I haven’t written a retrospective on a departing year in quite some time so since I haven’t done one on cohost, I figure this is a good place to do so! I’ve broken this down into individual sections.

I’m going to miss stuff but whatever. I put the fun stuff at the top and not so fun stuff at the bottom.

Travel

After basically not leaving the country or province in 2020 or 2021, I visited places this year!

Two trips to the Washington DC and Northern Virginia area and then a trip up to Boston. One thing I did that knocked off something on my bucket list was taking an Acela train from DC to Boston–this took about 7 hours.

COVID is still top of mind and I look forward to when I can ease up on some behaviours when being away from home, but I am not going to make any predictions for when this might happen.

Stuff I watched

I watched BBC’s Sherlock (I know it’s over a decade old now), Saki (an anime about mahjong), Akagi (another anime about mahjong), the Evangelion rebuild movies, the Ace Attorney anime series, and Danger 5.

My favourite movie this year was Everything Everywhere All At Once. It’s probably the funniest and heart-warming movie I have seen in years. If you haven’t watched this movie yet, you’re doing yourself a disservice.

Twitch

I stream on Twitch and made a goal for myself: get 1,000 followers.

As of my writing, I am around 935, but I am up from 650. It isn’t 1,000 as I hoped, but honestly I am glad to have seen my followers go up that high! I just like having people watch me and it means a lot to have new people come on over. It is not an income source for me and never will be, but it’s just nice to put on a show and play games or write code.

When I get to 1,000, I promise I will play the Harvey Birdman Wii game. I have the disc ready to play whenever it happens.

With the tech side of things, my streaming set up was also greatly improved. I got a new microphone and audio input set up so now my mixing is pretty good (thanks to @wuest for harassing me to finally do this), fixed my lighting so my green screen works better, and I finished the year by getting a Stream Deck which makes doing stuff so much easier.

Some games I felt like were a lot of fun to stream this past year:

• Final Fantasy VII Remake
• Dark Souls III (paused for now but will come back to it)
• The Great Ace Attorney
• Sealed Bite (which I did as a speedrun for Flame Fatales!)
• NieR: Automata (still need to finish)
• It’s A Me! (@Hempuli, this game was fucked up okay?)
• This coming April, I am doing every stream as anime themed–I am calling this “Anime April”. I am slowly compiling a list of games using an anime licence so if you have any suggestions, please let me know!

Games I played

I am ignoring Ace Attorney as I have given the game its own section.

Final Fantasy VII Remake was an absolute joy to play. I bought it for PC and played through it over the course of two weeks. One thing that stood out: I couldn’t tell what was a cut scene and what was actual gameplay. The engine is that good. I am super curious to where the story goes because it has definitely deviated from the original source material.

I cannot wait for the full release of Sealed Bite. It has been delayed a few times, but it has been a blast to learn how to speedrun. You can tell that this game was inspired by Celeste and has borrowed some mechanics from it.

The verdict is still out on my playing of Disco Elysium. I like it so far, but it’s not pulling me in as well as I hoped. I plan to continue my streaming of it in the new year.

I started to play Dark Souls III after hating DS1 a lot and being told to skip DS2 to play this game instead. My responses so far have been to laugh off my deaths so either the game is more entertaining for me or I have changed as a person and I am okay with not doing well.

Ace Attorney

My friends have had to endure a year of me talking about Ace Attorney. I have gotten a tattoo because of Ace Attorney–the yatagarasu symbol which is located on my hip. I have logged around two whole weeks of playtime in Ace Attorney games. I am almost done playing all of the Ace Attorney games.

Have I mentioned I have become an Ace Attorney fan girl?

I’ll be writing about this sometime later when I finish the Great Ace Attorney: Resolve. For now, all I can and will say is that I love this series despite some of the problems games outside of the original trilogy have.

I have plans or a retrospective on these games sometime in January or February.

Frame Fatales

I did two in-person Frame Fatales events this year as a lead and I have no regrets. However, I decided it wasn’t for me as it was a lot of work and was exposing some flaws in me that I felt needing addressing–this is covered in the next section. I’m still on to help out for future events, but there are more ready people to take on roles.

All said, in the past three events I have had a significant hand in, we raised nearly a half million dollars (US) and I am not going to ignore that.

Mental health and relationships

One of the things I decided to do after I ended a relationship late last year was to just not date. It wasn’t as if I had no interests in anyone or lacked opportunities, but I was so unsure to what I wanted and who I wanted to be in any sort of romance I engage in. I am demiromantic so my ability to fall in love is complicated and fraught with internal and external struggle–then add polyamory to the mix to make things harder.

I realised during this time that often I am not nice to myself. There have been times where I have failed to advocate for the things I want and need and that led to some serious shortcomings in past relationships, leading to heartache and problems.

This boiled over during the summer when in succession I had a friend pass away from a brain tumour, another relative pass away two months after one died as well, an encounter with someone I hadn’t planned for but knew was coming, and two weeks of travel for Flame Fatales 2022 and vacation with no ability to decompress from everything beforehand. All of this in a six week period turned me into a real mess.

During a ride I took from Washington DC to Boston via Amtrak’s Acela service after Flame was over, I decided to do things for myself. I wrote a portion of a visual novel story (I am still at this) and watched as the American east coast go right by. It was a rail trip I had on my list of things to do for a very, very long time and I feel like it was a turning point for me: it was time for me to do things for me and to let people into my life again.

A few weeks later, I had a minor operation and went off of my ADHD medication as I figured it would interfere with anaesthesia. Something that had been on my mind prior was how I’d cope without it during that time and instead of discovering how dysfunctional I was without it, I came to realise that I had become a shut-in. I wanted to see people and I wanted to socialise whereas before there was an aspect of me that was shuttered.

I’ve since changed my ADHD medication and I feel better with respect to my attention span and to how I interact with people. Is it the right medication long-term? Time will tell, but I think my previous medication had caused me to create problems for myself and others.

I’m dating again and I am not rushing into anything, but I do hope that 2023 means I will find that partner I can see myself living with. Christmas this year was spent with the family for the first time since 2016 and I think it was the best one I have had since I was a kid. I feel like my mental health and my relationships will be healthier in the new year.

Next year

And on that note, 2023 is going to be a good year for me. There are factors not in my control which mean that it won’t be a great year overall as I cannot anticipate what the world will be like this time next, but I think that what I am doing for myself will be good and that is the important thing.

I want to share what good I do for me with others as well. I hope that I can build on that mindset and that everyone can benefit as much as possible.

---

Gilmore at platform-level

If you were to pull up information about the Millennium Line, you’d soon come across its opening date of January 7th, 2002. With that known, you’d then say that every station opened then as being the oldest.

This assumption is fairly safe as the line itself is a relatively new railway. Unlike the Expo Line, much of the initial alignment did not make use of a another railway’s existing or former right of way. This means that stations such as Sperling-Burnaby Lake or Lougheed Town Centre have no real historical reference.

However, this is not entirely true for all of the stations which opened in 2002.

A view towards a right of way crossing at Gilmore and Henning

The BC Electric Railway used to run a similar line to compliment the Central Park line named the Burnaby Lake line. It ran from New Westminster at the same spot the Central Park line did and merged with the street car line on Commercial Drive just its sibling.

At some point, I should write about the Burnaby Lake line, but the point here is that the Millennium Line does intersect with the remnants of this line.

Gilmore station as viewed from the same spot

Today’s Gilmore Station is located at the intersection of the street bearing its name and Dawson. It’s probably one of the weirder stations in my opinion not because of anything other than its ceilings resembling curved plywood. I guess one can just go across the street to the Home Depot to pick up replacement panels should any of them fail.

However, the station’s previous incarnation was fairly unassuming and significantly more rural.

Map showing GIlmore on the Burnaby Lake line (City of Vancouver Archives)

The original Gilmore Station from the Burnaby Lake line days was too at Gilmore and Dawson. It was to serve the swampy, agricultural area known as Still Creek. I could write extensively about the history of Still Creek, but really that was just it.

As part of the shutdown of the BCER in favour of trolley and diesel buses, it closed in 1956.

Interurban travelling along the Burnaby Lake line (City of Burnaby Archives)

The main difference between the BCER station and the one we have today is where the current station stands. However, the original station site does continue serving a public good.

View of the Gilmore Pump Station approximately where the original Gilmore station stood

On the site of the original BCER station is Gilmore Pump Station, which while does not serve rail traffic anymore, it does serve a function to make sure that if you were to come downstairs from the Millennium Line, you don’t encounter a giant puddle.

This originally appeared on cohost.org/VancouverTransit but has been moved here due to the site’s shutdown.

This is a Twitter thread from July 2018 that I made into a blog entry.

I want to talk about how important industrial control is and why the general public is woefully unaware of how they interact with it on a daily basis.

This is a post on SkyTrain, Vancouver’s rapid transit system and how safe it is until users circumvent it.

SkyTrain has just about 80 KM of track and it’s 100% automated. This means that when you walk on to any of the trains on any of the three lines, there is no driver. Because of this, it can achieve and has achieved 70 sec headings, meaning you don’t have to wait long for a train.

More often than not it’s about 120 sec but still few systems in the world can achieve this maximum frequency.

Its frequency is also its biggest Achilles heel when things go awry, but I’ll touch on that shortly.

For the very curious, the trains use the Seltrac moving block system. This allows for the trains to run very close together to the point where trains can actually be right in front of each other with a few metres to spare.

To prevent people from going into the tracks, there are various sensors at entry points where humans could interact with the trains. The trains don’t have anything to detect a human is in its path; it just knows where it is.

(View on Twitter)

Or in some cases wildlife gets into the track. This is a new extension of the system and it’s not too far from an interface zone, allowing for cougars to enter. The line was not operating at the time.

So optimally, trains know where they are and humans never enter the track. Unfortunately, it does break from time to time…

(View talk on elevator security on YouTube)

The way I look at our rapid transit system is like this: it’s like an elevator. An elevator is designed to never kill you provided that you don’t circumvent the safety controls.

So what happens when humans circumvent the safety controls by opening doors when the trains are stopped? A lot of things and it messes up the balance of the system.

SkyTrain operates using a third-rail system, meaning that electricity is provided by a rail on either side of the track to feed electricity. It is very easy to end up touching it if you are unaware.

Also the trains operate at 80 KM/h at maximum speed.

All of this means that if someone exits a stopped train, everything starts to go hairy fast.

First off, SkyTrain has to have the section of track where people are thought to be walking through turned off and to stop all trains from approaching the stations between them. This means that a huge section of track going both ways is now disabled.

Secondly, attendants have to assist the riders who opted to leave the trains with getting on to the platforms. This has to be completed before we can do anything further. It may take an hour or more.

So here’s where the fun part comes in: what happens when you decide to knock out power to these trains? We lose the ability to trust their state.

That’s right. We’ve lost the trains and now the system has no idea where any of them are.

To bring the trains back to life we cannot just turn them on and tell them to go to the next station. They themselves do not know where they are and the system does not have the ability to make them trust their current position.

These self-driving trains however have to meet requirements every few months by having them driven by an operator. Almost all attendants are trained to operate the train when need be–due to weather or maintenance.

So to fix this: we have to have the train sets driven into their nearest station one set at a time. This is the longest part because there are sections of track that are nearly 3 KM long.

Once this is done and we’ve ensured that nobody is in harm’s way, we can have the system come back to life.

I’ve ridden this network every working day for the past decade and can [confidently] say that the system is very safe. However, the biggest problem it has is that when it breaks, people tend to get frustrated and cause the system to break further.

In 2017, the system recorded a record 151 mn passengers (compared to 117 mn in 2010) and on average the majority of system delays are caused by humans interacting with the trains either intentionally or unintentionally–I will not elaborate further.

(There is a train 069 BTW)

How this all ties into industrial control [(IC)] of course is that this is the very definition of one that the public uses every day and pays no attention to how it works. Often we talk about IC in power plants, natural resources, and elsewhere, but our mass transit systems are IC!

IC security is super important but it is also important to understand how much goes into making a good IC system work. It isn’t just having to worry about security matters but to also plan for humans interfering with the operations of things.

So the next time you’re stuck on a train, don’t break the emergency seal. It may be 15 minutes for you but you may cause 120 minutes for others.

I should add: I don’t work for TransLink! If I did I’d probably wouldn’t be allowed to [chost] about this stuff. I work for a company that heavily uses industrial control so as a result I have an interest in how things like SkyTrain works!

Fun fact: I was DM’d by two TransLink employees asking me if I worked for them when this thread started to make the rounds locally. I literally just transposed my knowledge of industrial control to how these trains work! Knowledge of industrial control equipment is just something I gained from my career and it isn’t hard for me to look at systems and figure out how they tick.

One of the “holy grails” of cyber security is reducing all panes of glass used by incident responders to just one. This is a pipe dream many managers chase after in the name of efficiency and it is not unlikely to have reporting staff desire this too.

Despite all of this, I have long had the opinion that the single pane of glass concept is a fool’s errand and prefer to chase after reducing the windows used in incident response.

What is a “single pane of glass” anyway?

The “single pane of glass” (SPG) approach really is to reduce the complexity of performing tasks or absorbing information by making it solely available in one location only. This could be exemplified with a ticketing system which shows diagnostic data and have one-click tasks to handle basic functions.

Other examples that you may have seen include tools like Matrix and Hootsuite, which handle multiple online services.

As you can tell, it is not a cyber security problem entirely.

Interoperability is a nightmare

Here are typical tools I could expect to make cyber security incident responders successful:

• Endpoint detection and response software (EDR)
• Phishing email reporting
• Network firewalls and detection
• Logging software
• Sandboxing for malware detonation

This is just a small list of software but is something I’ve had to try and make play nice.

Here’s a fun scenario that I expect could easily play out:

Jonathan in office services reports a phishing email. When the email is reported, an incident responder determines that it was malicious and that the URL the email linked to had mimicked the corporate login for a service which didn’t have two-factor. Said website was harvesting usernames and passwords and then offered a download to access a service.

The incident responder then takes the URL and checks to see who clicked on it and three employees were recorded to have visited the website. Web traffic logs were fortunately able to capture activity and it was determined that one of them who is in the help desk did sign in and download the file.

Now the incident responder has to grab an audit log from the EDR to see if the file was executed and is also grabbing the file from the machine to then test in the sandbox environment. The responder has since isolated the machine to prevent any further harm.

At this point, we’ve gone through five different software products, meaning five different windows had to be used. The single pane of glass approach would break down these functions into steps:

1. Review the maliciousness of the email
2. Search logs from network firewall to see who visited the URL contained within
3. Retrieve EDR audit log
4. Review audit log for execution
5. Detonate the malware in the sandbox
6. Isolate the computer

These are six steps and in theory all of these steps could be done with integrations. However, this is where it all begins to fall apart. I’m not even talking about the maturation required to get to the point where you’d consider all of this.

The big problem is whether or not the vendors you work with have bothered to make their APIs capable of doing anything useful.

Does your phishing email software have an API that allows you to pull the details into your ticketing system and close it off there? Do you have consistent firewalls across your environment so you know what websites are being visited? Can you remotely control your EDR software to pull a standard package of data from these systems? Can you also get the malware from said system to then automatically push into the sandbox?

I’ve run across many, many barriers where trying to get 30% of the way is impossible because the vendor has assumed you only want to use the user interface they provide. The useful functions required just don’t exist in a public API and any attempt to circumvent this by reverse engineer any other API or directly accessing an internal database violates the support agreement–I am trying my best to avoid naming a vendor here.

Accepting your fate

So what do you do in this scenario? Don’t use the SPG approach and just accept the reality that you will work to reduce the windows needed but only where practical. Options beyond that may include finding better vendors to work with too.

If you have a vendor promising you an automation tool that will give you that single pane of glass, press on them hard and maybe reconsider any future relationship with them because it’s again a fool’s errand and a waste of time.

This is a repost from a Twitter thread I made back in September 2017.

So on a Slack I am on, I ended up talking about how fan-subtitled (fansub) anime distribution used to work in the 90s.

Anime would cost between $15 and $30 USD commercially depending if it was subbed or dubbed – $25-50 today.

However, LaserDiscs from Japan were super expensive. You’d have to order them via mail or phone and they’d be $300+ sometimes plus shipping.

In some cases, one LD collection would just have 4 episodes and cost that much. You’d be looking at $80-$100 an episode in mid-90s money. These discs would typically be not available to purchase until 8-12 months after the show had aired–unlike Crunchyroll’s 1-hour!

Fansubbers would buy these discs with their own money. Sometimes donations would be taken but typically it was out of pocket.

Typically the fansubbers would just stop distribution if the anime series was picked up by a distributor in the market they’re in.

Fansubbers would spend late nights–whole weekends too–just going over the show, watching it endlessly, translating and timing a script.

It was tireless work. I had friends at Arctic Animation who did all sorts of great shows like MKR and Akazukin Chacha to name a few

Once translated and timed, you’d eventually feed the script into a computer and then use some fancy hardware to overlay the subtitles. It was a 1:1 copy by the way. There was no way to speed up the process. Play from LD, record to VHS or SVHS. Found a mistake as you watched the subtitle? Welp you’re out of luck! You’re going to have to fix the script and then restart!

SVHS was used to keep the quality high but it only really benefited the subtitles, not the video since the LD was not able to output SVideo. You’d usually copy the SVHS “master” to other copies for use for distribution. I hate the term “master” and will only use it once.

Once you’ve gotten your copies, you’re able to distribute the tapes assuming that nobody bought the rights in the three months it took.

So now you want a copy of MKR? Well it is time to send a letter and a VHS tape or a few off to your favourite fansubber! You’d be waiting however long it would take to get your copy. Arctic was here in Vancouver so I’d just take a train to get my copies.

Some fansubbers went overboard with their methods. Here is how VKLL did theirs. I had these copies at one point.

VHS distribution died when it became effective using the Internet to distribute copies in DivX or even RealMedia format. It was around the time that anime got super popular and anime cons were just popping up everywhere.

I cannot remember Arctic’s last release, but it was definitely in the early 2000s.

Nonetheless, it was interesting to see the shift from VHS to digital distribution for fansubs and the rapid turnaround it got. You’d see fansub groups in the mid-2000s pumping out subtitled copies in a matter of hours after airtime. However, unlike when LDs were used, no money is going to the right holders in Japan for these shows.

These days fansubbing is a lot less prevalent. Crunchyroll has the market cornered with its 1-hour after broadcast release schedule.

But yeah! Subs not dubs.