The Blind Crusaders of the GOP

Is the forlorn hope of getting a shot at having a Supreme Court that *might* overturn Roe v Wade worth selling out to the Russians?

We have to face facts, President Trump is not just a bull in a China shop – he’s a wild boar in a Kosher deli. So far, his foreign policy has been to antagonize the closest, most democratic allies of the USA and then cozy up to murderous dictators like they were teddy bears. His actions at the G7 and NATO meetings provided deep challenges to our allies’ resolve to ride out his presidency in the hope that he’s just a one-termer. His actions at the Singapore summit with North Korea’s fratricidal dictator were worse than Chamberlain’s at Munich. Trump didn’t even get one concession or formal commitment from North Korea to back up his “nuclear peace in our time” declaration.

When that anti-semitic, white supremacist, child molester was running for the GOP in the recent Alabama Senate race, the justification given for abandoning all moral principles and to vote for him was blunt realpolitik: He will be a vote in the Senate that will help nominate a judge to the Supreme Court who might tip the balance of the court to overturning the established precedent of Roe v Wade.

Given that the GOP majority of one (1) in the Senate is possible because of at least two senators that have said they will not nominate a justice that does not view Roe v Wade as established precedent, one can understand why the anti-reproductive rights base of the GOP was willing to go with an anti-semitic white supremacist child molester to build out that majority to where it would not depend upon those two moderates.

It also explains why they’re going with a blustering, gauche Trump who seems to be doing his level best to somehow become Vladimir Putin’s best friend in the whole wide world. While I argue that a US strategy that encircles Russia with military bases is needlessly antagonistic, I’ve never said that we should give Putin a free pass to do all the things that he’s done.

Trump asked for Putin to get back into the G7, completely glossing over the reasons Russia was ejected from the then-G8. Russia invaded Ukraine and sponsored rebels in the Donbass region. As if to remind us about how nasty a person Putin is, a British citizen recently passed away after unintentionally handling debris associated with Russia’s nerve gas attack against two dissidents in the UK.

Why is this not a big deal to the GOP? Is the long shot of overturning Roe such a goal that you would keep a leader in office that antagonizes our allies while ignoring actual foreign policy threats? There’s also the matter of the trade war with China (which war also takes shots at the aforementioned US allies), which could lead to a very real war.

Is the need to restrict women’s reproductive rights so overriding that you want to support leaders that are racist child molesters (the Alabama Senate candidate) or foreign policy disasters (the current President)?

If yes, I don’t need any more explanation. You’ve made a deal with the Devil, in spite of your professed love of God. You have to live with the psychological doubling that will destroy your soul, as surely as it did the souls of the German doctors that agreed to work in Nazi murder camps. Not saying you’re Nazis. I’m just saying that you’re going to wind up with the same mental problems that they had. I recommend Robert J. Lifton’s work “The Nazi Doctors” as an excellent read to help prepare you for the nightmares you’re going to experience in later life.

If no, then why aren’t there more people in the party doing something about it? I used to lean Republican, but I can’t any more. There is no way that I, or a lot of independent-undecided-Libertarian type voters can lean towards a party that puts forward the candidates it does simply because they might be a vote to get a judge through to the Supreme Court who might overturn Roe v Wade.

This blind crusade within the GOP is leaving it as a party that can not govern effectively, that can not conduct foreign policy in a way that will benefit the USA, and that can do no more than say “no”.

Don’t Demonize

So I see this image from “We Love Donald J. Trump” on a friend’s page… It’s a mass of negative generalizations about the Democrat party and positive generalizations about the Republican party. I’m not going to post my response on my friend’s page because I’m going to post it here, where I’m free to have here what I want to have here.
 
It’s highly generalized, which makes it inaccurate. The “lower taxes” item considered in the Republican’s favor, for example, means more deficit spending, which is essentially taxing your children so you can party today. The GOP-associated “Small government” is more words than actual action. The reality is that a true small government would also mean significant dismantling of the military along with medicare and medicaid. I don’t know of many politicians of either party willing to reduce those things to the point where we would have a true pre-1900 sort of small government.
 
At the same time, I don’t know anyone that’s pro-abortion, which is used to label the Democrats. There are people who support allowing the freedom of choice, so it’s just as easy to say that Republicans are anti-freedom, if we use the same inaccurate generalization.
 
Wanting to make sure that police work is done accurately, fairly, and with respect to our Constitutional rights doesn’t make a person anti-police (which is pinned on the Democrats), and wanting immigration reform doesn’t make a person anti-ICE (also pinned on Democrats), or for open borders and/or illegal immigration (yes, also used to tag the Dems). Going with inaccurate generalizations would paint all Republicans as closet Nazis, just waiting for a police state and concentration camps. That’s as ludicrous as some of the generalizations being made here.
 
Point being that, yes, there are differences between the major political parties after several decades of them being pretty much the same. But a person is not a demon simply for making a conscientious choice to support one party or another. Language that demonizes the opposition only makes it easier for the group doing the demonizing to itself become more extreme in its views.

How Did the Jews Survive Hellenism?

I’m taking a course in Jewish History. It’s not for credit, but for learning. It is offered by Dr. Henry Abramson of Touro College, online, and for free. The course itself deals with the survival of the Jews as a people. As I went through one of the readings for the first lesson of the course, the book of 2 Maccabees, I came across the account of the death of Antiochus Epiphanes in that book. Wanting to check some details (did he *really* indicate a desire to convert to Judaism?), I read that the violent persecution against the Jews under the Seleucids was only in Judea and Samaria. Jews in the Diaspora – as well as Jews under other Diodachi rulers – were not subject to this violence, at least not on this level. Nevertheless, they *were* subjected to the Hellenistic influences of the conquerors. Inside of that frame, I want to answer this question.

All through time, conquerors have imposed their cultural stamp on the conquered to the point where the cultures of the conquered either vanish, become invisible, or leave but a few words, sayings, and dinner entrees behind. Consider the people of the Indus Valley civilizations: we cannot interpret their writings and it does not seem anything of what they once had as a culture has remained in the Indian subcontinent. We have to strain our historical eyes to see what is left of Assyria, Babylon, and Sumeria. And yet, in spite of the massive power of Hellenism, we can look around today and see that Judaism has indeed survived. So, how did it make it through the gauntlet of Hellenism?

On the surface, it seems as though it took the force of arms to sustain Judaism, but as noted above, that was only the case in Judea and Samaria. In places such as Alexandria, the question was much more fundamental: Abandon the law and the covenants or remain true to them?

In this sense, although Philo Judaeus has a heavy infusion of Hellenic philosophy in his writings, at their core they are still Jewish because they hold true to the covenants and the law. He may be saying things that seemed unusual to the scholars both of his day and of later periods, but he’s still working from a world view that prizes the Jewish law and religion. He does not replace it with Hellenism, as the antagonists in Maccabees do. He *reconciles* it with Hellenism.

But even in that reconciliation, there is a danger. Does the philosophical reconciliation introduce elements of culture and thought that undermine or alter the core narrative of the culture in question? In the case of Christianity, the prophetic Christianity of the 1st Century CE (believe me because I was a witness to the miracle) was replaced with Augustine’s philosophic Christianity of the early 5th Century CE (believe because I am using Platonic philosophy to prove it). So, the question now becomes one of whether men like Philo changed the fundamental reason to practice the Jewish faith, namely, that one is descended from a person who made a covenant with the Almighty, and is part of a people who received a law from the Almighty.

Set aside things such as desires or even needs to translate scriptures into Greek or to have Greek signage within the temple. Those things still imply a need to observe the law. Perhaps the greatest challenge to Judaism was when men like Saul of Tarsus were able to leverage general Greek interest in mystery religions with a declaration that one need not undergo convert circumcision to enter into fellowship with a Christian congregation. These congregations of Gentiles were overwhelmingly Greeks or Hellenized populations. When we see a lack of Hellenized Jewish congregations in the world, it may be because those populations themselves were absorbed into the Christian church of the Romans, itself highly Hellenized as a result of Saul/Paul, Augustine, and other early Christian leaders.

Given how Christian rulers in Europe have constantly troubled the Jews living in their borders, one can see that if the Christians themselves are seen as the product of Hellenized Jews, the conflict of the Maccabees is a conflict of today.

Through it all, the Jews have to ask the question of survival. Maybe they have to ask if they should fight or fly, but they have to first ask the question if there is anything worth fighting or fleeing over. If not, why bother? Both Judah Maccabee and Philo of Alexandria held that there was a reason to retain the law and covenants they had been given in their youth. Both determined that, yes, there was a reason to not drop these things and go with the times. To these people and their devout associates and followers, the covenant of Abraham and the law of Moses were worth taking a stand for. Even if Hellenism were accommodated, it was not allowed to replace these core concepts. The true path to survival in the Greek world lay not in force of arms, but in scholarship and creativity. The Jewish people had to know who they were before they could struggle to retain that identity.

The definition of identity is possible only in the face of the *other*, the Greek, the Babylonian, the Egyptian, and so on. One can start to define what one is only when one can point to what one is *not*. The child would not ask a parent why they do not do as the others do if there are no others, and merely do as he or she is told, more or less. (This should not devolve into a discussion about rebellious teenagers, as they are a completely separate challenge to survival…) But when there are others who do this and that which one does not do, the questions will arise from the mouths of children and it is up to the parents to turn their hearts towards their children, that the children might turn their hearts towards their parents and honor the ancient laws and covenants.

Protect and Survive, 2018 Edition

Foreword

If the country were ever faced with an immediate threat of cyberattack, a copy of this booklet would be impossible to distribute to every household as part of a public information campaign. There are so many media platforms, we have no idea which one or ones to use that would, in their combination, reach all households. Moreover, even if we got the booklet out, how would we make sure that people actually read it? Let’s face it, attention spans are not what they were in the 80s, when all we were worried about were nuclear missiles and bombs.

If the country were attacked by a wide-ranging cyberattack, we do not know what targets will be chosen or how severe the assault would be. We probably couldn’t even imagine what would be attacked, so we’re rather certain that there will be critical flaws in this plan because of faulty assumptions made that a particular service would be available or that help would be on its way to those in distress.

If cyberattacks are used on a large scale, those of us living in rural areas would be potentially exposed to as much risk as those in urban areas. Supply chain disruption could deprive all areas of critical resources such as food, medical supplies, fuel, and so on. Service disruption could mean that sectors of the country would not have basic police, fire, and/or emergency protection. We like to think that the emergency response system is hardened against attack, but the truth is that that system is quite vulnerable in many areas. It is likely that some emergency systems are still managed via insecure methods and would be easily compromised by a large-scale cyberattack. This could also mean that alarm systems would be on constantly, without interruption, producing high levels of mental stress.

The dangers which you and your family will face in this situation might not be reduced if you do as this booklet describes, but at least you won’t be as surprised about what goes down as someone who hasn’t read this booklet.

READ THIS BOOKLET WITH CARE. IF YOU RECEIVE AN ELECTRONIC COPY, PRINT IT OUT AS SOON AS POSSIBLE BEFORE YOUR HOME NETWORK, POSSIBLY INCLUDING YOUR PRINTER, IS COMPROMISED BY THE ENEMY.

1. Challenge to Survival

Everything that is connected to the Internet during a cyberattack will potentially be damaged, destroyed, or weaponized.

Data Loss

Any device connected to a network that is itself connected to the Internet is at risk of complete or partial data loss. While personal data loss may be limited to items of a sentimental nature and locally-managed personal data, public and corporate data loss could potentially result in wiping of individual records. These records would potentially be those used to justify access to products and services, both public and private. Because it is cost-prohibitive to retain hard copies of these records, we recommend that you retain a hard copy of a volume of Stoic philosophy, Seneca being a good example of such, so that you can endure your losses with dignity. It is likely that restoring lost data would involve a process at least as long as used when it was first created, likely a longer process due to the need to utilize pen, paper, typewriter, and processes that we as a nation have largely abandoned due to our digitalization.

Function Loss

Any device with an Internet connection is also at risk of being rendered completely useless by way of having its software wiped or corrupted. Such devices would not be able to be updated by their vendors, either via the Internet or via hands-on methods. While loss of function for home thermostats would result in substantial discomfort, loss of function for medical devices and potentially refrigeration devices could lead to sudden or eventual loss of life. While we cannot advise that all persons immediately exchange “smart” medical devices for non-Internet connected equivalents, we do advise that persons with “smart” medical devices consult with their trusted medical specialists about the feasibility of eventually replacing such devices. As for persons who rely upon refrigeration to preserve medical supplies, we strongly recommend not using a “smart” refrigerator and that they maintain a power supply independent of the local grid, with sufficient fuel to last for 2-3 days. Maybe 4. Or 5. Or 6. 7, tops. Well, 8-12 in a severe case. 13-21 in a worst-case scenario. Could be a month or two, really, before services get restored if the attackers keep following up with additional exploits. Maybe even up to a year, when we think about it. Don’t want anyone to panic, but, yeah, we’re that vulnerable.

Function Modification/Weaponization

While it is possible that a cyberattacker would utilize connected devices to intercept domestic communications, we consider such a scenario to be low risk. We are more concerned about an attacker exploiting vulnerabilities in connected devices that would cause them to malfunction to the point where they would be potential fire and/or explosive hazards. To minimize this risk, we recommend that citizens unplug – not just turn off, but unplug – all electronic devices not in use. This includes unplugging them from the Internet. This also includes unplugging devices that do not connect to the Internet, as it is possible an attacker could weaponize the power grid to send a power surge to a residence, with the intent of creating chaos and confusion.

Under no circumstances should a citizen consider operating a motor vehicle during a major cyberattack. Even if your personal vehicle is not Internet-capable, you cannot say the same for the other vehicles on the road, nor can that be said for your municipality’s traffic control systems.

If you have a home alarm system, disconnect it as soon as you have advance warning of a cyberattack or become aware that such an attack is underway. This disconnection will need to include the battery back-up system for the home alarm system. The concern here is that the attacker will create chaos and confusion by triggering the alarm. The constant noise of the alarm would both render the home unusable as a shelter as well as lead to mental strain for one’s neighbors. Triggering home alarms across a wide area would also overload emergency response systems, if those haven’t also gone down in the original attack.

In the event of a cyberattack, remove all batteries from smartphones, tablets, and cell phones so that those devices cannot be weaponized, as described above.

We’re pretty sure we left something off this list that will result in massive injury and loss of life. In our defense, there are so many Internet-connected devices, we can’t even begin to imagine how to protect against all possible situations in which they could be compromised and/or weaponized. The guy in the cubicle next to me just mentioned something about Internet-connected cat boxes. Again, if this was 1980, we wouldn’t have to face such a scenario. But this is 2018, so we may very well have a cat box-related tragedy befall our nation in a major cyberattack.

2. Planning for Survival

Stay at Home

The title of this section is reassuring, more so than the more accurate “Stay Near Home, Possibly in a Public Shelter, Unless Those Are Also Compromised in the Attack.” If your home isn’t rendered unusable due to your domestic devices being shut down, incapacitated, or weaponized, you will have as good a place as any to ride out the attack.You may die there, cold, hungry, dehydrated, and exhausted, but wouldn’t you rather die at home than on the street or in some wilderness? It’s your call, but at least if you die at home, it’ll be easier to notify your next of kin, assuming we can get communications systems back online and are not overwhelmed by local casualties.

Anticipate complete disruption of electrical, water, natural gas, and sewage utilities and plan accordingly. “Plan accordingly” is really a cop-out. We have no idea how every family in a major urban area would be able to arrange resources to cope with such a disruption in services. Especially families in apartment complexes, and doubly so for those receiving public housing assistance. Good lord, they might riot within 72 hours as the food in the local stores is exhausted. But where will you go? It’s not like these riots will be localized. I’m looking right now at a scenario in which the national distribution network is knocked offline for two weeks, and the carnage will be awful. So, yes, do stay at home. It will help you preserve your strength for the coming armageddon.

Plan a Refuge

If you can adopt a pre-industrial lifestyle where you raise your own food without the aid of mechanization, chemical fertilizers, or modern distribution networks, the sooner the better. Of course, that also means exposing yourself to diseases that pretty much exist only in developing nations and history books, so there’s a bit of a trade-off there. You could go with getting a year’s supply of food and a local water gathering system, but there may actually be laws in your area that make water gathering illegal. As for the food, that’s a major expense, so you can’t ramp it up all at once. Basically, if you don’t have a refuge now, you may be too late. Don’t panic, however. There is still plenty of time to print off the public-domain works of a Stoic philosopher so that you can endure these hardships with dignity.

If you live in a tiny house with a chemical toilet, you may be better off than most at first. Nobody here envies you for the task of replenishing that toilet, should the distribution network still be down when the time comes.

Plan Your Survival Kit

Stock enough food and water for 14 days. Why 14 days? We have no idea, but if it was good enough for the people who wrote the pamphlet on how to survive nuclear war, it’s good enough for us. Each person should drink two pints a day, so that means 3.5 gallons per person. I can’t do metric, so you’re on your own there. This water is for drinking. You’ll need twice as much per person for washing, and we’re not talking about showers or baths, either. You’re going to get rather grimy in the event of a major cyberattack.

Choose foods that can be eaten cold and that will also keep fresh, such as cans of soup or beans. You will likely want to practice eating soup straight out of the can now so that you can discover which flavors you prefer best and so that you learn to suppress your gag reflexes, should they be evident while consuming such a meal. The cold soup you eat today may mean cyberattack survival tomorrow!

Heaven help you if you have a baby or special dietary requirements. You are going to suffer grievously.

In the past, a radio would be one’s only link with the outside world, but even emergency and commercial radio systems can be disrupted in a major cyberattack. You might as well get a hand-cranked radio and try it out from time to time, in case we get lucky and manage to restore radio services.

Make sure you have plenty of warm clothing, first aid supplies, cutlery, dishes, and a can opener. Nobody wants to be the chump that stocked up on canned goods, only to forget a can opener. Better get several, just in case one breaks.

You will also find sleeping bags, flashlights, camp stoves (be sure to have the proper fuel and ventilation for these), spare batteries, toilet articles, and buckets to be very useful. You will also want a shovel and a location at least 20 feet away from your home where you can bury your solid biological waste. You would want this to be in an area that is not exposed to rain runoff or the local water table, as it will be a source of disease.

Also have tissues, notebooks, pencils, brushes, cleaning materials, plastic or rubber gloves, toys, reading material (including the Stoic philosophy that will help you cope), a mechanical wind-up clock, and a calendar.

Finally, in advance of a cyberattack or as one is underway, it may be advisable to shut off gas, electricity, and water services at the utility shut-off point so that damage to those systems will not compromise your shelter.

3. Protect and Survive

In the 1980s, we could discuss the methods of warning about an imminent nuclear attack. Such warning would be available in the case of a bomber attack or ICBM launch. We did not talk much about a submarine-launched missile attack, as those would have far less time between missile launch, missile detection, and missile target impact. We would basically know about the attack right before it took place.

In the event of a wide-ranging cyberattack, we may not know about the attack until some time has passed after the initial phases of the attack have been completed and the secondary phases of the attack commence. It is also possible that the cyberattack targets the warning systems themselves, so that they emit one or more false warnings to crate chaos and confusion and mental stress – or so that the warning systems do not function at all, as a prelude to a nuclear weapons attack by way of bombers, ICBMs, and/or submarine-launched missiles.

That last one would be the worst possible scenario. No warning, all major cities and quite a few minor ones all hit at the same time. The enemy wouldn’t dream of doing that, however, unless it also had managed to deprive us of our ability to use our nuclear weapons in that cyberattack. Since the enemy has been very persistent in attempting to penetrate our cyberdefenses, we can’t rule out that they might gain that upper hand and then launch the attack that effectively destroys our nation at little or no risk to their nation and/or allies.

It’s also possible that the enemy nation merely launch the cyberattack to deprive us of our nuclear weapons, with the intent of capturing and controlling our industrial base and natural resources. It is possible that the enemy nation would change the function of industrial security systems to keep loyal workers locked out, so as to prevent acts of sabotage to prevent industry from falling into their hands.

The same enemy nation may also be interested in disrupting the supply chain so as to induce mass panic, protest, and rioting. In the resultant die-off, our population would be too weakened by civil unrest and famine to mount an effective, coordinated resistance.

If, for some reason, our national leaders miscalculate on a massive scale and have to resort to a launch of nuclear weapons as a last-ditch measure, it is quite likely that the enemy nation will launch a wide-ranging cyberattack in conjunction with a discharge of its nuclear weapons, so as to take us down to hell with them. I know I said that a situation described above would be the worst case, now I’m not so sure.

We’ve so far attributed wide-ranging cyberattacks to enemy nations, but we also have to consider the possibility of the attacks originating from a non-nation-state actor, an internal threat, or as a result of pure accident. In such cases, we estimate that the impact of the attack would not be as comprehensive as described above, but could still incapacitate one or more major utilities and/or public services.

Holy crap, I haven’t even thought about air traffic control systems or airports until just now. If there’s a major cyberattack, pray that you’re not in the skies, should those systems be compromised.

Same goes for commuter rail and metro systems. I’m getting sick, just thinking about those.

My boss just looked over my shoulder and read what I’m typing. He didn’t say one word about changing my cynical tone. He just sighed and went into his office and shut his door. I think I can hear him crying in there.

If that part about the crying is in the final pamphlet that goes out, it must be because this threat is way worse than I’m letting on here and that this document, cynical and depressing as it is, is actually somehow better than leveling with you and telling the full story.

May God have mercy on our Internet-connected souls.

What Grover Can Teach Us About Breaching Perimeter Defenses

When a firm has a known point of ingress from the Internet, it will secure that connection. It will use firewalls, IPS devices, proxy servers, all kinds of good stuff. Those defenses will pass audits, no problem. But what about ways to get into the corporate network that aren’t known to central IT staff? What are the consequences of those unmanaged points of ingress?

We turn to Grover the Muppet for that lesson. In the video I linked, it is ostensibly about bringing a bowl of soup to a sick friend. However, on another level, it is teaching penetration testing techniques to five-year-olds.

Shalom Sesame: Mitzvah Impossible

Grover first encounters a wall. Call it a firewall, if you want. Rather than give up, Grover finds one way around it – going over. His friend finds another way – going around. In both cases, the wall did not cover all possible ingress paths, so it did not provide sufficient security. Later, when Grover encounters a cow blocking his path much like an IPS does, he need only pass a weak test – basically a declaration that his traffic is business critical – to continue forward with his payload.

Grover’s activity would be analogous to an attacker entering a network via an insecure ingress path and then using traffic defined as legitimate to continue with his operation. He uses methods so simple, a five-year-old could grasp them. Maybe those over five would do well to review the security video I linked to…

At any rate, the wall is very nice and blocks traffic that does not route around it. Had the wall been fitted over a cave mouth, it would have been much more difficult to route around, and that would be possible only if there was another unsecured path of entrance into the cave system. As it is, it needs to be taller and wider to cover those available paths of ingress.

How many firms have frustrated employees? I suspect it’s all of them. That’s bad news, because frustrated employees are also those that are most likely to call up a local ISP for a DSL line out of their local budget so that they can have Internet access for some purpose. Nobody higher up or in the central office approved the line: they just put it together themselves. And if central IT refused to allow that connection to hook up with the corporate network, that’s not a problem. They can buy some inexpensive small business switches and hubs and allow their PCs to connect to the corporate network and the shadow IT network at the same time.

How many firms have web developers on a tight schedule? Oh my, that’s a very high percentage… That’s bad news because those developers might set up VPN servers – only for emergency purposes, of course – so that they can connect from home to the test environment more effectively than they can if they use the corporate VPN. Or maybe they have a fileshare server opened up so it can offer its files on the Internet, making things much easier. Or maybe they use an insecure coding shortcut that gets the site up that much faster, even if it means it now allows quite a lot of malicious activity over HTTP and HTTPS.

How many firms have employees that click on links in emails? How many firms have contractors whose contracts have ended, but their workstations stayed logged in… and unpatched… and maintaining a dual-homed Internet connection on the guest network? How many firms have subsidiary or ancillary organizations that manage their own Internet connections… badly… and that have full trust relationships with the parent organization?

Well, that’s bad news, because… well, I’m sure you see the pattern here. None of these paths of ingress are properly managed, let alone secured. Malicious Grovers are carrying bowls of malware-infested chicken soup to servers and workstations that lap the stuff up without questioning.

So now the problem is finding the unmanaged ingress points. The solution is simple: look at your traffic. See if there is traffic on your network that has an outside IP as its source. Next, take a look to see what ports the traffic is using. If those ports are blocked on your firewalls, and I mean *all* your firewalls, see if there are routing paths to that outside IP that take odd twists and turns in your network. Perhaps they lead to that unauthorized ISP connection or that rogue VPN server.

Once you find those things and have them shut down, check your traffic again. You may very well see those IPs again on your network, now with new routes back out. Those will lead to other paths you want to close off.

You have to check constantly, because you will never know when someone creates a new path of ingress that endangers your network. You can also check for dual-homed devices and abandoned devices and try to police links in email messages. All those measures will help to keep five-year-old kids who saw the above video and got the wrong idea from hacking up your network.

Now, the disclaimer… I work for a vendor that not only makes a product that covers most of the detection methods and remediation items mentioned above, I’ve also used it in an environment that thought it had closed off all those other ways into its network. When I told them about the IP addresses in China that were scanning for the Cisco Smart Install port, they soon discovered that there yet remained more ways in that they would have to deal with.

This is not FUD. This is a realistic assessment of stuff that happens, most likely under everyone’s noses. Not everyone knows to look for this stuff, let alone knows how to look for this stuff, which is how it can go on and on. If auditors only know to check the managed gear, then a firm could conceivably pass audits and still have these issues happening.

So, take a tip from Grover and start looking for ways people break into your network that go over, around, or right on through your perimeter defenses.

Do I Miss Teaching?

It’s been about 5 years since I decided to end my career as a teacher and return to IT. People still ask me from time to time if I miss teaching. The short answer is no, but the long answer is yes.

For the short answer, I love not just my current job, but my current career. Once I had started back in IT, not one day did I wake up and desire to return to the classroom that I had left. I had dreams about teaching, but they involved either dull routine that I was glad to have left behind, or they were about packing up and leaving. Both gave me a sense of closure, that I was done with the profession.

Which leads to the long answer, the “yes”. Truth is, I was missing the classroom my whole last year of teaching. The work I had been able to do, both in the 90s as well as the 00s, that was no more by 2012-2013. School administrations no longer trusted a teacher’s ability to exercise professional discretion in preparing and delivering coursework. When I was doing IT work in the late 90s, I often yearned for the classroom. I had the same yearning during my last year of teaching.

Being forced to buy into the culture of testing that now exists meant selling out on my hopes of continuing to be the kind of teacher that could be flexible enough in the classroom to find a way to make a critical difference in people’s lives. I know I couldn’t impact everyone and that I could come off as a pompous ass to a lot of people… but I also knew that I had a much bigger audience that liked what I did and, within those audiences, I could make connections that would help guide lives.

All that was evaporating before my eyes as I saw mid-level administrators, living in fear of budget cuts that would axe their positions in a heartbeat, spread a culture of fear. Their jobs were safe if they could convince top administrators that their jobs were necessary to maintain the almighty test scores. This was happening not just in my district, but pretty much every urban and suburban district with 2 or more high schools.

So yes, while I miss teaching, I also know that what I once had is gone. It’s not coming back. I can think about the good times, but I have to move forward. I am fortunate and grateful that I have been able to return to IT. I’m working with people that trust my professional discretion, and that makes all the difference.

The Earth Wrapped Up As a Scroll

What is meant by the expression, found in the Bible and elsewhere, about “the Earth wrapped up as a scroll”? Several things, all at the same time, because of the precision of God’s language.
1. When one finishes reading a scroll, one wraps it back up before returning it to the shelf upon which it is stored. The Earth, at the end of its time, will be prepared to return to where it once was – wrapped as a scroll.
2. In addition to the simile’s implication of return, there is also the implication of finality. There is a time, after which, we do not continue to experience time as such, but return to where God is: and where God is, there is no time.
3. Physics. Particularly those of a higher-dimensional order. Just as we can take a line of string, let that represent one dimension, we can bend it through a second for it to meet itself as a circle. Just as we can take a sheet of paper, let that represent two dimensions, we can bend it through a third for it to meet itself as a tube.
Given that God exists in a realm where time is not a relentless crumbler of mountains, such as we see it, but a direction that goes this way and that, then it stands to reason that the realm of God has sufficient dimensions necessary to behold the whole of creation as one.
Therefore, it stands to reason that with those sufficient dimensions, they would include those sufficient to bend the earth so that it meets itself in a higher-dimensional construct our language has not words to describe, but God’s language would, and precise ones, at that.
Speculation – the “wrapping together” would be, perhaps, a similar preparation as what was required for Moses, Abraham, and others to behold God? That all things must be transfigured in order to return to God and that, without a pure soul to match the pure body, we endure pain and discomfort in God’s presence, so much so that it would be best described as a burning lake of fire, or some other nigh-unthinkable torture to our minds?
Yet, such tortures are scripturally described solely as natural phenomena. There is no mention of God or any servant of God, or even Satan or his followers, meting out such punishments. These phenomena arise naturally, out of conditions brought about via a dichotomy of a pure body housing an impure spirit. The only cure for which is an appropriate distance from God.

Maturity in Belief

Often, I see people that claim to have a belief in something, but then go on to undermine the ability of others to share in that belief because these people are too strident or over-the-top in trying to present their views. To them, things are so crystal clear: what could be wrong with someone that does not agree completely with their views? Are they ignorant? Or are they willful enemies?

By leaving out the ability of others to judge things differently, which I call spiritual immaturity, such people are prone to hardline views, are less able to forgive, are more likely to use contentious or confrontational language and, ultimately, commit acts of violence. They will do these things, all the while believing that they are in the right and are justified in their actions.

Spiritual maturity, on the other hand, allows one to accept that other people will walk other paths. Indeed, that each person walks a unique path, some in a similar direction, others not. A spiritually mature person would hope to influence the path of another, but will also recognize when such influence is either unwanted or won’t be understood, or both – and then, in such cases, to refrain from attempting such influence.

Sadly, the spiritually immature can see this maturity as a threat to their own narrow views and lash out against it as heresy, putting it on the same level as their paranoid reactions towards supposed enemies outside their faith. To the immature, the mature can seem as traitors from within because they will not join in crusades or other acts of forcible conversion. Rather, they live and let live and somehow seem to allow evil to flourish.

In truth, it is the mature person that is not allowing evil to color his or her actions and pervert his or her beliefs.

I’ve been the immature person before, thinking that standing my ground in a heated argument lasting for hours was a sort of victory. In truth, it was all wasted words, as I did not convince the others of my views and served only to make them more ready to disagree with anything I proffered in the future. I’ve been that way about my religion, my politics, my views on music, my tastes in arts, and so many other subjective areas. It’s taken me many years to develop the ability to let others have the last word, even when it contradicts what I’ve been trying to say. It’s a sort of long game for me, because if I’m known to let others have a fair say, then I’m more likely to be listened to in the future by those I disagree with. And, maybe in that future day, my arguments might find their way into the hearts and minds of those others that disagree with me today.

Perhaps this is why I’m drawn to teachings of live and let live that are common among Daoist philosophers, Zhuangzi in particular. Perhaps this is why I see value in the Zen koans. While I myself am neither Daoist or Buddhist, I find a sympathetic maturity in their sentiments, in the way they serve to remove masks and illusions that so often bedevil our views, and then allow us to better penetrate the darkness between our souls and enlightenment.

How Musicians Speak to the Press

I’m wondering how much stuff any person in a band says is due to contractual obligations to promote current work. How much of slagging previous work is considered necessary and appropriate to build up one’s current product?

ORIGINAL BAND: “Everything we’re doing now is bold and imaginative, we’re really like nothing else.”

PROMINENT TALENT GOES SOLO: “It was all rehashing of old blues numbers in Original Band, I got tired of going nowhere musically. I’m so glad that I can truly express myself on my solo albums.”

THE REUNION: “What I did as a solo artist, I had to do, had to get it out of my system. Just a flight of fancy. It’s so great to be making magic again with Original Band, the stuff we’re making now is as great as the old stuff.”

AFTER A DISPUTE OVER PERCENTAGES: “I have left Original Band, effective immediately. Please consult the legal firm of Dewey, Cheatham, and Howe for further comment.”

JOINS ANOTHER BAND: “The Original Band reunion was a disaster. Of course, you read about my departure in the press, and I’ll give you the REAL story after I mention how awesome and liberating it is to be with Another Band. These guys are amazing, this is the best work I’ve done.”

SECOND REUNION OF ORIGINAL BAND: “It’s like I never left home. This is the only real music I’ve ever done, my work with Original Band. Our new album will not disappoint!”

NEW ALBUM DISAPPOINTS, DOES ANOTHER SOLO ALBUM: “Most of the reason behind the second reunion was money. I wanted to make music, they just wanted the money. Such a pity. But I’m glad I can fly free again.”

GETS BACK WITH ANOTHER BAND: “We’re not doing the songs recorded by the guy I replaced. They’re not my music and, frankly, I don’t consider them to be truly Another Band. When I’m with Another Band, then, yes, you can be sure it’s really Another Band.”

PARTIAL REUNION OF ORIGINAL BAND: “Me and the guitar player, we were always the core of Original Band. We don’t need the other guys to play amazing stuff.”

FULL REUNION OF ORIGINAL BAND: “If it’s not all four of us together, it’s simply just not Original Band, full stop. Don’t let anyone say otherwise.”

DRUMMER OF ORIGINAL BAND DIES IN FREAK GARDENING ACCIDENT: “We will miss him dearly, but we will also carry on. Original Band will rise from the ashes and continue forth to newer, better triumphs.”

SLIGHT ISSUE REGARDING DISTRIBUTION OF MERCHANDISING PROFITS: “I’m glad to be done with those money-grubbers and, frankly, they can all go to hell, where they can join up with their ex-drummer.”

ISSUE IS RESOLVED, WORLD TOUR RESUMES: “Me and my mates are inseperable! God bless them all, and I wish our ex-drummer were here instead of ‘up there’, where I know he’s drumming with Hendrix.”

OFFERED MORE MONEY TO TOUR WITH ANOTHER BAND: “My heart has always been with Another Band. Original Band, sure I had some laughs with them. But Another Band is where I’ve always felt like I was freest to explore, where we could play like no other band in the world.”

And so on, and so on, and so on…

Prioritizing Security Spending

I’ll put on my manager/owner hat, since I have one laying about the house, and will look at the receiving side of my constant cries to emphasize security spending. There, it’s on, although it seems to restrict blood flow to the part of my brain that handles technological details… never mind, let’s get to budgeting!

First off, security is very important. It’s so important, I’ll use a few more “verys” to emphasize that importance. It’s very very very very very important. But, before I can pay for security, I have to pay for a few other things.

Out of my revenue, first to go through are my loan payments. If I don’t keep current on my merchant loan companies and business loans, I close my doors. That’s a certainty. Ditto for payroll, rent, and utilities. I have to pay those, on time, every month, or I *will* close my doors.

Next up, I have to pay for my materials that I use in my business, whether those materials be solid manufacturing inputs or intangible information, it’s what I use to make my stuff. Without those inputs, my business is no more.

Then there’s advertising. I have to have that, right? I also need money for fees, which I pay to local, regional, and national government authorities in order to stay in business. If I don’t pay those, my business will certainly not be able to operate.

Now, I’ve got some money left over. Part of me wants to have a little more for myself, to compensate for all those days I lived out of my office, getting this business off the ground. That’s why I went into business, right, to make a little something for myself, over and above what The Man would pay me in a regular gig? I’ve got a business partner, as well, and we’ve been through everything together, all these years. I’ve got to give him his cut, fair’s fair.

What’s left is my IT budget. Before anyone panics, let me assure you that there’s still quite a lot of money in that pot.

But, before I pay for any security, I need to pay for my existing licenses. If my PCs don’t have an operating system, they don’t run, and I don’t have a business anymore. Then I pay for my productivity software because what’s the point of having PCs if they don’t do anything useful? No, I must have word processors, spreadsheets, and email! No compromise on that!

If I have specialized software for my line of business, you better believe there are some big-time license fees to run that stuff. But, without it, I can’t produce what my customers want. Honestly, security is important to me, you saw how many “verys” I used up there, but I have to first allocate money for what’s core to my business.

But I’m almost to security in my line-items. Let me first cover printing costs, VoIP services, Internet connections, and a new box fan for my server closet. As long as we keep the fans on and the door open, the servers won’t overheat. That’s a good feeling to have, the feeling you get when you know the servers won’t overheat.

Now that I’m ready to buy some security, please don’t bring up the issue of locks on the doors. I can lock the outside doors, but if I lock the door to the server closet, we’re finished as a going concern.

Looking at the budget, there’s not a lot, so maybe I should get the most important piece of security gear and hope it does most of the work I need it to do. I’ll get a firewall and pay for that annual license/maintenance.

Then there’s an antivirus program that’s only $21.95 per workstation when I buy in bulk, I’ll get that. I don’t know if it’s any good, but it’s at least something.

I need to buy a backup and recovery solution, so that’s going to set me back a bit.

I also have to pay for spam filtering and DDoS protection through my ISP, or I get shut down by spammers and/or DDoSers. This expenditure, in fact, should have come before the backup and recovery.

When I ask the guy that comes in twice a week after lunch to do my IT about what else I should get, he’s got a long list of cool stuff. But when I look at the prices he quotes for them, I have to shake my head. I really can’t afford to spend thousands on a big piece of hardware like a proxy server or an IPS. Maybe if I saved up, I could, but I can’t spend that kind of money right now. And don’t even talk to me about IP protection or UEBA or other big systems like that, there’s no way I can buy one of those solutions.

The thing is, security is a matter of maybe I’ll lose my business if I don’t have it. The other things are a matter of I *WILL* lose my business if I don’t have them. Will beats maybe, every time. That good feeling I have about the servers not overheating is countered by the worry I have that one day, maybe tomorrow, I’m the next small business that gets hit with something that the firewall, antivirus, and/or antispam-antiDDoS can’t deal with. But that’s a maybe, a roll of the dice.

Eventually, I learn to live with “maybe” and I just focus on running my business, the best I can.

And if all my PCs, unbeknownst to me, are secretly mining bitcoins for North Korea or participating in Mafia-run botnets, it’s no concern to me as long as I keep in business. What I don’t know doesn’t impact my bottom line.

I’m not being callow or flippant about wanting to emphasize security but simply not having the budget for it. That’s a reality. And if I get to where the “maybe” doesn’t nag at me anymore, then I can live with myself and my decisions.

I just took off my manager/owner hat and read that over. It does make sense to me. As a security person, I see all the breaches and crashes and outbreaks. But I don’t see that, for most people, these are only rumors, things that happen to someone else. Daily bashing away at firewalls, constant spam and DDoS, legacy malware trying to infect your PC like it’s 1999, those are the constants that happen to everyone. Businesses must protect against them. The other stuff, though, that’s in the realm of “maybe” and that’s not a strong enough case to justify a major expenditure, particularly one that could cut deep into the profitability of a firm.