There are a few things that helped me or someone I know to understand some concepts:
e: Hot/cold stuff passively reaching ambient temperature (why does it get colder quicker right at the beginning but so slowly at the end??) as well as the time constant for capacitors (which you could analogize with how long it would take for water to drain out of a broken dam: quickly at first, slowly as the water level decreases)
integrals: My brother designed a boat that he would build. He wanted to know how much volume it would displace until water would spill inside. The walls were not straight nor right-angled. Using the slicing method and estimates of "this is somewhere between an oval and rectangle, so the area of this slice will be between those shapes", he was able to figure out the ballpark volume.
derivatives, and this one takes a LOT of care to avoid confusion... position, velocity, acceleration. I would start with straight distance examples, but it's also cool to note: On a Merry Go Round, the rider's acceleration would only be toward the center if the rotating speed stays the same. It has to! If it were even a little backwards, you'd slow down! If the Merry Go Round were wider, the acceleration would be not so strong. If the Merry Go Round were so wide that it's impossible to tell you are spinning, there would be nearly no acceleration.
When you drop that ball from a window, gravity is its acceleration. Gravity never changes its direction or gets stronger. That is intuitive. The velocity will keep getting larger, but at the same rate for a while (until real life interferes aka drag). The position, you can plot that and see that every second it is a farther interval. That also makes sense: A ball thrown upward doesn't bounce off the air at the top and come down right away at the same speed. It hangs for a brief moment. But it doesn't hang anywhere else after its peak because the position is the second derivative of acceleration, and that second derivative only has one point where it stays nearly the same for a brief moment.
It might not stick for everyone, but you can explain that 6 dB is always "twice as loud". Thus, 12 dB is "2x2 times as loud" and 18 dB is "2x2x2, or 8 times, as loud". The dB amount is always addition, but the "as loud" part is multiplied.
Similarly, every 10 to 30 years (usually about 20) the value of money drops in half due to inflation. You're adding years but multiplying or dividing value. That lets you know that there's a power/logarithmic relationship.
One other concept is more useless but fun for me... There's product-over-sum. It shows up in "how long does it take N lawnmower pushers of varying efficiency to trim so-and-so acres of lawn?" (If Joe does a lawn in 20 and Jake in 30, they do it in 12 together.) but also in things like parallel resistance. In this case, I tend to think of the electrons as the blades of grass in the lawn and the resistors as lawnmower pushers. The electrons don't care who "trims" them, and whichever resistor becomes available to process an electron (at its own given efficiency e.g. conductance/anti-resistance) will do it.
I am a big fan of the Street Fighting Math series from MIT, but I feel like there were much better resources for explaining the concepts (e.g. videos, lectures) than I can find today. The book is not as approachable as the concepts themselves when explained at an audience-appropriate level. The only downside it its lack of general practicality, but it does move some advanced concepts into the napkin math domain.
In one part, Dr. Mahajan shows that because the derivative of the LN function is very close to the derivative of x at 1 (that is, 1), you can approximate powers close to 1 by subtracting 1 to get them into the log domain and multiplying by their exponent. This probably doesn't make sense, so I'll solve an example from the book...
"If 5% of bacteria are mutated during a radiation round, how many bacteria are unmutated after 140 rounds?"
You can eventually figure it will be (.95)^140 by starting with simpler examples (all heads in two coin flips, three coin flips). Once you have the equation, it means that you can approximate its answer by subtracting 1 and multiplying by 140: -0.05x140 = -7. The answer would be quite near e^-7, which is 0.09%. (Beyond that, if you recognize that e^-5 would be five time constants e.g. just below 1%, then e^-10 is 1% of 1%, so then e^-7.5 would be the halfway point; somewhere below but also close to 0.1%.) The right answer is approx. 0.08%.
An actual game that is engaging and shows one math concept (probability/statistics) in-depth? Dope Wars. The entire thing runs off random chance and expectation. You could probably even simulate the outcome of various strategies over many simulations (the same way that a decent investment recommendation would be a percentage of bonds/cash equal to your age with the remainder in stocks)
Even stuff like Pythagorean Theorem isn't as important to an everyman as its moral. "If you cut through the grass, it's less walking." This also extends to the value of social networks (Metcalfe's Law) or understanding why a small bump in speed limit takes a relatively large increase in gas consumption (Ignoring wind resistance, kinetic energy is proportional to v^2, so going 55 mph takes roughly the same energy as someone going 50 plus someone else going 23.)
This is all a really lovely list. Thank you for your answer.
I love Street Fighting Mathematics too, but it's tough even for me. Meaning, it makes sense as I see the explanation, but these techniques of estimation have to be practiced over and over again to feel natural.
As for the gravity example, a small game using Scratch was enough to get them to appreciate acceleration, by associating velocity with audio. You intuitively know what a vehicle sounds like when it is maintaining constant speed, vs when it is accelerating or decelerating (negative acceleration)
From there it was a small delta to showing horizontal launch velocity but no acceleration, and how you can deal with the x and y components independently, and how a ball automatically traces a quadratic curve.
This. There's a lot to be said about understanding registers and assembly and different languages and how a USB packet is constructed, but efficiency in reverse engineering comes down to effective pattern recognition.
A binary is likely to have a reasonable amount of often-called code for memory operations (memset, memcpy, strcat, strlen, sscanf, log) and a lot of library code (Flexcomm_Init, Clock_AttachClk, SPI1_Handler, NVIC_EnableIRQ) and then probably fairly little actual application code. For Ghidra users, being able to ignore the boilerplate (mem and BSP code) and quickly find and analyze the application code saves a TON of time.
(Conversely, if I know a binary is written using FreeRTOS, finding the task creation function would be my first step, as this reveals nearly all of the application code.)
There are techniques to help (setting a flash memory region as non-write so string references are recognized and disassembled correctly, loading a chip SVD so all the library code is more obvious) but those come with experience or a good hands-on tutorial, and they still won't tell you everything about the application code.
In my own breakdown of one Cortex-M binary (bare metal, no objects known) the only reason I was able to get the firmware in the first place was by noticing and decoding a base64 string in an unpacked Electron app used for USB communication with the device. This ended up holding plaintext credentials for their update server which had two channels: one for encrypted production binaries and the other for unencrypted development binaries.
In this specific case, it helped to know what base64 looks like, but that's like how knowing different methods of slicing onions might help you figure out a recipe by tasting a cooked meal. Very often such background knowledge is irrelevant. Once in a while it will be the only realistic way forward.
NSA doesn't want the government and critical businesses to get hacked, unless they are doing it themselves. That's why they support many security features in both proprietary and open source world.
However, in the US, they don't need to hack; they can just ask for data lawfully.
I recently had a ThinkPad Z13 for over a year. I tried earnestly using the TrackPoint on multiple occasions. It had inconsistent pressure pickup, bad haptics, and poor button integration.
I think I had a different opinion 25+ years ago, but that was an era where the laptop might ONLY have a TrackPoint, and its design was intentional---not an afterthought like the current gen.
In fact, one of the main selling points (reducing wrist strain) doesn't apply to the Z13, because the cold, hard, right-angled aluminum edge of the case digs into your wrists the longer you keep them in the same position.
* Packet sniff a Windows-only consumer USB/Ethernet device and implement its communication into a Linux and/or mobile device client. (Ideas: audio gear, smart kitchen/coffee appliances, smart lights)
* Create a Docker image (plus ideally a GitHub Action or AWS Lambda) that will build and publish microcontroller binaries using some major vendor's board support files. AS FEW SETUP STEPS AS POSSIBLE is the goal: Upload "main.c" to a template repository (or attempt to compile and link all .c|.h files in the src folder) and a few minutes later, "out.elf" is the output artifact.
* Implement a data browser (or editor) for some abandoned but popular (or personally nostalgic) video game. If this step was easy enough, write a new game client in a modern engine. Props if it works in WASM. If reverse engineering is not forbidden in the EULA (or you are ballsy in your interpretation of your country's laws) release the client, source and/or a fully novel and functional (using the original binary) set of game data publicly.
* Write programs for a reasonably new protocol such as MIDI 2.0. Bonus points if you specifically copyleft it, but that won't stop Behringer from using it without attribution anyway.
* Link a QEMU (or Fast Model) emulation of a specific microcontroller (e.g. STM32F4) with an interactive circuit simulator (such as Falstad). This would need to include at least GPIO and timer subsystems on the MCU side. I think this would be the hardest practical project from this list but would generate a ton of research papers if successful (balancing resource consumption and accuracy as you approach real time; getting 2+ independent simulations to communicate with one another; improving power consumption estimates for a complete embedded system simulation) plus identify a lot of future work (a Falstad protocol analyzer widget, a Falstad SD/SPI flash storage device).
* Improve existing tools: write a Ghidra or KiCad plugin, add new file types to binwalk, etc. One example for Ghidra would be auto-detection and naming of FreeRTOS functions which could be later generalized to other RTOSes/compilers/architectures/preprocessor (FreeRTOSConfig.h) settings.
* Try to improve dead reckoning performance of a mobile robot using its sensor data (perhaps without GPS) under heavy vibration, crosswinds, uneven/sloped/slippery terrain, and any other conceivable interference. (This can be a nice data-heavy AI/ML problem, but a lot of intelligent people have already explored this particular problem.)
* Create a website, documentation, and community presence for any of the aforementioned projects.
* Figure out any improvement to the state-of-the-art in efficient cardboard box packing/nesting. This is vastly explored, but new constraints (e.g. load from back with gravity, contents are not convex, strength/weight is now a factor, effort required to repack a partial unload after a "sea journey" or "intense truck driving") make it possible to break existing algorithms. Success here = PhD-worthy accomplishment and potential to commercialize, plus a pigeonhole for your academic career as an advisor
* Figure out if there would ever be a way to make internet hyperlinks bi-directional. That is: removing a served page should notify all known domains that link to the newly removed paged to remove their link, and if one of your own link targets is no longer found, automatically change the link target to archive.org. Could this be implemented into all the major FOSS web servers on an opt-in basis? Then, a web developer should expect their links to almost always work despite the actions of the linked domains. What are the strong reasons this should not happen? (I would start with "what are trusted domains" and "abuse potential" and "cost of computing/network resources")
Consider Ctrl + Space in Windows Explorer. For literal decades, it has been the method for selecting multiple nonsequential files. Now it is the default shortcut for the Peek file preview window. But it doesn't have the title PowerToys or Peek. It's just the filename of whatever gets opened. So now you have two problems: figure out why you can't select multiple files in Explorer like you did last week and last year and ten years ago; and figure out how to disable this mystery preview window so it doesn't keep happening.
Hopefully the first time you discover Peek, you aren't trying to delete a subset of sensitive documents in a shared space without using the mouse. But that's okay; the lead dev states PowerToys is an incubator, and that justifies enabling new features by default, so sensitive files should get previewed using Ctrl + Space without warning! (Only that last part is mine.)
The tools are too opinionated for the amount of productivity they claim to provide. (Yeah, even Quick Accent. I'll stick with my insecure AHK script. At least it only activates when I ask for it.)
One of the Turbine devs shared that Asheron's Call (an early MMORPG) was intentionally not released in major outlets at first so they would not scale too fast. This was perhaps wise, the first few months were largely---and remarkably---free of network and load balancer problems.
e: Hot/cold stuff passively reaching ambient temperature (why does it get colder quicker right at the beginning but so slowly at the end??) as well as the time constant for capacitors (which you could analogize with how long it would take for water to drain out of a broken dam: quickly at first, slowly as the water level decreases)
integrals: My brother designed a boat that he would build. He wanted to know how much volume it would displace until water would spill inside. The walls were not straight nor right-angled. Using the slicing method and estimates of "this is somewhere between an oval and rectangle, so the area of this slice will be between those shapes", he was able to figure out the ballpark volume.
derivatives, and this one takes a LOT of care to avoid confusion... position, velocity, acceleration. I would start with straight distance examples, but it's also cool to note: On a Merry Go Round, the rider's acceleration would only be toward the center if the rotating speed stays the same. It has to! If it were even a little backwards, you'd slow down! If the Merry Go Round were wider, the acceleration would be not so strong. If the Merry Go Round were so wide that it's impossible to tell you are spinning, there would be nearly no acceleration.
When you drop that ball from a window, gravity is its acceleration. Gravity never changes its direction or gets stronger. That is intuitive. The velocity will keep getting larger, but at the same rate for a while (until real life interferes aka drag). The position, you can plot that and see that every second it is a farther interval. That also makes sense: A ball thrown upward doesn't bounce off the air at the top and come down right away at the same speed. It hangs for a brief moment. But it doesn't hang anywhere else after its peak because the position is the second derivative of acceleration, and that second derivative only has one point where it stays nearly the same for a brief moment.
It might not stick for everyone, but you can explain that 6 dB is always "twice as loud". Thus, 12 dB is "2x2 times as loud" and 18 dB is "2x2x2, or 8 times, as loud". The dB amount is always addition, but the "as loud" part is multiplied.
Similarly, every 10 to 30 years (usually about 20) the value of money drops in half due to inflation. You're adding years but multiplying or dividing value. That lets you know that there's a power/logarithmic relationship.
One other concept is more useless but fun for me... There's product-over-sum. It shows up in "how long does it take N lawnmower pushers of varying efficiency to trim so-and-so acres of lawn?" (If Joe does a lawn in 20 and Jake in 30, they do it in 12 together.) but also in things like parallel resistance. In this case, I tend to think of the electrons as the blades of grass in the lawn and the resistors as lawnmower pushers. The electrons don't care who "trims" them, and whichever resistor becomes available to process an electron (at its own given efficiency e.g. conductance/anti-resistance) will do it.
I am a big fan of the Street Fighting Math series from MIT, but I feel like there were much better resources for explaining the concepts (e.g. videos, lectures) than I can find today. The book is not as approachable as the concepts themselves when explained at an audience-appropriate level. The only downside it its lack of general practicality, but it does move some advanced concepts into the napkin math domain.
In one part, Dr. Mahajan shows that because the derivative of the LN function is very close to the derivative of x at 1 (that is, 1), you can approximate powers close to 1 by subtracting 1 to get them into the log domain and multiplying by their exponent. This probably doesn't make sense, so I'll solve an example from the book...
"If 5% of bacteria are mutated during a radiation round, how many bacteria are unmutated after 140 rounds?"
You can eventually figure it will be (.95)^140 by starting with simpler examples (all heads in two coin flips, three coin flips). Once you have the equation, it means that you can approximate its answer by subtracting 1 and multiplying by 140: -0.05x140 = -7. The answer would be quite near e^-7, which is 0.09%. (Beyond that, if you recognize that e^-5 would be five time constants e.g. just below 1%, then e^-10 is 1% of 1%, so then e^-7.5 would be the halfway point; somewhere below but also close to 0.1%.) The right answer is approx. 0.08%.
An actual game that is engaging and shows one math concept (probability/statistics) in-depth? Dope Wars. The entire thing runs off random chance and expectation. You could probably even simulate the outcome of various strategies over many simulations (the same way that a decent investment recommendation would be a percentage of bonds/cash equal to your age with the remainder in stocks)
Even stuff like Pythagorean Theorem isn't as important to an everyman as its moral. "If you cut through the grass, it's less walking." This also extends to the value of social networks (Metcalfe's Law) or understanding why a small bump in speed limit takes a relatively large increase in gas consumption (Ignoring wind resistance, kinetic energy is proportional to v^2, so going 55 mph takes roughly the same energy as someone going 50 plus someone else going 23.)