Category Archives: Ze Rest of Ze Ztuffm

Ten Years On…

It’s been 10 years since I left teaching and came back to IT. While I still miss working with kids, in no way at all do I miss dealing with mismanagement and panic-level attentions to testing. And while I don’t have vacation like I used to, I do get to work from home. In a word, I’m happy.

I’m always thankful for the lives I’ve had connect with mine. Those are riches beyond measure. But I’m also thankful for the ability to walk away from a situation that was heading into the weeds, reboot myself, and head towards something that was so much better for me. I’ve had employer changes in the last 10 years, but I’ve stayed much longer at each employer than I did in my first run in IT. When I was doing this from 1995-2002, I had 5 employers in those 7 years, with varying levels of happiness and security with each. This time around, I’ve had 3 employers and am very happy where I am, and security in my role is something I have control over to a great extent.

What does the future hold for me? Probably more IT. 🙂

Cat O’Clock

Wake up, it’s cat o’clock
The worried, hurried wee beastie finds calm comfort in the crook of the cave
Under your sheet
The purr under the whirr of the fan tells you the predictability of the cat’s next move
Has increased a hundred-fold
As it unsurprisingly curls up inside the cavity made by your own curl

And then, at ten past cat, it’s time to get moving again
Until you make the mistake of sitting up to see human time and offer up a lap,
a trap
For that is now where the wee lion sits triumphantly for eternity
And you, the conquered lap, dare not move or even shift position,
Save to lift up the cover where there’s a bit of sick,
a hairball
to come out in the wash
to be done
in the day ahead,
around two hundred past cat
when it deigns give thee freedom again
as it seeks its prey
in the food dish
you’re about to fill
on reduced sleep
because you awoke
at cat o’clock
to offer a place
quiet and calm
beneath the sheets
so the wee beastie wouldn’t climb up the headboard
to inflict DEATH FROM ABOVE
in an unwelcome shower of fur and claw
right
on
your
HEAD

No, it’s better this way –
Waking up early to share a tame time with a tiny tiger,
The slight purr my ample compensation as the clock reaches cat-thirty

The sun finally rises –
The cat shifts a bit
Yawns at the upstart star
Then does a bit of backside licking,
Jealous of all the millennia we’ve wasted on worshipping some dumb old sun when
CATS are
right
here
now
and are desirous of the supplications we offer in the form of steady laps
and tunafish

The trick is to never completely want the cat to stay there,
Because in that precise moment,
A scratch afflicts the thighs where lithe legs leapt away,
cat o’clock over and done ’till another day –
Or whenever you sit down to do some work

Cat o’clock is forever and never, foolish human!
Why tell time by the dumb old sun, it’s boring!
Yawn in rebellion and lick your feet in freedom!
And then put some food in the dish, that the indoor hunt may begin and end

But for now, it’s cat-forty-five and I’m mostly happy with my lot,
With the purrer perched atop my pelvis…
I’ve got things to do,
so
of course,
I won’t be able to do them until I don’t want to do them
and cat o’clock yields to another hour my boss recognizes

Another yawn assures me I’m doing the right thing

I fall in love all over again

And then suddenly, it’s the miaow of doom
And I have to do something about that empty food bowl, chop chop!

One Eternal Round

“Happy New Year” – once upon a time, we all waited for March 25th to say that. Before that, Christmas Day was used as a new year’s day. In England and its empire, it wasn’t until 1752 that New Year’s Day was fixed on January first by an act of Parliament. Should you travel to other parts of the world, you will see different days chosen for a New Year’s Day. But one thing is clear, we humans appreciate cycles of time, and that reveals our connection to Heavenly Father.

“The course of the Lord is one eternal round.” That phrase is unique to scriptures in The Church of Jesus Christ of Latter-day Saints, and it occurs five times in our scriptures. The first record of it is in Doctrine and Covenants section 3, as Heavenly Father counseled Joseph after the loss of the first 116 pages of the Book of Mormon translation.

1 The works, and the designs, and the purposes of God cannot be frustrated, neither can they come to naught.
2 For God doth not walk in crooked paths, neither doth he turn to the right hand nor to the left, neither doth he vary from that which he hath said, therefore his paths are straight, and his course is one eternal round.

We next see it in 1 Nephi 10, as Nephi reckons with the prophecies of his father:

17 And it came to pass after I, Nephi, having heard all the words of my father, concerning the things which he saw in a vision, and also the things which he spake by the power of the Holy Ghost, which power he received by faith on the Son of God—and the Son of God was the Messiah who should come—I, Nephi, was desirous also that I might see, and hear, and know of these things, by the power of the Holy Ghost, which is the gift of God unto all those who diligently seek him, as well in times of old as in the time that he should manifest himself unto the children of men.
18 For he is the same yesterday, today, and forever; and the way is prepared for all men from the foundation of the world, if it so be that they repent and come unto him.
19 For he that diligently seeketh shall find; and the mysteries of God shall be unfolded unto them, by the power of the Holy Ghost, as well in these times as in times of old, and as well in times of old as in times to come; wherefore, the course of the Lord is one eternal round.

Alma has two references: Chapter 7, as Alma speaks to the righteous people of Gideon about the coming of Jesus Christ, the Savior:

19 For I perceive that ye are in the paths of righteousness; I perceive that ye are in the path which leads to the kingdom of God; yea, I perceive that ye are making his paths straight.
20 I perceive that it has been made known unto you, by the testimony of his word, that he cannot walk in crooked paths; neither doth he vary from that which he hath said; neither hath he a shadow of turning from the right to the left, or from that which is right to that which is wrong; therefore, his course is one eternal round.

In Alma 37, it appears in Alma’s counsel to his son Helaman, as he entrusts the sacred records to him. Alma asks the question, “why were these records preserved?” and answers with:

12 And it may suffice if I only say they are preserved for a wise purpose, which purpose is known unto God; for he doth counsel in wisdom over all his works, and his paths are straight, and his course is one eternal round.

Our last reference came in December of 1830, in a revelation about how the work of the Lord was to be done:

1 Listen to the voice of the Lord your God, even Alpha and Omega, the beginning and the end, whose course is one eternal round, the same today as yesterday, and forever.
2 I am Jesus Christ, the Son of God, who was crucified for the sins of the world, even as many as will believe on my name, that they may become the sons of God, even one in me as I am one in the Father, as the Father is one in me, that we may be one.

In the Book of Abraham, we read of the governing cycles of the stars, how one rules above the other until we come to the cycle of the star closest to Heavenly Father. And as we take in the vastness of the universe, we must also see the grand rotations and revolutions of things going around each other and spinning on their centers. The spiral arms of our galaxy make their ways around the great gravitational center – our own sun is part of that celestial procession. Planets orbit their stars, moons their planets, and with them, seasons and events occur with regularity.

And if we are to be one with the Father, that means making our course into one eternal round, making a straight, eternal path and not straying from it. We may think of a straight path as one that goes out forever in a certain direction, never to return. But the curves of time and space mean that the straight path will come back to its starting point at the end of time. And what then? It is the eternal round, so there is no stopping on the path: time begins again, and the cycles of the stars begin anew even as creation regenerates itself. Think on that – we are asked to be good people willing to do service for one another in order to prepare us for participating in those grand eternal rounds of creation. If we do not volunteer for service here, if we do not minister actively to each other here, if we do not let our hearts be moved with godly compassion here, of what use are we on the great eternal rounds of the Heavenly Family we aspire to join?

We dwell in untruth if we think that great changes in life are needed only for the demons and devils among us. Great changes are also needed among us, the average sinners that constitute the myriads of human people, the children of our Heavenly Father. He knows us, each of us, and knows when we are striving to be one with Him in doing His work and when we are making up frail excuses to simply watch the world go ’round as others build up the Kingdom of Zion. “Happy New Year” to us in this church is something of a commandment – to make the new year a happy one through our willingness not just to show up at church events, but to make the days of our lives religious events as we tend to the needs of ourselves and others in building faith, repenting, making covenants, keeping covenants, preaching the gospel, redeeming the dead, strengthening the saints, and to serve the poor and needy. Those are the works, designs, and purposes of God. As we do them, we are fulfilling the prophecy that they cannot be frustrated and cannot come to naught. As we do them, we come out of our crooked paths, and make straight our way. As we do them, we become one with Heavenly Father, and make our course one eternal round. Happy New Year, go forth and make it one!

And that brings us to the matter of resolutions. Resolutions are typically a matter of making one’s self better. Let me suggest adding a resolution to better the self by bettering the world around the self. Heavenly Father has one aim, His eternal round of bringing to pass the immortality and eternal life of his children. What can we do to join him in that eternal round? Whatever it is, let us resolve to do it!

More important than using inanimate tools to acquire more inanimate things for ourselves would be to use our thoughts, prayers, words, and actions to reach out to, connect to, discuss with, work with living brothers and sisters in the spirit of what Jesus Christ taught us to do with his life and work. We should frame our resolutions in light of how accomplishing them helps us to build up the Kingdom of Zion, to put ourselves in the same order as the planets and the stars, proceeding forward in the eternal round of God’s work. If we resolve to be more fit – let it be that we might live longer to do more of God’s work, starting now. If we resolve to be more financially ordered – let it be that we might be more able to give of what we have to aiding the poor among us. Put a celestial aim at the end of each resolution, make it something greater than the self, and in pursuing the larger goal, the smaller one will fall into place.

Like babies learning how to walk, we often stumble as we try to follow in the footsteps of Heavenly Father and Jesus Christ. But they do not scold us and tell us to give it up, to make way for someone with better talents. They tell us to get up, be proud of the progress we’ve made, and to keep trying, to never give up. This life is for us to learn how to live not by our own rules, but in harmony with the rules of love, compassion, peace, hope, faith, and charity. The commandments are not harsh rules made to set us up for failure. They are important instructions about how to survive, how to keep our souls intact, given to us by a loving heavenly parent who sees what future is in front of us. If we forget to keep them or willfully disobey, that same, loving, heavenly parent is ready to forgive us if we become truly sorry for what we did wrong so that we walk more carefully, that we turn neither to the left or the right, but keep the straight path of the eternal round.

The work and designs of God will not be frustrated – so let us move in harmony with them. When we diligently seek the path to follow, we will find it – so let us study prayerfully the way to go with our lives. The more we trust in Jesus Christ, the more sure our steps on His path. There is great wisdom in noting the cycles of time we exist in and in making them sacred. We sanctify our weeks with the Sabbath Day: we sanctify our hours with prayers. We can sanctify our months with tithing and acts of service and temple attendance. We can sanctify our years with righteous resolutions. We can sanctify our minutes and seconds with acts of service and words of kindness. We can sanctify our decades with steady friendships and long-lasting forgiveness. In doing all those, we hallow out our lives that we spend on a spinning globe with a moon going around it as we travel around a sun that proceeds around the center of the galaxy that itself is bound on a path ordered by Heavenly Father, whose course is one eternal round. The cycles of time remind us all of who we are, children of a Father who wants us one day to be able to do the same as He has done, so let us rejoice in knowing who we are and what we should do with our time in each new year that comes to us, by the grace of our loving Heavenly Father.

COVID-19 in 2022

I came home from travel a few days ago. I was feeling pretty sick and though I had credited the sniffles I had to allergies, a slight fever I’d had the night before made me think it was possibly a bad cold, potentially the flu. But my wife told me to take a COVID test and it came back positive. So I got COVID-19 in 2022.

The strange thing is that this run of COVID is very much like a sickness I had back in March of 2020, but tested negative for COVID then. So did that test in 2020 have a false positive? Did I have a strain that the test then couldn’t detect? Was it all part of a massive government disinformation plot? Whoa, there… that last one is a bit of a jump, isn’t it? Probably a false positive or a strain we didn’t know how to check for.

As it was, the onset of my illness in March of 2020 was brutal. For me, it hit hardest in my GI system. After that, I had congestion develop and a shallow, dry, annoying cough if I spoke too much. I felt tired and had dizzyness.

September 2022 saw me with symptoms that came on much more mutedly – thankful for that – but still echo what I had in March of 2020. I had some GI trouble, but nothing as dramatic as March 2020. Everything else is pretty much the same.

I had no vaccinations in 2020. In 2022, I had had a full set of initial vaccinations plus two boosters, with the last one in April, about five months ago. But the vaccinations themselves aren’t as effective in preventing the current strains, although I’m happy to credit them for making those initial symptoms less severe. Very happy for that. I’ve got no shortness of breath or other indicators of something more severe happening, and I’m very thankful for that, as well.

There’s a line from a Marx Brothers movie in which Groucho plays a doctor. Someone questions his experience and Groucho declares he was involved in the influenza epidemic. When his detractor asked what he did, Groucho said, “I got the flu!” Well, along the same lines, I was involved in the COVID pandemic… I got COVID. 🙂 For me, it’s nothing serious in terms of symptoms, but it’s also something to keep an eye on. It’s a new disease and there is still much to learn about it. In my case, it’s mild enough to treat with OTC medications and I’m fine with that. I’m hopeful that I’ll be able to go out and about some time next week. Until then, I keep an eye on my work email and the other eye on a game, YouTube, or a streamed show.

Flight Safety

I have to fly to and from my home office pretty regularly. Being a tall guy, I like seats with extra legroom so I don’t get crushed into tiny pieces. Those seats are either in the front of coach or on the exit row seats. I like to get aisle or window before I take a middle seat and overall, I favor the forward seats.

I also walk with a cane because I have balance issues on uneven ground or if I stand in an area for a long period of time, like over 15 minutes of standing in a go will be really hard on me. I can walk quickly and have no issues lifting or doing short bursts of high activity in a small space, such as if, oh I don’t know… had to assist in an exit row.

So one day, I’m going to sit in an exit row because the window seat was there and not further forward. The gate attendant notices that I’m in an exit row and I have a cane. He jumps to an assumption and questions if I can properly handle exit row duties. I assured him that I could, but he was still on the fence about it. He shrugged it off finally and left it a matter for the flight attendants to adjudicate.

That made me want to know more about how exit rows work.

That led to a search for any documentation on airplane evacuations and, surprisingly, there is hardly anything on the subject. What there is gave me a fascinating read: https://www.ntsb.gov/safety/safety-studies/Documents/SS0001.pdf

Critical to exit row functionality is the ability to judge whether or not a running engine, fire, or debris makes the exit safe. Right up with that is the ability to follow instructions from the flight attendants on whether it is a debarkation – where all passengers leave via the front and rear exits – or an evacuation, where wing exits are involved. Flight attendants are also supposed to be in communication with the flight crew so that they can coordinate the safest debarkation or evacuation possible. Neither of these criteria are assessed or enforced. There was one incident, for example, where 5 of the 6 persons in an exit row were either too frail to operate the door – they were over 70 – and another three did not speak English well, which was the language the flight attendants were using to direct the evacuation.

Instead, the primary aim in filling those seats is monetary, for the airline. The seats cost more and those who buy them are placing their comfort above other concerns. I confess that I buy them with comfort in mind, but always with the intention to fully discharge my duties as an observant exit row passenger. Now that I’ve read the linked document, I feel even more prepared and committed to my future as a conscientious exit row passenger.

But there’s still that monetary matter. Seats have shrunk over the years and there have been little or no studies of the impact of tightly-packed seats and narrower aisles on safety. We have opinions from the NTSB and FAA OIG that studies are needed and that they suspect passengers and crew are less safe with denser seating in play. Safety tests on these planes we fly were often done long ago and with fewer occupants and wider arrangements than what we have now. We need to know if we are now less safe because of decisions made to change the plane configuration without testing it. I have to ask, where’s the priority, here, money or safety?

Flight crew safety is another matter – sometimes, those planes are being delayed because the captain and his crew are trying to get something to eat. First class eats better than the flight crew. They get worked to the maximum on their shifts and permitted rest breaks as law and regulation demand. I wish it was otherwise. Something in me wants a fresher, better rested crew in charge of putting me into the air and back on the ground safely.

Putting the money issue back into play, alcohol is freely served to exit row passengers. Some expect it because a complimentary alcoholic beverage goes with the seat class. There have been exit row passengers who consume enough alcohol to the impairment of their ability to clearly reason, and yet, there they are, with passenger safety in their hands. I’m not comfortable with that. Personally, I do not drink alcohol, so I feel even more strongly about my capability to function in an emergency as an exit row passenger.

Which means, next time a gate attendant looks at my cane and questions my exit row assignment, I’ll be able to plainly lay out my case. I won’t need to be difficult or preachy about it, just state my case plainly and honestly. Then I make the suggestion of having exit row passengers pledge to not consume alcohol and pass a limited language test in which they respond correctly to phrases such as “throw the door on the wing after you remove it.” If they’re really concerned with safety – and the man looking at my cane was concerned, and I commend him for that – they’ll add those to the visual scanning for physical capability. They’ll also add a verbal briefing from the flight crew on operating the exits, as that makes the exit row passengers better-off at handling emergencies. If they’re not concerned with safety, then there’s no need to apply any sort of discriminatory test to passengers in the economy plus seats that happen to be next to wing exits.

Myself, I can operate the exits better than ever before, now that I’ve read up on the topic. You want a passenger like me in your exit row, I can guarantee that.

On Toxic Workplaces

I just finished annual training that included a segment on how to not have an abusive workplace. Having worked in abusive workplaces before, it gave me pause to think.

The advocated response, “go to HR with your issues” is not one I’m 100% on board with. HR’s job is to protect the company, not you personally. Feel free to do so, but don’t expect it to save you from abuse.

You have a right to not be treated with abuse in your workplace, so when you find yourself in a toxic environment, don’t panic. Slow down your thinking and plan your exit. I have never seen anyone fired for being an abusive person: they are not going away, so you need to get moving to a new place where the abuser you know doesn’t work. Update your resume, start applying for new roles, and expect a few weeks to months of looking before you are free. In the meantime, you have power to take sick days, vacation, and to do the minimum for your job. Save your best efforts for a non-toxic environment that will appreciate them.

If you contact HR, let them know that you plan to leave because of the toxic environment. If they’re worried about legal blowback, they won’t fire you and they may very well transfer you to another group. If you get the transfer, you are lucky in that you now have a quieter place to work until you get the new job. You’re still a marked person at that firm and your career is at an end there.

DO NOT POST COMMENTS ABOUT YOUR EMPLOYER ON LINKEDIN. There are software tools that can flag comments for potential bad PR and that move will just make that toxic environment even more so. I don’t have my employment connected to my FB, so I’ll post here about that sort of thing. My current employer is great and I really love the culture there. I know of many other places to work that have a strong, supportive, and inviting culture where people really do work well together. I’ve seen the places and know they are out there. That’s the good news. If you’re not at one of those places yet, then keep looking, you’ll find one.

But if you’re currently at an abusive workplace, don’t blame yourself. Don’t believe in the myth of the personality conflict. It’s not up to you to make where you work a better place. It’s up to you to get out of the abuse and to a different place that has a chance of being better than the one you left.

Insecure Social Media, Russians, and US Elections

For social media companies, insecurity is an integral part of their business model. It’s all down to how they work. They want to sell advertising and their rates are determined by the popularity of the pages where the ads run. More popular pages means higher ad rates, so anything that boosts popularity also boosts revenue for the social media companies.

Of course, when accounts that are liking and following are found to be fraudulent, advertisers cry foul and demand a purging of those fake accounts and also a reduction in their ad rates. This creates an incentive for social media companies to obscure account ownership so that fake accounts are less likely to be discovered. There’s also an incentive to engage in clickfraud, but I’ll pass over that for now. Instead, I’d like to focus in on how those fraudulent accounts can do more than just hike up revenues.

The Russian intelligence agency Федеральная служба безопасности Российской Федерации (ФСБ) – FSB to English-speakers – has made use of misinformation and agitprop since it was the FSK, and before that the KGB, and before that the MGB, and before that the NKVD, and before that the NKGB, and before that the Cheka, and before that the Okhrana. One could say that misinformation and agitprop have been hobbies of Russian intelligence agencies for about 130 years. What is new for this age are the avenues available to the FSB to spread its poison messages.

Before social media concerns, Russians wishing to whip up extremist political movements and create internal discord in Western democracies had to buy their own presses and pay for their own mouthpieces, which could be quite expensive. If one of those were unmasked, then the expensive operation would be compromised and that expense and effort would go to waste.

But with FaceBook and Twitter and blogs, the FSB now has drastically reduced costs and much higher levels of cover. It’s Agitprop as a Service! Consider how easy it is to run multiple fake online accounts, compared to hiring multiple agents. These accounts generate interest and activity on social media, so they drive up ad rates – the firms that would be policing them in an authoritarian regime are protecting them in a capitalist system.

Even better for the FSB, the ability of extremist groups – particularly the far right – to sequester themselves from other news sources means that, once a message is injected into their media echo chambers, it will be repeated often enough so that, in the observation of Josef Goebbels, it will be held up as a truth. What shows up on RT.com will be tweeted and retweeted by FSB accounts active in far-right forums and will soon be heralded as non-fake news in outlets such as Fox, ZeroHedge, and Breitbart.

Back when ZeroHedge was more focused on the financial misdeeds of large banks in the wake of the Panic of 2008, I was an avid reader of stories posted there. But something changed over time, particularly in the run-up to the 2016 election in the USA. It went from examining financial issues as its primary focus and slid deep, really deep into pro-Trump positions with lots of posters on its boards echoing comments that could be classified as pro-Russian, anti-Semitic, racist, neo-fascist, and/or a combination of the previous.

The slide in bias was obvious to me. I’ve been a follower of non-corporate media since the 1980s, and I know the difference between an investigative journalism piece and a partisan propaganda paper. ZeroHedge had definitely lost a lot of the former and had gained a lot of the latter. As the onslaught of Russophilism, antisemitism, racism, and neofascism increased, I felt a need to get out of that news source and seek out alternatives. In so doing, I did a lot of searching. In those searches, I was stunned to see how many other outlets were parroting the sludge from ZeroHedge, like they were sheep from Animal Farm bleating out “four legs good, two legs better!”

From all this agitation in stirring up the far right, Russia knows it is destabilizing America. The heads of the FSB know that the American far right will prove Pushkin right at every turn: it will reject ten thousand truths in order to cling to the lie that justifies itself. This is how I know Judge Moore is highly likely to win the Senate election in Alabama. The Russian Twitter choir is singing his praises and millions of far-right users of social media are echoing those sentiments, actively and belligerently.

Judge Moore, of course, is a hand grenade being lobbed directly at the US Senate. The man has shown a pattern of serial sexual predation against minors. If he wasn’t running as a Republican for the Senate, he’d be the focus of a true crime show right now. Russian tweets and far right echoes claim falsely that his accusers have either forged evidence against him or recanted their claims. Those lies allow his supporters to push hard for his election. If Moore is elected, it will roil the Senate as many senators will demand that he not be seated and that Alabama send a different favorite son to the Capitol. Each house of Congress can do just that, accept or reject the people sent to it – and Moore is ripe for rejection.

If Moore is rejected, it will split the Republican party even deeper. The Republicans are already incapable of putting together a coherent legislative agenda. With a Moore rejection, it will be practically open war between the different halves of the Republican party.

If Moore is not rejected, it will split the Republican party even deeper, but in a different way. Instead of Moore’s supporters repeating Russian propaganda that they were robbed, it will be outraged moderates, unable to stomach being in the same political caucus as a sexual predator. Bear in mind that the stalking of multiple daughters of single women, all around the same age, all in roughly similar ways, is an actual pattern of sexual predation. We have documentation of this. We have multiple testimonies to this effect. This is a sexual predator that the Russians, through insecure social media, are helping to force down the GOP’s throat.

When we look back to what happened in Georgia and Estonia in the decade prior to 2016, we see exactly the same thing. We see the social media misinformation. We see the political manipulation of extremists. When we look at Ukraine after the USA toppled a pro-Russian government there, we see even Russia providing armed assistance to extremists there. That fact chills me, especially in light of how many on the far right hinted at taking up arms if Trump wasn’t elected in 2016.

I doubt if they actually would have taken up arms on their own, but if they were whipped up by their social media echo chamber and shipped a few thousand AK-15s, maybe they would cross over that tipping point. If that were to happen, I have no doubt that a US Army would crush that insurrection… and then spend decades dealing with low-level guerrilla warfare, all fueled by continued echoing of Russian lies in social media echo chambers.

While there is increasing agitation on the left in the form of the antifa movement, there just isn’t as much militancy in the American left, especially after the legacy of peaceful, antiwar protests. These are not minds that will have much fertile soil for violent rhetoric. They’re also more likely to turn out one of their own if he or she is found to have feet of clay. Witness their abandonment of big donors found to be serial sexual harassers. Witness their pressure on their own political caucus to resign from office, rather than persist in running for it or remaining in place.

No, the fertile ground is in the neofascist mind. The Russians make those pushes in Greece, in Germany, and in the USA. And while I find Steve Bannon to be more of an Austrofascist than a Nazi (the strong affinity for Catholicism is a dead giveaway for Austrofascists), I don’t think such fine details matter either to the Russians or to the minds the Russians poison every day with their lies.

So how do we solve this problem? The market won’t solve it. In fact, the free market will fan these flames because the business model of Twitter and other outlets is to spread misinformation if that means more ad revenue. But in a world of multiple email addresses, how do we limit a person to just one Twitter account? In a world of VPNs and tor exit nodes, how do we keep too many FSB-driven accounts from affecting social media? When these fake accounts actually started out years ago with softer agendas, and have loads of historical content, how do we build an algorithm that can identify a friend from a foe? Or a friend from a foe yet to reveal itself?

Hamilton 68 http://dashboard.securingdemocracy.org/ is a project that, instead of looking for the artillery shells of propaganda, seeks out the guns. While it does not claim to have discovered all sources of Russian disinformation on social media, it has found some significant signals amidst the noise. There’s some hope yet in the intel they are able to derive from extensive signals analysis. This is what any good intel agency does: read all the news to see where stories originated and how they are disseminated.

Right now, the Russian social media barrage is striving to elect Roy Moore to the US Senate. But, merely by getting the Republicans to cling to him like a piece of driftwood in a shipwreck, they’ve already demonstrated their control over that political faction. In the days and weeks to come, be certain that the Russians will continue to tug on that leash and the far right will follow every jerk and tug.

Insecure Social Media, Russians, and US Elections: Agitprop as a Service.

IT Network Managers: Give the Gift of Linux to Your Engineers

‘Tis the season and all that. I have a short holiday message to all the managers of Networks and Network Security: Give your engineers a Linux box this year, and they will have the merriest of Diwalis, Christmases, Hannukahs, and/or other Winter holidays, as appropriate.

Give this Linux box permission to log on to your network devices, install scripting tools on it, and send your engineers links to websites where there are network configuration scripts for the downloading. They will be responsible and won’t run scripts without testing them first on a switch or three in the lab. But they’ll be ever so happy to have these tools!

The real struggle will be to ensure that the Linux scripting box is under proper management. Secure it so it can only be accessed via a jump host that’s used to access most everything else on your network. That’s easily done. An even bigger struggle may be to introduce a server that’s used almost exclusively by the network and network security teams. This means possible exception documents to file, meetings with the server and/or VM managers about patching and maintenance routines your teams will need to be aware of, and other managerial things of that sort.

After all, isn’t that why managers are called managers? They… manage… resources for the good of the firm. That Linux scripting host is a major IT resource, get on out there and manage away until your charges have one!

There are many Linux distributions out there – ask your engineers which one they’d like if your firm hasn’t yet standardized on a distribution. Once the distribution issue is settled, be ready to fight battles over making sure your engineers have appropriate levels of access and so the Linux box itself will be able to have the access it needs to get its scripting job done.

And what a scripting job it *will* do! Multivendor-aware scripts! Version-aware scripts! Little or no expense on annual licensing! Happy engineers learning how to use scripts to do all their work faster and with fewer errors – and what errors do crop up, what do you want to wager they’ll be fixable via other scripts? I’d wager rather a lot, but it would be at low odds, because that’s how things are done, you know.

I’ve seen Linux scripting boxes do things that proprietary config management utilities have failed to deliver, and that’s a huge deal. Even if you already have a proprietary solution, this Linux scripting host is going to complement that proprietary solution and give you so much more flexibility. The business case is here, I just wrote it: copy and paste and modify as needed, that’s my $HOLIDAY gift to you, O Network Manager!

If you read this article on your own or if you got this forwarded to you by your direct reports, please make this holiday season one of the best your firm has ever seen. Take a look at the image below:

That’s what a network engineer looks like after he’s gotten the paperwork finished that authorizes a Linux scripting host for his team to use. He’s so happy now that he knows that the configurations on those switches and routers and firewalls and all kinds of gear are going to be standardized and, hence, more secure. Why, he could even write a script to parse for unauthorized changes… his joy knows no bounds.

Be that manager this year. Be the person forever remembered as the manager who gave the gift of Linux.

Invasive Species and Security

I just read an article about how invasive species are presenting severe threats to the wildlife in the national parks here in the USA. It’s not just a problem in the USA: regions around the world have to face the consequences of a more interconnected world when those connections bring in a non-native species that begins to take over the environment, destroying delicate ecosystems in the process.

Of course, my thoughts made a connection to IT security. So, I’m going to write about my thoughts. 🙂

What makes an invasive species so invasive and dominant is that it doesn’t have a natural predator in the new region, so it is able to reproduce and consume resources without limit, until the land can’t support them any more. But, at that point, they’re pretty much dominant in that region. If a natural predator of that species is brought in, it could wind up being invasive in and of itself, wiping out other species that were already threatened by that first invasive species.

In IT, we have systems that are created and maintained to provide a particular level of service with a particular level of security. We expect those systems to maintain equilibrium – employees are typically told not to bring in other devices and IT staff have to comply with standardized purchasing and acquisition processes to bring in new gear, typically chosen carefully to work well with all the other systems.

An invasive species in IT is something, be it a hardware platform, a website, or piece of software that allows employees or other users of IT resources to evade security, go around processes, or even to create systems of their own that exist outside IT standards.

Once introduced, there’s no stopping these invasive IT elements without some drastic measures. Consider a scenario in which a company wants to improve productivity by blocking YouTube and Facebook on both employee and guest networks. Mobile devices become an invasive species, as employees bring those in and use LTE networks to access the prohibited material. If an employer wants to stop those mobile devices, it’s looking at introducing discipline for their users – which would destroy morale – or introducing cell phone signal jammers – which will destroy morale and possibly violate local laws.

While I’m aware that many would want to argue with the wisdom of blocking YouTube and Facebook, we can all agree that employees deciding to start using resources outside of IT’s control on a regular basis is an eventual trouble spot. What if there is a way to access company data in the cloud via those mobile devices? Then it’s possible for the data, now on those mobiles, to be shared outside the purview of any dlp software that exists on the company-managed laptops and desktops. It’s easier for the employees to share data – properly or improperly – and they’ll keep doing it. Is there a way to shut down cloud access to just company-owned devices? If so, does that then put a negative impact on the flow of business, overall? Does this introduce another layer of complexity, and will this new scheme be stable? Scalable? All the other questions we ask about the viability of a solution? Certainly, it’s an additional cost – is it worth it to implement, or does the company just abandon the cloud or DLP solutions altogether?

Abandon DLP? I’m sure some of the readers of that phrase would react with shock, horror, and disappointment. But, if we think like an executive, we have to ask the question, “Why should I pay for something that’s not able to get me what I want?”

When I was a high school teacher, I saw these invasive IT species all the time. I confess even to participating in their spread. I was a user, then, not part of IT security, so I had other concerns on my mind – getting my job done, for example.

We all had to use software purchased by the school district to provide class information. The software allowed for teachers to post links to online resources, contact information, class calendars, notes, and a discussion board. The software was also difficult to use and constantly crashed. I posted the bare minimum of information, never updated it, and ran a discussion board on my personal website that had some solid uptime numbers, if I say so myself. My students used it constantly and pretty much didn’t even look at the district system. After the district canned that system after 2 years and got another similar one that didn’t allow for teachers to port over their content from one to the other, that’s when the rest of the faculty revolted and either did the bare minimum, used an outside resource, or both.

My school district also blocked YouTube and Facebook. In the days before mobile devices, students using school-provided PCs would go for proxy buster sites. As fast as the district security could block one of those sites, another one would be discovered and quickly utilized. When I wanted to show a documentary on YouTube to my classes, it was much easier to go the route of the proxy buster than to submit the link weeks in advance for an official review. I knew the documentary on economics didn’t have any objectionable material in it, so I just went around the proxy server, just like everyone else did.

When the district just blocked YouTube on district networks, that’s when I brought in my personal PC, joined it to the unscreened guest wireless network, and plugged that into my display projector. Other teachers used their district-issued laptops, but connected them to mobile hotspots, making for the dreaded bridging between the Internet and office networks.

All along, I wasn’t trying to do anything evil. I was just wanting to get my job done. Any end-user facing a choice between finishing work or security is going to choose finishing work, and that can mean the introduction of an “invasive species” that gets adopted by many other users, once word gets out about how it lets them do their work.

Not all invasive species in IT are themselves IT. How many times have those annual security trainings been foiled by lists of answers for the test at the end of the training? Given a choice between paying attention to the training or just clicking through it while getting real work done, nearly all employees are going to click through with the sound off and then go CBBADECCAE for the test at the end, just like the answer list tells them to do. Jumble up the questions? Not a problem, as the list of letters is annotated with notes like, “Question about mouse hovering – C”. Jumble the answers? “Question about mouse hovering – different link revealed.” Give them an honesty affirmation at the start? That gets clicked through, too, if the pressure is high enough to get stuff done.

So how can we deal with invasive species? All I can think of are proactive measures. Make sure that the only way to interact with the corporate network is with a corporate device, be it through NAC or VPN, or both. For situations where employers want to control online activities of employees, perhaps the solution lies with human resources and one-on-one meetings instead of proxy servers and firewalls. When employees complain about how lack of IT response isn’t letting them get their jobs done, listen to them and respond to their satisfaction. Once those complaints stop, it’s too late – they’ve found the invasive species and your security posture is likely compromised, with a high chance it’s a severe compromise.

There are reasons why nations highly dependent upon agriculture will fumigate your checked bags before you’re allowed to collect them. They don’t want any invasive species. We can’t fumigate our employees, so we instead have to be sure that security policies and practices don’t create a need for an employee to introduce an invasive IT species.

Understanding Security: The Spy

First of all, let’s take a look at an actual spy:

That’s John Walker, who was a US Navy Warrant Officer from 1967 to 1985. 1985 was when the FBI found out he had a second career passing cryptographic information to the USSR. And you know what they say about moonlighting without telling your employer…

And you know what, he looks like one of us! This is not James Bond, not Austin Powers, not Jack Ryan, not any of those guys. This is the AIX guru that sits two cubicle rows over. One of us.

The difference between Walker here and a security guy is only in what information is gathered and who it is passed on to. That’s what a spy does, after all. All that Hollywood stuff is just that – make believe for the movies.

If you want a real spy movie that shows the security side of things, watch a 36-minute US Army training film from 1969 about counterintelligence work. It’s set in West Berlin and goes through the steps of gathering intelligence and then using that intelligence to develop operational plans. https://www.youtube.com/watch?v=E3hAUTGm1D8

I watched that short film and it totally clicked with me. The heroes of the film are guys that look like me and my co-workers, doing things me and my co-workers can do. Namely, gathering information and following up on leads. To be sure, the baddies, like Walker up there, also look like me and my co-workers… after all, it’s the admins that outsiders want to turn to working for them, right? But I digress. Gather information, follow leads, document everything, that’s us.

An important note in the film is that an intelligence operation in which information is passed up to a superior is a successful operation. Think about that. We may think what we have discovered may require immediate action, but it’s not always our call to make. We inform the decision makers and leave it at that.

For what it’s worth, the film underlines the importance in gathering information in such a way as to not alert the target – this helps me to deal with the urge to act immediately. Now, there are routine checks that we do for compliance and such, and I’m sure clever attackers will learn to avoid those patterns, but when we run a check and find something out of the ordinary, we report on the details and then coordinate with other groups to see what kind of follow-up is needed.

In current terms, coordination with other groups often means coordinating data from different systems. Putting all the data together helps to build a complete picture of activity. Packet captures, DNS traces, all that fun stuff – assemble it to show the whole story as far as we can tell. That’s what counterintelligence agents do… and what we do in security.

It’s pretty easy to take old-school information and translate it into updated ideas, especially since the core best practices and procedures remain the same. There are plenty of other training films out there to watch where you get to see how any person, with proper training and expectations, can do security work. You don’t have to be James Bond and you’re not fighting Dr. No. Everyone involved is human.

Thanks to these old training films, when I hear the word “spy”, I don’t think of James Bond. I think of me.