Dad of two; Java and web developer.
118 stories
·
0 followers

RPGS, Veblen, and Isms

1 Share
Go read Theory of Leisure Class, though it may depress you

Back when I was working on my masters, I had to take some PhD classes in econometrics. To do that I had to go to the economics department, fill out paperwork and ask them to let me into the classes (Since I wasn’t a PhD student, the department was rightly worried I might find the classes highly challenging. I did eek out a passing grade though.) While waiting to be seen, one of the professors walking by struck up a conversation with me. After about 5 minutes, he said to me (I paraphrase): “I like you. You should read Veblen’s Theory of the Leisure Class. You’re just the right type of weird to enjoy it.” Turns out he was the professor I was going to have daily 6 hour long classes with that summer. He was pretty weird himself, but in a good way.

Wanting to be more into economics than I really was, and wanting to impress the professor, I picked up a copy of the book. (by the way, it’s public domain and you can find it for free online if you care to read it. PDF EPUB and other formats). Published in 1899, it’s a bit of a slog full of unfamiliar words and archaic structure, but that professor was right, I was just the type of weird to enjoy it. Oddly enough, for an economic treatise written seventy years before the creation of role playing games, it provides an interesting lens to view them through and insights into the nature of them.

(Veblen can also be used to explain a lot of human behavior both on the personal and macro scale. As this is not a political site, I leave you to draw your own conclusions on that front. I’m 100% certain that you can find multiple sites on the topic elsewhere on the internet if you want to read up on it.)

Veblen’s main thesis is that despite the complaints of the economists of his day, and non-economists still today, human behavior is more or less rational despite appearances to the contrary. Of course, keep in mind that humans are notoriously bad at evaluating small short term vs larger long term gains, and are often self benefit driven, both a legacy from when life was nasty, brutish, and short.  To explain seeming lapses in rationality, Veblen explains the concept of agency and status and posits that all so called irrational behavior are attempts to gather one or the other:

  • Agency: Veblen’s concept of agency is related to but distinct from the commonly discussed gaming concept of player agency. It consists of two parts- the ability to take powerful actions which hold the appearance of consciousness (appearance of consciousness means things like powerful storms have agency even though we now know they’re not conscious) and the ability to impose your will on others with agency. Thus the farmer does not have agency, or has very little, because he imposes his will on plants, which do not have agency; but the hunter, shaman, and warrior do because they impose their will on beasts, storms, and other warriors. Note that how one imposes this will is irrelevant. The warrior who imposes his will through brute violence and the rogue who imposes his will through clever action both have equal agency.
    In your typical game, there is a ladder of agency. PCs, foes and important NPCs have agency, players and GM influence them with their agency, and above all of that, playing the part of the capricious whimsical gods are the dice which, much like the storms of our ancestors, seem to have a will all their own.
  • Status: Status is the acknowledgement, deference, and special treatment we give to those with greater agency. In early or brutal civilizations it’s not mouthing off to the warriors because if you do they might just run you through. In more abstract examples, it’s not mouthing off to the king because even though you’re pretty sure you could take him in a fight, his soldiers will run you through and his bureaucrats will see to it that your taxes are doubled.

Veblen explains that the primary way of gathering agency is the heroic exploit, and that the primary currency used is courage and cunning. Enter the typical archetype of the warrior, hunter, and trickster. But over time he argues it becomes more difficult to show off just how heroic you are. Trophies and treasure gained in exploit can only take you so far. Enter two more ways to show how much agency you have: conspicuous consumption and conspicuous leisure. Eventually heroes have so much accumulated riches from exploit that they can afford to blow those resources on ever more extravagant goods and services and on long periods doing nothing of value. Remember back to the carousing rules from the early Conan RPG and the early DnD rules for building your own keep, crafting magic items and doing spell research. All these things signal to the rest of the world just how formidable you are. Different RPG archetypes focus on different mixes of these four building blocks of agency and status.

  • Courage: imposing agency via force of arms and brute strength
  • Cunning: imposing agency via cleverness or guile
  • Conspicuous Consumption: showing status via display of resources gathered in heroic exploit
  • Conspicuous Leisure: showing status via not performing otherwise productive work when not involved in exploit

Veblen says that the expression of these qualities has social value in that you get special treatment for having or displaying them. They are largely expressed in the form of what Veblen terms invidious comparison. I am stronger than that person, I am smarter than this other person, more moral than this person, etc. More abstractly, they can be expressed through trophies of exploits, what resources you have, what groups you associate with, who you work for etc. In the extreme, one who successfully gathers large amounts of resources via exploit can’t spend it all themselves, and may even hire retainers whose only job is to spend their lord’s money.  Interestingly, some of these expressions are cultural and change over time. Recent studies have shown that modern Americans are less inclined to give others status for having lots of leisure time and lots of expensive possessions, which were major status symbols in Veblen’s time and are still (apparently) status symbols in other places. (article 1 and article 2).

What in particular struck me while reading through the book was that a large part of RPGs was an attempt to emulate characters with far more agency, and thus status, than players generally have. That’s of course an oversimplification. Different people play RPGs for lots of different reasons, and you can probably find some that don’t hinge on playing with agency, but I can’t think of any . Feel free to correct me if you like. What this means is that in theory RPG experiences featuring the right balance of character agency (enough agency to impose their will on others but not so much that opponents don’t appear to have agency of their own) should be a more satisfying play experience, and giving the characters markers of agency and status should also lead to satisfying play. In fact, one could write an entire book digging through Theory Of The Leisure Class and pulling out elements to enhance games*.

As a side note, plenty of playstyles and even problem playstyles can be chalked up to Veblen’s agency. On the innocuous side is pushing for more PC vs NPC agency. On the destructive side is outright player vs player or player vs GM agency. If you’ve ever wondered what the player who enjoys making everyone else’s experience miserable is getting out of it, this is it: imposing their agency over that of the other players and GM, and if they can’t be convinced to pick a more suitable target, they should be shown the door before it gets worse.

However, even though Veblen explains RPG motivations very well it turns out that taken to extremes, pursuing agency and status also explains a variety of the more unsavory elements of humanity: Slavery, discrimination, sexism, racism etc. are all big markers for agency and status. Some of them, like slavery, are a direct application of agency. One person has the agency to literally own another. Isms are a little more abstract but boil down to an imbalance of status between two groups. If you belong to the group an imbalance favors, you benefit from that status boost. You can see the evidence of this in plenty of the fiction that inspired the RPG hobby. Conan, for example has a scene in at least every other story where he forces himself on a woman and halfway through the act, she stops struggling to get him off her and starts struggling to get her panties off, because he’s just so manly and good at kissing it changes her mind, and Robert E Howard doesn’t even hold a candle to John Norman in that regard. A lot of early space opera sci-fi was heroic American vs evil communist Asians . . . innnn spaaaaace! There are still plenty of vestiges of this era sticking around too. All dwarves are racist against elves, elves are racist against . . . mostly dwarves, but also everyone. Lots of sentient species are kill on sight morally repugnant, and every half-orc gets the one good half orc treatment.

So, TLDR: RPGs are big power fantasies about imposing your will on others and everyone fawning all over you for doing it, and taken too far the natural extension of this is some of the worst parts of the human experience. Lovely.

Let me put on my devil’s advocate hat for a moment and just take things too far. If the above is true, wouldn’t featuring all of those uncomfortable bits of bad human behavior and allowing PCs to wallow in them make your game a more powerful expression of what RPGs are all about, and wouldn’t your game be better for it? Shouldn’t I be saying: “All this stuff adds to the fantasy that is explicitly the entire point of the game, so put it in your game, lots of it!”

That would be an awfully weird position to take, wouldn’t it? Turns out it’s a tempting position, but not necessarily a good one. First, there’s more than enough opportunity for heroic exploit, agency and status in your average game. Dipping into the more problematic aspects of agency just isn’t necessary. Even if you wanted to, most are very sensitive subjects and should be handled with care and only with complete group buy-in. And of course if you don’t take sensitive issues seriously, like other problem play styles, you run the very real risk of trading in game status for out of game status (i.e.: you get labeled a jerk and no one wants to play with you because you don’t respect others’ boundaries.)

But, can dealing with these difficult extremes of agency and status in your game be done without issues? Yes, but it’s nothing groundbreaking. On the extreme end, with player buy-in you can absolutely play an evil game with PCs that push the envelope. In a more traditional game, you can include these issues but reserve them for villainous NPCs that heroic PCs put a stop to. You can include lesser versions of them (the faux racism of all dwarves and elves). You can reserve involuntary traits indicating a lesser status for non sentient or irredeemably evil beings (golems and demons are OK to pick on because even though their status is linked to race one is a mindless automaton, the other is literally made of evil. If your golems and demons don’t follow that mold, things get hazier. This is where the “all orcs are evil” problems come from. Are orcs inherently evil like in Lord of the Rings, or do they fall in a spectrum like most fantasy races?) In fact, these could lead to some interesting introspective role playing moments. Nothing groundbreaking. All common enough that this is not the first time you’ve heard of them.

So that’s it. That’s the short version of viewing role playing games through the lens of Veblen’s Theory Of The Leisure Class, and the problems that come with it. Hopefully it’s an interesting perspective.

 

 

Writing said book has been on my “someday projects” list for quite some time. Also feel free to let me know if that sounds lame and I should let it languish or if it sounds awesome and I should move it up the list





Read the whole story
careyhimself
37 days ago
reply
Christchurch, New Zealand
Share this story
Delete

Histamine and Goblet Cells

1 Share
Read the whole story
careyhimself
41 days ago
reply
Christchurch, New Zealand
Share this story
Delete

2016 Election Map

4 Shares
I like the idea of cartograms (distorted population maps), but I feel like in practice they often end up being the worst of both worlds—not great for showing geography OR counting people. And on top of that, they have all the problems of a chloro... chorophl... chloropet... map with areas colored in.
Read the whole story
careyhimself
46 days ago
reply
Christchurch, New Zealand
Share this story
Delete

More details about mitigations for the CPU Speculative Execution issue

1 Share


Yesterday, Google’s Project Zero team posted detailed technical information on three variants of a new security issue involving speculative execution on many modern CPUs. Today, we’d like to share some more information about our mitigations and performance.

In response to the vulnerabilities that were discovered we developed a novel mitigation called “Retpoline” -- a binary modification technique that protects against “branch target injection” attacks. We shared Retpoline with our industry partners and have deployed it on Google’s systems, where we have observed negligible impact on performance.

In addition, we have deployed Kernel Page Table Isolation (KPTI) -- a general purpose technique for better protecting sensitive information in memory from other software running on a machine -- to the entire fleet of Google Linux production servers that support all of our products, including Search, Gmail, YouTube, and Google Cloud Platform.

There has been speculation that the deployment of KPTI causes significant performance slowdowns. Performance can vary, as the impact of the KPTI mitigations depends on the rate of system calls made by an application. On most of our workloads, including our cloud infrastructure, we see negligible impact on performance.

In our own testing, we have found that microbenchmarks can show an exaggerated impact. Of course, Google recommends thorough testing in your environment before deployment; we cannot guarantee any particular performance or operational impact.

Speculative Execution and the Three Methods of Attack

In addition, to follow up on yesterday’s post, today we’re providing a summary of speculative execution and how each of the three variants work.

In order to improve performance, many CPUs may choose to speculatively execute instructions based on assumptions that are considered likely to be true. During speculative execution, the processor is verifying these assumptions; if they are valid, then the execution continues. If they are invalid, then the execution is unwound, and the correct execution path can be started based on the actual conditions. It is possible for this speculative execution to have side effects which are not restored when the CPU state is unwound, and can lead to information disclosure.

Project Zero discussed three variants of speculative execution attack. There is no single fix for all three attack variants; each requires protection independently.

  • Variant 1 (CVE-2017-5753), “bounds check bypass.” This vulnerability affects specific sequences within compiled applications, which must be addressed on a per-binary basis.
  • Variant 2 (CVE-2017-5715), “branch target injection”. This variant may either be fixed by a CPU microcode update from the CPU vendor, or by applying a software mitigation technique called “Retpoline” to binaries where concern about information leakage is present. This mitigation may be applied to the operating system kernel, system programs and libraries, and individual software programs, as needed.
  • Variant 3 (CVE-2017-5754), “rogue data cache load.” This may require patching the system’s operating system. For Linux there is a patchset called KPTI (Kernel Page Table Isolation) that helps mitigate Variant 3. Other operating systems may implement similar protections - check with your vendor for specifics.

Summary
Mitigation
Variant 1: bounds check bypass (CVE-2017-5753)
This attack variant allows malicious code to circumvent bounds checking features built into most binaries. Even though the bounds checks will still fail, the CPU will speculatively execute instructions after the bounds checks, which can access memory that the code could not normally access. When the CPU determines the bounds check has failed, it discards any work that was done speculatively; however, some changes to the system can be still observed (in particular, changes to the state of the CPU caches). The malicious code can detect these changes and read the data that was speculatively accessed.

The primary ramification of Variant 1 is that it is difficult for a system to run untrusted code within a process and restrict what memory within the process the untrusted code can access.

In the kernel, this has implications for systems such as the extended Berkeley Packet Filter (eBPF) that takes packet filterers from user space code, just-in-time (JIT) compiles the packet filter code, and runs the packet filter within the context of kernel. The JIT compiler uses bounds checking to limit the memory the packet filter can access, however, Variant 1 allows an attacker to use speculation to circumvent these limitations.

Mitigation requires analysis and recompilation so that vulnerable binary code is not emitted. Examples of targets which may require patching include the operating system and applications which execute untrusted code.
Variant 2: branch target injection (CVE-2017-5715)
This attack variant uses the ability of one process to influence the speculative execution behavior of code in another security context (i.e., guest/host mode, CPU ring, or process) running on the same physical CPU core.

Modern processors predict the destination for indirect jumps and calls that a program may take and start speculatively executing code at the predicted location. The tables used to drive prediction are shared between processes running on a physical CPU core, and it is possible for one process to pollute the branch prediction tables to influence the branch prediction of another process or kernel code.

In this way, an attacker can cause speculative execution of any mapped code in another process, in the hypervisor, or in the kernel, and potentially read data from the other protection domain using techniques like Variant 1. This variant is difficult to use, but has great potential power as it crosses arbitrary protection domains.
Mitigating this attack variant requires either installing and enabling a CPU microcode update from the CPU vendor (e.g., Intel's IBRS microcode), or applying a software mitigation (e.g., Google's Retpoline) to the hypervisor, operating system kernel, system programs and libraries, and user applications.
Variant 3: rogue data cache load (CVE-2017-5754)
This attack variant allows a user mode process to access virtual memory as if the process was in kernel mode. On some processors, the speculative execution of code can access memory that is not typically visible to the current execution mode of the processor; i.e., a user mode program may speculatively access memory as if it were running in kernel mode.

Using the techniques of Variant 1, a process can observe the memory that was accessed speculatively. On most operating systems today, the page table that a process uses includes access to most physical memory on the system, however access to such memory is limited to when the process is running in kernel mode. Variant 3 enables access to such memory even in user mode, violating the protections of the hardware.
Mitigating this attack variant requires patching the operating system. For Linux, the patchset that mitigates Variant 3 is called Kernel Page Table Isolation (KPTI). Other operating systems/providers should implement similar mitigations.

Mitigations for Google products

You can learn more about mitigations that have been applied to Google’s infrastructure, products, and services here.
Read the whole story
careyhimself
50 days ago
reply
Christchurch, New Zealand
Share this story
Delete

Saturday Morning Breakfast Cereal - Healthcare

1 Comment and 13 Shares


Click here to go see the bonus panel!

Hovertext:
Sorry for the serious comic. It'll be back to butt jokes tomorrow. This has been a thing that's been stressing us pretty bad for a few weeks, so I thought I'd share. Apologies to all people who are not from the US, and who are shocked and/or baffled.

New comic!
Today's News:
If you want more information, please check out this article in the NYTimes or this article in the Washington Post. 
 
If you want to get involved in the movement to make health insurance more affordable in Virginia (and in particular in the counties that are experiencing the 240% hike in insurance premiums), check out the Charlottesville for Reasonable Health Insurance Facebook group or follow Cville Healthcare on Twitter. 
 
Thanks, geeks!
Kelly & Zach
Read the whole story
careyhimself
77 days ago
reply
Christchurch, New Zealand
Share this story
Delete
1 public comment
ChrisDL
77 days ago
reply
pretty please.
New York
afeman
77 days ago
normal country

Constant Flawless Vigilance

1 Share

(This post currently requires client-side JS from capability.party. Sorry.)

Constant Flawless Vigilance, or CFV, is a meme which occurs in several contexts across software engineering. CFV preëmpts normal risk analysis by endorsing exactly what it says on the tin: Never-ending observation by humans of complex systems to detect faults. If the observation is sufficiently continuous, and the humans are sufficiently trained, then CFV claims that faults will not occur.

We note CFV as a generalization of several hazardous memes which are common throughout software engineering. By isolating and documenting CFV, we hope to remove its paralyzing venom.

Linus’s Law

Linus’s Law, named for the creator of Linux, is traditionally stated as:

Given enough eyeballs, all bugs are shallow.

In other words, with enough people looking at a given piece of code, it is likely that eventually all bugs will be found. Or is it?

Let us consider the case of code review. One reviewer may find some bugs. Another reviewer may find other, different bugs. Linus’s Law suggests that there is a number of reviewers which will find all bugs. How many reviewers? The coupon collector’s result can be applied here; presuming that any given code reviewer is likely to find bugs on every reading of some code, it will take code reviewers to find all the bugs! This isn’t a guarantee, either; some bugs might remain hidden for a long time.

Constant Flawless Vigilance works here, but only statistically and at a cost of many engineer-hours.

Input Validation

My First IRC Bot

Let us talk of novice programmers. We shall take Alice to be such a novice. A common exercise for novice programmers, like our friend Alice, is to implement an IRC bot. Alice, like many novices, thinks that a code-evaluating feature is fun and easy to implement safely, and so she adds a naïve code evaluator to her bot. It works correctly, computing simple arithmetic facts and displaying weather information retrieved from the Web.

However, suppose Alice finds herself aggressed by Mallory, who sends the bot snippets of code which cause the bot to misbehave. Alice does not yet know about confused deputies nor ambient authority, but after a few searches on a 2017 search engine, she learns about the concept of input validation and begins implementing some validators for her bot.

Alice knows that trying to manipulate the text of incoming code is a fool’s errand, so her first attempt is to validate that no harmful syntax comes through, by pruning powerful nodes from the AST. While not directly aware of ambient authority, she intuitively forbids access to extremely powerful objects, and by constant dialogue with Mallory, Alice systematically eliminates more and more avenues of ingress.

However, eventually Mallory comes up with a flourish which finishes off Alice’s dreams of safe evaluation. Perhaps it’s a careful example of coloring within the lines, as in this series of Python eval() tricks, or perhaps it is a timeless eldritch classic like . Alice sighs and starts learning how to implement a resource-limited sandbox.

Generalizing Little Bobby Tables

SQL injection has become well-known and popular, with themed websites discussing how to mitigate it. Unfortunately, this isn’t enough to reveal the deeper pattern of why injection happens. Injection from a host language into a DSL is caused by the host-DSL bridge lacking the ability to mix host and DSL values directly, and instead attempting an assembly-line series of fixups. A typical pipeline in such a system might have phases which:

  • Rejects non-strings
  • Lowers input to common encoding
  • Strips invalid characters
  • Escapes quote characters
  • Quotes escape sequences
  • Looks for and rejects Mallory’s PoC from last week

Does this work? Sometimes. But “sometimes” isn’t good enough when Constant Flawless Vigilance is being applied as an axiom; it’s all-or-nothing.

Avoiding Undefined Behavior in C

The C and C++ languages have undefined behavior, or UB. Following Robert O’Callahan’s example, we would like to point out that the task of writing correct C is an exercise in applying Constant Flawless Vigilance. Pascal Cuoq and John Regehr have a detailed and daunting survey of UB.

More generally, any feature or quirk in a programming language which requires Constant Flawless Vigilance to avoid accidentally provoking nasal demons or other similarly-devastating security compromises should be considered extremely dangerous. Some examples from popular programming languages:

  • C
    • Pointer arithmetic
    • String manipulation
    • The entirety of Cuoq and Regehr, as already linked
  • C++
    • Everything listed for C
    • Exception handling
    • Operator overloading
    • Object life cycle: implicit constructors and destructors, copy constructors, move semantics, structural sharing
  • Java
    • null and NullPointerException
  • JavaScript
    • Automatic Semicolon Insertion
    • Equality semantics with ==
    • this
    • In the browser:
      • Browser-specific bugs
      • JSONP finally recognized as a Bad Idea
      • Origin policies
  • PHP
    • php.ini
    • Importing code via include/require
  • Python
    • Closure semantics capturing by name instead of by value

There are many flaws and warts not covered in this listing, but we have tried to focus on precisely those misfeatures which are so fragile that nothing short of the most Flawless and Constant of Vigils will protect programs from them.

Conclusion

Constant Flawless Vigilance is the concept that a perfect defensive posture, applied consistently and without fail, guarantees safety. We should reject it in favor of fault tolerance, error analysis, and correctness bounds.

Read the whole story
careyhimself
86 days ago
reply
Christchurch, New Zealand
Share this story
Delete
Next Page of Stories