them to practitioners, diplomats, and NATO personnel. See http://www.atlanticcouncil.org/programs/brent-scowcroft-center/cyber-statecraft/cyber-9-12.
18/11/2017
Cyber Security Challenge UK Masterclass
This week saw the 7th CSC Masterclass take place at BT's headquarters in London, and I was luck enough to have earned a place amongst the finalists after the PGI face to Face earlier in the year.
The competition was headed up by BT, but the National Crime Agency had organised the first challenges for Sunday evening. We had been recruited by international shipping company Fast Freight Limited to gather evidence about a recent intrusion into the company's systems, allegedly by the ex-CISO John Smith.
We had a tip-off that an anonymous source had some dirt on Smith, so we headed out into the streets of London to make the exchange. While we were sitting on a park bench at the rendevouz point, a man came up to us and started asking for directions to St Pauls. While we were talking, he passed us a USB stick underneath the map he was holding. The game was on.
At this point the bad guys were on to us, and we had to try and escape our tail as we made our way across the city to meet another contact. Unfortunately for us, those surveilling us were NCA officers who were (surprise surprise) rather good at their jobs. We thought that we had done a good enough job, changing jackets, splitting up, and ducking down side streets, and yet they were still photographing us. Despite the fact that they never let us out of their sight, we had no real idea who had been assigned to follow us.
After collecting the information from the source we headed back towards the hotel where we were staying, we loitered around the Tower Hill monument for a while. Mid-skulk we were interrupted by a police officer who told us that there had been reports of people dealing drugs in the area. Uh oh. At this point the copper began to search us, and just as my brain arrived at the conclusion that something wasn't right I saw my teammate drop the USB stick into the offered evidence bag. At this point the "policeman" books it off into the night, never to be seen again...
The technical part of the competition wasn't anything special, but the other things around it were what made the event special. Airbus had set up a robot arm to represent the freight part of Fast Freight Ltd., and when we got hacked by the BT red team a klaxon proceeded to go off, followed by the robot arm demolishing our little shipping containers and dancing. Finally, on Tuesday afternoon we had compiled enough evidence relating to Mr Smith to take the fight from the forensics lab to the courtroom. BT had brought in a group of Barristers to make the whole scene come alive. This was great until they started to cross examine us, and like the surveillance officers they were rather good at their job!
Overall, the challenge was a lot of fun, due largely to the fact that they paid so much attention to the details around the technical core that every CTF has. From the clandestine romp around London to the Raspberry Pi we found glued to the underside of our team's table, at every turn we had to think like people who really were investigating an insider threat. And that, in the end, was what made the three days we spent in London something really special.
The competition was headed up by BT, but the National Crime Agency had organised the first challenges for Sunday evening. We had been recruited by international shipping company Fast Freight Limited to gather evidence about a recent intrusion into the company's systems, allegedly by the ex-CISO John Smith.
We had a tip-off that an anonymous source had some dirt on Smith, so we headed out into the streets of London to make the exchange. While we were sitting on a park bench at the rendevouz point, a man came up to us and started asking for directions to St Pauls. While we were talking, he passed us a USB stick underneath the map he was holding. The game was on.
At this point the bad guys were on to us, and we had to try and escape our tail as we made our way across the city to meet another contact. Unfortunately for us, those surveilling us were NCA officers who were (surprise surprise) rather good at their jobs. We thought that we had done a good enough job, changing jackets, splitting up, and ducking down side streets, and yet they were still photographing us. Despite the fact that they never let us out of their sight, we had no real idea who had been assigned to follow us.
The technical part of the competition wasn't anything special, but the other things around it were what made the event special. Airbus had set up a robot arm to represent the freight part of Fast Freight Ltd., and when we got hacked by the BT red team a klaxon proceeded to go off, followed by the robot arm demolishing our little shipping containers and dancing. Finally, on Tuesday afternoon we had compiled enough evidence relating to Mr Smith to take the fight from the forensics lab to the courtroom. BT had brought in a group of Barristers to make the whole scene come alive. This was great until they started to cross examine us, and like the surveillance officers they were rather good at their job!
Overall, the challenge was a lot of fun, due largely to the fact that they paid so much attention to the details around the technical core that every CTF has. From the clandestine romp around London to the Raspberry Pi we found glued to the underside of our team's table, at every turn we had to think like people who really were investigating an insider threat. And that, in the end, was what made the three days we spent in London something really special.
22/10/2017
A big MisCALculation
The theme for this week's CompSoc social was esolangs, which gave me the opportunity to do something that I've been meaning to do for a few years now: write a program in INTERCAL.
INTERCAL is designed on the basis that a person whose work is incomprehensible is held in high esteem. The sort of work where you're boss appears, asks what you are doing, and then nods slowly whilst going "uh huh".
So Toby and I set about making a program which would print out the CompSoc logo using Os and Xs:
OXOX
XXXO
OXOO
OXXO
Seems easy, right?
This is relevant because output characters can be thought of occupying the reverse of this tape. That is to say that that the output head (which is thankfully seperate from the input head) can only move to the left in descending order of charcter codes (so from Z back to A). The task of printing characters thus becomes the task of describing the movements of the output head along the tape.
This isn't too bad until you realise that because the output head moves from right to left, it reads the binary of the characters it encounters from most significant bit to least significant bit. If the head is moved to position 108, presumably because the user was attempting to print an 'l', the output head will read the binary representation of 'l' backwards. In this way 0110 1100 becomes 0011 0110, which is in fact '6'. As you might imagine, this quickly becomes confusing! Printing subsequent characters will need to take into account that the head is now starting from an offset of 108 instead of 0.
Each line of INTERCAL must start with either PLEASE, DO, or PLEASE DO. These can be used interchangably in order to improve program aesthetics. It is worth noting that a program which is too impolite will not compile. This line allocates the array that we are going to use to hold the program output, and assigns it a length of 20.
2. PLEASE DO ,1 SUB #1 <- #14
Set the first subindex (SUB) of the array to 14. This represents a shift of 14 places to the left of the zero starting index of the output tape, which is ASCII character 242 (256-14), which is 1111 0010 (‗). This is read as 0100 1111, which is character 79, which is the 'O' that we want. Be careful not to use PLEASE too liberally, as the compiler will refuse to compile any overly polite programs as it gets suspicious.
3. DO ,1 SUB #2 <- #216
The next character of the output needs to be X, which is charcter 0101 1000 (88). This means we need to move to character 0001 1010 (26), which is the substitute character (␚). Because the output head is already at character 242 the offset we need is thus 242-26 which is 216 (remember that we can only move the head to the left).
...
4. PLEASE READ OUT ,1
Next we have the program read out the contents of the array by making the output head follow the pattern we stored in the array.
5. PLEASE GIVE UP
Then the program gives up. At this point, I suggest you do too.
Check out the code on Github.
INTERCAL is designed on the basis that a person whose work is incomprehensible is held in high esteem. The sort of work where you're boss appears, asks what you are doing, and then nods slowly whilst going "uh huh".
So Toby and I set about making a program which would print out the CompSoc logo using Os and Xs:
OXOX
XXXO
OXOO
OXXO
Seems easy, right?
How printing in INTERCAL works
Intercal processes input on a cyclical tape that has one cell representing each of the 256 extended ASCII characters. The tape head begins at zero when the program starts, and can only move left.This is relevant because output characters can be thought of occupying the reverse of this tape. That is to say that that the output head (which is thankfully seperate from the input head) can only move to the left in descending order of charcter codes (so from Z back to A). The task of printing characters thus becomes the task of describing the movements of the output head along the tape.
This isn't too bad until you realise that because the output head moves from right to left, it reads the binary of the characters it encounters from most significant bit to least significant bit. If the head is moved to position 108, presumably because the user was attempting to print an 'l', the output head will read the binary representation of 'l' backwards. In this way 0110 1100 becomes 0011 0110, which is in fact '6'. As you might imagine, this quickly becomes confusing! Printing subsequent characters will need to take into account that the head is now starting from an offset of 108 instead of 0.
Annotated snippets
1. DO ,1 <- #20Each line of INTERCAL must start with either PLEASE, DO, or PLEASE DO. These can be used interchangably in order to improve program aesthetics. It is worth noting that a program which is too impolite will not compile. This line allocates the array that we are going to use to hold the program output, and assigns it a length of 20.
2. PLEASE DO ,1 SUB #1 <- #14
Set the first subindex (SUB) of the array to 14. This represents a shift of 14 places to the left of the zero starting index of the output tape, which is ASCII character 242 (256-14), which is 1111 0010 (‗). This is read as 0100 1111, which is character 79, which is the 'O' that we want. Be careful not to use PLEASE too liberally, as the compiler will refuse to compile any overly polite programs as it gets suspicious.
3. DO ,1 SUB #2 <- #216
The next character of the output needs to be X, which is charcter 0101 1000 (88). This means we need to move to character 0001 1010 (26), which is the substitute character (␚). Because the output head is already at character 242 the offset we need is thus 242-26 which is 216 (remember that we can only move the head to the left).
...
4. PLEASE READ OUT ,1
Next we have the program read out the contents of the array by making the output head follow the pattern we stored in the array.
5. PLEASE GIVE UP
Then the program gives up. At this point, I suggest you do too.
Check out the code on Github.
17/09/2017
Hellblade: Senua's Sacrifice
Hellblade: Senua's Sacrifice is a deeply unsettling exploration of psychosis, grief, and death. Self-published by Ninja Theory, who have previously released Devil May Cry, Enslaved, and Heavenly Sword, the game is part of a wider effort by the studio to champion "independent AAA" games.
Not played the game before? Here is my advice:
- Don't play unless you can play with headphones. They really make the game the experience that it is, and you can only experience it for the first time once.
- Make sure you aren't distracted while playing. At first I was being interrupted by pings and buzzes from my phone and the GOG overlay, and it really drags you out of the experience.
- Stop reading articles about Hellblade :P Seriously, the game will be better the less you know in advance.
With that said, here's the rest of the article :D
I. Visuals
The first thing that hits you when you start playing Hellblade is that this game is a looker. For reference, all of the pictures in this post are screenshots I took. Ninja theory evidently noticed this too, as the game comes with an in-depth photo mode that lets you pause the action and line up screenshots. The attention to detail on Senua is astonishing, and is backed up by an impressive performance by Melina Juergens (even though the script doesn't require her to exhibit a huge range).Senua's Sacrifice makes great use of filters layered over the top of the game. They take the already dark world and twist it into a true hellscape. The more intense sections of the story, such as escaping from the beast, are characterised by smothering overlays that lead to a disorienting sensory overload.
One thing that I did notice while I was playing Hellblade was that occasionally the animation would dip down into the uncanny valley. Particularly in the earlier sections of the game Senua's eyes would take on a distinctly inhuman look, but this is something that goes away as the story progresses. Occasionally I also had issues where the camera would clip through walls (particularly on spiral staircases), and the detailing on objects like torches is jarringly low-res. All little niggles, but they stand out when the other visual work is near perfect.
II. Audio
But to build the atmosphere required for a story such as Hellblade's, you need more than an environment that just looks oppressive. The game makes use of binaural audio to make it feel like the voices that haunt Senua's existence are in your head too (the furies). They accompany you throughout the game, and are fickle companions. Sure, sometimes they encourage you. They tell you that you're strong enough and that you can get through the trials ahead. But those same voices will quickly shift to messages of despair and hopelessness. More than a few times I started to second guess myself as I was trying to solve puzzles, the furies telling me that I was going the wrong way. That I was being too slow. That I couldn't see the obvious solution.
Ninja Theory have also done something really clever here to bring the uneasiness levels to something unlike any other game I've played. Everything from the soft pops of the whispering voices to the pitter-patter of rain and crackling of fire is an ASMR trigger. The reason why you feel like your spine is tingling in Hellblade is because it actually is. The game made my skin crawl in a way that was overwhelming at points, and makes the game draining and emotionally exhausting in a way that's rare for AAA action games. That and the flawless voice acting in this game really draws you in to the experience - the cast deserve credit for a job well done.
The game takes several opportunities to play with sensory deprivation. There is a section during the game where Senua is effectively blind, and has to use sound to navigate, and another where making noise is what attracts the attention of the monsters. These both work really well because of the tight audio, and are all the more fraught because you're only afforded hazy outlines of what's lurking in the dark. By forcing you to make use of previously ignored audio cues the game puts a new spin on familiar environments and mechanics.
The game takes several opportunities to play with sensory deprivation. There is a section during the game where Senua is effectively blind, and has to use sound to navigate, and another where making noise is what attracts the attention of the monsters. These both work really well because of the tight audio, and are all the more fraught because you're only afforded hazy outlines of what's lurking in the dark. By forcing you to make use of previously ignored audio cues the game puts a new spin on familiar environments and mechanics.
III. Gameplay
Gameplay falls broadly into two categories: combat and puzzle solving. The former feels a little out of place, not really serving any narrative purpose except to reinforce Senua's identity as a warrior. But it's what Ninja Theory are good at, and fights have a weight to them that is both very satisfying and somewhat grotesque. The focus mechanic helps to break things up during combat, and partners well with the adaptive difficulty to make sure that fighting feels fraught but not impossible. As an aside, I really like the idea of the game altering the difficulty level behind the scenes - much closer to Left 4 Dead's AI director than Modern Warfare's condescending prompts that suggest you're not part of the intended audience of the game.
Puzzle solving is centred around the fact that Senua sees the world differently, and is strongly tied in to the overarching narrative surrounding her psychosis. This was always going to be a tricky one to get right - make it too easy and it feels throwaway and token, but make it too hard and you risk drawing people out of the immersion as they traipse back and forth looking for an obscure clue. Overall I felt that the puzzles were pitched about right; the visual overlays and level design made it clear where you needed to be to progress, but stopped short of giving you any information on how to actually find a solution.
The gameplay also portrays a more nuanced view of Senua's physical capabilities. Unlike the protagonists of similar games she's strong but not bulky, and panics a little the first times she has to negotiate a high beam in a way that gave me a little bit of vertigo. Plus, when Senua is hurt in combat, this is reflected in the gameplay mechanics. She can't move as fast, and the player has to adapt how they play in order to beat what are more dangerous foes now that she can't dodge and parry at her usual pace.
The gameplay also portrays a more nuanced view of Senua's physical capabilities. Unlike the protagonists of similar games she's strong but not bulky, and panics a little the first times she has to negotiate a high beam in a way that gave me a little bit of vertigo. Plus, when Senua is hurt in combat, this is reflected in the gameplay mechanics. She can't move as fast, and the player has to adapt how they play in order to beat what are more dangerous foes now that she can't dodge and parry at her usual pace.
IV. Story
The story takes a while to become interesting. I guess this isn't so bad, as you spend the first few levels getting the hang of the mechanics and settling into the world, but it would have been nicer to have felt a bit more involved during the earlier sections. Put another way, I felt like was watching Senua's story for a while before I really began playing it. The shift probably occurs when the game stops recounting episodes from the past and begins focusing on the Senua of the present.
The second half of the game builds on the paranoia and uncertainty that Senua experiences as a result of events from her past. Characters and voices shift as the story progresses, leaving you in a world where what's true begins to stop mattering as you discover that real, physical threats make up the minority of the dangers you have to face. As mentioned above, Senua's condition is presented as something that makes her see the world differently, and forces you to capitalise on this in order to make progress. Having to rely on this hazy view of reality only feeds the sense of paranoia built by the narrative.
The second half of the game builds on the paranoia and uncertainty that Senua experiences as a result of events from her past. Characters and voices shift as the story progresses, leaving you in a world where what's true begins to stop mattering as you discover that real, physical threats make up the minority of the dangers you have to face. As mentioned above, Senua's condition is presented as something that makes her see the world differently, and forces you to capitalise on this in order to make progress. Having to rely on this hazy view of reality only feeds the sense of paranoia built by the narrative.
The game plays with this by telling you during the first few levels that every time you fail, the dark rot will spread up Senua's arm until eventually it will reach her head and consume her. The threat of permadeath hangs over you during the game and adds to the general anxiety induced by the atmosphere and the furies. But there is no permadeath. You become paranoid after believing something the game told you which isn't true. It's a startling way of getting players into Senua's mindset, and helps you to understand that what she's experiencing is real for her in a way that is hard to do for psychotic hallucinations where you know that something is imagined.
To wrap up, this game is something special (it reminds me a lot of Spec Ops: The Line in the way the story plays out). Easily one of the most unsettling experiences I've had in a while, and I hope that future horror experiences take note of the more novel techniques used in Hellblade. It's also really exciting to see a mainstream game tackle the portrayal of a mental health condition well. Senua's psychosis is not the sole thing that defines her: in her own words, she has other stories to tell.
28/04/2017
Cyber catastrophe - like a normal catastrophe, but with more cyber?
Last week I was in one of three Oxford teams which traveled to the Geneva Center for Security Policy last week to take part in a cyber policy competition against 21 other teams from around the world. Each team was sent an intelligence brief before the competition, from which they had to prepare a briefing outlining their policy suggestions to an assembled task force. The exercise was an attempt to simulate challenges that face decision makers during a crisis. The competition was tough, with colonels and diplomats heading up teams from military academies and schools of governance and policy. After seeing how seriously the other teams were, our own delegation (coached by the first professor we could grab on the afternoon of the deadline) seemed lackluster in comparison.
After each presentation, teams had to answer questions from the judges before being scored for the round. Two of our teams managed to rank high enough and made it through to the second round on day two, whilst the third was left to enjoy Geneva in the sunshine. While they were catching up on sleep, the advancing teams were given a new briefing at 20:00, asked to prepare a new presentation. The catch was that instead of having two weeks to prepare a new briefing, this time we had until 07:00 the next morning. Cue a long night trying to prepare a set of policy alternatives that would get us through to the final on Friday afternoon.
Unfortunately neither of the qualifying Oxford teams made it through to the final, which was eventually won by the home team from the Geneva Center for Security Policy. One thing that we we missing was a strong media strategy across the board. As one of the judges rightly pointed out - media isn't optional in a crisis situation. Secondly, teamwork is key; teams going into Cyber 9/12 that hadn't worked together before were at a serious disadvantage when the going got tough. Another strategy the winning teams employed was drawing a clear line between policies which considered the unfolding events a criminal incident, and those that escalated it to a matter of national security.
Overall the event was really insightful, and I'm glad I made the most of the opportunities I had around the presentations and keynotes to ask the assembled experts how best to become more involved in the policy sphere. We'll be back in Geneva next year for certain, and maybe then we can bring the trophy home to Oxford.
26/02/2017
Competitive Securiwhat?
Competitive Security - apparently that's a thing. Otherwise known as Capture the Flag (CTF), these events pit teams against each other in an attempt to compromise systems and solve challenges. After taking part in a few, here are some observations I've made.
1) Being comfortable with Linux is half the battle
The problems that you have to solve during a CTF will be hard, and the last thing you want interrupting your thought process is five minutes of fumbling while you try and remember how to compile something with GCC. This is something that comes with practice, so make sure you spend some time after each event going over the things that you were embarrassed you couldn't do! Using Linux on a daily or semi-regular basis is the best way to proactively build up these skills outside of competitions; you'll find that over time the number of non-standard tasks you need to do builds up until eventually you'll be navigating the command line with more confidence.
2) Competitions are not the place to learn new skills
They're great places to highlight the things you need to work on, and you will pick up tips and tricks, but it's unreasonable to expect to come away from an event knowing how to use a tool or technique that you didn't know when you arrived that morning. One way to mitigate this is to corner people you want to learn from during breaks or after the close of play. This way you can still make use of them as teachers without it getting in the way of what you're there for - the competition. As above, make a note of what you struggled with so you can get some practice before the next event, and don't start googling C++ hello world tutorials or asking the network guru about WiFi frequency bands when there are puzzles to solve.
3) The 10X factor
Excusing the slightly cheesy name given to it by a company I interned for, this refers to the idea that it's normally better to sacrifice some of your own productivity in order to keep your team working at full efficiency. Everyone in the team should be roughly aware of what each member is working on - if people are starting to drift, call a huddle or go around and get everyone up to speed. If you don't you'll just end up wasting effort when you forget to tell the network specialist that you also connected to the VPN and they end up spending half an hour defending your operation from this new adversary who's running Kali. Doubling up and working in pairs can help to reduce typos and silly gotchas, but more than two people round a keyboard can end up with the situation where everyone thinks someone else is paying attention.
I feel like there should be something here about having fun, but that's probably unnecessary...
Subscribe to:
Posts (Atom)